C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
3142 commits 17 branches 66 tags 141 MiB
Commit graph

117 commits

Author SHA1 Message Date
jwfang
6876f60f4c merge after rebase 2017-06-26 16:50:30 +08:00
jwfang
922ae45977 minor tune after merge @rajiteh's work 2017-06-26 16:44:24 +08:00
Raj Perera
f5c887a338 Whitespace fixes 2017-06-26 16:44:24 +08:00
Raj Perera
0816f620b9 Reverted leftover tasks from cert rotation functionality. 2017-06-26 16:44:24 +08:00
Raj Perera
a3760a8b84 Remove cert rotation code. Remove disclaimer for supported auth methods. 2017-06-26 16:44:24 +08:00
Raj Perera
a22868e7d1 Extract kubectl commands to resource yaml files and use kube module 2017-06-26 16:44:24 +08:00
Raj Perera
971944ead4 Address PR feedback. 
* Consolidate variable definitions to `kargo-defaults`.
* Set `AlwaysAllow` as the default authorization mode.
* Ability to set multiple authorization modes.
* Various style fixes and typos
 2017-06-26 16:44:24 +08:00
jwfang
525db1f109 patch system:kube-dns clusterrole for get 2017-06-26 16:43:27 +08:00
Raj Perera
442ebce3d8 Use kubectl patch 2017-06-26 16:42:47 +08:00
Raj Perera
5a86194038 Replace static references to system namespace 2017-06-26 16:42:47 +08:00
Raj Perera
c8a2fe321b Basic RBAC functionality. (Based from work done by @jwfang (#1351)) 
* Add a flag "authorization_method", when set to "RBAC" enables role based access control.
* Add required cluster roles and bindings for kube-dns
* Patch tiller deployment to use a service account with proper credentials.
* Add a flag to regenerate kubernetes certs on the nodes.
 2017-06-26 16:42:47 +08:00
jwfang
00e5fc8aa4 add label for kube-dns sa 2017-06-26 16:35:24 +08:00
jwfang
8e516e7a6c run kubedns as system:serviceaccount:kube-system:kube-dns; but dns does NOT work 2017-06-26 16:35:24 +08:00
jwfang
4cfffba749 minor tune after merge @rajiteh's work 2017-06-21 11:30:15 +08:00
Raj Perera
27a10c9623 Whitespace fixes 2017-06-20 13:44:14 -04:00
Raj Perera
41298ccea5 Reverted leftover tasks from cert rotation functionality. 2017-06-20 13:29:31 -04:00
Raj Perera
e58d06ddd1 Remove cert rotation code. Remove disclaimer for supported auth methods. 2017-06-20 00:49:33 -04:00
Raj Perera
cd143109fc Merge branch 'rbac-kp' into rbac-script-cert 
# Conflicts:
#	roles/kubernetes-apps/ansible/tasks/main.yml
 2017-06-19 12:12:45 -04:00
Raj Perera
eb91eab39a Extract kubectl commands to resource yaml files and use kube module 2017-06-19 11:00:26 -04:00
Raj Perera
e663c6b61a Address PR feedback. 
* Consolidate variable definitions to `kargo-defaults`.
* Set `AlwaysAllow` as the default authorization mode.
* Ability to set multiple authorization modes.
* Various style fixes and typos
 2017-06-19 10:24:56 -04:00
Seungkyu Ahn
91dff61008 Fixed helm bash complete 2017-06-19 15:33:50 +09:00
jwfang
36e3aae615 patch system:kube-dns clusterrole for get 2017-06-17 19:53:29 +08:00
jwfang
20cacc09ba fix rename 2017-06-17 16:22:58 +08:00
Raj Perera
b800f7bb07 Use kubectl patch 2017-06-16 12:29:13 -04:00
Raj Perera
9924a33d6f Replace static references to system namespace 2017-06-16 11:21:59 -04:00
Raj Perera
992a974b1e Merge branch 'rbac-kp' into rbac-script-cert 
# Conflicts:
#	roles/kubernetes-apps/ansible/tasks/main.yml
#	roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml
#	roles/kubernetes-apps/ansible/templates/kubedns-sa.yml
#	roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
#	roles/kubernetes/secrets/files/make-ssl.sh
 2017-06-16 11:11:12 -04:00
Raj Perera
0dc38ff9b3 Basic RBAC functionality. (Based from work done by @jwfang (#1351)) 
* Add a flag "authorization_method", when set to "RBAC" enables role based access control.
* Add required cluster roles and bindings for kube-dns
* Patch tiller deployment to use a service account with proper credentials.
* Add a flag to regenerate kubernetes certs on the nodes.
 2017-06-16 10:28:23 -04:00
jwfang
7c2816ba73 add label for kube-dns sa 2017-06-16 20:08:19 +08:00
jwfang
acbdfb08ce run kubedns as system:serviceaccount:kube-system:kube-dns; but dns does NOT work 2017-06-16 18:54:18 +08:00
Spencer Smith
efa2dff681 remove conditional 2017-05-12 17:16:49 -04:00
Spencer Smith
31a7b7d24e default to kubedns and set nxdomain in kubedns deployment if that's the dns_mode 2017-05-12 15:57:24 -04:00
moss2k13
791ea89b88 Updated helm installation 
Added full path for helm
 2017-05-08 09:27:06 +02:00
Aleksandr Didenko
883ba7aa90 Add support for different tags for netcheck containers 
Replace 'netcheck_tag' with 'netcheck_version' and add additional
'netcheck_server_tag' and 'netcheck_agent_tag' config options to
provide ability to use different tags for server and agent
containers.
 2017-04-27 17:15:28 +02:00
Aleksey Kasatkin
2638ab98ad add MY_NODE_NAME variable into netchecker-agent environment 2017-04-24 17:19:42 +03:00
Matthew Mosesohn
bc3068c2f9 Merge pull request #1251 from FengyunPan/fix-helm-home 
Specify a dir and attach it to helm for HELM_HOME
 2017-04-24 15:17:28 +03:00
FengyunPan
2bde9bea1c Specify a dir and attach it to helm for HELM_HOME 2017-04-21 10:51:27 +08:00
Spencer Smith
5c4980c6e0 Merge pull request #1231 from holser/fix_netchecker-server 
Reschedule netchecker-server in case of HW failure.
 2017-04-14 10:50:07 -04:00
Sergii Golovatiuk
45044c2d75 Reschedule netchecker-server in case of HW failure. 
Pod opbject is not reschedulable by kubernetes. It means that if node
with netchecker-server goes down, netchecker-server won't be scheduled
somewhere. This commit changes the type of netchecker-server to
Deployment, so netchecker-server will be scheduled on other nodes in
case of failures.
 2017-04-14 10:49:16 +02:00
Joe Duhamel
072b3b9d8c Update kubedns-autoscaler change target 
The target was a replicationcontroller but kubedns is currently a deployment
 2017-04-13 14:55:25 -04:00
Spencer Smith
9b3aa3451e Merge pull request #1218 from bradbeam/efkidempotent 
Fixing resource type for kibana
 2017-04-11 19:04:13 -04:00
Brad Beam
bd130315b6 Excluding bash completion for helm on CoreOS 2017-04-10 11:07:15 -05:00
Brad Beam
504711647e Fixing resource type for kibana 2017-04-10 11:01:12 -05:00
Matthew Mosesohn
75ea001bfe Merge pull request #1208 from mattymo/1.6-flannel 
Update to k8s 1.6 with flannel and centos fixes
 2017-04-06 13:04:02 +03:00
Matthew Mosesohn
ff2fb9196f Fix flannel for 1.6 and apply fixes to enable containerized kubelet 2017-04-06 10:06:21 +04:00
Sergii Golovatiuk
2670eefcd4 Refactoring resolv.conf 
- Renaming templates for netchecker
- Add dnsPolicy: ClusterFirstWithHostNet to kube-proxy

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
 2017-04-05 09:28:01 +02:00
Sergii Golovatiuk
1cfe0beac0 Set ClusterFirstWithHostNet for Pods with hostnetwork: true 
In kubernetes 1.6 ClusterFirstWithHostNet was added as an option. In
accordance to it kubelet will generate resolv.conf based on own
resolv.conf. However, this doesn't create 'options', thus the proper
solution requires some investigation.

This patch sets the same resolv.conf for kubelet as host

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
 2017-04-04 16:34:13 +02:00
Matthew Mosesohn
0f64f8db90 Merge pull request #1155 from mattymo/helm 
Add helm deployment
 2017-03-20 17:00:06 +03:00
Matthew Mosesohn
b69d4b0ecc Add helm deployment 2017-03-17 20:24:41 +03:00
Matthew Mosesohn
e1faeb0f6c Fix weave on RHEL deployment 
Reduce retry delay checking weave
Always load br_netfilter module
 2017-03-17 18:17:47 +03:00
Aleksandr Didenko
3a39904011 Move calico-policy-controller into separate role 
By default Calico CNI does not create any network access policies
or profiles if 'policy' is enabled in CNI config. And without any
policies/profiles network access to/from PODs is blocked.

K8s related policies are created by calico-policy-controller in
such case. So we need to start it as soon as possible, before any
real workloads.

This patch also fixes kube-api port in calico-policy-controller
yaml template.

Closes #1132
 2017-03-17 11:21:52 +01:00