github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
114,819 Commits 1 Branch 31 Tags 1,019 MiB
c2ad27aaa2
Commit Graph

937 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
d541872f9a
Merge pull request #102239 from Haleygo/clean-up-AlgorithmProvider-flag-and-pkg 
clean up algorithmprovider pkg and remove scheduler deprecated algorithm-provider flag
 2021-05-27 00:54:23 -07:00
Haleygo
2769e99dba remove scheduler deprecated algorithm-provider flag and clean up algorithmprovider pkg 2021-05-26 13:19:44 +08:00
Kubernetes Prow Robot
06d44d2f42
Merge pull request #101168 from mikedanese/warning 
add a warning about the filter table
 2021-05-24 21:48:40 -07:00
Kubernetes Prow Robot
77937b1e8e
Merge pull request #101628 from bobbypage/addon-termination-handler 
Remove node termination handler addon
 2021-05-24 11:31:39 -07:00
Kubernetes Prow Robot
e8cf412e5e
Merge pull request #101881 from vinayakankugoyal/konnectivity 
Update konnectivity network proxy server to run as non-root, by defau…
 2021-05-13 23:16:04 -07:00
Vinayak Goyal
b951b9349f Update konnectivity network proxy server to run as non-root, by default in kube-up. 2021-05-13 12:35:34 -07:00
Avritt Rohwer
0a5a697882 Fix bug in retry-forever usage. 
- Push retry-forever wrapping to curl invocations.
- Collect curl retry flags into a single variable.
- Remove 'sudo: false' in master.yaml, is unnecessary and breaks older
  cloud-init versions.
- Change log-error status reason to be more accurate.
- Fix the some 'python' invocations to 'python3'.
 2021-05-12 09:22:20 -07:00
Kubernetes Prow Robot
ca0c04e4d3
Merge pull request #101164 from vinayakankugoyal/apiservernonroot 
Run control-plane as non root in kube-up.
 2021-05-06 17:33:14 -07:00
Kubernetes Prow Robot
8955f55fcf
Merge pull request #101678 from vinayakankugoyal/goodbye-basicauth 
Remove remnants of basic auth from cluster bootstrap.
 2021-05-06 14:14:14 -07:00
Vinayak Goyal
6aa495ddc6 Revert - Recursive chown the /etc/srv/sshproxy if kube-apiserver is running as non root. This way if a key already exists we will be able to read it. 2021-05-06 14:02:53 -07:00
David Porter
dac06aefb0 Revert "Revert "cluster: Use python3 everywhere"" 
This reverts commit 7038338e0f.
 2021-05-03 21:43:15 -07:00
Kubernetes Prow Robot
c5b900b69c
Merge pull request #97399 from davidxia/comment-typo 
Fix typo in comment
 2021-05-01 04:57:59 -07:00
Vinayak Goyal
b87762966d Remove remnants of basic auth from cluster bootstrap. 2021-04-30 11:23:14 -07:00
David Porter
e02ff0687e Remove node termination handler addon 2021-04-29 14:42:23 -07:00
Paco Xu
7038338e0f
Revert "cluster: Use python3 everywhere" 2021-04-26 11:21:44 +08:00
David Porter
3f87f4f278 Use python3 everywhere 2021-04-23 14:33:58 -07:00
Kubernetes Prow Robot
ae35c6f10c
Merge pull request #101255 from basantsa1989/stack-type 
Adding stack-type to gce cloud config (to be used for dual stack in legacy-cloud-providers gce code)
 2021-04-22 15:55:28 -07:00
Basant Amarkhed
e15d811652 Adding stack-type to cloud config (to be used for dual stack in legacy-cloud-providers code) 2021-04-19 19:06:55 +00:00
Shihang Zhang
297ad30610 dnat to 169.254.169.252 for metadata server traffic 2021-04-19 10:47:51 -07:00
Kubernetes Prow Robot
28c877dcb6
Merge pull request #101043 from benhxy/tls-2 
Use GKE specific configuration for kubeconfig file generation
 2021-04-16 11:54:51 -07:00
Mike Danese
ba3fc65072 add a warning about the filter table 2021-04-15 16:22:28 -07:00
Maciej Borsz
493adbada9 Do not grep for curl --help for --retry-connrefused 2021-04-14 08:32:21 +02:00
Kubernetes Prow Robot
f1c037889d
Merge pull request #100770 from avrittrohwer/configure-script-logging 
Add configure script logging instrumentation
 2021-04-13 18:06:42 -07:00
Kubernetes Prow Robot
318db993c8
Merge pull request #101020 from cindy52/bugfix/etcd 
Change file owner of /mnt/disks/master-pd/var/etcd  instead of /var/etcd
 2021-04-13 12:09:47 -07:00
Avritt Rohwer
d4495183c9 Add configure script logging instrumentation. 
- Add log functions to facilitate debug logging.
- Wrap commands called in main with debug logging.
- Configure a systemd service to forward the logs to the serial port.
- Add a 'retry-forever' function to harden download steps.
- Add default value support to 'get-metadata-value' function.
- Fix some spellcheck lints.
 2021-04-13 09:30:49 -07:00
Ben Hu
e3270e532c GKE specific kubeconfig 2021-04-12 22:47:39 +00:00
Cindy Guo
03f60f4b60 chown on /mnt/disks/master-pd/var/etcd instead of /var/etcd 2021-04-12 08:21:01 +00:00
Antonio Ojea
93f4727aab gce configure containerd default_runtime_name 
move config to v2
 2021-04-11 00:48:22 +02:00
Cindy Guo
9f058079d2 run etcd as nonroot 
Co-authored-by: Vinayak Goyal <vinayakankugoyal@gmail.com>
 2021-04-08 20:51:45 +00:00
varsha teratipally
90983f66e4 Moving docker options to daemon.json 
As per the new docker guidelines about customizing the options
like adding registry-mirrors, moving the options to daemon.json
 2021-03-10 19:14:48 +00:00
Kubernetes Prow Robot
874877fa44
Merge pull request #99216 from ruiwen-zhao/remove_modprobe 
Remove modprobe configs from configure-helper
 2021-02-22 17:24:32 -08:00
Cong Liu
03709c0ece Add arm64 support for GCE node configuration 
Fix typo

Add TODO
 2021-02-19 14:22:26 -08:00
ruiwen-zhao
c053b232ba Remove modprobe configs from configure-helper 2021-02-18 22:57:44 +00:00
Benjamin Elder
299c561b10 portably configure tempdir in configure-helper.sh 
fixes a `make test` failure on macOS
 2021-02-12 01:15:14 -08:00
Matthew Cary
9a7dcd36c1 Disallow local loopback for volume hosts 
Change-Id: Ic356c3f859057153cfad97327f1938792a1a512c
 2021-01-26 17:12:51 -08:00
Kubernetes Prow Robot
1a67280508
Merge pull request #98037 from vinayakankugoyal/kube-controller-manager-crp 
Update configure-helper.sh to early exit from start-kube-controller-m…
 2021-01-25 12:38:59 -08:00
Vinayak Goyal
31807032e0 Update configure-helper.sh to early exit from start-kube-controller-manager if kube-controller-manager is deployed through CRP. 2021-01-20 16:22:46 -08:00
Michael Taufen
9f9e235b9d Mount /var/lib/kubelet/pki on tmpfs 
This helps avoid some rare instances of corrupt cert files
that cause Kubelet to crash-loop after node reboots, e.g.
if Kubelet opens the file during the shutdown but is unable
to write it.
 2021-01-08 18:04:35 -08:00
Jian Zeng
8c1971e17c chore(gce): pass auth flags to KCM and KS 
Pass flags `--authentication-kubeconfig` and
`--authorization-kubeconfig` to controller-manager and scheduler,
so that we could grab metrics from their secure ports in tests.
 2021-01-06 12:56:39 +08:00
Sergey Kanzhelev
d78db9f161 configure docker on containerd nodes so it wouldn't reserver 172.17 subnet 2020-12-23 18:49:57 +00:00
David Xia
0756e54dfc
Fix typo in comment 2020-12-21 20:02:20 -05:00
Ben Hu
9581c40887 Revert "Use host IP instead of localhost for control plane component kubeconfig files." 
This reverts commit 49afcfa5f2.
 2020-12-11 22:36:39 +00:00
Maciej Borsz
7f09d59215 Migrate etcd's livenessProbe to etcdctl endpoint health. 
Change-Id: Ie19c844050c75e3d1c4b431d09ba0ac851c5317b
 2020-12-11 12:43:02 +01:00
Kubernetes Prow Robot
cad9a8277d
Merge pull request #97127 from liggitt/revert-etcd-host-ip 
Revert "iAdd host IP to etcd listen client URLs."
 2020-12-08 22:01:52 -08:00
Kubernetes Prow Robot
d2e7abb153
Merge pull request #96839 from vinayakankugoyal/crp 
Update configure-helper.sh to early exit from start-kube-scheduler if…
 2020-12-08 20:03:51 -08:00
Kubernetes Prow Robot
56d7f138de
Merge pull request #96622 from vinayakankugoyal/groupfix 
If the file already exists we need to grant group read permissions ex…
 2020-12-08 17:29:59 -08:00
Jordan Liggitt
8820dc4522 Revert "iAdd host IP to etcd listen client URLs." 
This reverts commit 8b4e164a78.
 2020-12-08 11:37:13 -05:00
Vinayak Goyal
18644cb1b2 Update configure-helper.sh to early exit from start-kube-scheduler if kube-scheduler is deployed through CRP. 2020-11-24 12:01:22 -08:00
Mike Danese
7fc57a207e gce: move iptables rule to mangle 
This avoids a conflict with rules that calico installs. Also, acquire
the lock everywhere.
 2020-11-18 11:28:03 -08:00
vinayak goyal
c2ea6842a7 If the file already exists we need to grant group read permissions explicitly. 2020-11-16 22:59:30 +00:00
wojtekt
eb63da77ea Allow for configuring etcd progress notify interval on GCE 2020-10-29 15:43:51 +01:00
Kubernetes Prow Robot
3523555aab
Merge pull request #95771 from vinayakankugoyal/fluentbit 
Grant group KUBE_POD_LOG_READERS_GROUP access to read pod logs on gke…
 2020-10-27 10:36:48 -07:00
Kubernetes Prow Robot
557885d5d7
Merge pull request #91788 from rahulkjoshi/detect-local-mode 
Add option to specify detect-local-mode during cluster configuration
 2020-10-26 10:25:02 -07:00
Kubernetes Prow Robot
5935fcd704
Merge pull request #95766 from towca/jtuznik/ca-params-fix 
Properly quote flags passed to Cluster Autoscaler
 2020-10-23 20:47:00 -07:00
Kubernetes Prow Robot
1f756e4a37
Merge pull request #92669 from Jefftree/netproxy-configure-helper 
Separate network proxy flag for apiserver egress and starting pods
 2020-10-23 16:47:00 -07:00
Vinayak Goyal
83c1ce0225 Grant group KUBE_POD_LOG_READERS_GROUP access to read pod logs on gke control-plane. 2020-10-23 12:14:26 -07:00
Rahul Joshi
889446810c Add configuration options to specify --detect-local-mode on kube-proxy. 2020-10-23 12:12:59 -07:00
Kubernetes Prow Robot
e850fa6a6c
Merge pull request #95209 from benhxy/gke/kubeconfig 
Use host IP instead of localhost for GKE control plane kubeconfig
 2020-10-22 22:15:49 -07:00
Jefftree
0e5d057755 Rename flags 2020-10-22 08:43:28 -07:00
Jefftree
ed52ad3f25 Add SETUP_KONNECTIVITY_SERVICE flag 2020-10-22 08:43:28 -07:00
Jefftree
7820b05467 Separate network proxy flag for apiserver egress and starting pods 2020-10-22 08:43:27 -07:00
Jakub Tużnik
236ade027b Properly quote flags passed to Cluster Autoscaler 
In the current implementation, the flags are not put between quotes,
and so the Cluster Autoscaler manifest doesn't parse as valid JSON.
 2020-10-22 15:10:39 +02:00
Daniel Gutowski
6c8b1ab266 Fix default values for logrotate in /var/log/ 2020-10-21 09:18:32 +00:00
Ben Hu
49afcfa5f2 Use host IP instead of localhost for control plane component kubeconfig files. 
This is a part of work to allow control plane components to be moved off hostNetwork.
 2020-10-20 22:47:33 +00:00
Ben Hu
8b4e164a78 iAdd host IP to etcd listen client URLs. 
Allow kube-apiserver to use host IP to connect to etcd.
Update etcd/migrate to allow additional client listening URLs.
 2020-10-20 16:43:52 +00:00
jayunit100
aefe930562 support multiple bind records (fie nodelocaldns test regression), by 
first replacing PILLAR_ and then replacing other vars.
 2020-10-16 14:28:55 -04:00
Kubernetes Prow Robot
c1e5e6a556
Merge pull request #93836 from jayunit100/salt_cleanup_92835 
remove __pillar__ refs
 2020-10-11 17:58:47 -07:00
Kubernetes Prow Robot
33fd5552bb
Merge pull request #95418 from vinayakankugoyal/pki 
Update write-pki-data to give read permissions to KUBE_PKI_READERS_GR…
 2020-10-09 18:08:47 -07:00
Hippie Hacker
b1e3a2ac7a Clarify that we don't audit events due to performance impact 2020-10-09 13:30:20 +13:00
Vinayak Goyal
7cbe8070bc Update write-pki-data to give read permissions to KUBE_PKI_READERS_GROUP, for components running as non-root to be able to read the credentials. 2020-10-08 16:25:43 -07:00
Mike Danese
cc5b12cdff gce: redirect handshake server requests to metadata-concealment too 2020-09-25 17:50:53 -07:00
Varun Marupadi
04a51cac17 Allow the lifecycle of kube-proxy to be managed independently of the startup scripts for GCE 
Introduces a new env variable KUBE_PROXY_DISABLE which causes the configure scripts to skip over
the creation of both static pods as well as daemonset addons for kube-proxy.
When false, the behavior falls back to the default today, which is to rely on the value of
KUBE_PROXY_DAEMONSET to decide whether to start static pods on the nodes or an addon on the
master.
 2020-09-22 20:37:35 -07:00
Aldo Culquicondor
2ae4eeb3ea Mount kubelet and container runtime rootdir on LSSD 
When environment variable NODE_LOCAL_SSD_EPHEMERAL=true,
create a RAID 0 array on all attached SSDs to mount:

- kubelet root dir
- container runtime root dir
- pod logs dir

Those directories account for all ephemeral storage.
An array is not created when there is only one SSD.

Change-Id: I22137f1d83fc19e9ef58a556d7461da43e4ab9bd
Signed-off-by: Aldo Culquicondor <acondor@google.com>
 2020-09-14 14:32:28 -04:00
David Eads
c7911a384c remove pod presets 2020-09-14 09:24:40 -04:00
Kubernetes Prow Robot
0627c35411
Merge pull request #93781 from kisieland/allow-to-switch-off-logrotate 
Disable log rotation of kubernetes and pod logs
 2020-09-10 16:10:14 -07:00
Daniel Gutowski
adf7ed4241 Allow to disable logrotation of kubernetes and pod logs 
Make logrotate disabled by default
 2020-09-03 11:21:44 +00:00
Shihang Zhang
38f040c0a8 bind metadata proxy to 0.0.0.0 2020-09-01 18:34:02 -07:00
jay vyas
1693c111be Getting rid of the Salt DNS replacements, addded / back. 2020-08-30 09:11:27 +00:00
Kubernetes Prow Robot
a9d1482710
Merge pull request #93311 from logicalhan/monitoring-role 
Add bootstrap policy for monitoring endpoints
 2020-08-28 06:36:52 -07:00
Kubernetes Prow Robot
fd20de89d9
Merge pull request #90433 from joakimr-axis/joakimr-axis_configure-helper.sh 
Fix shellcheck w/e in cluster/gce/gci/configure-helper.sh
 2020-08-27 19:05:47 -07:00
Han Kang
f57611970c add bootstrap policy for monitoring roles 
(we enable metrics and pprof by default, but that doesn't mean
 we should have full cluster-admin access to use those endpoints)

Change-Id: I20cf1a0c817ffe3b7fb8e5d3967f804dc063ab03

remove pprof but add read access to detailed health checks

Change-Id: I96c0997be2a538aa8c689dea25026bba638d6e7d

add base health check endpoints and remove the todo for flowcontrol, as there is an existing ticket

Change-Id: I8a7d6debeaf91e06d8ace3cb2bd04d71ef3e68a9

drop blank line

Change-Id: I691e72e9dee3cf7276c725a12207d64db88f4651
 2020-07-24 09:21:55 -07:00
Jordan Liggitt
3b323b2ef0 Limit critical pods to kube-system by default 2020-07-17 09:52:19 -04:00
Joakim Roubert
0c48e0e1bb Find what fails pull-kubernetes-e2e-gce-ubuntu-containerd 
Change-Id: I7919d03926880cd9c93c61a07ada645ebfe32a89
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
 2020-06-29 09:43:37 +02:00
Joakim Roubert
b529485f65 Review update 
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
 2020-06-29 08:43:58 +02:00
Joakim Roubert
605be2216b Sync with master 
Add fixes for newly added code.

Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
 2020-06-29 08:43:58 +02:00
Joakim Roubert
196ae34f9b Remove previously added '' no longer needed 
Adapt to changes on master since the first commit here.

Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
 2020-06-29 08:43:57 +02:00
Joakim Roubert
a20a005986 No quotes needed/wanted for CURL_RETRY_CONNREFUSED 
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
 2020-06-29 08:43:57 +02:00
Joakim Roubert
1b9e9c6fe6 Add fix for run-kube-controller-manager-as-non-root 
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
 2020-06-29 08:43:57 +02:00
Joakim Roubert
11f6d43747 Updates after review 
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
 2020-06-29 08:43:57 +02:00
Joakim Roubert
4abf7da53e Update cluster/gce/gci/configure-helper.sh 
Co-authored-by: Aaron Crickenberger <spiffxp@google.com>
 2020-06-29 08:43:56 +02:00
Joakim Roubert
3e211386c1 Update cluster/gce/gci/configure-helper.sh 
Co-authored-by: Aaron Crickenberger <spiffxp@google.com>
 2020-06-29 08:43:56 +02:00
Joakim Roubert
d66456fe01 Update cluster/gce/gci/configure-helper.sh 
Co-authored-by: Aaron Crickenberger <spiffxp@google.com>
 2020-06-29 08:43:56 +02:00
Joakim Roubert
6e8504003b Update cluster/gce/gci/configure-helper.sh 
Co-authored-by: Aaron Crickenberger <spiffxp@google.com>
 2020-06-29 08:43:56 +02:00
Joakim Roubert
0c899b2bc2 Mitigate newly added shellcheck issues 
Issues not present when the original patch was created have now also
been fixed.

Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
 2020-06-29 08:43:56 +02:00
Joakim Roubert
826274c867 Updates after code review 
Add double quotes at assignments as requested by phenixblue.

Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
 2020-06-29 08:43:55 +02:00
Joakim Roubert
3fb0d1c15d Update after code review 
Simplified local variable declaration as suggested by phenixblue.

Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
 2020-06-29 08:43:55 +02:00
Joakim Roubert
1f9704c713 Code review update 
Change-Id: I384a73efe995c529fb4b3636cb9639eafb90787f
Signed-off-by: Joakim Roubert <joakimr@axis.com>
 2020-06-29 08:43:55 +02:00
Joakim Roubert
80a8566a8c Fix shellcheck w/e in cluster/gce/gci/configure-helper.sh 
Change-Id: Ic8fca2509a7cb07f4170eaf25a878036d18ba51c
Signed-off-by: Joakim Roubert <joakimr@axis.com>
 2020-06-29 08:43:55 +02:00
Jonathan Sun
2f7874bd4b Install firewall logging rules to log metadata server access for unauthorized components. 2020-06-23 11:22:05 -07:00
Kubernetes Prow Robot
c6011f2d54
Merge pull request #91390 from vinayakankugoyal/nonroot 
Updating kube-controller-manager to run as non-root.
 2020-06-21 00:56:38 -07:00