Andreas Kruger
26d7380c2e
Sync manifests from non-kubeadm to kubeadm deploy
6 years ago
rongzhang
77e08ba204
Support dynamic kubelet config
https://kubernetes.io/blog/2018/07/11/dynamic-kubelet-configuration/
6 years ago
rongzhang
84c4c7dc82
Use synchronize module
6 years ago
Erwan Miran
af74d85b7d
Remove --insecure-bind-address when insecure-port=0
6 years ago
Chad Swenson
97e5f28537
Revert "Remove insecure-port and insecure-bind-address when possible"
6 years ago
Erwan Miran
a5509fc2ce
Remove insecure-port and insecure-bind-address when possible
6 years ago
rongzhang
435e098751
Fix feature-gates
6 years ago
Erwan Miran
a644b7c267
Introducing credentials_dir in order to be able to override it
6 years ago
Pablo Estigarribia
7cbe3c2171
ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version
ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version
remove empty when line
ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version
force kubeadm upgrade due to failure without --force flag
ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version
added nodeSelector to have compatibility with hybrid cluster with win nodes, also fix for download with missing container type
fixes in syntax and LF for newline in files
fix on yamllint check
ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version
some cleanup for innecesary lines
remove conditions for nodeselector
6 years ago
mlushpenko
8e95974930
Fix ports for kubeadm client and master configs for ha setups
6 years ago
rongzhang
2609ec0dc3
Fix copy etcd-ssl-ca failed
6 years ago
rongzhang
16fc22a207
Fix ipvs by kubeadm v1alpha1
6 years ago
rongzhang
35e5adaf0a
Fix kubeadm v1alpha1 configure
6 years ago
rongzhang
9eade647e6
Fix kubeadm lb
6 years ago
Erwan Miran
52ab54eeea
Fix missing quotes for audit-log-path and wrong placement of feature-gates
6 years ago
Takashi Okamoto
d407a590a6
container_manager variable to specify runtime.
6 years ago
Takashi Okamoto
5eb805f098
Change timeout for kubeadm 600s.
* kubeadm timeout is too short and it may interrupt by timeout.
6 years ago
Takashi Okamoto
236f066635
kubeadm cri-o support.
6 years ago
Takashi Okamoto
359009bb05
Download etcd and hyperkube binary.
6 years ago
Takashi Okamoto
bdbfa4d403
Add ipvs support for kubeadm 1.10 or later.
6 years ago
Takashi Okamoto
6849788ebc
Fix copy ca cert and ca key for kubeadm.
6 years ago
Takashi Okamoto
ac639b2a17
Change kubeadm config to run etcd by kubeadm.
6 years ago
Samuele Chiocca
cb8be37f72
fix on v1alpha1
6 years ago
Samuele Chiocca
e5dd4e1e70
added on v1alpha1
6 years ago
rongzhang
5a4352657d
Fix install audit failed
1.fix audit log not write
2.fix Parameter not recognized
3.delete kubedm futuregates auditing and use apiServerExtraArgs
6 years ago
Samuele Chiocca
f13bc796d9
added nodePortAddresses on kubeadm conf v1alpha2 (not present on v1alpha1)
6 years ago
Erwan Miran
80cfeea957
psp, roles and rbs for PodSecurityPolicy when podsecuritypolicy_enabled is true
6 years ago
Jeff Bornemann
94df70be98
Cloud provider support for OCI (Oracle Cloud Infrastructure)
Signed-off-by: Jeff Bornemann <jeff.bornemann@oracle.com>
6 years ago
Erwan Miran
fc38b6d0ca
Ability to define custom audit polcy rules
6 years ago
Erwan Miran
c34900e569
Define apiserver flags directly instead of relying on auditPolicy section in order to have the ability to redirect audit log to stdout with kubeadm
6 years ago
rongzhang
59176ebbb9
Add kubeadm controlplaneEndpoint
Nginx LB(default)
Other LB by kubeadm controlplane
6 years ago
Erwan Miran
54548d3b95
kubeadm mounts the hostpaths itself
6 years ago
Erwan Miran
58d4d65fab
minor variable fix and reuse + handle auditlog redirected to stdout
6 years ago
rongzhang
2ffc1afe40
Support audit
6 years ago
Rong Zhang
a11e1eba9e
Upgrade kubernetes to V1.11.x ( #3078 )
Upgrade Kubernetes to V1.11.2
The kubeadm configuration file version has been upgraded from v1alpha1 to v1alpha2
Add bootstrap kubeadm-config.yaml with external etcd
6 years ago
Robert Everson
4eadf3228e
Only add admission plugins if defined
6 years ago
Robert Everson
99c5aa5a02
Use k8s default plugin list
6 years ago
Robert Everson
6ed65d762b
Separate out plugins into 2 variables
6 years ago
Robert Everson
ac18f6cf8b
Add support for admission controllers in 1.10 and above
6 years ago
Dao Hoang Son
d306c9708c
Remove step that force disable `kube_basic_auth`.
The referenced issue (https://github.com/kubernetes/kubeadm/issues/441 ) has already been fixed.
6 years ago
Matthew Mosesohn
1a3b9dd864
Force copy cni files
6 years ago
Miouge1
2a279e30b0
CheckNodePIDPressure is not supported in v1.10
6 years ago
southquist
c685dc493f
allow for setting the cacert on openstack cloud provider
6 years ago
Matthew Mosesohn
61e97251a5
Improve variable handling for disabling etcd events cluster
6 years ago
Matthew Mosesohn
7c93e71801
Upgrade k8s to 1.10.2 ( #2748 )
* Upgrade k8s to 1.10.2
Bumped etcd version to 3.2.16 as recommended
* Add ipvs fix for v1.10
* change flannel addons test to ha
6 years ago
Christopher J. Ruwe
73800ef111
make certificates non-executable
6 years ago
Miouge1
ad48606e4e
Restart scheduler when policy changes
6 years ago
Matthew Mosesohn
07cc981971
refactor vault role ( #2733 )
* Move front-proxy-client certs back to kube mount
We want the same CA for all k8s certs
* Refactor vault to use a third party module
The module adds idempotency and reduces some of the repetitive
logic in the vault role
Requires ansible-modules-hashivault on ansible node and hvac
on the vault hosts themselves
Add upgrade test scenario
Remove bootstrap-os tags from tasks
* fix upgrade issues
* improve unseal logic
* specify ca and fix etcd check
* Fix initialization check
bump machine size
6 years ago
Miouge1
70e0998a70
Update kube-scheduler policy
6 years ago
Suzuka Asagiri
f81e6d2ccf
Add oidc-user-prefix and oidc-group-prefix args
6 years ago