chadswen
cd153a1fb3
Fix kubernetes cert permission sync
...
Add `state: directory` to `file` task so that `recurse: yes` will actually take effect and ensure
certs/keys have the right file mode and owner
2018-03-09 00:11:10 -06:00
Jonas Kongslund
a800ed094b
Added support for webhook authentication/authorization on the secure kubelet endpoint
2018-03-03 10:00:09 +04:00
Aivars Sterns
8b21034b31
Merge pull request #2344 from hswong3i/local_volume_provisioner_fixup
...
Upgrade Local Volume Provisioner Addon to v2.0.0
2018-03-01 13:12:44 +02:00
RongZhang
67ffd8e923
Add etcd-events cluster for kube-apiserver ( #2385 )
...
Add etcd-events cluster for kube-apiserver
2018-03-01 11:39:14 +03:00
Chad Swenson
af7edf4dff
Merge pull request #2369 from eviln1/fix-insecure-apiserver-port
...
fix apiserver manifest when disabling insecure_port
2018-02-28 17:48:08 -06:00
Matthew Mosesohn
7ef9f4dfdd
Revert "Add pre-upgrade task for moving credentials file" ( #2393 )
2018-02-28 22:41:52 +03:00
Brad Beam
ad89d1c876
Update pre_upgrade.yml
2018-02-28 19:07:44 +03:00
Matthew Mosesohn
bb469005b2
Add pre-upgrade task for moving credentials file
2018-02-27 17:35:15 +03:00
RongZhang
128d3ef94c
Fix run kubectl error ( #2199 )
...
* Fix run kubectl error
Fix run kubectl error when first master doesn't work
* if access_ip is define use first_kube_master
else different master use a different ip
* Delete set first_kube_master and use kube_apiserver_access_address
2018-02-27 16:32:20 +03:00
Nedim Haveric
2bd3776ddb
fix apiserver manifest when disabling insecure_port
2018-02-22 14:00:32 +01:00
Maxim Krasilnikov
ba91304636
Fixed generate front proxy client certs with vault ( #2359 )
...
* Fixed generate front proxy client certs with vault
* fix vault cert management
* Distrebute etcd node certs to vault hosts
2018-02-22 15:08:50 +03:00
Andreas Krüger
42a0f46268
Add health check to kube proxy ( #2356 )
...
Adding health checking to kube proxy. Fixes #2308
2018-02-21 23:14:45 +03:00
Andreas Krüger
d84ff06f73
Set filemode to 0640 ( #2315 )
...
* Set filemode to 0640
weave-net.yml file is readable by all users on the host. It however contains the weave_password to encrypt all pod communication. It should only be readable by root.
* Set mode 0640 on users_file with basic auth
2018-02-21 23:13:46 +03:00
Wong Hoi Sing Edison
d4c61d2628
Fixup for gce_centos7-flannel-addons
2018-02-21 13:41:25 +08:00
Wong Hoi Sing Edison
deef47c923
Upgrade Local Volume Provisioner Addon to v2.0.0
2018-02-21 13:41:25 +08:00
Chad Swenson
2de6da25a8
Merge pull request #2312 from woopstar/patch-7
...
Added iptables lock fix and ajusted oom-score
2018-02-19 22:47:07 -06:00
melkosoft
f13e76d022
Added cilium support ( #2236 )
...
* Added cilium support
* Fix typo in debian test config
* Remove empty lines
* Changed cilium version from <latest> to <v1.0.0-rc3>
* Add missing changes for cilium
* Add cilium to CI pipeline
* Fix wrong file name
* Check kernel version for cilium
* fixed ci error
* fixed cilium-ds.j2 template
* added waiting for cilium pods to run
* Fixed missing EOF
* Fixed trailing spaces
* Fixed trailing spaces
* Fixed trailing spaces
* Fixed too many blank lines
* Updated tolerations,annotations in cilium DS template
* Set cilium_version to iptables-1.9 to see if bug is fixed in CI
* Update cilium image tag to v1.0.0-rc4
* Update Cilium test case CI vars filenames
* Add optional prometheus flag, adjust initial readiness delay
* Update README.md with cilium info
2018-02-16 21:37:47 -06:00
Antoine Legrand
76a89039ad
Merge pull request #2285 from jasdeep-hundal/do_not_install_python_apt
...
Remove redundant python-apt install
2018-02-15 17:04:08 +01:00
Andreas Krüger
41ca67bf54
Added iptables lock fix and ajusted oom-score
...
xtables lock was missing. Added new option for oom-score to make sure it's not killed in an OOM situation before regular pods.
2018-02-12 10:21:38 +01:00
Virgil Chereches
d72232f15b
Increased timeout values for k8s API server restart
2018-02-12 07:35:29 +00:00
Maxim Krasilnikov
03c61685fb
Added apiserver extra args variable for kubeadm config ( #2291 )
2018-02-12 10:29:46 +03:00
Chia-liang Kao
338238d086
Fix version comparison
...
`FAILED! => {"changed": false, "msg": "AnsibleFilterError: Version comparison: unorderable types: str() < int()"}`
2018-02-10 03:49:49 +08:00
mlushpenko
4e61fb9cd3
Refactored kubeadm join process and fixed uncrodonng for master nodes
2018-02-09 15:51:47 +01:00
mlushpenko
b472c2df98
Fix safe upgrade
...
Even though there it kubeadm_token_ttl=0 which means that kubeadm token never expires, it is not present in `kubeadm token list` after cluster is provisioned (at least after it is running for some time) and there is issue regarding this https://github.com/kubernetes/kubeadm/issues/335 , so we need to create a new temporary token during the cluster upgrade.
2018-02-09 15:51:47 +01:00
jasdeep-hundal
f57abae01e
Remove redundant python-apt install
...
Ansible automatically installs the python-apt package when using
the 'apt' Ansible module, if python-apt is not present. This patch
removes the (unneeded) explicit installation in the Kubespray
'preinstall' role.
2018-02-08 18:59:37 -08:00
Aivars Sterns
c70c44b07b
Merge pull request #2257 from rzenker/tb/baremetal-tweaks
...
baremetal tweaks
2018-02-08 15:48:55 +00:00
Aivars Sterns
20583e3d15
Merge pull request #2067 from manics/sysctl-net-brfilter
...
Always set net.bridge.bridge-nf-call-* sysctl
2018-02-08 15:43:46 +00:00
Aivars Sterns
9f4588cd0c
Merge pull request #2266 from riverzhang/epel-release
...
Disalbe install epel-release rpm on Centos/Redhat
2018-02-08 15:42:28 +00:00
Antoine Legrand
7bce70339f
Merge pull request #2251 from woopstar/metrics-server-patch-2
...
Adding metrics-server support for K8s version 1.9
2018-02-08 11:16:44 +01:00
Brad Beam
384e5dd4c4
Merge pull request #2160 from kongslund/disable-read-only-port
...
Make the Kubelet read-only port configurable and disable it by default
2018-02-07 13:06:32 -06:00
woopstar
f9df692056
Issue front proxy certs for vault
2018-02-07 11:03:10 +01:00
woopstar
f193b12059
Kubeadm auto creates this
2018-02-07 10:50:34 +01:00
woopstar
2cd254954c
Remove defaults of allowed names. Updated kubeadm
2018-02-07 10:07:55 +01:00
woopstar
4dab92ce69
Rename from aggregator-proxy-client to front-proxy-client to match kubeadm design. Added kubeadm support too. Changed to use variables set and not hardcode paths. Still missing cert generation for Vault
2018-02-07 09:50:19 +01:00
rong.zhang
47adf4bce6
Disalbe install epel-release rpm on Centos/Redhat
...
1.Disalbe install epel-release rpm on Centos/Redhat
2.Use yum install epel-release
2018-02-07 14:58:50 +08:00
Ryan Zenker
ad9049a49e
baremetal tweaks
...
* allow installs to not have hostname overriden with fqdn from inventory
* calico-config no longer requires local as and will default to global
* when cloudprovider is not defined, use the inventory_hostname for cni-calico
* allow reset to not restart network (buggy nodes die with this cmd)
* default kube_override_hostname to inventory_hostname instead of ansible_hostname
2018-02-06 13:52:22 -05:00
Erwan Miran
8006a6cd82
local_volumes_enabled replaced by local_volume_provisioner_enabled
2018-02-06 17:12:09 +01:00
Antoine Legrand
bb4446e94c
Merge pull request #2226 from manics/supplemental-addresses
...
Enable additional addresses to be added to certificates
2018-02-06 13:51:54 +01:00
Antoine Legrand
d2102671cd
Merge pull request #2214 from woopstar/patch-3
...
Loadbalancer Apiserver Address is missing
2018-02-06 13:47:55 +01:00
woopstar
b2d30d68e7
Rename CN for aggreator back. Add flags to apiserver when version is >= 1.9
2018-02-05 20:37:14 +01:00
woopstar
82d10b882c
Added fixes from whereismyjetpack
2018-02-05 20:07:12 +01:00
Maxim Krasilnikov
95b8ac5f62
Added optional controller and scheduler extra args to kubeadm config ( #2205 )
2018-02-05 16:49:13 +03:00
woopstar
0b4168cad4
WIP. Adding metrics-server support for K8s version 1.9
2018-02-05 10:37:41 +01:00
Chad Swenson
bd1f0bcfd7
Merge pull request #2201 from riverzhang/ipvs
...
Support ipvs mode for kube-proxy
2018-02-01 22:29:52 -06:00
Spencer Smith
f7e8d1149a
Merge pull request #2229 from whereismyjetpack/etcd-quorum-read
...
--etcd-quorum-read is depricated in kube >= 1.9
2018-01-31 17:10:10 -05:00
Spencer Smith
c0a3bcf9b3
Merge pull request #2221 from Xuxe/patch-vcp-v1.9.2
...
Updated vSphere cloud provider config for Kubernetes >= v1.9.2 and added resource pool deployment variable
2018-01-31 16:06:07 -05:00
Dann Bohn
dc6c703741
--etcd-quorum-read is depricated in kube >= 1.9
2018-01-31 15:49:52 -05:00
Julian Hübenthal
7f79210ed1
reworked vsphere-cloud-config template
2018-01-31 16:51:23 +01:00
Simon Li
27a1a697e7
supplementary_addresses_in_ssl_keys can be a hostname
2018-01-31 15:16:08 +00:00
Aivars Sterns
c1267004ef
Merge pull request #2130 from ArchiFleKs/simplify_os_provider
...
Simplify and update OpenStack cloud provider
2018-01-31 12:02:02 +02:00