kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,746 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

1272 Commits

Author SHA1 Message Date
Ole Markus With 63f13322d5 Don't pass ctx and cluster everywhere 2020-09-23 08:30:24 +02:00
Ole Markus With 7bc17f4b1f Build cloud outside of PerformAssignments 
We tend to build cloud, call some method, and then build cloud over
again. It would be easier to just pass the first one along.

Passing along cloud would also make it easier to mock cloud.
 2020-09-23 07:54:28 +02:00
Ole Markus With 31ee079c7b Improve kops get instances when api is unavailable 
When the api is unavailable, kops will say all the nodes have not yet
joined the cluster. That is not the case simply because e.g the admin
credentials have been expired. This PR makes it a bit more clear that we
cannot know the node name when the API is unavailable.
 2020-09-19 08:43:53 +02:00
John Gardiner Myers f4cecc58ac Ignore lack of tags on launch templates 2020-09-10 20:59:28 -07:00
John Gardiner Myers 7069aaabf6 Take node labels from cloud tags on AWS 2020-09-10 20:59:24 -07:00
John Gardiner Myers 24ff622d8e Rename NodeReconciler to LegacyNodeReconciler 2020-09-10 20:42:56 -07:00
Kubernetes Prow Robot 036ea69525
Merge pull request #9352 from justinsb/irsa_with_public 
Simplified form of IAM Roles for ServiceAccounts
 2020-09-09 22:23:44 -07:00
Kubernetes Prow Robot 4508406515
Merge pull request #9908 from rdrgmnzs/CacheNodeidentityInfo 
Allow caching of Nodeidentity Info in kops-controller for AWS.
 2020-09-09 13:01:44 -07:00
Rodrigo Menezes 4c057f138a Allow caching of Nodeidentity Info in kops-controller for AWS to reduce the number of DescribeInstances API calls. 2020-09-09 22:11:29 +03:00
Justin SB ccc814dfbc Create tests for JWKS scenarios 2020-09-09 09:57:06 -04:00
Ciprian Hacman c7bc3d4397 Update mock version to 1.19.0-alpha.3 2020-09-08 08:45:25 +03:00
Ole Markus With a483945711 Refactor based on changes to cloud instances 2020-09-01 08:41:53 +02:00
Ole Markus With c01455cf91 Keep the good part from last attempt 2020-09-01 08:30:03 +02:00
Kubernetes Prow Robot e11146c0df
Merge pull request #9799 from olemarkus/cloudinstances-refactor 
Cloudinstances refactor
 2020-08-31 23:23:50 -07:00
Kubernetes Prow Robot 5d09a9a95b
Merge pull request #9667 from justinsb/kubectl_auth_helper 
Support authentication helper for kubectl
 2020-08-30 21:46:21 -07:00
Ole Markus With 0ec71686b9 Refactor cloudinstancegroupmember in a more independent cloud instance representation 
Apply suggestions from code review

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-08-30 21:37:03 +02:00
Justin SB 8757a2ce2a kubeconfig generation: add tests for kops plugin 
Also slightly simplify the tests and Kubecfg Builder signature by
passing in the ConfigAccess only when needed.
 2020-08-30 15:17:36 -04:00
Justin SB 0cda0f5068 Support authentication helper for kubectl 
We create a simple exec plugin command which can create and renew
short-lived admin credentials on the fly, essentially leveraging the
security of the underlying cloud credentials.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-08-30 15:16:20 -04:00
Justin SB 786423f617 Expose JWKS via a feature-flag 
When the PublicJWKS feature-flag is set, we expose the apiserver JWKS
document publicly (including enabling anonymous access).  This is a
stepping stone to a more hardened configuration where we copy the JWKS
document to S3/GCS/etc.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-08-30 10:15:11 -04:00
Justin Santa Barbara f32fcc35fa Addons: Support arbitrary additional objects 
We will be managing cluster addons using CRDs, and so we want to be
able to apply arbitrary objects as part of cluster bringup.

Start by allowing (behind a feature-flag) for arbitrary objects to be
specified.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-08-28 09:03:41 -04:00
Kubernetes Prow Robot e537846b41
Merge pull request #9784 from olemarkus/kops-delete-instance 
Add kops delete instance command
 2020-08-28 00:36:53 -07:00
Ole Markus With ff6c04938d Add kops delete instance command 
Add support for deleting instance by k8s node name

Add yes flag
 2020-08-28 08:43:30 +02:00
Peter Rifel 64f6f5e2cb
Add integration test for GCE private topology with bastion 2020-08-27 14:28:26 -05:00
Peter Rifel d0b8c654bd
Add --internal flag for export kubecfg that targets the internal dns name 
Kops creates an "api.internal.$clustername" dns A record that points to the master IP(s)

This adds a flag that will use that name and force the CA cert to be included.
This is a workaround for client certificate authentication not working on API ELBs with ACM certificates.
The ELB has a TLS listener rather than TCP, so the client certificate is not passed through to the apiserver.
Using --internal will bypass the API ELB so that the client certificate will be passed directly to the apiserver.
This also requires that the masters' security groups allow 443 access from the client which this does not handle automatically.
 2020-08-26 21:15:18 -05:00
John Gardiner Myers 07220797b4 Issue the cilium etcd client cert out of kops-controller 2020-08-17 21:15:34 -07:00
Peter Rifel bae8150e12
Update more klog v1 references to v2 
I missed these in the previous PR. This removes the direct dependency on v1 entirely.
The kubernetes 1.19 upgrade will remove the indirect reference on v1.
 2020-08-17 07:44:48 -05:00
John Gardiner Myers d05f9a3eff Don't issue certs for features not enabled 2020-08-16 23:40:43 -07:00
John Gardiner Myers b6947ccaee Use kops-controller to issue kube-router cert 2020-08-16 23:40:38 -07:00
John Gardiner Myers 8e43c1d637 Use kops-controller to issue kube-proxy cert 2020-08-16 23:36:42 -07:00
Peter Rifel 4d9f0128a3
Upgrade to klog2 
This splits up the kubernetes 1.19 PR to make it easier to keep up to date until we get it sorted out.
 2020-08-16 20:56:48 -05:00
John Gardiner Myers 9e99f76a6e Address review comments 2020-08-15 10:30:21 -07:00
John Gardiner Myers bec273ebf1 Implement signing of kubelet cert in kops-controller 2020-08-15 10:30:20 -07:00
John Gardiner Myers 9cfa169740 Add server code to kops-controller 2020-08-15 10:30:15 -07:00
John Gardiner Myers cfa262a81a Authenticate from nodeup to kops-controller 2020-08-15 09:50:08 -07:00
John Gardiner Myers 9c01e1f44d Send bootstrap query from nodeup to kops-controller 2020-08-15 09:50:08 -07:00
John Gardiner Myers 00c60ddff6 Add server code to kops-controller 2020-08-15 09:46:30 -07:00
Kubernetes Prow Robot 96ab8423b1
Merge pull request #9566 from hakman/arm64-images 
Add ARM64 support for masters
 2020-08-14 20:46:17 -07:00
Kubernetes Prow Robot ec8b47d725
Merge pull request #9593 from johngmyers/kubectl-lifetime 
Reduce the lifetime of exported kubecfg credentials
 2020-08-14 19:24:18 -07:00
Ciprian Hacman b913e35da6 Remove also the flagRootFS flag from NodeUp 2020-08-13 08:37:51 +03:00
Ciprian Hacman d70fb506e5 Remove unused FSRoot from NodeUp 2020-08-12 18:35:35 +03:00
Ole Markus With 9890839cec Add an integration test for openstack floating ip 
* Integration test for floatingip cluster
* Implements mocking of floatingIP (only list for now)
* Expands various cloudmocks
* Fixes an NPR in openstack validation
* Fixes a bug where kops tries to use DNS even if the cluster is gossip
 2020-08-12 12:59:30 +02:00
Kubernetes Prow Robot b7871e2e72
Merge pull request #9478 from bwagner5/feat-instance-selector 
Add instance-selector cmd to toolbox
 2020-08-11 14:15:45 -07:00
Brandon Wagner c4e2497a8a change defaults 2020-08-11 15:40:54 -05:00
Brandon Wagner e1136f6d9a fix new cli api for byte quantities 2020-08-10 17:13:43 -05:00
Brandon Wagner 602564d26c use byte quantity flag instead of int MiBs for memory args 2020-08-10 16:16:51 -05:00
Brandon Wagner 89c90c8b49 cpuarch amd64 is now supported in upstream lib 2020-08-10 16:16:51 -05:00
Brandon Wagner b4bc9b5d56 update cli docs for instance-selector 2020-08-10 16:16:51 -05:00
Brandon Wagner 2a33b98317 ove instance-group-name to arg like create ig 2020-08-10 16:16:51 -05:00
Brandon Wagner 1bb593aa1a move from zones input to subnets input 2020-08-10 16:16:51 -05:00
Brandon Wagner 8d81c225a9 pr comments 2020-08-10 16:16:51 -05:00
Brandon Wagner 9d9ca8441e feat toolbox instance-selector implementation 2020-08-10 16:16:51 -05:00
Brandon Wagner fe3671fff5 go.mod deps for feat toolbox instance-selector 2020-08-10 16:16:51 -05:00
Peter Rifel 6991655921
Add openstack integration test. 
This will create / update / update / delete an openstack cluster using cloudmock, ensuring there are no lingering changes reported or orphaned resources
 2020-08-10 15:22:49 -05:00
Ciprian Hacman 172031859d ARM64 support - Build multi-arch images 2020-08-10 13:47:07 +03:00
Kubernetes Prow Robot ea2d0da1cc
Merge pull request #8577 from justinsb/dump 
Capture logs from a kops cluster
 2020-08-09 17:18:19 -07:00
John Gardiner Myers 8258dcd395 Exempt OpenStack from the EnableExternalCloudController feature flag 2020-07-25 13:12:25 -07:00
Peter Rifel 40a25bd8ba
Expose private key as a flag 2020-07-24 20:15:45 -05:00
Peter Rifel 3f03094e79
Try to list nodes for dumping logs 2020-07-24 20:12:53 -05:00
Peter Rifel 1faeb36d37
Address feedback and test failures 2020-07-22 22:19:00 -05:00
John Gardiner Myers a45b07c156 Reduce the lifetime of exported kubecfg credentials 2020-07-17 22:39:01 -07:00
Kubernetes Prow Robot 022fec8606
Merge pull request #9471 from johngmyers/ig-per-zone 
Create one nodes instance group per zone
 2020-07-17 12:34:54 -07:00
John Gardiner Myers e9b8e4e39a Create zero-node IGs if more zones than nodes 2020-07-17 11:26:09 -07:00
John Gardiner Myers fbc235a3fe Create one nodes IG per zone 2020-07-17 11:26:09 -07:00
John Gardiner Myers 3201cc4dd8 Require extra flag when updating cluster with downgraded kops version 2020-07-17 11:11:12 -07:00
Kubernetes Prow Robot 6f3c067e5e
Merge pull request #9280 from olemarkus/no-admin 
Specify user on export kubecfg
 2020-07-17 11:00:51 -07:00
Justin Santa Barbara d8b69ab2e3
Capture logs from a kops cluster 
This is derived from the dumping code in kubetest.  If we want to run
tests outside of kubetest (e.g. upgrade tests), we're going to need
that functionality.
 2020-07-17 10:00:06 -05:00
Ciprian Hacman 827d8c041f Update mock version to 1.19.0-alpha.1 2020-07-08 18:31:18 +03:00
Ole Markus With aab5054ffc Add networking provider for using etcd-manager for cilium 
This is the only feasible way of adding the additional etcd cluster for a cilium e2e test
 2020-07-07 21:06:21 +02:00
John Gardiner Myers 03c5f4c024 Move remaining new cluster setup to pkg 2020-07-06 21:28:08 -07:00
Kubernetes Prow Robot f5c7003aff
Merge pull request #9509 from rifelpet/amazonvpc-docs 
Update AWS VPC CNI docs to use `--networking amazonvpc`
 2020-07-06 18:41:57 -07:00
Kubernetes Prow Robot 222756b35d
Merge pull request #9490 from johngmyers/newcluster-4 
Move more cluster creation code to NewCluster()
 2020-07-06 16:23:57 -07:00
Peter Rifel 7582109b23
Update AWS VPC CNI docs to use --networking amazonvpc 2020-07-06 17:40:21 -05:00
John Gardiner Myers d60eeabade Move topology setup to pkg 2020-07-03 10:49:50 -07:00
John Gardiner Myers de0e20ee7b Move network provider setup to pkg 2020-07-03 10:49:16 -07:00
John Gardiner Myers b4c3b38436 Move more cloud provider setup to pkg 2020-07-03 10:48:29 -07:00
Ole Markus With 263172caac Use new templates for cilium 1.8 2020-07-03 07:56:35 +02:00
Kubernetes Prow Robot 734a0eb5f3
Merge pull request #9415 from johngmyers/refactor-nodeup-2 
Continue moving InstanceGroup data to NodeupConfig
 2020-07-02 20:50:47 -07:00
Kubernetes Prow Robot 38195fbd41
Merge pull request #9467 from johngmyers/newcluster-3 
Move more cluster creation code to NewCluster()
 2020-07-02 17:02:47 -07:00
Ciprian Hacman a7c8d2087c Use github.com/blang/semver/v4 2020-07-01 08:54:42 +03:00
John Gardiner Myers f1a9297cb5 Move node setup to pkg and refactor 2020-06-30 22:45:38 -07:00
John Gardiner Myers a5b60ccac3 Move master setup to pkg and refactor 2020-06-30 21:52:06 -07:00
John Gardiner Myers a33acc0ae4 Move zone setup to pkg and refactor 2020-06-30 20:20:09 -07:00
John Gardiner Myers 56e5adc67e Move VPC setup into NewCluster() 2020-06-30 12:37:46 -07:00
John Gardiner Myers fe66b0011b Move CloudProvider determination into NewCluster() 2020-06-30 12:37:11 -07:00
John Gardiner Myers bd2890c0db Refactor more cluster creation code into NewCluster() 2020-06-30 12:37:10 -07:00
Ole Markus With d529afe637 Only enable nodeport by default if k8s is 1.12 or newer 2020-06-29 21:42:09 +02:00
Ole Markus With 4d1897ab90 Enable nodeport by default 2020-06-29 21:42:09 +02:00
John Gardiner Myers 44fb283e3f Move NodeLabels into the NodeupConfig 2020-06-28 18:52:03 -07:00
Kubernetes Prow Robot 679b9db9a1
Merge pull request #9422 from johngmyers/trim-loader 
Remove dead cloudup code
 2020-06-28 13:42:14 -07:00
Ole Markus With 72fd007acf Don't export admin user by default. Allow specifying existing user when exporting context 2020-06-24 19:54:25 +02:00
Kubernetes Prow Robot 028aad06ce
Merge pull request #9413 from johngmyers/create-pkg 
Start pushing create_cluster logic into pkg
 2020-06-24 05:57:16 -07:00
John Gardiner Myers a76a1cd127 Remove unused model options 2020-06-21 22:37:16 -07:00
Kubernetes Prow Robot 10553e143f
Merge pull request #9410 from johngmyers/refactor-lyft 
Refactor lyft config file to Go code
 2020-06-20 13:42:39 -07:00
John Gardiner Myers be6ff2adb7 Start pushing create_cluster logic into pkg 2020-06-20 12:46:35 -07:00
Kubernetes Prow Robot 8b371acef0
Merge pull request #9094 from olemarkus/vault-vfs 
Implement VFS for vault
 2020-06-20 12:02:39 -07:00
Kubernetes Prow Robot a5b47e9c18
Merge pull request #9407 from hakman/master-node-image 
Add master and node image options when creating a cluster
 2020-06-20 11:08:39 -07:00
Ciprian Hacman 279fd313ec Address review comments 
Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2020-06-20 19:33:42 +03:00
John Gardiner Myers 99c8c4b8fc Move apply logic down into pkg for import use 2020-06-19 23:51:41 -07:00
John Gardiner Myers 87a981093b Remove unused loading code from Loader 2020-06-19 23:30:56 -07:00
Peter Rifel 75ccf45eb7
Fold multiple integration test cases into the complex cluster test 
Each integration test cluster adds many LoC and some overhead in running the integration tests.
Since many of the tests are only testing a specific feature, it would be simpler to combine all of the non-mutually exclusive features into the complex cluster.
 2020-06-19 22:09:22 -05:00