Matthew Mosesohn
07cc981971
refactor vault role ( #2733 )
...
* Move front-proxy-client certs back to kube mount
We want the same CA for all k8s certs
* Refactor vault to use a third party module
The module adds idempotency and reduces some of the repetitive
logic in the vault role
Requires ansible-modules-hashivault on ansible node and hvac
on the vault hosts themselves
Add upgrade test scenario
Remove bootstrap-os tags from tasks
* fix upgrade issues
* improve unseal logic
* specify ca and fix etcd check
* Fix initialization check
bump machine size
2018-05-11 19:11:38 +03:00
Andreas Krüger
d73d60c9b0
Merge pull request #2600 from maximegaillard/master
...
Add Openstack tenant name
2018-05-08 12:03:01 +02:00
Andreas Krüger
28d6eb6af1
Merge pull request #2644 from cp3hu/master
...
Fix apiserver manifest and kubelet for kube version < 1.9
2018-05-08 09:22:36 +02:00
Chad Swenson
595e96ebf1
Merge pull request #2693 from romaindequidt/sync-certs-tasks-fix
...
sync certs tasks (fix #2596 #2667 )
2018-05-02 12:17:23 -05:00
Maxime Gaillard
00db751646
Add Openstack tenant name
2018-05-01 09:21:37 +02:00
Tomasz Majchrowski
59789ae02a
ISSUE-2706: Provide consistent usage of supplementary_addresses_in_ssl_keys across vault and script mode ( #2707 )
2018-04-30 14:48:17 +03:00
Andreas Krüger
03de4c0806
Merge pull request #2695 from suzutan/add-oidc-prefix-args
...
Add oidc-user-prefix and oidc-group-prefix args
2018-04-30 09:17:02 +02:00
mirwan
06cdb260f6
labelvalue must be formatted to handle non string values ( #2722 )
2018-04-29 19:02:14 +03:00
mirwan
c3c5817af6
sysctl file should be in defaults so that it can be overriden ( #2475 )
...
* sysctl file should be in defaults so that it can be overriden
* Change sysctl_file_path to be consistent with roles/kubernetes/preinstall/defaults/main.yml
2018-04-27 18:50:58 +03:00
Markos Chandras
9168c71359
Revert "Revert "Add openSUSE support" ( #2697 )" ( #2699 )
...
This reverts commit 51f4e6585a
.
2018-04-26 12:52:06 +03:00
Matthew Mosesohn
1a14f1ecc1
Fix vol format for local volume provisioner in rkt ( #2698 )
2018-04-24 20:32:08 +03:00
Matthew Mosesohn
51f4e6585a
Revert "Add openSUSE support" ( #2697 )
2018-04-23 14:28:24 +03:00
Suzuka Asagiri
f81e6d2ccf
Add oidc-user-prefix and oidc-group-prefix args
2018-04-23 12:23:59 +09:00
Romain DEQUIDT
80dd230a65
sync certs tasks ( fix #2596 #2667 )
2018-04-22 10:00:31 +02:00
Paul Montero
75950344fb
run_once pre_upgrade tasks which are executing in localhost
2018-04-19 11:38:13 -05:00
Matthew Mosesohn
f73717ea35
Mount local volume provisioner dirs for containerized kubelet ( #2648 )
2018-04-12 22:55:13 +03:00
Aivars Sterns
1967963702
Merge pull request #2380 from hwoarang/add-opensuse-support
...
Add openSUSE support
2018-04-12 20:28:50 +03:00
Chad Swenson
d87b6fd9f3
Use dedicated front-proxy-ca for front-proxy-client
2018-04-12 11:03:22 -05:00
Chad Swenson
a6a47dbc96
Merge pull request #2617 from bradbeam/savaultcert
...
Adding missing service-account certificate for vault
2018-04-12 11:02:24 -05:00
Aivars Sterns
298c6cb790
Merge pull request #2633 from grebois/patch-3
...
Enabling MutatingAdmissionWebhook for Istio Automatic sidecar injection
2018-04-12 11:53:58 +03:00
Markos Chandras
d07f75b389
roles: kubernetes: secrets: Add SUSE support
...
Add path for certificate location for SUSE distributions. Also make sure
the 'update-ca-certificates' command is executed on SUSE hosts as well.
2018-04-11 20:55:02 +01:00
Nirmoy Das
45eac53ec7
roles: kubernetes: preinstall: Install openssl-1.1.0 on Tumbleweed
...
The openssl package on Tumbleweed is actually a virtual package covering
openssl-1.0.0 and openssl-1.1.0 implementations. It defaults to 1.1.0 so
when trying to install it and openssl-1.0.0 is installed, zypper fails
with conflicts. As such, lets explicitly pull the package that we need
which also updates the virtual one.
Co-authored-by: Markos Chandras <mchandras@suse.de>
2018-04-11 17:46:14 +01:00
Markos Chandras
e42203a13e
roles: kubernetes: preinstall: Add SUSE support
...
Add support for installing package dependencies and refreshing metadata
on SUSE distributions
Co-authored-by: Nirmoy Das <ndas@suse.de>
2018-04-11 17:46:14 +01:00
Christian Phu
3535c29e59
Fix apiserver manifest for kube version < 1.9
2018-04-10 18:17:56 +02:00
Marcelo Grebois
88765f62e6
Updating order
...
https://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use
2018-04-10 17:17:39 +02:00
Robin Skahjem-Eriksen
0f35e17e23
Fix new envvar for setting openstack_tenant_id ( #2641 )
...
Changed from OS_PROJECT_ID to OS_PROJECT_NAME.
2018-04-10 17:23:31 +03:00
Brad Beam
77b3f9bb97
Removing default for volume-plugins mountpoint ( #2618 )
...
All checks test if this is defined meaning there is no way to undefine it.
2018-04-10 17:19:25 +03:00
Matthew Mosesohn
45f15bf753
Revert "Fix new envvar for setting openstack_tenant_id" ( #2640 )
2018-04-10 14:37:24 +03:00
Aivars Sterns
913cc5a9af
Merge pull request #2639 from ironhouzi/openstack_tenant_id_fix
...
Fix new envvar for setting openstack_tenant_id
2018-04-10 14:35:28 +03:00
Aivars Sterns
a46acfcdd8
Merge pull request #2627 from mattymo/no_more_do_do
...
Remove jinja2 dependency of do
2018-04-10 14:32:29 +03:00
Robin Skahjem-Eriksen
0c0f6b755d
Fix new envvar for setting openstack_tenant_id
...
Changed from OS_PROJECT_ID to OS_PROJECT_NAME.
2018-04-10 13:30:48 +02:00
Marcelo Grebois
4c12b273ac
Enabling MutatingAdmissionWebhook for Istio Automatic sidecar injection
...
https://istio.io/docs/setup/kubernetes/sidecar-injection.html#automatic-sidecar-injection
2018-04-09 12:49:05 +02:00
Atoms
b68854f79d
fix kubectl download location and kubectl.sh helper owner/group remove
2018-04-09 13:19:26 +03:00
Matthew Mosesohn
f954bc0a5a
Remove jinja2 dependency of do
...
While `do` looks cleaner, forcing this extra option in ansible.cfg
seems to be more invasive. It would be better to keep the traditional
approach of `set dummy = ` instead.
2018-04-09 12:27:53 +03:00
Brad Beam
dfc46f02d7
Adding missing service-account certificate for vault
...
Missed in #2554
2018-04-06 15:29:52 -05:00
Daniel Hoherd
ca40d51bc6
Fix typos (no logic changes)
2018-04-05 15:54:58 -07:00
Chen Hong
973e7372b4
content: |
2018-04-04 23:05:27 +08:00
Chen Hong
b54e091886
Persist ip_vs modules
2018-04-04 18:18:51 +08:00
Andreas Krüger
2511e14289
Merge pull request #2346 from Miouge1/kube-scheduler-mode
...
Use legacy policy config to apply the scheduler policy
2018-04-04 10:20:51 +02:00
georgejdli
76bb5f8d75
check if dedicated service account token signing key exists
2018-04-02 10:57:24 -05:00
Andreas Krüger
ba24fe3226
Merge pull request #2570 from avoidik/transfer-cloud-configs
...
Move cloud config configurations to proper location
2018-04-02 10:31:38 +02:00
Matthew Mosesohn
3004791c64
Add pre-upgrade task for moving credentials file ( #2394 )
...
* Add pre-upgrade task for moving credentials file
This reverts commit 7ef9f4dfdd
.
* add python interpreter workaround for localhost
2018-04-02 11:19:23 +03:00
Wong Hoi Sing Edison
5fe144aa0f
ingress-nginx: container download related things should defined in the download role
2018-04-01 00:22:33 +08:00
Andreas Krüger
5b0da4279f
Merge pull request #2543 from hswong3i/cert-manager-0.2.3
...
Integrate jetstack/cert-manager 0.2.3 to Kubespray
2018-03-31 18:15:25 +02:00
Andreas Krüger
1ac978b8fa
Merge pull request #2567 from mirwan/node_labels_doc_plus_kube_ingress_handling
...
node_labels documentation and kube-ingress label definition as role_node_label
2018-03-31 18:05:52 +02:00
Wong Hoi Sing Edison
195d6d791a
Integrate jetstack/cert-manager 0.2.3 to Kubespray
2018-03-31 19:29:11 +08:00
avoidik
aa301c31d1
Move credential checks into proper folder
2018-03-31 13:29:00 +03:00
Andreas Krüger
d9418b1dc4
Merge pull request #2554 from georgejdli/fix-sa-token-signing
...
Fix kubespray's ServiceAccount token signing keys
2018-03-31 09:59:22 +02:00
avoidik
15efdf0c16
Move credential checks
2018-03-31 03:26:37 +03:00
avoidik
ab8760cc83
Move credentials pre-check
2018-03-31 03:24:57 +03:00