12 Commits

Author	SHA1	Message	Date
John Gardiner Myers	0d9c130b07	Remove use of ClusterSpec in nodeup	2023-08-09 18:12:37 -07:00
Justin SB	c67f895226	Perform challenge callbacks into a node ... In order to verify that the caller is running on the specified node, we source the expected IP address from the cloud, and require that the node set up a simple challenge/response server to answer requests. Because the challenge server runs on a port outside of the nodePort range, this also makes it harder for pods to impersonate their host nodes - though we do combine this with TPM and similar functionality where it is available.	2023-05-06 08:03:21 -04:00
Ciprian Hacman	61eaeddb9b	Serve secrets from kops-controller for nodes without state store access	2022-11-15 14:51:54 +02:00
John Gardiner Myers	191df58267	Verify CA keypair IDs for kops-controller-issued certs	2021-07-14 08:15:28 -07:00
John Gardiner Myers	4a47614e62	Simplify config server protocol	2021-06-26 09:56:47 -07:00
John Gardiner Myers	1752f0f4db	Move most of nodeup.Config out of userdata	2021-06-25 22:25:49 -07:00
John Gardiner Myers	09259ad30f	Remove unused field	2021-06-12 16:05:53 -07:00
John Gardiner Myers	eb09d31a3c	Pass AuxConfig to nodeup	2021-06-03 21:04:21 -07:00
Justin SB	4ac9d5c17b	Boot nodes without state store access ... kops-controller can now serve the instance group & cluster config to nodes, as part of the bootstrap process. This enables nodes to boot without access to the state store (i.e. without S3 / GCS / etc permissions) Feature-flagged behind the KopsControllerStateStore feature-flag.	2021-01-09 13:08:48 -05:00
zouyu	2e6b50f9e4	Some typos ... Signed-off-by: zouyu <zouy.fnst@cn.fujitsu.com>	2020-11-03 16:28:30 +08:00
John Gardiner Myers	bec273ebf1	Implement signing of kubelet cert in kops-controller	2020-08-15 10:30:20 -07:00
John Gardiner Myers	9c01e1f44d	Send bootstrap query from nodeup to kops-controller	2020-08-15 09:50:08 -07:00