github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
11,173 Commits 1 Branch 31 Tags 1,019 MiB
553f9f822b
Commit Graph

370 Commits

Author SHA1 Message Date
derekwaynecarr
81e9395533 Fix vagrant regression due to #7326 2015-04-27 17:18:30 -04:00
Eric Tune
9044177bb6 Generate a token for kube-proxy. 
Tested on GCE.
Includes untested modifications for AWS and Vagrant.
No changes for any other distros.
Probably will work on other up-to-date providers
but beware.  Symptom would be that service proxying
stops working.

 1. Generates a token kube-proxy in AWS, GCE, and Vagrant setup scripts.
 1. Distributes the token via salt-overlay, and salt to /var/lib/kube-proxy/kubeconfig
 1. Changes kube-proxy args:
   - use the --kubeconfig argument
   - changes --master argument from http://MASTER:7080 to https://MASTER
     - http -> https
     - explicit port 7080 -> implied 443

Possible ways this might break other distros:

Mitigation: there is an default empty kubeconfig file.
If the distro does not populate the salt-overlay, then
it should get the empty, which parses to an empty
object, which, combined with the --master argument,
should still work.

Mitigation:
  - azure: Special case to use 7080 in
  - rackspace: way out of date, so don't care.
  - vsphere: way out of date, so don't care.
  - other distros: not using salt.
 2015-04-27 08:59:57 -07:00
Robert Bailey
846ffcff83 Pass the CA root cert into the apiserver so that the apiserver will 
perform client cert checks for authorization. Only enable on GCE where
the apiserver is terminating SSL connections from end users.
 2015-04-24 22:01:56 -07:00
Nikhil Jindal
84cb48be11 Merge pull request #7246 from satnam6502/es 
Convert Elasticsearch logging to v1beta3 and de-salt
 2015-04-24 09:21:41 -07:00
CJ Cullen
80af1c9e40 kube2sky using kubeconfig secret: take 2. Point system secrets at https://kubernetes. Override in clients that can't use DNS. 2015-04-23 18:13:16 -07:00
Satnam Singh
c9b9e7651e Convert Elasticsearch logging to v1beta and de-salt 2015-04-23 13:06:15 -07:00
Dawn Chen
f9156c281a Merge pull request #7123 from satnam6502/logging 
Propagate pod and container name for log files
 2015-04-23 10:13:08 -07:00
Satnam Singh
2444c1f943 Propagate pod and container name for log files 2015-04-22 15:08:51 -07:00
Dawn Chen
87e0d5da08 Merge pull request #7186 from ArtfulCoder/no_log_pod_on_master 
removed elasticsearch and fluentd-gcp pods from master
 2015-04-22 14:40:07 -07:00
Abhishek Shah
8cf11fd608 removed elasticsearch and fluentd-gcp pods from master 2015-04-22 12:54:57 -07:00
Robert Bailey
dc45f7f9e6 Remove nginx and replace basic auth with bearer token auth for GCE. 
- Configure the apiserver to listen securely on 443 instead of 6443.
 - Configure the kubelet to connect to 443 instead of 6443.
 - Update documentation to refer to bearer tokens instead of basic auth.
 2015-04-22 11:11:20 -07:00
Eric Tune
b944049fe9 Merge pull request #6916 from ArtfulCoder/controller-in-a-pod 
kube-controller-manager in a pod.
 2015-04-21 09:58:29 -07:00
Justin Santa Barbara
29592356f7 Rename salt minion_ip to hostname_override 
Prep work for making AWS node identifier -> instance id
 2015-04-21 06:24:49 -07:00
CJ Cullen
1be193098a Merge pull request #7072 from dchen1107/cleanup 
Remove fqdn dependency for node name
 2015-04-20 18:00:21 -07:00
Abhishek Shah
f513aad380 kube-controller-manager in a pod. 2015-04-20 16:06:37 -07:00
Eric Tune
c3203cba6d Create system secrets in kubeconfig format 
Was previously kubernetes_auth format.

Added defaults file which uses salt to fill in an env var
with the master's IP.

More thought needs to be given soon to how to make this
connection use a cert for the master, and how to support
multiple masters, and whether to use the DNS record
instead of an IP address.  But this PR unblocks some other
more urgent things, so doing it this way.
 2015-04-20 15:02:45 -07:00
Kenjiro Nakayama
2e702b0c61 Replace hostname -f with uname -n 2015-04-20 14:16:21 -07:00
Eric Tune
424ae1d67a Fix kube-addon retrying. 2015-04-20 07:38:39 -07:00
Robert Bailey
972cf60d2b Merge pull request #6957 from ArtfulCoder/no_monit 
remove unused file
 2015-04-17 11:40:36 -07:00
Abhishek Shah
b08102d358 remove unused file 2015-04-16 21:51:51 -07:00
Abhishek Shah
647d5948a1 Docker Image install script - Sleep before each iteration of while loop 2015-04-16 21:46:35 -07:00
Derek Carr
6c394e4d81 Merge pull request #6911 from erictune/del_kub_user 
Remove unused kubelet user from salt.
 2015-04-16 11:45:26 -04:00
Eric Tune
955cc1e1df Remove unused kubelet user from salt. 
Fixes #1512.

Cluster creation and validation succeeds with this change.
 2015-04-16 07:46:56 -07:00
litian54
b5e4111234 Fix Jinja render bug if 'portal_net' or 'cluster_name' is undefined 2015-04-15 17:17:38 -07:00
Abhi Shah
72a694b6b3 Merge pull request #6823 from ArtfulCoder/scheduler-in-a-pod 
Scheduler in a pod
 2015-04-15 08:27:28 -07:00
Abhishek Shah
a908bb78ea kube-scheduler in a pod 2015-04-14 17:53:12 -07:00
Quinton Hoole
cd6daae014 Merge pull request #6271 from a-robinson/asynclb 
Manage load balancer creation and deletion asynchronously in a ServiceController
 2015-04-14 17:50:07 -07:00
Abhishek Shah
37eb4d85e1 Install kube-controller-manager image 2015-04-14 16:45:39 -07:00
Abhishek Shah
682e8cfa99 Load Kube Scheduler Image. 2015-04-14 15:20:24 -07:00
Alex Robinson
ccc300289f Implement a ServiceController that watches services and handles keeping 
external load balancers up-to-date based on the service's specs, using
the new DeltaFIFO watch queue class. Remove the old registry REST
handler code for creating/updating/deleting load balancers.

Also clean up a bunch of the GCE cloudprovider code related to load balancers.
 2015-04-14 18:56:24 +00:00
Justin Santa Barbara
72687184b9 Don't always use aws.conf 
We don't usually need it, and it makes it harder to put apiserver into a container.
 2015-04-14 09:30:00 -07:00
Abhishek Shah
c9d7010461 kube-apiserver in a pod. 2015-04-13 15:15:45 -07:00
Dawn Chen
67169ec87d Merge pull request #6719 from litian54/master 
Fix Rendering SLS 'base:nginx' failed if 'cloud' is not defined in minio...
 2015-04-13 10:42:48 -07:00
Dawn Chen
7f2f165797 Revert "kube-apiserver in a pod." 2015-04-10 22:54:52 -07:00
litian54
36ef786228 Fix Rendering SLS 'base:nginx' failed if 'cloud' is not defined in minion grains 2015-04-10 18:27:22 -07:00
Abhishek Shah
2f70395396 kube-apiserver in a pod. 2015-04-10 15:46:49 -07:00
Justin Santa Barbara
a366f9ee88 Create the /usr/share/google dir in salt 2015-04-10 13:25:43 -07:00
Justin Santa Barbara
b9fd56050a Add safe_format_and_mount script to aws 
Apache licensed :-)
 2015-04-10 13:25:42 -07:00
Derek Carr
d2b6920a32 Merge pull request #6496 from ArtfulCoder/docker_image_install 
Load docker images of kubernetes components after docker is installed.
 2015-04-10 16:19:10 -04:00
Maxwell Forbes
7eb7387d97 Merge pull request #6403 from zmerlynn/salt_docs 
Update the existing salt.md, add the start of a Salt README tree
 2015-04-09 10:34:25 -07:00
Abhishek Shah
4996ccbf2d Load docker images of kubernetes components after docker is installed. 2015-04-09 09:06:42 -07:00
Dawn Chen
8ede54c511 Upgrade kubernetes to gcr.io/google_containers/etcd:2.0.9 2015-04-07 16:26:11 -07:00
Justin Santa Barbara
2426366ec8 Update cAdvisor with moved docker root on AWS 
We set up a symlink now, and we also pass docker_root into the kubelet.

The symlink is probably sufficient, but doing both feels safer.
 2015-04-07 10:40:22 -07:00
Abhishek Shah
a0ea2c6718 Disable nginx service 2015-04-06 18:38:03 -07:00
Zach Loafman
c292d2e8d6 Update the existing salt.md, add the start of a Salt README tree 
Starts to fix #6070
 2015-04-06 14:41:21 -07:00
Abhishek Shah
9231fae998 Prevent docker load. 2015-04-06 11:09:27 -07:00
Abhishek Shah
fb665ede4c Run etcd on localhost for all providers. 2015-04-03 14:00:44 -07:00
Abhishek Shah
23c42cd8b2 Etcd listens on localhost for GCE 2015-04-03 11:40:09 -07:00
Yu-Ju Hong
76f1232a2e Merge pull request #6404 from dchen1107/master 
Using gcr.io/google_containers/etcd:2.0.8
 2015-04-03 08:51:41 -07:00
Zach Loafman
de67b96ff7 Merge pull request #6396 from ArtfulCoder/master_logging 
Enable log collection from master.
 2015-04-02 18:50:30 -07:00
Abhishek Shah
39bb6d3777 Enable log collection from master. 2015-04-02 18:37:07 -07:00
Zach Loafman
12cf7681a9 Merge pull request #5470 from erictune/for-abhis 
Make secrets at cluster startup.
 2015-04-02 17:43:56 -07:00
Dawn Chen
814177c21b Using gcr.io/google_containers/etcd:2.0.8 2015-04-02 17:04:05 -07:00
Abhi Shah
a918a719e0 Merge pull request #6334 from brendandburns/nginx 
Add an nginx docker image for use on the master.
 2015-04-02 16:58:02 -07:00
Brendan Burns
9f48a2f4e6 Add an nginx docker image for use on the master. 2015-04-02 16:42:17 -07:00
Eric Tune
59daeabaee Make secrets at cluster startup. 
These secrets will be used in subsequent PRs by:
scheduler, controller-manager, monitoring services,
logging services, and skydns.

Each of these services will then be able to stop using kubernetes-ro
or host networking.
 2015-04-02 15:58:45 -07:00
Zach Loafman
c627a3598c Merge pull request #6384 from erictune/cleanup-addons.sh 
Use same addons script for init.d and systemd.
 2015-04-02 14:49:44 -07:00
Derek Carr
4ae016e022 Merge pull request #6382 from derekwaynecarr/fix_vagrant_kubelet 
Fix vagrant with etcd in pod
 2015-04-02 17:22:44 -04:00
Eric Tune
b9570b3daa Use same addons script for init.d and systemd. 2015-04-02 14:07:23 -07:00
derekwaynecarr
c6bf46acd7 Fix vagrant with etcd in pod 2015-04-02 16:55:29 -04:00
Dawn Chen
9b2f835a01 Merge pull request #6326 from ArtfulCoder/docker_image_creation 
Create Docker images for master components
 2015-04-02 13:12:17 -07:00
Abhishek Shah
b1b779a8d5 docker image creation 2015-04-02 12:39:12 -07:00
Filip Grzadkowski
65c2942a82 Increase ulimit -n for apiserver. 2015-04-02 17:01:23 +02:00
CJ Cullen
5e6e67ba59 Add an alternative TokenSource to the GCE CloudProvider. 2015-04-01 17:52:30 -07:00
Dawn Chen
ab1a8b1e7c Merge pull request #6298 from roberthbailey/kubelet-config 
Remove salt configuration that matches the default settings in the Kubelet.
 2015-04-01 14:31:31 -07:00
Derek Carr
2af9b54147 Merge pull request #6259 from zmerlynn/fix_cloud_provider 
Eliminate grains.cloud_provider (in preference to grains.cloud) from SaltStack
 2015-04-01 17:04:05 -04:00
Robert Bailey
40ebed845f Remove salt configuration that matches the default settings in 
the Kubelet.
 2015-04-01 12:13:40 -07:00
Abhishek Shah
8e3a41b52c Run etcd 2.0.5 in a pod 2015-04-01 11:38:21 -07:00
Zach Loafman
b581320bf7 Eliminate grains.cloud_provider (in preference to grains.cloud) from SaltStack 
This variable can be entirely derived from grains.cloud, and it
simplifies the configuration somewhat. (Or someone convince me I'm
wrong. I'm happy to be wrong here.)
 2015-04-01 08:32:32 -07:00
Satnam Singh
73a9ab2928 Rename logging image to use google_containers 2015-03-31 16:00:52 -07:00
Victor Marmol
f0b3493c26 Merge pull request #6240 from zmerlynn/fix_apiservers 
s/apiservers/api_servers/ in Salt
 2015-03-31 13:06:09 -07:00
Zach Loafman
6c219885e0 s/apiservers/api_servers/ in Salt 
It looks like api_servers finally won this battle. Kill off the
last remaining places passing it, but allow the kubelet Salt to
accept apiservers for a period of time.

(This was bothering my OCD.)
 2015-03-31 12:29:46 -07:00
Abhishek Shah
541219db77 Retry kube-addons creation if kube-addons creation fails. 2015-03-30 18:14:54 -07:00
Robert Bailey
bc8af553a3 Configure the kubelet to bind a simple healthz server to a localhost 
port for monitoring by monit. This is in preparation for the standard
kubelet port to switch to SSL only (and eventually to only accepting
connections on the SSL port that present a proper client SSL cert).

Also standardize the formatting of the monit config files a bit.
 2015-03-30 14:20:30 -07:00
Victor Marmol
b9214d4fcf Merge pull request #6122 from satnam6502/fluentd-gcp 
Update Salt config to use gcr.io Fluentd to Cloud Logging agent
 2015-03-30 08:02:12 -07:00
Zach Loafman
848134fdfa Revert "Running etcd 2.0.5 in a pod on master" 2015-03-28 07:36:39 -07:00
Dawn Chen
179fe870cc Merge pull request #4442 from ArtfulCoder/docker_etcd 
Running etcd 2.0.5 in a pod on master
 2015-03-27 18:33:25 -07:00
Daniel Smith
525bbfd175 Merge pull request #6103 from zmerlynn/remove_gce_node_names 
Remove the --machines SaltStack configuration on GCE
 2015-03-27 17:55:16 -07:00
Abhishek Shah
7750f35e7c Running etcd 2.0.5 in a pod on master 2015-03-27 17:50:10 -07:00
Satnam Singh
666e2b69ac Update Salt config to use gcr.io Fluentd to Cloud Logging agent 2015-03-27 16:39:12 -07:00
Satnam Singh
ce1e73fccc Update Salt config use gcr.io Fluentd to ES image 2015-03-27 16:09:37 -07:00
Zach Loafman
68ccb97907 Remove the --machines SaltStack configuration on GCE 
Per https://github.com/GoogleCloudPlatform/kubernetes/issues/6072#issuecomment-87074456, this is no longer necessary.
We now no longer need a static node list. Woo!
 2015-03-27 14:44:19 -07:00
Abhishek Shah
d84ff79cfd Added a catchall to set api server ip address in kubelet cmd params 2015-03-27 08:44:52 -07:00
Piotr Szczesniak
c516aba8e8 Merge pull request #6043 from ArtfulCoder/kubelet_salt 
Modified salt config to get master ip address correctly
 2015-03-27 10:03:05 +01:00
Abhishek Shah
f35a352782 Modified salt config to get master ip address correctly 2015-03-26 21:17:06 -07:00
Abhishek Shah
d1015e785f Add salt configuration to remove cadvisor.manifest from master. cadvisor is now part of kubelet 2015-03-26 10:15:30 -07:00
Robert Bailey
268b617b84 Add local babysitting for the kube-proxy. 2015-03-25 23:24:24 -07:00
Brendan Burns
8bac135f85 Configure docker and kubelet on AWS master. 2015-03-24 17:19:06 -07:00
Satnam Singh
69f867dafb Upgrade etcd to v2.0.5 on the master 2015-03-23 13:52:04 -07:00
Justin Santa Barbara
60a07e972b Raise the file ulimit for kube-proxy for init.d systems 2015-03-19 19:36:13 -04:00
Satnam Singh
985d5c1f95 Add a prefix to the POS file for Fluentd to Elasticsearch 2015-03-17 13:13:03 -07:00
Satnam Singh
0212e68e91 Adjust POS file for Fluentd to Cloud Logging 2015-03-17 11:44:04 -07:00
Timothy St. Clair
140330fca8 Fix to address issue #5461 kube-proxy too many files open 
https://github.com/GoogleCloudPlatform/kubernetes/issues/5461
 2015-03-17 10:13:25 -05:00
Satnam Singh
d395efa463 Make Fluentd to Cloud Logging collector read from head 2015-03-16 16:19:07 -07:00
Derek Carr
440c720805 Merge pull request #5330 from zmerlynn/try_addons_again 
Retry object creation with --validate in kube-addons
 2015-03-16 10:43:39 -04:00
Victor Marmol
1a7f7245e7 Remove cAdvisor manifest from cluster startup. 
cAdvisor is now integrated into the Kubelet and runs inside of it.
 2015-03-13 16:06:42 -07:00
Brendan Burns
966e8301a0 Add kubelet to the master. 2015-03-13 12:09:24 -07:00
Satnam Singh
e16bcceceb Merge pull request #5390 from brendandburns/shell_sucks 
Configure docker on the master like we do on workers.
 2015-03-12 11:42:03 -07:00
Brendan Burns
17ff8fb421 Configure docker on the master like we do on workers. 2015-03-12 10:37:30 -07:00
Saad Ali
7629b616a7 Merge pull request #5348 from dchen1107/docker 
Check docker unixsocket periodically through monit. If failed, restart d...
 2015-03-11 17:42:58 -07:00