Files

Kubernetes Submit Queue 3b9eb1a875 Merge pull request #43876 from caesarxuchao/blockOwnerDeletion-admission

Automatic merge from submit-queue (batch tested with PRs 44440, 44038, 44302, 44316, 43876)

Extend the gc admission plugin to check ownerReference.blockOwnerDeletion

#Extend the gc admission plugin to prevent user who doesn't have delete permission of the *owner* from changing blockOwnerDeletion field of existing ownerReferences, or adding ownerReference with blockOwnerDeletion=true.

The plugin need a RESTMapper to translate ownerRef.Kind to Resource. It should be using a dynamic one. However, as discussed in https://github.com/kubernetes/kubernetes/pull/42615, such a RESTMapper will be built after watchable discovery API is implemented, so in this PR the plugin is using the `api.Registry.RESTMapper()`, which is also [used](https://github.com/kubernetes/kubernetes/blob/master/cmd/kube-controller-manager/app/core.go#L165-L166) by the garbage collector currently.

```release-note
Extending the gc admission plugin so that a user who doesn't have delete permission of the *owner* cannot modify blockOwnerDeletion field of existing ownerReferences, or add new ownerReference with blockOwnerDeletion=true
```

cc @lavalamp

2017-04-13 23:18:06 -07:00

apis

Remove vestiges of defaulting from conversion path, switch to top-level default registration only

2017-04-12 13:36:15 -04:00

client

Update client

2017-02-28 15:34:34 +01:00

cluster

Merge pull request #42748 from dcbw/cfssl-localup

2017-04-10 14:27:11 -07:00

cmd

add gc admission plugin that prevents user who doesn't have delete permission of the owner from setting blockOwnerDeletion

2017-04-13 11:55:22 -07:00

deploy

Update charts image version.

2016-10-12 00:15:01 -07:00

develop

Move push-federation-images.sh to federation and implement similar functionality in jenkins build directory for presubmits.

2017-02-27 17:54:37 -08:00

docs/api-reference

add singular resource names to discovery

2017-03-21 11:04:08 -04:00

manifests

Release 3.0.17 etcd image

2017-02-27 16:23:44 +01:00

pkg

Merge pull request #43297 from mvdan/kubectl-params

2017-04-13 04:07:21 -07:00

registry/cluster

Updating the registry to return whether the resource was immediately deleted

2017-02-21 11:00:35 -08:00

BUILD

fed: Add integration test for secrets

2017-03-30 12:58:39 -07:00

Makefile

Separate the build recipe in federation Makefile into separate phases.

2016-08-29 14:16:39 -07:00

OWNERS

fed: Add marun as reviewer

2017-02-09 09:50:57 -08:00

README.md

Fix doc links in Federation readme

2016-11-07 11:31:08 +00:00

README.md

Cluster Federation

Kubernetes Cluster Federation enables users to federate multiple Kubernetes clusters. Please see the user guide and the admin guide for more details about setting up and using the Cluster Federation.

Building Kubernetes Cluster Federation

Please see the Kubernetes Development Guide for initial setup. Once you have the development environment setup as explained in that guide, you also need to install jq

Building cluster federation artifacts should be as simple as running:

make build

You can specify the docker registry to tag the image using the KUBE_REGISTRY environment variable. Please make sure that you use the same value in all the subsequent commands.

To push the built docker images to the registry, run:

make push

To initialize the deployment run:

(This pulls the installer images)

make init

To deploy the clusters and install the federation components, edit the ${KUBE_ROOT}/_output/federation/config.json file to describe your clusters and run:

make deploy

To turn down the federation components and tear down the clusters run:

make destroy

Ideas for improvement

Continue with destroy phase even in the face of errors.

The bash script sets set -e errexit which causes the script to exit at the very first error. This should be the default mode for deploying components but not for destroying/cleanup.