kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,633 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

252 Commits

Author SHA1 Message Date
hatappi 3b1c1f1639 fix(apiserver): allow multiple service-account-key-file 2019-10-14 10:52:48 +09:00
Gabriel Tiossi 83dc5df52b Add Event TTL flag 
Enable cluster spec to support "event-ttl" flag from kube-apiserver to
change event retention time
 2019-10-10 14:23:34 -03:00
Justin SB bdd2e54624
Change float to resource.Quantity 
This should make apimachinery (in particular CRD generation) happier,
because floats may not round trip correctly.
 2019-09-29 13:48:10 -04:00
Kubernetes Prow Robot 5882e6aa9d
Merge pull request #7684 from tanjunchen/perfect-some-mistakes 
fix-up some spelling mistakes in /pkg
 2019-09-27 00:05:37 -07:00
chentanjun 3d1966df84 fix-up some spelling mistakes in /pkg 2019-09-26 10:15:44 +08:00
Roman Messer 98033345d4 Fix Description for KubeProxy MetricsBindAddress 
KubeProxy only accepts an IP address as --metrics-bind-address. The metrics port has to be specified as separate option.
 2019-09-25 12:57:14 +02:00
Kubernetes Prow Robot e431391ac1
Merge pull request #7610 from rifelpet/aws-pod-identitiy-fields 
Expose API Server flags needed for AWS pod identities
 2019-09-18 06:47:29 -07:00
Peter Rifel 28f306d78e Expose API Server flags needed for aws pod identities 
This adds the fields described in the documentation here:

https://github.com/aws/amazon-eks-pod-identity-webhook/blob/master/SELF_HOSTED_SETUP.md#kubernetes-api-server-configuration
 2019-09-17 15:58:55 -07:00
mikesplain 6cbaed5aec Add horizontalPodAutoscalerDownscaleStabilization 2019-09-12 09:02:01 -04:00
mikesplain 9e55b8230a Update copyright notices 
Also cleans some white spaces
 2019-09-09 14:47:51 -04:00
Jesse Haka daac327372 remove default insecure from openstack 2019-09-06 10:56:33 +03:00
Kubernetes Prow Robot 2d1b010071
Merge pull request #7346 from ripta/max-pd-vols 
Add maxPersistentVolumes to support the KUBE_MAX_PD_VOLS scheduler setting
 2019-08-15 22:54:32 -07:00
Kubernetes Prow Robot 61bcc5bf43
Merge pull request #7355 from appvia/bugfix-flexvolume-dir-mount 
Set and mount the correct volume plugin dir based on OS
 2019-08-01 16:43:51 -07:00
Kashif Saadat 4514215656 Set and mount the correct volume plugin dir based on OS 2019-08-01 17:54:08 +01:00
Ripta Pasay a31a6b60ca Add maxPersistentVolumes to support the KUBE_MAX_PD_VOLS scheduler setting 2019-07-30 11:44:45 -07:00
Anders Eknert bc967536ca Add mappings for Webhook authorization mode. 2019-07-30 16:02:13 +02:00
Jesse Haka 4d5ce12714 do not append admissionplugins 2019-06-27 08:26:31 +03:00
Rodrigo Menezes 4771c40c27 add --kube-api-burst flag 2019-06-17 23:06:26 -07:00
Rodrigo Menezes 1b9a501a0b Allow user to set the --kube-api-qps on KubeControllerManager 2019-06-17 14:36:01 -07:00
Raphael Deem 1b3a326d8e support apiserver admission-control-config-file flag 2019-06-06 10:17:23 -07:00
Jesse Haka 4cad3676a7 implement append admission controllers 2019-05-26 12:38:16 +03:00
Rohith aeb80939c6 KubeAPIServer HTTP2 Stream Parameter 
- just adding another configurable parameter as we hit issues due to pod levels
 2019-04-17 12:53:14 +01:00
Kubernetes Prow Robot b91db4f360
Merge pull request #6706 from granular-ryanbonham/apiserver_cpurequest 
Add ability to specify cpuRequest for API Server
 2019-04-10 08:04:13 -07:00
José Luis Ledesma 0699f422ab Rename RegistryQPS to RegistryPullQPS + add RegistryBurst 2019-04-10 08:17:01 +02:00
José Luis Ledesma c4a9b2a9bb add the registry-qps kubelet flag 2019-04-10 08:14:15 +02:00
Matteo Ruina c668cda6a6 Add min-resync-period for Controller Manager 2019-04-05 23:30:53 +02:00
Ryan Bonham 415472a76e Update comment to correct reflect api server and not kube proxy. specify default in comment 2019-04-03 09:34:12 -05:00
Ryan Bonham ec418400f6 Update API for CPURequest 2019-03-29 15:06:20 -05:00
Ryan Bonham 98a56827dd Merge branch 'master' into apiserver_cpurequest 2019-03-29 14:07:30 -05:00
Ryan Bonham a75dcdda35 Add Ability to set cpu request for api server 2019-03-29 13:56:21 -05:00
Charles cb579647ac remove the poorly named version 
it looks like I had the right idea renaming it but I added another
option rather than replacing. this commit removes the old one
 2019-03-29 09:07:39 -07:00
Charles e464677940 consistent naming 
changed from management to manager as it more closely ties to the
kubelet flag
 2019-03-29 08:56:06 -07:00
Charles 345e468926 Add cpu management policy config 
This adds the --cpu-manager-policy to the kubelet config
 2019-03-29 08:49:17 -07:00
Kubernetes Prow Robot 24b36668f8
Merge pull request #6470 from rochacon/custom-tls-cipher-suites 
Add flags for TLS Cipher suites customization for API Server, Kubelet and Controller-Manager
 2019-03-25 11:24:19 -07:00
Jesse Haka 8f945d31c4 Override volume zone name 2019-03-22 13:44:29 +02:00
Rodrigo Chacon 6532ecf377 Add TLS Cipher suite configuration flags for apiserver, controller-manager and kubelet 
Signed-off-by: Rodrigo Chacon <rochacon@gmail.com>
 2019-03-20 13:40:38 -03:00
Kubernetes Prow Robot 0ab385c46b
Merge pull request #6632 from zetaab/managesecgroups 
Add manage security groups for loadbalancers
 2019-03-18 18:52:20 -07:00
Jesse Haka dab9c1800a add manage sec groups for loadbalancers 2019-03-18 11:27:31 +02:00
Justin SB 720174c678
Sync data-types for webhook config with upstream 
This is going to be in componentconfig soon, so it would be nice to
have the same types.

These flags were recently mapped in #6361 and have not yet been in a
release - it's now or never!  (Though technically it is only the
AuditWebhookBatchThrottleEnable that won't parse identically)

Also added tests!
 2019-03-17 22:13:24 -07:00
Kubernetes Prow Robot b25ff1c814
Merge pull request #6361 from mbelangerupgrade/webhook 
Added Audit Webhook config
 2019-03-14 23:32:56 -07:00
Alex Williams fa458b759f
Add ServiceAccountKeyFile to KubeAPIServerConfig 2019-03-04 16:13:23 +00:00
Kubernetes Prow Robot 8cea9af6e6
Merge pull request #6525 from pgdagenais/cluster-signing-duration 
Add Experimental Cluster Signing Duration flag
 2019-02-27 15:10:15 -08:00
Jesse Haka ae3ad36a28 add router subnet specify option 2019-02-27 14:29:30 +02:00
Jesse Haka ded99c8ab1 specify subnet for lb 2019-02-27 14:24:56 +02:00
Jesse Haka 71452d0ddd specify dns servers to openstack subnet 2019-02-25 22:54:07 +02:00
pgdagenais 78a4021719 Add cluster signing duration flag 2019-02-24 16:35:27 +00:00
Rohith 96efe7d13d Kube Proxy Metrics Option 
- adding the kube proxy metrics option to the components
 2019-02-21 23:03:06 +00:00
Jeremy Mathevet 893742fb32
kube-apiserver: Add oidc-required-claim flag 2019-02-08 17:45:32 +00:00
Kubernetes Prow Robot c1c74b7fdc
Merge pull request #6375 from mytaxi/kubelet-cpu-cfs-quota 
Allow users to set kubelet cpu-cfs-quota and cpu-cfs-quota-period flags
 2019-01-27 12:58:44 -08:00
Markus Meyer c8202cf8bb Allow users to set kubelet cpu-cfs-quota and cpu-cfs-quota-period flags 2019-01-23 08:47:38 +01:00
Marc-Andre Belanger 5c2bb57489 trying float 64 as float 32 was not used in this 2019-01-18 13:39:53 -05:00
Derek Lemon -T (delemon - AEROTEK INC at Cisco) 292b3a8589 Storage config for openstack cloud config 2019-01-18 11:39:39 -07:00
Marc-Andre Belanger 3ed0472410 fixed references 2019-01-18 12:56:54 -05:00
Marc-Andre Belanger 5c96c8775c fixed c&p mistake 2019-01-18 12:38:29 -05:00
Marc-Andre Belanger f77d51b9ef fixed c&p mistake 2019-01-18 12:22:59 -05:00
Marc-Andre Belanger a6145a2dbf added webhook config to ApiServer 2019-01-18 12:18:08 -05:00
Derek Lemon -T (delemon - AEROTEK INC at Cisco) eb256593bc Setting project ID as well in cloudconfig. Using loadbalancerID in cloudconfig. Retrieving instance IP from openstack in protokube. 2019-01-18 10:17:14 -07:00
Derek Lemon -T (delemon - AEROTEK INC at Cisco) fc740dbba3 Adding ability to specify to create_cluster openstack external network by name 2019-01-17 11:43:08 -07:00
Derek Lemon -T (delemon - AEROTEK INC at Cisco) 8e353028bc Openstack ComponentConfig Documentation and Generated Functions 2019-01-16 09:17:49 -07:00
Derek Lemon -T (delemon - AEROTEK INC at Cisco) fb0939af9b Openstack Model, tasks, and cloud ops refactor 2019-01-15 14:16:08 -07:00
Justin SB 26bd75aecb
Bulk spelling fixes 
Experimenting with my own spelling checker, these are the typos it caught.
 2018-12-20 17:43:56 -05:00
Rodrigo Menezes 7b6214577e fix typo 2018-12-07 02:03:05 -08:00
Rodrigo Menezes 7231c20f60 ExperimentalAllowedUnsafeSysctls has moved to AllowedUnsafeSysctls in k8s 1.11 2018-12-07 00:20:32 -08:00
Rich Lees 15f0fb7187 Enable HPA tolerance configuration pass 1 2018-11-29 15:59:57 +00:00
fernando.carletti 4b27e6c8ee
Add flag to disable Basic Auth. 2018-10-16 19:04:38 -05:00
k8s-ci-robot 2a260791c0
Merge pull request #5935 from gambol99/ipvs_options 
IPVS Options
 2018-10-15 14:21:11 -07:00
Liran Polak 7654a923f1 feature: new integration: spotinst 2018-10-14 11:37:31 +03:00
Rohith 380cadd178 IPVS Options 
- adding the additional ipvs options to the kube proxy configuration
 2018-10-12 22:40:50 +01:00
captainkerk d132577e21 add targetRamMb to kubeAPIServer spec 2018-10-09 01:46:18 +00:00
captainkerk beb8aebe06 add support for max-mutating-requests-inflight parameter 2018-10-04 05:40:28 +00:00
Rohith 2e514a3931 - changing the controller option to a slice as empty slices are ignored 
anyhow.
 2018-10-02 18:20:58 +01:00
Rohith 806b0cbb06 Controller Manager Flag 
- adding the controller manager flag as this default to bootstrapsigner, tokencleaner disabled
 2018-10-01 20:58:38 +01:00
Rober Morales-Chaparro 2a52afcb3d Ability to configure `--node-cidr-mask-size` into `kube-controller-manager` 2018-08-10 12:20:16 +02:00
Ian Hoegen 0fbba7fa6e Move AuthenticationTokenWebhook flag from api to kubelet, add authentication-token-webhook-cache-ttl to kubelet as well 2018-07-24 11:05:50 -07:00
k8s-ci-robot a92ee38741
Merge pull request #5467 from rdrgmnzs/kubelet_root-dir 
Allow users to set the kubelets root dir.
 2018-07-19 13:49:37 -07:00
Rodrigo Menezes 0cc45db5b1 Allow users to set the kubelets root dir. 2018-07-19 10:59:06 -07:00
Mike Splain 188824cba0 Add configurable conntrack settings 2018-07-18 12:11:30 -04:00
Erik Berdonces Bonelo fdeed33719 Add --min-request-timeout flag in kube-APIServer 2018-07-13 10:29:30 +02:00
Ripta Pasay 5f2f031f6d Add dockerDisableSharedPID to kubelet config 2018-07-02 17:17:12 -07:00
Rohith 9e7b15d01b Aggregator Routing Option 
- adding the enable-aggregator-routing option to the kube-apiserver
 2018-06-19 23:18:34 +01:00
Rohith d2bae64dd1 - adding the enable-bootstrap-token-auth to the kubeapi and fixing up the various compoents 2018-06-11 09:57:26 +01:00
Rohith 4531384649 This PR attempts to solve two issues 
a) The current implementation use's a static kubelet which doesn't not conform to the Node authorization mode (i.e. system:nodes:<nodename>)
b) As present the kubeconfig is static and reused across all the masters and nodes

The PR firstly introduces the ability for users to use bootstrap tokens and secondly when enabled ensure the kubelets for the masters as have unique usernames.  Note, this PR does not attempt to address the distribution of the bootstrap tokens themselves, that's for cluster admins. One solution for this would be a daemonset on the masters running on hostNetwork and reuse dns-controller to annotated the pods and give as the DNS

Notes:
- the master node do not use bootstrap tokens, instead given they have access to the ca anyhow, we generate certificates for each.
- when bootstrap token is not enabled the behaviour will stay the same; i.e. a kubelet configuration brought down from the store.
- when bootstrap tokens are enabled, the Nodes sit in a timeout loop waiting for the configuration to appear (by third party).
- given the nodeup docker and manifests builders are executed before the kubelet builder, the assumption here is a unit file kicks of a custom container to bootstrap the rest.
- the current firewalls on between the master and nodes are fairly open so no need to open ports between the two
- much of the work was ported from @justinsb PR [here](https://github.com/kubernetes/kops/pull/4134/)
- we add a very presumptuous server and client certificates for use with an authorizer (node-bootstrap-internal.dns_zone)

I do have an additional PR which performs the entire thing. The process being a node_authorizer which runs on the master nodes via a daemonset, the service implements a series of authorizers (i.e. alwaysallow, aws, gce etc). For aws, the process is similar to how vault authorizes nodes [here](https://www.vaultproject.io/docs/auth/aws.html). Nodeup no then calls out to the node_authorizer on bootstrap and provisions the kubelet.
 2018-06-11 09:56:32 +01:00
Tomas Virgl 6c9a948ebc Enable override bind address for kube-proxy. 
When using kube-proxy in userspace mode, you have to bind to primary ip address of underlying machine.
 2018-06-06 19:46:17 -07:00
k8s-ci-robot 8f91621687
Merge pull request #5231 from ihoegen/auth-token-webhook 
Add AuthenticationTokenWebhook flag
 2018-05-31 23:56:57 -07:00
Justin Santa Barbara 53bf6ea6ad Replace deprecated flags: address -> insecure-bind-address 2018-05-31 23:23:33 -04:00
Ian Hoegen 1d9c446499 Add AuthenticationTokenWebhook flag 2018-05-31 20:14:56 -07:00
Justin Santa Barbara 9a49ed051a Fix typo: "to user" -> "to use" 2018-05-31 11:58:13 -07:00
Ripta Pasay d9252a1cab Incorporate admission plugin flags when determining whether an admission controller is enabled or not 2018-05-29 16:42:23 -07:00
Ripta Pasay dfa4190cb5 Add --enable-admission-plugins API server flag, deprecating --admission-control in v1.10 2018-05-29 16:42:23 -07:00
Ali Rizwan 375a5b03e1 kubelet expose --streaming-connection-idle-timeout 2018-05-14 11:09:44 +02:00
Stephen McQuay (smcquay) 83e485ea8d
kublet: expose --experimental-allowed-unsafe-sysctls 
This fixes #2828.
 2018-05-10 09:06:56 -07:00
Christian Jantz 33845ebd43 Added tls certificate and private key path flags to kubelet config 2018-05-01 17:44:09 +02:00
k8s-ci-robot 22a34586cc
Merge pull request #3498 from gambol99/psp 
Pod Security Policies
 2018-04-10 07:43:09 -07:00
Christian Jantz 8c3a2b7a87 added authorization-mode flag to kubernetes component configs 2018-04-05 13:06:54 +02:00
Rohith e8e3ac0c91 Pod Security Policies 
The current implementation doesn't work with PodSecurityPolicies enabled due to no psp policies. This PR adds a default psp policy for the kubelet users and and the kube-system namespace
 2018-04-04 17:43:11 +01:00
Sergey Lanzman e5b24f15d7 add proxy mode flag to kube-proxy 2018-04-02 10:07:37 +03:00
Haoyun 33d087a894
fix some grammar mistakes 
fix some grammar mistakes
 2018-03-27 09:18:10 +08:00
Justin Santa Barbara 2bccf880d2 etcd-quorum-read flag: explicitly default to off for v2 
Kubernetes 1.9 changed the default for etcd-quorum-read flag value to
true, in the hope of fixing some of the edge-case controller issues.

However, while this is cheap on etcd3, that fix was not backported to
etcd2, and performance there of quorum reads is poor.

For non-HA clusters with etcd2, it still goes through raft, but does not
need to - we set etcd-quorum-read to false, as this is just a missed
optimization in etcd2.

For HA clusters with etcd2, it's trickier, but at least for now we're
going to avoid the (crippling) performance regression.  kops 1.10 should
have etcd-manager (allowing upgrades to etcd3), and the ability to
configure IOPS on the etcd volume, so we can revisit this in 1.10 /
1.11.
 2018-03-25 19:08:05 -04:00
AdamDang 2e30b4d391
Fix a mistake in componentconfig.go 
in line 337: "ReconcilerSyncLoopPeriod" should be replaced with "AttachDetachReconcileSyncPeriod"
 2018-03-13 20:38:10 +08:00
Horace Heaven 13244a5ce8 Kube-proxy API to accept cpu: limit, mem: request and limit 2018-02-28 15:26:19 -04:00