github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
93,054 Commits 1 Branch 31 Tags 1,019 MiB
479249b3a3
Commit Graph

3171 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
52a3cb06ef
Merge pull request #82845 from prameshj/custom-nodelocal 
Update nodelocaldns yaml to use image with custom Stubdomains support
 2019-10-04 16:31:13 -07:00
Michael Taufen
53a83f5a8d add mtaufen to cluster/gce owners 2019-10-04 16:25:06 -07:00
Marek Siarkowicz
887e84e330 Remove Prometheus addon and it's tests 
Prometheus addon was developed for exterimental and test purpose only.
As readme states it should not be used by anyone.
 2019-10-03 14:15:58 +02:00
Jacek Kaniuk
46e7a14227 Ability to set up additional, bigger nodes during tests 2019-10-03 12:20:06 +02:00
Maciej Borsz
2d9a9f7713
Revert "Revert "Revert "[Re-Apply][Distroless] Convert the GCE manifests for master containers.""" 2019-10-02 09:22:02 +02:00
Mark Wolters
f7bf17bc2f Switch from admission-control flag to enable-admission-plugins 2019-10-01 09:21:33 -07:00
Kubernetes Prow Robot
6610260cc4
Merge pull request #78466 from yuwenma/revert-77904-revert-76396-reapply-75624 
Revert "Revert "[Re-Apply][Distroless] Convert the GCE manifests for master containers.""
 2019-10-01 01:21:33 -07:00
Kubernetes Prow Robot
b215562a70
Merge pull request #83205 from zhenglol/zhengch_event_exporter_to_sd 
Use $STACKDRIVER_ENDPOINT to set exporter sd endpoint
 2019-09-30 13:09:00 -07:00
Kubernetes Prow Robot
b281315450
Merge pull request #82856 from Random-Liu/update-crictl 
Update crictl to v1.16
 2019-09-26 14:40:23 -07:00
Zheng Chen
3972e5c3e7
using STACKDRIVER_ENDPOINT to set exporter sd endpoint according to cluster env 2019-09-26 14:00:59 -04:00
Lantao Liu
dfd5957713 Update crictl to v1.16.1. 2019-09-25 16:06:39 -07:00
Kubernetes Prow Robot
7266b1b487
Merge pull request #82801 from krzyzacy/auth-curl 
auth/cloud-platform is a superset of devstorage.
 2019-09-23 17:31:53 -07:00
Sen Lu
e3fdebbe62 auth/cloud-platform is a superset of devstorage. 
Also fix the curl in get-kube.sh
 2019-09-23 14:14:03 -07:00
Jacek Kaniuk
3d746aabdf Revert "Updated COS version to M77" 
This reverts commit bc3f4b269a
which caused regression in scalability tests:
https://github.com/kubernetes/kubernetes/issues/83020
 2019-09-23 15:22:46 +02:00
Kubernetes Prow Robot
23ec5b6e9e
Merge pull request #82357 from beautytiger/fix_shellcheck_config-common.sh 
fix shellcheck in cluster/gce/config-common.sh
 2019-09-20 16:17:24 -07:00
Kubernetes Prow Robot
b9ba61b41a
Merge pull request #82766 from dhuh/master 
Updated COS version to M77
 2019-09-19 11:05:28 -07:00
Kubernetes Prow Robot
5cdf18e348
Merge pull request #82624 from qingling128/master 
Upgrade stackdriver-logging-agent image to 1.6.17 to fix CVEs.
 2019-09-18 17:30:59 -07:00
Shihang Zhang
42cb861487 exclude kms provider from health check 
Change-Id: Ie1f828b327c5eede8a0b105a8c3f8fc7affd6f3e
 2019-09-18 10:37:55 -07:00
Guangming Wang
cd929a98a0 fix shellcheck in cluster/gce/config-common.sh 
add comment for exported values
 2019-09-19 00:03:16 +08:00
David Huh
bc3f4b269a Updated COS version to M77 2019-09-16 22:27:39 +00:00
Kubernetes Prow Robot
1bebaea417
Merge pull request #81061 from k-toyoda-pi/fix_shellcheck_flexvolume_node_setup 
Fix shellcheck failure in gce/gci/flexvolume_node_setup.sh
 2019-09-16 14:43:54 -07:00
Pavithra Ramesh
7a7f856e22 Support running custom nodelocaldns yaml in gce. 2019-09-12 12:53:53 -07:00
Ling Huang
dc9db4b413 Upgrade stackdriver-logging-agent image to 1.6.17 to fix CVEs. 
Change-Id: Ic37a8d3663d616e7d196353efd9a0164da724728
 2019-09-12 04:02:08 -04:00
Kubernetes Prow Robot
0dbb93125f
Merge pull request #82579 from mm4tt/etcd_expose_metrics 
Expose etcd metric port in tests
 2019-09-11 22:53:35 -07:00
Kubernetes Prow Robot
14e5ac8591
Merge pull request #82499 from filbranden/owners1 
Remove me from OWNERS for GCI
 2019-09-11 21:24:05 -07:00
Matt Matejczyk
fbbb4ebeca Expose etcd metric port in tests 
This is to allow scraping etcd metrics in scalabiblity tests.
This was already done in
https://github.com/kubernetes/kubernetes/pull/77657, but then the logic
got changed when introducing mtls in
https://github.com/kubernetes/kubernetes/pull/77561 and the new etcd
metric port 2382 is currently only exposed on localhost.

Ref. https://github.com/kubernetes/perf-tests/issues/786
 2019-09-11 13:57:00 +02:00
Kubernetes Prow Robot
f48659e9fd
Merge pull request #81681 from zhenglol/sd_test_endpoint 
override stackdriver endpoint in event-exporter in test cluster
 2019-09-10 14:32:00 -07:00
Łukasz Osipiuk
b27e0b54f1 Update Cluster Autoscaler version to 1.16.0 2019-09-09 19:12:31 +02:00
Filipe Brandenburger
c8f4e958e6 Remove me from OWNERS for GCI 
Signed-off-by: Filipe Brandenburger <filbranden@gmail.com>
 2019-09-09 09:39:05 -07:00
Kubernetes Prow Robot
1cdd0848ee
Merge pull request #82430 from losipiuk/lo/ca-1.16 
Update cluster autoscaler image to 1.16.0-beta.1
 2019-09-08 18:41:17 -07:00
Rob Scott
66196c1043
Improving GCE cluster up logic for EndpointSlice Controller 2019-09-06 09:49:32 -07:00
Łukasz Osipiuk
9332d11563 Update cluster-autoscaler image to v1.16.0-beta.1 2019-09-06 17:38:31 +02:00
Kubernetes Prow Robot
3a50184421
Merge pull request #82380 from robscott/endpointslice-e2e-tests 
Starting EndpointSlice Controller when all Alpha gates are enabled in cluster up
 2019-09-05 17:54:57 -07:00
Kubernetes Prow Robot
397ed0e825
Merge pull request #82314 from lzang/master 
Add dns capability to GCE window cluster
 2019-09-05 16:30:58 -07:00
Kubernetes Prow Robot
9614a85a2b
Merge pull request #81300 from liyanhui1228/sd_logging 
Install and start logging agent based on kube env
 2019-09-05 13:00:58 -07:00
Rob Scott
dc0c81a5f1
Ensuring endpointslice controller starts up as part of cluster up when all alpha feature gates are enabled 2019-09-05 09:16:13 -07:00
Kubernetes Prow Robot
c4c64673d7
Merge pull request #82199 from dims/update-to-etcd-3.3.15-0-image 
Update default etcd server to 3.3.15 for kubernetes 1.16
 2019-09-05 06:35:10 -07:00
Zang Li
2a3ab18654 Add dns capability to GCE window cluster 2019-09-04 18:45:25 -07:00
Angela Li
1d27242967 rebase 2019-09-04 15:32:25 -07:00
Angela Li
54d9f9a75b Add comment 2019-09-04 15:30:38 -07:00
Angela Li
f24749594b Adding ENABLE_STACKDRIVER_WINDOWS 2019-09-04 15:30:38 -07:00
Angela Li
53a2559e24 Install and start logging based on kube env 2019-09-04 15:30:38 -07:00
Kubernetes Prow Robot
4fdfa76ca9
Merge pull request #82142 from pjh/separate-fluentd-config 
Write the Stackdriver config separately from the installation.
 2019-09-03 16:01:11 -07:00
toyoda
5c724f6eaa fix shellcheck failure in gci/flexvolume_node_setup.sh 2019-09-03 16:56:25 +09:00
Davanum Srinivas
8fbfdf8267
Update default etcd server to 3.3.15 for kubernetes 1.16 
Change-Id: I68f1a5e5339d83077a1a9f312c4e6e33848886c5
 2019-08-30 21:29:45 -04:00
Kubernetes Prow Robot
7a7b8a7305
Merge pull request #82094 from tallclair/runtime-class-admission 
Enable the RuntimeClass admission controller on GCE & CI
 2019-08-30 08:00:12 -07:00
Kubernetes Prow Robot
7236850194
Merge pull request #82093 from rajansandeep/reconcilecorednscm 
Add the ability to migrate CoreDNS configmap in kube-up
 2019-08-30 07:59:56 -07:00
Peter Hornyack
9282e48ccc Write the Stackdriver config separately from the installation. 
This will let us preinstall the Stackdriver logging agent but still
configure it correctly when bringing up new Windows nodes.

The hostname in the config file looks the same before-and-after:
  "logging.googleapis.com/local_resource_id" ${"k8s_node.e2e-test-peterhornyack-windows-node-group-6tw6"}
  "logging.googleapis.com/local_resource_id" ${"k8s_node.e2e-test-peterhornyack-windows-node-group-mf5r"}
 2019-08-29 12:22:33 -07:00
Sandeep Rajan
8a7a8032b1 hardcoded check sha of corefile tool 2019-08-29 10:03:29 -04:00
Tim Allclair
a4f8ee17ee Enable the RuntimeClass admission controller on GCE & CI 2019-08-28 13:23:55 -07:00
Sandeep Rajan
3b6b7f99b0 add checksum 2019-08-28 16:03:28 -04:00
Zhen Wang
d874dbfcb1 Bump NPD version to v0.7 for GCI 2019-08-27 22:26:30 -07:00
Kubernetes Prow Robot
d52b212189
Merge pull request #79908 from wenjiaswe/remove-aggregator-ca-key 
Remove unused aggregator ca key
 2019-08-23 13:31:18 -07:00
Yu-Ju Hong
48cc836717 GCE/Windows: use "return" as "continue" for ForEach-Object 
Using `continue` would exit the current processing scope.
https://blogs.technet.microsoft.com/msftcam/2015/03/17/powershell-gotcha-foreach-object-and-continue/
 2019-08-21 15:44:40 -07:00
Zheng Chen
70a7134906
added override for sd testing env in event-exporter yaml 2019-08-20 16:29:15 -04:00
Sandeep Rajan
e57b867957 add coredns migration support to upgrade.sh 2019-08-20 14:37:59 -04:00
Peter Hornyack
3ac5c1565a Leave Windows Defender enabled for clusters on GCE 2019-08-19 16:55:00 -07:00
Kubernetes Prow Robot
2974adff27
Merge pull request #81337 from YangLu1031/master 
Add instruction for "Application Default Credentials" to run e2e tests locally
 2019-08-15 16:18:47 -07:00
Kubernetes Prow Robot
273e9262bb
Merge pull request #80342 from draveness/feature/remove-critical-pod-annotation 
feat: cleanup pod critical pod annotations feature
 2019-08-15 07:20:34 -07:00
Yang Lu
9d68d44e1f Add instruction for "Application Default Credentials" 2019-08-14 10:27:58 -07:00
Kubernetes Prow Robot
282b992e0c
Merge pull request #81074 from mborsz/ilb 
Experimental ILB support
 2019-08-09 06:25:26 -07:00
Maciej Borsz
cc4094d916 Experimental ILB support 2019-08-09 12:38:15 +02:00
Kubernetes Prow Robot
18b6ff3d65
Merge pull request #81106 from YangLu1031/updateImageVersion 
Update the Windows server core 1809 image to July version 0709
 2019-08-08 17:58:18 -07:00
draveness
495faa22db feat: cleanup pod critical pod annotations feature 2019-08-09 08:41:23 +08:00
Yang Lu
8bd0860c5c Update the Windows node image 1809 version to 0709 2019-08-07 12:36:04 -07:00
Walter Fender
ebb65c5f4c Get network-proxy working with GCE. 
Got the proxy-server coming up in the master.
Added certs and have it comiung up with those certs.
Added a daemonset to run the network-agent.
Adding support for agent running as a sameon set on every node.

Added quick hack to test that proxy server/agent were correctly
tunneling traffic to the kubelet.

Added more WIP for reading network proxy configuration.
Get flags set correctly and fix connection services.
Adding missing ApplyTo
Added ConnectivityService.
Fixed build directives. Added connectivity service configuration.
Fixed log levels.
Fixed minor issues for feature turned off.
Fixed boilerplate and format.
Moved log dialer initialization earlier as per Liggits suggestion.
Fixed a few minor issues in the configuration for GCE.
Fixed scheme allocation
Adding unit test.
Added test for direct connectivity service.

Switching to injecting the Lookup method rather than using a Singleton.
First round of mikedaneses feedback.
Fixed deployment to use yaml and other changes suggested by MikeDanese.

Switched network proxy server/agent which are kebab-case not camelCase.
Picked up DIAL_RSP fix.
Factored in deads2k feedback.
Feedback from mikedanese
Factored in second round of feedback from David.
Fix path in verify.
Factored in anfernee's feedback.
First part of lavalamps feedback.
Factored in more changes from lavalamp and mikedanese.

Renamed network-proxy to konnectivity-server and konnectivity-agent.
Fixed tolerations and config file checking.
Added missing strptr
Finished lavalamps requested rename.
Disambiguating konnectivity service by renaming it egress selector.

Switched feature flag to KUBE_ENABLE_EGRESS_VIA_KONNECTIVITY_SERVICE
 2019-08-06 23:09:49 -07:00
Maciej Borsz
e442a427f5 Update kube-addon-manager to v9.0.2. 2019-08-01 16:15:51 +02:00
Kubernetes Prow Robot
3be827e912
Merge pull request #77561 from wenjiaswe/fix-etcd-server 
Use HTTPS as etcd-apiserver protocol when mTLS is enabled
 2019-07-29 12:14:49 -07:00
Maciej Borsz
f1e6309560
Retry metadata requests in get-credentials and valid-storage-scope 2019-07-26 14:09:55 +02:00
Kubernetes Prow Robot
96594b6723
Merge pull request #80566 from BenTheElder/fix-image-ref 
fix kube-proxy manifest
 2019-07-25 22:36:36 -07:00
Kubernetes Prow Robot
bf2dd03083
Merge pull request #80318 from davidxia/fix-err-caps 
cleanup: fix some log and error capitalizations
 2019-07-25 10:41:28 -07:00
Benjamin Elder
1cf8a06d12 add reciprocal note about keeping manifests in sync 2019-07-25 00:44:11 -07:00
Kubernetes Prow Robot
0612c7de0b
Merge pull request #80232 from shihan9/gce 
remove function apply-encryption-config in configure-helper
 2019-07-24 13:50:19 -07:00
Taahir Ahmed
9702c6e6e9 GCP config: gke-exec-auth-plugin for ValidatingAdmissionWebhook 
This commit adds support for using `gke-exec-auth-plugin` (vTPM-based
certificates for mTLS) for webhooks when calling endpoints matching
`*.googleapis.com`, and integrates this support with
ValidatingAdmissionWebhook.

To enable it, request ValidatingAdmissionWebhook with
`ADMISSION_CONTROL=...,ValidatingAdmissionWebhook,...` (default) and
opt in to `gke-exec-auth-plugin` using `WEBHOOK_GKE_EXEC_AUTH=true`
during the configuration process.

If you don't opt-in, ValidatingAdmissionWebhook will be deployed as
before.

Requesting `WEBHOOK_GKE_EXEC_AUTH=true` will fail if you have not
provided other configuration variables:

  * `EXEC_AUTH_PLUGIN_URL`: controls whether `gke-exec-auth-plugin` is
    downloaded during the installation step.  A prerequisite for
    actually using the plugin.

  * `TOKEN_URL`, `TOKEN_BODY`, and `TOKEN_BODY_UNQUOTED`:
    configuration values used when calling the plugin.  `TOKEN_URL`
    and `TOKEN_BODY` have existing usage. `TOKEN_BODY_UNQUOTED` is a
    new variable that is meant to sidestep the problem of inverting
    `strconv.Quote` in Bash.

The existing configuration process for ImagePolicyWebhook has been
reworked to make it play nicely with ValidatingAdmissionWebhook under
`WEBHOOK_GKE_EXEC_AUTH=true`.

  * It originally placed the ImagePolicyWebhook configuration object
    at the top-level of the file specified by
    `--admission-control-config-file`.  I can't see why this worked;
    it must have been hitting some sort of lucky path through the
    various config file loading mechanisms.  Now, it places its
    configuration in a sub-field of that file, which is shared among
    all admission control plugins.

  * It mounted its various config files read-write.  I reviewed the
    code and couldn't see why it was necessary, so I moved the config
    files into the existing read-only mount at `/etc/srv/kubernetes`.

  * It now checks that all the configuration values it requires have
    been provided.

Co-authored-by: Mike Danese <mikedanese@google.com>
Co-authored-by: Taahir Ahmed <taahm@google.com>
 2019-07-22 16:01:37 -07:00
David Xia
fabfd950b1
cleanup: fix some log and error capitalizations 
Part of https://github.com/kubernetes/kubernetes/issues/15863
 2019-07-20 18:26:16 -04:00
Wenjia Zhang
2e61ae0c56 Use HTTPS as etcd-apiserver protocol when mTLS is enabled 2019-07-20 14:24:31 -07:00
Kubernetes Prow Robot
49f6510d9a
Merge pull request #80277 from draveness/feature/revert-cleanup-critical-pod 
Revert "feat: cleanup pod critical pod annotations feature"
 2019-07-18 19:31:37 -07:00
Javier Pérez Hernández
288ea10a59 gce: configure: use 'amd64' in kube core images manifest 2019-07-18 08:31:45 -07:00
draveness
d83526d253 Revert "feat: cleanup pod critical pod annotations feature" 
This reverts commit b6d41ee5cc.
 2019-07-18 13:31:12 +08:00
Shihang Zhang
e6607cc259 remove function apply-encryption-config in configure-helper 
Change-Id: I4df76abcc94eb222219968dc5e08655677d4623f
 2019-07-16 14:03:13 -07:00
Davanum Srinivas
6b06084df6
Drop -r for variable within loop 
using `local -r` will blow up, example output:
```
/home/kubernetes/bin/configure.sh: line 388: local: manifest_name: readonly variable
```

Change-Id: Id379180803d44dd9c7ac0da41c1cd56de0fe54a4
 2019-07-14 11:05:29 -04:00
Kubernetes Prow Robot
b9615d5bbc
Merge pull request #80054 from javier-b-perez/load-image 
cluster: configure: load images and add tags with no arch
 2019-07-13 15:37:03 -07:00
Javier Pérez Hernández
438ff151d4 cluster: configure: load images and add tags with no arch 2019-07-12 16:40:40 -07:00
Kubernetes Prow Robot
5be1efe9bd
Merge pull request #79447 from almos98/start-stackdriver-workaround 
Wait for StackdriverLogging service to stop before restarting it.
 2019-07-12 14:11:06 -07:00
Alexion Ramos
6edbb95f53 Wait for StackdriverLogging service to stop before restarting it. 2019-07-11 17:54:38 -07:00
draveness
b6d41ee5cc feat: cleanup pod critical pod annotations feature 2019-07-11 08:54:19 +08:00
Wenjia Zhang
5abd36824a Remove unused aggregator ca key 2019-07-08 17:22:25 -07:00
Kubernetes Prow Robot
4cabe6217f
Merge pull request #79626 from wenjiaswe/remove-etcd-ca-key 
Remove unnecessary ETCD_CA_KEY check
 2019-07-08 14:28:14 -07:00
Kubernetes Prow Robot
097681b619
Merge pull request #72206 from tallclair/audit-profile-test 
Audit profile test
 2019-07-05 19:00:35 -07:00
Tim Allclair
d06f849379 Audit policy test 2019-07-03 10:39:37 -07:00
Kubernetes Prow Robot
f9a7ca8bab
Merge pull request #79703 from mborsz/master_node_labels 
Add MASTER_NODE_LABELS
 2019-07-03 05:58:31 -07:00
Maciej Borsz
08f8d2ef46 Fix HA setup logic 2019-07-03 11:17:31 +02:00
Maciej Borsz
20d5bb4afe Add MASTER_NODE_LABELS 2019-07-03 09:39:14 +02:00
Kubernetes Prow Robot
5ee329c799
Merge pull request #77271 from krzysied/gce_instance_parallel 
Creating instance groups in parallel
 2019-07-02 05:45:08 -07:00
Wenjia Zhang
22591ad8f2 Remove unnecessary ETCD_CA_KEY check 2019-07-01 15:19:16 -07:00
Kubernetes Prow Robot
ed1f9748b1
Merge pull request #78727 from mborsz/script 
Modify kube-up to support cluster without nodes.
 2019-07-01 09:43:21 -07:00
Kubernetes Prow Robot
3f221551b6
Merge pull request #78728 from mborsz/firewall 
Modify firewall rules names to make them shorter.
 2019-07-01 07:23:34 -07:00
Maciej Borsz
5f10c284c8 Modify kube-up to support cluster without nodes. 2019-07-01 15:29:45 +02:00
Wei Huang
6f10758446
followup of 79262 to cleanup PodPriority leftover 2019-06-28 14:19:26 -07:00
Kubernetes Prow Robot
ed9f340add
Merge pull request #79305 from paivagustavo/clean-up-self-set-node-labels 
Clean up self-set node labels
 2019-06-27 11:37:21 -07:00
Koonwah Chen
46ff8e6b57 Add env var(CNI_STORAGE_PATH) for cni storage path. 2019-06-24 11:47:14 -07:00
Kubernetes Prow Robot
eee3e976d8
Merge pull request #78294 from vllry/kp-remove-resource-container 
Remove deprecated flag --resource-container from kube-proxy
 2019-06-22 00:38:12 -07:00
Kubernetes Prow Robot
fb1e9c0473
Merge pull request #79007 from wangzhen127/fix-npd-config 
Clean up node-problem-detector configuration for GCI
 2019-06-21 12:16:27 -07:00
Gustavo Paiva
ca3519c7ad Clean up selft-set node labels 2019-06-20 00:07:31 -03:00
Vallery Lancey
dc0f14312e Removed deprecated --resource-container flag from kube-proxy. 2019-06-16 08:36:42 -07:00
Kubernetes Prow Robot
71a7be41e0
Merge pull request #78705 from yujuhong/gce-win-owners 
Add more approvers/reviewers to cluster/gce/windows
 2019-06-14 13:27:14 -07:00
Zhen Wang
8f40368fb6 Clean up node-problem-detector configuration for GCI 2019-06-13 21:43:05 -07:00
Łukasz Osipiuk
94c80b1afc Update Cluster Autoscaler version to 1.15.0 2019-06-10 20:08:59 +02:00
Łukasz Osipiuk
df304b0a4d Update Cluster Autoscaler version to 1.15.0-beta.1 2019-06-07 17:11:03 +02:00
Maciej Borsz
31f18c0a6d Modify firewall rules names to make them shorter. 2019-06-05 13:18:53 +02:00
Kubernetes Prow Robot
3cd41a5a0b
Merge pull request #78668 from mtaufen/disable-kubeletpodresources 
Disable KubeletPodResources on Windows
 2019-06-04 14:34:03 -07:00
Yu-Ju Hong
b300267a57 Add more approvers/reviewers to cluster/gce/windows 2019-06-04 11:42:55 -07:00
Michael Taufen
a66cb353d4 Disable KubeletPodResources on Windows 
The feature caused tests to fail when it was enabled.

- https://github.com/kubernetes/kubernetes/issues/78628

Work is in progress to fix the feature, but until that work is complete,
we will disable it in the GCE scripts.
 2019-06-03 15:39:55 -07:00
Yu-Ju Hong
4a7be385a1 Update README for GCE/Windows 
Add instructions to create e2e clusters without building binaries
locally. Also update the instructions to build the binaries locally.
 2019-06-03 11:17:50 -07:00
Kubernetes Prow Robot
b82d7cabf4
Merge pull request #78552 from mtaufen/use-auth-header 
Windows startup scripts should use Authorization header for GCS requests
 2019-06-01 12:12:41 -07:00
Kubernetes Prow Robot
21c9c7a6ab
Merge pull request #78507 from pjh/gce-firewall-enabled 
GCE Windows nodes: leave firewall enabled.
 2019-06-01 06:22:17 -07:00
Michael Taufen
e2116ef572 Windows startup scripts should use Authorization header for GCS requests 
Requests against private buckets will fail unless the VM has storage
scope and the default service account token is provided in the request
header.

This PR replicates the following Linux changes for Windows:
- https://github.com/kubernetes/kubernetes/pull/74142
- https://github.com/kubernetes/kubernetes/pull/75269
 2019-05-30 16:55:55 -07:00
Yuwen Ma
ccbb88fc53 Revert "Revert "[Re-Apply][Distroless] Convert the GCE manifests for master containers."" 2019-05-30 08:02:41 -07:00
Kubernetes Prow Robot
6d70e7ff01
Merge pull request #77930 from mm4tt/upload_kubeconfig 
Upload kubeconfig to master metadata in tests.
 2019-05-30 06:30:24 -07:00
Kubernetes Prow Robot
88da568586
Merge pull request #78406 from losipiuk/lo/split-args-ca 
Split CA paramters on manifest template expansions
 2019-05-30 00:32:46 -07:00
Peter Hornyack
d47dd75df8 GCE Windows nodes: leave firewall enabled. 2019-05-29 18:08:52 -07:00
Kubernetes Prow Robot
5c314535d1
Merge pull request #78183 from cheftako/masterTaint 
Ensure kubernetes master is properly tainted in GCE.
 2019-05-29 17:24:46 -07:00
Kubernetes Prow Robot
f4945a81e2
Merge pull request #78314 from Random-Liu/set-containerd-oom-score 
Set containerd oom score adj to -999.
 2019-05-29 07:59:16 -07:00
Łukasz Osipiuk
dda5e49cac Split CA parameters on manifest template expansion 
Split arguments to be passed to cluster autoscaler binary,
so each argument is passed separately.
This is preparatory work for migrating CA to disroless base image
and passing multiple arguments together does not work if CA is
not wrapped around with shell script

Change-Id: I26b5a764d2a12079c7f4ed6633ccabf8d623e232
 2019-05-29 15:20:34 +02:00
Kubernetes Prow Robot
01a5ec3d3d
Merge pull request #78315 from dekkagaijin/mip 
specify additional static auth for components by env var
 2019-05-24 15:01:29 -07:00
Jake Sanders
5a9af2e0ef specify additional static auth for components by env var 2019-05-24 12:16:40 -07:00
Lantao Liu
f6aa22e9e3 Set containerd oom score adj to -999. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-05-24 10:36:54 -07:00
Matt Matejczyk
7e7570d6ff Upload kubeconfig to master metadata in tests. 
Till a few days ago, it was possible to ssh into master and access cluster via insecure master port.
Now, the master insecure port has been disabled, we're not able to do that anymore.

This PR aims to fix that by uploading the kubeconfig to the master metadata during cluster setup in tests.
 2019-05-24 13:25:19 +02:00
Yu-Ju Hong
3b58a5d89f GCE: Disable the Windows defender 
This is a workaround for https://github.com/kubernetes/kubernetes/issues/75148
 2019-05-23 17:51:32 -07:00
Matt Matejczyk
6ced6491c6 Change etcd's --listen-client-urls to 0.0.0.0 in tests 
This is to allow scraping etcd metrics in scalability tests.

Ref. https://github.com/kubernetes/perf-tests/issues/522
 2019-05-23 15:11:22 +02:00
Kubernetes Prow Robot
4f33b5f421
Merge pull request #77820 from dims/charrywanganthony-pr-71835-delete-kubelet-security-controls 
Remove deprecated Kubelet security controls
 2019-05-22 13:52:25 -07:00
walter
d574ab00e4 Ensure kubernetes master is properly tainted in GCE. 
Factored in mtaufens suggestion.
 2019-05-21 23:41:56 -07:00
Kubernetes Prow Robot
0203192970
Merge pull request #78044 from dekkagaijin/patch-6 
Consolidate logic to ensure kubectl auth
 2019-05-17 23:21:37 -07:00
Kubernetes Prow Robot
72f6954614
Merge pull request #77889 from Random-Liu/support-using-containerd-in-cos 
Support using docker containerd in COS and Ubuntu on GCE.
 2019-05-17 20:26:59 -07:00
Kubernetes Prow Robot
47304fbaee
Merge pull request #78039 from mikedanese/execmaster 
allow exec auth plugin to be pulled on the master
 2019-05-17 18:57:30 -07:00
Jake Sanders
9bc3c2af00 Consolidate logic to ensure kubectl auth 2019-05-17 11:32:09 -07:00
Kubernetes Prow Robot
314264aeaf
Merge pull request #78010 from mikedanese/fixdns 
cluster/gce: fix line 2414: DNS_MEMORY_LIMIT: unbound variable
 2019-05-17 10:12:59 -07:00
Kubernetes Prow Robot
20d6b2ff11
Merge pull request #78008 from mikedanese/fixunset 
cluster/gce: fix unset variable when insecure port is enabled
 2019-05-17 10:12:46 -07:00
Mike Danese
5d7aeca63f cluster/gce: allow exec auth plugin to be pulled on the master 2019-05-17 08:32:34 -07:00
Kubernetes Prow Robot
d2e5b04dec
Merge pull request #77961 from dekkagaijin/patch-4 
remove zmerlynn@ from cluster/gce/OWNERS
 2019-05-17 07:00:23 -07:00
Kubernetes Prow Robot
3ba4111abe
Merge pull request #77958 from pjh/pause-image-official 
Windows GCE nodes: pull infra/pause container image during node setup
 2019-05-17 05:38:45 -07:00
Kubernetes Prow Robot
af692da080
Merge pull request #77844 from grayluck/one-more-ip 
Add 198.51.100.0/24 to non-masq ranges.
 2019-05-17 05:38:19 -07:00
Kubernetes Prow Robot
c48c3f400b
Merge pull request #77954 from pjh/cni-release-v0.8.0 
Windows GCE nodes: use CNI plugins v0.8.0 release.
 2019-05-17 02:04:45 -07:00
Kubernetes Prow Robot
9030187d2c
Merge pull request #77951 from yujuhong/sd-env 
GCE/Windows: add instructions about stackdriver logging in README
 2019-05-17 00:26:56 -07:00
Mike Danese
59f4661b18 cluster/gce: fix line 2414: DNS_MEMORY_LIMIT: unbound variable 2019-05-16 22:58:34 -07:00
Mike Danese
4edec1f3be cluster/gce: fix unset variable when insecure port is enabled 2019-05-16 19:47:11 -07:00
Lantao Liu
bc1a78d31e Support using docker containerd in COS and Ubuntu on GCE. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-05-16 13:53:57 -07:00
Peter Hornyack
5c32b4bbb2 Windows GCE nodes: pull infra/pause container image during node setup 2019-05-16 11:45:56 -07:00
chaowang
9ba0d47465
Remove deprecated Kubelet security controls 
Change-Id: I9f770e6780b60e881092690f6f177d726f474fe3
 2019-05-16 13:33:52 -04:00
Kubernetes Prow Robot
f8d2b6b982
Merge pull request #77918 from mborsz/coredns 
Make dns memory limit configurable
 2019-05-16 08:49:08 -07:00
Jake Sanders
db6eff7378
remove zmerlynn@ from cluster/gce/OWNERS 
Your watch has ended.
 2019-05-15 18:47:28 -07:00
yankaiz
14015d9ce1 Add 198.51.100.0/24 to non-masq ranges. 
Groupped the IP ranges by RFC and type.

Change reference for 198.18.0.0/15 from RFC 2544 to RFC 6815.
 2019-05-15 16:23:41 -07:00
Yu-Ju Hong
abed7cc0a9 GCE/Windows: add instructions about stackdriver logging in README 
Setting LOGGING_STACKDRIVER_RESOURCE_TYPES ensures that the both Linux
and Windows nodes send logs to the same resources with the same tags.
 2019-05-15 11:59:37 -07:00
Peter Hornyack
5d669f2946 Use CNI plugins v0.8.0 release. 2019-05-15 10:59:46 -07:00
Kubernetes Prow Robot
4d3d153210
Merge pull request #77904 from mborsz/revert-76396-reapply-75624 
Revert "[Re-Apply][Distroless] Convert the GCE manifests for master containers."
 2019-05-15 07:06:41 -07:00
Maciej Borsz
59af63c687 Make coredns memory limit configurable 2019-05-15 13:35:28 +02:00
Kubernetes Prow Robot
47cef03dab
Merge pull request #77748 from yuwenma/etcd-release 
Update etcd* version to use latest released images.
 2019-05-15 00:04:35 -07:00
Maciej Borsz
9da7db76b7
Revert "[Re-Apply][Distroless] Convert the GCE manifests for master containers." 2019-05-15 08:31:19 +02:00
Kubernetes Prow Robot
2c67fb397d
Merge pull request #77358 from yuwenma/node-termination-handler 
Updated gce node-termination-handler yaml.
 2019-05-13 18:25:09 -07:00
Yuwen Ma
1f0f050fde Update etcd* version to use latest released images. 2019-05-13 17:28:40 -07:00
Kubernetes Prow Robot
1c18c3263a
Merge pull request #77386 from SataQiu/fix-shellcheck-20190503 
Fix shellcheck failures of cluster/gce/upgrade-aliases.sh
 2019-05-10 21:30:24 -07:00
Kubernetes Prow Robot
5184b866d6
Merge pull request #77424 from MrHohn/gce-manifest-owners 
Add OWNERS file for gce/manifests
 2019-05-09 20:13:57 -07:00
Kubernetes Prow Robot
a3f8e95f68
Merge pull request #77607 from dekkagaijin/mip 
when disabled, don't create the API server's insecure port mapping
 2019-05-09 17:52:10 -07:00
Jake Sanders
2576713a40 when disabled, don't create the API server's insecure port mapping 2019-05-09 11:50:59 -07:00
Zihong Zheng
e6287c61e6 Add OWNERS file for gce/manifests 2019-05-08 17:39:23 -07:00
Kubernetes Prow Robot
5bd88c85bf
Merge pull request #77568 from yujuhong/catch-exception 
GCE/Windows: ignore stopping errors for stackdriver
 2019-05-08 17:15:38 -07:00
Kubernetes Prow Robot
0befec7fb6
Merge pull request #77447 from dekkagaijin/mip 
disable the apiserver's insecure port by default
 2019-05-07 22:14:32 -07:00
Kubernetes Prow Robot
b34d7ac0ce
Merge pull request #77458 from grayluck/agent-v2.3.0 
Bump ip-masq-agent version to v2.3.0. Enable nomasq for reserved IPs.
 2019-05-07 17:52:58 -07:00
Yu-Ju Hong
eadacaf058 GCE/Windows: ignore stopping errors for stackdriver 2019-05-07 17:17:34 -07:00
yankaiz
1059a71973 Bump ip-masq-agent version to v2.3.0. Enable nomasq for reserved IPs. 
Added the non-masq ranges to configure-helper.sh so that GCE clusters
will have the non-masq IP ranges aligned with GKE clusters.
 2019-05-06 22:32:34 -07:00
Kubernetes Prow Robot
e1d40da0df
Merge pull request #76396 from yuwenma/reapply-75624 
[Re-Apply][Distroless] Convert the GCE manifests for master containers.
 2019-05-06 21:31:39 -07:00
Jake Sanders
e4d521e825 disable the apiserver insecure port by default in configure-helper 2019-05-06 19:26:57 -07:00
Jake Sanders
ff4c372eaa ensure that kubectl works when the master insecure port is disabled 2019-05-06 19:25:41 -07:00
Kubernetes Prow Robot
6027a38e78
Merge pull request #77282 from MrHohn/addon-manager-9.0.1 
Bump addon-manager to v9.0.1
 2019-05-06 14:01:52 -07:00
Yuwen Ma
53bace16df Updated gce node-termination-handler yaml. 2019-05-06 11:29:47 -07:00
Yuwen Ma
b8a8bdb127 [Distroless] Convert the GCE manifests for master containers. 
* Touched containers: kube-apiserver, kube-scheduler,
kube-controller-manager.
* Remove the shell dependencies when upstart the containers.
* Reformat the command parameters to ["Exec", "Param1", "Param2"]
 2019-05-06 08:04:06 -07:00
Kubernetes Prow Robot
5f8d290346
Merge pull request #75675 from mwwolters/addon-manager-kubeconfig 
Added function to create kubeconfig for addon-manager
 2019-05-03 22:17:51 -07:00
Mark Wolters
1456979e93 Added function to create kubeconfig for addon-manager 2019-05-03 15:12:16 -07:00
Yu-Ju Hong
9f65407833 GCE/Windows: send container logs to the proper resource 
This PR fixes a bug where all container logs are sent to the "k8s_node"
resource by adding a "match" directive that applies only to container
logs.
 2019-05-03 11:32:19 -07:00
Kubernetes Prow Robot
eb41c9c5fc
Merge pull request #77369 from immutableT/remove-enc-from-kube-up 
Remove the option of encrypting secrets in etcd via a locally stored key.
 2019-05-03 02:56:29 -07:00
SataQiu
2ba0231670 fix shellcheck failures of cluster/gce/upgrade-aliases.sh 2019-05-03 17:01:15 +08:00
Kubernetes Prow Robot
6a23a6278f
Merge pull request #77378 from yujuhong/kill-sd 
GCE/Windows: force kill the stackdriver processes when necessary
 2019-05-02 20:20:17 -07:00
Yu-Ju Hong
bee570a2f0 GCE/Windows: force kill the stackdriver processes when necessary 
StackdriverLogging service sometimes cannot be stopped properly. This
work around the bug by force killing the processes.
 2019-05-02 18:52:31 -07:00
Kubernetes Prow Robot
0b10d1b830
Merge pull request #77140 from dekkagaijin/glbc 
use static token to authenticate glbc
 2019-05-02 16:22:30 -07:00
immutablet
1ae9cb2f88 Remove encryption via locally stored key. 2019-05-02 15:09:02 -07:00
Jake Sanders
8bd0b45eae use static token to authenticate glbc 2019-05-01 22:24:48 -07:00
Zihong Zheng
037d4b3a07 Bump addon-manager to v9.0.1 
- Rebase image on debian-base:v1.0.0.
 2019-04-30 15:19:08 -07:00
Krzysztof Siedlecki
8dc0be6b9e creating instance groups in parallel 2019-04-30 18:42:09 +02:00
Ling Huang
d3fb7115ab Upgrade Stackdriver Logging Agent addon image from 1.6.0 to 1.6.8. 2019-04-29 15:07:10 -04:00
Wojciech Tyczynski
0d77f62c02
Revert "override ETCD_SERVER with https instead http when mTLS is enabled" 2019-04-27 06:50:20 +02:00
Krzysztof Siedlecki
862662f49e removing quotation marks 2019-04-26 00:25:58 +02:00
aaa
c4898d6f56 fix shellcheck failures list-resources.sh 
update pull request

update pull request

update pull request
 2019-04-21 18:17:44 -04:00
Kubernetes Prow Robot
2c2e7a01bb
Merge pull request #76655 from SataQiu/fix-shell-cluster-20190417 
Fix shellcheck failures of cluster/gce/gci/shutdown.sh
 2019-04-23 23:50:04 -07:00
Kubernetes Prow Robot
c669b216dd
Merge pull request #76958 from yujuhong/docker-logs 
GCE/Windows: Configure Docker to rotate container logs
 2019-04-23 20:28:12 -07:00
Kubernetes Prow Robot
06bc7e3e00
Merge pull request #76792 from dekkagaijin/insecure-port 
add option to disable the apiserver's insecure port via env var
 2019-04-23 14:02:35 -07:00
Kubernetes Prow Robot
0df8b10557
Merge pull request #76786 from dekkagaijin/master 
add additional approvers from GKE
 2019-04-23 14:02:23 -07:00
Yu-Ju Hong
6e12de0744 GCE/Windows: Configure Docker to rotate container logs 2019-04-23 11:53:16 -07:00
Kubernetes Prow Robot
aa11d0edef
Merge pull request #76850 from yujuhong/sd-agent 
GCE/Windows: enable stackdriver logging agent
 2019-04-22 13:18:03 -07:00
SataQiu
903c5a53b3 fix shellcheck failures of cluster/gce/gci/shutdown.sh 2019-04-22 11:46:45 +08:00
Yu-Ju Hong
4cd2625719 GCE/Windows: enable stackdriver logging agent 
This change bumps the stackdriver logging agent version to v1-9,
re-enable it, and change the script/configuration to:
  * Create /var/log in the startup script, since the fluentd
    configuration expects the directory to exists
  * Add support for collecting kubelet/kube-proxy logs
 2019-04-19 15:41:48 -07:00
Yu-Ju Hong
05074e9dde GCE/Windows: add cluster-location to instance metadata 
This will be used by stackdriver to annotate the logs.
 2019-04-19 15:41:48 -07:00
Jake Sanders
d4d5afb9cc add additional approvers from GKE 2019-04-19 14:38:31 -07:00
Jake Sanders
42fcd5eb63 remove erroneous kube-apiserver.manifest sed line 2019-04-19 17:40:28 +00:00
Kubernetes Prow Robot
e4f9d8fe3f
Merge pull request #76331 from xichengliudui/fixshellcheckfailures-17 
Fix shellcheck failures in stage-upload.sh
 2019-04-19 09:47:55 -07:00
Jake Sanders
113ab741e6 add option to set the value of the apiserver's insecure port 2019-04-18 20:35:08 +00:00
Peter Hornyack
81cc384a9a Pin GCE Windows node image to 1809 v20190312. 
This is to work around
https://github.com/kubernetes/kubernetes/issues/76666.
 2019-04-17 09:45:43 -07:00
Kubernetes Prow Robot
dc2c9e8bd5
Merge pull request #74690 from wenjiaswe/etcdserverhttp 
override ETCD_SERVER with https instead http when mTLS is enabled
 2019-04-15 16:45:07 -07:00
Wenjia Zhang
80c4bccf0f override ETCD_SERVER with https instead http when mTLS is enabled 2019-04-14 22:11:37 -07:00
Matt Matejczyk
2efea76263 Ability to set up Private GCE Clusters with NAT. 
Ref. https://github.com/kubernetes/kubernetes/issues/76374
 2019-04-12 13:21:56 +02:00
Kubernetes Prow Robot
ae8a4fcb0d
Merge pull request #76352 from jpbetz/reapply-72062 
[reapply] Perform GCE log rotation check every 5 minutes
 2019-04-12 00:41:14 -07:00
aaa
9768ba9eb3 Fix shellcheck failures in stage-upload.sh 
update pull request

update pull request

update pull request

update pull request
 2019-04-12 02:42:48 -04:00
Kubernetes Prow Robot
39073f0b9f
Merge pull request #74268 from wenjiaswe/fixingNitforetcdapiservertlspath 
fix nit for etcd_apiserver TLS path
 2019-04-11 01:22:11 -07:00
Kubernetes Prow Robot
134ed2e703
Merge pull request #76353 from Random-Liu/add-cni-version-env 
Add envs for CNI version.
 2019-04-10 18:46:22 -07:00
Lantao Liu
ad5b64ca10 Add envs for CNI version. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-04-09 16:38:53 -07:00
Joe Betz
6297c4f750 Perform GCE log rotation check every 5 minutes 2019-04-09 16:37:38 -07:00
Pengfei Ni
1406e2b70f Update cri-tools to v1.14.0 2019-04-08 10:59:18 +08:00
Zhen Wang
953677d7a5 Use Node-Problem-Detector v0.6.3 on GCI 2019-04-05 11:08:24 -07:00
Maciej Borsz
a0b51681c4
Revert "[Distroless] Convert the GCE manifests for master containers." 2019-04-05 12:55:14 +02:00
Ke Wu
925dc7f2e0 Fix empty array expansion error in cluster/gce/util.sh 
Empty array expansion causes "unbound variable" error in
bash 4.2 and bash 4.3.
 2019-04-04 16:46:58 -07:00
Kubernetes Prow Robot
1c105e1629
Merge pull request #75624 from yuwenma/gce-manifest 
[Distroless] Convert the GCE manifests for master containers.
 2019-04-04 16:21:19 -07:00
Yuwen Ma
af2659527f [Distroless] Convert the GCE manifests for master containers. 
* Touched containers: kube-apiserver, kube-scheduler,
kube-controller-manager.
* Remove the shell dependencies when upstart the containers.
* Reformat the command parameters to ["Exec", "Param1", "Param2"]
 2019-04-04 11:16:23 -07:00
Yu-Ju Hong
2a37067735 GCE/Windows: disable stackdriver logging agent 
The logging service could not be stopped at times, causing node startup
failures. Disable it until the issue is fixed.
 2019-04-03 10:34:36 -07:00
Michelle Au
d2aa8178f2 Remove alpha CRD install 2019-04-02 10:59:11 -07:00
Peter Hornyack
1814b0c495 Disable GCE agent address management on Windows nodes. 
With this metadata key set, "GCEWindowsAgent: GCE address manager
status: disabled" will appear in the VM's serial port output during
boot.

Tested:
PROJECT=${CLOUDSDK_CORE_PROJECT} KUBE_GCE_ENABLE_IP_ALIASES=true NUM_WINDOWS_NODES=2 NUM_NODES=2 KUBERNETES_NODE_PLATFORM=windows go run ./hack/e2e.go -- --up
cluster/gce/windows/smoke-test.sh

cat > iis.yaml <<EOF
apiVersion: v1
kind: Pod
metadata:
  name: iis
  labels:
    app: iis
spec:
  containers:
  - image: mcr.microsoft.com/windows/servercore/iis
    imagePullPolicy: IfNotPresent
    name: iis-server
    ports:
    - containerPort: 80
      protocol: TCP
  nodeSelector:
    beta.kubernetes.io/os: windows
  tolerations:
  - effect: NoSchedule
    key: node.kubernetes.io/os
    operator: Equal
    value: windows1809
EOF

kubectl create -f iis.yaml
kubectl expose pod iis --type=LoadBalancer --name=iis
kubectl get services
curl http://<service external IP address>
 2019-03-28 17:28:18 -07:00
Kubernetes Prow Robot
9e1cf75bd1
Merge pull request #75381 from rramkumar1/configure-scripts-for-ingress-yaml 
Plumb CUSTOM_INGRESS_YAML into other setup scripts
 2019-03-25 12:10:33 -07:00
Kubernetes Prow Robot
aa5fda22f2
Merge pull request #75269 from javier-b-perez/gce-configure 
gce: configure: validate SA has storage scope
 2019-03-19 11:06:22 -07:00
Łukasz Osipiuk
ff18fbcebb Update Cluster Autscaler version to 1.14.0 
No changes since 1.14.0-beta.2
Changelog: https://github.com/kubernetes/autoscaler/releases/tag/cluster-autoscaler-1.14.0
 2019-03-19 16:15:20 +01:00
Dan Williams
bfd8ad3268 build/gci: bump CNI version to 0.7.5 2019-03-18 17:16:42 -05:00
Rohit Ramkumar
8ac15cd54a Plumb CUSTOM_INGRESS_YAML into other setup scripts so that it can be set before a call to kubetest 2019-03-15 13:36:30 -07:00
Łukasz Osipiuk
e4663f73d3 Update Cluster Autscaler version to 1.14.0-beta.2 2019-03-15 12:01:47 +01:00
Kubernetes Prow Robot
a213886f9c
Merge pull request #74502 from Random-Liu/collect-pod-log 
Collect pod log in fluentd-gcp
 2019-03-12 01:34:37 -07:00
Javier Pérez Hernández
e783f0bcd4 gce: configure: validate SA has storage scope 
If the VM SA doesn't have storage scope associated, don't use the
token in the curl request or the request will fail with 403.
 2019-03-11 12:04:01 -07:00
Kubernetes Prow Robot
6ec5a7d337
Merge pull request #75181 from losipiuk/lo/master-ca-1.14-beta.1 
Update Cluster Autscaler version to 1.14.0-beta.1
 2019-03-11 07:15:32 -07:00
Kubernetes Prow Robot
8dd09e0b36
Merge pull request #75208 from pjh/gce-windows-readme-update 
Update GCE Windows README steps for running e2e tests.
 2019-03-10 21:15:26 -07:00
Lantao Liu
7ffa7da112 Configure logrotate for pod logs. 2019-03-08 16:45:41 -08:00
Kubernetes Prow Robot
c534a1b9b3
Merge pull request #75149 from yguo0905/m73 
GCE: bump COS image version to cos-beta-73-11647-64-0
 2019-03-08 14:19:35 -08:00
Peter Hornyack
0fbb246c30 Update GCE Windows README steps for running e2e tests. 2019-03-08 13:47:41 -08:00
Łukasz Osipiuk
2790d9151a Update Cluster Autscaler version to 1.14.0-beta.1 2019-03-08 14:01:55 +01:00
Kubernetes Prow Robot
cf439192fb
Merge pull request #75139 from mtaufen/windows-kube-proxy-args 
Windows kubeproxy flags cleanup
 2019-03-08 00:53:28 -08:00
Kubernetes Prow Robot
6a86f1576f
Merge pull request #75014 from mtaufen/windows-logrotate 
Windows log rotation
 2019-03-07 22:43:41 -08:00
Yang Guo
eef545abfd GCE: bump COS image version to cos-beta-73-11647-64-0 2019-03-07 16:11:02 -08:00
Michael Taufen
0d59d2a43e Windows kubeproxy flags cleanup 
- Pass most of the flags via kube-env, similar to Kubelet, to make it
  easier to reconfigure.
- Use kube-proxy's kubeconfig file to pass the API server address,
  rather than the --master flag.
- Make KUBEPROXY_ARGS a required variable in Windows kube-env, similar
  to KUBELET_ARGS.
 2019-03-07 14:45:34 -08:00
Tim Allclair
63f61a6714 Migrate RuntimeClass to internal API 2019-03-07 11:07:54 -08:00
Michael Taufen
0a21d644f5 Rotate windows logs 2019-03-07 10:42:31 -08:00
Kubernetes Prow Robot
57da888ff4
Merge pull request #75055 from pjh/gce-windows-disable-defender-again 
Disable Windows Defender in Windows nodes on GCE again.
 2019-03-07 01:07:26 -08:00
Kubernetes Prow Robot
a60d44848f
Merge pull request #74748 from pjh/gce-windows-stackdriver 
Install Stackdriver agent in Windows nodes on GCE.
 2019-03-06 17:59:39 -08:00
Kubernetes Prow Robot
ab7a48d796
Merge pull request #70036 from pbarker/audit-etoe 
dynamic audit e2e test
 2019-03-06 17:58:58 -08:00
Peter Hornyack
80c635880d Disable Windows Defender in Windows nodes on GCE again. 
This reverts commit fbf4fe4714. Windows
Defender seems to be causing our Windows nodes to crash and reboot
during e2e tests, e.g.
https://gcsweb.k8s.io/gcs/kubernetes-jenkins/logs/ci-kubernetes-e2e-windows-gce/228/artifacts/e2e-228-36623-windows-node-group-q4.
 2019-03-06 11:42:03 -08:00
Kubernetes Prow Robot
45e5f6053b
Merge pull request #74424 from liggitt/drop-k8s-io-node-labels 
Clean up self-set node labels
 2019-03-06 08:24:26 -08:00
Kubernetes Prow Robot
5a89793f8e
Merge pull request #74612 from jingxu97/windows 
Add GcePD windows support
 2019-03-05 21:42:22 -08:00
Peter Hornyack
197513141e Install Stackdriver agent in Windows test clusters. 2019-03-05 15:14:07 -08:00
Patrick Barker
67a245ae61 remove unneeded println 2019-03-05 14:38:58 -07:00
Patrick Barker
45d715cdc6 adds dynamic audit e2e test 2019-03-05 14:38:58 -07:00
Kubernetes Prow Robot
365c504e2b
Merge pull request #74928 from pjh/gce-windows-reenable-defender 
Don't disable Windows Defender.
 2019-03-05 11:10:25 -08:00
Peter Hornyack
fbf4fe4714 Don't disable Windows Defender. 2019-03-04 16:34:21 -08:00
Joe Betz
add956f00f Revert "Perform GCE log rotation check every 5 minutes" 
This reverts commit 1ba05d51a6.
 2019-03-04 14:10:20 -08:00
Kubernetes Prow Robot
e001276b1d
Merge pull request #74836 from yujuhong/update-win-cni-config 
GCE/Windows: exclude gateways from the IPAM subnet
 2019-03-01 20:35:03 -08:00
Yu-Ju Hong
1f86bce95e GCE/Windows: exclude gateways from the IPAM subnet 
Exclude IPs assigned for gateways in the IPAM configuration.
 2019-03-01 16:35:26 -08:00
Kubernetes Prow Robot
b8e05af7bf
Merge pull request #74736 from mtaufen/windows-kube-proxy-config 
Stop setting --hostname-override on Windows kube-proxy and allow args  to be extended remotely if necessary
 2019-03-01 16:12:23 -08:00
Kubernetes Prow Robot
98c0d15f98
Merge pull request #74762 from pjh/gce-windows-dump-versions 
Dump Windows version information during cluster bringup.
 2019-03-01 01:08:36 -08:00
Kubernetes Prow Robot
824883d08a
Merge pull request #74754 from pjh/gce-windows-smoke-timeout 
Increase Windows smoke-test timeout to 3 minutes.
 2019-02-28 19:12:18 -08:00
Peter Hornyack
18a2a98d67 Dump Windows version information during cluster bringup. 2019-02-28 17:22:49 -08:00
Peter Hornyack
43556be50e Enhance metadata fetching functions. 
Introduce Get-InstanceMetadata which can be used to fetch
non-"attribute" metadata values.
 2019-02-28 17:18:34 -08:00
Peter Hornyack
4181422a3c Increase Windows smoke-test timeout to 3 minutes. 
I recently lowered the timeout value to 2 minutes but this turned out to
be too aggressive for now. 3 minutes is usually long enough for the test
containers to come up.

Note that this test is only used during development, it does not run
continuously anywhere.
 2019-02-28 14:22:35 -08:00
Kubernetes Prow Robot
4741785d29
Merge pull request #73650 from mtaufen/windows-upload-scripts 
upload Windows startup scripts to GCS for CI
 2019-02-28 11:51:25 -08:00
Michael Taufen
a76d132162 Stop setting --hostname-override on Windows kube-proxy and allow args to be extended remotely if necessary 
--hostname-override should not be necessary, we can rely on kube-proxy
to auto-detect it just like we do in Kubelet.

I also added an optional variable to kube_env, KUBEPROXY_ARGS, that we
can use to remotely extend kube-proxy's command-line if necessary.
 2019-02-28 10:13:07 -08:00
Jing Xu
5e04d200ee Add GcePD windows support 
This PR adds the support for GCEPD volume. For now, it uses a workaround
(https://github.com/pjh/gce-tools) to get disk number in windows for a given GCE PD name.
 2019-02-27 17:00:32 -08:00
Zhen Wang
efa96f7eb8 allows configuring NPD release and flags on GCI and add cluster e2e test 2019-02-26 21:21:54 -08:00
Kubernetes Prow Robot
81ec358db4
Merge pull request #74438 from pjh/gce-windows-log-dump 
Support dumping logs from Windows test nodes on GCE
 2019-02-26 18:12:09 -08:00
Yu-Ju Hong
093e5a50ac GCE/Windows: create a C:\tmp directory 
This is required for running host path tests.
 2019-02-26 10:59:06 -08:00
Jordan Liggitt
e1db43ad1b Label old nodes with legacy addon labels 2019-02-26 11:43:10 -05:00
Jordan Liggitt
943b32a289 Prepare switch from beta.kubernetes.io/kube-proxy-ds-ready to node.kubernetes.io/kube-proxy-ds-ready 2019-02-26 11:42:23 -05:00
Jordan Liggitt
d6664a2365 Prepare switch from beta.kubernetes.io/metadata-proxy-ready to cloud.google.com/metadata-proxy-ready 2019-02-26 11:42:23 -05:00
Jordan Liggitt
8975233788 Finish migration of fluentd to daemonset 2019-02-26 11:42:23 -05:00
Kubernetes Prow Robot
3fb6e77770
Merge pull request #74549 from yujuhong/pause-image 
GCE: switch to using e2eteam/pause:3.1 for pause containers
 2019-02-25 23:12:00 -08:00
Michael Taufen
98edbf41bc upload Windows startup scripts to GCS for CI 2019-02-25 16:44:57 -08:00
Kubernetes Prow Robot
3814176d42
Merge pull request #74455 from SataQiu/fix-shell-2019022302 
Fix shellcheck lint errors in cluster and hack scripts
 2019-02-25 15:15:19 -08:00
Yu-Ju Hong
b863655faa GCE: switch to using e2eteam/pause:3.1 for pause containers 
Stop building pause images on node startup.
 2019-02-25 14:36:49 -08:00
Kubernetes Prow Robot
2aacb77374
Merge pull request #74444 from pjh/gce-windows-no-defender 
Disable Windows Defender on Windows nodes.
 2019-02-25 13:54:42 -08:00
SataQiu
9cda80e836 fix shellcheck lint errors in cluster and hack scripts 2019-02-24 11:15:35 +08:00
Peter Hornyack
621df2cddb Disable Windows Defender on Windows test nodes. 2019-02-22 18:35:38 -08:00
Xiang Dai
36065c6dd7 delete all duplicate empty blanks 
Signed-off-by: Xiang Dai <764524258@qq.com>
 2019-02-23 10:28:04 +08:00
Kubernetes Prow Robot
46d7e9c784
Merge pull request #74381 from yujuhong/add-key 
GCE: add EventLog registry key for docker
 2019-02-22 17:58:44 -08:00
Peter Hornyack
3efd4ca1dc Enhance/repair detect-node-names() and related env vars for Windows nodes. 2019-02-22 14:56:55 -08:00
Yu-Ju Hong
40d0ae311c GCE: add EventLog registry key for docker 2019-02-21 17:47:32 -08:00
Peter Hornyack
57ca6f007e Enable OpenSSH on Windows nodes in test clusters. 
Also switches to the most recent 64-bit version of OpenSSH for Windows.

Tested:
PROJECT=${CLOUDSDK_CORE_PROJECT} KUBERNETES_SKIP_CONFIRM=y NUM_NODES=2 \
NUM_WINDOWS_NODES=2 KUBE_GCE_ENABLE_IP_ALIASES=true TEST_CLUSTER=true \
./cluster/kube-up.sh
 2019-02-21 14:03:43 -08:00
Peter Hornyack
6d78f2b666 Default to Windows Server version 1809 for Windows nodes. 
Removes all references to 1803, including moving "win1803" directory to
just "windows". A single Windows directory suffices for now, if
necessary in the future we can shard it into directories for each
Windows version.

We've been running tests with Windows 1809 nodes for a couple days in
our fork without major problems:
https://testgrid.k8s.io/google-windows#windows-prototype&width=20.
Testing on Azure is already using 1809:
https://testgrid.k8s.io/sig-windows#Conformance%20acs-engine%20on%20Azure&width=20.
 2019-02-21 09:44:44 -08:00
Kubernetes Prow Robot
f1de0b557c
Merge pull request #74324 from mtaufen/fix-windows 
Fix hash if statement
 2019-02-20 23:57:18 -08:00
Kubernetes Prow Robot
6c1f2077e5
Merge pull request #74192 from xichengliudui/fixshellcheck190218 
make more of the shell pass lints
 2019-02-20 21:41:25 -08:00
Kubernetes Prow Robot
054a676141
Merge pull request #74142 from javier-b-perez/master 
GCE config.sh script should use headers for curl GCS apis
 2019-02-20 21:41:12 -08:00
Michael Taufen
cf3ad9c655 Fix hash if statement 2019-02-20 16:56:00 -08:00
Kubernetes Prow Robot
f04ce297d6
Merge pull request #74100 from mtaufen/file-download-improvements 
Retry downloads, respect URL list, validate tar hash
 2019-02-20 11:34:06 -08:00
Michael Taufen
7ffe810f1d Retry downloads, respect URL list, validate tar hash 2019-02-20 08:52:46 -08:00
Kubernetes Prow Robot
db7d930aab
Merge pull request #74109 from pjh/gce-windows-cluster-smoke-test 
Detect ready pods correctly and untaint Windows nodes in smoke-test.
 2019-02-19 19:57:40 -08:00
Peter Hornyack
8a7fe26888 Detect ready pods correctly and untaint Windows nodes in smoke-test. 2019-02-19 11:48:54 -08:00
Wenjia Zhang
b9af5b5112 fix nit for etcd_apiserver TLS path 2019-02-19 11:19:49 -08:00
xichengliudui
fd044c5770 make more of the shell pass lints 2019-02-18 00:42:46 -05:00
Kubernetes Prow Robot
5aaf6cd61b
Merge pull request #72386 from logicalhan/readiness 
fail faster for readiness checks
 2019-02-15 18:02:30 -08:00
Javier Pérez Hernández
708d7df561 k8s: gci: configure: add token to curl calls 
Modify script to use curl to get metadata and Service Account token.
When the SA doesn't have 'Storage Read' scope, it can only read
public files.
 2019-02-15 11:00:35 -08:00
Kubernetes Prow Robot
6f6f8bdfcc
Merge pull request #73822 from justinsb/renamed_set_node_image 
e2e upgrade test: rename functions to match f0f7829934
 2019-02-13 19:06:20 -08:00
Kubernetes Prow Robot
812016fa23
Merge pull request #73818 from gnufied/add-e2e-for-no-expand 
add e2e test when expansion is disabled
 2019-02-13 12:16:09 -08:00
Kubernetes Prow Robot
aefd281143
Merge pull request #73983 from ixdy/update-bazel-deps 
Update repo-infra, bazel-skylib, and rules_docker dependencies
 2019-02-13 11:00:08 -08:00
Hemant Kumar
7d823e5df0 also remove slow tag from resizing tests 2019-02-13 10:48:49 -05:00
Jeff Grafton
e216995ef1 Update repo-infra, bazel-skylib, rules_docker, and rules_go dependencies 
Also require bazel 0.18.0+
 2019-02-12 17:55:10 -08:00
Peter Hornyack
063725230d Delete RDP firewall rule during kube-down. 
This rule is only created if the cluster has one or more Windows nodes,
but delete-firewall-rules() ignores firewall rule arguments that do not
exist so it's safe to always attempt to delete this rule.
 2019-02-12 15:19:16 -08:00
Kubernetes Prow Robot
b50c643be0
Merge pull request #73540 from rlenferink/patch-5 
Updated OWNERS files to include link to docs
 2019-02-08 09:05:56 -08:00
Justin SB
28c34d8d71
e2e upgrade test: rename functions to match f0f7829934 
These functions were renamed in
f0f7829934, but cluster/gce/upgrade.sh
was missed.
 2019-02-07 13:27:34 -05:00
Matt Matejczyk
4dcc017d7a Propagate API_SERVER_TEST_LOG_LEVEL in cluster/gce/util.sh 2019-02-05 10:30:17 +01:00
Roy Lenferink
b43c04452f Updated OWNERS files to include link to docs 2019-02-04 22:33:12 +01:00
Maciej Borsz
afeabe99b7 Fix typo in create-heapster-node 2019-02-01 11:04:23 +01:00
Kubernetes Prow Robot
244795a06a
Merge pull request #73442 from pjh/gce-windows-cluster 
Update cluster/gce/ scripts to support Windows nodes.
 2019-01-31 18:20:37 -08:00
Kubernetes Prow Robot
46fc4dd96a
Merge pull request #73577 from wojtek-t/remove_vmodule 
Remove vmodule from apiserver to reduce lock contention
 2019-01-31 04:59:42 -08:00
wojtekt
3032d92736 Remove vmodule from apiserver to reduce lock contention 2019-01-31 10:53:44 +01:00
Peter Hornyack
f0f7829934 Update cluster/gce scripts to support Windows nodes. 2019-01-30 19:49:07 -08:00
Matt Matejczyk
12904ac911 Tune suggested master disk sizes for big clusters. 
Looks like the get-master-root-disk-size() and get-master-disk-size() functions didn't anticipate
clusters bigger than 2K nodes.

In https://github.com/kubernetes/kubernetes/issues/72976 we found out
that 100GB may be not enough for large clusters (5K nodes) when it comes
to master root disk size.

Updating both get-master-root-disk-size() and get-master-disk-size() to
make them consistent and match cluster sizes with get-master-size()
function.
 2019-01-29 10:48:08 +01:00
Kubernetes Prow Robot
d306d68a36
Merge pull request #72978 from liggitt/addon-changelog 
Update addon-manager changelog/image
 2019-01-24 16:30:00 -08:00
Kubernetes Prow Robot
c21f60f862
Merge pull request #73268 from wojtek-t/better_scale_inflights 
Better scale max-inflight request limits to correlate them with master VM size
 2019-01-24 10:37:25 -08:00
wojtekt
d911ebbc3f Correlate max-inflight values in GCE with master VM sizes 2019-01-24 15:13:36 +01:00
Yu-Ju Hong
2edd3e3f52 GCE: add yujuhong to OWNERS 2019-01-23 14:46:29 -08:00
Kubernetes Prow Robot
0713f29c28
Merge pull request #72062 from jpbetz/gce-logrotate-check-interval 
Perform GCE master log rotation check every 5 minutes
 2019-01-16 14:45:22 -08:00
Jordan Liggitt
df97217f7f Update addon-manager changelog/image 2019-01-16 13:26:39 -05:00
Kubernetes Prow Robot
d95b9f16d1
Merge pull request #70144 from wenjiaswe/etcdKasTls 
Add mTLS encription between etcd and kube-apiserver in GCE
 2019-01-16 02:51:06 -08:00
Tim Allclair
485b21e8cb Fix kube-proxy PodSecurityPolicy RoleBinding namespace 2019-01-09 17:57:15 -08:00
Wenjia Zhang
c17233c41c add mTLS encription between etcd and kube-apiserver in GCE 2019-01-07 13:52:20 -08:00
Kubernetes Prow Robot
9cdfdba14c
Merge pull request #71924 from yujuhong/node-binaries 
GCE: enable downloading and staging of the node binaries
 2018-12-28 18:07:26 -08:00
Han Kang
e9a39533c3 fail faster for readiness checks 2018-12-27 16:17:02 -08:00
Joe Betz
1ba05d51a6 Perform GCE log rotation check every 5 minutes 2018-12-18 10:13:41 -08:00
Kubernetes Prow Robot
cf813b247d
Merge pull request #71977 from rramkumar1/kube-dns-ordering 
DNS service ordering for addon manager
 2018-12-18 01:47:49 -08:00
wojtekt
fc346b2086 Allow for configuring etcd servers addresses in kubemark 2018-12-13 11:50:49 +01:00
Rohit Ramkumar
bc44940835 Modify dns addons dir to prepend 0 on dir name. Ensures proper ordering upon creation by addon manager 2018-12-12 13:15:08 -08:00
Yu-Ju Hong
f87fcf6ce8 GCE: enable downloading and staging of the node binaries 
Currently, only kubernetes-server-linux-<arch>.tar.gz will be downloaded
and staged for tests. It is not possible to test a cluster where the
platform/arch of the nodes differs from that of the master
control-plane. This changes allows downloading and staging node
binaries, in addition to the existing server binaries.
 2018-12-10 16:58:44 -08:00
Matt Brannock
d99422884b Create managed instance groups for nodes in parallel 2018-12-04 13:56:52 -08:00
Kubernetes Prow Robot
a9b69dc381
Merge pull request #71615 from jpbetz/etcd-3.3.10-0-image 
Update default etcd server to 3.3.10 for kubernetes 1.14
 2018-12-04 02:54:34 -08:00
Joe Betz
862b945e5a Update default etcd server to 3.3.10 for kubernetes 1.13 2018-12-03 11:03:49 -08:00
Zhen Wang
29de74375a Use Node-Problem-Detector v0.6.0 2018-11-28 11:44:36 -08:00
Łukasz Osipiuk
6db2483e0b Update Cluster Autoscaler version to 1.13.0 2018-11-28 16:06:18 +01:00
k8s-ci-robot
414cfbd821
Merge pull request #71452 from losipiuk/lo/update-ca-version-1.13 
Update Cluster Autoscaler version to 1.13.0-rc.2
 2018-11-27 07:06:34 -08:00
Łukasz Osipiuk
0fac5aaaad Update Cluster Autoscaler version to 1.13.0-rc.2 2018-11-27 12:47:42 +01:00
k8s-ci-robot
396271cf52
Merge pull request #70954 from qingling128/master 
Upgrade Stackdriver Logging Agent addon image to 0.6-1.6.0-1 to use Fluentd v1.2.
 2018-11-25 23:09:07 -08:00
k8s-ci-robot
2b0212de9c
Merge pull request #71206 from stlaz/enc_config_opt 
Rename '--experimental-encryption-provider-config' to '--encryption-provider-config'
 2018-11-21 11:30:12 -08:00
k8s-ci-robot
a19bf332de
Merge pull request #71124 from Random-Liu/make-fluentd-container-runtime-service-configurable 
Make fluentd container runtime service configurable.
 2018-11-21 07:49:42 -08:00
Sergei Orlov
21c1bb8830
kubeapiserver: rename '--experimental-encryption-provider-config' to '--encryption-provider-config'. 
This change renames the '--experimental-encryption-provider-config'
flag to '--encryption-provider-config'. The old flag is accepted but
generates a warning.

In 1.14, we will drop support for '--experimental-encryption-provider-config'
entirely.

Co-authored-by: Stanislav Laznicka <slaznick@redhat.com>
 2018-11-19 16:34:09 +01:00
k8s-ci-robot
ca696fef26
Merge pull request #69848 from mikedanese/projadmission 
migrate service account volume to a projected volume when BoundServiceAccountTokenVolumes are enabled
 2018-11-16 22:46:23 -08:00
k8s-ci-robot
1e22f080ec
Merge pull request #67383 from stlaz/enc_config_promotion 
Introduce apiserver.config.k8s.io/v1 and use standard method for parsing encryption config file
 2018-11-16 16:31:30 -08:00
Mike Danese
98c468de8d update PSPs to allow projected volumes 2018-11-16 19:32:44 +00:00
Lantao Liu
1670b4089a Make fluentd container runtime service configurable. 2018-11-16 02:17:55 -08:00
Han Kang
e1d9128978 increase the liveness probe delay for GCE e2e tests, to avoid premature teardown 2018-11-15 10:21:10 -08:00
k8s-ci-robot
ca338b91f5
Merge pull request #70676 from logicalhan/exclude-checks 
add ability to disable health checks on kube-apiserver for healthz using query-params
 2018-11-14 11:37:48 -08:00
k8s-ci-robot
79dab474c0
Merge pull request #70555 from prameshj/nodelocaldnscache 
Support running a nodelocal dns cache
 2018-11-14 00:18:56 -08:00
Pavithra Ramesh
6d7c5e90ed Removed .salt template , using .sed template 
Removed default config options from yaml.
Removed unused yaml files
 2018-11-13 18:33:34 -08:00