Matthew Mosesohn
a1fff30bd9
Generate TLS certs for calico typha ( #5258 )
...
* Generate TLS certs for calico typha
Change-Id: I3883f49c124c52d0fc5b900ca2b44e4e2ed0d707
* Add group vars note
Change-Id: I63550dfef616e884efdbd42010a90b2c04c5eb69
2019-10-17 07:02:38 -07:00
Sergey
81d57fe658
set calico_datastore default value in role kubespray-default ( #5259 )
2019-10-17 05:58:38 -07:00
Sergey
3118437e10
check on all cluster node - kubelet_max_pods <= (2 ** (32 - kube_network_node_prefix | int)) - 2 ( #5279 )
2019-10-17 05:48:38 -07:00
Sergey
65e461a7c0
download container always been on download_delegate host ( #5177 )
...
* download container always been on download_delegate host
* fix also check pull required
2019-10-17 05:38:38 -07:00
Michael Oglesby
c672681ce5
Revert Pull Request #5084 ( #5120 )
...
Kubespray Pull Request #5084 (https://github.com/kubernetes-sigs/kubespray/pull/5084 ) caused more problems than it solved due to limitations with the synchronize module. See comments on Kubespray Issues #5059 (https://github.com/kubernetes-sigs/kubespray/issues/5059 ) and #5116 (https://github.com/kubernetes-sigs/kubespray/issues/5116 ). Details from Ansible documentation: "Currently, synchronize is limited to elevating permissions via passwordless sudo. This is because rsync itself is connecting to the remote machine and rsync doesn’t give us a way to pass sudo credentials in. ... Currently there are only a few connection types which support synchronize (ssh, paramiko, local, and docker) because a sync strategy has been determined for those connection types. Note that the connection for these must not need a password as rsync itself is making the connection and rsync does not provide us a way to pass a password to the connection. ..." Thus, reverting Pull Request #5084 .
2019-10-17 05:26:37 -07:00
yelhouti
d332a254ee
install python3 instead of python2 for fedora >= 30 fixes 5056, fixes 4802 ( #5111 )
2019-10-17 05:04:38 -07:00
Matthew Rapa
3debb8aab5
add KUBELET_VOLUME_PLUGIN to kubelet.env ( #5128 )
2019-10-16 20:08:38 -07:00
YichenWong
aada6e7e40
Add etcd_data_dir variable to the kubeadm config ( #5263 )
2019-10-16 19:50:39 -07:00
Matthew Mosesohn
ac60786c6f
Add support for restart handlers for control plane on crio/containerd ( #5250 )
...
* Add support for restart handlers for control plane on crio/containerd
Change-Id: I8343cc4e9df7f55b732628ed01cc6e7ea5dcee85
* Update main.yml
2019-10-16 18:58:39 -07:00
Hugo Blom
db33dc6938
Add support for Kubernetes 1.16.2 ( #5272 )
...
* Add support for Kubernetes 1.16.1
* Defaults to 1.16.1
* add 1.16.2 checksums and set new version as default
* correct 1.16.2 checksums and add 1.15.5 checksums
2019-10-16 18:34:38 -07:00
Hugo Blom
9dfb25cafd
fix typo ( #5275 )
2019-10-16 18:26:38 -07:00
Maxime Guyot
df8d2285b6
Update ingress-nginx to v0.26.1 ( #5268 )
2019-10-16 18:22:39 -07:00
Matthew Mosesohn
af6456d1ea
Fix selector for calico-typha deployment ( #5253 )
...
Change-Id: I79f43379cbe1c495cb416f0572e65f695d5ec2b8
2019-10-16 07:53:42 -07:00
Maxime Guyot
6f57f7dd2f
Update nginx image to latest ( #5270 )
2019-10-16 04:37:42 -07:00
Xiaodu
bec23c8a41
Add k8s v1.15.4 hashes ( #5235 )
2019-10-16 04:33:41 -07:00
Robin Elfrink
faaff8bd72
Add RotateCertificates to kubelet config if kubelet_rotate_certificates is set. ( #5152 )
...
Signed-off-by: Robin Elfrink <robin.elfrink@eu.equinix.com>
2019-10-16 04:31:41 -07:00
andreyshestakov
8031c6c1e7
Update template for dashboard to support v2.x ( #5187 )
...
Secrets and ConfigMap should be created before dashboard pod run.
2019-10-16 04:29:41 -07:00
Erwan Miran
9d8fc8caad
Fix getting nameserver and search for /etc/resolv.conf with comments ( #5197 )
2019-10-16 04:27:40 -07:00
Qingkun Li
a51b729817
add ignore_errors to the kube-proxy deletion task ( #5236 )
...
When using cluster.yml or scale.yml to add/scale nodes in the existing
k8s cluster, the `kubeadm init` wouldn't run. As a result, kube-proxy
wouldn't be created, and therefore the kube-proxy deletion task would
fail, e.g. in the case where kube-router is used and "kube_proxy_remove"
is set to true. As a workaround, add ignore_errors to the kube-proxy
deletion task.
2019-10-16 04:23:40 -07:00
Maxime Guyot
19bc79b1a6
Update cert-manager to v0.11.0 ( #5269 )
2019-10-16 04:21:40 -07:00
Sergey
932935ecc7
fix wrong path in include install_host.yml in etcd role ( #5256 )
2019-10-13 18:16:34 -07:00
BenoitBOULANGER
e01118d36d
Fix issue in remove-node/post-remove task ( #5185 ) ( #5186 )
2019-10-10 05:17:43 -07:00
Matthew Mosesohn
dea9304968
Enable openstack_cacert to be either file or base64 string ( #5243 )
2019-10-09 02:19:49 -07:00
Matthew Mosesohn
2864e13ff9
Reset between kubeadm secondary control plane join attempts ( #5240 )
...
Change-Id: Ic9425bf90552d7e3d42b02409af9773d99376384
2019-10-08 00:15:12 -07:00
Erwan Miran
0ba336b04e
install helm client separately ( #5212 )
2019-10-04 05:14:02 -07:00
Matthew Mosesohn
89f1223f64
Fix selector workaround for helm install ( #5237 )
...
Change-Id: I826337b59814674c3feb4cd6a4904d9d53e01652
2019-10-03 23:41:56 -07:00
陈谭军
8bc0710073
clean up document ( #5214 )
2019-10-02 04:41:07 -07:00
Matthew Mosesohn
fb591bf232
Apply workaround for NetworkManager and calico ( #5230 )
...
Change-Id: I5cb2bdf1a57707c1b8da3e5ac0c80e5c353480a4
2019-10-02 04:37:07 -07:00
Matthew Mosesohn
a43e0d3f95
Switch to Kubernetes v1.16.0 ( #5189 )
...
* Switch to Kubernetes v1.16.0
Change-Id: I5d6a9528b2d443750fc5e031aff15ad3ffead158
* Fix download localhost cached file path
Change-Id: I65e79b70e3d1b37265ebc60f41b460cf4b0a0d47
* fix kubeadm etcd for v1.16
Change-Id: I6888a00fd48b530a38b0b31c4095492476af42d2
* disable tf packet jobs
Change-Id: I075c4666547fdea4c50ec04864f38e2cfaa79154
* Disable contiv packet jobs. Fix kube-router
Change-Id: I3170e8789e60711d4cee8faf65f2094480b79b8d
* bump sonobuoy version
Change-Id: Ib946905629c7c53ed88f08fb2f41c454457a0097
2019-10-02 02:21:07 -07:00
陈谭军
99dbc6d780
clean-up doc,spelling mistakes ( #5206 )
2019-09-26 04:25:08 -07:00
Richard Scott
75e4cc2fd9
Updated kubectl.sh ( #5156 )
...
The script is not usable unless you are in the '.vagrant/provisioners/ansible/inventory/artifacts' folder.
This update makes this usable from anywhere.
2019-09-26 04:23:07 -07:00
Etienne Champetier
81cb302399
MetalLB: fail if kube_proxy_strict_arp is false ( #5180 )
...
When using IPVS, kube_proxy_strict_arp = true is required
https://github.com/danderson/metallb/issues/153#issuecomment-518651132
Add kube_proxy_strict_arp to inventory/sample
2019-09-26 04:21:06 -07:00
陈谭军
3bcdf46937
fix-up some spelling mistakes ( #5202 )
2019-09-25 23:27:08 -07:00
Sergey
1cf6a99df4
generate kubeadm download image list with options useHyperKubeImage ( #5203 )
2019-09-25 18:03:06 -07:00
Erwan Miran
f18e77f1db
Blocksize for calico default pool should be configurable ( #5198 )
2019-09-25 04:44:00 -07:00
陈谭军
2fc02ed456
fix-typo ( #5199 )
2019-09-25 04:04:00 -07:00
pando85
9db61c45ed
Upgrade nodelocaldns to 1.15.5 ( #5191 )
2019-09-22 20:13:22 -07:00
Sergey
8cb54cd74d
fix broken scale procedure: ( #5193 )
...
- do not run etcd role when etcd_kubeadm_enabled == true
- remove default value 'systemd' for cgroup driver in containerd role.
this value override autodetect in kubelet_cgroup_driver_detected from docker info
2019-09-22 01:07:22 -07:00
Florent Monbillard
a3f1ce25f8
Add support for k8s v1.14.6 ( #5182 )
2019-09-18 02:53:30 -07:00
Qingkun Li
3c7f682e90
Parameterize gcr, quay, and docker image repo defines ( #5146 )
...
This allows to easily override the gcr, quay, and docker repos with the
mirror repos in countries like China, where the default accesses are
blocked or unstable.
2019-09-18 02:49:30 -07:00
Sergey
8984096f35
use hyperkubeimage to run controlplane containers ( #5178 )
2019-09-17 18:33:28 -07:00
Mario
1ce7831f6d
Update main.yml ( #5166 )
2019-09-17 05:36:24 -07:00
Matthew Mosesohn
6fe2248314
Use more native way to update kubeconfigs using kubeadm ( #5165 )
...
Change-Id: I1076b418f85a26d9896be69910052128afc51cee
2019-09-13 03:40:29 -07:00
andreyshestakov
cb4f797d32
Fix macro on local_volume_provisioner ( #5168 )
...
mydict.keys() should be converted to list,
otherwise it causes errors in loop iteration.
Remove extra space after class name, which broke configmap.
Also allow set reclaimPolicy property.
2019-09-13 00:50:33 -07:00
Matthew Mosesohn
eb40ac163f
Move cri_socket var to kubespray-defaults ( #5149 )
2019-09-10 12:30:55 -07:00
Matthew Mosesohn
27ec548b88
Add support for k8s v1.16.0-beta.2 ( #5148 )
...
Cleaned up deprecated APIs:
apps/v1beta1
apps/v1beta2
extensions/v1beta1 for ds,deploy,rs
Add workaround for deploying helm using incompatible
deployment manifest.
Change-Id: I78b36741348f47a999df3841ee63cf4e6f377830
2019-09-10 12:06:54 -07:00
Florent Monbillard
637f09f140
Fix ansible task titles ( #5154 )
...
* Fix ansible task titles for CRI connection tasks
* Fix Azure subscription ID check task title
2019-09-10 01:34:54 -07:00
Matthew Mosesohn
9b0f57a0a6
Adjust endpoints for kube-proxy,controller,scheduler to proper ip ( #5150 )
...
Change-Id: I5aa009358bee7035922b5a10327997e47c9ba434
2019-09-09 10:33:20 -07:00
Matthew Mosesohn
7f74906d33
Make haproxy/nginx client timeout configurable ( #5140 )
...
Change-Id: I61319a06eb33d9fc868e19941924f387088b856b
2019-09-05 00:32:51 -07:00
Richard Arends
4d95bb1421
Use python3-libselinux on RHEL8/Centos8 ( #5127 )
...
* Use python3-libselinux on RHEL8/Centos8
* The fact ansible_facts.distribution_major_version is not present on older Ansible version.
Default it to 0 in when not present and use libselinux-python as package to get current
default behaviour.
2019-08-28 02:33:15 -07:00
Matthew Mosesohn
184ac6a4e6
Parse calico nodes as json ( #5114 )
2019-08-27 10:16:42 -07:00
rptaylor
10e0fe86fb
remove unimplemented custom_flags vars, document the extra_args vars (issue 4352) ( #5108 )
2019-08-23 01:21:18 -07:00
Matthew Mosesohn
7e1645845f
Allow calico settings to be modified ( #5101 )
...
Previous logic used calicoctl.sh create --skip-exists, which
allowed setting initial values, but not permitting changes.
2019-08-23 00:01:19 -07:00
Neven Miculinic
f255ce3f02
Added CRI-O support for ubuntu ( #4629 )
...
* Added CRI-O support for ubuntu
* implemented feedback
* set crictl to fixed version
* Fix errors during rebasing
* Fix linting errors
2019-08-22 03:54:31 -07:00
Michael Oglesby
07ecef86e3
Replace fetch with synchronize due to memory error ( #5084 )
...
Fix for Kubespray Issue #5059 (https://github.com/kubernetes-sigs/kubespray/issues/5059 ). There is a known issue with the 'fetch' module that will sometimes lead to it failing with a memory error. See ansible/ansible#11702 (https://github.com/ansible/ansible/issues/11702 ). I encountered this issue with the "Copy kubectl binary to ansible host" task in kubespray/roles/kubernetes/client/tasks/main.yml, and it caused my entire deployment to error out (see "Output of ansible run" above). Replacing 'fetch' with 'synchronize' fixes this issue.
2019-08-22 02:40:32 -07:00
ewtang
3bc4b4c174
Use raw module for bootstrap-debian.yml ( #5061 )
...
Updated Openstack to terraform 0.12 (#5062 )
* update openstack to terraform 0.12(.5)
* replace cluter.tf with cluster.tfvars
* update README.md to terraform 0.12
* update Openstack CI tests to use terraform 0.12
* specify terraform version in openstack README
* gitlab CI to copy cluster.tfvars in case of openstack provider
* The terraform/openstack dynamic inventory can read
tfstate v4 (generated by terraform 0.12) and convert them internally
ro v3 (as generated by terraform 0.11.x).
Additionally the script has been updated to Python 3.
2019-08-22 01:46:31 -07:00
Victor Morales
da089b5fca
Update CRI-O in CentOS ( #4582 )
...
According to their compatibility matrix[1] the 1.11.5 version seems to
be deprecated. This change updates the CentOS repository reference.
[1] https://github.com/cri-o/cri-o#compatibility-matrix-cri-o---kubernetes-clusters
2019-08-22 01:16:32 -07:00
Sergey
494a6512b8
fix bug: run Copy image to ansible host cache on download_delegate host ( #5094 )
...
* run 'task download_container | Copy image to ansible host cache' with synchronize on download_delegate host
* try to run task copy file to ansible host on all inventory, not only on first random host
2019-08-21 23:38:30 -07:00
Tony Fouchard
f6a63d88a7
Allow to configure strict ARP on kube-proxy ( #5092 )
2019-08-20 18:21:17 -07:00
Andreas Krüger
86cc703c75
Upgrade to Kubernetes 1.15.3 ( #5091 )
2019-08-20 02:05:32 -07:00
Hugo Blom
4dba34bd02
add cinder max attached volumes ( #5089 )
2019-08-19 23:45:32 -07:00
Xiaodu
b0437516c1
Kube-router annotate.yml: Use group 'k8s-cluster' instead of 'all' ( #5087 ) ( #5088 )
2019-08-19 04:53:29 -07:00
Ali Sanhaji
a1ff1de975
fix openstack_cacert conditional ( #5078 )
2019-08-15 05:50:34 -07:00
Zou Nengren
1bfbc5bbc4
remove resource-container default value for kube-proxy ( #4994 )
2019-08-15 05:30:33 -07:00
Bort Verwilst
c5b4d3ceaa
upgrade Helm to 2.14.3 ( #5075 )
...
Signed-off-by: Bart Verwilst <bart@verwilst.be>
2019-08-15 04:34:33 -07:00
w33dw0r7d
8fc9c5d025
Upgrade ingress nginx to 0.25.1 ( #5081 )
2019-08-15 04:14:34 -07:00
刘旭
53bc80bb59
Ingress nginx ( #5066 )
...
* remove svc-default-backend
* update ingress-nginx clusterrole
2019-08-15 02:34:33 -07:00
Matthew Mosesohn
771ce96e6d
Set initial kubeadm token if specified in kubeadm init ( #5057 )
...
Change-Id: I7fd94ec6d195af60d237b3cfe91668ca1f707d26
2019-08-15 02:26:33 -07:00
Oilbeater
fc456ff0cd
move kube-ovn images to dockerhub ( #5063 )
2019-08-14 04:02:24 -07:00
Sergey Kolekonov
b4f70db878
Fix broken containerd pinning on Ubuntu ( #5072 )
2019-08-13 19:26:23 -07:00
Matthew Mosesohn
0a2f4edfc6
Always download coredns images with kubeadm ( #5071 )
...
Fixes situation when using manual mode because it
tries to download coredns v1.3.1 from the same
image repository where kubernetes images are
downloaded from.
Change-Id: Ibbec8a72c8162ce8befa74e2013a268737ea5f8a
2019-08-13 08:53:43 -07:00
Danilo Riecken P. de Morais
56fa46716e
Add missing coredns tag. ( #5054 )
2019-08-09 02:29:27 -07:00
Simon Lelievre
62aecd1e4a
multus | fix use last version ( #5041 )
2019-08-08 23:05:25 -07:00
Mario
973afef96e
Fix variable for rbd_provisioner_user_secret ( #5042 )
...
* Update main.yml
* fix dead link 404
2019-08-08 20:03:25 -07:00
Bort Verwilst
a235605d2c
go to k8s 1.15.2, update nodelocaldns to latest bugfix release ( #5048 )
2019-08-08 19:49:25 -07:00
Matthew Mosesohn
023108a733
Refactor calico route reflector to run in k8s cluster ( #4975 )
...
* Refactor calico-rr to run in k8s cluster with taint
Change-Id: I75a3169ff5b36ce8302fc7ef1c32d3eb697b5afa
* add preinstall checks
* rework calico/rr role
Change-Id: I2f0a7e6cb77cf91ad4a615923680760d2e5d9ca8
* add empty calico-rr group
Change-Id: I006c0a60db9b72d02245bf8fdfabcf982144a5ad
2019-08-08 07:37:22 -07:00
Matthew Mosesohn
75d1be8272
Fix check for removing etcd member ( #5051 )
...
Change-Id: Ib27d051ff111f813097a9b33a86465a2a30a6db0
2019-08-07 08:26:51 -07:00
Matthew Mosesohn
a44235d11b
Refactor remove node to allow removing dead nodes and etcd members ( #5009 )
...
Change-Id: I1c59249f08f16d0f6fd60df6ab61f17a0a7df189
2019-08-07 04:46:50 -07:00
Matthew Mosesohn
7abf6a6958
Allow etcd member join by checking cluster health only on first etcd ( #5032 )
...
Change-Id: I9cc01cef3a437893225e2d9f58495826bbce7be9
2019-08-07 04:44:50 -07:00
Maxim Snezhkov
b710c72f04
Add ability to setup virtual ip for ingress-controller ( #5044 )
2019-08-06 19:24:50 -07:00
Holger Frydrych
bc6de32faf
Upgrade Cilium network plugin to v1.5.5. ( #5014 )
...
* Needs an additional cilium-operator deployment.
* Added option to enable hostPort mappings.
2019-08-06 01:37:55 -07:00
Matthew Mosesohn
7cf8ad4dc7
Optionally refresh kubeadm token every time ( #5043 )
...
Change-Id: I278cb14aa93abf20160cc001f69e2f472504e6d8
2019-08-06 00:59:53 -07:00
Remous-Aris Koutsiamanis
02ec72fa40
Fix commands for using experimental kubeadm control plane ( #5006 )
2019-08-05 07:31:50 -07:00
Johannes Scheuermann
d22634a597
Refactor containerd ubuntu setup and remove redundant tasks ( #5015 )
2019-08-05 07:29:48 -07:00
Mark Janssen
f3df0d5f4a
Always create bash_completion.d folder ( #5039 )
2019-08-04 18:15:48 -07:00
w33dw0r7d
92bfcf0467
Add CoreDNS endpoint_pod_names option ( #5012 )
2019-07-31 11:26:15 -07:00
koriukiv
54b1fe83f3
Add an option to reserve resources for OS system daemons ( #5007 )
2019-07-31 11:24:15 -07:00
Oilbeater
1be788f785
add Kube-OVN cni to kubespray ( #5020 )
2019-07-30 20:10:20 -07:00
rptaylor
8afbf339f7
fix broken link ( #5023 )
2019-07-30 19:18:22 -07:00
Andreas Krüger
8c935dfb50
Update CoreDNS to 1.6.0 ( #5021 )
2019-07-30 18:58:21 -07:00
Johannes Scheuermann
66c5ed8406
Update critools to v1.15.0 ( #5016 )
2019-07-30 12:04:09 -07:00
Erwan Miran
4087e97505
Additional files and dirs to remove when running reset ( #5000 )
2019-07-30 12:02:08 -07:00
Jeff Bornemann
da50ed0936
move flexvolume plugin directory creation to preinstall ( #4999 )
...
* move flexvolume plugin directory creation to preinstall
* changes per pr feedback
2019-07-30 12:00:10 -07:00
okamototk
fbbfff3795
fix broken ubuntu containerd engine ( #5002 )
2019-07-30 11:58:11 -07:00
Aleksey Kasatkin
fb9103acd3
Update calico-typha deployment to address v3.7.x changes ( #5003 )
...
* Update calico-typha deployment to address v3.7.x changes
So that calico-typha works for Calico v3.7.x.
* Apply changes for v3.7.x only.
2019-07-24 09:12:16 -07:00
nico-netminded
49d921cf91
Restart canal after scale or upgrade. Just like PR#4531, but for canal ( #4992 )
2019-07-22 00:50:53 -07:00
刘旭
fe29c97ae8
add ansible_hostname and ansible_fqdn to apiserver_sans ( #4990 )
2019-07-22 00:48:53 -07:00
Hugo Blom
2abb6c8689
update to kubernetes 1.15.1 ( #4989 )
...
* update to kubernetes 1.15.1
* Revert to sonobuoy 0.15.0
* update test timeout from 3 to 5 minutes
2019-07-21 12:24:51 -07:00
Andreas Krüger
a3ca441998
Remove unused handlers from Flannel CNI ( #4984 )
...
* Only reload docker when is_atomic for Flannel
* Remove unused handlers from Flannel CNI
2019-07-21 00:16:54 -07:00
rptaylor
9cf503acb1
configure docker_options directly with template ( #4912 )
2019-07-21 00:12:53 -07:00