Commit graph

23 commits

Author SHA1 Message Date
Matthew Mosesohn
3f274115b0 Generate individual certificates for k8s hosts 2017-01-11 12:58:07 +03:00
Bogdan Dobrelya
5af2c42bde Better fix for different CoreOS os family facts
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-01-05 16:32:08 +01:00
Bogdan Dobrelya
f7447837c5 Rename CoreOS fact
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-01-05 14:02:29 +01:00
Matthew Mosesohn
6d9cd2d720 Fix calico-rr to use etcd certs instead of kube certs 2016-12-27 17:04:50 +03:00
Aleksandr Didenko
d57c27ffcf Add calico/routereflector support
Add BGP route reflectors support in order to optimize BGP topology
for deployments with Calico network plugin.

Also bump version of calico/ctl for some bug fixes.
2016-12-14 13:44:10 +01:00
Bogdan Dobrelya
8cc84e132a Add tags
Add tags to allow more granular tasks filtering.
Add generator script for MD formatted tags found.
Add docs for tags how-to.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
2016-12-09 12:14:28 +01:00
Matthew Mosesohn
46ee9faca9 Fix ca certificate loading on CoreOS 2016-11-14 08:47:09 +04:00
Matthew Mosesohn
c7b00caeaa Use tar+register instead of copy/slurp for distributing tokens and certs
Related bug: https://github.com/ansible/ansible/issues/15405

Uses tar and register because synchronize module cannot sudo on the
remote side correctly and copy is too slow.

This patch dramatically cuts down the number of tasks to process
for cert synchronization.
2016-10-26 15:46:18 +03:00
Matthew Mosesohn
0e9d1e09e3 Sync master tokens only with those in play_hosts 2016-10-21 14:43:41 +03:00
Matthew Mosesohn
84052ff0b6 use nginx proxy on non-master nodes to proxy apiserver traffic
Also adds all masters by hostname and localhost/127.0.0.1 to
apiserver SSL certificate.

Includes documentation update on how localhost loadbalancer works.
2016-10-05 20:09:10 +03:00
Paul Czarkowski
d8bebcd201 Fix issue with check_certs playbook
check_certs task "Check_certs | Set 'sync_certs' to true" was failing
due to the dict not existing, this sets defaults that allows the
correct behavior of the conditionals.
2016-05-15 17:15:59 -05:00
Smana
ae5ff890d4 fix flannel deployment, remove docker bridge before restarting 2016-05-13 18:10:00 +02:00
Smana
1884d89d3b fixes the certs issue when masters or not in the kube-node group 2016-05-12 10:07:34 +02:00
Smaine Kahlouch
ed95f9ab81 Merge pull request #232 from rsmitty/issue-231
Issue 231: ensure ca.pem makes it to multi-masters
2016-05-11 21:24:04 +02:00
Spencer Smith
9f8466a186 ensure ALL certs are synced between masters 2016-05-11 10:09:13 -07:00
Spencer Smith
743ad0eb5c s/sync_certs/sync_tokens 2016-05-11 09:38:26 -07:00
Spencer Smith
5253b3ec13 ensure ca.pem makes it to multi-masters 2016-05-11 09:06:08 -07:00
Smana
4f627baf71 generate secrets on first master 2016-05-07 21:08:29 +02:00
Smana
48a85ce8f8 use docker repository to install on CentOS 2016-04-11 11:17:14 +02:00
Smana
5c22133492 fix add nodes to the cluster 2016-04-08 07:45:39 +02:00
Smana
850b7466cd remove deprecation warns and update doc 2016-04-04 10:14:56 +02:00
teuto.net Netzdienste GmbH
457ed11b49 fixed deprecation warnings regarding bare variables 2016-03-30 10:23:43 +02:00
Smana
91fca69aa0 generate secrets on deployment machine
test travis with sudo=true instead of required
2016-02-13 06:51:54 +01:00