Matthew Mosesohn
bc74a37696
Calculate etcd client cert serial for appropriate groups ( #3605 )
...
Standalone etcd nodes do not generate node-$hostname certs and do
not need this serial calculated.
2018-11-01 05:50:26 -07:00
Bart Laarhoven
0acb823d96
Distribute node etcd certificates like it's done in kubernetes/secrets ( #3486 )
...
* do it like in kubernetes/secrets
* fix indentation
* processed comments
* missed one, sorry
* trailing space fix
2018-10-29 11:45:32 +01:00
Erwan Miran
b4e2b85745
Replace shell with command in order to allow the task to fail when openssl x509 does return zero ( #3516 )
2018-10-15 23:48:12 -07:00
Erwan Miran
fcd8d850dc
Fix ansible syntax to avoid ansible warnings (again) ( #3509 )
...
* Fix ansible syntax to avoid ansible warnings (again)
* warn: false on tar -cfz
* wrong placement of warn:false
2018-10-15 23:47:04 -07:00
Erwan Miran
2ab2f3a0a3
Ability to define SSL certificates duration and SSL key size ( #3482 )
...
* Ability to specify ssl certificate duration and ssl key size - etcd/secrets
* Ability to specify ssl certificate duration and ssl key size - helm/contiv + fix contiv missing copy certs generation script
2018-10-09 04:43:30 -07:00
刘旭
145e5c8943
use copy and slurp module ( #3313 )
2018-09-27 02:12:02 -07:00
rongzhang
84c4c7dc82
Use synchronize module
2018-09-16 20:36:44 +08:00
Matthew Mosesohn
aaa9a4efac
Ensure vault file permissions are correct
2018-09-10 12:04:04 +03:00
k8s-ci-robot
db11394711
Merge pull request #3200 from pablodav/feature/k8s_win_v1.11
...
Required support to start working on windows node support
2018-09-03 04:51:23 -07:00
Pablo Estigarribia
7cbe3c2171
ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version
...
ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version
remove empty when line
ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version
force kubeadm upgrade due to failure without --force flag
ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version
added nodeSelector to have compatibility with hybrid cluster with win nodes, also fix for download with missing container type
fixes in syntax and LF for newline in files
fix on yamllint check
ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version
some cleanup for innecesary lines
remove conditions for nodeselector
2018-09-02 12:47:06 -03:00
k8s-ci-robot
6e7100f283
Merge pull request #3208 from mirwan/etcd_ha_doc_n_cleaning
...
Add documentation about having HA for etcd
2018-08-31 08:06:05 -07:00
Erwan Miran
82a28d6bb3
Add documentation about having HA for etcd
2018-08-31 14:40:25 +02:00
Antoine Legrand
da06c8e5a9
etcd UNSUPPORTED for all arch
2018-08-31 13:45:08 +02:00
Antoine Legrand
19268ded23
Fix some arm64 errors
2018-08-31 13:45:08 +02:00
Antoine Legrand
f67933d2ac
add ETCD_UNSUPPORTED_ARCH=arm64 flag
2018-08-31 13:45:08 +02:00
Takashi Okamoto
359009bb05
Download etcd and hyperkube binary.
2018-08-28 01:24:26 +00:00
Vasilis Remmas
b61eb7d7f3
Add ETCD_QUOTA_BACKEND_BYTES environment variable
2018-08-24 12:17:34 +02:00
Aivars Sterns
1567a977c3
Revert "gen_certs_script: refactor using stdin (Ansible 2.4+)"
2018-08-24 12:35:31 +03:00
Tatsuyuki Ishi
69786b2d16
gen_certs_script: refactor using stdin (Ansible 2.4+)
2018-08-23 11:19:17 +09:00
Antoine Legrand
e51c5dc0a6
Merge pull request #3123 from mathieuherbert/until-restart-etcd
...
add until option for etcd backup commands
2018-08-17 22:09:08 +02:00
Sergey Bondarev
ce6854e726
add version to environment file
...
Trigger reboot handler when version upgrade during update script
2018-08-17 17:25:35 +03:00
Mathieu Herbert
59d89a37cc
add until option for etcd backup commands
2018-08-17 11:05:57 +02:00
Matthew Mosesohn
97e0de7e29
Fix vault file owner issues and k8s apiserver cert creation ( #2985 )
...
apiserver cert should be created only once
2018-07-11 14:58:02 +03:00
Matthew Mosesohn
5c617c5a8b
Add tags to deploy components by --tags option ( #2960 )
...
* Add tags for cert serial tasks
This will help facilitate tag-based deployment of specific components.
* fixup kubernetes node
2018-07-06 09:12:13 +03:00
elementyang
d6f2dbc723
fix the time of ca files are changed in make-ssl-etcd
2018-06-24 13:05:43 +08:00
Matthew Mosesohn
61e97251a5
Improve variable handling for disabling etcd events cluster
2018-06-18 16:58:29 +03:00
Brad Beam
63a458063b
Adding missing rkt template for etcd-events
2018-06-06 10:43:30 -05:00
Matthew Mosesohn
59be578842
Revert "wip pr for improved cert sync" ( #2849 )
2018-06-06 17:22:25 +03:00
Matthew Mosesohn
7433348aae
wip pr for improved cert sync
2018-05-30 12:15:11 +03:00
Andreas Krüger
e60a63ea51
Merge pull request #2577 from woopstar/etcd-fix-4
...
Makeover of etcd- and etcd-cluster setup.
2018-05-16 20:49:54 +02:00
Matthew Mosesohn
07cc981971
refactor vault role ( #2733 )
...
* Move front-proxy-client certs back to kube mount
We want the same CA for all k8s certs
* Refactor vault to use a third party module
The module adds idempotency and reduces some of the repetitive
logic in the vault role
Requires ansible-modules-hashivault on ansible node and hvac
on the vault hosts themselves
Add upgrade test scenario
Remove bootstrap-os tags from tasks
* fix upgrade issues
* improve unseal logic
* specify ca and fix etcd check
* Fix initialization check
bump machine size
2018-05-11 19:11:38 +03:00
woopstar
4c81cd2a71
Merge branch 'master' of https://github.com/kubernetes-incubator/kubespray into etcd-fix-4
2018-05-02 14:45:58 +02:00
Andreas Kruger
32a8ea8094
Fix wrong var used
2018-05-02 12:44:05 +02:00
ashon
fb465f8b4b
Use 'items()' for python compatibility
2018-05-01 16:55:50 +09:00
Markos Chandras
9168c71359
Revert "Revert "Add openSUSE support" ( #2697 )" ( #2699 )
...
This reverts commit 51f4e6585a
.
2018-04-26 12:52:06 +03:00
Matthew Mosesohn
51f4e6585a
Revert "Add openSUSE support" ( #2697 )
2018-04-23 14:28:24 +03:00
Spencer Smith
49c6bf8fa6
support custom env vars for etcd
2018-04-18 14:03:24 -04:00
Markos Chandras
2d34781259
roles: etcd: Add support for SUSE distributions
...
Add path for certificate location for SUSE distributions. Also make sure
the 'update-ca-certificates' command is executed on SUSE hosts as well.
2018-04-11 20:53:43 +01:00
woopstar
86e3506ae6
Etcd cluster setup makeover
...
The current way to setup the etc cluster is messy and buggy.
- It checks for cluster is healthy before the cluster is even created.
- The unit files are started on handlers, not in the task, so you mess with "flush handlers".
- The join_member.yml is not used.
- etcd events cluster is not configured for kubeadm
- remove duplicate runs between running the role on etcd nodes and k8s nodes
2018-04-01 21:38:33 +02:00
Andreas Krüger
b9b028a735
Update etcd deployment to use correct cert and key ( #2572 )
...
* Update etcd deployment to use correct cert and key
* Update to use admin cert for etcdctl commands
* Update handler to use admin cert too
2018-03-31 14:06:09 -04:00
Wong Hoi Sing Edison
195d6d791a
Integrate jetstack/cert-manager 0.2.3 to Kubespray
2018-03-31 19:29:11 +08:00
woopstar
859a7f32fb
Fix import task. Has to be include task to evalutate etcd_cluster_setup variable at run time
2018-03-31 00:06:34 +02:00
Andreas Krüger
76cb37d6b5
Merge pull request #2544 from woopstar/cert-fix-2
...
Update openssl.conf to count better and work with Jinja 2.9
2018-03-30 21:57:17 +02:00
Matthew Mosesohn
03bcfa7ff5
Stop templating kube-system namespace and creating it ( #2545 )
...
Kubernetes makes this namespace automatically, so there is
no need for kubespray to manage it.
2018-03-30 14:29:13 +03:00
woopstar
0df32b03ca
Update openssl.conf to count better and work with Jinja 2.9
2018-03-28 17:48:56 +02:00
Sergey Bondarev
4f7479d94d
add etc tunning options
...
https://coreos.com/etcd/docs/latest/tuning.html
etcd_snapshot_count
and
ionice priority
2018-03-26 17:25:51 +03:00
Sergey Bondarev
f8fed0f308
change expirations period for generated certificate from 10 years to 100 years
2018-03-14 13:33:36 +03:00
RongZhang
388b627f72
Enable OOM killing for etcd-events
...
Enable OOM killing like docker run etcd
2018-03-05 20:46:39 -06:00
Antoine Legrand
5cc77eb6fd
Merge pull request #2294 from Nowaker/patch-1
...
Enable OOM killing
2018-03-01 14:56:26 +01:00
RongZhang
67ffd8e923
Add etcd-events cluster for kube-apiserver ( #2385 )
...
Add etcd-events cluster for kube-apiserver
2018-03-01 11:39:14 +03:00