Commit graph

3502 commits

Author SHA1 Message Date
Hans Feldt
92b1166dd0
Disable dashboard by default (#6804)
Users should opt in for features and not opt out.
2020-10-11 08:06:47 -07:00
Kenichi Omichi
e6c28982dd
Chmod kubeconfig to avoid group-readable (#6800)
After upgrading to newer Kubernetes(v1.17 at least), kubectl command
shows the following warning message:

  WARNING: Kubernetes configuration file is group-readable.
  This is insecure. Location: /home/foo/.kube/config

The kubeconfig was copied from {{ artifacts_dir }}/admin.conf with
kubeconfig_localhost feature. It is better to set valid file mode
at getting it on Kubespray.
2020-10-09 01:39:08 -07:00
Florian Ruynat
64f69718fb
Update bunch of dependencies (#6801) 2020-10-09 01:35:06 -07:00
holmesb
1301e69c7d
If no_proxy_exclude_workers is true, workers will be excluded from the no_proxy variable.  This prevents docker engine restarting when scaling workers. (#6520)
Signed-off-by: holmesb <5072156+holmesb@users.noreply.github.com>
2020-10-09 01:15:07 -07:00
Hans Feldt
99b8f0902e
crio: ensure service is started and enabled (#6753) 2020-10-07 00:10:42 -07:00
Sergey
6a4d322a7c
Do not install etcd and etcdctl on master with scale.yml playbook. (#6798)
Remove task with install etcdctl from etcd role when etcd_kubeadm_enabled=true
2020-10-06 07:04:20 -07:00
rafal-jan
9d7f358d4b
Fix csi-snapshotter timeout option. Fix ebs-external-attacher-role ClusterRole. (#6776) 2020-10-06 06:44:21 -07:00
bozzo
b1bb5a4796
Fix cinder & external_openstack cacert deployment (#6745)
The CA cert was only deployed on master nodes
2020-10-06 05:34:21 -07:00
5-sigma
f8ae086334
Added Comment line above checksum section to add clarification about Kubespray's version support and testing (#6785) 2020-10-06 05:30:21 -07:00
Florian Ruynat
c49bda7319
Update nginx ingress controller to 0.40.1 (#6786) 2020-10-06 05:10:21 -07:00
Florian Ruynat
a687013fbe
Update kube-router to 1.1.0 (#6793) 2020-10-05 13:46:20 -07:00
Hans Feldt
b0097fd0c1
harden reset to work in more cases (#6781)
reset playbook fails and does not continue cleanup after for
example a host reboot with kubelet stopped/disabled
2020-10-05 12:55:21 -07:00
Joren Zandstra
9729b6b75a
Add extra arguments variables for openstack and vsphere cloud controller manager daemonsets (#6783) 2020-10-02 10:14:48 -07:00
Florian Ruynat
58959ae82f
Update cilium with minor fix for CVE (#6784) 2020-10-02 10:02:48 -07:00
Victor Morales
a374301570
Remove arch from flannel image tag (#6765)
The 0d0cc8cf9c change creates several
DaemonSets to cover the Flannel CNI installation for different CPU
architectures. This change removes the unnecessary architecture value
from the docker tag value.

Signed-off-by: Victor Morales <v.morales@samsung.com>
2020-09-30 14:16:54 -07:00
dlandtwing
bc8e16fc69
nginx ingress: fix yaml for multiple nodeselectors (#6768)
In case multiple nodeselectors are specified in ingress_nginx_nodeselector, the generated daemonset yaml template for nginx is invalid due to missing indentation starting with the second nodeselector
2020-09-30 07:23:26 -07:00
petruha
7a730d42dd
Add bin_dir to PATH environment. (#6764) 2020-09-29 06:35:27 -07:00
Kenichi Omichi
109391031b
Add error msg for check of local ip (#6761)
When stopping at the check of "Stop if ip var does not match local ips"
the error message is like:

  fatal: [single-k8s]: FAILED! => {
      "assertion": "ip in ansible_all_ipv4_addresses",
      "changed": false,
      "evaluated_to": false,
      "msg": "Assertion failed"
  }

That doesn't contain actual IP addresses and it is difficult to understand
what was wrong. This adds the error message which contain actual IP addresses
to investigate the issue if happens.
2020-09-29 06:29:27 -07:00
Mateusz Adamek
aba63f0f9a
Added support for dynamic tags in AWS and Azure. (#6752)
* Added support for dynamic tags in AWS and Azure.

* Added examples of dynamic tags configuration.
2020-09-26 10:50:48 -07:00
Lennart Weller
e67886bf9d
add leader election timeouts and durations to available parameters (#6691) 2020-09-25 08:21:11 -07:00
Florian Ruynat
c2ac3b51c1
Update containerd to 1.3.7 - add fedora32/centos8 containerd packages (#6749) 2020-09-25 08:15:11 -07:00
emiran-orange
081a9e7bd8
/opt/cni/bin/install not before calico 3.16 (#6738) 2020-09-25 06:15:11 -07:00
Florian Ruynat
55d8ed093a
Add centos8 docker repo (#6747) 2020-09-25 06:11:11 -07:00
axelgobletbdr
77149e5d89
Fixes #6740: Allow disabling reverse DNS lookups in coredns (#6741)
* created variable to enable/disable reverse dns lookups in coredns

* fixed linting-error in dns-stack.md
2020-09-25 02:33:11 -07:00
orange-llajeanne
28839f6b71
remove duplicate audit-policy-file argument in kubeadm configuration (#6734) 2020-09-24 09:26:06 -07:00
Hans Feldt
28073c76ac
Calico upgrade path validation and old version cleanup (#6733)
* calico: add constant calico_min_version_required

and verify current deployed version against it.

* calico: remove upgrade support with data migration

The tool was used pre v3.0.0 and is no longer needed.

* calico: remove old version support from tasks

* calico: remove old ver support from policy ctrl

* calico: remove old ver support from node

* canal: remove old ver support

* remove unused calicoctl download checksums

calico_min_version_required is the oldest version that can be installed
Older versions can be removed.
2020-09-24 09:04:06 -07:00
Marco Martínez
5c448b6896
Add retries to update calico-rr data in etcd through calicoctl (#6505)
* Add retries to update calico-rr data in etcd through calicoctl

* Update update-node yaml syntax

* Add comment to clarify ansible block loop

* Remove trailing space
2020-09-24 03:24:05 -07:00
Sergey
c0fd5b2e84
remove variable 'etcd_ionice', because ionice removed from container image etcd:v3.4.x (#6735) 2020-09-23 12:34:05 -07:00
Hans Feldt
6141b98bf8
calico: default to using kdd datastore (#6693)
If already deployed, get current datastore from CNI config file
2020-09-23 08:38:09 -07:00
Florian Ruynat
2eae207435
Update docker packages to 19.03.13 + add docker f32 (#6712) 2020-09-23 08:32:19 -07:00
Florian Ruynat
9a8e4381be
Fix snapshot.storage apiVersion (#6711) 2020-09-23 08:32:10 -07:00
lukasz bielinski
5f034330c5
properly generate extravolumes in kubeadmconfig for centos (#6708) 2020-09-23 01:20:09 -07:00
Wang Zhen
edea63511d
Fix reserved memory unit in kubelet configuration (#6725)
* Fix reserved memory unit in kubelet configuration

Signed-off-by: Wang Zhen <lazybetrayer@gmail.com>

* Move systemReserved default values from template

Signed-off-by: Wang Zhen <lazybetrayer@gmail.com>
2020-09-22 15:20:09 -07:00
Florent Monbillard
80df4f8b01
Fix unintended SIGPIPE (#6721) 2020-09-22 11:14:42 -07:00
David Louks
1e79dcfcaa
Added ability to set calico vxlan vni and port. defaults to calico's … (#6678)
* Added ability to set calico vxlan vni and port. defaults to calico's documented defaults.

* Check if calico_network_backend is defined prior to checking value

* Removed calico hidden defaults for vxlan port and vni

* Fixed FELIX_VXLANVNI typo
2020-09-22 01:04:48 -07:00
Victor Morales
0d0cc8cf9c
Add multi architeture support to flannel (#6166)
Signed-off-by: Victor Morales <v.morales@samsung.com>
2020-09-22 00:44:47 -07:00
Florent Monbillard
5bd937ece0
Remove pypi repo and pip extra flags (#6729) 2020-09-21 13:27:51 -07:00
Mateus Caruccio
8908a70c19
Fails if kubeadm_version do not matches kubernetes version (#6302) 2020-09-21 07:20:32 -07:00
Marc-Antoine
5ec2467268
Add external_openstack_lbaas_provider setting for occm (#6566)
* Add external_openstack_lbaas_provider setting for occm

* Integrate with existing lbaas_provider block

* Refactor lbaas_provider config template block

* Remove external_openstack_lbaas_use_octavia from sample inventory
2020-09-21 07:04:32 -07:00
orange-llajeanne
e489e70031
add new variable allowing additionnal audit webhook server options (#6726) 2020-09-21 06:44:32 -07:00
Florian Ruynat
05c9169c70
Fix example value for etcd_quota_backend_bytes (#6724) 2020-09-21 05:42:31 -07:00
David Louks
bd49c993de
Added support for setting tiller_service_account and tiller_replicas (#6696)
* Added support for setting tiller_service_account and tiller_replicas

* Specify helm 2 version to ensure we have a test path that still hits helm 2 code

* Moved tiller_service_account to defaults.yml. Fixed is tiller_replicas defined check.
2020-09-20 23:52:30 -07:00
Florent Monbillard
5989680967
Make sure node_ip is set if node is in etcd group (#6719) 2020-09-18 17:14:27 -07:00
Florian Ruynat
151b142d30
Ignore pause from kubeadm config images list (#6689) 2020-09-18 07:32:46 -07:00
Florian Ruynat
b7c4136702
Ignore error in check mode when disabling swap (#6703) 2020-09-18 07:26:46 -07:00
David Wattier
e666fe5a8d
flannel image arch specific tag (#6685) 2020-09-18 02:12:54 -07:00
Sebastian
9ce34be217
Added missing permissions for operator. (#6683)
Related commit: 976337b750
2020-09-18 02:12:45 -07:00
Florian Ruynat
79226d0870
Add Kubernetes hashes 1.19.2/1.18.9/1.17.12 and set default (#6698) 2020-09-17 11:12:45 -07:00
Hans Feldt
6da385de9d
Use "kubeadm join" to join masters to control plane (#6661)
Remove configuration variable kubeadm_control_plane
2020-09-17 04:34:45 -07:00
Hans Feldt
0cc5e3ef03
Remove workaround with kube_proxy_remove (#6512)
* kube-proxy never gets deployed so need to remove it
2020-09-17 04:30:45 -07:00