Commits · df476b0088f5e3ba4126231268eb9ff59962ede7 · Mirror / Kubespray

Feb 27, 2017
- Initial support for vsphere as cloud provider · df476b00
  Jan Jungnickel authored Nov 07, 2016
  
  df476b00
Feb 24, 2017
- Uncomment one key/value in all.yml · a098a32f
  Sergii Golovatiuk authored Feb 24, 2017
  
  all.yaml shouldn't be empty otherwise ansible won't be able to merge 2 dicts. Related bug: ansible/issues/21889
  a098a32f
- Uncommented group_vars variables · eb904668
  Antoine Legrand authored Feb 24, 2017
  
  eb904668
Feb 23, 2017

Comment all variables in group_vars · c7d61af3
Antoine Legrand authored Feb 23, 2017

c7d61af3
Add default var role · 5f760741
Antoine Legrand authored Feb 23, 2017

5f760741

Rework inventory all by real groups' vars · 712872ef

Bogdan Dobrelya authored Dec 27, 2016



* Leave all.yml to keep only optional vars
* Store groups' specific vars by existing group names
* Fix optional vars casted as mandatory (add default())
* Fix missing defaults for an optional IP var
* Relink group_vars for terraform to reflect changes

Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>

712872ef

Feb 21, 2017

Statically disable iptables management for docker · ebf9daf7

Sergii Golovatiuk authored Feb 18, 2017

Docker 1.13 changes the behaviour of iptables defaults from allow
to drop. This patch disables docker's iptables management as it was
in Docker 1.12 [1]

[1] https://github.com/docker/docker/pull/28257



Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>

ebf9daf7

Feb 20, 2017
- Update Kubernetes to v1.5.3 · 10173525
  Matthew Mosesohn authored Feb 20, 2017
  
  10173525
Feb 15, 2017
- Change default network plugin to Calico · 2d65554c
  Matthew Mosesohn authored Feb 15, 2017
  
  2d65554c
Feb 14, 2017
- Fix typo · d0757ccc
  Hung Nguyen Viet authored Feb 14, 2017
  
  d0757ccc
Feb 10, 2017
- Add kernel upgrade for CentOS · d2e010cb
  Alexander Block authored Jan 10, 2017
  
  d2e010cb
Feb 09, 2017
- fix kube_apiserver_ip/kube_apiserver_port description · f0269b28
  Vladimir Rutsky authored Feb 09, 2017
  
  f0269b28
- Make kubelet_load_modules always present but false. · 3f0c13af
  Greg Althaus authored Feb 09, 2017
  
  Update code and docs for that assumption.
  3f0c13af
- Due to the nsenter and other reworks, it appears that · fcd78eb1
  Greg Althaus authored Feb 09, 2017
  
  kubelet lost the ability to load kernel modules. This puts that back by adding the lib/modules mount to kubelet. The new variable kubelet_load_modules can be set to true to enable this item. It is OFF by default.
  fcd78eb1
- Vault security hardening and role isolation · 245e05ce
  Josh Conant authored Feb 08, 2017
  
  245e05ce
- Adding the Vault role · f4ec2d18
  Josh Conant authored Jan 13, 2017
  
  f4ec2d18
Feb 06, 2017
- fix typo: "pubilcally" · 6a5df4d9
  Vladimir Rutsky authored Feb 06, 2017
  
  6a5df4d9
- fix typo: "explicetely" · d4160208
  Vladimir Rutsky authored Feb 06, 2017
  
  d4160208
- Revert "Drop linux capabilities and rework users/groups" · fd30131d
  Matthew Mosesohn authored Feb 06, 2017
  
  fd30131d
Feb 04, 2017
- Adding EFK logging stack · df3e11bd
  Brad Beam authored Jan 26, 2017
  
  df3e11bd
Jan 23, 2017

also use kube_api_pwd for root account · 6e35895b

David Kirstein authored Jan 23, 2017

This makes it a bit more secure. Also the password can now be changed with a (inventory) variable (no need to edit all.yml).

6e35895b

Jan 20, 2017

Drop linux capabilities and rework users/groups · cb2e5ac7

Bogdan Dobrelya authored Dec 28, 2016



* Drop linux capabilities for unprivileged containerized
  worlkoads Kargo configures for deployments.
* Configure required securityContext/user/group/groups for kube
  components' static manifests, etcd, calico-rr and k8s apps,
  like dnsmasq daemonset.
* Rework cloud-init (etcd) users creation for CoreOS.
* Fix nologin paths, adjust defaults for addusers role and ensure
  supplementary groups membership added for users.
* Add netplug user for network plugins (yet unused by privileged
  networking containers though).
* Grant the kube and netplug users read access for etcd certs via
  the etcd certs group.
* Grant group read access to kube certs via the kube cert group.
* Remove priveleged mode for calico-rr and run it under its uid/gid
  and supplementary etcd_cert group.
* Adjust docs.
* Align cpu/memory limits and dropped caps with added rkt support
  for control plane.

Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>

cb2e5ac7

Jan 15, 2017
- Add a variable that defaults to kube_apiserver_port that defines · 6905edbe
  Greg Althaus authored Jan 14, 2017
  
  the which port the local nginx proxy should listen on for HA local balancer configurations.
  6905edbe
Jan 11, 2017

Docs updates · caab0cdf

Bogdan Dobrelya authored Jan 11, 2017



Fix mismatching inventory examples.
Add command examples.
Clarify groups use cases.

Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>

caab0cdf

Jan 06, 2017
- Introduce dns_mode and resolvconf_mode and implement docker_dns mode · 1d2a18b3
  Alexander Block authored Dec 21, 2016
  
  Also update reset.yml to do more dns/network related cleanup.
  1d2a18b3
Jan 05, 2017
- Minor fix to rkt version in group vars · fb7899aa
  Bogdan Dobrelya authored Jan 05, 2017
  
  Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
  fb7899aa
Jan 03, 2017
- Allowing etcd to run via rkt · 8dc19374
  Brad Beam authored Dec 13, 2016
  
  8dc19374
- Adding initial rkt support · a8f2af05
  Brad Beam authored Dec 13, 2016
  
  a8f2af05
Jan 02, 2017
- Drop non systemd OS types support · 58062be2
  Bogdan Dobrelya authored Jan 02, 2017
  
  Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
  58062be2
Dec 28, 2016

Systemd units, limits, and bin path fixes · a56d9de5

Bogdan Dobrelya authored Dec 23, 2016



* Add restart for weave service unit
* Reuse docker_bin_dir everythere
* Limit systemd managed docker containers by CPU/RAM. Do not configure native
  systemd limits due to the lack of consensus in the kernel community
  requires out-of-tree kernel patches.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>

a56d9de5

Dec 16, 2016
- Bump kube_version to v1.5.1 · 9df2306e
  Matthew Mosesohn authored Dec 16, 2016
  
  9df2306e
Dec 14, 2016
- Fix kube_version to include 'v' again · b4c87c66
  Alexander Block authored Dec 13, 2016
  
  https://github.com/kubernetes-incubator/kargo/pull/736 missed this
  b4c87c66
Dec 13, 2016
- Add check for azure_route_table_name and add it to all.yml · dbd9aaf1
  Alexander Block authored Dec 09, 2016
  
  dbd9aaf1
- Add pseudo network plugin called "cloud" to use cloud provider for network · d20d5e64
  Alexander Block authored Dec 07, 2016
  
  Allow to let the cloud provider configure proper routing for nodes.
  d20d5e64
- Add documentation about bastion hosts · 3e007df9
  Alexander Block authored Dec 09, 2016
  
  3e007df9
- Add support for bastion hosts · 06584ee3
  Alexander Block authored Dec 09, 2016
  
  06584ee3
- Move kube_version to group_vars/all to allow easier changing of version · 665ce82d
  Alexander Block authored Dec 09, 2016
  
  Also allows to perform version dependent logic in Ansible roles.
  665ce82d
- Pass --anonymous-auth to apiserver · 444b1daf
  Alexander Block authored Dec 13, 2016
  
  Fixes #732
  444b1daf
- Address standalone kubelet config case · c75f3947
  Bogdan Dobrelya authored Dec 13, 2016
  
  Also place in global vars and do not repeat the kube_*_config_dir and kube_namespace vars for better code maintainability and UX. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>
  c75f3947
Dec 12, 2016
- Disable fastestmirror on CentOS · 4e34803b
  Alexander Block authored Dec 07, 2016
  
  It actually slows down things dramatically when used in combination with Ansible.
  4e34803b