C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
3350 commits 17 branches 66 tags 141 MiB
Commit graph

129 commits

Author SHA1 Message Date
Erwan Miran 80cfeea957 psp, roles and rbs for PodSecurityPolicy when podsecuritypolicy_enabled is true 2018-08-22 18:16:13 +02:00
Wong Hoi Sing Edison c3b3572025 Always create service account even rbac_enabled = false 2018-08-22 11:41:29 +08:00
Aivars Sterns 72f053d9bb
Merge pull request #2972 from mattymo/force_cni_cp 
Force copy cni files
 2018-07-10 09:40:10 +03:00
Matthew Mosesohn 1a3b9dd864 Force copy cni files 2018-07-06 16:39:42 +03:00
elementyang 8fee1ab102 change create to apply 2018-07-06 19:36:19 +08:00
Daniel Mohr 476b14b06e Make Calico nodename overridable on bare metal 
Signed-off-by: Daniel Mohr <daniel.mohr@supercrunch.io>
 2018-05-14 14:13:51 +02:00
Wong Hoi Sing Edison 195d6d791a Integrate jetstack/cert-manager 0.2.3 to Kubespray 2018-03-31 19:29:11 +08:00
Matthew Mosesohn 03bcfa7ff5
Stop templating kube-system namespace and creating it (#2545) 
Kubernetes makes this namespace automatically, so there is
no need for kubespray to manage it.
 2018-03-30 14:29:13 +03:00
Brad Beam 015ea62e92
Merge pull request #2262 from tmjd/calico-canal-v2-6-7 
Update Calico and Canal
 2018-03-27 21:07:28 -05:00
Anton Fayzrahmanov a75598b3f4
IP_AUTODETECTION_METHOD docs 2018-03-24 01:54:17 +03:00
Anton Fayzrahmanov 60a057cace
Update calico-node.yml.j2 2018-03-24 01:46:26 +03:00
Anton Fayzrahmanov dd9d0c0530
optional calico_ip_auto_method variable with IP_AUTODETECTION_METHOD 
can be set to one of
first-found
can-reach 
interface
 2018-03-23 16:33:20 +03:00
Erik Stidham 60bfc56e8e Update Calico and Canal 
- Updating to use calico-node v2.6.7
- A few updates to their manifests too
 2018-03-22 12:30:23 -05:00
Matthew Mosesohn 9837b7926f
Use proper lookup of etcd host for calico (#2408) 
Fixes #2397
 2018-03-02 15:36:52 +03:00
Brad Beam afb6e7dfc3
Merge pull request #2362 from mattymo/calico_ignore_extra_pools_again 
Use CNI to assign kube_pods_subnet for calico
 2018-02-28 12:36:50 -06:00
Matthew Mosesohn bc0fc5df98
Use node cert for etcd tasks instead of delegating to first etcd (#2386) 
For etcdctl commands, use admin cert instead of node because this file
doesn't exist on etcd only hosts.
 2018-02-27 22:23:51 +03:00
Brad Beam 89ade65ad6 Fixing etcd certs for calico rr (#2374) 2018-02-27 17:34:07 +03:00
Brad Beam 31659efe13 Fixing cert name in calico/canal for etcd check (#2358) 2018-02-22 17:37:07 +03:00
Matthew Mosesohn 87f33a4644 Use CNI to assign kube_pods_subnet for calico 
Now calico can be deployed if there are other existing pools
and not confuse IPAM and end up with pods in the wrong pools.
 2018-02-21 20:32:28 +03:00
Ryan Zenker ad9049a49e baremetal tweaks 
* allow installs to not have hostname overriden with fqdn from inventory
* calico-config no longer requires local as and will default to global
* when cloudprovider is not defined, use the inventory_hostname for cni-calico
* allow reset to not restart network (buggy nodes die with this cmd)
* default kube_override_hostname to inventory_hostname instead of ansible_hostname
 2018-02-06 13:52:22 -05:00
Matthew Mosesohn d2935ffed0
Optionally ignore the presence of extra calico pools (#2190) 2018-01-25 18:44:20 +03:00
Steve Mitchell e45b30d033 Add etcd key and cert environment variables for use with client auth 2018-01-02 13:52:17 -05:00
Matthew Mosesohn ec54b36e05
add retries for calico/canal etcd commands (#2007) 2017-11-28 16:39:55 +00:00
Spencer Smith bc1a4e12ad fix broken variable in ansible 2.4.1.0 and ensure tasks for calico-rr (#1982) 2017-11-16 18:44:15 +00:00
Hyunsun Moon 37125866ca Make calico_node_ignorelooserpf have an effect (#1945) 2017-11-13 09:35:13 +00:00
Matthew Mosesohn 86fb669fd3 Idempotency fixes (#1838) 2017-10-25 21:19:40 +01:00
Matthew Mosesohn fc9a65be2b Refactor downloads to use download role directly (#1824) 
* Refactor downloads to use download role directly

Also disable fact delegation so download delegate works acros OSes.

* clean up bools and ansible_os_family conditionals
 2017-10-19 09:17:11 +01:00
Matthew Mosesohn d4b10eb9f5 Fix path for calico get node names (#1816) 2017-10-17 10:54:48 +01:00
Kevin Lefevre 6ec45b10f1 Update network-plugins to use portmap plugin (#1763) 
Portmap allow to use hostPort with CNI plugins. Should fix #1675
 2017-10-16 07:11:38 +01:00
Matthew Mosesohn 10dd049912 Revert "Security fixes for etcd (#1778)" (#1786) 
This reverts commit 4209f1cbfd.
 2017-10-12 14:02:51 +01:00
Matthew Mosesohn 4209f1cbfd Security fixes for etcd (#1778) 
* Security fixes for etcd

* Use certs when querying etcd
 2017-10-12 13:32:54 +01:00
Brad Beam b81c0d869c Adding calico/node env vars for prometheus configuration 2017-10-05 08:46:01 -05:00
Matthew Mosesohn f14f04c5ea Upgrade to kubernetes v1.8.0 (#1730) 
* Upgrade to kubernetes v1.8.0

hyperkube no longer contains rsync, so now use cp

* Enable node authorization mode

* change kube-proxy cert group name
 2017-10-05 10:51:21 +01:00
Aivars Sterns 9c86da1403 Normalize tags in all places to prepare for tag fixing in future (#1739) 2017-10-05 08:43:04 +01:00
Matthew Mosesohn a56738324a Move set_facts to kubespray-defaults defaults 
These facts can be generated in defaults with a performance
boost.

Also cleaned up duplicate etcd var names.
 2017-10-04 14:02:47 +01:00
Matthew Mosesohn d94e3a81eb Use api lookup for kubelet hostname when using cloudprovider (#1686) 
The value cannot be determined properly via local facts, so
checking k8s api is the most reliable way to look up what hostname
is used when using a cloudprovider.
 2017-09-24 09:22:15 +01:00
Matthew Mosesohn b294db5aed fix apply for netchecker upgrade (#1659) 
* fix apply for netchecker upgrade and graceful upgrade

* Speed up daemonset upgrades. Make check wait for ds upgrades.
 2017-09-15 13:19:37 +01:00
Matthew Mosesohn 6744726089 kubeadm support (#1631) 
* kubeadm support

* move k8s master to a subtask
* disable k8s secrets when using kubeadm
* fix etcd cert serial var
* move simple auth users to master role
* make a kubeadm-specific env file for kubelet
* add non-ha CI job

* change ci boolean vars to json format

* fixup

* Update create-gce.yml

* Update create-gce.yml

* Update create-gce.yml
 2017-09-13 19:00:51 +01:00
Brad Beam eeffbbb43c Updating calicocni.hostname to calicocni.nodename 2017-09-08 12:47:40 +00:00
Brad Beam aaa0105f75 Flexing calicocni.hostname based on cloud provider 2017-09-08 12:47:40 +00:00
Matthew Mosesohn 77602dbb93 Move calico to daemonset (#1605) 
* Drop legacy calico logic

* add calico as a daemonset
 2017-09-04 11:29:51 +03:00
Brad Beam 71dca67ca2 Merge pull request #1508 from tmjd/update-calico-2-4-0 
Update Calico to 2.4.1 release.
 2017-08-24 14:57:29 -05:00
Brad Beam 8b151d12b9 Adding yamllinter to ci steps (#1556) 
* Adding yaml linter to ci check

* Minor linting fixes from yamllint

* Changing CI to install python pkgs from requirements.txt

- adding in a secondary requirements.txt for tests
- moving yamllint to tests requirements
 2017-08-24 12:09:52 +03:00
Erik Stidham 9f9f70aade Update Calico to 2.4.1 release. 
- Switched Calico images to be pulled from quay.io
- Updated Canal too
 2017-08-21 09:33:12 -05:00
Vijay Katam c92506e2e7 Add calico variable that enables ignoring Kernel's RPF Setting (#1493) 2017-08-20 14:01:09 +03:00
AtzeDeVries e160018826 Fixed conflicts, ipip:true as defualt and added ipip_mode 2017-07-08 14:36:44 +02:00
Kevin Jing Qiu a742d10c54 Allow calico ipPool to be created with mode "cross-subnet" 2017-07-04 19:05:16 -04:00
AtzeDeVries 61b74f9a5b updated to direct control over ipip 2017-06-23 09:16:05 +02:00
AtzeDeVries 7332679678 Give more control over IPIP, but with same default behaviour 2017-06-20 14:50:08 +02:00
Justin Hunthrop af55e179c7 adding --skip-exists flag for peer_with_router 2017-05-25 14:29:18 -05:00