github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
95,536 Commits 1 Branch 31 Tags 1,019 MiB
23ef9b51a8
Commit Graph

3291 Commits

Author SHA1 Message Date
Samuel Davidson
c70cd1e82f Changed readonly to true and type to File for authn/authz config. 2020-03-25 17:45:27 -07:00
Yaseen Hamdulay
58f78a53ee Add ssh_redirect_user 2020-03-24 11:30:48 +00:00
Kubernetes Prow Robot
de877ec26e
Merge pull request #89327 from aojea/conntrack 
cluster: ipvs conntrack module vs kernel version
 2020-03-22 13:28:44 -07:00
Antonio Ojea
33810a99d9 cluster: ipvs conntrack module vs kernel version 
We should use 'nf_conntrack' instead of 'nf_conntrack_ipv4'
for linux kernel >= 4.19
 2020-03-21 11:23:28 +01:00
Yu Liao
50c0827856 infra_container is passed in as env variable 2020-03-20 10:50:25 -07:00
Jakub Przychodzeń
f48268d13b Util script - move variables setting for replicated master to outer if 2020-03-20 12:42:44 +01:00
Jefftree
936f7665cf network proxy alpha -> beta 2020-03-19 11:49:47 -07:00
yaseenhamdulay
5de3c64ad0 Create etcd user in cloud-init master.yaml rather than in configure-helper.sh 
An etcd unix user is currently created in configure-helper.sh if it does not exist
on the master.

cloud-init is the only supported mechanism to add users on COS VMs. If an attempt
is made to add a key using OS Login or the instance metadata mechanism the
google_accounts_daemon will race with useradd and potentially attempt to use
the same UID. This will lock out any attempt to SSH into the VM. We therefore
migrate to using cloud-init to create this user and prevent this issue from occurring.
 2020-03-19 11:05:42 +00:00
Kubernetes Prow Robot
f899ad704a
Merge pull request #89069 from enj/enj/i/drop_password_file 
Remove support for basic authentication
 2020-03-18 22:24:20 -07:00
jingyih
f9e0e4c6b4 Update default etcd server to 3.4.4 2020-03-18 00:27:46 -07:00
Kubernetes Prow Robot
8055c92e26
Merge pull request #88125 from mwwolters/flex2healthz 
Switch flexvolume_node_setup.sh from kubelet RO port to healthz port
 2020-03-17 16:20:07 -07:00
Kubernetes Prow Robot
a6f209c1c0
Merge pull request #86259 from rajansandeep/corednsto1.6.6-kube-up 
Bump CoreDNS version to 1.6.7 [kube-up]
 2020-03-17 16:19:26 -07:00
Kubernetes Prow Robot
ff21f45680
Merge pull request #89095 from losipiuk/lo/ca-1.18.0 
Bump Cluster-Autoscaler to 1.18.0
 2020-03-13 07:04:40 -07:00
Joe Betz
23c358d883
Fix unbound variable error in gce/configure.sh 
Looks like UBUNTU_INSTALL_RUNC_VERSION should be optional here.
 2020-03-12 16:41:25 -07:00
Łukasz Osipiuk
c957b2509f Bump Cluster-Autoscaler to 1.18.0 2020-03-12 21:33:18 +01:00
Monis Khan
df292749c9
Remove support for basic authentication 
This change removes support for basic authn in v1.19 via the
--basic-auth-file flag.  This functionality was deprecated in v1.16
in response to ATR-K8S-002: Non-constant time password comparison.

Similar functionality is available via the --token-auth-file flag
for development purposes.

Signed-off-by: Monis Khan <mok@vmware.com>
 2020-03-11 20:55:47 -04:00
Łukasz Osipiuk
6be4d0a705 Bump Cluster-Autoscaler to cluster-autoscaler:v1.18.0-beta.1 2020-03-11 16:16:30 +01:00
Kubernetes Prow Robot
988982a1f7
Merge pull request #88048 from mtaufen/provider-info-e2etest 
Add e2e test for validating JWTs as OIDC tokens
 2020-03-06 17:59:34 -08:00
Kubernetes Prow Robot
b9cd76519e
Merge pull request #88869 from Jefftree/egress_flag 
[Network Proxy] Allow both grpc and http-connect mode to be toggled in kube-up
 2020-03-05 21:40:05 -08:00
Jefftree
6fd748e2c5 exit if KONNECTIVITY_SERVICE_PROXY_PROTOCOL_MODE is set incorrectly 2020-03-05 16:59:55 -08:00
Jefftree
06abedb063 Allow both GRPC and http-connect mode to be toggled 2020-03-05 16:16:59 -08:00
Charles Eckman
aee9fde751 Add e2e test for validating JWTs as OIDC tokens 
Adds an E2E test to deploy an agnhost container that runs the test.

Co-authored-by: Michael Taufen <mtaufen@google.com>
 2020-03-05 13:58:52 -08:00
Sandeep Rajan
5ce4198152 update coredns to 1.6.7 2020-03-05 16:55:28 -05:00
Chao Xu
7d86217043 Use the v0.0.8 network proxy images 2020-03-05 09:54:19 -08:00
Aleksandra Malinowska
472a935294 Update Cluster Autoscaler version to 1.18.0-gke.0 2020-03-03 14:42:25 +01:00
Jefftree
2a98cb7f8b Use GRPC mode for network proxy 2020-03-02 15:54:52 -08:00
Jefftree
0989770135 Update network proxy to v0.0.7 2020-03-02 10:09:00 -08:00
Jefftree
4c54241c3d Support token authentication for network proxy 2020-03-01 17:24:48 -08:00
Kubernetes Prow Robot
641616362d
Merge pull request #88133 from julianvmodesto/dry-run-tests 
Cleanup --dry-run values in tests, docs, and scripts
 2020-02-27 11:33:42 -08:00
Kubernetes Prow Robot
831dae75bf
Merge pull request #88185 from vinayakankugoyal/appendandreplace 
append_or_replace_prefixed_line in /cluster/gce/gci/configure-helper.…
 2020-02-26 13:33:19 -08:00
Mateusz Matejczyk
98df9d9db6 Make sig-scalability reviewers / approvers of cluster/gce 
Justification: Our CI/CD tests are based on gce provider, people from our sig are in top contributors for this directory.
 2020-02-25 13:18:32 +01:00
Vinayak Goyal
388ebfe7d0 append_or_replace_prefixed_line in /cluster/gce/gci/configure-helper.sh fails for prefixes that contain quotes and = sign. 2020-02-24 17:35:36 -08:00
Kubernetes Prow Robot
6461e6f4fb
Merge pull request #87179 from Jefftree/netproxy-uds 
UDS + GRPC Support for Network Proxy
 2020-02-20 21:20:32 -08:00
Jefftree
725d2b6a8f Network Proxy: GRPC + HTTP Connect with UDS 2020-02-20 10:19:37 -08:00
Kubernetes Prow Robot
72b04eff8e
Merge pull request #88281 from cheftako/master 
Update default cos image to include runc-1.0.0-rc10
 2020-02-18 15:33:02 -08:00
Walter Fender
ae0e1b0ca2 Update default cos image to include runc-1.0.0-rc10 2020-02-18 11:24:39 -08:00
Julian V. Modesto
d97169f59a Clean up --dry-run values. 
- Clean up --dry-run values in tests, docs, and scripts
- Fix --dry-run for auth reconcile and add a test
 2020-02-15 00:43:30 -05:00
Benjamin Elder
4454ce6f37 fix shellcheck failures in health-monitor.sh 2020-02-14 16:12:18 -08:00
Kubernetes Prow Robot
289bbaa1bb
Merge pull request #88102 from cheftako/cos-runc 
Switch test COS image to include runc-1.0.0-rc10 fix.
 2020-02-13 18:24:17 -08:00
Kubernetes Prow Robot
461a494f69
Merge pull request #87907 from pjh/configure-windows-gce-carefully 
Separate containerd install from config, and other cleanups
 2020-02-13 16:55:01 -08:00
Walter Fender
0da08ffd6a Updated test cos image to include runc-1.0.0-rc10 2020-02-13 15:02:56 -08:00
Mark Wolters
ba74c1cfb4 Switch flexvolume_node_setup.sh from kubelet RO port to healthz port 2020-02-13 09:58:51 -08:00
Yu-Ju Hong
bcd975aa65 Replace Beta OS/arch labels with the GA ones 
Beta OS/arch labels have been deprecated since 1.14.
This change replaces these labels with the GA ones.
 2020-02-13 09:38:51 -08:00
Peter Hornyack
d61e90b0ee Separate containerd install from config, and other cleanups 2020-02-12 10:57:14 -08:00
Kubernetes Prow Robot
78a02a223d
Merge pull request #88010 from dims/support-for-adding-test-handler-for-containerd 
Support for adding test-handler for containerd
 2020-02-11 23:15:58 -08:00
Kubernetes Prow Robot
04cfa4981a
Merge pull request #87463 from mwwolters/healthmon2healthz 
Migrate health monitor from read only port to healthz port
 2020-02-11 17:06:08 -08:00
Davanum Srinivas
8f764b113e
Support for adding test-handler for containerd 2020-02-10 20:43:40 -05:00
Davanum Srinivas
da024f9a57
Ability to override versions of containerd/runc 2020-02-08 20:20:15 -05:00
Davanum Srinivas
acd286d95d
Install containerd package depending on CONTAINER_RUNTIME 2020-02-08 17:53:37 -05:00
Davanum Srinivas
c4ef6a94b3
Add gid to config.toml only when docker group is present 
If we don't install docker and install just containerd apt packages,
there is no docker group. In this scenario, we should not add the gid to
config.toml
 2020-02-08 17:53:37 -05:00
Kubernetes Prow Robot
c90fd17642 Merge pull request #87701 from yliaog/windep 
added env var WINDOWS_CNI_STORAGE_PATH and WINDOWS_CNI_VERSION
 2020-02-08 02:59:52 -08:00
Yu Liao
81252a6d78 added env var WINDOWS_CNI_STORAGE_PATH and WINDOWS_CNI_VERSION 2020-02-07 12:44:13 -08:00
Davanum Srinivas
2c93aa6ec3
Ensure kubectl is available in PATH by explicitly exporting the script 2020-02-07 09:05:07 -05:00
Kubernetes Prow Robot
ab97b666e2
Merge pull request #87902 from apelisse/ensureexist-limit-range-gce 
gce-addons: Make sure default/limit-range doesn't get overridden
 2020-02-07 00:08:29 -08:00
Antoine Pelisse
e41f2ccd41 gce-addons: Make sure default/limit-range doesn't get overridden 2020-02-06 12:10:12 -08:00
Davanum Srinivas
f20e17e9dd
python snippets should work on both old and new python versions 2020-02-05 11:22:56 -05:00
Kubernetes Prow Robot
4601189105
Merge pull request #87761 from dims/ensure-specified-container-runtimes-are-present 
Ensure specified container runtimes are present
 2020-02-05 01:08:09 -08:00
Davanum Srinivas
dc3f31569e
Ensure specified container runtimes are present 2020-02-03 13:40:57 -05:00
Davanum Srinivas
ee3f897ca7
update network-y stuff for supporting ubuntu/bionic as master 
On bionic, we don't have eth0 hard coded. example below, so we use `ip
route` to figure out the default ethernet interface
```
dims@kubernetes-master:~$ ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 42:01:0a:80:00:23 brd ff:ff:ff:ff:ff:ff
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
    link/ether 02:42:b2:4e:dd:86 brd ff:ff:ff:ff:ff:ff
```

Also, bionic uses systemd-resolver by default and adds entries in
/etc/resolv.conf that CoreDNS does not link. So follow the
recommendation in the documentation to specify resolv.conf explicitly
 2020-02-02 19:23:10 -05:00
Kubernetes Prow Robot
a77ed7234c
Merge pull request #87629 from pjh/gcp-windows-nodes-20200114 
Update GCP Windows node image versions
 2020-02-01 18:33:34 -08:00
Jeffrey Ying
2eb48f6049
Reduce default CPU requirement for konnectivity server 
Our network proxy [e2e job](https://k8s-testgrid.appspot.com/sig-api-machinery-network-proxy#ci-kubernetes-e2e-gci-gce-network-proxy) is failing because we are requesting more resources than available on the system. 

The test clusters are consuming exactly 970m CPU resources without the konnectivity-server pod. Requesting 40m exceeds the 1000m limit and causes all tests to fail.
 2020-01-31 10:45:21 -08:00
Peter Hornyack
cc7799a437 Update GCP Windows node image versions 
- Makes Windows Server 2019 the default version for Windows clusters on
  GCP, since 1809 will be EOL in a few months.
- Adds Windows Server version 1909 as a Windows node choice.
- Use Windows images with updates from January 2020.
- Cleans up the code that sets the node image.
 2020-01-31 10:29:39 -08:00
Kubernetes Prow Robot
fa4bc10ef1
Merge pull request #86793 from prameshj/gce-finalizer 
Attach a new finalizer in GCE ILB creation.
 2020-01-30 21:20:32 -08:00
Kubernetes Prow Robot
9f44f7ecc2
Merge pull request #87632 from pjh/multi-arch-smoke-test 
Update GCE Windows smoke-test script to work with 1909 nodes.
 2020-01-30 16:59:43 -08:00
Kubernetes Prow Robot
3ea368e53c
Merge pull request #87652 from dims/bump-default-gci-image-to-cos-77-12371-114-0 
Update GCI_VERSION to cos-77-12371-114-0 as older image is deprecated
 2020-01-30 05:06:25 -08:00
Davanum Srinivas
2686087888
Update GCI_VERSION to cos-77-12371-114-0 as older image is deprecated 
details about the image are here:
https://cloud.google.com/container-optimized-os/docs/release-notes/m77#cos-77-12371-141-0
 2020-01-29 11:18:42 -05:00
Stephen Augustus
1174e6698e cni: Update CNI version to v0.8.5 
Signed-off-by: Stephen Augustus <saugustus@vmware.com>
 2020-01-29 04:41:29 -05:00
Stephen Augustus
96f2588b61 cni: Update CNI download URLs to use new GCS bucket (k8s-artifacts-cni) 
Signed-off-by: Stephen Augustus <saugustus@vmware.com>
 2020-01-29 02:32:22 -05:00
Peter Hornyack
cb942c23a7 Update GCE Windows smoke-test script to work with 1909 nodes. 2020-01-28 17:07:59 -08:00
Pavithra Ramesh
1de2327afc Attach a new finalizer in GCE ILB creation. 
Add logic in service_controller to skip create/update
if finalizer from a different controller is found.

The newly added finalizer will be checked by other controllers
implementing ILB services to determine if a given service is
already being managed by service_controller.

Moved finalizer check into cloudprovider code.

added unit test to verify new finalizer.

Modified existing unit test to create a fake service so that
attach/remove finalizer step can be tested.
 2020-01-28 15:02:19 -08:00
Kubernetes Prow Robot
324b5921c1
Merge pull request #87529 from cheftako/master 
Added relevent approvers and reviewers for gci.
 2020-01-25 11:49:02 -08:00
Kubernetes Prow Robot
15f96a807a
Merge pull request #86305 from saschagrunert/cri-tools 
Update cri-tools to v1.17.0
 2020-01-24 12:18:32 -08:00
Walter Fender
b2f3236771 Added relevent approvers and reviewers for gci. 
Adding new approver and reviewers for the gci scripts.
 2020-01-24 09:29:35 -08:00
Kubernetes Prow Robot
90da466221
Merge pull request #87504 from cheftako/master 
Fix issue with GCE scripts assuming Python2.
 2020-01-24 03:03:19 -08:00
Walter Fender
1dd53fd3ba Fix issue with GCE scripts assuming Python2. 
For bug #87482.
Newer OSs are now defaulting to Python3.
This breaks the kube-up scripts for GCE.
Adding code to detect this and explicitly use Python2.
 2020-01-23 15:05:04 -08:00
Kubernetes Prow Robot
0255614f29
Merge pull request #87478 from cadmuxe/cni-plugin 
Add env var(CNI_TAR_PREFIX) for cni install.
 2020-01-23 02:54:49 -08:00
Koonwah Chen
cfd61e801b Add env var(CNI_TAR_PREFIX) for cni install. 
cni release has changed the prefix, add a var to make this configurable.
 2020-01-22 15:14:31 -08:00
Mark Wolters
aee028dab8 Migrate health monitor from read only port to healthz port 2020-01-22 10:52:08 -08:00
Yu Liao
368fe70aed bumped pause-win to 1.1.0 2020-01-21 13:42:00 -08:00
Kubernetes Prow Robot
34e090187c
Merge pull request #87032 from awly/preload-gke-exec-plugin 
Allow a preloaded gke-exec-auth-plugin
 2020-01-16 13:14:52 -08:00
Janek Łukaszewicz
a9e5fd6623 Revert "Revert "Add an option to specify kubelet flags for heapster node."" 
This reverts commit 00ea8c4f9e.
 2020-01-14 12:53:25 +01:00
Sascha Grunert
7e5e7c141c
Update cri-tools to v1.17.0 
Update the crictl binaries to the latest release

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
 2020-01-14 08:36:20 +01:00
Andrew Lytvynov
71966adfc3 Allow a preloaded gke-exec-auth-plugin 2020-01-09 10:37:43 -08:00
Peter Hornyack
9b17de7462 Repair smoke-test for Windows GCE clusters 2020-01-08 14:00:50 -08:00
Kubernetes Prow Robot
8727eef79c
Merge pull request #85836 from YangLu1031/master 
Add instructions about how to bring up e2e test cluster
 2020-01-02 14:31:41 -08:00
Kubernetes Prow Robot
277523b77f
Merge pull request #85868 from logicalhan/readyz 
swap over kube-apiserver manifest to use livez and readyz
 2019-12-21 14:23:32 -08:00
Yang Lu
b88788b085 update to use e2e-up.sh instead of kubetest 2019-12-19 20:03:49 -08:00
Yang Lu
b4f5238535 Add instructions about how to use kubetest to bring up e2e test cluster 2019-12-19 15:09:34 -08:00
Peter Hornyack
0ae8b6ba59 Update subnet mask calculation for compatibility with future VNIC changes 2019-12-19 14:55:10 -08:00
Han Kang
0e786cbafc swap over kube-apiserver manifest to use livez and readyz 
Change-Id: I90df19b58b0d4d3004dcc3ca3002b099845dfe3a
 2019-12-19 13:52:23 -08:00
Kubernetes Prow Robot
127c47caf4
Merge pull request #85512 from serathius/remove-cluster-monitoring 
Remove cluster-monitoring
 2019-12-17 21:05:57 -08:00
Kubernetes Prow Robot
4a62b3ac6d
Merge pull request #86329 from mml/core_pattern 
Set core_pattern to an absolute path.
 2019-12-17 19:48:11 -08:00
Lantao Liu
c229c78af7 Upload containerd logs to stackdriver 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-12-12 11:49:14 -08:00
Matt Liggett
ec24d3c7e8 Set core_pattern to an absolute path. 
Change-Id: I71e848783c05dc75b2232e05dd2ed3aa9a983e23
 2019-12-11 15:05:48 -08:00
Nikolaos Moraitis
00ea8c4f9e
Revert "Add an option to specify kubelet flags for heapster node." 2019-12-11 11:19:13 +01:00
Marek Siarkowicz
31fb04fa98 Remove cluster-monitoring 
Heapster is deprecated and no longer supported
 2019-12-09 11:25:20 +01:00
Kubernetes Prow Robot
616fce7839
Merge pull request #85797 from oxddr/taint-heapster 
Add an option to specify kubelet flags for heapster node.
 2019-12-06 07:20:50 -08:00
Janek Łukaszewicz
39cb8222c7 Add an option to specify kubelet flags for heapster node. 
Useful in scalability tests, where we don't want test pods (e.g. Kubemark hollow
nodes) to be scheduled on heapster node.
 2019-12-06 12:44:26 +01:00
Kubernetes Prow Robot
a6f41a46a5
Merge pull request #85827 from barney-s/fix-windows-fluentd-config-hostname 
Replace the hostname in the fluentd config file even if the file exists
 2019-12-05 17:15:27 -08:00
barney-s
dd7430134a
Removing conditional check 
Addressing review comment. Removing conditional check for fluentd config file path.
 2019-12-05 10:35:47 -08:00
Zihong Zheng
5463eda704 Migrate OWNERS file to apply the area/provider/gcp label 2019-12-04 17:05:43 -08:00
Peter Hornyack
cff9751112 Update GCE Windows startup scripts for TPM-based authentication 
"Shielded" nodes have a virtual TPM attached which is used for
generating the client certificate, instead of using a bootstrap
kubeconfig. Determining which to use happens during node startup based
on the instance metadata.
 2019-12-04 13:57:59 -08:00
Kubernetes Prow Robot
95a3cd54cf
Merge pull request #82720 from hwdef/add-err-handling-in-gce-gci 
add err handling in gce/gci
 2019-12-02 22:56:57 -08:00
hwdef
e581be1ec7 add err handling in gce/gci 2019-12-03 09:34:41 +08:00
Barni S
a70a534736 Replace the hostname in the fluentd config file even if the file exists 2019-12-02 16:04:52 -08:00
Lantao Liu
e687bf4fe9 Use GCS bucket for crictl on windows. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-12-02 14:11:48 -08:00
Kubernetes Prow Robot
fe2ee4f09e
Merge pull request #85396 from Random-Liu/windows-containerd-on-gce 
Add containerd windows support on GCE for test.
 2019-12-02 12:22:57 -08:00
Kubernetes Prow Robot
82ee37f3e1
Merge pull request #85610 from losipiuk/lo/ca-1.17-beta.1-master 
Bump Cluster Autoscaler version to 1.17.0
 2019-11-30 08:01:03 -08:00
Łukasz Osipiuk
b1b9e6254a Bump Cluster Autoscaler version to 1.17.0 2019-11-29 13:58:20 +01:00
Yu Liao
bbc49d6b1f catch the exception raised in Remove-HnsPolicyList 2019-11-27 15:43:39 -08:00
Lantao Liu
ee2418c7aa Move hostdns.conf out of cni directory. 2019-11-27 11:48:58 -08:00
Lantao Liu
e66f4ca537 Add containerd windows support on GCE for test. 2019-11-27 11:48:58 -08:00
Kubernetes Prow Robot
a3a2c4230d
Merge pull request #85496 from tanjunchen/fix-invalid-urls 
fix 1-12 number urls
 2019-11-25 15:25:10 -08:00
Kubernetes Prow Robot
225aa3aa70
Merge pull request #85404 from yliaog/windows 
added yliaog to OWNERS
 2019-11-22 17:30:55 -08:00
tanjunchen
8f4a262d61 fix 1-12 number urls 2019-11-21 11:17:46 +08:00
Yang Lu
0965b577f4 Wait for kubelet & kube-proxy to be ready within 10s 2019-11-18 16:39:47 -08:00
Yu Liao
be78dd7526 added yliaog to OWNERS 2019-11-17 21:46:35 -08:00
Kubernetes Prow Robot
c213196f0a
Merge pull request #85014 from dekkagaijin/master 
let standalone npd use kubelet credentials
 2019-11-14 17:50:30 -08:00
Kubernetes Prow Robot
8af6906d1f
Merge pull request #85220 from liggitt/revert-licenses 
Revert #76586, restructure LICENSES file generation
 2019-11-13 14:52:11 -08:00
Kubernetes Prow Robot
d0f021524e
Merge pull request #85109 from rajansandeep/prepcorednsfor1.17-kube-up 
Bumps CoreDNS to 1.6.5 and updates manifest for kube-up
 2019-11-13 13:03:30 -08:00
Kubernetes Prow Robot
814ebe7678
Merge pull request #85084 from barney-s/win-stackdriver-startup-fix 
Reorder stackdriver setup in windows startup script
 2019-11-13 09:27:27 -08:00
Kubernetes Prow Robot
c68d04ffb4
Merge pull request #85018 from yliaog/windep 
Windep
 2019-11-13 09:27:08 -08:00
Jordan Liggitt
cd4474ae4f Revert "76093 restructure LICENSES file generation" 
This reverts commit d39ac98cc5.
 2019-11-13 10:24:32 -05:00
Ji Shan Xing
d39ac98cc5 76093 restructure LICENSES file generation 2019-11-12 20:38:57 -05:00
Yu Liao
2552837850 serve hns.psm1 StackdriverLogging-v1-9.exe GetGcePdName.dll from GCS 2019-11-12 17:04:10 -08:00
Sandeep Rajan
d2d67bc406 update coredns version to 1.6.5, update manifest and corefile-migration version 2019-11-12 13:41:36 -05:00
Xing Yang
3324722e07 VolumeSnapshot CRD v1beta1: Enable VolumeSnapshotDataSource feature gate and update e2e tests 2019-11-11 02:34:24 +00:00
Jake Sanders
42a06f58c6 let standalone npd use kubelet credentials 
Signed-off-by: Jake Sanders <jsand@google.com>
 2019-11-08 14:50:41 -08:00
Barni S
b14612e346 Move stackdriver startup block after HNS stabilizes. Stackdriver is not functional if metadata-server doesnt respond. At this stage of the init script, metadata server is available 2019-11-08 17:28:12 -05:00
clarklee92
a2efefc820 Fix shell check 
https://github.com/koalaman/shellcheck/wiki/SC2068
https://github.com/koalaman/shellcheck/wiki/SC2086
https://github.com/koalaman/shellcheck/wiki/SC2164
Signed-off-by: clarklee92 <clarklee1992@hotmail.com>
 2019-11-08 10:39:34 +08:00
Kubernetes Prow Robot
7a1eaa112e
Merge pull request #84696 from dims/BenTheElder-byebyehacke2e 
Remove hack/e2e.go
 2019-11-07 09:05:04 -08:00
Kubernetes Prow Robot
c7869131dd
Merge pull request #84744 from immutableT/isolate-etcd-config 
Isolate configuration of etcd related parameters into a separate function.
 2019-11-05 15:31:29 -08:00
Kubernetes Prow Robot
8ff16f35f8
Merge pull request #84007 from wojtek-t/reduce_node_update_frequency 
Reduce node update frequency
 2019-11-04 15:28:43 -08:00
immutablet
f7bd5455fe Isolate configuration of etcd related parameters into a separate function. 2019-11-04 13:55:31 -08:00
Kubernetes Prow Robot
7b6369c803
Merge pull request #84249 from odinuge/bump-shellcheck 
Bump shellcheck to v0.7.0
 2019-11-04 06:19:40 -08:00
Benjamin Elder
83c56a0373
remove hack/e2e.go 2019-11-03 19:36:59 -05:00
wojtekt
12c8b4a9df Bumpd NodeProblemDetector 2019-11-03 08:50:22 +01:00
immutablet
576edaf072 Refactor tests for configure-helper.sh by moving environment config to testdata. 2019-11-01 13:57:54 -07:00
Kubernetes Prow Robot
382f28ac63
Merge pull request #84538 from yliaog/windows 
switched to use the pause image served from gcr
 2019-10-30 21:56:26 -07:00
Kubernetes Prow Robot
e1d3cc74e5
Merge pull request #84329 from jingyih/update_etcd_server_to_3.4 
Update default etcd server to 3.4.3
 2019-10-30 02:30:52 -07:00
Kubernetes Prow Robot
ccf31742ea
Merge pull request #84496 from yliaog/windown 
download cni plugin from gcs bucket
 2019-10-29 19:55:07 -07:00
Yu Liao
6ca8bd4103 moved Pull-InfraContainer to the last 2019-10-29 16:00:39 -07:00
Kubernetes Prow Robot
6170296b66
Merge pull request #84383 from prameshj/patch-3 
Use DNS_SERVER_IP as --cluster-dns in all cases.
 2019-10-29 15:38:52 -07:00
Yu Liao
f574071b8c switched to use the pause image served from gcr 2019-10-29 14:25:31 -07:00
prameshj
328f8dfe12 Use DNS_SERVER_IP as --cluster-dns in all cases. 
NodeLocalDNS addon listens on both DNS_SERVER_IP as well as LOCAL_DNS_IP. So cluster-dns flag can continue to be DNS_SERVER_IP in all cases.
Documented the various variables in the yaml.
 2019-10-29 12:38:46 -07:00
Yu Liao
573bf5cd49 switch cni plugin download to be from gcs bucket 2019-10-29 10:23:14 -07:00
Kubernetes Prow Robot
a8e819746d
Merge pull request #83442 from serathius/remove-prometheus-addon 
Remove prometheus addon
 2019-10-29 01:34:43 -07:00
Jingyi Hu
706cde51c5 Update default etcd server to 3.4.3 2019-10-28 18:29:37 -07:00
Yu Liao
18f48e2cf6 removed powershell-yaml module dependency 2019-10-28 13:26:11 -07:00
Kubernetes Prow Robot
85222a4aa2
Merge pull request #83863 from mrbobbytables/update-cluster-owners 
Prune inactive members from cluster/* OWNERS files.
 2019-10-24 14:17:39 -07:00
Odin Ugedal
cce1f32ea5
Fix shellcheck failures SC2034 2019-10-23 22:47:46 +02:00
Kubernetes Prow Robot
b084336460
Merge pull request #81073 from mborsz/cnat 
Few improvements to Cloud NAT
 2019-10-23 05:08:14 -07:00
Kubernetes Prow Robot
13de6868fe
Merge pull request #81075 from mborsz/mtls 
Add mtls support to add/remove-replica
 2019-10-22 23:18:13 -07:00
Maciej Borsz
7ee8a02eee Add mtls support to add/remove-replica 2019-10-22 14:59:16 +02:00
Maciej Borsz
afbe1898e7 Few improvements to cloud nat 2019-10-22 13:58:46 +02:00
Kubernetes Prow Robot
2591ff46a6
Merge pull request #83585 from lzang/master 
Remove the assumption of pod cidr of /24 in the gce window node start…
 2019-10-21 12:38:19 -07:00
Kubernetes Prow Robot
ec63e099ba
Merge pull request #84018 from rramkumar1/update-glbc 
Update glbc.manifest to v1.6.1
 2019-10-18 15:21:50 -07:00
Rohit Ramkumar
13c7dfa0ed Update glbc.manifest to v1.6.1 2019-10-18 11:54:42 -04:00
Łukasz Osipiuk
efe79f28cf Update Cluster Autoscaler version to 1.16.2 2019-10-17 12:19:36 +02:00
Kubernetes Prow Robot
f82e7a0d72
Merge pull request #83974 from dhuh/updatedcosversion 
Updated COS version to M77 and includes fixes to ensure scalability tests pass
 2019-10-16 11:38:16 -07:00
Kubernetes Prow Robot
99d40d3d44
Merge pull request #80137 from ialidzhikov/enh/better-naming 
Rename dashboard-controller.yaml to dashboard-deployment.yaml
 2019-10-16 05:51:41 -07:00
Kubernetes Prow Robot
b08cd34bfe
Merge pull request #83753 from immutableT/configure-kas 
Isolate the logic related to the configuration of kube-apiserver into a separate script.
 2019-10-15 23:05:48 -07:00
David Huh
90862aaf3f Updated COS version to M77 2019-10-15 22:23:53 +00:00
ialidzhikov
b3dcbbf98c Rename dashboard-controller.yaml to dashboard-deployment.yaml 
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>
 2019-10-15 13:55:06 +03:00
Joe Betz
c92bd5e7b5 Upgrade to etcd server 3.3.17 2019-10-13 17:17:15 -07:00
Bob Killen
1e3570be4b
Prune inactive members from cluster/* OWNERS files. 2019-10-12 16:55:52 -04:00
immutablet
b6b55519ca Isolate the logic related to the configuration of kube-apiserver into a separate script. 2019-10-11 11:34:09 -07:00
Zang Li
f1ad24b0be Remove the assumption of pod cidr of /24 in the gce window node start up script. 2019-10-07 12:18:37 -07:00
Kubernetes Prow Robot
00096d8fed
Merge pull request #83366 from mwwolters/admission-control-flag 
Switch from admission-control flag to enable-admission-plugins
 2019-10-05 04:35:11 -07:00
Kubernetes Prow Robot
fcaa0073f0
Merge pull request #83518 from mtaufen/cluster-owners 
add mtaufen to cluster/gce owners
 2019-10-05 00:59:49 -07:00
Kubernetes Prow Robot
52a3cb06ef
Merge pull request #82845 from prameshj/custom-nodelocal 
Update nodelocaldns yaml to use image with custom Stubdomains support
 2019-10-04 16:31:13 -07:00
Michael Taufen
53a83f5a8d add mtaufen to cluster/gce owners 2019-10-04 16:25:06 -07:00
Marek Siarkowicz
887e84e330 Remove Prometheus addon and it's tests 
Prometheus addon was developed for exterimental and test purpose only.
As readme states it should not be used by anyone.
 2019-10-03 14:15:58 +02:00
Jacek Kaniuk
46e7a14227 Ability to set up additional, bigger nodes during tests 2019-10-03 12:20:06 +02:00
Maciej Borsz
2d9a9f7713
Revert "Revert "Revert "[Re-Apply][Distroless] Convert the GCE manifests for master containers.""" 2019-10-02 09:22:02 +02:00
Mark Wolters
f7bf17bc2f Switch from admission-control flag to enable-admission-plugins 2019-10-01 09:21:33 -07:00
Kubernetes Prow Robot
6610260cc4
Merge pull request #78466 from yuwenma/revert-77904-revert-76396-reapply-75624 
Revert "Revert "[Re-Apply][Distroless] Convert the GCE manifests for master containers.""
 2019-10-01 01:21:33 -07:00
Kubernetes Prow Robot
b215562a70
Merge pull request #83205 from zhenglol/zhengch_event_exporter_to_sd 
Use $STACKDRIVER_ENDPOINT to set exporter sd endpoint
 2019-09-30 13:09:00 -07:00
Kubernetes Prow Robot
b281315450
Merge pull request #82856 from Random-Liu/update-crictl 
Update crictl to v1.16
 2019-09-26 14:40:23 -07:00
Zheng Chen
3972e5c3e7
using STACKDRIVER_ENDPOINT to set exporter sd endpoint according to cluster env 2019-09-26 14:00:59 -04:00
Lantao Liu
dfd5957713 Update crictl to v1.16.1. 2019-09-25 16:06:39 -07:00
Kubernetes Prow Robot
7266b1b487
Merge pull request #82801 from krzyzacy/auth-curl 
auth/cloud-platform is a superset of devstorage.
 2019-09-23 17:31:53 -07:00
Sen Lu
e3fdebbe62 auth/cloud-platform is a superset of devstorage. 
Also fix the curl in get-kube.sh
 2019-09-23 14:14:03 -07:00
Jacek Kaniuk
3d746aabdf Revert "Updated COS version to M77" 
This reverts commit bc3f4b269a
which caused regression in scalability tests:
https://github.com/kubernetes/kubernetes/issues/83020
 2019-09-23 15:22:46 +02:00
Kubernetes Prow Robot
23ec5b6e9e
Merge pull request #82357 from beautytiger/fix_shellcheck_config-common.sh 
fix shellcheck in cluster/gce/config-common.sh
 2019-09-20 16:17:24 -07:00
Kubernetes Prow Robot
b9ba61b41a
Merge pull request #82766 from dhuh/master 
Updated COS version to M77
 2019-09-19 11:05:28 -07:00
Kubernetes Prow Robot
5cdf18e348
Merge pull request #82624 from qingling128/master 
Upgrade stackdriver-logging-agent image to 1.6.17 to fix CVEs.
 2019-09-18 17:30:59 -07:00
Shihang Zhang
42cb861487 exclude kms provider from health check 
Change-Id: Ie1f828b327c5eede8a0b105a8c3f8fc7affd6f3e
 2019-09-18 10:37:55 -07:00
Guangming Wang
cd929a98a0 fix shellcheck in cluster/gce/config-common.sh 
add comment for exported values
 2019-09-19 00:03:16 +08:00
David Huh
bc3f4b269a Updated COS version to M77 2019-09-16 22:27:39 +00:00
Kubernetes Prow Robot
1bebaea417
Merge pull request #81061 from k-toyoda-pi/fix_shellcheck_flexvolume_node_setup 
Fix shellcheck failure in gce/gci/flexvolume_node_setup.sh
 2019-09-16 14:43:54 -07:00
Pavithra Ramesh
7a7f856e22 Support running custom nodelocaldns yaml in gce. 2019-09-12 12:53:53 -07:00
Ling Huang
dc9db4b413 Upgrade stackdriver-logging-agent image to 1.6.17 to fix CVEs. 
Change-Id: Ic37a8d3663d616e7d196353efd9a0164da724728
 2019-09-12 04:02:08 -04:00
Kubernetes Prow Robot
0dbb93125f
Merge pull request #82579 from mm4tt/etcd_expose_metrics 
Expose etcd metric port in tests
 2019-09-11 22:53:35 -07:00
Kubernetes Prow Robot
14e5ac8591
Merge pull request #82499 from filbranden/owners1 
Remove me from OWNERS for GCI
 2019-09-11 21:24:05 -07:00
Matt Matejczyk
fbbb4ebeca Expose etcd metric port in tests 
This is to allow scraping etcd metrics in scalabiblity tests.
This was already done in
https://github.com/kubernetes/kubernetes/pull/77657, but then the logic
got changed when introducing mtls in
https://github.com/kubernetes/kubernetes/pull/77561 and the new etcd
metric port 2382 is currently only exposed on localhost.

Ref. https://github.com/kubernetes/perf-tests/issues/786
 2019-09-11 13:57:00 +02:00
Kubernetes Prow Robot
f48659e9fd
Merge pull request #81681 from zhenglol/sd_test_endpoint 
override stackdriver endpoint in event-exporter in test cluster
 2019-09-10 14:32:00 -07:00
Łukasz Osipiuk
b27e0b54f1 Update Cluster Autoscaler version to 1.16.0 2019-09-09 19:12:31 +02:00
Filipe Brandenburger
c8f4e958e6 Remove me from OWNERS for GCI 
Signed-off-by: Filipe Brandenburger <filbranden@gmail.com>
 2019-09-09 09:39:05 -07:00
Kubernetes Prow Robot
1cdd0848ee
Merge pull request #82430 from losipiuk/lo/ca-1.16 
Update cluster autoscaler image to 1.16.0-beta.1
 2019-09-08 18:41:17 -07:00
Rob Scott
66196c1043
Improving GCE cluster up logic for EndpointSlice Controller 2019-09-06 09:49:32 -07:00
Łukasz Osipiuk
9332d11563 Update cluster-autoscaler image to v1.16.0-beta.1 2019-09-06 17:38:31 +02:00
Kubernetes Prow Robot
3a50184421
Merge pull request #82380 from robscott/endpointslice-e2e-tests 
Starting EndpointSlice Controller when all Alpha gates are enabled in cluster up
 2019-09-05 17:54:57 -07:00
Kubernetes Prow Robot
397ed0e825
Merge pull request #82314 from lzang/master 
Add dns capability to GCE window cluster
 2019-09-05 16:30:58 -07:00
Kubernetes Prow Robot
9614a85a2b
Merge pull request #81300 from liyanhui1228/sd_logging 
Install and start logging agent based on kube env
 2019-09-05 13:00:58 -07:00
Rob Scott
dc0c81a5f1
Ensuring endpointslice controller starts up as part of cluster up when all alpha feature gates are enabled 2019-09-05 09:16:13 -07:00
Kubernetes Prow Robot
c4c64673d7
Merge pull request #82199 from dims/update-to-etcd-3.3.15-0-image 
Update default etcd server to 3.3.15 for kubernetes 1.16
 2019-09-05 06:35:10 -07:00
Zang Li
2a3ab18654 Add dns capability to GCE window cluster 2019-09-04 18:45:25 -07:00
Angela Li
1d27242967 rebase 2019-09-04 15:32:25 -07:00
Angela Li
54d9f9a75b Add comment 2019-09-04 15:30:38 -07:00
Angela Li
f24749594b Adding ENABLE_STACKDRIVER_WINDOWS 2019-09-04 15:30:38 -07:00
Angela Li
53a2559e24 Install and start logging based on kube env 2019-09-04 15:30:38 -07:00
Kubernetes Prow Robot
4fdfa76ca9
Merge pull request #82142 from pjh/separate-fluentd-config 
Write the Stackdriver config separately from the installation.
 2019-09-03 16:01:11 -07:00
toyoda
5c724f6eaa fix shellcheck failure in gci/flexvolume_node_setup.sh 2019-09-03 16:56:25 +09:00
Davanum Srinivas
8fbfdf8267
Update default etcd server to 3.3.15 for kubernetes 1.16 
Change-Id: I68f1a5e5339d83077a1a9f312c4e6e33848886c5
 2019-08-30 21:29:45 -04:00
Kubernetes Prow Robot
7a7b8a7305
Merge pull request #82094 from tallclair/runtime-class-admission 
Enable the RuntimeClass admission controller on GCE & CI
 2019-08-30 08:00:12 -07:00
Kubernetes Prow Robot
7236850194
Merge pull request #82093 from rajansandeep/reconcilecorednscm 
Add the ability to migrate CoreDNS configmap in kube-up
 2019-08-30 07:59:56 -07:00
Peter Hornyack
9282e48ccc Write the Stackdriver config separately from the installation. 
This will let us preinstall the Stackdriver logging agent but still
configure it correctly when bringing up new Windows nodes.

The hostname in the config file looks the same before-and-after:
  "logging.googleapis.com/local_resource_id" ${"k8s_node.e2e-test-peterhornyack-windows-node-group-6tw6"}
  "logging.googleapis.com/local_resource_id" ${"k8s_node.e2e-test-peterhornyack-windows-node-group-mf5r"}
 2019-08-29 12:22:33 -07:00
Sandeep Rajan
8a7a8032b1 hardcoded check sha of corefile tool 2019-08-29 10:03:29 -04:00
Tim Allclair
a4f8ee17ee Enable the RuntimeClass admission controller on GCE & CI 2019-08-28 13:23:55 -07:00
Sandeep Rajan
3b6b7f99b0 add checksum 2019-08-28 16:03:28 -04:00
Zhen Wang
d874dbfcb1 Bump NPD version to v0.7 for GCI 2019-08-27 22:26:30 -07:00
Kubernetes Prow Robot
d52b212189
Merge pull request #79908 from wenjiaswe/remove-aggregator-ca-key 
Remove unused aggregator ca key
 2019-08-23 13:31:18 -07:00
Yu-Ju Hong
48cc836717 GCE/Windows: use "return" as "continue" for ForEach-Object 
Using `continue` would exit the current processing scope.
https://blogs.technet.microsoft.com/msftcam/2015/03/17/powershell-gotcha-foreach-object-and-continue/
 2019-08-21 15:44:40 -07:00
Zheng Chen
70a7134906
added override for sd testing env in event-exporter yaml 2019-08-20 16:29:15 -04:00
Sandeep Rajan
e57b867957 add coredns migration support to upgrade.sh 2019-08-20 14:37:59 -04:00
Peter Hornyack
3ac5c1565a Leave Windows Defender enabled for clusters on GCE 2019-08-19 16:55:00 -07:00
Kubernetes Prow Robot
2974adff27
Merge pull request #81337 from YangLu1031/master 
Add instruction for "Application Default Credentials" to run e2e tests locally
 2019-08-15 16:18:47 -07:00
Kubernetes Prow Robot
273e9262bb
Merge pull request #80342 from draveness/feature/remove-critical-pod-annotation 
feat: cleanup pod critical pod annotations feature
 2019-08-15 07:20:34 -07:00
Yang Lu
9d68d44e1f Add instruction for "Application Default Credentials" 2019-08-14 10:27:58 -07:00
Kubernetes Prow Robot
282b992e0c
Merge pull request #81074 from mborsz/ilb 
Experimental ILB support
 2019-08-09 06:25:26 -07:00
Maciej Borsz
cc4094d916 Experimental ILB support 2019-08-09 12:38:15 +02:00
Kubernetes Prow Robot
18b6ff3d65
Merge pull request #81106 from YangLu1031/updateImageVersion 
Update the Windows server core 1809 image to July version 0709
 2019-08-08 17:58:18 -07:00
draveness
495faa22db feat: cleanup pod critical pod annotations feature 2019-08-09 08:41:23 +08:00
Yang Lu
8bd0860c5c Update the Windows node image 1809 version to 0709 2019-08-07 12:36:04 -07:00
Walter Fender
ebb65c5f4c Get network-proxy working with GCE. 
Got the proxy-server coming up in the master.
Added certs and have it comiung up with those certs.
Added a daemonset to run the network-agent.
Adding support for agent running as a sameon set on every node.

Added quick hack to test that proxy server/agent were correctly
tunneling traffic to the kubelet.

Added more WIP for reading network proxy configuration.
Get flags set correctly and fix connection services.
Adding missing ApplyTo
Added ConnectivityService.
Fixed build directives. Added connectivity service configuration.
Fixed log levels.
Fixed minor issues for feature turned off.
Fixed boilerplate and format.
Moved log dialer initialization earlier as per Liggits suggestion.
Fixed a few minor issues in the configuration for GCE.
Fixed scheme allocation
Adding unit test.
Added test for direct connectivity service.

Switching to injecting the Lookup method rather than using a Singleton.
First round of mikedaneses feedback.
Fixed deployment to use yaml and other changes suggested by MikeDanese.

Switched network proxy server/agent which are kebab-case not camelCase.
Picked up DIAL_RSP fix.
Factored in deads2k feedback.
Feedback from mikedanese
Factored in second round of feedback from David.
Fix path in verify.
Factored in anfernee's feedback.
First part of lavalamps feedback.
Factored in more changes from lavalamp and mikedanese.

Renamed network-proxy to konnectivity-server and konnectivity-agent.
Fixed tolerations and config file checking.
Added missing strptr
Finished lavalamps requested rename.
Disambiguating konnectivity service by renaming it egress selector.

Switched feature flag to KUBE_ENABLE_EGRESS_VIA_KONNECTIVITY_SERVICE
 2019-08-06 23:09:49 -07:00
Maciej Borsz
e442a427f5 Update kube-addon-manager to v9.0.2. 2019-08-01 16:15:51 +02:00
Kubernetes Prow Robot
3be827e912
Merge pull request #77561 from wenjiaswe/fix-etcd-server 
Use HTTPS as etcd-apiserver protocol when mTLS is enabled
 2019-07-29 12:14:49 -07:00
Maciej Borsz
f1e6309560
Retry metadata requests in get-credentials and valid-storage-scope 2019-07-26 14:09:55 +02:00
Kubernetes Prow Robot
96594b6723
Merge pull request #80566 from BenTheElder/fix-image-ref 
fix kube-proxy manifest
 2019-07-25 22:36:36 -07:00
Kubernetes Prow Robot
bf2dd03083
Merge pull request #80318 from davidxia/fix-err-caps 
cleanup: fix some log and error capitalizations
 2019-07-25 10:41:28 -07:00
Benjamin Elder
1cf8a06d12 add reciprocal note about keeping manifests in sync 2019-07-25 00:44:11 -07:00
Kubernetes Prow Robot
0612c7de0b
Merge pull request #80232 from shihan9/gce 
remove function apply-encryption-config in configure-helper
 2019-07-24 13:50:19 -07:00
Taahir Ahmed
9702c6e6e9 GCP config: gke-exec-auth-plugin for ValidatingAdmissionWebhook 
This commit adds support for using `gke-exec-auth-plugin` (vTPM-based
certificates for mTLS) for webhooks when calling endpoints matching
`*.googleapis.com`, and integrates this support with
ValidatingAdmissionWebhook.

To enable it, request ValidatingAdmissionWebhook with
`ADMISSION_CONTROL=...,ValidatingAdmissionWebhook,...` (default) and
opt in to `gke-exec-auth-plugin` using `WEBHOOK_GKE_EXEC_AUTH=true`
during the configuration process.

If you don't opt-in, ValidatingAdmissionWebhook will be deployed as
before.

Requesting `WEBHOOK_GKE_EXEC_AUTH=true` will fail if you have not
provided other configuration variables:

  * `EXEC_AUTH_PLUGIN_URL`: controls whether `gke-exec-auth-plugin` is
    downloaded during the installation step.  A prerequisite for
    actually using the plugin.

  * `TOKEN_URL`, `TOKEN_BODY`, and `TOKEN_BODY_UNQUOTED`:
    configuration values used when calling the plugin.  `TOKEN_URL`
    and `TOKEN_BODY` have existing usage. `TOKEN_BODY_UNQUOTED` is a
    new variable that is meant to sidestep the problem of inverting
    `strconv.Quote` in Bash.

The existing configuration process for ImagePolicyWebhook has been
reworked to make it play nicely with ValidatingAdmissionWebhook under
`WEBHOOK_GKE_EXEC_AUTH=true`.

  * It originally placed the ImagePolicyWebhook configuration object
    at the top-level of the file specified by
    `--admission-control-config-file`.  I can't see why this worked;
    it must have been hitting some sort of lucky path through the
    various config file loading mechanisms.  Now, it places its
    configuration in a sub-field of that file, which is shared among
    all admission control plugins.

  * It mounted its various config files read-write.  I reviewed the
    code and couldn't see why it was necessary, so I moved the config
    files into the existing read-only mount at `/etc/srv/kubernetes`.

  * It now checks that all the configuration values it requires have
    been provided.

Co-authored-by: Mike Danese <mikedanese@google.com>
Co-authored-by: Taahir Ahmed <taahm@google.com>
 2019-07-22 16:01:37 -07:00
David Xia
fabfd950b1
cleanup: fix some log and error capitalizations 
Part of https://github.com/kubernetes/kubernetes/issues/15863
 2019-07-20 18:26:16 -04:00
Wenjia Zhang
2e61ae0c56 Use HTTPS as etcd-apiserver protocol when mTLS is enabled 2019-07-20 14:24:31 -07:00
Kubernetes Prow Robot
49f6510d9a
Merge pull request #80277 from draveness/feature/revert-cleanup-critical-pod 
Revert "feat: cleanup pod critical pod annotations feature"
 2019-07-18 19:31:37 -07:00
Javier Pérez Hernández
288ea10a59 gce: configure: use 'amd64' in kube core images manifest 2019-07-18 08:31:45 -07:00
draveness
d83526d253 Revert "feat: cleanup pod critical pod annotations feature" 
This reverts commit b6d41ee5cc.
 2019-07-18 13:31:12 +08:00
Shihang Zhang
e6607cc259 remove function apply-encryption-config in configure-helper 
Change-Id: I4df76abcc94eb222219968dc5e08655677d4623f
 2019-07-16 14:03:13 -07:00
Davanum Srinivas
6b06084df6
Drop -r for variable within loop 
using `local -r` will blow up, example output:
```
/home/kubernetes/bin/configure.sh: line 388: local: manifest_name: readonly variable
```

Change-Id: Id379180803d44dd9c7ac0da41c1cd56de0fe54a4
 2019-07-14 11:05:29 -04:00
Kubernetes Prow Robot
b9615d5bbc
Merge pull request #80054 from javier-b-perez/load-image 
cluster: configure: load images and add tags with no arch
 2019-07-13 15:37:03 -07:00
Javier Pérez Hernández
438ff151d4 cluster: configure: load images and add tags with no arch 2019-07-12 16:40:40 -07:00
Kubernetes Prow Robot
5be1efe9bd
Merge pull request #79447 from almos98/start-stackdriver-workaround 
Wait for StackdriverLogging service to stop before restarting it.
 2019-07-12 14:11:06 -07:00
Alexion Ramos
6edbb95f53 Wait for StackdriverLogging service to stop before restarting it. 2019-07-11 17:54:38 -07:00
draveness
b6d41ee5cc feat: cleanup pod critical pod annotations feature 2019-07-11 08:54:19 +08:00
Wenjia Zhang
5abd36824a Remove unused aggregator ca key 2019-07-08 17:22:25 -07:00
Kubernetes Prow Robot
4cabe6217f
Merge pull request #79626 from wenjiaswe/remove-etcd-ca-key 
Remove unnecessary ETCD_CA_KEY check
 2019-07-08 14:28:14 -07:00
Kubernetes Prow Robot
097681b619
Merge pull request #72206 from tallclair/audit-profile-test 
Audit profile test
 2019-07-05 19:00:35 -07:00
Tim Allclair
d06f849379 Audit policy test 2019-07-03 10:39:37 -07:00
Kubernetes Prow Robot
f9a7ca8bab
Merge pull request #79703 from mborsz/master_node_labels 
Add MASTER_NODE_LABELS
 2019-07-03 05:58:31 -07:00
Maciej Borsz
08f8d2ef46 Fix HA setup logic 2019-07-03 11:17:31 +02:00
Maciej Borsz
20d5bb4afe Add MASTER_NODE_LABELS 2019-07-03 09:39:14 +02:00
Kubernetes Prow Robot
5ee329c799
Merge pull request #77271 from krzysied/gce_instance_parallel 
Creating instance groups in parallel
 2019-07-02 05:45:08 -07:00
Wenjia Zhang
22591ad8f2 Remove unnecessary ETCD_CA_KEY check 2019-07-01 15:19:16 -07:00
Kubernetes Prow Robot
ed1f9748b1
Merge pull request #78727 from mborsz/script 
Modify kube-up to support cluster without nodes.
 2019-07-01 09:43:21 -07:00
Kubernetes Prow Robot
3f221551b6
Merge pull request #78728 from mborsz/firewall 
Modify firewall rules names to make them shorter.
 2019-07-01 07:23:34 -07:00
Maciej Borsz
5f10c284c8 Modify kube-up to support cluster without nodes. 2019-07-01 15:29:45 +02:00
Wei Huang
6f10758446
followup of 79262 to cleanup PodPriority leftover 2019-06-28 14:19:26 -07:00
Kubernetes Prow Robot
ed9f340add
Merge pull request #79305 from paivagustavo/clean-up-self-set-node-labels 
Clean up self-set node labels
 2019-06-27 11:37:21 -07:00
Koonwah Chen
46ff8e6b57 Add env var(CNI_STORAGE_PATH) for cni storage path. 2019-06-24 11:47:14 -07:00
Kubernetes Prow Robot
eee3e976d8
Merge pull request #78294 from vllry/kp-remove-resource-container 
Remove deprecated flag --resource-container from kube-proxy
 2019-06-22 00:38:12 -07:00
Kubernetes Prow Robot
fb1e9c0473
Merge pull request #79007 from wangzhen127/fix-npd-config 
Clean up node-problem-detector configuration for GCI
 2019-06-21 12:16:27 -07:00
Gustavo Paiva
ca3519c7ad Clean up selft-set node labels 2019-06-20 00:07:31 -03:00
Vallery Lancey
dc0f14312e Removed deprecated --resource-container flag from kube-proxy. 2019-06-16 08:36:42 -07:00
Kubernetes Prow Robot
71a7be41e0
Merge pull request #78705 from yujuhong/gce-win-owners 
Add more approvers/reviewers to cluster/gce/windows
 2019-06-14 13:27:14 -07:00
Zhen Wang
8f40368fb6 Clean up node-problem-detector configuration for GCI 2019-06-13 21:43:05 -07:00
Łukasz Osipiuk
94c80b1afc Update Cluster Autoscaler version to 1.15.0 2019-06-10 20:08:59 +02:00
Łukasz Osipiuk
df304b0a4d Update Cluster Autoscaler version to 1.15.0-beta.1 2019-06-07 17:11:03 +02:00
Maciej Borsz
31f18c0a6d Modify firewall rules names to make them shorter. 2019-06-05 13:18:53 +02:00
Kubernetes Prow Robot
3cd41a5a0b
Merge pull request #78668 from mtaufen/disable-kubeletpodresources 
Disable KubeletPodResources on Windows
 2019-06-04 14:34:03 -07:00
Yu-Ju Hong
b300267a57 Add more approvers/reviewers to cluster/gce/windows 2019-06-04 11:42:55 -07:00
Michael Taufen
a66cb353d4 Disable KubeletPodResources on Windows 
The feature caused tests to fail when it was enabled.

- https://github.com/kubernetes/kubernetes/issues/78628

Work is in progress to fix the feature, but until that work is complete,
we will disable it in the GCE scripts.
 2019-06-03 15:39:55 -07:00
Yu-Ju Hong
4a7be385a1 Update README for GCE/Windows 
Add instructions to create e2e clusters without building binaries
locally. Also update the instructions to build the binaries locally.
 2019-06-03 11:17:50 -07:00
Kubernetes Prow Robot
b82d7cabf4
Merge pull request #78552 from mtaufen/use-auth-header 
Windows startup scripts should use Authorization header for GCS requests
 2019-06-01 12:12:41 -07:00
Kubernetes Prow Robot
21c9c7a6ab
Merge pull request #78507 from pjh/gce-firewall-enabled 
GCE Windows nodes: leave firewall enabled.
 2019-06-01 06:22:17 -07:00
Michael Taufen
e2116ef572 Windows startup scripts should use Authorization header for GCS requests 
Requests against private buckets will fail unless the VM has storage
scope and the default service account token is provided in the request
header.

This PR replicates the following Linux changes for Windows:
- https://github.com/kubernetes/kubernetes/pull/74142
- https://github.com/kubernetes/kubernetes/pull/75269
 2019-05-30 16:55:55 -07:00
Yuwen Ma
ccbb88fc53 Revert "Revert "[Re-Apply][Distroless] Convert the GCE manifests for master containers."" 2019-05-30 08:02:41 -07:00
Kubernetes Prow Robot
6d70e7ff01
Merge pull request #77930 from mm4tt/upload_kubeconfig 
Upload kubeconfig to master metadata in tests.
 2019-05-30 06:30:24 -07:00
Kubernetes Prow Robot
88da568586
Merge pull request #78406 from losipiuk/lo/split-args-ca 
Split CA paramters on manifest template expansions
 2019-05-30 00:32:46 -07:00
Peter Hornyack
d47dd75df8 GCE Windows nodes: leave firewall enabled. 2019-05-29 18:08:52 -07:00
Kubernetes Prow Robot
5c314535d1
Merge pull request #78183 from cheftako/masterTaint 
Ensure kubernetes master is properly tainted in GCE.
 2019-05-29 17:24:46 -07:00
Kubernetes Prow Robot
f4945a81e2
Merge pull request #78314 from Random-Liu/set-containerd-oom-score 
Set containerd oom score adj to -999.
 2019-05-29 07:59:16 -07:00
Łukasz Osipiuk
dda5e49cac Split CA parameters on manifest template expansion 
Split arguments to be passed to cluster autoscaler binary,
so each argument is passed separately.
This is preparatory work for migrating CA to disroless base image
and passing multiple arguments together does not work if CA is
not wrapped around with shell script

Change-Id: I26b5a764d2a12079c7f4ed6633ccabf8d623e232
 2019-05-29 15:20:34 +02:00
Kubernetes Prow Robot
01a5ec3d3d
Merge pull request #78315 from dekkagaijin/mip 
specify additional static auth for components by env var
 2019-05-24 15:01:29 -07:00
Jake Sanders
5a9af2e0ef specify additional static auth for components by env var 2019-05-24 12:16:40 -07:00
Lantao Liu
f6aa22e9e3 Set containerd oom score adj to -999. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-05-24 10:36:54 -07:00
Matt Matejczyk
7e7570d6ff Upload kubeconfig to master metadata in tests. 
Till a few days ago, it was possible to ssh into master and access cluster via insecure master port.
Now, the master insecure port has been disabled, we're not able to do that anymore.

This PR aims to fix that by uploading the kubeconfig to the master metadata during cluster setup in tests.
 2019-05-24 13:25:19 +02:00
Yu-Ju Hong
3b58a5d89f GCE: Disable the Windows defender 
This is a workaround for https://github.com/kubernetes/kubernetes/issues/75148
 2019-05-23 17:51:32 -07:00
Matt Matejczyk
6ced6491c6 Change etcd's --listen-client-urls to 0.0.0.0 in tests 
This is to allow scraping etcd metrics in scalability tests.

Ref. https://github.com/kubernetes/perf-tests/issues/522
 2019-05-23 15:11:22 +02:00