5d09a9a95b
Merge pull request #9667 from justinsb/kubectl_auth_helper
...
Support authentication helper for kubectl
2020-08-30 21:46:21 -07:00
56bab9fa4f
Merge pull request #9813 from justinsb/expose_jwks
...
Expose JWKS via a feature-flag
2020-08-30 21:06:20 -07:00
0ec71686b9
Refactor cloudinstancegroupmember in a more independent cloud instance representation
...
Apply suggestions from code review
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
2020-08-30 21:37:03 +02:00
8757a2ce2a
kubeconfig generation: add tests for kops plugin
...
Also slightly simplify the tests and Kubecfg Builder signature by
passing in the ConfigAccess only when needed.
2020-08-30 15:17:36 -04:00
0cda0f5068
Support authentication helper for kubectl
...
We create a simple exec plugin command which can create and renew
short-lived admin credentials on the fly, essentially leveraging the
security of the underlying cloud credentials.
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
2020-08-30 15:16:20 -04:00
4d7632aa26
Merge pull request #8896 from justinsb/reflect_set
...
Implement setter by reflection
2020-08-30 12:00:20 -07:00
0326ce4ad7
Dont generate the ssl_certificate_id field on TCP listeners in Terraform
2020-08-30 09:44:16 -05:00
786423f617
Expose JWKS via a feature-flag
...
When the PublicJWKS feature-flag is set, we expose the apiserver JWKS
document publicly (including enabling anonymous access). This is a
stepping stone to a more hardened configuration where we copy the JWKS
document to S3/GCS/etc.
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
2020-08-30 10:15:11 -04:00
c63ce4b5ab
Implement setter by reflection
...
This means we no longer have to individually hard-code the `kops set`
fields, however we use the "language" we're now demonstrated.
We add tests to ensure we have parity with our existing (hard-coded)
setter logic.
2020-08-30 09:59:52 -04:00
e6b8c82d88
Merge pull request #9838 from etwillbefine/api-server-cors
...
add support for cors-allowed-origins
2020-08-29 16:54:21 -07:00
328f637880
Merge pull request #8119 from justinsb/addons_are_objects
...
Addons: Support arbitrary additional objects
2020-08-29 15:20:21 -07:00
3941bd507d
Merge pull request #9837 from justinsb/is_ready
...
TaskDependentResource: support preview when the task isn't ready
2020-08-29 14:22:20 -07:00
2b0970376e
use list of strings for CORS
2020-08-29 22:11:24 +02:00
1b6ee2c7e8
add support for cors-allowed-origins
...
closes https://github.com/kubernetes/kops/issues/2045
correct typo in flag attribute
run code-gen, correct field description
2020-08-29 19:14:39 +02:00
a1553bdf0b
TaskDependentResource: support preview when the task isn't ready
...
This is needed because otherwise if we try to diff a computed field,
we can't read the value.
2020-08-29 08:39:14 -04:00
d4480e4721
Always use OpenStack Swift reauthentication
...
If we were using credentials from env vars, we would not do
reauthentication with Swift.
2020-08-29 08:25:59 -04:00
3f079cd1d9
Merge pull request #9831 from justinsb/cloudbuild_configurable_ci_build
...
cloudbuild: allow CI env var to be specified
2020-08-28 07:07:49 -07:00
3be4aa0131
Merge pull request #9830 from justinsb/dont_repush
...
Use the get_workspace_status script to get the versions
2020-08-28 06:18:54 -07:00
f32fcc35fa
Addons: Support arbitrary additional objects
...
We will be managing cluster addons using CRDs, and so we want to be
able to apply arbitrary objects as part of cluster bringup.
Start by allowing (behind a feature-flag) for arbitrary objects to be
specified.
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
2020-08-28 09:03:41 -04:00
6bfcbdde2c
cloudbuild: allow CI env var to be specified
...
This should allow us to build our tagged builds as _non_ CI builds.
2020-08-28 08:36:58 -04:00
eb2943671f
Use the get_workspace_status script to get the versions
...
This avoids duplication of logic / different logic - and the logic in
the Makefile was indeed different, which was causing us to overwrite
the staging alpha images.
2020-08-28 08:34:42 -04:00
5e0c55bfb3
Merge pull request #9826 from ozdanborne/remove-typha-affinity
...
remove nodeAffinity from typha
2020-08-28 01:16:52 -07:00
e537846b41
Merge pull request #9784 from olemarkus/kops-delete-instance
...
Add kops delete instance command
2020-08-28 00:36:53 -07:00
7356e719f2
Merge pull request #9828 from rdrgmnzs/remove-debian-hyperkube
...
Move from debian-hyperkube-base to debian-base for node-authorizer
2020-08-27 23:54:53 -07:00
ff6c04938d
Add kops delete instance command
...
Add support for deleting instance by k8s node name
Add yes flag
2020-08-28 08:43:30 +02:00
93f7a5d9cf
Merge pull request #9827 from rifelpet/gce-bastion
...
GCE - Set Bastion InstanceGroup zone
2020-08-27 13:26:11 -07:00
157df7052c
Move from debian-hyperkube-base to debian-base for node-authorizer
2020-08-27 23:18:25 +03:00
55f33c68b3
Cleanup old v1alpha1 test outputs
2020-08-27 14:30:10 -05:00
64f6f5e2cb
Add integration test for GCE private topology with bastion
2020-08-27 14:28:26 -05:00
8bf1dfd43e
GCE - Set Bastion InstanceGroup zone
...
GCE uses Spec.Zones rather than Spec.Subnets because subnets are regional rather than zonal.
This sets the Zones field for bastion IGs in GCE, avoiding an index out of range panic during cluster creation.
2020-08-27 14:17:02 -05:00
6ae4337249
remove nodeAffinity from typha
2020-08-27 12:59:08 -04:00
e5e8908cce
Merge pull request #9821 from olemarkus/openstack-newer-nova-3
...
Reconcile ports and floating ips
2020-08-27 07:15:53 -07:00
3a75ecc864
Merge pull request #9732 from rifelpet/export-kubecfg-internal
...
Add --internal flag for export kubecfg that targets the internal dns name
2020-08-27 06:01:53 -07:00
6a33402702
Merge pull request #9820 from olemarkus/managed-sgs
...
Remove unknown rules from managed security groups on openstack
2020-08-27 03:43:03 -07:00
7f0eaaf28e
Merge pull request #9824 from hakman/upd-deps-1.19.0
...
Update k8s dependencies to v1.19.0
2020-08-26 22:31:02 -07:00
5c7334fb88
Update k8s dependencies to v1.19.0
2020-08-27 07:16:31 +03:00
d0b8c654bd
Add --internal flag for export kubecfg that targets the internal dns name
...
Kops creates an "api.internal.$clustername" dns A record that points to the master IP(s)
This adds a flag that will use that name and force the CA cert to be included.
This is a workaround for client certificate authentication not working on API ELBs with ACM certificates.
The ELB has a TLS listener rather than TCP, so the client certificate is not passed through to the apiserver.
Using --internal will bypass the API ELB so that the client certificate will be passed directly to the apiserver.
This also requires that the masters' security groups allow 443 access from the client which this does not handle automatically.
2020-08-26 21:15:18 -05:00
ffaf75f943
Merge pull request #9822 from MoShitrit/aws-cni-1.7.1
...
Upgrade AWS VPC CNI to 1.7.1
2020-08-26 12:56:19 -07:00
db0111acfe
Upgrade AWS VPC CNI to 1.7.1
2020-08-26 13:54:01 -04:00
b00f8049b6
Merge pull request #9808 from hakman/kope-to-k8s.gcr.io
...
Pull images from k8s.gcr.io/kops instead of docker.io/kope
2020-08-26 07:18:05 -07:00
d2127d8981
Reconsile floating ips to instances
2020-08-26 14:17:24 +02:00
0ae88cde8a
Support reconsiling server ports
2020-08-26 14:17:24 +02:00
8e4f3b1458
Tags are never used
2020-08-26 14:17:24 +02:00
5cb63fb788
Fail if we find multiple sgs with same name
2020-08-26 13:41:15 +02:00
165933852d
Merge pull request #9790 from olemarkus/openstack-newer-nova
...
Remove compute floating ip extension
2020-08-26 04:26:03 -07:00
14a6f92f53
Delete SG rules that kops don't explicitly add to managed SGs
2020-08-26 11:09:22 +02:00
6cc7153bbe
Don't fatal on non-fatal things in servergroup tests
2020-08-26 10:52:34 +02:00
d6615e523d
Remove some duplicate code
2020-08-26 10:52:34 +02:00
154335e758
Merge pull request #9818 from hakman/kube-router-1.0.1
...
Update kube-router to v1.0.1
2020-08-26 01:46:03 -07:00
fd62ca9e42
Update kube-router to v1.0.1
2020-08-26 10:53:22 +03:00
Kubernetes Prow Robot