Commit graph

1033 commits

Author SHA1 Message Date
Bogdan Dobrelya
a15d626771 Preconfigure DNS stack and docker early
In order to enable offline/intranet installation cases:
* Move DNS/resolvconf configuration to preinstall role. Remove
  skip_dnsmasq_k8s var as not needed anymore.

* Preconfigure DNS stack early, which may be the case when downloading
  artifacts from intranet repositories. Do not configure
  K8s DNS resolvers for hosts /etc/resolv.conf yet early (as they may be
  not existing).

* Reconfigure K8s DNS resolvers for hosts only after kubedns/dnsmasq
  was set up and before K8s apps to be created.

* Move docker install task to early stage as well and unbind it from the
  etcd role's specific install path. Fix external flannel dependency on
  docker role handlers. Also fix the docker restart handlers' steps
  ordering to match the expected sequence (the socket then the service).

* Add default resolver fact, which is
  the cloud provider specific and remove hardcoded GCE resolver.

* Reduce default ndots for hosts /etc/resolv.conf to 2. Multiple search
  domains combined with high ndots values lead to poor performance of
  DNS stack and make ansible workers to fail very often with the
  "Timeout (12s) waiting for privilege escalation prompt:" error.

* Update docs.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-09 17:30:55 +01:00
Bogdan Dobrelya
7897c34ba3 Merge pull request #700 from bogdando/tags
Add tags
2016-12-09 13:23:56 +01:00
Bogdan Dobrelya
8cc84e132a Add tags
Add tags to allow more granular tasks filtering.
Add generator script for MD formatted tags found.
Add docs for tags how-to.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-09 12:14:28 +01:00
Matthew Mosesohn
4265149463 Merge pull request #703 from adidenko/fix-docker_versioned_pkg
Convert docker_versioned_pkg dict keys to string
2016-12-09 11:50:17 +03:00
Aleksandr Didenko
ee8d6ab4fc Convert docker_versioned_pkg dict keys to string
This will allow to use '-e docker_version=1.12' in ansible playbook
execution. It's also backward-compatible and will work with floating
docker_version format in custom yaml files.

Closes #702
2016-12-09 09:17:36 +01:00
Matthew Mosesohn
a80745b5bd Merge pull request #668 from bodepd/etcd_access_address
Use etcd host ip instead of hostname to build etcd_access_addresses
2016-12-09 07:54:12 +03:00
Antoine Legrand
bd3f2d5cef Merge pull request #698 from bogdando/fix_terraform
Symlink global vars for terraform
2016-12-08 23:59:53 +01:00
Bogdan Dobrelya
e9c591e6de Symlink global vars for terraform
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-08 12:07:01 +01:00
Bogdan Dobrelya
710d5ae48e Merge pull request #691 from adidenko/calico-old-cni-fix
Fix possible problems with legacy calicoctl
2016-12-08 12:00:08 +01:00
Matthew Mosesohn
fc769eb870 Merge pull request #693 from kubernetes-incubator/upgrades-doc
Add document outlining upgrade process
2016-12-08 13:02:55 +03:00
Dan Bode
eec2ed5809 Allow etcd_access_addresses to be more flexible
The variale etcd_access_addresses is used to determine
how to address communication from other roles to
the etcd cluster.

It was set to the address that ansible uses to
connect to instance ({{ item }})s and not the
the variable:
  ip_access
which had already been created and could already
be overridden through the access_ip variable.

This change allows ansible to connect to a machine using
a different address than the one used to access etcd.
2016-12-07 10:33:15 -08:00
Bogdan Dobrelya
f7dd20f21c Merge pull request #695 from kubernetes-incubator/bug669
Force hardlink for calico/canal certs
2016-12-07 18:25:09 +01:00
Matthew Mosesohn
bfc9bcb8c7 Force hardlink for calico/canal certs
Fixes: #669
2016-12-07 19:03:22 +03:00
Bogdan Dobrelya
8eb26c21be Merge pull request #692 from bogdando/gce_fixes
Change GCE sysctls placement and docs
2016-12-07 16:17:30 +01:00
Matthew Mosesohn
3c66e4cdba Add document outlining upgrade process 2016-12-07 16:33:08 +03:00
Bogdan Dobrelya
f0f2b81276 Change GCE sysctls placement and docs
Override GCE sysctl in /etc/sysctl.d/99-sysctl.conf instead of
the /etc/sysctl.d/11-gce-network-security.conf. It is recreated
by GCE, f.e. if gcloud CLI invokes some security related changes,
thus losing customizations we want to be persistent.

Update cloud providers firewall requirements in calico docs.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-07 12:53:45 +01:00
Matthew Mosesohn
45ed6de315 Merge pull request #688 from fen4o/cluster-signing-cert
add cluster-signing to kube-controller-manager
2016-12-07 14:53:30 +03:00
Aleksandr Didenko
c9290182be Fix possible problems with legacy calicoctl
When running legacy calicoctl we do not specify calico hostname in
calico-node container thus we should not specify it in CNI config.

Also move 'legacy_calicoctl' set_fact task to the top.
2016-12-07 12:26:44 +01:00
fen4o
246c8209c1 add cluster-signing to kube-controller-manager
kube-controller-manager's cluster signing cert and key points by default to not
existing `/etc/kubernetes/ca/ca.pem` and `/etc/kubernetes/ca/ca.key` [docs][1]

[1]: http://kubernetes.io/docs/admin/kube-controller-manager/#options
2016-12-07 11:20:18 +02:00
Bogdan Dobrelya
36fe2cb5ea Merge pull request #584 from chadswen/docker-options-refactor
Docker Options Refactor
2016-12-07 07:57:53 +01:00
Bogdan Dobrelya
9d6cc3a8d5 Merge pull request #684 from adidenko/fix-calico-peering
Calico: fix peering with routers for new version
2016-12-06 22:42:02 +01:00
Spencer Smith
8870178a2d Merge pull request #627 from kubernetes-incubator/issue-626
add restart flag for docker run kubelet
2016-12-06 08:47:18 -08:00
Aleksandr Didenko
b0079ccd77 Calico: fix peering with routers for new version
In new `calicoctl` version nodes peering with routers is broken.
We need to use predictable node names for calico-node and the
same names in calico `bgpPeer` resources and CNI.
2016-12-06 17:17:39 +01:00
Bogdan Dobrelya
1772d122b2 Merge pull request #683 from kubernetes-incubator/fix_debian_image
Re-enable debian-8-kubespray image for CI
2016-12-06 14:21:28 +01:00
Matthew Mosesohn
756ae926ba Re-enable debian-8-kubespray image for CI
debian-8 image is missing memory cgroup, so it can't spawn pods.
2016-12-06 16:00:58 +03:00
Bogdan Dobrelya
2c1db56213 Merge pull request #678 from adidenko/update-calico-unit
Update calico-node systemd unit
2016-12-06 13:51:37 +01:00
Antoine Legrand
d672cef21c Merge pull request #641 from pcm32/feature/glusterfs-pr
GlusterFS server separate nodes and client facilities for k8s nodes.
2016-12-06 12:05:36 +01:00
Pablo Moreno
27e239c8d6 GlusterFS with external VMs, terraform/os included 2016-12-06 11:03:13 +00:00
Aleksandr Didenko
f1d7af11ee Update calico-node systemd unit
New calicoctl does not support --detach=false option, so we should
use a recommended way to run calico-node service:
http://docs.projectcalico.org/v2.0/usage/configuration/as-service

Closes #674, #675
2016-12-06 11:34:12 +01:00
Bogdan Dobrelya
59a097b255 Merge pull request #679 from kubernetes-incubator/kube-proxy-dbus
Add dbus socket dir to kube-proxy
2016-12-06 11:08:16 +01:00
Bogdan Dobrelya
d40783022b Merge pull request #680 from kubernetes-incubator/gce_ipv4_forward
Fix ipv4 forwarding on GCE
2016-12-06 11:02:45 +01:00
Matthew Mosesohn
7a3a473ccf Fix ipv4 forwarding on GCE
ipv4 forwarding gets broken when restarting networking, which
breaks all networking for all pods.
2016-12-06 11:57:57 +03:00
Matthew Mosesohn
2cdf752481 Add dbus socket dir to kube-proxy 2016-12-05 19:25:27 +03:00
Antoine Legrand
26f93feb2d Merge pull request #673 from Smana/kargogo_link
Update README: kargo-golang, slack, and travis urls
2016-12-04 13:22:32 +01:00
Smana
d4aba0af48 README: change travis url 2016-12-04 09:24:30 +01:00
Smana
42d12afbc6 remove deprecation warning for kargo-cli 2016-12-04 09:18:26 +01:00
Smana
022468ae3e change slack channel url 2016-12-04 09:14:15 +01:00
Smana
3bb42cc66a change kargo go version branch url 2016-12-02 23:56:14 +01:00
Chad Swenson
8b5b27bb51 Docker Options Refactor 2016-12-02 15:07:51 -06:00
Bogdan Dobrelya
7328e0e1ac Merge pull request #672 from kubernetes-incubator/fail_all_on_error
Fail all nodes on error
2016-12-02 17:08:10 +01:00
Bogdan Dobrelya
eeaf2ea4cf Merge pull request #671 from bogdando/disable_logs_upload
Disable logs upload and verbose logging
2016-12-02 16:02:52 +01:00
Bogdan Dobrelya
42eb8e4663 Disable logs upload and verbose logging
In order to speed up CI jobs, do not produce -v logs.
Also, disable collecting and uploading logs to GS, unless
the buckets creation issue resolved.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-02 16:02:33 +01:00
Bogdan Dobrelya
c13d0db0cc Merge pull request #656 from YorikSar/nginx-proxy-timeout
Set proxy_timeout to 10m in nginx.conf
2016-12-02 12:48:18 +01:00
ant31
dba2026002 Fail all nodes on error 2016-12-02 12:37:22 +01:00
Bogdan Dobrelya
a62f74259c Merge pull request #663 from bogdando/reduce_matrix
Reduce CI test matrix
2016-11-30 10:43:43 +01:00
Bogdan Dobrelya
a2331fec55 Reduce CI test matrix
Reduce the test cases from 15 to 9, bearing in mind that:
* Disable weave/coreos gate unless its deployment fixed
* If debian/centos7 fails with net plugin X, ubuntu-xenial/rhel-7 will
  likely fail as well
* Canal also covers the flannel plugin deployment, but keep at least one
  of the flannel plugin deployment, unless it's superseded and removed.
* Keep at least one of each OS/plugin family to be tested in the separate
  nodes layout
* Keep at least one of each OS family to be tested against each of the
  plugin types in default nodes layout
* Rebalance GCE regions for instances, replace asia to eu/us as they
  are the longest running jobs.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-29 18:53:43 +01:00
Antoine Legrand
b6872a0be3 Merge pull request #657 from smelchior/master
add  azure support for kargo
2016-11-29 12:20:49 +01:00
Sebastian Melchior
bc7a73ca2c add azure to readme 2016-11-29 12:16:30 +01:00
Bogdan Dobrelya
c405944e9d Merge pull request #658 from bogdando/gce_images
Switch to standard debian/centos/rhel for CI
2016-11-29 11:35:50 +01:00
Bogdan Dobrelya
7eab889c07 Switch to standard debian/centos/rhel for CI
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-29 10:25:07 +01:00