github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
111,339 Commits 1 Branch 31 Tags 1,019 MiB
003fbae25b
Commit Graph

1325 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
874877fa44
Merge pull request #99216 from ruiwen-zhao/remove_modprobe 
Remove modprobe configs from configure-helper
 2021-02-22 17:24:32 -08:00
Cong Liu
03709c0ece Add arm64 support for GCE node configuration 
Fix typo

Add TODO
 2021-02-19 14:22:26 -08:00
ruiwen-zhao
c053b232ba Remove modprobe configs from configure-helper 2021-02-18 22:57:44 +00:00
Benjamin Elder
299c561b10 portably configure tempdir in configure-helper.sh 
fixes a `make test` failure on macOS
 2021-02-12 01:15:14 -08:00
Joakim Roubert
3dd3211c81 Fix shellcheck failures in cluster/gce/gci/configure.sh 
Signed-off-by: Joakim Roubert <joakimr@axis.com>
 2021-02-10 19:23:31 +01:00
Kubernetes Prow Robot
b87ae556b3
Merge pull request #95865 from joakimr-axis/joakimr-axis_master-helper.sh 
Fix shellcheck issues in cluster/gce/gci/master-helper.sh
 2021-02-09 17:43:00 -08:00
Matthew Cary
9a7dcd36c1 Disallow local loopback for volume hosts 
Change-Id: Ic356c3f859057153cfad97327f1938792a1a512c
 2021-01-26 17:12:51 -08:00
Kubernetes Prow Robot
1a67280508
Merge pull request #98037 from vinayakankugoyal/kube-controller-manager-crp 
Update configure-helper.sh to early exit from start-kube-controller-m…
 2021-01-25 12:38:59 -08:00
Vinayak Goyal
31807032e0 Update configure-helper.sh to early exit from start-kube-controller-manager if kube-controller-manager is deployed through CRP. 2021-01-20 16:22:46 -08:00
Kubernetes Prow Robot
1bfa1d4619
Merge pull request #98055 from qingsenLi/20210114 
fix typo and decs in apiserver_etcd_test.go
 2021-01-19 18:49:58 -08:00
Kubernetes Prow Robot
176c4c7916
Merge pull request #96823 from hasheddan/cleanup-cos-doc 
Cleanup GCI / COS README.md
 2021-01-19 17:07:59 -08:00
Kubernetes Prow Robot
9da11e294f
Merge pull request #97868 from mtaufen/pki-tmpfs 
Mount /var/lib/kubelet/pki on tmpfs
 2021-01-14 10:47:04 -08:00
10177505
deb509a068 fix typo and decs 2021-01-14 16:55:45 +08:00
rajibmitra
69aae7aa6c Update cri-tools to v1.20.0 
Signed-off-by: rajibmitra <rajib.jolite@gmail.com>
 2021-01-12 19:02:51 +05:30
Michael Taufen
9f9e235b9d Mount /var/lib/kubelet/pki on tmpfs 
This helps avoid some rare instances of corrupt cert files
that cause Kubelet to crash-loop after node reboots, e.g.
if Kubelet opens the file during the shutdown but is unable
to write it.
 2021-01-08 18:04:35 -08:00
Kubernetes Prow Robot
8b5aeeedb4
Merge pull request #97742 from benhxy/apiserver-cipher 
Configure --tls-cipher-suites on kube-apiserver
 2021-01-08 13:44:29 -08:00
Jian Zeng
8c1971e17c chore(gce): pass auth flags to KCM and KS 
Pass flags `--authentication-kubeconfig` and
`--authorization-kubeconfig` to controller-manager and scheduler,
so that we could grab metrics from their secure ports in tests.
 2021-01-06 12:56:39 +08:00
Ben Hu
624b214481 Configure --tls-cipher-suites on kube-apiserver. 2021-01-06 00:31:39 +00:00
Sergey Kanzhelev
d78db9f161 configure docker on containerd nodes so it wouldn't reserver 172.17 subnet 2020-12-23 18:49:57 +00:00
David Xia
0756e54dfc
Fix typo in comment 2020-12-21 20:02:20 -05:00
Ben Hu
9581c40887 Revert "Use host IP instead of localhost for control plane component kubeconfig files." 
This reverts commit 49afcfa5f2.
 2020-12-11 22:36:39 +00:00
Maciej Borsz
7f09d59215 Migrate etcd's livenessProbe to etcdctl endpoint health. 
Change-Id: Ie19c844050c75e3d1c4b431d09ba0ac851c5317b
 2020-12-11 12:43:02 +01:00
Kubernetes Prow Robot
ee8983705a
Merge pull request #96679 from stmcginnis/appspot-cleanup 
Remove stale analytics links from docs
 2020-12-10 23:17:22 -08:00
Kubernetes Prow Robot
cad9a8277d
Merge pull request #97127 from liggitt/revert-etcd-host-ip 
Revert "iAdd host IP to etcd listen client URLs."
 2020-12-08 22:01:52 -08:00
Kubernetes Prow Robot
d2e7abb153
Merge pull request #96839 from vinayakankugoyal/crp 
Update configure-helper.sh to early exit from start-kube-scheduler if…
 2020-12-08 20:03:51 -08:00
Kubernetes Prow Robot
56d7f138de
Merge pull request #96622 from vinayakankugoyal/groupfix 
If the file already exists we need to grant group read permissions ex…
 2020-12-08 17:29:59 -08:00
Jordan Liggitt
8820dc4522 Revert "iAdd host IP to etcd listen client URLs." 
This reverts commit 8b4e164a78.
 2020-12-08 11:37:13 -05:00
Vinayak Goyal
18644cb1b2 Update configure-helper.sh to early exit from start-kube-scheduler if kube-scheduler is deployed through CRP. 2020-11-24 12:01:22 -08:00
hasheddan
1bf7de6239
Remove broken analytics tracking link 
Removes embedded tracking pixel which appears to be broken.

Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
 2020-11-23 18:05:10 -06:00
hasheddan
b24f224ff2
Fix formatting in GCI / COS docs 
Fixes a few formatting issues in GCI / COS README.md.

Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
 2020-11-23 18:01:30 -06:00
Kubernetes Prow Robot
b2ecd1b3a3
Merge pull request #96716 from tosi3k/bump-npd-to-v0.8.5 
Bump node-problem-detector to v0.8.5
 2020-11-21 06:33:33 -08:00
Antoni Zawodny
8f2dd3aaab Bump node-problem-detector to v0.8.5 2020-11-20 20:00:25 +01:00
Mike Danese
7fc57a207e gce: move iptables rule to mangle 
This avoids a conflict with rules that calico installs. Also, acquire
the lock everywhere.
 2020-11-18 11:28:03 -08:00
Sean McGinnis
be131457ef
Remove stale analytics links from docs 
Many README files and other docs contained a link to a an appspot
tracking app that is no longer active. Following the links leads to an
error about Go 1.9 no longer being supported. Go 1.9 support was dropped
in appspot in 2019 and disabled June 2020.

This also resulted in a broken image link displaying when viewing these
files on GitHub. Since the app is no longer functioning, and since it
causes a potentially (but granted, minor) confusing error to display,
this just removes those links as I don't believe they are needed
anymore.

Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
 2020-11-18 07:04:48 -06:00
vinayak goyal
c2ea6842a7 If the file already exists we need to grant group read permissions explicitly. 2020-11-16 22:59:30 +00:00
wojtekt
eb63da77ea Allow for configuring etcd progress notify interval on GCE 2020-10-29 15:43:51 +01:00
Kubernetes Prow Robot
1a645c2135
Merge pull request #95743 from benhxy/apiserver-health 
Use host IP instead of 127.0.0.1 for kube-apiserver healthcheck.
 2020-10-28 04:03:56 -07:00
Kubernetes Prow Robot
3523555aab
Merge pull request #95771 from vinayakankugoyal/fluentbit 
Grant group KUBE_POD_LOG_READERS_GROUP access to read pod logs on gke…
 2020-10-27 10:36:48 -07:00
Ben Hu
8416c5cc51 Use host IP instead of 127.0.0.1 for kube-apiserver healthcheck. 2020-10-27 16:25:27 +00:00
Joakim Roubert
434611b3fb Fix shellcheck issues in cluster/gce/gci/master-helper.sh 
Based on PR 88582 by gavinfish that was closed due to inactivity.
Contains a few updates.

Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
 2020-10-27 08:58:48 +01:00
Kubernetes Prow Robot
557885d5d7
Merge pull request #91788 from rahulkjoshi/detect-local-mode 
Add option to specify detect-local-mode during cluster configuration
 2020-10-26 10:25:02 -07:00
Kubernetes Prow Robot
5935fcd704
Merge pull request #95766 from towca/jtuznik/ca-params-fix 
Properly quote flags passed to Cluster Autoscaler
 2020-10-23 20:47:00 -07:00
Kubernetes Prow Robot
1f756e4a37
Merge pull request #92669 from Jefftree/netproxy-configure-helper 
Separate network proxy flag for apiserver egress and starting pods
 2020-10-23 16:47:00 -07:00
Vinayak Goyal
83c1ce0225 Grant group KUBE_POD_LOG_READERS_GROUP access to read pod logs on gke control-plane. 2020-10-23 12:14:26 -07:00
Rahul Joshi
889446810c Add configuration options to specify --detect-local-mode on kube-proxy. 2020-10-23 12:12:59 -07:00
Kubernetes Prow Robot
1257bc5acb
Merge pull request #91474 from cici37/pkgController 
Cleanup CCM dependencies
 2020-10-22 23:17:45 -07:00
Kubernetes Prow Robot
e850fa6a6c
Merge pull request #95209 from benhxy/gke/kubeconfig 
Use host IP instead of localhost for GKE control plane kubeconfig
 2020-10-22 22:15:49 -07:00
Jefftree
0e5d057755 Rename flags 2020-10-22 08:43:28 -07:00
Jefftree
ed52ad3f25 Add SETUP_KONNECTIVITY_SERVICE flag 2020-10-22 08:43:28 -07:00
Jefftree
7820b05467 Separate network proxy flag for apiserver egress and starting pods 2020-10-22 08:43:27 -07:00
Jakub Tużnik
236ade027b Properly quote flags passed to Cluster Autoscaler 
In the current implementation, the flags are not put between quotes,
and so the Cluster Autoscaler manifest doesn't parse as valid JSON.
 2020-10-22 15:10:39 +02:00
Daniel Gutowski
6c8b1ab266 Fix default values for logrotate in /var/log/ 2020-10-21 09:18:32 +00:00
Ben Hu
49afcfa5f2 Use host IP instead of localhost for control plane component kubeconfig files. 
This is a part of work to allow control plane components to be moved off hostNetwork.
 2020-10-20 22:47:33 +00:00
Ben Hu
8b4e164a78 iAdd host IP to etcd listen client URLs. 
Allow kube-apiserver to use host IP to connect to etcd.
Update etcd/migrate to allow additional client listening URLs.
 2020-10-20 16:43:52 +00:00
cici37
95acec5a3b Move client_builder to k8s.io/controller-manager 2020-10-19 14:48:22 -07:00
jayunit100
aefe930562 support multiple bind records (fie nodelocaldns test regression), by 
first replacing PILLAR_ and then replacing other vars.
 2020-10-16 14:28:55 -04:00
Kubernetes Prow Robot
c1e5e6a556
Merge pull request #93836 from jayunit100/salt_cleanup_92835 
remove __pillar__ refs
 2020-10-11 17:58:47 -07:00
Kubernetes Prow Robot
33fd5552bb
Merge pull request #95418 from vinayakankugoyal/pki 
Update write-pki-data to give read permissions to KUBE_PKI_READERS_GR…
 2020-10-09 18:08:47 -07:00
Kubernetes Prow Robot
4fbf5df52b
Merge pull request #95388 from ii/policy 
Enable Logging of event requests to audit log in cluster/gce/gci/configure-helper.sh
 2020-10-09 14:08:48 -07:00
Hippie Hacker
b1e3a2ac7a Clarify that we don't audit events due to performance impact 2020-10-09 13:30:20 +13:00
Vinayak Goyal
7cbe8070bc Update write-pki-data to give read permissions to KUBE_PKI_READERS_GROUP, for components running as non-root to be able to read the credentials. 2020-10-08 16:25:43 -07:00
Joseph Anttila Hall
2f318bdd57 API server: fix default_konnectivity_socket_path typo. 
Make it consistent with configure-helper.sh
 2020-10-08 13:19:05 -07:00
Shihang Zhang
e0dcfbf9c2 make download-or-bust compatible with both sha512/sha1 2020-10-06 15:16:26 -07:00
Kubernetes Prow Robot
446da13de1
Merge pull request #94975 from zshihang/hash 
replace sha1 with sha512
 2020-10-06 13:00:42 -07:00
Karan Goel
f707db32cc Send node startup scripts to console and journal 2020-10-05 13:25:28 -07:00
Mike Danese
cc5b12cdff gce: redirect handshake server requests to metadata-concealment too 2020-09-25 17:50:53 -07:00
Shihang Zhang
e99dbbde62 replace sha1 with sha512 2020-09-23 11:27:20 -07:00
Varun Marupadi
04a51cac17 Allow the lifecycle of kube-proxy to be managed independently of the startup scripts for GCE 
Introduces a new env variable KUBE_PROXY_DISABLE which causes the configure scripts to skip over
the creation of both static pods as well as daemonset addons for kube-proxy.
When false, the behavior falls back to the default today, which is to rely on the value of
KUBE_PROXY_DAEMONSET to decide whether to start static pods on the nodes or an addon on the
master.
 2020-09-22 20:37:35 -07:00
Kubernetes Prow Robot
6b39cdf376
Merge pull request #93305 from alculquicondor/lssd-ephemeral 
Mount kubelet and container runtime rootdir on LSSD
 2020-09-22 12:22:06 -07:00
Kubernetes Prow Robot
dbaaed3592
Merge pull request #92140 from ash2k/ash2k/fix-error-check 
Fix error check logic in test
 2020-09-22 12:21:38 -07:00
Aldo Culquicondor
2ae4eeb3ea Mount kubelet and container runtime rootdir on LSSD 
When environment variable NODE_LOCAL_SSD_EPHEMERAL=true,
create a RAID 0 array on all attached SSDs to mount:

- kubelet root dir
- container runtime root dir
- pod logs dir

Those directories account for all ephemeral storage.
An array is not created when there is only one SSD.

Change-Id: I22137f1d83fc19e9ef58a556d7461da43e4ab9bd
Signed-off-by: Aldo Culquicondor <acondor@google.com>
 2020-09-14 14:32:28 -04:00
David Eads
c7911a384c remove pod presets 2020-09-14 09:24:40 -04:00
Kubernetes Prow Robot
0627c35411
Merge pull request #93781 from kisieland/allow-to-switch-off-logrotate 
Disable log rotation of kubernetes and pod logs
 2020-09-10 16:10:14 -07:00
Daniel Gutowski
adf7ed4241 Allow to disable logrotation of kubernetes and pod logs 
Make logrotate disabled by default
 2020-09-03 11:21:44 +00:00
Shihang Zhang
38f040c0a8 bind metadata proxy to 0.0.0.0 2020-09-01 18:34:02 -07:00
Stephen Augustus
e59d9f372d Update CNI plugins to v0.8.7 
ref: https://github.com/containernetworking/plugins/releases/tag/v0.8.7

Signed-off-by: Stephen Augustus <saugustus@vmware.com>
 2020-08-31 09:01:07 -04:00
jay vyas
1693c111be Getting rid of the Salt DNS replacements, addded / back. 2020-08-30 09:11:27 +00:00
Kubernetes Prow Robot
b02b84870c
Merge pull request #94307 from xmudrii/update-cri-tools 
Update cri-tools to v1.19.0
 2020-08-28 10:40:03 -07:00
Kubernetes Prow Robot
a9d1482710
Merge pull request #93311 from logicalhan/monitoring-role 
Add bootstrap policy for monitoring endpoints
 2020-08-28 06:36:52 -07:00
Marko Mudrinić
084bc9db43
Update cri-tools to v1.19.0 2020-08-28 15:34:42 +02:00
Kubernetes Prow Robot
fd20de89d9
Merge pull request #90433 from joakimr-axis/joakimr-axis_configure-helper.sh 
Fix shellcheck w/e in cluster/gce/gci/configure-helper.sh
 2020-08-27 19:05:47 -07:00
Han Kang
f57611970c add bootstrap policy for monitoring roles 
(we enable metrics and pprof by default, but that doesn't mean
 we should have full cluster-admin access to use those endpoints)

Change-Id: I20cf1a0c817ffe3b7fb8e5d3967f804dc063ab03

remove pprof but add read access to detailed health checks

Change-Id: I96c0997be2a538aa8c689dea25026bba638d6e7d

add base health check endpoints and remove the todo for flowcontrol, as there is an existing ticket

Change-Id: I8a7d6debeaf91e06d8ace3cb2bd04d71ef3e68a9

drop blank line

Change-Id: I691e72e9dee3cf7276c725a12207d64db88f4651
 2020-07-24 09:21:55 -07:00
Jordan Liggitt
3b323b2ef0 Limit critical pods to kube-system by default 2020-07-17 09:52:19 -04:00
Kubernetes Prow Robot
c430183fff
Merge pull request #91854 from bsdnet/gci 
Update the COS E2E image policy
 2020-07-02 06:41:15 -07:00
Roy Yang
f86b720cf6 Update the COS E2E image policy 
Signed-off-by: Roy Yang <royyang@google.com>
 2020-06-30 15:24:35 -07:00
Kubernetes Prow Robot
6257f83f88
Merge pull request #92569 from dims/tolerate-slightly-different-containerd-urls 
Tolerate slightly different containerd urls
 2020-06-29 18:35:08 -07:00
Kubernetes Prow Robot
de491f11b1
Merge pull request #92444 from dims/additional-check-for-containerd-for-better-loading-images 
Additional test for loading images with containerd
 2020-06-29 18:34:40 -07:00
Joakim Roubert
0c48e0e1bb Find what fails pull-kubernetes-e2e-gce-ubuntu-containerd 
Change-Id: I7919d03926880cd9c93c61a07ada645ebfe32a89
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
 2020-06-29 09:43:37 +02:00
Joakim Roubert
b529485f65 Review update 
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
 2020-06-29 08:43:58 +02:00
Joakim Roubert
605be2216b Sync with master 
Add fixes for newly added code.

Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
 2020-06-29 08:43:58 +02:00
Joakim Roubert
196ae34f9b Remove previously added '' no longer needed 
Adapt to changes on master since the first commit here.

Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
 2020-06-29 08:43:57 +02:00
Joakim Roubert
a20a005986 No quotes needed/wanted for CURL_RETRY_CONNREFUSED 
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
 2020-06-29 08:43:57 +02:00
Joakim Roubert
1b9e9c6fe6 Add fix for run-kube-controller-manager-as-non-root 
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
 2020-06-29 08:43:57 +02:00
Joakim Roubert
11f6d43747 Updates after review 
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
 2020-06-29 08:43:57 +02:00
Joakim Roubert
4abf7da53e Update cluster/gce/gci/configure-helper.sh 
Co-authored-by: Aaron Crickenberger <spiffxp@google.com>
 2020-06-29 08:43:56 +02:00
Joakim Roubert
3e211386c1 Update cluster/gce/gci/configure-helper.sh 
Co-authored-by: Aaron Crickenberger <spiffxp@google.com>
 2020-06-29 08:43:56 +02:00
Joakim Roubert
d66456fe01 Update cluster/gce/gci/configure-helper.sh 
Co-authored-by: Aaron Crickenberger <spiffxp@google.com>
 2020-06-29 08:43:56 +02:00
Joakim Roubert
6e8504003b Update cluster/gce/gci/configure-helper.sh 
Co-authored-by: Aaron Crickenberger <spiffxp@google.com>
 2020-06-29 08:43:56 +02:00
Joakim Roubert
0c899b2bc2 Mitigate newly added shellcheck issues 
Issues not present when the original patch was created have now also
been fixed.

Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
 2020-06-29 08:43:56 +02:00
Joakim Roubert
826274c867 Updates after code review 
Add double quotes at assignments as requested by phenixblue.

Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
 2020-06-29 08:43:55 +02:00
Joakim Roubert
3fb0d1c15d Update after code review 
Simplified local variable declaration as suggested by phenixblue.

Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
 2020-06-29 08:43:55 +02:00
Joakim Roubert
1f9704c713 Code review update 
Change-Id: I384a73efe995c529fb4b3636cb9639eafb90787f
Signed-off-by: Joakim Roubert <joakimr@axis.com>
 2020-06-29 08:43:55 +02:00
Joakim Roubert
80a8566a8c Fix shellcheck w/e in cluster/gce/gci/configure-helper.sh 
Change-Id: Ic8fca2509a7cb07f4170eaf25a878036d18ba51c
Signed-off-by: Joakim Roubert <joakimr@axis.com>
 2020-06-29 08:43:55 +02:00
Davanum Srinivas
a653c21479
Tolerate slightly different containerd urls 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-06-27 06:41:19 -04:00
Jordan Liggitt
a36aa9c31e Stop enabling alpha runtimeclass API 2020-06-25 20:29:11 -04:00
Kubernetes Prow Robot
c3a6a66592
Merge pull request #92395 from sambdavidson/vip-sni-fix 
Added missing apiserver config var.
 2020-06-24 01:59:54 -07:00
Davanum Srinivas
2d7c47d2be
Additional test for loading images with containerd 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-06-23 18:21:59 -04:00
Jonathan Sun
2f7874bd4b Install firewall logging rules to log metadata server access for unauthorized components. 2020-06-23 11:22:05 -07:00
Samuel Davidson
31ae200ebf fix for missing kube-env var in SNI config 2020-06-22 13:33:42 -07:00
Kubernetes Prow Robot
d140769e4d
Merge pull request #92344 from jherrera123/restore-docker-focal-version 
Restore docker focal version in gci nodes
 2020-06-21 15:28:39 -07:00
Kubernetes Prow Robot
4c8207dc1e
Merge pull request #92314 from dims/set-better-default-for-loading-images-2 
Set better default commands for loading images - take 2
 2020-06-21 05:12:39 -07:00
Kubernetes Prow Robot
c6011f2d54
Merge pull request #91390 from vinayakankugoyal/nonroot 
Updating kube-controller-manager to run as non-root.
 2020-06-21 00:56:38 -07:00
Jesus Herrera
9714f3ac86 Restore docker focal version 2020-06-20 11:16:25 -04:00
Kubernetes Prow Robot
2d1c417934
Merge pull request #92258 from SidneyShen/node-boot-nvme-disk-fix 
Add logic to check if local NVMe SSDs in node boot-up script
 2020-06-19 11:38:14 -07:00
Kubernetes Prow Robot
4369eb3155
Merge pull request #92083 from alculquicondor/sched_config_script 
Support kube-scheduler component-config in GCE init scripts
 2020-06-19 11:36:53 -07:00
Kubernetes Prow Robot
87e6ec493c
Merge pull request #90223 from caesarxuchao/remove-unused-var 
Remove unused network proxy variables and functions
 2020-06-19 11:36:14 -07:00
Davanum Srinivas
60bd17a61f
Set better default commands for loading images - take 2 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-06-19 14:25:12 -04:00
Kubernetes Prow Robot
6bb668c3c4
Merge pull request #92204 from dims/check-for-either-docker-or-containerd-getting-active 
Check for either docker or containerd getting active
 2020-06-18 06:03:21 -07:00
Kubernetes Prow Robot
c83c4d5453
Merge pull request #92184 from dims/set-better-default-for-loading-images 
Set better default commands for loading images
 2020-06-18 06:02:52 -07:00
Xinning Shen
27658f8241 Add logic to check if local NVMe SSDs in node boot-up script 
Current logic would assume all the NVMe disks are data disks and
applicable for reformat and mount. This will cause the issue when
booting disk is also NVMe disk, which will fail the node boot up. This
change will check if any additional NVMe disks are required/specified
and skip the reformat step otherwise.
 2020-06-18 08:48:43 +00:00
Chao Xu
06d034f3c8 remove unnecessary certs generation 2020-06-16 23:47:10 -07:00
Kubernetes Prow Robot
1f629ca4a2
Merge pull request #92150 from sambdavidson/sniflagfix 
Fix to configure-kubeapiserver.sh error.
 2020-06-16 19:24:12 -07:00
Kubernetes Prow Robot
51aac92f69
Merge pull request #91922 from Jefftree/netproxy-009 
Upgrade apiserver-network-proxy to v0.0.9
 2020-06-16 19:22:39 -07:00
Davanum Srinivas
01183e51f0
Check for either Docker or Containerd getting active for e2e_node tests 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-06-16 20:08:01 -04:00
Davanum Srinivas
fbb4bb0003
Set better default commands for loading images 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-06-16 07:47:02 -04:00
Samuel Davidson
3958ecb5c7 Fix to configure-kubeapiserver.sh error. 
It no no longer errors and exits if
env-var OLD_LOAD_BALANCER_IP is undefined.
 2020-06-15 11:42:05 -07:00
Aldo Culquicondor
55242bf3c9 Support kube-scheduler component-config in GCE init scripts 
Taking precedence over some existing flags.

Signed-off-by: Aldo Culquicondor <acondor@google.com>
 2020-06-15 09:41:18 -04:00
Mikhail Mazurskiy
b75ea1b052
Fix error check logic 
If copy finished file (err == nil) then
use the error returned from out.Close()
 2020-06-15 22:00:56 +10:00
Jefftree
c6b2b1fad3 Add health port to network proxy 2020-06-12 16:44:56 -07:00
Jordan Liggitt
ac5ec4aa80 Adjust admission webhook auth config for default-enabled admission plugins 2020-06-10 13:46:30 -04:00
Davanum Srinivas
1731cb30f5
Use containerd as default in kube-up.sh 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-06-07 14:34:50 -04:00
Kubernetes Prow Robot
db152fdd7d
Merge pull request #91756 from wojtek-t/remove_etcd_empty_dir_cleanup 
Remove etcd-empty-dir-cleanup image
 2020-06-05 15:30:24 -07:00
Kubernetes Prow Robot
3509b46fc6
Merge pull request #91612 from bsdnet/gci 
Improve COS image document for E2E test
 2020-06-05 15:30:00 -07:00
wojtekt
ee27e5b8be Remove all references to etcd-empty-dir-cleanup. 2020-06-05 08:41:31 +02:00
Kubernetes Prow Robot
c0455a1853
Merge pull request #91154 from liggitt/signer-duration 
Mark experimental-cluster-signing-duration deprecated, add --cluster-signing-duration
 2020-06-04 17:59:45 -07:00
Vinayak Goyal
8daa9e6f77 Updating kube-controller-manager to run as non-root. 2020-06-02 14:07:00 -07:00
Roy Yang
3336d59ab2 Update COS/GCI document 
Signed-off-by: Roy Yang <royyang@google.com>
 2020-06-01 14:34:31 -07:00
Sascha Grunert
d2fc2d282d
Update cri-tools to v1.18.0 
This updates cri-tools to the latest release as well as pointing the
artifacts to the new Google Cloud Bucket `k8s-artifacts-cri-tools`.

This reverts commit ce1840d253.

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
 2020-05-29 10:56:02 +02:00
Kubernetes Prow Robot
f91c1ef60e
Merge pull request #91370 from justaugustus/cni 
Update CNI to v0.8.6
 2020-05-26 13:38:01 -07:00
Kubernetes Prow Robot
f01d848c48
Merge pull request #91329 from dims/switch-kube-controller-manager-to-distroless-image 
Switch kube-controller-manager to distroless image
 2020-05-22 17:23:10 -07:00
Stephen Augustus
b692502a9d Update CNI to v0.8.6 
Signed-off-by: Stephen Augustus <saugustus@vmware.com>
 2020-05-22 17:48:56 -04:00
Kubernetes Prow Robot
9e06faa1fb
Merge pull request #91240 from tosi3k/bump-am-version 
Update kube-addon-manager to v9.1.1
 2020-05-21 19:40:37 -07:00
Davanum Srinivas
b1742f19ef
Switch kube-controller-manager to distroless image 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-05-21 22:33:54 -04:00
Kubernetes Prow Robot
c97c61ebe8
Merge pull request #91304 from karan/gcireviewer 
add karan to gci reviewer
 2020-05-20 19:42:20 -07:00
Kubernetes Prow Robot
52358fe010
Merge pull request #91228 from sambdavidson/iprotflags 
Add SNI flags usage to configure-*.sh
 2020-05-20 19:41:30 -07:00
Samuel Davidson
20b37d6c5a Add IP rotation flags and env-vars to configure-*.sh 2020-05-20 13:07:37 -07:00
Karan Goel
451592c6a5 add karan to gci reviewer 2020-05-20 10:42:42 -07:00
Jacek Kaniuk
57caa27b8d Do not add kube-apiserver performance flags if already set 2020-05-20 19:05:16 +02:00
Antoni Zawodny
15e491eb2f Update kube-addon-manager to v9.1.1 2020-05-20 09:50:20 +02:00
Jakub Przychodzeń
ce1840d253 Revert "Update cri-tools to v1.18.0" 
This reverts commit 4b3e023659.
 2020-05-19 11:19:39 +02:00
Sascha Grunert
4b3e023659
Update cri-tools to v1.18.0 
Bump cri-tools to the latest version and update test scripts.

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
 2020-05-18 13:38:41 +02:00
Jordan Liggitt
950ed38996 Mark experimental-cluster-signing-duration deprecated, add --cluster-signing-duration 2020-05-15 14:09:58 -04:00
Tim Hockin
d681a04541 Force LICENSES refresh on GCE images 
Some test images have it baked in.
 2020-05-11 14:25:26 -07:00
Yuwen Ma
1aa67fc525
Switch core master base images from debian to distroless 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-05-09 06:55:00 -04:00
Kubernetes Prow Robot
7d53ecee37
Merge pull request #90575 from thockin/fix_license_again 
Reorganize vendor licenses again (revert #85220)
 2020-05-08 23:03:51 -07:00
Tim Hockin
325ea6e3c2 Restructure licenses again (revert cd4474a) 
This moves licenses of vendored code from one monolith file into a tree
of individual files for easier reviews.  This fixes both the bash and
bazel paths.
 2020-05-07 21:48:59 -07:00
Walter Fender
339918d206 Add admin account on master for kube-up 
Creates a master local admin account.
If you are on the master you can now run kubectl.
For issue 87481.
 2020-05-06 17:19:58 -07:00
Davanum Srinivas
0d38f21932
Use bionic repo for docker as focal is not yet available 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-05-03 16:50:49 -04:00
Kubernetes Prow Robot
e494b0788b
Merge pull request #89543 from bartekzurawski/fix-kube-up-gce-private-restart 
Set ip alias route on kubernetes-master during booting
 2020-04-24 09:38:07 -07:00
Vinayak Goyal
7a5f4c47de Run kube-scheduler and kube-addon-manager as non root 2020-04-16 14:50:04 -07:00
Bartek Żurawski
3e4744c736 Set ip alias route on kubernetes-master during booting 2020-04-15 00:03:05 +02:00
Kubernetes Prow Robot
c0be582ca5
Merge pull request #89269 from Jefftree/network-proxy-beta 
Use v1beta1 for egress selector config
 2020-04-09 18:07:49 -07:00
Kubernetes Prow Robot
c7abf44a19
Merge pull request #88856 from yaseenhamdulay/patch-1 
Create etcd user in cloud-init master.yaml rather than in configure-h…
 2020-03-27 20:41:53 -07:00
Samuel Davidson
c70cd1e82f Changed readonly to true and type to File for authn/authz config. 2020-03-25 17:45:27 -07:00
Yaseen Hamdulay
58f78a53ee Add ssh_redirect_user 2020-03-24 11:30:48 +00:00
Kubernetes Prow Robot
de877ec26e
Merge pull request #89327 from aojea/conntrack 
cluster: ipvs conntrack module vs kernel version
 2020-03-22 13:28:44 -07:00
Antonio Ojea
33810a99d9 cluster: ipvs conntrack module vs kernel version 
We should use 'nf_conntrack' instead of 'nf_conntrack_ipv4'
for linux kernel >= 4.19
 2020-03-21 11:23:28 +01:00
Jefftree
936f7665cf network proxy alpha -> beta 2020-03-19 11:49:47 -07:00
yaseenhamdulay
5de3c64ad0 Create etcd user in cloud-init master.yaml rather than in configure-helper.sh 
An etcd unix user is currently created in configure-helper.sh if it does not exist
on the master.

cloud-init is the only supported mechanism to add users on COS VMs. If an attempt
is made to add a key using OS Login or the instance metadata mechanism the
google_accounts_daemon will race with useradd and potentially attempt to use
the same UID. This will lock out any attempt to SSH into the VM. We therefore
migrate to using cloud-init to create this user and prevent this issue from occurring.
 2020-03-19 11:05:42 +00:00
Kubernetes Prow Robot
f899ad704a
Merge pull request #89069 from enj/enj/i/drop_password_file 
Remove support for basic authentication
 2020-03-18 22:24:20 -07:00
Kubernetes Prow Robot
8055c92e26
Merge pull request #88125 from mwwolters/flex2healthz 
Switch flexvolume_node_setup.sh from kubelet RO port to healthz port
 2020-03-17 16:20:07 -07:00
Joe Betz
23c358d883
Fix unbound variable error in gce/configure.sh 
Looks like UBUNTU_INSTALL_RUNC_VERSION should be optional here.
 2020-03-12 16:41:25 -07:00
Monis Khan
df292749c9
Remove support for basic authentication 
This change removes support for basic authn in v1.19 via the
--basic-auth-file flag.  This functionality was deprecated in v1.16
in response to ATR-K8S-002: Non-constant time password comparison.

Similar functionality is available via the --token-auth-file flag
for development purposes.

Signed-off-by: Monis Khan <mok@vmware.com>
 2020-03-11 20:55:47 -04:00
Jefftree
6fd748e2c5 exit if KONNECTIVITY_SERVICE_PROXY_PROTOCOL_MODE is set incorrectly 2020-03-05 16:59:55 -08:00
Jefftree
06abedb063 Allow both GRPC and http-connect mode to be toggled 2020-03-05 16:16:59 -08:00
Jefftree
2a98cb7f8b Use GRPC mode for network proxy 2020-03-02 15:54:52 -08:00
Jefftree
0989770135 Update network proxy to v0.0.7 2020-03-02 10:09:00 -08:00
Jefftree
4c54241c3d Support token authentication for network proxy 2020-03-01 17:24:48 -08:00
Kubernetes Prow Robot
831dae75bf
Merge pull request #88185 from vinayakankugoyal/appendandreplace 
append_or_replace_prefixed_line in /cluster/gce/gci/configure-helper.…
 2020-02-26 13:33:19 -08:00
Vinayak Goyal
388ebfe7d0 append_or_replace_prefixed_line in /cluster/gce/gci/configure-helper.sh fails for prefixes that contain quotes and = sign. 2020-02-24 17:35:36 -08:00
Kubernetes Prow Robot
6461e6f4fb
Merge pull request #87179 from Jefftree/netproxy-uds 
UDS + GRPC Support for Network Proxy
 2020-02-20 21:20:32 -08:00
Jefftree
725d2b6a8f Network Proxy: GRPC + HTTP Connect with UDS 2020-02-20 10:19:37 -08:00
Benjamin Elder
4454ce6f37 fix shellcheck failures in health-monitor.sh 2020-02-14 16:12:18 -08:00
Mark Wolters
ba74c1cfb4 Switch flexvolume_node_setup.sh from kubelet RO port to healthz port 2020-02-13 09:58:51 -08:00
Kubernetes Prow Robot
78a02a223d
Merge pull request #88010 from dims/support-for-adding-test-handler-for-containerd 
Support for adding test-handler for containerd
 2020-02-11 23:15:58 -08:00
Kubernetes Prow Robot
04cfa4981a
Merge pull request #87463 from mwwolters/healthmon2healthz 
Migrate health monitor from read only port to healthz port
 2020-02-11 17:06:08 -08:00
Davanum Srinivas
8f764b113e
Support for adding test-handler for containerd 2020-02-10 20:43:40 -05:00
Davanum Srinivas
da024f9a57
Ability to override versions of containerd/runc 2020-02-08 20:20:15 -05:00
Davanum Srinivas
acd286d95d
Install containerd package depending on CONTAINER_RUNTIME 2020-02-08 17:53:37 -05:00
Davanum Srinivas
c4ef6a94b3
Add gid to config.toml only when docker group is present 
If we don't install docker and install just containerd apt packages,
there is no docker group. In this scenario, we should not add the gid to
config.toml
 2020-02-08 17:53:37 -05:00
Davanum Srinivas
2c93aa6ec3
Ensure kubectl is available in PATH by explicitly exporting the script 2020-02-07 09:05:07 -05:00
Davanum Srinivas
f20e17e9dd
python snippets should work on both old and new python versions 2020-02-05 11:22:56 -05:00
Davanum Srinivas
dc3f31569e
Ensure specified container runtimes are present 2020-02-03 13:40:57 -05:00
Stephen Augustus
1174e6698e cni: Update CNI version to v0.8.5 
Signed-off-by: Stephen Augustus <saugustus@vmware.com>
 2020-01-29 04:41:29 -05:00
Stephen Augustus
96f2588b61 cni: Update CNI download URLs to use new GCS bucket (k8s-artifacts-cni) 
Signed-off-by: Stephen Augustus <saugustus@vmware.com>
 2020-01-29 02:32:22 -05:00
Kubernetes Prow Robot
324b5921c1
Merge pull request #87529 from cheftako/master 
Added relevent approvers and reviewers for gci.
 2020-01-25 11:49:02 -08:00
Kubernetes Prow Robot
15f96a807a
Merge pull request #86305 from saschagrunert/cri-tools 
Update cri-tools to v1.17.0
 2020-01-24 12:18:32 -08:00
Walter Fender
b2f3236771 Added relevent approvers and reviewers for gci. 
Adding new approver and reviewers for the gci scripts.
 2020-01-24 09:29:35 -08:00
Kubernetes Prow Robot
90da466221
Merge pull request #87504 from cheftako/master 
Fix issue with GCE scripts assuming Python2.
 2020-01-24 03:03:19 -08:00
Walter Fender
1dd53fd3ba Fix issue with GCE scripts assuming Python2. 
For bug #87482.
Newer OSs are now defaulting to Python3.
This breaks the kube-up scripts for GCE.
Adding code to detect this and explicitly use Python2.
 2020-01-23 15:05:04 -08:00