Antoine Legrand
4882531c29
Merge pull request #3115 from oracle/oracle_oci_controller
...
Cloud provider support for OCI (Oracle Cloud Infrastructure)
2018-08-23 18:22:45 +02:00
Antoine Legrand
f59b80b80b
Merge pull request #3147 from ishitatsuyuki/etcd-cleanup
...
gen_certs_script: refactor using stdin (Ansible 2.4+)
2018-08-23 18:19:28 +02:00
rongzhang
7b61a0eff0
Fix kubeadm LB configure
...
1. join node add LB discoveryTokenAPIServers
2. kubeadm_config_api_fqdn support ipddress and domain_name
2018-08-23 22:22:34 +08:00
Aivars Sterns
23fd3461bc
calico upgrade to v3 ( #3086 )
...
* calico upgrade to v3
* update calico_rr version
* add missing file
* change contents of main.yml as it was left old version
* enable network policy by default
* remove unneeded task
* Fix kubelet calico settings
* fix when statement
* switch back to node-kubeconfig.yaml
2018-08-23 17:17:18 +03:00
msimonin
e22e15afda
Fix createhome directory for adduser role
...
A typo in the adduser role prevents the createhome
variable to be taken into account.
Fix #3164
2018-08-23 08:55:11 +02:00
Rong Zhang
f453567cce
Merge pull request #3144 from riverzhang/fix-audit-log
...
Fix install audit failed
2018-08-23 14:41:37 +08:00
Tatsuyuki Ishi
69786b2d16
gen_certs_script: refactor using stdin (Ansible 2.4+)
2018-08-23 11:19:17 +09:00
rongzhang
5a4352657d
Fix install audit failed
...
1.fix audit log not write
2.fix Parameter not recognized
3.delete kubedm futuregates auditing and use apiServerExtraArgs
2018-08-23 01:47:15 +08:00
Samuele Chiocca
f13bc796d9
added nodePortAddresses on kubeadm conf v1alpha2 (not present on v1alpha1)
2018-08-22 18:43:03 +02:00
Erwan Miran
a6a14e7f77
create the service account and roles even if the rbac is not enabled. it will just be ignored
2018-08-22 18:17:11 +02:00
Erwan Miran
80cfeea957
psp, roles and rbs for PodSecurityPolicy when podsecuritypolicy_enabled is true
2018-08-22 18:16:13 +02:00
ant31
2c90208486
Fix docker apt-repo for Ubuntu18
2018-08-22 15:53:14 +00:00
Antoine Legrand
4eea7f7eb9
Merge pull request #3152 from johnzheng1975/cilium_1.2.0
...
new cilium stable version: 1.2.0
2018-08-22 17:11:42 +02:00
Samuele Chiocca
5d9908c2c3
--nodeport-addresses added on kube-proxy.manifest.j2
...
Changed author
2018-08-22 15:32:07 +02:00
Erwan Miran
a7b0c454db
Localhost in hosts files should be updated (if necessary), not overriden
2018-08-22 12:10:49 +02:00
Wong Hoi Sing Edison
c3b3572025
Always create service account even rbac_enabled = false
2018-08-22 11:41:29 +08:00
Wong Hoi Sing Edison
f897596844
Remove *_image_tag suffix from ReplicaSet/Deployment
2018-08-22 11:02:56 +08:00
john
6df71956c4
new cilium stable version: 1.2.0
2018-08-22 10:52:24 +08:00
Jeff Bornemann
94df70be98
Cloud provider support for OCI (Oracle Cloud Infrastructure)
...
Signed-off-by: Jeff Bornemann <jeff.bornemann@oracle.com>
2018-08-21 17:36:42 -04:00
Mark Eisenblaetter
0c0a2138d9
allow '.' in hostnames
...
we use FQDN as inventory_hostname
2018-08-21 08:24:33 +02:00
Andreas Krüger
497db69c9f
Merge pull request #3130 from riverzhang/add-control-plane
...
Add kubeadm controlplaneEndpoint
2018-08-20 10:43:50 +02:00
Andreas Krüger
c7de737551
Merge pull request #3133 from mirwan/auditlog_to_stdout_w_kubeadm
...
Audit log to stdout with kubeadm
2018-08-20 10:43:22 +02:00
Andreas Krüger
69749a5b7b
Merge pull request #3132 from mirwan/custom_audit_policy
...
Custom audit policy
2018-08-20 10:42:38 +02:00
Andreas Krüger
b3e32c1393
Merge pull request #3094 from hedayat/master
...
Add --dns-loop-detect to dnsmasq used in kube-dns
2018-08-20 09:27:15 +02:00
Erwan Miran
fc38b6d0ca
Ability to define custom audit polcy rules
2018-08-20 07:04:56 +02:00
Erwan Miran
c34900e569
Define apiserver flags directly instead of relying on auditPolicy section in order to have the ability to redirect audit log to stdout with kubeadm
2018-08-20 07:00:53 +02:00
Rong Zhang
855f2a55cb
Merge pull request #3135 from ishitatsuyuki/patch-1
...
Add bad hostname preflight check
2018-08-20 12:08:02 +08:00
Wong Hoi Sing Edison
71fdc257bc
cephfs-provisioner: Upgrade to v2.0.1-k8s1.11
2018-08-20 11:55:04 +08:00
Rong Zhang
fd16f77e20
Merge pull request #3017 from seungkyua/fix_kubeadm_client_conf
...
Fix kubeadm client conf
2018-08-20 10:51:02 +08:00
Tatsuyuki Ishi
3eef8dc8d0
Add bad hostname preflight check
...
Hostname must be a valid DNS name, which is checked as https://github.com/kubernetes/apimachinery/blob/master/pkg/util/validation/validation.go#L115
The situation I have encountered is that my hostname contained underscore which is disallowed and apiserver refused to start.
2018-08-20 09:09:00 +09:00
rongzhang
59176ebbb9
Add kubeadm controlplaneEndpoint
...
Nginx LB(default)
Other LB by kubeadm controlplane
2018-08-20 00:57:13 +08:00
rongzhang
b421d0ed5b
Fix install nss
2018-08-20 00:07:31 +08:00
rongzhang
35efc387c4
Fix pull dns image error
2018-08-19 22:47:17 +08:00
Rong Zhang
fb309ca446
Merge pull request #3128 from riverzhang/delete-kubeadm
...
Remove unused configuration
2018-08-19 10:01:33 +08:00
Antoine Legrand
1d4f88eea8
Fix typo in image url
2018-08-19 01:30:54 +02:00
rongzhang
095ccef8bd
Remove unused configuration
2018-08-19 01:23:20 +08:00
Rong Zhang
0df969ad19
Merge pull request #3117 from mirwan/audit_usecases
...
Audit support improvement
2018-08-19 01:13:22 +08:00
Antoine Legrand
3e5b6a5481
Merge pull request #3105 from mirwan/remove_cilium_device_at_reset_plus_move_network_to_network_plugin_roles
...
Move network_plugin specific reset tasks to its role directory
2018-08-17 22:27:16 +02:00
Antoine Legrand
c36744e96d
Merge pull request #3120 from alvistack/cephfs-provisioner-v2.0.0-k8s1.11
...
cephfs-provisioner: Upgrade to v2.0.0-k8s1.11
2018-08-17 22:11:15 +02:00
Antoine Legrand
e51c5dc0a6
Merge pull request #3123 from mathieuherbert/until-restart-etcd
...
add until option for etcd backup commands
2018-08-17 22:09:08 +02:00
Antoine Legrand
d297b82e82
Merge pull request #3126 from LuckySB/etcd_restart_on_update
...
add etcd version to etcd environment file to trigger a reload
2018-08-17 22:05:34 +02:00
Erwan Miran
98b818bbaf
comply with ansible syntax consistency guideline
2018-08-17 16:37:33 +02:00
Antoine Legrand
26bf719a02
Merge branch 'master' into multi-arch-support
2018-08-17 16:35:50 +02:00
Antoine Legrand
7e37aa4aca
Merge pull request #2103 from xd007/docker_aarch64_pkg
...
Update docker package info for aarch64
2018-08-17 16:26:56 +02:00
Sergey Bondarev
ce6854e726
add version to environment file
...
Trigger reboot handler when version upgrade during update script
2018-08-17 17:25:35 +03:00
Antoine Legrand
ac49bbb336
Merge pull request #2168 from xd007/docker_arm64
...
fix docker opts incompatible running on aarch64 Redhat/Centos
2018-08-17 16:24:07 +02:00
Antoine Legrand
6c7eabb53b
Merge pull request #2001 from b0r1sp/patch-3
...
Quote false and yes, otherwise they'll be transformed to 'False', 'Yes'
2018-08-17 15:52:15 +02:00
Antoine Legrand
7a0f0126f7
Merge pull request #1295 from xuhuilong/master
...
fix curl get calico status error ( error in tls version, centos 7.3 1611)
2018-08-17 14:29:01 +02:00
Mathieu Herbert
59d89a37cc
add until option for etcd backup commands
2018-08-17 11:05:57 +02:00
Wong Hoi Sing Edison
1a07c87af7
cephfs-provisioner: Upgrade to v2.0.0-k8s1.11
...
Upstream Changes:
- cephfs-provisioner v2.0.0-k8s1.11 (https://github.com/kubernetes-incubator/external-storage/releases/tag/cephfs-provisioner-v2.0.0-k8s1.11 )
- Update ClusterRole
Our Changes:
- Fix typo in defaults/main.yml (rs -> deploy)
- Manifests cleanup
2018-08-17 12:41:56 +08:00
Seungkyu Ahn
29894293eb
Fix kubeadm client conf
...
Fix DiscoveryTokenCACertHashes key to discoveryTokenCACertHashes in kubeadm-client.conf
2018-08-17 04:40:08 +00:00
Erwan Miran
7f16b46ed5
Reset tasks specific to a network_plugin moved inside its role directory + Reset tasks specific to cilium
2018-08-16 17:34:33 +02:00
Antoine Legrand
58ee5f1cc9
Merge pull request #3089 from mattymo/cloudconfig
...
Remove erroneous cloud-config task
2018-08-16 16:17:01 +02:00
Antoine Legrand
253dc4f606
Merge pull request #3114 from woopstar/coredns-1.2.0
...
Update CoreDNS to 1.2.0
2018-08-16 16:14:13 +02:00
Erwan Miran
54548d3b95
kubeadm mounts the hostpaths itself
2018-08-16 13:17:30 +02:00
Erwan Miran
58d4d65fab
minor variable fix and reuse + handle auditlog redirected to stdout
2018-08-16 12:51:09 +02:00
Rong Zhang
364ab2a6b7
Merge pull request #3113 from riverzhang/support-audit
...
Support audit
2018-08-16 15:33:43 +08:00
rongzhang
2ffc1afe40
Support audit
2018-08-16 14:38:07 +08:00
Wong Hoi Sing Edison
18612b3501
cert-manager: Upgrade to 0.4.1
...
Upstream Changes:
- cert-manager 0.4.1 (https://github.com/jetstack/cert-manager/releases/tag/v0.4.1 )
Our Changes:
- Better templates sync with upstream manifests
- Remove fancy resources requests/limits customization
2018-08-16 08:47:01 +08:00
Andreas Kruger
9da5d67728
Update CoreDNS to 1.2.0
2018-08-15 13:39:05 +02:00
Wong Hoi Sing Edison
bd413e36a3
ingress-nginx: Upgrade to 0.18.0
...
Upstream Changes:
- ingress-nginx 0.18.0 (https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.18.0 )
2018-08-15 11:40:42 +08:00
Chad Swenson
2c5781ace1
Merge pull request #2932 from wiremind/efk-fluentd-no-nodeselector
...
fluentd daemonset: do not set old nodeSelector.
2018-08-14 13:48:30 -05:00
JohnZheng
b50b3430be
Disable locksmithd on CoreOS if coreos_auto_upgrade set to false ( #3088 )
...
* Disable locksmithd on CoreOS if coreos_auto_upgrade set to false
* change when format to support multiple-condition
2018-08-14 13:42:16 -05:00
Chad Swenson
0e3518f2ca
Merge pull request #2871 from fritchie/lptolerate
...
Local volume provisioner: tolerate NoSchedule
2018-08-14 13:39:57 -05:00
Chad Swenson
3a85a2f81c
Merge pull request #3080 from mirwan/netchecker_template_rendering_filename
...
Netchecker manifests should not have j2 extension
2018-08-14 13:24:16 -05:00
Chad Swenson
5dbfa0384e
Merge pull request #3101 from chenhonggc/uninstall_old_versions_of_docker
...
Uninstall old versions of Docker
2018-08-14 11:32:23 -05:00
rongzhang
48b6128814
Upgrade coredns to 1.1.3
2018-08-15 00:05:55 +08:00
Maxime Brunet
70b28288a3
Use delegate_to: localhost instead of local_action
...
Allow to use `ansible_become: true` (#2969 )
And set it to `false` for `localhost` with an `host_var`
2018-08-14 10:08:43 -04:00
Rong Zhang
a11e1eba9e
Upgrade kubernetes to V1.11.x ( #3078 )
...
Upgrade Kubernetes to V1.11.2
The kubeadm configuration file version has been upgraded from v1alpha1 to v1alpha2
Add bootstrap kubeadm-config.yaml with external etcd
2018-08-14 15:13:44 +03:00
Chen Hong
2dfa928c90
Uninstall old versions of Docker
2018-08-14 17:48:30 +08:00
Erwan Miran
d3c0fe1fcb
Templates (even without actual templating inside) should have j2 extension but should not be rendered with j2 extension
2018-08-13 09:51:26 +02:00
Hedayat Vatankhah
c0221c2e72
Add --dns-loop-detect to dnsmasq used in kube-dns
...
It prevents DNS loops when host's DNS server is a localhost DNS server,
or when DNS server of cluster is also added as an upstream DNS server
2018-08-12 20:36:33 +04:30
mauromedda
9cef20187c
Add the path to kubectl binary
...
The post-remove action fails during the kubectl delete node action because with rc: 2, command not found. The kubectl is not in the system PATH and the full path to the binary is required
2018-08-12 10:50:50 +02:00
Anton Fayzrahmanov
95f1e4634a
local-volume-provisioner: use mountPropagation HostToContainer and version bump ( #3081 )
...
* Update local-volume-provisioner-ds.yml.j2
After v1.10.2 default mountPropagation is "None"
* local_volume_provisioner version bump
v2.1.0 uses the beta nodeAffinity API by default which is available starting 1.10
* Update local-volume-provisioner-ds.yml.j2
MY_NAMESPACE env
* Update README.md
Raw block devices docs.
2018-08-10 17:14:34 +03:00
Matthew Mosesohn
581a30fdec
Remove erroneous cloud-config task
2018-08-10 15:59:18 +03:00
Andreas Krüger
d8e77600e2
Merge pull request #3066 from luisyonaldo/fix-conditional
...
fix bad conditional
2018-08-10 10:38:52 +02:00
Cédric de Saint Martin
e3dcd96301
kubedns & kubedns-autoscaler: Stick to master nodes. ( #2909 )
...
* kubedns & kubedns-autoscaler: Stick to master nodes.
- Tolerate only master nodes and not any NoSchedule taint
- Pods are on different nodes
- Pods are required to be on a master node.
* kubedns: use soft nodeAffinity.
Prefer to be on a master node, don't require.
* coredns: Stick to (different) master nodes.
- Pods are on different nodes
- Pods are preferred to be on a master node.
2018-08-09 10:42:53 -05:00
Chad Swenson
001cae5894
Merge pull request #3028 from Kami-no/cilium
...
cilium v1.1.2
2018-08-09 10:35:29 -05:00
Erwan Miran
494ff9522b
j2 extension should only be used for template filename, not target file on remote host
2018-08-09 11:29:45 +02:00
Luis Nuñez
fd380615a0
fix bad conditional
2018-08-09 10:20:45 +02:00
Rong Zhang
039180b2ca
Merge pull request #3022 from alvistack/weave-2.4.0
...
weave: Upgrade to 2.4.0
2018-08-09 15:01:05 +08:00
Zinin D.A
22b89edbbc
cilium v1.1.2
...
Update all configs to current upstream state.
Add more resources (unable to pass tests now)...
2018-08-08 22:42:50 +03:00
Rong Zhang
94ae945bea
Merge pull request #2904 from mirwan/var_lib_kubelet_should_not_be_unmounted_when_having_its_own_partition
...
Only subdirectories in /var/lib/kubelet should be unmounted at reset time
2018-08-08 15:00:54 +08:00
Rong Zhang
5c039d87aa
Merge pull request #3054 from reverson/1.10-admission
...
Add support for admission controllers in 1.10 and above
2018-08-08 14:32:11 +08:00
Rong Zhang
08dfb7b59f
Merge pull request #3073 from riverzhang/delete-istio
...
Remove istio support
2018-08-08 13:00:57 +08:00
rongzhang
ea6af449a8
Remove istio support
...
Use helm install or support in future
2018-08-08 11:10:09 +08:00
Mathieu Herbert
d285565475
Add tags for coredns and kubedns
2018-08-07 20:55:38 +02:00
Robert Everson
4eadf3228e
Only add admission plugins if defined
2018-08-07 11:25:03 -07:00
Robert Everson
99c5aa5a02
Use k8s default plugin list
2018-08-07 11:25:03 -07:00
Robert Everson
6ed65d762b
Separate out plugins into 2 variables
2018-08-07 11:25:03 -07:00
Robert Everson
ac18f6cf8b
Add support for admission controllers in 1.10 and above
2018-08-07 11:25:03 -07:00
Rong Zhang
e71f261935
Merge pull request #3068 from riverzhang/swap
...
Enable swap
2018-08-07 21:29:41 +08:00
rongzhang
b902602d16
Enable swap
2018-08-07 21:13:12 +08:00
Wong Hoi Sing Edison
538cb3b1bd
weave: Upgrade to 2.4.0
...
Upstream Changes:
- weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0 )
- Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924 )
- Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305 )
- Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317 )
Our Changes:
- Revamp weave-net.yml.j2 with upstream changes
- Add more variables for customization
- Replace WEAVE_PASSWORD with k8s secret
- Remove hard-corded seed mode support, in favor of variables customization
2018-08-07 18:34:51 +08:00
Wong Hoi Sing Edison
17e335c6a7
ingress-nginx: Upgrade to 0.17.1
...
Upstream Changes:
- ingress-nginx 0.17.1 (https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.17.1 )
- Remove duplicated `securityContext` (https://github.com/kubernetes/ingress-nginx/pull/2705 )
- Remove --publish-service flag, in favor of DaemonSet + hostPort
Close #2998
Close #2999
2018-08-07 18:31:08 +08:00
Rong Zhang
280d6cac1a
Merge pull request #2997 from alvistack/cert-manager-0.4.0
...
cert-manager: Upgrade to 0.4.0
2018-08-07 18:00:46 +08:00
Rong Zhang
c288ffc55d
Merge pull request #2342 from southquist/add-ca-cert
...
allow for setting the cacert on openstack cloud provider
2018-08-07 17:46:01 +08:00
Rong Zhang
9075dbdd3c
Merge pull request #2875 from bradbeam/movault
...
Adding cluster_name to api cert alt name for vault
2018-08-07 17:36:04 +08:00
Rong Zhang
7850bce254
Merge pull request #2994 from DBLaci/master
...
dashboard_token_ttl option override possibility with default
2018-08-07 17:16:25 +08:00
Rong Zhang
3d19e03294
Merge pull request #3015 from podnov/kube_proxy_healthz_bind_address
...
Variablize kube_proxy_healthz_bind_address
2018-08-07 17:10:33 +08:00