github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
a82b8f1094547d454b8075c0930fe2efa990af25
kubernetes/cluster
History
Kubernetes Submit Queue c0a3d26746 Merge pull request #46750 from cjcullen/grabbag 
Automatic merge from submit-queue

Remove e2e-rbac-bindings.

Replace todo-grabbag binding w/ more specific heapster roles/bindings.
Move kubelet binding.

**What this PR does / why we need it**:
The "e2e-rbac-bindings" held 2 leftovers from the 1.6 RBAC rollout process:
 - One is the "kubelet-binding" which grants the "system:node" role to kubelet. This is needed until we enable the node authorizer. I moved this to the folder w/ some other kubelet related bindings.
 - The other is the "todo-remove-grabbag-cluster-admin" binding, which grants the cluster-admin role to the default service account in the kube-system namespace. This appears to only be required for heapster. Heapster will instead use a "heapster" service account, bound to a "system:heapster" role on the cluster (no write perms), and a "system:pod-nanny" role in the kube-system namespace.

**Which issue this PR fixes**: Addresses part of #39990

**Release Note**: 
```release-note
New and upgraded 1.7 GCE/GKE clusters no longer have an RBAC ClusterRoleBinding that grants the `cluster-admin` ClusterRole to the `default` service account in the `kube-system` namespace.
If this permission is still desired, run the following command to explicitly grant it, either before or after upgrading to 1.7:
    kubectl create clusterrolebinding kube-system-default --serviceaccount=kube-system:default --clusterrole=cluster-admin
```
2017-06-09 13:06:30 -07:00
..
addons
Merge pull request #46750 from cjcullen/grabbag
2017-06-09 13:06:30 -07:00
aws
hack/cluster: consolidate cluster/ utils to hack/lib/util.sh
2017-03-30 22:34:46 -05:00
centos
Add Initializers to all admission control paths by default
2017-06-02 22:09:04 -04:00
gce
Merge pull request #46750 from cjcullen/grabbag
2017-06-09 13:06:30 -07:00
gke
Plumb through the ENABLE_LEGACY_ABAC flag for GKE kube-up.
2017-05-30 17:18:45 -07:00
images
Bump etcd base image to go1.7.6
2017-05-29 09:38:27 -07:00
juju
Merge pull request #46987 from Cynerva/gkk/rm-initializers-before-1.7
2017-06-08 09:00:57 -07:00
kubemark
Enable DefaultTolerationSeconds and PodPreset admission plugins for kubemark
2017-06-04 19:52:57 +02:00
lib
hack/cluster: consolidate cluster/ utils to hack/lib/util.sh
2017-03-30 22:34:46 -05:00
libvirt-coreos
Add Initializers to all admission control paths by default
2017-06-02 22:09:04 -04:00
local
Merge pull request #28469 from asalkeld/local-e2e
2016-09-11 05:44:47 -07:00
openstack-heat
Add Initializers to all admission control paths by default
2017-06-02 22:09:04 -04:00
photon-controller
Add Initializers to all admission control paths by default
2017-06-02 22:09:04 -04:00
saltbase
Merge pull request #46815 from timstclair/audit-config
2017-06-08 12:07:01 -07:00
skeleton
vagrant
Add Initializers to all admission control paths by default
2017-06-02 22:09:04 -04:00
vsphere
Update generated for 2017
2017-01-01 23:11:09 -08:00
windows
Fixed the issue with log rotation
2016-12-12 11:08:41 -05:00
BUILD
Replace git_repository with http_archive and use ixdy's fork of bazel tools for pkg_tar
2017-05-03 10:13:06 -07:00
clientbin.sh
Refactor the common parts of cluster/kube{ctl,adm}.sh into a util script.
2017-01-26 21:29:49 -08:00
common.sh
Add GCE configuration parameter for webhook audit logging
2017-06-06 10:56:19 -07:00
get-kube-binaries.sh
Make get-kube.sh work properly the "ci/latest" pointer
2017-04-05 15:02:10 -07:00
get-kube-local.sh
hack/cluster: map /run/xtables.lock into containerized kubelet filesystem
2017-05-05 23:34:06 -05:00
get-kube.sh
Merge pull request #44062 from ixdy/semver-regexes
2017-05-01 12:54:44 -07:00
kube-down.sh
Automatically download missing kube binaries in kube-up/kube-down.
2016-12-13 14:59:13 -08:00
kube-push.sh
Automatically download missing kube binaries in kube-up/kube-down.
2016-12-13 14:59:13 -08:00
kube-up.sh
Add KUBE_GCE_ENABLE_IP_ALIASES flag to the cluster turn up scripts.
2017-04-11 14:07:50 -07:00
kube-util.sh
Add KUBE_GCE_ENABLE_IP_ALIASES flag to the cluster turn up scripts.
2017-04-11 14:07:50 -07:00
kubeadm.sh
Refactor the common parts of cluster/kube{ctl,adm}.sh into a util script.
2017-01-26 21:29:49 -08:00
kubectl.sh
Fix failing kubectl skew tests
2017-03-08 16:08:47 -03:00
log-dump.sh
Switch gcloud compute copy-files to scp
2017-05-30 10:19:33 -07:00
options.md
OWNERS
Updated top level owners file to match new format
2017-01-19 11:29:16 -08:00
README.md
Update docs/ URLs to point to proper locations
2017-06-05 22:13:54 -07:00
restore-from-backup.sh
Fix restore-from-backup.sh script
2017-03-21 11:58:13 +01:00
test-e2e.sh
test-network.sh
test-smoke.sh
update-storage-objects.sh
Support storageclass storage upgrades to v1
2017-05-24 10:43:56 -04:00
validate-cluster.sh
hack/cluster: consolidate cluster/ utils to hack/lib/util.sh
2017-03-30 22:34:46 -05:00

README.md

Cluster Configuration

Deprecation Notice: This directory has entered maintenance mode and will not be accepting new providers. Please submit new automation deployments to kube-deploy. Deployments in this directory will continue to be maintained and supported at their current level of support.

The scripts and data in this directory automate creation and configuration of a Kubernetes cluster, including networking, DNS, nodes, and master components.

See the getting-started guides for examples of how to use the scripts.

cloudprovider/config-default.sh contains a set of tweakable definitions/parameters for the cluster.

The heavy lifting of configuring the VMs is done by SaltStack.

Analytics