C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
2148 commits 17 branches 66 tags 141 MiB
Commit graph

579 commits

Author SHA1 Message Date
Kevin Lefevre 65a9772adf Add OpenStack LBaaS support (#1506) 2017-08-20 13:59:15 +03:00
Miad Abrin 3c710219a1 Fix Some Typos in kubernetes master role (#1547) 
* Fix Typo etc3 -> etcd3

* Fix typo in post-upgrade of master. stop -> start
 2017-08-20 13:54:28 +03:00
Maxim Krasilnikov 2ba285a544 Fixed deploy cluster with vault cert manager (#1548) 
* Added custom ips to etcd vault distributed certificates

* Added custom ips to kube-master vault distributed certificates

* Added comment about issue_cert_copy_ca var in vault/issue_cert role file

* Generate kube-proxy, controller-manager and scheduler certificates by vault

* Revert "Disable vault from CI (#1546)"

This reverts commit 781f31d2b8.

* Fixed upgrade cluster with vault cert manager

* Remove vault dir in reset playbook
 2017-08-20 13:53:58 +03:00
Antoine Legrand 72ae7638bc Merge pull request #1446 from matlockx/master 
add possibility to ignore the hostname override
 2017-08-18 17:03:40 +02:00
Matthew Mosesohn df28db0066 Fix cert and netchecker upgrade issues (#1543) 
* Bump tag for upgrade CI, fix netchecker upgrade

netchecker-server was changed from pod to deployment, so
we need an upgrade hook for it.

CI now uses v2.1.1 as a basis for upgrade.

* Fix upgrades for certs from non-rbac to rbac
 2017-08-18 15:46:22 +03:00
Brad Beam 383d582b47 Merge pull request #1382 from jwfang/rbac 
basic rbac support
 2017-08-07 08:01:51 -05:00
Spencer Smith 43eda8d878 Merge pull request #1471 from whereismyjetpack/fix_1447 
add newline after expanding user information
 2017-07-31 09:03:04 -04:00
nico cc9f3ea938 Fix enforce-node-allocatable option 
Closes #1228
pods is default enforcement

see https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/
add

update
 2017-07-31 10:06:53 +02:00
Anton e0960f6288 FIX: Unneded (extra) cycles in some tasks (#1393) 2017-07-27 20:46:21 +03:00
Dann Bohn c4894d6092 add newline after expanding user information 2017-07-25 12:59:10 -04:00
Spencer Smith ee36763f9d Merge pull request #1464 from johnko/patch-4 
set loadbalancer_apiserver_localhost default true
 2017-07-25 10:00:56 -04:00
Spencer Smith 4a34514b21 Merge pull request #1447 from whereismyjetpack/template_known_users 
Template out known_users.csv, optionally add groups
 2017-07-25 08:55:08 -04:00
John Ko 018b5039e7 set loadbalancer_apiserver_localhost default true 
to match this https://github.com/kubernetes-incubator/kubespray/blob/master/roles/kubernetes/node/tasks/main.yml#L20
and the documented behaviour in HA docs 
related to #1456
@rsmitty
 2017-07-20 10:27:05 -04:00
jwfang 092bf07cbf basic rbac support 2017-07-17 19:29:59 +08:00
Dann Bohn d1f58fed4c Template out known_users.csv, optionally add groups 2017-07-14 09:27:20 -04:00
Martin Joehren 12e918bd31 add possibility to ignore the hostname override 2017-07-13 14:04:39 +00:00
Brad Beam e0bf8b2aab Adding recursive=true for rkt kubelet dir 
Fixes #1434
 2017-07-12 09:28:54 -05:00
Spencer Smith c75b21a510 Merge pull request #1408 from amitkumarj441/patch-1 
Remove deprecated 'enable-cri' flag in kubernetes 1.7
 2017-07-11 08:56:14 -04:00
Spencer Smith 4b0af73dd2 Merge pull request #1332 from gstorme/kube_apiserver_insecure_port 
Use the kube_apiserver_insecure_port variable instead of static 8080
 2017-07-06 09:06:50 -04:00
Amit Kumar Jaiswal 319a0d65af Update kubelet.j2 
Updated with closing endif.
 2017-07-03 16:23:35 +05:30
Amit Kumar Jaiswal 3d2680a102 Update kubelet.j2 
Updated!
 2017-07-03 15:58:50 +05:30
Amit Kumar Jaiswal c36fb5919a Update kubelet.j2 
Updated!!
 2017-07-03 15:55:04 +05:30
Amit Kumar Jaiswal 46d3f4369e Updated K8s version 
Signed-off-by: Amit Kumar Jaiswal <amitkumarj441@gmail.com>
 2017-07-03 04:06:42 +05:30
Martin Joehren c2b3920b50 added flag for not populating inventory entries to etc hosts file 2017-06-30 16:41:03 +00:00
Brad Beam 5e1ac9ce87 Merge pull request #1354 from chadswen/kubedns-var-fix 
kubedns consistency fixes
 2017-06-27 22:26:46 -05:00
Chad Swenson 8467bce2a6 Fix inconsistent kubedns version and parameterize kubedns autoscaler image vars 2017-06-27 10:19:31 -05:00
Spencer Smith 8203383c03 rename almost all mentions of kargo 2017-06-16 13:25:46 -04:00
Brad Beam b73786c6d5 Merge pull request #1335 from bradbeam/imagerepo 
Set default value for kube_hyperkube_image_repo
 2017-06-12 09:46:17 -05:00
Gregory Storme 266ca9318d Use the kube_apiserver_insecure_port variable instead of static 8080 2017-06-12 09:20:59 +02:00
Brad Beam db3e8edacd Fixing up vault variables 2017-06-08 16:15:33 -05:00
Brad Beam 6e41634295 Set default value for kube_hyperkube_image_repo 
Fixes #1334
 2017-06-08 12:22:16 -05:00
Brad Beam 696fd690ae Merge pull request #1092 from bradbeam/rkt_docker 
Adding flag for docker container in kubelet w/ rkt
 2017-06-06 12:58:40 -05:00
Spencer Smith 01c0ab4f06 check if cloud_provider is defined 2017-05-31 08:24:24 -04:00
Spencer Smith 7e2aafcc76 add direct path for cert in AWS with RHEL family 2017-05-26 17:32:50 -04:00
Matthew Mosesohn 9e64267867 Merge pull request #1293 from mattymo/kubelet_host_mode 
Add host-based kubelet deployment
 2017-05-19 18:07:39 +03:00
Matthew Mosesohn cc6e3d14ce Add host-based kubelet deployment 
Kubelet gets copied from hyperkube container and run locally.
 2017-05-19 16:54:07 +03:00
Brad Beam b999ee60aa Fixing typo in kubelet cluster-dns and cluster-domain flags 2017-05-16 15:43:29 -05:00
Spencer Smith c572760a66 Merge pull request #1254 from iJanki/cert_group 
Adding /O=system:masters to admin certificate
 2017-05-05 10:58:42 -04:00
Spencer Smith 0afbc19ffb ensure the /etc/os-release is mounted read only 2017-05-01 14:51:40 -04:00
Spencer Smith ac9290f985 add for rkt as well 2017-04-28 17:45:10 -04:00
Spencer Smith 5657738f7e mount os-release to ensure the node's OS is what's seen in k8s api 2017-04-28 13:40:54 -04:00
Sergii Golovatiuk 674b71b535 Ansible 2.3 support 
- Fix when clauses in various places
- Update requirements.txt
- Fix README.md

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
 2017-04-26 15:22:10 +02:00
Spencer Smith 88b5065e7d fix stray 'in' and break into multiple lines for clarity 2017-04-20 09:53:01 -04:00
Spencer Smith b690008192 allow for correct aws default resolver 2017-04-20 09:32:03 -04:00
Matthew Mosesohn 2d6bc9536c Merge pull request #1246 from holser/disable_dns_for_kube_services 
Change DNS policy for kubernetes components
 2017-04-20 16:12:52 +03:00
Sergii Golovatiuk 01dc6b2f0e Add aws to default_resolver 
When VPC is used, external DNS might not be available. This patch change
behavior to use metadata service instead of external DNS when
upstream_dns_servers is not specified.

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
 2017-04-20 11:47:19 +02:00
Sergii Golovatiuk d8aa2d0a9e Change DNS policy for kubernetes components 
According to code apiserver, scheduler, controller-manager, proxy don't
use resolution of objects they created. It's not harmful to change
policy to have external resolver.

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
 2017-04-20 11:22:57 +02:00
Matthew Mosesohn 19bb97d24d Merge pull request #1238 from Starefossen/fix/namespace-template-file 
Move namespace file to template directory
 2017-04-20 12:19:55 +03:00
Matthew Mosesohn 9f4f168804 Merge pull request #1241 from bradbeam/rktcnidir 
Explicitly create cni bin dir
 2017-04-20 12:19:26 +03:00
Sergii Golovatiuk e796cdbb27 Fix restart kube-controller (#1242) 
kubernetesUnitPrefix was changed to k8s_* in 1.5. This patch reflects
this change in kargo
 2017-04-20 11:26:01 +03:00
Brad Beam b60a897265 Explicitly create cni bin dir 
If this path doesnt exist, it will cause kubelet to fail to start when
using rkt
 2017-04-19 16:00:44 +00:00
Hans Kristian Flaatten d68cfeed6e
Move namespace file to template directory 2017-04-19 13:37:02 +02:00
Spencer Smith c3c9e955e5 Merge pull request #1232 from rsmitty/custom-flags 
add ability for custom flags
 2017-04-17 14:01:32 -04:00
Spencer Smith 72d5db92a8 remove stray spaces in templating 2017-04-17 12:24:24 -04:00
Spencer Smith 3f302c8d47 ensure spacing on string of flags 2017-04-17 12:13:39 -04:00
Spencer Smith 04a769bb37 ensure spacing on string of flags 2017-04-17 11:11:10 -04:00
Spencer Smith f9d4a1c1d8 update to safeguard against accidentally passing string instead of list 2017-04-17 11:09:34 -04:00
Matthew Mosesohn 3e7db46195 Merge pull request #1233 from gbolo/master 
allow admission control plug-ins to be easily customized
 2017-04-17 12:59:49 +03:00
gbolo 49be805001
allow admission control plug-ins to be easily customized 2017-04-16 22:03:45 -04:00
Spencer Smith 94596388f7 add ability for custom flags 2017-04-14 17:33:04 -04:00
Matthew Mosesohn ae7f59e249 Skip vault cert task evaluation completely when using script cert generation 2017-04-13 19:29:07 +03:00
Matthew Mosesohn 1c45d37348 Update kubelet.j2 2017-04-06 22:59:18 +03:00
Matthew Mosesohn b521255ec9 Unbreak 1.5 deployment with kubelet 
1.5 kubelet fails to start when using unknown params
 2017-04-06 21:07:48 +03:00
Matthew Mosesohn 75ea001bfe Merge pull request #1208 from mattymo/1.6-flannel 
Update to k8s 1.6 with flannel and centos fixes
 2017-04-06 13:04:02 +03:00
Matthew Mosesohn ff2fb9196f Fix flannel for 1.6 and apply fixes to enable containerized kubelet 2017-04-06 10:06:21 +04:00
Matthew Mosesohn acae0fe4a3 Merge pull request #1205 from holser/resolv_updates 
Refactoring resolv.conf
 2017-04-05 14:22:52 +03:00
Sergii Golovatiuk 2670eefcd4 Refactoring resolv.conf 
- Renaming templates for netchecker
- Add dnsPolicy: ClusterFirstWithHostNet to kube-proxy

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
 2017-04-05 09:28:01 +02:00
Matthew Mosesohn c0cae9e8a0 Merge pull request #1204 from mattymo/resolvconf-nodes 
Restart kubelet when updating /etc/resolv.conf on all k8s nodes
 2017-04-04 22:03:44 +03:00
Matthew Mosesohn f8cf6b4f7c Merge pull request #1186 from holser/resolv_conf 
Set ClusterFirstWithHostNet for Pods with hostnetwork: true
 2017-04-04 20:49:55 +03:00
Matthew Mosesohn a29182a010 Restart kubelet when updating /etc/resolv.conf on all k8s nodes 2017-04-04 20:43:47 +03:00
Sergii Golovatiuk 1cfe0beac0 Set ClusterFirstWithHostNet for Pods with hostnetwork: true 
In kubernetes 1.6 ClusterFirstWithHostNet was added as an option. In
accordance to it kubelet will generate resolv.conf based on own
resolv.conf. However, this doesn't create 'options', thus the proper
solution requires some investigation.

This patch sets the same resolv.conf for kubelet as host

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
 2017-04-04 16:34:13 +02:00
Matthew Mosesohn 798f90c4d5 Merge pull request #1153 from mattymo/graceful_drain 
Move graceful upgrade test to Ubuntu canal HA, adjust drain
 2017-04-04 17:33:53 +03:00
Matthew Mosesohn b4d06ff8dd Add /var/lib/cni to kubelet 
Necessary to persist this directory for host-local IPAM used by Canal
Add pre-upgrade task to copy /var/lib/cni out of old kubelet.
 2017-04-03 19:38:24 +03:00
Matthew Mosesohn 5a5707159a Fix multiline condition for k8s check certs 
Fixes #1190
 2017-04-03 17:44:55 +03:00
Matthew Mosesohn 80828a7c77 use etcd2 when upgrading unless forced 2017-04-03 15:07:42 +03:00
Matthew Mosesohn d42e4f2344 Update .gitlab-ci.yml 2017-03-30 12:19:15 +04:00
Matthew Mosesohn 48beef25fa delete master containers forcefully 2017-03-27 19:08:22 +03:00
Matthew Mosesohn a3f568fc64 restart scheduler and controller-manager too 2017-03-27 13:51:35 +03:00
Matthew Mosesohn 57ee304260 ensure post-upgrade purge ones only once 2017-03-27 13:28:37 +03:00
Matthew Mosesohn 0794a866a7 switch debian8-canal-ha to ubuntu 2017-03-27 13:28:37 +03:00
Matthew Mosesohn 49e4d344da move network plugins out of grouped upgrades 2017-03-27 13:28:37 +03:00
Matthew Mosesohn 6e505c0c3f Fix delegate tasks for kubectl and etcdctl 2017-03-27 13:28:37 +03:00
Matthew Mosesohn e9a294fd9c Significantly reduce memory requirements 
Canal runs more pods and upgrades need a bit of extra
room to load new pods in and get the old ones out.
 2017-03-27 13:28:37 +03:00
Matthew Mosesohn 44d851d5bb Only cordon Ready nodes 2017-03-27 13:28:37 +03:00
Matthew Mosesohn c2c334d22f Merge pull request #1181 from holser/refactor_etcd 
Refactor etcd role
 2017-03-27 13:05:35 +03:00
Sergii Golovatiuk f144fd1ed3 Refactor etcd role 
- Run docker run from script rather than directly from systemd target
- Refactoring styling/templates

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
 2017-03-24 12:34:15 +01:00
Vladimir Rutsky c4e57477fb replace non-breakable space with regular space 
Non-brekable space is 0xc2 0xa0 byte sequence in UTF-8.

To find one:

    $ git grep -I -P '\xc2\xa0'

To replace with regular space:

    $ git grep -l -I -P '\xc2\xa0' | xargs sed -i 's/\xc2\xa0/ /g'

This commit doesn't include changes that will overlap with commit f1c59a91a1.
 2017-03-23 00:25:01 +03:00
Matthew Mosesohn 1887e984a0 Change wait for dnsmasq to skip if there are no kube-nodes in play 
Also changed unnecessary delay to a max timeout (now defaulting to 1s sleep
between tries)

Also rename play_hosts to ansible_play_hosts
 2017-03-21 18:55:22 +03:00
Matthew Mosesohn b7ab80e8ea Merge pull request #1149 from mattymo/centos-retries 
Retry yum/apt/rpm download commands
 2017-03-18 11:12:36 +03:00
Matthew Mosesohn 7760c3e4aa Retry yum/apt/rpm download commands, fix succeeded filter 2017-03-17 18:56:26 +03:00
Matthew Mosesohn 3cfb76e57f Merge pull request #1146 from mattymo/resolvconf_optimize 
Condense resolvconf sources before starting loop
 2017-03-17 18:42:32 +03:00
Matthew Mosesohn 25bff851dd Merge pull request #1136 from adidenko/fix-calico-policy-order 
Move calico-policy-controller into separate role
 2017-03-17 17:32:14 +03:00
Aleksandr Didenko 3a39904011 Move calico-policy-controller into separate role 
By default Calico CNI does not create any network access policies
or profiles if 'policy' is enabled in CNI config. And without any
policies/profiles network access to/from PODs is blocked.

K8s related policies are created by calico-policy-controller in
such case. So we need to start it as soon as possible, before any
real workloads.

This patch also fixes kube-api port in calico-policy-controller
yaml template.

Closes #1132
 2017-03-17 11:21:52 +01:00
Matthew Mosesohn a52064184e Condense resolvconf sources before starting loop 2017-03-17 13:06:56 +03:00
Matthew Mosesohn b0830f0cd7 Merge pull request #1087 from bradbeam/openstack 
Adding openstack domain id
 2017-03-16 17:53:14 +03:00
Matthew Mosesohn 8195957461 Merge branch 'master' into idempotency2 2017-03-16 09:29:43 +03:00
Matthew Mosesohn 02fed4a082 Merge pull request #1138 from mattymo/idempotency-fixes 
Idempotency fixes for etcd certs and resolvconf tasks
 2017-03-16 09:20:28 +03:00
Matthew Mosesohn a422ad0d50 More idempotency fixes 
Fixed sync_tokens fact
Fixed sync_certs for k8s tokens fact
Disabled register docker images changability
Fixed CNI dir permission
Fix idempotency for etcd pre upgrade checks
 2017-03-15 19:06:39 +03:00
Matthew Mosesohn 4354162067 Merge pull request #1080 from VincentS/Granular_Auth_Control 
Granular authentication Control
 2017-03-15 13:12:51 +03:00
Matthew Mosesohn a62a444229 Merge pull request #1117 from mattymo/etcd3-upgrade 
Migrate k8s data to etcd3 api store
 2017-03-15 12:56:06 +03:00