kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,222 Commits 116 Branches 250 Tags 533 MiB
Commit Graph

19 Commits

Author SHA1 Message Date
Justin Santa Barbara 8f15a58e8c Validate IAM additionalPolicies 
We now validate them with the cluster, so we should give early and
clear feedback if the IAM policy is not valid.
 2018-07-27 15:22:24 -04:00
k8s-ci-robot d7486e490f
Merge pull request #5533 from justinsb/hotfix_5522 
Check errors when parsing JSON on IAM policies
 2018-07-27 12:20:56 -07:00
Justin Santa Barbara f3fb513852 Remove unnecessary reflect.ValueOf 
We can replace with a simpler string cast
 2018-07-27 00:58:14 -04:00
Justin Santa Barbara 3ddf598448 Check errors when parsing JSON on IAM policies 
We weren't checking the error code, and this led to #5522
 2018-07-27 00:54:57 -04:00
Peter Rifel 5f0b63100d Add support for using existing instance profiles 2018-06-08 10:33:09 -07:00
Rohith c8e4a1caf8 Kubernetes Calico TLS 
The current implementation when Etcd TLS was added does not support using calico as the configuration and client certificates are not present. This PR updates the calico manifests and adds the distribution of the client certificate
 2018-02-14 23:41:45 +00:00
Albert c52472cfa8 Add support for cn-northwest-1. 2017-12-27 15:37:09 +08:00
chrislovecnm 2e6b7eedb9 Revision to IAM Policies created by Kops, and wrapped in Cluster Spec 
IAM Legacy flag.
 2017-09-15 08:05:23 +01:00
Justin Santa Barbara 3dfe48e5ae Wiring up lifecycle 2017-07-15 22:03:54 -04:00
Justin Santa Barbara bde69b5b3e Rename RoleType to ExportWithID in IAMRole 
Tweaks for #2508
 2017-05-16 10:21:11 -04:00
Pierre-Alexandre St-Jean 347dccfa25 Added instance role as terraform output 
Added:
- Instance role name
- Instance role arn

as terraform outputs, this can then be references later on to
use as sts:assume role, create after this one
 2017-05-05 16:21:43 -04:00
Justin Santa Barbara 864a999602 Fix automatic private DNS zone creation 
We have to defer creation of the IAM policy until we have created the
hosted zone.

Fix #2444
 2017-04-29 17:01:18 -04:00
Jakub Paweł Głazik cd795d0c8c Resolve DNS Hosted Zone ID while building IAM policy 
Fixes #1949
 2017-02-23 11:45:58 +01:00
Justin Santa Barbara 2bfed0d2b1 Remove additional IAM policies that have been removed 
This uses an explicit deletion approach, where we set the policy to
empty, and use that to signal that the policy should be deleted.  This
is acceptable because IAM policies can't be empty anyway.

We probably should use a tag-based "garbage-collection" approach, but
IAM objects can't be tagged, so we're pretty much always going to be
doing something name based.

Fix #1642
 2017-01-31 10:46:45 -05:00
Justin Santa Barbara 4c92aa558f Attach additional IAM policies to same role 2017-01-30 09:52:48 -05:00
Yissachar Radcliffe 1981f42e69 Format 2017-01-11 11:05:36 -05:00
Yissachar Radcliffe 773335e342 Create separate IAM policies instead of editing existing one 2017-01-11 11:05:36 -05:00
Justin Santa Barbara 50296f1a30 Fix file headers 2016-12-19 00:23:20 -05:00
Justin Santa Barbara fed68310fa Schema v1alpha2 
* Zones are now subnets
* Utility subnet is no longer part of Zone
* Bastion InstanceGroup type added instead
* Etcd clusters defined in terms of InstanceGroups, not zones
* AdminAccess split into SSHAccess & APIAccess
* Dropped unused Multizone flag
 2016-12-18 21:56:57 -05:00