github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
15,206 Commits 1 Branch 31 Tags 1,019 MiB
7cc1855c27
Commit Graph

260 Commits

Author SHA1 Message Date
Wojciech Tyczynski
9d943df397 Private EtcdHelper 2015-07-27 09:20:13 +02:00
Tim Hockin
1c3233a1d4 Remove v1beta3 2015-07-23 17:21:27 -07:00
Vish Kannan
136d53466a Merge pull request #10892 from nikhiljindal/beta1 
Removing references to pre v1beta3 apis in code
 2015-07-23 17:05:43 -07:00
Wojciech Tyczynski
ee92aa3897 Prepare for extracting EtcdHelper interface 2015-07-23 09:37:39 +02:00
Brendan Burns
25d3834b74 Add monitoring and healthz based on tunnel health. 2015-07-14 14:37:38 -07:00
nikhiljindal
c465a50891 Stop exposing v1beta3 by default 2015-07-08 15:27:41 -07:00
nikhiljindal
fc4da6844e removing references to pre v1beta3 apis 2015-07-08 13:51:43 -07:00
Eric Paris
7a29af4d2c Add Subject Alt Names to self signed apiserver certs 
A cert from GCE shows:
- IP Address:23.236.49.122
- IP Address:10.0.0.1
- DNS:kubernetes,
- DNS:kubernetes.default
- DNS:kubernetes.default.svc
- DNS:kubernetes.default.svc.cluster.local
- DNS:e2e-test-zml-master

A similarly configured self signed cert shows:
- IP Address:23.236.49.122
- IP Address:10.0.0.1
- DNS:kubernetes
- DNS:kubernetes.default
- DNS:kubernetes.default.svc

So we are missing the fqdn kubernetes.default.svc.cluster.local. The
apiserver does not even know the fqdn! it's defined entirely by the
kubelet! We also do not have the cluster name certificate. This may be
--cluster-name= argument to the apiserver but will take a bit more
research.
 2015-07-01 17:05:17 -04:00
CJ Cullen
ea2d617944 Don't hold lock while opening new sshTunnels. 2015-06-29 16:16:25 -07:00
Brendan Burns
f4e97be78e Switch to using the official etcd health check. 2015-06-24 10:18:39 -07:00
Wojciech Tyczynski
23d405ad86 Expose /resetMetrics handle in apiserver 2015-06-23 11:12:45 +02:00
Satnam Singh
d8e5225144 Merge pull request #10069 from lavalamp/sshLockingFix 
fix locking around ssh tunnels
 2015-06-18 17:50:06 -07:00
Daniel Smith
4126622388 fix locking around ssh tunnels 2015-06-18 16:52:10 -07:00
Satnam Singh
28197e07d6 Merge pull request #9841 from smarterclayton/fix_apiserver_abstractions 
Cleaning up apiserver method signatures
 2015-06-18 15:36:52 -07:00
Clayton Coleman
debd42a07d Cleaning up apiserver method signatures 
A lot of the changes in apiserver could have been represented more
cleanly - this returns the signatures to their older behavior (and
unbreaks OpenShift).
 2015-06-18 15:13:41 -04:00
Satnam Singh
798739f013 Merge pull request #10006 from brendandburns/ssh 
Truncate SSH usernames to 32 chars.
 2015-06-18 11:44:26 -07:00
Brendan Burns
075c075b9e Truncate SSH usernames to 32 chars. 2015-06-17 23:10:32 -07:00
CJ Cullen
15596ede41 Make AddSSHKeys a controller loop. Make sure master's always initializes m.tunnels. 2015-06-17 17:46:27 -07:00
CJ Cullen
48f672af92 Change SSHTunnelList to struct to make Open() semantics better. 2015-06-16 10:36:38 -07:00
CJ Cullen
66fb8ccb02 Add ssh tunnel-open metrics 2015-06-15 17:28:54 -07:00
CJ Cullen
faa9313eea Fix several potential crashes in sshtunnel open/close code. 2015-06-15 14:38:37 -07:00
Justin Santa Barbara
6f3879e3bb Actually pass down ServiceNodePortRange so it is used 
Also fix default range to match what we've documented (off-by-one)

Fix #9318
 2015-06-08 18:03:42 -04:00
CJ Cullen
9ab329827a Change sshproxy to poll registry for nodes every 10 seconds (reduces window where closed tunnels from scaling down may exist). 2015-06-05 15:24:17 -07:00
CJ Cullen
cb317604ab Some refactoring. Only selectively use ssh proxy. 
Add NetworkName to gce.Config.
Add locking to uses of master.tunnels.
 2015-06-05 14:55:16 -07:00
CJ Cullen
1ae8801387 Fix transport creation logic. 
Refactor loadTunnels to allow one path for load, another for refresh.
Make SSHTunnelList.Close sleep for a minute before actually closing each tunnel.
 2015-06-05 14:55:16 -07:00
Brendan Burns
7ea533d871 Add the SSHTunnel transport to the kubelet client. 2015-06-05 14:55:15 -07:00
CJ Cullen
de9a5f43bc Specify sshUser, sshKeyfile in kube-apiserver manifest. 
Trim space on ssh key so GCE doesn't treat it as 2 lines.
A couple other minor fixes.
 2015-06-05 14:55:15 -07:00
Brendan Burns
5115fd5703 Add key generation. 2015-06-05 14:55:15 -07:00
Brendan Burns
30a89968a4 Initial proxy tunnelling. 2015-06-05 14:54:20 -07:00
Quinton Hoole
521446503a Merge pull request #9269 from caesarxuchao/make-v1-enabled-by-default 
Make v1 enabled by default
 2015-06-04 13:29:48 -07:00
Chao Xu
ef61b031f5 make v1 enabled by default 2015-06-04 11:37:44 -07:00
Chao Xu
c2e21fe5d7 use c.EtcdHelper in master.go 2015-06-04 09:39:05 -07:00
Daniel Smith
1690617ee6 remove ro service 2015-06-03 16:45:54 -07:00
Prashanth Balasubramanian
0162529ea5 Default minRequestTimeout to 1800s 2015-06-03 08:47:45 -07:00
Prashanth Balasubramanian
448867073d Pipe minRequestTimeout as an arg to the apiserver 2015-06-03 08:44:14 -07:00
CJ Cullen
934c553c04 Clarify description/usage of --advertise-address, Master.PublicAddress 2015-06-02 15:23:32 -07:00
CJ Cullen
085a48a70e Add an advertise-address flag. This allows the address that the apiserver binds 
to (possibly 0.0.0.0) to be different than the address on which members of the cluster
can reach the apiserver (possibly not a local interface).
 2015-06-02 14:33:15 -07:00
Kris
f4e2c738f6 Delete deprecated API versions 
pkg/service:

There were a couple of references here just as a reminder to change the
behavior of findPort. As of v1beta3, TargetPort was always defaulted, so
we could remove findDefaultPort and related tests.

pkg/apiserver:

The tests were using versioned API codecs for some of their encoding
tests. Necessary API types had to be written and registered with the
fake versioned codecs.

pkg/kubectl:

Some tests were converted to current versions where it made sense.
 2015-05-29 17:17:35 -07:00
Tim Hockin
4318ca5a8b Rename 'portal IP' to 'cluster IP' most everywhere 
This covers obvious transforms, but not --portal_net, $PORTAL_NET and
similar.
 2015-05-28 16:10:44 -07:00
CJ Cullen
36d54b2094 Remove /Validate endpoint 2015-05-26 10:49:18 -07:00
Justin Santa Barbara
9255770068 Fix a few occurences of old language (e.g. visibility -> ServiceType) 2015-05-22 19:14:28 -04:00
Justin Santa Barbara
3bb2fe2425 Create port allocator, based on IP allocator mechanism 
Including some refactoring of IP allocator
 2015-05-22 19:14:28 -04:00
nikhiljindal
fa9f864782 Adding a script to update etcd objects 2015-05-15 16:20:35 -07:00
Nikhil Jindal
d75bd8bf2a Merge pull request #7101 from liggitt/service_account 
ServiceAccounts
 2015-05-12 10:23:41 -07:00
Derek Carr
c1158fa696 Merge pull request #7969 from smarterclayton/rest_fixes 
Fixes to apiserver for subresources and naming
 2015-05-12 10:57:34 -04:00
Nikhil Jindal
3d31883829 Merge pull request #8083 from brendandburns/kubectl 
Add a flag to disable legacy APIs
 2015-05-11 17:35:28 -07:00
Clayton Coleman
0617951ead Public read only port is incorrect in master 2015-05-11 19:20:38 -04:00
Brendan Burns
d8f48290e9 Add a flag to disable legacy APIs 2015-05-11 16:09:25 -07:00
Jordan Liggitt
53d55f4192 Add ServiceAccount API type, client 2015-05-11 17:18:05 -04:00
Clayton Coleman
84d1f19016 Subresources should be in their parent rest scope 
A subresource like "Binding" does not necessarily have
to have a namespace.  The RESTScope of a subresource
should always be its parent resource.
 2015-05-11 15:51:05 -04:00