C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
3142 commits 17 branches 66 tags 141 MiB
Commit graph

1110 commits

Author SHA1 Message Date
jwfang
6876f60f4c merge after rebase 2017-06-26 16:50:30 +08:00
jwfang
922ae45977 minor tune after merge @rajiteh's work 2017-06-26 16:44:24 +08:00
Raj Perera
f5c887a338 Whitespace fixes 2017-06-26 16:44:24 +08:00
Raj Perera
0816f620b9 Reverted leftover tasks from cert rotation functionality. 2017-06-26 16:44:24 +08:00
Raj Perera
a3760a8b84 Remove cert rotation code. Remove disclaimer for supported auth methods. 2017-06-26 16:44:24 +08:00
jwfang
d3ea13b3f0 kube-proxy use kubeconfig on kube-master 2017-06-26 16:44:24 +08:00
Raj Perera
d742a3953c Make rotate_kubernetes_certs default to false 2017-06-26 16:44:24 +08:00
Raj Perera
a22868e7d1 Extract kubectl commands to resource yaml files and use kube module 2017-06-26 16:44:24 +08:00
Raj Perera
971944ead4 Address PR feedback. 
* Consolidate variable definitions to `kargo-defaults`.
* Set `AlwaysAllow` as the default authorization mode.
* Ability to set multiple authorization modes.
* Various style fixes and typos
 2017-06-26 16:44:24 +08:00
jwfang
5c56085e03 replace insecure port with secure port for apiserver_endpoint on kube-masters 2017-06-26 16:43:27 +08:00
jwfang
525db1f109 patch system:kube-dns clusterrole for get 2017-06-26 16:43:27 +08:00
Raj Perera
442ebce3d8 Use kubectl patch 2017-06-26 16:42:47 +08:00
Raj Perera
5a86194038 Replace static references to system namespace 2017-06-26 16:42:47 +08:00
Raj Perera
c8a2fe321b Basic RBAC functionality. (Based from work done by @jwfang (#1351)) 
* Add a flag "authorization_method", when set to "RBAC" enables role based access control.
* Add required cluster roles and bindings for kube-dns
* Patch tiller deployment to use a service account with proper credentials.
* Add a flag to regenerate kubernetes certs on the nodes.
 2017-06-26 16:42:47 +08:00
jwfang
00e5fc8aa4 add label for kube-dns sa 2017-06-26 16:35:24 +08:00
jwfang
8e516e7a6c run kubedns as system:serviceaccount:kube-system:kube-dns; but dns does NOT work 2017-06-26 16:35:24 +08:00
jwfang
4a1a7bd078 node identified as system:node:<node-name> 2017-06-26 16:35:24 +08:00
jwfang
4fa142be0b certs for system:kube-controller-manager system:kube-scheduler 2017-06-26 16:35:24 +08:00
jwfang
8ed48f052c seperate kube-proxy certs for each node 2017-06-26 16:35:24 +08:00
jwfang
27e3998cb6 add kube-node to system:nodes group, add system:kube-proxy cert for kube-proxy 2017-06-26 16:35:24 +08:00
jwfang
4cfffba749 minor tune after merge @rajiteh's work 2017-06-21 11:30:15 +08:00
Raj Perera
27a10c9623 Whitespace fixes 2017-06-20 13:44:14 -04:00
Raj Perera
41298ccea5 Reverted leftover tasks from cert rotation functionality. 2017-06-20 13:29:31 -04:00
Raj Perera
d2131a8652 Merge branch 'rbac-kp' into rbac-script-cert 2017-06-20 00:54:43 -04:00
Raj Perera
e58d06ddd1 Remove cert rotation code. Remove disclaimer for supported auth methods. 2017-06-20 00:49:33 -04:00
jwfang
ba41d3ee55 kube-proxy use kubeconfig on kube-master 2017-06-20 10:54:02 +08:00
Raj Perera
4e95788e17 Make rotate_kubernetes_certs default to false 2017-06-19 13:20:25 -04:00
Raj Perera
cd143109fc Merge branch 'rbac-kp' into rbac-script-cert 
# Conflicts:
#	roles/kubernetes-apps/ansible/tasks/main.yml
 2017-06-19 12:12:45 -04:00
Raj Perera
eb91eab39a Extract kubectl commands to resource yaml files and use kube module 2017-06-19 11:00:26 -04:00
Raj Perera
e663c6b61a Address PR feedback. 
* Consolidate variable definitions to `kargo-defaults`.
* Set `AlwaysAllow` as the default authorization mode.
* Ability to set multiple authorization modes.
* Various style fixes and typos
 2017-06-19 10:24:56 -04:00
Seungkyu Ahn
91dff61008 Fixed helm bash complete 2017-06-19 15:33:50 +09:00
jwfang
c4fbf41220 replace insecure port with secure port for apiserver_endpoint on kube-masters 2017-06-19 14:01:35 +08:00
jwfang
36e3aae615 patch system:kube-dns clusterrole for get 2017-06-17 19:53:29 +08:00
jwfang
20cacc09ba fix rename 2017-06-17 16:22:58 +08:00
Raj Perera
b800f7bb07 Use kubectl patch 2017-06-16 12:29:13 -04:00
Raj Perera
9924a33d6f Replace static references to system namespace 2017-06-16 11:21:59 -04:00
Raj Perera
992a974b1e Merge branch 'rbac-kp' into rbac-script-cert 
# Conflicts:
#	roles/kubernetes-apps/ansible/tasks/main.yml
#	roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml
#	roles/kubernetes-apps/ansible/templates/kubedns-sa.yml
#	roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
#	roles/kubernetes/secrets/files/make-ssl.sh
 2017-06-16 11:11:12 -04:00
Raj Perera
0dc38ff9b3 Basic RBAC functionality. (Based from work done by @jwfang (#1351)) 
* Add a flag "authorization_method", when set to "RBAC" enables role based access control.
* Add required cluster roles and bindings for kube-dns
* Patch tiller deployment to use a service account with proper credentials.
* Add a flag to regenerate kubernetes certs on the nodes.
 2017-06-16 10:28:23 -04:00
jwfang
7c2816ba73 add label for kube-dns sa 2017-06-16 20:08:19 +08:00
jwfang
acbdfb08ce run kubedns as system:serviceaccount:kube-system:kube-dns; but dns does NOT work 2017-06-16 18:54:18 +08:00
jwfang
765a5ce1ab node identified as system:node:<node-name> 2017-06-16 17:15:37 +08:00
jwfang
0ee229488e certs for system:kube-controller-manager system:kube-scheduler 2017-06-16 14:21:21 +08:00
jwfang
8b58394d8c seperate kube-proxy certs for each node 2017-06-15 19:20:58 +08:00
jwfang
f3a4c31e66 add kube-node to system:nodes group, add system:kube-proxy cert for kube-proxy 2017-06-15 18:15:52 +08:00
Brad Beam
b73786c6d5 Merge pull request #1335 from bradbeam/imagerepo 
Set default value for kube_hyperkube_image_repo
 2017-06-12 09:46:17 -05:00
Brad Beam
db3e8edacd Fixing up vault variables 2017-06-08 16:15:33 -05:00
Brad Beam
6e41634295 Set default value for kube_hyperkube_image_repo 
Fixes #1334
 2017-06-08 12:22:16 -05:00
Brad Beam
780308c194 Merge pull request #1174 from jlothian/atomic-docker-restart 
Fix docker restart in atomic
 2017-06-07 12:05:32 -05:00
Brad Beam
696fd690ae Merge pull request #1092 from bradbeam/rkt_docker 
Adding flag for docker container in kubelet w/ rkt
 2017-06-06 12:58:40 -05:00
Spencer Smith
01c0ab4f06 check if cloud_provider is defined 2017-05-31 08:24:24 -04:00