acbf3db233
Remove hard dependence on facts for all nodes ( #4304 )
* Remove hard dependence on facts for all nodes
* Update main.yaml
* Update main.yaml
6 years ago
73aee004ac
Enable ClearLinux as a distro in kubespray ( #3855 )
Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>
6 years ago
1712314fab
Setting host_architecture var ( #3846 )
Setting host_architecture to allow etcd upgrade working through: ansible-playbook -b -i inventory/sample/hosts.ini cluster.yml --tags=etcd (on other case host_architecture is missing)
6 years ago
145687a48e
Reduce log spam of verbose tasks ( #3806 )
Added a loop_control label to a few tasks that flood our logs.
6 years ago
3dcb914607
Remove Vault ( #3684 )
* Remove Vault
* Remove reference to 'kargo' in the doc
* change check order
6 years ago
b2b421840c
Fix some typos ( #3690 )
Signed-off-by: mooncake <xcoder@tenxcloud.com>
6 years ago
9c83551a0e
add certificate authority file ( #3433 )
6 years ago
bc74a37696
Calculate etcd client cert serial for appropriate groups ( #3605 )
Standalone etcd nodes do not generate node-$hostname certs and do
not need this serial calculated.
6 years ago
0acb823d96
Distribute node etcd certificates like it's done in kubernetes/secrets ( #3486 )
* do it like in kubernetes/secrets
* fix indentation
* processed comments
* missed one, sorry
* trailing space fix
6 years ago
b4e2b85745
Replace shell with command in order to allow the task to fail when openssl x509 does return zero ( #3516 )
6 years ago
fcd8d850dc
Fix ansible syntax to avoid ansible warnings (again) ( #3509 )
* Fix ansible syntax to avoid ansible warnings (again)
* warn: false on tar -cfz
* wrong placement of warn:false
6 years ago
2ab2f3a0a3
Ability to define SSL certificates duration and SSL key size ( #3482 )
* Ability to specify ssl certificate duration and ssl key size - etcd/secrets
* Ability to specify ssl certificate duration and ssl key size - helm/contiv + fix contiv missing copy certs generation script
6 years ago
145e5c8943
use copy and slurp module ( #3313 )
6 years ago
84c4c7dc82
Use synchronize module
6 years ago
aaa9a4efac
Ensure vault file permissions are correct
6 years ago
7cbe3c2171
ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version
ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version
remove empty when line
ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version
force kubeadm upgrade due to failure without --force flag
ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version
added nodeSelector to have compatibility with hybrid cluster with win nodes, also fix for download with missing container type
fixes in syntax and LF for newline in files
fix on yamllint check
ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version
some cleanup for innecesary lines
remove conditions for nodeselector
6 years ago
82a28d6bb3
Add documentation about having HA for etcd
6 years ago
359009bb05
Download etcd and hyperkube binary.
6 years ago
1567a977c3
Revert "gen_certs_script: refactor using stdin (Ansible 2.4+)"
6 years ago
69786b2d16
gen_certs_script: refactor using stdin (Ansible 2.4+)
6 years ago
97e0de7e29
Fix vault file owner issues and k8s apiserver cert creation ( #2985 )
apiserver cert should be created only once
6 years ago
5c617c5a8b
Add tags to deploy components by --tags option ( #2960 )
* Add tags for cert serial tasks
This will help facilitate tag-based deployment of specific components.
* fixup kubernetes node
6 years ago
7c22def422
add etcd_events_access_address
6 years ago
70fbc01cc1
fix etcd_events_access_addresses
6 years ago
59be578842
Revert "wip pr for improved cert sync" ( #2849 )
6 years ago
7433348aae
wip pr for improved cert sync
6 years ago
9168c71359
Revert "Revert "Add openSUSE support" ( #2697 )" ( #2699 )
This reverts commit 51f4e6585a
6 years ago
51f4e6585a
Revert "Add openSUSE support" ( #2697 )
6 years ago
2d34781259
roles: etcd: Add support for SUSE distributions
Add path for certificate location for SUSE distributions. Also make sure
the 'update-ca-certificates' command is executed on SUSE hosts as well.
7 years ago
86e3506ae6
Etcd cluster setup makeover
The current way to setup the etc cluster is messy and buggy.
- It checks for cluster is healthy before the cluster is even created.
- The unit files are started on handlers, not in the task, so you mess with "flush handlers".
- The join_member.yml is not used.
- etcd events cluster is not configured for kubeadm
- remove duplicate runs between running the role on etcd nodes and k8s nodes
7 years ago
b9b028a735
Update etcd deployment to use correct cert and key ( #2572 )
* Update etcd deployment to use correct cert and key
* Update to use admin cert for etcdctl commands
* Update handler to use admin cert too
7 years ago
859a7f32fb
Fix import task. Has to be include task to evalutate etcd_cluster_setup variable at run time
7 years ago
67ffd8e923
Add etcd-events cluster for kube-apiserver ( #2385 )
Add etcd-events cluster for kube-apiserver
7 years ago
c0aad0a6d5
Fix install etcd by host service ( #2297 )
Fix bug issues #2289
7 years ago
dc6a17e092
Use include/import tasks ( #2192 )
import_tasks will consume far less memory, so it should be
used whenever it is compatible.
7 years ago
1401286910
Add support for cert alt names for etcd ( #2139 )
* Add support for cert alt names for etcd
* Update gen_certs_vault.yml
7 years ago
e45b30d033
Add etcd key and cert environment variables for use with client auth
7 years ago
c7910b51a1
--peers DEPRECATED - --endpoints should be used instead ( #1943 )
7 years ago
0126168472
provide environment for rkt trust and run with etcd
7 years ago
86fb669fd3
Idempotency fixes ( #1838 )
7 years ago
0b4fcc83bd
Fix up warnings and deprecations ( #1848 )
7 years ago
514359e556
Improve etcd scale up ( #1846 )
Now adding unjoined members to existing etcd cluster
occurs one at a time so that the cluster does not
lose quorum.
7 years ago
10dd049912
Revert "Security fixes for etcd ( #1778 )" ( #1786 )
This reverts commit 4209f1cbfd
7 years ago
4209f1cbfd
Security fixes for etcd ( #1778 )
* Security fixes for etcd
* Use certs when querying etcd
7 years ago
83be0735cd
Fix setting etcd client cert serial ( #1775 )
7 years ago
9c86da1403
Normalize tags in all places to prepare for tag fixing in future ( #1739 )
7 years ago
a56738324a
Move set_facts to kubespray-defaults defaults
These facts can be generated in defaults with a performance
boost.
Also cleaned up duplicate etcd var names.
7 years ago
126f42de06
drop unused etcd logic
Fixes #1660
7 years ago
30b5493fd6
use command module instead of shell module
7 years ago
ac281476c8
Prune unnecessary certs from vault setup ( #1652 )
* Cleaning up cert checks for vault
* Removing all unnecessary etcd certs from each node
* Removing all unnecessary kube certs from each node
7 years ago
Matthew Mosesohn
Ganesh Maharaj Mahalingam
Andrey Zhelnin
Chad Swenson
Antoine Legrand
Bily Zhang
ankitcharolia
Bart Laarhoven
Erwan Miran
刘旭
rongzhang
Matthew Mosesohn
Pablo Estigarribia
Erwan Miran
Takashi Okamoto
Aivars Sterns
Tatsuyuki Ishi
elementyang
Markos Chandras
Markos Chandras
woopstar
RongZhang
Steve Mitchell
chenhonggc
Spencer Smith
Matthew Mosesohn
foxyriver
Brad Beam