kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
22,273 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

25 Commits

Author SHA1 Message Date
Flo Piboubès ba01597a40 Fix a copy-paste error in GCE storageacl task 2025-05-22 12:21:47 +02:00
Flo Piboubès 51742b9268 GCE: keep track service account emails in IAM tasks 
This avoids creation of duplicate IAM tasks for a single service
account.
 2025-05-22 12:19:53 +02:00
justinsb 65aba4e300 gce: use typed ServiceAccount in IAM tasks 
This gives us an automatic dependency in our evaluation,
and lets us write out a dependency to terraform also.
 2025-04-28 08:15:02 -04:00
John Gardiner Myers 57b0d8e9cd v1alpha3: Move configBase to configStore.base 2023-07-22 15:57:35 -07:00
John Gardiner Myers 6836673cca Stop using redundant configStore setting 2023-07-20 19:10:21 -07:00
Justin SB d4f3573351 gce: Fix log message about bucket level IAM 
The parameters were the wrong way round.
 2023-03-30 17:16:03 -04:00
John Gardiner Myers 34d7507f78 v1alpha3: Move some GCE-specific fields to CloudProvider.GCE 2022-12-19 08:28:28 -08:00
John Gardiner Myers 7c3e32369a Refactor Context into separate cloudup and nodeup types 2022-12-17 17:42:46 -08:00
John Gardiner Myers de9055b588 Update control-plane terminology in CLI output strings 2022-11-23 21:32:10 -08:00
John Gardiner Myers d39ba74bd7 Change the control-plane IG role to "ControlPlane" in v1alpha3 API 2022-11-22 17:05:29 -08:00
justinsb 93a6871e9b gce: don't set per-IG permissions when using shared account 
If we're using a cluster-level service-account, we shouldn't try to
set bucket permissions on a per-IG level.

For compatibility with the existing behavior, we simply don't set any
permissions in this case.
 2021-12-28 10:10:16 -05:00
justinsb 746f886718 gce: use per instancegroup serviceaccounts 
We no longer set the cloudconfig serviceaccount on new clusters, and
instead use a per-IG setting if this is not set.
 2021-12-17 12:57:14 -05:00
John Gardiner Myers 7c9e7e9286 Make Lifecycle field non-pointer 2021-06-02 23:02:16 -07:00
Ole Markus With 1ec0bd18e8 Enable support for the ASG WarmPool lifecycle hook 
Update pkg/model/iam/iam_builder.go

Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>
 2021-04-24 09:40:52 +02:00
Justin SB a61ecf4c58 Refactor to use interface for iam Subjects 
Hat-tip to johngmyers for the idea!
 2020-09-09 09:57:07 -04:00
Justin SB 8498ac9dbb Create PublicJWKS feature flag 
This should be much easier to start and to get under testing; it only
works with a load balancer, it sets the apiserver into anonymous-auth
allowed, it grants the anonymous auth user permission to read our jwks
tokens.  But it shouldn't need a second bucket or anything of that
nature.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-09-09 09:57:06 -04:00
Peter Rifel 4d9f0128a3
Upgrade to klog2 
This splits up the kubernetes 1.19 PR to make it easier to keep up to date until we get it sorted out.
 2020-08-16 20:56:48 -05:00
eric-hole 1f508e7e17 Tweak the featureflag.GoogleCloudBucketACL.Enabled 2020-03-14 20:47:11 -07:00
mikesplain 9e55b8230a Update copyright notices 
Also cleans some white spaces
 2019-09-09 14:47:51 -04:00
Justin SB 3e33ac7682
Change code from glog to klog 
We don't call klog.InitFlags yet, because that will cause a flag
redefinition error until we get everyone to stop using glog.  That
will happen when we update to k8s 1.13.
 2019-05-06 12:54:51 -04:00
Rohith b1aa7892c7 Launch Template Feature Flag 
- adding a feature flags to allow users to switch over to launch templates completely
 2019-02-26 10:17:10 +00:00
Justin Santa Barbara ba6d14d1a8 GCE: Grant bucket permissions for etcd-manager 
Unfortunately it has to be bucket level, because that is all that GCS
supports.
 2018-06-14 17:50:16 -04:00
chrislovecnm 8d1ee1fa16 updating files for goimports 2017-11-01 12:51:43 -06:00
Justin Santa Barbara d1ee8026ac GCE: Tasks for object & bucket level permissions 
We also switch to setting a bucket-level ACL permission, as this
requires less permissions.
 2017-10-29 18:08:08 -04:00
Justin Santa Barbara dbbe3f373b GCE: Set up permissions for cross-project configurations 
This ensures that the cluster can read the kops state store files, even
if the GCS bucket is in a different project.

We automatically set up an IAM access policy that grants access.
 2017-10-28 03:24:18 -04:00