github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
54,247 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

411 Commits (28857a2f02ef1490bb6b0109dc1fd7fa5ecae11b)

Author SHA1 Message Date
Hongchao Deng d0938094d9 move new etcd storage into cacher 2016-08-12 18:40:20 -07:00
mksalawa a806351cc3 Extract etcd options from genericapiserver. 2016-08-09 13:35:53 +02:00
Wojciech Tyczynski 8a8cd06ea4 Configurable cache sizes of cachers 2016-08-09 09:41:48 +02:00
Maciej Szulik e6c327048e Forced using batch/v2alpha1 for storing ScheduledJob 2016-08-03 17:25:37 +02:00
k8s-merge-robot 2817674715 Merge pull request #29557 from deads2k/make-prefx-configurable 
Automatic merge from submit-queue

make the resource prefix in etcd configurable for cohabitation

This looks big, its not as bad as it seems.

When you have different resources cohabiting, the resource name used for the etcd directory needs to be configurable.  HPA in two different groups worked fine before.  Now we're looking at something like RC<->RS.  They normally store into two different etcd directories.  This code allows them to be configured to store into the same location.

To maintain consistency across all resources, I allowed the `StorageFactory` to indicate which `ResourcePrefix` should be used inside `RESTOptions` which already contains storage information.

@lavalamp affects cohabitation.
@smarterclayton @mfojtik prereq for our rc<->rs and d<->dc story.
 2016-07-28 03:01:28 -07:00
deads2k aa3db4d995 make the resource prefix in etcd configurable for cohabitation 2016-07-27 07:51:40 -04:00
k8s-merge-robot 0724a9c4dc Merge pull request #28828 from zte-cloud/failmodify 
Automatic merge from submit-queue

modify Failure to failed

use 'failed' is more suitable than 'Failure'
 2016-07-25 12:56:15 -07:00
Dominika Hodovska 037d116add Factory for SharedIndexInformers 2016-07-21 14:04:48 +02:00
Dominika Hodovska ba40a528e1 PluginInitializer as a new part of NewFromPlugins method 2016-07-20 12:53:52 +02:00
Dominika Hodovska fc0a3c6dcb Allow shareable resources for admission control plugins 2016-07-20 12:53:52 +02:00
lojies 77c6176157 modify Failure to failed 2016-07-12 19:11:24 +08:00
David McMahon ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
Eric Chiang ef40aa9572 pkg/master: enable certificates API and add rbac authorizer 2016-05-25 14:24:47 -07:00
CJ Cullen 57f96a932f Add expiration LRU cache for webhook token authenticator. 2016-05-18 11:58:11 -07:00
CJ Cullen eb3b0e78b4 Add a webhook token authenticator plugin. 2016-05-10 14:54:35 -07:00
nikhiljindal 2ffa3b4586 Moving StorageFactory building logic to genericapiserver 2016-05-10 00:57:11 -07:00
Clayton Coleman e0ebcf4216
Split the storage and negotiation parts of Codecs 
The codec factory should support two distinct interfaces - negotiating
for a serializer with a client, vs reading or writing data to a storage
form (etcd, disk, etc). Make the EncodeForVersion and DecodeToVersion
methods only take Encoder and Decoder, and slight refactoring elsewhere.

In the storage factory, use a content type to control what serializer to
pick, and use the universal deserializer. This ensures that storage can
read JSON (which might be from older objects) while only writing
protobuf. Add exceptions for those resources that may not be able to
write to protobuf (specifically third party resources, but potentially
others in the future).
 2016-05-05 12:08:23 -04:00
nikhiljindal 16c0e0a21c Deleting duplicate code from federated-apiserver 2016-05-03 14:04:09 -07:00
Hongchao Deng c0071a1595 add flags to enable etcd3 2016-04-28 09:48:16 +08:00
nikhiljindal f9f1e21e08 Moving master.SSHTunneler to genericapiserver 2016-04-22 11:47:05 -07:00
deads2k 6670b73b18 make storage enablement, serialization, and location orthogonal 2016-04-21 08:18:55 -04:00
Prashanth Balasubramanian 0ac10c6cc2 PetSet type, apps apigroup 2016-04-20 18:49:31 -07:00
nikhiljindal 50a9aceabb Moving more logic to genericapiserver 2016-04-19 00:03:28 -07:00
deads2k e8fb35d4d8 refactor resource overrides as positive logic interface 2016-03-28 09:24:49 -04:00
nikhiljindal 1cccfc7074 Disabling swagger ui by default. Adding a flag to enable it 2016-03-23 13:19:22 -07:00
Brian Grant 532ba5a3c6 Merge pull request #21535 from AdoHe/restore_secure_etcd 
restore ability to run against secured etcd
 2016-03-11 12:14:06 -08:00
AdoHe 7228b9b987 restore ability to run against secured etcd 2016-03-11 11:21:16 -05:00
Wojciech Tyczynski 2f6d034cea Workaround long latency of POST pods 2016-03-03 10:45:43 +01:00
Kris e664ef922f Move restclient to its own package 2016-02-29 12:05:13 -08:00
k8s-merge-robot 43792754d8 Merge pull request #21469 from wojtek-t/parallel_namespace_deletion 
Auto commit by PR queue bot
 2016-02-27 07:26:49 -08:00
Wojciech Tyczynski 506899008f Parallelization of namespace deletion 2016-02-25 16:33:25 +01:00
Eric Chiang 3116346161 *: add webhook implementation of authorizer.Authorizer plugin 2016-02-22 11:39:07 -08:00
Eric Tune ab8cfb968f Enabled batch API group in apiserver 2016-02-19 09:20:56 -08:00
Piotr Szczesniak 264c64ec0d Enabled autoscaling API group in apiserver 2016-02-15 21:39:00 +01:00
Daniel Smith 74400c33ae changes for cross-group moves 2016-02-15 21:39:00 +01:00
k8s-merge-robot 43fb544a4a Merge pull request #21001 from ericchiang/oidc_groups 
Auto commit by PR queue bot
 2016-02-14 05:24:43 -08:00
Eric Chiang 92d37d5cc5 plugin/pkg/auth/authenticator/token/oidc: get groups from custom claim 2016-02-12 09:58:18 -08:00
Chao Xu 184440f8ef rename release_1_2 to internalclientset 2016-02-05 14:02:28 -08:00
magicwang-cn d2cf858560 make watch cache sizes configuratable of kube-apiserver 2016-02-05 15:47:27 +08:00
Nikhil Jindal 59820827d4 Merge pull request #20513 from nikhiljindal/apiserverExampleTest 
Adding test for apiserver example
 2016-02-04 11:28:58 -08:00
nikhiljindal c7beb9078c Updating methods to return error rather than using glog.Fatalf 2016-02-03 16:00:45 -08:00
Chao Xu f9f5736b01 grep sed 2016-02-03 13:06:07 -08:00
k8s-merge-robot 843c11e06a Merge pull request #20452 from caesarxuchao/replace-client-kubelet 
Auto commit by PR queue bot
 2016-02-02 23:46:58 -08:00
Chao Xu cddd7b56a4 replace client with clientset in kubelet and other places 2016-02-02 20:28:45 -08:00
CJ Cullen 04eb90a5d4 Make tunneler hold tunnels open and healthcheck vs. reopening every 5 minutes. 
Also add a test for the Update() logic.
Reordered tunnels vs. storage initialization (prevent a nil ptr panic)
 2016-02-02 12:00:29 -08:00
mqliang b0e06c14e5 add a knob to enable quorum read 2016-01-30 20:32:12 +08:00
Clayton Coleman 4d127dc969 Initialize API servers with negotiated serializers 
Pass down into the server initialization the necessary interface for
handling client/server content type negotiation. Add integration tests
for the negotiation.
 2016-01-22 01:10:22 -05:00
Clayton Coleman 125ef6fbc8 Support content-type negotiation in the API server 
A NegotiatedSerializer is passed into the API installer (and
ParameterCodec, which abstracts conversion of query params) that can be
used to negotiate client/server request/response serialization. All
error paths are now negotiation aware, and are at least minimally
version aware.

Watch is specially coded to only allow application/json - a follow up
change will convert it to use negotiation.

Ensure the swagger scheme will include supported serializations - this
now includes application/yaml as a negotiated option.
 2016-01-22 00:12:50 -05:00
nikhiljindal 2ad642d370 Merge registered and latest and move to apimachinery 2016-01-21 14:42:21 -08:00
Harry Zhang 936a11e775 Use networking to hold network related pkgs 
Change names of unclear methods

Use net as pkg name for short
 2016-01-15 13:46:16 +08:00
nikhiljindal f8d6c56ba6 Extracting server run code to genericapiserver 2016-01-08 18:34:34 -08:00
Clayton Coleman c0c707d92d Split apiserver flags and initialization 
Make it easier to keep defaults and flags clearly identified.
 2016-01-06 21:14:30 -05:00
Clayton Coleman 9dad7e624c Split the serviceaccount package into two parts 
Public utility methods and JWT parsing, and controller specific logic.
Also remove the coupling between ServiceAccountTokenGetter and the
authenticator class.
 2015-12-26 21:28:12 -05:00
Clayton Coleman 3d5ed379b0 authn.go doesn't belong in pkg/apiserver 
apiserver does not need to know about specific authentication
mechanisms, and does not need to take dependencies on all the
authentication packages.
 2015-12-26 21:22:22 -05:00
Mike Danese a09d85bd83 expose master count configuration in a cli option on apiserver 2015-12-18 13:10:41 -08:00
nikhiljindal 2d952aaa87 Extracting APIServer machinery code into a library 2015-12-16 13:54:23 -08:00
k8s-merge-robot 6716290903 Merge pull request #18388 from nikhiljindal/clusterName 
Auto commit by PR queue bot
 2015-12-16 03:50:11 -08:00
deads2k d0aaf13920 use constants for group names 2015-12-14 10:04:10 -05:00
nikhiljindal 724b098855 Deleting unused master.ClusterName param 2015-12-11 13:39:19 -08:00
deads2k ec87d74ecb update InterfacesFor to use GroupVersion 2015-12-11 13:45:41 -05:00
Timothy St. Clair 413d8d18fe Futher storage isolation and removal of the tools interface. 2015-12-09 11:04:14 -06:00
k8s-merge-robot 94752c12a8 Merge pull request #18128 from ZJU-SEL/fix-typo 
Auto commit by PR queue bot
 2015-12-07 15:59:08 -08:00
He Simei 387d861d4e deprecate confusing flag usage 2015-12-04 09:09:23 +08:00
nikhiljindal 5c556baa2f Removing duplicate NewEtcdStorage code 2015-12-03 01:37:44 -08:00
gmarek 459131fd92 Use KubeletPort reported in NodeStatus instead of cluster-wide master config, take 2. 2015-12-02 13:38:17 +01:00
k8s-merge-robot a836b1e261 Merge pull request #17326 from caesarxuchao/grooupVersion-lastest 
Auto commit by PR queue bot
 2015-12-01 05:05:40 -08:00
Chao Xu 6e192760e3 refactoring latest.go GroupVersion; 
clean up latest.go GroupVersions;
remove latest.GroupMeta.Group;
remove latest.GroupMeta.Version.
 2015-11-30 11:30:21 -08:00
harry 477da92002 Move hostIP detection from master to server 
Add PublicAddress in test files

Move valid public addr into util
 2015-11-30 16:17:37 +08:00
deads2k a87d927588 update client.Config to use GroupVersion 2015-11-21 08:29:26 -05:00
feisky 13dce74adb Gendocs for docs/admin/kube-* 2015-10-25 19:24:23 +08:00
nikhiljindal 72914fd81b Updating documentation to reflect the latest status of extension resources 2015-10-21 13:03:33 -07:00
nikhiljindal 7bcc4a6755 Allowing runtimeConfig to support enabling/disabling specific extension resources 2015-10-15 14:24:22 -07:00
k8s-merge-robot 8c753c84eb Merge pull request #15191 from caesarxuchao/validate-UID 
Auto commit by PR queue bot
 2015-10-15 04:20:24 -07:00
Chao Xu be0754750f add common fields validation before updaing a resource; make the repair of malformed update request flippable by a flag. 2015-10-13 16:28:32 -07:00
Jordan Liggitt 1043126135 Refactor SSH tunneling, fix proxy transport TLS/Dial extraction 2015-10-12 11:17:01 -04:00
k8s-merge-robot 95b265390e Merge pull request #14900 from mqliang/log 
Auto commit by PR queue bot
 2015-10-10 09:29:53 -07:00
Chao Xu 80f213c376 "experimental" -> "extensions" 2015-10-09 15:14:03 -07:00
Chao Xu 0b7e3c7dd1 experimental/v1alpha1->extensions/v1beta1 2015-10-09 15:01:33 -07:00
mqliang 5a349aeb58 capitalize the first letter of log files in module cmd 2015-10-06 13:56:37 +08:00
jayvyas be2a2ec3cd NodePort apiserver option for exposing KubernetesMasterService NodePort on startup. 2015-10-05 20:34:25 -04:00
Wojciech Tyczynski 0f1cbe37a4 Events in separate etcd 2015-10-05 10:54:24 +02:00
eulerzgy b1be6bc8ea add log err value 2015-09-29 17:09:25 +08:00
Chao Xu c449baea46 Remove ExpStorageVersion and Add StorageVersions to APIServer struct 2015-09-24 17:44:59 -07:00
Chao Xu ae1293418b move experimental/v1 to experimental/v1alpha1; 
use "group/version" in many places where used to expect "version" only.
 2015-09-24 15:32:11 -07:00
k8s-merge-robot 6c30a0e170 Merge pull request #13955 from caesarxuchao/API-discovery 
Auto commit by PR queue bot
 2015-09-21 14:01:36 -07:00
Chao Xu 1278771b34 let apiserver support api discovery 2015-09-21 12:20:24 -07:00
Federico Simoncelli f21d9ac9e4 Support pods with containers using host ipc 
Add a HostIPC field to the Pod Spec to create containers sharing
the same ipc of the host.

This feature must be explicitly enabled in apiserver using the
option host-ipc-sources.

Signed-off-by: Federico Simoncelli <fsimonce@redhat.com>
 2015-09-18 21:13:39 +02:00
k8s-merge-robot 445fde3dc5 Merge pull request #13447 from pweil-/pid-mode 
Auto commit by PR queue bot
 2015-09-16 23:34:35 -07:00
Chao Xu 9bef5ff99d register experimental apis as apis/experimental/.. 
mark --api-version as deprecated
 2015-09-15 11:25:01 -07:00
Paul Weil ed80c2b940 pid mode 2015-09-15 13:51:44 -04:00
Chao Xu c733124920 address lavalamp's comments 2015-09-11 17:34:32 -07:00
Chao Xu 3dc5223f4f check if experimental is enabled during startup of client and server 2015-09-11 17:34:32 -07:00
Chao Xu dd6c121d7f massive changes 2015-09-11 17:31:47 -07:00
Daniel Smith ccd9e3e247 Run all automated tools 2015-09-11 16:11:08 -07:00
Daniel Smith 4c2adabf42 move; sed replace 2015-09-11 16:03:22 -07:00
k8s-merge-robot f867ba3ba1 Merge pull request #13682 from ryfow/block-startup-for-cert 
Auto commit by PR queue bot
 2015-09-10 00:24:23 -07:00
k8s-merge-robot 434f05c0e3 Merge pull request #13705 from liggitt/attach 
Auto commit by PR queue bot
 2015-09-09 18:19:35 -07:00
k8s-merge-robot 45742e885c Merge pull request #13452 from aveshagarwal/master-api-rate-burst-remove 
Auto commit by PR queue bot
 2015-09-09 00:42:59 -07:00
Jordan Liggitt b2268574c5 Add pods/attach to long running requests, protect in admission for privileged pods 2015-09-09 00:49:00 -04:00
k8s-merge-robot 015389eba1 Merge pull request #13672 from jayunit100/apiserver-cert-doc 
Auto commit by PR queue bot
 2015-09-08 11:42:28 -07:00
Ryan Fowler d22a29cf66 Block apiserver startup on certificate 
With some regularity, if the root certificate file needs to be generated
the apiserver could come up on the non-secure port before the cert
was generated.

`hack/local-up-cluster.sh` requires that apiserver.crt exists
before the replication controller starts. Otherwise service accounts
and secrets don't work.

This change just takes the certificate handling code out of the `go`.
 2015-09-08 11:35:32 -05:00
jay vyas 4283201aea [minor] cert file cmd line string fix 2015-09-08 09:50:15 -04:00
Ruddarraju, Uday Kumar Raju f8d6f13f7c Union of authorizers 2015-09-04 11:04:50 -07:00
derekwaynecarr ab1f4c5c2c Fix typo in api server flag 2015-09-04 11:38:36 -04:00
Avesh Agarwal f0d0e2a089 Remove unused api-rate and api-burst params. 2015-09-03 17:57:35 -04:00
Timothy St. Clair 2145371c45 Plumb through configuration option to disable watch cache 
because we are seeing anomolies on our cluster.
 2015-08-28 12:36:40 -05:00
Yu-Ju Hong 3bc2157889 Merge pull request #13100 from pweil-/cap-priv-sources 
use privileged source object
 2015-08-25 16:10:50 -07:00
Yifan Gu aca6368e3c plugin/oidc: add minor documentation details. 2015-08-24 15:25:26 -07:00
Paul Weil 709e654686 use privileged source object 2015-08-24 16:53:43 -04:00
Yifan Gu 6376e41850 plugin/pkg/auth: add OpenID Connect token authenticator. 
Also add related new flags to apiserver:
"--oidc-issuer-url", "--oidc-client-id", "--oidc-ca-file", "--oidc-username-claim",
to enable OpenID Connect authentication.
 2015-08-21 15:27:08 -07:00
Saad Ali c1a2c6dee7 Merge pull request #10713 from thockin/no-localhost-endpoints 
Check loopback and link-local multicast endpoints
 2015-08-19 12:48:33 -07:00
gmarek 3c907b33e1 Remove external function setting Kubelet flags 2015-08-19 13:20:41 +02:00
Tim Hockin 86f4535871 Check loopback and link-local multicast endpoints 
Previously we just disallowed link-local (unicast).  This disallows loopback
and link-local multicast.
 2015-08-18 21:50:27 -07:00
Kris Rousey ae6c64d9bb Moving everyone to unversioned client 2015-08-18 10:23:03 -07:00
Bin Wang 0547c52c2c Enforce specified service-cluster-ip-range is not too large 2015-08-18 10:35:21 +08:00
Eric Paris 347c7b5b82 Mark some flags as deprecated so thus don't show up in help 2015-08-14 19:28:03 -04:00
Ruddarraju, Uday Kumar Raju 937db3f70d Keystone authentication plugin 2015-08-13 09:46:30 -07:00
Eric Paris 1333fad22a Remove BindClientConfigFlags entirely 
They are unused.
 2015-08-11 16:26:24 -04:00
Alex Robinson 11fcd3bb39 Merge pull request #12478 from eparis/use-pflag-network 
Use pflags for net.IP and net.IPNet instead of custom flag types
 2015-08-10 11:55:54 -07:00
Eric Paris f3282ff4d2 Use pflag IPNet instead of our own helpers 
Since pflag can handle net.IPNet arguements use that code. This means
that our code no longer has casts back and forth and just natively uses
net.IPNet.
 2015-08-10 10:15:08 -04:00
Eric Paris fe6b633e2a Convert for util.IP to just use a net.IP 
pflag can handle IP addresses so use the pflag code instead of doing it
ourselves. This means our code just uses net.IP and we don't have all of
the useless casting back and forth!
 2015-08-10 10:15:05 -04:00
Veres Lajos 9f77e49109 typofix - https://github.com/vlajos/misspell_fixer 2015-08-08 22:31:48 +01:00
Eric Paris 7cbb52ce04 Use the pflag StringSlice instead of implementing it ourselves 
Saves code and makes our code easier to read because we just use normal
[]string instead of custom type.
 2015-08-06 19:16:13 -04:00
Mike Danese 17defc7383 run gofmt on everything we touched 2015-08-05 17:52:56 -07:00
Mike Danese 8e33cbfa28 rewrite go imports 2015-08-05 17:30:03 -07:00
Muhammed Uluyol 58a875ac2c Add (stopgap) support for an experimental API prefix. 2015-07-30 18:14:29 -07:00
Wojciech Tyczynski 99d6b0e9f4 Rename storage interfaces 2015-07-30 10:34:57 +02:00
Wojciech Tyczynski d17985f1ad Move StorageInterface to pkg/storage. 2015-07-30 09:32:04 +02:00
Brendan Burns 99b02bfe73 Add optional throttling to the proxy/exec/attach methods 2015-07-29 13:51:20 -07:00
Marek Grabowski 7cc1855c27 Merge pull request #11806 from wojtek-t/private_etcd_helper 
Make EtcdHelper private - expose only StorageInterface
 2015-07-27 11:21:28 +02:00
Marek Grabowski 00cd52dd68 Merge pull request #10656 from krousey/timeouts 
Adding proper timeouts.
 2015-07-27 10:56:58 +02:00
Wojciech Tyczynski 9d943df397 Private EtcdHelper 2015-07-27 09:20:13 +02:00
Mike Danese 859f440f74 Merge pull request #11666 from wojtek-t/refactor_etcd_helper 
Extract EtcdHelper interface
 2015-07-24 11:07:46 -07:00
Mike Danese ae1c8e55ef Merge pull request #11737 from thockin/cleanup-remove-v1beta3 
Remove v1beta3
 2015-07-24 10:25:56 -07:00
Wojciech Tyczynski fdb3f45077 Extract EtcdHelper interface 2015-07-24 09:28:02 +02:00
Vish Kannan 2a5a6b99cb Merge pull request #10635 from smarterclayton/cloud_provider_should_err 
Cloud provider should return an error
 2015-07-23 17:50:45 -07:00
Tim Hockin 1c3233a1d4 Remove v1beta3 2015-07-23 17:21:27 -07:00
Wojciech Tyczynski ee92aa3897 Prepare for extracting EtcdHelper interface 2015-07-23 09:37:39 +02:00
Kris Rousey 1d033b9912 Adding proper timeouts. 2015-07-10 14:42:59 -07:00
nikhiljindal c465a50891 Stop exposing v1beta3 by default 2015-07-08 15:27:41 -07:00
Eric Paris cde68d294b Do not create subject alt dns names for kubelet self signed certs 
PR #10643 Started adding the dns names for the kubernetes master to self
sign certs which were created. The kubelet uses this same code, and thus
the kubelet cert started saying it was valid for these name as well.
While hardless, the kubelet cert shouldn't claim to be these things. So
make the caller explicitly list both their ip and dns subject alt names.
 2015-07-04 23:01:01 -04:00
Eric Paris 7a29af4d2c Add Subject Alt Names to self signed apiserver certs 
A cert from GCE shows:
- IP Address:23.236.49.122
- IP Address:10.0.0.1
- DNS:kubernetes,
- DNS:kubernetes.default
- DNS:kubernetes.default.svc
- DNS:kubernetes.default.svc.cluster.local
- DNS:e2e-test-zml-master

A similarly configured self signed cert shows:
- IP Address:23.236.49.122
- IP Address:10.0.0.1
- DNS:kubernetes
- DNS:kubernetes.default
- DNS:kubernetes.default.svc

So we are missing the fqdn kubernetes.default.svc.cluster.local. The
apiserver does not even know the fqdn! it's defined entirely by the
kubelet! We also do not have the cluster name certificate. This may be
--cluster-name= argument to the apiserver but will take a bit more
research.
 2015-07-01 17:05:17 -04:00
Clayton Coleman d8bb4552de Cloud provider should return an error 
Not fatal - makes cloud provider useful in methods that
can return error.
 2015-07-01 14:41:49 -04:00
Aaron Levy e991a1543f Use blank default for old-etcd-prefix 2015-06-26 18:19:40 -07:00
Jordan Liggitt 64d61185eb Re-enable ECDSA private server key use 2015-06-16 23:03:29 -04:00
Mike Danese 677855f1a9 fix longRunningRequestRE to something that doesn'tt push -f orig match pretty much all requests. 2015-06-16 13:48:10 -07:00
Justin Santa Barbara 6f3879e3bb Actually pass down ServiceNodePortRange so it is used 
Also fix default range to match what we've documented (off-by-one)

Fix #9318
 2015-06-08 18:03:42 -04:00
krousey 5aa0219ada Merge pull request #9292 from cjcullen/test_pull_8946 
Add an ssh tunnel option to the /proxy endpoint
 2015-06-08 14:30:12 -07:00
CJ Cullen cb317604ab Some refactoring. Only selectively use ssh proxy. 
Add NetworkName to gce.Config.
Add locking to uses of master.tunnels.
 2015-06-05 14:55:16 -07:00
Brendan Burns 5115fd5703 Add key generation. 2015-06-05 14:55:15 -07:00
Brendan Burns 30a89968a4 Initial proxy tunnelling. 2015-06-05 14:54:20 -07:00
Prashanth Balasubramanian 50eb9ad598 Use https only for the kubelet port 2015-06-05 14:06:38 -07:00
Chao Xu ef61b031f5 make v1 enabled by default 2015-06-04 11:37:44 -07:00
Daniel Smith 1690617ee6 remove ro service 2015-06-03 16:45:54 -07:00
Prashanth Balasubramanian 0162529ea5 Default minRequestTimeout to 1800s 2015-06-03 08:47:45 -07:00
Prashanth Balasubramanian 448867073d Pipe minRequestTimeout as an arg to the apiserver 2015-06-03 08:44:14 -07:00
CJ Cullen 934c553c04 Clarify description/usage of --advertise-address, Master.PublicAddress 2015-06-02 15:23:32 -07:00
CJ Cullen 085a48a70e Add an advertise-address flag. This allows the address that the apiserver binds 
to (possibly 0.0.0.0) to be different than the address on which members of the cluster
can reach the apiserver (possibly not a local interface).
 2015-06-02 14:33:15 -07:00
Eric Tune 3db1f69eea Merge pull request #8764 from eparis/sd_notify 
API server explicitly notify systemd of successful startup
 2015-06-01 10:28:49 -07:00
Kris f4e2c738f6 Delete deprecated API versions 
pkg/service:

There were a couple of references here just as a reminder to change the
behavior of findPort. As of v1beta3, TargetPort was always defaulted, so
we could remove findDefaultPort and related tests.

pkg/apiserver:

The tests were using versioned API codecs for some of their encoding
tests. Necessary API types had to be written and registered with the
fake versioned codecs.

pkg/kubectl:

Some tests were converted to current versions where it made sense.
 2015-05-29 17:17:35 -07:00
Tim Hockin 3005471100 Add new apiserver flags for clusterIP (nee portal) 
Leave old flags but marked as deprecated
 2015-05-28 16:10:44 -07:00
Tim Hockin 4318ca5a8b Rename 'portal IP' to 'cluster IP' most everywhere 
This covers obvious transforms, but not --portal_net, $PORTAL_NET and
similar.
 2015-05-28 16:10:44 -07:00
Eric Paris 9d304774d4 report glog error if unable to tell systemd things worked 2015-05-28 16:01:27 -04:00
Eric Paris 28ac1b3395 API server explicitly notify systemd of successful startup 
Use the systemd $NOTIFY_SOCKET convention for kube-apiserver
startup. This allows it to be part of dependency trees and for
consumers to wait until it is listening on its ports.

The $NOTIFY_SOCKET protocol is described here:

http://www.freedesktop.org/software/systemd/man/sd_notify.html

Currently this is limited to the kube-apiserver process. Other
kube processes are internal kubernetes moving points. The API
server is the entry point relied on by callers.

100% stolen from Stef Walter from:
https://github.com/GoogleCloudPlatform/kubernetes/pull/8316
 2015-05-28 15:59:26 -04:00
Justin Santa Barbara 3bb2fe2425 Create port allocator, based on IP allocator mechanism 
Including some refactoring of IP allocator
 2015-05-22 19:14:28 -04:00
Prashanth Balasubramanian 8a5445d3db Randomize apiserver watch timeouts 2015-05-21 20:52:33 -07:00
Jordan Liggitt d90e7409e4 Prevent auth recursion for service account tokens 2015-05-16 23:39:07 -04:00
nikhiljindal fa9f864782 Adding a script to update etcd objects 2015-05-15 16:20:35 -07:00
Nikhil Jindal d75bd8bf2a Merge pull request #7101 from liggitt/service_account 
ServiceAccounts
 2015-05-12 10:23:41 -07:00
Brendan Burns d8f48290e9 Add a flag to disable legacy APIs 2015-05-11 16:09:25 -07:00
Jordan Liggitt db1f0dc906 JWT token generation/verification 2015-05-11 17:18:06 -04:00
Clayton Coleman e200d5a317 Make PortalIP alloc HA 
* Add an allocator which saves state in etcd
* Perform PortalIP allocation check on startup and periodically afterwards

Also expose methods in master for downstream components to handle IP allocation
/ master registration themselves.
 2015-05-08 13:34:16 -04:00
Karl Beecher 0473f652fd Add startup code to apiserver to migrate etcd keys 
Refs: #3476
 2015-05-05 12:28:14 +02:00
Eric Paris 6b3a6e6b98 Make copyright ownership statement generic 
Instead of saying "Google Inc." (which is not always correct) say "The
Kubernetes Authors", which is generic.
 2015-05-01 17:49:56 -04:00
Brian Grant a4316aa638 Merge pull request #7454 from nikhiljindal/v1 
Cloning v1beta3 as v1 and exposing it in the apiserver
 2015-04-28 18:06:57 -07:00
nikhiljindal c4d7e19c8c Cloning v1beta3 as v1 and exposing it in the apiserver 2015-04-28 16:06:03 -07:00
Brendan Burns c9f4d8e57e Merge pull request #7425 from roberthbailey/basic-auth-headers 
Set the 'WWW-Authenticate' header on 401 responses when basic auth is enabled
 2015-04-28 11:10:05 -07:00
Daniel Smith 19ae113fe0 Merge pull request #7353 from wojtek-t/too_many_dials 
Increase maxIdleConnection limit when creating etcd client in apiserver.
 2015-04-28 11:03:12 -07:00
Robert Bailey 4304b1d24a Set the 'WWW-Authenticate' header on 401 responses when basic 
auth is enabled. This is required for basic auth to work with
web browsers.
 2015-04-28 11:00:05 -07:00
Robert Bailey 6d85dcb4a0 Add support for HTTP basic auth to the kube-apiserver. 2015-04-28 10:33:51 -07:00
Wojciech Tyczynski 07400f9d2b Increase maxIdleConnection limit in etcd client. 2015-04-28 09:50:56 +02:00
Tim Hockin a3d45fada8 Change flags to use dashes in help 2015-04-27 15:11:03 -07:00
Karl Beecher a7623ca6cc Adds ability to define a prefix for etcd paths 
The API server can be supplied (via a command line flag) with a custom
prefix that is prepended to etcd resources paths.

Refs: #3476
 2015-04-24 12:12:39 +02:00
Kenjiro Nakayama c7d3a72c6a Fix gofmt complaint 2015-04-21 09:36:41 +09:00
Kenjiro Nakayama 5e2e59e728 Add more help description to cert_dir flag 2015-04-20 00:35:56 +09:00
Kenjiro Nakayama 51d0443dde Add cert_dir option to kube-apiserver 2015-04-19 17:40:08 +09:00
Alex Robinson 2b14fc1d14 Remove the cloud provider field from the services REST handler and the master 
now that load balancers are handled by the ServiceController.
 2015-04-14 18:56:47 +00:00
Timothy St. Clair 2b60111fca Performance change to option enable client.QPS, client.Burst 
and change default on max_requests_inflight.
 2015-04-10 07:53:54 -05:00
Timothy St. Clair 9177baa64c Enable profiling by default re: #6623 2015-04-09 10:52:37 -05:00
Tim Hockin f2c8decffe Clarify network-related flags in the master 
Rename and rejigger flags to make it more obvious what is happening.  Change
the default listen from ChooseHostInterface() to 0.0.0.0.
 2015-04-07 15:55:51 -07:00
Eric Tune e49424785e Merge pull request #6380 from roberthbailey/kubelet-ssl 
Configure the kubelet to use HTTPS (take 2)
 2015-04-03 13:43:00 -07:00
Quinton Hoole 4a2000c4aa Merge pull request #6207 from brendandburns/server 
Add a limit to the number of in-flight requests that a server processes.
 2015-04-02 15:46:54 -07:00
Robert Bailey f15e34a1bf Revert "Merge pull request #6309 from GoogleCloudPlatform/revert-6243-kubelet-ssl" 
This reverts commit 96a0a0d618, reversing
changes made to 2af9b54147.
 2015-04-02 10:44:37 -07:00
Brendan Burns f327e97661 Add a limit to the number of in-flight requests that a server processes. 2015-04-01 15:06:15 -07:00
Robert Bailey 22d9c67cb7 Merge pull request #6190 from liggitt/client_cert_auth 
Add client cert authentication
 2015-04-01 14:11:29 -07:00
Robert Bailey 32a1c052dc Revert "Configure the kubelet to use HTTPS" 2015-04-01 13:59:31 -07:00
Jordan Liggitt c797a91e36 Add client cert authentication 2015-04-01 13:42:26 -04:00
Robert Bailey 58bc792e68 Configure the master to connect to the kubelet using HTTPS. 2015-04-01 09:09:29 -07:00
nikhiljindal 478b7d5edf Repurposing enableV1beta3 to disableV1beta3 in master config to enable v1beta3 by default 2015-03-30 11:50:10 -07:00
Brian Grant 984bc8d5f6 Merge pull request #5635 from ravigadde/master 
Add timeout to kubelet client
 2015-03-26 14:55:24 -07:00
Brendan Burns 7c684e4331 Pipe through the ability to set the external hostname for swagger URLs. 2015-03-25 21:08:05 -07:00
Victor Marmol cf7e2756b5 Add HostNetworkSources capability to limit use of HostNetwork. 2015-03-25 11:23:06 -07:00
Filip Grzadkowski 74da3b14b0 Delete pod_cache and rely on updating pod status by kublet. 2015-03-25 15:08:09 +01:00
Ravi Gadde 5871e53060 Add timeout to kubelet client 2015-03-20 18:46:45 -07:00
nikhiljindal 7e36bbab3c Updating integration tests to test both API versions - v1beta1 and 3 2015-03-18 15:24:11 -07:00
Timothy St. Clair 7eebf674d4 Update to option enable profiling on the master daemon processes. 
--profiling=true , default is false
 2015-03-13 10:45:01 -05:00
saadali 7e258b85bd Reduce TTL for events in etcd from 48hrs to 1hr 2015-03-11 12:41:45 -07:00
Filip Grzadkowski 86b1c90097 Add flag to control probing pods statuses from kubelets. 2015-03-02 16:06:14 +01:00
Satnam Singh 19b927ea57 Name a cluster and use it to make forwarding rules for GCE 2015-02-23 17:04:33 -08:00
Tim Hockin cb09571768 keep hyperkube noise in one place 2015-02-20 08:49:12 -08:00
Tim Hockin 899d30f16a move pkg/master/server to cmd/kube-apiserver/app 2015-02-20 08:49:12 -08:00