57fef8f75e
Allow customizing kubelet healthz port and bind addr ( #5403 )
Change-Id: I1634ba2d2d3337243ffcdea86750003a559f2576
4 years ago
f599a4a859
force other resolvers to be secondary when using systemd-resolved ( #5391 )
Change-Id: I33d46c7e0c5374467e22c5a652b282d1703dea85
5 years ago
18cee65c4b
Add support for k8s v1.17.0-rc.1, remove hyperkube ( #5378 )
Change-Id: I3fff04f0211cd9c2e8235acaf51c3aa98abc8bb7
5 years ago
aec5080a47
kubernetes/masters: fix task name in kubeadm setup ( #5377 )
5 years ago
80418a44d5
CoreDNS deployment extra tolerations ( #5364 )
* Add extra tolerations for coredns
* dns_extra_tolerations option
* dns_extra_tolerations
* missing starting space in comment
5 years ago
257c20f39e
add 1.16.3 checksums and set new version as default ( #5384 )
5 years ago
f1498d4b53
fix OWNERS file ( #5359 )
Initially this was to fix a mis-indented approvers key. However, it turns
out that 'oilbeater' is not a member of kubernetes-sigs nor
kubernetes-incubator (the org this repo was migrated from). Thus this
OWNERS file is failing prow's validation check.
As a workaround I've opted to move them to emeritus_approver, which
isn't valiated and can be used as a hint for other approvers in this
repo
5 years ago
18d19d9ed4
containerd: update to 1.2.10 ( #5341 )
Lot's of bugs and security fixes:
https://github.com/containerd/containerd/releases/tag/v1.2.10
CVE-2019-16884 / CVE-2019-16276
https://github.com/containerd/containerd/releases/tag/v1.2.9
CVE-2019-9512 / CVE-2019-9514 / CVE-2019-9515
https://github.com/containerd/containerd/releases/tag/v1.2.8
CVE-2019-9512 / CVE-2019-9514
https://github.com/containerd/containerd/releases/tag/v1.2.7
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
5 years ago
6924c6e5a3
[FIX] fix match because trim removes leading/trailing whitespace ( #5356 )
5 years ago
85c851f519
scale down coredns on each master during graceful upgrade ( #5344 )
This fixes the scenario where masters are upgraded one at a time
and coredns gets improperly scaled back up to 2 replicas.
Change-Id: I7cc9283f40efcfd61b5813c89a5805c95d901567
5 years ago
8b67159239
Do not run kubeadm upgrade on first deploy ( #5339 )
Change-Id: I68a962a9dd28c83ef07eaeaf53eb98287f38bca9
5 years ago
4f70da2731
Added Amazon Linux 2 support for deploying with docker ( #5301 )
5 years ago
db5040e6ea
Set certs and files with kubeadm token to mode 0640 ( #5325 )
Change-Id: I298496e55a6889c158b2085fcadeda5e679a873e
5 years ago
97764921ed
Fix calico name resolution ( #5291 )
5 years ago
8c15db53b2
Fix helm for Kubernetes 1.16.2 ( #5332 )
Since upgrading k8s beyond 1.16.0 version, helm init does
no longer work with helm < 2.16.0 due to
https://github.com/helm/helm/issues/6374
This PR closes issue #5331
5 years ago
0200138a5d
Pass `ingress_nginx_extra_args` when deploying the nginx-ingress addon ( #5321 )
5 years ago
14af98ebdc
Respect cri-tool supported version matrix ( #5241 )
| Kubernetes Version | cri-tools Version |
|--------------------|-------------------|
| 1.16.x | v1.16.0 |
| 1.15.X | v1.15.0 |
| 1.14.X | v1.14.0 |
| 1.13.X | v1.13.0 |
| 1.12.X | v1.12.0 |
| 1.11.X | v1.11.1 |
- Upgrade to cri-tools 1.16.1
- Add checksums for cri-tools 1.16.1
5 years ago
8a5434419b
fix useradd etcd ( #5281 )
5 years ago
8a406be48a
Fix indentation in cilium-ds.yml template ( #5305 )
5 years ago
076f254a67
Add cilium_tunnel_mode variable to the cilium config ( #5295 )
5 years ago
45d151a69d
containerd installation on Debian ( #5326 )
5 years ago
bd014c409b
Skip coredns image when evaluating kubeadm images ( #5327 )
It will be enabled correctly in downloads
Change-Id: Ief0b7aa2a8ee2ba6a6849820802f8542584b2c04
Related-story: PRODX-1171
5 years ago
1c25ed669c
Remove unnecessary and risky reload network for resolvconf propagation ( #5322 )
Change-Id: I54d706f7941b4b86c4c6cd45340295577155b884
5 years ago
a005d19f6f
Enable systemd-resolved DNS resolution mode ( #5318 )
Change-Id: If3e253a40782e03cde7fc4a91493517ae31fda17
5 years ago
471589f1f4
Scale down coredns created by kubeadm upgrade to 0 replicas ( #5308 )
Change-Id: I128b0f9c1acbb956d9a6c4e5510b45a36e296af7
5 years ago
b0ee1f6cc6
Deploy Cinder CSI driver to provision volumes over OpenStack ( #5184 )
* Deploy Cinder CSI driver to provision volumes over OpenStack
* Deploy Cinder CSI StorageClass
* Cinder CSI doc
5 years ago
186ec13579
Fix incorrect suggestion to enable old k8s apis ( #5292 )
Change-Id: If965cc6aa0daaca232dcf2ca0efd649aa097497f
5 years ago
2c4e6b65d7
Raise delay and retry for rotate tokens ( #5304 )
Change-Id: I87844b43b9a18064e7a99567ce57c1ca1ffcc4a8
5 years ago
94d4ce5a6f
Retry cleaning up calico-node container ( #5302 )
Change-Id: Iad27b107860213759c7ae51f0891d7e5e7c6d96b
5 years ago
81da231b1e
Set cluster DNS in kubeadm config for kubelet dynamic config ( #5293 )
Change-Id: I23116efefe8626d361d1904fc6fb8448f66cf3c5
5 years ago
a1fff30bd9
Generate TLS certs for calico typha ( #5258 )
* Generate TLS certs for calico typha
Change-Id: I3883f49c124c52d0fc5b900ca2b44e4e2ed0d707
* Add group vars note
Change-Id: I63550dfef616e884efdbd42010a90b2c04c5eb69
5 years ago
81d57fe658
set calico_datastore default value in role kubespray-default ( #5259 )
5 years ago
3118437e10
check on all cluster node - kubelet_max_pods <= (2 ** (32 - kube_network_node_prefix | int)) - 2 ( #5279 )
5 years ago
65e461a7c0
download container always been on download_delegate host ( #5177 )
* download container always been on download_delegate host
* fix also check pull required
5 years ago
c672681ce5
Revert Pull Request #5084 ( #5120 )
Kubespray Pull Request #5084 (https://github.com/kubernetes-sigs/kubespray/pull/5084 ) caused more problems than it solved due to limitations with the synchronize module. See comments on Kubespray Issues #5059 (https://github.com/kubernetes-sigs/kubespray/issues/5059 ) and #5116 (https://github.com/kubernetes-sigs/kubespray/issues/5116 ). Details from Ansible documentation: "Currently, synchronize is limited to elevating permissions via passwordless sudo. This is because rsync itself is connecting to the remote machine and rsync doesn’t give us a way to pass sudo credentials in. ... Currently there are only a few connection types which support synchronize (ssh, paramiko, local, and docker) because a sync strategy has been determined for those connection types. Note that the connection for these must not need a password as rsync itself is making the connection and rsync does not provide us a way to pass a password to the connection. ..." Thus, reverting Pull Request #5084 .
5 years ago
d332a254ee
install python3 instead of python2 for fedora >= 30 fixes 5056, fixes 4802 ( #5111 )
5 years ago
3debb8aab5
add KUBELET_VOLUME_PLUGIN to kubelet.env ( #5128 )
5 years ago
aada6e7e40
Add etcd_data_dir variable to the kubeadm config ( #5263 )
5 years ago
ac60786c6f
Add support for restart handlers for control plane on crio/containerd ( #5250 )
* Add support for restart handlers for control plane on crio/containerd
Change-Id: I8343cc4e9df7f55b732628ed01cc6e7ea5dcee85
* Update main.yml
5 years ago
db33dc6938
Add support for Kubernetes 1.16.2 ( #5272 )
* Add support for Kubernetes 1.16.1
* Defaults to 1.16.1
* add 1.16.2 checksums and set new version as default
* correct 1.16.2 checksums and add 1.15.5 checksums
5 years ago
9dfb25cafd
fix typo ( #5275 )
5 years ago
df8d2285b6
Update ingress-nginx to v0.26.1 ( #5268 )
5 years ago
af6456d1ea
Fix selector for calico-typha deployment ( #5253 )
Change-Id: I79f43379cbe1c495cb416f0572e65f695d5ec2b8
5 years ago
6f57f7dd2f
Update nginx image to latest ( #5270 )
5 years ago
bec23c8a41
Add k8s v1.15.4 hashes ( #5235 )
5 years ago
faaff8bd72
Add RotateCertificates to kubelet config if kubelet_rotate_certificates is set. ( #5152 )
Signed-off-by: Robin Elfrink <robin.elfrink@eu.equinix.com>
5 years ago
8031c6c1e7
Update template for dashboard to support v2.x ( #5187 )
Secrets and ConfigMap should be created before dashboard pod run.
5 years ago
9d8fc8caad
Fix getting nameserver and search for /etc/resolv.conf with comments ( #5197 )
5 years ago
a51b729817
add ignore_errors to the kube-proxy deletion task ( #5236 )
When using cluster.yml or scale.yml to add/scale nodes in the existing
k8s cluster, the `kubeadm init` wouldn't run. As a result, kube-proxy
wouldn't be created, and therefore the kube-proxy deletion task would
fail, e.g. in the case where kube-router is used and "kube_proxy_remove"
is set to true. As a workaround, add ignore_errors to the kube-proxy
deletion task.
5 years ago
19bc79b1a6
Update cert-manager to v0.11.0 ( #5269 )
5 years ago
Matthew Mosesohn
Yujun Zhang
Anton Fayzrahmanov
Florian Ruynat
Aaron Crickenberger
Etienne Champetier
Michael Shen
LuciferInLove
Jacopo Secchiero
Bjoern Teipel
Julien Pervillé
Florent Monbillard
YichenWong
Quentin Gliech
Junho Suh
Dmitry Chusovitin
Ali Sanhaji
Sergey
Michael Oglesby
yelhouti
Matthew Rapa
Hugo Blom
Maxime Guyot
Xiaodu
Robin Elfrink
andreyshestakov
Erwan Miran
Qingkun Li