Dalton Hubble
6f958d7577
Replace kube-dns with CoreDNS
...
* Add system:coredns ClusterRole and binding
* Annotate CoreDNS for Prometheus metrics scraping
* Remove kube-dns deployment, service, & service account
* https://github.com/poseidon/terraform-render-bootkube/pull/71
* https://kubernetes.io/blog/2018/06/27/kubernetes-1.11-release-announcement/
2018-07-01 22:55:01 -07:00
Dalton Hubble
8464b258d8
Update Kubernetes from v1.10.5 to v1.11.0
...
* Force apiserver to stop listening on 127.0.0.1:8080
* Remove deprecated Kubelet `--allow-privileged`. Defaults to
true. Use `PodSecurityPolicy` if limiting is desired
* https://github.com/kubernetes/kubernetes/releases/tag/v1.11.0
* https://github.com/poseidon/terraform-render-bootkube/pull/68
2018-06-27 22:47:35 -07:00
Dalton Hubble
f4d3059b00
Update Kubernetes from v1.10.4 to v1.10.5
...
* https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.10.md#v1105
2018-06-21 22:51:39 -07:00
Dalton Hubble
6c5a1964aa
Change kube-apiserver port from 443 to 6443
...
* Adjust firewall rules, security groups, cloud load balancers,
and generated kubeconfig's
* Facilitates some future simplifications and cost reductions
* Bare-Metal users who exposed kube-apiserver on a WAN via their
router or load balancer will need to adjust its configuration.
This is uncommon, most apiserver are on LAN and/or behind VPN
so no routing infrastructure is configured with the port number
2018-06-19 23:48:51 -07:00
Dalton Hubble
79260c48f6
Update Kubernetes from v1.10.3 to v1.10.4
2018-06-06 23:23:11 -07:00
Dalton Hubble
6e968cd152
Update Calico from v3.1.2 to v3.1.3
...
* https://github.com/projectcalico/calico/releases/tag/v3.1.3
* https://github.com/projectcalico/cni-plugin/releases/tag/v3.1.3
2018-05-30 21:32:12 -07:00
Dalton Hubble
4ea1fde9c5
Update Kubernetes from v1.10.2 to v1.10.3
...
* https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.10.md#v1103
* Update Calico from v3.1.1 to v3.1.2
2018-05-21 21:38:43 -07:00
Dalton Hubble
37981f9fb1
Allow bearer token authn/authz to the Kubelet
...
* Require Webhook authorization to the Kubelet
* Switch apiserver X509 client cert org to systems:masters
to grant the apiserver admin and satisfy the authorization
requirement. kubectl commands like logs or exec that have
the apiserver make requests of a kubelet continue to work
as before
* https://kubernetes.io/docs/admin/kubelet-authentication-authorization/
* https://github.com/poseidon/typhoon/issues/215
2018-05-13 23:20:42 -07:00
Dalton Hubble
e889430926
Update kube-dns from v1.14.9 to v1.14.10
...
* https://github.com/kubernetes/kubernetes/pull/62676
2018-04-28 00:43:09 -07:00
Dalton Hubble
32ddfa94e1
Update Kubernetes from v1.10.1 to v1.10.2
...
* https://github.com/kubernetes/kubernetes/releases/tag/v1.10.2
2018-04-28 00:27:00 -07:00
Dalton Hubble
a54f76db2a
Update Calico from v3.0.4 to v3.1.1
...
* https://github.com/projectcalico/calico/releases/tag/v3.1.1
* https://github.com/projectcalico/calico/releases/tag/v3.1.0
2018-04-21 18:30:36 -07:00
Dalton Hubble
77c0a4cf2e
Update Kubernetes from v1.10.0 to v1.10.1
...
* Use kubernetes-incubator/bootkube v0.12.0
2018-04-12 20:57:31 -07:00
Dalton Hubble
6b08bde479
Use k8s.gcr.io instead of gcr.io/google_containers
...
* Kubernetes recommends using the alias to fetch images
from the nearest GCR regional mirror, to abstract the use
of GCR, and to drop names containing 'google'
* https://groups.google.com/forum/#!msg/kubernetes-dev/ytjk_rNrTa0/3EFUHvovCAAJ
2018-04-08 12:57:52 -07:00
Dalton Hubble
18dbaf74ce
Update kube-dns from v1.14.8 to v1.14.9
...
* https://github.com/kubernetes/kubernetes/pull/61908
2018-04-04 21:00:23 -07:00
Dalton Hubble
1cc043d1eb
Update Kubernetes from v1.9.6 to v1.10.0
2018-03-30 22:14:07 -07:00
Dalton Hubble
38adb14bd2
Remove optional variable networking on Digital Ocean
...
* Calico isn't viable on Digital Ocean because their firewalls
do not support IP-IP protocol. Its not viable to run a cluster
without firewalls just to use Calico.
* Remove the caveat note. Don't allow users to shoot themselves
in the foot
2018-03-25 21:48:51 -07:00
Dalton Hubble
a04ef3919a
Update Kubernetes from v1.9.5 to v1.9.6
2018-03-21 20:29:52 -07:00
Dalton Hubble
758c09fa5c
Update Kubernetes from v1.9.4 to v1.9.5
2018-03-19 00:25:44 -07:00
Dalton Hubble
88aa9a46e5
Add /var/lib/calico volume mount to Calico DaemonSet
2018-03-18 16:40:38 -07:00
Dalton Hubble
931e311786
Update Kubernetes from v1.9.3 to v1.9.4
2018-03-12 18:07:50 -07:00
Dalton Hubble
a44cf0edbd
Update Calico from v3.0.2 to v3.0.3
...
* https://github.com/projectcalico/calico/releases/tag/v3.0.3
2018-02-26 12:48:19 -08:00
Dalton Hubble
c4914c326b
Update bootkube and terraform-render-bootkube to v0.11.0
2018-02-22 21:53:26 -08:00
Dalton Hubble
c19a68b59b
Update bootkube control-plane manifests
...
* Remove PersistentVolumeLabel admission controller flag
* Switch Deployments and DaemonSets to apps/v1
* Minor update to pod-checkpointer image version
2018-02-15 11:06:35 -08:00
Dalton Hubble
a41691b222
Update Kubernetes from v1.9.2 to v1.9.3
...
* Add flannel service account and limited RBAC cluster role
* Change DaemonSets to tolerate NoSchedule and NoExecute taints
* Remove deprecated apiserver --etcd-quorum-read flag
* Update Calico from v3.0.1 to v3.0.2
* Add Calico GlobalNetworkSet CRD
* https://github.com/poseidon/terraform-render-bootkube/pull/44
2018-02-10 13:37:07 -08:00
Dalton Hubble
2fa1840c30
Update flannel from v0.9.0 to v0.10.0
...
* https://github.com/coreos/flannel/releases/tag/v0.10.0
2018-01-28 23:09:21 -08:00
Dalton Hubble
8e0b8d7e40
Upgrade Calico from 2.6.6 to 3.0.1
2018-01-28 11:47:23 -08:00
Dalton Hubble
868265988b
Update bootkube and terraform-render-bootkube to v0.10.0
2018-01-19 23:10:45 -08:00
Dalton Hubble
6adffcb778
Update Kubernetes from v1.9.1 to v1.9.2
2018-01-19 08:40:09 -08:00
Dalton Hubble
d8db296932
Update kube-dns and use separate service account
...
* Update kube-dns from v1.14.7 to v1.14.8
* Use a separate kube-dns service account
* https://github.com/kubernetes/kubernetes/pull/57918
2018-01-12 10:29:30 -08:00
Dalton Hubble
51a5f64024
Enable portmap plugin alongside Calico to fix hostPort
...
* https://github.com/poseidon/terraform-render-bootkube/pull/36
2018-01-06 14:01:18 -08:00
Dalton Hubble
9329b775f6
Update Kubernetes from v1.8.6 to v1.9.1
2018-01-06 14:01:16 -08:00
Dalton Hubble
fbdd946601
Update Kubernetes from v1.8.5 to v1.8.6
2017-12-21 11:20:37 -08:00
Barak Michener
e79088baa0
Add optional cluster_domain_suffix variable
...
* Allow kube-dns to respond to DNS queries with a custom
suffix, instead of the default 'cluster.local'
* Useful when multiple clusters exist on the same local
network and wish to query services on one another
2017-12-15 01:45:52 -08:00
Dalton Hubble
495e33e213
Update bootkube and terraform-render-bootkube to v0.9.1
2017-12-15 01:45:02 -08:00
Dalton Hubble
165396d6aa
Update Kubernetes from v1.8.4 to v1.8.5
2017-12-09 21:28:31 -08:00
Dalton Hubble
5f5eec1175
Update bootkube and terraform-render-bootkube to v0.9.0
2017-12-01 22:27:48 -08:00
Dalton Hubble
56c6bf431a
Update terraform-render-bootkube for Kubernetes v1.8.4
...
* Update hyperkube from v1.8.3 to v1.8.4
* Remove flock from bootstrap-apiserver and kube-apiserver
* Remove unused critical-pod annotations in manifests
* Use service accounts for kube-proxy and pod-checkpointer
* Update Calico from v2.6.1 to v2.6.3
* Update flannel from v0.9.0 to v0.9.1
* Remove Calico termination grace period to prevent calico
from getting stuck for extended periods
* https://github.com/poseidon/terraform-render-bootkube/pull/29
2017-11-28 21:42:26 -08:00
Dalton Hubble
5f6b0728c5
Update bootkube and terraform-render-bootkube to v0.8.2
2017-11-10 20:01:37 -08:00
Dalton Hubble
d774c51297
Update Kubernetes from v1.8.2 to v1.8.3
2017-11-08 23:34:19 -08:00
Dalton Hubble
878f5a3647
Bump bootkube and terraform-render-bootkube to v0.8.1
...
* Use the v0.8.1 tagged terraform-render-bootkube module
* Use the v0.8.1 quay.io/coreos/bootkube image to bootstrap
2017-10-28 12:50:37 -07:00
Dalton Hubble
60bc8957c9
Update Kubernetes from v1.8.1 to v1.8.2
...
* Kubernetes v1.8.2 fixes a memory leak in the v1.8.1 apiserver
* Switch to using the `gcr.io/google_containers/hyperkube` for the
on-host kubelet and shutdown drains
* Update terraform-render-bootkube manifests generation
* Update flannel from v0.8.0 to v0.9.0
* Add `hairpinMode` to flannel CNI config
* Add `--no-negcache` to kube-dns dnsmasq
2017-10-24 21:44:26 -07:00
Dalton Hubble
e4c479554c
Update AWS, DO, BM Kubernetes from v1.7.7 to v1.8.1
...
* Update from bootkube v0.7.0 to v0.8.0
* Leave Google Cloud update to a followup commit
2017-10-19 21:10:04 -07:00
Dalton Hubble
308c7dfb6e
digital-ocean: Run etcd cluster on-host, across controllers
...
* Run etcd peers with TLS across controller nodes
* Deprecate self-hosted-etcd on the Digital Ocean platform
* Distribute etcd TLS certificates as part of initial provisioning
* Check the status of etcd by running `systemctl status etcd-member`
2017-10-09 22:43:23 -07:00
Dalton Hubble
1bc25c1036
Update Kubernetes from v1.7.5 to v1.7.7
...
* Update from bootkube v0.6.2 to v0.7.0
* Use renamed terraform-render-bootkube. Renamed from
bootkube-terraform to meet Terraform Module requirements
2017-10-03 21:03:15 -07:00
Dalton Hubble
2d5a4ae1ef
Update kube-dns image to address dnsmasq vulnerability
...
* https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
2017-10-02 10:27:10 -07:00
Dalton Hubble
dd883988bd
Update from Calico v2.5.1 to v2.6.1
...
* Network policy improvements
* Update cni sidecar image from v1.10.0 to v1.11.0
* Lower log level in Calico CNI config from debug to info
2017-09-30 16:16:40 -07:00
Dalton Hubble
74d8b9dabe
*: Update bootkube-terraform sha hash to corresponding named tag
...
* bootkube-terraform v0.6.2 dbfb11c6eafa08f839eac2834ca1aca35dafe965
2017-09-23 14:10:42 -07:00
Dalton Hubble
a441f5c6e0
Update Kubernetes from v1.7.3 to v1.7.5
2017-09-08 13:56:20 -07:00
Dalton Hubble
ec46bc13ae
Add support for Calico networking on GCE
...
* Calico on GCE with IP-in-IP encapsulation and MTU 1440
* Calico on DO with IP-in-IP encapsulation and MTU 1440
* Digital Ocean firewalls don't support IPIP protocol yet
2017-09-05 18:22:14 -07:00
Dalton Hubble
dc3ff174ea
Update Kubernetes from v1.7.1 to v1.7.3
2017-08-16 20:12:59 -07:00