This repository has been archived by the owner on Sep 30, 2020. It is now read-only.
Master <- v0.14.x branch #1592
Merged
Master <- v0.14.x branch #1592
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Allow setting of kubernetes version through the build script not hidden away in the api package. Update to k8s v1.13.5 Put the worker/kubelet and admin certs on the controllers. Disabled apiserver insecure port 8080 - only https on 443 alllowed. Configure controllers kubelet to do TLS bootstrapping same as workers (if >=1.14). Update Networking Components (calico v3.6.1, flannel v0.11.0) Enable PodPriority by default Enable Metrics-server by default and remove heapster Enable CoreDNS for Cluster DNS resolution Refactor install-kube-system (group related manifests for clarity and deploy with single apply/delete for performance) Update install-kube-system to clean up deprecated services and objects (.e.g. heapster) Update Kiam to 3.2 - WARNING! Kiam Server Certificate now needs to be re-generated to include SAN "kiam-server" (previously was just kiam-server:443) Remove Experminental Settings for TLSBootstrap, Pod Priority, NodeAuthorizer, PersistentVolumeClaimResize Remove experimental Mutating and Validating Webhooks which are now enabled by default. Update the node role label to node.kubernetes.io/role which is allowed by the NodeRestriction AdmissionController * Update k8s version to v.1.14.1 * Reference the correct hyperkube image * cherry pick kubelet configuration change * Fix cluster dns setting * Turn off serverTLSBootstrap by default because the csr's are not automatically signed * Enable kubelet anonymous authentication but only allow Webhook authorization Add RBAC objects to allow unauthenticated access to the kubelet's /healthz endpoint (so that cfn-signal can curl it without creds) * Allow metrics-server to scrape kubelets with self-signed certificates * update vendor * Wrap apply-kube-aws-plugins into install-kube-system (so that we can do things after the plugin manifests and/or helm charts have been deployed) * Update RBAC for Nodes to allow authenticated access to things like /logs to authenticated users * Enable PodSecurityPolicies by default Create core permissive policy for kube-system and optionally bind all SA's and Authenticated users to it if it is the only PSP present in the system Remove deprecated DenyEscalatingExec admission controller in favour of using the PodSecurityPolicy controller * Allow access to the kubelets for metrics scraping from worker nodes * Add more calico crds that Typha wants to watch * Add the old node labels back in * Map Group system:nodes and User kube-worker to core permissive psp so that controller nodes can create mirror pods. Remove writing kube-aws version to the motd - causing extended rolls just to update version number which is available on a tag anyway. * Preserve multiple node roles in 0.14 * Correct broken default dashboard cpu resource * Update kiam command line * Fix for tiller not able to access kubelet * Add localhost to kiam server cert * Allow pass-through proxying to all aws metadata values * Correct regex * Remove annoying request timeout
k8s-ci-robot
added
cncf-cla: yes
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: If they are not already assigned, you can assign the PR to them by writing The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Codecov Report
@@ Coverage Diff @@
## master #1592 +/- ##
==========================================
- Coverage 25.87% 25.67% -0.21%
==========================================
Files 98 98
Lines 5074 5052 -22
==========================================
- Hits 1313 1297 -16
+ Misses 3614 3610 -4
+ Partials 147 145 -2
Continue to review full report at Codecov.
|
|
Amazing, thanks! |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Update master in line with the v014.x release