kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
18,026 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

1127 Commits

Author SHA1 Message Date
John Gardiner Myers 3d5d5b38d6 Update automatically generated files 2021-11-02 23:08:03 -07:00
Peter Rifel 3442f95d59
Revert "Migrade kube-proxy manifest to use go-runner for logging" 
This reverts commit b0e585c751.
 2021-11-02 06:48:01 -05:00
Peter Rifel b0e585c751
Migrade kube-proxy manifest to use go-runner for logging 2021-11-01 17:01:19 -05:00
Ciprian Hacman d1375353b0 Enable Router Advertisements for Debian 11 on ens* interfaces 2021-10-31 15:16:10 +02:00
John Gardiner Myers 5447fa62e0 Prohibit masquerading in IPv6 clusters 2021-10-30 12:57:07 -07:00
Ciprian Hacman 91e215de96 Enable Router Advertisements for Debian 11 2021-10-30 10:22:43 +03:00
John Gardiner Myers 7cb4fbe91e Never masquerade IPv6 with Cilium 2021-10-27 23:40:02 -07:00
Ciprian Hacman 2f4bdde429 Respect any MaxPods value the user sets explicitly 
even for AWS VPC CNI.
 2021-10-25 06:39:34 +03:00
Kubernetes Prow Robot 03044b79a6
Merge pull request #12587 from justinsb/chrony_on_ubuntu_gce 
GCE: use chrony on Ubuntu + GCE
 2021-10-23 14:02:21 -07:00
Kubernetes Prow Robot 6cf33f74a0
Merge pull request #12554 from justinsb/nodeup_gossip_seed 
gossip: Seed /etc/hosts in nodeup
 2021-10-23 13:16:32 -07:00
justinsb f54cf000fd GCE: use chrony on Ubuntu + GCE 
Ubuntu on GCE has systemd-timesyncd masked, and recommends (and
preconfigures) chrony instead.
 2021-10-23 13:36:50 -04:00
justinsb 71264d5fec gossip: Seed /etc/hosts in nodeup 
In some scenarios (e.g. cilium), we rely on the internal DNS name
being available, but this isn't the case with gossip clusters.

nodeup can seed /etc/hosts for the control-plane nodes, breaking the
deadlock.
 2021-10-19 09:26:07 -04:00
justinsb c34fd83365 Add SystemGeneration to channel version tracker 
This allows us to reapply a manifest when we introduce new
functionality, such as pruning.

Otherwise an old version can apply the manifest, mark the manifest as
applied, and we won't reapply.
 2021-10-15 17:47:13 -04:00
Jesse Haka 43c5c9f9ab Enable ingress hostname feature for OpenStack 2021-10-12 10:12:41 +03:00
John Gardiner Myers 7963b9b9ec Remove some unused fields from v1alpha3 componentconfig 2021-10-07 23:29:53 -07:00
Kubernetes Prow Robot fcfdbab4b1
Merge pull request #12420 from justinsb/gce_tpm 
Support GCE TPM verification
 2021-10-06 23:33:47 -07:00
Peter Rifel f176380550
./hack/update-expected.sh 2021-10-06 08:11:04 -05:00
Peter Rifel db639664a1
Replace klog flags with go-runner in k8s 1.23 
These flags have been deprecated, see https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/2845-deprecate-klog-specific-flags-in-k8s-components
 2021-10-06 08:10:20 -05:00
justinsb 4dc2c062fd Support GCE TPM verification 2021-10-06 08:40:20 -04:00
Ciprian Hacman 71a0bcf353 Add kubescheduler.config.k8s.io/v1beta2 for k8s 1.22+ 2021-10-05 10:27:02 +03:00
John Gardiner Myers 0fd4dca30e Remove dead code 2021-10-02 20:58:55 -07:00
Ciprian Hacman 290d3d3e3d Remove unnecessary sysctl "net.ipv6.conf.all.accept_ra=2" 2021-10-02 08:07:04 +03:00
Peter Rifel 7ce1cdc065
Set kubelet's --no-ip on IPv6-only clusters 2021-09-30 09:20:33 -05:00
Peter Rifel 724804025b
./hack/update-expected.sh 2021-09-30 09:20:33 -05:00
Peter Rifel 88ddff3baf
Use separate cloud.config files for in-tree vs out-of-tree components 2021-09-30 09:20:33 -05:00
Kubernetes Prow Robot b9d5e37e1f
Merge pull request #12431 from olemarkus/cilium-al2 
Mount cgroupv2 for cilium at a custom location
 2021-09-28 07:14:43 -07:00
Ole Markus With 39178703c8 Mount cgroupv2 for cilium at a custom location 2021-09-27 19:29:36 +02:00
justinsb fad6db8beb Refactor bootstrap verifier/authenticator into its own package 
No code changes, but this avoids a circular package dependency that we
would otherwise introduce in the GCE logic.
 2021-09-26 09:43:53 -04:00
Ole Markus With fed0c16085 Revert "Remove unneeded network related sysctls" 
This reverts commit ce08ec68df.
 2021-09-25 08:24:47 +02:00
Peter Rifel ca044455a3
Remove critical-pod scheduler annotation. 
This is no longer recognized in all supported k8s versions (1.16+)

ea07644522/CHANGELOG/CHANGELOG-1.16.md (deprecations-and-removals)
 2021-09-22 21:14:50 -05:00
Ciprian Hacman ce08ec68df Remove unneeded network related sysctls 2021-09-22 06:51:10 +03:00
Ole Markus With a3a2a9c3bf Have nodeup assign an ipv6 prefix 2021-09-16 19:28:07 +02:00
Ole Markus With 29771b73c1 Use TLS for kubescheduler health check as of k8s 1.23 2021-09-16 07:46:16 +02:00
Kubernetes Prow Robot 3fd7b446c0
Merge pull request #12305 from hakman/node_ip_families 
Make AWS CCM NodeIPFamilies configurable
 2021-09-12 06:26:14 -07:00
Kubernetes Prow Robot 1b431b4c9c
Merge pull request #11628 from olemarkus/gpu-runtime 
Pre-install nvidia container runtime + drivers on GPU instances
 2021-09-11 13:00:07 -07:00
Ciprian Hacman dde08e839d Make AWS CCM NodeIPFamilies configurable 2021-09-11 13:09:08 +03:00
Ole Markus With f5fed2a08d Move nvidia config under containerd 2021-09-05 20:28:07 +02:00
Ole Markus With 4ab75b01cb Have instances learn about their GPU capabilities 2021-09-05 20:09:04 +02:00
Ole Markus With 2d013e460c Install nvidia container runtime 2021-09-05 20:09:04 +02:00
Ciprian Hacman 58fb2676eb Fix kernel parameter for IPv6 forwarding 2021-09-05 09:35:35 +03:00
Ole Markus With ec2dcfca48 Set NodeIPFamilies in ipv6 mode 2021-09-03 08:31:09 +02:00
Kubernetes Prow Robot c7eb08c76f
Merge pull request #12193 from olemarkus/protect-kernel-defaults 
Enable protect-kernel-defaults by default and set the correct sysctls in nodeup
 2021-09-02 04:42:09 -07:00
Ole Markus With 18faee636f Set kube-apiserver as default logs container 
Apply suggestions from code review

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2021-09-02 08:29:30 +02:00
John Gardiner Myers 01dd7d562e hack/update-expected.sh 2021-08-29 14:19:02 -07:00
John Gardiner Myers 62c4ce4d93 Move bootstrap RBAC from protokube to core bootstrap addon 2021-08-29 12:36:21 -07:00
John Gardiner Myers a6de058dc3 hack/update-expected.sh 2021-08-28 13:49:55 -07:00
John Gardiner Myers be8933b577 Remove code for unsupported features 2021-08-28 13:49:55 -07:00
John Gardiner Myers 6655022ce1 Remove support for the Lyft CNI 2021-08-28 11:54:39 -07:00
Ole Markus With ad16042a1f Add IPs to kubelet server cert 
Since AWS does not resolve instance hostnames to ipv6, ipv6-only pods that talk to kubelet API has to use node IP, not hostname. Thus we need to add IPs to kubelet server cert.
 2021-08-26 20:54:02 +02:00
Ole Markus With 4ef0172ee9 Enable protect-kernel-defaults by default and set the correct sysctls in nodeup 2021-08-23 11:48:20 +02:00
Ciprian Hacman 84bdfd900d Hardcode Flatcar containerd exec command 2021-08-19 09:50:08 +03:00
Ole Markus With ab596a49bc Enable ipv6 forwarding and router announcements 2021-08-11 11:09:29 +02:00
Reilly Brogan 13e2b54abc Debian 11: python-apt is not available 2021-08-10 14:33:48 -05:00
Ole Markus With f1a8565024 Fix disabling unattended upgrades 
Current default AMIs pre-install and pre-configure unattended upgrades.
We therefor need to explicitly disable it if the update policy requires
it.
 2021-08-10 12:51:49 +02:00
Ole Markus With 820683bba0 Test if update_service behaves as intended 2021-08-10 12:51:44 +02:00
John Gardiner Myers beb9741943 hack/update-expected.sh 2021-07-22 21:00:03 -07:00
John Gardiner Myers 3a53fdb139 Provision TLS server certs for controller-manager and scheduler 2021-07-22 20:59:58 -07:00
John Gardiner Myers cfd1582b0d Use kubeconfig for authentication and authorization as well 2021-07-21 19:24:06 -07:00
John Gardiner Myers 8416bd0c39 hack/update-expected.sh 2021-07-17 14:25:19 -07:00
John Gardiner Myers 526dd38e16 Remove apiserver's access to controller-manager secrets 2021-07-17 14:25:19 -07:00
John Gardiner Myers 226380bf5b Refactor legacy etcd manager etcd-client keypair 2021-07-17 14:25:19 -07:00
Kubernetes Prow Robot 67cfa9d4d4
Merge pull request #12003 from johngmyers/apiserver-server-cert 
Refactor more kube-apiserver credentials
 2021-07-17 13:52:50 -07:00
John Gardiner Myers 12c988160c hack/update-expected.sh 2021-07-16 23:12:22 -07:00
John Gardiner Myers 7c1ed8de66 Refactor kube-apiserver kubelet-api certificate 2021-07-16 23:07:14 -07:00
John Gardiner Myers 68bb8f5ddb Refactor kube-apiserver static credentials 2021-07-16 22:55:50 -07:00
John Gardiner Myers 781b302fac hack/update-expected.sh 2021-07-16 22:46:41 -07:00
John Gardiner Myers c8b1a586b8 Refactor kube-apiserver server certificate 2021-07-16 22:42:23 -07:00
John Gardiner Myers 3282549577 Issue kubelet cert on apiserver nodes for k8s before 1.19 2021-07-16 10:13:20 -07:00
John Gardiner Myers 3ae5413f63 Use keypair IDs for non-kops-controller-issued worker node certs 2021-07-15 14:04:48 -07:00
John Gardiner Myers 10692bc2f4 hack/update-expected.sh 2021-07-14 08:19:10 -07:00
John Gardiner Myers 191df58267 Verify CA keypair IDs for kops-controller-issued certs 2021-07-14 08:15:28 -07:00
Ole Markus With c17ec3a7e7 Move containerd config from cloudup to nodeup 2021-07-14 10:28:37 +02:00
John Gardiner Myers 9dbf3479d6 Stop writing the certificate-only keyset.yaml 2021-07-11 11:16:11 -07:00
Kubernetes Prow Robot 73b1bce020
Merge pull request #11975 from johngmyers/refactor-legacy 
Issue certs using CA KeypairID in NodeupConfig
 2021-07-11 01:56:47 -07:00
Kubernetes Prow Robot a3daff9343
Merge pull request #11971 from johngmyers/rotate-all 
Add "all" variants of key rotation commands
 2021-07-11 00:30:46 -07:00
John Gardiner Myers 61606868ab hack/update-expected.sh 2021-07-10 23:23:13 -07:00
John Gardiner Myers 68041a4f73 Issue certs using CA KeypairID in NodeupConfig 2021-07-10 23:23:12 -07:00
John Gardiner Myers 6ddccf5f79 Refactor some users of FindPrimaryKeypair 2021-07-10 23:23:12 -07:00
John Gardiner Myers 6f06661a68 Use narrower interface type 2021-07-10 23:23:12 -07:00
John Gardiner Myers a33a30a859 Refactor out some legacy interfaces 2021-07-10 23:23:12 -07:00
John Gardiner Myers a63e65038f hack/update-expected.sh 2021-07-10 17:31:59 -07:00
John Gardiner Myers d58a19e1bd Refactor service-account signing key 2021-07-10 17:31:59 -07:00
John Gardiner Myers 5a2aac4cfd Add "all" variants of key rotation commands 2021-07-10 05:51:31 -07:00
John Gardiner Myers 6846ef3a80
Fix function comment 
Co-authored-by: Ole Markus With <olemarkus@gmail.com>
 2021-07-09 23:50:02 -07:00
John Gardiner Myers c35d101a89 Refactor keysets for etcd-manager 2021-07-08 18:46:03 -07:00
Ciprian Hacman 0ed8942835 Add log rotation for etcd-cilium.log 2021-07-07 08:31:08 +03:00
John Gardiner Myers 5834fc2690 hack/update-expected.sh 2021-07-03 17:33:13 -07:00
John Gardiner Myers 921d09523e Rename the "ca" keyset to "kubernetes-ca" 2021-07-03 17:33:13 -07:00
Peter Rifel c5fbcccfa6
Update pause image to 3.5 2021-07-02 06:40:27 -04:00
John Gardiner Myers 5c5969d102 hack/update-expected.sh 2021-07-01 22:25:51 -07:00
John Gardiner Myers 1e0c6cb1aa Refactor apiserver-aggregator-ca 2021-07-01 22:25:47 -07:00
John Gardiner Myers 7162a7473a Remove dead code 2021-07-01 13:58:51 -07:00
John Gardiner Myers 0f1de5cfc8 hack/update-expected.sh 2021-06-30 18:55:35 -07:00
John Gardiner Myers 3de05a500e Refactor etcd-clients-ca keyset for api-server 2021-06-30 18:55:30 -07:00
John Gardiner Myers 7dfe9d82ab hack/update-expected.sh 2021-06-27 08:45:06 -07:00
John Gardiner Myers e1df9f09dd Refactor service-account public keys 2021-06-27 08:45:06 -07:00
John Gardiner Myers 20ca7082d7 hack/update-expected.sh 2021-06-27 08:45:05 -07:00
John Gardiner Myers 7e0c6acbad Take poorly formed keypair out of tests 2021-06-27 08:45:05 -07:00
John Gardiner Myers 60ae29c93c Refactor EncryptionConfig 2021-06-27 08:45:05 -07:00
John Gardiner Myers fdf034058d hack/update-expected.sh 2021-06-27 08:45:05 -07:00
John Gardiner Myers 1312163edd Update nodes with an APIServer when APIServer spec changes 2021-06-27 08:45:04 -07:00
John Gardiner Myers 5de6d16e76 Catch calls to GetBootstrapCert from control plane 2021-06-26 00:04:52 -07:00
John Gardiner Myers 2faf28379a Refactor etcd-client-cilium secrets 2021-06-25 23:57:23 -07:00
John Gardiner Myers 1752f0f4db Move most of nodeup.Config out of userdata 2021-06-25 22:25:49 -07:00
John Gardiner Myers c132ae1520 Move fields from AuxConfig to nodeup.Config 2021-06-25 18:41:29 -07:00
Ciprian Hacman d7f405f65a Decrease default values for net.ipv4.tcp_rmem and net.ipv4.tcp_wmem 2021-06-25 21:27:56 +03:00
Kubernetes Prow Robot 0e4d766deb
Merge pull request #11852 from hakman/hooks-containerd 
Handle containerExec hooks when using containerd
 2021-06-23 23:27:40 -07:00
Ciprian Hacman cf19ba343b Handle containerExec hooks when using containerd 2021-06-24 07:42:53 +03:00
Ciprian Hacman cb179b3b62 Pre-add hooks integration test 2021-06-24 06:38:20 +03:00
John Gardiner Myers 1e89064be3 Refactor kube-controller-manager secrets 2021-06-22 22:32:52 -07:00
Kubernetes Prow Robot d5119c0338
Merge pull request #11833 from johngmyers/update-on-primary-change 
Mark nodes NeedsUpdate when keys they use change
 2021-06-22 08:11:58 -07:00
John Gardiner Myers 366210d189 Remove dead code 2021-06-21 21:45:55 -07:00
John Gardiner Myers a83bf7b20f Mark nodes NeedsUpdate when keys they use change 2021-06-21 19:37:23 -07:00
Kubernetes Prow Robot 9a0e90e1ed
Merge pull request #11824 from johngmyers/remove-kubeup 
Remove support for importing and converting kubeup clusters
 2021-06-21 12:46:50 -07:00
John Gardiner Myers fc94505a76 Include multiple certs in aws-iam-authenticator trust bundle 2021-06-21 07:35:50 -07:00
John Gardiner Myers 002a1f7fd3 Remove 'kops toolbox convert-imported' 2021-06-21 07:34:29 -07:00
Kubernetes Prow Robot ab0ee8a2a9
Merge pull request #11823 from johngmyers/get-keypairs-2 
Improve the output of 'kops get keypairs'
 2021-06-21 02:19:10 -07:00
John Gardiner Myers 1ed3619362 Improve the output of 'kops get keypairs' 2021-06-20 15:51:09 -07:00
Ciprian Hacman 904f21cd77 Remove previous implementation of pre-pulling container images 2021-06-20 23:01:52 +02:00
Ciprian Hacman 65d21ee463 Pre-pull container images from list of desired prefixes 2021-06-20 23:01:52 +02:00
John Gardiner Myers 204a134a7d Include multiple CA certificates in the common trust store 2021-06-19 10:56:30 -07:00
John Gardiner Myers c337d217ba Refactor kops-controller to use FindPrimaryKeypair and use consistent filenames 2021-06-19 10:56:29 -07:00
John Gardiner Myers 6b9aebae88 Include multiple CA certificates in bootstrap kubeconfigs 2021-06-19 10:56:29 -07:00
John Gardiner Myers 0dee785ebf Pass multiple CA certs to kops-controller client 2021-06-19 10:50:53 -07:00
John Gardiner Myers e0d9259be1 Remove dead code 2021-06-19 10:50:52 -07:00
John Gardiner Myers 42bf3ee85b Seed the random number generator on AWS 2021-06-17 22:59:43 -07:00
Kubernetes Prow Robot d35bce0ff8
Merge pull request #11764 from olemarkus/cilium-etcd-fix 
Don't try to build etcd-manager secrets for cilium twice
 2021-06-17 00:14:20 -07:00
Ole Markus With f80b550c7a Use internal name for cilium etcd if we do not enable api server nodes 2021-06-16 08:27:26 +02:00
Ole Markus With a3cfe8d098 Don't try to build etcd-manager secrets for cilium twice 2021-06-15 12:42:11 +02:00
Ole Markus With e7fa3fa82c Set containerd config on nodeup.Config instead of clusterspec 
This allows us to set a default containerd config per IG (e.g add a different config for GPU IGs)

Can also be considered a cleanup as we no longer use containerd.overrideConfig as a mechanism for bringing the default containerd config from cloudup to nodeup.
 2021-06-15 11:08:22 +02:00
Kubernetes Prow Robot b71ba1d566
Merge pull request #11219 from johngmyers/refactor-keypair 
Refactor keypair code in preparation for secret rotation
 2021-06-12 14:25:00 -07:00
Kubernetes Prow Robot cfc93e5178
Merge pull request #9294 from johngmyers/refactor-nodeup-context 
Remove InstanceGroup from NodeupModelContext
 2021-06-12 13:43:01 -07:00
Ole Markus With 224cae1113 Only warm-pull images used by the CSI DS 
Pulling the Deployment images serves no purpose as they tend not to run on normal nodes
 2021-06-10 09:28:53 +02:00
Ole Markus With c162013a3c Use quay images for cilium 2021-06-08 23:01:08 +02:00
John Gardiner Myers e0915887ed Move asset copying out of apply_cluster 2021-06-05 21:17:50 -07:00
John Gardiner Myers 12465ac27c Simplify extraction of service-account public keys 2021-06-05 16:38:28 -07:00
John Gardiner Myers fa77f8b964 Rename fi.Keystore.StoreKeypair to StoreKeyset 2021-06-05 16:38:26 -07:00
John Gardiner Myers 2300d89591 Rename pki.FindKeypair to FindPrimaryKeypair 2021-06-05 16:38:26 -07:00
John Gardiner Myers ed1f6ff79e Refactor StoreKeypair and AddCert 2021-06-05 16:38:25 -07:00
John Gardiner Myers 0364a3af25 Refactor FindKeypair interfaces 2021-06-05 16:38:24 -07:00
John Gardiner Myers 6b2250a9af Have apiserver trust all service-account keys 2021-06-05 16:38:08 -07:00
John Gardiner Myers b45c0b4489 Remove InstanceGroup from NodeupModelContext 2021-06-03 21:27:01 -07:00
John Gardiner Myers 14ab4a3453 Move UpdatePolicy into NodeConfig 2021-06-03 21:20:56 -07:00
John Gardiner Myers 59c8826b17 Move FileAssets into the NodeupAuxConfig 2021-06-03 21:20:55 -07:00
John Gardiner Myers 06658c9d13 Move Hooks into the NodeupAuxConfig 2021-06-03 21:09:45 -07:00
John Gardiner Myers c3c1aca3c1 Include AuxConfig output in TestBootstrapUserData 2021-06-03 21:09:45 -07:00
John Gardiner Myers 2e1629c610 Introduce nodeup.AuxConfig 2021-06-03 20:37:22 -07:00
Kubernetes Prow Robot c62090fc6c
Merge pull request #11552 from hakman/etcd-events-tests 
Add etcd-server related tests
 2021-05-21 09:29:35 -07:00
Ciprian Hacman 48ef1555bb Add etcd-server related tests for kube-apiserver 2021-05-21 18:53:54 +03:00
Ciprian Hacman f4ec3df187 Prepare etcd-server related tests for kube-apiserver 2021-05-21 18:53:54 +03:00