Production-Grade Container Scheduling and Management
Go to file
Kubernetes Submit Queue 30ce5d7244 Merge pull request #41484 from deads2k/kubeadm-01-add-front-proxy
Automatic merge from submit-queue (batch tested with PRs 41505, 41484, 41544, 41514, 41022)

add front proxy to kubeadm created kube-apiservers

The front proxy authenticator configuration has been in a release or two.  It allows a front proxy (secured by mutual TLS auth) to provide user information for a request.  The kube-aggregator uses this to securely terminate authentication (has to terminate TLS and thus client-certs) and communicate user info to backing API servers.

Since the kube-apiserver always verifies the front-proxy via a client certificate, this isn't open for abuse unless you already have access to either the signing key or client cert which kubeadm creates locally.  If you got there, you already owned the box.  Therefore, this adds the authenticator unconditionally.

@luxas Are there e2e tests for `kubeadm`?
@liggitt @kubernetes/sig-auth-misc
2017-02-16 14:28:16 -08:00
.github
api generated files 2017-02-15 16:04:10 -05:00
build remove kube-aggregator from bazel until we can build it 2017-02-14 14:57:52 -05:00
cluster Merge pull request #41564 from Crassirostris/fluentd-gcp-plugin-version-bump 2017-02-16 09:20:12 -08:00
cmd Merge pull request #41484 from deads2k/kubeadm-01-add-front-proxy 2017-02-16 14:28:16 -08:00
docs generated files 2017-02-15 16:04:10 -05:00
examples Revert "Remove alpha provisioning" 2017-02-16 13:53:55 +01:00
federation generated files 2017-02-15 16:04:10 -05:00
Godeps
hack Merge pull request #41452 from yujuhong/rename_flag 2017-02-15 17:16:19 -08:00
hooks
logo
pkg Merge pull request #41456 from dashpole/pod_volume_cleanup 2017-02-16 10:14:05 -08:00
plugin Merge pull request #37953 from liggitt/automount 2017-02-15 20:05:13 -08:00
staging Merge pull request #41416 from smarterclayton/error_panic 2017-02-16 10:14:12 -08:00
test Merge pull request #41505 from perotinus/fixnsdeletione2etest 2017-02-16 14:28:13 -08:00
third_party
translations
vendor pkg/api/testing: add deepcopy smoke test to roundtrip test 2017-02-16 10:19:42 +01:00
.bazelrc
.gazelcfg.json
.generated_docs
.generated_files
.gitattributes
.gitignore
BUILD.bazel
CHANGELOG.md Update CHANGELOG.md for v1.6.0-alpha.3. 2017-02-16 12:13:13 -08:00
code-of-conduct.md
CONTRIBUTING.md
labels.yaml
LICENSE
Makefile
Makefile.generated_files
OWNERS
OWNERS_ALIASES
README.md
Vagrantfile
WORKSPACE

Kubernetes

Submit Queue Widget GoDoc Widget

Introduction

Kubernetes is an open source system for managing containerized applications across multiple hosts, providing basic mechanisms for deployment, maintenance, and scaling of applications. Kubernetes is hosted by the Cloud Native Computing Foundation (CNCF).

Kubernetes builds upon a decade and a half of experience at Google running production workloads at scale using a system called Borg, combined with best-of-breed ideas and practices from the community.


Are you ...

Code of Conduct

The Kubernetes community abides by the CNCF code of conduct. Here is an excerpt:

As contributors and maintainers of this project, and in the interest of fostering an open and welcoming community, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities.

Community

Do you want to help shape the evolution of technologies that are container-packaged, dynamically-scheduled and microservices-oriented?. If you are a company, you should consider joining the CNCF. For details about who's involved in CNCF and how Kubernetes plays a role, read the announcement. For general information about our community, see the website community page.

Contribute

If you're interested in being a contributor and want to get involved in developing Kubernetes, get started with this reading:

You will then most certainly gain a lot from joining a SIG, attending the regular hangouts as well as the community meeting.

If you have an idea for a new feature, see the Kubernetes Features repository for a list of features that are coming in new releases as well as details on how to propose one.

Building Kubernetes for the impatient

If you want to build Kubernetes right away there are two options:

$ go get -d k8s.io/kubernetes
$ cd $GOPATH/src/k8s.io/kubernetes
$ make
$ git clone https://github.com/kubernetes/kubernetes
$ cd kubernetes
$ make quick-release

If you are less impatient, head over to the developer's documentation.

Support

While there are many different channels that you can use to get hold of us (Slack, Stack Overflow, Issues, Forums/Mailing lists), you can help make sure that we are efficient in getting you the help that you need.

If you need support, start with the troubleshooting guide and work your way through the process that we've outlined.

That said, if you have questions, reach out to us one way or another. We don't bite!

Analytics