d9879d8026
Update roadmap ( #1795 )
7 years ago
d487b2f927
Security best practice fixes ( #1783 )
* Disable basic and token auth by default
* Add recommended security params
* allow basic auth to fail in tests
* Enable TLS authentication for kubelet
7 years ago
66e5e14bac
Restart kubelet on update in deployment-type host on update ( #1759 )
* Restart kubelet on update in deployment-type host on update
* Update install_host.yml
* Update install_host.yml
* Update install_host.yml
7 years ago
7e4668859b
Change file used to check kubeadm upgrade method ( #1784 )
* Change file used to check kubeadm upgrade method
Test for ca.crt instead of admin.conf because admin.conf
is created during normal deployment.
* more fixes for upgrade
7 years ago
92d038062e
Fix node authorization for cloudprovider installs ( #1794 )
In 1.8, the Node authorization mode should be listed first to
allow kubelet to access secrets. This seems to only impact
environments with cloudprovider enabled.
7 years ago
2972bceb90
Changre raw execution to use yum module ( #1785 )
* Changre raw execution to use yum module
Changed raw exection to use yum module provided by Ansible.
* Replace ansible_ssh_* by ansible_*
Ansible 2.0 has deprecated the “ssh” from ansible_ssh_user, ansible_ssh_host, and ansible_ssh_port to become ansible_user, ansible_host, and ansible_port. If you are using a version of Ansible prior to 2.0, you should continue using the older style variables (ansible_ssh_*). These shorter variables are ignored, without warning, in older versions of Ansible.
I am not sure about the broader impact of this change. But I have seen on the requirements the version required is ansible>=2.4.0.
http://docs.ansible.com/ansible/latest/intro_inventory.html
7 years ago
cb0a60a0fe
calico v2.5.0 should use calico/routereflector:v0.4.0 ( #1792 )
7 years ago
3ee91e15ff
Use commas in no_proxy ( #1782 )
7 years ago
ef47a73382
Add new addon Istio ( #1744 )
* add istio addon
* add addons to a ci job
7 years ago
dc515e5ac5
Remove kernel-upgrade role ( #1798 )
This role only support Red Hat type distros and is not maintained
or used by many users. It should be removed because it creates
feature disparity between supported OSes and is not maintained.
7 years ago
56763d4288
Persist br_netfilter module loading ( #1760 )
7 years ago
ad9fa73301
Remove cert_managment var definition from k8s-cluster group vars ( #1790 )
7 years ago
10dd049912
Revert "Security fixes for etcd ( #1778 )" ( #1786 )
This reverts commit 4209f1cbfd
7 years ago
4209f1cbfd
Security fixes for etcd ( #1778 )
* Security fixes for etcd
* Use certs when querying etcd
7 years ago
ee83e874a8
Clear admin kubeconfig when rotating certs ( #1772 )
* Clear admin kubeconfig when rotating certs
* Update main.yml
7 years ago
27ed73e3e3
Rename dns_server, add var for selinux. ( #1572 )
* Rename dns_server to dnsmasq_dns_server so that it includes role prefix
as the var name is generic and conflicts when integrating with existing ansible automation.
* Enable selinux state to be configurable with new var preinstall_selinux_state
7 years ago
e41c0532e3
add possibility to disable fail with swap ( #1773 )
7 years ago
eeb7274d65
Adjust memory reservation for master nodes ( #1769 )
7 years ago
eb0dcf6063
Improve proxy ( #1771 )
* Set no_proxy to all local ips
* Use proxy settings on all necessary tasks
7 years ago
83be0735cd
Fix setting etcd client cert serial ( #1775 )
7 years ago
fe4ba51d1a
Set node IP correctly ( #1770 )
Fixes #1741
7 years ago
adf575b75e
Set default value for disable_shared_pid ( #1710 )
PID namespace sharing is disabled only in Kubernetes 1.7.
Explicitily enabling it by default could help reduce unexpected
results when upgrading to or downgrading from 1.7.
7 years ago
e5426f74a8
Merge pull request #1762 from manics/bindir-helm
Include bin_dir when patching helm tiller with kubectl
7 years ago
f5212d3b79
Merge pull request #1752 from pmontanari/patch-1
Force synchronize to use ssh_args so it works when using bastion
7 years ago
3d09c4be75
Merge pull request #1756 from kubernetes-incubator/fix_bool_assert
Fix bool check assert
7 years ago
f2db15873d
Merge pull request #1754 from ArchiFleKs/rkt-kubelet-fix
add hosts to rkt kubelet
7 years ago
7c663de6c9
add /etc/hosts volume to rkt templates
7 years ago
c14bbcdbf2
Include bin_dir when patching helm tiller with kubectl
7 years ago
1be4c1935a
Fix bool check assert
7 years ago
764b1aa5f8
Force synchronize to use ssh_args so it works when using bastion
In case ssh.config is set to use bastion, synchronize needs to use it too.
7 years ago
d13b07ba59
Merge pull request #1751 from bradbeam/calicoprometheus
Adding calico/node env vars for prometheus configuration
7 years ago
028afab908
Merge pull request #1750 from bradbeam/dnsmasq2
Followup fix for CVE-2017-14491
7 years ago
55dfae2a52
Followup fix for CVE-2017-14491
7 years ago
994324e19c
Update gce CI ( #1748 )
Use image family for picking latest coreos image
Update python deps
7 years ago
b81c0d869c
Adding calico/node env vars for prometheus configuration
7 years ago
f14f04c5ea
Upgrade to kubernetes v1.8.0 ( #1730 )
* Upgrade to kubernetes v1.8.0
hyperkube no longer contains rsync, so now use cp
* Enable node authorization mode
* change kube-proxy cert group name
7 years ago
9c86da1403
Normalize tags in all places to prepare for tag fixing in future ( #1739 )
7 years ago
cb611b5ed0
Merge pull request #1742 from mattymo/facts_as_vars
Move set_facts to kubespray-defaults defaults
7 years ago
891269ef39
Merge pull request #1743 from rsmitty/kube-client
Don't delegate cert gathering before creating admin.conf
7 years ago
ab171a1d6d
don't delegate cert slurp
7 years ago
a56738324a
Move set_facts to kubespray-defaults defaults
These facts can be generated in defaults with a performance
boost.
Also cleaned up duplicate etcd var names.
7 years ago
da61b8e7c9
Added workaround for vagrant 1.9 and centos vm box ( #1738 )
7 years ago
d6d58bc938
Fixed vagrant up with flannel network, removed old config values ( #1737 )
7 years ago
e42cb43ca5
add bootstrap for debian ( #1726 )
7 years ago
ca541c7e4a
Ensuring vault service is stopped in reset tasks ( #1736 )
7 years ago
96e14424f0
Adding kubedns update for CVE-2017-14491 ( #1735 )
7 years ago
47830896e8
Merge pull request #1733 from chapsuk/vagrant_mem
Increase vagrant vm's memory size
7 years ago
5fd4b4afae
Increase vagrant vm's memory size
7 years ago
dae9f6d3c2
Test if tokens are expired from host instead of inside container ( #1727 )
* Test if tokens are expired from host instead of inside container
* Update main.yml
7 years ago
8e1210f96e
Fix cluster-network w/ prefix > 25 not possible with CNI ( #1713 )
7 years ago
Matthew Mosesohn
Julian Poschmann
abelgana
刘旭
Maxim Krasilnikov
Vijay Katam
Aivars Sterns
Hyunsun Moon
Spencer Smith
ArchiFleKs
Simon Li
ant31
pmontanari
Brad Beam
Spencer Smith
Matthew Mosesohn
Brad Beam
mkrasilnikov