Spencer Smith
ee36763f9d
Merge pull request #1464 from johnko/patch-4
...
set loadbalancer_apiserver_localhost default true
2017-07-25 10:00:56 -04:00
Spencer Smith
4a34514b21
Merge pull request #1447 from whereismyjetpack/template_known_users
...
Template out known_users.csv, optionally add groups
2017-07-25 08:55:08 -04:00
John Ko
018b5039e7
set loadbalancer_apiserver_localhost default true
...
to match this https://github.com/kubernetes-incubator/kubespray/blob/master/roles/kubernetes/node/tasks/main.yml#L20
and the documented behaviour in HA docs
related to #1456
@rsmitty
2017-07-20 10:27:05 -04:00
jwfang
092bf07cbf
basic rbac support
2017-07-17 19:29:59 +08:00
Dann Bohn
d1f58fed4c
Template out known_users.csv, optionally add groups
2017-07-14 09:27:20 -04:00
Martin Joehren
12e918bd31
add possibility to ignore the hostname override
2017-07-13 14:04:39 +00:00
Brad Beam
e0bf8b2aab
Adding recursive=true for rkt kubelet dir
...
Fixes #1434
2017-07-12 09:28:54 -05:00
Spencer Smith
c75b21a510
Merge pull request #1408 from amitkumarj441/patch-1
...
Remove deprecated 'enable-cri' flag in kubernetes 1.7
2017-07-11 08:56:14 -04:00
Spencer Smith
4b0af73dd2
Merge pull request #1332 from gstorme/kube_apiserver_insecure_port
...
Use the kube_apiserver_insecure_port variable instead of static 8080
2017-07-06 09:06:50 -04:00
Amit Kumar Jaiswal
319a0d65af
Update kubelet.j2
...
Updated with closing endif.
2017-07-03 16:23:35 +05:30
Amit Kumar Jaiswal
3d2680a102
Update kubelet.j2
...
Updated!
2017-07-03 15:58:50 +05:30
Amit Kumar Jaiswal
c36fb5919a
Update kubelet.j2
...
Updated!!
2017-07-03 15:55:04 +05:30
Amit Kumar Jaiswal
46d3f4369e
Updated K8s version
...
Signed-off-by: Amit Kumar Jaiswal <amitkumarj441@gmail.com>
2017-07-03 04:06:42 +05:30
Martin Joehren
c2b3920b50
added flag for not populating inventory entries to etc hosts file
2017-06-30 16:41:03 +00:00
Brad Beam
5e1ac9ce87
Merge pull request #1354 from chadswen/kubedns-var-fix
...
kubedns consistency fixes
2017-06-27 22:26:46 -05:00
Chad Swenson
8467bce2a6
Fix inconsistent kubedns version and parameterize kubedns autoscaler image vars
2017-06-27 10:19:31 -05:00
Spencer Smith
8203383c03
rename almost all mentions of kargo
2017-06-16 13:25:46 -04:00
Brad Beam
b73786c6d5
Merge pull request #1335 from bradbeam/imagerepo
...
Set default value for kube_hyperkube_image_repo
2017-06-12 09:46:17 -05:00
Gregory Storme
266ca9318d
Use the kube_apiserver_insecure_port variable instead of static 8080
2017-06-12 09:20:59 +02:00
Brad Beam
db3e8edacd
Fixing up vault variables
2017-06-08 16:15:33 -05:00
Brad Beam
6e41634295
Set default value for kube_hyperkube_image_repo
...
Fixes #1334
2017-06-08 12:22:16 -05:00
Brad Beam
696fd690ae
Merge pull request #1092 from bradbeam/rkt_docker
...
Adding flag for docker container in kubelet w/ rkt
2017-06-06 12:58:40 -05:00
Spencer Smith
01c0ab4f06
check if cloud_provider is defined
2017-05-31 08:24:24 -04:00
Spencer Smith
7e2aafcc76
add direct path for cert in AWS with RHEL family
2017-05-26 17:32:50 -04:00
Matthew Mosesohn
9e64267867
Merge pull request #1293 from mattymo/kubelet_host_mode
...
Add host-based kubelet deployment
2017-05-19 18:07:39 +03:00
Matthew Mosesohn
cc6e3d14ce
Add host-based kubelet deployment
...
Kubelet gets copied from hyperkube container and run locally.
2017-05-19 16:54:07 +03:00
Brad Beam
b999ee60aa
Fixing typo in kubelet cluster-dns and cluster-domain flags
2017-05-16 15:43:29 -05:00
Spencer Smith
c572760a66
Merge pull request #1254 from iJanki/cert_group
...
Adding /O=system:masters to admin certificate
2017-05-05 10:58:42 -04:00
Spencer Smith
0afbc19ffb
ensure the /etc/os-release is mounted read only
2017-05-01 14:51:40 -04:00
Spencer Smith
ac9290f985
add for rkt as well
2017-04-28 17:45:10 -04:00
Spencer Smith
5657738f7e
mount os-release to ensure the node's OS is what's seen in k8s api
2017-04-28 13:40:54 -04:00
Sergii Golovatiuk
674b71b535
Ansible 2.3 support
...
- Fix when clauses in various places
- Update requirements.txt
- Fix README.md
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-04-26 15:22:10 +02:00
Spencer Smith
88b5065e7d
fix stray 'in' and break into multiple lines for clarity
2017-04-20 09:53:01 -04:00
Spencer Smith
b690008192
allow for correct aws default resolver
2017-04-20 09:32:03 -04:00
Matthew Mosesohn
2d6bc9536c
Merge pull request #1246 from holser/disable_dns_for_kube_services
...
Change DNS policy for kubernetes components
2017-04-20 16:12:52 +03:00
Sergii Golovatiuk
01dc6b2f0e
Add aws to default_resolver
...
When VPC is used, external DNS might not be available. This patch change
behavior to use metadata service instead of external DNS when
upstream_dns_servers is not specified.
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-04-20 11:47:19 +02:00
Sergii Golovatiuk
d8aa2d0a9e
Change DNS policy for kubernetes components
...
According to code apiserver, scheduler, controller-manager, proxy don't
use resolution of objects they created. It's not harmful to change
policy to have external resolver.
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-04-20 11:22:57 +02:00
Matthew Mosesohn
19bb97d24d
Merge pull request #1238 from Starefossen/fix/namespace-template-file
...
Move namespace file to template directory
2017-04-20 12:19:55 +03:00
Matthew Mosesohn
9f4f168804
Merge pull request #1241 from bradbeam/rktcnidir
...
Explicitly create cni bin dir
2017-04-20 12:19:26 +03:00
Sergii Golovatiuk
e796cdbb27
Fix restart kube-controller ( #1242 )
...
kubernetesUnitPrefix was changed to k8s_* in 1.5. This patch reflects
this change in kargo
2017-04-20 11:26:01 +03:00
Brad Beam
b60a897265
Explicitly create cni bin dir
...
If this path doesnt exist, it will cause kubelet to fail to start when
using rkt
2017-04-19 16:00:44 +00:00
Hans Kristian Flaatten
d68cfeed6e
Move namespace file to template directory
2017-04-19 13:37:02 +02:00
Spencer Smith
c3c9e955e5
Merge pull request #1232 from rsmitty/custom-flags
...
add ability for custom flags
2017-04-17 14:01:32 -04:00
Spencer Smith
72d5db92a8
remove stray spaces in templating
2017-04-17 12:24:24 -04:00
Spencer Smith
3f302c8d47
ensure spacing on string of flags
2017-04-17 12:13:39 -04:00
Spencer Smith
04a769bb37
ensure spacing on string of flags
2017-04-17 11:11:10 -04:00
Spencer Smith
f9d4a1c1d8
update to safeguard against accidentally passing string instead of list
2017-04-17 11:09:34 -04:00
Matthew Mosesohn
3e7db46195
Merge pull request #1233 from gbolo/master
...
allow admission control plug-ins to be easily customized
2017-04-17 12:59:49 +03:00
gbolo
49be805001
allow admission control plug-ins to be easily customized
2017-04-16 22:03:45 -04:00
Spencer Smith
94596388f7
add ability for custom flags
2017-04-14 17:33:04 -04:00
Matthew Mosesohn
ae7f59e249
Skip vault cert task evaluation completely when using script cert generation
2017-04-13 19:29:07 +03:00
Matthew Mosesohn
1c45d37348
Update kubelet.j2
2017-04-06 22:59:18 +03:00
Matthew Mosesohn
b521255ec9
Unbreak 1.5 deployment with kubelet
...
1.5 kubelet fails to start when using unknown params
2017-04-06 21:07:48 +03:00
Matthew Mosesohn
75ea001bfe
Merge pull request #1208 from mattymo/1.6-flannel
...
Update to k8s 1.6 with flannel and centos fixes
2017-04-06 13:04:02 +03:00
Matthew Mosesohn
ff2fb9196f
Fix flannel for 1.6 and apply fixes to enable containerized kubelet
2017-04-06 10:06:21 +04:00
Matthew Mosesohn
acae0fe4a3
Merge pull request #1205 from holser/resolv_updates
...
Refactoring resolv.conf
2017-04-05 14:22:52 +03:00
Sergii Golovatiuk
2670eefcd4
Refactoring resolv.conf
...
- Renaming templates for netchecker
- Add dnsPolicy: ClusterFirstWithHostNet to kube-proxy
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-04-05 09:28:01 +02:00
Matthew Mosesohn
c0cae9e8a0
Merge pull request #1204 from mattymo/resolvconf-nodes
...
Restart kubelet when updating /etc/resolv.conf on all k8s nodes
2017-04-04 22:03:44 +03:00
Matthew Mosesohn
f8cf6b4f7c
Merge pull request #1186 from holser/resolv_conf
...
Set ClusterFirstWithHostNet for Pods with hostnetwork: true
2017-04-04 20:49:55 +03:00
Matthew Mosesohn
a29182a010
Restart kubelet when updating /etc/resolv.conf on all k8s nodes
2017-04-04 20:43:47 +03:00
Sergii Golovatiuk
1cfe0beac0
Set ClusterFirstWithHostNet for Pods with hostnetwork: true
...
In kubernetes 1.6 ClusterFirstWithHostNet was added as an option. In
accordance to it kubelet will generate resolv.conf based on own
resolv.conf. However, this doesn't create 'options', thus the proper
solution requires some investigation.
This patch sets the same resolv.conf for kubelet as host
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-04-04 16:34:13 +02:00
Matthew Mosesohn
798f90c4d5
Merge pull request #1153 from mattymo/graceful_drain
...
Move graceful upgrade test to Ubuntu canal HA, adjust drain
2017-04-04 17:33:53 +03:00
Matthew Mosesohn
b4d06ff8dd
Add /var/lib/cni to kubelet
...
Necessary to persist this directory for host-local IPAM used by Canal
Add pre-upgrade task to copy /var/lib/cni out of old kubelet.
2017-04-03 19:38:24 +03:00
Matthew Mosesohn
5a5707159a
Fix multiline condition for k8s check certs
...
Fixes #1190
2017-04-03 17:44:55 +03:00
Matthew Mosesohn
80828a7c77
use etcd2 when upgrading unless forced
2017-04-03 15:07:42 +03:00
Matthew Mosesohn
d42e4f2344
Update .gitlab-ci.yml
2017-03-30 12:19:15 +04:00
Matthew Mosesohn
48beef25fa
delete master containers forcefully
2017-03-27 19:08:22 +03:00
Matthew Mosesohn
a3f568fc64
restart scheduler and controller-manager too
2017-03-27 13:51:35 +03:00
Matthew Mosesohn
57ee304260
ensure post-upgrade purge ones only once
2017-03-27 13:28:37 +03:00
Matthew Mosesohn
0794a866a7
switch debian8-canal-ha to ubuntu
2017-03-27 13:28:37 +03:00
Matthew Mosesohn
49e4d344da
move network plugins out of grouped upgrades
2017-03-27 13:28:37 +03:00
Matthew Mosesohn
6e505c0c3f
Fix delegate tasks for kubectl and etcdctl
2017-03-27 13:28:37 +03:00
Matthew Mosesohn
e9a294fd9c
Significantly reduce memory requirements
...
Canal runs more pods and upgrades need a bit of extra
room to load new pods in and get the old ones out.
2017-03-27 13:28:37 +03:00
Matthew Mosesohn
44d851d5bb
Only cordon Ready nodes
2017-03-27 13:28:37 +03:00
Matthew Mosesohn
c2c334d22f
Merge pull request #1181 from holser/refactor_etcd
...
Refactor etcd role
2017-03-27 13:05:35 +03:00
Sergii Golovatiuk
f144fd1ed3
Refactor etcd role
...
- Run docker run from script rather than directly from systemd target
- Refactoring styling/templates
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-03-24 12:34:15 +01:00
Vladimir Rutsky
c4e57477fb
replace non-breakable space with regular space
...
Non-brekable space is 0xc2 0xa0 byte sequence in UTF-8.
To find one:
$ git grep -I -P '\xc2\xa0'
To replace with regular space:
$ git grep -l -I -P '\xc2\xa0' | xargs sed -i 's/\xc2\xa0/ /g'
This commit doesn't include changes that will overlap with commit f1c59a91a1
.
2017-03-23 00:25:01 +03:00
Matthew Mosesohn
1887e984a0
Change wait for dnsmasq to skip if there are no kube-nodes in play
...
Also changed unnecessary delay to a max timeout (now defaulting to 1s sleep
between tries)
Also rename play_hosts to ansible_play_hosts
2017-03-21 18:55:22 +03:00
Matthew Mosesohn
b7ab80e8ea
Merge pull request #1149 from mattymo/centos-retries
...
Retry yum/apt/rpm download commands
2017-03-18 11:12:36 +03:00
Matthew Mosesohn
7760c3e4aa
Retry yum/apt/rpm download commands, fix succeeded filter
2017-03-17 18:56:26 +03:00
Matthew Mosesohn
3cfb76e57f
Merge pull request #1146 from mattymo/resolvconf_optimize
...
Condense resolvconf sources before starting loop
2017-03-17 18:42:32 +03:00
Matthew Mosesohn
25bff851dd
Merge pull request #1136 from adidenko/fix-calico-policy-order
...
Move calico-policy-controller into separate role
2017-03-17 17:32:14 +03:00
Aleksandr Didenko
3a39904011
Move calico-policy-controller into separate role
...
By default Calico CNI does not create any network access policies
or profiles if 'policy' is enabled in CNI config. And without any
policies/profiles network access to/from PODs is blocked.
K8s related policies are created by calico-policy-controller in
such case. So we need to start it as soon as possible, before any
real workloads.
This patch also fixes kube-api port in calico-policy-controller
yaml template.
Closes #1132
2017-03-17 11:21:52 +01:00
Matthew Mosesohn
a52064184e
Condense resolvconf sources before starting loop
2017-03-17 13:06:56 +03:00
Matthew Mosesohn
b0830f0cd7
Merge pull request #1087 from bradbeam/openstack
...
Adding openstack domain id
2017-03-16 17:53:14 +03:00
Matthew Mosesohn
8195957461
Merge branch 'master' into idempotency2
2017-03-16 09:29:43 +03:00
Matthew Mosesohn
02fed4a082
Merge pull request #1138 from mattymo/idempotency-fixes
...
Idempotency fixes for etcd certs and resolvconf tasks
2017-03-16 09:20:28 +03:00
Matthew Mosesohn
a422ad0d50
More idempotency fixes
...
Fixed sync_tokens fact
Fixed sync_certs for k8s tokens fact
Disabled register docker images changability
Fixed CNI dir permission
Fix idempotency for etcd pre upgrade checks
2017-03-15 19:06:39 +03:00
Matthew Mosesohn
4354162067
Merge pull request #1080 from VincentS/Granular_Auth_Control
...
Granular authentication Control
2017-03-15 13:12:51 +03:00
Matthew Mosesohn
a62a444229
Merge pull request #1117 from mattymo/etcd3-upgrade
...
Migrate k8s data to etcd3 api store
2017-03-15 12:56:06 +03:00
Matthew Mosesohn
f6b72fa830
Make resolvconf preinstall idempotent
2017-03-15 01:20:13 +04:00
Vincent Schwarzer
026da060f2
Granular authentication Control
...
It is now possible to deactivate selected authentication methods
(basic auth, token auth) inside the cluster by adding
removing the required arguments to the Kube API Server and generating
the secrets accordingly.
The x509 authentification is currently not optional because disabling it
would affect the kubectl clients deployed on the master nodes.
2017-03-14 16:57:35 +01:00
Matthew Mosesohn
3feab1cb2d
Merge pull request #1134 from mattymo/1.6-support
...
Explicitly set cni-bin-dir
2017-03-14 17:53:08 +03:00
Matthew Mosesohn
804e9a09c0
Migrate k8s data to etcd3 api store
...
Default backend is now etcd3 (was etcd2).
The migration process consists of the following steps:
* check if migration is necessary
* stop etcd on first etcd server
* run migration script
* start etcd on first etcd server
* stop kube-apiserver until configuration is updated
* update kube-apiserver
* purge old etcdv2 data
2017-03-14 17:50:20 +03:00
Matthew Mosesohn
4038954f96
Merge pull request #1078 from VincentS/oidc_support
...
Added Support for OpenID Connect Authentication
2017-03-14 12:07:21 +03:00
Matthew Mosesohn
52a6dd5427
Explicitly set cni-bin-dir
2017-03-13 20:13:21 +03:00
Matthew Mosesohn
c301dd5d94
Merge pull request #1118 from mattymo/noderolelabels
...
Add node labels in kubelet
2017-03-13 19:04:21 +03:00
Cesarini, Daniele
69636d2453
Adding /O=system:masters to admin certificate
...
Issue #1125 . Make RBAC authorization plugin work out of the box.
"When bootstrapping, superuser credentials should include the system:masters group, for example by creating a client cert with /O=system:masters. This gives those credentials full access to the API and allows an admin to then set up bindings for other users."
2017-03-08 14:42:25 +00:00
Brad Beam
d04fbf3f78
Removing cloud_provider tag to fix scenario where cloud_provider is not defined
2017-03-06 10:52:38 -06:00
Matthew Mosesohn
54207877bd
Add node labels in kubelet
...
Related-issue: https://github.com/kubernetes/community/issues/300
Upgraded nodes do not obtain labels automatically.
See https://github.com/kubernetes/kubernetes/pull/29459 for more details.
2017-03-06 17:18:42 +03:00
Vincent Schwarzer
b075960e3b
Added Support for OpenID Connect Authentication
...
To use OpenID Connect Authentication beside deploying an OpenID Connect
Identity Provider it is necesarry to pass additional arguments to the Kube API Server.
These required arguments were added to the kube apiserver manifest.
2017-03-06 12:40:35 +01:00
Antoine Legrand
85596c2610
Merge pull request #1045 from bradbeam/vsphere
...
Adding vsphere cloud provider support
2017-03-06 12:34:05 +01:00
Antoine Legrand
ee5f009b95
Merge pull request #1112 from mattymo/skip_vault_if_disabled
...
Disable vault role properly on ansible 2.2.0
2017-03-06 11:27:53 +01:00
Matthew Mosesohn
45274560ec
Disable vault role properly on ansible 2.2.0
...
when condition does not seem to work correctly at playbook
level for ansible 2.2.0.
2017-03-05 00:43:01 +04:00
Matthew Mosesohn
8f3d9e93ce
Merge pull request #1111 from mattymo/use_find_for_certs
...
Use find module for checking for certificates
2017-03-03 20:08:33 +03:00
Matthew Mosesohn
d176818c44
Use find module for checking for certificates
...
Also generate certs only when absent on master (rather than
when absent on target node)
2017-03-03 16:21:01 +03:00
Bogdan Dobrelya
aeec0f9a71
Merge pull request #1071 from vijaykatam/atomic_host
...
Add support for atomic host
2017-03-03 13:03:59 +01:00
Matthew Mosesohn
08a02af833
Merge pull request #1075 from VincentS/loadbalancer_aws
...
Possibility to add Loadbalancers without static IP (e.g. AWS ELB) #1074
2017-03-03 14:07:22 +03:00
Matthew Mosesohn
5ebc9a380c
Merge pull request #1060 from holser/etcdv3
...
Allow to specify etcd backend for kube-api
2017-03-02 17:24:09 +03:00
Vincent Schwarzer
68e8d74545
Changes based on feedback (additional ansible checks)
2017-03-02 11:04:10 +01:00
Vincent Schwarzer
fc054e21f6
Modified how adding LB for the Kube API is handled (AWS)
...
Until now it was not possible to add an API Loadbalancer
without an static IP Address. But certain Loadbalancers
like AWS Elastic Loadbalanacer dontt have an fixed IP address.
With this commit it is possible to add these kind of Loadbalancers
to the Kargo deployment.
2017-03-02 11:04:10 +01:00
Matthew Mosesohn
a5cd73d047
Merge pull request #959 from galthaus/host-mode-restart
...
Restart kube-controller for host_resolvconf mode
2017-03-01 20:54:21 +03:00
Vijay Katam
a0b1eda1d0
Add support for atomic host
...
Updates based on feedback
Simplify checks for file exists
remove invalid char
Review feedback. Use regular systemd file.
Add template for docker systemd atomic
2017-03-01 09:38:19 -08:00
Sergii Golovatiuk
295103adc0
Allow to specify etcd backend for kube-api
...
Kubernetes project is about to set etcdv3 as default storage engine in
1.6. This patch allows to specify particular backend for
kube-apiserver. User may force the option to etcdv3 for new environment.
At the same time if the environment uses v2 it will continue uses it
until user decides to upgrade to v3.
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-28 17:13:22 +01:00
Brad Beam
8a63b35f44
Adding flag for docker container in kubelet w/ rkt
2017-02-28 07:55:12 -06:00
Brad Beam
bfff06d402
Adding KUBELET_CLOUDPROVIDER to kubelet.rkt.service
2017-02-28 06:29:35 -06:00
Brad Beam
30a9899262
Making openstack domain name optional
2017-02-27 21:19:27 -06:00
Xavier Lange
dd10b8a27c
Bug fix: support kilo's keystone requirement for domain-name, extracts from ENV var
2017-02-27 21:18:30 -06:00
Brad Beam
dbf13290f5
Updating vsphere cloud provider support
2017-02-27 15:08:04 -06:00
Jan Jungnickel
df476b0088
Initial support for vsphere as cloud provider
2017-02-27 12:51:41 -06:00
Brad Beam
56664b34a6
Lower default memory requests
...
This is to address out of memory issues on CI as well as help
fit deployments for people starting out with kargo on smaller
machines
2017-02-27 10:53:43 -06:00
Bogdan Dobrelya
069606947c
Merge pull request #1063 from bogdando/fix
...
Align LB defaults with the HA docs
2017-02-27 10:14:42 +01:00
Sergii Golovatiuk
00cfead9bb
Increase SSL TTL to 3650 days
...
In real scenarios 365 days is short period of time. 3650 days is good
enough for long running k8s environments
2017-02-24 15:38:13 +01:00
Bogdan Dobrelya
f2a4619c57
Align LB defaults with the HA docs
...
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-02-23 10:32:44 +01:00
Bogdan Dobrelya
712872efba
Rework inventory all by real groups' vars
...
* Leave all.yml to keep only optional vars
* Store groups' specific vars by existing group names
* Fix optional vars casted as mandatory (add default())
* Fix missing defaults for an optional IP var
* Relink group_vars for terraform to reflect changes
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-02-23 09:43:42 +01:00
Matthew Mosesohn
8cbf3fe5f8
Merge pull request #1020 from mattymo/synthscale
...
Add synthetic scale deployment mode
2017-02-22 19:15:46 +03:00
Ivan Shvedunov
0006e5ab45
Fix shell special vars
2017-02-21 22:22:40 +03:00
Matthew Mosesohn
d821448e2f
Merge branch 'master' into synthscale
2017-02-21 22:17:43 +03:00
Matthew Mosesohn
0afadb9149
Merge pull request #1046 from skyscooby/pedantic-syntax-cleanup
...
Cleanup legacy syntax, spacing, files all to yml
2017-02-21 17:03:16 +03:00
Matthew Mosesohn
042d094ce7
Merge pull request #1034 from rutsky/fix-openssl-lb-index
...
fix load balancer DNS name index evaluation in openssl.conf
2017-02-20 20:23:26 +03:00
Matthew Mosesohn
3cc1491833
Merge branch 'master' into pedantic-syntax-cleanup
2017-02-20 20:19:38 +03:00
Abel Lopez
0bfc2d0f2f
Safe disable SELinux
...
Sometimes, a sysadmin might outright delete the SELinux rpms and
delete the configuration. This causes the selinux module to fail
with
```
IOError: [Errno 2] No such file or directory: '/etc/selinux/config'\n",
"module_stdout": "", "msg": "MODULE FAILURE"}
```
This simply checks that /etc/selinux/config exists before we try
to set it Permissive.
Update from feedback
2017-02-18 11:54:25 -08:00
Matthew Mosesohn
a21eb036ee
Add no_log to cert tar tasks
...
This works around 4MB limit for gitlab CI runner.
2017-02-18 14:09:57 +04:00
Andrew Greenwood
ca9ea097df
Cleanup legacy syntax, spacing, files all to yml
...
Migrate older inline= syntax to pure yml syntax for module args as to be consistant with most of the rest of the tasks
Cleanup some spacing in various files
Rename some files named yaml to yml for consistancy
2017-02-17 16:22:34 -05:00
Antoine Legrand
3629b9051d
Merge pull request #1038 from rutsky/kubelet-mount-var-log
...
Mount host's /var/log into kubelet container
2017-02-17 10:26:12 +01:00
Vladimir Rutsky
bff955ff7e
Mount host's /var/log into kubelet container
...
Kubelet is responsible for creating symlinks from /var/lib/docker to /var/log
to make fluentd logging collector work.
However without using host's /var/log those links are invisible to fluentd.
This is done on rkt configuration too.
2017-02-16 22:31:05 +03:00
Matthew Mosesohn
80c0e747a7
Fix references to CoreOS and Container Linux by CoreOS
...
Fixes #967
2017-02-16 19:25:17 +03:00
Vladimir Rutsky
a1ec6f401c
fix load balancer DNS name index evaluation in openssl.conf
...
Looks like OpenSSL still properly handles it, even with duplicated
"DNS.X" items.
2017-02-16 00:16:13 +03:00
Matthew Mosesohn
d92d955aeb
Merge pull request #985 from rutsky/check-mode-for-shell-commands
...
set "check_mode: on" for read-only "shell" steps that registers result
2017-02-15 17:53:41 +03:00
Brad Beam
4c891b8bb0
Adding support for proxy w/ rkt kubelet
2017-02-14 08:09:49 -06:00
Matthew Mosesohn
b7258ec3bb
Merge pull request #1013 from mattymo/remove_masqerade_all
...
Disable kube_proxy_masquerade_all
2017-02-14 14:00:29 +03:00
Matthew Mosesohn
f5e27f1a21
Merge pull request #1021 from holser/remove_deprecated
...
Replace always_run with check_mode
2017-02-14 11:25:58 +03:00
Vladimir Rutsky
09847567ae
set "check_mode: no" for read-only "shell" steps that registers result
...
"shell" step doesn't support check mode, which currently leads to failures,
when Ansible is being run in check mode (because Ansible doesn't run command,
assuming that command might have effect, and no "rc" or "output" is registered).
Setting "check_mode: no" allows to run those "shell" commands in check mode
(which is safe, because those shell commands doesn't have side effects).
2017-02-13 18:53:41 +03:00
Greg Althaus
2b10376339
When resolv.conf changes during host_resolvconf mode, we need to
...
restart the controller to get the new file configuration.
I'm not fond of this form and would like a better way, but this
seems to "work".
2017-02-13 09:20:02 -06:00
Sergii Golovatiuk
5f4cc3e1de
Replace always_run with check_mode
...
always_run was deprecated in Ansible 2.2 and will be removed in 2.4
ansible logs contain "[DEPRECATION WARNING]: always_run is deprecated.
Use check_mode = no instead". This patch fix deprecation.
2017-02-13 15:00:56 +01:00
Sergii Golovatiuk
aeadaa1184
Set ssl_ca_dirs for rkt based on fact
...
Since systemd kubelet.service has {{ ssl_ca_dirs }}, fact should be
gathered before writing kubelet.service.
Closes : #1007
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-13 13:28:29 +01:00
Matthew Mosesohn
2c532cb74d
Disable kube_proxy_masquerade_all
...
Fixes #1012
2017-02-10 13:16:39 +03:00
Bogdan Dobrelya
89ae9f1f88
Merge pull request #1002 from code0x9/master
...
use ansible sysctl module for config ip forwarding
2017-02-10 10:40:18 +01:00
Matthew Mosesohn
2f88c9eefe
Merge pull request #989 from holser/kubelet_remedy
...
Kubernetes Reliability Improvements
2017-02-10 09:29:29 +03:00
Sergii Golovatiuk
c07d60bc90
Kubernetes Reliability Improvements
...
- Exclude kubelet CPU/RAM (kube-reserved) from cgroup. It decreases a
chance of overcommitment
- Add a possibility to modify Kubelet node-status-update-frequency
- Add a posibility to configure node-monitor-grace-period,
node-monitor-period, pod-eviction-timeout for Kubernetes controller
manager
- Add Kubernetes Relaibility Documentation with recomendations for
various scenarios.
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-09 23:54:08 +01:00