Erwan Miran
ef3e98807e
tlsminversion and tlsciphersuites kubelet ( #6490 )
2020-08-13 02:48:13 -07:00
Maxime Guyot
fc23f37af7
Fix E306 in roles/kubernetes ( #6500 )
2020-08-05 07:56:28 -07:00
Sulochan Acharya
bfe143808f
Allows tls verify skip on webhook auth url ( #6472 )
2020-08-05 05:02:29 -07:00
Florent Monbillard
39b907cdfb
Remove workaround for kubeadm upgrade ( #6478 )
...
https://github.com/kubernetes/kubeadm/issues/1498 was closed
2020-08-03 01:17:40 -07:00
Konstantin Lebedev
2364a84579
fix src for audit webhook config yaml ( #6470 )
2020-08-01 00:33:56 -07:00
fulii
ce22c0e6a4
Add option to configure IPVS timeouts in kube-proxy configration manifest. ( #6396 )
2020-08-01 00:33:40 -07:00
Kuralamudhan Ramakrishnan
90e5f8ffe1
adding ovn4nfv in kubespray ( #6381 )
...
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
2020-07-31 07:33:08 -07:00
Florian Ruynat
a78e861a89
Fix test if openstack_cacert is a base64 string ( #6421 )
2020-07-30 13:15:17 -07:00
Maxime Guyot
214e08f8c9
Fix ansible-lint E305 ( #6459 )
2020-07-28 01:39:08 -07:00
Maxime Guyot
e70f27dd79
Add noqa and disable .ansible-lint global exclusions ( #6410 )
2020-07-27 06:24:17 -07:00
Florian Ruynat
b680cdd0e4
Move healthz check to secure ports ( #6446 )
2020-07-27 00:26:17 -07:00
Igor Vuk
ea67bb6e41
Fix typo: Modprode -> Modprobe ( #6429 )
2020-07-21 23:58:25 -07:00
Konstantin Lebedev
a7ec0ed587
add audit webhook support ( #6317 )
...
* add audit webhook support
* use generic name auditsink
2020-07-20 01:32:54 -07:00
Arthur Outhenin-Chalandre
1a1fe99669
Add a way to deploy cilium alongside another CNI ( #6373 )
...
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-07-17 05:57:01 -07:00
Florian Ruynat
5e22574402
Remove allow-release-candidate-upgrades already include in experimental-upgrades flag ( #6349 )
2020-07-15 00:26:37 -07:00
Arthur Outhenin-Chalandre
abfa1636e4
Fix kube-proxy post deployment removal ( #5554 )
...
* Fix kube-proxy removal
* Fix unwanted skipped task for kube-proxy
* Fix kube_proxy_remove default
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
* Add test for kube-router svc proxy
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-07-13 07:12:33 -07:00
Arthur Outhenin-Chalandre
05b9f14b76
Update cilium minimum kernel preinstall check ( #6376 )
...
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
2020-07-13 04:44:32 -07:00
Hans Feldt
22996babcf
allow kubeadm to upgrade etcd ( #6345 )
...
Co-authored-by: Hans Feldt <hafe@users.noreply.github.com>
2020-07-07 12:36:00 -07:00
Maxime Guyot
57eefdd458
Fix azure-cloud-config.j2 JSON syntax ( #6364 )
2020-07-02 23:38:47 -07:00
Florian Ruynat
2a82dff3ae
Remove runtime-config from kubeadm if empty ( #6311 )
2020-06-30 11:22:05 -07:00
Hans Feldt
ae003af262
Fix kubelet cgroup driver detection for crio ( #6331 )
...
* Fix kubelet cgroup driver detection for crio
Remove fact standalone_kubelet since it is not used
* Fix yamllint complaints of roles/kubernetes/node/tasks/facts.yml
Co-authored-by: Hans Feldt <hafe@users.noreply.github.com>
2020-06-30 02:32:05 -07:00
Joel Seguillon
4c1e0b188d
Add .editorconfig file ( #6307 )
2020-06-29 12:39:59 -07:00
bozzo
09b23f96d7
Use NetworkManager to manage resolv.conf in FedoraCoreOS ( #6291 )
2020-06-29 00:26:17 -07:00
Erwan Miran
d3ca9d1db9
kube_encryption_resources must be output as yaml ( #6309 )
2020-06-25 23:59:31 -07:00
Mike Dziedziela
8ca2a9a7d5
added azure_cloud parameter to Azure's cloud_config ( #6321 )
2020-06-25 14:35:30 -07:00
bozzo
276c450759
Use connection: local
when delegate_to: localhost
( #6322 )
...
This will avoid SSH connection on the local host
2020-06-25 08:14:38 -07:00
Samuel Liu
c29b21717d
Add event-ttl duration ( #6310 )
...
* Add event-ttl duration
* Fix wrong location
2020-06-24 08:15:17 -07:00
Maxime Guyot
c6588856c7
Add Ubuntu 20.04 support and use Python 3 ( #6157 )
2020-06-16 13:04:05 -07:00
Samuel Liu
dba645421f
ADD tls cipher suites support ( #6024 )
...
* ADD tls cipher suites support
yaml lint
yamllint
* update test case
* update test case
2020-06-16 04:10:05 -07:00
mohsen
10e54eca26
make better condition for applying nf_conntrack kernel tweak ( #6267 )
...
* MINOR: Check kernel version before enable modprobe nf_conntrack
* CLEANUP: no more need to ignore error of this task
* MINOR: Fixing yaml and ansible lint error - remove trailling-space
2020-06-16 00:34:06 -07:00
Hans Feldt
a8740c6e13
fix a few tasks falsely reporting "changed" ( #6269 )
...
Co-authored-by: Hans Feldt <hafe@users.noreply.github.com>
2020-06-16 00:24:03 -07:00
Y0UZ45
06391b6dd9
Fix kubectl.sh parameter quoting ( #6239 )
...
If the special parameter "$@" is not quoted, the following command will not work:
./kubectl.sh patch storageclass my-storage-class -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
2020-06-14 13:57:57 -07:00
Florian Ruynat
a9de6dde33
Cleanup unneeded elif in kubelet env file ( #6261 )
2020-06-12 01:27:55 -07:00
Unai Arríen
1912df7e3e
Create /etc/gai.conf if not exists when disable_ipv6_dns is 'true' ( #6258 )
2020-06-12 00:55:55 -07:00
404notfoundhard
d036a04d4d
restart kubelet service when kube-config.yml is changed ( #5402 )
...
* fix(kubelet): exec notify restart kubelet service when kube-config.yml changed
* Revert "refactor(kubelet handler): change task name("reload kubelet") this is misleading"
This reverts commit 8f5d29560802c7c997293adb1ce9f84d3b20b6cb.
* fix(handlers,kubelet): setting right notify task name
2020-05-19 10:13:37 -07:00
bozzo
d948839320
Fix resolv.conf configuration for Fedora CoreOS. ( #6138 )
2020-05-18 02:27:36 -07:00
Mateus Caruccio
a5af58c05a
Fix apiserver port when upgrading ( #6136 )
2020-05-18 01:21:36 -07:00
Matthew Mosesohn
fda05df5f1
Only fix kube-proxy address on evaluating kube_master hosts ( #6152 )
...
Change-Id: I83a7101a6cd99eb531d8385de5c31aee4f474469
2020-05-17 13:05:36 -07:00
Florent Monbillard
324106e91e
Remove Kubernetes <1.16 conditionals ( #6088 )
2020-05-08 00:45:43 -07:00
Florian Ruynat
ca45d5ffbe
Fix retries keyword missing until instruction ( #5989 )
2020-04-21 07:20:56 -07:00
Maxime Guyot
3134dd4c0d
Drop support for Fedora 28 and add Fedora 30 and 31 ( #5969 )
2020-04-18 06:35:36 -07:00
Sergey
6318bb9f96
Return the ability to start control plain from the hyperkube image ( #5422 )
2020-04-18 05:59:36 -07:00
Florian Ruynat
83fe607f62
Cleanup deprecated labels beta.kubernetes.io/arch and beta.kubernetes.io/os ( #5964 )
2020-04-17 05:51:06 -07:00
Lovro Seder
b09fe64ff1
Calculate inventory list only once ( #5956 )
2020-04-16 06:12:45 -07:00
Florent Monbillard
54debdbda2
Generate unique username per cluster in client kubeconfig ( #5943 )
...
* Generate unique username per cluster
* rename admin kubeconfig shell output to raw_admin_kubeconfig
* Make the linter happy
* Fix lint errors
* Cleaning up tasks
2020-04-16 05:32:45 -07:00
Florian Ruynat
473a8beff0
Remove hard-coded dependance to docker.service in kubelet.service file ( #5917 )
2020-04-09 08:43:46 -07:00
Maxime Guyot
7eaa7c957a
Fix conntrack for opensuse and docker support ( #5880 )
2020-04-08 07:37:44 -07:00
spaced
157c247563
fix readonly flexvolume in fcos and coreos ( #5885 )
2020-04-08 01:41:43 -07:00
Etienne Champetier
a35b6dc1af
Fix scaling ( #5889 )
...
* etcd: etcd-events doesn't depend on etcd_cluster_setup
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* etcd: remove condition already present on include_tasks
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* etcd: fix scaling up
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* etcd: use *access_addresses, do not delegate to etcd[0]
We want to wait for the full cluster to be healthy,
so use all the cluster addresses
Also we should be able to run the playbook when etcd[0] is down
(not tested), so do not delegate to etcd[0]
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* etcd: use failed_when for health check
unhealthy cluster is expected on first run, so use failed_when
instead of ignore_errors to remove scary red messages
Also use run_once
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* kubernetes/preinstall: ensure ansible_fqdn is up to date after changing /etc/hosts
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* kubernetes/master: regenerate apiserver cert if needed
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2020-04-08 01:27:43 -07:00
spaced
0c51352a74
remove unused kubelet options ( #5903 )
2020-04-07 11:51:44 -07:00