kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
19,806 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

278 Commits

Author SHA1 Message Date
Nicolas Sterchele a23ca78c58
fixup! aws-ebs-csi-driver: remove preStop hook 2022-08-03 07:55:26 +02:00
Ole Markus With 8bcc640452 Make Karpenter respect IG's spec.Subnets 
This will add tag all subnets with the IGs using that subnet

Update docs/operations/karpenter.md

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2022-08-01 21:06:24 +02:00
Ciprian Hacman 4dee7dd9a2
Release 1.25.0-alpha.2 (#14070) 2022-07-29 11:31:11 -07:00
Ciprian Hacman 45012d83bf Run hack/update-expected.sh 2022-07-27 21:55:34 +03:00
Ciprian Hacman 7b99594f39 Run hack/update-expected.sh 2022-07-18 06:36:23 +03:00
Peter Rifel 7ffedef3a4
./hack/update-expected.sh 2022-07-11 20:54:30 -06:00
Nicolas Sterchele 73b6ed4150
aws: introduce maximum instance lifetime in cluster 
The maximum instance lifetime is an AWS only feature and specifies the
maximum amount of time (in seconds) that an instance can be in service
before it is terminated and replaced.
A common use case might be a requirement to replace your instances on a
schedule because of internal security policies or external compliance
controls.
 2022-07-04 20:38:33 +02:00
Ciprian Hacman 50db0701b5 Run hack/update-expected.sh 2022-07-02 11:38:24 +03:00
Reilly Brogan f3a421d600 Update Cilium to 1.11.6 2022-06-29 13:18:21 -05:00
Ciprian Hacman 4b637db62b
Release 1.25.0-alpha.1 (#13912) 
* Release 1.25.0-alpha.1

* Squash release commit for more clarity
 2022-06-29 05:32:06 -07:00
Ciprian Hacman 59c5801c94 Run hack/update-expected.sh 2022-06-28 12:38:32 +03:00
Ciprian Hacman 11870286e0 Run hack/update-expected.sh 2022-06-18 09:01:23 +03:00
Ciprian Hacman 911f4a133c Run hack/update-expected.sh 2022-06-10 14:03:16 +03:00
Kubernetes Prow Robot d56cce25d0
Merge pull request #13750 from julienperignon/master 
Fix API group name for ingresses in DNS Controller
 2022-06-10 02:59:46 -07:00
Ciprian Hacman 88122d67c3 Run hack/update-expected.sh 2022-06-10 09:55:15 +03:00
Julien Perignon bf825b72f1 Update after running hack/update-expected.sh 2022-06-09 01:03:57 +10:00
Ciprian Hacman 9a591b2aa7 Run hack/update-expected.sh 2022-06-07 09:16:54 +03:00
Ciprian Hacman f95ef569a1
Release 1.24.0-beta.1 (#13730) 2022-06-04 07:10:20 -07:00
Peter Rifel 5c8e34f669
Migrate EBS CSI images back to registry.k8s.io 2022-06-02 11:34:30 -05:00
Ole Markus With 7981f6fa25 Bump coredns to 1.8.6 2022-05-22 09:30:02 +02:00
Ciprian Hacman 97b5795edb
Release 1.24.0-alpha.5 (#13675) 2022-05-21 09:10:00 -07:00
Ole Markus With 6471f2ce0b Bump EBS CSI driver to 1.6.2 2022-05-20 21:46:47 +02:00
Kubernetes Prow Robot 39f566edbf
Merge pull request #13666 from olemarkus/cilium-bump-124 
Bump Cilium to 1.11.5
 2022-05-18 16:24:14 -07:00
Ole Markus With 2d50b9ff2c Bump Cilium to 1.11.5 
Since this introduced some backwards breaking RBAC changes, the manifest got forked
 2022-05-18 21:44:19 +02:00
Ole Markus With f849ea01c9 Bump EBS CSI driver to 1.6.1 2022-05-18 20:46:47 +02:00
Jesse Haka a5c9dddc48 fix test data 2022-05-15 23:30:41 +03:00
Ciprian Hacman 68469601cd
Release 1.24.0-alpha.4 (#13631) 2022-05-11 02:36:52 -07:00
Ciprian Hacman 007b50cc89 Run hack/update-expected.sh 2022-05-03 20:05:38 +03:00
Ole Markus With 6df6857ad5 Bump cilium to 1.11.4 2022-05-02 13:26:00 +02:00
Ciprian Hacman 75fac81273 Run hack/update-expected.sh 2022-05-02 10:33:26 +03:00
Peter Rifel 66817eee4b
./hack/update-expected.sh 2022-04-27 22:17:29 -05:00
Ole Markus With 227dde3ce7 Update expected 2022-04-18 13:56:13 +02:00
justinsb 74397b2a4f Update to etcd-manager 3.0.20220417 
In particular we want to pick up changes addressing the potential
corruption found in 3.5.0 - 3.5.2:

* Use etcd 3.5.3
* Pass the ETCD_EXPERIMENTAL_INITIAL_CORRUPT_CHECK for all 3.5 series
 2022-04-17 10:29:01 -04:00
Ciprian Hacman 18d45a2994 Run hack/update-expected.sh 2022-04-13 16:49:09 +03:00
Ole Markus With 1fadc39a59 Add PDB for cilium operator 2022-04-09 07:06:59 +02:00
Kubernetes Prow Robot f32503e413
Merge pull request #12919 from olemarkus/cilium-11-default 
Use Cilium 1.11 as default
 2022-04-06 04:18:56 -07:00
Ole Markus With 79d9fa6aa7 Don't run the CSI snapshot plugin if snapshot controller is not installed 2022-04-02 21:51:20 +02:00
Ole Markus With 3d77ab6139 Use Cilium 1.11 as default 2022-03-29 12:58:24 +02:00
Bronson Mirafuentes e112d81025
Release 1.24.0-alpha.3 (#13372) 
Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
 2022-03-18 21:09:12 -07:00
Ciprian Hacman 30404d64a2 Run hack/update-expected.sh 
Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
 2022-03-18 09:01:59 +02:00
Ole Markus With d7cb3bb1f7 Add user to container securityContext and remove command 2022-03-07 15:09:51 +01:00
AkiraFukushima e5cf940d53
Add managed-by label to addon pods 2022-02-20 18:33:51 +09:00
Ole Markus With 7132486ebf hack update-expected 2022-02-11 20:51:42 +01:00
Ole Markus With 66e3202f34 Fix CSI migration feature gates 
We had a bug for KCM feature gate, and the scheuler and apiserver gate was missing entirely.
 2022-02-04 15:29:28 +01:00
justinsb 4f89c2e689 Update expected test output for etcd-manager bump 2022-02-03 11:21:54 -05:00
Ole Markus With 6327cc378f Fix etcd-manager for ipv6 2022-02-03 12:59:26 +01:00
Ole Markus With af4d69cab3 Use etcd-manager pre-release until final release has been cut 2022-02-02 13:10:32 +01:00
Ole Markus With 994588c0fd Bump etcd-manager to v3.0.20220128 2022-01-30 07:13:32 +01:00
Ole Markus With 9d476c0e9c Add CreateSecurityGroup permission for vpcs 2022-01-20 17:49:36 +01:00
Ole Markus With 666cf710a2 Push partition into the policy struct 2022-01-20 17:49:36 +01:00
Ole Markus With 0a082fed12 Require tag on create for external AWS CCM 2022-01-20 15:32:46 +01:00
Ciprian Hacman df29b6e406 Run hack/update-expected.sh 
Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
 2022-01-19 13:00:36 +02:00
Kubernetes Prow Robot 4eb54f2260
Merge pull request #13114 from olemarkus/nodeup-describe-regions 
Add DescribeRegions to nodeup privs
 2022-01-18 22:14:05 -08:00
Ole Markus With b80488906f Add DescribeRegions to nodeup privs 2022-01-17 09:34:29 +01:00
Ole Markus With f4e538508f Create helper function for ec2 create/tag-on-create IAM permissions 2022-01-14 18:41:28 +01:00
Kubernetes Prow Robot 4ffc83d811
Merge pull request #13028 from rifelpet/ipv6-tf 
Extend terraform support for IPv6
 2022-01-06 17:08:30 -08:00
John Gardiner Myers d5ac8862d5 Release 1.24.0-alpha.2 2022-01-01 10:35:11 -08:00
Peter Rifel 23686f0ead
./hack/update-expected.sh 2021-12-25 08:38:22 -06:00
Kubernetes Prow Robot 2f31054e19
Merge pull request #13007 from hakman/skip_non-masquerade-cidr 
Use kubelet --non-masquerade-cidr only for Docker with kubenet
 2021-12-21 18:49:36 -08:00
justinsb e8ddfa4328 Update test data for bash return change 2021-12-20 10:12:07 -05:00
Ole Markus With 1ee6f347c5 Use spread constraints rather than affinity to spread pods (golden outputs) 2021-12-20 09:37:45 +01:00
Ciprian Hacman b20dfe162a Run hack/update-expected.sh 2021-12-20 08:47:25 +02:00
Ole Markus With 57fd343e1d Make service topology for cilium configurable 2021-12-12 07:54:21 +01:00
Ciprian Hacman f5f35ab755
Release 1.24.0-alpha.1 (#12928) 2021-12-11 00:01:57 -08:00
Ciprian Hacman 473018f64f
Release 1.23.0-beta.1 (#12924) 2021-12-10 22:31:58 -08:00
Kubernetes Prow Robot cfa4629ce0
Merge pull request #12915 from heybronson/dns-pdb 
Set DNS PDB to a maxUnavailable percentage
 2021-12-09 12:51:04 -08:00
Bronson Mirafuentes ed7d287052 set dns pdb to 50% maxUnavailable 2021-12-09 08:57:33 -08:00
John Gardiner Myers 0775a4ee20 hack/update-expected.sh 2021-12-06 21:11:49 -08:00
John Gardiner Myers c23f40aea1 hack/update-expected.sh 2021-12-02 21:04:13 -08:00
Ole Markus With f2f9b9dcbb Determine hostnameOverride entirely in nodeup instead of passing in cloud placeholders from cloudup 2021-11-30 13:29:54 +01:00
Ciprian Hacman f740f0d493 Run hack/update-expected.sh 2021-11-25 11:32:12 +02:00
Ole Markus With b420f3c58d Bump EBS CSI driver to 1.5.0 2021-11-23 19:46:08 +01:00
Gabriel Martinez 881bc5ca44
Add missing namespace for aws-ebs-csi-driver pdb template 
Signed-off-by: Gabriel Martinez <gabrielmartinez@sisti.pt>
 2021-11-23 10:16:58 +00:00
Ole Markus With 739350a4b5 Bump cilium to 1.10.5 2021-11-22 11:52:08 +01:00
justinsb e0b786a254 Update golden test output 2021-11-19 11:02:19 -05:00
Kubernetes Prow Robot ec9c277259
Merge pull request #12783 from olemarkus/bump-nodelocaldns-23 
Bump node local dns cache
 2021-11-18 16:58:51 -08:00
Ole Markus With 3983017ac6 Bump node local dns cache 2021-11-18 20:51:37 +01:00
justinsb 7995e8cc28 Update test data for etcd-manager bump 2021-11-18 11:49:14 -05:00
Ciprian Hacman 7d34232b4c Run hack/update-expected.sh 2021-11-18 07:58:44 +02:00
Kubernetes Prow Robot b47e023b1e
Merge pull request #12680 from rifelpet/fix-iam-conditions 
Fix ELB IAM conditions (part 2)
 2021-11-03 23:34:03 -07:00
Peter Rifel af426a272b
./hack/update-expected.sh 2021-11-03 22:17:41 -05:00
Peter Rifel c3e8420731
Revert "Move some AWS IAM policy actions from tagged conditions to wildcard" 
This reverts commit 91e4767851.
 2021-11-03 21:59:43 -05:00
Kubernetes Prow Robot 1e97b0cf76
Merge pull request #12674 from rifelpet/fix-iam-conditions 
Remove tag conditions on certain AWS IAM actions
 2021-11-03 02:24:59 -07:00
Peter Rifel a8f7fee499
./hack/update-expected.sh 2021-11-02 20:21:37 -05:00
Peter Rifel 91e4767851
Move some AWS IAM policy actions from tagged conditions to wildcard 
I checked these against the IAM docs for each API and moved the actions that dont support tag conditions:
https://docs.aws.amazon.com/service-authorization/latest/reference/list_elasticloadbalancing.html#elasticloadbalancing-actions-as-permissions
https://docs.aws.amazon.com/service-authorization/latest/reference/list_elasticloadbalancingv2.html#elasticloadbalancingv2-actions-as-permissions
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html#amazonec2-actions-as-permissions
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2autoscaling.html#amazonec2autoscaling-actions-as-permissions
 2021-11-02 20:06:35 -05:00
Peter Rifel dede42efd2
Fix cluster name used in IAM policies 2021-11-02 17:39:57 -05:00
Peter Rifel df902cca65
Enable lifecycle hook in integration test 2021-11-02 17:38:23 -05:00
John Gardiner Myers 3a97dbaa8d Release 1.23.0-alpha.2 2021-10-31 13:46:07 -07:00
John Gardiner Myers 1ec56c509e hack/update-expected.sh 2021-10-30 13:28:39 -07:00
Peter Rifel 8dc11bdba9
./hack/update-expected.sh 2021-10-29 23:08:28 -05:00
John Gardiner Myers 7b5fdc7c43 Update automatically generated files 2021-10-27 23:40:02 -07:00
John Gardiner Myers ad6235e428 Update automatically generated files 2021-10-26 16:12:50 -07:00
Ole Markus With 795ac25363 Add permissions needed for KCM to provision NLBs 2021-10-26 08:51:28 +02:00
Peter Rifel e5ca2d1cd6
./hack/update-expected.sh 2021-10-20 15:15:36 -07:00
Ole Markus With 11e68308d1 Disable CNP status updates by default 2021-10-20 14:01:48 +02:00
Kubernetes Prow Robot f8a8c015ef
Merge pull request #12524 from dntosas/cilium-bpf-lb-sock-hostns-only 
[cilium] Add support for bpf-lb-sock-hostns-only field
 2021-10-19 03:56:38 -07:00
Peter Rifel 13e1fef44a
./hack/update-expected.sh 2021-10-12 14:44:25 -07:00
dntosas 7296597a17
[cilium] Add support for bpf-lb-sock-hostns-only field 
This is a needed configuration option for users that want to combine
Cilium alongside with a ServiceMesh. Cilium by default will LB requests
at CNI layer meaning that the Sidecars of ServiceMesh Proxy are not able
to apply LB by themselves thus loosing the capability of applying their
features for traffic management.

Ref issue: https://github.com/istio/istio/issues/35531

Signed-off-by: dntosas <ntosas@gmail.com>
 2021-10-12 08:33:57 +03:00
Ciprian Hacman 02df1dea7d Run hack/update-expected.sh 2021-10-11 10:12:12 +03:00
Ciprian Hacman efe21a8d1b Run hack/update-expected.sh 2021-10-07 13:25:37 +03:00
Ciprian Hacman ff03aed9c5 Run hack/update-expected.sh 2021-10-04 22:25:16 +03:00
Ciprian Hacman 729f983c50 Run hack/update-expected.sh 2021-10-04 20:23:16 +03:00
John Gardiner Myers 04933ade4f hack/update-expected.sh 2021-10-02 21:53:37 -07:00
John Gardiner Myers 0febb373a7 hack/update-expected.sh 2021-10-02 21:36:59 -07:00
Ciprian Hacman 2622964491 Run hack/update-expected.sh 2021-10-02 07:07:38 +03:00
Kubernetes Prow Robot 8449d605bd
Merge pull request #12416 from olemarkus/channel-versions 
Add fixed version to all addons
 2021-09-30 12:21:15 -07:00
Peter Rifel 724804025b
./hack/update-expected.sh 2021-09-30 09:20:33 -05:00
Ole Markus With e7a5437a34 Add fixed version to all addons 
This will make also older channels trigger addon updates
 2021-09-30 15:25:29 +02:00
Ole Markus With 39178703c8 Mount cgroupv2 for cilium at a custom location 2021-09-27 19:29:36 +02:00
Kubernetes Prow Robot ef22270b3f
Merge pull request #12394 from ReillyBrogan/reilly/ciliumBidirectionalMount 
Add bidirectional BPF mount for Cilium >= 1.9.10 or >= 1.10.4
 2021-09-25 09:42:21 -07:00
Reilly Brogan 9c6bf83c93 Update Cilium to 1.10.4 
- Release notes available [here](https://github.com/cilium/cilium/releases/tag/v1.10.4)
 2021-09-23 13:08:57 -05:00
Reilly Brogan bce435da1c Add bidirectional BPF mount for Cilium >= 1.9.10 or >= 1.10.4 
- Cilium versions 1.10.4 and 1.9.10 now auto-mount the bpf file-system automatically
- Also remove redundant capabilities (these are already automatically granted by virtue of this being a privileged container)
 2021-09-23 13:01:58 -05:00
Peter Rifel ca044455a3
Remove critical-pod scheduler annotation. 
This is no longer recognized in all supported k8s versions (1.16+)

ea07644522/CHANGELOG/CHANGELOG-1.16.md (deprecations-and-removals)
 2021-09-22 21:14:50 -05:00
Ole Markus With f06fcc5af2 Add specific taints to dns-controller. 
Also set kops-controller as cluster critical, not node critical
 2021-09-22 16:40:08 +02:00
Kubernetes Prow Robot 8ab1f8bbc4
Merge pull request #12355 from justinsb/gate_ipv6_permissions 
Only add IPv6 IAM permissions if using IPv6
 2021-09-19 00:54:08 -07:00
justinsb db1ba01e94 Only add IPv6 IAM permissions if using IPv6 
This avoids users wondering what these permissions are for until we
need them.
 2021-09-18 13:49:40 -04:00
Peter Rifel 476eb96970
./hack/update-expected.sh 2021-09-17 18:08:59 -05:00
Peter Rifel 5247bb8cc2
./hack/update-expected.sh 2021-09-16 20:04:36 -05:00
Ole Markus With 1323ed9040 Add more tolerations to kops-controller and CCM . 
CCM and kops-controller taint each other out. This will make them
schedule, and schedule earlier.
 2021-09-16 21:09:45 +02:00
Ole Markus With a3a2a9c3bf Have nodeup assign an ipv6 prefix 2021-09-16 19:28:07 +02:00
Kubernetes Prow Robot 1b431b4c9c
Merge pull request #11628 from olemarkus/gpu-runtime 
Pre-install nvidia container runtime + drivers on GPU instances
 2021-09-11 13:00:07 -07:00
Ole Markus With bba3c3abfe Bump aws ebs csi driver to 1.2.1 2021-09-11 14:15:31 +02:00
Ole Markus With 4ab75b01cb Have instances learn about their GPU capabilities 2021-09-05 20:09:04 +02:00
Kubernetes Prow Robot d06394def8
Merge pull request #12268 from olemarkus/fix-core 
Fix core manifest
 2021-09-05 00:57:19 -07:00
Ole Markus With dac7002b39 Fix core manifest 2021-09-04 12:49:59 +02:00
Ole Markus With 1c53e37491 Disable masquerade means disable masquerade if ipv6 too 2021-09-04 08:54:16 +02:00
Kubernetes Prow Robot c70ced2f66
Merge pull request #12219 from dntosas/nodelocaldns-bump-version 
[addons/node-local-dns] Bump version and make image field configurable
 2021-09-01 04:54:59 -07:00
dntosas f558f2441a
[addons/nodelocaldns] Bump image to latest stable v1.20.0 
As per
 3b17e06879,
 node-local-dns addon is now builded with latest coreDNS base v1.8 and
 that brings great consistency between cache and upstream servers in a
 manner of configuration, metrics name convention, etc.

 So in this commit, we bump node-local-dns image to latest v1.20.0 which
 is build upon latest coreDNS and also add support for overriding this
 field.

Signed-off-by: dntosas <ntosas@gmail.com>
 2021-08-31 14:07:19 +03:00
John Gardiner Myers 01dd7d562e hack/update-expected.sh 2021-08-29 14:19:02 -07:00
John Gardiner Myers 1ea4168cab Release 1.23.0-alpha.1 2021-08-27 21:12:45 -07:00
Ole Markus With 41c3ff2aac Make external dns provider configurable 2021-08-27 06:28:02 +02:00
Ole Markus With 38f805c5ef Make external-dns a drop-in for dns-controller 
Support TXT records
 2021-08-27 06:24:47 +02:00
Peter Rifel 3db20bed01
./hack/update-expected.sh 2021-08-20 08:41:25 -05:00
Ole Markus With caf46fef6a Bump AWS CSI Driver to 1.2.0 2021-08-13 11:14:05 +02:00
Ole Markus With 133eb1f7ba Bump cilium to 1.10.3 2021-08-12 21:12:25 +02:00
Peter Rifel 0789a5ad9c
./hack/update-expected.sh 2021-08-08 15:54:27 -04:00
Ole Markus With ce86d851aa IRSA support for CCM 
Update pkg/model/components/addonmanifests/awscloudcontroller/iam.go

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-08-07 10:27:36 +02:00
Ciprian Hacman 92ab49cdfb Update Docker to v20.10.8 2021-08-04 06:19:43 +03:00
Kubernetes Prow Robot a9207f4a6c
Merge pull request #12087 from johngmyers/sha256-manifest 
Use SHA-256 for manifest hashes
 2021-08-01 21:55:23 -07:00
John Gardiner Myers d6a159a258 hack/update-expected.sh 2021-08-01 16:42:14 -07:00
Ciprian Hacman 541d328812 Update containerd to v1.4.9 2021-07-30 07:30:42 +03:00
Ciprian Hacman fc3a103baf Update core-dns to v1.8.4 2021-07-29 08:23:35 +03:00
Ciprian Hacman b6464658d4 Update containerd to v1.4.8 2021-07-29 05:27:10 +03:00
John Gardiner Myers 80eb3c42ac hack/update-expected.sh 2021-07-23 14:11:10 -07:00
Ciprian Hacman 4d7ebd343c
Release 1.22.0-alpha.2 (#12012) 2021-07-17 21:42:51 -07:00
Kubernetes Prow Robot 14de757bca
Merge pull request #11991 from olemarkus/refactor-iam 
Dedicated function for ccm permissons
 2021-07-16 13:06:10 -07:00
Ole Markus With f0390eda29 Dedicated function for ccm permissons 
Update pkg/model/iam/iam_builder.go

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2021-07-16 19:39:57 +02:00
John Gardiner Myers 10692bc2f4 hack/update-expected.sh 2021-07-14 08:19:10 -07:00
Ole Markus With c17ec3a7e7 Move containerd config from cloudup to nodeup 2021-07-14 10:28:37 +02:00
John Gardiner Myers e185c8148d hack/update-expected.sh 2021-07-11 11:16:11 -07:00