github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
122,180 Commits 1 Branch 31 Tags 1,019 MiB
a2fb1b51ac
Commit Graph

40 Commits

Author SHA1 Message Date
Lukasz Szaszkiewicz
517efd6442 cluster/gce: set KUBE_WATCHLIST_INCONSISTENCY_DETECTOR when requested by a CI job 
when the KUBE_WATCHLIST_INCONSISTENCY_DETECTOR environment variable was set
then the reflector performs a data consistency check.

The consistency check is meant to be enforced only in the CI, not in production.
The check ensures that data retrieved by the watch-list api call
is exactly the same as data received by the standard list api call.

note that the new env var is set in the same places
the ENABLE_CACHE_MUTATION_DETECTOR is set.
 2023-10-26 09:41:48 +02:00
Antonio Ojea
8f6a79b29f use external cloud provider by default with gce 
This change enables the external cloud provider by default for GCE
infrastructure. It is the result of several squashed commits, these are
their commit messages:

* no longer need to enable endpoinslices controller since GA
* use external by default
* DisableKubeletCloudCredentialProviders
* temp test feature gates
 2023-08-31 15:13:29 -04:00
Antoni Zawodny
a8fb0cab49 Add a possibility of setting GODEBUG env var for kube-apiserver binary 2022-08-18 11:19:52 +02:00
Jordan Liggitt
548c339867 Clean up unused exec auth from cluster setup 2022-03-19 10:47:38 -04:00
ialidzhikov
bdbc750129 apiserver: Remove the deprecated --target-ram-mb flag 
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>
 2022-03-02 18:52:46 +02:00
Kubernetes Prow Robot
7bffb3b2ca
Merge pull request #106241 from jdnurme/cloud-provider-env-var 
Added env variable for cloud-provider
 2022-02-07 20:40:53 -08:00
JD Nurme
30fabbc0cb updated flag name 2022-01-06 19:51:17 +00:00
Kubernetes Prow Robot
b90b2d963d
Merge pull request #103078 from pacoxu/api-audiences 
kube-apiserver: use --api-audiences as --service-account-api-audiences is deprecated
 2022-01-05 12:49:47 -08:00
Jian Zeng
fe448785b5 fix: remove insecure flag from configure-kubeapiserver.sh 
Signed-off-by: Jian Zeng <anonymousknight96@gmail.com>
 2021-12-09 15:06:52 +08:00
JD Nurme
4a9703a219 Added env variable for cloud-provider 2021-11-09 00:45:34 +00:00
pacoxu
f05f30943d kube-apiserver in gce: use --api-audiences as --service-account-api-audiences is deprecated 
Signed-off-by: pacoxu <paco.xu@daocloud.io>
 2021-06-22 11:09:46 +08:00
David Eads
ae603a38bc remove -ssh-user from cluster scripts for GCE 2021-06-03 17:53:09 -04:00
Vinayak Goyal
487583bd0a Recursive chown the /etc/srv/sshproxy if kube-apiserver is running as non root. This way if a key already exists we will be able to read it. 2021-05-05 15:23:04 -07:00
Kubernetes Prow Robot
46b0ad1327
Merge pull request #101207 from vinayakankugoyal/sshproxy 
If kube-apiserver is running as non-root then set the permissions of …
 2021-04-19 17:24:33 -07:00
Vinayak Goyal
94e34da471 If kube-apiserver is running as non-root then set the permissions of /etc/srv/sshproxy accordingly. 2021-04-19 13:16:06 -07:00
Kubernetes Prow Robot
7ecd93ea1e
Merge pull request #100764 from benhxy/tls 
Use GKE specific configuration for kube-apiserver SNI cert
 2021-04-15 19:52:22 -07:00
Ben Hu
ccb742c43c Resolve comments. Remove kubeconfig changes. 2021-04-12 22:39:53 +00:00
Ben Hu
a2d094797d Use GKE specific configuration in startup scripts in GKE deployment. 2021-04-02 00:10:53 +00:00
Vinayak Goyal
4b3271a542 Fix kube-apiserver manifest. 2021-03-21 16:24:56 -07:00
Vinayak Goyal
c63ff05e6d Run kube-apiserver as non-root. 2021-02-22 20:48:16 -08:00
Ben Hu
624b214481 Configure --tls-cipher-suites on kube-apiserver. 2021-01-06 00:31:39 +00:00
Jordan Liggitt
8820dc4522 Revert "iAdd host IP to etcd listen client URLs." 
This reverts commit 8b4e164a78.
 2020-12-08 11:37:13 -05:00
Ben Hu
8416c5cc51 Use host IP instead of 127.0.0.1 for kube-apiserver healthcheck. 2020-10-27 16:25:27 +00:00
Jefftree
0e5d057755 Rename flags 2020-10-22 08:43:28 -07:00
Jefftree
ed52ad3f25 Add SETUP_KONNECTIVITY_SERVICE flag 2020-10-22 08:43:28 -07:00
Jefftree
7820b05467 Separate network proxy flag for apiserver egress and starting pods 2020-10-22 08:43:27 -07:00
Ben Hu
8b4e164a78 iAdd host IP to etcd listen client URLs. 
Allow kube-apiserver to use host IP to connect to etcd.
Update etcd/migrate to allow additional client listening URLs.
 2020-10-20 16:43:52 +00:00
Joseph Anttila Hall
2f318bdd57 API server: fix default_konnectivity_socket_path typo. 
Make it consistent with configure-helper.sh
 2020-10-08 13:19:05 -07:00
Jordan Liggitt
a36aa9c31e Stop enabling alpha runtimeclass API 2020-06-25 20:29:11 -04:00
Samuel Davidson
31ae200ebf fix for missing kube-env var in SNI config 2020-06-22 13:33:42 -07:00
Samuel Davidson
3958ecb5c7 Fix to configure-kubeapiserver.sh error. 
It no no longer errors and exits if
env-var OLD_LOAD_BALANCER_IP is undefined.
 2020-06-15 11:42:05 -07:00
Kubernetes Prow Robot
52358fe010
Merge pull request #91228 from sambdavidson/iprotflags 
Add SNI flags usage to configure-*.sh
 2020-05-20 19:41:30 -07:00
Samuel Davidson
20b37d6c5a Add IP rotation flags and env-vars to configure-*.sh 2020-05-20 13:07:37 -07:00
Jacek Kaniuk
57caa27b8d Do not add kube-apiserver performance flags if already set 2020-05-20 19:05:16 +02:00
Yuwen Ma
1aa67fc525
Switch core master base images from debian to distroless 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-05-09 06:55:00 -04:00
Samuel Davidson
c70cd1e82f Changed readonly to true and type to File for authn/authz config. 2020-03-25 17:45:27 -07:00
Monis Khan
df292749c9
Remove support for basic authentication 
This change removes support for basic authn in v1.19 via the
--basic-auth-file flag.  This functionality was deprecated in v1.16
in response to ATR-K8S-002: Non-constant time password comparison.

Similar functionality is available via the --token-auth-file flag
for development purposes.

Signed-off-by: Monis Khan <mok@vmware.com>
 2020-03-11 20:55:47 -04:00
Jefftree
725d2b6a8f Network Proxy: GRPC + HTTP Connect with UDS 2020-02-20 10:19:37 -08:00
immutablet
f7bd5455fe Isolate configuration of etcd related parameters into a separate function. 2019-11-04 13:55:31 -08:00
immutablet
b6b55519ca Isolate the logic related to the configuration of kube-apiserver into a separate script. 2019-10-11 11:34:09 -07:00