kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,664 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

16 Commits

Author SHA1 Message Date
Kashif Saadat 0e5c393f10 Rename IAM switch to legacy, default to false for new cluster creations. 2017-08-22 13:27:55 +01:00
Kashif Saadat 0aac9b7f8d Allow the strict IAM policies to be optional, default to original behaviour (not-strict) 2017-08-22 13:27:54 +01:00
Kashif Saadat fd0ce236dc Remove node requirement to access private ca and master keys in S3 2017-08-11 16:12:32 +01:00
Kashif Saadat cd149414df Tighten down S3 IAM policy statements 2017-08-11 11:51:46 +01:00
amdonov e0428207cc Properly set IAM prefix for GovCloud 2017-07-08 00:03:22 -04:00
Justin Santa Barbara 3c6689b5b0 Always grant route53 ListHostedZones permission 2017-06-19 14:16:35 -04:00
Justin Santa Barbara 5955467be0 Default to loadbalancer ingress for gossip dns 
DNS ingress won't work anyway.
 2017-06-19 14:16:35 -04:00
Justin Santa Barbara 864a999602 Fix automatic private DNS zone creation 
We have to defer creation of the IAM policy until we have created the
hosted zone.

Fix #2444
 2017-04-29 17:01:18 -04:00
Justin Santa Barbara cb4641fea3 Code updates 2017-03-16 02:40:50 -04:00
Jakub Paweł Głazik cd795d0c8c Resolve DNS Hosted Zone ID while building IAM policy 
Fixes #1949
 2017-02-23 11:45:58 +01:00
Jakub Paweł Głazik a3019905a1 Merge remote-tracking branch 'origin/master' into iam-route53-scoping 2017-02-17 10:52:04 +01:00
Justin Santa Barbara dc9a343434 Support string-or-slice in IAM policies 
Fix #1920
 2017-02-16 22:24:28 -05:00
Jakub Paweł Głazik f50f010d2f Scope route53 permissions to DNS_ZONE only 2017-02-15 22:34:04 +01:00
Sergio Ballesteros 9e9c0c105b Add autoscaling policy to master role 2017-01-25 17:18:10 +01:00
Justin Santa Barbara 51a4adb555 Create stub IAM policy for bastions 2016-12-18 21:56:57 -05:00
Justin Santa Barbara fed68310fa Schema v1alpha2 
* Zones are now subnets
* Utility subnet is no longer part of Zone
* Bastion InstanceGroup type added instead
* Etcd clusters defined in terms of InstanceGroups, not zones
* AdminAccess split into SSHAccess & APIAccess
* Dropped unused Multizone flag
 2016-12-18 21:56:57 -05:00