a65605b17a
ansible-lint: Don't use bare variables ( #4608 )
Circumvented one false positive from ansible-lint
Moved a block of jinja magic into its own variable
5 years ago
424e59805f
ansible-lint: Fix commands that are also available as module ( #4619 )
5 years ago
d6d7458d68
Fix control plane setup without a hardcoded key ( #4610 )
5 years ago
09fe95bc60
Avoid creating k8s cert dir on non-k8s nodes ( #4602 )
5 years ago
33ab615072
Wait longer for node to join the cluster ( #4549 )
5 years ago
05dc2b3a09
Use K8s 1.14 and add kubeadm experimental control plane mode ( #4514 )
* Use K8s 1.14 and add kubeadm experimental control plane mode
This reverts commit d39c273d96
5 years ago
c6586829de
Ensure /etc/bash_completion.d/ folder exists ( #4543 )
The Stateless ClearLinux feature[1] requires the creation of folders
in /etc folder. This change ensure the existence of the
/etc/bash_completion.d/ folder for ClearLinux Distribution.
[1] https://clearlinux.org/features/stateless
5 years ago
b218e17f44
ansible-lint: E403 Package installs should not use latest ( #4500 )
5 years ago
37eac010c8
ansible-lint: Don’t compare to literal True/False ( #4499 )
5 years ago
ec3daedf9e
Revert "Fix for unknown 'kubernetes.io' or 'k8s.io' labels specified with --node-labels ( #4320 )" ( #4553 )
This reverts commit 586ad89d50
5 years ago
c5fb734098
Switch calicoctl from a container to a binary ( #4524 )
5 years ago
d39c273d96
Revert "Use K8s 1.14 and add kubeadm experimental control plane mode ( #4317 )" ( #4510 )
This reverts commit 316508626d
5 years ago
316508626d
Use K8s 1.14 and add kubeadm experimental control plane mode ( #4317 )
* Use Kubernetes 1.14 and experimental control plane support
* bump to v1.14.0
5 years ago
3af90f8772
disable cloud-routes for non-cloud plugin ( #4443 )
5 years ago
3b9d13fda9
Return back bind API server node loadbalancer to 127.0.0.1 for security purposes. ( #4489 )
5 years ago
5e0249ae7c
Add HAProxy as internal loadbalancer ( #4480 )
5 years ago
a30ad1e5a5
Added generic CNI network plugin ( #4322 )
* Added generic CNI network plugin
* Added CNI network plugin documentation
* added necessary fix
5 years ago
586ad89d50
Fix for unknown 'kubernetes.io' or 'k8s.io' labels specified with --node-labels ( #4320 )
* Fix the file path for all.yml and k8s-cluster.yml
* Fix --node-labels namespace error "unknown labels specified"
* Update templates and configs kubelet node-labels
5 years ago
097806dfe8
Added tag kube-proxy ( #4272 )
Signed-off-by: André R. de Miranda <andre@miranda.work>
5 years ago
7cdf1fd388
quote values for kube_oidc_groups_prefix and kube_oidc_username_prefix values to accept colon, e.g oidc: ( #4305 )
This will fix error: error converting YAML to JSON: yaml: line 36: mapping values are not allowed in this context
Signed-off-by: Abdulaziz AlMalki <almalki.a@gmail.com>
5 years ago
913fed0089
kubeadmn init: add 'until' to make 'retries' effective ( #4464 )
an 'until' clause is required or 'retries' is ignored
(see note @ https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html#do-until-loops )
5 years ago
f52584a715
robust handling of API server SANs ( #4435 )
* robust handling of API server SANs
* use apiserver_loadbalancer_domain_name if it is defined, according to PR 3977
5 years ago
d18ad63e49
Update nginx to 1.15. Update manifest and performance optimize ( #4458 )
5 years ago
8ad74404c9
Remove bash-completion ( #4431 )
5 years ago
1ce2f04f47
allow Suse OS family ( #4430 )
5 years ago
20b12751af
add Cinder allowVolumeExpansion option ( #4415 )
5 years ago
55890e1b82
keep compatibility as it was before ( #4268 )
5 years ago
740d8b0a26
enable kubelet client certificate rotation ( #4081 )
* enable kubelet client certificate rotation
* change to variable kubelet_rotate_certificates
5 years ago
5f12b7aedf
Remove kubedns and dnsmasq. Move dns_late phase after apps ( #4406 )
Both kubedns and dnsmasq modes are long not maintained.
We should run dns_late steps at the end because sshd
makes DNS lookups during Ansible run and has 2s timeouts
for each failed lookup trying to connect to coredns before
it is ready.
5 years ago
0440e45d65
Fix supplementary_addresses rendering error ( #4403 )
5 years ago
669ab10c17
Added livenessProbe for local nginx apiserver proxy liveness probe ( #4222 )
* Added configurable local apiserver proxy liveness probe
* Enable API LB healthcheck by default
* Fix template spacing and moved healthz location to nginx http section
* Fix healthcheck listen address to allow kubelet request healthcheck
5 years ago
d0ae316934
Use proxy_env with kubeadm phase commands ( #4325 )
5 years ago
b7fd462944
Fix support for ansible 2.7.9 ( #4375 )
5 years ago
ec08303f82
Revert "Fix #4237 : update kube cert path ( #4354 )" ( #4369 )
This reverts commit ea7a6f1cf1
5 years ago
ea7a6f1cf1
Fix #4237 : update kube cert path ( #4354 )
5 years ago
150a969cf4
Forcefully delete pods when necessary ( #4328 )
Pods on down/unresponsive nodes can't be deleted without
--force --grace-period=0.
Fixes #4314
5 years ago
acbf3db233
Remove hard dependence on facts for all nodes ( #4304 )
* Remove hard dependence on facts for all nodes
* Update main.yaml
* Update main.yaml
5 years ago
adf6a7121f
Reenable set_facts task for dns_late ( #4312 )
5 years ago
67832aada9
changed_when:false ( #4189 )
5 years ago
88249308a0
Add labels to vsphere cloud config ( #4275 )
5 years ago
b4aaa7b908
Speed up tasks ( #4278 )
* fact gathering should run only once per node
* eliminate ansible version check, it is at the beginning of each
playbook
5 years ago
b07641c3f3
Move kube_proxy_remove out of set_facts and set default ( #4180 )
5 years ago
9805fb7a34
Add flexvolume plugin dir to kubeadm kubelet ( #4168 )
This was already approved in #4106 but there are CI issues
with that PR due to references to kubernetes incubator.
After upgrading to Kubespray 2.8.1 with Kubeadm enabled Rook
Ceph volume provision failed due to the flexvolume plugin dir not
being correct. Adding the var fixed the issue
5 years ago
eafab9636f
fix wrong indent of oidc-username-prefix and oidc-groups-prefix in kubeadm config template ( #4263 )
5 years ago
107bfb259a
This PS is to fix the bug when Workers can't join the cluster ( #4276 )
because of etc-kubernetes-manifests not empty.
5 years ago
07b2894080
Adding ability to maintain existing Encryption Secrets at Rest. ( #4255 )
* Adding ability to maintain existing Encryption Secrets at Rest.
If secrets_encryption.yaml is present it will not be overriten with a new kube_encrypt_token.
This should allow for it to be set ahead of a playbook running or maintain it if cluster.yml is ran on the same cluster and the ansible host does not have access to the secrets.
* Setting existing kube_encrypt_token across all master nodes in case it was missing in one or more nodes.
5 years ago
e03588f431
use swapon -s ( #4216 )
5 years ago
22a5a00c49
Improve kubeadm join tasks ( #4206 )
Fix issue where `kubeadm join` could wait forever for joining.
Fix issue where `kubeadm join` were not reaching the user, making
impossible to find the cause of the failure.
New behaviour is to first attempt to join without bypassing the
verifications checks and to display them if needed.
If this fails it still attempts to join by ignoring the check in
order to make previous behavior.
A timeout of 60 seconds is allocated for a joining.
Related-bug: #3973
5 years ago
fbce6349c4
check kube_pods_subnet and kube_service_addresses to valid ip network range, not single ip address ( #4188 )
5 years ago
6878c2af4e
Fix kube_hostname_override inconsistencies ( #4185 )
5 years ago
MarkusTeufelberger
Matthew Mosesohn
Vedran Bartonicek
Victor Morales
Maxime Guyot
Qasim Sarfraz
Sergey
Andreas Krüger
Neven Miculinic
Robert Neumann
André R. de Miranda
Abdulaziz AlMalki
rptaylor
Xavi
Dmitry Chepurovskiy
Etienne
hikoz
Ryler Hockenbury
Gabor Lekeny
Frank Ritchie
Seungkyu Ahn
Manuel Cintron
Sorin Sbarnea
Chad Swenson