Commit graph

2867 commits

Author SHA1 Message Date
Andreas Krüger
1a35948ff6
Enable encrypting the secrets
Enable the CI test to check the encryption of secrets
2018-03-15 20:33:57 +01:00
woopstar
40c0f3756b Encapsulate item instead of casting to string 2018-03-15 20:27:21 +01:00
Andreas Krüger
3d6fd49179 Added option for encrypting secrets to etcd v.2 (#2428)
* Added option for encrypting secrets to etcd

* Fix keylength to 32

* Forgot the default

* Rename secrets.yaml to secrets_encryption.yaml

* Fix static path for secrets file to use ansible variable

* Rename secrets.yaml.j2 to secrets_encryption.yaml.j2

* Base64 encode the token

* Fixed merge error

* Changed path to credentials dir

* Update path to secrets file which is now readable inside the apiserver container. Set better file permissions

* Add encryption option to k8s-cluster.yml
2018-03-15 22:20:05 +03:00
Oleg Vyukov
d843e3d562 Fix indent Custom ConfigMap ingress-nginx (#2447) 2018-03-15 22:18:18 +03:00
Aivars Sterns
d8d5474dcc
Merge pull request #2467 from huzhengchuan/fix/kubeadm_enable
Fix error in kubelet.kubeadm.env.j2
2018-03-15 08:50:40 +02:00
Andreas Krüger
788e41a315
Make sure output from extra args is strings
Setting the following:

```
kube_kubeadm_controller_extra_args:
  address: 0.0.0.0
  terminated-pod-gc-threshold: "100"
```

Results in `terminated-pod-gc-threshold: 100` in the kubeadm config file. But it has to be a string to work.
2018-03-14 19:23:43 +01:00
MQasimSarfraz
1bcc641dae Create vsphere clusterrole only if it doesnt exists 2018-03-14 11:29:35 +00:00
Sergey Bondarev
f8fed0f308 change expirations period for generated certificate from 10 years to 100 years 2018-03-14 13:33:36 +03:00
zhengchuan hu
d1e6632e6a Fix err in kubelet.kubeadm.env.j2
1. 404 link url
2. kubelet_authentication_token_webhook is not work
3. kube_reserved variable set twice
2018-03-14 17:25:21 +08:00
Aivars Sterns
710295bd2f
Merge pull request #2434 from protomech/feature/azure-vnet-resource-group
add support for azure vnetResourceGroup
2018-03-13 17:42:09 +02:00
RongZhang
3e2d68cd32
Merge pull request #2455 from whereismyjetpack/kube-limits
uses new kube_memory_reserved/kube_cpu_reserved variables in kubelt
2018-03-13 06:28:07 -05:00
Dann Bohn
f3788525ff fixes yamllint for docker defaults, and weave network plugin 2018-03-13 06:15:48 -04:00
Andreas Krüger
39d247a238
Add support to kubeadm too
Explicitly defines the --kubelet-preferred-address-types parameter #2418

Fixes #2453
2018-03-13 10:31:15 +01:00
Aivars Sterns
b37144b0b2
Merge pull request #2459 from riverzhang/remove-node-docs
Add remove node to getting-started doc
2018-03-13 11:12:42 +02:00
rong.zhang
2e0b33f754 Add remove node to getting-started doc 2018-03-13 16:41:26 +08:00
Aivars Sterns
adc3f79c23
Merge pull request #2458 from jouve/collect_info
use archive instead of command
2018-03-13 09:45:48 +02:00
Aivars Sterns
7904b454ba
Merge pull request #2460 from riverzhang/fix-weave
Fix yamllint roles error for #2188 commit
2018-03-13 09:40:54 +02:00
rong.zhang
d264da8f08 Fix yamllint roles error for #2188 commit 2018-03-13 14:28:49 +08:00
Cyril Jouve
6abe78ff46 use archive instead of command 2018-03-12 19:59:22 +01:00
MQasimSarfraz
9a4aa4288c Fix vsphere cloud_provider RBAC permissions 2018-03-12 18:07:08 +00:00
Dann Bohn
50e3ccfa2b uses new kube_memory_reserved/kube_cpu_reserved variables in kubelt 2018-03-12 12:46:14 -04:00
RongZhang
69a3c33ceb
Merge pull request #2429 from riverzhang/patch-6
Fix Docker exits prematurely
2018-03-12 06:16:25 -05:00
RongZhang
649b1ae868
Merge pull request #2452 from riverzhang/dockerproject
Fix issues #2451 Support docker-ce and docker-engine
2018-03-12 06:15:44 -05:00
Aivars Sterns
973cc12ca9
Merge pull request #2188 from cornelius-keller/fix_weave
fix nodePort for weave
2018-03-12 10:55:41 +02:00
Aivars Sterns
436de45dd4
Merge pull request #2295 from manics/supplementary-bugfix
Fix indexing of supplementary DNS in openssl.conf
2018-03-12 10:54:56 +02:00
Aivars Sterns
5f186a2835
Merge pull request #2418 from kubernetes-incubator/1439br
Explicitly defines the --kubelet-preferred-address-types parameter
2018-03-12 10:53:48 +02:00
RongZhang
ecec94ee7e Fix Docker exits prematurely
details:https://github.com/moby/moby/pull/31490/files
2018-03-12 14:44:47 +08:00
rong.zhang
196995a1a7 Fix issues#2451 Support docker-ce and docker-engine
Support docker-ce and docker-engine include redhat/centos ubuntu debian
2018-03-12 13:31:31 +08:00
Spencer Smith
3a714fd4ac
Merge pull request #2427 from hswong3i/local_volume_provisioner_default
FIXUP #2424: local_provisioner directory should be created only if enabled
2018-03-10 09:00:35 -05:00
Spencer Smith
2132ec0269
Merge pull request #2378 from dleske/reorg-inventory-for-opst
Update OpenStack contrib to use per-cluster inventory layout
2018-03-09 15:21:21 -05:00
Spencer Smith
c47fdc9aa0
Merge pull request #2445 from chadswen/kube-cert-directory-fix
Fix kubernetes cert permission sync
2018-03-09 15:10:35 -05:00
Spencer Smith
5c4cfb54ae
Merge pull request #2444 from chadswen/system-node-crb-name
Prefix system:node CRB
2018-03-09 15:09:01 -05:00
chadswen
cd153a1fb3 Fix kubernetes cert permission sync
Add `state: directory` to `file` task so that `recurse: yes` will actually take effect and ensure
certs/keys have the right file mode and owner
2018-03-09 00:11:10 -06:00
chadswen
b0ab92c921 Prefix system:node CRB
Change the name of `system:node` CRB to `kubespray:system:node` to avoid
conflicts with the auto-reconciled CRB also named `system:node`

Fixes #2121
2018-03-08 23:56:46 -06:00
RongZhang
5007a69eee
Merge pull request #2437 from huzhengchuan/fix/callo-routereflector
Fix always download calico_rr image
2018-03-08 23:22:48 -06:00
Chad Swenson
8a46e050e3
Merge pull request #2433 from octarinesec/eyeofthefrog/systemd_command_fix
Fix systemd version detection
2018-03-08 22:28:12 -06:00
Chad Swenson
256fd12da5
Merge pull request #2440 from huzhengchuan/fix/proxy
clean http-proxy.conf
2018-03-08 20:36:26 -06:00
zhengchuan hu
8e36ad09b4 clean http-proxy.conf 2018-03-08 23:16:02 +08:00
zhengchuan hu
96a92503cb Fix always download calico_rr image 2018-03-08 17:04:16 +08:00
RongZhang
5253153dbb
Merge pull request #2416 from riverzhang/delete-node
Remove nodes
2018-03-08 01:55:20 -06:00
rong.zhang
12c78e622b Remove nodes
Drain node except daemonsets resource
Use reset cluser for delete deploy data
Then delete node
2018-03-08 15:03:42 +08:00
RongZhang
216bf2e867
Merge pull request #2422 from riverzhang/patch-5
Enable OOM killing for etcd-events
2018-03-07 23:15:19 -06:00
Wong Hoi Sing Edison
a086686e9f Support multiple artifacts under individual inventory directory 2018-03-08 11:57:53 +08:00
Wong Hoi Sing Edison
6402004018 FIXUP #2424: local_provisioner directory should be created only if enabled 2018-03-08 11:57:46 +08:00
RongZhang
955f833120
Merge pull request #2430 from huzhengchuan/fix/kube-reserve
fix the name of some variable
2018-03-07 21:25:32 -06:00
Chad Swenson
f4476f25bd
Merge pull request #2435 from chadswen/kube-module-enhancements
kube Module Enhancements
2018-03-07 17:17:01 -06:00
Chad Swenson
8960d5bcfa kube Module Enhancements
* Multiple files are now supported across operations.
  * Can be specified as a list or a comma separated string.
  * Single item per task params will still work without changes.
* Added `files`, `filenames`, and `file`, as aliases for the `filename` param.
* Improved output of error message to always include stderr
* `exists` now supports checking files

Follow up PRs encouraged across roles to start converting `with_items` loops on `kube` tasks into `files` param lists so we can improve performance.
2018-03-07 14:50:09 -06:00
Chris Mildebrandt
605738757d Fix systemd version detection
Change "command" to "shell" in order for the pipe to work correctly
2018-03-07 11:32:47 -08:00
Aivars Sterns
569613f2a4
Merge pull request #2425 from hswong3i/ingress_nginx_configmap
Add Custom ConfigMap Support for ingress-nginx
2018-03-07 19:02:03 +02:00
Antoine Legrand
cc182ea2f3
Merge pull request #2432 from kubernetes-incubator/remove-do-ci
Remove DigitalOcean
2018-03-07 16:29:45 +01:00