Commit graph

317 commits

Author SHA1 Message Date
orange-llajeanne
e489e70031
add new variable allowing additionnal audit webhook server options () 2020-09-21 06:44:32 -07:00
Florian Ruynat
a556f8f2bf
Remove deprecated (and removed in 1.19) flag and function --basic-auth-file () 2020-09-11 00:30:14 -07:00
Lovro Seder
c1ba8e1b3a
Rotate kubelet server certificate. ()
* Rotate kubelet server certificate.

* CI test kubelet server cert rotation

* Approve kubelet serving certificates in tests.
2020-09-03 07:25:41 -07:00
Sulochan Acharya
36924b63dc
Allow webhook authorization () 2020-08-24 06:29:41 -07:00
holmesb
d8a749fd27
Update apiserver-audit-policy.yaml.j2 () 2020-08-18 00:49:37 -07:00
Sulochan Acharya
bfe143808f
Allows tls verify skip on webhook auth url () 2020-08-05 05:02:29 -07:00
Konstantin Lebedev
2364a84579
fix src for audit webhook config yaml () 2020-08-01 00:33:56 -07:00
fulii
ce22c0e6a4
Add option to configure IPVS timeouts in kube-proxy configration manifest. () 2020-08-01 00:33:40 -07:00
Konstantin Lebedev
a7ec0ed587
add audit webhook support ()
* add audit webhook support

* use generic name auditsink
2020-07-20 01:32:54 -07:00
Florian Ruynat
2a82dff3ae
Remove runtime-config from kubeadm if empty () 2020-06-30 11:22:05 -07:00
Joel Seguillon
4c1e0b188d
Add .editorconfig file () 2020-06-29 12:39:59 -07:00
Erwan Miran
d3ca9d1db9
kube_encryption_resources must be output as yaml () 2020-06-25 23:59:31 -07:00
Samuel Liu
c29b21717d
Add event-ttl duration ()
* Add event-ttl duration

* Fix wrong location
2020-06-24 08:15:17 -07:00
Samuel Liu
dba645421f
ADD tls cipher suites support ()
* ADD tls cipher suites support

yaml lint

yamllint

* update test case

* update test case
2020-06-16 04:10:05 -07:00
Florent Monbillard
324106e91e
Remove Kubernetes <1.16 conditionals () 2020-05-08 00:45:43 -07:00
Sergey
6318bb9f96
Return the ability to start control plain from the hyperkube image () 2020-04-18 05:59:36 -07:00
spaced
157c247563
fix readonly flexvolume in fcos and coreos () 2020-04-08 01:41:43 -07:00
Maxime Guyot
a7a204ebca
Add kube_encryption_resources variable to configure which resources are encrypted at rest () 2020-03-20 04:14:36 -07:00
Ali Sanhaji
646fd5f47b
External OpenStack Cloud Controller Manager implementation ()
* External OpenStack Cloud Controller Manager implementation

* Adding controller image tag

* Minor fixes

* Restructuring the external cloud controller to work with KubeADM
2020-02-18 04:47:28 -08:00
aca
9d32e2c3b0
fix duplicates when scheduler_extra_volumes defined () 2020-02-07 02:09:44 -08:00
Hugo Blom
f7aea8ed89 update oidc to contain quotes () 2019-12-05 00:24:32 -08:00
Matthew Mosesohn
18cee65c4b Add support for k8s v1.17.0-rc.1, remove hyperkube ()
Change-Id: I3fff04f0211cd9c2e8235acaf51c3aa98abc8bb7
2019-11-28 05:41:03 -08:00
Matthew Mosesohn
81da231b1e Set cluster DNS in kubeadm config for kubelet dynamic config ()
Change-Id: I23116efefe8626d361d1904fc6fb8448f66cf3c5
2019-10-25 02:23:40 -07:00
YichenWong
aada6e7e40 Add etcd_data_dir variable to the kubeadm config () 2019-10-16 19:50:39 -07:00
Matthew Mosesohn
a43e0d3f95 Switch to Kubernetes v1.16.0 ()
* Switch to Kubernetes v1.16.0

Change-Id: I5d6a9528b2d443750fc5e031aff15ad3ffead158

* Fix download localhost cached file path

Change-Id: I65e79b70e3d1b37265ebc60f41b460cf4b0a0d47

* fix kubeadm etcd for v1.16

Change-Id: I6888a00fd48b530a38b0b31c4095492476af42d2

* disable tf packet jobs

Change-Id: I075c4666547fdea4c50ec04864f38e2cfaa79154

* Disable contiv packet jobs. Fix kube-router

Change-Id: I3170e8789e60711d4cee8faf65f2094480b79b8d

* bump sonobuoy version

Change-Id: Ib946905629c7c53ed88f08fb2f41c454457a0097
2019-10-02 02:21:07 -07:00
Sergey
8984096f35 use hyperkubeimage to run controlplane containers () 2019-09-17 18:33:28 -07:00
Tony Fouchard
f6a63d88a7 Allow to configure strict ARP on kube-proxy () 2019-08-20 18:21:17 -07:00
Zou Nengren
1bfbc5bbc4 remove resource-container default value for kube-proxy () 2019-08-15 05:30:33 -07:00
Matthew Mosesohn
771ce96e6d Set initial kubeadm token if specified in kubeadm init ()
Change-Id: I7fd94ec6d195af60d237b3cfe91668ca1f707d26
2019-08-15 02:26:33 -07:00
Matthew Mosesohn
0a2f4edfc6 Always download coredns images with kubeadm ()
Fixes situation when using manual mode because it
tries to download coredns v1.3.1 from the same
image repository where kubernetes images are
downloaded from.

Change-Id: Ibbec8a72c8162ce8befa74e2013a268737ea5f8a
2019-08-13 08:53:43 -07:00
刘旭
de9443a694 remove unused code () 2019-07-16 01:39:24 -07:00
Matthew Mosesohn
29307740dd Enable containerd to deploy vanilla containerd package ()
* Enable containerd to deploy vanilla containerd package

Fixes kubeadm references to CRI socket for containerd
Fixes download role cache feature to work with containerd

Change-Id: I2ab8f0031107e2f0d1a85c39b4beb66f08509a01

* use containerd for flannel-addons job

Change-Id: Ied375c7d65e64a625ffbd995ff16f2374067dee6

* add containerd vars

Change-Id: Ib9a8a04e501c481a86235413cbec63f3672baf91

* fixup vars

Change-Id: Ibea64e4b18405a578b52a13da100384582aa24c2

* more fixes

* fix rh repo

Change-Id: I00575a77cfb7b81d6095db5d918a52023c8f13ba

* Adjust helm host install for containerd
2019-07-10 23:46:54 -07:00
Matthew Mosesohn
352297cf8d
Fixup deploy of kubeadm etcd for Kubernetes v1.15.0 ()
* Fixup deploy of kubeadm etcd for Kubernetes v1.15.0

Change-Id: If42c2c75c4d278ba9475ebf76c243f3e6ee4d02e

* undo renaming cloud config file

Change-Id: Iafbd27c3887d6a2a6d0819c711f150ecf70c515d
2019-07-09 15:41:59 +03:00
okamototk
f2b8a3614d Use K8s 1.15 ()
* Use K8s 1.15

* Use Kubernetes 1.15 and use kubeadm.k8s.io/v1beta2 for
  InitConfiguration.
* bump to v1.15.0

* Remove k8s 1.13 checksums.

* Update README kubernetes version 1.15.0.

* Update metrics server 0.3.3 for k8s 1.15

* Remove less than k8s 1.14 related code

* Use kubeadm with --upload-certs instead of --experimental-upload-certs due to depricate

* Update dnsautoscaler 1.6.0

* Skip certificateKey if it's not defined

* Add kubeadm-conftolplane.v2beta2 for k8s 1.15 or later

* Support kubeadm control plane for k8s 1.15

* Update sonobuoy version 0.15.0 for k8s 1.15
2019-07-02 01:51:08 -07:00
okamototk
4c8b93e5b9 containerd support ()
* Add limited containerd support

Containerd support for Ubuntu + Calico

* Added CRI-O support for ubuntu

* containerd support.

* Reset  containerd support.

* fix lint.

* implemented feedback

* Change task name cri xx instead of cri-o in reset task and timeout condition.

* set crictl to fixed version

* Use docker-ce's container.io package for containerd.

* Add check containerd is installable or not.

* Avoid stop docker when use containerd and optimize retry for reset.

* Add config.toml.

* Fixed containerd for kubelet.env.

* Merge PR 

* Remove unused ubuntu variable for containerd

* Polish code for containerd and cri-o

* Refactoring cri socket configuration.

* Configurable conmon.

* Remove unused crictl/runc download

* Now crictl and runc is downloaded by common crictl.yml.

* fixed yamllint error

* Fixed brokenfiles by conflict.

* Remove commented line in config.toml

* Remove readded v1.12.x version

* Fixed broken set_docker_image_facts

* Fix yamllint errors.

* Remove unused apt source

* Fix crictl could not be installed

* Add containerd config from skolekonov's PR 
2019-06-29 14:09:20 -07:00
Tony Fouchard
216631bf02 Repair kube_proxy_exclude_cidrs () 2019-06-28 00:39:37 -07:00
Erwan Miran
c7f3123e28 kubeadm_discovery_address should not contain proto () 2019-06-28 00:37:37 -07:00
andreyshestakov
b5406b752d Add kube_override_hostname to kubeadm certs. () 2019-06-23 23:19:56 -07:00
Matthew Mosesohn
4348e78b24 Enable kubeadm etcd mode ()
* Enable kubeadm etcd mode

Uses cert commands from kubeadm experimental control plane to
enable non-master nodes to obtain etcd certs.

Related story: PROD-29434

Change-Id: Idafa1d223e5c6ceadf819b6f9c06adf4c4f74178

* Add validation checks and exclude calico kdd mode

Change-Id: Ic234f5e71261d33191376e70d438f9f6d35f358c

* Move etcd mode test to ubuntu flannel HA job

Change-Id: I9af6fd80a1bbb1692ab10d6da095eb368f6bc732

* rename etcd_mode to etcd_kubeadm_enabled

Change-Id: Ib196d6c8a52f48cae370b026f7687ff9ca69c172
2019-06-20 11:12:51 -07:00
Andreas Krüger
b41530ba5d Add missing extraArgs to kubeadm-config () 2019-05-28 03:57:52 -07:00
Andreas Krüger
bf3c6aeed1 Add kube anon auth settings to kubeadm config templates ()
* Disable kube_api_anonymous_auth by default to secure the setup

* Disable metrics-server in addons. Health endpoint is slow and unstable

* Fix anonymous-auth missing in configuration

* Cleanup a bit

* Fix kube anon auth
2019-05-07 12:52:34 -07:00
Andreas Krüger
38af93b60c Remove rkt support () 2019-04-29 01:14:20 -07:00
Dmitry
b8f0de3074 Fixed etcd-servers-overrides in kubeadm config ()
* kube-apiserver will fail if used comma as separator
2019-04-28 23:02:20 -07:00
Matthew Mosesohn
d6d7458d68 Fix control plane setup without a hardcoded key () 2019-04-23 14:37:59 -07:00
Matthew Mosesohn
05dc2b3a09 Use K8s 1.14 and add kubeadm experimental control plane mode ()
* Use K8s 1.14 and add kubeadm experimental control plane mode

This reverts commit d39c273d96.

* Cleanup kubeadm setup run on first master

* pin kubeadm_certificate_key in test

* Remove kubelet autolabel of kube-node, add symlink for pki dir

Change-Id: Id5e74dd667c60675dbfe4193b0bc9fb44380e1ca
2019-04-19 06:01:54 -07:00
Maxime Guyot
ec3daedf9e Revert "Fix for unknown 'kubernetes.io' or 'k8s.io' labels specified with --node-labels ()" ()
This reverts commit 586ad89d50.
2019-04-17 07:58:06 -07:00
Matthew Mosesohn
d39c273d96 Revert "Use K8s 1.14 and add kubeadm experimental control plane mode ()" ()
This reverts commit 316508626d.
2019-04-11 12:52:43 -07:00
Matthew Mosesohn
316508626d Use K8s 1.14 and add kubeadm experimental control plane mode ()
* Use Kubernetes 1.14 and experimental control plane support

* bump to v1.14.0
2019-04-11 05:30:13 -07:00
Qasim Sarfraz
3af90f8772 disable cloud-routes for non-cloud plugin () 2019-04-10 23:50:09 -07:00
Robert Neumann
586ad89d50 Fix for unknown 'kubernetes.io' or 'k8s.io' labels specified with --node-labels ()
* Fix the file path for all.yml and k8s-cluster.yml

* Fix --node-labels namespace error "unknown labels specified"

* Update templates and configs kubelet node-labels
2019-04-10 04:14:12 -07:00