Kubernetes Prow Robot
1f756e4a37
Merge pull request #92669 from Jefftree/netproxy-configure-helper
...
Separate network proxy flag for apiserver egress and starting pods
2020-10-23 16:47:00 -07:00
Vinayak Goyal
83c1ce0225
Grant group KUBE_POD_LOG_READERS_GROUP access to read pod logs on gke control-plane.
2020-10-23 12:14:26 -07:00
Rahul Joshi
889446810c
Add configuration options to specify --detect-local-mode on kube-proxy.
2020-10-23 12:12:59 -07:00
Kubernetes Prow Robot
1257bc5acb
Merge pull request #91474 from cici37/pkgController
...
Cleanup CCM dependencies
2020-10-22 23:17:45 -07:00
Kubernetes Prow Robot
e850fa6a6c
Merge pull request #95209 from benhxy/gke/kubeconfig
...
Use host IP instead of localhost for GKE control plane kubeconfig
2020-10-22 22:15:49 -07:00
Jefftree
0e5d057755
Rename flags
2020-10-22 08:43:28 -07:00
Jefftree
ed52ad3f25
Add SETUP_KONNECTIVITY_SERVICE flag
2020-10-22 08:43:28 -07:00
Jefftree
7820b05467
Separate network proxy flag for apiserver egress and starting pods
2020-10-22 08:43:27 -07:00
Jakub Tużnik
236ade027b
Properly quote flags passed to Cluster Autoscaler
...
In the current implementation, the flags are not put between quotes,
and so the Cluster Autoscaler manifest doesn't parse as valid JSON.
2020-10-22 15:10:39 +02:00
Daniel Gutowski
6c8b1ab266
Fix default values for logrotate in /var/log/
2020-10-21 09:18:32 +00:00
Ben Hu
49afcfa5f2
Use host IP instead of localhost for control plane component kubeconfig files.
...
This is a part of work to allow control plane components to be moved off hostNetwork.
2020-10-20 22:47:33 +00:00
Ben Hu
8b4e164a78
iAdd host IP to etcd listen client URLs.
...
Allow kube-apiserver to use host IP to connect to etcd.
Update etcd/migrate to allow additional client listening URLs.
2020-10-20 16:43:52 +00:00
cici37
95acec5a3b
Move client_builder to k8s.io/controller-manager
2020-10-19 14:48:22 -07:00
jayunit100
aefe930562
support multiple bind records (fie nodelocaldns test regression), by
...
first replacing PILLAR_ and then replacing other vars.
2020-10-16 14:28:55 -04:00
Kubernetes Prow Robot
c1e5e6a556
Merge pull request #93836 from jayunit100/salt_cleanup_92835
...
remove __pillar__ refs
2020-10-11 17:58:47 -07:00
Kubernetes Prow Robot
33fd5552bb
Merge pull request #95418 from vinayakankugoyal/pki
...
Update write-pki-data to give read permissions to KUBE_PKI_READERS_GR…
2020-10-09 18:08:47 -07:00
Kubernetes Prow Robot
4fbf5df52b
Merge pull request #95388 from ii/policy
...
Enable Logging of event requests to audit log in cluster/gce/gci/configure-helper.sh
2020-10-09 14:08:48 -07:00
Hippie Hacker
b1e3a2ac7a
Clarify that we don't audit events due to performance impact
2020-10-09 13:30:20 +13:00
Vinayak Goyal
7cbe8070bc
Update write-pki-data to give read permissions to KUBE_PKI_READERS_GROUP, for components running as non-root to be able to read the credentials.
2020-10-08 16:25:43 -07:00
Joseph Anttila Hall
2f318bdd57
API server: fix default_konnectivity_socket_path typo.
...
Make it consistent with configure-helper.sh
2020-10-08 13:19:05 -07:00
Shihang Zhang
e0dcfbf9c2
make download-or-bust compatible with both sha512/sha1
2020-10-06 15:16:26 -07:00
Kubernetes Prow Robot
446da13de1
Merge pull request #94975 from zshihang/hash
...
replace sha1 with sha512
2020-10-06 13:00:42 -07:00
Karan Goel
f707db32cc
Send node startup scripts to console and journal
2020-10-05 13:25:28 -07:00
Mike Danese
cc5b12cdff
gce: redirect handshake server requests to metadata-concealment too
2020-09-25 17:50:53 -07:00
Shihang Zhang
e99dbbde62
replace sha1 with sha512
2020-09-23 11:27:20 -07:00
Varun Marupadi
04a51cac17
Allow the lifecycle of kube-proxy to be managed independently of the startup scripts for GCE
...
Introduces a new env variable KUBE_PROXY_DISABLE which causes the configure scripts to skip over
the creation of both static pods as well as daemonset addons for kube-proxy.
When false, the behavior falls back to the default today, which is to rely on the value of
KUBE_PROXY_DAEMONSET to decide whether to start static pods on the nodes or an addon on the
master.
2020-09-22 20:37:35 -07:00
Kubernetes Prow Robot
6b39cdf376
Merge pull request #93305 from alculquicondor/lssd-ephemeral
...
Mount kubelet and container runtime rootdir on LSSD
2020-09-22 12:22:06 -07:00
Kubernetes Prow Robot
dbaaed3592
Merge pull request #92140 from ash2k/ash2k/fix-error-check
...
Fix error check logic in test
2020-09-22 12:21:38 -07:00
Aldo Culquicondor
2ae4eeb3ea
Mount kubelet and container runtime rootdir on LSSD
...
When environment variable NODE_LOCAL_SSD_EPHEMERAL=true,
create a RAID 0 array on all attached SSDs to mount:
- kubelet root dir
- container runtime root dir
- pod logs dir
Those directories account for all ephemeral storage.
An array is not created when there is only one SSD.
Change-Id: I22137f1d83fc19e9ef58a556d7461da43e4ab9bd
Signed-off-by: Aldo Culquicondor <acondor@google.com>
2020-09-14 14:32:28 -04:00
David Eads
c7911a384c
remove pod presets
2020-09-14 09:24:40 -04:00
Kubernetes Prow Robot
0627c35411
Merge pull request #93781 from kisieland/allow-to-switch-off-logrotate
...
Disable log rotation of kubernetes and pod logs
2020-09-10 16:10:14 -07:00
Daniel Gutowski
adf7ed4241
Allow to disable logrotation of kubernetes and pod logs
...
Make logrotate disabled by default
2020-09-03 11:21:44 +00:00
Shihang Zhang
38f040c0a8
bind metadata proxy to 0.0.0.0
2020-09-01 18:34:02 -07:00
Stephen Augustus
e59d9f372d
Update CNI plugins to v0.8.7
...
ref: https://github.com/containernetworking/plugins/releases/tag/v0.8.7
Signed-off-by: Stephen Augustus <saugustus@vmware.com>
2020-08-31 09:01:07 -04:00
jay vyas
1693c111be
Getting rid of the Salt DNS replacements, addded / back.
2020-08-30 09:11:27 +00:00
Kubernetes Prow Robot
b02b84870c
Merge pull request #94307 from xmudrii/update-cri-tools
...
Update cri-tools to v1.19.0
2020-08-28 10:40:03 -07:00
Kubernetes Prow Robot
a9d1482710
Merge pull request #93311 from logicalhan/monitoring-role
...
Add bootstrap policy for monitoring endpoints
2020-08-28 06:36:52 -07:00
Marko Mudrinić
084bc9db43
Update cri-tools to v1.19.0
2020-08-28 15:34:42 +02:00
Kubernetes Prow Robot
fd20de89d9
Merge pull request #90433 from joakimr-axis/joakimr-axis_configure-helper.sh
...
Fix shellcheck w/e in cluster/gce/gci/configure-helper.sh
2020-08-27 19:05:47 -07:00
Han Kang
f57611970c
add bootstrap policy for monitoring roles
...
(we enable metrics and pprof by default, but that doesn't mean
we should have full cluster-admin access to use those endpoints)
Change-Id: I20cf1a0c817ffe3b7fb8e5d3967f804dc063ab03
remove pprof but add read access to detailed health checks
Change-Id: I96c0997be2a538aa8c689dea25026bba638d6e7d
add base health check endpoints and remove the todo for flowcontrol, as there is an existing ticket
Change-Id: I8a7d6debeaf91e06d8ace3cb2bd04d71ef3e68a9
drop blank line
Change-Id: I691e72e9dee3cf7276c725a12207d64db88f4651
2020-07-24 09:21:55 -07:00
Jordan Liggitt
3b323b2ef0
Limit critical pods to kube-system by default
2020-07-17 09:52:19 -04:00
Kubernetes Prow Robot
c430183fff
Merge pull request #91854 from bsdnet/gci
...
Update the COS E2E image policy
2020-07-02 06:41:15 -07:00
Roy Yang
f86b720cf6
Update the COS E2E image policy
...
Signed-off-by: Roy Yang <royyang@google.com>
2020-06-30 15:24:35 -07:00
Kubernetes Prow Robot
6257f83f88
Merge pull request #92569 from dims/tolerate-slightly-different-containerd-urls
...
Tolerate slightly different containerd urls
2020-06-29 18:35:08 -07:00
Kubernetes Prow Robot
de491f11b1
Merge pull request #92444 from dims/additional-check-for-containerd-for-better-loading-images
...
Additional test for loading images with containerd
2020-06-29 18:34:40 -07:00
Joakim Roubert
0c48e0e1bb
Find what fails pull-kubernetes-e2e-gce-ubuntu-containerd
...
Change-Id: I7919d03926880cd9c93c61a07ada645ebfe32a89
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
2020-06-29 09:43:37 +02:00
Joakim Roubert
b529485f65
Review update
...
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
2020-06-29 08:43:58 +02:00
Joakim Roubert
605be2216b
Sync with master
...
Add fixes for newly added code.
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
2020-06-29 08:43:58 +02:00
Joakim Roubert
196ae34f9b
Remove previously added '' no longer needed
...
Adapt to changes on master since the first commit here.
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
2020-06-29 08:43:57 +02:00
Joakim Roubert
a20a005986
No quotes needed/wanted for CURL_RETRY_CONNREFUSED
...
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
2020-06-29 08:43:57 +02:00
Joakim Roubert
1b9e9c6fe6
Add fix for run-kube-controller-manager-as-non-root
...
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
2020-06-29 08:43:57 +02:00
Joakim Roubert
11f6d43747
Updates after review
...
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
2020-06-29 08:43:57 +02:00
Joakim Roubert
4abf7da53e
Update cluster/gce/gci/configure-helper.sh
...
Co-authored-by: Aaron Crickenberger <spiffxp@google.com>
2020-06-29 08:43:56 +02:00
Joakim Roubert
3e211386c1
Update cluster/gce/gci/configure-helper.sh
...
Co-authored-by: Aaron Crickenberger <spiffxp@google.com>
2020-06-29 08:43:56 +02:00
Joakim Roubert
d66456fe01
Update cluster/gce/gci/configure-helper.sh
...
Co-authored-by: Aaron Crickenberger <spiffxp@google.com>
2020-06-29 08:43:56 +02:00
Joakim Roubert
6e8504003b
Update cluster/gce/gci/configure-helper.sh
...
Co-authored-by: Aaron Crickenberger <spiffxp@google.com>
2020-06-29 08:43:56 +02:00
Joakim Roubert
0c899b2bc2
Mitigate newly added shellcheck issues
...
Issues not present when the original patch was created have now also
been fixed.
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
2020-06-29 08:43:56 +02:00
Joakim Roubert
826274c867
Updates after code review
...
Add double quotes at assignments as requested by phenixblue.
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
2020-06-29 08:43:55 +02:00
Joakim Roubert
3fb0d1c15d
Update after code review
...
Simplified local variable declaration as suggested by phenixblue.
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
2020-06-29 08:43:55 +02:00
Joakim Roubert
1f9704c713
Code review update
...
Change-Id: I384a73efe995c529fb4b3636cb9639eafb90787f
Signed-off-by: Joakim Roubert <joakimr@axis.com>
2020-06-29 08:43:55 +02:00
Joakim Roubert
80a8566a8c
Fix shellcheck w/e in cluster/gce/gci/configure-helper.sh
...
Change-Id: Ic8fca2509a7cb07f4170eaf25a878036d18ba51c
Signed-off-by: Joakim Roubert <joakimr@axis.com>
2020-06-29 08:43:55 +02:00
Davanum Srinivas
a653c21479
Tolerate slightly different containerd urls
...
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2020-06-27 06:41:19 -04:00
Jordan Liggitt
a36aa9c31e
Stop enabling alpha runtimeclass API
2020-06-25 20:29:11 -04:00
Kubernetes Prow Robot
c3a6a66592
Merge pull request #92395 from sambdavidson/vip-sni-fix
...
Added missing apiserver config var.
2020-06-24 01:59:54 -07:00
Davanum Srinivas
2d7c47d2be
Additional test for loading images with containerd
...
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2020-06-23 18:21:59 -04:00
Jonathan Sun
2f7874bd4b
Install firewall logging rules to log metadata server access for unauthorized components.
2020-06-23 11:22:05 -07:00
Samuel Davidson
31ae200ebf
fix for missing kube-env var in SNI config
2020-06-22 13:33:42 -07:00
Kubernetes Prow Robot
d140769e4d
Merge pull request #92344 from jherrera123/restore-docker-focal-version
...
Restore docker focal version in gci nodes
2020-06-21 15:28:39 -07:00
Kubernetes Prow Robot
4c8207dc1e
Merge pull request #92314 from dims/set-better-default-for-loading-images-2
...
Set better default commands for loading images - take 2
2020-06-21 05:12:39 -07:00
Kubernetes Prow Robot
c6011f2d54
Merge pull request #91390 from vinayakankugoyal/nonroot
...
Updating kube-controller-manager to run as non-root.
2020-06-21 00:56:38 -07:00
Jesus Herrera
9714f3ac86
Restore docker focal version
2020-06-20 11:16:25 -04:00
Kubernetes Prow Robot
2d1c417934
Merge pull request #92258 from SidneyShen/node-boot-nvme-disk-fix
...
Add logic to check if local NVMe SSDs in node boot-up script
2020-06-19 11:38:14 -07:00
Kubernetes Prow Robot
4369eb3155
Merge pull request #92083 from alculquicondor/sched_config_script
...
Support kube-scheduler component-config in GCE init scripts
2020-06-19 11:36:53 -07:00
Kubernetes Prow Robot
87e6ec493c
Merge pull request #90223 from caesarxuchao/remove-unused-var
...
Remove unused network proxy variables and functions
2020-06-19 11:36:14 -07:00
Davanum Srinivas
60bd17a61f
Set better default commands for loading images - take 2
...
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2020-06-19 14:25:12 -04:00
Kubernetes Prow Robot
6bb668c3c4
Merge pull request #92204 from dims/check-for-either-docker-or-containerd-getting-active
...
Check for either docker or containerd getting active
2020-06-18 06:03:21 -07:00
Kubernetes Prow Robot
c83c4d5453
Merge pull request #92184 from dims/set-better-default-for-loading-images
...
Set better default commands for loading images
2020-06-18 06:02:52 -07:00
Xinning Shen
27658f8241
Add logic to check if local NVMe SSDs in node boot-up script
...
Current logic would assume all the NVMe disks are data disks and
applicable for reformat and mount. This will cause the issue when
booting disk is also NVMe disk, which will fail the node boot up. This
change will check if any additional NVMe disks are required/specified
and skip the reformat step otherwise.
2020-06-18 08:48:43 +00:00
Chao Xu
06d034f3c8
remove unnecessary certs generation
2020-06-16 23:47:10 -07:00
Kubernetes Prow Robot
1f629ca4a2
Merge pull request #92150 from sambdavidson/sniflagfix
...
Fix to configure-kubeapiserver.sh error.
2020-06-16 19:24:12 -07:00
Kubernetes Prow Robot
51aac92f69
Merge pull request #91922 from Jefftree/netproxy-009
...
Upgrade apiserver-network-proxy to v0.0.9
2020-06-16 19:22:39 -07:00
Davanum Srinivas
01183e51f0
Check for either Docker or Containerd getting active for e2e_node tests
...
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2020-06-16 20:08:01 -04:00
Davanum Srinivas
fbb4bb0003
Set better default commands for loading images
...
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2020-06-16 07:47:02 -04:00
Samuel Davidson
3958ecb5c7
Fix to configure-kubeapiserver.sh error.
...
It no no longer errors and exits if
env-var OLD_LOAD_BALANCER_IP is undefined.
2020-06-15 11:42:05 -07:00
Aldo Culquicondor
55242bf3c9
Support kube-scheduler component-config in GCE init scripts
...
Taking precedence over some existing flags.
Signed-off-by: Aldo Culquicondor <acondor@google.com>
2020-06-15 09:41:18 -04:00
Mikhail Mazurskiy
b75ea1b052
Fix error check logic
...
If copy finished file (err == nil) then
use the error returned from out.Close()
2020-06-15 22:00:56 +10:00
Jefftree
c6b2b1fad3
Add health port to network proxy
2020-06-12 16:44:56 -07:00
Jordan Liggitt
ac5ec4aa80
Adjust admission webhook auth config for default-enabled admission plugins
2020-06-10 13:46:30 -04:00
Davanum Srinivas
1731cb30f5
Use containerd as default in kube-up.sh
...
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2020-06-07 14:34:50 -04:00
Kubernetes Prow Robot
db152fdd7d
Merge pull request #91756 from wojtek-t/remove_etcd_empty_dir_cleanup
...
Remove etcd-empty-dir-cleanup image
2020-06-05 15:30:24 -07:00
Kubernetes Prow Robot
3509b46fc6
Merge pull request #91612 from bsdnet/gci
...
Improve COS image document for E2E test
2020-06-05 15:30:00 -07:00
wojtekt
ee27e5b8be
Remove all references to etcd-empty-dir-cleanup.
2020-06-05 08:41:31 +02:00
Kubernetes Prow Robot
c0455a1853
Merge pull request #91154 from liggitt/signer-duration
...
Mark experimental-cluster-signing-duration deprecated, add --cluster-signing-duration
2020-06-04 17:59:45 -07:00
Vinayak Goyal
8daa9e6f77
Updating kube-controller-manager to run as non-root.
2020-06-02 14:07:00 -07:00
Roy Yang
3336d59ab2
Update COS/GCI document
...
Signed-off-by: Roy Yang <royyang@google.com>
2020-06-01 14:34:31 -07:00
Sascha Grunert
d2fc2d282d
Update cri-tools to v1.18.0
...
This updates cri-tools to the latest release as well as pointing the
artifacts to the new Google Cloud Bucket `k8s-artifacts-cri-tools`.
This reverts commit ce1840d253
.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-05-29 10:56:02 +02:00
Kubernetes Prow Robot
f91c1ef60e
Merge pull request #91370 from justaugustus/cni
...
Update CNI to v0.8.6
2020-05-26 13:38:01 -07:00
Kubernetes Prow Robot
f01d848c48
Merge pull request #91329 from dims/switch-kube-controller-manager-to-distroless-image
...
Switch kube-controller-manager to distroless image
2020-05-22 17:23:10 -07:00
Stephen Augustus
b692502a9d
Update CNI to v0.8.6
...
Signed-off-by: Stephen Augustus <saugustus@vmware.com>
2020-05-22 17:48:56 -04:00
Kubernetes Prow Robot
9e06faa1fb
Merge pull request #91240 from tosi3k/bump-am-version
...
Update kube-addon-manager to v9.1.1
2020-05-21 19:40:37 -07:00
Davanum Srinivas
b1742f19ef
Switch kube-controller-manager to distroless image
...
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2020-05-21 22:33:54 -04:00
Kubernetes Prow Robot
c97c61ebe8
Merge pull request #91304 from karan/gcireviewer
...
add karan to gci reviewer
2020-05-20 19:42:20 -07:00
Kubernetes Prow Robot
52358fe010
Merge pull request #91228 from sambdavidson/iprotflags
...
Add SNI flags usage to configure-*.sh
2020-05-20 19:41:30 -07:00
Samuel Davidson
20b37d6c5a
Add IP rotation flags and env-vars to configure-*.sh
2020-05-20 13:07:37 -07:00
Karan Goel
451592c6a5
add karan to gci reviewer
2020-05-20 10:42:42 -07:00
Jacek Kaniuk
57caa27b8d
Do not add kube-apiserver performance flags if already set
2020-05-20 19:05:16 +02:00
Antoni Zawodny
15e491eb2f
Update kube-addon-manager to v9.1.1
2020-05-20 09:50:20 +02:00
Jakub Przychodzeń
ce1840d253
Revert "Update cri-tools to v1.18.0"
...
This reverts commit 4b3e023659
.
2020-05-19 11:19:39 +02:00
Sascha Grunert
4b3e023659
Update cri-tools to v1.18.0
...
Bump cri-tools to the latest version and update test scripts.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-05-18 13:38:41 +02:00
Jordan Liggitt
950ed38996
Mark experimental-cluster-signing-duration deprecated, add --cluster-signing-duration
2020-05-15 14:09:58 -04:00
Tim Hockin
d681a04541
Force LICENSES refresh on GCE images
...
Some test images have it baked in.
2020-05-11 14:25:26 -07:00
Yuwen Ma
1aa67fc525
Switch core master base images from debian to distroless
...
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2020-05-09 06:55:00 -04:00
Kubernetes Prow Robot
7d53ecee37
Merge pull request #90575 from thockin/fix_license_again
...
Reorganize vendor licenses again (revert #85220 )
2020-05-08 23:03:51 -07:00
Tim Hockin
325ea6e3c2
Restructure licenses again (revert cd4474a
)
...
This moves licenses of vendored code from one monolith file into a tree
of individual files for easier reviews. This fixes both the bash and
bazel paths.
2020-05-07 21:48:59 -07:00
Walter Fender
339918d206
Add admin account on master for kube-up
...
Creates a master local admin account.
If you are on the master you can now run kubectl.
For issue 87481.
2020-05-06 17:19:58 -07:00
Davanum Srinivas
0d38f21932
Use bionic repo for docker as focal is not yet available
...
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2020-05-03 16:50:49 -04:00
Kubernetes Prow Robot
e494b0788b
Merge pull request #89543 from bartekzurawski/fix-kube-up-gce-private-restart
...
Set ip alias route on kubernetes-master during booting
2020-04-24 09:38:07 -07:00
Vinayak Goyal
7a5f4c47de
Run kube-scheduler and kube-addon-manager as non root
2020-04-16 14:50:04 -07:00
Bartek Żurawski
3e4744c736
Set ip alias route on kubernetes-master during booting
2020-04-15 00:03:05 +02:00
Kubernetes Prow Robot
c0be582ca5
Merge pull request #89269 from Jefftree/network-proxy-beta
...
Use v1beta1 for egress selector config
2020-04-09 18:07:49 -07:00
Kubernetes Prow Robot
c7abf44a19
Merge pull request #88856 from yaseenhamdulay/patch-1
...
Create etcd user in cloud-init master.yaml rather than in configure-h…
2020-03-27 20:41:53 -07:00
Samuel Davidson
c70cd1e82f
Changed readonly to true and type to File for authn/authz config.
2020-03-25 17:45:27 -07:00
Yaseen Hamdulay
58f78a53ee
Add ssh_redirect_user
2020-03-24 11:30:48 +00:00
Kubernetes Prow Robot
de877ec26e
Merge pull request #89327 from aojea/conntrack
...
cluster: ipvs conntrack module vs kernel version
2020-03-22 13:28:44 -07:00
Antonio Ojea
33810a99d9
cluster: ipvs conntrack module vs kernel version
...
We should use 'nf_conntrack' instead of 'nf_conntrack_ipv4'
for linux kernel >= 4.19
2020-03-21 11:23:28 +01:00
Jefftree
936f7665cf
network proxy alpha -> beta
2020-03-19 11:49:47 -07:00
yaseenhamdulay
5de3c64ad0
Create etcd user in cloud-init master.yaml rather than in configure-helper.sh
...
An etcd unix user is currently created in configure-helper.sh if it does not exist
on the master.
cloud-init is the only supported mechanism to add users on COS VMs. If an attempt
is made to add a key using OS Login or the instance metadata mechanism the
google_accounts_daemon will race with useradd and potentially attempt to use
the same UID. This will lock out any attempt to SSH into the VM. We therefore
migrate to using cloud-init to create this user and prevent this issue from occurring.
2020-03-19 11:05:42 +00:00
Kubernetes Prow Robot
f899ad704a
Merge pull request #89069 from enj/enj/i/drop_password_file
...
Remove support for basic authentication
2020-03-18 22:24:20 -07:00
Kubernetes Prow Robot
8055c92e26
Merge pull request #88125 from mwwolters/flex2healthz
...
Switch flexvolume_node_setup.sh from kubelet RO port to healthz port
2020-03-17 16:20:07 -07:00
Joe Betz
23c358d883
Fix unbound variable error in gce/configure.sh
...
Looks like UBUNTU_INSTALL_RUNC_VERSION should be optional here.
2020-03-12 16:41:25 -07:00
Monis Khan
df292749c9
Remove support for basic authentication
...
This change removes support for basic authn in v1.19 via the
--basic-auth-file flag. This functionality was deprecated in v1.16
in response to ATR-K8S-002: Non-constant time password comparison.
Similar functionality is available via the --token-auth-file flag
for development purposes.
Signed-off-by: Monis Khan <mok@vmware.com>
2020-03-11 20:55:47 -04:00
Jefftree
6fd748e2c5
exit if KONNECTIVITY_SERVICE_PROXY_PROTOCOL_MODE is set incorrectly
2020-03-05 16:59:55 -08:00
Jefftree
06abedb063
Allow both GRPC and http-connect mode to be toggled
2020-03-05 16:16:59 -08:00
Jefftree
2a98cb7f8b
Use GRPC mode for network proxy
2020-03-02 15:54:52 -08:00
Jefftree
0989770135
Update network proxy to v0.0.7
2020-03-02 10:09:00 -08:00
Jefftree
4c54241c3d
Support token authentication for network proxy
2020-03-01 17:24:48 -08:00
Kubernetes Prow Robot
831dae75bf
Merge pull request #88185 from vinayakankugoyal/appendandreplace
...
append_or_replace_prefixed_line in /cluster/gce/gci/configure-helper.…
2020-02-26 13:33:19 -08:00
Vinayak Goyal
388ebfe7d0
append_or_replace_prefixed_line in /cluster/gce/gci/configure-helper.sh fails for prefixes that contain quotes and = sign.
2020-02-24 17:35:36 -08:00
Kubernetes Prow Robot
6461e6f4fb
Merge pull request #87179 from Jefftree/netproxy-uds
...
UDS + GRPC Support for Network Proxy
2020-02-20 21:20:32 -08:00
Jefftree
725d2b6a8f
Network Proxy: GRPC + HTTP Connect with UDS
2020-02-20 10:19:37 -08:00
Benjamin Elder
4454ce6f37
fix shellcheck failures in health-monitor.sh
2020-02-14 16:12:18 -08:00
Mark Wolters
ba74c1cfb4
Switch flexvolume_node_setup.sh from kubelet RO port to healthz port
2020-02-13 09:58:51 -08:00
Kubernetes Prow Robot
78a02a223d
Merge pull request #88010 from dims/support-for-adding-test-handler-for-containerd
...
Support for adding test-handler for containerd
2020-02-11 23:15:58 -08:00
Kubernetes Prow Robot
04cfa4981a
Merge pull request #87463 from mwwolters/healthmon2healthz
...
Migrate health monitor from read only port to healthz port
2020-02-11 17:06:08 -08:00
Davanum Srinivas
8f764b113e
Support for adding test-handler for containerd
2020-02-10 20:43:40 -05:00
Davanum Srinivas
da024f9a57
Ability to override versions of containerd/runc
2020-02-08 20:20:15 -05:00
Davanum Srinivas
acd286d95d
Install containerd package depending on CONTAINER_RUNTIME
2020-02-08 17:53:37 -05:00
Davanum Srinivas
c4ef6a94b3
Add gid to config.toml only when docker group is present
...
If we don't install docker and install just containerd apt packages,
there is no docker group. In this scenario, we should not add the gid to
config.toml
2020-02-08 17:53:37 -05:00
Davanum Srinivas
2c93aa6ec3
Ensure kubectl is available in PATH by explicitly exporting the script
2020-02-07 09:05:07 -05:00
Davanum Srinivas
f20e17e9dd
python snippets should work on both old and new python versions
2020-02-05 11:22:56 -05:00
Davanum Srinivas
dc3f31569e
Ensure specified container runtimes are present
2020-02-03 13:40:57 -05:00
Stephen Augustus
1174e6698e
cni: Update CNI version to v0.8.5
...
Signed-off-by: Stephen Augustus <saugustus@vmware.com>
2020-01-29 04:41:29 -05:00
Stephen Augustus
96f2588b61
cni: Update CNI download URLs to use new GCS bucket (k8s-artifacts-cni)
...
Signed-off-by: Stephen Augustus <saugustus@vmware.com>
2020-01-29 02:32:22 -05:00
Kubernetes Prow Robot
324b5921c1
Merge pull request #87529 from cheftako/master
...
Added relevent approvers and reviewers for gci.
2020-01-25 11:49:02 -08:00
Kubernetes Prow Robot
15f96a807a
Merge pull request #86305 from saschagrunert/cri-tools
...
Update cri-tools to v1.17.0
2020-01-24 12:18:32 -08:00
Walter Fender
b2f3236771
Added relevent approvers and reviewers for gci.
...
Adding new approver and reviewers for the gci scripts.
2020-01-24 09:29:35 -08:00
Kubernetes Prow Robot
90da466221
Merge pull request #87504 from cheftako/master
...
Fix issue with GCE scripts assuming Python2.
2020-01-24 03:03:19 -08:00
Walter Fender
1dd53fd3ba
Fix issue with GCE scripts assuming Python2.
...
For bug #87482 .
Newer OSs are now defaulting to Python3.
This breaks the kube-up scripts for GCE.
Adding code to detect this and explicitly use Python2.
2020-01-23 15:05:04 -08:00
Koonwah Chen
cfd61e801b
Add env var(CNI_TAR_PREFIX) for cni install.
...
cni release has changed the prefix, add a var to make this configurable.
2020-01-22 15:14:31 -08:00
Mark Wolters
aee028dab8
Migrate health monitor from read only port to healthz port
2020-01-22 10:52:08 -08:00
Kubernetes Prow Robot
34e090187c
Merge pull request #87032 from awly/preload-gke-exec-plugin
...
Allow a preloaded gke-exec-auth-plugin
2020-01-16 13:14:52 -08:00
Janek Łukaszewicz
a9e5fd6623
Revert "Revert "Add an option to specify kubelet flags for heapster node.""
...
This reverts commit 00ea8c4f9e
.
2020-01-14 12:53:25 +01:00
Sascha Grunert
7e5e7c141c
Update cri-tools to v1.17.0
...
Update the crictl binaries to the latest release
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-01-14 08:36:20 +01:00
Andrew Lytvynov
71966adfc3
Allow a preloaded gke-exec-auth-plugin
2020-01-09 10:37:43 -08:00
Kubernetes Prow Robot
127c47caf4
Merge pull request #85512 from serathius/remove-cluster-monitoring
...
Remove cluster-monitoring
2019-12-17 21:05:57 -08:00
Kubernetes Prow Robot
4a62b3ac6d
Merge pull request #86329 from mml/core_pattern
...
Set core_pattern to an absolute path.
2019-12-17 19:48:11 -08:00
Matt Liggett
ec24d3c7e8
Set core_pattern to an absolute path.
...
Change-Id: I71e848783c05dc75b2232e05dd2ed3aa9a983e23
2019-12-11 15:05:48 -08:00
Nikolaos Moraitis
00ea8c4f9e
Revert "Add an option to specify kubelet flags for heapster node."
2019-12-11 11:19:13 +01:00
Marek Siarkowicz
31fb04fa98
Remove cluster-monitoring
...
Heapster is deprecated and no longer supported
2019-12-09 11:25:20 +01:00
Janek Łukaszewicz
39cb8222c7
Add an option to specify kubelet flags for heapster node.
...
Useful in scalability tests, where we don't want test pods (e.g. Kubemark hollow
nodes) to be scheduled on heapster node.
2019-12-06 12:44:26 +01:00
Kubernetes Prow Robot
95a3cd54cf
Merge pull request #82720 from hwdef/add-err-handling-in-gce-gci
...
add err handling in gce/gci
2019-12-02 22:56:57 -08:00
hwdef
e581be1ec7
add err handling in gce/gci
2019-12-03 09:34:41 +08:00
Kubernetes Prow Robot
c213196f0a
Merge pull request #85014 from dekkagaijin/master
...
let standalone npd use kubelet credentials
2019-11-14 17:50:30 -08:00
Jordan Liggitt
cd4474ae4f
Revert "76093 restructure LICENSES file generation"
...
This reverts commit d39ac98cc5
.
2019-11-13 10:24:32 -05:00
Ji Shan Xing
d39ac98cc5
76093 restructure LICENSES file generation
2019-11-12 20:38:57 -05:00
Xing Yang
3324722e07
VolumeSnapshot CRD v1beta1: Enable VolumeSnapshotDataSource feature gate and update e2e tests
2019-11-11 02:34:24 +00:00
Jake Sanders
42a06f58c6
let standalone npd use kubelet credentials
...
Signed-off-by: Jake Sanders <jsand@google.com>
2019-11-08 14:50:41 -08:00
Kubernetes Prow Robot
c7869131dd
Merge pull request #84744 from immutableT/isolate-etcd-config
...
Isolate configuration of etcd related parameters into a separate function.
2019-11-05 15:31:29 -08:00
Kubernetes Prow Robot
8ff16f35f8
Merge pull request #84007 from wojtek-t/reduce_node_update_frequency
...
Reduce node update frequency
2019-11-04 15:28:43 -08:00
immutablet
f7bd5455fe
Isolate configuration of etcd related parameters into a separate function.
2019-11-04 13:55:31 -08:00
Kubernetes Prow Robot
7b6369c803
Merge pull request #84249 from odinuge/bump-shellcheck
...
Bump shellcheck to v0.7.0
2019-11-04 06:19:40 -08:00
wojtekt
12c8b4a9df
Bumpd NodeProblemDetector
2019-11-03 08:50:22 +01:00
immutablet
576edaf072
Refactor tests for configure-helper.sh by moving environment config to testdata.
2019-11-01 13:57:54 -07:00
Kubernetes Prow Robot
a8e819746d
Merge pull request #83442 from serathius/remove-prometheus-addon
...
Remove prometheus addon
2019-10-29 01:34:43 -07:00
Odin Ugedal
cce1f32ea5
Fix shellcheck failures SC2034
2019-10-23 22:47:46 +02:00
Kubernetes Prow Robot
13de6868fe
Merge pull request #81075 from mborsz/mtls
...
Add mtls support to add/remove-replica
2019-10-22 23:18:13 -07:00
Maciej Borsz
7ee8a02eee
Add mtls support to add/remove-replica
2019-10-22 14:59:16 +02:00
Kubernetes Prow Robot
99d40d3d44
Merge pull request #80137 from ialidzhikov/enh/better-naming
...
Rename dashboard-controller.yaml to dashboard-deployment.yaml
2019-10-16 05:51:41 -07:00
ialidzhikov
b3dcbbf98c
Rename dashboard-controller.yaml to dashboard-deployment.yaml
...
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>
2019-10-15 13:55:06 +03:00
immutablet
b6b55519ca
Isolate the logic related to the configuration of kube-apiserver into a separate script.
2019-10-11 11:34:09 -07:00
Kubernetes Prow Robot
00096d8fed
Merge pull request #83366 from mwwolters/admission-control-flag
...
Switch from admission-control flag to enable-admission-plugins
2019-10-05 04:35:11 -07:00
Kubernetes Prow Robot
52a3cb06ef
Merge pull request #82845 from prameshj/custom-nodelocal
...
Update nodelocaldns yaml to use image with custom Stubdomains support
2019-10-04 16:31:13 -07:00
Marek Siarkowicz
887e84e330
Remove Prometheus addon and it's tests
...
Prometheus addon was developed for exterimental and test purpose only.
As readme states it should not be used by anyone.
2019-10-03 14:15:58 +02:00
Jacek Kaniuk
46e7a14227
Ability to set up additional, bigger nodes during tests
2019-10-03 12:20:06 +02:00
Maciej Borsz
2d9a9f7713
Revert "Revert "Revert "[Re-Apply][Distroless] Convert the GCE manifests for master containers."""
2019-10-02 09:22:02 +02:00
Mark Wolters
f7bf17bc2f
Switch from admission-control flag to enable-admission-plugins
2019-10-01 09:21:33 -07:00
Kubernetes Prow Robot
6610260cc4
Merge pull request #78466 from yuwenma/revert-77904-revert-76396-reapply-75624
...
Revert "Revert "[Re-Apply][Distroless] Convert the GCE manifests for master containers.""
2019-10-01 01:21:33 -07:00
Kubernetes Prow Robot
b215562a70
Merge pull request #83205 from zhenglol/zhengch_event_exporter_to_sd
...
Use $STACKDRIVER_ENDPOINT to set exporter sd endpoint
2019-09-30 13:09:00 -07:00
Kubernetes Prow Robot
b281315450
Merge pull request #82856 from Random-Liu/update-crictl
...
Update crictl to v1.16
2019-09-26 14:40:23 -07:00
Zheng Chen
3972e5c3e7
using STACKDRIVER_ENDPOINT to set exporter sd endpoint according to cluster env
2019-09-26 14:00:59 -04:00
Lantao Liu
dfd5957713
Update crictl to v1.16.1.
2019-09-25 16:06:39 -07:00
Kubernetes Prow Robot
7266b1b487
Merge pull request #82801 from krzyzacy/auth-curl
...
auth/cloud-platform is a superset of devstorage.
2019-09-23 17:31:53 -07:00
Sen Lu
e3fdebbe62
auth/cloud-platform is a superset of devstorage.
...
Also fix the curl in get-kube.sh
2019-09-23 14:14:03 -07:00
Kubernetes Prow Robot
5cdf18e348
Merge pull request #82624 from qingling128/master
...
Upgrade stackdriver-logging-agent image to 1.6.17 to fix CVEs.
2019-09-18 17:30:59 -07:00
Kubernetes Prow Robot
1bebaea417
Merge pull request #81061 from k-toyoda-pi/fix_shellcheck_flexvolume_node_setup
...
Fix shellcheck failure in gce/gci/flexvolume_node_setup.sh
2019-09-16 14:43:54 -07:00
Pavithra Ramesh
7a7f856e22
Support running custom nodelocaldns yaml in gce.
2019-09-12 12:53:53 -07:00
Ling Huang
dc9db4b413
Upgrade stackdriver-logging-agent image to 1.6.17 to fix CVEs.
...
Change-Id: Ic37a8d3663d616e7d196353efd9a0164da724728
2019-09-12 04:02:08 -04:00
Kubernetes Prow Robot
0dbb93125f
Merge pull request #82579 from mm4tt/etcd_expose_metrics
...
Expose etcd metric port in tests
2019-09-11 22:53:35 -07:00
Kubernetes Prow Robot
14e5ac8591
Merge pull request #82499 from filbranden/owners1
...
Remove me from OWNERS for GCI
2019-09-11 21:24:05 -07:00
Matt Matejczyk
fbbb4ebeca
Expose etcd metric port in tests
...
This is to allow scraping etcd metrics in scalabiblity tests.
This was already done in
https://github.com/kubernetes/kubernetes/pull/77657 , but then the logic
got changed when introducing mtls in
https://github.com/kubernetes/kubernetes/pull/77561 and the new etcd
metric port 2382 is currently only exposed on localhost.
Ref. https://github.com/kubernetes/perf-tests/issues/786
2019-09-11 13:57:00 +02:00
Kubernetes Prow Robot
f48659e9fd
Merge pull request #81681 from zhenglol/sd_test_endpoint
...
override stackdriver endpoint in event-exporter in test cluster
2019-09-10 14:32:00 -07:00
Filipe Brandenburger
c8f4e958e6
Remove me from OWNERS for GCI
...
Signed-off-by: Filipe Brandenburger <filbranden@gmail.com>
2019-09-09 09:39:05 -07:00
toyoda
5c724f6eaa
fix shellcheck failure in gci/flexvolume_node_setup.sh
2019-09-03 16:56:25 +09:00
Zhen Wang
d874dbfcb1
Bump NPD version to v0.7 for GCI
2019-08-27 22:26:30 -07:00
Kubernetes Prow Robot
d52b212189
Merge pull request #79908 from wenjiaswe/remove-aggregator-ca-key
...
Remove unused aggregator ca key
2019-08-23 13:31:18 -07:00
Zheng Chen
70a7134906
added override for sd testing env in event-exporter yaml
2019-08-20 16:29:15 -04:00
Kubernetes Prow Robot
282b992e0c
Merge pull request #81074 from mborsz/ilb
...
Experimental ILB support
2019-08-09 06:25:26 -07:00
Maciej Borsz
cc4094d916
Experimental ILB support
2019-08-09 12:38:15 +02:00
Walter Fender
ebb65c5f4c
Get network-proxy working with GCE.
...
Got the proxy-server coming up in the master.
Added certs and have it comiung up with those certs.
Added a daemonset to run the network-agent.
Adding support for agent running as a sameon set on every node.
Added quick hack to test that proxy server/agent were correctly
tunneling traffic to the kubelet.
Added more WIP for reading network proxy configuration.
Get flags set correctly and fix connection services.
Adding missing ApplyTo
Added ConnectivityService.
Fixed build directives. Added connectivity service configuration.
Fixed log levels.
Fixed minor issues for feature turned off.
Fixed boilerplate and format.
Moved log dialer initialization earlier as per Liggits suggestion.
Fixed a few minor issues in the configuration for GCE.
Fixed scheme allocation
Adding unit test.
Added test for direct connectivity service.
Switching to injecting the Lookup method rather than using a Singleton.
First round of mikedaneses feedback.
Fixed deployment to use yaml and other changes suggested by MikeDanese.
Switched network proxy server/agent which are kebab-case not camelCase.
Picked up DIAL_RSP fix.
Factored in deads2k feedback.
Feedback from mikedanese
Factored in second round of feedback from David.
Fix path in verify.
Factored in anfernee's feedback.
First part of lavalamps feedback.
Factored in more changes from lavalamp and mikedanese.
Renamed network-proxy to konnectivity-server and konnectivity-agent.
Fixed tolerations and config file checking.
Added missing strptr
Finished lavalamps requested rename.
Disambiguating konnectivity service by renaming it egress selector.
Switched feature flag to KUBE_ENABLE_EGRESS_VIA_KONNECTIVITY_SERVICE
2019-08-06 23:09:49 -07:00
Kubernetes Prow Robot
3be827e912
Merge pull request #77561 from wenjiaswe/fix-etcd-server
...
Use HTTPS as etcd-apiserver protocol when mTLS is enabled
2019-07-29 12:14:49 -07:00
Maciej Borsz
f1e6309560
Retry metadata requests in get-credentials and valid-storage-scope
2019-07-26 14:09:55 +02:00
Kubernetes Prow Robot
bf2dd03083
Merge pull request #80318 from davidxia/fix-err-caps
...
cleanup: fix some log and error capitalizations
2019-07-25 10:41:28 -07:00
Kubernetes Prow Robot
0612c7de0b
Merge pull request #80232 from shihan9/gce
...
remove function apply-encryption-config in configure-helper
2019-07-24 13:50:19 -07:00
Taahir Ahmed
9702c6e6e9
GCP config: gke-exec-auth-plugin for ValidatingAdmissionWebhook
...
This commit adds support for using `gke-exec-auth-plugin` (vTPM-based
certificates for mTLS) for webhooks when calling endpoints matching
`*.googleapis.com`, and integrates this support with
ValidatingAdmissionWebhook.
To enable it, request ValidatingAdmissionWebhook with
`ADMISSION_CONTROL=...,ValidatingAdmissionWebhook,...` (default) and
opt in to `gke-exec-auth-plugin` using `WEBHOOK_GKE_EXEC_AUTH=true`
during the configuration process.
If you don't opt-in, ValidatingAdmissionWebhook will be deployed as
before.
Requesting `WEBHOOK_GKE_EXEC_AUTH=true` will fail if you have not
provided other configuration variables:
* `EXEC_AUTH_PLUGIN_URL`: controls whether `gke-exec-auth-plugin` is
downloaded during the installation step. A prerequisite for
actually using the plugin.
* `TOKEN_URL`, `TOKEN_BODY`, and `TOKEN_BODY_UNQUOTED`:
configuration values used when calling the plugin. `TOKEN_URL`
and `TOKEN_BODY` have existing usage. `TOKEN_BODY_UNQUOTED` is a
new variable that is meant to sidestep the problem of inverting
`strconv.Quote` in Bash.
The existing configuration process for ImagePolicyWebhook has been
reworked to make it play nicely with ValidatingAdmissionWebhook under
`WEBHOOK_GKE_EXEC_AUTH=true`.
* It originally placed the ImagePolicyWebhook configuration object
at the top-level of the file specified by
`--admission-control-config-file`. I can't see why this worked;
it must have been hitting some sort of lucky path through the
various config file loading mechanisms. Now, it places its
configuration in a sub-field of that file, which is shared among
all admission control plugins.
* It mounted its various config files read-write. I reviewed the
code and couldn't see why it was necessary, so I moved the config
files into the existing read-only mount at `/etc/srv/kubernetes`.
* It now checks that all the configuration values it requires have
been provided.
Co-authored-by: Mike Danese <mikedanese@google.com>
Co-authored-by: Taahir Ahmed <taahm@google.com>
2019-07-22 16:01:37 -07:00
David Xia
fabfd950b1
cleanup: fix some log and error capitalizations
...
Part of https://github.com/kubernetes/kubernetes/issues/15863
2019-07-20 18:26:16 -04:00
Wenjia Zhang
2e61ae0c56
Use HTTPS as etcd-apiserver protocol when mTLS is enabled
2019-07-20 14:24:31 -07:00
Javier Pérez Hernández
288ea10a59
gce: configure: use 'amd64' in kube core images manifest
2019-07-18 08:31:45 -07:00
Shihang Zhang
e6607cc259
remove function apply-encryption-config in configure-helper
...
Change-Id: I4df76abcc94eb222219968dc5e08655677d4623f
2019-07-16 14:03:13 -07:00
Davanum Srinivas
6b06084df6
Drop -r for variable within loop
...
using `local -r` will blow up, example output:
```
/home/kubernetes/bin/configure.sh: line 388: local: manifest_name: readonly variable
```
Change-Id: Id379180803d44dd9c7ac0da41c1cd56de0fe54a4
2019-07-14 11:05:29 -04:00
Javier Pérez Hernández
438ff151d4
cluster: configure: load images and add tags with no arch
2019-07-12 16:40:40 -07:00
Wenjia Zhang
5abd36824a
Remove unused aggregator ca key
2019-07-08 17:22:25 -07:00
Kubernetes Prow Robot
4cabe6217f
Merge pull request #79626 from wenjiaswe/remove-etcd-ca-key
...
Remove unnecessary ETCD_CA_KEY check
2019-07-08 14:28:14 -07:00
Kubernetes Prow Robot
097681b619
Merge pull request #72206 from tallclair/audit-profile-test
...
Audit profile test
2019-07-05 19:00:35 -07:00
Tim Allclair
d06f849379
Audit policy test
2019-07-03 10:39:37 -07:00
Maciej Borsz
08f8d2ef46
Fix HA setup logic
2019-07-03 11:17:31 +02:00
Wenjia Zhang
22591ad8f2
Remove unnecessary ETCD_CA_KEY check
2019-07-01 15:19:16 -07:00
Koonwah Chen
46ff8e6b57
Add env var(CNI_STORAGE_PATH) for cni storage path.
2019-06-24 11:47:14 -07:00
Zhen Wang
8f40368fb6
Clean up node-problem-detector configuration for GCI
2019-06-13 21:43:05 -07:00
Yuwen Ma
ccbb88fc53
Revert "Revert "[Re-Apply][Distroless] Convert the GCE manifests for master containers.""
2019-05-30 08:02:41 -07:00
Kubernetes Prow Robot
88da568586
Merge pull request #78406 from losipiuk/lo/split-args-ca
...
Split CA paramters on manifest template expansions
2019-05-30 00:32:46 -07:00
Kubernetes Prow Robot
f4945a81e2
Merge pull request #78314 from Random-Liu/set-containerd-oom-score
...
Set containerd oom score adj to -999.
2019-05-29 07:59:16 -07:00
Łukasz Osipiuk
dda5e49cac
Split CA parameters on manifest template expansion
...
Split arguments to be passed to cluster autoscaler binary,
so each argument is passed separately.
This is preparatory work for migrating CA to disroless base image
and passing multiple arguments together does not work if CA is
not wrapped around with shell script
Change-Id: I26b5a764d2a12079c7f4ed6633ccabf8d623e232
2019-05-29 15:20:34 +02:00
Jake Sanders
5a9af2e0ef
specify additional static auth for components by env var
2019-05-24 12:16:40 -07:00
Lantao Liu
f6aa22e9e3
Set containerd oom score adj to -999.
...
Signed-off-by: Lantao Liu <lantaol@google.com>
2019-05-24 10:36:54 -07:00
Matt Matejczyk
6ced6491c6
Change etcd's --listen-client-urls to 0.0.0.0 in tests
...
This is to allow scraping etcd metrics in scalability tests.
Ref. https://github.com/kubernetes/perf-tests/issues/522
2019-05-23 15:11:22 +02:00
Kubernetes Prow Robot
0203192970
Merge pull request #78044 from dekkagaijin/patch-6
...
Consolidate logic to ensure kubectl auth
2019-05-17 23:21:37 -07:00
Kubernetes Prow Robot
72f6954614
Merge pull request #77889 from Random-Liu/support-using-containerd-in-cos
...
Support using docker containerd in COS and Ubuntu on GCE.
2019-05-17 20:26:59 -07:00
Kubernetes Prow Robot
47304fbaee
Merge pull request #78039 from mikedanese/execmaster
...
allow exec auth plugin to be pulled on the master
2019-05-17 18:57:30 -07:00
Jake Sanders
9bc3c2af00
Consolidate logic to ensure kubectl auth
2019-05-17 11:32:09 -07:00
Kubernetes Prow Robot
314264aeaf
Merge pull request #78010 from mikedanese/fixdns
...
cluster/gce: fix line 2414: DNS_MEMORY_LIMIT: unbound variable
2019-05-17 10:12:59 -07:00