Commit graph

10 commits

Author SHA1 Message Date
jwfang
8ed48f052c seperate kube-proxy certs for each node 2017-06-26 16:35:24 +08:00
jwfang
27e3998cb6 add kube-node to system:nodes group, add system:kube-proxy cert for kube-proxy 2017-06-26 16:35:24 +08:00
Matthew Mosesohn
fad22bae97 More idempotency fixes
Fixed sync_tokens fact
Fixed sync_certs for k8s tokens fact
Disabled register docker images changability
Fixed CNI dir permission
Fix idempotency for etcd pre upgrade checks
2017-03-15 19:06:39 +03:00
Matthew Mosesohn
7e1aa3b43b Use find module for checking for certificates
Also generate certs only when absent on master (rather than
when absent on target node)
2017-03-03 16:21:01 +03:00
Matthew Mosesohn
51a6ec836e Merge branch 'master' into synthscale 2017-02-21 22:17:43 +03:00
Matthew Mosesohn
5419c98eb1 Add no_log to cert tar tasks
This works around 4MB limit for gitlab CI runner.
2017-02-18 14:09:57 +04:00
Andrew Greenwood
756003a30e Cleanup legacy syntax, spacing, files all to yml
Migrate older inline= syntax to pure yml syntax for module args as to be consistant with most of the rest of the tasks
Cleanup some spacing in various files
Rename some files named yaml to yml for consistancy
2017-02-17 16:22:34 -05:00
Matthew Mosesohn
02736d1ff0 Fix references to CoreOS and Container Linux by CoreOS
Fixes #967
2017-02-16 19:25:17 +03:00
Vladimir Rutsky
fff8780a51 set "check_mode: no" for read-only "shell" steps that registers result
"shell" step doesn't support check mode, which currently leads to failures,
when Ansible is being run in check mode (because Ansible doesn't run command,
assuming that command might have effect, and no "rc" or "output" is registered).

Setting "check_mode: no" allows to run those "shell" commands in check mode
(which is safe, because those shell commands doesn't have side effects).
2017-02-13 18:53:41 +03:00
Josh Conant
764ad6e099 Vault security hardening and role isolation 2017-02-08 21:41:36 +00:00
Renamed from roles/kubernetes/secrets/tasks/gen_certs.yml (Browse further)