kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
22,464 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

119 Commits

Author SHA1 Message Date
Peter Rifel 3f3d0f11c5
Discover a bastion load balancer and use it for dumping artifacts 2024-09-06 19:34:31 -05:00
Peter Rifel 8180a600b5
Fix panic 2024-04-13 16:03:31 -04:00
Peter Rifel dd3d64943f
Migrate remaining EC2 resource types to aws-sdk-go-v2 2024-04-13 16:01:39 -04:00
Peter Rifel f0c0c29121
Migrate EC2 Networking resource types to aws-sdk-go-v2 2024-04-13 16:01:39 -04:00
Peter Rifel 13df20c702
Migrate route53 to aws-sdk-go-v2 2024-04-01 11:02:40 -05:00
Peter Rifel d4d39eb0fe
Migrate autoscaling to aws-sdk-go-v2 2024-03-31 23:04:06 -05:00
Peter Rifel 0dcbf23df2
Migrate aws-sdk-go/aws to aws-sdk-go-v2/aws 2024-03-31 16:56:31 -05:00
Peter Rifel 2a1faaa6ef
Consolidate appends 2024-03-31 11:32:22 -05:00
Peter Rifel b18a00de43
Use wrapper for IAM errors 2024-03-31 11:32:20 -05:00
Peter Rifel 2626a354c5
Migrate ELB to aws-sdk-go-v2 2024-03-31 07:28:28 -05:00
Peter Rifel 7b8bcc46d9
Migrate elbv2 to aws-sdk-go-v2 2024-03-30 13:53:40 -05:00
Peter Rifel 8882bcbafb
Migrate IAM to aws-sdk-go-v2 2024-03-30 10:46:57 -05:00
justinsb 2a9343a168 Generate revisions of NLB objects, and introduce cleanup phase 
This lets us safely make changes to otherwise immutable fields, in
particular for adding security groups to NLBs created without them.

We detect the older versions, and create deletion tasks to remove
them.  These tasks can be deferred, and we expect them to be
deferred to a "prune" phase that runs after cluster apply.

Co-authored-by: Ciprian Hacman <ciprian@hakman.dev>
 2024-02-17 11:41:15 -05:00
justinsb eb27e30153 target group: refactor discovery into awsup 
This sets us up to support multiple generations of target groups,
needed if we want to support adding SecurityGroups to the NLB.
 2024-02-14 15:48:50 -05:00
justinsb 314e2b954b Refactor: Move NLB listing function into awsup 
As pruning becomes more a part of tasks, there is more overlap between
`kops update cluster` and `kops delete cluster`.
 2024-01-30 04:43:48 +02:00
justinsb 2fb39dedc8 toolbox dump: output correct type for target groups 
We were previously outputing them with the load-balancer target value.
 2024-01-27 13:22:38 -05:00
Ciprian Hacman fd86a0cb9d aws: Ignore InvalidRouteTableID.NotFound errors during cluster deletion 2024-01-15 06:04:30 +02:00
Ciprian Hacman d71879f023 aws: Terminate ASG instances in batches of 100 instances 2024-01-13 11:01:30 +02:00
Ciprian Hacman 005b693943 Revert "aws: Skip deleting ASG instances without volumes" 2024-01-12 18:07:10 +02:00
Ciprian Hacman 793086a01a aws: Skip deleting ASG instances without volumes 2024-01-06 09:31:23 +02:00
justinsb f79d2da6f6 Thread context through some slower AWS tasks 
There are still too many context.TODOs here for this to join all the
way up, but we should be able to better understand the slowest tasks.
 2023-11-09 08:17:10 -05:00
justinsb a6b963b127 dump: actually dump the gateway objects 
I had forgotten to populate the object itself, so it was not appearing
in the raw dump.
 2023-10-29 08:13:43 -04:00
justinsb 094b57aa8e dump: include the various gateways on AWS 
I think we were leaking egress-only-internet-gateways, it would be
helpful to see their status in the dump.
 2023-10-28 16:23:38 -04:00
Ciprian Hacman 1aecb5304d aws: Filter ENI list by VPC 2023-09-23 05:25:56 +03:00
Ciprian Hacman 8a2f74ce46 aws: Ignore volumes set to delete on instance termination 2023-08-14 18:47:38 +03:00
Peter Rifel e0c3b8cd36
Rename eventbridge rule in toolbox dump output 
`eventbridge` itself is too generic given there are many resource types within the eventbridge service
 2023-07-30 09:25:40 -05:00
John Gardiner Myers 1e7576c9c5 Upgrade external-dns to v0.13.5 2023-05-30 17:47:59 -07:00
Ciprian Hacman f7d434ee2c Refactor ListResources to not require passing the Cluster object 2022-12-05 09:10:58 +02:00
Ciprian Hacman 4868c2bfaf aws: Skip Route53 cleanup for clusters without DNS 2022-12-02 10:57:37 +02:00
John Gardiner Myers 87925bf0ca Remove CloudFormation support 2022-11-22 21:02:50 -08:00
John Gardiner Myers d39ba74bd7 Change the control-plane IG role to "ControlPlane" in v1alpha3 API 2022-11-22 17:05:29 -08:00
Ciprian Hacman d29812fc6e Replace fi.Bool/Float*/Int*/StringValue() with fi.ValueOf 2022-11-19 03:45:23 +02:00
Ciprian Hacman 8f79c9bd68 Replace fi.Bool/Float*/Int*/String() with fi.PtrTo() 2022-11-19 03:45:22 +02:00
John Gardiner Myers 71017f0307 Use bastion to dump private instances 2022-11-09 21:34:04 -08:00
John Gardiner Myers 8675336725 Also dump logs from IPv6 nodes 2022-11-05 16:10:53 -07:00
John Gardiner Myers eb69f8ac60 Remove well known account aliases for unsupported distros 2022-11-01 16:20:27 -07:00
John Gardiner Myers 423a04900f Fix typo 2022-10-27 11:07:17 -07:00
Ciprian Hacman 85026145a1 Always infer gossip DNS from cluster name 2022-10-02 12:54:37 +03:00
justinsb 90a484f049 AWS IAM Role listing: don't ignore "other" errors 
If the error was an AWS error, but not one of the recognized ones, we
ignored it.
 2022-09-01 07:57:03 -04:00
Ole Markus With eb003a19b1 Fix bugs and typo in iam resource deletion logic 2022-08-21 20:01:20 +02:00
Ole Markus With 084ecac2bb Fix no such entity check for iam profiles and roles 2022-08-21 07:29:30 +02:00
Ole Markus With 578e27bb5f Ignore entities not found when deleting IAM roles and profiles 2022-08-20 18:58:04 +02:00
Ole Markus With 535f597bce Rely on tags alone when deleting instance profiles 2022-08-20 10:25:49 +02:00
Ole Markus With e01b233b76 Warn instead of failure if we cannot read IAM role tags 
Since we now try to get tags for all roles in the account, we may encounter roles we are not allowed to get e.g if there is an SCP or similar with explicit deny.
 2022-08-20 09:53:10 +02:00
Ole Markus With 09b604867d Don't skip roles that don't have cluster name prefix 
This should plug the IAM roles leak. It probably a leftover from when roles did not have tags and we relied on the name of the role instead.
 2022-08-20 09:07:15 +02:00
Peter Rifel 780d9cc2ea
Fix OIDC Provider cleanup 
A race can occur where an OIDC provider being deleted is in the List results but is not found in the Get request
 2022-04-28 20:27:24 -05:00
Ole Markus With 66e6ed0850 Delete ENIs tagged with k8s tags 2021-12-22 21:45:01 +01:00
Ciprian Hacman ea7df00719 Run hack/update-gofmt.sh 2021-12-01 22:39:50 +02:00
John Gardiner Myers b2e9d809b7 Support IPv6 private topology 2021-11-16 21:38:03 -08:00
angeloskaltsikis b284537885
Fix that states AWS IAM Instance Profile blocks IAM Role 
According to [aws-cli docs](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/delete-role.html#examples),
it is needed to delete any Instance profile that uses a role before deleting
the actual role. This fix adds a "blocks" statement to the IAM Instance Profile,
to declare that it should block the IAM Role deletion.
 2021-11-03 18:28:36 +02:00