Commits · 8167e5b6908b17f15acb5d68ae30c61cb373167f · Mirror / Kubespray

Dec 18, 2018

add vars for cilium init container (#3893) · 30a9149b

ihard authored Dec 18, 2018

* add vars for cilium init container

* make yamllint happy

* add var cilium_init in downloads

30a9149b

Dec 07, 2018

Streamline path to certs dir (#3836) · d5ce5874

Andreas Krüger authored Dec 07, 2018

* Streamline path to certs dir

* More fixes

* Set path to etcd certs in kubernetes defaults instead

d5ce5874

Nov 29, 2018

Add options for configuring control plane component extra volumes (#3779) · 487cfa5e

Chad Swenson authored Nov 29, 2018

This takes care of a few arbitrary use cases that may require custom mounts
inside of apiserver, controller manager, or scheduler.

487cfa5e

Nov 08, 2018
- kube_override_hostname must be in kubernetes/master role defaults (#3647) · 1e22c83f
  Erwan Miran authored Nov 07, 2018
  
  1e22c83f
Oct 17, 2018

Fix ansible syntax to avoid ansible deprecation warnings (#3512) · 7bec169d

Erwan Miran authored Oct 17, 2018

* failed

* version_compare

* succeeded

* skipped

* success

* version_compare becomes version since ansible 2.5

* ansible minimal version updated in doc and spec

* last version_compare

7bec169d

Sep 28, 2018

Better fix for openstack cinder zone issue using ignore-volume-az option (#2980) · 0536125f

sangwook authored Sep 28, 2018

* Better fix for openstack cinder zone issue[1][2]
using ignore-volume-az option[3].
[1]: https://github.com/kubernetes-incubator/kubespray/pull/2155
[2]: https://github.com/kubernetes-incubator/kubespray/pull/2346
[3]: https://github.com/kubernetes/kubernetes/pull/53523

* Remove kube-scheduler-policy.yaml

0536125f

Sep 24, 2018
- Sync manifests with kubeadm (#3383) · d6ebe8c3
  Andreas Krüger authored Sep 24, 2018
  
  d6ebe8c3
Sep 03, 2018
- Introducing credentials_dir in order to be able to override it · a644b7c2
  Erwan Miran authored Sep 03, 2018
  
  a644b7c2
Aug 22, 2018
- Fix install audit failed · 5a435265
  rongzhang authored Aug 21, 2018
```
1.fix audit log not write
2.fix Parameter not recognized
3.delete kubedm futuregates auditing and use apiServerExtraArgs
```
  5a435265
- psp, roles and rbs for PodSecurityPolicy when podsecuritypolicy_enabled is true · 80cfeea9
  Erwan Miran authored Aug 22, 2018
  
  80cfeea9
Aug 20, 2018
- Ability to define custom audit polcy rules · fc38b6d0
  Erwan Miran authored Aug 20, 2018
  
  fc38b6d0
- Define apiserver flags directly instead of relying on auditPolicy section in... · c34900e5
  Erwan Miran authored Aug 20, 2018
```
Define apiserver flags directly instead of relying on auditPolicy section in order to have the ability to redirect audit log to stdout with kubeadm
```
  c34900e5
Aug 16, 2018
- minor variable fix and reuse + handle auditlog redirected to stdout · 58d4d65f
  Erwan Miran authored Aug 16, 2018
  
  58d4d65f
- Support audit · 2ffc1afe
  rongzhang authored Aug 15, 2018
  
  2ffc1afe
Aug 07, 2018
- Only add admission plugins if defined · 4eadf322
  Robert Everson authored Aug 06, 2018
  
  4eadf322
- Use k8s default plugin list · 99c5aa5a
  Robert Everson authored Aug 06, 2018
  
  99c5aa5a
- Separate out plugins into 2 variables · 6ed65d76
  Robert Everson authored Aug 03, 2018
  
  6ed65d76
May 11, 2018

refactor vault role (#2733) · 07cc9819

Matthew Mosesohn authored May 11, 2018

* Move front-proxy-client certs back to kube mount

We want the same CA for all k8s certs

* Refactor vault to use a third party module

The module adds idempotency and reduces some of the repetitive
logic in the vault role

Requires ansible-modules-hashivault on ansible node and hvac
on the vault hosts themselves

Add upgrade test scenario
Remove bootstrap-os tags from tasks

* fix upgrade issues

* improve unseal logic

* specify ca and fix etcd check

* Fix initialization check

bump machine size

07cc9819

Apr 23, 2018
- Add oidc-user-prefix and oidc-group-prefix args · f81e6d2c
  Suzuka Asagiri authored Apr 23, 2018
  
  f81e6d2c
Apr 10, 2018

Updating order · 88765f62

Marcelo Grebois authored Apr 10, 2018

https://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use

88765f62

Apr 09, 2018
- Enabling MutatingAdmissionWebhook for Istio Automatic sidecar injection · 4c12b273
  Marcelo Grebois authored Apr 09, 2018
```
https://istio.io/docs/setup/kubernetes/sidecar-injection.html#automatic-sidecar-injection
```
  4c12b273
Mar 31, 2018
- Integrate jetstack/cert-manager 0.2.3 to Kubespray · 195d6d79
  Wong Hoi Sing Edison authored Mar 28, 2018
  
  195d6d79
Mar 21, 2018

Addition of the .creds extension to the credentials files generated by... · ee8f6780

mirwan authored Mar 21, 2018

Addition of the .creds extension to the credentials files generated by password lookup in order for Ansible not to consider them as inventory files with inventory_ignore_extensions set accordingly (#2446)

ee8f6780

Mar 15, 2018

Added option for encrypting secrets to etcd v.2 (#2428) · 3d6fd491

Andreas Krüger authored Mar 15, 2018

* Added option for encrypting secrets to etcd

* Fix keylength to 32

* Forgot the default

* Rename secrets.yaml to secrets_encryption.yaml

* Fix static path for secrets file to use ansible variable

* Rename secrets.yaml.j2 to secrets_encryption.yaml.j2

* Base64 encode the token

* Fixed merge error

* Changed path to credentials dir

* Update path to secrets file which is now readable inside the apiserver container. Set better file permissions

* Add encryption option to k8s-cluster.yml

3d6fd491

Mar 05, 2018

Explicitly defines the --kubelet-preferred-address-types parameter · 89847d56

Ayaz Ahmed Khan authored Jul 12, 2017

to the API server configuration.

This solves the problem where if you have non-resolvable node names,
and try to scale the server by adding new nodes, kubectl commands
start to fail for newly added nodes, giving a TCP timeout error when
trying to resolve the node hostname against a public DNS.

89847d56

Feb 12, 2018
- Added apiserver extra args variable for kubeadm config (#2291) · 03c61685
  Maxim Krasilnikov authored Feb 12, 2018
  
  03c61685
Feb 09, 2018
- Refactored kubeadm join process and fixed uncrodonng for master nodes · 4e61fb9c
  mlushpenko authored Feb 06, 2018
  
  4e61fb9c
Feb 05, 2018
- Added optional controller and scheduler extra args to kubeadm config (#2205) · 95b8ac5f
  Maxim Krasilnikov authored Feb 05, 2018
  
  95b8ac5f
Jan 23, 2018

Renamed variable from disable_volume_zone_conflict to... · a4d14236

Virgil Chereches authored Jan 23, 2018

Renamed variable from disable_volume_zone_conflict to volume_cross_zone_attachment and removed cloud provider condition; fix identation

a4d14236

Jan 18, 2018
- Added disable_volume_zone_conflict variable · 3125f93b
  Virgil Chereches authored Jan 18, 2018
  
  3125f93b
Dec 20, 2017
- Fix param names in preparation for Kubernetes v1.9.0 (#2098) · 6bb46e3e
  Matthew Mosesohn authored Dec 20, 2017
```
This does not update v1.9.0, but fixes two incompatibilities
when trying to deploy v1.9.0.
```
  6bb46e3e
Nov 29, 2017

Allow setting --bind-address for apiserver hyperkube (#1985) · d39a88d6

Steven Hardy authored Nov 29, 2017

* Allow setting --bind-address for apiserver hyperkube

This is required if you wish to configure a loadbalancer (e.g haproxy)
running on the master nodes without choosing a different port for the
vip from that used by the API - in this case you need the API to bind to
a specific interface, then haproxy can bind the same port on the VIP:

root@overcloud-controller-0 ~]# netstat -taupen | grep 6443
tcp        0      0 192.168.24.6:6443       0.0.0.0:*               LISTEN      0          680613     134504/haproxy
tcp        0      0 192.168.24.16:6443      0.0.0.0:*               LISTEN      0          653329     131423/hyperkube
tcp        0      0 192.168.24.16:6443      192.168.24.16:58404     ESTABLISHED 0          652991     131423/hyperkube
tcp        0      0 192.168.24.16:58404     192.168.24.16:6443      ESTABLISHED 0          652986     131423/hyperkube

This can be achieved e.g via:

kube_apiserver_bind_address: 192.168.24.16

* Address code review feedback

* Update kube-apiserver.manifest.j2

d39a88d6

Oct 24, 2017
- Fix ordering of kube-apiserver admission control plug-ins (#1841) · 5dc56df6
  Chiang Fong Lee authored Oct 25, 2017
  
  5dc56df6
Oct 15, 2017

Security best practice fixes (#1783) · d487b2f9

Matthew Mosesohn authored Oct 15, 2017

* Disable basic and token auth by default

* Add recommended security params

* allow basic auth to fail in tests

* Enable TLS authentication for kubelet

d487b2f9

Oct 13, 2017
- Add new addon Istio (#1744) · ef47a733
  Matthew Mosesohn authored Oct 13, 2017
```
* add istio addon

* add addons to a ci job
```
  ef47a733
Sep 13, 2017

kubeadm support (#1631) · 67447260

Matthew Mosesohn authored Sep 13, 2017

* kubeadm support

* move k8s master to a subtask
* disable k8s secrets when using kubeadm
* fix etcd cert serial var
* move simple auth users to master role
* make a kubeadm-specific env file for kubelet
* add non-ha CI job

* change ci boolean vars to json format

* fixup

* Update create-gce.yml

* Update create-gce.yml

* Update create-gce.yml

67447260

Aug 24, 2017

Adding yamllinter to ci steps (#1556) · 8b151d12

Brad Beam authored Aug 24, 2017

* Adding yaml linter to ci check

* Minor linting fixes from yamllint

* Changing CI to install python pkgs from requirements.txt

- adding in a secondary requirements.txt for tests
- moving yamllint to tests requirements

8b151d12

Jul 17, 2017
- basic rbac support · 092bf07c
  jwfang authored Jun 27, 2017
  
  092bf07c
Apr 17, 2017
- allow admission control plug-ins to be easily customized · 49be8050
  gbolo authored Apr 16, 2017
  
  49be8050
Apr 15, 2017
- add ability for custom flags · 94596388
  Spencer Smith authored Apr 14, 2017
  
  94596388