Commit graph

3569 commits

Author SHA1 Message Date
Samuel Liu
cd7212453e
Add etcd tls cipher suites (#7001)
* Add etcd tls cipher suites

* yamllint
2020-12-07 18:13:10 -08:00
Sergey
a69f2b09da
download run once feature for containerd (#6997) 2020-12-07 01:09:25 -08:00
Hans Feldt
878fe80ca3
add and use common crictl role (#6978) 2020-12-05 09:43:25 -08:00
Sander Klein
8331c1f858
Hold the docker-ce-cli (#6995)
This will make sure an upgrade doesn't upgrade the docker cli.
2020-12-04 18:21:25 -08:00
Florian Ruynat
f4a69d2827
Update docker to 19.03.14 and containerd to 1.3.9 (#6980) 2020-12-03 16:33:25 -08:00
Sergey
ed6cef85d8
add crio registry mirror support (#6977)
* add crio registry mirror support

* mdlint fix
2020-12-03 13:57:25 -08:00
OwenTuz
d315f73080
Ensure libseccomp is installed before starting containerd on CentOS 8 (#6922)
* Ensure libseccomp is installed before starting containerd on CentOS 8

* Simplify libseccomp install on CentOS 8

- Uses `package` module
- Replaces complex version check with 'state: latest'. The version must
  be > 2.3 when using with cri-o.
- Removes unnecessary `not is_ostree` condition as CentOS 8 does not use
  ostree
2020-12-03 13:43:26 -08:00
Sergey
06ec5393d7
up vagrant box to fedora/33-cloud-base in cri-o molecule tests (#6992) 2020-12-03 11:25:26 -08:00
Christoph Stäbler
1a491fc10c
Update hashes and set default to 1.19.4 (#6903) 2020-12-03 06:34:59 -08:00
Pasquale Toscano
488db81e36
Add pasqualet to approvers (#6976) 2020-12-03 00:58:59 -08:00
Emerson Ford
f377d9f057
Set etcd_.*_addresses to use etcd_[events_]access_address instead of access_ip (#6936) 2020-12-02 13:55:00 -08:00
Florian Ruynat
db4e942b0d
Remove hyperkube from codebase (#6965) 2020-12-02 13:50:59 -08:00
Etienne Champetier
68b96bdf1a
Helm v3 only (#6846)
* Fix etcd download dest

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* Only support Helm v3, cleanup install

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2020-12-02 00:20:50 -08:00
Victor Morales
4f7a760a94
Add crun support (#6864)
Signed-off-by: Victor Morales <v.morales@samsung.com>
2020-12-01 11:00:50 -08:00
Pasquale Toscano
f1231bb97d
Add molecule for Kata Containers with Containerd (#6905) 2020-11-30 23:34:49 -08:00
Hans Feldt
80eb1ad936
fix ansible password authentication (#6907)
* copying ssh key no longer required, works with password auth
* use copy module instead of synchronize (which requires sshpass)
* less tasks and always changed tasks
2020-11-30 15:12:50 -08:00
Danilo Riecken P. de Morais
cc5303e1c8
Add test for Fedora CoreOS before creating Docker service file (#6940) 2020-11-30 09:20:49 -08:00
Barry Melbourne
f6a5948f58
Upgrade Jetstack Cert-Manager v1.0.4 (#6937) 2020-11-30 06:52:50 -08:00
Florian Ruynat
f6eed8091e
Remove contiv related files (#6964) 2020-11-30 06:48:50 -08:00
Sergey
4a8a52bad9
containerd docker hub registry mirror support (#6962)
* containerd docker hub registry mirror support

* add docs

* fix typo

* fix yamllint

* fix indent in sample
and ansible-playbook param in testcases_run

* fix md

* mv common vars to tests/common/_docker_hub_registry_mirror.yml

* checkout vars to upgrade tests
2020-11-30 00:22:49 -08:00
Dmitry Chusovitin
c09aabab0c
Remove executable bit from yaml and j2 files (#6894) 2020-11-29 20:18:48 -08:00
Bas van den Brink
d47ba2b2ef
Disable CRI-O restart by Multus (#6930) 2020-11-28 08:52:47 -08:00
Bas van den Brink
17fb1ceed8
Allow airgapped CRI-O installation (#6927) 2020-11-28 08:38:47 -08:00
Clicia Scarlet
97ff67e54a
Fix yaml syntax error when use multilines in dns_etchosts (#6960) 2020-11-28 08:32:47 -08:00
Alexander D. Kanevskiy
d4204a42fd
Fix crictl paths and some of docker paths (#6961)
If crictl (and docker) binaries are deployed to the directories
that are not in standard PATH (e.g. /usr/local/bin), it is required
to specify full path to the binaries.
2020-11-28 08:30:47 -08:00
Kenichi Omichi
c6f6940459
Fix warning of "Enable ip forwarding" (#6953)
The task outputs the following warning:

  TASK [kubernetes/preinstall : Enable ip forwarding]
  [WARNING]: The value 1 (type int) in a string field was converted
  to u'1' (type string). If this does not look like what you expect,
  quote the entire value to ensure it does not change.
2020-11-27 03:54:49 -08:00
Florian Ruynat
d40701463f
Update kube-ovn to 1.5.2 (#6610) 2020-11-26 09:34:19 -08:00
Florian Ruynat
405692d793
Switch some image from dockerhub to k8s.gcr (also increase pkg retries) (#6955) 2020-11-26 08:46:19 -08:00
Bas van den Brink
7938748d77
Allow configuring container log limits for Kubelet (#6933) 2020-11-26 00:32:19 -08:00
Etienne Champetier
e909f84966
Bump nodelocaldns to 1.16.0 (#6916)
This new version uses the same base image as kube-proxy
(k8s.gcr.io/build-image/debian-iptables)
This allow to automatically pick iptables-legacy or iptables-nft,
and be compatible with RHEL/CentOS 8
https://github.com/kubernetes/dns/pull/367

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2020-11-25 17:10:19 -08:00
Andrii
8a153ed38e
Add serviceExternalIPs option for calico installation (#6928) 2020-11-25 05:34:39 -08:00
Barry Melbourne
eb16986f32
Add RHEL support subscription registration (#6572) 2020-11-24 08:33:00 -08:00
Lee Spottiswood
bd801de236
bump calico version to 3.16.5 (#6944) 2020-11-24 02:49:01 -08:00
Hans Feldt
ee23b947aa
fix flake8 errors in Kubespray CI - tox-inventory-builder (#6910)
* fix flake8 errors in Kubespray CI - tox-inventory-builder

* Invalidate CRI-O kubic repo's cache

Signed-off-by: Victor Morales <v.morales@samsung.com>

* add support to configure pkg install retries

and use in CI job tf-ovh_ubuntu18-calico (due to it failing often)

* Switch Calico, Cilium and MetalLB image repos to Quay.io

Co-authored-by: Victor Morales <v.morales@samsung.com>
Co-authored-by: Barry Melbourne <9964974+bmelbourne@users.noreply.github.com>
2020-11-22 23:47:35 -08:00
Hans Feldt
70bbb3e280
calico: avoid POD restart during initial deploy (#6886)
calico PODs are first started and then in a handler killed and
restarted for no reason, nothing has changed.

By using the existing variable 'calico_cni_config' (only defined when
calico has already started) the restart can be skipped.
2020-11-13 00:02:23 -08:00
Sebastian P
a27eebb225
Fix hash of pypy3.6-v7.3.2-linux64 archive. (#6897)
The previous hash was still that of v7.3.1, see https://www.pypy.org/download.html for the hash of the current release.
2020-11-11 09:20:27 -08:00
Mikael Johansson
93a1693040
Update BGPPeer CRD to match v3.16 of Calico (#6881) 2020-11-05 11:14:51 -08:00
Hans Feldt
544aa00c17
install etcdctl to host when etcd deployment type is kubeadm (#6857)
* create a wrapper script with pki options
* supports all kubespray managed container engines

Co-authored-by: Hans Feldt <hafe@users.noreply.github.com>
2020-11-04 00:20:04 -08:00
Hans Feldt
fc22453618
crio: avoid extra restart after install and upgrade (#6882)
Package upgrade restarts crio. By creating/updating config first,
an extra restart can be avoided.
2020-11-03 08:54:03 -08:00
David Medinets
fefcb8c9f8
Allow the eventRecordQPS setting to be set. (#6880)
* Allow the eventRecordQPS setting to be set.

The eventRecordQPS parameter controls rate limiting for event recording. When zero, unlimited events can cause denial-of-service situations. For my situation, I don't need more than a setting of "5". This change allows me to configure the setting before creating the cluster.

* Allow the eventRecordQPS setting to be set.

The default settings (see types.go) is five. So, this change does not affect the cluster provisioning. However, it does allow for the setting to be changed.
2020-11-03 00:42:15 -08:00
Victor Morales
9cf5dd0291
Use cgroup v1 in Fedora +31 (#6862)
Fedora 31 uses Cgroups v2 by default. This change by passes the kernel
parameter systemd.unified_cgroup_hierarchy=0.

Signed-off-by: Victor Morales <v.morales@samsung.com>
2020-11-02 06:32:53 -08:00
Kenichi Omichi
7a1f033c1d
Update helm stable repo (#6867)
As https://helm.sh/blog/new-location-stable-incubator-charts/
helm stable repo is changed to https://charts.helm.sh/stable
In addition, if using helm v3.4.0+ the old stable repo installation
is failed.
So this updates the stable repo to avoid such error.
2020-10-31 09:54:51 -07:00
Florian Ruynat
227e96469c
Minor update Calico and Cilium (#6871) 2020-10-29 07:14:59 -07:00
Michal Skalski
c93fa6effe
Handle dns_mode set to 'none' in generate nameservers task (#6825)
When dns_mode was set to 'none' the coredns_server became an empty
string and invalid operation of adding string to list was executed.
2020-10-29 01:04:58 -07:00
Mikhail Snetkov
c25d624524
Register missing outputs in role "remove-node" (#6856) 2020-10-28 12:55:56 -07:00
David Medinets
12ab8b7af3
update version of ingress-nginx controller in docs. (#6855)
* update version of ingress-nginx controller.

Change tag from controller-v0.34.0 to controller-v0.40.2 to use newest tag.

* Update docs about aws deploy templates.

In the yaml templates, there is no mention of idle timeouts. This is why I removed the documentation about it. This might be a mistake. Please verify this. I don't know enough to verify it myself.

* Change label when checking version.

When checking for `app.kubernetes.io/name=ingress-nginx`, a completed pod was selected which is not helpful when trying to `exec`. Changing the label selects the running controller pod.

* put back the information about ELB Idle Timeouts.

When I removed the information, I had overlooked that it was mentioned in the L7 yaml file. Thanks.
2020-10-28 11:05:57 -07:00
axelgobletbdr
097bec473c
fixed bug in etcd retention where backups are not sorted by date (#6860)
* fixed bug in etcd retention where backups are not sorted by date

* added directory filter to find command
2020-10-28 09:09:57 -07:00
Hans Feldt
d36b5d7d55
Install cri-o with package version (#6853)
and thereby support upgrade from e.g. 1.18.x to 1.19.y

Included OSes:
- Centos7/8
- Ubuntu18/20

New variables for overriding by default installed packages:
- centos_crio_packages
- ubuntu_crio_packages
2020-10-26 08:35:02 -07:00
axelgobletbdr
4b858b6466
Fixes 6621 etcd backup directory is consuming much rootfs disk space (#6836)
* added an ansible var to manage retention of etcd backups

* refactord ls/grep into find in etcd backup removal command
2020-10-23 07:09:57 -07:00
Victor Morales
e03e3c4582
Add Kata Containers support to CRI-O runtime (#6830)
* Enable Kata Containers for CRI-O runtime

Kata Containers is an OCI runtime where containers are run inside
lightweight VMs. This runtime has been enabled for containerd runtime
thru the kata_containers_enabled variable. This change enables Kata
Containers to CRI-O container runtime.

Signed-off-by: Victor Morales <v.morales@samsung.com>

* Set appropiate conmon_cgroup when crio_cgroup_manager is 'cgroupfs'

* Set manage_ns_lifecycle=true when KataContainers is enabed

* Add preinstall check for katacontainers

Signed-off-by: Victor Morales <v.morales@samsung.com>

Co-authored-by: Pasquale Toscano <pasqualetoscano90@gmail.com>
2020-10-23 03:07:46 -07:00