Julie Qi
2a4a1c1d00
disable aufs module
2021-07-21 23:25:19 -07:00
Matthew Cary
60d446fe3d
Drop end of sunrpc port range to avoid port conflicts.
...
Change-Id: I1561fe447f50d9ac835094b3cceba62ea74dfd81
2021-07-13 18:38:40 +00:00
Cong Liu
6c87c22277
Add structured logging for more steps
2021-07-09 15:35:44 -07:00
Kubernetes Prow Robot
5e3bed6399
Merge pull request #101433 from SergeyKanzhelev/patch-1
...
Make the service account error more apparent
2021-07-05 03:23:13 -07:00
Marian Lobur
5d80d6e7c3
Make cpu request of kube proxy configurable by env variable.
2021-07-02 16:00:56 +02:00
Piotr Tabor
de442ef860
Retry hostname->IP: [Errno -2] Name or service not known
...
During cluster configuration, the hostname is getting resolved to IP,
as etcd requires IP address as listening address.
Due to connectivity flakes or delayed network inititalization, sometimes
the IP fails to be resolved to a name with following error:
```
[Errno -2] Name or service not known
```
that leads to attempt to run etcd with empty flag.
The PR adds a proper retry (up to 5 minutes) in case the connectivity
problems happens.
I considered alternatives like: `getent hosts foo`, but unfortunetelly thay
can return IPv6 that etcd is not ready for (yet).
2021-07-01 12:20:07 +02:00
Sergey Kanzhelev
210c610d66
make sure to split NPD hashes by architecture when upgrading to 0.8.9
2021-07-01 08:12:35 +00:00
pacoxu
ffdf3f5007
update node-problem-detector npd to v0.8.8
...
Signed-off-by: pacoxu <paco.xu@daocloud.io>
Co-Authored-By: vteratipally <vteratipally@users.noreply.github.com>
2021-06-29 09:35:32 +08:00
pacoxu
f05f30943d
kube-apiserver in gce: use --api-audiences as --service-account-api-audiences is deprecated
...
Signed-off-by: pacoxu <paco.xu@daocloud.io>
2021-06-22 11:09:46 +08:00
Vinayak Goyal
774d228637
remove the path if it exists before writing pki data.
...
if setfacl is called before chmod g+r at anypoint during the lifetime of
the cluster then the default group does not have read permissions on the
file. so we explicitly grant the default group read permissions. See
https://gist.github.com/mmdriley/85ca34f711acbec4b1b94902add488e5 for a
repro.
2021-06-18 11:03:37 -07:00
Joseph Anttila Hall
9d514b2de4
Konnectivity: tune flags for larger clusters (5k nodes).
2021-06-10 14:05:44 -07:00
Kubernetes Prow Robot
9d27400fe2
Merge pull request #102040 from njuptlzf/fix_conversion
...
Fix auditing failed of request: encoding failed
2021-06-05 19:58:38 -07:00
njuptlzf
7b0fbb7292
add audit log test cases for cross-group subresource
2021-06-06 09:52:05 +08:00
Kubernetes Prow Robot
74af3b712d
Merge pull request #102297 from deads2k/ssh-tunnels
...
remove --ssh- options, deprecated 13 releases, that only work on GCE
2021-06-05 10:40:50 -07:00
Marek Siarkowicz
4ebc0c94a4
Remove legacy metrics client from podautoscaler
2021-06-04 23:06:32 +02:00
David Eads
ae603a38bc
remove -ssh-user from cluster scripts for GCE
2021-06-03 17:53:09 -04:00
Kubernetes Prow Robot
bc8acbc43e
Merge pull request #102328 from lentzi90/update-cni-plugins
...
Update CNI plugins v0.9.1
2021-05-28 10:16:46 -07:00
Kubernetes Prow Robot
d541872f9a
Merge pull request #102239 from Haleygo/clean-up-AlgorithmProvider-flag-and-pkg
...
clean up algorithmprovider pkg and remove scheduler deprecated algorithm-provider flag
2021-05-27 00:54:23 -07:00
Lennart Jern
507710b50f
Update CNI plugins v0.9.1
...
ref: https://github.com/containernetworking/plugins/releases/tag/v0.9.1
Signed-off-by: Lennart Jern <lennart.jern@est.tech>
2021-05-26 11:02:04 +03:00
Haleygo
2769e99dba
remove scheduler deprecated algorithm-provider flag and clean up algorithmprovider pkg
2021-05-26 13:19:44 +08:00
Kubernetes Prow Robot
06d44d2f42
Merge pull request #101168 from mikedanese/warning
...
add a warning about the filter table
2021-05-24 21:48:40 -07:00
Kubernetes Prow Robot
77937b1e8e
Merge pull request #101628 from bobbypage/addon-termination-handler
...
Remove node termination handler addon
2021-05-24 11:31:39 -07:00
Kubernetes Prow Robot
e8cf412e5e
Merge pull request #101881 from vinayakankugoyal/konnectivity
...
Update konnectivity network proxy server to run as non-root, by defau…
2021-05-13 23:16:04 -07:00
Sergey Kanzhelev
72fe1b722c
Make the service account error more apparent
2021-05-14 04:39:24 +00:00
Vinayak Goyal
b951b9349f
Update konnectivity network proxy server to run as non-root, by default in kube-up.
2021-05-13 12:35:34 -07:00
Avritt Rohwer
0a5a697882
Fix bug in retry-forever usage.
...
- Push retry-forever wrapping to curl invocations.
- Collect curl retry flags into a single variable.
- Remove 'sudo: false' in master.yaml, is unnecessary and breaks older
cloud-init versions.
- Change log-error status reason to be more accurate.
- Fix the some 'python' invocations to 'python3'.
2021-05-12 09:22:20 -07:00
Kubernetes Prow Robot
ca0c04e4d3
Merge pull request #101164 from vinayakankugoyal/apiservernonroot
...
Run control-plane as non root in kube-up.
2021-05-06 17:33:14 -07:00
Kubernetes Prow Robot
1f3fd1cb80
Merge pull request #101751 from vinayakankugoyal/sshproxy
...
Recursive chown the /etc/srv/sshproxy if kube-apiserver is running as…
2021-05-06 15:15:51 -07:00
Kubernetes Prow Robot
8955f55fcf
Merge pull request #101678 from vinayakankugoyal/goodbye-basicauth
...
Remove remnants of basic auth from cluster bootstrap.
2021-05-06 14:14:14 -07:00
Vinayak Goyal
6aa495ddc6
Revert - Recursive chown the /etc/srv/sshproxy if kube-apiserver is running as non root. This way if a key already exists we will be able to read it.
2021-05-06 14:02:53 -07:00
Vinayak Goyal
487583bd0a
Recursive chown the /etc/srv/sshproxy if kube-apiserver is running as non root. This way if a key already exists we will be able to read it.
2021-05-05 15:23:04 -07:00
Vinayak Goyal
406ceae991
Recursive chown the /etc/srv/sshproxy if kube-apiserver is running as non root. This way if a key already exists we will be able to read it.
2021-05-05 14:49:59 -07:00
David Porter
dac06aefb0
Revert "Revert "cluster: Use python3 everywhere""
...
This reverts commit 7038338e0f
.
2021-05-03 21:43:15 -07:00
Kubernetes Prow Robot
c5b900b69c
Merge pull request #97399 from davidxia/comment-typo
...
Fix typo in comment
2021-05-01 04:57:59 -07:00
Vinayak Goyal
b87762966d
Remove remnants of basic auth from cluster bootstrap.
2021-04-30 11:23:14 -07:00
David Porter
e02ff0687e
Remove node termination handler addon
2021-04-29 14:42:23 -07:00
Paco Xu
7038338e0f
Revert "cluster: Use python3 everywhere"
2021-04-26 11:21:44 +08:00
David Porter
3f87f4f278
Use python3 everywhere
2021-04-23 14:33:58 -07:00
Kubernetes Prow Robot
ae35c6f10c
Merge pull request #101255 from basantsa1989/stack-type
...
Adding stack-type to gce cloud config (to be used for dual stack in legacy-cloud-providers gce code)
2021-04-22 15:55:28 -07:00
Kubernetes Prow Robot
6aa683e9cf
Merge pull request #100639 from zshihang/proxy
...
dnat to 169.254.169.252 for metadata server traffic
2021-04-21 11:15:51 -07:00
Ikko Ashimine
f69a2b40da
Fix typo in gci/README.md
...
becase -> because
2021-04-21 21:35:05 +09:00
Kubernetes Prow Robot
41505f7109
Merge pull request #101176 from jkh52/master
...
kube-master-installation: improve systemd cross-unit robustness.
2021-04-20 00:42:45 -07:00
Kubernetes Prow Robot
46b0ad1327
Merge pull request #101207 from vinayakankugoyal/sshproxy
...
If kube-apiserver is running as non-root then set the permissions of …
2021-04-19 17:24:33 -07:00
Joseph Anttila Hall
05bcc72dc2
kube-master-installation: reboot on failure.
...
Also some minor reliability tweaks.
2021-04-19 17:16:21 -07:00
Vinayak Goyal
94e34da471
If kube-apiserver is running as non-root then set the permissions of /etc/srv/sshproxy accordingly.
2021-04-19 13:16:06 -07:00
Basant Amarkhed
e15d811652
Adding stack-type to cloud config (to be used for dual stack in legacy-cloud-providers code)
2021-04-19 19:06:55 +00:00
Shihang Zhang
297ad30610
dnat to 169.254.169.252 for metadata server traffic
2021-04-19 10:47:51 -07:00
Kubernetes Prow Robot
28c877dcb6
Merge pull request #101043 from benhxy/tls-2
...
Use GKE specific configuration for kubeconfig file generation
2021-04-16 11:54:51 -07:00
Kubernetes Prow Robot
7ecd93ea1e
Merge pull request #100764 from benhxy/tls
...
Use GKE specific configuration for kube-apiserver SNI cert
2021-04-15 19:52:22 -07:00
Mike Danese
ba3fc65072
add a warning about the filter table
2021-04-15 16:22:28 -07:00
Kubernetes Prow Robot
24350a922e
Merge pull request #101086 from enj/enj/i/auth_owners_gen
...
Prune stale entries from OWNERS files
2021-04-15 08:27:50 -07:00
Maciej Borsz
493adbada9
Do not grep for curl --help for --retry-connrefused
2021-04-14 08:32:21 +02:00
Kubernetes Prow Robot
f1c037889d
Merge pull request #100770 from avrittrohwer/configure-script-logging
...
Add configure script logging instrumentation
2021-04-13 18:06:42 -07:00
Monis Khan
91241eac9b
Prune stale entries from OWNERS files
...
Signed-off-by: Monis Khan <mok@vmware.com>
2021-04-13 20:54:50 -04:00
Kubernetes Prow Robot
318db993c8
Merge pull request #101020 from cindy52/bugfix/etcd
...
Change file owner of /mnt/disks/master-pd/var/etcd instead of /var/etcd
2021-04-13 12:09:47 -07:00
Avritt Rohwer
d4495183c9
Add configure script logging instrumentation.
...
- Add log functions to facilitate debug logging.
- Wrap commands called in main with debug logging.
- Configure a systemd service to forward the logs to the serial port.
- Add a 'retry-forever' function to harden download steps.
- Add default value support to 'get-metadata-value' function.
- Fix some spellcheck lints.
2021-04-13 09:30:49 -07:00
Ben Hu
e3270e532c
GKE specific kubeconfig
2021-04-12 22:47:39 +00:00
Ben Hu
ccb742c43c
Resolve comments. Remove kubeconfig changes.
2021-04-12 22:39:53 +00:00
Cindy Guo
03f60f4b60
chown on /mnt/disks/master-pd/var/etcd instead of /var/etcd
2021-04-12 08:21:01 +00:00
Kubernetes Prow Robot
a96000311f
Merge pull request #100956 from saschagrunert/cri-tools
...
Update cri-tools to v1.21.0
2021-04-12 00:35:59 -07:00
Kubernetes Prow Robot
99301e672b
Merge pull request #100436 from vinayakankugoyal/apiservernonroot
...
Fix kube-apiserver manifest.
2021-04-10 20:29:35 -07:00
Antonio Ojea
93f4727aab
gce configure containerd default_runtime_name
...
move config to v2
2021-04-11 00:48:22 +02:00
Kubernetes Prow Robot
5b038e6cff
Merge pull request #100635 from cindy52/etcd/rootless
...
Run the etcd as non-root
2021-04-09 05:19:37 -07:00
Sascha Grunert
33e0e035ea
Update cri-tools to v1.21.0
...
This updates crictl to the latest available release.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
2021-04-09 11:05:13 +02:00
Kubernetes Prow Robot
96db2323a4
Merge pull request #100041 from vteratipally/update_npd_version
...
bump npd version to latest v0.8.7
2021-04-08 17:10:55 -07:00
Cindy Guo
9f058079d2
run etcd as nonroot
...
Co-authored-by: Vinayak Goyal <vinayakankugoyal@gmail.com>
2021-04-08 20:51:45 +00:00
Ben Hu
a2d094797d
Use GKE specific configuration in startup scripts in GKE deployment.
2021-04-02 00:10:53 +00:00
Vinayak Goyal
4b3271a542
Fix kube-apiserver manifest.
2021-03-21 16:24:56 -07:00
Maciej Szulik
a3a26171d1
Run GCE unit tests as non-root
2021-03-18 12:14:24 +01:00
varsha teratipally
90983f66e4
Moving docker options to daemon.json
...
As per the new docker guidelines about customizing the options
like adding registry-mirrors, moving the options to daemon.json
2021-03-10 19:14:48 +00:00
Varsha Teratipally
82434ec818
bump npd version to latest v0.8.7
2021-03-09 22:48:27 +00:00
Benjamin Elder
56e092e382
hack/update-bazel.sh
2021-02-28 15:17:29 -08:00
Vinayak Goyal
c63ff05e6d
Run kube-apiserver as non-root.
2021-02-22 20:48:16 -08:00
Kubernetes Prow Robot
874877fa44
Merge pull request #99216 from ruiwen-zhao/remove_modprobe
...
Remove modprobe configs from configure-helper
2021-02-22 17:24:32 -08:00
Cong Liu
03709c0ece
Add arm64 support for GCE node configuration
...
Fix typo
Add TODO
2021-02-19 14:22:26 -08:00
ruiwen-zhao
c053b232ba
Remove modprobe configs from configure-helper
2021-02-18 22:57:44 +00:00
Benjamin Elder
299c561b10
portably configure tempdir in configure-helper.sh
...
fixes a `make test` failure on macOS
2021-02-12 01:15:14 -08:00
Joakim Roubert
3dd3211c81
Fix shellcheck failures in cluster/gce/gci/configure.sh
...
Signed-off-by: Joakim Roubert <joakimr@axis.com>
2021-02-10 19:23:31 +01:00
Kubernetes Prow Robot
b87ae556b3
Merge pull request #95865 from joakimr-axis/joakimr-axis_master-helper.sh
...
Fix shellcheck issues in cluster/gce/gci/master-helper.sh
2021-02-09 17:43:00 -08:00
Matthew Cary
9a7dcd36c1
Disallow local loopback for volume hosts
...
Change-Id: Ic356c3f859057153cfad97327f1938792a1a512c
2021-01-26 17:12:51 -08:00
Kubernetes Prow Robot
1a67280508
Merge pull request #98037 from vinayakankugoyal/kube-controller-manager-crp
...
Update configure-helper.sh to early exit from start-kube-controller-m…
2021-01-25 12:38:59 -08:00
Vinayak Goyal
31807032e0
Update configure-helper.sh to early exit from start-kube-controller-manager if kube-controller-manager is deployed through CRP.
2021-01-20 16:22:46 -08:00
Kubernetes Prow Robot
1bfa1d4619
Merge pull request #98055 from qingsenLi/20210114
...
fix typo and decs in apiserver_etcd_test.go
2021-01-19 18:49:58 -08:00
Kubernetes Prow Robot
176c4c7916
Merge pull request #96823 from hasheddan/cleanup-cos-doc
...
Cleanup GCI / COS README.md
2021-01-19 17:07:59 -08:00
Kubernetes Prow Robot
9da11e294f
Merge pull request #97868 from mtaufen/pki-tmpfs
...
Mount /var/lib/kubelet/pki on tmpfs
2021-01-14 10:47:04 -08:00
10177505
deb509a068
fix typo and decs
2021-01-14 16:55:45 +08:00
rajibmitra
69aae7aa6c
Update cri-tools to v1.20.0
...
Signed-off-by: rajibmitra <rajib.jolite@gmail.com>
2021-01-12 19:02:51 +05:30
Michael Taufen
9f9e235b9d
Mount /var/lib/kubelet/pki on tmpfs
...
This helps avoid some rare instances of corrupt cert files
that cause Kubelet to crash-loop after node reboots, e.g.
if Kubelet opens the file during the shutdown but is unable
to write it.
2021-01-08 18:04:35 -08:00
Kubernetes Prow Robot
8b5aeeedb4
Merge pull request #97742 from benhxy/apiserver-cipher
...
Configure --tls-cipher-suites on kube-apiserver
2021-01-08 13:44:29 -08:00
Jian Zeng
8c1971e17c
chore(gce): pass auth flags to KCM and KS
...
Pass flags `--authentication-kubeconfig` and
`--authorization-kubeconfig` to controller-manager and scheduler,
so that we could grab metrics from their secure ports in tests.
2021-01-06 12:56:39 +08:00
Ben Hu
624b214481
Configure --tls-cipher-suites on kube-apiserver.
2021-01-06 00:31:39 +00:00
Sergey Kanzhelev
d78db9f161
configure docker on containerd nodes so it wouldn't reserver 172.17 subnet
2020-12-23 18:49:57 +00:00
David Xia
0756e54dfc
Fix typo in comment
2020-12-21 20:02:20 -05:00
Ben Hu
9581c40887
Revert "Use host IP instead of localhost for control plane component kubeconfig files."
...
This reverts commit 49afcfa5f2
.
2020-12-11 22:36:39 +00:00
Maciej Borsz
7f09d59215
Migrate etcd's livenessProbe to etcdctl endpoint health.
...
Change-Id: Ie19c844050c75e3d1c4b431d09ba0ac851c5317b
2020-12-11 12:43:02 +01:00
Kubernetes Prow Robot
ee8983705a
Merge pull request #96679 from stmcginnis/appspot-cleanup
...
Remove stale analytics links from docs
2020-12-10 23:17:22 -08:00
Kubernetes Prow Robot
cad9a8277d
Merge pull request #97127 from liggitt/revert-etcd-host-ip
...
Revert "iAdd host IP to etcd listen client URLs."
2020-12-08 22:01:52 -08:00
Kubernetes Prow Robot
d2e7abb153
Merge pull request #96839 from vinayakankugoyal/crp
...
Update configure-helper.sh to early exit from start-kube-scheduler if…
2020-12-08 20:03:51 -08:00
Kubernetes Prow Robot
56d7f138de
Merge pull request #96622 from vinayakankugoyal/groupfix
...
If the file already exists we need to grant group read permissions ex…
2020-12-08 17:29:59 -08:00
Jordan Liggitt
8820dc4522
Revert "iAdd host IP to etcd listen client URLs."
...
This reverts commit 8b4e164a78
.
2020-12-08 11:37:13 -05:00