cde68d294b
Do not create subject alt dns names for kubelet self signed certs
...
PR #10643 Started adding the dns names for the kubernetes master to self
sign certs which were created. The kubelet uses this same code, and thus
the kubelet cert started saying it was valid for these name as well.
While hardless, the kubelet cert shouldn't claim to be these things. So
make the caller explicitly list both their ip and dns subject alt names.
2015-07-04 23:01:01 -04:00
7a29af4d2c
Add Subject Alt Names to self signed apiserver certs
...
A cert from GCE shows:
- IP Address:23.236.49.122
- IP Address:10.0.0.1
- DNS:kubernetes,
- DNS:kubernetes.default
- DNS:kubernetes.default.svc
- DNS:kubernetes.default.svc.cluster.local
- DNS:e2e-test-zml-master
A similarly configured self signed cert shows:
- IP Address:23.236.49.122
- IP Address:10.0.0.1
- DNS:kubernetes
- DNS:kubernetes.default
- DNS:kubernetes.default.svc
So we are missing the fqdn kubernetes.default.svc.cluster.local. The
apiserver does not even know the fqdn! it's defined entirely by the
kubelet! We also do not have the cluster name certificate. This may be
--cluster-name= argument to the apiserver but will take a bit more
research.
2015-07-01 17:05:17 -04:00
e991a1543f
Use blank default for old-etcd-prefix
2015-06-26 18:19:40 -07:00
91589143a3
Merge pull request #10370 from mikedanese/no-more-machines
...
remove --machines and related deprecated flags from code and docs
2015-06-26 10:54:01 -07:00
e5f44535a9
Merge pull request #10362 from bprashanth/latency_integration
...
Scrape latency stats from integration tests
2015-06-26 10:52:01 -07:00
0048eae8eb
Merge pull request #9965 from stevekuznetsov/skuznets/allow-https
...
Allowing for HTTPS Probes
2015-06-26 10:43:37 -07:00
1e130e0794
remove --machines from code and docs
2015-06-25 18:29:11 -07:00
3008ff6150
Changed HTTPGetAction to allow user-defined schemes
2015-06-25 16:59:12 -04:00
cca4b720e5
Scrape latency stats from integration tests
2015-06-25 12:01:31 -07:00
fbd03e5b90
fix variable shadowing bug where provided RootCA would always be a nil byte slice
2015-06-25 11:40:48 -07:00
655179dcfb
Merge pull request #10264 from mikedanese/ca-token
...
add ca cert to token controller and all service accounts
2015-06-25 09:56:35 -07:00
56bde3342a
add ca to token controller and all service accounts
2015-06-24 15:10:20 -07:00
6ddfa512de
Revert "Revert "Fix the race between configuring cbr0 and restarting static pods""
...
This reverts commit fd0a95dd12
2015-06-24 11:10:10 -07:00
fd0a95dd12
Revert "Fix the race between configuring cbr0 and restarting static pods"
2015-06-24 09:56:49 +02:00
192ffdfb25
Fix the container bridge so that it can create cbr0
...
Fix the kubelet so that it tries to sync status, even if Docker is down
2015-06-22 23:18:01 -07:00
9ed9bd1c4f
Add a generation number to the object meta of all objects, and status of rcs
2015-06-19 14:32:08 -07:00
8217495ee3
Kubelet event logging is classified as V(3)
...
Important, but not strictly required for normal operation V(2)
2015-06-18 19:21:14 -04:00
59876df736
Merge pull request #9927 from liggitt/fix_ecdsa_key
...
Re-enable ECDSA private server key use
2015-06-18 14:30:27 -07:00
df87470ecf
Allow cloud providers to return a node identifier different from the hostname
2015-06-18 12:40:05 -07:00
dee8d4b90b
For kubelet, differentiate between the nodeName and the hostname
...
This will allow us to use a nodeName that is not the hostname,
for example on clouds where the hostname is not the natural identifier
for a node.
2015-06-18 12:40:01 -07:00
e4f5529a2d
Revert "Allow nodename to be != hostname, use AWS instance ID on AWS"
2015-06-18 11:27:55 -07:00
efaead81dc
Allow cloud providers to return a node identifier different from the hostname
2015-06-17 00:40:43 -04:00
c28cdfbd43
For kubelet, differentiate between the nodeName and the hostname
...
This will allow us to use a nodeName that is not the hostname,
for example on clouds where the hostname is not the natural identifier
for a node.
2015-06-17 00:40:43 -04:00
64d61185eb
Re-enable ECDSA private server key use
2015-06-16 23:03:29 -04:00
30180dbcc2
Merge pull request #9882 from mikedanese/fix-regexp
...
fix longRunningRequestRE to something that doesn't match pretty much all requests
2015-06-16 18:55:40 -07:00
677855f1a9
fix longRunningRequestRE to something that doesn'tt push -f orig match pretty much all requests.
2015-06-16 13:48:10 -07:00
34e443a1aa
update the api conversion tool to v1
2015-06-15 17:30:05 -07:00
18a3932585
Merge pull request #9265 from mesosphere/upstream-k8sm-cm-and-km
...
Upstream Kubernetes Mesos controller manager and km binary
2015-06-15 09:28:12 -07:00
5896ac9e07
skip GetHostIP call on standalone mode kubelet to fix spammy log statement
2015-06-12 11:37:53 -07:00
022ff5196d
fix broken file refs
2015-06-12 14:03:01 +00:00
1820114a2d
Upstream controller manager and km binary
...
Closes mesosphere/kubernetes-mesos#310
Depends on GoogleCloudPlatform/kubernetes#8882
- fix https://github.com/mesosphere/kubernetes-mesos/issues/336
- Fix comment typo
- Fixes https://github.com/GoogleCloudPlatform/kubernetes/pull/9265#commitcomment-11559038
- Add warning to k8s modules to also update mesos copies
- Fixes https://github.com/GoogleCloudPlatform/kubernetes/pull/9265#commitcomment-11558864
- Fixes https://github.com/GoogleCloudPlatform/kubernetes/pull/9265#commitcomment-11558855
- Add comments and TODO that hypercube and controllermanager need refactoring
2015-06-12 14:03:00 +00:00
52db576617
Merge pull request #8882 from mesosphere/upstream_k8sm
...
Upstream Kubernetes-Mesos framework
2015-06-12 06:36:20 -07:00
0f4f2eb05a
Merge pull request #9617 from davidopp/master
...
Add a warning that setting --port flag to Kubelet breaks "kubectl log…
2015-06-11 10:18:41 -07:00
b83a32955b
Add a warning that setting --port flag to Kubelet breaks "kubectl logs." Temporary
...
fix for #9325 .
2015-06-10 17:24:49 -07:00
7d66559725
added comments at the top of native k8s files which, if changed, might affect some of the k8sm code
2015-06-10 20:31:22 +00:00
0fbd4900d1
Merge pull request #9423 from mesosphere/create-api-server-client
...
refactor createAPIServerClient for easier integration with 3rd party …
2015-06-10 12:54:17 -07:00
f54eeeb8d6
refactor createAPIServerClient for easier integration with 3rd party kubelet extensions, e.g. kubernetes-mesos
2015-06-10 02:13:58 +00:00
f62a2a1bb6
Merge pull request #9451 from cjcullen/mig
...
Use Node IP Address instead of Node.Name in minion.ResourceLocation.
2015-06-09 15:52:12 -07:00
2d85e4a094
Use Node IP Address instead of Node.Name in minion.ResourceLocation.
...
Refactor GetNodeHostIP into pkg/util/node (instead of pkg/util to break import cycle).
Include internalIP in gce NodeAddresses.
2015-06-08 16:58:00 -07:00
6f3879e3bb
Actually pass down ServiceNodePortRange so it is used
...
Also fix default range to match what we've documented (off-by-one)
Fix #9318
2015-06-08 18:03:42 -04:00
5aa0219ada
Merge pull request #9292 from cjcullen/test_pull_8946
...
Add an ssh tunnel option to the /proxy endpoint
2015-06-08 14:30:12 -07:00
a7edbedcb9
Merge pull request #9262 from bprashanth/minion_proxy
...
Apiserver can proxy to nodes
2015-06-08 10:17:06 -07:00
cb317604ab
Some refactoring. Only selectively use ssh proxy.
...
Add NetworkName to gce.Config.
Add locking to uses of master.tunnels.
2015-06-05 14:55:16 -07:00
5115fd5703
Add key generation.
2015-06-05 14:55:15 -07:00
30a89968a4
Initial proxy tunnelling.
2015-06-05 14:54:20 -07:00
50eb9ad598
Use https only for the kubelet port
2015-06-05 14:06:38 -07:00
cd3eea43db
Merge pull request #9315 from jdef/refactor_kubelet_tls_init
...
refactor tls init for reuse
2015-06-05 12:57:14 -07:00
8b01ecb53a
Merge pull request #9024 from markturansky/recyc_controllers
...
PersistentVolumeRecycler controller
2015-06-05 11:39:08 -07:00
b3c8f71aca
refactor tls init for reuse
2015-06-05 11:45:40 +00:00
deec5f26cd
Recycler controller
2015-06-04 15:47:36 -04:00
Eric Paris