kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,710 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

206 Commits

Author SHA1 Message Date
Kubernetes Submit Queue 5e2251bb84
Merge pull request #4022 from KashifSaadat/keyfile-permissions 
Automatic merge from submit-queue.

Remove world read permissions on sensitive key files.

The key files pulled from S3 had world read permissions by default (644). This PR sets the permissions to 600 on `.key` and `.pem` files.
 2017-12-14 00:25:41 -08:00
Kubernetes Submit Queue d0618e1471
Merge pull request #4014 from blakebarnett/bdb/fix_docker_stretch_url 
Automatic merge from submit-queue.

Fix URL for Docker 17.03.2 on Debian Stretch
 2017-12-11 06:26:30 -08:00
wannabesrevenge 4661fd5e8e
Fix libcgroup dependency typo 
In nodeup/pkg/model/docker.go, libcgroup is listed as a dependency for various environments. A couple times this is misspelled as libgcroup
 2017-12-08 13:35:13 -06:00
Kashif Saadat a8866fbcc9 Remove world read permissions on sensitive key files. 2017-12-07 09:43:14 +00:00
Blake d3615cb1d9 Fix URL for Docker 17.03.2 on Debian Stretch 2017-12-05 17:40:22 -08:00
Justin Santa Barbara 7fa4c28b1b Ensure iptables forwarding is enabled 
Docker 1.13 changed how it set up iptables in a way that broke
forwarding.

We previously got away with it because we set the ip_forward sysctl,
which meant that docker wouldn't change the rule.  But if we're using an
image that preinstalled docker, docker might have already reconfigured
iptables before we run, and we didn't set it back.

We now set it back.

https://github.com/kubernetes/kubernetes/issues/40182
 2017-11-30 20:29:32 -05:00
Kubernetes Submit Queue 0a2f949fd9
Merge pull request #3929 from justinsb/add_service_extension_if_not_exists 
Automatic merge from submit-queue.

Don't add .service extension if already there
 2017-11-26 16:45:29 -08:00
Kubernetes Submit Queue 8f0566d8a8
Merge pull request #3926 from justinsb/kubernetes_assets 
Automatic merge from submit-queue.

Use EnsureTask so we don't have to track directories as closely
 2017-11-26 15:43:20 -08:00
Justin Santa Barbara 079464c223 Don't add .service extension if already there 2017-11-26 17:05:59 -05:00
Justin Santa Barbara b2cd5c961c Use EnsureTask so we don't have to track directories as closely 
Issue #3921
 2017-11-26 01:49:19 -05:00
Ali Rizwan c324b01b7a Added .service to hooks unit files 
Recent versions of systemd (version 229 at least) included in Ubuntu
16.04 and Debian 9 require the systemd unit files to have a .service
extension.

Signed-off-by: Ali Rizwan <ari@hellofresh.com>
 2017-11-24 17:07:58 +01:00
Divya Vavili b698c684a9 Add support for docker 17.09.0 version 
Signed-off-by: Divya Vavili <vavili.divya@gmail.com>
 2017-11-16 11:55:11 -08:00
Kashif Saadat 1fdbbecce1 Fix CoreOS logrotate service failure. 2017-11-13 10:16:16 +00:00
Mikael Knutsson 2de2ab53a8
Debian Stretch versions for Docker to support K8s 1.8 2017-11-09 10:41:17 +08:00
chrislovecnm 609e268a1d gazelle updates with new bazel version 2017-11-05 17:41:53 -07:00
chrislovecnm 1e418c3e13 more goimport updates 2017-11-04 10:03:02 -06:00
Justin Santa Barbara 6a7c109f43 fix typo in comment: mananging 2017-10-30 23:47:59 -04:00
Justin Santa Barbara b2bcba4a6d GCE: Use object-level permissions for files in GCS 
This lets us configure cross-project permissions while ourselves needing
minimal permissions, but also gives us a nice hook for future lockdown
of object-level permissions.
 2017-10-29 19:17:00 -04:00
Kubernetes Submit Queue aab00d7dc3 Merge pull request #3699 from brdude/disable_kube-proxy 
Automatic merge from submit-queue.

Allow disabling kube-proxy

This adds the ability to turn off kube-proxy.

My specific use case is the usage of a custom CNI.
 2017-10-26 23:05:57 -07:00
Manatsawin Hanmongkolchai a708919bf4 Generate scheduler policy by dynamic cluster addons 2017-10-27 08:56:07 +07:00
chrislovecnm bc9df922f0 refactored to return err 2017-10-26 17:25:51 -06:00
chrislovecnm 4de78b0055 setting up etcd to use asset builder for its container 2017-10-26 17:25:50 -06:00
Rodrigo Menezes 8ad9b3c931 fix 2017-10-25 21:33:21 -07:00
Rodrigo Menezes 1edd99ccc1 Allow disabling kube-proxy 2017-10-25 14:23:58 -07:00
Kubernetes Submit Queue 8df13bd468 Merge pull request #3679 from justinsb/support_api_aggregation 
Automatic merge from submit-queue.

Initial aggregation work

Create the keypairs, which are supposed to be signed by a different CA.
    
Set the `--requestheader-...` flags on apiserver.
    
Fix #3152
Fix #2691
 2017-10-24 12:08:27 -07:00
Justin Santa Barbara 7c695e7d00 Rename flag from network-plugin-dir -> cni-bin-dir 
Per https://github.com/kubernetes/kubernetes/pull/53564
 2017-10-23 00:54:37 -04:00
Justin Santa Barbara a879521ba3 Initial aggregation support 
Create the keypairs, which are supposed to be signed by a different CA.

Set the `--requestheader-...` flags on apiserver.

Fix #3152
Fix #2691
 2017-10-22 14:41:38 -04:00
Matt Schurenko 298747e9ae adding etcd settings to protokube 2017-10-20 00:32:53 -04:00
Kubernetes Submit Queue 8718b4a4a0 Merge pull request #3628 from justinsb/rhel7_docker_1_12_6_deps 
Automatic merge from submit-queue.

Docker dependencies for docker 1.12.6 on RHEL
 2017-10-13 23:38:42 -07:00
Kubernetes Submit Queue 3a1f866144 Merge pull request #3621 from justinsb/protokube_mount_using_nsenter 
Automatic merge from submit-queue.

Simplify protokube mounter using nsenter executor
 2017-10-13 19:49:46 -07:00
Justin Santa Barbara 437a4c832c Docker dependencies on RHEL 
Add missing docker depednencies
 2017-10-13 22:27:04 -04:00
Justin Santa Barbara 9517a1c4a7 Simplify protokube mounter using nsenter executor 
Makes it much clearer, and avoids problems when systemd is in the host
but not the container.
 2017-10-13 21:37:15 -04:00
Kashif Saadat c78790f902 Modified OS detection logic when updating http proxy settings. 2017-10-13 19:08:47 +01:00
Justin Santa Barbara f6a995b701 Create logrotate service where not installed by default 
Otherwise the logrotate timer has nothing to target.
 2017-10-10 09:32:21 -04:00
Kubernetes Submit Queue 2500ee07f8 Merge pull request #3550 from chrislovecnm/protokube-kubectl 
Automatic merge from submit-queue.

mounting kubectl from the host instead to installing in protokube

So this will fix our protokube kubectl versioning issue.  Kubectl is in on host, if we are on a master, and is always the right version, so let's use it!  Refactored a bit to get the distro path for kubectl.  Need to test on gossip.  Set the path on protokube and mounted kubectl in `/opt/kops/bin`.

/approve

TODO

- [ ] test gossip

Fixes https://github.com/kubernetes/kops/issues/3518
 2017-10-10 03:50:15 -07:00
Julian V. Modesto 9d589af4c5 Replace logrotate crontab with systemd timer 2017-10-08 23:12:10 -07:00
Kubernetes Submit Queue 7cfa1b7b90 Merge pull request #3488 from julianvmodesto/logrotate-coreos 
Automatic merge from submit-queue.

Enable logrotate for Kubernetes configs on CoreOS

Addresses #2710.

Also, remove logrotate crontab because logrotate ships with a systemd timer, `logrotate.timer`, to run logrotate daily.
 2017-10-08 22:53:33 -07:00
Justin Santa Barbara af6a7ef4d8 Containerized mounter fixes per code review 2017-10-08 11:41:09 -04:00
Justin Santa Barbara 3a38d05385 GCE: install containerized mounter on COS 
The containerized mounter is a little tricky to install, with lots of
bind mounts.  This code path is only hit on GCE though.
 2017-10-08 11:12:37 -04:00
chrislovecnm 0706c21dbc mounting kubectl from the host instead to copying it to protokube 2017-10-07 20:23:57 -06:00
Rodrigo Menezes 3b3453d7c5 Newer versions of docker do not follow Semantic Versioning 2017-10-07 17:04:32 -07:00
Justin Santa Barbara d835cb690a nodeup: warn if no docker version matched 
Helps to understand what went wrong if something went wrong.
 2017-10-04 02:39:09 -04:00
Kubernetes Submit Queue 35ead73978 Merge pull request #3462 from justinsb/map_docker_1_13_1_17_03_1 
Automatic merge from submit-queue.

Map docker 1.13.1 & 17.03.1, default 1.8 to 1.13.1

Kubernetes 1.8 adds validation for 1.13.1 and 17.03.1 (17.03.1 being
essentially the same as 1.13.1).

For 1.8, the default should be 1.13.1
 2017-10-03 18:10:52 -07:00
Justin Santa Barbara cc559dc373 Map docker 1.13.1 & 17.03.2, default 1.8 to 1.13.1 
Kubernetes 1.8 is validated with 1.13.1 and 17.03.2.

For 1.8, the default should be 1.13.1
 2017-10-03 19:04:20 -04:00
Justin Santa Barbara b63f4d2dbe Add data dependencies to go_test rules 
This lets all the tests pass in bazel, other than create_cluster which
references files outside its tree.
 2017-10-03 10:45:50 -04:00
Justin Santa Barbara 0143be7c4f autogen: BUILD and BUILD.bazel 2017-10-02 14:27:21 -04:00
Justin Santa Barbara 544990842a More fixes for 1.8 API changes 2017-10-01 23:02:32 -04:00
Justin Santa Barbara 95d4f3eb59 More code updates for 1.8 2017-10-01 21:13:00 -04:00
Justin Santa Barbara 3478031533 API types changed package 2017-10-01 14:03:56 -04:00
Kubernetes Submit Queue 34bb6ec3cd Merge pull request #3494 from justinsb/pod_critical_annotations 
Automatic merge from submit-queue.

Add critical pod annotations to our system pods
 2017-09-30 22:32:08 -07:00