Production-Grade Container Scheduling and Management
Go to file
Kubernetes Submit Queue d50c027d0c Merge pull request #39537 from liggitt/legacy-policy
Automatic merge from submit-queue (batch tested with PRs 39803, 39698, 39537, 39478)

include bootstrap admin in super-user group, ensure tokens file is correct on upgrades

Fixes https://github.com/kubernetes/kubernetes/issues/39532

Possible issues with cluster bring-up scripts:

- [x] known_tokens.csv and basic_auth.csv is not rewritten if the file already exists
  * new users (like the controller manager) are not available on upgrade
  * changed users (like the kubelet username change) are not reflected
  * group additions (like the addition of admin to the superuser group) don't take effect on upgrade
  * this PR updates the token and basicauth files line-by-line to preserve user additions, but also ensure new data is persisted
- [x] existing 1.5 clusters may depend on more permissive ABAC permissions (or customized ABAC policies). This PR adds an option to enable existing ABAC policy files for clusters that are upgrading

Follow-ups:
- [ ] both scripts are loading e2e role-bindings, which only be loaded in e2e tests, not in normal kube-up scenarios
- [ ] when upgrading, set the option to use existing ABAC policy files
- [ ] update bootstrap superuser client certs to add superuser group? ("We also have a certificate that "used to be" a super-user. On GCE, it has CN "kubecfg", on GKE it's "client"")
- [ ] define (but do not load by default) a relaxed set of RBAC roles/rolebindings matching legacy ABAC, and document how to load that for new clusters that do not want to isolate user permissions
2017-01-12 15:06:31 -08:00
.github
api Merge pull request #39743 from pweil-/enable-psp 2017-01-12 13:58:31 -08:00
build Wait until kubernetes-src.tar.gz is build before building node/server. 2017-01-11 15:55:44 -08:00
cluster Merge pull request #39537 from liggitt/legacy-policy 2017-01-12 15:06:31 -08:00
cmd Merge pull request #39740 from deads2k/controller-16-add-flag 2017-01-12 13:58:26 -08:00
docs update generated code 2017-01-11 14:12:39 -05:00
examples start the apimachinery repo 2017-01-11 09:09:48 -05:00
federation Refactor registry to use store vs. etcd 2017-01-12 09:23:38 -06:00
Godeps bump(ugoriji/go/codec): ded73eae5db7e7a0ef6f55aace87a2873c5d2b74 2017-01-11 21:38:08 +01:00
hack Merge pull request #39537 from liggitt/legacy-policy 2017-01-12 15:06:31 -08:00
hooks Fix spelling in package naming linter error message 2016-12-20 15:48:14 -05:00
logo
pkg Merge pull request #39698 from mikedanese/default-csr 2017-01-12 15:06:29 -08:00
plugin Merge pull request #39803 from jayunit100/sched_cleanup_config_1 2017-01-12 15:06:27 -08:00
staging Merge pull request #37557 from sttts/sttts-update-ugorji 2017-01-12 02:36:16 -08:00
test Merge pull request #39801 from aleksandra-malinowska/heapster-v1.3.0-beta.0 2017-01-12 13:58:27 -08:00
third_party start the apimachinery repo 2017-01-11 09:09:48 -05:00
translations Add initial translation support. 2016-12-23 20:45:52 -08:00
vendor Merge pull request #37557 from sttts/sttts-update-ugorji 2017-01-12 02:36:16 -08:00
.gazelcfg.json Generate a dummy BUILD file in _output/local/go to keep Bazel out of trouble 2017-01-05 22:05:17 -08:00
.generated_docs add create rolebinding 2016-12-21 09:03:27 -05:00
.generated_files
.gitattributes
.gitignore
BUILD.bazel Add a rule to create kubernetes-src.tar.gz 2017-01-05 14:14:13 -08:00
CHANGELOG.md Update CHANGELOG.md for v1.5.2. 2017-01-11 23:06:30 -08:00
code-of-conduct.md
CONTRIBUTING.md
labels.yaml
LICENSE
Makefile make help should be bazel aware 2017-01-06 14:56:01 -08:00
Makefile.generated_files Remove a from each codegen path 2016-12-30 18:44:32 -08:00
OWNERS
OWNERS_ALIASES
README.md Update README.md 2016-12-20 08:51:06 -06:00
Vagrantfile
WORKSPACE build test binary with bazel 2017-01-09 14:39:15 -08:00

Kubernetes

Submit Queue Widget GoDoc Widget Coverage Status Widget

Introduction

Kubernetes is an open source system for managing containerized applications across multiple hosts, providing basic mechanisms for deployment, maintenance, and scaling of applications. Kubernetes is hosted by the Cloud Native Computing Foundation (CNCF)

Kubernetes builds upon a decade and a half of experience at Google running production workloads at scale using a system called Borg, combined with best-of-breed ideas and practices from the community.


Are you ...

Code of Conduct

The Kubernetes community abides by the CNCF code of conduct. Here is an excerpt:

As contributors and maintainers of this project, and in the interest of fostering an open and welcoming community, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities.

Community

Do you want to help "shape the evolution of technologies that are container-packaged, dynamically-scheduled and microservices-oriented? ". If you are a company, you should consider joining the CNCF. For details about who's involved in CNCF and how Kubernetes plays a role, read the announcement. For general information about our community see the website community page.

Join us on social media (Twitter, Google+) and read our blog

Ask questions and help answer them on Slack or Stack Overflow

Attend our key events (kubecon, cloudnativecon, weekly community meeting)

Join a Special Interest Group (SIG)

Contribute

If you're interested in being a contributor and want to get involved in developing Kubernetes, get started with this reading:

You will then most certainly gain a lot from joining a SIG, attending the regular hangouts as well as the community meeting.

If you have an idea for a new feature, see the Kubernetes Features repository for a list of features that are coming in new releases as well as details on how to propose one.

Building Kubernetes for the impatient

If you want to build Kubernetes right away there are two options:

$ go get -d k8s.io/kubernetes
$ cd $GOPATH/src/k8s.io/kubernetes
$ make
$ git clone https://github.com/kubernetes/kubernetes
$ cd kubernetes
$ make quick-release

If you are less impatient, head over to the developer's documentation.

Support

While there are many different channels that you can use to get hold of us (Slack, Stack Overflow, Issues, Forums/Mailing lists), you can help make sure that we are efficient in getting you the help that you need.

If you need support, start with the troubleshooting guide and work your way through the process that we've outlined.

That said, if you have questions, reach out to us one way or another. We don't bite!

Analytics