ec434662bd
Automatic merge from submit-queue (batch tested with PRs 64503, 64903, 64643, 64987). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Create system:cluster-autoscaler account & role and introduce it to C… **What this PR does / why we need it**: This PR adds cluster-autoscaler ClusterRole & binding, to be used by the Cluster Autoscaler (kubernetes/autoscaler repository). It also updates GCE scripts to make CA use the cluster-autoscaler user account. User account instead of Service account is chosen to be more in line with kube-scheduler. **Which issue(s) this PR fixes**: Fixes [issue 383](https://github.com/kubernetes/autoscaler/issues/383) from kubernetes/autoscaler. **Special notes for your reviewer**: This PR might be treated as a security fix since prior to it CA on GCE was using system:cluster-admin account, assumed due to default handling of unsecured & unauthenticated traffic over plain HTTP. **Release note**: ```release-note A cluster-autoscaler ClusterRole is added to cover only the functionality required by Cluster Autoscaler and avoid abusing system:cluster-admin role. action required: Cloud providers other than GCE might want to update their deployments or sample yaml files to reuse the role created via add-on. ``` |
||
|---|---|---|
| .. | ||
| addon-manager | ||
| calico-policy-controller | ||
| cluster-loadbalancing | ||
| cluster-monitoring | ||
| dashboard | ||
| device-plugins/nvidia-gpu | ||
| dns | ||
| dns-horizontal-autoscaler | ||
| fluentd-elasticsearch | ||
| fluentd-gcp | ||
| ip-masq-agent | ||
| istio | ||
| kube-proxy | ||
| metadata-agent | ||
| metadata-proxy | ||
| metrics-server | ||
| node-problem-detector | ||
| prometheus | ||
| python-image | ||
| rbac | ||
| storage-class | ||
| BUILD | ||
| README.md | ||
README.md
Legacy Cluster add-ons
For more information on add-ons see the documentation.
Overview
Cluster add-ons are resources like Services and Deployments (with pods) that are shipped with the Kubernetes binaries and are considered an inherent part of the Kubernetes clusters.
There are currently two classes of add-ons:
- Add-ons that will be reconciled.
- Add-ons that will be created if they don't exist.
More details could be found in addon-manager/README.md.
Cooperating Horizontal / Vertical Auto-Scaling with "reconcile class addons"
"Reconcile" class addons will be periodically reconciled to the original state given
by the initial config. In order to make Horizontal / Vertical Auto-scaling functional,
the related fields in config should be left unset. More specifically, leave replicas
in ReplicationController / Deployment / ReplicaSet unset for Horizontal Scaling,
leave resources for container unset for Vertical Scaling. The periodic reconcile
won't clobbered these fields, hence they could be managed by Horizontal / Vertical
Auto-scaler.
Add-on naming
The suggested naming for most of the resources is <basename> (with no version number).
Though resources like Pod, ReplicationController and DaemonSet are exceptional.
It would be hard to update Pod because many fields in Pod are immutable. For
ReplicationController and DaemonSet, in-place update may not trigger the underlying
pods to be re-created. You probably need to change their names during update to trigger
a complete deletion and creation.