github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
19,272 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

528 Commits (f39fe2056df3d44ffbe66954433741eddbb6ba1b)

Author SHA1 Message Date
Brendan Burns dea86ed926 Add a missing ${PROJECT} 2015-06-15 16:59:08 -07:00
Fabio Yeon 19a7e87c06 Merge pull request #9813 from dchen1107/cleanup 
Using bigger nodes for e2e test on gce.
 2015-06-15 16:08:35 -07:00
Dawn Chen c78ac489aa Using bigger nodes for e2e test on gce. 2015-06-15 13:39:45 -07:00
Fabio Yeon b1465aee0b Merge pull request #9738 from quinton-hoole/2015-06-12-fix-e2e-projects 
Add missing gcloud --project flags introduced by PR #9016
 2015-06-15 09:53:36 -07:00
Brendan Burns 2c59a3c4a4 Fix the scripts to default empty string if EXTRA_DOCKER_OPTS isn't set. 2015-06-12 21:47:30 -07:00
Brendan Burns 51b20b35e2 Revert "Revert "Optionalize (default false) --insecure-registry."" 
This reverts commit 1645c9a9b8.
 2015-06-12 21:00:16 -07:00
Dawn Chen 1645c9a9b8 Revert "Optionalize (default false) --insecure-registry." 2015-06-12 17:50:38 -07:00
Satnam Singh 7f24215761 Make Google Cloud Logging the default for GCE 2015-06-12 17:12:03 -07:00
Abhi Shah a6bed65f06 Merge pull request #9685 from brendandburns/secure 
Optionalize (default false) --insecure-registry.
 2015-06-12 17:06:32 -07:00
Jeff Grafton fcba3136d0 Allow adding a suffix to the devel staging path for server tars on GCS. 
This is needed to allow multiple GCE e2e runs to occur using the same
project on Jenkins.
 2015-06-12 15:18:47 -07:00
Quinton Hoole 58885c7b48 Add missing gcloud --project flags introduced by PR 9016 2015-06-12 13:43:29 -07:00
Abhi Shah b3ab7d8db4 Merge pull request #9693 from zmerlynn/testing_container_vm 
Update GCE/debian to container-vm-v20150611
 2015-06-12 11:02:28 -07:00
Brendan Burns 455a787c69 Add a missing $PROJECT to the tear down. 2015-06-12 09:28:25 -07:00
Brendan Burns dcb09e73a9 Aggressively delete a cluster template if it exists. 2015-06-11 21:31:31 -07:00
Quinton Hoole 60d3f91dea Specify project when checking for existance of instance group templates. 2015-06-11 16:40:21 -07:00
Brendan Burns 675d8378f2 Optionalize (default false) --insecure-registry. 2015-06-11 16:33:14 -07:00
Zach Loafman c031708219 Update GCE/debian to container-vm-v20150611 
Updates:
- Docker 1.6.2
- /sys/fs/cgroup/memory/memory.use_hierarchy=1
 2015-06-11 16:10:08 -07:00
Abhi Shah 59a347d119 Merge pull request #9309 from saad-ali/issue9028 
Enable InfluxDB/Grafana for GCE in addition to GCL. Disable GCM
 2015-06-11 11:04:09 -07:00
Marek Grabowski ccb1b658b2 Merge pull request #9658 from fgrzadkowski/fix_failing_firewall 
Wait longer for firewall creation during e2e cluster setup.
 2015-06-11 15:40:35 +02:00
Filip Grzadkowski f93895dd36 Wait longer for firewall creation during e2e cluster setup. 2015-06-11 15:38:35 +02:00
Deyuan Deng 396fabf2af Document why we use 'tr -d' instead of 'base64 w0' 2015-06-10 16:24:20 -04:00
Mike Danese 1a6842e06e fix auth in gce/upgrade.sh 2015-06-09 22:33:34 -07:00
Robert Bailey aeb0068547 Add 'kubernetes' (the service name) and the master name as SANs on the 
master's certificate.
 2015-06-08 20:17:45 -07:00
Robert Bailey 2feb658ed7 Distribute the cluster CA cert to cluster addon pods through 
the kubeconfig file. Use the $KUBERNETES_MASTER_NAME from the
kube-env for skydns, because it can't use the service name.
 2015-06-08 20:17:45 -07:00
saadali a839f47d4a Disable GCM for GCE 2015-06-05 17:54:06 -07:00
CJ Cullen 04cd9b3c75 Make sshproxy use a hostmount on master PD (don't spam sshKeys on upgrade/reboot). 
Add comment describing what SSHTunnelList.Close() does.
Simplify util.FileExists.
 2015-06-05 15:03:03 -07:00
CJ Cullen cb317604ab Some refactoring. Only selectively use ssh proxy. 
Add NetworkName to gce.Config.
Add locking to uses of master.tunnels.
 2015-06-05 14:55:16 -07:00
saadali bc53533c83 Enable InfluxDB/Grafana for GCE in addition to GCM/GCL 2015-06-05 01:17:45 -07:00
Prashanth Balasubramanian f7c0f1c1e3 Set min-request-timeout in test clusters 2015-06-03 08:46:28 -07:00
Brian Grant 3da686fea5 Merge pull request #8894 from cjcullen/kmaster2 
Add an explicit variable to indicate whether an instance is master or not
 2015-06-02 20:37:43 -07:00
Brian Grant e77ded1e84 Merge pull request #8649 from cjcullen/servicefix 
Add an advertise-address flag
 2015-06-02 19:54:28 -07:00
Brian Grant 21147d784a Merge pull request #9074 from roberthbailey/unbound-var 
Don't assume that CA_CERT_BASE64 will be set.
 2015-06-02 18:52:49 -07:00
CJ Cullen dcf5b16cea Add an explicit KUBERNETES_MASTER variable to the kube-env. 2015-06-02 17:17:02 -07:00
CJ Cullen 934c553c04 Clarify description/usage of --advertise-address, Master.PublicAddress 2015-06-02 15:23:32 -07:00
CJ Cullen 085a48a70e Add an advertise-address flag. This allows the address that the apiserver binds 
to (possibly 0.0.0.0) to be different than the address on which members of the cluster
can reach the apiserver (possibly not a local interface).
 2015-06-02 14:33:15 -07:00
Filip Grzadkowski caafd28245 Retry downloading binary tars in case of unpack failure 2015-06-02 14:59:15 +02:00
Eric Tune 8195f13b86 Merge pull request #9063 from piosz/cluster_upgrade 
Refactored kube-push.sh script
 2015-06-01 13:47:15 -07:00
Eric Tune 43951b04d2 Merge pull request #9016 from goltermann/kube-down-fix 
GCE kube-down.sh error fixes
 2015-06-01 13:46:54 -07:00
Piotr Szczesniak 0142e4c9c2 Refactored kube-push.sh script 
The script allows also to push binaries only to the master or specified node.
Added support for released tars.

Introduced new push methods and implemented them for GCE.
 2015-06-01 21:21:00 +02:00
Robert Bailey 0c62b71f8a Don't assume that CA_CERT_BASE64 will be set. 2015-06-01 11:35:26 -07:00
goltermann 4c19734b71 Fix kube-down errors for GCE 2015-05-29 14:12:22 -07:00
Rohit Jnagal ff51f0b2e1 Merge pull request #8696 from derekwaynecarr/force_namespace_creation 
Force explicit namespace provision, update e2e for failures
 2015-05-29 09:28:47 -07:00
Wojciech Tyczynski 4fc38849ea Retry downloading tars in case of unpack failure 2015-05-29 13:06:24 +02:00
Tim Hockin ac3cc3c518 Rename PORTAL_NET all over 2015-05-28 16:10:44 -07:00
Tim Hockin 2c20c3664c Merge pull request #8902 from brendandburns/fix 
Turn off certificate checking for Mavericks, as the curl is borked.
 2015-05-28 15:32:50 -07:00
Tim Hockin 4ac239499b Merge pull request #8904 from justinsb/fix_8903 
GCE kube-up; write the marker only after we have uploaded the file
 2015-05-28 15:30:47 -07:00
derekwaynecarr 3e8b1d5e01 Update all salt providers to force explicit namespace creation; update e2e 2015-05-28 13:45:49 -04:00
Justin Santa Barbara 521cb0e85b Pass arg lists to gcloud as comma-separated single arg 
This should get rid of the scary warning messages on GCE up.

Fixes #8117
 2015-05-28 00:36:13 -04:00
Justin Santa Barbara dc11a5434a GCE kube-up; write the marker only after we have uploaded the file 
We can't write the marker before we upload the file, otherwise anything
that interrupts the upload will leave a corrupted upload that we believe
to be current.
 2015-05-27 23:33:29 -04:00
Brendan Burns e1c0e100b5 Turn off certificate checking for Mavericks, as the curl is borked. 2015-05-27 19:53:24 -07:00
Tim Hockin 93a67b75a0 Merge pull request #8537 from a-robinson/ssd 
Change the default master data disk on GCE to be a 20GB SSD
 2015-05-27 09:39:19 -07:00
Saad Ali 496be63c00 Merge pull request #8717 from saad-ali/gceUpgradeScriptNewParams 
Modify GCE upgrade script to not require exact version number
 2015-05-26 15:09:15 -07:00
Filip Grzadkowski e2c4a01b60 Merge pull request #8808 from fgrzadkowski/fix_warnings 
Fix WARNING during kube-push.sh
 2015-05-26 08:29:04 -07:00
Filip Grzadkowski 8fe771b4a3 Fix WARNING during kube-push.sh 2015-05-26 17:04:57 +02:00
Filip Grzadkowski 5b03939b84 Fix WARNING when creating firewall during e2e tests 2015-05-25 09:46:24 +02:00
Justin Santa Barbara ae80ed53cf Automatically open NodePort firewall rules for e2e tests 2015-05-22 22:39:40 -04:00
saadali 27c777d61d Modify GCE upgrade script to not require exact version number 2015-05-22 15:57:35 -07:00
Dawn Chen 677a4aa1a7 Merge pull request #8164 from cjcullen/cloudprovider 
Route creation reconciler loop.
 2015-05-22 12:27:50 -07:00
CJ Cullen e6da5b9601 Make routecontroller_test less hacky. 
Rename reconcilePodCIDRs to reconcileNodeCIDRs.
Add comments and TODOs about using controller framework.
 2015-05-21 18:05:11 -07:00
Zach Loafman 3e4a94080d Merge pull request #7938 from mbforbes/rollingUpgrade 
Rolling node upgrade
 2015-05-21 14:48:40 -07:00
CJ Cullen 0d12a15971 Route creation reconciler loop. 2015-05-20 14:21:30 -07:00
Yifan Gu 02eee4890b cluster/gce/coreos: Make rkt version configuable. 2015-05-20 12:08:32 -07:00
Alex Robinson 24c532bef1 Change the default master data disk on GCE to be a 20GB SSD. 2015-05-19 15:49:18 -07:00
Max Forbes 3437ac691a Rolling node upgrade 2015-05-19 11:42:34 -07:00
Daniel Smith ce4b54ec70 Merge pull request #8209 from krousey/v1beta1_cluster 
Removing some v1beta1 uses in cluster/
 2015-05-15 14:56:41 -07:00
Kris Rousey 98c457c397 Updating /cluster to use v1beta 3 specs, and change a lot of polling to 
healthz instead of api endpoints.
 2015-05-15 14:17:55 -07:00
Prashanth B 1f0b4c5e2a Merge pull request #8232 from zmerlynn/i8196 
Ensure basic DNS functionality before doing real work in configure-vm.sh
 2015-05-15 10:19:35 -07:00
CJ Cullen 213a1b5e71 Merge pull request #8290 from roberthbailey/unbound-var 
Fix an unbound variable error when CA_CERT isn't set.
 2015-05-14 15:51:55 -07:00
Robert Bailey 9edc359de7 Fix an unbound variable error when CA_CERT isn't set. 2015-05-14 15:42:16 -07:00
Robert Bailey a236f04a5f Remove newlines output by base64 on linux. 2015-05-14 15:39:26 -07:00
Robert Bailey 9ab41db7ea Static cert distribution for GCE. 
To make cert validation work, no longer use the
fqdn for the master name on the node VMs.
 2015-05-14 11:59:13 -07:00
Zach Loafman 06c22c699a Ensure basic DNS functionality before doing real work in configure-vm.sh 
Fixes #8196. Maybe. If my theory is correct on how we got there. Also
changes the inference of master to be based on the master name, not
the node instance prefix. That way if we somehow have a bogus
hostname, the master will configure itself as a node, the whole
cluster fails, and it's a ton more obvious.
 2015-05-13 19:12:53 -07:00
Dawn Chen 309a157665 Merge pull request #7984 from cjcullen/kubelet 
Kubelet configure cbr0 instead of configure-vm.sh
 2015-05-13 17:32:52 -07:00
saadali c118b6d603 Fix GCE kube-down incorrect MIG delete OpID 2015-05-13 15:06:43 -07:00
Robert Bailey c47b9178b4 Replace the auth config file with a kubeconfig file when 
starting the kubelet on GCE.
 2015-05-13 01:03:28 -07:00
CJ Cullen 5e3d2b9138 Kubelet configure cbr0 instead of configure-vm.sh 2015-05-12 23:00:12 -07:00
Quinton Hoole de0d59be05 Merge pull request #8096 from saad-ali/fixTemplateUpDown 
Make MIG deletion during GCE kube down blocking, so that subsequent template deletion doesn't fail.
 2015-05-12 17:05:13 -07:00
saadali 932cdd954d Clean up GCE kube-down script by using set e 2015-05-12 16:58:22 -07:00
Clayton Coleman 7d620c20b9 Merge pull request #8105 from thockin/dns-domain 
Rename default DNS domain to cluster.local
 2015-05-12 17:18:45 -04:00
Zach Loafman 0b0bace006 Merge pull request #8009 from mbforbes/refactorEnv 
Refactor master vs node kube-env and salt auth
 2015-05-12 13:37:54 -07:00
Max Forbes 76c89db5a8 Master vs node salt auth refactor in configure-vm.sh 2015-05-12 13:26:11 -07:00
Max Forbes 0acf8f9a00 Refactor GCE kube-env for both OSes. 2015-05-12 13:26:10 -07:00
Tim Hockin e83e49b076 rename default DNS domain to cluster.local 2015-05-11 23:00:43 -07:00
saadali c5b1508774 Make MIG deletion during GCE kube down blocking, so that subseqent template deletion doesn't fail. 2015-05-11 18:51:59 -07:00
Jordan Liggitt 7e14a80f63 ServiceAccount admission plugin 2015-05-11 17:18:06 -04:00
Nikhil Jindal 72ac82eba9 Merge pull request #8005 from lavalamp/kubectlFix 
Don't print debugging things on every run of kubectl.sh
 2015-05-11 10:19:37 -07:00
Filip Grzadkowski 26d14300e9 Increase disk size for kubernetes master. 
Signed-off-by: Filip Grzadkowski <filipg@google.com>
 2015-05-11 15:35:38 +02:00
Daniel Smith ccecb115ed Don't print debugging things on every run of kubectl.sh 2015-05-08 15:55:28 -07:00
Wojciech Tyczynski ca0f678b9a Merge pull request #7792 from pweil-/security-context-types 
SecurityContext admission clean up
 2015-05-07 10:43:43 +02:00
Maxwell Forbes 7426b533df Merge pull request #7862 from cjcullen/cbr0 
Remove restriction that cluster-cidr be a class-b
 2015-05-06 15:46:57 -07:00
saadali 4569de7a46 Enable Google Cloud Monitoring and Google Cloud Logging instead of 
Influxdb for Google Compute Engine deployments.
 2015-05-06 15:23:40 -07:00
CJ Cullen fbd125e4e2 Remove restriction that cluster-cidr be a class-b 2015-05-06 15:01:13 -07:00
Dawn Chen 07afcb2bce Merge pull request #7820 from zmerlynn/container-vm-v20150505 
Update to container-vm-v20150505 (Also updates GCE to Docker 1.6)
 2015-05-06 09:22:35 -07:00
Filipe Brandenburger b7f9e2cea0 Merge pull request #7651 from zmerlynn/upload_hash_in_util 
Also push .sha1 for devel builds
 2015-05-06 09:07:39 -07:00
Jerzy Szczepkowski 58962100db Merge pull request #7827 from zmerlynn/safe_format_cleanup 
Clean up safe_format_and_mount spam in the startup logs
 2015-05-06 10:50:32 +02:00
Robert Bailey 06c2f4e3d5 Merge pull request #7799 from cjcullen/test_pull_5246 
Fix sync problems in #5246
 2015-05-05 22:31:10 -07:00
Zach Loafman 399f7dee43 Clean up safe_format_and_mount spam in the startup logs 
Totally minor cleanup, but I'm tired of seeing it's spam in the
startup logs.
 2015-05-05 21:23:57 -07:00
Zach Loafman c78eabbfac Update to container-vm-v20150505 2015-05-05 17:15:54 -07:00
Jerzy Szczepkowski e967ffd522 Added flag to set cluster class B network address for pods, add flag to disable allocation CIDRs for Pods. Fixed synchornization bug in NodeController registerNodes(). 2015-05-05 16:10:43 -07:00
Tomek Kulczynski 290c7b94ef Make nodecontroller configure nodes' pod IP ranges 2015-05-05 16:10:42 -07:00
Zach Loafman 875e83a741 Revert "Revert "Security context - types, kubelet, admission"" 2015-05-05 16:02:13 -07:00
Zach Loafman f48904fd5e Revert "Security context - types, kubelet, admission" 2015-05-05 15:20:39 -07:00
Paul Weil 5acdf5e70b remove trailing comma. Add sc admission controller to ansible and systemd 2015-05-05 16:34:38 -04:00
Paul Weil 982bf19c20 security context initial implementation - squash 2015-05-05 13:46:13 -04:00
Zach Loafman 0c107e4c44 Also push .sha1 for devel builds 
And adds a .sha1 cache file to indicate what file was already pushed
to GCS, and how to force it if not, removing a few seconds off a
kube-up/push if you're just cycling.

With this and #7602, all TAR_URLS will have a .sha1 as well.
 2015-05-04 17:45:34 -07:00
Robert Bailey 9718d667a7 Merge pull request #7744 from zmerlynn/allow_builtin_salt 
Skip SaltStack install if it's already installed
 2015-05-04 16:32:56 -07:00
Zach Loafman dd7f3f7df7 Skip SaltStack install if it's already installed 
Next ContainerVM image will have SaltStack in it. Also be a little
less persnickety if it's found running. This isn't the case, but we
don't have to be aggressive.
 2015-05-04 16:12:53 -07:00
Yu-Ju Hong 5270ce6d28 Merge pull request #7671 from vmarmol/fix-metadata 
Make rkt-install a oneshot.
 2015-05-04 10:50:36 -07:00
Yu-Ju Hong c3ba88296b Merge pull request #7665 from vmarmol/cluster-rkt 
Provide container_runtime flag to Kubelet in CoreOS.
 2015-05-04 10:06:58 -07:00
Victor Marmol 9253249b19 Make rkt-install a oneshot. 
This will make our dependencies wait for us before they execute.
 2015-05-01 17:44:44 -07:00
Victor Marmol 727016dc30 Provide container_runtime flag to Kubelet in CoreOS. 2015-05-01 17:02:33 -07:00
Eric Paris 6b3a6e6b98 Make copyright ownership statement generic 
Instead of saying "Google Inc." (which is not always correct) say "The
Kubernetes Authors", which is generic.
 2015-05-01 17:49:56 -04:00
Brian Akins b311a12d90 Use the variable as this changes based on environment. 2015-04-30 12:40:09 -04:00
Yifan Gu 9ba1839f52 cluster/gce/coreos: Add metadata-service in node.yaml 2015-04-29 14:58:26 -07:00
Dawn Chen 876f8beec9 Remove unused node-name attribute 2015-04-28 16:13:26 -07:00
Dawn Chen 13a0b033e2 Bring up a cluster using coreos image for worker nodes. 2015-04-28 16:13:26 -07:00
Dawn Chen 5fa11322f8 Factory out debian e.g. ContainerVM image specific support to its own 
helper utility library.
 2015-04-28 16:07:57 -07:00
Dawn Chen 8963347b9e Introduce MASTER_IMAGE, MINION_IMAGE and OS_DISTRIBUTION to config-default 
for enable coreos and rocket support
 2015-04-28 15:31:09 -07:00
Robert Bailey 8206aa9eac Salt configuration to add basic auth to GCE. 2015-04-28 14:07:54 -07:00
Alex Robinson 566f0d4724 Fix GCE logging scope name. 2015-04-28 13:44:30 -07:00
Alex Robinson 5b5525dca5 Merge pull request #7324 from vishh/log_scope 
Enable logging.write scope for minions.
 2015-04-28 11:00:10 -07:00
Vishnu Kannan 9c66305f8c Enable logging.write scope by default for nodes. This is required for storing events in 
Google Cloud Logging via heapster.
 2015-04-28 10:55:06 -07:00
CJ Cullen 39c5bf363b Merge pull request #7303 from erictune/kube_env3 
kube-proxy uses token to access port 443 of apiserver
 2015-04-27 14:33:53 -07:00
Eric Tune 9044177bb6 Generate a token for kube-proxy. 
Tested on GCE.
Includes untested modifications for AWS and Vagrant.
No changes for any other distros.
Probably will work on other up-to-date providers
but beware.  Symptom would be that service proxying
stops working.

 1. Generates a token kube-proxy in AWS, GCE, and Vagrant setup scripts.
 1. Distributes the token via salt-overlay, and salt to /var/lib/kube-proxy/kubeconfig
 1. Changes kube-proxy args:
   - use the --kubeconfig argument
   - changes --master argument from http://MASTER:7080 to https://MASTER
     - http -> https
     - explicit port 7080 -> implied 443

Possible ways this might break other distros:

Mitigation: there is an default empty kubeconfig file.
If the distro does not populate the salt-overlay, then
it should get the empty, which parses to an empty
object, which, combined with the --master argument,
should still work.

Mitigation:
  - azure: Special case to use 7080 in
  - rackspace: way out of date, so don't care.
  - vsphere: way out of date, so don't care.
  - other distros: not using salt.
 2015-04-27 08:59:57 -07:00
Brian Grant 60d7bad147 Merge pull request #7128 from nikhiljindal/fixbeta1tests 
Removing more references to v1beta1 from pkg/
 2015-04-24 11:07:53 -07:00
Satnam Singh b6bee06c20 Merge pull request #7269 from zmerlynn/lose_one_sanity 
Remove buggy GCE post turn-up cluster validation code (rely on validate-cluster.sh)
 2015-04-24 10:56:20 -07:00
nikhiljindal dcc368c781 Removing more references to v1beta1 from pkg/ 2015-04-24 00:45:17 -07:00
Zach Loafman ad829dead7 Remove buggy GCE post turn-up cluster validation code (rely on validate-cluster.sh) 
Fixes #7266
 2015-04-23 16:28:44 -07:00
Eric Tune e8a83b23d1 Pass KUBELET_TOKEN in kube-env metadata. 
ensure-kube-token is not needed anymore because
the token passed in kube-env.

In the up case it is set, in the push case it is an empty string
but not used.

Allow unset KUBELET_TOKEN (for push case).

Fix comment.
 2015-04-23 15:21:27 -07:00
Wojciech Tyczynski cf824ae5e0 Merge pull request #7164 from fgrzadkowski/fix_wait_minion 
Wait for minion to start even if gcloud command fails.
 2015-04-23 08:21:19 +02:00
Robert Bailey 6951bb0bd5 Fix the restart-apiserver command for GCE/GKE. 2015-04-22 15:21:13 -07:00
Robert Bailey 4346c6ecae Swallow the output from the test ssh connections so that it 
doesn't interfere with string comparison.
 2015-04-22 14:19:15 -07:00
Robert Bailey dc45f7f9e6 Remove nginx and replace basic auth with bearer token auth for GCE. 
- Configure the apiserver to listen securely on 443 instead of 6443.
 - Configure the kubelet to connect to 443 instead of 6443.
 - Update documentation to refer to bearer tokens instead of basic auth.
 2015-04-22 11:11:20 -07:00
Zach Loafman 86468cd29d Revert "Added kube-proxy token." 2015-04-22 10:55:08 -07:00
Zach Loafman 0e3e502d52 Fix unbound variable after #7146 2015-04-22 10:19:53 -07:00
Zach Loafman 42e1710ccf Fix build after #7146 2015-04-22 10:11:19 -07:00
Zach Loafman c9988db0ee Merge pull request #7146 from brendandburns/get-k8s 
Extend the get-cluster.sh script to use sudo if necessary.
 2015-04-22 09:58:07 -07:00
Brendan Burns 42121d1809 Extend the get-cluster.sh script to use sudo if necessary. 2015-04-22 09:52:44 -07:00
Zach Loafman 854c20c5e2 Merge pull request #7113 from erictune/kube-proxy-token 
Added kube-proxy token.
 2015-04-22 09:16:04 -07:00
Filip Grzadkowski 780db9d794 Wait for minion to start even if gcloud command fails. 2015-04-22 16:37:22 +02:00
Brendan Burns 78dabbdb7f Fix the ssh-to-node to actually fail on failures. 2015-04-21 15:27:38 -07:00
Brendan Burns 71e6b05825 Fix kube-apiserver restart. 2015-04-21 15:11:00 -07:00
Brendan Burns 9d715226d6 Fix kube-apiserver restart. 2015-04-21 13:59:26 -07:00
Eric Tune 2ca8a9d15d Added kube-proxy token. 
Generates the new token on AWS, GCE, Vagrant.
Renames instance metadata from "kube-token" to "kubelet-token".
(Is this okay for GKE?)

Having separate tokens for kubelet and kube-proxy permits
using principle of least privilege, makes it easy to
rate limit the clients separately, allows annotation
of apiserver logs with the client identity at a finer grain
than just source-ip.
 2015-04-21 09:21:31 -07:00
Jeff Lowdermilk 196b3d066d Merge pull request #6919 from zmerlynn/sharded-e2e 
Add hack/parallel-e2e.sh to run hack/e2e.go on multiple clusters
 2015-04-20 11:34:18 -07:00
Zach Loafman 68c9191cfc Allow CLUSTER_IP_RANGE/MINION_IP_RANGE to be overridden by KUBE_GCE_CLUSTER_CLASS_B 2015-04-20 11:17:21 -07:00
Jeff Lowdermilk 4f6dc99075 Generate kubeconfig for all providers in cluster/ that use auth 2015-04-20 11:07:35 -07:00
Robert Bailey eb1ea26995 Merge pull request #7012 from jlowdermilk/export-kubeconfig 
export KUBECONFIG so callers of common.sh functions can use it
 2015-04-17 16:37:10 -07:00
Jeff Lowdermilk 1c265f3784 export KUBECONFIG so callers of common.sh functions can use it 2015-04-17 16:22:07 -07:00
Brian Grant 2775b9e0de Merge pull request #6998 from zmerlynn/make_reboot_work 
Make reboots work on GCE/GKE
 2015-04-17 16:10:32 -07:00
Zach Loafman bcb63642b8 Make reboots work on GCE/GKE 
* Fixes an issue where salt-minion would actually come up after reboot
(upstart is horrible obnoxious)
* Caches .deb downloads
* Handles PD remount on reboot correctly
* Notes a future optimization

Fixes #5666
 2015-04-17 12:12:00 -07:00
Zach Loafman aca8452a21 Merge pull request #6994 from cjcullen/staticip 
Reserve Master IP before creating Master VM
 2015-04-17 11:48:48 -07:00
CJ Cullen 6a3c809833 Reserve Master IP before creating Master VM. 2015-04-17 11:36:00 -07:00
Zach Loafman 05d8e96cd4 Push the configure-vm.sh script when we push metadata 
This is needed when we upgrade (and useful when you're trying to
change the startup script for reboots).

Along the way: allow add-instance-metadata[-from-file] to take a
variable number of KVs.
 2015-04-17 11:27:48 -07:00
Jeff Lowdermilk 2a8291a67e Retry Move KUBECONFIG to common.sh, change default to new location 2015-04-17 10:33:12 -07:00
Robert Bailey 723f2941e8 Revert "Move KUBECONFIG into common.sh, change default to new location" 2015-04-16 22:17:11 -07:00
Jeff Lowdermilk 5ce9b07cbe Move KUBECONFIG declaration into common.sh, change default to new location 2015-04-16 19:23:35 -07:00
Wojciech Tyczynski 4094505f84 Enable configuring size of minion disk 2015-04-15 11:19:43 +02:00
Brendan Burns 5df4d927b9 We have had user reports that look like hash conflicts. Expand the has to 10 digits. 2015-04-08 21:51:50 -07:00
Rohit Jnagal 13b805fe1e Merge pull request #6504 from ghodss/gce-customize-minion-size 
Make minion disk size in GCE kube-up customizable
 2015-04-07 08:36:43 -07:00
Sam Ghods 6ec32bf16c Make minion disk size in GCE kube-up customizable 2015-04-06 21:47:45 -07:00
Fabio Yeon fd7db14df0 Add local file option to "upgrade.sh". 2015-04-06 16:30:15 -07:00
Zach Loafman 616c6be653 Refactor the "gcloud compute instances create" call as well. 2015-04-06 08:35:02 -07:00
Zach Loafman 9e5fd874cc First hack at upgrade script for GCE: 
Address #6075: Shoot the master VM while saving the master-pd. This
takes a couple of minor changes to configure-vm.sh, some of which also
would be necessary for reboot. In particular, I changed it so that the
kube-token instance metadata is no longer required after inception;
instead, we mount the master-pd and see if we've already created the
known tokens file before blocking on the instance metadata.

Also partially addresses #6099 in bash by refactoring the kube-push
path.
 2015-04-05 11:42:34 -07:00
Filip Grzadkowski 0ffabfa9f7 Add ability to set master/minion size for GCE using envvar. 2015-04-03 11:36:05 +02:00
Eric Tune 59daeabaee Make secrets at cluster startup. 
These secrets will be used in subsequent PRs by:
scheduler, controller-manager, monitoring services,
logging services, and skydns.

Each of these services will then be able to stop using kubernetes-ro
or host networking.
 2015-04-02 15:58:45 -07:00
CJ Cullen 5e6e67ba59 Add an alternative TokenSource to the GCE CloudProvider. 2015-04-01 17:52:30 -07:00
Jeff Lowdermilk ce72839153 Merge pull request #6329 from mbforbes/fixUp 
Fix pod that's looked for on kube up.
 2015-04-01 17:51:37 -07:00
Alex Robinson 4f9b1c486f Don't ever give up on retrying downloads in the GCE download-or-bust function. 2015-04-02 00:40:19 +00:00
Max Forbes 152a461f39 Fix pod that's looked for on kube up. 2015-04-01 17:28:04 -07:00
Jeff Grafton 0d382c03fc Add missing } to fix cluster/gce/util.sh 2015-03-31 14:03:18 -07:00
Robert Bailey fe00f7abd0 Merge pull request #6168 from brendandburns/docs 
Auto-install gcloud and needed components, if necessary
 2015-03-31 13:55:46 -07:00
Zach Loafman 6c219885e0 s/apiservers/api_servers/ in Salt 
It looks like api_servers finally won this battle. Kill off the
last remaining places passing it, but allow the kubelet Salt to
accept apiservers for a period of time.

(This was bothering my OCD.)
 2015-03-31 12:29:46 -07:00
Brendan Burns 98cdf04189 Auto-install gcloud if needed. 2015-03-31 12:10:35 -07:00
Victor Marmol 0c75f26a74 Merge pull request #6148 from zmerlynn/brctl_complaint 
Fix "brctl: invalid command" message appearing in startup logs
 2015-03-30 08:01:30 -07:00
Zach Loafman b3636bba34 Fix "brctl: invalid command" message appearing in startup logs 
We were actually failing to call brctl in configure-vm.sh. I finally
tracked it down to the attempt to delete the docker0 bridge. This
particular package was getting installed later by Salt anyways, so
all this PR is doing is moving the package install up from Salt to
bash.

Also adds some minor logging.
 2015-03-29 18:30:33 -07:00
Zach Loafman 708553f0bb GCE node salt: Use the master FQDN, not the master IP 
This will allow us to upgrade the master by full re-provision, without
even bothering to reserve the IP.
 2015-03-28 13:44:45 -07:00
Daniel Smith 525bbfd175 Merge pull request #6103 from zmerlynn/remove_gce_node_names 
Remove the --machines SaltStack configuration on GCE
 2015-03-27 17:55:16 -07:00
Zach Loafman 68ccb97907 Remove the --machines SaltStack configuration on GCE 
Per https://github.com/GoogleCloudPlatform/kubernetes/issues/6072#issuecomment-87074456, this is no longer necessary.
We now no longer need a static node list. Woo!
 2015-03-27 14:44:19 -07:00
Brendan Burns 6fd376a04f Fix the scripts to optionally skip prompts and also return successfully no matter what. 2015-03-27 13:53:26 -07:00
Brendan Burns 1aa2b97792 Revert "Revert "Update gce starting guide to use get.k8s.io"" 
This reverts commit b369f2b48f.
 2015-03-27 13:46:28 -07:00
Zach Loafman b369f2b48f Revert "Update gce starting guide to use get.k8s.io" 2015-03-26 19:36:25 -07:00
Brendan Burns 61b624457d Update gce starting guide to use get.k8s.io 
Also auto install gcloud if it's not present.
 2015-03-26 16:08:56 -07:00
Max Forbes ddb0a70481 Fix tiny salt logging line. 2015-03-26 14:37:51 -07:00
Brendan Burns eea09ddfbb Fix the date command to work on OS X 2015-03-26 13:48:59 -07:00
Zach Loafman ed567736ea Retry apt operations to death 
Nodes are probably broken if update or install fails. Don't proceed
if we can't get past these. Also, instead of ignoring the error off
dpkg, use --force depends, which changes the errors to be kinder
warnings for anyone looking through the logs.
 2015-03-24 16:11:40 -07:00
derekwaynecarr ee53dfc741 Turn on namespace lifecycle plug-in 2015-03-24 10:36:06 -04:00
Robert Bailey c3189657b6 Bump the default boot disk size for GCE from 10GB to 100GB so that there is 
more space to store containers and image layers.
 2015-03-20 13:06:35 -07:00
Zach Loafman 407d1fec45 Both @satnam6502 and E2E tests confirm: This code is no longer needed 
Deletion is wonderful. The only weird thing was where to put the
message about the proxy URLs. Satnam suggested kubectl clusterinfo,
which seemed like a good option to put at the end of cluster turn-up.
 2015-03-19 22:23:11 -07:00
Zach Loafman 57cd8165b0 Ensure salt-minion never starts by setting invoke-rc.d policy using 
the /usr/sbin/policy-rc.d script and returning 101, per
https://people.debian.org/~hmh/invokerc.d-policyrc.d-specification.txt,
but only for the window while we're installing Salt.

This is a much more fool-proof method than what I was attempting
before. I hunted for how to do this before and clearly failed at my
Google-fu.

Fixes #5621
 2015-03-18 16:15:24 -07:00
Vish Kannan b6e7f470cb Merge pull request #5576 from vmarmol/auth 
Add monitoring scope to default GCE config.
 2015-03-17 17:22:52 -07:00
Victor Marmol 8e2dc04da8 Add monitoring scope to default GCE config. 
This will allow Heapster to run GCM-based monitoring on the nodes.
 2015-03-17 17:02:10 -07:00
Dawn Chen dce75998d0 Upgrade to container-vm-20150315 2015-03-17 16:10:39 -07:00
Zach Loafman f2de7b4dcc Add --can-ip-forward to master instance 
Another piece missing in
https://github.com/GoogleCloudPlatform/kubernetes/pull/5390. The
master should have --can-ip-forward if you're routing to it.
 2015-03-13 15:17:07 -07:00
Filipe Brandenburger 0948cb745f Merge pull request #5454 from jlowdermilk/get-password 
Make get-password robust against invalid kubeconfig entries
 2015-03-13 13:40:55 -07:00
Jeff Lowdermilk 8fef6fb343 Make get-password robust against invalid kubeconfig entries 2015-03-13 13:26:47 -07:00
Jeff Lowdermilk 9b55e1f176 Delete master route on kube-down 2015-03-13 11:00:19 -07:00
Satnam Singh dfb9f2aa17 Revert "Revert "Actually update binaries during kube-push"" 2015-03-12 18:04:36 -07:00
Satnam Singh bb2c3037e0 Revert "Actually update binaries during kube-push" 2015-03-12 17:09:50 -07:00
Satnam Singh c3951d7cf6 Merge pull request #5415 from zmerlynn/fix_binary_push 
Actually update binaries during kube-push
 2015-03-12 16:51:28 -07:00