C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
2274 commits 17 branches 66 tags 141 MiB
Commit graph

632 commits

Author SHA1 Message Date
Spencer Smith
4771716ab2
Merge pull request #1907 from mattymo/disable_anon_auth 
Block anonymous auth requests to kubelet
 2017-11-02 12:01:39 -04:00
Spencer Smith
b156585739
Merge pull request #1917 from chadswen/docker-daemon-graph 
Fix kubelet container with alternate Docker data paths
 2017-11-02 11:58:55 -04:00
Matthew Mosesohn
3e3787de15 Fix local volume provisioner mount point for rkt 2017-11-02 09:45:26 +00:00
Chad Swenson
0c824d5ef1 Fix kubelet container with alternate Docker data paths 
Some time ago I think the hardcoded `/var/lib/docker` was required, but kubelet running in a container has been aware of the Docker path since at least as far back as k8s 1.6.

Without this change, you see a large number of errors in the kubelet logs if you installed with a non-default `docker_daemon_graph`
 2017-11-01 13:25:15 -05:00
Matthew Mosesohn
c0e989b17c
New addon: local_volume_provisioner (#1909) 2017-11-01 14:25:35 +00:00
Spencer Smith
ef0a91da27
Merge pull request #1891 from rsmitty/proxy-fixes 
Improved proxy support
 2017-10-31 14:32:12 -04:00
Spencer Smith
19962f6b6a fix indentation for master template (#1906) 2017-10-31 06:43:54 +00:00
Matthew Mosesohn
f7703dbca3 Block anonymous auth requests to kubelet 2017-10-30 19:06:54 +00:00
Spencer Smith
b27453d8d8 improved proxy support 2017-10-30 11:42:14 -04:00
Spencer Smith
4470ee4ccf
Merge pull request #1887 from mattymo/fix_indent_apiserver 
fix indentation for network policy option
 2017-10-30 11:33:13 -04:00
abelgana
d738acf638 Update kubelet.kubeadm.env.j2 (#1901) 2017-10-30 11:33:02 +00:00
tanshanshan
84d92aa3c7 fix-bug (#1900) 2017-10-30 11:23:24 +00:00
Spencer Smith
591941bd39
Merge pull request #1884 from abelgana/master 
Sysctl reload if needed after IP forward enabling
 2017-10-27 15:12:08 -04:00
Spencer Smith
e90769c869
Merge pull request #1888 from chapsuk/issue_1885 
Disable swap in vagrant vms
 2017-10-27 15:10:16 -04:00
mkrasilnikov
2c7c956be9 Disable swap in vagrant vms 2017-10-27 19:57:54 +03:00
Matthew Mosesohn
fe81bba08d Force kubelet certificates to be generated as lowercase (#1886) 
All nodes get converted to lowercase, so certs should set
CN with lowercase as well.
 2017-10-27 15:58:25 +01:00
Matthew Mosesohn
564de07963 fix indentation for network policy option 2017-10-27 14:56:22 +01:00
abelgana
d9160f19c0 Sysctl reload if needed after IP forward enabling 
Add reload yes to reload sysctl if the value of net.ipv4.ip_forward changes.

- name: Enable ip forwarding
  sysctl:
    sysctl_file: "{{sysctl_file_path}}"
    name: net.ipv4.ip_forward
    value: 1
    state: present
    reload: yes
  tags:
    - bootstrap-os
 2017-10-26 13:06:21 -04:00
Brad Beam
ba0a03a8ba Merge pull request #1880 from mattymo/node_auth_fixes2 
Move cluster roles and system namespace to new role
 2017-10-26 10:02:24 -05:00
Matthew Mosesohn
b0f04d925a Update network policy setting for Kubernetes 1.8 (#1879) 
It is now enabled by default in 1.8 with the api changed
to networking.k8s.io/v1 instead of extensions/v1beta1.
 2017-10-26 15:35:26 +01:00
Matthew Mosesohn
ec53b8b66a Move cluster roles and system namespace to new role 
This should be done after kubeconfig is set for admin and
before network plugins are up.
 2017-10-26 14:36:05 +01:00
Matthew Mosesohn
86fb669fd3 Idempotency fixes (#1838) 2017-10-25 21:19:40 +01:00
Chiang Fong Lee
5dc56df64e Fix ordering of kube-apiserver admission control plug-ins (#1841) 2017-10-24 17:28:07 +01:00
Haiwei Liu
cfea99c4ee Fix scale.yml to supoort kubeadm (#1863) 
Signed-off-by: Haiwei Liu <carllhw@gmail.com>
 2017-10-24 16:08:48 +01:00
Matthew Mosesohn
0b4fcc83bd Fix up warnings and deprecations (#1848) 2017-10-20 08:25:57 +01:00
Matthew Mosesohn
fc9a65be2b Refactor downloads to use download role directly (#1824) 
* Refactor downloads to use download role directly

Also disable fact delegation so download delegate works acros OSes.

* clean up bools and ansible_os_family conditionals
 2017-10-19 09:17:11 +01:00
Jan Jungnickel
49dff97d9c Relabel controler-manager to kube-controller-manager (#1830) 
Fixes #1129
 2017-10-18 17:29:18 +01:00
Hassan Zamani
c9fe8fde59 Use fail-swap-on flag only for kube_version >= 1.8 (#1829) 2017-10-18 16:32:38 +01:00
Matthew Mosesohn
16462292e1 Properly skip extra SANs when not specified for kubeadm (#1831) 2017-10-18 12:04:13 +01:00
pmontanari
20d80311f0 Update main.yml (#1822) 
* Update main.yml

Needs to set up resolv.conf before updating Yum cache otherwise no name resolution available (resolv.conf empty).

* Update main.yml

Removing trailing spaces
 2017-10-18 11:42:00 +01:00
Tennis Smith
54320c5b09 set to 3 digit version number (#1817) 2017-10-17 11:14:29 +01:00
Rémi de Passmoilesel
356515222a Add possibility to insert more ip adresses in certificates (#1678) 
* Add possibility to insert more ip adresses in certificates

* Add newline at end of files

* Move supp ip parameters to k8s-cluster group file

* Add supplementary addresses in kubeadm master role

* Improve openssl indexes
 2017-10-17 11:06:07 +01:00
neith00
77f1d4b0f1 Revert "Update roadmap" (#1809) 
* Revert "Debian jessie docs (#1806)"

This reverts commit d78577c810.

* Revert "[contrib/network-storage/glusterfs] adds service for glusterfs endpoint (#1800)"

This reverts commit 5fb6b2eaf7.

* Revert "[contrib/network-storage/glusterfs] bootstrap for glusterfs nodes (#1799)"

This reverts commit 404caa111a.

* Revert "Fixed kubelet standard log environment (#1780)"

This reverts commit b838468500.

* Revert "Add support for fedora atomic host (#1779)"

This reverts commit f2235be1d3.

* Revert "Update network-plugins to use portmap plugin (#1763)"

This reverts commit 6ec45b10f1.

* Revert "Update roadmap (#1795)"

This reverts commit d9879d8026.
 2017-10-16 14:09:24 +01:00
Seungkyu Ahn
b838468500 Fixed kubelet standard log environment (#1780) 
Change KUBE_LOGGING to KUBE_LOGTOSTDERR, when installing kubelet
as host type.
 2017-10-16 08:22:54 +01:00
Jason Brooks
f2235be1d3 Add support for fedora atomic host (#1779) 
* don't try to install this rpm on fedora atomic

* add docker 1.13.1 for fedora

* built-in docker unit file is sufficient, as tested on both fedora and centos atomic
 2017-10-16 08:03:33 +01:00
Matthew Mosesohn
d9879d8026 Update roadmap (#1795) 2017-10-16 07:06:06 +01:00
Matthew Mosesohn
d487b2f927 Security best practice fixes (#1783) 
* Disable basic and token auth by default

* Add recommended security params

* allow basic auth to fail in tests

* Enable TLS authentication for kubelet
 2017-10-15 20:41:17 +01:00
Julian Poschmann
66e5e14bac Restart kubelet on update in deployment-type host on update (#1759) 
* Restart kubelet on update in deployment-type host on update

* Update install_host.yml

* Update install_host.yml

* Update install_host.yml
 2017-10-15 20:22:17 +01:00
Matthew Mosesohn
7e4668859b Change file used to check kubeadm upgrade method (#1784) 
* Change file used to check kubeadm upgrade method

Test for ca.crt instead of admin.conf because admin.conf
is created during normal deployment.

* more fixes for upgrade
 2017-10-15 10:33:22 +01:00
Matthew Mosesohn
ef47a73382 Add new addon Istio (#1744) 
* add istio addon

* add addons to a ci job
 2017-10-13 15:42:54 +01:00
Julian Poschmann
56763d4288 Persist br_netfilter module loading (#1760) 2017-10-13 10:50:29 +01:00
Matthew Mosesohn
ee83e874a8 Clear admin kubeconfig when rotating certs (#1772) 
* Clear admin kubeconfig when rotating certs

* Update main.yml
 2017-10-12 09:55:46 +01:00
Vijay Katam
27ed73e3e3 Rename dns_server, add var for selinux. (#1572) 
* Rename dns_server to dnsmasq_dns_server so that it includes role prefix
as the var name is generic and conflicts when integrating with existing ansible automation.
*  Enable selinux state to be configurable with new var preinstall_selinux_state
 2017-10-11 20:40:21 +01:00
Aivars Sterns
e41c0532e3 add possibility to disable fail with swap (#1773) 2017-10-11 19:49:31 +01:00
Matthew Mosesohn
eeb7274d65 Adjust memory reservation for master nodes (#1769) 2017-10-11 19:47:42 +01:00
Matthew Mosesohn
eb0dcf6063 Improve proxy (#1771) 
* Set no_proxy to all local ips

* Use proxy settings on all necessary tasks
 2017-10-11 19:47:27 +01:00
Matthew Mosesohn
fe4ba51d1a Set node IP correctly (#1770) 
Fixes #1741
 2017-10-11 15:28:42 +01:00
Hyunsun Moon
adf575b75e Set default value for disable_shared_pid (#1710) 
PID namespace sharing is disabled only in Kubernetes 1.7.
Explicitily enabling it by default could help reduce unexpected
results when upgrading to or downgrading from 1.7.
 2017-10-11 14:55:51 +01:00
Spencer Smith
3d09c4be75 Merge pull request #1756 from kubernetes-incubator/fix_bool_assert 
Fix bool check assert
 2017-10-10 10:38:53 -04:00
Spencer Smith
f2db15873d Merge pull request #1754 from ArchiFleKs/rkt-kubelet-fix 
add hosts to rkt kubelet
 2017-10-10 10:37:36 -04:00