kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,451 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

13451 Commits

Author SHA1 Message Date
Peter Rifel 763d1e2bd0
Have nodeup retry kops-controller bootstrapping sooner if DNS isn't setup 2021-03-21 19:49:56 -05:00
Kubernetes Prow Robot 86492a81a5
Merge pull request #11089 from rifelpet/goembed 
Replace go-bindata with go:embed
 2021-03-21 01:15:42 -07:00
Kubernetes Prow Robot d14ba1bba1
Merge pull request #11087 from justinsb/readd_jwks_tests 
Re-add integration tests for jwks
 2021-03-21 00:33:49 -07:00
Kubernetes Prow Robot d43fb1e807
Merge pull request #11083 from bmelbourne/update-ubuntu-20.04-ami 
Update Ubuntu 20.04 to latest AMI
 2021-03-21 00:33:42 -07:00
Kubernetes Prow Robot d2ba0b9f1e
Merge pull request #11071 from danmx/patch-1 
fix(docs): cpuCFSQuotaPeriod needs a feature gate
 2021-03-20 20:23:42 -07:00
Justin SB c75e084158 Re-add integration tests for jwks 
We removed them from #10756, but they can be re-added.
 2021-03-20 22:55:11 -04:00
Peter Rifel a97f4fe809
Add darwin bazel outputs for protokube and channels 2021-03-20 20:46:28 -05:00
Kubernetes Prow Robot 15e4028c81
Merge pull request #10722 from olemarkus/apiserver-nodes 
Apiserver nodes
 2021-03-20 16:43:42 -07:00
Kubernetes Prow Robot 4875bd1a15
Merge pull request #11081 from olemarkus/validate-public-store 
Ensure a publicdatastore exists for jwks and that it can only be s3
 2021-03-20 14:31:42 -07:00
Peter Rifel e108cd732e
Update rules_go and gazelle 2021-03-20 16:02:51 -05:00
Peter Rifel f36e9a449a
Remove go-bindata 2021-03-20 16:02:09 -05:00
Peter Rifel ff2c520d22
Replace go-bindata with go:embed 2021-03-20 16:02:08 -05:00
Ole Markus With 20bd724f5e Add support for scaling out the control plane with dedicated apiserver nodes 
Ensure apiserver role can only be used on AWS (because of firewalling)

Apply api-server label to CP as well

Consolidate node not ready validation message

Guard apiserver nodes with a feature flag

Rename Apiserver role to APIServer

Add an integration test for apiserver nodes

Rename Apiserver role to APIServer

Enumerate all roles in rolling update docs

Apply suggestions from code review

Co-authored-by: Steven E. Harris <seh@panix.com>
 2021-03-20 20:57:00 +01:00
Kubernetes Prow Robot 2b46042241
Merge pull request #11086 from justinsb/controlplane_should_not_need_dns_permissions 
Don't add control-plane DNS permissions with UseServiceAccountIAM
 2021-03-20 12:29:42 -07:00
Kubernetes Prow Robot bf2105bcec
Merge pull request #11085 from justinsb/publicjwks_error_messages 
Improve error messages around PublicJWKS
 2021-03-20 11:41:42 -07:00
Justin SB d7683d85ce Don't add control-plane DNS permissions with UseServiceAccountIAM 
Should not be needed; dns-controller should run on the control-plane
node so there should not be a bootstrapping problem with the nodes.

Reverts #10529
 2021-03-20 14:00:46 -04:00
Justin SB 48ebac6892 Improve error messages around PublicJWKS 
I left off the publicDataStore (must pass --overwrite on create, I
believe), and the error message was a type-cast failure.
 2021-03-20 13:59:14 -04:00
Barry Melbourne d13b7407a0 Update Ubuntu 20.04 to latest AMI 2021-03-20 10:52:28 +00:00
Kubernetes Prow Robot 1b7dd3b5b8
Merge pull request #11078 from MoShitrit/aws-cni-1.7.10 
Upgrade AWS CNI to version 1.7.10
 2021-03-19 23:21:42 -07:00
Ole Markus With 6e3199bf86 Ensure a publicdatastore exists for jwks and that it can only be s3 2021-03-20 07:18:39 +01:00
Kubernetes Prow Robot 00bbf55371
Merge pull request #11075 from MoShitrit/k8s-releases-march-2021 
Update k8s versions with March 2021 releases
 2021-03-19 22:09:42 -07:00
Kubernetes Prow Robot bf3d10862e
Merge pull request #11076 from rifelpet/kubetest2 
Fix GCE channels version constraints
 2021-03-19 21:27:43 -07:00
Peter Rifel 08b263b8f6
Fix GCE channels version constraints 
Previously k8s 1.17+ would always match with COS rather than Ubuntu 20.04 because of the unbound version range.
This updates 1.18+ clusters to use Ubuntu 20.04 to match AWS.

This should fix the failure to download logs via SSH here: https://prow.k8s.io/view/gs/kubernetes-jenkins/logs/e2e-kops-gce-kubetest2/1373013584195358720
The instance groups confirm the use of COS rather than u2004: https://storage.googleapis.com/kubernetes-jenkins/logs/e2e-kops-gce-kubetest2/1373013584195358720/artifacts/instancegroups.yaml
 2021-03-19 22:34:31 -05:00
Kubernetes Prow Robot 7a7bd3fdee
Merge pull request #11077 from rifelpet/kubetest2-2 
Kubetest2 - add more validation time for --target terraform
 2021-03-19 20:21:42 -07:00
MoShitrit d72006aaf0 Update expected 2021-03-19 23:12:08 -04:00
MoShitrit ec278e162e Update aws-cni image to 1.7.10 2021-03-19 22:56:59 -04:00
Peter Rifel 0a446b4cff
Kubetest2 - add more validation time for --target terraform 
Some of the "beforeSuite" tests are failing because the e2e.test binary isn't resolving the API DNS.
This extends the validation time and also adds a sleep to wait for any negative TTLs to expire.
 2021-03-19 20:02:55 -05:00
MoShitrit 685826978a Update k8s versions with March 2021 releases 2021-03-19 16:44:42 -04:00
Kubernetes Prow Robot ac657c430e
Merge pull request #10756 from olemarkus/irsa 
Instance roles for service accounts (IRSA) contd
 2021-03-19 13:29:44 -07:00
Ole Markus With 397f58deb4 Fix comments from review 2021-03-19 20:51:18 +01:00
Ole Markus With 2e4cb854d1 Fix go.mod 2021-03-19 20:10:22 +01:00
Ole Markus With 5178571db5 Comment where the CA sha1s come from 2021-03-19 20:07:57 +01:00
Ole Markus With 1900548213 Upload JWKS files as world readable 2021-03-19 20:07:38 +01:00
Ole Markus With 5a8d47d45f Fix bug with deleting OIDC providers 2021-03-19 20:07:22 +01:00
Ole Markus With 2c1f88f40e Do not need thumbprints to be resources 2021-03-19 20:05:37 +01:00
Ole Markus With ed166313d2 Use well-known s3 fingerprints 2021-03-19 20:03:28 +01:00
Peter Rifel 7c900b7fae Generate and upload keys.json + discovery.json to public store 
Generate and upload keys.json + discovery.json to public store

Don't enable anonymous auth on publicjwks

Remove tests that won't work using FS VFS anymore
 2021-03-19 20:03:26 +01:00
Kubernetes Prow Robot cb7af0d8c6
Merge pull request #11073 from rifelpet/kubetest2 
Kubetest2 - initialize boskos heartbeat channel
 2021-03-19 11:00:34 -07:00
Peter Rifel 4d08a74d77
Kubetest2 - initialize boskos heartbeat channel 2021-03-19 12:18:09 -05:00
Kubernetes Prow Robot 644a90e218
Merge pull request #11054 from rifelpet/logging-cleanup 
Download kubectl to /opt/kops/bin on Flatcar OS
 2021-03-19 05:48:33 -07:00
Daniel Iziourov f0ce7708d2
fix(docs): cpuCFSQuotaPeriod needs a feature gate 2021-03-19 11:27:25 +01:00
Peter Rifel b57318fc3d
Download kubectl to /opt/kops/bin on Flatcar OS 
Also add it to protokube's PATH.

Our flatcar job is currently failing because channels arent being applied.
A newly added error log reports that kubectl isn't in protokube's PATH.

This adds the kubectl's location (/opt/bin) to protokube's PATH.

See https://storage.googleapis.com/kubernetes-jenkins/logs/e2e-kops-aws-distro-imageflatcar/1371379886664454144/artifacts/54.206.100.130/protokube.log
 2021-03-18 22:26:38 -05:00
Kubernetes Prow Robot 9db39aa7d1
Merge pull request #11070 from rifelpet/kubetest2 
Kubetest2 - Add boskos for GCE support
 2021-03-18 20:24:36 -07:00
Peter Rifel a3679b3efe
Kubetest2 - Add boskos for GCE support 2021-03-18 21:00:35 -05:00
Kubernetes Prow Robot 307c0ef6d2
Merge pull request #11067 from hakman/bazelisk-images 
Install bazelisk before pushing images
 2021-03-18 11:47:07 -07:00
Ciprian Hacman 191bb9502b Install bazelisk before pushing images 2021-03-18 20:08:41 +02:00
Kubernetes Prow Robot 9ddc1bdeda
Merge pull request #11041 from hakman/bazel-3.5.0 
Update Bazel to v3.5.0
 2021-03-18 10:29:20 -07:00
Ciprian Hacman 47fb5f1d8c Update docs to mention Bazelisk 2021-03-18 18:49:13 +02:00
Kubernetes Prow Robot 13ad755d55
Merge pull request #11066 from yojay11717/master 
correct a word for readme
 2021-03-18 06:17:19 -07:00
Ciprian Hacman 4235fd3835 Update Bazel to v3.5.0 2021-03-18 14:58:09 +02:00