ad9fa73301
Remove cert_managment var definition from k8s-cluster group vars ( #1790 )
7 years ago
10dd049912
Revert "Security fixes for etcd ( #1778 )" ( #1786 )
This reverts commit 4209f1cbfd
7 years ago
4209f1cbfd
Security fixes for etcd ( #1778 )
* Security fixes for etcd
* Use certs when querying etcd
7 years ago
ee83e874a8
Clear admin kubeconfig when rotating certs ( #1772 )
* Clear admin kubeconfig when rotating certs
* Update main.yml
7 years ago
27ed73e3e3
Rename dns_server, add var for selinux. ( #1572 )
* Rename dns_server to dnsmasq_dns_server so that it includes role prefix
as the var name is generic and conflicts when integrating with existing ansible automation.
* Enable selinux state to be configurable with new var preinstall_selinux_state
7 years ago
e41c0532e3
add possibility to disable fail with swap ( #1773 )
7 years ago
eeb7274d65
Adjust memory reservation for master nodes ( #1769 )
7 years ago
eb0dcf6063
Improve proxy ( #1771 )
* Set no_proxy to all local ips
* Use proxy settings on all necessary tasks
7 years ago
83be0735cd
Fix setting etcd client cert serial ( #1775 )
7 years ago
fe4ba51d1a
Set node IP correctly ( #1770 )
Fixes #1741
7 years ago
adf575b75e
Set default value for disable_shared_pid ( #1710 )
PID namespace sharing is disabled only in Kubernetes 1.7.
Explicitily enabling it by default could help reduce unexpected
results when upgrading to or downgrading from 1.7.
7 years ago
e5426f74a8
Merge pull request #1762 from manics/bindir-helm
Include bin_dir when patching helm tiller with kubectl
7 years ago
f5212d3b79
Merge pull request #1752 from pmontanari/patch-1
Force synchronize to use ssh_args so it works when using bastion
7 years ago
3d09c4be75
Merge pull request #1756 from kubernetes-incubator/fix_bool_assert
Fix bool check assert
7 years ago
f2db15873d
Merge pull request #1754 from ArchiFleKs/rkt-kubelet-fix
add hosts to rkt kubelet
7 years ago
7c663de6c9
add /etc/hosts volume to rkt templates
7 years ago
c14bbcdbf2
Include bin_dir when patching helm tiller with kubectl
7 years ago
1be4c1935a
Fix bool check assert
7 years ago
764b1aa5f8
Force synchronize to use ssh_args so it works when using bastion
In case ssh.config is set to use bastion, synchronize needs to use it too.
7 years ago
d13b07ba59
Merge pull request #1751 from bradbeam/calicoprometheus
Adding calico/node env vars for prometheus configuration
7 years ago
028afab908
Merge pull request #1750 from bradbeam/dnsmasq2
Followup fix for CVE-2017-14491
7 years ago
55dfae2a52
Followup fix for CVE-2017-14491
7 years ago
994324e19c
Update gce CI ( #1748 )
Use image family for picking latest coreos image
Update python deps
7 years ago
b81c0d869c
Adding calico/node env vars for prometheus configuration
7 years ago
f14f04c5ea
Upgrade to kubernetes v1.8.0 ( #1730 )
* Upgrade to kubernetes v1.8.0
hyperkube no longer contains rsync, so now use cp
* Enable node authorization mode
* change kube-proxy cert group name
7 years ago
9c86da1403
Normalize tags in all places to prepare for tag fixing in future ( #1739 )
7 years ago
cb611b5ed0
Merge pull request #1742 from mattymo/facts_as_vars
Move set_facts to kubespray-defaults defaults
7 years ago
891269ef39
Merge pull request #1743 from rsmitty/kube-client
Don't delegate cert gathering before creating admin.conf
7 years ago
ab171a1d6d
don't delegate cert slurp
7 years ago
a56738324a
Move set_facts to kubespray-defaults defaults
These facts can be generated in defaults with a performance
boost.
Also cleaned up duplicate etcd var names.
7 years ago
da61b8e7c9
Added workaround for vagrant 1.9 and centos vm box ( #1738 )
7 years ago
d6d58bc938
Fixed vagrant up with flannel network, removed old config values ( #1737 )
7 years ago
e42cb43ca5
add bootstrap for debian ( #1726 )
7 years ago
ca541c7e4a
Ensuring vault service is stopped in reset tasks ( #1736 )
7 years ago
96e14424f0
Adding kubedns update for CVE-2017-14491 ( #1735 )
7 years ago
47830896e8
Merge pull request #1733 from chapsuk/vagrant_mem
Increase vagrant vm's memory size
7 years ago
5fd4b4afae
Increase vagrant vm's memory size
7 years ago
dae9f6d3c2
Test if tokens are expired from host instead of inside container ( #1727 )
* Test if tokens are expired from host instead of inside container
* Update main.yml
7 years ago
8e1210f96e
Fix cluster-network w/ prefix > 25 not possible with CNI ( #1713 )
7 years ago
56aa683f28
Fix logic in idempotency tests in CI ( #1722 )
7 years ago
1b9a6d7ad8
Merge pull request #1672 from manics/bastion-proxycommand-newline
Insert a newline in bastion ssh config after ProxyCommand conditional
7 years ago
f591c4db56
Merge pull request #1720 from shiftky/improve_integration_doc
Improve playbook example of integration document
7 years ago
371fa51e82
Make installation of EPEL optional ( #1721 )
7 years ago
a927ed2da4
Improve playbook example of integration document
7 years ago
a55675acf8
Enable RBAC with kubeadm always ( #1711 )
7 years ago
25dd3d476a
Fix error for azure+calico assert ( #1717 )
Fixes #1716
7 years ago
3ff5f40bdb
fix graceful upgrade ( #1704 )
Fix system namespace creation
Only rotate tokens when necessary
7 years ago
689ded0413
Enable kubeadm upgrades to any version ( #1709 )
7 years ago
327ed157ef
Verify valid settings before deploy ( #1705 )
Also fix yaml lint issues
Fixes #1703
7 years ago
c819238da9
Adds support for separate etcd machines on terraform/openstack deployment ( #1674 )
7 years ago
Maxim Krasilnikov
Matthew Mosesohn
Vijay Katam
Aivars Sterns
Hyunsun Moon
Spencer Smith
ArchiFleKs
Simon Li
ant31
pmontanari
Brad Beam
Spencer Smith
Matthew Mosesohn
Brad Beam
mkrasilnikov
Julian Poschmann
Peter Slijkhuis
shiftky
Pablo Moreno