Commit Graph

1333 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
1f756e4a37
Merge pull request #92669 from Jefftree/netproxy-configure-helper
Separate network proxy flag for apiserver egress and starting pods
2020-10-23 16:47:00 -07:00
Vinayak Goyal
83c1ce0225 Grant group KUBE_POD_LOG_READERS_GROUP access to read pod logs on gke control-plane. 2020-10-23 12:14:26 -07:00
Rahul Joshi
889446810c Add configuration options to specify --detect-local-mode on kube-proxy. 2020-10-23 12:12:59 -07:00
Kubernetes Prow Robot
1257bc5acb
Merge pull request #91474 from cici37/pkgController
Cleanup CCM dependencies
2020-10-22 23:17:45 -07:00
Kubernetes Prow Robot
e850fa6a6c
Merge pull request #95209 from benhxy/gke/kubeconfig
Use host IP instead of localhost for GKE control plane kubeconfig
2020-10-22 22:15:49 -07:00
Jefftree
0e5d057755 Rename flags 2020-10-22 08:43:28 -07:00
Jefftree
ed52ad3f25 Add SETUP_KONNECTIVITY_SERVICE flag 2020-10-22 08:43:28 -07:00
Jefftree
7820b05467 Separate network proxy flag for apiserver egress and starting pods 2020-10-22 08:43:27 -07:00
Jakub Tużnik
236ade027b Properly quote flags passed to Cluster Autoscaler
In the current implementation, the flags are not put between quotes,
and so the Cluster Autoscaler manifest doesn't parse as valid JSON.
2020-10-22 15:10:39 +02:00
Daniel Gutowski
6c8b1ab266 Fix default values for logrotate in /var/log/ 2020-10-21 09:18:32 +00:00
Ben Hu
49afcfa5f2 Use host IP instead of localhost for control plane component kubeconfig files.
This is a part of work to allow control plane components to be moved off hostNetwork.
2020-10-20 22:47:33 +00:00
Ben Hu
8b4e164a78 iAdd host IP to etcd listen client URLs.
Allow kube-apiserver to use host IP to connect to etcd.
Update etcd/migrate to allow additional client listening URLs.
2020-10-20 16:43:52 +00:00
cici37
95acec5a3b Move client_builder to k8s.io/controller-manager 2020-10-19 14:48:22 -07:00
jayunit100
aefe930562 support multiple bind records (fie nodelocaldns test regression), by
first replacing PILLAR_ and then replacing other vars.
2020-10-16 14:28:55 -04:00
Kubernetes Prow Robot
c1e5e6a556
Merge pull request #93836 from jayunit100/salt_cleanup_92835
remove __pillar__ refs
2020-10-11 17:58:47 -07:00
Kubernetes Prow Robot
33fd5552bb
Merge pull request #95418 from vinayakankugoyal/pki
Update write-pki-data to give read permissions to KUBE_PKI_READERS_GR…
2020-10-09 18:08:47 -07:00
Kubernetes Prow Robot
4fbf5df52b
Merge pull request #95388 from ii/policy
Enable Logging of event requests to audit log in cluster/gce/gci/configure-helper.sh
2020-10-09 14:08:48 -07:00
Hippie Hacker
b1e3a2ac7a Clarify that we don't audit events due to performance impact 2020-10-09 13:30:20 +13:00
Vinayak Goyal
7cbe8070bc Update write-pki-data to give read permissions to KUBE_PKI_READERS_GROUP, for components running as non-root to be able to read the credentials. 2020-10-08 16:25:43 -07:00
Joseph Anttila Hall
2f318bdd57 API server: fix default_konnectivity_socket_path typo.
Make it consistent with configure-helper.sh
2020-10-08 13:19:05 -07:00
Shihang Zhang
e0dcfbf9c2 make download-or-bust compatible with both sha512/sha1 2020-10-06 15:16:26 -07:00
Kubernetes Prow Robot
446da13de1
Merge pull request #94975 from zshihang/hash
replace sha1 with sha512
2020-10-06 13:00:42 -07:00
Karan Goel
f707db32cc Send node startup scripts to console and journal 2020-10-05 13:25:28 -07:00
Mike Danese
cc5b12cdff gce: redirect handshake server requests to metadata-concealment too 2020-09-25 17:50:53 -07:00
Shihang Zhang
e99dbbde62 replace sha1 with sha512 2020-09-23 11:27:20 -07:00
Varun Marupadi
04a51cac17 Allow the lifecycle of kube-proxy to be managed independently of the startup scripts for GCE
Introduces a new env variable KUBE_PROXY_DISABLE which causes the configure scripts to skip over
the creation of both static pods as well as daemonset addons for kube-proxy.
When false, the behavior falls back to the default today, which is to rely on the value of
KUBE_PROXY_DAEMONSET to decide whether to start static pods on the nodes or an addon on the
master.
2020-09-22 20:37:35 -07:00
Kubernetes Prow Robot
6b39cdf376
Merge pull request #93305 from alculquicondor/lssd-ephemeral
Mount kubelet and container runtime rootdir on LSSD
2020-09-22 12:22:06 -07:00
Kubernetes Prow Robot
dbaaed3592
Merge pull request #92140 from ash2k/ash2k/fix-error-check
Fix error check logic in test
2020-09-22 12:21:38 -07:00
Aldo Culquicondor
2ae4eeb3ea Mount kubelet and container runtime rootdir on LSSD
When environment variable NODE_LOCAL_SSD_EPHEMERAL=true,
create a RAID 0 array on all attached SSDs to mount:

- kubelet root dir
- container runtime root dir
- pod logs dir

Those directories account for all ephemeral storage.
An array is not created when there is only one SSD.

Change-Id: I22137f1d83fc19e9ef58a556d7461da43e4ab9bd
Signed-off-by: Aldo Culquicondor <acondor@google.com>
2020-09-14 14:32:28 -04:00
David Eads
c7911a384c remove pod presets 2020-09-14 09:24:40 -04:00
Kubernetes Prow Robot
0627c35411
Merge pull request #93781 from kisieland/allow-to-switch-off-logrotate
Disable log rotation of kubernetes and pod logs
2020-09-10 16:10:14 -07:00
Daniel Gutowski
adf7ed4241 Allow to disable logrotation of kubernetes and pod logs
Make logrotate disabled by default
2020-09-03 11:21:44 +00:00
Shihang Zhang
38f040c0a8 bind metadata proxy to 0.0.0.0 2020-09-01 18:34:02 -07:00
Stephen Augustus
e59d9f372d Update CNI plugins to v0.8.7
ref: https://github.com/containernetworking/plugins/releases/tag/v0.8.7

Signed-off-by: Stephen Augustus <saugustus@vmware.com>
2020-08-31 09:01:07 -04:00
jay vyas
1693c111be Getting rid of the Salt DNS replacements, addded / back. 2020-08-30 09:11:27 +00:00
Kubernetes Prow Robot
b02b84870c
Merge pull request #94307 from xmudrii/update-cri-tools
Update cri-tools to v1.19.0
2020-08-28 10:40:03 -07:00
Kubernetes Prow Robot
a9d1482710
Merge pull request #93311 from logicalhan/monitoring-role
Add bootstrap policy for monitoring endpoints
2020-08-28 06:36:52 -07:00
Marko Mudrinić
084bc9db43
Update cri-tools to v1.19.0 2020-08-28 15:34:42 +02:00
Kubernetes Prow Robot
fd20de89d9
Merge pull request #90433 from joakimr-axis/joakimr-axis_configure-helper.sh
Fix shellcheck w/e in cluster/gce/gci/configure-helper.sh
2020-08-27 19:05:47 -07:00
Han Kang
f57611970c add bootstrap policy for monitoring roles
(we enable metrics and pprof by default, but that doesn't mean
 we should have full cluster-admin access to use those endpoints)

Change-Id: I20cf1a0c817ffe3b7fb8e5d3967f804dc063ab03

remove pprof but add read access to detailed health checks

Change-Id: I96c0997be2a538aa8c689dea25026bba638d6e7d

add base health check endpoints and remove the todo for flowcontrol, as there is an existing ticket

Change-Id: I8a7d6debeaf91e06d8ace3cb2bd04d71ef3e68a9

drop blank line

Change-Id: I691e72e9dee3cf7276c725a12207d64db88f4651
2020-07-24 09:21:55 -07:00
Jordan Liggitt
3b323b2ef0 Limit critical pods to kube-system by default 2020-07-17 09:52:19 -04:00
Kubernetes Prow Robot
c430183fff
Merge pull request #91854 from bsdnet/gci
Update the COS E2E image policy
2020-07-02 06:41:15 -07:00
Roy Yang
f86b720cf6 Update the COS E2E image policy
Signed-off-by: Roy Yang <royyang@google.com>
2020-06-30 15:24:35 -07:00
Kubernetes Prow Robot
6257f83f88
Merge pull request #92569 from dims/tolerate-slightly-different-containerd-urls
Tolerate slightly different containerd urls
2020-06-29 18:35:08 -07:00
Kubernetes Prow Robot
de491f11b1
Merge pull request #92444 from dims/additional-check-for-containerd-for-better-loading-images
Additional test for loading images with containerd
2020-06-29 18:34:40 -07:00
Joakim Roubert
0c48e0e1bb Find what fails pull-kubernetes-e2e-gce-ubuntu-containerd
Change-Id: I7919d03926880cd9c93c61a07ada645ebfe32a89
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
2020-06-29 09:43:37 +02:00
Joakim Roubert
b529485f65 Review update
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
2020-06-29 08:43:58 +02:00
Joakim Roubert
605be2216b Sync with master
Add fixes for newly added code.

Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
2020-06-29 08:43:58 +02:00
Joakim Roubert
196ae34f9b Remove previously added '' no longer needed
Adapt to changes on master since the first commit here.

Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
2020-06-29 08:43:57 +02:00
Joakim Roubert
a20a005986 No quotes needed/wanted for CURL_RETRY_CONNREFUSED
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
2020-06-29 08:43:57 +02:00
Joakim Roubert
1b9e9c6fe6 Add fix for run-kube-controller-manager-as-non-root
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
2020-06-29 08:43:57 +02:00
Joakim Roubert
11f6d43747 Updates after review
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
2020-06-29 08:43:57 +02:00
Joakim Roubert
4abf7da53e Update cluster/gce/gci/configure-helper.sh
Co-authored-by: Aaron Crickenberger <spiffxp@google.com>
2020-06-29 08:43:56 +02:00
Joakim Roubert
3e211386c1 Update cluster/gce/gci/configure-helper.sh
Co-authored-by: Aaron Crickenberger <spiffxp@google.com>
2020-06-29 08:43:56 +02:00
Joakim Roubert
d66456fe01 Update cluster/gce/gci/configure-helper.sh
Co-authored-by: Aaron Crickenberger <spiffxp@google.com>
2020-06-29 08:43:56 +02:00
Joakim Roubert
6e8504003b Update cluster/gce/gci/configure-helper.sh
Co-authored-by: Aaron Crickenberger <spiffxp@google.com>
2020-06-29 08:43:56 +02:00
Joakim Roubert
0c899b2bc2 Mitigate newly added shellcheck issues
Issues not present when the original patch was created have now also
been fixed.

Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
2020-06-29 08:43:56 +02:00
Joakim Roubert
826274c867 Updates after code review
Add double quotes at assignments as requested by phenixblue.

Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
2020-06-29 08:43:55 +02:00
Joakim Roubert
3fb0d1c15d Update after code review
Simplified local variable declaration as suggested by phenixblue.

Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
2020-06-29 08:43:55 +02:00
Joakim Roubert
1f9704c713 Code review update
Change-Id: I384a73efe995c529fb4b3636cb9639eafb90787f
Signed-off-by: Joakim Roubert <joakimr@axis.com>
2020-06-29 08:43:55 +02:00
Joakim Roubert
80a8566a8c Fix shellcheck w/e in cluster/gce/gci/configure-helper.sh
Change-Id: Ic8fca2509a7cb07f4170eaf25a878036d18ba51c
Signed-off-by: Joakim Roubert <joakimr@axis.com>
2020-06-29 08:43:55 +02:00
Davanum Srinivas
a653c21479
Tolerate slightly different containerd urls
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2020-06-27 06:41:19 -04:00
Jordan Liggitt
a36aa9c31e Stop enabling alpha runtimeclass API 2020-06-25 20:29:11 -04:00
Kubernetes Prow Robot
c3a6a66592
Merge pull request #92395 from sambdavidson/vip-sni-fix
Added missing apiserver config var.
2020-06-24 01:59:54 -07:00
Davanum Srinivas
2d7c47d2be
Additional test for loading images with containerd
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2020-06-23 18:21:59 -04:00
Jonathan Sun
2f7874bd4b Install firewall logging rules to log metadata server access for unauthorized components. 2020-06-23 11:22:05 -07:00
Samuel Davidson
31ae200ebf fix for missing kube-env var in SNI config 2020-06-22 13:33:42 -07:00
Kubernetes Prow Robot
d140769e4d
Merge pull request #92344 from jherrera123/restore-docker-focal-version
Restore docker focal version in gci nodes
2020-06-21 15:28:39 -07:00
Kubernetes Prow Robot
4c8207dc1e
Merge pull request #92314 from dims/set-better-default-for-loading-images-2
Set better default commands for loading images - take 2
2020-06-21 05:12:39 -07:00
Kubernetes Prow Robot
c6011f2d54
Merge pull request #91390 from vinayakankugoyal/nonroot
Updating kube-controller-manager to run as non-root.
2020-06-21 00:56:38 -07:00
Jesus Herrera
9714f3ac86 Restore docker focal version 2020-06-20 11:16:25 -04:00
Kubernetes Prow Robot
2d1c417934
Merge pull request #92258 from SidneyShen/node-boot-nvme-disk-fix
Add logic to check if local NVMe SSDs in node boot-up script
2020-06-19 11:38:14 -07:00
Kubernetes Prow Robot
4369eb3155
Merge pull request #92083 from alculquicondor/sched_config_script
Support kube-scheduler component-config in GCE init scripts
2020-06-19 11:36:53 -07:00
Kubernetes Prow Robot
87e6ec493c
Merge pull request #90223 from caesarxuchao/remove-unused-var
Remove unused network proxy variables and functions
2020-06-19 11:36:14 -07:00
Davanum Srinivas
60bd17a61f
Set better default commands for loading images - take 2
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2020-06-19 14:25:12 -04:00
Kubernetes Prow Robot
6bb668c3c4
Merge pull request #92204 from dims/check-for-either-docker-or-containerd-getting-active
Check for either docker or containerd getting active
2020-06-18 06:03:21 -07:00
Kubernetes Prow Robot
c83c4d5453
Merge pull request #92184 from dims/set-better-default-for-loading-images
Set better default commands for loading images
2020-06-18 06:02:52 -07:00
Xinning Shen
27658f8241 Add logic to check if local NVMe SSDs in node boot-up script
Current logic would assume all the NVMe disks are data disks and
applicable for reformat and mount. This will cause the issue when
booting disk is also NVMe disk, which will fail the node boot up. This
change will check if any additional NVMe disks are required/specified
and skip the reformat step otherwise.
2020-06-18 08:48:43 +00:00
Chao Xu
06d034f3c8 remove unnecessary certs generation 2020-06-16 23:47:10 -07:00
Kubernetes Prow Robot
1f629ca4a2
Merge pull request #92150 from sambdavidson/sniflagfix
Fix to configure-kubeapiserver.sh error.
2020-06-16 19:24:12 -07:00
Kubernetes Prow Robot
51aac92f69
Merge pull request #91922 from Jefftree/netproxy-009
Upgrade apiserver-network-proxy to v0.0.9
2020-06-16 19:22:39 -07:00
Davanum Srinivas
01183e51f0
Check for either Docker or Containerd getting active for e2e_node tests
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2020-06-16 20:08:01 -04:00
Davanum Srinivas
fbb4bb0003
Set better default commands for loading images
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2020-06-16 07:47:02 -04:00
Samuel Davidson
3958ecb5c7 Fix to configure-kubeapiserver.sh error.
It no no longer errors and exits if
env-var OLD_LOAD_BALANCER_IP is undefined.
2020-06-15 11:42:05 -07:00
Aldo Culquicondor
55242bf3c9 Support kube-scheduler component-config in GCE init scripts
Taking precedence over some existing flags.

Signed-off-by: Aldo Culquicondor <acondor@google.com>
2020-06-15 09:41:18 -04:00
Mikhail Mazurskiy
b75ea1b052
Fix error check logic
If copy finished file (err == nil) then
use the error returned from out.Close()
2020-06-15 22:00:56 +10:00
Jefftree
c6b2b1fad3 Add health port to network proxy 2020-06-12 16:44:56 -07:00
Jordan Liggitt
ac5ec4aa80 Adjust admission webhook auth config for default-enabled admission plugins 2020-06-10 13:46:30 -04:00
Davanum Srinivas
1731cb30f5
Use containerd as default in kube-up.sh
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2020-06-07 14:34:50 -04:00
Kubernetes Prow Robot
db152fdd7d
Merge pull request #91756 from wojtek-t/remove_etcd_empty_dir_cleanup
Remove etcd-empty-dir-cleanup image
2020-06-05 15:30:24 -07:00
Kubernetes Prow Robot
3509b46fc6
Merge pull request #91612 from bsdnet/gci
Improve COS image document for E2E test
2020-06-05 15:30:00 -07:00
wojtekt
ee27e5b8be Remove all references to etcd-empty-dir-cleanup. 2020-06-05 08:41:31 +02:00
Kubernetes Prow Robot
c0455a1853
Merge pull request #91154 from liggitt/signer-duration
Mark experimental-cluster-signing-duration deprecated, add --cluster-signing-duration
2020-06-04 17:59:45 -07:00
Vinayak Goyal
8daa9e6f77 Updating kube-controller-manager to run as non-root. 2020-06-02 14:07:00 -07:00
Roy Yang
3336d59ab2 Update COS/GCI document
Signed-off-by: Roy Yang <royyang@google.com>
2020-06-01 14:34:31 -07:00
Sascha Grunert
d2fc2d282d
Update cri-tools to v1.18.0
This updates cri-tools to the latest release as well as pointing the
artifacts to the new Google Cloud Bucket `k8s-artifacts-cri-tools`.

This reverts commit ce1840d253.

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-05-29 10:56:02 +02:00
Kubernetes Prow Robot
f91c1ef60e
Merge pull request #91370 from justaugustus/cni
Update CNI to v0.8.6
2020-05-26 13:38:01 -07:00
Kubernetes Prow Robot
f01d848c48
Merge pull request #91329 from dims/switch-kube-controller-manager-to-distroless-image
Switch kube-controller-manager to distroless image
2020-05-22 17:23:10 -07:00
Stephen Augustus
b692502a9d Update CNI to v0.8.6
Signed-off-by: Stephen Augustus <saugustus@vmware.com>
2020-05-22 17:48:56 -04:00
Kubernetes Prow Robot
9e06faa1fb
Merge pull request #91240 from tosi3k/bump-am-version
Update kube-addon-manager to v9.1.1
2020-05-21 19:40:37 -07:00
Davanum Srinivas
b1742f19ef
Switch kube-controller-manager to distroless image
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2020-05-21 22:33:54 -04:00
Kubernetes Prow Robot
c97c61ebe8
Merge pull request #91304 from karan/gcireviewer
add karan to gci reviewer
2020-05-20 19:42:20 -07:00
Kubernetes Prow Robot
52358fe010
Merge pull request #91228 from sambdavidson/iprotflags
Add SNI flags usage to configure-*.sh
2020-05-20 19:41:30 -07:00
Samuel Davidson
20b37d6c5a Add IP rotation flags and env-vars to configure-*.sh 2020-05-20 13:07:37 -07:00
Karan Goel
451592c6a5 add karan to gci reviewer 2020-05-20 10:42:42 -07:00
Jacek Kaniuk
57caa27b8d Do not add kube-apiserver performance flags if already set 2020-05-20 19:05:16 +02:00
Antoni Zawodny
15e491eb2f Update kube-addon-manager to v9.1.1 2020-05-20 09:50:20 +02:00
Jakub Przychodzeń
ce1840d253 Revert "Update cri-tools to v1.18.0"
This reverts commit 4b3e023659.
2020-05-19 11:19:39 +02:00
Sascha Grunert
4b3e023659
Update cri-tools to v1.18.0
Bump cri-tools to the latest version and update test scripts.

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-05-18 13:38:41 +02:00
Jordan Liggitt
950ed38996 Mark experimental-cluster-signing-duration deprecated, add --cluster-signing-duration 2020-05-15 14:09:58 -04:00
Tim Hockin
d681a04541 Force LICENSES refresh on GCE images
Some test images have it baked in.
2020-05-11 14:25:26 -07:00
Yuwen Ma
1aa67fc525
Switch core master base images from debian to distroless
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2020-05-09 06:55:00 -04:00
Kubernetes Prow Robot
7d53ecee37
Merge pull request #90575 from thockin/fix_license_again
Reorganize vendor licenses again (revert #85220)
2020-05-08 23:03:51 -07:00
Tim Hockin
325ea6e3c2 Restructure licenses again (revert cd4474a)
This moves licenses of vendored code from one monolith file into a tree
of individual files for easier reviews.  This fixes both the bash and
bazel paths.
2020-05-07 21:48:59 -07:00
Walter Fender
339918d206 Add admin account on master for kube-up
Creates a master local admin account.
If you are on the master you can now run kubectl.
For issue 87481.
2020-05-06 17:19:58 -07:00
Davanum Srinivas
0d38f21932
Use bionic repo for docker as focal is not yet available
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2020-05-03 16:50:49 -04:00
Kubernetes Prow Robot
e494b0788b
Merge pull request #89543 from bartekzurawski/fix-kube-up-gce-private-restart
Set ip alias route on kubernetes-master during booting
2020-04-24 09:38:07 -07:00
Vinayak Goyal
7a5f4c47de Run kube-scheduler and kube-addon-manager as non root 2020-04-16 14:50:04 -07:00
Bartek Żurawski
3e4744c736 Set ip alias route on kubernetes-master during booting 2020-04-15 00:03:05 +02:00
Kubernetes Prow Robot
c0be582ca5
Merge pull request #89269 from Jefftree/network-proxy-beta
Use v1beta1 for egress selector config
2020-04-09 18:07:49 -07:00
Kubernetes Prow Robot
c7abf44a19
Merge pull request #88856 from yaseenhamdulay/patch-1
Create etcd user in cloud-init master.yaml rather than in configure-h…
2020-03-27 20:41:53 -07:00
Samuel Davidson
c70cd1e82f Changed readonly to true and type to File for authn/authz config. 2020-03-25 17:45:27 -07:00
Yaseen Hamdulay
58f78a53ee Add ssh_redirect_user 2020-03-24 11:30:48 +00:00
Kubernetes Prow Robot
de877ec26e
Merge pull request #89327 from aojea/conntrack
cluster: ipvs conntrack module vs kernel version
2020-03-22 13:28:44 -07:00
Antonio Ojea
33810a99d9 cluster: ipvs conntrack module vs kernel version
We should use 'nf_conntrack' instead of 'nf_conntrack_ipv4'
for linux kernel >= 4.19
2020-03-21 11:23:28 +01:00
Jefftree
936f7665cf network proxy alpha -> beta 2020-03-19 11:49:47 -07:00
yaseenhamdulay
5de3c64ad0 Create etcd user in cloud-init master.yaml rather than in configure-helper.sh
An etcd unix user is currently created in configure-helper.sh if it does not exist
on the master.

cloud-init is the only supported mechanism to add users on COS VMs. If an attempt
is made to add a key using OS Login or the instance metadata mechanism the
google_accounts_daemon will race with useradd and potentially attempt to use
the same UID. This will lock out any attempt to SSH into the VM. We therefore
migrate to using cloud-init to create this user and prevent this issue from occurring.
2020-03-19 11:05:42 +00:00
Kubernetes Prow Robot
f899ad704a
Merge pull request #89069 from enj/enj/i/drop_password_file
Remove support for basic authentication
2020-03-18 22:24:20 -07:00
Kubernetes Prow Robot
8055c92e26
Merge pull request #88125 from mwwolters/flex2healthz
Switch flexvolume_node_setup.sh from kubelet RO port to healthz port
2020-03-17 16:20:07 -07:00
Joe Betz
23c358d883
Fix unbound variable error in gce/configure.sh
Looks like UBUNTU_INSTALL_RUNC_VERSION should be optional here.
2020-03-12 16:41:25 -07:00
Monis Khan
df292749c9
Remove support for basic authentication
This change removes support for basic authn in v1.19 via the
--basic-auth-file flag.  This functionality was deprecated in v1.16
in response to ATR-K8S-002: Non-constant time password comparison.

Similar functionality is available via the --token-auth-file flag
for development purposes.

Signed-off-by: Monis Khan <mok@vmware.com>
2020-03-11 20:55:47 -04:00
Jefftree
6fd748e2c5 exit if KONNECTIVITY_SERVICE_PROXY_PROTOCOL_MODE is set incorrectly 2020-03-05 16:59:55 -08:00
Jefftree
06abedb063 Allow both GRPC and http-connect mode to be toggled 2020-03-05 16:16:59 -08:00
Jefftree
2a98cb7f8b Use GRPC mode for network proxy 2020-03-02 15:54:52 -08:00
Jefftree
0989770135 Update network proxy to v0.0.7 2020-03-02 10:09:00 -08:00
Jefftree
4c54241c3d Support token authentication for network proxy 2020-03-01 17:24:48 -08:00
Kubernetes Prow Robot
831dae75bf
Merge pull request #88185 from vinayakankugoyal/appendandreplace
append_or_replace_prefixed_line in /cluster/gce/gci/configure-helper.…
2020-02-26 13:33:19 -08:00
Vinayak Goyal
388ebfe7d0 append_or_replace_prefixed_line in /cluster/gce/gci/configure-helper.sh fails for prefixes that contain quotes and = sign. 2020-02-24 17:35:36 -08:00
Kubernetes Prow Robot
6461e6f4fb
Merge pull request #87179 from Jefftree/netproxy-uds
UDS + GRPC Support for Network Proxy
2020-02-20 21:20:32 -08:00
Jefftree
725d2b6a8f Network Proxy: GRPC + HTTP Connect with UDS 2020-02-20 10:19:37 -08:00
Benjamin Elder
4454ce6f37 fix shellcheck failures in health-monitor.sh 2020-02-14 16:12:18 -08:00
Mark Wolters
ba74c1cfb4 Switch flexvolume_node_setup.sh from kubelet RO port to healthz port 2020-02-13 09:58:51 -08:00
Kubernetes Prow Robot
78a02a223d
Merge pull request #88010 from dims/support-for-adding-test-handler-for-containerd
Support for adding test-handler for containerd
2020-02-11 23:15:58 -08:00
Kubernetes Prow Robot
04cfa4981a
Merge pull request #87463 from mwwolters/healthmon2healthz
Migrate health monitor from read only port to healthz port
2020-02-11 17:06:08 -08:00
Davanum Srinivas
8f764b113e
Support for adding test-handler for containerd 2020-02-10 20:43:40 -05:00
Davanum Srinivas
da024f9a57
Ability to override versions of containerd/runc 2020-02-08 20:20:15 -05:00
Davanum Srinivas
acd286d95d
Install containerd package depending on CONTAINER_RUNTIME 2020-02-08 17:53:37 -05:00
Davanum Srinivas
c4ef6a94b3
Add gid to config.toml only when docker group is present
If we don't install docker and install just containerd apt packages,
there is no docker group. In this scenario, we should not add the gid to
config.toml
2020-02-08 17:53:37 -05:00
Davanum Srinivas
2c93aa6ec3
Ensure kubectl is available in PATH by explicitly exporting the script 2020-02-07 09:05:07 -05:00
Davanum Srinivas
f20e17e9dd
python snippets should work on both old and new python versions 2020-02-05 11:22:56 -05:00
Davanum Srinivas
dc3f31569e
Ensure specified container runtimes are present 2020-02-03 13:40:57 -05:00
Stephen Augustus
1174e6698e cni: Update CNI version to v0.8.5
Signed-off-by: Stephen Augustus <saugustus@vmware.com>
2020-01-29 04:41:29 -05:00
Stephen Augustus
96f2588b61 cni: Update CNI download URLs to use new GCS bucket (k8s-artifacts-cni)
Signed-off-by: Stephen Augustus <saugustus@vmware.com>
2020-01-29 02:32:22 -05:00
Kubernetes Prow Robot
324b5921c1
Merge pull request #87529 from cheftako/master
Added relevent approvers and reviewers for gci.
2020-01-25 11:49:02 -08:00
Kubernetes Prow Robot
15f96a807a
Merge pull request #86305 from saschagrunert/cri-tools
Update cri-tools to v1.17.0
2020-01-24 12:18:32 -08:00
Walter Fender
b2f3236771 Added relevent approvers and reviewers for gci.
Adding new approver and reviewers for the gci scripts.
2020-01-24 09:29:35 -08:00
Kubernetes Prow Robot
90da466221
Merge pull request #87504 from cheftako/master
Fix issue with GCE scripts assuming Python2.
2020-01-24 03:03:19 -08:00
Walter Fender
1dd53fd3ba Fix issue with GCE scripts assuming Python2.
For bug #87482.
Newer OSs are now defaulting to Python3.
This breaks the kube-up scripts for GCE.
Adding code to detect this and explicitly use Python2.
2020-01-23 15:05:04 -08:00
Koonwah Chen
cfd61e801b Add env var(CNI_TAR_PREFIX) for cni install.
cni release has changed the prefix, add a var to make this configurable.
2020-01-22 15:14:31 -08:00
Mark Wolters
aee028dab8 Migrate health monitor from read only port to healthz port 2020-01-22 10:52:08 -08:00
Kubernetes Prow Robot
34e090187c
Merge pull request #87032 from awly/preload-gke-exec-plugin
Allow a preloaded gke-exec-auth-plugin
2020-01-16 13:14:52 -08:00
Janek Łukaszewicz
a9e5fd6623 Revert "Revert "Add an option to specify kubelet flags for heapster node.""
This reverts commit 00ea8c4f9e.
2020-01-14 12:53:25 +01:00
Sascha Grunert
7e5e7c141c
Update cri-tools to v1.17.0
Update the crictl binaries to the latest release

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-01-14 08:36:20 +01:00
Andrew Lytvynov
71966adfc3 Allow a preloaded gke-exec-auth-plugin 2020-01-09 10:37:43 -08:00
Kubernetes Prow Robot
127c47caf4
Merge pull request #85512 from serathius/remove-cluster-monitoring
Remove cluster-monitoring
2019-12-17 21:05:57 -08:00
Kubernetes Prow Robot
4a62b3ac6d
Merge pull request #86329 from mml/core_pattern
Set core_pattern to an absolute path.
2019-12-17 19:48:11 -08:00
Matt Liggett
ec24d3c7e8 Set core_pattern to an absolute path.
Change-Id: I71e848783c05dc75b2232e05dd2ed3aa9a983e23
2019-12-11 15:05:48 -08:00
Nikolaos Moraitis
00ea8c4f9e
Revert "Add an option to specify kubelet flags for heapster node." 2019-12-11 11:19:13 +01:00
Marek Siarkowicz
31fb04fa98 Remove cluster-monitoring
Heapster is deprecated and no longer supported
2019-12-09 11:25:20 +01:00
Janek Łukaszewicz
39cb8222c7 Add an option to specify kubelet flags for heapster node.
Useful in scalability tests, where we don't want test pods (e.g. Kubemark hollow
nodes) to be scheduled on heapster node.
2019-12-06 12:44:26 +01:00
Kubernetes Prow Robot
95a3cd54cf
Merge pull request #82720 from hwdef/add-err-handling-in-gce-gci
add err handling in gce/gci
2019-12-02 22:56:57 -08:00
hwdef
e581be1ec7 add err handling in gce/gci 2019-12-03 09:34:41 +08:00
Kubernetes Prow Robot
c213196f0a
Merge pull request #85014 from dekkagaijin/master
let standalone npd use kubelet credentials
2019-11-14 17:50:30 -08:00
Jordan Liggitt
cd4474ae4f Revert "76093 restructure LICENSES file generation"
This reverts commit d39ac98cc5.
2019-11-13 10:24:32 -05:00
Ji Shan Xing
d39ac98cc5 76093 restructure LICENSES file generation 2019-11-12 20:38:57 -05:00
Xing Yang
3324722e07 VolumeSnapshot CRD v1beta1: Enable VolumeSnapshotDataSource feature gate and update e2e tests 2019-11-11 02:34:24 +00:00
Jake Sanders
42a06f58c6 let standalone npd use kubelet credentials
Signed-off-by: Jake Sanders <jsand@google.com>
2019-11-08 14:50:41 -08:00
Kubernetes Prow Robot
c7869131dd
Merge pull request #84744 from immutableT/isolate-etcd-config
Isolate configuration of etcd related parameters into a separate function.
2019-11-05 15:31:29 -08:00
Kubernetes Prow Robot
8ff16f35f8
Merge pull request #84007 from wojtek-t/reduce_node_update_frequency
Reduce node update frequency
2019-11-04 15:28:43 -08:00
immutablet
f7bd5455fe Isolate configuration of etcd related parameters into a separate function. 2019-11-04 13:55:31 -08:00
Kubernetes Prow Robot
7b6369c803
Merge pull request #84249 from odinuge/bump-shellcheck
Bump shellcheck to v0.7.0
2019-11-04 06:19:40 -08:00
wojtekt
12c8b4a9df Bumpd NodeProblemDetector 2019-11-03 08:50:22 +01:00
immutablet
576edaf072 Refactor tests for configure-helper.sh by moving environment config to testdata. 2019-11-01 13:57:54 -07:00
Kubernetes Prow Robot
a8e819746d
Merge pull request #83442 from serathius/remove-prometheus-addon
Remove prometheus addon
2019-10-29 01:34:43 -07:00
Odin Ugedal
cce1f32ea5
Fix shellcheck failures SC2034 2019-10-23 22:47:46 +02:00
Kubernetes Prow Robot
13de6868fe
Merge pull request #81075 from mborsz/mtls
Add mtls support to add/remove-replica
2019-10-22 23:18:13 -07:00
Maciej Borsz
7ee8a02eee Add mtls support to add/remove-replica 2019-10-22 14:59:16 +02:00
Kubernetes Prow Robot
99d40d3d44
Merge pull request #80137 from ialidzhikov/enh/better-naming
Rename dashboard-controller.yaml to dashboard-deployment.yaml
2019-10-16 05:51:41 -07:00
ialidzhikov
b3dcbbf98c Rename dashboard-controller.yaml to dashboard-deployment.yaml
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>
2019-10-15 13:55:06 +03:00
immutablet
b6b55519ca Isolate the logic related to the configuration of kube-apiserver into a separate script. 2019-10-11 11:34:09 -07:00
Kubernetes Prow Robot
00096d8fed
Merge pull request #83366 from mwwolters/admission-control-flag
Switch from admission-control flag to enable-admission-plugins
2019-10-05 04:35:11 -07:00
Kubernetes Prow Robot
52a3cb06ef
Merge pull request #82845 from prameshj/custom-nodelocal
Update nodelocaldns yaml to use image with custom Stubdomains support
2019-10-04 16:31:13 -07:00
Marek Siarkowicz
887e84e330 Remove Prometheus addon and it's tests
Prometheus addon was developed for exterimental and test purpose only.
As readme states it should not be used by anyone.
2019-10-03 14:15:58 +02:00
Jacek Kaniuk
46e7a14227 Ability to set up additional, bigger nodes during tests 2019-10-03 12:20:06 +02:00
Maciej Borsz
2d9a9f7713
Revert "Revert "Revert "[Re-Apply][Distroless] Convert the GCE manifests for master containers.""" 2019-10-02 09:22:02 +02:00
Mark Wolters
f7bf17bc2f Switch from admission-control flag to enable-admission-plugins 2019-10-01 09:21:33 -07:00
Kubernetes Prow Robot
6610260cc4
Merge pull request #78466 from yuwenma/revert-77904-revert-76396-reapply-75624
Revert "Revert "[Re-Apply][Distroless] Convert the GCE manifests for master containers.""
2019-10-01 01:21:33 -07:00
Kubernetes Prow Robot
b215562a70
Merge pull request #83205 from zhenglol/zhengch_event_exporter_to_sd
Use $STACKDRIVER_ENDPOINT to set exporter sd endpoint
2019-09-30 13:09:00 -07:00
Kubernetes Prow Robot
b281315450
Merge pull request #82856 from Random-Liu/update-crictl
Update crictl to v1.16
2019-09-26 14:40:23 -07:00
Zheng Chen
3972e5c3e7
using STACKDRIVER_ENDPOINT to set exporter sd endpoint according to cluster env 2019-09-26 14:00:59 -04:00
Lantao Liu
dfd5957713 Update crictl to v1.16.1. 2019-09-25 16:06:39 -07:00
Kubernetes Prow Robot
7266b1b487
Merge pull request #82801 from krzyzacy/auth-curl
auth/cloud-platform is a superset of devstorage.
2019-09-23 17:31:53 -07:00
Sen Lu
e3fdebbe62 auth/cloud-platform is a superset of devstorage.
Also fix the curl in get-kube.sh
2019-09-23 14:14:03 -07:00
Kubernetes Prow Robot
5cdf18e348
Merge pull request #82624 from qingling128/master
Upgrade stackdriver-logging-agent image to 1.6.17 to fix CVEs.
2019-09-18 17:30:59 -07:00
Kubernetes Prow Robot
1bebaea417
Merge pull request #81061 from k-toyoda-pi/fix_shellcheck_flexvolume_node_setup
Fix shellcheck failure in gce/gci/flexvolume_node_setup.sh
2019-09-16 14:43:54 -07:00
Pavithra Ramesh
7a7f856e22 Support running custom nodelocaldns yaml in gce. 2019-09-12 12:53:53 -07:00
Ling Huang
dc9db4b413 Upgrade stackdriver-logging-agent image to 1.6.17 to fix CVEs.
Change-Id: Ic37a8d3663d616e7d196353efd9a0164da724728
2019-09-12 04:02:08 -04:00
Kubernetes Prow Robot
0dbb93125f
Merge pull request #82579 from mm4tt/etcd_expose_metrics
Expose etcd metric port in tests
2019-09-11 22:53:35 -07:00
Kubernetes Prow Robot
14e5ac8591
Merge pull request #82499 from filbranden/owners1
Remove me from OWNERS for GCI
2019-09-11 21:24:05 -07:00
Matt Matejczyk
fbbb4ebeca Expose etcd metric port in tests
This is to allow scraping etcd metrics in scalabiblity tests.
This was already done in
https://github.com/kubernetes/kubernetes/pull/77657, but then the logic
got changed when introducing mtls in
https://github.com/kubernetes/kubernetes/pull/77561 and the new etcd
metric port 2382 is currently only exposed on localhost.

Ref. https://github.com/kubernetes/perf-tests/issues/786
2019-09-11 13:57:00 +02:00
Kubernetes Prow Robot
f48659e9fd
Merge pull request #81681 from zhenglol/sd_test_endpoint
override stackdriver endpoint in event-exporter in test cluster
2019-09-10 14:32:00 -07:00
Filipe Brandenburger
c8f4e958e6 Remove me from OWNERS for GCI
Signed-off-by: Filipe Brandenburger <filbranden@gmail.com>
2019-09-09 09:39:05 -07:00
toyoda
5c724f6eaa fix shellcheck failure in gci/flexvolume_node_setup.sh 2019-09-03 16:56:25 +09:00
Zhen Wang
d874dbfcb1 Bump NPD version to v0.7 for GCI 2019-08-27 22:26:30 -07:00
Kubernetes Prow Robot
d52b212189
Merge pull request #79908 from wenjiaswe/remove-aggregator-ca-key
Remove unused aggregator ca key
2019-08-23 13:31:18 -07:00
Zheng Chen
70a7134906
added override for sd testing env in event-exporter yaml 2019-08-20 16:29:15 -04:00
Kubernetes Prow Robot
282b992e0c
Merge pull request #81074 from mborsz/ilb
Experimental ILB support
2019-08-09 06:25:26 -07:00
Maciej Borsz
cc4094d916 Experimental ILB support 2019-08-09 12:38:15 +02:00
Walter Fender
ebb65c5f4c Get network-proxy working with GCE.
Got the proxy-server coming up in the master.
Added certs and have it comiung up with those certs.
Added a daemonset to run the network-agent.
Adding support for agent running as a sameon set on every node.

Added quick hack to test that proxy server/agent were correctly
tunneling traffic to the kubelet.

Added more WIP for reading network proxy configuration.
Get flags set correctly and fix connection services.
Adding missing ApplyTo
Added ConnectivityService.
Fixed build directives. Added connectivity service configuration.
Fixed log levels.
Fixed minor issues for feature turned off.
Fixed boilerplate and format.
Moved log dialer initialization earlier as per Liggits suggestion.
Fixed a few minor issues in the configuration for GCE.
Fixed scheme allocation
Adding unit test.
Added test for direct connectivity service.

Switching to injecting the Lookup method rather than using a Singleton.
First round of mikedaneses feedback.
Fixed deployment to use yaml and other changes suggested by MikeDanese.

Switched network proxy server/agent which are kebab-case not camelCase.
Picked up DIAL_RSP fix.
Factored in deads2k feedback.
Feedback from mikedanese
Factored in second round of feedback from David.
Fix path in verify.
Factored in anfernee's feedback.
First part of lavalamps feedback.
Factored in more changes from lavalamp and mikedanese.

Renamed network-proxy to konnectivity-server and konnectivity-agent.
Fixed tolerations and config file checking.
Added missing strptr
Finished lavalamps requested rename.
Disambiguating konnectivity service by renaming it egress selector.

Switched feature flag to KUBE_ENABLE_EGRESS_VIA_KONNECTIVITY_SERVICE
2019-08-06 23:09:49 -07:00
Kubernetes Prow Robot
3be827e912
Merge pull request #77561 from wenjiaswe/fix-etcd-server
Use HTTPS as etcd-apiserver protocol when mTLS is enabled
2019-07-29 12:14:49 -07:00
Maciej Borsz
f1e6309560
Retry metadata requests in get-credentials and valid-storage-scope 2019-07-26 14:09:55 +02:00
Kubernetes Prow Robot
bf2dd03083
Merge pull request #80318 from davidxia/fix-err-caps
cleanup: fix some log and error capitalizations
2019-07-25 10:41:28 -07:00
Kubernetes Prow Robot
0612c7de0b
Merge pull request #80232 from shihan9/gce
remove function apply-encryption-config in configure-helper
2019-07-24 13:50:19 -07:00
Taahir Ahmed
9702c6e6e9 GCP config: gke-exec-auth-plugin for ValidatingAdmissionWebhook
This commit adds support for using `gke-exec-auth-plugin` (vTPM-based
certificates for mTLS) for webhooks when calling endpoints matching
`*.googleapis.com`, and integrates this support with
ValidatingAdmissionWebhook.

To enable it, request ValidatingAdmissionWebhook with
`ADMISSION_CONTROL=...,ValidatingAdmissionWebhook,...` (default) and
opt in to `gke-exec-auth-plugin` using `WEBHOOK_GKE_EXEC_AUTH=true`
during the configuration process.

If you don't opt-in, ValidatingAdmissionWebhook will be deployed as
before.

Requesting `WEBHOOK_GKE_EXEC_AUTH=true` will fail if you have not
provided other configuration variables:

  * `EXEC_AUTH_PLUGIN_URL`: controls whether `gke-exec-auth-plugin` is
    downloaded during the installation step.  A prerequisite for
    actually using the plugin.

  * `TOKEN_URL`, `TOKEN_BODY`, and `TOKEN_BODY_UNQUOTED`:
    configuration values used when calling the plugin.  `TOKEN_URL`
    and `TOKEN_BODY` have existing usage. `TOKEN_BODY_UNQUOTED` is a
    new variable that is meant to sidestep the problem of inverting
    `strconv.Quote` in Bash.

The existing configuration process for ImagePolicyWebhook has been
reworked to make it play nicely with ValidatingAdmissionWebhook under
`WEBHOOK_GKE_EXEC_AUTH=true`.

  * It originally placed the ImagePolicyWebhook configuration object
    at the top-level of the file specified by
    `--admission-control-config-file`.  I can't see why this worked;
    it must have been hitting some sort of lucky path through the
    various config file loading mechanisms.  Now, it places its
    configuration in a sub-field of that file, which is shared among
    all admission control plugins.

  * It mounted its various config files read-write.  I reviewed the
    code and couldn't see why it was necessary, so I moved the config
    files into the existing read-only mount at `/etc/srv/kubernetes`.

  * It now checks that all the configuration values it requires have
    been provided.

Co-authored-by: Mike Danese <mikedanese@google.com>
Co-authored-by: Taahir Ahmed <taahm@google.com>
2019-07-22 16:01:37 -07:00
David Xia
fabfd950b1
cleanup: fix some log and error capitalizations
Part of https://github.com/kubernetes/kubernetes/issues/15863
2019-07-20 18:26:16 -04:00
Wenjia Zhang
2e61ae0c56 Use HTTPS as etcd-apiserver protocol when mTLS is enabled 2019-07-20 14:24:31 -07:00
Javier Pérez Hernández
288ea10a59 gce: configure: use 'amd64' in kube core images manifest 2019-07-18 08:31:45 -07:00
Shihang Zhang
e6607cc259 remove function apply-encryption-config in configure-helper
Change-Id: I4df76abcc94eb222219968dc5e08655677d4623f
2019-07-16 14:03:13 -07:00
Davanum Srinivas
6b06084df6
Drop -r for variable within loop
using `local -r` will blow up, example output:
```
/home/kubernetes/bin/configure.sh: line 388: local: manifest_name: readonly variable
```

Change-Id: Id379180803d44dd9c7ac0da41c1cd56de0fe54a4
2019-07-14 11:05:29 -04:00
Javier Pérez Hernández
438ff151d4 cluster: configure: load images and add tags with no arch 2019-07-12 16:40:40 -07:00
Wenjia Zhang
5abd36824a Remove unused aggregator ca key 2019-07-08 17:22:25 -07:00
Kubernetes Prow Robot
4cabe6217f
Merge pull request #79626 from wenjiaswe/remove-etcd-ca-key
Remove unnecessary ETCD_CA_KEY check
2019-07-08 14:28:14 -07:00
Kubernetes Prow Robot
097681b619
Merge pull request #72206 from tallclair/audit-profile-test
Audit profile test
2019-07-05 19:00:35 -07:00
Tim Allclair
d06f849379 Audit policy test 2019-07-03 10:39:37 -07:00
Maciej Borsz
08f8d2ef46 Fix HA setup logic 2019-07-03 11:17:31 +02:00
Wenjia Zhang
22591ad8f2 Remove unnecessary ETCD_CA_KEY check 2019-07-01 15:19:16 -07:00
Koonwah Chen
46ff8e6b57 Add env var(CNI_STORAGE_PATH) for cni storage path. 2019-06-24 11:47:14 -07:00
Zhen Wang
8f40368fb6 Clean up node-problem-detector configuration for GCI 2019-06-13 21:43:05 -07:00
Yuwen Ma
ccbb88fc53 Revert "Revert "[Re-Apply][Distroless] Convert the GCE manifests for master containers."" 2019-05-30 08:02:41 -07:00
Kubernetes Prow Robot
88da568586
Merge pull request #78406 from losipiuk/lo/split-args-ca
Split CA paramters on manifest template expansions
2019-05-30 00:32:46 -07:00
Kubernetes Prow Robot
f4945a81e2
Merge pull request #78314 from Random-Liu/set-containerd-oom-score
Set containerd oom score adj to -999.
2019-05-29 07:59:16 -07:00
Łukasz Osipiuk
dda5e49cac Split CA parameters on manifest template expansion
Split arguments to be passed to cluster autoscaler binary,
so each argument is passed separately.
This is preparatory work for migrating CA to disroless base image
and passing multiple arguments together does not work if CA is
not wrapped around with shell script

Change-Id: I26b5a764d2a12079c7f4ed6633ccabf8d623e232
2019-05-29 15:20:34 +02:00
Jake Sanders
5a9af2e0ef specify additional static auth for components by env var 2019-05-24 12:16:40 -07:00
Lantao Liu
f6aa22e9e3 Set containerd oom score adj to -999.
Signed-off-by: Lantao Liu <lantaol@google.com>
2019-05-24 10:36:54 -07:00
Matt Matejczyk
6ced6491c6 Change etcd's --listen-client-urls to 0.0.0.0 in tests
This is to allow scraping etcd metrics in scalability tests.

Ref. https://github.com/kubernetes/perf-tests/issues/522
2019-05-23 15:11:22 +02:00
Kubernetes Prow Robot
0203192970
Merge pull request #78044 from dekkagaijin/patch-6
Consolidate logic to ensure kubectl auth
2019-05-17 23:21:37 -07:00
Kubernetes Prow Robot
72f6954614
Merge pull request #77889 from Random-Liu/support-using-containerd-in-cos
Support using docker containerd in COS and Ubuntu on GCE.
2019-05-17 20:26:59 -07:00
Kubernetes Prow Robot
47304fbaee
Merge pull request #78039 from mikedanese/execmaster
allow exec auth plugin to be pulled on the master
2019-05-17 18:57:30 -07:00
Jake Sanders
9bc3c2af00 Consolidate logic to ensure kubectl auth 2019-05-17 11:32:09 -07:00
Kubernetes Prow Robot
314264aeaf
Merge pull request #78010 from mikedanese/fixdns
cluster/gce: fix line 2414: DNS_MEMORY_LIMIT: unbound variable
2019-05-17 10:12:59 -07:00