Commit Graph

118 Commits (dcd9c9509bca2c2ad8ab6fb8b12d4fcb6ea242a6)

Author SHA1 Message Date
Jiang Yi Tao f518b90c6b associate fips for masters with no etcd (#4657) 2019-04-28 22:58:20 -07:00
Maxime Guyot 696d481e3b Fix dynamic inventory parsing in contrib/tf/packet (#4645) 2019-04-25 00:40:46 -07:00
Maxime Guyot 6af1f65d3c Fix python syntax in Terraform dynamic inventory (#4643) 2019-04-24 10:34:04 -07:00
Maxime Guyot 37d98e79ec Pin Terraform provider versions (#4620) 2019-04-23 22:22:01 -07:00
Matthew Mosesohn d89ecb8308 disable metrics server and fix terraform (#4617)
* disable metrics server in centos7-flannel-addons job

Change-Id: I1d87923547584896f64dda9ea8feb5581ad48cbe

* Fix tf facility->facilities syntax

Change-Id: I434bfe53f47e8e4a546890e0b62d24bde6e6d6a7

* Update Terraform CI for facilities

* Fix undefined variable error
2019-04-23 12:06:03 -07:00
Maxime Guyot 04f2682ac6 Drop unused dynamic inventory functions (#4138) 2019-04-21 01:59:45 -07:00
rptaylor 873b5608cf add master_allowed_remote_ips (with terraform fmt) (#4022) 2019-04-21 01:57:44 -07:00
Maxime Guyot 1cf76a10db Disable usage of default security group (#4533) 2019-04-17 02:10:03 -07:00
Andreas Holmsten 7f1d9ff543 [contrib/terraform/openstack] Add k8s_allowed_remote_ips variable (#4506)
* Add k8s_allowed_remote_ips variable

Useful for defining CIDRs allowed to initiate a SSH connection when
you don't want to use a bastion.

* Add TF_VAR_k8s_allowed_remote_ips variable to tf-apply-ovh
2019-04-15 07:22:08 -07:00
Maxime Guyot e865c50574 Fix terraform fmt on contrib/terraform/aws (#4484) 2019-04-10 04:32:14 -07:00
Maxime Guyot 80f31818df Add terraform validate for contrib/terraform/aws (#4438) 2019-04-10 02:14:14 -07:00
Karen Almog 20ebb49568 Don't create security groups for a bastion host on openstack, if doesn't exist (#4291) 2019-04-09 04:01:09 -07:00
Andreas Holmsten 01cf11b961 Run terraform fmt and add step to CI (#4405)
* Run terraform fmt

* Add terraform fmt to .terraform-validate CI step

* Add tf-validate-aws CI step

* Revert "Add tf-validate-aws CI step"

This reverts commit e007225fac.
2019-04-08 02:22:24 -07:00
Andreas Holmsten 3da392d1cf Add OWNERS to contrib/terraform (#4441) 2019-04-08 00:36:24 -07:00
Maxime Guyot e485fab7eb Add CI for contrib/terraform/ (#4133) 2019-04-04 01:42:52 -07:00
Matthew Mosesohn ec08303f82 Revert "Fix #4237: update kube cert path (#4354)" (#4369)
This reverts commit ea7a6f1cf1.

This change modified the certs dir for Kubernetes, but did not move the directories for existing clusters.
2019-03-20 05:56:57 -07:00
Dmitry Chepurovskiy ea7a6f1cf1 Fix #4237: update kube cert path (#4354) 2019-03-17 23:55:11 -07:00
Christian Berendt 44ee4b507c terraform: use openstackclient instead of novaclient (#4280)
The openstackclient is the preferred CLI for OpenStack
environments and should be used instead of novaclient.
2019-02-25 20:13:16 -08:00
Christian Berendt c386172be7 terraform: correct the spelling of Betacloud (#4282) 2019-02-25 19:38:32 -08:00
Ted Wexler b5a895d1ec Run 'terraform fmt' in contrib/terraform/openstack (#4242) 2019-02-17 21:04:41 -08:00
Robert Neumann 8b289ad9e1 Fix the file path for all.yml and k8s-cluster.yml (#4210) 2019-02-11 14:55:41 -08:00
Maxime Guyot 954676b3d8 Update the admin cert paths (#4135) 2019-02-11 14:10:10 -08:00
Petr Ruzicka 91e2d61cf2 Adding link to ../../contrib in README (#4097) 2019-01-31 14:44:06 -08:00
Maxime Guyot 40f1c51ec3 Add support for Packet with Terraform (#4043)
* Add support for Packet with Terraform

Co-Author: johnstudarus <john@jhlconsulting.com>

* removed advanced features to streamline

* clarifying usage

* Update README.md

provide a better test to validate things are working OK

* Update README.md

clarifying what to set

* minor wordsmithing

* Fix admin cert path

* clarifying how to configure keys

* enabling kubeconfig_localhost

pull over the configuration file via playbooks rather than the key files individually

* Create output.tf

* Add support for node specific plans
2019-01-31 07:24:36 -08:00
Andreas Holmsten 289be0a0db
Fix capitalisation 2018-11-05 12:47:23 +01:00
Aivars Sterns 3c5f20190f
Merge pull request #3629 from holmsten/terraform-ops-worker-allowed-ports
[contrib/terraform/openstack] Allow user defined port ranges for worker security group
2018-11-03 17:52:00 +02:00
Andreas Holmsten 6c34745958
Add worker_allowed_ports
* [contrib/terraform/openstack] Add worker_allowed_ports

  Allow user to define in terraform template which ports and remote
  IPs that are allowed to access worker nodes. This is useful when you
  don't want to open up whole NodePort range to the outside world, or
  ports outside NodePort range.
2018-11-01 17:48:37 +01:00
Ye Ben d8b357ce49
fix typo doesnt -> doesn't
fix typos in line 114 and 116: doesnt -> doesn't
2018-10-31 21:27:58 +08:00
Ted Wexler 58b4fea2b1 Add an 'access_ip' for openstack resources to the terraform inventory builder script (#3592)
* Add an 'access_ip' for openstack resources to the terraform inventory builder script

* Update Openstack README

* Only use ipv4

* If there's a floating IP assigned to an openstack instance, use that for access_ip
2018-10-29 19:28:23 +01:00
Maxime Guyot 38beab8fe8 Add support for router less deployments 2018-10-19 12:39:34 +02:00
Miouge1 6e34918b52 Add list of know working OpenStack clouds 2018-10-18 11:04:04 +02:00
Andreas Krüger b1974ab3cf
Merge pull request #3515 from SataQiu/fix-20181012
fix typo
2018-10-16 09:11:08 +02:00
Julien Senon fac8aaa44e Update template for bastion (#3523)
Update template to have bastion section
2018-10-15 09:42:22 +02:00
SataQiu 9ca583d984 fix typo 2018-10-12 15:53:30 +08:00
Giacomo Longo 3f786542d3 Automatically infer bootstrap_os (#3498)
* Automatically infer bootstrap_os

* Rename bootstrap os to os_family
2018-10-10 23:32:10 -07:00
SataQiu 6f4054679e Remove the redundant space (#3418) 2018-09-29 20:31:57 -07:00
Andreas Holmsten 0a9a42b544 Change from Nova security groups to Neutron (#2910)
* Replace `openstack_compute_secgroup_v2` with `openstack_networking_secgroup_v2`

The `openstack_networking_secgroup_v2` resource allow specifications of
both ingress and egress. Nova security groups define ingress rules only.

This change will also allow for more user-friendly specified security
rules, as the different security group resources have different HCL
syntax.
2018-09-28 11:35:02 +02:00
Aivars Sterns bacd8c70e1
Merge pull request #3149 from rguichard/fix-router-id-output
fix the output of router_id with the right id
2018-09-19 15:34:03 +03:00
唐超 ca6c5e2a6a
terraform.tfvars.example is not correct, remove. 2018-09-05 17:41:34 +08:00
rguichard 6650bc6b25 fix the output of router_id with the right id 2018-08-21 13:21:25 +02:00
Antoine Legrand b490231f59
Merge pull request #2025 from kubernetes-incubator/terraform-aws-inventory
contrib/terraform/aws: Make path to generated inventory configurable
2018-08-17 15:55:38 +02:00
Antoine Legrand a642931422
Merge pull request #3019 from holmsten/terraform-ops-worker-groups
[contrib/terraform/openstack] Add supplementary node groups
2018-08-16 16:06:53 +02:00
Magnus Holm fcfe12437c contrib/terraform/terraform.py: fix for Ansible 2.6.2+, issue #3067 2018-08-07 15:22:14 +02:00
Rong Zhang 16bd0d2b5d
Merge pull request #2900 from drekle/configure_openstack_subnet_CIDR
Configure openstack subnet cidr
2018-08-07 17:27:01 +08:00
Rong Zhang 411d07a4f6
Merge pull request #3047 from rguichard/openstack-az-support
availability zones support for OpenStack
2018-08-07 16:51:41 +08:00
Rong Zhang 9172150966
Merge pull request #3044 from jerryrelmore/patch-4
Clarify etcd deployment script failure mechanism
2018-08-01 22:57:14 +08:00
rguichard c19643cee2 availability zones support for OpenStack
allow masters, nodes and gluster nodes (within each group) to be scheduled
on differents AZ.
2018-08-01 16:42:58 +02:00
Jerry Elmore 1385091768
Clarify etcd deployment script failure mechanism
Attempting to clarify the language surrounding the etcd node deployment script failure mechanism. I had this error when doing a new cluster deployment last night and, though it should have been, it wasn't immediately apparent to me what was causing the issue (since my default master node hostnames do not specify whether they are also acting as etcd replicas).
2018-07-31 15:15:49 -04:00
rguichard 1a38a9df88 add security groups for traffic to 30000-32767/tcp
This will make NodePort services work out of the box
2018-07-27 14:57:29 +02:00
Rong Zhang 4d7426ec95 Fix terraform env Not effective (#2966)
Add TF_VAR_ to terraform env
2018-07-05 12:20:02 +03:00