github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
121,390 Commits 1 Branch 31 Tags 1,019 MiB
fcd6c19c24
Commit Graph

1366 Commits

Author SHA1 Message Date
David Porter
304a040a17 cluster: use systemd cgroup driver for cgroupv2 
* Detect if image is using cgroupv2
* Configure both kubelet and containerd to use systemd cgroup driver
  when running under cgroupv2

Systemd cgroup driver is recommended to be used when running on
cgroupv2. It is also the default in moby
https://github.com/moby/moby/pull/40846

Signed-off-by: David Porter <david@porter.me>
 2022-07-18 16:06:30 -07:00
Kubernetes Prow Robot
8d5518d426
Merge pull request #109813 from saschagrunert/cri-tools 
Update cri-tools to v1.24.2
 2022-06-03 09:31:05 -07:00
Kubernetes Prow Robot
875d48b66b
Merge pull request #108195 from SergeyKanzhelev/unusedMetadataKeys 
there is no need for gci-docker-version and gci-ensure-gke-docker - t…
 2022-06-01 12:03:16 -07:00
Sergey Kanzhelev
6f5661f139 fix the registry configuration 2022-05-31 23:12:16 +00:00
Davanum Srinivas
50bea1dad8
Move from k8s.gcr.io to registry.k8s.io 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2022-05-31 10:16:53 -04:00
Sascha Grunert
882c460d2a
Update cri-tools to v1.24.2 
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2022-05-30 09:13:56 +02:00
Jordan Liggitt
a44192b955 Remove PodSecurityPolicy cluster config 2022-05-04 16:00:56 -04:00
Davanum Srinivas
f7ad09c447
Switch to pause 3.7 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2022-03-29 15:36:38 -04:00
Davanum Srinivas
bef0ddef86
kube-up: use registry.k8s.io for containerd-related jobs 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2022-03-23 11:30:49 -04:00
Jordan Liggitt
548c339867 Clean up unused exec auth from cluster setup 2022-03-19 10:47:38 -04:00
Davanum Srinivas
9a0bb97a34
add tags for KUBE_ADDON_REGISTRY when we load images locally 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2022-03-15 17:16:33 -04:00
Kubernetes Prow Robot
ad46b4f921
Merge pull request #108457 from ialidzhikov/cleanup/target-ram-mb 
apiserver: Remove the deprecated `--target-ram-mb` flag
 2022-03-07 02:38:53 -08:00
Davanum Srinivas
7b5c718946
explicitly specify journald config 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2022-03-06 18:48:35 -05:00
Davanum Srinivas
91ade9f318
Switch pv-recycler container image to debian-base 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2022-03-03 13:37:17 -05:00
ialidzhikov
bdbc750129 apiserver: Remove the deprecated --target-ram-mb flag 
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>
 2022-03-02 18:52:46 +02:00
Davanum Srinivas
abdcbb8235
Enable specifying pause image in containerd config.toml 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2022-03-02 11:51:06 -05:00
Davanum Srinivas
08af9935a5
fix broken find command 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2022-03-01 22:54:31 -05:00
Kubernetes Prow Robot
344bf270ee
Merge pull request #108034 from tstapler/critools_arm_configuresh 
Add crit-tools arm64 sha512 hash to configure.sh
 2022-02-17 17:20:41 -08:00
Tyler Stapler
01b8d59430 Rework npd default hash selection to match crictl 
Change-Id: I63e0837e62c4c8fa5d8371dcb1390d2d3e672e0c
 2022-02-17 22:43:16 +00:00
Sergey Kanzhelev
0e5dffc1fc there is no need for gci-docker-version and gci-ensure-gke-docker - those are not used by COS or any of scripts 
Change-Id: I317c95d8fd2f51598cfa3e710380552d8fc07d2d
 2022-02-17 19:00:22 +00:00
Sergey Kanzhelev
19a01fa8c6 remove docker installation from everywhere 2022-02-17 08:02:13 +00:00
Tyler Stapler
9288c190f9 Add crit-tools arm64 sha512 hash to configure.sh 
Change-Id: I2a06fb6ded78a755b71ce75a07fd1d9ad29f310c
 2022-02-15 18:00:51 +00:00
David Porter
3281504a50 cluster/ - Configure containerd only if necessary 
PR #107663 changed the startup logic to always call `SetupContainerd`
which will generate a new containerd `/etc/containerd/config.toml` file.

This is not always desired since some jobs install containerd from
source and the containerd startup scripts
(https://github.com/containerd/containerd/blob/main/contrib/gce/configure.sh)
are responsible for generating the `/etc/containerd/config.toml` file.
By always calling `SetupContainerd`, the containerd configuration by
containerd's `configure.sh` will be overridden which breaks certain test
jobs, see https://github.com/kubernetes/kubernetes/issues/107830.

To fix this issue, only call `SetupContainerd` if
`/etc/profile.d/containerd_env.sh` does not exist. When containerd
`configure.sh` script will run, `/etc/profile.d/containerd_env.sh` will
be written, and as a result the k8s setup scripts should avoid
overriding the containerd configuration.

Signed-off-by: David Porter <david@porter.me>
 2022-02-10 14:24:14 -08:00
Kubernetes Prow Robot
a3207872a3
Merge pull request #107481 from shu-mutou/deprecate-dashboard-addon 
Remove dashboard cluster addon
 2022-02-10 05:35:48 -08:00
Kubernetes Prow Robot
7bffb3b2ca
Merge pull request #106241 from jdnurme/cloud-provider-env-var 
Added env variable for cloud-provider
 2022-02-07 20:40:53 -08:00
Aditi Sharma
a251acdfc7 Source containerd env for repo installation 
Signed-off-by: Aditi Sharma <adi.sky17@gmail.com>
 2022-01-31 09:29:46 +05:30
Ciprian Hacman
d01e9cedb1 Clean up logic for deprecated flag --container-runtime in scripts 
Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
 2022-01-20 11:19:08 +02:00
Kubernetes Prow Robot
feb758027c
Merge pull request #106907 from cyclinder/remove_dockershim_flags 
Clean up dockershim flags in the kubelet
 2022-01-18 09:09:09 -08:00
Shu Muto
676972235a Remove dashboard from cluster scripts 2022-01-18 14:48:49 +09:00
Sascha Grunert
f7f0f4b901
Update cri-tools to v1.23.0 
Files promoted to `k8s-artifacts-cri-tools`:
https://console.cloud.google.com/storage/browser/k8s-artifacts-cri-tools/release/v1.23.0

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2022-01-17 15:02:53 +01:00
cyclinder
07999dac70 Clean up dockershim flags in the kubelet 
Signed-off-by: cyclinder <qifeng.guo@daocloud.io>
Co-authored-by: Ciprian Hacman <ciprian@hakman.dev>
Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
 2022-01-14 16:02:50 +02:00
Jordan Liggitt
5d9b7ae9e5 Remove fluentd-elasticsearch addon 2022-01-14 08:23:51 -05:00
Kubernetes Prow Robot
6b399153ba
Merge pull request #107502 from zshihang/metadata 
limit the scope of 169.254.169.252/32 to host
 2022-01-13 15:54:27 -08:00
Kubernetes Prow Robot
3bd422dc76
Merge pull request #107293 from dims/jan-1-owners-cleanup 
Cleanup OWNERS files - Jan 2021 Week 1
 2022-01-13 10:30:30 -08:00
Shihang Zhang
17c2be0667 limit the scope of 169.254.169.252/32 to host 2022-01-12 10:36:59 -08:00
Kubernetes Prow Robot
5d950ceee4
Merge pull request #104669 from arekkusu/patch-3 
Update GKE kubernetes sources download link
 2022-01-10 14:36:25 -08:00
Davanum Srinivas
9682b7248f
OWNERS cleanup - Jan 2021 Week 1 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2022-01-10 08:14:29 -05:00
JD Nurme
30fabbc0cb updated flag name 2022-01-06 19:51:17 +00:00
Kubernetes Prow Robot
b90b2d963d
Merge pull request #103078 from pacoxu/api-audiences 
kube-apiserver: use --api-audiences as --service-account-api-audiences is deprecated
 2022-01-05 12:49:47 -08:00
Kubernetes Prow Robot
4d4d57fcf0
Merge pull request #106340 from SergeyKanzhelev/removeCriCtlTar 
remove crictl tar
 2022-01-04 13:06:34 -08:00
Jian Zeng
fe448785b5 fix: remove insecure flag from configure-kubeapiserver.sh 
Signed-off-by: Jian Zeng <anonymousknight96@gmail.com>
 2021-12-09 15:06:52 +08:00
Sergey Kanzhelev
f059c3580c remove crictl tar 2021-11-11 06:12:30 +00:00
Mike Danese
384e9cec1b don't expand $(ls -A /scrub) in PV_RECYCLER_TEMPLATE 
Before we write the template.
 2021-11-10 11:14:45 -08:00
JD Nurme
4a9703a219 Added env variable for cloud-provider 2021-11-09 00:45:34 +00:00
Walter Fender
35737ff810 Switched ANP w/ grpc to not use destHost strategy. 
Factored in feedback from caesarxuchao
 2021-11-05 11:56:56 -07:00
Walter Fender
f7185b0be1 Add mTLS as default HTTPConnect egress configuration for GCP. 
We currently have UDS as the configuration with GRPC.
Some users are setting up egress to remote konnectivity servers.
Cannot use UDS for this configuration.
Should have a config setup which validates the mTLS configuration.

Fixed lint errors from shell check.
Fix volumes to not include pki for ANP in grpc mode.
 2021-11-05 11:39:39 -07:00
Kubernetes Prow Robot
2f21cff49d
Merge pull request #106018 from ahrtr/replace_ioutil_with_io_os_cluster_gce_gci 
Replace ioutil with io and os for cluster/gce/gci
 2021-11-04 03:08:03 -07:00
ahrtr
45428d887d replace ioutil with io and os for cluster/gce/gci 2021-10-30 14:23:50 +08:00
Sergey Kanzhelev
c703725592 return value is taken from if statement instead of the function call 2021-10-26 00:11:55 +00:00
Abu Kashem
a748fdc677
apiserver: refactor PolicyRuleEvaluator to return a struct 2021-09-24 08:08:32 -04:00
Paco Xu
a48a2efbd4
remove deprecated validEgressSelectorNames 'master' (#102242) 
* remove deprecated validEgressSelectorNames 'master'

Signed-off-by: pacoxu <paco.xu@daocloud.io>

* update gce configure: replace deprecated egress name 'master' with 'controlplane'

Signed-off-by: pacoxu <paco.xu@daocloud.io>

* add dup error for EgressSelection & fix converting alpha/beta to v1 name
 2021-09-16 07:09:46 -07:00
Kubernetes Prow Robot
7363da7ca7
Merge pull request #101318 from eltociear/patch-5 
Fix typo in gci/README.md
 2021-09-03 02:45:49 -07:00
Alex
bea25d8024
Update GKE kubernetes sources download link 
Fix non-working link provided on MOTD to download GKE source release.
Now point to correct location, confirmed same file as provided in "/home/kubernetes/kubernetes-src.tar.gz"
 2021-08-31 10:31:23 +09:00
Kubernetes Prow Robot
08eaea4590
Merge pull request #104350 from tkashem/audit-policy-refactor 
refactor: rename audit Checker interface
 2021-08-19 01:41:24 -07:00
Sascha Grunert
6a6e24702c
Update cri-tools to v1.22.0 
This patch updates crictl to the latest available release.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2021-08-18 10:15:15 +02:00
Abu Kashem
27f1503514
rename audit Checker interface 2021-08-12 17:42:41 -04:00
Kubernetes Prow Robot
bfcc756f09
Merge pull request #103963 from mcshooter/update-npd-089 
update node-problem-detector v0.8.9
 2021-08-05 19:45:05 -07:00
Sergey Kanzhelev
ddaa06abee
Propose myself as a reviewer for cluster/gce/gci 2021-08-05 14:24:35 -07:00
Kubernetes Prow Robot
1d693cd832
Merge pull request #104109 from caesarxuchao/keepalive 
add a keepalive time to the konnectivity server
 2021-08-05 06:09:46 -07:00
Kubernetes Prow Robot
04c7fe8256
Merge pull request #103627 from liu-cong/latency 
Add structured logging for more steps
 2021-08-04 22:11:07 -07:00
Kubernetes Prow Robot
f886190b48
Merge pull request #103436 from loburm/config_kube_proxy 
Make cpu request of kube proxy configurable by env variable.
 2021-08-04 19:00:40 -07:00
Kubernetes Prow Robot
ce5dbd2095
Merge pull request #103376 from mattcary/sunrpc 
Drop end of sunrpc port range to avoid port conflicts.
 2021-08-04 19:00:32 -07:00
Kubernetes Prow Robot
9c5cefb230
Merge pull request #101781 from ptabor/20210506-retry-dns-resolve 
Retry hostname->IP: [Errno -2] Name or service not known
 2021-08-04 18:59:27 -07:00
vteratipally
5d84ffa6c2
Update configure-helper.sh 2021-08-04 14:36:16 -07:00
vteratipally
b0039559dd
Update configure-helper.sh 2021-08-04 13:19:00 -07:00
Chao Xu
572a24d854 add a keepalive time to the konnectivity server 2021-08-04 12:48:32 -07:00
vteratipally
0376c58c44
Update configure-helper.sh 
add live-restore true by default.
 2021-08-04 12:09:10 -07:00
Michelle Tandya
4606ebe423 update node-problem-detector v0.8.9 2021-07-28 01:02:56 +00:00
Julie Qi
2a4a1c1d00 disable aufs module 2021-07-21 23:25:19 -07:00
Matthew Cary
60d446fe3d Drop end of sunrpc port range to avoid port conflicts. 
Change-Id: I1561fe447f50d9ac835094b3cceba62ea74dfd81
 2021-07-13 18:38:40 +00:00
Cong Liu
6c87c22277 Add structured logging for more steps 2021-07-09 15:35:44 -07:00
Kubernetes Prow Robot
5e3bed6399
Merge pull request #101433 from SergeyKanzhelev/patch-1 
Make the service account error more apparent
 2021-07-05 03:23:13 -07:00
Marian Lobur
5d80d6e7c3 Make cpu request of kube proxy configurable by env variable. 2021-07-02 16:00:56 +02:00
Piotr Tabor
de442ef860 Retry hostname->IP: [Errno -2] Name or service not known 
During cluster configuration, the hostname is getting resolved to IP,
as etcd requires IP address as listening address.

Due to connectivity flakes or delayed network inititalization, sometimes
the IP fails to be resolved to a name with following error:
```
[Errno -2] Name or service not known
```
that leads to attempt to run etcd with empty flag.

The PR adds a proper retry (up to 5 minutes) in case the connectivity
problems happens.

I considered alternatives like: `getent hosts foo`, but unfortunetelly thay
can return IPv6 that etcd is not ready for (yet).
 2021-07-01 12:20:07 +02:00
Sergey Kanzhelev
210c610d66 make sure to split NPD hashes by architecture when upgrading to 0.8.9 2021-07-01 08:12:35 +00:00
pacoxu
ffdf3f5007 update node-problem-detector npd to v0.8.8 
Signed-off-by: pacoxu <paco.xu@daocloud.io>
Co-Authored-By: vteratipally <vteratipally@users.noreply.github.com>
 2021-06-29 09:35:32 +08:00
pacoxu
f05f30943d kube-apiserver in gce: use --api-audiences as --service-account-api-audiences is deprecated 
Signed-off-by: pacoxu <paco.xu@daocloud.io>
 2021-06-22 11:09:46 +08:00
Vinayak Goyal
774d228637 remove the path if it exists before writing pki data. 
if setfacl is called before chmod g+r at anypoint during the lifetime of
the cluster then the default group does not have read permissions on the
file. so we explicitly grant the default group read permissions. See
https://gist.github.com/mmdriley/85ca34f711acbec4b1b94902add488e5 for a
repro.
 2021-06-18 11:03:37 -07:00
Joseph Anttila Hall
9d514b2de4 Konnectivity: tune flags for larger clusters (5k nodes). 2021-06-10 14:05:44 -07:00
Kubernetes Prow Robot
9d27400fe2
Merge pull request #102040 from njuptlzf/fix_conversion 
Fix auditing failed of request: encoding failed
 2021-06-05 19:58:38 -07:00
njuptlzf
7b0fbb7292 add audit log test cases for cross-group subresource 2021-06-06 09:52:05 +08:00
Kubernetes Prow Robot
74af3b712d
Merge pull request #102297 from deads2k/ssh-tunnels 
remove --ssh- options, deprecated 13 releases, that only work on GCE
 2021-06-05 10:40:50 -07:00
Marek Siarkowicz
4ebc0c94a4 Remove legacy metrics client from podautoscaler 2021-06-04 23:06:32 +02:00
David Eads
ae603a38bc remove -ssh-user from cluster scripts for GCE 2021-06-03 17:53:09 -04:00
Kubernetes Prow Robot
bc8acbc43e
Merge pull request #102328 from lentzi90/update-cni-plugins 
Update CNI plugins v0.9.1
 2021-05-28 10:16:46 -07:00
Kubernetes Prow Robot
d541872f9a
Merge pull request #102239 from Haleygo/clean-up-AlgorithmProvider-flag-and-pkg 
clean up algorithmprovider pkg and remove scheduler deprecated algorithm-provider flag
 2021-05-27 00:54:23 -07:00
Lennart Jern
507710b50f
Update CNI plugins v0.9.1 
ref: https://github.com/containernetworking/plugins/releases/tag/v0.9.1
Signed-off-by: Lennart Jern <lennart.jern@est.tech>
 2021-05-26 11:02:04 +03:00
Haleygo
2769e99dba remove scheduler deprecated algorithm-provider flag and clean up algorithmprovider pkg 2021-05-26 13:19:44 +08:00
Kubernetes Prow Robot
06d44d2f42
Merge pull request #101168 from mikedanese/warning 
add a warning about the filter table
 2021-05-24 21:48:40 -07:00
Kubernetes Prow Robot
77937b1e8e
Merge pull request #101628 from bobbypage/addon-termination-handler 
Remove node termination handler addon
 2021-05-24 11:31:39 -07:00
Kubernetes Prow Robot
e8cf412e5e
Merge pull request #101881 from vinayakankugoyal/konnectivity 
Update konnectivity network proxy server to run as non-root, by defau…
 2021-05-13 23:16:04 -07:00
Sergey Kanzhelev
72fe1b722c Make the service account error more apparent 2021-05-14 04:39:24 +00:00
Vinayak Goyal
b951b9349f Update konnectivity network proxy server to run as non-root, by default in kube-up. 2021-05-13 12:35:34 -07:00
Avritt Rohwer
0a5a697882 Fix bug in retry-forever usage. 
- Push retry-forever wrapping to curl invocations.
- Collect curl retry flags into a single variable.
- Remove 'sudo: false' in master.yaml, is unnecessary and breaks older
  cloud-init versions.
- Change log-error status reason to be more accurate.
- Fix the some 'python' invocations to 'python3'.
 2021-05-12 09:22:20 -07:00
Kubernetes Prow Robot
ca0c04e4d3
Merge pull request #101164 from vinayakankugoyal/apiservernonroot 
Run control-plane as non root in kube-up.
 2021-05-06 17:33:14 -07:00
Kubernetes Prow Robot
1f3fd1cb80
Merge pull request #101751 from vinayakankugoyal/sshproxy 
Recursive chown the /etc/srv/sshproxy if kube-apiserver is running as…
 2021-05-06 15:15:51 -07:00
Kubernetes Prow Robot
8955f55fcf
Merge pull request #101678 from vinayakankugoyal/goodbye-basicauth 
Remove remnants of basic auth from cluster bootstrap.
 2021-05-06 14:14:14 -07:00
Vinayak Goyal
6aa495ddc6 Revert - Recursive chown the /etc/srv/sshproxy if kube-apiserver is running as non root. This way if a key already exists we will be able to read it. 2021-05-06 14:02:53 -07:00
Vinayak Goyal
487583bd0a Recursive chown the /etc/srv/sshproxy if kube-apiserver is running as non root. This way if a key already exists we will be able to read it. 2021-05-05 15:23:04 -07:00
Vinayak Goyal
406ceae991 Recursive chown the /etc/srv/sshproxy if kube-apiserver is running as non root. This way if a key already exists we will be able to read it. 2021-05-05 14:49:59 -07:00