Sergey Vasilenko
fbe7b1cd2c
Bump Calico-CNI plugin binaries versions
...
and correct checksums
2016-10-07 13:14:46 +03:00
Sergey Vasilenko
c410680b34
Changes in Kubernetes and Calico-CNI plugin config files
...
required for usage of Calico CNI plugin version 1.4.2
2016-10-06 19:33:16 +03:00
Smaine Kahlouch
9df4502909
Merge pull request #528 from kubespray/proxy-nginx
...
Use nginx proxy on non-master nodes to proxy apiserver traffic
2016-10-05 19:19:32 +02:00
Matthew Mosesohn
73066f308d
use nginx proxy on non-master nodes to proxy apiserver traffic
...
Also adds all masters by hostname and localhost/127.0.0.1 to
apiserver SSL certificate.
Includes documentation update on how localhost loadbalancer works.
2016-10-05 20:09:10 +03:00
Smaine Kahlouch
3faeffc294
Merge pull request #491 from kubespray/calicopools
...
Allow calico to configure pool if tree exists, but no pools defined
2016-10-05 17:12:26 +02:00
Smaine Kahlouch
4bc31798e0
Merge pull request #522 from anthonyhaussman/KubeVersionDefaults
...
Move kube_version var to defaults
2016-10-05 17:11:59 +02:00
Matthew Mosesohn
de543fed5f
Merge branch 'master' into reverselookups
2016-10-05 14:46:47 +03:00
Matthew Mosesohn
5fdfc25657
Enable quorum read for apiserver
...
This reduces the likelihood of apiserver status updates
timing out due to etcd write conflicts.
2016-10-04 18:31:42 +03:00
Aleksandr Didenko
40a94947c8
Add support for --masquerade-all in kube-proxy
...
New boolean var `kube_proxy_masquerade_all` which enables/disables
`--masquerade-all` argument for kube-proxy.
Closes #524
2016-10-03 12:24:43 +02:00
Bogdan Dobrelya
1990f8bec5
Skip download_run_once for binaries as unimplemented yet
...
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-30 10:55:02 +02:00
Matthew Mosesohn
0cbafa2d4b
add kube-masters to SSL certificate
2016-09-29 15:12:30 +03:00
Smaine Kahlouch
0bd3081219
Merge pull request #502 from adidenko/custom-calico-hyperkube
...
Allow to use custom "canalized" calico cni
2016-09-29 13:29:49 +02:00
Smaine Kahlouch
490f613359
Merge pull request #515 from adidenko/fix-delegate-to
...
Fix delegate_to expression in download tasks
2016-09-29 10:36:44 +02:00
Matthew Mosesohn
fa11a6876c
Disable reverse lookups again
...
Initially this was removed, but it turns out that services that
perform reverse lookups (such as MariaDB) will encounter severe
performance degredation with this disabled.
2016-09-29 10:49:55 +04:00
Aleksandr Didenko
c12b06839a
Allow to use custom "canalized" calico cni
...
- Allow to overwrite calico cni binaries copied from hyperkube
by the custom ones.
- Fix calico-ipam deployment (it had wrong source in rsync)
- Make copy from hyperkube idempotent (use rsync instead of cp)
- Remove some orphaned comments
2016-09-28 18:09:20 +02:00
Anthony Haussmann
f9a18460d3
Move kube_version var to defaults
...
Move the variable kube_version to defaults to have the possibility to overwrite it via group_vars inventory if needed.
2016-09-28 16:15:18 +02:00
Smaine Kahlouch
9146b8917d
Merge pull request #521 from anthonyhaussman/MethodBoolUseCNI
...
Change method to set use_hyperkube_cni var bool
2016-09-28 12:24:53 +02:00
Smaine Kahlouch
ffe882315a
Merge pull request #518 from bogdando/issues/516
...
Allow subdomains of dns_domain and fix kubelet restarts
2016-09-28 10:11:44 +02:00
Anthony Haussmann
5b021ed438
Change method to set use_hyperkube_cni var bool
...
The precedent method returb a string "True\n" or "False\n", it seems to be an Ansible bug.
New method return a boolean
2016-09-27 16:41:09 +02:00
Smaine Kahlouch
63d5ac91ad
Merge pull request #519 from bogdando/fix_containers_download
...
Fix containers download condition
2016-09-27 15:23:50 +02:00
Bogdan Dobrelya
6ab133d0a3
Allow subdomains of dns_domain and fix kubelet restarts
...
* Add a var for ndots (default 5) and put it hosts' /etc/resolv.conf.
* Poke kube dns container image to v1.7
* In order to apply changes to kubelet, notify it to
be restarted on changes made to /etc/resolv.conf. Ignore errors as the kubelet
may yet to be present up to the moment of the notification being processed.
* Remove unnecessary kubelet restart for master role as the node role ensures
it is up and running. Notify master static pods waiters for apiserver,
scheduler, controller-manager instead.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-27 14:32:49 +02:00
Smana
c60d8111f6
use variable dns_domain instead of cluster_name for kubedns
2016-09-27 14:15:27 +02:00
Bogdan Dobrelya
130d66d24d
Fix containers download condition
...
Save/push/load containers if only download.enabled and download.container
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-27 13:44:29 +02:00
Aleksandr Didenko
c7249e1a45
Fix delegate_to expression in download tasks
...
"else omit" is causing problems in this expression. Replacing
it with more strict "inventory_hostname" fixes the issue and
handles `download_run_once` as expected.
Closes issue #514
2016-09-27 11:25:24 +02:00
Smaine Kahlouch
5a6424d7a2
Merge pull request #507 from anthonyhaussman/KubeDNSCorrection
...
Correct nslookup command
2016-09-26 13:58:00 +02:00
Smaine Kahlouch
e3fe648de6
Merge pull request #509 from kubespray/cnicopyweave
...
Copy hyperkube CNI plugins when using weave
2016-09-26 13:54:02 +02:00
Matthew Mosesohn
1494238ab1
Add Docker 1.12.1 version
2016-09-26 12:16:16 +03:00
Matthew Mosesohn
6bf2a80dcd
Copy hyperkube CNI plugins when using weave
2016-09-26 12:02:19 +03:00
Anthony Haussmann
83a6c5cf61
Correct nslookup command
...
Change nslookup command to check the right cluster_name
2016-09-23 17:44:09 +02:00
Bogdan Dobrelya
2908f92524
Fix docs and dns servers placement order
...
- Update docs and a drawing to clarify DNS setup.
- Change order of nameservers placement to match
changes in https://github.com/kubespray/kargo/pull/501
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-23 16:16:00 +02:00
Bogdan Dobrelya
34d0c5c676
Make dnsmasq daemon set optional
...
Change additional dnsmasq opts:
- Adjust caching size and TTL
- Disable resolve conf to not create loops
- Change dnsPolicy to default (similarly to kubedns's dnsmasq). The
ClusterFirst should not be used to not create loops
- Disable negative NXDOMAIN replies to be cached
- Make its very installation as optional step (enabled by default).
If you don't want more than 3 DNS servers, including 1 for K8s, disable
it.
- Add docs and a drawing to clarify DNS setup.
- Fix stdout logs for dnsmasq/kubedns app configs
- Add missed notifies to resolvconf -u handler
- Fix idempotency of resolvconf head file changes
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-23 12:59:06 +02:00
Matthew Mosesohn
abb56c21a7
Improve management of nameservers in resolv.conf
...
Changing nameservers now will clean up previous entries
2016-09-22 18:11:15 +03:00
Özgür Caner
34e467c60e
Changed ImagePullPolicy from Always to IfNotPresent to avoid download issue when DNS is not working
2016-09-20 10:34:44 +02:00
Matthew Mosesohn
cf519ef3a8
Allow calico to configure pool if tree exists, but no pools defined
2016-09-19 15:27:47 +03:00
Smaine Kahlouch
0360ccadd4
Merge pull request #493 from ivan4th/fix-reverse-dns-lookups
...
Fix reverse DNS lookups of service IPs.
2016-09-19 14:20:15 +02:00
Smaine Kahlouch
e843f7f89c
Merge pull request #494 from kubespray/etcd_proxy_fix
...
always bind etcd_proxy to localhost
2016-09-19 14:19:55 +02:00
Smaine Kahlouch
5a53a462b8
Merge pull request #489 from lukaszo/patch-1
...
Add socat do required pkgs
2016-09-19 12:19:46 +02:00
Smaine Kahlouch
bc8bba5b6b
Merge pull request #486 from kubespray/etchosts
...
switch /etc/hosts to use blockinfile
2016-09-19 12:19:37 +02:00
Ivan Shvedunov
4ef97d9df4
Fix reverse DNS lookups of service IPs.
...
This fixes "DNS should provide DNS for services [Conformance]"
e2e test in k8s.
2016-09-19 09:12:10 +03:00
Matthew Mosesohn
189b77def2
always bind etcd_proxy to localhost
2016-09-18 19:58:15 +04:00
Bogdan Dobrelya
a67e3a3e40
Fix use_hyperkube_cni logic
...
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-16 13:07:04 +02:00
Bogdan Dobrelya
ae8e5908ef
Add retry_stagger var for failed download/pushes.
...
* Add the retry_stagger var to tweak push and retry time strategies.
* Add large deployments related docs.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-15 16:43:58 +02:00
Bogdan Dobrelya
a90e1c8a54
Distribute downloaded artifacts
...
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-15 16:43:56 +02:00
Bogdan Dobrelya
da71ad9375
Download containers and save all
...
Move version/repo vars to download role.
Add container to download params, which overrides url/source_url,
if enabled.
Fix networking plugins download depending on kube_network_plugin.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-15 16:43:56 +02:00
Matthew Mosesohn
43410e21ef
Fix logic handling for use_hyperkube_cni
2016-09-15 16:09:40 +03:00
Łukasz Oleś
93ede98de9
Add socat do required pkgs
...
It's required for port forwarding.
2016-09-14 21:27:33 +02:00
Matthew Mosesohn
fe20ee647c
switch /etc/hosts to use blockinfile
2016-09-14 19:43:33 +03:00
Smaine Kahlouch
22750749a8
Merge pull request #483 from kubespray/fix_idempotency_kubedns
...
Fix kubedns idempotency
2016-09-14 13:02:02 +02:00
Smaine Kahlouch
0bc957a689
Merge pull request #481 from bogdando/issue/479
...
Add retries for copying binaries from containers and packages
2016-09-14 10:04:32 +02:00
Bogdan Dobrelya
ddf628bccf
Add retries for packages installation
...
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-13 18:12:07 +02:00
Matthew Mosesohn
fb8b185ca9
Fix kubedns idempotency
...
Removed api-version from kube.py because it is deprecated.
Updating both kube.py because dnsmasq one is actually used.
Fixed name back to kubedns for checking its resource.
2016-09-13 16:49:51 +03:00
Bogdan Dobrelya
97c14ec8b7
Add retries for copying binaries from containers
...
Closes issue: https://github.com/kubespray/kargo/issues/479
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-13 15:09:34 +02:00
Anthony Haussmann
474413d7e3
Delete default variable use_hyperkube_cni
...
The variable is now set via a task depending of the version of kube
2016-09-13 14:59:50 +02:00
Anthony Haussmann
1a3955e7b6
Determine hyperkube cni to use
...
Starting from version 1.3.4 of hyperkube, calico is "canalized" which requires flannel and hostonly cni plugins.So we let hyperkube ship necessary cni
2016-09-13 14:58:29 +02:00
Antoine Legrand
604bf36acb
Merge pull request #465 from kubespray/freeze_kpm_version
...
Multiple app deploy tools
2016-09-08 22:01:52 +02:00
Antoine Legrand
c6af85e0df
App deployer plugins
2016-09-08 15:01:57 +02:00
Antoine Legrand
a85454ea75
Merge pull request #473 from kubespray/bootsrap
...
Bootstrap
2016-09-08 14:54:08 +02:00
Antoine Legrand
e128636706
Bootstrap os
2016-09-07 20:19:46 +02:00
Özgür Caner
3c0f5bccc0
Changed apt to apt-get
2016-09-07 20:13:15 +02:00
Özgür Caner
45f6cb013f
Added bootstrap script for Ubuntu 16.04 LTS and later
2016-09-07 20:13:05 +02:00
Brandon B. Jozsa
9ab071c78f
combine bootstrap options, add xenial support
2016-09-06 10:04:41 -04:00
Matthew Mosesohn
3ae3104ca6
Reset replicacluster name of kube-dns-v19 back to kubedns
...
This broke upgraded clusters
2016-09-06 16:43:17 +03:00
Matthew Mosesohn
ed5f8aeec8
Rename kube-dns back to kubedns
...
kubedns should stay named the same so that services which
depend on this name are not broken.
2016-09-02 15:09:49 +04:00
Spencer Smith
97a3b66441
remove dependency on kpm for kubedns
2016-09-01 10:01:15 -07:00
Bogdan Dobrelya
008cd1b566
Fix updating resolvconf
...
Move updating resolvconf to the network restart handler to
ensure changes applied to the /etc/resolv.conf.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-01 11:10:26 +02:00
Smaine Kahlouch
0fb2580058
Merge pull request #461 from kubespray/issue-369
...
Issue 369
2016-08-31 15:09:33 +02:00
Smaine Kahlouch
41ed8bcabd
Merge pull request #458 from kubespray/issue456
...
Remove search and nameserver entries from resolvconf base
2016-08-31 13:15:30 +02:00
Matthew Mosesohn
0847e893ca
Disable calicoctl from creating a default pool
...
Sometimes invoking calicoctl to create a pool also
creates a default pool, which causes errors in deploy.
2016-08-31 12:54:05 +03:00
Spencer Smith
246d4aa105
ensure docker.service.d exists
2016-08-30 09:34:34 -07:00
Spencer Smith
c7bcbba17c
incorrect file name
2016-08-30 09:26:14 -07:00
Spencer Smith
e0a6bc96f1
lay down a systemd dropin instead of the /run/flannel_docker_opts.env symlink
2016-08-30 09:17:41 -07:00
Matthew Mosesohn
a67a69df3c
Remove search and nameserver entries from resolvconf base
...
These items conflict when they are provided also in head file
Fixes : #456
2016-08-30 13:14:44 +03:00
Smana
202a261108
fix etcd checksum
2016-08-29 19:09:08 +02:00
Smaine Kahlouch
6c8a5534c6
Merge pull request #449 from kubespray/fixapiserverplugins
...
Remove SecurityContextDeny API plugin
2016-08-29 18:58:53 +02:00
Smaine Kahlouch
599e829919
Merge pull request #448 from kubespray/etcdnosync
...
Add --no-sync to etcdctl member list
2016-08-29 18:58:14 +02:00
Matthew Mosesohn
2af778044d
Rebase etcd to v3.0.6
...
Fixes #450
2016-08-29 15:31:05 +03:00
Matthew Mosesohn
526a5c05e7
Remove SecurityContextDeny API plugin
...
This is no longer recommended for use since K8s 1.2:
http://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-plug-ins-to-use
2016-08-29 14:20:28 +03:00
Matthew Mosesohn
b54aacc62a
Add --no-sync to etcdctl member list
...
Fixes #447
2016-08-29 12:51:43 +03:00
Smaine Kahlouch
108f902ed0
Merge pull request #445 from kubespray/caliconodechoice
...
Enable customization of calico-node docker image
2016-08-28 09:36:06 +02:00
Smana
6dd9884568
upgrade weave version to 1.6.1
2016-08-27 16:04:06 +02:00
Matthew Mosesohn
deb1855171
Enable customization of calico-node docker image
...
New vars: calico_node_image_repo and claico_node_image_tag
Defaults: calico/node and {{ calico_version }}, respectively
2016-08-27 16:25:39 +04:00
Spencer Smith
958bce7c57
ensure bin dir for coreos before anything else
2016-08-26 13:24:47 -04:00
Bogdan Dobrelya
516b55734e
Refactor roles and hosts
...
Shorten deployment time with:
- Remove redundand roles if duplicated by a dependency and vice versa
- When a member of k8s-cluster, always install docker as a dependency
of the etcd role and drop the docker role from cluster.yaml.
- Drop etcd and node role dependencies from master role as they are
covered by the node role in k8s-cluster group as well. Copy defaults
for master from node role.
- Decouple master, node, secrets roles handlers and vars to be used w/o
cross references.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-08-25 13:27:57 +02:00
Smaine Kahlouch
68be52d2ec
Merge pull request #437 from kubespray/issues/429
...
Fix handler triggering for kubelet restart
2016-08-25 11:33:50 +02:00
Bogdan Dobrelya
aec370d0cd
Fix handler triggering for kubelet restart
...
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-08-25 09:12:25 +02:00
Smaine Kahlouch
2f36da4968
Merge pull request #434 from kubespray/issue-426
...
Check only for AWS, wrote some docs on actually using AWS
2016-08-24 21:55:57 +02:00
Spencer Smith
79d749b136
merge with current master, update typos in doc
2016-08-24 09:56:42 -04:00
Spencer Smith
a2fcf0be5d
updated to no longer handle gce as cloud-provider. provided aws setup doc
2016-08-24 09:48:32 -04:00
Bogdan Dobrelya
72ef8c5f09
Fix resolv.conf search/nameserver
...
* Ensure additional nameserver/search, if defined as vars.
* Don't backup changed dhclient hooks as they are going to be
executed by dhclient as well, which is not what we want.
* For debian OS family only:
- Rename nodnsupdate hook the resolvconf hook to be sourced always
before it.
- Ensure dhclient restarted via network restart to apply the
nodnsupdate hook.
* For rhel OS family, the fix TBD, it doesn't work the same way.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-08-24 15:31:57 +02:00
Smana
30ef4842f1
Revert "pass cloud provider flag in all cases, not just openstack"
...
This reverts commit f35e5e864f
.
2016-08-24 14:32:54 +02:00
Smana
333b4f33d6
Revert "Fix resolv.conf search/nameserver"
...
This reverts commit 977f82c32c
.
2016-08-24 12:36:25 +02:00
Smaine Kahlouch
58955ad429
Merge pull request #420 from bogdando/collect_info
...
Adjust collect-info playbook
2016-08-24 10:06:30 +02:00
Spencer Smith
eabb30ff34
pass cloud provider flag in all cases, not just openstack
2016-08-23 13:57:32 -04:00
Bogdan Dobrelya
c719aab312
Adjust collect-info playbook
...
Cleanup collected artifacts,
drop unrelated files/commands.
Always install gitinfos script to binaries for external
use.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-08-23 11:28:27 +02:00
Smaine Kahlouch
703cc15348
Merge pull request #422 from kubespray/issue-421
...
remove host ca-certs, as they aren't necessary
2016-08-23 10:17:38 +02:00
Bogdan Dobrelya
5117069aac
Fix gen-gitinfos.sh
...
Fix the error gen-gitinfos.sh: 57: [: foo: unexpected operator
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-08-23 10:15:30 +02:00
Spencer Smith
e4083280fa
remove host ca-certs, as they aren't necessary
2016-08-22 16:09:33 -04:00
Smaine Kahlouch
42b58c0b1b
Merge pull request #419 from bogdando/fix_322
...
Fix resolv.conf search/nameserver
2016-08-22 13:48:35 +02:00
Bogdan Dobrelya
f1e4caad53
Fix resolv.conf search/nameserver
...
Rename nodnsupdate hook the resolvconf hook to be sourced always
before it.
Ensure dhclient restarted via network restart to apply the
nodnsupdate hook.
Ensure additional nameserver/search, if defined as vars.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-08-22 11:53:44 +02:00
Matthew Mosesohn
a829e0bf67
Restart kubelet if launcher changed
...
Fixes #409
2016-08-18 19:00:05 +03:00