Commit graph

3440 commits

Author SHA1 Message Date
Hans Feldt
a2d4dbeee4
crio: use system default for storage driver by default (#6637)
After host reboot kubelet and crio goes into a loop and no container is started.

storage_driver in crio.conf overrides system defaults in etc/containers/storage.conf

/etc/containers/storage.conf is installed by package containers-common dependency
installed from cri-o (centos7) and contains "overlay".

Hosts already configured with overlay2 should be reconfigured and the
/var/lib/containers content removed.
2020-09-10 05:29:45 -07:00
Florian Ruynat
1712ba1198
Add iptables_backend to weave options (#6639) 2020-09-10 03:49:52 -07:00
Mikael Johansson
040dda37ed
Add comment clarifying network allocation and sizes (#6607)
* Add comment from roles/kubespray-defaults/defaults/main.yaml clarifying network allocation and sizes

Signed-off-by: Mikael Johansson <mik.json@gmail.com>

* Rewrite of the comment and added new examples

Signed-off-by: Mikael Johansson <mik.json@gmail.com>
2020-09-10 03:49:44 -07:00
holmesb
a99ba3bb16
Allowing resource management of metrics-server container. Will allow fine-tuning of resource allocation and solving throttling issues. Setting defaults as per the current request & limit allocation: cpu: 43m, memory 55Mi for both limits & requests. (#6652)
Signed-off-by: Brendan Holmes <holmesb@users.noreply.github.com>

Co-authored-by: Brendan Holmes <holmesb@users.noreply.github.com>
2020-09-10 03:46:02 -07:00
Florian Ruynat
ae5328c500
Update calico to 3.16.1 (#6644) 2020-09-10 03:45:46 -07:00
spaced
34ff39e654
NetworkManager lists must be separated by , (#6643) 2020-09-10 03:41:44 -07:00
Florian Ruynat
8e3915f5bf
Set ansible_python_interpreter to python3 on debian (fix error with mitogen) (#6633) 2020-09-08 15:37:52 -07:00
Maxime Guyot
a1f04e9869
Cleanup v1.16 hashes (#6635) 2020-09-08 01:51:43 -07:00
Maxime Guyot
961149b865
Update kube_version_min_required for 2.14 release (#6634) 2020-09-07 23:59:43 -07:00
spaced
2de6a5676d
Fedora coreos networkmanager global dns and bootstrapping fix (#6577)
* remove podman cni plugin

* configure networkamanger global dns

* allow installation of python3-libselinux by disabling update repo temporary

* remove ipv4 section because it is not a valid configuration
2020-09-07 02:27:41 -07:00
Florian Ruynat
050578da94
Update Cilium to 1.8.3 (#6629) 2020-09-07 02:11:49 -07:00
Florian Ruynat
6fc73e3038
Add Kubernetes 1.16.15 hashes (#6624) 2020-09-07 01:23:41 -07:00
Florian Ruynat
d97e9b9e50
Fix oracle linux repo (#6627) 2020-09-07 01:15:41 -07:00
Florian Ruynat
fa0eb11bf4
Update kubernetes dashboard (#6623) 2020-09-04 05:29:41 -07:00
Julien Pervillé
f660c29348
Declare port 10254 in nginx ingress pod template (#6609) 2020-09-04 04:54:11 -07:00
Hans Feldt
6613895de0
remove kubelet startup warnings for non docker container runtime (#6605)
Removes these startup warnings:

Warning: For remote container runtime, --pod-infra-container-image is ignored in kubelet, which should be set in that remote runtime instead
Using "/var/run/crio/crio.sock" as endpoint is deprecated, please consider using full url format "unix:///var/run/crio/crio.sock".
2020-09-04 04:54:04 -07:00
Hans Feldt
803d52ffce
kubernetes: remove unused variables (#6601) 2020-09-04 04:53:56 -07:00
tasekida
fc61f8d52e
Update cert manager to 0.16.1 (#6600)
* Update cert manager to 0.16.1

* Update cert manager to 0.16.1

Co-authored-by: Barry Melbourne <9964974+bmelbourne@users.noreply.github.com>
2020-09-04 04:53:48 -07:00
Maxim Pogozhiy
0553814b4f
Add selectable dns policy for kube-router (#6586) 2020-09-04 04:53:41 -07:00
Florian Ruynat
f1566cb8c2
Add protectKernelDefaults option (default true) to kubelet config file (#6611) 2020-09-03 07:41:41 -07:00
Lovro Seder
c1ba8e1b3a
Rotate kubelet server certificate. (#6453)
* Rotate kubelet server certificate.

* CI test kubelet server cert rotation

* Approve kubelet serving certificates in tests.
2020-09-03 07:25:41 -07:00
Hugo Blom
2ff7ab8d40
Add snapshot-controller for CSI drivers and snapshot CRDs, add a default volumesnapshotclass when running cinder CSI (#6537)
* add snapshot-controller and v1beta1 snapshot api

* fix typo

* udpate manifest to v1beta1

* update

* update manifests

* fix spelling

* wait until crd is applied

* fix missing info in kube module

* revert snapshotclass

* add snapshot crds before applying the csi driver

* add crds, missed them in last commit

* use pull policy from kubespray
2020-09-03 04:01:43 -07:00
Hans Feldt
93698a8f73
Calico: update crds to v1 and cr (#6360)
* Update CustomResourceDefinition for kubecontrollersconfigurations.crd.projectcalico.org to v1
* Align ClusterRole for kube-controllers with upstream (calico)
2020-09-03 00:51:40 -07:00
Maxime Guyot
6245587dc8
Fix E306 in roles/network_plugin (#6516)
Signed-off-by: Miouge1 <maxime@root314.com>
2020-09-02 23:55:40 -07:00
Florian Ruynat
2faf53b039
Check node_ip is defined when removing etcd node (#6603) 2020-09-01 01:05:58 -07:00
Florian Ruynat
e0b1787740
Use crictl 1.19.0 for k8s 1.19.x (#6598) 2020-09-01 01:05:50 -07:00
Florian Ruynat
9849dba5d3
Update cni plugins with minor fix (#6592) 2020-08-31 05:16:21 -07:00
Barry Melbourne
03c9c091f2
Docker: Set Cgroup driver by default to systemd (#6563)
* Set Docker Cgroup driver to systemd

* Add docker_cgroup_driver in Docker defaults
2020-08-31 04:56:20 -07:00
Marc-Antoine
5a8b68a429
Add support for openstack application credentials (#6534)
* Add support for openstack application credentials

* Add some lines for readability

* Update external_openstack_tenant_id check

Do not check external_openstack_tenant_id when application credentials are defined

* Add check for external_openstack_domain_id

* Fix typo
2020-08-31 03:30:28 -07:00
Maxime Guyot
34d88ea6d9
Fix Ansible-lint E303 (#6409) 2020-08-31 03:30:20 -07:00
Florian Ruynat
0665b45e61
Update nginx ingress to 0.35.0 (#6599) 2020-08-31 03:24:21 -07:00
Maxime Guyot
648fcf3a2e
Fix E306 in roles/etcd (#6515) 2020-08-31 03:20:20 -07:00
Barry Melbourne
058438a25d
Remove support for CoreOS Container Linux (#6576) 2020-08-28 02:28:53 -07:00
Maxime Guyot
6e938a3106
Fix E306 in other roles (#6517) 2020-08-28 01:20:53 -07:00
Florian Ruynat
2f93d62aa5
Update nginx ingress to 0.34.1 (#6571) 2020-08-27 10:15:53 -07:00
Florian Ruynat
8ba3d7ec75
Add Kubernetes 1.19 hashes (#6593) 2020-08-27 09:45:53 -07:00
Hans Feldt
9e2d282709
cri-o: add variable to configure unsecure pull (#6568)
By default do not allow "unqualified" (without a registry) images
because it is considered unsecure and subject to mitm attacks.

To enable insecure pull configure for example:

crio_registries:
  - "docker.io"
  - "quay.io"
2020-08-27 09:09:53 -07:00
Florian Ruynat
706c7cb4f1
etcd should not fail when adding an already existing member (#6587) 2020-08-27 02:33:01 -07:00
Florian Ruynat
e7ee19bd66
Update bunch of dependencies with minor fixes (#6570) 2020-08-27 02:25:01 -07:00
nic0las
f59d3fc4a3
Deviceroutesourceaddress (#6508)
* add FELIX_DEVICEROUTESOURCEADDRESS calico option

* add calico_use_default_route_src_ipaddr option 

add calico_use_default_route_src_ipaddr option to use FELIX_DEVICEROUTESOURCEADDRESS calico option

* Update k8s-net-calico.yml
2020-08-27 02:07:01 -07:00
Barry Melbourne
8e2bae0f2a
Fix Ansible Lint warnings (No such file or directory) (#6581) 2020-08-26 23:19:10 -07:00
Arthur Outhenin-Chalandre
e6dae03a0d
Add cilium hubble server in config (#6575)
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-26 23:19:02 -07:00
Arthur Outhenin-Chalandre
2f2ed116f7
Improve metallb template for bgp peers (#6574)
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-26 23:15:03 -07:00
Kuralamudhan Ramakrishnan
e91c6a7bd1
update the ovn4nfv-k8s-plugin image version to v1.1.0 (#6531)
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
2020-08-26 23:11:03 -07:00
Florian Ruynat
1ff95e85f4
Rollback coredns, should not have been updated before 1.19 (#6573) 2020-08-26 03:30:03 -07:00
Sulochan Acharya
36924b63dc
Allow webhook authorization (#6502) 2020-08-24 06:29:41 -07:00
jeanfabrice
411510cbe6
Use proper openssl command to differentiate between host and ip in API certificate check (#6392)
* Use proper openssl command to differentiate between host and ip in current certificate check

* fixup! Use proper openssl command to differentiate between host and ip in current certificate check
2020-08-21 02:03:39 -07:00
Florian Ruynat
6e2b8a5750
Add timeout to Get current version of calico cluster version, again (#6493) 2020-08-21 00:13:51 -07:00
Lars
ca66a96d0a
make pre-remove node draining a failable task (#6442)
and add configuration to allow ungraceful removal
2020-08-21 00:13:39 -07:00
Marc-Antoine
0c09ec5d13
Bump Openstack cloud controller image verison to 1.18.2 (#6562) 2020-08-21 00:10:03 -07:00