Replace godep with dep

2017-10-06 17:26:14 -03:00 · 2017-10-06 17:26:14 -03:00 · bf5616c65b
commit bf5616c65b
parent 1e7489927c
14883 changed files with 3937406 additions and 361781 deletions
--- a/vendor/k8s.io/kubernetes/cluster/addons/metadata-proxy/gce/metadata-proxy-configmap.yaml
+++ b/vendor/k8s.io/kubernetes/cluster/addons/metadata-proxy/gce/metadata-proxy-configmap.yaml
@ -0,0 +1,88 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: metadata-proxy-config
+  namespace: kube-system
+  labels:
+    addonmanager.kubernetes.io/mode: EnsureExists
+data:
+  nginx.conf: |-
+    user www-data;
+    worker_processes 4;
+    pid /run/nginx.pid;
+    error_log /dev/stdout;
+
+    events {
+      worker_connections 20;
+    }
+
+    http {
+      access_log /dev/stdout;
+      server {
+        listen 127.0.0.1:988;
+        # When serving 301s, don't redirect to port 988.
+        port_in_redirect off;
+
+        # By default, return 403. This protects us from new API versions.
+        location / {
+            return 403 "This metadata API is not allowed by the metadata proxy.";
+        }
+
+        # Allow for REST discovery.
+        location = / {
+            if ($args ~* "^(.+&)?recursive=") {
+                    return 403 "?recursive calls are not allowed by the metadata proxy.";
+            }
+            proxy_pass http://169.254.169.254;
+        }
+        location = /computeMetadata/ {
+            if ($args ~* "^(.+&)?recursive=") {
+                    return 403 "?recursive calls are not allowed by the metadata proxy.";
+            }
+            proxy_pass http://169.254.169.254;
+        }
+
+        # By default, allow the v0.1, v1beta1, and v1 APIs.
+        location /0.1/ {
+            if ($args ~* "^(.+&)?recursive=") {
+                    return 403 "?recursive calls are not allowed by the metadata proxy.";
+            }
+            proxy_pass http://169.254.169.254;
+        }
+        location /computeMetadata/v1beta1/ {
+            if ($args ~* "^(.+&)?recursive=") {
+                    return 403 "?recursive calls are not allowed by the metadata proxy.";
+            }
+            proxy_pass http://169.254.169.254;
+        }
+        location /computeMetadata/v1/ {
+            if ($args ~* "^(.+&)?recursive=") {
+                    return 403 "?recursive calls are not allowed by the metadata proxy.";
+            }
+            proxy_pass http://169.254.169.254;
+        }
+
+        # Return a 403 for the kube-env attribute in all allowed API versions.
+        location /0.1/meta-data/attributes/kube-env {
+            return 403 "This metadata endpoint is concealed.";
+        }
+        location /computeMetadata/v1beta1/instance/attributes/kube-env {
+            return 403 "This metadata endpoint is concealed.";
+        }
+        location /computeMetadata/v1/instance/attributes/kube-env {
+            return 403 "This metadata endpoint is concealed.";
+        }
+
+        # Return a 403 for instance identity in all allowed API versions.
+        location ~ /0.1/meta-data/service-accounts/.+/identity {
+            return 403 "This metadata endpoint is concealed.";
+        }
+        location ~ /computeMetadata/v1beta1/instance/service-accounts/.+/identity {
+            return 403 "This metadata endpoint is concealed.";
+        }
+        location ~ /computeMetadata/v1/instance/service-accounts/.+/identity {
+            return 403 "This metadata endpoint is concealed.";
+        }
+      }
+    }
+
--- a/vendor/k8s.io/kubernetes/cluster/addons/metadata-proxy/gce/metadata-proxy.yaml
+++ b/vendor/k8s.io/kubernetes/cluster/addons/metadata-proxy/gce/metadata-proxy.yaml
@ -0,0 +1,52 @@
+apiVersion: extensions/v1beta1
+kind: DaemonSet
+metadata:
+  name: metadata-proxy-v0.1
+  namespace: kube-system
+  labels:
+    k8s-app: metadata-proxy
+    kubernetes.io/cluster-service: "true"
+    addonmanager.kubernetes.io/mode: Reconcile
+    version: v0.1
+spec:
+  updateStrategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        k8s-app: metadata-proxy
+        kubernetes.io/cluster-service: "true"
+        version: v0.1
+      # This annotation ensures that the proxy does not get evicted if the node
+      # supports critical pod annotation based priority scheme.
+      # Note that this does not guarantee admission on the nodes (#40573).
+      annotations:
+        scheduler.alpha.kubernetes.io/critical-pod: ''
+    spec:
+      hostNetwork: true
+      dnsPolicy: Default
+      containers:
+      - name: metadata-proxy
+        image: gcr.io/google-containers/metadata-proxy:0.1.3
+        imagePullPolicy: Always
+        securityContext:
+          privileged: true
+        command:
+          - '/start-proxy.sh'
+        resources:
+          requests:
+            memory: "32Mi"
+            cpu: "50m"
+          limits:
+            memory: "32Mi"
+            cpu: "50m"
+        volumeMounts:
+          - name: config-volume
+            mountPath: /etc/nginx/
+      nodeSelector:
+        beta.kubernetes.io/metadata-proxy-ready: "true"
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - name: config-volume
+        configMap:
+          name: metadata-proxy-config