Commit graph

1825 commits

Author SHA1 Message Date
Raj Perera
992a974b1e Merge branch 'rbac-kp' into rbac-script-cert
# Conflicts:
#	roles/kubernetes-apps/ansible/tasks/main.yml
#	roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml
#	roles/kubernetes-apps/ansible/templates/kubedns-sa.yml
#	roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
#	roles/kubernetes/secrets/files/make-ssl.sh
2017-06-16 11:11:12 -04:00
Raj Perera
0dc38ff9b3 Basic RBAC functionality. (Based from work done by @jwfang (#1351))
* Add a flag "authorization_method", when set to "RBAC" enables role based access control.
* Add required cluster roles and bindings for kube-dns
* Patch tiller deployment to use a service account with proper credentials.
* Add a flag to regenerate kubernetes certs on the nodes.
2017-06-16 10:28:23 -04:00
jwfang
7c2816ba73 add label for kube-dns sa 2017-06-16 20:08:19 +08:00
jwfang
acbdfb08ce run kubedns as system:serviceaccount:kube-system:kube-dns; but dns does NOT work 2017-06-16 18:54:18 +08:00
jwfang
765a5ce1ab node identified as system:node:<node-name> 2017-06-16 17:15:37 +08:00
jwfang
0ee229488e certs for system:kube-controller-manager system:kube-scheduler 2017-06-16 14:21:21 +08:00
jwfang
8b58394d8c seperate kube-proxy certs for each node 2017-06-15 19:20:58 +08:00
jwfang
f3a4c31e66 add kube-node to system:nodes group, add system:kube-proxy cert for kube-proxy 2017-06-15 18:15:52 +08:00
Brad Beam
b73786c6d5 Merge pull request #1335 from bradbeam/imagerepo
Set default value for kube_hyperkube_image_repo
2017-06-12 09:46:17 -05:00
Brad Beam
eacc42fedd Merge pull request #1240 from bradbeam/vaultfixup
Fixing up vault variables
2017-06-08 22:33:03 -05:00
Brad Beam
db3e8edacd Fixing up vault variables 2017-06-08 16:15:33 -05:00
Brad Beam
6e41634295 Set default value for kube_hyperkube_image_repo
Fixes #1334
2017-06-08 12:22:16 -05:00
Spencer Smith
ef3c2d86d3 Merge pull request #1327 from rsmitty/coreos-testing-update
use latest coreos-stable for testing to avoid upgrades during deployment
2017-06-07 16:31:23 -07:00
Brad Beam
780308c194 Merge pull request #1174 from jlothian/atomic-docker-restart
Fix docker restart in atomic
2017-06-07 12:05:32 -05:00
Brad Beam
696fd690ae Merge pull request #1092 from bradbeam/rkt_docker
Adding flag for docker container in kubelet w/ rkt
2017-06-06 12:58:40 -05:00
Spencer Smith
d323501c7f Merge pull request #1328 from kevinjqiu/coreos-vagrant
Support provisioning vagrant k8s clusters with coreos
2017-06-05 14:30:49 -07:00
Kevin Jing Qiu
66d8b2c18a Specify coreos vagrant box url 2017-06-04 11:31:39 -04:00
Kevin Jing Qiu
6d8a415b4d Update doc on Vagrant local override file 2017-06-02 20:09:37 -04:00
Kevin Jing Qiu
dad268a686 Add default ssh user for different OSes 2017-06-02 19:51:09 -04:00
Kevin Jing Qiu
e7acc2fddf Update doc for Vagrant install 2017-06-02 19:03:43 -04:00
Kevin Jing Qiu
6fb17a813c Support provisioning vagrant k8s clusters with coreos 2017-06-02 18:53:47 -04:00
Spencer Smith
11ede9f872 use latest coreos-stable for testing to avoid upgrades during deployment 2017-06-02 12:24:54 -04:00
Spencer Smith
6ac1c1c886 Merge pull request #1320 from rsmitty/centos-cert-fix
check if cloud_provider is defined
2017-05-31 11:54:15 -04:00
Spencer Smith
01c0ab4f06 check if cloud_provider is defined 2017-05-31 08:24:24 -04:00
Spencer Smith
7713f35326 Merge pull request #1317 from mtsr/versionlock
Adds note on versionlock to README
2017-05-30 14:37:21 -04:00
Spencer Smith
7220b09ff9 Merge pull request #1315 from rsmitty/hostnames-upgrade
Resolve upgrade issues
2017-05-30 11:40:19 -04:00
Spencer Smith
b7298ef51a Merge pull request #1313 from rsmitty/centos-cert-path
add direct path for cert in AWS with RHEL family
2017-05-30 11:37:37 -04:00
Jonas Matser
9b18c073b6 Adds note on versionlock to README
Note to users that auto-updates break clusters that don't lock the docker version somehow.
2017-05-28 20:55:44 +02:00
Spencer Smith
dd89e705f2 don't uncordon masters 2017-05-26 17:48:56 -04:00
Spencer Smith
56b86bbfca inventory hostname for cordoning/uncordoning 2017-05-26 17:47:25 -04:00
Spencer Smith
7e2aafcc76 add direct path for cert in AWS with RHEL family 2017-05-26 17:32:50 -04:00
Spencer Smith
11c774b04f Merge pull request #1306 from rsmitty/scale-up
add scale.yml to do minimum needed for a node bootstrap
2017-05-25 18:51:09 -04:00
Spencer Smith
6ba926381b Merge pull request #1309 from jhunthrop/router-peering
adding --skip-exists flag for peer_with_router
2017-05-25 18:50:54 -04:00
Justin Hunthrop
af55e179c7 adding --skip-exists flag for peer_with_router 2017-05-25 14:29:18 -05:00
Spencer Smith
18a42e4b38 add scale.yml to do minimum needed for a node bootstrap 2017-05-24 15:49:21 -04:00
Spencer Smith
a10ccadb54 Merge pull request #1300 from rsmitty/dynamic-inventory-aws
Added dynamic inventory for AWS as contrib
2017-05-23 12:57:51 -04:00
Spencer Smith
15fee582cc Merge pull request #1305 from zouyee/master
upgrade k8s version to 1.6.4
2017-05-23 12:52:13 -04:00
zoues
43408634bb Merge branch 'master' into master 2017-05-23 09:32:28 +08:00
zouyee
d47fce6ce7 upgrade k8s version to 1.6.4 2017-05-23 09:30:03 +08:00
Matthew Mosesohn
9e64267867 Merge pull request #1293 from mattymo/kubelet_host_mode
Add host-based kubelet deployment
2017-05-19 18:07:39 +03:00
Josh Lothian
7ae5785447 Removed the other unused handler
With live-restore: true, we don't need a special docker restart
2017-05-19 09:50:10 -05:00
Josh Lothian
ef8d3f684f Remove unused handler
Previous patch removed the step that sets live-restore
back to false, so don't try to notify that handler any more
2017-05-19 09:45:46 -05:00
Matthew Mosesohn
cc6e3d14ce Add host-based kubelet deployment
Kubelet gets copied from hyperkube container and run locally.
2017-05-19 16:54:07 +03:00
Spencer Smith
83f44b1ac1 Added example json 2017-05-18 17:57:30 -04:00
Spencer Smith
1f470eadd1 Added dynamic inventory for AWS as contrib 2017-05-18 17:52:44 -04:00
Spencer Smith
005b01bd9a Merge pull request #1299 from bradbeam/kubelet
Minor kubelet updates
2017-05-18 12:52:43 -04:00
Josh Lothian
6f67367b57 Leave 'live-restore' false
Leave live-restore false to updates always pick
up new network configuration
2017-05-17 14:31:49 -05:00
Josh Lothian
9ee0600a7f Update handler names and explanation 2017-05-17 14:31:49 -05:00
Josh Lothian
30cc7c847e Reconfigure docker restart behavior on atomic
Before restarting docker, instruct it to kill running
containers when it restarts.

Needs a second docker restart after we restore the original
behavior, otherwise the next time docker is restarted by
an operator, it will unexpectedly bring down all running
containers.
2017-05-17 14:31:49 -05:00
Josh Lothian
a5bb24b886 Fix docker restart in atomic
In atomic, containers are left running when docker is restarted.
When docker is restarted after the flannel config is put in place,
the docker0 interface isn't re-IPed because docker sees the running
containers and won't update the previous config.

This patch kills all the running containers after docker is stopped.
We can't simply `docker stop` the running containers, as they respawn
before we've got a chance to stop the docker daemon, so we need to
use runc to do this after dockerd is stopped.
2017-05-17 14:31:49 -05:00