Brad Beam
55dfae2a52
Followup fix for CVE-2017-14491
7 years ago
Matthew Mosesohn
f14f04c5ea
Upgrade to kubernetes v1.8.0 ( #1730 )
* Upgrade to kubernetes v1.8.0
hyperkube no longer contains rsync, so now use cp
* Enable node authorization mode
* change kube-proxy cert group name
7 years ago
Aivars Sterns
9c86da1403
Normalize tags in all places to prepare for tag fixing in future ( #1739 )
7 years ago
Spencer Smith
ab171a1d6d
don't delegate cert slurp
7 years ago
Matthew Mosesohn
a56738324a
Move set_facts to kubespray-defaults defaults
These facts can be generated in defaults with a performance
boost.
Also cleaned up duplicate etcd var names.
7 years ago
Matthew Mosesohn
e42cb43ca5
add bootstrap for debian ( #1726 )
7 years ago
Brad Beam
ca541c7e4a
Ensuring vault service is stopped in reset tasks ( #1736 )
7 years ago
Brad Beam
96e14424f0
Adding kubedns update for CVE-2017-14491 ( #1735 )
7 years ago
Matthew Mosesohn
dae9f6d3c2
Test if tokens are expired from host instead of inside container ( #1727 )
* Test if tokens are expired from host instead of inside container
* Update main.yml
7 years ago
Julian Poschmann
8e1210f96e
Fix cluster-network w/ prefix > 25 not possible with CNI ( #1713 )
7 years ago
Peter Slijkhuis
371fa51e82
Make installation of EPEL optional ( #1721 )
7 years ago
Matthew Mosesohn
a55675acf8
Enable RBAC with kubeadm always ( #1711 )
7 years ago
Matthew Mosesohn
25dd3d476a
Fix error for azure+calico assert ( #1717 )
Fixes #1716
7 years ago
Matthew Mosesohn
3ff5f40bdb
fix graceful upgrade ( #1704 )
Fix system namespace creation
Only rotate tokens when necessary
7 years ago
Matthew Mosesohn
689ded0413
Enable kubeadm upgrades to any version ( #1709 )
7 years ago
Matthew Mosesohn
327ed157ef
Verify valid settings before deploy ( #1705 )
Also fix yaml lint issues
Fixes #1703
7 years ago
tanshanshan
477afa8711
when and run_once are reduplicative ( #1694 )
7 years ago
Matthew Mosesohn
bd272e0b3c
Upgrade to kubeadm ( #1667 )
* Enable upgrade to kubeadm
* fix kubedns upgrade
* try upgrade route
* use init/upgrade strategy for kubeadm and ignore kubedns svc
* Use bin_dir for kubeadm
* delete more secrets
* fix waiting for terminating pods
* Manually enforce kube-proxy for kubeadm deploy
* remove proxy. update to kubeadm 1.8.0rc1
7 years ago
Martin Uddén
20db1738fa
feature: install project atomic CSS on RedHat family ( #1499 )
* feature: install project atomic CSS on RedHat family
* missing patch for this feature
* sub-role refactor
* Yamllint fix
7 years ago
Hassan Zamani
b23d81f825
Add etcd_blkio_weight var ( #1690 )
7 years ago
Matthew Mosesohn
a1cde03b20
Correct master manifest cleanup logic ( #1693 )
Fixes #1666
7 years ago
Deni Bertovic
64740249ab
Adds tags for asserts ( #1639 )
7 years ago
Matthew Mosesohn
126f42de06
drop unused etcd logic
Fixes #1660
7 years ago
Matthew Mosesohn
d94e3a81eb
Use api lookup for kubelet hostname when using cloudprovider ( #1686 )
The value cannot be determined properly via local facts, so
checking k8s api is the most reliable way to look up what hostname
is used when using a cloudprovider.
7 years ago
Jiri Stransky
70d0235770
Set correct kubelet cgroup-driver also for kubeadm deployments
This follows pull request #1677 , adding the cgroup-driver
autodetection also for kubeadm way of deploying.
Info about this and the possibility to override is added to the docs.
7 years ago
foxyriver
30b5493fd6
use command module instead of shell module
7 years ago
Jiri Stransky
dbbe9419e5
Allow setting cgroup driver for kubelet
Red Hat family platforms run docker daemon with `--exec-opt
native.cgroupdriver=systemd`. When kubespray tried to start kubelet
service, it failed with:
Error: failed to run Kubelet: failed to create kubelet: misconfiguration: kubelet cgroup driver: "cgroupfs" is different from docker cgroup driver: "systemd"
Setting kubelet's cgroup driver to the correct value for the platform
fixes this issue. The code utilizes autodetection of docker's cgroup
driver, as different RPMs for the same distro may vary in that regard.
7 years ago
Matthew Mosesohn
188bae142b
Fix wait for hosts in CI ( #1679 )
Also fix usage of failed_when and handling exit code.
7 years ago
Simon Li
7c2b12ebd7
Insert a newline in bastion after ProxyCommand conditional
7 years ago
Matthew Mosesohn
ef8e35e39b
Create admin credential kubeconfig ( #1647 )
New files: /etc/kubernetes/admin.conf
/root/.kube/config
$GITDIR/artifacts/{kubectl,admin.conf}
Optional method to download kubectl and admin.conf if
kubeconfig_lcoalhost is set to true (default false)
7 years ago
Brad Beam
aaa27d0a34
Adding quotes around parameters in cloud_config ( #1664 )
This is to help support escapes and special characters
7 years ago
Kevin Lefevre
9302ce0036
Enhanced OpenStack cloud provider ( #1627 )
- Enable Cinder API version for block storage
- Enable floating IP for LBaaS
7 years ago
Matthew Mosesohn
8e731337ba
Enable HA deploy of kubeadm ( #1658 )
* Enable HA deploy of kubeadm
* raise delay to 60s for starting gce hosts
7 years ago
Matthew Mosesohn
b294db5aed
fix apply for netchecker upgrade ( #1659 )
* fix apply for netchecker upgrade and graceful upgrade
* Speed up daemonset upgrades. Make check wait for ds upgrades.
7 years ago
Brad Beam
ac281476c8
Prune unnecessary certs from vault setup ( #1652 )
* Cleaning up cert checks for vault
* Removing all unnecessary etcd certs from each node
* Removing all unnecessary kube certs from each node
7 years ago
neith00
1b1c8d31a9
upgrading from weave version 2.0.1 to 2.0.4
This upgrade has been testing offline on a 1.7.5 cluster
7 years ago
Brad Beam
4b587aaf99
Adding ability to specify altnames for vault cert ( #1640 )
7 years ago
Kyle Bai
016301508e
Update to Kubernetes v1.7.5 ( #1649 )
7 years ago
Matthew Mosesohn
6744726089
kubeadm support ( #1631 )
* kubeadm support
* move k8s master to a subtask
* disable k8s secrets when using kubeadm
* fix etcd cert serial var
* move simple auth users to master role
* make a kubeadm-specific env file for kubelet
* add non-ha CI job
* change ci boolean vars to json format
* fixup
* Update create-gce.yml
* Update create-gce.yml
* Update create-gce.yml
7 years ago
Brad Beam
0a89f88b89
Fixing condition where CA already exists
7 years ago
Seungkyu Ahn
e8bde03a50
Setting kubectl bin directory ( #1635 )
7 years ago
Matthew Mosesohn
75b13caf0b
Fix kube-apiserver status checks when changing insecure bind addr ( #1633 )
7 years ago
Matthew Mosesohn
5d99fa0940
Purge old upgrade hooks and unused tasks ( #1641 )
7 years ago
Matthew Mosesohn
649388188b
Fix netchecker update side effect ( #1644 )
* Fix netchecker update side effect
kubectl apply should only be used on resources created
with kubectl apply. To workaround this, we should apply
the old manifest before upgrading it.
* Update 030_check-network.yml
7 years ago
Matthew Mosesohn
9fa1873a65
Add kube dashboard, enabled by default ( #1643 )
* Add kube dashboard, enabled by default
Also add rbac role for kube user
* Update main.yml
7 years ago
Matthew Mosesohn
f2057dd43d
Refactor downloads ( #1642 )
* Refactor downloads
Add prefixes to tasks (file vs container)
Remove some delegates
Clean up some conditions
* Update ansible.cfg
7 years ago
Brad Beam
eeffbbb43c
Updating calicocni.hostname to calicocni.nodename
7 years ago
Brad Beam
aaa0105f75
Flexing calicocni.hostname based on cloud provider
7 years ago
Matthew Mosesohn
079d317ade
Default is_atomic to false ( #1637 )
7 years ago
Maxim Krasilnikov
e16b57aa05
Store vault users passwords to credentials dir. Create vault and etcd roles after start vault cluster ( #1632 )
7 years ago