Tree: ac00d23b80

dependabot/pip/molecule-8d43df456a

floryut-patch-1

lean/pre-commit-hook-2

master

packet-test

pre-commit-hook

reduce-vm-requests

release-2.10

release-2.11

release-2.12

release-2.13

release-2.14

release-2.15

release-2.16

release-2.17

release-2.18

release-2.19

release-2.20

release-2.21

release-2.22

release-2.23

release-2.24

release-2.25

release-2.26

release-2.27

release-2.7

release-2.8

release-2.9

revert-11831-ipv6only

test-CI

test-ci

test-precommit

update-approvers-ant31

1.3.0

1.3.0_k1.1.3

1.4.0

1.5.0

test-tag-1

v1.0

v1.0.0

v1.0.1

v1.1

v1.1.0

v1.1.3

v2.0.0

v2.0.1

v2.1.0

v2.1.1

v2.1.2

v2.10.0

v2.10.3

v2.10.4

v2.11.0

v2.11.1

v2.11.2

v2.12.0

v2.12.1

v2.12.10

v2.12.2

v2.12.3

v2.12.4

v2.12.5

v2.12.6

v2.12.7

v2.12.8

v2.12.9

v2.13.0

v2.13.1

v2.13.2

v2.13.3

v2.13.4

v2.14.0

v2.14.1

v2.14.2

v2.15.0

v2.15.1

v2.16.0

v2.17.0

v2.17.1

v2.18.0

v2.18.1

v2.18.2

v2.19.0

v2.19.1

v2.2.0

v2.2.1

v2.20.0

v2.21.0

v2.22.0

v2.22.1

v2.22.2

v2.23.0

v2.23.1

v2.23.2

v2.23.3

v2.24.0

v2.24.1

v2.24.2

v2.24.3

v2.25.0

v2.25.1

v2.26.0

v2.27.0

v2.3.0

v2.4.0

v2.5.0

v2.6.0

v2.7.0

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.9.0

Branches Tags

${ item.name }

Create branch ${ searchTerm }

from 'ac00d23b80'

${ noResults }

Commit Graph

138 Commits (ac00d23b80b21cb10baff8263b3adf5a9798f99e)

Author	SHA1	Message	Date
Antoine Legrand	3dcb914607	Remove Vault (#3684) * Remove Vault * Remove reference to 'kargo' in the doc * change check order	6 years ago
Bily Zhang	b2b421840c	Fix some typos (#3690) Signed-off-by: mooncake <xcoder@tenxcloud.com>	6 years ago
ankitcharolia	9c83551a0e	add certificate authority file (#3433)	6 years ago
Matthew Mosesohn	bc74a37696	Calculate etcd client cert serial for appropriate groups (#3605) Standalone etcd nodes do not generate node-$hostname certs and do not need this serial calculated.	6 years ago
Bart Laarhoven	0acb823d96	Distribute node etcd certificates like it's done in kubernetes/secrets (#3486) * do it like in kubernetes/secrets * fix indentation * processed comments * missed one, sorry * trailing space fix	6 years ago
Erwan Miran	b4e2b85745	Replace shell with command in order to allow the task to fail when openssl x509 does return zero (#3516)	6 years ago
Erwan Miran	fcd8d850dc	Fix ansible syntax to avoid ansible warnings (again) (#3509) * Fix ansible syntax to avoid ansible warnings (again) * warn: false on tar -cfz * wrong placement of warn:false	6 years ago
Erwan Miran	2ab2f3a0a3	Ability to define SSL certificates duration and SSL key size (#3482) * Ability to specify ssl certificate duration and ssl key size - etcd/secrets * Ability to specify ssl certificate duration and ssl key size - helm/contiv + fix contiv missing copy certs generation script	6 years ago
刘旭	145e5c8943	use copy and slurp module (#3313)	6 years ago
rongzhang	84c4c7dc82	Use synchronize module	6 years ago
Matthew Mosesohn	aaa9a4efac	Ensure vault file permissions are correct	6 years ago
Pablo Estigarribia	7cbe3c2171	ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version remove empty when line ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version force kubeadm upgrade due to failure without --force flag ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version added nodeSelector to have compatibility with hybrid cluster with win nodes, also fix for download with missing container type fixes in syntax and LF for newline in files fix on yamllint check ensure there is pin priority for docker package to avoid upgrade of docker to incompatible version some cleanup for innecesary lines remove conditions for nodeselector	6 years ago
Erwan Miran	82a28d6bb3	Add documentation about having HA for etcd	6 years ago
Takashi Okamoto	359009bb05	Download etcd and hyperkube binary.	6 years ago
Aivars Sterns	1567a977c3	Revert "gen_certs_script: refactor using stdin (Ansible 2.4+)"	6 years ago
Tatsuyuki Ishi	69786b2d16	gen_certs_script: refactor using stdin (Ansible 2.4+)	6 years ago
Matthew Mosesohn	97e0de7e29	Fix vault file owner issues and k8s apiserver cert creation (#2985) apiserver cert should be created only once	6 years ago
Matthew Mosesohn	5c617c5a8b	Add tags to deploy components by --tags option (#2960) * Add tags for cert serial tasks This will help facilitate tag-based deployment of specific components. * fixup kubernetes node	6 years ago
elementyang	7c22def422	add etcd_events_access_address	6 years ago
elementyang	70fbc01cc1	fix etcd_events_access_addresses	6 years ago
Matthew Mosesohn	59be578842	Revert "wip pr for improved cert sync" (#2849)	6 years ago
Matthew Mosesohn	7433348aae	wip pr for improved cert sync	6 years ago
Markos Chandras	9168c71359	Revert "Revert "Add openSUSE support" (#2697)" (#2699) This reverts commit 51f4e6585a.	6 years ago
Matthew Mosesohn	51f4e6585a	Revert "Add openSUSE support" (#2697)	6 years ago
Markos Chandras	2d34781259	roles: etcd: Add support for SUSE distributions Add path for certificate location for SUSE distributions. Also make sure the 'update-ca-certificates' command is executed on SUSE hosts as well.	7 years ago
woopstar	86e3506ae6	Etcd cluster setup makeover The current way to setup the etc cluster is messy and buggy. - It checks for cluster is healthy before the cluster is even created. - The unit files are started on handlers, not in the task, so you mess with "flush handlers". - The join_member.yml is not used. - etcd events cluster is not configured for kubeadm - remove duplicate runs between running the role on etcd nodes and k8s nodes	6 years ago
Andreas Krüger	b9b028a735	Update etcd deployment to use correct cert and key (#2572) * Update etcd deployment to use correct cert and key * Update to use admin cert for etcdctl commands * Update handler to use admin cert too	7 years ago
woopstar	859a7f32fb	Fix import task. Has to be include task to evalutate etcd_cluster_setup variable at run time	7 years ago
RongZhang	67ffd8e923	Add etcd-events cluster for kube-apiserver (#2385) Add etcd-events cluster for kube-apiserver	7 years ago
RongZhang	c0aad0a6d5	Fix install etcd by host service (#2297) Fix bug issues #2289	7 years ago
Matthew Mosesohn	dc6a17e092	Use include/import tasks (#2192) import_tasks will consume far less memory, so it should be used whenever it is compatible.	7 years ago
Matthew Mosesohn	1401286910	Add support for cert alt names for etcd (#2139) * Add support for cert alt names for etcd * Update gen_certs_vault.yml	7 years ago
Steve Mitchell	e45b30d033	Add etcd key and cert environment variables for use with client auth	7 years ago
chenhonggc	c7910b51a1	--peers DEPRECATED - --endpoints should be used instead (#1943)	7 years ago
Spencer Smith	0126168472	provide environment for rkt trust and run with etcd	7 years ago
Matthew Mosesohn	86fb669fd3	Idempotency fixes (#1838)	7 years ago
Matthew Mosesohn	0b4fcc83bd	Fix up warnings and deprecations (#1848)	7 years ago
Matthew Mosesohn	514359e556	Improve etcd scale up (#1846) Now adding unjoined members to existing etcd cluster occurs one at a time so that the cluster does not lose quorum.	7 years ago
Matthew Mosesohn	10dd049912	Revert "Security fixes for etcd (#1778)" (#1786) This reverts commit 4209f1cbfd.	7 years ago
Matthew Mosesohn	4209f1cbfd	Security fixes for etcd (#1778) * Security fixes for etcd * Use certs when querying etcd	7 years ago
Matthew Mosesohn	83be0735cd	Fix setting etcd client cert serial (#1775)	7 years ago
Aivars Sterns	9c86da1403	Normalize tags in all places to prepare for tag fixing in future (#1739)	7 years ago
Matthew Mosesohn	a56738324a	Move set_facts to kubespray-defaults defaults These facts can be generated in defaults with a performance boost. Also cleaned up duplicate etcd var names.	7 years ago
Matthew Mosesohn	126f42de06	drop unused etcd logic Fixes #1660	7 years ago
foxyriver	30b5493fd6	use command module instead of shell module	7 years ago
Brad Beam	ac281476c8	Prune unnecessary certs from vault setup (#1652) * Cleaning up cert checks for vault * Removing all unnecessary etcd certs from each node * Removing all unnecessary kube certs from each node	7 years ago
Matthew Mosesohn	6744726089	kubeadm support (#1631) * kubeadm support * move k8s master to a subtask * disable k8s secrets when using kubeadm * fix etcd cert serial var * move simple auth users to master role * make a kubeadm-specific env file for kubelet * add non-ha CI job * change ci boolean vars to json format * fixup * Update create-gce.yml * Update create-gce.yml * Update create-gce.yml	7 years ago
Matthew Mosesohn	5d99fa0940	Purge old upgrade hooks and unused tasks (#1641)	7 years ago
mkrasilnikov	bf0af1cd3d	Vault role updates: * using separated vault roles for generate certs with different `O` (Organization) subject field; * configure vault roles for issuing certificates with different `CN` (Common name) subject field; * set `CN` and `O` to `kubernetes` and `etcd` certificates; * vault/defaults vars definition was simplified; * vault dirs variables defined in kubernetes-defaults foles for using shared tasks in etcd and kubernetes/secrets roles; * upgrade vault to 0.8.1; * generate random vault user password for each role by default; * fix `serial` file name for vault certs; * move vault auth request to issue_cert tasks; * enable `RBAC` in vault CI;	7 years ago
Brad Beam	8ae77e955e	Adding in certificate serial numbers to manifests (#1392)	7 years ago