Commit graph

5687 commits

Author SHA1 Message Date
Hugo Blom
8682a57ea3
use image id instad of name (#7293) 2021-02-19 09:16:25 -08:00
Etienne Champetier
662a37ab4f
Fix "api is up" check (#7295)
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
2021-02-19 09:12:25 -08:00
Sergey
42947c9840
return the ability to update calico from 3.x.x version (#7290)
version check fixed
2021-02-17 00:07:06 -08:00
Etienne Champetier
3749729d5a
Remove calico-upgrade leftovers (#7282)
This is dead code since 28073c76ac

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
2021-02-16 11:24:58 -08:00
Etienne Champetier
fb8b075110
facts.yaml: reduce the number of setup calls by ~7x (#7286)
Before this commit, we were gathering:
1 !all
7 network
7 hardware

After we are gathering:
1 !all
1 network
1 hardware

ansible_distribution_major_version is gathered by '!all'

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
2021-02-16 09:34:58 -08:00
Etienne Champetier
1c5391dda7
Ensure kubeadm doesn't use proxy (#7275)
* Move proxy_env to kubespray-defaults/defaults

There is no reasons to use set_facts here

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>

* Ensure kubeadm doesn't use proxy

*_proxy variables might be present in the environment (/etc/environment, bash profile, ...)
When this is the case we end up with those proxy configuration in /etc/kubernetes/manifests/kube-*.yaml manifests

We cannot unset env variables, but kubeadm is nice enough to ignore empty vars
93d288e2a4/cmd/kubeadm/app/util/env.go (L27)

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
2021-02-16 08:44:58 -08:00
Hugo Blom
f2d10e9465
allow users to set image_uuid instead of name, this allows the use of openstack community images (#7283) 2021-02-16 07:05:06 -08:00
stress-t
796d3fb975
Improving PR 6473 (#7259) 2021-02-16 05:19:05 -08:00
Etienne Champetier
5c04bdd52b
Fixup cri-o metacopy mount options (#7287)
Ubuntu 18.04 crio package ships with 'mountopt = "nodev,metacopy=on"'
even if GA kernel is 4.15 (HWE Kernel can be more recent)

Fedora package ships without metacopy=on

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
2021-02-15 20:51:07 -08:00
Hugo Blom
17143dbc51
write openstack controller manifests with correct perms (#7284) 2021-02-15 00:53:05 -08:00
Hugo Blom
1c8bba36db
make sure worker rules is applied on workers (#7279) 2021-02-12 12:43:05 -08:00
Etienne Champetier
95b329b64d
bootstrap-os: match on os-release ID / VARIANT_ID (#7269)
This fixes deployment with CentOS 8 Streams and make detection more reliable

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
2021-02-11 08:14:16 -08:00
Etienne Champetier
de1d9df787
Only use stat get_checksum: yes when needed (#7270)
By default Ansible stat module compute checksum, list extended attributes and find mime type
To find all stat invocations that really use one of those:
git grep -F stat. | grep -vE 'stat.(islnk|exists|lnk_source|writeable)'

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
2021-02-10 05:36:59 -08:00
Cristian Calin
6450207713
add containerd.io to dpkg_selection (#7273)
`containerd.io` is the companion package of `docker-ce` and is the
proper package name. This is needed to avoid apt upgrade/dist-upgrade
from breaking kubernetes.
2021-02-10 04:48:59 -08:00
Florian Ruynat
edc4bb4a49
Update kube-ovn to 1.6.0 (#7240) 2021-02-10 02:25:01 -08:00
Sergey
a21ee33180
fix typo error in role ingress-nginx (#7272) 2021-02-09 07:53:13 -08:00
Takashi IIGUNI
bcaa31ae33
fix: Restart network doesn't work on Fedora CoreOS (#7271)
Running remove-node.yml tasks for clean up cluster on Fedora CoreOS.
The task failed to restart network daemon (task name: "reset | Restart network").
Fedora CoreOS is essentially using NetworkManager, but this task returns network.

Signed-off-by: Takashi IIGUNI <iiguni.tks@gmail.com>
2021-02-09 06:35:04 -08:00
David Louks
0cc1726781
Remove deletion of coredns deployment. (#7211)
* Add unique annotation on coredns deployment and only remove existing deployment if annotation is missing.

* Ignore errors when gathering coredns deployment details to handle case where it doesn't exist yet

* Remove run_once, deletegate_to and add to when statement
2021-02-09 06:02:40 -08:00
David Louks
aad78840a0
Updated etcd cert check tasks to detect when new cert gen is required (#7219)
* Added force_etcd_cert_refresh var to maintain existing functionality. Broke out etcd node cert syncing from member and admin cert sync logic. Now first etcd will sync node certs to other etcd members on every run to keep all etcds up to date after adding additional worker nodes to the cluster

* Updated etcd cert check tasks to better detect when new certificates need to be generated

* Move usage of force_etcd_cert_refresh var to gen_certs fact set

* Force etcd cert generation per server if force_etcd_cert_refresh is set to true

* Include gathering of node certs even if k8s-cluster member and in etcd group.

* Removed run_once due to when statement
2021-02-09 01:53:22 -08:00
Vyacheslav
e3ab665e90
Update main.yml (#7267)
````
TASK [bootstrap-os : Enable RHEL 8 repos] ***************************************************************************************************************************************************************************************************
fatal: [node6]: FAILED! => {"changed": false, "msg": "This system has no repositories available through subscriptions"}
fatal: [node7]: FAILED! => {"changed": false, "msg": "This system has no repositories available through subscriptions"}
fatal: [node1]: FAILED! => {"changed": false, "msg": "This system has no repositories available through subscriptions"}


root@node1:/kubespray# cat /etc/os-release
NAME="Ubuntu"
VERSION="18.04.5 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.5 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic
root@node1:/kubespray#
```
2021-02-08 10:25:37 -08:00
Geonju Kim
1a91792e7c
Change the owner of /etc/crictl.yaml to root (#7254) 2021-02-05 09:28:53 -08:00
Mathieu Parent
670c37b428
Update Helm version to 3.5.2 (#7248)
Helm v3.5.2 is a security (patch) release. Users are strongly
recommended to update to this release. It fixes two security issues in
upstream dependencies and one security issue in the Helm codebase.

See https://github.com/helm/helm/releases/tag/v3.5.2
2021-02-05 08:16:52 -08:00
Arian van Putten
040dacd5cd
roles/docker: Make repokey fingerprint overrideable (#7247)
This makes the docker role work the same as the containerd role.
Being able to override this is needed when you have your own debian
repository. E.g. when performing an airgapped installation
2021-02-05 07:44:52 -08:00
Maciej
59541de437
Vagrantfile: always recreate inventory symlink (#7245)
Fixes 7244

Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
2021-02-05 00:50:52 -08:00
petruha
fc8551bcba
Run containerd related tasks on OracleLinux. (#7250) 2021-02-05 00:46:52 -08:00
Matt Calvert
c2c97c36bc Add in tests for Calico with dual-stack networking 2021-02-05 00:04:52 -08:00
Matt Calvert
211fdde742 Add IPv6 libvirt details to the Vagrantfile 2021-02-05 00:04:52 -08:00
Matt Calvert
366cbb3e6f Ensure we gather IPv6 facts 2021-02-05 00:04:52 -08:00
Matt Calvert
a318624fad Auto-add IPv6DualStack featureGate
When enable_dual_stack_networks is set, we need to make sure
IPv6DualStack=true is set too, otherwise we end up with
a broken cluster.
2021-02-05 00:04:52 -08:00
Matt Calvert
3cf5981146 Switch to use upstream kube_feature_gates logic 2021-02-05 00:04:52 -08:00
Matt Calvert
4cc065e66d Changes to support Dual Stack networking 2021-02-05 00:04:52 -08:00
Florian Ruynat
ba731ed145
Update docker packages to 19.03.15 and 20.10.3 (#7243) 2021-02-04 13:20:53 -08:00
Cristian Klein
b77460ec34
contrib/terraform/exoscale: Rework SSH public keys (#7242)
* contrib/terraform/exoscale: Rework SSH public keys

Exoscale has a few limitations with `exoscale_ssh_keypair` resources.
Creating several clusters with these scripts may lead to an error like:

```
Error: API error ParamError 431 (InvalidParameterValueException 4350): The key pair "lj-sc-ssh-key" already has this fingerprint
```

This patch reworks handling of SSH public keys. Specifically, we rely on
the more cloud-agnostic way of configuring SSH public keys via
`cloud-init`.

* contrib/terraform/exoscale: terraform fmt

* contrib/terraform/exoscale: Add terraform validate

* contrib/terraform/exoscale: Inline public SSH keys

The Terraform scripts need to install some SSH key, so that Kubespray
(i.e., the "Ansible part") can take over. Initially, we pointed the
Terraform scripts to `~/.ssh/id_rsa.pub`. This proved to be suboptimal:
Operators sharing responbility for a cluster risk unnecessarily replacing resources.

Therefore, it has been determined that it's best to inline the public
SSH keys. The chosen variable `ssh_public_keys` provides some uniformity
with `contrib/azurerm`.

* Fix Terraform Exoscale test

* Fix Terraform 0.14 test
2021-02-03 07:32:28 -08:00
forselli-stratio
88bee6c68e
Fix ansible calico route reflector tasks in calico role (#7224)
* Fix calico-rr tasks

* revert stdin only when it's already a string
2021-02-03 07:22:29 -08:00
Sebastian Schmid
1f84d6344b
local-path-provisioner change default version to v0.0.19 and update config template (#7238)
* update local-path-storage config template to version v0.0.19

* changes local_path_provisioner image tag to v0.0.19

* removes copy paste example from rancher local-path-provisioner repo
2021-02-03 06:50:28 -08:00
Kenichi Omichi
699fbd64ab
Move recover_control_plane/master to control-plane (#7236)
According to the following recommendation, this moves the directory
to control-plane:

The Kubernetes project is moving away from wording that is considered
offensive. A new working group WG Naming was created to track this work,
and the word "master" was declared as offensive. A proposal was formalized
for replacing the word "master" with "control plane".
2021-02-03 02:06:29 -08:00
Maciej
b42bf39fb7
MetalLB: bump to v0.9.5 (#7241)
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
2021-02-03 01:02:28 -08:00
Lennart Jern
5368d51d63
Mention docker image in readme (#7239) 2021-02-02 09:16:28 -08:00
Kenichi Omichi
c5db012c9a
Move kubernetes/master to kubernetes/control-plane (#7218)
This is a small step to replace "master" with "control-plane" in
Kubespray project.
2021-02-01 07:15:49 -08:00
Sander Cornelissen
b70d986bfa
Ensure when use_oracle_public_repo is set to false the public Oracle Linux yum repos are not set (#7228) 2021-01-29 03:59:41 -08:00
Felix Breuer
973628fc1b
FIX: Bastion undefined variable (#7227)
Fixes the following error when using Bastion Node with the sample config.
```
fatal: [bastion]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'bastion'\n\nThe error appears to be in '/home/felix/inovex/kubespray/roles/bastion-ssh-config/tasks/main.yml': line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n---\n- name: set bastion host IP\n  ^ here\n"}
```
2021-01-28 10:07:37 -08:00
Robin Elfrink
91fea7c956
Fix unintended SIGPIPEs. (#7214) 2021-01-27 01:07:40 -08:00
David Louks
d378d789cf
Add retries to drain during upgrade. Allow leaving nodes cordoned after drain failure. Allow continuing upgrade if drain fails. (#7206) 2021-01-26 11:10:31 -08:00
Florian Ruynat
9007d6621a
Update nginx, minor weave and misc CI tools (vagrant/terraform) (#7215) 2021-01-26 08:22:34 -08:00
Ryler Hockenbury
774ec49396
Update azure cloud config (#7208)
* Allow configureable vni and port for flannel overlay

* additional options for azure cloud config
2021-01-26 07:24:35 -08:00
Jorik Jonker
bba55faae8
calico: fix NetworkManager check (#7169)
Previous check for presence of NM assumed "systemctl show
NetworkManager" would exit with a nonzero status code, which seems not
the case anymore with recent Flatcar Container Linux.

This new check also checks the activeness of network manager, as
`is-active` implies presence.

Signed-off-by Jorik Jonker <jorik@kippendief.biz>
2021-01-25 23:52:34 -08:00
Etienne Champetier
8f2b0772f9
containerd,docker: stop installing extras repo on CentOS/RHEL (#7203)
This was introduced in 143e2272ff
Extra repo is enabled by default in CentOS, and is not the right repo for EL8
Instead of adding a CentOS repo to RHEL, enable the needed RHEL repos with rhsm_repository

For RHEL 7, we need the "extras" repo for container-selinux
For RHEL 8, we need the "appstream" repo for container-selinux, ipvsadm and socat

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2021-01-25 03:12:54 -08:00
Samuel Liu
1a409dc7ae
Add download bin tasks (#7131)
* Add downlaod bin tasks

* Add tags never and etcd

* yamllint
2021-01-22 20:41:39 -08:00
Fredrik Liv
404ea0270e
Added terraform support for Exoscale (#7141)
* Added terraform support for Exoscale

* Fixed markdown lint error on exoscale terraform
2021-01-22 20:37:39 -08:00
Florian Ruynat
ef939dee74
Add missing 'ingress-controller' tag to alb (#7204) 2021-01-22 19:11:39 -08:00