Matthew Mosesohn
3bb8fb6b3e
Add host-based kubelet deployment
...
Kubelet gets copied from hyperkube container and run locally.
2017-05-19 16:54:07 +03:00
Brad Beam
0dc4967e43
Explicitly create cni bin dir
...
If this path doesnt exist, it will cause kubelet to fail to start when
using rkt
2017-04-19 16:00:44 +00:00
Matthew Mosesohn
90e8d4c4ea
Add /var/lib/cni to kubelet
...
Necessary to persist this directory for host-local IPAM used by Canal
Add pre-upgrade task to copy /var/lib/cni out of old kubelet.
2017-04-03 19:38:24 +03:00
Sergii Golovatiuk
77671dbd05
Refactor etcd role
...
- Run docker run from script rather than directly from systemd target
- Refactoring styling/templates
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-03-24 12:34:15 +01:00
Bogdan Dobrelya
543dafa900
Merge pull request #1063 from bogdando/fix
...
Align LB defaults with the HA docs
2017-02-27 10:14:42 +01:00
Bogdan Dobrelya
18cb160be6
Align LB defaults with the HA docs
...
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-02-23 10:32:44 +01:00
Andrew Greenwood
756003a30e
Cleanup legacy syntax, spacing, files all to yml
...
Migrate older inline= syntax to pure yml syntax for module args as to be consistant with most of the rest of the tasks
Cleanup some spacing in various files
Rename some files named yaml to yml for consistancy
2017-02-17 16:22:34 -05:00
Brad Beam
2a3dee5f90
Adding support for proxy w/ rkt kubelet
2017-02-14 08:09:49 -06:00
Sergii Golovatiuk
5494d608e5
Set ssl_ca_dirs for rkt based on fact
...
Since systemd kubelet.service has {{ ssl_ca_dirs }}, fact should be
gathered before writing kubelet.service.
Closes : #1007
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-13 13:28:29 +01:00
Josh Conant
764ad6e099
Vault security hardening and role isolation
2017-02-08 21:41:36 +00:00
Matthew Mosesohn
7a9161d462
Prevent dynamic port allocation in nodePort range
...
kube_apiserver_node_port_range should be accessible only
to kube-proxy and not be taken by a dynamic port allocation.
Potentially temporary if https://github.com/kubernetes/kubernetes/issues/40920
gets fixed.
2017-02-06 20:01:16 +03:00
Brad Beam
9432a5cd73
Adding kubelet in rkt
2017-01-03 14:49:48 -06:00
Bogdan Dobrelya
f16a512aea
Drop non systemd OS types support
...
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-01-02 12:14:03 +01:00
Bogdan Dobrelya
272b506802
Address standalone kubelet config case
...
Also place in global vars and do not repeat the kube_*_config_dir
and kube_namespace vars for better code maintainability and UX.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-13 16:35:53 +01:00
Bogdan Dobrelya
0b1ce03167
Add tags
...
Add tags to allow more granular tasks filtering.
Add generator script for MD formatted tags found.
Add docs for tags how-to.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-09 12:14:28 +01:00
Aleksandr Didenko
512c5b8440
Move CNI config and add MTU support for calico-cni
...
- Move CNI configuration creation for Calico to appropriate
network_plugin role from kubernetes/node.
- Add support for MTU configuration in Calico.
2016-11-15 18:05:11 +01:00
Aleksandr Didenko
2b751c7d77
Fix etcd ssl for canal
...
- Move CNI configuration from `kubernetes/node` role to
`network_plugin/canal`
- Create SSL dir for Canal and symlink etcd SSL files
- Add needed options to `canal-config` configmap
- Run flannel and calico-node containers with proper configuration
2016-11-14 14:49:17 +01:00
Aleksandr Didenko
fec253abaf
Adding support for canal network plugin
...
This patch provides support for Canal network plugin installation
as a self-hosted app, see the following link for details:
https://github.com/tigera/canal/tree/master/k8s-install
2016-11-08 11:04:01 +01:00
Matthew Mosesohn
73066f308d
use nginx proxy on non-master nodes to proxy apiserver traffic
...
Also adds all masters by hostname and localhost/127.0.0.1 to
apiserver SSL certificate.
Includes documentation update on how localhost loadbalancer works.
2016-10-05 20:09:10 +03:00
Matthew Mosesohn
a829e0bf67
Restart kubelet if launcher changed
...
Fixes #409
2016-08-18 19:00:05 +03:00
Matthew Mosesohn
0cdbc13f1e
Deploy kubelet and kube-apiserver as containers
...
kubelet via docker
kube-apiserver as a static pod
Fixed etcd service start to be more tolerant of slow start.
Workaround for kube_version to stay in download role, but not
download an files by creating a new "nothing" download entry.
2016-07-22 16:42:34 +03:00
Smana
fca384e24c
first version of CoreOS on GCE
...
Please enter the commit message for your changes. Lines starting
2016-02-21 00:06:36 +01:00
Smana
a649aa8b7e
use ansible_service_mgr to detect init system
2016-02-13 11:46:53 +01:00
Smana
91fca69aa0
generate secrets on deployment machine
...
test travis with sudo=true instead of required
2016-02-13 06:51:54 +01:00
Smaine Kahlouch
4f92417a5d
split network plugins into distinct roles
2016-02-09 11:42:00 +01:00
Antoine Legrand
b9781fa7c2
Symlink dnsmasq conf
2016-01-26 00:30:29 +01:00
Smaine Kahlouch
baaa6efc2b
workaround_ha_apiserver
2016-01-25 12:07:32 +01:00
ant31
56b92812fa
Fix systemd reload and calico unit
2016-01-25 10:54:07 +01:00
Smaine Kahlouch
4984b57aa2
use rsync instead of command
2016-01-23 18:26:07 +01:00
Smaine Kahlouch
283c4169ac
run apiserver as a service
...
reorder master handlers
typo for sysvinit
2016-01-23 14:21:04 +01:00
Smaine Kahlouch
391413f7e7
missing commits for the PR #86
2016-01-22 17:10:31 +01:00
Smaine Kahlouch
cb59559835
use command instead of synchronize
2016-01-22 16:37:07 +01:00
Antoine Legrand
078b67c50f
Remove downloader host
2016-01-22 09:59:39 +01:00
Antoine Legrand
859f6322a0
Merge branch 'master' into add_set_remote_user
2016-01-19 21:08:52 +01:00
Greg Althaus
10b2466d82
run_once only works if master[0] is first in inventory list
...
of all nodes.
2016-01-19 13:10:54 -06:00
Antoine Legrand
f68d8f3757
Add seT_remote_user in synchronize
2016-01-19 14:20:05 +01:00
Antoine Legrand
9b083b62cf
Rename tasks
2016-01-19 14:20:05 +01:00
Smaine Kahlouch
8127e8f8e8
Flannel running as pod
2016-01-15 13:03:27 +01:00
ant31
f49aa90bf7
fix synchronize pull mode
2016-01-08 11:32:06 +01:00
Antoine Legrand
7913d62749
Merge pull request #44 from ansibl8s/travis
...
Travis tests
2016-01-07 23:46:02 +01:00
Smaine Kahlouch
d5320961e9
enforce user root when sudo is used
2016-01-05 15:33:23 +01:00
ant31
9a03249446
Add travis tests
2016-01-05 12:31:49 +01:00
ant31
8fa0110e28
Remove local dep. downloader
2016-01-04 16:10:29 +01:00
Smaine Kahlouch
6103d673b7
New calico's configuration
2016-01-04 14:30:37 +01:00
Smaine Kahlouch
29bf90a858
review handlers for sysvinit
2016-01-04 14:30:37 +01:00
Smaine Kahlouch
1695682d85
handle sysvinit
2015-12-31 14:05:55 +01:00
Smaine Kahlouch
c9d9ccf025
move network-environment template into node role, required by kubelet
2015-12-29 21:36:51 +01:00
ant31
e378f4fb14
Install calico-plugin before running calico
2015-12-28 22:04:39 +01:00
Smaine Kahlouch
680864f95c
don't sync certs on masters, already done in another task
2015-12-21 14:24:57 +01:00
Smaine Kahlouch
fec1dc9041
A single file for tokens tasks
2015-12-19 11:00:22 +01:00