Commit Graph

10264 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
2d4753b898
Merge pull request #103360 from m14815/commit-21.6.3
Error should be checked first, then go to other steps.
2021-07-01 15:36:03 -07:00
Kubernetes Prow Robot
43ebff8fa4
Merge pull request #103306 from swetharepakula/convert-proxy
Kubeproxy uses V1 EndpointSlice
2021-07-01 14:28:11 -07:00
Kubernetes Prow Robot
3f4c39bbd7
Merge pull request #103063 from neolit123/1.22-add-patches-to-v1beta3
kubeadm: add support for patches in v1beta3; deprecate --experimental-patches
2021-07-01 02:25:54 -07:00
Kubernetes Prow Robot
5c23b61247
Merge pull request #103327 from SataQiu/fix-write-config-to
kube-scheduler: ensure the default config output of --write-to-config is usable
2021-06-30 21:00:06 -07:00
Swetha Repakula
03b7a699c2 Kubeproxy uses V1 EndpointSlice 2021-06-30 18:41:57 -07:00
Kubernetes Prow Robot
c206af0367
Merge pull request #103380 from vinayakankugoyal/bug
Fix incorrect user and group for kube-scheduler when it is running as non-root.
2021-06-30 17:21:53 -07:00
Vinayak Goyal
1c39cf2365 Fix incorrect user and group for kube-scheduler when it is running as non-root. 2021-06-30 11:28:15 -07:00
Lukasz Szaszkiewicz
4a2aef00d6 adds metrics for authorization webhook 2021-06-30 09:26:25 +02:00
SataQiu
6c86c34457 kube-scheduler: ensure the default config output of --write-to-config is usable 2021-06-30 13:26:27 +08:00
maruiyan
da4aaf81cd Error should be checked first, then go to other steps. 2021-06-30 11:00:55 +08:00
Kubernetes Prow Robot
7eaf2ebab2
Merge pull request #103313 from neolit123/1.22-fix-key-check-download-certs
kubeadm: fix wrong check for keys/certs during "download-certs"
2021-06-29 14:54:20 -07:00
Kubernetes Prow Robot
e0f66be1aa
Merge pull request #101822 from yuzhiquan/NodeResourcesFit-score
Add score func for NodeResourcesFit plugin
2021-06-29 13:42:20 -07:00
Lubomir I. Ivanov
5c00024c70 kubeadm: fix wrong check for keys/certs during "download-certs"
During "join" of new control plane machines, kubeadm would
download shared certificates and keys from the cluster stored
in a Secret. Based on the contents of an entry in the Secret,
it would use helper functions from client-go to either write
it as public key, cert (mode 644) or as a private key (mode 600).

The existing logic is always writing both keys and certs with mode 600.
Allow detecting public readable data properly and writing some files
with mode 644.

First check the data with ParsePrivateKeyPEM(); if this passes
there must be at least one private key and the file should be written
with mode 600 as private. If that fails, validate if the data contains
public keys with ParsePublicKeysPEM() and write the file as public
(mode 644).

As a result of this new logic, and given the current set of managed
kubeadm files, .key files will end up with 600, while .crt and .pub
files will end up with 644.
2021-06-29 23:42:04 +03:00
Kubernetes Prow Robot
dae03ba921
Merge pull request #99364 from p0lyn0mial/upstream-delegated-authn-metrics
adds metrics for delegated authn
2021-06-29 11:19:38 -07:00
yuzhiquan
deb14b995a Add score plugin for NodeResourcesFit 2021-06-29 13:16:55 -04:00
Lukasz Szaszkiewicz
322c18c147 adds metrics for authentication webhook 2021-06-29 09:49:14 +02:00
Kubernetes Prow Robot
bb309b5706
Merge pull request #103249 from wangyysde/update-kubeadm-help-msg
correct example command of kubeadm help
2021-06-28 14:24:28 -07:00
Kubernetes Prow Robot
883cacde77
Merge pull request #101413 from songxiao-wang87/run-test6
Structured Logging migration: modify policy part logs of kube-controller-manager.
2021-06-28 02:19:25 -07:00
wangyysde
39a373b162 correct example command of kubeadm help
Signed-off-by: wangyysde <net_use@bzhy.com>
2021-06-28 16:12:52 +08:00
Kubernetes Prow Robot
015a0d9b01
Merge pull request #103130 from ahg-g/ahg-ca
Add a function that returns default scheduler configuration
2021-06-25 12:13:24 -07:00
David Ashpole
79550ed40c Add distributed tracing to the apiserver using OpenTelemetry 2021-06-25 05:20:27 -07:00
Kubernetes Prow Robot
042472d02d
Merge pull request #103152 from navist2020/remove/deprecatedFlags
kubeadm:remove deprecated flags CSROnly and CSRDir
2021-06-24 16:38:19 -07:00
Kubernetes Prow Robot
82fe27a041
Merge pull request #103080 from krak7602/feat-test
Stop using github.com/pkg/errors
2021-06-24 15:27:40 -07:00
Kubernetes Prow Robot
2e93b3924a
Merge pull request #101943 from saschagrunert/seccomp-default
Add kubelet `SeccompDefault` alpha feature
2021-06-24 13:07:41 -07:00
Abdullah Gharaibeh
b6a317aeaf add a function that returns default scheduler configuration 2021-06-24 11:48:35 -04:00
Kubernetes Prow Robot
06dfe683ce
Merge pull request #103123 from dims/remove-fakefs-to-drop-spf13/afero-dependency
Remove fakefs to drop spf13/afero dependency
2021-06-24 07:57:41 -07:00
Davanum Srinivas
5feff280e1
remove fakefs to drop spf13/afero dependency
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2021-06-24 09:51:34 -04:00
navist2020
538e7777c3 kubeadm:remove deprecated flags CSROnly and CSRDir 2021-06-24 18:28:43 +08:00
Kubernetes Prow Robot
b0010c2d9e
Merge pull request #103066 from MikeSpreitzer/apf-no-00
Add config checking for inflight limits
2021-06-23 18:25:40 -07:00
Kubernetes Prow Robot
3a07d96d25
Merge pull request #99412 from enj/enj/i/ttl_backdate
csr: correctly handle backdating of short lived certs
2021-06-23 15:00:10 -07:00
Monis Khan
7e891e5d6c
csr: correctly handle backdating of short lived certs
This change updates the backdating logic to only be applied to the
NotBefore date and not the NotAfter date when the certificate is
short lived. Thus when such a certificate is issued, it will not be
immediately expired.  Long lived certificates continue to have the
same lifetime as before.

Consolidated all certificate lifetime logic into the
PermissiveSigningPolicy.policy method.

Signed-off-by: Monis Khan <mok@vmware.com>
2021-06-23 15:36:11 -04:00
Lubomir I. Ivanov
70a524659a kubeadm: add {Init|Join}Configuration.Patches.Directory to v1beta3
Add {Init|Join}Configuration.Patches, which is a structure that
contains patch related options. Currently it only has the "Directory"
field which is the same option as the existing --experimental-patches
flag.

The flags --[experimental-]patches value override this value
if both a flag and config is passed during "init" or "join".
2021-06-23 22:24:10 +03:00
Lubomir I. Ivanov
a4402122b4 kubeadm: add the --patches flag and deprecate --experimental-patches
The feature of "patches" in kubeadm has been in Alpha for a few
releases. It has not received major bug reports from users.
Deprecate the --experimental-patches flag and add --patches.

Both flags are allowed to be mixed with --config.
2021-06-23 22:22:41 +03:00
Mike Spreitzer
0762f492c5 Add config checking for inflight limits
When API Priority and Fairness is enabled, the inflight limits must
add up to something positive.
This rejects the configuration that prompted
https://github.com/kubernetes/kubernetes/issues/102885

Update help for max inflight flags
2021-06-23 14:06:50 -04:00
Sascha Grunert
8b7003aff4
Add SeccompDefault feature
This adds the gate `SeccompDefault` as new alpha feature. Seccomp path
and field fallbacks are now passed to the helper functions, whereas unit
tests covering those code paths have been added as well.

Beside enabling the feature gate, the feature has to be enabled by the
`SeccompDefault` kubelet configuration or its corresponding
`--seccomp-default` CLI flag.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>

Apply suggestions from code review

Co-authored-by: Paulo Gomes <pjbgf@linux.com>
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
2021-06-23 10:22:57 +02:00
Lubomir I. Ivanov
3b36e6bcea kubeadm: fix image pull policy integration
If the user has not specified a pull policy we must assume a default of
v1.PullIfNotPresent.

Add some extra verbose output to help users monitor what policy is
used and what images are skipped / pulled.

Use "fallthrough" and case handle "v1.PullAlways".

Update unit test.
2021-06-23 00:52:35 +03:00
Kubernetes Prow Robot
c864f2357d
Merge pull request #102901 from wangyysde/add-support-imagePullPolicy-fix524
kubeadm: add support of imagePullPolicy to kubeadm
2021-06-22 07:43:59 -07:00
krak7602
ec93b3b0be Stop using github.com/pkg/errors 2021-06-22 10:43:30 +05:30
Kubernetes Prow Robot
e78e692f33
Merge pull request #101449 from CaoDonghui123/fix5
kubeadm: allow passing the flag --log-file if --config is passed
2021-06-21 20:43:57 -07:00
caodonghui
25f479c2ac fix'--log-file only works if --logtostderr=false' 2021-06-22 09:32:26 +08:00
Kubernetes Prow Robot
cfa0130b9f
Merge pull request #102466 from pacoxu/dns-1.8.4
kubeadm: update coredns to 1.8.4
2021-06-21 18:14:10 -07:00
wangyysde
459fe7d08a add support of imagePullPolicy to kubeadm
Signed-off-by: wangyysde <net_use@bzhy.com>
2021-06-22 07:13:25 +08:00
navist2020
1f9d448283 Use errors.Errorf instead of errors.Wrapf when the err is nil 2021-06-21 16:17:32 +08:00
Kubernetes Prow Robot
e55ff835b4
Merge pull request #102922 from SataQiu/update-link
cmd/kubelet: replace KEP link with the documentation one as it is available now
2021-06-19 13:10:50 -07:00
Kubernetes Prow Robot
ab7d8b5b5b
Merge pull request #102871 from rainrambler/patch-1
kubeadm: use defer to unlock mutex in certs.go
2021-06-18 09:52:30 -07:00
Kubernetes Prow Robot
f1d9db4381
Merge pull request #102940 from gy95/sche
when new manager failed should return err
2021-06-17 14:08:17 -07:00
Kubernetes Prow Robot
b41c8a2d49
Merge pull request #102862 from vinayakankugoyal/roochless2
Update etcd in kubeadm to run as non-root.
2021-06-17 13:00:05 -07:00
navist2020
1a4b0ee09b remove excess error handling 2021-06-17 17:34:57 +08:00
gy95
c789898f79 when new manager failed should return err 2021-06-17 16:02:31 +08:00
Vinayak Goyal
5a0756c5f4 Update etcd in kubeadm to run as non-root. 2021-06-16 17:30:46 -07:00