77f1d4b0f1
Revert "Update roadmap" ( #1809 )
* Revert "Debian jessie docs (#1806 )"
This reverts commit d78577c810#1800 )"
This reverts commit 5fb6b2eaf7#1799 )"
This reverts commit 404caa111a#1780 )"
This reverts commit b838468500#1779 )"
This reverts commit f2235be1d3#1763 )"
This reverts commit 6ec45b10f1#1795 )"
This reverts commit d9879d8026
7 years ago
b838468500
Fixed kubelet standard log environment ( #1780 )
Change KUBE_LOGGING to KUBE_LOGTOSTDERR, when installing kubelet
as host type.
7 years ago
f2235be1d3
Add support for fedora atomic host ( #1779 )
* don't try to install this rpm on fedora atomic
* add docker 1.13.1 for fedora
* built-in docker unit file is sufficient, as tested on both fedora and centos atomic
7 years ago
6ec45b10f1
Update network-plugins to use portmap plugin ( #1763 )
Portmap allow to use hostPort with CNI plugins. Should fix #1675
7 years ago
d9879d8026
Update roadmap ( #1795 )
7 years ago
d487b2f927
Security best practice fixes ( #1783 )
* Disable basic and token auth by default
* Add recommended security params
* allow basic auth to fail in tests
* Enable TLS authentication for kubelet
7 years ago
66e5e14bac
Restart kubelet on update in deployment-type host on update ( #1759 )
* Restart kubelet on update in deployment-type host on update
* Update install_host.yml
* Update install_host.yml
* Update install_host.yml
7 years ago
7e4668859b
Change file used to check kubeadm upgrade method ( #1784 )
* Change file used to check kubeadm upgrade method
Test for ca.crt instead of admin.conf because admin.conf
is created during normal deployment.
* more fixes for upgrade
7 years ago
92d038062e
Fix node authorization for cloudprovider installs ( #1794 )
In 1.8, the Node authorization mode should be listed first to
allow kubelet to access secrets. This seems to only impact
environments with cloudprovider enabled.
7 years ago
2972bceb90
Changre raw execution to use yum module ( #1785 )
* Changre raw execution to use yum module
Changed raw exection to use yum module provided by Ansible.
* Replace ansible_ssh_* by ansible_*
Ansible 2.0 has deprecated the “ssh” from ansible_ssh_user, ansible_ssh_host, and ansible_ssh_port to become ansible_user, ansible_host, and ansible_port. If you are using a version of Ansible prior to 2.0, you should continue using the older style variables (ansible_ssh_*). These shorter variables are ignored, without warning, in older versions of Ansible.
I am not sure about the broader impact of this change. But I have seen on the requirements the version required is ansible>=2.4.0.
http://docs.ansible.com/ansible/latest/intro_inventory.html
7 years ago
cb0a60a0fe
calico v2.5.0 should use calico/routereflector:v0.4.0 ( #1792 )
7 years ago
3ee91e15ff
Use commas in no_proxy ( #1782 )
7 years ago
ef47a73382
Add new addon Istio ( #1744 )
* add istio addon
* add addons to a ci job
7 years ago
dc515e5ac5
Remove kernel-upgrade role ( #1798 )
This role only support Red Hat type distros and is not maintained
or used by many users. It should be removed because it creates
feature disparity between supported OSes and is not maintained.
7 years ago
56763d4288
Persist br_netfilter module loading ( #1760 )
7 years ago
10dd049912
Revert "Security fixes for etcd ( #1778 )" ( #1786 )
This reverts commit 4209f1cbfd
7 years ago
4209f1cbfd
Security fixes for etcd ( #1778 )
* Security fixes for etcd
* Use certs when querying etcd
7 years ago
ee83e874a8
Clear admin kubeconfig when rotating certs ( #1772 )
* Clear admin kubeconfig when rotating certs
* Update main.yml
7 years ago
27ed73e3e3
Rename dns_server, add var for selinux. ( #1572 )
* Rename dns_server to dnsmasq_dns_server so that it includes role prefix
as the var name is generic and conflicts when integrating with existing ansible automation.
* Enable selinux state to be configurable with new var preinstall_selinux_state
7 years ago
e41c0532e3
add possibility to disable fail with swap ( #1773 )
7 years ago
eeb7274d65
Adjust memory reservation for master nodes ( #1769 )
7 years ago
eb0dcf6063
Improve proxy ( #1771 )
* Set no_proxy to all local ips
* Use proxy settings on all necessary tasks
7 years ago
83be0735cd
Fix setting etcd client cert serial ( #1775 )
7 years ago
fe4ba51d1a
Set node IP correctly ( #1770 )
Fixes #1741
7 years ago
adf575b75e
Set default value for disable_shared_pid ( #1710 )
PID namespace sharing is disabled only in Kubernetes 1.7.
Explicitily enabling it by default could help reduce unexpected
results when upgrading to or downgrading from 1.7.
7 years ago
7c663de6c9
add /etc/hosts volume to rkt templates
7 years ago
c14bbcdbf2
Include bin_dir when patching helm tiller with kubectl
7 years ago
1be4c1935a
Fix bool check assert
7 years ago
764b1aa5f8
Force synchronize to use ssh_args so it works when using bastion
In case ssh.config is set to use bastion, synchronize needs to use it too.
7 years ago
55dfae2a52
Followup fix for CVE-2017-14491
7 years ago
b81c0d869c
Adding calico/node env vars for prometheus configuration
7 years ago
f14f04c5ea
Upgrade to kubernetes v1.8.0 ( #1730 )
* Upgrade to kubernetes v1.8.0
hyperkube no longer contains rsync, so now use cp
* Enable node authorization mode
* change kube-proxy cert group name
7 years ago
9c86da1403
Normalize tags in all places to prepare for tag fixing in future ( #1739 )
7 years ago
ab171a1d6d
don't delegate cert slurp
7 years ago
a56738324a
Move set_facts to kubespray-defaults defaults
These facts can be generated in defaults with a performance
boost.
Also cleaned up duplicate etcd var names.
7 years ago
e42cb43ca5
add bootstrap for debian ( #1726 )
7 years ago
ca541c7e4a
Ensuring vault service is stopped in reset tasks ( #1736 )
7 years ago
96e14424f0
Adding kubedns update for CVE-2017-14491 ( #1735 )
7 years ago
dae9f6d3c2
Test if tokens are expired from host instead of inside container ( #1727 )
* Test if tokens are expired from host instead of inside container
* Update main.yml
7 years ago
8e1210f96e
Fix cluster-network w/ prefix > 25 not possible with CNI ( #1713 )
7 years ago
371fa51e82
Make installation of EPEL optional ( #1721 )
7 years ago
a55675acf8
Enable RBAC with kubeadm always ( #1711 )
7 years ago
25dd3d476a
Fix error for azure+calico assert ( #1717 )
Fixes #1716
7 years ago
3ff5f40bdb
fix graceful upgrade ( #1704 )
Fix system namespace creation
Only rotate tokens when necessary
7 years ago
689ded0413
Enable kubeadm upgrades to any version ( #1709 )
7 years ago
327ed157ef
Verify valid settings before deploy ( #1705 )
Also fix yaml lint issues
Fixes #1703
7 years ago
477afa8711
when and run_once are reduplicative ( #1694 )
7 years ago
bd272e0b3c
Upgrade to kubeadm ( #1667 )
* Enable upgrade to kubeadm
* fix kubedns upgrade
* try upgrade route
* use init/upgrade strategy for kubeadm and ignore kubedns svc
* Use bin_dir for kubeadm
* delete more secrets
* fix waiting for terminating pods
* Manually enforce kube-proxy for kubeadm deploy
* remove proxy. update to kubeadm 1.8.0rc1
7 years ago
20db1738fa
feature: install project atomic CSS on RedHat family ( #1499 )
* feature: install project atomic CSS on RedHat family
* missing patch for this feature
* sub-role refactor
* Yamllint fix
7 years ago
b23d81f825
Add etcd_blkio_weight var ( #1690 )
7 years ago
neith00
Seungkyu Ahn
Jason Brooks
Kevin Lefevre
Matthew Mosesohn
Julian Poschmann
abelgana
刘旭
Vijay Katam
Aivars Sterns
Hyunsun Moon
Simon Li
ant31
pmontanari
Brad Beam
Spencer Smith
Matthew Mosesohn
Brad Beam
Peter Slijkhuis
tanshanshan
Martin Uddén
Hassan Zamani