Dalton Hubble
6c5a1964aa
Change kube-apiserver port from 443 to 6443
...
* Adjust firewall rules, security groups, cloud load balancers,
and generated kubeconfig's
* Facilitates some future simplifications and cost reductions
* Bare-Metal users who exposed kube-apiserver on a WAN via their
router or load balancer will need to adjust its configuration.
This is uncommon, most apiserver are on LAN and/or behind VPN
so no routing infrastructure is configured with the port number
2018-06-19 23:48:51 -07:00
Dalton Hubble
79260c48f6
Update Kubernetes from v1.10.3 to v1.10.4
2018-06-06 23:23:11 -07:00
Dalton Hubble
6e968cd152
Update Calico from v3.1.2 to v3.1.3
...
* https://github.com/projectcalico/calico/releases/tag/v3.1.3
* https://github.com/projectcalico/cni-plugin/releases/tag/v3.1.3
2018-05-30 21:32:12 -07:00
Dalton Hubble
4ea1fde9c5
Update Kubernetes from v1.10.2 to v1.10.3
...
* https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.10.md#v1103
* Update Calico from v3.1.1 to v3.1.2
2018-05-21 21:38:43 -07:00
Dalton Hubble
9ac7b0655f
Add bare-metal network_ip_autodetection_method variable for multi-NIC
...
* Allow setting the Calico host IPv4 address autodetection method
* Use Calico's default "first-found" method to support single NIC
and bonded NIC nodes
* Allow methods like `can-reach=IP` or `interface=REGEX` for multi
NIC nodes
* https://docs.projectcalico.org/v3.1/reference/node/configuration#ip-autodetection-methods
2018-05-15 23:27:34 -07:00
Dalton Hubble
37981f9fb1
Allow bearer token authn/authz to the Kubelet
...
* Require Webhook authorization to the Kubelet
* Switch apiserver X509 client cert org to systems:masters
to grant the apiserver admin and satisfy the authorization
requirement. kubectl commands like logs or exec that have
the apiserver make requests of a kubelet continue to work
as before
* https://kubernetes.io/docs/admin/kubelet-authentication-authorization/
* https://github.com/poseidon/typhoon/issues/215
2018-05-13 23:20:42 -07:00
Dalton Hubble
e889430926
Update kube-dns from v1.14.9 to v1.14.10
...
* https://github.com/kubernetes/kubernetes/pull/62676
2018-04-28 00:43:09 -07:00
Dalton Hubble
32ddfa94e1
Update Kubernetes from v1.10.1 to v1.10.2
...
* https://github.com/kubernetes/kubernetes/releases/tag/v1.10.2
2018-04-28 00:27:00 -07:00
Dalton Hubble
a54f76db2a
Update Calico from v3.0.4 to v3.1.1
...
* https://github.com/projectcalico/calico/releases/tag/v3.1.1
* https://github.com/projectcalico/calico/releases/tag/v3.1.0
2018-04-21 18:30:36 -07:00
Dalton Hubble
77c0a4cf2e
Update Kubernetes from v1.10.0 to v1.10.1
...
* Use kubernetes-incubator/bootkube v0.12.0
2018-04-12 20:57:31 -07:00
Dalton Hubble
6b08bde479
Use k8s.gcr.io instead of gcr.io/google_containers
...
* Kubernetes recommends using the alias to fetch images
from the nearest GCR regional mirror, to abstract the use
of GCR, and to drop names containing 'google'
* https://groups.google.com/forum/#!msg/kubernetes-dev/ytjk_rNrTa0/3EFUHvovCAAJ
2018-04-08 12:57:52 -07:00
Dalton Hubble
18dbaf74ce
Update kube-dns from v1.14.8 to v1.14.9
...
* https://github.com/kubernetes/kubernetes/pull/61908
2018-04-04 21:00:23 -07:00
Dalton Hubble
1cc043d1eb
Update Kubernetes from v1.9.6 to v1.10.0
2018-03-30 22:14:07 -07:00
Dalton Hubble
a04ef3919a
Update Kubernetes from v1.9.5 to v1.9.6
2018-03-21 20:29:52 -07:00
Dalton Hubble
758c09fa5c
Update Kubernetes from v1.9.4 to v1.9.5
2018-03-19 00:25:44 -07:00
Dalton Hubble
88aa9a46e5
Add /var/lib/calico volume mount to Calico DaemonSet
2018-03-18 16:40:38 -07:00
Dalton Hubble
931e311786
Update Kubernetes from v1.9.3 to v1.9.4
2018-03-12 18:07:50 -07:00
Dalton Hubble
a44cf0edbd
Update Calico from v3.0.2 to v3.0.3
...
* https://github.com/projectcalico/calico/releases/tag/v3.0.3
2018-02-26 12:48:19 -08:00
Dalton Hubble
c4914c326b
Update bootkube and terraform-render-bootkube to v0.11.0
2018-02-22 21:53:26 -08:00
Dalton Hubble
c19a68b59b
Update bootkube control-plane manifests
...
* Remove PersistentVolumeLabel admission controller flag
* Switch Deployments and DaemonSets to apps/v1
* Minor update to pod-checkpointer image version
2018-02-15 11:06:35 -08:00
Dalton Hubble
a41691b222
Update Kubernetes from v1.9.2 to v1.9.3
...
* Add flannel service account and limited RBAC cluster role
* Change DaemonSets to tolerate NoSchedule and NoExecute taints
* Remove deprecated apiserver --etcd-quorum-read flag
* Update Calico from v3.0.1 to v3.0.2
* Add Calico GlobalNetworkSet CRD
* https://github.com/poseidon/terraform-render-bootkube/pull/44
2018-02-10 13:37:07 -08:00
Dalton Hubble
2fa1840c30
Update flannel from v0.9.0 to v0.10.0
...
* https://github.com/coreos/flannel/releases/tag/v0.10.0
2018-01-28 23:09:21 -08:00
Dalton Hubble
8e0b8d7e40
Upgrade Calico from 2.6.6 to 3.0.1
2018-01-28 11:47:23 -08:00
Dalton Hubble
868265988b
Update bootkube and terraform-render-bootkube to v0.10.0
2018-01-19 23:10:45 -08:00
Dalton Hubble
6adffcb778
Update Kubernetes from v1.9.1 to v1.9.2
2018-01-19 08:40:09 -08:00
Dalton Hubble
d8db296932
Update kube-dns and use separate service account
...
* Update kube-dns from v1.14.7 to v1.14.8
* Use a separate kube-dns service account
* https://github.com/kubernetes/kubernetes/pull/57918
2018-01-12 10:29:30 -08:00
Dalton Hubble
51a5f64024
Enable portmap plugin alongside Calico to fix hostPort
...
* https://github.com/poseidon/terraform-render-bootkube/pull/36
2018-01-06 14:01:18 -08:00
Dalton Hubble
9329b775f6
Update Kubernetes from v1.8.6 to v1.9.1
2018-01-06 14:01:16 -08:00
Dalton Hubble
fbdd946601
Update Kubernetes from v1.8.5 to v1.8.6
2017-12-21 11:20:37 -08:00
Barak Michener
e79088baa0
Add optional cluster_domain_suffix variable
...
* Allow kube-dns to respond to DNS queries with a custom
suffix, instead of the default 'cluster.local'
* Useful when multiple clusters exist on the same local
network and wish to query services on one another
2017-12-15 01:45:52 -08:00
Dalton Hubble
495e33e213
Update bootkube and terraform-render-bootkube to v0.9.1
2017-12-15 01:45:02 -08:00
Dalton Hubble
165396d6aa
Update Kubernetes from v1.8.4 to v1.8.5
2017-12-09 21:28:31 -08:00
Dalton Hubble
5f5eec1175
Update bootkube and terraform-render-bootkube to v0.9.0
2017-12-01 22:27:48 -08:00
Dalton Hubble
56c6bf431a
Update terraform-render-bootkube for Kubernetes v1.8.4
...
* Update hyperkube from v1.8.3 to v1.8.4
* Remove flock from bootstrap-apiserver and kube-apiserver
* Remove unused critical-pod annotations in manifests
* Use service accounts for kube-proxy and pod-checkpointer
* Update Calico from v2.6.1 to v2.6.3
* Update flannel from v0.9.0 to v0.9.1
* Remove Calico termination grace period to prevent calico
from getting stuck for extended periods
* https://github.com/poseidon/terraform-render-bootkube/pull/29
2017-11-28 21:42:26 -08:00
Dalton Hubble
5f6b0728c5
Update bootkube and terraform-render-bootkube to v0.8.2
2017-11-10 20:01:37 -08:00
Dalton Hubble
d774c51297
Update Kubernetes from v1.8.2 to v1.8.3
2017-11-08 23:34:19 -08:00
Dalton Hubble
878f5a3647
Bump bootkube and terraform-render-bootkube to v0.8.1
...
* Use the v0.8.1 tagged terraform-render-bootkube module
* Use the v0.8.1 quay.io/coreos/bootkube image to bootstrap
2017-10-28 12:50:37 -07:00
Dalton Hubble
60bc8957c9
Update Kubernetes from v1.8.1 to v1.8.2
...
* Kubernetes v1.8.2 fixes a memory leak in the v1.8.1 apiserver
* Switch to using the `gcr.io/google_containers/hyperkube` for the
on-host kubelet and shutdown drains
* Update terraform-render-bootkube manifests generation
* Update flannel from v0.8.0 to v0.9.0
* Add `hairpinMode` to flannel CNI config
* Add `--no-negcache` to kube-dns dnsmasq
2017-10-24 21:44:26 -07:00
Dalton Hubble
e4c479554c
Update AWS, DO, BM Kubernetes from v1.7.7 to v1.8.1
...
* Update from bootkube v0.7.0 to v0.8.0
* Leave Google Cloud update to a followup commit
2017-10-19 21:10:04 -07:00
Dalton Hubble
43dc44623f
Fix the terraform fmt of configs
2017-10-16 01:32:25 -07:00
Dalton Hubble
1bc25c1036
Update Kubernetes from v1.7.5 to v1.7.7
...
* Update from bootkube v0.6.2 to v0.7.0
* Use renamed terraform-render-bootkube. Renamed from
bootkube-terraform to meet Terraform Module requirements
2017-10-03 21:03:15 -07:00
Dalton Hubble
2d5a4ae1ef
Update kube-dns image to address dnsmasq vulnerability
...
* https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
2017-10-02 10:27:10 -07:00
Dalton Hubble
dd883988bd
Update from Calico v2.5.1 to v2.6.1
...
* Network policy improvements
* Update cni sidecar image from v1.10.0 to v1.11.0
* Lower log level in Calico CNI config from debug to info
2017-09-30 16:16:40 -07:00
Dalton Hubble
f7dd959e9c
bare-metal: Stop including etcd-network-checkpointer
2017-09-27 18:25:20 -07:00
Dalton Hubble
68726a2773
bare-metal: Remove support for experimental_self_hosted_etcd
...
* Transition from discouraging self-hosted etcd for bare-metal,
to removing it as an option
* See #13 and FAQ for self-hosted etcd discussion
2017-09-23 16:49:15 -07:00
Dalton Hubble
777c860b1c
bare-metal: Update to using Kubernetes v1.7.5 control plane manifests
...
* bootkube-terraform module wasn't bumped for bare-metal
2017-09-23 14:04:18 -07:00
Dalton Hubble
1efe39d6bc
Allow MTU for bare-metal Calico to be customized
...
* Calico on bare-metal defaults to IP-in-IP encapsulation and MTU 1480
2017-09-05 19:01:18 -07:00
Dalton Hubble
6ef326a872
bare-metal: Add support for Calico networking
...
* Add variable networking with "flannel" or "calico"
2017-09-01 17:52:22 -07:00
Dalton Hubble
dc3ff174ea
Update Kubernetes from v1.7.1 to v1.7.3
2017-08-16 20:12:59 -07:00
Dalton Hubble
fc018ffa28
Rename project and organization
2017-08-14 19:24:04 -07:00
Lucas Serven
cafc58c610
Update module source from dghubble to purenetes
2017-08-07 19:30:41 -07:00
Dalton Hubble
da596e06bb
Add bare-metal support for Container Linux with Matchbox
2017-07-24 23:24:12 -07:00