kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,466 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

458 Commits

Author SHA1 Message Date
Ryan Bonham 67c2f50732 Handle unset KubeAPIServer.CPURequest 2019-03-29 14:07:05 -05:00
Ryan Bonham a75dcdda35 Add Ability to set cpu request for api server 2019-03-29 13:56:21 -05:00
Justin SB 7bd4a7e262
Support download protokube from mirror 2019-03-26 00:45:54 -04:00
Derek Lemon (delemon) b09bb9eb37 Openstack environment escaping 2019-03-21 15:56:57 -06:00
Kubernetes Prow Robot 93988d8fdd
Merge pull request #6359 from justinsb/integration_etcd 
Enable etcd-manager / etcd3 / etcd-tls in kops 1.12
 2019-03-19 10:28:23 -07:00
Justin SB f0241294ac
Refactored out repeated joining code 
Thanks for suggestion @chrisz100!
 2019-03-19 09:48:16 -07:00
Jesse Haka dab9c1800a add manage sec groups for loadbalancers 2019-03-18 11:27:31 +02:00
Kubernetes Prow Robot 00950767c2
Merge pull request #6564 from usabilla/no-docker-prestart 
Remove docker-prestart hook
 2019-03-17 23:25:11 -07:00
Kubernetes Prow Robot 3b907c81e4
Merge pull request #5982 from justinsb/create_var_lib_kubelet 
Always create /var/lib/kubelet, even in bootstrap mode
 2019-03-17 04:12:55 -07:00
Kubernetes Prow Robot 492031d4c7
Merge pull request #6620 from justinsb/followup_6347 
Fix some of the docker package names & versions
 2019-03-15 09:47:00 -07:00
LilyFaFa 12d54b6a1f support gossip for AliCloud 2019-03-15 15:26:12 +08:00
Justin SB 057c19f8bb
Fix some of the docker package names & versions 
Follow up to #6347 - add a test for some of the names based on some
heuristics, and fix some of the problems that popped up.
 2019-03-15 00:09:59 -04:00
Kubernetes Prow Robot 16e846d4ce
Merge pull request #6347 from tsuna/master 
Add support for Docker 18.09.3.
 2019-03-14 20:48:55 -07:00
Justin SB 31f408c978
Support etcd-manager in kops 1.12 
In 1.12 (kops & kubenetes):

* We default etcd-manager on
* We default to etcd3
* We default to full TLS for etcd (client and peer)
* We stop allowing external access to etcd
 2019-03-14 23:13:06 -04:00
Alex Williams c928b7e6c5
Use EnsureTask for create static pod directory 2019-03-14 12:22:43 +00:00
Justin SB ecbc34153b
Always create /var/lib/kubelet, even in bootstrap mode 
Otherwise we end up with a circular dependency where we don't run the
node-authorizer until /var/lib/kubelet has been bind-mounted, but it
can't be bind-mounted until it exists.

This bind-mounting happens on Google's ContainerOS, which is why it
isn't always seen.
 2019-03-14 01:07:52 -04:00
Benoit Sigoure e4691cd704 nodeup: Add support for Docker 18.09.3. 
Starting from Docker 18.09.0, the Docker distribution has been split in
3 packages: the Docker daemon, the Docker CLI, and for containerd.  This
adds a twist to how to upgrade Docker from the base image as the daemon
and CLI packages must be installed at the same time, otherwise dpkg/rpm
will refuse to upgrade (the new CLI is incompatible with the old package
and the daemon can't be installed without first installing the CLI and
the new containerd, so the upgrade MUST happen in a single transaction).

This code change thus adds the possibility to specify additional packages
to install in the same dpkg/yum transaction, such as the Docker CLI and
containerd in nodeup, and the ability to apply the multi-package upgrade
atomically with dpkg/rpm.

We also use this new mechanism for the SELinux policy on RHEL/CentOS.
 2019-03-04 15:39:12 -08:00
Steven McDonald fe249eabbf Remove docker-prestart hook 
This breaks networking if Docker is restarted
(https://github.com/kubernetes/kops/issues/6191).

The Docker issue linked in the hook's comments has been closed for
over 3 years, and this workaround has not been used by upstream
Kubernetes for over a year:

  5f9735de53 (diff-af1d281c3ce49f7bfe110f7c64c96fdc)

It therefore seems unlikely that this hook is still necessary.
 2019-03-01 13:43:38 +01:00
Kubernetes Prow Robot baf83ab69a
Merge pull request #6343 from sp-joseluis-ledesma/master 
set net.ipv4.ip_local_reserved_ports to the KubeAPIServer ServiceNodePortRange parameter on nodeup
 2019-02-28 12:50:49 -08:00
Kubernetes Prow Robot 743b319fc9
Merge pull request #6506 from justinsb/chattr_docker_runc_17_03_2 
Try using chattr to mark docker-runc as immutable
 2019-02-25 07:22:12 -08:00
Justin SB 5d28bed21f
Map docker 18.06.3 
Docker 18.06.2 on RHEL/Centos did not actually contain the fix, so we
need 18.06.3.
 2019-02-23 17:19:44 -05:00
Justin SB 9bfa0cdd2a
Try using chattr to mark docker-runc as immutable 
May be a workaround for CVE-2019-5736, is defense in depth in any case.
 2019-02-20 22:26:44 -05:00
Kubernetes Prow Robot 823f769a95
Merge pull request #6492 from justinsb/package_names_for_container_selinux 
Fix package name & version for container-selinux
 2019-02-20 08:14:50 -08:00
Kubernetes Prow Robot 46599c0908
Merge pull request #6491 from justinsb/overlay2_on_docker_with_17_x 
Workaround for overlay2 vs rhel-family docker bug
 2019-02-20 05:37:41 -08:00
Justin SB f094d16d0f
Fix package name & version for container-selinux 2019-02-19 21:25:38 -05:00
Justin SB ea4e57145c
Workaround for overlay2 vs rhel-family docker bug 
Docker 17.x with rhel-family fails to detect overlay2 correctly, and
need us to pass overlay2.override_kernel_check=true for docker to
correctly detect overlay2 support.
 2019-02-19 21:25:12 -05:00
Justin SB 8835dc94eb
Install kubelet config for default centos user 
We weren't installing it on centos, which is not particuarly
user-friendly.
 2019-02-19 21:24:24 -05:00
Kubernetes Prow Robot 53189d7e6b
Merge pull request #6210 from mmerrill3/feature/kops-4049 
Fixing kops-4049
 2019-02-18 02:43:00 -08:00
Kubernetes Prow Robot 96b14eaa3b
Merge pull request #6461 from mikesplain/add_jessie_patch 
Add jessie patch
 2019-02-16 06:24:02 -08:00
Kubernetes Prow Robot f7048cf8fb
Merge pull request #6411 from justinsb/etcd_manager_backport 
Support etcd-manager v3, suitable for backporting
 2019-02-16 04:21:40 -08:00
mikesplain 54c969c521 Add debian jessie patch for CVE-2019-5736 2019-02-12 08:42:49 -05:00
JuanJo Ciarlante 6bb897d7ac
add Xenial, fix Stretch Version to 18.06.2~ce~3-0~debian (same as for Xenial, Bionic, Stretch) 2019-02-11 19:44:25 -03:00
JuanJo Ciarlante b761a809d5
add 18.06.2 entries instead of replacing 18.06.1 ones 2019-02-11 17:05:12 -03:00
JuanJo Ciarlante 49615d5afa [jjo] update docker-ce 18.06 for CVE-2019-5736 
Fixes #6459.

* Update CoreOS, Debian Stretch and Ubuntu Bionic
  docker-ce packages to 18.06.2
 2019-02-11 16:26:17 -03:00
Justin SB dd7533398d
Support etcd-manager v3, suitable for backporting 
Add etcd-manager v3 in a way that we can safely backport.
 2019-01-29 23:51:26 -05:00
Kubernetes Prow Robot ea420dac78
Merge pull request #6351 from cisco-sso/os_full 
Kops for Openstack
 2019-01-23 10:35:20 -08:00
Derek Lemon -T (delemon - AEROTEK INC at Cisco) c9b5911b1c Openstack gopkg updates 2019-01-19 08:41:15 -07:00
Rohith 6c814f3e73 Changes 
- removed all the systemd unit creation and use the volume mount code from kubele (SafeFormatAndMount)
- added some documentation to highlight the feature and show how it might be used in both ebs and ephemeral storage
 2019-01-18 22:49:54 +00:00
Rohith df2d8dd304 - updating the basil requirements 2019-01-18 22:49:54 +00:00
Rohith 0e155b4c78 - changed tack and making them two separate features for now, one adding additional volumes and two mounting them. This should always allow for user to use epherimal devices as well 
- updated the api specs and machinery
- adding the dependecies on the services when the volume mounts are enable (should probably false this if they don't effect the docker filesystem)
 2019-01-18 22:49:38 +00:00
Rohith 1b69cea3cb - adding the volumebuilder into the nodeup binary to provision the mapped volumes 2019-01-18 22:45:05 +00:00
Derek Lemon -T (delemon - AEROTEK INC at Cisco) d1b7680b10 openstack cloud config monitor section must be a child of loadbalancer 2019-01-18 14:22:04 -07:00
Derek Lemon -T (delemon - AEROTEK INC at Cisco) 292b3a8589 Storage config for openstack cloud config 2019-01-18 11:39:39 -07:00
Derek Lemon -T (delemon - AEROTEK INC at Cisco) eb256593bc Setting project ID as well in cloudconfig. Using loadbalancerID in cloudconfig. Retrieving instance IP from openstack in protokube. 2019-01-18 10:17:14 -07:00
Derek Lemon -T (delemon - AEROTEK INC at Cisco) 4f0169bb79 codegen 2019-01-16 09:30:40 -07:00
Derek Lemon -T (delemon - AEROTEK INC at Cisco) b1aaef1885 Proper escaping of openstack environment variables 2019-01-15 14:21:50 -07:00
Derek Lemon -T (delemon - AEROTEK INC at Cisco) 4e752ca62d Openstack Environment Variable Mapping 2019-01-15 14:21:41 -07:00
Naresh Kumar Amrutham 6a0bdfda31 fixed comment 2019-01-15 10:04:41 -08:00
Naresh Kumar Amrutham c5c26fe4d2 include dependency container-selinux for docker v17.09 2019-01-15 10:01:28 -08:00
José Luis Ledesma 5064a54602 set net.ipv4.ip_local_reserved_ports to the KubeAPIServer ServiceNodePortRange parameter on nodeup 2019-01-15 16:25:28 +01:00
Naresh Kumar Amrutham f1fb335fbe include docker 18.06.1 missed dependency 
container-selinux-2
 2019-01-14 14:40:13 -08:00
Justin SB 26bd75aecb
Bulk spelling fixes 
Experimenting with my own spelling checker, these are the typos it caught.
 2018-12-20 17:43:56 -05:00
mmerrill3 248f08b467 Fixing kops-4049 2018-12-16 11:59:16 -05:00
Bruno 069db70f57 Add Docker 18.06.1 for CentOS and RHEL 7 2018-12-12 11:46:22 +01:00
Rodrigo Menezes 7231c20f60 ExperimentalAllowedUnsafeSysctls has moved to AllowedUnsafeSysctls in k8s 1.11 2018-12-07 00:20:32 -08:00
k8s-ci-robot 0c8e5579f2
Merge pull request #6058 from ripta/max-pods 
Set MaxPods when using Amazon VPC CNI Plugin
 2018-11-26 12:39:12 -08:00
Ripta Pasay 7ca6ddc9e0 Replace MaxPods in machine type data with InstanceENIs and InstanceIPsPerENI 2018-11-25 22:35:25 +00:00
Seth Pollack cd63aa5429 set max pods when using aws vpc cni 
(cherry picked from commit 92fd86f04a)
 2018-11-25 20:45:28 +00:00
Justin Santa Barbara 3405ee1382 Create separate certificate for etcd peer authentication 
This works around the (very unusual) etcd changes for validation of
peer certificates by DNS lookup, which were introduced in etcd 3.2.

Issue #6024
 2018-11-24 22:26:52 -05:00
k8s-ci-robot 4eeba152cd
Merge pull request #6059 from ripta/coreos-logrotate 
Set a `dateformat` on logrotate configs on CoreOS
 2018-11-24 12:15:43 -08:00
k8s-ci-robot f4012407f8
Merge pull request #4762 from locationlabs/cni-ipvlan-vpc-k8s 
Cni ipvlan vpc k8s support
 2018-11-21 13:43:19 -08:00
mmerrill3 7c4b2a6a5e Setting the manifest directory when it is required by kubelet 2018-11-19 10:04:44 -05:00
k8s-ci-robot 67f1cc8aba
Merge pull request #5586 from fernandocarletti/feature/flags 
Add flag to disable Basic Auth.
 2018-11-18 18:01:05 -08:00
mooncake 55425e16ae Fix some typos 
Signed-off-by: mooncake <xcoder@tenxcloud.com>
 2018-11-10 18:37:57 +08:00
Ripta Pasay 17ad5af417 Set dateformat on logrotate configs 
On CoreOS Container Linux, `dateext` is set, which causes log rotation
based on maxsize to not run, when a previous rotation already happened
on the calendar same day.

(cherry picked from commit 585d0a0da42be1eae87fa879b0084d29d77ac605)
 2018-11-08 09:04:10 +00:00
Chris Phillips 9792c02b48 gofmt 2018-11-07 08:08:44 -08:00
Chris Phillips 2b9a56f8e6 rename to LyftVPC. Removes all the settings from the NetworkingSpec 2018-11-07 08:08:44 -08:00
Chris Phillips 4d40090c0c adds loopback to list of cni assets. fix gofmt 2018-11-07 08:08:13 -08:00
Chris Phillips 3ec470b240 apimachinery and updated BUILD.bazel for cni-ipvlan-vpc-k8s 2018-11-07 08:08:13 -08:00
Chris Phillips 3a8078763a Adds support for Lyft's cni-ipvlan-vpc-k8s 
https://github.com/lyft/cni-ipvlan-vpc-k8s

This cni solution is slightly different in that it doesn't require running a daemonset

It requires:
  * a config file in /etc/cni/net.d
  * the binaries in /opt/cni/bin
  * adding the --node-ip param to the kubelet

This code is modeled after the AmazonVPC cni bits.

I've left the setup of the required subnets as an exercise to the reader.
 2018-11-07 08:08:13 -08:00
SataQiu 0550d8d4e8 fix the typos 2018-10-19 17:35:26 +08:00
fernando.carletti 4b27e6c8ee
Add flag to disable Basic Auth. 2018-10-16 19:04:38 -05:00
Liviu Damian 9b2a7920cd Fixed node-authorizer systemd Unit paths 2018-10-11 09:36:12 +03:00
captainkerk d132577e21 add targetRamMb to kubeAPIServer spec 2018-10-09 01:46:18 +00:00
captainkerk beb8aebe06 add support for max-mutating-requests-inflight parameter 2018-10-04 05:40:28 +00:00
Justin Santa Barbara 666e290983
Merge pull request #5547 from justinsb/etcd_manager_tests 
Add test for etcd-manager output
 2018-09-22 08:29:30 -07:00
k8s-ci-robot a300c2aa4c
Merge pull request #5106 from ExtraHop/hook-raw-manifest 
Add `useRawManifest` hook option to install `manifest` as a hook unmodified
 2018-09-21 09:23:00 -07:00
k8s-ci-robot 842c925d7f
Merge pull request #5758 from granular-ryanbonham/master 
Add Docker 18.06.1 for Debian Stretch
 2018-09-15 13:18:46 -07:00
k8s-ci-robot 611a343823
Merge pull request #5745 from johanneswuerbach/add-conntrack 
Explicitly install conntrack
 2018-09-14 09:11:43 -07:00
Justin Santa Barbara 7cf432fcba Add test for etcd-manager output 
We need to get this under test coverage so we can start changing it confidently!
 2018-09-14 08:46:32 -04:00
Ryan Bonham 8489f2a2d9 Fix go formating 2018-09-06 15:15:16 -05:00
Ryan Bonham 6207b56077 Add Docker 18.06.1 for Debian Stretch 2018-09-06 08:59:46 -05:00
Johannes Würbach 70ae068945
Explicitly install conntrack 2018-09-04 22:36:02 +02:00
k8s-ci-robot 2f1d2e07f7
Merge pull request #5565 from justinsb/refactor_printer 
Refactor tables package to be more reusable
 2018-09-03 15:28:36 -07:00
Justin Santa Barbara 16985c3abc Remove _kubernetes_master tag 
We can get the master role just as readily from the InstanceGroup spec
 2018-08-14 21:01:07 -04:00
Justin Santa Barbara 76f5ed2d9c Refactor tables package to be more reusable 
We still need the reflect helpers, but we allow for clients to
register their own pretty-printers, which avoids the package
dependency for our pretty-printer.  We register our pretty printers in
an init function in the relevant package (in this case,
upup/pkg/fi/printers.go)

Fix #5551
 2018-08-02 14:09:05 -04:00
Justin Santa Barbara 288c5aaf01 Add error handling (logging) when we fail to close a file 
More missing error handling

Follows on from #5543
 2018-07-28 16:50:13 -04:00
Justin Santa Barbara 2faa68426f Docker installation from tar.gz 
Ubuntu 18.04 doesn't have a package for docker 17.03, but we can still
support it by using the tar.gz package.

This could be a nice fallback for other operating systems in future,
and it might prove to be more reliable than the OS packages.

But start with supporting ubuntu 18.04 with older docker versions!
 2018-07-24 21:58:54 -04:00
Justin Santa Barbara 289c18e17f Add portmap CNI plugin for k8s >= 1.9 
Older CNI versions don't have the portmap plugin, but we should make
it available.
 2018-07-23 09:56:46 -04:00
Rob Graham 4b07a07ad5 Merge branch 'master' into issue-4252-dns 2018-07-23 14:00:09 +01:00
Rob Graham 8ccf42f4a2 GH-4252 Better name for the config value and also add to v1alpha1 API 2018-07-23 13:48:35 +01:00
Rodrigo Menezes f816b00fb9 fix 2018-07-20 13:47:22 -07:00
Rodrigo Menezes 74e8973c6c Fix based on Justins suggestion 2018-07-20 12:25:23 -07:00
Rodrigo Menezes e8476499b0 Allow other CNI drivers to bind a hosts Primary IP 2018-07-20 12:16:38 -07:00
k8s-ci-robot 2dbb6e84f6
Merge pull request #5077 from yancl/master 
change gossip dns conn limit by ENV
 2018-07-19 21:40:52 -07:00
k8s-ci-robot 0e64d32b5b
Merge pull request #5456 from mikesplain/configurable_conntrack 
Add configurable conntrack settings
 2018-07-19 11:11:17 -07:00
k8s-ci-robot 56ccfac26d
Merge pull request #5317 from gambol99/node_registration 
Node Authorization Service
 2018-07-19 05:17:41 -07:00
Mike Splain 188824cba0 Add configurable conntrack settings 2018-07-18 12:11:30 -04:00
Christian Kampka 581eec3eca Don't mount volume for auditLog when STDOUT is configured as path 
Fixes #4202
 2018-07-16 22:53:58 +02:00
k8s-ci-robot 70e3653291
Merge pull request #5417 from mikesplain/fix_docker_config 
Fixes issue when setting docker version
 2018-07-15 17:17:55 -07:00