Commits · 3fdb2ccf55d90646f8a595ed0c29339dadfdf962 · Mirror / Kubespray

Nov 29, 2017

Allow setting --bind-address for apiserver hyperkube (#1985) · d39a88d6

Steven Hardy authored Nov 29, 2017

* Allow setting --bind-address for apiserver hyperkube

This is required if you wish to configure a loadbalancer (e.g haproxy)
running on the master nodes without choosing a different port for the
vip from that used by the API - in this case you need the API to bind to
a specific interface, then haproxy can bind the same port on the VIP:

root@overcloud-controller-0 ~]# netstat -taupen | grep 6443
tcp        0      0 192.168.24.6:6443       0.0.0.0:*               LISTEN      0          680613     134504/haproxy
tcp        0      0 192.168.24.16:6443      0.0.0.0:*               LISTEN      0          653329     131423/hyperkube
tcp        0      0 192.168.24.16:6443      192.168.24.16:58404     ESTABLISHED 0          652991     131423/hyperkube
tcp        0      0 192.168.24.16:58404     192.168.24.16:6443      ESTABLISHED 0          652986     131423/hyperkube

This can be achieved e.g via:

kube_apiserver_bind_address: 192.168.24.16

* Address code review feedback

* Update kube-apiserver.manifest.j2

d39a88d6

Oct 15, 2017

Security best practice fixes (#1783) · d487b2f9

Matthew Mosesohn authored Oct 15, 2017

* Disable basic and token auth by default

* Add recommended security params

* allow basic auth to fail in tests

* Enable TLS authentication for kubelet

d487b2f9

Oct 05, 2017

Upgrade to kubernetes v1.8.0 (#1730) · f14f04c5

Matthew Mosesohn authored Oct 05, 2017

* Upgrade to kubernetes v1.8.0

hyperkube no longer contains rsync, so now use cp

* Enable node authorization mode

* change kube-proxy cert group name

f14f04c5

Oct 04, 2017

Move set_facts to kubespray-defaults defaults · a5673832

Matthew Mosesohn authored Oct 04, 2017

These facts can be generated in defaults with a performance
boost.

Also cleaned up duplicate etcd var names.

a5673832

Sep 26, 2017

Upgrade to kubeadm (#1667) · bd272e0b

Matthew Mosesohn authored Sep 26, 2017

* Enable upgrade to kubeadm

* fix kubedns upgrade

* try upgrade route

* use init/upgrade strategy for kubeadm and ignore kubedns svc

* Use bin_dir for kubeadm

* delete more secrets

* fix waiting for terminating pods

* Manually enforce kube-proxy for kubeadm deploy

* remove proxy. update to kubeadm 1.8.0rc1

bd272e0b

Sep 16, 2017
- Enable HA deploy of kubeadm (#1658) · 8e731337
  Matthew Mosesohn authored Sep 15, 2017
  
  * Enable HA deploy of kubeadm * raise delay to 60s for starting gce hosts
  8e731337
Sep 13, 2017

kubeadm support (#1631) · 67447260

Matthew Mosesohn authored Sep 13, 2017

* kubeadm support

* move k8s master to a subtask
* disable k8s secrets when using kubeadm
* fix etcd cert serial var
* move simple auth users to master role
* make a kubeadm-specific env file for kubelet
* add non-ha CI job

* change ci boolean vars to json format

* fixup

* Update create-gce.yml

* Update create-gce.yml

* Update create-gce.yml

67447260