C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
1329 commits 17 branches 66 tags 141 MiB
Commit graph

764 commits

Author SHA1 Message Date
Bogdan Dobrelya
fd53e2c670 Merge pull request #793 from kubernetes-incubator/fix_dhclientconf_path 
Fix wrong path of dhclient on CentOS+Azure
 2017-01-10 13:23:55 +01:00
Bogdan Dobrelya
9f74c02004 Merge pull request #858 from bradbeam/calicoctl-canal 
Misc updates for canal
 2017-01-10 12:24:59 +01:00
Matthew Mosesohn
ce84320462 Merge pull request #860 from adidenko/fix-calico-rr-certs 
Fix etcd cert generation for calico-rr role
 2017-01-09 18:34:02 +03:00
Bogdan Dobrelya
35ea6cef19 Merge pull request #871 from mattymo/fix_system_search_domains 
Fix docker dns host scenario with no search domains
 2017-01-09 15:52:12 +01:00
Matthew Mosesohn
e9d5aa0f07 Bind nginx localhost proxy to localhost 
This proxy should only be listening for local connections, not 0.0.0.0.

Fixes #868
 2017-01-09 17:19:54 +03:00
Matthew Mosesohn
846b96efa1 Fix docker dns host scenario with no search domains 
Fixes scenario where docker-dns.conf tries to create an empty
search entry
 2017-01-09 16:36:44 +03:00
Aleksandr Didenko
a47f2d611c Fix etcd cert generation for calico-rr role 
"etcd_node_cert_data" variable is undefinded for "calico-rr" role.
This patch adds "calico-rr" nodes to task where "etcd_node_cert_data"
variable is registered.
 2017-01-09 12:06:25 +01:00
Aleksandr Didenko
11e1bb64bd Set latest stable versions for Calico images 
Change version for calico images to v1.0.0. Also bump versions for
CNI and policy controller.

Also removing images repo and tag duplication from netchecker role
 2017-01-09 12:05:49 +01:00
Bogdan Dobrelya
d296284bfa Merge pull request #799 from kubernetes-incubator/docker_dns 
Implement "dockerd --dns-xxx" based dns mode
 2017-01-09 11:38:02 +01:00
Alexander Block
ad7ded59e9 Only use default resolver in dnsmasq when we are using host_resolvconf mode 2017-01-06 10:21:07 +01:00
Alexander Block
2b3dbae9d6 Introduce dns_mode and resolvconf_mode and implement docker_dns mode 
Also update reset.yml to do more dns/network related cleanup.
 2017-01-05 23:38:51 +01:00
Spencer Smith
bee6166b4c remove assertion for family not being CoreOS 2017-01-05 13:36:25 -05:00
Brad Beam
43adafe746 Create network policy directory for canal 2017-01-05 10:54:27 -06:00
Brad Beam
ff24f9712a Adding calicoctl to canal deployment 2017-01-05 10:54:27 -06:00
Bogdan Dobrelya
da9da08964 Better fix for different CoreOS os family facts 
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
 2017-01-05 16:32:08 +01:00
Bogdan Dobrelya
68a6fa1146 Rename CoreOS fact 
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
 2017-01-05 14:02:29 +01:00
Bogdan Dobrelya
8d9c4233e2 Merge branch 'master' into rkt 2017-01-05 10:34:18 +01:00
Brad Beam
9432a5cd73 Adding kubelet in rkt 2017-01-03 14:49:48 -06:00
Brad Beam
0f5a30ee8a Allowing etcd to run via rkt 2017-01-03 10:10:38 -06:00
Brad Beam
18715b2116 Adding initial rkt support 2017-01-03 10:08:43 -06:00
Bogdan Dobrelya
2fe58c361f Fix cert paths for flannel/calico policy apps 
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
 2017-01-03 16:12:54 +01:00
Alexander Block
2538c958db Upgrade docker version and do some cleanups for unsupported distros/docker versions 2017-01-02 18:05:50 +01:00
Bogdan Dobrelya
130f0908ce Merge pull request #847 from bogdando/bug_769 
Fix etc hosts for cluster nodes
 2017-01-02 17:47:23 +01:00
Bogdan Dobrelya
62313afccc Fix etc hosts for cluster nodes 
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
 2017-01-02 13:20:51 +01:00
Bogdan Dobrelya
f16a512aea Drop non systemd OS types support 
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
 2017-01-02 12:14:03 +01:00
Matthew Mosesohn
bd0f787809 Fix etcd cert generation to support large deployments 
Due to bash max args limits, we should pass all node filenames and
base64-encoded tar data through stdin/stdout instead.

Fixes #832
 2016-12-30 12:55:26 +03:00
Bogdan Dobrelya
6e1c0cdd15 Systemd units, limits, and bin path fixes 
* Add restart for weave service unit
* Reuse docker_bin_dir everythere
* Limit systemd managed docker containers by CPU/RAM. Do not configure native
  systemd limits due to the lack of consensus in the kernel community
  requires out-of-tree kernel patches.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
 2016-12-28 15:49:42 +01:00
Matthew Mosesohn
2ac2a3ed93 Fix creation and sync of etcd certs 
Admin certs only go to etcd nodes
Only generate cert-data for nodes that need sync
 2016-12-28 14:21:17 +04:00
Matthew Mosesohn
612c5bb5f1 Merge pull request #818 from mattymo/calico-rr-certs 
Fix calico-rr to use etcd certs instead of kube certs
 2016-12-28 08:47:16 +03:00
Matthew Mosesohn
716b590f3b Fix calico-rr to use etcd certs instead of kube certs 2016-12-27 17:04:50 +03:00
Bogdan Dobrelya
9b29df183b Rework ignore_errors to report no reds 
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
 2016-12-27 13:00:50 +01:00
Bogdan Dobrelya
222859601e Do not forward bogus domains for upstream resolvers 
Also fix kube log level 4 to log dnsmasq queries.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
 2016-12-23 11:53:14 +01:00
Matthew Mosesohn
a2c38f5f5f Update etcd.j2 2016-12-22 22:29:24 +03:00
Matthew Mosesohn
e5374af95c Adjust etcd server certificates 
ETCD doesn't need cert/key options set. It only requires peer
cert options.
 2016-12-22 23:05:17 +04:00
Spencer Smith
f3f16e3676 Workaround etcdctl not yet being installed (#797) 
workaround case for etcdctl not yet being installed, only allow for return code of 0 (no error)
 2016-12-22 12:41:38 -05:00
Matthew Mosesohn
370ad3acba Merge pull request #760 from genti-t/issue-748-flannel-options 
Fix Flannel network on CoreOS
 2016-12-22 19:02:31 +03:00
Genti Topija
a42b458fdf Fix Flannel network on CoreOS 
Resolves: #748
 2016-12-22 16:50:04 +01:00
Matthew Mosesohn
5457799aa3 Individual etcd ssl certs 
Includes hooks for triggering calico, kubelet, and kube-apiserver restarts
if etcd certs changed.
 2016-12-22 13:31:11 +03:00
Bogdan Dobrelya
85f31a369e Merge pull request #786 from mattymo/bug777 
Add wait for kube-apiserver to kubernetes-apps
 2016-12-22 11:02:50 +01:00
Alexander Block
272d8e754b Fix wrong path of dhclient on CentOS+Azure 
This was alredy fixed in #755 but had to be reverted. This PR should be
more intelligent about deciding which path to use.
 2016-12-21 21:51:07 +01:00
Spencer Smith
3575f890fc create systemd drop-in path if not existent 2016-12-21 13:06:12 -05:00
Bogdan Dobrelya
b103799901 Revert "Do not forward private domains for upstream resolvers" 2016-12-21 15:24:17 +01:00
Matthew Mosesohn
b1eb852207 Add wait for kube-apiserver to kubernetes-apps 
Fixes #777
 2016-12-21 15:39:39 +03:00
Bogdan Dobrelya
f45872b558 Add download_always_pull check and sha256 for docker images 
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
 2016-12-20 17:02:09 +01:00
Bogdan Dobrelya
763c1aff72 Merge pull request #722 from bogdando/dnsmasq_armors 
Do not forward private domains for upstream resolvers
 2016-12-20 14:25:17 +01:00
Bogdan Dobrelya
072c4e4669 Merge pull request #775 from kubernetes-incubator/register_master 
Register master node as unschedulable
 2016-12-20 14:17:55 +01:00
Bogdan Dobrelya
c147f710ab Merge pull request #774 from kubernetes-incubator/ant31-patch-2 
check if calico_peer_rr is defined
 2016-12-19 18:19:03 +01:00
Matthew Mosesohn
6a705aa0b5 Fix etcd to-SSL upgrade and task register vars 2016-12-19 15:05:49 +03:00
Bogdan Dobrelya
4d4b0adc03 Do not forward private domains for upstream resolvers 
Also fix kube log level 4 to log dnsmasq queries.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
Co-authored-by: Matthew Mosesohn <mmosesohn@mirantis.com>
 2016-12-19 11:01:41 +01:00
Alexander Block
c43615c765 Register master node as unschedulable 
Also refactor generation of kubelet args to not repeat args.
 2016-12-19 10:47:43 +01:00
Antoine Legrand
c250737b0a Update main.yml 2016-12-17 20:22:39 +01:00
Antoine Legrand
5c280ef54a Merge pull request #704 from vwfs/bastion_hosts 
Add support for bastion hosts
 2016-12-17 12:08:49 +01:00
Antoine Legrand
5d46f62718 Merge pull request #763 from bogdando/resolver_fallback 
Fallback to default resolver if no nameservers
 2016-12-17 12:03:41 +01:00
Antoine Legrand
b1841fda76 Merge pull request #766 from kubernetes-incubator/docker12point5 
Update docker to 1.12.5
 2016-12-17 11:55:06 +01:00
Bogdan Dobrelya
e7e0e82f43 Fallback to default resolver if no nameservers 
Current design expects users to define at least one
nameserver in the nameservers var to backup host OS DNS config
when the K8s cluster DNS service IP is not available and hosts
still have to resolve external or intranet FQDNs.

Fix undefined nameservers to fallback to the default_resolver.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
 2016-12-16 14:51:34 +01:00
Bogdan Dobrelya
7fc0b552a0 Revert "Fix wrong path for dhclient.conf on RedHat/CentOS" 2016-12-16 14:49:26 +01:00
Matthew Mosesohn
42dc2351b1 Update docker to 1.12.5 
Note the new ubuntu/debian version string change:
https://github.com/docker/docker/issues/29355
 2016-12-16 16:30:46 +03:00
Bogdan Dobrelya
fc2f616f94 Merge pull request #745 from kubernetes-incubator/fix_weave_start 
Fix weave restart after docker daemon restart
 2016-12-16 14:06:48 +01:00
Matthew Mosesohn
76e7048f06 Fix weave restart after docker daemon restart 2016-12-16 14:15:22 +03:00
Antoine Legrand
3bf2c0f54f Merge pull request #757 from kubernetes-incubator/issue754 
Add dns_domain for each host to /etc/hosts
 2016-12-15 21:42:59 +01:00
Bogdan Dobrelya
290433b89f Merge pull request #755 from kubernetes-incubator/fix_dhclientconf_path 
Fix wrong path for dhclient.conf on RedHat/CentOS
 2016-12-15 19:08:31 +01:00
Bogdan Dobrelya
80a8193d74 Merge pull request #746 from kubernetes-incubator/etcd_ssl_upgrade_fix 
Fix etcd member list when upgrading ETCD from an old version
 2016-12-15 12:31:34 +01:00
Matthew Mosesohn
ab4eb809d4 Add dns_domain for each host to /etc/hosts 
Fixes #754
 2016-12-15 13:34:59 +04:00
Bogdan Dobrelya
c09db6cd54 Merge pull request #749 from kubernetes-incubator/azure_ip_forward 
Set net.ipv4.ip_forward=1 on all systems, not only on GCE
 2016-12-15 10:19:43 +01:00
Alexander Block
2624da6161 Fix wrong path for dhclient.conf on RedHat/CentOS 
/etc/dhclient.conf is ignored on RedHat/CentOS
Correct location is /etc/dhcp/dhclient.conf
 2016-12-15 10:11:16 +01:00
Matthew Mosesohn
3b14519208 Fix etcd member list when upgrading ETCD from an old version 2016-12-15 12:00:45 +04:00
Bogdan Dobrelya
f635d224ed Merge pull request #721 from adidenko/calico-add-rr 
Add calico/routereflector support
 2016-12-14 17:22:00 +01:00
Smaine Kahlouch
af76813bf4 Merge pull request #708 from vwfs/cloud_network 
Add support for cloud-provider based networking
 2016-12-14 16:23:20 +01:00
Alexander Block
cbcdc7d9a0 Set net.ipv4.ip_forward=1 on all systems, not only on GCE 2016-12-14 15:08:13 +01:00
Aleksandr Didenko
d5a9b34d9e Add calico/routereflector support 
Add BGP route reflectors support in order to optimize BGP topology
for deployments with Calico network plugin.

Also bump version of calico/ctl for some bug fixes.
 2016-12-14 13:44:10 +01:00
Alexander Block
586ad91300 Add --reconcile-cidr flag to kubelet to support cloud network plugin in 1.4 2016-12-13 17:30:10 +01:00
Alexander Block
6887948537 Add check for azure_route_table_name and add it to all.yml 2016-12-13 17:30:10 +01:00
Alexander Block
5b0034c420 Add pseudo network plugin called "cloud" to use cloud provider for network 
Allow to let the cloud provider configure proper routing for nodes.
 2016-12-13 17:30:10 +01:00
Alexander Block
433eb1dc53 Add support for bastion hosts 2016-12-13 17:29:47 +01:00
Antoine Legrand
e22e4c02db Merge branch 'master' into standalone_kubelet 2016-12-13 17:26:21 +01:00
Alexander Block
67cc40aefa Move kube_version to group_vars/all to allow easier changing of version 
Also allows to perform version dependent logic in Ansible roles.
 2016-12-13 17:21:00 +01:00
Alexander Block
f9807798f3 Pass --anonymous-auth to apiserver 
Fixes #732
 2016-12-13 17:06:53 +01:00
Bogdan Dobrelya
2d566e27a6 Merge pull request #731 from bogdando/fix_resolvconf 
Fix resolvconf
 2016-12-13 16:48:37 +01:00
Bogdan Dobrelya
272b506802 Address standalone kubelet config case 
Also place in global vars and do not repeat the kube_*_config_dir
and kube_namespace vars for better code maintainability and UX.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
 2016-12-13 16:35:53 +01:00
Bogdan Dobrelya
bab6ec8477 Fix resolvconf 
Do not repeat options and nameservers in the dhclient hooks.
Do not prepend nameservers for dhclient but supersede and fail back
to the upstream_dns_resolvers then default_resolver. Fixes order of
nameservers placement, which is cluster DNS ip goes always first.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
 2016-12-13 15:48:53 +01:00
Alexander Block
0f0858703b Fix reverse umount in reset role 
The Jinja2 filter 'reverse' returned an iterator instead of a list,
resulting in the umount task to fail.

Intead of using the reverse filter, we use 'tac' to reverse the output
of the previous task.
 2016-12-13 14:21:24 +01:00
Bogdan Dobrelya
38f5f4a8e3 Merge pull request #705 from vwfs/centos7-azure 
Better support for CentOS 7 on Azure
 2016-12-13 10:36:58 +01:00
Bogdan Dobrelya
659b482b62 Merge pull request #667 from bogdando/fix_dns 
Rework DNS stack to meet hostnet pods needs
 2016-12-12 21:38:13 +01:00
Bogdan Dobrelya
33f9f9b7ba Update main.yml 2016-12-12 21:37:16 +01:00
Bogdan Dobrelya
8679f10f71 Rework DNS stack to meet hostnet pods needs 
* For Debian/RedHat OS families (with NetworkManager/dhclient/resolvconf
  optionally enabled) prepend /etc/resolv.conf with required nameservers,
  options, and supersede domain and search domains via the dhclient/resolvconf
  hooks.

* Drop (z)nodnsupdate dhclient hook and re-implement it to complement the
  resolvconf -u command, which is distro/cloud provider specific.
  Update docs as well.

* Enable network restart to apply and persist changes and simplify handlers
  to rely on network restart only. This fixes DNS resolve for hostnet K8s
  pods for Red Hat OS family. Skip network restart for canal/calico plugins,
  unless https://github.com/projectcalico/felix/issues/1185 fixed.

* Replace linefiles line plus with_items to block mode as it's faster.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
Co-authored-by: Matthew Mosesohn <mmosesohn@mirantis.com>
 2016-12-12 17:43:47 +01:00
Alexander Block
9172de48fd Make growpart only run on Azure 2016-12-12 14:14:22 +01:00
Bogdan Dobrelya
5dd0caf1b5 Merge branch 'master' into tags_download 2016-12-12 11:44:00 +01:00
Matthew Mosesohn
1fe8dc2472 Merge pull request #707 from vwfs/reset_playbook 
Add playbook and role to reset the cluster
 2016-12-12 12:43:00 +03:00
Alexander Block
eb2890d245 Add growpart role to allow growing the root partition on CentOS 
At least the OS images from Azure do not grow the root FS automatically.
 2016-12-12 09:55:28 +01:00
Alexander Block
41a87fe305 Disable fastestmirror on CentOS 
It actually slows down things dramatically when used in combination
with Ansible.
 2016-12-12 09:54:39 +01:00
Alexander Block
a80cdcf867 Remove requiretty from sudoers to actually make pipelining work 
Some systems (e.g. CentOS on Azure) have requiretty in sudoers which makes
pipelining fail.
 2016-12-12 09:54:39 +01:00
Matthew Mosesohn
e731130f41 Merge pull request #713 from kubernetes-incubator/bump_kubedns 
Bump kubedns version to 1.9
 2016-12-10 11:08:42 +03:00
Bogdan Dobrelya
d2c369f3b7 Merge pull request #696 from bogdando/intranet_dns 
Preconfigure dns stack early
 2016-12-09 21:46:03 +01:00
Bogdan Dobrelya
aefe4a99d2 Preconfigure DNS stack and docker early 
In order to enable offline/intranet installation cases:
* Move DNS/resolvconf configuration to preinstall role. Remove
  skip_dnsmasq_k8s var as not needed anymore.

* Preconfigure DNS stack early, which may be the case when downloading
  artifacts from intranet repositories. Do not configure
  K8s DNS resolvers for hosts /etc/resolv.conf yet early (as they may be
  not existing).

* Reconfigure K8s DNS resolvers for hosts only after kubedns/dnsmasq
  was set up and before K8s apps to be created.

* Move docker install task to early stage as well and unbind it from the
  etcd role's specific install path. Fix external flannel dependency on
  docker role handlers. Also fix the docker restart handlers' steps
  ordering to match the expected sequence (the socket then the service).

* Add default resolver fact, which is
  the cloud provider specific and remove hardcoded GCE resolver.

* Reduce default ndots for hosts /etc/resolv.conf to 2. Multiple search
  domains combined with high ndots values lead to poor performance of
  DNS stack and make ansible workers to fail very often with the
  "Timeout (12s) waiting for privilege escalation prompt:" error.

* Update docs.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
 2016-12-09 17:30:55 +01:00
Bogdan Dobrelya
10383c88ee More granular control for download/upload images/binaries 
Add upload tag allow users to exclude distributing images across nodes
when running with the download tag set.
Add related tags and update docs as well.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
 2016-12-09 17:04:55 +01:00
Alexander Block
74c4355af8 Changes according to code review 2016-12-09 16:33:10 +01:00
Matthew Mosesohn
6dc79b45ea Bump kubedns version to 1.9 
Version 1.9 has reduced verbosity for federation dns queries
which flood container logs.
 2016-12-09 17:57:54 +03:00
Alexander Block
294d6ce221 Use proper style (spacing) for docker_storage_options 2016-12-09 13:56:56 +01:00
Alexander Block
14bd3e5d23 Allow to specify docker storage driver 2016-12-09 13:56:56 +01:00
Bogdan Dobrelya
c032d20962 Merge pull request #700 from bogdando/tags 
Add tags
 2016-12-09 13:23:56 +01:00