Greg Althaus
0037d0e6b2
This continues the DHCP hook checks. Also protect the create side
...
if the system doesn't have any config files at all.
2017-01-31 09:56:27 -06:00
Matthew Mosesohn
82619b99ba
Merge pull request #951 from mattymo/k8s-certs-scale
...
Fix cert distribution at scale
2017-01-31 18:49:26 +03:00
Matthew Mosesohn
a0e50a12a6
Merge pull request #954 from artem-panchenko/improve_dnsmasq
...
Explicitly set config path for DNSMasq
2017-01-31 18:48:46 +03:00
Matthew Mosesohn
f85dbfffe9
Rename weave-kube to weave-net
...
Cleans up upgrade to weave 1.82. The original WeaveWorks
daemonset definition uses weave-net name.
2017-01-31 18:47:27 +03:00
Bogdan Dobrelya
595aa828b9
Merge pull request #955 from mattymo/disable-idempotency-check
...
Disable idempotency for ubuntu-weave-sep
2017-01-31 14:55:27 +01:00
Matthew Mosesohn
1011e416a7
Fix cert distribution at scale
...
Use stdin instead of bash args to pass node filenames and base64 data.
Use tempfile for master cert data
2017-01-31 16:27:45 +03:00
Matthew Mosesohn
14331d938c
Merge pull request #880 from bradbeam/weave-kube
...
Weave kube
2017-01-31 13:31:09 +03:00
Matthew Mosesohn
ba18b57438
Disable idempotency for ubuntu-weave-sep
...
CI is failing 40% of the time due to errors in reset.
Let's disable idempotency check per-patch until we fix it.
Fixes #953
2017-01-31 13:23:27 +03:00
Artem Panchenko
5ed8f686b3
Explicitly set config path for DNSMasq
...
When DNSMasq is configured to read its settings
from a folder ('-7' or '--conf-dir' option) it only
checks that the directory exists and doesn't fail if
it's empty. It could lead to a situation when DNSMasq
is running and handles requests, but not properly
configured, so some of queries can't be resolved.
2017-01-31 12:14:57 +02:00
Matthew Mosesohn
688cd1ffcc
Merge pull request #944 from tureus/skip-cloud-config-on-etcd
...
Bugfix: skip cloud_config on etcd
2017-01-30 20:12:36 +03:00
Bogdan Dobrelya
366a586d2a
Merge pull request #943 from bradbeam/cilint
...
Fixing lint check for ci
2017-01-30 09:19:44 +01:00
Antoine Legrand
d6d02c63df
Merge pull request #947 from bradbeam/libs
...
Consolidating kube.py module
2017-01-29 00:02:32 +01:00
Brad Beam
5562432999
Upgrading weave to weave-kube
2017-01-27 17:05:25 -06:00
Brad Beam
789a08ad47
Consolidating kube.py module
2017-01-27 11:28:11 -06:00
Bogdan Dobrelya
654122e579
Merge pull request #948 from mattymo/update_coreos
...
Update coreos-stable image
2017-01-27 17:53:17 +01:00
Tyler Britten
6b29c6c702
Fixed for non-null output
2017-01-27 10:47:59 -05:00
Tyler Britten
ec1c47bc5a
Updated OpenStack vars to check for tenant_id (v2) and project_id (v3)
2017-01-27 10:26:20 -05:00
Matthew Mosesohn
80b8d647af
Update coreos-stable image
...
Our old coreos-stable image has docker 1.10
2017-01-27 16:20:40 +04:00
neith00
fb5d1a2ab8
Using the command module instead of raw
...
Using the command module instead of raw.
Also fixed the syntax.
2017-01-26 16:28:48 +01:00
Matthew Mosesohn
4b1d461ac8
Merge pull request #941 from adidenko/use_ansible_hostname_in_calico
...
Switch to ansible_hostname in calico
2017-01-26 13:06:35 +03:00
Xavier Lange
eb07363ddb
Bugfix: skip cloud_config on etcd
2017-01-25 14:09:21 -08:00
Brad Beam
e5604d36e4
Fixing lint check for ci
2017-01-25 09:54:32 -06:00
Aleksandr Didenko
d30c52d53d
Switch to ansible_hostname in calico
...
For consistancy with kubernetes services we should use the same
hostname for nodes, which is 'ansible_hostname'.
Also fixing missed 'kube-node' in templates, Calico is installed
on 'k8s-cluster' roles, not only 'kube-node'.
2017-01-25 11:49:58 +01:00
Bogdan Dobrelya
289de2fa68
Merge pull request #933 from frozenice/hide-skipped-hosts
...
add skippy stdout callback
2017-01-25 10:33:20 +01:00
Bogdan Dobrelya
3fa816517f
Merge pull request #938 from bradbeam/ci
...
Splitting out moderator check from syntax check
2017-01-25 10:12:11 +01:00
Brad Beam
4b25083c03
Splitting out moderator check from syntax check
...
- Attempt to clarify CI runs from contributors
2017-01-24 23:05:12 -06:00
Bogdan Dobrelya
38797e9792
Merge pull request #935 from sc68cal/terraform_groupvars_update
...
Update the group_vars for Terraform
2017-01-24 11:33:17 +01:00
Bogdan Dobrelya
851a3ff937
Merge pull request #934 from frozenice/use-api-pwd-for-root
...
also use kube_api_pwd for root account
2017-01-24 11:24:02 +01:00
Matthew Mosesohn
2967aa2c96
Merge pull request #926 from adidenko/fix-calico-rr-for-masters
...
Fix calico-rr peering with k8s masters
2017-01-24 12:38:52 +03:00
Matthew Mosesohn
be3603491e
Merge pull request #932 from vwfs/centos_pin_docker_version
...
Pin docker version on RedHat and CentOS to the desired version
2017-01-24 12:21:50 +03:00
Matthew Mosesohn
52c1a682de
Merge pull request #928 from sc68cal/terraform_identity_version
...
Specify the version of the credentials to download from Horizon
2017-01-24 12:21:27 +03:00
Sean M. Collins
53d40bc9ca
Update terraform's group_vars to be a symlink
...
That way, it will not become stale.
Related bug #929
2017-01-23 16:08:37 -05:00
Sean M. Collins
03161c9322
Specify the version of the credentials to download from Horizon
...
More recent versions of OpenStack Horizon provide Identity v2 and
Identity v3 versions of the RC file.
2017-01-23 14:52:51 -05:00
David Kirstein
9f47869448
also use kube_api_pwd for root account
...
This makes it a bit more secure. Also the password can now be changed with a (inventory) variable (no need to edit all.yml).
2017-01-23 19:09:30 +01:00
David Kirstein
2c4ff935d3
add skippy stdout callback
...
It removes the teal lines when a host is skipped for a task. This makes the output less spammy and much easier to read. Empty TASK blocks are still included in the output, but that's ok.
2017-01-23 18:53:14 +01:00
Alexander Block
0b27d015d1
Pin docker version on RedHat and CentOS to the desired version
2017-01-23 12:39:54 +01:00
Aleksandr Didenko
13ae324569
Fix calico-rr peering with k8s masters
...
Calico-rr is broken for deployments with separate k8s-master and
k8s-node roles. In order to fix it we should peer k8s-cluster
nodes with calico-rr, not just k8s-node. The same for peering
with routers.
Closes #925
2017-01-23 10:19:09 +01:00
Bogdan Dobrelya
8678d107a0
Merge pull request #915 from bradbeam/ci
...
Sorting ansible args, fixed ci cluster_mode
2017-01-20 09:43:10 +01:00
Bogdan Dobrelya
f9708334c4
Merge pull request #884 from mattymo/inventory_builder_scale
...
Add scale thresholds to split etcd and k8s-masters
2017-01-20 09:34:45 +01:00
Bogdan Dobrelya
8099ed8cc4
Merge pull request #873 from crodetsky/fix_test_cases
...
Genericize test cases and namespace create pod
2017-01-20 09:30:35 +01:00
Bogdan Dobrelya
48e77cd8bb
Drop linux capabilities and rework users/groups
...
* Drop linux capabilities for unprivileged containerized
worlkoads Kargo configures for deployments.
* Configure required securityContext/user/group/groups for kube
components' static manifests, etcd, calico-rr and k8s apps,
like dnsmasq daemonset.
* Rework cloud-init (etcd) users creation for CoreOS.
* Fix nologin paths, adjust defaults for addusers role and ensure
supplementary groups membership added for users.
* Add netplug user for network plugins (yet unused by privileged
networking containers though).
* Grant the kube and netplug users read access for etcd certs via
the etcd certs group.
* Grant group read access to kube certs via the kube cert group.
* Remove priveleged mode for calico-rr and run it under its uid/gid
and supplementary etcd_cert group.
* Adjust docs.
* Align cpu/memory limits and dropped caps with added rkt support
for control plane.
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-01-20 08:50:42 +01:00
Matthew Mosesohn
979b01a145
Merge pull request #905 from galthaus/async-runs
...
Add tasks to ensure that the first nodes have their directories for cert gen
2017-01-19 18:32:27 +03:00
Matthew Mosesohn
77eeacb315
Merge pull request #904 from galthaus/nginx-port-config
...
Add nginx local balancer port configuration variable
2017-01-19 18:31:57 +03:00
Matthew Mosesohn
b47e76afdb
Merge pull request #913 from galthaus/apps-master-only
...
Ansible apps should only check for api-server running on the master.
2017-01-19 18:30:58 +03:00
Matthew Mosesohn
9d2d08404d
Merge pull request #917 from mattymo/rkt_resolvconf
...
Fix setting resolvconf when using rkt deploy mode
2017-01-19 18:30:21 +03:00
Matthew Mosesohn
59a0f17a4e
Merge pull request #916 from mattymo/update_ansible
...
Update Ansible to 2.2.1
2017-01-19 18:13:45 +03:00
Matthew Mosesohn
879a21bf9c
Merge pull request #921 from mattymo/docker113
...
Add docker 1.13, update 1.12 to 1.12.6
2017-01-19 18:13:21 +03:00
Matthew Mosesohn
16a80c4a29
Merge pull request #922 from holser/dnsmasq_dns-forward-max
...
Allow to specify number of concurrent DNS queries
2017-01-19 18:08:04 +03:00
Matthew Mosesohn
c96fa2f4fc
Add scale thresholds to split etcd and k8s-masters
...
Also adds calico-rr group if there are standalone etcd nodes.
Now if there are 50 or more nodes, 3 etcd nodes will be standalone.
If there are 200 or more nodes, 2 kube-masters will be standalone.
If thresholds are exceeded, kube-node group cannot add nodes that
belong to etcd or kube-master groups (according to above statements).
2017-01-19 17:30:56 +03:00
Matthew Mosesohn
c1ef75a005
Add docker 1.13, update 1.12 to 1.12.6
...
Fixes #903
2017-01-19 13:58:36 +03:00