1c0df78278
Add ETCD_EXPERIMENTAL_INITIAL_CORRUPT_CHECK flag to etcd config ( #8664 )
2 years ago
a16d427536
Set etcd-events listen port to 2383 ( #8232 )
3 years ago
88c11b5946
Revert "etcd: enable v2 api only if needed ( #8001 )" ( #8008 )
This reverts commit c0e1211abe
3 years ago
c0e1211abe
etcd: enable v2 api only if needed ( #8001 )
* etcd: enable v2 api only if needed
Only enable v2 API if we have a consumer (flannel)
This reduce the exposed surface for etcd.
* Fix bad group name
3 years ago
274e06a48d
add etcd max snapshot and wals ( #7382 )
3 years ago
7084d38767
Fix ETCD_CIPHER_SUITES shell var assignment ( #7002 )
4 years ago
cd7212453e
Add etcd tls cipher suites ( #7001 )
* Add etcd tls cipher suites
* yamllint
4 years ago
c09aabab0c
Remove executable bit from yaml and j2 files ( #6894 )
4 years ago
c0fd5b2e84
remove variable 'etcd_ionice', because ionice removed from container image etcd:v3.4.x ( #6735 )
4 years ago
bf8c8976dd
Upgrade etcd to 3.4.3 ( #5998 )
4 years ago
af1c93cdfc
Add option to expose metrics on separate port ( #6092 )
4 years ago
2beffe688a
Make etcdctl connect to localhost out of the box ( #5643 )
* Make etcdctl connect to localhost out of the box
* etcdctl envs: use admin-.pem instead of member-.pem
5 years ago
50bdaa573c
Apply etcd_extra_vars to etcd-events.env as well. ( #4219 )
This change ensures that etcd_extra_vars variable applies
to events etcd as well.
5 years ago
38af93b60c
Remove rkt support ( #4671 )
5 years ago
acbf3db233
Remove hard dependence on facts for all nodes ( #4304 )
* Remove hard dependence on facts for all nodes
* Update main.yaml
* Update main.yaml
6 years ago
af5e05d08d
etcd_log_package_levels for /etc/etcd.env ( #3700 )
6 years ago
2ab2f3a0a3
Ability to define SSL certificates duration and SSL key size ( #3482 )
* Ability to specify ssl certificate duration and ssl key size - etcd/secrets
* Ability to specify ssl certificate duration and ssl key size - helm/contiv + fix contiv missing copy certs generation script
6 years ago
82a28d6bb3
Add documentation about having HA for etcd
6 years ago
da06c8e5a9
etcd UNSUPPORTED for all arch
6 years ago
19268ded23
Fix some arm64 errors
6 years ago
f67933d2ac
add ETCD_UNSUPPORTED_ARCH=arm64 flag
6 years ago
b61eb7d7f3
Add ETCD_QUOTA_BACKEND_BYTES environment variable
6 years ago
ce6854e726
add version to environment file
Trigger reboot handler when version upgrade during update script
6 years ago
63a458063b
Adding missing rkt template for etcd-events
6 years ago
32a8ea8094
Fix wrong var used
6 years ago
fb465f8b4b
Use 'items()' for python compatibility
6 years ago
49c6bf8fa6
support custom env vars for etcd
6 years ago
0df32b03ca
Update openssl.conf to count better and work with Jinja 2.9
7 years ago
4f7479d94d
add etc tunning options
https://coreos.com/etcd/docs/latest/tuning.html
etcd_snapshot_count
and
ionice priority
7 years ago
388b627f72
Enable OOM killing for etcd-events
Enable OOM killing like docker run etcd
7 years ago
67ffd8e923
Add etcd-events cluster for kube-apiserver ( #2385 )
Add etcd-events cluster for kube-apiserver
7 years ago
c0aad0a6d5
Fix install etcd by host service ( #2297 )
Fix bug issues #2289
7 years ago
f8a59446e8
Enable OOM killing
When etcd exceeds its memory limit, it becomes useless but keeps running.
We should let OOM killer kill etcd process in the container, so systemd can spot
the problem and restart etcd according to "Restart" setting in etcd.service unit file.
If OOME problem keep repeating, i.e. it happens every single restart,
systemd will eventually back off and stop restarting it anyway.
--restart=on-failure:5 in this file has no effect because memory allocation error
doesn't by itself cause the process to die
Related: https://github.com/kubernetes-incubator/kubespray/blob/master/roles/etcd/templates/etcd-docker.service.j2
This kind of reverts a change introduced in #1860 .
7 years ago
331f141f63
Fix DNS entries in etcd's openssl.conf by adding a newline. ( #2208 )
DNS entries generated from 'etcd_cert_alt_names' variable in etcd's
openssl.conf are not terminated by a newline.
This fixes issue #2207 .
7 years ago
fa8a128e49
etcd: ability to enable/disable ETCD_PEER_CLIENT_CERT_AUTH
Some installation are failing to authenticate with peers due to
etcd picking up/resoling the wrong node.
By setting 'etcd_peer_client_auth' to "False" you can disable peer client cert
authentication.
Signed-off-by: Sébastien Han <seb@redhat.com>
7 years ago
1401286910
Add support for cert alt names for etcd ( #2139 )
* Add support for cert alt names for etcd
* Update gen_certs_vault.yml
7 years ago
e45b30d033
Add etcd key and cert environment variables for use with client auth
7 years ago
8aafe64397
Defaults for apiserver_loadbalancer_domain_name ( #1993 )
* Defaults for apiserver_loadbalancer_domain_name
When loadbalancer_apiserver is defined, use the
apiserver_loadbalancer_domain_name with a given default value.
Fix unconsistencies for checking if apiserver_loadbalancer_domain_name
is defined AND using it with a default value provided at once.
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
* Define defaults for LB modes in common defaults
Adjust the defaults for apiserver_loadbalancer_domain_name and
loadbalancer_apiserver_localhost to come from a single source, which is
kubespray-defaults. Removes some confusion and simplefies the code.
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
acb63a57fa
Only limit etcd memory on small hosts ( #1860 )
Also disable oom killer on etcd
7 years ago
514359e556
Improve etcd scale up ( #1846 )
Now adding unjoined members to existing etcd cluster
occurs one at a time so that the cluster does not
lose quorum.
7 years ago
10dd049912
Revert "Security fixes for etcd ( #1778 )" ( #1786 )
This reverts commit 4209f1cbfd
7 years ago
4209f1cbfd
Security fixes for etcd ( #1778 )
* Security fixes for etcd
* Use certs when querying etcd
7 years ago
7c663de6c9
add /etc/hosts volume to rkt templates
7 years ago
a56738324a
Move set_facts to kubespray-defaults defaults
These facts can be generated in defaults with a performance
boost.
Also cleaned up duplicate etcd var names.
7 years ago
b23d81f825
Add etcd_blkio_weight var ( #1690 )
7 years ago
8b151d12b9
Adding yamllinter to ci steps ( #1556 )
* Adding yaml linter to ci check
* Minor linting fixes from yamllint
* Changing CI to install python pkgs from requirements.txt
- adding in a secondary requirements.txt for tests
- moving yamllint to tests requirements
7 years ago
3fb0383df4
Add etcd metrics flag
7 years ago
649654207f
mount the etcd data directory in the container with the same path as on the host.
7 years ago
5c1891ec9f
In the etcd container, the etcd data directory is always /var/lib/etcd. Reverting to this value, since `etcd_data_dir` on the host maps to `/var/lib/etcd` in the container.
7 years ago
fff0aec720
add configurable parameter for etcd_auto_compaction_retention
7 years ago
Florian Ruynat
zhengtianbao
Max Gautier
Samuel Liu
emiran-orange
Dmitry Chusovitin
Sergey
Florent Monbillard
Andrew DeMaria
Jakub Husák
Stas
Andreas Krüger
Matthew Mosesohn
Zohar Mamedov
Erwan Miran
Erwan Miran
Antoine Legrand
Vasilis Remmas
Brad Beam
Andreas Kruger
ashon
Spencer Smith
RongZhang
Damian Nowak
Dmitri Rubinstein
Sébastien Han
Steve Mitchell
Bogdan Dobrelya
ArchiFleKs
Matthew Mosesohn
Hassan Zamani
Brad Beam
gdmelloatpoints
Gregory Storme