kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove code for no-longer-supported k8s version

This commit is contained in:
John Gardiner Myers 2021-12-11 15:31:30 -08:00
parent ed5eb8c034
commit c5e1dea184
24 changed files with 11 additions and 1016 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
nodeup/pkg/model/kube_apiserver.go
View File

@ -443,28 +443,6 @@ func (b *KubeAPIServerBuilder) writeKubeletAPICertificate(c *fi.ModelBuilderCont
func (b *KubeAPIServerBuilder) writeStaticCredentials(c *fi.ModelBuilderContext, kubeAPIServer *kops.KubeAPIServerConfig) error {
pathSrvKAPI := filepath.Join(b.PathSrvKubernetes(), "kube-apiserver")
// Support for basic auth was deprecated 1.16 and removed in 1.19
// https://github.com/kubernetes/kubernetes/pull/89069
if b.IsKubernetesLT("1.19") && b.SecretStore != nil {
key := "kube"
token, err := b.SecretStore.FindSecret(key)
if err != nil {
return err
}
if token == nil {
return fmt.Errorf("token not found: %q", key)
}
csv := string(token.Data) + "," + adminUser + "," + adminUser + "," + adminGroup
t := &nodetasks.File{
Path: filepath.Join(pathSrvKAPI, "basic_auth.csv"),
Contents: fi.NewStringResource(csv),
Type: nodetasks.FileType_File,
Mode: s("0600"),
}
c.AddTask(t)
}
if b.SecretStore != nil {
allTokens, err := b.allAuthTokens()
if err != nil {
@ -489,14 +467,6 @@ func (b *KubeAPIServerBuilder) writeStaticCredentials(c *fi.ModelBuilderContext,
})
}
// Support for basic auth was deprecated 1.16 and removed in 1.19
// https://github.com/kubernetes/kubernetes/pull/89069
if b.IsKubernetesLT("1.19") {
if kubeAPIServer.DisableBasicAuth != nil && !*kubeAPIServer.DisableBasicAuth {
kubeAPIServer.BasicAuthFile = filepath.Join(pathSrvKAPI, "basic_auth.csv")
}
}
return nil
}

4
nodeup/pkg/model/kube_scheduler.go
View File

@ -106,10 +106,8 @@ func (b *KubeSchedulerBuilder) Build(c *fi.ModelBuilderContext) error {
var config *SchedulerConfig
if b.IsKubernetesGTE("1.22") {
config = NewSchedulerConfig("kubescheduler.config.k8s.io/v1beta2")
} else if b.IsKubernetesGTE("1.19") {
config = NewSchedulerConfig("kubescheduler.config.k8s.io/v1beta1")
} else {
config = NewSchedulerConfig("kubescheduler.config.k8s.io/v1alpha2")
config = NewSchedulerConfig("kubescheduler.config.k8s.io/v1beta1")
}
manifest, err := configbuilder.BuildConfigYaml(&kubeScheduler, config)

11
nodeup/pkg/model/kubelet.go
View File

@ -120,14 +120,7 @@ func (b *KubeletBuilder) Build(c *fi.ModelBuilderContext) error {
if b.HasAPIServer || !b.UseBootstrapTokens() {
var kubeconfig fi.Resource
if b.HasAPIServer {
if b.IsKubernetesGTE("1.19") || b.UseBootstrapTokens() {
kubeconfig, err = b.buildMasterKubeletKubeconfig(c)
} else {
kubeconfig = b.BuildIssuedKubeconfig("kubelet", nodetasks.PKIXName{
CommonName: "kubelet",
Organization: []string{rbac.NodesGroup},
}, c)
}
} else {
kubeconfig, err = b.BuildBootstrapKubeconfig("kubelet", c)
}
@ -523,11 +516,11 @@ func (b *KubeletBuilder) buildKubeletConfigSpec() (*kops.KubeletConfigSpec, erro
// For bootstrapping reasons, protokube sets the critical labels for kops-controller to run.
c.NodeLabels = nil
if c.AuthorizationMode == "" && b.Cluster.IsKubernetesGTE("1.19") {
if c.AuthorizationMode == "" {
c.AuthorizationMode = "Webhook"
}
if c.AuthenticationTokenWebhook == nil && b.Cluster.IsKubernetesGTE("1.19") {
if c.AuthenticationTokenWebhook == nil {
c.AuthenticationTokenWebhook = fi.Bool(true)
}

2
pkg/apis/kops/model/features.go
View File

@ -24,7 +24,7 @@ import (
func UseKopsControllerForNodeBootstrap(cluster *kops.Cluster) bool {
switch kops.CloudProviderID(cluster.Spec.CloudProvider) {
case kops.CloudProviderAWS:
return cluster.IsKubernetesGTE("1.19")
return true
case kops.CloudProviderGCE:
return cluster.IsKubernetesGTE("1.22")
default:

6
pkg/apis/kops/validation/validation.go
View File

@ -232,7 +232,7 @@ func validateClusterSpec(spec *kops.ClusterSpec, c *kops.Cluster, fieldPath *fie
if spec.API != nil && spec.API.LoadBalancer != nil && spec.CloudProvider == "aws" {
value := string(spec.API.LoadBalancer.Class)
allErrs = append(allErrs, IsValidValue(fieldPath.Child("class"), &value, kops.SupportedLoadBalancerClasses)...)
if spec.API.LoadBalancer.SSLCertificate != "" && spec.API.LoadBalancer.Class != kops.LoadBalancerClassNetwork && c.IsKubernetesGTE("1.19") {
if spec.API.LoadBalancer.SSLCertificate != "" && spec.API.LoadBalancer.Class != kops.LoadBalancerClassNetwork {
allErrs = append(allErrs, field.Forbidden(fieldPath, "sslCertificate requires network loadbalancer for K8s 1.19+ see https://github.com/kubernetes/kops/blob/master/permalinks/acm_nlb.md"))
}
if spec.API.LoadBalancer.Class == kops.LoadBalancerClassNetwork && spec.API.LoadBalancer.UseForInternalAPI && spec.API.LoadBalancer.Type == kops.LoadBalancerTypeInternal {
@ -571,7 +571,7 @@ func validateKubeAPIServer(v *kops.KubeAPIServerConfig, c *kops.Cluster, fldPath
allErrs = append(allErrs, IsValidValue(fldPath.Child("authorizationMode"), &mode, []string{"ABAC", "Webhook", "Node", "RBAC", "AlwaysAllow", "AlwaysDeny"})...)
}
}
if kops.CloudProviderID(c.Spec.CloudProvider) == kops.CloudProviderAWS && c.IsKubernetesGTE("1.19") {
if kops.CloudProviderID(c.Spec.CloudProvider) == kops.CloudProviderAWS {
if !hasNode || !hasRBAC {
allErrs = append(allErrs, field.Required(fldPath.Child("authorizationMode"), "As of kubernetes 1.19 on AWS, authorizationMode must include RBAC and Node"))
}
@ -1093,7 +1093,7 @@ func validateEtcdVersion(spec kops.EtcdClusterSpec, fieldPath *field.Path, minim
version := spec.Version
if spec.Version == "" {
version = components.DefaultEtcd3Version_1_17
version = components.DefaultEtcd3Version_1_19
}
sem, err := semver.Parse(strings.TrimPrefix(version, "v"))

1
pkg/kubeconfig/BUILD.bazel generated
View File

@ -11,7 +11,6 @@ go_library(
visibility = ["//visibility:public"],
deps = [
"//pkg/apis/kops:go_default_library",
"//pkg/apis/kops/util:go_default_library",
"//pkg/dns:go_default_library",
"//pkg/pki:go_default_library",
"//pkg/rbac:go_default_library",

25
pkg/kubeconfig/create_kubecfg.go
View File

@ -25,7 +25,6 @@ import (
"k8s.io/klog/v2"
"k8s.io/kops/pkg/apis/kops"
"k8s.io/kops/pkg/apis/kops/util"
"k8s.io/kops/pkg/dns"
"k8s.io/kops/pkg/pki"
"k8s.io/kops/pkg/rbac"
@ -172,30 +171,6 @@ func BuildKubecfg(cluster *kops.Cluster, keyStore fi.Keystore, secretStore fi.Se
b.Server = server
k8sVersion, err := util.ParseKubernetesVersion(cluster.Spec.KubernetesVersion)
if err != nil || k8sVersion == nil {
klog.Warningf("unable to parse KubernetesVersion %q", cluster.Spec.KubernetesVersion)
k8sVersion, _ = util.ParseKubernetesVersion("1.0.0")
}
basicAuthEnabled := false
if !util.IsKubernetesGTE("1.19", *k8sVersion) {
if cluster.Spec.KubeAPIServer != nil && cluster.Spec.KubeAPIServer.DisableBasicAuth != nil && !*cluster.Spec.KubeAPIServer.DisableBasicAuth {
basicAuthEnabled = true
}
}
if basicAuthEnabled && secretStore != nil {
secret, err := secretStore.FindSecret("kube")
if err != nil {
return nil, err
}
if secret != nil {
b.KubeUser = "admin"
b.KubePassword = string(secret.Data)
}
}
if configUser == "" {
b.User = cluster.ObjectMeta.Name
} else {

1
pkg/model/components/addonmanifests/dnscontroller/BUILD.bazel generated
View File

@ -13,7 +13,6 @@ go_library(
"//pkg/kubemanifest:go_default_library",
"//pkg/model:go_default_library",
"//pkg/model/iam:go_default_library",
"//vendor/github.com/blang/semver/v4:go_default_library",
"//vendor/k8s.io/api/core/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/types:go_default_library",
],

27
pkg/model/components/addonmanifests/dnscontroller/remap.go
View File

@ -19,7 +19,6 @@ package dnscontroller
import (
"fmt"
"github.com/blang/semver/v4"
corev1 "k8s.io/api/core/v1"
addonsapi "k8s.io/kops/channels/pkg/api"
"k8s.io/kops/pkg/kubemanifest"
@ -33,18 +32,6 @@ func Remap(context *model.KopsModelContext, addon *addonsapi.AddonSpec, objects
return nil
}
if addon.KubernetesVersion != "" {
versionRange, err := semver.ParseRange(addon.KubernetesVersion)
if err != nil {
return fmt.Errorf("cannot parse KubernetesVersion=%q", addon.KubernetesVersion)
}
if !kubernetesRangesIntersect(versionRange, semver.MustParseRange(">= 1.19.0")) {
// Skip; this is an older manifest
return nil
}
}
var deployments []*kubemanifest.Object
for _, object := range objects {
if object.Kind() != "Deployment" {
@ -80,17 +67,3 @@ func Remap(context *model.KopsModelContext, addon *addonsapi.AddonSpec, objects
return nil
}
// kubernetesRangesIntersect returns true if the two semver ranges overlap
// Sadly there's no actual function to do this.
// Instead we restrict to kubernetes versions, and just probe with 1.1, 1.2, 1.3 etc.
// This will therefore be inaccurate if there's a patch specifier
func kubernetesRangesIntersect(r1, r2 semver.Range) bool {
for minor := 1; minor < 99; minor++ {
v := semver.Version{Major: 1, Minor: uint64(minor), Patch: 0}
if r1(v) && r2(v) {
return true
}
}
return false
}

11
pkg/model/components/apiserver.go
View File

@ -84,16 +84,7 @@ func (b *KubeAPIServerOptionsBuilder) BuildOptions(o interface{}) error {
} else if clusterSpec.Authorization.AlwaysAllow != nil {
clusterSpec.KubeAPIServer.AuthorizationMode = fi.String("AlwaysAllow")
} else if clusterSpec.Authorization.RBAC != nil {
var modes []string
if b.IsKubernetesGTE("1.19") || fi.BoolValue(clusterSpec.KubeAPIServer.EnableBootstrapAuthToken) {
// Enable the Node authorizer, used for special per-node RBAC policies
// Enable by default from 1.19 - it's an important part of limiting blast radius
modes = append(modes, "Node")
}
modes = append(modes, "RBAC")
clusterSpec.KubeAPIServer.AuthorizationMode = fi.String(strings.Join(modes, ","))
clusterSpec.KubeAPIServer.AuthorizationMode = fi.String("Node,RBAC")
}
if err := b.configureAggregation(clusterSpec); err != nil {

2
pkg/model/components/awscloudcontrollermanager.go
View File

@ -83,8 +83,6 @@ func (b *AWSCloudControllerManagerOptionsBuilder) BuildOptions(o interface{}) er
if eccm.Image == "" {
// See https://us.gcr.io/k8s-artifacts-prod/provider-aws/cloud-controller-manager
switch b.KubernetesVersion.Minor {
case 18:
eccm.Image = "k8s.gcr.io/provider-aws/cloud-controller-manager:v1.18.0-alpha.1"
case 19:
eccm.Image = "k8s.gcr.io/provider-aws/cloud-controller-manager:v1.19.0-alpha.1"
case 20:

2
pkg/model/components/clusterautoscaler.go
View File

@ -53,8 +53,6 @@ func (b *ClusterAutoscalerOptionsBuilder) BuildOptions(o interface{}) error {
image = "k8s.gcr.io/autoscaling/cluster-autoscaler:v1.20.1"
case 19:
image = "k8s.gcr.io/autoscaling/cluster-autoscaler:v1.19.2"
case 18:
image = "k8s.gcr.io/autoscaling/cluster-autoscaler:v1.18.3"
}
}
cas.Image = fi.String(image)

4
pkg/model/components/containerd.go
View File

@ -48,10 +48,8 @@ func (b *ContainerdOptionsBuilder) BuildOptions(o interface{}) error {
if fi.StringValue(containerd.Version) == "" {
if b.IsKubernetesGTE("1.23") {
containerd.Version = fi.String("1.6.0-beta.3")
} else if b.IsKubernetesGTE("1.19") {
containerd.Version = fi.String("1.4.12")
} else {
containerd.Version = fi.String("1.3.10")
containerd.Version = fi.String("1.4.12")
}
}
// Set default log level to INFO

5
pkg/model/components/etcd.go
View File

@ -29,7 +29,6 @@ type EtcdOptionsBuilder struct {
var _ loader.OptionsBuilder = &EtcdOptionsBuilder{}
const (
DefaultEtcd3Version_1_17 = "3.4.3"
DefaultEtcd3Version_1_19 = "3.4.13"
DefaultEtcd3Version_1_22 = "3.5.1"
)
@ -45,10 +44,8 @@ func (b *EtcdOptionsBuilder) BuildOptions(o interface{}) error {
// We run the k8s-recommended versions of etcd
if b.IsKubernetesGTE("1.22") {
c.Version = DefaultEtcd3Version_1_22
} else if b.IsKubernetesGTE("1.19") {
c.Version = DefaultEtcd3Version_1_19
} else {
c.Version = DefaultEtcd3Version_1_17
c.Version = DefaultEtcd3Version_1_19
}
}
}

1
upup/models/BUILD.bazel generated
View File

@ -19,7 +19,6 @@ go_library(
"cloudup/resources/addons/digitalocean-cloud-controller.addons.k8s.io/k8s-1.8.yaml.template",
"cloudup/resources/addons/dns-controller.addons.k8s.io/k8s-1.12.yaml.template",
"cloudup/resources/addons/external-dns.addons.k8s.io/README.md",
"cloudup/resources/addons/external-dns.addons.k8s.io/k8s-1.12.yaml.template",
"cloudup/resources/addons/gcp-pd-csi-driver.addons.k8s.io/k8s-1.23.yaml.template",
"cloudup/resources/addons/kops-controller.addons.k8s.io/k8s-1.16.yaml.template",
"cloudup/resources/addons/kube-dns.addons.k8s.io/k8s-1.12.yaml.template",

96
upup/models/cloudup/resources/addons/external-dns.addons.k8s.io/k8s-1.12.yaml.template
View File

@ -1,96 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: external-dns
namespace: kube-system
labels:
k8s-addon: external-dns.addons.k8s.io
k8s-app: external-dns
version: v0.9.0
spec:
replicas: 1
selector:
matchLabels:
k8s-app: external-dns
template:
metadata:
labels:
k8s-addon: external-dns.addons.k8s.io
k8s-app: external-dns
version: v0.9.0
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
priorityClassName: system-cluster-critical
serviceAccount: external-dns
tolerations:
- key: "node-role.kubernetes.io/master"
effect: NoSchedule
- key: "node.kubernetes.io/not-ready"
effect: NoSchedule
nodeSelector:
node-role.kubernetes.io/master: ""
dnsPolicy: Default # Don't use cluster DNS (we are likely running before kube-dns)
hostNetwork: true
containers:
- name: external-dns
image: k8s.gcr.io/external-dns/external-dns:v0.9.0
imagePullPolicy: Always
args:
{{ range $arg := ExternalDnsArgv }}
- "{{ $arg }}"
{{ end }}
env:
- name: KUBERNETES_SERVICE_HOST
value: "127.0.0.1"
- name: KUBERNETES_SERVICE_PORT
value: "443"
resources:
requests:
cpu: 50m
memory: 50Mi
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: external-dns
namespace: kube-system
labels:
k8s-addon: external-dns.addons.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-addon: external-dns.addons.k8s.io
name: kops:external-dns
rules:
- apiGroups: [""]
resources: ["services","endpoints","pods"]
verbs: ["get","watch","list"]
- apiGroups: ["extensions","networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get","watch","list"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["list","watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
k8s-addon: external-dns.addons.k8s.io
name: kops:external-dns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kops:external-dns
subjects:
- kind: ServiceAccount
name: external-dns
namespace: kube-system

5
upup/pkg/fi/cloudup/bootstrapchannelbuilder/bootstrapchannelbuilder.go
View File

@ -519,11 +519,6 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.ModelBuilderContext) (*Addon
location := key + "/k8s-1.19.yaml"
id := "k8s-1.19"
if b.IsKubernetesLT("1.19") {
location = key + "/k8s-1.12.yaml"
id = "k8s-1.12"
}
addons.Add(&channelsapi.AddonSpec{
Name: fi.String(key),
Selector: map[string]string{"k8s-addon": key},

2
upup/pkg/fi/cloudup/bootstrapchannelbuilder_test.go
View File

@ -52,9 +52,7 @@ func TestBootstrapChannelBuilder_BuildTasks(t *testing.T) {
runChannelBuilderTest(t, "amazonvpc-containerd", []string{"networking.amazon-vpc-routed-eni-k8s-1.16"})
runChannelBuilderTest(t, "awsiamauthenticator/crd", []string{"authentication.aws-k8s-1.12"})
runChannelBuilderTest(t, "awsiamauthenticator/mappings", []string{"authentication.aws-k8s-1.12"})
runChannelBuilderTest(t, "metrics-server/insecure-1.18", []string{"metrics-server.addons.k8s.io-k8s-1.11"})
runChannelBuilderTest(t, "metrics-server/insecure-1.19", []string{"metrics-server.addons.k8s.io-k8s-1.11"})
runChannelBuilderTest(t, "metrics-server/secure-1.18", []string{"metrics-server.addons.k8s.io-k8s-1.11"})
runChannelBuilderTest(t, "metrics-server/secure-1.19", []string{"metrics-server.addons.k8s.io-k8s-1.11"})
runChannelBuilderTest(t, "coredns", []string{"coredns.addons.k8s.io-k8s-1.12"})
}

47
upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.18/cluster.yaml
View File

@ -1,47 +0,0 @@
apiVersion: kops.k8s.io/v1alpha2
kind: Cluster
metadata:
creationTimestamp: "2016-12-10T22:42:27Z"
name: minimal.example.com
spec:
addons:
- manifest: s3://somebucket/example.yaml
kubernetesApiAccess:
- 0.0.0.0/0
channel: stable
cloudProvider: aws
configBase: memfs://clusters.example.com/minimal.example.com
etcdClusters:
- etcdMembers:
- instanceGroup: master-us-test-1a
name: master-us-test-1a
version: 3.1.12
name: main
- etcdMembers:
- instanceGroup: master-us-test-1a
name: master-us-test-1a
version: 3.1.12
name: events
iam: {}
kubernetesVersion: 1.18.0
masterInternalName: api.internal.minimal.example.com
masterPublicName: api.minimal.example.com
metricsServer:
enabled: true
insecure: true
additionalSans:
- proxy.api.minimal.example.com
networkCIDR: 172.20.0.0/16
networking:
cilium: {}
nonMasqueradeCIDR: 100.64.0.0/10
sshAccess:
- 0.0.0.0/0
topology:
masters: public
nodes: public
subnets:
- cidr: 172.20.32.0/19
name: us-test-1a
type: Public
zone: us-test-1a

76
upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.18/manifest.yaml
View File

@ -1,76 +0,0 @@
kind: Addons
metadata:
creationTimestamp: null
name: bootstrap
spec:
addons:
- id: k8s-1.16
manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml
manifestHash: 690489ff0890c97cc29345ed9a6eb2c221cf98a759d5a03e2c0c6115c78c0ffe
name: kops-controller.addons.k8s.io
needsRollingUpdate: control-plane
selector:
k8s-addon: kops-controller.addons.k8s.io
version: 9.99.0
- manifest: core.addons.k8s.io/v1.4.0.yaml
manifestHash: 18233793a8442224d052e44891e737c67ccfb4e051e95216392319653f4cb0e5
name: core.addons.k8s.io
selector:
k8s-addon: core.addons.k8s.io
version: 9.99.0
- id: k8s-1.12
manifest: kube-dns.addons.k8s.io/k8s-1.12.yaml
manifestHash: 86f35e6bc4ffa375038449e4fba4b7c9c7d7aa731d3713b7103389d08661a72c
name: kube-dns.addons.k8s.io
selector:
k8s-addon: kube-dns.addons.k8s.io
version: 9.99.0
- id: k8s-1.8
manifest: rbac.addons.k8s.io/k8s-1.8.yaml
manifestHash: f81bd7c57bc1902ca342635d7ad7d01b82dfeaff01a1192b076e66907d87871e
name: rbac.addons.k8s.io
selector:
k8s-addon: rbac.addons.k8s.io
version: 9.99.0
- id: k8s-1.9
manifest: kubelet-api.rbac.addons.k8s.io/k8s-1.9.yaml
manifestHash: 01c120e887bd98d82ef57983ad58a0b22bc85efb48108092a24c4b82e4c9ea81
name: kubelet-api.rbac.addons.k8s.io
selector:
k8s-addon: kubelet-api.rbac.addons.k8s.io
version: 9.99.0
- manifest: limit-range.addons.k8s.io/v1.5.0.yaml
manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2
name: limit-range.addons.k8s.io
selector:
k8s-addon: limit-range.addons.k8s.io
version: 9.99.0
- id: k8s-1.12
manifest: dns-controller.addons.k8s.io/k8s-1.12.yaml
manifestHash: 158ef7d0836127e699c62529da8cb601f4aca8135c8126416dcd2c70086963af
name: dns-controller.addons.k8s.io
selector:
k8s-addon: dns-controller.addons.k8s.io
version: 9.99.0
- id: k8s-1.11
manifest: metrics-server.addons.k8s.io/k8s-1.11.yaml
manifestHash: edda11094163a5cf06f13412aac22c289182a25004abb2e3f7e17fc3d881b720
name: metrics-server.addons.k8s.io
selector:
k8s-app: metrics-server
version: 9.99.0
- id: v1.15.0
manifest: storage-aws.addons.k8s.io/v1.15.0.yaml
manifestHash: 065ae832ddac8d0931e9992d6a76f43a33a36975a38003b34f4c5d86a7d42780
name: storage-aws.addons.k8s.io
selector:
k8s-addon: storage-aws.addons.k8s.io
version: 9.99.0
- id: k8s-1.16
manifest: networking.cilium.io/k8s-1.16-v1.10.yaml
manifestHash: 472d1ede7b67d9a5dae1dd8b49312a238091233d56a184319e16df0027653d6f
name: networking.cilium.io
needsRollingUpdate: all
selector:
role.kubernetes.io/networking: "1"
version: 9.99.0

252
upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/insecure-1.18/metrics-server.addons.k8s.io-k8s-1.11.yaml
View File

@ -1,252 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: metrics-server.addons.k8s.io
app.kubernetes.io/managed-by: kops
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: metrics-server.addons.k8s.io
app.kubernetes.io/managed-by: kops
k8s-app: metrics-server
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: system:aggregated-metrics-reader
rules:
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: metrics-server.addons.k8s.io
app.kubernetes.io/managed-by: kops
k8s-app: metrics-server
name: system:metrics-server
rules:
- apiGroups:
- ""
resources:
- pods
- nodes
- nodes/stats
- namespaces
- configmaps
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: metrics-server.addons.k8s.io
app.kubernetes.io/managed-by: kops
k8s-app: metrics-server
name: metrics-server-auth-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: metrics-server.addons.k8s.io
app.kubernetes.io/managed-by: kops
k8s-app: metrics-server
name: metrics-server:system:auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: metrics-server.addons.k8s.io
app.kubernetes.io/managed-by: kops
k8s-app: metrics-server
name: system:metrics-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:metrics-server
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: metrics-server.addons.k8s.io
app.kubernetes.io/managed-by: kops
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
ports:
- name: https
port: 443
protocol: TCP
targetPort: https
selector:
k8s-app: metrics-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: metrics-server.addons.k8s.io
app.kubernetes.io/managed-by: kops
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
replicas: 2
selector:
matchLabels:
k8s-app: metrics-server
template:
metadata:
labels:
k8s-app: metrics-server
spec:
containers:
- args:
- --secure-port=443
- --kubelet-use-node-status-port
- --metric-resolution=15s
- --kubelet-preferred-address-types=Hostname
- --cert-dir=/tmp
- --kubelet-insecure-tls
image: k8s.gcr.io/metrics-server/metrics-server:v0.5.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /livez
port: https
scheme: HTTPS
periodSeconds: 10
name: metrics-server
ports:
- containerPort: 443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /readyz
port: https
scheme: HTTPS
initialDelaySeconds: 20
periodSeconds: 10
resources:
requests:
cpu: 50m
memory: 128Mi
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /tmp
name: tmp-dir
nodeSelector:
kubernetes.io/os: linux
priorityClassName: system-cluster-critical
serviceAccountName: metrics-server
volumes:
- emptyDir: {}
name: tmp-dir
---
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: metrics-server.addons.k8s.io
app.kubernetes.io/managed-by: kops
k8s-app: metrics-server
name: v1beta1.metrics.k8s.io
spec:
group: metrics.k8s.io
groupPriorityMinimum: 100
insecureSkipTLSVerify: true
service:
name: metrics-server
namespace: kube-system
version: v1beta1
versionPriority: 100
---
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: metrics-server.addons.k8s.io
app.kubernetes.io/managed-by: kops
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
minAvailable: 1
selector:
matchLabels:
k8s-app: metrics-server

49
upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.18/cluster.yaml
View File

@ -1,49 +0,0 @@
apiVersion: kops.k8s.io/v1alpha2
kind: Cluster
metadata:
creationTimestamp: "2016-12-10T22:42:27Z"
name: minimal.example.com
spec:
addons:
- manifest: s3://somebucket/example.yaml
kubernetesApiAccess:
- 0.0.0.0/0
certManager:
enabled: true
channel: stable
cloudProvider: aws
configBase: memfs://clusters.example.com/minimal.example.com
etcdClusters:
- etcdMembers:
- instanceGroup: master-us-test-1a
name: master-us-test-1a
version: 3.1.12
name: main
- etcdMembers:
- instanceGroup: master-us-test-1a
name: master-us-test-1a
version: 3.1.12
name: events
iam: {}
kubernetesVersion: 1.18.0
masterInternalName: api.internal.minimal.example.com
masterPublicName: api.minimal.example.com
metricsServer:
enabled: true
insecure: false
additionalSans:
- proxy.api.minimal.example.com
networkCIDR: 172.20.0.0/16
networking:
cilium: {}
nonMasqueradeCIDR: 100.64.0.0/10
sshAccess:
- 0.0.0.0/0
topology:
masters: public
nodes: public
subnets:
- cidr: 172.20.32.0/19
name: us-test-1a
type: Public
zone: us-test-1a

83
upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.18/manifest.yaml
View File

@ -1,83 +0,0 @@
kind: Addons
metadata:
creationTimestamp: null
name: bootstrap
spec:
addons:
- id: k8s-1.16
manifest: kops-controller.addons.k8s.io/k8s-1.16.yaml
manifestHash: 690489ff0890c97cc29345ed9a6eb2c221cf98a759d5a03e2c0c6115c78c0ffe
name: kops-controller.addons.k8s.io
needsRollingUpdate: control-plane
selector:
k8s-addon: kops-controller.addons.k8s.io
version: 9.99.0
- manifest: core.addons.k8s.io/v1.4.0.yaml
manifestHash: 18233793a8442224d052e44891e737c67ccfb4e051e95216392319653f4cb0e5
name: core.addons.k8s.io
selector:
k8s-addon: core.addons.k8s.io
version: 9.99.0
- id: k8s-1.12
manifest: kube-dns.addons.k8s.io/k8s-1.12.yaml
manifestHash: 86f35e6bc4ffa375038449e4fba4b7c9c7d7aa731d3713b7103389d08661a72c
name: kube-dns.addons.k8s.io
selector:
k8s-addon: kube-dns.addons.k8s.io
version: 9.99.0
- id: k8s-1.8
manifest: rbac.addons.k8s.io/k8s-1.8.yaml
manifestHash: f81bd7c57bc1902ca342635d7ad7d01b82dfeaff01a1192b076e66907d87871e
name: rbac.addons.k8s.io
selector:
k8s-addon: rbac.addons.k8s.io
version: 9.99.0
- id: k8s-1.9
manifest: kubelet-api.rbac.addons.k8s.io/k8s-1.9.yaml
manifestHash: 01c120e887bd98d82ef57983ad58a0b22bc85efb48108092a24c4b82e4c9ea81
name: kubelet-api.rbac.addons.k8s.io
selector:
k8s-addon: kubelet-api.rbac.addons.k8s.io
version: 9.99.0
- manifest: limit-range.addons.k8s.io/v1.5.0.yaml
manifestHash: 2d55c3bc5e354e84a3730a65b42f39aba630a59dc8d32b30859fcce3d3178bc2
name: limit-range.addons.k8s.io
selector:
k8s-addon: limit-range.addons.k8s.io
version: 9.99.0
- id: k8s-1.12
manifest: dns-controller.addons.k8s.io/k8s-1.12.yaml
manifestHash: 158ef7d0836127e699c62529da8cb601f4aca8135c8126416dcd2c70086963af
name: dns-controller.addons.k8s.io
selector:
k8s-addon: dns-controller.addons.k8s.io
version: 9.99.0
- id: k8s-1.11
manifest: metrics-server.addons.k8s.io/k8s-1.11.yaml
manifestHash: 650aae104655b86ec6ccefc4f2d7c723703f4a39e5ffd1223a1cfe45c11e4dbe
name: metrics-server.addons.k8s.io
needsPKI: true
selector:
k8s-app: metrics-server
version: 9.99.0
- id: k8s-1.16
manifest: certmanager.io/k8s-1.16.yaml
manifestHash: 71dcc0409edb49a5b9bf52416ccdca68bc075167dc9604441cb3bd73b7bba149
name: certmanager.io
selector: null
version: 9.99.0
- id: v1.15.0
manifest: storage-aws.addons.k8s.io/v1.15.0.yaml
manifestHash: 065ae832ddac8d0931e9992d6a76f43a33a36975a38003b34f4c5d86a7d42780
name: storage-aws.addons.k8s.io
selector:
k8s-addon: storage-aws.addons.k8s.io
version: 9.99.0
- id: k8s-1.16
manifest: networking.cilium.io/k8s-1.16-v1.10.yaml
manifestHash: 472d1ede7b67d9a5dae1dd8b49312a238091233d56a184319e16df0027653d6f
name: networking.cilium.io
needsRollingUpdate: all
selector:
role.kubernetes.io/networking: "1"
version: 9.99.0

283
upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/metrics-server/secure-1.18/metrics-server.addons.k8s.io-k8s-1.11.yaml
View File

@ -1,283 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: metrics-server.addons.k8s.io
app.kubernetes.io/managed-by: kops
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: metrics-server.addons.k8s.io
app.kubernetes.io/managed-by: kops
k8s-app: metrics-server
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: system:aggregated-metrics-reader
rules:
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: metrics-server.addons.k8s.io
app.kubernetes.io/managed-by: kops
k8s-app: metrics-server
name: system:metrics-server
rules:
- apiGroups:
- ""
resources:
- pods
- nodes
- nodes/stats
- namespaces
- configmaps
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: metrics-server.addons.k8s.io
app.kubernetes.io/managed-by: kops
k8s-app: metrics-server
name: metrics-server-auth-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: metrics-server.addons.k8s.io
app.kubernetes.io/managed-by: kops
k8s-app: metrics-server
name: metrics-server:system:auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: metrics-server.addons.k8s.io
app.kubernetes.io/managed-by: kops
k8s-app: metrics-server
name: system:metrics-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:metrics-server
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: metrics-server.addons.k8s.io
app.kubernetes.io/managed-by: kops
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
ports:
- name: https
port: 443
protocol: TCP
targetPort: https
selector:
k8s-app: metrics-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: metrics-server.addons.k8s.io
app.kubernetes.io/managed-by: kops
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
replicas: 2
selector:
matchLabels:
k8s-app: metrics-server
template:
metadata:
labels:
k8s-app: metrics-server
spec:
containers:
- args:
- --secure-port=443
- --kubelet-use-node-status-port
- --metric-resolution=15s
- --kubelet-preferred-address-types=Hostname
- --tls-cert-file=/srv/tls.crt
- --tls-private-key-file=/srv/tls.key
- --kubelet-insecure-tls
image: k8s.gcr.io/metrics-server/metrics-server:v0.5.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /livez
port: https
scheme: HTTPS
periodSeconds: 10
name: metrics-server
ports:
- containerPort: 443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /readyz
port: https
scheme: HTTPS
initialDelaySeconds: 20
periodSeconds: 10
resources:
requests:
cpu: 50m
memory: 128Mi
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /srv
name: certs
- mountPath: /tmp
name: tmp-dir
nodeSelector:
kubernetes.io/os: linux
priorityClassName: system-cluster-critical
serviceAccountName: metrics-server
volumes:
- name: certs
secret:
secretName: metrics-server-tls
- emptyDir: {}
name: tmp-dir
---
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
annotations:
cert-manager.io/inject-ca-from: kube-system/metrics-server
creationTimestamp: null
labels:
addon.kops.k8s.io/name: metrics-server.addons.k8s.io
app.kubernetes.io/managed-by: kops
k8s-app: metrics-server
name: v1beta1.metrics.k8s.io
spec:
group: metrics.k8s.io
groupPriorityMinimum: 100
service:
name: metrics-server
namespace: kube-system
version: v1beta1
versionPriority: 100
---
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: metrics-server.addons.k8s.io
app.kubernetes.io/managed-by: kops
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
minAvailable: 1
selector:
matchLabels:
k8s-app: metrics-server
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
creationTimestamp: null
labels:
addon.kops.k8s.io/name: metrics-server.addons.k8s.io
app.kubernetes.io/managed-by: kops
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
dnsNames:
- metrics-server.kube-system.svc
duration: 2160h
issuerRef:
kind: Issuer
name: metrics-server.addons.k8s.io
renewBefore: 360h
secretName: metrics-server-tls
usages:
- server auth