kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,739 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

174 Commits

Author SHA1 Message Date
John Gardiner Myers 7cb4fbe91e Never masquerade IPv6 with Cilium 2021-10-27 23:40:02 -07:00
justinsb 4dc2c062fd Support GCE TPM verification 2021-10-06 08:40:20 -04:00
Nicolas Sterchele 2584e4133d cloudup: add nindent fct reference to templatefunctions 2021-10-04 15:17:03 +02:00
John Gardiner Myers 0fd4dca30e Remove dead code 2021-10-02 20:58:55 -07:00
Jeroen van Erp c30ec8e310
Add ability to provide custom CoreDNS Tolerations and Affinity 
Signed-off-by: Jeroen van Erp <jeroen@hierynomus.com>
 2021-09-28 17:05:48 +02:00
Peter Rifel 42ecabae28
Allow aws-iam-authenticator to be scheduled onto dedicated apiserver nodes 2021-09-26 11:09:30 -05:00
Reilly Brogan bce435da1c Add bidirectional BPF mount for Cilium >= 1.9.10 or >= 1.10.4 
- Cilium versions 1.10.4 and 1.9.10 now auto-mount the bpf file-system automatically
- Also remove redundant capabilities (these are already automatically granted by virtue of this being a privileged container)
 2021-09-23 13:01:58 -05:00
Ole Markus With 88bd1953ce Have kops-controller assign instance ipv6 prefix to node 2021-09-16 19:25:19 +02:00
Peter Rifel 6a53285ffe
Move AWS CCM image logic into pkg/model and add 1.21 and 1.22 images 2021-09-08 20:56:39 -05:00
Jesse Haka bb35842eba use ipip Always by default in OpenStack 2021-09-07 17:08:54 +03:00
Ole Markus With ec2dcfca48 Set NodeIPFamilies in ipv6 mode 2021-09-03 08:31:09 +02:00
Ole Markus With 0152c23c1e Remove externaldns feature flag 2021-08-27 06:30:01 +02:00
Ole Markus With 38f805c5ef Make external-dns a drop-in for dns-controller 
Support TXT records
 2021-08-27 06:24:47 +02:00
Ole Markus With 0439bb0d76 Remove UseServiceAccountIAM feature flag and rename feature to UseServiceAccountExternalPermissions 2021-08-07 21:20:03 +02:00
Ole Markus With 1839b1ac47 Revert most of #12023 and keep awslbc on CP nodes 2021-08-05 19:30:27 +02:00
Ole Markus With d31c682506 Set vpc-id on aws lbc 2021-07-19 15:14:15 +02:00
Kubernetes Prow Robot 89ad2bc453
Merge pull request #11810 from hakman/ipv6_disable_calico_awssrcdstcheck 
Enable cross-subnet mode with Calico by default
 2021-06-25 01:08:45 -07:00
Ciprian Hacman a12b3145ee Enable cross-subnet mode with Calico by default 2021-06-25 07:13:20 +03:00
Moshe Shitrit 6dee0ad09e Comment-out hardcoded default values and add the overriden ones as template functions for ease of customization 
Update auto-generated files
 2021-06-22 12:26:28 +03:00
John Gardiner Myers c0b54d980d Enable IPv6 support for Cilium 2021-06-13 20:47:44 -07:00
Ole Markus With 2fb1861528 Update CAS manifest 
Upstream examples were missing a number of improvements.
This commit also adds template functions for making controllers such as CAS more HA on HA clusters
 2021-05-19 16:12:51 +02:00
Ole Markus With 22f3a4aff8 Add default tags to LB controller and cilium eni resources 2021-05-18 19:02:40 +02:00
Alexander Block 859171eeac Sort --extra-tags of ebs-csi-driver 
Without sorting, the order is random and thus causes unnecessary cluster
updates.
 2021-05-10 07:17:47 +02:00
Jason Haugen 36722afb0f change casing Asg->ASG 2021-04-22 13:07:01 -05:00
Jason Haugen 7e48dad4d2 add ManagedAsgTag, merge templates, improve docs 2021-04-19 16:51:08 -05:00
Jason Haugen a2cc750d62 fix sqs url for china 2021-04-19 15:43:06 -05:00
Jason Haugen cceb9dd296 lifecycle integ test, docs, & small cleanup 2021-04-19 15:43:06 -05:00
Jason Haugen 10df4a9a14 integ tests 2021-04-19 15:43:05 -05:00
Ole Markus With dbd23473ef Add irsa support for awslbcontroller 
This commit also introduces support for adding token projection volumes for well-known SAs.
Slightly less complicated than explicitly parsing the objects for a manifest
 2021-04-04 21:24:07 +02:00
Ole Markus With 20bd724f5e Add support for scaling out the control plane with dedicated apiserver nodes 
Ensure apiserver role can only be used on AWS (because of firewalling)

Apply api-server label to CP as well

Consolidate node not ready validation message

Guard apiserver nodes with a feature flag

Rename Apiserver role to APIServer

Add an integration test for apiserver nodes

Rename Apiserver role to APIServer

Enumerate all roles in rolling update docs

Apply suggestions from code review

Co-authored-by: Steven E. Harris <seh@panix.com>
 2021-03-20 20:57:00 +01:00
Alexander Block 54c509b33c Add CloudLabels as --extra-tags to aws-ebs-csi driver 2021-03-04 12:07:11 +01:00
AkiraFukushima 36acadca59 Fill Role names in kops-controller-config instead of instance profile names when it is specified 
The role names are checked in node bootstrap.
If profile names are provided, bootstrap will fail.
Because profile name and role name do not always mactch in AWS IAM
 2021-02-11 14:28:49 +09:00
Steven E. Harris f0f45b71fd Allow use of Calico's VXLAN networking backend 
Introduce a new "encapsulationMode" field in Calico's portion of the
Cluster specification to allow switching between the the IP-in-IP and
VXLAN encapsulation protocols. For now, we accept the values "ipip"
and "vxlan," and forgo a possible "none" value that would disable
encapsulation altogether (at least for the default Calico IP pool).

Augment the default-populating procedure for Calico to take this field
into account when deciding both which networking backend to use and
whether to use IP-in-IP or VXLAN encapsulation for the default IP
pool. Note that these values supplied for the "CALICO_IPV4POOL_IPIP"
and "CALICO_IPV4POOL_VXLAN" environment variables in the "calico-node"
DaemonSet pod spec only matter for creating the "default" IPPool pool
object when no such objects already exist.

Generalize the documentation for the "crossSubnet" field to cover
environments more broad than just AWS, as Calico can employ this
selective encapsulation in any environment in which it can detect
boundaries between subnets.
 2020-12-18 10:55:11 -05:00
Ciprian Hacman 2844abd225 Delay defaulting to CoreDNS to k8s v1.20 2020-12-16 08:12:04 +02:00
Nick Turner c9feb36f3f Add aws-cloud-controller-manager config to addons 
- Config at aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml.template
- AWSCCMTag function for CCM image tag
 2020-11-30 01:35:07 -08:00
Ole Markus With 3721bbb76b Upgrade sprig to v3 2020-11-07 20:41:02 +01:00
Ole Markus With a7c7af4e97 Don't let node-local-dns add iptables rules 
Since we use the local IP we don't need the iptables rule for the cluster dns IP
 2020-10-16 12:46:16 +02:00
Ole Markus With fdaf5eb38d UseKopsControllerForNodeBootstrap instead of k8s versoin to determine secure tls 2020-10-09 10:18:02 +02:00
Ole Markus With 809aa93634 Make use of kubelet service certificate 2020-10-09 08:27:08 +02:00
liranp 15cc0fefae
feat(spot): upgrade the cluster controller (v1.0.67) 2020-10-01 18:24:31 +03:00
Kubernetes Prow Robot 4508406515
Merge pull request #9908 from rdrgmnzs/CacheNodeidentityInfo 
Allow caching of Nodeidentity Info in kops-controller for AWS.
 2020-09-09 13:01:44 -07:00
Rodrigo Menezes 4c057f138a Allow caching of Nodeidentity Info in kops-controller for AWS to reduce the number of DescribeInstances API calls. 2020-09-09 22:11:29 +03:00
Ole Markus With a0e9fab104 Implement cluster autoscaler as bootstrap addon 
Use provider-agnostic node definition for cas instead of aws auto-discovery

Validate clusterAutoscalerSpec

Add spec documentation

Add cas docs

Make CRDs

Apply suggestions from code review

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>

Add enabled flag to cas config

Apply suggestions from code review

Co-authored-by: Guy Templeton <guyjtempleton@googlemail.com>

Add support for custom cas image

Support more k8s versions

Use full image names
 2020-09-03 09:52:13 +02:00
John Gardiner Myers 07220797b4 Issue the cilium etcd client cert out of kops-controller 2020-08-17 21:15:34 -07:00
John Gardiner Myers d05f9a3eff Don't issue certs for features not enabled 2020-08-16 23:40:43 -07:00
Peter Rifel 4d9f0128a3
Upgrade to klog2 
This splits up the kubernetes 1.19 PR to make it easier to keep up to date until we get it sorted out.
 2020-08-16 20:56:48 -05:00
John Gardiner Myers 1a253dc574 Send the STS queries to the local region 2020-08-15 10:30:22 -07:00
John Gardiner Myers bec273ebf1 Implement signing of kubelet cert in kops-controller 2020-08-15 10:30:20 -07:00
John Gardiner Myers 9cfa169740 Add server code to kops-controller 2020-08-15 10:30:15 -07:00
John Gardiner Myers cfa262a81a Authenticate from nodeup to kops-controller 2020-08-15 09:50:08 -07:00