Commit graph

1221 commits

Author SHA1 Message Date
riverzhang
49a223a17d Update elrepo-release rpm version (#1554) 2017-08-23 09:54:51 +03:00
Brad Beam
e5cfdc648c Adding ability to override max ttl (#1559)
Prior this would fail because we didnt set max ttl for vault temp
2017-08-23 09:54:01 +03:00
Erik Stidham
9f9f70aade Update Calico to 2.4.1 release.
- Switched Calico images to be pulled from quay.io
- Updated Canal too
2017-08-21 09:33:12 -05:00
Matthew Mosesohn
ca3050ec3d Update to Kubernetes v1.7.3 (#1549)
Change kubelet deploy mode to host
Enable cri and qos per cgroup for kubelet
Update CoreOS images
Add upgrade hook for switching from kubelet deployment from docker to host.
Bump machine type for ubuntu-rkt-sep
2017-08-21 10:53:49 +03:00
Vijay Katam
97031f9133 Make epel-release install configurable (#1497) 2017-08-20 14:03:10 +03:00
Vijay Katam
c92506e2e7 Add calico variable that enables ignoring Kernel's RPF Setting (#1493) 2017-08-20 14:01:09 +03:00
Kevin Lefevre
65a9772adf Add OpenStack LBaaS support (#1506) 2017-08-20 13:59:15 +03:00
Anton
1e07ee6cc4 etcd_compaction_retention every 8 hour (#1527) 2017-08-20 13:55:48 +03:00
Miad Abrin
3c710219a1 Fix Some Typos in kubernetes master role (#1547)
* Fix Typo etc3 -> etcd3

* Fix typo in post-upgrade of master. stop -> start
2017-08-20 13:54:28 +03:00
Maxim Krasilnikov
2ba285a544 Fixed deploy cluster with vault cert manager (#1548)
* Added custom ips to etcd vault distributed certificates

* Added custom ips to kube-master vault distributed certificates

* Added comment about issue_cert_copy_ca var in vault/issue_cert role file

* Generate kube-proxy, controller-manager and scheduler certificates by vault

* Revert "Disable vault from CI (#1546)"

This reverts commit 781f31d2b8.

* Fixed upgrade cluster with vault cert manager

* Remove vault dir in reset playbook
2017-08-20 13:53:58 +03:00
Antoine Legrand
72ae7638bc Merge pull request #1446 from matlockx/master
add possibility to ignore the hostname override
2017-08-18 17:03:40 +02:00
Xavier Lange
3bfad5ca73 Bump etcd to 3.2.4 (#1468) 2017-08-18 17:12:33 +03:00
Matthew Mosesohn
df28db0066 Fix cert and netchecker upgrade issues (#1543)
* Bump tag for upgrade CI, fix netchecker upgrade

netchecker-server was changed from pod to deployment, so
we need an upgrade hook for it.

CI now uses v2.1.1 as a basis for upgrade.

* Fix upgrades for certs from non-rbac to rbac
2017-08-18 15:46:22 +03:00
Jan Jungnickel
20183f3860 Bump Calico CNI Plugin to 1.8.0 (#1458)
This aligns calico component versions with Calico release 2.1.5 and
fixes an issue with nodes being unable to schedule existing workloads
as per [#349](https://github.com/projectcalico/cni-plugin/issues/349)
2017-08-18 15:40:14 +03:00
Matthew Mosesohn
2645e88b0c Fix vault setup partially (#1531)
This does not address per-node certs and scheduler/proxy/controller-manager
component certs which are now required. This should be handled in a
follow-up patch.
2017-08-18 15:09:45 +03:00
Vijay Katam
55ba81fee5 Add changed_when: false to rpm query 2017-08-14 12:31:44 -07:00
Brad Beam
af007c7189 Fixing netchecker-server type - pod => deployment (#1509) 2017-08-14 18:43:56 +03:00
Seungkyu Ahn
b22bef5cfb Apply RBAC to efk and create fluentd.conf
Making fluentd.conf as configmap to change configuration.
Change elasticsearch rc to deployment.
Having installed previous elastaicsearch as rc, first should delete that.
2017-08-11 05:31:50 +00:00
Vijay Katam
7ad5523113 restrict rpm query to redhat 2017-08-10 13:49:14 -07:00
Brad Beam
1155008719 Merge pull request #1481 from magnon-bliex/fluentd-template-fix-typo
fixed typo in fluentd-ds.yml.j2
2017-08-10 08:19:59 -05:00
Vijay Katam
5efda3eda9 Configurable docker yum repos, systemd fix
* Make yum repos used for installing docker rpms configurable
* TasksMax is only supported in systemd version >= 226
* Change to systemd file should restart docker
2017-08-09 15:49:53 -07:00
Brad Beam
383d582b47 Merge pull request #1382 from jwfang/rbac
basic rbac support
2017-08-07 08:01:51 -05:00
Spencer Smith
6eacedc443 Merge pull request #1483 from delfer/patch-3
Update flannel from 0.6.2 to 0.8.0
2017-08-01 13:57:43 -04:00
Spencer Smith
e55f8a61cd Merge pull request #1482 from bradbeam/fix1393
Removing run_once in these tasks so that etcd ca certs get propogated…
2017-07-31 13:47:18 -04:00
Spencer Smith
cb6892d2ed Merge pull request #1469 from hzamani/etcd_metrics
Add etcd metrics flag
2017-07-31 09:04:07 -04:00
Spencer Smith
43eda8d878 Merge pull request #1471 from whereismyjetpack/fix_1447
add newline after expanding user information
2017-07-31 09:03:04 -04:00
nico
cc9f3ea938 Fix enforce-node-allocatable option
Closes #1228
pods is default enforcement

see https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/
add

update
2017-07-31 10:06:53 +02:00
Alexander Chumakov
8bc717a55c Update flannel from 0.6.2 to 0.8.0 2017-07-29 10:54:31 +03:00
Brad Beam
d09222c900 Removing run_once in these tasks so that etcd ca certs get propogated properly to worker nodes
without this etcd ca certs dont exist on worker nodes causing calico to fail
2017-07-28 14:34:47 -05:00
magnon-bliex
38eb1d548a fixed typo 2017-07-28 14:10:13 +09:00
Anton
e0960f6288 FIX: Unneded (extra) cycles in some tasks (#1393) 2017-07-27 20:46:21 +03:00
timtoum
3e457e4edf Enable weave seed mode for kubespray (#1414)
* Enable weave seed mode for kubespray

* fix task Weave seed | Set peers if existing peers

* fix mac address variabilisation

* fix default values

* fix include seed condition

* change weave var to default values

* fix Set peers if existing peers
2017-07-26 19:09:34 +03:00
Dann Bohn
c4894d6092 add newline after expanding user information 2017-07-25 12:59:10 -04:00
Hassan Zamani
3fb0383df4 Add etcd metrics flag 2017-07-25 20:00:30 +04:30
Spencer Smith
ee36763f9d Merge pull request #1464 from johnko/patch-4
set loadbalancer_apiserver_localhost default true
2017-07-25 10:00:56 -04:00
Spencer Smith
955c5549ae Merge pull request #1402 from Lendico/fix_failed_when
"failed_when: false" and "|succeeded" checks for registered vars
2017-07-25 09:33:43 -04:00
Spencer Smith
4a34514b21 Merge pull request #1447 from whereismyjetpack/template_known_users
Template out known_users.csv, optionally add groups
2017-07-25 08:55:08 -04:00
Brad Beam
20f29327e9 Merge pull request #1379 from gdmello/etcd_data_dir_fix
Custom `etcd_data_dir` saves etcd data to host, not container
2017-07-20 09:30:18 -05:00
John Ko
018b5039e7 set loadbalancer_apiserver_localhost default true
to match this https://github.com/kubernetes-incubator/kubespray/blob/master/roles/kubernetes/node/tasks/main.yml#L20
and the documented behaviour in HA docs 
related to #1456
@rsmitty
2017-07-20 10:27:05 -04:00
Spencer Smith
b5d3d4741f Merge pull request #1454 from Abdelsalam-Abbas/higher_drain_timeout
higher the timeouts for draining nodes while upgrading kubernetes version
2017-07-19 10:39:33 -04:00
Spencer Smith
85c747d444 Merge pull request #1441 from bradbeam/1434
Adding recursive=true for rkt kubelet dir
2017-07-19 10:38:06 -04:00
Spencer Smith
927e6d89d7 Merge pull request #1435 from delfer/master
Kubernetes upgrade to 1.6.7
2017-07-19 05:23:38 -07:00
jwfang
3d87f23bf5 uncomment unintended local changes 2017-07-19 12:11:47 +08:00
jwfang
789910d8eb remote unused netchecker-agent-hostnet-ds.j2 2017-07-17 19:29:59 +08:00
jwfang
a8e6a0763d run netchecker-server with list pods 2017-07-17 19:29:59 +08:00
jwfang
e1386ba604 only patch system:kube-dns role for old dns 2017-07-17 19:29:59 +08:00
jwfang
83deecb9e9 Revert "no need to patch system:kube-dns"
This reverts commit c2ea8c588aa5c3879f402811d3599a7bb3ccab24.
2017-07-17 19:29:59 +08:00
jwfang
d8dcb8f6e0 no need to patch system:kube-dns 2017-07-17 19:29:59 +08:00
jwfang
552b2f0635 change authorization_modes default value 2017-07-17 19:29:59 +08:00
jwfang
0b3badf3d8 revert calico-related changes 2017-07-17 19:29:59 +08:00
jwfang
cea3e224aa change authorization_modes default value 2017-07-17 19:29:59 +08:00
jwfang
1eaf0e1c63 rename task 2017-07-17 19:29:59 +08:00
jwfang
2cda982345 binding group system:nodes to clusterrole calico-role 2017-07-17 19:29:59 +08:00
jwfang
c9734b6d7b run calico-policy-controller with proper sa/role/rolebinding 2017-07-17 19:29:59 +08:00
jwfang
fd01377f12 remove more bins when reset 2017-07-17 19:29:59 +08:00
jwfang
092bf07cbf basic rbac support 2017-07-17 19:29:59 +08:00
Ubuntu
5145a8e8be higher draining timeouts 2017-07-16 20:52:13 +00:00
Dann Bohn
d1f58fed4c Template out known_users.csv, optionally add groups 2017-07-14 09:27:20 -04:00
Martin Joehren
12e918bd31 add possibility to ignore the hostname override 2017-07-13 14:04:39 +00:00
Brad Beam
637f445c3f Merge pull request #1365 from AtzeDeVries/master
Give more control over IPIP, but with same default behaviour
2017-07-12 10:17:17 -05:00
Brad Beam
e0bf8b2aab Adding recursive=true for rkt kubelet dir
Fixes #1434
2017-07-12 09:28:54 -05:00
Spencer Smith
c75b21a510 Merge pull request #1408 from amitkumarj441/patch-1
Remove deprecated 'enable-cri' flag in kubernetes 1.7
2017-07-11 08:56:14 -04:00
Delfer
9f45eba6f6 Kubernetes upgrade to 1.6.7 2017-07-11 09:11:55 +00:00
AtzeDeVries
e160018826 Fixed conflicts, ipip:true as defualt and added ipip_mode 2017-07-08 14:36:44 +02:00
Spencer Smith
d1a02bd3e9 match kubespray-defaults dns mode with k8s-cluster setting 2017-07-07 13:13:12 -04:00
Brad Beam
992023288f Merge pull request #1319 from fieryvova/private-dns-server
Add private dns server for a specific zone
2017-07-06 15:02:54 -05:00
Spencer Smith
3ab90db6ee Merge pull request #1411 from kevinjqiu/allow-calico-ipip-subnet-mode
Allow calico ipPool to be created with mode "cross-subnet"
2017-07-06 14:04:03 -04:00
Vladimir Kozyrev
e26be9cb8a add private dns server for a specific zone 2017-07-06 16:30:47 +03:00
Spencer Smith
bba555bb08 Merge pull request #1346 from Starefossen/patch-1
Set kubedns minimum replicas to 2
2017-07-06 09:14:11 -04:00
Spencer Smith
4b0af73dd2 Merge pull request #1332 from gstorme/kube_apiserver_insecure_port
Use the kube_apiserver_insecure_port variable instead of static 8080
2017-07-06 09:06:50 -04:00
Spencer Smith
da72b8c385 Merge pull request #1391 from Abdelsalam-Abbas/master
Uncodron Masters which have scheduling Enabled
2017-07-06 09:06:02 -04:00
Spencer Smith
44079b7176 Merge pull request #1401 from Lendico/better_task_naming
Better naming for recurrent tasks
2017-07-06 09:01:07 -04:00
Kevin Jing Qiu
a742d10c54 Allow calico ipPool to be created with mode "cross-subnet" 2017-07-04 19:05:16 -04:00
Hans Kristian Flaatten
38f5d1b18e Set kubedns minimum replicas to 2 2017-07-04 16:58:16 +02:00
Abdelsalam Abbas
5f75d4c099 Uncodron Masters which have scheduling Enabled 2017-07-03 15:30:21 +02:00
Amit Kumar Jaiswal
319a0d65af Update kubelet.j2
Updated with closing endif.
2017-07-03 16:23:35 +05:30
Amit Kumar Jaiswal
3d2680a102 Update kubelet.j2
Updated!
2017-07-03 15:58:50 +05:30
Amit Kumar Jaiswal
c36fb5919a Update kubelet.j2
Updated!!
2017-07-03 15:55:04 +05:30
Amit Kumar Jaiswal
46d3f4369e Updated K8s version
Signed-off-by: Amit Kumar Jaiswal <amitkumarj441@gmail.com>
2017-07-03 04:06:42 +05:30
Martin Joehren
c2b3920b50 added flag for not populating inventory entries to etc hosts file 2017-06-30 16:41:03 +00:00
Spencer Smith
6e7323e3e8 Merge pull request #1398 from tanshanshan/fix-reset
clean files in reset roles
2017-06-30 07:59:44 -04:00
Spencer Smith
f085419055 Merge pull request #1388 from vgkowski/master
add six package to bootstrap role
2017-06-30 07:30:36 -04:00
Anton Nerozya
1fedbded62 ignore_errors instead of failed_when: false 2017-06-29 20:15:14 +02:00
Anton Nerozya
c8258171ca Better naming for recurrent tasks 2017-06-29 19:50:09 +02:00
tanshanshan
007ee0da8e fix reset 2017-06-29 14:45:15 +08:00
Brad Beam
5e1ac9ce87 Merge pull request #1354 from chadswen/kubedns-var-fix
kubedns consistency fixes
2017-06-27 22:26:46 -05:00
Brad Beam
a7cd08603e Merge pull request #1384 from gdmello/etcd_backup_dir_fix
Make etcd_backup_prefix configurable.
2017-06-27 22:25:53 -05:00
Brad Beam
854cd1a517 Merge pull request #1380 from jwfang/max-dns
docker_dns_servers_strict to control docker_dns_servers rtrim
2017-06-27 21:15:12 -05:00
Spencer Smith
23565ebe62 Merge pull request #1356 from rsmitty/rename
Rename project to kubespray
2017-06-27 11:40:03 -04:00
Chad Swenson
8467bce2a6 Fix inconsistent kubedns version and parameterize kubedns autoscaler image vars 2017-06-27 10:19:31 -05:00
gdmelloatpoints
649654207f mount the etcd data directory in the container with the same path as on the host. 2017-06-27 09:29:47 -04:00
gdmelloatpoints
3123502f4c move etcd_backup_prefix to new home. 2017-06-27 09:12:34 -04:00
vincent gromakowski
17d54cffbb add six package to bootstrap role 2017-06-27 10:08:57 +02:00
Seungkyu Ahn
d5516a4ca9 Make kubedns up to date
Update kube-dns version to 1.14.2
https://github.com/kubernetes/kubernetes/pull/45684
2017-06-27 00:57:29 +00:00
gdmelloatpoints
4ba237c5d8 Make etcd_backup_prefix configurable. Ensures that backups can be stored on a different location other than ${HOST}/var/backups, say an EBS volume on AWS. 2017-06-26 09:42:30 -04:00
jwfang
ec2255764a docker_dns_servers_strict to control docker_dns_servers rtrim 2017-06-26 17:29:12 +08:00
Abdelsalam Abbas
1a8e92c922 Fixing cordoning condition that cause fail for upgrading the cluster 2017-06-23 20:41:47 +02:00
gdmelloatpoints
5c1891ec9f In the etcd container, the etcd data directory is always /var/lib/etcd. Reverting to this value, since etcd_data_dir on the host maps to /var/lib/etcd in the container. 2017-06-23 13:49:31 -04:00
Spencer Smith
bae5ce0bfa Merge branch 'master' into rename 2017-06-23 12:23:51 -04:00
AtzeDeVries
61b74f9a5b updated to direct control over ipip 2017-06-23 09:16:05 +02:00