041d4d666e
Install required selinux-python bindings in bootstrap
on centos. The bootstrap tty fixup needs it.
7 years ago
88b5065e7d
fix stray 'in' and break into multiple lines for clarity
7 years ago
b690008192
allow for correct aws default resolver
7 years ago
01dc6b2f0e
Add aws to default_resolver
When VPC is used, external DNS might not be available. This patch change
behavior to use metadata service instead of external DNS when
upstream_dns_servers is not specified.
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
d8aa2d0a9e
Change DNS policy for kubernetes components
According to code apiserver, scheduler, controller-manager, proxy don't
use resolution of objects they created. It's not harmful to change
policy to have external resolver.
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
e796cdbb27
Fix restart kube-controller ( #1242 )
kubernetesUnitPrefix was changed to k8s_* in 1.5. This patch reflects
this change in kargo
7 years ago
2d44582f88
Add tags to reset playbook and make iptables flush optional
Fixes #1229
7 years ago
b60a897265
Explicitly create cni bin dir
If this path doesnt exist, it will cause kubelet to fail to start when
using rkt
7 years ago
d68cfeed6e
Move namespace file to template directory
7 years ago
72d5db92a8
remove stray spaces in templating
7 years ago
3f302c8d47
ensure spacing on string of flags
7 years ago
04a769bb37
ensure spacing on string of flags
7 years ago
f9d4a1c1d8
update to safeguard against accidentally passing string instead of list
7 years ago
49be805001
allow admission control plug-ins to be easily customized
7 years ago
94596388f7
add ability for custom flags
7 years ago
d7b8fb3113
Update start_vault_temp.yml
7 years ago
45044c2d75
Reschedule netchecker-server in case of HW failure.
Pod opbject is not reschedulable by kubernetes. It means that if node
with netchecker-server goes down, netchecker-server won't be scheduled
somewhere. This commit changes the type of netchecker-server to
Deployment, so netchecker-server will be scheduled on other nodes in
case of failures.
7 years ago
a9f260d135
Update dnsmasq-autoscaler
changed target to be a deployment rather than a replicationcontroller.
7 years ago
072b3b9d8c
Update kubedns-autoscaler change target
The target was a replicationcontroller but kubedns is currently a deployment
7 years ago
ae7f59e249
Skip vault cert task evaluation completely when using script cert generation
7 years ago
bce1c62308
Updating calico versions
7 years ago
0bcecae2a3
upgrade etcd version from v3.0.6 to v3.0.17
7 years ago
bd130315b6
Excluding bash completion for helm on CoreOS
7 years ago
504711647e
Fixing resource type for kibana
7 years ago
1c45d37348
Update kubelet.j2
7 years ago
b521255ec9
Unbreak 1.5 deployment with kubelet
1.5 kubelet fails to start when using unknown params
7 years ago
ff2fb9196f
Fix flannel for 1.6 and apply fixes to enable containerized kubelet
7 years ago
ccc11e5680
Upgrade to Kubernetes 1.6.1
7 years ago
2670eefcd4
Refactoring resolv.conf
- Renaming templates for netchecker
- Add dnsPolicy: ClusterFirstWithHostNet to kube-proxy
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
a29182a010
Restart kubelet when updating /etc/resolv.conf on all k8s nodes
7 years ago
1cfe0beac0
Set ClusterFirstWithHostNet for Pods with hostnetwork: true
In kubernetes 1.6 ClusterFirstWithHostNet was added as an option. In
accordance to it kubelet will generate resolv.conf based on own
resolv.conf. However, this doesn't create 'options', thus the proper
solution requires some investigation.
This patch sets the same resolv.conf for kubelet as host
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
b4d06ff8dd
Add /var/lib/cni to kubelet
Necessary to persist this directory for host-local IPAM used by Canal
Add pre-upgrade task to copy /var/lib/cni out of old kubelet.
7 years ago
5a5707159a
Fix multiline condition for k8s check certs
Fixes #1190
7 years ago
61b2d7548a
Use hostname module to set hostname, and do it for all Os not only CoreOS
7 years ago
80828a7c77
use etcd2 when upgrading unless forced
7 years ago
58acbe7caf
Fix multiline when condition in sync_certs task
Folded style in multiline 'when' condition causes error with
unexpected ident. Changing it to literal style should fix
the issue.
Closes #1190
7 years ago
d42e4f2344
Update .gitlab-ci.yml
7 years ago
fb467df47c
fix etcd restart
7 years ago
48beef25fa
delete master containers forcefully
7 years ago
a3f568fc64
restart scheduler and controller-manager too
7 years ago
57ee304260
ensure post-upgrade purge ones only once
7 years ago
0794a866a7
switch debian8-canal-ha to ubuntu
7 years ago
49e4d344da
move network plugins out of grouped upgrades
7 years ago
6e505c0c3f
Fix delegate tasks for kubectl and etcdctl
7 years ago
e9a294fd9c
Significantly reduce memory requirements
Canal runs more pods and upgrades need a bit of extra
room to load new pods in and get the old ones out.
7 years ago
44d851d5bb
Only cordon Ready nodes
7 years ago
c1b9660ec8
Move graceful upgrade test to debian canal HA, adjust drain
Graceful upgrades require 3 nodes
Drain now has a command timeout of 40s
7 years ago
f144fd1ed3
Refactor etcd role
- Run docker run from script rather than directly from systemd target
- Refactoring styling/templates
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
e96557f410
Bump calico policy controller version
Latest released version of kube-policy-controller
contains important bug fixes and should be used
by default.
7 years ago
6e1de9d820
Add missing defaults
7 years ago
Greg Althaus
Spencer Smith
Sergii Golovatiuk
Sergii Golovatiuk
Matthew Mosesohn
Brad Beam
Hans Kristian Flaatten
gbolo
Joe Duhamel
zouyee
Paweł Skrzyński
Aleksandr Didenko
Artem Panchenko
Antoine Legrand