Skip to content
  1. Jan 20, 2017
    • Bogdan Dobrelya's avatar
      Drop linux capabilities and rework users/groups · cb2e5ac7
      Bogdan Dobrelya authored 
      

* Drop linux capabilities for unprivileged containerized
  worlkoads Kargo configures for deployments.
* Configure required securityContext/user/group/groups for kube
  components' static manifests, etcd, calico-rr and k8s apps,
  like dnsmasq daemonset.
* Rework cloud-init (etcd) users creation for CoreOS.
* Fix nologin paths, adjust defaults for addusers role and ensure
  supplementary groups membership added for users.
* Add netplug user for network plugins (yet unused by privileged
  networking containers though).
* Grant the kube and netplug users read access for etcd certs via
  the etcd certs group.
* Grant group read access to kube certs via the kube cert group.
* Remove priveleged mode for calico-rr and run it under its uid/gid
  and supplementary etcd_cert group.
* Adjust docs.
* Align cpu/memory limits and dropped caps with added rkt support
  for control plane.

Signed-off-by: default avatarBogdan Dobrelya <bogdando@mail.ru>
      cb2e5ac7
  3. Jan 09, 2017
  5. Jan 03, 2017
  7. Dec 28, 2016
  9. Dec 13, 2016
  11. Dec 09, 2016
  13. Nov 28, 2016
    • Bogdan Dobrelya's avatar
      Add advanced net check for DNS K8s app · b7692fad
      Bogdan Dobrelya authored 
      

* Add an option to deploy K8s app to test e2e network connectivity
  and cluster DNS resolve via Kubedns for nethost/simple pods
  (defaults to false).
* Parametrize existing k8s apps templates with kube_namespace and
  kube_config_dir instead of hardcode.
* For CoreOS, ensure nameservers from inventory to be put in the
  first place to allow hostnet pods connectivity via short names
  or FQDN and hostnet agents to pass as well, if netchecker
  deployed.

Signed-off-by: default avatarBogdan Dobrelya <bdobrelia@mirantis.com>
      b7692fad
  15. Nov 25, 2016
    • Bogdan Dobrelya's avatar
      Tune dnsmasq/kubedns limits, replicas, logging · 2d18e192
      Bogdan Dobrelya authored 
      

* Add dns_replicas, dns_memory/cpu_limit/requests vars for
dns related apps.
* When kube_log_level=4, log dnsmasq queries as well.
* Add log level control for skydns (part of kubedns app).
* Add limits/requests vars for dnsmasq (part of kubedns app) and
  dnsmasq daemon set.
* Drop string defaults for kube_log_level as it is int and
  is defined in the global vars as well.
* Add docs

Signed-off-by: default avatarBogdan Dobrelya <bdobrelia@mirantis.com>
      2d18e192
  17. Nov 22, 2016
  19. Nov 10, 2016
    • Aleksandr Didenko's avatar
      Fix policy controller · 251800eb
      Aleksandr Didenko authored 
      'etcd_cert_dir' variable is missing from 'kubernetes-apps/ansible'
role which breaks Calico policy controller deployment.

Also fixing calico-policy-controller.yml.
      251800eb
  21. Oct 15, 2016