kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
21,504 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

121 Commits

Author SHA1 Message Date
Peter Rifel 62df0dba04
Migrate AWS Verifier to aws-sdk-go-v2 2024-05-05 08:39:20 -04:00
Peter Rifel fc4f962279
Migrate node controller and identity to aws-sdk-go-v2 2024-04-03 18:17:39 -05:00
Peter Rifel 1cab9aaa16
Migrate kops-controller to aws-sdk-go-v2 2024-03-24 18:07:16 -05:00
justinsb 010a0d5e4c feat: Support PKI bootstrap 
Similar to the TPM bootstrapping on GCE (indeed, a lot of the code is
modified from there), but we verify the PKI signature against a public
key in a Host CRD object.
 2023-11-30 18:35:58 -05:00
justinsb 592b575412 feat: Support multiple token verifiers in kops-controller 
This will allow us to support nodes running in multiple clouds.  If we
don't configure multiple verifiers, this should be a no-op.
 2023-11-30 10:44:53 -05:00
justinsb 0096451a83 Cleanup a few places where we used Warningf with %w 
Fixing up a few places where we used the wrong marker.
 2023-09-18 11:02:18 -04:00
Ciprian Hacman c754cdf017 kops-controller: Increase client-side throttling limits 2023-09-13 11:25:41 +03:00
Kubernetes Prow Robot 14c0b647db
Merge pull request #15874 from johngmyers/no-master-label 
Legacy control-plane node labels are no longer used
 2023-09-04 23:05:49 -07:00
John Gardiner Myers 76cb3924c4 Legacy control-plane node labels are no longer used 2023-09-04 20:23:08 -07:00
John Gardiner Myers 1ea0fd3004 AWS always uses resource-based names 2023-09-04 16:08:48 -07:00
Ciprian Hacman 5d43d5fe88 Update dependencies 2023-08-31 13:53:46 +03:00
John Gardiner Myers 0d9c130b07 Remove use of ClusterSpec in nodeup 2023-08-09 18:12:37 -07:00
Kubernetes Prow Robot 5d08bc3b0a
Merge pull request #15640 from johngmyers/vfscontext 
Refactor out references to global vfs.Context
 2023-07-17 09:15:19 -07:00
Kubernetes Prow Robot 76eda9b9f4
Merge pull request #15650 from justinsb/prune_node_labels 
Support removal of managed node labels
 2023-07-16 21:49:07 -07:00
justinsb 7a5c43ef8d Fix comment on patchNodePodCIDRs 
Cleanup; no change in behavior.
 2023-07-16 22:59:06 -04:00
justinsb 5fd533c96a Support removal of managed node labels 
kops-controller manages a few node-role node-labels.  We
now remove any extra managed labels that land on the node.

This means we will now actively remove the extra node label if we
previously erroneously applied to a control-plane node; previous code
changes stopped applying it.
 2023-07-16 22:41:22 -04:00
Kubernetes Prow Robot 2a0cc8a7dc
Merge pull request #15627 from hakman/azure_dns_none 
azure: Add support for dns=none
 2023-07-16 04:27:05 -07:00
John Gardiner Myers e04fc1314f Use NewVFSContext in kops-controller 2023-07-15 15:48:56 -07:00
justinsb edeb4d4869 kops-controller: load objects with version conversion 
If we deserialize the yaml, we don't go through the version-conversion
logic.  That logic maps from Master -> ControlPlane, so without that
logic we see unexpected values in the "string enums".
 2023-07-15 17:34:50 -04:00
Ciprian Hacman 83d14d4343 azure: Add support for dns=none 2023-07-13 09:04:06 +03:00
Justin SB cf9134489c kops-controller: create IPAM controller for GCE 
We observe the IPv6 CIDRs assigned to nodes, and reflect them into the node.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2023-07-05 12:34:55 -04:00
justinsb 36a763c88f node labeling: don't ignore unknown roles 
We were silently ignoring unknown roles, which makes it hard to know
when our expectations aren't met.  It looks like the rename of the
role from "Master" to "ControlPlane" may have caused some drift
against our expectations also.
 2023-06-18 19:40:56 -04:00
Leïla MARABESE dab001c3e9 scaleway authenticator and verifier 2023-06-14 15:15:17 +02:00
Ciprian Hacman 505c0c87de kops-controller: Return `http.StatusConflict` only when node is ready 2023-05-27 12:58:50 +03:00
Ciprian Hacman 7b545dde4b kops-controller: Return `http.StatusConflict` when node already exists 2023-05-27 09:47:40 +03:00
justinsb 1faee9dd8c digitalocean: bootstrap nodes through kops-controller. 
We start with a simple node verifier.
 2023-05-07 13:17:56 -04:00
justinsb c89f434f1b Only use node challenge on hetzner 
DigitalOcean (and others) will follow shortly.

Also create a method for CloudProvider, so that we are more ambivalent
towards bootstrapping methods.
 2023-05-06 08:57:21 -04:00
Justin SB c67f895226 Perform challenge callbacks into a node 
In order to verify that the caller is running on the specified node,
we source the expected IP address from the cloud, and require that the
node set up a simple challenge/response server to answer requests.

Because the challenge server runs on a port outside of the nodePort
range, this also makes it harder for pods to impersonate their host
nodes - though we do combine this with TPM and similar functionality
where it is available.
 2023-05-06 08:03:21 -04:00
justinsb 868823bbcf Block bootstrap when the node already exists 
We now do this across all clouds, as it has been demonstrated on
OpenStack.
 2023-04-27 11:47:42 -04:00
Jesse Haka a765191898 use http.StatusConflict 2023-02-20 13:01:43 +02:00
Jesse Haka 8e6199fa39 exit gracefully if server already exists in k8s 2023-02-12 16:52:13 +02:00
Justin SB 9b02017059 openstack verifier: support IPv6 
Add IPv6 support to the openstack verifier and polish up a few error messages.
 2023-01-28 10:54:48 -05:00
Jesse Haka b3c134be06 make openstack kops-controller boostrap auth better 2023-01-19 10:07:11 +02:00
Kubernetes Prow Robot 08f308232f
Merge pull request #15006 from zetaab/osnodeidentifier 
update OpenStack node identifier to use Identifier
 2023-01-15 23:20:51 -08:00
Jesse Haka eaa1a6836e update OpenStack node identifier to use Identifier instead of LegacyIdentifier 2023-01-15 10:14:51 +02:00
John Gardiner Myers 775ed65820 Run kops-controller server on non-leaders as well 2023-01-14 10:20:04 -08:00
Jesse Haka 3dab0eb807 Use kops-controller to boostrap nodes in OpenStack 2023-01-14 13:54:14 +02:00
justinsb 6c2edaee7e Add Context arg to vfs ReadFile 
This is an "action" method, so should take a context.
 2023-01-01 09:51:44 -05:00
Ciprian Hacman b3a07ee83e Use short service name with discovery labels 2022-12-26 13:21:43 +02:00
justinsb 817c1e63b3 FindKeyset can return nil 
We had missed a case in nodeup; add a Context argument to force us to
revisit the codepaths.
 2022-12-24 16:12:21 -05:00
Kubernetes Prow Robot c9e6a915cc
Merge pull request #14736 from Mia-Cross/scaleway_nodeidentity 
scaleway : nodeidentity
 2022-12-13 22:29:34 -08:00
Ole Markus With 7375bbb487 kops-controller: increase verbosity level on logs in gossip controller 2022-12-08 20:18:31 +01:00
Leïla MARABESE 3b9a57efb7 scaleway nodeidentity 2022-12-07 11:49:53 +01:00
Ciprian Hacman 8f79c9bd68 Replace fi.Bool/Float*/Int*/String() with fi.PtrTo() 2022-11-19 03:45:22 +02:00
Ciprian Hacman 61eaeddb9b Serve secrets from kops-controller for nodes without state store access 2022-11-15 14:51:54 +02:00
Ciprian Hacman c9d1eb9761 hetzner: Use kops-controller for node bootstrap 2022-11-02 12:43:25 +02:00
Ciprian Hacman b5f14b589b Add initial support for Hetzner Cloud 2022-05-09 06:12:15 +03:00
Ole Markus With ce2e877aeb Remove bazel files from vendor 2022-04-12 13:29:03 +02:00
Ole Markus With 5cac1eea56 Set command using entrypoint instead of cmd 2022-03-11 16:02:46 +01:00
justinsb f60f2476ed kops-controller: use controller-runtime manager 
This gives us access to a managed client, and it lets us hook into the
lifecycle.
 2021-12-18 19:38:53 -05:00