github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
9,959 Commits 1 Branch 31 Tags 1,019 MiB
082757ccbb
Commit Graph

1131 Commits

Author SHA1 Message Date
Alex Robinson
743945f3aa Merge pull request #7384 from a-robinson/opts 
Remove unused env variable from the fluentd dockerfiles
 2015-04-27 17:18:17 -07:00
CJ Cullen
39c5bf363b Merge pull request #7303 from erictune/kube_env3 
kube-proxy uses token to access port 443 of apiserver
 2015-04-27 14:33:53 -07:00
derekwaynecarr
81e9395533 Fix vagrant regression due to #7326 2015-04-27 17:18:30 -04:00
Alex Robinson
ada9242155 Remove unused env variable from the fluentd dockerfiles and make their apt-get 
arguments consistent.
 2015-04-27 20:47:38 +00:00
Brendan Burns
a02823c0db Merge pull request #7344 from roberthbailey/google-storage-ssl 
Fetch resources from storage.googleapis.com over SSL.
 2015-04-27 12:24:46 -07:00
Brendan Burns
637cd57a25 Merge pull request #6606 from gust1n/aws-existing-vpc 
AWS: Improving getting existing VPC and subnet
 2015-04-27 11:11:25 -07:00
Zach Loafman
b8de4960ac Merge pull request #7367 from erictune/cleanupkubadmintoken 
Remove apparently dead code from Azure scripts.
 2015-04-27 10:13:40 -07:00
Zach Loafman
5ccfc0a225 Merge pull request #6006 from justinsb/aws_multiple_clusters 
First step to supporting multiple k8s clusters
 2015-04-27 10:11:03 -07:00
Eric Tune
9b31a76651 Remove apparently dead code from Azure scripts. 2015-04-27 10:08:50 -07:00
Eric Tune
9044177bb6 Generate a token for kube-proxy. 
Tested on GCE.
Includes untested modifications for AWS and Vagrant.
No changes for any other distros.
Probably will work on other up-to-date providers
but beware.  Symptom would be that service proxying
stops working.

 1. Generates a token kube-proxy in AWS, GCE, and Vagrant setup scripts.
 1. Distributes the token via salt-overlay, and salt to /var/lib/kube-proxy/kubeconfig
 1. Changes kube-proxy args:
   - use the --kubeconfig argument
   - changes --master argument from http://MASTER:7080 to https://MASTER
     - http -> https
     - explicit port 7080 -> implied 443

Possible ways this might break other distros:

Mitigation: there is an default empty kubeconfig file.
If the distro does not populate the salt-overlay, then
it should get the empty, which parses to an empty
object, which, combined with the --master argument,
should still work.

Mitigation:
  - azure: Special case to use 7080 in
  - rackspace: way out of date, so don't care.
  - vsphere: way out of date, so don't care.
  - other distros: not using salt.
 2015-04-27 08:59:57 -07:00
Zach Loafman
df1cfae368 Merge pull request #7326 from roberthbailey/client-cert-auth 
Pass the CA root cert into the apiserver
 2015-04-27 07:48:59 -07:00
Robert Bailey
a9f8f17299 Fetch the kibana tar.gz over SSL. 2015-04-26 21:57:49 -07:00
Robert Bailey
225da3f88f Fetch resources from storage.googleapis.com over SSL. 2015-04-26 21:51:37 -07:00
Robert Bailey
846ffcff83 Pass the CA root cert into the apiserver so that the apiserver will 
perform client cert checks for authorization. Only enable on GCE where
the apiserver is terminating SSL connections from end users.
 2015-04-24 22:01:56 -07:00
saadali
acbd3d78f1 Specify host/container ports for InfluxDB, so that the UI is accessible. 2015-04-24 16:22:50 -07:00
Brian Grant
60d7bad147 Merge pull request #7128 from nikhiljindal/fixbeta1tests 
Removing more references to v1beta1 from pkg/
 2015-04-24 11:07:53 -07:00
Satnam Singh
b6bee06c20 Merge pull request #7269 from zmerlynn/lose_one_sanity 
Remove buggy GCE post turn-up cluster validation code (rely on validate-cluster.sh)
 2015-04-24 10:56:20 -07:00
Brendan Burns
49977e6a47 Revert "Update docker examples to 0.15.0" 2015-04-24 10:05:27 -07:00
Dawn Chen
2128d4e251 Merge pull request #7261 from erictune/kube_env 
Pass KUBELET_TOKEN in kube-env metadata.
 2015-04-24 10:03:34 -07:00
Nikhil Jindal
84cb48be11 Merge pull request #7246 from satnam6502/es 
Convert Elasticsearch logging to v1beta3 and de-salt
 2015-04-24 09:21:41 -07:00
nikhiljindal
dcc368c781 Removing more references to v1beta1 from pkg/ 2015-04-24 00:45:17 -07:00
CJ Cullen
80af1c9e40 kube2sky using kubeconfig secret: take 2. Point system secrets at https://kubernetes. Override in clients that can't use DNS. 2015-04-23 18:13:16 -07:00
David Oppenheimer
dda010b572 Merge pull request #7240 from satnam6502/v1beta3 
Update Kibana RC and service to v1beta3
 2015-04-23 17:09:27 -07:00
Zach Loafman
ad829dead7 Remove buggy GCE post turn-up cluster validation code (rely on validate-cluster.sh) 
Fixes #7266
 2015-04-23 16:28:44 -07:00
Eric Tune
e8a83b23d1 Pass KUBELET_TOKEN in kube-env metadata. 
ensure-kube-token is not needed anymore because
the token passed in kube-env.

In the up case it is set, in the push case it is an empty string
but not used.

Allow unset KUBELET_TOKEN (for push case).

Fix comment.
 2015-04-23 15:21:27 -07:00
Satnam Singh
c9b9e7651e Convert Elasticsearch logging to v1beta and de-salt 2015-04-23 13:06:15 -07:00
Satnam Singh
0abc34245a Update Kibana RC and service to v1beta3 2015-04-23 12:19:17 -07:00
Derek Carr
fade245a44 Merge pull request #7220 from jsafrane/devel/fix-vagrant 
V2: Fix vagrant setup broken by commit 7475efbcfb.
 2015-04-23 14:49:31 -04:00
Dawn Chen
f9156c281a Merge pull request #7123 from satnam6502/logging 
Propagate pod and container name for log files
 2015-04-23 10:13:08 -07:00
Joakim Gustin
645d6d1f26 Use existing subnet when launching AWS cluster in existing VPC 2015-04-23 11:01:17 +02:00
Jan Safranek
1c8f888477 Fix vagrant setup broken by commit 7475efbcfb. 
- 'local' can be used only inside bash functions
- s/KNOWN_TOKENS_FILE/known_tokens_file
 2015-04-23 11:00:10 +02:00
Wojciech Tyczynski
cf824ae5e0 Merge pull request #7164 from fgrzadkowski/fix_wait_minion 
Wait for minion to start even if gcloud command fails.
 2015-04-23 08:21:19 +02:00
Justin Santa Barbara
9253ae6dca AWS: Fix some bash style problems: variable quoting & locals 2015-04-22 18:30:09 -07:00
Fabio Yeon
0a0bd88db6 Revert "Change kube2sky to use token-system-dns secret, point at https endpoint ..." 2015-04-22 17:56:34 -07:00
Satnam Singh
e4e830badc Update Kibana pod to speak to Elasticsearchusing v1beta3 2015-04-22 17:37:47 -07:00
Fabio Yeon
3ed2dcae68 Merge pull request #7197 from roberthbailey/fix-restart-apiserver 
Fix the restart-apiserver command for GCE/GKE.
 2015-04-22 15:52:14 -07:00
Robert Bailey
6951bb0bd5 Fix the restart-apiserver command for GCE/GKE. 2015-04-22 15:21:13 -07:00
Satnam Singh
2444c1f943 Propagate pod and container name for log files 2015-04-22 15:08:51 -07:00
Dawn Chen
87e0d5da08 Merge pull request #7186 from ArtfulCoder/no_log_pod_on_master 
removed elasticsearch and fluentd-gcp pods from master
 2015-04-22 14:40:07 -07:00
Robert Bailey
4346c6ecae Swallow the output from the test ssh connections so that it 
doesn't interfere with string comparison.
 2015-04-22 14:19:15 -07:00
CJ Cullen
924015dc94 Merge pull request #7182 from justinsb/aws_fix_hostname 
AWS: Set hostname_override for minions, back to fully-qualified name
 2015-04-22 14:13:53 -07:00
Zach Loafman
26aeb6c370 Merge pull request #6618 from roberthbailey/no-nginx 
Salt reconfiguration to get rid of nginx on GCE
 2015-04-22 13:59:12 -07:00
Abhishek Shah
8cf11fd608 removed elasticsearch and fluentd-gcp pods from master 2015-04-22 12:54:57 -07:00
Brendan Burns
ee34d4942b Merge pull request #6576 from jeffmendoza/azure-loop 
Azure: Wait for salt completion on cluster initialization
 2015-04-22 12:51:40 -07:00
Robert Bailey
35a18e35c3 Merge pull request #7154 from cjcullen/readonly 
Change kube2sky to use token-system-dns secret, point at https endpoint ...
 2015-04-22 12:41:53 -07:00
Justin Santa Barbara
4120849cc4 AWS: Set hostname_override for minions, back to fully-qualified name 
This is a stop-gap fix; we'd really like to use EC2 instance ids, but that is
blocked by #7092 or changing that health-check to not assume that the node name
is resolvable.

This stop-gap essentially reverts #7072 for AWS
 2015-04-22 11:28:53 -07:00
Robert Bailey
dc45f7f9e6 Remove nginx and replace basic auth with bearer token auth for GCE. 
- Configure the apiserver to listen securely on 443 instead of 6443.
 - Configure the kubelet to connect to 443 instead of 6443.
 - Update documentation to refer to bearer tokens instead of basic auth.
 2015-04-22 11:11:20 -07:00
Robert Bailey
4ca8fbbec6 Merge pull request #7147 from fabioy/validate.fix 
Fix validate-cluster.sh to work on Mac.
 2015-04-22 11:06:46 -07:00
Zach Loafman
86468cd29d Revert "Added kube-proxy token." 2015-04-22 10:55:08 -07:00
Zach Loafman
0e3e502d52 Fix unbound variable after #7146 2015-04-22 10:19:53 -07:00