Merge remote-tracking branch 'kubernetes-incubator/master'

* kubernetes-incubator/master: Move Experimental.IPVSProxy => KubeProxy.IPVSMode Optional functionality is optional Add option for using IPVS proxy mode Update code-of-conduct.md controlplane config: Enable Pod Priorities Allow toggling Metrics Server installation Correct values for the `kubernetes.io/cluster/<Cluster ID>` tags Resolves kubernetes-retired#1025 Fix dashboard doco links Fix install-kube-system when node drainer is enabled Follow-up for kubernetes-retired#1043 Two fixes to 0.9.9 rc.3 (kubernetes-retired#1043)
camilb · Jan 3, 2018 · 91c315e · 91c315e
2 parents 0f18984 + d15e5cf
commit 91c315e
Show file tree

Hide file tree

Showing 12 changed files with 261 additions and 124 deletions.
diff --git a/code-of-conduct.md b/code-of-conduct.md
@@ -1,58 +1,3 @@
-## Kubernetes Community Code of Conduct
+# Kubernetes Community Code of Conduct
 
-### Contributor Code of Conduct
-
-As contributors and maintainers of this project, and in the interest of fostering
-an open and welcoming community, we pledge to respect all people who contribute
-through reporting issues, posting feature requests, updating documentation,
-submitting pull requests or patches, and other activities.
-
-We are committed to making participation in this project a harassment-free experience for
-everyone, regardless of level of experience, gender, gender identity and expression,
-sexual orientation, disability, personal appearance, body size, race, ethnicity, age,
-religion, or nationality.
-
-Examples of unacceptable behavior by participants include:
-
-* The use of sexualized language or imagery
-* Personal attacks
-* Trolling or insulting/derogatory comments
-* Public or private harassment
-* Publishing other's private information, such as physical or electronic addresses,
- without explicit permission
-* Other unethical or unprofessional conduct.
-
-Project maintainers have the right and responsibility to remove, edit, or reject
-comments, commits, code, wiki edits, issues, and other contributions that are not
-aligned to this Code of Conduct. By adopting this Code of Conduct, project maintainers
-commit themselves to fairly and consistently applying these principles to every aspect
-of managing this project. Project maintainers who do not follow or enforce the Code of
-Conduct may be permanently removed from the project team.
-
-This code of conduct applies both within project spaces and in public spaces
-when an individual is representing the project or its community.
-
-Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting a Kubernetes maintainer, Sarah Novotny <sarahnovotny@google.com>, and/or Dan Kohn <dan@linuxfoundation.org>.
-
-This Code of Conduct is adapted from the Contributor Covenant
-(http://contributor-covenant.org), version 1.2.0, available at
-http://contributor-covenant.org/version/1/2/0/
-
-### Kubernetes Events Code of Conduct
-
-Kubernetes events are working conferences intended for professional networking and collaboration in the
-Kubernetes community. Attendees are expected to behave according to professional standards and in accordance
-with their employer's policies on appropriate workplace behavior.
-
-While at Kubernetes events or related social networking opportunities, attendees should not engage in
-discriminatory or offensive speech or actions regarding gender, sexuality, race, or religion. Speakers should
-be especially aware of these concerns.
-
-The Kubernetes team does not condone any statements by speakers contrary to these standards.  The Kubernetes
-team reserves the right to deny entrance and/or eject from an event (without refund) any individual found to
-be engaging in discriminatory or offensive speech or actions.
-
-Please bring any concerns to the immediate attention of Kubernetes event staff.
-
-
-[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/code-of-conduct.md?pixel)]()
+Please refer to our [Kubernetes Community Code of Conduct](https://git.k8s.io/community/code-of-conduct.md)
diff --git a/core/controlplane/config/config.go b/core/controlplane/config/config.go
@@ -50,6 +50,9 @@ func NewDefaultCluster() *Cluster {
 			Initializers{
 				Enabled: false,
 			},
+			Priority{
+				Enabled: false,
+			},
 		},
 		AuditLog: AuditLog{
 			Enabled: false,
@@ -106,6 +109,13 @@ func NewDefaultCluster() *Cluster {
 		},
 	}
 
+	ipvsMode := IPVSMode{
+		Enabled:       false,
+		Scheduler:     "rr",
+		SyncPeriod:    "60s",
+		MinSyncPeriod: "10s",
+	}
+
 	return &Cluster{
 		DeploymentSettings: DeploymentSettings{
 			ClusterName:        "kubernetes",
@@ -131,6 +141,9 @@ func NewDefaultCluster() *Cluster {
 					interval: 60,
 				},
 			},
+			KubeProxy: KubeProxy{
+				IPVSMode: ipvsMode,
+			},
 			KubeDns: KubeDns{
 				NodeLocalResolver: false,
 			},
@@ -423,6 +436,7 @@ type DeploymentSettings struct {
 	CloudWatchLogging       `yaml:"cloudWatchLogging,omitempty"`
 	AmazonSsmAgent          `yaml:"amazonSsmAgent,omitempty"`
 	CloudFormationStreaming bool `yaml:"cloudFormationStreaming,omitempty"`
+	KubeProxy               `yaml:"kubeProxy,omitempty"`
 	KubeDns                 `yaml:"kubeDns,omitempty"`
 	KubernetesDashboard     `yaml:"kubernetesDashboard,omitempty"`
 	// Images repository
@@ -529,6 +543,7 @@ type Admission struct {
 	AlwaysPullImages   AlwaysPullImages   `yaml:"alwaysPullImages"`
 	DenyEscalatingExec DenyEscalatingExec `yaml:"denyEscalatingExec"`
 	Initializers       Initializers       `yaml:"initializers"`
+	Priority           Priority           `yaml:"priority"`
 }
 
 type AlwaysPullImages struct {
@@ -547,6 +562,10 @@ type Initializers struct {
 	Enabled bool `yaml:"enabled"`
 }
 
+type Priority struct {
+	Enabled bool `yaml:"enabled"`
+}
+
 type AuditLog struct {
 	Enabled bool   `yaml:"enabled"`
 	MaxAge  int    `yaml:"maxage"`
@@ -637,6 +656,17 @@ type TargetGroup struct {
 	SecurityGroupIds []string `yaml:"securityGroupIds"`
 }
 
+type KubeProxy struct {
+	IPVSMode IPVSMode `yaml:"ipvsMode"`
+}
+
+type IPVSMode struct {
+	Enabled       bool   `yaml:"enabled"`
+	Scheduler     string `yaml:"scheduler"`
+	SyncPeriod    string `yaml:"syncPeriod"`
+	MinSyncPeriod string `yaml:"minSyncPeriod"`
+}
+
 type KubeDns struct {
 	NodeLocalResolver bool `yaml:"nodeLocalResolver"`
 }

diff --git a/core/controlplane/config/encrypted_assets.go b/core/controlplane/config/encrypted_assets.go
@@ -440,11 +440,6 @@ func ReadOrEncryptAssets(dirname string, manageCertificates bool, caKeyRequiredO
 }
 
 func (r *RawAssetsOnMemory) WriteToDir(dirname string, includeCAKey bool) error {
-	workerCAKeyDefaultSymlinkTo := ""
-	if includeCAKey {
-		workerCAKeyDefaultSymlinkTo = "ca-key.pem"
-	}
-
 	assets := []struct {
 		name             string
 		data             []byte
@@ -453,7 +448,6 @@ func (r *RawAssetsOnMemory) WriteToDir(dirname string, includeCAKey bool) error
 	}{
 		{"ca.pem", r.CACert, true, ""},
 		{"worker-ca.pem", r.WorkerCACert, true, "ca.pem"},
-		{"worker-ca-key.pem", r.WorkerCAKey, true, workerCAKeyDefaultSymlinkTo},
 		{"apiserver.pem", r.APIServerCert, true, ""},
 		{"apiserver-key.pem", r.APIServerKey, true, ""},
 		{"worker.pem", r.WorkerCert, true, ""},
@@ -480,6 +474,13 @@ func (r *RawAssetsOnMemory) WriteToDir(dirname string, includeCAKey bool) error
 			overwrite        bool
 			ifEmptySymlinkTo string
 		}{"ca-key.pem", r.CAKey, true, ""})
+
+		assets = append(assets, struct {
+			name             string
+			data             []byte
+			overwrite        bool
+			ifEmptySymlinkTo string
+		}{"worker-ca-key.pem", r.WorkerCAKey, true, "ca-key.pem"})
 	}
 
 	for _, asset := range assets {