PR #10643 Started adding the dns names for the kubernetes master to self
sign certs which were created. The kubelet uses this same code, and thus
the kubelet cert started saying it was valid for these name as well.
While hardless, the kubelet cert shouldn't claim to be these things. So
make the caller explicitly list both their ip and dns subject alt names.
This is a partial reversion of #9728, and should fix#10612.
9728 used the AWS instance id as the node name. But proxy, logs
and exec all used the node name as the host name for contacting the minion.
It is possible to resolve a host to the IP, and this fixes logs. But
exec and proxy also require an SSL certificate match on the hostname,
and this is harder to fix.
So the sensible fix seems to be a minimal reversion of the changes in #9728,
and we can revisit this post 1.0.
Report an error if someone asks for --all-namespaces
when getting a thing that is not namespaced.
This is in preparation for a subsequent commit which prints namespace
as its own column.
Restructured test to expect an error for non-namespaced things.
Dropped the part where it was trying to test that not printing
namespace didn't contain namespace. Some other test can cover that.
Changes include:
- Add kube-ui binary for serving static dashboard UI
- Add kube-ui docker image, replication controller, and service
- Make the kube-ui a cluster-addon (enabled by default)
- Split the compiled pkg/ui/datafile.go into separate dashboard and swagger packages
- Update docs to reflect changes
If a pod was deleted and the associated volumes/directory were removed, there
could be a window where the pod worker is still active. If the pod worker tries
to inspect the logs, such an error would be logged. Since the pod has been
deleted, such error messages are meaningless.
This change stops logging this error, but stores the error string in the pod
status. The pod status will be updated for pods that are still alive, and will
be discarded eventually for deleted pods.
A cert from GCE shows:
- IP Address:23.236.49.122
- IP Address:10.0.0.1
- DNS:kubernetes,
- DNS:kubernetes.default
- DNS:kubernetes.default.svc
- DNS:kubernetes.default.svc.cluster.local
- DNS:e2e-test-zml-master
A similarly configured self signed cert shows:
- IP Address:23.236.49.122
- IP Address:10.0.0.1
- DNS:kubernetes
- DNS:kubernetes.default
- DNS:kubernetes.default.svc
So we are missing the fqdn kubernetes.default.svc.cluster.local. The
apiserver does not even know the fqdn! it's defined entirely by the
kubelet! We also do not have the cluster name certificate. This may be
--cluster-name= argument to the apiserver but will take a bit more
research.
If an authorization header is already set via the client or request,
the bearer transport for the client should not override the
Authorization header.
Allows one client to be used for multiple users when acting as a
proxy or gateway.
Some downstream components want to use a StringSet in their internal
objects, but leaving util.empty private means that generated conversions
cannot create constructors generically for those objects. This makes
Empty public until such a time as the generator supports private types.
This change allows the namespace in kubeconfig to be overridden by
specifying the namespace in the spec file. If namespace is explicitly
provided in the command line flags and the spec file has a different
namespace, this will cause an error.
MarkDv