Commit graph

3693 commits

Author SHA1 Message Date
Florian Ruynat
d40701463f
Update kube-ovn to 1.5.2 (#6610) 2020-11-26 09:34:19 -08:00
Florian Ruynat
405692d793
Switch some image from dockerhub to k8s.gcr (also increase pkg retries) (#6955) 2020-11-26 08:46:19 -08:00
Bas van den Brink
7938748d77
Allow configuring container log limits for Kubelet (#6933) 2020-11-26 00:32:19 -08:00
Etienne Champetier
e909f84966
Bump nodelocaldns to 1.16.0 (#6916)
This new version uses the same base image as kube-proxy
(k8s.gcr.io/build-image/debian-iptables)
This allow to automatically pick iptables-legacy or iptables-nft,
and be compatible with RHEL/CentOS 8
https://github.com/kubernetes/dns/pull/367

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2020-11-25 17:10:19 -08:00
Andrii
8a153ed38e
Add serviceExternalIPs option for calico installation (#6928) 2020-11-25 05:34:39 -08:00
Barry Melbourne
eb16986f32
Add RHEL support subscription registration (#6572) 2020-11-24 08:33:00 -08:00
Lee Spottiswood
bd801de236
bump calico version to 3.16.5 (#6944) 2020-11-24 02:49:01 -08:00
Hans Feldt
ee23b947aa
fix flake8 errors in Kubespray CI - tox-inventory-builder (#6910)
* fix flake8 errors in Kubespray CI - tox-inventory-builder

* Invalidate CRI-O kubic repo's cache

Signed-off-by: Victor Morales <v.morales@samsung.com>

* add support to configure pkg install retries

and use in CI job tf-ovh_ubuntu18-calico (due to it failing often)

* Switch Calico, Cilium and MetalLB image repos to Quay.io

Co-authored-by: Victor Morales <v.morales@samsung.com>
Co-authored-by: Barry Melbourne <9964974+bmelbourne@users.noreply.github.com>
2020-11-22 23:47:35 -08:00
Hans Feldt
70bbb3e280
calico: avoid POD restart during initial deploy (#6886)
calico PODs are first started and then in a handler killed and
restarted for no reason, nothing has changed.

By using the existing variable 'calico_cni_config' (only defined when
calico has already started) the restart can be skipped.
2020-11-13 00:02:23 -08:00
Sebastian P
a27eebb225
Fix hash of pypy3.6-v7.3.2-linux64 archive. (#6897)
The previous hash was still that of v7.3.1, see https://www.pypy.org/download.html for the hash of the current release.
2020-11-11 09:20:27 -08:00
Mikael Johansson
93a1693040
Update BGPPeer CRD to match v3.16 of Calico (#6881) 2020-11-05 11:14:51 -08:00
Hans Feldt
544aa00c17
install etcdctl to host when etcd deployment type is kubeadm (#6857)
* create a wrapper script with pki options
* supports all kubespray managed container engines

Co-authored-by: Hans Feldt <hafe@users.noreply.github.com>
2020-11-04 00:20:04 -08:00
Hans Feldt
fc22453618
crio: avoid extra restart after install and upgrade (#6882)
Package upgrade restarts crio. By creating/updating config first,
an extra restart can be avoided.
2020-11-03 08:54:03 -08:00
David Medinets
fefcb8c9f8
Allow the eventRecordQPS setting to be set. (#6880)
* Allow the eventRecordQPS setting to be set.

The eventRecordQPS parameter controls rate limiting for event recording. When zero, unlimited events can cause denial-of-service situations. For my situation, I don't need more than a setting of "5". This change allows me to configure the setting before creating the cluster.

* Allow the eventRecordQPS setting to be set.

The default settings (see types.go) is five. So, this change does not affect the cluster provisioning. However, it does allow for the setting to be changed.
2020-11-03 00:42:15 -08:00
Victor Morales
9cf5dd0291
Use cgroup v1 in Fedora +31 (#6862)
Fedora 31 uses Cgroups v2 by default. This change by passes the kernel
parameter systemd.unified_cgroup_hierarchy=0.

Signed-off-by: Victor Morales <v.morales@samsung.com>
2020-11-02 06:32:53 -08:00
Kenichi Omichi
7a1f033c1d
Update helm stable repo (#6867)
As https://helm.sh/blog/new-location-stable-incubator-charts/
helm stable repo is changed to https://charts.helm.sh/stable
In addition, if using helm v3.4.0+ the old stable repo installation
is failed.
So this updates the stable repo to avoid such error.
2020-10-31 09:54:51 -07:00
Florian Ruynat
227e96469c
Minor update Calico and Cilium (#6871) 2020-10-29 07:14:59 -07:00
Michal Skalski
c93fa6effe
Handle dns_mode set to 'none' in generate nameservers task (#6825)
When dns_mode was set to 'none' the coredns_server became an empty
string and invalid operation of adding string to list was executed.
2020-10-29 01:04:58 -07:00
Mikhail Snetkov
c25d624524
Register missing outputs in role "remove-node" (#6856) 2020-10-28 12:55:56 -07:00
David Medinets
12ab8b7af3
update version of ingress-nginx controller in docs. (#6855)
* update version of ingress-nginx controller.

Change tag from controller-v0.34.0 to controller-v0.40.2 to use newest tag.

* Update docs about aws deploy templates.

In the yaml templates, there is no mention of idle timeouts. This is why I removed the documentation about it. This might be a mistake. Please verify this. I don't know enough to verify it myself.

* Change label when checking version.

When checking for `app.kubernetes.io/name=ingress-nginx`, a completed pod was selected which is not helpful when trying to `exec`. Changing the label selects the running controller pod.

* put back the information about ELB Idle Timeouts.

When I removed the information, I had overlooked that it was mentioned in the L7 yaml file. Thanks.
2020-10-28 11:05:57 -07:00
axelgobletbdr
097bec473c
fixed bug in etcd retention where backups are not sorted by date (#6860)
* fixed bug in etcd retention where backups are not sorted by date

* added directory filter to find command
2020-10-28 09:09:57 -07:00
Hans Feldt
d36b5d7d55
Install cri-o with package version (#6853)
and thereby support upgrade from e.g. 1.18.x to 1.19.y

Included OSes:
- Centos7/8
- Ubuntu18/20

New variables for overriding by default installed packages:
- centos_crio_packages
- ubuntu_crio_packages
2020-10-26 08:35:02 -07:00
axelgobletbdr
4b858b6466
Fixes 6621 etcd backup directory is consuming much rootfs disk space (#6836)
* added an ansible var to manage retention of etcd backups

* refactord ls/grep into find in etcd backup removal command
2020-10-23 07:09:57 -07:00
Victor Morales
e03e3c4582
Add Kata Containers support to CRI-O runtime (#6830)
* Enable Kata Containers for CRI-O runtime

Kata Containers is an OCI runtime where containers are run inside
lightweight VMs. This runtime has been enabled for containerd runtime
thru the kata_containers_enabled variable. This change enables Kata
Containers to CRI-O container runtime.

Signed-off-by: Victor Morales <v.morales@samsung.com>

* Set appropiate conmon_cgroup when crio_cgroup_manager is 'cgroupfs'

* Set manage_ns_lifecycle=true when KataContainers is enabed

* Add preinstall check for katacontainers

Signed-off-by: Victor Morales <v.morales@samsung.com>

Co-authored-by: Pasquale Toscano <pasqualetoscano90@gmail.com>
2020-10-23 03:07:46 -07:00
Florian Ruynat
91f1edbdd4
Update k8s-dns-node-cache to 1.15.16 (#6852) 2020-10-22 10:29:36 -07:00
Maciej
c6e2a4ebd8
Set feature gates in kube-proxy ConfigMap (#6851)
Command line flags aren't added to kube-proxy which results in missing
feature gates set in this component. Add appropriate setting to
ConfigMap instead.

Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
2020-10-22 03:39:34 -07:00
Hans Feldt
3eefb5f2ad
fix scaling in kubeadm etcd mode (#6822)
'ansible.vars.hostvars.HostVarsVars object' has no attribute 'kubeadm_upload_cert'

kubeadm_upload_cert will never be found as a hostvar for the first
master since the task is executed for a worker.

Fix by executing the upload task for the first master and register
the needed key. After that, workers can read hostvars for the master

Var kubeadm_etcd_refresh_cert_key removed since it no longer has
any use.
2020-10-21 07:32:32 -07:00
Hans Feldt
04b19359cb
allow non existing etcd group (#6797)
When using kubeadm managed etcd, configuring an etcd group can now
be skipped.
2020-10-21 07:32:20 -07:00
Florian Ruynat
60b0fb3e88
Update hashes and set default version to 1.19.3 (#6841) 2020-10-21 00:58:20 -07:00
wand3r3r
f323d70c0f
Adding option to disable globally applying a proxy to etc/yum.conf (#6828)
* Adding option to disable gloablly applying a proxy to etc/yum.conf

* Change made to proxy_yum_globaly basedon reviewer feedback

* fix trailing spaces in ymllint
2020-10-20 23:22:19 -07:00
Etienne Champetier
03f316e7a2
Fix proxy and module_hotfixes (#6837)
This fixes the Containerd + EL8 case that was missed in 7d1ab3374e

On CentOS 8 with proxy ansible render inline `proxy` and `module_hotfixes` options.

For example:
```
proxy=http://127.0.0.1:3128module_hotfixes=True
```

But expected result:
```
proxy=http://127.0.0.1:3128
module_hotfixes=True
```

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2020-10-19 23:06:07 -07:00
David Louks
79b7f0d592
Use existing variable for tiller service account name (#6829)
* Use existing variable for tiller service account name

* keep crb as tiller
2020-10-19 03:04:13 -07:00
Florent Monbillard
d25aebdaf5
Upgrade Flannel to 0.13.0 (#6826) 2020-10-15 10:50:22 -07:00
Hans Feldt
4781df587c
bump crio version to 1.19 (#6758)
* bump crio version to 1.19

* crio package name has changed for debian/ubuntu
* crio upgrade does not work, see #6757

* update crio info in docs
2020-10-13 02:08:26 -07:00
Sergey
e49330d6ee
change owner to root for bin_dir directory (#6814) 2020-10-12 18:13:22 -07:00
Samuel Liu
dbe6eb20c8
Modify imagepullpolicy (#6816) 2020-10-12 17:45:22 -07:00
yelhouti
8bec5beb4b
fix: add tags for set facts nodelocaldns (#6813) 2020-10-12 16:47:21 -07:00
Hans Feldt
e6effb8245
Make reset work for crio (#6812)
crio refuses to delete pods when cni is unavailable which is the
case e.g. using calico with kdd datastore. See:

https://github.com/cri-o/cri-o/issues/4084

Fix by deleting storage associated with containers. Stop and disable
crio service so switching container runtime can be done.
2020-10-12 15:47:22 -07:00
Bogdan Peste
5e32655830
Added option to force apiserver and respective client certificate to … (#6403)
* Added option to force apiserver and respective client certificate to be regenerated without necessarily needing to bump the K8S cluster version

* Removed extra blank line
2020-10-12 06:02:48 -07:00
holmesb
4cb5a4f609
Fix line-spacing in no_proxy.yml (#6810)
Signed-off-by: holmesb <5072156+holmesb@users.noreply.github.com>
2020-10-11 08:50:47 -07:00
Nikita Velgin
cb57c3c916
Fix handler naming issue for Kubeadm | kubelet (#6803)
Handlers with the same name (Kubeadm | restart kubelet) leads to incorrect playbook execution. As a result, after completing the tasks, kubelet does not restart. This PR fix this behavior
2020-10-11 08:26:47 -07:00
Hans Feldt
92b1166dd0
Disable dashboard by default (#6804)
Users should opt in for features and not opt out.
2020-10-11 08:06:47 -07:00
Kenichi Omichi
e6c28982dd
Chmod kubeconfig to avoid group-readable (#6800)
After upgrading to newer Kubernetes(v1.17 at least), kubectl command
shows the following warning message:

  WARNING: Kubernetes configuration file is group-readable.
  This is insecure. Location: /home/foo/.kube/config

The kubeconfig was copied from {{ artifacts_dir }}/admin.conf with
kubeconfig_localhost feature. It is better to set valid file mode
at getting it on Kubespray.
2020-10-09 01:39:08 -07:00
Florian Ruynat
64f69718fb
Update bunch of dependencies (#6801) 2020-10-09 01:35:06 -07:00
holmesb
1301e69c7d
If no_proxy_exclude_workers is true, workers will be excluded from the no_proxy variable.  This prevents docker engine restarting when scaling workers. (#6520)
Signed-off-by: holmesb <5072156+holmesb@users.noreply.github.com>
2020-10-09 01:15:07 -07:00
Hans Feldt
99b8f0902e
crio: ensure service is started and enabled (#6753) 2020-10-07 00:10:42 -07:00
Sergey
6a4d322a7c
Do not install etcd and etcdctl on master with scale.yml playbook. (#6798)
Remove task with install etcdctl from etcd role when etcd_kubeadm_enabled=true
2020-10-06 07:04:20 -07:00
rafal-jan
9d7f358d4b
Fix csi-snapshotter timeout option. Fix ebs-external-attacher-role ClusterRole. (#6776) 2020-10-06 06:44:21 -07:00
bozzo
b1bb5a4796
Fix cinder & external_openstack cacert deployment (#6745)
The CA cert was only deployed on master nodes
2020-10-06 05:34:21 -07:00
5-sigma
f8ae086334
Added Comment line above checksum section to add clarification about Kubespray's version support and testing (#6785) 2020-10-06 05:30:21 -07:00
Florian Ruynat
c49bda7319
Update nginx ingress controller to 0.40.1 (#6786) 2020-10-06 05:10:21 -07:00
Florian Ruynat
a687013fbe
Update kube-router to 1.1.0 (#6793) 2020-10-05 13:46:20 -07:00
Hans Feldt
b0097fd0c1
harden reset to work in more cases (#6781)
reset playbook fails and does not continue cleanup after for
example a host reboot with kubelet stopped/disabled
2020-10-05 12:55:21 -07:00
Joren Zandstra
9729b6b75a
Add extra arguments variables for openstack and vsphere cloud controller manager daemonsets (#6783) 2020-10-02 10:14:48 -07:00
Florian Ruynat
58959ae82f
Update cilium with minor fix for CVE (#6784) 2020-10-02 10:02:48 -07:00
Victor Morales
a374301570
Remove arch from flannel image tag (#6765)
The 0d0cc8cf9c change creates several
DaemonSets to cover the Flannel CNI installation for different CPU
architectures. This change removes the unnecessary architecture value
from the docker tag value.

Signed-off-by: Victor Morales <v.morales@samsung.com>
2020-09-30 14:16:54 -07:00
dlandtwing
bc8e16fc69
nginx ingress: fix yaml for multiple nodeselectors (#6768)
In case multiple nodeselectors are specified in ingress_nginx_nodeselector, the generated daemonset yaml template for nginx is invalid due to missing indentation starting with the second nodeselector
2020-09-30 07:23:26 -07:00
petruha
7a730d42dd
Add bin_dir to PATH environment. (#6764) 2020-09-29 06:35:27 -07:00
Kenichi Omichi
109391031b
Add error msg for check of local ip (#6761)
When stopping at the check of "Stop if ip var does not match local ips"
the error message is like:

  fatal: [single-k8s]: FAILED! => {
      "assertion": "ip in ansible_all_ipv4_addresses",
      "changed": false,
      "evaluated_to": false,
      "msg": "Assertion failed"
  }

That doesn't contain actual IP addresses and it is difficult to understand
what was wrong. This adds the error message which contain actual IP addresses
to investigate the issue if happens.
2020-09-29 06:29:27 -07:00
Mateusz Adamek
aba63f0f9a
Added support for dynamic tags in AWS and Azure. (#6752)
* Added support for dynamic tags in AWS and Azure.

* Added examples of dynamic tags configuration.
2020-09-26 10:50:48 -07:00
Lennart Weller
e67886bf9d
add leader election timeouts and durations to available parameters (#6691) 2020-09-25 08:21:11 -07:00
Florian Ruynat
c2ac3b51c1
Update containerd to 1.3.7 - add fedora32/centos8 containerd packages (#6749) 2020-09-25 08:15:11 -07:00
emiran-orange
081a9e7bd8
/opt/cni/bin/install not before calico 3.16 (#6738) 2020-09-25 06:15:11 -07:00
Florian Ruynat
55d8ed093a
Add centos8 docker repo (#6747) 2020-09-25 06:11:11 -07:00
axelgobletbdr
77149e5d89
Fixes #6740: Allow disabling reverse DNS lookups in coredns (#6741)
* created variable to enable/disable reverse dns lookups in coredns

* fixed linting-error in dns-stack.md
2020-09-25 02:33:11 -07:00
orange-llajeanne
28839f6b71
remove duplicate audit-policy-file argument in kubeadm configuration (#6734) 2020-09-24 09:26:06 -07:00
Hans Feldt
28073c76ac
Calico upgrade path validation and old version cleanup (#6733)
* calico: add constant calico_min_version_required

and verify current deployed version against it.

* calico: remove upgrade support with data migration

The tool was used pre v3.0.0 and is no longer needed.

* calico: remove old version support from tasks

* calico: remove old ver support from policy ctrl

* calico: remove old ver support from node

* canal: remove old ver support

* remove unused calicoctl download checksums

calico_min_version_required is the oldest version that can be installed
Older versions can be removed.
2020-09-24 09:04:06 -07:00
Marco Martínez
5c448b6896
Add retries to update calico-rr data in etcd through calicoctl (#6505)
* Add retries to update calico-rr data in etcd through calicoctl

* Update update-node yaml syntax

* Add comment to clarify ansible block loop

* Remove trailing space
2020-09-24 03:24:05 -07:00
Sergey
c0fd5b2e84
remove variable 'etcd_ionice', because ionice removed from container image etcd:v3.4.x (#6735) 2020-09-23 12:34:05 -07:00
Hans Feldt
6141b98bf8
calico: default to using kdd datastore (#6693)
If already deployed, get current datastore from CNI config file
2020-09-23 08:38:09 -07:00
Florian Ruynat
2eae207435
Update docker packages to 19.03.13 + add docker f32 (#6712) 2020-09-23 08:32:19 -07:00
Florian Ruynat
9a8e4381be
Fix snapshot.storage apiVersion (#6711) 2020-09-23 08:32:10 -07:00
lukasz bielinski
5f034330c5
properly generate extravolumes in kubeadmconfig for centos (#6708) 2020-09-23 01:20:09 -07:00
Wang Zhen
edea63511d
Fix reserved memory unit in kubelet configuration (#6725)
* Fix reserved memory unit in kubelet configuration

Signed-off-by: Wang Zhen <lazybetrayer@gmail.com>

* Move systemReserved default values from template

Signed-off-by: Wang Zhen <lazybetrayer@gmail.com>
2020-09-22 15:20:09 -07:00
Florent Monbillard
80df4f8b01
Fix unintended SIGPIPE (#6721) 2020-09-22 11:14:42 -07:00
David Louks
1e79dcfcaa
Added ability to set calico vxlan vni and port. defaults to calico's … (#6678)
* Added ability to set calico vxlan vni and port. defaults to calico's documented defaults.

* Check if calico_network_backend is defined prior to checking value

* Removed calico hidden defaults for vxlan port and vni

* Fixed FELIX_VXLANVNI typo
2020-09-22 01:04:48 -07:00
Victor Morales
0d0cc8cf9c
Add multi architeture support to flannel (#6166)
Signed-off-by: Victor Morales <v.morales@samsung.com>
2020-09-22 00:44:47 -07:00
Florent Monbillard
5bd937ece0
Remove pypi repo and pip extra flags (#6729) 2020-09-21 13:27:51 -07:00
Mateus Caruccio
8908a70c19
Fails if kubeadm_version do not matches kubernetes version (#6302) 2020-09-21 07:20:32 -07:00
Marc-Antoine
5ec2467268
Add external_openstack_lbaas_provider setting for occm (#6566)
* Add external_openstack_lbaas_provider setting for occm

* Integrate with existing lbaas_provider block

* Refactor lbaas_provider config template block

* Remove external_openstack_lbaas_use_octavia from sample inventory
2020-09-21 07:04:32 -07:00
orange-llajeanne
e489e70031
add new variable allowing additionnal audit webhook server options (#6726) 2020-09-21 06:44:32 -07:00
Florian Ruynat
05c9169c70
Fix example value for etcd_quota_backend_bytes (#6724) 2020-09-21 05:42:31 -07:00
David Louks
bd49c993de
Added support for setting tiller_service_account and tiller_replicas (#6696)
* Added support for setting tiller_service_account and tiller_replicas

* Specify helm 2 version to ensure we have a test path that still hits helm 2 code

* Moved tiller_service_account to defaults.yml. Fixed is tiller_replicas defined check.
2020-09-20 23:52:30 -07:00
Florent Monbillard
5989680967
Make sure node_ip is set if node is in etcd group (#6719) 2020-09-18 17:14:27 -07:00
Florian Ruynat
151b142d30
Ignore pause from kubeadm config images list (#6689) 2020-09-18 07:32:46 -07:00
Florian Ruynat
b7c4136702
Ignore error in check mode when disabling swap (#6703) 2020-09-18 07:26:46 -07:00
David Wattier
e666fe5a8d
flannel image arch specific tag (#6685) 2020-09-18 02:12:54 -07:00
Sebastian
9ce34be217
Added missing permissions for operator. (#6683)
Related commit: 976337b750
2020-09-18 02:12:45 -07:00
Florian Ruynat
79226d0870
Add Kubernetes hashes 1.19.2/1.18.9/1.17.12 and set default (#6698) 2020-09-17 11:12:45 -07:00
Hans Feldt
6da385de9d
Use "kubeadm join" to join masters to control plane (#6661)
Remove configuration variable kubeadm_control_plane
2020-09-17 04:34:45 -07:00
Hans Feldt
0cc5e3ef03
Remove workaround with kube_proxy_remove (#6512)
* kube-proxy never gets deployed so need to remove it
2020-09-17 04:30:45 -07:00
David Louks
3bf40d5db9
make metallb image repos configurable (#6671) (#6672)
* Make metallb image repos configurable

* Moved metallb image repo definitions to download role defaults

* Removed comment. These are set in download defaults
2020-09-17 02:45:13 -07:00
Lukas Grossar
a870dd368e
Allow configuration of nodelabels in local_volume_provisioner (#6620) 2020-09-17 02:44:58 -07:00
Barry Melbourne
b6b26c710f
Add support for Calico CNI host-local IPAM plugin (#6580) 2020-09-17 02:44:46 -07:00
Pasquale Toscano
04932f496f
Updated KataContainers version to 1.11.3 (#6694) 2020-09-17 02:32:45 -07:00
Florian Ruynat
dffbd58671
Move from widehat.opensuse to download.opensuse for crio centos (#6682) 2020-09-15 06:28:07 -07:00
Florian Ruynat
152e0162a9
Update api version, deprecated in 1.19 (#6656) 2020-09-11 15:12:09 -07:00
Florian Ruynat
2fa7faa75a
Update etcd to 3.4.13 (#6658) 2020-09-11 12:32:09 -07:00
w33dw0r7d
03dff09b8a
fix kubelet_flexvolumes_plugins_dir undefined (#6645) 2020-09-11 00:34:14 -07:00
Florian Ruynat
a556f8f2bf
Remove deprecated (and removed in 1.19) flag and function --basic-auth-file (#6655) 2020-09-11 00:30:14 -07:00
Florian Ruynat
1765c9125a
Update CoreDNS to 1.7.0 (#6657) 2020-09-10 15:48:14 -07:00
Florian Ruynat
ab28192d50
Update various dependencies following 1.19 release (#6660) 2020-09-10 11:07:45 -07:00
Florian Ruynat
ad15721677
Add Kubernetes 1.19.1 hashes and set default (#6654) 2020-09-10 10:43:46 -07:00
Hans Feldt
a2d4dbeee4
crio: use system default for storage driver by default (#6637)
After host reboot kubelet and crio goes into a loop and no container is started.

storage_driver in crio.conf overrides system defaults in etc/containers/storage.conf

/etc/containers/storage.conf is installed by package containers-common dependency
installed from cri-o (centos7) and contains "overlay".

Hosts already configured with overlay2 should be reconfigured and the
/var/lib/containers content removed.
2020-09-10 05:29:45 -07:00
Florian Ruynat
1712ba1198
Add iptables_backend to weave options (#6639) 2020-09-10 03:49:52 -07:00
Mikael Johansson
040dda37ed
Add comment clarifying network allocation and sizes (#6607)
* Add comment from roles/kubespray-defaults/defaults/main.yaml clarifying network allocation and sizes

Signed-off-by: Mikael Johansson <mik.json@gmail.com>

* Rewrite of the comment and added new examples

Signed-off-by: Mikael Johansson <mik.json@gmail.com>
2020-09-10 03:49:44 -07:00
holmesb
a99ba3bb16
Allowing resource management of metrics-server container. Will allow fine-tuning of resource allocation and solving throttling issues. Setting defaults as per the current request & limit allocation: cpu: 43m, memory 55Mi for both limits & requests. (#6652)
Signed-off-by: Brendan Holmes <holmesb@users.noreply.github.com>

Co-authored-by: Brendan Holmes <holmesb@users.noreply.github.com>
2020-09-10 03:46:02 -07:00
Florian Ruynat
ae5328c500
Update calico to 3.16.1 (#6644) 2020-09-10 03:45:46 -07:00
spaced
34ff39e654
NetworkManager lists must be separated by , (#6643) 2020-09-10 03:41:44 -07:00
Florian Ruynat
8e3915f5bf
Set ansible_python_interpreter to python3 on debian (fix error with mitogen) (#6633) 2020-09-08 15:37:52 -07:00
Maxime Guyot
a1f04e9869
Cleanup v1.16 hashes (#6635) 2020-09-08 01:51:43 -07:00
Maxime Guyot
961149b865
Update kube_version_min_required for 2.14 release (#6634) 2020-09-07 23:59:43 -07:00
spaced
2de6a5676d
Fedora coreos networkmanager global dns and bootstrapping fix (#6577)
* remove podman cni plugin

* configure networkamanger global dns

* allow installation of python3-libselinux by disabling update repo temporary

* remove ipv4 section because it is not a valid configuration
2020-09-07 02:27:41 -07:00
Florian Ruynat
050578da94
Update Cilium to 1.8.3 (#6629) 2020-09-07 02:11:49 -07:00
Florian Ruynat
6fc73e3038
Add Kubernetes 1.16.15 hashes (#6624) 2020-09-07 01:23:41 -07:00
Florian Ruynat
d97e9b9e50
Fix oracle linux repo (#6627) 2020-09-07 01:15:41 -07:00
Florian Ruynat
fa0eb11bf4
Update kubernetes dashboard (#6623) 2020-09-04 05:29:41 -07:00
Julien Pervillé
f660c29348
Declare port 10254 in nginx ingress pod template (#6609) 2020-09-04 04:54:11 -07:00
Hans Feldt
6613895de0
remove kubelet startup warnings for non docker container runtime (#6605)
Removes these startup warnings:

Warning: For remote container runtime, --pod-infra-container-image is ignored in kubelet, which should be set in that remote runtime instead
Using "/var/run/crio/crio.sock" as endpoint is deprecated, please consider using full url format "unix:///var/run/crio/crio.sock".
2020-09-04 04:54:04 -07:00
Hans Feldt
803d52ffce
kubernetes: remove unused variables (#6601) 2020-09-04 04:53:56 -07:00
tasekida
fc61f8d52e
Update cert manager to 0.16.1 (#6600)
* Update cert manager to 0.16.1

* Update cert manager to 0.16.1

Co-authored-by: Barry Melbourne <9964974+bmelbourne@users.noreply.github.com>
2020-09-04 04:53:48 -07:00
Maxim Pogozhiy
0553814b4f
Add selectable dns policy for kube-router (#6586) 2020-09-04 04:53:41 -07:00
Florian Ruynat
f1566cb8c2
Add protectKernelDefaults option (default true) to kubelet config file (#6611) 2020-09-03 07:41:41 -07:00
Lovro Seder
c1ba8e1b3a
Rotate kubelet server certificate. (#6453)
* Rotate kubelet server certificate.

* CI test kubelet server cert rotation

* Approve kubelet serving certificates in tests.
2020-09-03 07:25:41 -07:00
Hugo Blom
2ff7ab8d40
Add snapshot-controller for CSI drivers and snapshot CRDs, add a default volumesnapshotclass when running cinder CSI (#6537)
* add snapshot-controller and v1beta1 snapshot api

* fix typo

* udpate manifest to v1beta1

* update

* update manifests

* fix spelling

* wait until crd is applied

* fix missing info in kube module

* revert snapshotclass

* add snapshot crds before applying the csi driver

* add crds, missed them in last commit

* use pull policy from kubespray
2020-09-03 04:01:43 -07:00
Hans Feldt
93698a8f73
Calico: update crds to v1 and cr (#6360)
* Update CustomResourceDefinition for kubecontrollersconfigurations.crd.projectcalico.org to v1
* Align ClusterRole for kube-controllers with upstream (calico)
2020-09-03 00:51:40 -07:00
Maxime Guyot
6245587dc8
Fix E306 in roles/network_plugin (#6516)
Signed-off-by: Miouge1 <maxime@root314.com>
2020-09-02 23:55:40 -07:00
Florian Ruynat
2faf53b039
Check node_ip is defined when removing etcd node (#6603) 2020-09-01 01:05:58 -07:00
Florian Ruynat
e0b1787740
Use crictl 1.19.0 for k8s 1.19.x (#6598) 2020-09-01 01:05:50 -07:00
Florian Ruynat
9849dba5d3
Update cni plugins with minor fix (#6592) 2020-08-31 05:16:21 -07:00
Barry Melbourne
03c9c091f2
Docker: Set Cgroup driver by default to systemd (#6563)
* Set Docker Cgroup driver to systemd

* Add docker_cgroup_driver in Docker defaults
2020-08-31 04:56:20 -07:00
Marc-Antoine
5a8b68a429
Add support for openstack application credentials (#6534)
* Add support for openstack application credentials

* Add some lines for readability

* Update external_openstack_tenant_id check

Do not check external_openstack_tenant_id when application credentials are defined

* Add check for external_openstack_domain_id

* Fix typo
2020-08-31 03:30:28 -07:00
Maxime Guyot
34d88ea6d9
Fix Ansible-lint E303 (#6409) 2020-08-31 03:30:20 -07:00
Florian Ruynat
0665b45e61
Update nginx ingress to 0.35.0 (#6599) 2020-08-31 03:24:21 -07:00
Maxime Guyot
648fcf3a2e
Fix E306 in roles/etcd (#6515) 2020-08-31 03:20:20 -07:00
Barry Melbourne
058438a25d
Remove support for CoreOS Container Linux (#6576) 2020-08-28 02:28:53 -07:00
Maxime Guyot
6e938a3106
Fix E306 in other roles (#6517) 2020-08-28 01:20:53 -07:00
Florian Ruynat
2f93d62aa5
Update nginx ingress to 0.34.1 (#6571) 2020-08-27 10:15:53 -07:00
Florian Ruynat
8ba3d7ec75
Add Kubernetes 1.19 hashes (#6593) 2020-08-27 09:45:53 -07:00
Hans Feldt
9e2d282709
cri-o: add variable to configure unsecure pull (#6568)
By default do not allow "unqualified" (without a registry) images
because it is considered unsecure and subject to mitm attacks.

To enable insecure pull configure for example:

crio_registries:
  - "docker.io"
  - "quay.io"
2020-08-27 09:09:53 -07:00
Florian Ruynat
706c7cb4f1
etcd should not fail when adding an already existing member (#6587) 2020-08-27 02:33:01 -07:00
Florian Ruynat
e7ee19bd66
Update bunch of dependencies with minor fixes (#6570) 2020-08-27 02:25:01 -07:00
nic0las
f59d3fc4a3
Deviceroutesourceaddress (#6508)
* add FELIX_DEVICEROUTESOURCEADDRESS calico option

* add calico_use_default_route_src_ipaddr option 

add calico_use_default_route_src_ipaddr option to use FELIX_DEVICEROUTESOURCEADDRESS calico option

* Update k8s-net-calico.yml
2020-08-27 02:07:01 -07:00
Barry Melbourne
8e2bae0f2a
Fix Ansible Lint warnings (No such file or directory) (#6581) 2020-08-26 23:19:10 -07:00
Arthur Outhenin-Chalandre
e6dae03a0d
Add cilium hubble server in config (#6575)
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-26 23:19:02 -07:00
Arthur Outhenin-Chalandre
2f2ed116f7
Improve metallb template for bgp peers (#6574)
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-26 23:15:03 -07:00
Kuralamudhan Ramakrishnan
e91c6a7bd1
update the ovn4nfv-k8s-plugin image version to v1.1.0 (#6531)
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
2020-08-26 23:11:03 -07:00
Florian Ruynat
1ff95e85f4
Rollback coredns, should not have been updated before 1.19 (#6573) 2020-08-26 03:30:03 -07:00
Sulochan Acharya
36924b63dc
Allow webhook authorization (#6502) 2020-08-24 06:29:41 -07:00
jeanfabrice
411510cbe6
Use proper openssl command to differentiate between host and ip in API certificate check (#6392)
* Use proper openssl command to differentiate between host and ip in current certificate check

* fixup! Use proper openssl command to differentiate between host and ip in current certificate check
2020-08-21 02:03:39 -07:00
Florian Ruynat
6e2b8a5750
Add timeout to Get current version of calico cluster version, again (#6493) 2020-08-21 00:13:51 -07:00
Lars
ca66a96d0a
make pre-remove node draining a failable task (#6442)
and add configuration to allow ungraceful removal
2020-08-21 00:13:39 -07:00
Marc-Antoine
0c09ec5d13
Bump Openstack cloud controller image verison to 1.18.2 (#6562) 2020-08-21 00:10:03 -07:00
*=0=1=4=*
a8e2110b2d
#6552 Update extras_rh_repo_base_url (#6556) 2020-08-21 00:09:55 -07:00
Christian Strack
250541d29d
Use proper pypy download url in bootstrap script (#6555)
The bootstrap-os role uses a bootstrap script to provision a
python interpreter on flatcar and container os hosts. As the
pypy project switched to another hoster, the download url changed.

If applied this will use the new proper pypy download url in bootstrap script
2020-08-21 00:09:47 -07:00
Florian Ruynat
142b9e1eff
Update k8s hashes and set default version to 1.18.8 (#6532) 2020-08-21 00:09:39 -07:00
Michal Petko
91ae87fa60
Fix setting node label if kube_override_hostname is defined (#6557) 2020-08-20 06:23:30 -07:00
tasekida
d6456d13c2
Update coredns to 1.7.0 (#6538) 2020-08-20 04:33:44 -07:00
Florian Ruynat
98f7485303
Update weave to 2.7.0 + minor update to Cilium (#6501) 2020-08-20 04:33:36 -07:00
Samuel Liu
a42d811420
fix scale playbook (#6482) 2020-08-20 04:33:23 -07:00
Barry Melbourne
bf6fdce339
Fix cert-manager E305 ansible-lint error (#6549) 2020-08-20 04:25:45 -07:00
Bernard Landon
fa378f09c3
Edited pre-upgrade task to uncordon a node failing to drain (#6546) 2020-08-20 04:25:36 -07:00
holmesb
d8a749fd27
Update apiserver-audit-policy.yaml.j2 (#6526) 2020-08-18 00:49:37 -07:00
Florian Ruynat
78ceef6b15
Remove unused variable (#6522) 2020-08-18 00:45:29 -07:00
Arthur Outhenin-Chalandre
ca8e59fa85
Add new cilium options for native routing (#6519)
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-18 00:39:42 -07:00
Bernard Landon
b0210567aa
Fixed Kubespray container-engine/docker role to populate docker.service (#6518) 2020-08-18 00:39:30 -07:00
Arthur Outhenin-Chalandre
33ec13293b
Fix cilium_deploy_additionally with kubeadm etcd (#6514)
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-18 00:35:36 -07:00
Arthur Outhenin-Chalandre
bedb411d06
improve Cilium metrics support (#6513)
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-18 00:35:29 -07:00
Erwan Miran
ef3e98807e
tlsminversion and tlsciphersuites kubelet (#6490) 2020-08-13 02:48:13 -07:00
Arthur Outhenin-Chalandre
35682b5228
Fix cilium strict kube proxy replacement in HA (#6473)
* Update the cilium svc proxy test to HA mode

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* Fix cilium strict kube-proxy in HA

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* Add a single global endpoint variable

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* Add cilium docs about kube-proxy replacement

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* Fix issues in docs

Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-08-06 00:14:55 -07:00
Barry Melbourne
9cc70e9e70
Upgrade JetStack Cert-Manager to v0.15.2 (#6414)
* Upgrade JetStack Cert-Manager to v0.15.2

* Add README.md table of contents
2020-08-05 23:26:55 -07:00
Maxime Guyot
fc23f37af7
Fix E306 in roles/kubernetes (#6500) 2020-08-05 07:56:28 -07:00
Sulochan Acharya
bfe143808f
Allows tls verify skip on webhook auth url (#6472) 2020-08-05 05:02:29 -07:00
Mike Williams
e72dbf3dfc
Option for MetalLB to talk BGP (#6383)
* Option for MetalLB to talk BGP

* Check for BGP peers when metallb_protocol is bgp

* README clarification

* Commented values as documentation only in the sample inventory

* layer 2 or BGP, not both
2020-08-05 01:52:40 -07:00
bozzo
cc70200a07
Fix Flexvolume mount in Openstack Controller (#6480) 2020-08-04 05:28:35 -07:00
Steven Reitsma
f3c17361da
Create a PodDisruptionBudget for the Cinder CSI controllerplugin (#6385) 2020-08-04 05:28:19 -07:00
Victor Morales
bdf0238328
Upgrade molecule to v3 (#6468)
Signed-off-by: Victor Morales <v.morales@samsung.com>
2020-08-04 05:24:19 -07:00
Florent Monbillard
39b907cdfb
Remove workaround for kubeadm upgrade (#6478)
https://github.com/kubernetes/kubeadm/issues/1498 was closed
2020-08-03 01:17:40 -07:00
Florian Ruynat
24a7878e7c
Update kube-router to 1.0.1 and kube-ovn to 1.3.0 (#6479) 2020-08-01 00:34:04 -07:00
Konstantin Lebedev
2364a84579
fix src for audit webhook config yaml (#6470) 2020-08-01 00:33:56 -07:00
Hans Feldt
c6e5be91e9
crio: align template crio.conf with upstream (#6432)
* log level by default increased to 'info'
* cgroup manager by default set to 'systemd'
* stream port (used by kubelet) bound to 127.0.0.1 for security reasons
* metrics can be enabled and port specified
2020-08-01 00:33:48 -07:00
fulii
ce22c0e6a4
Add option to configure IPVS timeouts in kube-proxy configration manifest. (#6396) 2020-08-01 00:33:40 -07:00
Maxime Lavandier
bd60df97aa
Fix download calico policy condition (#6474) 2020-08-01 00:29:48 -07:00
Cristian Chiru
94df580674
Moved docker_dns_options to defaults so it can be overridden (#6394)
* Moved docker_dns_options to defaults so it can be overridden

* Fixed yaml indentation and markdown

* Moved docker_dns_search_domains to defaults
2020-08-01 00:29:41 -07:00
Kuralamudhan Ramakrishnan
90e5f8ffe1
adding ovn4nfv in kubespray (#6381)
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
2020-07-31 07:33:08 -07:00
Florian Ruynat
bf6168fca8
Move fedora30 jobs to fedora32 (#6426) 2020-07-30 23:31:07 -07:00
Florian Ruynat
a78e861a89
Fix test if openstack_cacert is a base64 string (#6421) 2020-07-30 13:15:17 -07:00
Arthur Outhenin-Chalandre
3550e3c145
Adding kube-proxy-replacement support in cilium (#6334)
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-07-30 02:46:31 -07:00
Vladimir Masarik
8425c2363b
Replaced a broken link (#6467) 2020-07-30 00:58:31 -07:00
Samuel Liu
15ec44901d
azure csi typo (#6469) 2020-07-30 00:52:31 -07:00
Florent Monbillard
924cc11af6
Upgrade to kubernetes 1.18.6 (#6405)
- Add 1.17.9 and 1.16.13 SHAs
2020-07-29 14:54:09 -07:00
Maxime Guyot
fe46349786
Fix ansible-lint E301 for commands fetching data (#6465) 2020-07-28 08:39:47 -07:00
Maxime Guyot
214e08f8c9
Fix ansible-lint E305 (#6459) 2020-07-28 01:39:08 -07:00
Maxime Guyot
8bd3b50e31
Fix ansible-lint E404 (#6417) 2020-07-28 01:21:08 -07:00
Maxime Guyot
e70f27dd79
Add noqa and disable .ansible-lint global exclusions (#6410) 2020-07-27 06:24:17 -07:00
Florian Ruynat
b680cdd0e4
Move healthz check to secure ports (#6446) 2020-07-27 00:26:17 -07:00
Florian Ruynat
c9f63e5016
Update multus version & crio conf (#6444) 2020-07-26 23:36:16 -07:00
Florian Ruynat
d8a197ca51
Fix remove etcd broken with etcdctl_api 3 (#6448) 2020-07-26 23:32:29 -07:00
Hugo Blom
1f9841f609
update cinder csi manifests (#6434) 2020-07-26 23:32:17 -07:00
Florian Ruynat
aa21edeb53
Update docker package to 19.03.12 (#6439) 2020-07-22 09:26:06 -07:00