Max Gautier
c0e1211abe
etcd: enable v2 api only if needed ( #8001 )
...
* etcd: enable v2 api only if needed
Only enable v2 API if we have a consumer (flannel)
This reduce the exposed surface for etcd.
* Fix bad group name
2021-09-22 12:36:32 -07:00
Samuel Liu
274e06a48d
add etcd max snapshot and wals ( #7382 )
2021-03-18 16:48:36 -07:00
emiran-orange
7084d38767
Fix ETCD_CIPHER_SUITES shell var assignment ( #7002 )
2020-12-08 13:23:34 -08:00
Samuel Liu
cd7212453e
Add etcd tls cipher suites ( #7001 )
...
* Add etcd tls cipher suites
* yamllint
2020-12-07 18:13:10 -08:00
Dmitry Chusovitin
c09aabab0c
Remove executable bit from yaml and j2 files ( #6894 )
2020-11-29 20:18:48 -08:00
Sergey
c0fd5b2e84
remove variable 'etcd_ionice', because ionice removed from container image etcd:v3.4.x ( #6735 )
2020-09-23 12:34:05 -07:00
Florent Monbillard
bf8c8976dd
Upgrade etcd to 3.4.3 ( #5998 )
2020-07-20 07:26:51 -07:00
Andrew DeMaria
af1c93cdfc
Add option to expose metrics on separate port ( #6092 )
2020-05-10 12:21:51 -07:00
Jakub Husák
2beffe688a
Make etcdctl connect to localhost out of the box ( #5643 )
...
* Make etcdctl connect to localhost out of the box
* etcdctl envs: use admin-.pem instead of member-.pem
2020-03-06 02:05:23 -08:00
Stas
50bdaa573c
Apply etcd_extra_vars to etcd-events.env as well. ( #4219 )
...
This change ensures that etcd_extra_vars variable applies
to events etcd as well.
2019-05-02 12:24:27 -07:00
Andreas Krüger
38af93b60c
Remove rkt support ( #4671 )
2019-04-29 01:14:20 -07:00
Matthew Mosesohn
acbf3db233
Remove hard dependence on facts for all nodes ( #4304 )
...
* Remove hard dependence on facts for all nodes
* Update main.yaml
* Update main.yaml
2019-03-05 03:04:39 -08:00
Zohar Mamedov
af5e05d08d
etcd_log_package_levels for /etc/etcd.env ( #3700 )
2018-11-16 23:59:40 -08:00
Erwan Miran
2ab2f3a0a3
Ability to define SSL certificates duration and SSL key size ( #3482 )
...
* Ability to specify ssl certificate duration and ssl key size - etcd/secrets
* Ability to specify ssl certificate duration and ssl key size - helm/contiv + fix contiv missing copy certs generation script
2018-10-09 04:43:30 -07:00
k8s-ci-robot
6e7100f283
Merge pull request #3208 from mirwan/etcd_ha_doc_n_cleaning
...
Add documentation about having HA for etcd
2018-08-31 08:06:05 -07:00
Erwan Miran
82a28d6bb3
Add documentation about having HA for etcd
2018-08-31 14:40:25 +02:00
Antoine Legrand
da06c8e5a9
etcd UNSUPPORTED for all arch
2018-08-31 13:45:08 +02:00
Antoine Legrand
19268ded23
Fix some arm64 errors
2018-08-31 13:45:08 +02:00
Antoine Legrand
f67933d2ac
add ETCD_UNSUPPORTED_ARCH=arm64 flag
2018-08-31 13:45:08 +02:00
Vasilis Remmas
b61eb7d7f3
Add ETCD_QUOTA_BACKEND_BYTES environment variable
2018-08-24 12:17:34 +02:00
Sergey Bondarev
ce6854e726
add version to environment file
...
Trigger reboot handler when version upgrade during update script
2018-08-17 17:25:35 +03:00
Brad Beam
63a458063b
Adding missing rkt template for etcd-events
2018-06-06 10:43:30 -05:00
Andreas Krüger
e60a63ea51
Merge pull request #2577 from woopstar/etcd-fix-4
...
Makeover of etcd- and etcd-cluster setup.
2018-05-16 20:49:54 +02:00
woopstar
4c81cd2a71
Merge branch 'master' of https://github.com/kubernetes-incubator/kubespray into etcd-fix-4
2018-05-02 14:45:58 +02:00
Andreas Kruger
32a8ea8094
Fix wrong var used
2018-05-02 12:44:05 +02:00
ashon
fb465f8b4b
Use 'items()' for python compatibility
2018-05-01 16:55:50 +09:00
Spencer Smith
49c6bf8fa6
support custom env vars for etcd
2018-04-18 14:03:24 -04:00
woopstar
0df32b03ca
Update openssl.conf to count better and work with Jinja 2.9
2018-03-28 17:48:56 +02:00
Sergey Bondarev
4f7479d94d
add etc tunning options
...
https://coreos.com/etcd/docs/latest/tuning.html
etcd_snapshot_count
and
ionice priority
2018-03-26 17:25:51 +03:00
RongZhang
388b627f72
Enable OOM killing for etcd-events
...
Enable OOM killing like docker run etcd
2018-03-05 20:46:39 -06:00
Antoine Legrand
5cc77eb6fd
Merge pull request #2294 from Nowaker/patch-1
...
Enable OOM killing
2018-03-01 14:56:26 +01:00
RongZhang
67ffd8e923
Add etcd-events cluster for kube-apiserver ( #2385 )
...
Add etcd-events cluster for kube-apiserver
2018-03-01 11:39:14 +03:00
RongZhang
c0aad0a6d5
Fix install etcd by host service ( #2297 )
...
Fix bug issues #2289
2018-02-12 17:34:01 +01:00
Damian Nowak
f8a59446e8
Enable OOM killing
...
When etcd exceeds its memory limit, it becomes useless but keeps running.
We should let OOM killer kill etcd process in the container, so systemd can spot
the problem and restart etcd according to "Restart" setting in etcd.service unit file.
If OOME problem keep repeating, i.e. it happens every single restart,
systemd will eventually back off and stop restarting it anyway.
--restart=on-failure:5 in this file has no effect because memory allocation error
doesn't by itself cause the process to die
Related: https://github.com/kubernetes-incubator/kubespray/blob/master/roles/etcd/templates/etcd-docker.service.j2
This kind of reverts a change introduced in #1860 .
2018-02-09 11:00:13 -06:00
Antoine Legrand
fe57c13b51
Merge pull request #2172 from leseb/etcd-auth
...
etcd: ability to enable/disable ETCD_PEER_CLIENT_CERT_AUTH
2018-02-07 11:25:56 +01:00
Dmitri Rubinstein
331f141f63
Fix DNS entries in etcd's openssl.conf by adding a newline. ( #2208 )
...
DNS entries generated from 'etcd_cert_alt_names' variable in etcd's
openssl.conf are not terminated by a newline.
This fixes issue #2207 .
2018-01-30 16:26:58 +03:00
Sébastien Han
fa8a128e49
etcd: ability to enable/disable ETCD_PEER_CLIENT_CERT_AUTH
...
Some installation are failing to authenticate with peers due to
etcd picking up/resoling the wrong node.
By setting 'etcd_peer_client_auth' to "False" you can disable peer client cert
authentication.
Signed-off-by: Sébastien Han <seb@redhat.com>
2018-01-30 11:19:12 +01:00
Chad Swenson
c6e0fcea31
Merge pull request #1948 from sgmitchell/secured-etcd
...
Enable etcd secure client to prevent etcdctl access without cert and key
2018-01-25 09:35:51 -06:00
Matthew Mosesohn
1401286910
Add support for cert alt names for etcd ( #2139 )
...
* Add support for cert alt names for etcd
* Update gen_certs_vault.yml
2018-01-09 14:37:34 +03:00
Steve Mitchell
e45b30d033
Add etcd key and cert environment variables for use with client auth
2018-01-02 13:52:17 -05:00
Bogdan Dobrelya
8aafe64397
Defaults for apiserver_loadbalancer_domain_name ( #1993 )
...
* Defaults for apiserver_loadbalancer_domain_name
When loadbalancer_apiserver is defined, use the
apiserver_loadbalancer_domain_name with a given default value.
Fix unconsistencies for checking if apiserver_loadbalancer_domain_name
is defined AND using it with a default value provided at once.
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
* Define defaults for LB modes in common defaults
Adjust the defaults for apiserver_loadbalancer_domain_name and
loadbalancer_apiserver_localhost to come from a single source, which is
kubespray-defaults. Removes some confusion and simplefies the code.
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-11-23 16:15:48 +00:00
Matthew Mosesohn
acb63a57fa
Only limit etcd memory on small hosts ( #1860 )
...
Also disable oom killer on etcd
2017-10-25 10:25:15 +01:00
Matthew Mosesohn
514359e556
Improve etcd scale up ( #1846 )
...
Now adding unjoined members to existing etcd cluster
occurs one at a time so that the cluster does not
lose quorum.
2017-10-20 08:02:31 +01:00
Matthew Mosesohn
10dd049912
Revert "Security fixes for etcd ( #1778 )" ( #1786 )
...
This reverts commit 4209f1cbfd
.
2017-10-12 14:02:51 +01:00
Matthew Mosesohn
4209f1cbfd
Security fixes for etcd ( #1778 )
...
* Security fixes for etcd
* Use certs when querying etcd
2017-10-12 13:32:54 +01:00
Spencer Smith
f2db15873d
Merge pull request #1754 from ArchiFleKs/rkt-kubelet-fix
...
add hosts to rkt kubelet
2017-10-10 10:37:36 -04:00
ArchiFleKs
7c663de6c9
add /etc/hosts volume to rkt templates
2017-10-09 16:41:51 +02:00
Matthew Mosesohn
a56738324a
Move set_facts to kubespray-defaults defaults
...
These facts can be generated in defaults with a performance
boost.
Also cleaned up duplicate etcd var names.
2017-10-04 14:02:47 +01:00
Hassan Zamani
b23d81f825
Add etcd_blkio_weight var ( #1690 )
2017-09-25 12:20:24 +01:00
Brad Beam
8b151d12b9
Adding yamllinter to ci steps ( #1556 )
...
* Adding yaml linter to ci check
* Minor linting fixes from yamllint
* Changing CI to install python pkgs from requirements.txt
- adding in a secondary requirements.txt for tests
- moving yamllint to tests requirements
2017-08-24 12:09:52 +03:00