Aivars Sterns
72f053d9bb
Merge pull request #2972 from mattymo/force_cni_cp
...
Force copy cni files
2018-07-10 09:40:10 +03:00
Dao Hoang Son
d306c9708c
Remove step that force disable kube_basic_auth
.
...
The referenced issue (https://github.com/kubernetes/kubeadm/issues/441 ) has already been fixed.
2018-07-08 16:57:43 +07:00
Matthew Mosesohn
1a3b9dd864
Force copy cni files
2018-07-06 16:39:42 +03:00
Miouge1
2a279e30b0
CheckNodePIDPressure is not supported in v1.10
2018-06-28 20:10:38 +02:00
Andreas Krüger
cbb959151c
Merge pull request #2737 from Miouge1/update-scheduler
...
Update kube-scheduler policy
2018-06-19 14:53:22 +02:00
Matthew Mosesohn
61e97251a5
Improve variable handling for disabling etcd events cluster
2018-06-18 16:58:29 +03:00
Andreas Krüger
e60a63ea51
Merge pull request #2577 from woopstar/etcd-fix-4
...
Makeover of etcd- and etcd-cluster setup.
2018-05-16 20:49:54 +02:00
Matthew Mosesohn
7c93e71801
Upgrade k8s to 1.10.2 ( #2748 )
...
* Upgrade k8s to 1.10.2
Bumped etcd version to 3.2.16 as recommended
* Add ipvs fix for v1.10
* change flannel addons test to ha
2018-05-15 16:00:29 +03:00
Christopher J. Ruwe
73800ef111
make certificates non-executable
2018-05-15 07:54:32 +00:00
Miouge1
ad48606e4e
Restart scheduler when policy changes
2018-05-14 10:09:30 +02:00
Matthew Mosesohn
07cc981971
refactor vault role ( #2733 )
...
* Move front-proxy-client certs back to kube mount
We want the same CA for all k8s certs
* Refactor vault to use a third party module
The module adds idempotency and reduces some of the repetitive
logic in the vault role
Requires ansible-modules-hashivault on ansible node and hvac
on the vault hosts themselves
Add upgrade test scenario
Remove bootstrap-os tags from tasks
* fix upgrade issues
* improve unseal logic
* specify ca and fix etcd check
* Fix initialization check
bump machine size
2018-05-11 19:11:38 +03:00
Andreas Krüger
28d6eb6af1
Merge pull request #2644 from cp3hu/master
...
Fix apiserver manifest and kubelet for kube version < 1.9
2018-05-08 09:22:36 +02:00
Miouge1
70e0998a70
Update kube-scheduler policy
2018-05-03 21:56:51 +02:00
woopstar
4c81cd2a71
Merge branch 'master' of https://github.com/kubernetes-incubator/kubespray into etcd-fix-4
2018-05-02 14:45:58 +02:00
Suzuka Asagiri
f81e6d2ccf
Add oidc-user-prefix and oidc-group-prefix args
2018-04-23 12:23:59 +09:00
Chad Swenson
d87b6fd9f3
Use dedicated front-proxy-ca for front-proxy-client
2018-04-12 11:03:22 -05:00
Christian Phu
3535c29e59
Fix apiserver manifest for kube version < 1.9
2018-04-10 18:17:56 +02:00
Marcelo Grebois
88765f62e6
Updating order
...
https://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use
2018-04-10 17:17:39 +02:00
Marcelo Grebois
4c12b273ac
Enabling MutatingAdmissionWebhook for Istio Automatic sidecar injection
...
https://istio.io/docs/setup/kubernetes/sidecar-injection.html#automatic-sidecar-injection
2018-04-09 12:49:05 +02:00
Andreas Krüger
2511e14289
Merge pull request #2346 from Miouge1/kube-scheduler-mode
...
Use legacy policy config to apply the scheduler policy
2018-04-04 10:20:51 +02:00
woopstar
86e3506ae6
Etcd cluster setup makeover
...
The current way to setup the etc cluster is messy and buggy.
- It checks for cluster is healthy before the cluster is even created.
- The unit files are started on handlers, not in the task, so you mess with "flush handlers".
- The join_member.yml is not used.
- etcd events cluster is not configured for kubeadm
- remove duplicate runs between running the role on etcd nodes and k8s nodes
2018-04-01 21:38:33 +02:00
Wong Hoi Sing Edison
195d6d791a
Integrate jetstack/cert-manager 0.2.3 to Kubespray
2018-03-31 19:29:11 +08:00
Andreas Krüger
d9418b1dc4
Merge pull request #2554 from georgejdli/fix-sa-token-signing
...
Fix kubespray's ServiceAccount token signing keys
2018-03-31 09:59:22 +02:00
Andreas Krüger
76cb37d6b5
Merge pull request #2544 from woopstar/cert-fix-2
...
Update openssl.conf to count better and work with Jinja 2.9
2018-03-30 21:57:17 +02:00
georgejdli
572ab650db
copy dedicated service account token signing key for kubeadm migration
2018-03-30 13:03:32 -05:00
Matthew Mosesohn
03bcfa7ff5
Stop templating kube-system namespace and creating it ( #2545 )
...
Kubernetes makes this namespace automatically, so there is
no need for kubespray to manage it.
2018-03-30 14:29:13 +03:00
Andreas Kruger
af5f376163
Revert
2018-03-30 11:42:20 +02:00
woopstar
004b0a3fcf
Fix merge conflict
2018-03-30 11:38:59 +02:00
Andreas Krüger
f619eb08b1
Merge pull request #2350 from whereismyjetpack/kubeadm-nodename
...
set nodeName to "{{ inventory_hostname }}" in kubeadm-config
2018-03-30 11:15:52 +02:00
Kuldip Madnani
daeeae1a91
Added retries in pre-upgrade.yml and retries while applying kube-dns.yml ( #2553 )
...
* Added retries in pre-upgrade.yml and retries while applying kube-dns.yml
* Removed trailing spaces
2018-03-29 11:37:32 -05:00
georgejdli
c8f857eae4
configure kubespray to sign service account tokens with a dedicated and stable key
2018-03-29 09:50:31 -05:00
Dann Bohn
1d0415a6cf
fixes typo in kube_override_hostname for kubeadm
2018-03-24 13:29:07 -04:00
Dann Bohn
9fa995ac9d
only sets nodeName in kubeadm-config when kube_override_hostname is set
2018-03-23 08:33:25 -04:00
Andreas Krüger
30e4b89837
Merge pull request #2504 from brtknr/patch-1
...
Update kube-apiserver.manifest.j2 and kubeadm-config.yaml.j2 to incorporate `endpoint-reconciler-type: lease`
2018-03-22 09:15:55 +01:00
Andreas Krüger
ff2b8e5e60
Merge pull request #2503 from woopstar/kubelet-fix-1
...
Fix duplicate --proxy-client-cert-file and --proxy-client-key-file
2018-03-21 10:03:31 +01:00
mirwan
ee8f678010
Addition of the .creds extension to the credentials files generated by password lookup in order for Ansible not to consider them as inventory files with inventory_ignore_extensions set accordingly ( #2446 )
2018-03-21 10:50:32 +03:00
Bharat Kunwar
13e47e73c8
Update kubeadm-config.yaml.j2
...
As requested
2018-03-20 13:33:36 +00:00
Bharat Kunwar
d2fd7b7462
Update kube-apiserver.manifest.j2
2018-03-20 12:19:53 +00:00
Bharat Kunwar
d9453f323b
Update kube-apiserver.manifest.j2
2018-03-20 12:16:35 +00:00
Bharat Kunwar
b787b76c6c
Update kube-apiserver.manifest.j2
...
Ensure that kube-apiserver will respond even if one of the nodes are down.
2018-03-20 12:06:34 +00:00
woopstar
a94a407a43
Fix duplicate --proxy-client-cert-file and --proxy-client-key-file
2018-03-20 12:08:36 +01:00
Andreas Krüger
d29a1db134
Merge pull request #2461 from woopstar/patch-11
...
Add support to kubeadm too
2018-03-16 08:24:31 +01:00
Andreas Krüger
653d97dda4
Merge pull request #2472 from woopstar/patch-12
...
Make sure output from extra args is strings
2018-03-16 08:23:50 +01:00
woopstar
40c0f3756b
Encapsulate item instead of casting to string
2018-03-15 20:27:21 +01:00
Andreas Krüger
3d6fd49179
Added option for encrypting secrets to etcd v.2 ( #2428 )
...
* Added option for encrypting secrets to etcd
* Fix keylength to 32
* Forgot the default
* Rename secrets.yaml to secrets_encryption.yaml
* Fix static path for secrets file to use ansible variable
* Rename secrets.yaml.j2 to secrets_encryption.yaml.j2
* Base64 encode the token
* Fixed merge error
* Changed path to credentials dir
* Update path to secrets file which is now readable inside the apiserver container. Set better file permissions
* Add encryption option to k8s-cluster.yml
2018-03-15 22:20:05 +03:00
Andreas Krüger
788e41a315
Make sure output from extra args is strings
...
Setting the following:
```
kube_kubeadm_controller_extra_args:
address: 0.0.0.0
terminated-pod-gc-threshold: "100"
```
Results in `terminated-pod-gc-threshold: 100` in the kubeadm config file. But it has to be a string to work.
2018-03-14 19:23:43 +01:00
Andreas Krüger
39d247a238
Add support to kubeadm too
...
Explicitly defines the --kubelet-preferred-address-types parameter #2418
Fixes #2453
2018-03-13 10:31:15 +01:00
Ayaz Ahmed Khan
89847d5684
Explicitly defines the --kubelet-preferred-address-types parameter
...
to the API server configuration.
This solves the problem where if you have non-resolvable node names,
and try to scale the server by adding new nodes, kubectl commands
start to fail for newly added nodes, giving a TCP timeout error when
trying to resolve the node hostname against a public DNS.
2018-03-05 15:25:14 +01:00
RongZhang
67ffd8e923
Add etcd-events cluster for kube-apiserver ( #2385 )
...
Add etcd-events cluster for kube-apiserver
2018-03-01 11:39:14 +03:00
Nedim Haveric
2bd3776ddb
fix apiserver manifest when disabling insecure_port
2018-02-22 14:00:32 +01:00