profile
viewpoint
Matthew Mosesohn mattymo Moscow, Russia

mattymo/ansible 0

Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy. Avoid writing scripts or custom code to deploy and update your applications— automate in a language that approaches plain English, using SSH, with no agents to install on remote systems.

mattymo/ansible-modules-core 0

Ansible modules - these modules ship with ansible

mattymo/beaker 0

Puppet Acceptance Testing Harness

mattymo/chart-dex 0

CoreOS Dex chart for Kubernetes

mattymo/charts 0

Curated applications for Kubernetes

mattymo/community 0

Kubernetes community content

mattymo/contrail-ansible-deployer 0

Ansible deployment for contrail

mattymo/contrail-container-builder 0

Build contrail networking control components as micro-services

pull request commentkubernetes-sigs/kubespray

Update deprecated api

/lgtm

floryut

comment created time in a month

pull request commentkubernetes-sigs/kubespray

Update nginx ingress to 0.32.0

/lgtm /approve

floryut

comment created time in a month

PR opened kubernetes-sigs/kubespray

Reviewers
Tolerate failed coredns svc errors on kubeadm init/upgrade

Also deletes kube-dns svc in kube-system namespace which is unused

+26 -1

0 comment

3 changed files

pr created time in a month

create barnchmattymo/kargo

branch : kubeadm_coredns_svc

created branch time in a month

push eventmattymo/kargo

Matthew Mosesohn

commit sha 719602e98dd6dffad6edcdbb3ccb95ff304b56ad

Enable coredns-custom optional configmap Change-Id: I3891152b916fb191667fa6de660fc1df16fe5f98

view details

push time in a month

push eventmattymo/kargo

Matthew Mosesohn

commit sha 6af467ff7ca41b7997443c42cecebbbfc15bd64f

Update docs/dns-stack.md Co-authored-by: Florent Monbillard <f.monbillard@gmail.com>

view details

push time in a month

Pull request review commentkubernetes-sigs/kubespray

Enable coredns-custom optional configmap

 or as INI coredns_external_zones=[{"cache": 30,"zones":["example.com","example.io:453"],"nameservers":["1.1.1.1","2.2.2.2"]}]' ``` +### coredns-custom ConfigMap++You can create an optional configmap in kube-system namespace after deployment+named ``coredns-custom``. Inside your configmap should have files with the

Thanks for correcting my english :)

mattymo

comment created time in a month

create barnchmattymo/kargo

branch : coredns-custom

created branch time in a month

pull request commentkubernetes-sigs/kubespray

Rewrite download_hash in Python

/lgtm /approve

rodrigc

comment created time in a month

pull request commentkubernetes-sigs/kubespray

Make etcdctl copy command work on cri-o/containerd

@EppO Then you have to mount all the certs if you go with the shell wrapper. It's just more effort than it is worth.

mattymo

comment created time in a month

Pull request review commentkubernetes-sigs/kubespray

Rewrite download_hash in Python

+#!/usr/bin/env python3++# After a new version of Kubernetes has been released,+# run this script to update roles/download/defaults/main.yml+# with new hashes.++import hashlib+import sys++import requests+from ruamel.yaml import YAML++MAIN_YML = "../roles/download/defaults/main.yml"++def open_main_yaml():+    yaml = YAML()+    yaml.explicit_start = True+    yaml.preserve_quotes = True+    yaml.width = 4096++    with open(MAIN_YML, "r") as main_yml:+        data = yaml.load(main_yml)++    return data, yaml+++def download_hash(versions):+    architectures = ["arm", "arm64", "amd64"]+    downloads = ["kubelet", "kubectl", "kubeadm"]++    data, yaml = open_main_yaml()++    for download in downloads:+        checksum_name = f"{download}_checksums"+        for arch in architectures:+            for version in versions:+                url = f"https://storage.googleapis.com/kubernetes-release/release/{version}/bin/linux/{arch}/{download}"+                download_file = requests.get(url, allow_redirects=True)+                download_file.raise_for_status()+                sha256sum = hashlib.sha256(download_file.content).hexdigest()+                data[checksum_name][arch][version] = sha256sum++    with open(MAIN_YML, "w") as main_yml:+        yaml.dump(data, main_yml)+        print(f"\n\nUpdated {MAIN_YML}\n")+++def main(argv=None):+    if not argv:

Can you change the behavior slightly?

If no versions specified, display Usage: download_hash.py kube_version1 ... kube_versionN (or use your best judgement)

It shouldn't update the file if no versions are specified.

rodrigc

comment created time in 2 months

delete branch mattymo/kargo

delete branch : fix_kubeadm_upgrade_check

delete time in 2 months

pull request commentkubernetes-sigs/kubespray

Use correct kube apiserver port when checking

@floryut Thanks for catching the other PR. I should have checked before opening this one.

mattymo

comment created time in 2 months

PR opened kubernetes-sigs/kubespray

Scale up coredns to 1 replica before upgrade if using manual mode

In k8s v1.18, kubeadm upgrade validates that coredns has at least 1 ready replica before finishing the upgrade. On the upside, this is fixed for v1.19 and we don't need to create coredns deployment at all.

+18 -0

0 comment

1 changed file

pr created time in 2 months

create barnchmattymo/kargo

branch : coredns_manual_upgrade

created branch time in 2 months

Pull request review commentkubernetes-sigs/kubespray

Make etcdctl copy command work on cri-o/containerd

 ----- name: Install | Copy etcdctl binary from docker container-  command: sh -c "{{ docker_bin_dir }}/docker rm -f etcdctl-binarycopy;-           {{ docker_bin_dir }}/docker create --name etcdctl-binarycopy {{ etcd_image_repo }}:{{ etcd_image_tag }} &&-           {{ docker_bin_dir }}/docker cp etcdctl-binarycopy:/usr/local/bin/etcdctl {{ bin_dir }}/etcdctl &&-           {{ docker_bin_dir }}/docker rm -f etcdctl-binarycopy"-  register: etcdctl_install_result-  until: etcdctl_install_result.rc == 0-  retries: "{{ etcd_retries }}"+- name: Set commands for etcdctl container tasks+  set_fact:+    etcdctl_compare_command: >-+      {%- if container_manager in ['docker', 'crio'] %}+      {{ docker_bin_dir }}/docker run --rm -v {{ bin_dir }}:/systembindir --entrypoint /usr/bin/cmp {{ etcd_image_repo }}:{{ etcd_image_tag }} /usr/local/bin/etcdctl /systembindir/helm+      {%- elif container_manager == "containerd" %}+      ctr run --rm --mount type=bind,src={{ bin_dir }},dst=/systembindir,options=rbind:rw {{ etcd_image_repo }}:{{ etcd_image_tag }} etcdctl-compare sh -c 'cmp /usr/local/bin/etcdctl /systembindir/etcdctl'+      {%- endif %}+    etcdctl_copy_command: >-+      {%- if container_manager in ['docker', 'crio'] %}

Ooh, you're right. I copied this from helm role. We should use crictl here. ctr is containerd-specific.

mattymo

comment created time in 2 months

pull request commentkubernetes-sigs/kubespray

Only fix kube-proxy address on evaluating kube_master hosts

/hold cancel

mattymo

comment created time in 2 months

pull request commentkubernetes-sigs/kubespray

Only fix kube-proxy address on evaluating kube_master hosts

/hold remove

mattymo

comment created time in 2 months

push eventmattymo/kargo

Matthew Mosesohn

commit sha 900d1f2a732a0dd6f184a094830b3ef16a3a6c26

Only fix kube-proxy address on evaluating kube_master hosts Change-Id: I83a7101a6cd99eb531d8385de5c31aee4f474469

view details

push time in 2 months

create barnchmattymo/kargo

branch : kube_proxy_masters_only

created branch time in 2 months

PR opened kubernetes-sigs/kubespray

Make etcdctl copy command work on cri-o/containerd

This is a follow-on to https://github.com/kubernetes-sigs/kubespray/pull/5777 where etcd_kubeadm_enabled mode used to force using etcdctl from binary sources. Now it uses a Docker image, but the fix only included Docker container engine support. This adds support for cri-o and containerd.

+33 -8

0 comment

1 changed file

pr created time in 2 months

create barnchmattymo/kargo

branch : etcdctl_crio_containerd

created branch time in 2 months

pull request commentkubernetes-sigs/kubespray

Fix etcd install with docker and etcd_kubeadm_enabled

I apologize for overlooking the incompatibility with cri-o/containerd. I will write a better fix for this.

Z3r0Sum

comment created time in 2 months

create barnchmattymo/kargo

branch : fix_kubeadm_upgrade_check

created branch time in 2 months

push eventmattymo/kargo

Matthew Mosesohn

commit sha 69e5f4f74803d9e57c4cd8ec5561045d24f7e476

Enable /etc/hosts creation without ansible_default_ipv4 Change-Id: If2112b6f8314f996452d520b3307afacd40ce9bd

view details

push time in 2 months

PR opened kubernetes-sigs/kubespray

Enable /etc/hosts creation without ansible_default_ipv4

Jinja2 renders all ansible_default_ipv4 hostvar even if it doesn't need it unless it's in a separate logical construct. It should be possible to use access_ip and/or ip var to create /etc/hosts without any host facts.

+5 -2

0 comment

1 changed file

pr created time in 2 months

push eventmattymo/kargo

Matthew Mosesohn

commit sha 42cf68fa2e1db4d223e6a95f37d62d5adfca363d

Enable /etc/hosts creation without ansible_default_ipv4 Change-Id: If2112b6f8314f996452d520b3307afacd40ce9bd

view details

push time in 2 months

create barnchmattymo/kargo

branch : etcd_hosts_fix

created branch time in 2 months

pull request commentkubernetes-sigs/kubespray

Fix first etcd member exclusion in host group pattern

/lgtm /approve

EppO

comment created time in 2 months

issue commentkubernetes-sigs/kubespray

default remove etcd members correct?

Looks like you're right. This bug is confirmed.

lexxxel

comment created time in 2 months

PR merged kubernetes-sigs/kubespray

Reviewers
Add EppO to the reviewers group approved cncf-cla: yes kind/bug lgtm size/XS

<!-- Thanks for sending a pull request! Here are some tips for you:

  1. If this is your first time, please read our contributor guidelines: https://git.k8s.io/community/contributors/guide/first-contribution.md and developer guide https://git.k8s.io/community/contributors/devel/development.md
  2. Please label this pull request according to what type of issue you are addressing, especially if this is a release targeted pull request. For reference on required PR/issue labels, read here: https://git.k8s.io/community/contributors/devel/sig-release/release.md#issuepr-kind-label
  3. Ensure you have added or ran the appropriate tests for your PR: https://git.k8s.io/community/contributors/devel/sig-testing/testing.md
  4. If you want faster PR reviews, read how: https://git.k8s.io/community/contributors/guide/pull-requests.md#best-practices-for-faster-reviews
  5. Follow the instructions for writing a release note: https://git.k8s.io/community/contributors/guide/release-notes.md
  6. If the PR is unfinished, see how to mark it: https://git.k8s.io/community/contributors/guide/pull-requests.md#marking-unfinished-pull-requests -->

What type of PR is this?

Uncomment only one /kind <> line, hit enter to put that in a new line, and remove leading whitespaces from that line:

/kind api-change

/kind bug

/kind cleanup /kind design /kind documentation /kind failing-test /kind feature /kind flake

What this PR does / why we need it: Finished the process listed #5432 with kubernetes/org#1836

Which issue(s) this PR fixes: <!-- Automatically closes linked issue when PR is merged. Usage: Fixes #<issue number>, or Fixes (paste link of issue). If PR is about failing-tests or flakes, please post the related issues/tests in a comment and do not use Fixes -->

Special notes for your reviewer: Beware, breaking change! Glad to help :blush:

Does this PR introduce a user-facing change?: <!-- If no, just write "NONE" in the release-note block below. If yes, a release note is required: Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required". -->

NONE
+1 -0

5 comments

1 changed file

EppO

pr closed time in 2 months

push eventkubernetes-sigs/kubespray

Florent Monbillard

commit sha ed8c0ee95a32b08b318c79f37601f6085fe9916a

Add EppO to the reviewers group (#6034)

view details

push time in 2 months

pull request commentkubernetes-sigs/kubespray

Add EppO to the reviewers group

Welcome to the team! /lgtm /approve

EppO

comment created time in 2 months

issue commentkubernetes/org

REQUEST: New membership for Miouge1

+1 from me as well. Maxime is very much involved.

Miouge1

comment created time in 3 months

pull request commentkubernetes-sigs/kubespray

Add Molecule to Docker role

/hold cancel

aharrisson

comment created time in 3 months

Pull request review commentkubernetes-sigs/kubespray

Gather just the necessary facts

     - { role: kubespray-defaults }     - { role: bootstrap-os, tags: bootstrap-os} +- name: Gather facts+  hosts: all

People might have inventories with extra groups not related. Please limit to just our groups: k8s-cluster:etcd:calico-rr

vrlo

comment created time in 3 months

Pull request review commentkubernetes-sigs/kubespray

Gather just the necessary facts

     - { role: kubespray-defaults }     - { role: bootstrap-os, tags: bootstrap-os} +- name: Gather facts+  hosts: all+  gather_facts: False+  tasks:+    - name: Gather minimal facts+      setup:+        gather_subset: '!all'++    - name: Gather necessary facts+      setup:+        gather_subset: '!all,!min,network,hardware'+        filter: "{{ item }}"+      loop:+        - ansible_distribution_major_version

This looping will take 8x longer than just gathering all facts

vrlo

comment created time in 3 months

pull request commentkubernetes-sigs/kubespray

add gather facts on all hosts in inventory

@LuckySB Correct. For some reason the lookup in hostvars is failing for nodes without cache. That should be improved to fall back to 127.0.0.1

LuckySB

comment created time in 3 months

pull request commentkubernetes-sigs/kubespray

add gather facts on all hosts in inventory

This won't solve the related issue because you usually run scale.yml with --limit argument. As a result, you won't gather facts on all hosts here. We had previously a much worse task that used delegate_to to gather facts on all nodes. It slowed deployments tremendously and I had to remove it.

LuckySB

comment created time in 3 months

issue commentkubernetes-sigs/kubespray

Add new node using scale.yml fails

This feature always depended on having host cache on your ansible node. You can make sure the cache is populated by doing the following: add to ansible.cfg in the same dir as you run ansible:

fact_caching = jsonfile
fact_caching_connection = /tmp
fact_caching_timeout = 7200

Run ansible -i /path/to/inventory -m setup all

kiuka

comment created time in 3 months

more