C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
2289 commits 17 branches 66 tags 141 MiB
Commit graph

638 commits

Author SHA1 Message Date
Stanislav Makar 33adb334cd Fix openstack tenant id variable name (#1932) 2017-11-05 08:40:41 +00:00
Spencer Smith ef87a8a1f0
Merge pull request #1916 from vtomasr5/master 
Fix bad handler directory name in kubeadm role
 2017-11-03 18:14:48 -04:00
Matthew Mosesohn ab3832f3e7
Set host IP for kubelet always (#1924) 
* Set host IP for kubelet always

Use ansible default IP if ip var is not set.

* Update main.yml
 2017-11-03 10:19:37 +00:00
Günther Grill 0195725563 Workaround ansible bug where access var via dict doesn't get real value (#1912) 
* Change deprecated vagrant ansible flag 'sudo' to 'become'

* Workaround ansible bug where access var via dict doesn't get real value

When accessing a variable via it's name "{{ foo }}" its value is
retrieved. But when the variable value is retrieved via the vars-dict
"{{ vars['foo'] }}" this doesn't resolve the expression of the variable
any more due to a bug. So e.g. a expression foo="{{ 1 == 1 }}" isn't
longer resolved but just returned as string "1 == 1".

* Make file yamllint complient
 2017-11-03 07:11:14 +00:00
Spencer Smith ec1170bd37 only mount volumes if local_volumes_enabled is true. fix mount flags in rkt. (#1923) 2017-11-03 07:10:37 +00:00
Spencer Smith 4771716ab2
Merge pull request #1907 from mattymo/disable_anon_auth 
Block anonymous auth requests to kubelet
 2017-11-02 12:01:39 -04:00
Spencer Smith b156585739
Merge pull request #1917 from chadswen/docker-daemon-graph 
Fix kubelet container with alternate Docker data paths
 2017-11-02 11:58:55 -04:00
Matthew Mosesohn 3e3787de15 Fix local volume provisioner mount point for rkt 2017-11-02 09:45:26 +00:00
Chad Swenson 0c824d5ef1 Fix kubelet container with alternate Docker data paths 
Some time ago I think the hardcoded `/var/lib/docker` was required, but kubelet running in a container has been aware of the Docker path since at least as far back as k8s 1.6.

Without this change, you see a large number of errors in the kubelet logs if you installed with a non-default `docker_daemon_graph`
 2017-11-01 13:25:15 -05:00
Matthew Mosesohn c0e989b17c
New addon: local_volume_provisioner (#1909) 2017-11-01 14:25:35 +00:00
Vicenç Juan Tomàs Montserrat 5218b3af82 Fix bad handler directory name in kubeadm role 2017-11-01 14:36:28 +01:00
Spencer Smith ef0a91da27
Merge pull request #1891 from rsmitty/proxy-fixes 
Improved proxy support
 2017-10-31 14:32:12 -04:00
Spencer Smith 19962f6b6a fix indentation for master template (#1906) 2017-10-31 06:43:54 +00:00
Matthew Mosesohn f7703dbca3 Block anonymous auth requests to kubelet 2017-10-30 19:06:54 +00:00
Spencer Smith b27453d8d8 improved proxy support 2017-10-30 11:42:14 -04:00
Spencer Smith 4470ee4ccf
Merge pull request #1887 from mattymo/fix_indent_apiserver 
fix indentation for network policy option
 2017-10-30 11:33:13 -04:00
abelgana d738acf638 Update kubelet.kubeadm.env.j2 (#1901) 2017-10-30 11:33:02 +00:00
tanshanshan 84d92aa3c7 fix-bug (#1900) 2017-10-30 11:23:24 +00:00
Spencer Smith 591941bd39
Merge pull request #1884 from abelgana/master 
Sysctl reload if needed after IP forward enabling
 2017-10-27 15:12:08 -04:00
Spencer Smith e90769c869
Merge pull request #1888 from chapsuk/issue_1885 
Disable swap in vagrant vms
 2017-10-27 15:10:16 -04:00
mkrasilnikov 2c7c956be9 Disable swap in vagrant vms 2017-10-27 19:57:54 +03:00
Matthew Mosesohn fe81bba08d Force kubelet certificates to be generated as lowercase (#1886) 
All nodes get converted to lowercase, so certs should set
CN with lowercase as well.
 2017-10-27 15:58:25 +01:00
Matthew Mosesohn 564de07963 fix indentation for network policy option 2017-10-27 14:56:22 +01:00
abelgana d9160f19c0 Sysctl reload if needed after IP forward enabling 
Add reload yes to reload sysctl if the value of net.ipv4.ip_forward changes.

- name: Enable ip forwarding
  sysctl:
    sysctl_file: "{{sysctl_file_path}}"
    name: net.ipv4.ip_forward
    value: 1
    state: present
    reload: yes
  tags:
    - bootstrap-os
 2017-10-26 13:06:21 -04:00
Brad Beam ba0a03a8ba Merge pull request #1880 from mattymo/node_auth_fixes2 
Move cluster roles and system namespace to new role
 2017-10-26 10:02:24 -05:00
Matthew Mosesohn b0f04d925a Update network policy setting for Kubernetes 1.8 (#1879) 
It is now enabled by default in 1.8 with the api changed
to networking.k8s.io/v1 instead of extensions/v1beta1.
 2017-10-26 15:35:26 +01:00
Matthew Mosesohn ec53b8b66a Move cluster roles and system namespace to new role 
This should be done after kubeconfig is set for admin and
before network plugins are up.
 2017-10-26 14:36:05 +01:00
Matthew Mosesohn 86fb669fd3 Idempotency fixes (#1838) 2017-10-25 21:19:40 +01:00
Chiang Fong Lee 5dc56df64e Fix ordering of kube-apiserver admission control plug-ins (#1841) 2017-10-24 17:28:07 +01:00
Haiwei Liu cfea99c4ee Fix scale.yml to supoort kubeadm (#1863) 
Signed-off-by: Haiwei Liu <carllhw@gmail.com>
 2017-10-24 16:08:48 +01:00
Matthew Mosesohn 0b4fcc83bd Fix up warnings and deprecations (#1848) 2017-10-20 08:25:57 +01:00
Matthew Mosesohn fc9a65be2b Refactor downloads to use download role directly (#1824) 
* Refactor downloads to use download role directly

Also disable fact delegation so download delegate works acros OSes.

* clean up bools and ansible_os_family conditionals
 2017-10-19 09:17:11 +01:00
Jan Jungnickel 49dff97d9c Relabel controler-manager to kube-controller-manager (#1830) 
Fixes #1129
 2017-10-18 17:29:18 +01:00
Hassan Zamani c9fe8fde59 Use fail-swap-on flag only for kube_version >= 1.8 (#1829) 2017-10-18 16:32:38 +01:00
Matthew Mosesohn 16462292e1 Properly skip extra SANs when not specified for kubeadm (#1831) 2017-10-18 12:04:13 +01:00
pmontanari 20d80311f0 Update main.yml (#1822) 
* Update main.yml

Needs to set up resolv.conf before updating Yum cache otherwise no name resolution available (resolv.conf empty).

* Update main.yml

Removing trailing spaces
 2017-10-18 11:42:00 +01:00
Tennis Smith 54320c5b09 set to 3 digit version number (#1817) 2017-10-17 11:14:29 +01:00
Rémi de Passmoilesel 356515222a Add possibility to insert more ip adresses in certificates (#1678) 
* Add possibility to insert more ip adresses in certificates

* Add newline at end of files

* Move supp ip parameters to k8s-cluster group file

* Add supplementary addresses in kubeadm master role

* Improve openssl indexes
 2017-10-17 11:06:07 +01:00
neith00 77f1d4b0f1 Revert "Update roadmap" (#1809) 
* Revert "Debian jessie docs (#1806)"

This reverts commit d78577c810.

* Revert "[contrib/network-storage/glusterfs] adds service for glusterfs endpoint (#1800)"

This reverts commit 5fb6b2eaf7.

* Revert "[contrib/network-storage/glusterfs] bootstrap for glusterfs nodes (#1799)"

This reverts commit 404caa111a.

* Revert "Fixed kubelet standard log environment (#1780)"

This reverts commit b838468500.

* Revert "Add support for fedora atomic host (#1779)"

This reverts commit f2235be1d3.

* Revert "Update network-plugins to use portmap plugin (#1763)"

This reverts commit 6ec45b10f1.

* Revert "Update roadmap (#1795)"

This reverts commit d9879d8026.
 2017-10-16 14:09:24 +01:00
Seungkyu Ahn b838468500 Fixed kubelet standard log environment (#1780) 
Change KUBE_LOGGING to KUBE_LOGTOSTDERR, when installing kubelet
as host type.
 2017-10-16 08:22:54 +01:00
Jason Brooks f2235be1d3 Add support for fedora atomic host (#1779) 
* don't try to install this rpm on fedora atomic

* add docker 1.13.1 for fedora

* built-in docker unit file is sufficient, as tested on both fedora and centos atomic
 2017-10-16 08:03:33 +01:00
Matthew Mosesohn d9879d8026 Update roadmap (#1795) 2017-10-16 07:06:06 +01:00
Matthew Mosesohn d487b2f927 Security best practice fixes (#1783) 
* Disable basic and token auth by default

* Add recommended security params

* allow basic auth to fail in tests

* Enable TLS authentication for kubelet
 2017-10-15 20:41:17 +01:00
Julian Poschmann 66e5e14bac Restart kubelet on update in deployment-type host on update (#1759) 
* Restart kubelet on update in deployment-type host on update

* Update install_host.yml

* Update install_host.yml

* Update install_host.yml
 2017-10-15 20:22:17 +01:00
Matthew Mosesohn 7e4668859b Change file used to check kubeadm upgrade method (#1784) 
* Change file used to check kubeadm upgrade method

Test for ca.crt instead of admin.conf because admin.conf
is created during normal deployment.

* more fixes for upgrade
 2017-10-15 10:33:22 +01:00
Matthew Mosesohn ef47a73382 Add new addon Istio (#1744) 
* add istio addon

* add addons to a ci job
 2017-10-13 15:42:54 +01:00
Julian Poschmann 56763d4288 Persist br_netfilter module loading (#1760) 2017-10-13 10:50:29 +01:00
Matthew Mosesohn ee83e874a8 Clear admin kubeconfig when rotating certs (#1772) 
* Clear admin kubeconfig when rotating certs

* Update main.yml
 2017-10-12 09:55:46 +01:00
Vijay Katam 27ed73e3e3 Rename dns_server, add var for selinux. (#1572) 
* Rename dns_server to dnsmasq_dns_server so that it includes role prefix
as the var name is generic and conflicts when integrating with existing ansible automation.
*  Enable selinux state to be configurable with new var preinstall_selinux_state
 2017-10-11 20:40:21 +01:00
Aivars Sterns e41c0532e3 add possibility to disable fail with swap (#1773) 2017-10-11 19:49:31 +01:00