Josh Conant
245e05ce61
Vault security hardening and role isolation
7 years ago
Josh Conant
f4ec2d18e5
Adding the Vault role
7 years ago
Sergii Golovatiuk
4124d84c00
Lower weave RAM settings.
- Since Weave 1.8.x was rewritten in Golang we may decrease RAM settings
to continue using g1-small for CI
7 years ago
Matthew Mosesohn
3c713a3f53
Fix upgrade for all daemonset type resources
Daemonsets cannot be simply upgraded through a single API call,
regardless of any kubectl documentation. The resource must be
purged and then recreated in order to make any changes.
7 years ago
Alexander Block
89e570493a
Also add the system nameservers to upstream servers in dnsmasq
Also make no-resolv unconditional again. Otherwise, we may end up in
a resolver loop. The resolver loop was the cause for the piling up
parallel queries.
7 years ago
Matthew Mosesohn
16674774c7
Merge pull request #994 from mattymo/docker_save
Change docker save compress level to 1
7 years ago
Matthew Mosesohn
0180ad7f38
Merge pull request #990 from mattymo/fix_cert_upgrade
Fix check for node-NODEID certs existence
7 years ago
Matthew Mosesohn
bfd1ea1da1
Merge pull request #971 from bradbeam/efk
Adding EFK logging stack
7 years ago
Mark Lee
3eacd0c871
Update rh_docker.repo.j2
7 years ago
Matthew Mosesohn
d587270293
Merge pull request #992 from vwfs/host_mount_dev
Host mount /dev for kubelet
7 years ago
Matthew Mosesohn
3eb13e83cf
Change docker save compress level to 1
Faster gzip improves CI deploy times by at least 2 mins.
Fixes #982
7 years ago
Mark Lee
df761713aa
Merge branch 'master' of https://github.com/kubespray/kargo
7 years ago
Mark Lee
de50f37fea
enable proxy support on docker repository
7 years ago
Matthew Mosesohn
bad6076905
Merge pull request #987 from mattymo/etcd-retune
Re-tune ETCD performance params
7 years ago
Bogdan Dobrelya
c2bd76a22e
Merge pull request #956 from adidenko/update-netchecker
Update playbooks to support new netchecker
7 years ago
Alexander Block
010fe30b53
Host mount /dev for kubelet
7 years ago
Matthew Mosesohn
e5779ab786
Fix check for node-NODEID certs existence
Fixes upgrade from pre-individual node cert envs.
7 years ago
Matthew Mosesohn
71e14a13b4
Re-tune ETCD performance params
Reduce election timeout to 5000ms (was 10000ms)
Raise heartbeat interval to 250ms (was 100ms)
Remove etcd cpu share (was 300)
Make etcd_cpu_limit and etcd_memory_limit optional.
7 years ago
Matthew Mosesohn
491074aab1
Merge pull request #969 from mattymo/port_reserve
Prevent dynamic port allocation in nodePort range
7 years ago
Aleksandr Didenko
54af533b31
Update playbooks to support new netchecker
Netchecker is rewritten in Go lang with some new args instead of
env variables. Also netchecker-server no longer requires kubectl
container. Updating playbooks accordingly.
7 years ago
Matthew Mosesohn
4f13043d14
Merge pull request #976 from holser/bug/975
Improve Weave
7 years ago
Vladimir Rutsky
6a5df4d999
fix typo: "pubilcally"
7 years ago
Vladimir Rutsky
d41602088b
fix typo: "explicetely"
7 years ago
Matthew Mosesohn
f3a0f73588
Prevent dynamic port allocation in nodePort range
kube_apiserver_node_port_range should be accessible only
to kube-proxy and not be taken by a dynamic port allocation.
Potentially temporary if https://github.com/kubernetes/kubernetes/issues/40920
gets fixed.
7 years ago
Matthew Mosesohn
be1e1b41bd
Merge pull request #981 from kubernetes-incubator/revert-911-DROP_CAPS
Revert "Drop linux capabilities and rework users/groups"
7 years ago
Matthew Mosesohn
fd30131dc2
Revert "Drop linux capabilities and rework users/groups"
7 years ago
Sergii Golovatiuk
5122697f0b
Improve Weave
- Remove weave CPU limits from .gitlab-ci.yml. Closes : #975
- Fix weave version in documentation
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Bogdan Dobrelya
b7bf502e02
Merge pull request #978 from rutsky/patch-1
remove extra `~`
7 years ago
Bogdan Dobrelya
3f70e3a843
Merge pull request #977 from holser/bug/973
Add .swp .swo .swn to .gitignore
7 years ago
Bogdan Dobrelya
cae2982d81
Merge pull request #911 from bogdando/DROP_CAPS
Drop linux capabilities and rework users/groups
7 years ago
Vladimir Rutsky
b638c89556
remove extra `~`
7 years ago
Bogdan Dobrelya
9bc51bd0e2
Merge pull request #972 from kubernetes-incubator/update-roadmap
Update roadmap.md
7 years ago
Sergii Golovatiuk
408b4f3f42
Add .swp .swo .swn to .gitignore
According to http://vimdoc.sourceforge.net/htmldoc/recover.html vim
creates .swo .swn .swp files. This patch adds them to .gitignore in all
directories recursively
Closes : #973
7 years ago
Antoine Legrand
d818ac1d59
Update roadmap.md
7 years ago
Antoine Legrand
bd1c764a1a
Merge pull request #963 from rutsky/bastion-ansible-host
handle both 'ansible_host' and 'ansible_ssh_host' in bastion configration
7 years ago
Antoine Legrand
8f377ad8bd
Merge pull request #968 from rutsky/remove-deprecated-ubuntu-bootstrap
remove deprecated ubuntu-bootstrap.yml script
7 years ago
Brad Beam
df3e11bdb8
Adding EFK logging stack
7 years ago
Vladimir Rutsky
97dabbe997
remove deprecated ubuntu-bootstrap.yml script
Signed-off-by: Vladimir Rutsky <rutsky.vladimir@gmail.com>
7 years ago
Bogdan Dobrelya
5a7a3f6d4a
Merge pull request #949 from vmtyler/master
Fixes Support for OpenStack v3 credentials
7 years ago
Vladimir Rutsky
b4327fdc99
handle both 'ansible_host' and 'ansible_ssh_host' in bastion configuration
'absible_ssh_host' is deprecated in Ansible 2.0 and at least
'contrib/inventory_builder/inventory.py' uses 'ansible_host' instead.
7 years ago
Matthew Mosesohn
10f924a617
Merge pull request #927 from holser/nsenter_fix
Remove nsenter workaround
7 years ago
Matthew Mosesohn
3dd6a01c8b
Merge pull request #901 from galthaus/dns-tweak
DHCP Hook protections
7 years ago
Sergii Golovatiuk
585afef945
Remove nsenter workaround
- Docker 1.12 and further don't need nsenter hack. This patch removes
it. Also, it bumps the minimal version to 1.12.
Closes #776
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Matthew Mosesohn
bdc65990e1
Merge pull request #958 from holser/fix_weave_cpu
Fix CPU out of scope for Weave-net
7 years ago
Sergii Golovatiuk
f2e4ffcac2
Fix weave-net after upgrade to 1.82
- Set recommended CPU settings
- Cleans up upgrade to weave 1.82. The original WeaveWorks
daemonset definition uses weave-net name.
- Limit DS creation to master
- Combined 2 tasks into one with better condition
7 years ago
Matthew Mosesohn
ae66b6e648
Merge pull request #957 from mattymo/weave-net-naming
Rename weave-kube to weave-net
7 years ago
Greg Althaus
923057c1a8
This continues the DHCP hook checks. Also protect the create side
if the system doesn't have any config files at all.
8 years ago
Matthew Mosesohn
0f6e08d34f
Merge pull request #951 from mattymo/k8s-certs-scale
Fix cert distribution at scale
7 years ago
Matthew Mosesohn
4889a3e2e1
Merge pull request #954 from artem-panchenko/improve_dnsmasq
Explicitly set config path for DNSMasq
7 years ago
Matthew Mosesohn
39d87a96aa
Rename weave-kube to weave-net
Cleans up upgrade to weave 1.82. The original WeaveWorks
daemonset definition uses weave-net name.
7 years ago