sneumann
3aa2d56da9
updated bootstrap-ubuntu.yml
...
Moved the variable setting to the apt-get install part where it matters as requested in the review.
2016-11-16 12:11:54 +01:00
Aleksandr Didenko
e3470b28c5
Move CNI config and add MTU support for calico-cni
...
- Move CNI configuration creation for Calico to appropriate
network_plugin role from kubernetes/node.
- Add support for MTU configuration in Calico.
2016-11-15 18:05:11 +01:00
sneumann
0322b69f63
Fix failure if image package index is outdated
2016-11-15 17:49:14 +01:00
Bogdan Dobrelya
e587e82f7f
Merge pull request #600 from adidenko/calico-cni-container-support
...
Replace calico-cni binaries with calico/cni container
2016-11-15 15:40:13 +01:00
Bogdan Dobrelya
876c4df1b6
Fix mountflags and kubelet config
...
Add missing --require-kubeconfig to the if..else stanza.
Make sure certs dirs mounted in RO.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-15 11:22:23 +01:00
Antoine Legrand
216e0b2a52
Merge pull request #599 from kubernetes-incubator/bug_542
...
Fix kubelet deprecated options
2016-11-15 10:50:26 +01:00
Matthew Mosesohn
ab0ff2ab3c
Merge pull request #602 from adidenko/fix-canal-ssl
...
Fix etcd ssl for canal
2016-11-15 12:43:22 +03:00
Matthew Mosesohn
5cd65f9c45
Merge pull request #598 from kubernetes-incubator/bug_376
...
Generate kubectl bash completion from kubectl instead of file
2016-11-15 12:28:51 +03:00
Matthew Mosesohn
4e47c267fb
Merge pull request #604 from kubernetes-incubator/k8s-upgrade-v1.4.6
...
upgrade k8s version to 1.4.6
2016-11-15 12:27:29 +03:00
Smana
c41d200a95
upgrade k8s version to 1.4.6
2016-11-14 21:40:05 +01:00
Matthew Mosesohn
8ca1f4ce44
Fix kubelet deprecated options
...
--api-servers now just reads kubeconfig
--config is now --pod-manifest-path
Fixes #542
2016-11-14 22:13:44 +04:00
Aleksandr Didenko
caa81f3ac2
Fix etcd ssl for canal
...
- Move CNI configuration from `kubernetes/node` role to
`network_plugin/canal`
- Create SSL dir for Canal and symlink etcd SSL files
- Add needed options to `canal-config` configmap
- Run flannel and calico-node containers with proper configuration
2016-11-14 14:49:17 +01:00
Matthew Mosesohn
8092f57695
Merge branch 'master' into calico-cni-container-support
2016-11-14 14:58:42 +03:00
Aleksandr Didenko
965a1234d3
Replace calico-cni binaries with calico/cni container
...
Calico CNI binaries are also released/shipped in calico/cni
container. This patch replaces download of calico CNI binaries with
calico/cni container.
2016-11-14 12:19:58 +01:00
Matthew Mosesohn
15bc445a9c
Generate kubectl bash completion from kubectl instead of file
2016-11-14 14:54:59 +04:00
Bogdan Dobrelya
bb72de0dc9
Merge pull request #496 from kubernetes-incubator/idempotency_resolvconf
...
Ignore changes on check resolvconf task
2016-11-14 11:10:04 +01:00
Matthew Mosesohn
45c2900e71
Merge branch 'master' into hostname-alias
2016-11-14 09:32:35 +03:00
Matthew Mosesohn
eb583dd2f3
Merge branch 'master' into idempotency_resolvconf
2016-11-14 09:30:22 +03:00
Matthew Mosesohn
46ee9faca9
Fix ca certificate loading on CoreOS
2016-11-14 08:47:09 +04:00
Matthew Mosesohn
6cc05c103a
Merge pull request #592 from artem-panchenko/support_golang_calicoctl
...
Support new version of 'calicoctl' (>=v1.0.0)
2016-11-11 13:55:24 +03:00
Bogdan Dobrelya
88577b9889
Merge pull request #593 from bogdando/label_apps
...
Label k8s apps, adjust collect info commands
2016-11-10 18:09:05 +01:00
Bogdan Dobrelya
5821f9748a
Merge pull request #594 from adidenko/fix-calico-policy-controller
...
Fix policy controller
2016-11-10 16:15:36 +01:00
Artem Panchenko
c58bd33af7
Support new version of 'calicoctl' (>=v1.0.0)
...
Since version 'v1.0.0-beta' calicoctl is written
in Go and its API differs from old Python based
utility. Added support of both old and new version
of the utility.
2016-11-10 17:11:29 +02:00
Bogdan Dobrelya
cf7c60029b
Label k8s apps, adjust collect/upload info steps
...
- Drop debugs from collect-info playbook
- Drop sudo from collect-info step and add target dir var (required for travis jobs)
- Label all k8s apps, including static manifests
- Add logs for K8s apps to be collected as well
- Fix upload to GCS as a public-read tarball
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-11-10 16:05:50 +01:00
Aleksandr Didenko
251800eb16
Fix policy controller
...
'etcd_cert_dir' variable is missing from 'kubernetes-apps/ansible'
role which breaks Calico policy controller deployment.
Also fixing calico-policy-controller.yml.
2016-11-10 13:31:31 +01:00
Matthew Mosesohn
fe16fecd8f
Fix canal's calico networking config for ETCD TLS
...
Also fixes kube-apiserver upgrade that was erroneously
deleted in a previous commit.
2016-11-10 12:49:47 +03:00
Matthew Mosesohn
9ea9604b3f
Merge pull request #591 from kubernetes-incubator/etcdtls
...
Add etcd tls support
2016-11-10 12:32:13 +03:00
Matthew Mosesohn
a32cd85eb7
Add etcd TLS support
2016-11-09 18:38:28 +03:00
Matthew Mosesohn
95b460ae94
Remove etcd-proxy from all nodes and use etcd multiaccess
2016-11-09 13:31:12 +03:00
Bogdan Dobrelya
764a2fd5a8
Merge pull request #588 from adidenko/canal-support
...
Adding support for canal network plugin
2016-11-09 10:31:56 +01:00
Aleksandr Didenko
4ece73d432
Fix idempotency of calico-policy-controller rs
...
We need to specify kube resource type and name in order to avoid
playbook errors related to k8s resource duplication.
2016-11-08 12:59:18 +01:00
Aleksandr Didenko
60a217766f
Add ConfigMap for basic configuration options
...
Container settings moved from deamonset yaml to a separate
configmap.
2016-11-08 12:57:34 +01:00
Aleksandr Didenko
309240cd6f
Adding support for canal network plugin
...
This patch provides support for Canal network plugin installation
as a self-hosted app, see the following link for details:
https://github.com/tigera/canal/tree/master/k8s-install
2016-11-08 11:04:01 +01:00
Spencer Smith
8f20d90f88
update admission controllers for > 1.4
2016-11-04 12:54:35 -04:00
Bogdan Dobrelya
672d50393c
Merge branch 'master' into idempotency_resolvconf
2016-11-03 13:08:07 +01:00
Jan Jungnickel
f9355ea14d
Swap order in which we reload docker/socket
2016-11-01 13:12:40 +01:00
Jan Jungnickel
2ca6819cdf
Reload docker.socket after installing flannel on coreos
...
Workaround for #569
2016-11-01 13:12:32 +01:00
Matthew Mosesohn
d8b06f3e2f
Ignore changes on check resolvconf task
2016-10-28 10:38:16 +04:00
Smaine Kahlouch
d6f206b5fd
Merge pull request #561 from kubespray/rsync_certs
...
Use tar+register instead of copy/slurp for distributing tokens and certs
2016-10-27 10:52:41 +02:00
Matthew Mosesohn
2778ac61a4
Add new var skip_dnsmasq_k8s
...
If skip_dnsmasq is set, it will still not set up dnsmasq
k8s pod. This enables independent setup of resolvconf section
before kubelet is up.
2016-10-26 17:56:15 +03:00
Matthew Mosesohn
c7b00caeaa
Use tar+register instead of copy/slurp for distributing tokens and certs
...
Related bug: https://github.com/ansible/ansible/issues/15405
Uses tar and register because synchronize module cannot sudo on the
remote side correctly and copy is too slow.
This patch dramatically cuts down the number of tasks to process
for cert synchronization.
2016-10-26 15:46:18 +03:00
Bogdan Dobrelya
c59c3a1bcf
Fix idempotency/recurrence of download and preinstall
...
* Don't push containers if not changed
* Do preinstall role only once and redistribute defaults to
corresponding roles
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-10-24 18:28:53 +02:00
Smaine Kahlouch
4c0bf6225a
Merge pull request #562 from kubespray/enable_standalone_node
...
Enable standalone node deployment
2016-10-24 13:10:53 +02:00
Smaine Kahlouch
b11662a887
Merge pull request #558 from chadswen/etcdctl-path
...
Use absolute path for etcdctl
2016-10-21 23:06:15 +02:00
Matthew Mosesohn
11f1f71b3b
dynamically calculate etcd peer names
2016-10-21 16:17:50 +03:00
Matthew Mosesohn
0e9d1e09e3
Sync master tokens only with those in play_hosts
2016-10-21 14:43:41 +03:00
Matthew Mosesohn
65d2a3b0e5
Use only native cachable hostvars for etcd set_facts
2016-10-21 14:39:58 +03:00
Matthew Mosesohn
4b7347f1cd
fix dnsmasq template cloud_provider lookup
2016-10-21 13:00:40 +03:00
Chad Swenson
e6902d8ecc
Use absolute path for etcdctl
...
Small fix. The shell module won't automatically resolve the path to the etcdctl binary, so i prefixed with {{ bin_dir }}/
2016-10-20 14:56:52 -05:00
Chad Swenson
a5137affeb
Hostname alias fixes
...
Change the kubelet --hostname-override flag to use the ansible_hostname variable which should be more consistent with the value required by cloud providers
Add ansible_hostname alias to /etc/hosts when it is different from inventory_hostname to overcome node name limitations see https://github.com/kubernetes/kubernetes/issues/22770
Signed-off-by: Chad Swenson <chadswen@gmail.com>
2016-10-18 16:22:32 -05:00
Smaine Kahlouch
a423927ac9
Merge pull request #546 from chadswen/dependency-variables
...
Parameterize dependency endpoints
2016-10-18 18:42:17 +02:00
Smana
91a101c855
upgrade to k8s v1.4.3
2016-10-18 12:52:35 +02:00
Chad Swenson
c402feffbd
Parameterize several dependency endpoints so that they can be overridden with internal mirrors.
...
Signed-off-by: Chad Swenson <chadswen@gmail.com>
2016-10-15 12:26:52 -05:00
Smana
dd022f2dbc
upgrade calico version v0.22.0
2016-10-15 15:01:45 +02:00
Smana
21273926ce
upgrade flannel version
2016-10-12 21:55:39 +02:00
Matthew Mosesohn
71347322d6
Add cluster-cidr to kube-proxy config
...
This option enables masquerading for traffic directed at pods
that comes frmom outside the cluster.
2016-10-12 19:13:33 +03:00
Smaine Kahlouch
c9769965b8
Merge pull request #540 from aateem/enable-network-policy
...
Add possibility to enable network policy via Calico network controller
2016-10-11 12:10:56 +02:00
Smana
056f4b6c00
upgrade to kubernetes version 1.4.0
...
test to change the machine type
Revert "test to change the machine type"
This reverts commit 7a91f1b5405a39bee6cb91940b09a0b0f9d3aee1.
use google dns server when no upstream dns are defined
comment upstream_dns_servers
update documentation
remove deprecated kubelet flags
Revert "remove deprecated kubelet flags"
This reverts commit 21e3b893c896d0291c36a07d0414f4cb88b8d8ac.
2016-10-10 22:44:47 +02:00
Artem Roma
3919d666c1
Add possibility to enable network policy via Calico network controller
...
The requirements for network policy feature are described here [1]. In
order to enable it, appropriate configuration must be provided to the CNI
plug in and Calico policy controller must be set up. Beside that
corresponding extensions needed to be enabled in k8s API.
Now to turn on the feature user can define `enable_network_policy`
customization variable for Ansible.
[1] http://kubernetes.io/docs/user-guide/networkpolicies/
2016-10-10 17:22:12 +03:00
Sergey Vasilenko
dea4210da1
Bump Calico-CNI plugin binaries versions
...
and correct checksums
2016-10-07 13:14:46 +03:00
Sergey Vasilenko
a6344f7561
Changes in Kubernetes and Calico-CNI plugin config files
...
required for usage of Calico CNI plugin version 1.4.2
2016-10-06 19:33:16 +03:00
Smaine Kahlouch
c490e5c8a1
Merge pull request #528 from kubespray/proxy-nginx
...
Use nginx proxy on non-master nodes to proxy apiserver traffic
2016-10-05 19:19:32 +02:00
Matthew Mosesohn
84052ff0b6
use nginx proxy on non-master nodes to proxy apiserver traffic
...
Also adds all masters by hostname and localhost/127.0.0.1 to
apiserver SSL certificate.
Includes documentation update on how localhost loadbalancer works.
2016-10-05 20:09:10 +03:00
Smaine Kahlouch
9ca374a88d
Merge pull request #491 from kubespray/calicopools
...
Allow calico to configure pool if tree exists, but no pools defined
2016-10-05 17:12:26 +02:00
Smaine Kahlouch
648aa7422d
Merge pull request #522 from anthonyhaussman/KubeVersionDefaults
...
Move kube_version var to defaults
2016-10-05 17:11:59 +02:00
Matthew Mosesohn
2e90d3fe76
Merge branch 'master' into reverselookups
2016-10-05 14:46:47 +03:00
Matthew Mosesohn
f4e6fdc193
Enable quorum read for apiserver
...
This reduces the likelihood of apiserver status updates
timing out due to etcd write conflicts.
2016-10-04 18:31:42 +03:00
Aleksandr Didenko
fb0ee9d84a
Add support for --masquerade-all in kube-proxy
...
New boolean var `kube_proxy_masquerade_all` which enables/disables
`--masquerade-all` argument for kube-proxy.
Closes #524
2016-10-03 12:24:43 +02:00
Bogdan Dobrelya
a6a5d0e068
Skip download_run_once for binaries as unimplemented yet
...
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-30 10:55:02 +02:00
Matthew Mosesohn
d9641771ed
add kube-masters to SSL certificate
2016-09-29 15:12:30 +03:00
Smaine Kahlouch
aaa3f1c491
Merge pull request #502 from adidenko/custom-calico-hyperkube
...
Allow to use custom "canalized" calico cni
2016-09-29 13:29:49 +02:00
Smaine Kahlouch
5889f7af0e
Merge pull request #515 from adidenko/fix-delegate-to
...
Fix delegate_to expression in download tasks
2016-09-29 10:36:44 +02:00
Matthew Mosesohn
5579cddbdb
Disable reverse lookups again
...
Initially this was removed, but it turns out that services that
perform reverse lookups (such as MariaDB) will encounter severe
performance degredation with this disabled.
2016-09-29 10:49:55 +04:00
Aleksandr Didenko
2b6866484e
Allow to use custom "canalized" calico cni
...
- Allow to overwrite calico cni binaries copied from hyperkube
by the custom ones.
- Fix calico-ipam deployment (it had wrong source in rsync)
- Make copy from hyperkube idempotent (use rsync instead of cp)
- Remove some orphaned comments
2016-09-28 18:09:20 +02:00
Anthony Haussmann
34a27b0127
Move kube_version var to defaults
...
Move the variable kube_version to defaults to have the possibility to overwrite it via group_vars inventory if needed.
2016-09-28 16:15:18 +02:00
Smaine Kahlouch
948d1d61ff
Merge pull request #521 from anthonyhaussman/MethodBoolUseCNI
...
Change method to set use_hyperkube_cni var bool
2016-09-28 12:24:53 +02:00
Smaine Kahlouch
c96a9bfdfd
Merge pull request #518 from bogdando/issues/516
...
Allow subdomains of dns_domain and fix kubelet restarts
2016-09-28 10:11:44 +02:00
Anthony Haussmann
550bda951e
Change method to set use_hyperkube_cni var bool
...
The precedent method returb a string "True\n" or "False\n", it seems to be an Ansible bug.
New method return a boolean
2016-09-27 16:41:09 +02:00
Smaine Kahlouch
6b27508c93
Merge pull request #519 from bogdando/fix_containers_download
...
Fix containers download condition
2016-09-27 15:23:50 +02:00
Bogdan Dobrelya
5fd43b7cf0
Allow subdomains of dns_domain and fix kubelet restarts
...
* Add a var for ndots (default 5) and put it hosts' /etc/resolv.conf.
* Poke kube dns container image to v1.7
* In order to apply changes to kubelet, notify it to
be restarted on changes made to /etc/resolv.conf. Ignore errors as the kubelet
may yet to be present up to the moment of the notification being processed.
* Remove unnecessary kubelet restart for master role as the node role ensures
it is up and running. Notify master static pods waiters for apiserver,
scheduler, controller-manager instead.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-27 14:32:49 +02:00
Smana
336e2b8c84
use variable dns_domain instead of cluster_name for kubedns
2016-09-27 14:15:27 +02:00
Bogdan Dobrelya
ee69ac857e
Fix containers download condition
...
Save/push/load containers if only download.enabled and download.container
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-27 13:44:29 +02:00
Aleksandr Didenko
6caf5b0ac3
Fix delegate_to expression in download tasks
...
"else omit" is causing problems in this expression. Replacing
it with more strict "inventory_hostname" fixes the issue and
handles `download_run_once` as expected.
Closes issue #514
2016-09-27 11:25:24 +02:00
Smaine Kahlouch
0f461282c8
Merge pull request #507 from anthonyhaussman/KubeDNSCorrection
...
Correct nslookup command
2016-09-26 13:58:00 +02:00
Smaine Kahlouch
5046466dae
Merge pull request #509 from kubespray/cnicopyweave
...
Copy hyperkube CNI plugins when using weave
2016-09-26 13:54:02 +02:00
Matthew Mosesohn
e4a48cf53b
Add Docker 1.12.1 version
2016-09-26 12:16:16 +03:00
Matthew Mosesohn
a3fe1e78df
Copy hyperkube CNI plugins when using weave
2016-09-26 12:02:19 +03:00
Anthony Haussmann
5f2bb3319b
Correct nslookup command
...
Change nslookup command to check the right cluster_name
2016-09-23 17:44:09 +02:00
Bogdan Dobrelya
dfb9063b3f
Fix docs and dns servers placement order
...
- Update docs and a drawing to clarify DNS setup.
- Change order of nameservers placement to match
changes in https://github.com/kubespray/kargo/pull/501
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-23 16:16:00 +02:00
Bogdan Dobrelya
82ee60fe8b
Make dnsmasq daemon set optional
...
Change additional dnsmasq opts:
- Adjust caching size and TTL
- Disable resolve conf to not create loops
- Change dnsPolicy to default (similarly to kubedns's dnsmasq). The
ClusterFirst should not be used to not create loops
- Disable negative NXDOMAIN replies to be cached
- Make its very installation as optional step (enabled by default).
If you don't want more than 3 DNS servers, including 1 for K8s, disable
it.
- Add docs and a drawing to clarify DNS setup.
- Fix stdout logs for dnsmasq/kubedns app configs
- Add missed notifies to resolvconf -u handler
- Fix idempotency of resolvconf head file changes
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-23 12:59:06 +02:00
Matthew Mosesohn
d313be4420
Improve management of nameservers in resolv.conf
...
Changing nameservers now will clean up previous entries
2016-09-22 18:11:15 +03:00
Özgür Caner
123532d2a4
Changed ImagePullPolicy from Always to IfNotPresent to avoid download issue when DNS is not working
2016-09-20 10:34:44 +02:00
Matthew Mosesohn
a93639650f
Allow calico to configure pool if tree exists, but no pools defined
2016-09-19 15:27:47 +03:00
Smaine Kahlouch
71a230a4fa
Merge pull request #493 from ivan4th/fix-reverse-dns-lookups
...
Fix reverse DNS lookups of service IPs.
2016-09-19 14:20:15 +02:00
Smaine Kahlouch
0643ed968f
Merge pull request #494 from kubespray/etcd_proxy_fix
...
always bind etcd_proxy to localhost
2016-09-19 14:19:55 +02:00
Smaine Kahlouch
1572aaf6ca
Merge pull request #489 from lukaszo/patch-1
...
Add socat do required pkgs
2016-09-19 12:19:46 +02:00
Smaine Kahlouch
5803de1ac5
Merge pull request #486 from kubespray/etchosts
...
switch /etc/hosts to use blockinfile
2016-09-19 12:19:37 +02:00
Ivan Shvedunov
13874f4610
Fix reverse DNS lookups of service IPs.
...
This fixes "DNS should provide DNS for services [Conformance]"
e2e test in k8s.
2016-09-19 09:12:10 +03:00
Matthew Mosesohn
341ea5a6ea
always bind etcd_proxy to localhost
2016-09-18 19:58:15 +04:00
Bogdan Dobrelya
5ed3916f82
Fix use_hyperkube_cni logic
...
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-09-16 13:07:04 +02:00