kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,739 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

335 Commits

Author SHA1 Message Date
Eric Hole 59bc52a05a Adds permissions for ELB and NLB req'd by 1.9 2017-12-17 13:03:54 -08:00
Kubernetes Submit Queue bea129142a
Merge pull request #4051 from robinpercy/autoscaler-perms 
Automatic merge from submit-queue.

Adding DescribeTags to masters

/fixes #2681
 2017-12-14 09:25:42 -08:00
Kubernetes Submit Queue d533714aa8
Merge pull request #4036 from almariah/feature-api-elb-security-groups 
Automatic merge from submit-queue.

Allow additional SGs to be added to API loadbalancer

Allow adding precreated additional security groups to the API loadbalancer using cluster spec:
```yaml
spec:
  api:
    loadBalancer:
      type: Public
      additionalSecurityGroups:
      - sg-exampleid3
      - sg-exampleid4
```

- [x] Adding additionalSecurityGroups cluster spec
- [x] Adding validation for repeated security groups
- [x] Adding validation for API loadbalancer security groups
- [x] Integration test for API loadbalancer and its security groups
- [x] Update API docs and cluster.spec docs
 2017-12-14 02:25:40 -08:00
Kubernetes Submit Queue ac7ae3fd58
Merge pull request #3809 from rdrgmnzs/hostnameOverride_use_hostname 
Automatic merge from submit-queue.

Let a user set a hostnameOverride when the cloud provider is aws.

Let a user use the hostname or set a hostnameOverride when the cloud provider is aws. This would allow for a more descriptive name to be used. The name of the hosts when using @hostname can be set by using a hook or some other method.
 2017-12-13 17:46:21 -08:00
Robin Percy 6a2ded4681 Adding DescribeTags to masters 2017-12-13 11:48:24 -08:00
Abdullah Almariah 1dbc6064a5 Allow additional SGs to be added to API loadbalancer 2017-12-11 15:24:08 +01:00
Kubernetes Submit Queue 23319a0974
Merge pull request #3941 from vainu-arto/private_dns_cert_fix 
Automatic merge from submit-queue.

When using private DNS add ELB name to the api certificate

This fixes issue #2032 by using the gossip paths with private dns as well:

* When creating the api server certificate, include the ELB hostname
* When generating kubeconfig, use the ELB hostname as the api server name
 2017-12-04 06:01:25 -08:00
Kubernetes Submit Queue 26d931eab1
Merge pull request #3976 from aledbf/missing-elb-permission 
Automatic merge from submit-queue.

Add missing permissions for NLB creation

Without this permissions is not possible to create a network load balancer (alpha in k8s >= 1.9)
 2017-12-03 19:03:42 -08:00
Justin Santa Barbara 0872cb74d7 Allow GCE network to be reconfigured 2017-12-02 02:43:21 -05:00
Manuel de Brito Fontes 683799c9ab Add missing permissions for NLB creation 2017-12-01 08:56:55 -03:00
Arto Jantunen dd64f1ed6c Include ELB hostname in certificate when using private DNS 2017-11-28 11:48:57 +02:00
Justin Santa Barbara 581e954062 Block etcd peer port from nodes 
Ports 2380 & 2381 should not be exposed to nodes.

Fix #3746
 2017-11-25 16:36:46 -05:00
zengchen1024 769a9e9dbb update gazelle 2017-11-22 14:29:14 +08:00
zengchen1024 0949d597b7 build volume task 2017-11-20 11:52:19 +08:00
Fabricio Toresan d4eef657d6 Changing the prefix of the ResourceTag condition to match the one specified in the ASG documentation 2017-11-18 09:17:07 -02:00
Kashif Saadat f0c3ed8965 Include encryptionConfig setting within userdata for masters. 2017-11-16 15:58:59 +00:00
Kubernetes Submit Queue 17487a4853
Merge pull request #3820 from zengchen1024/add_openstack_cloud 
Automatic merge from submit-queue.

add openstack cloud provider

Add an Openstack cloud provider. It does not implement all the interfaces of fi.Cloud, hence, can not create a cluster, but it can pass the work flow of creating cluster for the command like "kops create cluster --cloud openstack --zones nova -v 15 --target direct --yes myoscluster4.k8s.local"
Which issue this PR fixes: #3819
 2017-11-13 22:19:23 -08:00
zengchen1024 f9c98c3b4c add openstack cloud provider 2017-11-13 16:59:24 +08:00
Justin Santa Barbara 86d18808fe Update bazel build files 2017-11-12 22:37:47 -05:00
Kubernetes Submit Queue ec5496520d
Merge pull request #3795 from KashifSaadat/iam-kube-router 
Automatic merge from submit-queue.

Add Node IAM permissions to access kube-router key in S3.

Fixes #3792 

An additional S3 IAM permission is added to the nodes policy when `Networking.Kuberouter` is specified.
 2017-11-09 22:41:59 -08:00
Rodrigo Menezes ef24cec62b Fixing naming convention and adding running API machinery. 2017-11-09 14:30:48 -08:00
Kashif Saadat 029d0c0393 Add Node IAM permissions to access kube-router key in S3. 2017-11-09 09:57:02 +00:00
Rodrigo Menezes 255305b8ef Let a user use the hostname or set a hostnameOverride when the cloud provider is aws 2017-11-08 23:59:21 -08:00
Rodrigo Menezes 3cfa67c3e6 Merge remote-tracking branch 'upstream/master' into extra_user-data 2017-11-08 22:20:54 -08:00
Kashif Saadat 43f193e6ea Bugfix for bootstrapscript repeatedly generating different content when HookSpecs have ExecContainerAction defined. 2017-11-07 18:17:26 +00:00
Rodrigo Menezes 1fe56a1603 Move user-data to IG spec 2017-11-06 23:25:37 -08:00
Justin Santa Barbara 7066368f5c
Merge pull request #2063 from pdh/additional-sans 
Allows additional Subject Alternate Names
 2017-11-06 22:51:52 -05:00
chrislovecnm d71f53d4b5 fixing panic with iam unit tests 2017-11-06 13:36:45 -07:00
Justin Santa Barbara 132b428d64
Merge pull request #3776 from chrislovecnm/bazel-work 
gazelle updates with new bazel version
 2017-11-06 14:08:57 -05:00
Caleb Gilmour d2b8741455 Add additional Describe permissions required for Romana CNI 2017-11-06 09:31:09 +00:00
chrislovecnm 609e268a1d gazelle updates with new bazel version 2017-11-05 17:41:53 -07:00
chrislovecnm 9647b1d349 deprecated API values that are no longer used with kube-dns 2017-11-04 22:15:48 -06:00
Rodrigo Menezes 565afae2c6 Merge remote-tracking branch 'upstream/master' into extra_user-data 2017-11-04 17:06:43 -07:00
chrislovecnm 1e418c3e13 more goimport updates 2017-11-04 10:03:02 -06:00
Kubernetes Submit Queue f3affcb0d3
Merge pull request #3730 from iterion/add-ipip-to-kuberouter 
Automatic merge from submit-queue.

Add node-to-master IPIP to kuberouter

Like Calico and Romana, Kube Router needs IPIP traffic from nodes to masters to be allowed. This adds that firewall rule for all clusters set up with Kube Router.

See:
https://github.com/cloudnativelabs/kube-router/issues/208
 2017-11-03 08:40:20 -07:00
pdh fc6f33db24 Allows additional Subject Alternate Names 2017-11-02 10:26:03 -07:00
chrislovecnm 8d1ee1fa16 updating files for goimports 2017-11-01 12:51:43 -06:00
Kubernetes Submit Queue 08c34b6eb4
Merge pull request #3184 from justinsb/test_does_not_change_tags 
Automatic merge from submit-queue.

Fix shared subnet/vpc tags
 2017-11-01 08:23:29 -07:00
Justin Santa Barbara fa419d9510 Add comment on purpose of kops keypair 
Otherwise it's tricky to track down where it is used.
 2017-10-30 23:49:19 -04:00
Rodrigo Menezes 58faa71d89 Merge remote-tracking branch 'origin/master' into extra_user-data 2017-10-30 20:44:00 -07:00
Kashif Saadat 1dea528a0e Update IAM roles documentation based on recent changes. 2017-10-30 16:41:55 +00:00
Adam Sunderland fd8fe5ea18 Add node-to-master IPIP to kuberouter 2017-10-30 09:51:21 -05:00
Justin Santa Barbara d1ee8026ac GCE: Tasks for object & bucket level permissions 
We also switch to setting a bucket-level ACL permission, as this
requires less permissions.
 2017-10-29 18:08:08 -04:00
Kubernetes Submit Queue 4162ae1e3b
Merge pull request #3712 from justinsb/storage_acls_minimal 
Automatic merge from submit-queue.

GCE: Set up permissions for cross-project configurations
 2017-10-28 07:15:19 -07:00
Justin Santa Barbara 15dedf8e79 Updates from running gazelle 2017-10-28 03:27:18 -04:00
Justin Santa Barbara dbbe3f373b GCE: Set up permissions for cross-project configurations 
This ensures that the cluster can read the kops state store files, even
if the GCS bucket is in a different project.

We automatically set up an IAM access policy that grants access.
 2017-10-28 03:24:18 -04:00
chrislovecnm 4711d1596e update to imports that apimachinery is doing now automatically 2017-10-27 14:28:48 -06:00
Kubernetes Submit Queue a4d6895472 Merge pull request #3707 from andrewsykim/droplet 
Automatic merge from submit-queue.

Implement DigitalOcean Droplet FI Task

Implements cloudup fi tasks for DigitalOcean droplets. It makes a few assumptions to reduce the size of this PR, those will be addressed in future PRs. 

Also does some cleanup in the DigitalOcean `dns` package.
 2017-10-27 08:30:57 -07:00
andrewsykim 45bf2cb3a7 Implement DigitalOcean Droplet FI Task 2017-10-27 09:48:42 -04:00
Manatsawin Hanmongkolchai a708919bf4 Generate scheduler policy by dynamic cluster addons 2017-10-27 08:56:07 +07:00