1. 25 Oct, 2021 1 commit
  2. 22 Oct, 2021 3 commits
  3. 20 Oct, 2021 1 commit
    • Brad Davidson's avatar
      Refactor log and reaper exec to omit MAINPID · 5196ebe3
      Brad Davidson authored
      Using MAINPID breaks systemd's exit detection, as it stops watching the
      original pid, but is unable to watch the new pid as it is not a child
      of systemd itself. The best we can do is just notify when execing the child
      process.
      
      We also need to consolidate forking into a sigle place so that we don't
      end up with multiple levels of child processes if both redirecting log
      output and reaping child processes.
      Signed-off-by: 's avatarBrad Davidson <brad.davidson@rancher.com>
      (cherry picked from commit dc18ef2e)
      5196ebe3
  4. 18 Oct, 2021 1 commit
  5. 07 Oct, 2021 1 commit
  6. 04 Oct, 2021 1 commit
  7. 01 Oct, 2021 1 commit
  8. 30 Sep, 2021 2 commits
  9. 29 Sep, 2021 2 commits
  10. 23 Sep, 2021 1 commit
  11. 17 Sep, 2021 1 commit
  12. 16 Sep, 2021 3 commits
  13. 31 Aug, 2021 1 commit
  14. 18 Aug, 2021 1 commit
  15. 16 Aug, 2021 2 commits
  16. 13 Aug, 2021 2 commits
  17. 10 Aug, 2021 1 commit
  18. 06 Aug, 2021 1 commit
  19. 05 Aug, 2021 1 commit
  20. 21 Jul, 2021 2 commits
  21. 20 Jul, 2021 2 commits
  22. 19 Jul, 2021 2 commits
  23. 16 Jul, 2021 2 commits
  24. 15 Jul, 2021 1 commit
  25. 13 Jul, 2021 2 commits
  26. 09 Jul, 2021 1 commit
  27. 08 Jul, 2021 1 commit
    • Siegfried Weber's avatar
      Sign CSRs for kubelet-serving with the server CA · 2b2f3182
      Siegfried Weber authored
      Problem:
      Only the client CA is passed to the kube-controller-manager and
      therefore CSRs with the signer name "kubernetes.io/kubelet-serving" are
      signed with the client CA. Serving certificates must be signed with the
      server CA otherwise e.g. "kubectl logs" fails with the error message
      "x509: certificate signed by unknown authority".
      
      Solution:
      Instead of providing only one CA via the kube-controller-manager
      parameter "--cluster-signing-cert-file", the corresponding CA for every
      signer is set with the parameters
      "--cluster-signing-kube-apiserver-client-cert-file",
      "--cluster-signing-kubelet-client-cert-file",
      "--cluster-signing-kubelet-serving-cert-file", and
      "--cluster-signing-legacy-unknown-cert-file".
      Signed-off-by: 's avatarSiegfried Weber <mail@siegfriedweber.net>
      (cherry picked from commit e77fd182)
      2b2f3182