kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
20,635 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

365 Commits

Author SHA1 Message Date
Ole Markus With 535f597bce Rely on tags alone when deleting instance profiles 2022-08-20 10:25:49 +02:00
Ole Markus With e01b233b76 Warn instead of failure if we cannot read IAM role tags 
Since we now try to get tags for all roles in the account, we may encounter roles we are not allowed to get e.g if there is an SCP or similar with explicit deny.
 2022-08-20 09:53:10 +02:00
Ole Markus With 09b604867d Don't skip roles that don't have cluster name prefix 
This should plug the IAM roles leak. It probably a leftover from when roles did not have tags and we relied on the name of the role instead.
 2022-08-20 09:07:15 +02:00
Ole Markus With 8e7a50346b Add iam role deletion test 2022-08-20 09:07:15 +02:00
Ciprian Hacman 5e3e9fabd0 Limit GCE network names to 63 chars 2022-08-17 06:37:26 +03:00
Ciprian Hacman d2e614dd3e Refactor ClusterPrefixedName and ClusterSuffixedName to not return error 2022-06-30 07:59:52 +03:00
Ciprian Hacman bdb1f509f0 Fix cleanup of firewall rules that contain the cluster name hash 2022-06-29 06:30:14 +03:00
Ciprian Hacman 377e26d407 Clean-up firewall rules that contain targets with the cluster name hash 2022-06-25 10:52:30 +03:00
Ciprian Hacman d34e0fd1e0 Fix GCE resource tracking 2022-06-23 19:50:39 +03:00
Ciprian Hacman b5f14b589b Add initial support for Hetzner Cloud 2022-05-09 06:12:15 +03:00
Peter Rifel 780d9cc2ea
Fix OIDC Provider cleanup 
A race can occur where an OIDC provider being deleted is in the List results but is not found in the Get request
 2022-04-28 20:27:24 -05:00
Nat Henderson 9b08c4bb51 Enable internal load balancers when running on GCP 
* Add ILBs, broadly following the AWS model.  The following new
capabilities are added for clusters in GCP:
  * Cluster's spec.api.loadBalancer can be set to 'type: internal' on
    GCP.
    * Therefore, GCP can now create:
        * regional backend services
        * regional (non-legacy) healthchecks
        * firewall rules with "internal" load-balancing scheme
        * firewall rules with dot-notation-specified IP addresses
  * Cluster's spec.api.loadBalancer's 'subnets' field functions
    as in the AWS model.

A few incidental changes are included, either because this change
touched the relevant code or because my use case happened to trigger the
issues that are fixed here.

* Cluster's spec.networkID field can be prefixed by project to use
  GCP's common cross-project networking model.
    * The presumption is that all specified subnets belong to this
      network and therefore this project.

* Add missing operation wait on forwarding rule creation.

* Some Terraform output improvements:
    * Permit no-ACL files in GCS buckets in Terraform output.
    * Enable marginally better cross-resource reference in Terraform outputs
    * Add project to network + subnetwork literals in Terraform output.
    * Add terraform output to backend services and health checks.

Testing:
  * Add mocks for backend services and health checks.
  * Add minimal integration test - copied from gce_private and ilb added.
  * Add update cluster goldens.

Co-authored-by: Travis Reid <travis_reid@apple.com>
 2022-04-25 13:31:47 -07:00
Ole Markus With ce2e877aeb Remove bazel files from vendor 2022-04-12 13:29:03 +02:00
John Gardiner Myers 591dd1aba9 Move Azure settings to cloudProvider.azure 2022-03-03 15:18:23 -08:00
Kubernetes Prow Robot 02dc9dd8b3
Merge pull request #13201 from zetaab/removesa 
cleanup GCP Cluster Service Accounts
 2022-02-23 04:24:19 -08:00
Jesse Haka 67beb3fef5 add const 2022-02-23 10:52:08 +02:00
Kubernetes Prow Robot e29591e21e
Merge pull request #13060 from srikiz/DO-Add-New-VPC 
[DigitalOcean] Implement new VPC if network-cidr flag is specified
 2022-02-18 12:44:23 -08:00
srikiz 97a3ef1566 Initial changes for vpc 
More changes for do vpc

some more minor updates

Fix PrivateIP check

Bazel fixes

Minor changes for vpc listing

Minor fixes for DO VPC

Add delete vpc logic

More fixes for vpc usage with gossip based clusters

Fix minor comments in code

Fix mock DO interface to use missing functions

Another fix for mock cloud do for missing interface function

incorporate review comments

incorporate review comments
 2022-02-15 17:07:09 +05:30
Jesse Haka 0a19533410 remove GCE Cluster Service Accounts 2022-02-04 16:46:27 +02:00
Jesse Haka d3fac0c1be GCP API health checks 2022-02-03 21:02:21 +02:00
Ole Markus With 66e6ed0850 Delete ENIs tagged with k8s tags 2021-12-22 21:45:01 +01:00
justinsb 1eedb7ddee gce: clean up networking objects by reference 
We try to avoid cleaning up by name, and prefer checking references to
(e.g. targeting) a known resource, like an instancegroup.
 2021-12-17 10:08:09 -05:00
John Gardiner Myers a0736b3c29 Remove support for Aliyun/Alibaba Cloud 2021-12-11 21:49:13 -08:00
Jesse Haka 8f3b42222b Cleanup GCE loadbalancers created by k8s 2021-12-05 12:26:43 +02:00
justinsb 9f125b1db4 gce: Add network & subnet to toolbox dump 
Now that we're better managing networks & subnets on GCE, we should
include them.
 2021-12-04 11:30:27 -05:00
Kubernetes Prow Robot 0be79b25b7
Merge pull request #12867 from hakman/gofumpt_script 
Add gofumpt scripts
 2021-12-01 22:13:32 -08:00
Peter Rifel 00a8a68f01
Fix area/provider/gcp GitHub label assignment 2021-12-01 22:43:43 -06:00
Ciprian Hacman ea7df00719 Run hack/update-gofmt.sh 2021-12-01 22:39:50 +02:00
justinsb cfd4e91a2c GCE: Fix race around route deletion 
Because the control-plane can recreate routes, there's a race between
deleting instances and deleting routes.  Add a dependency so we don't
try to delete routes until after we've deleted all the instances.
 2021-11-21 10:14:02 -05:00
John Gardiner Myers b2e9d809b7 Support IPv6 private topology 2021-11-16 21:38:03 -08:00
angeloskaltsikis b284537885
Fix that states AWS IAM Instance Profile blocks IAM Role 
According to [aws-cli docs](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/delete-role.html#examples),
it is needed to delete any Instance profile that uses a role before deleting
the actual role. This fix adds a "blocks" statement to the IAM Instance Profile,
to declare that it should block the IAM Role deletion.
 2021-11-03 18:28:36 +02:00
justinsb 344cc3edef GCE: Delete routes with long cluster names 
GCE "classic" networking sets up routes to each instance.  The route
name looks like `<cluster-name>-<uuid>`.

If the cluster name is long enough, it will be truncated.  This was
confusing the route cleanup logic.
 2021-10-27 09:34:36 -04:00
justinsb e3c3671f76 GCE: Support network deletion 2021-10-24 17:41:14 -04:00
Peter Rifel 3311e45767
Truncate cluster name prefix used in event bridge rules 2021-09-29 19:12:49 -05:00
justinsb 1823bc5963 GCE: Fix subnet deletion 
Subnets are created & owned for IPAlias mode.  We weren't deleting
them because of a bug deleting when there is a hyphen in the name (and
by default they are named after the region, which has a hyphen).
 2021-09-20 09:29:08 -04:00
justinsb fc04d91bc7 Recognize pending EC2 instances as needed deletion 
They should be deleted as they will presumably be running shortly.

Also, this function is used from `kops dump cluster` where presumably
instances are more likely to be pending.
 2021-09-18 16:10:29 -04:00
Ole Markus With 38f805c5ef Make external-dns a drop-in for dns-controller 
Support TXT records
 2021-08-27 06:24:47 +02:00
Justin SB 0722124e8e Initial IPv6 support for GCE 
Supporting IPv6 values where they can be set by the user, and ensuring
that IPv4 and IPv6 firewall rules are split because on GCP they cannot
be in the same rule.
 2021-08-21 20:09:31 -04:00
Kubernetes Prow Robot ecb85a207a
Merge pull request #12173 from srikiz/DO-Fix-DNSProvider-Interface-Package 
[DigitalOcean] Code refactor to use the existing dnsprovider package
 2021-08-18 22:53:24 -07:00
Reilly Brogan 1b59233c8e Debian 11: Release AMIs use same AWS Owner ID as Buster 2021-08-16 12:06:36 -05:00
srikiz 41439109a8 Fix DNS Provider package for DO 2021-08-12 00:01:50 +05:30
Reilly Brogan 850bca8db6 Support Debian 11 Bullseye 2021-08-06 12:52:16 -05:00
John Gardiner Myers 4152667f28 Remove dead code 2021-07-14 20:05:47 -07:00
srikiz 8836b4076e Fix sporadic volume detach error when volume is already detached 
Update pkg/resources/digitalocean/resources.go

Co-authored-by: Ciprian Hacman <ciprian@hakman.dev>

Incorporate review comments
 2021-07-09 20:53:36 +05:30
Ciprian Hacman 7bc629b683 Use DualStack API NLB for IPv6 2021-06-26 19:16:46 +03:00
srikiz b5154bb360 Fix upup cloud.go dependencies based on the new interface spec, also update protokube 2021-05-28 22:37:47 +05:30
srikiz 4cecc64f67 Move cloud.do from pkg/resources/digitalocean/ckoud.go to upup/pkg/fi/cloudup/do directory 2021-05-28 02:17:55 +05:30
Kubernetes Prow Robot 95dcaf2766
Merge pull request #11568 from h3poteto/cleanup-iam-8823 
Cleanup InstanceProfile only that have ownership tags in delete cluster
 2021-05-23 12:13:39 -07:00
AkiraFukushima f37306c89a
Cleanup InstanceProfile only that have ownership tags in delete cluster 2021-05-23 11:13:07 +09:00
John Gardiner Myers 2cf967b2de Fix deletion of IAM roles and policies 2021-05-21 17:46:15 -07:00
Kubernetes Prow Robot 4a5d04d94f
Merge pull request #11497 from johngmyers/cleanup-iam 
Cleanup orphaned IAM service account roles in direct render
 2021-05-19 18:35:05 -07:00
John Gardiner Myers dd605fdbc3 Subsume StatusStore into fi.Cloud 2021-05-15 17:39:32 -07:00
John Gardiner Myers a41d0e21be Delete cluster-owned service account roles upon cluster deletion 2021-05-15 12:06:45 -07:00
srikiz 7e366ff678 use create-args for specifying additional argments for kops create cluster command 
Add create-args parameter only once with spaces separating multiple arguments

Add kops state store

Another fix to check if environment variable are used correctly

Add state store for digital ocean

Add env variables for do related job

check if env is empty

tmp check 1

Revert changes

Use a smaller droplet size

Update make file

Add SSH key for DO

Add private key path

update ssh user

Another fix

try with v1.18

use 1.20

Rebase with master

Fix merge issues

Add DO droplet dump support

I'm hoping this allows our e2e tests to dump system logs into the job artifacts for easier troubleshooting

Use root ssh user

use 2 nodes to reduce cost

another minor fix

Skip services test

Increase master size

Skip flaky tests

Remove pod status test that belongs to v1.20

Add do test file and revert changes to make file

Update make file

Include DigitalOcean in the supported provider flags

incorporate review comments

Update tests/e2e/pkg/tester/tester.go

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>

Fix formatting

Add higher resource master and nodes for running e2e tests

Revert back to use lower size masters
 2021-05-08 12:54:18 +05:30
Kenji Kaneda 71f52363f8 Add a lifecycle test for GCE 
- Move MockGCECloud to cloudmock/gce.
- Change Compute() and CloudDNS() of GCECloud to return interfaces
  for mocking
 2021-04-26 13:05:27 -07:00
Kubernetes Prow Robot 0d9e2e7bb4
Merge pull request #11184 from cloudnatix/kenji/gcp 
Add GCE Router task
 2021-04-24 00:37:15 -07:00
Kenji Kaneda f37330f53d Add GCE Router task 
This commit picks up the change from the previous attempt
(https://github.com/kubernetes/kops/pull/6828).

- Add Router to GCE tasks
- Add the HasExternalIP field to InstanceTemplate
- Create a RouterTask and set HasExternalIP to false when
  a private topology is specified.

https://github.com/kubernetes/kops/issues/6827
 2021-04-23 23:03:38 -07:00
Jason Haugen c2a9bdc515 fix permissions required for NTH Queue Processor 2021-04-23 13:10:29 -05:00
Jason Haugen cceb9dd296 lifecycle integ test, docs, & small cleanup 2021-04-19 15:43:06 -05:00
Jason Haugen 10df4a9a14 integ tests 2021-04-19 15:43:05 -05:00
Jason Haugen c8bb48ba81 fix existing tests 2021-04-19 15:43:05 -05:00
Jason Haugen d07b067249 Add NTH queue-processor mode 2021-04-19 15:43:05 -05:00
Ole Markus With 09615935fd Make kOps CLI handle ASG warm pools 2021-04-15 11:10:23 +02:00
Ole Markus With 5a8d47d45f Fix bug with deleting OIDC providers 2021-03-19 20:07:22 +01:00
Bharath Vedartham 0c0767c0c9 Remove support for launch configurations 2021-03-09 09:04:15 +02:00
Kubernetes Prow Robot 9c5c186442
Merge pull request #10915 from t1cg/caw/publicLoadbalancer 
add support for azure public loadbalancer
 2021-02-24 19:51:24 -08:00
liranp 955e5072dc
fix: prevent igs with same suffix from being deleted 2021-02-24 17:53:34 +02:00
Kubernetes Prow Robot 1b42286cfe
Merge pull request #10832 from rifelpet/aws-sdk 
Add Tagging to Instance Profiles and OIDC Providers
 2021-02-24 05:40:50 -08:00
Collin Woodruff ee7fc850ff add support for azure public loadbalancer 2021-02-23 17:42:33 -05:00
Nicholas Galantowicz 616d446658 add usage of subnet and routetable shared resources in azure 2021-02-22 15:28:55 -05:00
Ciprian Hacman 4f70c4237c Update mock to v1.21.0-alpha.1 2021-02-16 14:19:58 +02:00
Peter Rifel d52fd9f76c
Add tagging support to AWS Instance Profiles and OIDC Providers 2021-02-15 16:48:43 -06:00
Peter Rifel 6e6e072d93
Use AWS SDK const for IAM entities not found 2021-02-15 15:53:59 -06:00
Collin Woodruff 6a8d474acd add internal loadbalancer for azure 2021-02-12 17:13:01 -05:00
Peter Rifel c28c4c728d
Cleanup kops-controller Route53 record during cluster deletion 2021-02-03 22:41:49 -06:00
Jesse Haka 643997320d fix comment 2021-01-13 11:57:01 +02:00
Jesse Haka 1bc330b0bb nameprefix -> groupname 2021-01-13 11:54:07 +02:00
Jesse Haka 38831ff70d fix test 2021-01-12 15:50:40 +02:00
Jesse Haka 46de9f145e update gophercloud dependency 2021-01-11 14:48:22 +02:00
Matthew Wong 7e9392e72c Treat InvalidDhcpOptionsId.NotFound as already-deleted 2020-12-28 17:27:34 -08:00
Kenji Kaneda a61caea8d2 Add Azure support 
This commit contains all changes required to support Azure
(https://github.com/kubernetes/kops/issues/3957).
 2020-12-21 08:27:54 -08:00
srikiz c911976516 Fix tests 2020-11-26 15:55:17 +05:30
Ciprian Hacman c8de1d3042 Handle cluster cleanup more gracefully 2020-11-12 18:21:04 +02:00
Ciprian Hacman 1d6a51aff9 Address review comments 2020-11-09 21:41:58 +02:00
Ciprian Hacman fdf976809e Use pagination when listing LaunchTemplates 2020-11-09 21:41:58 +02:00
Ciprian Hacman 565adceab9 Use LaunchTemplate versions instead of timestamped LaunchTemplates 2020-11-09 21:40:33 +02:00
Srikanth Rao 4d251fe900
[Digital Ocean] Implement Delete Instance logic for rolling update (#10000) 
* Add delete Instance implementation for DO

* Add warning for DeleteInstance usage

* Use reconcile option for rolling update

* Update pkg/instancegroups/instancegroups.go

Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>

Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>
 2020-10-13 10:06:27 -07:00
Ciprian Hacman c7bc3d4397 Update mock version to 1.19.0-alpha.3 2020-09-08 08:45:25 +03:00
Ole Markus With 0ec71686b9 Refactor cloudinstancegroupmember in a more independent cloud instance representation 
Apply suggestions from code review

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-08-30 21:37:03 +02:00
Ole Markus With ef25dda399 Migrate floating IP deletion to neutron 2020-08-24 06:44:29 +02:00
Peter Rifel 4d9f0128a3
Upgrade to klog2 
This splits up the kubernetes 1.19 PR to make it easier to keep up to date until we get it sorted out.
 2020-08-16 20:56:48 -05:00
Ole Markus With 9890839cec Add an integration test for openstack floating ip 
* Integration test for floatingip cluster
* Implements mocking of floatingIP (only list for now)
* Expands various cloudmocks
* Fixes an NPR in openstack validation
* Fixes a bug where kops tries to use DNS even if the cluster is gossip
 2020-08-12 12:59:30 +02:00
Peter Rifel 6c661d236d
openstack - dont panic if the dns zone is not found 2020-08-05 18:37:09 -05:00
Kubernetes Prow Robot be783014f2
Merge pull request #9637 from hakman/aws-eventual-consistency 
Cleanup AWS EC2 eventual consistency warnings
 2020-07-29 14:20:03 -07:00
Peter Rifel a17581e21d
Add cloud tags to AWS SSH Keys 2020-07-28 13:35:09 -05:00
Ciprian Hacman 85da6b1c85 Cleanup AWS EC2 dependency violation messages 2020-07-28 19:04:32 +03:00
Ciprian Hacman 81c2e76449 Print error during cluster delete for dependency violation 2020-07-17 18:16:06 +03:00
Kubernetes Prow Robot 065824851b
Merge pull request #9476 from srikiz/DO-implement-validate-cluster 
[Digital Ocean] Implement KOPS validate cluster
 2020-07-15 12:12:37 -07:00
Srikanth 160a4b81c9 incorporate review comments to use instance group name for DO instance group tag 2020-07-14 13:25:01 +05:30
Kubernetes Prow Robot 98ed5d4fa1
Merge pull request #9527 from hakman/update-mock-version 
Update mock version to 1.19.0-alpha.1
 2020-07-08 10:09:08 -07:00