d487b2f927
Security best practice fixes ( #1783 )
* Disable basic and token auth by default
* Add recommended security params
* allow basic auth to fail in tests
* Enable TLS authentication for kubelet
7 years ago
7e4668859b
Change file used to check kubeadm upgrade method ( #1784 )
* Change file used to check kubeadm upgrade method
Test for ca.crt instead of admin.conf because admin.conf
is created during normal deployment.
* more fixes for upgrade
7 years ago
ef47a73382
Add new addon Istio ( #1744 )
* add istio addon
* add addons to a ci job
7 years ago
ee83e874a8
Clear admin kubeconfig when rotating certs ( #1772 )
* Clear admin kubeconfig when rotating certs
* Update main.yml
7 years ago
f14f04c5ea
Upgrade to kubernetes v1.8.0 ( #1730 )
* Upgrade to kubernetes v1.8.0
hyperkube no longer contains rsync, so now use cp
* Enable node authorization mode
* change kube-proxy cert group name
7 years ago
9c86da1403
Normalize tags in all places to prepare for tag fixing in future ( #1739 )
7 years ago
a56738324a
Move set_facts to kubespray-defaults defaults
These facts can be generated in defaults with a performance
boost.
Also cleaned up duplicate etcd var names.
7 years ago
e42cb43ca5
add bootstrap for debian ( #1726 )
7 years ago
8e1210f96e
Fix cluster-network w/ prefix > 25 not possible with CNI ( #1713 )
7 years ago
3ff5f40bdb
fix graceful upgrade ( #1704 )
Fix system namespace creation
Only rotate tokens when necessary
7 years ago
689ded0413
Enable kubeadm upgrades to any version ( #1709 )
7 years ago
327ed157ef
Verify valid settings before deploy ( #1705 )
Also fix yaml lint issues
Fixes #1703
7 years ago
477afa8711
when and run_once are reduplicative ( #1694 )
7 years ago
bd272e0b3c
Upgrade to kubeadm ( #1667 )
* Enable upgrade to kubeadm
* fix kubedns upgrade
* try upgrade route
* use init/upgrade strategy for kubeadm and ignore kubedns svc
* Use bin_dir for kubeadm
* delete more secrets
* fix waiting for terminating pods
* Manually enforce kube-proxy for kubeadm deploy
* remove proxy. update to kubeadm 1.8.0rc1
7 years ago
a1cde03b20
Correct master manifest cleanup logic ( #1693 )
Fixes #1666
7 years ago
188bae142b
Fix wait for hosts in CI ( #1679 )
Also fix usage of failed_when and handling exit code.
7 years ago
8e731337ba
Enable HA deploy of kubeadm ( #1658 )
* Enable HA deploy of kubeadm
* raise delay to 60s for starting gce hosts
7 years ago
b294db5aed
fix apply for netchecker upgrade ( #1659 )
* fix apply for netchecker upgrade and graceful upgrade
* Speed up daemonset upgrades. Make check wait for ds upgrades.
7 years ago
6744726089
kubeadm support ( #1631 )
* kubeadm support
* move k8s master to a subtask
* disable k8s secrets when using kubeadm
* fix etcd cert serial var
* move simple auth users to master role
* make a kubeadm-specific env file for kubelet
* add non-ha CI job
* change ci boolean vars to json format
* fixup
* Update create-gce.yml
* Update create-gce.yml
* Update create-gce.yml
7 years ago
75b13caf0b
Fix kube-apiserver status checks when changing insecure bind addr ( #1633 )
7 years ago
5d99fa0940
Purge old upgrade hooks and unused tasks ( #1641 )
7 years ago
8ae77e955e
Adding in certificate serial numbers to manifests ( #1392 )
7 years ago
7a98ad50b4
Fixing CA certificate locations for k8s components
7 years ago
a39e78d42d
Initial version of Flannel using CNI ( #1486 )
* Updates Controller Manager/Kubelet with Flannel's required configuration for CNI
* Removes old Flannel installation
* Install CNI enabled Flannel DaemonSet/ConfigMap/CNI bins and config (with portmap plugin) on host
* Uses RBAC if enabled
* Fixed an issue that could occur if br_netfilter is not a module and net.bridge.bridge-nf-call-iptables sysctl was not set
7 years ago
01ce09f343
Add feature_gates var for customizing Kubernetes feature gates ( #1520 )
7 years ago
8b151d12b9
Adding yamllinter to ci steps ( #1556 )
* Adding yaml linter to ci check
* Minor linting fixes from yamllint
* Changing CI to install python pkgs from requirements.txt
- adding in a secondary requirements.txt for tests
- moving yamllint to tests requirements
7 years ago
3c710219a1
Fix Some Typos in kubernetes master role ( #1547 )
* Fix Typo etc3 -> etcd3
* Fix typo in post-upgrade of master. stop -> start
7 years ago
e0960f6288
FIX: Unneded (extra) cycles in some tasks ( #1393 )
7 years ago
092bf07cbf
basic rbac support
8 years ago
8203383c03
rename almost all mentions of kargo
8 years ago
266ca9318d
Use the kube_apiserver_insecure_port variable instead of static 8080
8 years ago
01c0ab4f06
check if cloud_provider is defined
8 years ago
7e2aafcc76
add direct path for cert in AWS with RHEL family
8 years ago
d8aa2d0a9e
Change DNS policy for kubernetes components
According to code apiserver, scheduler, controller-manager, proxy don't
use resolution of objects they created. It's not harmful to change
policy to have external resolver.
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
8 years ago
d68cfeed6e
Move namespace file to template directory
8 years ago
72d5db92a8
remove stray spaces in templating
8 years ago
3f302c8d47
ensure spacing on string of flags
8 years ago
f9d4a1c1d8
update to safeguard against accidentally passing string instead of list
8 years ago
49be805001
allow admission control plug-ins to be easily customized
8 years ago
94596388f7
add ability for custom flags
8 years ago
ff2fb9196f
Fix flannel for 1.6 and apply fixes to enable containerized kubelet
8 years ago
2670eefcd4
Refactoring resolv.conf
- Renaming templates for netchecker
- Add dnsPolicy: ClusterFirstWithHostNet to kube-proxy
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
8 years ago
1cfe0beac0
Set ClusterFirstWithHostNet for Pods with hostnetwork: true
In kubernetes 1.6 ClusterFirstWithHostNet was added as an option. In
accordance to it kubelet will generate resolv.conf based on own
resolv.conf. However, this doesn't create 'options', thus the proper
solution requires some investigation.
This patch sets the same resolv.conf for kubelet as host
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
8 years ago
80828a7c77
use etcd2 when upgrading unless forced
8 years ago
d42e4f2344
Update .gitlab-ci.yml
8 years ago
48beef25fa
delete master containers forcefully
8 years ago
a3f568fc64
restart scheduler and controller-manager too
8 years ago
57ee304260
ensure post-upgrade purge ones only once
8 years ago
0794a866a7
switch debian8-canal-ha to ubuntu
8 years ago
49e4d344da
move network plugins out of grouped upgrades
8 years ago
Matthew Mosesohn
Aivars Sterns
Matthew Mosesohn
Julian Poschmann
tanshanshan
Brad Beam
Brad Beam
Chad Swenson
Hassan Zamani
Miad Abrin
Anton
jwfang
Spencer Smith
Gregory Storme
Sergii Golovatiuk
Hans Kristian Flaatten
gbolo