Commit graph

829 commits

Author SHA1 Message Date
Marcelo Grebois
88765f62e6
Updating order
https://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use
2018-04-10 17:17:39 +02:00
Marcelo Grebois
4c12b273ac
Enabling MutatingAdmissionWebhook for Istio Automatic sidecar injection
https://istio.io/docs/setup/kubernetes/sidecar-injection.html#automatic-sidecar-injection
2018-04-09 12:49:05 +02:00
Daniel Hoherd
ca40d51bc6 Fix typos (no logic changes) 2018-04-05 15:54:58 -07:00
Chen Hong
973e7372b4 content: | 2018-04-04 23:05:27 +08:00
Chen Hong
b54e091886 Persist ip_vs modules 2018-04-04 18:18:51 +08:00
Andreas Krüger
2511e14289
Merge pull request #2346 from Miouge1/kube-scheduler-mode
Use legacy policy config to apply the scheduler policy
2018-04-04 10:20:51 +02:00
georgejdli
76bb5f8d75 check if dedicated service account token signing key exists 2018-04-02 10:57:24 -05:00
Andreas Krüger
ba24fe3226
Merge pull request #2570 from avoidik/transfer-cloud-configs
Move cloud config configurations to proper location
2018-04-02 10:31:38 +02:00
Matthew Mosesohn
3004791c64
Add pre-upgrade task for moving credentials file (#2394)
* Add pre-upgrade task for moving credentials file

This reverts commit 7ef9f4dfdd.

* add python interpreter workaround for localhost
2018-04-02 11:19:23 +03:00
Wong Hoi Sing Edison
5fe144aa0f ingress-nginx: container download related things should defined in the download role 2018-04-01 00:22:33 +08:00
Andreas Krüger
5b0da4279f
Merge pull request #2543 from hswong3i/cert-manager-0.2.3
Integrate jetstack/cert-manager 0.2.3 to Kubespray
2018-03-31 18:15:25 +02:00
Andreas Krüger
1ac978b8fa
Merge pull request #2567 from mirwan/node_labels_doc_plus_kube_ingress_handling
node_labels documentation and kube-ingress label definition as role_node_label
2018-03-31 18:05:52 +02:00
Wong Hoi Sing Edison
195d6d791a Integrate jetstack/cert-manager 0.2.3 to Kubespray 2018-03-31 19:29:11 +08:00
avoidik
aa301c31d1 Move credential checks into proper folder 2018-03-31 13:29:00 +03:00
Andreas Krüger
d9418b1dc4
Merge pull request #2554 from georgejdli/fix-sa-token-signing
Fix kubespray's ServiceAccount token signing keys
2018-03-31 09:59:22 +02:00
avoidik
15efdf0c16 Move credential checks 2018-03-31 03:26:37 +03:00
avoidik
ab8760cc83 Move credentials pre-check 2018-03-31 03:24:57 +03:00
avoidik
b6da596ec1 Move default configuration parameters for cloud-config 2018-03-31 03:18:23 +03:00
avoidik
3c12c6beb3 Move cloud config configurations to proper location 2018-03-31 02:59:59 +03:00
Erwan Miran
8ece922ef0 node_labels documentation + kube-ingress label handling as role_node_label 2018-03-31 00:36:11 +02:00
Andreas Krüger
887a468d32
Merge pull request #2562 from avoidik/fix-indexes-pr-2251
Fix kubecert_node.results indexes
2018-03-31 00:16:11 +02:00
Andreas Krüger
76cb37d6b5
Merge pull request #2544 from woopstar/cert-fix-2
Update openssl.conf to count better and work with Jinja 2.9
2018-03-30 21:57:17 +02:00
georgejdli
572ab650db copy dedicated service account token signing key for kubeadm migration 2018-03-30 13:03:32 -05:00
avoidik
72c2a8982b Fix kubecert_node.results indexes 2018-03-30 17:24:50 +03:00
Matthew Mosesohn
03bcfa7ff5
Stop templating kube-system namespace and creating it (#2545)
Kubernetes makes this namespace automatically, so there is
no need for kubespray to manage it.
2018-03-30 14:29:13 +03:00
Andreas Kruger
af5f376163 Revert 2018-03-30 11:42:20 +02:00
woopstar
004b0a3fcf Fix merge conflict 2018-03-30 11:38:59 +02:00
Andreas Kruger
4bb7d2b566 Merge branch 'master' of https://github.com/kubernetes-incubator/kubespray into cert-fix-2 2018-03-30 11:34:05 +02:00
Andreas Krüger
f619eb08b1
Merge pull request #2350 from whereismyjetpack/kubeadm-nodename
set nodeName to "{{ inventory_hostname }}" in kubeadm-config
2018-03-30 11:15:52 +02:00
RongZhang
5711074c5a
Merge pull request #2290 from mirwan/node_labels_from_inventory
Node labels definition in kubelet params from inventory
2018-03-30 03:42:52 -05:00
陈宏
4d85e3765e remove redundancy code 2018-03-30 09:19:00 +08:00
Kuldip Madnani
daeeae1a91 Added retries in pre-upgrade.yml and retries while applying kube-dns.yml (#2553)
* Added retries in pre-upgrade.yml and retries while applying kube-dns.yml

* Removed trailing spaces
2018-03-29 11:37:32 -05:00
georgejdli
c8f857eae4 configure kubespray to sign service account tokens with a dedicated and stable key 2018-03-29 09:50:31 -05:00
Andreas Krüger
270d21f5c1
Merge pull request #2540 from mattymo/cloud_config_timing
Write cloud-config during kubelet configuration
2018-03-29 09:12:18 +02:00
Andreas Kruger
bf29198efd Fix merge conflict 2018-03-29 09:11:13 +02:00
Kuldip Madnani
9ebbf1c3cd Added a fix in openssl.conf template to check if IP of loadbalncer is available or not. 2018-03-28 16:34:26 -05:00
woopstar
0b5404b2b7 Fix 2018-03-28 20:28:04 +02:00
woopstar
0df32b03ca Update openssl.conf to count better and work with Jinja 2.9 2018-03-28 17:48:56 +02:00
Matthew Mosesohn
72a4223884 Write cloud-config during kubelet configuration
This file should only be updated during kubelet upgrade so that
master components are not accidentally restarted first during
preinstall stage.
2018-03-28 16:26:36 +03:00
Andreas Krüger
03117d9572
Merge pull request #2488 from LuckySB/ingress-nginx-node-role
Dedicated node for ingress nginx controller
2018-03-28 14:07:40 +02:00
avoidik
e375678674 Set exact user for Kubelet services 2018-03-27 11:13:52 +03:00
Dann Bohn
1d0415a6cf fixes typo in kube_override_hostname for kubeadm 2018-03-24 13:29:07 -04:00
Dann Bohn
9fa995ac9d only sets nodeName in kubeadm-config when kube_override_hostname is set 2018-03-23 08:33:25 -04:00
Andreas Krüger
30e4b89837
Merge pull request #2504 from brtknr/patch-1
Update kube-apiserver.manifest.j2 and kubeadm-config.yaml.j2 to incorporate `endpoint-reconciler-type: lease`
2018-03-22 09:15:55 +01:00
Chad Swenson
9949782e96
Merge pull request #2489 from woopstar/token-fix-1
Only copy tokens if tokens_list contains any
2018-03-21 20:28:06 -05:00
Andreas Krüger
ff2b8e5e60
Merge pull request #2503 from woopstar/kubelet-fix-1
Fix duplicate --proxy-client-cert-file and --proxy-client-key-file
2018-03-21 10:03:31 +01:00
Erwan Miran
8b71ef8ceb Labels from role (node-role.k8s.io/node) and labels from inventory are merged into node-labels parameter in kubelet 2018-03-21 09:19:05 +01:00
mirwan
ee8f678010 Addition of the .creds extension to the credentials files generated by password lookup in order for Ansible not to consider them as inventory files with inventory_ignore_extensions set accordingly (#2446) 2018-03-21 10:50:32 +03:00
Bharat Kunwar
13e47e73c8
Update kubeadm-config.yaml.j2
As requested
2018-03-20 13:33:36 +00:00
Bharat Kunwar
d2fd7b7462
Update kube-apiserver.manifest.j2 2018-03-20 12:19:53 +00:00