André R. de Miranda
4bc204925a
Error in nginx when starting registry-proxy ( #4785 )
Error starting nginx because in requiredDropCapabilities is dropped all capabilities.
The nginx requires the following capabilities:
- CHOWN
- SETGID
- SETUID
Signed-off-by: André R. de Miranda <andre@miranda.work>
5 years ago
Jacopo Secchiero
5d9946184a
Add ignore_assert_errors to "kube-master, ... ( #4779 )
... kube-node or etcd is empty" task
As a assert must be ignored if ignore_assert_errors is true
5 years ago
MarkusTeufelberger
5ba169a612
Ignore 2 ansible-lint rules (E204, E701) on purpose. ( #4744 )
5 years ago
marcstreeter
872b37f751
updated pinning to prevent breaking changes ( #4783 )
* updated ansible pinning to prevent more possibilities of breaking changes
* more exact pinning of ansible version
* more exact pinning of ansible version and also all the rest
* added testing requirements.txt pinning settings
* removed boto from testing requirements.txt
5 years ago
Mateus Caruccio
8485136f9a
var node_labels as string ( #4764 )
5 years ago
Maxime Guyot
ff1bc739f1
Change default for kubelet_flexvolumes_plugins_dir ( #4752 )
5 years ago
MarioUhrik
594a0e7f1b
Fix invalid YAML formatting within addons.yml ( #4753 )
5 years ago
Florent Monbillard
8e28ba38d2
Add Load Balancer IP to API servers SANs ( #4775 )
- Add loadbalancer_apiserver.address to apiserver_sans
5 years ago
MarkusTeufelberger
73c2ff17dd
Fix Ansible-lint error [E502] ( #4743 )
5 years ago
Timoses
13f225e6ae
Only pull images for destined host groups ( #4735 )
Without this, pulls are considered for all
hosts groups, even if not targetted by the downloads
`groups` list. Hence, a download/sync is triggered
even though the host does not require the image.
5 years ago
Maxime Guyot
3f62492a15
Use standard testcases job for TF CI ( #4732 )
5 years ago
Maxime Guyot
5e3bd2dff1
Use common playbook to wait for SSH ( #4734 )
5 years ago
Robert Neumann
787a9c74fa
Terraform wait for floating IP instance has been associated ( #4321 )
* Add wait for floating ip associate with instance
* Terraform formatting fix
* Sort Open Telekom Cloud in compatible list
5 years ago
Aleksey Kasatkin
14749df6f3
Fix "netchecker-server" ClusterRole ( #4730 )
* Add sha256 hashes for calicoctl v3.6.1
Hashes are added to calicoctl_binary_checksums for both adm and arm platforms.
* Add rules for "network-checker.ext" resource to "netchecker-server" ClusterRole
So that it could access the resource after it is created.
Corresponding issues:
https://github.com/Mirantis/k8s-netchecker-server/issues/125
https://github.com/kubernetes-sigs/kubespray/issues/3281
5 years ago
Sandro Modarelli
2db2898112
Fixed runc path in runtime for RedHat os family ( #4731 )
5 years ago
Maxime Guyot
3776000fc4
Run TF tests from repo root ( #4723 )
5 years ago
Maxime Guyot
f0572e59e7
Always do OVH CI ( #4722 )
5 years ago
Andreas Krüger
6217184c7f
Merge pull request #4720 from MarkusTeufelberger/patch-1
Update default CentOS version on Azure
5 years ago
Andreas Krüger
044dcbaed0
Add Kubelet config, remove deprecated flags and fix minor bugs ( #4724 )
* Add kubelet config
* Change kubelet_authorization_mode_webhook to true
* Fix lint
* Sync env file
* Refactor the kubernetes node folder
* Remove deprecated flag and fix lint
5 years ago
Andreas Krüger
8a5eae94ea
Minor cleanups of CoreDNS issues and CI job ( #4719 )
* Minor cleanups
* Add comment in docs that nodelocaldns cache is enabled by default
5 years ago
Andreas Krüger
bf3c6aeed1
Add kube anon auth settings to kubeadm config templates ( #4713 )
* Disable kube_api_anonymous_auth by default to secure the setup
* Disable metrics-server in addons. Health endpoint is slow and unstable
* Fix anonymous-auth missing in configuration
* Cleanup a bit
* Fix kube anon auth
5 years ago
MarkusTeufelberger
f3fbf995ca
Update default CentOS version on Azure
5 years ago
Dmitri Rubinstein
03bded2b6b
Fix adding output of kubeadm to the admin.conf downloaded to the artifacts directory ( #4696 )
Fixes issue https://github.com/kubernetes-sigs/kubespray/issues/4695
5 years ago
Manuel Cintron
d5c0829d61
Removing unnecessary httplib2 install ( #4708 )
5 years ago
Alex Barcelo
00369303de
Fixing `msg` parameter for `debug` module ( #4702 )
According to [`debug` module documentation](https://docs.ansible.com/ansible/latest/modules/debug_module.html?highlight=msg ), the correct parameter name is `msg`.
With the previous `message` parameter name I was getting FAILED messages while ansible was trying to debug previous FAILED tasks.
5 years ago
okamototk
1f1479c0a7
Update ingress nginx 0.24.1. ( #4691 )
5 years ago
MarkusTeufelberger
e67f848abc
ansible-lint: add spaces around variables [E206] ( #4699 )
5 years ago
MarkusTeufelberger
560f50d3cd
Add support for http(s)_proxy to CoreOS, Fedora and OpenSUSE ( #4669 )
* Add support for http(s)_proxy to CoreOS and Fedora
* fix opensuse proxy support
* Fix CoreOS proxy support
* update documentation
5 years ago
Maxime Guyot
3f45122d0d
Refactor Terraform CI ( #4654 )
5 years ago
Stas
50bdaa573c
Apply etcd_extra_vars to etcd-events.env as well. ( #4219 )
This change ensures that etcd_extra_vars variable applies
to events etcd as well.
5 years ago
Maxime Guyot
24b6698cc9
Disable CI deploys on master ( #4690 )
5 years ago
Andreas Krüger
73885d3b9e
Validate Vagrantfile in CI unit-tests ( #4642 )
* Validate vagrant file on CI
* Install vagrant
* Install vagrant
* Install vagrant
* Install vagrant
* Install vagrant
* Install vagrant
* Test vagrant validate
5 years ago
Maxime Guyot
f29387316f
Fix ansible-lint 602 ( #4688 )
5 years ago
Timoses
d6fd0d2aca
Enable delegating all downloads (binaries, images, kubeadm images) ( #4420 )
* Download to delegate and sync files when download_run_once
* Fail on error after saving container image
* Do not set changed status when downloaded container was up to date
* Only sync containers when they are actually required
Previously, non-required images (pull_required=false as
image existed on target host) were synced to the target
hosts. This failed as the image was not downloaded to
the download_delegate and hence was not available for
syncing.
* Sync containers when only missing on some hosts
* Consider images with multiple repo tags
* Enable kubeadm images pull/syncing with download_delegate
* Use kubeadm images list to pull/sync
'kubeadm config images pull' is replaced by collecting the images
list with 'kubeadm config images list' and using the commonly
used method of pull/syncing the images.
* Ensure containers are downloaded and synced for all hosts
* Fix download/syncing when download_delegate is a kubernetes host
5 years ago
MarkusTeufelberger
e814da1eec
ansible-lint: Don't use the local_action module [E504] ( #4666 )
5 years ago
Andreas Krüger
e029a09345
Update CI to use 2.10.0 release ( #4682 )
* Update CI to use 2.10.0 release
* Add rsync as it's required to use synchronize
5 years ago
Christoffer Anselm
dcd9c9509b
Add etcd role dependency on kube user to avoid etcd role failure when running scale.yml with a fresh node. ( #3240 ) ( #4479 )
5 years ago
Matthew Mosesohn
15eb7db36d
Fix k8s api endpoint for secondary nodes in control plane mode ( #4675 )
Change-Id: I1588458b54c52443ad8d0afbd266f77ac0afea67
5 years ago
Matthew Mosesohn
a5b46bfc8c
Run dns_late preinstall tasks on all k8s nodes ( #4672 )
* Run dns_late preinstall tasks on all k8s nodes
Related issue: #4656
Change-Id: I63f8559ef1a497b7580ab084561e6603fe647834
* Fix ansible-lint
Change-Id: Ia5b33fa63dbc36d8c3e9557ef3f2ea02af2325a5
* Fix recover_control_plane lint issues
Change-Id: I16643a3193c11b6ba704e9698812cac7e4fd19a8
5 years ago
Youngchul Bang
fbba259933
ingress-nginx: enable --report-node-internal-ip-address flag ( #4114 )
Close #4113
5 years ago
Florent Monbillard
7b77e2d232
Remove docker-storage-setup dependency if not needed ( #4077 )
When docker_container_storage_setup is false,
docker service should not depend on docker-storage-setup service,
because it's not installed.
For example, when using overlay2 on recent RHEL 7/Centos 7 kernels,
you most likely don't need it.
5 years ago
qvicksilver
48a182844c
Documentation and playbook for recovering control plane from node failure ( #4146 )
5 years ago
MarkusTeufelberger
9335cdcebc
ansible-lint: Add exception for invocation of "rm" ( #4609 )
5 years ago
Andreas Krüger
38af93b60c
Remove rkt support ( #4671 )
5 years ago
Matthew Mosesohn
741de6051c
Fix nodeselectors for contiv and nginx-ingress ( #4662 )
* Fix nodeselectors for contiv and nginx-ingress
Change-Id: Ib3eb6bd87193c69a90ee944c9164a0b6792c79ba
* Set kube proxy mode to iptables for addons task
Change-Id: Iff71a71f672405c74b4708c71db15ddc4391a53a
5 years ago
Dmitry
b8f0de3074
Fixed etcd-servers-overrides in kubeadm config ( #4668 )
* kube-apiserver will fail if used comma as separator
5 years ago
MarkusTeufelberger
88d919337e
ansible-lint: don't compare to empty string [E602] ( #4665 )
5 years ago
Jiang Yi Tao
f518b90c6b
associate fips for masters with no etcd ( #4657 )
5 years ago
Maxime Guyot
d5c33e6d6c
Refactor test cases ( #4655 )
5 years ago
Matthew Mosesohn
338eb4ce65
Fix kubeadm upload certs with when condition ( #4659 )
* Fix kubeadm upload certs with when condition
Change-Id: I916dd2375b71eea2386047c7f185a2f8361f7a61
* Update kubeadm-secondary-experimental.yml
5 years ago