Age | Commit message (Collapse) | Author | Files | Lines |
|
Issue-ID: MULTICLOUD-1323
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Iac2046b6df4f76efc7f7745567740fffb9b8e72a
|
|
The intention with this change is to disable CAP_NET_RAW (which can be
a security vulnerability) for created Pods.
kubespray provides the podsecuritypolicy_enabled variable for enabling
privileged (for kube-system) and restricted (for everyone else)
policies. Enabling this requires binding the KUD_ADDONs to the
privileged policy and specifying the security context correctly for
Pods running in the default namespace.
As of this change, the only difference between the privileged and
restricted security policies is the dropping of CAP_NET_RAW in the
restricted policy. To use the default restricted policy provided with
kubespray, additional changes must be made to the Pods that are run in
the default namespace (such as runing as a non-root user, not
requesting privileged mode, etc.).
Issue-ID: MULTICLOUD-1256
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I7d6add122ad4046f9116ef03a249f5c9da1d7eec
|
|
- Replace move of ansible.cfg from kubespray distribution to
/etc/ansible with ANSIBLE_CONFIG environment variable. Ansible
modifies ansible.cfg during installation, and the paths in it are
relative.
- kubespray 2.14.1 requires a kubernetes version > 1.16. Use the
default versions of kubernetes and helm provided by kubespray
2.14.1.
- kubespray 2.14.1 replaces helm 2 with helm 3. This removes support
for helm init and helm serve. It is no longer necessary to call
helm init, and the helm serve repository is replaced with file
relative URLs. This also triggered a subsequent update of the
kubernetes-helm ansible module to include the newer helm versions.
- Add "storageType: hostPath" to etcd/values.yaml. Helm deploy of
etcd will fail without this due to nil
PersistentVolume.metadata.labels.type.
- The mitogen module used by kubespray/ansible requires python2 on the
hosts. Use the linear strategy to bypass mitogen and install
python2 on the cluster hosts.
Issue-ID: MULTICLOUD-1230
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I9f50bb4e123fdcacab6b6a97e79cd09fb5c96634
|
|
Update kubespray to 2.12 to deploy Kubernetes 1.16
Issue-ID: MULTICLOUD-1063
Signed-off-by: Yao Le <le.yao@intel.com>
Change-Id: I537f6395e5d05d8b72411dd1e0789e19972f1947
|
|
Change docker version to fix kubespray issue
Signed-off-by: Ritu Sood <ritu.sood@intel.com>
Issue-ID: MULTICLOUD-1073
Change-Id: I79571677f81efbb12a963b7527d918eddaf8db1f
|
|
Seeing intermittent issues with DNS failing
on KUD. Disabling node local DNS for now as
a possible workaround. This can be enabled
once other issues a isolated.
Issue-ID: MULTICLOUD-861
Signed-off-by: Ritu Sood <ritu.sood@intel.com>
Change-Id: I502f1a41651cb9b7f284f6be36a752d302777703
|
|
Issue-ID: MULTICLOUD-454
Signed-off-by: Ritu Sood <ritu.sood@intel.com>
Change-Id: I779971c21aac6e27a7f8fcafc708c4a70438f823
|
|
Updating Kubespray version from 2.8.2 to 2.10.4 for KuD offline
support and integration with new add-ons in future.
Signed-off-by: Akhila Kishore <akhila.kishore@intel.com>
Issue-ID: MULTICLOUD-772
Change-Id: I4b7887aae359cd6197e696010acde6e204c41931
|
|
This reverts commit 5f760c3fb7d0e74833b1a2137e6ff3dadc71b2f5.
Issue-ID: MULTICLOUD-772
Change-Id: I6feffd87545195992fb28e98dcee4038d9b08474
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
Updating Kubespray version from 2.8.2 to 2.10.4 for KuD offline
support and integration with new add-ons in future.
Signed-off-by: Akhila Kishore <akhila.kishore@intel.com>
Issue-ID: MULTICLOUD-772
Change-Id: Ib1263e86adb9815e1ee56038507a3c092aad1feb
|
|
Removing kubectl (andrewrothstein.kubectl) dependency
that conflicts with kubectl installed by Kupespray.
Copy kubectl installed by Kubespray also to host
running Ansible.
That needs kubectl_localhost: true in Kubespray configuration
to make it copy binary to localhost.
Issue-ID: MULTICLOUD-667
Change-Id: I8c5f56488a9f559c4358cea5ad56fa23b26ec6aa
Signed-off-by: Samuli Silvius <s.silvius@partner.samsung.com>
|
|
The idea is to restructure the existing repo create a deployment
independent of Vagrant or other hosting providers.
Renamed KRD to KUbernetes Deploy(Kud) including the ansible scripts
Added new path to functional tests.
Moved samples pdfs to sites.
Minor changes to Readme.
Updated aio.sh, moved sample config
Corrected other nits. Updated and verified test cases.
Addressed comments and changes associated with it.
Updated Readme and minor change in Vagrantfile.
Validated test cases again. Moved aio.sh into vagrant folder.
Added new README for each hosting provider and project on the whole.
Updated the installer script with relative path.
Updated the name to deployment_infra, moved the cFW sripcts to tests.
Updated the gitignore file.
Issue-ID: MULTICLOUD-301
Change-Id: Ie48c26b12ab58b604493fba58a9c5b9f8ba10942
Signed-off-by: Akhila Kishore <akhila.kishore@intel.com>
|