Commit graph

16 commits

Author SHA1 Message Date
zouyee
3c44c77d91 upgrade k8s version to 1.6.4 2017-05-23 09:30:03 +08:00
Vincent Schwarzer
7af476b163 Fix for etcd variable issue 2017-04-12 12:59:49 +02:00
Matthew Mosesohn
9a0dd726ae Upgrade to Kubernetes 1.6.1 2017-04-05 13:26:36 +03:00
Matthew Mosesohn
b68e545bad Merge pull request #1155 from mattymo/helm
Add helm deployment
2017-03-20 17:00:06 +03:00
Matthew Mosesohn
579a6299c0 Add helm deployment 2017-03-17 20:24:41 +03:00
Aleksandr Didenko
1adf231512 Move calico-policy-controller into separate role
By default Calico CNI does not create any network access policies
or profiles if 'policy' is enabled in CNI config. And without any
policies/profiles network access to/from PODs is blocked.

K8s related policies are created by calico-policy-controller in
such case. So we need to start it as soon as possible, before any
real workloads.

This patch also fixes kube-api port in calico-policy-controller
yaml template.

Closes #1132
2017-03-17 11:21:52 +01:00
Matthew Mosesohn
7b5d6c7a06 Merge pull request #1137 from holser/bug/1135
Turn on iptables for flannel
2017-03-15 17:06:42 +03:00
Sergii Golovatiuk
97a7f1c4a5 Turn on iptables for flannel
Closes: #1135
Closes: #1026
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-03-14 17:54:55 +01:00
Vincent Schwarzer
ea1f072c7e Granular authentication Control
It is now possible to deactivate selected authentication methods
(basic auth, token auth) inside the cluster by adding
removing the required arguments to the Kube API Server and generating
the secrets accordingly.

The x509 authentification is currently not optional because disabling it
would affect the kubectl clients deployed on the master nodes.
2017-03-14 16:57:35 +01:00
Vincent Schwarzer
ea6bf9143f Added Support for OpenID Connect Authentication
To use OpenID Connect Authentication beside deploying an OpenID Connect
Identity Provider it is necesarry to pass additional arguments to the Kube API Server.
These required arguments were added to the kube apiserver manifest.
2017-03-06 12:40:35 +01:00
Sergii Golovatiuk
2a88210f78 Change kube-api default port from 443 to 6443
Operator can specify any port for kube-api (6443 default) This helps in
case where some pods such as Ingress require 443 exclusively.

Closes: 820
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-28 15:45:35 +01:00
Sergii Golovatiuk
a011677697 Make etcd data dir configurable.
Closes: #1073
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-27 21:35:51 +01:00
Antoine Legrand
ac709eb065 Uncommented group_vars variables 2017-02-24 10:54:25 +01:00
Antoine Legrand
7d67dfa30c Comment all variables in group_vars 2017-02-23 14:02:57 +01:00
Antoine Legrand
2aff3df697 Add default var role 2017-02-23 12:07:17 +01:00
Bogdan Dobrelya
dacfbde0b0 Rework inventory all by real groups' vars
* Leave all.yml to keep only optional vars
* Store groups' specific vars by existing group names
* Fix optional vars casted as mandatory (add default())
* Fix missing defaults for an optional IP var
* Relink group_vars for terraform to reflect changes

Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-02-23 09:43:42 +01:00