kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
19,806 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

278 Commits

Author SHA1 Message Date
Ole Markus With 0a082fed12 Require tag on create for external AWS CCM 2022-01-20 15:32:46 +01:00
Ciprian Hacman df29b6e406 Run hack/update-expected.sh 
Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
 2022-01-19 13:00:36 +02:00
Kubernetes Prow Robot 4eb54f2260
Merge pull request #13114 from olemarkus/nodeup-describe-regions 
Add DescribeRegions to nodeup privs
 2022-01-18 22:14:05 -08:00
Ole Markus With b80488906f Add DescribeRegions to nodeup privs 2022-01-17 09:34:29 +01:00
Ole Markus With f4e538508f Create helper function for ec2 create/tag-on-create IAM permissions 2022-01-14 18:41:28 +01:00
Kubernetes Prow Robot 4ffc83d811
Merge pull request #13028 from rifelpet/ipv6-tf 
Extend terraform support for IPv6
 2022-01-06 17:08:30 -08:00
John Gardiner Myers d5ac8862d5 Release 1.24.0-alpha.2 2022-01-01 10:35:11 -08:00
Peter Rifel 23686f0ead
./hack/update-expected.sh 2021-12-25 08:38:22 -06:00
Kubernetes Prow Robot 2f31054e19
Merge pull request #13007 from hakman/skip_non-masquerade-cidr 
Use kubelet --non-masquerade-cidr only for Docker with kubenet
 2021-12-21 18:49:36 -08:00
justinsb e8ddfa4328 Update test data for bash return change 2021-12-20 10:12:07 -05:00
Ole Markus With 1ee6f347c5 Use spread constraints rather than affinity to spread pods (golden outputs) 2021-12-20 09:37:45 +01:00
Ciprian Hacman b20dfe162a Run hack/update-expected.sh 2021-12-20 08:47:25 +02:00
Ole Markus With 57fd343e1d Make service topology for cilium configurable 2021-12-12 07:54:21 +01:00
Ciprian Hacman f5f35ab755
Release 1.24.0-alpha.1 (#12928) 2021-12-11 00:01:57 -08:00
Ciprian Hacman 473018f64f
Release 1.23.0-beta.1 (#12924) 2021-12-10 22:31:58 -08:00
Kubernetes Prow Robot cfa4629ce0
Merge pull request #12915 from heybronson/dns-pdb 
Set DNS PDB to a maxUnavailable percentage
 2021-12-09 12:51:04 -08:00
Bronson Mirafuentes ed7d287052 set dns pdb to 50% maxUnavailable 2021-12-09 08:57:33 -08:00
John Gardiner Myers 0775a4ee20 hack/update-expected.sh 2021-12-06 21:11:49 -08:00
John Gardiner Myers c23f40aea1 hack/update-expected.sh 2021-12-02 21:04:13 -08:00
Ole Markus With f2f9b9dcbb Determine hostnameOverride entirely in nodeup instead of passing in cloud placeholders from cloudup 2021-11-30 13:29:54 +01:00
Ciprian Hacman f740f0d493 Run hack/update-expected.sh 2021-11-25 11:32:12 +02:00
Ole Markus With b420f3c58d Bump EBS CSI driver to 1.5.0 2021-11-23 19:46:08 +01:00
Gabriel Martinez 881bc5ca44
Add missing namespace for aws-ebs-csi-driver pdb template 
Signed-off-by: Gabriel Martinez <gabrielmartinez@sisti.pt>
 2021-11-23 10:16:58 +00:00
Ole Markus With 739350a4b5 Bump cilium to 1.10.5 2021-11-22 11:52:08 +01:00
justinsb e0b786a254 Update golden test output 2021-11-19 11:02:19 -05:00
Kubernetes Prow Robot ec9c277259
Merge pull request #12783 from olemarkus/bump-nodelocaldns-23 
Bump node local dns cache
 2021-11-18 16:58:51 -08:00
Ole Markus With 3983017ac6 Bump node local dns cache 2021-11-18 20:51:37 +01:00
justinsb 7995e8cc28 Update test data for etcd-manager bump 2021-11-18 11:49:14 -05:00
Ciprian Hacman 7d34232b4c Run hack/update-expected.sh 2021-11-18 07:58:44 +02:00
Kubernetes Prow Robot b47e023b1e
Merge pull request #12680 from rifelpet/fix-iam-conditions 
Fix ELB IAM conditions (part 2)
 2021-11-03 23:34:03 -07:00
Peter Rifel af426a272b
./hack/update-expected.sh 2021-11-03 22:17:41 -05:00
Peter Rifel c3e8420731
Revert "Move some AWS IAM policy actions from tagged conditions to wildcard" 
This reverts commit 91e4767851.
 2021-11-03 21:59:43 -05:00
Kubernetes Prow Robot 1e97b0cf76
Merge pull request #12674 from rifelpet/fix-iam-conditions 
Remove tag conditions on certain AWS IAM actions
 2021-11-03 02:24:59 -07:00
Peter Rifel a8f7fee499
./hack/update-expected.sh 2021-11-02 20:21:37 -05:00
Peter Rifel 91e4767851
Move some AWS IAM policy actions from tagged conditions to wildcard 
I checked these against the IAM docs for each API and moved the actions that dont support tag conditions:
https://docs.aws.amazon.com/service-authorization/latest/reference/list_elasticloadbalancing.html#elasticloadbalancing-actions-as-permissions
https://docs.aws.amazon.com/service-authorization/latest/reference/list_elasticloadbalancingv2.html#elasticloadbalancingv2-actions-as-permissions
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html#amazonec2-actions-as-permissions
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2autoscaling.html#amazonec2autoscaling-actions-as-permissions
 2021-11-02 20:06:35 -05:00
Peter Rifel dede42efd2
Fix cluster name used in IAM policies 2021-11-02 17:39:57 -05:00
Peter Rifel df902cca65
Enable lifecycle hook in integration test 2021-11-02 17:38:23 -05:00
John Gardiner Myers 3a97dbaa8d Release 1.23.0-alpha.2 2021-10-31 13:46:07 -07:00
John Gardiner Myers 1ec56c509e hack/update-expected.sh 2021-10-30 13:28:39 -07:00
Peter Rifel 8dc11bdba9
./hack/update-expected.sh 2021-10-29 23:08:28 -05:00
John Gardiner Myers 7b5fdc7c43 Update automatically generated files 2021-10-27 23:40:02 -07:00
John Gardiner Myers ad6235e428 Update automatically generated files 2021-10-26 16:12:50 -07:00
Ole Markus With 795ac25363 Add permissions needed for KCM to provision NLBs 2021-10-26 08:51:28 +02:00
Peter Rifel e5ca2d1cd6
./hack/update-expected.sh 2021-10-20 15:15:36 -07:00
Ole Markus With 11e68308d1 Disable CNP status updates by default 2021-10-20 14:01:48 +02:00
Kubernetes Prow Robot f8a8c015ef
Merge pull request #12524 from dntosas/cilium-bpf-lb-sock-hostns-only 
[cilium] Add support for bpf-lb-sock-hostns-only field
 2021-10-19 03:56:38 -07:00
Peter Rifel 13e1fef44a
./hack/update-expected.sh 2021-10-12 14:44:25 -07:00
dntosas 7296597a17
[cilium] Add support for bpf-lb-sock-hostns-only field 
This is a needed configuration option for users that want to combine
Cilium alongside with a ServiceMesh. Cilium by default will LB requests
at CNI layer meaning that the Sidecars of ServiceMesh Proxy are not able
to apply LB by themselves thus loosing the capability of applying their
features for traffic management.

Ref issue: https://github.com/istio/istio/issues/35531

Signed-off-by: dntosas <ntosas@gmail.com>
 2021-10-12 08:33:57 +03:00
Ciprian Hacman 02df1dea7d Run hack/update-expected.sh 2021-10-11 10:12:12 +03:00
Ciprian Hacman efe21a8d1b Run hack/update-expected.sh 2021-10-07 13:25:37 +03:00
Ciprian Hacman ff03aed9c5 Run hack/update-expected.sh 2021-10-04 22:25:16 +03:00
Ciprian Hacman 729f983c50 Run hack/update-expected.sh 2021-10-04 20:23:16 +03:00
John Gardiner Myers 04933ade4f hack/update-expected.sh 2021-10-02 21:53:37 -07:00
John Gardiner Myers 0febb373a7 hack/update-expected.sh 2021-10-02 21:36:59 -07:00
Ciprian Hacman 2622964491 Run hack/update-expected.sh 2021-10-02 07:07:38 +03:00
Kubernetes Prow Robot 8449d605bd
Merge pull request #12416 from olemarkus/channel-versions 
Add fixed version to all addons
 2021-09-30 12:21:15 -07:00
Peter Rifel 724804025b
./hack/update-expected.sh 2021-09-30 09:20:33 -05:00
Ole Markus With e7a5437a34 Add fixed version to all addons 
This will make also older channels trigger addon updates
 2021-09-30 15:25:29 +02:00
Ole Markus With 39178703c8 Mount cgroupv2 for cilium at a custom location 2021-09-27 19:29:36 +02:00
Kubernetes Prow Robot ef22270b3f
Merge pull request #12394 from ReillyBrogan/reilly/ciliumBidirectionalMount 
Add bidirectional BPF mount for Cilium >= 1.9.10 or >= 1.10.4
 2021-09-25 09:42:21 -07:00
Reilly Brogan 9c6bf83c93 Update Cilium to 1.10.4 
- Release notes available [here](https://github.com/cilium/cilium/releases/tag/v1.10.4)
 2021-09-23 13:08:57 -05:00
Reilly Brogan bce435da1c Add bidirectional BPF mount for Cilium >= 1.9.10 or >= 1.10.4 
- Cilium versions 1.10.4 and 1.9.10 now auto-mount the bpf file-system automatically
- Also remove redundant capabilities (these are already automatically granted by virtue of this being a privileged container)
 2021-09-23 13:01:58 -05:00
Peter Rifel ca044455a3
Remove critical-pod scheduler annotation. 
This is no longer recognized in all supported k8s versions (1.16+)

ea07644522/CHANGELOG/CHANGELOG-1.16.md (deprecations-and-removals)
 2021-09-22 21:14:50 -05:00
Ole Markus With f06fcc5af2 Add specific taints to dns-controller. 
Also set kops-controller as cluster critical, not node critical
 2021-09-22 16:40:08 +02:00
Kubernetes Prow Robot 8ab1f8bbc4
Merge pull request #12355 from justinsb/gate_ipv6_permissions 
Only add IPv6 IAM permissions if using IPv6
 2021-09-19 00:54:08 -07:00
justinsb db1ba01e94 Only add IPv6 IAM permissions if using IPv6 
This avoids users wondering what these permissions are for until we
need them.
 2021-09-18 13:49:40 -04:00
Peter Rifel 476eb96970
./hack/update-expected.sh 2021-09-17 18:08:59 -05:00
Peter Rifel 5247bb8cc2
./hack/update-expected.sh 2021-09-16 20:04:36 -05:00
Ole Markus With 1323ed9040 Add more tolerations to kops-controller and CCM . 
CCM and kops-controller taint each other out. This will make them
schedule, and schedule earlier.
 2021-09-16 21:09:45 +02:00
Ole Markus With a3a2a9c3bf Have nodeup assign an ipv6 prefix 2021-09-16 19:28:07 +02:00
Kubernetes Prow Robot 1b431b4c9c
Merge pull request #11628 from olemarkus/gpu-runtime 
Pre-install nvidia container runtime + drivers on GPU instances
 2021-09-11 13:00:07 -07:00
Ole Markus With bba3c3abfe Bump aws ebs csi driver to 1.2.1 2021-09-11 14:15:31 +02:00
Ole Markus With 4ab75b01cb Have instances learn about their GPU capabilities 2021-09-05 20:09:04 +02:00
Kubernetes Prow Robot d06394def8
Merge pull request #12268 from olemarkus/fix-core 
Fix core manifest
 2021-09-05 00:57:19 -07:00
Ole Markus With dac7002b39 Fix core manifest 2021-09-04 12:49:59 +02:00
Ole Markus With 1c53e37491 Disable masquerade means disable masquerade if ipv6 too 2021-09-04 08:54:16 +02:00
Kubernetes Prow Robot c70ced2f66
Merge pull request #12219 from dntosas/nodelocaldns-bump-version 
[addons/node-local-dns] Bump version and make image field configurable
 2021-09-01 04:54:59 -07:00
dntosas f558f2441a
[addons/nodelocaldns] Bump image to latest stable v1.20.0 
As per
 3b17e06879,
 node-local-dns addon is now builded with latest coreDNS base v1.8 and
 that brings great consistency between cache and upstream servers in a
 manner of configuration, metrics name convention, etc.

 So in this commit, we bump node-local-dns image to latest v1.20.0 which
 is build upon latest coreDNS and also add support for overriding this
 field.

Signed-off-by: dntosas <ntosas@gmail.com>
 2021-08-31 14:07:19 +03:00
John Gardiner Myers 01dd7d562e hack/update-expected.sh 2021-08-29 14:19:02 -07:00
John Gardiner Myers 1ea4168cab Release 1.23.0-alpha.1 2021-08-27 21:12:45 -07:00
Ole Markus With 41c3ff2aac Make external dns provider configurable 2021-08-27 06:28:02 +02:00
Ole Markus With 38f805c5ef Make external-dns a drop-in for dns-controller 
Support TXT records
 2021-08-27 06:24:47 +02:00
Peter Rifel 3db20bed01
./hack/update-expected.sh 2021-08-20 08:41:25 -05:00
Ole Markus With caf46fef6a Bump AWS CSI Driver to 1.2.0 2021-08-13 11:14:05 +02:00
Ole Markus With 133eb1f7ba Bump cilium to 1.10.3 2021-08-12 21:12:25 +02:00
Peter Rifel 0789a5ad9c
./hack/update-expected.sh 2021-08-08 15:54:27 -04:00
Ole Markus With ce86d851aa IRSA support for CCM 
Update pkg/model/components/addonmanifests/awscloudcontroller/iam.go

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-08-07 10:27:36 +02:00
Ciprian Hacman 92ab49cdfb Update Docker to v20.10.8 2021-08-04 06:19:43 +03:00
Kubernetes Prow Robot a9207f4a6c
Merge pull request #12087 from johngmyers/sha256-manifest 
Use SHA-256 for manifest hashes
 2021-08-01 21:55:23 -07:00
John Gardiner Myers d6a159a258 hack/update-expected.sh 2021-08-01 16:42:14 -07:00
Ciprian Hacman 541d328812 Update containerd to v1.4.9 2021-07-30 07:30:42 +03:00
Ciprian Hacman fc3a103baf Update core-dns to v1.8.4 2021-07-29 08:23:35 +03:00
Ciprian Hacman b6464658d4 Update containerd to v1.4.8 2021-07-29 05:27:10 +03:00
John Gardiner Myers 80eb3c42ac hack/update-expected.sh 2021-07-23 14:11:10 -07:00
Ciprian Hacman 4d7ebd343c
Release 1.22.0-alpha.2 (#12012) 2021-07-17 21:42:51 -07:00
Kubernetes Prow Robot 14de757bca
Merge pull request #11991 from olemarkus/refactor-iam 
Dedicated function for ccm permissons
 2021-07-16 13:06:10 -07:00
Ole Markus With f0390eda29 Dedicated function for ccm permissons 
Update pkg/model/iam/iam_builder.go

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2021-07-16 19:39:57 +02:00
John Gardiner Myers 10692bc2f4 hack/update-expected.sh 2021-07-14 08:19:10 -07:00
Ole Markus With c17ec3a7e7 Move containerd config from cloudup to nodeup 2021-07-14 10:28:37 +02:00
John Gardiner Myers e185c8148d hack/update-expected.sh 2021-07-11 11:16:11 -07:00
John Gardiner Myers 61606868ab hack/update-expected.sh 2021-07-10 23:23:13 -07:00
John Gardiner Myers a63e65038f hack/update-expected.sh 2021-07-10 17:31:59 -07:00
John Gardiner Myers 86c9ee5506 hack/update-expected.sh 2021-07-09 00:20:18 -07:00
John Gardiner Myers cdf26302b2 hack/update-expected.sh 2021-07-08 18:46:03 -07:00
Ciprian Hacman fd08e2b047 Run hack/update-expected.sh 2021-07-08 22:12:12 +03:00
Kubernetes Prow Robot 2e4a1ae143
Merge pull request #11921 from johngmyers/rename-k8s-ca 
Rename the "ca" keyset to "kubernetes-ca"
 2021-07-03 21:48:18 -07:00
Kubernetes Prow Robot cf834ce5fc
Merge pull request #11843 from olemarkus/reduce-policy-size-further 
Reduce policy size further
 2021-07-03 17:58:18 -07:00
John Gardiner Myers 5834fc2690 hack/update-expected.sh 2021-07-03 17:33:13 -07:00
John Gardiner Myers 5c5969d102 hack/update-expected.sh 2021-07-01 22:25:51 -07:00
John Gardiner Myers 186aaf6d96 hack/update-expected.sh 2021-07-01 14:45:32 -07:00
Ole Markus With aad2912710 Add sets for the remaining addons 2021-07-01 10:37:57 +02:00
Ole Markus With df5b58b1b3 Add sets for the typical default role perms 2021-07-01 10:28:01 +02:00
Ole Markus With 37271998e1 Use sets for aws lbc permissions 2021-07-01 10:19:40 +02:00
Ole Markus With c7bd1c1529 Add s3 policies to integration tests 2021-07-01 09:26:58 +02:00
Ole Markus With 19833e6b73 Use sets for ebscsidriver permissions 2021-07-01 09:02:04 +02:00
John Gardiner Myers 0f1de5cfc8 hack/update-expected.sh 2021-06-30 18:55:35 -07:00
John Gardiner Myers e90f2cc834 hack/update-expected.sh 2021-06-28 13:48:35 -07:00
Kubernetes Prow Robot ee048e89e7
Merge pull request #11872 from johngmyers/refactor-serviceaccount 
Refactor nodeup APIServer builder, part one
 2021-06-28 10:42:01 -07:00
John Gardiner Myers 7dfe9d82ab hack/update-expected.sh 2021-06-27 08:45:06 -07:00
John Gardiner Myers fdf034058d hack/update-expected.sh 2021-06-27 08:45:05 -07:00
Ciprian Hacman 348eed772a Avoid spurious changes for ASG InstanceProtection and LT InstanceMonitoring 2021-06-27 10:08:13 +03:00
John Gardiner Myers 89209df150 hack/update-expected.sh 2021-06-25 22:25:50 -07:00
Ciprian Hacman d7f405f65a Decrease default values for net.ipv4.tcp_rmem and net.ipv4.tcp_wmem 2021-06-25 21:27:56 +03:00
John Gardiner Myers 7dea5af9be hack/update-expected.sh 2021-06-21 19:37:24 -07:00
John Gardiner Myers 48c42fe37f hack/update-expected.sh 2021-06-21 16:10:07 -07:00
Ole Markus With 79a2c111f2 Remove redundant permissions 2021-06-21 08:59:54 +02:00
Ciprian Hacman 65d21ee463 Pre-pull container images from list of desired prefixes 2021-06-20 23:01:52 +02:00
Ciprian Hacman e347841aa3 Add integration test for Warm Pool images 2021-06-20 23:01:52 +02:00