github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #51824 from ihmccreery/oss-mdc 

Automatic merge from submit-queue (batch tested with PRs 51824, 50476, 52451, 52009, 52237)

Allow metadata firewall & proxy on in GCE, off by default

**What this PR does / why we need it**: Add necessary variables in kube-env to allow a user to turn on metadata firewall and proxy for K8s on GCE.

Ref #8867.

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: 

**Special notes for your reviewer**:

**Release note**:

```release-note
GCE users can enable the metadata firewall and metadata proxy with KUBE_FIREWALL_METADATA_SERVER and ENABLE_METADATA_PROXY, respectively.
```
pull/6/head
Kubernetes Submit Queue 2017-09-15 01:07:58 -07:00 committed by GitHub
parent 9d8c11924f 6930f5ac31
commit b3e641d7f3
3 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
cluster/common.sh
View File

@ -750,6 +750,16 @@ EOF
if [ -n "${ENABLE_CUSTOM_METRICS:-}" ]; then if [ -n "${ENABLE_CUSTOM_METRICS:-}" ]; then
cat >>$file <<EOF cat >>$file <<EOF
ENABLE_CUSTOM_METRICS: $(yaml-quote ${ENABLE_CUSTOM_METRICS}) ENABLE_CUSTOM_METRICS: $(yaml-quote ${ENABLE_CUSTOM_METRICS})
EOF
fi
if [ -n "${ENABLE_METADATA_PROXY:-}" ]; then
cat >>$file <<EOF
ENABLE_METADATA_PROXY: $(yaml-quote ${ENABLE_METADATA_PROXY})
EOF
fi
if [ -n "${KUBE_FIREWALL_METADATA_SERVER:-}" ]; then
cat >>$file <<EOF
KUBE_FIREWALL_METADATA_SERVER: $(yaml-quote ${KUBE_FIREWALL_METADATA_SERVER})
EOF EOF
fi fi
if [ -n "${FEATURE_GATES:-}" ]; then if [ -n "${FEATURE_GATES:-}" ]; then

8
cluster/gce/config-default.sh
View File

@ -146,9 +146,11 @@ if [[ ${NETWORK_POLICY_PROVIDER:-} == "calico" ]]; then
NODE_LABELS="${NODE_LABELS},projectcalico.org/ds-ready=true" NODE_LABELS="${NODE_LABELS},projectcalico.org/ds-ready=true"
fi fi
# Turn the simple metadata proxy on by default. # Currently, ENABLE_METADATA_PROXY supports only "simple". In the future, we
ENABLE_METADATA_PROXY="${ENABLE_METADATA_PROXY:-simple}" # may add other options.
if [[ ${ENABLE_METADATA_PROXY} != "false" ]]; then ENABLE_METADATA_PROXY="${ENABLE_METADATA_PROXY:-}"
# Apply the right node label if metadata proxy is on.
if [[ ${ENABLE_METADATA_PROXY:-} == "simple" ]]; then
NODE_LABELS="${NODE_LABELS},beta.kubernetes.io/metadata-proxy-ready=true" NODE_LABELS="${NODE_LABELS},beta.kubernetes.io/metadata-proxy-ready=true"
fi fi

5
cluster/gce/config-test.sh
View File

@ -199,9 +199,8 @@ if [[ ${NETWORK_POLICY_PROVIDER:-} == "calico" ]]; then
NODE_LABELS="$NODE_LABELS,projectcalico.org/ds-ready=true" NODE_LABELS="$NODE_LABELS,projectcalico.org/ds-ready=true"
fi fi
# Turn the simple metadata proxy on by default. # Apply the right node label if metadata proxy is on.
ENABLE_METADATA_PROXY="${ENABLE_METADATA_PROXY:-simple}" if [[ ${ENABLE_METADATA_PROXY:-} == "simple" ]]; then
if [[ ${ENABLE_METADATA_PROXY} != "false" ]]; then
NODE_LABELS="${NODE_LABELS},beta.kubernetes.io/metadata-proxy-ready=true" NODE_LABELS="${NODE_LABELS},beta.kubernetes.io/metadata-proxy-ready=true"
fi fi