Commit Graph

38 Commits

Author SHA1 Message Date
Antoni Zawodny
a8fb0cab49 Add a possibility of setting GODEBUG env var for kube-apiserver binary 2022-08-18 11:19:52 +02:00
Jordan Liggitt
548c339867 Clean up unused exec auth from cluster setup 2022-03-19 10:47:38 -04:00
ialidzhikov
bdbc750129 apiserver: Remove the deprecated --target-ram-mb flag
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>
2022-03-02 18:52:46 +02:00
Kubernetes Prow Robot
7bffb3b2ca
Merge pull request #106241 from jdnurme/cloud-provider-env-var
Added env variable for cloud-provider
2022-02-07 20:40:53 -08:00
JD Nurme
30fabbc0cb updated flag name 2022-01-06 19:51:17 +00:00
Kubernetes Prow Robot
b90b2d963d
Merge pull request #103078 from pacoxu/api-audiences
kube-apiserver: use --api-audiences as --service-account-api-audiences is deprecated
2022-01-05 12:49:47 -08:00
Jian Zeng
fe448785b5 fix: remove insecure flag from configure-kubeapiserver.sh
Signed-off-by: Jian Zeng <anonymousknight96@gmail.com>
2021-12-09 15:06:52 +08:00
JD Nurme
4a9703a219 Added env variable for cloud-provider 2021-11-09 00:45:34 +00:00
pacoxu
f05f30943d kube-apiserver in gce: use --api-audiences as --service-account-api-audiences is deprecated
Signed-off-by: pacoxu <paco.xu@daocloud.io>
2021-06-22 11:09:46 +08:00
David Eads
ae603a38bc remove -ssh-user from cluster scripts for GCE 2021-06-03 17:53:09 -04:00
Vinayak Goyal
487583bd0a Recursive chown the /etc/srv/sshproxy if kube-apiserver is running as non root. This way if a key already exists we will be able to read it. 2021-05-05 15:23:04 -07:00
Kubernetes Prow Robot
46b0ad1327
Merge pull request #101207 from vinayakankugoyal/sshproxy
If kube-apiserver is running as non-root then set the permissions of …
2021-04-19 17:24:33 -07:00
Vinayak Goyal
94e34da471 If kube-apiserver is running as non-root then set the permissions of /etc/srv/sshproxy accordingly. 2021-04-19 13:16:06 -07:00
Kubernetes Prow Robot
7ecd93ea1e
Merge pull request #100764 from benhxy/tls
Use GKE specific configuration for kube-apiserver SNI cert
2021-04-15 19:52:22 -07:00
Ben Hu
ccb742c43c Resolve comments. Remove kubeconfig changes. 2021-04-12 22:39:53 +00:00
Ben Hu
a2d094797d Use GKE specific configuration in startup scripts in GKE deployment. 2021-04-02 00:10:53 +00:00
Vinayak Goyal
4b3271a542 Fix kube-apiserver manifest. 2021-03-21 16:24:56 -07:00
Vinayak Goyal
c63ff05e6d Run kube-apiserver as non-root. 2021-02-22 20:48:16 -08:00
Ben Hu
624b214481 Configure --tls-cipher-suites on kube-apiserver. 2021-01-06 00:31:39 +00:00
Jordan Liggitt
8820dc4522 Revert "iAdd host IP to etcd listen client URLs."
This reverts commit 8b4e164a78.
2020-12-08 11:37:13 -05:00
Ben Hu
8416c5cc51 Use host IP instead of 127.0.0.1 for kube-apiserver healthcheck. 2020-10-27 16:25:27 +00:00
Jefftree
0e5d057755 Rename flags 2020-10-22 08:43:28 -07:00
Jefftree
ed52ad3f25 Add SETUP_KONNECTIVITY_SERVICE flag 2020-10-22 08:43:28 -07:00
Jefftree
7820b05467 Separate network proxy flag for apiserver egress and starting pods 2020-10-22 08:43:27 -07:00
Ben Hu
8b4e164a78 iAdd host IP to etcd listen client URLs.
Allow kube-apiserver to use host IP to connect to etcd.
Update etcd/migrate to allow additional client listening URLs.
2020-10-20 16:43:52 +00:00
Joseph Anttila Hall
2f318bdd57 API server: fix default_konnectivity_socket_path typo.
Make it consistent with configure-helper.sh
2020-10-08 13:19:05 -07:00
Jordan Liggitt
a36aa9c31e Stop enabling alpha runtimeclass API 2020-06-25 20:29:11 -04:00
Samuel Davidson
31ae200ebf fix for missing kube-env var in SNI config 2020-06-22 13:33:42 -07:00
Samuel Davidson
3958ecb5c7 Fix to configure-kubeapiserver.sh error.
It no no longer errors and exits if
env-var OLD_LOAD_BALANCER_IP is undefined.
2020-06-15 11:42:05 -07:00
Kubernetes Prow Robot
52358fe010
Merge pull request #91228 from sambdavidson/iprotflags
Add SNI flags usage to configure-*.sh
2020-05-20 19:41:30 -07:00
Samuel Davidson
20b37d6c5a Add IP rotation flags and env-vars to configure-*.sh 2020-05-20 13:07:37 -07:00
Jacek Kaniuk
57caa27b8d Do not add kube-apiserver performance flags if already set 2020-05-20 19:05:16 +02:00
Yuwen Ma
1aa67fc525
Switch core master base images from debian to distroless
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2020-05-09 06:55:00 -04:00
Samuel Davidson
c70cd1e82f Changed readonly to true and type to File for authn/authz config. 2020-03-25 17:45:27 -07:00
Monis Khan
df292749c9
Remove support for basic authentication
This change removes support for basic authn in v1.19 via the
--basic-auth-file flag.  This functionality was deprecated in v1.16
in response to ATR-K8S-002: Non-constant time password comparison.

Similar functionality is available via the --token-auth-file flag
for development purposes.

Signed-off-by: Monis Khan <mok@vmware.com>
2020-03-11 20:55:47 -04:00
Jefftree
725d2b6a8f Network Proxy: GRPC + HTTP Connect with UDS 2020-02-20 10:19:37 -08:00
immutablet
f7bd5455fe Isolate configuration of etcd related parameters into a separate function. 2019-11-04 13:55:31 -08:00
immutablet
b6b55519ca Isolate the logic related to the configuration of kube-apiserver into a separate script. 2019-10-11 11:34:09 -07:00