Automatic merge from submit-queue.
Consolidate two separate CNI sections
There was a second section about CNI that was confusing since it was superfluous to the first one.
Also updated a couple of calico references from version-pinned to 'latest'.
Automatic merge from submit-queue.
Update IAM roles documentation based on recent changes.
The [IAM Roles documentation](https://github.com/kubernetes/kops/blob/master/docs/iam_roles.md) has been updated to reflect recent hardening on the policies generated for Master & Compute nodes.
Fixes#3557.
Adding an extra option to the toolbox templating to format the YAML before writing out; which is usefull to cleanup formating issues and as detecting errors in the template
- added a formating options --format-yaml to the toolbox template which cleans up the yaml before writing out
- updated the cli documentation
- added the --config-value used to grab the configuration
The current implementation fails on template which reference unset variables, it is however useful at times to permit overriding this behavior and using sprig default() for example methods to handle it
- added a new command line option --fail-on-missing (defaults to true, so keeps the current behaviour)
- updated the unit test to reflect the changes
- updated the cli docs
Automatic merge from submit-queue.
update kubernetes-dashboard image version to v1.7.1
https://github.com/kubernetes/dashboard/issues/2401, causing high CPU, is fixed in 1.7.1.
Image version number is the only change.
We'll need to move the current release notes in master for 1.7.1 to 1.8.0 since
they were not included in this release at this time and cherry-pick
these notes into master.
Automatic merge from submit-queue.
Initial bazel support
Builds on the 1.8 version bump
The "trick" is to strip the BUILD & BUILD.bazel files from the vendor-ed deps.
Will rebase after 1.8 version bump merges.
Automatic merge from submit-queue. .
promoting drain and validate by setting feature flag to true
I am unable to recreate https://github.com/kubernetes/kops/issues/2407, and frankly, it may be an edge case. We could warn a user if their wait times are low, but that would be another PR.
This PR moves Drain and Validate functionality for rolling-updates into the default user experience, setting the Feature Flag to true.
Per feedback, I am using the node and master interval times for the validation.
Automatic merge from submit-queue. .
Support encryption-at-rest for the kube-apiserver
This PR adds support for enabling encryption-at-rest for data in etcd, via the kube-apiserver (as per https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data).
I've put the functionality behind a feature flag, `+EnableDataEncryption`. It can then be enabled per-cluster by using `--enable-encryption-config` on the command line, or by adding a `kubeEncryptionConfig` section to the cluster spec. This is passed through to the kube-apiserver by the nodeup process. I'm not sure if this is the best way of doing it right now, but it is working.
Fixes#3356.
Automatic merge from submit-queue. .
improve documentation for secrets
I was struggling on how to change a the api basic auth password for my cluster and found this to be the only way to do it. If there is an easier way, let me know and i can adapt the docs again :)
- add a new kops secret command to store encryption config
- add the experimential-encryption-provider-config flag to the kube-apiserver
- add functionality to nodeup to create the stored encryption config in the correct path
Automatic merge from submit-queue. .
Allow specifying a SSH key name for AWS
Related to #2309, this allows naming an existing key pair using the
cluster spec field `sshKeyName`.
In our use case, kops can now be used without providing the ability to
create EC2 key pairs.
Automatic merge from submit-queue
Add romana to built-in CNI options
This PR adds `romana` as a networking option for kops.
It installs the latest "preview" release of Romana v2.0, which provides the expected features in terms of IP allocations and route configuration. Network policy features are being ported to 2.0 and will be in the final release. (We intend to submit a followup PR for kops as part of that rolling out that release.)
Note: in this setup, we're using the etcd cluster that kops deploys for k8s. This isn't ideal, but some possibilities (eg: StatefulSets) aren't practical for the CNI itself, and creating a parallel etcd cluster via manifests seemed to be a more-intrusive approach than using the existing one.
If this is a concern or problem, then I'm very open to discussing and implementing it based on your suggestions.
Also, some functionality is exclusive to AWS environments. Other cloud platforms are on Romana's roadmap but not developed yet. Let me know that restriction needs to be enforced in code or directly documented.
Automatic merge from submit-queue
Add a doc to describe how to use kops in AWS China
Closes#2933, closes#3282.
@wangycc, @mgyong, @hb404 This doc might be helpful for you guys to deploy a cluster in AWS China Region.
@chrislovecnm, @justinsb Please help to review. Thanks.
Automatic merge from submit-queue
small docs improvement
Make cmd1 populate the var for cmd2
Using `tee /dev/stderr` allows the user to still get output if they copy-pasta the first command. The other changes prepare the HZC variable so it can be used if they copy-pasta the second command.
Kubernetes Submit Queue
chrislovecnm
Mike Splain
Andy Randall
Rodrigo Menezes
Rohith
Justin Santa Barbara
Manuel de Brito Fontes
Reinaldo Martinez
Kashif Saadat
Manatsawin Hanmongkolchai
Jasmine Hegman
Chi Hoang
Quentin Nerden
tallaxes
Ali Fathieh
William Austin
Alberto
Rahul Mahale
jatan28
John Laswell
Julian Simioni
georgebuckerfield
Timothy Josefik
Andrey Chernih
Andrey Falko
Marius Davidsen