Samuele Chiocca
e5dd4e1e70
added on v1alpha1
6 years ago
rongzhang
7b61a0eff0
Fix kubeadm LB configure
1. join node add LB discoveryTokenAPIServers
2. kubeadm_config_api_fqdn support ipddress and domain_name
6 years ago
Aivars Sterns
23fd3461bc
calico upgrade to v3 ( #3086 )
* calico upgrade to v3
* update calico_rr version
* add missing file
* change contents of main.yml as it was left old version
* enable network policy by default
* remove unneeded task
* Fix kubelet calico settings
* fix when statement
* switch back to node-kubeconfig.yaml
6 years ago
rongzhang
5a4352657d
Fix install audit failed
1.fix audit log not write
2.fix Parameter not recognized
3.delete kubedm futuregates auditing and use apiServerExtraArgs
6 years ago
Samuele Chiocca
f13bc796d9
added nodePortAddresses on kubeadm conf v1alpha2 (not present on v1alpha1)
6 years ago
Erwan Miran
80cfeea957
psp, roles and rbs for PodSecurityPolicy when podsecuritypolicy_enabled is true
6 years ago
Samuele Chiocca
5d9908c2c3
--nodeport-addresses added on kube-proxy.manifest.j2
Changed author
6 years ago
Erwan Miran
a7b0c454db
Localhost in hosts files should be updated (if necessary), not overriden
6 years ago
Jeff Bornemann
94df70be98
Cloud provider support for OCI (Oracle Cloud Infrastructure)
Signed-off-by: Jeff Bornemann <jeff.bornemann@oracle.com>
6 years ago
Mark Eisenblaetter
0c0a2138d9
allow '.' in hostnames
we use FQDN as inventory_hostname
6 years ago
Jonathan Craig
5bf152886b
add support for openstack trust to cloud provider config
6 years ago
Erwan Miran
fc38b6d0ca
Ability to define custom audit polcy rules
6 years ago
Erwan Miran
c34900e569
Define apiserver flags directly instead of relying on auditPolicy section in order to have the ability to redirect audit log to stdout with kubeadm
6 years ago
Tatsuyuki Ishi
3eef8dc8d0
Add bad hostname preflight check
Hostname must be a valid DNS name, which is checked as https://github.com/kubernetes/apimachinery/blob/master/pkg/util/validation/validation.go#L115
The situation I have encountered is that my hostname contained underscore which is disallowed and apiserver refused to start.
6 years ago
rongzhang
59176ebbb9
Add kubeadm controlplaneEndpoint
Nginx LB(default)
Other LB by kubeadm controlplane
6 years ago
rongzhang
b421d0ed5b
Fix install nss
6 years ago
rongzhang
095ccef8bd
Remove unused configuration
6 years ago
Seungkyu Ahn
29894293eb
Fix kubeadm client conf
Fix DiscoveryTokenCACertHashes key to discoveryTokenCACertHashes in kubeadm-client.conf
6 years ago
Jonathan Craig
4d783fff0d
resolve issues with new cacert feature
6 years ago
Erwan Miran
54548d3b95
kubeadm mounts the hostpaths itself
6 years ago
Erwan Miran
58d4d65fab
minor variable fix and reuse + handle auditlog redirected to stdout
6 years ago
rongzhang
2ffc1afe40
Support audit
6 years ago
Maxime Brunet
70b28288a3
Use delegate_to: localhost instead of local_action
Allow to use `ansible_become: true` (#2969 )
And set it to `false` for `localhost` with an `host_var`
6 years ago
Rong Zhang
a11e1eba9e
Upgrade kubernetes to V1.11.x ( #3078 )
Upgrade Kubernetes to V1.11.2
The kubeadm configuration file version has been upgraded from v1alpha1 to v1alpha2
Add bootstrap kubeadm-config.yaml with external etcd
6 years ago
Matthew Mosesohn
581a30fdec
Remove erroneous cloud-config task
6 years ago
Luis Nuñez
fd380615a0
fix bad conditional
6 years ago
rongzhang
ea6af449a8
Remove istio support
Use helm install or support in future
6 years ago
Robert Everson
4eadf3228e
Only add admission plugins if defined
6 years ago
Robert Everson
99c5aa5a02
Use k8s default plugin list
6 years ago
Robert Everson
6ed65d762b
Separate out plugins into 2 variables
6 years ago
Robert Everson
ac18f6cf8b
Add support for admission controllers in 1.10 and above
6 years ago
rongzhang
b902602d16
Enable swap
6 years ago
rongzhang
ac644ed049
Fix yaml roles error
6 years ago
woosley.xu
72074f283b
set local for growpart part 2
6 years ago
woosley.xu
a5db3dbea9
set locale for growpart
6 years ago
Seungkyu Ahn
0366600b45
Remove double slash
Even without this PR, the operation works well.
However, it is better to use a single slash rather than
a double slash in the path.
6 years ago
Evan Zeimet
6a4ce96b7d
Variablize kube_proxy_healthz_bind_address
This fixes #3014
6 years ago
Takashi Okamoto
37ccf7e405
Fixed kubectl path.
6 years ago
Matthew Mosesohn
97e0de7e29
Fix vault file owner issues and k8s apiserver cert creation ( #2985 )
apiserver cert should be created only once
6 years ago
Wong Hoi Sing Edison
a0defefb3f
ingress-nginx: Upgrade to 0.16.2
ingress-nginx 0.16.2 (https://github.com/kubernetes/ingress-nginx/releases/tag/nginx-0.16.2 )
This patch simplify ingress-nginx deployment by default deploy on
master, with customizable options; on the other hand, remove the
additional Ansible group "kube-ingress" and its k8s node label
injection.
Reference to https://kubernetes.io/docs/concepts/services-networking/ingress/#prerequisites :
GCE/Google Kubernetes Engine deploys an ingress controller on the master.
By changing `ingress_nginx_nodeselector` plus custom k8s node
label, user could customize the DaemonSet deployment target.
If `ingress_nginx_nodeselector` is empty, will deploy DaemonSet on
every k8s node.
6 years ago
Dao Hoang Son
d306c9708c
Remove step that force disable `kube_basic_auth`.
The referenced issue (https://github.com/kubernetes/kubeadm/issues/441 ) has already been fixed.
6 years ago
Matthew Mosesohn
1a3b9dd864
Force copy cni files
6 years ago
Matthew Mosesohn
5c617c5a8b
Add tags to deploy components by --tags option ( #2960 )
* Add tags for cert serial tasks
This will help facilitate tag-based deployment of specific components.
* fixup kubernetes node
6 years ago
Matthew Mosesohn
c20196f9a0
Remove modprobe binary from kubelet rkt deployment ( #2917 )
6 years ago
Miouge1
2a279e30b0
CheckNodePIDPressure is not supported in v1.10
6 years ago
southquist
c685dc493f
allow for setting the cacert on openstack cloud provider
6 years ago
Yumo Yang
6c2f169ea2
update test-pr2 ( #2911 )
6 years ago
rongzhang
3232e2743e
Add manage swap on the worker node
6 years ago
Matthew Mosesohn
61e97251a5
Improve variable handling for disabling etcd events cluster
6 years ago
Henry Finucane
3ad9e9c5eb
Fix #2261 by supporting Red Hat's limited PATH
Red Hat has this theory that binaries in sbin are too dangerous to be on
the default path, but we need them anyway.
RH7 has /sbin and /usr/sbin as symlinks, so that is no longer important.
I'm adding it to the `PATH` instead of making the path to `modinfo`
absolute because I am worried about breaking support for other
distributions.
6 years ago