Commit graph

727 commits

Author SHA1 Message Date
Cristian Calin
7516fe142f
Move to Ansible 3.4.0 (#7672)
* Ansible: move to Ansible 3.4.0 which uses ansible-base 2.10.10

* Docs: add a note about ansible upgrade post 2.9.x

* CI: ensure ansible is removed before ansible 3.x is installed to avoid pip failures

* Ansible: use newer ansible-lint

* Fix ansible-lint 5.0.11 found issues

* syntax issues
* risky-file-permissions
* var-naming
* role-name
* molecule tests

* Mitogen: use 0.3.0rc1 which adds support for ansible 2.10+

* Pin ansible-base to 2.10.11 to get package fix on RHEL8
2021-07-12 00:00:47 -07:00
Cristian Calin
bd6d810d0a
nodelocaldns: allow binding metrics address to host IP (#7748) 2021-06-29 05:28:41 -07:00
Id2ndR
a31baf3c16
Fix deployment without openstack cacert (#7723)
* fix group name

* fix external-openstack-cloud-config secret

* don't add ca.cert in the secret if not defined
2021-06-21 05:38:50 -07:00
Cristian Calin
282a27a07c
gVisor: initial support for gVisor container runtime (#7661)
* Docker/Containerd: move downloads urls to containerd-common

* gVisor: initial support for gVisor container runtime
2021-06-21 05:18:51 -07:00
Samuel Liu
7f7e83a4d9
fix local-path-provisioner helper image repo (#7703) 2021-06-16 08:06:00 -07:00
Cristian Calin
6a2ea94b39
Docs improvements (#7660)
* Docs: update sidebar

* Docs: move registry documentation into docs/

* Docs: move rbd_provisioner documentation into docs/

* Docs: move cephfs_provisioner into docs/

* Docs: move local_volume_provisioner documentation into docs/

* Docs: move ambassador.md to docs/ingress_controller/

* Docs: move metallb.md to docs/ingress_controller/

* Docs: move ingress_nginx documentation into docs/

* Docs: move alb_ingress_controller documentation into docs/

* Docs: merge ambassador documentation into docs/ingress_controller/

* Docs: move cert_manager documentation into docs/

* Docs: move bootstrap-os documentation into docs/

* Docs: update file locations in sidebar
2021-06-01 07:30:27 -07:00
Cedric Hnyda
4674b03661
Add cinder_csi_ignore_volume_az (#7624)
Signed-off-by: Cedric Hnyda <cedric.hnyda@itera.io>
2021-06-01 07:10:27 -07:00
kongxs
922de32290
spelling mistakes (#7664)
Signed-off-by: kjinan <2008kongxiangsheng@163.com>
2021-05-31 05:46:26 -07:00
Fredrik Liv
3ca205446e
Added possibility to specify vSphere credentials via env variables (#7646)
* Added possibility to specify vSphere credentials via env variables

* Removed excessive spacing
2021-05-27 12:02:30 -07:00
Cristian Calin
c5ccedb694
store openstack external cloud controller ca.cert in a k8s secret instead of the host filesystem (#7603) 2021-05-26 00:35:21 -07:00
Cristian Calin
858b29f425
Calico: add support for v3.19.1 (#7630)
* Calico: add v3.19.1 hashes

* enable liveness probe for calico-kube-controllers

3.19.1

* Calico: drop support for v3.16.x

* Calico: promote v3.18.3 as default
2021-05-25 13:40:50 -07:00
efrikin
7db76f8809
Add nodeSelctor for other services and node labels before CNI setup (#7613) 2021-05-25 13:40:43 -07:00
Cristian Calin
e9870b8d25
add support for using ansible 2.10.x for deploying kubespray (#7600)
* add support for using ansible 2.10.x for deploying kubespray

* move dns-autoscaler-clusterrole{binding}.yml to files/ folder

* note that ansible 2.10 is now experimentally supported

* coredns: move files to templates like before #4341
2021-05-18 05:39:31 -07:00
Cristian Calin
14cf3e138b
Support Calico advertisement of MetalLB LoadBalancer IPs (#7593)
* add initial MetalLB docs

* metallb allow disabling the deployment of the metallb speaker

* calico>=3.18 allow using calico to advertise service loadbalancer IPs

* Document the use of MetalLB and Calico

* clean MetalLB docs
2021-05-12 05:22:17 -07:00
Cedric Hnyda
1dd38721b3
Add external_openstack_enable_ingress_hostname option for openstack (#7572)
Signed-off-by: Cedric Hnyda <cedric.hnyda@itera.io>
2021-05-04 00:33:11 -07:00
Eugene Artemenko
6a001e4971
Add suport of Vsphere CSI driver 2.X versions (#7480) 2021-05-04 00:05:11 -07:00
Samuel Liu
96e6a6ac3f
Add krew support (#7464)
* Add krew support

* Add reset for krew

* Update install krew(local)

* ansible lint

* yamllint

* fix krew default vars

* fix kubectl_localhost mode

* replace include

* fix e206
2021-05-03 07:16:03 -07:00
bac-w
2556eb2733
Upgrade cilium role (#7521)
* Upgrade cilium roles

* Del old test result

* Add hubble ui examples

* Refactor hubble metrics

* Markdown fix pipeline errors

* yamllint check and fix

* refactor install from https://github.com/kubernetes-sigs/kubespray/pull/7520

* Docs syntax change (fix)

* Cilium set default 1.8.9

* Update cilium version in Readme
2021-04-30 08:09:59 -07:00
holmesb
3f4eb9be08
Fixes issue #7573 - Made Calico permissions compatible with v3.18.x (see https://github.com/projectcalico/calico/issues/4557). Specifically, granted watch to custom resources blockaffinities, ipamblocks & ipamhandles (#7575) 2021-04-30 07:25:59 -07:00
Cristian Calin
360aff4a57
Rename ansible groups to use _ instead of - (#7552)
* rename ansible groups to use _ instead of -

k8s-cluster -> k8s_cluster
k8s-node -> k8s_node
calico-rr -> calico_rr
no-floating -> no_floating

Note: kube-node,k8s-cluster groups in upgrade CI
      need clean-up after v2.16 is tagged

* ensure old groups are mapped to the new ones
2021-04-29 05:20:50 -07:00
Florian Ruynat
c16efc9ab8
Fix Opensuse not working with ansible_distribution (#7551) 2021-04-26 08:37:02 -07:00
Samuel Liu
8c7b90ebbf
add ingress controller class (#7522) 2021-04-22 00:22:38 -07:00
Ian Martin
38d9d2ea0e
Ambassador can watch multiple namespaces (#7516)
* Ambassador can watch multiple namespaces

* update variable name per PR review
2021-04-22 00:22:31 -07:00
Samuel Liu
90c643f3ab
format ansible output (#7482) 2021-04-11 00:37:59 -07:00
orange-llajeanne
7e75d48cc4
local provisioner 'useNodeNameOnly' option can be configured (#7421) 2021-04-01 16:54:11 -07:00
rptaylor
7dec8e5caa
specify runAsGroup, allow safe sysctls by default (#7399) 2021-03-25 08:03:30 -07:00
Kenichi Omichi
486b223e01
Replace kube-master with kube_control_plane (#7256)
This replaces kube-master with kube_control_plane because of [1]:

  The Kubernetes project is moving away from wording that is
  considered offensive. A new working group WG Naming was created
  to track this work, and the word "master" was declared as offensive.
  A proposal was formalized for replacing the word "master" with
  "control plane". This means it should be removed from source code,
  documentation, and user-facing configuration from Kubernetes and
  its sub-projects.

NOTE: The reason why this changes it to kube_control_plane not
      kube-control-plane is for valid group names on ansible.

[1]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2067-rename-master-label-taint/README.md#motivation
2021-03-23 17:26:05 -07:00
Maciej Wereski
4f89bfac48
MetalLB: bump to v0.9.6 (#7397)
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
2021-03-23 13:42:06 -07:00
p53
5fee96b404
Fix cinder cert permissions (#7384)
* Fix permissions of cinder cert

* Change runuser for external_cloud_controller to kube user with id 999, part of 999 - kube-cert group
2021-03-23 11:03:37 -07:00
François Hernandez
c7db72e1da
Add nodeselector and tolerations for metallb (#7334)
* add nodeselector and tolerations for metallb

* remove unnecessary commented lines in metallb template

* set default speaker toleration to match original manifest
2021-03-08 07:57:42 -08:00
Etienne Champetier
8800b5c01d Remove rotate_tokens logic
kubeadm never rotates sa.key/sa.pub, so there is no need to delete tokens/restart pods

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
2021-03-04 23:42:22 -08:00
Sergey
2c9fc18903
template crun manifest (#7305)
add missing else to if inline
2021-03-02 01:57:19 -08:00
Florian Ruynat
100d9333ca
Add configmaps to local-path-provisioner CR (#7323) 2021-02-25 16:22:17 -08:00
Sergey Mikhaltsov
a4cc416511
use external_openstack_lbaas_use_octavia for template openstack-cloud… (#7298)
* use external_openstack_lbaas_use_octavia for template openstack-cloud-config

* Delete external_openstack_lbaas_use_octavia from default values. Added description and default values of variables to docs

* markdown fix

* make this simple

* set external_openstack_lbaas_use_octavia in default values

* duplicated variable in doc
2021-02-25 11:25:25 -08:00
Etienne Champetier
3749729d5a
Remove calico-upgrade leftovers (#7282)
This is dead code since 28073c76ac

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
2021-02-16 11:24:58 -08:00
Hugo Blom
17143dbc51
write openstack controller manifests with correct perms (#7284) 2021-02-15 00:53:05 -08:00
Etienne Champetier
de1d9df787
Only use stat get_checksum: yes when needed (#7270)
By default Ansible stat module compute checksum, list extended attributes and find mime type
To find all stat invocations that really use one of those:
git grep -F stat. | grep -vE 'stat.(islnk|exists|lnk_source|writeable)'

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
2021-02-10 05:36:59 -08:00
Sergey
a21ee33180
fix typo error in role ingress-nginx (#7272) 2021-02-09 07:53:13 -08:00
David Louks
0cc1726781
Remove deletion of coredns deployment. (#7211)
* Add unique annotation on coredns deployment and only remove existing deployment if annotation is missing.

* Ignore errors when gathering coredns deployment details to handle case where it doesn't exist yet

* Remove run_once, deletegate_to and add to when statement
2021-02-09 06:02:40 -08:00
Sebastian Schmid
1f84d6344b
local-path-provisioner change default version to v0.0.19 and update config template (#7238)
* update local-path-storage config template to version v0.0.19

* changes local_path_provisioner image tag to v0.0.19

* removes copy paste example from rancher local-path-provisioner repo
2021-02-03 06:50:28 -08:00
Maciej
b42bf39fb7
MetalLB: bump to v0.9.5 (#7241)
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
2021-02-03 01:02:28 -08:00
Florian Ruynat
9007d6621a
Update nginx, minor weave and misc CI tools (vagrant/terraform) (#7215) 2021-01-26 08:22:34 -08:00
Florian Ruynat
ef939dee74
Add missing 'ingress-controller' tag to alb (#7204) 2021-01-22 19:11:39 -08:00
Florian Ruynat
222a77dfe7
Change node-role.kubernetes.io from master to control-plane (#7183) 2021-01-21 08:13:03 -08:00
Florian Ruynat
9a75501152 Promote node.k8s.io API groups from v1beta1 to v1 2021-01-19 08:57:45 -08:00
Florian Ruynat
f6fbbc17a4
Cleanup old checks for k8s 1.18 (#7192) 2021-01-19 08:43:45 -08:00
Florian Ruynat
b493c81ce8
Update metrics-server to 0.4.1 (#7188) 2021-01-19 05:45:44 -08:00
Sergey
02213d6e07
change nodeSelector label from deprecated beta.kubernetes.io/os and arch to kubernetes.io prefix (#7138) 2021-01-13 13:55:02 -08:00
Kenichi Omichi
398a995798
Fix markdownlint failures under ./roles/ (#7089)
This fixes markdownlint failures under roles/
2020-12-30 05:07:49 -08:00
François Travais
98b43bb24f
Removes apps tags from apps meta dependencies (#7041)
Signed-off-by: François Travais <francois@travais.fr>
2020-12-19 08:14:25 -08:00
Cedric Hnyda
db17ba54b4
Add cluster-name to external-openstack-cloud-controller-manager (#7055)
If cluster-name is not set, the default value "kubernetes" is used.
The loadbalancees created by Kubernetes follow the format:
  kube_service_clusterName_serviceNamespace_serviceName
If 2 clusters create a loadbalancer for the same service in the same
namespace, they will share the same non-working loadbalancer.

Signed-off-by: Cedric Hnyda <cedric.hnyda@itera.io>
2020-12-17 08:23:09 -08:00
Etienne Champetier
68b96bdf1a
Helm v3 only (#6846)
* Fix etcd download dest

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* Only support Helm v3, cleanup install

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2020-12-02 00:20:50 -08:00
Victor Morales
4f7a760a94
Add crun support (#6864)
Signed-off-by: Victor Morales <v.morales@samsung.com>
2020-12-01 11:00:50 -08:00
Barry Melbourne
f6a5948f58
Upgrade Jetstack Cert-Manager v1.0.4 (#6937) 2020-11-30 06:52:50 -08:00
Florian Ruynat
f6eed8091e
Remove contiv related files (#6964) 2020-11-30 06:48:50 -08:00
Dmitry Chusovitin
c09aabab0c
Remove executable bit from yaml and j2 files (#6894) 2020-11-29 20:18:48 -08:00
Clicia Scarlet
97ff67e54a
Fix yaml syntax error when use multilines in dns_etchosts (#6960) 2020-11-28 08:32:47 -08:00
Kenichi Omichi
7a1f033c1d
Update helm stable repo (#6867)
As https://helm.sh/blog/new-location-stable-incubator-charts/
helm stable repo is changed to https://charts.helm.sh/stable
In addition, if using helm v3.4.0+ the old stable repo installation
is failed.
So this updates the stable repo to avoid such error.
2020-10-31 09:54:51 -07:00
David Medinets
12ab8b7af3
update version of ingress-nginx controller in docs. (#6855)
* update version of ingress-nginx controller.

Change tag from controller-v0.34.0 to controller-v0.40.2 to use newest tag.

* Update docs about aws deploy templates.

In the yaml templates, there is no mention of idle timeouts. This is why I removed the documentation about it. This might be a mistake. Please verify this. I don't know enough to verify it myself.

* Change label when checking version.

When checking for `app.kubernetes.io/name=ingress-nginx`, a completed pod was selected which is not helpful when trying to `exec`. Changing the label selects the running controller pod.

* put back the information about ELB Idle Timeouts.

When I removed the information, I had overlooked that it was mentioned in the L7 yaml file. Thanks.
2020-10-28 11:05:57 -07:00
David Louks
79b7f0d592
Use existing variable for tiller service account name (#6829)
* Use existing variable for tiller service account name

* keep crb as tiller
2020-10-19 03:04:13 -07:00
Samuel Liu
dbe6eb20c8
Modify imagepullpolicy (#6816) 2020-10-12 17:45:22 -07:00
yelhouti
8bec5beb4b
fix: add tags for set facts nodelocaldns (#6813) 2020-10-12 16:47:21 -07:00
Hans Feldt
92b1166dd0
Disable dashboard by default (#6804)
Users should opt in for features and not opt out.
2020-10-11 08:06:47 -07:00
rafal-jan
9d7f358d4b
Fix csi-snapshotter timeout option. Fix ebs-external-attacher-role ClusterRole. (#6776) 2020-10-06 06:44:21 -07:00
bozzo
b1bb5a4796
Fix cinder & external_openstack cacert deployment (#6745)
The CA cert was only deployed on master nodes
2020-10-06 05:34:21 -07:00
Florian Ruynat
c49bda7319
Update nginx ingress controller to 0.40.1 (#6786) 2020-10-06 05:10:21 -07:00
Joren Zandstra
9729b6b75a
Add extra arguments variables for openstack and vsphere cloud controller manager daemonsets (#6783) 2020-10-02 10:14:48 -07:00
dlandtwing
bc8e16fc69
nginx ingress: fix yaml for multiple nodeselectors (#6768)
In case multiple nodeselectors are specified in ingress_nginx_nodeselector, the generated daemonset yaml template for nginx is invalid due to missing indentation starting with the second nodeselector
2020-09-30 07:23:26 -07:00
Mateusz Adamek
aba63f0f9a
Added support for dynamic tags in AWS and Azure. (#6752)
* Added support for dynamic tags in AWS and Azure.

* Added examples of dynamic tags configuration.
2020-09-26 10:50:48 -07:00
axelgobletbdr
77149e5d89
Fixes #6740: Allow disabling reverse DNS lookups in coredns (#6741)
* created variable to enable/disable reverse dns lookups in coredns

* fixed linting-error in dns-stack.md
2020-09-25 02:33:11 -07:00
Hans Feldt
28073c76ac
Calico upgrade path validation and old version cleanup (#6733)
* calico: add constant calico_min_version_required

and verify current deployed version against it.

* calico: remove upgrade support with data migration

The tool was used pre v3.0.0 and is no longer needed.

* calico: remove old version support from tasks

* calico: remove old ver support from policy ctrl

* calico: remove old ver support from node

* canal: remove old ver support

* remove unused calicoctl download checksums

calico_min_version_required is the oldest version that can be installed
Older versions can be removed.
2020-09-24 09:04:06 -07:00
Florian Ruynat
9a8e4381be
Fix snapshot.storage apiVersion (#6711) 2020-09-23 08:32:10 -07:00
Marc-Antoine
5ec2467268
Add external_openstack_lbaas_provider setting for occm (#6566)
* Add external_openstack_lbaas_provider setting for occm

* Integrate with existing lbaas_provider block

* Refactor lbaas_provider config template block

* Remove external_openstack_lbaas_use_octavia from sample inventory
2020-09-21 07:04:32 -07:00
David Louks
bd49c993de
Added support for setting tiller_service_account and tiller_replicas (#6696)
* Added support for setting tiller_service_account and tiller_replicas

* Specify helm 2 version to ensure we have a test path that still hits helm 2 code

* Moved tiller_service_account to defaults.yml. Fixed is tiller_replicas defined check.
2020-09-20 23:52:30 -07:00
David Louks
3bf40d5db9
make metallb image repos configurable (#6671) (#6672)
* Make metallb image repos configurable

* Moved metallb image repo definitions to download role defaults

* Removed comment. These are set in download defaults
2020-09-17 02:45:13 -07:00
Lukas Grossar
a870dd368e
Allow configuration of nodelabels in local_volume_provisioner (#6620) 2020-09-17 02:44:58 -07:00
Florian Ruynat
152e0162a9
Update api version, deprecated in 1.19 (#6656) 2020-09-11 15:12:09 -07:00
w33dw0r7d
03dff09b8a
fix kubelet_flexvolumes_plugins_dir undefined (#6645) 2020-09-11 00:34:14 -07:00
Florian Ruynat
a556f8f2bf
Remove deprecated (and removed in 1.19) flag and function --basic-auth-file (#6655) 2020-09-11 00:30:14 -07:00
holmesb
a99ba3bb16
Allowing resource management of metrics-server container. Will allow fine-tuning of resource allocation and solving throttling issues. Setting defaults as per the current request & limit allocation: cpu: 43m, memory 55Mi for both limits & requests. (#6652)
Signed-off-by: Brendan Holmes <holmesb@users.noreply.github.com>

Co-authored-by: Brendan Holmes <holmesb@users.noreply.github.com>
2020-09-10 03:46:02 -07:00
Julien Pervillé
f660c29348
Declare port 10254 in nginx ingress pod template (#6609) 2020-09-04 04:54:11 -07:00
tasekida
fc61f8d52e
Update cert manager to 0.16.1 (#6600)
* Update cert manager to 0.16.1

* Update cert manager to 0.16.1

Co-authored-by: Barry Melbourne <9964974+bmelbourne@users.noreply.github.com>
2020-09-04 04:53:48 -07:00
Hugo Blom
2ff7ab8d40
Add snapshot-controller for CSI drivers and snapshot CRDs, add a default volumesnapshotclass when running cinder CSI (#6537)
* add snapshot-controller and v1beta1 snapshot api

* fix typo

* udpate manifest to v1beta1

* update

* update manifests

* fix spelling

* wait until crd is applied

* fix missing info in kube module

* revert snapshotclass

* add snapshot crds before applying the csi driver

* add crds, missed them in last commit

* use pull policy from kubespray
2020-09-03 04:01:43 -07:00
Hans Feldt
93698a8f73
Calico: update crds to v1 and cr (#6360)
* Update CustomResourceDefinition for kubecontrollersconfigurations.crd.projectcalico.org to v1
* Align ClusterRole for kube-controllers with upstream (calico)
2020-09-03 00:51:40 -07:00
Marc-Antoine
5a8b68a429
Add support for openstack application credentials (#6534)
* Add support for openstack application credentials

* Add some lines for readability

* Update external_openstack_tenant_id check

Do not check external_openstack_tenant_id when application credentials are defined

* Add check for external_openstack_domain_id

* Fix typo
2020-08-31 03:30:28 -07:00
Barry Melbourne
058438a25d
Remove support for CoreOS Container Linux (#6576) 2020-08-28 02:28:53 -07:00
Maxime Guyot
6e938a3106
Fix E306 in other roles (#6517) 2020-08-28 01:20:53 -07:00
Florian Ruynat
2f93d62aa5
Update nginx ingress to 0.34.1 (#6571) 2020-08-27 10:15:53 -07:00
Barry Melbourne
8e2bae0f2a
Fix Ansible Lint warnings (No such file or directory) (#6581) 2020-08-26 23:19:10 -07:00
Arthur Outhenin-Chalandre
2f2ed116f7
Improve metallb template for bgp peers (#6574)
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-26 23:15:03 -07:00
Marc-Antoine
0c09ec5d13
Bump Openstack cloud controller image verison to 1.18.2 (#6562) 2020-08-21 00:10:03 -07:00
Barry Melbourne
bf6fdce339
Fix cert-manager E305 ansible-lint error (#6549) 2020-08-20 04:25:45 -07:00
Barry Melbourne
9cc70e9e70
Upgrade JetStack Cert-Manager to v0.15.2 (#6414)
* Upgrade JetStack Cert-Manager to v0.15.2

* Add README.md table of contents
2020-08-05 23:26:55 -07:00
Mike Williams
e72dbf3dfc
Option for MetalLB to talk BGP (#6383)
* Option for MetalLB to talk BGP

* Check for BGP peers when metallb_protocol is bgp

* README clarification

* Commented values as documentation only in the sample inventory

* layer 2 or BGP, not both
2020-08-05 01:52:40 -07:00
bozzo
cc70200a07
Fix Flexvolume mount in Openstack Controller (#6480) 2020-08-04 05:28:35 -07:00
Steven Reitsma
f3c17361da
Create a PodDisruptionBudget for the Cinder CSI controllerplugin (#6385) 2020-08-04 05:28:19 -07:00
Kuralamudhan Ramakrishnan
90e5f8ffe1
adding ovn4nfv in kubespray (#6381)
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
2020-07-31 07:33:08 -07:00
Vladimir Masarik
8425c2363b
Replaced a broken link (#6467) 2020-07-30 00:58:31 -07:00
Samuel Liu
15ec44901d
azure csi typo (#6469) 2020-07-30 00:52:31 -07:00
Maxime Guyot
214e08f8c9
Fix ansible-lint E305 (#6459) 2020-07-28 01:39:08 -07:00