Kevin Schuck
639010b3df
Uses environment vars for etcd cert paths
6 years ago
Kevin Schuck
6f9f80acee
Uses etcdv3 for calico 3 rr_v4 resources
6 years ago
Kevin Schuck
fb1678d425
Ensures BGPPeer resource names are unique
6 years ago
Alex Yakovenko
884053aaa7
Make Felix healthhost configurable
6 years ago
Kevin Schuck
d3adf09bde
Fixes BGPPeer resource for calico >= 3.0.0
6 years ago
Matthew Mosesohn
c83350e597
refactor to base on calico_version
6 years ago
Matthew Mosesohn
55d76ea3d8
Update install.yml
6 years ago
Matthew Mosesohn
1091e82327
Update install.yml
6 years ago
Matthew Mosesohn
cc79125d3e
Update install.yml
6 years ago
Matthew Mosesohn
d91f9e14e6
Put back legacy support for calico ippools and bgp settings
6 years ago
Takashi Okamoto
b2a7a27dfb
Fix indent error by yamllint.
6 years ago
mlushpenko
ea2c9d8f57
Fix yaml checks
6 years ago
mlushpenko
f958b32c83
Fix calico health checks
6 years ago
Matthew Mosesohn
dc3e317d20
Fix backward compatibility with calico 2.6
6 years ago
Luis Nunez
6569180654
remove capitalize filter
6 years ago
Antoine Legrand
2f1fe44762
update images to use arch
6 years ago
Aivars Sterns
23fd3461bc
calico upgrade to v3 ( #3086 )
* calico upgrade to v3
* update calico_rr version
* add missing file
* change contents of main.yml as it was left old version
* enable network policy by default
* remove unneeded task
* Fix kubelet calico settings
* fix when statement
* switch back to node-kubeconfig.yaml
6 years ago
Erwan Miran
80cfeea957
psp, roles and rbs for PodSecurityPolicy when podsecuritypolicy_enabled is true
6 years ago
Wong Hoi Sing Edison
c3b3572025
Always create service account even rbac_enabled = false
6 years ago
Matthew Mosesohn
1a3b9dd864
Force copy cni files
6 years ago
elementyang
8fee1ab102
change create to apply
6 years ago
Daniel Mohr
476b14b06e
Make Calico nodename overridable on bare metal
Signed-off-by: Daniel Mohr <daniel.mohr@supercrunch.io>
6 years ago
Wong Hoi Sing Edison
195d6d791a
Integrate jetstack/cert-manager 0.2.3 to Kubespray
6 years ago
Matthew Mosesohn
03bcfa7ff5
Stop templating kube-system namespace and creating it ( #2545 )
Kubernetes makes this namespace automatically, so there is
no need for kubespray to manage it.
6 years ago
Anton Fayzrahmanov
a75598b3f4
IP_AUTODETECTION_METHOD docs
6 years ago
Anton Fayzrahmanov
60a057cace
Update calico-node.yml.j2
6 years ago
Anton Fayzrahmanov
dd9d0c0530
optional calico_ip_auto_method variable with IP_AUTODETECTION_METHOD
can be set to one of
first-found
can-reach
interface
6 years ago
Erik Stidham
60bfc56e8e
Update Calico and Canal
- Updating to use calico-node v2.6.7
- A few updates to their manifests too
6 years ago
Matthew Mosesohn
9837b7926f
Use proper lookup of etcd host for calico ( #2408 )
Fixes #2397
6 years ago
Matthew Mosesohn
bc0fc5df98
Use node cert for etcd tasks instead of delegating to first etcd ( #2386 )
For etcdctl commands, use admin cert instead of node because this file
doesn't exist on etcd only hosts.
6 years ago
Brad Beam
89ade65ad6
Fixing etcd certs for calico rr ( #2374 )
6 years ago
Brad Beam
31659efe13
Fixing cert name in calico/canal for etcd check ( #2358 )
6 years ago
Matthew Mosesohn
87f33a4644
Use CNI to assign kube_pods_subnet for calico
Now calico can be deployed if there are other existing pools
and not confuse IPAM and end up with pods in the wrong pools.
6 years ago
Ryan Zenker
ad9049a49e
baremetal tweaks
* allow installs to not have hostname overriden with fqdn from inventory
* calico-config no longer requires local as and will default to global
* when cloudprovider is not defined, use the inventory_hostname for cni-calico
* allow reset to not restart network (buggy nodes die with this cmd)
* default kube_override_hostname to inventory_hostname instead of ansible_hostname
6 years ago
Matthew Mosesohn
d2935ffed0
Optionally ignore the presence of extra calico pools ( #2190 )
6 years ago
Steve Mitchell
e45b30d033
Add etcd key and cert environment variables for use with client auth
7 years ago
Matthew Mosesohn
ec54b36e05
add retries for calico/canal etcd commands ( #2007 )
7 years ago
Spencer Smith
bc1a4e12ad
fix broken variable in ansible 2.4.1.0 and ensure tasks for calico-rr ( #1982 )
7 years ago
Hyunsun Moon
37125866ca
Make calico_node_ignorelooserpf have an effect ( #1945 )
7 years ago
Matthew Mosesohn
86fb669fd3
Idempotency fixes ( #1838 )
7 years ago
Matthew Mosesohn
fc9a65be2b
Refactor downloads to use download role directly ( #1824 )
* Refactor downloads to use download role directly
Also disable fact delegation so download delegate works acros OSes.
* clean up bools and ansible_os_family conditionals
7 years ago
Matthew Mosesohn
d4b10eb9f5
Fix path for calico get node names ( #1816 )
7 years ago
Kevin Lefevre
6ec45b10f1
Update network-plugins to use portmap plugin ( #1763 )
Portmap allow to use hostPort with CNI plugins. Should fix #1675
7 years ago
Matthew Mosesohn
10dd049912
Revert "Security fixes for etcd ( #1778 )" ( #1786 )
This reverts commit 4209f1cbfd
.
7 years ago
Matthew Mosesohn
4209f1cbfd
Security fixes for etcd ( #1778 )
* Security fixes for etcd
* Use certs when querying etcd
7 years ago
Brad Beam
b81c0d869c
Adding calico/node env vars for prometheus configuration
7 years ago
Matthew Mosesohn
f14f04c5ea
Upgrade to kubernetes v1.8.0 ( #1730 )
* Upgrade to kubernetes v1.8.0
hyperkube no longer contains rsync, so now use cp
* Enable node authorization mode
* change kube-proxy cert group name
7 years ago
Aivars Sterns
9c86da1403
Normalize tags in all places to prepare for tag fixing in future ( #1739 )
7 years ago
Matthew Mosesohn
a56738324a
Move set_facts to kubespray-defaults defaults
These facts can be generated in defaults with a performance
boost.
Also cleaned up duplicate etcd var names.
7 years ago
Matthew Mosesohn
d94e3a81eb
Use api lookup for kubelet hostname when using cloudprovider ( #1686 )
The value cannot be determined properly via local facts, so
checking k8s api is the most reliable way to look up what hostname
is used when using a cloudprovider.
7 years ago