Commit graph

135 commits

Author SHA1 Message Date
Bogdan Dobrelya
d08d2fd808 Fix separate etcd nodes and calico
Admin certs are only available for kube-master nodes.
When etcd nodes are separate, calico fails to access them with
missing admin certs and etcd fails to configure ETCD_PEER_* env
vars due to missing member certs.

Fix this by switching curls to the first etcd node
and delegate to the first master. This assumes only admin certs
allow to get calico keys from etcd but not member/node certs.
Also move member certs from master_certs to node_certs list as
ETCD(_PEER)_CERT/KEY env vars expects.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-25 17:24:16 +01:00
Aleksandr Didenko
ff7d489f2d Update calico/ctl image tag
We no longer need to use v0.22.0 for calicoctl since Kargo has
support for new calicoctl CLI format.

Also fixing condition logic for calico pool task.
2016-11-25 11:23:27 +01:00
Artem Panchenko
2c4b11f321 Fix Calico jinja template (systemd) 2016-11-23 11:43:53 +02:00
Bogdan Dobrelya
dff78f616e Allow pre-downloaded images to be used effectively
According to http://kubernetes.io/docs/user-guide/images/ :
By default, the kubelet will try to pull each image from the
specified registry. However, if the imagePullPolicy property
of the container is set to IfNotPresent or Never, then a local\
image is used (preferentially or exclusively, respectively).

Use IfNotPresent value to allow images prepared by the download
role dependencies to be effectively used by kubelet without pull
errors resulting apps to stay blocked in PullBackOff/Error state
even when there are images on the localhost exist.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-22 16:16:04 +01:00
Bogdan Dobrelya
dc58159d16 Merge pull request #621 from xenolog/calico_network_backend
Add ability to define network backend for Calico.
2016-11-22 14:55:47 +01:00
Bogdan Dobrelya
66f27ed1f3 Download images as dependencies of roles
Pre download all required container images as roles' deps.
Drop unused flannel-server-helper images pre download.
Improve pods creation post-install test pre downloaded busybox.
Improve logs collection script with kubectl describe, fix sudo/etcd/weave
commands.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-22 11:13:57 +01:00
Sergey Vasilenko
f6d69d0a00 Add ability to define network backend for Calico.
This patch introduce `calico_network_backend` global variable,
which allow to describe alternative network backend.
Default behavior is unchanged.
2016-11-18 16:38:18 +03:00
Aleksandr Didenko
e3470b28c5 Move CNI config and add MTU support for calico-cni
- Move CNI configuration creation for Calico to appropriate
network_plugin role from kubernetes/node.
- Add support for MTU configuration in Calico.
2016-11-15 18:05:11 +01:00
Bogdan Dobrelya
e587e82f7f Merge pull request #600 from adidenko/calico-cni-container-support
Replace calico-cni binaries with calico/cni container
2016-11-15 15:40:13 +01:00
Bogdan Dobrelya
876c4df1b6 Fix mountflags and kubelet config
Add missing --require-kubeconfig to the if..else stanza.
Make sure certs dirs mounted in RO.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-15 11:22:23 +01:00
Aleksandr Didenko
caa81f3ac2 Fix etcd ssl for canal
- Move CNI configuration from `kubernetes/node` role to
`network_plugin/canal`
- Create SSL dir for Canal and symlink etcd SSL files
- Add needed options to `canal-config` configmap
- Run flannel and calico-node containers with proper configuration
2016-11-14 14:49:17 +01:00
Aleksandr Didenko
965a1234d3 Replace calico-cni binaries with calico/cni container
Calico CNI binaries are also released/shipped in calico/cni
container. This patch replaces download of calico CNI binaries with
calico/cni container.
2016-11-14 12:19:58 +01:00
Artem Panchenko
c58bd33af7 Support new version of 'calicoctl' (>=v1.0.0)
Since version 'v1.0.0-beta' calicoctl is written
in Go and its API differs from old Python based
utility. Added support of both old and new version
of the utility.
2016-11-10 17:11:29 +02:00
Matthew Mosesohn
fe16fecd8f Fix canal's calico networking config for ETCD TLS
Also fixes kube-apiserver upgrade that was erroneously
deleted in a previous commit.
2016-11-10 12:49:47 +03:00
Matthew Mosesohn
9ea9604b3f Merge pull request #591 from kubernetes-incubator/etcdtls
Add etcd tls support
2016-11-10 12:32:13 +03:00
Matthew Mosesohn
a32cd85eb7 Add etcd TLS support 2016-11-09 18:38:28 +03:00
Matthew Mosesohn
95b460ae94 Remove etcd-proxy from all nodes and use etcd multiaccess 2016-11-09 13:31:12 +03:00
Aleksandr Didenko
60a217766f Add ConfigMap for basic configuration options
Container settings moved from deamonset yaml to a separate
configmap.
2016-11-08 12:57:34 +01:00
Aleksandr Didenko
309240cd6f Adding support for canal network plugin
This patch provides support for Canal network plugin installation
as a self-hosted app, see the following link for details:

https://github.com/tigera/canal/tree/master/k8s-install
2016-11-08 11:04:01 +01:00
Smana
056f4b6c00 upgrade to kubernetes version 1.4.0
test to change the machine type

Revert "test to change the machine type"

This reverts commit 7a91f1b5405a39bee6cb91940b09a0b0f9d3aee1.

use google dns server when no upstream dns are defined

comment upstream_dns_servers

update documentation

remove deprecated kubelet flags

Revert "remove deprecated kubelet flags"

This reverts commit 21e3b893c896d0291c36a07d0414f4cb88b8d8ac.
2016-10-10 22:44:47 +02:00
Smaine Kahlouch
9ca374a88d Merge pull request #491 from kubespray/calicopools
Allow calico to configure pool if tree exists, but no pools defined
2016-10-05 17:12:26 +02:00
Aleksandr Didenko
2b6866484e Allow to use custom "canalized" calico cni
- Allow to overwrite calico cni binaries copied from hyperkube
  by the custom ones.
- Fix calico-ipam deployment (it had wrong source in rsync)
- Make copy from hyperkube idempotent (use rsync instead of cp)
- Remove some orphaned comments
2016-09-28 18:09:20 +02:00
Anthony Haussmann
550bda951e Change method to set use_hyperkube_cni var bool
The precedent method returb a string "True\n" or "False\n", it seems to be an Ansible bug.
New method return a boolean
2016-09-27 16:41:09 +02:00
Matthew Mosesohn
a3fe1e78df Copy hyperkube CNI plugins when using weave 2016-09-26 12:02:19 +03:00
Matthew Mosesohn
a93639650f Allow calico to configure pool if tree exists, but no pools defined 2016-09-19 15:27:47 +03:00
Bogdan Dobrelya
5ed3916f82 Fix use_hyperkube_cni logic
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-16 13:07:04 +02:00
Bogdan Dobrelya
390764c2b4 Add retry_stagger var for failed download/pushes.
* Add the retry_stagger var to tweak push and retry time strategies.
* Add large deployments related docs.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-15 16:43:58 +02:00
Bogdan Dobrelya
422428908a Download containers and save all
Move version/repo vars to download role.
Add container to download params, which overrides url/source_url,
if enabled.
Fix networking plugins download depending on kube_network_plugin.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-15 16:43:56 +02:00
Matthew Mosesohn
b69d5f6e6e Fix logic handling for use_hyperkube_cni 2016-09-15 16:09:40 +03:00
Smaine Kahlouch
125cb0aa64 Merge pull request #481 from bogdando/issue/479
Add retries for copying binaries from containers and packages
2016-09-14 10:04:32 +02:00
Bogdan Dobrelya
6fdcaa1a63 Add retries for copying binaries from containers
Closes issue: https://github.com/kubespray/kargo/issues/479

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-13 15:09:34 +02:00
Anthony Haussmann
d47a2d03b4 Delete default variable use_hyperkube_cni
The variable is now set via a task depending of the version of kube
2016-09-13 14:59:50 +02:00
Anthony Haussmann
739cf59953 Determine hyperkube cni to use
Starting from version 1.3.4 of hyperkube, calico is "canalized" which requires flannel and hostonly cni plugins.So we let hyperkube ship necessary cni
2016-09-13 14:58:29 +02:00
Smaine Kahlouch
69f09e0f18 Merge pull request #461 from kubespray/issue-369
Issue 369
2016-08-31 15:09:33 +02:00
Matthew Mosesohn
26a0406669 Disable calicoctl from creating a default pool
Sometimes invoking calicoctl to create a pool also
creates a default pool, which causes errors in deploy.
2016-08-31 12:54:05 +03:00
Spencer Smith
a746d63177 ensure docker.service.d exists 2016-08-30 09:34:34 -07:00
Spencer Smith
0fc5e70c18 incorrect file name 2016-08-30 09:26:14 -07:00
Spencer Smith
b74c2f89f0 lay down a systemd dropin instead of the /run/flannel_docker_opts.env symlink 2016-08-30 09:17:41 -07:00
Matthew Mosesohn
b92404fd0a Enable customization of calico-node docker image
New vars: calico_node_image_repo and claico_node_image_tag
Defaults: calico/node and {{ calico_version }}, respectively
2016-08-27 16:25:39 +04:00
Bogdan Dobrelya
8168689caa Refactor roles and hosts
Shorten deployment time with:
- Remove redundand roles if duplicated by a dependency and vice versa
- When a member of k8s-cluster, always install docker as a dependency
  of the etcd role and drop the docker role from cluster.yaml.
- Drop etcd and node role dependencies from master role as they are
  covered by the node role in k8s-cluster group as well. Copy defaults
  for master from node role.
- Decouple master, node, secrets roles handlers and vars to be used w/o
  cross references.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-08-25 13:27:57 +02:00
Matthew Mosesohn
f073ee91ea Copy hyperkube cni plugins optionally for calico deployment
Hyperkube from CoreOS now ships with all binaries required for
calico and flannel (but not weave). It simplifies deployment for
some network plugin scenarios to not download CNI images.

TODO: Optionally disable downloading calico to /opt/cni/bin
2016-08-10 15:35:53 +03:00
Bogdan Dobrelya
d2c57142d3 Fix calico-node service unit
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-08-08 12:06:32 +02:00
Matthew Mosesohn
e8a1c7a53f Move docker systemd unit creation to docker role
Creating the unit using default settings early on
and then changing it during network_plugin section
leads to too many docker restarts and duplicated code.

Reversed Wants= dependence on docker.service so it does not
restart docker when reloading systemd

Consolidated all docker restart handlers.
2016-08-02 17:56:24 +03:00
Bogdan Dobrelya
2af71f31b4 Rework systemd service units
* Add for docker system units:
    ExecReload=/bin/kill -s HUP $MAINPID
    Delegate=yes
    KillMode=process.
* Add missed DOCKER_OPTIONS for calico/weave docker systemd unit.
* Change Requires= to a less strict and non-faily Wants=, add missing
  Wants= for After=.
* Align wants/after in a wat if Wants=foo, After= has foo as well.
* Make wants/after docker.service to ask for the docker.socket as well.
* Move "docker rm -f" commands from ExecStartPre= to ExecStopPost=.
  hooks to ensure non-destructive start attempts issued by Wants=.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-08-02 10:55:42 +02:00
Matthew Mosesohn
c7fef6cb76 Fix weave deployment task names 2016-07-30 23:12:41 +04:00
Antoine Legrand
6a7308d5c7 Merge pull request #372 from adidenko/calico-ipip-support
Support --ipip option for calico pool
2016-07-29 08:05:00 -07:00
Antoine Legrand
4419662fa0 Merge pull request #330 from jonbec/master
Add settable flannel image tag & image repo
2016-07-29 08:02:18 -07:00
Matthew Mosesohn
5668e5f767 Fix etcd restart and handler systemd tasks
Changed Wants=docker.service to docker.socket

Renamed handlers for reloading systemd to contain role in task name.
2016-07-29 16:32:35 +03:00
Aleksandr Didenko
c52c5f5056 Add run_once to define calico pool task name 2016-07-27 15:55:41 +02:00
Bogdan Dobrelya
731d32afda Add HA/LB endpoints for kube-apiserver
* Add HA docs for API server.
* Add auto-evaluated internal endpoints and clarify the loadbalancer_apiserver
vars and usecases.
* Use facts for kube_apiserver to not repeat code and enable LB endpoints use.
* Use /healthz check for the wait-for apiserver.
* Use the single endpoint for kubelet instead of the list of apiservers
* Specify kube_apiserver_count to for HA layout

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-07-25 17:25:45 +02:00