Matthew Mosesohn
a9f4038fcd
Update roadmap ( #1814 )
7 years ago
neith00
77f1d4b0f1
Revert "Update roadmap" ( #1809 )
* Revert "Debian jessie docs (#1806 )"
This reverts commit d78577c810
.
* Revert "[contrib/network-storage/glusterfs] adds service for glusterfs endpoint (#1800 )"
This reverts commit 5fb6b2eaf7
.
* Revert "[contrib/network-storage/glusterfs] bootstrap for glusterfs nodes (#1799 )"
This reverts commit 404caa111a
.
* Revert "Fixed kubelet standard log environment (#1780 )"
This reverts commit b838468500
.
* Revert "Add support for fedora atomic host (#1779 )"
This reverts commit f2235be1d3
.
* Revert "Update network-plugins to use portmap plugin (#1763 )"
This reverts commit 6ec45b10f1
.
* Revert "Update roadmap (#1795 )"
This reverts commit d9879d8026
.
7 years ago
Marc Zahn
d78577c810
Debian jessie docs ( #1806 )
* Add Debian Jessie notes
* Add installation notes for Debian Jessie
7 years ago
Pablo Moreno
5fb6b2eaf7
[contrib/network-storage/glusterfs] adds service for glusterfs endpoint ( #1800 )
7 years ago
Pablo Moreno
404caa111a
[contrib/network-storage/glusterfs] bootstrap for glusterfs nodes ( #1799 )
7 years ago
Seungkyu Ahn
b838468500
Fixed kubelet standard log environment ( #1780 )
Change KUBE_LOGGING to KUBE_LOGTOSTDERR, when installing kubelet
as host type.
7 years ago
Jason Brooks
f2235be1d3
Add support for fedora atomic host ( #1779 )
* don't try to install this rpm on fedora atomic
* add docker 1.13.1 for fedora
* built-in docker unit file is sufficient, as tested on both fedora and centos atomic
7 years ago
Kevin Lefevre
6ec45b10f1
Update network-plugins to use portmap plugin ( #1763 )
Portmap allow to use hostPort with CNI plugins. Should fix #1675
7 years ago
Matthew Mosesohn
d9879d8026
Update roadmap ( #1795 )
7 years ago
Matthew Mosesohn
d487b2f927
Security best practice fixes ( #1783 )
* Disable basic and token auth by default
* Add recommended security params
* allow basic auth to fail in tests
* Enable TLS authentication for kubelet
7 years ago
Julian Poschmann
66e5e14bac
Restart kubelet on update in deployment-type host on update ( #1759 )
* Restart kubelet on update in deployment-type host on update
* Update install_host.yml
* Update install_host.yml
* Update install_host.yml
7 years ago
Matthew Mosesohn
7e4668859b
Change file used to check kubeadm upgrade method ( #1784 )
* Change file used to check kubeadm upgrade method
Test for ca.crt instead of admin.conf because admin.conf
is created during normal deployment.
* more fixes for upgrade
7 years ago
Matthew Mosesohn
92d038062e
Fix node authorization for cloudprovider installs ( #1794 )
In 1.8, the Node authorization mode should be listed first to
allow kubelet to access secrets. This seems to only impact
environments with cloudprovider enabled.
7 years ago
abelgana
2972bceb90
Changre raw execution to use yum module ( #1785 )
* Changre raw execution to use yum module
Changed raw exection to use yum module provided by Ansible.
* Replace ansible_ssh_* by ansible_*
Ansible 2.0 has deprecated the “ssh” from ansible_ssh_user, ansible_ssh_host, and ansible_ssh_port to become ansible_user, ansible_host, and ansible_port. If you are using a version of Ansible prior to 2.0, you should continue using the older style variables (ansible_ssh_*). These shorter variables are ignored, without warning, in older versions of Ansible.
I am not sure about the broader impact of this change. But I have seen on the requirements the version required is ansible>=2.4.0.
http://docs.ansible.com/ansible/latest/intro_inventory.html
7 years ago
刘旭
cb0a60a0fe
calico v2.5.0 should use calico/routereflector:v0.4.0 ( #1792 )
7 years ago
Matthew Mosesohn
3ee91e15ff
Use commas in no_proxy ( #1782 )
7 years ago
Matthew Mosesohn
ef47a73382
Add new addon Istio ( #1744 )
* add istio addon
* add addons to a ci job
7 years ago
Matthew Mosesohn
dc515e5ac5
Remove kernel-upgrade role ( #1798 )
This role only support Red Hat type distros and is not maintained
or used by many users. It should be removed because it creates
feature disparity between supported OSes and is not maintained.
7 years ago
Julian Poschmann
56763d4288
Persist br_netfilter module loading ( #1760 )
7 years ago
Maxim Krasilnikov
ad9fa73301
Remove cert_managment var definition from k8s-cluster group vars ( #1790 )
7 years ago
Matthew Mosesohn
10dd049912
Revert "Security fixes for etcd ( #1778 )" ( #1786 )
This reverts commit 4209f1cbfd
.
7 years ago
Matthew Mosesohn
4209f1cbfd
Security fixes for etcd ( #1778 )
* Security fixes for etcd
* Use certs when querying etcd
7 years ago
Matthew Mosesohn
ee83e874a8
Clear admin kubeconfig when rotating certs ( #1772 )
* Clear admin kubeconfig when rotating certs
* Update main.yml
7 years ago
Vijay Katam
27ed73e3e3
Rename dns_server, add var for selinux. ( #1572 )
* Rename dns_server to dnsmasq_dns_server so that it includes role prefix
as the var name is generic and conflicts when integrating with existing ansible automation.
* Enable selinux state to be configurable with new var preinstall_selinux_state
7 years ago
Aivars Sterns
e41c0532e3
add possibility to disable fail with swap ( #1773 )
7 years ago
Matthew Mosesohn
eeb7274d65
Adjust memory reservation for master nodes ( #1769 )
7 years ago
Matthew Mosesohn
eb0dcf6063
Improve proxy ( #1771 )
* Set no_proxy to all local ips
* Use proxy settings on all necessary tasks
7 years ago
Matthew Mosesohn
83be0735cd
Fix setting etcd client cert serial ( #1775 )
7 years ago
Matthew Mosesohn
fe4ba51d1a
Set node IP correctly ( #1770 )
Fixes #1741
7 years ago
Hyunsun Moon
adf575b75e
Set default value for disable_shared_pid ( #1710 )
PID namespace sharing is disabled only in Kubernetes 1.7.
Explicitily enabling it by default could help reduce unexpected
results when upgrading to or downgrading from 1.7.
7 years ago
Spencer Smith
e5426f74a8
Merge pull request #1762 from manics/bindir-helm
Include bin_dir when patching helm tiller with kubectl
7 years ago
Spencer Smith
f5212d3b79
Merge pull request #1752 from pmontanari/patch-1
Force synchronize to use ssh_args so it works when using bastion
7 years ago
Spencer Smith
3d09c4be75
Merge pull request #1756 from kubernetes-incubator/fix_bool_assert
Fix bool check assert
7 years ago
Spencer Smith
f2db15873d
Merge pull request #1754 from ArchiFleKs/rkt-kubelet-fix
add hosts to rkt kubelet
7 years ago
ArchiFleKs
7c663de6c9
add /etc/hosts volume to rkt templates
7 years ago
Simon Li
c14bbcdbf2
Include bin_dir when patching helm tiller with kubectl
7 years ago
ant31
1be4c1935a
Fix bool check assert
7 years ago
pmontanari
764b1aa5f8
Force synchronize to use ssh_args so it works when using bastion
In case ssh.config is set to use bastion, synchronize needs to use it too.
7 years ago
Spencer Smith
d13b07ba59
Merge pull request #1751 from bradbeam/calicoprometheus
Adding calico/node env vars for prometheus configuration
7 years ago
Spencer Smith
028afab908
Merge pull request #1750 from bradbeam/dnsmasq2
Followup fix for CVE-2017-14491
7 years ago
Brad Beam
55dfae2a52
Followup fix for CVE-2017-14491
7 years ago
Matthew Mosesohn
994324e19c
Update gce CI ( #1748 )
Use image family for picking latest coreos image
Update python deps
7 years ago
Brad Beam
b81c0d869c
Adding calico/node env vars for prometheus configuration
7 years ago
Matthew Mosesohn
f14f04c5ea
Upgrade to kubernetes v1.8.0 ( #1730 )
* Upgrade to kubernetes v1.8.0
hyperkube no longer contains rsync, so now use cp
* Enable node authorization mode
* change kube-proxy cert group name
7 years ago
Aivars Sterns
9c86da1403
Normalize tags in all places to prepare for tag fixing in future ( #1739 )
7 years ago
Spencer Smith
cb611b5ed0
Merge pull request #1742 from mattymo/facts_as_vars
Move set_facts to kubespray-defaults defaults
7 years ago
Spencer Smith
891269ef39
Merge pull request #1743 from rsmitty/kube-client
Don't delegate cert gathering before creating admin.conf
7 years ago
Spencer Smith
ab171a1d6d
don't delegate cert slurp
7 years ago
Matthew Mosesohn
a56738324a
Move set_facts to kubespray-defaults defaults
These facts can be generated in defaults with a performance
boost.
Also cleaned up duplicate etcd var names.
7 years ago
Maxim Krasilnikov
da61b8e7c9
Added workaround for vagrant 1.9 and centos vm box ( #1738 )
7 years ago