github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
96,061 Commits 1 Branch 31 Tags 1,019 MiB
acb43c7c4a
Commit Graph

838 Commits

Author SHA1 Message Date
Mike Danese
7fc57a207e gce: move iptables rule to mangle 
This avoids a conflict with rules that calico installs. Also, acquire
the lock everywhere.
 2020-11-18 11:28:03 -08:00
wojtekt
eb63da77ea Allow for configuring etcd progress notify interval on GCE 2020-10-29 15:43:51 +01:00
Kubernetes Prow Robot
3523555aab
Merge pull request #95771 from vinayakankugoyal/fluentbit 
Grant group KUBE_POD_LOG_READERS_GROUP access to read pod logs on gke…
 2020-10-27 10:36:48 -07:00
Kubernetes Prow Robot
557885d5d7
Merge pull request #91788 from rahulkjoshi/detect-local-mode 
Add option to specify detect-local-mode during cluster configuration
 2020-10-26 10:25:02 -07:00
Kubernetes Prow Robot
5935fcd704
Merge pull request #95766 from towca/jtuznik/ca-params-fix 
Properly quote flags passed to Cluster Autoscaler
 2020-10-23 20:47:00 -07:00
Kubernetes Prow Robot
1f756e4a37
Merge pull request #92669 from Jefftree/netproxy-configure-helper 
Separate network proxy flag for apiserver egress and starting pods
 2020-10-23 16:47:00 -07:00
Vinayak Goyal
83c1ce0225 Grant group KUBE_POD_LOG_READERS_GROUP access to read pod logs on gke control-plane. 2020-10-23 12:14:26 -07:00
Rahul Joshi
889446810c Add configuration options to specify --detect-local-mode on kube-proxy. 2020-10-23 12:12:59 -07:00
Kubernetes Prow Robot
e850fa6a6c
Merge pull request #95209 from benhxy/gke/kubeconfig 
Use host IP instead of localhost for GKE control plane kubeconfig
 2020-10-22 22:15:49 -07:00
Jefftree
0e5d057755 Rename flags 2020-10-22 08:43:28 -07:00
Jefftree
ed52ad3f25 Add SETUP_KONNECTIVITY_SERVICE flag 2020-10-22 08:43:28 -07:00
Jefftree
7820b05467 Separate network proxy flag for apiserver egress and starting pods 2020-10-22 08:43:27 -07:00
Jakub Tużnik
236ade027b Properly quote flags passed to Cluster Autoscaler 
In the current implementation, the flags are not put between quotes,
and so the Cluster Autoscaler manifest doesn't parse as valid JSON.
 2020-10-22 15:10:39 +02:00
Daniel Gutowski
6c8b1ab266 Fix default values for logrotate in /var/log/ 2020-10-21 09:18:32 +00:00
Ben Hu
49afcfa5f2 Use host IP instead of localhost for control plane component kubeconfig files. 
This is a part of work to allow control plane components to be moved off hostNetwork.
 2020-10-20 22:47:33 +00:00
Ben Hu
8b4e164a78 iAdd host IP to etcd listen client URLs. 
Allow kube-apiserver to use host IP to connect to etcd.
Update etcd/migrate to allow additional client listening URLs.
 2020-10-20 16:43:52 +00:00
jayunit100
aefe930562 support multiple bind records (fie nodelocaldns test regression), by 
first replacing PILLAR_ and then replacing other vars.
 2020-10-16 14:28:55 -04:00
Kubernetes Prow Robot
c1e5e6a556
Merge pull request #93836 from jayunit100/salt_cleanup_92835 
remove __pillar__ refs
 2020-10-11 17:58:47 -07:00
Kubernetes Prow Robot
33fd5552bb
Merge pull request #95418 from vinayakankugoyal/pki 
Update write-pki-data to give read permissions to KUBE_PKI_READERS_GR…
 2020-10-09 18:08:47 -07:00
Hippie Hacker
b1e3a2ac7a Clarify that we don't audit events due to performance impact 2020-10-09 13:30:20 +13:00
Vinayak Goyal
7cbe8070bc Update write-pki-data to give read permissions to KUBE_PKI_READERS_GROUP, for components running as non-root to be able to read the credentials. 2020-10-08 16:25:43 -07:00
Mike Danese
cc5b12cdff gce: redirect handshake server requests to metadata-concealment too 2020-09-25 17:50:53 -07:00
Varun Marupadi
04a51cac17 Allow the lifecycle of kube-proxy to be managed independently of the startup scripts for GCE 
Introduces a new env variable KUBE_PROXY_DISABLE which causes the configure scripts to skip over
the creation of both static pods as well as daemonset addons for kube-proxy.
When false, the behavior falls back to the default today, which is to rely on the value of
KUBE_PROXY_DAEMONSET to decide whether to start static pods on the nodes or an addon on the
master.
 2020-09-22 20:37:35 -07:00
Aldo Culquicondor
2ae4eeb3ea Mount kubelet and container runtime rootdir on LSSD 
When environment variable NODE_LOCAL_SSD_EPHEMERAL=true,
create a RAID 0 array on all attached SSDs to mount:

- kubelet root dir
- container runtime root dir
- pod logs dir

Those directories account for all ephemeral storage.
An array is not created when there is only one SSD.

Change-Id: I22137f1d83fc19e9ef58a556d7461da43e4ab9bd
Signed-off-by: Aldo Culquicondor <acondor@google.com>
 2020-09-14 14:32:28 -04:00
David Eads
c7911a384c remove pod presets 2020-09-14 09:24:40 -04:00
Kubernetes Prow Robot
0627c35411
Merge pull request #93781 from kisieland/allow-to-switch-off-logrotate 
Disable log rotation of kubernetes and pod logs
 2020-09-10 16:10:14 -07:00
Daniel Gutowski
adf7ed4241 Allow to disable logrotation of kubernetes and pod logs 
Make logrotate disabled by default
 2020-09-03 11:21:44 +00:00
Shihang Zhang
38f040c0a8 bind metadata proxy to 0.0.0.0 2020-09-01 18:34:02 -07:00
jay vyas
1693c111be Getting rid of the Salt DNS replacements, addded / back. 2020-08-30 09:11:27 +00:00
Kubernetes Prow Robot
a9d1482710
Merge pull request #93311 from logicalhan/monitoring-role 
Add bootstrap policy for monitoring endpoints
 2020-08-28 06:36:52 -07:00
Kubernetes Prow Robot
fd20de89d9
Merge pull request #90433 from joakimr-axis/joakimr-axis_configure-helper.sh 
Fix shellcheck w/e in cluster/gce/gci/configure-helper.sh
 2020-08-27 19:05:47 -07:00
Han Kang
f57611970c add bootstrap policy for monitoring roles 
(we enable metrics and pprof by default, but that doesn't mean
 we should have full cluster-admin access to use those endpoints)

Change-Id: I20cf1a0c817ffe3b7fb8e5d3967f804dc063ab03

remove pprof but add read access to detailed health checks

Change-Id: I96c0997be2a538aa8c689dea25026bba638d6e7d

add base health check endpoints and remove the todo for flowcontrol, as there is an existing ticket

Change-Id: I8a7d6debeaf91e06d8ace3cb2bd04d71ef3e68a9

drop blank line

Change-Id: I691e72e9dee3cf7276c725a12207d64db88f4651
 2020-07-24 09:21:55 -07:00
Jordan Liggitt
3b323b2ef0 Limit critical pods to kube-system by default 2020-07-17 09:52:19 -04:00
Joakim Roubert
0c48e0e1bb Find what fails pull-kubernetes-e2e-gce-ubuntu-containerd 
Change-Id: I7919d03926880cd9c93c61a07ada645ebfe32a89
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
 2020-06-29 09:43:37 +02:00
Joakim Roubert
b529485f65 Review update 
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
 2020-06-29 08:43:58 +02:00
Joakim Roubert
605be2216b Sync with master 
Add fixes for newly added code.

Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
 2020-06-29 08:43:58 +02:00
Joakim Roubert
196ae34f9b Remove previously added '' no longer needed 
Adapt to changes on master since the first commit here.

Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
 2020-06-29 08:43:57 +02:00
Joakim Roubert
a20a005986 No quotes needed/wanted for CURL_RETRY_CONNREFUSED 
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
 2020-06-29 08:43:57 +02:00
Joakim Roubert
1b9e9c6fe6 Add fix for run-kube-controller-manager-as-non-root 
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
 2020-06-29 08:43:57 +02:00
Joakim Roubert
11f6d43747 Updates after review 
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
 2020-06-29 08:43:57 +02:00
Joakim Roubert
4abf7da53e Update cluster/gce/gci/configure-helper.sh 
Co-authored-by: Aaron Crickenberger <spiffxp@google.com>
 2020-06-29 08:43:56 +02:00
Joakim Roubert
3e211386c1 Update cluster/gce/gci/configure-helper.sh 
Co-authored-by: Aaron Crickenberger <spiffxp@google.com>
 2020-06-29 08:43:56 +02:00
Joakim Roubert
d66456fe01 Update cluster/gce/gci/configure-helper.sh 
Co-authored-by: Aaron Crickenberger <spiffxp@google.com>
 2020-06-29 08:43:56 +02:00
Joakim Roubert
6e8504003b Update cluster/gce/gci/configure-helper.sh 
Co-authored-by: Aaron Crickenberger <spiffxp@google.com>
 2020-06-29 08:43:56 +02:00
Joakim Roubert
0c899b2bc2 Mitigate newly added shellcheck issues 
Issues not present when the original patch was created have now also
been fixed.

Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
 2020-06-29 08:43:56 +02:00
Joakim Roubert
826274c867 Updates after code review 
Add double quotes at assignments as requested by phenixblue.

Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
 2020-06-29 08:43:55 +02:00
Joakim Roubert
3fb0d1c15d Update after code review 
Simplified local variable declaration as suggested by phenixblue.

Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
 2020-06-29 08:43:55 +02:00
Joakim Roubert
1f9704c713 Code review update 
Change-Id: I384a73efe995c529fb4b3636cb9639eafb90787f
Signed-off-by: Joakim Roubert <joakimr@axis.com>
 2020-06-29 08:43:55 +02:00
Joakim Roubert
80a8566a8c Fix shellcheck w/e in cluster/gce/gci/configure-helper.sh 
Change-Id: Ic8fca2509a7cb07f4170eaf25a878036d18ba51c
Signed-off-by: Joakim Roubert <joakimr@axis.com>
 2020-06-29 08:43:55 +02:00
Jonathan Sun
2f7874bd4b Install firewall logging rules to log metadata server access for unauthorized components. 2020-06-23 11:22:05 -07:00