Commit graph

747 commits

Author SHA1 Message Date
chadswen
cd153a1fb3 Fix kubernetes cert permission sync
Add `state: directory` to `file` task so that `recurse: yes` will actually take effect and ensure
certs/keys have the right file mode and owner
2018-03-09 00:11:10 -06:00
Jonas Kongslund
a800ed094b Added support for webhook authentication/authorization on the secure kubelet endpoint 2018-03-03 10:00:09 +04:00
Aivars Sterns
8b21034b31
Merge pull request #2344 from hswong3i/local_volume_provisioner_fixup
Upgrade Local Volume Provisioner Addon to v2.0.0
2018-03-01 13:12:44 +02:00
RongZhang
67ffd8e923 Add etcd-events cluster for kube-apiserver (#2385)
Add etcd-events cluster for kube-apiserver
2018-03-01 11:39:14 +03:00
Chad Swenson
af7edf4dff
Merge pull request #2369 from eviln1/fix-insecure-apiserver-port
fix apiserver manifest when disabling insecure_port
2018-02-28 17:48:08 -06:00
Matthew Mosesohn
7ef9f4dfdd
Revert "Add pre-upgrade task for moving credentials file" (#2393) 2018-02-28 22:41:52 +03:00
Brad Beam
ad89d1c876 Update pre_upgrade.yml 2018-02-28 19:07:44 +03:00
Matthew Mosesohn
bb469005b2 Add pre-upgrade task for moving credentials file 2018-02-27 17:35:15 +03:00
RongZhang
128d3ef94c Fix run kubectl error (#2199)
* Fix run kubectl error

Fix run kubectl error when first master doesn't work

* if access_ip is define use first_kube_master
else different master use a different ip

* Delete set first_kube_master and use kube_apiserver_access_address
2018-02-27 16:32:20 +03:00
Nedim Haveric
2bd3776ddb fix apiserver manifest when disabling insecure_port 2018-02-22 14:00:32 +01:00
Maxim Krasilnikov
ba91304636 Fixed generate front proxy client certs with vault (#2359)
* Fixed generate front proxy client certs with vault

* fix vault cert management

* Distrebute etcd node certs to vault hosts
2018-02-22 15:08:50 +03:00
Andreas Krüger
42a0f46268 Add health check to kube proxy (#2356)
Adding health checking to kube proxy. Fixes #2308
2018-02-21 23:14:45 +03:00
Andreas Krüger
d84ff06f73 Set filemode to 0640 (#2315)
* Set filemode to 0640

weave-net.yml file is readable by all users on the host. It however contains the weave_password to encrypt all pod communication. It should only be readable by root.

* Set mode 0640 on users_file with basic auth
2018-02-21 23:13:46 +03:00
Wong Hoi Sing Edison
d4c61d2628 Fixup for gce_centos7-flannel-addons 2018-02-21 13:41:25 +08:00
Wong Hoi Sing Edison
deef47c923 Upgrade Local Volume Provisioner Addon to v2.0.0 2018-02-21 13:41:25 +08:00
Chad Swenson
2de6da25a8
Merge pull request #2312 from woopstar/patch-7
Added iptables lock fix and ajusted oom-score
2018-02-19 22:47:07 -06:00
melkosoft
f13e76d022 Added cilium support (#2236)
* Added cilium support

* Fix typo in debian test config

* Remove empty lines

* Changed cilium version from <latest> to <v1.0.0-rc3>

* Add missing changes for cilium

* Add cilium to CI pipeline

* Fix wrong file name

* Check kernel version for cilium

* fixed ci error

* fixed cilium-ds.j2 template

* added waiting for cilium pods to run

* Fixed missing EOF

* Fixed trailing spaces

* Fixed trailing spaces

* Fixed trailing spaces

* Fixed too many blank lines

* Updated tolerations,annotations in cilium DS template

* Set cilium_version to iptables-1.9 to see if bug is fixed in CI

* Update cilium image tag to v1.0.0-rc4

* Update Cilium test case CI vars filenames

* Add optional prometheus flag, adjust initial readiness delay

* Update README.md with cilium info
2018-02-16 21:37:47 -06:00
Antoine Legrand
76a89039ad
Merge pull request #2285 from jasdeep-hundal/do_not_install_python_apt
Remove redundant python-apt install
2018-02-15 17:04:08 +01:00
Andreas Krüger
41ca67bf54
Added iptables lock fix and ajusted oom-score
xtables lock was missing. Added new option for oom-score to make sure it's not killed in an OOM situation before regular pods.
2018-02-12 10:21:38 +01:00
Virgil Chereches
d72232f15b Increased timeout values for k8s API server restart 2018-02-12 07:35:29 +00:00
Maxim Krasilnikov
03c61685fb
Added apiserver extra args variable for kubeadm config (#2291) 2018-02-12 10:29:46 +03:00
Chia-liang Kao
338238d086
Fix version comparison
`FAILED! => {"changed": false, "msg": "AnsibleFilterError: Version comparison: unorderable types: str() < int()"}`
2018-02-10 03:49:49 +08:00
mlushpenko
4e61fb9cd3 Refactored kubeadm join process and fixed uncrodonng for master nodes 2018-02-09 15:51:47 +01:00
mlushpenko
b472c2df98 Fix safe upgrade
Even though there it kubeadm_token_ttl=0 which means that kubeadm token never expires, it is not present in `kubeadm token list` after cluster is provisioned (at least after it is running for some time) and there is issue regarding this https://github.com/kubernetes/kubeadm/issues/335, so we need to create a new temporary token during the cluster upgrade.
2018-02-09 15:51:47 +01:00
jasdeep-hundal
f57abae01e Remove redundant python-apt install
Ansible automatically installs the python-apt package when using
the 'apt' Ansible module, if python-apt is not present. This patch
removes the (unneeded) explicit installation in the Kubespray
'preinstall' role.
2018-02-08 18:59:37 -08:00
Aivars Sterns
c70c44b07b
Merge pull request #2257 from rzenker/tb/baremetal-tweaks
baremetal tweaks
2018-02-08 15:48:55 +00:00
Aivars Sterns
20583e3d15
Merge pull request #2067 from manics/sysctl-net-brfilter
Always set net.bridge.bridge-nf-call-* sysctl
2018-02-08 15:43:46 +00:00
Aivars Sterns
9f4588cd0c
Merge pull request #2266 from riverzhang/epel-release
Disalbe install epel-release rpm on Centos/Redhat
2018-02-08 15:42:28 +00:00
Antoine Legrand
7bce70339f
Merge pull request #2251 from woopstar/metrics-server-patch-2
Adding metrics-server support for K8s version 1.9
2018-02-08 11:16:44 +01:00
Brad Beam
384e5dd4c4
Merge pull request #2160 from kongslund/disable-read-only-port
Make the Kubelet read-only port configurable and disable it by default
2018-02-07 13:06:32 -06:00
woopstar
f9df692056 Issue front proxy certs for vault 2018-02-07 11:03:10 +01:00
woopstar
f193b12059 Kubeadm auto creates this 2018-02-07 10:50:34 +01:00
woopstar
2cd254954c Remove defaults of allowed names. Updated kubeadm 2018-02-07 10:07:55 +01:00
woopstar
4dab92ce69 Rename from aggregator-proxy-client to front-proxy-client to match kubeadm design. Added kubeadm support too. Changed to use variables set and not hardcode paths. Still missing cert generation for Vault 2018-02-07 09:50:19 +01:00
rong.zhang
47adf4bce6 Disalbe install epel-release rpm on Centos/Redhat
1.Disalbe install epel-release rpm on Centos/Redhat
2.Use yum install epel-release
2018-02-07 14:58:50 +08:00
Ryan Zenker
ad9049a49e baremetal tweaks
* allow installs to not have hostname overriden with fqdn from inventory
* calico-config no longer requires local as and will default to global
* when cloudprovider is not defined, use the inventory_hostname for cni-calico
* allow reset to not restart network (buggy nodes die with this cmd)
* default kube_override_hostname to inventory_hostname instead of ansible_hostname
2018-02-06 13:52:22 -05:00
Erwan Miran
8006a6cd82 local_volumes_enabled replaced by local_volume_provisioner_enabled 2018-02-06 17:12:09 +01:00
Antoine Legrand
bb4446e94c
Merge pull request #2226 from manics/supplemental-addresses
Enable additional addresses to be added to certificates
2018-02-06 13:51:54 +01:00
Antoine Legrand
d2102671cd
Merge pull request #2214 from woopstar/patch-3
Loadbalancer Apiserver Address is missing
2018-02-06 13:47:55 +01:00
woopstar
b2d30d68e7 Rename CN for aggreator back. Add flags to apiserver when version is >= 1.9 2018-02-05 20:37:14 +01:00
woopstar
82d10b882c Added fixes from whereismyjetpack 2018-02-05 20:07:12 +01:00
Maxim Krasilnikov
95b8ac5f62 Added optional controller and scheduler extra args to kubeadm config (#2205) 2018-02-05 16:49:13 +03:00
woopstar
0b4168cad4 WIP. Adding metrics-server support for K8s version 1.9 2018-02-05 10:37:41 +01:00
Chad Swenson
bd1f0bcfd7
Merge pull request #2201 from riverzhang/ipvs
Support ipvs mode for kube-proxy
2018-02-01 22:29:52 -06:00
Spencer Smith
f7e8d1149a
Merge pull request #2229 from whereismyjetpack/etcd-quorum-read
--etcd-quorum-read is depricated in kube >= 1.9
2018-01-31 17:10:10 -05:00
Spencer Smith
c0a3bcf9b3
Merge pull request #2221 from Xuxe/patch-vcp-v1.9.2
Updated vSphere cloud provider config for Kubernetes >= v1.9.2 and added resource pool deployment variable
2018-01-31 16:06:07 -05:00
Dann Bohn
dc6c703741 --etcd-quorum-read is depricated in kube >= 1.9 2018-01-31 15:49:52 -05:00
Julian Hübenthal
7f79210ed1 reworked vsphere-cloud-config template 2018-01-31 16:51:23 +01:00
Simon Li
27a1a697e7
supplementary_addresses_in_ssl_keys can be a hostname 2018-01-31 15:16:08 +00:00
Aivars Sterns
c1267004ef
Merge pull request #2130 from ArchiFleKs/simplify_os_provider
Simplify and update OpenStack cloud provider
2018-01-31 12:02:02 +02:00