richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7839 Commits
34 Branches
82 Tags
155 MiB
Tree: 99c6a884a9
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '99c6a884a9'
${ noResults }
kubespray/roles/kubernetes/preinstall/defaults/main.yml

141 lines
4.2 KiB
Raw Normal View History

install docker on a largest number of linux distribution (based on https://github.com/marklee77/ansible-role-docker)
9 years ago
Verify valid settings before deploy (#1705) Also fix yaml lint issues Fixes #1703
7 years ago
Disalbe install epel-release rpm on Centos/Redhat 1.Disalbe install epel-release rpm on Centos/Redhat 2.Use yum install epel-release
7 years ago
Fix host DNS config 1) being edited too soon and 2) not working with NM (#8575) Signed-off-by: Mac Chaffee <me@macchaffee.com>
3 years ago
Skip most of kubernetes/preinstall role during late DNS config (#3627) When using resolvconf_mode host_resolvconf, there is an early DNS config stage where Kubernetes cluster DNS is not injected for host DNS intially. Later, the cluster DNS is enabled, but we do not need to run every task from the kubernetes/preinstall role.
6 years ago
Parameterize several dependency endpoints so that they can be overridden with internal mirrors. Signed-off-by: Chad Swenson <chadswen@gmail.com>
8 years ago
Add option to disable ipv6 dns lookup New variable disable_ipv6_dns in kubernetes/preinstall.
8 years ago
Fixed grammar (#10853)
1 year ago
Add option to disable ipv6 dns lookup New variable disable_ipv6_dns in kubernetes/preinstall.
8 years ago
Implemented cloud-provider integration for OpenStack. Currently kubespray does not install kubernetes in a way that allows cinder volumes to be used. This commit provides the necessary cloud configuration file and configures kubelet and kube-apiserver to use it.
9 years ago
Set remove_default_searchdomains to false by default (#10554) It was not 'false', which made some tasks (e.g. using systemd-resolved template) to effectively remove default search domains; caused DNS loop after rebooting the node/restarting cluster, so localdns service didn't run correctly.
1 year ago
feat: make kubernetes owner parametrized (#8952) * feat: make kubernetes owner parametrized * docs: update hardening guide with configuration for CIS 1.1.19 * fix: set etcd data directory permissions to be compliant to CIS 1.1.12
2 years ago
Rework inventory all by real groups' vars * Leave all.yml to keep only optional vars * Store groups' specific vars by existing group names * Fix optional vars casted as mandatory (add default()) * Fix missing defaults for an optional IP var * Relink group_vars for terraform to reflect changes Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
8 years ago
Use K8s 1.14 and add kubeadm experimental control plane mode (#4514) * Use K8s 1.14 and add kubeadm experimental control plane mode This reverts commit d39c273d96afe610fed03a2558ffc1beec64c114. * Cleanup kubeadm setup run on first master * pin kubeadm_certificate_key in test * Remove kubelet autolabel of kube-node, add symlink for pki dir Change-Id: Id5e74dd667c60675dbfe4193b0bc9fb44380e1ca
5 years ago
move flexvolume plugin directory creation to preinstall (#4999) * move flexvolume plugin directory creation to preinstall * changes per pr feedback
5 years ago
Implemented cloud-provider integration for OpenStack. Currently kubespray does not install kubernetes in a way that allows cinder volumes to be used. This commit provides the necessary cloud configuration file and configures kubelet and kube-apiserver to use it.
9 years ago
Remove support for CoreOS Container Linux (#6576)
4 years ago
Preconfigure DNS stack and docker early In order to enable offline/intranet installation cases: * Move DNS/resolvconf configuration to preinstall role. Remove skip_dnsmasq_k8s var as not needed anymore. * Preconfigure DNS stack early, which may be the case when downloading artifacts from intranet repositories. Do not configure K8s DNS resolvers for hosts /etc/resolv.conf yet early (as they may be not existing). * Reconfigure K8s DNS resolvers for hosts only after kubedns/dnsmasq was set up and before K8s apps to be created. * Move docker install task to early stage as well and unbind it from the etcd role's specific install path. Fix external flannel dependency on docker role handlers. Also fix the docker restart handlers' steps ordering to match the expected sequence (the socket then the service). * Add default resolver fact, which is the cloud provider specific and remove hardcoded GCE resolver. * Reduce default ndots for hosts /etc/resolv.conf to 2. Multiple search domains combined with high ndots values lead to poor performance of DNS stack and make ansible workers to fail very often with the "Timeout (12s) waiting for privilege escalation prompt:" error. * Update docs. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
added flag for not populating inventory entries to etc hosts file
7 years ago
Add possibility to skip adding load balancer name in the hosts file (#9331)
2 years ago
Update nodes in etc hosts after cluster scale (#9837)
2 years ago
Rename dns_server, add var for selinux. (#1572) * Rename dns_server to dnsmasq_dns_server so that it includes role prefix as the var name is generic and conflicts when integrating with existing ansible automation. * Enable selinux state to be configurable with new var preinstall_selinux_state
7 years ago
sysctl file should be in defaults so that it can be overriden (#2475) * sysctl file should be in defaults so that it can be overriden * Change sysctl_file_path to be consistent with roles/kubernetes/preinstall/defaults/main.yml
6 years ago
Localhost in hosts files should be updated (if necessary), not overriden
6 years ago
same work with less lines
6 years ago
Localhost in hosts files should be updated (if necessary), not overriden
6 years ago
same work with less lines
6 years ago
Added configurable min memory assertions (#4307)
5 years ago
fix upgrade procedure when in playbook (#5695) exists role kubernetes/preinstall and not exists role container-engine error 'yum_repo_dir' is undefined
5 years ago
fix flake8 errors in Kubespray CI - tox-inventory-builder (#6910) * fix flake8 errors in Kubespray CI - tox-inventory-builder * Invalidate CRI-O kubic repo's cache Signed-off-by: Victor Morales <v.morales@samsung.com> * add support to configure pkg install retries and use in CI job tf-ovh_ubuntu18-calico (due to it failing often) * Switch Calico, Cilium and MetalLB image repos to Quay.io Co-authored-by: Victor Morales <v.morales@samsung.com> Co-authored-by: Barry Melbourne <9964974+bmelbourne@users.noreply.github.com>
4 years ago
Add ping_access_ip; allows to disable ping test (#7020) In some environments, it might not be possible to ping the IP address of the nodes, e.g., because ICMP echo is blocked. This commit allows kubespray to be configured to disable the ping check, while performing all other checks.
4 years ago
add-managed-ntp-support (#9027)
2 years ago
project: fix var-spacing ansible rule (#10266) * project: fix var-spacing ansible rule Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: fix spacing on the beginning/end of jinja template Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: fix spacing of default filter Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: fix spacing between filter arguments Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: fix double space at beginning/end of jinja Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: fix remaining jinja[spacing] ansible-lint warning Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> --------- Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
1 year ago
add-managed-ntp-support (#9027)
2 years ago
ntp: add config to filter and set ntp interfaces (#11066) * ntp: add config to set which interface ntp should listen * Fixed config to only have one variable
10 months ago
add-managed-ntp-support (#9027)
2 years ago
Fixed grammar (#10853)
1 year ago
add-managed-ntp-support (#9027)
2 years ago
add-timezone-support (#9263)
2 years ago
Fix uniontech os installation failure (#9862) Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2 years ago
Support extended settings for the Debian os family (#9943) Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
1 year ago
Add systemd_resolved_disable_stub_listener (#9875)
1 year ago
add growpart azure enabled (#10241)
1 year ago
Disable fapolicyd service (#10081)
1 year ago
  1. ---
  2. # Set to true to allow pre-checks to fail and continue deployment
  3. ignore_assert_errors: false
  5. epel_enabled: false
  6. # Kubespray sets this to true after clusterDNS is running to apply changes to the host resolv.conf
  7. dns_late: false
  9. # Set to true if your network does not support IPv6
  10. # This may be necessary for pulling Docker images from
  11. # GCE docker repository
  12. disable_ipv6_dns: false
  14. # Remove default cluster search domains (``default.svc.{{ dns_domain }}, svc.{{ dns_domain }}``).
  15. remove_default_searchdomains: false
  17. kube_owner: kube
  18. kube_cert_group: kube-cert
  19. kube_config_dir: /etc/kubernetes
  20. kube_cert_dir: "{{ kube_config_dir }}/ssl"
  21. kube_cert_compat_dir: /etc/kubernetes/pki
  22. kubelet_flexvolumes_plugins_dir: /usr/libexec/kubernetes/kubelet-plugins/volume/exec
  24. # Flatcar Container Linux by Kinvolk cloud init config file to define /etc/resolv.conf content
  25. # for hostnet pods and infra needs
  26. resolveconf_cloud_init_conf: /etc/resolveconf_cloud_init.conf
  28. # All inventory hostnames will be written into each /etc/hosts file.
  29. populate_inventory_to_hosts_file: true
  30. # K8S Api FQDN will be written into /etc/hosts file.
  31. populate_loadbalancer_apiserver_to_hosts_file: true
  32. # etc_hosts_localhost_entries will be written into /etc/hosts file.
  33. populate_localhost_entries_to_hosts_file: true
  35. sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf"
  37. etc_hosts_localhost_entries:
  38. 127.0.0.1:
  39. expected:
  40. - localhost
  41. - localhost.localdomain
  42. ::1:
  43. expected:
  44. - localhost6
  45. - localhost6.localdomain
  46. unexpected:
  47. - localhost
  48. - localhost.localdomain
  50. # Minimal memory requirement in MB for safety checks
  51. minimal_node_memory_mb: 1024
  52. minimal_master_memory_mb: 1500
  54. yum_repo_dir: /etc/yum.repos.d
  56. # number of times package install task should be retried
  57. pkg_install_retries: 4
  59. # Check if access_ip responds to ping. Set false if your firewall blocks ICMP.
  60. ping_access_ip: true
  62. ## NTP Settings
  63. # Start the ntpd or chrony service and enable it at system boot.
  64. ntp_enabled: false
  65. # The package to install which provides NTP functionality.
  66. # The default is ntp for most platforms, or chrony on RHEL/CentOS 7 and later.
  67. # The ntp_package can be one of ['ntp', 'chrony']
  68. ntp_package: >-
  69. {% if ansible_os_family == "RedHat" -%}
  70. chrony
  71. {%- else -%}
  72. ntp
  73. {%- endif -%}
  75. # Manage the NTP configuration file.
  76. ntp_manage_config: false
  77. # Specify the NTP servers
  78. # Only takes effect when ntp_manage_config is true.
  79. ntp_servers:
  80. - "0.pool.ntp.org iburst"
  81. - "1.pool.ntp.org iburst"
  82. - "2.pool.ntp.org iburst"
  83. - "3.pool.ntp.org iburst"
  84. # Restrict NTP access to these hosts.
  85. # Only takes effect when ntp_manage_config is true.
  86. ntp_restrict:
  87. - "127.0.0.1"
  88. - "::1"
  89. # Specify whether to filter interfaces
  90. ntp_filter_interface: false
  91. # Specify the interfaces
  92. # Only takes effect when ntp_filter_interface is true
  93. # ntp_interfaces:
  94. # - ignore wildcard
  95. # - listen xxx
  96. # The NTP driftfile path
  97. # Only takes effect when ntp_manage_config is true.
  98. ntp_driftfile: /var/lib/ntp/ntp.drift
  99. # Enable tinker panic is useful when running NTP in a VM environment.
  100. # Only takes effect when ntp_manage_config is true.
  101. ntp_tinker_panic: false
  103. # Force sync time immediately after the ntp installed, which is useful in a newly installed system.
  104. ntp_force_sync_immediately: false
  106. # Set the timezone for your server. eg: "Etc/UTC","Etc/GMT-8". If not set, the timezone will not change.
  107. ntp_timezone: ""
  109. # Currently known os distributions
  110. supported_os_distributions:
  111. - 'RedHat'
  112. - 'CentOS'
  113. - 'Fedora'
  114. - 'Ubuntu'
  115. - 'Debian'
  116. - 'Flatcar'
  117. - 'Flatcar Container Linux by Kinvolk'
  118. - 'Suse'
  119. - 'openSUSE Leap'
  120. - 'openSUSE Tumbleweed'
  121. - 'ClearLinux'
  122. - 'OracleLinux'
  123. - 'AlmaLinux'
  124. - 'Rocky'
  125. - 'Amazon'
  126. - 'Kylin Linux Advanced Server'
  127. - 'UnionTech'
  128. - 'UniontechOS'
  129. - 'openEuler'
  131. # Extending some distributions into the redhat os family
  132. redhat_os_family_extensions:
  133. - "UnionTech"
  134. - "UniontechOS"
  136. # Sets DNSStubListener=no, useful if you get "0.0.0.0:53: bind: address already in use"
  137. systemd_resolved_disable_stub_listener: "{{ ansible_os_family in ['Flatcar', 'Flatcar Container Linux by Kinvolk'] }}"
  139. # Used to disable File Access Policy Daemon service.
  140. # If service is enabled, the CNI plugin installation will fail
  141. disable_fapolicyd: true