github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
k3s/cluster/addons
History
Kubernetes Submit Queue 7cadcd0558 Merge pull request #53993 from JonPulsifer/typha-rbac 
Automatic merge from submit-queue (batch tested with PRs 53946, 53993, 54315, 54143, 54532). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

RBAC for Calico Typha Horizontal Autoscaler

**What this PR does / why we need it**:

On v1.8.0-gke.1 I noticed a number of RBAC failures for `default` in kube-system. Turns out the only container missing the serviceAccountName was the typha-horizontal-autoscaler.

**Special notes for your reviewer**:

cc @caseydavenport seems like this is up your alley 

**Release note**:

```release-note
NONE
```
 		2017-10-25 21:20:29 -07:00
..
addon-manager use more-specific arm64v8 instead of deprecated aarch64 organization 2017-08-21 10:18:19 +08:00
calico-policy-controller RBAC for Calico Typha Horizontal Autoscaler 2017-10-16 13:47:41 -04:00
cluster-loadbalancing Update OWNERS files for networking components 2017-08-03 11:08:54 -07:00
cluster-monitoring Update influxdb and grafana controller to latest version 2017-10-02 16:16:28 +08:00
dashboard update dashboard image version 2017-07-31 11:08:08 +08:00
dns Update kube-dns 1.14.7 2017-10-23 14:37:13 -07:00
dns-horizontal-autoscaler Merge kube-dns-autoscaler templates into a single file 2017-10-03 09:43:57 -07:00
etcd-empty-dir-cleanup make all static system pods critical 2017-06-12 15:22:04 -07:00
fluentd-elasticsearch update BUILD files 2017-10-15 18:18:13 -07:00
fluentd-gcp Update fluentd-gcp DaemonSet 2017-10-25 13:11:35 -07:00
ip-masq-agent Update OWNERS files for networking components 2017-08-03 11:08:54 -07:00
kube-proxy Merge pull request #52003 from vfreex/mount-lib-modules 2017-10-25 11:38:36 -07:00
metadata-proxy Merge pull request #50647 from ihmccreery/fix-cve-2016-9063 2017-09-04 13:03:54 -07:00
metrics-server Autoscaler metrics-server with pod-nanny 2017-10-06 14:40:55 +02:00
node-problem-detector update related files 2017-08-24 17:49:18 +08:00
podsecuritypolicies default policy 2016-05-11 18:07:36 -04:00
python-image Always --pull in docker build to ensure recent base images 2017-01-10 16:21:05 -08:00
rbac update to rbac v1 in yaml file 2017-08-21 17:29:37 +08:00
registry fix invalid url link 2017-08-24 18:50:14 +08:00
storage-class [addon/storage-class] update storageclass groupversion in storage-class 2017-10-22 19:50:47 +08:00
BUILD Run hack/update-bazel.sh to generate BUILD files 2017-08-02 18:33:25 -07:00
README.md Updated cluster/addons readme to match and point to docs 2017-10-18 10:36:24 -04:00

README.md

Legacy Cluster add-ons

For more information on add-ons see the documentation.

Overview

Cluster add-ons are resources like Services and Deployments (with pods) that are shipped with the Kubernetes binaries and are considered an inherent part of the Kubernetes clusters.

There are currently two classes of add-ons:

  • Add-ons that will be reconciled.
  • Add-ons that will be created if they don't exist.

More details could be found in addon-manager/README.md.

Cooperating Horizontal / Vertical Auto-Scaling with "reconcile class addons"

"Reconcile" class addons will be periodically reconciled to the original state given by the initial config. In order to make Horizontal / Vertical Auto-scaling functional, the related fields in config should be left unset. More specifically, leave replicas in ReplicationController / Deployment / ReplicaSet unset for Horizontal Scaling, leave resources for container unset for Vertical Scaling. The periodic reconcile won't clobbered these fields, hence they could be managed by Horizontal / Vertical Auto-scaler.

Add-on naming

The suggested naming for most of the resources is <basename> (with no version number). Though resources like Pod, ReplicationController and DaemonSet are exceptional. It would be hard to update Pod because many fields in Pod are immutable. For ReplicationController and DaemonSet, in-place update may not trigger the underlying pods to be re-created. You probably need to change their names during update to trigger a complete deletion and creation.

Analytics