Production-Grade Container Scheduling and Management
Go to file
Lubomir I. Ivanov 5c00024c70 kubeadm: fix wrong check for keys/certs during "download-certs"
During "join" of new control plane machines, kubeadm would
download shared certificates and keys from the cluster stored
in a Secret. Based on the contents of an entry in the Secret,
it would use helper functions from client-go to either write
it as public key, cert (mode 644) or as a private key (mode 600).

The existing logic is always writing both keys and certs with mode 600.
Allow detecting public readable data properly and writing some files
with mode 644.

First check the data with ParsePrivateKeyPEM(); if this passes
there must be at least one private key and the file should be written
with mode 600 as private. If that fails, validate if the data contains
public keys with ParsePublicKeysPEM() and write the file as public
(mode 644).

As a result of this new logic, and given the current set of managed
kubeadm files, .key files will end up with 600, while .crt and .pub
files will end up with 644.
2021-06-29 23:42:04 +03:00
.github .github: update enhancement issue template to point to KEPs 2021-02-24 16:03:40 +05:30
api Merge pull request #103003 from sschne/bugfix/fix-required-pathtype 2021-06-27 23:17:25 -07:00
build Update setcap image to buster-v2.0.3 2021-06-26 15:16:12 -04:00
CHANGELOG Merge pull request #103093 from songxiao-wang87/run-test22 2021-06-28 01:11:25 -07:00
cluster Merge pull request #103104 from pacoxu/npd-088 2021-06-29 02:30:40 -07:00
cmd kubeadm: fix wrong check for keys/certs during "download-certs" 2021-06-29 23:42:04 +03:00
docs hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
hack Merge pull request #100771 from njuptlzf/fix_staticcheck_storage 2021-06-25 01:16:45 -07:00
LICENSES Add distributed tracing to the apiserver using OpenTelemetry 2021-06-25 05:20:27 -07:00
logo Create colors.md 2021-01-15 22:15:43 -08:00
pkg Merge pull request #102028 from chrishenzie/read-write-once-pod-access-mode 2021-06-29 10:04:40 -07:00
plugin PodSecurity: kube-apiserver: admission wiring 2021-06-28 17:45:35 -04:00
staging Merge pull request #102028 from chrishenzie/read-write-once-pod-access-mode 2021-06-29 10:04:40 -07:00
test Merge pull request #102576 from dobsonj/101911 2021-06-29 06:54:40 -07:00
third_party remove unused third_party/intemp 2021-03-08 21:17:37 -08:00
translations hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
vendor PodSecurity: vendor: generated files 2021-06-28 17:46:00 -04:00
.generated_files
.gitattributes
.gitignore Rename _examples to examples 2021-01-25 10:20:46 -08:00
CHANGELOG.md
code-of-conduct.md
CONTRIBUTING.md Remove stale analytics links from docs 2020-11-18 07:04:48 -06:00
go.mod PodSecurity: vendor: generated files 2021-06-28 17:46:00 -04:00
go.sum Updated to use konnectivity client v0.0.21, and implemented placeholder context 2021-06-25 22:27:51 +00:00
LICENSE
Makefile
Makefile.generated_files
OWNERS
OWNERS_ALIASES Add lilic as Instrumentation reviewer 2021-06-23 12:08:11 -07:00
README.md Update godoc reference widget to pkg.go.dev 2021-01-26 09:34:07 -05:00
SECURITY_CONTACTS
SUPPORT.md

Kubernetes (K8s)

GoPkg Widget CII Best Practices


Kubernetes, also known as K8s, is an open source system for managing containerized applications across multiple hosts. It provides basic mechanisms for deployment, maintenance, and scaling of applications.

Kubernetes builds upon a decade and a half of experience at Google running production workloads at scale using a system called Borg, combined with best-of-breed ideas and practices from the community.

Kubernetes is hosted by the Cloud Native Computing Foundation (CNCF). If your company wants to help shape the evolution of technologies that are container-packaged, dynamically scheduled, and microservices-oriented, consider joining the CNCF. For details about who's involved and how Kubernetes plays a role, read the CNCF announcement.


To start using K8s

See our documentation on kubernetes.io.

Try our interactive tutorial.

Take a free course on Scalable Microservices with Kubernetes.

To use Kubernetes code as a library in other applications, see the list of published components. Use of the k8s.io/kubernetes module or k8s.io/kubernetes/... packages as libraries is not supported.

To start developing K8s

The community repository hosts all information about building Kubernetes from source, how to contribute code and documentation, who to contact about what, etc.

If you want to build Kubernetes right away there are two options:

You have a working Go environment.
mkdir -p $GOPATH/src/k8s.io
cd $GOPATH/src/k8s.io
git clone https://github.com/kubernetes/kubernetes
cd kubernetes
make
You have a working Docker environment.
git clone https://github.com/kubernetes/kubernetes
cd kubernetes
make quick-release

For the full story, head over to the developer's documentation.

Support

If you need support, start with the troubleshooting guide, and work your way through the process that we've outlined.

That said, if you have questions, reach out to us one way or another.