kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
19,203 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

1229 Commits

Author SHA1 Message Date
justinsb 45ad8b50ae Enhance AddHostPathMapping to support a fluent style 
This allows for the helper to be used in more places.
 2021-12-31 13:26:12 -05:00
Kubernetes Prow Robot 47e6acd09f
Merge pull request #13039 from olemarkus/kube-proxy-label 
Add managed-by label to static kube-proxy pods
 2021-12-27 16:26:18 -08:00
Ole Markus With 8794b84368 Add managed-by label to static kube-proxy pods 2021-12-27 17:23:28 +01:00
Ole Markus With 4a1e43526f Kube components log to stdout 2021-12-27 14:59:06 +01:00
Kubernetes Prow Robot 2f31054e19
Merge pull request #13007 from hakman/skip_non-masquerade-cidr 
Use kubelet --non-masquerade-cidr only for Docker with kubenet
 2021-12-21 18:49:36 -08:00
Kubernetes Prow Robot 28dc7d2815
Merge pull request #12917 from olemarkus/cgroups 
Create cgroups for kube and runtime if configured
 2021-12-20 12:53:33 -08:00
justinsb 8d7f4485db staticcheck cleanup: fixup nodeup/pkg/model 
These pop up in VSCode and are pretty simple to fix:

```
nodeup/pkg/model/cloudconfig_test.go:86:17: possible nil pointer dereference (SA5011)
        nodeup/pkg/model/cloudconfig_test.go:83:5: this check suggests that the pointer can be nil
nodeup/pkg/model/cloudconfig_test.go:155:17: possible nil pointer dereference (SA5011)
        nodeup/pkg/model/cloudconfig_test.go:152:5: this check suggests that the pointer can be nil
nodeup/pkg/model/sysctls.go:172:12: error strings should not be capitalized (ST1005)
nodeup/pkg/model/sysctls.go:184:12: error strings should not be capitalized (ST1005)
nodeup/pkg/model/volumes.go:59:11: error strings should not be capitalized (ST1005)
```
 2021-12-20 10:36:54 -05:00
Ole Markus With 166860b668 Create cgroups for kube and runtime if configured 2021-12-20 13:36:45 +01:00
Ciprian Hacman cb6d424675 Use kubelet --non-masquerade-cidr only for Docker with kubenet 2021-12-20 08:47:02 +02:00
Robbie Lankford b5b87b19af
remove ineffectual assignment; this codeblock should likely have been removed with commit e19a1bbad9 2021-12-12 18:16:42 -06:00
John Gardiner Myers c5e1dea184 Remove code for no-longer-supported k8s version 2021-12-11 16:30:51 -08:00
John Gardiner Myers ed5eb8c034 hack/update-expected.sh 2021-12-11 15:50:46 -08:00
John Gardiner Myers 63955f84d9 Bump unsupported k8s version for tests 2021-12-11 15:50:46 -08:00
Kubernetes Prow Robot c073ff595b
Merge pull request #12923 from justinsb/nodeup_store_cloudprovider 
nodeup: store the CloudProvider in the context
 2021-12-11 08:37:57 -08:00
justinsb 03cbb0381b tests: Improve logging on test failure 
I encountered a test failure that was hard to track down; this
additional logging on failure helped me figure it out.
 2021-12-11 09:17:08 -05:00
justinsb 8220211655 nodeup: store the CloudProvider in the context 
This is a bit simpler than fetching it from the cluster every time,
and also can allow things like mixed-cloud clusters (in future).
 2021-12-11 09:16:03 -05:00
Ole Markus With 2088849768 Do not set insecure port on k8s 1.20+ 2021-12-11 12:44:56 +01:00
Kai Lueke d93033ae75 Simplify Flatcar containerd exec command 
The containerd command used in
https://github.com/kubernetes/kops/pull/12177 is a modification from
the torcx containerd unit. However, how torcx starts containerd is a
implementation detail and it's better to not hardcode torcx in case it
isn't used anymore.
Change the ExecStard command to use /usr/bin/containerd directly,
making it simpler and more future-proof.
 2021-12-06 14:07:39 +01:00
Kubernetes Prow Robot f7e66049d6
Merge pull request #12862 from johngmyers/instanceid-nodename 
Use instance ID as node name when AWS CCM supports it
 2021-12-05 14:58:32 -08:00
justinsb 4cf52d0e51 GCE: Support kops-controller, including in gossip mode 
We discover the kops-controller in gossip mode using seeding code that
calls into the GCE API, just like gossip itself does.

We refactor the gossip code into a shared gcediscovery library with
minimal dependencies.
 2021-12-04 11:51:41 -05:00
Kubernetes Prow Robot 576dc1946a
Merge pull request #12883 from hakman/k8s-1.23.0-rc.0 
Update k8s dependencies to v1.23.0-rc.0
 2021-12-03 20:48:33 -08:00
Ciprian Hacman 1f5a814d3a Replace Handler with ProbeHandler for container probes 2021-12-03 22:57:43 +02:00
Ciprian Hacman e19a1bbad9 Remove support for RHEL/CentOS 7 2021-12-03 21:40:10 +02:00
Ciprian Hacman 45094241f6 Remove support for Ubuntu 16.04 2021-12-03 21:28:12 +02:00
Ciprian Hacman ea7df00719 Run hack/update-gofmt.sh 2021-12-01 22:39:50 +02:00
John Gardiner Myers 73f164e229 Use instance ID as node name when AWS CCM supports it 2021-11-30 17:54:54 -08:00
Ole Markus With f2f9b9dcbb Determine hostnameOverride entirely in nodeup instead of passing in cloud placeholders from cloudup 2021-11-30 13:29:54 +01:00
Ole Markus With 91b40385e6 Remove redundant evaluation of hostnameOverride 
The override is already resolved in upup/pkg/fi/nodeup/command.go
 2021-11-30 11:22:02 +01:00
John Gardiner Myers ef754ce71f Make requests and limits be *resource.Quantity 2021-11-29 22:50:31 -08:00
Kubernetes Prow Robot 2b059a06d3
Merge pull request #12844 from bwagner5/metadata-hostname 
Use AWS metadata to retrieve local-hostname in nodeup
 2021-11-27 07:10:41 -08:00
Brandon 652eea951c update bazel 2021-11-26 23:33:51 -06:00
Brandon 4bc48fc7b6 use metadata to retrieve instance hostname in nodeup 2021-11-26 19:24:04 -06:00
John Gardiner Myers e4bad43098 Reverse the sense of hook enablement in v1alpha3 2021-11-25 18:45:13 -08:00
Kubernetes Prow Robot 0e56286aa3
Merge pull request #12816 from johngmyers/rename-fields-2 
Rename fields to fit acronym conventions
 2021-11-24 23:14:33 -08:00
John Gardiner Myers 03157c5894 hack/update-expected.sh 2021-11-24 17:46:00 -08:00
Kubernetes Prow Robot a8289da46e
Merge pull request #12789 from WeTransfer/dnsopt 
Add support for --dns flag in Docker config
 2021-11-24 08:18:20 -08:00
John Gardiner Myers b9ac79ec6e Rename fields in v1alpha3 networking API to fit acronym convention 2021-11-22 08:07:55 -08:00
John Gardiner Myers f4d2cb0437 Rename fields in v1alpha3 keyset API to fit acronym convention 2021-11-22 08:07:55 -08:00
John Gardiner Myers f65ba3d9cd Rename fields in v1alpha3 componentconfig API to fit acronym convention 2021-11-21 16:16:32 -08:00
John Gardiner Myers 5a42c10fd3 Rename fields in v1alpha3 cluster API to fit acronym convention 2021-11-21 16:16:32 -08:00
Jeff Wolski a9ecfa47b5 Add support for --dns flag in Docker config 
This commit adds support for the --dns flag which is provided as a
Docker daemon startup flag. The flag is used to set the IP address of
the DNS server that the daemon injects into containers. Multiple --dns
flags are supported.
 2021-11-19 10:02:12 +01:00
Kubernetes Prow Robot 6c6ea761b0
Merge pull request #12712 from rifelpet/kube-proxy-go-runner 
Migrate kube-proxy manifest to use go-runner for logging
 2021-11-18 06:15:02 -08:00
Kubernetes Prow Robot 2c9183509d
Merge pull request #12699 from zetaab/hostnamesuffix 
Add ingress hostname suffix configurable to kOps
 2021-11-16 07:13:27 -08:00
Ole Markus With bb490decb5 Do not return error when there is no error checking for cgroupfs 2021-11-15 11:15:55 +01:00
Kubernetes Prow Robot 0176f079e7
Merge pull request #12726 from johngmyers/revert-leader-migration 
Revert leader migration
 2021-11-12 22:50:48 -08:00
John Gardiner Myers 561b562a65 Revert "Update automatically generated files" 
This reverts commit 3d5d5b38d6.
 2021-11-12 22:07:18 -08:00
Eng Zer Jun 425173ae9f
refactor: move from io/ioutil to io and os packages 
The io/ioutil package has been deprecated as of Go 1.16, see
https://golang.org/doc/go1.16#ioutil. This commit replaces the existing
io/ioutil functions with their new definitions in io and os packages.

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
 2021-11-12 15:37:18 +08:00
Peter Rifel 90d9b4e54e
Migrade kube-proxy manifest to use go-runner for logging 2021-11-11 17:14:40 -06:00
Jesse Haka 5a5390335e fix 2021-11-09 10:40:30 +02:00
Jesse Haka 5af63f0fe8 Add ingress hostname suffix configurable to kOps 2021-11-09 10:22:05 +02:00
Kubernetes Prow Robot e230cc95aa
Merge pull request #12676 from johngmyers/leader-migration 
Migrate to AWS CCM in k8s 1.24
 2021-11-05 23:14:51 -07:00
Ciprian Hacman 5ec40c0c32 Use chrony for synchronizing time in Ubuntu 2021-11-04 10:20:41 +02:00
John Gardiner Myers 3d5d5b38d6 Update automatically generated files 2021-11-02 23:08:03 -07:00
Peter Rifel 3442f95d59
Revert "Migrade kube-proxy manifest to use go-runner for logging" 
This reverts commit b0e585c751.
 2021-11-02 06:48:01 -05:00
Peter Rifel b0e585c751
Migrade kube-proxy manifest to use go-runner for logging 2021-11-01 17:01:19 -05:00
Ciprian Hacman d1375353b0 Enable Router Advertisements for Debian 11 on ens* interfaces 2021-10-31 15:16:10 +02:00
John Gardiner Myers 5447fa62e0 Prohibit masquerading in IPv6 clusters 2021-10-30 12:57:07 -07:00
Ciprian Hacman 91e215de96 Enable Router Advertisements for Debian 11 2021-10-30 10:22:43 +03:00
John Gardiner Myers 7cb4fbe91e Never masquerade IPv6 with Cilium 2021-10-27 23:40:02 -07:00
Ciprian Hacman 2f4bdde429 Respect any MaxPods value the user sets explicitly 
even for AWS VPC CNI.
 2021-10-25 06:39:34 +03:00
Kubernetes Prow Robot 03044b79a6
Merge pull request #12587 from justinsb/chrony_on_ubuntu_gce 
GCE: use chrony on Ubuntu + GCE
 2021-10-23 14:02:21 -07:00
Kubernetes Prow Robot 6cf33f74a0
Merge pull request #12554 from justinsb/nodeup_gossip_seed 
gossip: Seed /etc/hosts in nodeup
 2021-10-23 13:16:32 -07:00
justinsb f54cf000fd GCE: use chrony on Ubuntu + GCE 
Ubuntu on GCE has systemd-timesyncd masked, and recommends (and
preconfigures) chrony instead.
 2021-10-23 13:36:50 -04:00
justinsb 71264d5fec gossip: Seed /etc/hosts in nodeup 
In some scenarios (e.g. cilium), we rely on the internal DNS name
being available, but this isn't the case with gossip clusters.

nodeup can seed /etc/hosts for the control-plane nodes, breaking the
deadlock.
 2021-10-19 09:26:07 -04:00
justinsb c34fd83365 Add SystemGeneration to channel version tracker 
This allows us to reapply a manifest when we introduce new
functionality, such as pruning.

Otherwise an old version can apply the manifest, mark the manifest as
applied, and we won't reapply.
 2021-10-15 17:47:13 -04:00
Jesse Haka 43c5c9f9ab Enable ingress hostname feature for OpenStack 2021-10-12 10:12:41 +03:00
John Gardiner Myers 7963b9b9ec Remove some unused fields from v1alpha3 componentconfig 2021-10-07 23:29:53 -07:00
Kubernetes Prow Robot fcfdbab4b1
Merge pull request #12420 from justinsb/gce_tpm 
Support GCE TPM verification
 2021-10-06 23:33:47 -07:00
Peter Rifel f176380550
./hack/update-expected.sh 2021-10-06 08:11:04 -05:00
Peter Rifel db639664a1
Replace klog flags with go-runner in k8s 1.23 
These flags have been deprecated, see https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/2845-deprecate-klog-specific-flags-in-k8s-components
 2021-10-06 08:10:20 -05:00
justinsb 4dc2c062fd Support GCE TPM verification 2021-10-06 08:40:20 -04:00
Ciprian Hacman 71a0bcf353 Add kubescheduler.config.k8s.io/v1beta2 for k8s 1.22+ 2021-10-05 10:27:02 +03:00
John Gardiner Myers 0fd4dca30e Remove dead code 2021-10-02 20:58:55 -07:00
Ciprian Hacman 290d3d3e3d Remove unnecessary sysctl "net.ipv6.conf.all.accept_ra=2" 2021-10-02 08:07:04 +03:00
Peter Rifel 7ce1cdc065
Set kubelet's --no-ip on IPv6-only clusters 2021-09-30 09:20:33 -05:00
Peter Rifel 724804025b
./hack/update-expected.sh 2021-09-30 09:20:33 -05:00
Peter Rifel 88ddff3baf
Use separate cloud.config files for in-tree vs out-of-tree components 2021-09-30 09:20:33 -05:00
Kubernetes Prow Robot b9d5e37e1f
Merge pull request #12431 from olemarkus/cilium-al2 
Mount cgroupv2 for cilium at a custom location
 2021-09-28 07:14:43 -07:00
Ole Markus With 39178703c8 Mount cgroupv2 for cilium at a custom location 2021-09-27 19:29:36 +02:00
justinsb fad6db8beb Refactor bootstrap verifier/authenticator into its own package 
No code changes, but this avoids a circular package dependency that we
would otherwise introduce in the GCE logic.
 2021-09-26 09:43:53 -04:00
Ole Markus With fed0c16085 Revert "Remove unneeded network related sysctls" 
This reverts commit ce08ec68df.
 2021-09-25 08:24:47 +02:00
Peter Rifel ca044455a3
Remove critical-pod scheduler annotation. 
This is no longer recognized in all supported k8s versions (1.16+)

ea07644522/CHANGELOG/CHANGELOG-1.16.md (deprecations-and-removals)
 2021-09-22 21:14:50 -05:00
Ciprian Hacman ce08ec68df Remove unneeded network related sysctls 2021-09-22 06:51:10 +03:00
Ole Markus With a3a2a9c3bf Have nodeup assign an ipv6 prefix 2021-09-16 19:28:07 +02:00
Ole Markus With 29771b73c1 Use TLS for kubescheduler health check as of k8s 1.23 2021-09-16 07:46:16 +02:00
Kubernetes Prow Robot 3fd7b446c0
Merge pull request #12305 from hakman/node_ip_families 
Make AWS CCM NodeIPFamilies configurable
 2021-09-12 06:26:14 -07:00
Kubernetes Prow Robot 1b431b4c9c
Merge pull request #11628 from olemarkus/gpu-runtime 
Pre-install nvidia container runtime + drivers on GPU instances
 2021-09-11 13:00:07 -07:00
Ciprian Hacman dde08e839d Make AWS CCM NodeIPFamilies configurable 2021-09-11 13:09:08 +03:00
Ole Markus With f5fed2a08d Move nvidia config under containerd 2021-09-05 20:28:07 +02:00
Ole Markus With 4ab75b01cb Have instances learn about their GPU capabilities 2021-09-05 20:09:04 +02:00
Ole Markus With 2d013e460c Install nvidia container runtime 2021-09-05 20:09:04 +02:00
Ciprian Hacman 58fb2676eb Fix kernel parameter for IPv6 forwarding 2021-09-05 09:35:35 +03:00
Ole Markus With ec2dcfca48 Set NodeIPFamilies in ipv6 mode 2021-09-03 08:31:09 +02:00
Kubernetes Prow Robot c7eb08c76f
Merge pull request #12193 from olemarkus/protect-kernel-defaults 
Enable protect-kernel-defaults by default and set the correct sysctls in nodeup
 2021-09-02 04:42:09 -07:00
Ole Markus With 18faee636f Set kube-apiserver as default logs container 
Apply suggestions from code review

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2021-09-02 08:29:30 +02:00
John Gardiner Myers 01dd7d562e hack/update-expected.sh 2021-08-29 14:19:02 -07:00
John Gardiner Myers 62c4ce4d93 Move bootstrap RBAC from protokube to core bootstrap addon 2021-08-29 12:36:21 -07:00
John Gardiner Myers a6de058dc3 hack/update-expected.sh 2021-08-28 13:49:55 -07:00
John Gardiner Myers be8933b577 Remove code for unsupported features 2021-08-28 13:49:55 -07:00
John Gardiner Myers 6655022ce1 Remove support for the Lyft CNI 2021-08-28 11:54:39 -07:00
Ole Markus With ad16042a1f Add IPs to kubelet server cert 
Since AWS does not resolve instance hostnames to ipv6, ipv6-only pods that talk to kubelet API has to use node IP, not hostname. Thus we need to add IPs to kubelet server cert.
 2021-08-26 20:54:02 +02:00
Ole Markus With 4ef0172ee9 Enable protect-kernel-defaults by default and set the correct sysctls in nodeup 2021-08-23 11:48:20 +02:00
Ciprian Hacman 84bdfd900d Hardcode Flatcar containerd exec command 2021-08-19 09:50:08 +03:00
Ole Markus With ab596a49bc Enable ipv6 forwarding and router announcements 2021-08-11 11:09:29 +02:00
Reilly Brogan 13e2b54abc Debian 11: python-apt is not available 2021-08-10 14:33:48 -05:00
Ole Markus With f1a8565024 Fix disabling unattended upgrades 
Current default AMIs pre-install and pre-configure unattended upgrades.
We therefor need to explicitly disable it if the update policy requires
it.
 2021-08-10 12:51:49 +02:00
Ole Markus With 820683bba0 Test if update_service behaves as intended 2021-08-10 12:51:44 +02:00
John Gardiner Myers beb9741943 hack/update-expected.sh 2021-07-22 21:00:03 -07:00
John Gardiner Myers 3a53fdb139 Provision TLS server certs for controller-manager and scheduler 2021-07-22 20:59:58 -07:00
John Gardiner Myers cfd1582b0d Use kubeconfig for authentication and authorization as well 2021-07-21 19:24:06 -07:00
John Gardiner Myers 8416bd0c39 hack/update-expected.sh 2021-07-17 14:25:19 -07:00
John Gardiner Myers 526dd38e16 Remove apiserver's access to controller-manager secrets 2021-07-17 14:25:19 -07:00
John Gardiner Myers 226380bf5b Refactor legacy etcd manager etcd-client keypair 2021-07-17 14:25:19 -07:00
Kubernetes Prow Robot 67cfa9d4d4
Merge pull request #12003 from johngmyers/apiserver-server-cert 
Refactor more kube-apiserver credentials
 2021-07-17 13:52:50 -07:00
John Gardiner Myers 12c988160c hack/update-expected.sh 2021-07-16 23:12:22 -07:00
John Gardiner Myers 7c1ed8de66 Refactor kube-apiserver kubelet-api certificate 2021-07-16 23:07:14 -07:00
John Gardiner Myers 68bb8f5ddb Refactor kube-apiserver static credentials 2021-07-16 22:55:50 -07:00
John Gardiner Myers 781b302fac hack/update-expected.sh 2021-07-16 22:46:41 -07:00
John Gardiner Myers c8b1a586b8 Refactor kube-apiserver server certificate 2021-07-16 22:42:23 -07:00
John Gardiner Myers 3282549577 Issue kubelet cert on apiserver nodes for k8s before 1.19 2021-07-16 10:13:20 -07:00
John Gardiner Myers 3ae5413f63 Use keypair IDs for non-kops-controller-issued worker node certs 2021-07-15 14:04:48 -07:00
John Gardiner Myers 10692bc2f4 hack/update-expected.sh 2021-07-14 08:19:10 -07:00
John Gardiner Myers 191df58267 Verify CA keypair IDs for kops-controller-issued certs 2021-07-14 08:15:28 -07:00
Ole Markus With c17ec3a7e7 Move containerd config from cloudup to nodeup 2021-07-14 10:28:37 +02:00
John Gardiner Myers 9dbf3479d6 Stop writing the certificate-only keyset.yaml 2021-07-11 11:16:11 -07:00
Kubernetes Prow Robot 73b1bce020
Merge pull request #11975 from johngmyers/refactor-legacy 
Issue certs using CA KeypairID in NodeupConfig
 2021-07-11 01:56:47 -07:00
Kubernetes Prow Robot a3daff9343
Merge pull request #11971 from johngmyers/rotate-all 
Add "all" variants of key rotation commands
 2021-07-11 00:30:46 -07:00
John Gardiner Myers 61606868ab hack/update-expected.sh 2021-07-10 23:23:13 -07:00
John Gardiner Myers 68041a4f73 Issue certs using CA KeypairID in NodeupConfig 2021-07-10 23:23:12 -07:00
John Gardiner Myers 6ddccf5f79 Refactor some users of FindPrimaryKeypair 2021-07-10 23:23:12 -07:00
John Gardiner Myers 6f06661a68 Use narrower interface type 2021-07-10 23:23:12 -07:00
John Gardiner Myers a33a30a859 Refactor out some legacy interfaces 2021-07-10 23:23:12 -07:00
John Gardiner Myers a63e65038f hack/update-expected.sh 2021-07-10 17:31:59 -07:00
John Gardiner Myers d58a19e1bd Refactor service-account signing key 2021-07-10 17:31:59 -07:00
John Gardiner Myers 5a2aac4cfd Add "all" variants of key rotation commands 2021-07-10 05:51:31 -07:00
John Gardiner Myers 6846ef3a80
Fix function comment 
Co-authored-by: Ole Markus With <olemarkus@gmail.com>
 2021-07-09 23:50:02 -07:00
John Gardiner Myers c35d101a89 Refactor keysets for etcd-manager 2021-07-08 18:46:03 -07:00
Ciprian Hacman 0ed8942835 Add log rotation for etcd-cilium.log 2021-07-07 08:31:08 +03:00
John Gardiner Myers 5834fc2690 hack/update-expected.sh 2021-07-03 17:33:13 -07:00
John Gardiner Myers 921d09523e Rename the "ca" keyset to "kubernetes-ca" 2021-07-03 17:33:13 -07:00
Peter Rifel c5fbcccfa6
Update pause image to 3.5 2021-07-02 06:40:27 -04:00
John Gardiner Myers 5c5969d102 hack/update-expected.sh 2021-07-01 22:25:51 -07:00
John Gardiner Myers 1e0c6cb1aa Refactor apiserver-aggregator-ca 2021-07-01 22:25:47 -07:00
John Gardiner Myers 7162a7473a Remove dead code 2021-07-01 13:58:51 -07:00
John Gardiner Myers 0f1de5cfc8 hack/update-expected.sh 2021-06-30 18:55:35 -07:00
John Gardiner Myers 3de05a500e Refactor etcd-clients-ca keyset for api-server 2021-06-30 18:55:30 -07:00
John Gardiner Myers 7dfe9d82ab hack/update-expected.sh 2021-06-27 08:45:06 -07:00
John Gardiner Myers e1df9f09dd Refactor service-account public keys 2021-06-27 08:45:06 -07:00
John Gardiner Myers 20ca7082d7 hack/update-expected.sh 2021-06-27 08:45:05 -07:00
John Gardiner Myers 7e0c6acbad Take poorly formed keypair out of tests 2021-06-27 08:45:05 -07:00
John Gardiner Myers 60ae29c93c Refactor EncryptionConfig 2021-06-27 08:45:05 -07:00
John Gardiner Myers fdf034058d hack/update-expected.sh 2021-06-27 08:45:05 -07:00
John Gardiner Myers 1312163edd Update nodes with an APIServer when APIServer spec changes 2021-06-27 08:45:04 -07:00
John Gardiner Myers 5de6d16e76 Catch calls to GetBootstrapCert from control plane 2021-06-26 00:04:52 -07:00
John Gardiner Myers 2faf28379a Refactor etcd-client-cilium secrets 2021-06-25 23:57:23 -07:00
John Gardiner Myers 1752f0f4db Move most of nodeup.Config out of userdata 2021-06-25 22:25:49 -07:00
John Gardiner Myers c132ae1520 Move fields from AuxConfig to nodeup.Config 2021-06-25 18:41:29 -07:00
Ciprian Hacman d7f405f65a Decrease default values for net.ipv4.tcp_rmem and net.ipv4.tcp_wmem 2021-06-25 21:27:56 +03:00
Kubernetes Prow Robot 0e4d766deb
Merge pull request #11852 from hakman/hooks-containerd 
Handle containerExec hooks when using containerd
 2021-06-23 23:27:40 -07:00
Ciprian Hacman cf19ba343b Handle containerExec hooks when using containerd 2021-06-24 07:42:53 +03:00
Ciprian Hacman cb179b3b62 Pre-add hooks integration test 2021-06-24 06:38:20 +03:00
John Gardiner Myers 1e89064be3 Refactor kube-controller-manager secrets 2021-06-22 22:32:52 -07:00
Kubernetes Prow Robot d5119c0338
Merge pull request #11833 from johngmyers/update-on-primary-change 
Mark nodes NeedsUpdate when keys they use change
 2021-06-22 08:11:58 -07:00
John Gardiner Myers 366210d189 Remove dead code 2021-06-21 21:45:55 -07:00
John Gardiner Myers a83bf7b20f Mark nodes NeedsUpdate when keys they use change 2021-06-21 19:37:23 -07:00
Kubernetes Prow Robot 9a0e90e1ed
Merge pull request #11824 from johngmyers/remove-kubeup 
Remove support for importing and converting kubeup clusters
 2021-06-21 12:46:50 -07:00
John Gardiner Myers fc94505a76 Include multiple certs in aws-iam-authenticator trust bundle 2021-06-21 07:35:50 -07:00
John Gardiner Myers 002a1f7fd3 Remove 'kops toolbox convert-imported' 2021-06-21 07:34:29 -07:00
Kubernetes Prow Robot ab0ee8a2a9
Merge pull request #11823 from johngmyers/get-keypairs-2 
Improve the output of 'kops get keypairs'
 2021-06-21 02:19:10 -07:00
John Gardiner Myers 1ed3619362 Improve the output of 'kops get keypairs' 2021-06-20 15:51:09 -07:00
Ciprian Hacman 904f21cd77 Remove previous implementation of pre-pulling container images 2021-06-20 23:01:52 +02:00
Ciprian Hacman 65d21ee463 Pre-pull container images from list of desired prefixes 2021-06-20 23:01:52 +02:00
John Gardiner Myers 204a134a7d Include multiple CA certificates in the common trust store 2021-06-19 10:56:30 -07:00
John Gardiner Myers c337d217ba Refactor kops-controller to use FindPrimaryKeypair and use consistent filenames 2021-06-19 10:56:29 -07:00
John Gardiner Myers 6b9aebae88 Include multiple CA certificates in bootstrap kubeconfigs 2021-06-19 10:56:29 -07:00
John Gardiner Myers 0dee785ebf Pass multiple CA certs to kops-controller client 2021-06-19 10:50:53 -07:00
John Gardiner Myers e0d9259be1 Remove dead code 2021-06-19 10:50:52 -07:00
John Gardiner Myers 42bf3ee85b Seed the random number generator on AWS 2021-06-17 22:59:43 -07:00
Kubernetes Prow Robot d35bce0ff8
Merge pull request #11764 from olemarkus/cilium-etcd-fix 
Don't try to build etcd-manager secrets for cilium twice
 2021-06-17 00:14:20 -07:00
Ole Markus With f80b550c7a Use internal name for cilium etcd if we do not enable api server nodes 2021-06-16 08:27:26 +02:00
Ole Markus With a3cfe8d098 Don't try to build etcd-manager secrets for cilium twice 2021-06-15 12:42:11 +02:00
Ole Markus With e7fa3fa82c Set containerd config on nodeup.Config instead of clusterspec 
This allows us to set a default containerd config per IG (e.g add a different config for GPU IGs)

Can also be considered a cleanup as we no longer use containerd.overrideConfig as a mechanism for bringing the default containerd config from cloudup to nodeup.
 2021-06-15 11:08:22 +02:00
Kubernetes Prow Robot b71ba1d566
Merge pull request #11219 from johngmyers/refactor-keypair 
Refactor keypair code in preparation for secret rotation
 2021-06-12 14:25:00 -07:00
Kubernetes Prow Robot cfc93e5178
Merge pull request #9294 from johngmyers/refactor-nodeup-context 
Remove InstanceGroup from NodeupModelContext
 2021-06-12 13:43:01 -07:00
Ole Markus With 224cae1113 Only warm-pull images used by the CSI DS 
Pulling the Deployment images serves no purpose as they tend not to run on normal nodes
 2021-06-10 09:28:53 +02:00
Ole Markus With c162013a3c Use quay images for cilium 2021-06-08 23:01:08 +02:00
John Gardiner Myers e0915887ed Move asset copying out of apply_cluster 2021-06-05 21:17:50 -07:00
John Gardiner Myers 12465ac27c Simplify extraction of service-account public keys 2021-06-05 16:38:28 -07:00
John Gardiner Myers fa77f8b964 Rename fi.Keystore.StoreKeypair to StoreKeyset 2021-06-05 16:38:26 -07:00
John Gardiner Myers 2300d89591 Rename pki.FindKeypair to FindPrimaryKeypair 2021-06-05 16:38:26 -07:00
John Gardiner Myers ed1f6ff79e Refactor StoreKeypair and AddCert 2021-06-05 16:38:25 -07:00
John Gardiner Myers 0364a3af25 Refactor FindKeypair interfaces 2021-06-05 16:38:24 -07:00
John Gardiner Myers 6b2250a9af Have apiserver trust all service-account keys 2021-06-05 16:38:08 -07:00
John Gardiner Myers b45c0b4489 Remove InstanceGroup from NodeupModelContext 2021-06-03 21:27:01 -07:00
John Gardiner Myers 14ab4a3453 Move UpdatePolicy into NodeConfig 2021-06-03 21:20:56 -07:00
John Gardiner Myers 59c8826b17 Move FileAssets into the NodeupAuxConfig 2021-06-03 21:20:55 -07:00
John Gardiner Myers 06658c9d13 Move Hooks into the NodeupAuxConfig 2021-06-03 21:09:45 -07:00
John Gardiner Myers c3c1aca3c1 Include AuxConfig output in TestBootstrapUserData 2021-06-03 21:09:45 -07:00
John Gardiner Myers 2e1629c610 Introduce nodeup.AuxConfig 2021-06-03 20:37:22 -07:00
Kubernetes Prow Robot c62090fc6c
Merge pull request #11552 from hakman/etcd-events-tests 
Add etcd-server related tests
 2021-05-21 09:29:35 -07:00