C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
3446 commits 17 branches 66 tags 141 MiB
Commit graph

332 commits

Author SHA1 Message Date
rongzhang 2609ec0dc3 Fix copy etcd-ssl-ca failed 2018-08-31 15:06:03 +08:00
rongzhang 16fc22a207 Fix ipvs by kubeadm v1alpha1 2018-08-30 23:04:57 +08:00
k8s-ci-robot d9ea937493
Merge pull request #3187 from mirwan/kubeadm-config_syntax 
Fix kubeadm-config for audit-log-path and feature-gates
 2018-08-30 06:55:43 -07:00
rongzhang 35e5adaf0a Fix kubeadm v1alpha1 configure 2018-08-30 17:44:00 +08:00
k8s-ci-robot 4feb62f6bf
Merge pull request #3193 from riverzhang/fix-lb-kubeadm 
Fix kubeadm lb
 2018-08-29 04:22:40 -07:00
rongzhang 9eade647e6 Fix kubeadm lb 2018-08-29 18:29:24 +08:00
Erwan Miran 52ab54eeea Fix missing quotes for audit-log-path and wrong placement of feature-gates 2018-08-28 09:05:57 +02:00
Takashi Okamoto d407a590a6 container_manager variable to specify runtime. 2018-08-28 06:23:38 +00:00
Takashi Okamoto 5eb805f098 Change timeout for kubeadm 600s. 
* kubeadm timeout is too short and it may interrupt by timeout.
 2018-08-28 04:51:38 +00:00
Takashi Okamoto 236f066635 kubeadm cri-o support. 2018-08-28 02:24:45 +00:00
Takashi Okamoto 359009bb05 Download etcd and hyperkube binary. 2018-08-28 01:24:26 +00:00
Takashi Okamoto bdbfa4d403 Add ipvs support for kubeadm 1.10 or later. 2018-08-28 01:24:26 +00:00
Takashi Okamoto 6849788ebc Fix copy ca cert and ca key for kubeadm. 2018-08-28 01:24:25 +00:00
Takashi Okamoto ac639b2a17 Change kubeadm config to run etcd by kubeadm. 2018-08-28 01:24:25 +00:00
k8s-ci-robot f97515352b
Merge pull request #3161 from nutellinoit/kube_proxy_nodeport_addresses 
--nodeport-addresses added on kube-proxy.manifest.j2 and on k8s-cluster.yml
 2018-08-25 02:00:19 -07:00
Samuele Chiocca cb8be37f72 fix on v1alpha1 2018-08-24 11:19:06 +02:00
Samuele Chiocca e5dd4e1e70 added on v1alpha1 2018-08-24 10:59:06 +02:00
Antoine Legrand 4882531c29
Merge pull request #3115 from oracle/oracle_oci_controller 
Cloud provider support for OCI (Oracle Cloud Infrastructure)
 2018-08-23 18:22:45 +02:00
Rong Zhang f453567cce
Merge pull request #3144 from riverzhang/fix-audit-log 
Fix install audit failed
 2018-08-23 14:41:37 +08:00
rongzhang 5a4352657d Fix install audit failed 
1.fix audit log not write
2.fix Parameter not recognized
3.delete kubedm futuregates auditing and use apiServerExtraArgs
 2018-08-23 01:47:15 +08:00
Samuele Chiocca f13bc796d9 added nodePortAddresses on kubeadm conf v1alpha2 (not present on v1alpha1) 2018-08-22 18:43:03 +02:00
Erwan Miran 80cfeea957 psp, roles and rbs for PodSecurityPolicy when podsecuritypolicy_enabled is true 2018-08-22 18:16:13 +02:00
Jeff Bornemann 94df70be98 Cloud provider support for OCI (Oracle Cloud Infrastructure) 
Signed-off-by: Jeff Bornemann <jeff.bornemann@oracle.com>
 2018-08-21 17:36:42 -04:00
Andreas Krüger 497db69c9f
Merge pull request #3130 from riverzhang/add-control-plane 
Add kubeadm controlplaneEndpoint
 2018-08-20 10:43:50 +02:00
Andreas Krüger c7de737551
Merge pull request #3133 from mirwan/auditlog_to_stdout_w_kubeadm 
Audit log to stdout with kubeadm
 2018-08-20 10:43:22 +02:00
Erwan Miran fc38b6d0ca Ability to define custom audit polcy rules 2018-08-20 07:04:56 +02:00
Erwan Miran c34900e569 Define apiserver flags directly instead of relying on auditPolicy section in order to have the ability to redirect audit log to stdout with kubeadm 2018-08-20 07:00:53 +02:00
rongzhang 59176ebbb9 Add kubeadm controlplaneEndpoint 
Nginx LB(default)
Other LB by kubeadm controlplane
 2018-08-20 00:57:13 +08:00
Erwan Miran 54548d3b95 kubeadm mounts the hostpaths itself 2018-08-16 13:17:30 +02:00
Erwan Miran 58d4d65fab minor variable fix and reuse + handle auditlog redirected to stdout 2018-08-16 12:51:09 +02:00
rongzhang 2ffc1afe40 Support audit 2018-08-16 14:38:07 +08:00
Rong Zhang a11e1eba9e Upgrade kubernetes to V1.11.x (#3078) 
Upgrade Kubernetes to V1.11.2
The kubeadm configuration file version has been upgraded from v1alpha1 to v1alpha2
Add bootstrap kubeadm-config.yaml with external etcd
 2018-08-14 15:13:44 +03:00
Robert Everson 4eadf3228e Only add admission plugins if defined 2018-08-07 11:25:03 -07:00
Robert Everson 99c5aa5a02 Use k8s default plugin list 2018-08-07 11:25:03 -07:00
Robert Everson 6ed65d762b Separate out plugins into 2 variables 2018-08-07 11:25:03 -07:00
Robert Everson ac18f6cf8b Add support for admission controllers in 1.10 and above 2018-08-07 11:25:03 -07:00
Rong Zhang c288ffc55d
Merge pull request #2342 from southquist/add-ca-cert 
allow for setting the cacert on openstack cloud provider
 2018-08-07 17:46:01 +08:00
Aivars Sterns 72f053d9bb
Merge pull request #2972 from mattymo/force_cni_cp 
Force copy cni files
 2018-07-10 09:40:10 +03:00
Dao Hoang Son d306c9708c Remove step that force disable kube_basic_auth. 
The referenced issue (https://github.com/kubernetes/kubeadm/issues/441) has already been fixed.
 2018-07-08 16:57:43 +07:00
Matthew Mosesohn 1a3b9dd864 Force copy cni files 2018-07-06 16:39:42 +03:00
Miouge1 2a279e30b0 CheckNodePIDPressure is not supported in v1.10 2018-06-28 20:10:38 +02:00
southquist c685dc493f allow for setting the cacert on openstack cloud provider 2018-06-28 16:00:13 +02:00
Andreas Krüger cbb959151c
Merge pull request #2737 from Miouge1/update-scheduler 
Update kube-scheduler policy
 2018-06-19 14:53:22 +02:00
Matthew Mosesohn 61e97251a5 Improve variable handling for disabling etcd events cluster 2018-06-18 16:58:29 +03:00
Andreas Krüger e60a63ea51
Merge pull request #2577 from woopstar/etcd-fix-4 
Makeover of etcd- and etcd-cluster setup.
 2018-05-16 20:49:54 +02:00
Matthew Mosesohn 7c93e71801
Upgrade k8s to 1.10.2 (#2748) 
* Upgrade k8s to 1.10.2

Bumped etcd version to 3.2.16 as recommended

* Add ipvs fix for v1.10

* change flannel addons test to ha
 2018-05-15 16:00:29 +03:00
Christopher J. Ruwe 73800ef111 make certificates non-executable 2018-05-15 07:54:32 +00:00
Miouge1 ad48606e4e Restart scheduler when policy changes 2018-05-14 10:09:30 +02:00
Matthew Mosesohn 07cc981971
refactor vault role (#2733) 
* Move front-proxy-client certs back to kube mount

We want the same CA for all k8s certs

* Refactor vault to use a third party module

The module adds idempotency and reduces some of the repetitive
logic in the vault role

Requires ansible-modules-hashivault on ansible node and hvac
on the vault hosts themselves

Add upgrade test scenario
Remove bootstrap-os tags from tasks

* fix upgrade issues

* improve unseal logic

* specify ca and fix etcd check

* Fix initialization check

bump machine size
 2018-05-11 19:11:38 +03:00
Andreas Krüger 28d6eb6af1
Merge pull request #2644 from cp3hu/master 
Fix apiserver manifest and kubelet for kube version < 1.9
 2018-05-08 09:22:36 +02:00