kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,281 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

813 Commits

Author SHA1 Message Date
Ciprian Hacman 2852c4c657 Update the Docker license 2020-03-15 09:51:03 +02:00
Ciprian Hacman 360a117e02 Add config option for Docker "health-check" 2020-03-15 09:51:03 +02:00
Ciprian Hacman 507230fe75 Move Docker "health-check" to DockerBuilder 2020-03-15 09:47:47 +02:00
Kubernetes Prow Robot 0a6dcce580
Merge pull request #8525 from hakman/docker-tgz 
Update support for docker tgz package
 2020-03-14 16:40:35 -07:00
Kubernetes Prow Robot e6803d078d
Merge pull request #8312 from simonmacklin/add_cloud_ntp_addresses 
Add cloud ntp addresses
 2020-03-14 14:12:34 -07:00
Kubernetes Prow Robot 1400528fed
Merge pull request #8727 from hakman/ubuntu-focal 
Add support for Ubuntu 20.04 (Focal)
 2020-03-11 09:29:37 -07:00
Ciprian Hacman 17bb98b7d7 Add support for Ubuntu 20.04 (Focal) 2020-03-11 06:49:02 +02:00
Peter Rifel a999b3ea61 fix OWNERS labels format 
These need to be lists
 2020-03-10 22:47:50 -05:00
Kubernetes Prow Robot db435ee7cd
Merge pull request #8717 from rifelpet/owners-labels 
Add labels to OWNERS files
 2020-03-10 08:23:51 -07:00
Peter Rifel 237a125f2c Add labels to OWNERS files 
This will automatically label PRs that touch these directories.

This makes it easier to query GitHub for PRs that affect certain areas of the code.

I mostly used existing labels but created some new ones as well.
 2020-03-10 08:35:58 -05:00
Odin Ugedal 56e5aa8416
Fix overflow error when comparing with BPF_FS_MAGIC 
0xCAFE4A11 is bigger than the max of int32, so doing int32(uint32(0xCAFE4A11))
(will not compile directly unless done over two lines) will result in 0x-3501b5ef.

For linux/amd64 "fsdata.Type" is an int64, while on darwin/amd64 it is
an uint32. This code is however not supposed to be compiled for darwin,
since it is linux spesific.

Due to some strange errors[0] in the types in "unix.Statfs_t" for 32 bits
systems on linux, we have to explicitly convert to uint to support those (eg.
armv7). If we only need support for 64 bit systems, we can remove the
uint conversion.

[0]: For 32bits systems "fsdata.Type" should be uint32 instead of the
current int32, as it is in the linux kernel. This is due to the types in
glibc that the go types are generated from. For 64 bit systems the type
is correctly set to int64.
 2020-03-07 10:28:04 +01:00
Ciprian Hacman a57aba01bf Update support for docker tgz package 2020-03-07 08:20:39 +02:00
Kubernetes Prow Robot 116ec23d47
Merge pull request #8599 from olemarkus/cilium-fix-bpffs-check 
Cilium fix bpffs check
 2020-02-22 11:14:47 -08:00
Ole Markus With bcafdca7da Various nits 2020-02-22 19:39:34 +01:00
Ole Markus With 7c84e7d962 Return error if statfs fails 2020-02-22 12:54:53 +01:00
John Gardiner Myers 3e95a88717 Fix Test_KubeAPIServer_Builder to use a supported version of Kubernetes 2020-02-21 22:46:36 -08:00
John Gardiner Myers 704f41dbf1 Use supported kubernetes versions in tests 2020-02-21 22:24:29 -08:00
Ole Markus With f2f29d92d6 Properly detect that bpffs has been mounted 2020-02-21 21:52:35 +01:00
Ole Markus With ced8f00201 Add option to use ENI as IPAM mode for Cilium 
* Force cilium-operator run on master nodes
* Add option for setting cilium ipam mode
* If cilium ipam mode is eni, add additional permissions to master nodes
* Allow NonMasqueradeCIDR overlap with NetworkCIDR when Cilium ENI is enabled
 2020-02-16 19:11:01 +01:00
Kubernetes Prow Robot 13b4e05679
Merge pull request #8461 from justinsb/use_bindmount_for_home_kubernetes_bin 
Use BindMount task for /home/kubernetes/bin
 2020-02-07 07:45:45 -08:00
Justin SB 761cdfbd47
Use BindMount task for /home/kubernetes/bin 
Without this, a reboot on COS does not remount /home/kubernetes/bin with exec permission.
 2020-02-07 06:01:07 -05:00
Ciprian Hacman 7048755c0e Add support for containerd v1.3.3 2020-02-07 08:01:09 +02:00
Justin SB 0cb35638f2
Stop logging to /var/log/kops-controller.log 
Writing to a hostPath from a non-root container requires file
ownership changes, which is difficult to roll out today.  See
discussion in #8454

We were primarily using the logfile for e2e diagnostics, so we're
going to look into collecting the information via other means instead.

We also haven't yet shipped this logfile in a released version (though
we have shipped it in beta releases)
 2020-02-04 06:41:25 -05:00
Peter Rifel 1df957e354 Update godoc.org references to use pkg.go.dev 2020-02-01 11:11:42 -06:00
Roberto Rodriguez Alcala 504ac7545a Fixes regression in e2e tests 2020-01-28 22:26:38 -08:00
Ciprian Hacman 5f930683ed Update support for Amazon Linux 2 2020-01-28 08:13:45 +02:00
Kubernetes Prow Robot ace4c60610
Merge pull request #8407 from rralcala/master 
Support additional kube-scheduler config parameters via config file
 2020-01-27 13:11:39 -08:00
Roberto Rodriguez Alcala 03af6b80b5 Adds test and fixes incorrect flag 2020-01-27 11:46:12 -08:00
Kubernetes Prow Robot 82b3bd5a0f
Merge pull request #8199 from hakman/containerd-tgz 
containerd: Add support for tar.gz package
 2020-01-26 22:53:02 -08:00
Roberto Rodriguez Alcala 1298d541cc Updates based on feedback 2020-01-25 12:32:40 -08:00
Roberto Rodriguez Alcala 447b46d109 Fix for copyright and ran update-bazel.sh 2020-01-23 20:11:41 -08:00
Roberto Rodriguez Alcala 7a017396ba Fixes incorrect tag name and copyright year 2020-01-23 19:58:45 -08:00
Roberto Rodriguez Alcala a9f3db63fc Support additional kube-scheduler config parameters via config file 
Mentioned in #6942

This change allows using the --config flag and a generated configfile to set
options that were not previously supported and the use via flags is deprecated.
(https://kubernetes.io/docs/reference/command-line-tools-reference/kube-scheduler/)

I thought that it might be better to have them in a config file to ensure
support in newer kubernetes versions.

It also makes it easy to add more.
 2020-01-23 19:13:31 -08:00
vvbogdanov87 b654bc923f Fix scheduler policy configmap args 2020-01-21 11:59:22 +08:00
Xiaoyu Zhong afc54224aa Fix net.bridge setting for Flannel on CentOS 7 2020-01-20 16:55:42 +08:00
Justin SB 1d58f16d29
Fix & test docker package versions as well as hashes 
Extend the existing "unit" test to check package versions, because
some of the docker packages now have a '5:' prefix.

Also correct the package versions that didn't have the prefix.
 2020-01-17 09:30:02 -05:00
Kubernetes Prow Robot c82c62edab
Merge pull request #8354 from justinsb/cos_make_opt_cni_writeable 
Make /opt/cni/bin writeable on COS
 2020-01-16 21:14:55 -08:00
Justin SB 3deecb2435
Make /opt/cni/bin writeable on COS 
Using the same approach we're doing for /opt/kops
 2020-01-16 12:36:22 -05:00
Ciprian Hacman 162761cd64 Fix DNS loop on Ubuntu 18.04 (Bionic) 2020-01-16 18:25:19 +02:00
Kubernetes Prow Robot 77d6d381c3
Merge pull request #8327 from johngmyers/remove-code 
Remove code for unsupported Kubernetes versions
 2020-01-15 14:54:22 -08:00
simonmacklin 2b04d7d111
Update nodeup/pkg/model/ntp.go 
updated to non group capturing

Co-Authored-By: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-01-15 10:37:39 +00:00
Simon Macklin 29223a3cf1 adjusted regex 2020-01-14 23:02:36 +00:00
Simon Macklin 402359d57f updated case to use the const 2020-01-13 10:32:21 +00:00
Simon Macklin 2f0c33fd4e first initial commit 
added replace method

added cloud ips

updated the func params

removed whitespace at gce address

removed sample ntp.conf

removed whitespace from gce ntp address

created const var ntp type

added a period at the end of the func comment and used the const vars on the case statement.  Will finish sometime this weekend

unexported func and const type

trying to fix git email config issue

changed func param
 2020-01-13 10:05:21 +00:00
John Gardiner Myers 6e9dc8fc0f Remove code for unsupported k8s versions from nodeup 2020-01-12 19:30:34 -08:00
Ciprian Hacman 2a6aeaff7c Add support for containerd tar.gz package 2020-01-12 06:53:39 +02:00
Justin SB a0c16c9abe Use /opt/cni/bin on all distros 
We used to remap the cni-bin to /home/kubernetes/bin on COS, but that
then requires us to change the CNI manifests also to write to the new
location.

Instead we can use /opt/cni/bin on all distros, now that we are making
it writeable everywhere with a bind mount.
 2020-01-11 13:03:12 -05:00
Kubernetes Prow Robot 1e4b284bcb
Merge pull request #8056 from justinsb/move_to_utils_mount 
Replace kubernetes mount code with utils
 2020-01-10 15:35:37 -08:00
Ciprian Hacman 3ea7a6aed6 Remove "pigz" containerd dependency for RHEL/CentOS 7 2020-01-10 18:05:11 +02:00
Kubernetes Prow Robot 7a65c25a88
Merge pull request #8286 from hakman/rhel-e2e-deps 
Add wget and nfs-utils deps needed for e2e tests
 2020-01-10 07:54:36 -08:00
Ciprian Hacman a508c36302 Add wget and nfs-utils deps needed for e2e tests 2020-01-08 09:06:12 +02:00
Peter Rifel e0fa147b15 Enable host logging for kops-controller 
This makes it easier to get the kops-controller logs from e2e tests since it they only dump log files from systemd services and /var/log files [0]

[0] ec0fe6bd36/kubetest/dump.go (L50-L74)
 2020-01-07 11:00:41 -06:00
Kubernetes Prow Robot 63930904c3
Merge pull request #8269 from justinsb/ops_kops_writeable 
Make /opt/kops writeable on COS
 2020-01-06 01:33:34 -08:00
Kubernetes Prow Robot 95f4f83fbe
Merge pull request #7900 from zacblazic/use-encryption-provider-config-flag 
Use non-experimental version of encryption provider config flag in 1.13+
 2020-01-05 10:31:40 -08:00
Kubernetes Prow Robot e4da659509
Merge pull request #8196 from justinsb/dont_preload_unused_images 
For dev, don't preload docker images on nodes
 2020-01-04 16:15:40 -08:00
Justin SB fdc1499bed Make /opt/kops writeable on COS 
This approach means that rather than trying to have different
directories on different OSes, we can instead make them look more
similar.
 2020-01-04 17:59:05 -05:00
Kubernetes Prow Robot 78267482bf
Merge pull request #8212 from hakman/move-nodeup 
Move nodeup to /opt/kops/bin
 2020-01-04 14:49:40 -08:00
Justin Santa Barbara e4ed13ed57 Move protokube image task to ProtokubeBuilder 
More logically consistent, and allows us to be lazier about loading
it when not needed.
 2020-01-04 17:46:16 -05:00
Justin Santa Barbara fc21f4255f Replace kubernetes mount code with utils 
This will remove one of the main dependencies on the
kubernetes/kubernetes repo.
 2020-01-04 17:34:31 -05:00
Kubernetes Prow Robot afb4ecb883
Merge pull request #7730 from ripta/custom-sysctls 
Custom sysctl Parameters
 2020-01-03 07:35:41 -08:00
Kubernetes Prow Robot 5955227c27
Merge pull request #8217 from hakman/containerd-nits 
containerd: Fix tiny nits
 2020-01-03 06:43:49 -08:00
tanjunchen 7e25f9831d nodeup/pkg/ pkg/ staticcheck 2019-12-31 15:03:39 +08:00
Ciprian Hacman b563e4e815 Run Protokube in the "default" container namespace 2019-12-29 05:42:29 +02:00
Ciprian Hacman d35977ac90 Update hardcoded dependencies on on docker.service 2019-12-29 04:43:40 +02:00
Ciprian Hacman 3068b7e0ac Run each hash check as a separate test 2019-12-29 04:43:40 +02:00
Ciprian Hacman dd5b24eece Move iptables-setup to /opt/kops/bin 2019-12-28 20:22:33 +02:00
Kubernetes Prow Robot f6681d8df5
Merge pull request #7832 from justinsb/cilium_dont_double_mount_bpf 
cilium: don't try to mount sys/fs/bpf if already mounted
 2019-12-28 09:57:38 -08:00
Justin SB 4d514856f9 cilium: don't try to mount sys/fs/bpf if already mounted 
systemd v238 already includes the mount, and the unit file fails.  We
test for the existence of the mount, rather than testing systemd
versions directly.
 2019-12-28 12:01:54 -05:00
Peter Rifel dbb74e76c4 Fix typo in KubeProxy model 
very minor, but meant to ensure that KubeProxyBuilder satisfies the ModelBuilder interface
 2019-12-27 19:38:32 -08:00
Kubernetes Prow Robot adf659370c
Merge pull request #8170 from hakman/coninerd-add-1.2.4 
containerd: Use containerd 1.2.4 with Docker 18.09.3
 2019-12-27 09:29:38 -08:00
Kubernetes Prow Robot ac76e81ecd
Merge pull request #8164 from hakman/update-rhel-8 
Update support for RHEL 8
 2019-12-27 07:45:38 -08:00
Ciprian Hacman e90474d593 Update support for RHEL 8 2019-12-24 17:07:23 +02:00
Ciprian Hacman 760c7b06b4 Use containerd 1.2.4 with Docker 18.09.3 2019-12-23 19:26:38 +02:00
Kubernetes Prow Robot 4621df3c0a
Merge pull request #8155 from hakman/staticcheck-nodeup 
nodeup/pkg/model - fix static check
 2019-12-20 00:15:32 -08:00
Ciprian Hacman 97f70ff7a5 Add Docker 19.03.4 and 18.09.9 for Ubuntu Xenial 2019-12-19 16:14:09 +02:00
Justin Santa Barbara 2c770aa7a5
Merge branch 'master' into split-containerd 2019-12-19 07:03:33 -05:00
Kubernetes Prow Robot 1a0e441914
Merge pull request #8020 from hakman/install-with-updates 
Automatically install dependencies with local packages
 2019-12-19 01:53:56 -08:00
Ciprian Hacman fa665943ac nodeup/pkg/model - fix static check 2019-12-18 22:07:31 +02:00
Ciprian Hacman d0f15a8e27 Add "pigz" dependency in a future commit 2019-12-17 09:47:47 +02:00
Ciprian Hacman ce9ed2e1fb Make sure Cluster.Spec.Containerd exists before checking the address 2019-12-16 15:26:52 +02:00
Ciprian Hacman c2d55ecdf3 Always require containerd version in nodeup 2019-12-16 15:17:57 +02:00
Ciprian Hacman f1ffd9a7f6 Rename config option contained.configFile to containerd.configOverride 2019-12-16 00:59:26 +02:00
Ciprian Hacman 59ab0ca9d0 Pass containerd --address flag to kubelet if it exists 2019-12-16 00:59:26 +02:00
Ciprian Hacman 6363289103 Update tests after rebase 2019-12-16 00:59:26 +02:00
Ciprian Hacman b234d0687a Add back Protokube image pull during service start 2019-12-16 00:59:19 +02:00
Ciprian Hacman f401342d8f Update Protokube tests 2019-12-15 22:31:52 +02:00
Ciprian Hacman 4c5693be0d Remove unneeded version check 2019-12-15 21:57:12 +02:00
Ciprian Hacman 6dce39ffe1 Always set TasksMax=infinity for container friendly OSes 2019-12-15 21:37:57 +02:00
Ciprian Hacman 9d1ef68616 Parse Docker and containerd version using strconv.Atoi 2019-12-15 21:37:57 +02:00
Ciprian Hacman a6696f8060 Remove duplicate ExecStartPre 2019-12-15 21:37:57 +02:00
Ciprian Hacman bbb6740f3f Remove unneeded imports 2019-12-15 21:37:57 +02:00
Ciprian Hacman bdb395f722 Fix container remove command on failed start 2019-12-15 21:37:57 +02:00
Ciprian Hacman 92cd1842c6 Add support for containerd container runtime - generated 2019-12-15 21:37:57 +02:00
Ciprian Hacman 1a4d8bf49c Add support for containerd container runtime - tests 2019-12-15 21:37:57 +02:00
Ciprian Hacman 42b73b877d Add support for containerd container runtime 2019-12-15 21:37:57 +02:00
Peter Rifel 23ee2e63fc
Fix typo in protokube_test.go 2019-12-15 11:18:46 -06:00
Peter Rifel ea106478e0
Run ./hack/update-bazel.sh 2019-12-15 09:47:57 -06:00
Justin Santa Barbara 700bd2c0a5 Add test for protokube builder 
This should give us some assurances that we haven't changed things too
much with the containerd introduction.
 2019-12-14 23:19:54 -05:00
Kubernetes Prow Robot 852ed31f5f
Merge pull request #7545 from mazzy89/flatcar-fix 
Complete support for Flatcar
 2019-12-09 04:58:01 -08:00
John Gardiner Myers eaa13e734d Fix truncation of admission control plugins list 2019-11-30 19:30:49 -08:00
Ciprian Hacman 10b7d1e7b5 Don't consider recommended packages as a dependency for installing 2019-11-29 10:56:22 +02:00
Ciprian Hacman d66dfc1ac1 Automatically install dependencies with local packages 2019-11-27 17:12:38 +02:00
Kubernetes Prow Robot 482fce5d54
Merge pull request #7424 from mmerrill3/feature/dynamic-audit-config 
Implementing audit dynamic configuration (#7392)
 2019-11-26 01:01:10 -08:00
Salvatore Mazzarino 16f667d5a8 Correct Distro name 
Signed-off-by: Salvatore Mazzarino <dev@mazzarino.cz>
 2019-11-24 18:58:49 +01:00
Salvatore Mazzarino 9732d06d97 Add reference 
Signed-off-by: Salvatore Mazzarino <dev@mazzarino.cz>
 2019-11-24 16:35:23 +01:00
Salvatore Mazzarino f6908656bf Fix volume plugins dir 
Signed-off-by: Salvatore Mazzarino <dev@mazzarino.cz>
 2019-11-24 16:35:23 +01:00
Salvatore Mazzarino 5c0d5c112d Add tag during isDebian check family 
Signed-off-by: Salvatore Mazzarino <dev@mazzarino.cz>
 2019-11-24 16:35:23 +01:00
Kubernetes Prow Robot 4b11768ae0
Merge pull request #7906 from johngmyers/fix-apiversion 
Update apiVersion in docs and tests
 2019-11-22 06:03:28 -08:00
Kubernetes Prow Robot 1e2673515f
Merge pull request #7923 from eest/sysctls-comment 
sysctls.go: Fix some comments
 2019-11-21 17:35:40 -08:00
Kubernetes Prow Robot baa5ae3934
Merge pull request #7860 from hakman/docker-19.03.4 
Add support for newer Docker versions
 2019-11-17 12:23:54 -08:00
Patrik Lundin ad9448ac40 sysctls.go: Fix some comments 
Comment for net.ipv4.tcp_tw_reuse from tcp(7).
 2019-11-13 13:01:06 +01:00
John Gardiner Myers f1068e5c8c Update apiVersion in docs and tests 2019-11-09 14:14:24 -08:00
Zac Blazic 28d3eb4e37 Use `--encryption-provider-config` when kubernetes 1.13+ 
The alpha version of encryption at rest used the following flag:
`--experimental-encryption-provider-config`. As of kubernetes 1.13,
`--encryption-provider-config` should be used instead.
 2019-11-08 18:24:05 +02:00
Kubernetes Prow Robot 3979650823
Merge pull request #7841 from tanjunchen/fix-up-gosimple-problems 
fix-up static-check
 2019-11-05 21:57:20 -08:00
Ciprian Hacman 777265931f Add support for Docker 18.09.9 2019-11-04 12:00:11 +02:00
Ciprian Hacman a716ac17f4 Add support for Docker 19.03.4 2019-10-31 11:42:47 +02:00
Ripta Pasay 56ea75cc91 Include custom sysctl parameters when running the sysctl builder 
(cherry picked from commit 6766f47c670b68d2bf1a13ef94a710bd48f10678)
 2019-10-30 10:55:01 -07:00
tanjunchen a19fb935e4 fix-up static-check 2019-10-29 14:06:12 +08:00
Srikanth afe59ba7cc Remove clusterID to be passed as a parameter for protokube 2019-10-29 09:40:38 +05:30
Srikanth cb4a8ef6fc Rebase with latest master 2019-10-29 09:40:38 +05:30
mmerrill3 5cf94c8ddf Implementing audit dynamic configuration (#7392) 
Signed-off-by: mmerrill3 <michael.merrill@vonage.com>
 2019-10-24 10:21:27 -04:00
hwdef bc7d07035b dnsprovider: fix static check 2019-10-24 11:13:55 +08:00
tanjunchen 6a01525de5 fix-up bug in nodeup/pkg/model 2019-10-16 00:35:26 +08:00
Kubernetes Prow Robot 39cbb2bf1c
Merge pull request #7781 from hatappi/api-server-multiple-sa-key-file 
fix(apiserver): allow multiple service-account-key-file
 2019-10-14 18:15:51 -07:00
hatappi 3b1c1f1639 fix(apiserver): allow multiple service-account-key-file 2019-10-14 10:52:48 +09:00
Kubernetes Prow Robot 34c7d5a64a
Merge pull request #7755 from tanjunchen/fix-up-static-error 
fix-up staticcheck error
 2019-10-13 08:20:35 -07:00
Kubernetes Prow Robot 0c66a304c3
Merge pull request #7754 from tanjunchen/fix-up-gosimple-error 
fix-up gosimple check error
 2019-10-12 11:18:44 -07:00
Kubernetes Prow Robot dfaa39bc34
Merge pull request #7539 from spotinst/fix-kubelet-maxpods 
Kubelet configuration: Maximum pods flag is miscalculated when using Amazon VPC CNI
 2019-10-11 11:35:25 -07:00
Thomas Jackson cfcb93e822 Misc fixes 2019-10-10 13:09:22 -07:00
Thomas Jackson f8c416d6ce Add configs for gossip dns 2019-10-10 13:09:22 -07:00
liranp c6eb29a4b5
fix(nodeup): miscalculated `max-pods` when using amazon-vpc-cni 2019-10-10 12:02:12 +03:00
tanjunchen 28fdb358f8 fix-up staticcheck error 2019-10-08 13:53:04 +08:00
tanjunchen 43bf6bdab6 fix-up gosimple check error 2019-10-07 11:59:57 +08:00
tanjunchen 8fe36dc72c fix-up some staticcheck error 2019-10-06 10:40:13 +08:00
Jesse Haka 4ccad007ce mountcerts -> usehostcerts 2019-09-30 11:36:32 +03:00
Jesse Haka 352bc1eaa2 Allow to use custom rootCAs 2019-09-30 11:35:58 +03:00
yuxiaobo 0bd700781e Correct word misspelling 2019-09-29 22:23:07 +08:00
Kubernetes Prow Robot 942c8915db
Merge pull request #7496 from justinsb/label_controller 
kops-controller
 2019-09-27 03:43:35 -07:00
Kubernetes Prow Robot ba69006d17
Merge pull request #7663 from rifelpet/staticcheck-bugfixes 
Fix some bugs reported by staticcheck
 2019-09-25 15:31:06 -07:00
Justin SB 728e582360
Fill out kops controller functionality 
k8s 1.16 requires that we move label setting away from the kubelet, to
a central controller.  kops-controller is that controller.
 2019-09-25 12:04:34 -04:00
Justin SB cdcf72b0c9
Pull centos.org packages from the vault 
This isn't as nice as debian's vault, in that it doesn't contain the
latest packages.  But it appears that once a package is in the vault,
it should stay there.

Source from the vault to unbreak 1.13.
 2019-09-25 10:15:28 -04:00
Peter Rifel c8d424dd87 Fix some staticcheck warnings 2019-09-25 06:35:25 -07:00
Kubernetes Prow Robot 30c6f65300
Merge pull request #6957 from austinmoore-/skip-docker-install 
Skip Docker install
 2019-09-18 14:55:00 -07:00
Kubernetes Prow Robot 3b9821d5c5
Merge pull request #7474 from nebril/cilium-standalone 
Change Cilium templates to standalone version
 2019-09-18 14:01:00 -07:00
Kubernetes Prow Robot 0ae46139a7
Merge pull request #7609 from igarcia-sugarcrm/issue/7608 
Updated container-selinux url to point to the right path
 2019-09-18 10:05:33 -07:00
Mike Splain 3af3f81a18
Fix gofmt 2019-09-18 11:21:45 -04:00
mikesplain 0fe1a52e09 Add logrotate for etcd/etcd-events.log 2019-09-18 09:43:24 -04:00
Ivan Garcia d0db05defa Updated container-selinux url to pint to the right path 2019-09-17 14:57:13 -07:00
Austin Moore 4695e7d03c
Move SkipInstall to DockerConfig 2019-09-17 11:55:08 -04:00
Ole Markus With e7ff69a4a3 Mount BPF for cilium as part of nodeup instead of using a daemonset 2019-09-16 16:49:36 +02:00
mikesplain 9e55b8230a Update copyright notices 
Also cleans some white spaces
 2019-09-09 14:47:51 -04:00
Justin SB 8e2dbb6a99
Bootstrap: protokube labels its own node with node-role label 
As of k8s 1.16, the node-role label is protected for security reasons.
We will introduce a controller to set those labels generically.
However, we need these labels to run the controller (only) on master
nodes.

To solve this bootstrapping problem, we use protokube to apply the
master role node labels to the master node only.  This isn't a
security problem because we assume that protokube on the master is
highly trusted - we are still administering labels centrally.

Then kops-controller can use this label to target the master nodes,
and run a central label controller.
 2019-09-08 20:51:00 -04:00
Justin SB 810c65eb46
Copy well-known users from apiserver 
This should eliminate the dependency on k8s.io/apiserver
 2019-08-31 08:50:09 -07:00
Justin SB 17186ff7ba
Generated vendor & bazel from `make gomod` 
Automatically generated vendor & BUILD.bazel files
 2019-08-25 16:00:41 -04:00
Justin SB b1f8f84306
Code changes for 1.15 2019-08-25 16:00:39 -04:00
Kubernetes Prow Robot 2d1b010071
Merge pull request #7346 from ripta/max-pd-vols 
Add maxPersistentVolumes to support the KUBE_MAX_PD_VOLS scheduler setting
 2019-08-15 22:54:32 -07:00
Kashif Saadat 4514215656 Set and mount the correct volume plugin dir based on OS 2019-08-01 17:54:08 +01:00
Ripta Pasay a31a6b60ca Add maxPersistentVolumes to support the KUBE_MAX_PD_VOLS scheduler setting 2019-07-30 11:44:45 -07:00
Justin SB 35bb1c1636
Update default flexvolumepath for COS 
Default on COS is a different location, see
https://github.com/kubernetes/kubernetes/pull/58171
 2019-07-29 12:57:59 -04:00
Kubernetes Prow Robot 8a146b1c64
Merge pull request #6874 from kellanburket/master 
Mount FlexVolume directory in kube-controller-manager pod
 2019-07-25 08:05:54 -07:00
Kubernetes Prow Robot 0e27206973
Merge pull request #7290 from justinsb/rationalize_golden_output_comparison 
Rationalize golden-output comparison
 2019-07-23 00:20:55 -07:00
Kubernetes Prow Robot 2178721764
Merge pull request #6236 from justinsb/fixup_ntp_install 
Move NTP and misc packages initialization to code
 2019-07-22 07:18:52 -07:00
Kubernetes Prow Robot cdd3496c8a
Merge pull request #6229 from justinsb/gce_ipalias 
GCE: support ipalias networking mode, named "gce"
 2019-07-22 06:26:51 -07:00
Justin SB 512378b335
Rationalize golden-output comparison 
Create a single helper function: AssertMatchesFile

Also a few output files that weren't consistent.
 2019-07-21 23:08:48 -04:00
Kubernetes Prow Robot 92903304d4
Merge pull request #7287 from VibrentHealth/rhel8_support 
Rhel8 support
 2019-07-21 19:55:03 -07:00
Cassandra Comar 9ba043330a Fix package installation by switching ntp to chrony and directly installing container-selinux 2019-07-19 09:11:56 -04:00
Cassandra Comar 4638081c89 Fix identity string for RHEL8 2019-07-19 09:11:50 -04:00
Cassandra Comar f63eb0a066 Add support for RHEL 8 2019-07-19 09:11:43 -04:00
Justin SB 62f7c26f98
Support "gce" networking mode, which uses ip aliases 2019-07-19 07:54:13 -04:00
Justin SB 10a7f9afb0
Move NTP and misc package initialization to code 
Paring down the nodeup portion of gobindata
 2019-07-19 07:34:44 -04:00
Thomas Jackson ea61fb8de0 Replace behavior for aws hostnameOverride 
If the cluster's VPC includes DHCP options the local-hostname includes
the DHCP zone instead of the private DNS name from AWS (which is what
k8s uses regardless of flags). This patch simply makes the
hostnameOverride implementation match by using the AWS api to get the
private DNS name

Related to #7172
 2019-07-17 10:30:07 -07:00
Kubernetes Prow Robot dd6b0314fc
Merge pull request #6897 from vainu-arto/set-priority-for-static-pods 
Set priority for static pods
 2019-07-12 00:41:07 -07:00
Thomas Jackson 270a028c94 Use NodeAuthorizer config options instead of soely hard-codes 
Without this patch the timeout is 5m and the interval is 10m --
hard-coded with no mechanism to change, even though the config struct
already had a timeout option (which was completely unused)
 2019-07-09 09:48:43 -07:00
Kubernetes Prow Robot 5df1b64301
Merge pull request #7218 from appvia/apimachinery 
goimports update
 2019-07-09 02:40:13 -07:00
Justin SB 5f5f37a72c
Remove kube-proxy resource-container flag 
Removed in https://github.com/kubernetes/kubernetes/pull/78294

(A k/k breaking change: `--resource-container=""` is now the default!)
 2019-07-08 09:59:52 -04:00
Kashif Saadat 2b61ace49c goimports update 2019-07-03 16:43:20 +01:00
Kubernetes Prow Robot a8e7109129
Merge pull request #7040 from spotinst/feature-spotinst-ocean 
Spotinst: New instance group type: Ocean
 2019-06-20 12:24:10 -07:00
Kubernetes Prow Robot 1f98ecf8a3
Merge pull request #7124 from srikiz/UnitTestKubeProxy 
[Unit Tests] Added unit test for kube proxy builder
 2019-06-20 11:31:01 -07:00
Kubernetes Prow Robot 96704f24cd
Merge pull request #7103 from austinmoore-/egress-proxy-for-etcd-manager 
Egress proxy for etcd manager
 2019-06-20 11:30:49 -07:00
Kubernetes Prow Robot 1798ddfa0e
Merge pull request #7084 from mazzy89/flatcar_support 
Flatcar support
 2019-06-20 06:38:48 -07:00
Austin Moore ccced9901a
Add test for skipInstall 2019-06-12 14:16:11 -04:00
Austin Moore de339bf72d
Add configuration to skip docker installs 2019-06-12 14:16:11 -04:00
Srikanth cdb18bd063 Update BUILD.bazel file 2019-06-10 08:25:22 -05:00
Srikanth 8b9a286dd5 Format the unit test per gofmt 2019-06-10 00:06:56 -05:00
Srikanth b2b7756326 Add initial tests for kube_proxy 2019-06-07 15:31:39 -05:00
Austin Moore 67d9f5f190
Move getProxyEnvVars into a util package 2019-06-05 15:59:19 -04:00
liranp 80020052d3
feat(spotinst): new instance group type: ocean 2019-06-03 12:38:46 +03:00
Salvatore Mazzarino c7381f9a34 Flatcar support 
Signed-off-by: Salvatore Mazzarino <dev@mazzarino.cz>
 2019-05-31 12:20:27 +02:00
Jesse Haka 60756136c8 Add Debian 10 (buster) support 2019-05-26 15:34:39 +03:00
Michael Frister 691c459ae6 Fix Docker not being installed on Ubuntu 16.04 
This only affects the default Docker version for 1.12 (18.06.3).
 2019-05-14 10:25:49 +02:00
Justin SB fe487df586
Use klog logging from 1.15 
klog can now support logging both to a file and to streams, so we get the output both in docker & logfiles.

A few gotchas:

* The output previously was all on stdout, now it on stderr.  That is more correct
* If something writes to stdout or stderr outside of klog, it will no longer end up in the logfile.
* There's some oddities still to be ironed out about the flag syntax https://github.com/kubernetes/klog/issues/60
 2019-05-10 00:17:30 -04:00
Arto Jantunen 48974521e1 Set priority classes for static pods 
For the master pods (apiserver, controller manager, scheduler) this is
unlikely to ever matter (the masters aren't expected to run out of
resources and need to evict things) but evictions of kube-proxy from worker
nodes are easy to trigger in clusters with PodPriority enabled. Since these
are static pods the configuration is also somewhat difficult to change.
 2019-05-09 16:03:08 +03:00
Justin SB ba9a4afc43
apigroup -> kops.k8s.io: Tests & supporting changes 
Autogenerated code, docs & test changes

Also a new test for the older "kops" apiGroup, to make sure that
continues to work.
 2019-05-06 22:26:29 -04:00
Justin SB 76d03b3f71
Generated files: glog -> klog 2019-05-06 12:56:03 -04:00
Justin SB 3e33ac7682
Change code from glog to klog 
We don't call klog.InitFlags yet, because that will cause a flag
redefinition error until we get everyone to stop using glog.  That
will happen when we update to k8s 1.13.
 2019-05-06 12:54:51 -04:00
Kellan Cummings d0a653b0a5 added flexvolume mount to kube-controller 2019-05-03 14:45:58 -04:00
Kubernetes Prow Robot bea86cb4d9
Merge pull request #6810 from xichengliudui/update-go-const-part6 
Using const() defines constants together (part:4)
 2019-04-23 19:26:00 -07:00
Kubernetes Prow Robot e497f33104
Merge pull request #6809 from xichengliudui/update-go-const-part5 
Using const() defines constants together (part:3)
 2019-04-23 06:36:17 -07:00
Justin SB de581b1b64
Switch to golang 1.11.5 
For cherry-picking to 1.13

https://github.com/kubernetes/kubernetes/blob/release-1.13/build/build-image/cross/Dockerfile
 2019-04-20 17:36:56 -04:00
xichengliudui c02802f36d Using const() defines constants together (part:4) 2019-04-20 05:12:51 -04:00
xichengliudui 16ee9c4342 Using const() defines constants together (part:3) 2019-04-20 05:02:21 -04:00
Kubernetes Prow Robot b91db4f360
Merge pull request #6706 from granular-ryanbonham/apiserver_cpurequest 
Add ability to specify cpuRequest for API Server
 2019-04-10 08:04:13 -07:00
Justin SB c7b921fe05
Increase apiserver timeout to 45 seconds 
Fix #6702

Parallel to upstream issue #71054
 2019-04-07 11:55:33 -07:00
Ryan Bonham 8584fd731d Fix type mismatch 2019-03-29 14:32:29 -05:00
Ryan Bonham ac5a2ec2a0 Fix syntax error 2019-03-29 14:19:59 -05:00
Ryan Bonham 67c2f50732 Handle unset KubeAPIServer.CPURequest 2019-03-29 14:07:05 -05:00
Ryan Bonham a75dcdda35 Add Ability to set cpu request for api server 2019-03-29 13:56:21 -05:00
Justin SB 7bd4a7e262
Support download protokube from mirror 2019-03-26 00:45:54 -04:00
Derek Lemon (delemon) b09bb9eb37 Openstack environment escaping 2019-03-21 15:56:57 -06:00
Kubernetes Prow Robot 93988d8fdd
Merge pull request #6359 from justinsb/integration_etcd 
Enable etcd-manager / etcd3 / etcd-tls in kops 1.12
 2019-03-19 10:28:23 -07:00
Justin SB f0241294ac
Refactored out repeated joining code 
Thanks for suggestion @chrisz100!
 2019-03-19 09:48:16 -07:00
Jesse Haka dab9c1800a add manage sec groups for loadbalancers 2019-03-18 11:27:31 +02:00
Kubernetes Prow Robot 00950767c2
Merge pull request #6564 from usabilla/no-docker-prestart 
Remove docker-prestart hook
 2019-03-17 23:25:11 -07:00
Kubernetes Prow Robot 3b907c81e4
Merge pull request #5982 from justinsb/create_var_lib_kubelet 
Always create /var/lib/kubelet, even in bootstrap mode
 2019-03-17 04:12:55 -07:00
Kubernetes Prow Robot 492031d4c7
Merge pull request #6620 from justinsb/followup_6347 
Fix some of the docker package names & versions
 2019-03-15 09:47:00 -07:00
LilyFaFa 12d54b6a1f support gossip for AliCloud 2019-03-15 15:26:12 +08:00
Justin SB 057c19f8bb
Fix some of the docker package names & versions 
Follow up to #6347 - add a test for some of the names based on some
heuristics, and fix some of the problems that popped up.
 2019-03-15 00:09:59 -04:00
Kubernetes Prow Robot 16e846d4ce
Merge pull request #6347 from tsuna/master 
Add support for Docker 18.09.3.
 2019-03-14 20:48:55 -07:00
Justin SB 31f408c978
Support etcd-manager in kops 1.12 
In 1.12 (kops & kubenetes):

* We default etcd-manager on
* We default to etcd3
* We default to full TLS for etcd (client and peer)
* We stop allowing external access to etcd
 2019-03-14 23:13:06 -04:00
Alex Williams c928b7e6c5
Use EnsureTask for create static pod directory 2019-03-14 12:22:43 +00:00
Justin SB ecbc34153b
Always create /var/lib/kubelet, even in bootstrap mode 
Otherwise we end up with a circular dependency where we don't run the
node-authorizer until /var/lib/kubelet has been bind-mounted, but it
can't be bind-mounted until it exists.

This bind-mounting happens on Google's ContainerOS, which is why it
isn't always seen.
 2019-03-14 01:07:52 -04:00
Benoit Sigoure e4691cd704 nodeup: Add support for Docker 18.09.3. 
Starting from Docker 18.09.0, the Docker distribution has been split in
3 packages: the Docker daemon, the Docker CLI, and for containerd.  This
adds a twist to how to upgrade Docker from the base image as the daemon
and CLI packages must be installed at the same time, otherwise dpkg/rpm
will refuse to upgrade (the new CLI is incompatible with the old package
and the daemon can't be installed without first installing the CLI and
the new containerd, so the upgrade MUST happen in a single transaction).

This code change thus adds the possibility to specify additional packages
to install in the same dpkg/yum transaction, such as the Docker CLI and
containerd in nodeup, and the ability to apply the multi-package upgrade
atomically with dpkg/rpm.

We also use this new mechanism for the SELinux policy on RHEL/CentOS.
 2019-03-04 15:39:12 -08:00
Steven McDonald fe249eabbf Remove docker-prestart hook 
This breaks networking if Docker is restarted
(https://github.com/kubernetes/kops/issues/6191).

The Docker issue linked in the hook's comments has been closed for
over 3 years, and this workaround has not been used by upstream
Kubernetes for over a year:

  5f9735de53 (diff-af1d281c3ce49f7bfe110f7c64c96fdc)

It therefore seems unlikely that this hook is still necessary.
 2019-03-01 13:43:38 +01:00
Kubernetes Prow Robot baf83ab69a
Merge pull request #6343 from sp-joseluis-ledesma/master 
set net.ipv4.ip_local_reserved_ports to the KubeAPIServer ServiceNodePortRange parameter on nodeup
 2019-02-28 12:50:49 -08:00
Kubernetes Prow Robot 743b319fc9
Merge pull request #6506 from justinsb/chattr_docker_runc_17_03_2 
Try using chattr to mark docker-runc as immutable
 2019-02-25 07:22:12 -08:00
Justin SB 5d28bed21f
Map docker 18.06.3 
Docker 18.06.2 on RHEL/Centos did not actually contain the fix, so we
need 18.06.3.
 2019-02-23 17:19:44 -05:00
Justin SB 9bfa0cdd2a
Try using chattr to mark docker-runc as immutable 
May be a workaround for CVE-2019-5736, is defense in depth in any case.
 2019-02-20 22:26:44 -05:00
Kubernetes Prow Robot 823f769a95
Merge pull request #6492 from justinsb/package_names_for_container_selinux 
Fix package name & version for container-selinux
 2019-02-20 08:14:50 -08:00
Kubernetes Prow Robot 46599c0908
Merge pull request #6491 from justinsb/overlay2_on_docker_with_17_x 
Workaround for overlay2 vs rhel-family docker bug
 2019-02-20 05:37:41 -08:00
Justin SB f094d16d0f
Fix package name & version for container-selinux 2019-02-19 21:25:38 -05:00
Justin SB ea4e57145c
Workaround for overlay2 vs rhel-family docker bug 
Docker 17.x with rhel-family fails to detect overlay2 correctly, and
need us to pass overlay2.override_kernel_check=true for docker to
correctly detect overlay2 support.
 2019-02-19 21:25:12 -05:00
Justin SB 8835dc94eb
Install kubelet config for default centos user 
We weren't installing it on centos, which is not particuarly
user-friendly.
 2019-02-19 21:24:24 -05:00
Kubernetes Prow Robot 53189d7e6b
Merge pull request #6210 from mmerrill3/feature/kops-4049 
Fixing kops-4049
 2019-02-18 02:43:00 -08:00
Kubernetes Prow Robot 96b14eaa3b
Merge pull request #6461 from mikesplain/add_jessie_patch 
Add jessie patch
 2019-02-16 06:24:02 -08:00
Kubernetes Prow Robot f7048cf8fb
Merge pull request #6411 from justinsb/etcd_manager_backport 
Support etcd-manager v3, suitable for backporting
 2019-02-16 04:21:40 -08:00
mikesplain 54c969c521 Add debian jessie patch for CVE-2019-5736 2019-02-12 08:42:49 -05:00
JuanJo Ciarlante 6bb897d7ac
add Xenial, fix Stretch Version to 18.06.2~ce~3-0~debian (same as for Xenial, Bionic, Stretch) 2019-02-11 19:44:25 -03:00
JuanJo Ciarlante b761a809d5
add 18.06.2 entries instead of replacing 18.06.1 ones 2019-02-11 17:05:12 -03:00
JuanJo Ciarlante 49615d5afa [jjo] update docker-ce 18.06 for CVE-2019-5736 
Fixes #6459.

* Update CoreOS, Debian Stretch and Ubuntu Bionic
  docker-ce packages to 18.06.2
 2019-02-11 16:26:17 -03:00
Justin SB dd7533398d
Support etcd-manager v3, suitable for backporting 
Add etcd-manager v3 in a way that we can safely backport.
 2019-01-29 23:51:26 -05:00
Kubernetes Prow Robot ea420dac78
Merge pull request #6351 from cisco-sso/os_full 
Kops for Openstack
 2019-01-23 10:35:20 -08:00
Derek Lemon -T (delemon - AEROTEK INC at Cisco) c9b5911b1c Openstack gopkg updates 2019-01-19 08:41:15 -07:00
Rohith 6c814f3e73 Changes 
- removed all the systemd unit creation and use the volume mount code from kubele (SafeFormatAndMount)
- added some documentation to highlight the feature and show how it might be used in both ebs and ephemeral storage
 2019-01-18 22:49:54 +00:00
Rohith df2d8dd304 - updating the basil requirements 2019-01-18 22:49:54 +00:00
Rohith 0e155b4c78 - changed tack and making them two separate features for now, one adding additional volumes and two mounting them. This should always allow for user to use epherimal devices as well 
- updated the api specs and machinery
- adding the dependecies on the services when the volume mounts are enable (should probably false this if they don't effect the docker filesystem)
 2019-01-18 22:49:38 +00:00
Rohith 1b69cea3cb - adding the volumebuilder into the nodeup binary to provision the mapped volumes 2019-01-18 22:45:05 +00:00
Derek Lemon -T (delemon - AEROTEK INC at Cisco) d1b7680b10 openstack cloud config monitor section must be a child of loadbalancer 2019-01-18 14:22:04 -07:00
Derek Lemon -T (delemon - AEROTEK INC at Cisco) 292b3a8589 Storage config for openstack cloud config 2019-01-18 11:39:39 -07:00
Derek Lemon -T (delemon - AEROTEK INC at Cisco) eb256593bc Setting project ID as well in cloudconfig. Using loadbalancerID in cloudconfig. Retrieving instance IP from openstack in protokube. 2019-01-18 10:17:14 -07:00
Derek Lemon -T (delemon - AEROTEK INC at Cisco) 4f0169bb79 codegen 2019-01-16 09:30:40 -07:00