Matthew Mosesohn
d487b2f927
Security best practice fixes ( #1783 )
...
* Disable basic and token auth by default
* Add recommended security params
* allow basic auth to fail in tests
* Enable TLS authentication for kubelet
2017-10-15 20:41:17 +01:00
Matthew Mosesohn
92d038062e
Fix node authorization for cloudprovider installs ( #1794 )
...
In 1.8, the Node authorization mode should be listed first to
allow kubelet to access secrets. This seems to only impact
environments with cloudprovider enabled.
2017-10-14 11:28:46 +01:00
Vijay Katam
27ed73e3e3
Rename dns_server, add var for selinux. ( #1572 )
...
* Rename dns_server to dnsmasq_dns_server so that it includes role prefix
as the var name is generic and conflicts when integrating with existing ansible automation.
* Enable selinux state to be configurable with new var preinstall_selinux_state
2017-10-11 20:40:21 +01:00
Matthew Mosesohn
eb0dcf6063
Improve proxy ( #1771 )
...
* Set no_proxy to all local ips
* Use proxy settings on all necessary tasks
2017-10-11 19:47:27 +01:00
Matthew Mosesohn
f14f04c5ea
Upgrade to kubernetes v1.8.0 ( #1730 )
...
* Upgrade to kubernetes v1.8.0
hyperkube no longer contains rsync, so now use cp
* Enable node authorization mode
* change kube-proxy cert group name
2017-10-05 10:51:21 +01:00
Maxim Krasilnikov
da61b8e7c9
Added workaround for vagrant 1.9 and centos vm box ( #1738 )
2017-10-03 11:32:19 +01:00
shiftky
a927ed2da4
Improve playbook example of integration document
2017-09-29 18:00:01 +09:00
Matthew Mosesohn
bd272e0b3c
Upgrade to kubeadm ( #1667 )
...
* Enable upgrade to kubeadm
* fix kubedns upgrade
* try upgrade route
* use init/upgrade strategy for kubeadm and ignore kubedns svc
* Use bin_dir for kubeadm
* delete more secrets
* fix waiting for terminating pods
* Manually enforce kube-proxy for kubeadm deploy
* remove proxy. update to kubeadm 1.8.0rc1
2017-09-26 10:38:58 +01:00
Maxim Krasilnikov
bc15ceaba1
Update var doc about users accounts ( #1685 )
2017-09-25 12:20:00 +01:00
Junaid Ali
6f17d0817b
Updating getting-started.md ( #1683 )
...
Signed-off-by: Junaid Ali <junaidali.yahya@gmail.com>
2017-09-25 12:19:38 +01:00
Jiri Stransky
70d0235770
Set correct kubelet cgroup-driver also for kubeadm deployments
...
This follows pull request #1677 , adding the cgroup-driver
autodetection also for kubeadm way of deploying.
Info about this and the possibility to override is added to the docs.
2017-09-22 13:19:04 +02:00
Matthew Mosesohn
ef8e35e39b
Create admin credential kubeconfig ( #1647 )
...
New files: /etc/kubernetes/admin.conf
/root/.kube/config
$GITDIR/artifacts/{kubectl,admin.conf}
Optional method to download kubectl and admin.conf if
kubeconfig_lcoalhost is set to true (default false)
2017-09-18 13:30:57 +01:00
Matthew Mosesohn
943aaf84e5
Update getting-started.md
2017-09-11 12:47:04 +03:00
Matthew Mosesohn
9fa1873a65
Add kube dashboard, enabled by default ( #1643 )
...
* Add kube dashboard, enabled by default
Also add rbac role for kube user
* Update main.yml
2017-09-09 23:38:03 +03:00
Matthew Mosesohn
7117614ee5
Use a generated password for kube user ( #1624 )
...
Removed unnecessary root user
2017-09-06 20:20:25 +03:00
Maxim Krasilnikov
6eb22c5db2
Change single Vault pki mount to multi pki mounts paths for etcd and kube CA`s ( #1552 )
...
* Added update CA trust step for etcd and kube/secrets roles
* Added load_balancer_domain_name to certificate alt names if defined. Reset CA's in RedHat os.
* Rename kube-cluster-ca.crt to vault-ca.crt, we need separated CA`s for vault, etcd and kube.
* Vault role refactoring, remove optional cert vault auth because not not used and worked. Create separate CA`s fro vault and etcd.
* Fixed different certificates set for vault cert_managment
* Update doc/vault.md
* Fixed condition create vault CA, wrong group
* Fixed missing etcd_cert_path mount for rkt deployment type. Distribute vault roles for all vault hosts
* Removed wrong when condition in create etcd role vault tasks.
2017-08-30 16:03:22 +03:00
Chad Swenson
a39e78d42d
Initial version of Flannel using CNI ( #1486 )
...
* Updates Controller Manager/Kubelet with Flannel's required configuration for CNI
* Removes old Flannel installation
* Install CNI enabled Flannel DaemonSet/ConfigMap/CNI bins and config (with portmap plugin) on host
* Uses RBAC if enabled
* Fixed an issue that could occur if br_netfilter is not a module and net.bridge.bridge-nf-call-iptables sysctl was not set
2017-08-25 10:07:50 +03:00
Hassan Zamani
01ce09f343
Add feature_gates var for customizing Kubernetes feature gates ( #1520 )
2017-08-24 23:18:38 +03:00
Matthew Mosesohn
277fa6c12d
Add node to docs about kubelet deployment type changes
2017-08-21 09:13:59 +01:00
Vijay Katam
c92506e2e7
Add calico variable that enables ignoring Kernel's RPF Setting ( #1493 )
2017-08-20 14:01:09 +03:00
Joseph Heck
bc5159a1f5
Update comparisons.md ( #1519 )
...
Minor grammar fixes
2017-08-14 18:48:35 +03:00
Brad Beam
ca6535f210
Merge pull request #1488 from timtoum/weave_docs
...
added Weave documentation
2017-08-10 08:26:19 -05:00
Brad Beam
383d582b47
Merge pull request #1382 from jwfang/rbac
...
basic rbac support
2017-08-07 08:01:51 -05:00
timtoum
b1a5bb593c
update docs
2017-08-01 15:55:38 +02:00
timtoum
9369c6549a
update docs
2017-08-01 14:30:12 +02:00
email
c7731a3b93
update docs
2017-08-01 14:24:19 +02:00
email
24706c163a
update docs
2017-08-01 14:12:21 +02:00
email
a276dc47e0
update docs
2017-08-01 10:52:21 +02:00
email
5de7896ffb
update docs
2017-07-31 13:28:47 +02:00
email
01af45d14a
update docs
2017-07-31 13:23:01 +02:00
email
87cdb81fae
update docs
2017-07-28 11:33:13 +02:00
email
74403f2003
update docs
2017-07-27 17:00:54 +02:00
email
2c21672de6
update docs
2017-07-27 15:10:08 +02:00
email
f7dc21773d
new doc for weave
2017-07-27 14:40:52 +02:00
jwfang
805d9f22ce
note upgrade from non-RBAC not supported
2017-07-24 19:11:41 +08:00
Brad Beam
45845d4a2a
Merge pull request #1437 from rajiteh/fix_aws_docs
...
Add more instructions to setting up AWS provider
2017-07-18 16:43:01 -05:00
John Ko
06b219217b
fix some typos in HA doc
2017-07-18 10:44:08 -04:00
jwfang
a5b84a47b0
docs: experimental, no calico/vault
2017-07-17 19:29:59 +08:00
jwfang
552b2f0635
change authorization_modes default value
2017-07-17 19:29:59 +08:00
jwfang
092bf07cbf
basic rbac support
2017-07-17 19:29:59 +08:00
nico
f4a3b31415
add vsphere cloud provider doc
...
fix typo
2017-07-12 11:01:06 +02:00
Raj Perera
5c7e309d13
Add more instructions to setting up AWS provider
2017-07-11 10:53:19 -04:00
Spencer Smith
e98b0371e5
Merge pull request #1368 from vgkowski/patch-3
...
change documentation from "self hosted" to "static pod" for the contr…
2017-06-30 07:31:52 -04:00
Spencer Smith
cf8c74cb07
Merge pull request #1342 from Abdelsalam-Abbas/patch-1
...
Create ansible.md
2017-06-27 13:58:18 -04:00
Spencer Smith
23565ebe62
Merge pull request #1356 from rsmitty/rename
...
Rename project to kubespray
2017-06-27 11:40:03 -04:00
Spencer Smith
83265b7f75
renaming kargo-cli to kubespray-cli
2017-06-23 12:35:10 -04:00
Brad Beam
5364a10033
Merge pull request #1374 from Lendico/doc_ansible_integration
...
Flow for intergation with existing ansible repo
2017-06-23 11:31:22 -05:00
Spencer Smith
bae5ce0bfa
Merge branch 'master' into rename
2017-06-23 12:23:51 -04:00
Anton Nerozya
0cd83eadc0
README: Integration with existing ansible repo
2017-06-22 18:58:10 +02:00
vgkowski
d85f98d2a9
change documentation from "self hosted" to "static pod" for the control plane
2017-06-21 11:00:11 +02:00