Commit Graph

139 Commits

Author SHA1 Message Date
Dalton Hubble 9ec8ec4afc Secure copy etcd TLS credentials to controllers only
* Controllers receive etcd TLS credentials
* Controllers and workers receive a kubeconfig
2017-10-14 20:48:02 -07:00
Dalton Hubble 5c1ed37ff5 Add SSH key to user "debug" during disk-install phase
* Avoid adding SSH authorized key for user "core" during the disk
install, so that terraform apply cannot SSH until post-install
2017-10-14 20:37:42 -07:00
bzub e765fb310d Allow setting custom PXE boot kernel_args on bare-metal 2017-10-14 19:39:10 -07:00
Dalton Hubble 7b5ffd0085 Add Container Linux reboot-coordinator RBAC
* Add a reboot-coordinator namespace for CLUO components
* Define an RBAC ClusterRole for update-operator and update-agent
* Replace the older-style where CLUO ran in kube-system, with
admin privilege
2017-10-14 19:35:06 -07:00
Dalton Hubble 123439c2a4 Remove or compress docs image assets 2017-10-14 19:12:22 -07:00
Dalton Hubble 11453bac91 Update heapster addon from v1.4.0 to v1.4.3
* Use normal name and phase labels
2017-10-14 19:07:37 -07:00
Dalton Hubble dd0c61d1d9 Update Nginx Ingress controller addon to 0.9.0-beta.15 2017-10-14 18:30:58 -07:00
Dalton Hubble 5c87529011 Demote Google Cloud from stable to beta
* See #34 postmortem and action items for context on
when stable status will be restored
2017-10-11 19:32:04 -07:00
Dalton Hubble a97df839ea google-cloud: Set disk.device_name to match API default
* Terraform provider "google" plugin releases leave the disk
device_name as "" by default. Recently the API has started to
set a default name "persistent-disk-0". Plan and apply show
all instance groups need to be recreated to "fix" the name
* Impact: Controller and worker instance groups are deleted
and recreated, deleting data on controllers and bringing
down clusters
* Fix: Explicitly set the disk_name to persistent-disk-0 so
that terraform finds no diff needs to be applied.
* https://github.com/poseidon/typhoon/issues/34
* https://github.com/terraform-providers/terraform-provider-google/issues/574
2017-10-11 18:04:39 -07:00
Dalton Hubble a5290dac32 Update docs to show Digital Ocean with on-host etcd 2017-10-09 23:47:32 -07:00
Dalton Hubble 308c7dfb6e digital-ocean: Run etcd cluster on-host, across controllers
* Run etcd peers with TLS across controller nodes
* Deprecate self-hosted-etcd on the Digital Ocean platform
* Distribute etcd TLS certificates as part of initial provisioning
* Check the status of etcd by running `systemctl status etcd-member`
2017-10-09 22:43:23 -07:00
Dalton Hubble da63c89d71 Remove mention of ct plugin in bare-metal docs 2017-10-08 23:37:41 -07:00
Dalton Hubble 62d7ccfff3 Add docs on provision time and network performance 2017-10-04 00:05:43 -07:00
Dalton Hubble 1bc25c1036 Update Kubernetes from v1.7.5 to v1.7.7
* Update from bootkube v0.6.2 to v0.7.0
* Use renamed terraform-render-bootkube. Renamed from
bootkube-terraform to meet Terraform Module requirements
2017-10-03 21:03:15 -07:00
Dalton Hubble 2d5a4ae1ef Update kube-dns image to address dnsmasq vulnerability
* https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
2017-10-02 10:27:10 -07:00
Dalton Hubble 1ab27ae1f1 Fix status of the google-cloud module to production 2017-10-01 21:41:08 -07:00
Dalton Hubble def84aa5a0 docs: Add details about security features 2017-10-01 21:38:52 -07:00
Dalton Hubble dd883988bd Update from Calico v2.5.1 to v2.6.1
* Network policy improvements
* Update cni sidecar image from v1.10.0 to v1.11.0
* Lower log level in Calico CNI config from debug to info
2017-09-30 16:16:40 -07:00
Dalton Hubble e0d8917573 Add LICENSE to top-level of each module 2017-09-28 20:41:19 -07:00
Dalton Hubble f7f983c7da docs: Add docs and addons for Nginx AWS Ingress 2017-09-28 01:09:31 -07:00
Dalton Hubble b20233e05d aws: Add Ingress ELB DNS name output as ingress_dns_name
* Expose the Ingress ELB DNS name so application DNS records can
be defined in Terraform to resolve to the Ingress ELB
2017-09-28 00:46:17 -07:00
Dalton Hubble 77e387cf83 Add top-level README.md with module overview 2017-09-27 22:09:52 -07:00
Dalton Hubble 795428329a google-cloud: Move controller and worker submodules under kubernetes 2017-09-27 20:50:32 -07:00
Dalton Hubble f7dd959e9c bare-metal: Stop including etcd-network-checkpointer 2017-09-27 18:25:20 -07:00
Dalton Hubble b62a6def23 Merge pull request #26 from poseidon/fix-nfs-issue
Add Wants=rpc-statd.service to Kubelet
2017-09-24 20:18:22 -07:00
Dalton Hubble 1b5caef4c1 Add Wants=rpc-statd.service to Kubelet
* Mounting NFS exports as volumes from some NFS servers fails because
the kubelet isn't starting rpc-statd as expected. Describing pods
that are stuck creating shows rpc.statd is required for remote locking
* Starting rpc-statd.service resolves the issue and all NFS mounts
seem to be working.
* Recommended approach https://github.com/coreos/bugs/issues/2074
2017-09-24 18:23:55 -07:00
Dalton Hubble 767efabeb2 Merge pull request #23 from poseidon/drop-bm-self-etcd
bare-metal: Remove support for experimental_self_hosted_etcd
2017-09-23 16:55:25 -07:00
Dalton Hubble 68726a2773 bare-metal: Remove support for experimental_self_hosted_etcd
* Transition from discouraging self-hosted etcd for bare-metal,
to removing it as an option
* See #13 and FAQ for self-hosted etcd discussion
2017-09-23 16:49:15 -07:00
Dalton Hubble 4ea85b1ac8 Merge pull request #25 from poseidon/fix-bm-bootkube
bare-metal: Update to using Kubernetes v1.7.5 assets
2017-09-23 16:31:01 -07:00
Dalton Hubble 74d8b9dabe *: Update bootkube-terraform sha hash to corresponding named tag
* bootkube-terraform v0.6.2 dbfb11c6eafa08f839eac2834ca1aca35dafe965
2017-09-23 14:10:42 -07:00
Dalton Hubble 777c860b1c bare-metal: Update to using Kubernetes v1.7.5 control plane manifests
* bootkube-terraform module wasn't bumped for bare-metal
2017-09-23 14:04:18 -07:00
Dalton Hubble b033a94efc Merge pull request #24 from poseidon/improve-docs
README: Add IRC link, CHANGES.md, and minor fixes
2017-09-23 14:02:25 -07:00
Dalton Hubble 235c8a5222 README: Add IRC link, CHANGES.md, and minor fixes 2017-09-23 13:55:44 -07:00
Dalton Hubble 69cabd9486 Merge pull request #22 from poseidon/better-templating
bare-metal: Ues Terraform templating for Container Linux configs
2017-09-23 12:55:55 -07:00
Dalton Hubble bca96bb124 bare-metal: Ues Terraform templating for Container Linux configs
* Template bare-metal Container Linux configs with Terraform's
(limited) template_file module. This allows rendering problems
to be identified during `terraform plan` and is favored over
using the Matchbox templating feature when the configs are
served to PXE booting nodes.
* Writes a Matchbox profile for each machine, which will be served
as-is. The effect is the same, each node gets provisioned with its
own Container Linux config.
2017-09-23 11:49:12 -07:00
Dalton Hubble cd368c123f docs: Add missing Terraform plugin section for bare-metal 2017-09-18 22:36:01 -07:00
Dalton Hubble 7c733bd314 Add Nginx Ingress controller addons and docs 2017-09-18 01:48:21 -07:00
Dalton Hubble 229a4c5293 Merge pull request #18 from poseidon/add-aws
Add AWS module and docs
2017-09-17 23:50:49 -07:00
Dalton Hubble 47387d552a docs: Add tutorial for AWS usage 2017-09-17 23:41:43 -07:00
Dalton Hubble 7c046b6206 *: Fix Terraform fmt and comments 2017-09-17 21:43:00 -07:00
Dalton Hubble d8e4ac172a Add dghubble/pegasus AWS Kubernetes Terraform module 2017-09-17 21:40:33 -07:00
Dalton Hubble 663f37ed6d google-cloud: Remove unused service accounts 2017-09-14 15:47:44 -07:00
Dalton Hubble fb5f63c8be google-cloud: Update kubelet.service unit to match upstream
* Mount host /opt/cni/bin in Kubelet to use host's CNI plugins
* Switch /var/run/kubelet-pod.uuid to /var/cache/kubelet-pod.uuid
to persist between reboots and cleanup old Kubelet pods
* Organize Kubelet flags in alphabetical order
2017-09-14 15:47:44 -07:00
Dalton Hubble 0d6410505d bare-metal: Update kubelet.service unit to match upstream
* Mount host /opt/cni/bin in Kubelet to use host's CNI plugins
* Switch /var/run/kubelet-pod.uuid to /var/cache/kubelet-pod.uuid
to persist between reboots and cleanup old Kubelet pods
* Organize Kubelet flags in alphabetical order
2017-09-14 11:44:02 -07:00
Dalton Hubble 2a2ed372c8 digital-ocean: Update kubelet.service unit to match upstream
* Mount host /opt/cni/bin in Kubelet to use host's CNI plugins
* Switch /var/run/kubelet-pod.uuid to /var/cache/kubelet-pod.uuid
to persist between reboots and cleanup old Kubelet pods
* Organize Kubelet flags in alphabetical order
2017-09-13 20:49:23 -07:00
Dalton Hubble 2ff6d602d8 digital-ocean: Distribute kubeconfig via Terraform null_resource
* Keep kubeconfig out of DigitalOcean metadata user-data
2017-09-13 20:19:52 -07:00
Dalton Hubble 64e8d207b1 Change bare-metal and GCE networking default to calico
* Switch networking default from flannel to calico
2017-09-12 09:16:58 -07:00
Dalton Hubble a441f5c6e0 Update Kubernetes from v1.7.3 to v1.7.5 2017-09-08 13:56:20 -07:00
Dalton Hubble 00b61a26c0 docs: Add docs on Calico networking support
* Digital Ocean firewalls don't yet support the required
IP tunneling protocol so Calico cannot be used without
disabling firewalls right now.
2017-09-05 19:01:32 -07:00
Dalton Hubble 1efe39d6bc Allow MTU for bare-metal Calico to be customized
* Calico on bare-metal defaults to IP-in-IP encapsulation and MTU 1480
2017-09-05 19:01:18 -07:00