Production-Grade Container Scheduling and Management
Go to file
Kubernetes Submit Queue 7392f562e8 Merge pull request #40149 from luxas/followup_rbac
Automatic merge from submit-queue (batch tested with PRs 39772, 39831, 39481, 40167, 40149)

Only enable RBAC if the k8s version is above 1.6.0-alpha.0

...and move the defaulting of the api type into a specific file



**What this PR does / why we need it**: RBAC should only be enabled when k8s version is v1.6.0-alpha.0+, where https://github.com/kubernetes/kubernetes/pull/39625 is merged

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #

**Special notes for your reviewer**:

```
$ sudo ./kubeadm init
[kubeadm] WARNING: kubeadm is in alpha, please do not use it for production clusters.
[init] Using Kubernetes version: v1.5.2
[init] Using Authorization mode: AlwaysAllow
[init] A token has not been provided, generating one
[preflight] Running pre-flight checks
[preflight] WARNING: kubelet service is not enabled, please run 'systemctl enable kubelet.service'
[preflight] Starting the kubelet service
[certificates] Generated Certificate Authority key and certificate.
[certificates] Generated API Server key and certificate
[certificates] Generated Service Account signing keys
[certificates] Created keys and certificates in "/etc/kubernetes/pki"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"
[apiclient] Created API client, waiting for the control plane to become ready
[apiclient] All control plane components are healthy after 39.517396 seconds
[apiclient] Waiting for at least one node to register and become ready
[apiclient] First node is ready after 6.521587 seconds
[apiclient] Creating a test deployment
[apiclient] Test deployment succeeded
[token-discovery] Using token: 6c3430:2889e46ce3f11610
[token-discovery] Created the kube-discovery deployment, waiting for it to become ready
[token-discovery] kube-discovery is ready after 3.502025 seconds
[addons] Created essential addon: kube-proxy
[addons] Created essential addon: kube-dns

Your Kubernetes master has initialized successfully!

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
    http://kubernetes.io/docs/admin/addons/

You can now join any number of machines by running the following on each node:

kubeadm join --discovery token://6c3430:2889e46ce3f11610@192.168.200.101:9898
```

```
$ cat fetch-ci-images.sh
#!/bin/bash

CI_COMMIT=${CI_COMMIT:-latest}
ARCH=${ARCH:-amd64}
OLD_REGISTRY=${OLD_REGISTRY:-gcr.io/google_containers}
NEW_REGISTRY=${NEW_REGISTRY:-${OLD_REGISTRY}}

if [[ ${CI_COMMIT} == "latest" ]]; then
	CI_COMMIT=$(curl -sSL https://storage.googleapis.com/kubernetes-release-dev/ci-cross/latest.txt)
fi

CI_COMMIT_TAG=$(echo ${CI_COMMIT} | sed "s/+/-/")

echo "Using commit: ${CI_COMMIT}"
echo "Tagging to registry: ${NEW_REGISTRY}"

images=(
	kube-apiserver
	kube-scheduler
	kube-controller-manager
	kube-proxy
)

for image in ${images[@]}; do
	curl -sSL https://storage.googleapis.com/kubernetes-release-dev/ci-cross/${CI_COMMIT}/bin/linux/${ARCH}/${image}.tar | docker load
	image_tag=$(curl -sSL https://storage.googleapis.com/kubernetes-release-dev/ci-cross/${CI_COMMIT}/bin/linux/${ARCH}/${image}.md5)
	docker tag ${OLD_REGISTRY}/${image}:${image_tag} ${NEW_REGISTRY}/${image}-${ARCH}:${CI_COMMIT_TAG}
	docker rmi ${OLD_REGISTRY}/${image}:${image_tag}
	echo "Image created: ${NEW_REGISTRY}/${image}-${ARCH}:${CI_COMMIT_TAG}"
done

cat <<EOF
Now you can run:
	kubeadm init --use-kubernetes-version ${CI_COMMIT_TAG}
EOF
$ ./fetch-ci-images.sh
Using commit: v1.6.0-alpha.0.3549+5e4625cad72e5b
Tagging to registry: gcr.io/google_containers
c366cffde3c9: Loading layer 1.312 MB/1.312 MB
1911ea24d99d: Loading layer 1.024 kB/1.024 kB
3af1ee6d3b81: Loading layer 132.9 MB/132.9 MB
Untagged: gcr.io/google_containers/kube-apiserver:8562727e1eabe97a95bc2e52992db195
Image created: gcr.io/google_containers/kube-apiserver-amd64:v1.6.0-alpha.0.3549-5e4625cad72e5b
c366cffde3c9: Loading layer 1.312 MB/1.312 MB
1911ea24d99d: Loading layer 1.024 kB/1.024 kB
86bf938b66e2: Loading layer 54.88 MB/54.88 MB
Untagged: gcr.io/google_containers/kube-scheduler:5319acbc670b5050f119e6f6e3c9b7e3
Image created: gcr.io/google_containers/kube-scheduler-amd64:v1.6.0-alpha.0.3549-5e4625cad72e5b
c366cffde3c9: Loading layer 1.312 MB/1.312 MB
1911ea24d99d: Loading layer 1.024 kB/1.024 kB
6743a986e1ed: Loading layer 104.9 MB/104.9 MB
Untagged: gcr.io/google_containers/kube-controller-manager:6698cef6338d549160d58fd8381f3d07
Image created: gcr.io/google_containers/kube-controller-manager-amd64:v1.6.0-alpha.0.3549-5e4625cad72e5b
bf028f50c346: Loading layer 128.9 MB/128.9 MB
a99e621f3f37: Loading layer 1.024 kB/1.024 kB
76d4fdcd51a9: Loading layer 5.076 MB/5.076 MB
ee455b365369: Loading layer 42.52 MB/42.52 MB
Untagged: gcr.io/google_containers/kube-proxy:3914060ffe3225ae29fe88cb960826f9
Image created: gcr.io/google_containers/kube-proxy-amd64:v1.6.0-alpha.0.3549-5e4625cad72e5b
Now you can run:
	kubeadm init --use-kubernetes-version v1.6.0-alpha.0.3549-5e4625cad72e5b
```

```
$ sudo ./kubeadm init --use-kubernetes-version v1.6.0-alpha.0.3549-5e4625cad72e5b
[kubeadm] WARNING: kubeadm is in alpha, please do not use it for production clusters.
[init] Using Kubernetes version: v1.6.0-alpha.0.3549-5e4625cad72e5b
[init] Using Authorization mode: RBAC
[init] A token has not been provided, generating one
[preflight] Running pre-flight checks
[preflight] WARNING: kubelet service is not enabled, please run 'systemctl enable kubelet.service'
[preflight] Starting the kubelet service
[certificates] Generated Certificate Authority key and certificate.
[certificates] Generated API Server key and certificate
[certificates] Generated Service Account signing keys
[certificates] Created keys and certificates in "/etc/kubernetes/pki"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"
[apiclient] Created API client, waiting for the control plane to become ready
[apiclient] All control plane components are healthy after 31.252686 seconds
[apiclient] Waiting for at least one node to register and become ready
[apiclient] First node is ready after 9.064842 seconds
[apiclient] Creating a test deployment
[apiclient] Test deployment succeeded
[apiconfig] Created kubelet-bootstrap RBAC rules
[apiconfig] Created kube-dns RBAC rules
[apiconfig] Created kube-proxy RBAC rules
[token-discovery] Using token: 99b957:ccb1fbc703a0db8a
[token-discovery] Created the kube-discovery deployment, waiting for it to become ready
[token-discovery] kube-discovery is ready after 3.502064 seconds
[addons] Created essential addon: kube-proxy
[addons] Created essential addon: kube-dns

Your Kubernetes master has initialized successfully!

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
    http://kubernetes.io/docs/admin/addons/

You can now join any number of machines by running the following on each node:

kubeadm join --discovery token://99b957:ccb1fbc703a0db8a@192.168.200.101:9898
```

**Release note**:

```release-note
NONE
```
@pires @mikedanese @andrewrynhard
2017-01-19 17:56:49 -08:00
.github
api autogenerated 2017-01-19 14:24:45 -08:00
build Updated top level owners file to match new format 2017-01-19 11:29:16 -08:00
cluster Merge pull request #40164 from apelisse/update-root-approvers-files 2017-01-19 17:02:18 -08:00
cmd Merge pull request #40149 from luxas/followup_rbac 2017-01-19 17:56:49 -08:00
docs Merge pull request #39772 from mikedanese/v1beta1 2017-01-19 17:48:16 -08:00
examples Updated top level owners file to match new format 2017-01-19 11:29:16 -08:00
federation Updated top level owners file to match new format 2017-01-19 11:29:16 -08:00
Godeps licenses 2017-01-18 12:44:58 -08:00
hack Merge pull request #40167 from spxtr/verify-boiler 2017-01-19 17:56:47 -08:00
hooks Fix spelling in package naming linter error message 2016-12-20 15:48:14 -05:00
logo Updated top level owners file to match new format 2017-01-19 11:29:16 -08:00
pkg Merge pull request #39831 from jessfraz/fix-38774 2017-01-19 17:56:45 -08:00
plugin Updated top level owners file to match new format 2017-01-19 11:29:16 -08:00
staging Merge pull request #39481 from nikhiljindal/alreadyRegisteredError 2017-01-19 17:56:46 -08:00
test Merge pull request #39772 from mikedanese/v1beta1 2017-01-19 17:48:16 -08:00
third_party Build release tarballs in bazel and add make bazel-release rule 2017-01-13 16:17:44 -08:00
translations Add initial translation support. 2016-12-23 20:45:52 -08:00
vendor move pkg/fields to apimachinery 2017-01-19 09:50:16 -05:00
.gazelcfg.json Generate a dummy BUILD file in _output/local/go to keep Bazel out of trouble 2017-01-05 22:05:17 -08:00
.generated_docs add create rolebinding 2016-12-21 09:03:27 -05:00
.generated_files
.gitattributes Add -diff attributes for generated files 2016-12-08 17:12:07 -08:00
.gitignore
BUILD.bazel Add release-tars to ci-artifacts 2017-01-13 16:34:06 -08:00
CHANGELOG.md Update CHANGELOG.md for v1.5.2. 2017-01-11 23:06:30 -08:00
code-of-conduct.md
CONTRIBUTING.md
labels.yaml
LICENSE
Makefile Add //hack:verify-boilerplate rule. 2017-01-19 11:10:48 -08:00
Makefile.generated_files Remove a from each codegen path 2016-12-30 18:44:32 -08:00
OWNERS Updated top level owners file to match new format 2017-01-19 11:29:16 -08:00
OWNERS_ALIASES OWNERS: Create sig-node alias 2017-01-17 16:25:40 -08:00
README.md Update README.md 2016-12-20 08:51:06 -06:00
Vagrantfile
WORKSPACE Merge pull request #39898 from ixdy/bazel-release-tars 2017-01-18 14:24:48 -08:00

Kubernetes

Submit Queue Widget GoDoc Widget Coverage Status Widget

Introduction

Kubernetes is an open source system for managing containerized applications across multiple hosts, providing basic mechanisms for deployment, maintenance, and scaling of applications. Kubernetes is hosted by the Cloud Native Computing Foundation (CNCF)

Kubernetes builds upon a decade and a half of experience at Google running production workloads at scale using a system called Borg, combined with best-of-breed ideas and practices from the community.


Are you ...

Code of Conduct

The Kubernetes community abides by the CNCF code of conduct. Here is an excerpt:

As contributors and maintainers of this project, and in the interest of fostering an open and welcoming community, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities.

Community

Do you want to help "shape the evolution of technologies that are container-packaged, dynamically-scheduled and microservices-oriented? ". If you are a company, you should consider joining the CNCF. For details about who's involved in CNCF and how Kubernetes plays a role, read the announcement. For general information about our community see the website community page.

Join us on social media (Twitter, Google+) and read our blog

Ask questions and help answer them on Slack or Stack Overflow

Attend our key events (kubecon, cloudnativecon, weekly community meeting)

Join a Special Interest Group (SIG)

Contribute

If you're interested in being a contributor and want to get involved in developing Kubernetes, get started with this reading:

You will then most certainly gain a lot from joining a SIG, attending the regular hangouts as well as the community meeting.

If you have an idea for a new feature, see the Kubernetes Features repository for a list of features that are coming in new releases as well as details on how to propose one.

Building Kubernetes for the impatient

If you want to build Kubernetes right away there are two options:

$ go get -d k8s.io/kubernetes
$ cd $GOPATH/src/k8s.io/kubernetes
$ make
$ git clone https://github.com/kubernetes/kubernetes
$ cd kubernetes
$ make quick-release

If you are less impatient, head over to the developer's documentation.

Support

While there are many different channels that you can use to get hold of us (Slack, Stack Overflow, Issues, Forums/Mailing lists), you can help make sure that we are efficient in getting you the help that you need.

If you need support, start with the troubleshooting guide and work your way through the process that we've outlined.

That said, if you have questions, reach out to us one way or another. We don't bite!

Analytics