C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
2179 commits 17 branches 66 tags 141 MiB
Commit graph

1297 commits

Author SHA1 Message Date
abelgana 2972bceb90 Changre raw execution to use yum module (#1785) 
* Changre raw execution to use yum module

Changed raw exection to use yum module provided by Ansible.

* Replace ansible_ssh_* by ansible_*

Ansible 2.0 has deprecated the “ssh” from ansible_ssh_user, ansible_ssh_host, and ansible_ssh_port to become ansible_user, ansible_host, and ansible_port. If you are using a version of Ansible prior to 2.0, you should continue using the older style variables (ansible_ssh_*). These shorter variables are ignored, without warning, in older versions of Ansible.

I am not sure about the broader impact of this change. But I have seen on the requirements the version required is ansible>=2.4.0.

http://docs.ansible.com/ansible/latest/intro_inventory.html
 2017-10-14 09:52:40 +01:00
刘旭 cb0a60a0fe calico v2.5.0 should use calico/routereflector:v0.4.0 (#1792) 2017-10-14 09:51:48 +01:00
Matthew Mosesohn 3ee91e15ff Use commas in no_proxy (#1782) 2017-10-13 15:43:10 +01:00
Matthew Mosesohn ef47a73382 Add new addon Istio (#1744) 
* add istio addon

* add addons to a ci job
 2017-10-13 15:42:54 +01:00
Matthew Mosesohn dc515e5ac5 Remove kernel-upgrade role (#1798) 
This role only support Red Hat type distros and is not maintained
or used by many users. It should be removed because it creates
feature disparity between supported OSes and is not maintained.
 2017-10-13 15:36:21 +01:00
Julian Poschmann 56763d4288 Persist br_netfilter module loading (#1760) 2017-10-13 10:50:29 +01:00
Matthew Mosesohn 10dd049912 Revert "Security fixes for etcd (#1778)" (#1786) 
This reverts commit 4209f1cbfd.
 2017-10-12 14:02:51 +01:00
Matthew Mosesohn 4209f1cbfd Security fixes for etcd (#1778) 
* Security fixes for etcd

* Use certs when querying etcd
 2017-10-12 13:32:54 +01:00
Matthew Mosesohn ee83e874a8 Clear admin kubeconfig when rotating certs (#1772) 
* Clear admin kubeconfig when rotating certs

* Update main.yml
 2017-10-12 09:55:46 +01:00
Vijay Katam 27ed73e3e3 Rename dns_server, add var for selinux. (#1572) 
* Rename dns_server to dnsmasq_dns_server so that it includes role prefix
as the var name is generic and conflicts when integrating with existing ansible automation.
*  Enable selinux state to be configurable with new var preinstall_selinux_state
 2017-10-11 20:40:21 +01:00
Aivars Sterns e41c0532e3 add possibility to disable fail with swap (#1773) 2017-10-11 19:49:31 +01:00
Matthew Mosesohn eeb7274d65 Adjust memory reservation for master nodes (#1769) 2017-10-11 19:47:42 +01:00
Matthew Mosesohn eb0dcf6063 Improve proxy (#1771) 
* Set no_proxy to all local ips

* Use proxy settings on all necessary tasks
 2017-10-11 19:47:27 +01:00
Matthew Mosesohn 83be0735cd Fix setting etcd client cert serial (#1775) 2017-10-11 19:47:11 +01:00
Matthew Mosesohn fe4ba51d1a Set node IP correctly (#1770) 
Fixes #1741
 2017-10-11 15:28:42 +01:00
Hyunsun Moon adf575b75e Set default value for disable_shared_pid (#1710) 
PID namespace sharing is disabled only in Kubernetes 1.7.
Explicitily enabling it by default could help reduce unexpected
results when upgrading to or downgrading from 1.7.
 2017-10-11 14:55:51 +01:00
Spencer Smith e5426f74a8 Merge pull request #1762 from manics/bindir-helm 
Include bin_dir when patching helm tiller with kubectl
 2017-10-10 10:40:47 -04:00
Spencer Smith f5212d3b79 Merge pull request #1752 from pmontanari/patch-1 
Force synchronize to use ssh_args so it works when using bastion
 2017-10-10 10:40:01 -04:00
Spencer Smith 3d09c4be75 Merge pull request #1756 from kubernetes-incubator/fix_bool_assert 
Fix bool check assert
 2017-10-10 10:38:53 -04:00
Spencer Smith f2db15873d Merge pull request #1754 from ArchiFleKs/rkt-kubelet-fix 
add hosts to rkt kubelet
 2017-10-10 10:37:36 -04:00
ArchiFleKs 7c663de6c9 add /etc/hosts volume to rkt templates 2017-10-09 16:41:51 +02:00
Simon Li c14bbcdbf2 Include bin_dir when patching helm tiller with kubectl 2017-10-09 15:17:52 +01:00
ant31 1be4c1935a Fix bool check assert 2017-10-06 17:02:38 +00:00
pmontanari 764b1aa5f8 Force synchronize to use ssh_args so it works when using bastion 
In case ssh.config is set to use bastion, synchronize needs to use it too.
 2017-10-06 00:21:54 +02:00
Spencer Smith d13b07ba59 Merge pull request #1751 from bradbeam/calicoprometheus 
Adding calico/node env vars for prometheus configuration
 2017-10-05 17:29:12 -04:00
Brad Beam 55dfae2a52 Followup fix for CVE-2017-14491 2017-10-05 11:31:04 -05:00
Brad Beam b81c0d869c Adding calico/node env vars for prometheus configuration 2017-10-05 08:46:01 -05:00
Matthew Mosesohn f14f04c5ea Upgrade to kubernetes v1.8.0 (#1730) 
* Upgrade to kubernetes v1.8.0

hyperkube no longer contains rsync, so now use cp

* Enable node authorization mode

* change kube-proxy cert group name
 2017-10-05 10:51:21 +01:00
Aivars Sterns 9c86da1403 Normalize tags in all places to prepare for tag fixing in future (#1739) 2017-10-05 08:43:04 +01:00
Spencer Smith cb611b5ed0 Merge pull request #1742 from mattymo/facts_as_vars 
Move set_facts to kubespray-defaults defaults
 2017-10-04 15:46:39 -04:00
Spencer Smith ab171a1d6d don't delegate cert slurp 2017-10-04 13:06:51 -04:00
Matthew Mosesohn a56738324a Move set_facts to kubespray-defaults defaults 
These facts can be generated in defaults with a performance
boost.

Also cleaned up duplicate etcd var names.
 2017-10-04 14:02:47 +01:00
Matthew Mosesohn e42cb43ca5 add bootstrap for debian (#1726) 2017-10-03 08:30:45 +01:00
Brad Beam ca541c7e4a Ensuring vault service is stopped in reset tasks (#1736) 2017-10-03 08:30:28 +01:00
Brad Beam 96e14424f0 Adding kubedns update for CVE-2017-14491 (#1735) 2017-10-03 08:30:14 +01:00
Matthew Mosesohn dae9f6d3c2 Test if tokens are expired from host instead of inside container (#1727) 
* Test if tokens are expired from host instead of inside container

* Update main.yml
 2017-10-02 13:14:50 +01:00
Julian Poschmann 8e1210f96e Fix cluster-network w/ prefix > 25 not possible with CNI (#1713) 2017-10-01 10:43:00 +01:00
Brad Beam 1b9a6d7ad8 Merge pull request #1672 from manics/bastion-proxycommand-newline 
Insert a newline in bastion ssh config after ProxyCommand conditional
 2017-09-29 11:37:47 -05:00
Peter Slijkhuis 371fa51e82 Make installation of EPEL optional (#1721) 2017-09-29 13:44:29 +01:00
Matthew Mosesohn a55675acf8 Enable RBAC with kubeadm always (#1711) 2017-09-29 09:18:24 +01:00
Matthew Mosesohn 25dd3d476a Fix error for azure+calico assert (#1717) 
Fixes #1716
 2017-09-29 08:17:18 +01:00
Matthew Mosesohn 3ff5f40bdb fix graceful upgrade (#1704) 
Fix system namespace creation
Only rotate tokens when necessary
 2017-09-27 14:49:20 +01:00
Matthew Mosesohn 689ded0413 Enable kubeadm upgrades to any version (#1709) 2017-09-27 14:48:18 +01:00
Matthew Mosesohn 327ed157ef Verify valid settings before deploy (#1705) 
Also fix yaml lint issues

Fixes #1703
 2017-09-27 14:47:47 +01:00
tanshanshan 477afa8711 when and run_once are reduplicative (#1694) 2017-09-26 14:48:05 +01:00
Matthew Mosesohn bd272e0b3c Upgrade to kubeadm (#1667) 
* Enable upgrade to kubeadm

* fix kubedns upgrade

* try upgrade route

* use init/upgrade strategy for kubeadm and ignore kubedns svc

* Use bin_dir for kubeadm

* delete more secrets

* fix waiting for terminating pods

* Manually enforce kube-proxy for kubeadm deploy

* remove proxy. update to kubeadm 1.8.0rc1
 2017-09-26 10:38:58 +01:00
Brad Beam 14c232e3c4 Merge pull request #1663 from foxyriver/fix-shell 
use command module instead of shell module
 2017-09-25 13:24:45 -05:00
Brad Beam 57f5fb1f4f Merge pull request #1661 from neith00/master 
upgrading from weave version 2.0.1 to 2.0.4
 2017-09-25 13:23:57 -05:00
Bogdan Dobrelya bcddfb786d Merge pull request #1692 from mattymo/old-etcd-logic 
drop unused etcd logic
 2017-09-25 17:44:33 +02:00
Martin Uddén 20db1738fa feature: install project atomic CSS on RedHat family (#1499) 
* feature: install project atomic CSS on RedHat family

* missing patch for this feature

* sub-role refactor

* Yamllint fix
 2017-09-25 12:29:17 +01:00