Commits · e40368ae2bede83978523cb1d4c04866c322468e · Mirror / Kubespray

Mar 17, 2018

Add CoreDNS support with various fixes · e40368ae

woopstar authored Mar 13, 2018

Added CoreDNS to downloads

Updated with labels. Should now work without RBAC too

Fix DNS settings on hosts

Rename CoreDNS service from kube-dns to coredns

Add rotate based on http://edgeofsanity.net/rant/2017/12/20/systemd-resolved-is-broken.html

Updated docs with CoreDNS info

Added labels and fixed minor settings from official yaml file: https://github.com/kubernetes/kubernetes/blob/release-1.9/cluster/addons/dns/coredns.yaml.sed

Added a secondary deployment and secondary service ip. This is to mitigate dns timeouts and create high resitency for failures. See discussion at 'https://github.com/coreos/coreos-kubernetes/issues/641#issuecomment-281174806'

Set dns list correct. Thanks to @whereismyjetpack

Only download KubeDNS or CoreDNS if selected

Move dns cleanup to its own file and import tasks based on dns mode

Fix install of KubeDNS when dnsmask_kubedns mode is selected

Add new dns option coredns_dual for dual stack deployment. Added variable to configure replicas deployed. Updated docs for dual stack deployment. Removed rotate option in resolv.conf.

Run DNS manifests for CoreDNS and KubeDNS

Set skydns servers on dual stack deployment

Use only one template for CoreDNS dual deployment

Set correct cluster ip for the dns server

e40368ae

Mar 13, 2018
- Fix yamllint roles error for #2188 commit · d264da8f
  rong.zhang authored Mar 13, 2018
  
  d264da8f
Mar 12, 2018
- Fix Docker exits prematurely · ecec94ee
  RongZhang authored Mar 07, 2018
  
  details:https://github.com/moby/moby/pull/31490/files
  ecec94ee
- Fix issues#2451 Support docker-ce and docker-engine · 196995a1
  rong.zhang authored Mar 12, 2018
  
  Support docker-ce and docker-engine include redhat/centos ubuntu debian
  196995a1
Mar 09, 2018

Fix kubernetes cert permission sync · cd153a1f

chadswen authored Mar 09, 2018

Add `state: directory` to `file` task so that `recurse: yes` will actually take effect and ensure
certs/keys have the right file mode and owner

cd153a1f

Prefix system:node CRB · b0ab92c9

chadswen authored Mar 08, 2018

Change the name of `system:node` CRB to `kubespray:system:node` to avoid
conflicts with the auto-reconciled CRB also named `system:node`

Fixes #2121

b0ab92c9

Mar 08, 2018
- clean http-proxy.conf · 8e36ad09
  zhengchuan hu authored Mar 08, 2018
  
  8e36ad09
- Fix always download calico_rr image · 96a92503
  zhengchuan hu authored Mar 08, 2018
  
  96a92503
- Remove nodes · 12c78e62
  rong.zhang authored Mar 05, 2018
  
  Drain node except daemonsets resource Use reset cluser for delete deploy data Then delete node
  12c78e62
- FIXUP #2424: local_provisioner directory should be created only if enabled · 64020040
  Wong Hoi Sing Edison authored Mar 07, 2018
  
  64020040
Mar 07, 2018
- Fix systemd version detection · 60573875
  Chris Mildebrandt authored Mar 07, 2018
  
  Change "command" to "shell" in order for the pipe to work correctly
  60573875
- Add Custom ConfigMap Support for ingress-nginx · 3f96b2da
  Wong Hoi Sing Edison authored Mar 07, 2018
  
  3f96b2da
- docker-ce instead of docker-engine repo (#2423) · dbf40bbb
  RongZhang authored Mar 07, 2018
  
  * Use docker-ce 17.03.2 * Docker-engine may be discarded
  dbf40bbb
- fix the name of some variable · 646d473e
  zhengchuan hu authored Mar 07, 2018
  
  646d473e
Mar 06, 2018

Enable OOM killing for etcd-events · 388b627f
RongZhang authored Mar 05, 2018
```
Enable OOM killing like docker run etcd
```
388b627f

Adding ssh_private_key_file to ProxyCommand · f9019ab1

Dominic Lam authored Mar 05, 2018

This is trying to match what the roles/bastion-ssh-config is trying to do. When the setup is going through bastion, we want to ssh private key to be used on the bastion instance.

f9019ab1

Mar 05, 2018

Add labels for ingress_nginx_namespace, also only setup serviceAccountName if rbac_enabled · e65904ee
Wong Hoi Sing Edison authored Mar 05, 2018

e65904ee

Explicitly defines the --kubelet-preferred-address-types parameter · 89847d56

Ayaz Ahmed Khan authored Jul 12, 2017

to the API server configuration.

This solves the problem where if you have non-resolvable node names,
and try to scale the server by adding new nodes, kubectl commands
start to fail for newly added nodes, giving a TCP timeout error when
trying to resolve the node hostname against a public DNS.

89847d56

Mar 03, 2018
- Start with three dashes for consistency · 585303ad
  Jonas Kongslund authored Mar 03, 2018
  
  585303ad
- Added support for webhook authentication/authorization on the secure kubelet endpoint · a800ed09
  Jonas Kongslund authored Jan 21, 2018
  
  a800ed09
Mar 02, 2018
- Integrate kubernetes/ingress-nginx 0.11.0 to Kubespray · fd464421
  Wong Hoi Sing Edison authored Feb 13, 2018
  
  fd464421
- Use proper lookup of etcd host for calico (#2408) · 9837b792
  Matthew Mosesohn authored Mar 02, 2018
  
  Fixes #2397
  9837b792
- Delete unused fedora docker repo · 2a3b48ed
  rong.zhang authored Mar 02, 2018
  
  2a3b48ed
Mar 01, 2018
- Add etcd-events cluster for kube-apiserver (#2385) · 67ffd8e9
  RongZhang authored Mar 01, 2018
  
  Add etcd-events cluster for kube-apiserver
  67ffd8e9
Feb 28, 2018
- Revert "Add pre-upgrade task for moving credentials file" (#2393) · 7ef9f4df
  Matthew Mosesohn authored Feb 28, 2018
  
  7ef9f4df
- Update pre_upgrade.yml · ad89d1c8
  Brad Beam authored Feb 22, 2018
  
  ad89d1c8
- Fix indexing of supplementary DNS in openssl.conf · 6b80ac65
  Simon Li authored Feb 09, 2018
  
  6b80ac65
- Install latest version of Helm · 2257dc9b
  Miouge1 authored Feb 28, 2018
  
  2257dc9b
- remove obsolete init image, bump dashboard version 1.8.1 -> 1.8.3 · 977e7ae1
  Dmitry Vlasov authored Feb 21, 2018
  
  977e7ae1
Feb 27, 2018
- Use node cert for etcd tasks instead of delegating to first etcd (#2386) · bc0fc5df
  Matthew Mosesohn authored Feb 27, 2018
  
  For etcdctl commands, use admin cert instead of node because this file doesn't exist on etcd only hosts.
  bc0fc5df
- Add pre-upgrade task for moving credentials file · bb469005
  Matthew Mosesohn authored Feb 15, 2018
  
  bb469005
- Fixing etcd certs for calico rr (#2374) · 89ade65a
  Brad Beam authored Feb 27, 2018
  
  89ade65a
- Fix run kubectl error (#2199) · 128d3ef9
  RongZhang authored Feb 27, 2018
  
  * Fix run kubectl error Fix run kubectl error when first master doesn't work * if access_ip is define use first_kube_master else different master use a different ip * Delete set first_kube_master and use kube_apiserver_access_address
  128d3ef9
- Upgrade to Kubernetes v1.9.3 (#2323) · b7e06085
  RongZhang authored Feb 27, 2018
  
  Upgrade to Kubernetes v1.9.3
  b7e06085
Feb 22, 2018
- Fixing cert name in calico/canal for etcd check (#2358) · 31659efe
  Brad Beam authored Feb 22, 2018
  
  31659efe
- fix apiserver manifest when disabling insecure_port · 2bd3776d
  Nedim Haveric authored Feb 22, 2018
  
  2bd3776d
- Fixing credential lookup for fe proxy and vault (#2361) · c874f16c
  Brad Beam authored Feb 22, 2018
  
  c874f16c
- Fixed generate front proxy client certs with vault (#2359) · ba913046
  Maxim Krasilnikov authored Feb 22, 2018
  
  * Fixed generate front proxy client certs with vault * fix vault cert management * Distrebute etcd node certs to vault hosts
  ba913046
- Add health check to kube proxy (#2356) · 42a0f462
  Andreas Krüger authored Feb 21, 2018
  
  Adding health checking to kube proxy. Fixes #2308
  42a0f462
- Set filemode to 0640 (#2315) · d84ff06f
  Andreas Krüger authored Feb 21, 2018
  
  * Set filemode to 0640 weave-net.yml file is readable by all users on the host. It however contains the weave_password to encrypt all pod communication. It should only be readable by root. * Set mode 0640 on users_file with basic auth
  d84ff06f