Commit graph

1770 commits

Author SHA1 Message Date
nhaveric
9b96fd7f5f kube-master: Use TLS for scheduler and controllers communications
This commit aims to enable the scheduler and controller-manager to
access the proper {{ kube_api_endpoint }}, instead of the
unauthenticated localhost port. Two aditionnal certs are generated
on master nodes, and kubeconfig files are added for both pods.
2017-06-23 17:26:22 +02:00
mperochon
638b80d8de calico/rr: removed dependancy on docker 2017-05-29 16:00:39 +02:00
Boris Zanetti
68bf1f1837 fix OSPF When check 2017-04-27 08:37:24 +02:00
Boris Zanetti
2cee161e67 Revert "docker: updating docker version maps"
This reverts commit e9421d983e.
2017-04-26 16:47:46 +02:00
Boris Zanetti
f82f822d12 BUGFIX: remove singlequote on --enforce-node-allocatable 2017-04-26 15:18:24 +02:00
nhaveric
e9421d983e docker: updating docker version maps 2017-04-25 16:11:39 +02:00
nhaveric
45aca56a3a docker: using dockerd instead of docker daemon 2017-04-25 14:53:35 +02:00
Boris Zanetti
fc68a5b5fd cleanup rebase from upstream 2017-04-24 20:07:50 +02:00
nhaveric
39915aec55 OSPF fix condition for OSPF export 2017-04-24 15:19:19 +02:00
Boris Zanetti
4aa208d58c bird: notify restart calico-rr when template change 2017-04-24 15:19:19 +02:00
Boris Zanetti
ce1dad35e4 OSPF remove unexpected : 'strict ptp yes' 2017-04-24 15:19:19 +02:00
Boris Zanetti
4959daefab OSPF replace file by copy in rr template 2017-04-24 15:19:19 +02:00
Boris Zanetti
77bc915aa1 add OSPF peering support 2017-04-24 15:19:19 +02:00
Boris Zanetti
9bc92320b7 rbac: add vars for system namespace name 2017-04-24 14:24:49 +02:00
Boris Zanetti
906b5546a0 fix of kubedns serviceaccount name for idempotency 2017-04-24 14:24:49 +02:00
Boris Zanetti
a807771d63 corrext idempotency issue with kubedns RBAC 2017-04-24 14:24:49 +02:00
Boris Zanetti
babc372d04 move fluentd rbac to yakow 2017-04-24 14:24:49 +02:00
Boris Zanetti
c1db6da4c1 add custom rbac role local root user 2017-04-24 14:24:49 +02:00
Boris Zanetti
7573181183 add custom rbac role for system:nodes 2017-04-24 14:24:49 +02:00
Boris Zanetti
f1d366779e move kubedns rbac to specific role 2017-04-24 14:24:49 +02:00
Boris Zanetti
8d898778f5 move to specific role 2017-04-24 14:24:49 +02:00
Boris Zanetti
eb8fc0fe83 first try of root RBAC 2017-04-24 14:24:23 +02:00
nhaveric
fec5bfde1f calico-node: added NODENAME var 2017-04-24 14:23:33 +02:00
nhaveric
9ca7c89e78 calico/rr: removed dependancy on docker 2017-04-24 14:23:33 +02:00
nhaveric
9ed9365db1 kubelet: added --node-ip option 2017-04-24 14:23:33 +02:00
nhaveric
dcf0360d8f master: removing agressive jinja newline stripping 2017-04-24 14:23:33 +02:00
nhaveric
043a874e74 make-ssl: fix subject for nodes 2017-04-24 14:22:13 +02:00
nhaveric
7c8be652e7 make-ssl: resolved merge conflict 2017-04-24 14:22:13 +02:00
Boris Zanetti
3843742e30 add system groups to certificates 2017-04-24 14:22:13 +02:00
Boris Zanetti
29d32e4125 kube-apiserver: add block for custom settings and option to remove insecure port 2017-04-24 14:22:13 +02:00
nhaveric
76c92aaa17 Two fixes to be able to deploy in our environment. 2017-04-24 14:22:13 +02:00
Spencer Smith
502f2f040d Merge pull request #1249 from rsmitty/master
add some known tweaks that need to be made for coreos to docs
2017-04-20 18:40:25 -04:00
Spencer Smith
c0c10a97e7 Merge pull request #1248 from rsmitty/aws-resolver
allow for correct aws default resolver
2017-04-20 11:25:40 -04:00
Spencer Smith
5a7c50027f add some known tweaks that need to be made for coreos 2017-04-20 11:14:41 -04:00
Spencer Smith
88b5065e7d fix stray 'in' and break into multiple lines for clarity 2017-04-20 09:53:01 -04:00
Spencer Smith
b690008192 allow for correct aws default resolver 2017-04-20 09:32:03 -04:00
Matthew Mosesohn
2d6bc9536c Merge pull request #1246 from holser/disable_dns_for_kube_services
Change DNS policy for kubernetes components
2017-04-20 16:12:52 +03:00
Sergii Golovatiuk
01dc6b2f0e Add aws to default_resolver
When VPC is used, external DNS might not be available. This patch change
behavior to use metadata service instead of external DNS when
upstream_dns_servers is not specified.

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-04-20 11:47:19 +02:00
Sergii Golovatiuk
d8aa2d0a9e Change DNS policy for kubernetes components
According to code apiserver, scheduler, controller-manager, proxy don't
use resolution of objects they created. It's not harmful to change
policy to have external resolver.

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-04-20 11:22:57 +02:00
Matthew Mosesohn
19bb97d24d Merge pull request #1238 from Starefossen/fix/namespace-template-file
Move namespace file to template directory
2017-04-20 12:19:55 +03:00
Matthew Mosesohn
9f4f168804 Merge pull request #1241 from bradbeam/rktcnidir
Explicitly create cni bin dir
2017-04-20 12:19:26 +03:00
Matthew Mosesohn
82e133b382 Merge pull request #1235 from JustinAzoff/patch-1
Fix IPS array variable expansion
2017-04-20 12:08:49 +03:00
Matthew Mosesohn
cf3083d68e Merge pull request #1239 from mattymo/resettags
Add tags to reset playbook and make iptables flush optional
2017-04-20 11:35:08 +03:00
Sergii Golovatiuk
e796cdbb27 Fix restart kube-controller (#1242)
kubernetesUnitPrefix was changed to k8s_* in 1.5. This patch reflects
this change in kargo
2017-04-20 11:26:01 +03:00
Matthew Mosesohn
2d44582f88 Add tags to reset playbook and make iptables flush optional
Fixes #1229
2017-04-19 19:32:18 +03:00
Spencer Smith
2a61344c03 Merge pull request #1236 from mattymo/minupgrade
Add minimal k8s upgrade playbook
2017-04-19 12:05:39 -04:00
Spencer Smith
77c6aad1b5 Merge pull request #1237 from Starefossen/chore/remove-dot-bak
Remove and ignore .bak files
2017-04-19 12:03:41 -04:00
Brad Beam
b60a897265 Explicitly create cni bin dir
If this path doesnt exist, it will cause kubelet to fail to start when
using rkt
2017-04-19 16:00:44 +00:00
Hans Kristian Flaatten
fdd41c706a
Remove and ignore .bak files 2017-04-19 13:37:23 +02:00
Hans Kristian Flaatten
d68cfeed6e
Move namespace file to template directory 2017-04-19 13:37:02 +02:00