kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
20,347 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

1973 Commits

Author SHA1 Message Date
John Gardiner Myers b0aaf3b3ab Deprecate Canal, Flannel, and Kube-router 2023-07-14 21:57:33 -07:00
Ciprian Hacman 80afaaead2 Add support for using swap memory 2023-07-14 07:50:48 +03:00
Ciprian Hacman 83d14d4343 azure: Add support for dns=none 2023-07-13 09:04:06 +03:00
John Gardiner Myers 36373b11ba Improve validation of PodCIDR and ServiceClusterIPRange 2023-07-11 21:16:03 -07:00
John Gardiner Myers a56e8eb049 Refactor UsesExternalECRCredentialsProvider() 2023-07-11 09:46:01 -07:00
John Gardiner Myers aef6fbdd29 Refactor UseKopsControllerForNodeBootstrap() 2023-07-11 09:45:45 -07:00
Kubernetes Prow Robot 65fe676967
Merge pull request #15613 from johngmyers/nodeup-sysctls 
Remove references to ClusterSpec from nodeup sysctls.go
 2023-07-10 01:23:05 -07:00
Kubernetes Prow Robot b915c6047c
Merge pull request #15612 from johngmyers/gcp-network 
v1alpha3: Rename GCE networking to GCP
 2023-07-09 21:13:05 -07:00
John Gardiner Myers f5fc710d6c Remove references to ClusterSpec from nodeup sysctls.go 2023-07-09 21:11:54 -07:00
John Gardiner Myers d926989600 v1alpha3: Rename GCE networking to GCP 2023-07-09 16:48:26 -07:00
John Gardiner Myers f4f8fc5bda Move GCE networkCIDR prohibition to validateNetworking() 2023-07-09 15:49:51 -07:00
Kubernetes Prow Robot 6f1e3e6dc4
Merge pull request #14921 from johngmyers/nonmasq-overlap 
Validate additionalNetworkCIDRs only set on AWS
 2023-07-05 23:19:04 -07:00
Tone c2ed4b6f64
Upgrade Karpenter to v0.27.5 (#15144) 
* feat(karpenter): Upgrade to version 0.27.0

Upgrade Karpenter to current last stable version `0.27.0`.
Template have been updated to use the same templates than the Helm chart.

* feat(karpenter): Use AWSNodeTemplate for launchTemplate

To set Launch Templates is deprecated into the provisioner, it is recommends using the `AWSNodeTemplate` to set it.
Ref:
 - https://karpenter.sh/v0.27.0/concepts/node-templates/

* feat(karpenter): Enable pruning addon

* Use extra flags in upgrade-ab scenario test

* feat(karpenter): Drop `karpenter` feature flag

* feat(karpenter): Add release note for `1.27`

* feat(karpenter): Upgrade to version 0.27.3

* feat(karpenter):  fix template

* feat(karpenter): Upgrade to version 0.27.5

* Update Karpenter documentation with depending kops version

* Delete KOPS_FEATURE_FLAGS from e2e test `run-test`

* Run hack/update-expected.sh
 2023-06-29 22:57:45 -07:00
Ciprian Hacman e8980bc21a Add option for specifying the list of etcd metrics urls 2023-06-27 19:50:05 +03:00
John Gardiner Myers f16c807f09 Validate additionalNetworkCIDRs only set on AWS 2023-06-25 00:25:17 -07:00
John Gardiner Myers 0dfac69d83 Remove support for Weave networking 2023-06-22 23:03:24 -07:00
Ciprian Hacman 59b7653cc3 Update min versions for kOps v1.28 2023-06-20 08:11:21 +03:00
Kubernetes Prow Robot b4c5a75829
Merge pull request #15487 from jsafrane/add-selinux 
Add optional SELinux support to RHEL clusters
 2023-06-19 08:54:22 -07:00
Jan Safranek 134727a2e7 Generate API 2023-06-19 15:20:08 +02:00
Jan Safranek 0d03095fda Add SELinux support to containerd 
Add cluster.Spec.Containerd.SELinuxEnabled field that enables SELinux in
containerd.

With SELinux enabled, all pods that use HostPath volumes must run with
SELinux label `spc_t`, otherwise SELinux denies the pods to touch the host
filesystem.
 2023-06-19 15:20:08 +02:00
Leïla MARABESE 39ed84601f keep support for gossip clusters 2023-06-14 15:15:22 +02:00
Leïla MARABESE dab001c3e9 scaleway authenticator and verifier 2023-06-14 15:15:17 +02:00
Kubernetes Prow Robot 38b99df517
Merge pull request #15493 from justinsb/hetzner_kops_controller 
Use kops-controller on hetzner, even with gossip
 2023-06-11 08:57:47 -07:00
Kubernetes Prow Robot 1f750303d6
Merge pull request #15475 from hakman/default_ubuntu_jammy 
Use Ubuntu 22.04 (Jammy) as the default distro for K8s 1.27+
 2023-06-11 05:21:46 -07:00
justinsb abd274b3f9 Use kops-controller on hetzner, even with gossip 
This is a more secure configuration.
 2023-06-11 07:15:31 -04:00
Jesse Haka d7d7a55c41 add additional config for node local dns 2023-06-10 10:22:32 +03:00
Ciprian Hacman 5901a8ae30 Use Ubuntu 22.04 (Jammy) as the default distro for K8s 1.27+ 2023-06-07 14:52:25 +03:00
Kubernetes Prow Robot fe3e5cd6e1
Merge pull request #15436 from hakman/etcd-3.5.9 
Update etcd to v3.5.9
 2023-05-31 10:25:48 -07:00
John Gardiner Myers 1e7576c9c5 Upgrade external-dns to v0.13.5 2023-05-30 17:47:59 -07:00
Ciprian Hacman 2f07263d3d Update etcd to v3.5.9 2023-05-26 07:33:12 +03:00
Kubernetes Prow Robot f7d97dba3c
Merge pull request #15422 from scaleway/scw_none_dns 
scaleway: none DNS option available
 2023-05-24 05:14:51 -07:00
justinsb ca67b1ca1e Refactor: rename IsGossip -> UsesLegacyGossip 
We want to be able to use "dns=none" (without peer-to-peer gossip)
even for clusters that have the k8s.local extension.  These were
previously called "gossip clusters", but really that is an
implementation; what actually matters to users is that they don't rely
on writing records into a DNS zone (such as Route53).
 2023-05-22 21:50:16 -04:00
Leïla MARABESE fddab4d8e9 scaleway: none DNS option available 2023-05-16 18:20:34 +02:00
Aurelio Forese efd50d000a OpenStack Octavia LoadBalancer supports for FlavorID 
When using Octavia as OpenStack Load Balancer, it is now possible to
specify the Octavia flavor ID to use.
 2023-05-13 10:17:44 +02:00
Moshe Vayner 881bd4e55f make apimachinery && make crds 2023-05-09 21:56:42 -04:00
Moshe Vayner 99ff00df61 Support Cilium operator pod annotations 2023-05-09 21:50:36 -04:00
justinsb 1faee9dd8c digitalocean: bootstrap nodes through kops-controller. 
We start with a simple node verifier.
 2023-05-07 13:17:56 -04:00
justinsb 8657e25f21 digitalocean: Allow dns=none 
This works similar to other clouds, going through the (public) load balancer.
 2023-05-07 12:38:06 -04:00
justinsb c89f434f1b Only use node challenge on hetzner 
DigitalOcean (and others) will follow shortly.

Also create a method for CloudProvider, so that we are more ambivalent
towards bootstrapping methods.
 2023-05-06 08:57:21 -04:00
Justin SB c67f895226 Perform challenge callbacks into a node 
In order to verify that the caller is running on the specified node,
we source the expected IP address from the cloud, and require that the
node set up a simple challenge/response server to answer requests.

Because the challenge server runs on a port outside of the nodePort
range, this also makes it harder for pods to impersonate their host
nodes - though we do combine this with TPM and similar functionality
where it is available.
 2023-05-06 08:03:21 -04:00
Ole Markus With 5d82e52c48 Use external ECR credential provider as of Kubernetes 1.27 2023-04-29 10:21:57 +02:00
Jesse Haka 80f8e12fa5 run make apimachinery 2023-04-20 15:10:23 +03:00
Jesse Haka c09b401b38 add csi cinder metrics 2023-04-20 14:40:44 +03:00
Steven E. Harris 9595c833ee
Allow Cluster Autoscaler to ignore daemon pods 
By default the cluster autoscaler takes DaemonSet-managed pods'
resource requests into consideration when computing a node's resource
utilization. Allow toggling its "--ignore-daemonsets-utilization"
command-line flag via a new field in the Cluster
spec—"clusterAutoscaler.ignoreDaemonSetsUtilization." Setting that
field to true causes the autoscaler to ignore such daemon pods'
requests, such that it will more likely judge a node running only
daemon pods as being underutilized and shut down its hosting machine.
 2023-04-05 10:03:24 -04:00
ederst a0c8bb600a Run make apimachinery and crds 2023-03-24 11:34:34 +01:00
ederst 1e9fc8e6d5 OpenStack: Add OCCM address sort order config 
This will add the OCCM config to specify an address sort order:
* https://github.com/kubernetes/cloud-provider-openstack/pull/1946
 2023-03-24 11:34:22 +01:00
Kubernetes Prow Robot 4b61ae77c1
Merge pull request #15183 from anthonyhaussman/feat/kops/nodeLocalDNS_ExternalCoreFile 
feat(NodeLocalDNS): Add possibility to set an ExternalCoreFile
 2023-02-28 23:17:17 -08:00
Anthony Hausman cc47bd278c
feat(nodelocaldns): Add possibility to set an ExternalCoreFile 
Allow users to provide entirely custom CoreFile for NodeLocalDNS to provide improved flexibility.
 2023-02-28 08:19:20 +01:00
Jesse Haka 3f9a1b6462 set node status update freq to 60min in OpenStack 2023-02-27 20:38:30 +02:00
Justin SB 94c35804c9 validation cleanup: simplify signature of validateCIDR 
We split out the "add to a slice" logic, as this is then easier to
reason about.

Should be a no-op in terms of valid inputs, might avoid some crashes
with invalid inputs.
 2023-02-24 11:09:49 -05:00
Kubernetes Prow Robot e8f704a855
Merge pull request #15036 from johngmyers/addlcidr-subnet 
Improve support for AdditionalNetworkCIDRs
 2023-02-24 06:33:34 -08:00
Kubernetes Prow Robot ca3b53c00a
Merge pull request #15095 from infonova/use-clustername-in-cinder-csi-plugin 
Pass actual cluster name to cinder-csi-plugin
 2023-02-13 09:33:29 -08:00
ederst b4557d4729 Run make apimachinery and crds 2023-02-13 17:34:31 +01:00
ederst cd50ee00ac Pass actual cluster name to cinder-csi-plugin 
This passes the acutal cluster name to the cinder-csi-plugin, so that
the plugin will add the name as metadata to the backing volume in
OpenStack.

Effectively, the change will help to better identify which volume in
OpenStack belongs to which cluster, which is especially helpful when
running multiple clusters in one OpenStack tenant/project.

Setting the cluster name in both - the controller and the nodeserver -
will ensure that dynamic and ephemeral volumes will receive the correct
metadata.
 2023-02-13 17:31:32 +01:00
Justin SB 0b699832ec Use cloud-discovery on GCE in gossip mode 
It's a little simpler and should speed up our boot.
 2023-02-11 11:03:12 -05:00
ederst f4fdf7df79 Allow setting 'ignore-volume-microversion' for OCCP 
This will allow setting the option `ignore-volume-microversion` for the
cinder-csi-plugin.

Setting this is necessary for older OpenStack APIs so that OCCP can
create PVs.

Note: This will work with cinder-csi-plugin >= 1.25.

For reference:
* https://github.com/kubernetes/cloud-provider-openstack/pull/1986/
 2023-01-31 11:48:25 +01:00
Anthony Hausman 484bde5b9b
cilium: Add unreachable route for pod IP on deletion option 
When a pod is deleted, the route to its IP is replaced with an unreachable route.
When a pod is created, the route is replaced with a route to the pod veth (so if an unreachable existed, it's replaced).

Ref:
 - https://github.com/cilium/cilium/pull/18505
 2023-01-24 14:08:24 +01:00
Ciprian Hacman b1ef66f136 etcd-manager: Add option to set backup retention 2023-01-23 09:43:09 +02:00
John Gardiner Myers 7d3c20d036 Validate additionalRoutes against additionalNetworkCIDRs 2023-01-21 18:42:58 -08:00
Kubernetes Prow Robot 987eefb48a
Merge pull request #14997 from johngmyers/validate-addlcidrs 
Validate nonMasqueradeCIDR doesn't overlap additionalNetworkCIDRs
 2023-01-21 12:10:02 -08:00
Kubernetes Prow Robot e88fbf5d7d
Merge pull request #15016 from johngmyers/nodeup-network2 
Move more networking settings into nodeup.Config
 2023-01-18 02:04:35 -08:00
Jesse Haka 39ab519269 support multiple ConfigServers 2023-01-16 10:51:50 +02:00
John Gardiner Myers 0c323445fb Move UsesKubenet to nodeup.Config 2023-01-15 23:12:00 -08:00
John Gardiner Myers 68c4ef1a93 Move networking-related tests to nodeup.Config 2023-01-15 23:12:00 -08:00
John Gardiner Myers cc49461849 Move several CNI tests to nodeup.Config 2023-01-15 23:11:58 -08:00
John Gardiner Myers f6debfd658 Move ServiceClusterIPRange to nodeup.Config 2023-01-15 17:19:18 -08:00
John Gardiner Myers 2e6e022eca Move EgressProxy to nodeup.Config 2023-01-15 17:19:18 -08:00
John Gardiner Myers da881fb320 Move NonMasqueradeCIDR to nodeup.Config 2023-01-15 17:19:18 -08:00
Kubernetes Prow Robot 1c8f9c8a35
Merge pull request #14894 from johngmyers/v1alpha3-oidc 
v1alpha3: Move most OIDC settings to authentication.oidc
 2023-01-15 08:40:31 -08:00
Jesse Haka 3dab0eb807 Use kops-controller to boostrap nodes in OpenStack 2023-01-14 13:54:14 +02:00
John Gardiner Myers e52480ecc6 Validate nonMasqueradeCIDR doesn't overlap additionalNetworkCIDRs 2023-01-13 19:36:57 -08:00
John Gardiner Myers a6bd29b2ae Move more networking validations out of legacy.go 2023-01-13 19:36:55 -08:00
John Gardiner Myers 2365980281 openstack: use subnet type instead of topology 2023-01-12 19:33:10 -08:00
Kubernetes Prow Robot a1a0ce3f33
Merge pull request #14930 from zetaab/feature/openstacknodns 
OpenStack: Add support for clusters without DNS
 2023-01-12 07:52:54 -08:00
John Gardiner Myers 1de02c56f1 Use state store for nodeup.Config in Gossip clusters 2023-01-11 21:19:24 -08:00
John Gardiner Myers d009928883 v1alpha3: Move most OIDC settings to authentication.oidc 2023-01-11 19:26:18 -08:00
Jesse Haka cc8871eede no dns for OpenStack 2023-01-11 20:02:02 +02:00
Grégory SANCHEZ 6fdf54ff34 feat(cluster-autoscaler): autogenerate priority-expander configMap 2023-01-11 08:26:33 +01:00
Kubernetes Prow Robot 7b4430ff61
Merge pull request #14885 from johngmyers/root-volume 
v1alpha3: Move IG root volume settings to sub-struct
 2023-01-04 18:11:58 -08:00
John Gardiner Myers 8fc4bdb669 Add missing line break 
Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2023-01-04 17:25:44 -08:00
John Gardiner Myers 447220ef4e Use NodeupConfig for NTP-managed setting 2023-01-03 22:16:20 -08:00
John Gardiner Myers 4179fcce58 Use NodeupConfig for KubernetesVersion 2023-01-03 22:16:20 -08:00
John Gardiner Myers b5eef1c129 Use NodeupConfig for kube-proxy config 2023-01-03 12:29:07 -08:00
John Gardiner Myers fe448ef906 Use NodeupConfig for DockerConfig 2023-01-02 13:58:21 -08:00
John Gardiner Myers 125866792d Use NodeupConfig for ContainerdConfig 2023-01-02 13:42:11 -08:00
John Gardiner Myers 25a897b691 Use NodeupConfig for ContainerRuntime 2023-01-02 12:50:23 -08:00
John Gardiner Myers c68be498c6 Refactor NewAssetBuilder to not take a Cluster 2023-01-01 13:37:52 -08:00
John Gardiner Myers 74becb764e Don't require subnets on DO and Hetzner 2022-12-30 12:00:02 -08:00
Kubernetes Prow Robot fc527b6e9f
Merge pull request #14909 from johngmyers/valid-values 
Make IsValidValue more useful for enum types
 2022-12-30 01:25:36 -08:00
Kubernetes Prow Robot ee990f8057
Merge pull request #14881 from johngmyers/addl-cidr 
Move networking validations inside validateNetworking()
 2022-12-30 01:25:29 -08:00
John Gardiner Myers 43f56de38b Make IsValidValue more useful for enum types 2022-12-29 23:30:53 -08:00
Kubernetes Prow Robot 50fe61338c
Merge pull request #14883 from johngmyers/sg-override 
Improve validation of API loadbalancer specs
 2022-12-29 23:27:29 -08:00
John Gardiner Myers 92958f9966 v1alpha3: Move IG root volume settings to sub-struct 2022-12-26 20:35:26 -08:00
John Gardiner Myers d9b7d41bd4 Improve validation of API loadbalancer specs 2022-12-26 13:08:50 -08:00
John Gardiner Myers 355f9e4bd2 Kubelet needs cloudconfig for in-tree cloudprovider 2022-12-26 11:25:24 -08:00
John Gardiner Myers d32a0fb3cc APIServer nodes need cloudconfig 2022-12-26 10:56:30 -08:00
John Gardiner Myers 8e96aa1acd Move networking validations inside validateNetworking() 2022-12-26 10:09:41 -08:00
John Gardiner Myers 5c69274317 Simplify pointers to maps in API 2022-12-25 20:29:51 -08:00
John Gardiner Myers b3dfcea95f v1alpha3: Move AWS-specific CloudConfig settings to AWSSpec 2022-12-25 16:12:02 -08:00
Kubernetes Prow Robot e13c51968b
Merge pull request #14869 from johngmyers/upd-min-version 
Update min versions for 1.27
 2022-12-24 23:59:27 -08:00