Matthew Mosesohn
dc515e5ac5
Remove kernel-upgrade role ( #1798 )
This role only support Red Hat type distros and is not maintained
or used by many users. It should be removed because it creates
feature disparity between supported OSes and is not maintained.
7 years ago
Julian Poschmann
56763d4288
Persist br_netfilter module loading ( #1760 )
7 years ago
Maxim Krasilnikov
ad9fa73301
Remove cert_managment var definition from k8s-cluster group vars ( #1790 )
7 years ago
Matthew Mosesohn
10dd049912
Revert "Security fixes for etcd ( #1778 )" ( #1786 )
This reverts commit 4209f1cbfd
.
7 years ago
Matthew Mosesohn
4209f1cbfd
Security fixes for etcd ( #1778 )
* Security fixes for etcd
* Use certs when querying etcd
7 years ago
Matthew Mosesohn
ee83e874a8
Clear admin kubeconfig when rotating certs ( #1772 )
* Clear admin kubeconfig when rotating certs
* Update main.yml
7 years ago
Vijay Katam
27ed73e3e3
Rename dns_server, add var for selinux. ( #1572 )
* Rename dns_server to dnsmasq_dns_server so that it includes role prefix
as the var name is generic and conflicts when integrating with existing ansible automation.
* Enable selinux state to be configurable with new var preinstall_selinux_state
7 years ago
Aivars Sterns
e41c0532e3
add possibility to disable fail with swap ( #1773 )
7 years ago
Matthew Mosesohn
eeb7274d65
Adjust memory reservation for master nodes ( #1769 )
7 years ago
Matthew Mosesohn
eb0dcf6063
Improve proxy ( #1771 )
* Set no_proxy to all local ips
* Use proxy settings on all necessary tasks
7 years ago
Matthew Mosesohn
83be0735cd
Fix setting etcd client cert serial ( #1775 )
7 years ago
Matthew Mosesohn
fe4ba51d1a
Set node IP correctly ( #1770 )
Fixes #1741
7 years ago
Hyunsun Moon
adf575b75e
Set default value for disable_shared_pid ( #1710 )
PID namespace sharing is disabled only in Kubernetes 1.7.
Explicitily enabling it by default could help reduce unexpected
results when upgrading to or downgrading from 1.7.
7 years ago
Spencer Smith
e5426f74a8
Merge pull request #1762 from manics/bindir-helm
Include bin_dir when patching helm tiller with kubectl
7 years ago
Spencer Smith
f5212d3b79
Merge pull request #1752 from pmontanari/patch-1
Force synchronize to use ssh_args so it works when using bastion
7 years ago
Spencer Smith
3d09c4be75
Merge pull request #1756 from kubernetes-incubator/fix_bool_assert
Fix bool check assert
7 years ago
Spencer Smith
f2db15873d
Merge pull request #1754 from ArchiFleKs/rkt-kubelet-fix
add hosts to rkt kubelet
7 years ago
ArchiFleKs
7c663de6c9
add /etc/hosts volume to rkt templates
7 years ago
Simon Li
c14bbcdbf2
Include bin_dir when patching helm tiller with kubectl
7 years ago
ant31
1be4c1935a
Fix bool check assert
7 years ago
pmontanari
764b1aa5f8
Force synchronize to use ssh_args so it works when using bastion
In case ssh.config is set to use bastion, synchronize needs to use it too.
7 years ago
Spencer Smith
d13b07ba59
Merge pull request #1751 from bradbeam/calicoprometheus
Adding calico/node env vars for prometheus configuration
7 years ago
Spencer Smith
028afab908
Merge pull request #1750 from bradbeam/dnsmasq2
Followup fix for CVE-2017-14491
7 years ago
Brad Beam
55dfae2a52
Followup fix for CVE-2017-14491
7 years ago
Matthew Mosesohn
994324e19c
Update gce CI ( #1748 )
Use image family for picking latest coreos image
Update python deps
7 years ago
Brad Beam
b81c0d869c
Adding calico/node env vars for prometheus configuration
7 years ago
Matthew Mosesohn
f14f04c5ea
Upgrade to kubernetes v1.8.0 ( #1730 )
* Upgrade to kubernetes v1.8.0
hyperkube no longer contains rsync, so now use cp
* Enable node authorization mode
* change kube-proxy cert group name
7 years ago
Aivars Sterns
9c86da1403
Normalize tags in all places to prepare for tag fixing in future ( #1739 )
7 years ago
Spencer Smith
cb611b5ed0
Merge pull request #1742 from mattymo/facts_as_vars
Move set_facts to kubespray-defaults defaults
7 years ago
Spencer Smith
891269ef39
Merge pull request #1743 from rsmitty/kube-client
Don't delegate cert gathering before creating admin.conf
7 years ago
Spencer Smith
ab171a1d6d
don't delegate cert slurp
7 years ago
Matthew Mosesohn
a56738324a
Move set_facts to kubespray-defaults defaults
These facts can be generated in defaults with a performance
boost.
Also cleaned up duplicate etcd var names.
7 years ago
Maxim Krasilnikov
da61b8e7c9
Added workaround for vagrant 1.9 and centos vm box ( #1738 )
7 years ago
Maxim Krasilnikov
d6d58bc938
Fixed vagrant up with flannel network, removed old config values ( #1737 )
7 years ago
Matthew Mosesohn
e42cb43ca5
add bootstrap for debian ( #1726 )
7 years ago
Brad Beam
ca541c7e4a
Ensuring vault service is stopped in reset tasks ( #1736 )
7 years ago
Brad Beam
96e14424f0
Adding kubedns update for CVE-2017-14491 ( #1735 )
7 years ago
Brad Beam
47830896e8
Merge pull request #1733 from chapsuk/vagrant_mem
Increase vagrant vm's memory size
7 years ago
mkrasilnikov
5fd4b4afae
Increase vagrant vm's memory size
7 years ago
Matthew Mosesohn
dae9f6d3c2
Test if tokens are expired from host instead of inside container ( #1727 )
* Test if tokens are expired from host instead of inside container
* Update main.yml
7 years ago
Julian Poschmann
8e1210f96e
Fix cluster-network w/ prefix > 25 not possible with CNI ( #1713 )
7 years ago
Matthew Mosesohn
56aa683f28
Fix logic in idempotency tests in CI ( #1722 )
7 years ago
Brad Beam
1b9a6d7ad8
Merge pull request #1672 from manics/bastion-proxycommand-newline
Insert a newline in bastion ssh config after ProxyCommand conditional
7 years ago
Brad Beam
f591c4db56
Merge pull request #1720 from shiftky/improve_integration_doc
Improve playbook example of integration document
7 years ago
Peter Slijkhuis
371fa51e82
Make installation of EPEL optional ( #1721 )
7 years ago
shiftky
a927ed2da4
Improve playbook example of integration document
7 years ago
Matthew Mosesohn
a55675acf8
Enable RBAC with kubeadm always ( #1711 )
7 years ago
Matthew Mosesohn
25dd3d476a
Fix error for azure+calico assert ( #1717 )
Fixes #1716
7 years ago
Matthew Mosesohn
3ff5f40bdb
fix graceful upgrade ( #1704 )
Fix system namespace creation
Only rotate tokens when necessary
7 years ago
Matthew Mosesohn
689ded0413
Enable kubeadm upgrades to any version ( #1709 )
7 years ago