kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,566 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

827 Commits

Author SHA1 Message Date
John Gardiner Myers 92cd47db1f Rename the service account key 2021-05-09 11:47:44 -07:00
Ole Markus With 4641aef4ed Use secure kubelet auth 
Without secure node auth enabled, commands like `kubectl logs` may fail
with certain configurations.

Previously, we checked if anonymousAuth was enabled on the kubelet
before securing node communication, but this isn't really relevant. We
can still authenticate even if anonymous access is allowed.
 2021-04-13 09:01:52 +02:00
Ciprian Hacman 54dc4aad88 Fix rendering of multiple Docker insecure registries 2021-03-12 16:32:25 +02:00
Justin SB da73f82e7b containerd installation: always configure, even if we don't install 
Even if we don't install containerd (e.g. ContainerOS or Flatcar), we
likely still need to configure it; particularly in the case of
kubenet.

Additionally, on ContainerOS we can't change the path from
/etc/containerd/config.toml, so we have to write it there.  We may in
future be able to use this on all distros.
 2021-02-16 08:48:22 +02:00
Justin SB 233a1a4a46 kubenet containerd: match upstream configuration 
Configure kubenet in containerd/CNI mode to match upstream configuration.

Biggest change is a move to the ptp plugin.

Co-authored-by: Ciprian Hacman <ciprian@hakman.dev>
 2021-02-13 18:28:26 -05:00
Ciprian Hacman 0a364be196 Always generate kops-controller certs 2021-02-08 10:55:01 +02:00
Ciprian Hacman 0c345e0c77 Add back support for kubenet style networking with containerd 2021-01-24 22:39:24 +02:00
Justin SB 9b08b86642 containerd: Add /etc/crictl config to enable crictl 
This configuration file means users don't have to pass the endpoint
to run crictl.
 2021-01-24 22:37:17 +02:00
Justin SB 33d27c7f50 Install dbus if needed for protokube with kope.io 2021-01-21 18:38:40 +02:00
Ciprian Hacman 3baec12b34 Add containerd config file to Flatcar based instances 2021-01-15 12:20:32 +02:00
Ciprian Hacman 19bf106c27 Remove support for Kubenet with containerd 2020-12-27 22:14:55 +02:00
Ciprian Hacman 1511bea9af Update docker.service file 2020-12-15 13:15:16 +02:00
Ciprian Hacman 0388cadcac Update containerd.service file 2020-12-15 13:15:16 +02:00
Ciprian Hacman ab4c136a47 Mount /lib64 for Protokube only on AMD64 2020-12-10 07:51:26 +02:00
Rodrigo Menezes 2ae4f60be7 Allow setting CPU limit and Mem request / limit for kube API 2020-11-23 11:26:09 -08:00
John Gardiner Myers 4999f7c2fb Use separate domain for kops-controller bootstrap 2020-11-18 00:21:36 -08:00
Ciprian Hacman ed3f3a7493 Install container runtime packages as assets - Code Review 1 2020-10-27 20:24:31 +02:00
Ciprian Hacman 079e2ef806 Install container runtime packages as assets - Tests 2020-10-27 20:24:31 +02:00
Ciprian Hacman 9533190de6 Install container runtime packages as assets - Misc 2020-10-27 20:24:31 +02:00
Ciprian Hacman 7182b9e2ae Install container runtime packages as assets - Main 2020-10-27 20:24:31 +02:00
Ole Markus With 879b445ec1 Fix circular dependency in tasks related to cilium certs 2020-10-24 09:42:12 +02:00
Ole Markus With 4aae530b03 Fix circular dependency in tasks related to kubelet serving cert 2020-10-24 09:42:12 +02:00
AkiraFukushima 4e4c4a1e16 Install wireguard OS package in nodeup 2020-10-11 15:53:11 +09:00
Kubernetes Prow Robot cc41bba0cf
Merge pull request #10022 from olemarkus/metrics-server 
Kubelet serving certificate and metrics server addon
 2020-10-09 03:09:07 -07:00
Ciprian Hacman d0349fd6bb Open etcd port only when Calico uses "etcd" datastore 2020-10-09 09:33:38 +03:00
Ole Markus With 466dcd001e Apply suggestions from code review 
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-10-09 08:27:08 +02:00
Ole Markus With 809aa93634 Make use of kubelet service certificate 2020-10-09 08:27:08 +02:00
Ole Markus With 1d922af364 Pass cloud into populate cluster 2020-09-24 07:22:13 +02:00
Ole Markus With 7bc17f4b1f Build cloud outside of PerformAssignments 
We tend to build cloud, call some method, and then build cloud over
again. It would be easier to just pass the first one along.

Passing along cloud would also make it easier to mock cloud.
 2020-09-23 07:54:28 +02:00
Ciprian Hacman 96e3fefd85 Update Docker to v19.03.13 2020-09-18 12:14:43 +03:00
Ciprian Hacman fcc486d250 Update containerd to v1.4.1 2020-09-18 10:01:30 +03:00
Ole Markus With 6efb91a15b Don't write application credentials to cloud config unless external CCM is enabled 2020-09-15 09:45:09 +02:00
Ciprian Hacman 07ffd665a7 Allow container runtime to run before BootstrapKubeconfig 2020-09-12 08:13:40 +03:00
Kubernetes Prow Robot 4604fa53b3
Merge pull request #9899 from olemarkus/remove-insecure-bind-address 
Don't explicitly set insecure-bind-address on newer k8s
 2020-09-09 03:25:53 -07:00
Ole Markus With 886b4c97cb Don't explicitly set insecure-bind-address on newer k8s 2020-09-09 11:41:51 +02:00
Ole Markus With 192d6a46f9 Errors when encryptionConfig is enabled, but no encryptionconfig secret 
When encryptionConfig is enabled, but the secret is missing, there is no
visible errors anywhere. kube-apiserver just goes into a crashloop
without any complains. This PR adds warnings both on the client side and
through nodeup.
 2020-09-08 17:46:18 +02:00
Justin SB 786423f617 Expose JWKS via a feature-flag 
When the PublicJWKS feature-flag is set, we expose the apiserver JWKS
document publicly (including enabling anonymous access).  This is a
stepping stone to a more hardened configuration where we copy the JWKS
document to S3/GCS/etc.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-08-30 10:15:11 -04:00
Justin SB 2be21562a9 Support writing a full certificate chain 
This means that our https endpoint will serve the ca.crt as well.
 2020-08-25 11:09:04 -04:00
Ciprian Hacman f267c54b9a Stop trying to pull the Protokube image 2020-08-25 09:04:45 +03:00
Kubernetes Prow Robot f1a0e0312f
Merge pull request #9777 from hakman/containerd-1.4.0 
Add support for containerd v1.4.0
 2020-08-18 14:45:11 -07:00
Kubernetes Prow Robot bacd944dea
Merge pull request #9776 from johngmyers/cni-client-certs 
Issue the cilium etcd client cert out of kops-controller
 2020-08-18 08:13:30 -07:00
Ciprian Hacman 537ad60191 Add support for containerd v1.4.0 2020-08-18 10:04:18 +03:00
Kubernetes Prow Robot ffe3b3468d
Merge pull request #9766 from hakman/distros 
Use /etc/os-release to identify the distribution
 2020-08-17 22:37:30 -07:00
John Gardiner Myers 07220797b4 Issue the cilium etcd client cert out of kops-controller 2020-08-17 21:15:34 -07:00
John Gardiner Myers 2d898fa645 Inline some methods 2020-08-17 00:18:00 -07:00
John Gardiner Myers b6947ccaee Use kops-controller to issue kube-router cert 2020-08-16 23:40:38 -07:00
John Gardiner Myers 8e43c1d637 Use kops-controller to issue kube-proxy cert 2020-08-16 23:36:42 -07:00
Ciprian Hacman 22ec1512dc Use numbers for distribution names 2020-08-17 07:25:43 +03:00
Ciprian Hacman e68ee80a93 Move and rename the "distros" package 2020-08-17 07:25:43 +03:00
Peter Rifel 4d9f0128a3
Upgrade to klog2 
This splits up the kubernetes 1.19 PR to make it easier to keep up to date until we get it sorted out.
 2020-08-16 20:56:48 -05:00