Commit graph

3402 commits

Author SHA1 Message Date
Florian Ruynat
299e35ebe4
Cleanup unused/erroneous variables (#6003) 2020-04-24 01:54:07 -07:00
spaced
cf1566e8ed
Centos, debian and fedora CRI-O repo (#6008)
* replace removed repo with kubic repository for centos 7

* add crio configuration for centos8

* add crio configurations for debian

* use correct crio version for fedora

* simplify calulation of required crio version
- gives possibility to overwrite

* change default path for runc

* change default for seccomp path

* change default for conmon
2020-04-24 01:18:07 -07:00
spaced
b0484fe3e5
Ubuntu crio repo (#5994)
* declare kubic repo for ubuntu

* do not install crictl twice

* move fedora repo modular tasks to crio_repo file

* move centos repo tasks to crio_repo

* declare crio version matrix for ubuntu

* update documentation crio support for ubuntu
2020-04-22 13:29:45 -07:00
Florian Ruynat
b8cd9403df
Fix nginx template missing latest changes (#6000) 2020-04-22 08:41:52 -07:00
Florent Monbillard
d7df577898
k8s-dns-node-cache 1.15.12 was released (#5999) 2020-04-22 07:43:53 -07:00
Maxime Guyot
09bccc97ba
Add CRI-O CI (#5460) 2020-04-22 06:09:52 -07:00
Florian Ruynat
1c187e9729
Downgrade coredns to 1.6.5 due to upgrade errors while migrating coredns configmap (Corefile) (#5960) 2020-04-22 05:27:52 -07:00
Florian Ruynat
ca45d5ffbe
Fix retries keyword missing until instruction (#5989) 2020-04-21 07:20:56 -07:00
Victor Morales
2bec26dba5
Add proxy support to CRI-O service (#4607)
* Add proxy support to CRI-O service

The crio.service requires proxy environment variables when it's
deployed behind a corporated network. This change creates a systemd
configuration file when the proxy variables are defined.

* Remove unnecesary crio's tasks
2020-04-21 04:12:55 -07:00
Pierre Lebrun
03c8d0113c
Add vSphere external cloud provider (#5959) 2020-04-20 08:47:39 -07:00
Lovro Seder
536606c2ed
Fix kube-proxy ds win nodeselector check for 1.17 (#5982)
* Fix kube-proxy ds nodeselector for older versions

* Fix for ansible-lint
2020-04-20 08:43:39 -07:00
Sergey
6e29a47784
generate flannel manifest only on first master (#5983) 2020-04-20 01:33:38 -07:00
Sergey
baff4e61cf
remove image flannel cni (#5980) 2020-04-19 06:13:37 -07:00
Florian Ruynat
32fec3bb74
Update minor version for tools (helm, busybox, registry etc...) (#5961) 2020-04-18 07:59:36 -07:00
Maxime Guyot
3134dd4c0d
Drop support for Fedora 28 and add Fedora 30 and 31 (#5969) 2020-04-18 06:35:36 -07:00
Sergey
6318bb9f96
Return the ability to start control plain from the hyperkube image (#5422) 2020-04-18 05:59:36 -07:00
Florian Ruynat
8618a3119b
Fix selector check for windows (#5974) 2020-04-18 00:41:35 -07:00
Victor Morales
7930f6fa0a
Ensure /etc/sysconfig/proxy for openSUSE bootstrap (#5445)
The playbook that bootstrap openSUSE servers assumes that the
/etc/sysconfig/proxy file exists but the execution fails when
these file is not present. This change guarantees its existence.
2020-04-17 14:23:35 -07:00
Florian Ruynat
49bd208026
Update hashes (1.18.2/1.17.5/1.16.9) and set default to 1.17.5 (#5967) 2020-04-17 06:55:07 -07:00
Florian Ruynat
83fe607f62
Cleanup deprecated labels beta.kubernetes.io/arch and beta.kubernetes.io/os (#5964) 2020-04-17 05:51:06 -07:00
Maxime Guyot
0924c2510c
Use role to copy CNI bin (#5953) 2020-04-16 10:06:45 -07:00
Sergey
35f248dff0
assembly fallback_ips and no_proxy var only one time on localhost and… (#5957)
* assembly fallback_ips and no_proxy var only one time on localhost and populate result on all hosts

* add tag always, fix ansible lint errors

* workaround to mitogen issue dw/mitogen#663

* do not gather fact before install python on coreos like distros

* try to pass docker molecule test
2020-04-16 07:22:47 -07:00
Lovro Seder
b09fe64ff1
Calculate inventory list only once (#5956) 2020-04-16 06:12:45 -07:00
Florent Monbillard
54debdbda2
Generate unique username per cluster in client kubeconfig (#5943)
* Generate unique username per cluster

* rename admin kubeconfig shell output to raw_admin_kubeconfig

* Make the linter happy

* Fix lint errors

* Cleaning up tasks
2020-04-16 05:32:45 -07:00
aharrisson
b6341287bb
Add Molecule to Docker role (#5129)
* Add Molecule for container-engine/docker

* Add bootstrap-os to Molecule prepare stage
2020-04-15 23:28:45 -07:00
Pasquale Toscano
00efc63f74
Customize PodSecurityPolicies from inventory (#5920)
* Customize PodSecurityPolicies from inventory

* Fixed yaml indentation
2020-04-15 03:18:02 -07:00
Ryler Hockenbury
b061cce913
Allow configureable vni and port for flannel overlay (#5939) 2020-04-15 03:14:02 -07:00
Florian Ruynat
c929b5e82e
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852) 2020-04-15 03:10:03 -07:00
Florian Ruynat
58f48500b1
Update Flannel manifests, install script and version (0.12) + fix tests scripts (#5937)
* Add CI_TEST_VARS to tests

* Update flannel to 0.12.0 (with new manifests) and disable tx/rx
offloading in networking test
2020-04-14 23:48:02 -07:00
Florian Ruynat
b5125e59ab
update rbac.authorization.k8s.io to non deprecated api-groups (#5517) 2020-04-14 13:14:04 -07:00
Christopher Randles
d316b02d28
else condition required otherwise AnsibleUndefinedVariable is triggered (#5722) 2020-04-14 07:06:12 -07:00
MikeG
7910198b93
fix error in templating in local-path-provisioner (#5950) 2020-04-14 06:52:12 -07:00
Florian Ruynat
45874a23bb
Remove 1.16.x flag for packet_centos7-weave-kubeadm-sep (#5907) 2020-04-11 00:15:48 -07:00
spaced
9c3b573f8e
Cleanup fedora coreos with crio container (#5887)
* fix upgrade of crio on fcos
- update documents

* install conntrack required by kube-proxy
- like commit 48c41bcbe7

* enable fedora modular repo for crio

* allow to override crio configuration
- set cgroup manager same to kubelet_cgroup_driver if defined
- path of seccomp_profile depends on distribution

* allow to override crio configuration
- fix path for ubuntu

* allow to override crio configuration
- fix cni path for fcos
2020-04-10 23:51:47 -07:00
Chris
883194afec
Fix Cilium permissions (#5923)
* added required permissions for querying endpointslice resources

* copy-pasted role permissions from cilium install manifests

* bumped cilium version to v1.7.2
2020-04-10 23:47:48 -07:00
Sergey
3a63aa6b1e
downgrade nodelocaldns version due bug with flood to error log (#5931)
https://github.com/kubernetes/kubernetes/issues/90043
2020-04-10 23:41:55 -07:00
Florian Ruynat
82123f3c4e
Upgrade azure csi and fix aws csi tag (#5938) 2020-04-10 17:53:47 -07:00
Sergey
8f3d820664
always download docker image on download_host when download_run_once=true (#5921) 2020-04-10 01:59:47 -07:00
Florian Ruynat
473a8beff0
Remove hard-coded dependance to docker.service in kubelet.service file (#5917) 2020-04-09 08:43:46 -07:00
Alexander Kross
0d675cdd1a
Update Calico to v3.13.2, Multus to v3.4.1. Add ConfigMap get permission to allow calico-node access to kubeadm config. (#5912) 2020-04-09 07:27:43 -07:00
aharrisson
9cce46ea8c
Fix idempotence issue in bootstrap-os (#5916) 2020-04-09 03:31:44 -07:00
Florian Ruynat
980aeafebe
Add kubernetes 1.18.1 hashes (#5915) 2020-04-09 01:53:43 -07:00
Denis Kadyshev
7d1ab3374e
Proxy fixes (#5869)
* Fix proxy and module_hotfixes

On CentOS 8 with proxy ansible render inline `proxy` and `module_hotfixes` options.

For example:

`proxy=http://127.0.0.1:3128module_hotfixes=True`

But expected result:

```
proxy=http://127.0.0.1:3128
module_hotfixes=True
```

* Use ini_file module for work with ini files

* Prevent duplicates proxy= option in /etc/yum.conf

Module `lineinfile` is weak, use most powerful module `ini_file` and add or remove `proxy=` when `http_proxy` is defined or not.
2020-04-09 01:25:44 -07:00
Alexander Kross
c33a049292
Update docker RHEL/CentOS versions to the latest patch versions available. (#5872) 2020-04-08 10:09:45 -07:00
Maxime Guyot
7eaa7c957a
Fix conntrack for opensuse and docker support (#5880) 2020-04-08 07:37:44 -07:00
Florian Ruynat
f055ba7965
Add crictl 1.18.0 hashes for k8s 1.18 (#5877) 2020-04-08 02:19:43 -07:00
spaced
157c247563
fix readonly flexvolume in fcos and coreos (#5885) 2020-04-08 01:41:43 -07:00
Etienne Champetier
a35b6dc1af
Fix scaling (#5889)
* etcd: etcd-events doesn't depend on etcd_cluster_setup

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* etcd: remove condition already present on include_tasks

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* etcd: fix scaling up

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* etcd: use *access_addresses, do not delegate to etcd[0]

We want to wait for the full cluster to be healthy,
so use all the cluster addresses
Also we should be able to run the playbook when etcd[0] is down
(not tested), so do not delegate to etcd[0]

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* etcd: use failed_when for health check

unhealthy cluster is expected on first run, so use failed_when
instead of ignore_errors to remove scary red messages

Also use run_once

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* kubernetes/preinstall: ensure ansible_fqdn is up to date after changing /etc/hosts

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* kubernetes/master: regenerate apiserver cert if needed

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2020-04-08 01:27:43 -07:00
Alexander Kross
910a821d0b
Fix chicken and egg problem with proxy_env not defined on the first … (#5896)
* Fix chicken and egg problem with proxy_env not defined on the first envinronment usage.

* Disable fact gathering for the first proxy_env evaluation.

* Move proxy_env var set up from the role defaults to the root playbooks as fact.
2020-04-08 00:53:43 -07:00
MikeG
45a177e2a0
add local-path-provosioner helper image def (#5817) 2020-04-07 23:51:43 -07:00
spaced
0c51352a74
remove unused kubelet options (#5903) 2020-04-07 11:51:44 -07:00
Florian Ruynat
9b1980cfff
Change docker.io repo to variable and upgrade alb image (#5898) 2020-04-07 08:07:42 -07:00
Florian Ruynat
ae29296e20
Replace latest tags for csi drivers (#5899) 2020-04-07 06:55:44 -07:00
Florian Ruynat
2f92d6bca3
Upgrade coredns to 1.6.9 (#5871) 2020-04-01 10:58:23 -07:00
Maxime Guyot
ded58d3b66
Add molecule test for bootstrap-os (#5845) 2020-04-01 07:25:28 -07:00
Craig Rodrigues
c35461a005
Add checksums for v1.18.0 (#5843)
* Add checksums for v1.18.0

* Add crictl version for k8s 1.18
2020-04-01 06:41:28 -07:00
Florian Ruynat
a93421019b
Upgrade ingress-nginx to 0.30.0 (#5870) 2020-04-01 03:57:28 -07:00
Ali Sanhaji
937adec515
Azure Disk CSI deployment (#5833)
* Azure Disk CSI deployment

* Mention Azure CSI support

* Fix: remove unnecessary file

* Typo in documentation

* Add newline to end of file
2020-04-01 00:53:27 -07:00
matjazp
bce3f282f1
fix systemd cgroup driver for containerd (#5220) 2020-04-01 00:43:26 -07:00
Vinayaka V Ladwa
f8ad44a99f
Azure vmss - kubelet: failed to get instance ID from cloud provider: instance not found #5824 (#5855)
* kubernetes-sigs-kubespray #5824

Added support nodes which are part of Virtual Machine Scale Sets(VMSS)

* kubernetes-sigs-kubespray #5824

* kubernetes-sigs-kubespray #5824

Added comments and updatetd azure docs.

* kubernetes-sigs-kubespray #5824

Added supported values comments for "azure_vmtype" in azure.yml
2020-03-31 10:12:40 -07:00
Ali Sanhaji
484df62c5a
GCP Persistent Disk CSI Driver deployment (#5857)
* GCP Persistent Disk CSI Driver deployment

* Fix MD lint

* Fix Yaml lint
2020-03-31 00:06:40 -07:00
Anshul Sharma
79a6b72a13
Removed deprecated label kubernetes.io/cluster-service (#5372) 2020-03-30 01:19:53 -07:00
Christopher Randles
d439564a7e
disable gpgcheck if gpgkey is empty (#5621)
Signed-off-by: Chris Randles <randles.chris@gmail.com>
2020-03-30 01:13:53 -07:00
Mateus Caruccio
8800eb3492
Remove unicode chars from coredns template (#5848) 2020-03-27 11:39:54 -07:00
Florian Ruynat
09308d6125
Upgrade to Kubernetes 1.174 (#5628)
* Upgrade to Kubernetes 1.17.4 - change defaults

* Update ci jobs to previous k8s release (will fix them afterward)
2020-03-27 07:40:23 -07:00
Mateus Caruccio
3237b2702f
Add config coredns_external_zones (#5280)
Allows to add custom zone resolving servers.
2020-03-26 23:34:23 -07:00
Ali Sanhaji
a8a05a21a4
AWS EBS CSI implementation (#5549)
* AWS EBS CSI implementation

* Fixing image repos

* Add OWNERS file

* Fix expressions

* Add csi-driver tag

* Add AWS EBS prefix to variables

* Add AWS EBS CSI Driver documentation
2020-03-25 13:10:25 -07:00
Xiaodu
63fa406c3c
Move host_architecture to kubespray-defaults (#5811)
The variable is defined in `kubernetes/preinstall` role and used in several roles. Since `kubernetes/preinstall` is not always included when `ansible-playbook` is run with tag selectors (see #5734 for reason), they will fail, or individual roles must copy the same fact definitions (as in #3846). Moving the definition to the always-included `kubespray-defaults` role will resolve the dependency problem.
2020-03-25 12:58:25 -07:00
Etienne Champetier
6ad6609872
Fix certificates checking when adding etcd node to existing k8s node (#5807)
Co-authored-by: alexkomrakov <alexkomrakov@gmail.com>
2020-03-25 12:46:25 -07:00
Petr Enkov
474fbf09c4
fix wrong cilium_operator repo variable (#5819) 2020-03-25 02:17:03 -07:00
Etienne Champetier
47849b8ff7
docker: Fix docker install on CentOS/RHEL 8 (#5820)
we can't set module_hotfixes=True using yum_repository ansible module
Fixes 38688a4486
(keep docker-ce.repo name)

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2020-03-25 01:03:03 -07:00
Stephen Schmidt
0379a52f03
Fix etcd install with docker and etcd_kubeadm_enabled (#5777)
- This solves issue #5721 & #5713 (dupes)
  - Provide a cleaner default usage pattern for the download role
    around etcd that supports 'host' and 'docker' properly
  - Extract the 'etcdctl' as a separate task install piece and reuse it where
    appropriate
  - Update the kubeadm-etcd task to reflect the above change
2020-03-24 08:12:47 -07:00
Petr Enkov
bc2eeb0560
use variables for cilium-operator instead of hardcoded value (#5802) 2020-03-24 07:40:47 -07:00
Mateus Caruccio
81f07c3783
Disable IPv6 support for canal's calico-node (#5684)
This implements the same behavior as a15a0b5eb9/roles/network_plugin/calico/templates/calico-node.yml.j2

More info: https://github.com/projectcalico/felix/issues/1447
2020-03-24 07:10:49 -07:00
Pierre Gaxatte
f90926389a
Fix wrong Docker ubuntu repo URL (#5815) 2020-03-24 04:36:46 -07:00
Etienne Champetier
096de82fd9
Fixup recover_control_plane with Ansible 2.9 (#5806)
Tests as filters support is removed as of Ansible 2.9
https://docs.ansible.com/ansible/latest/porting_guides/porting_guide_2.5.html#jinja-tests-used-as-filters

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2020-03-20 14:22:06 -07:00
eddebc
db693d46df
Fixed an issue where without a default GW, ansible_default_ipv4 would return an empty dict which passed as a valid fallback_ip dict item (#5394) 2020-03-20 14:06:09 -07:00
Sergey
b8d628c5f3
rename handler to fix ansible 2.8 issue (#5801) 2020-03-20 13:54:08 -07:00
Etienne Champetier
0aa22998e2
Bump node local dns version to 1.15.11 (#5805)
k8s-dns-node-cache now uses debian-iptables base images
to automatically use either iptables-legacy or iptables-nft
https://github.com/kubernetes/dns/pull/355
https://github.com/kubernetes/kubernetes/pull/82966

This adds support CentOS 8

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2020-03-20 13:44:09 -07:00
Maxime Guyot
a7a204ebca
Add kube_encryption_resources variable to configure which resources are encrypted at rest (#5797) 2020-03-20 04:14:36 -07:00
nmr
d152dc2e6a
Update prep_download.yml (#5791)
Fix check if user can use docker without sudo.
2020-03-18 13:30:44 -07:00
spaced
8ce5a9dd19
remove atomic support because reached end of live (#5783) 2020-03-17 14:31:27 -07:00
Bjoern Teipel
820d8e6ce6
Adding new registry_port option (#5779)
New override are added to allow installation of the registry
on different ports than ``5000``. The default port is unchanged
from previous versions
2020-03-17 05:52:22 -07:00
bozzo
3cefd60c37
Add OWNERS file for kube-router (#5782)
I propose also my help as a reviewer
2020-03-17 04:14:22 -07:00
spaced
876d4de6be
Fedora CoreOS support (#5657)
* fedora coreos support
- bootstrap and new fact for

* fedora coreos support
- fix bootstrap condition

* fedora coreos support
- allow customize packages for fedora coreos bootstrap

* fedora coreos support
- prevent install ptyhon3 and epel via dnf for fedora coreos

* fedora coreos support
- handle all ostree like os in same way

* fedora coreos support
- handle all ostree like os in same way for crio

* fedora coreos support
- add fcos documentations
2020-03-17 03:12:21 -07:00
bozzo
974902af31
Update Kube-router version to v0.4.0 (#5756) 2020-03-17 02:40:21 -07:00
Pasquale Toscano
4b5299bb7a
Add variables to configure Containerd default runtime, untrusted runt… (#5497)
* Add variables to configure Containerd default runtime, untrusted runtime and additional runtimes

* Add containerd settings to sample inventory

* Empty commit
2020-03-16 03:48:36 -07:00
Yujun Zhang
ceab27c97a
Add OWNERS file for recover_control_plane (#5505)
Related to #5432
2020-03-16 03:46:35 -07:00
Sergey
03d1b56a8f
fix check exists download cache (#5776) 2020-03-16 03:34:35 -07:00
Michael Shnit
29128eb316
Add AWS ALB Ingress Controller (#5489)
* Add AWS ALB Ingress Controller Ansible role

* remove trailing spaces

* update owners

* ALB ingress: update rbac clusterrole and remove role

* Move alb-ingress role to roles/kubernetes-apps/ingress_controller folder
2020-03-16 02:58:35 -07:00
Sergey
1cb03a184b
kubernetes 1.15.11 (#5775) 2020-03-14 07:16:34 -07:00
hfinucane
158d998ec4
Support configuring the Calico iptables insert mode (#5473)
* Support configuring the insert mode

Defaults to the upstream default https://docs.projectcalico.org/v3.9/reference/felix/configuration

so nothing should change for existing deployments.

This allows coexistence with other firewall management technologies.

* Add a note to the sample config
2020-03-14 06:36:35 -07:00
Cédric de Saint Martin
168241df4f
Python bootstrap: upgrade pypy to 3.6-7.2.0. (#5511)
Solves problem with mitogen about 'Compress object has no attribute copy' in zlib module.
2020-03-14 06:32:35 -07:00
Sander Cornelissen
f5417032bf
Merge OracleLinux in RedHat bootstrap-os (#5575)
* Merge OracleLinux in RedHat bootstrap-os

* Set default for use_oracle_public_repo in main.yaml
2020-03-14 06:28:34 -07:00
bozzo
d69db3469e
Add external zones in nodelocaldns configuration (#5591)
Allows to configure additionnal zone for domains not resolved by `upstream_dns_servers`.
2020-03-14 06:26:34 -07:00
Xiaodu
980a4fa401
Add docker-ce 19.03 packages for Debian & Ubuntu (#5729)
* Add docker-ce 19.03 packages for Debian & Ubuntu

K8s has updated the recommended Docker version to 19.03. More
specifically it should be 19.03.4, but since we used 18.06.7 instead of
.2, I'm assuming the latest patch version should be used here as well.

* Add docker 19.03 for redhat
2020-03-14 06:24:35 -07:00
Florent Monbillard
027e2e8a11
Update CoreDNS to 1.6.7 (#5761) 2020-03-14 04:20:34 -07:00
Florent Monbillard
ca73e29ec5
Use k8s.gcr.io for kubernetes related images (#5764)
* Use k8s.gcr.io for kubernetes related images

* Use k8s.gcr.io in inventory sample
2020-03-13 14:41:48 -07:00
Florent Monbillard
0330442c63
Kubernetes 1.16.8 (#5770)
* Kubernetes 1.16.8

* Use 1.16.8 in sample inventory and kubespray-defaults
2020-03-13 13:41:47 -07:00
Florent Monbillard
25a1e5f952
Include etcd image repository when using kubeadm etcd deployment mode (#5725) 2020-03-13 10:28:39 -07:00
Nakahara, Kohei
57bb7aa5f6
Fix delete nodes task (#5747) 2020-03-13 08:36:40 -07:00
Florian Ruynat
86996704ce
remove unused crictl hashes (#5754) 2020-03-13 06:56:40 -07:00
Joel Seguillon
f53ac2a5a0
Update metrics addon for 1.16 (#5706)
* upgrade metrics server and resizer images version

* scope "apps" api group for addon resizer
2020-03-13 06:46:40 -07:00
Hugo Blom
d0af5979c8
install csi-driver not just cinder (#5766) 2020-03-13 05:34:39 -07:00
Qingkun Li
43020bd064
Fix the command for kube-proxy cleanup (#5671) 2020-03-13 05:32:39 -07:00
Danilo Riecken P. de Morais
dc00b96f47
Add missing Coreos OS family string (#5759) 2020-03-13 04:24:39 -07:00
Christopher Randles
71c856878c
update multus to 3.4 and add crio support (#5701)
Signed-off-by: Chris Randles <randles.chris@gmail.com>
2020-03-13 04:22:39 -07:00
Maxime Guyot
19865e81db
Add OWNERS file for OpenStack CSI driver and cloud controller (#5753) 2020-03-13 02:52:39 -07:00
dymq
e0b76b185a
Failover for adding proxy when line exists in file (#5751)
The 'regexp' parameter matches last occurrence of a line starting with 'proxy=' and replaces it with the one defined in 'line' parameter. If no match - it works same way as before. This fixes resuming cluster deployments failed after that task (if there was no more than one line starting with 'proxy' in the yum.conf file - this condition should also be reassured with the change introduced here) eg. if they were initiated with Terraform.
2020-03-12 15:08:39 -07:00
Xiaodu
c47f441b13
fix kube-proxy server address when local apiserver lb is disabled (#5730)
refs #5277

As the issue describes, when no external or local load-balanced is used,
kube-proxy won't be able to contact apiserver at 127.0.0.1. So the
config map should be left as is.
2020-03-12 10:40:39 -07:00
Florent Monbillard
8df2c0a7c6
Upgrade CNI plugins to 0.8.5 (#5717) 2020-03-12 07:22:38 -07:00
Sergey
e60b9f796e
add calico VXLAN mode, update docs and vars in sample inventory (#5731)
* calico VXLAN mode

* check vars if calico backend defined
2020-03-12 01:20:37 -07:00
Florent Monbillard
2c8bcc6722
Upgrade etcd to 3.3.12 (#5718)
* Upgrade etcd to 3.3.18

* Try with etcd 3.3.15 (kubeadm 1.16.7 default)

* Back to square one

* Try with 3.3.11

* Upgrade etcd to 3.3.18 (take 2)

* Try with 3.3.12
2020-03-11 08:25:38 -07:00
Fredrik Lönnegren
e257d92f41
Cilium updates (#5438)
* Add resources needed to deploy 1.6.4

* Use cilium v1.6.4

* Change deprecated option name

* Add update crd to clusterrole cilium

* Cilium 1.6.4 -> 1.6.5

* Make monitor-aggregation config configurable as a variable

* Change monitor-aggregation default none->medium

* Cilium 1.6.5 -> 1.6.6

* Update to 1.7.0

* v1.7.0->v1.7.1
2020-03-11 08:15:36 -07:00
Etienne Champetier
e2ec7c76a4
containerd: bump to 1.2.13 (#5727)
https://github.com/containerd/containerd/releases/tag/v1.2.11
CVE-2019-16884 / CVE-2019-17596

https://github.com/containerd/containerd/releases/tag/v1.2.12
CVE-2019-19921 / CVE-2019-16884 / CVE-2019-11253

https://github.com/containerd/containerd/releases/tag/v1.2.13

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2020-03-11 05:39:36 -07:00
Lovro Seder
058d101bf9
Escape dots in jsonpath keys. (#5600)
+ use more secure `command` instead of `shell`
+ read-only command doesn't change state - make idempotent
+ multi-line long string
2020-03-11 05:17:36 -07:00
Sergey
9f3ed7d855
change ignore_errors: to when: in assert tasks (#5716) 2020-03-10 08:09:36 -07:00
Sergey
221b429c24
move var preinstall_selinux_state: to roles/kubespray-defaults/defaults/main.yaml (#5715) 2020-03-10 07:45:35 -07:00
Jakub Husák
2beffe688a
Make etcdctl connect to localhost out of the box (#5643)
* Make etcdctl connect to localhost out of the box

* etcdctl envs: use admin-.pem instead of member-.pem
2020-03-06 02:05:23 -08:00
Kubernetes Prow Robot
66408a87ee
Refactor download role (#5697)
* download file

* download containers

* fix push image to nodes

* pull if none image on host

* fix

* improve docker image tag checks.
do not pull already cached images

* rebase fix merge conflict

* add support download_run_once when upgrade and scale cluster
add some test with download_run_once

* set default values to temp flag for every download cycle

* add save,load abilty for containerd and crio when download_run_once=true

* return redefine image save/load command to  set_docker_image_facts.yml

* move set command to set_container_facts

* ctr in containerd_bin_dir

* fix order of ctr image export arguments

* temporary disable download_run_once for containerd and crio
due https://github.com/containerd/containerd/issues/4075

* remove unused files

* fix strict yaml linter warning and errors

* refactor logical conditions to pull and cache container images

* remove comment due lint check

* document role

* remove image_load_on_localhost, because cached images are always loaded to docker on remote sites

* remove XXX from debug output
2020-03-05 07:31:39 -08:00
Kubernetes Prow Robot
62b418cd16
Use 'k8s.gcr.io' instead of 'gcr.io/google-containers' (#5709)
Ref: kubernetes/kubeadm/issues/2051

See: https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!msg/kubernetes-sig-release/ew-k9PEBckQ/T7dFepHdCAAJ

Signed-off-by: Nguyen Hai Truong <truongnh@vn.fujitsu.com>
2020-03-05 05:44:37 -08:00
Kubernetes Prow Robot
be12164290
Add option and defaults to configure metrics exporting in containerd (#5466)
* Add metrics exporting in containerd config

* Add containerd.yml with containerd configuration example to the sample group_vars
2020-03-04 14:46:38 -08:00
Arthur Outhenin-Chalandre
588896712e
Fix kube-router config generation (#5531)
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-03-04 02:11:47 -08:00
Steven Reitsma
6221b94fdf
Fix variable naming bug in OpenStack CCM (#5702) 2020-03-03 06:45:38 -08:00
Steven Reitsma
efef80f67b
Add support for HA deployment of OpenStack Cinder CSI plugin (#5691) 2020-03-03 06:33:38 -08:00
Hugo Blom
0c1a0ab966
implement max-volumes for cinder csi (#5666) 2020-03-02 03:30:43 -08:00
Sergey
678ed5ced5
fix upgrade procedure when in playbook (#5695)
exists role kubernetes/preinstall and not exists role container-engine

 error 'yum_repo_dir' is undefined
2020-02-28 01:56:38 -08:00
Lovro Seder
7f87ce0362
Upgrade container-engine after draining (#5601)
* Run 'container-engine' after drain.

Move possibly disruptive role 'container-engine' to run after the node
is drained.

As that role have to be run on non-cluster nodes as well (etcd and
calico-rr), and those nodes are not drained, add play for that case.

* Check if api is up before upgrade.

If container engine is restarted in previous role, api controller can
take some time to start. This check ensures api is up before upgrade.
2020-02-27 11:47:28 -08:00
Steven Reitsma
d1acf7f192
Add additional configuration options to external Openstack CCM (#5661)
- Add support for manage-security-groups flag
- Add support for internal-lb flag
2020-02-26 13:03:19 -08:00
Hugo Blom
171d2ce59c
Implement topology support for Cinder CSI (#5667)
* make cinder csi topology aware

* change feature description do better reflect whats being done

* remove sameas true since it isn't required
2020-02-26 05:12:25 -08:00
Moritz Graf
d2c44dd4df
Modifying Ansible filter 'failed' according to Ansible 2.5 porting guide (#5678) 2020-02-26 00:18:26 -08:00
Qingkun Li
9b7090ca1d
add mangle table in the iptable flush task (#5672)
When kube-router is used as cni, rules might be added to the mangle table
to support external IPs. Therefore, mangle table should be flushed during
reset as well.
2020-02-26 00:04:26 -08:00
Victor Morales
82efd95901
Remove dockerproject_.+_repo_.+ variables (#5662)
This 38688a4486 change replaces the
value for dockerproject_.+_repo_.+ docker variables but their new
value was previously defined in other variables. This change removes
the dockerproject_.+_repo_.+ docker variables in favor of the older
ones.
2020-02-22 13:28:47 -08:00
Hoat Le
4c803d579b
@ #5008 | Local path provisioner boolean annotation is rendered incorrectly and not applied (#5669) 2020-02-22 07:08:47 -08:00
Javeria Khan
6368c626c5
Ignore assertion comparison for kube_network_node_prefix when using calico (#5632)
* Fix incorrect assertion comparison for kube_network_node_prefix

* Ignore assertion comparison for kube_network_node_prefix when using calico

* Adding more var docs description for kube_network_node_prefix

* Fixing trailing whitespaces
2020-02-20 00:39:03 -08:00
Erwan Miran
a5445d9c5c
Add stable repo on all masters with helm 3.x.x (#5659) 2020-02-19 14:05:46 -08:00
Adrien Gooris
da86457cda
remove unused var 'kube_apiserver_admission_control' (#5648) (#5651) 2020-02-19 05:08:25 -08:00
Chad Swenson
a15a0b5eb9
Make calico iptables lock timeout configurable (#5658)
Adds `calico_iptables_lock_timeout_secs` variable to calico DS yaml.
2020-02-19 02:28:25 -08:00
Ali Sanhaji
646fd5f47b
External OpenStack Cloud Controller Manager implementation (#5491)
* External OpenStack Cloud Controller Manager implementation

* Adding controller image tag

* Minor fixes

* Restructuring the external cloud controller to work with KubeADM
2020-02-18 04:47:28 -08:00
Sergey
12bc634ec3
helm default version 3.1.0 (#5634)
* helm default version 3.1.0

* fix newline
try to retest2
2020-02-18 03:21:29 -08:00
Sylvain Chateau
0ca7aa126b
added "Flatcar", "Flatcar Container Linux by Kinvolk" for all coreOS role (#5607) 2020-02-18 00:15:29 -08:00
Manuel Cintron
b51b52ac0e
Fixing and issue where if the pids in the orphan list no longer exist then all systemd child processes would be killed. (#5636) 2020-02-17 09:33:29 -08:00
Sergey
36c1f32ef9
remove legacy docker repo in kubernetes/preinstall before any packages installed (#5640) 2020-02-17 08:59:28 -08:00
Steven Reitsma
fa245ffdd5
Fix some minor issues with the Cinder CSI plugin (#5561)
Add Cinder images to download role
2020-02-17 03:47:28 -08:00
Erwan Miran
f7c5f45833
Ability to define plugins.cri.containerd params (#5624)
* Ability to define plugins.cri.containerd params

* addition of containerd field commented as an example

* documentation of containerd_config
2020-02-17 02:15:29 -08:00
lcooper40
579976260f
Added in code to allow control over pull policy for local path provis… (#5334)
* Added in code to allow control over pull policy for local path provisioner

* change to imagePullPolicy to use globally used variable k8s_image_pull_policy

* removed unusued variable from defaults

* updated contiv-etcd and cinder-csi-controllerplugin to use k8s_image_pull_policy variable
2020-02-17 02:13:30 -08:00
Ali Sanhaji
d56e9f6b80
Fix Cinder CSI bugs (#5492) 2020-02-17 01:49:28 -08:00
Erwan Miran
26700e7882
kubelet_config_extra_args and kubelet_node_config_extra_args (#5623)
* Introduce kubelet_config_extra_args and kubelet_node_config_extra_args to pass params to kubelet via YAML config

* kubelet_config_extra_args is not the alternative
2020-02-14 16:05:28 -08:00
Florian Ruynat
d86229dc2b
Upgrade cri-tools (crictl) to 1.17.0 (#5629) 2020-02-14 02:50:17 -08:00
Florian Ruynat
f56171b513
Remove old features gates (#5608) 2020-02-14 02:24:17 -08:00
Bort Verwilst
287421e21e
Set helm 3.0 as default (#5503)
* set helm 3.0 as default

* remove trainling space in vars.yml

* switched to helm 3.0.3
2020-02-13 02:18:35 -08:00
Erwan Miran
339e36fbe6
Files to archive can be passed directly (#5571) 2020-02-12 07:50:51 -08:00
Arthur Outhenin-Chalandre
5e648b96e8
Fix default value of kube_api_server_endpoint (#5529)
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-02-11 01:40:01 -08:00
qvicksilver
ac2135e450
Fix recover-control-plane to work with etcd 3.3.x and add CI (#5500)
* Fix recover-control-plane to work with etcd 3.3.x and add CI

* Set default values for testcase

* Add actual test jobs

* Attempt to satisty gitlab ci linter

* Fix ansible targets

* Set etcd_member_name as stated in the docs...

* Recovering from 0 masters is not supported yet

* Add other master to broken_kube-master group as well

* Increase number of retries to see if etcd needs more time to heal

* Make number of retries for ETCD loops configurable, increase it for recovery CI and document it
2020-02-11 01:38:01 -08:00
Sergey
14b1cab5d2
force rotate control plane certifcate on master node when upgrade cluster (#5596) 2020-02-10 06:09:54 -08:00
Florian Ruynat
e570e2e736
Remove last rkt references (#5606) 2020-02-07 02:19:43 -08:00
Preslav Draganov
422b25ab1f
Bind Docker service to containerd.service on versions >=18.09.1 (#5477) 2020-02-07 02:15:44 -08:00
aca
9d32e2c3b0
fix duplicates when scheduler_extra_volumes defined (#5566) 2020-02-07 02:09:44 -08:00
Florian Ruynat
099341582a
Update nginx image to latest (#5590) 2020-02-07 02:07:44 -08:00
andreyshestakov
2ab5cc73cd
Fix typo in Multus plugin. (#5568) 2020-01-29 01:28:13 -08:00
Etienne Champetier
9f2dd09628
Add proxy support to containerd, improves no_proxy (#5583)
* containerd: add proxy support

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* kubespray-defaults: add kube_service_addresses / kube_pods_subnet to no_proxy

CIDR notation in no_proxy is supported by a lot of programs/languages,
including go: https://github.com/golang/go/issues/16704
Without that containerd cannot talk the the API server (kube_apiserver_ip),
but it should not go through an external proxy for the nodes/pods/services

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2020-01-29 01:24:14 -08:00
Sergey
2798adc837 Remove stale legacy yum docker repo /etc/yum.repos.d/docker.repo (#5569)
* Remove stale legacy yum docker repo /etc/yum.repos.d/docker.repo

* move task 'Remove legacy docker repo file' to pre-upgrade.yml
2020-01-28 02:31:40 -08:00
Florian Ruynat
54d9404c0e Fix hashes... kubernetes 1.17.2 (#5581) 2020-01-24 06:44:31 -08:00
Florian Ruynat
f1025dce4e Update to hashes and default version (1.15.8 / 1.16.5 / 1.17.1) (#5564) 2020-01-23 03:54:49 -08:00
Matthew Mosesohn
38688a4486 Remove dockerproject org (#5548)
* Change dockerproject.org to download.docker.com

dockerproject.org was deprecated in 2017 and has gone down.

* Restore yum repo for containerd

Change-Id: I883bb512a2164a85865b1bd4fb569af0358c8c2b

Co-authored-by: Craig Rodrigues <rodrigc@crodrigues.org>
2020-01-17 00:38:55 -08:00
Florian Ruynat
d640a57f9b update api-version for PriorityClass following removal in 1.17 (#5450) 2020-01-16 01:52:22 -08:00
Etienne Champetier
5e9479cded Ensure we always fixup kube-proxy kubeconfig (#5524)
When running with serial != 100%, like upgrade_cluster.yml, we need to apply this fixup each time
Problem was introduced in 05dc2b3a09

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2020-01-14 02:45:09 -08:00
Matthew Mosesohn
06ffe44f1f Remove downloading deprecated calico-rr image (#5528)
Change-Id: I7354d33c7db513e0ee27c9a4cc40e8501c0e1061
2020-01-14 02:41:08 -08:00
Matthew Mosesohn
b35b816287 Raise typha max connections to 300 (#5527)
Raises limit from 100 to 300 because the default is far too low
and the pod can handle 300 with the given resources.

Change-Id: Ib1eec10da3d09d198933fcfe87291587e58d7cdb
2020-01-10 00:24:33 -08:00
Florian Ruynat
bf15d06568 Update to Kubernetes 1.15.7 (#5518) 2020-01-08 17:35:40 -08:00
Etienne Champetier
2c2ffa846c Calico: update to 3.11.1, allow to configure calico_iptables_backend (#5514)
I've tested this update by deploying a containerd / etcd cluster on top CentOS7,
MetalLB + NGINX Ingress. Upgrade using upgrade-cluster.yml

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2020-01-08 02:27:40 -08:00
Damon Wang
48c41bcbe7 kube-proxy need conntrack (#5478) 2020-01-06 02:31:35 -08:00
zhanwang
beb47e1c63 update ingress_nginx install guide (#5502) 2020-01-06 02:27:35 -08:00
Erwan Miran
303c3654a1 Set pipefail in case tar fails (#5506) 2020-01-06 02:25:34 -08:00
Matthew Mosesohn
5fab610fab Clean kubectl cache after upgrade on first master (#5479)
Resolves issue where kubectl cache of <v1.16 api schema
interferes with interacting with daemonsets and deployments.

Change-Id: I63b7046958f2008eb144b6da0004c598f945e0ae
2020-01-06 02:23:35 -08:00
Fredrik Lönnegren
ccbcad9741 Ubuntu CRI-O (#5426)
* Fix crictl

* Reload systemd daemon before enabling service

* Typo

* Add crictl template

* Remove seccomp.json for ubuntu

* Set runtime path of runc for ubuntu

* Change path to conmon
2019-12-19 04:37:57 -08:00
Florent Monbillard
109078c5e0 Update CNI plugins to v0.8.3 (#5453) 2019-12-16 04:53:36 -08:00
bozzo
c0b262a22a Add kube-router configuration to enable metrics exposure (#5416) 2019-12-16 04:35:36 -08:00
Douglas Schilling Landgraf
538f1f1a68 cri-o: redhat.yml - remove package cri-tools (#5444)
There is no cri-tools package in CentOS/EPEL/Red Hat.
Additionally, cri-tools is provided into the installation via
roles/download/defaults/main.yml:104:crictl_download_url.
2019-12-16 02:53:36 -08:00
Andreas Krüger
370a0635fa Bump nodelocaldns version to 1.15.8 (#5447)
* Bump nodelocaldns version

* Add missing upstreamsvc
2019-12-13 02:22:55 -08:00
Bort Verwilst
db2ca014cb Add Helm 3.x support (#5441)
* Add Helm 3.x support

* tiller enabled when helm < 3.0.0
2019-12-12 09:24:32 -08:00
Maxime Guyot
815eebf1d7 Add wait for kubectl get ds after upgrades (#5433) 2019-12-11 11:23:55 -08:00
Matthew Mosesohn
696fcaf391 Ensure 0644 mode for ca.crt on nodes (#5428)
Change-Id: I5e018dfaeffe314300b373aeb7ed5f59929cf4f9
2019-12-11 00:54:04 -08:00
Etienne Champetier
5e0140d62c Add k8s 1.15.6 hashes (#5342)
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2019-12-10 00:45:30 -08:00
Craig Rodrigues
717fe3cf3a Add checksums for v1.17.0 (#5423) 2019-12-09 21:15:28 -08:00
Yujun Zhang
32d80ca438 Add default value for bin_dir in recover control plane (#5396) 2019-12-09 02:54:02 -08:00
Sergey
9fda84b1c9 set node label via kubectl label command (#5257)
* set varios node label via kubectl label command, not kubelet options

* remove node_labels from KUBELET_ARGS
2019-12-09 01:43:09 -08:00
Etienne Champetier
42702dc1a3 Fixes for CentOS 8 (#5213)
* Fix python3-libselinux installation for RHEL/CentOS 8

In bootstrap-centos.yml we haven't gathered the facts,
so #5127 couldn't work

Minimum ansible version to run kubespray is 2.7.8,
so ansible_distribution_major_version is defined an there is no need to default it

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* Restart NetworkManager for RHEL/CentOS 8

network.service doesn't exist anymore
 # systemctl status network
 Unit network.service could not be found.

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* Add module_hotfixes=True to docker / containerd yum repo config

https://bugzilla.redhat.com/show_bug.cgi?id=1734081
https://bugzilla.redhat.com/show_bug.cgi?id=1756473
Without this setting you end up with the following error:
 # yum install docker-ce
 Failed to set locale, defaulting to C
 Last metadata expiration check: 0:03:21 ago on Thu Sep 26 22:00:05 2019.
 Error:
  Problem: package docker-ce-3:19.03.2-3.el7.x86_64 requires containerd.io >= 1.2.2-3, but none of the providers can be installed
   - cannot install the best candidate for the job
   - package containerd.io-1.2.2-3.3.el7.x86_64 is excluded
   - package containerd.io-1.2.2-3.el7.x86_64 is excluded
   - package containerd.io-1.2.4-3.1.el7.x86_64 is excluded
   - package containerd.io-1.2.5-3.1.el7.x86_64 is excluded
   - package containerd.io-1.2.6-3.3.el7.x86_64 is excluded
 (try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2019-12-09 01:37:10 -08:00
Maxime Guyot
b15d41a96a Add support to Ansible 2.9 (#5361) 2019-12-05 07:24:32 -08:00
Matthew Mosesohn
7da2083986 Add toleration for calico-typha on master (#5405)
Change-Id: Iea9a366cf6ccc4d491bfc49c5d2dba6d98f81b69
2019-12-05 06:24:32 -08:00
Hugo Blom
f7aea8ed89 update oidc to contain quotes (#5406) 2019-12-05 00:24:32 -08:00
Matthew Mosesohn
57fef8f75e Allow customizing kubelet healthz port and bind addr (#5403)
Change-Id: I1634ba2d2d3337243ffcdea86750003a559f2576
2019-12-03 11:56:58 -08:00
Matthew Mosesohn
f599a4a859 force other resolvers to be secondary when using systemd-resolved (#5391)
Change-Id: I33d46c7e0c5374467e22c5a652b282d1703dea85
2019-12-02 08:41:04 -08:00
Matthew Mosesohn
18cee65c4b Add support for k8s v1.17.0-rc.1, remove hyperkube (#5378)
Change-Id: I3fff04f0211cd9c2e8235acaf51c3aa98abc8bb7
2019-11-28 05:41:03 -08:00
Yujun Zhang
aec5080a47 kubernetes/masters: fix task name in kubeadm setup (#5377) 2019-11-27 06:05:20 -08:00
Anton Fayzrahmanov
80418a44d5 CoreDNS deployment extra tolerations (#5364)
* Add extra tolerations for coredns

* dns_extra_tolerations option

* dns_extra_tolerations

* missing starting space in comment
2019-11-27 05:49:21 -08:00
Florian Ruynat
257c20f39e add 1.16.3 checksums and set new version as default (#5384) 2019-11-27 01:29:20 -08:00
Aaron Crickenberger
f1498d4b53 fix OWNERS file (#5359)
Initially this was to fix a mis-indented approvers key. However, it turns
out that 'oilbeater' is not a member of kubernetes-sigs nor
kubernetes-incubator (the org this repo was migrated from). Thus this
OWNERS file is failing prow's validation check.

As a workaround I've opted to move them to emeritus_approver, which
isn't valiated and can be used as a hint for other approvers in this
repo
2019-11-25 17:59:11 -08:00
Etienne Champetier
18d19d9ed4 containerd: update to 1.2.10 (#5341)
Lot's of bugs and security fixes:
https://github.com/containerd/containerd/releases/tag/v1.2.10
CVE-2019-16884 / CVE-2019-16276
https://github.com/containerd/containerd/releases/tag/v1.2.9
CVE-2019-9512 / CVE-2019-9514 / CVE-2019-9515
https://github.com/containerd/containerd/releases/tag/v1.2.8
CVE-2019-9512 / CVE-2019-9514
https://github.com/containerd/containerd/releases/tag/v1.2.7

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2019-11-22 00:09:29 -08:00
Michael Shen
6924c6e5a3 [FIX] fix match because trim removes leading/trailing whitespace (#5356) 2019-11-19 22:35:18 -08:00
Matthew Mosesohn
85c851f519 scale down coredns on each master during graceful upgrade (#5344)
This fixes the scenario where masters are upgraded one at a time
and coredns gets improperly scaled back up to 2 replicas.

Change-Id: I7cc9283f40efcfd61b5813c89a5805c95d901567
2019-11-18 00:13:41 -08:00
Matthew Mosesohn
8b67159239 Do not run kubeadm upgrade on first deploy (#5339)
Change-Id: I68a962a9dd28c83ef07eaeaf53eb98287f38bca9
2019-11-14 02:05:34 -08:00
LuciferInLove
4f70da2731 Added Amazon Linux 2 support for deploying with docker (#5301) 2019-11-11 07:05:41 -08:00
Matthew Mosesohn
db5040e6ea Set certs and files with kubeadm token to mode 0640 (#5325)
Change-Id: I298496e55a6889c158b2085fcadeda5e679a873e
2019-11-11 05:41:41 -08:00
Jacopo Secchiero
97764921ed Fix calico name resolution (#5291) 2019-11-11 04:01:41 -08:00
Bjoern Teipel
8c15db53b2 Fix helm for Kubernetes 1.16.2 (#5332)
Since upgrading k8s beyond 1.16.0 version, helm init does
no longer work with helm < 2.16.0 due to
https://github.com/helm/helm/issues/6374

This PR closes issue #5331
2019-11-11 03:53:41 -08:00
Julien Pervillé
0200138a5d Pass ingress_nginx_extra_args when deploying the nginx-ingress addon (#5321) 2019-11-11 03:51:40 -08:00
Florent Monbillard
14af98ebdc Respect cri-tool supported version matrix (#5241)
| Kubernetes Version | cri-tools Version |
|--------------------|-------------------|
| 1.16.x             | v1.16.0           |
| 1.15.X             | v1.15.0           |
| 1.14.X             | v1.14.0           |
| 1.13.X             | v1.13.0           |
| 1.12.X             | v1.12.0           |
| 1.11.X             | v1.11.1           |

- Upgrade to cri-tools 1.16.1
- Add checksums for cri-tools 1.16.1
2019-11-11 03:45:42 -08:00
YichenWong
8a5434419b fix useradd etcd (#5281) 2019-11-11 03:27:41 -08:00
Quentin Gliech
8a406be48a Fix indentation in cilium-ds.yml template (#5305) 2019-11-11 03:25:41 -08:00
Junho Suh
076f254a67 Add cilium_tunnel_mode variable to the cilium config (#5295) 2019-11-11 03:19:42 -08:00
Dmitry Chusovitin
45d151a69d containerd installation on Debian (#5326) 2019-11-11 02:41:41 -08:00
Matthew Mosesohn
bd014c409b Skip coredns image when evaluating kubeadm images (#5327)
It will be enabled correctly in downloads

Change-Id: Ief0b7aa2a8ee2ba6a6849820802f8542584b2c04
Related-story: PRODX-1171
2019-11-09 00:51:39 -08:00
Matthew Mosesohn
1c25ed669c Remove unnecessary and risky reload network for resolvconf propagation (#5322)
Change-Id: I54d706f7941b4b86c4c6cd45340295577155b884
2019-11-06 10:11:52 -08:00
Matthew Mosesohn
a005d19f6f Enable systemd-resolved DNS resolution mode (#5318)
Change-Id: If3e253a40782e03cde7fc4a91493517ae31fda17
2019-11-06 03:33:52 -08:00
Matthew Mosesohn
471589f1f4 Scale down coredns created by kubeadm upgrade to 0 replicas (#5308)
Change-Id: I128b0f9c1acbb956d9a6c4e5510b45a36e296af7
2019-11-05 03:34:38 -08:00
Ali Sanhaji
b0ee1f6cc6 Deploy Cinder CSI driver to provision volumes over OpenStack (#5184)
* Deploy Cinder CSI driver to provision volumes over OpenStack

* Deploy Cinder CSI StorageClass

* Cinder CSI doc
2019-11-01 00:59:24 -07:00
Matthew Mosesohn
186ec13579 Fix incorrect suggestion to enable old k8s apis (#5292)
Change-Id: If965cc6aa0daaca232dcf2ca0efd649aa097497f
2019-10-30 01:58:53 -07:00
Matthew Mosesohn
2c4e6b65d7 Raise delay and retry for rotate tokens (#5304)
Change-Id: I87844b43b9a18064e7a99567ce57c1ca1ffcc4a8
2019-10-30 01:56:52 -07:00
Matthew Mosesohn
94d4ce5a6f Retry cleaning up calico-node container (#5302)
Change-Id: Iad27b107860213759c7ae51f0891d7e5e7c6d96b
2019-10-28 05:11:25 -07:00
Matthew Mosesohn
81da231b1e Set cluster DNS in kubeadm config for kubelet dynamic config (#5293)
Change-Id: I23116efefe8626d361d1904fc6fb8448f66cf3c5
2019-10-25 02:23:40 -07:00
Matthew Mosesohn
a1fff30bd9 Generate TLS certs for calico typha (#5258)
* Generate TLS certs for calico typha

Change-Id: I3883f49c124c52d0fc5b900ca2b44e4e2ed0d707

* Add group vars note

Change-Id: I63550dfef616e884efdbd42010a90b2c04c5eb69
2019-10-17 07:02:38 -07:00
Sergey
81d57fe658 set calico_datastore default value in role kubespray-default (#5259) 2019-10-17 05:58:38 -07:00
Sergey
3118437e10 check on all cluster node - kubelet_max_pods <= (2 ** (32 - kube_network_node_prefix | int)) - 2 (#5279) 2019-10-17 05:48:38 -07:00
Sergey
65e461a7c0 download container always been on download_delegate host (#5177)
* download container always been on download_delegate host

* fix also check pull required
2019-10-17 05:38:38 -07:00
Michael Oglesby
c672681ce5 Revert Pull Request #5084 (#5120)
Kubespray Pull Request #5084 (https://github.com/kubernetes-sigs/kubespray/pull/5084) caused more problems than it solved due to limitations with the synchronize module. See comments on Kubespray Issues #5059 (https://github.com/kubernetes-sigs/kubespray/issues/5059) and #5116 (https://github.com/kubernetes-sigs/kubespray/issues/5116). Details from Ansible documentation: "Currently, synchronize is limited to elevating permissions via passwordless sudo. This is because rsync itself is connecting to the remote machine and rsync doesn’t give us a way to pass sudo credentials in. ... Currently there are only a few connection types which support synchronize (ssh, paramiko, local, and docker) because a sync strategy has been determined for those connection types. Note that the connection for these must not need a password as rsync itself is making the connection and rsync does not provide us a way to pass a password to the connection. ..." Thus, reverting Pull Request #5084.
2019-10-17 05:26:37 -07:00
yelhouti
d332a254ee install python3 instead of python2 for fedora >= 30 fixes 5056, fixes 4802 (#5111) 2019-10-17 05:04:38 -07:00
Matthew Rapa
3debb8aab5 add KUBELET_VOLUME_PLUGIN to kubelet.env (#5128) 2019-10-16 20:08:38 -07:00
YichenWong
aada6e7e40 Add etcd_data_dir variable to the kubeadm config (#5263) 2019-10-16 19:50:39 -07:00
Matthew Mosesohn
ac60786c6f Add support for restart handlers for control plane on crio/containerd (#5250)
* Add support for restart handlers for control plane on crio/containerd

Change-Id: I8343cc4e9df7f55b732628ed01cc6e7ea5dcee85

* Update main.yml
2019-10-16 18:58:39 -07:00
Hugo Blom
db33dc6938 Add support for Kubernetes 1.16.2 (#5272)
* Add support for Kubernetes 1.16.1

* Defaults to 1.16.1

* add 1.16.2 checksums and set new version as default

* correct 1.16.2 checksums and add 1.15.5 checksums
2019-10-16 18:34:38 -07:00
Hugo Blom
9dfb25cafd fix typo (#5275) 2019-10-16 18:26:38 -07:00
Maxime Guyot
df8d2285b6 Update ingress-nginx to v0.26.1 (#5268) 2019-10-16 18:22:39 -07:00
Matthew Mosesohn
af6456d1ea Fix selector for calico-typha deployment (#5253)
Change-Id: I79f43379cbe1c495cb416f0572e65f695d5ec2b8
2019-10-16 07:53:42 -07:00
Maxime Guyot
6f57f7dd2f Update nginx image to latest (#5270) 2019-10-16 04:37:42 -07:00
Xiaodu
bec23c8a41 Add k8s v1.15.4 hashes (#5235) 2019-10-16 04:33:41 -07:00
Robin Elfrink
faaff8bd72 Add RotateCertificates to kubelet config if kubelet_rotate_certificates is set. (#5152)
Signed-off-by: Robin Elfrink <robin.elfrink@eu.equinix.com>
2019-10-16 04:31:41 -07:00
andreyshestakov
8031c6c1e7 Update template for dashboard to support v2.x (#5187)
Secrets and ConfigMap should be created before dashboard pod run.
2019-10-16 04:29:41 -07:00
Erwan Miran
9d8fc8caad Fix getting nameserver and search for /etc/resolv.conf with comments (#5197) 2019-10-16 04:27:40 -07:00
Qingkun Li
a51b729817 add ignore_errors to the kube-proxy deletion task (#5236)
When using cluster.yml or scale.yml to add/scale nodes in the existing
k8s cluster, the `kubeadm init` wouldn't run. As a result, kube-proxy
wouldn't be created, and therefore the kube-proxy deletion task would
fail, e.g. in the case where kube-router is used and "kube_proxy_remove"
is set to true. As a workaround, add ignore_errors to the kube-proxy
deletion task.
2019-10-16 04:23:40 -07:00
Maxime Guyot
19bc79b1a6 Update cert-manager to v0.11.0 (#5269) 2019-10-16 04:21:40 -07:00
Sergey
932935ecc7 fix wrong path in include install_host.yml in etcd role (#5256) 2019-10-13 18:16:34 -07:00
BenoitBOULANGER
e01118d36d Fix issue in remove-node/post-remove task (#5185) (#5186) 2019-10-10 05:17:43 -07:00
Matthew Mosesohn
dea9304968 Enable openstack_cacert to be either file or base64 string (#5243) 2019-10-09 02:19:49 -07:00
Matthew Mosesohn
2864e13ff9 Reset between kubeadm secondary control plane join attempts (#5240)
Change-Id: Ic9425bf90552d7e3d42b02409af9773d99376384
2019-10-08 00:15:12 -07:00
Erwan Miran
0ba336b04e install helm client separately (#5212) 2019-10-04 05:14:02 -07:00
Matthew Mosesohn
89f1223f64 Fix selector workaround for helm install (#5237)
Change-Id: I826337b59814674c3feb4cd6a4904d9d53e01652
2019-10-03 23:41:56 -07:00
陈谭军
8bc0710073 clean up document (#5214) 2019-10-02 04:41:07 -07:00
Matthew Mosesohn
fb591bf232 Apply workaround for NetworkManager and calico (#5230)
Change-Id: I5cb2bdf1a57707c1b8da3e5ac0c80e5c353480a4
2019-10-02 04:37:07 -07:00
Matthew Mosesohn
a43e0d3f95 Switch to Kubernetes v1.16.0 (#5189)
* Switch to Kubernetes v1.16.0

Change-Id: I5d6a9528b2d443750fc5e031aff15ad3ffead158

* Fix download localhost cached file path

Change-Id: I65e79b70e3d1b37265ebc60f41b460cf4b0a0d47

* fix kubeadm etcd for v1.16

Change-Id: I6888a00fd48b530a38b0b31c4095492476af42d2

* disable tf packet jobs

Change-Id: I075c4666547fdea4c50ec04864f38e2cfaa79154

* Disable contiv packet jobs. Fix kube-router

Change-Id: I3170e8789e60711d4cee8faf65f2094480b79b8d

* bump sonobuoy version

Change-Id: Ib946905629c7c53ed88f08fb2f41c454457a0097
2019-10-02 02:21:07 -07:00