Changes since 3.0.20200429:
* Use env vars to customize backup retention
* Use next attachment point when device already in use
* Simplify uploading backups
kube-apiserver doesn't expose the healthcheck via a dedicated
endpoint, instead relying on anonyomous-access being enabled. That
has previously forced us to enable the unauthenticated endpoint on
127.0.0.1:8080.
Instead we now run a small sidecar container, which
proxies /healthz and /readyz requests (only) adding appropriate
authentication using a client certificate.
This will also enable better load balancer checks in future, as these
have previously been hampered by the custom CA certificate.
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
With etcd-manager the DNS names should only be used by the
etcd-manager pod itself, so we don't need to share /etc/hosts with the
host.
By not sharing we avoid:
(1) the temptation to address etcd directly
(2) problems of concurrent updates to /etc/hosts being hard from within a container (because locking is difficult across bind mounts)
Introducing with kubernetes 1.17 to avoid changing behavior of existing versions.
Primarily for DigitalOcean support
Changes:
* fix issues in pr#253
* Update rules-docker to 0.12
* [DO-7442] Fix logic for Digital Ocean volume tag
* Update release process to use shipbot
* Move to go modules
* Update golang to 1.13.3
* travis: Test newer bazel versions
* Fix unit tests
* Test everything, not just //test
We had a port collision on 3997; change the default memberlist ports
to avoid the collision (we haven't shipped a release with this in it).
Also create a go file so that we can use constants to keep track of
our port numbers, rather than magic values.
Refactor to start to centralize the env-var configuration for system
components, also start to add test coverage so we can be sure we
haven't broken things!
Relnotes are at https://github.com/kopeio/etcd-manager/blob/master/docs/relnotes/3.0.20190801.md
Highlights:
* etcd-manager-ctl is now available in the image, and for download from github
* etcd 3.3.13 is included
* etcd-manager will now run a compatible version of etcd if it is available (for example, etcd 3.3.13 instead of 3.3.11), to better import backups or support migration
* listen-metrics-urls can now be specified and will be passed through to etcd
* improved docs around internals
update template
Update notes for digital ocean
Update TTL to 60 seconds and version upgrade to 0.1.15 for DO Cloud Controller Manager
Update review comments
Format go code
Again unlikely to matter since master nodes aren't expected to run out of
capacity, done mostly for completeness (all pods should usually have a
priority defined if the cluster is running with PodPriority enabled).
We don't call klog.InitFlags yet, because that will cause a flag
redefinition error until we get everyone to stop using glog. That
will happen when we update to k8s 1.13.
In 1.12 (kops & kubenetes):
* We default etcd-manager on
* We default to etcd3
* We default to full TLS for etcd (client and peer)
* We stop allowing external access to etcd
Ciprian Hacman
Justin SB
John Gardiner Myers
Ole Markus With
Rodrigo Menezes
Kubernetes Prow Robot
mmerrill3
Xiaoyu Zhong
tanjunchen
Jesse Haka
Srikanth
mikesplain
Kashif Saadat
Austin Moore
Arto Jantunen