Dalton Hubble
34ec7e9862
Relax pessimistic constraints on 1.0+ providers
...
* Constrains ~> 1.0 means users can use 1.0.1, 1.1, but not 2.0
* https://www.terraform.io/docs/configuration/terraform.html
2017-10-25 23:27:28 -07:00
Dalton Hubble
f6c6e85f84
Require minimum Terraform and plugin versions
...
* Bump minimum Terraform version to v0.10.4
* Allow minor version updates for 1.0+ plugins
* Fix versions for plugins which are pre-1.0
2017-10-25 23:00:31 -07:00
Dalton Hubble
8582e19077
Expand Nginx Ingress liveness and readiness probes
...
* Remove dnsPolicy: ClusterFirst
* https://github.com/kubernetes/ingress-nginx/pull/1584
2017-10-25 22:29:20 -07:00
Dalton Hubble
3727c40c6c
Update Nginx Ingress defaultbackend from 1.0 to 1.4
...
* https://github.com/kubernetes/ingress-nginx/pull/1568
2017-10-25 22:16:23 -07:00
Dalton Hubble
b608f9c615
addons: Use service endpoints to scrape node-exporter
2017-10-24 22:59:00 -07:00
Dalton Hubble
ec1dbb853c
addons: Include kube-state-metrics exporter manifests
2017-10-24 22:59:00 -07:00
Dalton Hubble
d046d45769
addons: Include Prometheus and node-exporter manifests
2017-10-24 22:58:59 -07:00
Dalton Hubble
a73f57fe4e
Update CLUO from v0.4.0 to v0.4.1
2017-10-24 22:14:03 -07:00
Dalton Hubble
60bc8957c9
Update Kubernetes from v1.8.1 to v1.8.2
...
* Kubernetes v1.8.2 fixes a memory leak in the v1.8.1 apiserver
* Switch to using the `gcr.io/google_containers/hyperkube` for the
on-host kubelet and shutdown drains
* Update terraform-render-bootkube manifests generation
* Update flannel from v0.8.0 to v0.9.0
* Add `hairpinMode` to flannel CNI config
* Add `--no-negcache` to kube-dns dnsmasq
2017-10-24 21:44:26 -07:00
Dalton Hubble
8b78c65483
Update Google Cloud Kubernetes from v1.7.7 to v1.8.1
2017-10-20 16:09:11 -07:00
Dalton Hubble
f86c00288f
Add missing update-agent RBAC role to get pods
...
* Drain now gets pods, deletes pods, and waits for deletion
2017-10-20 01:21:46 -07:00
Dalton Hubble
a57b3cf973
Update CLUO addon to v0.4.0 and RBAC ClusterRole
2017-10-20 00:40:17 -07:00
Dalton Hubble
10c5487ad7
Add docs corrections for versions and log output
2017-10-20 00:39:17 -07:00
Dalton Hubble
e4c479554c
Update AWS, DO, BM Kubernetes from v1.7.7 to v1.8.1
...
* Update from bootkube v0.7.0 to v0.8.0
* Leave Google Cloud update to a followup commit
2017-10-19 21:10:04 -07:00
Dalton Hubble
be113e77b4
Fix links and add Calico BGP peering notes
2017-10-17 19:10:18 -07:00
Dalton Hubble
911c53e4ae
Add Ubiquity EdgeRouter documentation
2017-10-17 18:51:40 -07:00
Dalton Hubble
bfa8dfc75d
Conditionally set networkd content on bare-metal
...
* Without this change, if a cluster doesn't set the controller
or worker networkd lists, an err "element() may not be used
with an empty list" occurs.
* controller_networkds and worker_networks are intended to be
optional and temporary, not required at all
2017-10-17 18:47:12 -07:00
Dalton Hubble
43dc44623f
Fix the terraform fmt of configs
2017-10-16 01:32:25 -07:00
Dalton Hubble
734bc1d32a
Add performance benchmark for flannel with bonded NICs
2017-10-16 01:12:13 -07:00
Dalton Hubble
41e632280f
Remove unused storage section ala PXE-only Matchbox templating
2017-10-16 00:42:20 -07:00
Dalton Hubble
fc22f04dd6
Add temporary variables for multi-nic testing
...
* Accept ordered lists of controller and worker networkd configs
* Do not rely on these variables. They will be replaced with a
cleaner mechanism at a future date
2017-10-16 00:39:58 -07:00
Dalton Hubble
377e14c80b
Fix ingress addon docs recursive apply command
2017-10-16 00:29:04 -07:00
Dalton Hubble
9ec8ec4afc
Secure copy etcd TLS credentials to controllers only
...
* Controllers receive etcd TLS credentials
* Controllers and workers receive a kubeconfig
2017-10-14 20:48:02 -07:00
Dalton Hubble
5c1ed37ff5
Add SSH key to user "debug" during disk-install phase
...
* Avoid adding SSH authorized key for user "core" during the disk
install, so that terraform apply cannot SSH until post-install
2017-10-14 20:37:42 -07:00
bzub
e765fb310d
Allow setting custom PXE boot kernel_args on bare-metal
2017-10-14 19:39:10 -07:00
Dalton Hubble
7b5ffd0085
Add Container Linux reboot-coordinator RBAC
...
* Add a reboot-coordinator namespace for CLUO components
* Define an RBAC ClusterRole for update-operator and update-agent
* Replace the older-style where CLUO ran in kube-system, with
admin privilege
2017-10-14 19:35:06 -07:00
Dalton Hubble
123439c2a4
Remove or compress docs image assets
2017-10-14 19:12:22 -07:00
Dalton Hubble
11453bac91
Update heapster addon from v1.4.0 to v1.4.3
...
* Use normal name and phase labels
2017-10-14 19:07:37 -07:00
Dalton Hubble
dd0c61d1d9
Update Nginx Ingress controller addon to 0.9.0-beta.15
2017-10-14 18:30:58 -07:00
Dalton Hubble
5c87529011
Demote Google Cloud from stable to beta
...
* See #34 postmortem and action items for context on
when stable status will be restored
2017-10-11 19:32:04 -07:00
Dalton Hubble
a97df839ea
google-cloud: Set disk.device_name to match API default
...
* Terraform provider "google" plugin releases leave the disk
device_name as "" by default. Recently the API has started to
set a default name "persistent-disk-0". Plan and apply show
all instance groups need to be recreated to "fix" the name
* Impact: Controller and worker instance groups are deleted
and recreated, deleting data on controllers and bringing
down clusters
* Fix: Explicitly set the disk_name to persistent-disk-0 so
that terraform finds no diff needs to be applied.
* https://github.com/poseidon/typhoon/issues/34
* https://github.com/terraform-providers/terraform-provider-google/issues/574
2017-10-11 18:04:39 -07:00
Dalton Hubble
a5290dac32
Update docs to show Digital Ocean with on-host etcd
2017-10-09 23:47:32 -07:00
Dalton Hubble
308c7dfb6e
digital-ocean: Run etcd cluster on-host, across controllers
...
* Run etcd peers with TLS across controller nodes
* Deprecate self-hosted-etcd on the Digital Ocean platform
* Distribute etcd TLS certificates as part of initial provisioning
* Check the status of etcd by running `systemctl status etcd-member`
2017-10-09 22:43:23 -07:00
Dalton Hubble
da63c89d71
Remove mention of ct plugin in bare-metal docs
2017-10-08 23:37:41 -07:00
Dalton Hubble
62d7ccfff3
Add docs on provision time and network performance
2017-10-04 00:05:43 -07:00
Dalton Hubble
1bc25c1036
Update Kubernetes from v1.7.5 to v1.7.7
...
* Update from bootkube v0.6.2 to v0.7.0
* Use renamed terraform-render-bootkube. Renamed from
bootkube-terraform to meet Terraform Module requirements
2017-10-03 21:03:15 -07:00
Dalton Hubble
2d5a4ae1ef
Update kube-dns image to address dnsmasq vulnerability
...
* https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
2017-10-02 10:27:10 -07:00
Dalton Hubble
1ab27ae1f1
Fix status of the google-cloud module to production
2017-10-01 21:41:08 -07:00
Dalton Hubble
def84aa5a0
docs: Add details about security features
2017-10-01 21:38:52 -07:00
Dalton Hubble
dd883988bd
Update from Calico v2.5.1 to v2.6.1
...
* Network policy improvements
* Update cni sidecar image from v1.10.0 to v1.11.0
* Lower log level in Calico CNI config from debug to info
2017-09-30 16:16:40 -07:00
Dalton Hubble
e0d8917573
Add LICENSE to top-level of each module
2017-09-28 20:41:19 -07:00
Dalton Hubble
f7f983c7da
docs: Add docs and addons for Nginx AWS Ingress
2017-09-28 01:09:31 -07:00
Dalton Hubble
b20233e05d
aws: Add Ingress ELB DNS name output as ingress_dns_name
...
* Expose the Ingress ELB DNS name so application DNS records can
be defined in Terraform to resolve to the Ingress ELB
2017-09-28 00:46:17 -07:00
Dalton Hubble
77e387cf83
Add top-level README.md with module overview
2017-09-27 22:09:52 -07:00
Dalton Hubble
795428329a
google-cloud: Move controller and worker submodules under kubernetes
2017-09-27 20:50:32 -07:00
Dalton Hubble
f7dd959e9c
bare-metal: Stop including etcd-network-checkpointer
2017-09-27 18:25:20 -07:00
Dalton Hubble
b62a6def23
Merge pull request #26 from poseidon/fix-nfs-issue
...
Add Wants=rpc-statd.service to Kubelet
2017-09-24 20:18:22 -07:00
Dalton Hubble
1b5caef4c1
Add Wants=rpc-statd.service to Kubelet
...
* Mounting NFS exports as volumes from some NFS servers fails because
the kubelet isn't starting rpc-statd as expected. Describing pods
that are stuck creating shows rpc.statd is required for remote locking
* Starting rpc-statd.service resolves the issue and all NFS mounts
seem to be working.
* Recommended approach https://github.com/coreos/bugs/issues/2074
2017-09-24 18:23:55 -07:00
Dalton Hubble
767efabeb2
Merge pull request #23 from poseidon/drop-bm-self-etcd
...
bare-metal: Remove support for experimental_self_hosted_etcd
2017-09-23 16:55:25 -07:00
Dalton Hubble
68726a2773
bare-metal: Remove support for experimental_self_hosted_etcd
...
* Transition from discouraging self-hosted etcd for bare-metal,
to removing it as an option
* See #13 and FAQ for self-hosted etcd discussion
2017-09-23 16:49:15 -07:00