77f1d4b0f1
Revert "Update roadmap" ( #1809 )
* Revert "Debian jessie docs (#1806 )"
This reverts commit d78577c810#1800 )"
This reverts commit 5fb6b2eaf7#1799 )"
This reverts commit 404caa111a#1780 )"
This reverts commit b838468500#1779 )"
This reverts commit f2235be1d3#1763 )"
This reverts commit 6ec45b10f1#1795 )"
This reverts commit d9879d8026
7 years ago
b838468500
Fixed kubelet standard log environment ( #1780 )
Change KUBE_LOGGING to KUBE_LOGTOSTDERR, when installing kubelet
as host type.
7 years ago
f2235be1d3
Add support for fedora atomic host ( #1779 )
* don't try to install this rpm on fedora atomic
* add docker 1.13.1 for fedora
* built-in docker unit file is sufficient, as tested on both fedora and centos atomic
7 years ago
d9879d8026
Update roadmap ( #1795 )
7 years ago
d487b2f927
Security best practice fixes ( #1783 )
* Disable basic and token auth by default
* Add recommended security params
* allow basic auth to fail in tests
* Enable TLS authentication for kubelet
7 years ago
66e5e14bac
Restart kubelet on update in deployment-type host on update ( #1759 )
* Restart kubelet on update in deployment-type host on update
* Update install_host.yml
* Update install_host.yml
* Update install_host.yml
7 years ago
7e4668859b
Change file used to check kubeadm upgrade method ( #1784 )
* Change file used to check kubeadm upgrade method
Test for ca.crt instead of admin.conf because admin.conf
is created during normal deployment.
* more fixes for upgrade
7 years ago
ef47a73382
Add new addon Istio ( #1744 )
* add istio addon
* add addons to a ci job
7 years ago
56763d4288
Persist br_netfilter module loading ( #1760 )
7 years ago
ee83e874a8
Clear admin kubeconfig when rotating certs ( #1772 )
* Clear admin kubeconfig when rotating certs
* Update main.yml
7 years ago
27ed73e3e3
Rename dns_server, add var for selinux. ( #1572 )
* Rename dns_server to dnsmasq_dns_server so that it includes role prefix
as the var name is generic and conflicts when integrating with existing ansible automation.
* Enable selinux state to be configurable with new var preinstall_selinux_state
7 years ago
e41c0532e3
add possibility to disable fail with swap ( #1773 )
7 years ago
eeb7274d65
Adjust memory reservation for master nodes ( #1769 )
7 years ago
eb0dcf6063
Improve proxy ( #1771 )
* Set no_proxy to all local ips
* Use proxy settings on all necessary tasks
7 years ago
fe4ba51d1a
Set node IP correctly ( #1770 )
Fixes #1741
7 years ago
adf575b75e
Set default value for disable_shared_pid ( #1710 )
PID namespace sharing is disabled only in Kubernetes 1.7.
Explicitily enabling it by default could help reduce unexpected
results when upgrading to or downgrading from 1.7.
7 years ago
7c663de6c9
add /etc/hosts volume to rkt templates
7 years ago
1be4c1935a
Fix bool check assert
7 years ago
f14f04c5ea
Upgrade to kubernetes v1.8.0 ( #1730 )
* Upgrade to kubernetes v1.8.0
hyperkube no longer contains rsync, so now use cp
* Enable node authorization mode
* change kube-proxy cert group name
7 years ago
9c86da1403
Normalize tags in all places to prepare for tag fixing in future ( #1739 )
7 years ago
ab171a1d6d
don't delegate cert slurp
7 years ago
a56738324a
Move set_facts to kubespray-defaults defaults
These facts can be generated in defaults with a performance
boost.
Also cleaned up duplicate etcd var names.
7 years ago
e42cb43ca5
add bootstrap for debian ( #1726 )
7 years ago
8e1210f96e
Fix cluster-network w/ prefix > 25 not possible with CNI ( #1713 )
7 years ago
371fa51e82
Make installation of EPEL optional ( #1721 )
7 years ago
25dd3d476a
Fix error for azure+calico assert ( #1717 )
Fixes #1716
7 years ago
3ff5f40bdb
fix graceful upgrade ( #1704 )
Fix system namespace creation
Only rotate tokens when necessary
7 years ago
689ded0413
Enable kubeadm upgrades to any version ( #1709 )
7 years ago
327ed157ef
Verify valid settings before deploy ( #1705 )
Also fix yaml lint issues
Fixes #1703
7 years ago
477afa8711
when and run_once are reduplicative ( #1694 )
7 years ago
bd272e0b3c
Upgrade to kubeadm ( #1667 )
* Enable upgrade to kubeadm
* fix kubedns upgrade
* try upgrade route
* use init/upgrade strategy for kubeadm and ignore kubedns svc
* Use bin_dir for kubeadm
* delete more secrets
* fix waiting for terminating pods
* Manually enforce kube-proxy for kubeadm deploy
* remove proxy. update to kubeadm 1.8.0rc1
7 years ago
a1cde03b20
Correct master manifest cleanup logic ( #1693 )
Fixes #1666
7 years ago
64740249ab
Adds tags for asserts ( #1639 )
7 years ago
70d0235770
Set correct kubelet cgroup-driver also for kubeadm deployments
This follows pull request #1677 , adding the cgroup-driver
autodetection also for kubeadm way of deploying.
Info about this and the possibility to override is added to the docs.
7 years ago
30b5493fd6
use command module instead of shell module
7 years ago
dbbe9419e5
Allow setting cgroup driver for kubelet
Red Hat family platforms run docker daemon with `--exec-opt
native.cgroupdriver=systemd`. When kubespray tried to start kubelet
service, it failed with:
Error: failed to run Kubelet: failed to create kubelet: misconfiguration: kubelet cgroup driver: "cgroupfs" is different from docker cgroup driver: "systemd"
Setting kubelet's cgroup driver to the correct value for the platform
fixes this issue. The code utilizes autodetection of docker's cgroup
driver, as different RPMs for the same distro may vary in that regard.
7 years ago
188bae142b
Fix wait for hosts in CI ( #1679 )
Also fix usage of failed_when and handling exit code.
7 years ago
ef8e35e39b
Create admin credential kubeconfig ( #1647 )
New files: /etc/kubernetes/admin.conf
/root/.kube/config
$GITDIR/artifacts/{kubectl,admin.conf}
Optional method to download kubectl and admin.conf if
kubeconfig_lcoalhost is set to true (default false)
7 years ago
aaa27d0a34
Adding quotes around parameters in cloud_config ( #1664 )
This is to help support escapes and special characters
7 years ago
9302ce0036
Enhanced OpenStack cloud provider ( #1627 )
- Enable Cinder API version for block storage
- Enable floating IP for LBaaS
7 years ago
8e731337ba
Enable HA deploy of kubeadm ( #1658 )
* Enable HA deploy of kubeadm
* raise delay to 60s for starting gce hosts
7 years ago
b294db5aed
fix apply for netchecker upgrade ( #1659 )
* fix apply for netchecker upgrade and graceful upgrade
* Speed up daemonset upgrades. Make check wait for ds upgrades.
7 years ago
ac281476c8
Prune unnecessary certs from vault setup ( #1652 )
* Cleaning up cert checks for vault
* Removing all unnecessary etcd certs from each node
* Removing all unnecessary kube certs from each node
7 years ago
6744726089
kubeadm support ( #1631 )
* kubeadm support
* move k8s master to a subtask
* disable k8s secrets when using kubeadm
* fix etcd cert serial var
* move simple auth users to master role
* make a kubeadm-specific env file for kubelet
* add non-ha CI job
* change ci boolean vars to json format
* fixup
* Update create-gce.yml
* Update create-gce.yml
* Update create-gce.yml
7 years ago
75b13caf0b
Fix kube-apiserver status checks when changing insecure bind addr ( #1633 )
7 years ago
5d99fa0940
Purge old upgrade hooks and unused tasks ( #1641 )
7 years ago
e16b57aa05
Store vault users passwords to credentials dir. Create vault and etcd roles after start vault cluster ( #1632 )
7 years ago
e26aec96b0
Consolidate kube-proxy module and sysctl loading ( #1586 )
This sets br_netfilter and net.bridge.bridge-nf-call-iptables sysctl from a single play before kube-proxy is first ran instead of from the flannel and weave network_plugin roles after kube-proxy is started
7 years ago
a341adb7f3
Updating CN for node certs generated by vault ( #1622 )
This allows the node authorization plugin to function correctly
7 years ago
957b7115fe
Remove node name from kube-proxy and admin certificates
7 years ago
neith00
Seungkyu Ahn
Jason Brooks
Matthew Mosesohn
Julian Poschmann
Vijay Katam
Aivars Sterns
Hyunsun Moon
ArchiFleKs
ant31
Spencer Smith
Matthew Mosesohn
Peter Slijkhuis
tanshanshan
Deni Bertovic
Jiri Stransky
foxyriver
Brad Beam
Maxim Krasilnikov
Chad Swenson
mkrasilnikov