- Jun 17, 2022
-
-
Alessio Greggi authored
* feat: make kubernetes owner parametrized * docs: update hardening guide with configuration for CIS 1.1.19 * fix: set etcd data directory permissions to be compliant to CIS 1.1.12
-
- Jun 10, 2022
-
-
Kenichi Omichi authored
When running molecule jobs, we saw the folloing warning message: [DEPRECATION WARNING]: [defaults]callback_whitelist option, normalizing names to new standard, use callbacks_enabled instead. This feature will be removed from ansible-core in version 2.15. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. callbacks_enabled has been added since Ansible 2.11 and Kubespray is using Ansible 2.12 at master branch. So we can use callbacks_enabled safely to avoid the warning message.
-
- Dec 10, 2021
-
-
Cristian Calin authored
* containerd: change default resolvconf_mode to host_resolvconf * Wait for kube-apiserver to come back after pod refresh * Handle resolv.conf gracefully * Retain currently configured DNS entries to ensure we don't break the resolvers * Suse uses wickedd for network management so no dhcp hooks * Molecule: increase ansible timeout * CI: Increase ansible timeout to 120s for Packet jobs
-
- Oct 15, 2021
-
-
efrikin authored
* Add molecule tests for bastion-ssh-config * Add molecule tests for adduser * Update .gitignore
-
- Jun 16, 2020
-
-
Florian Ruynat authored
-
- Nov 11, 2019
-
-
YichenWong authored
-
- May 03, 2019
-
-
MarkusTeufelberger authored
-
- Aug 23, 2018
-
-
msimonin authored
A typo in the adduser role prevents the createhome variable to be taken into account. Fix #3164
-
- Feb 28, 2017
-
-
Sergii Golovatiuk authored
Closes: #1073 Signed-off-by:Sergii Golovatiuk <sgolovatiuk@mirantis.com>
-
- Feb 23, 2017
-
-
Bogdan Dobrelya authored
* Leave all.yml to keep only optional vars * Store groups' specific vars by existing group names * Fix optional vars casted as mandatory (add default()) * Fix missing defaults for an optional IP var * Relink group_vars for terraform to reflect changes Signed-off-by:Bogdan Dobrelya <bogdando@mail.ru>
-
- Feb 18, 2017
-
-
Andrew Greenwood authored
Migrate older inline= syntax to pure yml syntax for module args as to be consistant with most of the rest of the tasks Cleanup some spacing in various files Rename some files named yaml to yml for consistancy
-
- Feb 09, 2017
-
-
Josh Conant authored
-
Josh Conant authored
-
- Feb 06, 2017
-
-
Matthew Mosesohn authored
-
- Jan 20, 2017
-
-
Bogdan Dobrelya authored
* Drop linux capabilities for unprivileged containerized worlkoads Kargo configures for deployments. * Configure required securityContext/user/group/groups for kube components' static manifests, etcd, calico-rr and k8s apps, like dnsmasq daemonset. * Rework cloud-init (etcd) users creation for CoreOS. * Fix nologin paths, adjust defaults for addusers role and ensure supplementary groups membership added for users. * Add netplug user for network plugins (yet unused by privileged networking containers though). * Grant the kube and netplug users read access for etcd certs via the etcd certs group. * Grant group read access to kube certs via the kube cert group. * Remove priveleged mode for calico-rr and run it under its uid/gid and supplementary etcd_cert group. * Adjust docs. * Align cpu/memory limits and dropped caps with added rkt support for control plane. Signed-off-by:
-
- May 23, 2016
-
-
Paul Czarkowski authored
This should make things a little more composable, by making these roles meta roles that perform no actions by default we allow each role to own its own resources.
-
- Mar 30, 2016
-
-
teuto.net Netzdienste GmbH authored
-
- Feb 21, 2016
-
-
Smana authored
Please enter the commit message for your changes. Lines starting
-
- Jan 24, 2016
-
-
Antoine Legrand authored
-
