Matthew Mosesohn
bbb524018e
Make reset check on idempotency check optional
By default we do not test reset.yml now.
7 years ago
Matthew Mosesohn
859c08620b
Merge pull request #1105 from VincentS/aws_deployment
AWS Terraform for Kargo
7 years ago
Antoine Legrand
f6cd42e6e0
Merge pull request #1158 from rutsky/patch-6
limit jinja2 version to <2.9
7 years ago
Vladimir Rutsky
61ee67d612
limit jinja2 version to <2.9
Ansible 2.2.1 requires jinja2<2.9, see <https://github.com/ansible/ansible/blob/v2.2.1.0-1/setup.py#L25 >,
but without explicit limiting upper jinja2 version here pip ignores
Ansible requirements and installs latest available jinja2
(pip is not very smart here), which is incompatible with with
Ansible 2.2.1.
With incompatible jinja2 version "ansible-vault create" (and probably other parts)
fails with:
ERROR! Unexpected Exception: The 'jinja2<2.9' distribution was not found
and is required by ansible
This upper limit should be removed in 2.2.2 release, see:
<978311bf3f
>
7 years ago
Matthew Mosesohn
939c1def5d
Merge pull request #1152 from mattymo/redhat_weave
Fix weave on RHEL deployment
7 years ago
Matthew Mosesohn
b7ab80e8ea
Merge pull request #1149 from mattymo/centos-retries
Retry yum/apt/rpm download commands
7 years ago
Matthew Mosesohn
b69d4b0ecc
Add helm deployment
7 years ago
Matthew Mosesohn
2f437d7452
Merge pull request #1157 from rutsky/remove-change-k8s-version
remove obsolete script
7 years ago
Vladimir Rutsky
d761216ec1
remove obsolete script
Currently Kubernetes version can be selected using "kube_version" variable.
7 years ago
Matthew Mosesohn
088e9be931
Merge pull request #1156 from rutsky/patch-5
fix jinja package name
7 years ago
Vladimir Rutsky
32ecac6464
fix jinja package name
Jinja 2.* releases are published under `Jinja2` name.
7 years ago
Matthew Mosesohn
7760c3e4aa
Retry yum/apt/rpm download commands, fix succeeded filter
7 years ago
Matthew Mosesohn
3cfb76e57f
Merge pull request #1146 from mattymo/resolvconf_optimize
Condense resolvconf sources before starting loop
7 years ago
Matthew Mosesohn
e1faeb0f6c
Fix weave on RHEL deployment
Reduce retry delay checking weave
Always load br_netfilter module
7 years ago
Matthew Mosesohn
25bff851dd
Merge pull request #1136 from adidenko/fix-calico-policy-order
Move calico-policy-controller into separate role
7 years ago
Aleksandr Didenko
3a39904011
Move calico-policy-controller into separate role
By default Calico CNI does not create any network access policies
or profiles if 'policy' is enabled in CNI config. And without any
policies/profiles network access to/from PODs is blocked.
K8s related policies are created by calico-policy-controller in
such case. So we need to start it as soon as possible, before any
real workloads.
This patch also fixes kube-api port in calico-policy-controller
yaml template.
Closes #1132
7 years ago
Matthew Mosesohn
7e1fbfba64
Merge pull request #1147 from mattymo/calico-update
Update calico to 1.1.0-rc8
7 years ago
Matthew Mosesohn
a52064184e
Condense resolvconf sources before starting loop
7 years ago
Matthew Mosesohn
b4a1ba828a
Merge pull request #1148 from VincentS/patch-1
Fixed Formatting / Ansbile-Playbook Command Upgrade Cluster
7 years ago
Vincent Schwarzer
c8c6105ee2
Fixed Formatting / Ansbile-Playbook Command
- added -b and fixed typo in ansible-playbook command
- fixed formatting issue
7 years ago
Matthew Mosesohn
0b49eeeba3
Update calico to 1.1.0-rc8
Fixes bug in CentOS/RHEL in felix related to overlayfs driver.
7 years ago
Matthew Mosesohn
b0830f0cd7
Merge pull request #1087 from bradbeam/openstack
Adding openstack domain id
7 years ago
Matthew Mosesohn
565d4a53b0
Merge pull request #1108 from idcrook/issue_1107-docker-versioning
Adding Docker CE 'stable' and 'edge' version packages
7 years ago
Matthew Mosesohn
9624662bf6
Merge pull request #1141 from mattymo/idempotency2
More idempotency fixes
7 years ago
Matthew Mosesohn
8195957461
Merge branch 'master' into idempotency2
7 years ago
Matthew Mosesohn
02fed4a082
Merge pull request #1138 from mattymo/idempotency-fixes
Idempotency fixes for etcd certs and resolvconf tasks
7 years ago
Bogdan Dobrelya
34ecf4ea51
Merge pull request #1109 from pcm32/feature/fixTerraformOS
Restores working order of contrib/terraform/openstack
7 years ago
Matthew Mosesohn
a422ad0d50
More idempotency fixes
Fixed sync_tokens fact
Fixed sync_certs for k8s tokens fact
Disabled register docker images changability
Fixed CNI dir permission
Fix idempotency for etcd pre upgrade checks
7 years ago
Matthew Mosesohn
096d96e344
Merge pull request #1137 from holser/bug/1135
Turn on iptables for flannel
7 years ago
Bogdan Dobrelya
e61310bc89
Merge pull request #1140 from VincentS/jinja28
Added Jinja 2.8 to Docs
7 years ago
Vincent Schwarzer
111ca9584e
Added Jinja 2.8 to Docs
Added Jinja 2.8 Requirements to docs and pip requirements file which
is needed to run the current Ansible Playbooks.
7 years ago
Matthew Mosesohn
7d35c4592c
Merge pull request #1139 from VincentS/docu_fix
Fix for CoreOS Docu
7 years ago
Vincent Schwarzer
3e8386cbf3
Fixed CoreOS Docu
CoreOS docu was referencing outdated bootstrap playbook that
is now part of kargo itself.
7 years ago
Matthew Mosesohn
4354162067
Merge pull request #1080 from VincentS/Granular_Auth_Control
Granular authentication Control
7 years ago
Matthew Mosesohn
a62a444229
Merge pull request #1117 from mattymo/etcd3-upgrade
Migrate k8s data to etcd3 api store
7 years ago
Matthew Mosesohn
f6b72fa830
Make resolvconf preinstall idempotent
7 years ago
Sergii Golovatiuk
9667e8615f
Turn on iptables for flannel
Closes : #1135
Closes : #1026
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
7 years ago
Vincent Schwarzer
026da060f2
Granular authentication Control
It is now possible to deactivate selected authentication methods
(basic auth, token auth) inside the cluster by adding
removing the required arguments to the Kube API Server and generating
the secrets accordingly.
The x509 authentification is currently not optional because disabling it
would affect the kubectl clients deployed on the master nodes.
7 years ago
Matthew Mosesohn
3feab1cb2d
Merge pull request #1134 from mattymo/1.6-support
Explicitly set cni-bin-dir
7 years ago
Matthew Mosesohn
804e9a09c0
Migrate k8s data to etcd3 api store
Default backend is now etcd3 (was etcd2).
The migration process consists of the following steps:
* check if migration is necessary
* stop etcd on first etcd server
* run migration script
* start etcd on first etcd server
* stop kube-apiserver until configuration is updated
* update kube-apiserver
* purge old etcdv2 data
7 years ago
Matthew Mosesohn
4c6829513c
Fix etcd idempotency
7 years ago
Matthew Mosesohn
4038954f96
Merge pull request #1078 from VincentS/oidc_support
Added Support for OpenID Connect Authentication
7 years ago
Matthew Mosesohn
52a6dd5427
Explicitly set cni-bin-dir
7 years ago
Matthew Mosesohn
c301dd5d94
Merge pull request #1118 from mattymo/noderolelabels
Add node labels in kubelet
7 years ago
Connz
28473e919f
Fixed nova command to get available flavors
The nova command for getting the flavors is not
nova list-flavors
but
nova flavor-list
7 years ago
Cesarini, Daniele
69636d2453
Adding /O=system:masters to admin certificate
Issue #1125 . Make RBAC authorization plugin work out of the box.
"When bootstrapping, superuser credentials should include the system:masters group, for example by creating a client cert with /O=system:masters. This gives those credentials full access to the API and allows an admin to then set up bindings for other users."
7 years ago
Antoine Legrand
7cb7eee29d
Merge pull request #1116 from kubernetes-incubator/contrib_docs
Reference external documentation sources
7 years ago
David Crook
a52e1069ce
updated debian and ubuntu package names based on testing
docker-ce is not the .deb package until the repositories are switched over to new "downloads" docker webserver
7 years ago
David Crook
a8e5002aeb
removed irrelevant comments
7 years ago
David Crook
c515a351c6
Merge branch 'master' into issue_1107-docker-versioning
7 years ago