kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
20,227 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

1299 Commits

Author SHA1 Message Date
Rohith a3ff7dd122 Node Secrets 
As present a number of secrets are downloaded to the /src/kubernetes directory regardless of role (master, node). This limits the
the node role to only donwload the ca.crt. The rest are for master nodes only

- removes basic_auth.csv, ca.key, known_tokens.csv, server.cert and server.key leaving only the ca.crt
 2017-07-27 17:25:44 +01:00
Hanfei Shen fc50984f09 support china region 2017-07-16 00:57:38 +08:00
Steele Clifton-Berry eb387ac4c6 Also increase fs.inotify.max_user_watches from default. 2017-07-13 15:50:53 +10:00
Steele Clifton-Berry 67e4e0f111 Increase fs.inotify.max_user_instances limit. Fixes #2912 2017-07-12 16:35:19 +10:00
Chris Love f1f6507fa8 Merge pull request #2808 from alexandrst88/aws-sg-fix 
Add SG parameter into AWS cloud-config
 2017-07-06 14:20:14 -06:00
Chris Love 20535248b4 Merge pull request #2773 from justinsb/authn_integration 
Initial support for authentication (kopeio)
 2017-07-06 14:11:22 -06:00
alexandrst88 6b81385584 Add SG parameter into AWS cloud-config 2017-07-04 15:44:21 +03:00
Jasmine Hegman 61f72a63c5 Change logrotate compress to delaycompress 
As per https://github.com/fluent/fluentd/issues/780#issuecomment-178065328
 2017-06-29 17:25:46 -07:00
Alex Simenduev 5644854b4b Change to EtcdBuilder in ETCD model 2017-06-25 02:30:44 +03:00
Justin Santa Barbara 752150ef22 Initial support for authentication (kopeio) 
Still experimental, so not doing a flag yet.
 2017-06-20 00:15:39 -04:00
Justin Santa Barbara d2df318ecc Move CloudProvider to kops API 
This avoids a circular reference when breaking up the fi package
 2017-06-17 16:27:07 -04:00
Murali Reddy e872dbcb86 add support for kube-router as CNI networking provider 
fixes #2606

Most part of the changes are similar to current supported CNI networking
provider. Kube-router also support IPVS bassed service proxy which can
be used as replacement for kube-proxy. So the manifest for kube-router
included with this patch enables kube-router to provide pod-to-pod
networking, IPVS based service proxy and ingress pod firewall.
 2017-06-09 17:01:31 +05:30
Otto Yiu c22b3cc035 Fix log rotation of apiserver audit logs 
Fixed an oops I created in #2494 where log rotation does not function
as expected.

The kube-apiserver first has to rename the existing audit log prior to a new one
being created. Renaming is not possible when the audit file is mounted
directly as the host path. kube-apiserver will return a 'Device or
resource busy' error when it tries to do so. So instead, we mount the
directory of the path instead of the file itself. Also remove the
creation of an empty audit log file as that is no longer necessary for
Docker to mount a directory.

"If an audit log file already exists, Kubernetes appends new audit logs
to that file. Otherwise, Kubernetes creates an audit log file at the
location you specified in audit-log-path. If the audit log file exceeds
the size you specify in audit-log-maxsize, Kubernetes will rename the
current log file by appending the current timestamp on the file name
(before the file extension) and create a new audit log file. Kubernetes
may delete old log files when creating a new log file; you can configure
how many files are retained and how old they can be by specifying the
audit-log-maxbackup and audit-log-maxage options."

Source: https://kubernetes.io/docs/tasks/debug-application-cluster/audit/

Tested this on Kubernetes 1.6 and with an audit log path specified to
be:
/var/log/kube-apiserver-audit.log

The kube-apiserver container has this mounted:
/dev/xvda1 on /var/log type ext4 (rw,relatime,data=ordered)
 2017-06-01 13:43:06 -07:00
chrislovecnm 56e11e0750 fixing directory perms 2017-05-17 19:36:08 -06:00
Chris Love f15b317b47 Merge pull request #2523 from dolftax/fix-kube-dir-permission 
[Fixes #2466] Creates .kube dir at /home/admin with group/owner as admin
 2017-05-11 13:37:20 -06:00
Jaipradeesh Janarthanan 16c7a36b20 [Fixes #2466] Creates .kube dir at /home/admin with group/owner as admin 
Signed-off-by: Jaipradeesh Janarthanan <jaipradeesh@gmail.com>
 2017-05-08 12:30:54 +05:30
Otto Yiu 71d7be772a Expose kube-apiserver audit log to host volume 
This commit exposes kube-apiserver's audit log to the host as a host
mapping.

PR #1872 gave the ability to users to define a custom log path for the
apiserver to write its audit logs to. Prior to this commit, the log file
would stay within the container's filesystem, and getting access to it from
outside the container was a nuisance.

This change allows a logging aggregator, like fluentd, to be able
to read and tail this log from outside the kube-apiserver container.
 2017-05-04 15:20:29 -07:00
Justin Santa Barbara eddd73549c Use LB IP address for private dns 2017-04-25 01:32:27 -04:00
Justin Santa Barbara c8b18be9dd Gossip backed DNS 2017-04-25 01:32:21 -04:00
Abrar Shivani 3707436f2f Change vm_uuid location 2017-04-20 23:38:32 -07:00
Abrar Shivani e191f7dd96 Add vm-uuid in cloud-config file required by Kubernetes vSphere CloudProvider 2017-04-20 23:37:40 -07:00
Miao Luo 67771470cc Minor fix for gofmt ci test. 2017-04-20 23:37:40 -07:00
Abrar Shivani 2da57ef142 Support for vSphere Cloud Provider < v1.5.3 2017-04-20 23:37:40 -07:00
Abrar Shivani 5889814c90 Support for vSphere Cloud Provider 2017-04-20 23:33:21 -07:00
Miao Luo 6b010c4c5e Enable CoreDNS in nodeup/protokube (#6) 
* Enable CoreDNS in nodeup/protokube.

* Address comments.
 2017-04-20 23:33:21 -07:00
prashima e51e841d0c Added vSphere volumes to protokube, updated vSphere testing doc and makefile. (#1) 
* Add vSphere volumes to protokube. Update vSphere testing doc and makefile.

* Updated vsphere_volume to get correct IP. Addressed comments.
 2017-04-20 23:33:20 -07:00
SandeepPissay 82f9f0668d vsphere initial support. 2017-04-20 23:31:21 -07:00
Justin Santa Barbara 4dcc6ad067 Merge pull request #2370 from luomiao/userdefined-s3endpoint 
Support user-defined s3 endpoint
 2017-04-20 01:17:08 -04:00
Chris Love 6e81a8c1b5 Merge pull request #2260 from justinsb/hooks_poc 
PoC of hooks
 2017-04-19 16:00:24 -06:00
Justin Santa Barbara 57deb17562 Enable CertificateSigner API on k8s 1.6 2017-04-19 16:10:03 -04:00
Miao Luo 76437a77d4 Support user-defined s3 endpoint. 2017-04-18 11:27:07 -07:00
Justin Santa Barbara 1909b88097 Pass --network-plugin-dir for kubenet 
kubenet continues to look there rather than --cni-bin-dir
 2017-04-10 10:01:45 -04:00
Eric Hole 76e98087ac Merge pull request #2330 from justinsb/remove_cni_tag 
Replaces UsesCNI with logic
 2017-04-10 08:34:09 -04:00
Justin Santa Barbara 391a9b1897 Replaces UsesCNI with logic 2017-04-10 00:07:40 -04:00
Eric Hole c3b794edcd Merge pull request #2166 from justinsb/touch_kubeapiserver_log_to_code 
Move touching kubeapiserver log file to code
 2017-04-09 09:51:29 -04:00
Justin Santa Barbara 76f7665ed1 Apply gofmt 2017-04-08 01:53:09 -04:00
Justin Santa Barbara 7ba283f5e3 Merge pull request #2172 from waldman/feature/issue-2171 
Add AWS CloudConfig DisableSecurityGroupIngress Configuration Parameter
 2017-04-08 01:52:38 -04:00
Justin Santa Barbara 8287a75fec Move touching kubeapiserver log file to code 2017-04-07 22:43:59 -04:00
Chris Love c5daf400ba Merge pull request #2283 from justinsb/docker_1_12_6 
Update to docker 1.12.6 for k8s 1.6
 2017-04-06 13:34:28 -06:00
Justin Santa Barbara a5e2d7f79e Fix CNI bin & conf paths 
Stop using the networking-plugin-dir flag, and replace with the
cni-bin-dir and cni-conf-dir flags, set appropriately.

Thanks for spotting @prachetasp

Issue #2267
 2017-04-06 01:21:35 -04:00
Justin Santa Barbara 26b8421dda Merge pull request #2285 from justinsb/fix_tests 
Tidy up kubelet nodeup tests
 2017-04-06 01:16:58 -04:00
Justin Santa Barbara ba1af6950e Tidy up kubelet nodeup tests 2017-04-06 00:18:43 -04:00
Justin Santa Barbara a935a81b51 Merge pull request #2223 from andrewsykim/set-nf-conntrack-max-in-kubeproxy 
Set nf_conntrack_max in kubeproxy
 2017-04-06 00:13:14 -04:00
Justin Santa Barbara bc0063e1cb Update to docker 1.12.6 for k8s 1.6 2017-04-04 01:24:49 -04:00
chrislovecnm 131bc77abb Adding feature gates flag for kubelet, and unit tests 2017-04-03 11:13:21 -06:00
Justin Santa Barbara e04fdbd95d PoC of hooks 2017-03-31 22:33:25 -04:00
Chris Love f63c52c425 Merge pull request #2225 from justinsb/use_kcm_serviceaccounts 
Set --use-service-account-credentials for 1.6
 2017-03-29 10:50:42 -06:00
Justin Santa Barbara 2678f7e4be Merge pull request #2221 from justinsb/use_tee 
Use tee for kube-proxy, so kubectl logs works
 2017-03-29 11:44:07 -04:00
Justin Santa Barbara e5ec85fb7c Merge pull request #2220 from justinsb/disable_insecure_port 
Be able to disable insecure port for apiserver
 2017-03-29 11:43:40 -04:00
Justin Santa Barbara 19db8b37a0 Set --use-service-account-credentials for 1.6 2017-03-29 11:42:24 -04:00
Justin Santa Barbara 4179074590 Add RBAC roles to basic auth 2017-03-29 00:42:03 -04:00
andrewsykim c2e3717df2 remove setting nf_conntrack_max in nodeup 2017-03-28 21:40:19 -04:00
andrewsykim 8ee736a485 kube-proxy overwrites nf_conntrack_max so we should set it there 2017-03-28 21:38:09 -04:00
Justin Santa Barbara 8b965a0ad9 Disable insecure port for apiserver 
All components need a kubeconfig
 2017-03-28 21:26:17 -04:00
Justin Santa Barbara fe3b1f3abe Use tee for kube-proxy, so kubectl logs works 2017-03-28 20:48:48 -04:00
Justin Santa Barbara c6b4288e61 Pull fixes from the integration branch 2017-03-28 20:42:15 -04:00
Justin Santa Barbara 4c28bd30e4 Enable RBAC on 1.6 2017-03-28 20:14:13 -04:00
Justin Santa Barbara eecf22d593 Merge pull request #2206 from justinsb/kubeproxy_to_code 
Move kubeproxy configuration to code
 2017-03-28 19:51:02 -04:00
Justin Santa Barbara 04b4659923 Log kube-proxy command after we build it 2017-03-28 19:37:03 -04:00
Justin Santa Barbara c4e05ca1b1 Fix taint format 2017-03-28 12:26:10 -04:00
Justin Santa Barbara e2a06a389a Move kubeproxy configuration to code 
Also map kube-proxy ClusterCIDR arg.
 2017-03-28 10:03:17 -04:00
Justin Santa Barbara fea4df5868 Merge pull request #2202 from justinsb/post_2095 
More log options for k8s 1.6
 2017-03-28 01:25:20 -04:00
Justin Santa Barbara cb8ea7e043 Use repeated flags for log-opt to docker 
Also add tests for the expected format
 2017-03-28 00:53:31 -04:00
Justin Santa Barbara 3bf0dcd086 Move logrotate configuration to code 2017-03-28 00:44:22 -04:00
Justin Santa Barbara e6fb0a3d67 Move kube-scheduler to code & RBAC 2017-03-28 00:26:59 -04:00
Justin Santa Barbara 4006741a5d Update for new taints / labels names 2017-03-27 23:13:39 -04:00
Justin Santa Barbara 86d544c2f3 Update protokube to make tainting optional 
As of 1.6, kubelet can apply the taints, so we don't need to do it in
protokube.
 2017-03-27 23:08:15 -04:00
Justin Santa Barbara ae52277272 Update error message for golang style 2017-03-27 10:23:32 -04:00
Leon Waldman 133153b9a2 Add AWS CloudConfig DisableSecurityGroupIngress Configuration Parameter 2017-03-22 21:49:38 -03:00
Justin Santa Barbara b9204e9911 Initial Container-Optimized OS support 
Add initial support for google's container-optimized OS (available on
GCE).
 2017-03-20 23:47:37 -04:00
Justin Santa Barbara cb4641fea3 Code updates 2017-03-16 02:40:50 -04:00
Justin Santa Barbara 3d14d07616 Support cloud-config on GCE 2017-02-28 20:08:03 -05:00
Justin Santa Barbara 645f330dad Re-enable GCE support 
We move everything to the models.  We feature-flag it, because we
probably want to change the names etc, and we aren't going to be able to
offer smooth upgrades until that is done.
 2017-02-28 20:08:03 -05:00
Michael Taufen c24a017ed5 use --kubeconfig on kubelet instead of --api-servers in post 1.6 clusters 2017-02-27 15:49:11 -08:00
Justin Santa Barbara 4557ee7b9e Add socat to CoreOS 
We build a statically linked version and distribute it with kops.

Note that our version of socat does not include libssl, but kubernetes
does not use it anyway.
 2017-02-24 01:24:25 -05:00
Justin Santa Barbara 1c7818833a Merge pull request #1813 from aledbf/coreos 
Initial (experimental) CoreOS support
 2017-02-14 11:08:40 -05:00
Justin Santa Barbara 75447f8b44 Install ethtool in nodeup 
Issue #1830
 2017-02-11 16:16:09 -05:00
Manuel de Brito Fontes 6715bd53db Address comments 2017-02-11 13:57:30 -03:00
Manuel de Brito Fontes da2630638b Fix build 2017-02-11 13:57:30 -03:00
Justin Santa Barbara 1bacf8271e Initial (experimental) CoreOS support 
* Detect CoreOS
* Move key manifests to code, to tolerate read-only mounts
* Misc refactorings so more code can be shared
* Change lots of ints to int32s in the models
* Run nodeup as a oneshot systemd service, rather than relying on
cloud-init behaviour which varies across distros
 2017-02-11 13:57:30 -03:00
Manuel de Brito Fontes 572e2ab53e Increase conntrack table size using sysctl 2017-02-08 12:14:41 -03:00
Justin Santa Barbara a909f38b9c Merge pull request #1790 from justinsb/k8s_version_per_kops_version 
Recommend a k8s version based on each kops version
 2017-02-06 20:13:57 -05:00
Justin Santa Barbara 2d37ab1ca5 Recommend a k8s version based on each kops version 
So the flow is that we recommend (or strongly recommend) a new kops
version when one is required for a new version, and then the new kops
version will recommend (or strongly recommend) a new k8s version.

We don't have a notion of multiple recommended k8s versions per kops
version - that is what channels are for.

Users are always free to disregard updates, even "required" ones by
setting a flag.
 2017-02-06 01:06:03 -05:00
Justin Santa Barbara 46a770bf43 Don't set docker.socket on RHEL 
For Docker >= 1.12

Fix #1781
 2017-02-05 23:50:56 -05:00
Justin Santa Barbara fc66ac19a3 Install ebtables in nodeup 
Partially addresses #1711.  We want to preinstall ebtables to fully fix.
 2017-02-01 02:18:28 -05:00
Justin Santa Barbara 93d0a79833 Fix path to docker service manifest 
Fix #1542
 2017-01-30 01:50:20 -05:00
Justin Santa Barbara 5ace7ef11b protokube: build etcd manifest in code 2017-01-24 12:14:25 -05:00
Chris Love 645bf798b6 Merge pull request #1523 from justinsb/remove_kubelet 
Refactor kubelet to code
 2017-01-19 08:10:23 -08:00
Justin Santa Barbara d561d33e60 Refactor kubelet to code 
More splitting up the CoreOS PR
 2017-01-18 21:53:52 -05:00
Justin Santa Barbara 670b3712ef Remove systemd manifest (for real) 
I forgot to actually remove the old copy we were moving last time!
 2017-01-18 01:09:35 -05:00
Kris Nova 5c7174da00 Merge pull request #1487 from justinsb/split_out_systemd 
Split out systemd package
 2017-01-16 21:19:57 -07:00
Justin Santa Barbara 515d4ddb21 Split out distros into its own package 
Part of splitting up the coreos PR
 2017-01-15 18:18:34 -05:00
Justin Santa Barbara b3fd80ac11 Split out systemd package 
Part of splitting up the CoreOS PR
 2017-01-15 17:52:56 -05:00
Justin Santa Barbara 6d6f8cb932 Fixes per code review 2017-01-11 00:12:59 -05:00
Justin Santa Barbara 8342208cc5 Build docker service in code, to cope with variations 
The docker systemd manifest changes a lot between versions - build it in
code for sanity.
 2017-01-10 15:22:09 -05:00
Justin Santa Barbara 17f54fefb7 Clean up sysctls 
Remove duplicate key; add missing blank line
 2017-01-09 00:30:47 -05:00
Justin Santa Barbara 5b3524cb80 Set default sysctls 2017-01-04 00:08:56 -05:00
Justin Santa Barbara 2f256b9d39 Add tests for docker nodeup side 2016-12-20 13:10:39 -05:00
Justin Santa Barbara 846b7601db Configure DockerVersion in Docker Spec 
And automatically choose 1.12.3 for k8s >= 1.5, 1.11.2 for < 1.5

Fix #849
 2016-12-20 00:34:40 -05:00