Commit graph

2660 commits

Author SHA1 Message Date
Bogdan Dobrelya
278ac08087 Fix HA docs API access endpoints explained (#2126)
* Fix HA docs API access endpoints explained

Follow-up commit 81347298a3
and fix the endpoint value provided in HA docs.

Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>

* Clarify internal LB with external LB use case

* Clarify how to use both internal and external, non-cluster aware and
  not managed with Kubespray, LB solutions.
* Clarify the requirements, like TLS/SSL termination, for such an external LB.
  Unlike to the 'cluster-aware' external LB config, endpoints' security must be
  managed by that non-cluster aware external LB.
* Note that masters always contact their local apiservers via https://bip:sp.
  It's highly unlikely to go down and it reduces latency that might be
  introduced when going host->lb->host. Only computes go that path.

Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>

* Add a note for supplementary_addresses_in_ssl_keys

Explain how to benefit from supplementary_addresses_in_ssl_keys

Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2018-01-09 16:01:50 +03:00
neith00
88204642b7
updated weave to 2.1.3 2018-01-09 13:50:42 +01:00
Matthew Mosesohn
1401286910
Add support for cert alt names for etcd (#2139)
* Add support for cert alt names for etcd

* Update gen_certs_vault.yml
2018-01-09 14:37:34 +03:00
Lukasz Piatkowski
12eb242224 fix fluentd template 2018-01-08 13:40:47 +00:00
Ronald Rivera
8f36a02998 Merge branch 'master' of https://github.com/riverron/kubespray 2018-01-07 15:40:34 +00:00
Ronald Rivera
88f9e25f76 Updated with correct syntax to access default_tags variable. 2018-01-07 15:39:58 +00:00
Ron Rivera
dba1c13954 Updated with correct syntax to access default_tags variable. 2018-01-07 14:57:14 +00:00
Philippe Chepy
df9faa1743 Add support for flex volumes plugins. 2018-01-05 17:56:36 +01:00
ArchiFleKs
74fd975b57 run terraform FMT for readability 2018-01-05 12:09:04 +01:00
ArchiFleKs
ce85bcaee7 Simplify and update OpenStack cloud provider
Simplify the number of variables necessary to "just" enable OpenStack
cloud provider. Also add the new options available in K8s 1.9.
2018-01-05 12:05:24 +01:00
ArchiFleKs
6eb6e806e7 Update Terraform docs and authentication method
Hardcoded variables are removed from variables.tf file because it might
not be suitable for all OpenStack Cloud depending on Identity API
version available (between v2 or v3) and preferred authentication
method.
2018-01-05 11:25:37 +01:00
rong.zhang
6ed2a60978 fix run dashboard error 2018-01-04 13:13:36 +08:00
Brad Beam
fd04c14260
Merge pull request #2127 from spiffxp/follow-cla-doc
Follow CLA doc to kubernetes/community
2018-01-03 19:19:34 -06:00
Aaron Crickenberger
10a5273f07 Follow CLA doc to kubernetes/community 2018-01-03 16:48:53 -08:00
Bogdan Dobrelya
bac3bf1a5f
Fix auto-evaluated API access endpoint for bind IP (#2086)
Auto configure API access endpoint with a custom bind IP, if provided.
Fix HA docs' http URLs are https in fact, clarify the insecure vs secure
API access modes as well.

Closes: #issues/2051

Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2018-01-03 17:40:21 +01:00
RongZhang
e3b684df21
Remove blank lines
Remove blank lines
2018-01-03 00:54:04 -06:00
Steve Mitchell
e45b30d033 Add etcd key and cert environment variables for use with client auth 2018-01-02 13:52:17 -05:00
Matthew Mosesohn
ad6fecefa8
Update Kubernetes to v1.9.0 (#2100)
Update checksum for kubeadm
Use v1.9.0 kubeadm params
Include hash of ca.crt for kubeadm join
Update tag for testing upgrades
Add workaround for testing upgrades
Remove scale CI scenarios because of slow inventory parsing
in ansible 2.4.x.

Change region for tests to us-central1 to
improve ansible performance
2017-12-25 08:57:45 +00:00
Jan Jungnickel
3fdb2ccf55 Revert back to using an empty var as default to exclude hostname (#2110) 2017-12-22 22:09:59 +00:00
Matthew Mosesohn
29f5b55d42
remove unwanted whitespace for kube_override_hostname (#2105) 2017-12-22 11:31:18 +00:00
rong.zhang
5aef52e8c0 fix dashboard certs secret 2017-12-22 11:17:05 +08:00
Brad Beam
336e0cbf70
Merge pull request #2102 from spiffxp/update-code-of-conduct
Update code-of-conduct.md
2017-12-20 20:00:47 -06:00
Aaron Crickenberger
3cd06b0eb4 Update code-of-conduct.md
Refer to kubernetes/community as authoritative source for code of conduct
2017-12-20 14:12:38 -05:00
Matthew Mosesohn
6bb46e3ecb
Fix param names in preparation for Kubernetes v1.9.0 (#2098)
This does not update v1.9.0, but fixes two incompatibilities
when trying to deploy v1.9.0.
2017-12-20 10:48:09 +00:00
Matthew Mosesohn
127bc01857
Do not override kubelet hostname if cloud_provider is used (#2095)
Starting with Kubernetes v1.8.4, kubelet ignores the AWS cloud
provider string and uses the override hostname, which fails
Node admission checks.

Fixes #2094
2017-12-19 20:18:20 +00:00
Evan Zeimet
a6975c1850 Rename runtime docker_version (#2082)
Renaming runtime docker_version to prevent setting that
value on the command line from breaking the play run.

This fixes #2081
2017-12-19 14:47:54 +00:00
Stanislav Makar
b2cb0725ac Default OpenStack Cinder Storage Class (#2083)
Add possibility to create default OpenStack Cinder Storage Class

Closes: #1609
2017-12-19 14:47:00 +00:00
rong.zhang
b974b144a8 Add RBAC to binding Dahsboard UI 2017-12-18 23:07:19 +08:00
Matthew Mosesohn
bfb25fa47b
Change vault cert ttl to 8y (#2013) 2017-12-15 13:34:00 +00:00
Wei Tie
3bb505d43f Remove unrequired mounts 2017-12-14 14:59:40 -08:00
Matthew Mosesohn
b135bcb9d9 Split download container task for delegate and non-delegate modes (#2077)
Ansible cannot seem to handle omitting delegate_to since v2.4.0.0.

Possibly related: https://github.com/ansible/ansible/issues/30760
2017-12-14 16:45:54 +00:00
Wei Tie
4e97225424 Add quote for etcd endpoints 2017-12-13 18:35:12 -08:00
rong.zhang
0771cd8599 Remove dashboard_tls_key and dashboard_tls_cert 2017-12-13 15:42:20 +08:00
Fang Zhen
91d848f98a Make spliting system_search_domains more robust
The search line in /etc/resolv.conf could have
multiple spaces or tabs between domains.
split(' ') will give wrong results in some case,
use split() without argument instead.

e.g.
>>> 'domain.tld	cluster.tld '.split(' ')
['domain.tld\tcluster.tld', '']
>>> 'domain.tld cluster.tld '.split()
['domain.tld', 'cluster.tld']
2017-12-13 15:39:38 +08:00
rong.zhang
40edf8c6f5 Update dashboard version to v1.8.0
Update dependencies to be compatible with Kubernetes v1.8
2017-12-13 12:50:44 +08:00
Chad Swenson
e78562830f Retry kube container removal during upgrade
As we have seen with other containers, sometimes container removal fails on the first attempt due to some Docker bugs. Retrying typically corrects the issue.
2017-12-12 12:06:41 -06:00
Simon Li
bef259a6eb Always set net.bridge.bridge-nf-call-* sysctl 2017-12-12 17:11:35 +00:00
Brad Beam
39ce1bd8be
Merge pull request #2059 from bradbeam/vaultalt
Fixing alt_names for vault cert generation
2017-12-12 09:28:51 -06:00
Spencer Smith
6291881943
Merge pull request #2057 from rsmitty/master
set docker_version fact regardless of docker_dns in use
2017-12-12 10:28:14 -05:00
Brad Beam
802fd94dad
Merge pull request #2054 from ArchiFleKs/os-cloud-provider-domain-fix
Fix domain id for OpenStack provider
2017-12-11 21:06:16 -06:00
Xu Zhipei
66f38a1b31 fix: always only one docker image got synced after download 2017-12-12 09:51:03 +08:00
Brad Beam
d3850a4da5 Fixing alt_names for vault cert generation 2017-12-11 17:28:18 -06:00
Spencer Smith
53a4355e60 set docker_version fact regardless of docker_dns in use 2017-12-11 17:48:11 -05:00
Spencer Smith
18a616f57c
Merge pull request #2052 from ArchiFleKs/os-terraform-fix-inventory
Change OpenStack inventory to python2
2017-12-11 13:42:05 -05:00
Spencer Smith
32333eb627
Merge pull request #2035 from brutus333/fix/proxy
Added proxy_env to scale and upgrade playbooks
2017-12-11 12:43:06 -05:00
Brad Beam
19def41fdf
Merge pull request #2047 from bradbeam/vaulttime
Adding retries for vault-temp to come online
2017-12-11 09:04:57 -06:00
ArchiFleKs
44b9dce134 Fix domain id for OpenStack provider
OpenStack authentication does not support using a mix of DomainID and
DomainName, only one or the other should be used.
2017-12-11 15:57:33 +01:00
Brad Beam
fa5a538fe5
Merge pull request #2050 from jbonachera/fix-vault-tls-validation
append newline char to vault generated certs
2017-12-11 08:41:34 -06:00
ArchiFleKs
5e3fd2253f Change OpenStack inventory to python2
For distribution who ship python3 as default python, it breaks the
inventory script as it is not compatible with python3.
2017-12-11 14:25:05 +01:00
Brad Beam
9643c2c1e3 Fixes to reset (#2046)
- adding additional directories to cleanup (rkt/vault)
- targeting kubespray ansible groups instead of all
2017-12-11 12:49:21 +00:00