kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
19,806 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

127 Commits

Author SHA1 Message Date
justinsb ca67b1ca1e Refactor: rename IsGossip -> UsesLegacyGossip 
We want to be able to use "dns=none" (without peer-to-peer gossip)
even for clusters that have the k8s.local extension.  These were
previously called "gossip clusters", but really that is an
implementation; what actually matters to users is that they don't rely
on writing records into a DNS zone (such as Route53).
 2023-05-22 21:50:16 -04:00
justinsb b835184ea4 gce: fix icmpv6 in firewalls 
IPv6 in firewalls must use icmpv6, not icmp.  Remap in our ipv6
generator for simplicity.
 2023-04-25 20:59:47 -04:00
justinsb be588e830f gce: set ip address family on all FirewallRule tasks 
We had missed a few code paths previously.
 2023-04-18 03:45:09 -04:00
Kubernetes Prow Robot 4cbcbf251b
Merge pull request #15281 from justinsb/gce_ipv6_subnets 
gce: Add IPv6 support to subnet/instances
 2023-03-31 13:43:49 -07:00
Justin SB 98c1109cc6 gce: Add IPv6 support to subnet/instances 
We need to specify StackType & IPv6AccessType
 2023-03-31 09:33:47 -04:00
Justin SB f20e08cab9 GCE FirewallRule: Use an explicit field for ipv4 vs ipv6 
We were previously relying on the name, but the name was "fooled" by
cluster names like ipv6.example.com
 2023-03-31 09:33:29 -04:00
Justin SB d4f3573351 gce: Fix log message about bucket level IAM 
The parameters were the wrong way round.
 2023-03-30 17:16:03 -04:00
Ciprian Hacman 88fd444987 gcp: Update terraform rendering for Target Pool 2023-03-16 08:55:15 +02:00
Ciprian Hacman 1db17ab949 gcp: Update terraform rendering for HTTP Health Check 2023-03-16 08:10:25 +02:00
Justin SB eb7d3c958c gce: When using network native pod IPs, open firewall to apiserver 
If we're not masquerading the pod IPs, we need an explicit firewall
rule for the pods to reach the kube-apiserver.  Normally this is
permitted anyway, but if the apiserver has a locked-down CIDR range
(as the e2e tests do) then we need our own rule.
 2023-03-02 13:15:58 -05:00
Kubernetes Prow Robot 7b4430ff61
Merge pull request #14885 from johngmyers/root-volume 
v1alpha3: Move IG root volume settings to sub-struct
 2023-01-04 18:11:58 -08:00
John Gardiner Myers 1be8be233f Reduce use of cluster topology field 2022-12-30 14:28:47 -08:00
John Gardiner Myers 92958f9966 v1alpha3: Move IG root volume settings to sub-struct 2022-12-26 20:35:26 -08:00
John Gardiner Myers 34d7507f78 v1alpha3: Move some GCE-specific fields to CloudProvider.GCE 2022-12-19 08:28:28 -08:00
John Gardiner Myers 7c3e32369a Refactor Context into separate cloudup and nodeup types 2022-12-17 17:42:46 -08:00
Ciprian Hacman b9f7c2619b gce: Add support for clusters without DNS 2022-12-14 11:09:54 +02:00
Kubernetes Prow Robot e5a835d287
Merge pull request #14706 from johngmyers/v1alpha3-networking 
v1alpha3: move networking fields under networking
 2022-12-05 21:34:38 -08:00
Ciprian Hacman 71d0dfdc21 gce: Allow metrics-server to access kubelet API 2022-12-05 00:20:09 +02:00
Ciprian Hacman 5df9d6eb85 gce: Set AUTOSCALER_ENV_VARS in instance template metadata 2022-12-04 18:25:11 +02:00
John Gardiner Myers 235aa61594 v1alpha3: move networking fields under networking 2022-12-02 19:19:59 -08:00
Ciprian Hacman 21e0110dc2 gce: Allow Cilium to connect to its etcd cluster 2022-11-24 21:03:16 +02:00
John Gardiner Myers de9055b588 Update control-plane terminology in CLI output strings 2022-11-23 21:32:10 -08:00
John Gardiner Myers d39ba74bd7 Change the control-plane IG role to "ControlPlane" in v1alpha3 API 2022-11-22 17:05:29 -08:00
John Gardiner Myers bc36f5b022 Rename ClusterSubnetSpec's ProviderID field to ID 2022-11-20 15:36:54 -08:00
John Gardiner Myers 5fca16aa30 v1alpha3: Move API-related settings under API 2022-11-19 10:27:12 -08:00
Ciprian Hacman d29812fc6e Replace fi.Bool/Float*/Int*/StringValue() with fi.ValueOf 2022-11-19 03:45:23 +02:00
Ciprian Hacman 8f79c9bd68 Replace fi.Bool/Float*/Int*/String() with fi.PtrTo() 2022-11-19 03:45:22 +02:00
John Gardiner Myers 64be690211 Update TopologySpec for v1alpha3 API 2022-11-06 09:10:38 -08:00
Ciprian Hacman dc98c74428 Move Gossip check to cluster struct 2022-10-21 09:48:07 +03:00
justinsb 8e6f73857d gce: memberlist needs TCP also 
The memberlist gossip protocol exchange happens over TCP and UDP, so
we need to open both protocols.
 2022-10-01 17:03:49 -04:00
Ciprian Hacman 5e3e9fabd0 Limit GCE network names to 63 chars 2022-08-17 06:37:26 +03:00
Ivan Volynkin 329c60cc62 Adding GCE SPOT support 2022-07-14 20:19:50 +03:00
Ciprian Hacman 7fbf2705dd Limit GCE router name to 63 chars 2022-07-01 07:37:30 +03:00
Ciprian Hacman 5a8472313f Limit GCE names to 63 chars for various resources 2022-06-30 14:15:17 +03:00
Ciprian Hacman d2e614dd3e Refactor ClusterPrefixedName and ClusterSuffixedName to not return error 2022-06-30 07:59:52 +03:00
Kubernetes Prow Robot ba1d2d2fd6
Merge pull request #13707 from jonasasx/feature/accelerators-from-master 
Adding GuestAccelerators to InstanceTemplate
 2022-06-23 23:21:20 -07:00
Ciprian Hacman 4750fdfc1e Limit GCE ASG labels to 63 chars 2022-06-23 20:38:23 +03:00
Ivan Volynkin 4264d78839 Adding GuestAccelerators to InstanceTemplate 2022-06-23 10:00:02 +03:00
Nat Henderson 9b08c4bb51 Enable internal load balancers when running on GCP 
* Add ILBs, broadly following the AWS model.  The following new
capabilities are added for clusters in GCP:
  * Cluster's spec.api.loadBalancer can be set to 'type: internal' on
    GCP.
    * Therefore, GCP can now create:
        * regional backend services
        * regional (non-legacy) healthchecks
        * firewall rules with "internal" load-balancing scheme
        * firewall rules with dot-notation-specified IP addresses
  * Cluster's spec.api.loadBalancer's 'subnets' field functions
    as in the AWS model.

A few incidental changes are included, either because this change
touched the relevant code or because my use case happened to trigger the
issues that are fixed here.

* Cluster's spec.networkID field can be prefixed by project to use
  GCP's common cross-project networking model.
    * The presumption is that all specified subnets belong to this
      network and therefore this project.

* Add missing operation wait on forwarding rule creation.

* Some Terraform output improvements:
    * Permit no-ACL files in GCS buckets in Terraform output.
    * Enable marginally better cross-resource reference in Terraform outputs
    * Add project to network + subnetwork literals in Terraform output.
    * Add terraform output to backend services and health checks.

Testing:
  * Add mocks for backend services and health checks.
  * Add minimal integration test - copied from gce_private and ilb added.
  * Add update cluster goldens.

Co-authored-by: Travis Reid <travis_reid@apple.com>
 2022-04-25 13:31:47 -07:00
Peter Rifel 0481aebc2d
Trim GCE Subnet and Disk names 2022-04-21 17:40:29 -05:00
Peter Rifel 0e59715e15
Trim GCE firewall rule names to their max length 2022-04-18 18:40:39 -05:00
Ole Markus With ce2e877aeb Remove bazel files from vendor 2022-04-12 13:29:03 +02:00
Jesse Haka 617b439b38 Fix GCE service account creation 2022-03-01 11:59:42 +02:00
Kubernetes Prow Robot 02dc9dd8b3
Merge pull request #13201 from zetaab/removesa 
cleanup GCP Cluster Service Accounts
 2022-02-23 04:24:19 -08:00
Jesse Haka 67beb3fef5 add const 2022-02-23 10:52:08 +02:00
Jesse Haka 3e505a559e add missing import 2022-02-07 21:35:01 +02:00
Jesse Haka 180c3ae475
Update pkg/model/gcemodel/api_loadbalancer.go 
Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2022-02-07 21:32:05 +02:00
Jesse Haka d3fac0c1be GCP API health checks 2022-02-03 21:02:21 +02:00
John Gardiner Myers 5385381633 Use IPv6-only subnets for worker nodes in private IPv6 topology 2022-01-06 21:00:00 -08:00
justinsb 93a6871e9b gce: don't set per-IG permissions when using shared account 
If we're using a cluster-level service-account, we shouldn't try to
set bucket permissions on a per-IG level.

For compatibility with the existing behavior, we simply don't set any
permissions in this case.
 2021-12-28 10:10:16 -05:00