kops/nodeup/pkg/model
Kubernetes Submit Queue 5d5945cb00 Merge pull request #3114 from gambol99/etcd_tls
Automatic merge from submit-queue

Etcd TLS Options

The current implementation does not put any transport security on the etcd cluster. The PR provides and optional flag to enable TLS the etcd cluster

- cleaned up and fixed any formatting issues on the journey
- added two new certificates (server/client) for etcd peers and a client certificate for kubeapi and others perhaps (perhaps calico?)
- disabled the protokube service for nodes completely is not required; note this was first raised in https://github.com/kubernetes/kops/pull/3091, but figured it would be easier to place in here given the relation
- updated protokube codebase to reflect the changes, removing the master option as its no longer required
- added additional integretion tests for the protokube manifests;
- note, still need to add documentation, but opening the PR to get feedback
- one outstanding issue is the migration from http -> https for preexisting clusters, i'm gonna hit the coreos board to ask for the best options
2017-08-06 14:02:06 -07:00
..
resources Configure DockerVersion in Docker Spec 2016-12-20 00:34:40 -05:00
tests Add documentation and update text fixture 2017-07-29 13:29:28 -07:00
architecture.go Configure DockerVersion in Docker Spec 2016-12-20 00:34:40 -05:00
cloudconfig.go Add SG parameter into AWS cloud-config 2017-07-04 15:44:21 +03:00
codecs.go Code updates 2017-03-16 02:40:50 -04:00
context.go Etcd TLS Options 2017-08-06 20:50:05 +01:00
convenience.go Etcd TLS Options 2017-08-06 17:06:46 +01:00
directories.go Initial Container-Optimized OS support 2017-03-20 23:47:37 -04:00
docker.go CoreOS: Ensure docker configuration is loaded 2017-08-04 11:44:12 +02:00
docker_test.go Tidy up kubelet nodeup tests 2017-04-06 00:18:43 -04:00
etcd.go Etcd TLS Options 2017-08-06 17:06:46 +01:00
firewall.go Initial Container-Optimized OS support 2017-03-20 23:47:37 -04:00
hooks.go PoC of hooks 2017-03-31 22:33:25 -04:00
kubeapiserver.go Etcd TLS Options 2017-08-06 20:50:05 +01:00
kubeapiserver_test.go Disable insecure port for apiserver 2017-03-28 21:26:17 -04:00
kubecontrollermanager.go Enable CertificateSigner API on k8s 1.6 2017-04-19 16:10:03 -04:00
kubectl.go Etcd TLS Options 2017-08-06 17:06:46 +01:00
kubelet.go Etcd TLS Options 2017-08-06 17:06:46 +01:00
kubelet_test.go Tidy up kubelet nodeup tests 2017-04-06 00:18:43 -04:00
kubeproxy.go Gossip backed DNS 2017-04-25 01:32:21 -04:00
kuberouter.go add support for kube-router as CNI networking provider 2017-06-09 17:01:31 +05:30
kubescheduler.go Enable RBAC on 1.6 2017-03-28 20:14:13 -04:00
logrotate.go Change logrotate compress to delaycompress 2017-06-29 17:25:46 -07:00
network.go add support for kube-router as CNI networking provider 2017-06-09 17:01:31 +05:30
packages.go Install ethtool in nodeup 2017-02-11 16:16:09 -05:00
protokube.go Etcd TLS Options 2017-08-06 20:50:05 +01:00
secrets.go Etcd TLS Options 2017-08-06 17:06:46 +01:00
sysctls.go Also increase fs.inotify.max_user_watches from default. 2017-07-13 15:50:53 +10:00