Fix up the local IP address discovery logic, to recognize new
en-interfaces, and to better log what it is doing. Plug it in for
baremetal installations.
Automatic merge from submit-queue.
Gazelle updates
We missed one
/assign @justinsb @KashifSaadat
- applying 4065 this should drop out b29e1c5bd2
- just review the second commit
Automatic merge from submit-queue.
Fix node counts
When running `kops validate`, and the cluster size is greater than the minimum configuration, the display message is
<img width="153" alt="screen shot 2017-12-07 at 1 10 14 pm" src="https://user-images.githubusercontent.com/11003242/33738958-1571943e-db50-11e7-9156-f034c9af7d9c.png">
This PR sets the NodeCount value to the length of the nodes array instead of the configuration.
Automatic merge from submit-queue.
Bump weave version in bootstrapchannelbuilder
2.1.3 upstream becomes 2.1.3-kops.1, so if we need to make our own
"packaging" changes, we can do 2.1.3-kops.2 etc.
Automatic merge from submit-queue.
add kube-ingress-aws-controller + skipper addons
Adds an addon that needs some more requirements, because it has to have the rights to create/update/delete ALBs, find certificates, ..
I hope this is ok to have here a more long page to explain requirements and show some features that are not common in ingress implementations.
Automatic merge from submit-queue.
[Add-on][kube-state-metrics] Bump version
## Why?
- Bump kube-state-metrics version 1.1.0
- Bump addon-resizer version to 1.8.1
- Adjust `addon-resizer` scaling threshold
Automatic merge from submit-queue.
Allow additional SGs to be added to API loadbalancer
Allow adding precreated additional security groups to the API loadbalancer using cluster spec:
```yaml
spec:
api:
loadBalancer:
type: Public
additionalSecurityGroups:
- sg-exampleid3
- sg-exampleid4
```
- [x] Adding additionalSecurityGroups cluster spec
- [x] Adding validation for repeated security groups
- [x] Adding validation for API loadbalancer security groups
- [x] Integration test for API loadbalancer and its security groups
- [x] Update API docs and cluster.spec docs
Automatic merge from submit-queue.
Remove world read permissions on sensitive key files.
The key files pulled from S3 had world read permissions by default (644). This PR sets the permissions to 600 on `.key` and `.pem` files.
Automatic merge from submit-queue.
Update Weave Net to version 2.1.3
This version supports 'v1' NetworkPolicy semantics.
Also includes a feature to clear down data for deleted nodes, which is probably the most-requested fix.
Automatic merge from submit-queue.
Add additionalNetworkCIDRs to support VPCs with multiple CIDRs in AWS
Add additionalNetworkCIDRs to support VPCs with multiple CIDRs in AWS.
@justinsb I cannot find anywhere that does a check on an existing VPC to see if the networkCIDR matches what is on the VPC defined, I was looking for that so I can add a similar check for this. Am I missing something or is there really no check like that?
Automatic merge from submit-queue.
Let a user set a hostnameOverride when the cloud provider is aws.
Let a user use the hostname or set a hostnameOverride when the cloud provider is aws. This would allow for a more descriptive name to be used. The name of the hosts when using @hostname can be set by using a hook or some other method.
Automatic merge from submit-queue.
Downgrade Flannel in Canal deployment to v0.9.0
Flannel v0.9.1 introduces a single change to add 2 iptables rules to the `FORWARD` chain, permitting traffic in/out of the pod network (introduced to improve compatibility with newer versions of Docker). This change is unnecessary for Canal deployments for the following reasons:
- Calico's `DefaultEndpointToHostAction` is set to `ACCEPT` in the manifest deployed by kops, allowing traffic by default once all other Calico rules are processed.
- If Calico's `ChainInsertMode` is set to `APPEND`, the flannel rules will be processed before the Calico rules, accepting traffic by default, and so Kubernetes network policies will not take effect
This change is temporary until a more permanent resolution is available with Flannel, such as providing a configurable option to disable the addition of these rules when deployed with Calico.
Related to #4037
Automatic merge from submit-queue.
Bastion output line
- cleaning up the bastion username line, stop you from getting
```shell
* to ssh to the bastion, you probably want to configure a bastionPublicNameThe admin user is specific to Debian...
```
Kubernetes Submit Queue
