Automatic merge from submit-queue.
Modified OS detection logic when updating http proxy settings.
Reduce duplication in configuring http proxy settings by writing it to the system-wide `/etc/environment` file and sourcing this in accordingly for the different services (docker, package management).
I have tested and this now correctly covers CoreOS by resolving the following bugs (I don't believe any issues were raised for these):
- Docker config file was located in `/etc/sysconfig/docker` as opposed to `/etc/default/docker`
- The `/etc/lsb-release` file exists for CoreOS, so the bootstrap script was incorrectly attempting to write proxy settings into the apt proxy config file
These changes should cover CoreOS, Debian, Ubuntu, RedHat distributions including CentOS and Fedora.
**NOTE:** A nodeup image will need to be built for these changes to work as expected, as now we rely on nodeup to update the proxy settings within the docker config (by sourcing in the env vars set within `/etc/environment`.
Automatic merge from submit-queue.
Add permissions to cluster autoscaler to get statefulsets
Otherwise getting error
User system:serviceaccount:kube-system:cluster-autoscaler cannot get statefulsets.apps in the namespace xxx. (get statefulsets.apps yyy)
Otherwise getting error
User system:serviceaccount:kube-system:cluster-autoscaler cannot get statefulsets.apps in the namespace xxx. (get statefulsets.apps yyy)
Automatic merge from submit-queue.
Update Weave Net to version 2.0.5
This PR also adds a manifest with a volume-mount for the iptables lock file, which avoids collisions between Weave components and kube-proxy that can sometimes result in a half-configured Weave network.
Only do this for Kubernetes 1.7 and above because it requires the change in kubernetes/kubernetes#47212
I don't really know what I'm doing in `bootstrapchannelbuilder.go`; I just followed the pattern I saw.
Other relevant updates in Weave Net since version 2.0.1 ([more details](https://github.com/weaveworks/weave/releases)):
* Fix race condition in NetworkPolicy Controller which would intermittently block all traffic for a namespace
* Add comments to each NetworkPolicy iptables rule and ipset, to help when troubleshooting
* Fix netfilter rules to block containers from accessing the Weave Net control endpoint
* Remove code that checked for an outdated fallback address for Kubernetes api-server
including a Weave Net template for Kubernetes 1.7 and above which adds
a volume-mount for the iptables lock file, which avoids collisions
between Weave components and kube-proxy that would result in a
half-configured Weave network.
This is only for version 1.7 and above because it requires the change
in https://github.com/kubernetes/kubernetes/issues/47212
Automatic merge from submit-queue.
`kops get ...` should exit with non-zero if the resource don't exist
Without this change, `kops get --name non-existing-cluster` will exit with a status of `0`, which makes it difficult to check if a cluster (and other resources) exist in a shell script.
cc @chrislovecnm, who I think originally wrote this code.
Without this change, `kops get --name non-existing-cluster` will
exit with a status of `0`, which makes it difficult to check if
a cluster (and other resources) exist in a shell script.
Automatic merge from submit-queue.
Update homebrew release docs.
`brew bump-formula-pr` has simplified the process for updating brew
forumla
* Added `brew bump-formula-pr` as prefered method
* Cleaned up line wrap
Automatic merge from submit-queue.
mounting kubectl from the host instead to installing in protokube
So this will fix our protokube kubectl versioning issue. Kubectl is in on host, if we are on a master, and is always the right version, so let's use it! Refactored a bit to get the distro path for kubectl. Need to test on gossip. Set the path on protokube and mounted kubectl in `/opt/kops/bin`.
/approve
TODO
- [ ] test gossip
Fixes https://github.com/kubernetes/kops/issues/3518
Automatic merge from submit-queue.
Replace logrotate crontab with systemd timer
Related to #2710, minor improvement mentioned in https://github.com/kubernetes/kops/pull/3488#issuecomment-333340885.
This change replaces the logrotate crontab with a systemd timer. Any existing systemd timer for logrotate will be overridden.
Kubernetes Submit Queue