Skip to content
  1. Mar 21, 2018
  2. Mar 16, 2018
  3. Mar 13, 2018
  4. Mar 08, 2018
  5. Mar 07, 2018
  6. Feb 21, 2018
  7. Feb 16, 2018
  8. Feb 14, 2018
  9. Feb 13, 2018
  10. Feb 08, 2018
  11. Feb 05, 2018
  12. Jan 31, 2018
  13. Jan 26, 2018
  14. Jan 23, 2018
  15. Jan 09, 2018
    • Bogdan Dobrelya's avatar
      Fix HA docs API access endpoints explained (#2126) · 278ac080
      Bogdan Dobrelya authored
      
      
      * Fix HA docs API access endpoints explained
      
      Follow-up commit 81347298a3ef7932cbeb55e877644ca22d1625f1
      and fix the endpoint value provided in HA docs.
      
      Signed-off-by: default avatarBogdan Dobrelya <bogdando@mail.ru>
      
      * Clarify internal LB with external LB use case
      
      * Clarify how to use both internal and external, non-cluster aware and
        not managed with Kubespray, LB solutions.
      * Clarify the requirements, like TLS/SSL termination, for such an external LB.
        Unlike to the 'cluster-aware' external LB config, endpoints' security must be
        managed by that non-cluster aware external LB.
      * Note that masters always contact their local apiservers via https://bip:sp.
        It's highly unlikely to go down and it reduces latency that might be
        introduced when going host->lb->host. Only computes go that path.
      
      Signed-off-by: default avatarBogdan Dobrelya <bogdando@mail.ru>
      
      * Add a note for supplementary_addresses_in_ssl_keys
      
      Explain how to benefit from supplementary_addresses_in_ssl_keys
      
      Signed-off-by: default avatarBogdan Dobrelya <bogdando@mail.ru>
      278ac080
  16. Jan 04, 2018
  17. Jan 03, 2018
  18. Nov 29, 2017
    • Steven Hardy's avatar
      Allow setting --bind-address for apiserver hyperkube (#1985) · d39a88d6
      Steven Hardy authored
      * Allow setting --bind-address for apiserver hyperkube
      
      This is required if you wish to configure a loadbalancer (e.g haproxy)
      running on the master nodes without choosing a different port for the
      vip from that used by the API - in this case you need the API to bind to
      a specific interface, then haproxy can bind the same port on the VIP:
      
      root@overcloud-controller-0 ~]# netstat -taupen | grep 6443
      tcp        0      0 192.168.24.6:6443       0.0.0.0:*               LISTEN      0          680613     134504/haproxy
      tcp        0      0 192.168.24.16:6443      0.0.0.0:*               LISTEN      0          653329     131423/hyperkube
      tcp        0      0 192.168.24.16:6443      192.168.24.16:58404     ESTABLISHED 0          652991     131423/hyperkube
      tcp        0      0 192.168.24.16:58404     192.168.24.16:6443      ESTABLISHED 0          652986     131423/hyperkube
      
      This can be achieved e.g via:
      
      kube_apiserver_bind_address: 192.168.24.16
      
      * Address code review feedback
      
      * Update kube-apiserver.manifest.j2
      d39a88d6
    • unclejack's avatar
      contiv network support (#1914) · e5d353d0
      unclejack authored
      
      
      * Add Contiv support
      
      Contiv is a network plugin for Kubernetes and Docker. It supports
      vlan/vxlan/BGP/Cisco ACI technologies. It support firewall policies,
      multiple networks and bridging pods onto physical networks.
      
      * Update contiv version to 1.1.4
      
      Update contiv version to 1.1.4 and added SVC_SUBNET in contiv-config.
      
      * Load openvswitch module to workaround on CentOS7.4
      
      * Set contiv cni version to 0.1.0
      
      Correct contiv CNI version to 0.1.0.
      
      * Use kube_apiserver_endpoint for K8S_API_SERVER
      
      Use kube_apiserver_endpoint as K8S_API_SERVER to make contiv talks
      to a available endpoint no matter if there's a loadbalancer or not.
      
      * Make contiv use its own etcd
      
      Before this commit, contiv is using a etcd proxy mode to k8s etcd,
      this work fine when the etcd hosts are co-located with contiv etcd
      proxy, however the k8s peering certs are only in etcd group, as a
      result the etcd-proxy is not able to peering with the k8s etcd on
      etcd group, plus the netplugin is always trying to find the etcd
      endpoint on localhost, this will cause problem for all netplugins
      not runnign on etcd group nodes.
      This commit make contiv uses its own etcd, separate from k8s one.
      on kube-master nodes (where net-master runs), it will run as leader
      mode and on all rest nodes it will run as proxy mode.
      
      * Use cp instead of rsync to copy cni binaries
      
      Since rsync has been removed from hyperkube, this commit changes it
      to use cp instead.
      
      * Make contiv-etcd able to run on master nodes
      
      * Add rbac_enabled flag for contiv pods
      
      * Add contiv into CNI network plugin lists
      
      * migrate contiv test to tests/files
      
      Signed-off-by: default avatarCristian Staretu <cristian.staretu@gmail.com>
      
      * Add required rules for contiv netplugin
      
      * Better handling json return of fwdMode
      
      * Make contiv etcd port configurable
      
      * Use default var instead of templating
      
      * roles/download/defaults/main.yml: use contiv 1.1.7
      
      Signed-off-by: default avatarCristian Staretu <cristian.staretu@gmail.com>
      e5d353d0
  19. Nov 23, 2017
    • Bogdan Dobrelya's avatar
      Defaults for apiserver_loadbalancer_domain_name (#1993) · 8aafe643
      Bogdan Dobrelya authored
      
      
      * Defaults for apiserver_loadbalancer_domain_name
      
      When loadbalancer_apiserver is defined, use the
      apiserver_loadbalancer_domain_name with a given default value.
      
      Fix unconsistencies for checking if apiserver_loadbalancer_domain_name
      is defined AND using it with a default value provided at once.
      
      Signed-off-by: default avatarBogdan Dobrelya <bogdando@mail.ru>
      
      * Define defaults for LB modes in common defaults
      
      Adjust the defaults for apiserver_loadbalancer_domain_name and
      loadbalancer_apiserver_localhost to come from a single source, which is
      kubespray-defaults. Removes some confusion and simplefies the code.
      
      Signed-off-by: default avatarBogdan Dobrelya <bogdando@mail.ru>
      8aafe643
  20. Nov 15, 2017
  21. Nov 10, 2017
  22. Nov 06, 2017
  23. Nov 03, 2017
  24. Nov 02, 2017
  25. Nov 01, 2017
  26. Oct 30, 2017
  27. Oct 16, 2017
  28. Oct 15, 2017
  29. Oct 14, 2017
  30. Oct 11, 2017
    • Vijay Katam's avatar
      Rename dns_server, add var for selinux. (#1572) · 27ed73e3
      Vijay Katam authored
      * Rename dns_server to dnsmasq_dns_server so that it includes role prefix
      as the var name is generic and conflicts when integrating with existing ansible automation.
      *  Enable selinux state to be configurable with new var preinstall_selinux_state
      27ed73e3
    • Matthew Mosesohn's avatar
      Improve proxy (#1771) · eb0dcf60
      Matthew Mosesohn authored
      * Set no_proxy to all local ips
      
      * Use proxy settings on all necessary tasks
      eb0dcf60
  31. Oct 05, 2017
Loading