github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
17,365 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

154 Commits (9a5f43e16d5e43e732e513c2120ebb8db469e158)

Author SHA1 Message Date
Clayton Coleman d8bb4552de Cloud provider should return an error 
Not fatal - makes cloud provider useful in methods that
can return error.
 2015-07-01 14:41:49 -04:00
Aaron Levy e991a1543f Use blank default for old-etcd-prefix 2015-06-26 18:19:40 -07:00
Jordan Liggitt 64d61185eb Re-enable ECDSA private server key use 2015-06-16 23:03:29 -04:00
Mike Danese 677855f1a9 fix longRunningRequestRE to something that doesn'tt push -f orig match pretty much all requests. 2015-06-16 13:48:10 -07:00
Justin Santa Barbara 6f3879e3bb Actually pass down ServiceNodePortRange so it is used 
Also fix default range to match what we've documented (off-by-one)

Fix #9318
 2015-06-08 18:03:42 -04:00
krousey 5aa0219ada Merge pull request #9292 from cjcullen/test_pull_8946 
Add an ssh tunnel option to the /proxy endpoint
 2015-06-08 14:30:12 -07:00
CJ Cullen cb317604ab Some refactoring. Only selectively use ssh proxy. 
Add NetworkName to gce.Config.
Add locking to uses of master.tunnels.
 2015-06-05 14:55:16 -07:00
Brendan Burns 5115fd5703 Add key generation. 2015-06-05 14:55:15 -07:00
Brendan Burns 30a89968a4 Initial proxy tunnelling. 2015-06-05 14:54:20 -07:00
Prashanth Balasubramanian 50eb9ad598 Use https only for the kubelet port 2015-06-05 14:06:38 -07:00
Chao Xu ef61b031f5 make v1 enabled by default 2015-06-04 11:37:44 -07:00
Daniel Smith 1690617ee6 remove ro service 2015-06-03 16:45:54 -07:00
Prashanth Balasubramanian 0162529ea5 Default minRequestTimeout to 1800s 2015-06-03 08:47:45 -07:00
Prashanth Balasubramanian 448867073d Pipe minRequestTimeout as an arg to the apiserver 2015-06-03 08:44:14 -07:00
CJ Cullen 934c553c04 Clarify description/usage of --advertise-address, Master.PublicAddress 2015-06-02 15:23:32 -07:00
CJ Cullen 085a48a70e Add an advertise-address flag. This allows the address that the apiserver binds 
to (possibly 0.0.0.0) to be different than the address on which members of the cluster
can reach the apiserver (possibly not a local interface).
 2015-06-02 14:33:15 -07:00
Eric Tune 3db1f69eea Merge pull request #8764 from eparis/sd_notify 
API server explicitly notify systemd of successful startup
 2015-06-01 10:28:49 -07:00
Kris f4e2c738f6 Delete deprecated API versions 
pkg/service:

There were a couple of references here just as a reminder to change the
behavior of findPort. As of v1beta3, TargetPort was always defaulted, so
we could remove findDefaultPort and related tests.

pkg/apiserver:

The tests were using versioned API codecs for some of their encoding
tests. Necessary API types had to be written and registered with the
fake versioned codecs.

pkg/kubectl:

Some tests were converted to current versions where it made sense.
 2015-05-29 17:17:35 -07:00
Tim Hockin 3005471100 Add new apiserver flags for clusterIP (nee portal) 
Leave old flags but marked as deprecated
 2015-05-28 16:10:44 -07:00
Tim Hockin 4318ca5a8b Rename 'portal IP' to 'cluster IP' most everywhere 
This covers obvious transforms, but not --portal_net, $PORTAL_NET and
similar.
 2015-05-28 16:10:44 -07:00
Eric Paris 9d304774d4 report glog error if unable to tell systemd things worked 2015-05-28 16:01:27 -04:00
Eric Paris 28ac1b3395 API server explicitly notify systemd of successful startup 
Use the systemd $NOTIFY_SOCKET convention for kube-apiserver
startup. This allows it to be part of dependency trees and for
consumers to wait until it is listening on its ports.

The $NOTIFY_SOCKET protocol is described here:

http://www.freedesktop.org/software/systemd/man/sd_notify.html

Currently this is limited to the kube-apiserver process. Other
kube processes are internal kubernetes moving points. The API
server is the entry point relied on by callers.

100% stolen from Stef Walter from:
https://github.com/GoogleCloudPlatform/kubernetes/pull/8316
 2015-05-28 15:59:26 -04:00
Justin Santa Barbara 3bb2fe2425 Create port allocator, based on IP allocator mechanism 
Including some refactoring of IP allocator
 2015-05-22 19:14:28 -04:00
Prashanth Balasubramanian 8a5445d3db Randomize apiserver watch timeouts 2015-05-21 20:52:33 -07:00
Cesar Wong e95d9c416d Admission control to prevent exec on privileged pods 2015-05-21 13:56:51 -04:00
Jordan Liggitt d90e7409e4 Prevent auth recursion for service account tokens 2015-05-16 23:39:07 -04:00
nikhiljindal fa9f864782 Adding a script to update etcd objects 2015-05-15 16:20:35 -07:00
David Oppenheimer 7a21d7ab1f Merge pull request #8053 from jdef/upstream_mesos_cloud 
integrate mesos cloud provider with k8s proper
 2015-05-14 13:57:39 -07:00
Nikhil Jindal d75bd8bf2a Merge pull request #7101 from liggitt/service_account 
ServiceAccounts
 2015-05-12 10:23:41 -07:00
James DeFelice 652c14d8d7 integrate mesos cloud provider into kube apps 2015-05-12 16:02:38 +00:00
Brendan Burns d8f48290e9 Add a flag to disable legacy APIs 2015-05-11 16:09:25 -07:00
Jordan Liggitt 7e14a80f63 ServiceAccount admission plugin 2015-05-11 17:18:06 -04:00
Jordan Liggitt db1f0dc906 JWT token generation/verification 2015-05-11 17:18:06 -04:00
Clayton Coleman e200d5a317 Make PortalIP alloc HA 
* Add an allocator which saves state in etcd
* Perform PortalIP allocation check on startup and periodically afterwards

Also expose methods in master for downstream components to handle IP allocation
/ master registration themselves.
 2015-05-08 13:34:16 -04:00
Brendan Burns 5461231c1c Merge pull request #7567 from endocode/kbeecher/wip_etcd_migrate_keys 
WIP: Add startup code to apiserver to migrate etcd keys
 2015-05-07 10:05:41 -07:00
Zach Loafman 875e83a741 Revert "Revert "Security context - types, kubelet, admission"" 2015-05-05 16:02:13 -07:00
Zach Loafman f48904fd5e Revert "Security context - types, kubelet, admission" 2015-05-05 15:20:39 -07:00
Paul Weil 982bf19c20 security context initial implementation - squash 2015-05-05 13:46:13 -04:00
Karl Beecher 0473f652fd Add startup code to apiserver to migrate etcd keys 
Refs: #3476
 2015-05-05 12:28:14 +02:00
Eric Paris 6b3a6e6b98 Make copyright ownership statement generic 
Instead of saying "Google Inc." (which is not always correct) say "The
Kubernetes Authors", which is generic.
 2015-05-01 17:49:56 -04:00
Brian Grant a4316aa638 Merge pull request #7454 from nikhiljindal/v1 
Cloning v1beta3 as v1 and exposing it in the apiserver
 2015-04-28 18:06:57 -07:00
nikhiljindal c4d7e19c8c Cloning v1beta3 as v1 and exposing it in the apiserver 2015-04-28 16:06:03 -07:00
Brendan Burns c9f4d8e57e Merge pull request #7425 from roberthbailey/basic-auth-headers 
Set the 'WWW-Authenticate' header on 401 responses when basic auth is enabled
 2015-04-28 11:10:05 -07:00
Daniel Smith 19ae113fe0 Merge pull request #7353 from wojtek-t/too_many_dials 
Increase maxIdleConnection limit when creating etcd client in apiserver.
 2015-04-28 11:03:12 -07:00
Robert Bailey 4304b1d24a Set the 'WWW-Authenticate' header on 401 responses when basic 
auth is enabled. This is required for basic auth to work with
web browsers.
 2015-04-28 11:00:05 -07:00
Robert Bailey 6d85dcb4a0 Add support for HTTP basic auth to the kube-apiserver. 2015-04-28 10:33:51 -07:00
Wojciech Tyczynski 07400f9d2b Increase maxIdleConnection limit in etcd client. 2015-04-28 09:50:56 +02:00
Tim Hockin a3d45fada8 Change flags to use dashes in help 2015-04-27 15:11:03 -07:00
Karl Beecher a7623ca6cc Adds ability to define a prefix for etcd paths 
The API server can be supplied (via a command line flag) with a custom
prefix that is prepended to etcd resources paths.

Refs: #3476
 2015-04-24 12:12:39 +02:00
Kenjiro Nakayama c7d3a72c6a Fix gofmt complaint 2015-04-21 09:36:41 +09:00
Kenjiro Nakayama 5e2e59e728 Add more help description to cert_dir flag 2015-04-20 00:35:56 +09:00
Kenjiro Nakayama 51d0443dde Add cert_dir option to kube-apiserver 2015-04-19 17:40:08 +09:00
Alex Robinson 2b14fc1d14 Remove the cloud provider field from the services REST handler and the master 
now that load balancers are handled by the ServiceController.
 2015-04-14 18:56:47 +00:00
Eric Paris 036937227f Use Fprintf to print formatted strings 
Shouldn't be using Fprint() with a format string.
 2015-04-14 10:51:57 -04:00
Eric Paris 8e7d14196f Fix printing errors from failed binary runs 
I had the kublet die on startup and the only error was "0x401da0"  Which
I assume is an address of the err.Error function.  The other way to fix
this, I think, would be to use err.Error(), however that could cause
fmt.Fprintf() problems, debuging on the error message people used.

Now I get a nice clean error I can understand:

"cAdvisor.New() err = mountpoint for cpu not found"
 2015-04-10 17:56:47 -04:00
Timothy St. Clair 2b60111fca Performance change to option enable client.QPS, client.Burst 
and change default on max_requests_inflight.
 2015-04-10 07:53:54 -05:00
Timothy St. Clair 9177baa64c Enable profiling by default re: #6623 2015-04-09 10:52:37 -05:00
Tim Hockin f2c8decffe Clarify network-related flags in the master 
Rename and rejigger flags to make it more obvious what is happening.  Change
the default listen from ChooseHostInterface() to 0.0.0.0.
 2015-04-07 15:55:51 -07:00
Eric Tune e49424785e Merge pull request #6380 from roberthbailey/kubelet-ssl 
Configure the kubelet to use HTTPS (take 2)
 2015-04-03 13:43:00 -07:00
Quinton Hoole 4a2000c4aa Merge pull request #6207 from brendandburns/server 
Add a limit to the number of in-flight requests that a server processes.
 2015-04-02 15:46:54 -07:00
Robert Bailey f15e34a1bf Revert "Merge pull request #6309 from GoogleCloudPlatform/revert-6243-kubelet-ssl" 
This reverts commit 96a0a0d618, reversing
changes made to 2af9b54147.
 2015-04-02 10:44:37 -07:00
Brendan Burns f327e97661 Add a limit to the number of in-flight requests that a server processes. 2015-04-01 15:06:15 -07:00
Robert Bailey 22d9c67cb7 Merge pull request #6190 from liggitt/client_cert_auth 
Add client cert authentication
 2015-04-01 14:11:29 -07:00
Robert Bailey 32a1c052dc Revert "Configure the kubelet to use HTTPS" 2015-04-01 13:59:31 -07:00
Jordan Liggitt c797a91e36 Add client cert authentication 2015-04-01 13:42:26 -04:00
Robert Bailey 58bc792e68 Configure the master to connect to the kubelet using HTTPS. 2015-04-01 09:09:29 -07:00
Brian Grant af858c99e2 Merge pull request #6098 from nikhiljindal/enableInMaster 
Enabling v1beta3 api version by default in master
 2015-03-31 15:31:18 -07:00
derekwaynecarr 9bd7f05ffc Remove ResourceDefaults plugin 2015-03-31 10:05:28 -04:00
nikhiljindal 478b7d5edf Repurposing enableV1beta3 to disableV1beta3 in master config to enable v1beta3 by default 2015-03-30 11:50:10 -07:00
Brian Grant 984bc8d5f6 Merge pull request #5635 from ravigadde/master 
Add timeout to kubelet client
 2015-03-26 14:55:24 -07:00
Brendan Burns 7c684e4331 Pipe through the ability to set the external hostname for swagger URLs. 2015-03-25 21:08:05 -07:00
Victor Marmol cf7e2756b5 Add HostNetworkSources capability to limit use of HostNetwork. 2015-03-25 11:23:06 -07:00
Filip Grzadkowski 74da3b14b0 Delete pod_cache and rely on updating pod status by kublet. 2015-03-25 15:08:09 +01:00
Ravi Gadde 5871e53060 Add timeout to kubelet client 2015-03-20 18:46:45 -07:00
derekwaynecarr 8aa807bc33 NamespaceLifecycle admission control plugin 2015-03-20 13:23:49 -04:00
nikhiljindal 7e36bbab3c Updating integration tests to test both API versions - v1beta1 and 3 2015-03-18 15:24:11 -07:00
Timothy St. Clair 7eebf674d4 Update to option enable profiling on the master daemon processes. 
--profiling=true , default is false
 2015-03-13 10:45:01 -05:00
saadali 7e258b85bd Reduce TTL for events in etcd from 48hrs to 1hr 2015-03-11 12:41:45 -07:00
Filip Grzadkowski 86b1c90097 Add flag to control probing pods statuses from kubelets. 2015-03-02 16:06:14 +01:00
Satnam Singh 19b927ea57 Name a cluster and use it to make forwarding rules for GCE 2015-02-23 17:04:33 -08:00
Tim Hockin cb09571768 keep hyperkube noise in one place 2015-02-20 08:49:12 -08:00
Tim Hockin 899d30f16a move pkg/master/server to cmd/kube-apiserver/app 2015-02-20 08:49:12 -08:00
Daniel Smith fcddefa184 Set GOMAXPROCS. Print errors on stderr. 2015-02-19 10:30:31 -08:00
Joe Beda 6bdede6925 Convert kube-apiserver to hyperkube. 
Part of #108.

Also:
* Added hyperkube cmd (not built by default yet).
* Added version support to hyperkube
* Remove health_check_minions flag from apiserver as it is no longer used with #3733
 2015-01-30 13:06:28 -08:00
Satnam Singh d8bda4006a Increase API rate limit on read only port of apiserver 2015-01-30 11:58:59 -08:00
Deyuan Deng c793c4f0ab Sync node status from node controller to master. 2015-01-29 23:17:15 -05:00
Satnam Singh 7d9845fc83 Parameterize API rate limits for apiserver 2015-01-28 15:08:08 -08:00
derekwaynecarr 4887d71c51 Implement resource quota admission plugin 2015-01-28 15:03:19 -05:00
derekwaynecarr 74f368f50e Modified LimitRangeItem.Kind to LimitRangeItem.Type, added example files 2015-01-27 16:41:28 -05:00
Joe Beda 224ffa4567 Merge pull request #3480 from jbeda/all_pflag 
Convert all main binaries to pflag library
 2015-01-15 11:26:41 -08:00
Eric Tune bc25748b36 Merge pull request #3472 from derekwaynecarr/default_cpu_mem 
Admission control plugin for resource defaults
 2015-01-15 09:35:17 -08:00
Joe Beda 6bd6b905f5 Address code review comments 
Add some documentation.
Create new util.InitFlags() function to merge and parse in one step.
 2015-01-15 09:12:20 -08:00
Joe Beda dcd00c936e Move all kubernetes to posix flags 2015-01-15 09:12:19 -08:00
Paul Morie fd834ae84d Pods should see services only from their own ns 2015-01-14 17:06:36 -05:00
derekwaynecarr 7f724867c2 Admission control plugin for resource defaults 2015-01-14 15:28:59 -05:00
Clayton Coleman 7fd887df61 Enable v1beta3 API via --runtime_config=api/v1beta3 flag 
This exposes the proper v1beta3 API endpoint when the user specifies
the --runtime_config=api/v1beta3 argument to the apiserver. v1beta3
is still considered experimental and subject to change.

--runtime_config is a map of string keys and values, that can be
specified by providing

    --runtime_config=a=b,b=c,d,e

Only the key must be specified, the value can be omitted.

Enables v1beta3 in hack/local-up-cluster.sh and hack/test-cmd.sh
 2015-01-08 13:01:24 -05:00
derekwaynecarr a56087cdf8 Remove client from attributes, remove admission control interface, fix-up error codes 2015-01-07 14:42:31 -05:00
derekwaynecarr 520ae3ef27 Implement basic admission control framework 2015-01-07 14:42:31 -05:00
Jordan Liggitt b36a44f036 Automatically serve API on https with self-signed cert 2015-01-06 09:36:29 -05:00
Clayton Coleman cd4135666e Make Swagger API support optional, so that consumers can define their own 
OpenShift would like to also enable swagger, but we need to register our
services as swagger services prior to the SwaggerAPI being started. I've
added a bool (default false) to master.Config to enable swagger, and split
the method in master out so that a downstream consumer can call it.
 2014-12-15 15:29:55 -05:00