github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
10,517 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

125 Commits (7adaaa4c6498a8a1ffde212c1bbf87394ae4e7a1)

Author SHA1 Message Date
Zach Loafman 875e83a741 Revert "Revert "Security context - types, kubelet, admission"" 2015-05-05 16:02:13 -07:00
Zach Loafman f48904fd5e Revert "Security context - types, kubelet, admission" 2015-05-05 15:20:39 -07:00
Paul Weil 982bf19c20 security context initial implementation - squash 2015-05-05 13:46:13 -04:00
Robert Bailey c6d4c24f37 Merge pull request #7736 from justinsb/aws_fix_known_tokens_file 
AWS: Fix variable naming that meant not all tokens were written
 2015-05-04 14:34:11 -07:00
Justin Santa Barbara 96f0a39172 AWS: Fix variable naming that meant not all tokens were written 
To resolve the inconsistency, chose to go closer to GCE
 2015-05-04 17:28:24 -04:00
Justin Santa Barbara 57f7b658bb AWS: Change apiserver to listen on 443 directly, not through nginx 
Mirrors changes in GCE.  I think the same changes will be needed for vagrant.
 2015-05-02 16:59:04 -04:00
Eric Paris 6b3a6e6b98 Make copyright ownership statement generic 
Instead of saying "Google Inc." (which is not always correct) say "The
Kubernetes Authors", which is generic.
 2015-05-01 17:49:56 -04:00
Jan Safranek 6e810492fb Fixed name of kube-proxy path in deployment scripts. 2015-04-28 10:10:37 +02:00
CJ Cullen 39c5bf363b Merge pull request #7303 from erictune/kube_env3 
kube-proxy uses token to access port 443 of apiserver
 2015-04-27 14:33:53 -07:00
Brendan Burns 637cd57a25 Merge pull request #6606 from gust1n/aws-existing-vpc 
AWS: Improving getting existing VPC and subnet
 2015-04-27 11:11:25 -07:00
Zach Loafman 5ccfc0a225 Merge pull request #6006 from justinsb/aws_multiple_clusters 
First step to supporting multiple k8s clusters
 2015-04-27 10:11:03 -07:00
Eric Tune 9044177bb6 Generate a token for kube-proxy. 
Tested on GCE.
Includes untested modifications for AWS and Vagrant.
No changes for any other distros.
Probably will work on other up-to-date providers
but beware.  Symptom would be that service proxying
stops working.

 1. Generates a token kube-proxy in AWS, GCE, and Vagrant setup scripts.
 1. Distributes the token via salt-overlay, and salt to /var/lib/kube-proxy/kubeconfig
 1. Changes kube-proxy args:
   - use the --kubeconfig argument
   - changes --master argument from http://MASTER:7080 to https://MASTER
     - http -> https
     - explicit port 7080 -> implied 443

Possible ways this might break other distros:

Mitigation: there is an default empty kubeconfig file.
If the distro does not populate the salt-overlay, then
it should get the empty, which parses to an empty
object, which, combined with the --master argument,
should still work.

Mitigation:
  - azure: Special case to use 7080 in
  - rackspace: way out of date, so don't care.
  - vsphere: way out of date, so don't care.
  - other distros: not using salt.
 2015-04-27 08:59:57 -07:00
Joakim Gustin 645d6d1f26 Use existing subnet when launching AWS cluster in existing VPC 2015-04-23 11:01:17 +02:00
Justin Santa Barbara 9253ae6dca AWS: Fix some bash style problems: variable quoting & locals 2015-04-22 18:30:09 -07:00
CJ Cullen 924015dc94 Merge pull request #7182 from justinsb/aws_fix_hostname 
AWS: Set hostname_override for minions, back to fully-qualified name
 2015-04-22 14:13:53 -07:00
Justin Santa Barbara 4120849cc4 AWS: Set hostname_override for minions, back to fully-qualified name 
This is a stop-gap fix; we'd really like to use EC2 instance ids, but that is
blocked by #7092 or changing that health-check to not assume that the node name
is resolvable.

This stop-gap essentially reverts #7072 for AWS
 2015-04-22 11:28:53 -07:00
Zach Loafman 86468cd29d Revert "Added kube-proxy token." 2015-04-22 10:55:08 -07:00
Zach Loafman b98f93bb4b Merge pull request #7112 from erictune/kubeconfig-secrets 
Extend PR#5470 for AWS and Vagrant
 2015-04-22 09:25:53 -07:00
Eric Tune 2ca8a9d15d Added kube-proxy token. 
Generates the new token on AWS, GCE, Vagrant.
Renames instance metadata from "kube-token" to "kubelet-token".
(Is this okay for GKE?)

Having separate tokens for kubelet and kube-proxy permits
using principle of least privilege, makes it easy to
rate limit the clients separately, allows annotation
of apiserver logs with the client identity at a finer grain
than just source-ip.
 2015-04-21 09:21:31 -07:00
Eric Tune 7475efbcfb Extend PR#5470 for AWS and Vagrant 2015-04-21 08:22:31 -07:00
Justin Santa Barbara 45b658ea7c AWS: don't try to create undefined config_dir 2015-04-20 19:14:16 -07:00
Robert Bailey 82190a58b1 Merge pull request #7026 from justinsb/aws_use_ssl_for_salt 
AWS: master should download salt using SSL
 2015-04-20 11:58:47 -07:00
Jeff Lowdermilk 3787fc5eca set KUBECONFIG in common.sh, default to new location 
and preserve value in ginkgo e2e test driver
 2015-04-20 11:07:35 -07:00
Jeff Lowdermilk 4f6dc99075 Generate kubeconfig for all providers in cluster/ that use auth 2015-04-20 11:07:35 -07:00
Justin Santa Barbara 7d3fe2154e AWS: master should download salt using SSL 
The minion already does, but the master was using plain http.
 2015-04-18 12:38:52 -07:00
Justin Santa Barbara b2bce12b6c AWS: Move /var/lib/kubelet to /mnt 
The backing for empty-dir volumes otherwise consumes all our disk space
 2015-04-17 06:46:08 -07:00
Justin Santa Barbara 72687184b9 Don't always use aws.conf 
We don't usually need it, and it makes it harder to put apiserver into a container.
 2015-04-14 09:30:00 -07:00
Justin Santa Barbara 034412aff1 Support multiple k8s clusters 2015-04-10 13:25:43 -07:00
Justin Santa Barbara 49543aca61 Update IAM permissions for minion, to allow EBS 2015-04-10 13:25:42 -07:00
Jeff Lowdermilk ca6f1a1bc7 Merge pull request #6476 from deads2k/deads-fix-kubeconfig-serialization 
fix kubeconfig serialization
 2015-04-09 09:41:26 -07:00
Justin Santa Barbara 2426366ec8 Update cAdvisor with moved docker root on AWS 
We set up a symlink now, and we also pass docker_root into the kubelet.

The symlink is probably sufficient, but doing both feels safer.
 2015-04-07 10:40:22 -07:00
deads2k 609208b8b5 update scripts with correct templates 2015-04-07 08:07:24 -04:00
Justin Santa Barbara 5d7f86b041 More options documentation 2015-04-03 13:44:06 -07:00
Justin Santa Barbara 2fb573c482 Create instances in the specified AZ 2015-04-03 08:04:53 -07:00
Zach Loafman fc8ba8d77b Merge pull request #6011 from justinsb/aws_specify_zone 
Fix AWS region vs zone
 2015-03-31 12:26:05 -07:00
Justin Santa Barbara edbebd653c Fix S3 location handling for US classic 2015-03-31 05:42:10 -07:00
Justin Santa Barbara 07ffc26a61 Fix typo in docs 2015-03-30 06:01:00 -07:00
Justin Santa Barbara 194143e61b Use the correct region for the S3 bucket 
We may not have created the bucket!
 2015-03-27 12:58:47 -07:00
Justin Santa Barbara 7179f5f004 Change AWS_ZONE to ZONE, for compatibility with e2e tests 2015-03-27 08:53:45 -07:00
Justin Santa Barbara 583892da2d Fix AWS region vs zone 
We were specifying a region, but naming it as a zone in util.sh

The zone matters just as much as the region, e.g. for EBS volumes.

We also change the config to require a Zone, not a Region.
But we fallback to get the information from the metadata service.
 2015-03-26 15:11:05 -07:00
Zach Loafman e5914915b8 Merge pull request #6003 from justinsb/aws_wait_for_instance 
Wait for master to be started on AWS
 2015-03-26 14:06:25 -07:00
Justin Santa Barbara f256d3b77a Wait for ELBs to be deleted 2015-03-26 13:50:35 -07:00
Justin Santa Barbara 53bdbec64e Launch minions in parallel 2015-03-26 10:58:18 -07:00
Justin Santa Barbara 9556318c58 Wait for master instance running before adding route 2015-03-26 10:23:25 -07:00
Saad Ali f3ebe30605 Merge pull request #5940 from justinsb/fix_bash_style 
Fix bash style issues in AWS script
 2015-03-25 14:40:42 -07:00
Justin Santa Barbara 06704bb94f Security group should be scoped to our vpc 
Note that security group names only need to be unique with a VPC as well,
which is handy here.
 2015-03-25 12:53:12 -07:00
Justin Santa Barbara ac12665f48 Quote AWS_SSH_KEY 2015-03-25 12:41:02 -07:00
Justin Santa Barbara 80ba56a371 Fix variable dollar-char errors 2015-03-25 12:36:52 -07:00
Justin Santa Barbara 505488269c Use double-square brackets in if tests 2015-03-25 12:36:20 -07:00
Alex Robinson c22d4c6b3f Merge pull request #5916 from justinsb/aws_cleanup_loadbalancers 
Remove load balancers as part of kube-down.sh
 2015-03-25 10:32:14 -07:00