- fixing the the 'Could not get ipvs family information from the kernel. It is possible that ipvs is not enabled in your kernel. Native loadbalancing will not work until this is fixed.' error
The etcd-manager will (ideally) take over etcd management. To provide a
nice migration path, and because we want etcd backups, we're creating a
standalone image that just backs up etcd in the etcd-manager format.
This isn't really ready for actual usage, but should be harmless because
it runs as a sidecar container.
The current implementation when Etcd TLS was added does not support using calico as the configuration and client certificates are not present. This PR updates the calico manifests and adds the distribution of the client certificate
We have several mechanisms for distro detection, and we were giving a
scary warning if the first failed, though we have several precisely
because the first usually is insufficient.
File assets and the SHA files are uploaded to the new location. Files
when are users uses s3 are upload public read only. The copyfile task
uses only the existing SHA value.
This PR include major refactoring of the use of URLs. Strings are no
longer categnated, but converted into a URL struct and path.Join is
utlilized.
A new values.go file is included so that we can start refactoring more
code out of the "fi" package.
A
While the admin account is created on stock debian images, it isn't on
all of them. Check admin first, then check root, and don't treat it as
an error if neither is found - this is only a convenience.
Automatic merge from submit-queue.
Remove world read permissions on sensitive key files.
The key files pulled from S3 had world read permissions by default (644). This PR sets the permissions to 600 on `.key` and `.pem` files.
Docker 1.13 changed how it set up iptables in a way that broke
forwarding.
We previously got away with it because we set the ip_forward sysctl,
which meant that docker wouldn't change the rule. But if we're using an
image that preinstalled docker, docker might have already reconfigured
iptables before we run, and we didn't set it back.
We now set it back.
https://github.com/kubernetes/kubernetes/issues/40182
Recent versions of systemd (version 229 at least) included in Ubuntu
16.04 and Debian 9 require the systemd unit files to have a .service
extension.
Signed-off-by: Ali Rizwan <ari@hellofresh.com>
Justin Santa Barbara
k8s-ci-robot
Rohith
Simone Sciarrati
Horace Heaven
Mike Splain
chrislovecnm
Tim Hockin
Ian Hoegen
Kashif Saadat
Otto Yiu
Kubernetes Submit Queue
Manuel de Brito Fontes
wannabesrevenge
Blake
Ali Rizwan
Divya Vavili
Mikael Knutsson