99 Commits (f9df692056e6222ab6908ea1e1f26eb3ff8d75a0)

Author SHA1 Message Date
woopstar f9df692056 Issue front proxy certs for vault 6 years ago
woopstar 4dab92ce69 Rename from aggregator-proxy-client to front-proxy-client to match kubeadm design. Added kubeadm support too. Changed to use variables set and not hardcode paths. Still missing cert generation for Vault 6 years ago
woopstar b2d30d68e7 Rename CN for aggreator back. Add flags to apiserver when version is >= 1.9 6 years ago
woopstar 82d10b882c Added fixes from whereismyjetpack 6 years ago
woopstar 0b4168cad4 WIP. Adding metrics-server support for K8s version 1.9 6 years ago
Matthew Mosesohn dc6a17e092
Use include/import tasks (#2192) 6 years ago
Bogdan Dobrelya 8aafe64397
Defaults for apiserver_loadbalancer_domain_name (#1993) 7 years ago
Günther Grill 0d55ed3600 Avoid that some read-only tasks cause an ansible-change (#1910) 7 years ago
Matthew Mosesohn fe81bba08d Force kubelet certificates to be generated as lowercase (#1886) 7 years ago
Rémi de Passmoilesel 356515222a Add possibility to insert more ip adresses in certificates (#1678) 7 years ago
neith00 77f1d4b0f1 Revert "Update roadmap" (#1809) 7 years ago
Matthew Mosesohn d9879d8026 Update roadmap (#1795) 7 years ago
Matthew Mosesohn ee83e874a8 Clear admin kubeconfig when rotating certs (#1772) 7 years ago
Matthew Mosesohn f14f04c5ea Upgrade to kubernetes v1.8.0 (#1730) 7 years ago
Aivars Sterns 9c86da1403 Normalize tags in all places to prepare for tag fixing in future (#1739) 7 years ago
foxyriver 30b5493fd6 use command module instead of shell module 7 years ago
Brad Beam ac281476c8 Prune unnecessary certs from vault setup (#1652) 7 years ago
Matthew Mosesohn 6744726089 kubeadm support (#1631) 7 years ago
Maxim Krasilnikov e16b57aa05 Store vault users passwords to credentials dir. Create vault and etcd roles after start vault cluster (#1632) 7 years ago
Brad Beam a341adb7f3 Updating CN for node certs generated by vault (#1622) 7 years ago
mkrasilnikov 957b7115fe Remove node name from kube-proxy and admin certificates 7 years ago
mkrasilnikov bf0af1cd3d Vault role updates: 7 years ago
Brad Beam 8ae77e955e Adding in certificate serial numbers to manifests (#1392) 7 years ago
Maxim Krasilnikov 6eb22c5db2 Change single Vault pki mount to multi pki mounts paths for etcd and kube CA`s (#1552) 7 years ago
Matthew Mosesohn 13d08af054 Fix upgrade for canal and apiserver cert 7 years ago
Brad Beam 8b151d12b9 Adding yamllinter to ci steps (#1556) 7 years ago
Maxim Krasilnikov 2ba285a544 Fixed deploy cluster with vault cert manager (#1548) 7 years ago
Matthew Mosesohn df28db0066 Fix cert and netchecker upgrade issues (#1543) 7 years ago
Dann Bohn c4894d6092 add newline after expanding user information 7 years ago
jwfang 092bf07cbf basic rbac support 7 years ago
Dann Bohn d1f58fed4c Template out known_users.csv, optionally add groups 7 years ago
Brad Beam db3e8edacd Fixing up vault variables 7 years ago
Sergii Golovatiuk 674b71b535 Ansible 2.3 support 7 years ago
Matthew Mosesohn ae7f59e249 Skip vault cert task evaluation completely when using script cert generation 7 years ago
Matthew Mosesohn 5a5707159a Fix multiline condition for k8s check certs 7 years ago
Matthew Mosesohn a3f568fc64 restart scheduler and controller-manager too 7 years ago
Matthew Mosesohn 1887e984a0 Change wait for dnsmasq to skip if there are no kube-nodes in play 7 years ago
Matthew Mosesohn a422ad0d50 More idempotency fixes 7 years ago
Vincent Schwarzer 026da060f2 Granular authentication Control 7 years ago
Cesarini, Daniele 69636d2453 Adding /O=system:masters to admin certificate 7 years ago
Matthew Mosesohn 45274560ec Disable vault role properly on ansible 2.2.0 7 years ago
Matthew Mosesohn d176818c44 Use find module for checking for certificates 7 years ago
Sergii Golovatiuk 00cfead9bb Increase SSL TTL to 3650 days 7 years ago
Bogdan Dobrelya 712872efba Rework inventory all by real groups' vars 8 years ago
Matthew Mosesohn a21eb036ee Add no_log to cert tar tasks 7 years ago
Andrew Greenwood ca9ea097df Cleanup legacy syntax, spacing, files all to yml 7 years ago
Matthew Mosesohn 80c0e747a7 Fix references to CoreOS and Container Linux by CoreOS 7 years ago
Vladimir Rutsky a1ec6f401c fix load balancer DNS name index evaluation in openssl.conf 7 years ago
Vladimir Rutsky 09847567ae set "check_mode: no" for read-only "shell" steps that registers result 7 years ago
Josh Conant 245e05ce61 Vault security hardening and role isolation 7 years ago