kubernetes/kops - kops - Gitea: Git with a cup of tea

Commit Graph

Author	SHA1	Message	Date
Peter Rifel	4d9f0128a3	Upgrade to klog2 This splits up the kubernetes 1.19 PR to make it easier to keep up to date until we get it sorted out.	2020-08-16 20:56:48 -05:00
John Gardiner Myers	4bf8302f14	Move kube-apiserver-healthcheck to port 3990	2020-06-12 22:00:14 -07:00
Justin SB	75fd939a62	kube-apiserver: healthcheck via sidecar container kube-apiserver doesn't expose the healthcheck via a dedicated endpoint, instead relying on anonyomous-access being enabled. That has previously forced us to enable the unauthenticated endpoint on 127.0.0.1:8080. Instead we now run a small sidecar container, which proxies /healthz and /readyz requests (only) adding appropriate authentication using a client certificate. This will also enable better load balancer checks in future, as these have previously been hampered by the custom CA certificate. Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>	2020-05-07 08:06:52 -04:00

Author

SHA1

Message

Date

Peter Rifel

4d9f0128a3

Upgrade to klog2

This splits up the kubernetes 1.19 PR to make it easier to keep up to date until we get it sorted out.

2020-08-16 20:56:48 -05:00

John Gardiner Myers

4bf8302f14

Move kube-apiserver-healthcheck to port 3990

2020-06-12 22:00:14 -07:00

Justin SB

75fd939a62

kube-apiserver: healthcheck via sidecar container

kube-apiserver doesn't expose the healthcheck via a dedicated
endpoint, instead relying on anonyomous-access being enabled.  That
has previously forced us to enable the unauthenticated endpoint on
127.0.0.1:8080.

Instead we now run a small sidecar container, which
proxies /healthz and /readyz requests (only) adding appropriate
authentication using a client certificate.

This will also enable better load balancer checks in future, as these
have previously been hampered by the custom CA certificate.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>

2020-05-07 08:06:52 -04:00

3 Commits