C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
1841 commits 17 branches 66 tags 141 MiB
Commit graph

1841 commits

This branch
This branch
All branches
Author SHA1 Message Date
Raj Perera
27a10c9623 Whitespace fixes 2017-06-20 13:44:14 -04:00
Raj Perera
33de4def2f Add note about auth modes 2017-06-20 13:31:44 -04:00
Raj Perera
41298ccea5 Reverted leftover tasks from cert rotation functionality. 2017-06-20 13:29:31 -04:00
Raj Perera
d2131a8652 Merge branch 'rbac-kp' into rbac-script-cert 2017-06-20 00:54:43 -04:00
Raj Perera
e58d06ddd1 Remove cert rotation code. Remove disclaimer for supported auth methods. 2017-06-20 00:49:33 -04:00
jwfang
ba41d3ee55 kube-proxy use kubeconfig on kube-master 2017-06-20 10:54:02 +08:00
Raj Perera
4e95788e17 Make rotate_kubernetes_certs default to false 2017-06-19 13:20:25 -04:00
Raj Perera
cd143109fc Merge branch 'rbac-kp' into rbac-script-cert 
# Conflicts:
#	roles/kubernetes-apps/ansible/tasks/main.yml
 2017-06-19 12:12:45 -04:00
Raj Perera
eb91eab39a Extract kubectl commands to resource yaml files and use kube module 2017-06-19 11:00:26 -04:00
Raj Perera
839b7d4a0f Update docs. 2017-06-19 10:29:03 -04:00
Raj Perera
e663c6b61a Address PR feedback. 
* Consolidate variable definitions to `kargo-defaults`.
* Set `AlwaysAllow` as the default authorization mode.
* Ability to set multiple authorization modes.
* Various style fixes and typos
 2017-06-19 10:24:56 -04:00
jwfang
c4fbf41220 replace insecure port with secure port for apiserver_endpoint on kube-masters 2017-06-19 14:01:35 +08:00
jwfang
36e3aae615 patch system:kube-dns clusterrole for get 2017-06-17 19:53:29 +08:00
jwfang
20cacc09ba fix rename 2017-06-17 16:22:58 +08:00
Raj Perera
b800f7bb07 Use kubectl patch 2017-06-16 12:29:13 -04:00
Raj Perera
9924a33d6f Replace static references to system namespace 2017-06-16 11:21:59 -04:00
Raj Perera
992a974b1e Merge branch 'rbac-kp' into rbac-script-cert 
# Conflicts:
#	roles/kubernetes-apps/ansible/tasks/main.yml
#	roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml
#	roles/kubernetes-apps/ansible/templates/kubedns-sa.yml
#	roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
#	roles/kubernetes/secrets/files/make-ssl.sh
 2017-06-16 11:11:12 -04:00
Raj Perera
0dc38ff9b3 Basic RBAC functionality. (Based from work done by @jwfang (#1351)) 
* Add a flag "authorization_method", when set to "RBAC" enables role based access control.
* Add required cluster roles and bindings for kube-dns
* Patch tiller deployment to use a service account with proper credentials.
* Add a flag to regenerate kubernetes certs on the nodes.
 2017-06-16 10:28:23 -04:00
jwfang
7c2816ba73 add label for kube-dns sa 2017-06-16 20:08:19 +08:00
jwfang
acbdfb08ce run kubedns as system:serviceaccount:kube-system:kube-dns; but dns does NOT work 2017-06-16 18:54:18 +08:00
jwfang
765a5ce1ab node identified as system:node:<node-name> 2017-06-16 17:15:37 +08:00
jwfang
0ee229488e certs for system:kube-controller-manager system:kube-scheduler 2017-06-16 14:21:21 +08:00
jwfang
8b58394d8c seperate kube-proxy certs for each node 2017-06-15 19:20:58 +08:00
jwfang
f3a4c31e66 add kube-node to system:nodes group, add system:kube-proxy cert for kube-proxy 2017-06-15 18:15:52 +08:00
Brad Beam
b73786c6d5 Merge pull request #1335 from bradbeam/imagerepo 
Set default value for kube_hyperkube_image_repo
 2017-06-12 09:46:17 -05:00
Brad Beam
eacc42fedd Merge pull request #1240 from bradbeam/vaultfixup 
Fixing up vault variables
 2017-06-08 22:33:03 -05:00
Brad Beam
db3e8edacd Fixing up vault variables 2017-06-08 16:15:33 -05:00
Brad Beam
6e41634295 Set default value for kube_hyperkube_image_repo 
Fixes #1334
 2017-06-08 12:22:16 -05:00
Spencer Smith
ef3c2d86d3 Merge pull request #1327 from rsmitty/coreos-testing-update 
use latest coreos-stable for testing to avoid upgrades during deployment
 2017-06-07 16:31:23 -07:00
Brad Beam
780308c194 Merge pull request #1174 from jlothian/atomic-docker-restart 
Fix docker restart in atomic
 2017-06-07 12:05:32 -05:00
Brad Beam
696fd690ae Merge pull request #1092 from bradbeam/rkt_docker 
Adding flag for docker container in kubelet w/ rkt
 2017-06-06 12:58:40 -05:00
Spencer Smith
d323501c7f Merge pull request #1328 from kevinjqiu/coreos-vagrant 
Support provisioning vagrant k8s clusters with coreos
 2017-06-05 14:30:49 -07:00
Kevin Jing Qiu
66d8b2c18a Specify coreos vagrant box url 2017-06-04 11:31:39 -04:00
Kevin Jing Qiu
6d8a415b4d Update doc on Vagrant local override file 2017-06-02 20:09:37 -04:00
Kevin Jing Qiu
dad268a686 Add default ssh user for different OSes 2017-06-02 19:51:09 -04:00
Kevin Jing Qiu
e7acc2fddf Update doc for Vagrant install 2017-06-02 19:03:43 -04:00
Kevin Jing Qiu
6fb17a813c Support provisioning vagrant k8s clusters with coreos 2017-06-02 18:53:47 -04:00
Spencer Smith
11ede9f872 use latest coreos-stable for testing to avoid upgrades during deployment 2017-06-02 12:24:54 -04:00
Spencer Smith
6ac1c1c886 Merge pull request #1320 from rsmitty/centos-cert-fix 
check if cloud_provider is defined
 2017-05-31 11:54:15 -04:00
Spencer Smith
01c0ab4f06 check if cloud_provider is defined 2017-05-31 08:24:24 -04:00
Spencer Smith
7713f35326 Merge pull request #1317 from mtsr/versionlock 
Adds note on versionlock to README
 2017-05-30 14:37:21 -04:00
Spencer Smith
7220b09ff9 Merge pull request #1315 from rsmitty/hostnames-upgrade 
Resolve upgrade issues
 2017-05-30 11:40:19 -04:00
Spencer Smith
b7298ef51a Merge pull request #1313 from rsmitty/centos-cert-path 
add direct path for cert in AWS with RHEL family
 2017-05-30 11:37:37 -04:00
Jonas Matser
9b18c073b6 Adds note on versionlock to README 
Note to users that auto-updates break clusters that don't lock the docker version somehow.
 2017-05-28 20:55:44 +02:00
Spencer Smith
dd89e705f2 don't uncordon masters 2017-05-26 17:48:56 -04:00
Spencer Smith
56b86bbfca inventory hostname for cordoning/uncordoning 2017-05-26 17:47:25 -04:00
Spencer Smith
7e2aafcc76 add direct path for cert in AWS with RHEL family 2017-05-26 17:32:50 -04:00
Spencer Smith
11c774b04f Merge pull request #1306 from rsmitty/scale-up 
add scale.yml to do minimum needed for a node bootstrap
 2017-05-25 18:51:09 -04:00
Spencer Smith
6ba926381b Merge pull request #1309 from jhunthrop/router-peering 
adding --skip-exists flag for peer_with_router
 2017-05-25 18:50:54 -04:00
Justin Hunthrop
af55e179c7 adding --skip-exists flag for peer_with_router 2017-05-25 14:29:18 -05:00