Automatic merge from submit-queue.
Support for OIDC 'username-prefix' and 'groups-prefix' flags
### What
Added support for `--oidc-username-prefix` and `--oidc-groups-prefix`.
By passing these it's possible to override the default prefixes used to map the OIDC user with the username in kubernetes.
### See
See: https://kubernetes.io/docs/admin/authentication/#configuring-the-api-server
### IMPORTANT
I'm far from a kubernetes/KOPS, this is not tested so someone needs to have a look and see if something is missing or if this can cause troubles! (don't want to accidentally cause the destruction of the universe 💥 )
It's basically the same done in this other PR: https://github.com/kubernetes/kops/pull/1438/files
I did **not** change the `zz_generated.conversion.go` files as according to comment at the top of them they're autogenerated:
```go
// This file was autogenerated by conversion-gen. Do not edit it manually!
```
(I wonder if they should be `.gitignore`d)
### Fixes
This should fix [#4007: field oidcUsernamePrefix is not recognized in cluster configuration file](https://github.com/kubernetes/kops/issues/4007)
Automatic merge from submit-queue.
work on using files assets
Basic MVP for file assests.
- using file assest builder
- able to upload files
- using URL structs instead of strings everywhere
Automatic merge from submit-queue.
Adds permissions for ELB and NLB req'd by 1.9
Adds appropriate IAM permissions to Masters (in restrictive mode) for ELB and NLB.
Closes https://github.com/kubernetes/kops/issues/3883
File assets and the SHA files are uploaded to the new location. Files
when are users uses s3 are upload public read only. The copyfile task
uses only the existing SHA value.
This PR include major refactoring of the use of URLs. Strings are no
longer categnated, but converted into a URL struct and path.Join is
utlilized.
A new values.go file is included so that we can start refactoring more
code out of the "fi" package.
A
Automatic merge from submit-queue.
add imagePullProgressDeadline to kubelet config
Support the kubelet runtime flag `--image-pull-progress-deadline` by mapping the config key `imagePullProgressDeadline`
This supports extending the deadline to pull new images, as detailed in [this issue](https://github.com/openshift/origin/issues/13122)
Automatic merge from submit-queue.
Support for hostPort when using canal
Similar to: https://github.com/kubernetes/kops/pull/3206
Without this, we are unable to get `hostPort` working with `canal`. The same is true for `flannel`, but this does add support for plain flannel.
While the admin account is created on stock debian images, it isn't on
all of them. Check admin first, then check root, and don't treat it as
an error if neither is found - this is only a convenience.
Fix up the local IP address discovery logic, to recognize new
en-interfaces, and to better log what it is doing. Plug it in for
baremetal installations.
Automatic merge from submit-queue.
Gazelle updates
We missed one
/assign @justinsb @KashifSaadat
- applying 4065 this should drop out b29e1c5bd2
- just review the second commit
Automatic merge from submit-queue.
Fix node counts
When running `kops validate`, and the cluster size is greater than the minimum configuration, the display message is
<img width="153" alt="screen shot 2017-12-07 at 1 10 14 pm" src="https://user-images.githubusercontent.com/11003242/33738958-1571943e-db50-11e7-9156-f034c9af7d9c.png">
This PR sets the NodeCount value to the length of the nodes array instead of the configuration.
Automatic merge from submit-queue.
Bump weave version in bootstrapchannelbuilder
2.1.3 upstream becomes 2.1.3-kops.1, so if we need to make our own
"packaging" changes, we can do 2.1.3-kops.2 etc.
Automatic merge from submit-queue.
add kube-ingress-aws-controller + skipper addons
Adds an addon that needs some more requirements, because it has to have the rights to create/update/delete ALBs, find certificates, ..
I hope this is ok to have here a more long page to explain requirements and show some features that are not common in ingress implementations.
Automatic merge from submit-queue.
[Add-on][kube-state-metrics] Bump version
## Why?
- Bump kube-state-metrics version 1.1.0
- Bump addon-resizer version to 1.8.1
- Adjust `addon-resizer` scaling threshold
Automatic merge from submit-queue.
Allow additional SGs to be added to API loadbalancer
Allow adding precreated additional security groups to the API loadbalancer using cluster spec:
```yaml
spec:
api:
loadBalancer:
type: Public
additionalSecurityGroups:
- sg-exampleid3
- sg-exampleid4
```
- [x] Adding additionalSecurityGroups cluster spec
- [x] Adding validation for repeated security groups
- [x] Adding validation for API loadbalancer security groups
- [x] Integration test for API loadbalancer and its security groups
- [x] Update API docs and cluster.spec docs
Kubernetes Submit Queue
Aldo "xoen" Giambelluca
Raúl Cuza
chrislovecnm
Manuel de Brito Fontes
Eric Hole
Isac Petruzzi
Justin Santa Barbara
Rajiv Makhijani
Joel Bastos
