C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
1379 commits 17 branches 66 tags 141 MiB
Commit graph

798 commits

Author SHA1 Message Date
Greg Althaus
8f00a07bf6 Due to the nsenter and other reworks, it appears that 
kubelet lost the ability to load kernel modules.  This
puts that back by adding the lib/modules mount to kubelet.

The new variable kubelet_load_modules can be set to true
to enable this item.  It is OFF by default.
 2017-02-09 10:02:26 -06:00
Matthew Mosesohn
b5cfeca474 Merge pull request #999 from holser/decrease_weave_ram_limits 
Lower weave RAM settings.
 2017-02-09 13:19:12 +03:00
Bogdan Dobrelya
93c562b1bb Merge pull request #902 from insequent/master 
Adding vault role
 2017-02-09 09:24:52 +01:00
Bogdan Dobrelya
d0f4ab3129 Merge pull request #993 from code0x9/master 
enable proxy support on docker repository
 2017-02-09 09:21:01 +01:00
Antoine Legrand
35a7ad55d0 Merge pull request #986 from vwfs/dnsmasq_system_nameservers 
Also add the system nameservers to upstream servers in dnsmasq
 2017-02-08 23:21:54 +01:00
Josh Conant
764ad6e099 Vault security hardening and role isolation 2017-02-08 21:41:36 +00:00
Josh Conant
1025d489ad Adding the Vault role 2017-02-08 21:31:28 +00:00
Sergii Golovatiuk
bde4d11a4a Lower weave RAM settings. 
- Since Weave 1.8.x was rewritten in Golang we may decrease RAM settings
  to continue using g1-small for CI
 2017-02-08 18:50:36 +01:00
Alexander Block
94d9f03ddb Also add the system nameservers to upstream servers in dnsmasq 
Also make no-resolv unconditional again. Otherwise, we may end up in
a resolver loop. The resolver loop was the cause for the piling up
parallel queries.
 2017-02-08 14:38:55 +01:00
Matthew Mosesohn
0ea7f94b0c Merge pull request #994 from mattymo/docker_save 
Change docker save compress level to 1
 2017-02-08 15:13:15 +03:00
Matthew Mosesohn
ce3bee4eb8 Merge pull request #990 from mattymo/fix_cert_upgrade 
Fix check for node-NODEID certs existence
 2017-02-08 14:44:09 +03:00
Matthew Mosesohn
94407f86ff Merge pull request #971 from bradbeam/efk 
Adding EFK logging stack
 2017-02-08 14:28:04 +03:00
Mark Lee
3cc9693895 Update rh_docker.repo.j2 2017-02-08 20:03:51 +09:00
Matthew Mosesohn
3c7952d7f1 Merge pull request #992 from vwfs/host_mount_dev 
Host mount /dev for kubelet
 2017-02-08 13:45:22 +03:00
Matthew Mosesohn
a4caceedef Change docker save compress level to 1 
Faster gzip improves CI deploy times by at least 2 mins.

Fixes #982
 2017-02-08 13:25:11 +03:00
Mark Lee
5a2de36a55 Merge branch 'master' of https://github.com/kubespray/kargo 2017-02-08 19:19:26 +09:00
Mark Lee
8783cef044 enable proxy support on docker repository 2017-02-08 19:19:08 +09:00
Matthew Mosesohn
0de857a18a Merge pull request #987 from mattymo/etcd-retune 
Re-tune ETCD performance params
 2017-02-08 13:00:25 +03:00
Bogdan Dobrelya
320d03c01c Merge pull request #956 from adidenko/update-netchecker 
Update playbooks to support new netchecker
 2017-02-08 10:09:46 +01:00
Alexander Block
08367f4abb Host mount /dev for kubelet 2017-02-08 09:55:51 +01:00
Matthew Mosesohn
012bc49404 Fix check for node-NODEID certs existence 
Fixes upgrade from pre-individual node cert envs.
 2017-02-07 21:06:48 +03:00
Matthew Mosesohn
ad2e1e10bf Re-tune ETCD performance params 
Reduce election timeout to 5000ms (was 10000ms)
Raise heartbeat interval to 250ms (was 100ms)
Remove etcd cpu share (was 300)
Make etcd_cpu_limit and etcd_memory_limit optional.
 2017-02-07 20:15:14 +03:00
Matthew Mosesohn
7bfade0fbb Merge pull request #969 from mattymo/port_reserve 
Prevent dynamic port allocation in nodePort range
 2017-02-07 18:24:57 +03:00
Aleksandr Didenko
3b816ee660 Update playbooks to support new netchecker 
Netchecker is rewritten in Go lang with some new args instead of
env variables. Also netchecker-server no longer requires kubectl
container. Updating playbooks accordingly.
 2017-02-07 15:20:34 +01:00
Matthew Mosesohn
7a9161d462 Prevent dynamic port allocation in nodePort range 
kube_apiserver_node_port_range should be accessible only
to kube-proxy and not be taken by a dynamic port allocation.

Potentially temporary if https://github.com/kubernetes/kubernetes/issues/40920
gets fixed.
 2017-02-06 20:01:16 +03:00
Sergii Golovatiuk
8503a5afea Improve Weave 
- Remove weave CPU limits from .gitlab-ci.yml. Closes: #975
- Fix weave version in documentation

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
 2017-02-06 13:24:40 +01:00
Antoine Legrand
edcd91f7f6 Merge pull request #963 from rutsky/bastion-ansible-host 
handle both 'ansible_host' and 'ansible_ssh_host' in bastion configration
 2017-02-04 15:42:39 -05:00
Brad Beam
8218b9970f Adding EFK logging stack 2017-02-03 16:27:08 -06:00
Bogdan Dobrelya
e53d3fe9c8 Merge pull request #949 from vmtyler/master 
Fixes Support for OpenStack v3 credentials
 2017-02-03 12:22:00 +01:00
Vladimir Rutsky
1711530cd4 handle both 'ansible_host' and 'ansible_ssh_host' in bastion configuration 
'absible_ssh_host' is deprecated in Ansible 2.0 and at least
'contrib/inventory_builder/inventory.py' uses 'ansible_host' instead.
 2017-02-02 18:34:53 +03:00
Matthew Mosesohn
b7cbd5b9c5 Merge pull request #927 from holser/nsenter_fix 
Remove nsenter workaround
 2017-02-02 18:18:15 +03:00
Matthew Mosesohn
b9869b7708 Merge pull request #901 from galthaus/dns-tweak 
DHCP Hook protections
 2017-02-02 16:47:16 +03:00
Sergii Golovatiuk
b610c1627e Remove nsenter workaround 
- Docker 1.12 and further don't need nsenter hack. This patch removes
  it.  Also, it bumps the minimal version to 1.12.

Closes #776

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
 2017-02-02 14:38:11 +01:00
Sergii Golovatiuk
83a90861ba Fix weave-net after upgrade to 1.82 
- Set recommended CPU settings
- Cleans up upgrade to weave 1.82. The original WeaveWorks
daemonset definition uses weave-net name.
- Limit DS creation to master
- Combined 2 tasks into one with better condition
 2017-02-02 10:31:58 +01:00
Matthew Mosesohn
776e48e898 Merge pull request #957 from mattymo/weave-net-naming 
Rename weave-kube to weave-net
 2017-02-02 10:18:02 +03:00
Greg Althaus
0037d0e6b2 This continues the DHCP hook checks. Also protect the create side 
if the system doesn't have any config files at all.
 2017-01-31 09:56:27 -06:00
Matthew Mosesohn
82619b99ba Merge pull request #951 from mattymo/k8s-certs-scale 
Fix cert distribution at scale
 2017-01-31 18:49:26 +03:00
Matthew Mosesohn
a0e50a12a6 Merge pull request #954 from artem-panchenko/improve_dnsmasq 
Explicitly set config path for DNSMasq
 2017-01-31 18:48:46 +03:00
Matthew Mosesohn
f85dbfffe9 Rename weave-kube to weave-net 
Cleans up upgrade to weave 1.82. The original WeaveWorks
daemonset definition uses weave-net name.
 2017-01-31 18:47:27 +03:00
Matthew Mosesohn
1011e416a7 Fix cert distribution at scale 
Use stdin instead of bash args to pass node filenames and base64 data.
Use tempfile for master cert data
 2017-01-31 16:27:45 +03:00
Matthew Mosesohn
14331d938c Merge pull request #880 from bradbeam/weave-kube 
Weave kube
 2017-01-31 13:31:09 +03:00
Artem Panchenko
5ed8f686b3 Explicitly set config path for DNSMasq 
When DNSMasq is configured to read its settings
from a folder ('-7' or '--conf-dir' option) it only
checks that the directory exists and doesn't fail if
it's empty. It could lead to a situation when DNSMasq
is running and handles requests, but not properly
configured, so some of queries can't be resolved.
 2017-01-31 12:14:57 +02:00
Matthew Mosesohn
688cd1ffcc Merge pull request #944 from tureus/skip-cloud-config-on-etcd 
Bugfix: skip cloud_config on etcd
 2017-01-30 20:12:36 +03:00
Brad Beam
5562432999 Upgrading weave to weave-kube 2017-01-27 17:05:25 -06:00
Brad Beam
789a08ad47 Consolidating kube.py module 2017-01-27 11:28:11 -06:00
Tyler Britten
6b29c6c702 Fixed for non-null output 2017-01-27 10:47:59 -05:00
Tyler Britten
ec1c47bc5a Updated OpenStack vars to check for tenant_id (v2) and project_id (v3) 2017-01-27 10:26:20 -05:00
Xavier Lange
eb07363ddb Bugfix: skip cloud_config on etcd 2017-01-25 14:09:21 -08:00
Aleksandr Didenko
d30c52d53d Switch to ansible_hostname in calico 
For consistancy with kubernetes services we should use the same
hostname for nodes, which is 'ansible_hostname'.

Also fixing missed 'kube-node' in templates, Calico is installed
on 'k8s-cluster' roles, not only 'kube-node'.
 2017-01-25 11:49:58 +01:00
Matthew Mosesohn
2967aa2c96 Merge pull request #926 from adidenko/fix-calico-rr-for-masters 
Fix calico-rr peering with k8s masters
 2017-01-24 12:38:52 +03:00