Spencer Smith
4a59340182
remove assertion for family not being CoreOS
8 years ago
Brad Beam
cf042b2a4c
Create network policy directory for canal
8 years ago
Brad Beam
65c86377fc
Adding calicoctl to canal deployment
8 years ago
Bogdan Dobrelya
5af2c42bde
Better fix for different CoreOS os family facts
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
8 years ago
Bogdan Dobrelya
f7447837c5
Rename CoreOS fact
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
8 years ago
Brad Beam
4b6f29d5e1
Adding kubelet in rkt
8 years ago
Brad Beam
8dc19374cc
Allowing etcd to run via rkt
8 years ago
Brad Beam
a8f2af0503
Adding initial rkt support
8 years ago
Bogdan Dobrelya
d8a2941e9e
Fix cert paths for flannel/calico policy apps
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
8 years ago
Alexander Block
ab7df10a7d
Upgrade docker version and do some cleanups for unsupported distros/docker versions
8 years ago
Bogdan Dobrelya
97f96a6376
Fix etc hosts for cluster nodes
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
8 years ago
Bogdan Dobrelya
58062be2a3
Drop non systemd OS types support
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
8 years ago
Matthew Mosesohn
1f9f885379
Fix etcd cert generation to support large deployments
Due to bash max args limits, we should pass all node filenames and
base64-encoded tar data through stdin/stdout instead.
Fixes #832
8 years ago
Bogdan Dobrelya
a56d9de502
Systemd units, limits, and bin path fixes
* Add restart for weave service unit
* Reuse docker_bin_dir everythere
* Limit systemd managed docker containers by CPU/RAM. Do not configure native
systemd limits due to the lack of consensus in the kernel community
requires out-of-tree kernel patches.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Matthew Mosesohn
f0c0390646
Fix creation and sync of etcd certs
Admin certs only go to etcd nodes
Only generate cert-data for nodes that need sync
8 years ago
Matthew Mosesohn
6d9cd2d720
Fix calico-rr to use etcd certs instead of kube certs
8 years ago
Bogdan Dobrelya
79996b557b
Rework ignore_errors to report no reds
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
8 years ago
Bogdan Dobrelya
bb0c3537cb
Do not forward bogus domains for upstream resolvers
Also fix kube log level 4 to log dnsmasq queries.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Matthew Mosesohn
385f7f6e75
Update etcd.j2
8 years ago
Matthew Mosesohn
9f1e3db906
Adjust etcd server certificates
ETCD doesn't need cert/key options set. It only requires peer
cert options.
8 years ago
Spencer Smith
b63d900625
Workaround etcdctl not yet being installed ( #797 )
workaround case for etcdctl not yet being installed, only allow for return code of 0 (no error)
8 years ago
Genti Topija
7c2785e083
Fix Flannel network on CoreOS
Resolves : #748
8 years ago
Matthew Mosesohn
ad796d188d
Individual etcd ssl certs
Includes hooks for triggering calico, kubelet, and kube-apiserver restarts
if etcd certs changed.
8 years ago
Alexander Block
8e4e3998dd
Fix wrong path of dhclient on CentOS+Azure
This was alredy fixed in #755 but had to be reverted. This PR should be
more intelligent about deciding which path to use.
8 years ago
Spencer Smith
8d9f207836
create systemd drop-in path if not existent
8 years ago
Bogdan Dobrelya
f10d1327d4
Revert "Do not forward private domains for upstream resolvers"
8 years ago
Matthew Mosesohn
d314174149
Add wait for kube-apiserver to kubernetes-apps
Fixes #777
8 years ago
Bogdan Dobrelya
b8bc8eee41
Add download_always_pull check and sha256 for docker images
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Matthew Mosesohn
348fc5b109
Fix etcd to-SSL upgrade and task register vars
8 years ago
Bogdan Dobrelya
101864c050
Do not forward private domains for upstream resolvers
Also fix kube log level 4 to log dnsmasq queries.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
Co-authored-by: Matthew Mosesohn <mmosesohn@mirantis.com>
8 years ago
Alexander Block
fe150d4e4d
Register master node as unschedulable
Also refactor generation of kubelet args to not repeat args.
8 years ago
Antoine Legrand
048ac264a3
Update main.yml
8 years ago
Bogdan Dobrelya
1782d19e1f
Fallback to default resolver if no nameservers
Current design expects users to define at least one
nameserver in the nameservers var to backup host OS DNS config
when the K8s cluster DNS service IP is not available and hosts
still have to resolve external or intranet FQDNs.
Fix undefined nameservers to fallback to the default_resolver.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Bogdan Dobrelya
e2476fbd0b
Revert "Fix wrong path for dhclient.conf on RedHat/CentOS"
8 years ago
Matthew Mosesohn
07cd81ef58
Update docker to 1.12.5
Note the new ubuntu/debian version string change:
https://github.com/docker/docker/issues/29355
8 years ago
Matthew Mosesohn
495d0b659a
Fix weave restart after docker daemon restart
8 years ago
Matthew Mosesohn
68ad4ff4d9
Add dns_domain for each host to /etc/hosts
Fixes #754
8 years ago
Alexander Block
a9684648ab
Fix wrong path for dhclient.conf on RedHat/CentOS
/etc/dhclient.conf is ignored on RedHat/CentOS
Correct location is /etc/dhcp/dhclient.conf
8 years ago
Matthew Mosesohn
9cc73bdf08
Fix etcd member list when upgrading ETCD from an old version
8 years ago
Alexander Block
81317505eb
Set net.ipv4.ip_forward=1 on all systems, not only on GCE
8 years ago
Aleksandr Didenko
d57c27ffcf
Add calico/routereflector support
Add BGP route reflectors support in order to optimize BGP topology
for deployments with Calico network plugin.
Also bump version of calico/ctl for some bug fixes.
8 years ago
Alexander Block
d50eb60827
Add --reconcile-cidr flag to kubelet to support cloud network plugin in 1.4
8 years ago
Alexander Block
dbd9aaf1ea
Add check for azure_route_table_name and add it to all.yml
8 years ago
Alexander Block
d20d5e648f
Add pseudo network plugin called "cloud" to use cloud provider for network
Allow to let the cloud provider configure proper routing for nodes.
8 years ago
Alexander Block
06584ee3aa
Add support for bastion hosts
8 years ago
Alexander Block
665ce82d71
Move kube_version to group_vars/all to allow easier changing of version
Also allows to perform version dependent logic in Ansible roles.
8 years ago
Alexander Block
444b1dafdc
Pass --anonymous-auth to apiserver
Fixes #732
8 years ago
Bogdan Dobrelya
c75f394707
Address standalone kubelet config case
Also place in global vars and do not repeat the kube_*_config_dir
and kube_namespace vars for better code maintainability and UX.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Bogdan Dobrelya
0515814e0c
Fix resolvconf
Do not repeat options and nameservers in the dhclient hooks.
Do not prepend nameservers for dhclient but supersede and fail back
to the upstream_dns_resolvers then default_resolver. Fixes order of
nameservers placement, which is cluster DNS ip goes always first.
Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
8 years ago
Alexander Block
1cfaf927c9
Fix reverse umount in reset role
The Jinja2 filter 'reverse' returned an iterator instead of a list,
resulting in the umount task to fail.
Intead of using the reverse filter, we use 'tac' to reverse the output
of the previous task.
8 years ago