3fa7468d54
Copy ca-key.pem to etcd and kube-masters accordingly
6 years ago
02bf742e15
roles: rkt: Add support for SUSE distributions
The RPM file that's provided by upstream can be used for SUSE
distributions as well. Moreover we simplify the playbook to use
the 'package' module to install packages across different distros.
Link: https://github.com/rkt/rkt/pull/3904
6 years ago
d07f75b389
roles: kubernetes: secrets: Add SUSE support
Add path for certificate location for SUSE distributions. Also make sure
the 'update-ca-certificates' command is executed on SUSE hosts as well.
6 years ago
2d34781259
roles: etcd: Add support for SUSE distributions
Add path for certificate location for SUSE distributions. Also make sure
the 'update-ca-certificates' command is executed on SUSE hosts as well.
6 years ago
cdb63a8c49
roles: docker: Ensure service is started if docker is already installed
If the 'docker' package is already installed, then the handlers will not
run and the service will not be (re-)started. As such, lets make sure
that the service is started even if the packages are already installed.
6 years ago
44a0626fc8
roles: docker: Add support for SUSE distributions
Add support for installing Docker on SUSE distributions. The Docker
repository at https://yum.dockerproject.org/repo/main/ does not support
recent openSUSE distributions so the only alternative is to use the
packages from the distro repositories. This however renders the
'docker_version' Ansible variable useless on SUSE.
6 years ago
45eac53ec7
roles: kubernetes: preinstall: Install openssl-1.1.0 on Tumbleweed
The openssl package on Tumbleweed is actually a virtual package covering
openssl-1.0.0 and openssl-1.1.0 implementations. It defaults to 1.1.0 so
when trying to install it and openssl-1.0.0 is installed, zypper fails
with conflicts. As such, lets explicitly pull the package that we need
which also updates the virtual one.
Co-authored-by: Markos Chandras <mchandras@suse.de>
6 years ago
e42203a13e
roles: kubernetes: preinstall: Add SUSE support
Add support for installing package dependencies and refreshing metadata
on SUSE distributions
Co-authored-by: Nirmoy Das <ndas@suse.de>
6 years ago
4ba25326ed
roles: bootstrap-os: Use 'hostname' command on Tumbleweed
openSUSE Tumbleweed is having the same problems with CoreOS when it
comes to using the hostname ansible module (#1588 , #1600 ) so we need
to apply a similar workaround.
Co-authored-by: Markos Chandras <mchandras@suse.de>
Link: http://bugzilla.opensuse.org/show_bug.cgi?id=997614
6 years ago
dca4777347
roles: bootstrap-os: Add support for SUSE distributions
Install some required packages when running on SUSE distributions.
6 years ago
6c954df636
move when condition to main.yml
6 years ago
3535c29e59
Fix apiserver manifest for kube version < 1.9
6 years ago
88765f62e6
Updating order
https://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use
6 years ago
0f35e17e23
Fix new envvar for setting openstack_tenant_id ( #2641 )
Changed from OS_PROJECT_ID to OS_PROJECT_NAME.
6 years ago
77b3f9bb97
Removing default for volume-plugins mountpoint ( #2618 )
All checks test if this is defined meaning there is no way to undefine it.
6 years ago
45f15bf753
Revert "Fix new envvar for setting openstack_tenant_id" ( #2640 )
6 years ago
0c0f6b755d
Fix new envvar for setting openstack_tenant_id
Changed from OS_PROJECT_ID to OS_PROJECT_NAME.
6 years ago
94eb18b3d9
Replaced ansible_ssh_host with ansible_host in sample inventory file as the former is deprecated since Ansible v2.0
Fixed the reference of ansible_user in kubespray-defaults role
References:
- http://docs.ansible.com/ansible/latest/intro_inventory.html
6 years ago
4c12b273ac
Enabling MutatingAdmissionWebhook for Istio Automatic sidecar injection
https://istio.io/docs/setup/kubernetes/sidecar-injection.html#automatic-sidecar-injection
6 years ago
b68854f79d
fix kubectl download location and kubectl.sh helper owner/group remove
6 years ago
f954bc0a5a
Remove jinja2 dependency of do
While `do` looks cleaner, forcing this extra option in ansible.cfg
seems to be more invasive. It would be better to keep the traditional
approach of `set dummy = ` instead.
6 years ago
66b61866cd
Fix check docker error for atomic
Fix issues #2611
6 years ago
dfc46f02d7
Adding missing service-account certificate for vault
Missed in #2554
6 years ago
ca40d51bc6
Fix typos (no logic changes)
6 years ago
973e7372b4
content: |
6 years ago
b54e091886
Persist ip_vs modules
6 years ago
428a554ddb
istio: container download related things should defined in the download role
6 years ago
32f4194cf8
Bump ingress-nginx-controller to version 0.12.0
6 years ago
76bb5f8d75
check if dedicated service account token signing key exists
6 years ago
4b98537f79
Properly check vsphere_cloud_provider.rc
6 years ago
3004791c64
Add pre-upgrade task for moving credentials file ( #2394 )
* Add pre-upgrade task for moving credentials file
This reverts commit 7ef9f4dfdd
6 years ago
b1a7889ff5
local-volume-provisioner: container download related things should defined in the download role
6 years ago
86e3506ae6
Etcd cluster setup makeover
The current way to setup the etc cluster is messy and buggy.
- It checks for cluster is healthy before the cluster is even created.
- The unit files are started on handlers, not in the task, so you mess with "flush handlers".
- The join_member.yml is not used.
- etcd events cluster is not configured for kubeadm
- remove duplicate runs between running the role on etcd nodes and k8s nodes
6 years ago
4f714b07b8
cephfs-provisioner: container download related things should defined in the download role
6 years ago
4c0e9ba890
registry: container download related things should defined in the download role
6 years ago
b9b028a735
Update etcd deployment to use correct cert and key ( #2572 )
* Update etcd deployment to use correct cert and key
* Update to use admin cert for etcdctl commands
* Update handler to use admin cert too
6 years ago
5fe144aa0f
ingress-nginx: container download related things should defined in the download role
6 years ago
195d6d791a
Integrate jetstack/cert-manager 0.2.3 to Kubespray
6 years ago
aa301c31d1
Move credential checks into proper folder
6 years ago
2c89a02db3
Only download container/file if host is in defined group ( #2565 )
* Only download container/file if host is in defined group
* Set correct when clause
* Fix last entries
* Update download groups
6 years ago
15efdf0c16
Move credential checks
6 years ago
ab8760cc83
Move credentials pre-check
6 years ago
b6da596ec1
Move default configuration parameters for cloud-config
6 years ago
3c12c6beb3
Move cloud config configurations to proper location
6 years ago
8ece922ef0
node_labels documentation + kube-ingress label handling as role_node_label
6 years ago
859a7f32fb
Fix import task. Has to be include task to evalutate etcd_cluster_setup variable at run time
6 years ago
572ab650db
copy dedicated service account token signing key for kubeadm migration
6 years ago
72c2a8982b
Fix kubecert_node.results indexes
6 years ago
13c57147eb
only set no_proxy if other proxy vars are defined
6 years ago
03bcfa7ff5
Stop templating kube-system namespace and creating it ( #2545 )
Kubernetes makes this namespace automatically, so there is
no need for kubespray to manage it.
6 years ago
Matthew Mosesohn
Markos Chandras
Nirmoy Das
Atoms
Christian Phu
Marcelo Grebois
Robin Skahjem-Eriksen
Brad Beam
Matthew Mosesohn
Vikas Kumar
rongzhang
Brad Beam
Daniel Hoherd
Chen Hong
Wong Hoi Sing Edison
Xiaoxi He
georgejdli
vterdunov
woopstar
avoidik
Erwan Miran
Spencer Smith