github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4a8c245e6e
kubernetes/cluster
History
Kubernetes Submit Queue 55f887e9fb Merge pull request #47094 from cheftako/requestCAFile 
Automatic merge from submit-queue (batch tested with PRs 47000, 47188, 47094, 47323, 47124)

Set up proxy certs for Aggregator.

Working on fixing https://github.com/kubernetes/kubernetes/issues/43716.
This will create the necessary certificates.
On GCE is will upload those certificates to Metadata.
They are then pulled down on to the kube-apiserver.
They are written to the /etc/src/kubernetes/pki directory.
Finally they are loaded vi the appropriate command line flags.
The requestheader-client-ca-file can be seen by running the following:-
kubectl get ConfigMap extension-apiserver-authentication --namespace=kube-system -o yaml

**What this PR does / why we need it**: 
This PR creates a request header CA. It also creates a proxy client cert/key pair. 
It causes these files to end up on kube-apiserver and set the CLI flags so they are properly loaded.
Without it the customer either has to set them up themselves or re-use the master CA which is a security vulnerability.
Currently this creates everything on GCE.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #43716

**Special notes for your reviewer**:
2017-06-12 18:19:47 -07:00
..
addons Merge pull request #47188 from caseydavenport/calico-typha 2017-06-12 18:19:45 -07:00
aws hack/cluster: consolidate cluster/ utils to hack/lib/util.sh 2017-03-30 22:34:46 -05:00
centos Add Initializers to all admission control paths by default 2017-06-02 22:09:04 -04:00
gce Merge pull request #47094 from cheftako/requestCAFile 2017-06-12 18:19:47 -07:00
gke Plumb through the ENABLE_LEGACY_ABAC flag for GKE kube-up. 2017-05-30 17:18:45 -07:00
images Bump etcd base image to go1.7.6 2017-05-29 09:38:27 -07:00
juju Merge pull request #46987 from Cynerva/gkk/rm-initializers-before-1.7 2017-06-08 09:00:57 -07:00
kubemark Set up proxy certs for Aggregator. 2017-06-09 16:20:58 -07:00
lib hack/cluster: consolidate cluster/ utils to hack/lib/util.sh 2017-03-30 22:34:46 -05:00
libvirt-coreos Add Initializers to all admission control paths by default 2017-06-02 22:09:04 -04:00
local
openstack-heat Add Initializers to all admission control paths by default 2017-06-02 22:09:04 -04:00
photon-controller Add Initializers to all admission control paths by default 2017-06-02 22:09:04 -04:00
saltbase Merge pull request #46815 from timstclair/audit-config 2017-06-08 12:07:01 -07:00
skeleton
vagrant Add Initializers to all admission control paths by default 2017-06-02 22:09:04 -04:00
vsphere Update generated for 2017 2017-01-01 23:11:09 -08:00
windows Fixed the issue with log rotation 2016-12-12 11:08:41 -05:00
BUILD Replace git_repository with http_archive and use ixdy's fork of bazel tools for pkg_tar 2017-05-03 10:13:06 -07:00
clientbin.sh Refactor the common parts of cluster/kube{ctl,adm}.sh into a util script. 2017-01-26 21:29:49 -08:00
common.sh Set up proxy certs for Aggregator. 2017-06-09 16:20:58 -07:00
get-kube-binaries.sh Make get-kube.sh work properly the "ci/latest" pointer 2017-04-05 15:02:10 -07:00
get-kube-local.sh hack/cluster: map /run/xtables.lock into containerized kubelet filesystem 2017-05-05 23:34:06 -05:00
get-kube.sh Merge pull request #44062 from ixdy/semver-regexes 2017-05-01 12:54:44 -07:00
kube-down.sh Automatically download missing kube binaries in kube-up/kube-down. 2016-12-13 14:59:13 -08:00
kube-push.sh Automatically download missing kube binaries in kube-up/kube-down. 2016-12-13 14:59:13 -08:00
kube-up.sh Add KUBE_GCE_ENABLE_IP_ALIASES flag to the cluster turn up scripts. 2017-04-11 14:07:50 -07:00
kube-util.sh Add KUBE_GCE_ENABLE_IP_ALIASES flag to the cluster turn up scripts. 2017-04-11 14:07:50 -07:00
kubeadm.sh Refactor the common parts of cluster/kube{ctl,adm}.sh into a util script. 2017-01-26 21:29:49 -08:00
kubectl.sh Fix failing kubectl skew tests 2017-03-08 16:08:47 -03:00
log-dump.sh Switch gcloud compute copy-files to scp 2017-05-30 10:19:33 -07:00
options.md
OWNERS Updated top level owners file to match new format 2017-01-19 11:29:16 -08:00
README.md Update docs/ URLs to point to proper locations 2017-06-05 22:13:54 -07:00
restore-from-backup.sh Fix restore-from-backup.sh script 2017-03-21 11:58:13 +01:00
test-e2e.sh
test-network.sh
test-smoke.sh
update-storage-objects.sh Support storageclass storage upgrades to v1 2017-05-24 10:43:56 -04:00
validate-cluster.sh hack/cluster: consolidate cluster/ utils to hack/lib/util.sh 2017-03-30 22:34:46 -05:00

README.md

Cluster Configuration

Deprecation Notice: This directory has entered maintenance mode and will not be accepting new providers. Please submit new automation deployments to kube-deploy. Deployments in this directory will continue to be maintained and supported at their current level of support.

The scripts and data in this directory automate creation and configuration of a Kubernetes cluster, including networking, DNS, nodes, and master components.

See the getting-started guides for examples of how to use the scripts.

cloudprovider/config-default.sh contains a set of tweakable definitions/parameters for the cluster.

The heavy lifting of configuring the VMs is done by SaltStack.

Analytics