Commit graph

1828 commits

Author SHA1 Message Date
Raj Perera
e663c6b61a Address PR feedback.
* Consolidate variable definitions to `kargo-defaults`.
* Set `AlwaysAllow` as the default authorization mode.
* Ability to set multiple authorization modes.
* Various style fixes and typos
2017-06-19 10:24:56 -04:00
Raj Perera
b800f7bb07 Use kubectl patch 2017-06-16 12:29:13 -04:00
Raj Perera
9924a33d6f Replace static references to system namespace 2017-06-16 11:21:59 -04:00
Raj Perera
992a974b1e Merge branch 'rbac-kp' into rbac-script-cert
# Conflicts:
#	roles/kubernetes-apps/ansible/tasks/main.yml
#	roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml
#	roles/kubernetes-apps/ansible/templates/kubedns-sa.yml
#	roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
#	roles/kubernetes/secrets/files/make-ssl.sh
2017-06-16 11:11:12 -04:00
Raj Perera
0dc38ff9b3 Basic RBAC functionality. (Based from work done by @jwfang (#1351))
* Add a flag "authorization_method", when set to "RBAC" enables role based access control.
* Add required cluster roles and bindings for kube-dns
* Patch tiller deployment to use a service account with proper credentials.
* Add a flag to regenerate kubernetes certs on the nodes.
2017-06-16 10:28:23 -04:00
jwfang
7c2816ba73 add label for kube-dns sa 2017-06-16 20:08:19 +08:00
jwfang
acbdfb08ce run kubedns as system:serviceaccount:kube-system:kube-dns; but dns does NOT work 2017-06-16 18:54:18 +08:00
jwfang
765a5ce1ab node identified as system:node:<node-name> 2017-06-16 17:15:37 +08:00
jwfang
0ee229488e certs for system:kube-controller-manager system:kube-scheduler 2017-06-16 14:21:21 +08:00
jwfang
8b58394d8c seperate kube-proxy certs for each node 2017-06-15 19:20:58 +08:00
jwfang
f3a4c31e66 add kube-node to system:nodes group, add system:kube-proxy cert for kube-proxy 2017-06-15 18:15:52 +08:00
Brad Beam
b73786c6d5 Merge pull request #1335 from bradbeam/imagerepo
Set default value for kube_hyperkube_image_repo
2017-06-12 09:46:17 -05:00
Brad Beam
eacc42fedd Merge pull request #1240 from bradbeam/vaultfixup
Fixing up vault variables
2017-06-08 22:33:03 -05:00
Brad Beam
db3e8edacd Fixing up vault variables 2017-06-08 16:15:33 -05:00
Brad Beam
6e41634295 Set default value for kube_hyperkube_image_repo
Fixes #1334
2017-06-08 12:22:16 -05:00
Spencer Smith
ef3c2d86d3 Merge pull request #1327 from rsmitty/coreos-testing-update
use latest coreos-stable for testing to avoid upgrades during deployment
2017-06-07 16:31:23 -07:00
Brad Beam
780308c194 Merge pull request #1174 from jlothian/atomic-docker-restart
Fix docker restart in atomic
2017-06-07 12:05:32 -05:00
Brad Beam
696fd690ae Merge pull request #1092 from bradbeam/rkt_docker
Adding flag for docker container in kubelet w/ rkt
2017-06-06 12:58:40 -05:00
Spencer Smith
d323501c7f Merge pull request #1328 from kevinjqiu/coreos-vagrant
Support provisioning vagrant k8s clusters with coreos
2017-06-05 14:30:49 -07:00
Kevin Jing Qiu
66d8b2c18a Specify coreos vagrant box url 2017-06-04 11:31:39 -04:00
Kevin Jing Qiu
6d8a415b4d Update doc on Vagrant local override file 2017-06-02 20:09:37 -04:00
Kevin Jing Qiu
dad268a686 Add default ssh user for different OSes 2017-06-02 19:51:09 -04:00
Kevin Jing Qiu
e7acc2fddf Update doc for Vagrant install 2017-06-02 19:03:43 -04:00
Kevin Jing Qiu
6fb17a813c Support provisioning vagrant k8s clusters with coreos 2017-06-02 18:53:47 -04:00
Spencer Smith
11ede9f872 use latest coreos-stable for testing to avoid upgrades during deployment 2017-06-02 12:24:54 -04:00
Spencer Smith
6ac1c1c886 Merge pull request #1320 from rsmitty/centos-cert-fix
check if cloud_provider is defined
2017-05-31 11:54:15 -04:00
Spencer Smith
01c0ab4f06 check if cloud_provider is defined 2017-05-31 08:24:24 -04:00
Spencer Smith
7713f35326 Merge pull request #1317 from mtsr/versionlock
Adds note on versionlock to README
2017-05-30 14:37:21 -04:00
Spencer Smith
7220b09ff9 Merge pull request #1315 from rsmitty/hostnames-upgrade
Resolve upgrade issues
2017-05-30 11:40:19 -04:00
Spencer Smith
b7298ef51a Merge pull request #1313 from rsmitty/centos-cert-path
add direct path for cert in AWS with RHEL family
2017-05-30 11:37:37 -04:00
Jonas Matser
9b18c073b6 Adds note on versionlock to README
Note to users that auto-updates break clusters that don't lock the docker version somehow.
2017-05-28 20:55:44 +02:00
Spencer Smith
dd89e705f2 don't uncordon masters 2017-05-26 17:48:56 -04:00
Spencer Smith
56b86bbfca inventory hostname for cordoning/uncordoning 2017-05-26 17:47:25 -04:00
Spencer Smith
7e2aafcc76 add direct path for cert in AWS with RHEL family 2017-05-26 17:32:50 -04:00
Spencer Smith
11c774b04f Merge pull request #1306 from rsmitty/scale-up
add scale.yml to do minimum needed for a node bootstrap
2017-05-25 18:51:09 -04:00
Spencer Smith
6ba926381b Merge pull request #1309 from jhunthrop/router-peering
adding --skip-exists flag for peer_with_router
2017-05-25 18:50:54 -04:00
Justin Hunthrop
af55e179c7 adding --skip-exists flag for peer_with_router 2017-05-25 14:29:18 -05:00
Spencer Smith
18a42e4b38 add scale.yml to do minimum needed for a node bootstrap 2017-05-24 15:49:21 -04:00
Spencer Smith
a10ccadb54 Merge pull request #1300 from rsmitty/dynamic-inventory-aws
Added dynamic inventory for AWS as contrib
2017-05-23 12:57:51 -04:00
Spencer Smith
15fee582cc Merge pull request #1305 from zouyee/master
upgrade k8s version to 1.6.4
2017-05-23 12:52:13 -04:00
zoues
43408634bb Merge branch 'master' into master 2017-05-23 09:32:28 +08:00
zouyee
d47fce6ce7 upgrade k8s version to 1.6.4 2017-05-23 09:30:03 +08:00
Matthew Mosesohn
9e64267867 Merge pull request #1293 from mattymo/kubelet_host_mode
Add host-based kubelet deployment
2017-05-19 18:07:39 +03:00
Josh Lothian
7ae5785447 Removed the other unused handler
With live-restore: true, we don't need a special docker restart
2017-05-19 09:50:10 -05:00
Josh Lothian
ef8d3f684f Remove unused handler
Previous patch removed the step that sets live-restore
back to false, so don't try to notify that handler any more
2017-05-19 09:45:46 -05:00
Matthew Mosesohn
cc6e3d14ce Add host-based kubelet deployment
Kubelet gets copied from hyperkube container and run locally.
2017-05-19 16:54:07 +03:00
Spencer Smith
83f44b1ac1 Added example json 2017-05-18 17:57:30 -04:00
Spencer Smith
1f470eadd1 Added dynamic inventory for AWS as contrib 2017-05-18 17:52:44 -04:00
Spencer Smith
005b01bd9a Merge pull request #1299 from bradbeam/kubelet
Minor kubelet updates
2017-05-18 12:52:43 -04:00
Josh Lothian
6f67367b57 Leave 'live-restore' false
Leave live-restore false to updates always pick
up new network configuration
2017-05-17 14:31:49 -05:00