Suzuka Asagiri
f81e6d2ccf
Add oidc-user-prefix and oidc-group-prefix args
6 years ago
Romain DEQUIDT
80dd230a65
sync certs tasks ( fix #2596 #2667 )
6 years ago
Paul Montero
75950344fb
run_once pre_upgrade tasks which are executing in localhost
6 years ago
Matthew Mosesohn
f73717ea35
Mount local volume provisioner dirs for containerized kubelet ( #2648 )
6 years ago
Chad Swenson
d87b6fd9f3
Use dedicated front-proxy-ca for front-proxy-client
6 years ago
Markos Chandras
d07f75b389
roles: kubernetes: secrets: Add SUSE support
Add path for certificate location for SUSE distributions. Also make sure
the 'update-ca-certificates' command is executed on SUSE hosts as well.
6 years ago
Nirmoy Das
45eac53ec7
roles: kubernetes: preinstall: Install openssl-1.1.0 on Tumbleweed
The openssl package on Tumbleweed is actually a virtual package covering
openssl-1.0.0 and openssl-1.1.0 implementations. It defaults to 1.1.0 so
when trying to install it and openssl-1.0.0 is installed, zypper fails
with conflicts. As such, lets explicitly pull the package that we need
which also updates the virtual one.
Co-authored-by: Markos Chandras <mchandras@suse.de>
6 years ago
Markos Chandras
e42203a13e
roles: kubernetes: preinstall: Add SUSE support
Add support for installing package dependencies and refreshing metadata
on SUSE distributions
Co-authored-by: Nirmoy Das <ndas@suse.de>
6 years ago
Christian Phu
3535c29e59
Fix apiserver manifest for kube version < 1.9
6 years ago
Marcelo Grebois
88765f62e6
Updating order
https://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use
6 years ago
Robin Skahjem-Eriksen
0f35e17e23
Fix new envvar for setting openstack_tenant_id ( #2641 )
Changed from OS_PROJECT_ID to OS_PROJECT_NAME.
6 years ago
Brad Beam
77b3f9bb97
Removing default for volume-plugins mountpoint ( #2618 )
All checks test if this is defined meaning there is no way to undefine it.
6 years ago
Matthew Mosesohn
45f15bf753
Revert "Fix new envvar for setting openstack_tenant_id" ( #2640 )
6 years ago
Robin Skahjem-Eriksen
0c0f6b755d
Fix new envvar for setting openstack_tenant_id
Changed from OS_PROJECT_ID to OS_PROJECT_NAME.
6 years ago
Marcelo Grebois
4c12b273ac
Enabling MutatingAdmissionWebhook for Istio Automatic sidecar injection
https://istio.io/docs/setup/kubernetes/sidecar-injection.html#automatic-sidecar-injection
6 years ago
Atoms
b68854f79d
fix kubectl download location and kubectl.sh helper owner/group remove
6 years ago
Matthew Mosesohn
f954bc0a5a
Remove jinja2 dependency of do
While `do` looks cleaner, forcing this extra option in ansible.cfg
seems to be more invasive. It would be better to keep the traditional
approach of `set dummy = ` instead.
6 years ago
Brad Beam
dfc46f02d7
Adding missing service-account certificate for vault
Missed in #2554
6 years ago
Daniel Hoherd
ca40d51bc6
Fix typos (no logic changes)
6 years ago
Chen Hong
973e7372b4
content: |
6 years ago
Chen Hong
b54e091886
Persist ip_vs modules
6 years ago
georgejdli
76bb5f8d75
check if dedicated service account token signing key exists
6 years ago
Matthew Mosesohn
3004791c64
Add pre-upgrade task for moving credentials file ( #2394 )
* Add pre-upgrade task for moving credentials file
This reverts commit 7ef9f4dfdd
.
* add python interpreter workaround for localhost
6 years ago
woopstar
86e3506ae6
Etcd cluster setup makeover
The current way to setup the etc cluster is messy and buggy.
- It checks for cluster is healthy before the cluster is even created.
- The unit files are started on handlers, not in the task, so you mess with "flush handlers".
- The join_member.yml is not used.
- etcd events cluster is not configured for kubeadm
- remove duplicate runs between running the role on etcd nodes and k8s nodes
6 years ago
Wong Hoi Sing Edison
5fe144aa0f
ingress-nginx: container download related things should defined in the download role
6 years ago
Wong Hoi Sing Edison
195d6d791a
Integrate jetstack/cert-manager 0.2.3 to Kubespray
6 years ago
avoidik
aa301c31d1
Move credential checks into proper folder
6 years ago
avoidik
15efdf0c16
Move credential checks
6 years ago
avoidik
ab8760cc83
Move credentials pre-check
6 years ago
avoidik
b6da596ec1
Move default configuration parameters for cloud-config
6 years ago
avoidik
3c12c6beb3
Move cloud config configurations to proper location
6 years ago
Erwan Miran
8ece922ef0
node_labels documentation + kube-ingress label handling as role_node_label
6 years ago
georgejdli
572ab650db
copy dedicated service account token signing key for kubeadm migration
6 years ago
avoidik
72c2a8982b
Fix kubecert_node.results indexes
6 years ago
Matthew Mosesohn
03bcfa7ff5
Stop templating kube-system namespace and creating it ( #2545 )
Kubernetes makes this namespace automatically, so there is
no need for kubespray to manage it.
6 years ago
Andreas Kruger
af5f376163
Revert
6 years ago
woopstar
004b0a3fcf
Fix merge conflict
6 years ago
陈宏
4d85e3765e
remove redundancy code
6 years ago
Kuldip Madnani
daeeae1a91
Added retries in pre-upgrade.yml and retries while applying kube-dns.yml ( #2553 )
* Added retries in pre-upgrade.yml and retries while applying kube-dns.yml
* Removed trailing spaces
6 years ago
georgejdli
c8f857eae4
configure kubespray to sign service account tokens with a dedicated and stable key
6 years ago
Kuldip Madnani
9ebbf1c3cd
Added a fix in openssl.conf template to check if IP of loadbalncer is available or not.
6 years ago
woopstar
0b5404b2b7
Fix
6 years ago
woopstar
0df32b03ca
Update openssl.conf to count better and work with Jinja 2.9
6 years ago
Matthew Mosesohn
72a4223884
Write cloud-config during kubelet configuration
This file should only be updated during kubelet upgrade so that
master components are not accidentally restarted first during
preinstall stage.
6 years ago
avoidik
e375678674
Set exact user for Kubelet services
6 years ago
Dann Bohn
1d0415a6cf
fixes typo in kube_override_hostname for kubeadm
6 years ago
Dann Bohn
9fa995ac9d
only sets nodeName in kubeadm-config when kube_override_hostname is set
6 years ago
Erwan Miran
8b71ef8ceb
Labels from role (node-role.k8s.io/node) and labels from inventory are merged into node-labels parameter in kubelet
6 years ago
mirwan
ee8f678010
Addition of the .creds extension to the credentials files generated by password lookup in order for Ansible not to consider them as inventory files with inventory_ignore_extensions set accordingly ( #2446 )
6 years ago
Bharat Kunwar
13e47e73c8
Update kubeadm-config.yaml.j2
As requested
6 years ago