C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
3110 commits 17 branches 66 tags 141 MiB
Commit graph

12 commits

Author SHA1 Message Date
Raj Perera
c8a2fe321b Basic RBAC functionality. (Based from work done by @jwfang (#1351)) 
* Add a flag "authorization_method", when set to "RBAC" enables role based access control.
* Add required cluster roles and bindings for kube-dns
* Patch tiller deployment to use a service account with proper credentials.
* Add a flag to regenerate kubernetes certs on the nodes.
 2017-06-26 16:42:47 +08:00
jwfang
4fa142be0b certs for system:kube-controller-manager system:kube-scheduler 2017-06-26 16:35:24 +08:00
jwfang
8ed48f052c seperate kube-proxy certs for each node 2017-06-26 16:35:24 +08:00
jwfang
27e3998cb6 add kube-node to system:nodes group, add system:kube-proxy cert for kube-proxy 2017-06-26 16:35:24 +08:00
Matthew Mosesohn
fad22bae97 More idempotency fixes 
Fixed sync_tokens fact
Fixed sync_certs for k8s tokens fact
Disabled register docker images changability
Fixed CNI dir permission
Fix idempotency for etcd pre upgrade checks
 2017-03-15 19:06:39 +03:00
Matthew Mosesohn
7e1aa3b43b Use find module for checking for certificates 
Also generate certs only when absent on master (rather than
when absent on target node)
 2017-03-03 16:21:01 +03:00
Matthew Mosesohn
51a6ec836e Merge branch 'master' into synthscale 2017-02-21 22:17:43 +03:00
Matthew Mosesohn
5419c98eb1 Add no_log to cert tar tasks 
This works around 4MB limit for gitlab CI runner.
 2017-02-18 14:09:57 +04:00
Andrew Greenwood
756003a30e Cleanup legacy syntax, spacing, files all to yml 
Migrate older inline= syntax to pure yml syntax for module args as to be consistant with most of the rest of the tasks
Cleanup some spacing in various files
Rename some files named yaml to yml for consistancy
 2017-02-17 16:22:34 -05:00
Matthew Mosesohn
02736d1ff0 Fix references to CoreOS and Container Linux by CoreOS 
Fixes #967
 2017-02-16 19:25:17 +03:00
Vladimir Rutsky
fff8780a51 set "check_mode: no" for read-only "shell" steps that registers result 
"shell" step doesn't support check mode, which currently leads to failures,
when Ansible is being run in check mode (because Ansible doesn't run command,
assuming that command might have effect, and no "rc" or "output" is registered).

Setting "check_mode: no" allows to run those "shell" commands in check mode
(which is safe, because those shell commands doesn't have side effects).
 2017-02-13 18:53:41 +03:00
Josh Conant
764ad6e099 Vault security hardening and role isolation 2017-02-08 21:41:36 +00:00
Renamed from roles/kubernetes/secrets/tasks/gen_certs.yml (Browse further)