kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
20,347 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

128 Commits

Author SHA1 Message Date
zadjadr 61d036933e hardcode ingress secrets namespace & lb mode 2023-09-10 08:57:04 +02:00
zadjadr 4807f2c0c6 Implement Cilium Ingress 2023-09-10 08:57:03 +02:00
John Gardiner Myers b3908e592c Remove support for Kubernetes 1.23 2023-09-03 16:22:18 -07:00
Jack Andersen af6269f82a
Add a new field for using a custom registry for Cilium 
Signed-off-by: Jack Andersen <jandersen@plaid.com>
 2023-08-17 10:54:00 -04:00
zadjadr 43469e40e0 Fix hubble certificate dnsname 2023-08-09 15:34:01 +02:00
zadjadr d2358df1d7 feature: Add cluster-id for Cilium 
hack/update-expected.sh
 2023-08-06 18:08:39 +02:00
Ole Markus With a0d67fc475 Bump cilium to 1.13.5 
Bump to Cilium 1.14.0

hack/update-expected.sh
 2023-08-03 21:03:56 +02:00
Jan Safranek 0d03095fda Add SELinux support to containerd 
Add cluster.Spec.Containerd.SELinuxEnabled field that enables SELinux in
containerd.

With SELinux enabled, all pods that use HostPath volumes must run with
SELinux label `spc_t`, otherwise SELinux denies the pods to touch the host
filesystem.
 2023-06-19 15:20:08 +02:00
Kubernetes Prow Robot 1b00592526
Merge pull request #15336 from anthonyhaussman/fix/kops/cilium_1.12.8_init_fix 
fix(cilium): install CNI plugin binary in an InitContainer
 2023-05-22 22:58:27 -07:00
Kubernetes Prow Robot 9d61e527e8
Merge pull request #15360 from s3than/master 
If the Cluster Name is not default the hubble relay shows TLS errors
 2023-05-10 15:47:13 -07:00
Moshe Vayner 99ff00df61 Support Cilium operator pod annotations 2023-05-09 21:50:36 -04:00
Tim Colbert 033585cb2c
If the Cluster Name is not default the hubble relay shows TLS errors on request from the hubble UI 
Updated Files
 * Update: upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.16-v1.12.yaml.template
 2023-05-03 03:03:36 +00:00
Anthony Hausman 2283d620e8
fix(cilium): install CNI plugin binary in an InitContainer 
Starting cilium version `1.12.8` and to reduces the potential security surface of the agent, Cilium removes the bind-mount of `/opt/cni/bin` into the template.
Instead, write the binaries once in an initContainer.

Ref:
 - https://github.com/cilium/cilium/pull/24075
 2023-04-24 14:21:17 +02:00
Anthony Hausman 484bde5b9b
cilium: Add unreachable route for pod IP on deletion option 
When a pod is deleted, the route to its IP is replaced with an unreachable route.
When a pod is created, the route is replaced with a route to the pod veth (so if an unreachable existed, it's replaced).

Ref:
 - https://github.com/cilium/cilium/pull/18505
 2023-01-24 14:08:24 +01:00
Ole Markus With a5684f969f Bump cilium to 1.12.4 2022-12-07 18:33:03 +01:00
Ole Markus With ea1d919d0c Fix disabling masquerade for cilium 1.11+ 2022-11-30 14:27:04 +01:00
Kubernetes Prow Robot d405d4c5a2
Merge pull request #14507 from johngmyers/internalname 
Stop making MasterInternalName configurable
 2022-11-18 13:38:29 -08:00
Ole Markus With 58195904ee Bump cilium to 1.11.11 2022-11-18 08:44:55 +01:00
John Gardiner Myers 8473e8b2e7 Stop making MasterInternalName configurable 2022-11-16 22:06:02 -08:00
Nicolas Sterchele 5b58586537
cilium: fix agent pod annotation templating 2022-08-10 14:14:19 +02:00
Reilly Brogan f3a421d600 Update Cilium to 1.11.6 2022-06-29 13:18:21 -05:00
Ole Markus With 9c8cc8fe1e Merge the cilium templates 2022-06-16 09:10:22 +02:00
Ole Markus With 885bc3094b Create cilium manifest for k8s 1.25 2022-06-08 10:30:34 +02:00
Ole Markus With 4029d2bf33 Remove support for older cilium versions 2022-06-07 20:39:25 +02:00
Ole Markus With 77ebba84b8 Add support for configuring which metrics cilium will export 2022-05-26 09:33:19 +02:00
Ole Markus With 2d50b9ff2c Bump Cilium to 1.11.5 
Since this introduced some backwards breaking RBAC changes, the manifest got forked
 2022-05-18 21:44:19 +02:00
Jesse Haka c050c49ac8 set nodeselector null 2022-05-15 23:30:00 +03:00
Ole Markus With b1387368a6 Fix affinity and taints for cilium 2022-04-18 13:55:51 +02:00
Ole Markus With 1fadc39a59 Add PDB for cilium operator 2022-04-09 07:06:59 +02:00
Ole Markus With 468280d3f2 Improve HA for various addons 2021-12-24 08:53:27 +01:00
Ole Markus With 89f0c85e90 Use spread constraints rather than affinity to spread pods (templates) 2021-12-20 09:33:20 +01:00
Ole Markus With 7cbad719da Hubble relay should not tolerate anything 2021-12-14 11:56:05 +01:00
Ole Markus With 57fd343e1d Make service topology for cilium configurable 2021-12-12 07:54:21 +01:00
John Gardiner Myers 5a60d34e14 Change sense of Cilium IPTablesRulesNoinstall in v1alpha3 2021-11-25 18:45:13 -08:00
John Gardiner Myers 837176340d Change sense of Cilium DisableMasquerade in v1alpha3 2021-11-25 18:45:13 -08:00
John Gardiner Myers b9ac79ec6e Rename fields in v1alpha3 networking API to fit acronym convention 2021-11-22 08:07:55 -08:00
zhengtianbao 55c3120ff6 Fix render template cilium AgentPrometheusPort into a UNICODE char 2021-11-12 14:45:45 +08:00
John Gardiner Myers 7cb4fbe91e Never masquerade IPv6 with Cilium 2021-10-27 23:40:02 -07:00
John Gardiner Myers fdc128fda4 Remove vestigial Cilium ContainerRuntimeLabels code 2021-10-26 16:10:21 -07:00
Ole Markus With 11e68308d1 Disable CNP status updates by default 2021-10-20 14:01:48 +02:00
dntosas 7296597a17
[cilium] Add support for bpf-lb-sock-hostns-only field 
This is a needed configuration option for users that want to combine
Cilium alongside with a ServiceMesh. Cilium by default will LB requests
at CNI layer meaning that the Sidecars of ServiceMesh Proxy are not able
to apply LB by themselves thus loosing the capability of applying their
features for traffic management.

Ref issue: https://github.com/istio/istio/issues/35531

Signed-off-by: dntosas <ntosas@gmail.com>
 2021-10-12 08:33:57 +03:00
Nicolas Sterchele 103a98d060 Add Cilium agent pod annotations support to improve personalization 
Annotations is pretty useful when you need third-party tool to add additional behavior
for a k8s resource.
Lots of auto-discovery tools are based on this annotations.
 2021-10-04 15:49:51 +02:00
Ole Markus With 39178703c8 Mount cgroupv2 for cilium at a custom location 2021-09-27 19:29:36 +02:00
Kubernetes Prow Robot ef22270b3f
Merge pull request #12394 from ReillyBrogan/reilly/ciliumBidirectionalMount 
Add bidirectional BPF mount for Cilium >= 1.9.10 or >= 1.10.4
 2021-09-25 09:42:21 -07:00
Anthony Hausman 5e814f465d
Add support to configure Cilium CNI chaining 
CNI chaining allows to use Cilium in combination with other CNI plugins.

With Cilium CNI chaining, the base network connectivity and IP address management is managed by the non-Cilium CNI plugin, but Cilium attaches eBPF programs to the network devices created by the non-Cilium plugin to provide L3/L4 network visibility, policy enforcement and other advanced features.

https://docs.cilium.io/en/v1.9/gettingstarted/cni-chaining/#cni-chaining

In our case, to be able to use the `HostPort` feature in our cluster, we need to enable the `portmap` plugin.
 2021-09-24 10:39:22 +02:00
Reilly Brogan bce435da1c Add bidirectional BPF mount for Cilium >= 1.9.10 or >= 1.10.4 
- Cilium versions 1.10.4 and 1.9.10 now auto-mount the bpf file-system automatically
- Also remove redundant capabilities (these are already automatically granted by virtue of this being a privileged container)
 2021-09-23 13:01:58 -05:00
Ole Markus With 1c53e37491 Disable masquerade means disable masquerade if ipv6 too 2021-09-04 08:54:16 +02:00
dntosas 0e8d189aee [cilium] Add support for encryption via WireGuard 
In this commit, we enable users to choose WireGuard as their prefered
encryption type, leveraging this new feature from Cilium.

Ref: https://cilium.io/blog/2021/05/20/cilium-110#wireguard

Signed-off-by: dntosas <ntosas@gmail.com>
 2021-08-16 14:08:59 +02:00
Ole Markus With 133eb1f7ba Bump cilium to 1.10.3 2021-08-12 21:12:25 +02:00
Ole Markus With 97a41c66f4 Enable k8s event handover when kvstore is used 2021-07-09 15:46:43 +02:00