- Mar 21, 2018
-
-
Erwan Miran authored
Labels from role (node-role.k8s.io/node) and labels from inventory are merged into node-labels parameter in kubelet
-
mirwan authored
Addition of the .creds extension to the credentials files generated by password lookup in order for Ansible not to consider them as inventory files with inventory_ignore_extensions set accordingly (#2446)
-
- Mar 16, 2018
-
-
woopstar authored
Added CoreDNS to downloads Updated with labels. Should now work without RBAC too Fix DNS settings on hosts Rename CoreDNS service from kube-dns to coredns Add rotate based on http://edgeofsanity.net/rant/2017/12/20/systemd-resolved-is-broken.html Updated docs with CoreDNS info Added labels and fixed minor settings from official yaml file: https://github.com/kubernetes/kubernetes/blob/release-1.9/cluster/addons/dns/coredns.yaml.sed Added a secondary deployment and secondary service ip. This is to mitigate dns timeouts and create high resitency for failures. See discussion at 'https://github.com/coreos/coreos-kubernetes/issues/641#issuecomment-281174806' Set dns list correct. Thanks to @whereismyjetpack Only download KubeDNS or CoreDNS if selected Move dns cleanup to its own file and import tasks based on dns mode Fix install of KubeDNS when dnsmask_kubedns mode is selected Add new dns option coredns_dual for dual stack deployment. Added variable to configure replicas deployed. Updated docs for dual stack deployment. Removed rotate option in resolv.conf. Run DNS manifests for CoreDNS and KubeDNS Set skydns servers on dual stack deployment Use only one template for CoreDNS dual deployment Set correct cluster ip for the dns server
-
- Mar 13, 2018
-
-
rong.zhang authored
-
- Mar 08, 2018
-
-
Wong Hoi Sing Edison authored
-
- Mar 07, 2018
-
-
RongZhang authored
Support Centos/Fedora atomic host
-
zhengchuan hu authored
set the ``etcd_events_cluster_setup: true`` store events in a separate dedicated etcd instance.
-
- Feb 21, 2018
-
-
Wong Hoi Sing Edison authored
-
- Feb 16, 2018
-
-
David Miller authored
-
- Feb 14, 2018
-
-
Eduardo Baitello authored
"kubernetes" is spelled wrong in the cluster tag example
-
- Feb 13, 2018
-
-
Merouane Atig authored
-
- Feb 08, 2018
-
-
Wong Hoi Sing Edison authored
-
- Feb 05, 2018
-
-
Spencer Smith authored
-
- Jan 31, 2018
-
-
Julian Hübenthal authored
-
Julian Hübenthal authored
-
Julian Hübenthal authored
-
- Jan 26, 2018
-
-
Miouge1 authored
-
- Jan 23, 2018
-
-
Matthew Mosesohn authored
-
- Jan 09, 2018
-
-
Bogdan Dobrelya authored
* Fix HA docs API access endpoints explained Follow-up commit 81347298a3ef7932cbeb55e877644ca22d1625f1 and fix the endpoint value provided in HA docs. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru> * Clarify internal LB with external LB use case * Clarify how to use both internal and external, non-cluster aware and not managed with Kubespray, LB solutions. * Clarify the requirements, like TLS/SSL termination, for such an external LB. Unlike to the 'cluster-aware' external LB config, endpoints' security must be managed by that non-cluster aware external LB. * Note that masters always contact their local apiservers via https://bip:sp. It's highly unlikely to go down and it reduces latency that might be introduced when going host->lb->host. Only computes go that path. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru> * Add a note for supplementary_addresses_in_ssl_keys Explain how to benefit from supplementary_addresses_in_ssl_keys Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
-
- Jan 04, 2018
-
-
Aaron Crickenberger authored
-
- Jan 03, 2018
-
-
Bogdan Dobrelya authored
Auto configure API access endpoint with a custom bind IP, if provided. Fix HA docs' http URLs are https in fact, clarify the insecure vs secure API access modes as well. Closes: #issues/2051 Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
-
- Nov 29, 2017
-
-
Steven Hardy authored
* Allow setting --bind-address for apiserver hyperkube This is required if you wish to configure a loadbalancer (e.g haproxy) running on the master nodes without choosing a different port for the vip from that used by the API - in this case you need the API to bind to a specific interface, then haproxy can bind the same port on the VIP: root@overcloud-controller-0 ~]# netstat -taupen | grep 6443 tcp 0 0 192.168.24.6:6443 0.0.0.0:* LISTEN 0 680613 134504/haproxy tcp 0 0 192.168.24.16:6443 0.0.0.0:* LISTEN 0 653329 131423/hyperkube tcp 0 0 192.168.24.16:6443 192.168.24.16:58404 ESTABLISHED 0 652991 131423/hyperkube tcp 0 0 192.168.24.16:58404 192.168.24.16:6443 ESTABLISHED 0 652986 131423/hyperkube This can be achieved e.g via: kube_apiserver_bind_address: 192.168.24.16 * Address code review feedback * Update kube-apiserver.manifest.j2
-
unclejack authored
* Add Contiv support Contiv is a network plugin for Kubernetes and Docker. It supports vlan/vxlan/BGP/Cisco ACI technologies. It support firewall policies, multiple networks and bridging pods onto physical networks. * Update contiv version to 1.1.4 Update contiv version to 1.1.4 and added SVC_SUBNET in contiv-config. * Load openvswitch module to workaround on CentOS7.4 * Set contiv cni version to 0.1.0 Correct contiv CNI version to 0.1.0. * Use kube_apiserver_endpoint for K8S_API_SERVER Use kube_apiserver_endpoint as K8S_API_SERVER to make contiv talks to a available endpoint no matter if there's a loadbalancer or not. * Make contiv use its own etcd Before this commit, contiv is using a etcd proxy mode to k8s etcd, this work fine when the etcd hosts are co-located with contiv etcd proxy, however the k8s peering certs are only in etcd group, as a result the etcd-proxy is not able to peering with the k8s etcd on etcd group, plus the netplugin is always trying to find the etcd endpoint on localhost, this will cause problem for all netplugins not runnign on etcd group nodes. This commit make contiv uses its own etcd, separate from k8s one. on kube-master nodes (where net-master runs), it will run as leader mode and on all rest nodes it will run as proxy mode. * Use cp instead of rsync to copy cni binaries Since rsync has been removed from hyperkube, this commit changes it to use cp instead. * Make contiv-etcd able to run on master nodes * Add rbac_enabled flag for contiv pods * Add contiv into CNI network plugin lists * migrate contiv test to tests/files Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> * Add required rules for contiv netplugin * Better handling json return of fwdMode * Make contiv etcd port configurable * Use default var instead of templating * roles/download/defaults/main.yml: use contiv 1.1.7 Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
-
- Nov 23, 2017
-
-
Bogdan Dobrelya authored
* Defaults for apiserver_loadbalancer_domain_name When loadbalancer_apiserver is defined, use the apiserver_loadbalancer_domain_name with a given default value. Fix unconsistencies for checking if apiserver_loadbalancer_domain_name is defined AND using it with a default value provided at once. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru> * Define defaults for LB modes in common defaults Adjust the defaults for apiserver_loadbalancer_domain_name and loadbalancer_apiserver_localhost to come from a single source, which is kubespray-defaults. Removes some confusion and simplefies the code. Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
-
- Nov 15, 2017
-
-
Chad Swenson authored
This version required changing the previous access model for dashboard completely but it's a change for the better. Docs were updated. * New login/auth options that use apiserver auth proxying by default * Requires RBAC in `authorization_modes` * Only serves over https * No longer available at https://first_master:6443/ui until apiserver is updated with the https proxy URL: * Can access from https://first_master:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login you will be prompted for credentials * Or you can run 'kubectl proxy' from your local machine to access dashboard in your browser from: http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ * It is recommended to access dashboard from behind a gateway that enforces an authentication token, details and other access options here: https://github.com/kubernetes/dashboard/wiki/Accessing-Dashboard---1.7.X-and-above
-
- Nov 10, 2017
-
-
abelgana authored
-
- Nov 06, 2017
-
-
Amit Kumar Jaiswal authored
-
- Nov 03, 2017
-
-
Günther Grill authored
* Change deprecated vagrant ansible flag 'sudo' to 'become' * Emphasize, that the name of the pip_pyton_modules is only considered in coreos * Remove useless unused variable * Fix warning when jinja2 template-delimiters used in when statement There is no need for jinja2 template-delimiters like {{ }} or {% %} any more. They can just be omitted as described in https://github.com/ansible/ansible/issues/22397 * Fix broken link in getting-started guide
-
- Nov 02, 2017
-
-
Fernando Ripoll authored
Typo in apt-get command
-
- Nov 01, 2017
-
-
Matthew Mosesohn authored
-
- Oct 30, 2017
-
-
Fernando Ripoll authored
Typo in the apt-get command
-
- Oct 16, 2017
-
-
Matthew Mosesohn authored
-
neith00 authored
* Revert "Debian jessie docs (#1806)" This reverts commit d78577c8. * Revert "[contrib/network-storage/glusterfs] adds service for glusterfs endpoint (#1800)" This reverts commit 5fb6b2ea. * Revert "[contrib/network-storage/glusterfs] bootstrap for glusterfs nodes (#1799)" This reverts commit 404caa11. * Revert "Fixed kubelet standard log environment (#1780)" This reverts commit b8384685. * Revert "Add support for fedora atomic host (#1779)" This reverts commit f2235be1. * Revert "Update network-plugins to use portmap plugin (#1763)" This reverts commit 6ec45b10. * Revert "Update roadmap (#1795)" This reverts commit d9879d80.
-
Marc Zahn authored
* Add Debian Jessie notes * Add installation notes for Debian Jessie
-
Matthew Mosesohn authored
-
- Oct 15, 2017
-
-
Matthew Mosesohn authored
* Disable basic and token auth by default * Add recommended security params * allow basic auth to fail in tests * Enable TLS authentication for kubelet
-
- Oct 14, 2017
-
-
Matthew Mosesohn authored
In 1.8, the Node authorization mode should be listed first to allow kubelet to access secrets. This seems to only impact environments with cloudprovider enabled.
-
- Oct 11, 2017
-
-
Vijay Katam authored
* Rename dns_server to dnsmasq_dns_server so that it includes role prefix as the var name is generic and conflicts when integrating with existing ansible automation. * Enable selinux state to be configurable with new var preinstall_selinux_state
-
Matthew Mosesohn authored
* Set no_proxy to all local ips * Use proxy settings on all necessary tasks
-
- Oct 05, 2017
-
-
Matthew Mosesohn authored
* Upgrade to kubernetes v1.8.0 hyperkube no longer contains rsync, so now use cp * Enable node authorization mode * change kube-proxy cert group name
-