github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-11-03 23:40:03 +00:00
Code Issues Projects Releases Wiki Activity
Files
7d5dbdaa09198e5cc13bc3a25a2b302a308703a9
kubernetes/cluster/addons
History
Kubernetes Submit Queue de4c381219 Merge pull request #47877 from ixdy/update-1.7-images 
Automatic merge from submit-queue

Update addons with upstream CVE fixes

**What this PR does / why we need it**: refreshes the kube-dns, metadata-proxy, and fluentd-gcp, event-exporter, prometheus-to-sd, and ip-masq-agent addons with new base images containing fixes for the following vulnerabilities:
* CVE-2016-4448
* CVE-2016-9841
* CVE-2016-9843
* CVE-2017-1000366
* CVE-2017-2616
* CVE-2017-9526

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #47386 (yay!)

**Special notes for your reviewer**:

**Release note**:

```release-note
Update kube-dns, metadata-proxy, and fluentd-gcp, event-exporter, prometheus-to-sd, and ip-masq-agent addons with new base images containing fixes for CVE-2016-4448, CVE-2016-9841, CVE-2016-9843,  CVE-2017-1000366, CVE-2017-2616, and CVE-2017-9526.
```
/assign @bowei @MrHohn @Q-Lee @crassirostris @dnardo 
/cc @dchen1107 @timstclair
2017-06-22 09:31:51 -07:00
..
addon-manager
Update to kube-addon-manager:v6.4-beta.2: new kubectl and base images
2017-06-12 19:28:23 -07:00
calico-policy-controller
Set Typha replica count to 0 when Calico is not enabled
2017-06-19 11:08:17 -07:00
cluster-loadbalancing
Update docs/ URLs to point to proper locations
2017-06-05 22:13:54 -07:00
cluster-monitoring
Replace todo-grabbag binding w/ more specific heapster roles/bindings.
2017-06-06 09:03:09 -07:00
dashboard
Update dashboard-controller.yaml
2017-05-17 14:12:12 +02:00
dns
Update kube-dns images to 1.14.3
2017-06-21 15:13:48 -07:00
dns-horizontal-autoscaler
Update cluster-proportional-autoscaler-amd64 to 1.1.2-r2
2017-06-14 12:42:23 -07:00
etcd-empty-dir-cleanup
make all static system pods critical
2017-06-12 15:22:04 -07:00
fluentd-elasticsearch
Update fluentd-es-ds.yaml
2017-05-29 19:09:57 +02:00
fluentd-gcp
Update fluentd-gcp to 2.0.7
2017-06-21 14:08:12 -07:00
ip-masq-agent
Merge pull request #47877 from ixdy/update-1.7-images
2017-06-22 09:31:51 -07:00
metadata-proxy
Update metadata-proxy to 0.1.2
2017-06-21 15:13:52 -07:00
node-problem-detector
Bump up npd version to v0.4.0
2017-06-06 16:30:02 -07:00
podsecuritypolicies
python-image
rbac
Auto approve kubelet certificate signing requests.
2017-06-16 08:47:12 -07:00
registry
Update docs/ URLs to point to proper locations
2017-06-05 22:13:54 -07:00
storage-class
Support running StatefulSetBasic e2e tests with local-up-cluster
2017-04-28 15:10:22 -04:00
BUILD
Replace git_repository with http_archive and use ixdy's fork of bazel tools for pkg_tar
2017-05-03 10:13:06 -07:00
README.md

README.md

Cluster add-ons

Overview

Cluster add-ons are resources like Services and Deployments (with pods) that are shipped with the Kubernetes binaries and are considered an inherent part of the Kubernetes clusters.

There are currently two classes of add-ons:

  • Add-ons that will be reconciled.
  • Add-ons that will be created if they don't exist.

More details could be found in addon-manager/README.md.

Cooperating Horizontal / Vertical Auto-Scaling with "reconcile class addons"

"Reconcile" class addons will be periodically reconciled to the original state given by the initial config. In order to make Horizontal / Vertical Auto-scaling functional, the related fields in config should be left unset. More specifically, leave replicas in ReplicationController / Deployment / ReplicaSet unset for Horizontal Scaling, leave resources for container unset for Vertical Scaling. The periodic reconcile won't clobbered these fields, hence they could be managed by Horizontal / Vertical Auto-scaler.

Add-on naming

The suggested naming for most of the resources is <basename> (with no version number). Though resources like Pod, ReplicationController and DaemonSet are exceptional. It would be hard to update Pod because many fields in Pod are immutable. For ReplicationController and DaemonSet, in-place update may not trigger the underlying pods to be re-created. You probably need to change their names during update to trigger a complete deletion and creation.

Analytics