C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
2172 commits 17 branches 66 tags 141 MiB
Commit graph

1291 commits

Author SHA1 Message Date
Matthew Mosesohn
10dd049912 Revert "Security fixes for etcd (#1778)" (#1786) 
This reverts commit 4209f1cbfd.
 2017-10-12 14:02:51 +01:00
Matthew Mosesohn
4209f1cbfd Security fixes for etcd (#1778) 
* Security fixes for etcd

* Use certs when querying etcd
 2017-10-12 13:32:54 +01:00
Matthew Mosesohn
ee83e874a8 Clear admin kubeconfig when rotating certs (#1772) 
* Clear admin kubeconfig when rotating certs

* Update main.yml
 2017-10-12 09:55:46 +01:00
Vijay Katam
27ed73e3e3 Rename dns_server, add var for selinux. (#1572) 
* Rename dns_server to dnsmasq_dns_server so that it includes role prefix
as the var name is generic and conflicts when integrating with existing ansible automation.
*  Enable selinux state to be configurable with new var preinstall_selinux_state
 2017-10-11 20:40:21 +01:00
Aivars Sterns
e41c0532e3 add possibility to disable fail with swap (#1773) 2017-10-11 19:49:31 +01:00
Matthew Mosesohn
eeb7274d65 Adjust memory reservation for master nodes (#1769) 2017-10-11 19:47:42 +01:00
Matthew Mosesohn
eb0dcf6063 Improve proxy (#1771) 
* Set no_proxy to all local ips

* Use proxy settings on all necessary tasks
 2017-10-11 19:47:27 +01:00
Matthew Mosesohn
83be0735cd Fix setting etcd client cert serial (#1775) 2017-10-11 19:47:11 +01:00
Matthew Mosesohn
fe4ba51d1a Set node IP correctly (#1770) 
Fixes #1741
 2017-10-11 15:28:42 +01:00
Hyunsun Moon
adf575b75e Set default value for disable_shared_pid (#1710) 
PID namespace sharing is disabled only in Kubernetes 1.7.
Explicitily enabling it by default could help reduce unexpected
results when upgrading to or downgrading from 1.7.
 2017-10-11 14:55:51 +01:00
Spencer Smith
e5426f74a8 Merge pull request #1762 from manics/bindir-helm 
Include bin_dir when patching helm tiller with kubectl
 2017-10-10 10:40:47 -04:00
Spencer Smith
f5212d3b79 Merge pull request #1752 from pmontanari/patch-1 
Force synchronize to use ssh_args so it works when using bastion
 2017-10-10 10:40:01 -04:00
Spencer Smith
3d09c4be75 Merge pull request #1756 from kubernetes-incubator/fix_bool_assert 
Fix bool check assert
 2017-10-10 10:38:53 -04:00
Spencer Smith
f2db15873d Merge pull request #1754 from ArchiFleKs/rkt-kubelet-fix 
add hosts to rkt kubelet
 2017-10-10 10:37:36 -04:00
ArchiFleKs
7c663de6c9 add /etc/hosts volume to rkt templates 2017-10-09 16:41:51 +02:00
Simon Li
c14bbcdbf2 Include bin_dir when patching helm tiller with kubectl 2017-10-09 15:17:52 +01:00
ant31
1be4c1935a Fix bool check assert 2017-10-06 17:02:38 +00:00
pmontanari
764b1aa5f8 Force synchronize to use ssh_args so it works when using bastion 
In case ssh.config is set to use bastion, synchronize needs to use it too.
 2017-10-06 00:21:54 +02:00
Spencer Smith
d13b07ba59 Merge pull request #1751 from bradbeam/calicoprometheus 
Adding calico/node env vars for prometheus configuration
 2017-10-05 17:29:12 -04:00
Brad Beam
55dfae2a52 Followup fix for CVE-2017-14491 2017-10-05 11:31:04 -05:00
Brad Beam
b81c0d869c Adding calico/node env vars for prometheus configuration 2017-10-05 08:46:01 -05:00
Matthew Mosesohn
f14f04c5ea Upgrade to kubernetes v1.8.0 (#1730) 
* Upgrade to kubernetes v1.8.0

hyperkube no longer contains rsync, so now use cp

* Enable node authorization mode

* change kube-proxy cert group name
 2017-10-05 10:51:21 +01:00
Aivars Sterns
9c86da1403 Normalize tags in all places to prepare for tag fixing in future (#1739) 2017-10-05 08:43:04 +01:00
Spencer Smith
cb611b5ed0 Merge pull request #1742 from mattymo/facts_as_vars 
Move set_facts to kubespray-defaults defaults
 2017-10-04 15:46:39 -04:00
Spencer Smith
ab171a1d6d don't delegate cert slurp 2017-10-04 13:06:51 -04:00
Matthew Mosesohn
a56738324a Move set_facts to kubespray-defaults defaults 
These facts can be generated in defaults with a performance
boost.

Also cleaned up duplicate etcd var names.
 2017-10-04 14:02:47 +01:00
Matthew Mosesohn
e42cb43ca5 add bootstrap for debian (#1726) 2017-10-03 08:30:45 +01:00
Brad Beam
ca541c7e4a Ensuring vault service is stopped in reset tasks (#1736) 2017-10-03 08:30:28 +01:00
Brad Beam
96e14424f0 Adding kubedns update for CVE-2017-14491 (#1735) 2017-10-03 08:30:14 +01:00
Matthew Mosesohn
dae9f6d3c2 Test if tokens are expired from host instead of inside container (#1727) 
* Test if tokens are expired from host instead of inside container

* Update main.yml
 2017-10-02 13:14:50 +01:00
Julian Poschmann
8e1210f96e Fix cluster-network w/ prefix > 25 not possible with CNI (#1713) 2017-10-01 10:43:00 +01:00
Brad Beam
1b9a6d7ad8 Merge pull request #1672 from manics/bastion-proxycommand-newline 
Insert a newline in bastion ssh config after ProxyCommand conditional
 2017-09-29 11:37:47 -05:00
Peter Slijkhuis
371fa51e82 Make installation of EPEL optional (#1721) 2017-09-29 13:44:29 +01:00
Matthew Mosesohn
a55675acf8 Enable RBAC with kubeadm always (#1711) 2017-09-29 09:18:24 +01:00
Matthew Mosesohn
25dd3d476a Fix error for azure+calico assert (#1717) 
Fixes #1716
 2017-09-29 08:17:18 +01:00
Matthew Mosesohn
3ff5f40bdb fix graceful upgrade (#1704) 
Fix system namespace creation
Only rotate tokens when necessary
 2017-09-27 14:49:20 +01:00
Matthew Mosesohn
689ded0413 Enable kubeadm upgrades to any version (#1709) 2017-09-27 14:48:18 +01:00
Matthew Mosesohn
327ed157ef Verify valid settings before deploy (#1705) 
Also fix yaml lint issues

Fixes #1703
 2017-09-27 14:47:47 +01:00
tanshanshan
477afa8711 when and run_once are reduplicative (#1694) 2017-09-26 14:48:05 +01:00
Matthew Mosesohn
bd272e0b3c Upgrade to kubeadm (#1667) 
* Enable upgrade to kubeadm

* fix kubedns upgrade

* try upgrade route

* use init/upgrade strategy for kubeadm and ignore kubedns svc

* Use bin_dir for kubeadm

* delete more secrets

* fix waiting for terminating pods

* Manually enforce kube-proxy for kubeadm deploy

* remove proxy. update to kubeadm 1.8.0rc1
 2017-09-26 10:38:58 +01:00
Brad Beam
14c232e3c4 Merge pull request #1663 from foxyriver/fix-shell 
use command module instead of shell module
 2017-09-25 13:24:45 -05:00
Brad Beam
57f5fb1f4f Merge pull request #1661 from neith00/master 
upgrading from weave version 2.0.1 to 2.0.4
 2017-09-25 13:23:57 -05:00
Bogdan Dobrelya
bcddfb786d Merge pull request #1692 from mattymo/old-etcd-logic 
drop unused etcd logic
 2017-09-25 17:44:33 +02:00
Martin Uddén
20db1738fa feature: install project atomic CSS on RedHat family (#1499) 
* feature: install project atomic CSS on RedHat family

* missing patch for this feature

* sub-role refactor

* Yamllint fix
 2017-09-25 12:29:17 +01:00
Hassan Zamani
b23d81f825 Add etcd_blkio_weight var (#1690) 2017-09-25 12:20:24 +01:00
Matthew Mosesohn
a1cde03b20 Correct master manifest cleanup logic (#1693) 
Fixes #1666
 2017-09-25 12:19:04 +01:00
Bogdan Dobrelya
cfce23950a Merge pull request #1687 from jistr/cgroup-driver-kubeadm 
Set correct kubelet cgroup-driver also for kubeadm deployments
 2017-09-25 11:16:40 +02:00
Deni Bertovic
64740249ab Adds tags for asserts (#1639) 2017-09-25 08:41:03 +01:00
Matthew Mosesohn
126f42de06 drop unused etcd logic 
Fixes #1660
 2017-09-25 07:52:55 +01:00
Matthew Mosesohn
d94e3a81eb Use api lookup for kubelet hostname when using cloudprovider (#1686) 
The value cannot be determined properly via local facts, so
checking k8s api is the most reliable way to look up what hostname
is used when using a cloudprovider.
 2017-09-24 09:22:15 +01:00