Simon Li
7c2b12ebd7
Insert a newline in bastion after ProxyCommand conditional
2017-09-18 16:29:12 +01:00
Matthew Mosesohn
ef8e35e39b
Create admin credential kubeconfig ( #1647 )
...
New files: /etc/kubernetes/admin.conf
/root/.kube/config
$GITDIR/artifacts/{kubectl,admin.conf}
Optional method to download kubectl and admin.conf if
kubeconfig_lcoalhost is set to true (default false)
2017-09-18 13:30:57 +01:00
Matthew Mosesohn
975accbe1d
just use public_ip in creating gce temporary waitfor hosts ( #1646 )
...
* just use public_ip in creating gce temporary waitfor hosts
* Update create-gce.yml
2017-09-18 13:24:57 +01:00
Brad Beam
aaa27d0a34
Adding quotes around parameters in cloud_config ( #1664 )
...
This is to help support escapes and special characters
2017-09-16 08:43:47 +01:00
Kevin Lefevre
9302ce0036
Enhanced OpenStack cloud provider ( #1627 )
...
- Enable Cinder API version for block storage
- Enable floating IP for LBaaS
2017-09-16 08:43:24 +01:00
Matthew Mosesohn
0aab3c97a0
Add all-in-one CI mode and make coreos test aio ( #1665 )
2017-09-15 22:28:37 +01:00
Matthew Mosesohn
8e731337ba
Enable HA deploy of kubeadm ( #1658 )
...
* Enable HA deploy of kubeadm
* raise delay to 60s for starting gce hosts
2017-09-15 22:28:15 +01:00
Matthew Mosesohn
b294db5aed
fix apply for netchecker upgrade ( #1659 )
...
* fix apply for netchecker upgrade and graceful upgrade
* Speed up daemonset upgrades. Make check wait for ds upgrades.
2017-09-15 13:19:37 +01:00
Matthew Mosesohn
8d766a2ca9
Enable ssh opts by in config, set 100 connection retries ( #1662 )
...
Also update to ansible 2.3.2
2017-09-15 10:19:36 +01:00
Brad Beam
f2ae16e71d
Merge pull request #1651 from bradbeam/vaultnocontent
...
Fixing condition where vault CA already exists
2017-09-14 17:04:15 -05:00
Brad Beam
ac281476c8
Prune unnecessary certs from vault setup ( #1652 )
...
* Cleaning up cert checks for vault
* Removing all unnecessary etcd certs from each node
* Removing all unnecessary kube certs from each node
2017-09-14 12:28:11 +01:00
Brad Beam
4b587aaf99
Adding ability to specify altnames for vault cert ( #1640 )
2017-09-14 07:19:44 +01:00
Kyle Bai
016301508e
Update to Kubernetes v1.7.5 ( #1649 )
2017-09-14 07:18:03 +01:00
Matthew Mosesohn
6744726089
kubeadm support ( #1631 )
...
* kubeadm support
* move k8s master to a subtask
* disable k8s secrets when using kubeadm
* fix etcd cert serial var
* move simple auth users to master role
* make a kubeadm-specific env file for kubelet
* add non-ha CI job
* change ci boolean vars to json format
* fixup
* Update create-gce.yml
* Update create-gce.yml
* Update create-gce.yml
2017-09-13 19:00:51 +01:00
Brad Beam
0a89f88b89
Fixing condition where CA already exists
2017-09-13 03:40:46 +00:00
Brad Beam
69fac8ea58
Merge pull request #1634 from bradbeam/calico_cni
...
fix for calico cni plugin node name
2017-09-11 22:18:06 -05:00
Brad Beam
a51104e844
Merge pull request #1648 from kubernetes-incubator/mattymo-patch-1
...
Update getting-started.md
2017-09-11 17:55:51 -05:00
Matthew Mosesohn
943aaf84e5
Update getting-started.md
2017-09-11 12:47:04 +03:00
Seungkyu Ahn
e8bde03a50
Setting kubectl bin directory ( #1635 )
2017-09-09 23:54:13 +03:00
Matthew Mosesohn
75b13caf0b
Fix kube-apiserver status checks when changing insecure bind addr ( #1633 )
2017-09-09 23:41:48 +03:00
Matthew Mosesohn
0f231f0e76
Improve method to create and wait for gce instances ( #1645 )
2017-09-09 23:41:31 +03:00
Matthew Mosesohn
5d99fa0940
Purge old upgrade hooks and unused tasks ( #1641 )
2017-09-09 23:41:20 +03:00
Matthew Mosesohn
649388188b
Fix netchecker update side effect ( #1644 )
...
* Fix netchecker update side effect
kubectl apply should only be used on resources created
with kubectl apply. To workaround this, we should apply
the old manifest before upgrading it.
* Update 030_check-network.yml
2017-09-09 23:38:38 +03:00
Matthew Mosesohn
9fa1873a65
Add kube dashboard, enabled by default ( #1643 )
...
* Add kube dashboard, enabled by default
Also add rbac role for kube user
* Update main.yml
2017-09-09 23:38:03 +03:00
Matthew Mosesohn
f2057dd43d
Refactor downloads ( #1642 )
...
* Refactor downloads
Add prefixes to tasks (file vs container)
Remove some delegates
Clean up some conditions
* Update ansible.cfg
2017-09-09 23:32:12 +03:00
Brad Beam
eeffbbb43c
Updating calicocni.hostname to calicocni.nodename
2017-09-08 12:47:40 +00:00
Brad Beam
aaa0105f75
Flexing calicocni.hostname based on cloud provider
2017-09-08 12:47:40 +00:00
Matthew Mosesohn
f29a42721f
Clean up debug in check apiserver test ( #1638 )
...
* Clean up debug in check apiserver test
* Change password generation for kube_user
Special characters are not allowed in known_users.csv file
2017-09-08 15:47:13 +03:00
Matthew Mosesohn
079d317ade
Default is_atomic to false ( #1637 )
2017-09-08 15:00:57 +03:00
Matthew Mosesohn
6f1fd12265
Revert "Add option for fact cache expiry" ( #1636 )
...
* Revert "Add option for fact cache expiry (#1602 )"
This reverts commit fb30f65951
.
2017-09-08 10:19:58 +03:00
Maxim Krasilnikov
e16b57aa05
Store vault users passwords to credentials dir. Create vault and etcd roles after start vault cluster ( #1632 )
2017-09-07 23:30:16 +03:00
Yorgos Saslis
fb30f65951
Add option for fact cache expiry ( #1602 )
...
* Add option for fact cache expiry
By adding the `fact_caching_timeout` we avoid having really stale/invalid data ending up in there.
Leaving commented out by default, for backwards compatibility, but nice to have there.
* Enabled cache-expiry by default
Set to 2 hours and modified comment to reflect change
2017-09-07 23:29:27 +03:00
Tennis Smith
a47aaae078
Add bastion host definitions ( #1621 )
...
* Add comment line and documentation for bastion host usage
* Take out unneeded sudo parm
* Remove blank lines
* revert changes
* take out disabling of strict host checking
2017-09-07 23:26:52 +03:00
Matthew Mosesohn
7117614ee5
Use a generated password for kube user ( #1624 )
...
Removed unnecessary root user
2017-09-06 20:20:25 +03:00
Chad Swenson
e26aec96b0
Consolidate kube-proxy module and sysctl loading ( #1586 )
...
This sets br_netfilter and net.bridge.bridge-nf-call-iptables sysctl from a single play before kube-proxy is first ran instead of from the flannel and weave network_plugin roles after kube-proxy is started
2017-09-06 15:11:51 +03:00
Sam Powers
c60d104056
Update checksums (etcd calico calico-cni weave) to fix uploads.yml ( #1584 )
...
the uploads.yml playbook was broken with checksum mismatch errors in
various kubespray commits, for example, 3bfad5ca73
which updated the version from 3.0.6 to 3.0.17 without updating the
corresponding checksums.
2017-09-06 15:11:13 +03:00
Oliver Moser
e6ff8c92a0
Using 'hostnamectl' to set unconfigured hostname on CoreOS ( #1600 )
2017-09-06 15:10:52 +03:00
Maxim Krasilnikov
9bce364b3c
Update auth enabled methods in group_vars example ( #1625 )
2017-09-06 15:10:18 +03:00
Chad Swenson
cbaa2b5773
Retry Remove all Docker containers in reset ( #1623 )
...
Due to various occasional docker bugs, removing a container will sometimes fail. This can often be mitigated by trying again.
2017-09-06 14:23:16 +03:00
Matthieu
0453ed8235
Fix an error with Canal when RBAC are disabled ( #1619 )
...
* Fix an error with Canal when RBAC are disabled
* Update using same rbac strategy used elsewhere
2017-09-06 11:32:32 +03:00
Brad Beam
a341adb7f3
Updating CN for node certs generated by vault ( #1622 )
...
This allows the node authorization plugin to function correctly
2017-09-06 10:55:08 +03:00
Matthew Mosesohn
4c88ac69f2
Use kubectl apply instead of create/replace ( #1610 )
...
Disable checks for existing resources to speed up execution.
2017-09-06 09:36:54 +03:00
Brad Beam
85c237bc1d
Merge pull request #1607 from chapsuk/vault_roles
...
Vault role updates
2017-09-05 11:48:41 -05:00
Tennis Smith
35d48cc88c
Point apiserver address to 0.0.0.0 ( #1617 )
...
* Point apiserver address to 0.0.0.0
Added loadbalancer api server address
* Update documentation
2017-09-05 18:41:47 +03:00
mkrasilnikov
957b7115fe
Remove node name from kube-proxy and admin certificates
2017-09-05 14:40:26 +03:00
Yorgos Saslis
82eedbd622
Update ansible inventory file when template changes ( #1612 )
...
This trigger ensures the inventory file is kept up-to-date. Otherwise, if the file exists and you've made changes to your terraform-managed infra without having deleted the file, it would never get updated.
For example, consider the case where you've destroyed and re-applied the terraform resources, none of the IPs would get updated, so ansible would be trying to connect to the old ones.
2017-09-05 14:10:53 +03:00
mkrasilnikov
b930b0ef5a
Place vault role credentials only to vault group hosts
2017-09-05 11:16:18 +03:00
mkrasilnikov
ad313c9d49
typo fix
2017-09-05 09:07:36 +03:00
mkrasilnikov
06035c0f4e
Change vault CI CLOUD_MACHINE_TYPE to n1-standard-2
2017-09-05 09:07:36 +03:00
mkrasilnikov
e1384f6618
Using issue cert result var instead hostvars
2017-09-05 09:07:36 +03:00