Commit graph

3301 commits

Author SHA1 Message Date
Samuel Liu
38ca58ae8d
update pause images version: 3.2 (#6190) 2020-05-28 00:38:02 -07:00
Wang Zhen
d62836f2ab
Replace seccomp profile docker/default with runtime/default (#6170)
Signed-off-by: Wang Zhen <lazybetrayer@gmail.com>
2020-05-27 14:02:02 -07:00
Florian Ruynat
e9ce7243b8
Match docker-cli version with docker-engine version (when available) (#6163) 2020-05-25 05:37:11 -07:00
404notfoundhard
d036a04d4d
restart kubelet service when kube-config.yml is changed (#5402)
* fix(kubelet): exec notify restart kubelet service when kube-config.yml changed

* Revert "refactor(kubelet handler): change task name("reload kubelet") this is misleading"

This reverts commit 8f5d29560802c7c997293adb1ce9f84d3b20b6cb.

* fix(handlers,kubelet): setting right notify task name
2020-05-19 10:13:37 -07:00
Maxime Guyot
35ad57674e
Update containerd to 1.2.13-2 (#6156) 2020-05-18 07:57:36 -07:00
qvicksilver
437189c213
Fix missing permissions for OpenStack cloud-controller-manager preventing metrics scraping (#6124) 2020-05-18 02:35:45 -07:00
Paul Rey
b5aaaf864d
Add additional network configuration options to external Openstack CCM (#6083) (#6085)
* Add additional network configuration options to external Openstack CCM (#6083)

* Change the default version of external openstack cloud controller image to v1.18.1 since there was an issue in v1.18.0 where some IPs of the private network were ignored

* Change Network section in external-openstack-cloud-config.j2 to Networking

* Add networking customization information in the openstack documentation
2020-05-18 02:31:36 -07:00
bozzo
d948839320
Fix resolv.conf configuration for Fedora CoreOS. (#6138) 2020-05-18 02:27:36 -07:00
Mateus Caruccio
a5af58c05a
Fix apiserver port when upgrading (#6136) 2020-05-18 01:21:36 -07:00
Matthew Mosesohn
fda05df5f1
Only fix kube-proxy address on evaluating kube_master hosts (#6152)
Change-Id: I83a7101a6cd99eb531d8385de5c31aee4f474469
2020-05-17 13:05:36 -07:00
jeanfabrice
3997aa9a0f
Use OS packaging default value for apparmor_profile in crio.conf (#6125) 2020-05-14 21:47:00 -07:00
tasekida
81292f9cf3
Fix apt update don't access Docker’s official repository for Ubuntu (#6106) 2020-05-13 07:06:26 -07:00
Florian Ruynat
1f9ccfe54d
Rollback metrics-server version and enable in one CI test (#6130) 2020-05-13 06:20:26 -07:00
Hector S
a3131e271a
Removed env vars DOCKER_NETWORK_OPTIONS and INSECURE_REGISTRY from docker.service.j2 (#6126) 2020-05-12 13:46:21 -07:00
Anton Kulikov
ed12936be2
Add missing RBAC rule #6116 (#6121) 2020-05-11 04:25:51 -07:00
Florian Ruynat
7c00ce5f30
Update metrics-server tag and template (#6090) 2020-05-11 03:55:50 -07:00
Florian Ruynat
c87bd53352
Update calico to 3.14.0 (#6120) 2020-05-11 03:51:51 -07:00
Andrew DeMaria
af1c93cdfc
Add option to expose metrics on separate port (#6092) 2020-05-10 12:21:51 -07:00
petruha
9ce7fc9b2c
Create namespace when dashboard deployment uses customized namespace. (#6107)
* Create namespace when dashboard deployment uses customized namespace.

* Fix syntax.
2020-05-10 11:38:02 -07:00
Florian Ruynat
b6243bfc1c
Fix ImagePullPolicy missing variable usage (#6091) 2020-05-10 11:37:50 -07:00
Florian Ruynat
93579773d6
Cleanup kubernetes 1.15.x hashes (and references) as it has now reached EOL (#5876) 2020-05-09 12:19:50 -07:00
Florian Ruynat
0bd23f720d
Fix docker fedora packages (#6097) 2020-05-08 15:39:51 -07:00
Florian Ruynat
c605a05c6b
Update coredns to 1.6.7 (#6086) 2020-05-08 12:07:51 -07:00
Florian Ruynat
c44f13114f
Allow containerd runtime with fedora os (30/31) - add CI test (#6094) 2020-05-08 07:55:43 -07:00
lukasz bielinski
ef7076e36f
fix expected str instance, float found #6078 (#6103) 2020-05-08 05:57:42 -07:00
Florent Monbillard
324106e91e
Remove Kubernetes <1.16 conditionals (#6088) 2020-05-08 00:45:43 -07:00
Florent Monbillard
218b2a5992
Workaround about inconsistent CRI-O YUM repo path on Kubic repos (#6101) 2020-05-07 12:59:42 -07:00
Victor Morales
367566adaa
Fix kubernetes-dashboard template identation (#6066)
The 98e7a07fba commit udpates the
dashboard version to 2.0.0 but it enable skip login flag wasn't
updated. This change updates its identation to avoid issues when
dashboard_skip_login is enabled.
2020-05-06 11:17:17 -07:00
Florian Ruynat
c06f482901
Update default kubernetes version to 1.18.2 (#6064) 2020-05-06 11:17:09 -07:00
Florian Ruynat
965fe1db94
Update cni spec to 0.4.0 for network plugin allowing it (#6053) 2020-05-06 11:13:09 -07:00
Florian Ruynat
f6be326feb
Update kube-ovn to 1.1.1 (#6060) 2020-05-06 11:05:09 -07:00
Michael Sheinberg
c58e5e80ce
Bump pypy to 7.3.1, verify hash (#6070)
As of pypy 7.3.0, we can utilize the official pypy project as opposed to
the previously used "portable-pypy" distribution.
2020-05-06 04:49:08 -07:00
Maxime Guyot
641a2a8bb4
Skip molecule tests for Ubuntu 18.04 (#6077) 2020-05-05 07:17:09 -07:00
Florian Ruynat
7d497e46c5
Update calico to 3.13.3 (#6061) 2020-05-04 08:56:26 -07:00
Florian Ruynat
f8f55bc413
Update cilium to 1.7.3 (#6069) 2020-05-03 12:32:26 -07:00
Florian Ruynat
361645e8b6
Fix multus missing cni and erroneous CI tests (#6051) 2020-04-30 23:38:05 -07:00
Maxime Guyot
353d44a4a6
Add CI var for http_proxy (#6039) 2020-04-30 05:44:17 -07:00
qvicksilver
680aa60429
Specify tag for OpenStack Cloud Controller image (#6048) 2020-04-30 02:02:17 -07:00
qvicksilver
e41766fd58
Fix broken Octavia integration in OpenStack External Cloud Provider (#6046) 2020-04-29 11:30:25 -07:00
Maxime Guyot
e4c820c35e
Add molecule tests to containerd role (#6037) 2020-04-29 09:08:25 -07:00
Joel Seguillon
db5f83f8c9
update dashboard access doc for 2.0.x (#6036)
* update dashboard access doc for 2.0.x

* make metrics scrapper system-cluster-critical
2020-04-29 07:20:25 -07:00
Lee Spottiswood
a3d3f27aaa
allow dns autoscaler limits to be specified via variables (#6020) 2020-04-28 23:34:25 -07:00
Maxime Guyot
28333d4513
Fix crio runc path on Ubuntu (#6035) 2020-04-28 05:28:06 -07:00
Hugo Blom
724a316204
Cinder-CSI default storageclass and volumeBindingMode (#6026)
* Set volumeBindingMode in cinder CSI template (#22)

* make sure true/false is lowercase in cinder-csi storageclass
2020-04-28 00:12:04 -07:00
Florian Ruynat
3ff6a2e7ff
Update default (erroneous) backend value for calico (#6031) 2020-04-27 00:03:39 -07:00
Florian Ruynat
1ee3ff738e
Add option to enable usage reports to calico servers (#6030) 2020-04-27 00:03:30 -07:00
Qasim Sarfraz
52edd4c9bc
Fix liveness probe for cilium operator (#6016) 2020-04-26 23:59:29 -07:00
Joel Seguillon
98e7a07fba
bump to dashboard 2.0.0 with metrics scrapper support (#5821)
* bump to dashboard 2.0 rc6 with metrics scrapper

* fix missing yaml seperator making Replicaset complaining about missing ServiceAccount

* unwanted legay gross hack forgot to remove before

* no  need namespace on CrBinding

* bump to 2.0.0 release

* remove dashboard_metrics_scrapper_enabled
2020-04-25 03:55:28 -07:00
Pasquale Toscano
3d5988577a
Support Cilium from version 1.5 (#6006) 2020-04-24 06:00:10 -07:00
Florian Ruynat
299e35ebe4
Cleanup unused/erroneous variables (#6003) 2020-04-24 01:54:07 -07:00
spaced
cf1566e8ed
Centos, debian and fedora CRI-O repo (#6008)
* replace removed repo with kubic repository for centos 7

* add crio configuration for centos8

* add crio configurations for debian

* use correct crio version for fedora

* simplify calulation of required crio version
- gives possibility to overwrite

* change default path for runc

* change default for seccomp path

* change default for conmon
2020-04-24 01:18:07 -07:00
spaced
b0484fe3e5
Ubuntu crio repo (#5994)
* declare kubic repo for ubuntu

* do not install crictl twice

* move fedora repo modular tasks to crio_repo file

* move centos repo tasks to crio_repo

* declare crio version matrix for ubuntu

* update documentation crio support for ubuntu
2020-04-22 13:29:45 -07:00
Florian Ruynat
b8cd9403df
Fix nginx template missing latest changes (#6000) 2020-04-22 08:41:52 -07:00
Florent Monbillard
d7df577898
k8s-dns-node-cache 1.15.12 was released (#5999) 2020-04-22 07:43:53 -07:00
Maxime Guyot
09bccc97ba
Add CRI-O CI (#5460) 2020-04-22 06:09:52 -07:00
Florian Ruynat
1c187e9729
Downgrade coredns to 1.6.5 due to upgrade errors while migrating coredns configmap (Corefile) (#5960) 2020-04-22 05:27:52 -07:00
Florian Ruynat
ca45d5ffbe
Fix retries keyword missing until instruction (#5989) 2020-04-21 07:20:56 -07:00
Victor Morales
2bec26dba5
Add proxy support to CRI-O service (#4607)
* Add proxy support to CRI-O service

The crio.service requires proxy environment variables when it's
deployed behind a corporated network. This change creates a systemd
configuration file when the proxy variables are defined.

* Remove unnecesary crio's tasks
2020-04-21 04:12:55 -07:00
Pierre Lebrun
03c8d0113c
Add vSphere external cloud provider (#5959) 2020-04-20 08:47:39 -07:00
Lovro Seder
536606c2ed
Fix kube-proxy ds win nodeselector check for 1.17 (#5982)
* Fix kube-proxy ds nodeselector for older versions

* Fix for ansible-lint
2020-04-20 08:43:39 -07:00
Sergey
6e29a47784
generate flannel manifest only on first master (#5983) 2020-04-20 01:33:38 -07:00
Sergey
baff4e61cf
remove image flannel cni (#5980) 2020-04-19 06:13:37 -07:00
Florian Ruynat
32fec3bb74
Update minor version for tools (helm, busybox, registry etc...) (#5961) 2020-04-18 07:59:36 -07:00
Maxime Guyot
3134dd4c0d
Drop support for Fedora 28 and add Fedora 30 and 31 (#5969) 2020-04-18 06:35:36 -07:00
Sergey
6318bb9f96
Return the ability to start control plain from the hyperkube image (#5422) 2020-04-18 05:59:36 -07:00
Florian Ruynat
8618a3119b
Fix selector check for windows (#5974) 2020-04-18 00:41:35 -07:00
Victor Morales
7930f6fa0a
Ensure /etc/sysconfig/proxy for openSUSE bootstrap (#5445)
The playbook that bootstrap openSUSE servers assumes that the
/etc/sysconfig/proxy file exists but the execution fails when
these file is not present. This change guarantees its existence.
2020-04-17 14:23:35 -07:00
Florian Ruynat
49bd208026
Update hashes (1.18.2/1.17.5/1.16.9) and set default to 1.17.5 (#5967) 2020-04-17 06:55:07 -07:00
Florian Ruynat
83fe607f62
Cleanup deprecated labels beta.kubernetes.io/arch and beta.kubernetes.io/os (#5964) 2020-04-17 05:51:06 -07:00
Maxime Guyot
0924c2510c
Use role to copy CNI bin (#5953) 2020-04-16 10:06:45 -07:00
Sergey
35f248dff0
assembly fallback_ips and no_proxy var only one time on localhost and… (#5957)
* assembly fallback_ips and no_proxy var only one time on localhost and populate result on all hosts

* add tag always, fix ansible lint errors

* workaround to mitogen issue dw/mitogen#663

* do not gather fact before install python on coreos like distros

* try to pass docker molecule test
2020-04-16 07:22:47 -07:00
Lovro Seder
b09fe64ff1
Calculate inventory list only once (#5956) 2020-04-16 06:12:45 -07:00
Florent Monbillard
54debdbda2
Generate unique username per cluster in client kubeconfig (#5943)
* Generate unique username per cluster

* rename admin kubeconfig shell output to raw_admin_kubeconfig

* Make the linter happy

* Fix lint errors

* Cleaning up tasks
2020-04-16 05:32:45 -07:00
aharrisson
b6341287bb
Add Molecule to Docker role (#5129)
* Add Molecule for container-engine/docker

* Add bootstrap-os to Molecule prepare stage
2020-04-15 23:28:45 -07:00
Pasquale Toscano
00efc63f74
Customize PodSecurityPolicies from inventory (#5920)
* Customize PodSecurityPolicies from inventory

* Fixed yaml indentation
2020-04-15 03:18:02 -07:00
Ryler Hockenbury
b061cce913
Allow configureable vni and port for flannel overlay (#5939) 2020-04-15 03:14:02 -07:00
Florian Ruynat
c929b5e82e
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852) 2020-04-15 03:10:03 -07:00
Florian Ruynat
58f48500b1
Update Flannel manifests, install script and version (0.12) + fix tests scripts (#5937)
* Add CI_TEST_VARS to tests

* Update flannel to 0.12.0 (with new manifests) and disable tx/rx
offloading in networking test
2020-04-14 23:48:02 -07:00
Florian Ruynat
b5125e59ab
update rbac.authorization.k8s.io to non deprecated api-groups (#5517) 2020-04-14 13:14:04 -07:00
Christopher Randles
d316b02d28
else condition required otherwise AnsibleUndefinedVariable is triggered (#5722) 2020-04-14 07:06:12 -07:00
MikeG
7910198b93
fix error in templating in local-path-provisioner (#5950) 2020-04-14 06:52:12 -07:00
Florian Ruynat
45874a23bb
Remove 1.16.x flag for packet_centos7-weave-kubeadm-sep (#5907) 2020-04-11 00:15:48 -07:00
spaced
9c3b573f8e
Cleanup fedora coreos with crio container (#5887)
* fix upgrade of crio on fcos
- update documents

* install conntrack required by kube-proxy
- like commit 48c41bcbe7

* enable fedora modular repo for crio

* allow to override crio configuration
- set cgroup manager same to kubelet_cgroup_driver if defined
- path of seccomp_profile depends on distribution

* allow to override crio configuration
- fix path for ubuntu

* allow to override crio configuration
- fix cni path for fcos
2020-04-10 23:51:47 -07:00
Chris
883194afec
Fix Cilium permissions (#5923)
* added required permissions for querying endpointslice resources

* copy-pasted role permissions from cilium install manifests

* bumped cilium version to v1.7.2
2020-04-10 23:47:48 -07:00
Sergey
3a63aa6b1e
downgrade nodelocaldns version due bug with flood to error log (#5931)
https://github.com/kubernetes/kubernetes/issues/90043
2020-04-10 23:41:55 -07:00
Florian Ruynat
82123f3c4e
Upgrade azure csi and fix aws csi tag (#5938) 2020-04-10 17:53:47 -07:00
Sergey
8f3d820664
always download docker image on download_host when download_run_once=true (#5921) 2020-04-10 01:59:47 -07:00
Florian Ruynat
473a8beff0
Remove hard-coded dependance to docker.service in kubelet.service file (#5917) 2020-04-09 08:43:46 -07:00
Alexander Kross
0d675cdd1a
Update Calico to v3.13.2, Multus to v3.4.1. Add ConfigMap get permission to allow calico-node access to kubeadm config. (#5912) 2020-04-09 07:27:43 -07:00
aharrisson
9cce46ea8c
Fix idempotence issue in bootstrap-os (#5916) 2020-04-09 03:31:44 -07:00
Florian Ruynat
980aeafebe
Add kubernetes 1.18.1 hashes (#5915) 2020-04-09 01:53:43 -07:00
Denis Kadyshev
7d1ab3374e
Proxy fixes (#5869)
* Fix proxy and module_hotfixes

On CentOS 8 with proxy ansible render inline `proxy` and `module_hotfixes` options.

For example:

`proxy=http://127.0.0.1:3128module_hotfixes=True`

But expected result:

```
proxy=http://127.0.0.1:3128
module_hotfixes=True
```

* Use ini_file module for work with ini files

* Prevent duplicates proxy= option in /etc/yum.conf

Module `lineinfile` is weak, use most powerful module `ini_file` and add or remove `proxy=` when `http_proxy` is defined or not.
2020-04-09 01:25:44 -07:00
Alexander Kross
c33a049292
Update docker RHEL/CentOS versions to the latest patch versions available. (#5872) 2020-04-08 10:09:45 -07:00
Maxime Guyot
7eaa7c957a
Fix conntrack for opensuse and docker support (#5880) 2020-04-08 07:37:44 -07:00
Florian Ruynat
f055ba7965
Add crictl 1.18.0 hashes for k8s 1.18 (#5877) 2020-04-08 02:19:43 -07:00
spaced
157c247563
fix readonly flexvolume in fcos and coreos (#5885) 2020-04-08 01:41:43 -07:00
Etienne Champetier
a35b6dc1af
Fix scaling (#5889)
* etcd: etcd-events doesn't depend on etcd_cluster_setup

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* etcd: remove condition already present on include_tasks

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* etcd: fix scaling up

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* etcd: use *access_addresses, do not delegate to etcd[0]

We want to wait for the full cluster to be healthy,
so use all the cluster addresses
Also we should be able to run the playbook when etcd[0] is down
(not tested), so do not delegate to etcd[0]

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* etcd: use failed_when for health check

unhealthy cluster is expected on first run, so use failed_when
instead of ignore_errors to remove scary red messages

Also use run_once

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* kubernetes/preinstall: ensure ansible_fqdn is up to date after changing /etc/hosts

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* kubernetes/master: regenerate apiserver cert if needed

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2020-04-08 01:27:43 -07:00
Alexander Kross
910a821d0b
Fix chicken and egg problem with proxy_env not defined on the first … (#5896)
* Fix chicken and egg problem with proxy_env not defined on the first envinronment usage.

* Disable fact gathering for the first proxy_env evaluation.

* Move proxy_env var set up from the role defaults to the root playbooks as fact.
2020-04-08 00:53:43 -07:00
MikeG
45a177e2a0
add local-path-provosioner helper image def (#5817) 2020-04-07 23:51:43 -07:00
spaced
0c51352a74
remove unused kubelet options (#5903) 2020-04-07 11:51:44 -07:00