Commit b77b2b91 authored by Mike Wilson's avatar Mike Wilson

Merge branch 'master' into lb

parents b25805f0 96067e6d

Too many changes to show.

To preserve performance only 1000 of 1000+ files are displayed.

......@@ -7,4 +7,3 @@ test/test_owners.csv merge=union
**/generated.proto -diff
**/types_swagger_doc_generated.go -diff
docs/api-reference/** -diff
federation/docs/api-reference/** -diff
......@@ -22,7 +22,7 @@ If you're looking for help check [Stack Overflow](https://stackoverflow.com/ques
**Environment**:
- Kubernetes version (use `kubectl version`):
- Cloud provider or hardware configuration**:
- Cloud provider or hardware configuration:
- OS (e.g. from /etc/os-release):
- Kernel (e.g. `uname -a`):
- Install tools:
......
......@@ -2,18 +2,21 @@
1. If this is your first time, read our contributor guidelines https://git.k8s.io/community/contributors/devel/pull-requests.md#the-pr-submit-process and developer guide https://git.k8s.io/community/contributors/devel/development.md#development-guide
2. If you want *faster* PR reviews, read how: https://git.k8s.io/community/contributors/devel/pull-requests.md#best-practices-for-faster-reviews
3. Follow the instructions for writing a release note: https://git.k8s.io/community/contributors/devel/pull-requests.md#write-release-notes-if-needed
4. If the PR is unfinished, see how to mark it: https://github.com/kubernetes/community/blob/master/contributors/devel/pull-requests.md#marking-unfinished-pull-requests
-->
**What this PR does / why we need it**:
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
<!-- Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access)
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`.
<!-- Write your release note:
1. Enter your extended release note in the below block. If the PR requires additional action from users switching to the new release, include the string "action required".
2. If no release note is required, just write "NONE".
-->
```release-note
```
......@@ -68,8 +68,8 @@
- [Known Issues](#known-issues)
- [Notable Changes to Existing Behavior](#notable-changes-to-existing-behavior)
- [Deployments](#deployments)
- [kubectl rolling-update: < v1.4.0 client vs >=v1.4.0 cluster](#kubectl-rolling-update:-<-v140-client-vs->=v140-cluster)
- [kubectl delete: < v1.4.0 client vs >=v1.4.0 cluster](#kubectl-delete:-<-v140-client-vs->=v140-cluster)
- [kubectl rolling-update: < v1.4.0 client vs >=v1.4.0 cluster](#kubectl-rolling-update--v140-client-vs-v140-cluster)
- [kubectl delete: < v1.4.0 client vs >=v1.4.0 cluster](#kubectl-delete--v140-client-vs-v140-cluster)
- [DELETE operation in REST API](#delete-operation-in-rest-api)
- [Action Required Before Upgrading](#action-required-before-upgrading)
- [optionally, remove the old secret](#optionally-remove-the-old-secret)
......
This source diff could not be displayed because it is too large. You can view the blob instead.
......@@ -175,4 +175,47 @@ aliases:
- radhikpac
- jpbetz
- cmluciano
api-approvers:
- erictune
- lavalamp
- smarterclayton
- thockin
- liggitt
# - bgrant0607 # manual escalations only
api-reviewers:
- erictune
- lavalamp
- smarterclayton
- thockin
- liggitt
- wojtek-t
- deads2k
- yujuhong
- brendandburns
- derekwaynecarr
- caesarxuchao
- vishh
- mikedanese
- nikhiljindal
- gmarek
- davidopp
- pmorie
- sttts
- dchen1107
- saad-ali
- zmerlynn
- luxas
- janetkuo
- justinsb
- pwittrock
- roberthbailey
- ncdc
- tallclair
- yifan-gu
- eparis
- mwielgus
- timothysc
- soltysh
- piosz
- jsafrane
- jbeda
approvers:
- erictune
- lavalamp
- smarterclayton
- thockin
- liggitt
# - bgrant0607 # manual escalations only
- api-approvers
reviewers:
- thockin
- lavalamp
- smarterclayton
- wojtek-t
- deads2k
- yujuhong
- brendandburns
- derekwaynecarr
- caesarxuchao
- vishh
- mikedanese
- liggitt
- nikhiljindal
- gmarek
- erictune
- davidopp
- pmorie
- sttts
- dchen1107
- saad-ali
- zmerlynn
- luxas
- janetkuo
- justinsb
- pwittrock
- roberthbailey
- ncdc
- tallclair
- yifan-gu
- eparis
- mwielgus
- timothysc
- soltysh
- piosz
- jsafrane
- jbeda
- api-reviewers
......@@ -4,7 +4,7 @@ This folder contains an [OpenAPI specification][openapi] for Kubernetes API.
## Vendor Extensions
Kuberntes extends OpenAPI using these extensions. Note the version that
Kuberntes extends OpenAPI using these extensions. Note the version that
extensions has been added.
### `x-kubernetes-group-version-kind`
......@@ -56,5 +56,5 @@ For example:
### `x-kubernetes-patch-strategy` and `x-kubernetes-patch-merge-key`
Some of the definitions may have these extensions. For more information about PatchStrategy and PatchMergeKey see
[strategic-merge-patch] (https://github.com/kubernetes/community/blob/3a1e6d22f812751ee88eccf7c59101852de63d5b/contributors/devel/strategic-merge-patch.md).
Some of the definitions may have these extensions. For more information about PatchStrategy and PatchMergeKey see
[strategic-merge-patch] (https://github.com/kubernetes/community/blob/master/contributors/devel/strategic-merge-patch.md).
......@@ -1764,6 +1764,7 @@
"description": "AdmissionHookClientConfig contains the information to make a TLS connection with the webhook",
"required": [
"service",
"urlPath",
"caBundle"
],
"properties": {
......@@ -1771,6 +1772,10 @@
"$ref": "v1alpha1.ServiceReference",
"description": "Service is a reference to the service for this webhook. If there is only one port open for the service, that port will be used. If there are multiple ports open, port 443 will be used if it is open, otherwise it is an error. Required"
},
"urlPath": {
"type": "string",
"description": "URLPath is an optional field that specifies the URL path to use when posting the AdmissionReview object."
},
"caBundle": {
"type": "string",
"description": "CABundle is a PEM encoded CA bundle which will be used to validate webhook's server certificate. Required"
......
......@@ -2674,15 +2674,15 @@
},
"protectionDomain": {
"type": "string",
"description": "The name of the Protection Domain for the configured storage (defaults to \"default\")."
"description": "The name of the ScaleIO Protection Domain for the configured storage."
},
"storagePool": {
"type": "string",
"description": "The Storage Pool associated with the protection domain (defaults to \"default\")."
"description": "The ScaleIO Storage Pool associated with the protection domain."
},
"storageMode": {
"type": "string",
"description": "Indicates whether the storage for a volume should be thick or thin (defaults to \"thin\")."
"description": "Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned."
},
"volumeName": {
"type": "string",
......@@ -2815,7 +2815,7 @@
},
"securityContext": {
"$ref": "v1.SecurityContext",
"description": "Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://git.k8s.io/community/contributors/design-proposals/security_context.md"
"description": "Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
},
"stdin": {
"type": "boolean",
......@@ -3441,7 +3441,7 @@
},
"v1.PodAffinityTerm": {
"id": "v1.PodAffinityTerm",
"description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e tches that of any node on which a pod of the set of pods is running",
"description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running",
"properties": {
"labelSelector": {
"$ref": "v1.LabelSelector",
......
......@@ -5344,15 +5344,15 @@
},
"protectionDomain": {
"type": "string",
"description": "The name of the Protection Domain for the configured storage (defaults to \"default\")."
"description": "The name of the ScaleIO Protection Domain for the configured storage."
},
"storagePool": {
"type": "string",
"description": "The Storage Pool associated with the protection domain (defaults to \"default\")."
"description": "The ScaleIO Storage Pool associated with the protection domain."
},
"storageMode": {
"type": "string",
"description": "Indicates whether the storage for a volume should be thick or thin (defaults to \"thin\")."
"description": "Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned."
},
"volumeName": {
"type": "string",
......@@ -5485,7 +5485,7 @@
},
"securityContext": {
"$ref": "v1.SecurityContext",
"description": "Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://git.k8s.io/community/contributors/design-proposals/security_context.md"
"description": "Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
},
"stdin": {
"type": "boolean",
......@@ -6111,7 +6111,7 @@
},
"v1.PodAffinityTerm": {
"id": "v1.PodAffinityTerm",
"description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e tches that of any node on which a pod of the set of pods is running",
"description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running",
"properties": {
"labelSelector": {
"$ref": "v1.LabelSelector",
......
......@@ -7709,15 +7709,15 @@
},
"protectionDomain": {
"type": "string",
"description": "The name of the Protection Domain for the configured storage (defaults to \"default\")."
"description": "The name of the ScaleIO Protection Domain for the configured storage."
},
"storagePool": {
"type": "string",
"description": "The Storage Pool associated with the protection domain (defaults to \"default\")."
"description": "The ScaleIO Storage Pool associated with the protection domain."
},
"storageMode": {
"type": "string",
"description": "Indicates whether the storage for a volume should be thick or thin (defaults to \"thin\")."
"description": "Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned."
},
"volumeName": {
"type": "string",
......@@ -7850,7 +7850,7 @@
},
"securityContext": {
"$ref": "v1.SecurityContext",
"description": "Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://git.k8s.io/community/contributors/design-proposals/security_context.md"
"description": "Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
},
"stdin": {
"type": "boolean",
......@@ -8476,7 +8476,7 @@
},
"v1.PodAffinityTerm": {
"id": "v1.PodAffinityTerm",
"description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e tches that of any node on which a pod of the set of pods is running",
"description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running",
"properties": {
"labelSelector": {
"$ref": "v1.LabelSelector",
......
......@@ -1518,7 +1518,7 @@
},
"manualSelector": {
"type": "boolean",
"description": "manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the user is responsible for picking unique labels and specifying the selector. Failure to pick a unique label may cause this and other jobs to not function correctly. However, You may see `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` API. More info: https://git.k8s.io/community/contributors/design-proposals/selector-generation.md"
"description": "manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the user is responsible for picking unique labels and specifying the selector. Failure to pick a unique label may cause this and other jobs to not function correctly. However, You may see `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` API. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector"
},
"template": {
"$ref": "v1.PodTemplateSpec",
......@@ -2684,15 +2684,15 @@
},
"protectionDomain": {
"type": "string",
"description": "The name of the Protection Domain for the configured storage (defaults to \"default\")."
"description": "The name of the ScaleIO Protection Domain for the configured storage."
},
"storagePool": {
"type": "string",
"description": "The Storage Pool associated with the protection domain (defaults to \"default\")."
"description": "The ScaleIO Storage Pool associated with the protection domain."
},
"storageMode": {
"type": "string",
"description": "Indicates whether the storage for a volume should be thick or thin (defaults to \"thin\")."
"description": "Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned."
},
"volumeName": {
"type": "string",
......@@ -2825,7 +2825,7 @@
},
"securityContext": {
"$ref": "v1.SecurityContext",
"description": "Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://git.k8s.io/community/contributors/design-proposals/security_context.md"
"description": "Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
},
"stdin": {
"type": "boolean",
......@@ -3451,7 +3451,7 @@
},
"v1.PodAffinityTerm": {
"id": "v1.PodAffinityTerm",
"description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e tches that of any node on which a pod of the set of pods is running",
"description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running",
"properties": {
"labelSelector": {
"$ref": "v1.LabelSelector",
......
......@@ -1573,7 +1573,7 @@
},
"manualSelector": {
"type": "boolean",
"description": "manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the user is responsible for picking unique labels and specifying the selector. Failure to pick a unique label may cause this and other jobs to not function correctly. However, You may see `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` API. More info: https://git.k8s.io/community/contributors/design-proposals/selector-generation.md"
"description": "manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the user is responsible for picking unique labels and specifying the selector. Failure to pick a unique label may cause this and other jobs to not function correctly. However, You may see `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` API. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector"
},
"template": {
"$ref": "v1.PodTemplateSpec",
......@@ -2739,15 +2739,15 @@
},
"protectionDomain": {
"type": "string",
"description": "The name of the Protection Domain for the configured storage (defaults to \"default\")."
"description": "The name of the ScaleIO Protection Domain for the configured storage."
},
"storagePool": {
"type": "string",
"description": "The Storage Pool associated with the protection domain (defaults to \"default\")."
"description": "The ScaleIO Storage Pool associated with the protection domain."
},
"storageMode": {
"type": "string",
"description": "Indicates whether the storage for a volume should be thick or thin (defaults to \"thin\")."
"description": "Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned."
},
"volumeName": {
"type": "string",
......@@ -2880,7 +2880,7 @@
},
"securityContext": {
"$ref": "v1.SecurityContext",
"description": "Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://git.k8s.io/community/contributors/design-proposals/security_context.md"
"description": "Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
},
"stdin": {
"type": "boolean",
......@@ -3506,7 +3506,7 @@
},
"v1.PodAffinityTerm": {
"id": "v1.PodAffinityTerm",
"description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e tches that of any node on which a pod of the set of pods is running",
"description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running",
"properties": {
"labelSelector": {
"$ref": "v1.LabelSelector",
......
......@@ -1573,7 +1573,7 @@
},
"manualSelector": {
"type": "boolean",
"description": "manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the user is responsible for picking unique labels and specifying the selector. Failure to pick a unique label may cause this and other jobs to not function correctly. However, You may see `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` API. More info: https://git.k8s.io/community/contributors/design-proposals/selector-generation.md"
"description": "manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the user is responsible for picking unique labels and specifying the selector. Failure to pick a unique label may cause this and other jobs to not function correctly. However, You may see `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` API. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector"
},
"template": {
"$ref": "v1.PodTemplateSpec",
......@@ -2739,15 +2739,15 @@
},
"protectionDomain": {
"type": "string",
"description": "The name of the Protection Domain for the configured storage (defaults to \"default\")."
"description": "The name of the ScaleIO Protection Domain for the configured storage."
},
"storagePool": {
"type": "string",
"description": "The Storage Pool associated with the protection domain (defaults to \"default\")."
"description": "The ScaleIO Storage Pool associated with the protection domain."
},
"storageMode": {
"type": "string",
"description": "Indicates whether the storage for a volume should be thick or thin (defaults to \"thin\")."
"description": "Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned."
},
"volumeName": {
"type": "string",
......@@ -2880,7 +2880,7 @@
},
"securityContext": {
"$ref": "v1.SecurityContext",
"description": "Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://git.k8s.io/community/contributors/design-proposals/security_context.md"
"description": "Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
},
"stdin": {
"type": "boolean",
......@@ -3506,7 +3506,7 @@
},
"v1.PodAffinityTerm": {
"id": "v1.PodAffinityTerm",
"description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e tches that of any node on which a pod of the set of pods is running",
"description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running",
"properties": {
"labelSelector": {
"$ref": "v1.LabelSelector",
......
......@@ -8352,15 +8352,15 @@
},
"protectionDomain": {
"type": "string",
"description": "The name of the Protection Domain for the configured storage (defaults to \"default\")."
"description": "The name of the ScaleIO Protection Domain for the configured storage."
},
"storagePool": {
"type": "string",
"description": "The Storage Pool associated with the protection domain (defaults to \"default\")."
"description": "The ScaleIO Storage Pool associated with the protection domain."
},
"storageMode": {
"type": "string",
"description": "Indicates whether the storage for a volume should be thick or thin (defaults to \"thin\")."
"description": "Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned."
},
"volumeName": {
"type": "string",
......@@ -8493,7 +8493,7 @@
},
"securityContext": {
"$ref": "v1.SecurityContext",
"description": "Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://git.k8s.io/community/contributors/design-proposals/security_context.md"
"description": "Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
},
"stdin": {
"type": "boolean",
......@@ -9119,7 +9119,7 @@
},
"v1.PodAffinityTerm": {
"id": "v1.PodAffinityTerm",
"description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e tches that of any node on which a pod of the set of pods is running",
"description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running",
"properties": {
"labelSelector": {
"$ref": "v1.LabelSelector",
......@@ -10245,7 +10245,7 @@
},
"seLinuxOptions": {
"$ref": "v1.SELinuxOptions",
"description": "seLinuxOptions required to run as; required for MustRunAs More info: https://git.k8s.io/community/contributors/design-proposals/security_context.md"
"description": "seLinuxOptions required to run as; required for MustRunAs More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
}
}
},
......
......@@ -2492,15 +2492,15 @@
},
"protectionDomain": {
"type": "string",
"description": "The name of the Protection Domain for the configured storage (defaults to \"default\")."
"description": "The name of the ScaleIO Protection Domain for the configured storage."
},
"storagePool": {
"type": "string",
"description": "The Storage Pool associated with the protection domain (defaults to \"default\")."
"description": "The ScaleIO Storage Pool associated with the protection domain."
},
"storageMode": {
"type": "string",
"description": "Indicates whether the storage for a volume should be thick or thin (defaults to \"thin\")."
"description": "Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned."
},
"volumeName": {
"type": "string",
......
......@@ -103,7 +103,6 @@ release_filegroup(
name = "client-targets",
srcs = [
"//cmd/kubectl",
"//federation/cmd/kubefed",
],
)
......@@ -143,7 +142,6 @@ filegroup(
"//cmd/genyaml",
"//cmd/kubemark", # TODO: server platforms only
"//cmd/linkcheck",
"//federation/cmd/genfeddocs",
"//test/e2e:e2e.test",
"//test/e2e_node:e2e_node.test", # TODO: server platforms only
"//vendor/github.com/onsi/ginkgo/ginkgo",
......@@ -154,9 +152,7 @@ filegroup(
filegroup(
name = "test-portable-targets",
srcs = [
"//federation/develop:all-srcs",
"//hack:e2e.go",
"//hack:federated-ginkgo-e2e.sh",
"//hack:get-build.sh",
"//hack:ginkgo-e2e.sh",
"//hack/e2e-internal:all-srcs",
......
......@@ -20,20 +20,21 @@ FROM BASEIMAGE
RUN ln -s /bin/sh /bin/bash
RUN echo CACHEBUST>/dev/null && clean-install \
iptables \
ca-certificates \
ceph-common \
cifs-utils \
conntrack \
e2fsprogs \
ebtables \
ethtool \
kmod \
ca-certificates \
conntrack \
util-linux \
socat \
git \
glusterfs-client \
iptables \
jq \
kmod \
openssh-client \
nfs-common \
glusterfs-client \
cifs-utils \
ceph-common
socat \
util-linux
COPY cni-bin/bin /opt/cni/bin
......@@ -19,7 +19,7 @@
REGISTRY?=gcr.io/google-containers
IMAGE?=debian-hyperkube-base
TAG=0.4
TAG=0.6
ARCH?=amd64
CACHEBUST?=1
......
......@@ -82,7 +82,7 @@ deb_data(
pkg_tar(
name = "kubernetes-cni-data",
package_dir = "/opt/cni",
package_dir = "/opt/cni/bin",
deps = ["@kubernetes_cni//file"],
)
......
......@@ -419,6 +419,12 @@ function kube::release::package_kube_manifests_tarball() {
local objects
objects=$(cd "${KUBE_ROOT}/cluster/addons" && find . \( -name \*.yaml -or -name \*.yaml.in -or -name \*.json \) | grep -v demo)
tar c -C "${KUBE_ROOT}/cluster/addons" ${objects} | tar x -C "${gci_dst_dir}"
# Merge GCE-specific addons with general purpose addons.
local gce_objects
gce_objects=$(cd "${KUBE_ROOT}/cluster/gce/addons" && find . \( -name \*.yaml -or -name \*.yaml.in -or -name \*.json \) \( -not -name \*demo\* \))
if [[ -n "${gce_objects}" ]]; then
tar c -C "${KUBE_ROOT}/cluster/gce/addons" ${gce_objects} | tar x -C "${gci_dst_dir}"
fi
kube::release::clean_cruft
......@@ -503,11 +509,6 @@ EOF
mkdir -p "${release_stage}/third_party"
cp -R "${KUBE_ROOT}/third_party/htpasswd" "${release_stage}/third_party/htpasswd"
# Include only federation/cluster and federation/deploy
mkdir "${release_stage}/federation"
cp -R "${KUBE_ROOT}/federation/cluster" "${release_stage}/federation/"
cp -R "${KUBE_ROOT}/federation/deploy" "${release_stage}/federation/"
# Include hack/lib as a dependency for the cluster/ scripts
mkdir -p "${release_stage}/hack"
cp -R "${KUBE_ROOT}/hack/lib" "${release_stage}/hack/"
......
# A project wanting to generate openapi code for vendored
# k8s.io/kubernetes will need to set the following variables in
# //build/openapi.bzl in their project and customize the go prefix:
#
# openapi_go_prefix = "k8s.io/myproject/"
# openapi_vendor_prefix = "vendor/k8s.io/kubernetes/"
openapi_go_prefix = "k8s.io/kubernetes/"
openapi_vendor_prefix = ""
......@@ -193,7 +193,6 @@ pkg_tar(
strip_prefix = "//",
deps = [
":_full_server",
"//federation:release",
],
)
......
......@@ -63,7 +63,6 @@ filegroup(
"//cmd:all-srcs",
"//docs:all-srcs",
"//examples:all-srcs",
"//federation:all-srcs",
"//hack:all-srcs",
"//pkg:all-srcs",
"//plugin:all-srcs",
......
......@@ -291,7 +291,6 @@ else
test-cmd: generated_files
hack/make-rules/test-kubeadm-cmd.sh
hack/make-rules/test-cmd.sh
hack/make-rules/test-federation-cmd.sh
endif
define CLEAN_HELP_INFO
......@@ -482,21 +481,6 @@ $(notdir $(abspath $(wildcard plugin/cmd/*/))): generated_files
hack/make-rules/build.sh plugin/cmd/$@
endif
define FED_CMD_HELP_INFO
# Add rules for all directories in federation/cmd/
#
# Example:
# make federation-apiserver federation-controller-manager
endef
.PHONY: $(notdir $(abspath $(wildcard federation/cmd/*/)))
ifeq ($(PRINT_HELP),y)
$(notdir $(abspath $(wildcard federation/cmd/*/))):
@echo "$$FED_CMD_HELP_INFO"
else
$(notdir $(abspath $(wildcard federation/cmd/*/))): generated_files
hack/make-rules/build.sh federation/cmd/$@
endif
define GENERATED_FILES_HELP_INFO
# Produce auto-generated files needed for the build.
#
......
......@@ -70,10 +70,10 @@ docker_pull(
docker_pull(
name = "debian-hyperkube-base-amd64",
digest = "sha256:f3a37c4d8700a5ff454d94a2bef7d165d287759cea737a621c20e4aa3891dbbb",
digest = "sha256:10546d592e58d5fdb2e25d79f291b8ac62c8d3a3d83337ad7309cca766dbebce",
registry = "gcr.io",
repository = "google-containers/debian-hyperkube-base-amd64",
tag = "0.4", # ignored, but kept here for documentation
tag = "0.6", # ignored, but kept here for documentation
)
docker_pull(
......
......@@ -51,18 +51,6 @@ package_group(
)
package_group(
name = "FEDERATION_BAD",
packages = [
"//federation/cmd/genfeddocs",
"//federation/cmd/kubefed/app",
"//federation/pkg/kubefed",
"//federation/pkg/kubefed/init",
"//federation/pkg/kubefed/testing",
"//federation/pkg/kubefed/util",
],
)
package_group(
name = "cluster",
packages = [
"//cluster/...",
......@@ -93,7 +81,6 @@ package_group(
package_group(
name = "pkg_kubectl_CONSUMERS_BAD",
includes = [
":FEDERATION_BAD",
":KUBEADM_BAD",
],
packages = [
......@@ -125,9 +112,6 @@ package_group(
package_group(
name = "pkg_kubectl_cmd_CONSUMERS_BAD",
includes = [
":FEDERATION_BAD",
],
packages = [
"//cmd/clicheck",
"//cmd/hyperkube",
......@@ -179,18 +163,10 @@ package_group(
)
package_group(
name = "pkg_kubectl_cmd_templates_CONSUMERS_BAD",
packages = [
"//federation/pkg/kubefed/init",
],
)
package_group(
name = "pkg_kubectl_cmd_templates_CONSUMERS",
includes = [
":COMMON_generators",
":COMMON_testing",
":FEDERATION_BAD",
],
packages = [
"//cmd/kubectl",
......@@ -198,6 +174,7 @@ package_group(
"//pkg/kubectl/cmd",
"//pkg/kubectl/cmd/auth",
"//pkg/kubectl/cmd/config",
"//pkg/kubectl/cmd/resource",
"//pkg/kubectl/cmd/rollout",
"//pkg/kubectl/cmd/set",
"//pkg/kubectl/cmd/templates",
......@@ -214,21 +191,11 @@ package_group(
)
package_group(
name = "pkg_kubectl_cmd_testing_CONSUMERS_BAD",
packages = [
"//federation/pkg/kubefed",
"//federation/pkg/kubefed/init",
],
)
package_group(
name = "pkg_kubectl_cmd_testing_CONSUMERS",
includes = [
":pkg_kubectl_cmd_testing_CONSUMERS_BAD",
],
packages = [
"//pkg/kubectl/cmd",
"//pkg/kubectl/cmd/auth",
"//pkg/kubectl/cmd/resource",
"//pkg/kubectl/cmd/set",
],
)
......@@ -236,7 +203,6 @@ package_group(
package_group(
name = "pkg_kubectl_cmd_util_CONSUMERS_BAD",
includes = [
":FEDERATION_BAD",
":KUBEADM_BAD",
],
packages = [
......@@ -259,6 +225,7 @@ package_group(
"//pkg/kubectl/cmd",
"//pkg/kubectl/cmd/auth",
"//pkg/kubectl/cmd/config",
"//pkg/kubectl/cmd/resource",
"//pkg/kubectl/cmd/rollout",
"//pkg/kubectl/cmd/set",
"//pkg/kubectl/cmd/testing",
......@@ -293,9 +260,6 @@ package_group(
package_group(
name = "pkg_kubectl_metricsutil_CONSUMERS_BAD",
includes = [
":FEDERATION_BAD",
],
packages = [
"//cmd/clicheck",
"//cmd/hyperkube",
......@@ -317,18 +281,10 @@ package_group(
)
package_group(
name = "pkg_kubectl_resource_CONSUMERS_BAD",
packages = [
"//federation/pkg/kubefed",
],
)
package_group(
name = "pkg_kubectl_resource_CONSUMERS",
includes = [
":COMMON_generators",
":COMMON_testing",
":pkg_kubectl_resource_CONSUMERS_BAD",
],
packages = [
"//cmd/kubectl",
......@@ -337,6 +293,7 @@ package_group(
"//pkg/kubectl/cmd",
"//pkg/kubectl/cmd/auth",
"//pkg/kubectl/cmd/config",
"//pkg/kubectl/cmd/resource",
"//pkg/kubectl/cmd/rollout",
"//pkg/kubectl/cmd/set",
"//pkg/kubectl/cmd/testing",
......
......@@ -34,7 +34,7 @@ generally inhibit progress.
one can specify the following visibility rule in any `BUILD` rule:
```
visibility = [ "//build/visible_to:database_CONSUMERS" ],
```
```
* A visibility rule takes a list of package groups as its
argument - or one of the pre-defined groups
......@@ -59,7 +59,7 @@ generally inhibit progress.
* One set of `OWNERS` to manage visibility.
The alternative is to use special [package literals] directly
in visibility rules, e.g.
in visibility rules, e.g.
```
visibility = [
......@@ -114,7 +114,7 @@ visibility = ["//visible_to:client_foo,//visible_to:server_foo"],
#### Quickly check for visibility violations
```
bazel build --check_visibility --nobuild \
//cmd/... //pkg/... //federation/... //plugin/... \
//cmd/... //pkg/... //plugin/... \
//third_party/... //examples/... //test/... //vendor/k8s.io/...
```
......@@ -179,6 +179,6 @@ bazel query --nohost_deps --noimplicit_deps \
bazel query "somepath(cmd/kubectl:kubectl, pkg/util/parsers:go_default_library)"
```
[package literals]: https://bazel.build/versions/master/docs/be/common-definitions.html#common.visibility
......@@ -35,6 +35,7 @@ pkg_tar(
deps = [
"//cluster/addons",
"//cluster/gce:gci-trusty-manifests",
"//cluster/gce/addons",
"//cluster/saltbase:gci-trusty-salt-manifests",
],
)
......
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: calico
namespace: kube-system
......
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: calico
......
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: calico-cpva
labels:
......
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: calico-cpva
labels:
......
......@@ -29,7 +29,7 @@ spec:
# container programs network policy and routes on each
# host.
- name: calico-node
image: calico/node:v2.5.1
image: calico/node:v2.6.1
env:
- name: CALICO_DISABLE_FILE_LOGGING
value: "true"
......@@ -83,7 +83,7 @@ spec:
# This container installs the Calico CNI binaries
# and CNI network config file on each node.
- name: install-cni
image: calico/cni:v1.10.0
image: calico/cni:v1.11.0
command: ["/install-cni.sh"]
env:
- name: CNI_CONF_NAME
......
......@@ -22,7 +22,7 @@ spec:
hostNetwork: true
serviceAccountName: calico
containers:
- image: calico/typha:v0.4.1
- image: calico/typha:v0.5.1
name: calico-typha
ports:
- containerPort: 5473
......
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: typha-cpha
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["list"]
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: typha-cpha
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: typha-cpha
subjects:
- kind: ServiceAccount
name: typha-cpha
namespace: kube-system
......@@ -31,3 +31,4 @@ spec:
cpu: 10m
limits:
cpu: 10m
serviceAccountName: typha-cpha
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: typha-cpha
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
rules:
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get"]
- apiGroups: ["extensions"]
resources: ["deployments/scale"]
verbs: ["get", "update"]
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: typha-cpha
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: typha-cpha
subjects:
- kind: ServiceAccount
name: typha-cpha
namespace: kube-system
apiVersion: v1
kind: ServiceAccount
metadata:
name: typha-cpha
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
......@@ -65,7 +65,7 @@ spec:
readOnly: true
# BEGIN_PROMETHEUS_TO_SD
- name: prom-to-sd
image: gcr.io/google-containers/prometheus-to-sd:v0.2.1
image: gcr.io/google-containers/prometheus-to-sd:v0.2.2
command:
- /monitor
- --source=heapster:http://localhost:8082?whitelisted=stackdriver_requests_count,stackdriver_timeseries_count
......@@ -73,9 +73,6 @@ spec:
- --api-override={{ prometheus_to_sd_endpoint }}
- --pod-id=$(POD_NAME)
- --namespace-id=$(POD_NAMESPACE)
volumeMounts:
- name: ssl-certs
mountPath: /etc/ssl/certs
env:
- name: POD_NAME
valueFrom:
......
......@@ -94,7 +94,7 @@ spec:
optional: true
containers:
- name: kubedns
image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.5
image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.7
resources:
# TODO: Set memory limits when we've profiled the container for large
# clusters, then set request = limit to keep this container in
......@@ -145,7 +145,7 @@ spec:
- name: kube-dns-config
mountPath: /kube-dns-config
- name: dnsmasq
image: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.5
image: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.7
livenessProbe:
httpGet:
path: /healthcheck/dnsmasq
......@@ -184,7 +184,7 @@ spec:
- name: kube-dns-config
mountPath: /etc/k8s/dns/dnsmasq-nanny
- name: sidecar
image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.5
image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.7
livenessProbe:
httpGet:
path: /metrics
......@@ -197,8 +197,8 @@ spec:
args:
- --v=2
- --logtostderr
- --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.__PILLAR__DNS__DOMAIN__,5,A
- --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.__PILLAR__DNS__DOMAIN__,5,A
- --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.__PILLAR__DNS__DOMAIN__,5,SRV
- --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.__PILLAR__DNS__DOMAIN__,5,SRV
ports:
- containerPort: 10054
name: metrics
......
......@@ -94,7 +94,7 @@ spec:
optional: true
containers:
- name: kubedns
image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.5
image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.7
resources:
# TODO: Set memory limits when we've profiled the container for large
# clusters, then set request = limit to keep this container in
......@@ -145,7 +145,7 @@ spec:
- name: kube-dns-config
mountPath: /kube-dns-config
- name: dnsmasq
image: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.5
image: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.7
livenessProbe:
httpGet:
path: /healthcheck/dnsmasq
......@@ -184,7 +184,7 @@ spec:
- name: kube-dns-config
mountPath: /etc/k8s/dns/dnsmasq-nanny
- name: sidecar
image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.5
image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.7
livenessProbe:
httpGet:
path: /metrics
......@@ -197,8 +197,8 @@ spec:
args:
- --v=2
- --logtostderr
- --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.{{ pillar['dns_domain'] }},5,A
- --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.{{ pillar['dns_domain'] }},5,A
- --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.{{ pillar['dns_domain'] }},5,SRV
- --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.{{ pillar['dns_domain'] }},5,SRV
ports:
- containerPort: 10054
name: metrics
......
......@@ -94,7 +94,7 @@ spec:
optional: true
containers:
- name: kubedns
image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.5
image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.7
resources:
# TODO: Set memory limits when we've profiled the container for large
# clusters, then set request = limit to keep this container in
......@@ -145,7 +145,7 @@ spec:
- name: kube-dns-config
mountPath: /kube-dns-config
- name: dnsmasq
image: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.5
image: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.7
livenessProbe:
httpGet:
path: /healthcheck/dnsmasq
......@@ -184,7 +184,7 @@ spec:
- name: kube-dns-config
mountPath: /etc/k8s/dns/dnsmasq-nanny
- name: sidecar
image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.5
image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.7
livenessProbe:
httpGet:
path: /metrics
......@@ -197,8 +197,8 @@ spec:
args:
- --v=2
- --logtostderr
- --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.$DNS_DOMAIN,5,A
- --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.$DNS_DOMAIN,5,A
- --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.$DNS_DOMAIN,5,SRV
- --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.$DNS_DOMAIN,5,SRV
ports:
- containerPort: 10054
name: metrics
......
......@@ -96,16 +96,27 @@ data:
# the name of the Kubernetes container regardless of how many times the
# Kubernetes pod has been restarted (resulting in a several Docker container IDs).
# Example:
# Json Log Example:
# {"log":"[info:2016-02-16T16:04:05.930-08:00] Some log text here\n","stream":"stdout","time":"2016-02-17T00:04:05.931087621Z"}
# CRI Log Example:
# 2016-02-17T00:04:05.931087621Z stdout [info:2016-02-16T16:04:05.930-08:00] Some log text here
<source>
type tail
path /var/log/containers/*.log
pos_file /var/log/es-containers.log.pos
time_format %Y-%m-%dT%H:%M:%S.%NZ
tag kubernetes.*
format json
read_from_head true
format multi_format
<pattern>
format json
time_key time
time_format %Y-%m-%dT%H:%M:%S.%NZ
</pattern>
<pattern>
format /^(?<time>.+)\b(?<stream>stdout|stderr)\b(?<log>.*)$/
time_format %Y-%m-%dT%H:%M:%S.%N%:z
</pattern>
</source>
system.input.conf: |-
# Example:
......
......@@ -48,11 +48,11 @@ roleRef:
apiVersion: apps/v1beta2
kind: DaemonSet
metadata:
name: fluentd-es-v2.0.1
name: fluentd-es-v2.0.2
namespace: kube-system
labels:
k8s-app: fluentd-es
version: v2.0.1
version: v2.0.2
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
......@@ -61,7 +61,7 @@ spec:
labels:
k8s-app: fluentd-es
kubernetes.io/cluster-service: "true"
version: v2.0.1
version: v2.0.2
# This annotation ensures that fluentd does not get evicted if the node
# supports critical pod annotation based priority scheme.
# Note that this does not guarantee admission on the nodes (#40573).
......@@ -71,7 +71,7 @@ spec:
serviceAccountName: fluentd-es
containers:
- name: fluentd-es
image: gcr.io/google-containers/fluentd-elasticsearch:v2.0.1
image: gcr.io/google-containers/fluentd-elasticsearch:v2.0.2
env:
- name: FLUENTD_ARGS
value: --no-supervisor -q
......
......@@ -6,4 +6,5 @@ gem 'fluent-plugin-kubernetes_metadata_filter', '~>0.27.0'
gem 'fluent-plugin-elasticsearch', '~>1.9.5'
gem 'fluent-plugin-systemd', '~>0.0.8'
gem 'fluent-plugin-prometheus', '~>0.3.0'
gem 'fluent-plugin-multi-format-parser', '~>0.1.1'
gem 'oj', '~>2.18.1'
......@@ -16,7 +16,7 @@
PREFIX = gcr.io/google-containers
IMAGE = fluentd-elasticsearch
TAG = v2.0.1
TAG = v2.0.2
build:
docker build --pull -t $(PREFIX)/$(IMAGE):$(TAG) .
......
......@@ -52,16 +52,23 @@ spec:
- '/event-exporter'
# BEGIN_PROMETHEUS_TO_SD
- name: prometheus-to-sd-exporter
image: gcr.io/google-containers/prometheus-to-sd:v0.2.1
image: gcr.io/google-containers/prometheus-to-sd:v0.2.2
command:
- /monitor
- --component=event_exporter
- --stackdriver-prefix={{ prometheus_to_sd_prefix }}/addons
- --api-override={{ prometheus_to_sd_endpoint }}
- --whitelisted-metrics=stackdriver_sink_received_entry_count,stackdriver_sink_request_count,stackdriver_sink_successfully_sent_entry_count
volumeMounts:
- name: ssl-certs
mountPath: /etc/ssl/certs
- --source=event_exported:http://localhost:80?whitelisted=stackdriver_sink_received_entry_count,stackdriver_sink_request_count,stackdriver_sink_successfully_sent_entry_count
- --pod-id=$(POD_NAME)
- --namespace-id=$(POD_NAMESPACE)
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
# END_PROMETHEUS_TO_SD
terminationGracePeriodSeconds: 30
volumes:
......
......@@ -41,17 +41,26 @@ data:
# Tag is then parsed by google_cloud plugin and translated to the metadata,
# visible in the log viewer
# Example:
# Json Log Example:
# {"log":"[info:2016-02-16T16:04:05.930-08:00] Some log text here\n","stream":"stdout","time":"2016-02-17T00:04:05.931087621Z"}
# CRI Log Example:
# 2016-02-17T00:04:05.931087621Z stdout [info:2016-02-16T16:04:05.930-08:00] Some log text here
<source>
type tail
format json
time_key time
path /var/log/containers/*.log
pos_file /var/log/gcp-containers.log.pos
time_format %Y-%m-%dT%H:%M:%S.%N%Z
tag reform.*
read_from_head true
format multi_format
<pattern>
format json
time_key time
time_format %Y-%m-%dT%H:%M:%S.%NZ
</pattern>
<pattern>
format /^(?<time>.+)\b(?<stream>stdout|stderr)\b(?<log>.*)$/
time_format %Y-%m-%dT%H:%M:%S.%N%:z
</pattern>
</source>
<filter reform.**>
......
apiVersion: v1
kind: ServiceAccount
metadata:
name: fluentd-gcp
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: fluentd-gcp-v2.0.9
name: fluentd-gcp-v2.0.10
namespace: kube-system
labels:
k8s-app: fluentd-gcp
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
version: v2.0.9
version: v2.0.10
spec:
updateStrategy:
type: RollingUpdate
......@@ -16,18 +25,18 @@ spec:
labels:
k8s-app: fluentd-gcp
kubernetes.io/cluster-service: "true"
version: v2.0.9
version: v2.0.10
# This annotation ensures that fluentd does not get evicted if the node
# supports critical pod annotation based priority scheme.
# Note that this does not guarantee admission on the nodes (#40573).
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
serviceAccountName: fluentd-gcp
dnsPolicy: Default
hostNetwork: true
containers:
- name: fluentd-gcp
image: gcr.io/google-containers/fluentd-gcp:2.0.9
image: gcr.io/google-containers/fluentd-gcp:2.0.10
env:
- name: FLUENTD_ARGS
value: --no-supervisor -q
......@@ -82,17 +91,23 @@ spec:
fi;
# BEGIN_PROMETHEUS_TO_SD
- name: prometheus-to-sd-exporter
image: gcr.io/google-containers/prometheus-to-sd:v0.1.3
image: gcr.io/google-containers/prometheus-to-sd:v0.2.2
command:
- /monitor
- --component=fluentd
- --target-port=31337
- --stackdriver-prefix={{ prometheus_to_sd_prefix }}/addons
- --api-override={{ prometheus_to_sd_endpoint }}
- --whitelisted-metrics=stackdriver_successful_requests_count,stackdriver_failed_requests_count,stackdriver_ingested_entries_count,stackdriver_dropped_entries_count
volumeMounts:
- name: ssl-certs
mountPath: /etc/ssl/certs
- --source=fluentd:http://localhost:31337?whitelisted=stackdriver_successful_requests_count,stackdriver_failed_requests_count,stackdriver_ingested_entries_count,stackdriver_dropped_entries_count
- --pod-id=$(POD_NAME)
- --namespace-id=$(POD_NAMESPACE)
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
# END_PROMETHEUS_TO_SD
nodeSelector:
beta.kubernetes.io/fluentd-ds-ready: "true"
......@@ -118,6 +133,3 @@ spec:
- name: config-volume
configMap:
name: fluentd-gcp-config-v1.2.2
- name: ssl-certs
hostPath:
path: /etc/ssl/certs
......@@ -52,6 +52,9 @@ spec:
- mountPath: /run/xtables.lock
name: xtables-lock
readOnly: false
- mountPath: /lib/modules
name: lib-modules
readOnly: true
volumes:
- name: varlog
hostPath:
......@@ -60,4 +63,7 @@ spec:
hostPath:
path: /run/xtables.lock
type: FileOrCreate
- name: lib-modules
hostPath:
path: /lib/modules
serviceAccountName: kube-proxy
apiVersion: storage.k8s.io/v1beta1
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: gp2
......
apiVersion: storage.k8s.io/v1beta1
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: standard
......
apiVersion: storage.k8s.io/v1beta1
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: standard
......
apiVersion: storage.k8s.io/v1beta1
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
namespace: kube-system
......
apiVersion: storage.k8s.io/v1beta1
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: standard
......
apiVersion: storage.k8s.io/v1beta1
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: thin
......
......@@ -40,8 +40,7 @@ FLANNEL_DOWNLOAD_URL=\
ETCD_DOWNLOAD_URL=\
"https://github.com/coreos/etcd/releases/download/v${ETCD_VERSION}/etcd-v${ETCD_VERSION}-linux-amd64.tar.gz"
# TODO(#33726): switch to dl.k8s.io
K8S_CLIENT_DOWNLOAD_URL=\
"https://storage.googleapis.com/kubernetes-release/release/v${K8S_VERSION}/kubernetes-client-linux-amd64.tar.gz"
"https://dl.k8s.io/v${K8S_VERSION}/kubernetes-client-linux-amd64.tar.gz"
K8S_SERVER_DOWNLOAD_URL=\
"https://storage.googleapis.com/kubernetes-release/release/v${K8S_VERSION}/kubernetes-server-linux-amd64.tar.gz"
"https://dl.k8s.io/v${K8S_VERSION}/kubernetes-server-linux-amd64.tar.gz"
......@@ -16,7 +16,7 @@
MASTER_ADDRESS=${1:-"8.8.8.18"}
ETCD_SERVERS=${2:-"http://8.8.8.18:2379"}
ETCD_SERVERS=${2:-"https://8.8.8.18:2379"}
SERVICE_CLUSTER_IP_RANGE=${3:-"10.10.10.0/24"}
ADMISSION_CONTROL=${4:-""}
......
......@@ -15,7 +15,7 @@
# limitations under the License.
ETCD_SERVERS=${1:-"http://8.8.8.18:2379"}
ETCD_SERVERS=${1:-"https://8.8.8.18:2379"}
FLANNEL_NET=${2:-"172.16.0.0/16"}
CA_FILE="/srv/kubernetes/etcd/ca.pem"
......
......@@ -160,20 +160,6 @@ function clear-kubeconfig() {
echo "Cleared config for ${CONTEXT} from ${KUBECONFIG}"
}
# Creates a kubeconfig file with the credentials for only the current-context
# cluster. This is used by federation to create secrets in test setup.
function create-kubeconfig-for-federation() {
if [[ "${FEDERATION:-}" == "true" ]]; then
echo "creating kubeconfig for federation secret"
local kubectl="${KUBE_ROOT}/cluster/kubectl.sh"
local cc=$("${kubectl}" config view -o jsonpath='{.current-context}')
KUBECONFIG_DIR=$(dirname ${KUBECONFIG:-$DEFAULT_KUBECONFIG})
KUBECONFIG_PATH="${KUBECONFIG_DIR}/federation/kubernetes-apiserver/${cc}"
mkdir -p "${KUBECONFIG_PATH}"
"${kubectl}" config view --minify --flatten > "${KUBECONFIG_PATH}/kubeconfig"
fi
}
function tear_down_alive_resources() {
local kubectl="${KUBE_ROOT}/cluster/kubectl.sh"
"${kubectl}" delete deployments --all || true
......@@ -752,16 +738,6 @@ EOF
ENABLE_CUSTOM_METRICS: $(yaml-quote ${ENABLE_CUSTOM_METRICS})
EOF
fi
if [ -n "${ENABLE_METADATA_PROXY:-}" ]; then
cat >>$file <<EOF
ENABLE_METADATA_PROXY: $(yaml-quote ${ENABLE_METADATA_PROXY})
EOF
fi
if [ -n "${KUBE_FIREWALL_METADATA_SERVER:-}" ]; then
cat >>$file <<EOF
KUBE_FIREWALL_METADATA_SERVER: $(yaml-quote ${KUBE_FIREWALL_METADATA_SERVER})
EOF
fi
if [ -n "${FEATURE_GATES:-}" ]; then
cat >>$file <<EOF
FEATURE_GATES: $(yaml-quote ${FEATURE_GATES})
......@@ -844,6 +820,11 @@ EOF
ETCD_VERSION: $(yaml-quote ${ETCD_VERSION})
EOF
fi
if [ -n "${ETCD_HOSTNAME:-}" ]; then
cat >>$file <<EOF
ETCD_HOSTNAME: $(yaml-quote ${ETCD_HOSTNAME})
EOF
fi
if [ -n "${APISERVER_TEST_ARGS:-}" ]; then
cat >>$file <<EOF
APISERVER_TEST_ARGS: $(yaml-quote ${APISERVER_TEST_ARGS})
......@@ -941,17 +922,6 @@ AUTOSCALER_EXPANDER_CONFIG: $(yaml-quote ${AUTOSCALER_EXPANDER_CONFIG})
EOF
fi
# Federation specific environment variables.
if [[ -n "${FEDERATION:-}" ]]; then
cat >>$file <<EOF
FEDERATION: $(yaml-quote ${FEDERATION})
EOF
fi
if [ -n "${FEDERATION_NAME:-}" ]; then
cat >>$file <<EOF
FEDERATION_NAME: $(yaml-quote ${FEDERATION_NAME})
EOF
fi
if [ -n "${DNS_ZONE_NAME:-}" ]; then
cat >>$file <<EOF
DNS_ZONE_NAME: $(yaml-quote ${DNS_ZONE_NAME})
......
......@@ -34,6 +34,7 @@ filegroup(
name = "all-srcs",
srcs = [
":package-srcs",
"//cluster/gce/addons:all-srcs",
"//cluster/gce/gci/mounter:all-srcs",
],
tags = ["automanaged"],
......
package(default_visibility = ["//visibility:public"])
load("@io_bazel//tools/build_defs/pkg:pkg.bzl", "pkg_tar")
filegroup(
name = "addon-srcs",
srcs = glob(
[
"**/*.json",
"**/*.yaml",
"**/*.yaml.in",
],
exclude = ["**/*demo*/**"],
),
)
pkg_tar(
name = "addons",
extension = "tar.gz",
files = [
":addon-srcs",
],
mode = "0644",
strip_prefix = ".",
)
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [":package-srcs"],
tags = ["automanaged"],
)
# GCE Cluster addons
These cluster add-ons are specific to GCE and GKE clusters. The GCE-specific addon directory is
merged with the general cluster addon directory at release, so addon paths (relative to the addon
directory) must be unique across the 2 directory structures.
More details on addons in general can be found [here](../../addons/README.md).
......@@ -95,11 +95,7 @@ function get-cluster-ip-range {
if [[ "${NUM_NODES}" -gt 4000 ]]; then
suggested_range="10.64.0.0/11"
fi
echo "${suggested_range}"
echo "${suggested_range}"
}
if [[ "${FEDERATION:-}" == true ]]; then
NODE_SCOPES="${NODE_SCOPES:-monitoring,logging-write,storage-ro,https://www.googleapis.com/auth/ndev.clouddns.readwrite}"
else
NODE_SCOPES="${NODE_SCOPES:-monitoring,logging-write,storage-ro}"
fi
NODE_SCOPES="${NODE_SCOPES:-monitoring,logging-write,storage-ro}"
......@@ -79,6 +79,7 @@ MASTER_IMAGE=${KUBE_GCE_MASTER_IMAGE:-}
MASTER_IMAGE_PROJECT=${KUBE_GCE_MASTER_PROJECT:-cos-cloud}
NODE_IMAGE=${KUBE_GCE_NODE_IMAGE:-${GCI_VERSION}}
NODE_IMAGE_PROJECT=${KUBE_GCE_NODE_PROJECT:-cos-cloud}
NODE_SERVICE_ACCOUNT=${KUBE_GCE_NODE_SERVICE_ACCOUNT:-default}
CONTAINER_RUNTIME=${KUBE_CONTAINER_RUNTIME:-docker}
RKT_VERSION=${KUBE_RKT_VERSION:-1.23.0}
RKT_STAGE1_IMAGE=${KUBE_RKT_STAGE1_IMAGE:-coreos.com/rkt/stage1-coreos}
......@@ -102,11 +103,7 @@ MASTER_IP_RANGE="${MASTER_IP_RANGE:-10.246.0.0/24}"
# It is the primary range in the subnet and is the range used for node instance IPs.
NODE_IP_RANGE="$(get-node-ip-range)"
if [[ "${FEDERATION:-}" == true ]]; then
NODE_SCOPES="${NODE_SCOPES:-monitoring,logging-write,storage-ro,https://www.googleapis.com/auth/ndev.clouddns.readwrite}"
else
NODE_SCOPES="${NODE_SCOPES:-monitoring,logging-write,storage-ro}"
fi
NODE_SCOPES="${NODE_SCOPES:-monitoring,logging-write,storage-ro}"
# Extra docker options for nodes.
EXTRA_DOCKER_OPTS="${EXTRA_DOCKER_OPTS:-}"
......@@ -153,12 +150,16 @@ if [[ ${NETWORK_POLICY_PROVIDER:-} == "calico" ]]; then
NODE_LABELS="${NODE_LABELS},projectcalico.org/ds-ready=true"
fi
# Currently, ENABLE_METADATA_PROXY supports only "simple". In the future, we
# may add other options.
ENABLE_METADATA_PROXY="${ENABLE_METADATA_PROXY:-}"
# Apply the right node label if metadata proxy is on.
if [[ ${ENABLE_METADATA_PROXY:-} == "simple" ]]; then
NODE_LABELS="${NODE_LABELS},beta.kubernetes.io/metadata-proxy-ready=true"
# Enable metadata concealment by firewalling pod traffic to the metadata server
# and run a proxy daemonset on nodes.
#
# TODO(#8867) Enable by default.
ENABLE_METADATA_CONCEALMENT="${ENABLE_METADATA_CONCEALMENT:-false}" # true, false
if [[ ${ENABLE_METADATA_CONCEALMENT:-} == "true" ]]; then
# Put the necessary label on the node so the daemonset gets scheduled.
NODE_LABELS="${NODE_LABELS},beta.kubernetes.io/metadata-proxy-ready=true"
# Add to the provider custom variables.
PROVIDER_VARS="${PROVIDER_VARS:-} ENABLE_METADATA_CONCEALMENT"
fi
# Optional: Enable node logging.
......
......@@ -78,6 +78,7 @@ MASTER_IMAGE=${KUBE_GCE_MASTER_IMAGE:-}
MASTER_IMAGE_PROJECT=${KUBE_GCE_MASTER_PROJECT:-cos-cloud}
NODE_IMAGE=${KUBE_GCE_NODE_IMAGE:-${GCI_VERSION}}
NODE_IMAGE_PROJECT=${KUBE_GCE_NODE_PROJECT:-cos-cloud}
NODE_SERVICE_ACCOUNT=${KUBE_GCE_NODE_SERVICE_ACCOUNT:-default}
CONTAINER_RUNTIME=${KUBE_CONTAINER_RUNTIME:-docker}
GCI_DOCKER_VERSION=${KUBE_GCI_DOCKER_VERSION:-}
RKT_VERSION=${KUBE_RKT_VERSION:-1.23.0}
......@@ -204,9 +205,14 @@ if [[ ${NETWORK_POLICY_PROVIDER:-} == "calico" ]]; then
NODE_LABELS="$NODE_LABELS,projectcalico.org/ds-ready=true"
fi
# Apply the right node label if metadata proxy is on.
if [[ ${ENABLE_METADATA_PROXY:-} == "simple" ]]; then
NODE_LABELS="${NODE_LABELS},beta.kubernetes.io/metadata-proxy-ready=true"
# Enable metadata concealment by firewalling pod traffic to the metadata server
# and run a proxy daemonset on nodes.
ENABLE_METADATA_CONCEALMENT="${ENABLE_METADATA_CONCEALMENT:-true}" # true, false
if [[ ${ENABLE_METADATA_CONCEALMENT:-} == "true" ]]; then
# Put the necessary label on the node so the daemonset gets scheduled.
NODE_LABELS="${NODE_LABELS},beta.kubernetes.io/metadata-proxy-ready=true"
# Add to the provider custom variables.
PROVIDER_VARS="${PROVIDER_VARS:-} ENABLE_METADATA_CONCEALMENT"
fi
# Optional: Enable node logging.
......@@ -293,7 +299,7 @@ if [[ -n "${GCE_GLBC_IMAGE:-}" ]]; then
fi
# If we included ResourceQuota, we should keep it at the end of the list to prevent incrementing quota usage prematurely.
ADMISSION_CONTROL="${KUBE_ADMISSION_CONTROL:-Initializers,NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,PodPreset,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,Priority,ResourceQuota}"
ADMISSION_CONTROL="${KUBE_ADMISSION_CONTROL:-Initializers,NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,PodPreset,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,Priority,ResourceQuota,GenericAdmissionWebhook}"
# Optional: if set to true kube-up will automatically check for existing resources and clean them up.
KUBE_UP_AUTOMATIC_CLEANUP=${KUBE_UP_AUTOMATIC_CLEANUP:-false}
......
......@@ -93,7 +93,7 @@ function config-ip-firewall {
iptables -N KUBE-METADATA-SERVER
iptables -I FORWARD -p tcp -d 169.254.169.254 --dport 80 -j KUBE-METADATA-SERVER
if [[ -n "${KUBE_FIREWALL_METADATA_SERVER:-}" ]]; then
if [[ "${ENABLE_METADATA_CONCEALMENT:-}" == "true" ]]; then
iptables -A KUBE-METADATA-SERVER -j DROP
fi
}
......@@ -419,7 +419,7 @@ enable_cluster_ui: '$(echo "$ENABLE_CLUSTER_UI" | sed -e "s/'/''/g")'
enable_node_problem_detector: '$(echo "$ENABLE_NODE_PROBLEM_DETECTOR" | sed -e "s/'/''/g")'
enable_l7_loadbalancing: '$(echo "$ENABLE_L7_LOADBALANCING" | sed -e "s/'/''/g")'
enable_node_logging: '$(echo "$ENABLE_NODE_LOGGING" | sed -e "s/'/''/g")'
enable_metadata_proxy: '$(echo "$ENABLE_METADATA_PROXY" | sed -e "s/'/''/g")'
enable_metadata_proxy: '$(echo "$ENABLE_METADATA_CONCEALMENT" | sed -e "s/'/''/g")'
enable_metrics_server: '$(echo "$ENABLE_METRICS_SERVER" | sed -e "s/'/''/g")'
enable_rescheduler: '$(echo "$ENABLE_RESCHEDULER" | sed -e "s/'/''/g")'
logging_destination: '$(echo "$LOGGING_DESTINATION" | sed -e "s/'/''/g")'
......@@ -447,7 +447,7 @@ kube_uid: '$(echo "${KUBE_UID}" | sed -e "s/'/''/g")'
initial_etcd_cluster: '$(echo "${INITIAL_ETCD_CLUSTER:-}" | sed -e "s/'/''/g")'
initial_etcd_cluster_state: '$(echo "${INITIAL_ETCD_CLUSTER_STATE:-}" | sed -e "s/'/''/g")'
ca_cert_bundle_path: '$(echo "${CA_CERT_BUNDLE_PATH:-}" | sed -e "s/'/''/g")'
hostname: $(hostname -s)
hostname: '$(echo "${ETCD_HOSTNAME:-$(hostname -s)}" | sed -e "s/'/''/g")'
enable_pod_priority: '$(echo "${ENABLE_POD_PRIORITY:-}" | sed -e "s/'/''/g")'
enable_default_storage_class: '$(echo "$ENABLE_DEFAULT_STORAGE_CLASS" | sed -e "s/'/''/g")'
kube_proxy_daemonset: '$(echo "$KUBE_PROXY_DAEMONSET" | sed -e "s/'/''/g")'
......
......@@ -239,7 +239,7 @@ EOF
if [[ -n "${SECONDARY_RANGE_NAME:-}" ]]; then
use_cloud_config="true"
cat <<EOF >> /etc/gce.conf
secondary-range-name = ${SECONDARY-RANGE-NAME}
secondary-range-name = ${SECONDARY_RANGE_NAME}
EOF
fi
if [[ "${use_cloud_config}" != "true" ]]; then
......@@ -730,7 +730,7 @@ function start-kube-proxy {
# $4: value for variable 'cpulimit'
# $5: pod name, which should be either etcd or etcd-events
function prepare-etcd-manifest {
local host_name=$(hostname -s)
local host_name=${ETCD_HOSTNAME:-$(hostname -s)}
local etcd_cluster=""
local cluster_state="new"
local etcd_protocol="http"
......@@ -964,9 +964,13 @@ function start-kube-apiserver {
fi
if [[ -n "${PROJECT_ID:-}" && -n "${TOKEN_URL:-}" && -n "${TOKEN_BODY:-}" && -n "${NODE_NETWORK:-}" ]]; then
local -r vm_external_ip=$(curl --retry 5 --retry-delay 3 --fail --silent -H 'Metadata-Flavor: Google' "http://metadata/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip")
params+=" --advertise-address=${vm_external_ip}"
params+=" --ssh-user=${PROXY_SSH_USER}"
params+=" --ssh-keyfile=/etc/srv/sshproxy/.sshkeyfile"
if [[ -n "${PROXY_SSH_USER:-}" ]]; then
params+=" --advertise-address=${vm_external_ip}"
params+=" --ssh-user=${PROXY_SSH_USER}"
params+=" --ssh-keyfile=/etc/srv/sshproxy/.sshkeyfile"
else
params+=" --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
fi
elif [ -n "${MASTER_ADVERTISE_ADDRESS:-}" ]; then
params="${params} --advertise-address=${MASTER_ADVERTISE_ADDRESS}"
fi
......@@ -1282,6 +1286,13 @@ function start-kube-addons {
setup-addon-manifests "addons" "dns"
local -r kubedns_file="${dst_dir}/dns/kube-dns.yaml"
mv "${dst_dir}/dns/kube-dns.yaml.in" "${kubedns_file}"
if [ -n "${CUSTOM_KUBE_DNS_YAML:-}" ]; then
# Replace with custom GKE kube-dns deployment.
cat > "${kubedns_file}" <<EOF
$(echo "$CUSTOM_KUBE_DNS_YAML")
EOF
update-prometheus-to-sd-parameters ${kubedns_file}
fi
# Replace the salt configurations with variable values.
sed -i -e "s@{{ *pillar\['dns_domain'\] *}}@${DNS_DOMAIN}@g" "${kubedns_file}"
sed -i -e "s@{{ *pillar\['dns_server'\] *}}@${DNS_SERVER_IP}@g" "${kubedns_file}"
......
......@@ -52,7 +52,7 @@ function config-ip-firewall {
iptables -N KUBE-METADATA-SERVER
iptables -I FORWARD -p tcp -d 169.254.169.254 --dport 80 -j KUBE-METADATA-SERVER
if [[ -n "${KUBE_FIREWALL_METADATA_SERVER:-}" ]]; then
if [[ "${ENABLE_METADATA_CONCEALMENT:-}" == "true" ]]; then
iptables -A KUBE-METADATA-SERVER -j DROP
fi
}
......@@ -405,7 +405,7 @@ EOF
if [[ -n "${SECONDARY_RANGE_NAME:-}" ]]; then
use_cloud_config="true"
cat <<EOF >> /etc/gce.conf
secondary-range-name = ${SECONDARY-RANGE-NAME}
secondary-range-name = ${SECONDARY_RANGE_NAME}
EOF
fi
if [[ "${use_cloud_config}" != "true" ]]; then
......@@ -1119,7 +1119,7 @@ function start-kube-proxy {
# $4: value for variable 'cpulimit'
# $5: pod name, which should be either etcd or etcd-events
function prepare-etcd-manifest {
local host_name=$(hostname)
local host_name=${ETCD_HOSTNAME:-$(hostname -s)}
local etcd_cluster=""
local cluster_state="new"
local etcd_protocol="http"
......@@ -1423,9 +1423,13 @@ function start-kube-apiserver {
fi
if [[ -n "${PROJECT_ID:-}" && -n "${TOKEN_URL:-}" && -n "${TOKEN_BODY:-}" && -n "${NODE_NETWORK:-}" ]]; then
local -r vm_external_ip=$(curl --retry 5 --retry-delay 3 --fail --silent -H 'Metadata-Flavor: Google' "http://metadata/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip")
params+=" --advertise-address=${vm_external_ip}"
params+=" --ssh-user=${PROXY_SSH_USER}"
params+=" --ssh-keyfile=/etc/srv/sshproxy/.sshkeyfile"
if [[ -n "${PROXY_SSH_USER:-}" ]]; then
params+=" --advertise-address=${vm_external_ip}"
params+=" --ssh-user=${PROXY_SSH_USER}"
params+=" --ssh-keyfile=/etc/srv/sshproxy/.sshkeyfile"
else
params+=" --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
fi
elif [ -n "${MASTER_ADVERTISE_ADDRESS:-}" ]; then
params="${params} --advertise-address=${MASTER_ADVERTISE_ADDRESS}"
fi
......@@ -1791,6 +1795,13 @@ function start-kube-addons {
setup-addon-manifests "addons" "dns"
local -r kubedns_file="${dst_dir}/dns/kube-dns.yaml"
mv "${dst_dir}/dns/kube-dns.yaml.in" "${kubedns_file}"
if [ -n "${CUSTOM_KUBE_DNS_YAML:-}" ]; then
# Replace with custom GKE kube-dns deployment.
cat > "${kubedns_file}" <<EOF
$(echo "$CUSTOM_KUBE_DNS_YAML")
EOF
update-prometheus-to-sd-parameters ${kubedns_file}
fi
# Replace the salt configurations with variable values.
sed -i -e "s@{{ *pillar\['dns_domain'\] *}}@${DNS_DOMAIN}@g" "${kubedns_file}"
sed -i -e "s@{{ *pillar\['dns_server'\] *}}@${DNS_SERVER_IP}@g" "${kubedns_file}"
......@@ -1851,7 +1862,7 @@ function start-kube-addons {
if [[ "${ENABLE_IP_MASQ_AGENT:-}" == "true" ]]; then
setup-addon-manifests "addons" "ip-masq-agent"
fi
if [[ "${ENABLE_METADATA_PROXY:-}" == "simple" ]]; then
if [[ "${ENABLE_METADATA_CONCEALMENT:-}" == "true" ]]; then
setup-addon-manifests "addons" "metadata-proxy/gce"
fi
......
......@@ -84,7 +84,8 @@ if [[ "${ENABLE_CLUSTER_AUTOSCALER}" == "true" ]]; then
fi
fi
NODE_INSTANCE_PREFIX="${INSTANCE_PREFIX}-minion"
NODE_INSTANCE_PREFIX=${NODE_INSTANCE_PREFIX:-"${INSTANCE_PREFIX}-minion"}
NODE_TAGS="${NODE_TAG}"
ALLOCATE_NODE_CIDRS=true
......@@ -401,12 +402,12 @@ function detect-master() {
if [[ -z "${KUBE_MASTER_IP-}" ]]; then
local master_address_name="${MASTER_NAME}-ip"
echo "Looking for address '${master_address_name}'" >&2
KUBE_MASTER_IP=$(gcloud compute addresses describe "${master_address_name}" \
--project "${PROJECT}" --region "${REGION}" -q --format='value(address)')
fi
if [[ -z "${KUBE_MASTER_IP-}" ]]; then
echo "Could not detect Kubernetes master node. Make sure you've launched a cluster with 'kube-up.sh'" >&2
exit 1
if ! KUBE_MASTER_IP=$(gcloud compute addresses describe "${master_address_name}" \
--project "${PROJECT}" --region "${REGION}" -q --format='value(address)') || \
[[ -z "${KUBE_MASTER_IP-}" ]]; then
echo "Could not detect Kubernetes master node. Make sure you've launched a cluster with 'kube-up.sh'" >&2
exit 1
fi
fi
echo "Using master: $KUBE_MASTER (external IP: $KUBE_MASTER_IP)" >&2
}
......@@ -616,6 +617,7 @@ function create-node-template() {
--boot-disk-size "${NODE_DISK_SIZE}" \
--image-project="${NODE_IMAGE_PROJECT}" \
--image "${NODE_IMAGE}" \
--service-account "${NODE_SERVICE_ACCOUNT}" \
--tags "${NODE_TAG}" \
${accelerator_args} \
${local_ssds} \
......@@ -1355,6 +1357,7 @@ function create-nodes() {
# - NODE_DISK_SIZE
# - NODE_IMAGE_PROJECT
# - NODE_IMAGE
# - NODE_SERVICE_ACCOUNT
# - NODE_TAG
# - NETWORK
# - ENABLE_IP_ALIASES
......@@ -1385,6 +1388,7 @@ function create-heapster-node() {
--boot-disk-size "${NODE_DISK_SIZE}" \
--image-project="${NODE_IMAGE_PROJECT}" \
--image "${NODE_IMAGE}" \
--service-account "${NODE_SERVICE_ACCOUNT}" \
--tags "${NODE_TAG}" \
${network} \
$(get-scope-flags) \
......@@ -1503,8 +1507,6 @@ function check-cluster() {
# Update the user's kubeconfig to include credentials for this apiserver.
create-kubeconfig
create-kubeconfig-for-federation
)
# ensures KUBECONFIG is set
......@@ -2187,13 +2189,6 @@ function prepare-e2e() {
# easiest way to buy us a little more room.
function prepare-startup-script() {
# Find a standard sed instance (and ensure that the command works as expected on a Mac).
SED=sed
if which gsed &>/dev/null; then
SED=gsed
fi
if ! ($SED --version 2>&1 | grep -q GNU); then
echo "!!! GNU sed is required. If on OS X, use 'brew install gnu-sed'."
exit 1
fi
$SED '/^\s*#\([^!].*\)*$/ d' ${KUBE_ROOT}/cluster/gce/configure-vm.sh > ${KUBE_TEMP}/configure-vm.sh
kube::util::ensure-gnu-sed
${SED} '/^\s*#\([^!].*\)*$/ d' ${KUBE_ROOT}/cluster/gce/configure-vm.sh > ${KUBE_TEMP}/configure-vm.sh
}
......@@ -11,16 +11,12 @@ docker_build(
for path in [
"/apiserver",
"/controller-manager",
"/federation-apiserver",
"/federation-controller-manager",
"/kubectl",
"/kubelet",
"/proxy",
"/scheduler",
"/usr/local/bin/kube-apiserver",
"/usr/local/bin/kube-controller-manager",
"/usr/local/bin/federation-apiserver",
"/usr/local/bin/federation-controller-manager",
"/usr/local/bin/kubectl",
"/usr/local/bin/kubelet",
"/usr/local/bin/kube-proxy",
......
......@@ -15,23 +15,20 @@
FROM BASEIMAGE
# Create symlinks for each hyperkube server
# Also create symlinks to /usr/local/bin/ where the server image binaries live, so the hyperkube image may be
# Also create symlinks to /usr/local/bin/ where the server image binaries live, so the hyperkube image may be
# used instead of gcr.io/google_containers/kube-* without any modifications.
# TODO: replace manual symlink creation with --make-symlink command once
# cross-building with qemu supports go binaries. See #28702
# RUN /hyperkube --make-symlinks
RUN ln -s /hyperkube /apiserver \
&& ln -s /hyperkube /controller-manager \
&& ln -s /hyperkube /federation-apiserver \
&& ln -s /hyperkube /federation-controller-manager \
&& ln -s /hyperkube /kubectl \
&& ln -s /hyperkube /kubelet \
&& ln -s /hyperkube /proxy \
&& ln -s /hyperkube /scheduler \
&& ln -s /hyperkube /aggerator \
&& ln -s /hyperkube /usr/local/bin/kube-apiserver \
&& ln -s /hyperkube /usr/local/bin/kube-controller-manager \
&& ln -s /hyperkube /usr/local/bin/federation-apiserver \
&& ln -s /hyperkube /usr/local/bin/federation-controller-manager \
&& ln -s /hyperkube /usr/local/bin/kubectl \
&& ln -s /hyperkube /usr/local/bin/kubelet \
&& ln -s /hyperkube /usr/local/bin/kube-proxy \
......
......@@ -21,7 +21,7 @@ REGISTRY?=gcr.io/google-containers
ARCH?=amd64
HYPERKUBE_BIN?=_output/dockerized/bin/linux/$(ARCH)/hyperkube
BASEIMAGE=gcr.io/google-containers/debian-hyperkube-base-$(ARCH):0.4
BASEIMAGE=gcr.io/google-containers/debian-hyperkube-base-$(ARCH):0.6
TEMP_DIR:=$(shell mktemp -d -t hyperkubeXXXXXX)
all: build
......
......@@ -22,6 +22,7 @@ from charms.reactive import is_state
from charms.reactive import set_state
from charms.reactive import when
from charms.reactive import when_not
from charms.reactive.helpers import data_changed
from charmhelpers.core import hookenv
......@@ -31,6 +32,9 @@ from subprocess import check_call
from subprocess import check_output
USER = 'system:e2e'
@hook('upgrade-charm')
def reset_delivery_states():
''' Remove the state set when resources are unpacked. '''
......@@ -87,7 +91,8 @@ def install_snaps():
@when('tls_client.ca.saved', 'tls_client.client.certificate.saved',
'tls_client.client.key.saved', 'kubernetes-master.available',
'kubernetes-e2e.installed', 'kube-control.auth.available')
'kubernetes-e2e.installed', 'e2e.auth.bootstrapped',
'kube-control.auth.available')
@when_not('kubeconfig.ready')
def prepare_kubeconfig_certificates(master, kube_control):
''' Prepare the data to feed to create the kubeconfig file. '''
......@@ -95,7 +100,8 @@ def prepare_kubeconfig_certificates(master, kube_control):
layer_options = layer.options('tls-client')
# Get all the paths to the tls information required for kubeconfig.
ca = layer_options.get('ca_certificate_path')
creds = kube_control.get_auth_credentials()
creds = kube_control.get_auth_credentials(USER)
data_changed('kube-control.creds', creds)
servers = get_kube_api_servers(master)
......@@ -118,11 +124,18 @@ def prepare_kubeconfig_certificates(master, kube_control):
def request_credentials(kube_control):
""" Request authorization creds."""
# The kube-cotrol interface is created to support RBAC.
# At this point we might as well do the right thing and return the hostname
# even if it will only be used when we enable RBAC
user = 'system:masters'
kube_control.set_auth_request(user)
# Ask for a user, although we will be using the 'client_token'
kube_control.set_auth_request(USER)
@when('kube-control.auth.available')
def catch_change_in_creds(kube_control):
"""Request a service restart in case credential updates were detected."""
creds = kube_control.get_auth_credentials(USER)
if creds \
and data_changed('kube-control.creds', creds) \
and creds['user'] == USER:
set_state('e2e.auth.bootstrapped')
@when('kubernetes-e2e.installed', 'kubeconfig.ready')
......
......@@ -54,6 +54,10 @@ The domain name to use for the Kubernetes cluster for DNS.
Enables the installation of Kubernetes dashboard, Heapster, Grafana, and
InfluxDB.
#### enable-rbac
Enable RBAC and Node authorisation.
# DNS for the cluster
The DNS add-on allows the pods to have a DNS names in addition to IP addresses.
......
......@@ -46,3 +46,9 @@ options:
runtime-config=batch/v2alpha1=true profiling=true
will result in kube-apiserver being run with the following options:
--runtime-config=batch/v2alpha1=true --profiling=true
authorization-mode:
type: string
default: "AlwaysAllow"
description: |
Comma separated authorization modes. Allowed values are
"RBAC", "Node", "Webhook", "ABAC", "AlwaysDeny" and "AlwaysAllow".
......@@ -34,7 +34,7 @@ if not context['replicas']:
context['replicas'] = 3
# Declare a kubectl template when invoking kubectl
kubectl = ['kubectl', '--kubeconfig=/root/cdk/kubeconfig']
kubectl = ['kubectl', '--kubeconfig=/root/.kube/config']
# Remove deployment if requested
if context['delete']:
......
......@@ -21,8 +21,8 @@ fi
# Cordon and drain the unit
kubectl --kubeconfig=/root/cdk/kubeconfig cordon $(hostname)
kubectl --kubeconfig=/root/cdk/kubeconfig drain $(hostname) ${EXTRA_FLAGS}
kubectl --kubeconfig=/root/.kube/config cordon $(hostname)
kubectl --kubeconfig=/root/.kube/config drain $(hostname) ${EXTRA_FLAGS}
# Set status to indicate the unit is paused and under maintenance.
status-set 'waiting' 'Kubernetes unit paused'
......@@ -57,7 +57,7 @@ if param_error:
context['ingress'] = action_get('ingress')
# Declare a kubectl template when invoking kubectl
kubectl = ['kubectl', '--kubeconfig=/root/cdk/kubeconfig']
kubectl = ['kubectl', '--kubeconfig=/root/.kube/config']
# Remove deployment if requested
if deletion:
......
......@@ -4,5 +4,5 @@ set -ex
export PATH=$PATH:/snap/bin
kubectl --kubeconfig=/root/cdk/kubeconfig uncordon $(hostname)
kubectl --kubeconfig=/root/.kube/config uncordon $(hostname)
status-set 'active' 'Kubernetes unit resumed'
......@@ -37,7 +37,7 @@ from charms.kubernetes.flagmanager import FlagManager
from charms.reactive.helpers import data_changed, any_file_changed
from charms.templating.jinja2 import render
from charmhelpers.core import hookenv, unitdata
from charmhelpers.core import hookenv
from charmhelpers.core.host import service_stop, service_restart
from charmhelpers.contrib.charmsupport import nrpe
......@@ -47,11 +47,11 @@ from charmhelpers.contrib.charmsupport import nrpe
nrpe.Check.shortname_re = '[\.A-Za-z0-9-_]+$'
kubeconfig_path = '/root/cdk/kubeconfig'
kubeproxyconfig_path = '/root/cdk/kubeproxyconfig'
kubeclientconfig_path = '/root/.kube/config'
os.environ['PATH'] += os.pathsep + os.path.join(os.sep, 'snap', 'bin')
db = unitdata.kv()
@hook('upgrade-charm')
def upgrade_charm():
......@@ -319,7 +319,8 @@ def watch_for_changes(kube_api, kube_control, cni):
'tls_client.client.key.saved', 'tls_client.server.certificate.saved',
'tls_client.server.key.saved',
'kube-control.dns.available', 'kube-control.auth.available',
'cni.available', 'kubernetes-worker.restart-needed')
'cni.available', 'kubernetes-worker.restart-needed',
'worker.auth.bootstrapped')
def start_worker(kube_api, kube_control, auth_control, cni):
''' Start kubelet using the provided API and DNS info.'''
servers = get_kube_api_servers(kube_api)
......@@ -335,7 +336,8 @@ def start_worker(kube_api, kube_control, auth_control, cni):
hookenv.log('Waiting for cluster cidr.')
return
creds = kube_control.get_auth_credentials()
nodeuser = 'system:node:{}'.format(gethostname())
creds = kube_control.get_auth_credentials(nodeuser)
data_changed('kube-control.creds', creds)
# set --allow-privileged flag for kubelet
......@@ -458,11 +460,13 @@ def create_config(server, creds):
cmd = ['chown', '-R', 'ubuntu:ubuntu', '/home/ubuntu/.kube']
check_call(cmd)
# Create kubernetes configuration in the default location for root.
create_kubeconfig('/root/.kube/config', server, ca,
create_kubeconfig(kubeclientconfig_path, server, ca,
token=creds['client_token'], user='root')
# Create kubernetes configuration for kubelet, and kube-proxy services.
create_kubeconfig(kubeconfig_path, server, ca,
token=creds['kubelet_token'], user='kubelet')
create_kubeconfig(kubeproxyconfig_path, server, ca,
token=creds['proxy_token'], user='kube-proxy')
def configure_worker_services(api_servers, dns, cluster_cidr):
......@@ -491,7 +495,7 @@ def configure_worker_services(api_servers, dns, cluster_cidr):
kube_proxy_opts = FlagManager('kube-proxy')
kube_proxy_opts.add('cluster-cidr', cluster_cidr)
kube_proxy_opts.add('kubeconfig', kubeconfig_path)
kube_proxy_opts.add('kubeconfig', kubeproxyconfig_path)
kube_proxy_opts.add('logtostderr', 'true')
kube_proxy_opts.add('v', '0')
kube_proxy_opts.add('master', random.choice(api_servers), strict=True)
......@@ -613,7 +617,7 @@ def get_kube_api_servers(kube_api):
def kubectl(*args):
''' Run a kubectl cli command with a config file. Returns stdout and throws
an error if the command fails. '''
command = ['kubectl', '--kubeconfig=' + kubeconfig_path] + list(args)
command = ['kubectl', '--kubeconfig=' + kubeclientconfig_path] + list(args)
hookenv.log('Executing {}'.format(command))
return check_output(command)
......@@ -817,11 +821,15 @@ def request_kubelet_and_proxy_credentials(kube_control):
kube_control.set_auth_request(nodeuser)
@when('kube-control.auth.available')
@when('kube-control.connected')
def catch_change_in_creds(kube_control):
"""Request a service restart in case credential updates were detected."""
creds = kube_control.get_auth_credentials()
if data_changed('kube-control.creds', creds):
nodeuser = 'system:node:{}'.format(gethostname())
creds = kube_control.get_auth_credentials(nodeuser)
if creds \
and data_changed('kube-control.creds', creds) \
and creds['user'] == nodeuser:
set_state('worker.auth.bootstrapped')
set_state('kubernetes-worker.restart-needed')
......@@ -840,6 +848,16 @@ def missing_kube_control():
hookenv.service_name()))
@when('docker.ready')
def fix_iptables_for_docker_1_13():
""" Fix iptables FORWARD policy for Docker >=1.13
https://github.com/kubernetes/kubernetes/issues/40182
https://github.com/kubernetes/kubernetes/issues/39823
"""
cmd = ['iptables', '-w', '300', '-P', 'FORWARD', 'ACCEPT']
check_call(cmd)
def _systemctl_is_active(application):
''' Poll systemctl to determine if the application is running '''
cmd = ['systemctl', 'is-active', application]
......
......@@ -32,12 +32,13 @@ apiVersion: v1
kind: Service
metadata:
name: default-http-backend
# namespace: kube-system
labels:
app: default-http-backend
k8s-app: default-http-backend
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
- port: 80
protocol: TCP
targetPort: 80
selector:
app: default-http-backend
apiVersion: v1
kind: ServiceAccount
metadata:
name: nginx-ingress-serviceaccount
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: nginx-ingress-clusterrole
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- "extensions"
resources:
- ingresses/status
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: nginx-ingress-role
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
# Defaults to "<election-id>-<ingress-class>"
# Here: "<ingress-controller-leader>-<nginx>"
# This has to be adapted if you change either parameter
# when launching the nginx-ingress-controller.
- "ingress-controller-leader-nginx"
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- create
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: nginx-ingress-role-nisa-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: nginx-ingress-role
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: nginx-ingress-clusterrole-nisa-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: nginx-ingress-clusterrole
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: default
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-load-balancer-conf
......@@ -23,6 +147,7 @@ spec:
# hostPort doesn't work with CNI, so we have to use hostNetwork instead
# see https://github.com/kubernetes/kubernetes/issues/23920
hostNetwork: true
serviceAccountName: nginx-ingress-serviceaccount
containers:
- image: {{ ingress_image }}
name: nginx-ingress-lb
......
......@@ -38,59 +38,3 @@ PROVIDER_UTILS="${KUBE_ROOT}/cluster/${KUBERNETES_PROVIDER}/util.sh"
if [ -f ${PROVIDER_UTILS} ]; then
source "${PROVIDER_UTILS}"
fi
# Federation utils
# Sets the kubeconfig context value for the current cluster.
# Args:
# $1: zone (required)
#
# Vars set:
# CLUSTER_CONTEXT
function kubeconfig-federation-context() {
if [[ -z "${1:-}" ]]; then
echo "zone parameter is required"
exit 1
fi
CLUSTER_CONTEXT="federation-e2e-${KUBERNETES_PROVIDER}-${1}"
}
# Should NOT be called within the global scope, unless setting the desired global zone vars
# This function is currently NOT USED in the global scope
function set-federation-zone-vars {
zone="$1"
kubeconfig-federation-context "${zone}"
export OVERRIDE_CONTEXT="${CLUSTER_CONTEXT}"
echo "Setting zone vars to: $OVERRIDE_CONTEXT"
if [[ "$KUBERNETES_PROVIDER" == "gce" ]];then
# This needs a revamp, but for now e2e zone name is used as the unique
# cluster identifier in our e2e tests and we will continue to use that
# pattern.
export CLUSTER_NAME="${zone}"
export KUBE_GCE_ZONE="${zone}"
# gcloud has a 61 character limit, and for firewall rules this
# prefix gets appended to itself, with some extra information
# need tot keep it short
export KUBE_GCE_INSTANCE_PREFIX="${USER}-${zone}"
elif [[ "$KUBERNETES_PROVIDER" == "gke" ]];then
export CLUSTER_NAME="${USER}-${zone}"
elif [[ "$KUBERNETES_PROVIDER" == "aws" ]];then
export KUBE_AWS_ZONE="$zone"
export KUBE_AWS_INSTANCE_PREFIX="${USER}-${zone}"
# WARNING: This is hack
# After KUBE_AWS_INSTANCE_PREFIX is changed,
# we need to make sure the config-xxx.sh file is
# re-sourced so the change propogates to dependent computed values
# (eg: MASTER_SG_NAME, NODE_SG_NAME, etc)
source "${KUBE_ROOT}/cluster/aws/util.sh"
else
echo "Provider \"${KUBERNETES_PROVIDER}\" is not supported"
exit 1
fi
}
#!/bin/bash
# Copyright 2014 The Kubernetes Authors.
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
......@@ -14,13 +13,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
# Pushes federation container images to existing repositories
set -o errexit
set -o nounset
set -o pipefail
set -x
KUBE_ROOT=$(dirname "${BASH_SOURCE}")/../..
NODE_INSTANCE_PREFIX=${NODE_INSTANCE_PREFIX:-"${INSTANCE_PREFIX}-node"}
make -C "${KUBE_ROOT}/federation/" build_image
make -C "${KUBE_ROOT}/federation/" push
source "${KUBE_ROOT}/cluster/gce/util.sh"
......@@ -37,9 +37,9 @@ else
readonly use_custom_instance_list=
fi
readonly master_ssh_supported_providers="gce aws"
readonly node_ssh_supported_providers="gce gke aws"
readonly gcloud_supported_providers="gce gke"
readonly master_ssh_supported_providers="gce aws kubernetes-anywhere"
readonly node_ssh_supported_providers="gce gke aws kubernetes-anywhere"
readonly gcloud_supported_providers="gce gke kubernetes-anywhere"
readonly master_logfiles="kube-apiserver kube-apiserver-audit kube-scheduler rescheduler kube-controller-manager etcd etcd-events glbc cluster-autoscaler kube-addon-manager fluentd"
readonly node_logfiles="kube-proxy fluentd node-problem-detector"
......@@ -141,7 +141,7 @@ function save-logs() {
fi
else
case "${KUBERNETES_PROVIDER}" in
gce|gke)
gce|gke|kubernetes-anywhere)
files="${files} ${gce_logfiles}"
;;
aws)
......
......@@ -20,12 +20,15 @@ type: Opaque
data:
service-account.json: {{.ServiceAccountCredentials}}
---
apiVersion: extensions/v1beta1
apiVersion: apps/v1beta2
kind: DaemonSet
metadata:
name: logexporter
namespace: {{.LogexporterNamespace}}
spec:
selector:
matchLabels:
app: logexporter
template:
metadata:
labels:
......
......@@ -25,7 +25,7 @@
"containers": [
{
"name": "cluster-autoscaler",
"image": "gcr.io/google_containers/cluster-autoscaler:v1.0.1-beta1",
"image": "gcr.io/google_containers/cluster-autoscaler:v1.0.1",
"livenessProbe": {
"httpGet": {
"path": "/health-check",
......
......@@ -27,7 +27,56 @@ spec:
command:
- /bin/sh
- -c
- "for i in gcr.io/google_containers/alpine-with-bash:1.0 gcr.io/google_containers/apparmor-loader:0.1 gcr.io/google_containers/busybox:1.24 gcr.io/google_containers/dnsutils:e2e gcr.io/google_containers/e2e-net-amd64:1.0 gcr.io/google_containers/echoserver:1.6 gcr.io/google_containers/eptest:0.1 gcr.io/google_containers/fakegitserver:0.1 gcr.io/google_containers/galera-install:0.1 gcr.io/google_containers/hostexec:1.2 gcr.io/google_containers/invalid-image:invalid-tag gcr.io/google_containers/iperf:e2e gcr.io/google_containers/jessie-dnsutils:e2e gcr.io/google_containers/k8s-dns-dnsmasq-amd64:1.14.5 gcr.io/google_containers/liveness:e2e gcr.io/google_containers/logs-generator:v0.1.0 gcr.io/google_containers/mounttest:0.8 gcr.io/google_containers/mounttest-user:0.5 gcr.io/google_containers/mysql-galera:e2e gcr.io/google_containers/mysql-healthz:1.0 gcr.io/google_containers/netexec:1.4 gcr.io/google_containers/netexec:1.5 gcr.io/google_containers/netexec:1.7 gcr.io/google_containers/nettest:1.7 gcr.io/google_containers/nginx:1.7.9 gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.1 gcr.io/google_containers/nginx-slim:0.7 gcr.io/google_containers/nginx-slim:0.8 gcr.io/google_containers/node-problem-detector:v0.3.0 gcr.io/google_containers/pause gcr.io/google_containers/porter:4524579c0eb935c056c8e75563b4e1eda31587e0 gcr.io/google_containers/portforwardtester:1.2 gcr.io/google_containers/redis-install-3.2.0:e2e gcr.io/google_containers/resource_consumer:beta4 gcr.io/google_containers/resource_consumer/controller:beta4 gcr.io/google_containers/serve_hostname:v1.4 gcr.io/google_containers/servicelb:0.1 gcr.io/google_containers/test-webserver:e2e gcr.io/google_containers/update-demo:kitten gcr.io/google_containers/update-demo:nautilus gcr.io/google_containers/volume-ceph:0.1 gcr.io/google_containers/volume-gluster:0.2 gcr.io/google_containers/volume-iscsi:0.1 gcr.io/google_containers/volume-nfs:0.8 gcr.io/google_containers/volume-rbd:0.1 gcr.io/google_containers/zookeeper-install-3.5.0-alpha:e2e gcr.io/google_samples/gb-redisslave:nonexistent; do echo $(date '+%X') pulling $i; docker pull $i 1>/dev/null; done; exit 0;"
- >
for i in
gcr.io/google_containers/alpine-with-bash:1.0
gcr.io/google_containers/apparmor-loader:0.1
gcr.io/google_containers/busybox:1.24
gcr.io/google_containers/dnsutils:e2e
gcr.io/google_containers/e2e-net-amd64:1.0
gcr.io/google_containers/echoserver:1.6
gcr.io/google_containers/eptest:0.1
gcr.io/google_containers/fakegitserver:0.1
gcr.io/google_containers/galera-install:0.1
gcr.io/google_containers/hostexec:1.2
gcr.io/google_containers/invalid-image:invalid-tag
gcr.io/google_containers/iperf:e2e
gcr.io/google_containers/jessie-dnsutils:e2e
gcr.io/google_containers/k8s-dns-dnsmasq-amd64:1.14.5
gcr.io/google_containers/liveness:e2e
gcr.io/google_containers/logs-generator:v0.1.0
gcr.io/google_containers/mounttest:0.8
gcr.io/google_containers/mounttest-user:0.5
gcr.io/google_containers/mysql-galera:e2e
gcr.io/google_containers/mysql-healthz:1.0
gcr.io/google_containers/netexec:1.4
gcr.io/google_containers/netexec:1.5
gcr.io/google_containers/netexec:1.7
gcr.io/google_containers/nettest:1.7
gcr.io/google_containers/nginx:1.7.9
gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.1
gcr.io/google_containers/nginx-slim:0.7
gcr.io/google_containers/nginx-slim:0.8
gcr.io/google_containers/node-problem-detector:v0.3.0
gcr.io/google_containers/pause
gcr.io/google_containers/porter:4524579c0eb935c056c8e75563b4e1eda31587e0
gcr.io/google_containers/portforwardtester:1.2
gcr.io/google_containers/redis-install-3.2.0:e2e
gcr.io/google_containers/resource_consumer:beta4
gcr.io/google_containers/resource_consumer/controller:beta4
gcr.io/kubernetes-e2e-test-images/serve-hostname-amd64:1.1
gcr.io/google_containers/servicelb:0.1
gcr.io/google_containers/test-webserver:e2e
gcr.io/google_containers/update-demo:kitten
gcr.io/google_containers/update-demo:nautilus
gcr.io/google_containers/volume-ceph:0.1
gcr.io/google_containers/volume-gluster:0.2
gcr.io/google_containers/volume-iscsi:0.1
gcr.io/google_containers/volume-nfs:0.8
gcr.io/google_containers/volume-rbd:0.1
gcr.io/google_containers/zookeeper-install-3.5.0-alpha:e2e
gcr.io/google_samples/gb-redisslave:nonexistent
; do echo $(date '+%X') pulling $i; docker pull $i 1>/dev/null; done; exit 0;
securityContext:
privileged: true
volumeMounts:
......
This source diff could not be displayed because it is too large. You can view the blob instead.
This source diff could not be displayed because it is too large. You can view the blob instead.
This source diff could not be displayed because it is too large. You can view the blob instead.
This source diff could not be displayed because it is too large. You can view the blob instead.
This source diff could not be displayed because it is too large. You can view the blob instead.
This source diff could not be displayed because it is too large. You can view the blob instead.
This source diff could not be displayed because it is too large. You can view the blob instead.
This source diff could not be displayed because it is too large. You can view the blob instead.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment