0ef3a7914c
Added pod psp in Rancher Local Path Provisioner ( #4385 )
* Added pod psp in Rancher Local Path Provisioner
Added pod security policy (psp) in Rancher Local Path Provisioner.
Signed-off-by: André R. de Miranda <andre@miranda.work>
* Apply psp for Rancher Local Path Provisioner only when local_path_provisioner_namespace is not kube-system and also reorganized the templates
5 years ago
4bc204925a
Error in nginx when starting registry-proxy ( #4785 )
Error starting nginx because in requiredDropCapabilities is dropped all capabilities.
The nginx requires the following capabilities:
- CHOWN
- SETGID
- SETUID
Signed-off-by: André R. de Miranda <andre@miranda.work>
5 years ago
73c2ff17dd
Fix Ansible-lint error [E502] ( #4743 )
5 years ago
14749df6f3
Fix "netchecker-server" ClusterRole ( #4730 )
* Add sha256 hashes for calicoctl v3.6.1
Hashes are added to calicoctl_binary_checksums for both adm and arm platforms.
* Add rules for "network-checker.ext" resource to "netchecker-server" ClusterRole
So that it could access the resource after it is created.
Corresponding issues:
https://github.com/Mirantis/k8s-netchecker-server/issues/125
https://github.com/kubernetes-sigs/kubespray/issues/3281
5 years ago
8a5eae94ea
Minor cleanups of CoreDNS issues and CI job ( #4719 )
* Minor cleanups
* Add comment in docs that nodelocaldns cache is enabled by default
5 years ago
e67f848abc
ansible-lint: add spaces around variables [E206] ( #4699 )
5 years ago
fbba259933
ingress-nginx: enable --report-node-internal-ip-address flag ( #4114 )
Close #4113
5 years ago
741de6051c
Fix nodeselectors for contiv and nginx-ingress ( #4662 )
* Fix nodeselectors for contiv and nginx-ingress
Change-Id: Ib3eb6bd87193c69a90ee944c9164a0b6792c79ba
* Set kube proxy mode to iptables for addons task
Change-Id: Iff71a71f672405c74b4708c71db15ddc4391a53a
5 years ago
88d919337e
ansible-lint: don't compare to empty string [E602] ( #4665 )
5 years ago
3722acee85
Fix broken metrics-server deployment not starting ( #4651 )
* Fix metrics-server deployment
* Make metrics server work
* Fix sample inventory
5 years ago
82119ca923
Add support calico kubernetes datastore and typha. ( #4498 )
* Add support calico kubernetes datastore and typha.
* Add typha_enabled to kubespray-defaults.
5 years ago
fc072300ea
Purge legacy cleanup tasks from older than 1 year ( #4450 )
We don't need to support upgrades from 2 year old installs,
just from the last major version.
Also changed most retried tasks to 1s delay instead of longer.
5 years ago
424e59805f
ansible-lint: Fix commands that are also available as module ( #4619 )
5 years ago
d588532c9b
Update probe timeouts, delays etc. ( #4612 )
* Fix merge conflict
* Add check delay
* Add more liveness and readiness options to metrics-server
5 years ago
d89ecb8308
disable metrics server and fix terraform ( #4617 )
* disable metrics server in centos7-flannel-addons job
Change-Id: I1d87923547584896f64dda9ea8feb5581ad48cbe
* Fix tf facility->facilities syntax
Change-Id: I434bfe53f47e8e4a546890e0b62d24bde6e6d6a7
* Update Terraform CI for facilities
* Fix undefined variable error
5 years ago
50751bb610
Revert "Optimize kube resources creation ( #4572 )" ( #4621 )
This reverts commit f8fdc0cd93
5 years ago
f8fdc0cd93
Optimize kube resources creation ( #4572 )
5 years ago
656633f784
YAMLLint everything ( #4576 )
5 years ago
c6586829de
Ensure /etc/bash_completion.d/ folder exists ( #4543 )
The Stateless ClearLinux feature[1] requires the creation of folders
in /etc folder. This change ensure the existence of the
/etc/bash_completion.d/ folder for ClearLinux Distribution.
[1] https://clearlinux.org/features/stateless
5 years ago
37eac010c8
ansible-lint: Don’t compare to literal True/False ( #4499 )
5 years ago
ec3daedf9e
Revert "Fix for unknown 'kubernetes.io' or 'k8s.io' labels specified with --node-labels ( #4320 )" ( #4553 )
This reverts commit 586ad89d50
5 years ago
d83181a2be
add RBD Provisioner Addon ( #3667 ) ( #3668 )
Based on the CephFS Provisioner Addon, the following changes have been made:
- Upstream v2.1.1-k8s1.11
- Configurable Provisioner replicas
5 years ago
46ba6a4154
ansible-lint: when lines should not include Jinja2 variables ( #4496 )
5 years ago
15597aa493
Do not force TCP connections to upstreams. ( #4492 )
5 years ago
a30ad1e5a5
Added generic CNI network plugin ( #4322 )
* Added generic CNI network plugin
* Added CNI network plugin documentation
* added necessary fix
5 years ago
586ad89d50
Fix for unknown 'kubernetes.io' or 'k8s.io' labels specified with --node-labels ( #4320 )
* Fix the file path for all.yml and k8s-cluster.yml
* Fix --node-labels namespace error "unknown labels specified"
* Update templates and configs kubelet node-labels
5 years ago
6caa639243
Update CoreDNS label as specified in the kubernetes coredns repository ( #3920 )
5 years ago
4d39c1856e
Fix jinja filters ( #4470 )
5 years ago
d711a0c83f
[nodelocaldns] expand tolerations on the daemonset ( #4451 )
5 years ago
7e4f4a96fc
Replace iteritems() to items() in Jinja2 templates ( #4437 )
The iteritems() dictionary's method has been removed in Python3. Using
this method in Jinja2 templates limits the execution to Python2 which
will be deprecated in 2020[1]. This change replaces that method for
the items() method as it's suggested in the official website[2].
[1] https://pythonclock.org/
[2] https://docs.ansible.com/ansible/latest/user_guide/playbooks_python_version.html#dict-iteritems
5 years ago
20b12751af
add Cinder allowVolumeExpansion option ( #4415 )
5 years ago
7a72e567d5
Update CoreDNS to 1.4.0 ( #4422 )
* Update CoreDNS to 1.4.0
* Update readme to reflect CoreDNS update
5 years ago
3c050be0b0
Update nodelocaldns cache settings ( #4423 )
5 years ago
41e684eb5a
Update DNS Autoscaler to 1.4.0 ( #4425 )
* Update DNS Autoscaler
* Update downloads too
* Fix yamllint
* Fix yamllint
5 years ago
5f12b7aedf
Remove kubedns and dnsmasq. Move dns_late phase after apps ( #4406 )
Both kubedns and dnsmasq modes are long not maintained.
We should run dns_late steps at the end because sshd
makes DNS lookups during Ansible run and has 2s timeouts
for each failed lookup trying to connect to coredns before
it is ready.
5 years ago
2fb27c8521
Use static files in KubeDNS templating task ( #4379 )
This commit adapts the "Lay Down KubeDNS Template" task to use the static
files moved by pull request [1]
[1] https://github.com/kubernetes-sigs/kubespray/pull/4341
5 years ago
6d7f3c4405
Reduce jinja2 filters in coredns templates ( #4390 )
5 years ago
b7fd462944
Fix support for ansible 2.7.9 ( #4375 )
5 years ago
150a969cf4
Forcefully delete pods when necessary ( #4328 )
Pods on down/unresponsive nodes can't be deleted without
--force --grace-period=0.
Fixes #4314
5 years ago
3c4cbf133e
Adding ability to override dashboard replica count ( #4344 )
5 years ago
fd2c47b56a
Move most coredns templates to static files ( #4341 )
* Move most coredns templates to static files
This should speed up the task slightly
* yaml lint fixes
5 years ago
4fe61968cf
Set default value for local_path_provisioner_enabled in role ( #4309 )
5 years ago
26ca58419f
feat(external-provisioner): adds support for local-path-provisioner ( #4232 )
* feat(external-provisioner/local-path-provisioner): adds support for local path provisioner
Helpful for local development but also in production workloads (once the
permission model is worked out) where you have redundancy built into the
software uses the PVCs (e.g. database cluster with synchronous
replication)
* feat(local-path-provisioner): adds debug flag, image tag group var
* fix(local-path-provisioner): moves image repo/tag to download role
* test(gce_centos7-flannel): enables local-path-provisioner in test case
* fix(addons): add image repo/tag to commented default values
* fix(local-path-provisioner): typo in jinja template for local path provisioner
* style(local-path-provisioner): debug flag condition re-formatted
* fix(local-path-provisioner): adds missing default value for debug flag
* fix(local-path-provisioner): syntax fix for debug if condition end
* fix(local-path-provisioner): jinja template syntax: if condition white space
5 years ago
3d25b4dfc1
30MiB for gpu-device-plugin ( #4227 )
* 30MiB for gpu-device-plugin
* use vars for easier configuration
5 years ago
81801ce23b
Add master toleration flag in dashboard deployment ( #4290 )
5 years ago
4638acfe81
Retry applying podsecurity policies ( #4279 )
5 years ago
aadef80404
Upgrade to latest version of ubuntu-nvidia-driver-installer. ( #4296 )
The lastest version of ubuntu-nvidia-driver-installer contains a fix for
https://github.com/GoogleCloudPlatform/container-engine-accelerators/issues/90
which causes the installer pod to crash when driver is already loaded.
5 years ago
323d788f48
Add support for --enable-skip-login in Dashboard ( #4265 )
5 years ago
23685b4537
Add image tag in "pause" container of nvidia driver installer. ( #4247 )
5 years ago
192f4c4e96
Allow customizing container image path used in NVIDIA GPU addon. ( #4229 )
5 years ago
André R. de Miranda
MarkusTeufelberger
Aleksey Kasatkin
Andreas Krüger
Youngchul Bang
Matthew Mosesohn
grialeyur
MarkusTeufelberger
Maxime Guyot
andreyshestakov
Victor Morales
Jugwan Eom
Neven Miculinic
Robert Neumann
Sidharth Anupkrishnan
Xinghong Fang
Xavi
Stefan Prietl
Manuel Cintron
Peter Metz
hikoz
Vasilis Remmas
Kaoet