Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix issue with Vault and Kubernetes Calico/Canal communication #1434

Merged
merged 4 commits into from
Jul 13, 2020

Conversation

erzetpe
Copy link
Contributor

@erzetpe erzetpe commented Jul 10, 2020

This request is to solve issues: #1412, #1413, #1398

Copy link
Collaborator

@seriva seriva left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe this namespace we want to make configurable?

@erzetpe
Copy link
Contributor Author

erzetpe commented Jul 12, 2020

Later on for sure, but right now it's just quick fix. This will be done with prior parametrization of other options in Vault with replacing bash script with something more suitable.

@seriva
Copy link
Collaborator

seriva commented Jul 13, 2020

Ok, make sure this is somewhere represented in some issue or task,

@erzetpe erzetpe merged commit 263e182 into hitachienergy:develop Jul 13, 2020
@erzetpe erzetpe deleted the fix/vault-calico-canal branch July 13, 2020 13:14
rafzei added a commit that referenced this pull request Aug 13, 2020
* Initialized test status table

* Added next sections of test status

Refactored status table a bit, added next lines, added next section with descriptions.

* Upgrade cluster section filled

* All sections filled

* Add missing tests

* Move CNS proposition design doc to GH.

* fixed formatting

* Etcd encryption feature refactor for deployment and upgrades (#1427)

* kubernetes_master: etcd encryption simplification and refactor

* upgrade: refactor of upgrade-kubeadm-config.yml (proper yaml parsing)

* upgrade: adding etcd encryption patching procedure

* upgrade-master.yml: small coding style improvement (highlight fix)

* upgrade: enabling patching of the kubeadm config

* fact naming improvements

Co-authored-by: to-bar <[email protected]>

* patch-kubeadm-config.yml: skipping unnecessary kubectl apply

Co-authored-by: to-bar <[email protected]>

* Bumping AzureCLI to fix SP secrets with special characters.

* Added Changelog entry.

* Change move to copy build dir during an upgrade (#1429)

* Change move to copy build dir during an upgrade
* Got rid of unused backup_temp_dir

* Update to logging

- log piping for stderr.
- custom colors for different log levels
- mapping some cases of log warnings and errors from Terraform and Ansible

* helm documentation #896

* Progress:

- simplified piping

* Fix K8s upgrade: 'kubeadm upgrade apply' hangs (#1431)

* Clean up and optimize K8s upgrades

* Patch only kubeadm-config ConfigMap

* Downgrade CoreDNS to K8s built-in version before 'kubeadm upgrade apply'

* Deploy customized CoreDNS after K8s is upgraded to the latest version

* Update changelog

* Wait for API resources to propagate

* Rename vendor in VSCode recommendations (#1438)

Vendor moved owner of mauve.terraform repository to HashiCorp (https://marketplace.visualstudio.com/items?itemName=HashiCorp.terraform)

* Fix issue with Vault and Kubernetes Calico/Canal communication (#1434)

* Add vault namespace and fixes related to connection issue

* Add default policy for default namespace

* Remove service endpoint, execute certificate part if enabled, setting protocol correctly in Vault Helm chart

* Add possibility to configure manually Vault endpoint

* Added changelog.

* add howto links for helm doc

* Update Changelog for #1438 (#1460)

* Update Changelog

* Update Changelog - add PR number

* bump rabbitmq version from 3.7.10 to 3.8.3 #1395

* Changes in documentation after creating fix for calico and canal (#1459)

* Changes after creating fix for calico and canal

* Update changelog

* Got rid of pipe and grep (#1472)

* Assert that current version is upgradeable #1474 (#1476)

* Assert that upgrade from current version is supported #1474

* Update core/src/epicli/data/common/ansible/playbooks/roles/upgrade/tasks/kubernetes.yml

Co-authored-by: to-bar <[email protected]>

* Add docker_version variable support (#1477)

* add docker_version variable support
* Docker installation - 2 tasks merged into 1 to speed up the deployment
* Remove two useless packages from docker installation

Co-authored-by: Grzegorz Dajuk <[email protected]>

* Kubernetes HA upgrades (#1456)

* epicli/upgrade: reusing existing shared-config + cleanups

* upgrade: k8s HA upgrades minimal implementation

* upgrade: kubernetes cleanup and refactor

* Apply suggestions from code review

Co-authored-by: to-bar <[email protected]>

* upgrade: removing unneeded kubeconfig from k8s nodes (security fix)

* upgrade: statefulset patching refactor

* upgrade: cleanups and refactor for logs

* Make deployment manifest tasks more generic

* Improve detecting CNI plugin

* AnsibleVarsGenerator.py: fixing regression issue introducted during upgrade refactor

* Apply suggestions from code review

Co-authored-by: to-bar <[email protected]>

* upgrade: statefulset patching refactor

- patching all containers (fix)
- patching init containers also (fix)
- removing include_tasks statements (speedup)

* Ensure settings for backward compatibility

* Revert "Ensure settings for backward compatibility"

This reverts commit 5c9cdb6.

* AnsibleInventoryUpgrade.py: merging shared-config with defaults

* Adding changelog entry

* Revert "AnsibleVarsGenerator.py: fixing regression issue introducted during upgrade refactor"

This reverts commit c38eb9d.

* Revert "epicli/upgrade: reusing existing shared-config + cleanups"

This reverts commit e5957c5.

* AnsibleVarsGenerator.py: adding nicer way to handle shared config

Co-authored-by: to-bar <[email protected]>

* Fix upgrade of flannel to v0.12.0 (#1484)

* Readme and changelog update (#1493)

Readme and changelog update

* Fixing broken offline CentOS 7.8 installation (#1498)

* repository: adding the missing centos-logos package

* updating 0.7.1 changelog

* repository/centos-7: restoring alphabetical order

* Add modularization-approaches.md design document

* Kibana config always points its elasticsearch.hosts to a "logging" VM (#1347) (#1483)

* Bump elliptic from 6.5.0 to 6.5.3 in /examples/keycloak/implicit/react

Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.0 to 6.5.3.
- [Release notes](https://github.com/indutny/elliptic/releases)
- [Commits](indutny/elliptic@v6.5.0...v6.5.3)

Signed-off-by: dependabot[bot] <[email protected]>

* Bump elliptic in /examples/keycloak/authorization/react

Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.0 to 6.5.3.
- [Release notes](https://github.com/indutny/elliptic/releases)
- [Commits](indutny/elliptic@v6.5.0...v6.5.3)

Signed-off-by: dependabot[bot] <[email protected]>

* Always setting hostname on all nodes of the cluster (on-prem fix) (#1509)

* common: always setting hostname on all nodes of the cluster (on-prem fix)

* updating 0.7.1 changelog

* Workarund restart rabbitmq pods during patching #1395

* add missing changelog entry

* Upgrade Kubernetes to v1.18.6 (#1501)

* Upgrade k8s-dashboard to v2.0.3 (#1516)

* fix due to review

* Dashboard unavailability, network fix for Flannel and Canal #1394 (#1519)

* additional defaults for kafka config

* fixes after review, remove redundant code

* Named demo configuration the same as generated one

* Added deletion step description

* Added a note related to versions for upgrades

* Fixed syntax errors

* Added prerequisites section in upgrade doc

* Added key encoding troubleshooting info

* Test fixes for RabbitMQ 3.8.3 (#1533)

* fix missing variable image rabbitmq

* Add Kubernetes Dashboard to COMPONENTS.md (#1546)

* Update CHANGELOG-0.7.md

Minor changes to changelog before release.

* CHANGELOG-0.7.md update v0.7.1 release date (#1552)

* Increment version string to 0.7.1 (#1554)

Co-authored-by: Mateusz Kyc <[email protected]>
Co-authored-by: Mateusz Kyc <[email protected]>
Co-authored-by: Michał Opala <[email protected]>
Co-authored-by: to-bar <[email protected]>
Co-authored-by: Luuk van Venrooij <[email protected]>
Co-authored-by: Tomasz Arendt <[email protected]>
Co-authored-by: Marcin Pyrka <[email protected]>
Co-authored-by: erzetpe <[email protected]>
Co-authored-by: Luuk van Venrooij <[email protected]>
Co-authored-by: ar3ndt <[email protected]>
Co-authored-by: Grzegorz Dajuk <[email protected]>
Co-authored-by: Grzegorz Dajuk <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: TolikT <[email protected]>
Co-authored-by: przemyslavic <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment