14ab4a3453
Move UpdatePolicy into NodeConfig
2021-06-03 21:20:56 -07:00
59c8826b17
Move FileAssets into the NodeupAuxConfig
2021-06-03 21:20:55 -07:00
06658c9d13
Move Hooks into the NodeupAuxConfig
2021-06-03 21:09:45 -07:00
c3c1aca3c1
Include AuxConfig output in TestBootstrapUserData
2021-06-03 21:09:45 -07:00
2e1629c610
Introduce nodeup.AuxConfig
2021-06-03 20:37:22 -07:00
c62090fc6c
Merge pull request #11552 from hakman/etcd-events-tests
...
Add etcd-server related tests
2021-05-21 09:29:35 -07:00
48ef1555bb
Add etcd-server related tests for kube-apiserver
2021-05-21 18:53:54 +03:00
f4ec3df187
Prepare etcd-server related tests for kube-apiserver
2021-05-21 18:53:54 +03:00
46e13c0009
Bump snapshot-controller version
...
Update upup/models/cloudup/resources/addons/storage-aws.addons.k8s.io/v1.15.0.yaml.template
Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
Update upup/models/cloudup/resources/addons/storage-aws.addons.k8s.io/v1.15.0.yaml.template
Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
2021-05-21 15:40:40 +02:00
bb52334222
Make the events etcd cluster optional
2021-05-20 08:05:42 +02:00
47add60546
Fix KCM livenessProbe to use secure port
2021-05-11 08:01:42 -05:00
36f93d0069
hack/update-expected.sh
2021-05-07 23:40:03 -07:00
d3469d6ec2
Remove code for no-longer-supported k8s versions
2021-05-07 23:40:03 -07:00
cc4fae3f71
Remove unused k8s version parsing
2021-05-03 17:23:23 -05:00
9481246e22
[csi/aws] Add support for warm pools
...
Add pulling needed images as initial task for warming up instances for
csi driver resources.
Signed-off-by: dntosas <ntosas@gmail.com>
2021-04-25 16:59:57 +03:00
df2f66e1e5
Make API servers provision themselves.
...
API servers also have access to secret store, so there is no need to go through kops-controller.
This lets API server only depend on etcd from the CP nodes, which should make it easier to scale out API servers under pressure
2021-04-23 06:59:15 +02:00
769c6e584f
Add install section to kubelet unit
2021-04-19 19:19:46 +02:00
df4f429ceb
Apply suggestions from code review
...
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
2021-04-19 07:25:42 +02:00
202e440920
Pre-pull cilium and kube-proxy in warming mode
2021-04-18 18:42:59 +02:00
aac4741b0e
Add a golden test for warmpool mode
2021-04-15 07:01:33 +02:00
af92896dc7
Don't start kubelet if we are warming
2021-04-14 11:05:50 +02:00
1737925c44
Replace k8s.io/utils/mount with k8s.io/mount-utils
2021-04-14 07:01:43 +03:00
bd731ce989
Use secure kubelet auth
...
Without secure node auth enabled, commands like `kubectl logs` may fail
with certain configurations.
Previously, we checked if anonymousAuth was enabled on the kubelet
before securing node communication, but this isn't really relevant. We
can still authenticate even if anonymous access is allowed.
2021-04-13 08:59:39 +02:00
fdc61b4bdb
Rename the service account key
2021-04-11 08:11:27 -07:00
baff30d66e
Add an option to skip NTP installation
...
Add NTPConfig to ClusterSpec. NTPConfig has the SkipInstall option.
https://github.com/kubernetes/kops/issues/9661
2021-03-31 12:33:32 -07:00
e2ea5f8a95
Update protokube systemd unit docs link
2021-03-24 20:57:00 -05:00
05123faf5a
Update containerd to v1.3.10/v1.4.4
2021-03-23 17:02:01 +00:00
8b5be9baf9
Merge pull request #11082 from bharath-123/task/remove-dbus
...
Remove dbus dependency
2021-03-21 21:31:43 -07:00
20bd724f5e
Add support for scaling out the control plane with dedicated apiserver nodes
...
Ensure apiserver role can only be used on AWS (because of firewalling)
Apply api-server label to CP as well
Consolidate node not ready validation message
Guard apiserver nodes with a feature flag
Rename Apiserver role to APIServer
Add an integration test for apiserver nodes
Rename Apiserver role to APIServer
Enumerate all roles in rolling update docs
Apply suggestions from code review
Co-authored-by: Steven E. Harris <seh@panix.com>
2021-03-20 20:57:00 +01:00
26319c6e96
Remove dbus dependency
2021-03-20 15:06:10 +05:30
b57318fc3d
Download kubectl to /opt/kops/bin on Flatcar OS
...
Also add it to protokube's PATH.
Our flatcar job is currently failing because channels arent being applied.
A newly added error log reports that kubectl isn't in protokube's PATH.
This adds the kubectl's location (/opt/bin) to protokube's PATH.
See https://storage.googleapis.com/kubernetes-jenkins/logs/e2e-kops-aws-distro-imageflatcar/1371379886664454144/artifacts/54.206.100.130/protokube.log
2021-03-18 22:26:38 -05:00
ad7c793050
Merge pull request #10913 from seh/scope-os-update-policy-to-instance-group-too
...
Honor OS update policy at InstanceGroup level too
2021-03-12 22:03:03 -08:00
79a0720143
Fix rendering of multiple Docker insecure registries
2021-03-12 16:30:15 +02:00
77b72efe1d
Fix various nits when changing Protokube to run as service
2021-03-08 07:19:48 +02:00
d45514cff3
Make protokube a systemd process
2021-03-06 00:32:44 +05:30
e39c985ee7
Honor OS update policy at InstanceGroup level too
...
As with the Cluster-level "spec.updatePolicy" field, add a similar
field at the InstanceGroup level, allowing overriding of the
cluster-level choice in each InstanceGroup.
Introduce a new value for the field ("automatic") as equivalent to the
default value applied when the field is absent. Honoring this new
value allows disabling automatic updates at the cluster level, but
then enabling them again for particular InstanceGroups. Without such a
positive affirmation, it's not possible to override a cluster-level
"external" policy at the InstanceGroup level, as there's no way to
specify positively that you want to recover the default
value. Instead, expressing the explicit "automatic" value is clear and
unambiguous.
2021-03-05 08:53:07 -05:00
730fe1ffff
Merge pull request #10813 from justinsb/containerd_always_configure
...
containerd installation: always configure, even if we don't install
2021-02-15 23:29:05 -08:00
071c090065
containerd installation: always configure, even if we don't install
...
Even if we don't install containerd (e.g. ContainerOS or Flatcar), we
likely still need to configure it; particularly in the case of
kubenet.
Additionally, on ContainerOS we can't change the path from
/etc/containerd/config.toml, so we have to write it there. We may in
future be able to use this on all distros.
2021-02-13 18:19:16 -05:00
bc84cdaf11
iptables: Use the lock when checking for existing rules
...
Otherwise we sometimes get an "in-use" message, telling us to use the
lock, if another iptables process is running concurrently.
2021-02-13 16:12:11 -05:00
ce3f5416b9
Merge pull request #10759 from justinsb/containerd_kubenet_configuration
...
kubenet containerd: match upstream
2021-02-13 12:59:04 -08:00
d44612cc84
Capture outcome of "hack/update-expected.sh" run
2021-02-11 10:49:49 -05:00
c921aff34c
kubenet containerd: match upstream configuration
...
Configure kubenet in containerd/CNI mode to match upstream configuration.
Biggest change is a move to the ptp plugin.
Co-authored-by: Ciprian Hacman <ciprian@hakman.dev>
2021-02-11 08:25:55 -05:00
41d7d2dbe4
Merge pull request #10707 from slu2011/master
...
Use the kubeApiServerConfig clientCAFile field
2021-02-09 03:58:46 -08:00
4507be8e13
Merge pull request #10469 from justinsb/boot_nodes_from_kops_controller
...
Boot nodes without state store access
2021-02-08 11:28:19 -08:00
8ea5987851
Always generate kops-controller certs
2021-02-07 23:35:11 +02:00
dc03028e5d
Update the logic to set kubeAPIServer.ClientCAFile
2021-02-02 12:10:43 -08:00
a0350a0dfa
Use the kubeApiServerConfig clientCAFile field
2021-02-01 15:26:09 -08:00
7aeb8c2af3
Add back support for kubenet style networking with containerd
2021-01-24 21:16:45 +02:00
91a6777e60
Replace gopkg yaml with k8s-sigs yaml
2021-01-22 14:28:05 +01:00
23646b6546
Install dbus if needed for protokube with kope.io
2021-01-21 18:17:35 +02:00
John Gardiner Myers
Kubernetes Prow Robot
Ciprian Hacman
Ole Markus With
Alexander Block
Peter Rifel
dntosas
Ole Markus With
Kenji Kaneda
Barry Melbourne
Bharath Vedartham
Steven E. Harris
Justin SB
shil
Ciprian Hacman