Andrew Greenwood
958bb5285d
Update kubedns image to latest
2017-10-29 21:57:32 -04:00
Spencer Smith
f0317ae70b
Merge pull request #1876 from ArchiFleKs/update_flannel
...
update flannel
2017-10-27 15:22:54 -04:00
Spencer Smith
591941bd39
Merge pull request #1884 from abelgana/master
...
Sysctl reload if needed after IP forward enabling
2017-10-27 15:12:08 -04:00
Spencer Smith
e90769c869
Merge pull request #1888 from chapsuk/issue_1885
...
Disable swap in vagrant vms
2017-10-27 15:10:16 -04:00
mkrasilnikov
2c7c956be9
Disable swap in vagrant vms
2017-10-27 19:57:54 +03:00
Matthew Mosesohn
fe81bba08d
Force kubelet certificates to be generated as lowercase ( #1886 )
...
All nodes get converted to lowercase, so certs should set
CN with lowercase as well.
2017-10-27 15:58:25 +01:00
Aivars Sterns
84cf6fbe83
change ssh_args/bastion configuration ( #1883 )
2017-10-27 12:18:39 +01:00
abelgana
d9160f19c0
Sysctl reload if needed after IP forward enabling
...
Add reload yes to reload sysctl if the value of net.ipv4.ip_forward changes.
- name: Enable ip forwarding
sysctl:
sysctl_file: "{{sysctl_file_path}}"
name: net.ipv4.ip_forward
value: 1
state: present
reload: yes
tags:
- bootstrap-os
2017-10-26 13:06:21 -04:00
Brad Beam
ba0a03a8ba
Merge pull request #1880 from mattymo/node_auth_fixes2
...
Move cluster roles and system namespace to new role
2017-10-26 10:02:24 -05:00
Matthew Mosesohn
b0f04d925a
Update network policy setting for Kubernetes 1.8 ( #1879 )
...
It is now enabled by default in 1.8 with the api changed
to networking.k8s.io/v1 instead of extensions/v1beta1.
2017-10-26 15:35:26 +01:00
Matthew Mosesohn
ec53b8b66a
Move cluster roles and system namespace to new role
...
This should be done after kubeconfig is set for admin and
before network plugins are up.
2017-10-26 14:36:05 +01:00
ArchiFleKs
6e949bf951
update flannel
2017-10-26 11:18:06 +02:00
Matthew Mosesohn
86fb669fd3
Idempotency fixes ( #1838 )
2017-10-25 21:19:40 +01:00
Matthew Mosesohn
7123956ecd
update checksum for kubeadm ( #1869 )
2017-10-25 21:15:16 +01:00
Spencer Smith
46cf6b77cf
Merge pull request #1857 from pmontanari/patch-1
...
Use same kubedns_version: 1.14.5 in downloads and kubernetes-apps/ansible roles
2017-10-25 10:05:43 -04:00
Matthew Mosesohn
a52bc44f5a
Fix broken CI jobs ( #1854 )
...
* Fix broken CI jobs
Adjust image and image_family scenarios for debian.
Checkout CI file for upgrades
* add debugging to file download
* Fix download for alternate playbooks
* Update ansible ssh args to force ssh user
* Update sync_container.yml
2017-10-25 11:45:54 +01:00
Matthew Mosesohn
acb63a57fa
Only limit etcd memory on small hosts ( #1860 )
...
Also disable oom killer on etcd
2017-10-25 10:25:15 +01:00
Flavio Percoco Premoli
5b08277ce4
Access dict item's value keys using .value ( #1865 )
2017-10-24 20:49:36 +01:00
Chiang Fong Lee
5dc56df64e
Fix ordering of kube-apiserver admission control plug-ins ( #1841 )
2017-10-24 17:28:07 +01:00
Matthew Mosesohn
33c4d64b62
Make ClusterRoleBinding to admit all nodes with right cert ( #1861 )
...
This is to work around #1856 which can occur when kubelet
hostname and resolvable hostname (or cloud instance name)
do not match.
2017-10-24 17:05:58 +01:00
Matthew Mosesohn
25de6825df
Update Kubernetes to v1.8.1 ( #1858 )
2017-10-24 17:05:45 +01:00
Peter Lee
0b60201a1e
fix etcd health check bug ( #1480 )
2017-10-24 16:10:56 +01:00
Haiwei Liu
cfea99c4ee
Fix scale.yml to supoort kubeadm ( #1863 )
...
Signed-off-by: Haiwei Liu <carllhw@gmail.com>
2017-10-24 16:08:48 +01:00
Matthew Mosesohn
cea41a544e
Use include instead of import tasks to support v2.3 ( #1855 )
...
Eventually 2.3 support will be dropped, so this is
a temporary change.
2017-10-23 13:56:03 +01:00
pmontanari
8371a060a0
Update main.yml
...
Match kubedns_version with roles/download/defaults/main.yml:kubedns_version: 1.14.5
2017-10-22 23:48:51 +02:00
Matthew Mosesohn
7ed140cea7
Update refs to kubernetes version to v1.8.0 ( #1845 )
2017-10-20 08:29:28 +01:00
Matthew Mosesohn
0b4fcc83bd
Fix up warnings and deprecations ( #1848 )
2017-10-20 08:25:57 +01:00
Matthew Mosesohn
514359e556
Improve etcd scale up ( #1846 )
...
Now adding unjoined members to existing etcd cluster
occurs one at a time so that the cluster does not
lose quorum.
2017-10-20 08:02:31 +01:00
Matthew Mosesohn
fc9a65be2b
Refactor downloads to use download role directly ( #1824 )
...
* Refactor downloads to use download role directly
Also disable fact delegation so download delegate works acros OSes.
* clean up bools and ansible_os_family conditionals
2017-10-19 09:17:11 +01:00
Jan Jungnickel
49dff97d9c
Relabel controler-manager to kube-controller-manager ( #1830 )
...
Fixes #1129
2017-10-18 17:29:18 +01:00
Matthew Mosesohn
4efb0b78fa
Move CI vars out of gitlab and into var files ( #1808 )
2017-10-18 17:28:54 +01:00
Hassan Zamani
c9fe8fde59
Use fail-swap-on flag only for kube_version >= 1.8 ( #1829 )
2017-10-18 16:32:38 +01:00
Matthew Mosesohn
16462292e1
Properly skip extra SANs when not specified for kubeadm ( #1831 )
2017-10-18 12:04:13 +01:00
pmontanari
20d80311f0
Update main.yml ( #1822 )
...
* Update main.yml
Needs to set up resolv.conf before updating Yum cache otherwise no name resolution available (resolv.conf empty).
* Update main.yml
Removing trailing spaces
2017-10-18 11:42:00 +01:00
Tennis Smith
54320c5b09
set to 3 digit version number ( #1817 )
2017-10-17 11:14:29 +01:00
Seungkyu Ahn
291b71ea3b
Changing default value string to boolean. ( #1669 )
...
When downloading containers or files, use boolean
as a default value.
2017-10-17 11:14:12 +01:00
Rémi de Passmoilesel
356515222a
Add possibility to insert more ip adresses in certificates ( #1678 )
...
* Add possibility to insert more ip adresses in certificates
* Add newline at end of files
* Move supp ip parameters to k8s-cluster group file
* Add supplementary addresses in kubeadm master role
* Improve openssl indexes
2017-10-17 11:06:07 +01:00
Aivars Sterns
688e589e0c
fix #1788 lock dashboard version to 1.6.3 version while 1.7.x is not working ( #1805 )
2017-10-17 11:04:55 +01:00
刘旭
6c98201aa4
remove kube-dns versions and images in kubernetes-apps/ansible/defaults/main.yaml ( #1807 )
2017-10-17 11:03:53 +01:00
Matthew Mosesohn
d4b10eb9f5
Fix path for calico get node names ( #1816 )
2017-10-17 10:54:48 +01:00
Jiří Stránský
728d56e74d
Only write bastion ssh config when needed ( #1810 )
...
This will allow running Kubespray when the user who runs it doesn't
have write permissions to the Kubespray dir, at least when not using
bastion.
2017-10-17 10:28:45 +01:00
neith00
77f1d4b0f1
Revert "Update roadmap" ( #1809 )
...
* Revert "Debian jessie docs (#1806 )"
This reverts commit d78577c810
.
* Revert "[contrib/network-storage/glusterfs] adds service for glusterfs endpoint (#1800 )"
This reverts commit 5fb6b2eaf7
.
* Revert "[contrib/network-storage/glusterfs] bootstrap for glusterfs nodes (#1799 )"
This reverts commit 404caa111a
.
* Revert "Fixed kubelet standard log environment (#1780 )"
This reverts commit b838468500
.
* Revert "Add support for fedora atomic host (#1779 )"
This reverts commit f2235be1d3
.
* Revert "Update network-plugins to use portmap plugin (#1763 )"
This reverts commit 6ec45b10f1
.
* Revert "Update roadmap (#1795 )"
This reverts commit d9879d8026
.
2017-10-16 14:09:24 +01:00
Seungkyu Ahn
b838468500
Fixed kubelet standard log environment ( #1780 )
...
Change KUBE_LOGGING to KUBE_LOGTOSTDERR, when installing kubelet
as host type.
2017-10-16 08:22:54 +01:00
Jason Brooks
f2235be1d3
Add support for fedora atomic host ( #1779 )
...
* don't try to install this rpm on fedora atomic
* add docker 1.13.1 for fedora
* built-in docker unit file is sufficient, as tested on both fedora and centos atomic
2017-10-16 08:03:33 +01:00
Kevin Lefevre
6ec45b10f1
Update network-plugins to use portmap plugin ( #1763 )
...
Portmap allow to use hostPort with CNI plugins. Should fix #1675
2017-10-16 07:11:38 +01:00
Matthew Mosesohn
d9879d8026
Update roadmap ( #1795 )
2017-10-16 07:06:06 +01:00
Matthew Mosesohn
d487b2f927
Security best practice fixes ( #1783 )
...
* Disable basic and token auth by default
* Add recommended security params
* allow basic auth to fail in tests
* Enable TLS authentication for kubelet
2017-10-15 20:41:17 +01:00
Julian Poschmann
66e5e14bac
Restart kubelet on update in deployment-type host on update ( #1759 )
...
* Restart kubelet on update in deployment-type host on update
* Update install_host.yml
* Update install_host.yml
* Update install_host.yml
2017-10-15 20:22:17 +01:00
Matthew Mosesohn
7e4668859b
Change file used to check kubeadm upgrade method ( #1784 )
...
* Change file used to check kubeadm upgrade method
Test for ca.crt instead of admin.conf because admin.conf
is created during normal deployment.
* more fixes for upgrade
2017-10-15 10:33:22 +01:00
Matthew Mosesohn
92d038062e
Fix node authorization for cloudprovider installs ( #1794 )
...
In 1.8, the Node authorization mode should be listed first to
allow kubelet to access secrets. This seems to only impact
environments with cloudprovider enabled.
2017-10-14 11:28:46 +01:00