Matthew Mosesohn
df28db0066
Fix cert and netchecker upgrade issues ( #1543 )
* Bump tag for upgrade CI, fix netchecker upgrade
netchecker-server was changed from pod to deployment, so
we need an upgrade hook for it.
CI now uses v2.1.1 as a basis for upgrade.
* Fix upgrades for certs from non-rbac to rbac
7 years ago
nico
cc9f3ea938
Fix enforce-node-allocatable option
Closes #1228
pods is default enforcement
see https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/
add
update
7 years ago
Anton
e0960f6288
FIX: Unneded (extra) cycles in some tasks ( #1393 )
7 years ago
Dann Bohn
c4894d6092
add newline after expanding user information
7 years ago
John Ko
018b5039e7
set loadbalancer_apiserver_localhost default true
to match this https://github.com/kubernetes-incubator/kubespray/blob/master/roles/kubernetes/node/tasks/main.yml#L20
and the documented behaviour in HA docs
related to #1456
@rsmitty
7 years ago
jwfang
092bf07cbf
basic rbac support
7 years ago
Dann Bohn
d1f58fed4c
Template out known_users.csv, optionally add groups
7 years ago
Martin Joehren
12e918bd31
add possibility to ignore the hostname override
7 years ago
Brad Beam
e0bf8b2aab
Adding recursive=true for rkt kubelet dir
Fixes #1434
7 years ago
Amit Kumar Jaiswal
319a0d65af
Update kubelet.j2
Updated with closing endif.
7 years ago
Amit Kumar Jaiswal
3d2680a102
Update kubelet.j2
Updated!
7 years ago
Amit Kumar Jaiswal
c36fb5919a
Update kubelet.j2
Updated!!
7 years ago
Amit Kumar Jaiswal
46d3f4369e
Updated K8s version
Signed-off-by: Amit Kumar Jaiswal <amitkumarj441@gmail.com>
7 years ago
Martin Joehren
c2b3920b50
added flag for not populating inventory entries to etc hosts file
7 years ago
Chad Swenson
8467bce2a6
Fix inconsistent kubedns version and parameterize kubedns autoscaler image vars
7 years ago
Spencer Smith
8203383c03
rename almost all mentions of kargo
7 years ago
Gregory Storme
266ca9318d
Use the kube_apiserver_insecure_port variable instead of static 8080
7 years ago
Brad Beam
db3e8edacd
Fixing up vault variables
7 years ago
Brad Beam
6e41634295
Set default value for kube_hyperkube_image_repo
Fixes #1334
7 years ago
Spencer Smith
01c0ab4f06
check if cloud_provider is defined
7 years ago
Spencer Smith
7e2aafcc76
add direct path for cert in AWS with RHEL family
7 years ago
Matthew Mosesohn
cc6e3d14ce
Add host-based kubelet deployment
Kubelet gets copied from hyperkube container and run locally.
7 years ago
Brad Beam
b999ee60aa
Fixing typo in kubelet cluster-dns and cluster-domain flags
7 years ago
Spencer Smith
0afbc19ffb
ensure the /etc/os-release is mounted read only
7 years ago
Spencer Smith
ac9290f985
add for rkt as well
7 years ago
Spencer Smith
5657738f7e
mount os-release to ensure the node's OS is what's seen in k8s api
7 years ago
Sergii Golovatiuk
674b71b535
Ansible 2.3 support
- Fix when clauses in various places
- Update requirements.txt
- Fix README.md
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Spencer Smith
88b5065e7d
fix stray 'in' and break into multiple lines for clarity
7 years ago
Spencer Smith
b690008192
allow for correct aws default resolver
7 years ago
Sergii Golovatiuk
01dc6b2f0e
Add aws to default_resolver
When VPC is used, external DNS might not be available. This patch change
behavior to use metadata service instead of external DNS when
upstream_dns_servers is not specified.
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Sergii Golovatiuk
d8aa2d0a9e
Change DNS policy for kubernetes components
According to code apiserver, scheduler, controller-manager, proxy don't
use resolution of objects they created. It's not harmful to change
policy to have external resolver.
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Sergii Golovatiuk
e796cdbb27
Fix restart kube-controller ( #1242 )
kubernetesUnitPrefix was changed to k8s_* in 1.5. This patch reflects
this change in kargo
7 years ago
Brad Beam
b60a897265
Explicitly create cni bin dir
If this path doesnt exist, it will cause kubelet to fail to start when
using rkt
7 years ago
Hans Kristian Flaatten
d68cfeed6e
Move namespace file to template directory
7 years ago
Spencer Smith
72d5db92a8
remove stray spaces in templating
7 years ago
Spencer Smith
3f302c8d47
ensure spacing on string of flags
7 years ago
Spencer Smith
04a769bb37
ensure spacing on string of flags
7 years ago
Spencer Smith
f9d4a1c1d8
update to safeguard against accidentally passing string instead of list
7 years ago
gbolo
49be805001
allow admission control plug-ins to be easily customized
7 years ago
Spencer Smith
94596388f7
add ability for custom flags
7 years ago
Matthew Mosesohn
ae7f59e249
Skip vault cert task evaluation completely when using script cert generation
7 years ago
Matthew Mosesohn
1c45d37348
Update kubelet.j2
7 years ago
Matthew Mosesohn
b521255ec9
Unbreak 1.5 deployment with kubelet
1.5 kubelet fails to start when using unknown params
7 years ago
Matthew Mosesohn
ff2fb9196f
Fix flannel for 1.6 and apply fixes to enable containerized kubelet
7 years ago
Sergii Golovatiuk
2670eefcd4
Refactoring resolv.conf
- Renaming templates for netchecker
- Add dnsPolicy: ClusterFirstWithHostNet to kube-proxy
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Matthew Mosesohn
a29182a010
Restart kubelet when updating /etc/resolv.conf on all k8s nodes
7 years ago
Sergii Golovatiuk
1cfe0beac0
Set ClusterFirstWithHostNet for Pods with hostnetwork: true
In kubernetes 1.6 ClusterFirstWithHostNet was added as an option. In
accordance to it kubelet will generate resolv.conf based on own
resolv.conf. However, this doesn't create 'options', thus the proper
solution requires some investigation.
This patch sets the same resolv.conf for kubelet as host
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Matthew Mosesohn
b4d06ff8dd
Add /var/lib/cni to kubelet
Necessary to persist this directory for host-local IPAM used by Canal
Add pre-upgrade task to copy /var/lib/cni out of old kubelet.
7 years ago
Matthew Mosesohn
5a5707159a
Fix multiline condition for k8s check certs
Fixes #1190
7 years ago
Matthew Mosesohn
80828a7c77
use etcd2 when upgrading unless forced
7 years ago