7760d079ae
Update SSH User For Master SSH Check
2015-06-12 15:38:48 -05:00
d82bfffe9d
Use RSA to Generate Fingerprint
2015-06-12 15:29:37 -05:00
675d8378f2
Optionalize (default false) --insecure-registry.
2015-06-11 16:33:14 -07:00
82aa8f9984
Merge pull request #9371 from justinsb/aws_support_wheezy
...
AWS: Support wheezy, for parity with GCE
2015-06-11 15:08:32 -07:00
064e7146e1
Merge pull request #9481 from justinsb/aws_fix_push
...
AWS: Include (idempotent) ensure-temp-dir in upload-server-tars
2015-06-11 11:24:18 -07:00
4db5b6f465
AWS: Don't change the default OS
...
It may be that we should change the default, but that is a big move,
late in the day, and it warrants its own discussion.
2015-06-11 13:02:33 -04:00
8aae864784
AWS: Support wheezy, for parity with GCE
2015-06-09 23:45:41 -04:00
fba6462c0b
Merge pull request #9377 from justinsb/aws_persistent_mounts
...
AWS: add mounts to fstab
2015-06-09 12:57:43 -07:00
82f922b61d
Merge pull request #9378 from justinsb/aws_no_thin_on_wheezy
...
AWS: Disable thin LVM provisioning on wheezy
2015-06-09 10:01:04 -07:00
e19e4bcd12
Merge pull request #9365 from justinsb/fix_9246
...
AWS: Only log "Starting cluster using os distro..." in kube-up
2015-06-09 09:51:22 -07:00
37ed34261e
Merge pull request #9364 from justinsb/fix_aws_local_not_in_function
...
AWS: Fix script issue where local used outside of function
2015-06-09 09:50:43 -07:00
d92863523f
AWS: Include (idempotent) ensure-temp-dir in upload-server-tars
...
This way we won't forget it. Fixes kube-push, where I forgot it.
2015-06-09 11:10:15 -04:00
e14d9038fe
Merge pull request #9367 from justinsb/aws_ssh_check
...
AWS: Check for SSH connectivity & better logging on failure
2015-06-08 16:48:04 -07:00
d955e532f9
AWS: Add mounts to fstab, to survive reboot
2015-06-08 18:07:22 -04:00
f6440247ca
AWS: Don't thin provision LVM volume on wheezy
...
Thin provisioning isn't supported (unless you backport from jessie).
Just use normal LVM volumes with aufs.
2015-06-08 18:06:24 -04:00
1c229e5284
Removed extra blank line in aws util.sh
2015-06-08 16:59:03 -04:00
2619b6198a
AWS: Mount ephemeral devices, even if not specified in the AMI
...
We mount up to 4; this covers almost all instance types.
2015-06-08 16:59:03 -04:00
72496e7368
AWS: Check for SSH connectivity & better logging on failure
2015-06-06 14:27:41 -04:00
a9e1e1033b
AWS: Only log "Starting cluster using os distro..." in kube-up
...
Fixes #9246
2015-06-06 12:48:49 -04:00
24de0b4598
AWS: Fix script issue where local used outside of function
2015-06-06 12:19:30 -04:00
112a013567
AWS: Support different docker storage mechanism by setting DOCKER_STORAGE
...
For parity with GCE, we really want to support aufs.
But we previously supported btrfs, so we want to expose that.
Most of the work here is required for aufs, and we let advanced users choose
devicemapper/btrfs if they have a setup that works for those configurations.
2015-06-06 12:13:51 -04:00
48e8a8b0ec
AWS: Set up security groups, to mirror GCE firewalling
...
Some slightly fussy code to enable load-balancers to talk to
instances, but otherwise relatively simple.
2015-06-05 16:10:08 -04:00
33a3d884f2
AWS: Filter by Cluster tag, rationalize EC2 abstraction
...
Whenever we do a list we now filter on tags so we only see resources relating
to our cluster.
Also, rationalize all the DescribeX calls:
* They all take a request object (so that we can pass filters)
* They do paging if that is required (and return the underlying resources)
* They wrap any error with a "error while listing X: %v" message
2015-06-05 16:09:01 -04:00
710df2b619
Merge pull request #9294 from justinsb/aws_ssh_key_fingerprint
...
AWS: Support multiple SSH keys (embed the hash in the name)
2015-06-05 09:37:31 -07:00
d8dc416b5b
AWS: Support multiple SSH keys (embed the hash in the name)
...
This should eliminate a nasty problem where the script doesn't cope well if
your keys don't match.
2015-06-04 21:40:57 -04:00
c92c63b3a9
AWS: Use s3 sync to optimize upload to s3 when nothing changed
2015-06-04 10:14:45 -04:00
2b4d37427e
Update Master IAM Policy to Include ELB
2015-06-03 12:20:19 -05:00
3c067b766a
Merge pull request #8996 from manolitto/aws_cluster_monitoring_fix
...
aws: fix cluster monitoring (new option "influxdb" instead of "true")
2015-06-01 13:43:43 -07:00
5b3e01d2fd
Merge pull request #8653 from matschaffer/s3-creation-wait
...
Check that s3 bucket has been created
2015-06-01 10:29:03 -07:00
8c8f8feb62
aws: fix cluster monitoring ("none" instead of "false")
2015-06-01 09:12:41 +02:00
c4a2631593
Mount logic breaks if /var/lib/kubelet is a symlink
...
Pass the correct kubelet root-dir on AWS
2015-05-29 20:13:09 -04:00
ff51f0b2e1
Merge pull request #8696 from derekwaynecarr/force_namespace_creation
...
Force explicit namespace provision, update e2e for failures
2015-05-29 09:28:47 -07:00
635b6bc097
aws: fix cluster monitoring (new option "influxdb" instead of "true")
2015-05-29 11:15:21 +02:00
ac3cc3c518
Rename PORTAL_NET all over
2015-05-28 16:10:44 -07:00
3e8b1d5e01
Update all salt providers to force explicit namespace creation; update e2e
2015-05-28 13:45:49 -04:00
e7ae425385
Colorize errors for consistency with other checks
2015-05-23 16:12:24 +09:00
26736e494c
Check that s3 bucket has been created
...
Fixes #8395
2015-05-22 14:12:36 +09:00
04c4d25065
Merge pull request #7905 from bakins/aws-coreos
...
AWS: use CoreOS for nodes
2015-05-21 09:05:56 -07:00
4ba22e713a
Merge pull request #8296 from jlowdermilk/gen-analytics
...
Add ga-beacon analytics to gendocs scripts
2015-05-18 08:40:02 -07:00
87dfddb259
AWS: Set MASTER_RESERVED_IP in config-default.sh
...
Otherwise jenkins fails
2015-05-16 20:32:23 -04:00
553f9f822b
Add ga-beacon analytics to gendocs scripts
...
hack/run-gendocs.sh puts ga-beacon analytics link into all md files,
hack/verify-gendocs.sh verifies presence of link.
2015-05-15 18:56:38 -07:00
ce4b54ec70
Merge pull request #8209 from krousey/v1beta1_cluster
...
Removing some v1beta1 uses in cluster/
2015-05-15 14:56:41 -07:00
98c457c397
Updating /cluster to use v1beta 3 specs, and change a lot of polling to
...
healthz instead of api endpoints.
2015-05-15 14:17:55 -07:00
9d6c032929
Merge pull request #7888 from madis/associate_aws_elastic_ip_with_master
...
Associate master instance with AWS Elastic IP
2015-05-14 13:18:19 -07:00
15643a2c72
Add 'auto' option for MASTER_RESERVED_IP. No ElasticIP allocation by default.
...
Default behaviour when setting up a cluster is using the Amazon-assigned public ip.
It will change between reboots. If MASTER_RESERVED_IP is set to 'auto', new Elastic
IP will be allocated & assigned to master. If MASTER_RESERVED_IP is set to an existing
Elastic IP, it will be used. When something fails, original Amazon-given IP will be used.
2015-05-14 08:33:07 +03:00
fac4350fa6
Initial addition of CoreOS as minion for AWS cluster
2015-05-13 16:39:22 -04:00
9454d58547
Merge pull request #8127 from liggitt/service_account_admission
...
Add ServiceAccount admission plugin
2015-05-13 14:03:11 -04:00
02f3a32196
Merge pull request #8131 from justinsb/aws_install_salt_gce_style
...
Install specific salt version on AWS, based on GCE
2015-05-13 06:55:32 -07:00
eb220f05a6
Properly get return value (considering errexit). Quote variables.
2015-05-13 10:45:51 +03:00
d4d02a9028
Optionally associate master instance with AWS Elastic IP
...
When MASTER_RESERVED_IP is set to elastic IP from AWS, then aws/util.sh will
associate it with master instance and assign it to KUBE_MASTER_IP. If no MASTER_RESERVED_IP
is set, new elastic ip will be requested from amazon. This allows cluster certificates to
be generated for an IP that doesn't change between stopping & starting cluster instances.
The requested elastic ip is not released when kube-down.sh is run. I think it is good
because user could have created DNS records and it would be bad if the IP was removed.
He can reuse it next time through MASTER_RESERVED_IP when setting up cluster again.
2015-05-13 10:45:51 +03:00
23b1a22203
AWS: Don't use policy-rc.d to prevent starting daemons until we're ready
...
It isn't required
2015-05-12 21:18:48 -04:00
7d620c20b9
Merge pull request #8105 from thockin/dns-domain
...
Rename default DNS domain to cluster.local
2015-05-12 17:18:45 -04:00
ffb0e7f9b8
Install specific salt version on AWS, based on GCE
...
The latest salt version breaks the container_bridge.py _state function
We can lock to the same version as GCE. This is not a full fix,
because we can't update to the latest salt without breaking GCE,
but this at least unbreaks and sync AWS with GCE.
This isn't a straight copy from GCE, because we still use
the salt master on AWS (for now)
Fixes #8114
2015-05-12 16:33:56 -04:00
e5d47081a2
Add ServiceAccount admission plugin
2015-05-12 15:19:05 -04:00
e83e49b076
rename default DNS domain to cluster.local
2015-05-11 23:00:43 -07:00
7e14a80f63
ServiceAccount admission plugin
2015-05-11 17:18:06 -04:00
3cf8d72d96
Copy some new properties from config-default => config.test
...
ENABLE_MINION_PUBLIC_IP was causing a failure because the variable wasn't declared.
ADMISSION_CONTROL should just be set the same for both test & default
2015-05-08 14:30:17 -07:00
c5c62f7d57
fixed second missing $ and added curly brackets
2015-05-08 17:18:52 +02:00
1119340260
fixed missing $
2015-05-08 16:58:49 +02:00
96d34c1106
AWS: added docs for KUBE_ENABLE_MINION_PUBLIC_IP option
2015-05-08 16:56:06 +02:00
205ed2bf6e
AWS: make it possible to disable minion public ip association
2015-05-08 00:09:47 +02:00
875e83a741
Revert "Revert "Security context - types, kubelet, admission""
2015-05-05 16:02:13 -07:00
f48904fd5e
Revert "Security context - types, kubelet, admission"
2015-05-05 15:20:39 -07:00
982bf19c20
security context initial implementation - squash
2015-05-05 13:46:13 -04:00
c6d4c24f37
Merge pull request #7736 from justinsb/aws_fix_known_tokens_file
...
AWS: Fix variable naming that meant not all tokens were written
2015-05-04 14:34:11 -07:00
96f0a39172
AWS: Fix variable naming that meant not all tokens were written
...
To resolve the inconsistency, chose to go closer to GCE
2015-05-04 17:28:24 -04:00
57f7b658bb
AWS: Change apiserver to listen on 443 directly, not through nginx
...
Mirrors changes in GCE. I think the same changes will be needed for vagrant.
2015-05-02 16:59:04 -04:00
6b3a6e6b98
Make copyright ownership statement generic
...
Instead of saying "Google Inc." (which is not always correct) say "The
Kubernetes Authors", which is generic.
2015-05-01 17:49:56 -04:00
6e810492fb
Fixed name of kube-proxy path in deployment scripts.
2015-04-28 10:10:37 +02:00
39c5bf363b
Merge pull request #7303 from erictune/kube_env3
...
kube-proxy uses token to access port 443 of apiserver
2015-04-27 14:33:53 -07:00
637cd57a25
Merge pull request #6606 from gust1n/aws-existing-vpc
...
AWS: Improving getting existing VPC and subnet
2015-04-27 11:11:25 -07:00
5ccfc0a225
Merge pull request #6006 from justinsb/aws_multiple_clusters
...
First step to supporting multiple k8s clusters
2015-04-27 10:11:03 -07:00
9044177bb6
Generate a token for kube-proxy.
...
Tested on GCE.
Includes untested modifications for AWS and Vagrant.
No changes for any other distros.
Probably will work on other up-to-date providers
but beware. Symptom would be that service proxying
stops working.
1. Generates a token kube-proxy in AWS, GCE, and Vagrant setup scripts.
1. Distributes the token via salt-overlay, and salt to /var/lib/kube-proxy/kubeconfig
1. Changes kube-proxy args:
- use the --kubeconfig argument
- changes --master argument from http://MASTER:7080 to https://MASTER
- http -> https
- explicit port 7080 -> implied 443
Possible ways this might break other distros:
Mitigation: there is an default empty kubeconfig file.
If the distro does not populate the salt-overlay, then
it should get the empty, which parses to an empty
object, which, combined with the --master argument,
should still work.
Mitigation:
- azure: Special case to use 7080 in
- rackspace: way out of date, so don't care.
- vsphere: way out of date, so don't care.
- other distros: not using salt.
2015-04-27 08:59:57 -07:00
645d6d1f26
Use existing subnet when launching AWS cluster in existing VPC
2015-04-23 11:01:17 +02:00
9253ae6dca
AWS: Fix some bash style problems: variable quoting & locals
2015-04-22 18:30:09 -07:00
924015dc94
Merge pull request #7182 from justinsb/aws_fix_hostname
...
AWS: Set hostname_override for minions, back to fully-qualified name
2015-04-22 14:13:53 -07:00
4120849cc4
AWS: Set hostname_override for minions, back to fully-qualified name
...
This is a stop-gap fix; we'd really like to use EC2 instance ids, but that is
blocked by #7092 or changing that health-check to not assume that the node name
is resolvable.
This stop-gap essentially reverts #7072 for AWS
2015-04-22 11:28:53 -07:00
86468cd29d
Revert "Added kube-proxy token."
2015-04-22 10:55:08 -07:00
b98f93bb4b
Merge pull request #7112 from erictune/kubeconfig-secrets
...
Extend PR#5470 for AWS and Vagrant
2015-04-22 09:25:53 -07:00
2ca8a9d15d
Added kube-proxy token.
...
Generates the new token on AWS, GCE, Vagrant.
Renames instance metadata from "kube-token" to "kubelet-token".
(Is this okay for GKE?)
Having separate tokens for kubelet and kube-proxy permits
using principle of least privilege, makes it easy to
rate limit the clients separately, allows annotation
of apiserver logs with the client identity at a finer grain
than just source-ip.
2015-04-21 09:21:31 -07:00
7475efbcfb
Extend PR#5470 for AWS and Vagrant
2015-04-21 08:22:31 -07:00
45b658ea7c
AWS: don't try to create undefined config_dir
2015-04-20 19:14:16 -07:00
82190a58b1
Merge pull request #7026 from justinsb/aws_use_ssl_for_salt
...
AWS: master should download salt using SSL
2015-04-20 11:58:47 -07:00
3787fc5eca
set KUBECONFIG in common.sh, default to new location
...
and preserve value in ginkgo e2e test driver
2015-04-20 11:07:35 -07:00
4f6dc99075
Generate kubeconfig for all providers in cluster/ that use auth
2015-04-20 11:07:35 -07:00
7d3fe2154e
AWS: master should download salt using SSL
...
The minion already does, but the master was using plain http.
2015-04-18 12:38:52 -07:00
b2bce12b6c
AWS: Move /var/lib/kubelet to /mnt
...
The backing for empty-dir volumes otherwise consumes all our disk space
2015-04-17 06:46:08 -07:00
72687184b9
Don't always use aws.conf
...
We don't usually need it, and it makes it harder to put apiserver into a container.
2015-04-14 09:30:00 -07:00
034412aff1
Support multiple k8s clusters
2015-04-10 13:25:43 -07:00
49543aca61
Update IAM permissions for minion, to allow EBS
2015-04-10 13:25:42 -07:00
ca6f1a1bc7
Merge pull request #6476 from deads2k/deads-fix-kubeconfig-serialization
...
fix kubeconfig serialization
2015-04-09 09:41:26 -07:00
2426366ec8
Update cAdvisor with moved docker root on AWS
...
We set up a symlink now, and we also pass docker_root into the kubelet.
The symlink is probably sufficient, but doing both feels safer.
2015-04-07 10:40:22 -07:00
609208b8b5
update scripts with correct templates
2015-04-07 08:07:24 -04:00
5d7f86b041
More options documentation
2015-04-03 13:44:06 -07:00
2fb573c482
Create instances in the specified AZ
2015-04-03 08:04:53 -07:00
fc8ba8d77b
Merge pull request #6011 from justinsb/aws_specify_zone
...
Fix AWS region vs zone
2015-03-31 12:26:05 -07:00
edbebd653c
Fix S3 location handling for US classic
2015-03-31 05:42:10 -07:00
07ffc26a61
Fix typo in docs
2015-03-30 06:01:00 -07:00
194143e61b
Use the correct region for the S3 bucket
...
We may not have created the bucket!
2015-03-27 12:58:47 -07:00
7179f5f004
Change AWS_ZONE to ZONE, for compatibility with e2e tests
2015-03-27 08:53:45 -07:00
Adam Sunderland