Josh Conant
f4ec2d18e5
Adding the Vault role
2017-02-08 21:31:28 +00:00
Matthew Mosesohn
16674774c7
Merge pull request #994 from mattymo/docker_save
...
Change docker save compress level to 1
2017-02-08 15:13:15 +03:00
Matthew Mosesohn
0180ad7f38
Merge pull request #990 from mattymo/fix_cert_upgrade
...
Fix check for node-NODEID certs existence
2017-02-08 14:44:09 +03:00
Matthew Mosesohn
bfd1ea1da1
Merge pull request #971 from bradbeam/efk
...
Adding EFK logging stack
2017-02-08 14:28:04 +03:00
Matthew Mosesohn
d587270293
Merge pull request #992 from vwfs/host_mount_dev
...
Host mount /dev for kubelet
2017-02-08 13:45:22 +03:00
Matthew Mosesohn
3eb13e83cf
Change docker save compress level to 1
...
Faster gzip improves CI deploy times by at least 2 mins.
Fixes #982
2017-02-08 13:25:11 +03:00
Matthew Mosesohn
bad6076905
Merge pull request #987 from mattymo/etcd-retune
...
Re-tune ETCD performance params
2017-02-08 13:00:25 +03:00
Bogdan Dobrelya
c2bd76a22e
Merge pull request #956 from adidenko/update-netchecker
...
Update playbooks to support new netchecker
2017-02-08 10:09:46 +01:00
Alexander Block
010fe30b53
Host mount /dev for kubelet
2017-02-08 09:55:51 +01:00
Matthew Mosesohn
e5779ab786
Fix check for node-NODEID certs existence
...
Fixes upgrade from pre-individual node cert envs.
2017-02-07 21:06:48 +03:00
Matthew Mosesohn
71e14a13b4
Re-tune ETCD performance params
...
Reduce election timeout to 5000ms (was 10000ms)
Raise heartbeat interval to 250ms (was 100ms)
Remove etcd cpu share (was 300)
Make etcd_cpu_limit and etcd_memory_limit optional.
2017-02-07 20:15:14 +03:00
Matthew Mosesohn
491074aab1
Merge pull request #969 from mattymo/port_reserve
...
Prevent dynamic port allocation in nodePort range
2017-02-07 18:24:57 +03:00
Aleksandr Didenko
54af533b31
Update playbooks to support new netchecker
...
Netchecker is rewritten in Go lang with some new args instead of
env variables. Also netchecker-server no longer requires kubectl
container. Updating playbooks accordingly.
2017-02-07 15:20:34 +01:00
Matthew Mosesohn
f3a0f73588
Prevent dynamic port allocation in nodePort range
...
kube_apiserver_node_port_range should be accessible only
to kube-proxy and not be taken by a dynamic port allocation.
Potentially temporary if https://github.com/kubernetes/kubernetes/issues/40920
gets fixed.
2017-02-06 20:01:16 +03:00
Sergii Golovatiuk
5122697f0b
Improve Weave
...
- Remove weave CPU limits from .gitlab-ci.yml. Closes : #975
- Fix weave version in documentation
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-06 13:24:40 +01:00
Antoine Legrand
bd1c764a1a
Merge pull request #963 from rutsky/bastion-ansible-host
...
handle both 'ansible_host' and 'ansible_ssh_host' in bastion configration
2017-02-04 15:42:39 -05:00
Brad Beam
df3e11bdb8
Adding EFK logging stack
2017-02-03 16:27:08 -06:00
Bogdan Dobrelya
5a7a3f6d4a
Merge pull request #949 from vmtyler/master
...
Fixes Support for OpenStack v3 credentials
2017-02-03 12:22:00 +01:00
Vladimir Rutsky
b4327fdc99
handle both 'ansible_host' and 'ansible_ssh_host' in bastion configuration
...
'absible_ssh_host' is deprecated in Ansible 2.0 and at least
'contrib/inventory_builder/inventory.py' uses 'ansible_host' instead.
2017-02-02 18:34:53 +03:00
Matthew Mosesohn
10f924a617
Merge pull request #927 from holser/nsenter_fix
...
Remove nsenter workaround
2017-02-02 18:18:15 +03:00
Matthew Mosesohn
3dd6a01c8b
Merge pull request #901 from galthaus/dns-tweak
...
DHCP Hook protections
2017-02-02 16:47:16 +03:00
Sergii Golovatiuk
585afef945
Remove nsenter workaround
...
- Docker 1.12 and further don't need nsenter hack. This patch removes
it. Also, it bumps the minimal version to 1.12.
Closes #776
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-02 14:38:11 +01:00
Sergii Golovatiuk
f2e4ffcac2
Fix weave-net after upgrade to 1.82
...
- Set recommended CPU settings
- Cleans up upgrade to weave 1.82. The original WeaveWorks
daemonset definition uses weave-net name.
- Limit DS creation to master
- Combined 2 tasks into one with better condition
2017-02-02 10:31:58 +01:00
Matthew Mosesohn
ae66b6e648
Merge pull request #957 from mattymo/weave-net-naming
...
Rename weave-kube to weave-net
2017-02-02 10:18:02 +03:00
Greg Althaus
923057c1a8
This continues the DHCP hook checks. Also protect the create side
...
if the system doesn't have any config files at all.
2017-01-31 09:56:27 -06:00
Matthew Mosesohn
0f6e08d34f
Merge pull request #951 from mattymo/k8s-certs-scale
...
Fix cert distribution at scale
2017-01-31 18:49:26 +03:00
Matthew Mosesohn
4889a3e2e1
Merge pull request #954 from artem-panchenko/improve_dnsmasq
...
Explicitly set config path for DNSMasq
2017-01-31 18:48:46 +03:00
Matthew Mosesohn
39d87a96aa
Rename weave-kube to weave-net
...
Cleans up upgrade to weave 1.82. The original WeaveWorks
daemonset definition uses weave-net name.
2017-01-31 18:47:27 +03:00
Matthew Mosesohn
08822ec684
Fix cert distribution at scale
...
Use stdin instead of bash args to pass node filenames and base64 data.
Use tempfile for master cert data
2017-01-31 16:27:45 +03:00
Matthew Mosesohn
6463a01e04
Merge pull request #880 from bradbeam/weave-kube
...
Weave kube
2017-01-31 13:31:09 +03:00
Artem Panchenko
1418fb394b
Explicitly set config path for DNSMasq
...
When DNSMasq is configured to read its settings
from a folder ('-7' or '--conf-dir' option) it only
checks that the directory exists and doesn't fail if
it's empty. It could lead to a situation when DNSMasq
is running and handles requests, but not properly
configured, so some of queries can't be resolved.
2017-01-31 12:14:57 +02:00
Matthew Mosesohn
e4eda88ca9
Merge pull request #944 from tureus/skip-cloud-config-on-etcd
...
Bugfix: skip cloud_config on etcd
2017-01-30 20:12:36 +03:00
Brad Beam
a11b9d28bd
Upgrading weave to weave-kube
2017-01-27 17:05:25 -06:00
Brad Beam
b54eb609bf
Consolidating kube.py module
2017-01-27 11:28:11 -06:00
Tyler Britten
f8ffa1601d
Fixed for non-null output
2017-01-27 10:47:59 -05:00
Tyler Britten
da01bc1fbb
Updated OpenStack vars to check for tenant_id (v2) and project_id (v3)
2017-01-27 10:26:20 -05:00
Xavier Lange
e5fdc63bdd
Bugfix: skip cloud_config on etcd
2017-01-25 14:09:21 -08:00
Aleksandr Didenko
46c177b982
Switch to ansible_hostname in calico
...
For consistancy with kubernetes services we should use the same
hostname for nodes, which is 'ansible_hostname'.
Also fixing missed 'kube-node' in templates, Calico is installed
on 'k8s-cluster' roles, not only 'kube-node'.
2017-01-25 11:49:58 +01:00
Matthew Mosesohn
f4b7474ade
Merge pull request #926 from adidenko/fix-calico-rr-for-masters
...
Fix calico-rr peering with k8s masters
2017-01-24 12:38:52 +03:00
Alexander Block
9bf792ce0b
Pin docker version on RedHat and CentOS to the desired version
2017-01-23 12:39:54 +01:00
Aleksandr Didenko
f05aaeb329
Fix calico-rr peering with k8s masters
...
Calico-rr is broken for deployments with separate k8s-master and
k8s-node roles. In order to fix it we should peer k8s-cluster
nodes with calico-rr, not just k8s-node. The same for peering
with routers.
Closes #925
2017-01-23 10:19:09 +01:00
Matthew Mosesohn
8ce32eb3e1
Merge pull request #905 from galthaus/async-runs
...
Add tasks to ensure that the first nodes have their directories for cert gen
2017-01-19 18:32:27 +03:00
Matthew Mosesohn
aae0314bda
Merge pull request #904 from galthaus/nginx-port-config
...
Add nginx local balancer port configuration variable
2017-01-19 18:31:57 +03:00
Matthew Mosesohn
35d5248d41
Merge pull request #913 from galthaus/apps-master-only
...
Ansible apps should only check for api-server running on the master.
2017-01-19 18:30:58 +03:00
Matthew Mosesohn
0ccc2555d3
Merge pull request #917 from mattymo/rkt_resolvconf
...
Fix setting resolvconf when using rkt deploy mode
2017-01-19 18:30:21 +03:00
Matthew Mosesohn
b26a711e96
Merge pull request #916 from mattymo/update_ansible
...
Update Ansible to 2.2.1
2017-01-19 18:13:45 +03:00
Matthew Mosesohn
2218a052b2
Merge pull request #921 from mattymo/docker113
...
Add docker 1.13, update 1.12 to 1.12.6
2017-01-19 18:13:21 +03:00
Matthew Mosesohn
33fbcc56d6
Add docker 1.13, update 1.12 to 1.12.6
...
Fixes #903
2017-01-19 13:58:36 +03:00
Sergii Golovatiuk
61d05dea58
Allow to specify number of concurrent DNS queries
...
ndots creates overhead as every pod creates 5 concurrent connections
that are forwarded to sky dns. Under some circumstances dnsmasq may
prevent forwarding traffic with "Maximum number of concurrent DNS
queries reached" in the logs.
This patch allows to configure the number of concurrent forwarded DNS
queries "dns-forward-max" as well as "cache-size" leaving the default
values as they were before.
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-01-19 11:47:37 +01:00
Matthew Mosesohn
8a821060a3
Update Ansible to 2.2.1
2017-01-19 13:46:46 +03:00