C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
4776 commits 17 branches 66 tags 141 MiB
Commit graph

3055 commits

Author SHA1 Message Date
Joost Cassee
f2635776cd Make Calico Felix log level configurable (#3781) 2018-11-28 00:55:01 -08:00
Chad Swenson
b59d5c35bc Fix kubeadm_controller_extra_args (#3778) 2018-11-27 19:30:43 -08:00
Michal Belica
8331f7b056 Add support for setting custom node taints (#3774) 
Introduced variable node_taints which can be set in inventory for
specific hosts or in group_vars, which generates --register-with-taints
command line argument for kubelet.
 2018-11-27 15:56:49 -08:00
Erwan Miran
551317f1cd Fix docker_options jinja syntax (#3770) 2018-11-27 07:13:15 -08:00
Rong Zhang
ddc19f43ba Add cloud provider config to kubeadm deployments (#3766) 2018-11-27 05:03:03 -08:00
Michal Belica
993b8e2791 Add support to set tolerations for ingress-nginx (#3742) 
Introduced variable `ingress_nginx_tolerations` to set custom
tolerations for Ingress nginx daemonset, to be able to schedule
ingress-nginx on dedicated nodes with taints.
 2018-11-27 03:30:16 -08:00
Egor
9a5438ce2f Fix kubeadm-config: add kube_network_node_prefix (#3761) 2018-11-27 00:12:16 -08:00
Erwan Miran
d33434647b Fix node selector for contiv etcd proxy (#3765) 2018-11-27 00:10:33 -08:00
Rong Zhang
02169e8f85 Upgrade kubernetes to 1.12.3 (#3767) 2018-11-26 23:22:15 -08:00
Aivars Sterns
b07e93e08b
Merge pull request #3754 from MiaoZhou/fix-aws-node-label-error 
Fix AWS Node Labels Error
 2018-11-27 09:09:54 +02:00
Andreas Krüger
bad886ca9b Update defaults to match k8s 1.12 suggestions (#3760) 
* Update defaults to match k8s 1.12 suggestions

* Test if Netchecker works with node ip instead of localhost

* Update defaults to ipvs and coredns

* Update defaults for kube_apiserver_insecure_port

* Update main.yaml
 2018-11-26 15:36:39 -08:00
okamototk
967a042321 Add flag to deploy container engine manually. (#3753) 
This feature was removed by PR#3061. But change flag manage_docker to deploy_container_engine.
 2018-11-26 07:26:40 -08:00
Miao Zhou
a585318b1a Fix Sync Container Permission (#3752) 
When `ansible_user` is not root, using `-b` option.
And with `download_run_once` and `download_localhost` set `true`.

Ansible will executes `container_download | upload container images to nodes` task.

It uses rsync to upload images to `/tmp/release/container/`, but the
`container` directory owned by `root`.
 2018-11-26 07:00:34 -08:00
Erwan Miran
b15e685a0b sysctl related PodSecurityPolicy spec since 1.12 (#3743) 2018-11-26 00:13:51 -08:00
Miao Zhou
885c6cff71 Fix AWS Node Labels Error 
Now the `kubespray-aws-inventory.py` script always set a node_labels key
to ansible_host.

When AWS instance did not set property labels, it would be an empty
string.

The TASK `Write kubelet config file (kubeadm or non-kubeadm)` will
failed with a msg:

`AnsibleUndefinedVariable: 'unicode object' has no attribute 'items'`.
 2018-11-23 17:37:41 +08:00
okamototk
c5e425b02b Support Metrics Server as addon (#3560). (#3563) 
* Support Metrics Server as addon (#3560).

* Update metrics server v0.3.1.

* Add metrics server test.

* Replace metrics server manifests with kubernetes/cluster/addons's.

* Modify metrics server manifests for kubespray.

* Follow PR#3558 node label node-role.kubernetes.io/master change

* Fix metrics server parameters base_metrics_server_... to metrics_server_...

* Fix too hard corded metrics_server_memory_per_node

* Add configurable insecure tls for metrics-apiservice

* Downloadable addon-resizer and extract parameter as variables

* Remove metrics server version from deployment name

* Metrics Server work when all masters has node role

* Download metrics-server and add-resizer container only on master

* ServiceAccount and ConfigMap is separated and fix application name

* Remove old metrics server clusterrole template

* Fix addon-resizer image specify

* Make InternalIP default for metrics_server_kubelet_preferred_address_types

Make InternalIP default because multiple preferrred address types does not work.
 2018-11-23 00:36:21 -08:00
Egor
3fa81bb86e Fix dns-autoscaler nodeAffinity: set to empty (#3747) 2018-11-22 05:29:09 -08:00
Egor
5daadc022d Fix: nodeAffinity for coredns-deployment and kubedns-deployment (#3746) 2018-11-22 05:27:25 -08:00
Rong Zhang
0cfcd39d55 Switch to kubeadm deployment mode (#3461) 
* Switch to kubeadm deployment mode

Discuss:https://github.com/kubernetes-incubator/kubespray/issues/3301

* Add non-kubeadm upgrage to kubeadm cluster
 2018-11-21 01:35:40 -08:00
Wong Hoi Sing Edison
edfec26988 cert-manager: Upgrade to 0.5.2 (#3741) 
Upstream Changes:

-   cert-manager 0.5.2 (https://github.com/jetstack/cert-manager/releases/tag/v0.5.2)

Our Changes:

-   Templates sync with upstream manifests
 2018-11-20 05:13:01 -08:00
Matthew Mosesohn
daa290100c Fix helper script to refer to admin.conf as relative path (#3738) 2018-11-19 18:28:51 -08:00
Rong Zhang
b4eb25197b
Merge pull request #3730 from elementyang/pr-docker-options 
fix modify deprecated --graph flag
 2018-11-20 10:23:16 +08:00
Matthew Mosesohn
ac00d23b80 Skip etcd upgrade steps in kubeadm because it is not used (#3737) 2018-11-19 06:29:58 -08:00
Danny Kulchinsky
9ae2eefb9a Add resource-container flag to kube-proxy manifest (#3519) 
* Add resource-container flag to kube-proxy manifest

* add resourceContainer: "" to kubeadm kube-proxy configs
 2018-11-19 00:39:29 -08:00
Andreas Krüger
8c18f053aa Fix DNS Autoscaler for coredns_dual deployment (#3726) 
* Fix DNS Autoscaler for coredns_dual deployment

* Fix templating

* Fix templating again
 2018-11-19 00:35:53 -08:00
Oleg Dolya
2aefa25448 fix args peer router ips and asns (#3644) 2018-11-19 00:34:05 -08:00
Andreas Krüger
6e01c1e377 Fix missing run_once (#3733) 2018-11-18 21:39:29 -08:00
rongzhang
0e2d3fb923 Fix OpenSuse set hostname 2018-11-17 20:41:07 +08:00
Zohar Mamedov
af5e05d08d etcd_log_package_levels for /etc/etcd.env (#3700) 2018-11-16 23:59:40 -08:00
marcstreeter
c83bfc9df6 fix dns_prevent_single_point_failure variable (#3728) 
comparison that happens during `TASK [kubernetes-apps/ansible : Kubernetes Apps | Lay Down CoreDNS Template]` where the `dns-autoscaler` template is deployed causes coredns to fail deployment.  The error is caused by the variable `dns_prevent_single_point_failure` where an integer is being compared with a string. The resulting error:

```bash
'>' not supported between instances of 'int' and 'str'
```

prevents successful deployment of CoreDNS.  

The change makes the comparison happen between integers and allows CoreDNS to succeed.
 2018-11-16 23:57:47 -08:00
elementyang
1ebb670141 fix modify deprecated --graph flag 2018-11-17 14:22:14 +08:00
Johnny Halfmoon
53bde23a5e fixed ansible include/import inheritance issue (#3716) 2018-11-16 04:33:23 -08:00
Erwan Miran
1540bc9759 Fix patch type in kubectl patch for hostnameOverride (#3725) 2018-11-16 02:35:02 -08:00
Johnny Halfmoon
618ab93b42 added rpm caching for to docker repo (#3718) 2018-11-16 02:33:23 -08:00
Erwan Miran
3e6d0a50e8 Addition of the missing patch file hostnameOverride-patch.json from PR#3708 (#3714) 2018-11-15 10:37:57 -08:00
Matthew Mosesohn
ff09141a14 Retry kubeadm proxy and secondary master init tasks (#3715) 
Due to suboptimal external loadbalancer configs, the LoadBalancer
might point to a downed kube-apiserver that is not set up yet.
 2018-11-15 10:03:23 -08:00
Arslanbekov Denis
d188876a91 Added feature-gates flags in kubelet.env (for kubeadm) (#3713) 2018-11-15 10:01:53 -08:00
Andreas Krüger
6f6274d0d9 Update CoreDNS, KubeDNS and Autoscaler to newest templates (#3711) 
* Update DNS Autoscaler to latest

* Update CoreDNS to latest

* Update KubeDNS to latest

* Add KubeDNS config map

* Fix filename

* Add missing selector to DNS Autoscaler

* Add missing tolerations
 2018-11-15 09:52:12 -08:00
Andreas Krüger
17f07e2613 Enable DNS AutoScaler for CoreDNS (#3707) 
* Enable AutoScaler for CoreDNS

* Only use one template for dns autoscaler

* Rename a few variables for replicas and minimum pods

* Rename a few variables for replicas and minimum pods

* Remove replicas to make autoscale work

* Cleanup kubedns-autoscaler as it has been renamed
 2018-11-15 01:28:03 -08:00
Wong Hoi Sing Edison
9ebdf0e3cf weave: Upgrade to 2.5.0 (#3660) 
* weave: Upgrade to 2.5.0

Upstream Changes:

-   weave 2.5.0 (https://github.com/weaveworks/weave/releases/tag/v2.5.0)
-   Adds support for Kubernetes `hostPort` mapping
-   Adds support for Kubernetes `ipBlock` NetworkPolicy feature

Our Changes:

-   Templates sync with upstream manifests
-   Remove legacy nodePort fix

* BC for weave < 2.5.0
 2018-11-14 23:38:51 -08:00
Andreas Krüger
730caa3d58 Add PriorityClasses on the last master. (#3706) 2018-11-14 15:59:20 -08:00
Mark Eisenblätter
7deb842030 calico-node: add prometheus annotations (#3645) 
add prometheus annotations to calico-node if
calico_felix_prometheusmetricsenabled is enabled.

This will allow a kubernetes_sd to automaticly find the pods and start
scraping.
 2018-11-14 15:01:35 -08:00
Andreas Krüger
931c76e58f Add DNS entries to node certs (#3710) 2018-11-14 13:58:17 -08:00
Erwan Miran
3fafa583d1 hostnameOverride on a per-node basis (#3708) 2018-11-14 09:37:53 -08:00
Ryler Hockenbury
d8e9b0f675 Netchecker version and namespace (#3705) 
* Revert netchecker image and version

* Create namespace for netchecker

* Remove extra slashes
 2018-11-14 09:27:45 -08:00
Dann
98d766c68e Moves apiserver port to bindPort when using controlPlaneEndpoint (#3449) 2018-11-14 00:23:30 -08:00
Bort Verwilst
d3ef41b603 Upgrade helm from 2.9 to 2.11 (#3638) 2018-11-13 11:24:29 -08:00
Arnaud MAZIN
633bfa7ebc Bring static tokens and user back to 1.12 (#3593) 2018-11-13 10:25:59 -08:00
Andreas Krüger
afc3f7dce4 Create certificates for each node too (#3698) 2018-11-13 07:10:59 -08:00
Ryler Hockenbury
e8901a2422 Apply linux node selector to coreDNS deployment (#3688) 
* Apply linux node selector to coreDNS deployment

* Remove comment before linux node selector on manifests

* mend
 2018-11-13 04:54:15 -08:00
Wilmar den Ouden
c888de8b38 fix: Coredns tag wasn't updated in #3619 (#3634) 2018-11-13 00:30:29 -08:00
Miao Zhou
fefa1670a6 fix calico_version wrong get (#3694) 
the ':' makes wrong return of calico_version after the calicoctl downloaded && before the cluster is up
 2018-11-12 07:35:21 -08:00
Antoine Legrand
3dcb914607 Remove Vault (#3684) 
* Remove Vault

* Remove reference to 'kargo' in the doc

* change check order
 2018-11-10 08:51:24 -08:00
Bily Zhang
b2b421840c Fix some typos (#3690) 
Signed-off-by: mooncake <xcoder@tenxcloud.com>
 2018-11-10 15:53:58 +01:00
Egor
5c7eef70b4 Fix kube-router annotations: add conditions (#3670) 2018-11-09 08:15:27 -08:00
RuriRyan
c2710899ed Fixes network restart for Ubuntu Bionic Beaver (#3600) 
As Ubuntu Bionic Beaver uses systemd-networkd the step fails
if it tries to restart networking, as it is nonexistent.
 2018-11-09 08:13:57 -08:00
Igor Ivanov
e5d07f3a3d use force umount when reset cluster (#3672) 
reset role hang and can't umount PersistenceVolume (ceph cluster)
 2018-11-09 02:30:55 -08:00
Giacomo Longo
9f7c2b08a5 Idempotency fixes to roles/pre-upgrade (#3497) 2018-11-07 16:31:29 -08:00
Erwan Miran
a6932b6b81 Install ipvsadm when kube_proxy_mode is ipvs (#3548) 2018-11-07 14:04:11 -08:00
Erwan Miran
77d705ca9f cluster_name is to be set in initConfiguration too (#3661) 2018-11-07 12:41:11 -08:00
Erwan Miran
1e22c83f0f kube_override_hostname must be in kubernetes/master role defaults (#3647) 2018-11-07 12:38:19 -08:00
Erwan Miran
1ad1e80ae3 Checking new CA key presence is not relevant to determine if kubeadm has already run (#3653) 2018-11-07 11:46:11 -08:00
Anton Patsev
dfdf530723 Fix work yum in Install packages requirements for bootstrap (#3630) 
* Fix Failure talking to yum: Cannot find a valid baseurl for repo: base/7/x86_64 if Install packages in CentOS using proxy

* Add proxy to /etc/yum.conf if http_proxy is defined
 2018-11-06 22:44:37 -08:00
Lear Li
33f33a7358 Fix docker-storage was not found issue (#3584) 2018-11-06 17:50:14 -08:00
Kuldip Madnani
113dd2146a Added some minor changes to the docker orphan clean up process. (#3657) 
* Added changes to clean up orphan containers and reload docker & kubelet directories.

* Added new files for cleaning up orphans and docker & kubelet directories

* Added new lines at the end of these files

* removed the trailing whitespaces from main.yml and clean-up.yml

* Updated as per the review comments

* Updated as per the review comments

* Removed service_facts and package_facts because they are not supported in ansible 2.4.0

* Corrected yaml syntax errors

* Removed the use of json_query filter and utilized selectattr

* Removed trailing spaces

* Changed the default value of docker_clean_up to false

* Added Changes to only include cleanup-docker-orphans.sh

* Reverted back changes done inside handler.

* Removed trailing spaces and made default value of docker_orphan_clean_up as true

* Reverted the default value of docker_orphan_clean_up as false

* Made the docker clean up as drop in

* Made the docker clean up as drop in

* Reverted the value of boolean docker_orphan_clean_up to false

* Converted ExecStop to ExecSTartPost. Removed the live restore check from the orphan script
 2018-11-06 16:50:19 -08:00
Erwan Miran
14c2df0418 Replace raw module with shell to avoid warning (#3652) 2018-11-06 11:07:11 -08:00
Wilmar den Ouden
b316518864 Bump coredns to 1.2.6 (#3641) 2018-11-06 05:58:20 -08:00
Bily Zhang
6c14f35f00 Fix some typos (#3636) 
Signed-off-by: mooncake <xcoder@tenxcloud.com>
 2018-11-05 15:22:16 -08:00
Louis Woods
bc9e14a762 Adds support for Multus (multiple interfaces) CNI plugin (#3166) 
* Adds support for Multus (multiple interfaces) CNI plugin

Multus is a latin word for "Multi". As the name suggests, it acts as a
Multi plugin in Kubernetes and provides multiple network interface
support in a pod. Multus uses the concept of invoking delegates by
grouping multiple plugins into delegates and invoking them in the
sequential order of the CNI configuration file provided in json format.

* Change CNI version (0.1.0->0.3.1) of Contiv to be compatible with Multus
 2018-11-04 01:07:38 -08:00
ankitcharolia
9c83551a0e add certificate authority file (#3433) 2018-11-02 08:27:53 -07:00
Rong Zhang
99c139dd5a
Merge pull request #3621 from elementyang/pr-check-docker-packages 
fix modify the way of the command 'yum remove xxx', e.g. docker-selin…
 2018-11-02 18:48:33 +08:00
Matthew Mosesohn
2ba4e9bda5 Skip most of kubernetes/preinstall role during late DNS config (#3627) 
When using resolvconf_mode host_resolvconf, there is an early DNS
config stage where Kubernetes cluster DNS is not injected for host
DNS intially. Later, the cluster DNS is enabled, but we do not
need to run every task from the kubernetes/preinstall role.
 2018-11-01 08:08:50 -07:00
Robert Liotta
2a00c931e4 Added the missing environment for proxy for get_url (#3603) 
* Added the missing environment for proxy for get_url

* Update upgrade.yml

* Fixed spaces

* Fixed spaces

* Update upgrade.yml
 2018-11-01 06:20:57 -07:00
Wong Hoi Sing Edison
1e6ad5acb6 Fixup #3595: coredns: Upgrade to v1.2.5 (#3619) 
Upstream Changes:

   - coredns v1.2.5 (https://github.com/coredns/coredns/releases/tag/v1.2.5)

NOTE:

   - Switch image repo to https://hub.docker.com/r/coredns/coredns/ (https://github.com/kubernetes-incubator/kubespray/pull/3595#issuecomment-433962973)
 2018-11-01 06:05:17 -07:00
Matthew Mosesohn
bc74a37696 Calculate etcd client cert serial for appropriate groups (#3605) 
Standalone etcd nodes do not generate node-$hostname certs and do
not need this serial calculated.
 2018-11-01 05:50:26 -07:00
Yumo Yang
5da18854a3 fix modify the way of the command 'yum remove xxx', e.g. docker-selinux and docker-engine-selinux packages 2018-10-31 17:16:35 +08:00
Dmitriy Zinin
d269e7f46c cilium v1.3.0 (#3564) 2018-10-31 00:42:56 -07:00
Anton Patsev
8c636f67af Added support proxy to 'Install pip for bootstrap' (#3609) 2018-10-31 00:35:57 -07:00
Louis
a84508d6b9 remove deprecated parameters of blockinfile module (#3581) 2018-10-30 05:56:58 -07:00
Rong Zhang
22c234040e
Merge pull request #3608 from xichengliudui/fix181030 
Correct the wrong word
 2018-10-30 20:52:02 +08:00
xichengliudui
306c61a968 Remove duplicate words 2018-10-30 04:51:36 -04:00
wilmardo
2149bfbc5b Revert "CoreDNS v1.2.5 (#3595)" 
This reverts commit 8ba6b601b0.
 2018-10-29 16:33:52 +01:00
Bart Laarhoven
0acb823d96 Distribute node etcd certificates like it's done in kubernetes/secrets (#3486) 
* do it like in kubernetes/secrets

* fix indentation

* processed comments

* missed one, sorry

* trailing space fix
 2018-10-29 11:45:32 +01:00
Dmitriy Zinin
8ba6b601b0 CoreDNS v1.2.5 (#3595) 2018-10-29 03:20:03 -07:00
Yumo Yang
8371beb915 fix bootstrap os_family error in multi-plantform (#3594) 2018-10-29 09:37:30 +01:00
Rong Zhang
b39b32a48c Fix set coreos hostname failed (#3599) 
need set hostname by kubeadm
 2018-10-29 00:59:25 -07:00
Rong Zhang
dbe99b59a7 Upgrade kubernetes to v1.12.2 (#3597) 2018-10-29 00:58:24 -07:00
Rong Zhang
7abd4eeafd
Merge pull request #3578 from LinuxGit/Louis/fix-typo 
fix typo
 2018-10-24 13:45:31 +08:00
Aivars Sterns
ce2a3a80db
Merge pull request #3577 from fritchie/master 
Add bin_dir to kubectl version check
 2018-10-24 08:33:03 +03:00
Erwan Miran
79bf74e90f Offline deployment: PyPi repo (#3542) 2018-10-23 22:22:09 -07:00
Erwan Miran
4f12ba00d1 Fix calico peering with router(s) (#3547) 2018-10-23 22:19:50 -07:00
Louis
93104d9224 fix typo 2018-10-24 11:39:15 +08:00
Frank Ritchie
b5f4a79365 Add bin_dir to kubectl version check 2018-10-23 15:51:17 -04:00
Matthew Mosesohn
7e84de2ae1 Purge /root/.kube/config when migrating to kubeadm (#3566) 2018-10-23 05:09:11 -07:00
Wong Hoi Sing Edison
06e1f81801 ingress-nginx: Upgrade to 0.20.0 (#3565) 
Upstream Changes:

-   ingress-nginx 0.20.0 (https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.20.0)

Our Changes:

-   Sync templates with upstream changes
 2018-10-23 05:08:03 -07:00
Egor
ccc3f89060 Add kube-router annotations (#3533) 2018-10-21 00:35:52 -07:00
Maxim Makarov
8a17de327e Not necessary run on Nginx proxy all cpu cores (#3559) 2018-10-20 13:56:53 -07:00
Erwan Miran
3b787123e3 Fix tasks to avoid ansible warning about raw module environment (#3545) 2018-10-20 07:13:54 -07:00
Matthew Mosesohn
127969d65f Align node-role value for kubeadm compatibility (#3558) 
kubeadm sets node label node-role.kubernetes.io/master=''
and this is not configurable. We should use it everywhere.
 2018-10-20 07:12:54 -07:00
Antoine Legrand
2a3aa591e0
Download role (#3553) 
* codestyle tests

* Download destination can be different than local_release_dir
 2018-10-20 13:56:55 +02:00
Matthew Mosesohn
4bdd0ce417 Allow kubeadm master untaint to fail (#3549) 2018-10-19 00:38:12 -07:00
JuanJo Ciarlante
66fddb2d52 [jjo] upgrade kube-router to v0.2.1 (#3535) 
kube-router v0.2.1 highlights from changelog:
- IPv6 WIP but pretty close to full working functionality
- fully support network policy semantics with addition of support for
  ipblock and except
 2018-10-18 00:09:42 -07:00
Erwan Miran
87193fd270 Fix ansible syntax to avoid ansible warnings (one more) (#3536) 
* warning on meta flush_handlers

* avoid rm

* avoid "Module remote_tmp /root/.ansible/tmp did not exist and was created with a mode of 0700, this may cause issues when running as another user. To avoid this, create the remote_tmp dir with the correct permissions manually" warning on subsequent tasks using blockinfile

* is match
 2018-10-17 12:27:11 -07:00
Samina Fu
5a5cf15c04 Add clear ipvs virtual server table when reset k8s (#3530) 2018-10-16 16:29:43 -07:00
Erwan Miran
4d2b6b71f2 Fix contiv api certificate generation (#3531) 2018-10-16 15:34:33 -07:00
Erwan Miran
7bec169d58 Fix ansible syntax to avoid ansible deprecation warnings (#3512) 
* failed

* version_compare

* succeeded

* skipped

* success

* version_compare becomes version since ansible 2.5

* ansible minimal version updated in doc and spec

* last version_compare
 2018-10-16 15:33:30 -07:00
Erwan Miran
bfd4ccbeaa Calico: Ability to define global peers (#3493) 2018-10-16 15:32:26 -07:00
Rong Zhang
76fe84fe93 Use imageRepository instead of the unifiedControlPlaneImage (#3484) 2018-10-16 07:26:04 -07:00
刘旭
cf4dd645a7 fix --etcd-servers-overrides invalid (#3470) 2018-10-16 07:25:03 -07:00
JuanJo Ciarlante
a5edd0d709 [jjo] add kube-router support (#3339) 
* [jjo] add kube-router support

Fixes cloudnativelabs/kube-router#147.

* add kube-router as another network_plugin choice
* support most used kube-router flags via
  `kube_router_foo` vars as other plugins
* implement replacing kube-proxy (--run-service-proxy=true) via
  `kube_proxy_mode: none`, verified in a _non kubeadm_enabled_
  install, should also work for recent kubeadm releases via
  `skipKubeProxyInstall: true` config

* [jjo] address PR#3339 review from @woopstar

* add busybox image used by kube-router to downloads

* fix busybox download groups key

* rework kubeadm_enabled + kube_router_run_service_proxy

- verify it working ok w/the kubeadm_enabled and
  kube_router_run_service_proxy true or false

- introduce `kube_proxy_remove` fact, to decouple logic
  from kube_proxy_mode (which affects kubeadm configmap
  settings, thus no-good to ab-use it to 'none')

* improve kube-router.md re: kubeadm_enabled and kube_router_run_service_proxy

* address @woopstar latest review

* add inventory/sample/group_vars/k8s-cluster/k8s-net-kube-router.yml

* fix kube_router_run_service_proxy conditional for kube-proxy removal

* fix kube_proxy_remove fact (w/ |bool), add some needed kube-proxy tags on my and existing changes

* update kube-router tolerations for 1.12 compatibility

* add PriorityClass to kube-router DaemonSet
 2018-10-16 07:15:05 -07:00
anarcat
c33e08c3fa show FQDN first in /etc/hosts (closes: #3521) (#3522) 
The hosts(5) manpage clearly states that the first entry is the
"canonical name", or FQDN (Fully-Qualified Domain Name):

    IP_address canonical_hostname [aliases...]

By using the alias as a first entry, `hostname -f` does not return the
correct domain which breaks all sorts of unrelated functionality (it
has impact over email server configuration, for example).
 2018-10-16 03:55:55 -07:00
Aivars Sterns
9b773185c3
Merge pull request #3184 from oracle/new_oci_controls 
Add new OCI cloud controls
 2018-10-16 11:29:13 +03:00
Erwan Miran
b4e2b85745 Replace shell with command in order to allow the task to fail when openssl x509 does return zero (#3516) 2018-10-15 23:48:12 -07:00
Erwan Miran
fcd8d850dc Fix ansible syntax to avoid ansible warnings (again) (#3509) 
* Fix ansible syntax to avoid ansible warnings (again)

* warn: false on tar -cfz

* wrong placement of warn:false
 2018-10-15 23:47:04 -07:00
Erwan Miran
6549b8f8ae Ability to define the asNumber on a per node basis when route reflectors are not used in order to peer directly with routers (#3492) 2018-10-15 23:44:49 -07:00
Rong Zhang
1ea7ec3189 Fix nginx_config_dir value not defined when use reset.yml (#3524) 2018-10-15 01:46:55 -07:00
JuanJo Ciarlante
4077934519 [jjo] add DIND support to contrib/ (#3468) 
* [jjo] add DIND support to contrib/

- add contrib/dind with ansible playbook to
  create "node" containers, and setup them to mimic
  host nodes as much as possible (using Ubuntu images),
  see contrib/dind/README.md

- nodes' /etc/hosts editing via `blockinfile` and
  `lineinfile` need `unsafe_writes: yes` because /etc/hosts
  are mounted by docker, and thus can't be handled atomically
  (modify copy + rename)

* dind-host role: set node container hostname on creation

* add "Resulting deployment" section with some CLI outputs

* typo

* selectable node_distro: debian, ubuntu

* some fixes for node_distro: ubuntu

* cpu optimization: add early `pkill -STOP agetty`

* typo

* add centos dind support ;)

* add kubespray-dind.yaml, support fedora

- add kubespray-dind.yaml (former custom.yaml at README.md)
- rework README.md as per above
- use some YAML power to share distros' commonality
- add fedora support

* create unique /etc/machine-id and other updates

- create unique /etc/machine-id in each docker node,
  used as seed for e.g. weave mac addresses

- with above, now netchecker 100% passes WoHooOO!
  🎉 🎉 🎉

- updated README.md output from (1.12.1, verified
  netcheck)

* minor typos

* fix centos node creation, needs earlier udevadm removal to avoid flaky facts, also verified netcheck Ok \o/

* add Q&D test-distros.sh, back to manual /etc/machine-id hack

* run-test-distros.sh cosmetics and minor fixes

* run-test-distros.sh: $rc fix and minor formatting changes

* run-test-distros.sh output cosmetics
 2018-10-15 09:44:02 +02:00
Kuldip Madnani
fd422a0646 Add Priority class for tiller and fix tiller override. (#3494) 
* Added Priority class to tiller installation and also fixed tiller override implementation.

* Added changes to handle priority classes separately in tiller, instead of using the variable tiller_override
 2018-10-12 11:46:39 -07:00
Kuldip Madnani
d7bb4d954a Handling docker clean up during docker upgrade and docker config changes. (#3321) 
* Added changes to clean up orphan containers and reload docker & kubelet directories.

* Added new files for cleaning up orphans and docker & kubelet directories

* Added new lines at the end of these files

* removed the trailing whitespaces from main.yml and clean-up.yml

* Updated as per the review comments

* Updated as per the review comments

* Removed service_facts and package_facts because they are not supported in ansible 2.4.0

* Corrected yaml syntax errors

* Removed the use of json_query filter and utilized selectattr

* Removed trailing spaces

* Changed the default value of docker_clean_up to false

* Added Changes to only include cleanup-docker-orphans.sh

* Reverted back changes done inside handler.

* Removed trailing spaces and made default value of docker_orphan_clean_up as true

* Reverted the default value of docker_orphan_clean_up as false

* Made the docker clean up as drop in

* Made the docker clean up as drop in

* Reverted the value of boolean docker_orphan_clean_up to false
 2018-10-12 10:29:51 -07:00
Loic Gouarin
36322901a6 fix kube-controller-manager config with openstack-cacert (#3435) 2018-10-12 06:39:58 -07:00
Anupam Basak
3ce933051a calico CALICO_IPV4POOL_IPIP overriding variable (#3507) 2018-10-12 00:09:36 -07:00
Johann Queuniet
1911fe5ca8 fix nginx proxy configuration conflicts (#3489) 
* Allow configuration of nginx proxy config path

* Fix the internal nginx configuration location

Signed-off-by: Johann Queuniet <contact@lordran.net>
 2018-10-11 06:33:18 -07:00
Andreas Krüger
2117e8167d Update pre-install verify settings with network checks and etc. (#3504) 
* Update pre-install verify settings with network checks and etc.

* Remove upstream dns server check. It's bogus
 2018-10-11 06:28:21 -07:00
Erwan Miran
dd5327ef9e Fix ansible syntax to avoid ansible warnings (#3499) 2018-10-11 00:45:00 -07:00
Andreas Krüger
cdce8c81da Update CoreDNS templates to newest version and fix kubedns-autoscaler (#3483) 
* Update CoreDNS templates to newest version

* Add watch to ClusterRole. Fixes #3460
 2018-10-11 00:12:58 -07:00
Giacomo Longo
3f786542d3 Automatically infer bootstrap_os (#3498) 
* Automatically infer bootstrap_os

* Rename bootstrap os to os_family
 2018-10-10 23:32:10 -07:00
pastushenko
b35a9fcb04 #3475 - make dnsmasq to send queries to all servers in upstream. Make… (#3481) 
* #3475 - make dnsmasq to send queries to all servers in upstream. Make dnsmasq config file customizable.

* Code style fixes. Return current behaviour for dnsmasq strict-order flag.
 2018-10-09 23:29:06 -07:00
Antoine Legrand
c27a91f7f0 Split deploy steps in separate playbooks: part1 (#3451) 
* Fix bootstrap_os/ubuntu idempotency

* Update bastion role

* move container_engine in sub-roles

* requires ansible 2.5

* ubuntu18 as first CI job
 2018-10-09 19:14:33 -07:00
Erwan Miran
2ab2f3a0a3 Ability to define SSL certificates duration and SSL key size (#3482) 
* Ability to specify ssl certificate duration and ssl key size - etcd/secrets

* Ability to specify ssl certificate duration and ssl key size - helm/contiv + fix contiv missing copy certs generation script
 2018-10-09 04:43:30 -07:00
okamototk
c825f4d180 Untaint master when it has node role (#3466) 2018-10-09 01:40:43 -07:00
Andreas Krüger
7e195b06a6 Fix DNS loop when resolvconf_mode is set to host_resolvconf (#3390) 
* Fix DNS loop when resolvconf_mode is set to host_resolvconf

* Make sure upstream_dns_servers is defined when using resolvconf_mode == 'host_resolvconf'

* Only set upstream dns servers on KubeDNS and CoreDNS if they are defined

* Only set upstream dns servers on KubeDNS and CoreDNS if they are defined
 2018-10-08 07:08:51 -07:00
Dylan
30132d8c35 Removed hostname truncation. (#3409) 2018-10-08 05:14:01 -07:00
Matthew Mosesohn
4b7d59224d Fix tag based deploy of apps by skipping kubeadm dns tasks (#3462) 2018-10-08 01:22:57 -07:00
Rong Zhang
4f51607145 Upgrade kubernetes to v1.12.1 (#3463) 
https://github.com/kubernetes/kubernetes/issues/69214
 2018-10-07 13:33:13 -07:00
Chad Swenson
6602760a48 Support multiple local volume provisioner StorageClasses (#3450) 
- Local Volume StorageClass configuration is now manged by `local_volume_provisioner_storage_classes`, a list of maps that specifies local storage classes with `name` `host_dir` and `mount_dir` keys per entry
- Tasks and templates updated to loop through local volume storage classes
- Previous defaults for path/class names were not changed
- Fixed an issue where a `kubernetes/preinstall` was creating directories inconsistently with the `kubernetes-apps/external_provisioner/local_volume_provisioner` task
 2018-10-05 05:52:25 -07:00
Erwan Miran
9232261665 serviceaccounts is required in resources list of cluster role (#3455) 2018-10-04 11:32:37 -07:00
Rong Zhang
af97febb04 Upgrade kubernetes to v1.12.0 (#3410) 
* Upgrade kubernetes to v1.12.0

Use kubeadm v1alpha3 config

* Upgrade coredns and etcd

* Upgrage docker to 18.06
 2018-10-04 02:05:55 -07:00
Tupin Laurent
05dabb7e7b Fix Bionic networking restart error #3430 (#3431) 2018-10-02 03:10:52 -07:00
okamototk
66e304c41b Fixed Ubuntu 18.04's docker version(fixes #3424). (#3425) 2018-10-01 04:26:51 -07:00
LiuDui
192f7967c9 Remove excess space (#3421) 2018-10-01 00:09:45 -07:00
Luke Seelenbinder
3cfbc1a79a Add Pod IP to Flannel manifest. (#3379) 2018-10-01 00:06:13 -07:00
rboyapat
d9f495d391 Fix the dic iteration method in the kubelet template (#3415) 
* Fix the jinja expression for openstack_tenant_id

OS_PROJECT_ID is obsolete in keystone v3 and jinja expression
doesn't set openstack_tenant_id as expected because of
undefined env var. Fixed the expression.

* Fix the dic iteration method in the kubelet template

Kubelet template rendering errors when additional Node lables are
added and using Python3. Update the method to be compatible to both
python2/3

Node lables doesn't work
 2018-09-30 05:10:12 -07:00
SataQiu
71f6c018ce fix typo: remove repeated words(is) (#3419) 2018-09-29 21:04:43 -07:00
LiuDui
0401f4afff remove the redundant space (#3420) 2018-09-29 21:03:27 -07:00
Mikael Berthe
b4989b5a2a Fix netcheck agent/server image variable names (#3417) 
According to the documentation, container images are described
by vars like `foo_image_repo` and `foo_image_tag`.
The variables netcheck_{agent,server}_{img_repo,tag} do not
follow that convention.
 2018-09-29 20:44:01 -07:00
Rong Zhang
0232e755f3 Upgrade kubedns and kubednsautoscaler (#3407) 2018-09-28 01:20:08 -07:00
sangwook
0536125f75 Better fix for openstack cinder zone issue using ignore-volume-az option (#2980) 
* Better fix for openstack cinder zone issue[1][2]
using ignore-volume-az option[3].
[1]: https://github.com/kubernetes-incubator/kubespray/pull/2155
[2]: https://github.com/kubernetes-incubator/kubespray/pull/2346
[3]: https://github.com/kubernetes/kubernetes/pull/53523

* Remove kube-scheduler-policy.yaml
 2018-09-27 22:15:47 -07:00
Cédric de Saint Martin
53d87e53c5 All CNIs: support ANY toleration. (#3391) 
Before, Nodes tainted with NoExecute policy did not have calico/weave Pod.
Network pod should run on all nodes whatever happens on a specific node.

Also always set the Pods to be critical.
Also remove deprecated scheduler.alpha.kubernetes.io/tolerations annotations.
 2018-09-27 05:28:54 -07:00
Erwan Miran
232020ef96 skip-exists is an flag for create command, not for calicoctl (#3401) 2018-09-27 04:57:02 -07:00
Shida Qiu
8b8e534769 remove the redundant space (#3400) 2018-09-27 03:32:26 -07:00
arzarif
6b71229d3f Resolve issues associated with Calico deployment in policy-only mode. (#3392) 2018-09-27 03:31:14 -07:00
刘旭
145e5c8943 use copy and slurp module (#3313) 2018-09-27 02:12:02 -07:00
Victor Palma
dced082e5f fixes roles/docker/vars/ubuntu-bionic.yml points to xenial (#3395) 
* fixes: #3387
 2018-09-27 01:08:39 -07:00
Tupin Laurent
408faac3c9 Pip is required for vault #3376 (#3378) 
* Change execution order for pip

* Remove spaces
 2018-09-26 00:28:54 -07:00
Tupin Laurent
cd4a606cb1 UI is required for vault #3376 (#3377) 2018-09-26 00:27:38 -07:00
Kuldip Madnani
36898a2c39 Adding pod priority for all the components. (#3361) 
* Changes to assign pod priority to kube components.

* Removed the boolean flag pod_priority_assignment

* Created new priorityclass k8s-cluster-critical

* Created new priorityclass k8s-cluster-critical

* Fixed the trailing spaces

* Fixed the trailing spaces

* Added kube version check while creating Priority Class k8s-cluster-critical

* Moved k8s-cluster-critical.yml

* Moved k8s-cluster-critical.yml to kube_config_dir
 2018-09-25 07:50:22 -07:00
Andreas Krüger
d6ebe8c3e7 Sync manifests with kubeadm (#3383) 2018-09-24 02:17:18 -07:00
Rui Cao
02de35cfc3 Fix some typos (#3382) 
Signed-off-by: Rui Cao <ruicao@alauda.io>
 2018-09-23 06:33:17 -07:00
Sergey Magidovich
2197330727 Add check that kube-master, kube-node and etcd groups are not empty. 2018-09-21 17:02:53 +03:00
Anatoly Rugalev
8f85ea89fa Added download_validate_certs option which allows to disables SSL validation for file downloads 2018-09-21 11:51:17 +02:00
k8s-ci-robot
51a5f54fc4
Merge pull request #3335 from AtzeDeVries/fix/ubuntu-xenial-resolv-conf 
Fix/ubuntu xenial resolv conf
 2018-09-20 23:16:11 -07:00
Chris Randles
a1d6078d46 remove /var/lib/cni directory 2018-09-20 15:36:25 -04:00
k8s-ci-robot
7fd87b95cf
Merge pull request #3368 from woopstar/fedora_fix_1 
Fix CI issue (Fedora task introduce new lookup plugin)
 2018-09-20 08:16:22 -07:00
Rajitha Perera
e3d562bcdb Support for AWS cloud-config (#1465) 
* Support for AWS cloud-config

* Update docs

* Fix version incompatibilities

* Do not use shorthand `default`

* Add new cloud config variable, roleArn
 2018-09-20 16:31:28 +02:00
Andreas Kruger
442e6e55b6 Fix CI issue with Fedora 2018-09-20 15:45:15 +02:00
rongzhang
4d1055f5d5 Remove some useless files 2018-09-20 20:24:06 +08:00
k8s-ci-robot
68acdd71f1
Merge pull request #3172 from Atoms/additional-proxy 
Add additional no proxy parameter for more customization
 2018-09-20 03:26:29 -07:00
k8s-ci-robot
62b1ea2b48
Merge pull request #3360 from gabibbo97/master 
Support Fedora 28
 2018-09-20 02:22:53 -07:00
Andreas Kruger
09b67c1ad5 Remove EFK from Kubespray 2018-09-20 10:44:17 +02:00
k8s-ci-robot
8512cc5cca
Merge pull request #3280 from wozniakjan/openstack/openstack_cacert 
Check `openstack_cacert` for empty string
 2018-09-19 22:42:37 -07:00
k8s-ci-robot
3a65c66a3e
Merge pull request #3355 from wwt/rr-v3 
Uses etcdv3 for calico 3 rr_v4 resources
 2018-09-19 22:35:02 -07:00
Giacomo Longo
492b3e525d Support Fedora 28 2018-09-19 20:11:07 +02:00
Kevin Schuck
639010b3df Uses environment vars for etcd cert paths 2018-09-19 12:32:16 -05:00
k8s-ci-robot
34d1f0bff2
Merge pull request #3351 from woopstar/kubeadm_token_basic_auth_fix 
Mount basic auth or token auth dirs to support it on kubeadm deployments
 2018-09-19 07:50:43 -07:00
Jan Wozniak
a330b281e8 Check openstack_cacert for empty string 2018-09-19 16:37:24 +02:00
Kevin Schuck
6f9f80acee Uses etcdv3 for calico 3 rr_v4 resources 2018-09-19 09:22:52 -05:00
k8s-ci-robot
a8a62afd74
Merge pull request #3304 from kubernetes-incubator/gpu2 
Add support for GPU accelerator
 2018-09-19 07:12:32 -07:00
k8s-ci-robot
7fa682bdd5
Merge pull request #3342 from okamototk/fix_path_for_kubeadm_join 
Add kubelet path for kubeadm.
 2018-09-19 06:17:47 -07:00
Aivars Sterns
34019291b8
Merge pull request #3143 from jbcraig/add_os_trust_id 
add support for openstack trust to cloud provider config
 2018-09-19 16:07:03 +03:00
Antoine Legrand
08179018d4
Merge branch 'master' into gpu2 2018-09-19 15:02:51 +02:00
k8s-ci-robot
b796226869
Merge pull request #3325 from firaxis/configurable_felix_healthhost 
Make Felix healthhost configurable
 2018-09-19 06:02:29 -07:00
k8s-ci-robot
39c567de47
Merge pull request #3307 from kaarolch/upgrade_docs 
Calico version verification before cluster upgrade begin.
 2018-09-19 05:15:55 -07:00
k8s-ci-robot
da4cc74498
Merge pull request #3340 from wwt/master 
Fixes Calico 3.x BGPPeer resources
 2018-09-19 04:43:35 -07:00
Andreas Kruger
cac485756b Mount basic auth or token auth dirs to support it on kubeadm deployments 2018-09-19 13:21:58 +02:00
Andreas Kruger
c058e7a5ec Remove audit again from Kubeadm 1.10.x. Write mounts not supported untill 1.11 2018-09-19 13:15:14 +02:00
Andreas Kruger
e0ddabc463 Add support for kubelet_node_custom_flags 2018-09-19 12:58:06 +02:00
Andreas Kruger
940d2fdbb1 Add missing enforce-node-allocatable to kubelet for kubeadm deployments 2018-09-19 11:54:34 +02:00
Andreas Kruger
1c999b2a61 Move kube_kubeadm_controller_extra_args to controllerManagerExtraArgs section. It was placed in controllerManagerExtraVolumes 2018-09-19 11:24:19 +02:00
Andreas Kruger
8e37841a2e Add audit support to v1alpha1 of Kubeadm 2018-09-19 11:01:30 +02:00
Andreas Kruger
8d1c0c469c Added missing enable-aggregator-routing option 2018-09-19 10:58:46 +02:00
Andreas Kruger
26d7380c2e Sync manifests from non-kubeadm to kubeadm deploy 2018-09-19 10:01:45 +02:00
Takashi Okamoto
95703fb6f2 Add kubelet path for kubeadm. 2018-09-19 03:04:03 +00:00
Karol Chrapek
0121bce9e5 Instead of doc update, change the verify step 2018-09-18 22:13:15 +02:00
Kevin Schuck
fb1678d425 Ensures BGPPeer resource names are unique 2018-09-18 10:48:30 -05:00
Alex Yakovenko
884053aaa7
Make Felix healthhost configurable 2018-09-18 15:48:29 +03:00
k8s-ci-robot
3d27007750
Merge pull request #3329 from riverzhang/checksum 
Keep list of k8s checksums for hyperkube and kubeadm
 2018-09-18 02:42:59 -07:00
AtzeDeVries
4cbd97667d Merge remote-tracking branch 'upstream/master' into fix/ubuntu-xenial-resolv-conf 2018-09-18 09:51:46 +02:00
k8s-ci-robot
2730c90dcd
Merge pull request #3320 from riverzhang/kubelet 
Support dynamic kubelet config
 2018-09-18 00:16:04 -07:00
rongzhang
09a1bcb30b Keep list of k8s checksums for hyperkube and kubeadm 
Keep a list of checksums for kubeadm and hyperkube downloads.
Makes it easier to switch version
 2018-09-18 15:05:17 +08:00
rongzhang
77e08ba204 Support dynamic kubelet config 
https://kubernetes.io/blog/2018/07/11/dynamic-kubelet-configuration/
 2018-09-18 08:44:39 +08:00
Kevin Schuck
d3adf09bde Fixes BGPPeer resource for calico >= 3.0.0 2018-09-17 15:22:28 -05:00
Erwan Miran
afa2a5f1c4 enhanced reset for contiv 2018-09-17 16:46:19 +02:00
Erwan Miran
bcaf2f9ea3 contiv 1.2.1 2018-09-17 16:45:05 +02:00
k8s-ci-robot
d16b562b18
Merge pull request #3316 from mattymo/tiller_override_fix 
Fix tiller override command
 2018-09-17 05:12:05 -07:00
k8s-ci-robot
0538f8a70d
Merge pull request #3290 from riverzhang/fix-upgrade 
Fix upgrade k8s
 2018-09-17 04:26:47 -07:00
k8s-ci-robot
1a426ada3c
Merge pull request #3324 from alvistack/cert-manager-v0.5.0 
cert-manager: Upgrade to 0.5.0
 2018-09-17 04:20:56 -07:00
Wong Hoi Sing Edison
a544e54578 weave: Upgrade to 2.4.1 
Upstream Changes:

-   weave 2.4.1 (https://github.com/weaveworks/weave/releases/tag/v2.4.1)

Our Changes:

-   Templates sync with upstream manifests
 2018-09-17 17:09:19 +08:00
Wong Hoi Sing Edison
f34a6699ef cert-manager: Upgrade to 0.5.0 
Upstream Changes:

-   cert-manager 0.5.0 (https://github.com/jetstack/cert-manager/releases/tag/v0.5.0)

Our Changes:

-   Templates sync with upstream manifests
 2018-09-17 16:58:04 +08:00
AtzeDeVries
482857611a added extra var for ubuntu 18 netplan resolv 2018-09-17 09:01:55 +02:00
AtzeDeVries
8d8bbc294a fix for resolvconf in ubuntu18 2018-09-17 09:00:55 +02:00
k8s-ci-robot
7f91f6e034
Merge pull request #3287 from Kami-no/coredns_metrics 
Monitor CoreDNS over svc
 2018-09-16 23:39:59 -07:00
rongzhang
84c4c7dc82 Use synchronize module 2018-09-16 20:36:44 +08:00
rongzhang
1d4aa7abcc Fix upgrade k8s 2018-09-16 10:35:12 +08:00
Matthew Mosesohn
fe35c32c62 Fix tiller override command 2018-09-15 16:35:19 +03:00
Rong Zhang
aa0da221e9
Merge pull request #2880 from hfinucane/rh7-paths 
Fix #2261 by supporting Red Hat's limited PATH
 2018-09-15 19:27:22 +08:00
k8s-ci-robot
f1403493df
Merge pull request #3296 from rabi/fix_cilium_crio 
Add volume and volumeMount for crio-socket
 2018-09-15 03:23:02 -07:00
k8s-ci-robot
36901d8394
Merge pull request #3309 from ant31/fix_download_file 
Fix download file
 2018-09-15 03:18:23 -07:00
k8s-ci-robot
e6a2e34dd1
Merge pull request #3315 from riverzhang/upgrade-kubedns 
Upgrade kubedns to 1.14.11
 2018-09-15 02:08:20 -07:00
rongzhang
934d92f09c Upgrade kubedns to 1.14.11 2018-09-15 15:22:38 +08:00
k8s-ci-robot
5e59541faa
Merge pull request #3258 from okamototk/fix_kubectl_path 
absolute path for kubectl.
 2018-09-13 14:38:20 -07:00
Antoine Legrand
d94b7fd57c Don't download binary if docker is selected 2018-09-13 22:06:51 +02:00
k8s-ci-robot
9964ba77ee
Merge pull request #3305 from mattymo/fixup_upgrade 
Fixes for upgrade mode
 2018-09-13 12:57:23 -07:00
k8s-ci-robot
153661cc47
Merge pull request #3284 from mattymo/more_calico_legacy 
Put back legacy support for calico ippools and bgp settings
 2018-09-13 09:25:26 -07:00
Matthew Mosesohn
8becd905b8 Fixes for upgrade mode 
Uses correct flag for draining with a pod selector
Verifies minimum kubectl version for compatibility
 2018-09-13 18:42:01 +03:00
Matthew Mosesohn
c83350e597 refactor to base on calico_version 2018-09-13 18:05:10 +03:00
k8s-ci-robot
ffbe9e7fd8
Merge pull request #1973 from guenhter/rsync-cmd-to-synchronize 
Replace the raw rsync command with the synchronize module
 2018-09-13 03:12:05 -07:00
AtzeDeVries
91b02c057e Add support for GPU accelerator 2018-09-13 11:53:11 +02:00
Matthew Mosesohn
55d76ea3d8
Update install.yml 2018-09-13 12:04:53 +03:00
rabi
1df0b67ec1 Add volume and volumeMount for crio-socket 
This commit fixes #3295
 2018-09-13 14:34:44 +05:30
k8s-ci-robot
218e527363
Merge pull request #3243 from mirwan/helm_binary_should_be_installed_on_all_masters 
Install Helm client on all masters
 2018-09-13 00:39:36 -07:00
k8s-ci-robot
27fc391f71
Merge pull request #3291 from mirwan/remove_insecure-bind-address_when_insecure_port_is_0 
Remove --insecure-bind-address when insecure-port=0
 2018-09-13 00:34:39 -07:00
Matthew Mosesohn
1091e82327
Update install.yml 2018-09-12 22:15:46 +03:00
k8s-ci-robot
a5cc8537f9
Merge pull request #3283 from mattymo/more_upgrade_options 
Extra options for upgrade mode
 2018-09-12 10:50:33 -07:00
Matthew Mosesohn
d692737a13 Extra options for upgrade mode 
Optionally do not drain nodes by setting drain_nodes to false
Optionally set a labelselector to target which pods should be drained.
 2018-09-12 17:05:41 +03:00
Matthew Mosesohn
cc79125d3e
Update install.yml 2018-09-12 17:03:55 +03:00
k8s-ci-robot
a801e02cea
Merge pull request #3261 from mattymo/etcd_ssl_dir_perms 
Ensure etcd file permissions are correct when using vault
 2018-09-12 01:10:26 -07:00
Zinin D.A
29c7775ea1 Monitor CoreDNS over svc 2018-09-12 10:24:15 +03:00
k8s-ci-robot
cbf099de4d
Merge pull request #3285 from mirwan/fix_netchecker_sa_when_psp 
Fix wrong sa name in crb when psp is enabled
 2018-09-12 00:20:38 -07:00
k8s-ci-robot
c8630f46fd
Merge pull request #3286 from fritchie/master 
Change update strategy to RollingUpdate
 2018-09-12 00:18:05 -07:00
Erwan Miran
af74d85b7d Remove --insecure-bind-address when insecure-port=0 2018-09-12 08:22:11 +02:00
Chad Swenson
97e5f28537
Revert "Remove insecure-port and insecure-bind-address when possible" 2018-09-11 17:42:12 -05:00
Frank Ritchie
f42e0a4711 Change update strategy to RollingUpdate. 
When enable_network_policy is set to True with Calico 3 kubectl
apply fails with the error:

The Deployment "calico-kube-controllers" is invalid:
spec.strategy.rollingUpdate: Forbidden: may not be specified when
strategy type is 'Recreate'

See

https://github.com/kubernetes-incubator/kubespray/issues/3267

Changing the update strategy to RollingUpdate avoids this error.
 2018-09-11 12:03:42 -04:00
Matthew Mosesohn
d91f9e14e6 Put back legacy support for calico ippools and bgp settings 2018-09-11 16:40:11 +03:00
Erwan Miran
e24b1220a0 Fix wrong sa name in crb when psp is enabled 2018-09-11 15:04:55 +02:00
k8s-ci-robot
0a720b35af
Merge pull request #3270 from riverzhang/fix-registry 
Add insecure_registry config to docker options
 2018-09-10 04:28:52 -07:00
rongzhang
f557b54489 Add docker_ to values 2018-09-10 18:05:49 +08:00
Erwan Miran
04852ad753 Install Helm on all masters 2018-09-10 11:39:26 +02:00
Matthew Mosesohn
aaa9a4efac Ensure vault file permissions are correct 2018-09-10 12:04:04 +03:00
rongzhang
0140cf71c8 Upgrade kubernetes to v1.11.3 2018-09-10 15:52:49 +08:00
rongzhang
51794e4c13 Deploying k8s clusters in a private environment 2018-09-09 11:06:00 +08:00
rongzhang
b249b06036 Move docker options to kubespray-defaults 2018-09-09 10:21:18 +08:00
rongzhang
20caaf9d1f Delete gitignore file 2018-09-09 02:09:02 +08:00
rongzhang
c41ca22a78 Planning the configuration of docker parameters 2018-09-09 00:59:59 +08:00
georgejdli
b891d77679 add option to secure helm tiller with tls 2018-09-07 10:29:31 -05:00
k8s-ci-robot
5c2e9a5376
Merge pull request #3252 from mirwan/remove_insecure-bind-address_when_insecure-bind-port_is_0 
Remove insecure-port and insecure-bind-address when possible
 2018-09-07 07:41:21 -07:00
k8s-ci-robot
b3a689658b
Merge pull request #3255 from mlushpenko/calico_check 
Fix calico health checks
 2018-09-07 07:39:20 -07:00
Takashi Okamoto
d182d4f979 absolute path for kubectl. 2018-09-07 09:33:43 -04:00
k8s-ci-robot
9c49e071d3
Merge pull request #3260 from riverzhang/discoverytimeout 
Add discovery_timeout to join configuration
 2018-09-07 05:20:19 -07:00
rongzhang
0f63924ed4 Add discovery_timeout to join configuration 
https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1alpha2#JoinConfiguration
 2018-09-07 16:28:53 +08:00
mlushpenko
ea2c9d8f57 Fix yaml checks 2018-09-06 16:26:57 +02:00
mlushpenko
f958b32c83 Fix calico health checks 2018-09-06 15:57:21 +02:00
k8s-ci-robot
2faa8f1e37
Merge pull request #3254 from mattymo/calico_upgrade_tweaks 
Fix backward compatibility with calico 2.6
 2018-09-06 06:20:52 -07:00
k8s-ci-robot
ab462d92b8
Merge pull request #3249 from mattymo/fix_missing_var_kube_proxy_nodeport 
Add missing variable kube_proxy_nodeport_addresses
 2018-09-06 06:18:23 -07:00
k8s-ci-robot
27905bbddf
Merge pull request #3250 from mattymo/openstack_cacert 
Fix openstack cacert task
 2018-09-06 06:15:59 -07:00
Matthew Mosesohn
dc3e317d20 Fix backward compatibility with calico 2.6 2018-09-06 15:54:20 +03:00
Erwan Miran
a5509fc2ce Remove insecure-port and insecure-bind-address when possible 2018-09-06 13:46:09 +02:00
Matthew Mosesohn
b614a3504b Fix openstack cacert task 2018-09-06 14:06:06 +03:00
Matthew Mosesohn
cd8e469b9c Add missing variable kube_proxy_nodeport_addresses 2018-09-06 13:36:17 +03:00
Matthew Mosesohn
991b3dbe54 put back endif in kubelet rkt template 2018-09-06 13:21:22 +03:00
k8s-ci-robot
f5251f7d27
Merge pull request #3247 from mattymo/kubelet_rkt_Fix 
remove broken endifs in kubelet rkt mode
 2018-09-06 02:49:35 -07:00
Matthew Mosesohn
faedfb6307 remove broken endifs in kubelet rkt mode 2018-09-06 11:59:25 +03:00
k8s-ci-robot
1940495817
Merge pull request #3246 from riverzhang/pause 
Upgrade pause image to 3.1
 2018-09-06 00:48:05 -07:00
rongzhang
b979fb0116 Upgrade pause image to 3.1 2018-09-06 14:15:51 +08:00
Antoine Legrand
7e140e5f3c
Merge pull request #3122 from jbcraig/fix_cacert_feature 
resolve issues with new cacert feature
 2018-09-05 23:31:53 +02:00
rongzhang
435e098751 Fix feature-gates 2018-09-05 22:55:51 +08:00
Antoine Legrand
055e80f846
Merge pull request #3244 from ant31/calico31 
Reverts calico update to 3.2.0, fixes #3223
 2018-09-05 11:45:22 +02:00
Antoine Legrand
15363530ae Reverts calico update to 3.2.0, fixes #3223 2018-09-05 11:44:32 +02:00
Jeff Bornemann
83838b7fbc Add new OCI cloud controls 2018-09-04 14:03:17 -04:00
Luis Nunez
6569180654 remove capitalize filter 2018-09-04 14:56:53 +02:00
k8s-ci-robot
ad33f71ac2
Merge pull request #3228 from mirwan/credentials_dir 
Introducing credentials_dir variable in order to be able to override it
 2018-09-04 04:35:11 -07:00
k8s-ci-robot
50c6a98b15
Merge pull request #3229 from mirwan/docker_1806_ubuntu_under_bionic 
Docker 18.06 for ubuntu versions before bionic
 2018-09-03 11:37:13 -07:00
Erwan Miran
a644b7c267 Introducing credentials_dir in order to be able to override it 2018-09-03 18:04:50 +02:00
Atoms
8c9588ab59 Add additional no proxy parameter for more customization 2018-09-03 17:09:58 +03:00
Erwan Miran
c0ce875743 change edge to 18.06 for ubuntu 2018-09-03 14:11:25 +02:00
Erwan Miran
a22d28e1c1 docker 18.06 for ubuntu version before bionic 2018-09-03 14:10:51 +02:00
k8s-ci-robot
c32145057d
Merge pull request #3178 from gitphill/patch-1 
Add azure-container-registry-config for Azure
 2018-09-03 05:06:01 -07:00
rboyapat
fbb98b0070 Fix the jinja expression for openstack_tenant_id (#3151) 
OS_PROJECT_ID is obsolete in keystone v3 and jinja expression
doesn't set openstack_tenant_id as expected because of
undefined env var. Fixed the expression.
 2018-09-03 14:59:49 +03:00
k8s-ci-robot
db11394711
Merge pull request #3200 from pablodav/feature/k8s_win_v1.11 
Required support to start working on windows node support
 2018-09-03 04:51:23 -07:00
Matthew Mosesohn
fd57fde075 Always run helm init to allow for settings changes 2018-09-03 11:16:01 +03:00
Wong Hoi Sing Edison
9fc8f9a07d ingress-nginx: Upgrade to 0.19.0 
Upstream Changes:

-   ingress-nginx 0.19.0 (https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.19.0)

Our Changes:

-   Sync templates with upstream changes
 2018-09-03 08:00:08 +08:00
Pablo Estigarribia
7cbe3c2171 ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version 
ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version

remove empty when line

ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version

force kubeadm upgrade due to failure without --force flag

ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version

added nodeSelector to have compatibility with hybrid cluster with win nodes, also fix for download with missing container type

fixes in syntax and LF for newline in files

fix on yamllint check

ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version

some cleanup for innecesary lines

remove conditions for nodeselector
 2018-09-02 12:47:06 -03:00
k8s-ci-robot
a47c9239e8
Merge pull request #3221 from alvistack/cephfs-provisioner-v2.1.0-k8s1.11 
cephfs-provisioner: Upgrade to v2.1.0-k8s1.11
 2018-09-02 04:16:17 -07:00
k8s-ci-robot
635ca1a0b8
Merge pull request #3220 from alvistack/coredns-1.2.2 
coredns: Upgrade to v1.2.2
 2018-09-02 04:13:53 -07:00
Wong Hoi Sing Edison
32fdfbcd5a cephfs-provisioner: Upgrade to v2.1.0-k8s1.11 
Upstream Changes:

-   cephfs-provisioner v2.1.0-k8s1.11 (https://github.com/kubernetes-incubator/external-storage/releases/tag/cephfs-provisioner-v2.1.0-k8s1.11)

Our Changes:

-   Sync clusterrole and role with upstream changes
 2018-09-02 11:51:28 +08:00
Wong Hoi Sing Edison
df8b27c03c coredns: Upgrade to v1.2.2 
Upstream Changes:

-   coredns v1.2.2 (https://github.com/coredns/coredns/releases/tag/v1.2.2)

NOTE:

-   coredns image for 1.2.0 and 1.2.1 had been removed from https://console.cloud.google.com/gcr/images/google-containers/GLOBAL/coredns
 2018-09-02 11:37:21 +08:00
mlushpenko
8e95974930 Fix ports for kubeadm client and master configs for ha setups 2018-09-01 18:02:52 +02:00
k8s-ci-robot
13dda0e36e
Merge pull request #3207 from mirwan/fix_3206 
Fix target hosts generation when /etc/hosts does not contain 127.0.0.1 or ::1
 2018-08-31 17:50:56 -07:00
k8s-ci-robot
6e7100f283
Merge pull request #3208 from mirwan/etcd_ha_doc_n_cleaning 
Add documentation about having HA for etcd
 2018-08-31 08:06:05 -07:00
Erwan Miran
059cd17b47 Fix target hosts generation when /etc/hosts does not contain 127.0.0.1 or ::1 2018-08-31 16:33:18 +02:00
k8s-ci-robot
fb7b3305dc
Merge pull request #3209 from mirwan/use_etcd_events_access_address 
etcd_events_access_address should be used for peer_url and client_url
 2018-08-31 07:26:25 -07:00
Erwan Miran
81c3f2c971 etcd_events_access_address should be used for peer_url and client_url 2018-08-31 15:03:07 +02:00
Erwan Miran
82a28d6bb3 Add documentation about having HA for etcd 2018-08-31 14:40:25 +02:00
Antoine Legrand
22f9114630 update calico to 3.2.0 2018-08-31 13:45:08 +02:00
Antoine Legrand
f2f0cdd0ff add arch vars for docker 2018-08-31 13:45:08 +02:00
Antoine Legrand
da06c8e5a9 etcd UNSUPPORTED for all arch 2018-08-31 13:45:08 +02:00
Antoine Legrand
2f1fe44762 update images to use arch 2018-08-31 13:45:08 +02:00
Antoine Legrand
19268ded23 Fix some arm64 errors 2018-08-31 13:45:08 +02:00
Antoine Legrand
f67933d2ac add ETCD_UNSUPPORTED_ARCH=arm64 flag 2018-08-31 13:45:08 +02:00
Antoine Legrand
247b9e83d8 etcd arch-image 2018-08-31 13:45:08 +02:00
Antoine Legrand
9c2098b8fa fix kubelet_max_pod assert 2018-08-31 13:45:08 +02:00
Antoine Legrand
48c0c8d854 Update dir list 2018-08-31 13:45:08 +02:00
rongzhang
2609ec0dc3 Fix copy etcd-ssl-ca failed 2018-08-31 15:06:03 +08:00
k8s-ci-robot
aafd034ab8
Merge pull request #3202 from riverzhang/fix-ipvs 
Fix ipvs by kubeadm v1alpha1
 2018-08-30 13:26:02 -07:00
k8s-ci-robot
d14394c691
Merge pull request #3185 from mirwan/helm_install_docker_insecureport_0 
Mount /root/.kube to helm container
 2018-08-30 08:11:33 -07:00
rongzhang
16fc22a207 Fix ipvs by kubeadm v1alpha1 2018-08-30 23:04:57 +08:00
k8s-ci-robot
d9ea937493
Merge pull request #3187 from mirwan/kubeadm-config_syntax 
Fix kubeadm-config for audit-log-path and feature-gates
 2018-08-30 06:55:43 -07:00
k8s-ci-robot
a96a0ee307
Merge pull request #3198 from riverzhang/fix-kubeadm-v1alpha1 
Fix kubeadm v1alpha1 configure
 2018-08-30 04:11:37 -07:00
k8s-ci-robot
f48468b83b
Merge pull request #3195 from mirwan/fix_psp_templates 
Fix some addons when PodSecurityPolicy is enabled
 2018-08-30 03:37:52 -07:00
rongzhang
35e5adaf0a Fix kubeadm v1alpha1 configure 2018-08-30 17:44:00 +08:00
k8s-ci-robot
a247c2c713
Merge pull request #3191 from fcgravalos/make-canal-mount-xtables-lock 
canal should mount xtables.lock to share the lock with other processe…
 2018-08-29 08:57:32 -07:00
k8s-ci-robot
4feb62f6bf
Merge pull request #3193 from riverzhang/fix-lb-kubeadm 
Fix kubeadm lb
 2018-08-29 04:22:40 -07:00
Fernando Crespo Grávalos
ac4ef719cc canal should mount xtables.lock to share the lock with other processes like kube-proxy 2018-08-29 13:08:51 +02:00
Erwan Miran
ceb97e5809 Fix wrong syntax for jinja sub list extraction and addition of missing role template 2018-08-29 12:58:10 +02:00
k8s-ci-robot
3bfda55fca
Merge pull request #3061 from okamototk/crio 
cri-o support
 2018-08-29 03:48:40 -07:00
rongzhang
9eade647e6 Fix kubeadm lb 2018-08-29 18:29:24 +08:00
Robin Elfrink
bbdd1c8f06 Add option to change the Tiller Deployment namespace. 2018-08-29 11:20:41 +02:00
k8s-ci-robot
f876c89081
Merge pull request #3189 from Arslanbekov/up-dashboard-version 
Up dashboard version to 1.10.0
 2018-08-29 02:08:40 -07:00
Phill Garrett
1babbcca85
Fix elif azure statement 2018-08-28 15:43:03 +01:00
Takashi Okamoto
c0dfa72707 Separate RedHat specific vars for cri-o. 2018-08-28 13:36:14 +00:00
Arslanbekov Denis
fe1e758856 Up dashboard version to 1.10.0 2018-08-28 14:10:19 +03:00
Phill Garrett
f325d13082 Add azure-container-registry-config for Azure 
Seperated out KUBELET_CLOUDPROVIDER env var assignment when cloud_provider equals azure
Appended azure-container-registry-config parameter
 2018-08-28 10:23:25 +00:00
Erwan Miran
52ab54eeea Fix missing quotes for audit-log-path and wrong placement of feature-gates 2018-08-28 09:05:57 +02:00
Takashi Okamoto
d407a590a6 container_manager variable to specify runtime. 2018-08-28 06:23:38 +00:00
Takashi Okamoto
5eb805f098 Change timeout for kubeadm 600s. 
* kubeadm timeout is too short and it may interrupt by timeout.
 2018-08-28 04:51:38 +00:00
Takashi Okamoto
dfdcb56784 Delete all cri-o containers when execute reset.yml. 2018-08-28 02:25:33 +00:00
Takashi Okamoto
236f066635 kubeadm cri-o support. 2018-08-28 02:24:45 +00:00
Takashi Okamoto
5ab8a712d9 Add download_container flag to avoid docker pull when use cri-o. 2018-08-28 01:24:26 +00:00
Takashi Okamoto
cf7b9cfeef Support crio in kubelet service. 2018-08-28 01:24:26 +00:00
Takashi Okamoto
6090af29e7 Add cri-o role. 2018-08-28 01:24:26 +00:00
Takashi Okamoto
359009bb05 Download etcd and hyperkube binary. 2018-08-28 01:24:26 +00:00
Takashi Okamoto
bdbfa4d403 Add ipvs support for kubeadm 1.10 or later. 2018-08-28 01:24:26 +00:00
Takashi Okamoto
6849788ebc Fix copy ca cert and ca key for kubeadm. 2018-08-28 01:24:25 +00:00
Takashi Okamoto
ac639b2a17 Change kubeadm config to run etcd by kubeadm. 2018-08-28 01:24:25 +00:00
Takashi Okamoto
b18ed5922b Add etcd default value in kubespray-default. 2018-08-28 01:24:25 +00:00
Erwan Miran
b395bb953f Fix wrong when condition that ends up with jinja error when the content of /etc/hosts contains parenthesis 2018-08-27 21:20:57 +02:00
Erwan Miran
b652792a93 /root/.kube must to mounted in order for helm to read kubeconfig and not fallback to localhost:8080 2018-08-27 18:17:26 +02:00
k8s-ci-robot
7efe287c74
Merge pull request #2474 from mirwan/localhost_in_etc_hosts 
Localhost in hosts files should be updated (if necessary), not overriden
 2018-08-27 06:25:43 -07:00
k8s-ci-robot
881b46f458
Merge pull request #3095 from mirwan/dnsmasq_template_rendering_filename 
Dnsmasq manifests should not have j2 extension but templates should
 2018-08-27 02:51:43 -07:00
k8s-ci-robot
d43cd9a24c
Merge pull request #3104 from maxbrunet/hotfix/replace-local_actions 
Use delegate_to: localhost instead of local_action
 2018-08-27 02:50:42 -07:00
guenhter
fff48d24ea Replace the raw rsync command with the synchronize module 2018-08-27 10:00:21 +02:00
k8s-ci-robot
f4feb17629
Merge pull request #2958 from elementyang/etcd-pr 
change the way that getting etcd_member_name
 2018-08-26 23:55:04 -07:00
Maxime Brunet
33135f2ada k8s/preinstall: Turn AND condition into a list 2018-08-25 14:33:31 -04:00
k8s-ci-robot
d6f4d10075
Merge pull request #3153 from alvistack/remove-image_tag-suffix 
Remove *_image_tag suffix from ReplicaSet/Deployment
 2018-08-25 04:42:19 -07:00
k8s-ci-robot
f97515352b
Merge pull request #3161 from nutellinoit/kube_proxy_nodeport_addresses 
--nodeport-addresses added on kube-proxy.manifest.j2 and on k8s-cluster.yml
 2018-08-25 02:00:19 -07:00
Aivars Sterns
f7f58bf070
Merge pull request #3173 from msimonin/fix-3164 
Fix createhome directory for adduser role
 2018-08-24 16:34:57 +03:00
Erwan Miran
1432e511a2 same work with less lines 2018-08-24 14:06:07 +02:00
Vasilis Remmas
b61eb7d7f3 Add ETCD_QUOTA_BACKEND_BYTES environment variable 2018-08-24 12:17:34 +02:00
Aivars Sterns
1567a977c3
Revert "gen_certs_script: refactor using stdin (Ansible 2.4+)" 2018-08-24 12:35:31 +03:00
Samuele Chiocca
cb8be37f72 fix on v1alpha1 2018-08-24 11:19:06 +02:00
Samuele Chiocca
e5dd4e1e70 added on v1alpha1 2018-08-24 10:59:06 +02:00
Antoine Legrand
6d74a3db7a
Merge pull request #3163 from kubernetes-incubator/fix-docker-ubuntu1804 
Fix docker apt-repo for Ubuntu18
 2018-08-24 00:51:59 +02:00
ant31
1da5926a94 Use xenial repo for ubuntu18 2018-08-23 22:34:44 +00:00
Antoine Legrand
4882531c29
Merge pull request #3115 from oracle/oracle_oci_controller 
Cloud provider support for OCI (Oracle Cloud Infrastructure)
 2018-08-23 18:22:45 +02:00
Antoine Legrand
f59b80b80b
Merge pull request #3147 from ishitatsuyuki/etcd-cleanup 
gen_certs_script: refactor using stdin (Ansible 2.4+)
 2018-08-23 18:19:28 +02:00
rongzhang
7b61a0eff0 Fix kubeadm LB configure 
1. join node add LB discoveryTokenAPIServers
2. kubeadm_config_api_fqdn support ipddress and domain_name
 2018-08-23 22:22:34 +08:00
Aivars Sterns
23fd3461bc calico upgrade to v3 (#3086) 
* calico upgrade to v3

* update calico_rr version

* add missing file

* change contents of main.yml as it was left old version

* enable network policy by default

* remove unneeded task

* Fix kubelet calico settings

* fix when statement

* switch back to node-kubeconfig.yaml
 2018-08-23 17:17:18 +03:00
msimonin
e22e15afda
Fix createhome directory for adduser role 
A typo in the adduser role prevents the createhome
variable to be taken into account.

Fix #3164
 2018-08-23 08:55:11 +02:00
Rong Zhang
f453567cce
Merge pull request #3144 from riverzhang/fix-audit-log 
Fix install audit failed
 2018-08-23 14:41:37 +08:00
Tatsuyuki Ishi
69786b2d16 gen_certs_script: refactor using stdin (Ansible 2.4+) 2018-08-23 11:19:17 +09:00
rongzhang
5a4352657d Fix install audit failed 
1.fix audit log not write
2.fix Parameter not recognized
3.delete kubedm futuregates auditing and use apiServerExtraArgs
 2018-08-23 01:47:15 +08:00
Samuele Chiocca
f13bc796d9 added nodePortAddresses on kubeadm conf v1alpha2 (not present on v1alpha1) 2018-08-22 18:43:03 +02:00
Erwan Miran
a6a14e7f77 create the service account and roles even if the rbac is not enabled. it will just be ignored 2018-08-22 18:17:11 +02:00
Erwan Miran
80cfeea957 psp, roles and rbs for PodSecurityPolicy when podsecuritypolicy_enabled is true 2018-08-22 18:16:13 +02:00
ant31
2c90208486 Fix docker apt-repo for Ubuntu18 2018-08-22 15:53:14 +00:00
Antoine Legrand
4eea7f7eb9
Merge pull request #3152 from johnzheng1975/cilium_1.2.0 
new cilium stable version: 1.2.0
 2018-08-22 17:11:42 +02:00
Samuele Chiocca
5d9908c2c3 --nodeport-addresses added on kube-proxy.manifest.j2 
Changed author
 2018-08-22 15:32:07 +02:00
Erwan Miran
a7b0c454db Localhost in hosts files should be updated (if necessary), not overriden 2018-08-22 12:10:49 +02:00
Wong Hoi Sing Edison
c3b3572025 Always create service account even rbac_enabled = false 2018-08-22 11:41:29 +08:00
Wong Hoi Sing Edison
f897596844 Remove *_image_tag suffix from ReplicaSet/Deployment 2018-08-22 11:02:56 +08:00
john
6df71956c4 new cilium stable version: 1.2.0 2018-08-22 10:52:24 +08:00
Jeff Bornemann
94df70be98 Cloud provider support for OCI (Oracle Cloud Infrastructure) 
Signed-off-by: Jeff Bornemann <jeff.bornemann@oracle.com>
 2018-08-21 17:36:42 -04:00
Mark Eisenblaetter
0c0a2138d9 allow '.' in hostnames 
we use FQDN as inventory_hostname
 2018-08-21 08:24:33 +02:00
Jonathan Craig
5bf152886b add support for openstack trust to cloud provider config 2018-08-20 12:51:25 -04:00
Andreas Krüger
497db69c9f
Merge pull request #3130 from riverzhang/add-control-plane 
Add kubeadm controlplaneEndpoint
 2018-08-20 10:43:50 +02:00
Andreas Krüger
c7de737551
Merge pull request #3133 from mirwan/auditlog_to_stdout_w_kubeadm 
Audit log to stdout with kubeadm
 2018-08-20 10:43:22 +02:00
Andreas Krüger
69749a5b7b
Merge pull request #3132 from mirwan/custom_audit_policy 
Custom audit policy
 2018-08-20 10:42:38 +02:00
Andreas Krüger
b3e32c1393
Merge pull request #3094 from hedayat/master 
Add --dns-loop-detect to dnsmasq used in kube-dns
 2018-08-20 09:27:15 +02:00
Erwan Miran
fc38b6d0ca Ability to define custom audit polcy rules 2018-08-20 07:04:56 +02:00
Erwan Miran
c34900e569 Define apiserver flags directly instead of relying on auditPolicy section in order to have the ability to redirect audit log to stdout with kubeadm 2018-08-20 07:00:53 +02:00
Rong Zhang
855f2a55cb
Merge pull request #3135 from ishitatsuyuki/patch-1 
Add bad hostname preflight check
 2018-08-20 12:08:02 +08:00
Wong Hoi Sing Edison
71fdc257bc cephfs-provisioner: Upgrade to v2.0.1-k8s1.11 2018-08-20 11:55:04 +08:00
Rong Zhang
fd16f77e20
Merge pull request #3017 from seungkyua/fix_kubeadm_client_conf 
Fix kubeadm client conf
 2018-08-20 10:51:02 +08:00
Tatsuyuki Ishi
3eef8dc8d0 Add bad hostname preflight check 
Hostname must be a valid DNS name, which is checked as https://github.com/kubernetes/apimachinery/blob/master/pkg/util/validation/validation.go#L115

The situation I have encountered is that my hostname contained underscore which is disallowed and apiserver refused to start.
 2018-08-20 09:09:00 +09:00
rongzhang
59176ebbb9 Add kubeadm controlplaneEndpoint 
Nginx LB(default)
Other LB by kubeadm controlplane
 2018-08-20 00:57:13 +08:00
rongzhang
b421d0ed5b Fix install nss 2018-08-20 00:07:31 +08:00
rongzhang
35efc387c4 Fix pull dns image error 2018-08-19 22:47:17 +08:00
Rong Zhang
fb309ca446
Merge pull request #3128 from riverzhang/delete-kubeadm 
Remove unused configuration
 2018-08-19 10:01:33 +08:00
Antoine Legrand
1d4f88eea8
Fix typo in image url 2018-08-19 01:30:54 +02:00
rongzhang
095ccef8bd Remove unused configuration 2018-08-19 01:23:20 +08:00
Rong Zhang
0df969ad19
Merge pull request #3117 from mirwan/audit_usecases 
Audit support improvement
 2018-08-19 01:13:22 +08:00
Antoine Legrand
3e5b6a5481
Merge pull request #3105 from mirwan/remove_cilium_device_at_reset_plus_move_network_to_network_plugin_roles 
Move network_plugin specific reset tasks to its role directory
 2018-08-17 22:27:16 +02:00
Antoine Legrand
c36744e96d
Merge pull request #3120 from alvistack/cephfs-provisioner-v2.0.0-k8s1.11 
cephfs-provisioner: Upgrade to v2.0.0-k8s1.11
 2018-08-17 22:11:15 +02:00
Antoine Legrand
e51c5dc0a6
Merge pull request #3123 from mathieuherbert/until-restart-etcd 
add until option for etcd backup commands
 2018-08-17 22:09:08 +02:00
Antoine Legrand
d297b82e82
Merge pull request #3126 from LuckySB/etcd_restart_on_update 
add etcd version to etcd environment file to trigger a reload
 2018-08-17 22:05:34 +02:00
Erwan Miran
98b818bbaf comply with ansible syntax consistency guideline 2018-08-17 16:37:33 +02:00
Antoine Legrand
26bf719a02
Merge branch 'master' into multi-arch-support 2018-08-17 16:35:50 +02:00
Antoine Legrand
7e37aa4aca
Merge pull request #2103 from xd007/docker_aarch64_pkg 
Update docker package info for aarch64
 2018-08-17 16:26:56 +02:00
Sergey Bondarev
ce6854e726 add version to environment file 
Trigger reboot handler when version upgrade during update script
 2018-08-17 17:25:35 +03:00
Antoine Legrand
ac49bbb336
Merge pull request #2168 from xd007/docker_arm64 
fix docker opts incompatible running on aarch64 Redhat/Centos
 2018-08-17 16:24:07 +02:00
Antoine Legrand
6c7eabb53b
Merge pull request #2001 from b0r1sp/patch-3 
Quote false and yes, otherwise they'll be transformed to 'False', 'Yes'
 2018-08-17 15:52:15 +02:00
Antoine Legrand
7a0f0126f7
Merge pull request #1295 from xuhuilong/master 
fix curl get calico status error ( error in tls version, centos 7.3 1611)
 2018-08-17 14:29:01 +02:00
Mathieu Herbert
59d89a37cc add until option for etcd backup commands 2018-08-17 11:05:57 +02:00
Wong Hoi Sing Edison
1a07c87af7 cephfs-provisioner: Upgrade to v2.0.0-k8s1.11 
Upstream Changes:

-   cephfs-provisioner v2.0.0-k8s1.11 (https://github.com/kubernetes-incubator/external-storage/releases/tag/cephfs-provisioner-v2.0.0-k8s1.11)
-   Update ClusterRole

Our Changes:

-   Fix typo in defaults/main.yml (rs -> deploy)
-   Manifests cleanup
 2018-08-17 12:41:56 +08:00
Seungkyu Ahn
29894293eb Fix kubeadm client conf 
Fix DiscoveryTokenCACertHashes key to discoveryTokenCACertHashes in kubeadm-client.conf
 2018-08-17 04:40:08 +00:00
Jonathan Craig
4d783fff0d resolve issues with new cacert feature 2018-08-16 23:31:21 -04:00
Erwan Miran
7f16b46ed5 Reset tasks specific to a network_plugin moved inside its role directory + Reset tasks specific to cilium 2018-08-16 17:34:33 +02:00
Antoine Legrand
58ee5f1cc9
Merge pull request #3089 from mattymo/cloudconfig 
Remove erroneous cloud-config task
 2018-08-16 16:17:01 +02:00
Antoine Legrand
253dc4f606
Merge pull request #3114 from woopstar/coredns-1.2.0 
Update CoreDNS to 1.2.0
 2018-08-16 16:14:13 +02:00
Erwan Miran
54548d3b95 kubeadm mounts the hostpaths itself 2018-08-16 13:17:30 +02:00
Erwan Miran
58d4d65fab minor variable fix and reuse + handle auditlog redirected to stdout 2018-08-16 12:51:09 +02:00
Rong Zhang
364ab2a6b7
Merge pull request #3113 from riverzhang/support-audit 
Support audit
 2018-08-16 15:33:43 +08:00
rongzhang
2ffc1afe40 Support audit 2018-08-16 14:38:07 +08:00
Wong Hoi Sing Edison
18612b3501 cert-manager: Upgrade to 0.4.1 
Upstream Changes:

-   cert-manager 0.4.1 (https://github.com/jetstack/cert-manager/releases/tag/v0.4.1)

Our Changes:

-   Better templates sync with upstream manifests
-   Remove fancy resources requests/limits customization
 2018-08-16 08:47:01 +08:00
Andreas Kruger
9da5d67728 Update CoreDNS to 1.2.0 2018-08-15 13:39:05 +02:00
Wong Hoi Sing Edison
bd413e36a3 ingress-nginx: Upgrade to 0.18.0 
Upstream Changes:

-   ingress-nginx 0.18.0 (https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.18.0)
 2018-08-15 11:40:42 +08:00
Chad Swenson
2c5781ace1
Merge pull request #2932 from wiremind/efk-fluentd-no-nodeselector 
fluentd daemonset: do not set old nodeSelector.
 2018-08-14 13:48:30 -05:00
JohnZheng
b50b3430be Disable locksmithd on CoreOS if coreos_auto_upgrade set to false (#3088) 
* Disable locksmithd on CoreOS if coreos_auto_upgrade set to false

* change when format to support multiple-condition
 2018-08-14 13:42:16 -05:00
Chad Swenson
0e3518f2ca
Merge pull request #2871 from fritchie/lptolerate 
Local volume provisioner: tolerate NoSchedule
 2018-08-14 13:39:57 -05:00
Chad Swenson
3a85a2f81c
Merge pull request #3080 from mirwan/netchecker_template_rendering_filename 
Netchecker manifests should not have j2 extension
 2018-08-14 13:24:16 -05:00
Chad Swenson
5dbfa0384e
Merge pull request #3101 from chenhonggc/uninstall_old_versions_of_docker 
Uninstall old versions of Docker
 2018-08-14 11:32:23 -05:00
rongzhang
48b6128814 Upgrade coredns to 1.1.3 2018-08-15 00:05:55 +08:00
Maxime Brunet
70b28288a3 Use delegate_to: localhost instead of local_action 
Allow to use `ansible_become: true` (#2969)
And set it to `false` for `localhost` with an `host_var`
 2018-08-14 10:08:43 -04:00
Rong Zhang
a11e1eba9e Upgrade kubernetes to V1.11.x (#3078) 
Upgrade Kubernetes to V1.11.2
The kubeadm configuration file version has been upgraded from v1alpha1 to v1alpha2
Add bootstrap kubeadm-config.yaml with external etcd
 2018-08-14 15:13:44 +03:00
Chen Hong
2dfa928c90 Uninstall old versions of Docker 2018-08-14 17:48:30 +08:00
Erwan Miran
d3c0fe1fcb Templates (even without actual templating inside) should have j2 extension but should not be rendered with j2 extension 2018-08-13 09:51:26 +02:00
Hedayat Vatankhah
c0221c2e72 Add --dns-loop-detect to dnsmasq used in kube-dns 
It prevents DNS loops when host's DNS server is a localhost DNS server,
or when DNS server of cluster is also added as an upstream DNS server
 2018-08-12 20:36:33 +04:30
mauromedda
9cef20187c Add the path to kubectl binary 
The post-remove action fails during the kubectl delete node action because with rc: 2, command not found. The kubectl is not in the system PATH and the full path to the binary is required
 2018-08-12 10:50:50 +02:00
Anton Fayzrahmanov
95f1e4634a local-volume-provisioner: use mountPropagation HostToContainer and version bump (#3081) 
* Update local-volume-provisioner-ds.yml.j2

After v1.10.2 default mountPropagation is "None"

* local_volume_provisioner version bump

v2.1.0 uses the beta nodeAffinity API by default which is available starting 1.10

* Update local-volume-provisioner-ds.yml.j2

MY_NAMESPACE env

* Update README.md

Raw block devices docs.
 2018-08-10 17:14:34 +03:00
Matthew Mosesohn
581a30fdec Remove erroneous cloud-config task 2018-08-10 15:59:18 +03:00
Andreas Krüger
d8e77600e2
Merge pull request #3066 from luisyonaldo/fix-conditional 
fix bad conditional
 2018-08-10 10:38:52 +02:00
Cédric de Saint Martin
e3dcd96301 kubedns & kubedns-autoscaler: Stick to master nodes. (#2909) 
* kubedns & kubedns-autoscaler: Stick to master nodes.

 - Tolerate only master nodes and not any NoSchedule taint
 - Pods are on different nodes
 - Pods are required to be on a master node.

* kubedns: use soft nodeAffinity.

Prefer to be on a master node, don't require.

* coredns: Stick to (different) master nodes.

     - Pods are on different nodes
     - Pods are preferred to be on a master node.
 2018-08-09 10:42:53 -05:00
Chad Swenson
001cae5894
Merge pull request #3028 from Kami-no/cilium 
cilium v1.1.2
 2018-08-09 10:35:29 -05:00
Erwan Miran
494ff9522b j2 extension should only be used for template filename, not target file on remote host 2018-08-09 11:29:45 +02:00
Luis Nuñez
fd380615a0 fix bad conditional 2018-08-09 10:20:45 +02:00
Rong Zhang
039180b2ca
Merge pull request #3022 from alvistack/weave-2.4.0 
weave: Upgrade to 2.4.0
 2018-08-09 15:01:05 +08:00
Zinin D.A
22b89edbbc cilium v1.1.2 
Update all configs to current upstream state.
Add more resources (unable to pass tests now)...
 2018-08-08 22:42:50 +03:00
Rong Zhang
94ae945bea
Merge pull request #2904 from mirwan/var_lib_kubelet_should_not_be_unmounted_when_having_its_own_partition 
Only subdirectories in /var/lib/kubelet should be unmounted at reset time
 2018-08-08 15:00:54 +08:00
Rong Zhang
5c039d87aa
Merge pull request #3054 from reverson/1.10-admission 
Add support for admission controllers in 1.10 and above
 2018-08-08 14:32:11 +08:00
Rong Zhang
08dfb7b59f
Merge pull request #3073 from riverzhang/delete-istio 
Remove istio support
 2018-08-08 13:00:57 +08:00
rongzhang
ea6af449a8 Remove istio support 
Use helm install or support in future
 2018-08-08 11:10:09 +08:00
Mathieu Herbert
d285565475 Add tags for coredns and kubedns 2018-08-07 20:55:38 +02:00
Robert Everson
4eadf3228e Only add admission plugins if defined 2018-08-07 11:25:03 -07:00
Robert Everson
99c5aa5a02 Use k8s default plugin list 2018-08-07 11:25:03 -07:00
Robert Everson
6ed65d762b Separate out plugins into 2 variables 2018-08-07 11:25:03 -07:00
Robert Everson
ac18f6cf8b Add support for admission controllers in 1.10 and above 2018-08-07 11:25:03 -07:00
Rong Zhang
e71f261935
Merge pull request #3068 from riverzhang/swap 
Enable swap
 2018-08-07 21:29:41 +08:00
rongzhang
b902602d16 Enable swap 2018-08-07 21:13:12 +08:00
Wong Hoi Sing Edison
538cb3b1bd weave: Upgrade to 2.4.0 
Upstream Changes:

-   weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0)
-   Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924)
-   Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305)
-   Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317)

Our Changes:

-   Revamp weave-net.yml.j2 with upstream changes
-   Add more variables for customization
-   Replace WEAVE_PASSWORD with k8s secret
-   Remove hard-corded seed mode support, in favor of variables customization
 2018-08-07 18:34:51 +08:00
Wong Hoi Sing Edison
17e335c6a7 ingress-nginx: Upgrade to 0.17.1 
Upstream Changes:

-   ingress-nginx 0.17.1 (https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.17.1)
-   Remove duplicated `securityContext` (https://github.com/kubernetes/ingress-nginx/pull/2705)
-   Remove --publish-service flag, in favor of DaemonSet + hostPort

Close #2998
Close #2999
 2018-08-07 18:31:08 +08:00
Rong Zhang
280d6cac1a
Merge pull request #2997 from alvistack/cert-manager-0.4.0 
cert-manager: Upgrade to 0.4.0
 2018-08-07 18:00:46 +08:00
Rong Zhang
c288ffc55d
Merge pull request #2342 from southquist/add-ca-cert 
allow for setting the cacert on openstack cloud provider
 2018-08-07 17:46:01 +08:00
Rong Zhang
9075dbdd3c
Merge pull request #2875 from bradbeam/movault 
Adding cluster_name to api cert alt name for vault
 2018-08-07 17:36:04 +08:00
Rong Zhang
7850bce254
Merge pull request #2994 from DBLaci/master 
dashboard_token_ttl option override possibility with default
 2018-08-07 17:16:25 +08:00
Rong Zhang
3d19e03294
Merge pull request #3015 from podnov/kube_proxy_healthz_bind_address 
Variablize kube_proxy_healthz_bind_address
 2018-08-07 17:10:33 +08:00
Rong Zhang
b1f8bfdf7c
Merge pull request #3055 from reverson/17.09-docker 
Add support for docker 17.09
 2018-08-07 16:57:50 +08:00
Wong Hoi Sing Edison
0f400a113c cert-manager: Upgrade to 0.4.0 
Upstream Changes:

-   cert-manager 0.4.0 (https://github.com/jetstack/cert-manager/releases/tag/v0.4.0)
 2018-08-07 14:29:28 +08:00
Aleksey Shirokih
e8447e3d71
Service file binary place mismatch 
According to cluster/binary.yml vault binary will be placed to `{{ bin_dir }}` and according to `inventory/sample/group_vars/all.yml` that is 
`inventory/sample/group_vars/all.yml`
 2018-08-06 14:44:13 +03:00
rongzhang
ac644ed049 Fix yaml roles error 2018-08-05 18:48:07 +08:00
Rong Zhang
453fea1977
Merge pull request #3034 from cornelius-keller/library_fix 
fix missing libraries on newer coreos versions
 2018-08-05 12:54:03 +08:00
cornelius-keller
4b5cb1185f fix missing libraries on newer coreos versions 2018-08-03 15:29:05 +02:00
Robert Everson
275cdc1ce3 Add support for docker 17.09 2018-08-02 11:35:16 -07:00
DBLaci
d43f09081e
Merge pull request #1 from kubernetes-incubator/master 
Follow upstream
 2018-08-01 16:34:10 +02:00
woosley.xu
72074f283b set local for growpart part 2 2018-07-31 06:56:09 +08:00
woosley.xu
a5db3dbea9 set locale for growpart 2018-07-31 06:52:56 +08:00
Alexandre Ardhuin
9b349a9049 Fix label of registry in README 2018-07-27 11:42:21 +02:00
Seungkyu Ahn
0366600b45 Remove double slash 
Even without this PR, the operation works well.
However, it is better to use a single slash rather than
a double slash in the path.
 2018-07-20 07:34:33 +00:00
Evan Zeimet
6a4ce96b7d Variablize kube_proxy_healthz_bind_address 
This fixes #3014
 2018-07-19 14:19:09 -05:00
DBLaci
b61c64a8ea token-ttl default value is int in seconds 2018-07-19 12:15:47 +02:00
Takashi Okamoto
37ccf7e405 Fixed kubectl path. 2018-07-13 15:32:08 +00:00
DBLaci
cb91003cea dashboard_token_ttl option override possibility with default 2018-07-13 15:26:18 +02:00
Matthew Mosesohn
97e0de7e29
Fix vault file owner issues and k8s apiserver cert creation (#2985) 
apiserver cert should be created only once
 2018-07-11 14:58:02 +03:00
Rong Zhang
cf445fd4fe
Merge pull request #2930 from alvistack/ingress-nginx-0.16.1 
ingress-nginx: Upgrade to 0.16.2
 2018-07-10 14:42:37 +08:00
Aivars Sterns
72f053d9bb
Merge pull request #2972 from mattymo/force_cni_cp 
Force copy cni files
 2018-07-10 09:40:10 +03:00
Wong Hoi Sing Edison
a0defefb3f ingress-nginx: Upgrade to 0.16.2 
ingress-nginx 0.16.2 (https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.16.2)

This patch simplify ingress-nginx deployment by default deploy on
master, with customizable options; on the other hand, remove the
additional Ansible group "kube-ingress" and its k8s node label
injection.

Reference to https://kubernetes.io/docs/concepts/services-networking/ingress/#prerequisites:

    GCE/Google Kubernetes Engine deploys an ingress controller on the master.

By changing `ingress_nginx_nodeselector` plus custom k8s node
label, user could customize the DaemonSet deployment target.

If `ingress_nginx_nodeselector` is empty, will deploy DaemonSet on
every k8s node.
 2018-07-10 12:26:06 +08:00
Wong Hoi Sing Edison
62b1166911 cert-manager: Upgrade to 0.3.2 
Upstream Changes:

-   cert-manager 0.3.2 (https://github.com/jetstack/cert-manager/releases/tag/v0.3.2)

Our Changes:

-   Remove legacy addon dir, manifests and namespace before upgrade
 2018-07-10 08:48:44 +08:00
Rong Zhang
810596c6d8
Merge pull request #2974 from alvistack/cephfs-provisioner-1.1.0-k8s1.10 
cephfs-provisioner: Upgrade to 1.1.0-k8s1.10
 2018-07-09 13:53:07 +08:00
Rong Zhang
a488d55c2c
Merge pull request #2975 from daohoangson/remove_force_disable_kube_basic_auth 
Remove step that disables `kube_basic_auth`.
 2018-07-08 21:18:36 +08:00
Alexandru Bogdan Pica
e63bc65a9d Fix 2976 
Fix failure when the container attribute is not set for a download
 2018-07-08 13:36:47 +03:00
Dao Hoang Son
d306c9708c Remove step that force disable kube_basic_auth. 
The referenced issue (https://github.com/kubernetes/kubeadm/issues/441) has already been fixed.
 2018-07-08 16:57:43 +07:00
Wong Hoi Sing Edison
6a65345ef3 cephfs-provisioner: Upgrade to 1.1.0-k8s1.10 
Upstream Changes:

-   Update CEPH_VERSION to mimic (https://github.com/kubernetes-incubator/external-storage/pull/841)

Our Changes:

-   Using image from official repo which contain latest changes (https://quay.io/repository/external_storage/cephfs-provisioner)
 2018-07-08 00:37:08 +08:00
Matthew Mosesohn
1a3b9dd864 Force copy cni files 2018-07-06 16:39:42 +03:00
elementyang
8fee1ab102 change create to apply 2018-07-06 19:36:19 +08:00
Matthew Mosesohn
5c617c5a8b
Add tags to deploy components by --tags option (#2960) 
* Add tags for cert serial tasks

This will help facilitate tag-based deployment of specific components.

* fixup kubernetes node
 2018-07-06 09:12:13 +03:00
Matthew Mosesohn
0b939a495b
Improve vault etcd initialization check (#2959) 2018-07-05 12:27:45 +03:00
elementyang
5a4f07adca change the way of getting etcd_member_name 2018-07-05 00:06:37 +08:00
Aivars Sterns
4092f96dd8
Merge pull request #2946 from Miouge1/remove-pid-predicate 
CheckNodePIDPressure is not supported in v1.10
 2018-07-04 18:30:19 +03:00
elementyang
effd27a5f6 change the way that getting etcd_member_name 2018-07-03 22:02:44 +08:00
Rong Zhang
77c870b7d0
Merge pull request #2951 from alvistack/cephfs-provisioner-06fddbe2 
cephfs-provisioner: Upgrade to 06fddbe2
 2018-07-03 19:36:42 +08:00
Rong Zhang
32a6ca4fd6
Merge pull request #2948 from qeqar/remove-node-limit 
move node selection from --limit to --extra-vars=node<nodename>"
 2018-07-03 18:41:57 +08:00
Wong Hoi Sing Edison
728024e8ff cephfs-provisioner: Upgrade to 06fddbe2 
-   cephfs-provisioner 06fddbe2 (https://github.com/kubernetes-incubator/external-storage/tree/06fddbe2/ceph/cephfs)

Noteable changes from upstream:

-   Added storage class parameters to specify a root path within the backing cephfs and, optionally, use deterministic directory and user names (https://github.com/kubernetes-incubator/external-storage/pull/696)
-   Support capacity (https://github.com/kubernetes-incubator/external-storage/pull/770)
-   Enable metrics server (https://github.com/kubernetes-incubator/external-storage/pull/797)

Other noteable changes:

-   Clean up legacy manifests file naming
-   Remove legacy manifests, namespace and storageclass before upgrade
-   `cephfs_provisioner_monitors` simplified as string
-   Default to new deterministic naming
-   Add `reclaimPolicy` support in StorageClass

With legacy non-deterministic naming style (where $UUID are generated ramdonly):

-   cephfs_provisioner_claim_root: /volumes/kubernetes
-   cephfs_provisioner_deterministic_names: false
-   Generated CephFS volume: /volumes/kubernetes/kubernetes-dynamic-pvc-$UUID
-   Generated CephFS user: kubernetes-dynamic-user-$UUID

With new default deterministic naming style (where $NAMESPACE and $PVC are predictable):

-   cephfs_provisioner_claim_root: /volumes
-   cephfs_provisioner_deterministic_names: true
-   Generated CephFS volume: /volumes/$NAMESPACE/$PVC
-   Generated CephFS user: k8s.$NAMESPACE.$PVC
 2018-07-03 10:15:24 +08:00
Mark Eisenblaetter
b548f6f320 move node selection from --limit to --extra-vars=node<nodename>" 2018-07-02 20:04:36 +02:00
Nicolas Trangez
8bcad4f5ef Fix coreos_dual -> coredns_dual typo 
See: e40368ae2b
 2018-07-02 17:19:35 +02:00
Rong Zhang
31e6c44b07
Merge pull request #2924 from elementyang/make-ssl-etcd-pr 
fix the time of ca files are changed in make-ssl-etcd
 2018-07-02 20:44:20 +08:00
Matthew Mosesohn
77c910c1c3
Fixup vault etcd check (#2938) 
* Fixup vault etcd

* Update main.yml
 2018-07-02 15:37:37 +03:00
Matthew Mosesohn
c20196f9a0
Remove modprobe binary from kubelet rkt deployment (#2917) 2018-07-02 15:37:24 +03:00
Rong Zhang
f6a15b1829
Merge pull request #2918 from elementyang/fix-pr 
fix add etcd_events_access_address
 2018-06-30 11:55:38 +08:00
elementyang
7c22def422 add etcd_events_access_address 2018-06-30 07:32:29 +08:00
Rong Zhang
87e49f0055
Merge pull request #2921 from elementyang/index-out-of-range-pr 
fix template index out of range for pull images
 2018-06-30 00:53:53 +08:00
Matthew Mosesohn
a36e3fbec3
Add rkt gc task (#2945) 2018-06-29 19:53:21 +03:00
Miouge1
2a279e30b0 CheckNodePIDPressure is not supported in v1.10 2018-06-28 20:10:38 +02:00
southquist
c685dc493f allow for setting the cacert on openstack cloud provider 2018-06-28 16:00:13 +02:00
Andreas Krüger
e24f888bc4
Merge pull request #2923 from bradbeam/vaultrkt 
Adding uuidfile for rkt based vault to properly cleanup after itself
 2018-06-27 11:18:39 +02:00
Cédric de Saint Martin
a260412c7e fluentd daemonset: do not set arbitrary nodeSelector. 2018-06-25 15:19:56 +02:00
neith00
a643f72d93 No need to install rkt on CoreOS 2018-06-25 09:38:24 +02:00
Aivars Sterns
73a2a18006
Merge pull request #2795 from gfkse/baremetal-override-calico-hostname 
Make Calico nodename overridable on bare metal
 2018-06-25 08:45:09 +03:00
Rong Zhang
2ef05fb3b7
Merge pull request #2763 from ameukam/update_efk_stack 
Update efk stack
 2018-06-24 19:01:32 +08:00
Rong Zhang
e06d02365e
Merge pull request #2338 from southquist/template-openstack-storage-class 
allow for configurable openstack storage class
 2018-06-24 18:42:29 +08:00
elementyang
d6f2dbc723 fix the time of ca files are changed in make-ssl-etcd 2018-06-24 13:05:43 +08:00
Brad Beam
20dba8b388 Adding uuidfile for rkt based vault to properly cleanup after itself 2018-06-23 15:14:40 -05:00
Rong Zhang
f624ba47fb
Merge pull request #2922 from riverzhang/remove-node 
Add run_once to remove-node
 2018-06-23 15:09:16 +08:00
rongzhang
94aa062d51 Add run_once to remove-node 2018-06-23 07:05:24 +00:00
elementyang
c0935e161b fix template index out of range for pull images 2018-06-23 05:32:44 +08:00
elementyang
70fbc01cc1 fix etcd_events_access_addresses 2018-06-23 00:04:19 +08:00
Yumo Yang
6c2f169ea2 update test-pr2 (#2911) 2018-06-22 13:22:26 +03:00
Rong Zhang
1aee6ec371
Merge pull request #2903 from riverzhang/swap 
Add manage swap on the worker node
 2018-06-21 22:20:23 +08:00
Erwan Miran
d3fdfee211 Only subdirectories in /var/lib/kubelet should be unmounted 2018-06-21 11:50:02 +02:00
rongzhang
3232e2743e Add manage swap on the worker node 2018-06-21 08:15:01 +00:00
Andreas Krüger
cbb959151c
Merge pull request #2737 from Miouge1/update-scheduler 
Update kube-scheduler policy
 2018-06-19 14:53:22 +02:00
Andreas Krüger
c3d8b131db
Merge pull request #2801 from dvazar/bugfix/undefined__network_plugin__variable 
Fixed "network_plugin" variable
 2018-06-19 10:01:06 +02:00
Andreas Krüger
236d1a448d
Merge pull request #2898 from kubernetes-incubator/default_true_authtoken 
Enable by default the kubelet token auth
 2018-06-19 09:56:32 +02:00
Matthew Mosesohn
61e97251a5 Improve variable handling for disabling etcd events cluster 2018-06-18 16:58:29 +03:00
Antoine Legrand
c192a01b20 Enable by default the kubelet token auth 2018-06-18 14:20:05 +02:00
Henry Finucane
3ad9e9c5eb Fix #2261 by supporting Red Hat's limited PATH 
Red Hat has this theory that binaries in sbin are too dangerous to be on
the default path, but we need them anyway.

RH7 has /sbin and /usr/sbin as symlinks, so that is no longer important.

I'm adding it to the `PATH` instead of making the path to `modinfo`
absolute because I am worried about breaking support for other
distributions.
 2018-06-15 12:49:22 -07:00
Julien Mailleret
6aaaf4a272 Limit the maximum number of revisions saved per helm release (#2894) 
* Limit the maximum number of revisions saved per helm release
 2018-06-15 12:50:18 +02:00
Andreas Krüger
cd64f41524
Merge pull request #2844 from chechiachang/fix-inconsistent-variable-in-task-name-and-msg 
Fix inconsistent variables in task name and task message
 2018-06-15 09:19:31 +02:00
Andreas Krüger
df279b1ff6
Merge pull request #2890 from drekle/bugfix/dns-domain-incorrect-for-coredns 
CoreDNS uses cluster_name instead of dns_domain
 2018-06-15 09:06:11 +02:00
Andreas Krüger
6ac601fd2d
Merge pull request #2876 from neith00/docker_iptables 
parametrized iptables options for docker daemon
 2018-06-14 22:23:27 +02:00
Andreas Krüger
3a569c9dcb
Merge pull request #2750 from w-leads/feature/add-vmname-to-vcp-config 
Add vm_name option to vsphere cloud provider config
 2018-06-14 22:22:34 +02:00
neith00
f2f1e7f9d1 parametrized iptables options for docker daemon 2018-06-14 12:16:16 +02:00
Rong Zhang
0686b8452e
Merge pull request #2860 from alvistack/cert-manager-0.3.0 
cert-manager: Upgrade to v0.3.0
 2018-06-14 10:35:23 +08:00
Derek Lemon
1e98e8444e Using dns domain instead of cluster name for coredns, incase they differ 2018-06-13 18:52:35 +00:00
Wong Hoi Sing Edison
291dd1aca8 Fixup #2545, cephfs-provisioner: Individual Namespace for Add-on 2018-06-13 21:52:58 +08:00
Wong Hoi Sing Edison
38da0adead cert-manager: Upgrade to v0.3.0 2018-06-13 21:47:44 +08:00
Rong Zhang
81b3343796
Merge pull request #2857 from alvistack/ingress-nginx-0.15.0 
ingress-nginx: Upgrade to 0.15.0
 2018-06-13 21:16:17 +08:00
Brad Beam
3d819a6edd Adding cluster_name to api cert alt name for vault 2018-06-12 14:15:07 -05:00
rongzhang
20bd656975 Reconfigure kube-proxy to access kube-apiserver via the LB(kubeadm) 2018-06-12 12:53:50 +00:00
Frank Ritchie
cfe939ff08 Tolerate NoSchedule by default 2018-06-11 20:10:13 -04:00
Wong Hoi Sing Edison
9f245dd9b2 ingress-nginx: Upgrade to 0.15.0 2018-06-08 16:05:15 +08:00
Rong Zhang
10c9fe96b0
Merge pull request #2859 from riverzhang/nginx 
Fix nginx-proxy HA when kubeadm enable
 2018-06-08 01:10:01 +08:00
Rong Zhang
42b24616ac
Merge pull request #2856 from alvistack/kubernetes-1.10.4 
Upgrade Kubernetes to 10.0.4 and etcd to 3.2.18
 2018-06-07 23:54:03 +08:00
rongzhang
f9ccb93825 Fix nginx-proxy HA when kubeadm enable 2018-06-07 14:27:19 +00:00
Aivars Sterns
daeea75fbb
Merge pull request #2835 from oracle/bm_fix-apiserver-access-ip 
roles/kubernetes/client: kubeconfig template should use access_ip
 2018-06-07 11:50:57 +03:00
Wong Hoi Sing Edison
0ad0202e8f Upgrade Kubernetes to 10.0.4 and etcd to 3.2.18 2018-06-07 16:20:29 +08:00
Brad Beam
1f02cc70f1
Merge pull request #2825 from dshuvar/dshuvar/docker-options.conf 
Changed /etc/systemd/system/docker.service.d/docker-options.conf file for successful parsing mount aguments
 2018-06-06 12:56:18 -05:00
Brad Beam
fe010504aa
Merge pull request #2851 from bradbeam/vaultnotify 
Adding wait for vault up handler in service restart
 2018-06-06 12:49:03 -05:00
Brad Beam
63a458063b Adding missing rkt template for etcd-events 2018-06-06 10:43:30 -05:00
Brad Beam
a8715f9f0f Adding wait for vault up handler in service restart 2018-06-06 10:40:27 -05:00
Matthew Mosesohn
59be578842
Revert "wip pr for improved cert sync" (#2849) 2018-06-06 17:22:25 +03:00
Aivars Sterns
cb0a257349
Merge pull request #2819 from oleh-ozimok/fix-cidr-assert 
Fix enough network address space assert
 2018-06-06 07:32:16 +03:00
Di Xu
1081f620d2 add support for non-amd64 arch gcr.io images 
Currently all the gcr.io images used in kubespray can only run on x86.
Also gcr.io has not fully support multi-arch docker images.

Add extra var "image_arch" (default is amd64) to support running other
platforms, like arm64.

Change-Id: I8e1c9af533c021cb96ade291a1ce58773b40e271
 2018-06-05 17:29:02 +08:00
David Chang
e1cfe83825 Fix inconsistent variables in task name and task message 2018-06-05 16:45:02 +08:00
Di Xu
6019a84fb3 Update docker package info for aarch64 
Missing corresponding package docker-engine on aarch64, use docker instead.

Change-Id: If5df58337746a81752b5d477e0473600eaee8381
 2018-06-05 16:30:28 +08:00
Di Xu
f4d762bb95 fix docker opts incompatible running on aarch64 Redhat/Centos 
On Aarch64, the default cgroup driver for docker is systemd
instead of cgroupfs. Should conform kubelet to use systemd
as cgroup driver as well to keep it consistent with docker.

Without this change, below exception will be raised.
/usr/bin/docker-current: Error response from daemon: shim
error: docker-runc not installed on system.

Change-Id: Id496ec9eaac6580e4da2f3ef1a386c9abc2a5129
 2018-06-05 16:17:16 +08:00
Aivars Sterns
69ea28e187
Merge pull request #2827 from mattymo/testpr 
wip pr for improved cert sync
 2018-06-04 12:43:00 +03:00
Ben Meier
2f5a9e180c kubernetes/client: kubeconfig template should use the access_ip for the chosen master node 2018-06-04 09:51:05 +01:00
Dmitry
f912a4ece5 Fix compare AnsibleUnsafeText with int (#2828) 2018-06-04 11:34:10 +03:00
Rong Zhang
d1e66f9cc8 Add label to kubelet env for kubeadm deploy cluster (#2841) 2018-06-04 11:26:47 +03:00
Aivars Sterns
b67cf74c5e
Merge pull request #2823 from scality/dashboard_in_cluster_info 
Dashboard in cluster info
 2018-05-31 15:48:25 +03:00
Erwan Miran
11d87ecc37 removed surnumerary definition of contiv_etcd_init_image_* (already in download role) 2018-05-31 00:02:11 +02:00
Matthew Mosesohn
7433348aae wip pr for improved cert sync 2018-05-30 12:15:11 +03:00
Erwan Miran
3673ed6262 include contiv_etcd_init_image to downloads role 2018-05-29 17:05:33 +02:00
Dmitrii Shuvar
16f860bbc2
Update docker-options.conf.j2 
Changed /etc/systemd/system/docker.service.d/docker-options.conf file for successful parsing mount aguments
try fix ci error previous commit
 2018-05-29 12:40:33 +03:00
dshuvar
d973ecf5cc fix error message: '[/etc/systemd/system/docker.service.d/docker-options.conf:3] Failed to parse mount flag , ignoring.' 2018-05-28 18:23:15 +03:00
Julien Girardin
f88cd27686 Add dashboard url as part of kubectl cluster-info output 2018-05-28 11:46:11 +02:00
Erwan Miran
2a4fc70e1c contiv-etcd-init image as default instead hardcoded 2018-05-28 11:11:18 +02:00
Oleg Ozimok
38f7ba2584 Fix enough network address space assert 2018-05-27 18:01:17 +03:00
dvazar
b3f9cae820 fixed a check unknown networks (cilium & contiv) 2018-05-22 16:43:19 +07:00
Andreas Krüger
a67bdff28c
Merge pull request #2743 from mrostecki/opensuse-tumbleweed-openssl 
opensuse: Fix OpenSSL package name
 2018-05-22 11:21:04 +02:00
Andreas Krüger
e3c8b230a0
Merge pull request #2806 from Miouge1/no-kpm 
Remove KPM support
 2018-05-22 11:17:52 +02:00
Miouge1
095d33bc51 Remove KPM support 2018-05-21 22:28:08 +02:00
Mikhail Vasilenko
821966b319 Update Helm version to 2.9.1 2018-05-21 17:36:51 +03:00
dvazar
4b8daa22f6 Fixes #2800 2018-05-19 00:57:09 +07:00
Andreas Krüger
e60a63ea51
Merge pull request #2577 from woopstar/etcd-fix-4 
Makeover of etcd- and etcd-cluster setup.
 2018-05-16 20:49:54 +02:00
Andreas Krüger
a2a7bcd43d
Merge pull request #2786 from cruwe/cjr-assert-maximum-pods-on-node-cidr 
assert that number of pods on node does not exceed CIDR address range
 2018-05-16 19:57:43 +02:00
Christopher J. Ruwe
c1bc4615fe assert that number of pods on node does not exceed CIDR address range 
The number of pods on a given node is determined by the  --max-pods=k
directive. When the address space is exhausted, no more pods can be
scheduled even if from the --max-pods-perspective, the node still has
capacity.

The special case that a pod is scheduled and uses the node IP in the
host network namespace is too "soft" to derive a guarantee.

Comparing kubelet_max_pods with kube_network_node_prefix when given
allows to assert that pod limits match the CIDR address space.
 2018-05-16 11:55:46 +00:00
Aivars Sterns
eba486f229 add posibility to provide different yum repository directory (#2787) 2018-05-16 13:56:04 +03:00
Andreas Krüger
4ac79993e2
Merge pull request #2666 from AnatolyRugalev/master 
Added MountFlags variable to docker options
 2018-05-16 09:34:34 +02:00
Matthew Mosesohn
7c93e71801
Upgrade k8s to 1.10.2 (#2748) 
* Upgrade k8s to 1.10.2

Bumped etcd version to 3.2.16 as recommended

* Add ipvs fix for v1.10

* change flannel addons test to ha
 2018-05-15 16:00:29 +03:00
Andreas Krüger
1be399ab7b
Merge pull request #2772 from cruwe/cjr-correct-perms-on-kubeconfig 
make admin.conf -> .kube/config non-executable
 2018-05-15 13:26:33 +02:00
Anatoly Rugalev
eae4fa040a Added docker_mount_flags option (fixes #2624) 2018-05-15 11:57:18 +02:00
Christopher J. Ruwe
73800ef111 make certificates non-executable 2018-05-15 07:54:32 +00:00
rongzhang
742a8782dd Bump kube-dns to 1.14.10 
Upgrade kube-dns to 1.14.10
https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dns
 2018-05-15 03:29:10 +00:00
Arnaud Meukam
cd7c58e8d3 correct some indentation issues in the fluentd daemonset. 2018-05-14 19:56:18 +02:00
Daniel Mohr
476b14b06e Make Calico nodename overridable on bare metal 
Signed-off-by: Daniel Mohr <daniel.mohr@supercrunch.io>
 2018-05-14 14:13:51 +02:00
Christopher J. Ruwe
49d106f615 make admin.conf -> .kube/config non-executable 
Almost certainly, the .kube/config file (YAML) should not be executable.
 2018-05-14 09:29:48 +00:00
Miouge1
ad48606e4e Restart scheduler when policy changes 2018-05-14 10:09:30 +02:00
Arnaud Meukam
c75da43f22 add missing field in fluentd 2018-05-13 21:39:27 +02:00
Arnaud Meukam
65f14f636d remove support of other CRI runtimes than Docker in the efk stack 2018-05-13 18:37:36 +02:00
Arnaud Meukam
363627d9f8 serviceName added in elasticsearch. Required when a Statefulset is used 2018-05-13 14:23:37 +02:00
Arnaud Meukam
7950a49e28 update fluentd deployment and configmap 2018-05-11 18:56:14 +02:00