Matthew Mosesohn
2ee889843a
Merge pull request #900 from galthaus/cn-length
Cert fail if inventory names too long
7 years ago
Matthew Mosesohn
74b78e75a1
Always trigger docker restart when docker package changes
Docker upgrade doesn't auto-restart docker, causing failures
when trying to start another container
7 years ago
Greg Althaus
6905edbeb6
Add a variable that defaults to kube_apiserver_port that defines
the which port the local nginx proxy should listen on for HA
local balancer configurations.
7 years ago
Greg Althaus
6c69da1573
This PR adds/or modifies a few tasks to allow for the playbook to
be run by limit on each node without regard for order.
The changes make sure that all of the directories needed to do
certificate management are on the master[0] or etcd[0] node regardless
of when the playbook gets run on each node. This allows for separate
ansible playbook runs in parallel that don't have to be synchronized.
7 years ago
Bogdan Dobrelya
e776dfd800
Add idempotency checks for CI
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Greg Althaus
95bf380d07
If the inventory name of the host exceeds 63 characters,
the openssl tools will fail to create signing requests because
the CN is too long. This is mainly a problem when FQDNs are used
in the inventory file.
THis will truncate the hostname for the CN field only at the
first dot. This should handle the issue for most cases.
7 years ago
Bogdan Dobrelya
2a61ad1b57
Merge pull request #895 from mattymo/same_apiserver_certs
Use only one certificate for all apiservers
7 years ago
Matthew Mosesohn
80703010bd
Use only one certificate for all apiservers
https://github.com/kubernetes/kubernetes/issues/25063
7 years ago
Bogdan Dobrelya
e88c10670e
Merge pull request #891 from galthaus/selinux-order
preinstall fails on AWS CentOS7 image
7 years ago
Bogdan Dobrelya
2a2953c674
Merge pull request #893 from kubernetes-incubator/undo_hostresolvconf
Don't try to delete kargo specific config from dhclient when file does not exist
7 years ago
Alexander Block
1054f37765
Don't try to delete kargo specific config from dhclient when file does not exist
Also remove the check for != "RedHat" when removing the dhclient hook,
as this had also to be done on other distros. Instead, check if the
dhclienthookfile is defined.
7 years ago
Greg Althaus
f77257cf79
When running on CentOS7 image in AWS with selinux on, the order of
the tasks fail because selinux prevents ip-forwarding setting.
Moving the tasks around addresses two issues. Makes sure that
the correct python tools are in place before adjusting of selinux
and makes sure that ipforwarding is toggled after selinux adjustments.
7 years ago
Bogdan Dobrelya
f004cc07df
Merge pull request #830 from mattymo/k8sperhost
Generate individual certificates for k8s hosts
7 years ago
Bogdan Dobrelya
065a4da72d
Merge pull request #886 from kubernetes-incubator/undo_hostresolvconf
Add tasks to undo changes to hosts /etc/resolv.conf and dhclient configs
7 years ago
Bogdan Dobrelya
98c7f2eb13
Merge pull request #887 from bogdando/docs
Clarify major/minor/maintainance releases
7 years ago
Bogdan Dobrelya
d332502d3d
Clarify major/minor/maintainance releases
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Alexander Block
a7bf7867d7
Add tasks to undo changes to hosts /etc/resolv.conf and dhclient configs
7 years ago
Bogdan Dobrelya
c63cda7c21
Merge pull request #883 from bogdando/docs
Docs updates
7 years ago
Bogdan Dobrelya
caab0cdf27
Docs updates
Fix mismatching inventory examples.
Add command examples.
Clarify groups use cases.
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Bogdan Dobrelya
1191876ae8
Merge pull request #882 from bogdando/releases
Clarify release policy
7 years ago
Bogdan Dobrelya
fa51a589ef
Clarify release policy
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Matthew Mosesohn
3f274115b0
Generate individual certificates for k8s hosts
8 years ago
Matthew Mosesohn
3b0918981e
Merge pull request #878 from bradbeam/rkt-cni
Adding /opt/cni /etc/cni to rkt run kubelet
7 years ago
Bogdan Dobrelya
a327dfeed7
Merge pull request #881 from bogdando/docs
Fix inventory generator link
7 years ago
Bogdan Dobrelya
d8cef34d6c
Merge pull request #872 from mattymo/bug868
Bind nginx localhost proxy to localhost
7 years ago
Bogdan Dobrelya
6fb6947feb
Fix inventory generator link
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Brad Beam
db8173da28
Adding /opt/cni /etc/cni to rkt run kubelet
7 years ago
Bogdan Dobrelya
bcdfb3cfb0
Merge pull request #793 from kubernetes-incubator/fix_dhclientconf_path
Fix wrong path of dhclient on CentOS+Azure
7 years ago
Bogdan Dobrelya
79aeb10431
Merge pull request #858 from bradbeam/calicoctl-canal
Misc updates for canal
7 years ago
Bogdan Dobrelya
5fd2b151b9
Merge pull request #874 from bogdando/fix
Fix docs formatting
7 years ago
Bogdan Dobrelya
3c107ef4dc
Fix docs formatting
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Bogdan Dobrelya
a5f93d6013
Merge pull request #862 from bogdando/docs
Update docs
7 years ago
Matthew Mosesohn
38338e848d
Merge pull request #860 from adidenko/fix-calico-rr-certs
Fix etcd cert generation for calico-rr role
7 years ago
Bogdan Dobrelya
e9518072a8
Update docs
Link docs to README, update README with recent info.
Update comparsions, add kubeadm vs kargo.
Better describe variables precedence UX impact.
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago
Bogdan Dobrelya
10dbd0afbd
Merge pull request #871 from mattymo/fix_system_search_domains
Fix docker dns host scenario with no search domains
7 years ago
Matthew Mosesohn
e22f938ae5
Bind nginx localhost proxy to localhost
This proxy should only be listening for local connections, not 0.0.0.0.
Fixes #868
7 years ago
Matthew Mosesohn
1dce56e2f8
Fix docker dns host scenario with no search domains
Fixes scenario where docker-dns.conf tries to create an empty
search entry
7 years ago
Bogdan Dobrelya
1f0b2eac12
Merge pull request #815 from adidenko/calico-1.0.0
Set latest stable versions for Calico images
7 years ago
Aleksandr Didenko
d9539e0f27
Fix etcd cert generation for calico-rr role
"etcd_node_cert_data" variable is undefinded for "calico-rr" role.
This patch adds "calico-rr" nodes to task where "etcd_node_cert_data"
variable is registered.
7 years ago
Aleksandr Didenko
0909368339
Set latest stable versions for Calico images
Change version for calico images to v1.0.0. Also bump versions for
CNI and policy controller.
Also removing images repo and tag duplication from netchecker role
8 years ago
Bogdan Dobrelya
091b634ea1
Merge pull request #799 from kubernetes-incubator/docker_dns
Implement "dockerd --dns-xxx" based dns mode
7 years ago
Bogdan Dobrelya
d18804b0bb
Merge pull request #865 from rsmitty/coreos-family-vars
remove assertion for family not being CoreOS
7 years ago
Alexander Block
a8b5b856d1
Only use default resolver in dnsmasq when we are using host_resolvconf mode
7 years ago
Alexander Block
1d2a18b355
Introduce dns_mode and resolvconf_mode and implement docker_dns mode
Also update reset.yml to do more dns/network related cleanup.
8 years ago
Spencer Smith
4a59340182
remove assertion for family not being CoreOS
7 years ago
Spencer Smith
aa33613b98
Merge pull request #863 from bogdando/coreos_facts
[WIP] Better fix for different CoreOS os family facts
7 years ago
Brad Beam
cf042b2a4c
Create network policy directory for canal
7 years ago
Brad Beam
65c86377fc
Adding calicoctl to canal deployment
7 years ago
Bogdan Dobrelya
96372c15e2
Merge pull request #864 from bogdando/nopreemtible
Non preempt GCE instances for CI
7 years ago
Bogdan Dobrelya
f365b32c60
Non preempt GCE instances for CI
Revert preemptible GCE instances for CI as they are too
much of UNREACHABLE. Later we could return to them after
figured out how to mitigate preepted instances with
automated CI retries.
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
7 years ago