Commit Graph

884 Commits

Author SHA1 Message Date
Henry Finucane 3ad9e9c5eb Fix #2261 by supporting Red Hat's limited PATH
Red Hat has this theory that binaries in sbin are too dangerous to be on
the default path, but we need them anyway.

RH7 has /sbin and /usr/sbin as symlinks, so that is no longer important.

I'm adding it to the `PATH` instead of making the path to `modinfo`
absolute because I am worried about breaking support for other
distributions.
2018-06-15 12:49:22 -07:00
Rong Zhang 10c9fe96b0 Merge pull request #2859 from riverzhang/nginx
Fix nginx-proxy HA when kubeadm enable
2018-06-08 01:10:01 +08:00
rongzhang f9ccb93825 Fix nginx-proxy HA when kubeadm enable 2018-06-07 14:27:19 +00:00
Aivars Sterns daeea75fbb Merge pull request #2835 from oracle/bm_fix-apiserver-access-ip
roles/kubernetes/client: kubeconfig template should use access_ip
2018-06-07 11:50:57 +03:00
Matthew Mosesohn 59be578842 Revert "wip pr for improved cert sync" (#2849) 2018-06-06 17:22:25 +03:00
Aivars Sterns cb0a257349 Merge pull request #2819 from oleh-ozimok/fix-cidr-assert
Fix enough network address space assert
2018-06-06 07:32:16 +03:00
Aivars Sterns 69ea28e187 Merge pull request #2827 from mattymo/testpr
wip pr for improved cert sync
2018-06-04 12:43:00 +03:00
Ben Meier 2f5a9e180c kubernetes/client: kubeconfig template should use the access_ip for the chosen master node 2018-06-04 09:51:05 +01:00
Dmitry f912a4ece5 Fix compare AnsibleUnsafeText with int (#2828) 2018-06-04 11:34:10 +03:00
Rong Zhang d1e66f9cc8 Add label to kubelet env for kubeadm deploy cluster (#2841) 2018-06-04 11:26:47 +03:00
Matthew Mosesohn 7433348aae wip pr for improved cert sync 2018-05-30 12:15:11 +03:00
Oleg Ozimok 38f7ba2584 Fix enough network address space assert 2018-05-27 18:01:17 +03:00
Andreas Krüger a67bdff28c Merge pull request #2743 from mrostecki/opensuse-tumbleweed-openssl
opensuse: Fix OpenSSL package name
2018-05-22 11:21:04 +02:00
Andreas Krüger e60a63ea51 Merge pull request #2577 from woopstar/etcd-fix-4
Makeover of etcd- and etcd-cluster setup.
2018-05-16 20:49:54 +02:00
Christopher J. Ruwe c1bc4615fe assert that number of pods on node does not exceed CIDR address range
The number of pods on a given node is determined by the  --max-pods=k
directive. When the address space is exhausted, no more pods can be
scheduled even if from the --max-pods-perspective, the node still has
capacity.

The special case that a pod is scheduled and uses the node IP in the
host network namespace is too "soft" to derive a guarantee.

Comparing kubelet_max_pods with kube_network_node_prefix when given
allows to assert that pod limits match the CIDR address space.
2018-05-16 11:55:46 +00:00
Matthew Mosesohn 7c93e71801 Upgrade k8s to 1.10.2 (#2748)
* Upgrade k8s to 1.10.2

Bumped etcd version to 3.2.16 as recommended

* Add ipvs fix for v1.10

* change flannel addons test to ha
2018-05-15 16:00:29 +03:00
Christopher J. Ruwe 73800ef111 make certificates non-executable 2018-05-15 07:54:32 +00:00
Christopher J. Ruwe 49d106f615 make admin.conf -> .kube/config non-executable
Almost certainly, the .kube/config file (YAML) should not be executable.
2018-05-14 09:29:48 +00:00
Miouge1 ad48606e4e Restart scheduler when policy changes 2018-05-14 10:09:30 +02:00
Matthew Mosesohn 07cc981971 refactor vault role (#2733)
* Move front-proxy-client certs back to kube mount

We want the same CA for all k8s certs

* Refactor vault to use a third party module

The module adds idempotency and reduces some of the repetitive
logic in the vault role

Requires ansible-modules-hashivault on ansible node and hvac
on the vault hosts themselves

Add upgrade test scenario
Remove bootstrap-os tags from tasks

* fix upgrade issues

* improve unseal logic

* specify ca and fix etcd check

* Fix initialization check

bump machine size
2018-05-11 19:11:38 +03:00
Andreas Krüger d73d60c9b0 Merge pull request #2600 from maximegaillard/master
Add Openstack tenant name
2018-05-08 12:03:01 +02:00
Michal Rostecki 066016cd3e opensuse: Fix OpenSSL package name
OpenSSL 1.1 package in openSUSE Tumbleweed is named openssl-1_1,
not openssl-1_1_0.
2018-05-08 10:03:30 +02:00
Andreas Krüger 28d6eb6af1 Merge pull request #2644 from cp3hu/master
Fix apiserver manifest and kubelet for kube version < 1.9
2018-05-08 09:22:36 +02:00
Chad Swenson 595e96ebf1 Merge pull request #2693 from romaindequidt/sync-certs-tasks-fix
sync certs tasks (fix #2596 #2667)
2018-05-02 12:17:23 -05:00
woopstar 4c81cd2a71 Merge branch 'master' of https://github.com/kubernetes-incubator/kubespray into etcd-fix-4 2018-05-02 14:45:58 +02:00
Maxime Gaillard 00db751646 Add Openstack tenant name 2018-05-01 09:21:37 +02:00
Tomasz Majchrowski 59789ae02a ISSUE-2706: Provide consistent usage of supplementary_addresses_in_ssl_keys across vault and script mode (#2707) 2018-04-30 14:48:17 +03:00
Andreas Krüger 03de4c0806 Merge pull request #2695 from suzutan/add-oidc-prefix-args
Add oidc-user-prefix and oidc-group-prefix args
2018-04-30 09:17:02 +02:00
mirwan 06cdb260f6 labelvalue must be formatted to handle non string values (#2722) 2018-04-29 19:02:14 +03:00
mirwan c3c5817af6 sysctl file should be in defaults so that it can be overriden (#2475)
* sysctl file should be in defaults so that it can be overriden

* Change sysctl_file_path to be consistent with roles/kubernetes/preinstall/defaults/main.yml
2018-04-27 18:50:58 +03:00
Markos Chandras 9168c71359 Revert "Revert "Add openSUSE support" (#2697)" (#2699)
This reverts commit 51f4e6585a.
2018-04-26 12:52:06 +03:00
Matthew Mosesohn 1a14f1ecc1 Fix vol format for local volume provisioner in rkt (#2698) 2018-04-24 20:32:08 +03:00
Matthew Mosesohn 51f4e6585a Revert "Add openSUSE support" (#2697) 2018-04-23 14:28:24 +03:00
Suzuka Asagiri f81e6d2ccf Add oidc-user-prefix and oidc-group-prefix args 2018-04-23 12:23:59 +09:00
Romain DEQUIDT 80dd230a65 sync certs tasks (fix #2596 #2667) 2018-04-22 10:00:31 +02:00
Paul Montero 75950344fb run_once pre_upgrade tasks which are executing in localhost 2018-04-19 11:38:13 -05:00
Matthew Mosesohn f73717ea35 Mount local volume provisioner dirs for containerized kubelet (#2648) 2018-04-12 22:55:13 +03:00
Aivars Sterns 1967963702 Merge pull request #2380 from hwoarang/add-opensuse-support
Add openSUSE support
2018-04-12 20:28:50 +03:00
Chad Swenson d87b6fd9f3 Use dedicated front-proxy-ca for front-proxy-client 2018-04-12 11:03:22 -05:00
Chad Swenson a6a47dbc96 Merge pull request #2617 from bradbeam/savaultcert
Adding missing service-account certificate for vault
2018-04-12 11:02:24 -05:00
Aivars Sterns 298c6cb790 Merge pull request #2633 from grebois/patch-3
Enabling MutatingAdmissionWebhook for Istio Automatic sidecar injection
2018-04-12 11:53:58 +03:00
Markos Chandras d07f75b389 roles: kubernetes: secrets: Add SUSE support
Add path for certificate location for SUSE distributions. Also make sure
the 'update-ca-certificates' command is executed on SUSE hosts as well.
2018-04-11 20:55:02 +01:00
Nirmoy Das 45eac53ec7 roles: kubernetes: preinstall: Install openssl-1.1.0 on Tumbleweed
The openssl package on Tumbleweed is actually a virtual package covering
openssl-1.0.0 and openssl-1.1.0 implementations. It defaults to 1.1.0 so
when trying to install it and openssl-1.0.0 is installed, zypper fails
with conflicts. As such, lets explicitly pull the package that we need
which also updates the virtual one.

Co-authored-by: Markos Chandras <mchandras@suse.de>
2018-04-11 17:46:14 +01:00
Markos Chandras e42203a13e roles: kubernetes: preinstall: Add SUSE support
Add support for installing package dependencies and refreshing metadata
on SUSE distributions

Co-authored-by: Nirmoy Das <ndas@suse.de>
2018-04-11 17:46:14 +01:00
Christian Phu 3535c29e59 Fix apiserver manifest for kube version < 1.9 2018-04-10 18:17:56 +02:00
Marcelo Grebois 88765f62e6 Updating order
https://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use
2018-04-10 17:17:39 +02:00
Robin Skahjem-Eriksen 0f35e17e23 Fix new envvar for setting openstack_tenant_id (#2641)
Changed from OS_PROJECT_ID to OS_PROJECT_NAME.
2018-04-10 17:23:31 +03:00
Brad Beam 77b3f9bb97 Removing default for volume-plugins mountpoint (#2618)
All checks test if this is defined meaning there is no way to undefine it.
2018-04-10 17:19:25 +03:00
Matthew Mosesohn 45f15bf753 Revert "Fix new envvar for setting openstack_tenant_id" (#2640) 2018-04-10 14:37:24 +03:00
Aivars Sterns 913cc5a9af Merge pull request #2639 from ironhouzi/openstack_tenant_id_fix
Fix new envvar for setting openstack_tenant_id
2018-04-10 14:35:28 +03:00