github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
7,006 Commits 1 Branch 31 Tags
17b51a93a3da17a9dca87c3bde52b0a2f3fb8298
Commit Graph

538 Commits

Author SHA1 Message Date
markturansky
8159c8fd25 Refactor PodCondition to PodPhase 2014-11-21 15:28:38 -05:00
Tim Hockin
ea960711ff Clean up error logs. 
Use %v for errors, tidy some messages, make error messages start lowe-case
(as per go guidelines).  Just accumulated nits.
 2014-11-21 09:45:26 +08:00
Jordan Liggitt
c895331277 Make master take authenticator.Request interface instead of tokenfile 2014-11-19 15:07:51 -05:00
Clayton Coleman
1c524607d8 Merge pull request #2097 from markturansky/v1beta3_podrefactor 
Refactor internal API for Pods to match v1beta3
 2014-11-18 15:28:58 -05:00
Eric Tune
057d78e471 Treat unset KUBERNETES_PROVIDER as gce. 
Should fix jenkins failure.
 2014-11-18 10:13:45 -08:00
markturansky
8af4ccb111 v1beta3 Pod refactor 2014-11-18 09:25:42 -05:00
Eric Tune
4dbdfd7935 Only test events on GCE. 2014-11-18 00:23:41 -08:00
Eric Tune
46dcacfa93 Kubelet talks securely to apiserver. 
Configure apiserver to serve Securely on port 6443.
Generate token for kubelets during master VM startup.
Put token into file apiserver can get and another file the kubelets can get.
Added e2e test.
 2014-11-18 00:23:41 -08:00
Brendan Burns
cea52d7e4f Merge pull request #2409 from mattmoor/master 
Implements a credentialprovider library for use by DockerPuller.
 2014-11-17 21:53:25 -08:00
Matt Moore
0c5d9ed0d2 Implements a credentialprovider library for use by DockerPuller. 
This change refactors the way Kubelet's DockerPuller handles the docker config credentials to utilize a new credentialprovider library.

The credentialprovider library is based on several of the files from the Kubelet's dockertools directory, but supports a new pluggable model for retrieving a .dockercfg-compatible JSON blob with credentials.

With this change, the Kubelet will lazily ask for the docker config from a set of DockerConfigProvider extensions each time it needs a credential.

This change provides common implementations of DockerConfigProvider for:
 - "Default": load .dockercfg from disk
 - "Caching": wraps another provider in a cache that expires after a pre-specified lifetime.

GCP-only:
 - "google-dockercfg": reads a .dockercfg from a GCE instance's metadata
 - "google-dockercfg-url": reads a .dockercfg from a URL specified in a GCE instance's metadata.
 - "google-container-registry": reads an access token from GCE metadata into a password field.
 2014-11-17 21:46:54 -08:00
Joe Beda
66d287f7e4 Merge branch 'rename-to-kube' of https://github.com/eparis/kubernetes into eparis-rename-to-kube 
* 'rename-to-kube' of https://github.com/eparis/kubernetes:
  rename kube server binaries to kube-

Conflicts:
	docs/salt.md
 2014-11-17 09:52:10 -08:00
Victor Marmol
6908c9ca4a Merge pull request #2407 from eparis/cadvisor-0.5.0 
Cadvisor 0.5.0
 2014-11-17 08:53:36 -08:00
Eric Paris
630acf221c alias cadvisor/client to cadvisor 
cadvisor 0.5.0 changes the package from cadvisor to client.  Which of
course conflicts with our own client.  Alias it back to cadvisor.
 2014-11-16 21:44:34 -05:00
Daniel Smith
c412540cf2 Remove confusing function; add TODO and explanation for (nonfatal) error message in integration test. 2014-11-14 17:16:05 -08:00
Eric Tune
c770e70495 Factor to function. 2014-11-14 14:09:51 -08:00
Eric Tune
6430250ce8 Send events from kubelet. 
Accept argument specifying file with kubernetes_auth file.
Make an api client in kubelet.
Send events to apiserver.
 2014-11-14 13:37:20 -08:00
Clayton Coleman
c95b8694d6 Merge pull request #2340 from erictune/refactor_kube_auth 
Refactor kube auth
 2014-11-14 14:10:53 -05:00
Eric Tune
0727219c83 New package defines .kubernetes_auth format. 
Refactored common code to that package.
Subsequent PRs will load and emit these files.
 2014-11-14 10:36:25 -08:00
Brendan Burns
c2485a4056 Merge pull request #2147 from justinsb/ipv6 
Initial ipv6 / iptables work
 2014-11-14 10:34:37 -08:00
Daniel Smith
7df0f6d3bd Merge pull request #2343 from erictune/tokens_need_private_comms 
Use https when Insecure is selected.
 2014-11-14 09:51:59 -08:00
Eric Tune
5c24855349 Rename Secure -> TLS; we may use TLS insecurely. 2014-11-13 21:42:36 -08:00
Eric Paris
a99c3c7963 rename kube server binaries to kube- 
apiserver becomes kube-apiserver
controller-manager -> kube-controller-manager
scheduler and proxy similarly.

Only thing I promise is that right now hack/build-go.sh and
build/release.sh exit with 0.  That's it.  Who knows if any of this
actually works....
 2014-11-13 20:08:26 -05:00
Daniel Smith
1be56fa91b Merge pull request #2279 from brendandburns/integration 
Added some etcd retries to try to work around some flakes we see in Travis
 2014-11-12 13:51:39 -08:00
Brendan Burns
bcec212c37 Added some etcd retries to try to work around some flakes we see in Travis. 2014-11-12 12:59:19 -08:00
Daniel Smith
0348a67413 Merge pull request #2195 from smarterclayton/prepare_pod_template_v1beta3 
Allow an internal pod template reference or object
 2014-11-12 10:55:08 -08:00
Clayton Coleman
d97f6cd0d8 Integration test was not decoding using api.Scheme 2014-11-11 17:03:20 -05:00
Clayton Coleman
94c873e7a4 Remaining refactor for PodTemplateSpec and fixing test cases 2014-11-11 17:03:20 -05:00
Brendan Burns
ffcdb9dfb7 Fix build on 32 bit processors. 2014-11-11 09:51:45 -08:00
Dawn Chen
30fcf24131 Merge pull request #2121 from brendandburns/standalone 
Create a standalone k8s binary, capable of running a full cluster
 2014-11-10 22:04:28 -08:00
Daniel Smith
c67083572b Merge pull request #2268 from erictune/kubelet_local_log_event 
Locally log kubelet events
 2014-11-10 15:57:07 -08:00
Daniel Smith
626eb2700e Merge pull request #2261 from erictune/aux_port 
Add a third port which has HTTPS and auth(n,z)
 2014-11-10 15:31:49 -08:00
Eric Tune
53f9d42ed3 Add a third port which has HTTPS and auth(n,z) 
It is disabled by default.
Document all the various and sundry (3) ports.
 2014-11-10 15:16:46 -08:00
Eric Tune
c5d1782c00 Add local logging of kubelet events. 2014-11-10 13:57:13 -08:00
Eric Tune
08c8f2cde1 Record event of kubelet restart re: minion obj. 2014-11-10 13:46:48 -08:00
Brendan Burns
2c1221864d Make a standalone binary. 2014-11-10 13:34:11 -08:00
Daniel Smith
66d62229f6 Fix kubecfg -template to be versioned 2014-11-07 16:47:21 -08:00
Eric Tune
c068b56919 Return InsecureHandler from master. 
Subsequent changes will make use of both
m.Handler and m.InsecureHandler for different ports.
 2014-11-06 09:11:31 -08:00
Eric Tune
6e81e8c896 Basic ACL file. 
Added function to read basic ACL from a CSV file.
Added implementation of Authorize based on that file's policies.
Added docs on authentication and authorization.
Added example file and tested it.
 2014-11-05 16:06:22 -08:00
Daniel Smith
c163535563 Allow (delayed) apiserver starting when network interface isn't available immediately. 2014-11-05 12:07:33 -08:00
bgrant0607
fc0dab630c Merge pull request #2086 from markturansky/v1beta3_refactor 
Refactor internal API for Services to match v1beta3
 2014-11-04 21:48:02 -08:00
Daniel Smith
e4dcd4a131 Merge pull request #2122 from erictune/moar_attribs 
Moar authorization attributes
 2014-11-04 13:17:47 -08:00
markturansky
bd7643c033 refactor services to v1beta3 2014-11-04 14:23:53 -05:00
Clayton Coleman
09cfa364c5 Refactor Get and Describe to allow extension of types 
Get should use ResourceMapper, allow Printer to be abstracted,
and extract Describe as *Describer types.
 2014-11-04 10:44:56 -05:00
Eric Tune
1668c6f107 Authorization based on namespace, kind, readonly. 
Also, pass Authorizer into master.Config.
 2014-11-03 17:45:15 -08:00
Justin SB
9a053a4b59 Initial ipv6 / iptables work 2014-11-03 15:23:04 -08:00
Erik St. Martin
f75f2bbc0f Fixes #1612 kubelet should fail to start if it cannot create rootDir 2014-11-03 14:44:46 -05:00
bgrant0607
2ab2911856 Merge pull request #2083 from lavalamp/eventing2 
Add events to kubecfg's list of resource types
 2014-10-31 13:40:58 -07:00
Eric Tune
55c2d6bbbb Add basic Authorization. 
Added basic interface for authorizer implementations.
Added default "authorize everything" and "authorize nothing
implementations.
Added authorization check immediately after authentication check.
Added an integration test of authorization at the HTTP level of
abstraction.
 2014-10-31 12:04:33 -07:00
Brendan Burns
893291d81d Merge pull request #1997 from ddysher/split-master 
Separate minion controller from master.
 2014-10-31 11:23:58 -07:00
Brendan Burns
c6df93d76e Merge pull request #2082 from lavalamp/fix 
Fix self linking of objects returned in lists.
 2014-10-30 21:43:31 -07:00