github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
96,061 Commits 1 Branch 31 Tags 1,019 MiB
acb43c7c4a
Commit Graph

1142 Commits

Author SHA1 Message Date
Mark Wolters
ba74c1cfb4 Switch flexvolume_node_setup.sh from kubelet RO port to healthz port 2020-02-13 09:58:51 -08:00
Kubernetes Prow Robot
78a02a223d
Merge pull request #88010 from dims/support-for-adding-test-handler-for-containerd 
Support for adding test-handler for containerd
 2020-02-11 23:15:58 -08:00
Kubernetes Prow Robot
04cfa4981a
Merge pull request #87463 from mwwolters/healthmon2healthz 
Migrate health monitor from read only port to healthz port
 2020-02-11 17:06:08 -08:00
Davanum Srinivas
8f764b113e
Support for adding test-handler for containerd 2020-02-10 20:43:40 -05:00
Davanum Srinivas
da024f9a57
Ability to override versions of containerd/runc 2020-02-08 20:20:15 -05:00
Davanum Srinivas
acd286d95d
Install containerd package depending on CONTAINER_RUNTIME 2020-02-08 17:53:37 -05:00
Davanum Srinivas
c4ef6a94b3
Add gid to config.toml only when docker group is present 
If we don't install docker and install just containerd apt packages,
there is no docker group. In this scenario, we should not add the gid to
config.toml
 2020-02-08 17:53:37 -05:00
Davanum Srinivas
2c93aa6ec3
Ensure kubectl is available in PATH by explicitly exporting the script 2020-02-07 09:05:07 -05:00
Davanum Srinivas
f20e17e9dd
python snippets should work on both old and new python versions 2020-02-05 11:22:56 -05:00
Davanum Srinivas
dc3f31569e
Ensure specified container runtimes are present 2020-02-03 13:40:57 -05:00
Stephen Augustus
1174e6698e cni: Update CNI version to v0.8.5 
Signed-off-by: Stephen Augustus <saugustus@vmware.com>
 2020-01-29 04:41:29 -05:00
Stephen Augustus
96f2588b61 cni: Update CNI download URLs to use new GCS bucket (k8s-artifacts-cni) 
Signed-off-by: Stephen Augustus <saugustus@vmware.com>
 2020-01-29 02:32:22 -05:00
Kubernetes Prow Robot
324b5921c1
Merge pull request #87529 from cheftako/master 
Added relevent approvers and reviewers for gci.
 2020-01-25 11:49:02 -08:00
Kubernetes Prow Robot
15f96a807a
Merge pull request #86305 from saschagrunert/cri-tools 
Update cri-tools to v1.17.0
 2020-01-24 12:18:32 -08:00
Walter Fender
b2f3236771 Added relevent approvers and reviewers for gci. 
Adding new approver and reviewers for the gci scripts.
 2020-01-24 09:29:35 -08:00
Kubernetes Prow Robot
90da466221
Merge pull request #87504 from cheftako/master 
Fix issue with GCE scripts assuming Python2.
 2020-01-24 03:03:19 -08:00
Walter Fender
1dd53fd3ba Fix issue with GCE scripts assuming Python2. 
For bug #87482.
Newer OSs are now defaulting to Python3.
This breaks the kube-up scripts for GCE.
Adding code to detect this and explicitly use Python2.
 2020-01-23 15:05:04 -08:00
Koonwah Chen
cfd61e801b Add env var(CNI_TAR_PREFIX) for cni install. 
cni release has changed the prefix, add a var to make this configurable.
 2020-01-22 15:14:31 -08:00
Mark Wolters
aee028dab8 Migrate health monitor from read only port to healthz port 2020-01-22 10:52:08 -08:00
Kubernetes Prow Robot
34e090187c
Merge pull request #87032 from awly/preload-gke-exec-plugin 
Allow a preloaded gke-exec-auth-plugin
 2020-01-16 13:14:52 -08:00
Janek Łukaszewicz
a9e5fd6623 Revert "Revert "Add an option to specify kubelet flags for heapster node."" 
This reverts commit 00ea8c4f9e.
 2020-01-14 12:53:25 +01:00
Sascha Grunert
7e5e7c141c
Update cri-tools to v1.17.0 
Update the crictl binaries to the latest release

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
 2020-01-14 08:36:20 +01:00
Andrew Lytvynov
71966adfc3 Allow a preloaded gke-exec-auth-plugin 2020-01-09 10:37:43 -08:00
Kubernetes Prow Robot
127c47caf4
Merge pull request #85512 from serathius/remove-cluster-monitoring 
Remove cluster-monitoring
 2019-12-17 21:05:57 -08:00
Kubernetes Prow Robot
4a62b3ac6d
Merge pull request #86329 from mml/core_pattern 
Set core_pattern to an absolute path.
 2019-12-17 19:48:11 -08:00
Matt Liggett
ec24d3c7e8 Set core_pattern to an absolute path. 
Change-Id: I71e848783c05dc75b2232e05dd2ed3aa9a983e23
 2019-12-11 15:05:48 -08:00
Nikolaos Moraitis
00ea8c4f9e
Revert "Add an option to specify kubelet flags for heapster node." 2019-12-11 11:19:13 +01:00
Marek Siarkowicz
31fb04fa98 Remove cluster-monitoring 
Heapster is deprecated and no longer supported
 2019-12-09 11:25:20 +01:00
Janek Łukaszewicz
39cb8222c7 Add an option to specify kubelet flags for heapster node. 
Useful in scalability tests, where we don't want test pods (e.g. Kubemark hollow
nodes) to be scheduled on heapster node.
 2019-12-06 12:44:26 +01:00
Kubernetes Prow Robot
95a3cd54cf
Merge pull request #82720 from hwdef/add-err-handling-in-gce-gci 
add err handling in gce/gci
 2019-12-02 22:56:57 -08:00
hwdef
e581be1ec7 add err handling in gce/gci 2019-12-03 09:34:41 +08:00
Kubernetes Prow Robot
c213196f0a
Merge pull request #85014 from dekkagaijin/master 
let standalone npd use kubelet credentials
 2019-11-14 17:50:30 -08:00
Jordan Liggitt
cd4474ae4f Revert "76093 restructure LICENSES file generation" 
This reverts commit d39ac98cc5.
 2019-11-13 10:24:32 -05:00
Ji Shan Xing
d39ac98cc5 76093 restructure LICENSES file generation 2019-11-12 20:38:57 -05:00
Xing Yang
3324722e07 VolumeSnapshot CRD v1beta1: Enable VolumeSnapshotDataSource feature gate and update e2e tests 2019-11-11 02:34:24 +00:00
Jake Sanders
42a06f58c6 let standalone npd use kubelet credentials 
Signed-off-by: Jake Sanders <jsand@google.com>
 2019-11-08 14:50:41 -08:00
Kubernetes Prow Robot
c7869131dd
Merge pull request #84744 from immutableT/isolate-etcd-config 
Isolate configuration of etcd related parameters into a separate function.
 2019-11-05 15:31:29 -08:00
Kubernetes Prow Robot
8ff16f35f8
Merge pull request #84007 from wojtek-t/reduce_node_update_frequency 
Reduce node update frequency
 2019-11-04 15:28:43 -08:00
immutablet
f7bd5455fe Isolate configuration of etcd related parameters into a separate function. 2019-11-04 13:55:31 -08:00
Kubernetes Prow Robot
7b6369c803
Merge pull request #84249 from odinuge/bump-shellcheck 
Bump shellcheck to v0.7.0
 2019-11-04 06:19:40 -08:00
wojtekt
12c8b4a9df Bumpd NodeProblemDetector 2019-11-03 08:50:22 +01:00
immutablet
576edaf072 Refactor tests for configure-helper.sh by moving environment config to testdata. 2019-11-01 13:57:54 -07:00
Kubernetes Prow Robot
a8e819746d
Merge pull request #83442 from serathius/remove-prometheus-addon 
Remove prometheus addon
 2019-10-29 01:34:43 -07:00
Odin Ugedal
cce1f32ea5
Fix shellcheck failures SC2034 2019-10-23 22:47:46 +02:00
Kubernetes Prow Robot
13de6868fe
Merge pull request #81075 from mborsz/mtls 
Add mtls support to add/remove-replica
 2019-10-22 23:18:13 -07:00
Maciej Borsz
7ee8a02eee Add mtls support to add/remove-replica 2019-10-22 14:59:16 +02:00
Kubernetes Prow Robot
99d40d3d44
Merge pull request #80137 from ialidzhikov/enh/better-naming 
Rename dashboard-controller.yaml to dashboard-deployment.yaml
 2019-10-16 05:51:41 -07:00
ialidzhikov
b3dcbbf98c Rename dashboard-controller.yaml to dashboard-deployment.yaml 
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>
 2019-10-15 13:55:06 +03:00
immutablet
b6b55519ca Isolate the logic related to the configuration of kube-apiserver into a separate script. 2019-10-11 11:34:09 -07:00
Kubernetes Prow Robot
00096d8fed
Merge pull request #83366 from mwwolters/admission-control-flag 
Switch from admission-control flag to enable-admission-plugins
 2019-10-05 04:35:11 -07:00
Kubernetes Prow Robot
52a3cb06ef
Merge pull request #82845 from prameshj/custom-nodelocal 
Update nodelocaldns yaml to use image with custom Stubdomains support
 2019-10-04 16:31:13 -07:00
Marek Siarkowicz
887e84e330 Remove Prometheus addon and it's tests 
Prometheus addon was developed for exterimental and test purpose only.
As readme states it should not be used by anyone.
 2019-10-03 14:15:58 +02:00
Jacek Kaniuk
46e7a14227 Ability to set up additional, bigger nodes during tests 2019-10-03 12:20:06 +02:00
Maciej Borsz
2d9a9f7713
Revert "Revert "Revert "[Re-Apply][Distroless] Convert the GCE manifests for master containers.""" 2019-10-02 09:22:02 +02:00
Mark Wolters
f7bf17bc2f Switch from admission-control flag to enable-admission-plugins 2019-10-01 09:21:33 -07:00
Kubernetes Prow Robot
6610260cc4
Merge pull request #78466 from yuwenma/revert-77904-revert-76396-reapply-75624 
Revert "Revert "[Re-Apply][Distroless] Convert the GCE manifests for master containers.""
 2019-10-01 01:21:33 -07:00
Kubernetes Prow Robot
b215562a70
Merge pull request #83205 from zhenglol/zhengch_event_exporter_to_sd 
Use $STACKDRIVER_ENDPOINT to set exporter sd endpoint
 2019-09-30 13:09:00 -07:00
Kubernetes Prow Robot
b281315450
Merge pull request #82856 from Random-Liu/update-crictl 
Update crictl to v1.16
 2019-09-26 14:40:23 -07:00
Zheng Chen
3972e5c3e7
using STACKDRIVER_ENDPOINT to set exporter sd endpoint according to cluster env 2019-09-26 14:00:59 -04:00
Lantao Liu
dfd5957713 Update crictl to v1.16.1. 2019-09-25 16:06:39 -07:00
Kubernetes Prow Robot
7266b1b487
Merge pull request #82801 from krzyzacy/auth-curl 
auth/cloud-platform is a superset of devstorage.
 2019-09-23 17:31:53 -07:00
Sen Lu
e3fdebbe62 auth/cloud-platform is a superset of devstorage. 
Also fix the curl in get-kube.sh
 2019-09-23 14:14:03 -07:00
Kubernetes Prow Robot
5cdf18e348
Merge pull request #82624 from qingling128/master 
Upgrade stackdriver-logging-agent image to 1.6.17 to fix CVEs.
 2019-09-18 17:30:59 -07:00
Kubernetes Prow Robot
1bebaea417
Merge pull request #81061 from k-toyoda-pi/fix_shellcheck_flexvolume_node_setup 
Fix shellcheck failure in gce/gci/flexvolume_node_setup.sh
 2019-09-16 14:43:54 -07:00
Pavithra Ramesh
7a7f856e22 Support running custom nodelocaldns yaml in gce. 2019-09-12 12:53:53 -07:00
Ling Huang
dc9db4b413 Upgrade stackdriver-logging-agent image to 1.6.17 to fix CVEs. 
Change-Id: Ic37a8d3663d616e7d196353efd9a0164da724728
 2019-09-12 04:02:08 -04:00
Kubernetes Prow Robot
0dbb93125f
Merge pull request #82579 from mm4tt/etcd_expose_metrics 
Expose etcd metric port in tests
 2019-09-11 22:53:35 -07:00
Kubernetes Prow Robot
14e5ac8591
Merge pull request #82499 from filbranden/owners1 
Remove me from OWNERS for GCI
 2019-09-11 21:24:05 -07:00
Matt Matejczyk
fbbb4ebeca Expose etcd metric port in tests 
This is to allow scraping etcd metrics in scalabiblity tests.
This was already done in
https://github.com/kubernetes/kubernetes/pull/77657, but then the logic
got changed when introducing mtls in
https://github.com/kubernetes/kubernetes/pull/77561 and the new etcd
metric port 2382 is currently only exposed on localhost.

Ref. https://github.com/kubernetes/perf-tests/issues/786
 2019-09-11 13:57:00 +02:00
Kubernetes Prow Robot
f48659e9fd
Merge pull request #81681 from zhenglol/sd_test_endpoint 
override stackdriver endpoint in event-exporter in test cluster
 2019-09-10 14:32:00 -07:00
Filipe Brandenburger
c8f4e958e6 Remove me from OWNERS for GCI 
Signed-off-by: Filipe Brandenburger <filbranden@gmail.com>
 2019-09-09 09:39:05 -07:00
toyoda
5c724f6eaa fix shellcheck failure in gci/flexvolume_node_setup.sh 2019-09-03 16:56:25 +09:00
Zhen Wang
d874dbfcb1 Bump NPD version to v0.7 for GCI 2019-08-27 22:26:30 -07:00
Kubernetes Prow Robot
d52b212189
Merge pull request #79908 from wenjiaswe/remove-aggregator-ca-key 
Remove unused aggregator ca key
 2019-08-23 13:31:18 -07:00
Zheng Chen
70a7134906
added override for sd testing env in event-exporter yaml 2019-08-20 16:29:15 -04:00
Kubernetes Prow Robot
282b992e0c
Merge pull request #81074 from mborsz/ilb 
Experimental ILB support
 2019-08-09 06:25:26 -07:00
Maciej Borsz
cc4094d916 Experimental ILB support 2019-08-09 12:38:15 +02:00
Walter Fender
ebb65c5f4c Get network-proxy working with GCE. 
Got the proxy-server coming up in the master.
Added certs and have it comiung up with those certs.
Added a daemonset to run the network-agent.
Adding support for agent running as a sameon set on every node.

Added quick hack to test that proxy server/agent were correctly
tunneling traffic to the kubelet.

Added more WIP for reading network proxy configuration.
Get flags set correctly and fix connection services.
Adding missing ApplyTo
Added ConnectivityService.
Fixed build directives. Added connectivity service configuration.
Fixed log levels.
Fixed minor issues for feature turned off.
Fixed boilerplate and format.
Moved log dialer initialization earlier as per Liggits suggestion.
Fixed a few minor issues in the configuration for GCE.
Fixed scheme allocation
Adding unit test.
Added test for direct connectivity service.

Switching to injecting the Lookup method rather than using a Singleton.
First round of mikedaneses feedback.
Fixed deployment to use yaml and other changes suggested by MikeDanese.

Switched network proxy server/agent which are kebab-case not camelCase.
Picked up DIAL_RSP fix.
Factored in deads2k feedback.
Feedback from mikedanese
Factored in second round of feedback from David.
Fix path in verify.
Factored in anfernee's feedback.
First part of lavalamps feedback.
Factored in more changes from lavalamp and mikedanese.

Renamed network-proxy to konnectivity-server and konnectivity-agent.
Fixed tolerations and config file checking.
Added missing strptr
Finished lavalamps requested rename.
Disambiguating konnectivity service by renaming it egress selector.

Switched feature flag to KUBE_ENABLE_EGRESS_VIA_KONNECTIVITY_SERVICE
 2019-08-06 23:09:49 -07:00
Kubernetes Prow Robot
3be827e912
Merge pull request #77561 from wenjiaswe/fix-etcd-server 
Use HTTPS as etcd-apiserver protocol when mTLS is enabled
 2019-07-29 12:14:49 -07:00
Maciej Borsz
f1e6309560
Retry metadata requests in get-credentials and valid-storage-scope 2019-07-26 14:09:55 +02:00
Kubernetes Prow Robot
bf2dd03083
Merge pull request #80318 from davidxia/fix-err-caps 
cleanup: fix some log and error capitalizations
 2019-07-25 10:41:28 -07:00
Kubernetes Prow Robot
0612c7de0b
Merge pull request #80232 from shihan9/gce 
remove function apply-encryption-config in configure-helper
 2019-07-24 13:50:19 -07:00
Taahir Ahmed
9702c6e6e9 GCP config: gke-exec-auth-plugin for ValidatingAdmissionWebhook 
This commit adds support for using `gke-exec-auth-plugin` (vTPM-based
certificates for mTLS) for webhooks when calling endpoints matching
`*.googleapis.com`, and integrates this support with
ValidatingAdmissionWebhook.

To enable it, request ValidatingAdmissionWebhook with
`ADMISSION_CONTROL=...,ValidatingAdmissionWebhook,...` (default) and
opt in to `gke-exec-auth-plugin` using `WEBHOOK_GKE_EXEC_AUTH=true`
during the configuration process.

If you don't opt-in, ValidatingAdmissionWebhook will be deployed as
before.

Requesting `WEBHOOK_GKE_EXEC_AUTH=true` will fail if you have not
provided other configuration variables:

  * `EXEC_AUTH_PLUGIN_URL`: controls whether `gke-exec-auth-plugin` is
    downloaded during the installation step.  A prerequisite for
    actually using the plugin.

  * `TOKEN_URL`, `TOKEN_BODY`, and `TOKEN_BODY_UNQUOTED`:
    configuration values used when calling the plugin.  `TOKEN_URL`
    and `TOKEN_BODY` have existing usage. `TOKEN_BODY_UNQUOTED` is a
    new variable that is meant to sidestep the problem of inverting
    `strconv.Quote` in Bash.

The existing configuration process for ImagePolicyWebhook has been
reworked to make it play nicely with ValidatingAdmissionWebhook under
`WEBHOOK_GKE_EXEC_AUTH=true`.

  * It originally placed the ImagePolicyWebhook configuration object
    at the top-level of the file specified by
    `--admission-control-config-file`.  I can't see why this worked;
    it must have been hitting some sort of lucky path through the
    various config file loading mechanisms.  Now, it places its
    configuration in a sub-field of that file, which is shared among
    all admission control plugins.

  * It mounted its various config files read-write.  I reviewed the
    code and couldn't see why it was necessary, so I moved the config
    files into the existing read-only mount at `/etc/srv/kubernetes`.

  * It now checks that all the configuration values it requires have
    been provided.

Co-authored-by: Mike Danese <mikedanese@google.com>
Co-authored-by: Taahir Ahmed <taahm@google.com>
 2019-07-22 16:01:37 -07:00
David Xia
fabfd950b1
cleanup: fix some log and error capitalizations 
Part of https://github.com/kubernetes/kubernetes/issues/15863
 2019-07-20 18:26:16 -04:00
Wenjia Zhang
2e61ae0c56 Use HTTPS as etcd-apiserver protocol when mTLS is enabled 2019-07-20 14:24:31 -07:00
Javier Pérez Hernández
288ea10a59 gce: configure: use 'amd64' in kube core images manifest 2019-07-18 08:31:45 -07:00
Shihang Zhang
e6607cc259 remove function apply-encryption-config in configure-helper 
Change-Id: I4df76abcc94eb222219968dc5e08655677d4623f
 2019-07-16 14:03:13 -07:00
Davanum Srinivas
6b06084df6
Drop -r for variable within loop 
using `local -r` will blow up, example output:
```
/home/kubernetes/bin/configure.sh: line 388: local: manifest_name: readonly variable
```

Change-Id: Id379180803d44dd9c7ac0da41c1cd56de0fe54a4
 2019-07-14 11:05:29 -04:00
Javier Pérez Hernández
438ff151d4 cluster: configure: load images and add tags with no arch 2019-07-12 16:40:40 -07:00
Wenjia Zhang
5abd36824a Remove unused aggregator ca key 2019-07-08 17:22:25 -07:00
Kubernetes Prow Robot
4cabe6217f
Merge pull request #79626 from wenjiaswe/remove-etcd-ca-key 
Remove unnecessary ETCD_CA_KEY check
 2019-07-08 14:28:14 -07:00
Kubernetes Prow Robot
097681b619
Merge pull request #72206 from tallclair/audit-profile-test 
Audit profile test
 2019-07-05 19:00:35 -07:00
Tim Allclair
d06f849379 Audit policy test 2019-07-03 10:39:37 -07:00
Maciej Borsz
08f8d2ef46 Fix HA setup logic 2019-07-03 11:17:31 +02:00
Wenjia Zhang
22591ad8f2 Remove unnecessary ETCD_CA_KEY check 2019-07-01 15:19:16 -07:00
Koonwah Chen
46ff8e6b57 Add env var(CNI_STORAGE_PATH) for cni storage path. 2019-06-24 11:47:14 -07:00
Zhen Wang
8f40368fb6 Clean up node-problem-detector configuration for GCI 2019-06-13 21:43:05 -07:00
Yuwen Ma
ccbb88fc53 Revert "Revert "[Re-Apply][Distroless] Convert the GCE manifests for master containers."" 2019-05-30 08:02:41 -07:00
Kubernetes Prow Robot
88da568586
Merge pull request #78406 from losipiuk/lo/split-args-ca 
Split CA paramters on manifest template expansions
 2019-05-30 00:32:46 -07:00
Kubernetes Prow Robot
f4945a81e2
Merge pull request #78314 from Random-Liu/set-containerd-oom-score 
Set containerd oom score adj to -999.
 2019-05-29 07:59:16 -07:00
Łukasz Osipiuk
dda5e49cac Split CA parameters on manifest template expansion 
Split arguments to be passed to cluster autoscaler binary,
so each argument is passed separately.
This is preparatory work for migrating CA to disroless base image
and passing multiple arguments together does not work if CA is
not wrapped around with shell script

Change-Id: I26b5a764d2a12079c7f4ed6633ccabf8d623e232
 2019-05-29 15:20:34 +02:00
Jake Sanders
5a9af2e0ef specify additional static auth for components by env var 2019-05-24 12:16:40 -07:00
Lantao Liu
f6aa22e9e3 Set containerd oom score adj to -999. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-05-24 10:36:54 -07:00
Matt Matejczyk
6ced6491c6 Change etcd's --listen-client-urls to 0.0.0.0 in tests 
This is to allow scraping etcd metrics in scalability tests.

Ref. https://github.com/kubernetes/perf-tests/issues/522
 2019-05-23 15:11:22 +02:00
Kubernetes Prow Robot
0203192970
Merge pull request #78044 from dekkagaijin/patch-6 
Consolidate logic to ensure kubectl auth
 2019-05-17 23:21:37 -07:00
Kubernetes Prow Robot
72f6954614
Merge pull request #77889 from Random-Liu/support-using-containerd-in-cos 
Support using docker containerd in COS and Ubuntu on GCE.
 2019-05-17 20:26:59 -07:00
Kubernetes Prow Robot
47304fbaee
Merge pull request #78039 from mikedanese/execmaster 
allow exec auth plugin to be pulled on the master
 2019-05-17 18:57:30 -07:00
Jake Sanders
9bc3c2af00 Consolidate logic to ensure kubectl auth 2019-05-17 11:32:09 -07:00
Kubernetes Prow Robot
314264aeaf
Merge pull request #78010 from mikedanese/fixdns 
cluster/gce: fix line 2414: DNS_MEMORY_LIMIT: unbound variable
 2019-05-17 10:12:59 -07:00
Kubernetes Prow Robot
20d6b2ff11
Merge pull request #78008 from mikedanese/fixunset 
cluster/gce: fix unset variable when insecure port is enabled
 2019-05-17 10:12:46 -07:00
Mike Danese
5d7aeca63f cluster/gce: allow exec auth plugin to be pulled on the master 2019-05-17 08:32:34 -07:00
Kubernetes Prow Robot
af692da080
Merge pull request #77844 from grayluck/one-more-ip 
Add 198.51.100.0/24 to non-masq ranges.
 2019-05-17 05:38:19 -07:00
Mike Danese
59f4661b18 cluster/gce: fix line 2414: DNS_MEMORY_LIMIT: unbound variable 2019-05-16 22:58:34 -07:00
Mike Danese
4edec1f3be cluster/gce: fix unset variable when insecure port is enabled 2019-05-16 19:47:11 -07:00
Lantao Liu
bc1a78d31e Support using docker containerd in COS and Ubuntu on GCE. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-05-16 13:53:57 -07:00
Kubernetes Prow Robot
f8d2b6b982
Merge pull request #77918 from mborsz/coredns 
Make dns memory limit configurable
 2019-05-16 08:49:08 -07:00
yankaiz
14015d9ce1 Add 198.51.100.0/24 to non-masq ranges. 
Groupped the IP ranges by RFC and type.

Change reference for 198.18.0.0/15 from RFC 2544 to RFC 6815.
 2019-05-15 16:23:41 -07:00
Maciej Borsz
59af63c687 Make coredns memory limit configurable 2019-05-15 13:35:28 +02:00
Maciej Borsz
9da7db76b7
Revert "[Re-Apply][Distroless] Convert the GCE manifests for master containers." 2019-05-15 08:31:19 +02:00
Jake Sanders
2576713a40 when disabled, don't create the API server's insecure port mapping 2019-05-09 11:50:59 -07:00
Kubernetes Prow Robot
0befec7fb6
Merge pull request #77447 from dekkagaijin/mip 
disable the apiserver's insecure port by default
 2019-05-07 22:14:32 -07:00
Kubernetes Prow Robot
b34d7ac0ce
Merge pull request #77458 from grayluck/agent-v2.3.0 
Bump ip-masq-agent version to v2.3.0. Enable nomasq for reserved IPs.
 2019-05-07 17:52:58 -07:00
yankaiz
1059a71973 Bump ip-masq-agent version to v2.3.0. Enable nomasq for reserved IPs. 
Added the non-masq ranges to configure-helper.sh so that GCE clusters
will have the non-masq IP ranges aligned with GKE clusters.
 2019-05-06 22:32:34 -07:00
Jake Sanders
e4d521e825 disable the apiserver insecure port by default in configure-helper 2019-05-06 19:26:57 -07:00
Jake Sanders
ff4c372eaa ensure that kubectl works when the master insecure port is disabled 2019-05-06 19:25:41 -07:00
Yuwen Ma
b8a8bdb127 [Distroless] Convert the GCE manifests for master containers. 
* Touched containers: kube-apiserver, kube-scheduler,
kube-controller-manager.
* Remove the shell dependencies when upstart the containers.
* Reformat the command parameters to ["Exec", "Param1", "Param2"]
 2019-05-06 08:04:06 -07:00
Mark Wolters
1456979e93 Added function to create kubeconfig for addon-manager 2019-05-03 15:12:16 -07:00
Kubernetes Prow Robot
0b10d1b830
Merge pull request #77140 from dekkagaijin/glbc 
use static token to authenticate glbc
 2019-05-02 16:22:30 -07:00
Jake Sanders
8bd0b45eae use static token to authenticate glbc 2019-05-01 22:24:48 -07:00
Ling Huang
d3fb7115ab Upgrade Stackdriver Logging Agent addon image from 1.6.0 to 1.6.8. 2019-04-29 15:07:10 -04:00
Wojciech Tyczynski
0d77f62c02
Revert "override ETCD_SERVER with https instead http when mTLS is enabled" 2019-04-27 06:50:20 +02:00
Kubernetes Prow Robot
2c2e7a01bb
Merge pull request #76655 from SataQiu/fix-shell-cluster-20190417 
Fix shellcheck failures of cluster/gce/gci/shutdown.sh
 2019-04-23 23:50:04 -07:00
Kubernetes Prow Robot
06bc7e3e00
Merge pull request #76792 from dekkagaijin/insecure-port 
add option to disable the apiserver's insecure port via env var
 2019-04-23 14:02:35 -07:00
SataQiu
903c5a53b3 fix shellcheck failures of cluster/gce/gci/shutdown.sh 2019-04-22 11:46:45 +08:00
Jake Sanders
42fcd5eb63 remove erroneous kube-apiserver.manifest sed line 2019-04-19 17:40:28 +00:00
Kubernetes Prow Robot
e4f9d8fe3f
Merge pull request #76331 from xichengliudui/fixshellcheckfailures-17 
Fix shellcheck failures in stage-upload.sh
 2019-04-19 09:47:55 -07:00
Jake Sanders
113ab741e6 add option to set the value of the apiserver's insecure port 2019-04-18 20:35:08 +00:00
Kubernetes Prow Robot
dc2c9e8bd5
Merge pull request #74690 from wenjiaswe/etcdserverhttp 
override ETCD_SERVER with https instead http when mTLS is enabled
 2019-04-15 16:45:07 -07:00
Wenjia Zhang
80c4bccf0f override ETCD_SERVER with https instead http when mTLS is enabled 2019-04-14 22:11:37 -07:00
Kubernetes Prow Robot
ae8a4fcb0d
Merge pull request #76352 from jpbetz/reapply-72062 
[reapply] Perform GCE log rotation check every 5 minutes
 2019-04-12 00:41:14 -07:00
aaa
9768ba9eb3 Fix shellcheck failures in stage-upload.sh 
update pull request

update pull request

update pull request

update pull request
 2019-04-12 02:42:48 -04:00
Kubernetes Prow Robot
39073f0b9f
Merge pull request #74268 from wenjiaswe/fixingNitforetcdapiservertlspath 
fix nit for etcd_apiserver TLS path
 2019-04-11 01:22:11 -07:00
Kubernetes Prow Robot
134ed2e703
Merge pull request #76353 from Random-Liu/add-cni-version-env 
Add envs for CNI version.
 2019-04-10 18:46:22 -07:00
Lantao Liu
ad5b64ca10 Add envs for CNI version. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-04-09 16:38:53 -07:00
Joe Betz
6297c4f750 Perform GCE log rotation check every 5 minutes 2019-04-09 16:37:38 -07:00
Pengfei Ni
1406e2b70f Update cri-tools to v1.14.0 2019-04-08 10:59:18 +08:00
Zhen Wang
953677d7a5 Use Node-Problem-Detector v0.6.3 on GCI 2019-04-05 11:08:24 -07:00
Maciej Borsz
a0b51681c4
Revert "[Distroless] Convert the GCE manifests for master containers." 2019-04-05 12:55:14 +02:00
Kubernetes Prow Robot
1c105e1629
Merge pull request #75624 from yuwenma/gce-manifest 
[Distroless] Convert the GCE manifests for master containers.
 2019-04-04 16:21:19 -07:00
Yuwen Ma
af2659527f [Distroless] Convert the GCE manifests for master containers. 
* Touched containers: kube-apiserver, kube-scheduler,
kube-controller-manager.
* Remove the shell dependencies when upstart the containers.
* Reformat the command parameters to ["Exec", "Param1", "Param2"]
 2019-04-04 11:16:23 -07:00
Michelle Au
d2aa8178f2 Remove alpha CRD install 2019-04-02 10:59:11 -07:00
Kubernetes Prow Robot
aa5fda22f2
Merge pull request #75269 from javier-b-perez/gce-configure 
gce: configure: validate SA has storage scope
 2019-03-19 11:06:22 -07:00
Dan Williams
bfd8ad3268 build/gci: bump CNI version to 0.7.5 2019-03-18 17:16:42 -05:00
Kubernetes Prow Robot
a213886f9c
Merge pull request #74502 from Random-Liu/collect-pod-log 
Collect pod log in fluentd-gcp
 2019-03-12 01:34:37 -07:00
Javier Pérez Hernández
e783f0bcd4 gce: configure: validate SA has storage scope 
If the VM SA doesn't have storage scope associated, don't use the
token in the curl request or the request will fail with 403.
 2019-03-11 12:04:01 -07:00
Lantao Liu
7ffa7da112 Configure logrotate for pod logs. 2019-03-08 16:45:41 -08:00
Tim Allclair
63f61a6714 Migrate RuntimeClass to internal API 2019-03-07 11:07:54 -08:00
Kubernetes Prow Robot
ab7a48d796
Merge pull request #70036 from pbarker/audit-etoe 
dynamic audit e2e test
 2019-03-06 17:58:58 -08:00
Kubernetes Prow Robot
45e5f6053b
Merge pull request #74424 from liggitt/drop-k8s-io-node-labels 
Clean up self-set node labels
 2019-03-06 08:24:26 -08:00
Patrick Barker
67a245ae61 remove unneeded println 2019-03-05 14:38:58 -07:00
Patrick Barker
45d715cdc6 adds dynamic audit e2e test 2019-03-05 14:38:58 -07:00
Joe Betz
add956f00f Revert "Perform GCE log rotation check every 5 minutes" 
This reverts commit 1ba05d51a6.
 2019-03-04 14:10:20 -08:00
Zhen Wang
efa96f7eb8 allows configuring NPD release and flags on GCI and add cluster e2e test 2019-02-26 21:21:54 -08:00
Jordan Liggitt
e1db43ad1b Label old nodes with legacy addon labels 2019-02-26 11:43:10 -05:00
SataQiu
9cda80e836 fix shellcheck lint errors in cluster and hack scripts 2019-02-24 11:15:35 +08:00
Xiang Dai
36065c6dd7 delete all duplicate empty blanks 
Signed-off-by: Xiang Dai <764524258@qq.com>
 2019-02-23 10:28:04 +08:00
Wenjia Zhang
b9af5b5112 fix nit for etcd_apiserver TLS path 2019-02-19 11:19:49 -08:00
Javier Pérez Hernández
708d7df561 k8s: gci: configure: add token to curl calls 
Modify script to use curl to get metadata and Service Account token.
When the SA doesn't have 'Storage Read' scope, it can only read
public files.
 2019-02-15 11:00:35 -08:00
Jeff Grafton
e216995ef1 Update repo-infra, bazel-skylib, rules_docker, and rules_go dependencies 
Also require bazel 0.18.0+
 2019-02-12 17:55:10 -08:00
Roy Lenferink
b43c04452f Updated OWNERS files to include link to docs 2019-02-04 22:33:12 +01:00
Peter Hornyack
f0f7829934 Update cluster/gce scripts to support Windows nodes. 2019-01-30 19:49:07 -08:00
wojtekt
d911ebbc3f Correlate max-inflight values in GCE with master VM sizes 2019-01-24 15:13:36 +01:00
Kubernetes Prow Robot
0713f29c28
Merge pull request #72062 from jpbetz/gce-logrotate-check-interval 
Perform GCE master log rotation check every 5 minutes
 2019-01-16 14:45:22 -08:00
Wenjia Zhang
c17233c41c add mTLS encription between etcd and kube-apiserver in GCE 2019-01-07 13:52:20 -08:00
Joe Betz
1ba05d51a6 Perform GCE log rotation check every 5 minutes 2018-12-18 10:13:41 -08:00
Kubernetes Prow Robot
cf813b247d
Merge pull request #71977 from rramkumar1/kube-dns-ordering 
DNS service ordering for addon manager
 2018-12-18 01:47:49 -08:00
wojtekt
fc346b2086 Allow for configuring etcd servers addresses in kubemark 2018-12-13 11:50:49 +01:00
Rohit Ramkumar
bc44940835 Modify dns addons dir to prepend 0 on dir name. Ensures proper ordering upon creation by addon manager 2018-12-12 13:15:08 -08:00
Zhen Wang
29de74375a Use Node-Problem-Detector v0.6.0 2018-11-28 11:44:36 -08:00
k8s-ci-robot
396271cf52
Merge pull request #70954 from qingling128/master 
Upgrade Stackdriver Logging Agent addon image to 0.6-1.6.0-1 to use Fluentd v1.2.
 2018-11-25 23:09:07 -08:00
k8s-ci-robot
2b0212de9c
Merge pull request #71206 from stlaz/enc_config_opt 
Rename '--experimental-encryption-provider-config' to '--encryption-provider-config'
 2018-11-21 11:30:12 -08:00
Sergei Orlov
21c1bb8830
kubeapiserver: rename '--experimental-encryption-provider-config' to '--encryption-provider-config'. 
This change renames the '--experimental-encryption-provider-config'
flag to '--encryption-provider-config'. The old flag is accepted but
generates a warning.

In 1.14, we will drop support for '--experimental-encryption-provider-config'
entirely.

Co-authored-by: Stanislav Laznicka <slaznick@redhat.com>
 2018-11-19 16:34:09 +01:00
Lantao Liu
1670b4089a Make fluentd container runtime service configurable. 2018-11-16 02:17:55 -08:00
k8s-ci-robot
79dab474c0
Merge pull request #70555 from prameshj/nodelocaldnscache 
Support running a nodelocal dns cache
 2018-11-14 00:18:56 -08:00
Pavithra Ramesh
6d7c5e90ed Removed .salt template , using .sed template 
Removed default config options from yaml.
Removed unused yaml files
 2018-11-13 18:33:34 -08:00
Pavithra Ramesh
73b548db06 Support running a nodelocal dns cache 
This change includes the yaml files and gce startup script changes
to run this addon. It is disabled by default, can be enabled by setting
KUBE_ENABLE_NODELOCAL_DNS=true
An ip address is required for the cache instance to listen for
requests on, default is a link local ip address of value 169.254.25.10

addressed review comments, updated image location
Picked a different prometheus port so stats port is not same as the
coredns deployment

Removed the nodelocaldns-ready label.
Set memory limit to 30Mi
 2018-11-12 14:54:20 -08:00
Mike Danese
f3611a6264 always enable TokenRequest in GCE kube-up.sh 2018-11-12 11:24:52 -08:00
Ling Huang
02b7ed3291 Upgrade Stackdriver Logging Agent addon image to 0.6-1.6.0-1 to use Fluentd v1.2. 2018-11-12 13:21:44 -05:00
saad-ali
4a4176db42 Fix CSI CRD installation for Alpha clusters 2018-11-07 19:46:54 -08:00
k8s-ci-robot
9844baa2ff
Merge pull request #70696 from loburm/remove_cluster_autoscaler_spam 
Filter out spammy audit logs from cluster autoscaler.
 2018-11-07 12:53:19 -08:00
saad-ali
a679486a5e Register CSI CRDs as addon 2018-11-06 10:58:09 -08:00
Marian Lobur
433be3410a Filter out spammy audit logs from cluster autoscaler. 2018-11-06 14:44:02 +01:00
Mike Danese
8c1e928501 gce: move more stuff into main and refactor detect whether configure-helpers.sh was sourced 2018-10-31 10:07:50 -07:00
Mark Wolters
c9d34073f2 Changed prepare-log-file to take args for setting uid/gid for log files. 2018-10-19 11:57:26 -07:00
k8s-ci-robot
1aef63124b
Merge pull request #68920 from qingling128/master 
Enable insertId generation, and update Stackdriver Logging Agent image to 0.5-1.5.36-1-k8s.
 2018-10-11 13:44:51 -07:00
Walter Fender
8b3099ced7 Differentiate multizone zonal from Regional Cluster. 
Fixed go format and unit test.
Collapse lines.
Switched to using regional throughout and added warning for HA Zonal.
 2018-10-09 11:28:22 -07:00
Ling Huang
d8da1baf48 Enable insertId generation, update Stackdriver Logging Agent image to 0.5-1.5.36-1-k8s and add priorityClassName for Metadata Agent. 2018-10-09 13:42:40 -04:00
wojtekt
3fdb5b92f4 Fix overwriting env variables in kube-apiserver manifest 2018-10-08 14:21:37 +02:00
Christoph Blecker
97b2992dc1
Update gofmt for go1.11 2018-10-05 12:59:38 -07:00
k8s-ci-robot
5602ab7761
Merge pull request #68379 from immutableT/kms-plugin-via-gke 
Enable configure-helper.sh to support two scenarios for etcd level encryption: decryption and adding encryption to existing clusters.
 2018-10-04 23:38:42 -07:00