CentOS 7 Core nodes running on OpenStack with an SSL-enabled API
endpoint results in the following error without this patch:
F0425 19:00:58.124520 5 server.go:100] Cloud provider could not be initialized: could not init cloud provider "openstack": Post https://my.openstack.cloud:5000/v2.0/tokens: x509: failed to load system roots and no roots provided
The root cause is that the ca-bundle.crt file is actually a symlink
which points to a directory which wasn't previously exposed.
[root@kubernetesstack-master ~]# ls -l /etc/ssl/certs/ca-bundle.crt
lrwxrwxrwx. 1 root root 49 18 nov 11:02 /etc/ssl/certs/ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
[root@kubernetesstack-master ~]#
Fixed the order of fields for basic_auth.
This provider still needs to leverage common.sh for generating proper credentials though.
Also documented a pattern for how to get the SWIFT_SERVER_URL automatically
Hard-coded the enabling of the common addons:
- logging
- kube-dashboard
- monitoring
Will make it configureable in a subsequent PR.
Also need to enable configuration of basic_auth.csv
This makes it so that we download the OS image automatically.
Also contains other usability improvements:
- kubectl context created with heat stack name
- Bumped default minions to 3
Making the assumption that the person running kube-up has their
Openstack environment setup, those same variables are being passed
into heat, and then into openstack.conf.
The salt codebase was modified to add openstack as well.
If someone has an openrc as part of their profile, this will make kube-up work automatically.
The only things that have to be modified are in config-default.sh, either by editing the file or setting environment variables.
This assumes you have your environement variables set correctly.
When ENABLE_PROXY is set to true, it takes the current proxy
settings and applies them to the heat configuration.
Also modified the defaults system in config-default.sh
Automatic merge from submit-queue
Update Docker version after cockpit installation
Fixes https://github.com/kubernetes/kubernetes/issues/24530
The vagrant setup didn't worked for me because `cockpit cockpit-kubernetes` brings their own Docker version (1.7) which doesn't work and the master components doesn't come up. More information about this bug are in my [issue](https://github.com/kubernetes/kubernetes/issues/24530).
My test system:
```bash
$ uname -a
Darwin MyMacBook.local 15.4.0 Darwin Kernel Version 15.4.0: Fri Feb 26 22:08:05 PST 2016; root:xnu-3248.40.184~3/RELEASE_X86_64 x86_64
$ vagrant --version
Vagrant 1.8.1
$ VBoxManage --version
5.0.16r105871
```
Automatic merge from submit-queue
Update configmap design doc
1. Update ConfigMapSelector -> ConfigMapKeySelector
2. Update apiVersion to v1
3. Fix error validating data: expected type array, for field spec.containers[0].command, got string; if you choose to ignore these errors, turn validation off with --validate=false
Automatic merge from submit-queue
Store node information in NodeInfo
This is significantly improving scheduler throughput.
On 1000-node cluster:
- empty cluster: ~70pods/s
- full cluster: ~45pods/s
Drop in throughput is mostly related to priority functions, which I will be looking into next (I already have some PR #24095, but we need for more things before).
This is roughly ~40% increase.
However, we still need better understanding of predicate function, because in my opinion it should be even faster as it is now. I'm going to look into it next week.
@gmarek @hongchaodeng @xiang90
Automatic merge from submit-queue
Do not update cache with so much effort
Fixes: #24298
1. Remove automatic update
2. Every time we check if we can get valid value from cache, if not, get the value directly from api
cc @Random-Liu
Automatic merge from submit-queue
Add flag -t as shorthand for --tty
`-t` was deprecated in #12813 (Aug. 2015, about 6+ months ago).
Now remove `--template`'s shorthand `-t` and create a shorthand `-t` for `--tty` in `kubectl run`.
@kubernetes/kubectl
Automatic merge from submit-queue
Add support for running clusters on GCI
Google Container-VM Image (GCI) is the next revision of Container-VM. See documentation at https://cloud.google.com/compute/docs/containers/vm-image/. This change adds support for starting a Kubernetes cluster using GCI.
With this change, users can start a kubernetes cluster using the latest kubelet and kubectl release binary built in the GCI image by running:
$ KUBE_OS_DISTRIBUTION="gci" cluster/kube-up.sh
Or run a testing cluster on GCI by running:
$ KUBE_OS_DISTRIBUTION="gci" go run hack/e2e.go -v --up
The commands above will choose the latest GCI image by default.
Automatic merge from submit-queue
Generated clients can return their RESTClients, RESTClient can return its RateLimiter
cc @lavalamp @krousey @wojtek-t @smarterclayton @timothysc
Ref. #22421
Automatic merge from submit-queue
Ignore all _output* directories.
In the new release tooling we build into multiple _output directories and this caught us on a recent build of 1.2.4-beta.0.
ref: #24837#23839
Automatic merge from submit-queue
Switch to ABAC authorization from AllowAll
Switch from AllowAll to ABAC. All existing identities (that are created by deployment scripts) are given full permissions through ABAC. Manually created identities will need policies added to the `policy.jsonl` file on the master.
