kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
17,077 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

1219 Commits

Author SHA1 Message Date
Kubernetes Prow Robot e40fd308b2
Merge pull request #12777 from olemarkus/bump-cm-23 
Bump cert-manager addon and godep to 1.6.1
 2021-11-19 05:20:52 -08:00
Ole Markus With f695deea05 Bump nvidia device plugin to 0.10.0 2021-11-18 20:58:32 +01:00
Ole Markus With 2ba1a1ced6 Bump cert-manager to 1.6.1 2021-11-18 19:22:50 +01:00
John Gardiner Myers 1001f1fbd7 Upgrade amazonvpc to v0.10.1 2021-11-15 18:54:24 -08:00
John Gardiner Myers 8c8455b8f4 Upgrade external-dns to 0.10.1 for Kubernetes >= 1.19 2021-11-13 23:02:10 -08:00
zhengtianbao 55c3120ff6 Fix render template cilium AgentPrometheusPort into a UNICODE char 2021-11-12 14:45:45 +08:00
Kubernetes Prow Robot 7fe3d21c24
Merge pull request #12716 from rifelpet/authenticator-crdv1 
Add missing status fields to IAMIdentityMapping v1 CRD
 2021-11-11 20:42:29 -08:00
Kubernetes Prow Robot 4c4d616948
Merge pull request #12713 from estahn/patch-1 
set calico-node readiness/liveness timeout to 10s
 2021-11-11 19:36:28 -08:00
Kubernetes Prow Robot 88ffb9fd8f
Merge pull request #12682 from zhengtianbao/ipforwarding 
[calico] Add support for allow_ip_forwarding field
 2021-11-11 18:54:28 -08:00
Peter Rifel b401ec55a3
Add missing status fields to IAMIdentityMapping v1 CRD 2021-11-11 20:28:59 -06:00
Enrico Stahn afa7f5ba44
set calico-node readiness/liveness timeout to 10s 
Provide calico-node with more time to come up.
 2021-11-12 10:34:40 +11:00
liranp 5cd11ba326
feat(spot/addon): bump spotinst/ocean-controller to v1.0.79 2021-11-10 12:48:17 +02:00
zhengtianbao 976e3c1f13 Add option to set allow_ip_forwarding for the calico network 2021-11-04 14:26:27 +08:00
John Gardiner Myers 3a97dbaa8d Release 1.23.0-alpha.2 2021-10-31 13:46:07 -07:00
Ciprian Hacman b6565d86a2 Apply suggestions from code review 2021-10-30 20:57:40 +03:00
Ciprian Hacman 76898881cb Use prefixes for IPv6 with Calico 2021-10-30 20:57:40 +03:00
Kubernetes Prow Robot 5bfdefb43c
Merge pull request #12623 from johngmyers/cilium-ipv6-ipam 
Never masquerade IPv6 with Cilium
 2021-10-29 05:56:51 -07:00
Kubernetes Prow Robot 59a637e6de
Merge pull request #12538 from hierynomus/issue-12205 
Configure aws-iam-authenticator using identityMappings defined in cluster.yaml
 2021-10-29 03:10:51 -07:00
Jeroen van Erp 353be50f9b
Configure aws-iam-authenticator using identityMappings defined in cluster.yaml 
Signed-off-by: Jeroen van Erp <jeroen@hierynomus.com>
 2021-10-29 10:30:44 +02:00
Ole Markus With ac3c22b431 Use InternalIP as preferred kubelet address only in ivp6 mode 
As metrics-server rolls before the worker nodes, and worker nodes do not yet have IP SANs, upgrade breaks if InternalIP is used.
IPv6 never worked with hostnames, so there is no BC break there.
 2021-10-28 16:06:40 +02:00
John Gardiner Myers 7cb4fbe91e Never masquerade IPv6 with Cilium 2021-10-27 23:40:02 -07:00
John Gardiner Myers fdc128fda4 Remove vestigial Cilium ContainerRuntimeLabels code 2021-10-26 16:10:21 -07:00
Ciprian Hacman 35c3dfcbc5 Update handling of bool values for Canal 2021-10-24 12:25:42 +03:00
Ciprian Hacman 77772b6441 Move FELIX_LOGSEVERITYSCREEN to custom section for Canal 2021-10-24 12:25:42 +03:00
Ciprian Hacman 6b09f8de1e Update typha_service_name comment for Canal 2021-10-24 12:25:42 +03:00
Ciprian Hacman 79a65f116a Update calico/typha version for Canal 2021-10-24 12:25:42 +03:00
Ciprian Hacman e350227c11 Enable MTU auto-detection for Canal 2021-10-24 12:25:42 +03:00
Ciprian Hacman f2d5af57da Add calico-kube-controllers for Canal 2021-10-24 08:49:35 +03:00
Peter Rifel 04f401fbb9
Add canal 3.20 with k8s 1.22 support 2021-10-23 18:01:44 -06:00
Kubernetes Prow Robot f8ba8b11f7
Merge pull request #12437 from olemarkus/cas-delay 
Make it possible to set CAS max-node-provision-time
 2021-10-22 09:34:38 -07:00
Peter Rifel 477d930348
Upgrade AWS VPC CNI to 1.9.3 w/ k8s 1.22 support 2021-10-20 22:29:54 -07:00
Ole Markus With 11e68308d1 Disable CNP status updates by default 2021-10-20 14:01:48 +02:00
Ole Markus With 258fd4f9d9 Make it possible to set CAS max-node-provision-time 2021-10-20 13:53:37 +02:00
Kubernetes Prow Robot f8a8c015ef
Merge pull request #12524 from dntosas/cilium-bpf-lb-sock-hostns-only 
[cilium] Add support for bpf-lb-sock-hostns-only field
 2021-10-19 03:56:38 -07:00
dntosas 7296597a17
[cilium] Add support for bpf-lb-sock-hostns-only field 
This is a needed configuration option for users that want to combine
Cilium alongside with a ServiceMesh. Cilium by default will LB requests
at CNI layer meaning that the Sidecars of ServiceMesh Proxy are not able
to apply LB by themselves thus loosing the capability of applying their
features for traffic management.

Ref issue: https://github.com/istio/istio/issues/35531

Signed-off-by: dntosas <ntosas@gmail.com>
 2021-10-12 08:33:57 +03:00
liranp e84f35277f
feat(spot/addon): update clusterrole 2021-10-11 19:59:03 +03:00
Ciprian Hacman d215a12103 Update coredns to v1.8.5 2021-10-11 10:00:59 +03:00
Kubernetes Prow Robot a0099edb57
Merge pull request #12491 from hakman/calico-v3.20.2 
Update Calico to v3.20.2
 2021-10-05 20:42:33 -07:00
Ciprian Hacman 036c450093 Update Calico to v3.20.2 2021-10-06 05:39:26 +03:00
Kubernetes Prow Robot c0efde15ac
Merge pull request #12414 from sterchelen/feature/cilium_annotations 
Add Cilium agent pod annotations support to improve personalization
 2021-10-05 01:13:09 -07:00
Nicolas Sterchele 103a98d060 Add Cilium agent pod annotations support to improve personalization 
Annotations is pretty useful when you need third-party tool to add additional behavior
for a k8s resource.
Lots of auto-discovery tools are based on this annotations.
 2021-10-04 15:49:51 +02:00
liranp 2585dd6784
feat(spot/addon): bump spotinst/ocean-controller to v1.0.78 2021-10-04 10:28:04 +03:00
Moshe Shitrit dc08f5d996 Bump aws-cni to version 1.9.1 2021-10-01 00:47:43 -04:00
Kubernetes Prow Robot 2006cc1b77
Merge pull request #12425 from rifelpet/awsiam-v1 
Fix AWS IAM Authenticator support for k8s 1.22
 2021-09-29 12:23:21 -07:00
Kubernetes Prow Robot 8f91247b59
Merge pull request #12234 from hierynomus/coredns-affinity-tolerations 
Add ability to provide custom CoreDNS tolerations and affinity
 2021-09-28 15:10:34 -07:00
Jeroen van Erp c30ec8e310
Add ability to provide custom CoreDNS Tolerations and Affinity 
Signed-off-by: Jeroen van Erp <jeroen@hierynomus.com>
 2021-09-28 17:05:48 +02:00
Kubernetes Prow Robot b9d5e37e1f
Merge pull request #12431 from olemarkus/cilium-al2 
Mount cgroupv2 for cilium at a custom location
 2021-09-28 07:14:43 -07:00
Peter Rifel 1c25193dc7
Upgrade aws-iam-authenticator to 0.5.3 2021-09-28 08:29:39 -05:00
Peter Rifel bb46e73ade
aws-iam-authenticator - use v1 CRD API for k8s 1.22 support 2021-09-28 08:29:39 -05:00
Ole Markus With 39178703c8 Mount cgroupv2 for cilium at a custom location 2021-09-27 19:29:36 +02:00
Peter Rifel 42ecabae28
Allow aws-iam-authenticator to be scheduled onto dedicated apiserver nodes 2021-09-26 11:09:30 -05:00
Kubernetes Prow Robot ef22270b3f
Merge pull request #12394 from ReillyBrogan/reilly/ciliumBidirectionalMount 
Add bidirectional BPF mount for Cilium >= 1.9.10 or >= 1.10.4
 2021-09-25 09:42:21 -07:00
Anthony Hausman 5e814f465d
Add support to configure Cilium CNI chaining 
CNI chaining allows to use Cilium in combination with other CNI plugins.

With Cilium CNI chaining, the base network connectivity and IP address management is managed by the non-Cilium CNI plugin, but Cilium attaches eBPF programs to the network devices created by the non-Cilium plugin to provide L3/L4 network visibility, policy enforcement and other advanced features.

https://docs.cilium.io/en/v1.9/gettingstarted/cni-chaining/#cni-chaining

In our case, to be able to use the `HostPort` feature in our cluster, we need to enable the `portmap` plugin.
 2021-09-24 10:39:22 +02:00
Reilly Brogan bce435da1c Add bidirectional BPF mount for Cilium >= 1.9.10 or >= 1.10.4 
- Cilium versions 1.10.4 and 1.9.10 now auto-mount the bpf file-system automatically
- Also remove redundant capabilities (these are already automatically granted by virtue of this being a privileged container)
 2021-09-23 13:01:58 -05:00
Ole Markus With f06fcc5af2 Add specific taints to dns-controller. 
Also set kops-controller as cluster critical, not node critical
 2021-09-22 16:40:08 +02:00
Ciprian Hacman faa66c6597 Update Calico to v3.20.1 2021-09-19 09:31:39 +03:00
Ciprian Hacman fa853add24 Fix EC2 IPv6 endpoint for EBS CSI Driver controller 2021-09-18 18:34:13 +03:00
Ciprian Hacman bc6705c956 Use EC2 and Metadata IPv6 endpoints in IPv6 mode for EBS CSI Driver 2021-09-18 14:22:22 +03:00
Ole Markus With 1323ed9040 Add more tolerations to kops-controller and CCM . 
CCM and kops-controller taint each other out. This will make them
schedule, and schedule earlier.
 2021-09-16 21:09:45 +02:00
Kubernetes Prow Robot 1b431b4c9c
Merge pull request #11628 from olemarkus/gpu-runtime 
Pre-install nvidia container runtime + drivers on GPU instances
 2021-09-11 13:00:07 -07:00
Ole Markus With e44d0061f3 Bump snapshot-controller to 4.2.1 2021-09-11 08:37:54 +02:00
Peter Rifel 6a53285ffe
Move AWS CCM image logic into pkg/model and add 1.21 and 1.22 images 2021-09-08 20:56:39 -05:00
Antti Paloposki e1ddf87c55 Set explicit fsType to be able to mount volumes 2021-09-06 13:34:09 +03:00
Ole Markus With b144304240 Install nvidia device driver addon 2021-09-05 20:09:04 +02:00
Kubernetes Prow Robot 75bd1b1f5a
Merge pull request #12251 from zetaab/updatecsios 
update openstack CSI
 2021-09-05 02:47:20 -07:00
Kubernetes Prow Robot d06394def8
Merge pull request #12268 from olemarkus/fix-core 
Fix core manifest
 2021-09-05 00:57:19 -07:00
Ole Markus With dac7002b39 Fix core manifest 2021-09-04 12:49:59 +02:00
Kubernetes Prow Robot c98d0b54e4
Merge pull request #12265 from olemarkus/cilium-masq-ipv6 
Disable masquerade means disable masquerade if ipv6 too
 2021-09-04 01:27:19 -07:00
Kubernetes Prow Robot 0463fa7ffd
Merge pull request #12258 from olemarkus/ipv6-cloudconfig 
Set NodeIPFamilies in ipv6 mode
 2021-09-04 00:19:19 -07:00
Ole Markus With 1c53e37491 Disable masquerade means disable masquerade if ipv6 too 2021-09-04 08:54:16 +02:00
Ole Markus With bf96c42a60 Use node internal IP for metrics-server 2021-09-03 13:03:35 +02:00
Ole Markus With ec2dcfca48 Set NodeIPFamilies in ipv6 mode 2021-09-03 08:31:09 +02:00
Jesse Haka 0d9ebd5b0e use k8s.gcr.io 2021-09-02 12:08:54 +03:00
Jesse Haka 744d27189f update openstack CSI 2021-09-02 11:37:47 +03:00
Kubernetes Prow Robot c70ced2f66
Merge pull request #12219 from dntosas/nodelocaldns-bump-version 
[addons/node-local-dns] Bump version and make image field configurable
 2021-09-01 04:54:59 -07:00
Ole Markus With e2fd94d104 Make json logging on deployment and enable k8s events 2021-08-31 22:59:30 +02:00
Ole Markus With b52008d9b6 Add instance state change notification to nth 2021-08-31 22:54:21 +02:00
Kubernetes Prow Robot fc91d0d459
Merge pull request #12229 from olemarkus/bump-cm-2212 
Bump cert-manager to 1.5.3
 2021-08-31 07:23:37 -07:00
Ole Markus With 4bde644786 Bump cert-manager to 1.5.3 2021-08-31 13:12:58 +02:00
dntosas f558f2441a
[addons/nodelocaldns] Bump image to latest stable v1.20.0 
As per
 3b17e06879,
 node-local-dns addon is now builded with latest coreDNS base v1.8 and
 that brings great consistency between cache and upstream servers in a
 manner of configuration, metrics name convention, etc.

 So in this commit, we bump node-local-dns image to latest v1.20.0 which
 is build upon latest coreDNS and also add support for overriding this
 field.

Signed-off-by: dntosas <ntosas@gmail.com>
 2021-08-31 14:07:19 +03:00
John Gardiner Myers 62c4ce4d93 Move bootstrap RBAC from protokube to core bootstrap addon 2021-08-29 12:36:21 -07:00
Kubernetes Prow Robot bf559f042d
Merge pull request #12198 from dntosas/metrics-server-bump-minor-version 
[addons/metrics-server] Bump minor version
 2021-08-28 02:38:52 -07:00
John Gardiner Myers 1ea4168cab Release 1.23.0-alpha.1 2021-08-27 21:12:45 -07:00
Ole Markus With 67b1ace14f Validate external-dns spec 2021-08-27 06:32:25 +02:00
Ole Markus With 38f805c5ef Make external-dns a drop-in for dns-controller 
Support TXT records
 2021-08-27 06:24:47 +02:00
dntosas 075fd29f20
[addons/metrics-server] Bump minor version 
Updating image and manifest to latest stable version.

Signed-off-by: dntosas <ntosas@gmail.com>
 2021-08-24 11:00:29 +03:00
Kubernetes Prow Robot 022452a61b
Merge pull request #12189 from olemarkus/bump-cm-2211 
Bump cert-manager to 1.5.2
 2021-08-21 13:49:59 -07:00
Ole Markus With 11ffa653cb Bump cert-manager to 1.5.2 2021-08-21 21:12:23 +02:00
Amit Prasad 48fa73f3bb Add option in Cluster Autoscaler AddOn for AWS EC2 Static instance list 2021-08-21 22:44:31 +05:30
Kubernetes Prow Robot 181f278218
Merge pull request #12176 from olemarkus/bump-snapshot-controller-22 
Bump snapshot-controller
 2021-08-18 14:19:45 -07:00
Ole Markus With 7f4066a909 Bump snapshot-controller 2021-08-18 20:39:16 +02:00
Ole Markus With 2288900ae6 Bump cert-manager to 1.5.1 2021-08-18 20:34:05 +02:00
dntosas 0e8d189aee [cilium] Add support for encryption via WireGuard 
In this commit, we enable users to choose WireGuard as their prefered
encryption type, leveraging this new feature from Cilium.

Ref: https://cilium.io/blog/2021/05/20/cilium-110#wireguard

Signed-off-by: dntosas <ntosas@gmail.com>
 2021-08-16 14:08:59 +02:00
Ole Markus With caf46fef6a Bump AWS CSI Driver to 1.2.0 2021-08-13 11:14:05 +02:00
Kubernetes Prow Robot b1e6064501
Merge pull request #12141 from olemarkus/cilium-bump-211 
Bump cilium to 1.10.3
 2021-08-12 13:11:50 -07:00
Ole Markus With 133eb1f7ba Bump cilium to 1.10.3 2021-08-12 21:12:25 +02:00
Ole Markus With 57bd06b281 Bump Cert Manager for 1.22 2021-08-12 08:36:22 +02:00
Kubernetes Prow Robot e7b52981ab
Merge pull request #12119 from rifelpet/dns-controller-api 
Update dns-controller to use networking.k8s.io/v1 Ingress API
 2021-08-08 15:11:30 -07:00
Peter Rifel b193d2d583
Update addon manifests referencing RBAC v1beta1 2021-08-08 16:12:39 -04:00
Peter Rifel 7c2112b32d
Update dns-controller to use networking.k8s.io/v1 for watching Ingresses 2021-08-08 15:54:27 -04:00
Kubernetes Prow Robot b858297fa4
Merge pull request #12114 from olemarkus/metrics-server-secure-not-insecure 
Make metrics-server insecure if insecure is true
 2021-08-07 15:13:36 -07:00
Ole Markus With 0439bb0d76 Remove UseServiceAccountIAM feature flag and rename feature to UseServiceAccountExternalPermissions 2021-08-07 21:20:03 +02:00
Ole Markus With 612be4b1fc Make metrics-server insecure if insecure is true 
Also add tests for each variation to make sure this sticks
 2021-08-07 20:44:50 +02:00
Ole Markus With 1839b1ac47 Revert most of #12023 and keep awslbc on CP nodes 2021-08-05 19:30:27 +02:00
Kubernetes Prow Robot 283080bc30
Merge pull request #12083 from CheyiLin/nth 
Add nth rebalance recommendation configs
 2021-08-02 21:40:48 -07:00
Cheyi Lin 408bb7dfbe Add nth rebalance recommendation configs 2021-08-02 16:20:17 +08:00
Ciprian Hacman 966d2d6308 Update Calico to v3.20.0 2021-08-02 08:51:37 +03:00
Kubernetes Prow Robot 5bd6a49b26
Merge pull request #12062 from hakman/coredns-1.8.4 
Update core-dns to v1.8.4
 2021-07-29 11:14:57 -07:00
Ciprian Hacman fc3a103baf Update core-dns to v1.8.4 2021-07-29 08:23:35 +03:00
Moshe Shitrit f0f15df565 update aws-cni version to 1.9.0 2021-07-29 00:05:20 -04:00
Kubernetes Prow Robot 14d58a4e87
Merge pull request #12024 from olemarkus/irsa-nth 
Add irsa support for node termination handler
 2021-07-19 10:06:52 -07:00
Ole Markus With d31c682506 Set vpc-id on aws lbc 2021-07-19 15:14:15 +02:00
Ole Markus With 28bd45a8fa Add irsa support for nth 2021-07-19 15:12:35 +02:00
Ciprian Hacman 4d7ebd343c
Release 1.22.0-alpha.2 (#12012) 2021-07-17 21:42:51 -07:00
Ole Markus With a13cdb38f3 Add region to aws lbc 2021-07-14 08:23:53 +02:00
liranp 786244aa9b
feat(spot/addon): bump ocean-controller to v1.0.77 2021-07-12 12:45:15 +03:00
Ole Markus With 97a41c66f4 Enable k8s event handover when kvstore is used 2021-07-09 15:46:43 +02:00
Kubernetes Prow Robot 7f93801afd
Merge pull request #11939 from olemarkus/ccm-issues 
Fix various CCM issues
 2021-07-06 10:12:19 -07:00
Ole Markus With 2d56558efe Run cert-manager cainjector on CP nodes as well 2021-07-06 16:05:41 +02:00
Ole Markus With af0aefd2e7 Use localhost as API address for CCM 2021-07-06 16:01:20 +02:00
Ole Markus With bedfb409ca Don't always pull the CCM image 2021-07-06 15:50:30 +02:00
Ole Markus With bb367f22ea Add aws- prefix to CCM SA 2021-07-06 15:46:59 +02:00
Ole Markus With 561161291f Schedule certmanager webhook on control plane 2021-07-06 08:45:12 +02:00
liranp 289a75b5e7
feat(spot/addon): bump ocean-controller to v1.0.76 2021-06-28 14:29:13 +03:00
Kubernetes Prow Robot 89ad2bc453
Merge pull request #11810 from hakman/ipv6_disable_calico_awssrcdstcheck 
Enable cross-subnet mode with Calico by default
 2021-06-25 01:08:45 -07:00
John Gardiner Myers f50a615f8c Remove obsolete Spotinst manifest 2021-06-24 21:21:55 -07:00
Ciprian Hacman a12b3145ee Enable cross-subnet mode with Calico by default 2021-06-25 07:13:20 +03:00
Moshe Shitrit 6dee0ad09e Comment-out hardcoded default values and add the overriden ones as template functions for ease of customization 
Update auto-generated files
 2021-06-22 12:26:28 +03:00
Ciprian Hacman d8b03da8ae Set priority class for AWS CCM addon 2021-06-22 06:32:53 +03:00
Ole Markus With 14fb35d0d0 Bump EBS Driver to 1.1.0 2021-06-21 08:56:11 +02:00
Moshe Shitrit 9e6771118f Update version to 1.8.0 2021-06-18 18:42:03 +03:00
Ole Markus With 33a7de60a7 Enable IRSA for EBS CSI Driver 2021-06-18 08:05:59 +02:00
Kubernetes Prow Robot 7ec956dd00
Merge pull request #11748 from olemarkus/irsa-cas 
Enable ability to use IRSA for cluster autoscaler
 2021-06-17 21:00:05 -07:00
Kubernetes Prow Robot 559b57ea4c
Merge pull request #11381 from dntosas/addons-add-npd 
[addons] Introduce NodeProblemDetector
 2021-06-17 00:58:19 -07:00
dntosas 20124d3ba9
[addons] Introduce NodeProblemDetector 
Node Problem Detector aims to make various node problems visible to
the upstream layers in the cluster management stack. It is a daemon
that runs on each node, detects node problems and reports them to apiserver
so to avoid scheduling new pods on bad nodes and also easily identify
which are the problems on underlying nodes.

Project Home: https://github.com/kubernetes/node-problem-detector

Signed-off-by: dntosas <ntosas@gmail.com>
 2021-06-16 21:00:22 +03:00
Ole Markus With 6e8e027aff Enable IRSA for Cluster Autoscaler 2021-06-16 18:03:11 +02:00
Kubernetes Prow Robot 84a730c9d6
Merge pull request #11678 from dntosas/safe-cilium 
[cni/cilium] Add support for additional config options
 2021-06-16 02:47:58 -07:00
dntosas 7bf65ff7ef
[cni/cilium] Add support for additional config options 
In this commit, we enable users define their setup with following
additional fields:

- DisableEndpointCRD
- EnableEndpointHealthChecking
- IdentityAllocationMode
- IdentityChangeGracePeriod
- BPFLBAlgorithm
- BPFLBMaglevTableSize
- BPFNATGlobalMax
- BPFNeighGlobalMax
- BPFPolicyMapMax
- EnableBPFMasquerade
- EnableL7Proxy

Added also validation tests to prevent conflicting value combinations to
reach actual cluster state.

Signed-off-by: dntosas <ntosas@gmail.com>
Co-authored-by: hwoarang <markos@chandras.me>
Signed-off-by: dntosas <ntosas@gmail.com>
 2021-06-16 09:35:42 +03:00
Ole Markus With 0798553565 fix enable default SC when EBS driver is not installed 2021-06-15 22:08:59 +02:00
John Gardiner Myers 07ee0c2206 Simplify Calico IPv6 configuration 2021-06-14 08:06:10 -07:00
Kubernetes Prow Robot 0347d79a14
Merge pull request #11754 from johngmyers/ipv6-cilium 
Enable IPv6 support for Cilium
 2021-06-14 07:27:04 -07:00
John Gardiner Myers 3cf8234d01 Cilium: disable masquerade by default when in ENI IPAM mode 2021-06-13 21:36:56 -07:00
John Gardiner Myers c0b54d980d Enable IPv6 support for Cilium 2021-06-13 20:47:44 -07:00
ederst 7f787decd8 Make forwardToKubeDNS work in the NodeLocal DNSCache template 
This fixes the rendering of the Corefile of the NodeLocal DNSCache
template when setting forwardToKubeDNS to false (or not setting it).

Previously, due to not dereferencing the bool pointer, the Corefile was
always rendered with the true clause, due to checking the address
instead of the actual value of the variable.

With this fix, the templating mechanism will actually respect the value
of forwardToKubeDNS and render it accordingly.
 2021-06-11 21:58:07 +02:00
Ole Markus With c162013a3c Use quay images for cilium 2021-06-08 23:01:08 +02:00
Dmytro Oboznyi feed3b26ae
Add proxy envs to calico to make possible usage of AWS source destination check 
Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
 2021-06-07 16:56:35 +03:00
Kubernetes Prow Robot 16dca9e844
Merge pull request #11124 from hakman/kube-router-1.2.0 
Update kube-router to v1.2.3
 2021-06-06 21:52:39 -07:00
Ciprian Hacman 91d681622c Update kube-router to v1.2.3 2021-06-07 05:25:00 +03:00
Kubernetes Prow Robot 673961cb0f
Merge pull request #11703 from olemarkus/lbc-use-v1-cert 
Use v1 certificate for LB controller
 2021-06-06 12:06:39 -07:00
Kubernetes Prow Robot 9984ba079c
Merge pull request #11701 from olemarkus/fix-ebs-csi-role-crb 
Fix the CSI EBS DS CRB.
 2021-06-06 11:08:38 -07:00
Ole Markus With 0e1a0538b3 Use v1 certificate 2021-06-06 19:28:19 +02:00
Ole Markus With 8f8d6deb17 Fix the CSI EBS DS CRB. 2021-06-06 19:23:22 +02:00
Kubernetes Prow Robot 7001de3486
Merge pull request #11688 from hakman/ipv6-calico 
Add options for configuring IPv4 and IPv6 support with Calico
 2021-06-05 16:06:38 -07:00
Ciprian Hacman 70f77a34d1 Add options for configuring IPv4 and IPv6 support with Calico 2021-06-04 17:05:40 +03:00
Peter Rifel 708a5db365
Consolidate CSI livenessprobe images for multi-arch support 
This manifest includes two liveness-probe containers but they use different images.
The k8s.gcr.io image is multi-arch but the quay.io image is not.
By only using the k8s.gcr.io one we should fix arm64 clusters now that EBS CSI is enabled by default.
 2021-05-31 14:19:00 -05:00
Ryan Dyer 65b750e732 add init image field 2021-05-25 17:57:49 +00:00
Kubernetes Prow Robot fcef4fc1bf
Merge pull request #11594 from hakman/calico-3.19.1 
Update Calico to v3.19.1
 2021-05-24 23:32:22 -07:00
Ciprian Hacman ca39686c29 Update Calico to v3.19.1 2021-05-25 07:34:50 +03:00
John Gardiner Myers 6ac345e23d Use the OnDelete updateStrategy for AWS VPC CNI DaemonSet 2021-05-24 19:55:19 -07:00
Kubernetes Prow Robot d906f83121
Merge pull request #11561 from olemarkus/actually-add-snapshot-controller 
Add snapshot-controller
 2021-05-22 02:03:37 -07:00
Ole Markus With 1868313497 Add snapshot-controller 2021-05-22 09:19:35 +02:00
Ciprian Hacman 93a09e5419 Update metrics-server to v0.4.4 2021-05-22 09:39:14 +03:00
Ciprian Hacman 2df8e56fc9 Allow using insecure TLS for metrics-server with Kubernetes 1.19+ 2021-05-22 09:38:31 +03:00
Ole Markus With 46e13c0009 Bump snapshot-controller version 
Update upup/models/cloudup/resources/addons/storage-aws.addons.k8s.io/v1.15.0.yaml.template

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>

Update upup/models/cloudup/resources/addons/storage-aws.addons.k8s.io/v1.15.0.yaml.template

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2021-05-21 15:40:40 +02:00
Kubernetes Prow Robot 8a6ec1416c
Merge pull request #11491 from olemarkus/cas-update-manifest 
Update CAS manifest
 2021-05-21 04:52:46 -07:00
Kubernetes Prow Robot 8e938ba5ee
Merge pull request #11500 from dntosas/coredns-bump-manifest 
Bump CoreDNS manifests to latest stable version 1.8.3
 2021-05-21 00:28:57 -07:00
Kubernetes Prow Robot c28783c581
Merge pull request #11514 from ulfox/cilium/prometheus-scrape-annotations 
[addons/networking.cilium.io] enable prometheus scraping
 2021-05-19 10:12:51 -07:00
Ole Markus With 2fb1861528 Update CAS manifest 
Upstream examples were missing a number of improvements.
This commit also adds template functions for making controllers such as CAS more HA on HA clusters
 2021-05-19 16:12:51 +02:00
Kubernetes Prow Robot 16f7208c8c
Merge pull request #11525 from olemarkus/ebs-csi-default-fs 
Set default fstype for ebs volumes to ext4
 2021-05-19 02:38:51 -07:00
Ole Markus With 05cac12c19 Set default fstype for ebs volumes to ext4 2021-05-19 09:54:31 +02:00
Christos Kotsis 34ac1ad8d4
[feedback/tests] 2021-05-19 09:59:16 +03:00
Kubernetes Prow Robot e8e5bf2ed3
Merge pull request #11517 from olemarkus/aws-lb-default-tags 
Add default tags to LB controller and cilium eni resources
 2021-05-18 21:50:50 -07:00
Ole Markus With 22f3a4aff8 Add default tags to LB controller and cilium eni resources 2021-05-18 19:02:40 +02:00
Christos Kotsis bb98caeed3
[tests/feedback] fix missing quote function with printf 2021-05-18 19:42:50 +03:00
Christos Kotsis 2ba0843c91
Update upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.16-v1.10.yaml.template 
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-05-18 19:14:15 +03:00
Christos Kotsis 793115242a
Update upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.12-v1.9.yaml.template 
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-05-18 19:14:09 +03:00
Christos Kotsis 08162bcc2e
Update upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.12-v1.8.yaml.template 
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-05-18 19:13:59 +03:00
Christos Kotsis 5ac4569998
[addons/networking.cilium.io] enable prometheus scraping 
When EnablePromethesMetrics is enabled the
required metrics endpoints are exposed but
no annotations is included in the agents.

This commit includes the prometheus.io/scrape
and prometheus.io/port annotations that
prometheus scrappers can use for auto-discovery

Co-authored-by: tchatzig <t.chatzigeorgiou@thebeat.co>
 2021-05-18 16:59:56 +03:00
liranp 6b61445414
feat(spot/addon): bump ocean-controller to 1.0.75 2021-05-18 13:55:58 +03:00
Kubernetes Prow Robot 07f3bc0e96
Merge pull request #11502 from olemarkus/aws-lb-controller-bump 
bump aws lb controller to 2.2.0
 2021-05-16 16:43:59 -07:00
Ole Markus With d3581ebb84 bump aws lb controller to 2.2.0 2021-05-16 18:26:23 +02:00
dntosas da42becf08
[addons/coredns] Bump manifests to latest stable version 1.8.3 
In this commit, we update manifest files of CoreDNS. We also do a small
refactoring on yaml blocks to match the upstream source and to make
updating and reviewing procedures easier on the future.

Signed-off-by: dntosas <ntosas@gmail.com>
 2021-05-16 11:37:12 +03:00
dntosas ceba48855b
[addons/nodeLocaCache] Bump patch version 
Signed-off-by: dntosas <ntosas@gmail.com>
 2021-05-16 11:25:40 +03:00
Kubernetes Prow Robot 07a9ed9c27
Merge pull request #11459 from nettoclaudio/fix/add-rbac-endpointslices 
fix(coredns/rbac): add permission to list and watch endpointslices
 2021-05-16 01:07:59 -07:00
Ole Markus With fe2cbbf369 Set priorityClassName on critical addons 2021-05-15 09:12:14 +02:00
Ole Markus With d27ca73272 Update cert-manager 2021-05-14 20:32:18 +02:00
Nick Turner 0239dc1f63 Permission to create servcice account tokens 
* We need the ability to create service account token
  because this is required by clientbuilder/controller-manager
  framework which we will be using in 1.21.
* This is required for the CCM to use 1 SA per controller, which
  follows principle of least privilege and makes audit logs easier
  to understand
* Restricts token creation to resource names "node-controller",
  "service-controller", and "route-controller".
 2021-05-13 14:16:59 -07:00
Claudio Netto 1b7179513f
fix(coredns/rbac): add permission to list and watch endpointslices 2021-05-11 17:16:12 -03:00
Kubernetes Prow Robot 7db45cb5fa
Merge pull request #11418 from dntosas/aws-csi-ga-release 
[addons/awscsidriver] Bump to GA release
 2021-05-08 02:46:47 -07:00
dntosas f8ece50a96
[addons/awscsidriver] Bump to GA release 
Bump version and manifests of AWS EBS CSI Driver to the first GA
release.

Signed-off-by: dntosas <ntosas@gmail.com>
 2021-05-08 11:47:43 +03:00
John Gardiner Myers d3469d6ec2 Remove code for no-longer-supported k8s versions 2021-05-07 23:40:03 -07:00
John Gardiner Myers 3aa8d40052 Release 1.22.0-alpha.1 2021-05-07 13:45:35 -07:00
John Gardiner Myers a159b69cec Remove the PublicJWKS feature flag 2021-05-06 11:05:24 -07:00
Kubernetes Prow Robot e3fbc2ad04
Merge pull request #11378 from olemarkus/cilium-no-hubble-no-secret 
Don't try to mount hubble TLS on the agent if we don't use hubble
 2021-05-04 04:05:11 -07:00
Ole Markus With 2c95c2fe50 Don't try to mount hubble TLS on the agent if we don't use hubble 2021-05-04 11:26:20 +02:00
Kubernetes Prow Robot b58137c8f4
Merge pull request #11372 from hakman/calico-3.19.0 
Update Calico to v3.19.0
 2021-05-03 13:38:08 -07:00
Kubernetes Prow Robot bf17910918
Merge pull request #11374 from olemarkus/cilium-1-10-manifest 
Add more support for cilium 1.10
 2021-05-03 08:16:03 -07:00
Ole Markus With aadcd9d448 Add more support for cilium 1.10 2021-05-03 16:10:56 +02:00
Jesse Haka 3b9c893bae add permission to create sa tokens 2021-05-03 16:01:57 +03:00
Ciprian Hacman 6ec8e7c224 Update Calico to v3.19.0 2021-05-03 10:22:51 +03:00