Commit graph

1893 commits

Author SHA1 Message Date
Matthew Mosesohn
07cc981971
refactor vault role (#2733)
* Move front-proxy-client certs back to kube mount

We want the same CA for all k8s certs

* Refactor vault to use a third party module

The module adds idempotency and reduces some of the repetitive
logic in the vault role

Requires ansible-modules-hashivault on ansible node and hvac
on the vault hosts themselves

Add upgrade test scenario
Remove bootstrap-os tags from tasks

* fix upgrade issues

* improve unseal logic

* specify ca and fix etcd check

* Fix initialization check

bump machine size
2018-05-11 19:11:38 +03:00
woopstar
7df5edef52 Fix path for pip and python 2018-05-11 16:01:52 +02:00
Cédric de Saint Martin
7507031cb1 CoreOS bootstrap: set bin_dir and PATH for pip. 2018-05-08 22:20:58 +02:00
Andreas Krüger
d73d60c9b0
Merge pull request #2600 from maximegaillard/master
Add Openstack tenant name
2018-05-08 12:03:01 +02:00
Andreas Krüger
004b4a0436
Merge pull request #2729 from Ashon/issues/fix-python-compat
Use 'items()' for python compatibility
2018-05-08 12:02:28 +02:00
Andreas Krüger
67ce8925e4
Merge pull request #2742 from woopstar/coredns-update
Update CoreDNS to version 1.1.2
2018-05-08 12:01:42 +02:00
Andreas Krüger
28d6eb6af1
Merge pull request #2644 from cp3hu/master
Fix apiserver manifest and kubelet for kube version < 1.9
2018-05-08 09:22:36 +02:00
woopstar
1a47a9b850 Update CoreDNS to version 1.1.2 2018-05-08 09:14:01 +02:00
Chad Swenson
595e96ebf1
Merge pull request #2693 from romaindequidt/sync-certs-tasks-fix
sync certs tasks (fix #2596 #2667)
2018-05-02 12:17:23 -05:00
ashon
fb465f8b4b Use 'items()' for python compatibility 2018-05-01 16:55:50 +09:00
Wong Hoi Sing Edison
3501eb6916 ingress-nginx: Upgrade to 0.14.0 2018-05-01 15:42:07 +08:00
Maxime Gaillard
00db751646 Add Openstack tenant name 2018-05-01 09:21:37 +02:00
Tomasz Majchrowski
59789ae02a ISSUE-2706: Provide consistent usage of supplementary_addresses_in_ssl_keys across vault and script mode (#2707) 2018-04-30 14:48:17 +03:00
Andreas Krüger
414e420bd2
Merge pull request #2701 from desaintmartin/netchecker-update
Update netchecker to v1.2.2.
2018-04-30 10:55:18 +02:00
Andreas Krüger
03de4c0806
Merge pull request #2695 from suzutan/add-oidc-prefix-args
Add oidc-user-prefix and oidc-group-prefix args
2018-04-30 09:17:02 +02:00
Andreas Krüger
4fb8e6d455
Merge pull request #2653 from kidk/fixed-incorrect-mem-tag
Replaced 'mem' with 'memory/ in elasticsearch and kibana deployment
2018-04-30 09:14:15 +02:00
mirwan
06cdb260f6 labelvalue must be formatted to handle non string values (#2722) 2018-04-29 19:02:14 +03:00
mirwan
c3c5817af6 sysctl file should be in defaults so that it can be overriden (#2475)
* sysctl file should be in defaults so that it can be overriden

* Change sysctl_file_path to be consistent with roles/kubernetes/preinstall/defaults/main.yml
2018-04-27 18:50:58 +03:00
Markos Chandras
9168c71359 Revert "Revert "Add openSUSE support" (#2697)" (#2699)
This reverts commit 51f4e6585a.
2018-04-26 12:52:06 +03:00
Matthew Mosesohn
1a14f1ecc1
Fix vol format for local volume provisioner in rkt (#2698) 2018-04-24 20:32:08 +03:00
Cédric de Saint Martin
44cb126e7d Update netchecker to v1.2.2.
Using official image from mirantis at dockerhub.
2018-04-24 09:13:56 +02:00
Matthew Mosesohn
51f4e6585a
Revert "Add openSUSE support" (#2697) 2018-04-23 14:28:24 +03:00
Suzuka Asagiri
f81e6d2ccf
Add oidc-user-prefix and oidc-group-prefix args 2018-04-23 12:23:59 +09:00
Romain DEQUIDT
80dd230a65 sync certs tasks (fix #2596 #2667) 2018-04-22 10:00:31 +02:00
Paul Montero
75950344fb
run_once pre_upgrade tasks which are executing in localhost 2018-04-19 11:38:13 -05:00
Matthew Mosesohn
0945eb990a
Make it possible to skip docker role as a var (#2686) 2018-04-19 16:47:20 +03:00
Andreas Krüger
a498cc223b
Merge pull request #2673 from hswong3i/cephfs-provisioner-a71a49d4
cephfs-provisioner: Upgrade to a71a49d4
2018-04-19 11:39:10 +02:00
Andreas Krüger
9707aa8091
Merge pull request #2677 from woopstar/bootstrap-fix-1
Properly check need_pip, always run pip to check if needed
2018-04-19 09:23:26 +02:00
Spencer Smith
49c6bf8fa6 support custom env vars for etcd 2018-04-18 14:03:24 -04:00
Samuel Vandamme
296b92dbd4 Replaced 'mem' with 'memory/ in elasticsearch and kibana deployment 2018-04-18 11:25:29 +02:00
Andreas Krüger
b2756d148a
Merge pull request #2671 from hswong3i/cert-manager-0.2.4
cert-manager: Upgrade to v0.2.4
2018-04-18 10:17:39 +02:00
woopstar
756af57787 Properly check need_pip, always run pip to check if needed
pip was always being downloaded on subsequent runs, This PR always runs the pip command, and checks the rc of it before downloading pip

Fix in favor of #2582
2018-04-18 10:15:46 +02:00
Andreas Krüger
cb7096f2ec
Merge pull request #2672 from hswong3i/ingress-nginx-0.13.0
ingress-nginx: Upgrade to 0.13.0
2018-04-18 10:10:13 +02:00
Wong Hoi Sing Edison
d435e17681 cephfs-provisioner: Upgrade to a71a49d4 2018-04-17 13:41:34 +08:00
Wong Hoi Sing Edison
23e9737b85 ingress-nginx: Upgrade to 0.13.0 2018-04-17 12:19:44 +08:00
Wong Hoi Sing Edison
54beb27eaa cert-manager: Upgrade to v0.2.4 2018-04-17 12:08:10 +08:00
Wong Hoi Sing Edison
7968437a65 Weave: Upgrade to 2.3.0 2018-04-17 08:51:24 +08:00
Aivars Sterns
4b4786f75d
Merge pull request #2381 from vikas027/inventory_fixes
Replaced ansible_ssh_host with ansible_host in sample inventory file and fixed usage of bastion
2018-04-16 10:06:19 +03:00
Matthew Mosesohn
02cd5418c2
Weave limits (#2660)
* Raise limits for weave

* Adjust weave limits
2018-04-15 18:32:49 +03:00
Matthew Mosesohn
49e3665d96
Remove prometheus operator from Kubespray (#2658)
Kubespray should not install any helm charts. This is a task
that a user should do on his/her own through ansible or another
tool. It opens the door to wrapping installation of any helm
chart.
2018-04-13 18:53:39 +03:00
Matthew Mosesohn
e95ba800ea
Define local volume provisioner dirs in defaults (#2656) 2018-04-13 17:23:10 +03:00
Aivars Sterns
5d9bb300d7
Merge pull request #2646 from Atoms/fix-sync-container
move when condition to main.yml
2018-04-13 09:10:21 +03:00
Matthew Mosesohn
f73717ea35
Mount local volume provisioner dirs for containerized kubelet (#2648) 2018-04-12 22:55:13 +03:00
Aivars Sterns
1967963702
Merge pull request #2380 from hwoarang/add-opensuse-support
Add openSUSE support
2018-04-12 20:28:50 +03:00
Chad Swenson
d87b6fd9f3 Use dedicated front-proxy-ca for front-proxy-client 2018-04-12 11:03:22 -05:00
Chad Swenson
a6a47dbc96
Merge pull request #2617 from bradbeam/savaultcert
Adding missing service-account certificate for vault
2018-04-12 11:02:24 -05:00
Matthew Mosesohn
61791bbb3d Remove condition for docker pull when using download delegate 2018-04-12 19:01:13 +03:00
Aivars Sterns
298c6cb790
Merge pull request #2633 from grebois/patch-3
Enabling MutatingAdmissionWebhook for Istio Automatic sidecar injection
2018-04-12 11:53:58 +03:00
Matthew Mosesohn
3fa7468d54 Copy ca-key.pem to etcd and kube-masters accordingly 2018-04-12 10:17:54 +03:00
Markos Chandras
02bf742e15 roles: rkt: Add support for SUSE distributions
The RPM file that's provided by upstream can be used for SUSE
distributions as well. Moreover we simplify the playbook to use
the 'package' module to install packages across different distros.

Link: https://github.com/rkt/rkt/pull/3904
2018-04-11 20:55:20 +01:00