kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,686 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

3567 Commits

Author SHA1 Message Date
Peter Rifel 0ef3f5a12c
Use LoadBalancerName field of CLB task when attaching CLBs to existing ASGs 
This shouldn't have a functional change, just improving consistency with how we attach CLBs to ASGs being created
 2021-02-07 10:46:44 -06:00
Peter Rifel e7ede2b13e
Use EnsureTask instead of prepending IG names to external ELB tasks 
This way we end up with one CLB task per CLB regardless of how many ASGs to which it is attached.
 2021-02-07 10:45:38 -06:00
Kubernetes Prow Robot 0aa9cf1921
Merge pull request #10695 from olemarkus/cilium-1-9 
Add support for cilium 1.9
 2021-02-07 01:07:11 -08:00
Kubernetes Prow Robot 016b0e5500
Merge pull request #10732 from zetaab/feature/uagent 
add user agent to openstack api requests
 2021-02-06 23:53:12 -08:00
Ole Markus With 07eb88145f Remove unset config options 2021-02-07 08:03:07 +01:00
Ole Markus With cd857b97f2 Catch bad/unknown cilium version 2021-02-07 08:00:58 +01:00
Ole Markus With a6dce2e820 Add support for cilium 1.9 
Apply suggestions from code review

Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>
 2021-02-07 08:00:54 +01:00
Kubernetes Prow Robot 5bd15cef15
Merge pull request #10746 from olemarkus/deprecate-aliyun 
Deprecate aliyun
 2021-02-06 02:05:11 -08:00
Kubernetes Prow Robot f7b0f4444a
Merge pull request #10739 from zhijianli88/master 
Fix ineffassign issues
 2021-02-05 14:00:31 -08:00
Ole Markus With 091b63a15a Deprecate aliyun 2021-02-05 22:51:49 +01:00
Alexander Block 49e7ec8890 Use SubnetMappings for NLBs instead of Subnets 
SubnetMappings allow to explicitely set the private IPv4 address that
must be used for the NLB.

SubnetMappings and Subnets in the AWS API are compatible as long as the
address settings are not changes, making this commit backwards compatible.
 2021-02-05 17:53:20 +01:00
Kubernetes Prow Robot 5c50fffd0f
Merge pull request #10742 from h3poteto/iss-10718 
Use expected LaunchTemplateId in updating ASG when MixedInstancePolicy is changed
 2021-02-05 08:48:52 -08:00
AkiraFukushima 37c68e27df Use expected LaunchTemplateId in updating ASG when MixedInstancePolicy is changed 
When user changes only mixedInstancePolicy, LaunchTemplateId is not changed.
So it is not necessary to change LaunchTemplateId in AutoScalingGroup.
 2021-02-06 01:08:40 +09:00
Alexander Block 190073e766 Refactor and fix NLB subnet change checks 
Move checks for valid subnet operations into CheckChanges. This also fixes
a bug where changes would cause immutable field errors while it's actually
perfectly fine to add new subnets (only detaching is forbidden).

This also commit changes the actualSubnets and expectedSubnets lists to
be maps of *string. This is in preparation for the next commit that then
relies on it being a map.
 2021-02-05 13:08:57 +01:00
Li Zhijian 501df662d4 upup/pkg/fi/cloudup/gcetasks/subnet: Fix ineffectual assignment to patch 
Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
 2021-02-05 16:41:55 +08:00
Li Zhijian f1484df4b8 upup/pkg/fi/cloudup/alitasks/rampolicy: Fix ineffectual assignment to policyRequest 
Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
 2021-02-05 16:40:39 +08:00
Jesse Haka 034dad258c modify names 2021-02-05 09:57:54 +02:00
Jesse Haka 41d04d8d4b add user agent to openstack api requests 2021-02-04 23:04:06 +02:00
Kubernetes Prow Robot 0271f0e8cb
Merge pull request #10729 from olemarkus/imdsv2-not-default 
Revert making imdsv2 default
 2021-02-04 11:46:25 -08:00
Ole Markus With dd035fa2bc Revert "Set IMDSv2 to "required" only for new clusters" 
This reverts commit 12cb288df1.
 2021-02-04 17:57:35 +01:00
Ole Markus With a4c36af9de Revert "Increse imdv2 hop limit on control plane nodes" 
This reverts commit 4e00e29fc3.
 2021-02-04 17:57:23 +01:00
Kubernetes Prow Robot ebe8c53813
Merge pull request #10720 from rifelpet/kubecfg-panic 
Fix panic when exporting kubecfg for AWS cluster without load balancer
 2021-02-04 07:16:29 -08:00
Kubernetes Prow Robot beb8b62746
Merge pull request #10700 from avdhoot/expose-metrics-Calico 
Fix rendering issue created by #10414
 2021-02-04 01:46:29 -08:00
Peter Rifel 9074e5200b
Fix panic when exporting kubecfg for AWS cluster without load balancer 2021-02-03 22:35:04 -06:00
Kubernetes Prow Robot 31c8771587
Merge pull request #10702 from olemarkus/fix-cp-hop-limit 
Increase IMDSv2 hop limit on control plane nodes
 2021-02-01 04:17:49 -08:00
avdhoot 0717e4a50a Fix rendering issue created by #10414 2021-02-01 14:09:20 +05:30
Kubernetes Prow Robot dae40386cd
Merge pull request #10698 from hakman/weave-2.8.1 
Update Weave to v2.8.1
 2021-01-31 21:49:49 -08:00
Ole Markus With 4e00e29fc3 Increse imdv2 hop limit on control plane nodes 
Non-hostNetworking fails to talk to the instance metadata otherwise. Breaking e.g CSI controller
 2021-01-31 19:35:07 +01:00
Ciprian Hacman dc407e8a9b Update Weave to v2.8.1 2021-01-31 09:52:57 +02:00
Ole Markus With 1db7b72843 Use serving cert for metrics-server 2021-01-30 09:01:36 +01:00
Ciprian Hacman 12cb288df1 Set IMDSv2 to "required" only for new clusters 2021-01-29 14:07:52 +02:00
Kubernetes Prow Robot 3d39be7721
Merge pull request #10661 from hakman/etcd-manager-defaults 
Update AWS etcd-manager volumes defaults
 2021-01-28 22:01:41 -08:00
Peter Rifel 7428b95837
Remove taints from spotinst ocean terraform resource 
This field isn't being set anywhere and is causing problems with the terraform HCL2 serialization.

If we do end up setting it we can redefine the struct type ourselves with the necessary field tags.
 2021-01-28 10:51:09 -06:00
Kubernetes Prow Robot 3699edcf4f
Merge pull request #10665 from rudeigerc/fix-loadbalancer 
Create default loadbalancer when SSL certificate is specified
 2021-01-27 20:13:07 -08:00
Ciprian Hacman 5fcd4e4b28 Allow attaching same external load balancer to multiple instance groups 2021-01-27 16:25:39 +02:00
rudeigerc 0e3317b341 Create default loadbalancer when SSL certificate is specified 2021-01-27 13:24:57 +08:00
Ciprian Hacman 4c5d7ddabf Remove workaround for volume throughput when using Terraform 2021-01-27 06:33:15 +02:00
Ciprian Hacman fcea4f5b08 Set default volume encryption to "true" for etcd-manager volumes in AWS 2021-01-26 11:29:27 +02:00
Nicholas Galantowicz 0735d15b7a feat: implement azure getapiingressstatus fn 2021-01-23 15:01:18 -05:00
srikiz b04af61a4b Add SFO3 region for DO. Also update e2e tests to use the full list of supported zones 2021-01-22 21:19:30 +05:30
Ciprian Hacman 80ab8b18b3 Bump internal version for CoreDNS 2021-01-22 09:49:34 +02:00
Ciprian Hacman ebd0759033 Add startup probe for calico-kube-controllers 2021-01-22 09:44:53 +02:00
Kubernetes Prow Robot 48411de7bb
Merge pull request #10624 from hakman/aws-lt-defaults 
Update AWS instances defaults
 2021-01-21 03:51:01 -08:00
Kubernetes Prow Robot f3172c3e6c
Merge pull request #10604 from hakman/weave-2.8.0 
Update Weave to v2.8.0
 2021-01-21 02:39:01 -08:00
Ciprian Hacman 3b24a11b30 Add throughput field for gp3 volumes to additional volumes with CF 2021-01-21 11:26:45 +02:00
Kubernetes Prow Robot 7cd0b9fab9
Merge pull request #10610 from johanneswuerbach/patch-1 
Increase CoreDNS default ttl
 2021-01-20 09:42:04 -08:00
Otto Sulin 31c8b10453 Remove unneeded nil checks as in requested changes 2021-01-20 14:59:15 +02:00
Otto Sulin c66a079e3e Add network and router availability zone hints to OpenStack 
This pull request makes it possible to add availability zone hints to routers and networks if the hints are supported.
 2021-01-20 13:34:08 +02:00
Johannes Würbach 38a8c35ba0
Increase CoreDNS default ttl 2021-01-19 22:20:09 +01:00
Ole Markus With f476857add Warn if cilium encryption is enabled, but no secret has been set 2021-01-19 20:20:12 +01:00
Ciprian Hacman 31f8cbd571 Use a more generic check for etcd member prefixes 2021-01-19 09:06:02 +02:00
Ciprian Hacman 3799d135a3 Fix tests and spelling 2021-01-19 09:06:02 +02:00
Ciprian Hacman 01efb505a6 Update Weave to v2.8.0 2021-01-19 07:29:05 +02:00
Justin SB ce036d397d Require KOPS_TERRAFORM_0_12_RENAMED, to guard against tf breakage 
Terraform 0.12 broke compatability and this could result in data loss
if we deleted the etcd volumes.  Document the procedure to fix the
tfstate, and require an env var to be passed to avoid accidental data
loss.
 2021-01-18 18:09:22 -05:00
Barry Melbourne 337c9c4c66 Set default container runtime to containerd 2021-01-16 14:55:35 +00:00
Ciprian Hacman bb787d3075 Release 1.20.0-alpha.1 2021-01-15 15:29:55 +02:00
Ciprian Hacman 65ebf4760d Update integration test for gp3 with etcd volumes 2021-01-15 09:53:10 +02:00
Justin SB acb247fa5f Allow nodeup (and others) to replace in-use files 
By creating a tempfile and then moving the file into place, we both
write more atomically and we can overwrite in-use files.

Issue #10122
 2021-01-14 10:52:10 -05:00
Kubernetes Prow Robot fb0fbb5280
Merge pull request #10557 from zetaab/feature/hashname 
[OpenStack] Use new hash format in instance names
 2021-01-13 09:24:36 -08:00
Kubernetes Prow Robot 0412bf7566
Merge pull request #10561 from spotinst/feat-launchspec-restrictions 
Spotinst: Specify whether scale-down activities should be restricted
 2021-01-13 08:24:36 -08:00
liranp f5cb758d55
feat(spot/addon): bump ocean-controller to 1.0.70 2021-01-13 15:08:43 +02:00
Jesse Haka 1bc330b0bb nameprefix -> groupname 2021-01-13 11:54:07 +02:00
Kubernetes Prow Robot 09bf333433
Merge pull request #10567 from rifelpet/nlb-listener-order 
Fix NLB listener -> target group association for TF & CF
 2021-01-13 01:04:35 -08:00
Peter Rifel 580d73bdc7
Fix NLB listener -> target group association for TF & CF 
The old code made the incorrect assumption that the NLB's list of TargetGroup tasks is in the same order as the NLB's list of listeners for their associations.
Because the model adds them in opposite orders this resulted in the TLS listener being forwarded to the TCP TG and vice versa.

This updates the terraform and cloudformation generation code to search the NLB's list of target groups by name for the target group that should be associated with the listener.
This matches the logic used in the "direct" target.
 2021-01-12 23:21:55 -06:00
Jesse Haka 185ccba246 Use random instance names in OpenStack 2021-01-12 14:52:39 +02:00
liranp 9fe505abed
feat(spot/ocean): new label: spotinst.io/restrict-scale-down 2021-01-12 11:35:28 +02:00
Ole Markus With f5ae5f8808 AWS CSI driver 2021-01-12 07:09:10 +01:00
Ole Markus With 4d2eca199f Remove node-authorization 2021-01-11 18:59:45 +01:00
Kubernetes Prow Robot f94539f6f6
Merge pull request #10556 from zetaab/feature/updatedeps 
update gophercloud dependency
 2021-01-11 06:13:08 -08:00
Jesse Haka 46de9f145e update gophercloud dependency 2021-01-11 14:48:22 +02:00
Kubernetes Prow Robot b3be6478dd
Merge pull request #10551 from spotinst/feat-launchspec-strategy 
Spotinst: Specify Spot percentage per Instance Group
 2021-01-11 04:33:07 -08:00
Kubernetes Prow Robot 75623366e6
Merge pull request #10553 from justinsb/fix_openstack_race 
Openstack: Prevent data race in servergroup member list
 2021-01-10 09:45:05 -08:00
Kubernetes Prow Robot 08cac106b6
Merge pull request #10541 from fenggw-fnst/work 
Fix typo in comment
 2021-01-10 09:01:06 -08:00
Kubernetes Prow Robot 4ee8936d63
Merge pull request #10547 from justinsb/cos_var_lib_kubelet 
COS/GCE: exec on kubelet/flexvolume dirs
 2021-01-10 08:23:17 -08:00
Justin SB 1c11f1a094 Openstack: Prevent data race in servergroup member list 
We were adding to the ServerGroup without a mutex, so we introduce a mutex.

Also introduce some defense against the member list changing once
we've observed it, though this is already enforced by GetDependencies.
 2021-01-10 11:11:11 -05:00
liranp 2f874be0a1
feat(spot/ocean): set spot percentage on launchspec level 2021-01-10 15:22:43 +02:00
Justin Santa Barbara e9f6623a80 COS/GCE: exec on kubelet/flexvolume dirs 
Upstream bind mounts /var/lib/kubelet with exec, dev and suid
permissions, because emptyDirs end up inheriting these permissions.

Similarly, /home/kubernetes/flexvolume needs exec permission to
support flexdrivers.
 2021-01-09 13:56:18 -05:00
Justin Santa Barbara 5779f29e15 GCE: Don't warn about NVME 
NVME only works with Local SSDs, which have their own restrictions;
it isn't a must-support GA blocker (which is why we had the log
previously)
 2021-01-09 13:55:33 -05:00
Justin SB 4ac9d5c17b Boot nodes without state store access 
kops-controller can now serve the instance group & cluster config to
nodes, as part of the bootstrap process.

This enables nodes to boot without access to the state
store (i.e. without S3 / GCS / etc permissions)

Feature-flagged behind the KopsControllerStateStore feature-flag.
 2021-01-09 13:08:48 -05:00
Ole Markus With 72073d3f2c Move cilium bootstrap logic to its own file 2021-01-09 10:02:27 +01:00
Ole Markus With 39b139a0ee Move bootstrapchannelbuilder to its own package 2021-01-09 09:55:22 +01:00
Kubernetes Prow Robot 2677254392
Merge pull request #10461 from olemarkus/allow-modify-etcd-volume 
Make it possible to change the etcd volume type and iops
 2021-01-06 02:47:52 -08:00
Ole Markus With 0676e38473 Make it possible to modify ebs volumes 2021-01-06 11:01:24 +01:00
Guangwen Feng 66d48164a9 Fix typo in comment 
Signed-off-by: Guangwen Feng <fenggw-fnst@cn.fujitsu.com>
 2021-01-06 16:18:46 +08:00
Kubernetes Prow Robot 0ca0e38518
Merge pull request #10424 from rifelpet/ebs-tf-012 
Don't allow ebs volume TF resource names to begin with digit
 2021-01-05 09:19:58 -08:00
Kubernetes Prow Robot 2e202badc5
Merge pull request #10361 from hakman/single-az-multi-master 
Prefix etcd cluster names with letters
 2021-01-05 07:51:58 -08:00
Ciprian Hacman a7bb949936 Add possibility to set volume throughput for gp3 volumes 2021-01-05 13:18:32 +02:00
Kubernetes Prow Robot 7238f2689c
Merge pull request #10512 from hakman/kube-router-v1.1.1 
Update kube-router to v1.1.1
 2021-01-04 16:01:57 -08:00
Kubernetes Prow Robot 6d5549e730
Merge pull request #10453 from msidwell/gp3-etcd 
Add gp3 Volume Type to etcd
 2021-01-04 11:29:57 -08:00
msidwell ebf05facc2 add gp3 volume default params 
add io2 case and correct IOPS minimum value check

add gp3 case

add io2 and gp3 parameter ratio validation logic

add volumeThroughput parameter for disks that support it

add volumeThroughput components throughout ebs structs

add volumeThroughput to versioned api

updated api machinery and crds

apimachinery update
 2021-01-04 17:08:11 +00:00
Barry Melbourne 1c96e826d9 Remove copyright YEAR from generated Go files 2021-01-03 12:48:50 +00:00
Ciprian Hacman 7c2dc634ec Update kube-router to v1.1.1 2020-12-30 09:08:35 +02:00
Kubernetes Prow Robot 22a9a13abf
Merge pull request #10488 from rifelpet/iam-role-tag 
AWS IAM Role Tagging
 2020-12-29 22:33:48 -08:00
Ciprian Hacman 41d74903e3 Use containerd.sock for AmazonVPC CNI with containerd 2020-12-27 17:35:52 +02:00
Peter Rifel 4ee5d7a543
Add tagging support for AWS IAM Roles 2020-12-23 15:11:07 -06:00
Kubernetes Prow Robot b5afd1d6c4
Merge pull request #10473 from hakman/custom-container-runtime-package 
Add config options for container runtime package URL and Hash
 2020-12-23 04:48:28 -08:00
Ciprian Hacman ff6a782303 Add config options for container runtime package URL and Hash 2020-12-23 13:29:22 +02:00
Kubernetes Prow Robot 5b5daad3d4
Merge pull request #10487 from spotinst/feat-ocean-controller-1.0.69 
Spotinst: Bump the Ocean Controller to 1.0.69
 2020-12-22 00:46:25 -08:00
Peter Rifel 604cb67b62
Remove Region use in Azure 2020-12-21 20:54:28 -06:00
Justin SB 8fb7f1930d
Use Region method of fi.Cloud 
There's no need to track it separately, now that we have the Region
method on the Cloud interface.
 2020-12-21 20:50:54 -06:00
liranp 784db66fae
feat(spot/addon): bump ocean-controller to 1.0.69 2020-12-22 01:44:43 +02:00
Kenji Kaneda a61caea8d2 Add Azure support 
This commit contains all changes required to support Azure
(https://github.com/kubernetes/kops/issues/3957).
 2020-12-21 08:27:54 -08:00
Ciprian Hacman eff2af2fe2 Update CNI plugins to v0.8.7 2020-12-21 11:07:57 +02:00
Ciprian Hacman 472faf82d2 Drop support for containerd 1.2 2020-12-21 10:08:24 +02:00
Justin SB 6de9994239 Refactor nodeUpConfigBuilder to be standalone 
We break the hard-link with the ApplyClusterCmd, the code is
over-coupled and ApplyClusterCmd is too big.
 2020-12-20 09:33:06 +02:00
Kubernetes Prow Robot 8d3e42cd36
Merge pull request #10475 from justinsb/refactor_mirrored_asset 
Refactor MirroredAsset into mirrors package
 2020-12-19 23:12:25 -08:00
Justin SB 1945a656a0 Remove deprecated ResourceHolder 
Cleaning up what is now dead code.
 2020-12-19 23:15:37 -05:00
Justin SB 89208039d4 Remove more usages of deprecated ResourceHolder 
Allowing for the removal.
 2020-12-19 23:00:30 -05:00
Justin SB 7d9ff3ba96 Refactor MirroredAsset into mirrors package 
This means we can use MirroredAsset for nodeup without circular
dependencies.  Also removes a duplicate constant that was declared
twice.
 2020-12-19 18:39:09 -05:00
Justin SB 45d11ba12c Replace (some) deprecated ResourceHolder with Resource 
This removes more of the deprecated type, but it also simplifies
refactoring the GCE InstanceTemplate.
 2020-12-19 09:51:43 -05:00
Kubernetes Prow Robot e747047db7
Merge pull request #10452 from spotinst/feat-elastigroup-subnets 
Spotinst: Support for multiple subnets per zone
 2020-12-19 00:00:24 -08:00
Kubernetes Prow Robot a013aaac28
Merge pull request #10449 from spotinst/feat-ocean-autoscaler 
Spotinst: Expose Ocean Headroom percentage and autoconfig labels
 2020-12-18 23:18:24 -08:00
Kubernetes Prow Robot 409d0075c0
Merge pull request #10450 from spotinst/fix-elastigroup-voltype 
Spotinst: Ignore volume type case sensitivity to prevent unnecessary updates
 2020-12-18 18:52:25 -08:00
Kubernetes Prow Robot ef8c36999a
Merge pull request #10404 from seh/allow-use-of-calico-vxlan-backend 
Calico: Allow operators to choose which encapsulation mode to use
 2020-12-18 10:54:25 -08:00
Steven E. Harris f0f45b71fd Allow use of Calico's VXLAN networking backend 
Introduce a new "encapsulationMode" field in Calico's portion of the
Cluster specification to allow switching between the the IP-in-IP and
VXLAN encapsulation protocols. For now, we accept the values "ipip"
and "vxlan," and forgo a possible "none" value that would disable
encapsulation altogether (at least for the default Calico IP pool).

Augment the default-populating procedure for Calico to take this field
into account when deciding both which networking backend to use and
whether to use IP-in-IP or VXLAN encapsulation for the default IP
pool. Note that these values supplied for the "CALICO_IPV4POOL_IPIP"
and "CALICO_IPV4POOL_VXLAN" environment variables in the "calico-node"
DaemonSet pod spec only matter for creating the "default" IPPool pool
object when no such objects already exist.

Generalize the documentation for the "crossSubnet" field to cover
environments more broad than just AWS, as Calico can employ this
selective encapsulation in any environment in which it can detect
boundaries between subnets.
 2020-12-18 10:55:11 -05:00
Kubernetes Prow Robot ff5c8f03de
Merge pull request #10442 from hakman/calico-ignore-loose-rpf 
Allow Calico to run on systems with loose reverse path forwarding
 2020-12-18 03:36:25 -08:00
liranp 22a07ff7a2
feat(spot/elastigroup): configure subnets without zones 2020-12-17 20:38:43 +02:00
liranp 4275ac0f15
fix(spot/elastigroup): ignore volume type case sensitivity to prevent unnecessary updates 2020-12-17 17:51:33 +02:00
liranp 55b27582c6
feat(spot/ocean): expose headroom percentage and autoconfig labels 2020-12-17 17:33:38 +02:00
MoShitrit 2e6e8515a4 Bump AWS-CNI to version 1.7.8 2020-12-17 10:02:15 -05:00
Ciprian Hacman 25db4eb012 Allow Calico to run on systems with loose reverse path forwarding 2020-12-17 14:15:38 +02:00
Justin SB 72329db188 IAM ServiceAccount Roles: truncate name at 64 characters 
The maximum IAM role name length is 64 characters, which we hit much
more often now that we are constructing complex names.  Use our normal
strategy of adding a hash when we truncate.

This is not a breaking change, because these names were not valid
previously.
 2020-12-16 13:38:38 -05:00
Ciprian Hacman 2844abd225 Delay defaulting to CoreDNS to k8s v1.20 2020-12-16 08:12:04 +02:00
Sandeep Rajan 10f6fe9e96 Make coredns default for new clusters 2020-12-15 17:47:24 +02:00
Ole Markus With 4fa6f56ecd Use the kubernetes-sigs version of yaml 2020-12-15 10:38:01 +01:00
Peter Rifel a5071e08cf
Don't allow ebs volume TF resource names to begin with digit 2020-12-14 23:15:36 -06:00
Ciprian Hacman 1c6618bdd9 Update tests 2020-12-13 13:28:41 +02:00
Ciprian Hacman d2b34eac90 Add support for containerd v1.3.9 for older k8s versions 2020-12-13 13:28:36 +02:00
Ciprian Hacman 73b1b39da3 Add support for containerd v1.4.3 ARM64 2020-12-13 12:40:45 +02:00
MoShitrit f2bb2e587c Bump aws-cni to 1.7.7 2020-12-12 01:03:02 -05:00
Ciprian Hacman c13d4a194c Update Calico to v3.17.1 2020-12-11 18:21:54 +02:00
Bharath Vedartham cebe171805 Explicitly specify http_endpoint in launch_template terraform 
http_endpoint has to be explicitly specified in the metadata_options block
of the launch template terraform according to issue
https://github.com/hashicorp/terraform-provider-aws/issues/12564
 2020-12-10 01:37:15 +05:30
Ciprian Hacman 4acc1d4f5d Update docs for CentOS 8 2020-12-09 09:36:43 +02:00
Kubernetes Prow Robot bee16c052d
Merge pull request #10324 from bharath-123/feature/aws-imdv2 
Add support for AWS IMDS v2
 2020-12-07 22:55:11 -08:00
Ciprian Hacman 265bf4d106 Add option for setting the volume encryption key in AWS 2020-12-08 07:08:09 +02:00
Bharath Vedartham 7f6e125733 Add support for aws ec2 instance metadata v2 
A new field is add to the InstanceGroup spec with 2 sub fields,
HTTPPutResponseHopLimit and HTTPTokens. These fields enable the user
to disable IMDv1 for instances within an instance group.

By default, both IMDv1 and IMDv2 are enabled in instances in an instance group.
 2020-12-07 02:57:02 +05:30
Kubernetes Prow Robot e68a4648b9
Merge pull request #10374 from hakman/eip-egress 
Add option to reuse existing Elastic IPs for NAT gateways
 2020-12-06 04:55:25 -08:00
Ciprian Hacman e11d934268 Add option to reuse existing Elastic IPs for NAT gateways 2020-12-06 09:37:17 +02:00
Kubernetes Prow Robot 7140d96e92
Merge pull request #10318 from olemarkus/cert-manager-addon 
Add minimal cert-manager addon
 2020-12-04 22:57:25 -08:00
Ole Markus With 09eebec765
Update upup/pkg/fi/cloudup/bootstrapchannelbuilder.go 
Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>
 2020-12-05 07:21:12 +01:00
Ciprian Hacman c73ba45389 Prefix etcd cluster names with letters 2020-12-05 05:13:05 +02:00
Ole Markus With 1ae09e86a5 Add minimal cert-manager addon 2020-12-04 21:52:07 +01:00
srikiz 33a4b4a76b Remove AlphaAllowDO flag 2020-12-04 21:32:01 +05:30
srikiz 052ec647dd Move DO to beta 2020-12-04 21:15:08 +05:30
Kubernetes Prow Robot 1b45f876a4
Merge pull request #10335 from hakman/same-tg-multiple-igs 
Allow attaching same external target group to multiple instance groups
 2020-12-02 21:38:59 -08:00
Ciprian Hacman e57cd534b5 Allow attaching same external target group to multiple instance groups 2020-12-03 06:59:59 +02:00
Kubernetes Prow Robot 443567426e
Merge pull request #9704 from nckturner/aws-cloud-controller 
Add aws-cloud-controller-manager config to addons
 2020-12-02 12:17:00 -08:00
Kubernetes Prow Robot 924ca30354
Merge pull request #10337 from MoShitrit/aws-vpc-cni-1.7.6 
Bump aws-vpc-cni version to 1.7.6
 2020-12-02 08:28:51 -08:00
Ciprian Hacman e11156135b Update Docker to v19.03.14 2020-12-02 10:11:27 +02:00
Ciprian Hacman 2b6d730354 Update containerd to v1.4.3 2020-12-02 09:53:57 +02:00
MoShitrit 59e2b8357b Bump aws-vpc-cni version to 1.7.6 2020-12-01 22:20:38 -05:00
Nick Turner c9feb36f3f Add aws-cloud-controller-manager config to addons 
- Config at aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml.template
- AWSCCMTag function for CCM image tag
 2020-11-30 01:35:07 -08:00
Kubernetes Prow Robot ead7143a79
Merge pull request #10319 from hwoarang/tolerate-missing-detached-ec2 
Tolerate missing detached EC2 instances
 2020-11-26 10:40:19 -08:00
Markos Chandras 0eb114d751
Tolerate missing detached EC2 instances 
Sometimes we see the following error during a rolling update:

I1125 18:12:46.467059     165 instancegroups.go:340] Draining the node: "ip-X-X-X-X.X.compute.internal".
I1125 18:12:46.473365     165 instancegroups.go:359] deleting node "ip-X-X-X-X.X.compute.internal" from kubernetes
I1125 18:12:46.476756     165 instancegroups.go:486] Stopping instance "i-XXXXXXXX", node "ip-X-X-X-X.X.compute.internal", in group "X" (this may take a while).
E1125 18:12:46.523269     165 instancegroups.go:367] error deleting instance "i-XXXXXXXX", node "ip-X-X-X-X.X.compute.internal": error deleting instance "i-XXXXXXXX", node "ip-X-X-X-X.X.compute.internal": error deleting instance "i-XXXXXXXX": InvalidInstanceID.NotFound: The instance ID 'i-XXXXXXXXX' does not exist
	status code: 400, request id: 91238c21-1caf-41eb-91d7-534d4ca67ed0

It's possible that the EC2 instance to have disappeared by the time it
was detached (it may have been a spot instance for example)

In any case, we can't do much when we do not find an instance id, and
throwing this error during the update is not very user friendly.

As such, we can simply report and tolerate this problem instead of
exiting with non-zero code. This is similar to how we handle missing
EC2 when updating an IG[1]

[1] https://github.com/kubernetes/kops/pull/594
 2020-11-26 08:55:38 +00:00
Ciprian Hacman 8b9fb1ffe8 Update Calico to v3.17.0 2020-11-24 08:17:23 +02:00
Kubernetes Prow Robot c44d8fb0d8
Merge pull request #10297 from hakman/no_model_store_needed 
Remove dead code
 2020-11-22 12:07:34 -08:00
Ciprian Hacman d2cebfe01f Remove dead code 2020-11-22 09:18:43 +02:00
Ciprian Hacman 338fb43f8b Update kOps version after 1.19.0-beta.2 release 2020-11-22 08:10:50 +02:00
Ciprian Hacman e11c663e29 Check changes before attaching/detaching TargetGroups 2020-11-20 19:44:34 +02:00
Ciprian Hacman 19345c3f7f Order attached TargetGrups list by name 2020-11-20 10:40:27 +02:00
Ciprian Hacman fdcc2607bf Parse TargetGrup names from ARNs 2020-11-20 10:40:26 +02:00
Frank Yang 93dcaddc48 feat(aws): add PolicyNames for ELB to change listener's security policy 2020-11-19 16:07:21 +08:00
Kubernetes Prow Robot 454ffddcb1
Merge pull request #10239 from johngmyers/kops-controller-domain 
Use separate domain for kops-controller bootstrap
 2020-11-17 23:24:04 -08:00
John Gardiner Myers d5ed8509fe Fix version of storage-aws addon manifest 2020-11-16 14:48:29 -08:00
Kubernetes Prow Robot 92911d7dcf
Merge pull request #10167 from olemarkus/cilium-ondelete 
Make it possible to use OnDelete update strategy on addon daemonset
 2020-11-16 12:38:03 -08:00
Ole Markus With f4e3dd3e26 Rename NeedUpdate struct to NeedsRollingUpdate 2020-11-16 19:48:18 +01:00
Ole Markus With 2659a30280 Make get instances respect needs-update annotation 
Make it possible for addons to set needs-update annotation

Use onDelete update strategy for cilium and set needs-update annotation

Rename node roles
 2020-11-16 08:26:17 +01:00
Justin SB 73b075d3b2 GCE: ignore (output-only) networkInterface.name 
This field was causing spurious differences to be detected.

We probably should be comparing the values in the kops model, not the
GCE model.
 2020-11-15 10:31:24 -05:00
John Gardiner Myers 046a64cb19 Use separate domain for kops-controller bootstrap 2020-11-14 12:14:34 -08:00
Ciprian Hacman c946f16c32 Print changes also for consistency errors 2020-11-12 14:34:35 +02:00
Ciprian Hacman 3e8770f763 Update kOps version after 1.19.0-beta.1 release 2020-11-11 10:15:39 +02:00
Kubernetes Prow Robot 9b3f13d93f
Merge pull request #10151 from hakman/launch-template-versions 
Use LaunchTemplate versions instead of timestamped LaunchTemplates
 2020-11-10 23:23:48 -08:00
Kubernetes Prow Robot ddb3a38e28
Merge pull request #10190 from spotinst/feat-ocean-resource-limits 
Spotinst: Configure Resource Limits in Ocean Auto Scaler
 2020-11-10 18:15:48 -08:00
Kubernetes Prow Robot c1a3615cf0
Merge pull request #10193 from olemarkus/updates-docker 
Upgrade docker client
 2020-11-10 17:39:55 -08:00
Kubernetes Prow Robot e43efbe102
Merge pull request #10157 from rifelpet/acm-nlb 
Setup a second NLB listener when an AWS ACM certificate is used
 2020-11-10 10:36:41 -08:00
Ciprian Hacman 0934374fe2 Fix various NLB nits 2020-11-10 17:30:23 +02:00
Peter Rifel 4758ea9f2f
Address feedback 2020-11-09 17:24:32 -06:00
Ciprian Hacman 1d6a51aff9 Address review comments 2020-11-09 21:41:58 +02:00
Ciprian Hacman fdf976809e Use pagination when listing LaunchTemplates 2020-11-09 21:41:58 +02:00
Ciprian Hacman ed37c34a92 Use LaunchTemplate id instead of name for ASGs 2020-11-09 21:41:56 +02:00
Ciprian Hacman 7b04b97999 Use LaunchTemplate id instead of name for rolling updates 2020-11-09 21:40:36 +02:00
Ciprian Hacman 057ab28d4c Update LaunchTemplate tags on changes 2020-11-09 21:40:36 +02:00
Ciprian Hacman 0c3e3784c8 Use LaunchTemplate name instead of name_prefix for Terraform 2020-11-09 21:40:36 +02:00
Ciprian Hacman 565adceab9 Use LaunchTemplate versions instead of timestamped LaunchTemplates 2020-11-09 21:40:33 +02:00
Kubernetes Prow Robot ecea47790b
Merge pull request #10198 from hakman/fix-spot-instance-2 
Fix disabling spot instances when using launch templates
 2020-11-09 05:32:27 -08:00
Kubernetes Prow Robot b91a40c52a
Merge pull request #10199 from hakman/fix-nlb-reconciliation 
Fix AWS NLB reconciliation
 2020-11-08 10:43:37 -08:00
Ciprian Hacman 32658075d3 Fix disabling spot instances when using launch templates 2020-11-08 19:11:45 +02:00
Ciprian Hacman 9e1e90dac9 Fix mismatch between expected launch template Name and ID 2020-11-08 19:08:00 +02:00
Ciprian Hacman 6c6a9daaf3 Fix AWS NLB reconciliation 2020-11-08 13:14:56 +02:00
Kubernetes Prow Robot f12c7ff510
Merge pull request #10191 from olemarkus/updates-sprig 
Upgrade sprig to v3
 2020-11-07 23:05:37 -08:00
Ciprian Hacman 4070f09bef Fix auto scaling group changes when using spot instances 2020-11-08 05:54:46 +02:00
Ole Markus With f67af5223a Upgrade docker client 2020-11-07 22:45:14 +01:00
Ole Markus With 3721bbb76b Upgrade sprig to v3 2020-11-07 20:41:02 +01:00
liranp fce6a22755
feat(spot/ocean): configure resource limits 2020-11-07 20:32:51 +02:00
Jack Andersen 281e6140d9 Compare KubernetesAPIAccess to OpenStack allowedCIDRs deterministically 2020-11-07 00:29:24 -05:00
Peter Rifel 54decbc479
Always use TCP health check protocol for target groups 2020-11-06 11:09:38 -06:00
Peter Rifel 370092cb5a
Update TG ports rather than protocols when adding/removing ACM certs from listeners 
This also renames the TGs to be more descriptive, with tcp and tls prefixes.
 2020-11-06 11:09:38 -06:00
Peter Rifel 3417ef366c
Handle target groups that dont yet exist when reconciling 2020-11-06 11:09:38 -06:00
Peter Rifel 15ba84df16
Find target group names for existing NLB listeners 2020-11-06 11:09:37 -06:00
Peter Rifel 9242c34a38
Setup a second NLB listener on 8443 when sslCertificate is set 2020-11-06 11:09:37 -06:00