kubernetes

Author	SHA1	Message	Date
Mike Danese	cc5b12cdff	gce: redirect handshake server requests to metadata-concealment too	2020-09-25 17:50:53 -07:00
Varun Marupadi	04a51cac17	Allow the lifecycle of kube-proxy to be managed independently of the startup scripts for GCE Introduces a new env variable KUBE_PROXY_DISABLE which causes the configure scripts to skip over the creation of both static pods as well as daemonset addons for kube-proxy. When false, the behavior falls back to the default today, which is to rely on the value of KUBE_PROXY_DAEMONSET to decide whether to start static pods on the nodes or an addon on the master.	2020-09-22 20:37:35 -07:00
Aldo Culquicondor	2ae4eeb3ea	Mount kubelet and container runtime rootdir on LSSD When environment variable NODE_LOCAL_SSD_EPHEMERAL=true, create a RAID 0 array on all attached SSDs to mount: - kubelet root dir - container runtime root dir - pod logs dir Those directories account for all ephemeral storage. An array is not created when there is only one SSD. Change-Id: I22137f1d83fc19e9ef58a556d7461da43e4ab9bd Signed-off-by: Aldo Culquicondor <acondor@google.com>	2020-09-14 14:32:28 -04:00
David Eads	c7911a384c	remove pod presets	2020-09-14 09:24:40 -04:00
Kubernetes Prow Robot	0627c35411	Merge pull request #93781 from kisieland/allow-to-switch-off-logrotate Disable log rotation of kubernetes and pod logs	2020-09-10 16:10:14 -07:00
Daniel Gutowski	adf7ed4241	Allow to disable logrotation of kubernetes and pod logs Make logrotate disabled by default	2020-09-03 11:21:44 +00:00
Shihang Zhang	38f040c0a8	bind metadata proxy to 0.0.0.0	2020-09-01 18:34:02 -07:00
Kubernetes Prow Robot	a9d1482710	Merge pull request #93311 from logicalhan/monitoring-role Add bootstrap policy for monitoring endpoints	2020-08-28 06:36:52 -07:00
Kubernetes Prow Robot	fd20de89d9	Merge pull request #90433 from joakimr-axis/joakimr-axis_configure-helper.sh Fix shellcheck w/e in cluster/gce/gci/configure-helper.sh	2020-08-27 19:05:47 -07:00
Han Kang	f57611970c	add bootstrap policy for monitoring roles (we enable metrics and pprof by default, but that doesn't mean we should have full cluster-admin access to use those endpoints) Change-Id: I20cf1a0c817ffe3b7fb8e5d3967f804dc063ab03 remove pprof but add read access to detailed health checks Change-Id: I96c0997be2a538aa8c689dea25026bba638d6e7d add base health check endpoints and remove the todo for flowcontrol, as there is an existing ticket Change-Id: I8a7d6debeaf91e06d8ace3cb2bd04d71ef3e68a9 drop blank line Change-Id: I691e72e9dee3cf7276c725a12207d64db88f4651	2020-07-24 09:21:55 -07:00
Jordan Liggitt	3b323b2ef0	Limit critical pods to kube-system by default	2020-07-17 09:52:19 -04:00
Joakim Roubert	0c48e0e1bb	Find what fails pull-kubernetes-e2e-gce-ubuntu-containerd Change-Id: I7919d03926880cd9c93c61a07ada645ebfe32a89 Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>	2020-06-29 09:43:37 +02:00
Joakim Roubert	b529485f65	Review update Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>	2020-06-29 08:43:58 +02:00
Joakim Roubert	605be2216b	Sync with master Add fixes for newly added code. Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>	2020-06-29 08:43:58 +02:00
Joakim Roubert	196ae34f9b	Remove previously added '' no longer needed Adapt to changes on master since the first commit here. Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>	2020-06-29 08:43:57 +02:00
Joakim Roubert	a20a005986	No quotes needed/wanted for CURL_RETRY_CONNREFUSED Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>	2020-06-29 08:43:57 +02:00
Joakim Roubert	1b9e9c6fe6	Add fix for run-kube-controller-manager-as-non-root Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>	2020-06-29 08:43:57 +02:00
Joakim Roubert	11f6d43747	Updates after review Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>	2020-06-29 08:43:57 +02:00
Joakim Roubert	4abf7da53e	Update cluster/gce/gci/configure-helper.sh Co-authored-by: Aaron Crickenberger <spiffxp@google.com>	2020-06-29 08:43:56 +02:00
Joakim Roubert	3e211386c1	Update cluster/gce/gci/configure-helper.sh Co-authored-by: Aaron Crickenberger <spiffxp@google.com>	2020-06-29 08:43:56 +02:00
Joakim Roubert	d66456fe01	Update cluster/gce/gci/configure-helper.sh Co-authored-by: Aaron Crickenberger <spiffxp@google.com>	2020-06-29 08:43:56 +02:00
Joakim Roubert	6e8504003b	Update cluster/gce/gci/configure-helper.sh Co-authored-by: Aaron Crickenberger <spiffxp@google.com>	2020-06-29 08:43:56 +02:00
Joakim Roubert	0c899b2bc2	Mitigate newly added shellcheck issues Issues not present when the original patch was created have now also been fixed. Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>	2020-06-29 08:43:56 +02:00
Joakim Roubert	826274c867	Updates after code review Add double quotes at assignments as requested by phenixblue. Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>	2020-06-29 08:43:55 +02:00
Joakim Roubert	3fb0d1c15d	Update after code review Simplified local variable declaration as suggested by phenixblue. Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>	2020-06-29 08:43:55 +02:00
Joakim Roubert	1f9704c713	Code review update Change-Id: I384a73efe995c529fb4b3636cb9639eafb90787f Signed-off-by: Joakim Roubert <joakimr@axis.com>	2020-06-29 08:43:55 +02:00
Joakim Roubert	80a8566a8c	Fix shellcheck w/e in cluster/gce/gci/configure-helper.sh Change-Id: Ic8fca2509a7cb07f4170eaf25a878036d18ba51c Signed-off-by: Joakim Roubert <joakimr@axis.com>	2020-06-29 08:43:55 +02:00
Jonathan Sun	2f7874bd4b	Install firewall logging rules to log metadata server access for unauthorized components.	2020-06-23 11:22:05 -07:00
Kubernetes Prow Robot	c6011f2d54	Merge pull request #91390 from vinayakankugoyal/nonroot Updating kube-controller-manager to run as non-root.	2020-06-21 00:56:38 -07:00
Kubernetes Prow Robot	2d1c417934	Merge pull request #92258 from SidneyShen/node-boot-nvme-disk-fix Add logic to check if local NVMe SSDs in node boot-up script	2020-06-19 11:38:14 -07:00
Kubernetes Prow Robot	4369eb3155	Merge pull request #92083 from alculquicondor/sched_config_script Support kube-scheduler component-config in GCE init scripts	2020-06-19 11:36:53 -07:00
Kubernetes Prow Robot	87e6ec493c	Merge pull request #90223 from caesarxuchao/remove-unused-var Remove unused network proxy variables and functions	2020-06-19 11:36:14 -07:00
Xinning Shen	27658f8241	Add logic to check if local NVMe SSDs in node boot-up script Current logic would assume all the NVMe disks are data disks and applicable for reformat and mount. This will cause the issue when booting disk is also NVMe disk, which will fail the node boot up. This change will check if any additional NVMe disks are required/specified and skip the reformat step otherwise.	2020-06-18 08:48:43 +00:00
Chao Xu	06d034f3c8	remove unnecessary certs generation	2020-06-16 23:47:10 -07:00
Kubernetes Prow Robot	51aac92f69	Merge pull request #91922 from Jefftree/netproxy-009 Upgrade apiserver-network-proxy to v0.0.9	2020-06-16 19:22:39 -07:00
Aldo Culquicondor	55242bf3c9	Support kube-scheduler component-config in GCE init scripts Taking precedence over some existing flags. Signed-off-by: Aldo Culquicondor <acondor@google.com>	2020-06-15 09:41:18 -04:00
Jefftree	c6b2b1fad3	Add health port to network proxy	2020-06-12 16:44:56 -07:00
Jordan Liggitt	ac5ec4aa80	Adjust admission webhook auth config for default-enabled admission plugins	2020-06-10 13:46:30 -04:00
Davanum Srinivas	1731cb30f5	Use containerd as default in kube-up.sh Signed-off-by: Davanum Srinivas <davanum@gmail.com>	2020-06-07 14:34:50 -04:00
wojtekt	ee27e5b8be	Remove all references to etcd-empty-dir-cleanup.	2020-06-05 08:41:31 +02:00
Kubernetes Prow Robot	c0455a1853	Merge pull request #91154 from liggitt/signer-duration Mark experimental-cluster-signing-duration deprecated, add --cluster-signing-duration	2020-06-04 17:59:45 -07:00
Vinayak Goyal	8daa9e6f77	Updating kube-controller-manager to run as non-root.	2020-06-02 14:07:00 -07:00
Kubernetes Prow Robot	f01d848c48	Merge pull request #91329 from dims/switch-kube-controller-manager-to-distroless-image Switch kube-controller-manager to distroless image	2020-05-22 17:23:10 -07:00
Kubernetes Prow Robot	9e06faa1fb	Merge pull request #91240 from tosi3k/bump-am-version Update kube-addon-manager to v9.1.1	2020-05-21 19:40:37 -07:00
Davanum Srinivas	b1742f19ef	Switch kube-controller-manager to distroless image Signed-off-by: Davanum Srinivas <davanum@gmail.com>	2020-05-21 22:33:54 -04:00
Kubernetes Prow Robot	52358fe010	Merge pull request #91228 from sambdavidson/iprotflags Add SNI flags usage to configure-*.sh	2020-05-20 19:41:30 -07:00
Samuel Davidson	20b37d6c5a	Add IP rotation flags and env-vars to configure-*.sh	2020-05-20 13:07:37 -07:00
Jacek Kaniuk	57caa27b8d	Do not add kube-apiserver performance flags if already set	2020-05-20 19:05:16 +02:00
Antoni Zawodny	15e491eb2f	Update kube-addon-manager to v9.1.1	2020-05-20 09:50:20 +02:00
Jordan Liggitt	950ed38996	Mark experimental-cluster-signing-duration deprecated, add --cluster-signing-duration	2020-05-15 14:09:58 -04:00

1 2 3 4 5 ...

816 Commits