github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
17,052 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

411 Commits (9c4802420be985353df1eb6085679321fd043458)

Author SHA1 Message Date
Eric Paris 7a29af4d2c Add Subject Alt Names to self signed apiserver certs 
A cert from GCE shows:
- IP Address:23.236.49.122
- IP Address:10.0.0.1
- DNS:kubernetes,
- DNS:kubernetes.default
- DNS:kubernetes.default.svc
- DNS:kubernetes.default.svc.cluster.local
- DNS:e2e-test-zml-master

A similarly configured self signed cert shows:
- IP Address:23.236.49.122
- IP Address:10.0.0.1
- DNS:kubernetes
- DNS:kubernetes.default
- DNS:kubernetes.default.svc

So we are missing the fqdn kubernetes.default.svc.cluster.local. The
apiserver does not even know the fqdn! it's defined entirely by the
kubelet! We also do not have the cluster name certificate. This may be
--cluster-name= argument to the apiserver but will take a bit more
research.
 2015-07-01 17:05:17 -04:00
CJ Cullen ea2d617944 Don't hold lock while opening new sshTunnels. 2015-06-29 16:16:25 -07:00
Maxwell Forbes 712f303350 Merge pull request #9736 from sdminonne/bug_fix2 
To add validation for service ports when defined as string
 2015-06-25 19:37:04 -07:00
Brendan Burns f4e97be78e Switch to using the official etcd health check. 2015-06-24 10:18:39 -07:00
Wojciech Tyczynski 23d405ad86 Expose /resetMetrics handle in apiserver 2015-06-23 11:12:45 +02:00
Salvatore Dario Minonne 4b13faa346 To add validation for service ports when defined as string (fixing issue #9734) 2015-06-22 17:21:51 +02:00
Filip Grzadkowski 4c0c7dd879 Fix intializing IP/Port allocators when etcd is not reachable. 2015-06-19 21:20:52 +02:00
Satnam Singh d8e5225144 Merge pull request #10069 from lavalamp/sshLockingFix 
fix locking around ssh tunnels
 2015-06-18 17:50:06 -07:00
Daniel Smith 4126622388 fix locking around ssh tunnels 2015-06-18 16:52:10 -07:00
Satnam Singh 3e7799d9a8 Merge pull request #9845 from liggitt/kubernetes_service_uid 
Apply BeforeCreate logic to kubernetes service
 2015-06-18 16:28:49 -07:00
Satnam Singh 28197e07d6 Merge pull request #9841 from smarterclayton/fix_apiserver_abstractions 
Cleaning up apiserver method signatures
 2015-06-18 15:36:52 -07:00
Clayton Coleman debd42a07d Cleaning up apiserver method signatures 
A lot of the changes in apiserver could have been represented more
cleanly - this returns the signatures to their older behavior (and
unbreaks OpenShift).
 2015-06-18 15:13:41 -04:00
Satnam Singh 798739f013 Merge pull request #10006 from brendandburns/ssh 
Truncate SSH usernames to 32 chars.
 2015-06-18 11:44:26 -07:00
Brendan Burns 075c075b9e Truncate SSH usernames to 32 chars. 2015-06-17 23:10:32 -07:00
CJ Cullen 15596ede41 Make AddSSHKeys a controller loop. Make sure master's always initializes m.tunnels. 2015-06-17 17:46:27 -07:00
Jordan Liggitt e869d5c6fc Apply BeforeCreate logic to kubernetes service 2015-06-16 21:08:42 -04:00
CJ Cullen 48f672af92 Change SSHTunnelList to struct to make Open() semantics better. 2015-06-16 10:36:38 -07:00
CJ Cullen 66fb8ccb02 Add ssh tunnel-open metrics 2015-06-15 17:28:54 -07:00
CJ Cullen faa9313eea Fix several potential crashes in sshtunnel open/close code. 2015-06-15 14:38:37 -07:00
Justin Santa Barbara 6f3879e3bb Actually pass down ServiceNodePortRange so it is used 
Also fix default range to match what we've documented (off-by-one)

Fix #9318
 2015-06-08 18:03:42 -04:00
CJ Cullen 9ab329827a Change sshproxy to poll registry for nodes every 10 seconds (reduces window where closed tunnels from scaling down may exist). 2015-06-05 15:24:17 -07:00
CJ Cullen cb317604ab Some refactoring. Only selectively use ssh proxy. 
Add NetworkName to gce.Config.
Add locking to uses of master.tunnels.
 2015-06-05 14:55:16 -07:00
CJ Cullen 1ae8801387 Fix transport creation logic. 
Refactor loadTunnels to allow one path for load, another for refresh.
Make SSHTunnelList.Close sleep for a minute before actually closing each tunnel.
 2015-06-05 14:55:16 -07:00
Brendan Burns 7ea533d871 Add the SSHTunnel transport to the kubelet client. 2015-06-05 14:55:15 -07:00
CJ Cullen de9a5f43bc Specify sshUser, sshKeyfile in kube-apiserver manifest. 
Trim space on ssh key so GCE doesn't treat it as 2 lines.
A couple other minor fixes.
 2015-06-05 14:55:15 -07:00
Brendan Burns 5115fd5703 Add key generation. 2015-06-05 14:55:15 -07:00
Brendan Burns 30a89968a4 Initial proxy tunnelling. 2015-06-05 14:54:20 -07:00
Quinton Hoole 521446503a Merge pull request #9269 from caesarxuchao/make-v1-enabled-by-default 
Make v1 enabled by default
 2015-06-04 13:29:48 -07:00
Chao Xu ef61b031f5 make v1 enabled by default 2015-06-04 11:37:44 -07:00
Chao Xu c2e21fe5d7 use c.EtcdHelper in master.go 2015-06-04 09:39:05 -07:00
Daniel Smith 1690617ee6 remove ro service 2015-06-03 16:45:54 -07:00
Daniel Smith 3f454b7599 remove ro refs from more places 2015-06-03 15:41:09 -07:00
Prashanth Balasubramanian 0162529ea5 Default minRequestTimeout to 1800s 2015-06-03 08:47:45 -07:00
Prashanth Balasubramanian 448867073d Pipe minRequestTimeout as an arg to the apiserver 2015-06-03 08:44:14 -07:00
CJ Cullen 934c553c04 Clarify description/usage of --advertise-address, Master.PublicAddress 2015-06-02 15:23:32 -07:00
CJ Cullen 085a48a70e Add an advertise-address flag. This allows the address that the apiserver binds 
to (possibly 0.0.0.0) to be different than the address on which members of the cluster
can reach the apiserver (possibly not a local interface).
 2015-06-02 14:33:15 -07:00
Kris f4e2c738f6 Delete deprecated API versions 
pkg/service:

There were a couple of references here just as a reminder to change the
behavior of findPort. As of v1beta3, TargetPort was always defaulted, so
we could remove findDefaultPort and related tests.

pkg/apiserver:

The tests were using versioned API codecs for some of their encoding
tests. Necessary API types had to be written and registered with the
fake versioned codecs.

pkg/kubectl:

Some tests were converted to current versions where it made sense.
 2015-05-29 17:17:35 -07:00
Tim Hockin 4318ca5a8b Rename 'portal IP' to 'cluster IP' most everywhere 
This covers obvious transforms, but not --portal_net, $PORTAL_NET and
similar.
 2015-05-28 16:10:44 -07:00
CJ Cullen 36d54b2094 Remove /Validate endpoint 2015-05-26 10:49:18 -07:00
Justin Santa Barbara 9255770068 Fix a few occurences of old language (e.g. visibility -> ServiceType) 2015-05-22 19:14:28 -04:00
Justin Santa Barbara 3bb2fe2425 Create port allocator, based on IP allocator mechanism 
Including some refactoring of IP allocator
 2015-05-22 19:14:28 -04:00
Tim Hockin a548d542db Rename AffinityType to ServiceAffinity 2015-05-18 17:21:30 -07:00
nikhiljindal fa9f864782 Adding a script to update etcd objects 2015-05-15 16:20:35 -07:00
Nikhil Jindal d75bd8bf2a Merge pull request #7101 from liggitt/service_account 
ServiceAccounts
 2015-05-12 10:23:41 -07:00
Derek Carr c1158fa696 Merge pull request #7969 from smarterclayton/rest_fixes 
Fixes to apiserver for subresources and naming
 2015-05-12 10:57:34 -04:00
Nikhil Jindal 3d31883829 Merge pull request #8083 from brendandburns/kubectl 
Add a flag to disable legacy APIs
 2015-05-11 17:35:28 -07:00
Clayton Coleman 0617951ead Public read only port is incorrect in master 2015-05-11 19:20:38 -04:00
Brendan Burns d8f48290e9 Add a flag to disable legacy APIs 2015-05-11 16:09:25 -07:00
Jordan Liggitt 53d55f4192 Add ServiceAccount API type, client 2015-05-11 17:18:05 -04:00
Clayton Coleman 84d1f19016 Subresources should be in their parent rest scope 
A subresource like "Binding" does not necessarily have
to have a namespace.  The RESTScope of a subresource
should always be its parent resource.
 2015-05-11 15:51:05 -04:00
Clayton Coleman 5bcb96dae1 Separate out the master's control loops 
These are "Bootstrap Controllers" as distinct from
the controllers in the controller-manager binary - they
are necessary for the cluster to start running.
 2015-05-08 16:04:03 -04:00
Clayton Coleman e200d5a317 Make PortalIP alloc HA 
* Add an allocator which saves state in etcd
* Perform PortalIP allocation check on startup and periodically afterwards

Also expose methods in master for downstream components to handle IP allocation
/ master registration themselves.
 2015-05-08 13:34:16 -04:00
Quinton Hoole 8a4a39d9b4 Merge pull request #7273 from lavalamp/fix7 
fix master service endpoint system for multiple masters
 2015-05-05 11:59:30 -07:00
Wojciech Tyczynski bd3d853242 Merge pull request #7737 from lavalamp/fixTimeAfter 
Reduce usage of time.After
 2015-05-05 09:28:07 +02:00
Daniel Smith a41a57cfe1 fix master service endpoint system for multiple masters 2015-05-04 22:55:51 -07:00
Fabio Yeon 1709cf0dbb Remove node status from "componentstatuses" call. 
The legacy "/validate" behavior remains unchanged.
 2015-05-04 14:34:20 -07:00
Daniel Smith 16a6fb8ef7 Replace calls to time.After with time.NewTimer for explicit stopping 2015-05-04 14:29:33 -07:00
Eric Paris 6b3a6e6b98 Make copyright ownership statement generic 
Instead of saying "Google Inc." (which is not always correct) say "The
Kubernetes Authors", which is generic.
 2015-05-01 17:49:56 -04:00
Filip Grzadkowski 15e9bfd9ae Add a simple cache for objects stored in etcd. 2015-04-30 12:08:56 +02:00
CJ Cullen 182f47ee3d Revert "Add a simple cache for objects stored in etcd" 2015-04-29 12:06:52 -07:00
Daniel Smith 2802b18b0a Merge pull request #7288 from fgrzadkowski/perf 
Add a simple cache for objects stored in etcd
 2015-04-29 09:00:33 -07:00
Paul Morie 8fa21ebd62 Merge pull request #7419 from liggitt/secrets_etcd 
Convert Secret registry to use update/create strategy, allow filtering by Type
 2015-04-29 09:59:22 -04:00
Filip Grzadkowski 016e20167b Add a simple cache for objects stored in etcd. 2015-04-29 13:14:31 +02:00
Brian Grant a4316aa638 Merge pull request #7454 from nikhiljindal/v1 
Cloning v1beta3 as v1 and exposing it in the apiserver
 2015-04-28 18:06:57 -07:00
nikhiljindal c4d7e19c8c Cloning v1beta3 as v1 and exposing it in the apiserver 2015-04-28 16:06:03 -07:00
Jordan Liggitt ac67fff1cf Convert Secret registry to use update/create strategy, allow filtering by Type 2015-04-28 15:00:20 -04:00
Robert Bailey 4304b1d24a Set the 'WWW-Authenticate' header on 401 responses when basic 
auth is enabled. This is required for basic auth to work with
web browsers.
 2015-04-28 11:00:05 -07:00
Daniel Smith 83093af8b0 Merge pull request #5707 from endocode/kbeecher/etcd_prefix 
Adds ability to define a prefix for etcd paths
 2015-04-27 13:37:43 -07:00
Karl Beecher a7623ca6cc Adds ability to define a prefix for etcd paths 
The API server can be supplied (via a command line flag) with a custom
prefix that is prepended to etcd resources paths.

Refs: #3476
 2015-04-24 12:12:39 +02:00
nikhiljindal 120904df5f Fixing serviceErrorHandler to use apiVersion specific codec 2015-04-23 14:32:05 -07:00
Clayton Coleman 10c2ace6bf Pod Templates 2015-04-22 12:54:25 -04:00
Fabio Yeon 951a125751 Add "componentstatus" to API for easier cluster health check. 2015-04-17 11:58:23 -07:00
Clayton Coleman b3f03b934d Merge pull request #6869 from csrwng/pod_connect 
Pod proxy, portforward and exec subresources
 2015-04-17 09:49:12 -04:00
nikhiljindal f9132dc572 Registering serviceErrorHandler with go-restful 2015-04-16 14:59:44 -07:00
Cesar Wong d672363387 Pod proxy, exec and portforward subresources 
Makes it possible to access the following subresources:

/namespaces/<ns>/pods/<pod-name>[:port]/proxy
/namespaces/<ns>/pods/<pod-name>/exec?container=<container>&command=<cmd>
/namespaces/<ns>/pods/<pod-name>/portforward
 2015-04-16 10:20:17 -04:00
Alex Robinson 2b14fc1d14 Remove the cloud provider field from the services REST handler and the master 
now that load balancers are handled by the ServiceController.
 2015-04-14 18:56:47 +00:00
Daniel Smith 629d94657e Merge pull request #6624 from gmarek/status_to_subresource 
Update NodeStatus use subresources.
 2015-04-09 16:00:15 -07:00
Wojciech Tyczynski 0e5b478b4d ListMinions support for selectors 2015-04-09 14:22:09 +02:00
gmarek ccc56d3c3c Update NodeStatus use subresources. 2015-04-09 14:07:40 +02:00
Tim Hockin f2c8decffe Clarify network-related flags in the master 
Rename and rejigger flags to make it more obvious what is happening.  Change
the default listen from ChooseHostInterface() to 0.0.0.0.
 2015-04-07 15:55:51 -07:00
Derek Carr 27c12d5160 Merge pull request #6473 from markturansky/yoko_pv_client 
Added PVClaim status subresource
 2015-04-07 11:39:58 -04:00
Cesar Wong 8df4758ee9 Pod log subresource 
Adds a Log subresource to Pod storage. The Log subresource implements
rest.GetterWithOptions and produces a ResourceStreamer resource that
will stream the log output from the pod's host node.
 2015-04-07 07:56:24 -04:00
Cesar Wong 58a1b308c1 Refactor storage return for pod etcd storage 
Convert the return value of pods rest.NewStorage to a struct.
This will allow returning more storage objects for a pod (sub resources)
without awkwardly adding more return values.
 2015-04-07 07:46:30 -04:00
markturansky 4e528a847a added PVClaim status subresource 2015-04-06 14:42:22 -04:00
markturansky 95bd170ca2 PV & PVC Client implementation 2015-04-06 08:46:43 -04:00
Robert Bailey 4488ff95a2 Create an insecure (http) read-only port on the kubelet so that 
heapster can collect metrics. Update the heapster config to
point to the non-secured port.
 2015-04-02 10:45:49 -07:00
Robert Bailey f15e34a1bf Revert "Merge pull request #6309 from GoogleCloudPlatform/revert-6243-kubelet-ssl" 
This reverts commit 96a0a0d618, reversing
changes made to 2af9b54147.
 2015-04-02 10:44:37 -07:00
Robert Bailey 32a1c052dc Revert "Configure the kubelet to use HTTPS" 2015-04-01 13:59:31 -07:00
Robert Bailey 58bc792e68 Configure the master to connect to the kubelet using HTTPS. 2015-04-01 09:09:29 -07:00
Brian Grant af858c99e2 Merge pull request #6098 from nikhiljindal/enableInMaster 
Enabling v1beta3 api version by default in master
 2015-03-31 15:31:18 -07:00
Tim Hockin 186818d787 WIP: Implement multi-port Services 2015-03-30 19:28:11 -07:00
Robert Bailey bc8af553a3 Configure the kubelet to bind a simple healthz server to a localhost 
port for monitoring by monit. This is in preparation for the standard
kubelet port to switch to SSL only (and eventually to only accepting
connections on the SSL port that present a proper client SSL cert).

Also standardize the formatting of the monit config files a bit.
 2015-03-30 14:20:30 -07:00
nikhiljindal 478b7d5edf Repurposing enableV1beta3 to disableV1beta3 in master config to enable v1beta3 by default 2015-03-30 11:50:10 -07:00
Brian Grant f0da47b2dd Merge pull request #5763 from smarterclayton/get_input_parameters_versioned 
Expose versioned query parameters and make watch an operation on List
 2015-03-27 14:35:23 -07:00
Tim Hockin 8ae203825b Implement multi-port endpoints 
Instead of endpoints being a flat list, it is now a list of "subsets"
where each is a struct of {Addresses, Ports}.  To generate the list of
endpoints you need to take union of the Cartesian products of the
subsets.  This is compact in the vast majority of cases, yet still
represents named ports and corner cases (e.g. each pod has a different
port number).

This also stores subsets in a deterministic order (sorted by hash) to
avoid spurious updates and comparison problems.

This is a fully compatible change - old objects and clients will
keepworking as long as they don't need the new functionality.

This is the prep for multi-port Services, which will add API to produce
endpoints in this new structure.
 2015-03-27 12:36:32 -07:00
Clayton Coleman 1618c39a46 Convert List query parameters via object conversion 
Convert url.Values -> an object, with appropriate versioning. ListOptions
should also expose parameter names to swagger.
 2015-03-27 15:03:57 -04:00
Brendan Burns 7c684e4331 Pipe through the ability to set the external hostname for swagger URLs. 2015-03-25 21:08:05 -07:00
Masahiro Sano c49af0b7cb port minion registry to generic etcd 2015-03-26 02:44:35 +09:00
Saad Ali 1f50bd226b Merge pull request #5854 from fgrzadkowski/delete_pod_cache 
Delete pod_cache and rely on updating pod status by kublet.
 2015-03-25 09:17:09 -07:00
Filip Grzadkowski 74da3b14b0 Delete pod_cache and rely on updating pod status by kublet. 2015-03-25 15:08:09 +01:00