C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
2219 commits 17 branches 66 tags 141 MiB
Commit graph

196 commits

Author SHA1 Message Date
Matthew Mosesohn 0b4fcc83bd Fix up warnings and deprecations (#1848) 2017-10-20 08:25:57 +01:00
Matthew Mosesohn fc9a65be2b Refactor downloads to use download role directly (#1824) 
* Refactor downloads to use download role directly

Also disable fact delegation so download delegate works acros OSes.

* clean up bools and ansible_os_family conditionals
 2017-10-19 09:17:11 +01:00
Jan Jungnickel 49dff97d9c Relabel controler-manager to kube-controller-manager (#1830) 
Fixes #1129
 2017-10-18 17:29:18 +01:00
Matthew Mosesohn 16462292e1 Properly skip extra SANs when not specified for kubeadm (#1831) 2017-10-18 12:04:13 +01:00
Rémi de Passmoilesel 356515222a Add possibility to insert more ip adresses in certificates (#1678) 
* Add possibility to insert more ip adresses in certificates

* Add newline at end of files

* Move supp ip parameters to k8s-cluster group file

* Add supplementary addresses in kubeadm master role

* Improve openssl indexes
 2017-10-17 11:06:07 +01:00
Matthew Mosesohn d487b2f927 Security best practice fixes (#1783) 
* Disable basic and token auth by default

* Add recommended security params

* allow basic auth to fail in tests

* Enable TLS authentication for kubelet
 2017-10-15 20:41:17 +01:00
Matthew Mosesohn 7e4668859b Change file used to check kubeadm upgrade method (#1784) 
* Change file used to check kubeadm upgrade method

Test for ca.crt instead of admin.conf because admin.conf
is created during normal deployment.

* more fixes for upgrade
 2017-10-15 10:33:22 +01:00
Matthew Mosesohn ef47a73382 Add new addon Istio (#1744) 
* add istio addon

* add addons to a ci job
 2017-10-13 15:42:54 +01:00
Matthew Mosesohn ee83e874a8 Clear admin kubeconfig when rotating certs (#1772) 
* Clear admin kubeconfig when rotating certs

* Update main.yml
 2017-10-12 09:55:46 +01:00
Matthew Mosesohn f14f04c5ea Upgrade to kubernetes v1.8.0 (#1730) 
* Upgrade to kubernetes v1.8.0

hyperkube no longer contains rsync, so now use cp

* Enable node authorization mode

* change kube-proxy cert group name
 2017-10-05 10:51:21 +01:00
Aivars Sterns 9c86da1403 Normalize tags in all places to prepare for tag fixing in future (#1739) 2017-10-05 08:43:04 +01:00
Matthew Mosesohn a56738324a Move set_facts to kubespray-defaults defaults 
These facts can be generated in defaults with a performance
boost.

Also cleaned up duplicate etcd var names.
 2017-10-04 14:02:47 +01:00
Matthew Mosesohn e42cb43ca5 add bootstrap for debian (#1726) 2017-10-03 08:30:45 +01:00
Julian Poschmann 8e1210f96e Fix cluster-network w/ prefix > 25 not possible with CNI (#1713) 2017-10-01 10:43:00 +01:00
Matthew Mosesohn 3ff5f40bdb fix graceful upgrade (#1704) 
Fix system namespace creation
Only rotate tokens when necessary
 2017-09-27 14:49:20 +01:00
Matthew Mosesohn 689ded0413 Enable kubeadm upgrades to any version (#1709) 2017-09-27 14:48:18 +01:00
Matthew Mosesohn 327ed157ef Verify valid settings before deploy (#1705) 
Also fix yaml lint issues

Fixes #1703
 2017-09-27 14:47:47 +01:00
tanshanshan 477afa8711 when and run_once are reduplicative (#1694) 2017-09-26 14:48:05 +01:00
Matthew Mosesohn bd272e0b3c Upgrade to kubeadm (#1667) 
* Enable upgrade to kubeadm

* fix kubedns upgrade

* try upgrade route

* use init/upgrade strategy for kubeadm and ignore kubedns svc

* Use bin_dir for kubeadm

* delete more secrets

* fix waiting for terminating pods

* Manually enforce kube-proxy for kubeadm deploy

* remove proxy. update to kubeadm 1.8.0rc1
 2017-09-26 10:38:58 +01:00
Matthew Mosesohn a1cde03b20 Correct master manifest cleanup logic (#1693) 
Fixes #1666
 2017-09-25 12:19:04 +01:00
Matthew Mosesohn 188bae142b Fix wait for hosts in CI (#1679) 
Also fix usage of failed_when and handling exit code.
 2017-09-20 14:30:09 +01:00
Matthew Mosesohn 8e731337ba Enable HA deploy of kubeadm (#1658) 
* Enable HA deploy of kubeadm

* raise delay to 60s for starting gce hosts
 2017-09-15 22:28:15 +01:00
Matthew Mosesohn b294db5aed fix apply for netchecker upgrade (#1659) 
* fix apply for netchecker upgrade and graceful upgrade

* Speed up daemonset upgrades. Make check wait for ds upgrades.
 2017-09-15 13:19:37 +01:00
Matthew Mosesohn 6744726089 kubeadm support (#1631) 
* kubeadm support

* move k8s master to a subtask
* disable k8s secrets when using kubeadm
* fix etcd cert serial var
* move simple auth users to master role
* make a kubeadm-specific env file for kubelet
* add non-ha CI job

* change ci boolean vars to json format

* fixup

* Update create-gce.yml

* Update create-gce.yml

* Update create-gce.yml
 2017-09-13 19:00:51 +01:00
Matthew Mosesohn 75b13caf0b Fix kube-apiserver status checks when changing insecure bind addr (#1633) 2017-09-09 23:41:48 +03:00
Matthew Mosesohn 5d99fa0940 Purge old upgrade hooks and unused tasks (#1641) 2017-09-09 23:41:20 +03:00
Brad Beam 8ae77e955e Adding in certificate serial numbers to manifests (#1392) 2017-09-01 09:02:23 +03:00
Brad Beam 7a98ad50b4 Fixing CA certificate locations for k8s components 2017-08-30 15:30:40 -05:00
Chad Swenson a39e78d42d Initial version of Flannel using CNI (#1486) 
* Updates Controller Manager/Kubelet with Flannel's required configuration for CNI
* Removes old Flannel installation
* Install CNI enabled Flannel DaemonSet/ConfigMap/CNI bins and config (with portmap plugin) on host
* Uses RBAC if enabled
* Fixed an issue that could occur if br_netfilter is not a module and net.bridge.bridge-nf-call-iptables sysctl was not set
 2017-08-25 10:07:50 +03:00
Hassan Zamani 01ce09f343 Add feature_gates var for customizing Kubernetes feature gates (#1520) 2017-08-24 23:18:38 +03:00
Brad Beam 8b151d12b9 Adding yamllinter to ci steps (#1556) 
* Adding yaml linter to ci check

* Minor linting fixes from yamllint

* Changing CI to install python pkgs from requirements.txt

- adding in a secondary requirements.txt for tests
- moving yamllint to tests requirements
 2017-08-24 12:09:52 +03:00
Miad Abrin 3c710219a1 Fix Some Typos in kubernetes master role (#1547) 
* Fix Typo etc3 -> etcd3

* Fix typo in post-upgrade of master. stop -> start
 2017-08-20 13:54:28 +03:00
Brad Beam 383d582b47 Merge pull request #1382 from jwfang/rbac 
basic rbac support
 2017-08-07 08:01:51 -05:00
Anton e0960f6288 FIX: Unneded (extra) cycles in some tasks (#1393) 2017-07-27 20:46:21 +03:00
jwfang 092bf07cbf basic rbac support 2017-07-17 19:29:59 +08:00
Gregory Storme 266ca9318d Use the kube_apiserver_insecure_port variable instead of static 8080 2017-06-12 09:20:59 +02:00
Spencer Smith 8203383c03 rename almost all mentions of kargo 2017-06-16 13:25:46 -04:00
Spencer Smith 01c0ab4f06 check if cloud_provider is defined 2017-05-31 08:24:24 -04:00
Spencer Smith 7e2aafcc76 add direct path for cert in AWS with RHEL family 2017-05-26 17:32:50 -04:00
Matthew Mosesohn 2d6bc9536c Merge pull request #1246 from holser/disable_dns_for_kube_services 
Change DNS policy for kubernetes components
 2017-04-20 16:12:52 +03:00
Sergii Golovatiuk d8aa2d0a9e Change DNS policy for kubernetes components 
According to code apiserver, scheduler, controller-manager, proxy don't
use resolution of objects they created. It's not harmful to change
policy to have external resolver.

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
 2017-04-20 11:22:57 +02:00
Hans Kristian Flaatten d68cfeed6e
Move namespace file to template directory 2017-04-19 13:37:02 +02:00
Spencer Smith c3c9e955e5 Merge pull request #1232 from rsmitty/custom-flags 
add ability for custom flags
 2017-04-17 14:01:32 -04:00
Spencer Smith 72d5db92a8 remove stray spaces in templating 2017-04-17 12:24:24 -04:00
Spencer Smith 3f302c8d47 ensure spacing on string of flags 2017-04-17 12:13:39 -04:00
Spencer Smith f9d4a1c1d8 update to safeguard against accidentally passing string instead of list 2017-04-17 11:09:34 -04:00
gbolo 49be805001
allow admission control plug-ins to be easily customized 2017-04-16 22:03:45 -04:00
Spencer Smith 94596388f7 add ability for custom flags 2017-04-14 17:33:04 -04:00
Sergii Golovatiuk 2670eefcd4 Refactoring resolv.conf 
- Renaming templates for netchecker
- Add dnsPolicy: ClusterFirstWithHostNet to kube-proxy

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
 2017-04-05 09:28:01 +02:00
Matthew Mosesohn f8cf6b4f7c Merge pull request #1186 from holser/resolv_conf 
Set ClusterFirstWithHostNet for Pods with hostnetwork: true
 2017-04-04 20:49:55 +03:00