Aleksandr Didenko
caa81f3ac2
Fix etcd ssl for canal
...
- Move CNI configuration from `kubernetes/node` role to
`network_plugin/canal`
- Create SSL dir for Canal and symlink etcd SSL files
- Add needed options to `canal-config` configmap
- Run flannel and calico-node containers with proper configuration
2016-11-14 14:49:17 +01:00
Matthew Mosesohn
46ee9faca9
Fix ca certificate loading on CoreOS
2016-11-14 08:47:09 +04:00
Matthew Mosesohn
6cc05c103a
Merge pull request #592 from artem-panchenko/support_golang_calicoctl
...
Support new version of 'calicoctl' (>=v1.0.0)
2016-11-11 13:55:24 +03:00
Bogdan Dobrelya
88577b9889
Merge pull request #593 from bogdando/label_apps
...
Label k8s apps, adjust collect info commands
2016-11-10 18:09:05 +01:00
Bogdan Dobrelya
5821f9748a
Merge pull request #594 from adidenko/fix-calico-policy-controller
...
Fix policy controller
2016-11-10 16:15:36 +01:00
Artem Panchenko
c58bd33af7
Support new version of 'calicoctl' (>=v1.0.0)
...
Since version 'v1.0.0-beta' calicoctl is written
in Go and its API differs from old Python based
utility. Added support of both old and new version
of the utility.
2016-11-10 17:11:29 +02:00
Bogdan Dobrelya
cf7c60029b
Label k8s apps, adjust collect/upload info steps
...
- Drop debugs from collect-info playbook
- Drop sudo from collect-info step and add target dir var (required for travis jobs)
- Label all k8s apps, including static manifests
- Add logs for K8s apps to be collected as well
- Fix upload to GCS as a public-read tarball
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-10 16:05:50 +01:00
Aleksandr Didenko
251800eb16
Fix policy controller
...
'etcd_cert_dir' variable is missing from 'kubernetes-apps/ansible'
role which breaks Calico policy controller deployment.
Also fixing calico-policy-controller.yml.
2016-11-10 13:31:31 +01:00
Matthew Mosesohn
fe16fecd8f
Fix canal's calico networking config for ETCD TLS
...
Also fixes kube-apiserver upgrade that was erroneously
deleted in a previous commit.
2016-11-10 12:49:47 +03:00
Matthew Mosesohn
9ea9604b3f
Merge pull request #591 from kubernetes-incubator/etcdtls
...
Add etcd tls support
2016-11-10 12:32:13 +03:00
Matthew Mosesohn
a32cd85eb7
Add etcd TLS support
2016-11-09 18:38:28 +03:00
Matthew Mosesohn
95b460ae94
Remove etcd-proxy from all nodes and use etcd multiaccess
2016-11-09 13:31:12 +03:00
Bogdan Dobrelya
764a2fd5a8
Merge pull request #588 from adidenko/canal-support
...
Adding support for canal network plugin
2016-11-09 10:31:56 +01:00
Aleksandr Didenko
4ece73d432
Fix idempotency of calico-policy-controller rs
...
We need to specify kube resource type and name in order to avoid
playbook errors related to k8s resource duplication.
2016-11-08 12:59:18 +01:00
Aleksandr Didenko
60a217766f
Add ConfigMap for basic configuration options
...
Container settings moved from deamonset yaml to a separate
configmap.
2016-11-08 12:57:34 +01:00
Aleksandr Didenko
309240cd6f
Adding support for canal network plugin
...
This patch provides support for Canal network plugin installation
as a self-hosted app, see the following link for details:
https://github.com/tigera/canal/tree/master/k8s-install
2016-11-08 11:04:01 +01:00
Spencer Smith
8f20d90f88
update admission controllers for > 1.4
2016-11-04 12:54:35 -04:00
Jan Jungnickel
f9355ea14d
Swap order in which we reload docker/socket
2016-11-01 13:12:40 +01:00
Jan Jungnickel
2ca6819cdf
Reload docker.socket after installing flannel on coreos
...
Workaround for #569
2016-11-01 13:12:32 +01:00
Smaine Kahlouch
d6f206b5fd
Merge pull request #561 from kubespray/rsync_certs
...
Use tar+register instead of copy/slurp for distributing tokens and certs
2016-10-27 10:52:41 +02:00
Matthew Mosesohn
2778ac61a4
Add new var skip_dnsmasq_k8s
...
If skip_dnsmasq is set, it will still not set up dnsmasq
k8s pod. This enables independent setup of resolvconf section
before kubelet is up.
2016-10-26 17:56:15 +03:00
Matthew Mosesohn
c7b00caeaa
Use tar+register instead of copy/slurp for distributing tokens and certs
...
Related bug: https://github.com/ansible/ansible/issues/15405
Uses tar and register because synchronize module cannot sudo on the
remote side correctly and copy is too slow.
This patch dramatically cuts down the number of tasks to process
for cert synchronization.
2016-10-26 15:46:18 +03:00
Bogdan Dobrelya
c59c3a1bcf
Fix idempotency/recurrence of download and preinstall
...
* Don't push containers if not changed
* Do preinstall role only once and redistribute defaults to
corresponding roles
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-10-24 18:28:53 +02:00
Smaine Kahlouch
4c0bf6225a
Merge pull request #562 from kubespray/enable_standalone_node
...
Enable standalone node deployment
2016-10-24 13:10:53 +02:00
Smaine Kahlouch
b11662a887
Merge pull request #558 from chadswen/etcdctl-path
...
Use absolute path for etcdctl
2016-10-21 23:06:15 +02:00
Matthew Mosesohn
11f1f71b3b
dynamically calculate etcd peer names
2016-10-21 16:17:50 +03:00
Matthew Mosesohn
0e9d1e09e3
Sync master tokens only with those in play_hosts
2016-10-21 14:43:41 +03:00
Matthew Mosesohn
65d2a3b0e5
Use only native cachable hostvars for etcd set_facts
2016-10-21 14:39:58 +03:00
Matthew Mosesohn
4b7347f1cd
fix dnsmasq template cloud_provider lookup
2016-10-21 13:00:40 +03:00
Chad Swenson
e6902d8ecc
Use absolute path for etcdctl
...
Small fix. The shell module won't automatically resolve the path to the etcdctl binary, so i prefixed with {{ bin_dir }}/
2016-10-20 14:56:52 -05:00
Smaine Kahlouch
a423927ac9
Merge pull request #546 from chadswen/dependency-variables
...
Parameterize dependency endpoints
2016-10-18 18:42:17 +02:00
Smana
91a101c855
upgrade to k8s v1.4.3
2016-10-18 12:52:35 +02:00
Chad Swenson
c402feffbd
Parameterize several dependency endpoints so that they can be overridden with internal mirrors.
...
Signed-off-by: Chad Swenson <chadswen@gmail.com>
2016-10-15 12:26:52 -05:00
Smana
dd022f2dbc
upgrade calico version v0.22.0
2016-10-15 15:01:45 +02:00
Smana
21273926ce
upgrade flannel version
2016-10-12 21:55:39 +02:00
Matthew Mosesohn
71347322d6
Add cluster-cidr to kube-proxy config
...
This option enables masquerading for traffic directed at pods
that comes frmom outside the cluster.
2016-10-12 19:13:33 +03:00
Smaine Kahlouch
c9769965b8
Merge pull request #540 from aateem/enable-network-policy
...
Add possibility to enable network policy via Calico network controller
2016-10-11 12:10:56 +02:00
Smana
056f4b6c00
upgrade to kubernetes version 1.4.0
...
test to change the machine type
Revert "test to change the machine type"
This reverts commit 7a91f1b5405a39bee6cb91940b09a0b0f9d3aee1.
use google dns server when no upstream dns are defined
comment upstream_dns_servers
update documentation
remove deprecated kubelet flags
Revert "remove deprecated kubelet flags"
This reverts commit 21e3b893c896d0291c36a07d0414f4cb88b8d8ac.
2016-10-10 22:44:47 +02:00
Artem Roma
3919d666c1
Add possibility to enable network policy via Calico network controller
...
The requirements for network policy feature are described here [1]. In
order to enable it, appropriate configuration must be provided to the CNI
plug in and Calico policy controller must be set up. Beside that
corresponding extensions needed to be enabled in k8s API.
Now to turn on the feature user can define `enable_network_policy`
customization variable for Ansible.
[1] http://kubernetes.io/docs/user-guide/networkpolicies/
2016-10-10 17:22:12 +03:00
Sergey Vasilenko
dea4210da1
Bump Calico-CNI plugin binaries versions
...
and correct checksums
2016-10-07 13:14:46 +03:00
Sergey Vasilenko
a6344f7561
Changes in Kubernetes and Calico-CNI plugin config files
...
required for usage of Calico CNI plugin version 1.4.2
2016-10-06 19:33:16 +03:00
Smaine Kahlouch
c490e5c8a1
Merge pull request #528 from kubespray/proxy-nginx
...
Use nginx proxy on non-master nodes to proxy apiserver traffic
2016-10-05 19:19:32 +02:00
Matthew Mosesohn
84052ff0b6
use nginx proxy on non-master nodes to proxy apiserver traffic
...
Also adds all masters by hostname and localhost/127.0.0.1 to
apiserver SSL certificate.
Includes documentation update on how localhost loadbalancer works.
2016-10-05 20:09:10 +03:00
Smaine Kahlouch
9ca374a88d
Merge pull request #491 from kubespray/calicopools
...
Allow calico to configure pool if tree exists, but no pools defined
2016-10-05 17:12:26 +02:00
Smaine Kahlouch
648aa7422d
Merge pull request #522 from anthonyhaussman/KubeVersionDefaults
...
Move kube_version var to defaults
2016-10-05 17:11:59 +02:00
Matthew Mosesohn
2e90d3fe76
Merge branch 'master' into reverselookups
2016-10-05 14:46:47 +03:00
Matthew Mosesohn
f4e6fdc193
Enable quorum read for apiserver
...
This reduces the likelihood of apiserver status updates
timing out due to etcd write conflicts.
2016-10-04 18:31:42 +03:00
Aleksandr Didenko
fb0ee9d84a
Add support for --masquerade-all in kube-proxy
...
New boolean var `kube_proxy_masquerade_all` which enables/disables
`--masquerade-all` argument for kube-proxy.
Closes #524
2016-10-03 12:24:43 +02:00
Bogdan Dobrelya
a6a5d0e068
Skip download_run_once for binaries as unimplemented yet
...
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-30 10:55:02 +02:00
Matthew Mosesohn
d9641771ed
add kube-masters to SSL certificate
2016-09-29 15:12:30 +03:00