Commit graph

1614 commits

Author SHA1 Message Date
Erwan Miran
ca08614641 yamllint fix 2018-02-07 09:12:28 +01:00
rong.zhang
47adf4bce6 Disalbe install epel-release rpm on Centos/Redhat
1.Disalbe install epel-release rpm on Centos/Redhat
2.Use yum install epel-release
2018-02-07 14:58:50 +08:00
Brad Beam
7928cd20fb
Merge pull request #2037 from tiewei/contiv-etcd-split
Split contiv etcd and etcd-proxy into two daemonsets
2018-02-06 15:37:16 -06:00
Ryan Zenker
ad9049a49e baremetal tweaks
* allow installs to not have hostname overriden with fqdn from inventory
* calico-config no longer requires local as and will default to global
* when cloudprovider is not defined, use the inventory_hostname for cni-calico
* allow reset to not restart network (buggy nodes die with this cmd)
* default kube_override_hostname to inventory_hostname instead of ansible_hostname
2018-02-06 13:52:22 -05:00
Erwan Miran
b4e264251f JSON/YAML syntax fix 2018-02-06 17:17:10 +01:00
Erwan Miran
8006a6cd82 local_volumes_enabled replaced by local_volume_provisioner_enabled 2018-02-06 17:12:09 +01:00
Andreas Krüger
5cd6b0c753
Adding missing defaults for weave
The PR #2203 add's missing defaults for weave, but no signed CLA. So this PR fixes it.
2018-02-06 14:25:07 +01:00
Andreas Krüger
bb339265fc
Set default registry_enabled to false
In PR #2244 the `registry_enabled` is missing in defaults, causing a deployment to fail, if it is not set in k8s-cluster.yml
2018-02-06 14:17:06 +01:00
Antoine Legrand
bb4446e94c
Merge pull request #2226 from manics/supplemental-addresses
Enable additional addresses to be added to certificates
2018-02-06 13:51:54 +01:00
Antoine Legrand
d2102671cd
Merge pull request #2214 from woopstar/patch-3
Loadbalancer Apiserver Address is missing
2018-02-06 13:47:55 +01:00
Antoine Legrand
138e0c2301
Merge pull request #2250 from woopstar/weave-mtu-patch
Added option to set MTU on Weave
2018-02-06 12:13:54 +01:00
Antoine Legrand
37cfd289d8
Merge pull request #2248 from hswong3i/dashboard.yml.j2
Dashboard template should not suffix with .yml.j2
2018-02-06 11:25:02 +01:00
Antoine Legrand
9f3081580a
Merge pull request #2249 from hswong3i/kubedns-deploy.yml.j2
KubeDNS template should not suffix with .yml.j2
2018-02-06 11:24:19 +01:00
Antoine Legrand
a3248379db
Merge branch 'master' into local_volume_provisioner 2018-02-06 09:28:27 +01:00
Antoine Legrand
0774c8385c
Merge pull request #2244 from hswong3i/registry
Migrate Kubernetes v1.9.1 cluster/addons/registry to Kubespray
2018-02-06 09:20:48 +01:00
woopstar
b2d30d68e7 Rename CN for aggreator back. Add flags to apiserver when version is >= 1.9 2018-02-05 20:37:14 +01:00
woopstar
82d10b882c Added fixes from whereismyjetpack 2018-02-05 20:07:12 +01:00
Maxim Krasilnikov
95b8ac5f62 Added optional controller and scheduler extra args to kubeadm config (#2205) 2018-02-05 16:49:13 +03:00
woopstar
0b4168cad4 WIP. Adding metrics-server support for K8s version 1.9 2018-02-05 10:37:41 +01:00
woopstar
3289472e31 Added option to set MTU on Weave 2018-02-05 10:23:48 +01:00
Wong Hoi Sing Edison
4ad53339f6 KubeDNS template should not suffix with .yml.j2 2018-02-05 16:26:54 +08:00
Wong Hoi Sing Edison
a4d3da6a8e Dashboard template should not suffix with .yml.j2 2018-02-05 16:18:21 +08:00
Wong Hoi Sing Edison
7954ea2525 Migrate Kubernetes v1.9.1 cluster/addons/registry to Kubespray 2018-02-05 12:21:09 +08:00
Chad Swenson
bd1f0bcfd7
Merge pull request #2201 from riverzhang/ipvs
Support ipvs mode for kube-proxy
2018-02-01 22:29:52 -06:00
Wong Hoi Sing Edison
bc2e26d7ef update apiVersion 2018-02-01 14:16:32 +08:00
Wong Hoi Sing Edison
fd80013917 lint and cleanup local_volume_provisioner 2018-02-01 14:14:18 +08:00
Chad Swenson
f7d52564aa
Merge pull request #2084 from riverzhang/devicemapper
Fix can not use devicemapper driver
2018-01-31 20:52:22 -06:00
Spencer Smith
f7e8d1149a
Merge pull request #2229 from whereismyjetpack/etcd-quorum-read
--etcd-quorum-read is depricated in kube >= 1.9
2018-01-31 17:10:10 -05:00
Spencer Smith
bd091caaf9
Merge pull request #2200 from riverzhang/hyperkube
Upgrade to Kubernetes v1.9.2
2018-01-31 16:08:22 -05:00
Spencer Smith
b455a1bf76
Merge pull request #2212 from mattymo/missing_defaults
Add missing group var default values to kubespray-defaults
2018-01-31 16:07:53 -05:00
Spencer Smith
c0a3bcf9b3
Merge pull request #2221 from Xuxe/patch-vcp-v1.9.2
Updated vSphere cloud provider config for Kubernetes >= v1.9.2 and added resource pool deployment variable
2018-01-31 16:06:07 -05:00
Dann Bohn
dc6c703741 --etcd-quorum-read is depricated in kube >= 1.9 2018-01-31 15:49:52 -05:00
Matthew Mosesohn
16629d0b8e Vault should use cert auth for etcd 2018-01-31 20:37:14 +03:00
Julian Hübenthal
7f79210ed1 reworked vsphere-cloud-config template 2018-01-31 16:51:23 +01:00
Simon Li
27a1a697e7
supplementary_addresses_in_ssl_keys can be a hostname 2018-01-31 15:16:08 +00:00
Aivars Sterns
c1267004ef
Merge pull request #2130 from ArchiFleKs/simplify_os_provider
Simplify and update OpenStack cloud provider
2018-01-31 12:02:02 +02:00
Julian Hübenthal
9cdd2214f9 render vsphere_resource_pool only if defined 2018-01-31 09:56:43 +01:00
Julian Hübenthal
989e9174c2 Added vSphere cloud provider config update for Kubernetes >= 1.9.2 2018-01-31 09:15:46 +01:00
rong.zhang
3993e12335 Fix can not be used devicemapper driver
Fix can not be used devicemapper driver
2018-01-31 15:51:11 +08:00
Brad Beam
ac4d782937
Merge pull request #2074 from fangzhen/fix-domains-split
Make spliting system_search_domains more robust
2018-01-30 21:01:19 -06:00
rong.zhang
32d18ca992 remove trailing space 2018-01-31 09:50:41 +08:00
Matthew Mosesohn
2df4b6c5d2
Rename default_resolver to cloud_resolver (#2209)
Cloud resolvers are mandatory for hosts on GCE and OpenStack
clouds. The 8.8.8.8 alternative resolver was dropped because
there is already a default nameserver. The new var name
reflects the purpose better.

Also restart apiserver when modifying dns settings.
2018-01-31 00:26:07 +03:00
Andreas Krüger
088d36da09
Increase the idx counter
Fix the idx counter to increase too, or you will end up with two same indexes.
2018-01-30 21:48:13 +01:00
Andreas Krüger
6f36faa4f9
Loadbalancer Apiserver Address is missing
If you configure your external loadbalancer to do a simple tcp pass-through to the api servers, and you do not use a DNS FQDN but just the ip, then you need to add the ip adress to the certificates too.

Example config:

```
## External LB example config
apiserver_loadbalancer_domain_name: "10.50.63.10"
loadbalancer_apiserver:
  address: 10.50.63.10
  port: 8383
```
2018-01-30 17:33:00 +01:00
RongZhang
3846384d56 Bump kube-dns to 1.14.8 (#2204)
Bump kube-dns to 1.14.8
2018-01-30 19:23:37 +03:00
Dmitri Rubinstein
331f141f63 Fix DNS entries in etcd's openssl.conf by adding a newline. (#2208)
DNS entries generated from 'etcd_cert_alt_names' variable in etcd's
openssl.conf are not terminated by a newline.

This fixes issue #2207.
2018-01-30 16:26:58 +03:00
Matthew Mosesohn
62dd3d2a9d Add missing group var default values to kubespray-defaults 2018-01-30 16:04:00 +03:00
Sébastien Han
fa8a128e49 etcd: ability to enable/disable ETCD_PEER_CLIENT_CERT_AUTH
Some installation are failing to authenticate with peers due to
etcd picking up/resoling the wrong node.

By setting 'etcd_peer_client_auth' to "False" you can disable peer client cert
authentication.

Signed-off-by: Sébastien Han <seb@redhat.com>
2018-01-30 11:19:12 +01:00
rong.zhang
b10c308a5a Support ipvs mode for kube-proxy
Support ipvs mode for kube-proxy
2018-01-30 13:09:01 +08:00
rong.zhang
e22c70e431 Upgrade to Kubernetes v1.9.2 2018-01-30 13:04:38 +08:00
Chad Swenson
f4fe9e3421
Merge pull request #2171 from ArchiFleKs/kubeproxy-lvs
Add lib/modules to kube-proxy to enable LVS
2018-01-29 22:58:02 -06:00
Brad Beam
da173615e4
Merge pull request #2048 from xizhibei/master
Fix: always only one container got synced after download
2018-01-29 16:01:11 -06:00
Matthew Mosesohn
dc6a17e092
Use include/import tasks (#2192)
import_tasks will consume far less memory, so it should be
used whenever it is compatible.
2018-01-29 14:37:48 +03:00
Miouge1
240d4193ae Update information about network sizes 2018-01-26 15:23:21 +01:00
Matthew Mosesohn
ac66e98ae9
Upgrade to Kubernetes v1.9.1 (#2152)
Raise drain timeout to 5m
2018-01-25 18:44:44 +03:00
Matthew Mosesohn
d2935ffed0
Optionally ignore the presence of extra calico pools (#2190) 2018-01-25 18:44:20 +03:00
Chad Swenson
c6e0fcea31
Merge pull request #1948 from sgmitchell/secured-etcd
Enable etcd secure client to prevent etcdctl access without cert and key
2018-01-25 09:35:51 -06:00
Chad Swenson
5d014d986b
Merge pull request #1992 from manics/flannel-hairpin
Enable flannel hairpin mode
2018-01-24 21:20:03 -06:00
mirwan
714994cad8 iptables: flush nat table as well as filter table upon reset (#2174)
* iptables: flush nat table as well as filter table upon reset

* Indentation fix
2018-01-24 20:22:49 -06:00
Brad Beam
08fe61e058
Merge pull request #2071 from riverzhang/dashboard
Update dashboard version to v1.8.1
2018-01-24 20:10:05 -06:00
Brad Beam
0c8bed21ee
Merge pull request #2019 from chadswen/disable-api-insecure-port
Support for disabling apiserver insecure port (the sequel)
2018-01-24 19:58:53 -06:00
Brad Beam
98eb845f8c
Merge pull request #2173 from mirwan/hardcoded_dnsmasq-autoscaler_image
Dnsmasq autoscaler image should be a variable
2018-01-24 16:15:59 -06:00
Brad Beam
98300e3165
Merge pull request #2155 from brutus333/fix/pvc
Fix for Issue #2141
2018-01-24 16:15:33 -06:00
Matthew Mosesohn
bf1411060e Add optional manual dns_mode (#2178) 2018-01-23 14:28:42 +01:00
Virgil Chereches
a4d142368b Renamed variable from disable_volume_zone_conflict to volume_cross_zone_attachment and removed cloud provider condition; fix identation 2018-01-23 13:14:00 +00:00
Brad Beam
eb80f9b606
Merge pull request #2154 from tdihp/proxy-conf-restart-docker
Restart docker when http-proxy.conf changed.
2018-01-22 08:39:05 -06:00
Stanislav Makar
ae47b617e3 Fix 'no such host' problem (#2148)
Fix 'no such host' problem reported by commands *kubectl logs* and *kubectl exec*
when cloud_provider is OpenStack

Closes: #2147
2018-01-22 16:08:24 +03:00
Erwan Miran
e5b4011aa4 move hardcoded dnsmasq autoscaler image to its own variable 2018-01-18 16:04:29 +01:00
Virgil Chereches
3125f93b3f Added disable_volume_zone_conflict variable 2018-01-18 10:55:23 +00:00
Spencer Smith
f19c8e8c1d
Merge pull request #2132 from PhilippeChepy/flex-volumes
Add support for flex volumes plugins.
2018-01-17 15:00:45 -05:00
ArchiFleKs
637604d08f Add lib/modules to kube-proxy to enable LVS
kube-proxy is complaining of missing modules at startup. There is a plan
to also support an LVS implementation of kube-proxy in additon to
userspace and iptables
2018-01-17 16:35:53 +01:00
Jonas Kongslund
11844c987c Make the Kubelet read-only port configurable and disable it by default. Fixes #2159. 2018-01-16 11:11:41 +04:00
Virgil Chereches
8c45c88d15 Fix for Issue #2141 - added policy file 2018-01-12 07:15:35 +00:00
Virgil Chereches
c87bb2f239 Fix for Issue #2141 2018-01-12 07:07:02 +00:00
heping
32eeb9a0e0 Restart docker when http-proxy.conf changed. 2018-01-12 10:56:25 +08:00
rong.zhang
df21fc8643 Remove initContainer 2018-01-10 12:17:17 +08:00
Spencer Smith
ccd9cc3dce
Merge pull request #2146 from abelgana/master
Manage deprecated kubelet option
2018-01-09 17:19:42 -05:00
Spencer Smith
81867402f6
Merge pull request #2145 from pslijkhuis/master
Add kubelet_custom_flags to kubelet.kubeadm.env.j2
2018-01-09 17:19:09 -05:00
Spencer Smith
4f5d61212b
Merge pull request #2144 from neith00/weave-2.1.3
updated weave to 2.1.3
2018-01-09 17:18:26 -05:00
Spencer Smith
ef96123482
Merge pull request #2068 from chadswen/remove-container-retries
Retry kube container removal during upgrade
2018-01-09 15:03:50 -05:00
Spencer Smith
ee27ab0052
Merge pull request #2124 from riverzhang/patch-3
Remove blank lines
2018-01-09 14:58:49 -05:00
Spencer Smith
57f87ba083
Merge pull request #2142 from trilogy-group/hotfix/fluentd-template
fix fluentd template
2018-01-09 14:44:50 -05:00
abelgana
a9bb72c6fd
require-kubeconfig is depricated since k8s v1.8 2018-01-09 14:35:42 -05:00
abelgana
9506c2e597
require-kubeconfig is deprecated since K8s v1.8 2018-01-09 14:33:05 -05:00
Peter Slijkhuis
32884357ff Add kubelet_custom_flags to kubelet.kubeadm.env.j2 2018-01-09 14:04:36 +01:00
neith00
88204642b7
updated weave to 2.1.3 2018-01-09 13:50:42 +01:00
Matthew Mosesohn
1401286910
Add support for cert alt names for etcd (#2139)
* Add support for cert alt names for etcd

* Update gen_certs_vault.yml
2018-01-09 14:37:34 +03:00
Lukasz Piatkowski
12eb242224 fix fluentd template 2018-01-08 13:40:47 +00:00
Philippe Chepy
df9faa1743 Add support for flex volumes plugins. 2018-01-05 17:56:36 +01:00
ArchiFleKs
ce85bcaee7 Simplify and update OpenStack cloud provider
Simplify the number of variables necessary to "just" enable OpenStack
cloud provider. Also add the new options available in K8s 1.9.
2018-01-05 12:05:24 +01:00
rong.zhang
6ed2a60978 fix run dashboard error 2018-01-04 13:13:36 +08:00
Bogdan Dobrelya
bac3bf1a5f
Fix auto-evaluated API access endpoint for bind IP (#2086)
Auto configure API access endpoint with a custom bind IP, if provided.
Fix HA docs' http URLs are https in fact, clarify the insecure vs secure
API access modes as well.

Closes: #issues/2051

Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2018-01-03 17:40:21 +01:00
RongZhang
e3b684df21
Remove blank lines
Remove blank lines
2018-01-03 00:54:04 -06:00
Steve Mitchell
e45b30d033 Add etcd key and cert environment variables for use with client auth 2018-01-02 13:52:17 -05:00
Matthew Mosesohn
ad6fecefa8
Update Kubernetes to v1.9.0 (#2100)
Update checksum for kubeadm
Use v1.9.0 kubeadm params
Include hash of ca.crt for kubeadm join
Update tag for testing upgrades
Add workaround for testing upgrades
Remove scale CI scenarios because of slow inventory parsing
in ansible 2.4.x.

Change region for tests to us-central1 to
improve ansible performance
2017-12-25 08:57:45 +00:00
Jan Jungnickel
3fdb2ccf55 Revert back to using an empty var as default to exclude hostname (#2110) 2017-12-22 22:09:59 +00:00
Matthew Mosesohn
29f5b55d42
remove unwanted whitespace for kube_override_hostname (#2105) 2017-12-22 11:31:18 +00:00
rong.zhang
5aef52e8c0 fix dashboard certs secret 2017-12-22 11:17:05 +08:00
Matthew Mosesohn
6bb46e3ecb
Fix param names in preparation for Kubernetes v1.9.0 (#2098)
This does not update v1.9.0, but fixes two incompatibilities
when trying to deploy v1.9.0.
2017-12-20 10:48:09 +00:00
Matthew Mosesohn
127bc01857
Do not override kubelet hostname if cloud_provider is used (#2095)
Starting with Kubernetes v1.8.4, kubelet ignores the AWS cloud
provider string and uses the override hostname, which fails
Node admission checks.

Fixes #2094
2017-12-19 20:18:20 +00:00