kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
20,198 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

163 Commits

Author SHA1 Message Date
justinsb fb8e80e3f5 gce: Set labels on ForwardingRules 
We add the cluster-name label, now that labels are supported on
ForwardingRules.
 2023-07-28 23:48:41 -04:00
justinsb a15e9d7fb1 gce: fix message around getting firewall rule 
The error message was ambiguous.
 2023-07-28 16:51:49 -04:00
John Gardiner Myers 1358851c7d Get VFSContext from caller in NewAssetBuilder() 2023-07-18 08:49:06 -07:00
Kubernetes Prow Robot 141a040aec
Merge pull request #15607 from hakman/gce_cloud-init 
gce: Use `user-data` instead of `startup-script` metadata key
 2023-07-15 11:47:05 -07:00
Ciprian Hacman fb66f1770f gce: Use `user-data` instead of `startup-script` metadata key 2023-07-09 13:50:00 +03:00
Ciprian Hacman 04a4e02920 gce: Update logic for internal LB 2023-07-08 04:34:43 +03:00
Tessia Piboubès d41b6e6ca6 GCP Terraform: enable create_before_destroy in instance templates 2023-06-07 17:49:55 +02:00
Kubernetes Prow Robot b6abf9049f
Merge pull request #15283 from hakman/gce_internal_lb 
gce: Avoid spurious changes for ForwardingRule
 2023-04-13 07:46:39 -07:00
Kubernetes Prow Robot 4cbcbf251b
Merge pull request #15281 from justinsb/gce_ipv6_subnets 
gce: Add IPv6 support to subnet/instances
 2023-03-31 13:43:49 -07:00
Ciprian Hacman 957b7943a6 gce: Avoid spurious changes for ForwardingRule 
Will modify resources:
  ForwardingRule/europe-central2-my-k8s-my-k8s
  	LoadBalancingScheme 	 <nil> -> INTERNAL
  	Network             	 <nil> -> name:my-k8s id:my-k8s
  	Subnetwork          	 <nil> -> name:europe-central2-my-k8s id:europe-central2-my-k8s
  	BackendService      	 <nil> -> name:api-my-k8s id:api-my-k8s
 2023-03-31 16:51:39 +03:00
Justin SB 98c1109cc6 gce: Add IPv6 support to subnet/instances 
We need to specify StackType & IPv6AccessType
 2023-03-31 09:33:47 -04:00
Justin SB f20e08cab9 GCE FirewallRule: Use an explicit field for ipv4 vs ipv6 
We were previously relying on the name, but the name was "fooled" by
cluster names like ipv6.example.com
 2023-03-31 09:33:29 -04:00
Ciprian Hacman 88fd444987 gcp: Update terraform rendering for Target Pool 2023-03-16 08:55:15 +02:00
Ciprian Hacman 1db17ab949 gcp: Update terraform rendering for HTTP Health Check 2023-03-16 08:10:25 +02:00
Ciprian Hacman 8f2236e3ea gcp: Add terraform rendering to Pool Health Check 2023-03-16 07:49:47 +02:00
Peter Rifel cb6908802d
Add terraform rendering to GCP HTTP Health Check 2023-03-15 18:45:39 -05:00
Kubernetes Prow Robot 3562661b46
Merge pull request #14912 from justinsb/localmutex 
gce: try to avoid concurrent IAM project operations
 2023-01-03 18:31:58 -08:00
justinsb f016c396ec gce: try to avoid concurrent IAM project operations 
We set up a process-wide table of mutexes, to avoid concurrent IAM
operations on GCE projects.  Best-effort is reasonable here, we will
retry, but avoiding concurrent operations just avoids logspam and a
needless retry from self-conflicts.
 2023-01-01 18:15:20 -05:00
John Gardiner Myers c68be498c6 Refactor NewAssetBuilder to not take a Cluster 2023-01-01 13:37:52 -08:00
John Gardiner Myers 7abacb9b3b Get default CheckExisting from Target 2022-12-20 12:00:37 -08:00
John Gardiner Myers 4d309b0b36 Move Cluster into CloudupSubContext 2022-12-20 08:11:01 -08:00
John Gardiner Myers f7383b29da Move Cloud into CloudupSubContext 2022-12-18 13:40:02 -08:00
John Gardiner Myers 7fcd55737a Remove unused fields from fi.Context 2022-12-18 13:40:02 -08:00
John Gardiner Myers 7c3e32369a Refactor Context into separate cloudup and nodeup types 2022-12-17 17:42:46 -08:00
justinsb 5fde739814 Introduce context.Context into some of our "Context" objects 
The rule of thumb is that we shouldn't be embedding a context.Context,
but it is reasonable when the lifetime is similar and when the
refactor would otherwise be unacceptably large.

This is a minimal way to introduce it, based on adding the support
needed in the GCS support for serviceAccountIssuerDiscovery.  We will
need to plumb through the context in many more places over time.
 2022-12-12 09:56:09 -05:00
John Gardiner Myers 235aa61594 v1alpha3: move networking fields under networking 2022-12-02 19:19:59 -08:00
Ciprian Hacman d29812fc6e Replace fi.Bool/Float*/Int*/StringValue() with fi.ValueOf 2022-11-19 03:45:23 +02:00
Ciprian Hacman 8f79c9bd68 Replace fi.Bool/Float*/Int*/String() with fi.PtrTo() 2022-11-19 03:45:22 +02:00
John Gardiner Myers 6eed8ff095 Refactor all normalization code into new Normalize() method 2022-10-30 23:59:22 -07:00
Ivan Volynkin 329c60cc62 Adding GCE SPOT support 2022-07-14 20:19:50 +03:00
justinsb 978c86d127 gce: set ProvisioningModel on InstanceTemplate 
Because of how we compare InstanceTemplates, this was causing spurious
differences.

Add the minimal support, setting the value to the default.
 2022-06-28 11:11:58 -04:00
Ivan Volynkin 4264d78839 Adding GuestAccelerators to InstanceTemplate 2022-06-23 10:00:02 +03:00
Ciprian Hacman 2f8154692f Allow returning multiple addresses for API 2022-05-09 14:14:15 +03:00
Nat Henderson 9b08c4bb51 Enable internal load balancers when running on GCP 
* Add ILBs, broadly following the AWS model.  The following new
capabilities are added for clusters in GCP:
  * Cluster's spec.api.loadBalancer can be set to 'type: internal' on
    GCP.
    * Therefore, GCP can now create:
        * regional backend services
        * regional (non-legacy) healthchecks
        * firewall rules with "internal" load-balancing scheme
        * firewall rules with dot-notation-specified IP addresses
  * Cluster's spec.api.loadBalancer's 'subnets' field functions
    as in the AWS model.

A few incidental changes are included, either because this change
touched the relevant code or because my use case happened to trigger the
issues that are fixed here.

* Cluster's spec.networkID field can be prefixed by project to use
  GCP's common cross-project networking model.
    * The presumption is that all specified subnets belong to this
      network and therefore this project.

* Add missing operation wait on forwarding rule creation.

* Some Terraform output improvements:
    * Permit no-ACL files in GCS buckets in Terraform output.
    * Enable marginally better cross-resource reference in Terraform outputs
    * Add project to network + subnetwork literals in Terraform output.
    * Add terraform output to backend services and health checks.

Testing:
  * Add mocks for backend services and health checks.
  * Add minimal integration test - copied from gce_private and ilb added.
  * Add update cluster goldens.

Co-authored-by: Travis Reid <travis_reid@apple.com>
 2022-04-25 13:31:47 -07:00
Ole Markus With ce2e877aeb Remove bazel files from vendor 2022-04-12 13:29:03 +02:00
Jesse Haka 617b439b38 Fix GCE service account creation 2022-03-01 11:59:42 +02:00
Kubernetes Prow Robot 02dc9dd8b3
Merge pull request #13201 from zetaab/removesa 
cleanup GCP Cluster Service Accounts
 2022-02-23 04:24:19 -08:00
Jesse Haka 0a19533410 remove GCE Cluster Service Accounts 2022-02-04 16:46:27 +02:00
Jesse Haka 7c8f2cb41e codegen 2022-02-03 22:26:07 +02:00
Jesse Haka d3fac0c1be GCP API health checks 2022-02-03 21:02:21 +02:00
Peter Rifel e0555bb431
Remove unused json field tags from terraform structs 2021-12-24 14:17:23 -06:00
Peter Rifel 117639f7ec
Use terraform literals in GCP service account references 2021-12-18 16:39:16 -06:00
justinsb 61e2cb2b73 gce: Fix google_project_iam_binding member -> members 2021-12-17 18:29:29 -05:00
Ciprian Hacman 3515f8e39b
Fix pull-kops-verify-gofmt 2021-12-17 12:02:51 +02:00
justinsb a0a67ebdab gce: map multiple serviceaccounts 
Though it's currently an error to create an instance with more than
one serviceaccount, the GCE API and Terraform both support expressing
it in the model.  It's simpler to support the full model
expressiveness.
 2021-12-16 09:48:49 -05:00
justinsb 63e3d98443 gce: Use ServiceAccount task when building model 
The next step towards supporting custom ServiceAccounts per IG
 2021-12-15 11:08:51 -05:00
justinsb faeeb1fe80 GCE: Project IAM Binding task 
This allows us to grant a project-level permission to a service account.
 2021-12-13 13:48:55 -05:00
justinsb eeb948aca8 GCE: Task for StorageBucket IAM 
IAM at the bucket level is recommended over object or bucket level ACLs.
 2021-12-13 10:16:54 -05:00
justinsb 345c2900e8 gce: ServiceAccount task 
Create a Task to manage GCE service account resources.
 2021-12-12 22:12:18 -05:00
Kubernetes Prow Robot db3167215e
Merge pull request #12870 from rifelpet/gce-instance-template-labels 
Add labels to GCE instance templates
 2021-12-02 00:25:33 -08:00