mkrasilnikov
2c7c956be9
Disable swap in vagrant vms
7 years ago
Matthew Mosesohn
fe81bba08d
Force kubelet certificates to be generated as lowercase ( #1886 )
All nodes get converted to lowercase, so certs should set
CN with lowercase as well.
7 years ago
Matthew Mosesohn
564de07963
fix indentation for network policy option
7 years ago
abelgana
d9160f19c0
Sysctl reload if needed after IP forward enabling
Add reload yes to reload sysctl if the value of net.ipv4.ip_forward changes.
- name: Enable ip forwarding
sysctl:
sysctl_file: "{{sysctl_file_path}}"
name: net.ipv4.ip_forward
value: 1
state: present
reload: yes
tags:
- bootstrap-os
7 years ago
Matthew Mosesohn
b0f04d925a
Update network policy setting for Kubernetes 1.8 ( #1879 )
It is now enabled by default in 1.8 with the api changed
to networking.k8s.io/v1 instead of extensions/v1beta1.
7 years ago
Matthew Mosesohn
ec53b8b66a
Move cluster roles and system namespace to new role
This should be done after kubeconfig is set for admin and
before network plugins are up.
7 years ago
Matthew Mosesohn
86fb669fd3
Idempotency fixes ( #1838 )
7 years ago
Chiang Fong Lee
5dc56df64e
Fix ordering of kube-apiserver admission control plug-ins ( #1841 )
7 years ago
Haiwei Liu
cfea99c4ee
Fix scale.yml to supoort kubeadm ( #1863 )
Signed-off-by: Haiwei Liu <carllhw@gmail.com>
7 years ago
Matthew Mosesohn
0b4fcc83bd
Fix up warnings and deprecations ( #1848 )
7 years ago
Matthew Mosesohn
fc9a65be2b
Refactor downloads to use download role directly ( #1824 )
* Refactor downloads to use download role directly
Also disable fact delegation so download delegate works acros OSes.
* clean up bools and ansible_os_family conditionals
7 years ago
Jan Jungnickel
49dff97d9c
Relabel controler-manager to kube-controller-manager ( #1830 )
Fixes #1129
7 years ago
Hassan Zamani
c9fe8fde59
Use fail-swap-on flag only for kube_version >= 1.8 ( #1829 )
7 years ago
Matthew Mosesohn
16462292e1
Properly skip extra SANs when not specified for kubeadm ( #1831 )
7 years ago
pmontanari
20d80311f0
Update main.yml ( #1822 )
* Update main.yml
Needs to set up resolv.conf before updating Yum cache otherwise no name resolution available (resolv.conf empty).
* Update main.yml
Removing trailing spaces
7 years ago
Tennis Smith
54320c5b09
set to 3 digit version number ( #1817 )
7 years ago
Rémi de Passmoilesel
356515222a
Add possibility to insert more ip adresses in certificates ( #1678 )
* Add possibility to insert more ip adresses in certificates
* Add newline at end of files
* Move supp ip parameters to k8s-cluster group file
* Add supplementary addresses in kubeadm master role
* Improve openssl indexes
7 years ago
neith00
77f1d4b0f1
Revert "Update roadmap" ( #1809 )
* Revert "Debian jessie docs (#1806 )"
This reverts commit d78577c810
.
* Revert "[contrib/network-storage/glusterfs] adds service for glusterfs endpoint (#1800 )"
This reverts commit 5fb6b2eaf7
.
* Revert "[contrib/network-storage/glusterfs] bootstrap for glusterfs nodes (#1799 )"
This reverts commit 404caa111a
.
* Revert "Fixed kubelet standard log environment (#1780 )"
This reverts commit b838468500
.
* Revert "Add support for fedora atomic host (#1779 )"
This reverts commit f2235be1d3
.
* Revert "Update network-plugins to use portmap plugin (#1763 )"
This reverts commit 6ec45b10f1
.
* Revert "Update roadmap (#1795 )"
This reverts commit d9879d8026
.
7 years ago
Seungkyu Ahn
b838468500
Fixed kubelet standard log environment ( #1780 )
Change KUBE_LOGGING to KUBE_LOGTOSTDERR, when installing kubelet
as host type.
7 years ago
Jason Brooks
f2235be1d3
Add support for fedora atomic host ( #1779 )
* don't try to install this rpm on fedora atomic
* add docker 1.13.1 for fedora
* built-in docker unit file is sufficient, as tested on both fedora and centos atomic
7 years ago
Matthew Mosesohn
d9879d8026
Update roadmap ( #1795 )
7 years ago
Matthew Mosesohn
d487b2f927
Security best practice fixes ( #1783 )
* Disable basic and token auth by default
* Add recommended security params
* allow basic auth to fail in tests
* Enable TLS authentication for kubelet
7 years ago
Julian Poschmann
66e5e14bac
Restart kubelet on update in deployment-type host on update ( #1759 )
* Restart kubelet on update in deployment-type host on update
* Update install_host.yml
* Update install_host.yml
* Update install_host.yml
7 years ago
Matthew Mosesohn
7e4668859b
Change file used to check kubeadm upgrade method ( #1784 )
* Change file used to check kubeadm upgrade method
Test for ca.crt instead of admin.conf because admin.conf
is created during normal deployment.
* more fixes for upgrade
7 years ago
Matthew Mosesohn
ef47a73382
Add new addon Istio ( #1744 )
* add istio addon
* add addons to a ci job
7 years ago
Julian Poschmann
56763d4288
Persist br_netfilter module loading ( #1760 )
7 years ago
Matthew Mosesohn
ee83e874a8
Clear admin kubeconfig when rotating certs ( #1772 )
* Clear admin kubeconfig when rotating certs
* Update main.yml
7 years ago
Vijay Katam
27ed73e3e3
Rename dns_server, add var for selinux. ( #1572 )
* Rename dns_server to dnsmasq_dns_server so that it includes role prefix
as the var name is generic and conflicts when integrating with existing ansible automation.
* Enable selinux state to be configurable with new var preinstall_selinux_state
7 years ago
Aivars Sterns
e41c0532e3
add possibility to disable fail with swap ( #1773 )
7 years ago
Matthew Mosesohn
eeb7274d65
Adjust memory reservation for master nodes ( #1769 )
7 years ago
Matthew Mosesohn
eb0dcf6063
Improve proxy ( #1771 )
* Set no_proxy to all local ips
* Use proxy settings on all necessary tasks
7 years ago
Matthew Mosesohn
fe4ba51d1a
Set node IP correctly ( #1770 )
Fixes #1741
7 years ago
Hyunsun Moon
adf575b75e
Set default value for disable_shared_pid ( #1710 )
PID namespace sharing is disabled only in Kubernetes 1.7.
Explicitily enabling it by default could help reduce unexpected
results when upgrading to or downgrading from 1.7.
7 years ago
ArchiFleKs
7c663de6c9
add /etc/hosts volume to rkt templates
7 years ago
ant31
1be4c1935a
Fix bool check assert
7 years ago
Matthew Mosesohn
f14f04c5ea
Upgrade to kubernetes v1.8.0 ( #1730 )
* Upgrade to kubernetes v1.8.0
hyperkube no longer contains rsync, so now use cp
* Enable node authorization mode
* change kube-proxy cert group name
7 years ago
Aivars Sterns
9c86da1403
Normalize tags in all places to prepare for tag fixing in future ( #1739 )
7 years ago
Spencer Smith
ab171a1d6d
don't delegate cert slurp
7 years ago
Matthew Mosesohn
a56738324a
Move set_facts to kubespray-defaults defaults
These facts can be generated in defaults with a performance
boost.
Also cleaned up duplicate etcd var names.
7 years ago
Matthew Mosesohn
e42cb43ca5
add bootstrap for debian ( #1726 )
7 years ago
Julian Poschmann
8e1210f96e
Fix cluster-network w/ prefix > 25 not possible with CNI ( #1713 )
7 years ago
Peter Slijkhuis
371fa51e82
Make installation of EPEL optional ( #1721 )
7 years ago
Matthew Mosesohn
25dd3d476a
Fix error for azure+calico assert ( #1717 )
Fixes #1716
7 years ago
Matthew Mosesohn
3ff5f40bdb
fix graceful upgrade ( #1704 )
Fix system namespace creation
Only rotate tokens when necessary
7 years ago
Matthew Mosesohn
689ded0413
Enable kubeadm upgrades to any version ( #1709 )
7 years ago
Matthew Mosesohn
327ed157ef
Verify valid settings before deploy ( #1705 )
Also fix yaml lint issues
Fixes #1703
7 years ago
tanshanshan
477afa8711
when and run_once are reduplicative ( #1694 )
7 years ago
Matthew Mosesohn
bd272e0b3c
Upgrade to kubeadm ( #1667 )
* Enable upgrade to kubeadm
* fix kubedns upgrade
* try upgrade route
* use init/upgrade strategy for kubeadm and ignore kubedns svc
* Use bin_dir for kubeadm
* delete more secrets
* fix waiting for terminating pods
* Manually enforce kube-proxy for kubeadm deploy
* remove proxy. update to kubeadm 1.8.0rc1
7 years ago
Matthew Mosesohn
a1cde03b20
Correct master manifest cleanup logic ( #1693 )
Fixes #1666
7 years ago
Deni Bertovic
64740249ab
Adds tags for asserts ( #1639 )
7 years ago