kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
22,464 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

413 Commits

Author SHA1 Message Date
Ciprian Hacman cedbe1f360 Add initial support for configuring IPv6 with AWS 2021-05-19 06:21:07 +03:00
Ole Markus With d3581ebb84 bump aws lb controller to 2.2.0 2021-05-16 18:26:23 +02:00
John Gardiner Myers 4baf2cbdcf Delete IAM roles no longer in the model 2021-05-15 12:03:23 -07:00
John Gardiner Myers 0c1f9f4772 Refactor LaunchTemplate.SecurityGroups 2021-05-11 14:48:00 -07:00
John Gardiner Myers 5d3af39311 Refactor LaunchTemplate.UserData 2021-05-11 14:48:00 -07:00
John Gardiner Myers 4a5e46922f Refactor LaunchTemplate.Tenancy 2021-05-11 14:48:00 -07:00
John Gardiner Myers 4d9018282c Refactor LaunchTemplate.SSHKey 2021-05-11 14:48:00 -07:00
John Gardiner Myers b0bcf40921 Refactor LaunchTemplate.RootVolumeEncryptionKey 2021-05-11 14:48:00 -07:00
John Gardiner Myers 945e56294f Refactor LaunchTemplate.RootVolumeEncryption 2021-05-11 14:48:00 -07:00
John Gardiner Myers 1a39c9060e Refactor LaunchTemplate.RootVolumeSize 2021-05-11 14:48:00 -07:00
John Gardiner Myers 3097a3a746 Refactor LaunchTemplate.RootVolumeOptimization 2021-05-11 14:48:00 -07:00
John Gardiner Myers 436dbe8435 Refactor LaunchTemplate.RootVolumeIops 2021-05-11 14:47:57 -07:00
John Gardiner Myers 01a55812ac Refactor LaunchTemplate.RootVolumeType 2021-05-11 13:38:20 -07:00
John Gardiner Myers a4898c9d7d Refactor LaunchTemplate.InstanceType 2021-05-10 23:22:41 -07:00
John Gardiner Myers d2adf498f6 Refactor LaunchTemplate.InstanceMonitoring 2021-05-10 23:12:21 -07:00
John Gardiner Myers a1db8f1e82 Refactor LaunchTemplate.InstanceInterruptionBehavior 2021-05-10 23:11:17 -07:00
John Gardiner Myers d0793bd6ed Refactor LaunchTemplate.ImageID 2021-05-10 23:08:21 -07:00
John Gardiner Myers bfd8034cce Refactor LaunchTemplate.IAMInstanceProfile 2021-05-10 23:08:21 -07:00
John Gardiner Myers 07aa346e68 Refactor LaunchTemplate.HTTPTokens 2021-05-10 23:08:20 -07:00
John Gardiner Myers 98502cd0b2 Refactor LaunchTemplate.HTTPPutResponseHopLimit 2021-05-10 23:08:16 -07:00
John Gardiner Myers 33590eb617 Refactor LaunchTemplate.CPUCredits 2021-05-10 23:07:24 -07:00
John Gardiner Myers 0557414111 Refactor LaunchTemplate.BlockDeviceMappings 2021-05-10 22:51:00 -07:00
John Gardiner Myers 4657cb94d6 Refactor LaunchTemplate.AssociatePublicIP 2021-05-10 22:47:48 -07:00
Ole Markus With 6f8b3647cf Add support for IRSA in he api 
Apply suggestions from code review

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-05-01 16:03:42 +02:00
Ole Markus With 460586833b Add toggle for AWS OIDC provider. Free it from any feature flag 2021-04-30 19:19:06 +02:00
Ole Markus With 0f545f8659 Split oidc_provider 
* one builder concerned with publishing issuer discovery metadata
* one builder concerned with creating aws oidc provider
 2021-04-30 18:05:20 +02:00
Ciprian Hacman 4a0fa78b20 Run hack/update-bazel.sh 2021-04-30 14:50:46 +03:00
Ciprian Hacman 0e651dd8fc Use AWSModelContext in remaining awsmodel files 2021-04-30 14:50:46 +03:00
Ciprian Hacman 137fe6c2bb Move firewall to awsmodel 2021-04-30 14:50:46 +03:00
Ciprian Hacman fcba0043d0 Move iam to awsmodel 2021-04-30 12:37:28 +03:00
Ciprian Hacman 4dfe58de7a Move network to awsmodel 2021-04-30 12:04:06 +03:00
Ciprian Hacman ca02c04793 Move sshkey to awsmodel 2021-04-30 12:04:06 +03:00
Kubernetes Prow Robot 942f183157
Merge pull request #11336 from olemarkus/sqs-fix-flap 
Fix SQS resource flapping
 2021-04-27 22:08:49 -07:00
Ole Markus With f16cafb8ef Make hook task name unique while the hook name is consistent 
Since tasks need to be unique, but we need to reuse the hookname across all ASGs, we distinguish between task and actual name of the hook
 2021-04-27 20:57:19 +02:00
Ole Markus With 849ff56c96 Fix SQS resource flapping 
* one case of AWS returning different JSON than we passed
* AWS returning a field we do not (and can not) build an expected value of
 2021-04-27 20:47:24 +02:00
John Gardiner Myers 428041bc0f Add cluster-level warmPool settings 2021-04-25 20:22:04 -07:00
John Gardiner Myers 5ad32230bb Fix typo 2021-04-25 13:42:12 -07:00
John Gardiner Myers 044b5f6d0d Allow disabling warm pool by setting WarmPool.MaxSize to 0 2021-04-24 16:35:46 -07:00
Ole Markus With 1ec0bd18e8 Enable support for the ASG WarmPool lifecycle hook 
Update pkg/model/iam/iam_builder.go

Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>
 2021-04-24 09:40:52 +02:00
Kubernetes Prow Robot 2649cbc598
Merge pull request #10995 from haugenj/release-1.19 
Add NTH Queue Processor Mode
 2021-04-22 12:15:58 -07:00
Ole Markus With 020652e096 Add ability to enable/configure warm pool for ASG 
Apply suggestions from code review

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>

Apply suggestions from code review

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-04-20 09:02:09 +02:00
Jason Haugen 7e48dad4d2 add ManagedAsgTag, merge templates, improve docs 2021-04-19 16:51:08 -05:00
Jason Haugen cceb9dd296 lifecycle integ test, docs, & small cleanup 2021-04-19 15:43:06 -05:00
Jason Haugen 318a116ba6 fix staticcheck 2021-04-19 15:43:05 -05:00
Jason Haugen c8bb48ba81 fix existing tests 2021-04-19 15:43:05 -05:00
Jason Haugen d07b067249 Add NTH queue-processor mode 2021-04-19 15:43:05 -05:00
John Gardiner Myers fdc61b4bdb Rename the service account key 2021-04-11 08:11:27 -07:00
liranp 97370b0adc
fix(spot/ocean): configure headroom resources only at the vng level 2021-04-06 23:41:40 +03:00
Ole Markus With 20bd724f5e Add support for scaling out the control plane with dedicated apiserver nodes 
Ensure apiserver role can only be used on AWS (because of firewalling)

Apply api-server label to CP as well

Consolidate node not ready validation message

Guard apiserver nodes with a feature flag

Rename Apiserver role to APIServer

Add an integration test for apiserver nodes

Rename Apiserver role to APIServer

Enumerate all roles in rolling update docs

Apply suggestions from code review

Co-authored-by: Steven E. Harris <seh@panix.com>
 2021-03-20 20:57:00 +01:00
Ole Markus With 397f58deb4 Fix comments from review 2021-03-19 20:51:18 +01:00
Ole Markus With 5178571db5 Comment where the CA sha1s come from 2021-03-19 20:07:57 +01:00
Ole Markus With 1900548213 Upload JWKS files as world readable 2021-03-19 20:07:38 +01:00
Ole Markus With 2c1f88f40e Do not need thumbprints to be resources 2021-03-19 20:05:37 +01:00
Ole Markus With ed166313d2 Use well-known s3 fingerprints 2021-03-19 20:03:28 +01:00
Peter Rifel 7c900b7fae Generate and upload keys.json + discovery.json to public store 
Generate and upload keys.json + discovery.json to public store

Don't enable anonymous auth on publicjwks

Remove tests that won't work using FS VFS anymore
 2021-03-19 20:03:26 +01:00
liranp dc1ee9402a
feat(spot/ocean): support for block device mappings in launchspec 2021-03-10 15:30:39 +02:00
Bharath Vedartham 0c0767c0c9 Remove support for launch configurations 2021-03-09 09:04:15 +02:00
Ole Markus With c6a741a148 Move dns and external_access to awsmodel 2021-03-07 22:07:17 +01:00
Ole Markus With d415fdf1a1 Move bastion model to awsmodel 2021-03-07 22:06:20 +01:00
Ole Markus With 896f1740c6 Rename spotinst symbols and merge spotinstmodel with awsmodel 2021-03-07 22:06:12 +01:00
Peter Rifel ce51ec44bc
Use new CPUCredits IG spec field in launch templates 2021-03-02 22:54:29 -06:00
liranp 2abdb90c54
fix: don't skip lb attachments when hybrid is enabled 2021-03-01 14:07:22 +02:00
Kubernetes Prow Robot 1b42286cfe
Merge pull request #10832 from rifelpet/aws-sdk 
Add Tagging to Instance Profiles and OIDC Providers
 2021-02-24 05:40:50 -08:00
Timothy Clarke 1577b0a54b
Adding Elastic IP Allocations to NLB API 2021-02-18 12:27:28 +00:00
Peter Rifel d52fd9f76c
Add tagging support to AWS Instance Profiles and OIDC Providers 2021-02-15 16:48:43 -06:00
Kubernetes Prow Robot cd10383fa0
Merge pull request #10741 from codablock/nlb-subnets 
Allow to control which subnets and IPs get used for the API loadbalancer
 2021-02-14 14:23:06 -08:00
Alexander Block 295fb11ac2 Better readable modification assigning of PrivateIPv4Address 2021-02-10 09:39:32 +01:00
Alexander Block 2c0f9809eb Move validation of ClusterSubnetSpec into pkg/apis/kops/validation 2021-02-10 09:36:39 +01:00
Alexander Block c6eca9db81 Fix check for empty privateIPv4Address 2021-02-10 08:21:22 +01:00
Kubernetes Prow Robot 4507be8e13
Merge pull request #10469 from justinsb/boot_nodes_from_kops_controller 
Boot nodes without state store access
 2021-02-08 11:28:19 -08:00
Peter Rifel e7ede2b13e
Use EnsureTask instead of prepending IG names to external ELB tasks 
This way we end up with one CLB task per CLB regardless of how many ASGs to which it is attached.
 2021-02-07 10:45:38 -06:00
Alexander Block 6facd1b8ab Allow to explicitely choose subnets and private IPs for the API loadbalancer 2021-02-05 17:53:20 +01:00
Alexander Block 49e7ec8890 Use SubnetMappings for NLBs instead of Subnets 
SubnetMappings allow to explicitely set the private IPv4 address that
must be used for the NLB.

SubnetMappings and Subnets in the AWS API are compatible as long as the
address settings are not changes, making this commit backwards compatible.
 2021-02-05 17:53:20 +01:00
Ciprian Hacman f8d3b76556 Default IMDSv2 to "optional" for AWS 2021-01-29 14:02:14 +02:00
Ciprian Hacman 5fcd4e4b28 Allow attaching same external load balancer to multiple instance groups 2021-01-27 16:25:39 +02:00
Ciprian Hacman d889d61ddb Set default IMDS v2 to "required" for instances in AWS 2021-01-21 11:35:41 +02:00
Ciprian Hacman c8a9b2fb3e Set default volume encryption to "true" for instances in AWS 2021-01-21 11:27:02 +02:00
Ciprian Hacman 18bb14ffed Set default volume type to "gp3" for instances in AWS 2021-01-21 11:27:02 +02:00
Ciprian Hacman 85fbf1c6a2 Add iops field for gp3 volumes only with launch templates 2021-01-21 11:27:02 +02:00
Ole Markus With afbd057286 Use consistent naming for the remaining SGRs 2021-01-14 12:57:33 +01:00
Justin SB d5294b0b7c Update test data for richer bootstrap script 2021-01-09 13:29:18 -05:00
Ciprian Hacman a7bb949936 Add possibility to set volume throughput for gp3 volumes 2021-01-05 13:18:32 +02:00
Steven E. Harris 2a89d25ed0 Test that launch templates include additional SGs 2021-01-04 08:38:25 -05:00
Steven E. Harris 252d4177f0 Only include API server SGs in IGs for masters 
When using an AWS NLB in front of the Kubernetes API servers, we can't
attach the EC2 security groups nominated in the Cluster
"spec.api.loadBalancer.additionalSecurityGroups" field directly to the
load balancer, as NLBs don't have associated security groups. Instead,
we intend to attach those nominated security groups to the machines
that will receive network traffic forwarded from the NLB's
listeners. For the API servers, since that program runs only on the
master or control plane machines, we need only attach those security
groups to the machines that will host the "kube-apiserver" program, by
way of the ASG launch templates that come from kOps InstanceGroups of
role "master."

We were mistakenly including these security groups in launch templates
derived from InstanceGroups of all of our three current roles:
"bastion," "master," and "node." Instead, skip InstanceGroups of the
"bastion" and "node" roles and only target those of role "master."
 2021-01-04 08:38:25 -05:00
Steven E. Harris ad4ac4f474 Test that AWS launch templates include wrong SG 2021-01-04 08:38:25 -05:00
Kubernetes Prow Robot bee16c052d
Merge pull request #10324 from bharath-123/feature/aws-imdv2 
Add support for AWS IMDS v2
 2020-12-07 22:55:11 -08:00
Ciprian Hacman 265bf4d106 Add option for setting the volume encryption key in AWS 2020-12-08 07:08:09 +02:00
Bharath Vedartham 7f6e125733 Add support for aws ec2 instance metadata v2 
A new field is add to the InstanceGroup spec with 2 sub fields,
HTTPPutResponseHopLimit and HTTPTokens. These fields enable the user
to disable IMDv1 for instances within an instance group.

By default, both IMDv1 and IMDv2 are enabled in instances in an instance group.
 2020-12-07 02:57:02 +05:30
Kubernetes Prow Robot 0fecffbfe0
Merge pull request #10284 from johngmyers/service-account-issuer 
Set --service-account-issuer for k8s 1.20+
 2020-12-04 08:07:59 -08:00
John Gardiner Myers 4f5def8610 Address review comment 2020-12-03 23:24:43 -08:00
Ciprian Hacman e57cd534b5 Allow attaching same external target group to multiple instance groups 2020-12-03 06:59:59 +02:00
Ciprian Hacman 19345c3f7f Order attached TargetGrups list by name 2020-11-20 10:40:27 +02:00
Ciprian Hacman fdcc2607bf Parse TargetGrup names from ARNs 2020-11-20 10:40:26 +02:00
Frank Yang 93dcaddc48 feat(aws): add PolicyNames for ELB to change listener's security policy 2020-11-19 16:07:21 +08:00
Kubernetes Prow Robot e43efbe102
Merge pull request #10157 from rifelpet/acm-nlb 
Setup a second NLB listener when an AWS ACM certificate is used
 2020-11-10 10:36:41 -08:00
Ciprian Hacman 0934374fe2 Fix various NLB nits 2020-11-10 17:30:23 +02:00
Peter Rifel 4758ea9f2f
Address feedback 2020-11-09 17:24:32 -06:00
Ciprian Hacman 32658075d3 Fix disabling spot instances when using launch templates 2020-11-08 19:11:45 +02:00
Peter Rifel 370092cb5a
Update TG ports rather than protocols when adding/removing ACM certs from listeners 
This also renames the TGs to be more descriptive, with tcp and tls prefixes.
 2020-11-06 11:09:38 -06:00
Peter Rifel 9242c34a38
Setup a second NLB listener on 8443 when sslCertificate is set 2020-11-06 11:09:37 -06:00
Peter Rifel 6c5b2fc58f
Add support for multiple NLB listeners and target groups 2020-11-06 11:09:36 -06:00
Kubernetes Prow Robot 578920e921
Merge pull request #10162 from rifelpet/nlb-sg 
Fix additionalSecurityGroups support for NLB
 2020-11-03 08:02:16 -08:00
Peter Rifel 860249f6b7
Fix additionalSecurityGroups support for NLB 
We were correctly adding the security groups to the master ASGs but identified them incorrectly.
 2020-11-03 08:22:24 -06:00
Peter Rifel f08284834e
Move NLB's VPC CIDR security group rule logic into model 
This way the security group rule task doesn't need to be aware of VPCs, since we know the VPC CIDR ahead of time via cluster spec.

This also fixes the terraform and cloudformation rendering of this rule (see the added cidr block in the integration test outputs)

These rules are for NLB's health checks. The AWS docs recommend allowing access from the entire VPC CIDRs
Also add rules for additionalNetworkCIDRs, supporting VPCs with multiple CIDR blocks.
 2020-11-03 08:13:32 -06:00
Christian Joun e91ed11449
Implement API load balancer class with NLB and ELB support on AWS (#9011) 
* refactor TargetLoadBalancer to use DNSTarget interface instead of LoadBalancer

* add LoadBalancerClass fields into api

* make api machinery

* WIP: Implemented API loadbalancer class, allowing NLB and ELB support on AWS for new clusters.

* perform vendoring related tasks and apply fixes identified from hack/

dissallow spotinst + nlb
remove reflection in status_discovery.go
Add precreated additional security groups to the Master nodes in case of NLB
Remove support for attaching individual instances to NLB; only rely on ASG attachments
Don't specify Classic loadbalancer in GCE integration test

* add utility function to the kops model context to make LoadBalancer comparisons simpler

* use DNSTarget interface when locating DNSName of API ELB

* wip: create target group task

* Consolidate TargetGroup tasks

* Use context helper for determining api load balancer type to avoid nil pointers

* Update NLB creation to use target group ARN from separate task rather than creating a TG in-line

* Address staticcheck and bazel failures

* Removing NLB Attachment tasks because they're not used since we switched to defining them as a part of the ASGs

* Address PR review feedback

* Only set LB Class field for AWS clusters, fix nil pointer

* Move target group attributes from NLB task to TG task, removing unused attributes

* Add terraform and cloudformation support for NLBs, listeners, and target groups

* Update integration test for NLB support

* Fix NLB name format to pass terraform validation

* Preserve security group rule names when switching ELB to NLB to reduce destructive terraform changes

* Use elbv2 enums and address some TODOs

* Set healthcheck values in target group

* Find TG tags, fix NLB name detection

* Fix more spurious changes reported by lifecycle integration test

* Fix spotinst validation, more code cleanup

* Address more PR feedback

* ReconcileTargetGroups unit test + more code simplification

* Addressing PR feedback Renaming task 1. awstasks.LoadBalancer -> awstasks.ClassicLoadBalancer

* Addressing PR feedback Renaming task: ELBName() -> CLBName() / LinkToELB() -> LinkToCLB()

* Addressing PR feedback: Various text changes

* fix export of kubecfg

* address TargetGroup should have the same name as the NLB

* should address error when fetching tags due to missing ARN

* Update expected and crds

* Add feature table to NLB docs

* Address more feedback and remove some TODOs that arent applicable anymore

* Update spotinst validation error message

Co-authored-by: Peter Rifel <pgrifel@gmail.com>
 2020-11-02 05:28:52 -08:00
Peter Rifel 6318e90128
Ignore changes reported by subsequent updates 
Usually this is an "actual.Foo = e.Foo" one-liner but we don't know which LB attached to an ASG is the API ELB so it's a bit more complicated
 2020-10-29 12:34:20 -05:00
Peter Rifel 7497edaf7c
Lookup LoadBalancerName when only the LB task name is known 2020-10-29 12:13:23 -05:00
Rodrigo Menezes 41adf07e15 cleanup code 2020-10-28 11:11:58 -07:00
Rodrigo Menezes 9bd0a7aedb Add instruction for no downtime 2020-10-26 18:11:46 -07:00
Rodrigo Menezes dbbd0dd802 Move external LB and target group to inline as well. 2020-10-26 17:30:06 -07:00
Rodrigo Menezes 82d0ebdb56 Prevent unintended resource updates to LB attatchments 2020-10-26 17:29:07 -07:00
binkkatal e32717f31d FIX: Change int fields to string 
The ./hack/update-expected.sh script generates some fields which are
required to be string fields and hence results in linting errors.

This PR changes those fields to string/*string and removes lint
warnings.
 2020-10-20 19:28:20 +05:30
Ole Markus With 6797998ac1 Consolidate all buildMinimalClusters into a generic test cluster builder 2020-09-19 19:55:19 +02:00
Justin SB 786423f617 Expose JWKS via a feature-flag 
When the PublicJWKS feature-flag is set, we expose the apiserver JWKS
document publicly (including enabling anonymous access).  This is a
stepping stone to a more hardened configuration where we copy the JWKS
document to S3/GCS/etc.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-08-30 10:15:11 -04:00
Justin SB b158ffab04 Refactor: KopsModelContext embeds IAMModelContext 
go syntax makes this an annoying change, unfortunately.
 2020-08-25 11:22:34 -04:00
Peter Rifel 7d9f0a06cf
Update API slice fields to not use pointers 
This is causing problems with the Kubernetes 1.19 code-generator.
A nil entry in these slices wouldn't be valid anyways, so this should have no impact.
 2020-08-24 07:46:38 -05:00
Ciprian Hacman 2880e22bce Add flag for root volume encryption 2020-08-21 18:31:21 +03:00
Peter Rifel 4d9f0128a3
Upgrade to klog2 
This splits up the kubernetes 1.19 PR to make it easier to keep up to date until we get it sorted out.
 2020-08-16 20:56:48 -05:00
Kubernetes Prow Robot f9262b91e7
Merge pull request #9450 from johngmyers/refactor-apiserver-lb 
Refactor how api-server addresses are exported from tasks
 2020-06-28 22:08:15 -07:00
John Gardiner Myers 86f157fa27 Refactor how api-server addresses are exported from tasks 2020-06-26 21:38:39 -07:00
John Gardiner Myers 013f9bf914 Create bootstrap script in a Task 2020-06-26 19:11:40 -07:00
John Gardiner Myers cef5b175c7 Rename BootstrapScript to BootstrapScriptBuilder 2020-06-26 10:57:36 -07:00
John Gardiner Myers 3ce8dd165b Use launch templates by default 2020-06-10 09:34:48 -07:00
liranp 04d83c6c04
fix(spotinst): rename the label to match the feature flag 2020-05-23 21:39:07 +03:00
liranp 23c0cdab36
feat(spotinst): new hybrid mode 2020-05-23 21:39:04 +03:00
Martin Tomes c66180bc58 Added support for instance interruption behavior 2020-04-29 14:53:17 +02:00
Thejas B dda8dc3f37 Add support for Spot block in launch template 
- Launch configuration does not support the field SpotDurationInMinutes which is used to reserve the spot instances, but however Launch Template does
 2020-03-31 20:07:01 +05:30
Peter Rifel a999b3ea61 fix OWNERS labels format 
These need to be lists
 2020-03-10 22:47:50 -05:00
John Gardiner Myers 704f41dbf1 Use supported kubernetes versions in tests 2020-02-21 22:24:29 -08:00
John Gardiner Myers 4b33efedaa Tag EBS volumes when using launch templates with AWS API target 2020-02-01 22:32:37 -08:00
Austin Moore 4a88f7b5a5
Add ability to specify no ssh key by setting sshKeyName to empty 
Add tests for no ssh key functionality

Add docs for setting no ssh key

Disable sshKey rendering for cloudformation if nosshkey is set

Fix broken test

make goimports

Fix

Formatting fix

Update kubernetes version for tests

Update expected test output

Fix imports in mesh.pb.go

Run hack/update-expected.sh

Change digital ocean logic to handle *string for SSHKeyName

Fix expected output

Missed a few
 2020-01-15 15:24:32 -05:00
Gabriel Tiossi 3b902262f7 feat(awsmodel): Logic for EBS DeleteOnTermination 
Implement separated logics for root volume and additional volumes
 2019-12-03 04:28:35 -03:00
tanjunchen 43bf6bdab6 fix-up gosimple check error 2019-10-07 11:59:57 +08:00
chentanjun 3d1966df84 fix-up some spelling mistakes in /pkg 2019-09-26 10:15:44 +08:00
mikesplain 9e55b8230a Update copyright notices 
Also cleans some white spaces
 2019-09-09 14:47:51 -04:00
Austin Moore 4485b115f4
Default CrossZoneLoadBalancing to false if not set 2019-07-26 12:21:43 -04:00
Austin Moore d59ac283ed
Add configuration to set cross-zone load balancing on api load balancer 2019-07-26 12:21:42 -04:00
mikesplain adaf3ad5fd First pass at instance protection 2019-06-21 14:00:37 -04:00
Peter Rifel adef332fe3 Add integration test for mixed instances / launch templates 2019-06-07 14:29:34 -07:00
Peter Rifel dc3c88af9c Add support for SpotPrice and Mixed Instance ASGs 2019-06-07 14:12:17 -07:00
Justin SB 76d03b3f71
Generated files: glog -> klog 2019-05-06 12:56:03 -04:00
Justin SB 3e33ac7682
Change code from glog to klog 
We don't call klog.InitFlags yet, because that will cause a flag
redefinition error until we get everyone to stop using glog.  That
will happen when we update to k8s 1.13.
 2019-05-06 12:54:51 -04:00
mikesplain 14cbad9bc0 Fix tagging and remove tagging elbs 2019-03-29 13:29:11 -04:00
Kubernetes Prow Robot 49ea1ad9df
Merge pull request #6646 from ryan-dyer/2048 
2048 - Add cloudLabels as tags to API ELB resource
 2019-03-25 15:16:18 -07:00
ryan-dyer fd2ed53f79 2048 - Add cloudLabels as tags to API ELB resource 2019-03-20 09:00:05 -05:00
Rohith 5ecc256f96 - cleaning up the UseLaunchTemplate(), we need the check for the LT and 
mixed policies to be seperate as you can have a mixed instance policy
without going full LT
 2019-03-18 13:51:12 +00:00
Rohith b37b5cba0c - fixing up the checking of the mixed instance policy attribute as it was a interface to a thing 2019-02-26 10:17:10 +00:00
Rohith b1aa7892c7 Launch Template Feature Flag 
- adding a feature flags to allow users to switch over to launch templates completely
 2019-02-26 10:17:10 +00:00
Rohith 74af751dc6 - fixing up the conflicts post the additional volumes merge 2019-02-04 14:15:16 +00:00
Rohith 098b4486f5 - fixing up the spelling mistake and the package update 2019-02-04 11:59:43 +00:00
Rohith 5f082e2158 - fixing up the logic to determine the public ip based on subnets and choice 2019-02-04 11:59:43 +00:00
Rohith 761d760c11 - updating the aws model to make use of the aws template and mixed instance policies 2019-02-04 11:59:42 +00:00
Kubernetes Prow Robot 7050d990d8
Merge pull request #6066 from gambol99/volumes 
Additional Storage & Volume Mounting
 2019-01-22 08:05:29 -08:00
Rohith 0bd9126387 - fixing up the iops issue, masking when not required i.e. when the volume type is not io1 for now 2019-01-22 14:29:02 +00:00
Rohith df2d8dd304 - updating the basil requirements 2019-01-18 22:49:54 +00:00
Rohith 0e155b4c78 - changed tack and making them two separate features for now, one adding additional volumes and two mounting them. This should always allow for user to use epherimal devices as well 
- updated the api specs and machinery
- adding the dependecies on the services when the volume mounts are enable (should probably false this if they don't effect the docker filesystem)
 2019-01-18 22:49:38 +00:00
Rohith 08fb11c8cf - fixing up the iops to only be includes on io1 volume types 2019-01-18 22:45:05 +00:00
Rohith 5e262932ae - fixing up various linting issues and formatting 2019-01-18 22:45:05 +00:00
Rohith 5bfed5c63f - adding the additional volumes to the launchconfiguration 2019-01-18 22:45:05 +00:00
David Archer 36d2282d6b AWS: Enable ICMP Type 3 Code 4 for API server ELBs 2019-01-12 07:20:17 -05:00
Justin SB 26bd75aecb
Bulk spelling fixes 
Experimenting with my own spelling checker, these are the typos it caught.
 2018-12-20 17:43:56 -05:00
Rodrigo Menezes a7903adfe8 Fix for when node and master use the same SG. 2018-12-06 01:05:54 -08:00
Liran Polak 9db3567cac fix: skip the load balancer attachment 2018-10-29 22:28:15 +02:00
Liran Polak 46b1c70b96 fix: ignore additional instance types 2018-10-14 11:37:31 +03:00
Justin Santa Barbara e5d8b37772 Don't override name of ELB API SecurityGroup 
We don't need to because there can be only one, and it risks breaking
other callers of LinkToELBSecurityGroup (though admittedly there
aren't any!)
 2018-10-03 09:57:58 -07:00
Justin Santa Barbara bfb54935ff Build security groups along with suffixes 
Fixes the case where we mix use of specified & default SGs.
 2018-10-02 11:53:41 -07:00
Rodrigo Menezes 87eec75f5b Fix blocker 2018-10-02 10:22:09 -07:00
Rodrigo Menezes a82f548ff8 Allow using existing/shared Security Groups 
Verbosely log when a user overwrites LB or IG security groups

Change SecurityGroup to SecurityGroupOverride

Allow using existing/shared Security Groups

Update tests
 2018-10-02 00:51:39 -07:00
Mike Splain 84d63cbe60 Fix suspend proccesst to also resume 
Also fixed internal consistency error by switching from
[]*string to *[]string.
 2018-07-23 20:44:37 -04:00
Justin Santa Barbara 630ea429ae
Merge pull request #4677 from usabilla/external-load-balancers 
Add the ability to specify external loadbalancers for instancegroups
 2018-07-19 21:54:00 -04:00
k8s-ci-robot 54cbe492cb
Merge pull request #5414 from Raffo/master 
[WIP] Initial implementation of ACM certificate for API server ELB
 2018-07-19 08:34:54 -07:00
Raffaele Di Fazio d477e96c38 Added initial implementation of ACM cert for Kubernetes API ELB 2018-07-06 09:29:54 +02:00
Gijs Kunze b605a27cb5 Added external load balancer support for terraform 2018-06-29 11:39:21 +02:00
Gijs Kunze b3346c28cd Added the ability to specify external loadbalancers in instancegroups 2018-06-29 11:39:20 +02:00
Peter Rifel 5f0b63100d Add support for using existing instance profiles 2018-06-08 10:33:09 -07:00
Justin Santa Barbara e158f84e9f Set AWS_REGION into bootstrapscript 
Fix #4451
 2018-04-12 17:39:24 -04:00
Sergey Lanzman dc4a1a35b6 Validation around IOPS fields 2018-04-02 08:40:05 +03:00
k8s-ci-robot 5cda02ca2b
Merge pull request #4695 from vendrov/instnace_monitroing_support 
Add support for instance monitoring
 2018-03-25 14:17:01 -07:00
Justin Santa Barbara 12873d3868 SecurityGroups: ensure owned security groups are tagged 2018-03-24 22:19:54 -04:00
devops d734f35126 Add support for instance monitoring 
Add API backward comptability

Add api generated files

documenting detailed-monitoring

instance-group json typo

Update test expected result
to support enable_monitroing

Add instance-monitroing support to CF

Improve doc, test and rename InstanceMonitoring

Rename instnace-monitoring to fit the YAML kops form

typo detailedInstanceMonitoring
 2018-03-21 23:06:38 +02:00
Mike Splain 45a57915e2 Fix bazel deprecation notice 2018-02-26 09:36:13 -05:00
Mike Splain fdc2695fe1 Add suspendProcesses to IGs 2018-02-20 09:30:18 -05:00
Justin Santa Barbara 6e562e0742 Support updating autoscaling metrics 2018-02-20 00:53:24 -05:00
k8s-ci-robot f9748b7ebf
Merge pull request #4270 from int128/root-volume-type 
Fix rootVolumeType accepts all volume types
 2018-01-26 11:36:35 -08:00
Johannes Würbach 02855fc13f
Enable metrics for AutoScalingGroups 
Those metrics simplify monitoring the created ASGs and are free [0].

Enable them by default.

[0] https://aws.amazon.com/about-aws/whats-new/2016/08/free-auto-scaling-group-metrics-with-graphs/
 2018-01-25 20:06:10 +01:00
Hidetake Iwata d97e0e6205 Fix rootVolumeType accepts all volume types #4256 2018-01-14 17:57:35 +09:00
k8s-ci-robot 2f3f0548c2
Merge pull request #4154 from chrislovecnm/missed-lifecycle-elb 
adding missed lifecycles in elb code
 2018-01-05 12:14:12 -08:00
chrislovecnm 88baba38de fixing security lifecycle for additional security groups 2017-12-30 09:00:11 -07:00
chrislovecnm 4dd3bb1dea Updating bazel BUILD files with new go_rules version 2017-12-29 15:03:14 -07:00
chrislovecnm 9c2f6cc890 adding missed lifecycles in elb code 2017-12-27 16:19:34 -07:00
Abdullah Almariah 1dbc6064a5 Allow additional SGs to be added to API loadbalancer 2017-12-11 15:24:08 +01:00
Arto Jantunen dd64f1ed6c Include ELB hostname in certificate when using private DNS 2017-11-28 11:48:57 +02:00
chrislovecnm 609e268a1d gazelle updates with new bazel version 2017-11-05 17:41:53 -07:00
chrislovecnm 1e418c3e13 more goimport updates 2017-11-04 10:03:02 -06:00
chrislovecnm dc338c4829 Refactoring phases to work in sequence properly 2017-10-26 13:17:34 -06:00
Kubernetes Submit Queue 518e97d97b Merge pull request #3510 from justinsb/bazel 
Automatic merge from submit-queue.

Initial bazel support

Builds on the 1.8 version bump

The "trick" is to strip the BUILD & BUILD.bazel files from the vendor-ed deps.

Will rebase after 1.8 version bump merges.
 2017-10-03 01:19:27 -07:00
Justin Santa Barbara 0143be7c4f autogen: BUILD and BUILD.bazel 2017-10-02 14:27:21 -04:00
Justin Santa Barbara 66b174321f Cleanup signature of default volume-size method 
Because the default doesn't depend on the user-specified value, it's
misleading to pass it in.
 2017-09-30 21:24:51 -04:00
chrislovecnm c4c63b2b0c using same disk sizes for gce 2017-09-29 16:07:38 -06:00
Kubernetes Submit Queue b7efd3ba62 Merge pull request #3120 from KashifSaadat/diff-on-component-config-changes 
Automatic merge from submit-queue

Add cluster spec to node user data so component config changes are detected

Related to #3076 

Some cluster changes such as component config modifications are not picked up when performing updates (nodes are not marked as `NEEDUPDATE`). This change introduces the ability to:
1. Include certain cluster specs within the node user data file ~(`enableClusterSpecInUserData: true`)~
2. ~Encode the cluster spec string before placing within the user data file (`enableClusterSpecInUserData: true`)~

~The above flags default to false so shouldn't cause any changes to existing clusters.~

Following feedback I've removed the optional API flags, so component config is included by default within the user data. This WILL cause all nodes to have a required update to their bootstrap scripts.
 2017-08-11 03:43:17 -07:00
Kubernetes Submit Queue 6483ba6ac7 Merge pull request #3151 from johanneswuerbach/ssl-healthchecks 
Automatic merge from submit-queue

Use SSL in ELB API server health check

This switch causes the ELB to perform a SSL handshake and makes the
`I0427 03:57:55.059255       1 logs.go:41] http: TLS handshake error from IP:PORT: EOF`
disappear from the apiserver logs.

Tested manually and everything looks  

Inspiration from https://github.com/kubernetes-incubator/kube-aws/pull/604
 2017-08-10 17:30:26 -07:00
Kashif Saadat e0461b92a9 Add ability to store partial cluster and instancegroup spec in userdata, 
so component config changes are detected and causes nodes to be updated
 2017-08-09 14:15:02 +01:00
Derek VerLee ffa95b8112 Add support for cluster using http forward proxy 2017-08-07 14:30:42 -04:00
Johannes Würbach 2accc73a72
Use SSL in ELB API server health check 
This switch causes the ELB to perform a SSL handshake and makes the
`I0427 03:57:55.059255       1 logs.go:41] http: TLS handshake error from IP:PORT: EOF`
disappear from the apiserver logs.
 2017-08-07 13:02:40 +02:00
Ionut Craciunescu 07397ec2f0 ran make gofmt 2017-08-01 00:34:39 +01:00
Ionut Craciunescu 847bf0c2e1 updates to support aws disks with provisioned iops 2017-08-01 00:28:21 +01:00
Justin Santa Barbara 3dfe48e5ae Wiring up lifecycle 2017-07-15 22:03:54 -04:00
chrislovecnm 1f3212ce94 increase default instance volume size 2017-07-04 20:19:06 -06:00
Austin Moore f4c7c61fae Add field to enable EBS Volume Optimization 2017-06-27 16:15:54 -04:00
Justin Santa Barbara 9d40b0e6ca Support internal (gossip) names for AWS also 2017-06-19 14:16:35 -04:00
Justin Santa Barbara c9ac0cdbd8 Support GCE ForwardingRule (LoadBalancer) for API 
Also lots of GCE cleanup
 2017-03-28 00:00:20 -04:00
Daniel Cohen aa1205036d Specify instance tenancy on AWS 
Allow tenancy to default to empty

Don't allow dedicated clusters to launch unsupported instances
 2017-03-21 14:13:17 -04:00
Justin Santa Barbara 645f330dad Re-enable GCE support 
We move everything to the models.  We feature-flag it, because we
probably want to change the names etc, and we aren't going to be able to
offer smooth upgrades until that is done.
 2017-02-28 20:08:03 -05:00