C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
1260 commits 17 branches 66 tags 141 MiB
Commit graph

725 commits

Author SHA1 Message Date
Greg Althaus
04fbe42aa6 If the inventory name of the host exceeds 63 characters, 
the openssl tools will fail to create signing requests because
the CN is too long.  This is mainly a problem when FQDNs are used
in the inventory file.

THis will truncate the hostname for the CN field only at the
first dot.  This should handle the issue for most cases.
 2017-01-13 10:02:23 -06:00
Matthew Mosesohn
3b562c494d Use only one certificate for all apiservers 
https://github.com/kubernetes/kubernetes/issues/25063
 2017-01-13 14:03:20 +03:00
Bogdan Dobrelya
9a07782016 Merge pull request #891 from galthaus/selinux-order 
preinstall fails on AWS CentOS7 image
 2017-01-13 11:51:18 +01:00
Alexander Block
cee3b01987 Don't try to delete kargo specific config from dhclient when file does not exist 
Also remove the check for != "RedHat" when removing the dhclient hook,
as this had also to be done on other distros. Instead, check if the
dhclienthookfile is defined.
 2017-01-13 10:56:10 +01:00
Greg Althaus
85efd263b3 When running on CentOS7 image in AWS with selinux on, the order of 
the tasks fail because selinux prevents ip-forwarding setting.

Moving the tasks around addresses two issues.  Makes sure that
the correct python tools are in place before adjusting of selinux
and makes sure that ipforwarding is toggled after selinux adjustments.
 2017-01-12 10:12:21 -06:00
Bogdan Dobrelya
808a50bc23 Merge pull request #830 from mattymo/k8sperhost 
Generate individual certificates for k8s hosts
 2017-01-12 12:42:14 +01:00
Alexander Block
d6c0d2785b Add tasks to undo changes to hosts /etc/resolv.conf and dhclient configs 2017-01-11 16:56:16 +01:00
Matthew Mosesohn
ed253e5c5a Generate individual certificates for k8s hosts 2017-01-11 12:58:07 +03:00
Matthew Mosesohn
c779bf8cd3 Merge pull request #878 from bradbeam/rkt-cni 
Adding /opt/cni /etc/cni to rkt run kubelet
 2017-01-11 12:22:04 +03:00
Bogdan Dobrelya
928de8d8bb Merge pull request #872 from mattymo/bug868 
Bind nginx localhost proxy to localhost
 2017-01-10 17:09:25 +01:00
Brad Beam
7420bf584c Adding /opt/cni /etc/cni to rkt run kubelet 2017-01-10 08:48:58 -06:00
Bogdan Dobrelya
fd53e2c670 Merge pull request #793 from kubernetes-incubator/fix_dhclientconf_path 
Fix wrong path of dhclient on CentOS+Azure
 2017-01-10 13:23:55 +01:00
Bogdan Dobrelya
9f74c02004 Merge pull request #858 from bradbeam/calicoctl-canal 
Misc updates for canal
 2017-01-10 12:24:59 +01:00
Matthew Mosesohn
ce84320462 Merge pull request #860 from adidenko/fix-calico-rr-certs 
Fix etcd cert generation for calico-rr role
 2017-01-09 18:34:02 +03:00
Bogdan Dobrelya
35ea6cef19 Merge pull request #871 from mattymo/fix_system_search_domains 
Fix docker dns host scenario with no search domains
 2017-01-09 15:52:12 +01:00
Matthew Mosesohn
e9d5aa0f07 Bind nginx localhost proxy to localhost 
This proxy should only be listening for local connections, not 0.0.0.0.

Fixes #868
 2017-01-09 17:19:54 +03:00
Matthew Mosesohn
846b96efa1 Fix docker dns host scenario with no search domains 
Fixes scenario where docker-dns.conf tries to create an empty
search entry
 2017-01-09 16:36:44 +03:00
Aleksandr Didenko
a47f2d611c Fix etcd cert generation for calico-rr role 
"etcd_node_cert_data" variable is undefinded for "calico-rr" role.
This patch adds "calico-rr" nodes to task where "etcd_node_cert_data"
variable is registered.
 2017-01-09 12:06:25 +01:00
Aleksandr Didenko
11e1bb64bd Set latest stable versions for Calico images 
Change version for calico images to v1.0.0. Also bump versions for
CNI and policy controller.

Also removing images repo and tag duplication from netchecker role
 2017-01-09 12:05:49 +01:00
Bogdan Dobrelya
d296284bfa Merge pull request #799 from kubernetes-incubator/docker_dns 
Implement "dockerd --dns-xxx" based dns mode
 2017-01-09 11:38:02 +01:00
Alexander Block
ad7ded59e9 Only use default resolver in dnsmasq when we are using host_resolvconf mode 2017-01-06 10:21:07 +01:00
Alexander Block
2b3dbae9d6 Introduce dns_mode and resolvconf_mode and implement docker_dns mode 
Also update reset.yml to do more dns/network related cleanup.
 2017-01-05 23:38:51 +01:00
Spencer Smith
bee6166b4c remove assertion for family not being CoreOS 2017-01-05 13:36:25 -05:00
Brad Beam
43adafe746 Create network policy directory for canal 2017-01-05 10:54:27 -06:00
Brad Beam
ff24f9712a Adding calicoctl to canal deployment 2017-01-05 10:54:27 -06:00
Bogdan Dobrelya
da9da08964 Better fix for different CoreOS os family facts 
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
 2017-01-05 16:32:08 +01:00
Bogdan Dobrelya
68a6fa1146 Rename CoreOS fact 
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
 2017-01-05 14:02:29 +01:00
Bogdan Dobrelya
8d9c4233e2 Merge branch 'master' into rkt 2017-01-05 10:34:18 +01:00
Brad Beam
9432a5cd73 Adding kubelet in rkt 2017-01-03 14:49:48 -06:00
Brad Beam
0f5a30ee8a Allowing etcd to run via rkt 2017-01-03 10:10:38 -06:00
Brad Beam
18715b2116 Adding initial rkt support 2017-01-03 10:08:43 -06:00
Bogdan Dobrelya
2fe58c361f Fix cert paths for flannel/calico policy apps 
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
 2017-01-03 16:12:54 +01:00
Alexander Block
2538c958db Upgrade docker version and do some cleanups for unsupported distros/docker versions 2017-01-02 18:05:50 +01:00
Bogdan Dobrelya
130f0908ce Merge pull request #847 from bogdando/bug_769 
Fix etc hosts for cluster nodes
 2017-01-02 17:47:23 +01:00
Bogdan Dobrelya
62313afccc Fix etc hosts for cluster nodes 
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
 2017-01-02 13:20:51 +01:00
Bogdan Dobrelya
f16a512aea Drop non systemd OS types support 
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
 2017-01-02 12:14:03 +01:00
Matthew Mosesohn
bd0f787809 Fix etcd cert generation to support large deployments 
Due to bash max args limits, we should pass all node filenames and
base64-encoded tar data through stdin/stdout instead.

Fixes #832
 2016-12-30 12:55:26 +03:00
Bogdan Dobrelya
6e1c0cdd15 Systemd units, limits, and bin path fixes 
* Add restart for weave service unit
* Reuse docker_bin_dir everythere
* Limit systemd managed docker containers by CPU/RAM. Do not configure native
  systemd limits due to the lack of consensus in the kernel community
  requires out-of-tree kernel patches.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
 2016-12-28 15:49:42 +01:00
Matthew Mosesohn
2ac2a3ed93 Fix creation and sync of etcd certs 
Admin certs only go to etcd nodes
Only generate cert-data for nodes that need sync
 2016-12-28 14:21:17 +04:00
Matthew Mosesohn
612c5bb5f1 Merge pull request #818 from mattymo/calico-rr-certs 
Fix calico-rr to use etcd certs instead of kube certs
 2016-12-28 08:47:16 +03:00
Matthew Mosesohn
716b590f3b Fix calico-rr to use etcd certs instead of kube certs 2016-12-27 17:04:50 +03:00
Bogdan Dobrelya
9b29df183b Rework ignore_errors to report no reds 
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
 2016-12-27 13:00:50 +01:00
Bogdan Dobrelya
222859601e Do not forward bogus domains for upstream resolvers 
Also fix kube log level 4 to log dnsmasq queries.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
 2016-12-23 11:53:14 +01:00
Matthew Mosesohn
a2c38f5f5f Update etcd.j2 2016-12-22 22:29:24 +03:00
Matthew Mosesohn
e5374af95c Adjust etcd server certificates 
ETCD doesn't need cert/key options set. It only requires peer
cert options.
 2016-12-22 23:05:17 +04:00
Spencer Smith
f3f16e3676 Workaround etcdctl not yet being installed (#797) 
workaround case for etcdctl not yet being installed, only allow for return code of 0 (no error)
 2016-12-22 12:41:38 -05:00
Matthew Mosesohn
370ad3acba Merge pull request #760 from genti-t/issue-748-flannel-options 
Fix Flannel network on CoreOS
 2016-12-22 19:02:31 +03:00
Genti Topija
a42b458fdf Fix Flannel network on CoreOS 
Resolves: #748
 2016-12-22 16:50:04 +01:00
Matthew Mosesohn
5457799aa3 Individual etcd ssl certs 
Includes hooks for triggering calico, kubelet, and kube-apiserver restarts
if etcd certs changed.
 2016-12-22 13:31:11 +03:00
Bogdan Dobrelya
85f31a369e Merge pull request #786 from mattymo/bug777 
Add wait for kube-apiserver to kubernetes-apps
 2016-12-22 11:02:50 +01:00