kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,878 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

4198 Commits

Author SHA1 Message Date
John Gardiner Myers 36f93d0069 hack/update-expected.sh 2021-05-07 23:40:03 -07:00
John Gardiner Myers d3469d6ec2 Remove code for no-longer-supported k8s versions 2021-05-07 23:40:03 -07:00
John Gardiner Myers 3aa8d40052 Release 1.22.0-alpha.1 2021-05-07 13:45:35 -07:00
John Gardiner Myers 81956f622c Prepare for kOps 1.22 2021-05-07 13:44:58 -07:00
John Gardiner Myers a159b69cec Remove the PublicJWKS feature flag 2021-05-06 11:05:24 -07:00
Kubernetes Prow Robot e3fbc2ad04
Merge pull request #11378 from olemarkus/cilium-no-hubble-no-secret 
Don't try to mount hubble TLS on the agent if we don't use hubble
 2021-05-04 04:05:11 -07:00
Ole Markus With 2c95c2fe50 Don't try to mount hubble TLS on the agent if we don't use hubble 2021-05-04 11:26:20 +02:00
John Gardiner Myers 30bc1c7b15 Fix upgrade of service-account key 2021-05-03 20:24:12 -07:00
Kubernetes Prow Robot f0570ba953
Merge pull request #11371 from johngmyers/refactor-terraform 
Refactor terraform writing
 2021-05-03 16:37:10 -07:00
Kubernetes Prow Robot b58137c8f4
Merge pull request #11372 from hakman/calico-3.19.0 
Update Calico to v3.19.0
 2021-05-03 13:38:08 -07:00
Kubernetes Prow Robot bf17910918
Merge pull request #11374 from olemarkus/cilium-1-10-manifest 
Add more support for cilium 1.10
 2021-05-03 08:16:03 -07:00
Ole Markus With aadcd9d448 Add more support for cilium 1.10 2021-05-03 16:10:56 +02:00
Jesse Haka 3b9c893bae add permission to create sa tokens 2021-05-03 16:01:57 +03:00
Ciprian Hacman 6ec8e7c224 Update Calico to v3.19.0 2021-05-03 10:22:51 +03:00
John Gardiner Myers 57dec35f68 Split out TerraformWriter 2021-05-02 21:54:46 -07:00
John Gardiner Myers 4e53018cf8 Split out getOutputs() 2021-05-02 21:06:20 -07:00
John Gardiner Myers b4bbf97523 Adjust sorting of outputs in hcl2 2021-05-02 20:02:15 -07:00
John Gardiner Myers 1a848e9ebb Split out getResourcesByType() 2021-05-02 19:40:09 -07:00
John Gardiner Myers 5c4f1c4f6c Adjust sorting of resources in hcl2 2021-05-02 19:39:23 -07:00
John Gardiner Myers 7921a5bd7e Separate TerraformTarget.AddFile() into two receivers 2021-05-02 16:47:33 -07:00
Ole Markus With 6f8b3647cf Add support for IRSA in he api 
Apply suggestions from code review

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-05-01 16:03:42 +02:00
Kubernetes Prow Robot 3704ffd2c9
Merge pull request #11354 from codablock/external-cert-manager 
Allow cert-manager to be provisioned externally
 2021-04-30 13:45:59 -07:00
Kubernetes Prow Robot 1da39a3fe1
Merge pull request #11361 from olemarkus/oidc-awsidcprovider 
Configure aws oidc provider
 2021-04-30 11:41:59 -07:00
Alexander Block d1ab0af511 Allow cert-manager to be provisioned externally 2021-04-30 20:33:59 +02:00
Kubernetes Prow Robot d8de9fcad6
Merge pull request #11314 from olemarkus/cilium-fix-hubble 
Expose hubble agent when hubble is enabled
 2021-04-30 10:59:59 -07:00
Ole Markus With 25b5f0cfb2 Move publicDataStore to serviceAccountIssuerDiscovery.discoveryStore 2021-04-30 19:19:06 +02:00
Ole Markus With 0f545f8659 Split oidc_provider 
* one builder concerned with publishing issuer discovery metadata
* one builder concerned with creating aws oidc provider
 2021-04-30 18:05:20 +02:00
Ole Markus With 7c0be997e1 Expose hubble agent when hubble is enabled 
Also enables PKI for the addon
 2021-04-30 17:52:19 +02:00
Kubernetes Prow Robot 7a63ed8f5c
Merge pull request #11360 from dntosas/nth-resources 
[addons/nth] Add capability to define resources
 2021-04-30 07:53:58 -07:00
Ciprian Hacman 4a0fa78b20 Run hack/update-bazel.sh 2021-04-30 14:50:46 +03:00
Ciprian Hacman 0e651dd8fc Use AWSModelContext in remaining awsmodel files 2021-04-30 14:50:46 +03:00
Ciprian Hacman 137fe6c2bb Move firewall to awsmodel 2021-04-30 14:50:46 +03:00
dntosas 7e20f87822
[addons/nth] Add capability to define resources 
Node termination handler as all daemonSets may play a critical role in
capacity planning, define resource policy for chosing instanceType etc.

In this commit, we enable users to define resources themselves to meet
their needs and also removed limits to convey with the chosen strategy
to avoid limits on such components.

Signed-off-by: dntosas <ntosas@gmail.com>
 2021-04-30 14:13:11 +03:00
Ciprian Hacman fcba0043d0 Move iam to awsmodel 2021-04-30 12:37:28 +03:00
Ciprian Hacman 4dfe58de7a Move network to awsmodel 2021-04-30 12:04:06 +03:00
Ciprian Hacman ca02c04793 Move sshkey to awsmodel 2021-04-30 12:04:06 +03:00
Ole Markus With 01ccf4590f Bump cilium to 1.9.6 2021-04-28 10:06:13 +02:00
Kubernetes Prow Robot 942f183157
Merge pull request #11336 from olemarkus/sqs-fix-flap 
Fix SQS resource flapping
 2021-04-27 22:08:49 -07:00
Ciprian Hacman dffb1ca5e0 Update Calico to v3.18.2 2021-04-28 05:50:06 +03:00
Kubernetes Prow Robot 071ea676d6
Merge pull request #11331 from olemarkus/warmpool-silence-error 
Don't try to delete warm pool when creating the cluster
 2021-04-27 17:12:50 -07:00
Kubernetes Prow Robot f1fbde95e6
Merge pull request #11337 from bjhaid/master 
Add `enable-host-reachable-services` to 1.8 and generic cilium.
 2021-04-27 14:19:38 -07:00
Kubernetes Prow Robot 75999163df
Merge pull request #11335 from olemarkus/warmpool-fix-hook-name 
Fix lifecycle hook naming
 2021-04-27 12:37:38 -07:00
bjhaid af1189befd Add `enable-host-reachable-services` to 1.8 and generic cilium. 
This completes #11333. I missed these updating these other template
files when I submitted #11333.
 2021-04-27 13:57:38 -05:00
Ole Markus With f16cafb8ef Make hook task name unique while the hook name is consistent 
Since tasks need to be unique, but we need to reuse the hookname across all ASGs, we distinguish between task and actual name of the hook
 2021-04-27 20:57:19 +02:00
Ole Markus With 849ff56c96 Fix SQS resource flapping 
* one case of AWS returning different JSON than we passed
* AWS returning a field we do not (and can not) build an expected value of
 2021-04-27 20:47:24 +02:00
bjhaid 88ed9f68bd Add support for configuring Cilium enable-host-reachable-services. 
After upgrading Cilium to 1.8 via kops one of our clusters had a total
outage due to cilium reporting errors as below:

```
level=error msg="endpoint regeneration failed" containerID= datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=592 error="Failed to load tc filter: exit status 1" identity=40147 ipv4= ipv6= k8sPodName=/ subsys=endpoint
```

upon searching Cilium slack we found the below thread:

https://cilium.slack.com/archives/C1MATJ5U5/p1616400216167600

which recommended setting `enable-host-reachable-services` to true will
address the problems. We set the field and it fixed our issues too,
however we observed that kops does not have a means to configure this
hence this PR.

We will like to have this backported after it has been merged.
 2021-04-27 12:49:27 -05:00
Ole Markus With c42ca216a2 Move lifecycle hook task to match expected filename 2021-04-27 19:13:48 +02:00
Kubernetes Prow Robot 6ed023ed30
Merge pull request #11326 from codablock/fix-ebs-csi 
Fix arguments to csi-provisioner after bump to v2.2.0
 2021-04-27 05:25:37 -07:00
Ole Markus With 5881020b94 Don't try to delete warm pool when creating the cluster 2021-04-27 14:23:20 +02:00
Kubernetes Prow Robot 17e46e5a2c
Merge pull request #11322 from johngmyers/warmpool-cluster 
Add cluster-level warmPool settings
 2021-04-27 02:09:38 -07:00