4d783fff0d
resolve issues with new cacert feature
6 years ago
7f16b46ed5
Reset tasks specific to a network_plugin moved inside its role directory + Reset tasks specific to cilium
6 years ago
54548d3b95
kubeadm mounts the hostpaths itself
6 years ago
58d4d65fab
minor variable fix and reuse + handle auditlog redirected to stdout
6 years ago
2ffc1afe40
Support audit
6 years ago
18612b3501
cert-manager: Upgrade to 0.4.1
Upstream Changes:
- cert-manager 0.4.1 (https://github.com/jetstack/cert-manager/releases/tag/v0.4.1 )
Our Changes:
- Better templates sync with upstream manifests
- Remove fancy resources requests/limits customization
6 years ago
9da5d67728
Update CoreDNS to 1.2.0
6 years ago
bd413e36a3
ingress-nginx: Upgrade to 0.18.0
Upstream Changes:
- ingress-nginx 0.18.0 (https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.18.0 )
6 years ago
b50b3430be
Disable locksmithd on CoreOS if coreos_auto_upgrade set to false ( #3088 )
* Disable locksmithd on CoreOS if coreos_auto_upgrade set to false
* change when format to support multiple-condition
6 years ago
48b6128814
Upgrade coredns to 1.1.3
6 years ago
70b28288a3
Use delegate_to: localhost instead of local_action
Allow to use `ansible_become: true` (#2969 )
And set it to `false` for `localhost` with an `host_var`
6 years ago
a11e1eba9e
Upgrade kubernetes to V1.11.x ( #3078 )
Upgrade Kubernetes to V1.11.2
The kubeadm configuration file version has been upgraded from v1alpha1 to v1alpha2
Add bootstrap kubeadm-config.yaml with external etcd
6 years ago
2dfa928c90
Uninstall old versions of Docker
6 years ago
d3c0fe1fcb
Templates (even without actual templating inside) should have j2 extension but should not be rendered with j2 extension
6 years ago
c0221c2e72
Add --dns-loop-detect to dnsmasq used in kube-dns
It prevents DNS loops when host's DNS server is a localhost DNS server,
or when DNS server of cluster is also added as an upstream DNS server
6 years ago
9cef20187c
Add the path to kubectl binary
The post-remove action fails during the kubectl delete node action because with rc: 2, command not found. The kubectl is not in the system PATH and the full path to the binary is required
6 years ago
95f1e4634a
local-volume-provisioner: use mountPropagation HostToContainer and version bump ( #3081 )
* Update local-volume-provisioner-ds.yml.j2
After v1.10.2 default mountPropagation is "None"
* local_volume_provisioner version bump
v2.1.0 uses the beta nodeAffinity API by default which is available starting 1.10
* Update local-volume-provisioner-ds.yml.j2
MY_NAMESPACE env
* Update README.md
Raw block devices docs.
6 years ago
581a30fdec
Remove erroneous cloud-config task
6 years ago
e3dcd96301
kubedns & kubedns-autoscaler: Stick to master nodes. ( #2909 )
* kubedns & kubedns-autoscaler: Stick to master nodes.
- Tolerate only master nodes and not any NoSchedule taint
- Pods are on different nodes
- Pods are required to be on a master node.
* kubedns: use soft nodeAffinity.
Prefer to be on a master node, don't require.
* coredns: Stick to (different) master nodes.
- Pods are on different nodes
- Pods are preferred to be on a master node.
6 years ago
494ff9522b
j2 extension should only be used for template filename, not target file on remote host
6 years ago
fd380615a0
fix bad conditional
6 years ago
22b89edbbc
cilium v1.1.2
Update all configs to current upstream state.
Add more resources (unable to pass tests now)...
6 years ago
ea6af449a8
Remove istio support
Use helm install or support in future
6 years ago
d285565475
Add tags for coredns and kubedns
6 years ago
4eadf3228e
Only add admission plugins if defined
6 years ago
99c5aa5a02
Use k8s default plugin list
6 years ago
6ed65d762b
Separate out plugins into 2 variables
6 years ago
ac18f6cf8b
Add support for admission controllers in 1.10 and above
6 years ago
b902602d16
Enable swap
6 years ago
538cb3b1bd
weave: Upgrade to 2.4.0
Upstream Changes:
- weave 2.4.0 (https://github.com/weaveworks/weave/releases/tag/v2.4.0 )
- Support `externalTrafficPolicy: Local` (https://github.com/weaveworks/weave/issues/2924 )
- Make the ipset list size bigger (https://github.com/weaveworks/weave/pull/3305 )
- Break out of kube rm-peers loop if nothing changes (https://github.com/weaveworks/weave/pull/3317 )
Our Changes:
- Revamp weave-net.yml.j2 with upstream changes
- Add more variables for customization
- Replace WEAVE_PASSWORD with k8s secret
- Remove hard-corded seed mode support, in favor of variables customization
6 years ago
17e335c6a7
ingress-nginx: Upgrade to 0.17.1
Upstream Changes:
- ingress-nginx 0.17.1 (https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.17.1 )
- Remove duplicated `securityContext` (https://github.com/kubernetes/ingress-nginx/pull/2705 )
- Remove --publish-service flag, in favor of DaemonSet + hostPort
Close #2998
Close #2999
6 years ago
0f400a113c
cert-manager: Upgrade to 0.4.0
Upstream Changes:
- cert-manager 0.4.0 (https://github.com/jetstack/cert-manager/releases/tag/v0.4.0 )
6 years ago
e8447e3d71
Service file binary place mismatch
According to cluster/binary.yml vault binary will be placed to `{{ bin_dir }}` and according to `inventory/sample/group_vars/all.yml` that is
`inventory/sample/group_vars/all.yml`
6 years ago
ac644ed049
Fix yaml roles error
6 years ago
4b5cb1185f
fix missing libraries on newer coreos versions
6 years ago
275cdc1ce3
Add support for docker 17.09
6 years ago
72074f283b
set local for growpart part 2
6 years ago
a5db3dbea9
set locale for growpart
6 years ago
9b349a9049
Fix label of registry in README
6 years ago
0366600b45
Remove double slash
Even without this PR, the operation works well.
However, it is better to use a single slash rather than
a double slash in the path.
6 years ago
6a4ce96b7d
Variablize kube_proxy_healthz_bind_address
This fixes #3014
6 years ago
b61c64a8ea
token-ttl default value is int in seconds
6 years ago
37ccf7e405
Fixed kubectl path.
6 years ago
cb91003cea
dashboard_token_ttl option override possibility with default
6 years ago
97e0de7e29
Fix vault file owner issues and k8s apiserver cert creation ( #2985 )
apiserver cert should be created only once
6 years ago
a0defefb3f
ingress-nginx: Upgrade to 0.16.2
ingress-nginx 0.16.2 (https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.16.2 )
This patch simplify ingress-nginx deployment by default deploy on
master, with customizable options; on the other hand, remove the
additional Ansible group "kube-ingress" and its k8s node label
injection.
Reference to https://kubernetes.io/docs/concepts/services-networking/ingress/#prerequisites :
GCE/Google Kubernetes Engine deploys an ingress controller on the master.
By changing `ingress_nginx_nodeselector` plus custom k8s node
label, user could customize the DaemonSet deployment target.
If `ingress_nginx_nodeselector` is empty, will deploy DaemonSet on
every k8s node.
6 years ago
62b1166911
cert-manager: Upgrade to 0.3.2
Upstream Changes:
- cert-manager 0.3.2 (https://github.com/jetstack/cert-manager/releases/tag/v0.3.2 )
Our Changes:
- Remove legacy addon dir, manifests and namespace before upgrade
6 years ago
e63bc65a9d
Fix 2976
Fix failure when the container attribute is not set for a download
6 years ago
d306c9708c
Remove step that force disable `kube_basic_auth`.
The referenced issue (https://github.com/kubernetes/kubeadm/issues/441 ) has already been fixed.
6 years ago
6a65345ef3
cephfs-provisioner: Upgrade to 1.1.0-k8s1.10
Upstream Changes:
- Update CEPH_VERSION to mimic (https://github.com/kubernetes-incubator/external-storage/pull/841 )
Our Changes:
- Using image from official repo which contain latest changes (https://quay.io/repository/external_storage/cephfs-provisioner )
6 years ago
Jonathan Craig
Erwan Miran
rongzhang
Wong Hoi Sing Edison
Andreas Kruger
JohnZheng
Maxime Brunet
Chen Hong
Hedayat Vatankhah
mauromedda
Anton Fayzrahmanov
Matthew Mosesohn
Cédric de Saint Martin
Luis Nuñez
Zinin D.A
Mathieu Herbert
Robert Everson
Aleksey Shirokih
cornelius-keller
woosley.xu
Alexandre Ardhuin
Seungkyu Ahn
Evan Zeimet
DBLaci
Takashi Okamoto
Alexandru Bogdan Pica
Dao Hoang Son