kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,925 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

52 Commits

Author SHA1 Message Date
John Gardiner Myers 3e95a88717 Fix Test_KubeAPIServer_Builder to use a supported version of Kubernetes 2020-02-21 22:46:36 -08:00
Justin SB 0cb35638f2
Stop logging to /var/log/kops-controller.log 
Writing to a hostPath from a non-root container requires file
ownership changes, which is difficult to roll out today.  See
discussion in #8454

We were primarily using the logfile for e2e diagnostics, so we're
going to look into collecting the information via other means instead.

We also haven't yet shipped this logfile in a released version (though
we have shipped it in beta releases)
 2020-02-04 06:41:25 -05:00
John Gardiner Myers 6e9dc8fc0f Remove code for unsupported k8s versions from nodeup 2020-01-12 19:30:34 -08:00
Kubernetes Prow Robot 95f4f83fbe
Merge pull request #7900 from zacblazic/use-encryption-provider-config-flag 
Use non-experimental version of encryption provider config flag in 1.13+
 2020-01-05 10:31:40 -08:00
tanjunchen 7e25f9831d nodeup/pkg/ pkg/ staticcheck 2019-12-31 15:03:39 +08:00
John Gardiner Myers eaa13e734d Fix truncation of admission control plugins list 2019-11-30 19:30:49 -08:00
Kubernetes Prow Robot 482fce5d54
Merge pull request #7424 from mmerrill3/feature/dynamic-audit-config 
Implementing audit dynamic configuration (#7392)
 2019-11-26 01:01:10 -08:00
Zac Blazic 28d3eb4e37 Use `--encryption-provider-config` when kubernetes 1.13+ 
The alpha version of encryption at rest used the following flag:
`--experimental-encryption-provider-config`. As of kubernetes 1.13,
`--encryption-provider-config` should be used instead.
 2019-11-08 18:24:05 +02:00
tanjunchen a19fb935e4 fix-up static-check 2019-10-29 14:06:12 +08:00
mmerrill3 5cf94c8ddf Implementing audit dynamic configuration (#7392) 
Signed-off-by: mmerrill3 <michael.merrill@vonage.com>
 2019-10-24 10:21:27 -04:00
mikesplain 9e55b8230a Update copyright notices 
Also cleans some white spaces
 2019-09-09 14:47:51 -04:00
Kubernetes Prow Robot dd6b0314fc
Merge pull request #6897 from vainu-arto/set-priority-for-static-pods 
Set priority for static pods
 2019-07-12 00:41:07 -07:00
Kashif Saadat 2b61ace49c goimports update 2019-07-03 16:43:20 +01:00
Austin Moore 67d9f5f190
Move getProxyEnvVars into a util package 2019-06-05 15:59:19 -04:00
Justin SB fe487df586
Use klog logging from 1.15 
klog can now support logging both to a file and to streams, so we get the output both in docker & logfiles.

A few gotchas:

* The output previously was all on stdout, now it on stderr.  That is more correct
* If something writes to stdout or stderr outside of klog, it will no longer end up in the logfile.
* There's some oddities still to be ironed out about the flag syntax https://github.com/kubernetes/klog/issues/60
 2019-05-10 00:17:30 -04:00
Arto Jantunen 48974521e1 Set priority classes for static pods 
For the master pods (apiserver, controller manager, scheduler) this is
unlikely to ever matter (the masters aren't expected to run out of
resources and need to evict things) but evictions of kube-proxy from worker
nodes are easy to trigger in clusters with PodPriority enabled. Since these
are static pods the configuration is also somewhat difficult to change.
 2019-05-09 16:03:08 +03:00
Kubernetes Prow Robot b91db4f360
Merge pull request #6706 from granular-ryanbonham/apiserver_cpurequest 
Add ability to specify cpuRequest for API Server
 2019-04-10 08:04:13 -07:00
Justin SB c7b921fe05
Increase apiserver timeout to 45 seconds 
Fix #6702

Parallel to upstream issue #71054
 2019-04-07 11:55:33 -07:00
Ryan Bonham 8584fd731d Fix type mismatch 2019-03-29 14:32:29 -05:00
Ryan Bonham ac5a2ec2a0 Fix syntax error 2019-03-29 14:19:59 -05:00
Ryan Bonham 67c2f50732 Handle unset KubeAPIServer.CPURequest 2019-03-29 14:07:05 -05:00
Ryan Bonham a75dcdda35 Add Ability to set cpu request for api server 2019-03-29 13:56:21 -05:00
Justin SB 31f408c978
Support etcd-manager in kops 1.12 
In 1.12 (kops & kubenetes):

* We default etcd-manager on
* We default to etcd3
* We default to full TLS for etcd (client and peer)
* We stop allowing external access to etcd
 2019-03-14 23:13:06 -04:00
Derek Lemon -T (delemon - AEROTEK INC at Cisco) 4f0169bb79 codegen 2019-01-16 09:30:40 -07:00
Justin SB 26bd75aecb
Bulk spelling fixes 
Experimenting with my own spelling checker, these are the typos it caught.
 2018-12-20 17:43:56 -05:00
fernando.carletti 4b27e6c8ee
Add flag to disable Basic Auth. 2018-10-16 19:04:38 -05:00
Rob Graham 4b07a07ad5 Merge branch 'master' into issue-4252-dns 2018-07-23 14:00:09 +01:00
Rob Graham 8ccf42f4a2 GH-4252 Better name for the config value and also add to v1alpha1 API 2018-07-23 13:48:35 +01:00
Christian Kampka 581eec3eca Don't mount volume for auditLog when STDOUT is configured as path 
Fixes #4202
 2018-07-16 22:53:58 +02:00
k8s-ci-robot 35b7d5791d
Merge pull request #5424 from rdrgmnzs/fix_aws-authenticator_read_perms 
Fix the issue described in #5412 where the authenticator is no longer…
 2018-07-11 15:29:26 -07:00
Rodrigo Menezes a31c0186da add comment 2018-07-10 10:27:13 -07:00
Rodrigo Menezes b296e6fcbf Fix the issue described in #5412 where the authenticator is no longer able to read the K8s CAs. 2018-07-09 23:57:58 -07:00
Rodrigo Menezes f5e3d434fb fix cert location 2018-07-09 15:04:13 -07:00
Rodrigo Menezes 414b3a780b Rename hept.io authenticator to aws authenticator 2018-07-08 10:10:19 -07:00
Rob Graham ae327e1e8c wrestling with the api stuff 2018-07-02 15:16:37 +01:00
Rob Graham cc589ae538 Reworked to use loadbalancer only if config is specified 2018-07-02 12:02:50 +01:00
Rob Graham 64974fdd5b GH-4252 Only manage internal DNS zone if configuration has been specified 2018-06-22 15:05:47 +01:00
k8s-ci-robot 8fad9da430
Merge pull request #5352 from gambol99/nodeup_clean 
Nodeup clean
 2018-06-21 09:23:47 -07:00
Rohith c9db958696 - cleanup up elements, imports and comments 2018-06-20 09:26:31 +01:00
Rohith f4e90e1035 Removing Duplication 
- removing the duplication code (i think by me :-)) and reusing the BuildCertificateTaskd and BuildPrivateKeyTask
 2018-06-19 23:15:53 +01:00
Rohith b62d6df115 Admission Controller Fix 
A previous PR https://github.com/kubernetes/kops/pull/5221/ introduced the --enable-admission-plugins for >= 1.10.0 as recommended, it does however cause an issue if you already have AdmissionControl is specified in the Spec as both flags get rendered
 2018-06-02 19:46:55 +01:00
Rohith f31f544ff2 File Permissions Private Key 
- adjusting the file permissions on the heptio authenticator to 0600
 2018-06-01 15:34:37 +01:00
Rodrigo Menezes f0476776b1 fix file perms 2018-05-31 21:11:06 -07:00
Rodrigo Menezes 5ce8f9e712 Setup heptio authenticator 2018-05-23 17:48:33 -07:00
Kashif Saadat ac25853cd5 - Add etcdClusterSpec Image & Version in bootstrap data for Master nodes 
- Reuse execWithTee fn for ETCD Command (tee & mkfifo in different path for newer image versions)
 2018-02-10 12:14:36 +00:00
Justin Santa Barbara 7ca593b994 exec target command, but still pipe it to tee 
Equivalent of https://github.com/kubernetes/kubernetes/pull/57756
 2018-01-25 10:15:24 -05:00
Justin Santa Barbara a879521ba3 Initial aggregation support 
Create the keypairs, which are supposed to be signed by a different CA.

Set the `--requestheader-...` flags on apiserver.

Fix #3152
Fix #2691
 2017-10-22 14:41:38 -04:00
Justin Santa Barbara 95d4f3eb59 More code updates for 1.8 2017-10-01 21:13:00 -04:00
Justin Santa Barbara 3478031533 API types changed package 2017-10-01 14:03:56 -04:00
Justin Santa Barbara 383194780a Create helper function for critical pod annotations 
In particularly I think we want a toleration also; easiest to put the
code in one function.
 2017-09-30 17:38:20 -04:00