Takashi Okamoto
ac639b2a17
Change kubeadm config to run etcd by kubeadm.
2018-08-28 01:24:25 +00:00
k8s-ci-robot
f97515352b
Merge pull request #3161 from nutellinoit/kube_proxy_nodeport_addresses
...
--nodeport-addresses added on kube-proxy.manifest.j2 and on k8s-cluster.yml
2018-08-25 02:00:19 -07:00
Samuele Chiocca
cb8be37f72
fix on v1alpha1
2018-08-24 11:19:06 +02:00
Samuele Chiocca
e5dd4e1e70
added on v1alpha1
2018-08-24 10:59:06 +02:00
Antoine Legrand
4882531c29
Merge pull request #3115 from oracle/oracle_oci_controller
...
Cloud provider support for OCI (Oracle Cloud Infrastructure)
2018-08-23 18:22:45 +02:00
Rong Zhang
f453567cce
Merge pull request #3144 from riverzhang/fix-audit-log
...
Fix install audit failed
2018-08-23 14:41:37 +08:00
rongzhang
5a4352657d
Fix install audit failed
...
1.fix audit log not write
2.fix Parameter not recognized
3.delete kubedm futuregates auditing and use apiServerExtraArgs
2018-08-23 01:47:15 +08:00
Samuele Chiocca
f13bc796d9
added nodePortAddresses on kubeadm conf v1alpha2 (not present on v1alpha1)
2018-08-22 18:43:03 +02:00
Erwan Miran
80cfeea957
psp, roles and rbs for PodSecurityPolicy when podsecuritypolicy_enabled is true
2018-08-22 18:16:13 +02:00
Jeff Bornemann
94df70be98
Cloud provider support for OCI (Oracle Cloud Infrastructure)
...
Signed-off-by: Jeff Bornemann <jeff.bornemann@oracle.com>
2018-08-21 17:36:42 -04:00
Andreas Krüger
497db69c9f
Merge pull request #3130 from riverzhang/add-control-plane
...
Add kubeadm controlplaneEndpoint
2018-08-20 10:43:50 +02:00
Andreas Krüger
c7de737551
Merge pull request #3133 from mirwan/auditlog_to_stdout_w_kubeadm
...
Audit log to stdout with kubeadm
2018-08-20 10:43:22 +02:00
Erwan Miran
fc38b6d0ca
Ability to define custom audit polcy rules
2018-08-20 07:04:56 +02:00
Erwan Miran
c34900e569
Define apiserver flags directly instead of relying on auditPolicy section in order to have the ability to redirect audit log to stdout with kubeadm
2018-08-20 07:00:53 +02:00
rongzhang
59176ebbb9
Add kubeadm controlplaneEndpoint
...
Nginx LB(default)
Other LB by kubeadm controlplane
2018-08-20 00:57:13 +08:00
Erwan Miran
54548d3b95
kubeadm mounts the hostpaths itself
2018-08-16 13:17:30 +02:00
Erwan Miran
58d4d65fab
minor variable fix and reuse + handle auditlog redirected to stdout
2018-08-16 12:51:09 +02:00
rongzhang
2ffc1afe40
Support audit
2018-08-16 14:38:07 +08:00
Rong Zhang
a11e1eba9e
Upgrade kubernetes to V1.11.x ( #3078 )
...
Upgrade Kubernetes to V1.11.2
The kubeadm configuration file version has been upgraded from v1alpha1 to v1alpha2
Add bootstrap kubeadm-config.yaml with external etcd
2018-08-14 15:13:44 +03:00
Robert Everson
4eadf3228e
Only add admission plugins if defined
2018-08-07 11:25:03 -07:00
Robert Everson
99c5aa5a02
Use k8s default plugin list
2018-08-07 11:25:03 -07:00
Robert Everson
6ed65d762b
Separate out plugins into 2 variables
2018-08-07 11:25:03 -07:00
Robert Everson
ac18f6cf8b
Add support for admission controllers in 1.10 and above
2018-08-07 11:25:03 -07:00
Rong Zhang
c288ffc55d
Merge pull request #2342 from southquist/add-ca-cert
...
allow for setting the cacert on openstack cloud provider
2018-08-07 17:46:01 +08:00
Aivars Sterns
72f053d9bb
Merge pull request #2972 from mattymo/force_cni_cp
...
Force copy cni files
2018-07-10 09:40:10 +03:00
Dao Hoang Son
d306c9708c
Remove step that force disable kube_basic_auth
.
...
The referenced issue (https://github.com/kubernetes/kubeadm/issues/441 ) has already been fixed.
2018-07-08 16:57:43 +07:00
Matthew Mosesohn
1a3b9dd864
Force copy cni files
2018-07-06 16:39:42 +03:00
Miouge1
2a279e30b0
CheckNodePIDPressure is not supported in v1.10
2018-06-28 20:10:38 +02:00
southquist
c685dc493f
allow for setting the cacert on openstack cloud provider
2018-06-28 16:00:13 +02:00
Andreas Krüger
cbb959151c
Merge pull request #2737 from Miouge1/update-scheduler
...
Update kube-scheduler policy
2018-06-19 14:53:22 +02:00
Matthew Mosesohn
61e97251a5
Improve variable handling for disabling etcd events cluster
2018-06-18 16:58:29 +03:00
Andreas Krüger
e60a63ea51
Merge pull request #2577 from woopstar/etcd-fix-4
...
Makeover of etcd- and etcd-cluster setup.
2018-05-16 20:49:54 +02:00
Matthew Mosesohn
7c93e71801
Upgrade k8s to 1.10.2 ( #2748 )
...
* Upgrade k8s to 1.10.2
Bumped etcd version to 3.2.16 as recommended
* Add ipvs fix for v1.10
* change flannel addons test to ha
2018-05-15 16:00:29 +03:00
Christopher J. Ruwe
73800ef111
make certificates non-executable
2018-05-15 07:54:32 +00:00
Miouge1
ad48606e4e
Restart scheduler when policy changes
2018-05-14 10:09:30 +02:00
Matthew Mosesohn
07cc981971
refactor vault role ( #2733 )
...
* Move front-proxy-client certs back to kube mount
We want the same CA for all k8s certs
* Refactor vault to use a third party module
The module adds idempotency and reduces some of the repetitive
logic in the vault role
Requires ansible-modules-hashivault on ansible node and hvac
on the vault hosts themselves
Add upgrade test scenario
Remove bootstrap-os tags from tasks
* fix upgrade issues
* improve unseal logic
* specify ca and fix etcd check
* Fix initialization check
bump machine size
2018-05-11 19:11:38 +03:00
Andreas Krüger
28d6eb6af1
Merge pull request #2644 from cp3hu/master
...
Fix apiserver manifest and kubelet for kube version < 1.9
2018-05-08 09:22:36 +02:00
Miouge1
70e0998a70
Update kube-scheduler policy
2018-05-03 21:56:51 +02:00
woopstar
4c81cd2a71
Merge branch 'master' of https://github.com/kubernetes-incubator/kubespray into etcd-fix-4
2018-05-02 14:45:58 +02:00
Suzuka Asagiri
f81e6d2ccf
Add oidc-user-prefix and oidc-group-prefix args
2018-04-23 12:23:59 +09:00
Chad Swenson
d87b6fd9f3
Use dedicated front-proxy-ca for front-proxy-client
2018-04-12 11:03:22 -05:00
Christian Phu
3535c29e59
Fix apiserver manifest for kube version < 1.9
2018-04-10 18:17:56 +02:00
Marcelo Grebois
88765f62e6
Updating order
...
https://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use
2018-04-10 17:17:39 +02:00
Marcelo Grebois
4c12b273ac
Enabling MutatingAdmissionWebhook for Istio Automatic sidecar injection
...
https://istio.io/docs/setup/kubernetes/sidecar-injection.html#automatic-sidecar-injection
2018-04-09 12:49:05 +02:00
Andreas Krüger
2511e14289
Merge pull request #2346 from Miouge1/kube-scheduler-mode
...
Use legacy policy config to apply the scheduler policy
2018-04-04 10:20:51 +02:00
woopstar
86e3506ae6
Etcd cluster setup makeover
...
The current way to setup the etc cluster is messy and buggy.
- It checks for cluster is healthy before the cluster is even created.
- The unit files are started on handlers, not in the task, so you mess with "flush handlers".
- The join_member.yml is not used.
- etcd events cluster is not configured for kubeadm
- remove duplicate runs between running the role on etcd nodes and k8s nodes
2018-04-01 21:38:33 +02:00
Wong Hoi Sing Edison
195d6d791a
Integrate jetstack/cert-manager 0.2.3 to Kubespray
2018-03-31 19:29:11 +08:00
Andreas Krüger
d9418b1dc4
Merge pull request #2554 from georgejdli/fix-sa-token-signing
...
Fix kubespray's ServiceAccount token signing keys
2018-03-31 09:59:22 +02:00
Andreas Krüger
76cb37d6b5
Merge pull request #2544 from woopstar/cert-fix-2
...
Update openssl.conf to count better and work with Jinja 2.9
2018-03-30 21:57:17 +02:00
georgejdli
572ab650db
copy dedicated service account token signing key for kubeadm migration
2018-03-30 13:03:32 -05:00