kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
19,460 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

1483 Commits

Author SHA1 Message Date
John Gardiner Myers 6ee229eb0c Fix configuration of NTH SQS mode 2022-12-03 21:42:56 -08:00
John Gardiner Myers 30970609ec Upgrade Node Termination Handler to 1.18.1 2022-12-03 21:42:56 -08:00
Ciprian Hacman 7a65b0f75e gce: Update cluster-autoscaler config 2022-12-03 22:41:14 +02:00
Ciprian Hacman 8920b15f75 metrics-server: Set preferred address type to `InternalIP` when non AWS 2022-12-03 22:35:52 +02:00
John Gardiner Myers 235aa61594 v1alpha3: move networking fields under networking 2022-12-02 19:19:59 -08:00
Ole Markus With ea1d919d0c Fix disabling masquerade for cilium 1.11+ 2022-11-30 14:27:04 +01:00
John Gardiner Myers 0ce9877eb4 Revert copy of "Calico: Work around host port/conntrack problem" 2022-11-28 07:31:32 -08:00
John Gardiner Myers 5d1c3a8361 Revert "Calico: Work around host port/conntrack problem" 
This reverts commit 9105368a41.
 2022-11-27 15:19:14 -08:00
John Gardiner Myers 0424c474a3 Don't disable AWS src/dst checks in Calico IPv6 2022-11-25 20:57:48 -08:00
John Gardiner Myers c6349285d4
Release 1.26.0-alpha.2 (#14665) 2022-11-25 09:06:04 -08:00
Kubernetes Prow Robot b8987e39f6
Merge pull request #14628 from jsafrane/add-features-to-template 
Add SELinuxMount feature gate
 2022-11-22 23:58:14 -08:00
Ciprian Hacman 173839a35b hetzner: Update CSI driver to v2.0.0 2022-11-23 06:21:15 +02:00
Jan Safranek e969b849ad Add SELinuxMount feature 
This feature installs platform CSI drivers so they support
SELinuxMountReadWriteOncePod. This assumes the operating system on all
nodes supports SELinux!
 2022-11-22 17:36:03 +01:00
Kubernetes Prow Robot d405d4c5a2
Merge pull request #14507 from johngmyers/internalname 
Stop making MasterInternalName configurable
 2022-11-18 13:38:29 -08:00
John Gardiner Myers 9d90c7fc7b Allow cluster-autoscaler to run on spot if nothing else is available 2022-11-18 08:31:47 -08:00
Ole Markus With 104ee74d63 Fix disabling StorageClass management 
Previously this was done in the manifests leading to empty files. kubectl doesn't like this, so protokube will always fail updating the addon when StorageClass management is disabled
 2022-11-18 09:55:02 +01:00
Ole Markus With 58195904ee Bump cilium to 1.11.11 2022-11-18 08:44:55 +01:00
John Gardiner Myers 8473e8b2e7 Stop making MasterInternalName configurable 2022-11-16 22:06:02 -08:00
Kubernetes Prow Robot b2357dba3b
Merge pull request #14564 from heybronson/sprig-join 
use sprig join for template functions
 2022-11-15 13:52:58 -08:00
Kubernetes Prow Robot ca093709fa
Merge pull request #14540 from olemarkus/bump-lbc-245 
Bump AWS Load Balancer Controller to 2.4.5
 2022-11-15 09:48:41 -08:00
Bronson Mirafuentes 5a3ed44773 use sprig join for template functions 2022-11-15 08:59:05 -08:00
Ole Markus With 981e45bb41 Bump AWS Load Balancer Controller to 2.4.5 
Also force LBC to run on regular nodes when IRSA is enabled.
 2022-11-15 11:27:30 +01:00
Ciprian Hacman bfe984a68b Update Canal to v3.23.5 for k8s 1.22+ 2022-11-15 05:25:35 +02:00
Ciprian Hacman e2be2a5e52 Update Calico to v3.23.5 for k8s 1.22+ 2022-11-15 05:25:35 +02:00
Ciprian Hacman 8af0c17a51 Update Canal to v3.24.5 for k8s 1.25+ 2022-11-15 05:25:35 +02:00
Ciprian Hacman 9d47c8d2e4 Update Calico to v3.24.5 for k8s 1.25+ 2022-11-15 05:21:05 +02:00
Moshe Shitrit 968aefb0dd add a condition for the aws-cni ClusterRole based on the value of 'ANNOTATE_POD_IP' env 2022-11-08 11:20:42 -05:00
Moshe Shitrit 6b1c564747 use the same affinity config for coredns-autoscaler deployment as for main coredns deployment 2022-11-06 19:11:35 -05:00
Moshe Shitrit c44f8a94c5 use the same tolerations config for coredns-autoscaler deployment as for main coredns deployment 2022-11-06 19:05:29 -05:00
Moshe Shitrit 2bde382dbb update amazon-vpc-cni to 1.12.0 2022-11-01 21:11:05 -04:00
Kubernetes Prow Robot 20b0595189
Merge pull request #14463 from HealthEngineAU/pod-identity-webhook-metrics-fix 
Fix Prometheus scraping for pod-identity-webhook
 2022-10-28 11:50:53 -07:00
Kubernetes Prow Robot 0aebcbc6d9
Merge pull request #14459 from pacoxu/master 
Stop applying the beta.kubernetes.io/os
 2022-10-28 10:46:31 -07:00
Ciprian Hacman 5aa9570c5c Update Canal to v3.24.3 for k8s 1.25+ 2022-10-28 07:39:30 +03:00
Ciprian Hacman 29cd8be78f Update Calico to v3.24.3 for k8s 1.25+ 2022-10-28 07:39:30 +03:00
Ciprian Hacman acd39b8085 Update Canal to v3.23.4 for k8s 1.22+ 2022-10-28 07:39:30 +03:00
Ciprian Hacman 48ebb20d83 Update Calico to v3.23.4 for k8s 1.22+ 2022-10-28 07:30:19 +03:00
Ciprian Hacman f9acd69eb4 Update Calico to v3.21.6 for k8s 1.16+ 2022-10-28 07:30:06 +03:00
Jim Barber 1253d15103 Fix Prometheus scraping for pod-identity-webhook 
The Service annotation for the pod-identity-webhook is asking Prometheus
to scrape its metrics from `https://` but this results in a HTTP 404 Not
Found response.
The pod-identity-webhook pods expose their metrics via HTTP on TCP port
9999 (the same port where the healthz checks go).
Therefore update the annotations to use `http://:9999` instead.
 2022-10-28 11:25:14 +08:00
Paco Xu d632e39eae Stop applying the beta.kubernetes.io/os 2022-10-27 12:15:38 +08:00
John Gardiner Myers 87dbab9062 Remove dead code 2022-10-22 22:05:18 -07:00
Ole Markus With 96a7c96c29 Fix pdb for identity webhook 
Also removing namespace from non-namespaced resource
 2022-10-21 19:03:41 +02:00
Niklas Walter 858bdbacfd
Allow snapshot controller to create volumesnapshotcontent 
For using dynamic provisioning of volumesnapshot the snapshot-controller has to be able to create volumesnapshotcontent objects at the cluster level.
When deploying the snapshot-controller as a kops addon the controller is not able to create volumesnapshotcontent object because it lacks the create permission.
This PR adds the create permission for the content objects, which should be the default according to https://github.com/kubernetes-csi/external-snapshotter/blob/v6.0.1/deploy/kubernetes/snapshot-controller/rbac-snapshot-controller.yaml
 2022-10-15 00:54:38 +02:00
Thomas Colomb e40239b241 fix typo kubeReserved not systemReserved and remove ec2:DescribeImages iam right not needed we use launch templates 2022-10-11 15:43:17 +02:00
Thomas Colomb a34939b5c0 karpenter: upgrade to version 0.16.3 and support kubeReserved configuration 2022-10-11 15:05:08 +02:00
Ole Markus With 18808486da Remove fsGroupPolicy as it is immutable 2022-10-05 18:23:10 +02:00
Ole Markus With 8e040a4082 Bump EBS CSI driver to 1.12.0 2022-10-05 08:56:48 +02:00
Kubernetes Prow Robot 4f34d8df11
Merge pull request #14379 from noony/cluster-autoscaler-config 
cluster-autoscaler : Add scaleDownUnneededTime and scaleDownUnreadyTime
 2022-10-04 12:39:54 -07:00
Thomas Colomb e5ddd5b0c3 cluster-autoscaler : Add scaleDownUnneededTime and scaleDownUnreadyTime 2022-10-04 18:57:21 +02:00
Thomas Colomb 4800f29d19 Karpenter : fallback on ondemand instance by default 2022-10-04 11:10:13 +02:00
Ciprian Hacman 26011ad579 hetzner: Fix metrics-server config to use internal IP 2022-09-28 08:40:00 +03:00
Ciprian Hacman 3ed1fd2d0b
Revert "Set metrics-server `--kubelet-preferred-address-types` by k8s version" 2022-09-28 07:39:00 +03:00
Ciprian Hacman d98b41ee4c Set metrics-server `--kubelet-preferred-address-types` by k8s version 2022-09-26 15:22:01 +03:00
Ciprian Hacman 1eb35d9686
Release 1.26.0-alpha.1 (#14311) 2022-09-21 01:28:54 -07:00
Ciprian Hacman d8b92aafae hetzner: Generate CCM args from external CCM config 2022-09-21 08:17:32 +03:00
Ciprian Hacman a32a3dc8bb Update Hetzner CCM to v1.13.0 2022-09-19 09:19:59 +03:00
Ciprian Hacman c783aa357d Add support for using an existing network for Hetzner 2022-09-18 12:35:23 +03:00
Moshe Shitrit 03bc54e0d6 remove 'get' from aws-cni clusterRole to reflect https://github.com/aws/amazon-vpc-cni-k8s/pull/2058 2022-09-13 08:13:35 -04:00
Moshe Shitrit 731ebc2454 bump aws-cni to version 1.11.4 2022-09-12 22:15:36 -04:00
Ole Markus With f5e0feab5f Fix CAS cordon flag 2022-09-10 20:15:25 +02:00
Anthony Hausman af1ab751fd
aws-node-termination-handler: Add option to fetch node name through Kubernetes node `.spec.providerID` 
Fetch node name through Kubernetes node `.spec.providerID` since Kops use InstanceID as node name.
 - 701db81ccf
 2022-09-08 07:00:48 +02:00
Daniel Franca cdd0013b1f
Add support to --cordon-node-before-terminating on the cluster autoscaler addon (CordonNodeBeforeTerminating) 2022-09-06 17:03:24 +02:00
Kubernetes Prow Robot 75f541172d
Merge pull request #14226 from hakman/flannel-0.19.2 
Update Flannel to v0.19.2
 2022-09-05 12:17:01 -07:00
Ciprian Hacman c4decc2d11 Update Flannel to v0.19.2 2022-09-03 12:18:08 +03:00
Ciprian Hacman 083947b7fe Update Canal to v3.24.1 2022-09-03 10:58:07 +03:00
Ciprian Hacman 6a5ba584c5 Update Calico to v3.24.1 2022-09-03 10:58:06 +03:00
Kubernetes Prow Robot 9faeb5b8a9
Merge pull request #14203 from olemarkus/dcgm 
Add support for installing dcgm exporter
 2022-09-02 09:22:05 -07:00
Ciprian Hacman 8b83dedf24
Release 1.25.0-beta.1 (#14210) 2022-08-31 03:43:00 -07:00
Steven E. Harris 69f8191921
Calico: Work around host port/conntrack problem 
In Calico's released versions, when using the eBPF data plane,
containers using host ports cannot respond to connection attempts
correctly. These container receive the packets from the client
forwarded after DNAT, but when they reply, there is no conntrack entry
for the would-be connection, so netfilter drops the reply packets,
preventing the connection from completing. The client never receives
the reply packets. The conntrack entry is missing because Calico
mistakenly attempts to optimize it away.

Work around the problem by disabling the Calico Felix program's
"BPFHostConntrackBypass" feature. This is a temporary measure until
the Calico maintainers can improve this feature to better handle host
port traffic, preserving these conntrack entries as intended.
 2022-08-31 02:22:45 -04:00
Ole Markus With 98cd242673 Add support for installing dcgm exporter 2022-08-30 14:54:13 +02:00
Kubernetes Prow Robot fd2d6338bd
Merge pull request #14183 from olemarkus/karpenter-kubelet-config 
Map up kubelet config to karpenter provisioners and add CCM startup taint
 2022-08-27 02:54:35 -07:00
Kubernetes Prow Robot 5b6b06e764
Merge pull request #14186 from hakman/hetzner_csi-driver_latest 
Update CSI driver to latest for Hetzner
 2022-08-26 12:26:15 -07:00
Ole Markus With cb1b50ef1d Bump external-dns to 0.12.2 2022-08-26 11:46:58 +02:00
Ciprian Hacman c7afa8a9fc Update CSI driver to latest for Hetzner 2022-08-25 20:05:35 +03:00
Ole Markus With 1a8236290d Bump node local dns cache to 1.22.8 2022-08-25 19:03:14 +02:00
Ciprian Hacman 325f5e8987 Pass CSI driver manifest through kustomize 2022-08-25 19:49:15 +03:00
Kubernetes Prow Robot 2c4d414737
Merge pull request #14185 from olemarkus/bump-nvidia-device-driver 
Bump the nvidia addon
 2022-08-25 09:04:06 -07:00
Ole Markus With 76c7cba031 Bump nvidia device plugin to 0.12.2 2022-08-25 17:12:14 +02:00
Kubernetes Prow Robot 1c7e7413db
Merge pull request #14184 from olemarkus/bump-snapshot-controller-125 
Bump snapshot-controller to 6.0.1
 2022-08-25 05:24:07 -07:00
Ole Markus With 2db7ccb691 Bump snapshot-controller to 6.0.1 2022-08-25 12:57:16 +02:00
Ole Markus With 679135462d Map up kubelet config and add startup taints to karpeneter provisioner 2022-08-25 11:37:19 +02:00
Ole Markus With ba5cc618fa Bump Cert Manager to 1.9.1 2022-08-25 08:35:54 +02:00
Ole Markus With 1b5e90fa18 Bump AWS Load Balancer Controller to v2.4.3 2022-08-25 07:17:19 +02:00
Ole Markus With 0cd110d723 Bump node termination handler to 1.17.1 2022-08-24 21:52:52 +02:00
Kubernetes Prow Robot 939a62e424
Merge pull request #14173 from olemarkus/karpenter-16 
Bump karpenter to 0.16
 2022-08-24 06:22:03 -07:00
Ole Markus With 501e1afdc8 Bump karpenter to 0.16 2022-08-24 10:03:44 +02:00
Ole Markus With d98d96aead Fix policy API version for NTH 2022-08-24 09:08:09 +02:00
Ole Markus With a800a6b607 Fix policy API version for LBC 2022-08-24 09:05:21 +02:00
Ole Markus With 29bbfeff70 Bump karpenter to 0.15 and enable consolidation 2022-08-18 20:46:25 +02:00
Ole Markus With 6bd4a9ab28 Update karpenter manifest 2022-08-17 20:40:07 +02:00
Ole Markus With cae87bb208 Add deployment-specific selectors to nth pdb 
If not, when migrating from imds-mode to sqs-mode, the selectors will match the daemonset pods, which doesn't work with pdb
 2022-08-11 07:23:04 +02:00
Nicolas Sterchele 5b58586537
cilium: fix agent pod annotation templating 2022-08-10 14:14:19 +02:00
Moshe Shitrit a77f9efe24 bump aws cni to 1.11.13 2022-08-10 00:00:18 -04:00
Kubernetes Prow Robot 9ee09fde44
Merge pull request #14087 from olemarkus/hack-cert-manager-crds 
Add back conversion struct to cert-manager CRDs
 2022-08-03 15:53:46 -07:00
Ole Markus With 43c9232ae3 Add back conversion struct to cert-manager CRDs 
A combination of apiserver map handling when using server-side apply, CA injection and resource validation made it impossible for kops to remove this struct. However, kops should claim ownership of all fields so we can remove them all in a future version
 2022-08-03 14:14:58 +02:00
Nicolas Sterchele a1256cf6e6
aws-ebs-csi-driver: remove preStop hook 
The hook can cause issue on execution, like

```
Exec lifecycle hook ([/bin/sh -c rm -rf
/registration/ebs.csi.aws.com-reg.sock /csi/csi.sock]) for Container
"node-driver-registrar" in Pod
"ebs-csi-node-96jbk_ebs-csi(a82c6d41-bd2b-42dd-b092-e3acd4c43b62)"
failed - error: command '/bin/sh -c rm -rf
/registration/ebs.csi.aws.com-reg.sock /csi/csi.sock' exited with 126: ,
message: "OCI runtime exec failed: exec failed: container_linux.go:370:
starting container process caused: exec: \"/bin/sh\": stat /bin/sh: no
such file or directory: unknown\r\n"
```

Moreover, it has been deleted from upstream driver, see this patch
6e59160eea

Signed-off-by: Nicolas Sterchele <foss@sterchelen.net>
 2022-08-02 14:48:16 +02:00
Ole Markus With 8b9a194cb7 Fix karpenter PDB api version 2022-08-01 21:06:28 +02:00
Ole Markus With 8bcc640452 Make Karpenter respect IG's spec.Subnets 
This will add tag all subnets with the IGs using that subnet

Update docs/operations/karpenter.md

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2022-08-01 21:06:24 +02:00
Ciprian Hacman 4dee7dd9a2
Release 1.25.0-alpha.2 (#14070) 2022-07-29 11:31:11 -07:00
Peter Rifel 116b887466 Remove namespaces from cluster-scoped resources in CNI manifests 2022-07-29 08:35:43 +03:00
Ciprian Hacman f77534b798 Update Canal to v3.23.3 2022-07-20 10:13:07 +03:00