* feat(karpenter): Upgrade to version 0.27.0
Upgrade Karpenter to current last stable version `0.27.0`.
Template have been updated to use the same templates than the Helm chart.
* feat(karpenter): Use AWSNodeTemplate for launchTemplate
To set Launch Templates is deprecated into the provisioner, it is recommends using the `AWSNodeTemplate` to set it.
Ref:
- https://karpenter.sh/v0.27.0/concepts/node-templates/
* feat(karpenter): Enable pruning addon
* Use extra flags in upgrade-ab scenario test
* feat(karpenter): Drop `karpenter` feature flag
* feat(karpenter): Add release note for `1.27`
* feat(karpenter): Upgrade to version 0.27.3
* feat(karpenter): fix template
* feat(karpenter): Upgrade to version 0.27.5
* Update Karpenter documentation with depending kops version
* Delete KOPS_FEATURE_FLAGS from e2e test `run-test`
* Run hack/update-expected.sh
This feature installs platform CSI drivers so they support
SELinuxMountReadWriteOncePod. This assumes the operating system on all
nodes supports SELinux!
GCE support seems stable now, and we have good clarity at the API
level and how that translates to GCP resources, which was our blocker
previously.
Drop the need for the feature-flag.
Hidden behind a feature-flag, but when the UseAddonOperators feature
flag is set, we now use the cluster-addons CoreDNS operator instead of
our built-in manifests.
Ensure apiserver role can only be used on AWS (because of firewalling)
Apply api-server label to CP as well
Consolidate node not ready validation message
Guard apiserver nodes with a feature flag
Rename Apiserver role to APIServer
Add an integration test for apiserver nodes
Rename Apiserver role to APIServer
Enumerate all roles in rolling update docs
Apply suggestions from code review
Co-authored-by: Steven E. Harris <seh@panix.com>
kops-controller can now serve the instance group & cluster config to
nodes, as part of the bootstrap process.
This enables nodes to boot without access to the state
store (i.e. without S3 / GCS / etc permissions)
Feature-flagged behind the KopsControllerStateStore feature-flag.
This should be much easier to start and to get under testing; it only
works with a load balancer, it sets the apiserver into anonymous-auth
allowed, it grants the anonymous auth user permission to read our jwks
tokens. But it shouldn't need a second bucket or anything of that
nature.
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
When the PublicJWKS feature-flag is set, we expose the apiserver JWKS
document publicly (including enabling anonymous access). This is a
stepping stone to a more hardened configuration where we copy the JWKS
document to S3/GCS/etc.
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
Jan Safranek
Ciprian Hacman
justinsb
Tone
srikiz
Leïla MARABESE
Ole Markus With
liranp
Kubernetes Prow Robot
Peter Rifel
John Gardiner Myers
Bharath Vedartham
Kenji Kaneda
Barry Melbourne
Rodrigo Menezes