C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
3335 commits 17 branches 66 tags 141 MiB
Commit graph

948 commits

Author SHA1 Message Date
rongzhang
5a4352657d Fix install audit failed 
1.fix audit log not write
2.fix Parameter not recognized
3.delete kubedm futuregates auditing and use apiServerExtraArgs
 2018-08-23 01:47:15 +08:00
Andreas Krüger
497db69c9f
Merge pull request #3130 from riverzhang/add-control-plane 
Add kubeadm controlplaneEndpoint
 2018-08-20 10:43:50 +02:00
Andreas Krüger
c7de737551
Merge pull request #3133 from mirwan/auditlog_to_stdout_w_kubeadm 
Audit log to stdout with kubeadm
 2018-08-20 10:43:22 +02:00
Erwan Miran
fc38b6d0ca Ability to define custom audit polcy rules 2018-08-20 07:04:56 +02:00
Erwan Miran
c34900e569 Define apiserver flags directly instead of relying on auditPolicy section in order to have the ability to redirect audit log to stdout with kubeadm 2018-08-20 07:00:53 +02:00
Rong Zhang
855f2a55cb
Merge pull request #3135 from ishitatsuyuki/patch-1 
Add bad hostname preflight check
 2018-08-20 12:08:02 +08:00
Rong Zhang
fd16f77e20
Merge pull request #3017 from seungkyua/fix_kubeadm_client_conf 
Fix kubeadm client conf
 2018-08-20 10:51:02 +08:00
Tatsuyuki Ishi
3eef8dc8d0 Add bad hostname preflight check 
Hostname must be a valid DNS name, which is checked as https://github.com/kubernetes/apimachinery/blob/master/pkg/util/validation/validation.go#L115

The situation I have encountered is that my hostname contained underscore which is disallowed and apiserver refused to start.
 2018-08-20 09:09:00 +09:00
rongzhang
59176ebbb9 Add kubeadm controlplaneEndpoint 
Nginx LB(default)
Other LB by kubeadm controlplane
 2018-08-20 00:57:13 +08:00
rongzhang
b421d0ed5b Fix install nss 2018-08-20 00:07:31 +08:00
Rong Zhang
fb309ca446
Merge pull request #3128 from riverzhang/delete-kubeadm 
Remove unused configuration
 2018-08-19 10:01:33 +08:00
rongzhang
095ccef8bd Remove unused configuration 2018-08-19 01:23:20 +08:00
Rong Zhang
0df969ad19
Merge pull request #3117 from mirwan/audit_usecases 
Audit support improvement
 2018-08-19 01:13:22 +08:00
Antoine Legrand
ac49bbb336
Merge pull request #2168 from xd007/docker_arm64 
fix docker opts incompatible running on aarch64 Redhat/Centos
 2018-08-17 16:24:07 +02:00
Antoine Legrand
7a0f0126f7
Merge pull request #1295 from xuhuilong/master 
fix curl get calico status error ( error in tls version, centos 7.3 1611)
 2018-08-17 14:29:01 +02:00
Seungkyu Ahn
29894293eb Fix kubeadm client conf 
Fix DiscoveryTokenCACertHashes key to discoveryTokenCACertHashes in kubeadm-client.conf
 2018-08-17 04:40:08 +00:00
Antoine Legrand
58ee5f1cc9
Merge pull request #3089 from mattymo/cloudconfig 
Remove erroneous cloud-config task
 2018-08-16 16:17:01 +02:00
Erwan Miran
54548d3b95 kubeadm mounts the hostpaths itself 2018-08-16 13:17:30 +02:00
Erwan Miran
58d4d65fab minor variable fix and reuse + handle auditlog redirected to stdout 2018-08-16 12:51:09 +02:00
rongzhang
2ffc1afe40 Support audit 2018-08-16 14:38:07 +08:00
Rong Zhang
a11e1eba9e Upgrade kubernetes to V1.11.x (#3078) 
Upgrade Kubernetes to V1.11.2
The kubeadm configuration file version has been upgraded from v1alpha1 to v1alpha2
Add bootstrap kubeadm-config.yaml with external etcd
 2018-08-14 15:13:44 +03:00
Matthew Mosesohn
581a30fdec Remove erroneous cloud-config task 2018-08-10 15:59:18 +03:00
Andreas Krüger
d8e77600e2
Merge pull request #3066 from luisyonaldo/fix-conditional 
fix bad conditional
 2018-08-10 10:38:52 +02:00
Luis Nuñez
fd380615a0 fix bad conditional 2018-08-09 10:20:45 +02:00
Robert Everson
4eadf3228e Only add admission plugins if defined 2018-08-07 11:25:03 -07:00
Robert Everson
99c5aa5a02 Use k8s default plugin list 2018-08-07 11:25:03 -07:00
Robert Everson
6ed65d762b Separate out plugins into 2 variables 2018-08-07 11:25:03 -07:00
Robert Everson
ac18f6cf8b Add support for admission controllers in 1.10 and above 2018-08-07 11:25:03 -07:00
Rong Zhang
e71f261935
Merge pull request #3068 from riverzhang/swap 
Enable swap
 2018-08-07 21:29:41 +08:00
rongzhang
b902602d16 Enable swap 2018-08-07 21:13:12 +08:00
Rong Zhang
c288ffc55d
Merge pull request #2342 from southquist/add-ca-cert 
allow for setting the cacert on openstack cloud provider
 2018-08-07 17:46:01 +08:00
Rong Zhang
9075dbdd3c
Merge pull request #2875 from bradbeam/movault 
Adding cluster_name to api cert alt name for vault
 2018-08-07 17:36:04 +08:00
Rong Zhang
3d19e03294
Merge pull request #3015 from podnov/kube_proxy_healthz_bind_address 
Variablize kube_proxy_healthz_bind_address
 2018-08-07 17:10:33 +08:00
rongzhang
ac644ed049 Fix yaml roles error 2018-08-05 18:48:07 +08:00
woosley.xu
72074f283b set local for growpart part 2 2018-07-31 06:56:09 +08:00
woosley.xu
a5db3dbea9 set locale for growpart 2018-07-31 06:52:56 +08:00
Seungkyu Ahn
0366600b45 Remove double slash 
Even without this PR, the operation works well.
However, it is better to use a single slash rather than
a double slash in the path.
 2018-07-20 07:34:33 +00:00
Evan Zeimet
6a4ce96b7d Variablize kube_proxy_healthz_bind_address 
This fixes #3014
 2018-07-19 14:19:09 -05:00
Takashi Okamoto
37ccf7e405 Fixed kubectl path. 2018-07-13 15:32:08 +00:00
Matthew Mosesohn
97e0de7e29
Fix vault file owner issues and k8s apiserver cert creation (#2985) 
apiserver cert should be created only once
 2018-07-11 14:58:02 +03:00
Rong Zhang
cf445fd4fe
Merge pull request #2930 from alvistack/ingress-nginx-0.16.1 
ingress-nginx: Upgrade to 0.16.2
 2018-07-10 14:42:37 +08:00
Aivars Sterns
72f053d9bb
Merge pull request #2972 from mattymo/force_cni_cp 
Force copy cni files
 2018-07-10 09:40:10 +03:00
Wong Hoi Sing Edison
a0defefb3f ingress-nginx: Upgrade to 0.16.2 
ingress-nginx 0.16.2 (https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.16.2)

This patch simplify ingress-nginx deployment by default deploy on
master, with customizable options; on the other hand, remove the
additional Ansible group "kube-ingress" and its k8s node label
injection.

Reference to https://kubernetes.io/docs/concepts/services-networking/ingress/#prerequisites:

    GCE/Google Kubernetes Engine deploys an ingress controller on the master.

By changing `ingress_nginx_nodeselector` plus custom k8s node
label, user could customize the DaemonSet deployment target.

If `ingress_nginx_nodeselector` is empty, will deploy DaemonSet on
every k8s node.
 2018-07-10 12:26:06 +08:00
Dao Hoang Son
d306c9708c Remove step that force disable kube_basic_auth. 
The referenced issue (https://github.com/kubernetes/kubeadm/issues/441) has already been fixed.
 2018-07-08 16:57:43 +07:00
Matthew Mosesohn
1a3b9dd864 Force copy cni files 2018-07-06 16:39:42 +03:00
Matthew Mosesohn
5c617c5a8b
Add tags to deploy components by --tags option (#2960) 
* Add tags for cert serial tasks

This will help facilitate tag-based deployment of specific components.

* fixup kubernetes node
 2018-07-06 09:12:13 +03:00
Aivars Sterns
4092f96dd8
Merge pull request #2946 from Miouge1/remove-pid-predicate 
CheckNodePIDPressure is not supported in v1.10
 2018-07-04 18:30:19 +03:00
Matthew Mosesohn
c20196f9a0
Remove modprobe binary from kubelet rkt deployment (#2917) 2018-07-02 15:37:24 +03:00
Miouge1
2a279e30b0 CheckNodePIDPressure is not supported in v1.10 2018-06-28 20:10:38 +02:00
southquist
c685dc493f allow for setting the cacert on openstack cloud provider 2018-06-28 16:00:13 +02:00