kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
20,972 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

279 Commits

Author SHA1 Message Date
John Gardiner Myers 8473e8b2e7 Stop making MasterInternalName configurable 2022-11-16 22:06:02 -08:00
Kubernetes Prow Robot 6f2ded7fb2
Merge pull request #14501 from hakman/kops-controller_for_config 
Boot nodes without state store access
 2022-11-16 08:32:50 -08:00
Bronson Mirafuentes 5a3ed44773 use sprig join for template functions 2022-11-15 08:59:05 -08:00
Ciprian Hacman 61eaeddb9b Serve secrets from kops-controller for nodes without state store access 2022-11-15 14:51:54 +02:00
Moshe Shitrit 0284232011 hack/update-expected 2022-11-08 11:32:35 -05:00
Moshe Shitrit b9e61d95d6 update defaults for aws-cni based on upstream template 2022-11-08 11:21:24 -05:00
Ciprian Hacman c9d1eb9761 hetzner: Use kops-controller for node bootstrap 2022-11-02 12:43:25 +02:00
John Gardiner Myers 4b95aec920 Move GCE project under CloudProvider in v1alpha3 API 2022-10-21 15:59:20 -07:00
Ciprian Hacman dc98c74428 Move Gossip check to cluster struct 2022-10-21 09:48:07 +03:00
Jesse Haka c92f211862 bump Openstack ccm version 2022-10-16 21:02:24 +03:00
Jesse Haka 9aba3e62b0 update k8s openstack 2022-10-11 10:12:08 +03:00
Jesse Haka 9fc29eec36 incr 1.24 version 2022-10-10 11:21:22 +03:00
Jesse Haka d459b2432a update k8s cloudprovider openstack images 2022-10-10 09:17:22 +03:00
Ciprian Hacman 85026145a1 Always infer gossip DNS from cluster name 2022-10-02 12:54:37 +03:00
Ciprian Hacman d8b92aafae hetzner: Generate CCM args from external CCM config 2022-09-21 08:17:32 +03:00
Ciprian Hacman c783aa357d Add support for using an existing network for Hetzner 2022-09-18 12:35:23 +03:00
Ole Markus With 25901b8876 Don't add previous-gen instances to Karpenter provisioners 
Previous-gen instances lack a lot of features. For example CCM will fail to update NLBs if these are added to the cluster.
 2022-08-10 13:04:29 +02:00
Peter Rifel 9c7202ce06
Use control-plane node role for AWS IAM Authenticator 2022-07-11 19:10:59 -06:00
Kubernetes Prow Robot d1c338ff19
Merge pull request #13917 from ReillyBrogan/reilly/cilium1116 
Update Cilium to 1.11.6
 2022-06-30 11:32:08 -07:00
Reilly Brogan f3a421d600 Update Cilium to 1.11.6 2022-06-29 13:18:21 -05:00
Ciprian Hacman 7fbe0454f2 Use Calico v3.23 for Kubernetes 1.22+ 2022-06-29 17:17:33 +03:00
Ole Markus With 6dbfd0d359 Fix PDB api version for a set of addons 2022-06-12 22:09:29 +02:00
Jesse Haka 9fe1994d99 update openstack ccm + csi 2022-06-02 08:44:38 +03:00
Ciprian Hacman b5f14b589b Add initial support for Hetzner Cloud 2022-05-09 06:12:15 +03:00
Moshe Shitrit c7513f5eba add all the default env vars for amazon-vpc-cni 2022-04-28 08:51:16 -04:00
Ole Markus With 79d9fa6aa7 Don't run the CSI snapshot plugin if snapshot controller is not installed 2022-04-02 21:51:20 +02:00
Ole Markus With d7cb3bb1f7 Add user to container securityContext and remove command 2022-03-07 15:09:51 +01:00
John Gardiner Myers cac727c357 Make cloudProvider a struct in v1alpha3 API 2022-03-02 21:59:49 -08:00
John Gardiner Myers 70f7d9bdb2 Use function to get cloud provider from cluster spec 2022-03-02 21:59:47 -08:00
Kubernetes Prow Robot cb1a3a1ef8
Merge pull request #13311 from zetaab/fixocversions 
use own function to define CSI image version
 2022-03-01 22:33:15 -08:00
Jesse Haka fa0311e8a3 use own function to define CSI image version 2022-03-01 15:03:19 +02:00
AkiraFukushima c8710203ba
Add support to install EKS Pod Identity Webhook 2022-02-20 18:33:50 +09:00
Kubernetes Prow Robot 7714964963
Merge pull request #13266 from olemarkus/validate-taints 
Validate taints in IG spec
 2022-02-17 21:44:22 -08:00
John Gardiner Myers b41cca38d5 Enable RBN with AWS CCM 1.22.0-alpha.1 2022-02-16 22:21:30 -08:00
Ole Markus With 61bcdd7d72 Validate taints in IG spec 2022-02-16 20:33:17 +01:00
Jiahui Feng fc6d122bf8 use pkg/flagbuilder to build argv 2022-02-07 15:11:22 -08:00
Kubernetes Prow Robot 1bb4e1b31f
Merge pull request #13136 from zetaab/bugixfor123 
use 1.23.1 ccm for openstack
 2022-02-07 03:19:43 -08:00
justinsb fbc5e36351 Fix nil pointer when IAM not populated 
Unlikely to happen outside of tests, but an easy fix.
 2022-01-30 14:58:39 -05:00
Jesse Haka 1df4b80183 use 1.23.1 ccm for openstack 2022-01-21 12:27:52 +02:00
Ole Markus With ea9d0de847 Handle default in templating instead of ig population 2021-12-30 09:01:43 +01:00
Ole Markus With 655d63cec1 Use instance requirements to get a wider set of instance types by default 2021-12-29 20:14:58 +01:00
Ole Markus With abcab2b327 Support attribute based instance type selection for karpenter 2021-12-29 20:14:57 +01:00
Ole Markus With 0f4783d7a3 Fix typo in parameter name 2021-12-26 07:17:39 +01:00
Ole Markus With 468280d3f2 Improve HA for various addons 2021-12-24 08:53:27 +01:00
Ole Markus With f7e86b9521 Tag ENIs with k8s tags 2021-12-22 21:16:19 +01:00
Ole Markus With b2104ab274 Bump karpenter to 0.5.3 and RBN support 2021-12-19 21:53:07 +01:00
Ole Markus With d987d4ac1a Rename SupportedArchitecture to architectureOfAMI 2021-12-13 09:14:24 +01:00
Ole Markus With 794cb72112 Karpenter addon 
Constrain the instance types to what is supported by the AMI

Add taints and label to karpenter provisioner

Add instance types to karpenter provisioner
 2021-12-12 19:33:41 +01:00
John Gardiner Myers 73f164e229 Use instance ID as node name when AWS CCM supports it 2021-11-30 17:54:54 -08:00
John Gardiner Myers a502a37990 Support NodeLocalDNS on IPv6 clusters 2021-11-28 15:55:16 -08:00
justinsb 6133250046 gossip: support resolution of k8s.local names from pods 
We add the hosts plugin to CoreDNS, and we populate a ConfigMap from
kops-controller (when in gossip mode).

This enables resolution of the internal apiserver DNS name from Pods,
even when gossip mode (k8s.local) is in use.  This should fix the
failing e2e tests which are assuming that the name in the JWT token is
resolvable from inside the cluster.

This is also a possible step towards a simpler gossip mode, now that
we have a central controller.
 2021-11-19 11:02:15 -05:00
justinsb 0c696d41d3 Create supporting services in kops-controller for gossip-mode 
The intent is that we can then expose these via CoreDNS, so that
internal name resolution will work.
 2021-11-19 11:02:10 -05:00
John Gardiner Myers 1001f1fbd7 Upgrade amazonvpc to v0.10.1 2021-11-15 18:54:24 -08:00
John Gardiner Myers 241e0558cd Watch Ingress by default when using the external-dns provider 2021-11-07 15:17:01 -08:00
John Gardiner Myers 2cebd7ece5 dns-controller: Filter node InternalIPs by pod network families 2021-10-30 13:28:39 -07:00
John Gardiner Myers 7cb4fbe91e Never masquerade IPv6 with Cilium 2021-10-27 23:40:02 -07:00
justinsb 4dc2c062fd Support GCE TPM verification 2021-10-06 08:40:20 -04:00
Nicolas Sterchele 2584e4133d cloudup: add nindent fct reference to templatefunctions 2021-10-04 15:17:03 +02:00
John Gardiner Myers 0fd4dca30e Remove dead code 2021-10-02 20:58:55 -07:00
Jeroen van Erp c30ec8e310
Add ability to provide custom CoreDNS Tolerations and Affinity 
Signed-off-by: Jeroen van Erp <jeroen@hierynomus.com>
 2021-09-28 17:05:48 +02:00
Peter Rifel 42ecabae28
Allow aws-iam-authenticator to be scheduled onto dedicated apiserver nodes 2021-09-26 11:09:30 -05:00
Reilly Brogan bce435da1c Add bidirectional BPF mount for Cilium >= 1.9.10 or >= 1.10.4 
- Cilium versions 1.10.4 and 1.9.10 now auto-mount the bpf file-system automatically
- Also remove redundant capabilities (these are already automatically granted by virtue of this being a privileged container)
 2021-09-23 13:01:58 -05:00
Ole Markus With 88bd1953ce Have kops-controller assign instance ipv6 prefix to node 2021-09-16 19:25:19 +02:00
Peter Rifel 6a53285ffe
Move AWS CCM image logic into pkg/model and add 1.21 and 1.22 images 2021-09-08 20:56:39 -05:00
Jesse Haka bb35842eba use ipip Always by default in OpenStack 2021-09-07 17:08:54 +03:00
Ole Markus With ec2dcfca48 Set NodeIPFamilies in ipv6 mode 2021-09-03 08:31:09 +02:00
Ole Markus With 0152c23c1e Remove externaldns feature flag 2021-08-27 06:30:01 +02:00
Ole Markus With 38f805c5ef Make external-dns a drop-in for dns-controller 
Support TXT records
 2021-08-27 06:24:47 +02:00
Ole Markus With 0439bb0d76 Remove UseServiceAccountIAM feature flag and rename feature to UseServiceAccountExternalPermissions 2021-08-07 21:20:03 +02:00
Ole Markus With 1839b1ac47 Revert most of #12023 and keep awslbc on CP nodes 2021-08-05 19:30:27 +02:00
Ole Markus With d31c682506 Set vpc-id on aws lbc 2021-07-19 15:14:15 +02:00
Kubernetes Prow Robot 89ad2bc453
Merge pull request #11810 from hakman/ipv6_disable_calico_awssrcdstcheck 
Enable cross-subnet mode with Calico by default
 2021-06-25 01:08:45 -07:00
Ciprian Hacman a12b3145ee Enable cross-subnet mode with Calico by default 2021-06-25 07:13:20 +03:00
Moshe Shitrit 6dee0ad09e Comment-out hardcoded default values and add the overriden ones as template functions for ease of customization 
Update auto-generated files
 2021-06-22 12:26:28 +03:00
John Gardiner Myers c0b54d980d Enable IPv6 support for Cilium 2021-06-13 20:47:44 -07:00
Ole Markus With 2fb1861528 Update CAS manifest 
Upstream examples were missing a number of improvements.
This commit also adds template functions for making controllers such as CAS more HA on HA clusters
 2021-05-19 16:12:51 +02:00
Ole Markus With 22f3a4aff8 Add default tags to LB controller and cilium eni resources 2021-05-18 19:02:40 +02:00
Alexander Block 859171eeac Sort --extra-tags of ebs-csi-driver 
Without sorting, the order is random and thus causes unnecessary cluster
updates.
 2021-05-10 07:17:47 +02:00
Jason Haugen 36722afb0f change casing Asg->ASG 2021-04-22 13:07:01 -05:00
Jason Haugen 7e48dad4d2 add ManagedAsgTag, merge templates, improve docs 2021-04-19 16:51:08 -05:00
Jason Haugen a2cc750d62 fix sqs url for china 2021-04-19 15:43:06 -05:00
Jason Haugen cceb9dd296 lifecycle integ test, docs, & small cleanup 2021-04-19 15:43:06 -05:00
Jason Haugen 10df4a9a14 integ tests 2021-04-19 15:43:05 -05:00
Ole Markus With dbd23473ef Add irsa support for awslbcontroller 
This commit also introduces support for adding token projection volumes for well-known SAs.
Slightly less complicated than explicitly parsing the objects for a manifest
 2021-04-04 21:24:07 +02:00
Ole Markus With 20bd724f5e Add support for scaling out the control plane with dedicated apiserver nodes 
Ensure apiserver role can only be used on AWS (because of firewalling)

Apply api-server label to CP as well

Consolidate node not ready validation message

Guard apiserver nodes with a feature flag

Rename Apiserver role to APIServer

Add an integration test for apiserver nodes

Rename Apiserver role to APIServer

Enumerate all roles in rolling update docs

Apply suggestions from code review

Co-authored-by: Steven E. Harris <seh@panix.com>
 2021-03-20 20:57:00 +01:00
Alexander Block 54c509b33c Add CloudLabels as --extra-tags to aws-ebs-csi driver 2021-03-04 12:07:11 +01:00
AkiraFukushima 36acadca59 Fill Role names in kops-controller-config instead of instance profile names when it is specified 
The role names are checked in node bootstrap.
If profile names are provided, bootstrap will fail.
Because profile name and role name do not always mactch in AWS IAM
 2021-02-11 14:28:49 +09:00
Steven E. Harris f0f45b71fd Allow use of Calico's VXLAN networking backend 
Introduce a new "encapsulationMode" field in Calico's portion of the
Cluster specification to allow switching between the the IP-in-IP and
VXLAN encapsulation protocols. For now, we accept the values "ipip"
and "vxlan," and forgo a possible "none" value that would disable
encapsulation altogether (at least for the default Calico IP pool).

Augment the default-populating procedure for Calico to take this field
into account when deciding both which networking backend to use and
whether to use IP-in-IP or VXLAN encapsulation for the default IP
pool. Note that these values supplied for the "CALICO_IPV4POOL_IPIP"
and "CALICO_IPV4POOL_VXLAN" environment variables in the "calico-node"
DaemonSet pod spec only matter for creating the "default" IPPool pool
object when no such objects already exist.

Generalize the documentation for the "crossSubnet" field to cover
environments more broad than just AWS, as Calico can employ this
selective encapsulation in any environment in which it can detect
boundaries between subnets.
 2020-12-18 10:55:11 -05:00
Ciprian Hacman 2844abd225 Delay defaulting to CoreDNS to k8s v1.20 2020-12-16 08:12:04 +02:00
Nick Turner c9feb36f3f Add aws-cloud-controller-manager config to addons 
- Config at aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml.template
- AWSCCMTag function for CCM image tag
 2020-11-30 01:35:07 -08:00
Ole Markus With 3721bbb76b Upgrade sprig to v3 2020-11-07 20:41:02 +01:00
Ole Markus With a7c7af4e97 Don't let node-local-dns add iptables rules 
Since we use the local IP we don't need the iptables rule for the cluster dns IP
 2020-10-16 12:46:16 +02:00
Ole Markus With fdaf5eb38d UseKopsControllerForNodeBootstrap instead of k8s versoin to determine secure tls 2020-10-09 10:18:02 +02:00
Ole Markus With 809aa93634 Make use of kubelet service certificate 2020-10-09 08:27:08 +02:00
liranp 15cc0fefae
feat(spot): upgrade the cluster controller (v1.0.67) 2020-10-01 18:24:31 +03:00
Kubernetes Prow Robot 4508406515
Merge pull request #9908 from rdrgmnzs/CacheNodeidentityInfo 
Allow caching of Nodeidentity Info in kops-controller for AWS.
 2020-09-09 13:01:44 -07:00
Rodrigo Menezes 4c057f138a Allow caching of Nodeidentity Info in kops-controller for AWS to reduce the number of DescribeInstances API calls. 2020-09-09 22:11:29 +03:00
Ole Markus With a0e9fab104 Implement cluster autoscaler as bootstrap addon 
Use provider-agnostic node definition for cas instead of aws auto-discovery

Validate clusterAutoscalerSpec

Add spec documentation

Add cas docs

Make CRDs

Apply suggestions from code review

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>

Add enabled flag to cas config

Apply suggestions from code review

Co-authored-by: Guy Templeton <guyjtempleton@googlemail.com>

Add support for custom cas image

Support more k8s versions

Use full image names
 2020-09-03 09:52:13 +02:00
John Gardiner Myers 07220797b4 Issue the cilium etcd client cert out of kops-controller 2020-08-17 21:15:34 -07:00
John Gardiner Myers d05f9a3eff Don't issue certs for features not enabled 2020-08-16 23:40:43 -07:00