Permalink
Commits on Dec 7, 2018
Commits on Dec 6, 2018
Commits on Dec 4, 2018
  1. Add experimental kube-router CNI provider

    dghubble committed Dec 4, 2018
    * Add kube-router for pod networking and NetworkPolicy
    as an experiment
    * Experiments are not documented or supported in any way,
    and may be removed without notice. They have known issues
    and aren't enabled without special options.
Commits on Nov 29, 2018
  1. Disable Grafana login form, admin user can't be disabled

    dghubble committed Nov 29, 2018
    * Example manifests aim to provide a read-only dashboard visible
    to any users with network access (i.e. kubectl port-forward, LAN)
    * Problem: Grafana always has an admin user, even with the user
    management system disabled
    * Disable the login form to prevent admin login
Commits on Nov 28, 2018
  1. Add Kubelet /etc/iscsi and iscsiadm mounts on bare-metal

    yokhahn authored and dghubble committed Jan 19, 2018
    * Allow using iSCSI with Container Linux bare-metal clusters
    * Warning, iSCSI isn't part of Kubernetes conformance and isn't
    regularly evaluated
  2. Recommend switch from ~/.terraformrc to 3rd-party plugin dir

    dghubble committed Nov 27, 2018
    * Switch tutorials from using ~/.terraformrc to using the 3rd-party
    plugin directory so 3rd-party plugins can be pinned
    * Continue to show using terraform-provider-ct v0.2.2. Updating to
    a newer version is only safe once all managed clusters are v1.12.2
    or higher
Commits on Nov 27, 2018
  1. Improve features and modules list docs

    dghubble committed Nov 27, 2018
    * Remove bullet about isolating workloads on workers, its
    now common practice and new users will assume it
    * List advanced features available in each module
    * Fix erroneous Kubernetes version listing for Google Cloud
    Fedora Atomic
  2. Update pod-checkpointer image to query Kubelet secure API

    dghubble committed Nov 26, 2018
    * Updates pod-checkpointer to prefer the Kubelet secure
    API (before falling back to the Kubelet read-only API that
    is disabled on Typhoon clusters since
    #324)
    * Previously, pod-checkpointer checkpointed an initial set
    of pods during bootstrapping so recovery from power cycling
    clusters was unaffected, but logs were noisy
    * kubernetes-incubator/bootkube#1027
    * kubernetes-incubator/bootkube#1025
Commits on Nov 20, 2018
  1. Fix Calico Felix reporting usage data, require opt-in

    dghubble committed Nov 20, 2018
    * Calico Felix has been reporting anonymous usage data about the
    version and cluster size, which violates Typhoon's privacy policy
    where analytics should be opt-in only
    * Add a variable enable_reporting (default: false) to allow opting
    in to reporting usage data to Calico (or future components)
Commits on Nov 19, 2018
  1. Use eviction policy Delete for Low priority VMSS workers

    dghubble committed Nov 19, 2018
    * Fix issue where Azure defaults to Deallocate eviction policy,
    which required manually restarting deallocated workers
    * Require terraform-provider-azurerm v1.19+ to support setting
    the eviction_policy
Commits on Nov 12, 2018
  1. Measure DigitalOcean network performance

    dghubble committed Nov 12, 2018
    * Measuring pod-to-pod bandwidth in a few regions (NYC3, FRA1,
    SFO1) shows DigitalOcean has made some improvements
Commits on Nov 11, 2018
  1. Enable CoreDNS loop and loadbalance plugins

    dghubble committed Nov 10, 2018
    * loop sends an initial query to detect infinite forwarding
    loops in configured upstream DNS servers and fast exit with
    an error (its a fatal misconfiguration on the network that
    will otherwise cause resolvers to consume memory/CPU until
    crashing, masking the problem)
    * https://github.com/coredns/coredns/tree/master/plugin/loop
    * loadbalance randomizes the ordering of A, AAAA, and MX records
    in responses to provide round-robin load balancing (as usual,
    clients may still cache responses though)
    * https://github.com/coredns/coredns/tree/master/plugin/loadbalance
Commits on Nov 10, 2018
  1. Update docs to show flannel DaemonSet instead of kube-flannel

    dghubble committed Nov 10, 2018
    * No functional change, the rename is just for consistency
  2. Update Calico from v3.3.0 to v3.3.1

    dghubble committed Nov 10, 2018
    * Structure Calico and flannel manifests
    * Rename kube-flannel mentions to just flannel
Commits on Nov 7, 2018
  1. Fix Prometheus etcd scrape config for DigitalOcean

    dghubble committed Nov 7, 2018
    * Kubelet uses a node's hostname as the node name, which isn't
    resolvable on DigitalOcean. On DigitalOcean, the node name was
    set to the internal IP until #337 switched to instead configuring
    kube-apiserver to prefer the InternalIP for communication
    * Explicitly configure etcd scrapes to target each controller by
    internal IP and port 2381 (replace __address__)
Commits on Nov 4, 2018
  1. Set kube-apiserver kubelet preferred address types

    dghubble committed Nov 3, 2018
    * Prefer InternalIP and ExternalIP over the node's hostname,
    to match upstream behavior and kubeadm
    * Previously, hostname-override was used to set node names
    to internal IP's to work around some cloud providers not
    resolving hostnames for instances (e.g. DO droplets)
Commits on Oct 29, 2018
Commits on Oct 28, 2018
  1. Ignore controller user_data changes to allow plugin updates

    dghubble committed Oct 28, 2018
    * Updating the `terraform-provider-ct` plugin is known to produce
    a `user_data` diff in all pre-existing clusters. Applying the
    diff to pre-existing cluster destroys controller nodes
    * Ignore changes to controller `user_data`. Once all managed
    clusters use a release containing this change, it is possible
    to update the `terraform-provider-ct` plugin (worker `user_data`
    will still be modified)
    * Changing the module `ref` for an existing cluster and
    re-applying is still NOT supported (although this PR
    would protect controllers from being destroyed)
  2. Add an IPv6 address and forwarding rules on Google Cloud

    dghubble committed Oct 28, 2018
    * Allowing serving IPv6 applications via Kubernetes Ingress
    on Typhoon Google Cloud clusters
    * Add `ingress_static_ipv6` output variable for use in AAAA
    DNS records
  3. Add DigitalOcean AAAA DNS records resolving to workers

    dghubble committed Oct 28, 2018
    * Improve the workers "round-robin" DNS FQDN that is created
    with each cluster by adding AAAA records
    * CNAME's resolving to the DigitalOcean `workers_dns` output
    can be followed to find a droplet's IPv4 or IPv6 address
    * The CNI portmap plugin doesn't support IPv6. Hosting IPv6
    apps is possible, but requires editing the nginx-ingress
    addon with `hostNetwork: true`
  4. Use new azurerm_network_interface_backend_address_pool_association

    dghubble committed Oct 28, 2018
    * Require terraform-provider-azurerm v1.17+
    * Inline load_balancer_backend_address_pools_ids is deprecated
    and scheduled for removal in the v2.0 provider
    * terraform-providers/terraform-provider-azurerm#2079
Commits on Oct 27, 2018
  1. Add primary field to ip_configuration required by Azure

    dghubble committed Oct 27, 2018
    * Required by terraform-provider-azurerm v1.17+
    * terraform-providers/terraform-provider-azurerm#2035