kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
18,591 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

17 Commits

Author SHA1 Message Date
John Gardiner Myers 5fca16aa30 v1alpha3: Move API-related settings under API 2022-11-19 10:27:12 -08:00
Ciprian Hacman d29812fc6e Replace fi.Bool/Float*/Int*/StringValue() with fi.ValueOf 2022-11-19 03:45:23 +02:00
Ciprian Hacman 8f79c9bd68 Replace fi.Bool/Float*/Int*/String() with fi.PtrTo() 2022-11-19 03:45:22 +02:00
John Gardiner Myers 8473e8b2e7 Stop making MasterInternalName configurable 2022-11-16 22:06:02 -08:00
Ciprian Hacman 4e5ded6dc3 hetzner: Create cluster without DNS or Gossip 2022-10-27 11:29:37 +03:00
Ole Markus With 921d1b8ce0 OIDC flags are no longer optional 2022-06-07 15:45:56 +02:00
Ole Markus With 2fa53989c4 Configure dualstack endpoint for s3 
Use dualstack https endpoints on ipv6only cluster. Always use
dualstack endpoints through the SDK
 2021-11-20 08:00:00 +01:00
Peter Rifel 0d13da839a
Use MasterInternalName for gossip cluster SA issuer 
This reverts a change introduced earlier in 1.22 that resulted in existing service account tokens becoming invalid after a kops upgrade.
 2021-09-10 14:40:07 -04:00
John Gardiner Myers d58a19e1bd Refactor service-account signing key 2021-07-10 17:31:59 -07:00
John Gardiner Myers 24d1706848 Allow overriding the ServiceAccountIssuer for IRSA 2021-06-25 18:33:07 -07:00
John Gardiner Myers 8823f30ad7 Recognize the ServiceAccountIssuerDiscovery featue gate 2021-05-06 08:57:37 -07:00
John Gardiner Myers d21cb0f306 Use consistent ServiceAccountJWKSURI default for PublicJWKS 2021-05-06 00:15:15 -07:00
Peter Rifel 7c900b7fae Generate and upload keys.json + discovery.json to public store 
Generate and upload keys.json + discovery.json to public store

Don't enable anonymous auth on publicjwks

Remove tests that won't work using FS VFS anymore
 2021-03-19 20:03:26 +01:00
Ole Markus With 9a13837629 Fix JWKS path for volume projection 2021-02-18 22:07:35 +01:00
John Gardiner Myers 4f5def8610 Address review comment 2020-12-03 23:24:43 -08:00
John Gardiner Myers 9607b9955c Set --service-account-issuer for k8s 1.20+ 2020-11-20 22:20:39 -08:00
Justin SB 786423f617 Expose JWKS via a feature-flag 
When the PublicJWKS feature-flag is set, we expose the apiserver JWKS
document publicly (including enabling anonymous access).  This is a
stepping stone to a more hardened configuration where we copy the JWKS
document to S3/GCS/etc.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-08-30 10:15:11 -04:00