C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
3114 commits 17 branches 66 tags 141 MiB
Commit graph

513 commits

Author SHA1 Message Date
Raj Perera
0816f620b9 Reverted leftover tasks from cert rotation functionality. 2017-06-26 16:44:24 +08:00
Raj Perera
a3760a8b84 Remove cert rotation code. Remove disclaimer for supported auth methods. 2017-06-26 16:44:24 +08:00
jwfang
d3ea13b3f0 kube-proxy use kubeconfig on kube-master 2017-06-26 16:44:24 +08:00
Raj Perera
a22868e7d1 Extract kubectl commands to resource yaml files and use kube module 2017-06-26 16:44:24 +08:00
Raj Perera
971944ead4 Address PR feedback. 
* Consolidate variable definitions to `kargo-defaults`.
* Set `AlwaysAllow` as the default authorization mode.
* Ability to set multiple authorization modes.
* Various style fixes and typos
 2017-06-26 16:44:24 +08:00
jwfang
5c56085e03 replace insecure port with secure port for apiserver_endpoint on kube-masters 2017-06-26 16:43:27 +08:00
Raj Perera
5a86194038 Replace static references to system namespace 2017-06-26 16:42:47 +08:00
Raj Perera
c8a2fe321b Basic RBAC functionality. (Based from work done by @jwfang (#1351)) 
* Add a flag "authorization_method", when set to "RBAC" enables role based access control.
* Add required cluster roles and bindings for kube-dns
* Patch tiller deployment to use a service account with proper credentials.
* Add a flag to regenerate kubernetes certs on the nodes.
 2017-06-26 16:42:47 +08:00
jwfang
4a1a7bd078 node identified as system:node:<node-name> 2017-06-26 16:35:24 +08:00
jwfang
4fa142be0b certs for system:kube-controller-manager system:kube-scheduler 2017-06-26 16:35:24 +08:00
jwfang
8ed48f052c seperate kube-proxy certs for each node 2017-06-26 16:35:24 +08:00
jwfang
27e3998cb6 add kube-node to system:nodes group, add system:kube-proxy cert for kube-proxy 2017-06-26 16:35:24 +08:00
Brad Beam
2b9e2d7179 Merge pull request #1335 from bradbeam/imagerepo 
Set default value for kube_hyperkube_image_repo
 2017-06-12 09:46:17 -05:00
Brad Beam
bccbb172c6 Fixing up vault variables 2017-06-08 16:15:33 -05:00
Brad Beam
80017dac22 Set default value for kube_hyperkube_image_repo 
Fixes #1334
 2017-06-08 12:22:16 -05:00
Brad Beam
4d9ee730ac Merge pull request #1092 from bradbeam/rkt_docker 
Adding flag for docker container in kubelet w/ rkt
 2017-06-06 12:58:40 -05:00
Spencer Smith
4b955f8e9a check if cloud_provider is defined 2017-05-31 08:24:24 -04:00
Spencer Smith
4c99902a69 add direct path for cert in AWS with RHEL family 2017-05-26 17:32:50 -04:00
Matthew Mosesohn
0e1fddb11c Merge pull request #1293 from mattymo/kubelet_host_mode 
Add host-based kubelet deployment
 2017-05-19 18:07:39 +03:00
Matthew Mosesohn
3bb8fb6b3e Add host-based kubelet deployment 
Kubelet gets copied from hyperkube container and run locally.
 2017-05-19 16:54:07 +03:00
Brad Beam
db0ff8762c Fixing typo in kubelet cluster-dns and cluster-domain flags 2017-05-16 15:43:29 -05:00
Spencer Smith
82e1684aaf Merge pull request #1254 from iJanki/cert_group 
Adding /O=system:masters to admin certificate
 2017-05-05 10:58:42 -04:00
Spencer Smith
755c20f2f9 ensure the /etc/os-release is mounted read only 2017-05-01 14:51:40 -04:00
Spencer Smith
f608e9e4f8 add for rkt as well 2017-04-28 17:45:10 -04:00
Spencer Smith
fe7c2709f9 mount os-release to ensure the node's OS is what's seen in k8s api 2017-04-28 13:40:54 -04:00
Sergii Golovatiuk
085aeb6a0a Ansible 2.3 support 
- Fix when clauses in various places
- Update requirements.txt
- Fix README.md

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
 2017-04-26 15:22:10 +02:00
Spencer Smith
04818b9d94 fix stray 'in' and break into multiple lines for clarity 2017-04-20 09:53:01 -04:00
Spencer Smith
21b10784f4 allow for correct aws default resolver 2017-04-20 09:32:03 -04:00
Matthew Mosesohn
cb52d78845 Merge pull request #1246 from holser/disable_dns_for_kube_services 
Change DNS policy for kubernetes components
 2017-04-20 16:12:52 +03:00
Sergii Golovatiuk
f061ce63b3 Add aws to default_resolver 
When VPC is used, external DNS might not be available. This patch change
behavior to use metadata service instead of external DNS when
upstream_dns_servers is not specified.

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
 2017-04-20 11:47:19 +02:00
Sergii Golovatiuk
0a687a22ff Change DNS policy for kubernetes components 
According to code apiserver, scheduler, controller-manager, proxy don't
use resolution of objects they created. It's not harmful to change
policy to have external resolver.

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
 2017-04-20 11:22:57 +02:00
Matthew Mosesohn
fc5ca5090e Merge pull request #1238 from Starefossen/fix/namespace-template-file 
Move namespace file to template directory
 2017-04-20 12:19:55 +03:00
Matthew Mosesohn
8d5d973a64 Merge pull request #1241 from bradbeam/rktcnidir 
Explicitly create cni bin dir
 2017-04-20 12:19:26 +03:00
Sergii Golovatiuk
1268c9b642 Fix restart kube-controller (#1242) 
kubernetesUnitPrefix was changed to k8s_* in 1.5. This patch reflects
this change in kargo
 2017-04-20 11:26:01 +03:00
Brad Beam
0dc4967e43 Explicitly create cni bin dir 
If this path doesnt exist, it will cause kubelet to fail to start when
using rkt
 2017-04-19 16:00:44 +00:00
Hans Kristian Flaatten
12bbb243b2 Move namespace file to template directory 2017-04-19 13:37:02 +02:00
Spencer Smith
e76ed88ea2 Merge pull request #1232 from rsmitty/custom-flags 
add ability for custom flags
 2017-04-17 14:01:32 -04:00
Spencer Smith
1d848dc211 remove stray spaces in templating 2017-04-17 12:24:24 -04:00
Spencer Smith
daa728e3cf ensure spacing on string of flags 2017-04-17 12:13:39 -04:00
Spencer Smith
0fb9469249 ensure spacing on string of flags 2017-04-17 11:11:10 -04:00
Spencer Smith
c1192b1154 update to safeguard against accidentally passing string instead of list 2017-04-17 11:09:34 -04:00
Matthew Mosesohn
f500f32771 Merge pull request #1233 from gbolo/master 
allow admission control plug-ins to be easily customized
 2017-04-17 12:59:49 +03:00
gbolo
c05d141128 allow admission control plug-ins to be easily customized 2017-04-16 22:03:45 -04:00
Spencer Smith
7656ae2887 add ability for custom flags 2017-04-14 17:33:04 -04:00
Matthew Mosesohn
74c43c290a Skip vault cert task evaluation completely when using script cert generation 2017-04-13 19:29:07 +03:00
Matthew Mosesohn
72749b8e73 Update kubelet.j2 2017-04-06 22:59:18 +03:00
Matthew Mosesohn
d74770147e Unbreak 1.5 deployment with kubelet 
1.5 kubelet fails to start when using unknown params
 2017-04-06 21:07:48 +03:00
Matthew Mosesohn
06c8399c6e Merge pull request #1208 from mattymo/1.6-flannel 
Update to k8s 1.6 with flannel and centos fixes
 2017-04-06 13:04:02 +03:00
Matthew Mosesohn
655721268d Fix flannel for 1.6 and apply fixes to enable containerized kubelet 2017-04-06 10:06:21 +04:00
Matthew Mosesohn
b50839bb9f Merge pull request #1205 from holser/resolv_updates 
Refactoring resolv.conf
 2017-04-05 14:22:52 +03:00