github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
11,029 Commits 1 Branch 31 Tags
985375e82b80f82426eefafe7d5da99309080e7a
Commit Graph

359 Commits

Author SHA1 Message Date
Dawn Chen
309a157665 Merge pull request #7984 from cjcullen/kubelet 
Kubelet configure cbr0 instead of configure-vm.sh
 2015-05-13 17:32:52 -07:00
Yu-Ju Hong
ad83197c63 Merge pull request #8187 from satnam6502/nosecret 
Remove the use of secrets from node level logging agents
 2015-05-13 11:12:08 -07:00
Jeff Lowdermilk
f8ebc4e21e Merge pull request #8104 from roberthbailey/kubelet-using-kubeconfig 
Replace the auth config file with a kubeconfig file when starting the kubelet on GCE.
 2015-05-13 11:09:27 -07:00
Dawn Chen
e32daf4229 Monit watch kubelet and kube-proxy on master node too. 2015-05-13 10:36:00 -07:00
Satnam Singh
53ec5e38c7 Remove the use of secrets from node level logging agents 2015-05-13 10:11:07 -07:00
Robert Bailey
c47b9178b4 Replace the auth config file with a kubeconfig file when 
starting the kubelet on GCE.
 2015-05-13 01:03:28 -07:00
CJ Cullen
31ea7d1295 Put cbr0-modifying stuff behind a flag. Address some other comments. 2015-05-12 23:00:28 -07:00
Alex Robinson
a98d883134 Merge pull request #8121 from satnam6502/fluentd-gcp 
Convert node level logging to Cloud Logging to use token-system-logging
 2015-05-12 14:26:46 -07:00
Alex Robinson
96cb4360fa Merge pull request #8120 from satnam6502/fluentd-es 
Convert nodel level logging to ES to use token-system-logging
 2015-05-12 14:26:28 -07:00
Nikhil Jindal
d75bd8bf2a Merge pull request #7101 from liggitt/service_account 
ServiceAccounts
 2015-05-12 10:23:41 -07:00
Satnam Singh
ade18e4ff3 Conver node level logging to Cloud Logging to use token-system-logging 2015-05-12 10:17:45 -07:00
Satnam Singh
f9af0658fa Convert nodel level logging to ES to use token-system-logging 2015-05-12 10:07:49 -07:00
Alex Robinson
e2b7ef8d2c Merge pull request #8078 from satnam6502/fluentd-gcp 
Convert Fluentd to Cloud Logging pod specs to YAML
 2015-05-11 16:55:14 -07:00
Satnam Singh
e246685468 Convert Fluentd to Cloud Logging pod specs to YAML 2015-05-11 14:55:46 -07:00
Satnam Singh
2f5ba28a17 Switch Fluentd to ES manifest back to YAML 2015-05-11 14:37:41 -07:00
Jordan Liggitt
db1f0dc906 JWT token generation/verification 2015-05-11 17:18:06 -04:00
Robert Bailey
6c42cb154b Stop copying certs into /usr/share/nginx/ since nothing relies 
on that location any longer.
 2015-05-11 11:44:19 -07:00
Wojciech Tyczynski
600b00f2b1 Merge pull request #7863 from fgrzadkowski/etcd_maxprocs 
Set GOMAXPROCS for etcd
 2015-05-07 10:09:29 +02:00
Filip Grzadkowski
7e8bde53dd Set GOMAXPROCS for etcd 2015-05-07 08:11:39 +02:00
CJ Cullen
f0c26052eb Fix controller-manager manifest for providers that don't specify CLUSTER_IP_RANGE 2015-05-06 17:50:04 -07:00
Maxwell Forbes
7426b533df Merge pull request #7862 from cjcullen/cbr0 
Remove restriction that cluster-cidr be a class-b
 2015-05-06 15:46:57 -07:00
saadali
4569de7a46 Enable Google Cloud Monitoring and Google Cloud Logging instead of 
Influxdb for Google Compute Engine deployments.
 2015-05-06 15:23:40 -07:00
CJ Cullen
fbd125e4e2 Remove restriction that cluster-cidr be a class-b 2015-05-06 15:01:13 -07:00
Mark Lamourine
b7c1b7eed2 Added port 6443 to kube-proxy default IP address for api-server 
added  api_servers_with_port variable and settings.

removed extra port string

split azure api_server host and port out
 2015-05-06 12:43:24 +00:00
Robert Bailey
357df12c02 Set allocate_node_cidrs to be blank by default. 2015-05-05 23:41:30 -07:00
Jerzy Szczepkowski
e967ffd522 Added flag to set cluster class B network address for pods, add flag to disable allocation CIDRs for Pods. Fixed synchornization bug in NodeController registerNodes(). 2015-05-05 16:10:43 -07:00
Jeff Lowdermilk
87cdc3f032 Merge pull request #7672 from eparis/boilerplate-python 
Check license boilerplate for python files
 2015-05-05 09:23:36 -07:00
Zach Loafman
2b3e52c230 Use built-in ContainerVM Docker version rather than installing lxc-docker 2015-05-04 16:33:00 -07:00
Eric Paris
f416289a85 update all python with boilerplate 2015-05-04 18:37:47 -04:00
Robert Bailey
e3ff2dc02d Merge pull request #7678 from justinsb/aws_api_on_443 
AWS: Change apiserver to listen on 443 directly, not through nginx
 2015-05-04 13:52:57 -07:00
Daniel Smith
fbe3ec7513 Merge pull request #7316 from ArtfulCoder/master_components_logs 
logs for master components
 2015-05-04 11:20:03 -07:00
Justin Santa Barbara
57f7b658bb AWS: Change apiserver to listen on 443 directly, not through nginx 
Mirrors changes in GCE.  I think the same changes will be needed for vagrant.
 2015-05-02 16:59:04 -04:00
Eric Paris
6b3a6e6b98 Make copyright ownership statement generic 
Instead of saying "Google Inc." (which is not always correct) say "The
Kubernetes Authors", which is generic.
 2015-05-01 17:49:56 -04:00
Satnam Singh
941a457851 Trim Fleuntd tag for Cloud Logging 2015-04-30 13:39:35 -07:00
Satnam Singh
e65f0aafd5 Trim cluster log tags to pod name and container name 2015-04-29 18:24:13 -07:00
Abhishek Shah
96439b5a52 logs for master components 2015-04-29 09:51:09 -07:00
Robert Bailey
8206aa9eac Salt configuration to add basic auth to GCE. 2015-04-28 14:07:54 -07:00
Satnam Singh
4a0cc7905d Convert node level logging agents to v1beta3 2015-04-27 17:21:42 -07:00
CJ Cullen
39c5bf363b Merge pull request #7303 from erictune/kube_env3 
kube-proxy uses token to access port 443 of apiserver
 2015-04-27 14:33:53 -07:00
derekwaynecarr
81e9395533 Fix vagrant regression due to #7326 2015-04-27 17:18:30 -04:00
Eric Tune
9044177bb6 Generate a token for kube-proxy. 
Tested on GCE.
Includes untested modifications for AWS and Vagrant.
No changes for any other distros.
Probably will work on other up-to-date providers
but beware.  Symptom would be that service proxying
stops working.

 1. Generates a token kube-proxy in AWS, GCE, and Vagrant setup scripts.
 1. Distributes the token via salt-overlay, and salt to /var/lib/kube-proxy/kubeconfig
 1. Changes kube-proxy args:
   - use the --kubeconfig argument
   - changes --master argument from http://MASTER:7080 to https://MASTER
     - http -> https
     - explicit port 7080 -> implied 443

Possible ways this might break other distros:

Mitigation: there is an default empty kubeconfig file.
If the distro does not populate the salt-overlay, then
it should get the empty, which parses to an empty
object, which, combined with the --master argument,
should still work.

Mitigation:
  - azure: Special case to use 7080 in
  - rackspace: way out of date, so don't care.
  - vsphere: way out of date, so don't care.
  - other distros: not using salt.
 2015-04-27 08:59:57 -07:00
Robert Bailey
846ffcff83 Pass the CA root cert into the apiserver so that the apiserver will 
perform client cert checks for authorization. Only enable on GCE where
the apiserver is terminating SSL connections from end users.
 2015-04-24 22:01:56 -07:00
Nikhil Jindal
84cb48be11 Merge pull request #7246 from satnam6502/es 
Convert Elasticsearch logging to v1beta3 and de-salt
 2015-04-24 09:21:41 -07:00
CJ Cullen
80af1c9e40 kube2sky using kubeconfig secret: take 2. Point system secrets at https://kubernetes. Override in clients that can't use DNS. 2015-04-23 18:13:16 -07:00
Satnam Singh
c9b9e7651e Convert Elasticsearch logging to v1beta and de-salt 2015-04-23 13:06:15 -07:00
Dawn Chen
f9156c281a Merge pull request #7123 from satnam6502/logging 
Propagate pod and container name for log files
 2015-04-23 10:13:08 -07:00
Satnam Singh
2444c1f943 Propagate pod and container name for log files 2015-04-22 15:08:51 -07:00
Dawn Chen
87e0d5da08 Merge pull request #7186 from ArtfulCoder/no_log_pod_on_master 
removed elasticsearch and fluentd-gcp pods from master
 2015-04-22 14:40:07 -07:00
Abhishek Shah
8cf11fd608 removed elasticsearch and fluentd-gcp pods from master 2015-04-22 12:54:57 -07:00
Robert Bailey
dc45f7f9e6 Remove nginx and replace basic auth with bearer token auth for GCE. 
- Configure the apiserver to listen securely on 443 instead of 6443.
 - Configure the kubelet to connect to 443 instead of 6443.
 - Update documentation to refer to bearer tokens instead of basic auth.
 2015-04-22 11:11:20 -07:00