C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
1584 commits 17 branches 66 tags 141 MiB
Commit graph

1584 commits

This branch
This branch
All branches
Author SHA1 Message Date
Matthew Mosesohn
3dd6a01c8b Merge pull request #901 from galthaus/dns-tweak 
DHCP Hook protections
 2017-02-02 16:47:16 +03:00
Sergii Golovatiuk
585afef945 Remove nsenter workaround 
- Docker 1.12 and further don't need nsenter hack. This patch removes
  it.  Also, it bumps the minimal version to 1.12.

Closes #776

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
 2017-02-02 14:38:11 +01:00
Matthew Mosesohn
bdc65990e1 Merge pull request #958 from holser/fix_weave_cpu 
Fix CPU out of scope for Weave-net
 2017-02-02 16:05:47 +03:00
Sergii Golovatiuk
f2e4ffcac2 Fix weave-net after upgrade to 1.82 
- Set recommended CPU settings
- Cleans up upgrade to weave 1.82. The original WeaveWorks
daemonset definition uses weave-net name.
- Limit DS creation to master
- Combined 2 tasks into one with better condition
 2017-02-02 10:31:58 +01:00
Matthew Mosesohn
ae66b6e648 Merge pull request #957 from mattymo/weave-net-naming 
Rename weave-kube to weave-net
 2017-02-02 10:18:02 +03:00
Greg Althaus
923057c1a8 This continues the DHCP hook checks. Also protect the create side 
if the system doesn't have any config files at all.
 2017-01-31 09:56:27 -06:00
Matthew Mosesohn
0f6e08d34f Merge pull request #951 from mattymo/k8s-certs-scale 
Fix cert distribution at scale
 2017-01-31 18:49:26 +03:00
Matthew Mosesohn
4889a3e2e1 Merge pull request #954 from artem-panchenko/improve_dnsmasq 
Explicitly set config path for DNSMasq
 2017-01-31 18:48:46 +03:00
Matthew Mosesohn
39d87a96aa Rename weave-kube to weave-net 
Cleans up upgrade to weave 1.82. The original WeaveWorks
daemonset definition uses weave-net name.
 2017-01-31 18:47:27 +03:00
Bogdan Dobrelya
e7c03ba66a Merge pull request #955 from mattymo/disable-idempotency-check 
Disable idempotency for ubuntu-weave-sep
 2017-01-31 14:55:27 +01:00
Matthew Mosesohn
08822ec684 Fix cert distribution at scale 
Use stdin instead of bash args to pass node filenames and base64 data.
Use tempfile for master cert data
 2017-01-31 16:27:45 +03:00
Matthew Mosesohn
6463a01e04 Merge pull request #880 from bradbeam/weave-kube 
Weave kube
 2017-01-31 13:31:09 +03:00
Matthew Mosesohn
0cf1850465 Disable idempotency for ubuntu-weave-sep 
CI is failing 40% of the time due to errors in reset.
Let's disable idempotency check per-patch until we fix it.

Fixes #953
 2017-01-31 13:23:27 +03:00
Artem Panchenko
1418fb394b Explicitly set config path for DNSMasq 
When DNSMasq is configured to read its settings
from a folder ('-7' or '--conf-dir' option) it only
checks that the directory exists and doesn't fail if
it's empty. It could lead to a situation when DNSMasq
is running and handles requests, but not properly
configured, so some of queries can't be resolved.
 2017-01-31 12:14:57 +02:00
Matthew Mosesohn
e4eda88ca9 Merge pull request #944 from tureus/skip-cloud-config-on-etcd 
Bugfix: skip cloud_config on etcd
 2017-01-30 20:12:36 +03:00
Bogdan Dobrelya
71a3c97d6f Merge pull request #943 from bradbeam/cilint 
Fixing lint check for ci
 2017-01-30 09:19:44 +01:00
Antoine Legrand
1c3d2924ae Merge pull request #947 from bradbeam/libs 
Consolidating kube.py module
 2017-01-29 00:02:32 +01:00
Brad Beam
a11b9d28bd Upgrading weave to weave-kube 2017-01-27 17:05:25 -06:00
Brad Beam
b54eb609bf Consolidating kube.py module 2017-01-27 11:28:11 -06:00
Bogdan Dobrelya
dc8ff413f9 Merge pull request #948 from mattymo/update_coreos 
Update coreos-stable image
 2017-01-27 17:53:17 +01:00
Tyler Britten
f8ffa1601d Fixed for non-null output 2017-01-27 10:47:59 -05:00
Tyler Britten
da01bc1fbb Updated OpenStack vars to check for tenant_id (v2) and project_id (v3) 2017-01-27 10:26:20 -05:00
Matthew Mosesohn
a2079a9ca9 Update coreos-stable image 
Our old coreos-stable image has docker 1.10
 2017-01-27 16:20:40 +04:00
neith00
bbc8c09753 Using the command module instead of raw 
Using the command module instead of raw.
Also fixed the syntax.
 2017-01-26 16:28:48 +01:00
Matthew Mosesohn
a627299468 Merge pull request #941 from adidenko/use_ansible_hostname_in_calico 
Switch to ansible_hostname in calico
 2017-01-26 13:06:35 +03:00
Xavier Lange
e5fdc63bdd Bugfix: skip cloud_config on etcd 2017-01-25 14:09:21 -08:00
Brad Beam
fe83e70074 Fixing lint check for ci 2017-01-25 09:54:32 -06:00
Aleksandr Didenko
46c177b982 Switch to ansible_hostname in calico 
For consistancy with kubernetes services we should use the same
hostname for nodes, which is 'ansible_hostname'.

Also fixing missed 'kube-node' in templates, Calico is installed
on 'k8s-cluster' roles, not only 'kube-node'.
 2017-01-25 11:49:58 +01:00
Bogdan Dobrelya
1df50adc1c Merge pull request #933 from frozenice/hide-skipped-hosts 
add skippy stdout callback
 2017-01-25 10:33:20 +01:00
Bogdan Dobrelya
b6cd9a4c4b Merge pull request #938 from bradbeam/ci 
Splitting out moderator check from syntax check
 2017-01-25 10:12:11 +01:00
Brad Beam
2333ec4d1f Splitting out moderator check from syntax check 
- Attempt to clarify CI runs from contributors
 2017-01-24 23:05:12 -06:00
Bogdan Dobrelya
85a8a54d3e Merge pull request #935 from sc68cal/terraform_groupvars_update 
Update the group_vars for Terraform
 2017-01-24 11:33:17 +01:00
Bogdan Dobrelya
7294a22901 Merge pull request #934 from frozenice/use-api-pwd-for-root 
also use kube_api_pwd for root account
 2017-01-24 11:24:02 +01:00
Matthew Mosesohn
f4b7474ade Merge pull request #926 from adidenko/fix-calico-rr-for-masters 
Fix calico-rr peering with k8s masters
 2017-01-24 12:38:52 +03:00
Matthew Mosesohn
9428321607 Merge pull request #932 from vwfs/centos_pin_docker_version 
Pin docker version on RedHat and CentOS to the desired version
 2017-01-24 12:21:50 +03:00
Matthew Mosesohn
882544446a Merge pull request #928 from sc68cal/terraform_identity_version 
Specify the version of the credentials to download from Horizon
 2017-01-24 12:21:27 +03:00
Sean M. Collins
73160c9b90 Update terraform's group_vars to be a symlink 
That way, it will not become stale.

Related bug #929
 2017-01-23 16:08:37 -05:00
Sean M. Collins
2184d6a3ff Specify the version of the credentials to download from Horizon 
More recent versions of OpenStack Horizon provide Identity v2 and
Identity v3 versions of the RC file.
 2017-01-23 14:52:51 -05:00
David Kirstein
6e35895b44 also use kube_api_pwd for root account 
This makes it a bit more secure. Also the password can now be changed with a (inventory) variable (no need to edit all.yml).
 2017-01-23 19:09:30 +01:00
David Kirstein
8009ff8537 add skippy stdout callback 
It removes the teal lines when a host is skipped for a task. This makes the output less spammy and much easier to read. Empty TASK blocks are still included in the output, but that's ok.
 2017-01-23 18:53:14 +01:00
Alexander Block
9bf792ce0b Pin docker version on RedHat and CentOS to the desired version 2017-01-23 12:39:54 +01:00
Aleksandr Didenko
f05aaeb329 Fix calico-rr peering with k8s masters 
Calico-rr is broken for deployments with separate k8s-master and
k8s-node roles. In order to fix it we should peer k8s-cluster
nodes with calico-rr, not just k8s-node. The same for peering
with routers.

Closes #925
 2017-01-23 10:19:09 +01:00
Bogdan Dobrelya
1bdf34e7dc Merge pull request #915 from bradbeam/ci 
Sorting ansible args, fixed ci cluster_mode
 2017-01-20 09:43:10 +01:00
Bogdan Dobrelya
cd25bfca91 Merge pull request #884 from mattymo/inventory_builder_scale 
Add scale thresholds to split etcd and k8s-masters
 2017-01-20 09:34:45 +01:00
Bogdan Dobrelya
1b621ab81c Merge pull request #873 from crodetsky/fix_test_cases 
Genericize test cases and namespace create pod
 2017-01-20 09:30:35 +01:00
Bogdan Dobrelya
cb2e5ac776 Drop linux capabilities and rework users/groups 
* Drop linux capabilities for unprivileged containerized
  worlkoads Kargo configures for deployments.
* Configure required securityContext/user/group/groups for kube
  components' static manifests, etcd, calico-rr and k8s apps,
  like dnsmasq daemonset.
* Rework cloud-init (etcd) users creation for CoreOS.
* Fix nologin paths, adjust defaults for addusers role and ensure
  supplementary groups membership added for users.
* Add netplug user for network plugins (yet unused by privileged
  networking containers though).
* Grant the kube and netplug users read access for etcd certs via
  the etcd certs group.
* Grant group read access to kube certs via the kube cert group.
* Remove priveleged mode for calico-rr and run it under its uid/gid
  and supplementary etcd_cert group.
* Adjust docs.
* Align cpu/memory limits and dropped caps with added rkt support
  for control plane.

Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
 2017-01-20 08:50:42 +01:00
Matthew Mosesohn
8ce32eb3e1 Merge pull request #905 from galthaus/async-runs 
Add tasks to ensure that the first nodes have their directories for cert gen
 2017-01-19 18:32:27 +03:00
Matthew Mosesohn
aae0314bda Merge pull request #904 from galthaus/nginx-port-config 
Add nginx local balancer port configuration variable
 2017-01-19 18:31:57 +03:00
Matthew Mosesohn
35d5248d41 Merge pull request #913 from galthaus/apps-master-only 
Ansible apps should only check for api-server running on the master.
 2017-01-19 18:30:58 +03:00
Matthew Mosesohn
0ccc2555d3 Merge pull request #917 from mattymo/rkt_resolvconf 
Fix setting resolvconf when using rkt deploy mode
 2017-01-19 18:30:21 +03:00