Julien Mailleret
6aaaf4a272
Limit the maximum number of revisions saved per helm release ( #2894 )
* Limit the maximum number of revisions saved per helm release
6 years ago
neith00
f2f1e7f9d1
parametrized iptables options for docker daemon
6 years ago
Derek Lemon
1e98e8444e
Using dns domain instead of cluster name for coredns, incase they differ
6 years ago
Wong Hoi Sing Edison
291dd1aca8
Fixup #2545 , cephfs-provisioner: Individual Namespace for Add-on
6 years ago
Wong Hoi Sing Edison
38da0adead
cert-manager: Upgrade to v0.3.0
6 years ago
Brad Beam
3d819a6edd
Adding cluster_name to api cert alt name for vault
6 years ago
rongzhang
20bd656975
Reconfigure kube-proxy to access kube-apiserver via the LB(kubeadm)
6 years ago
Frank Ritchie
cfe939ff08
Tolerate NoSchedule by default
6 years ago
Wong Hoi Sing Edison
9f245dd9b2
ingress-nginx: Upgrade to 0.15.0
6 years ago
rongzhang
f9ccb93825
Fix nginx-proxy HA when kubeadm enable
6 years ago
Wong Hoi Sing Edison
0ad0202e8f
Upgrade Kubernetes to 10.0.4 and etcd to 3.2.18
6 years ago
Brad Beam
63a458063b
Adding missing rkt template for etcd-events
6 years ago
Brad Beam
a8715f9f0f
Adding wait for vault up handler in service restart
6 years ago
Matthew Mosesohn
59be578842
Revert "wip pr for improved cert sync" ( #2849 )
6 years ago
Di Xu
1081f620d2
add support for non-amd64 arch gcr.io images
Currently all the gcr.io images used in kubespray can only run on x86.
Also gcr.io has not fully support multi-arch docker images.
Add extra var "image_arch" (default is amd64) to support running other
platforms, like arm64.
Change-Id: I8e1c9af533c021cb96ade291a1ce58773b40e271
7 years ago
David Chang
e1cfe83825
Fix inconsistent variables in task name and task message
6 years ago
Di Xu
6019a84fb3
Update docker package info for aarch64
Missing corresponding package docker-engine on aarch64, use docker instead.
Change-Id: If5df58337746a81752b5d477e0473600eaee8381
7 years ago
Di Xu
f4d762bb95
fix docker opts incompatible running on aarch64 Redhat/Centos
On Aarch64, the default cgroup driver for docker is systemd
instead of cgroupfs. Should conform kubelet to use systemd
as cgroup driver as well to keep it consistent with docker.
Without this change, below exception will be raised.
/usr/bin/docker-current: Error response from daemon: shim
error: docker-runc not installed on system.
Change-Id: Id496ec9eaac6580e4da2f3ef1a386c9abc2a5129
6 years ago
Ben Meier
2f5a9e180c
kubernetes/client: kubeconfig template should use the access_ip for the chosen master node
6 years ago
Dmitry
f912a4ece5
Fix compare AnsibleUnsafeText with int ( #2828 )
6 years ago
Rong Zhang
d1e66f9cc8
Add label to kubelet env for kubeadm deploy cluster ( #2841 )
6 years ago
Erwan Miran
11d87ecc37
removed surnumerary definition of contiv_etcd_init_image_* (already in download role)
6 years ago
Matthew Mosesohn
7433348aae
wip pr for improved cert sync
6 years ago
Erwan Miran
3673ed6262
include contiv_etcd_init_image to downloads role
6 years ago
Dmitrii Shuvar
16f860bbc2
Update docker-options.conf.j2
Changed /etc/systemd/system/docker.service.d/docker-options.conf file for successful parsing mount aguments
try fix ci error previous commit
6 years ago
dshuvar
d973ecf5cc
fix error message: '[/etc/systemd/system/docker.service.d/docker-options.conf:3] Failed to parse mount flag , ignoring.'
6 years ago
Julien Girardin
f88cd27686
Add dashboard url as part of `kubectl cluster-info` output
6 years ago
Erwan Miran
2a4fc70e1c
contiv-etcd-init image as default instead hardcoded
6 years ago
Oleg Ozimok
38f7ba2584
Fix enough network address space assert
6 years ago
dvazar
b3f9cae820
fixed a check unknown networks (cilium & contiv)
6 years ago
Miouge1
095d33bc51
Remove KPM support
6 years ago
Mikhail Vasilenko
821966b319
Update Helm version to 2.9.1
6 years ago
dvazar
4b8daa22f6
Fixes #2800
6 years ago
Christopher J. Ruwe
c1bc4615fe
assert that number of pods on node does not exceed CIDR address range
The number of pods on a given node is determined by the --max-pods=k
directive. When the address space is exhausted, no more pods can be
scheduled even if from the --max-pods-perspective, the node still has
capacity.
The special case that a pod is scheduled and uses the node IP in the
host network namespace is too "soft" to derive a guarantee.
Comparing kubelet_max_pods with kube_network_node_prefix when given
allows to assert that pod limits match the CIDR address space.
6 years ago
Aivars Sterns
eba486f229
add posibility to provide different yum repository directory ( #2787 )
6 years ago
Matthew Mosesohn
7c93e71801
Upgrade k8s to 1.10.2 ( #2748 )
* Upgrade k8s to 1.10.2
Bumped etcd version to 3.2.16 as recommended
* Add ipvs fix for v1.10
* change flannel addons test to ha
6 years ago
Anatoly Rugalev
eae4fa040a
Added docker_mount_flags option ( fixes #2624 )
6 years ago
Christopher J. Ruwe
73800ef111
make certificates non-executable
6 years ago
rongzhang
742a8782dd
Bump kube-dns to 1.14.10
Upgrade kube-dns to 1.14.10
https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/dns
6 years ago
Arnaud Meukam
cd7c58e8d3
correct some indentation issues in the fluentd daemonset.
6 years ago
Daniel Mohr
476b14b06e
Make Calico nodename overridable on bare metal
Signed-off-by: Daniel Mohr <daniel.mohr@supercrunch.io>
6 years ago
Christopher J. Ruwe
49d106f615
make admin.conf -> .kube/config non-executable
Almost certainly, the .kube/config file (YAML) should not be executable.
6 years ago
Miouge1
ad48606e4e
Restart scheduler when policy changes
6 years ago
Arnaud Meukam
c75da43f22
add missing field in fluentd
6 years ago
Arnaud Meukam
65f14f636d
remove support of other CRI runtimes than Docker in the efk stack
6 years ago
Arnaud Meukam
363627d9f8
serviceName added in elasticsearch. Required when a Statefulset is used
6 years ago
Arnaud Meukam
7950a49e28
update fluentd deployment and configmap
6 years ago
Arnaud Meukam
698da78768
update kibana docker image
6 years ago
Arnaud Meukam
ba320e918d
update elasticsearch image
6 years ago
Matthew Mosesohn
07cc981971
refactor vault role ( #2733 )
* Move front-proxy-client certs back to kube mount
We want the same CA for all k8s certs
* Refactor vault to use a third party module
The module adds idempotency and reduces some of the repetitive
logic in the vault role
Requires ansible-modules-hashivault on ansible node and hvac
on the vault hosts themselves
Add upgrade test scenario
Remove bootstrap-os tags from tasks
* fix upgrade issues
* improve unseal logic
* specify ca and fix etcd check
* Fix initialization check
bump machine size
6 years ago