kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,667 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

1019 Commits

Author SHA1 Message Date
John Gardiner Myers 8416bd0c39 hack/update-expected.sh 2021-07-17 14:25:19 -07:00
John Gardiner Myers 526dd38e16 Remove apiserver's access to controller-manager secrets 2021-07-17 14:25:19 -07:00
John Gardiner Myers 226380bf5b Refactor legacy etcd manager etcd-client keypair 2021-07-17 14:25:19 -07:00
Kubernetes Prow Robot 67cfa9d4d4
Merge pull request #12003 from johngmyers/apiserver-server-cert 
Refactor more kube-apiserver credentials
 2021-07-17 13:52:50 -07:00
John Gardiner Myers 12c988160c hack/update-expected.sh 2021-07-16 23:12:22 -07:00
John Gardiner Myers 7c1ed8de66 Refactor kube-apiserver kubelet-api certificate 2021-07-16 23:07:14 -07:00
John Gardiner Myers 68bb8f5ddb Refactor kube-apiserver static credentials 2021-07-16 22:55:50 -07:00
John Gardiner Myers 781b302fac hack/update-expected.sh 2021-07-16 22:46:41 -07:00
John Gardiner Myers c8b1a586b8 Refactor kube-apiserver server certificate 2021-07-16 22:42:23 -07:00
John Gardiner Myers 3282549577 Issue kubelet cert on apiserver nodes for k8s before 1.19 2021-07-16 10:13:20 -07:00
John Gardiner Myers 3ae5413f63 Use keypair IDs for non-kops-controller-issued worker node certs 2021-07-15 14:04:48 -07:00
John Gardiner Myers 10692bc2f4 hack/update-expected.sh 2021-07-14 08:19:10 -07:00
John Gardiner Myers 191df58267 Verify CA keypair IDs for kops-controller-issued certs 2021-07-14 08:15:28 -07:00
Ole Markus With c17ec3a7e7 Move containerd config from cloudup to nodeup 2021-07-14 10:28:37 +02:00
John Gardiner Myers 9dbf3479d6 Stop writing the certificate-only keyset.yaml 2021-07-11 11:16:11 -07:00
Kubernetes Prow Robot 73b1bce020
Merge pull request #11975 from johngmyers/refactor-legacy 
Issue certs using CA KeypairID in NodeupConfig
 2021-07-11 01:56:47 -07:00
Kubernetes Prow Robot a3daff9343
Merge pull request #11971 from johngmyers/rotate-all 
Add "all" variants of key rotation commands
 2021-07-11 00:30:46 -07:00
John Gardiner Myers 61606868ab hack/update-expected.sh 2021-07-10 23:23:13 -07:00
John Gardiner Myers 68041a4f73 Issue certs using CA KeypairID in NodeupConfig 2021-07-10 23:23:12 -07:00
John Gardiner Myers 6ddccf5f79 Refactor some users of FindPrimaryKeypair 2021-07-10 23:23:12 -07:00
John Gardiner Myers 6f06661a68 Use narrower interface type 2021-07-10 23:23:12 -07:00
John Gardiner Myers a33a30a859 Refactor out some legacy interfaces 2021-07-10 23:23:12 -07:00
John Gardiner Myers a63e65038f hack/update-expected.sh 2021-07-10 17:31:59 -07:00
John Gardiner Myers d58a19e1bd Refactor service-account signing key 2021-07-10 17:31:59 -07:00
John Gardiner Myers 5a2aac4cfd Add "all" variants of key rotation commands 2021-07-10 05:51:31 -07:00
John Gardiner Myers 6846ef3a80
Fix function comment 
Co-authored-by: Ole Markus With <olemarkus@gmail.com>
 2021-07-09 23:50:02 -07:00
John Gardiner Myers c35d101a89 Refactor keysets for etcd-manager 2021-07-08 18:46:03 -07:00
Ciprian Hacman 0ed8942835 Add log rotation for etcd-cilium.log 2021-07-07 08:31:08 +03:00
John Gardiner Myers 5834fc2690 hack/update-expected.sh 2021-07-03 17:33:13 -07:00
John Gardiner Myers 921d09523e Rename the "ca" keyset to "kubernetes-ca" 2021-07-03 17:33:13 -07:00
Peter Rifel c5fbcccfa6
Update pause image to 3.5 2021-07-02 06:40:27 -04:00
John Gardiner Myers 5c5969d102 hack/update-expected.sh 2021-07-01 22:25:51 -07:00
John Gardiner Myers 1e0c6cb1aa Refactor apiserver-aggregator-ca 2021-07-01 22:25:47 -07:00
John Gardiner Myers 7162a7473a Remove dead code 2021-07-01 13:58:51 -07:00
John Gardiner Myers 0f1de5cfc8 hack/update-expected.sh 2021-06-30 18:55:35 -07:00
John Gardiner Myers 3de05a500e Refactor etcd-clients-ca keyset for api-server 2021-06-30 18:55:30 -07:00
John Gardiner Myers 7dfe9d82ab hack/update-expected.sh 2021-06-27 08:45:06 -07:00
John Gardiner Myers e1df9f09dd Refactor service-account public keys 2021-06-27 08:45:06 -07:00
John Gardiner Myers 20ca7082d7 hack/update-expected.sh 2021-06-27 08:45:05 -07:00
John Gardiner Myers 7e0c6acbad Take poorly formed keypair out of tests 2021-06-27 08:45:05 -07:00
John Gardiner Myers 60ae29c93c Refactor EncryptionConfig 2021-06-27 08:45:05 -07:00
John Gardiner Myers fdf034058d hack/update-expected.sh 2021-06-27 08:45:05 -07:00
John Gardiner Myers 1312163edd Update nodes with an APIServer when APIServer spec changes 2021-06-27 08:45:04 -07:00
John Gardiner Myers 5de6d16e76 Catch calls to GetBootstrapCert from control plane 2021-06-26 00:04:52 -07:00
John Gardiner Myers 2faf28379a Refactor etcd-client-cilium secrets 2021-06-25 23:57:23 -07:00
John Gardiner Myers 1752f0f4db Move most of nodeup.Config out of userdata 2021-06-25 22:25:49 -07:00
John Gardiner Myers c132ae1520 Move fields from AuxConfig to nodeup.Config 2021-06-25 18:41:29 -07:00
Ciprian Hacman d7f405f65a Decrease default values for net.ipv4.tcp_rmem and net.ipv4.tcp_wmem 2021-06-25 21:27:56 +03:00
Kubernetes Prow Robot 0e4d766deb
Merge pull request #11852 from hakman/hooks-containerd 
Handle containerExec hooks when using containerd
 2021-06-23 23:27:40 -07:00
Ciprian Hacman cf19ba343b Handle containerExec hooks when using containerd 2021-06-24 07:42:53 +03:00
Ciprian Hacman cb179b3b62 Pre-add hooks integration test 2021-06-24 06:38:20 +03:00
John Gardiner Myers 1e89064be3 Refactor kube-controller-manager secrets 2021-06-22 22:32:52 -07:00
Kubernetes Prow Robot d5119c0338
Merge pull request #11833 from johngmyers/update-on-primary-change 
Mark nodes NeedsUpdate when keys they use change
 2021-06-22 08:11:58 -07:00
John Gardiner Myers 366210d189 Remove dead code 2021-06-21 21:45:55 -07:00
John Gardiner Myers a83bf7b20f Mark nodes NeedsUpdate when keys they use change 2021-06-21 19:37:23 -07:00
Kubernetes Prow Robot 9a0e90e1ed
Merge pull request #11824 from johngmyers/remove-kubeup 
Remove support for importing and converting kubeup clusters
 2021-06-21 12:46:50 -07:00
John Gardiner Myers fc94505a76 Include multiple certs in aws-iam-authenticator trust bundle 2021-06-21 07:35:50 -07:00
John Gardiner Myers 002a1f7fd3 Remove 'kops toolbox convert-imported' 2021-06-21 07:34:29 -07:00
Kubernetes Prow Robot ab0ee8a2a9
Merge pull request #11823 from johngmyers/get-keypairs-2 
Improve the output of 'kops get keypairs'
 2021-06-21 02:19:10 -07:00
John Gardiner Myers 1ed3619362 Improve the output of 'kops get keypairs' 2021-06-20 15:51:09 -07:00
Ciprian Hacman 904f21cd77 Remove previous implementation of pre-pulling container images 2021-06-20 23:01:52 +02:00
Ciprian Hacman 65d21ee463 Pre-pull container images from list of desired prefixes 2021-06-20 23:01:52 +02:00
John Gardiner Myers 204a134a7d Include multiple CA certificates in the common trust store 2021-06-19 10:56:30 -07:00
John Gardiner Myers c337d217ba Refactor kops-controller to use FindPrimaryKeypair and use consistent filenames 2021-06-19 10:56:29 -07:00
John Gardiner Myers 6b9aebae88 Include multiple CA certificates in bootstrap kubeconfigs 2021-06-19 10:56:29 -07:00
John Gardiner Myers 0dee785ebf Pass multiple CA certs to kops-controller client 2021-06-19 10:50:53 -07:00
John Gardiner Myers e0d9259be1 Remove dead code 2021-06-19 10:50:52 -07:00
John Gardiner Myers 42bf3ee85b Seed the random number generator on AWS 2021-06-17 22:59:43 -07:00
Kubernetes Prow Robot d35bce0ff8
Merge pull request #11764 from olemarkus/cilium-etcd-fix 
Don't try to build etcd-manager secrets for cilium twice
 2021-06-17 00:14:20 -07:00
Ole Markus With f80b550c7a Use internal name for cilium etcd if we do not enable api server nodes 2021-06-16 08:27:26 +02:00
Ole Markus With a3cfe8d098 Don't try to build etcd-manager secrets for cilium twice 2021-06-15 12:42:11 +02:00
Ole Markus With e7fa3fa82c Set containerd config on nodeup.Config instead of clusterspec 
This allows us to set a default containerd config per IG (e.g add a different config for GPU IGs)

Can also be considered a cleanup as we no longer use containerd.overrideConfig as a mechanism for bringing the default containerd config from cloudup to nodeup.
 2021-06-15 11:08:22 +02:00
Kubernetes Prow Robot b71ba1d566
Merge pull request #11219 from johngmyers/refactor-keypair 
Refactor keypair code in preparation for secret rotation
 2021-06-12 14:25:00 -07:00
Kubernetes Prow Robot cfc93e5178
Merge pull request #9294 from johngmyers/refactor-nodeup-context 
Remove InstanceGroup from NodeupModelContext
 2021-06-12 13:43:01 -07:00
Ole Markus With 224cae1113 Only warm-pull images used by the CSI DS 
Pulling the Deployment images serves no purpose as they tend not to run on normal nodes
 2021-06-10 09:28:53 +02:00
Ole Markus With c162013a3c Use quay images for cilium 2021-06-08 23:01:08 +02:00
John Gardiner Myers e0915887ed Move asset copying out of apply_cluster 2021-06-05 21:17:50 -07:00
John Gardiner Myers 12465ac27c Simplify extraction of service-account public keys 2021-06-05 16:38:28 -07:00
John Gardiner Myers fa77f8b964 Rename fi.Keystore.StoreKeypair to StoreKeyset 2021-06-05 16:38:26 -07:00
John Gardiner Myers 2300d89591 Rename pki.FindKeypair to FindPrimaryKeypair 2021-06-05 16:38:26 -07:00
John Gardiner Myers ed1f6ff79e Refactor StoreKeypair and AddCert 2021-06-05 16:38:25 -07:00
John Gardiner Myers 0364a3af25 Refactor FindKeypair interfaces 2021-06-05 16:38:24 -07:00
John Gardiner Myers 6b2250a9af Have apiserver trust all service-account keys 2021-06-05 16:38:08 -07:00
John Gardiner Myers b45c0b4489 Remove InstanceGroup from NodeupModelContext 2021-06-03 21:27:01 -07:00
John Gardiner Myers 14ab4a3453 Move UpdatePolicy into NodeConfig 2021-06-03 21:20:56 -07:00
John Gardiner Myers 59c8826b17 Move FileAssets into the NodeupAuxConfig 2021-06-03 21:20:55 -07:00
John Gardiner Myers 06658c9d13 Move Hooks into the NodeupAuxConfig 2021-06-03 21:09:45 -07:00
John Gardiner Myers c3c1aca3c1 Include AuxConfig output in TestBootstrapUserData 2021-06-03 21:09:45 -07:00
John Gardiner Myers 2e1629c610 Introduce nodeup.AuxConfig 2021-06-03 20:37:22 -07:00
Kubernetes Prow Robot c62090fc6c
Merge pull request #11552 from hakman/etcd-events-tests 
Add etcd-server related tests
 2021-05-21 09:29:35 -07:00
Ciprian Hacman 48ef1555bb Add etcd-server related tests for kube-apiserver 2021-05-21 18:53:54 +03:00
Ciprian Hacman f4ec3df187 Prepare etcd-server related tests for kube-apiserver 2021-05-21 18:53:54 +03:00
Ole Markus With 46e13c0009 Bump snapshot-controller version 
Update upup/models/cloudup/resources/addons/storage-aws.addons.k8s.io/v1.15.0.yaml.template

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>

Update upup/models/cloudup/resources/addons/storage-aws.addons.k8s.io/v1.15.0.yaml.template

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2021-05-21 15:40:40 +02:00
Alexander Block bb52334222 Make the events etcd cluster optional 2021-05-20 08:05:42 +02:00
Peter Rifel 47add60546
Fix KCM livenessProbe to use secure port 2021-05-11 08:01:42 -05:00
John Gardiner Myers 36f93d0069 hack/update-expected.sh 2021-05-07 23:40:03 -07:00
John Gardiner Myers d3469d6ec2 Remove code for no-longer-supported k8s versions 2021-05-07 23:40:03 -07:00
Peter Rifel cc4fae3f71
Remove unused k8s version parsing 2021-05-03 17:23:23 -05:00
dntosas 9481246e22
[csi/aws] Add support for warm pools 
Add pulling needed images as initial task for warming up instances for
csi driver resources.

Signed-off-by: dntosas <ntosas@gmail.com>
 2021-04-25 16:59:57 +03:00
Ole Markus With df2f66e1e5 Make API servers provision themselves. 
API servers also have access to secret store, so there is no need to go through kops-controller.
This lets API server only depend on etcd from the CP nodes, which should make it easier to scale out API servers under pressure
 2021-04-23 06:59:15 +02:00