kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
19,552 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

1885 Commits

Author SHA1 Message Date
justinsb c89f434f1b Only use node challenge on hetzner 
DigitalOcean (and others) will follow shortly.

Also create a method for CloudProvider, so that we are more ambivalent
towards bootstrapping methods.
 2023-05-06 08:57:21 -04:00
Justin SB c67f895226 Perform challenge callbacks into a node 
In order to verify that the caller is running on the specified node,
we source the expected IP address from the cloud, and require that the
node set up a simple challenge/response server to answer requests.

Because the challenge server runs on a port outside of the nodePort
range, this also makes it harder for pods to impersonate their host
nodes - though we do combine this with TPM and similar functionality
where it is available.
 2023-05-06 08:03:21 -04:00
Ole Markus With 5d82e52c48 Use external ECR credential provider as of Kubernetes 1.27 2023-04-29 10:21:57 +02:00
Jesse Haka 80f8e12fa5 run make apimachinery 2023-04-20 15:10:23 +03:00
Jesse Haka c09b401b38 add csi cinder metrics 2023-04-20 14:40:44 +03:00
Steven E. Harris 9595c833ee
Allow Cluster Autoscaler to ignore daemon pods 
By default the cluster autoscaler takes DaemonSet-managed pods'
resource requests into consideration when computing a node's resource
utilization. Allow toggling its "--ignore-daemonsets-utilization"
command-line flag via a new field in the Cluster
spec—"clusterAutoscaler.ignoreDaemonSetsUtilization." Setting that
field to true causes the autoscaler to ignore such daemon pods'
requests, such that it will more likely judge a node running only
daemon pods as being underutilized and shut down its hosting machine.
 2023-04-05 10:03:24 -04:00
ederst a0c8bb600a Run make apimachinery and crds 2023-03-24 11:34:34 +01:00
ederst 1e9fc8e6d5 OpenStack: Add OCCM address sort order config 
This will add the OCCM config to specify an address sort order:
* https://github.com/kubernetes/cloud-provider-openstack/pull/1946
 2023-03-24 11:34:22 +01:00
Kubernetes Prow Robot 4b61ae77c1
Merge pull request #15183 from anthonyhaussman/feat/kops/nodeLocalDNS_ExternalCoreFile 
feat(NodeLocalDNS): Add possibility to set an ExternalCoreFile
 2023-02-28 23:17:17 -08:00
Anthony Hausman cc47bd278c
feat(nodelocaldns): Add possibility to set an ExternalCoreFile 
Allow users to provide entirely custom CoreFile for NodeLocalDNS to provide improved flexibility.
 2023-02-28 08:19:20 +01:00
Jesse Haka 3f9a1b6462 set node status update freq to 60min in OpenStack 2023-02-27 20:38:30 +02:00
Justin SB 94c35804c9 validation cleanup: simplify signature of validateCIDR 
We split out the "add to a slice" logic, as this is then easier to
reason about.

Should be a no-op in terms of valid inputs, might avoid some crashes
with invalid inputs.
 2023-02-24 11:09:49 -05:00
Kubernetes Prow Robot e8f704a855
Merge pull request #15036 from johngmyers/addlcidr-subnet 
Improve support for AdditionalNetworkCIDRs
 2023-02-24 06:33:34 -08:00
Kubernetes Prow Robot ca3b53c00a
Merge pull request #15095 from infonova/use-clustername-in-cinder-csi-plugin 
Pass actual cluster name to cinder-csi-plugin
 2023-02-13 09:33:29 -08:00
ederst b4557d4729 Run make apimachinery and crds 2023-02-13 17:34:31 +01:00
ederst cd50ee00ac Pass actual cluster name to cinder-csi-plugin 
This passes the acutal cluster name to the cinder-csi-plugin, so that
the plugin will add the name as metadata to the backing volume in
OpenStack.

Effectively, the change will help to better identify which volume in
OpenStack belongs to which cluster, which is especially helpful when
running multiple clusters in one OpenStack tenant/project.

Setting the cluster name in both - the controller and the nodeserver -
will ensure that dynamic and ephemeral volumes will receive the correct
metadata.
 2023-02-13 17:31:32 +01:00
Justin SB 0b699832ec Use cloud-discovery on GCE in gossip mode 
It's a little simpler and should speed up our boot.
 2023-02-11 11:03:12 -05:00
ederst f4fdf7df79 Allow setting 'ignore-volume-microversion' for OCCP 
This will allow setting the option `ignore-volume-microversion` for the
cinder-csi-plugin.

Setting this is necessary for older OpenStack APIs so that OCCP can
create PVs.

Note: This will work with cinder-csi-plugin >= 1.25.

For reference:
* https://github.com/kubernetes/cloud-provider-openstack/pull/1986/
 2023-01-31 11:48:25 +01:00
Anthony Hausman 484bde5b9b
cilium: Add unreachable route for pod IP on deletion option 
When a pod is deleted, the route to its IP is replaced with an unreachable route.
When a pod is created, the route is replaced with a route to the pod veth (so if an unreachable existed, it's replaced).

Ref:
 - https://github.com/cilium/cilium/pull/18505
 2023-01-24 14:08:24 +01:00
Ciprian Hacman b1ef66f136 etcd-manager: Add option to set backup retention 2023-01-23 09:43:09 +02:00
John Gardiner Myers 7d3c20d036 Validate additionalRoutes against additionalNetworkCIDRs 2023-01-21 18:42:58 -08:00
Kubernetes Prow Robot 987eefb48a
Merge pull request #14997 from johngmyers/validate-addlcidrs 
Validate nonMasqueradeCIDR doesn't overlap additionalNetworkCIDRs
 2023-01-21 12:10:02 -08:00
Kubernetes Prow Robot e88fbf5d7d
Merge pull request #15016 from johngmyers/nodeup-network2 
Move more networking settings into nodeup.Config
 2023-01-18 02:04:35 -08:00
Jesse Haka 39ab519269 support multiple ConfigServers 2023-01-16 10:51:50 +02:00
John Gardiner Myers 0c323445fb Move UsesKubenet to nodeup.Config 2023-01-15 23:12:00 -08:00
John Gardiner Myers 68c4ef1a93 Move networking-related tests to nodeup.Config 2023-01-15 23:12:00 -08:00
John Gardiner Myers cc49461849 Move several CNI tests to nodeup.Config 2023-01-15 23:11:58 -08:00
John Gardiner Myers f6debfd658 Move ServiceClusterIPRange to nodeup.Config 2023-01-15 17:19:18 -08:00
John Gardiner Myers 2e6e022eca Move EgressProxy to nodeup.Config 2023-01-15 17:19:18 -08:00
John Gardiner Myers da881fb320 Move NonMasqueradeCIDR to nodeup.Config 2023-01-15 17:19:18 -08:00
Kubernetes Prow Robot 1c8f9c8a35
Merge pull request #14894 from johngmyers/v1alpha3-oidc 
v1alpha3: Move most OIDC settings to authentication.oidc
 2023-01-15 08:40:31 -08:00
Jesse Haka 3dab0eb807 Use kops-controller to boostrap nodes in OpenStack 2023-01-14 13:54:14 +02:00
John Gardiner Myers e52480ecc6 Validate nonMasqueradeCIDR doesn't overlap additionalNetworkCIDRs 2023-01-13 19:36:57 -08:00
John Gardiner Myers a6bd29b2ae Move more networking validations out of legacy.go 2023-01-13 19:36:55 -08:00
John Gardiner Myers 2365980281 openstack: use subnet type instead of topology 2023-01-12 19:33:10 -08:00
Kubernetes Prow Robot a1a0ce3f33
Merge pull request #14930 from zetaab/feature/openstacknodns 
OpenStack: Add support for clusters without DNS
 2023-01-12 07:52:54 -08:00
John Gardiner Myers 1de02c56f1 Use state store for nodeup.Config in Gossip clusters 2023-01-11 21:19:24 -08:00
John Gardiner Myers d009928883 v1alpha3: Move most OIDC settings to authentication.oidc 2023-01-11 19:26:18 -08:00
Jesse Haka cc8871eede no dns for OpenStack 2023-01-11 20:02:02 +02:00
Grégory SANCHEZ 6fdf54ff34 feat(cluster-autoscaler): autogenerate priority-expander configMap 2023-01-11 08:26:33 +01:00
Kubernetes Prow Robot 7b4430ff61
Merge pull request #14885 from johngmyers/root-volume 
v1alpha3: Move IG root volume settings to sub-struct
 2023-01-04 18:11:58 -08:00
John Gardiner Myers 8fc4bdb669 Add missing line break 
Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2023-01-04 17:25:44 -08:00
John Gardiner Myers 447220ef4e Use NodeupConfig for NTP-managed setting 2023-01-03 22:16:20 -08:00
John Gardiner Myers 4179fcce58 Use NodeupConfig for KubernetesVersion 2023-01-03 22:16:20 -08:00
John Gardiner Myers b5eef1c129 Use NodeupConfig for kube-proxy config 2023-01-03 12:29:07 -08:00
John Gardiner Myers fe448ef906 Use NodeupConfig for DockerConfig 2023-01-02 13:58:21 -08:00
John Gardiner Myers 125866792d Use NodeupConfig for ContainerdConfig 2023-01-02 13:42:11 -08:00
John Gardiner Myers 25a897b691 Use NodeupConfig for ContainerRuntime 2023-01-02 12:50:23 -08:00
John Gardiner Myers c68be498c6 Refactor NewAssetBuilder to not take a Cluster 2023-01-01 13:37:52 -08:00
John Gardiner Myers 74becb764e Don't require subnets on DO and Hetzner 2022-12-30 12:00:02 -08:00