update docker-ce to 18.09.7 (#4973 ) (#5162 )

Update to Kube v1.14.6 (#5098 )
[contrib/heketi]: tear down additions and fixes. Heketi updated to version 9 (#5026 )
2019-10-16 04:29:41 -07:00 · 2019-08-22 00:54:31 -07:00 · 2019-08-06 03:31:54 -07:00 · 2019-07-19 09:33:12 -07:00 · 2019-07-19 05:59:13 -07:00 · 2019-06-13 05:22:17 -07:00
23 changed files with 76 additions and 47 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -64,7 +64,6 @@ ci-authorized:
 include:
  - .gitlab-ci/lint.yml
  - .gitlab-ci/shellcheck.yml
-  - .gitlab-ci/gce.yml
  - .gitlab-ci/digital-ocean.yml
  - .gitlab-ci/terraform.yml
  - .gitlab-ci/packet.yml
--- a/README.md
+++ b/README.md
@ -108,7 +108,7 @@ Supported Components
 --------------------

 -   Core
-    -   [kubernetes](https://github.com/kubernetes/kubernetes) v1.14.1
+    -   [kubernetes](https://github.com/kubernetes/kubernetes) v1.14.6
    -   [etcd](https://github.com/coreos/etcd) v3.2.26
    -   [docker](https://www.docker.com/) v18.06 (see note)
    -   [cri-o](http://cri-o.io/) v1.11.5 (experimental: see [CRI-O Note](docs/cri-o.md). Only on centos based OS)
--- a/contrib/network-storage/heketi/README.md
+++ b/contrib/network-storage/heketi/README.md
@ -14,3 +14,5 @@ ansible-playbook --ask-become -i inventory/sample/k8s_heketi_inventory.yml contr
 ```
 ansible-playbook --ask-become -i inventory/sample/k8s_heketi_inventory.yml contrib/network-storage/heketi/heketi-tear-down.yml
 ```
+
+Add `--extra-vars "heketi_remove_lvm=true"` to the command above to remove LVM packages from the system
--- a/contrib/network-storage/heketi/roles/provision/templates/heketi-bootstrap.json.j2
+++ b/contrib/network-storage/heketi/roles/provision/templates/heketi-bootstrap.json.j2
@ -56,7 +56,7 @@
            "serviceAccountName": "heketi-service-account",
            "containers": [
              {
-                "image": "heketi/heketi:7",
+                "image": "heketi/heketi:9",
                "imagePullPolicy": "Always",
                "name": "deploy-heketi",
                "env": [
--- a/contrib/network-storage/heketi/roles/provision/templates/heketi-deployment.json.j2
+++ b/contrib/network-storage/heketi/roles/provision/templates/heketi-deployment.json.j2
@ -68,7 +68,7 @@
            "serviceAccountName": "heketi-service-account",
            "containers": [
              {
-                "image": "heketi/heketi:7",
+                "image": "heketi/heketi:9",
                "imagePullPolicy": "Always",
                "name": "heketi",
                "env": [
--- a/contrib/network-storage/heketi/roles/tear-down-disks/defaults/main.yml
+++ b/contrib/network-storage/heketi/roles/tear-down-disks/defaults/main.yml
@ -0,0 +1,2 @@
+---
+heketi_remove_lvm: false
--- a/contrib/network-storage/heketi/roles/tear-down-disks/tasks/main.yml
+++ b/contrib/network-storage/heketi/roles/tear-down-disks/tasks/main.yml
@ -14,6 +14,8 @@
  when: "ansible_os_family == 'Debian'"

 - name: "Get volume group information."
+  environment:
+    PATH: "{{ ansible_env.PATH }}:/sbin"  # Make sure we can workaround RH / CentOS conservative path management
  become: true
  shell: "pvs {{ disk_volume_device_1 }} --option vg_name | tail -n+2"
  register: "volume_groups"
@ -21,12 +23,16 @@
  changed_when: false

 - name: "Remove volume groups."
+  environment:
+    PATH: "{{ ansible_env.PATH }}:/sbin"  # Make sure we can workaround RH / CentOS conservative path management
  become: true
  command: "vgremove {{ volume_group }} --yes"
  with_items: "{{ volume_groups.stdout_lines }}"
  loop_control: { loop_var: "volume_group" }

 - name: "Remove physical volume from cluster disks."
+  environment:
+    PATH: "{{ ansible_env.PATH }}:/sbin"  # Make sure we can workaround RH / CentOS conservative path management
  become: true
  command: "pvremove {{ disk_volume_device_1 }} --yes"
  ignore_errors: true
@ -36,11 +42,11 @@
  yum:
    name: "lvm2"
    state: "absent"
-  when: "ansible_os_family == 'RedHat'"
+  when: "ansible_os_family == 'RedHat' and heketi_remove_lvm"

 - name: "Remove lvm utils (Debian)"
  become: true
  apt:
    name: "lvm2"
    state: "absent"
-  when: "ansible_os_family == 'Debian'"
+  when: "ansible_os_family == 'Debian' and heketi_remove_lvm"
--- a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
+++ b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
@ -20,7 +20,7 @@ kube_users_dir: "{{ kube_config_dir }}/users"
 kube_api_anonymous_auth: true

 ## Change this to use another Kubernetes version, e.g. a current beta release
-kube_version: v1.14.1
+kube_version: v1.14.6

 # kubernetes image repo define
 kube_image_repo: "gcr.io/google-containers"
--- a/requirements.txt
+++ b/requirements.txt
@ -1,7 +1,7 @@
-ansible>=2.7.8
-jinja2>=2.9.6
-netaddr
-pbr>=1.6
-hvac
-jmespath
-ruamel.yaml
+ansible==2.7.8
+jinja2==2.10.1
+netaddr==0.7.19
+pbr==5.2.0
+hvac==0.8.2
+jmespath==0.9.4
+ruamel.yaml==0.15.96
--- a/roles/container-engine/docker/vars/debian.yml
+++ b/roles/container-engine/docker/vars/debian.yml
@ -12,9 +12,9 @@ docker_versioned_pkg:
  '17.12': docker-ce=17.12.1~ce-0~debian
  '18.03': docker-ce=18.03.1~ce-0~debian
  '18.06': docker-ce=18.06.2~ce~3-0~debian
-  '18.09': docker-ce=5:18.09.5~3-0~debian-{{ ansible_distribution_release|lower }}
-  'stable': docker-ce=5:18.09.5~3-0~debian-{{ ansible_distribution_release|lower }}
-  'edge': docker-ce=5:18.09.5~3-0~debian-{{ ansible_distribution_release|lower }}
+  '18.09': docker-ce=5:18.09.7~3-0~debian-{{ ansible_distribution_release|lower }}
+  'stable': docker-ce=5:18.09.7~3-0~debian-{{ ansible_distribution_release|lower }}
+  'edge': docker-ce=5:18.09.7~3-0~debian-{{ ansible_distribution_release|lower }}

 docker_package_info:
  pkg_mgr: apt
--- a/roles/container-engine/docker/vars/fedora.yml
+++ b/roles/container-engine/docker/vars/fedora.yml
@ -8,7 +8,7 @@ docker_versioned_pkg:
  'latest': docker-ce
  '18.03': docker-ce-18.03.1.ce-3.fc28
  '18.06': docker-ce-18.06.2.ce-3.fc28
-  '18.09': docker-ce-18.09.5-3.fc28
+  '18.09': docker-ce-18.09.7-3.fc28

 #
 # This is due to the fact that the docker
--- a/roles/container-engine/docker/vars/redhat.yml
+++ b/roles/container-engine/docker/vars/redhat.yml
@ -13,9 +13,9 @@ docker_versioned_pkg:
  '17.12': docker-ce-17.12.1.ce-1.el7.centos
  '18.03': docker-ce-18.03.1.ce-1.el7.centos
  '18.06': docker-ce-18.06.2.ce-3.el7
-  '18.09': docker-ce-18.09.5-3.el7
-  'stable': docker-ce-18.09.5-3.el7
-  'edge': docker-ce-18.09.5-3.el7
+  '18.09': docker-ce-18.09.7-3.el7
+  'stable': docker-ce-18.09.7-3.el7
+  'edge': docker-ce-18.09.7-3.el7

 docker_selinux_versioned_pkg:
  'latest': docker-ce-selinux
--- a/roles/container-engine/docker/vars/ubuntu-amd64.yml
+++ b/roles/container-engine/docker/vars/ubuntu-amd64.yml
@ -11,9 +11,9 @@ docker_versioned_pkg:
  '17.09': docker-ce=17.09.0~ce-0~ubuntu-{{ ansible_distribution_release|lower }}
  '17.12': docker-ce=17.12.1~ce-0~ubuntu-{{ ansible_distribution_release|lower }}
  '18.06': docker-ce=18.06.2~ce~3-0~ubuntu
-  '18.09': docker-ce=5:18.09.5~3-0~ubuntu-{{ ansible_distribution_release|lower }}
-  'stable': docker-ce=5:18.09.5~3-0~ubuntu-{{ ansible_distribution_release|lower }}
-  'edge': docker-ce=5:18.09.5~3-0~ubuntu-{{ ansible_distribution_release|lower }}
+  '18.09': docker-ce=5:18.09.7~3-0~ubuntu-{{ ansible_distribution_release|lower }}
+  'stable': docker-ce=5:18.09.7~3-0~ubuntu-{{ ansible_distribution_release|lower }}
+  'edge': docker-ce=5:18.09.7~3-0~ubuntu-{{ ansible_distribution_release|lower }}

 docker_package_info:
  pkg_mgr: apt
--- a/roles/container-engine/docker/vars/ubuntu-arm64.yml
+++ b/roles/container-engine/docker/vars/ubuntu-arm64.yml
@ -7,9 +7,9 @@ docker_versioned_pkg:
  '17.09': docker-ce=17.09.1~ce-0~ubuntu
  '17.12': docker-ce=17.12.1~ce-0~ubuntu-{{ ansible_distribution_release|lower }}
  '18.06': docker-ce=18.06.2~ce~3-0~ubuntu
-  '18.09': docker-ce=5:18.09.5~3-0~ubuntu-{{ ansible_distribution_release|lower }}
-  'stable': docker-ce=5:18.09.5~3-0~ubuntu-{{ ansible_distribution_release|lower }}
-  'edge': docker-ce=5:18.09.5~3-0~ubuntu-{{ ansible_distribution_release|lower }}
+  '18.09': docker-ce=5:18.09.7~3-0~ubuntu-{{ ansible_distribution_release|lower }}
+  'stable': docker-ce=5:18.09.7~3-0~ubuntu-{{ ansible_distribution_release|lower }}
+  'edge': docker-ce=5:18.09.7~3-0~ubuntu-{{ ansible_distribution_release|lower }}

 docker_package_info:
  pkg_mgr: apt
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@ -35,7 +35,7 @@ download_delegate: "{% if download_localhost %}localhost{% else %}{{groups['kube
 image_arch: "{{host_architecture | default('amd64')}}"

 # Versions
-kube_version: v1.14.1
+kube_version: v1.14.6
 kubeadm_version: "{{ kube_version }}"
 etcd_version: v3.2.26

@ -73,6 +73,11 @@ calicoctl_download_url: "https://github.com/projectcalico/calicoctl/releases/dow
 # Checksums
 hyperkube_checksums:
  arm64:
+    v1.14.6: 97646bffe61e54a0c6f61d68b5625ec2e98d8b9d04cec2c8382266e437835e93
+    v1.14.5: 90c77847d64eb857c8e686e8593fe7a9e505bcbf960b0407217255827a9da59a
+    v1.14.4: 9e0b4fde88a07c705e0937cd3161392684e3ca08535d14a99ae3b86bbf4c56b3
+    v1.14.3: f29211d668cbcf1aa415dfa64aad95ffc53b5410482a23cddb680caec4e907a3
+    v1.14.2: 959fb7d9c17fc8f7cb1a69920aaf08aefd62c0fbf6b5bdc46250f147ea6a5cd4
    v1.14.1: d5236efc2547fd07c7cc2ed9345dfbcd1204385847ca686cf1c62d15056de399
    v1.14.0: 708e00a41f6516d525dee00c91ebe3c3bf2feaf9b7f0af7689487e3e17e356c2
    v1.13.5: 8ffd84ba0cb6382a0ff96000458db8a83c92cac09458defe8496f0f0e155a6a8
@ -89,6 +94,11 @@ hyperkube_checksums:
    v1.12.1: 6863440b5516c94f48a3a23bf325a007af09f5412f335444e204bc4b09fbad2a
    v1.12.0: 3eb06e2344ea5e4988fdda168627319e7b10665f7f9fc9d96c477ccb39d0b061
  amd64:
+    v1.14.6: 4f9a8984985786797fa3353961ba2b58f50235581c9b5978130fbb4199005538
+    v1.14.5: 2c3410518980b8705ba9b7b708076a206f2bde37cb8bf5ba8f15c32c697f4d97
+    v1.14.4: 5f31434f3a884257a7b0e3178fc869720a7526c8637af5713d23433ddf2592dd
+    v1.14.3: 6c6cb5c118b2129ba4e56697f42567be3587eb636a477cd342b69f87b3b049d1
+    v1.14.2: 05546057f2053e085fa8387ab82581c95fe4195cd783408ccbb4fc3487c50176
    v1.14.1: fb34b98da9325feca8daa09bb934dbe6a533aad69c2a5599bbed81b99bb9c267
    v1.14.0: af8b04504365dbe4ce6a1772f42eb390d4221a21149b522fc8a0c4b1cd3d97aa
    v1.13.5: 1a8a357ebfeab8ec62d0c6f11b59df1a93d6711c3a16e1501da32b55c144c73a
@ -106,6 +116,11 @@ hyperkube_checksums:
    v1.12.0: f80336201f3152a5307c01f8a7206847398dde15c69b3d20c76a7d9520b60daf
 kubeadm_checksums:
  arm64:
+    v1.14.6: d935de033e7442ce5f8a35294fa890b884454d0482a9cf136c4abacd8c6ec165
+    v1.14.5: 7dd1195d16980c4c888d13e49d97c3513f668e192bf2778bc0f0516e0f7fe2ac
+    v1.14.4: 60745b3ac761d3aa55ab9a24677ecf4e7f48b5abed34c725047a174456e5a79b
+    v1.14.3: 8edcc07c65f81eea3fc47cd237dd6560c6907c5e0ca52d71eab53ca1164e7d01
+    v1.14.2: bff0712b87796509129aa802ad3ac25b8cc83af01762b22b4dcca8dbdb26b520
    v1.14.1: 5cf05464168e45ee4719264a267c65f9319fae1ceb9923fedab97a9d6a629e0b
    v1.14.0: 7ed9d706e50cd6d3fc618a7af3d19b691b8a5343ddedaeccb4ea09af3ecfae2c
    v1.13.5: 59a1995c171e5c1e74f5d02657eb2c155706f2d159ec1847b64dc866228c40d2
@ -122,6 +137,11 @@ kubeadm_checksums:
    v1.12.1: 226b9026ef913e98c2966503fde6973e3e33b5621e9c240667093dcb786bd811
    v1.12.0: c0d4a75615791e6880d051d6d601eb703e0ac3ec64f94f156b76351368b2eb9c
  amd64:
+    v1.14.6: 4ef6030ab059ed434702c003975273dc855c370c4fcdae1109a3bb137c16ecb9
+    v1.14.5: b3e840f7816f64e071d25f8a90b984eecd6251b68e568b420d85ef0a4dd514bb
+    v1.14.4: 291790a1cef82c4de28cc3338a199ca8356838ca26f775f2c2acba165b633d9f
+    v1.14.3: 026700dfff3c78be1295417e96d882136e5e1f095eb843e6575e57ef9930b5d3
+    v1.14.2: 77510f61352bb6e537e70730b670627963f2c314fbd36a644b0c435b97e9705a
    v1.14.1: c4fc478572b5623857f5d820e1c107ae02049ca02cf2993e512a091a0196957b
    v1.14.0: 03678f49ee4737f8b8c4f59ace0d140a36ffbc4f6035c59561f59f45b57d0c93
    v1.13.5: 274bf887039a9993e30f96047a4a474c39e8471c4094acb75aea6beed793f079
--- a/roles/kubernetes-apps/ansible/templates/dns-autoscaler.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/dns-autoscaler.yml.j2
@ -46,6 +46,8 @@ spec:
        - effect: NoSchedule
          operator: Equal
          key: node-role.kubernetes.io/master
+        - key: "CriticalAddonsOnly"
+          operator: "Exists"
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
@ -77,7 +79,4 @@ spec:
        - --v=2
        - --configmap=dns-autoscaler{{ coredns_ordinal_suffix }}
        - --target=Deployment/coredns{{ coredns_ordinal_suffix }}
-      tolerations:
-      - key: "CriticalAddonsOnly"
-        operator: "Exists"
      serviceAccountName: dns-autoscaler
--- a/roles/kubernetes/client/tasks/main.yml
+++ b/roles/kubernetes/client/tasks/main.yml
@ -66,7 +66,7 @@
    --apiserver-advertise-address {{ external_apiserver_address }}
    --apiserver-bind-port {{ external_apiserver_port }}
    {% if kubeadm_version is version('v1.14.0', '>=') %}
-    && cat {{ kube_config_dir }}/external_kubeconfig/admin.conf &&
+    >/dev/null && cat {{ kube_config_dir }}/external_kubeconfig/admin.conf &&
    rm -rf {{ kube_config_dir }}/external_kubeconfig
    {% endif %}
  environment: "{{ proxy_env }}"
--- a/roles/kubernetes/kubeadm/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/tasks/main.yml
@ -70,7 +70,7 @@

 - name: Join to cluster if needed
  environment:
-    PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}"
+    PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}:/sbin"  # Make sure we can workaround RH / CentOS conservative path management
  when: not is_kube_master and (not kubelet_conf.stat.exists)
  block:

--- a/roles/kubernetes/master/tasks/kubeadm-secondary-legacy.yml
+++ b/roles/kubernetes/master/tasks/kubeadm-secondary-legacy.yml
@ -31,7 +31,7 @@
  when: inventory_hostname != groups['kube-master']|first

 - name: kubeadm | Init other uninitialized masters
-  command: timeout -k 600s 600s {{ bin_dir }}/kubeadm init --config={{ kube_config_dir }}/kubeadm-config.yaml --ignore-preflight-errors=all
+  command: timeout -k 600s 600s {{ bin_dir }}/kubeadm init --config={{ kube_config_dir }}/kubeadm-config.yaml --ignore-preflight-errors=all --skip-phases=addon/coredns
  register: kubeadm_init
  retries: 10
  until: kubeadm_init is succeeded or "field is immutable" in kubeadm_init.stderr
--- a/roles/kubernetes/master/tasks/kubeadm-setup.yml
+++ b/roles/kubernetes/master/tasks/kubeadm-setup.yml
@ -105,13 +105,13 @@
    {{ bin_dir }}/kubeadm init
    --config={{ kube_config_dir }}/kubeadm-config.yaml
    --ignore-preflight-errors=all
+    --skip-phases=addon/coredns
    {% if kubeadm_version is version('v1.14.0', '>=') %}
    --experimental-upload-certs
-    {% endif %}
-    --skip-phases=addon/coredns
    {% if kubeadm_certificate_key is defined %}
    --certificate-key={{ kubeadm_certificate_key }}
    {% endif %}
+    {% endif %}
  register: kubeadm_init
  # Retry is because upload config sometimes fails
  retries: 3
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@ -12,7 +12,7 @@ is_atomic: false
 disable_swap: true

 ## Change this to use another Kubernetes version, e.g. a current beta release
-kube_version: v1.14.1
+kube_version: v1.14.6

 ## Kube Proxy mode One of ['iptables','ipvs']
 kube_proxy_mode: ipvs
--- a/tests/requirements.txt
+++ b/tests/requirements.txt
@ -1,9 +1,8 @@
 -r ../requirements.txt
-yamllint
+yamllint==1.15.0
 apache-libcloud==2.2.1
-boto==2.9.0
-tox
-dopy
-PyCrypto
+tox==3.11.1
+dopy==0.3.7
+PyCrypto==2.6.1
 ansible-lint==4.1.0
-openshift
+openshift==0.8.8
--- a/tests/scripts/rebase.sh
+++ b/tests/scripts/rebase.sh
@ -1,7 +1,9 @@
 #!/bin/bash
 set -euxo pipefail

-# Rebase on master to get latest changes
-git config user.email "ci@kubespray.io"
-git config user.name "CI"
-git pull --rebase origin master
+# Rebase PRs on master to get latest changes
+if [[ $CI_COMMIT_REF_NAME == pr-* ]]; then
+  git config user.email "ci@kubespray.io"
+  git config user.name "CI"
+  git pull --rebase origin release-2.10
+fi
Author	SHA1	Message	Date
Jacopo Secchiero	ce0d111d7c	update docker-ce to 18.09.7 (#4973 ) (#5162 )	2019-10-16 04:29:41 -07:00
Maxime Guyot	6ed833ec33	Update to Kube v1.14.6 (#5098 )	2019-08-22 00:54:31 -07:00
Vitaliy Dmitriev	f61dbb74bf	[contrib/heketi]: tear down additions and fixes. Heketi updated to version 9 (#5026 ) * lvm packages removal during tear down skipped by default * lvm utils execution PATH fixed for CentOS/RH * Heketi updated to the latest version 9 Signed-off-by: Vitaliy Dmitriev <vi7alya@gmail.com>	2019-08-06 03:31:54 -07:00
nautikos1235	58126de3d9	Fix certificate-key param for kubeadm init (#4789 ) (#4988 ) * Fix certificate-key param for kubeadm init * Fix yamllint error	2019-07-19 09:33:12 -07:00
Vitaliy Dmitriev	2b69befb59	kubeadm join path fixed for RH linux (#4987 ) Signed-off-by: Vitaliy Dmitriev <vi7alya@gmail.com>	2019-07-19 05:59:13 -07:00
Andreas Holmsten	7d8da8348e	Cherry pick #4857 #4859 #4867 into release-2.10 (#4877 ) * fix start CoreDNS when init secondary master (#4867) * Update dns-autoscaler.yml.j2 (#4857) Merge two tolerations. because the latest tolerations will cover the first tolerations. * Remove GCE tests and CNCF funding ended (#4859)	2019-06-13 05:22:17 -07:00
Andreas Holmsten	b90b1fc2b9	updated pinning to prevent breaking changes (#4783 ) (#4873 ) * updated ansible pinning to prevent more possibilities of breaking changes * more exact pinning of ansible version * more exact pinning of ansible version and also all the rest * added testing requirements.txt pinning settings * removed boto from testing requirements.txt	2019-06-13 02:36:19 -07:00
Andreas Holmsten	147ea54374	Cherry pick #4861 into release-2.10 (#4874 ) * Rebase only on PRs (#4861) * Rebase from release-2.10 branch instead of master	2019-06-12 23:06:13 -07:00
Bort Verwilst	d53782a7f1	k8s 1.14.3 (#4855 )	2019-06-09 03:41:05 -07:00
Bort Verwilst	e2f5a9748e	upgrade to 1.14.2 (#4782 ) * upgrade to 1.14.2 * Remove trailing whitespace	2019-05-20 06:01:15 -07:00
Andreas Krüger	0d1a34ee6b	Merge pull request #4718 from lystor/bug-4695 Fix adding output of kubeadm to the admin.conf downloaded to the arti…	2019-05-08 14:52:19 +02:00
lystor	28ad0e676d	Fix adding output of kubeadm to the admin.conf downloaded to the artifacts directory (#4696 ) Fixes issue https://github.com/kubernetes-sigs/kubespray/issues/4695	2019-05-07 12:55:54 +03:00