Matthew Mosesohn
d279d145d5
Fix non-rbac deployment of resources as a list ( #1613 )
...
* Use kubectl apply instead of create/replace
Disable checks for existing resources to speed up execution.
* Fix non-rbac deployment of resources as a list
* Fix autoscaler tolerations field
* set all kube resources to state=latest
* Update netchecker and weave
2017-09-05 08:23:12 +03:00
Matthew Mosesohn
fc7905653e
Add socat for CoreOS when using host deploy kubelet ( #1575 )
2017-09-04 11:30:18 +03:00
Matthew Mosesohn
660282e82f
Make daemonsets upgradeable ( #1606 )
...
Canal will be covered by a separate PR
2017-09-04 11:30:01 +03:00
Matthew Mosesohn
77602dbb93
Move calico to daemonset ( #1605 )
...
* Drop legacy calico logic
* add calico as a daemonset
2017-09-04 11:29:51 +03:00
Matthew Mosesohn
a3e6896a43
Add RBAC support for canal ( #1604 )
...
Refactored how rbac_enabled is set
Added RBAC to ubuntu-canal-ha CI job
Added rbac for calico policy controller
2017-09-04 11:29:40 +03:00
Dann
702ce446df
Apply ClusterRoleBinding to dnsmaq when rbac_enabled ( #1592 )
...
* Add RBAC policies to dnsmasq
* fix merge conflict
* yamllint
* use .j2 extension for dnsmasq autoscaler
2017-09-03 10:53:45 +03:00
Brad Beam
8ae77e955e
Adding in certificate serial numbers to manifests ( #1392 )
2017-09-01 09:02:23 +03:00
sgmitchell
783924e671
Change backup handler to only run v2 data backup if snap directory exists ( #1594 )
2017-08-31 18:23:24 +03:00
Julian Poschmann
93304e5f58
Fix calico leaving service behind. ( #1599 )
2017-08-31 12:00:05 +03:00
Brad Beam
917373ee55
Merge pull request #1595 from bradbeam/cacerts
...
Fixing CA certificate locations for k8s components
2017-08-30 21:31:19 -05:00
Brad Beam
7a98ad50b4
Fixing CA certificate locations for k8s components
2017-08-30 15:30:40 -05:00
Brad Beam
982058cc19
Merge pull request #1514 from vijaykatam/docker_systemd
...
Configurable docker yum repos, systemd fix
2017-08-30 11:50:23 -05:00
Oliver Moser
576beaa6a6
Include /opt/bin in PATH for host deployed kubelet on CoreOS ( #1591 )
...
* Include /opt/bin in PATH for host deployed kubelet on CoreOS
* Removing conditional check for CoreOS
2017-08-30 16:50:33 +03:00
Maxim Krasilnikov
6eb22c5db2
Change single Vault pki mount to multi pki mounts paths for etcd and kube CA`s ( #1552 )
...
* Added update CA trust step for etcd and kube/secrets roles
* Added load_balancer_domain_name to certificate alt names if defined. Reset CA's in RedHat os.
* Rename kube-cluster-ca.crt to vault-ca.crt, we need separated CA`s for vault, etcd and kube.
* Vault role refactoring, remove optional cert vault auth because not not used and worked. Create separate CA`s fro vault and etcd.
* Fixed different certificates set for vault cert_managment
* Update doc/vault.md
* Fixed condition create vault CA, wrong group
* Fixed missing etcd_cert_path mount for rkt deployment type. Distribute vault roles for all vault hosts
* Removed wrong when condition in create etcd role vault tasks.
2017-08-30 16:03:22 +03:00
Brad Beam
72a0d78b3c
Merge pull request #1585 from mattymo/canal_upgrade
...
Fix upgrade for canal and apiserver cert
2017-08-29 18:45:21 -05:00
Matthew Mosesohn
13d08af054
Fix upgrade for canal and apiserver cert
...
Fixes #1573
2017-08-29 22:08:30 +01:00
Eric Hoffmann
6c30a7b2eb
update calico version
...
update calico releases link
2017-08-28 16:23:51 -07:00
Matthew Mosesohn
76b72338da
Add CNI config for rkt kubelet ( #1579 )
2017-08-28 21:11:01 +03:00
Chad Swenson
a39e78d42d
Initial version of Flannel using CNI ( #1486 )
...
* Updates Controller Manager/Kubelet with Flannel's required configuration for CNI
* Removes old Flannel installation
* Install CNI enabled Flannel DaemonSet/ConfigMap/CNI bins and config (with portmap plugin) on host
* Uses RBAC if enabled
* Fixed an issue that could occur if br_netfilter is not a module and net.bridge.bridge-nf-call-iptables sysctl was not set
2017-08-25 10:07:50 +03:00
Brad Beam
4550dccb84
Fixing reference to vault leader url ( #1569 )
2017-08-24 23:21:39 +03:00
Hassan Zamani
01ce09f343
Add feature_gates var for customizing Kubernetes feature gates ( #1520 )
2017-08-24 23:18:38 +03:00
Brad Beam
71dca67ca2
Merge pull request #1508 from tmjd/update-calico-2-4-0
...
Update Calico to 2.4.1 release.
2017-08-24 14:57:29 -05:00
Yuki KIRII
a98b866a66
Verify if br_netfilter module exists ( #1492 )
2017-08-24 17:47:32 +03:00
Xavier Mehrenberger
3aabba7535
Remove discontinued option --reconcile-cidr if kube_network_plugin=="cloud" ( #1568 )
2017-08-24 17:01:30 +03:00
Mohamed Mehany
c22cfa255b
Added private key file to ssh bastion conf ( #1563 )
...
* Added private key file to ssh bastion conf
* Used regular if condition insted of inline conditional
2017-08-24 17:00:45 +03:00
Matthew Mosesohn
6bb3463e7c
Enable scheduling of critical pods and network plugins on master
...
Added toleration to DNS, netchecker, fluentd, canal, and
calico policy.
Also small fixes to make yamllint pass.
2017-08-24 10:41:17 +01:00
Brad Beam
8b151d12b9
Adding yamllinter to ci steps ( #1556 )
...
* Adding yaml linter to ci check
* Minor linting fixes from yamllint
* Changing CI to install python pkgs from requirements.txt
- adding in a secondary requirements.txt for tests
- moving yamllint to tests requirements
2017-08-24 12:09:52 +03:00
Ian Lewis
ecb6dc3679
Register standalone master w/ taints ( #1426 )
...
If Kubernetes > 1.6 register standalone master nodes w/ a
node-role.kubernetes.io/master=:NoSchedule taint to allow
for more flexible scheduling rather than just marking unschedulable.
2017-08-23 16:44:11 +03:00
riverzhang
49a223a17d
Update elrepo-release rpm version ( #1554 )
2017-08-23 09:54:51 +03:00
Brad Beam
e5cfdc648c
Adding ability to override max ttl ( #1559 )
...
Prior this would fail because we didnt set max ttl for vault temp
2017-08-23 09:54:01 +03:00
Erik Stidham
9f9f70aade
Update Calico to 2.4.1 release.
...
- Switched Calico images to be pulled from quay.io
- Updated Canal too
2017-08-21 09:33:12 -05:00
Matthew Mosesohn
ca3050ec3d
Update to Kubernetes v1.7.3 ( #1549 )
...
Change kubelet deploy mode to host
Enable cri and qos per cgroup for kubelet
Update CoreOS images
Add upgrade hook for switching from kubelet deployment from docker to host.
Bump machine type for ubuntu-rkt-sep
2017-08-21 10:53:49 +03:00
Vijay Katam
97031f9133
Make epel-release install configurable ( #1497 )
2017-08-20 14:03:10 +03:00
Vijay Katam
c92506e2e7
Add calico variable that enables ignoring Kernel's RPF Setting ( #1493 )
2017-08-20 14:01:09 +03:00
Kevin Lefevre
65a9772adf
Add OpenStack LBaaS support ( #1506 )
2017-08-20 13:59:15 +03:00
Anton
1e07ee6cc4
etcd_compaction_retention every 8 hour ( #1527 )
2017-08-20 13:55:48 +03:00
Miad Abrin
3c710219a1
Fix Some Typos in kubernetes master role ( #1547 )
...
* Fix Typo etc3 -> etcd3
* Fix typo in post-upgrade of master. stop -> start
2017-08-20 13:54:28 +03:00
Maxim Krasilnikov
2ba285a544
Fixed deploy cluster with vault cert manager ( #1548 )
...
* Added custom ips to etcd vault distributed certificates
* Added custom ips to kube-master vault distributed certificates
* Added comment about issue_cert_copy_ca var in vault/issue_cert role file
* Generate kube-proxy, controller-manager and scheduler certificates by vault
* Revert "Disable vault from CI (#1546 )"
This reverts commit 781f31d2b8
.
* Fixed upgrade cluster with vault cert manager
* Remove vault dir in reset playbook
2017-08-20 13:53:58 +03:00
Antoine Legrand
72ae7638bc
Merge pull request #1446 from matlockx/master
...
add possibility to ignore the hostname override
2017-08-18 17:03:40 +02:00
Xavier Lange
3bfad5ca73
Bump etcd to 3.2.4 ( #1468 )
2017-08-18 17:12:33 +03:00
Matthew Mosesohn
df28db0066
Fix cert and netchecker upgrade issues ( #1543 )
...
* Bump tag for upgrade CI, fix netchecker upgrade
netchecker-server was changed from pod to deployment, so
we need an upgrade hook for it.
CI now uses v2.1.1 as a basis for upgrade.
* Fix upgrades for certs from non-rbac to rbac
2017-08-18 15:46:22 +03:00
Jan Jungnickel
20183f3860
Bump Calico CNI Plugin to 1.8.0 ( #1458 )
...
This aligns calico component versions with Calico release 2.1.5 and
fixes an issue with nodes being unable to schedule existing workloads
as per [#349 ](https://github.com/projectcalico/cni-plugin/issues/349 )
2017-08-18 15:40:14 +03:00
Matthew Mosesohn
2645e88b0c
Fix vault setup partially ( #1531 )
...
This does not address per-node certs and scheduler/proxy/controller-manager
component certs which are now required. This should be handled in a
follow-up patch.
2017-08-18 15:09:45 +03:00
Vijay Katam
55ba81fee5
Add changed_when: false to rpm query
2017-08-14 12:31:44 -07:00
Brad Beam
af007c7189
Fixing netchecker-server type - pod => deployment ( #1509 )
2017-08-14 18:43:56 +03:00
Seungkyu Ahn
b22bef5cfb
Apply RBAC to efk and create fluentd.conf
...
Making fluentd.conf as configmap to change configuration.
Change elasticsearch rc to deployment.
Having installed previous elastaicsearch as rc, first should delete that.
2017-08-11 05:31:50 +00:00
Vijay Katam
7ad5523113
restrict rpm query to redhat
2017-08-10 13:49:14 -07:00
Brad Beam
1155008719
Merge pull request #1481 from magnon-bliex/fluentd-template-fix-typo
...
fixed typo in fluentd-ds.yml.j2
2017-08-10 08:19:59 -05:00
Vijay Katam
5efda3eda9
Configurable docker yum repos, systemd fix
...
* Make yum repos used for installing docker rpms configurable
* TasksMax is only supported in systemd version >= 226
* Change to systemd file should restart docker
2017-08-09 15:49:53 -07:00
Brad Beam
383d582b47
Merge pull request #1382 from jwfang/rbac
...
basic rbac support
2017-08-07 08:01:51 -05:00
Spencer Smith
6eacedc443
Merge pull request #1483 from delfer/patch-3
...
Update flannel from 0.6.2 to 0.8.0
2017-08-01 13:57:43 -04:00
Spencer Smith
e55f8a61cd
Merge pull request #1482 from bradbeam/fix1393
...
Removing run_once in these tasks so that etcd ca certs get propogated…
2017-07-31 13:47:18 -04:00
Spencer Smith
cb6892d2ed
Merge pull request #1469 from hzamani/etcd_metrics
...
Add etcd metrics flag
2017-07-31 09:04:07 -04:00
Spencer Smith
43eda8d878
Merge pull request #1471 from whereismyjetpack/fix_1447
...
add newline after expanding user information
2017-07-31 09:03:04 -04:00
nico
cc9f3ea938
Fix enforce-node-allocatable option
...
Closes #1228
pods is default enforcement
see https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/
add
update
2017-07-31 10:06:53 +02:00
Alexander Chumakov
8bc717a55c
Update flannel from 0.6.2 to 0.8.0
2017-07-29 10:54:31 +03:00
Brad Beam
d09222c900
Removing run_once in these tasks so that etcd ca certs get propogated properly to worker nodes
...
without this etcd ca certs dont exist on worker nodes causing calico to fail
2017-07-28 14:34:47 -05:00
magnon-bliex
38eb1d548a
fixed typo
2017-07-28 14:10:13 +09:00
Anton
e0960f6288
FIX: Unneded (extra) cycles in some tasks ( #1393 )
2017-07-27 20:46:21 +03:00
timtoum
3e457e4edf
Enable weave seed mode for kubespray ( #1414 )
...
* Enable weave seed mode for kubespray
* fix task Weave seed | Set peers if existing peers
* fix mac address variabilisation
* fix default values
* fix include seed condition
* change weave var to default values
* fix Set peers if existing peers
2017-07-26 19:09:34 +03:00
Dann Bohn
c4894d6092
add newline after expanding user information
2017-07-25 12:59:10 -04:00
Hassan Zamani
3fb0383df4
Add etcd metrics flag
2017-07-25 20:00:30 +04:30
Spencer Smith
ee36763f9d
Merge pull request #1464 from johnko/patch-4
...
set loadbalancer_apiserver_localhost default true
2017-07-25 10:00:56 -04:00
Spencer Smith
955c5549ae
Merge pull request #1402 from Lendico/fix_failed_when
...
"failed_when: false" and "|succeeded" checks for registered vars
2017-07-25 09:33:43 -04:00
Spencer Smith
4a34514b21
Merge pull request #1447 from whereismyjetpack/template_known_users
...
Template out known_users.csv, optionally add groups
2017-07-25 08:55:08 -04:00
Brad Beam
20f29327e9
Merge pull request #1379 from gdmello/etcd_data_dir_fix
...
Custom `etcd_data_dir` saves etcd data to host, not container
2017-07-20 09:30:18 -05:00
John Ko
018b5039e7
set loadbalancer_apiserver_localhost default true
...
to match this https://github.com/kubernetes-incubator/kubespray/blob/master/roles/kubernetes/node/tasks/main.yml#L20
and the documented behaviour in HA docs
related to #1456
@rsmitty
2017-07-20 10:27:05 -04:00
Spencer Smith
b5d3d4741f
Merge pull request #1454 from Abdelsalam-Abbas/higher_drain_timeout
...
higher the timeouts for draining nodes while upgrading kubernetes version
2017-07-19 10:39:33 -04:00
Spencer Smith
85c747d444
Merge pull request #1441 from bradbeam/1434
...
Adding recursive=true for rkt kubelet dir
2017-07-19 10:38:06 -04:00
Spencer Smith
927e6d89d7
Merge pull request #1435 from delfer/master
...
Kubernetes upgrade to 1.6.7
2017-07-19 05:23:38 -07:00
jwfang
3d87f23bf5
uncomment unintended local changes
2017-07-19 12:11:47 +08:00
jwfang
789910d8eb
remote unused netchecker-agent-hostnet-ds.j2
2017-07-17 19:29:59 +08:00
jwfang
a8e6a0763d
run netchecker-server with list pods
2017-07-17 19:29:59 +08:00
jwfang
e1386ba604
only patch system:kube-dns role for old dns
2017-07-17 19:29:59 +08:00
jwfang
83deecb9e9
Revert "no need to patch system:kube-dns"
...
This reverts commit c2ea8c588aa5c3879f402811d3599a7bb3ccab24.
2017-07-17 19:29:59 +08:00
jwfang
d8dcb8f6e0
no need to patch system:kube-dns
2017-07-17 19:29:59 +08:00
jwfang
552b2f0635
change authorization_modes default value
2017-07-17 19:29:59 +08:00
jwfang
0b3badf3d8
revert calico-related changes
2017-07-17 19:29:59 +08:00
jwfang
cea3e224aa
change authorization_modes default value
2017-07-17 19:29:59 +08:00
jwfang
1eaf0e1c63
rename task
2017-07-17 19:29:59 +08:00
jwfang
2cda982345
binding group system:nodes to clusterrole calico-role
2017-07-17 19:29:59 +08:00
jwfang
c9734b6d7b
run calico-policy-controller with proper sa/role/rolebinding
2017-07-17 19:29:59 +08:00
jwfang
fd01377f12
remove more bins when reset
2017-07-17 19:29:59 +08:00
jwfang
092bf07cbf
basic rbac support
2017-07-17 19:29:59 +08:00
Ubuntu
5145a8e8be
higher draining timeouts
2017-07-16 20:52:13 +00:00
Dann Bohn
d1f58fed4c
Template out known_users.csv, optionally add groups
2017-07-14 09:27:20 -04:00
Martin Joehren
12e918bd31
add possibility to ignore the hostname override
2017-07-13 14:04:39 +00:00
Brad Beam
637f445c3f
Merge pull request #1365 from AtzeDeVries/master
...
Give more control over IPIP, but with same default behaviour
2017-07-12 10:17:17 -05:00
Brad Beam
e0bf8b2aab
Adding recursive=true for rkt kubelet dir
...
Fixes #1434
2017-07-12 09:28:54 -05:00
Spencer Smith
c75b21a510
Merge pull request #1408 from amitkumarj441/patch-1
...
Remove deprecated 'enable-cri' flag in kubernetes 1.7
2017-07-11 08:56:14 -04:00
Delfer
9f45eba6f6
Kubernetes upgrade to 1.6.7
2017-07-11 09:11:55 +00:00
AtzeDeVries
e160018826
Fixed conflicts, ipip:true as defualt and added ipip_mode
2017-07-08 14:36:44 +02:00
Spencer Smith
d1a02bd3e9
match kubespray-defaults dns mode with k8s-cluster setting
2017-07-07 13:13:12 -04:00
Brad Beam
992023288f
Merge pull request #1319 from fieryvova/private-dns-server
...
Add private dns server for a specific zone
2017-07-06 15:02:54 -05:00
Spencer Smith
3ab90db6ee
Merge pull request #1411 from kevinjqiu/allow-calico-ipip-subnet-mode
...
Allow calico ipPool to be created with mode "cross-subnet"
2017-07-06 14:04:03 -04:00
Vladimir Kozyrev
e26be9cb8a
add private dns server for a specific zone
2017-07-06 16:30:47 +03:00
Spencer Smith
bba555bb08
Merge pull request #1346 from Starefossen/patch-1
...
Set kubedns minimum replicas to 2
2017-07-06 09:14:11 -04:00
Spencer Smith
4b0af73dd2
Merge pull request #1332 from gstorme/kube_apiserver_insecure_port
...
Use the kube_apiserver_insecure_port variable instead of static 8080
2017-07-06 09:06:50 -04:00
Spencer Smith
da72b8c385
Merge pull request #1391 from Abdelsalam-Abbas/master
...
Uncodron Masters which have scheduling Enabled
2017-07-06 09:06:02 -04:00
Spencer Smith
44079b7176
Merge pull request #1401 from Lendico/better_task_naming
...
Better naming for recurrent tasks
2017-07-06 09:01:07 -04:00
Kevin Jing Qiu
a742d10c54
Allow calico ipPool to be created with mode "cross-subnet"
2017-07-04 19:05:16 -04:00
Hans Kristian Flaatten
38f5d1b18e
Set kubedns minimum replicas to 2
2017-07-04 16:58:16 +02:00
Abdelsalam Abbas
5f75d4c099
Uncodron Masters which have scheduling Enabled
2017-07-03 15:30:21 +02:00
Amit Kumar Jaiswal
319a0d65af
Update kubelet.j2
...
Updated with closing endif.
2017-07-03 16:23:35 +05:30
Amit Kumar Jaiswal
3d2680a102
Update kubelet.j2
...
Updated!
2017-07-03 15:58:50 +05:30
Amit Kumar Jaiswal
c36fb5919a
Update kubelet.j2
...
Updated!!
2017-07-03 15:55:04 +05:30
Amit Kumar Jaiswal
46d3f4369e
Updated K8s version
...
Signed-off-by: Amit Kumar Jaiswal <amitkumarj441@gmail.com>
2017-07-03 04:06:42 +05:30
Martin Joehren
c2b3920b50
added flag for not populating inventory entries to etc hosts file
2017-06-30 16:41:03 +00:00
Spencer Smith
6e7323e3e8
Merge pull request #1398 from tanshanshan/fix-reset
...
clean files in reset roles
2017-06-30 07:59:44 -04:00
Spencer Smith
f085419055
Merge pull request #1388 from vgkowski/master
...
add six package to bootstrap role
2017-06-30 07:30:36 -04:00
Anton Nerozya
1fedbded62
ignore_errors instead of failed_when: false
2017-06-29 20:15:14 +02:00
Anton Nerozya
c8258171ca
Better naming for recurrent tasks
2017-06-29 19:50:09 +02:00
tanshanshan
007ee0da8e
fix reset
2017-06-29 14:45:15 +08:00
Brad Beam
5e1ac9ce87
Merge pull request #1354 from chadswen/kubedns-var-fix
...
kubedns consistency fixes
2017-06-27 22:26:46 -05:00
Brad Beam
a7cd08603e
Merge pull request #1384 from gdmello/etcd_backup_dir_fix
...
Make etcd_backup_prefix configurable.
2017-06-27 22:25:53 -05:00
Brad Beam
854cd1a517
Merge pull request #1380 from jwfang/max-dns
...
docker_dns_servers_strict to control docker_dns_servers rtrim
2017-06-27 21:15:12 -05:00
Spencer Smith
23565ebe62
Merge pull request #1356 from rsmitty/rename
...
Rename project to kubespray
2017-06-27 11:40:03 -04:00
Chad Swenson
8467bce2a6
Fix inconsistent kubedns version and parameterize kubedns autoscaler image vars
2017-06-27 10:19:31 -05:00
gdmelloatpoints
649654207f
mount the etcd data directory in the container with the same path as on the host.
2017-06-27 09:29:47 -04:00
gdmelloatpoints
3123502f4c
move etcd_backup_prefix
to new home.
2017-06-27 09:12:34 -04:00
vincent gromakowski
17d54cffbb
add six package to bootstrap role
2017-06-27 10:08:57 +02:00
Seungkyu Ahn
d5516a4ca9
Make kubedns up to date
...
Update kube-dns version to 1.14.2
https://github.com/kubernetes/kubernetes/pull/45684
2017-06-27 00:57:29 +00:00
gdmelloatpoints
4ba237c5d8
Make etcd_backup_prefix configurable. Ensures that backups can be stored on a different location other than ${HOST}/var/backups, say an EBS volume on AWS.
2017-06-26 09:42:30 -04:00
jwfang
ec2255764a
docker_dns_servers_strict to control docker_dns_servers rtrim
2017-06-26 17:29:12 +08:00
Abdelsalam Abbas
1a8e92c922
Fixing cordoning condition that cause fail for upgrading the cluster
2017-06-23 20:41:47 +02:00
gdmelloatpoints
5c1891ec9f
In the etcd container, the etcd data directory is always /var/lib/etcd. Reverting to this value, since etcd_data_dir
on the host maps to /var/lib/etcd
in the container.
2017-06-23 13:49:31 -04:00
Spencer Smith
bae5ce0bfa
Merge branch 'master' into rename
2017-06-23 12:23:51 -04:00
AtzeDeVries
61b74f9a5b
updated to direct control over ipip
2017-06-23 09:16:05 +02:00
AtzeDeVries
7332679678
Give more control over IPIP, but with same default behaviour
2017-06-20 14:50:08 +02:00
Seungkyu Ahn
91dff61008
Fixed helm bash complete
2017-06-19 15:33:50 +09:00
Spencer Smith
8203383c03
rename almost all mentions of kargo
2017-06-16 13:25:46 -04:00
Gregory Storme
fff0aec720
add configurable parameter for etcd_auto_compaction_retention
2017-06-14 10:39:38 +02:00
Brad Beam
b73786c6d5
Merge pull request #1335 from bradbeam/imagerepo
...
Set default value for kube_hyperkube_image_repo
2017-06-12 09:46:17 -05:00
Gregory Storme
266ca9318d
Use the kube_apiserver_insecure_port variable instead of static 8080
2017-06-12 09:20:59 +02:00
Brad Beam
db3e8edacd
Fixing up vault variables
2017-06-08 16:15:33 -05:00
Brad Beam
6e41634295
Set default value for kube_hyperkube_image_repo
...
Fixes #1334
2017-06-08 12:22:16 -05:00
Brad Beam
780308c194
Merge pull request #1174 from jlothian/atomic-docker-restart
...
Fix docker restart in atomic
2017-06-07 12:05:32 -05:00
Brad Beam
696fd690ae
Merge pull request #1092 from bradbeam/rkt_docker
...
Adding flag for docker container in kubelet w/ rkt
2017-06-06 12:58:40 -05:00
Spencer Smith
01c0ab4f06
check if cloud_provider is defined
2017-05-31 08:24:24 -04:00
Spencer Smith
7220b09ff9
Merge pull request #1315 from rsmitty/hostnames-upgrade
...
Resolve upgrade issues
2017-05-30 11:40:19 -04:00
Spencer Smith
56b86bbfca
inventory hostname for cordoning/uncordoning
2017-05-26 17:47:25 -04:00
Spencer Smith
7e2aafcc76
add direct path for cert in AWS with RHEL family
2017-05-26 17:32:50 -04:00
Justin Hunthrop
af55e179c7
adding --skip-exists flag for peer_with_router
2017-05-25 14:29:18 -05:00
zoues
43408634bb
Merge branch 'master' into master
2017-05-23 09:32:28 +08:00
zouyee
d47fce6ce7
upgrade k8s version to 1.6.4
2017-05-23 09:30:03 +08:00
Matthew Mosesohn
9e64267867
Merge pull request #1293 from mattymo/kubelet_host_mode
...
Add host-based kubelet deployment
2017-05-19 18:07:39 +03:00
Josh Lothian
7ae5785447
Removed the other unused handler
...
With live-restore: true, we don't need a special docker restart
2017-05-19 09:50:10 -05:00
Josh Lothian
ef8d3f684f
Remove unused handler
...
Previous patch removed the step that sets live-restore
back to false, so don't try to notify that handler any more
2017-05-19 09:45:46 -05:00
Matthew Mosesohn
cc6e3d14ce
Add host-based kubelet deployment
...
Kubelet gets copied from hyperkube container and run locally.
2017-05-19 16:54:07 +03:00
Spencer Smith
005b01bd9a
Merge pull request #1299 from bradbeam/kubelet
...
Minor kubelet updates
2017-05-18 12:52:43 -04:00
Josh Lothian
6f67367b57
Leave 'live-restore' false
...
Leave live-restore false to updates always pick
up new network configuration
2017-05-17 14:31:49 -05:00
Josh Lothian
9ee0600a7f
Update handler names and explanation
2017-05-17 14:31:49 -05:00
Josh Lothian
30cc7c847e
Reconfigure docker restart behavior on atomic
...
Before restarting docker, instruct it to kill running
containers when it restarts.
Needs a second docker restart after we restore the original
behavior, otherwise the next time docker is restarted by
an operator, it will unexpectedly bring down all running
containers.
2017-05-17 14:31:49 -05:00
Josh Lothian
a5bb24b886
Fix docker restart in atomic
...
In atomic, containers are left running when docker is restarted.
When docker is restarted after the flannel config is put in place,
the docker0 interface isn't re-IPed because docker sees the running
containers and won't update the previous config.
This patch kills all the running containers after docker is stopped.
We can't simply `docker stop` the running containers, as they respawn
before we've got a chance to stop the docker daemon, so we need to
use runc to do this after dockerd is stopped.
2017-05-17 14:31:49 -05:00
Brad Beam
b999ee60aa
Fixing typo in kubelet cluster-dns and cluster-domain flags
2017-05-16 15:43:29 -05:00
Brad Beam
85afd3ef14
Removing old sysv reference
2017-05-16 15:28:39 -05:00
Spencer Smith
1907030d89
issue raw yum command since we don't have facts in bootstrapping
2017-05-16 10:07:38 -04:00
Spencer Smith
efa2dff681
remove conditional
2017-05-12 17:16:49 -04:00
Spencer Smith
31a7b7d24e
default to kubedns and set nxdomain in kubedns deployment if that's the dns_mode
2017-05-12 15:57:24 -04:00
moss2k13
791ea89b88
Updated helm installation
...
Added full path for helm
2017-05-08 09:27:06 +02:00
Spencer Smith
c572760a66
Merge pull request #1254 from iJanki/cert_group
...
Adding /O=system:masters to admin certificate
2017-05-05 10:58:42 -04:00
Brad Beam
69fc19f7e0
Merge pull request #1252 from adidenko/separate-tags-for-netcheck-containers
...
Add support for different tags for netcheck containers
2017-05-05 08:04:54 -05:00
Spencer Smith
b939c24b3d
Merge pull request #1250 from digitalrebar/master
...
bootstrap task on centos missing packages
2017-05-02 12:24:11 -04:00
Spencer Smith
3eb494dbe3
Merge pull request #1259 from bradbeam/calico214
...
Updating calico to v2.1.4
2017-05-02 12:20:47 -04:00
Spencer Smith
0afbc19ffb
ensure the /etc/os-release is mounted read only
2017-05-01 14:51:40 -04:00
Spencer Smith
ac9290f985
add for rkt as well
2017-04-28 17:45:10 -04:00
Brad Beam
a133ba1998
Updating calico to v2.1.4
2017-04-28 14:04:25 -05:00
Spencer Smith
5657738f7e
mount os-release to ensure the node's OS is what's seen in k8s api
2017-04-28 13:40:54 -04:00
Aleksandr Didenko
883ba7aa90
Add support for different tags for netcheck containers
...
Replace 'netcheck_tag' with 'netcheck_version' and add additional
'netcheck_server_tag' and 'netcheck_agent_tag' config options to
provide ability to use different tags for server and agent
containers.
2017-04-27 17:15:28 +02:00
Sergii Golovatiuk
674b71b535
Ansible 2.3 support
...
- Fix when clauses in various places
- Update requirements.txt
- Fix README.md
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-04-26 15:22:10 +02:00
Aleksey Kasatkin
2638ab98ad
add MY_NODE_NAME variable into netchecker-agent environment
2017-04-24 17:19:42 +03:00
Matthew Mosesohn
bc3068c2f9
Merge pull request #1251 from FengyunPan/fix-helm-home
...
Specify a dir and attach it to helm for HELM_HOME
2017-04-24 15:17:28 +03:00
FengyunPan
2bde9bea1c
Specify a dir and attach it to helm for HELM_HOME
2017-04-21 10:51:27 +08:00
Greg Althaus
041d4d666e
Install required selinux-python bindings in bootstrap
...
on centos. The bootstrap tty fixup needs it.
2017-04-20 11:17:01 -05:00
Spencer Smith
88b5065e7d
fix stray 'in' and break into multiple lines for clarity
2017-04-20 09:53:01 -04:00
Spencer Smith
b690008192
allow for correct aws default resolver
2017-04-20 09:32:03 -04:00
Matthew Mosesohn
2d6bc9536c
Merge pull request #1246 from holser/disable_dns_for_kube_services
...
Change DNS policy for kubernetes components
2017-04-20 16:12:52 +03:00
Sergii Golovatiuk
01dc6b2f0e
Add aws to default_resolver
...
When VPC is used, external DNS might not be available. This patch change
behavior to use metadata service instead of external DNS when
upstream_dns_servers is not specified.
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-04-20 11:47:19 +02:00
Sergii Golovatiuk
d8aa2d0a9e
Change DNS policy for kubernetes components
...
According to code apiserver, scheduler, controller-manager, proxy don't
use resolution of objects they created. It's not harmful to change
policy to have external resolver.
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-04-20 11:22:57 +02:00
Matthew Mosesohn
19bb97d24d
Merge pull request #1238 from Starefossen/fix/namespace-template-file
...
Move namespace file to template directory
2017-04-20 12:19:55 +03:00
Matthew Mosesohn
9f4f168804
Merge pull request #1241 from bradbeam/rktcnidir
...
Explicitly create cni bin dir
2017-04-20 12:19:26 +03:00
Matthew Mosesohn
cf3083d68e
Merge pull request #1239 from mattymo/resettags
...
Add tags to reset playbook and make iptables flush optional
2017-04-20 11:35:08 +03:00
Sergii Golovatiuk
e796cdbb27
Fix restart kube-controller ( #1242 )
...
kubernetesUnitPrefix was changed to k8s_* in 1.5. This patch reflects
this change in kargo
2017-04-20 11:26:01 +03:00
Matthew Mosesohn
2d44582f88
Add tags to reset playbook and make iptables flush optional
...
Fixes #1229
2017-04-19 19:32:18 +03:00
Brad Beam
b60a897265
Explicitly create cni bin dir
...
If this path doesnt exist, it will cause kubelet to fail to start when
using rkt
2017-04-19 16:00:44 +00:00
Hans Kristian Flaatten
d68cfeed6e
Move namespace file to template directory
2017-04-19 13:37:02 +02:00
Spencer Smith
c3c9e955e5
Merge pull request #1232 from rsmitty/custom-flags
...
add ability for custom flags
2017-04-17 14:01:32 -04:00
Spencer Smith
72d5db92a8
remove stray spaces in templating
2017-04-17 12:24:24 -04:00
Spencer Smith
3f302c8d47
ensure spacing on string of flags
2017-04-17 12:13:39 -04:00
Spencer Smith
04a769bb37
ensure spacing on string of flags
2017-04-17 11:11:10 -04:00
Spencer Smith
f9d4a1c1d8
update to safeguard against accidentally passing string instead of list
2017-04-17 11:09:34 -04:00
Matthew Mosesohn
3e7db46195
Merge pull request #1233 from gbolo/master
...
allow admission control plug-ins to be easily customized
2017-04-17 12:59:49 +03:00
Matthew Mosesohn
e52aca4837
Merge pull request #1223 from mattymo/vault_cert_skip
...
Skip vault cert task evaluation when using script certs
2017-04-17 12:52:42 +03:00
Matthew Mosesohn
5ec503bd6f
Merge pull request #1222 from bradbeam/calico
...
Updating calico versions
2017-04-17 12:52:20 +03:00
gbolo
49be805001
allow admission control plug-ins to be easily customized
2017-04-16 22:03:45 -04:00
Spencer Smith
94596388f7
add ability for custom flags
2017-04-14 17:33:04 -04:00
Spencer Smith
5c4980c6e0
Merge pull request #1231 from holser/fix_netchecker-server
...
Reschedule netchecker-server in case of HW failure.
2017-04-14 10:50:07 -04:00
Matthew Mosesohn
d7b8fb3113
Update start_vault_temp.yml
2017-04-14 13:32:41 +03:00
Sergii Golovatiuk
45044c2d75
Reschedule netchecker-server in case of HW failure.
...
Pod opbject is not reschedulable by kubernetes. It means that if node
with netchecker-server goes down, netchecker-server won't be scheduled
somewhere. This commit changes the type of netchecker-server to
Deployment, so netchecker-server will be scheduled on other nodes in
case of failures.
2017-04-14 10:49:16 +02:00
Joe Duhamel
a9f260d135
Update dnsmasq-autoscaler
...
changed target to be a deployment rather than a replicationcontroller.
2017-04-13 15:07:06 -04:00
Joe Duhamel
072b3b9d8c
Update kubedns-autoscaler change target
...
The target was a replicationcontroller but kubedns is currently a deployment
2017-04-13 14:55:25 -04:00
Matthew Mosesohn
ae7f59e249
Skip vault cert task evaluation completely when using script cert generation
2017-04-13 19:29:07 +03:00
Brad Beam
bce1c62308
Updating calico versions
2017-04-11 20:52:04 -05:00
Spencer Smith
9b3aa3451e
Merge pull request #1218 from bradbeam/efkidempotent
...
Fixing resource type for kibana
2017-04-11 19:04:13 -04:00
Spencer Smith
436c0b58db
Merge pull request #1217 from bradbeam/helmcompletion
...
Excluding bash completion for helm on CoreOS
2017-04-11 17:34:11 -04:00
zouyee
0bcecae2a3
upgrade etcd version from v3.0.6 to v3.0.17
2017-04-11 10:42:35 +08:00
Brad Beam
bd130315b6
Excluding bash completion for helm on CoreOS
2017-04-10 11:07:15 -05:00
Brad Beam
504711647e
Fixing resource type for kibana
2017-04-10 11:01:12 -05:00
Antoine Legrand
ab12b23e6f
Merge pull request #1173 from bradbeam/dockerlogs
...
Setting defaults for docker log rotation
2017-04-09 11:50:01 +02:00
Matthew Mosesohn
1c45d37348
Update kubelet.j2
2017-04-06 22:59:18 +03:00
Matthew Mosesohn
b521255ec9
Unbreak 1.5 deployment with kubelet
...
1.5 kubelet fails to start when using unknown params
2017-04-06 21:07:48 +03:00
Matthew Mosesohn
75ea001bfe
Merge pull request #1208 from mattymo/1.6-flannel
...
Update to k8s 1.6 with flannel and centos fixes
2017-04-06 13:04:02 +03:00
Matthew Mosesohn
ff2fb9196f
Fix flannel for 1.6 and apply fixes to enable containerized kubelet
2017-04-06 10:06:21 +04:00
Matthew Mosesohn
acae0fe4a3
Merge pull request #1205 from holser/resolv_updates
...
Refactoring resolv.conf
2017-04-05 14:22:52 +03:00
Matthew Mosesohn
ccc11e5680
Upgrade to Kubernetes 1.6.1
2017-04-05 13:26:36 +03:00
Sergii Golovatiuk
2670eefcd4
Refactoring resolv.conf
...
- Renaming templates for netchecker
- Add dnsPolicy: ClusterFirstWithHostNet to kube-proxy
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-04-05 09:28:01 +02:00
Matthew Mosesohn
c0cae9e8a0
Merge pull request #1204 from mattymo/resolvconf-nodes
...
Restart kubelet when updating /etc/resolv.conf on all k8s nodes
2017-04-04 22:03:44 +03:00
Matthew Mosesohn
f8cf6b4f7c
Merge pull request #1186 from holser/resolv_conf
...
Set ClusterFirstWithHostNet for Pods with hostnetwork: true
2017-04-04 20:49:55 +03:00
Matthew Mosesohn
a29182a010
Restart kubelet when updating /etc/resolv.conf on all k8s nodes
2017-04-04 20:43:47 +03:00
Sergii Golovatiuk
1cfe0beac0
Set ClusterFirstWithHostNet for Pods with hostnetwork: true
...
In kubernetes 1.6 ClusterFirstWithHostNet was added as an option. In
accordance to it kubelet will generate resolv.conf based on own
resolv.conf. However, this doesn't create 'options', thus the proper
solution requires some investigation.
This patch sets the same resolv.conf for kubelet as host
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-04-04 16:34:13 +02:00
Matthew Mosesohn
798f90c4d5
Merge pull request #1153 from mattymo/graceful_drain
...
Move graceful upgrade test to Ubuntu canal HA, adjust drain
2017-04-04 17:33:53 +03:00
Matthew Mosesohn
f8d44a8a88
Merge pull request #1200 from mattymo/issue1190
...
Fix multiline condition for k8s check certs
2017-04-04 15:48:05 +03:00
Matthew Mosesohn
b4d06ff8dd
Add /var/lib/cni to kubelet
...
Necessary to persist this directory for host-local IPAM used by Canal
Add pre-upgrade task to copy /var/lib/cni out of old kubelet.
2017-04-03 19:38:24 +03:00
Matthew Mosesohn
7581705007
Merge pull request #1185 from intelsdi-x/hostname
...
Use hostname module to set hostname, and do it for all Os not only Co…
2017-04-03 19:01:12 +03:00
Matthew Mosesohn
5a5707159a
Fix multiline condition for k8s check certs
...
Fixes #1190
2017-04-03 17:44:55 +03:00
Matthew Mosesohn
742a1681ce
Merge pull request #1166 from rogerwelin/master
...
add iptables --flush to reset role
2017-04-03 17:25:10 +03:00
Matthew Mosesohn
fba9b9cb65
Merge pull request #1182 from artem-panchenko/bumpCalicoPolicyControllerVersion
...
Bump calico policy controller version
2017-04-03 17:21:52 +03:00
Paweł Skrzyński
61b2d7548a
Use hostname module to set hostname, and do it for all Os not only CoreOS
2017-04-03 15:09:33 +02:00
Matthew Mosesohn
80828a7c77
use etcd2 when upgrading unless forced
2017-04-03 15:07:42 +03:00
Matthew Mosesohn
f5af86c9d5
Merge pull request #1194 from adidenko/fix-sync_certs
...
Fix multiline when condition in sync_certs task
2017-03-31 17:39:40 +03:00
Aleksandr Didenko
58acbe7caf
Fix multiline when condition in sync_certs task
...
Folded style in multiline 'when' condition causes error with
unexpected ident. Changing it to literal style should fix
the issue.
Closes #1190
2017-03-30 22:21:04 +02:00
Spencer Smith
355b92d7ba
Merge pull request #1170 from jlothian/atomic-docker-network
...
1169 - fix docker systemd unit
2017-03-30 13:13:28 -07:00
Matthew Mosesohn
d42e4f2344
Update .gitlab-ci.yml
2017-03-30 12:19:15 +04:00
Matthew Mosesohn
fb467df47c
fix etcd restart
2017-03-29 23:22:49 +04:00
Matthew Mosesohn
48beef25fa
delete master containers forcefully
2017-03-27 19:08:22 +03:00
Matthew Mosesohn
a3f568fc64
restart scheduler and controller-manager too
2017-03-27 13:51:35 +03:00
Matthew Mosesohn
57ee304260
ensure post-upgrade purge ones only once
2017-03-27 13:28:37 +03:00
Matthew Mosesohn
0794a866a7
switch debian8-canal-ha to ubuntu
2017-03-27 13:28:37 +03:00
Matthew Mosesohn
49e4d344da
move network plugins out of grouped upgrades
2017-03-27 13:28:37 +03:00
Matthew Mosesohn
6e505c0c3f
Fix delegate tasks for kubectl and etcdctl
2017-03-27 13:28:37 +03:00
Matthew Mosesohn
e9a294fd9c
Significantly reduce memory requirements
...
Canal runs more pods and upgrades need a bit of extra
room to load new pods in and get the old ones out.
2017-03-27 13:28:37 +03:00
Matthew Mosesohn
44d851d5bb
Only cordon Ready nodes
2017-03-27 13:28:37 +03:00
Matthew Mosesohn
c1b9660ec8
Move graceful upgrade test to debian canal HA, adjust drain
...
Graceful upgrades require 3 nodes
Drain now has a command timeout of 40s
2017-03-27 13:28:37 +03:00
Matthew Mosesohn
c2c334d22f
Merge pull request #1181 from holser/refactor_etcd
...
Refactor etcd role
2017-03-27 13:05:35 +03:00
Sergii Golovatiuk
f144fd1ed3
Refactor etcd role
...
- Run docker run from script rather than directly from systemd target
- Refactoring styling/templates
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-03-24 12:34:15 +01:00
Artem Panchenko
e96557f410
Bump calico policy controller version
...
Latest released version of kube-policy-controller
contains important bug fixes and should be used
by default.
2017-03-24 12:13:09 +02:00
Matthew Mosesohn
b2af19471e
Merge pull request #1177 from rutsky/replace-nbsp
...
replace non-breakable space with regular space
2017-03-23 12:59:45 +03:00
Matthew Mosesohn
6805d0ff2b
Merge pull request #1179 from kubernetes-incubator/missing_defaults
...
Add missing defaults
2017-03-23 12:16:13 +03:00
Antoine Legrand
6e1de9d820
Add missing defaults
2017-03-23 10:05:34 +01:00
Vladimir Rutsky
c4e57477fb
replace non-breakable space with regular space
...
Non-brekable space is 0xc2 0xa0 byte sequence in UTF-8.
To find one:
$ git grep -I -P '\xc2\xa0'
To replace with regular space:
$ git grep -l -I -P '\xc2\xa0' | xargs sed -i 's/\xc2\xa0/ /g'
This commit doesn't include changes that will overlap with commit f1c59a91a1
.
2017-03-23 00:25:01 +03:00
Matthew Mosesohn
5f082bc0e5
Merge pull request #1172 from mattymo/dnsmasq_upgrade
...
Use checksum of dnsmasq config to trigger updates of dnsmasq
2017-03-22 18:00:10 +03:00
Matthew Mosesohn
0e3b7127b5
Merge pull request #1167 from mattymo/dnsmasq_when_deploying_master
...
Change wait for dnsmasq to skip if there are no kube-nodes in play
2017-03-22 17:59:56 +03:00
Brad Beam
5d3414a40b
Setting defaults for docker log rotation
2017-03-22 09:40:10 -04:00
Roger Welin
f4638c7580
add iptables --flush to reset role
2017-03-22 11:10:24 +01:00
Matthew Mosesohn
8b0b500c89
Use checksum of dnsmasq config to trigger updates of dnsmasq
...
Allows config changes made by Ansible to restart dnsmasq deployment
2017-03-22 13:03:55 +03:00
Josh Lothian
5e2f78424f
1169 - fix docker systemd unit
...
The docker-network environment file masks the new values
put into /etc/systemd/system/docker.service.d/flannel-options.conf
to renumber the docker0 to work correctly with flannel.
2017-03-21 15:22:14 -05:00
Matthew Mosesohn
1887e984a0
Change wait for dnsmasq to skip if there are no kube-nodes in play
...
Also changed unnecessary delay to a max timeout (now defaulting to 1s sleep
between tries)
Also rename play_hosts to ansible_play_hosts
2017-03-21 18:55:22 +03:00
Matthew Mosesohn
cd429d3654
Merge pull request #1159 from holser/etcd_backup_restore
...
Backup etcd
2017-03-21 13:07:44 +03:00
Matthew Mosesohn
0f64f8db90
Merge pull request #1155 from mattymo/helm
...
Add helm deployment
2017-03-20 17:00:06 +03:00
Sergii Golovatiuk
c04a6254b9
Backup etcd data before restarting etcd
...
etcd is crucial part of kubernetes cluster. Ansible restarts etcd on
reconfiguration. Backup helps operator to restore cluster manually in
case of any issues.
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-03-20 14:50:52 +01:00
Matthew Mosesohn
939c1def5d
Merge pull request #1152 from mattymo/redhat_weave
...
Fix weave on RHEL deployment
2017-03-19 16:45:20 +03:00
Matthew Mosesohn
b7ab80e8ea
Merge pull request #1149 from mattymo/centos-retries
...
Retry yum/apt/rpm download commands
2017-03-18 11:12:36 +03:00
Matthew Mosesohn
b69d4b0ecc
Add helm deployment
2017-03-17 20:24:41 +03:00
Matthew Mosesohn
7760c3e4aa
Retry yum/apt/rpm download commands, fix succeeded filter
2017-03-17 18:56:26 +03:00
Matthew Mosesohn
3cfb76e57f
Merge pull request #1146 from mattymo/resolvconf_optimize
...
Condense resolvconf sources before starting loop
2017-03-17 18:42:32 +03:00
Matthew Mosesohn
e1faeb0f6c
Fix weave on RHEL deployment
...
Reduce retry delay checking weave
Always load br_netfilter module
2017-03-17 18:17:47 +03:00
Matthew Mosesohn
25bff851dd
Merge pull request #1136 from adidenko/fix-calico-policy-order
...
Move calico-policy-controller into separate role
2017-03-17 17:32:14 +03:00
Aleksandr Didenko
3a39904011
Move calico-policy-controller into separate role
...
By default Calico CNI does not create any network access policies
or profiles if 'policy' is enabled in CNI config. And without any
policies/profiles network access to/from PODs is blocked.
K8s related policies are created by calico-policy-controller in
such case. So we need to start it as soon as possible, before any
real workloads.
This patch also fixes kube-api port in calico-policy-controller
yaml template.
Closes #1132
2017-03-17 11:21:52 +01:00
Matthew Mosesohn
a52064184e
Condense resolvconf sources before starting loop
2017-03-17 13:06:56 +03:00
Matthew Mosesohn
0b49eeeba3
Update calico to 1.1.0-rc8
...
Fixes bug in CentOS/RHEL in felix related to overlayfs driver.
2017-03-16 19:23:36 +03:00
Matthew Mosesohn
b0830f0cd7
Merge pull request #1087 from bradbeam/openstack
...
Adding openstack domain id
2017-03-16 17:53:14 +03:00
Matthew Mosesohn
565d4a53b0
Merge pull request #1108 from idcrook/issue_1107-docker-versioning
...
Adding Docker CE 'stable' and 'edge' version packages
2017-03-16 16:32:13 +03:00
Matthew Mosesohn
8195957461
Merge branch 'master' into idempotency2
2017-03-16 09:29:43 +03:00
Matthew Mosesohn
02fed4a082
Merge pull request #1138 from mattymo/idempotency-fixes
...
Idempotency fixes for etcd certs and resolvconf tasks
2017-03-16 09:20:28 +03:00
Matthew Mosesohn
a422ad0d50
More idempotency fixes
...
Fixed sync_tokens fact
Fixed sync_certs for k8s tokens fact
Disabled register docker images changability
Fixed CNI dir permission
Fix idempotency for etcd pre upgrade checks
2017-03-15 19:06:39 +03:00
Matthew Mosesohn
096d96e344
Merge pull request #1137 from holser/bug/1135
...
Turn on iptables for flannel
2017-03-15 17:06:42 +03:00
Matthew Mosesohn
4354162067
Merge pull request #1080 from VincentS/Granular_Auth_Control
...
Granular authentication Control
2017-03-15 13:12:51 +03:00
Matthew Mosesohn
a62a444229
Merge pull request #1117 from mattymo/etcd3-upgrade
...
Migrate k8s data to etcd3 api store
2017-03-15 12:56:06 +03:00
Matthew Mosesohn
f6b72fa830
Make resolvconf preinstall idempotent
2017-03-15 01:20:13 +04:00
Sergii Golovatiuk
9667e8615f
Turn on iptables for flannel
...
Closes : #1135
Closes : #1026
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-03-14 17:54:55 +01:00
Vincent Schwarzer
026da060f2
Granular authentication Control
...
It is now possible to deactivate selected authentication methods
(basic auth, token auth) inside the cluster by adding
removing the required arguments to the Kube API Server and generating
the secrets accordingly.
The x509 authentification is currently not optional because disabling it
would affect the kubectl clients deployed on the master nodes.
2017-03-14 16:57:35 +01:00
Matthew Mosesohn
3feab1cb2d
Merge pull request #1134 from mattymo/1.6-support
...
Explicitly set cni-bin-dir
2017-03-14 17:53:08 +03:00
Matthew Mosesohn
804e9a09c0
Migrate k8s data to etcd3 api store
...
Default backend is now etcd3 (was etcd2).
The migration process consists of the following steps:
* check if migration is necessary
* stop etcd on first etcd server
* run migration script
* start etcd on first etcd server
* stop kube-apiserver until configuration is updated
* update kube-apiserver
* purge old etcdv2 data
2017-03-14 17:50:20 +03:00
Matthew Mosesohn
4c6829513c
Fix etcd idempotency
2017-03-14 17:23:29 +03:00
Matthew Mosesohn
4038954f96
Merge pull request #1078 from VincentS/oidc_support
...
Added Support for OpenID Connect Authentication
2017-03-14 12:07:21 +03:00
Matthew Mosesohn
52a6dd5427
Explicitly set cni-bin-dir
2017-03-13 20:13:21 +03:00
Matthew Mosesohn
c301dd5d94
Merge pull request #1118 from mattymo/noderolelabels
...
Add node labels in kubelet
2017-03-13 19:04:21 +03:00
Cesarini, Daniele
69636d2453
Adding /O=system:masters to admin certificate
...
Issue #1125 . Make RBAC authorization plugin work out of the box.
"When bootstrapping, superuser credentials should include the system:masters group, for example by creating a client cert with /O=system:masters. This gives those credentials full access to the API and allows an admin to then set up bindings for other users."
2017-03-08 14:42:25 +00:00
David Crook
a52e1069ce
updated debian and ubuntu package names based on testing
...
docker-ce is not the .deb package until the repositories are switched over to new "downloads" docker webserver
2017-03-06 16:54:39 -07:00
David Crook
a8e5002aeb
removed irrelevant comments
2017-03-06 16:02:53 -07:00
David Crook
c515a351c6
Merge branch 'master' into issue_1107-docker-versioning
2017-03-06 16:00:31 -07:00
Brad Beam
d04fbf3f78
Removing cloud_provider tag to fix scenario where cloud_provider is not defined
2017-03-06 10:52:38 -06:00
Matthew Mosesohn
54207877bd
Add node labels in kubelet
...
Related-issue: https://github.com/kubernetes/community/issues/300
Upgraded nodes do not obtain labels automatically.
See https://github.com/kubernetes/kubernetes/pull/29459 for more details.
2017-03-06 17:18:42 +03:00
Vincent Schwarzer
b075960e3b
Added Support for OpenID Connect Authentication
...
To use OpenID Connect Authentication beside deploying an OpenID Connect
Identity Provider it is necesarry to pass additional arguments to the Kube API Server.
These required arguments were added to the kube apiserver manifest.
2017-03-06 12:40:35 +01:00
Antoine Legrand
85596c2610
Merge pull request #1045 from bradbeam/vsphere
...
Adding vsphere cloud provider support
2017-03-06 12:34:05 +01:00
Antoine Legrand
ee5f009b95
Merge pull request #1112 from mattymo/skip_vault_if_disabled
...
Disable vault role properly on ansible 2.2.0
2017-03-06 11:27:53 +01:00
Matthew Mosesohn
45274560ec
Disable vault role properly on ansible 2.2.0
...
when condition does not seem to work correctly at playbook
level for ansible 2.2.0.
2017-03-05 00:43:01 +04:00
Matthew Mosesohn
02a8e78902
Remove standalone etcd specific play, cleanup host mode
...
Now etcd role can optionally disable etcd cluster setup for faster
deployment when it is combined with etcd role.
2017-03-04 00:34:26 +04:00
Matthew Mosesohn
8f3d9e93ce
Merge pull request #1111 from mattymo/use_find_for_certs
...
Use find module for checking for certificates
2017-03-03 20:08:33 +03:00
Matthew Mosesohn
d176818c44
Use find module for checking for certificates
...
Also generate certs only when absent on master (rather than
when absent on target node)
2017-03-03 16:21:01 +03:00
Bogdan Dobrelya
aeec0f9a71
Merge pull request #1071 from vijaykatam/atomic_host
...
Add support for atomic host
2017-03-03 13:03:59 +01:00
Matthew Mosesohn
08a02af833
Merge pull request #1075 from VincentS/loadbalancer_aws
...
Possibility to add Loadbalancers without static IP (e.g. AWS ELB) #1074
2017-03-03 14:07:22 +03:00
David Crook
3f4a375ac4
first pass at adding 'stable' and 'edge' version packages
...
- Only have ubuntu to test on
- fedora and redhat are placeholders/guesses
- the "old" package repositories seem to have the "new" CE version which is `1.13.1` based
- `docker-ce` looks like it is named as a backported `docker-engine` package in some
places
- Did not change the `defaults` version anywhere, so should work as before
- Did not point to new package repositories, as existing ones have the new packages.
2017-03-02 13:48:09 -07:00
Matthew Mosesohn
5ebc9a380c
Merge pull request #1060 from holser/etcdv3
...
Allow to specify etcd backend for kube-api
2017-03-02 17:24:09 +03:00
Matthew Mosesohn
6453650895
Merge pull request #1093 from mattymo/scaledns
...
Add autoscalers for dnsmasq and kubedns
2017-03-02 16:58:56 +03:00
Matthew Mosesohn
9cb12cf250
Add autoscalers for dnsmasq and kubedns
...
By default kubedns and dnsmasq scale when installed.
Dnsmasq is no longer a daemonset. It is now a deployment.
Kubedns is no longer a replicationcluster. It is now a deployment.
Minimum replicas is two (to enable rolling updates).
Reduced memory erquirements for dnsmasq and kubedns
2017-03-02 13:44:22 +03:00
Vincent Schwarzer
68e8d74545
Changes based on feedback (additional ansible checks)
2017-03-02 11:04:10 +01:00
Vincent Schwarzer
fc054e21f6
Modified how adding LB for the Kube API is handled (AWS)
...
Until now it was not possible to add an API Loadbalancer
without an static IP Address. But certain Loadbalancers
like AWS Elastic Loadbalanacer dontt have an fixed IP address.
With this commit it is possible to add these kind of Loadbalancers
to the Kargo deployment.
2017-03-02 11:04:10 +01:00
Matthew Mosesohn
efbb5b2db3
Merge pull request #1101 from retr0h/docker-1.13.1
...
Use docker-engine 1.13.1
2017-03-02 12:31:58 +03:00
John Dewey
a43569c8a5
Use docker-engine 1.13.1
...
The default version of Docker was switched to 1.13 in #1059 . This
change also bumped ubuntu from installing docker-engine 1.13.0 to
1.13.1. This PR updates os families which had 1.13 defined, but
were using 1.13.0.
The impetus for this change is an issue running tiller 1.2.3 on
docker 1.13.0. See discussion [1][2].
[1] https://github.com/kubernetes/helm/issues/1838
[2] https://github.com/kubernetes-incubator/kargo/pull/1100
2017-03-01 12:53:39 -08:00
Matthew Mosesohn
a5cd73d047
Merge pull request #959 from galthaus/host-mode-restart
...
Restart kube-controller for host_resolvconf mode
2017-03-01 20:54:21 +03:00
Vijay Katam
a0b1eda1d0
Add support for atomic host
...
Updates based on feedback
Simplify checks for file exists
remove invalid char
Review feedback. Use regular systemd file.
Add template for docker systemd atomic
2017-03-01 09:38:19 -08:00
Antoine Legrand
77e5171679
Merge pull request #1076 from VincentS/etcd_openssl_count_fix
...
Fixed counter in ETCD Openssl.conf
2017-03-01 14:17:27 +01:00
Bogdan Dobrelya
0c66418dad
Merge pull request #1090 from artem-panchenko/calicoAcceptHostEndpointConnections
...
Allow connections from pods to local endpoints
2017-03-01 13:37:05 +01:00
Artem Panchenko
fa05d15093
Allow connections from pods to local endpoints
...
By default Calico blocks traffic from endpoints
to the host itself by using an iptables DROP
action. It could lead to a situation when service
has one alive endpoint, but pods which run on
the same node can not access it. Changed the action
to RETURN.
2017-03-01 09:21:02 +02:00
Matthew Mosesohn
cbaa6abdd0
Merge pull request #1066 from bradbeam/rkt-kubelet-cloudprovider
...
Adding KUBELET_CLOUDPROVIDER to kubelet.rkt.service
2017-02-28 20:02:56 +03:00
Sergii Golovatiuk
295103adc0
Allow to specify etcd backend for kube-api
...
Kubernetes project is about to set etcdv3 as default storage engine in
1.6. This patch allows to specify particular backend for
kube-apiserver. User may force the option to etcdv3 for new environment.
At the same time if the environment uses v2 it will continue uses it
until user decides to upgrade to v3.
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-28 17:13:22 +01:00
Sergii Golovatiuk
d31c040dc0
Change kube-api default port from 443 to 6443
...
Operator can specify any port for kube-api (6443 default) This helps in
case where some pods such as Ingress require 443 exclusively.
Closes: 820
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-28 15:45:35 +01:00
Brad Beam
8a63b35f44
Adding flag for docker container in kubelet w/ rkt
2017-02-28 07:55:12 -06:00
Brad Beam
bfff06d402
Adding KUBELET_CLOUDPROVIDER to kubelet.rkt.service
2017-02-28 06:29:35 -06:00
Matthew Mosesohn
21d3d75827
Merge pull request #1086 from bradbeam/lowermem
...
Lower default memory requests
2017-02-28 13:37:28 +03:00
Brad Beam
30a9899262
Making openstack domain name optional
2017-02-27 21:19:27 -06:00
Xavier Lange
dd10b8a27c
Bug fix: support kilo's keystone requirement for domain-name, extracts from ENV var
2017-02-27 21:18:30 -06:00
Brad Beam
dbf13290f5
Updating vsphere cloud provider support
2017-02-27 15:08:04 -06:00
Sergii Golovatiuk
f9ff93c606
Make etcd data dir configurable.
...
Closes : #1073
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-27 21:35:51 +01:00
Jan Jungnickel
df476b0088
Initial support for vsphere as cloud provider
2017-02-27 12:51:41 -06:00
Brad Beam
56664b34a6
Lower default memory requests
...
This is to address out of memory issues on CI as well as help
fit deployments for people starting out with kargo on smaller
machines
2017-02-27 10:53:43 -06:00
Vincent Schwarzer
0cbc3d8df6
Fixed counter in ETCD Openssl.conf
...
When a apiserver_loadbalancer_domain_name is added to the Openssl.conf
the counter gets not increased correctly. This didnt seem to have an
effect at the current kargo version.
2017-02-27 12:01:09 +01:00
Bogdan Dobrelya
27b4e61c9f
Merge pull request #946 from neith00/master
...
Using the command module instead of raw
2017-02-27 10:59:53 +01:00
Bogdan Dobrelya
069606947c
Merge pull request #1063 from bogdando/fix
...
Align LB defaults with the HA docs
2017-02-27 10:14:42 +01:00
Sergii Golovatiuk
00cfead9bb
Increase SSL TTL to 3650 days
...
In real scenarios 365 days is short period of time. 3650 days is good
enough for long running k8s environments
2017-02-24 15:38:13 +01:00
Antoine Legrand
c7d61af332
Comment all variables in group_vars
2017-02-23 14:02:57 +01:00
Antoine Legrand
5f7607412b
Add default var role
2017-02-23 12:07:17 +01:00
Bogdan Dobrelya
f2a4619c57
Align LB defaults with the HA docs
...
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-02-23 10:32:44 +01:00
Bogdan Dobrelya
712872efba
Rework inventory all by real groups' vars
...
* Leave all.yml to keep only optional vars
* Store groups' specific vars by existing group names
* Fix optional vars casted as mandatory (add default())
* Fix missing defaults for an optional IP var
* Relink group_vars for terraform to reflect changes
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-02-23 09:43:42 +01:00
Matthew Mosesohn
8cbf3fe5f8
Merge pull request #1020 from mattymo/synthscale
...
Add synthetic scale deployment mode
2017-02-22 19:15:46 +03:00
Matthew Mosesohn
02137f8cee
Merge pull request #1059 from holser/docker_iptables
...
iptables switch for docker
2017-02-22 08:23:58 +03:00
Ivan Shvedunov
0006e5ab45
Fix shell special vars
2017-02-21 22:22:40 +03:00
Matthew Mosesohn
d821448e2f
Merge branch 'master' into synthscale
2017-02-21 22:17:43 +03:00
Sergii Golovatiuk
3bd46f7ac8
Switch docker to 1.13
...
- Remove variable dup for Ubuntu
- Update Docker to 1.13
2017-02-21 19:10:34 +01:00
Matthew Mosesohn
0afadb9149
Merge pull request #1046 from skyscooby/pedantic-syntax-cleanup
...
Cleanup legacy syntax, spacing, files all to yml
2017-02-21 17:03:16 +03:00
Matthew Mosesohn
d4f15ab402
Merge pull request #1055 from mattymo/etcd-preupgrade-speedup
...
speed up etcd preupgrade check
2017-02-21 12:51:42 +03:00
Matthew Mosesohn
527e030283
Merge pull request #1058 from holser/update_calico_cni
...
Update calico-cni to 1.5.6
2017-02-20 23:09:47 +03:00
Matthew Mosesohn
042d094ce7
Merge pull request #1034 from rutsky/fix-openssl-lb-index
...
fix load balancer DNS name index evaluation in openssl.conf
2017-02-20 20:23:26 +03:00
Matthew Mosesohn
3cc1491833
Merge branch 'master' into pedantic-syntax-cleanup
2017-02-20 20:19:38 +03:00
Matthew Mosesohn
d19e6dec7a
speed up etcd preupgrade check
2017-02-20 20:18:10 +03:00
Sergii Golovatiuk
a2cbbc5c4f
Update calico-cni to 1.5.6
...
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-20 17:14:45 +01:00
Abel Lopez
0bfc2d0f2f
Safe disable SELinux
...
Sometimes, a sysadmin might outright delete the SELinux rpms and
delete the configuration. This causes the selinux module to fail
with
```
IOError: [Errno 2] No such file or directory: '/etc/selinux/config'\n",
"module_stdout": "", "msg": "MODULE FAILURE"}
```
This simply checks that /etc/selinux/config exists before we try
to set it Permissive.
Update from feedback
2017-02-18 11:54:25 -08:00
Matthew Mosesohn
475a42767a
Suppress logging for download image
...
This generates too much output and during upgrade scenarios
can bring us over the 4mb limit.
2017-02-18 19:10:26 +04:00
Matthew Mosesohn
a21eb036ee
Add no_log to cert tar tasks
...
This works around 4MB limit for gitlab CI runner.
2017-02-18 14:09:57 +04:00