Matthew Mosesohn
f7703dbca3
Block anonymous auth requests to kubelet
2017-10-30 19:06:54 +00:00
Spencer Smith
4470ee4ccf
Merge pull request #1887 from mattymo/fix_indent_apiserver
...
fix indentation for network policy option
2017-10-30 11:33:13 -04:00
abelgana
d738acf638
Update kubelet.kubeadm.env.j2 ( #1901 )
2017-10-30 11:33:02 +00:00
tanshanshan
84d92aa3c7
fix-bug ( #1900 )
2017-10-30 11:23:24 +00:00
Spencer Smith
591941bd39
Merge pull request #1884 from abelgana/master
...
Sysctl reload if needed after IP forward enabling
2017-10-27 15:12:08 -04:00
Spencer Smith
e90769c869
Merge pull request #1888 from chapsuk/issue_1885
...
Disable swap in vagrant vms
2017-10-27 15:10:16 -04:00
mkrasilnikov
2c7c956be9
Disable swap in vagrant vms
2017-10-27 19:57:54 +03:00
Matthew Mosesohn
fe81bba08d
Force kubelet certificates to be generated as lowercase ( #1886 )
...
All nodes get converted to lowercase, so certs should set
CN with lowercase as well.
2017-10-27 15:58:25 +01:00
Matthew Mosesohn
564de07963
fix indentation for network policy option
2017-10-27 14:56:22 +01:00
abelgana
d9160f19c0
Sysctl reload if needed after IP forward enabling
...
Add reload yes to reload sysctl if the value of net.ipv4.ip_forward changes.
- name: Enable ip forwarding
sysctl:
sysctl_file: "{{sysctl_file_path}}"
name: net.ipv4.ip_forward
value: 1
state: present
reload: yes
tags:
- bootstrap-os
2017-10-26 13:06:21 -04:00
Brad Beam
ba0a03a8ba
Merge pull request #1880 from mattymo/node_auth_fixes2
...
Move cluster roles and system namespace to new role
2017-10-26 10:02:24 -05:00
Matthew Mosesohn
b0f04d925a
Update network policy setting for Kubernetes 1.8 ( #1879 )
...
It is now enabled by default in 1.8 with the api changed
to networking.k8s.io/v1 instead of extensions/v1beta1.
2017-10-26 15:35:26 +01:00
Matthew Mosesohn
ec53b8b66a
Move cluster roles and system namespace to new role
...
This should be done after kubeconfig is set for admin and
before network plugins are up.
2017-10-26 14:36:05 +01:00
Matthew Mosesohn
86fb669fd3
Idempotency fixes ( #1838 )
2017-10-25 21:19:40 +01:00
Chiang Fong Lee
5dc56df64e
Fix ordering of kube-apiserver admission control plug-ins ( #1841 )
2017-10-24 17:28:07 +01:00
Haiwei Liu
cfea99c4ee
Fix scale.yml to supoort kubeadm ( #1863 )
...
Signed-off-by: Haiwei Liu <carllhw@gmail.com>
2017-10-24 16:08:48 +01:00
Matthew Mosesohn
0b4fcc83bd
Fix up warnings and deprecations ( #1848 )
2017-10-20 08:25:57 +01:00
Matthew Mosesohn
fc9a65be2b
Refactor downloads to use download role directly ( #1824 )
...
* Refactor downloads to use download role directly
Also disable fact delegation so download delegate works acros OSes.
* clean up bools and ansible_os_family conditionals
2017-10-19 09:17:11 +01:00
Jan Jungnickel
49dff97d9c
Relabel controler-manager to kube-controller-manager ( #1830 )
...
Fixes #1129
2017-10-18 17:29:18 +01:00
Hassan Zamani
c9fe8fde59
Use fail-swap-on flag only for kube_version >= 1.8 ( #1829 )
2017-10-18 16:32:38 +01:00
Matthew Mosesohn
16462292e1
Properly skip extra SANs when not specified for kubeadm ( #1831 )
2017-10-18 12:04:13 +01:00
pmontanari
20d80311f0
Update main.yml ( #1822 )
...
* Update main.yml
Needs to set up resolv.conf before updating Yum cache otherwise no name resolution available (resolv.conf empty).
* Update main.yml
Removing trailing spaces
2017-10-18 11:42:00 +01:00
Tennis Smith
54320c5b09
set to 3 digit version number ( #1817 )
2017-10-17 11:14:29 +01:00
Rémi de Passmoilesel
356515222a
Add possibility to insert more ip adresses in certificates ( #1678 )
...
* Add possibility to insert more ip adresses in certificates
* Add newline at end of files
* Move supp ip parameters to k8s-cluster group file
* Add supplementary addresses in kubeadm master role
* Improve openssl indexes
2017-10-17 11:06:07 +01:00
neith00
77f1d4b0f1
Revert "Update roadmap" ( #1809 )
...
* Revert "Debian jessie docs (#1806 )"
This reverts commit d78577c810
.
* Revert "[contrib/network-storage/glusterfs] adds service for glusterfs endpoint (#1800 )"
This reverts commit 5fb6b2eaf7
.
* Revert "[contrib/network-storage/glusterfs] bootstrap for glusterfs nodes (#1799 )"
This reverts commit 404caa111a
.
* Revert "Fixed kubelet standard log environment (#1780 )"
This reverts commit b838468500
.
* Revert "Add support for fedora atomic host (#1779 )"
This reverts commit f2235be1d3
.
* Revert "Update network-plugins to use portmap plugin (#1763 )"
This reverts commit 6ec45b10f1
.
* Revert "Update roadmap (#1795 )"
This reverts commit d9879d8026
.
2017-10-16 14:09:24 +01:00
Seungkyu Ahn
b838468500
Fixed kubelet standard log environment ( #1780 )
...
Change KUBE_LOGGING to KUBE_LOGTOSTDERR, when installing kubelet
as host type.
2017-10-16 08:22:54 +01:00
Jason Brooks
f2235be1d3
Add support for fedora atomic host ( #1779 )
...
* don't try to install this rpm on fedora atomic
* add docker 1.13.1 for fedora
* built-in docker unit file is sufficient, as tested on both fedora and centos atomic
2017-10-16 08:03:33 +01:00
Matthew Mosesohn
d9879d8026
Update roadmap ( #1795 )
2017-10-16 07:06:06 +01:00
Matthew Mosesohn
d487b2f927
Security best practice fixes ( #1783 )
...
* Disable basic and token auth by default
* Add recommended security params
* allow basic auth to fail in tests
* Enable TLS authentication for kubelet
2017-10-15 20:41:17 +01:00
Julian Poschmann
66e5e14bac
Restart kubelet on update in deployment-type host on update ( #1759 )
...
* Restart kubelet on update in deployment-type host on update
* Update install_host.yml
* Update install_host.yml
* Update install_host.yml
2017-10-15 20:22:17 +01:00
Matthew Mosesohn
7e4668859b
Change file used to check kubeadm upgrade method ( #1784 )
...
* Change file used to check kubeadm upgrade method
Test for ca.crt instead of admin.conf because admin.conf
is created during normal deployment.
* more fixes for upgrade
2017-10-15 10:33:22 +01:00
Matthew Mosesohn
ef47a73382
Add new addon Istio ( #1744 )
...
* add istio addon
* add addons to a ci job
2017-10-13 15:42:54 +01:00
Julian Poschmann
56763d4288
Persist br_netfilter module loading ( #1760 )
2017-10-13 10:50:29 +01:00
Matthew Mosesohn
ee83e874a8
Clear admin kubeconfig when rotating certs ( #1772 )
...
* Clear admin kubeconfig when rotating certs
* Update main.yml
2017-10-12 09:55:46 +01:00
Vijay Katam
27ed73e3e3
Rename dns_server, add var for selinux. ( #1572 )
...
* Rename dns_server to dnsmasq_dns_server so that it includes role prefix
as the var name is generic and conflicts when integrating with existing ansible automation.
* Enable selinux state to be configurable with new var preinstall_selinux_state
2017-10-11 20:40:21 +01:00
Aivars Sterns
e41c0532e3
add possibility to disable fail with swap ( #1773 )
2017-10-11 19:49:31 +01:00
Matthew Mosesohn
eeb7274d65
Adjust memory reservation for master nodes ( #1769 )
2017-10-11 19:47:42 +01:00
Matthew Mosesohn
eb0dcf6063
Improve proxy ( #1771 )
...
* Set no_proxy to all local ips
* Use proxy settings on all necessary tasks
2017-10-11 19:47:27 +01:00
Matthew Mosesohn
fe4ba51d1a
Set node IP correctly ( #1770 )
...
Fixes #1741
2017-10-11 15:28:42 +01:00
Hyunsun Moon
adf575b75e
Set default value for disable_shared_pid ( #1710 )
...
PID namespace sharing is disabled only in Kubernetes 1.7.
Explicitily enabling it by default could help reduce unexpected
results when upgrading to or downgrading from 1.7.
2017-10-11 14:55:51 +01:00
Spencer Smith
3d09c4be75
Merge pull request #1756 from kubernetes-incubator/fix_bool_assert
...
Fix bool check assert
2017-10-10 10:38:53 -04:00
Spencer Smith
f2db15873d
Merge pull request #1754 from ArchiFleKs/rkt-kubelet-fix
...
add hosts to rkt kubelet
2017-10-10 10:37:36 -04:00
ArchiFleKs
7c663de6c9
add /etc/hosts volume to rkt templates
2017-10-09 16:41:51 +02:00
ant31
1be4c1935a
Fix bool check assert
2017-10-06 17:02:38 +00:00
Matthew Mosesohn
f14f04c5ea
Upgrade to kubernetes v1.8.0 ( #1730 )
...
* Upgrade to kubernetes v1.8.0
hyperkube no longer contains rsync, so now use cp
* Enable node authorization mode
* change kube-proxy cert group name
2017-10-05 10:51:21 +01:00
Aivars Sterns
9c86da1403
Normalize tags in all places to prepare for tag fixing in future ( #1739 )
2017-10-05 08:43:04 +01:00
Spencer Smith
cb611b5ed0
Merge pull request #1742 from mattymo/facts_as_vars
...
Move set_facts to kubespray-defaults defaults
2017-10-04 15:46:39 -04:00
Spencer Smith
ab171a1d6d
don't delegate cert slurp
2017-10-04 13:06:51 -04:00
Matthew Mosesohn
a56738324a
Move set_facts to kubespray-defaults defaults
...
These facts can be generated in defaults with a performance
boost.
Also cleaned up duplicate etcd var names.
2017-10-04 14:02:47 +01:00
Matthew Mosesohn
e42cb43ca5
add bootstrap for debian ( #1726 )
2017-10-03 08:30:45 +01:00