github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
10,532 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

281 Commits (7e8bde53dd8981de7e209e54fbc76e5832f04e0e)

Author SHA1 Message Date
Jerzy Szczepkowski 58962100db Merge pull request #7827 from zmerlynn/safe_format_cleanup 
Clean up safe_format_and_mount spam in the startup logs
 2015-05-06 10:50:32 +02:00
Robert Bailey 06c2f4e3d5 Merge pull request #7799 from cjcullen/test_pull_5246 
Fix sync problems in #5246
 2015-05-05 22:31:10 -07:00
Zach Loafman 399f7dee43 Clean up safe_format_and_mount spam in the startup logs 
Totally minor cleanup, but I'm tired of seeing it's spam in the
startup logs.
 2015-05-05 21:23:57 -07:00
Jerzy Szczepkowski e967ffd522 Added flag to set cluster class B network address for pods, add flag to disable allocation CIDRs for Pods. Fixed synchornization bug in NodeController registerNodes(). 2015-05-05 16:10:43 -07:00
Tomek Kulczynski 290c7b94ef Make nodecontroller configure nodes' pod IP ranges 2015-05-05 16:10:42 -07:00
Zach Loafman 875e83a741 Revert "Revert "Security context - types, kubelet, admission"" 2015-05-05 16:02:13 -07:00
Zach Loafman f48904fd5e Revert "Security context - types, kubelet, admission" 2015-05-05 15:20:39 -07:00
Paul Weil 982bf19c20 security context initial implementation - squash 2015-05-05 13:46:13 -04:00
Robert Bailey 9718d667a7 Merge pull request #7744 from zmerlynn/allow_builtin_salt 
Skip SaltStack install if it's already installed
 2015-05-04 16:32:56 -07:00
Zach Loafman dd7f3f7df7 Skip SaltStack install if it's already installed 
Next ContainerVM image will have SaltStack in it. Also be a little
less persnickety if it's found running. This isn't the case, but we
don't have to be aggressive.
 2015-05-04 16:12:53 -07:00
Yu-Ju Hong 5270ce6d28 Merge pull request #7671 from vmarmol/fix-metadata 
Make rkt-install a oneshot.
 2015-05-04 10:50:36 -07:00
Yu-Ju Hong c3ba88296b Merge pull request #7665 from vmarmol/cluster-rkt 
Provide container_runtime flag to Kubelet in CoreOS.
 2015-05-04 10:06:58 -07:00
Victor Marmol 9253249b19 Make rkt-install a oneshot. 
This will make our dependencies wait for us before they execute.
 2015-05-01 17:44:44 -07:00
Victor Marmol 727016dc30 Provide container_runtime flag to Kubelet in CoreOS. 2015-05-01 17:02:33 -07:00
Eric Paris 6b3a6e6b98 Make copyright ownership statement generic 
Instead of saying "Google Inc." (which is not always correct) say "The
Kubernetes Authors", which is generic.
 2015-05-01 17:49:56 -04:00
Brian Akins b311a12d90 Use the variable as this changes based on environment. 2015-04-30 12:40:09 -04:00
Yifan Gu 9ba1839f52 cluster/gce/coreos: Add metadata-service in node.yaml 2015-04-29 14:58:26 -07:00
Dawn Chen 876f8beec9 Remove unused node-name attribute 2015-04-28 16:13:26 -07:00
Dawn Chen 13a0b033e2 Bring up a cluster using coreos image for worker nodes. 2015-04-28 16:13:26 -07:00
Dawn Chen 5fa11322f8 Factory out debian e.g. ContainerVM image specific support to its own 
helper utility library.
 2015-04-28 16:07:57 -07:00
Dawn Chen 8963347b9e Introduce MASTER_IMAGE, MINION_IMAGE and OS_DISTRIBUTION to config-default 
for enable coreos and rocket support
 2015-04-28 15:31:09 -07:00
Robert Bailey 8206aa9eac Salt configuration to add basic auth to GCE. 2015-04-28 14:07:54 -07:00
Alex Robinson 566f0d4724 Fix GCE logging scope name. 2015-04-28 13:44:30 -07:00
Alex Robinson 5b5525dca5 Merge pull request #7324 from vishh/log_scope 
Enable logging.write scope for minions.
 2015-04-28 11:00:10 -07:00
Vishnu Kannan 9c66305f8c Enable logging.write scope by default for nodes. This is required for storing events in 
Google Cloud Logging via heapster.
 2015-04-28 10:55:06 -07:00
CJ Cullen 39c5bf363b Merge pull request #7303 from erictune/kube_env3 
kube-proxy uses token to access port 443 of apiserver
 2015-04-27 14:33:53 -07:00
Eric Tune 9044177bb6 Generate a token for kube-proxy. 
Tested on GCE.
Includes untested modifications for AWS and Vagrant.
No changes for any other distros.
Probably will work on other up-to-date providers
but beware.  Symptom would be that service proxying
stops working.

 1. Generates a token kube-proxy in AWS, GCE, and Vagrant setup scripts.
 1. Distributes the token via salt-overlay, and salt to /var/lib/kube-proxy/kubeconfig
 1. Changes kube-proxy args:
   - use the --kubeconfig argument
   - changes --master argument from http://MASTER:7080 to https://MASTER
     - http -> https
     - explicit port 7080 -> implied 443

Possible ways this might break other distros:

Mitigation: there is an default empty kubeconfig file.
If the distro does not populate the salt-overlay, then
it should get the empty, which parses to an empty
object, which, combined with the --master argument,
should still work.

Mitigation:
  - azure: Special case to use 7080 in
  - rackspace: way out of date, so don't care.
  - vsphere: way out of date, so don't care.
  - other distros: not using salt.
 2015-04-27 08:59:57 -07:00
Brian Grant 60d7bad147 Merge pull request #7128 from nikhiljindal/fixbeta1tests 
Removing more references to v1beta1 from pkg/
 2015-04-24 11:07:53 -07:00
Satnam Singh b6bee06c20 Merge pull request #7269 from zmerlynn/lose_one_sanity 
Remove buggy GCE post turn-up cluster validation code (rely on validate-cluster.sh)
 2015-04-24 10:56:20 -07:00
nikhiljindal dcc368c781 Removing more references to v1beta1 from pkg/ 2015-04-24 00:45:17 -07:00
Zach Loafman ad829dead7 Remove buggy GCE post turn-up cluster validation code (rely on validate-cluster.sh) 
Fixes #7266
 2015-04-23 16:28:44 -07:00
Eric Tune e8a83b23d1 Pass KUBELET_TOKEN in kube-env metadata. 
ensure-kube-token is not needed anymore because
the token passed in kube-env.

In the up case it is set, in the push case it is an empty string
but not used.

Allow unset KUBELET_TOKEN (for push case).

Fix comment.
 2015-04-23 15:21:27 -07:00
Wojciech Tyczynski cf824ae5e0 Merge pull request #7164 from fgrzadkowski/fix_wait_minion 
Wait for minion to start even if gcloud command fails.
 2015-04-23 08:21:19 +02:00
Robert Bailey 6951bb0bd5 Fix the restart-apiserver command for GCE/GKE. 2015-04-22 15:21:13 -07:00
Robert Bailey 4346c6ecae Swallow the output from the test ssh connections so that it 
doesn't interfere with string comparison.
 2015-04-22 14:19:15 -07:00
Robert Bailey dc45f7f9e6 Remove nginx and replace basic auth with bearer token auth for GCE. 
- Configure the apiserver to listen securely on 443 instead of 6443.
 - Configure the kubelet to connect to 443 instead of 6443.
 - Update documentation to refer to bearer tokens instead of basic auth.
 2015-04-22 11:11:20 -07:00
Zach Loafman 86468cd29d Revert "Added kube-proxy token." 2015-04-22 10:55:08 -07:00
Zach Loafman 0e3e502d52 Fix unbound variable after #7146 2015-04-22 10:19:53 -07:00
Zach Loafman 42e1710ccf Fix build after #7146 2015-04-22 10:11:19 -07:00
Zach Loafman c9988db0ee Merge pull request #7146 from brendandburns/get-k8s 
Extend the get-cluster.sh script to use sudo if necessary.
 2015-04-22 09:58:07 -07:00
Brendan Burns 42121d1809 Extend the get-cluster.sh script to use sudo if necessary. 2015-04-22 09:52:44 -07:00
Zach Loafman 854c20c5e2 Merge pull request #7113 from erictune/kube-proxy-token 
Added kube-proxy token.
 2015-04-22 09:16:04 -07:00
Filip Grzadkowski 780db9d794 Wait for minion to start even if gcloud command fails. 2015-04-22 16:37:22 +02:00
Brendan Burns 78dabbdb7f Fix the ssh-to-node to actually fail on failures. 2015-04-21 15:27:38 -07:00
Brendan Burns 71e6b05825 Fix kube-apiserver restart. 2015-04-21 15:11:00 -07:00
Brendan Burns 9d715226d6 Fix kube-apiserver restart. 2015-04-21 13:59:26 -07:00
Eric Tune 2ca8a9d15d Added kube-proxy token. 
Generates the new token on AWS, GCE, Vagrant.
Renames instance metadata from "kube-token" to "kubelet-token".
(Is this okay for GKE?)

Having separate tokens for kubelet and kube-proxy permits
using principle of least privilege, makes it easy to
rate limit the clients separately, allows annotation
of apiserver logs with the client identity at a finer grain
than just source-ip.
 2015-04-21 09:21:31 -07:00
Jeff Lowdermilk 196b3d066d Merge pull request #6919 from zmerlynn/sharded-e2e 
Add hack/parallel-e2e.sh to run hack/e2e.go on multiple clusters
 2015-04-20 11:34:18 -07:00
Zach Loafman 68c9191cfc Allow CLUSTER_IP_RANGE/MINION_IP_RANGE to be overridden by KUBE_GCE_CLUSTER_CLASS_B 2015-04-20 11:17:21 -07:00
Jeff Lowdermilk 4f6dc99075 Generate kubeconfig for all providers in cluster/ that use auth 2015-04-20 11:07:35 -07:00