Commit Graph

231 Commits (b0d7115e9b95460afdc9f97f52b0e9c031b9821d)

Author SHA1 Message Date
Matthew Mosesohn ef8e35e39b Create admin credential kubeconfig (#1647)
New files: /etc/kubernetes/admin.conf
           /root/.kube/config
           $GITDIR/artifacts/{kubectl,admin.conf}

Optional method to download kubectl and admin.conf if
kubeconfig_lcoalhost is set to true (default false)
2017-09-18 13:30:57 +01:00
Matthew Mosesohn 943aaf84e5 Update getting-started.md 2017-09-11 12:47:04 +03:00
Matthew Mosesohn 9fa1873a65 Add kube dashboard, enabled by default (#1643)
* Add kube dashboard, enabled by default

Also add rbac role for kube user

* Update main.yml
2017-09-09 23:38:03 +03:00
Matthew Mosesohn 7117614ee5 Use a generated password for kube user (#1624)
Removed unnecessary root user
2017-09-06 20:20:25 +03:00
Maxim Krasilnikov 6eb22c5db2 Change single Vault pki mount to multi pki mounts paths for etcd and kube CA`s (#1552)
* Added update CA trust step for etcd and kube/secrets roles

* Added load_balancer_domain_name to certificate alt names if defined. Reset CA's in RedHat os.

* Rename kube-cluster-ca.crt to vault-ca.crt, we need separated CA`s for vault, etcd and kube.

* Vault role refactoring, remove optional cert vault auth because not not used and worked. Create separate CA`s fro vault and etcd.

* Fixed different certificates set for vault cert_managment

* Update doc/vault.md

* Fixed condition create vault CA, wrong group

* Fixed missing etcd_cert_path mount for rkt deployment type. Distribute vault roles for all vault hosts

* Removed wrong when condition in create etcd role vault tasks.
2017-08-30 16:03:22 +03:00
Chad Swenson a39e78d42d Initial version of Flannel using CNI (#1486)
* Updates Controller Manager/Kubelet with Flannel's required configuration for CNI
* Removes old Flannel installation
* Install CNI enabled Flannel DaemonSet/ConfigMap/CNI bins and config (with portmap plugin) on host
* Uses RBAC if enabled
* Fixed an issue that could occur if br_netfilter is not a module and net.bridge.bridge-nf-call-iptables sysctl was not set
2017-08-25 10:07:50 +03:00
Hassan Zamani 01ce09f343 Add feature_gates var for customizing Kubernetes feature gates (#1520) 2017-08-24 23:18:38 +03:00
Matthew Mosesohn 277fa6c12d Add node to docs about kubelet deployment type changes 2017-08-21 09:13:59 +01:00
Vijay Katam c92506e2e7 Add calico variable that enables ignoring Kernel's RPF Setting (#1493) 2017-08-20 14:01:09 +03:00
Joseph Heck bc5159a1f5 Update comparisons.md (#1519)
Minor grammar fixes
2017-08-14 18:48:35 +03:00
Brad Beam ca6535f210 Merge pull request #1488 from timtoum/weave_docs
added Weave documentation
2017-08-10 08:26:19 -05:00
Brad Beam 383d582b47 Merge pull request #1382 from jwfang/rbac
basic rbac support
2017-08-07 08:01:51 -05:00
timtoum b1a5bb593c update docs 2017-08-01 15:55:38 +02:00
timtoum 9369c6549a update docs 2017-08-01 14:30:12 +02:00
email c7731a3b93 update docs 2017-08-01 14:24:19 +02:00
email 24706c163a update docs 2017-08-01 14:12:21 +02:00
email a276dc47e0 update docs 2017-08-01 10:52:21 +02:00
email 5de7896ffb update docs 2017-07-31 13:28:47 +02:00
email 01af45d14a update docs 2017-07-31 13:23:01 +02:00
email 87cdb81fae update docs 2017-07-28 11:33:13 +02:00
email 74403f2003 update docs 2017-07-27 17:00:54 +02:00
email 2c21672de6 update docs 2017-07-27 15:10:08 +02:00
email f7dc21773d new doc for weave 2017-07-27 14:40:52 +02:00
jwfang 805d9f22ce note upgrade from non-RBAC not supported 2017-07-24 19:11:41 +08:00
Brad Beam 45845d4a2a Merge pull request #1437 from rajiteh/fix_aws_docs
Add more instructions to setting up AWS provider
2017-07-18 16:43:01 -05:00
John Ko 06b219217b fix some typos in HA doc 2017-07-18 10:44:08 -04:00
jwfang a5b84a47b0 docs: experimental, no calico/vault 2017-07-17 19:29:59 +08:00
jwfang 552b2f0635 change authorization_modes default value 2017-07-17 19:29:59 +08:00
jwfang 092bf07cbf basic rbac support 2017-07-17 19:29:59 +08:00
nico f4a3b31415 add vsphere cloud provider doc
fix typo
2017-07-12 11:01:06 +02:00
Raj Perera 5c7e309d13 Add more instructions to setting up AWS provider 2017-07-11 10:53:19 -04:00
Spencer Smith e98b0371e5 Merge pull request #1368 from vgkowski/patch-3
change documentation from "self hosted" to "static pod" for the contr…
2017-06-30 07:31:52 -04:00
Spencer Smith cf8c74cb07 Merge pull request #1342 from Abdelsalam-Abbas/patch-1
Create ansible.md
2017-06-27 13:58:18 -04:00
Spencer Smith 23565ebe62 Merge pull request #1356 from rsmitty/rename
Rename project to kubespray
2017-06-27 11:40:03 -04:00
Spencer Smith 83265b7f75 renaming kargo-cli to kubespray-cli 2017-06-23 12:35:10 -04:00
Brad Beam 5364a10033 Merge pull request #1374 from Lendico/doc_ansible_integration
Flow for intergation with existing ansible repo
2017-06-23 11:31:22 -05:00
Spencer Smith bae5ce0bfa Merge branch 'master' into rename 2017-06-23 12:23:51 -04:00
Anton Nerozya 0cd83eadc0 README: Integration with existing ansible repo 2017-06-22 18:58:10 +02:00
vgkowski d85f98d2a9 change documentation from "self hosted" to "static pod" for the control plane 2017-06-21 11:00:11 +02:00
TAKAHASHI Yuto 9e123011c2 Modify documented neutron commands for Calico setup 2017-06-21 15:11:39 +09:00
vgkowski bb6f727f25 Update openstack documentation with Calico
Linked to the issue https://github.com/kubernetes-incubator/kubespray/issues/1359
2017-06-19 15:48:34 +02:00
Spencer Smith 8203383c03 rename almost all mentions of kargo 2017-06-16 13:25:46 -04:00
Abdelsalam Abbas 67eeccb31f Create ansible.md
fixing a typo
2017-06-12 13:20:15 +02:00
Kevin Jing Qiu 6d8a415b4d Update doc on Vagrant local override file 2017-06-02 20:09:37 -04:00
Kevin Jing Qiu e7acc2fddf Update doc for Vagrant install 2017-06-02 19:03:43 -04:00
Spencer Smith 18a42e4b38 add scale.yml to do minimum needed for a node bootstrap 2017-05-24 15:49:21 -04:00
Spencer Smith 83f44b1ac1 Added example json 2017-05-18 17:57:30 -04:00
Spencer Smith 1f470eadd1 Added dynamic inventory for AWS as contrib 2017-05-18 17:52:44 -04:00
Charles Farquhar d310acc1eb Fix link from ansible.md to calico.md
This commit fixes a broken link from ansible.md to calico.md.
2017-04-28 12:10:23 -05:00
Spencer Smith 5a7c50027f add some known tweaks that need to be made for coreos 2017-04-20 11:14:41 -04:00
Justin 9503434d53 Fix IPS array variable expansion
$IPS only expands to the first ip address in the array:

justin@box:~$ declare -a IPS=(10.10.1.3 10.10.1.4 10.10.1.5)
justin@box:~$ echo $IPS
10.10.1.3
justin@box:~$ echo ${IPS[@]}
10.10.1.3 10.10.1.4 10.10.1.5
2017-04-17 20:56:52 -04:00
Spencer Smith c3c9e955e5 Merge pull request #1232 from rsmitty/custom-flags
add ability for custom flags
2017-04-17 14:01:32 -04:00
Spencer Smith 94596388f7 add ability for custom flags 2017-04-14 17:33:04 -04:00
Justin Downing fbded9cdac Update upgrades.md
Clarify that the `kube_version` environment variable is needed for the CLI "graceful upgrade". Also add and example to check that the upgrade was successful.
2017-03-29 22:00:52 -04:00
Antoine Legrand ac96d5ccf0 Merge pull request #1176 from zoidbergwill/patch-2
Update roadmap.md
2017-03-23 12:05:35 +01:00
Vladimir Rutsky c4e57477fb replace non-breakable space with regular space
Non-brekable space is 0xc2 0xa0 byte sequence in UTF-8.

To find one:

    $ git grep -I -P '\xc2\xa0'

To replace with regular space:

    $ git grep -l -I -P '\xc2\xa0' | xargs sed -i 's/\xc2\xa0/ /g'

This commit doesn't include changes that will overlap with commit f1c59a91a1.
2017-03-23 00:25:01 +03:00
William Martin Stewart f1c59a91a1 Update roadmap.md 2017-03-22 22:03:06 +02:00
Vincent Schwarzer c8c6105ee2 Fixed Formatting / Ansbile-Playbook Command
- added -b and fixed typo in ansible-playbook command 
- fixed formatting issue
2017-03-16 17:53:48 +01:00
Vincent Schwarzer 3e8386cbf3 Fixed CoreOS Docu
CoreOS docu was referencing outdated bootstrap playbook that
is now part of kargo itself.
2017-03-15 13:04:01 +01:00
Matthew Mosesohn a244aca6a4 Merge pull request #1113 from VincentS/AWS_IAM_PROFILES
Added Missing AWS IAM Profiles and Policies
2017-03-03 17:35:55 +03:00
Vincent Schwarzer 5ae85b9de5 Added Missing AWS IAM Profiles and Policies
The AWS IAM profiles and policies required to run Kargo on AWS
are no longer hosted in the kubernetes main repo since kube-up got
deprecated. Hence we have to move the files into the kargo repository.
2017-03-03 15:30:07 +01:00
Bogdan Dobrelya aeec0f9a71 Merge pull request #1071 from vijaykatam/atomic_host
Add support for atomic host
2017-03-03 13:03:59 +01:00
Vijay Katam a0b1eda1d0 Add support for atomic host
Updates based on feedback

Simplify checks for file exists

remove invalid char

Review feedback. Use regular systemd file.

Add template for docker systemd atomic
2017-03-01 09:38:19 -08:00
Vladimir Rutsky ad80e09ac5 fix inline verbatim blocks formatting in markdown 2017-03-01 17:50:28 +04:00
Bogdan Dobrelya 0c66418dad Merge pull request #1090 from artem-panchenko/calicoAcceptHostEndpointConnections
Allow connections from pods to local endpoints
2017-03-01 13:37:05 +01:00
Artem Panchenko fa05d15093 Allow connections from pods to local endpoints
By default Calico blocks traffic from endpoints
to the host itself by using an iptables DROP
action. It could lead to a situation when service
has one alive endpoint, but pods which run on
the same node can not access it. Changed the action
to RETURN.
2017-03-01 09:21:02 +02:00
Sergii Golovatiuk d31c040dc0 Change kube-api default port from 443 to 6443
Operator can specify any port for kube-api (6443 default) This helps in
case where some pods such as Ingress require 443 exclusively.

Closes: 820
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-28 15:45:35 +01:00
Bogdan Dobrelya 069606947c Merge pull request #1063 from bogdando/fix
Align LB defaults with the HA docs
2017-02-27 10:14:42 +01:00
Kopylov German d197ce230f Fix cluster.yml file extension in docs 2017-02-26 13:42:52 +03:00
Antoine Legrand 5f7607412b Add default var role 2017-02-23 12:07:17 +01:00
Bogdan Dobrelya f2a4619c57 Align LB defaults with the HA docs
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-02-23 10:32:44 +01:00
Bogdan Dobrelya 712872efba Rework inventory all by real groups' vars
* Leave all.yml to keep only optional vars
* Store groups' specific vars by existing group names
* Fix optional vars casted as mandatory (add default())
* Fix missing defaults for an optional IP var
* Relink group_vars for terraform to reflect changes

Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-02-23 09:43:42 +01:00
Matthew Mosesohn d821448e2f Merge branch 'master' into synthscale 2017-02-21 22:17:43 +03:00
Matthew Mosesohn 634e6a381c Merge pull request #1043 from rutsky/patch-3
fix typos in azure docs
2017-02-20 20:24:05 +03:00
Matthew Mosesohn ce4eefff6a Use first kube-master to check results 2017-02-18 14:11:51 +04:00
Matthew Mosesohn 9c1701f2aa Add synthetic scale deployment mode
New deploy modes: scale, ha-scale, separate-scale
Creates 200 fake hosts for deployment with fake hostvars.

Useful for testing certificate generation and propagation to other
master nodes.

Updated test cases descriptions.
2017-02-18 14:09:55 +04:00
Antoine Legrand b84cc14694 Merge pull request #1029 from mattymo/graceful
Add graceful upgrade process
2017-02-17 21:24:32 +01:00
Vladimir Rutsky a84175b3b9 fix typo: "infrastructore" 2017-02-17 23:27:38 +04:00
Vladimir Rutsky 438b4e9625 fix typos in azure docs 2017-02-17 21:39:22 +04:00
Matthew Mosesohn 97ebbb9672 Add graceful upgrade process
Based on #718 introduced by rsmitty.

Includes all roles and all options to support deployment of
new hosts in case they were added to inventory.

Main difference here is that master role is evaluated first
so that master components get upgraded first.

Fixes #694
2017-02-16 17:18:38 +03:00
Matthew Mosesohn 2d65554cb9 Change default network plugin to Calico 2017-02-15 16:15:22 +03:00
Hung Nguyen Viet d8f46c4410 Highlight important action 2017-02-14 17:18:25 +07:00
Hung Nguyen Viet d0757ccc5e Fix typo 2017-02-14 17:18:22 +07:00
Matthew Mosesohn 779f20d64e Merge pull request #1010 from bogdando/fixes
Fix misleading HA docs
2017-02-10 13:01:29 +03:00
Bogdan Dobrelya ed1ab11001 Fix misleading HA docs
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-02-10 10:28:27 +01:00
Matthew Mosesohn 2f88c9eefe Merge pull request #989 from holser/kubelet_remedy
Kubernetes Reliability Improvements
2017-02-10 09:29:29 +03:00
Sergii Golovatiuk c07d60bc90 Kubernetes Reliability Improvements
- Exclude kubelet CPU/RAM (kube-reserved) from cgroup. It decreases a
  chance of overcommitment
- Add a possibility to modify Kubelet node-status-update-frequency
- Add a posibility to configure node-monitor-grace-period,
  node-monitor-period, pod-eviction-timeout for Kubernetes controller
  manager
- Add Kubernetes Relaibility Documentation with recomendations for
  various scenarios.

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-09 23:54:08 +01:00
Greg Althaus fcd78eb1f7 Due to the nsenter and other reworks, it appears that
kubelet lost the ability to load kernel modules.  This
puts that back by adding the lib/modules mount to kubelet.

The new variable kubelet_load_modules can be set to true
to enable this item.  It is OFF by default.
2017-02-09 10:02:26 -06:00
Josh Conant 245e05ce61 Vault security hardening and role isolation 2017-02-08 21:41:36 +00:00
Aleksandr Didenko 54af533b31 Update playbooks to support new netchecker
Netchecker is rewritten in Go lang with some new args instead of
env variables. Also netchecker-server no longer requires kubectl
container. Updating playbooks accordingly.
2017-02-07 15:20:34 +01:00
Matthew Mosesohn fd30131dc2 Revert "Drop linux capabilities and rework users/groups" 2017-02-06 15:58:54 +03:00
Bogdan Dobrelya b7bf502e02 Merge pull request #978 from rutsky/patch-1
remove extra `~`
2017-02-06 12:07:54 +01:00
Bogdan Dobrelya cae2982d81 Merge pull request #911 from bogdando/DROP_CAPS
Drop linux capabilities and rework users/groups
2017-02-06 12:05:51 +01:00
Vladimir Rutsky b638c89556 remove extra `~` 2017-02-06 15:05:24 +04:00
Antoine Legrand d818ac1d59 Update roadmap.md 2017-02-04 23:23:24 +01:00
Bogdan Dobrelya cd25bfca91 Merge pull request #884 from mattymo/inventory_builder_scale
Add scale thresholds to split etcd and k8s-masters
2017-01-20 09:34:45 +01:00
Bogdan Dobrelya cb2e5ac776 Drop linux capabilities and rework users/groups
* Drop linux capabilities for unprivileged containerized
  worlkoads Kargo configures for deployments.
* Configure required securityContext/user/group/groups for kube
  components' static manifests, etcd, calico-rr and k8s apps,
  like dnsmasq daemonset.
* Rework cloud-init (etcd) users creation for CoreOS.
* Fix nologin paths, adjust defaults for addusers role and ensure
  supplementary groups membership added for users.
* Add netplug user for network plugins (yet unused by privileged
  networking containers though).
* Grant the kube and netplug users read access for etcd certs via
  the etcd certs group.
* Grant group read access to kube certs via the kube cert group.
* Remove priveleged mode for calico-rr and run it under its uid/gid
  and supplementary etcd_cert group.
* Adjust docs.
* Align cpu/memory limits and dropped caps with added rkt support
  for control plane.

Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-01-20 08:50:42 +01:00
Matthew Mosesohn f742fc3dd1 Add scale thresholds to split etcd and k8s-masters
Also adds calico-rr group if there are standalone etcd nodes.
Now if there are 50 or more nodes, 3 etcd nodes will be standalone.
If there are 200 or more nodes, 2 kube-masters will be standalone.
If thresholds are exceeded, kube-node group cannot add nodes that
belong to etcd or kube-master groups (according to above statements).
2017-01-19 17:30:56 +03:00
Greg Althaus 0022a2b29e Add doc updates. 2017-01-17 13:15:48 -06:00
Bogdan Dobrelya caab0cdf27 Docs updates
Fix mismatching inventory examples.
Add command examples.
Clarify groups use cases.

Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-01-11 15:39:35 +01:00