Josh Conant
764ad6e099
Vault security hardening and role isolation
2017-02-08 21:41:36 +00:00
Josh Conant
1025d489ad
Adding the Vault role
2017-02-08 21:31:28 +00:00
Matthew Mosesohn
0ea7f94b0c
Merge pull request #994 from mattymo/docker_save
...
Change docker save compress level to 1
2017-02-08 15:13:15 +03:00
Matthew Mosesohn
ce3bee4eb8
Merge pull request #990 from mattymo/fix_cert_upgrade
...
Fix check for node-NODEID certs existence
2017-02-08 14:44:09 +03:00
Matthew Mosesohn
94407f86ff
Merge pull request #971 from bradbeam/efk
...
Adding EFK logging stack
2017-02-08 14:28:04 +03:00
Matthew Mosesohn
3c7952d7f1
Merge pull request #992 from vwfs/host_mount_dev
...
Host mount /dev for kubelet
2017-02-08 13:45:22 +03:00
Matthew Mosesohn
a4caceedef
Change docker save compress level to 1
...
Faster gzip improves CI deploy times by at least 2 mins.
Fixes #982
2017-02-08 13:25:11 +03:00
Matthew Mosesohn
0de857a18a
Merge pull request #987 from mattymo/etcd-retune
...
Re-tune ETCD performance params
2017-02-08 13:00:25 +03:00
Bogdan Dobrelya
320d03c01c
Merge pull request #956 from adidenko/update-netchecker
...
Update playbooks to support new netchecker
2017-02-08 10:09:46 +01:00
Alexander Block
08367f4abb
Host mount /dev for kubelet
2017-02-08 09:55:51 +01:00
Matthew Mosesohn
012bc49404
Fix check for node-NODEID certs existence
...
Fixes upgrade from pre-individual node cert envs.
2017-02-07 21:06:48 +03:00
Matthew Mosesohn
ad2e1e10bf
Re-tune ETCD performance params
...
Reduce election timeout to 5000ms (was 10000ms)
Raise heartbeat interval to 250ms (was 100ms)
Remove etcd cpu share (was 300)
Make etcd_cpu_limit and etcd_memory_limit optional.
2017-02-07 20:15:14 +03:00
Matthew Mosesohn
7bfade0fbb
Merge pull request #969 from mattymo/port_reserve
...
Prevent dynamic port allocation in nodePort range
2017-02-07 18:24:57 +03:00
Aleksandr Didenko
3b816ee660
Update playbooks to support new netchecker
...
Netchecker is rewritten in Go lang with some new args instead of
env variables. Also netchecker-server no longer requires kubectl
container. Updating playbooks accordingly.
2017-02-07 15:20:34 +01:00
Matthew Mosesohn
94c1b09ebd
Merge pull request #976 from holser/bug/975
...
Improve Weave
2017-02-06 22:48:13 +03:00
Matthew Mosesohn
7a9161d462
Prevent dynamic port allocation in nodePort range
...
kube_apiserver_node_port_range should be accessible only
to kube-proxy and not be taken by a dynamic port allocation.
Potentially temporary if https://github.com/kubernetes/kubernetes/issues/40920
gets fixed.
2017-02-06 20:01:16 +03:00
Matthew Mosesohn
ec899a10f5
Merge pull request #981 from kubernetes-incubator/revert-911-DROP_CAPS
...
Revert "Drop linux capabilities and rework users/groups"
2017-02-06 17:52:58 +03:00
Matthew Mosesohn
be24fab5d0
Revert "Drop linux capabilities and rework users/groups"
2017-02-06 15:58:54 +03:00
Sergii Golovatiuk
8503a5afea
Improve Weave
...
- Remove weave CPU limits from .gitlab-ci.yml. Closes : #975
- Fix weave version in documentation
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-06 13:24:40 +01:00
Bogdan Dobrelya
71e99e778d
Merge pull request #978 from rutsky/patch-1
...
remove extra `~`
2017-02-06 12:07:54 +01:00
Bogdan Dobrelya
d2c584f2ab
Merge pull request #977 from holser/bug/973
...
Add .swp .swo .swn to .gitignore
2017-02-06 12:07:07 +01:00
Bogdan Dobrelya
9d31173db4
Merge pull request #911 from bogdando/DROP_CAPS
...
Drop linux capabilities and rework users/groups
2017-02-06 12:05:51 +01:00
Vladimir Rutsky
d476d2f781
remove extra ~
2017-02-06 15:05:24 +04:00
Bogdan Dobrelya
4f02721fc8
Merge pull request #972 from kubernetes-incubator/update-roadmap
...
Update roadmap.md
2017-02-06 12:03:09 +01:00
Sergii Golovatiuk
1d0e9cb3b4
Add .swp .swo .swn to .gitignore
...
According to http://vimdoc.sourceforge.net/htmldoc/recover.html vim
creates .swo .swn .swp files. This patch adds them to .gitignore in all
directories recursively
Closes : #973
2017-02-06 12:00:49 +01:00
Antoine Legrand
3a1fd64d79
Update roadmap.md
2017-02-04 23:23:24 +01:00
Antoine Legrand
edcd91f7f6
Merge pull request #963 from rutsky/bastion-ansible-host
...
handle both 'ansible_host' and 'ansible_ssh_host' in bastion configration
2017-02-04 15:42:39 -05:00
Antoine Legrand
156b84071c
Merge pull request #968 from rutsky/remove-deprecated-ubuntu-bootstrap
...
remove deprecated ubuntu-bootstrap.yml script
2017-02-04 15:36:49 -05:00
Brad Beam
8218b9970f
Adding EFK logging stack
2017-02-03 16:27:08 -06:00
Vladimir Rutsky
2a6b885f2f
remove deprecated ubuntu-bootstrap.yml script
...
Signed-off-by: Vladimir Rutsky <rutsky.vladimir@gmail.com>
2017-02-03 15:02:17 +03:00
Bogdan Dobrelya
e53d3fe9c8
Merge pull request #949 from vmtyler/master
...
Fixes Support for OpenStack v3 credentials
2017-02-03 12:22:00 +01:00
Vladimir Rutsky
1711530cd4
handle both 'ansible_host' and 'ansible_ssh_host' in bastion configuration
...
'absible_ssh_host' is deprecated in Ansible 2.0 and at least
'contrib/inventory_builder/inventory.py' uses 'ansible_host' instead.
2017-02-02 18:34:53 +03:00
Matthew Mosesohn
b7cbd5b9c5
Merge pull request #927 from holser/nsenter_fix
...
Remove nsenter workaround
2017-02-02 18:18:15 +03:00
Matthew Mosesohn
b9869b7708
Merge pull request #901 from galthaus/dns-tweak
...
DHCP Hook protections
2017-02-02 16:47:16 +03:00
Sergii Golovatiuk
b610c1627e
Remove nsenter workaround
...
- Docker 1.12 and further don't need nsenter hack. This patch removes
it. Also, it bumps the minimal version to 1.12.
Closes #776
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-02 14:38:11 +01:00
Matthew Mosesohn
8731306889
Merge pull request #958 from holser/fix_weave_cpu
...
Fix CPU out of scope for Weave-net
2017-02-02 16:05:47 +03:00
Sergii Golovatiuk
83a90861ba
Fix weave-net after upgrade to 1.82
...
- Set recommended CPU settings
- Cleans up upgrade to weave 1.82. The original WeaveWorks
daemonset definition uses weave-net name.
- Limit DS creation to master
- Combined 2 tasks into one with better condition
2017-02-02 10:31:58 +01:00
Matthew Mosesohn
776e48e898
Merge pull request #957 from mattymo/weave-net-naming
...
Rename weave-kube to weave-net
2017-02-02 10:18:02 +03:00
Greg Althaus
0037d0e6b2
This continues the DHCP hook checks. Also protect the create side
...
if the system doesn't have any config files at all.
2017-01-31 09:56:27 -06:00
Matthew Mosesohn
82619b99ba
Merge pull request #951 from mattymo/k8s-certs-scale
...
Fix cert distribution at scale
2017-01-31 18:49:26 +03:00
Matthew Mosesohn
a0e50a12a6
Merge pull request #954 from artem-panchenko/improve_dnsmasq
...
Explicitly set config path for DNSMasq
2017-01-31 18:48:46 +03:00
Matthew Mosesohn
f85dbfffe9
Rename weave-kube to weave-net
...
Cleans up upgrade to weave 1.82. The original WeaveWorks
daemonset definition uses weave-net name.
2017-01-31 18:47:27 +03:00
Bogdan Dobrelya
595aa828b9
Merge pull request #955 from mattymo/disable-idempotency-check
...
Disable idempotency for ubuntu-weave-sep
2017-01-31 14:55:27 +01:00
Matthew Mosesohn
1011e416a7
Fix cert distribution at scale
...
Use stdin instead of bash args to pass node filenames and base64 data.
Use tempfile for master cert data
2017-01-31 16:27:45 +03:00
Matthew Mosesohn
14331d938c
Merge pull request #880 from bradbeam/weave-kube
...
Weave kube
2017-01-31 13:31:09 +03:00
Matthew Mosesohn
ba18b57438
Disable idempotency for ubuntu-weave-sep
...
CI is failing 40% of the time due to errors in reset.
Let's disable idempotency check per-patch until we fix it.
Fixes #953
2017-01-31 13:23:27 +03:00
Artem Panchenko
5ed8f686b3
Explicitly set config path for DNSMasq
...
When DNSMasq is configured to read its settings
from a folder ('-7' or '--conf-dir' option) it only
checks that the directory exists and doesn't fail if
it's empty. It could lead to a situation when DNSMasq
is running and handles requests, but not properly
configured, so some of queries can't be resolved.
2017-01-31 12:14:57 +02:00
Matthew Mosesohn
688cd1ffcc
Merge pull request #944 from tureus/skip-cloud-config-on-etcd
...
Bugfix: skip cloud_config on etcd
2017-01-30 20:12:36 +03:00
Bogdan Dobrelya
366a586d2a
Merge pull request #943 from bradbeam/cilint
...
Fixing lint check for ci
2017-01-30 09:19:44 +01:00
Antoine Legrand
d6d02c63df
Merge pull request #947 from bradbeam/libs
...
Consolidating kube.py module
2017-01-29 00:02:32 +01:00