github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
k3s/federation
History
Kubernetes Submit Queue 1f4e2efc5b Merge pull request #41184 from liggitt/subject-apigroup 
Automatic merge from submit-queue (batch tested with PRs 41357, 41178, 41280, 41184, 41278)

Switch RBAC subject apiVersion to apiGroup in v1beta1

Referencing a subject from an RBAC role binding, the API group and kind of the subject is needed to fully-qualify the reference.

The version is not, and adds complexity around re-writing the reference when returning the binding from different versions of the API, and when reconciling subjects.

This PR:
* v1beta1: change the subject `apiVersion` field to `apiGroup` (to match roleRef)
* v1alpha1: convert apiVersion to apiGroup for backwards compatibility
* all versions: add defaulting for the three allowed subject kinds
* all versions: add validation to the field so we can count on the data in etcd being good until we decide to relax the apiGroup restriction

```release-note
RBAC `v1beta1` RoleBinding/ClusterRoleBinding subjects changed `apiVersion` to `apiGroup` to fully-qualify a subject. ServiceAccount subjects default to an apiGroup of `""`, User and Group subjects default to an apiGroup of `"rbac.authorization.k8s.io"`.
```

@deads2k @kubernetes/sig-auth-api-reviews @kubernetes/sig-auth-pr-reviews
 		2017-02-13 21:07:10 -08:00
..
apis Merge pull request #39928 from humblec/iscsi-multipath-backuptp 2017-02-13 12:18:55 -08:00
client Regenerate clients 2017-01-31 11:16:27 -05:00
cluster Merge pull request #40919 from shashidharatd/fed-e2e-1 2017-02-08 01:47:44 -08:00
cmd Merge pull request #41334 from deads2k/agg-07-snip-cli 2017-02-13 12:19:03 -08:00
deploy
develop Default the version to the information in federation versions file if $KUBERNETES_RELEASE isn't set. 2017-02-07 16:50:53 -08:00
docs/api-reference Init containers in GA - generated code 2017-02-03 01:08:25 +01:00
manifests Remove federated-image.tag from the .gitignore file. 2017-01-20 00:58:42 -08:00
pkg Merge pull request #41184 from liggitt/subject-apigroup 2017-02-13 21:07:10 -08:00
registry/cluster Update generated files 2017-02-03 08:15:46 +01:00
BUILD Build release tarballs in bazel and add `make bazel-release` rule 2017-01-13 16:17:44 -08:00
Makefile
OWNERS Propose adding quinton-hoole to federation/OWNERS 2017-01-24 17:13:16 -08:00
README.md

README.md

Cluster Federation

Kubernetes Cluster Federation enables users to federate multiple Kubernetes clusters. Please see the user guide and the admin guide for more details about setting up and using the Cluster Federation.

Building Kubernetes Cluster Federation

Please see the Kubernetes Development Guide for initial setup. Once you have the development environment setup as explained in that guide, you also need to install jq

Building cluster federation artifacts should be as simple as running:

make build

You can specify the docker registry to tag the image using the KUBE_REGISTRY environment variable. Please make sure that you use the same value in all the subsequent commands.

To push the built docker images to the registry, run:

make push

To initialize the deployment run:

(This pulls the installer images)

make init

To deploy the clusters and install the federation components, edit the ${KUBE_ROOT}/_output/federation/config.json file to describe your clusters and run:

make deploy

To turn down the federation components and tear down the clusters run:

make destroy

Ideas for improvement

  1. Continue with destroy phase even in the face of errors.

    The bash script sets set -e errexit which causes the script to exit at the very first error. This should be the default mode for deploying components but not for destroying/cleanup.

Analytics