kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,552 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

762 Commits

Author SHA1 Message Date
John Gardiner Myers 8f59bb1b2a Disable anonymous auth in nodeup golden tests 2020-06-13 16:43:44 -07:00
John Gardiner Myers 9d7a93e124 Issue kubelet-api cert in nodeup 2020-06-13 16:35:44 -07:00
John Gardiner Myers 4bf8302f14 Move kube-apiserver-healthcheck to port 3990 2020-06-12 22:00:14 -07:00
John Gardiner Myers 0f77055f63 Issue kops cert in nodeup 2020-06-11 23:54:59 -07:00
John Gardiner Myers 87010c9c9b Issue kubecfg cert in nodeup 2020-06-11 23:54:56 -07:00
Kubernetes Prow Robot 98d1f7b05b
Merge pull request #9313 from johngmyers/refactor-scheduler-cert 
Issue kube-scheduler and kube-controller-manager certs in nodeup
 2020-06-10 21:00:57 -07:00
Kubernetes Prow Robot 4af83f3590
Merge pull request #9320 from hakman/install-all-cni-binaries 
Install all CNI plugin binaries for all network plugins
 2020-06-09 23:40:05 -07:00
John Gardiner Myers d8970b93e1 Issue kube-controller-manager cert in nodeup 2020-06-09 22:45:19 -07:00
Kubernetes Prow Robot cc45d02dbe
Merge pull request #9317 from hakman/docker-19.03.11-k8s-1.17 
Use Docker 19.03.11 for Kubernetes 1.17+
 2020-06-09 22:10:05 -07:00
Justin SB bf11a65bd3 Try wrapping pkix.Name 2020-06-09 20:24:09 -07:00
John Gardiner Myers b0694300df Issue kube-scheduler cert in nodeup 2020-06-09 20:23:33 -07:00
Ciprian Hacman 4c1db82657 Install all CNI plugin binaries for all network plugins 2020-06-10 05:36:04 +03:00
Ciprian Hacman 619af9eea6 Update tests 2020-06-09 19:48:15 +03:00
Ciprian Hacman 73526d28af Optimize package install for newer Containerd versions 2020-06-09 19:45:17 +03:00
Ciprian Hacman 2a632e6198 Optimize package install for newer Docker versions 2020-06-09 19:04:29 +03:00
Peter Rifel bc074e857c
Use ec2.DescribeInstanceTypes in awsup.GetMachineTypeInfo 
This requires passing a cloud object in additional places throughout the validation package and originating mostly from cmd/kops

This means that some kops commands now require valid cloud provider credentials, but I don't think this is an issue because the vast majority of use-cases already require the same cloud provider credentials in order to interact with the state store.
 2020-06-09 10:13:01 -05:00
Kubernetes Prow Robot 7a5dd523ae
Merge pull request #9302 from johngmyers/fix-legacy-manager 
Don't try building TLS for etcd-manager if not using etcd-manager
 2020-06-09 07:41:18 -07:00
Ciprian Hacman e44e91edd9 Handle the errors when copying CNI plugin binaries 2020-06-09 15:54:34 +03:00
Ciprian Hacman fa258dd410 Install common CNI plugin binaries for all network plugins 2020-06-09 10:09:03 +03:00
ZouYu 2fc52ec6be fix some go-lint warning 
Signed-off-by: ZouYu <zouy.fnst@cn.fujitsu.com>
 2020-06-09 08:52:50 +08:00
John Gardiner Myers bacaf87f0e Don't try building TLS for etcd-manager if not using etcd-manager 2020-06-08 10:04:28 -07:00
Ciprian Hacman ea106c4be8 Copy "portmap" to /opt/cni/bin for Weave 2020-06-08 19:34:44 +03:00
Kubernetes Prow Robot cd8681ccd0
Merge pull request #9282 from johngmyers/create-issuecert 
Create nodetasks.IssueCert()
 2020-06-08 07:57:47 -07:00
Justin Santa Barbara 64273a661b More nodeup golden tests 
kube-controller-manager, kube-proxy, kube-scheduler
 2020-06-07 10:39:14 -04:00
Justin Santa Barbara ce577b0518 Richer mocking of keystore in nodeup tests 2020-06-07 10:39:11 -04:00
John Gardiner Myers 8b9145f6c4 Create nodetasks.IssueCert() 2020-06-05 08:00:38 -07:00
Kubernetes Prow Robot d18e97140e
Merge pull request #9130 from johngmyers/pki-refactor 
Refactor cert issuance code
 2020-06-05 01:43:43 -07:00
Kubernetes Prow Robot 9e4bf1699a
Merge pull request #9216 from hakman/prepare-multi-arch 
Prepare Kops for multi-architecture support
 2020-06-04 21:35:43 -07:00
John Gardiner Myers f9b0415093 Update generated files 2020-06-04 12:13:49 -07:00
John Gardiner Myers e88e0cf7ec Remove code supporting dropped k8s versions 2020-06-04 12:11:51 -07:00
John Gardiner Myers d64e760d5b Use pki.IssueCert() for nodeup client certs 2020-06-04 10:26:45 -07:00
John Gardiner Myers a96f7963a6 Pull cert issuance code up into fitasks.Keypair 2020-06-04 10:26:41 -07:00
Ole Markus With a9d19ca80b Adapt to various changes happening in master 2020-06-04 17:32:45 +02:00
Ole Markus With f53787b92f Small nit 2020-06-04 17:32:45 +02:00
Ole Markus With 43f4e0a6db Fix copy/paste mistakes 2020-06-04 17:32:45 +02:00
Ole Markus With eb06f2787e EtcdTLSBuilder moved to networking and renamed to CalicoBuilder 
EtcdTLSBuilder is now only used in legacy configurations of calico so renaming appropriatly
 2020-06-04 17:32:45 +02:00
Ole Markus With 0a5a317385 Fix necessary plugins for kubenet-based networking 
* remove portmap as it is not used by kubenet
* use generalised function for checking whether a provider uses kubenet
 2020-06-04 17:32:45 +02:00
Ole Markus With b62f6aa894 Move networking in nodeup to dedicated subpackage 2020-06-04 17:32:41 +02:00
Kubernetes Prow Robot 4fe5ad03f8
Merge pull request #9255 from olemarkus/romana-remove 
Remove romana support
 2020-06-03 13:24:59 -07:00
Kubernetes Prow Robot 11928bf327
Merge pull request #9213 from johngmyers/refactor-update 
Refactor Debian automatic upgrades to Go code
 2020-06-03 13:24:46 -07:00
Ciprian Hacman 654a0d2d8a Detect supported architecture during node setup 2020-06-03 17:23:59 +03:00
Ciprian Hacman a7c9ef9ff0 Use Docker 19.03.11 for Kubernetes 1.18+ 2020-06-03 12:03:56 +03:00
Ole Markus With 991549a5f4 Remove support for Romana 2020-06-03 08:23:53 +02:00
John Gardiner Myers a3e7ca2469 Disable static tokens by default as of Kubernetes 1.18 2020-06-01 15:12:09 -07:00
Kubernetes Prow Robot 7b067983df
Merge pull request #9177 from olemarkus/remove-vsphere 
Remove vsphere cloud provider
 2020-06-01 06:19:54 -07:00
John Gardiner Myers 0ed8afb904 Refactor Debian automatic upgrades to Go code 2020-05-30 15:10:52 -07:00
Ole Markus With 7342525872 Remove vsphere from kops files 2020-05-30 13:36:55 +02:00
Ole Markus With 89fba09caa Remove vsphere vendor stuff and related build files 2020-05-30 13:34:39 +02:00
John Gardiner Myers 2c02f0812c Upgrade docker/containerd/containeros hashes to SHA256 2020-05-29 21:12:36 -07:00
John Gardiner Myers ea1a62b97e Refactor UpdateServiceBuilder 2020-05-29 19:04:38 -07:00
Kubernetes Prow Robot f44d0dd01d
Merge pull request #9208 from johngmyers/update-feature-doc 
Update adding_a_feature.md with more modern example
 2020-05-29 18:33:53 -07:00
John Gardiner Myers c1562291d7 Update adding_a_feature.md with more modern example 2020-05-28 23:19:14 -07:00
Ciprian Hacman cb6542488a Use kubescheduler.config.k8s.io/v1beta1 for Kubernetes 1.19 2020-05-29 08:43:54 +03:00
Kubernetes Prow Robot 6830cf6d44
Merge pull request #9065 from johngmyers/remove-distro 
Remove support for CoreOS and Jessie
 2020-05-27 23:22:01 -07:00
John Gardiner Myers 2d98e5609c Remove/fix more CoreOS references 2020-05-22 20:54:41 -07:00
Ole Markus With fc0f7f237c Fix UsesKubenet call in containerd.go 2020-05-22 09:14:36 +02:00
Ole Markus With d1ff25bb4e Remove some rather long networking nil checks 2020-05-22 08:08:58 +02:00
Kubernetes Prow Robot 2c899d859a
Merge pull request #9104 from hakman/containerd-kubenet 
Add support for Kubenet with containerd
 2020-05-21 22:20:38 -07:00
John Gardiner Myers 8a6d29cd40 Remove support for reading legacy-format keypairs 2020-05-20 13:28:13 -07:00
Ciprian Hacman 9d666c73bc Use components.UsesKubenet to check if Kubenet is required 2020-05-19 20:43:33 +03:00
Justin Santa Barbara 35c6056fb2 Create golden image test for nodeup kube-apiserver 
The building of the manifests for nodeup tasks can be a little opaque;
create a test to verify and expose what is happening.
 2020-05-18 06:42:16 -04:00
John Gardiner Myers 91e1f4c79d Remove code for unsupported Kubernetes version 2020-05-16 22:04:12 -07:00
Ciprian Hacman e608cd5265 Add support for Kubenet with containerd 2020-05-12 17:20:59 +03:00
John Gardiner Myers 649062a4c1 Remove deprecated CertificatePool method 2020-05-09 22:47:45 -07:00
Ciprian Hacman 7114c475ff Fix containerd image side-loading 2020-05-08 23:47:09 +03:00
Kubernetes Prow Robot de7cc70c3d
Merge pull request #9008 from jacksontj/issue_9006 
Include secondary protocol flag always
 2020-05-07 18:33:43 -07:00
Justin SB 75fd939a62
kube-apiserver: healthcheck via sidecar container 
kube-apiserver doesn't expose the healthcheck via a dedicated
endpoint, instead relying on anonyomous-access being enabled.  That
has previously forced us to enable the unauthenticated endpoint on
127.0.0.1:8080.

Instead we now run a small sidecar container, which
proxies /healthz and /readyz requests (only) adding appropriate
authentication using a client certificate.

This will also enable better load balancer checks in future, as these
have previously been hampered by the custom CA certificate.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-05-07 08:06:52 -04:00
Kubernetes Prow Robot dc91edafce
Merge pull request #9074 from hakman/flannel-vxlan-disable-checksum-offload 
Disable TX checksum offload for Flannel VXLAN
 2020-05-06 09:43:08 -07:00
Ciprian Hacman 3f8632322f Disable TX checksum offload for Flannel VXLAN 2020-05-06 15:48:38 +03:00
John Gardiner Myers 06c6ac1bee Remove support for CoreOS and Jessie 2020-05-04 23:09:52 -07:00
Kubernetes Prow Robot e54559b39c
Merge pull request #8978 from hakman/flatcar-remove-static-utils 
Don't install static utils for Flatcar
 2020-05-04 10:10:26 -07:00
Justin SB 06c20ea223 Ubuntu focal: Use generic docker & container packages 
download.docker.com doesn't have packages for ubuntu 20.04 (focal),
use the generic tar.gz versions instead.
 2020-05-02 11:23:38 -04:00
Justin SB 2e11828cd3 Use raw tarfile for AmazonLinux2 + Containerd 1.2.10 
The rpm containerd 1.2.10 package depends on container-selinux, which
isn't available on amazonlinux2.  We can't just skip it, because we
can't install the package without its dependencies.

Instead, install from a binary package (tar.gz).

We do the same for dockker 18.09.9 and 19.03.4, as these would
otherwise depend on containerd 1.2.10.

Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>
 2020-04-30 22:59:57 -04:00
Kubernetes Prow Robot 936d656b4c
Merge pull request #8988 from johngmyers/private-key-size 
Use KOPS_RSA_PRIVATE_KEY_SIZE for more keys
 2020-04-29 20:00:18 -07:00
Thomas Jackson 328f261f34 Include secondary protocol flag always 
This way if you have the value set in config (even as "") it'll get
passed down to allow you to override the default config

Related to #9006
 2020-04-27 17:03:54 -07:00
John Gardiner Myers 935d757a7c Use KOPS_RSA_PRIVATE_KEY_SIZE for more keys 2020-04-26 20:17:02 -07:00
Ciprian Hacman 95ab317c8a Don't install static utils for Flatcar 2020-04-25 14:59:55 +03:00
Michal Schott 8a17c722c5
Test update. 2020-04-24 10:40:36 +02:00
Justin Santa Barbara bb071bfb3a Turn on flannel sysctl fixes on rhel7 as well 
It looks like the same problems are occuring on rhel7, so turn on the
fixes there also.
 2020-04-22 20:20:50 -04:00
Kubernetes Prow Robot 9621254b5d
Merge pull request #8381 from bittopaz/fix-flannel-centos 
Fix net.bridge setting for Flannel on CentOS 7
 2020-04-22 10:07:53 -07:00
Ciprian Hacman 3de48dad8b Add support for containerd v1.3.4 2020-04-20 06:11:37 +03:00
Ole Markus With a7f631e7c9 Apply suggestions from code review 
Co-Authored-By: Peter Rifel <rifelpet@users.noreply.github.com>
 2020-04-16 08:42:59 +02:00
Ole Markus With 869ab75dea Use etcd-manager for the cilium etcd cluster 2020-04-16 08:42:59 +02:00
Ciprian Hacman 5cf71cc746 Use kubescheduler.config.k8s.io/v1alpha2 for Kubernetes 1.18 2020-04-09 09:12:24 +03:00
Kubernetes Prow Robot 324a34cfa0
Merge pull request #8846 from hakman/remove-old-docker 
Cleanup after #8855
 2020-04-06 21:25:43 -07:00
Ciprian Hacman 3851a41123 Update tests for removed Docker versions 2020-04-06 18:40:36 +03:00
Ciprian Hacman cb2f667a13 Remove no longer available Docker versions 2020-04-06 17:53:58 +03:00
Ciprian Hacman 7e021c6f8f Remove the default Docker version 2020-04-06 17:52:12 +03:00
Ciprian Hacman 73903bcb3d Remove support for unreleased Docker 19.03.7 2020-04-06 17:34:59 +03:00
Ciprian Hacman fa516ed5f8
Simplify condition 
Co-Authored-By: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-04-05 20:57:09 +03:00
Ciprian Hacman ad8e1ceff7 Remove basic authentication support for k8s 1.19+ 2020-04-05 17:47:26 +03:00
Kashif Saadat d09717dca8 Update default user for CoreOS, Flatcar for kubecfg 2020-03-26 10:04:46 +00:00
Ciprian Hacman 53c07fff3f Update default users for kubeconfig with supported distros 2020-03-25 19:04:17 +02:00
Ciprian Hacman 9ae94664bf Use systemd-timesyncd for Ubuntu 2020-03-18 07:32:39 +02:00
Ciprian Hacman 5003bd2f16 Fix NTP failures after #8312 2020-03-17 17:31:41 +02:00
Kubernetes Prow Robot dde4e267b5
Merge pull request #8748 from hakman/docker-19.03.8 
Update Docker to 19.03.8 for 1.18
 2020-03-15 07:06:35 -07:00
Ciprian Hacman 3310885064 Update Docker to 19.03.8 for 1.18 2020-03-15 12:31:26 +02:00
Ciprian Hacman 6a28d4f032 Update test results after rebase 2020-03-15 10:10:37 +02:00
Ciprian Hacman 4d7aa9b0f3 Always run Docker "health-check" for older versions of Kubernetes 2020-03-15 09:51:03 +02:00
Ciprian Hacman 2852c4c657 Update the Docker license 2020-03-15 09:51:03 +02:00