ef5936d8b5
Support overlay2 in docker
...
We also have to stop passing the flag on ContainerOS, because it's set
in /etc/docker/default.json and it's now an error to pass the flag.
That in turn means we move those options to code, which are the last of
those legacy config options. (We still have a few tasks declaratively
defined though)
2018-06-07 17:11:11 -04:00
67296c2db9
- fixing up the spelling mistakes found
2018-06-06 10:03:51 +01:00
088d14e2bd
docker: Set TasksMax to infinity
...
Equivalent of https://github.com/kubernetes/kubernetes/pull/51986
2018-06-03 13:14:15 -07:00
b62d6df115
Admission Controller Fix
...
A previous PR https://github.com/kubernetes/kops/pull/5221/ introduced the --enable-admission-plugins for >= 1.10.0 as recommended, it does however cause an issue if you already have AdmissionControl is specified in the Spec as both flags get rendered
2018-06-02 19:46:55 +01:00
f31f544ff2
File Permissions Private Key
...
- adjusting the file permissions on the heptio authenticator to 0600
2018-06-01 15:34:37 +01:00
775b877a10
Merge pull request #5197 from rdrgmnzs/heptio_authenticator
...
Setup heptio authenticator
2018-06-01 07:12:55 -07:00
f0476776b1
fix file perms
2018-05-31 21:11:06 -07:00
918d510909
Typo fix: are be->are
...
are be->are
2018-06-01 08:54:36 +08:00
e323fa918f
Merge pull request #5126 from justinsb/optional_etcd_manager
...
Support (optional) etcd-manager
2018-05-25 15:45:32 -07:00
ba87c36f73
Support (optional) etcd-manager
2018-05-25 16:01:22 -04:00
5ce8f9e712
Setup heptio authenticator
2018-05-23 17:48:33 -07:00
c6c842112e
CA Key File Permissions
...
- locking down the ca.key somewhat by forcing the file permissions to 0600
2018-05-23 21:06:27 +01:00
ebfb3c241b
change gossip dns conn limit by ENV
2018-04-28 15:50:19 +00:00
31222ec1cc
Merge pull request #5042 from Cryptophobia/add-docker-17.09-for-debian-9
...
Add docker 17.09.0 version for Debian 9
2018-04-19 17:32:59 -07:00
c9cf51f5ad
Add docker 17.09.0 version for Debian 9
2018-04-19 12:17:07 -04:00
619ef0da8e
Treat Amazon Linux 2 as CentOS 7
2018-04-18 08:55:50 -04:00
b1384b3bc0
Only do etcd backups on main
...
Because our implementation can't actually differentiate settings for
events & main, we only support backup of main for now.
2018-04-10 18:52:08 -04:00
3d1203f0f4
Disable locksmithd on CoreOS if UpdatePolicy set
2018-04-10 13:05:00 +01:00
71d8d23982
Typo fix an->and
...
Typo fix an->and
2018-04-06 10:13:57 +08:00
89960aff67
coreos/containeros: restart kops-configuration service after docker drop-in is loaded
2018-04-03 12:47:19 -04:00
27e8902016
digitalocean: add nodeup support
2018-04-01 10:11:07 -04:00
cebc7017bc
Merge pull request #4760 from louismunro/add_AfterFiles_dependencies
...
Add AfterFiles dependencies to File tasks
2018-03-30 15:20:03 -07:00
487dc33b7e
Adds an AfterFiles field to nodetasks.File and makes sure CoreOS uses it
2018-03-26 18:30:36 +00:00
fc1bed4353
Merge pull request #4224 from nebril/cilium-support
...
Add Cilium as CNI plugin
2018-03-26 07:49:02 -07:00
84b75cc7ec
Merge pull request #4744 from locationlabs/ca_bundle_fix
...
use the primary cert from the ca cert bundle
2018-03-21 19:27:05 -07:00
8d8e35aeae
Merge pull request #4575 from erks/admin_token_access
...
add system:masters group to admin user in static token file
2018-03-20 19:21:13 -07:00
bce2c346c3
use the primary cert from cert bundles
...
If the ca cert bundle has multiple certs, some things (kube-controller-manager in particular) will fail to startup correctly
2018-03-20 19:20:12 -07:00
e93d88ecc2
Mount the iptables lock file
...
We only do this for >= 1.9 so we don't change existing clusters.
Equivalent of https://github.com/kubernetes/kubernetes/pull/46259
2018-03-20 18:07:17 -04:00
bca52dede9
Add Cilium as CNI plugin
...
Signed-off-by: Maciej Kwiek <maciej@covalent.io>
2018-03-20 13:07:26 +01:00
1fa6bfb612
Fix kubeScheduler.usePolicyConfigMap - missing namespace flag
2018-03-19 19:42:27 -03:00
90ac573594
Centos: add selinux package dependencies
...
Issue #4091
2018-03-18 17:49:45 -04:00
eddf4ae7a0
make admin user in token auth have the same group (system:masters) as basic auth.
...
this should fix https://github.com/kubernetes/kops/issues/4369
2018-03-04 16:46:17 -08:00
e634143c43
Merge pull request #4417 from dezmodue/amazon-vpc-cni
...
Bind the kubelet to the local ipv4 address
2018-03-02 15:22:54 -08:00
23f9c63bf3
Kube Proxy IPVS Kernel Module
...
- fixing the the 'Could not get ipvs family information from the kernel. It is possible that ipvs is not enabled in your kernel. Native loadbalancing will not work until this is fixed.' error
2018-03-02 15:05:22 +00:00
fcd08f1535
add BUILD.bazel
2018-03-01 18:05:15 +01:00
e406dbf501
Bind the kubelet to the local ipv4 address if the cni plugin is AmazonVPC - #4218
2018-03-01 17:47:54 +01:00
13244a5ce8
Kube-proxy API to accept cpu: limit, mem: request and limit
2018-02-28 15:26:19 -04:00
37d4b53d0d
Merge pull request #4010 from gambol99/etcd_options
...
Etcd TLS Peer & CLient Auth
2018-02-27 22:27:56 -08:00
45a57915e2
Fix bazel deprecation notice
2018-02-26 09:36:13 -05:00
a140d5b7f1
- fixing the protokube flag issue
2018-02-24 10:03:43 +00:00
d065111453
Etcd TLS Peer & CLient Auth
2018-02-24 10:02:41 +00:00
b68f58d746
Change NewAssetBuilder to take a kops.Cluseter
2018-02-22 21:42:40 -08:00
dde7600dae
Initial support for standalone etcd-manager backups
...
The etcd-manager will (ideally) take over etcd management. To provide a
nice migration path, and because we want etcd backups, we're creating a
standalone image that just backs up etcd in the etcd-manager format.
This isn't really ready for actual usage, but should be harmless because
it runs as a sidecar container.
2018-02-20 20:06:08 -05:00
4b8db1eee0
Merge pull request #4137 from thockin-tmp/gcr-vanity
...
Convert registry to k8s.gcr.io
2018-02-20 08:54:39 -08:00
3b0702eb1c
updating bazel BUILD file
2018-02-18 15:33:18 -07:00
c8e4a1caf8
Kubernetes Calico TLS
...
The current implementation when Etcd TLS was added does not support using calico as the configuration and client certificates are not present. This PR updates the calico manifests and adds the distribution of the client certificate
2018-02-14 23:41:45 +00:00
79d5f793e7
Convert registry to k8s.gcr.io
2018-02-14 10:08:41 -08:00
2b1ecba8e1
Merge pull request #4395 from ihoegen/master
...
Add max-requests-inflight parameter
2018-02-13 22:59:51 -08:00
37c3ac3784
Add max-requests-inflight flag, along with docs
2018-02-13 13:34:48 -08:00
f40dc50a25
Update BUILD files to account for some recent changes
2018-02-12 17:16:33 -05:00
ac25853cd5
- Add etcdClusterSpec Image & Version in bootstrap data for Master nodes
...
- Reuse execWithTee fn for ETCD Command (tee & mkfifo in different path for newer image versions)
2018-02-10 12:14:36 +00:00
6cce2427b3
Merge pull request #4286 from justinsb/exec_with_bin_sh
...
exec target command, but still pipe it to tee
2018-01-29 04:56:33 -08:00
7ca593b994
exec target command, but still pipe it to tee
...
Equivalent of https://github.com/kubernetes/kubernetes/pull/57756
2018-01-25 10:15:24 -05:00
2b12b59d75
add ability to override etcd image and update apimachinery generated files from EtcdClusterSpec changes
2018-01-10 13:39:07 -08:00
1f125861b6
Merge pull request #4216 from justinsb/new_path_to_gce_mounter
...
gce: mounter asset has moved
2018-01-07 16:18:10 -08:00
3b983dfabd
gce: mounter asset has moved
...
The mounter asset is now available directly, no longer in
kubernetes-manifests.tar.gz
2018-01-07 17:07:54 -05:00
5f729d49cb
nodeup: don't warn during distro detection
...
We have several mechanisms for distro detection, and we were giving a
scary warning if the first failed, though we have several precisely
because the first usually is insufficient.
2018-01-07 16:22:11 -05:00
4dd3bb1dea
Updating bazel BUILD files with new go_rules version
2017-12-29 15:03:14 -07:00
9e5c086c5b
Remove use of deprecated create-if-missing functions
...
Generally tightening up the interface to make it easier to remove list
operations.
2017-12-20 00:52:18 -05:00
bf24a6443c
Avoid ListSecrets call in nodeup
...
This helps up with GCE permissions, but also helps us get rid of auth
tokens.
2017-12-19 11:45:04 -05:00
15c7d61dfb
Merge pull request #3997 from aledbf/amazon-vpc-cni
...
Automatic merge from submit-queue.
Add support for Amazon VPC CNI plugin
TODO:
- [x] IAM perms so that the CNI provider only has perms for the nodes in the cluster
- [x] Cleanup of security groups
- [ ] Replace image aledbf/k8s-ec2-srcdst:v0.1.0-5 with the official after https://github.com/ottoyiu/k8s-ec2-srcdst/pull/5 and https://github.com/ottoyiu/k8s-ec2-srcdst/pull/6
2017-12-17 21:41:13 -08:00
7057aaf1bb
Enabling the file assets
...
File assets and the SHA files are uploaded to the new location. Files
when are users uses s3 are upload public read only. The copyfile task
uses only the existing SHA value.
This PR include major refactoring of the use of URLs. Strings are no
longer categnated, but converted into a URL struct and path.Join is
utlilized.
A new values.go file is included so that we can start refactoring more
code out of the "fi" package.
A
2017-12-17 15:26:57 -07:00
2e05dd17aa
Add support for Amazon VPC CNI plugin
2017-12-17 18:08:24 -03:00
743e482660
nodeup: create kubeconfig under admin or root
...
While the admin account is created on stock debian images, it isn't on
all of them. Check admin first, then check root, and don't treat it as
an error if neither is found - this is only a convenience.
2017-12-15 01:29:48 -05:00
5e2251bb84
Merge pull request #4022 from KashifSaadat/keyfile-permissions
...
Automatic merge from submit-queue.
Remove world read permissions on sensitive key files.
The key files pulled from S3 had world read permissions by default (644). This PR sets the permissions to 600 on `.key` and `.pem` files.
2017-12-14 00:25:41 -08:00
d0618e1471
Merge pull request #4014 from blakebarnett/bdb/fix_docker_stretch_url
...
Automatic merge from submit-queue.
Fix URL for Docker 17.03.2 on Debian Stretch
2017-12-11 06:26:30 -08:00
4661fd5e8e
Fix libcgroup dependency typo
...
In nodeup/pkg/model/docker.go, libcgroup is listed as a dependency for various environments. A couple times this is misspelled as libgcroup
2017-12-08 13:35:13 -06:00
a8866fbcc9
Remove world read permissions on sensitive key files.
2017-12-07 09:43:14 +00:00
d3615cb1d9
Fix URL for Docker 17.03.2 on Debian Stretch
2017-12-05 17:40:22 -08:00
7fa4c28b1b
Ensure iptables forwarding is enabled
...
Docker 1.13 changed how it set up iptables in a way that broke
forwarding.
We previously got away with it because we set the ip_forward sysctl,
which meant that docker wouldn't change the rule. But if we're using an
image that preinstalled docker, docker might have already reconfigured
iptables before we run, and we didn't set it back.
We now set it back.
https://github.com/kubernetes/kubernetes/issues/40182
2017-11-30 20:29:32 -05:00
0a2f949fd9
Merge pull request #3929 from justinsb/add_service_extension_if_not_exists
...
Automatic merge from submit-queue.
Don't add .service extension if already there
2017-11-26 16:45:29 -08:00
8f0566d8a8
Merge pull request #3926 from justinsb/kubernetes_assets
...
Automatic merge from submit-queue.
Use EnsureTask so we don't have to track directories as closely
2017-11-26 15:43:20 -08:00
079464c223
Don't add .service extension if already there
2017-11-26 17:05:59 -05:00
b2cd5c961c
Use EnsureTask so we don't have to track directories as closely
...
Issue #3921
2017-11-26 01:49:19 -05:00
c324b01b7a
Added .service to hooks unit files
...
Recent versions of systemd (version 229 at least) included in Ubuntu
16.04 and Debian 9 require the systemd unit files to have a .service
extension.
Signed-off-by: Ali Rizwan <ari@hellofresh.com>
2017-11-24 17:07:58 +01:00
b698c684a9
Add support for docker 17.09.0 version
...
Signed-off-by: Divya Vavili <vavili.divya@gmail.com>
2017-11-16 11:55:11 -08:00
1fdbbecce1
Fix CoreOS logrotate service failure.
2017-11-13 10:16:16 +00:00
2de2ab53a8
Debian Stretch versions for Docker to support K8s 1.8
2017-11-09 10:41:17 +08:00
609e268a1d
gazelle updates with new bazel version
2017-11-05 17:41:53 -07:00
1e418c3e13
more goimport updates
2017-11-04 10:03:02 -06:00
6a7c109f43
fix typo in comment: mananging
2017-10-30 23:47:59 -04:00
b2bcba4a6d
GCE: Use object-level permissions for files in GCS
...
This lets us configure cross-project permissions while ourselves needing
minimal permissions, but also gives us a nice hook for future lockdown
of object-level permissions.
2017-10-29 19:17:00 -04:00
aab00d7dc3
Merge pull request #3699 from brdude/disable_kube-proxy
...
Automatic merge from submit-queue.
Allow disabling kube-proxy
This adds the ability to turn off kube-proxy.
My specific use case is the usage of a custom CNI.
2017-10-26 23:05:57 -07:00
a708919bf4
Generate scheduler policy by dynamic cluster addons
2017-10-27 08:56:07 +07:00
bc9df922f0
refactored to return err
2017-10-26 17:25:51 -06:00
4de78b0055
setting up etcd to use asset builder for its container
2017-10-26 17:25:50 -06:00
8ad9b3c931
fix
2017-10-25 21:33:21 -07:00
1edd99ccc1
Allow disabling kube-proxy
2017-10-25 14:23:58 -07:00
8df13bd468
Merge pull request #3679 from justinsb/support_api_aggregation
...
Automatic merge from submit-queue.
Initial aggregation work
Create the keypairs, which are supposed to be signed by a different CA.
Set the `--requestheader-...` flags on apiserver.
Fix #3152
Fix #2691
2017-10-24 12:08:27 -07:00
7c695e7d00
Rename flag from network-plugin-dir -> cni-bin-dir
...
Per https://github.com/kubernetes/kubernetes/pull/53564
2017-10-23 00:54:37 -04:00
a879521ba3
Initial aggregation support
...
Create the keypairs, which are supposed to be signed by a different CA.
Set the `--requestheader-...` flags on apiserver.
Fix #3152
Fix #2691
2017-10-22 14:41:38 -04:00
298747e9ae
adding etcd settings to protokube
2017-10-20 00:32:53 -04:00
8718b4a4a0
Merge pull request #3628 from justinsb/rhel7_docker_1_12_6_deps
...
Automatic merge from submit-queue.
Docker dependencies for docker 1.12.6 on RHEL
2017-10-13 23:38:42 -07:00
3a1f866144
Merge pull request #3621 from justinsb/protokube_mount_using_nsenter
...
Automatic merge from submit-queue.
Simplify protokube mounter using nsenter executor
2017-10-13 19:49:46 -07:00
437a4c832c
Docker dependencies on RHEL
...
Add missing docker depednencies
2017-10-13 22:27:04 -04:00
9517a1c4a7
Simplify protokube mounter using nsenter executor
...
Makes it much clearer, and avoids problems when systemd is in the host
but not the container.
2017-10-13 21:37:15 -04:00
c78790f902
Modified OS detection logic when updating http proxy settings.
2017-10-13 19:08:47 +01:00
f6a995b701
Create logrotate service where not installed by default
...
Otherwise the logrotate timer has nothing to target.
2017-10-10 09:32:21 -04:00
2500ee07f8
Merge pull request #3550 from chrislovecnm/protokube-kubectl
...
Automatic merge from submit-queue.
mounting kubectl from the host instead to installing in protokube
So this will fix our protokube kubectl versioning issue. Kubectl is in on host, if we are on a master, and is always the right version, so let's use it! Refactored a bit to get the distro path for kubectl. Need to test on gossip. Set the path on protokube and mounted kubectl in `/opt/kops/bin`.
/approve
TODO
- [ ] test gossip
Fixes https://github.com/kubernetes/kops/issues/3518
2017-10-10 03:50:15 -07:00
9d589af4c5
Replace logrotate crontab with systemd timer
2017-10-08 23:12:10 -07:00
Justin Santa Barbara
Rohith
k8s-ci-robot
Rodrigo Menezes
AdamDang
liang
Cryptophobia
sonal
Kashif Saadat
andrewsykim
Louis Munro
Chris Phillips
Maciej Kwiek
Leon Waldman
Touch Ungboriboonpisal
Simone Sciarrati
Horace Heaven
Mike Splain
chrislovecnm
Tim Hockin
Ian Hoegen
Otto Yiu
Kubernetes Submit Queue
Manuel de Brito Fontes
wannabesrevenge
Blake
Ali Rizwan
Divya Vavili
Mikael Knutsson
Manatsawin Hanmongkolchai
Matt Schurenko
Julian V. Modesto