Matthew Mosesohn
16629d0b8e
Vault should use cert auth for etcd
6 years ago
Julian Hübenthal
7f79210ed1
reworked vsphere-cloud-config template
6 years ago
Julian Hübenthal
9cdd2214f9
render vsphere_resource_pool only if defined
6 years ago
Julian Hübenthal
989e9174c2
Added vSphere cloud provider config update for Kubernetes >= 1.9.2
6 years ago
Matthew Mosesohn
2df4b6c5d2
Rename default_resolver to cloud_resolver ( #2209 )
Cloud resolvers are mandatory for hosts on GCE and OpenStack
clouds. The 8.8.8.8 alternative resolver was dropped because
there is already a default nameserver. The new var name
reflects the purpose better.
Also restart apiserver when modifying dns settings.
6 years ago
RongZhang
3846384d56
Bump kube-dns to 1.14.8 ( #2204 )
Bump kube-dns to 1.14.8
6 years ago
Dmitri Rubinstein
331f141f63
Fix DNS entries in etcd's openssl.conf by adding a newline. ( #2208 )
DNS entries generated from 'etcd_cert_alt_names' variable in etcd's
openssl.conf are not terminated by a newline.
This fixes issue #2207 .
6 years ago
Matthew Mosesohn
dc6a17e092
Use include/import tasks ( #2192 )
import_tasks will consume far less memory, so it should be
used whenever it is compatible.
6 years ago
Miouge1
240d4193ae
Update information about network sizes
6 years ago
Matthew Mosesohn
ac66e98ae9
Upgrade to Kubernetes v1.9.1 ( #2152 )
Raise drain timeout to 5m
6 years ago
Matthew Mosesohn
d2935ffed0
Optionally ignore the presence of extra calico pools ( #2190 )
6 years ago
mirwan
714994cad8
iptables: flush nat table as well as filter table upon reset ( #2174 )
* iptables: flush nat table as well as filter table upon reset
* Indentation fix
6 years ago
Matthew Mosesohn
bf1411060e
Add optional manual dns_mode ( #2178 )
6 years ago
Virgil Chereches
a4d142368b
Renamed variable from disable_volume_zone_conflict to volume_cross_zone_attachment and removed cloud provider condition; fix identation
6 years ago
Stanislav Makar
ae47b617e3
Fix 'no such host' problem ( #2148 )
Fix 'no such host' problem reported by commands *kubectl logs* and *kubectl exec*
when cloud_provider is OpenStack
Closes : #2147
6 years ago
Erwan Miran
e5b4011aa4
move hardcoded dnsmasq autoscaler image to its own variable
6 years ago
Virgil Chereches
3125f93b3f
Added disable_volume_zone_conflict variable
6 years ago
ArchiFleKs
637604d08f
Add lib/modules to kube-proxy to enable LVS
kube-proxy is complaining of missing modules at startup. There is a plan
to also support an LVS implementation of kube-proxy in additon to
userspace and iptables
6 years ago
Erwan Miran
1a9989ade9
move hardcoded dnsmasq autoscaler image to its own variable
6 years ago
Virgil Chereches
8c45c88d15
Fix for Issue #2141 - added policy file
6 years ago
Virgil Chereches
c87bb2f239
Fix for Issue #2141
6 years ago
heping
32eeb9a0e0
Restart docker when http-proxy.conf changed.
6 years ago
rong.zhang
df21fc8643
Remove initContainer
6 years ago
abelgana
a9bb72c6fd
require-kubeconfig is depricated since k8s v1.8
6 years ago
abelgana
9506c2e597
require-kubeconfig is deprecated since K8s v1.8
6 years ago
Peter Slijkhuis
32884357ff
Add kubelet_custom_flags to kubelet.kubeadm.env.j2
6 years ago
neith00
88204642b7
updated weave to 2.1.3
6 years ago
Matthew Mosesohn
1401286910
Add support for cert alt names for etcd ( #2139 )
* Add support for cert alt names for etcd
* Update gen_certs_vault.yml
6 years ago
Lukasz Piatkowski
12eb242224
fix fluentd template
6 years ago
Philippe Chepy
df9faa1743
Add support for flex volumes plugins.
6 years ago
ArchiFleKs
ce85bcaee7
Simplify and update OpenStack cloud provider
Simplify the number of variables necessary to "just" enable OpenStack
cloud provider. Also add the new options available in K8s 1.9.
6 years ago
rong.zhang
6ed2a60978
fix run dashboard error
6 years ago
Bogdan Dobrelya
bac3bf1a5f
Fix auto-evaluated API access endpoint for bind IP ( #2086 )
Auto configure API access endpoint with a custom bind IP, if provided.
Fix HA docs' http URLs are https in fact, clarify the insecure vs secure
API access modes as well.
Closes: #issues/2051
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
6 years ago
RongZhang
e3b684df21
Remove blank lines
Remove blank lines
6 years ago
Steve Mitchell
e45b30d033
Add etcd key and cert environment variables for use with client auth
7 years ago
Matthew Mosesohn
ad6fecefa8
Update Kubernetes to v1.9.0 ( #2100 )
Update checksum for kubeadm
Use v1.9.0 kubeadm params
Include hash of ca.crt for kubeadm join
Update tag for testing upgrades
Add workaround for testing upgrades
Remove scale CI scenarios because of slow inventory parsing
in ansible 2.4.x.
Change region for tests to us-central1 to
improve ansible performance
6 years ago
Jan Jungnickel
3fdb2ccf55
Revert back to using an empty var as default to exclude hostname ( #2110 )
6 years ago
Matthew Mosesohn
29f5b55d42
remove unwanted whitespace for kube_override_hostname ( #2105 )
6 years ago
rong.zhang
5aef52e8c0
fix dashboard certs secret
7 years ago
Matthew Mosesohn
6bb46e3ecb
Fix param names in preparation for Kubernetes v1.9.0 ( #2098 )
This does not update v1.9.0, but fixes two incompatibilities
when trying to deploy v1.9.0.
7 years ago
Matthew Mosesohn
127bc01857
Do not override kubelet hostname if cloud_provider is used ( #2095 )
Starting with Kubernetes v1.8.4, kubelet ignores the AWS cloud
provider string and uses the override hostname, which fails
Node admission checks.
Fixes #2094
7 years ago
Evan Zeimet
a6975c1850
Rename runtime docker_version ( #2082 )
Renaming runtime docker_version to prevent setting that
value on the command line from breaking the play run.
This fixes #2081
7 years ago
Stanislav Makar
b2cb0725ac
Default OpenStack Cinder Storage Class ( #2083 )
Add possibility to create default OpenStack Cinder Storage Class
Closes : #1609
7 years ago
rong.zhang
b974b144a8
Add RBAC to binding Dahsboard UI
7 years ago
Matthew Mosesohn
bfb25fa47b
Change vault cert ttl to 8y ( #2013 )
7 years ago
Matthew Mosesohn
b135bcb9d9
Split download container task for delegate and non-delegate modes ( #2077 )
Ansible cannot seem to handle omitting delegate_to since v2.4.0.0.
Possibly related: https://github.com/ansible/ansible/issues/30760
7 years ago
rong.zhang
0771cd8599
Remove dashboard_tls_key and dashboard_tls_cert
7 years ago
Fang Zhen
91d848f98a
Make spliting system_search_domains more robust
The search line in /etc/resolv.conf could have
multiple spaces or tabs between domains.
split(' ') will give wrong results in some case,
use split() without argument instead.
e.g.
>>> 'domain.tld cluster.tld '.split(' ')
['domain.tld\tcluster.tld', '']
>>> 'domain.tld cluster.tld '.split()
['domain.tld', 'cluster.tld']
7 years ago
rong.zhang
40edf8c6f5
Update dashboard version to v1.8.0
Update dependencies to be compatible with Kubernetes v1.8
7 years ago
Chad Swenson
e78562830f
Retry kube container removal during upgrade
As we have seen with other containers, sometimes container removal fails on the first attempt due to some Docker bugs. Retrying typically corrects the issue.
7 years ago