Raj Perera
e58d06ddd1
Remove cert rotation code. Remove disclaimer for supported auth methods.
2017-06-20 00:49:33 -04:00
Raj Perera
eb91eab39a
Extract kubectl commands to resource yaml files and use kube module
2017-06-19 11:00:26 -04:00
Raj Perera
992a974b1e
Merge branch 'rbac-kp' into rbac-script-cert
...
# Conflicts:
# roles/kubernetes-apps/ansible/tasks/main.yml
# roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml
# roles/kubernetes-apps/ansible/templates/kubedns-sa.yml
# roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
# roles/kubernetes/secrets/files/make-ssl.sh
2017-06-16 11:11:12 -04:00
Raj Perera
0dc38ff9b3
Basic RBAC functionality. (Based from work done by @jwfang ( #1351 ))
...
* Add a flag "authorization_method", when set to "RBAC" enables role based access control.
* Add required cluster roles and bindings for kube-dns
* Patch tiller deployment to use a service account with proper credentials.
* Add a flag to regenerate kubernetes certs on the nodes.
2017-06-16 10:28:23 -04:00
jwfang
0ee229488e
certs for system:kube-controller-manager system:kube-scheduler
2017-06-16 14:21:21 +08:00
jwfang
8b58394d8c
seperate kube-proxy certs for each node
2017-06-15 19:20:58 +08:00
jwfang
f3a4c31e66
add kube-node to system:nodes group, add system:kube-proxy cert for kube-proxy
2017-06-15 18:15:52 +08:00
Brad Beam
6e41634295
Set default value for kube_hyperkube_image_repo
...
Fixes #1334
2017-06-08 12:22:16 -05:00
Brad Beam
696fd690ae
Merge pull request #1092 from bradbeam/rkt_docker
...
Adding flag for docker container in kubelet w/ rkt
2017-06-06 12:58:40 -05:00
Matthew Mosesohn
9e64267867
Merge pull request #1293 from mattymo/kubelet_host_mode
...
Add host-based kubelet deployment
2017-05-19 18:07:39 +03:00
Matthew Mosesohn
cc6e3d14ce
Add host-based kubelet deployment
...
Kubelet gets copied from hyperkube container and run locally.
2017-05-19 16:54:07 +03:00
Brad Beam
b999ee60aa
Fixing typo in kubelet cluster-dns and cluster-domain flags
2017-05-16 15:43:29 -05:00
Spencer Smith
0afbc19ffb
ensure the /etc/os-release is mounted read only
2017-05-01 14:51:40 -04:00
Spencer Smith
ac9290f985
add for rkt as well
2017-04-28 17:45:10 -04:00
Spencer Smith
5657738f7e
mount os-release to ensure the node's OS is what's seen in k8s api
2017-04-28 13:40:54 -04:00
Matthew Mosesohn
2d6bc9536c
Merge pull request #1246 from holser/disable_dns_for_kube_services
...
Change DNS policy for kubernetes components
2017-04-20 16:12:52 +03:00
Sergii Golovatiuk
d8aa2d0a9e
Change DNS policy for kubernetes components
...
According to code apiserver, scheduler, controller-manager, proxy don't
use resolution of objects they created. It's not harmful to change
policy to have external resolver.
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-04-20 11:22:57 +02:00
Brad Beam
b60a897265
Explicitly create cni bin dir
...
If this path doesnt exist, it will cause kubelet to fail to start when
using rkt
2017-04-19 16:00:44 +00:00
Spencer Smith
04a769bb37
ensure spacing on string of flags
2017-04-17 11:11:10 -04:00
Spencer Smith
f9d4a1c1d8
update to safeguard against accidentally passing string instead of list
2017-04-17 11:09:34 -04:00
Spencer Smith
94596388f7
add ability for custom flags
2017-04-14 17:33:04 -04:00
Matthew Mosesohn
1c45d37348
Update kubelet.j2
2017-04-06 22:59:18 +03:00
Matthew Mosesohn
b521255ec9
Unbreak 1.5 deployment with kubelet
...
1.5 kubelet fails to start when using unknown params
2017-04-06 21:07:48 +03:00
Matthew Mosesohn
75ea001bfe
Merge pull request #1208 from mattymo/1.6-flannel
...
Update to k8s 1.6 with flannel and centos fixes
2017-04-06 13:04:02 +03:00
Matthew Mosesohn
ff2fb9196f
Fix flannel for 1.6 and apply fixes to enable containerized kubelet
2017-04-06 10:06:21 +04:00
Sergii Golovatiuk
2670eefcd4
Refactoring resolv.conf
...
- Renaming templates for netchecker
- Add dnsPolicy: ClusterFirstWithHostNet to kube-proxy
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-04-05 09:28:01 +02:00
Matthew Mosesohn
f8cf6b4f7c
Merge pull request #1186 from holser/resolv_conf
...
Set ClusterFirstWithHostNet for Pods with hostnetwork: true
2017-04-04 20:49:55 +03:00
Sergii Golovatiuk
1cfe0beac0
Set ClusterFirstWithHostNet for Pods with hostnetwork: true
...
In kubernetes 1.6 ClusterFirstWithHostNet was added as an option. In
accordance to it kubelet will generate resolv.conf based on own
resolv.conf. However, this doesn't create 'options', thus the proper
solution requires some investigation.
This patch sets the same resolv.conf for kubelet as host
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-04-04 16:34:13 +02:00
Matthew Mosesohn
b4d06ff8dd
Add /var/lib/cni to kubelet
...
Necessary to persist this directory for host-local IPAM used by Canal
Add pre-upgrade task to copy /var/lib/cni out of old kubelet.
2017-04-03 19:38:24 +03:00
Matthew Mosesohn
e9a294fd9c
Significantly reduce memory requirements
...
Canal runs more pods and upgrades need a bit of extra
room to load new pods in and get the old ones out.
2017-03-27 13:28:37 +03:00
Sergii Golovatiuk
f144fd1ed3
Refactor etcd role
...
- Run docker run from script rather than directly from systemd target
- Refactoring styling/templates
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-03-24 12:34:15 +01:00
Matthew Mosesohn
52a6dd5427
Explicitly set cni-bin-dir
2017-03-13 20:13:21 +03:00
Matthew Mosesohn
54207877bd
Add node labels in kubelet
...
Related-issue: https://github.com/kubernetes/community/issues/300
Upgraded nodes do not obtain labels automatically.
See https://github.com/kubernetes/kubernetes/pull/29459 for more details.
2017-03-06 17:18:42 +03:00
Antoine Legrand
85596c2610
Merge pull request #1045 from bradbeam/vsphere
...
Adding vsphere cloud provider support
2017-03-06 12:34:05 +01:00
Vijay Katam
a0b1eda1d0
Add support for atomic host
...
Updates based on feedback
Simplify checks for file exists
remove invalid char
Review feedback. Use regular systemd file.
Add template for docker systemd atomic
2017-03-01 09:38:19 -08:00
Brad Beam
8a63b35f44
Adding flag for docker container in kubelet w/ rkt
2017-02-28 07:55:12 -06:00
Brad Beam
bfff06d402
Adding KUBELET_CLOUDPROVIDER to kubelet.rkt.service
2017-02-28 06:29:35 -06:00
Brad Beam
dbf13290f5
Updating vsphere cloud provider support
2017-02-27 15:08:04 -06:00
Jan Jungnickel
df476b0088
Initial support for vsphere as cloud provider
2017-02-27 12:51:41 -06:00
Brad Beam
56664b34a6
Lower default memory requests
...
This is to address out of memory issues on CI as well as help
fit deployments for people starting out with kargo on smaller
machines
2017-02-27 10:53:43 -06:00
Bogdan Dobrelya
069606947c
Merge pull request #1063 from bogdando/fix
...
Align LB defaults with the HA docs
2017-02-27 10:14:42 +01:00
Bogdan Dobrelya
f2a4619c57
Align LB defaults with the HA docs
...
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-02-23 10:32:44 +01:00
Bogdan Dobrelya
712872efba
Rework inventory all by real groups' vars
...
* Leave all.yml to keep only optional vars
* Store groups' specific vars by existing group names
* Fix optional vars casted as mandatory (add default())
* Fix missing defaults for an optional IP var
* Relink group_vars for terraform to reflect changes
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-02-23 09:43:42 +01:00
Ivan Shvedunov
0006e5ab45
Fix shell special vars
2017-02-21 22:22:40 +03:00
Andrew Greenwood
ca9ea097df
Cleanup legacy syntax, spacing, files all to yml
...
Migrate older inline= syntax to pure yml syntax for module args as to be consistant with most of the rest of the tasks
Cleanup some spacing in various files
Rename some files named yaml to yml for consistancy
2017-02-17 16:22:34 -05:00
Vladimir Rutsky
bff955ff7e
Mount host's /var/log into kubelet container
...
Kubelet is responsible for creating symlinks from /var/lib/docker to /var/log
to make fluentd logging collector work.
However without using host's /var/log those links are invisible to fluentd.
This is done on rkt configuration too.
2017-02-16 22:31:05 +03:00
Brad Beam
4c891b8bb0
Adding support for proxy w/ rkt kubelet
2017-02-14 08:09:49 -06:00
Matthew Mosesohn
b7258ec3bb
Merge pull request #1013 from mattymo/remove_masqerade_all
...
Disable kube_proxy_masquerade_all
2017-02-14 14:00:29 +03:00
Sergii Golovatiuk
aeadaa1184
Set ssl_ca_dirs for rkt based on fact
...
Since systemd kubelet.service has {{ ssl_ca_dirs }}, fact should be
gathered before writing kubelet.service.
Closes : #1007
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-13 13:28:29 +01:00
Matthew Mosesohn
2c532cb74d
Disable kube_proxy_masquerade_all
...
Fixes #1012
2017-02-10 13:16:39 +03:00