vendor files

2025-06-13 10:33:35 +00:00 · 2018-01-09 13:57:14 -05:00
parent 558bc6c02a
commit 7b24313bd6
16547 changed files with 4527373 additions and 0 deletions
--- a/vendor/k8s.io/kubernetes/cluster/addons/metadata-proxy/OWNERS
+++ b/vendor/k8s.io/kubernetes/cluster/addons/metadata-proxy/OWNERS
@ -0,0 +1,8 @@
+approvers:
+- q-lee
+- cjcullen
+- mikedanese
+reviewers:
+- q-lee
+- cjcullen
+- mikedanese
--- a/vendor/k8s.io/kubernetes/cluster/addons/metadata-proxy/README.md
+++ b/vendor/k8s.io/kubernetes/cluster/addons/metadata-proxy/README.md
@ -0,0 +1,5 @@
+# Metadata proxy
+==============
+
+This metadata proxy returns a 403 for kubelet's kube-env data, but otherwise allows
+pods access to the metadata server.
--- a/vendor/k8s.io/kubernetes/cluster/addons/metadata-proxy/gce/metadata-proxy.yaml
+++ b/vendor/k8s.io/kubernetes/cluster/addons/metadata-proxy/gce/metadata-proxy.yaml
@ -0,0 +1,73 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: metadata-proxy
+  namespace: kube-system
+  labels:
+    k8s-app: metadata-proxy
+    kubernetes.io/cluster-service: "true"
+    addonmanager.kubernetes.io/mode: Reconcile
+---
+apiVersion: extensions/v1beta1
+kind: DaemonSet
+metadata:
+  name: metadata-proxy-v0.1
+  namespace: kube-system
+  labels:
+    k8s-app: metadata-proxy
+    kubernetes.io/cluster-service: "true"
+    addonmanager.kubernetes.io/mode: Reconcile
+    version: v0.1
+spec:
+  updateStrategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        k8s-app: metadata-proxy
+        kubernetes.io/cluster-service: "true"
+        version: v0.1
+      # This annotation ensures that the proxy does not get evicted if the node
+      # supports critical pod annotation based priority scheme.
+      # Note that this does not guarantee admission on the nodes (#40573).
+      annotations:
+        scheduler.alpha.kubernetes.io/critical-pod: ''
+    spec:
+      serviceAccountName: metadata-proxy
+      hostNetwork: true
+      dnsPolicy: Default
+      containers:
+      - name: metadata-proxy
+        image: gcr.io/google_containers/metadata-proxy:v0.1.5
+        securityContext:
+          privileged: true
+        resources:
+          requests:
+            memory: "32Mi"
+            cpu: "30m"
+          limits:
+            memory: "32Mi"
+            cpu: "30m"
+      # BEGIN_PROMETHEUS_TO_SD
+      - name: prometheus-to-sd-exporter
+        image: gcr.io/google_containers/prometheus-to-sd:v0.2.2
+        command:
+          - /monitor
+          - --stackdriver-prefix={{ prometheus_to_sd_prefix }}/addons
+          - --api-override={{ prometheus_to_sd_endpoint }}
+          - --source=metadata_proxy:http://127.0.0.1:989?whitelisted=request_count
+          - --pod-id=$(POD_NAME)
+          - --namespace-id=$(POD_NAMESPACE)
+        env:
+          - name: POD_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.name
+          - name: POD_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+      # END_PROMETHEUS_TO_SD
+      nodeSelector:
+        beta.kubernetes.io/metadata-proxy-ready: "true"
+      terminationGracePeriodSeconds: 30
--- a/vendor/k8s.io/kubernetes/cluster/addons/metadata-proxy/gce/podsecuritypolicies/metadata-proxy-psp-binding.yaml
+++ b/vendor/k8s.io/kubernetes/cluster/addons/metadata-proxy/gce/podsecuritypolicies/metadata-proxy-psp-binding.yaml
@ -0,0 +1,16 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: gce:podsecuritypolicy:metadata-proxy
+  namespace: kube-system
+  labels:
+    addonmanager.kubernetes.io/mode: Reconcile
+    kubernetes.io/cluster-service: "true"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: gce:podsecuritypolicy:privileged
+subjects:
+- kind: ServiceAccount
+  name: metadata-proxy
+  namespace: kube-system