C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
1383 commits 17 branches 66 tags 141 MiB
Commit graph

800 commits

Author SHA1 Message Date
Sergii Golovatiuk c07d60bc90 Kubernetes Reliability Improvements 
- Exclude kubelet CPU/RAM (kube-reserved) from cgroup. It decreases a
  chance of overcommitment
- Add a possibility to modify Kubelet node-status-update-frequency
- Add a posibility to configure node-monitor-grace-period,
  node-monitor-period, pod-eviction-timeout for Kubernetes controller
  manager
- Add Kubernetes Relaibility Documentation with recomendations for
  various scenarios.

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
 2017-02-09 23:54:08 +01:00
Matthew Mosesohn 0a7c6eb9dc Merge pull request #998 from mattymo/fix_upgrade_daemonsets 
Fix upgrade for all daemonset type resources
 2017-02-09 20:02:21 +03:00
Matthew Mosesohn 17dfae6d4e Merge pull request #999 from holser/decrease_weave_ram_limits 
Lower weave RAM settings.
 2017-02-09 13:19:12 +03:00
Bogdan Dobrelya 3b1a196c75 Merge pull request #902 from insequent/master 
Adding vault role
 2017-02-09 09:24:52 +01:00
Bogdan Dobrelya 105dbf471e Merge pull request #993 from code0x9/master 
enable proxy support on docker repository
 2017-02-09 09:21:01 +01:00
Antoine Legrand 68df0d4909 Merge pull request #986 from vwfs/dnsmasq_system_nameservers 
Also add the system nameservers to upstream servers in dnsmasq
 2017-02-08 23:21:54 +01:00
Josh Conant 245e05ce61 Vault security hardening and role isolation 2017-02-08 21:41:36 +00:00
Josh Conant f4ec2d18e5 Adding the Vault role 2017-02-08 21:31:28 +00:00
Sergii Golovatiuk 4124d84c00 Lower weave RAM settings. 
- Since Weave 1.8.x was rewritten in Golang we may decrease RAM settings
  to continue using g1-small for CI
 2017-02-08 18:50:36 +01:00
Matthew Mosesohn 3c713a3f53 Fix upgrade for all daemonset type resources 
Daemonsets cannot be simply upgraded through a single API call,
regardless of any kubectl documentation. The resource must be
purged and then recreated in order to make any changes.
 2017-02-08 18:16:00 +03:00
Alexander Block 89e570493a Also add the system nameservers to upstream servers in dnsmasq 
Also make no-resolv unconditional again. Otherwise, we may end up in
a resolver loop. The resolver loop was the cause for the piling up
parallel queries.
 2017-02-08 14:38:55 +01:00
Matthew Mosesohn 16674774c7 Merge pull request #994 from mattymo/docker_save 
Change docker save compress level to 1
 2017-02-08 15:13:15 +03:00
Matthew Mosesohn 0180ad7f38 Merge pull request #990 from mattymo/fix_cert_upgrade 
Fix check for node-NODEID certs existence
 2017-02-08 14:44:09 +03:00
Matthew Mosesohn bfd1ea1da1 Merge pull request #971 from bradbeam/efk 
Adding EFK logging stack
 2017-02-08 14:28:04 +03:00
Mark Lee 3eacd0c871 Update rh_docker.repo.j2 2017-02-08 20:03:51 +09:00
Matthew Mosesohn d587270293 Merge pull request #992 from vwfs/host_mount_dev 
Host mount /dev for kubelet
 2017-02-08 13:45:22 +03:00
Matthew Mosesohn 3eb13e83cf Change docker save compress level to 1 
Faster gzip improves CI deploy times by at least 2 mins.

Fixes #982
 2017-02-08 13:25:11 +03:00
Mark Lee df761713aa Merge branch 'master' of https://github.com/kubespray/kargo 2017-02-08 19:19:26 +09:00
Mark Lee de50f37fea enable proxy support on docker repository 2017-02-08 19:19:08 +09:00
Matthew Mosesohn bad6076905 Merge pull request #987 from mattymo/etcd-retune 
Re-tune ETCD performance params
 2017-02-08 13:00:25 +03:00
Bogdan Dobrelya c2bd76a22e Merge pull request #956 from adidenko/update-netchecker 
Update playbooks to support new netchecker
 2017-02-08 10:09:46 +01:00
Alexander Block 010fe30b53 Host mount /dev for kubelet 2017-02-08 09:55:51 +01:00
Matthew Mosesohn e5779ab786 Fix check for node-NODEID certs existence 
Fixes upgrade from pre-individual node cert envs.
 2017-02-07 21:06:48 +03:00
Matthew Mosesohn 71e14a13b4 Re-tune ETCD performance params 
Reduce election timeout to 5000ms (was 10000ms)
Raise heartbeat interval to 250ms (was 100ms)
Remove etcd cpu share (was 300)
Make etcd_cpu_limit and etcd_memory_limit optional.
 2017-02-07 20:15:14 +03:00
Matthew Mosesohn 491074aab1 Merge pull request #969 from mattymo/port_reserve 
Prevent dynamic port allocation in nodePort range
 2017-02-07 18:24:57 +03:00
Aleksandr Didenko 54af533b31 Update playbooks to support new netchecker 
Netchecker is rewritten in Go lang with some new args instead of
env variables. Also netchecker-server no longer requires kubectl
container. Updating playbooks accordingly.
 2017-02-07 15:20:34 +01:00
Matthew Mosesohn f3a0f73588 Prevent dynamic port allocation in nodePort range 
kube_apiserver_node_port_range should be accessible only
to kube-proxy and not be taken by a dynamic port allocation.

Potentially temporary if https://github.com/kubernetes/kubernetes/issues/40920
gets fixed.
 2017-02-06 20:01:16 +03:00
Sergii Golovatiuk 5122697f0b Improve Weave 
- Remove weave CPU limits from .gitlab-ci.yml. Closes: #975
- Fix weave version in documentation

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
 2017-02-06 13:24:40 +01:00
Antoine Legrand bd1c764a1a Merge pull request #963 from rutsky/bastion-ansible-host 
handle both 'ansible_host' and 'ansible_ssh_host' in bastion configration
 2017-02-04 15:42:39 -05:00
Brad Beam df3e11bdb8 Adding EFK logging stack 2017-02-03 16:27:08 -06:00
Bogdan Dobrelya 5a7a3f6d4a Merge pull request #949 from vmtyler/master 
Fixes Support for OpenStack v3 credentials
 2017-02-03 12:22:00 +01:00
Vladimir Rutsky b4327fdc99 handle both 'ansible_host' and 'ansible_ssh_host' in bastion configuration 
'absible_ssh_host' is deprecated in Ansible 2.0 and at least
'contrib/inventory_builder/inventory.py' uses 'ansible_host' instead.
 2017-02-02 18:34:53 +03:00
Matthew Mosesohn 10f924a617 Merge pull request #927 from holser/nsenter_fix 
Remove nsenter workaround
 2017-02-02 18:18:15 +03:00
Matthew Mosesohn 3dd6a01c8b Merge pull request #901 from galthaus/dns-tweak 
DHCP Hook protections
 2017-02-02 16:47:16 +03:00
Sergii Golovatiuk 585afef945 Remove nsenter workaround 
- Docker 1.12 and further don't need nsenter hack. This patch removes
  it.  Also, it bumps the minimal version to 1.12.

Closes #776

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
 2017-02-02 14:38:11 +01:00
Sergii Golovatiuk f2e4ffcac2 Fix weave-net after upgrade to 1.82 
- Set recommended CPU settings
- Cleans up upgrade to weave 1.82. The original WeaveWorks
daemonset definition uses weave-net name.
- Limit DS creation to master
- Combined 2 tasks into one with better condition
 2017-02-02 10:31:58 +01:00
Matthew Mosesohn ae66b6e648 Merge pull request #957 from mattymo/weave-net-naming 
Rename weave-kube to weave-net
 2017-02-02 10:18:02 +03:00
Greg Althaus 923057c1a8 This continues the DHCP hook checks. Also protect the create side 
if the system doesn't have any config files at all.
 2017-01-31 09:56:27 -06:00
Matthew Mosesohn 0f6e08d34f Merge pull request #951 from mattymo/k8s-certs-scale 
Fix cert distribution at scale
 2017-01-31 18:49:26 +03:00
Matthew Mosesohn 4889a3e2e1 Merge pull request #954 from artem-panchenko/improve_dnsmasq 
Explicitly set config path for DNSMasq
 2017-01-31 18:48:46 +03:00
Matthew Mosesohn 39d87a96aa Rename weave-kube to weave-net 
Cleans up upgrade to weave 1.82. The original WeaveWorks
daemonset definition uses weave-net name.
 2017-01-31 18:47:27 +03:00
Matthew Mosesohn 08822ec684 Fix cert distribution at scale 
Use stdin instead of bash args to pass node filenames and base64 data.
Use tempfile for master cert data
 2017-01-31 16:27:45 +03:00
Matthew Mosesohn 6463a01e04 Merge pull request #880 from bradbeam/weave-kube 
Weave kube
 2017-01-31 13:31:09 +03:00
Artem Panchenko 1418fb394b Explicitly set config path for DNSMasq 
When DNSMasq is configured to read its settings
from a folder ('-7' or '--conf-dir' option) it only
checks that the directory exists and doesn't fail if
it's empty. It could lead to a situation when DNSMasq
is running and handles requests, but not properly
configured, so some of queries can't be resolved.
 2017-01-31 12:14:57 +02:00
Matthew Mosesohn e4eda88ca9 Merge pull request #944 from tureus/skip-cloud-config-on-etcd 
Bugfix: skip cloud_config on etcd
 2017-01-30 20:12:36 +03:00
Brad Beam a11b9d28bd Upgrading weave to weave-kube 2017-01-27 17:05:25 -06:00
Brad Beam b54eb609bf Consolidating kube.py module 2017-01-27 11:28:11 -06:00
Tyler Britten f8ffa1601d Fixed for non-null output 2017-01-27 10:47:59 -05:00
Tyler Britten da01bc1fbb Updated OpenStack vars to check for tenant_id (v2) and project_id (v3) 2017-01-27 10:26:20 -05:00
Xavier Lange e5fdc63bdd Bugfix: skip cloud_config on etcd 2017-01-25 14:09:21 -08:00