c78b71d399
AWS: Treat ubuntu as an alias for 'latest ubuntu', i.e. 'vivid'
2015-07-08 17:00:44 -04:00
dfac73d31a
AWS: Change default OS to Ubuntu Vivid Vervet
...
The background for this change is in #9675 .
In short, Vivid Vervet gives us a supported/updated image,
that runs Docker with a working storage engine, but doesn't
require a reboot as part of node start.
Fixes #9675 .
2015-07-08 17:00:44 -04:00
bdb2196abe
AWS: Initial support for Ubuntu Vivid Vervet
2015-07-08 17:00:43 -04:00
7dd0dc1786
Merge pull request #10752 from justinsb/aws_query_by_subnet_id
...
AWS: Query by subnet-id, if we have it
2015-07-08 13:57:33 -07:00
3dd3d6e889
Merge pull request #10751 from justinsb/aws_existing_subnet
...
AWS: Allow callers to specify VPC_ID and SUBNET_ID
2015-07-08 13:57:13 -07:00
8e69495f7f
AWS: Add jessie support to cluster script
2015-07-08 16:47:55 -04:00
2e282013a8
Generate a kubeconfig file for the kubelet.
2015-07-07 21:29:38 -07:00
0947b2715a
Merge pull request #9949 from iterion/aws-production-instance-types
...
AWS: Note about instance types
2015-07-07 10:16:22 -07:00
83fbcba97b
Merge pull request #10698 from justinsb/aws_master_sans
...
AWS: Configure SSL certificate alternate-names
2015-07-06 09:57:44 -07:00
acf848a597
Merge pull request #10552 from shauns/patch-1
...
Respect DNS_DOMAIN setting in AWS+CoreOS
2015-07-06 09:36:54 -07:00
cc68f87a7b
AWS: Query by subnet-id, if we have it
...
If we are matching an existing subnet-id, query using that subnet-id!
2015-07-06 10:14:15 -04:00
2429c7edf8
AWS: Allow callers to specify VPC_ID and SUBNET_ID
...
This is for people that want to run in a shared VPC/Subnet; while this should
work, we don't actively want to support it yet. So we don't block it,
but we don't document/encourage it either!
2015-07-06 10:10:34 -04:00
c676c11189
AWS: Configure SSL certificate alternate-names
...
GCE does this in its per-provider scripts; this does the same for AWS and lets
other providers do the same; I believe kube2sky requires 10.0.0.1 as a SAN.
2015-07-03 01:18:07 -04:00
2a8d46864b
AWS: Use the SSH key fingerprint, not the AWS fingerprint
...
This is unfortunate, because it means we have two fingerprints,
although arguably the OpenSSH key fingerprint is much more common.
However, the OSX Mavericks version of ssh-keygen can't compute
the AWS fingerprint correctly (e.g. https://www.netmeister.org/blog/ssh2pkcs8.html )
So we work on OSX Mavericks, we use the more common OpenSSH fingerprint.
2015-07-01 04:10:48 -07:00
74bb1b349a
Respect DNS_DOMAIN setting in AWS+CoreOS
...
Without this change, CoreOS minion nodes are unable to perform short-name DNS lookups by default, as the default value for `DNS_DOMAIN` is `cluster.local`, which doesn't match the hard-coded value here.
2015-06-30 17:48:15 +01:00
1c0b765df6
Merge pull request #10359 from justinsb/aws_fix_options
...
Fix AWS options doc
2015-06-26 23:16:51 -07:00
e6f14a21ce
Merge pull request #10403 from justinsb/ebs-for-master-data-2
...
AWS: Use persistent disk on master
2015-06-26 21:52:10 -07:00
a3cb84fa56
AWS: Wait for disk to be attached in setup-master-pd.sh
2015-06-26 11:52:45 -04:00
6e09cd3ffd
AWS: Create/reuse master pd directly
2015-06-26 11:52:45 -04:00
0a4f03f235
AWS: Mount ephemeral on /mnt/ephemeral
...
If we're going to have a persistent disk on /mnt/master-pd, it seems risky
sometimes to have /mnt be a mounted volume.
A new consistent approach: we mount volumes under /mnt/<name>.
2015-06-26 11:52:45 -04:00
7059f379a4
AWS: Mount persistent disk as sdb on master
2015-06-26 11:52:44 -04:00
66e0c5432f
Use EBS for Master Data
...
Signed-off-by: Adam Sunderland <iterion@gmail.com>
2015-06-26 11:52:44 -04:00
3ef028148d
Fix AWS options doc
...
Fix formatting, and ZONE should have been KUBE_AWS_ZONE.
2015-06-26 11:16:44 -04:00
58df58f3d7
Remove unused enable_node_monitoring option
...
Back in 1a7f7245e7
2015-06-25 20:57:56 -04:00
280f99afd9
EOL our registry caching mirror
...
Docker's v1 registry has gotten slower and slower, and they have no
interest in fixing it. Using a mirror forces v1 mode. Measurements
show that v1 with our mirror is slower than v2 with docker's registry in
just about all metrics.
2015-06-24 09:56:59 -07:00
e2d496e45d
Merge pull request #9737 from iterion/use-openssl-rsa
...
AWS: Use RSA to Generate Fingerprint
2015-06-23 10:14:27 -07:00
2a5ed2f086
AWS: Use auto-scaling group to run minions
...
This uses the dynamic CIDR work, and we set source-dest-check to false
when we configure the route (which kind-of makes sense)
2015-06-19 10:22:15 -04:00
a4e15cdf3e
AWS: Configure minion routes dynamically
...
We need to implement the Routes interface, and then enable the functionality in the cluster scripts.
2015-06-18 14:59:37 -07:00
304d75caf9
Not about instance types
2015-06-17 11:32:22 -05:00
4d25121206
Merge pull request #9769 from brendandburns/secure
...
Revert the revert of https://github.com/GoogleCloudPlatform/kubernetes/pull/9761
2015-06-16 14:21:54 -07:00
c4d040c720
Merge pull request #9745 from justinsb/aws_manage_route_table
...
AWS: Create our own route table & tag it for management
2015-06-15 15:18:39 -07:00
f033349bea
Merge pull request #9746 from justinsb/aws_faster_tagging
...
AWS: delay less when creating tags
2015-06-15 13:34:44 -07:00
51b20b35e2
Revert "Revert "Optionalize (default false) --insecure-registry.""
...
This reverts commit 1645c9a9b8
2015-06-12 21:00:16 -07:00
1645c9a9b8
Revert "Optionalize (default false) --insecure-registry."
2015-06-12 17:50:38 -07:00
a6bed65f06
Merge pull request #9685 from brendandburns/secure
...
Optionalize (default false) --insecure-registry.
2015-06-12 17:06:32 -07:00
6839ae9a44
AWS: delay less when creating tags
...
This is important because tag creation isn't atomic, and we want to minimize
the window in which we can leave 'dangling' resources around.
2015-06-12 18:32:55 -04:00
1f04284508
AWS: Create our own route table & tag it for management
2015-06-12 18:32:10 -04:00
7760d079ae
Update SSH User For Master SSH Check
2015-06-12 15:38:48 -05:00
d82bfffe9d
Use RSA to Generate Fingerprint
2015-06-12 15:29:37 -05:00
675d8378f2
Optionalize (default false) --insecure-registry.
2015-06-11 16:33:14 -07:00
82aa8f9984
Merge pull request #9371 from justinsb/aws_support_wheezy
...
AWS: Support wheezy, for parity with GCE
2015-06-11 15:08:32 -07:00
064e7146e1
Merge pull request #9481 from justinsb/aws_fix_push
...
AWS: Include (idempotent) ensure-temp-dir in upload-server-tars
2015-06-11 11:24:18 -07:00
4db5b6f465
AWS: Don't change the default OS
...
It may be that we should change the default, but that is a big move,
late in the day, and it warrants its own discussion.
2015-06-11 13:02:33 -04:00
8aae864784
AWS: Support wheezy, for parity with GCE
2015-06-09 23:45:41 -04:00
fba6462c0b
Merge pull request #9377 from justinsb/aws_persistent_mounts
...
AWS: add mounts to fstab
2015-06-09 12:57:43 -07:00
82f922b61d
Merge pull request #9378 from justinsb/aws_no_thin_on_wheezy
...
AWS: Disable thin LVM provisioning on wheezy
2015-06-09 10:01:04 -07:00
e19e4bcd12
Merge pull request #9365 from justinsb/fix_9246
...
AWS: Only log "Starting cluster using os distro..." in kube-up
2015-06-09 09:51:22 -07:00
37ed34261e
Merge pull request #9364 from justinsb/fix_aws_local_not_in_function
...
AWS: Fix script issue where local used outside of function
2015-06-09 09:50:43 -07:00
d92863523f
AWS: Include (idempotent) ensure-temp-dir in upload-server-tars
...
This way we won't forget it. Fixes kube-push, where I forgot it.
2015-06-09 11:10:15 -04:00
e14d9038fe
Merge pull request #9367 from justinsb/aws_ssh_check
...
AWS: Check for SSH connectivity & better logging on failure
2015-06-08 16:48:04 -07:00
d955e532f9
AWS: Add mounts to fstab, to survive reboot
2015-06-08 18:07:22 -04:00
f6440247ca
AWS: Don't thin provision LVM volume on wheezy
...
Thin provisioning isn't supported (unless you backport from jessie).
Just use normal LVM volumes with aufs.
2015-06-08 18:06:24 -04:00
1c229e5284
Removed extra blank line in aws util.sh
2015-06-08 16:59:03 -04:00
2619b6198a
AWS: Mount ephemeral devices, even if not specified in the AMI
...
We mount up to 4; this covers almost all instance types.
2015-06-08 16:59:03 -04:00
72496e7368
AWS: Check for SSH connectivity & better logging on failure
2015-06-06 14:27:41 -04:00
a9e1e1033b
AWS: Only log "Starting cluster using os distro..." in kube-up
...
Fixes #9246
2015-06-06 12:48:49 -04:00
24de0b4598
AWS: Fix script issue where local used outside of function
2015-06-06 12:19:30 -04:00
112a013567
AWS: Support different docker storage mechanism by setting DOCKER_STORAGE
...
For parity with GCE, we really want to support aufs.
But we previously supported btrfs, so we want to expose that.
Most of the work here is required for aufs, and we let advanced users choose
devicemapper/btrfs if they have a setup that works for those configurations.
2015-06-06 12:13:51 -04:00
48e8a8b0ec
AWS: Set up security groups, to mirror GCE firewalling
...
Some slightly fussy code to enable load-balancers to talk to
instances, but otherwise relatively simple.
2015-06-05 16:10:08 -04:00
33a3d884f2
AWS: Filter by Cluster tag, rationalize EC2 abstraction
...
Whenever we do a list we now filter on tags so we only see resources relating
to our cluster.
Also, rationalize all the DescribeX calls:
* They all take a request object (so that we can pass filters)
* They do paging if that is required (and return the underlying resources)
* They wrap any error with a "error while listing X: %v" message
2015-06-05 16:09:01 -04:00
710df2b619
Merge pull request #9294 from justinsb/aws_ssh_key_fingerprint
...
AWS: Support multiple SSH keys (embed the hash in the name)
2015-06-05 09:37:31 -07:00
d8dc416b5b
AWS: Support multiple SSH keys (embed the hash in the name)
...
This should eliminate a nasty problem where the script doesn't cope well if
your keys don't match.
2015-06-04 21:40:57 -04:00
c92c63b3a9
AWS: Use s3 sync to optimize upload to s3 when nothing changed
2015-06-04 10:14:45 -04:00
2b4d37427e
Update Master IAM Policy to Include ELB
2015-06-03 12:20:19 -05:00
3c067b766a
Merge pull request #8996 from manolitto/aws_cluster_monitoring_fix
...
aws: fix cluster monitoring (new option "influxdb" instead of "true")
2015-06-01 13:43:43 -07:00
5b3e01d2fd
Merge pull request #8653 from matschaffer/s3-creation-wait
...
Check that s3 bucket has been created
2015-06-01 10:29:03 -07:00
8c8f8feb62
aws: fix cluster monitoring ("none" instead of "false")
2015-06-01 09:12:41 +02:00
c4a2631593
Mount logic breaks if /var/lib/kubelet is a symlink
...
Pass the correct kubelet root-dir on AWS
2015-05-29 20:13:09 -04:00
ff51f0b2e1
Merge pull request #8696 from derekwaynecarr/force_namespace_creation
...
Force explicit namespace provision, update e2e for failures
2015-05-29 09:28:47 -07:00
635b6bc097
aws: fix cluster monitoring (new option "influxdb" instead of "true")
2015-05-29 11:15:21 +02:00
ac3cc3c518
Rename PORTAL_NET all over
2015-05-28 16:10:44 -07:00
3e8b1d5e01
Update all salt providers to force explicit namespace creation; update e2e
2015-05-28 13:45:49 -04:00
e7ae425385
Colorize errors for consistency with other checks
2015-05-23 16:12:24 +09:00
26736e494c
Check that s3 bucket has been created
...
Fixes #8395
2015-05-22 14:12:36 +09:00
04c4d25065
Merge pull request #7905 from bakins/aws-coreos
...
AWS: use CoreOS for nodes
2015-05-21 09:05:56 -07:00
4ba22e713a
Merge pull request #8296 from jlowdermilk/gen-analytics
...
Add ga-beacon analytics to gendocs scripts
2015-05-18 08:40:02 -07:00
87dfddb259
AWS: Set MASTER_RESERVED_IP in config-default.sh
...
Otherwise jenkins fails
2015-05-16 20:32:23 -04:00
553f9f822b
Add ga-beacon analytics to gendocs scripts
...
hack/run-gendocs.sh puts ga-beacon analytics link into all md files,
hack/verify-gendocs.sh verifies presence of link.
2015-05-15 18:56:38 -07:00
ce4b54ec70
Merge pull request #8209 from krousey/v1beta1_cluster
...
Removing some v1beta1 uses in cluster/
2015-05-15 14:56:41 -07:00
98c457c397
Updating /cluster to use v1beta 3 specs, and change a lot of polling to
...
healthz instead of api endpoints.
2015-05-15 14:17:55 -07:00
9d6c032929
Merge pull request #7888 from madis/associate_aws_elastic_ip_with_master
...
Associate master instance with AWS Elastic IP
2015-05-14 13:18:19 -07:00
15643a2c72
Add 'auto' option for MASTER_RESERVED_IP. No ElasticIP allocation by default.
...
Default behaviour when setting up a cluster is using the Amazon-assigned public ip.
It will change between reboots. If MASTER_RESERVED_IP is set to 'auto', new Elastic
IP will be allocated & assigned to master. If MASTER_RESERVED_IP is set to an existing
Elastic IP, it will be used. When something fails, original Amazon-given IP will be used.
2015-05-14 08:33:07 +03:00
fac4350fa6
Initial addition of CoreOS as minion for AWS cluster
2015-05-13 16:39:22 -04:00
9454d58547
Merge pull request #8127 from liggitt/service_account_admission
...
Add ServiceAccount admission plugin
2015-05-13 14:03:11 -04:00
02f3a32196
Merge pull request #8131 from justinsb/aws_install_salt_gce_style
...
Install specific salt version on AWS, based on GCE
2015-05-13 06:55:32 -07:00
eb220f05a6
Properly get return value (considering errexit). Quote variables.
2015-05-13 10:45:51 +03:00
d4d02a9028
Optionally associate master instance with AWS Elastic IP
...
When MASTER_RESERVED_IP is set to elastic IP from AWS, then aws/util.sh will
associate it with master instance and assign it to KUBE_MASTER_IP. If no MASTER_RESERVED_IP
is set, new elastic ip will be requested from amazon. This allows cluster certificates to
be generated for an IP that doesn't change between stopping & starting cluster instances.
The requested elastic ip is not released when kube-down.sh is run. I think it is good
because user could have created DNS records and it would be bad if the IP was removed.
He can reuse it next time through MASTER_RESERVED_IP when setting up cluster again.
2015-05-13 10:45:51 +03:00
23b1a22203
AWS: Don't use policy-rc.d to prevent starting daemons until we're ready
...
It isn't required
2015-05-12 21:18:48 -04:00
7d620c20b9
Merge pull request #8105 from thockin/dns-domain
...
Rename default DNS domain to cluster.local
2015-05-12 17:18:45 -04:00
ffb0e7f9b8
Install specific salt version on AWS, based on GCE
...
The latest salt version breaks the container_bridge.py _state function
We can lock to the same version as GCE. This is not a full fix,
because we can't update to the latest salt without breaking GCE,
but this at least unbreaks and sync AWS with GCE.
This isn't a straight copy from GCE, because we still use
the salt master on AWS (for now)
Fixes #8114
2015-05-12 16:33:56 -04:00
e5d47081a2
Add ServiceAccount admission plugin
2015-05-12 15:19:05 -04:00
e83e49b076
rename default DNS domain to cluster.local
2015-05-11 23:00:43 -07:00
7e14a80f63
ServiceAccount admission plugin
2015-05-11 17:18:06 -04:00
3cf8d72d96
Copy some new properties from config-default => config.test
...
ENABLE_MINION_PUBLIC_IP was causing a failure because the variable wasn't declared.
ADMISSION_CONTROL should just be set the same for both test & default
2015-05-08 14:30:17 -07:00
c5c62f7d57
fixed second missing $ and added curly brackets
2015-05-08 17:18:52 +02:00
1119340260
fixed missing $
2015-05-08 16:58:49 +02:00
96d34c1106
AWS: added docs for KUBE_ENABLE_MINION_PUBLIC_IP option
2015-05-08 16:56:06 +02:00
205ed2bf6e
AWS: make it possible to disable minion public ip association
2015-05-08 00:09:47 +02:00
875e83a741
Revert "Revert "Security context - types, kubelet, admission""
2015-05-05 16:02:13 -07:00
f48904fd5e
Revert "Security context - types, kubelet, admission"
2015-05-05 15:20:39 -07:00
Justin Santa Barbara