kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,686 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

174 Commits

Author SHA1 Message Date
Kubernetes Prow Robot 2649cbc598
Merge pull request #10995 from haugenj/release-1.19 
Add NTH Queue Processor Mode
 2021-04-22 12:15:58 -07:00
Ole Markus With 020652e096 Add ability to enable/configure warm pool for ASG 
Apply suggestions from code review

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>

Apply suggestions from code review

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-04-20 09:02:09 +02:00
Jason Haugen 7e48dad4d2 add ManagedAsgTag, merge templates, improve docs 2021-04-19 16:51:08 -05:00
Jason Haugen cceb9dd296 lifecycle integ test, docs, & small cleanup 2021-04-19 15:43:06 -05:00
Jason Haugen 318a116ba6 fix staticcheck 2021-04-19 15:43:05 -05:00
Jason Haugen c8bb48ba81 fix existing tests 2021-04-19 15:43:05 -05:00
Jason Haugen d07b067249 Add NTH queue-processor mode 2021-04-19 15:43:05 -05:00
John Gardiner Myers fdc61b4bdb Rename the service account key 2021-04-11 08:11:27 -07:00
liranp 97370b0adc
fix(spot/ocean): configure headroom resources only at the vng level 2021-04-06 23:41:40 +03:00
Ole Markus With 20bd724f5e Add support for scaling out the control plane with dedicated apiserver nodes 
Ensure apiserver role can only be used on AWS (because of firewalling)

Apply api-server label to CP as well

Consolidate node not ready validation message

Guard apiserver nodes with a feature flag

Rename Apiserver role to APIServer

Add an integration test for apiserver nodes

Rename Apiserver role to APIServer

Enumerate all roles in rolling update docs

Apply suggestions from code review

Co-authored-by: Steven E. Harris <seh@panix.com>
 2021-03-20 20:57:00 +01:00
Ole Markus With 397f58deb4 Fix comments from review 2021-03-19 20:51:18 +01:00
Ole Markus With 5178571db5 Comment where the CA sha1s come from 2021-03-19 20:07:57 +01:00
Ole Markus With 1900548213 Upload JWKS files as world readable 2021-03-19 20:07:38 +01:00
Ole Markus With 2c1f88f40e Do not need thumbprints to be resources 2021-03-19 20:05:37 +01:00
Ole Markus With ed166313d2 Use well-known s3 fingerprints 2021-03-19 20:03:28 +01:00
Peter Rifel 7c900b7fae Generate and upload keys.json + discovery.json to public store 
Generate and upload keys.json + discovery.json to public store

Don't enable anonymous auth on publicjwks

Remove tests that won't work using FS VFS anymore
 2021-03-19 20:03:26 +01:00
liranp dc1ee9402a
feat(spot/ocean): support for block device mappings in launchspec 2021-03-10 15:30:39 +02:00
Bharath Vedartham 0c0767c0c9 Remove support for launch configurations 2021-03-09 09:04:15 +02:00
Ole Markus With c6a741a148 Move dns and external_access to awsmodel 2021-03-07 22:07:17 +01:00
Ole Markus With d415fdf1a1 Move bastion model to awsmodel 2021-03-07 22:06:20 +01:00
Ole Markus With 896f1740c6 Rename spotinst symbols and merge spotinstmodel with awsmodel 2021-03-07 22:06:12 +01:00
Peter Rifel ce51ec44bc
Use new CPUCredits IG spec field in launch templates 2021-03-02 22:54:29 -06:00
liranp 2abdb90c54
fix: don't skip lb attachments when hybrid is enabled 2021-03-01 14:07:22 +02:00
Kubernetes Prow Robot 1b42286cfe
Merge pull request #10832 from rifelpet/aws-sdk 
Add Tagging to Instance Profiles and OIDC Providers
 2021-02-24 05:40:50 -08:00
Timothy Clarke 1577b0a54b
Adding Elastic IP Allocations to NLB API 2021-02-18 12:27:28 +00:00
Peter Rifel d52fd9f76c
Add tagging support to AWS Instance Profiles and OIDC Providers 2021-02-15 16:48:43 -06:00
Kubernetes Prow Robot cd10383fa0
Merge pull request #10741 from codablock/nlb-subnets 
Allow to control which subnets and IPs get used for the API loadbalancer
 2021-02-14 14:23:06 -08:00
Alexander Block 295fb11ac2 Better readable modification assigning of PrivateIPv4Address 2021-02-10 09:39:32 +01:00
Alexander Block 2c0f9809eb Move validation of ClusterSubnetSpec into pkg/apis/kops/validation 2021-02-10 09:36:39 +01:00
Alexander Block c6eca9db81 Fix check for empty privateIPv4Address 2021-02-10 08:21:22 +01:00
Kubernetes Prow Robot 4507be8e13
Merge pull request #10469 from justinsb/boot_nodes_from_kops_controller 
Boot nodes without state store access
 2021-02-08 11:28:19 -08:00
Peter Rifel e7ede2b13e
Use EnsureTask instead of prepending IG names to external ELB tasks 
This way we end up with one CLB task per CLB regardless of how many ASGs to which it is attached.
 2021-02-07 10:45:38 -06:00
Alexander Block 6facd1b8ab Allow to explicitely choose subnets and private IPs for the API loadbalancer 2021-02-05 17:53:20 +01:00
Alexander Block 49e7ec8890 Use SubnetMappings for NLBs instead of Subnets 
SubnetMappings allow to explicitely set the private IPv4 address that
must be used for the NLB.

SubnetMappings and Subnets in the AWS API are compatible as long as the
address settings are not changes, making this commit backwards compatible.
 2021-02-05 17:53:20 +01:00
Ciprian Hacman f8d3b76556 Default IMDSv2 to "optional" for AWS 2021-01-29 14:02:14 +02:00
Ciprian Hacman 5fcd4e4b28 Allow attaching same external load balancer to multiple instance groups 2021-01-27 16:25:39 +02:00
Ciprian Hacman d889d61ddb Set default IMDS v2 to "required" for instances in AWS 2021-01-21 11:35:41 +02:00
Ciprian Hacman c8a9b2fb3e Set default volume encryption to "true" for instances in AWS 2021-01-21 11:27:02 +02:00
Ciprian Hacman 18bb14ffed Set default volume type to "gp3" for instances in AWS 2021-01-21 11:27:02 +02:00
Ciprian Hacman 85fbf1c6a2 Add iops field for gp3 volumes only with launch templates 2021-01-21 11:27:02 +02:00
Ole Markus With afbd057286 Use consistent naming for the remaining SGRs 2021-01-14 12:57:33 +01:00
Justin SB d5294b0b7c Update test data for richer bootstrap script 2021-01-09 13:29:18 -05:00
Ciprian Hacman a7bb949936 Add possibility to set volume throughput for gp3 volumes 2021-01-05 13:18:32 +02:00
Steven E. Harris 2a89d25ed0 Test that launch templates include additional SGs 2021-01-04 08:38:25 -05:00
Steven E. Harris 252d4177f0 Only include API server SGs in IGs for masters 
When using an AWS NLB in front of the Kubernetes API servers, we can't
attach the EC2 security groups nominated in the Cluster
"spec.api.loadBalancer.additionalSecurityGroups" field directly to the
load balancer, as NLBs don't have associated security groups. Instead,
we intend to attach those nominated security groups to the machines
that will receive network traffic forwarded from the NLB's
listeners. For the API servers, since that program runs only on the
master or control plane machines, we need only attach those security
groups to the machines that will host the "kube-apiserver" program, by
way of the ASG launch templates that come from kOps InstanceGroups of
role "master."

We were mistakenly including these security groups in launch templates
derived from InstanceGroups of all of our three current roles:
"bastion," "master," and "node." Instead, skip InstanceGroups of the
"bastion" and "node" roles and only target those of role "master."
 2021-01-04 08:38:25 -05:00
Steven E. Harris ad4ac4f474 Test that AWS launch templates include wrong SG 2021-01-04 08:38:25 -05:00
Kubernetes Prow Robot bee16c052d
Merge pull request #10324 from bharath-123/feature/aws-imdv2 
Add support for AWS IMDS v2
 2020-12-07 22:55:11 -08:00
Ciprian Hacman 265bf4d106 Add option for setting the volume encryption key in AWS 2020-12-08 07:08:09 +02:00
Bharath Vedartham 7f6e125733 Add support for aws ec2 instance metadata v2 
A new field is add to the InstanceGroup spec with 2 sub fields,
HTTPPutResponseHopLimit and HTTPTokens. These fields enable the user
to disable IMDv1 for instances within an instance group.

By default, both IMDv1 and IMDv2 are enabled in instances in an instance group.
 2020-12-07 02:57:02 +05:30
Kubernetes Prow Robot 0fecffbfe0
Merge pull request #10284 from johngmyers/service-account-issuer 
Set --service-account-issuer for k8s 1.20+
 2020-12-04 08:07:59 -08:00