kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
21,244 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

2723 Commits

Author SHA1 Message Date
Peter Rifel dc1aa0d3b4
Migrate IAM EC2 Service generation to aws-sdk-go-v2 2024-04-18 20:37:11 -04:00
Peter Rifel dd3d64943f
Migrate remaining EC2 resource types to aws-sdk-go-v2 2024-04-13 16:01:39 -04:00
Peter Rifel f0c0c29121
Migrate EC2 Networking resource types to aws-sdk-go-v2 2024-04-13 16:01:39 -04:00
Ciprian Hacman 0b2f67a524 azure: Default route table name to cluster name 2024-04-07 15:16:38 +03:00
Kubernetes Prow Robot 915fa67fec
Merge pull request #16446 from rifelpet/aws-sdk-go-v2-autoscaling 
Migrate autoscaling to aws-sdk-go-v2
 2024-04-01 07:09:34 -07:00
Kubernetes Prow Robot 393aac40df
Merge pull request #16440 from aauren/kube-router_v2.X 
Update kube-router to v2.1.0
 2024-03-31 23:05:34 -07:00
Peter Rifel d4d39eb0fe
Migrate autoscaling to aws-sdk-go-v2 2024-03-31 23:04:06 -05:00
Peter Rifel 0dcbf23df2
Migrate aws-sdk-go/aws to aws-sdk-go-v2/aws 2024-03-31 16:56:31 -05:00
Aaron U'Ren 821ab18649
iam_builder.go: ensure kube-router src/dst permissions 2024-03-31 13:16:28 -05:00
Peter Rifel 60bfbbc418
Remove unused error 2024-03-31 08:54:59 -05:00
Peter Rifel c4be1082fc
Use lower case package import alias 2024-03-31 08:54:44 -05:00
Peter Rifel 2626a354c5
Migrate ELB to aws-sdk-go-v2 2024-03-31 07:28:28 -05:00
Peter Rifel 7b8bcc46d9
Migrate elbv2 to aws-sdk-go-v2 2024-03-30 13:53:40 -05:00
Kubernetes Prow Robot e594c4dc92
Merge pull request #16435 from rifelpet/aws-sdk-go-v2-iam 
Migrate IAM to aws-sdk-go-v2
 2024-03-30 09:55:32 -07:00
Peter Rifel 8882bcbafb
Migrate IAM to aws-sdk-go-v2 2024-03-30 10:46:57 -05:00
justinsb 192b880434 chore: refactor MirroredAsset into assets 
This seems logically coherent, and is part of the work to start using
compiled-in hashes for most well-known assets.
 2024-03-30 10:34:27 -04:00
Peter Rifel 8191e78838
Update EventBridge to aws-sdk-go-v2 2024-03-29 07:05:36 -05:00
Peter Rifel 0290a7e8d7
Migrate some packages to aws-sdk-go-v2 2024-03-23 19:42:28 -05:00
Anders Ingemann a902f9ee04
aws/cert-manager: Tighten IAM permissions for cert-manager 
This change restricts which record types and domain prefixes
cert-manager is allowed to change for DNS01 acme challenges.

Only _acme-challenge.* TXT records may be created/updated/removed.

Implements kubernetes/kops#15680
 2024-03-19 09:56:16 +01:00
Justin Santa Barbara f0537f4301
Release 1.29.0-beta.1 (#16406) 2024-03-14 17:58:17 -07:00
Kubernetes Prow Robot abe05faf6e
Merge pull request #16272 from sl1pm4t/gcp/alias-ip-range-size 
gce: Set node IP Alias range to match NodeCIDRMaskSize
 2024-03-14 09:13:59 -07:00
justinsb 4423b79959 aws: expose port 8443 when using NLB with a custom certificate 
We dropped the security group rules for this when moving to NLB
security groups; add them back.

Issue #16024
 2024-03-12 21:41:47 -04:00
Ciprian Hacman dee3ecc530 Fix bootstrap script proxy test 2024-03-06 06:46:30 +02:00
Ciprian Hacman 23dba06436 hack/update-expected.sh 2024-03-06 06:23:37 +02:00
Ciprian Hacman ee1ab922c0 Fix shellcheck warnings for bootstrap script proxies section 2024-03-06 06:23:37 +02:00
Ciprian Hacman 723d5a31b7 hack/update-expected.sh 2024-03-03 13:29:32 +02:00
Ciprian Hacman 3325f260f8 Fix shellcheck warnings for bootstrap script 2024-03-03 13:29:31 +02:00
Ciprian Hacman 66d4e9b559 Add validation to help users move from usePolicyConfigMap 2024-02-28 21:52:52 +02:00
Ciprian Hacman 770e56e010 gce: Limit backend names to 63 chars 2024-02-25 18:20:07 +02:00
Ciprian Hacman 97a0800b88 gce: Limit health check names to 63 chars 2024-02-25 08:40:18 +02:00
justinsb da233efe11 gce: Prune old forwarding rules 
Now that we create an new forwarding rule for kops-controller, we want
to remove the old one after the rolling-update.
 2024-02-24 12:20:20 -05:00
justinsb ba7facff41 gce: Always create an internal load balancer 
When we create a external load balancer on GCE, we now also create an
internal load balancer.  The internal load balancer is used for
node/pod -> control-plane traffic, the external load balancer is used
for other traffic (e.g. "user" traffic to kube-apiserver).

This means that we can apply more granular firewall rules, and
generally avoid complex logic around discovery of the internal control
plane addresses for GCE.
 2024-02-24 12:20:19 -05:00
Ciprian Hacman 5a4778f77c aws: Update EBS CSI driver to v1.28.0 2024-02-20 04:48:34 +02:00
Ciprian Hacman 83c88db90a Update Cilium to v1.15.1 2024-02-18 10:28:26 +02:00
justinsb 2a9343a168 Generate revisions of NLB objects, and introduce cleanup phase 
This lets us safely make changes to otherwise immutable fields, in
particular for adding security groups to NLBs created without them.

We detect the older versions, and create deletion tasks to remove
them.  These tasks can be deferred, and we expect them to be
deferred to a "prune" phase that runs after cluster apply.

Co-authored-by: Ciprian Hacman <ciprian@hakman.dev>
 2024-02-17 11:41:15 -05:00
Peter Rifel 70da572ed8
Use pkg/model/iam for building SQS queue policy 2024-02-14 17:39:45 -06:00
Peter Rifel 3f74f21b7e
Update IAM Policy Principal.Service to stringorset 2024-02-14 17:39:43 -06:00
Kubernetes Prow Robot 9f43b03546
Merge pull request #16351 from rifelpet/iam-policy-refactor 
Refactor IAM Policy Builder
 2024-02-13 09:21:31 -08:00
Peter Rifel 4643c66f6b
./hack/update-expected.sh 2024-02-12 22:42:14 -06:00
Peter Rifel b5264488cb
Rename stringorslice package to stringorset 2024-02-12 22:42:13 -06:00
Peter Rifel f098401c49
Rename StringOrSlice to StringOrSet, sort lists 2024-02-12 21:37:27 -06:00
Peter Rifel 21804bf631
Migrate to non-deprecated Sets implementation 2024-02-12 21:12:27 -06:00
Ciprian Hacman eb1dd59e3c azure: Replace lb.ForAPIServer with lb.WellKnownServices 2024-02-11 11:06:17 +02:00
Ciprian Hacman 4198b19438 azure: Migrate model to new SDK version 2024-02-09 04:38:33 +02:00
justinsb bd8cce06ae refactor: Drop TargetGroups from NetworkLoadBalancer task 
They are not needed, they were only used for dependency ordering (and
we now have that dependency on the split out listener task)
 2024-02-04 18:09:17 -05:00
justinsb c35c754eff Refactor: Split out NLB Listener into its own task 
This allows us to use more of our task machinery, including dependency
analysis.  The intent is that we'll be able to support multiple
LoadBalancers and TargetGroups.
 2024-02-04 15:52:25 -05:00
zadjadr 656b3a6956
Update to cilium 1.15 2024-02-02 19:37:04 +01:00
Kubernetes Prow Robot 1067b6279b
Merge pull request #16294 from justinsb/wait_should_be_an_attribute 
refactor: wait for load balancer readiness using a private field
 2024-02-01 16:08:54 -08:00
Jesse Haka b5d1ee8245 update containerd & runc versions 2024-02-01 15:05:55 +02:00
justinsb 086af6458e refactor: wait for load balancer readiness using a private field 
This approach is more explicit than looking at the names of the target
groups, and using a private field is simpler.
 2024-01-29 09:34:56 -05:00