kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
18,189 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

192 Commits

Author SHA1 Message Date
Leïla MARABESE 76562f80d5 support for scaleway in s3 buckets 2022-09-01 12:06:23 +02:00
Ciprian Hacman cb99db0757 Run make goimports 2022-08-17 07:03:33 +03:00
Ciprian Hacman 3d24d76cd6 Set higher verbosity when logging the endpoint of non-AWS S3 backend 2022-08-03 04:54:47 +03:00
Abirdcfly 9983ed68fb
delete t.FailNow after t.Fatalf 
Signed-off-by: Abirdcfly <fp544037857@gmail.com>
 2022-07-22 00:14:53 +08:00
Rémy Léone 80d2d53643 fix tenv linter 2022-06-15 18:06:28 +02:00
Jesse Haka 52d2cb08a8 update deps 2022-05-04 10:25:42 +03:00
Nat Henderson 9b08c4bb51 Enable internal load balancers when running on GCP 
* Add ILBs, broadly following the AWS model.  The following new
capabilities are added for clusters in GCP:
  * Cluster's spec.api.loadBalancer can be set to 'type: internal' on
    GCP.
    * Therefore, GCP can now create:
        * regional backend services
        * regional (non-legacy) healthchecks
        * firewall rules with "internal" load-balancing scheme
        * firewall rules with dot-notation-specified IP addresses
  * Cluster's spec.api.loadBalancer's 'subnets' field functions
    as in the AWS model.

A few incidental changes are included, either because this change
touched the relevant code or because my use case happened to trigger the
issues that are fixed here.

* Cluster's spec.networkID field can be prefixed by project to use
  GCP's common cross-project networking model.
    * The presumption is that all specified subnets belong to this
      network and therefore this project.

* Add missing operation wait on forwarding rule creation.

* Some Terraform output improvements:
    * Permit no-ACL files in GCS buckets in Terraform output.
    * Enable marginally better cross-resource reference in Terraform outputs
    * Add project to network + subnetwork literals in Terraform output.
    * Add terraform output to backend services and health checks.

Testing:
  * Add mocks for backend services and health checks.
  * Add minimal integration test - copied from gce_private and ilb added.
  * Add update cluster goldens.

Co-authored-by: Travis Reid <travis_reid@apple.com>
 2022-04-25 13:31:47 -07:00
Tessia Piboubès 705a7b536c Use a pointer type in type assertion 2022-04-20 20:07:58 +02:00
Kubernetes Prow Robot 6d264080ed
Merge pull request #13484 from olemarkus/no-bazel-targets 
Remove bazel targets and tools
 2022-04-17 23:16:41 -07:00
Ciprian Hacman 8b8dd8d2dd Use aws_s3_object instead of deprecated aws_s3_bucket_object 2022-04-13 16:49:03 +03:00
Ole Markus With ce2e877aeb Remove bazel files from vendor 2022-04-12 13:29:03 +02:00
Justin Menga 210d072da9 Correctly detect GovCloud regions 2022-03-24 12:59:32 -07:00
Eng Zer Jun deede3ecd4
test: use `T.TempDir` to create temporary test directory 
The directory created by `T.TempDir` is automatically removed when the
test and all its subtests complete.

Reference: https://pkg.go.dev/testing#T.TempDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
 2022-02-18 16:57:41 +08:00
justinsb 9ccc100f92 tests: ensure that we use ACLs with memfs 
They weren't fully wired up previously
 2022-01-30 15:04:11 -05:00
John Gardiner Myers a0736b3c29 Remove support for Aliyun/Alibaba Cloud 2021-12-11 21:49:13 -08:00
Peter Rifel f5f52eec92
Add mock GCP credentials to fix unit tests 2021-12-02 08:01:35 -06:00
Peter Rifel f56f98154a
Add TerraformProvider 2021-12-02 08:01:35 -06:00
Peter Rifel 675754edeb
Add Terraform support for GS Paths 2021-12-02 08:01:34 -06:00
Peter Rifel 5813b7f0e0
Add a unit test for S3Path.RenderTerraform 
Unfortunately it needs to be in a different package to avoid a rather complex import loop: terraform -> kops api -> vfs -> terraform
 2021-12-02 07:55:45 -06:00
Ciprian Hacman ea7df00719 Run hack/update-gofmt.sh 2021-12-01 22:39:50 +02:00
Ole Markus With 2fa53989c4 Configure dualstack endpoint for s3 
Use dualstack https endpoints on ipv6only cluster. Always use
dualstack endpoints through the SDK
 2021-11-20 08:00:00 +01:00
Eng Zer Jun 425173ae9f
refactor: move from io/ioutil to io and os packages 
The io/ioutil package has been deprecated as of Go 1.16, see
https://golang.org/doc/go1.16#ioutil. This commit replaces the existing
io/ioutil functions with their new definitions in io and os packages.

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
 2021-11-12 15:37:18 +08:00
Peter Rifel 7eaa647b2a
Include the provider alias on TerraformPath resources that reference their provider 2021-09-17 18:08:59 -05:00
Peter Rifel c3a7f9f75a
Add TerraformProvider definition to TerraformPath interface 2021-09-17 18:08:58 -05:00
Yadnesh Kulkarni 670fa3aaf7 Incorrect url to the swift container 
Swift path prefix in ReadTree and ReadDir should not be empty
when adding "/" to it.
 2021-08-15 04:21:34 -04:00
Ole Markus With 67b4024694 Reconcile if managedFile is public or not 2021-08-13 20:20:44 +02:00
Ole Markus With 4bf0fae33a Add function for getting memfs location 2021-07-01 08:27:48 +02:00
John Gardiner Myers eb076e3713 Render managed files with Terraform 2021-06-28 12:15:15 -07:00
Kubernetes Prow Robot 3c4b6068b9
Merge pull request #11649 from h3poteto/fix-jwks-location 
Fix jwks object path in S3 for IRSA
 2021-06-01 08:26:27 -07:00
AkiraFukushima d52ec60c02
Fix issuer and jwks object path for IRSA 2021-06-01 23:35:21 +09:00
John Gardiner Myers e896a8a215 Fix detection of virtual-hosted-style S3 urls in us-east-1 2021-05-31 19:07:56 -07:00
John Gardiner Myers 23de00da6e Enable reading shared config when possibly from CLI 2021-05-05 22:08:54 -07:00
Peter Rifel 7c900b7fae Generate and upload keys.json + discovery.json to public store 
Generate and upload keys.json + discovery.json to public store

Don't enable anonymous auth on publicjwks

Remove tests that won't work using FS VFS anymore
 2021-03-19 20:03:26 +01:00
Barry Melbourne e30bf1cf35 Update Go modules to latest versions 2021-03-14 15:08:27 +00:00
Jesse Haka 034dad258c modify names 2021-02-05 09:57:54 +02:00
Jesse Haka 41d04d8d4b add user agent to openstack api requests 2021-02-04 23:04:06 +02:00
Peter Rifel 0df5f6c24d
Fix file not found error detection in fs:// 2021-01-12 20:57:33 -06:00
Kenji Kaneda 40c944aa5c Fix a typo in an error message returned from buildAzureBlobPath 
invalid Azure Blob schem -> invalid Azure Blob scheme
 2020-11-23 08:16:39 -08:00
Kenji Kaneda 4555c0b2df Add support of Azure Blob storage to VFS 
The schema is "azureblob".

azureClient provides two ways to set up credential. One approach is to
use an account key stored in env var. This approach is used when
accessing Blob from kops CLI. The second approach is to retrieve
credentials from Instance Metadata Service. This works only when
azureClient is created on a VM that has sufficient privilege to access
a specified blob. This approach is used from nodeup, etcd-manager,
etc.
 2020-11-19 10:47:03 -08:00
Jesse Haka 67d69f16a9 allow reauth for openstack client 2020-10-30 08:57:49 +02:00
Ole Markus With f6ce70e5c3 Minor fixes to swiftfs.go 2020-10-08 20:32:29 +02:00
Ciprian Hacman 0c6f1c733c Use all kops mirrors to determine artifacts hashes 2020-09-18 09:44:37 +03:00
Kubernetes Prow Robot a5fc8895dc
Merge pull request #9857 from hakman/detect-aws-region 
Detect AWS region for S3 inside containers
 2020-09-09 23:17:44 -07:00
John Gardiner Myers 1e92c7740c Map ENOENT to ErrNotExist in FSPath 2020-09-05 21:46:57 -07:00
Ciprian Hacman 32e6da7576 Detect AWS region for S3 inside containers 2020-09-02 06:41:12 +03:00
Justin SB d4480e4721 Always use OpenStack Swift reauthentication 
If we were using credentials from env vars, we would not do
reauthentication with Swift.
 2020-08-29 08:25:59 -04:00
Peter Rifel 4d9f0128a3
Upgrade to klog2 
This splits up the kubernetes 1.19 PR to make it easier to keep up to date until we get it sorted out.
 2020-08-16 20:56:48 -05:00
Ole Markus With a708a96c05 Adds support for using OS application credentials 
Application credentials allows you to export a purpose-specific set of
credentials for a user instead of exposing user login credentials.
Especially useful when using LDAP or similar for Openstack users.
Also lets you rotate credentials more easily since multiple application
credentials can be provisioned per user.

Update pkg/model/bootstrapscript.go

Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>
 2020-08-07 14:26:47 +02:00
Ole Markus With d1479fb666 Add support for reading openstack metadata in vfs 2020-08-04 08:22:00 +02:00
John Gardiner Myers fed5587d77 Improve locking in memfs 2020-07-19 16:01:47 -07:00