Commit Graph

2325 Commits (ec54b36e05d9d2f22c238a0c5d8202e8be71cc85)
 

Author SHA1 Message Date
Matthew Mosesohn dc515e5ac5 Remove kernel-upgrade role (#1798)
This role only support Red Hat type distros and is not maintained
or used by many users. It should be removed because it creates
feature disparity between supported OSes and is not maintained.
2017-10-13 15:36:21 +01:00
Julian Poschmann 56763d4288 Persist br_netfilter module loading (#1760) 2017-10-13 10:50:29 +01:00
Maxim Krasilnikov ad9fa73301 Remove cert_managment var definition from k8s-cluster group vars (#1790) 2017-10-13 10:21:39 +01:00
Matthew Mosesohn 10dd049912 Revert "Security fixes for etcd (#1778)" (#1786)
This reverts commit 4209f1cbfd.
2017-10-12 14:02:51 +01:00
Matthew Mosesohn 4209f1cbfd Security fixes for etcd (#1778)
* Security fixes for etcd

* Use certs when querying etcd
2017-10-12 13:32:54 +01:00
Matthew Mosesohn ee83e874a8 Clear admin kubeconfig when rotating certs (#1772)
* Clear admin kubeconfig when rotating certs

* Update main.yml
2017-10-12 09:55:46 +01:00
Vijay Katam 27ed73e3e3 Rename dns_server, add var for selinux. (#1572)
* Rename dns_server to dnsmasq_dns_server so that it includes role prefix
as the var name is generic and conflicts when integrating with existing ansible automation.
*  Enable selinux state to be configurable with new var preinstall_selinux_state
2017-10-11 20:40:21 +01:00
Aivars Sterns e41c0532e3 add possibility to disable fail with swap (#1773) 2017-10-11 19:49:31 +01:00
Matthew Mosesohn eeb7274d65 Adjust memory reservation for master nodes (#1769) 2017-10-11 19:47:42 +01:00
Matthew Mosesohn eb0dcf6063 Improve proxy (#1771)
* Set no_proxy to all local ips

* Use proxy settings on all necessary tasks
2017-10-11 19:47:27 +01:00
Matthew Mosesohn 83be0735cd Fix setting etcd client cert serial (#1775) 2017-10-11 19:47:11 +01:00
Matthew Mosesohn fe4ba51d1a Set node IP correctly (#1770)
Fixes #1741
2017-10-11 15:28:42 +01:00
Hyunsun Moon adf575b75e Set default value for disable_shared_pid (#1710)
PID namespace sharing is disabled only in Kubernetes 1.7.
Explicitily enabling it by default could help reduce unexpected
results when upgrading to or downgrading from 1.7.
2017-10-11 14:55:51 +01:00
Spencer Smith e5426f74a8 Merge pull request #1762 from manics/bindir-helm
Include bin_dir when patching helm tiller with kubectl
2017-10-10 10:40:47 -04:00
Spencer Smith f5212d3b79 Merge pull request #1752 from pmontanari/patch-1
Force synchronize to use ssh_args so it works when using bastion
2017-10-10 10:40:01 -04:00
Spencer Smith 3d09c4be75 Merge pull request #1756 from kubernetes-incubator/fix_bool_assert
Fix bool check assert
2017-10-10 10:38:53 -04:00
Spencer Smith f2db15873d Merge pull request #1754 from ArchiFleKs/rkt-kubelet-fix
add hosts to rkt kubelet
2017-10-10 10:37:36 -04:00
ArchiFleKs 7c663de6c9 add /etc/hosts volume to rkt templates 2017-10-09 16:41:51 +02:00
Simon Li c14bbcdbf2 Include bin_dir when patching helm tiller with kubectl 2017-10-09 15:17:52 +01:00
ant31 1be4c1935a Fix bool check assert 2017-10-06 17:02:38 +00:00
pmontanari 764b1aa5f8 Force synchronize to use ssh_args so it works when using bastion
In case ssh.config is set to use bastion, synchronize needs to use it too.
2017-10-06 00:21:54 +02:00
Spencer Smith d13b07ba59 Merge pull request #1751 from bradbeam/calicoprometheus
Adding calico/node env vars for prometheus configuration
2017-10-05 17:29:12 -04:00
Spencer Smith 028afab908 Merge pull request #1750 from bradbeam/dnsmasq2
Followup fix for CVE-2017-14491
2017-10-05 17:28:28 -04:00
Brad Beam 55dfae2a52 Followup fix for CVE-2017-14491 2017-10-05 11:31:04 -05:00
Matthew Mosesohn 994324e19c Update gce CI (#1748)
Use image family for picking latest coreos image
Update python deps
2017-10-05 16:52:28 +01:00
Brad Beam b81c0d869c Adding calico/node env vars for prometheus configuration 2017-10-05 08:46:01 -05:00
Matthew Mosesohn f14f04c5ea Upgrade to kubernetes v1.8.0 (#1730)
* Upgrade to kubernetes v1.8.0

hyperkube no longer contains rsync, so now use cp

* Enable node authorization mode

* change kube-proxy cert group name
2017-10-05 10:51:21 +01:00
Aivars Sterns 9c86da1403 Normalize tags in all places to prepare for tag fixing in future (#1739) 2017-10-05 08:43:04 +01:00
Spencer Smith cb611b5ed0 Merge pull request #1742 from mattymo/facts_as_vars
Move set_facts to kubespray-defaults defaults
2017-10-04 15:46:39 -04:00
Spencer Smith 891269ef39 Merge pull request #1743 from rsmitty/kube-client
Don't delegate cert gathering before creating admin.conf
2017-10-04 15:38:21 -04:00
Spencer Smith ab171a1d6d don't delegate cert slurp 2017-10-04 13:06:51 -04:00
Matthew Mosesohn a56738324a Move set_facts to kubespray-defaults defaults
These facts can be generated in defaults with a performance
boost.

Also cleaned up duplicate etcd var names.
2017-10-04 14:02:47 +01:00
Maxim Krasilnikov da61b8e7c9 Added workaround for vagrant 1.9 and centos vm box (#1738) 2017-10-03 11:32:19 +01:00
Maxim Krasilnikov d6d58bc938 Fixed vagrant up with flannel network, removed old config values (#1737) 2017-10-03 11:16:13 +01:00
Matthew Mosesohn e42cb43ca5 add bootstrap for debian (#1726) 2017-10-03 08:30:45 +01:00
Brad Beam ca541c7e4a Ensuring vault service is stopped in reset tasks (#1736) 2017-10-03 08:30:28 +01:00
Brad Beam 96e14424f0 Adding kubedns update for CVE-2017-14491 (#1735) 2017-10-03 08:30:14 +01:00
Brad Beam 47830896e8 Merge pull request #1733 from chapsuk/vagrant_mem
Increase vagrant vm's memory size
2017-10-02 15:45:37 -05:00
mkrasilnikov 5fd4b4afae Increase vagrant vm's memory size 2017-10-02 23:16:39 +03:00
Matthew Mosesohn dae9f6d3c2 Test if tokens are expired from host instead of inside container (#1727)
* Test if tokens are expired from host instead of inside container

* Update main.yml
2017-10-02 13:14:50 +01:00
Julian Poschmann 8e1210f96e Fix cluster-network w/ prefix > 25 not possible with CNI (#1713) 2017-10-01 10:43:00 +01:00
Matthew Mosesohn 56aa683f28 Fix logic in idempotency tests in CI (#1722) 2017-10-01 10:42:33 +01:00
Brad Beam 1b9a6d7ad8 Merge pull request #1672 from manics/bastion-proxycommand-newline
Insert a newline in bastion ssh config after ProxyCommand conditional
2017-09-29 11:37:47 -05:00
Brad Beam f591c4db56 Merge pull request #1720 from shiftky/improve_integration_doc
Improve playbook example of integration document
2017-09-29 11:34:44 -05:00
Peter Slijkhuis 371fa51e82 Make installation of EPEL optional (#1721) 2017-09-29 13:44:29 +01:00
shiftky a927ed2da4 Improve playbook example of integration document 2017-09-29 18:00:01 +09:00
Matthew Mosesohn a55675acf8 Enable RBAC with kubeadm always (#1711) 2017-09-29 09:18:24 +01:00
Matthew Mosesohn 25dd3d476a Fix error for azure+calico assert (#1717)
Fixes #1716
2017-09-29 08:17:18 +01:00
Matthew Mosesohn 3ff5f40bdb fix graceful upgrade (#1704)
Fix system namespace creation
Only rotate tokens when necessary
2017-09-27 14:49:20 +01:00
Matthew Mosesohn 689ded0413 Enable kubeadm upgrades to any version (#1709) 2017-09-27 14:48:18 +01:00