Raj Perera
e663c6b61a
Address PR feedback.
...
* Consolidate variable definitions to `kargo-defaults`.
* Set `AlwaysAllow` as the default authorization mode.
* Ability to set multiple authorization modes.
* Various style fixes and typos
2017-06-19 10:24:56 -04:00
Raj Perera
b800f7bb07
Use kubectl patch
2017-06-16 12:29:13 -04:00
Raj Perera
9924a33d6f
Replace static references to system namespace
2017-06-16 11:21:59 -04:00
Raj Perera
992a974b1e
Merge branch 'rbac-kp' into rbac-script-cert
...
# Conflicts:
# roles/kubernetes-apps/ansible/tasks/main.yml
# roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml
# roles/kubernetes-apps/ansible/templates/kubedns-sa.yml
# roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
# roles/kubernetes/secrets/files/make-ssl.sh
2017-06-16 11:11:12 -04:00
Raj Perera
0dc38ff9b3
Basic RBAC functionality. (Based from work done by @jwfang ( #1351 ))
...
* Add a flag "authorization_method", when set to "RBAC" enables role based access control.
* Add required cluster roles and bindings for kube-dns
* Patch tiller deployment to use a service account with proper credentials.
* Add a flag to regenerate kubernetes certs on the nodes.
2017-06-16 10:28:23 -04:00
jwfang
7c2816ba73
add label for kube-dns sa
2017-06-16 20:08:19 +08:00
jwfang
acbdfb08ce
run kubedns as system:serviceaccount:kube-system:kube-dns; but dns does NOT work
2017-06-16 18:54:18 +08:00
jwfang
765a5ce1ab
node identified as system:node:<node-name>
2017-06-16 17:15:37 +08:00
jwfang
0ee229488e
certs for system:kube-controller-manager system:kube-scheduler
2017-06-16 14:21:21 +08:00
jwfang
8b58394d8c
seperate kube-proxy certs for each node
2017-06-15 19:20:58 +08:00
jwfang
f3a4c31e66
add kube-node to system:nodes group, add system:kube-proxy cert for kube-proxy
2017-06-15 18:15:52 +08:00
Brad Beam
b73786c6d5
Merge pull request #1335 from bradbeam/imagerepo
...
Set default value for kube_hyperkube_image_repo
2017-06-12 09:46:17 -05:00
Brad Beam
eacc42fedd
Merge pull request #1240 from bradbeam/vaultfixup
...
Fixing up vault variables
2017-06-08 22:33:03 -05:00
Brad Beam
db3e8edacd
Fixing up vault variables
2017-06-08 16:15:33 -05:00
Brad Beam
6e41634295
Set default value for kube_hyperkube_image_repo
...
Fixes #1334
2017-06-08 12:22:16 -05:00
Spencer Smith
ef3c2d86d3
Merge pull request #1327 from rsmitty/coreos-testing-update
...
use latest coreos-stable for testing to avoid upgrades during deployment
2017-06-07 16:31:23 -07:00
Brad Beam
780308c194
Merge pull request #1174 from jlothian/atomic-docker-restart
...
Fix docker restart in atomic
2017-06-07 12:05:32 -05:00
Brad Beam
696fd690ae
Merge pull request #1092 from bradbeam/rkt_docker
...
Adding flag for docker container in kubelet w/ rkt
2017-06-06 12:58:40 -05:00
Spencer Smith
d323501c7f
Merge pull request #1328 from kevinjqiu/coreos-vagrant
...
Support provisioning vagrant k8s clusters with coreos
2017-06-05 14:30:49 -07:00
Kevin Jing Qiu
66d8b2c18a
Specify coreos vagrant box url
2017-06-04 11:31:39 -04:00
Kevin Jing Qiu
6d8a415b4d
Update doc on Vagrant local override file
2017-06-02 20:09:37 -04:00
Kevin Jing Qiu
dad268a686
Add default ssh user for different OSes
2017-06-02 19:51:09 -04:00
Kevin Jing Qiu
e7acc2fddf
Update doc for Vagrant install
2017-06-02 19:03:43 -04:00
Kevin Jing Qiu
6fb17a813c
Support provisioning vagrant k8s clusters with coreos
2017-06-02 18:53:47 -04:00
Spencer Smith
11ede9f872
use latest coreos-stable for testing to avoid upgrades during deployment
2017-06-02 12:24:54 -04:00
Spencer Smith
6ac1c1c886
Merge pull request #1320 from rsmitty/centos-cert-fix
...
check if cloud_provider is defined
2017-05-31 11:54:15 -04:00
Spencer Smith
01c0ab4f06
check if cloud_provider is defined
2017-05-31 08:24:24 -04:00
Spencer Smith
7713f35326
Merge pull request #1317 from mtsr/versionlock
...
Adds note on versionlock to README
2017-05-30 14:37:21 -04:00
Spencer Smith
7220b09ff9
Merge pull request #1315 from rsmitty/hostnames-upgrade
...
Resolve upgrade issues
2017-05-30 11:40:19 -04:00
Spencer Smith
b7298ef51a
Merge pull request #1313 from rsmitty/centos-cert-path
...
add direct path for cert in AWS with RHEL family
2017-05-30 11:37:37 -04:00
Jonas Matser
9b18c073b6
Adds note on versionlock to README
...
Note to users that auto-updates break clusters that don't lock the docker version somehow.
2017-05-28 20:55:44 +02:00
Spencer Smith
dd89e705f2
don't uncordon masters
2017-05-26 17:48:56 -04:00
Spencer Smith
56b86bbfca
inventory hostname for cordoning/uncordoning
2017-05-26 17:47:25 -04:00
Spencer Smith
7e2aafcc76
add direct path for cert in AWS with RHEL family
2017-05-26 17:32:50 -04:00
Spencer Smith
11c774b04f
Merge pull request #1306 from rsmitty/scale-up
...
add scale.yml to do minimum needed for a node bootstrap
2017-05-25 18:51:09 -04:00
Spencer Smith
6ba926381b
Merge pull request #1309 from jhunthrop/router-peering
...
adding --skip-exists flag for peer_with_router
2017-05-25 18:50:54 -04:00
Justin Hunthrop
af55e179c7
adding --skip-exists flag for peer_with_router
2017-05-25 14:29:18 -05:00
Spencer Smith
18a42e4b38
add scale.yml to do minimum needed for a node bootstrap
2017-05-24 15:49:21 -04:00
Spencer Smith
a10ccadb54
Merge pull request #1300 from rsmitty/dynamic-inventory-aws
...
Added dynamic inventory for AWS as contrib
2017-05-23 12:57:51 -04:00
Spencer Smith
15fee582cc
Merge pull request #1305 from zouyee/master
...
upgrade k8s version to 1.6.4
2017-05-23 12:52:13 -04:00
zoues
43408634bb
Merge branch 'master' into master
2017-05-23 09:32:28 +08:00
zouyee
d47fce6ce7
upgrade k8s version to 1.6.4
2017-05-23 09:30:03 +08:00
Matthew Mosesohn
9e64267867
Merge pull request #1293 from mattymo/kubelet_host_mode
...
Add host-based kubelet deployment
2017-05-19 18:07:39 +03:00
Josh Lothian
7ae5785447
Removed the other unused handler
...
With live-restore: true, we don't need a special docker restart
2017-05-19 09:50:10 -05:00
Josh Lothian
ef8d3f684f
Remove unused handler
...
Previous patch removed the step that sets live-restore
back to false, so don't try to notify that handler any more
2017-05-19 09:45:46 -05:00
Matthew Mosesohn
cc6e3d14ce
Add host-based kubelet deployment
...
Kubelet gets copied from hyperkube container and run locally.
2017-05-19 16:54:07 +03:00
Spencer Smith
83f44b1ac1
Added example json
2017-05-18 17:57:30 -04:00
Spencer Smith
1f470eadd1
Added dynamic inventory for AWS as contrib
2017-05-18 17:52:44 -04:00
Spencer Smith
005b01bd9a
Merge pull request #1299 from bradbeam/kubelet
...
Minor kubelet updates
2017-05-18 12:52:43 -04:00
Josh Lothian
6f67367b57
Leave 'live-restore' false
...
Leave live-restore false to updates always pick
up new network configuration
2017-05-17 14:31:49 -05:00