kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,127 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

39 Commits

Author SHA1 Message Date
Ole Markus With 0f545f8659 Split oidc_provider 
* one builder concerned with publishing issuer discovery metadata
* one builder concerned with creating aws oidc provider
 2021-04-30 18:05:20 +02:00
Ciprian Hacman 4a0fa78b20 Run hack/update-bazel.sh 2021-04-30 14:50:46 +03:00
Ciprian Hacman 4746f6d00c Fix etcd volume validation logic 2021-04-13 12:03:38 +03:00
guydog28 bd80c3f2b4 replace hard coded aws region checks with aws sdk calls 2021-03-24 15:31:05 +00:00
Ole Markus With c6a741a148 Move dns and external_access to awsmodel 2021-03-07 22:07:17 +01:00
Ole Markus With d415fdf1a1 Move bastion model to awsmodel 2021-03-07 22:06:20 +01:00
Justin SB 4ac9d5c17b Boot nodes without state store access 
kops-controller can now serve the instance group & cluster config to
nodes, as part of the bootstrap process.

This enables nodes to boot without access to the state
store (i.e. without S3 / GCS / etc permissions)

Feature-flagged behind the KopsControllerStateStore feature-flag.
 2021-01-09 13:08:48 -05:00
Kenji Kaneda a61caea8d2 Add Azure support 
This commit contains all changes required to support Azure
(https://github.com/kubernetes/kops/issues/3957).
 2020-12-21 08:27:54 -08:00
Justin SB 7d9ff3ba96 Refactor MirroredAsset into mirrors package 
This means we can use MirroredAsset for nodeup without circular
dependencies.  Also removes a duplicate constant that was declared
twice.
 2020-12-19 18:39:09 -05:00
Ole Markus With 4fa6f56ecd Use the kubernetes-sigs version of yaml 2020-12-15 10:38:01 +01:00
Ciprian Hacman e57cd534b5 Allow attaching same external target group to multiple instance groups 2020-12-03 06:59:59 +02:00
John Gardiner Myers 7069aaabf6 Take node labels from cloud tags on AWS 2020-09-10 20:59:24 -07:00
Justin SB 8498ac9dbb Create PublicJWKS feature flag 
This should be much easier to start and to get under testing; it only
works with a load balancer, it sets the apiserver into anonymous-auth
allowed, it grants the anonymous auth user permission to read our jwks
tokens.  But it shouldn't need a second bucket or anything of that
nature.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-09-09 09:57:06 -04:00
Justin SB b158ffab04 Refactor: KopsModelContext embeds IAMModelContext 
go syntax makes this an annoying change, unfortunately.
 2020-08-25 11:22:34 -04:00
Peter Rifel 4d9f0128a3
Upgrade to klog2 
This splits up the kubernetes 1.19 PR to make it easier to keep up to date until we get it sorted out.
 2020-08-16 20:56:48 -05:00
Ciprian Hacman a7c8d2087c Use github.com/blang/semver/v4 2020-07-01 08:54:42 +03:00
John Gardiner Myers 013f9bf914 Create bootstrap script in a Task 2020-06-26 19:11:40 -07:00
John Gardiner Myers 304476cebf Refactor BootstrapScript 2020-06-18 22:17:39 -07:00
Ciprian Hacman 95aca3def5 ARM64 support - Update bazel files 2020-06-19 04:42:11 +03:00
Justin SB 75fd939a62
kube-apiserver: healthcheck via sidecar container 
kube-apiserver doesn't expose the healthcheck via a dedicated
endpoint, instead relying on anonyomous-access being enabled.  That
has previously forced us to enable the unauthenticated endpoint on
127.0.0.1:8080.

Instead we now run a small sidecar container, which
proxies /healthz and /readyz requests (only) adding appropriate
authentication using a client certificate.

This will also enable better load balancer checks in future, as these
have previously been hampered by the custom CA certificate.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-05-07 08:06:52 -04:00
Justin SB cf5c53c87d
Add tests for manifest normalization 
(The tests are split out for easier cherry-picking, should we choose to)
 2020-01-11 22:41:18 -05:00
Justin SB 728e582360
Fill out kops controller functionality 
k8s 1.16 requires that we move label setting away from the kubelet, to
a central controller.  kops-controller is that controller.
 2019-09-25 12:04:34 -04:00
Kubernetes Prow Robot 070498ba2d
Merge pull request #7566 from srikiz/DO-7442-AddTagsForCreateVolumeRequest 
[DO-7442] Digital Ocean add consistent volume and droplet tags for multi master feature
 2019-09-16 08:22:38 -07:00
Srikanth 45e3e0d03b Update build.bazel 2019-09-13 13:24:17 +05:30
Justin SB 810c65eb46
Copy well-known users from apiserver 
This should eliminate the dependency on k8s.io/apiserver
 2019-08-31 08:50:09 -07:00
Justin SB 17186ff7ba
Generated vendor & bazel from `make gomod` 
Automatically generated vendor & BUILD.bazel files
 2019-08-25 16:00:41 -04:00
Justin SB 512378b335
Rationalize golden-output comparison 
Create a single helper function: AssertMatchesFile

Also a few output files that weren't consistent.
 2019-07-21 23:08:48 -04:00
Justin SB 76d03b3f71
Generated files: glog -> klog 2019-05-06 12:56:03 -04:00
Rodrigo Menezes a82f548ff8 Allow using existing/shared Security Groups 
Verbosely log when a user overwrites LB or IG security groups

Change SecurityGroup to SecurityGroupOverride

Allow using existing/shared Security Groups

Update tests
 2018-10-02 00:51:39 -07:00
LilyFaFa 59b28164f7 add ALI volume model and apply_cluster codes 2018-06-22 20:28:33 +08:00
Justin Santa Barbara f8c57c2f57 Move ssh key functions to pkg/pki 
Preparation for reuse by the roundtrip mock tests.
 2018-03-11 13:20:08 -04:00
Mike Splain 45a57915e2 Fix bazel deprecation notice 2018-02-26 09:36:13 -05:00
chrislovecnm 4dd3bb1dea Updating bazel BUILD files with new go_rules version 2017-12-29 15:03:14 -07:00
Justin Santa Barbara bf24a6443c Avoid ListSecrets call in nodeup 
This helps up with GCE permissions, but also helps us get rid of auth
tokens.
 2017-12-19 11:45:04 -05:00
zengchen1024 769a9e9dbb update gazelle 2017-11-22 14:29:14 +08:00
chrislovecnm 609e268a1d gazelle updates with new bazel version 2017-11-05 17:41:53 -07:00
Justin Santa Barbara 15d50aff48 Update tests; add to bazel 2017-10-23 00:42:56 -04:00
Justin Santa Barbara b63f4d2dbe Add data dependencies to go_test rules 
This lets all the tests pass in bazel, other than create_cluster which
references files outside its tree.
 2017-10-03 10:45:50 -04:00
Justin Santa Barbara 0143be7c4f autogen: BUILD and BUILD.bazel 2017-10-02 14:27:21 -04:00