Matthew Mosesohn
3e3787de15
Fix local volume provisioner mount point for rkt
7 years ago
Chad Swenson
0c824d5ef1
Fix kubelet container with alternate Docker data paths
Some time ago I think the hardcoded `/var/lib/docker` was required, but kubelet running in a container has been aware of the Docker path since at least as far back as k8s 1.6.
Without this change, you see a large number of errors in the kubelet logs if you installed with a non-default `docker_daemon_graph`
7 years ago
Matthew Mosesohn
c0e989b17c
New addon: local_volume_provisioner ( #1909 )
7 years ago
Vicenç Juan Tomàs Montserrat
5218b3af82
Fix bad handler directory name in kubeadm role
7 years ago
Spencer Smith
19962f6b6a
fix indentation for master template ( #1906 )
7 years ago
Matthew Mosesohn
f7703dbca3
Block anonymous auth requests to kubelet
7 years ago
Spencer Smith
b27453d8d8
improved proxy support
7 years ago
abelgana
d738acf638
Update kubelet.kubeadm.env.j2 ( #1901 )
7 years ago
tanshanshan
84d92aa3c7
fix-bug ( #1900 )
7 years ago
mkrasilnikov
2c7c956be9
Disable swap in vagrant vms
7 years ago
Matthew Mosesohn
fe81bba08d
Force kubelet certificates to be generated as lowercase ( #1886 )
All nodes get converted to lowercase, so certs should set
CN with lowercase as well.
7 years ago
Matthew Mosesohn
564de07963
fix indentation for network policy option
7 years ago
abelgana
d9160f19c0
Sysctl reload if needed after IP forward enabling
Add reload yes to reload sysctl if the value of net.ipv4.ip_forward changes.
- name: Enable ip forwarding
sysctl:
sysctl_file: "{{sysctl_file_path}}"
name: net.ipv4.ip_forward
value: 1
state: present
reload: yes
tags:
- bootstrap-os
7 years ago
Matthew Mosesohn
b0f04d925a
Update network policy setting for Kubernetes 1.8 ( #1879 )
It is now enabled by default in 1.8 with the api changed
to networking.k8s.io/v1 instead of extensions/v1beta1.
7 years ago
Matthew Mosesohn
ec53b8b66a
Move cluster roles and system namespace to new role
This should be done after kubeconfig is set for admin and
before network plugins are up.
7 years ago
Matthew Mosesohn
86fb669fd3
Idempotency fixes ( #1838 )
7 years ago
Chiang Fong Lee
5dc56df64e
Fix ordering of kube-apiserver admission control plug-ins ( #1841 )
7 years ago
Haiwei Liu
cfea99c4ee
Fix scale.yml to supoort kubeadm ( #1863 )
Signed-off-by: Haiwei Liu <carllhw@gmail.com>
7 years ago
Matthew Mosesohn
0b4fcc83bd
Fix up warnings and deprecations ( #1848 )
7 years ago
Matthew Mosesohn
fc9a65be2b
Refactor downloads to use download role directly ( #1824 )
* Refactor downloads to use download role directly
Also disable fact delegation so download delegate works acros OSes.
* clean up bools and ansible_os_family conditionals
7 years ago
Jan Jungnickel
49dff97d9c
Relabel controler-manager to kube-controller-manager ( #1830 )
Fixes #1129
7 years ago
Hassan Zamani
c9fe8fde59
Use fail-swap-on flag only for kube_version >= 1.8 ( #1829 )
7 years ago
Matthew Mosesohn
16462292e1
Properly skip extra SANs when not specified for kubeadm ( #1831 )
7 years ago
pmontanari
20d80311f0
Update main.yml ( #1822 )
* Update main.yml
Needs to set up resolv.conf before updating Yum cache otherwise no name resolution available (resolv.conf empty).
* Update main.yml
Removing trailing spaces
7 years ago
Tennis Smith
54320c5b09
set to 3 digit version number ( #1817 )
7 years ago
Rémi de Passmoilesel
356515222a
Add possibility to insert more ip adresses in certificates ( #1678 )
* Add possibility to insert more ip adresses in certificates
* Add newline at end of files
* Move supp ip parameters to k8s-cluster group file
* Add supplementary addresses in kubeadm master role
* Improve openssl indexes
7 years ago
neith00
77f1d4b0f1
Revert "Update roadmap" ( #1809 )
* Revert "Debian jessie docs (#1806 )"
This reverts commit d78577c810
.
* Revert "[contrib/network-storage/glusterfs] adds service for glusterfs endpoint (#1800 )"
This reverts commit 5fb6b2eaf7
.
* Revert "[contrib/network-storage/glusterfs] bootstrap for glusterfs nodes (#1799 )"
This reverts commit 404caa111a
.
* Revert "Fixed kubelet standard log environment (#1780 )"
This reverts commit b838468500
.
* Revert "Add support for fedora atomic host (#1779 )"
This reverts commit f2235be1d3
.
* Revert "Update network-plugins to use portmap plugin (#1763 )"
This reverts commit 6ec45b10f1
.
* Revert "Update roadmap (#1795 )"
This reverts commit d9879d8026
.
7 years ago
Seungkyu Ahn
b838468500
Fixed kubelet standard log environment ( #1780 )
Change KUBE_LOGGING to KUBE_LOGTOSTDERR, when installing kubelet
as host type.
7 years ago
Jason Brooks
f2235be1d3
Add support for fedora atomic host ( #1779 )
* don't try to install this rpm on fedora atomic
* add docker 1.13.1 for fedora
* built-in docker unit file is sufficient, as tested on both fedora and centos atomic
7 years ago
Matthew Mosesohn
d9879d8026
Update roadmap ( #1795 )
7 years ago
Matthew Mosesohn
d487b2f927
Security best practice fixes ( #1783 )
* Disable basic and token auth by default
* Add recommended security params
* allow basic auth to fail in tests
* Enable TLS authentication for kubelet
7 years ago
Julian Poschmann
66e5e14bac
Restart kubelet on update in deployment-type host on update ( #1759 )
* Restart kubelet on update in deployment-type host on update
* Update install_host.yml
* Update install_host.yml
* Update install_host.yml
7 years ago
Matthew Mosesohn
7e4668859b
Change file used to check kubeadm upgrade method ( #1784 )
* Change file used to check kubeadm upgrade method
Test for ca.crt instead of admin.conf because admin.conf
is created during normal deployment.
* more fixes for upgrade
7 years ago
Matthew Mosesohn
ef47a73382
Add new addon Istio ( #1744 )
* add istio addon
* add addons to a ci job
7 years ago
Julian Poschmann
56763d4288
Persist br_netfilter module loading ( #1760 )
7 years ago
Matthew Mosesohn
ee83e874a8
Clear admin kubeconfig when rotating certs ( #1772 )
* Clear admin kubeconfig when rotating certs
* Update main.yml
7 years ago
Vijay Katam
27ed73e3e3
Rename dns_server, add var for selinux. ( #1572 )
* Rename dns_server to dnsmasq_dns_server so that it includes role prefix
as the var name is generic and conflicts when integrating with existing ansible automation.
* Enable selinux state to be configurable with new var preinstall_selinux_state
7 years ago
Aivars Sterns
e41c0532e3
add possibility to disable fail with swap ( #1773 )
7 years ago
Matthew Mosesohn
eeb7274d65
Adjust memory reservation for master nodes ( #1769 )
7 years ago
Matthew Mosesohn
eb0dcf6063
Improve proxy ( #1771 )
* Set no_proxy to all local ips
* Use proxy settings on all necessary tasks
7 years ago
Matthew Mosesohn
fe4ba51d1a
Set node IP correctly ( #1770 )
Fixes #1741
7 years ago
Hyunsun Moon
adf575b75e
Set default value for disable_shared_pid ( #1710 )
PID namespace sharing is disabled only in Kubernetes 1.7.
Explicitily enabling it by default could help reduce unexpected
results when upgrading to or downgrading from 1.7.
7 years ago
ArchiFleKs
7c663de6c9
add /etc/hosts volume to rkt templates
7 years ago
ant31
1be4c1935a
Fix bool check assert
7 years ago
Matthew Mosesohn
f14f04c5ea
Upgrade to kubernetes v1.8.0 ( #1730 )
* Upgrade to kubernetes v1.8.0
hyperkube no longer contains rsync, so now use cp
* Enable node authorization mode
* change kube-proxy cert group name
7 years ago
Aivars Sterns
9c86da1403
Normalize tags in all places to prepare for tag fixing in future ( #1739 )
7 years ago
Spencer Smith
ab171a1d6d
don't delegate cert slurp
7 years ago
Matthew Mosesohn
a56738324a
Move set_facts to kubespray-defaults defaults
These facts can be generated in defaults with a performance
boost.
Also cleaned up duplicate etcd var names.
7 years ago
Matthew Mosesohn
e42cb43ca5
add bootstrap for debian ( #1726 )
7 years ago
Julian Poschmann
8e1210f96e
Fix cluster-network w/ prefix > 25 not possible with CNI ( #1713 )
7 years ago