k3s/cmd at 39d9fa60e85ee606e276d6f4506b791fe71768bf - k3s

History

Kubernetes Submit Queue d37460147e Merge pull request #60728 from stealthybox/59766-kubeadm_selfhosted_etcd_tls Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Add mTLS to kubeadm etcd liveness probe. What this PR does / why we need it: We switched etcd over to using mTLS, but the liveness probe is still using http. Disabling the liveness probe allows etcd to continue operating. The real fix isn't simple, because we need to generate a client certificate for healthchecking and update the probe to exec `etcdctl` like so: https://sourcegraph.com/github.com/coreos/etcd-operator/-/blob/pkg/util/k8sutil/pod_util.go#L71-89 ~Working on patching this now.~ This PR now generates the healthcheck identity and updates the liveness probe to use it. Which issue(s) this PR fixes Fixes #59766 Fixes kubernetes/kubeadm#720 Special notes for your reviewer: We should generate a client cert specifically for etcd health checks so that the apiserver certs can be revoked independently. This will be stored in `/etc/kubernetes/pki/etcd/` so that we don't have to change the pod's hostMount. Release note: ```release-note NONE ```		2018-03-05 10:12:28 -08:00
..
clicheck	Autogenerated: hack/update-bazel.sh	2018-02-16 13:43:01 -08:00
cloud-controller-manager	Merge pull request #60291 from hzxuzhonghu/cloud-cm-use-healthz	2018-02-28 03:37:37 -08:00
controller-manager	run update bazel	2018-02-28 17:25:03 +08:00
gendocs	Autogenerated: hack/update-bazel.sh	2018-02-16 13:43:01 -08:00
genkubedocs	Autogenerated: hack/update-bazel.sh	2018-02-16 13:43:01 -08:00
genman	Autogenerated: hack/update-bazel.sh	2018-02-16 13:43:01 -08:00
genswaggertypedocs	Autogenerated: hack/update-bazel.sh	2018-02-16 13:43:01 -08:00
genutils	Autogenerated: hack/update-bazel.sh	2018-02-16 13:43:01 -08:00
genyaml	Autogenerated: hack/update-bazel.sh	2018-02-16 13:43:01 -08:00
hyperkube	Autogenerated: hack/update-bazel.sh	2018-02-16 13:43:01 -08:00
importverifier	Autogenerated: hack/update-bazel.sh	2018-02-16 13:43:01 -08:00
kube-apiserver	Merge pull request #60237 from crassirostris/audit-use-buffered-backend	2018-03-01 11:42:48 -08:00
kube-controller-manager	Merge pull request #60291 from hzxuzhonghu/cloud-cm-use-healthz	2018-02-28 03:37:37 -08:00
kube-proxy	Move linux-only getProxyMode tests to a linux-only file.	2018-02-27 13:53:32 -08:00
kube-scheduler	Temporary fix for LeaderElect for kube-scheduler	2018-02-27 21:20:47 +00:00
kubeadm	Merge pull request #60728 from stealthybox/59766-kubeadm_selfhosted_etcd_tls	2018-03-05 10:12:28 -08:00
kubectl	auth: reregister auth providers	2018-02-26 09:08:41 -08:00
kubelet	kubelet: notify systemd that kubelet has started	2018-03-02 10:59:53 -06:00
kubemark	Autogenerated: hack/update-bazel.sh	2018-02-16 13:43:01 -08:00
linkcheck	Autogenerated: hack/update-bazel.sh	2018-02-16 13:43:01 -08:00
BUILD	gke-certificates-controller: rm -rf	2018-02-15 12:01:00 -08:00
OWNERS	Updated top level owners file to match new format	2017-01-19 11:29:16 -08:00