kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,992 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

1174 Commits

Author SHA1 Message Date
Ole Markus With 6797998ac1 Consolidate all buildMinimalClusters into a generic test cluster builder 2020-09-19 19:55:19 +02:00
Kubernetes Prow Robot bca601d1da
Merge pull request #9969 from hakman/docker-19.03.13 
Update Docker to v19.03.13
 2020-09-18 10:46:46 -07:00
Kubernetes Prow Robot 255cd59b67
Merge pull request #9964 from rifelpet/sa-partition 
Add AWS partition support to iam service account roles
 2020-09-18 06:48:46 -07:00
Kubernetes Prow Robot e7bfedd1ac
Merge pull request #9921 from olemarkus/nth 
Add addon for aws node termination handler
 2020-09-18 03:10:45 -07:00
Ciprian Hacman 96e3fefd85 Update Docker to v19.03.13 2020-09-18 12:14:43 +03:00
Ciprian Hacman fcc486d250 Update containerd to v1.4.1 2020-09-18 10:01:30 +03:00
Ole Markus With b9212f85ad Add addon for aws node termination handler 2020-09-17 21:09:28 +02:00
Peter Rifel d4d4545345
Add AWS partition support to iam service account roles 2020-09-17 10:01:27 -05:00
Ciprian Hacman 0eb626fcdd Release 1.19.0-alpha.4 2020-09-16 11:37:38 +03:00
Kubernetes Prow Robot 50e61d6bc9
Merge pull request #9924 from hakman/additional-policies-shared-roles 
Only add additional policies to kops managed IAMRoles
 2020-09-15 20:03:19 -07:00
Ole Markus With b8bc6d35b8 Force external cloud controller manager on OS 2020-09-15 18:49:51 +02:00
Ole Markus With 6efb91a15b Don't write application credentials to cloud config unless external CCM is enabled 2020-09-15 09:45:09 +02:00
Kubernetes Prow Robot a93febf5a6
Merge pull request #9911 from hakman/fix-gossip 
Allow the BootstrapClient task to run after Protokube
 2020-09-13 21:10:57 -07:00
Kubernetes Prow Robot 58092b5666
Merge pull request #9925 from olemarkus/cas-fixes 
Add missing flags to cluster autoscaler template
 2020-09-13 00:58:57 -07:00
Ole Markus With 2b5950c24c Add missing flags to template 2020-09-12 08:24:29 +02:00
Ciprian Hacman 07be801a12 Only add additional policies to kops managed IAMRoles 2020-09-12 08:36:24 +03:00
Kubernetes Prow Robot ccd810dad9
Merge pull request #9907 from olemarkus/openstack-no-volume-type 
Remove constraint of setting volume type for OS
 2020-09-11 01:14:14 -07:00
Ciprian Hacman c1e0991153 Skip the iamPolicy.DNSZone task when using gossip 2020-09-10 22:55:36 +03:00
Evgeny Zislis 608a561f8c
only apply external policy tasks on non-shared iam 2020-09-10 12:58:54 +03:00
Kubernetes Prow Robot 036ea69525
Merge pull request #9352 from justinsb/irsa_with_public 
Simplified form of IAM Roles for ServiceAccounts
 2020-09-09 22:23:44 -07:00
Ole Markus With ecfdf5715b Remove constraint of setting volume type for OS 
There is no real reason to do this. In some cases this may even prevent
clusters from starting where there is no explicit volume type defined in
cinder.
 2020-09-09 20:53:17 +02:00
Chris Loukas 65610dbcee Update NodeLocalDNSConfig with Mem/CPU requests 
Add NodeLocalDNS.CPURequest and NodeLocalDNS.MemoryRequest to
configure resource requests.

If not explicitly set, fall back to 25m and 5Mi
 2020-09-09 18:40:14 +03:00
Justin SB 6fa8be2716 JSON formatting of IAM: Workaround for optional fields 
AWS IAM is very strict and doesn't support `Resource: []` for example.
We implement a custom MarshalJSON method to work around that.
 2020-09-09 09:57:07 -04:00
Justin Santa Barbara d8895c57ec Add version logic to UseServiceAccountIAM 
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-09-09 09:57:07 -04:00
Justin SB a61ecf4c58 Refactor to use interface for iam Subjects 
Hat-tip to johngmyers for the idea!
 2020-09-09 09:57:07 -04:00
Justin SB f05980f6ba IAM Policy: rely on stub resolution/unification 
This avoids the hacky search through the list of tasks.
 2020-09-09 09:57:06 -04:00
Justin SB 8498ac9dbb Create PublicJWKS feature flag 
This should be much easier to start and to get under testing; it only
works with a load balancer, it sets the apiserver into anonymous-auth
allowed, it grants the anonymous auth user permission to read our jwks
tokens.  But it shouldn't need a second bucket or anything of that
nature.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-09-09 09:57:06 -04:00
Ole Markus With 886b4c97cb Don't explicitly set insecure-bind-address on newer k8s 2020-09-09 11:41:51 +02:00
Ole Markus With 54ccc92829 Remove unused functions 2020-09-05 20:22:21 +02:00
Ole Markus With 0bd29dd4c7 Remove old servergroup test 2020-09-05 20:22:21 +02:00
Ole Markus With 4a21a532da Add golden tests for openstack servergroup 2020-09-05 20:22:21 +02:00
Kubernetes Prow Robot bac4afa3e5
Merge pull request #9871 from olemarkus/cilium-upgrades-sept-2 
Bump cilium to 1.8.3
 2020-09-05 09:15:41 -07:00
Ole Markus With 3ac61c7ea9 Bump cilium to 1.8.3 2020-09-05 10:47:48 +02:00
Ole Markus With a0e9fab104 Implement cluster autoscaler as bootstrap addon 
Use provider-agnostic node definition for cas instead of aws auto-discovery

Validate clusterAutoscalerSpec

Add spec documentation

Add cas docs

Make CRDs

Apply suggestions from code review

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>

Add enabled flag to cas config

Apply suggestions from code review

Co-authored-by: Guy Templeton <guyjtempleton@googlemail.com>

Add support for custom cas image

Support more k8s versions

Use full image names
 2020-09-03 09:52:13 +02:00
Justin SB 5d1e7bcf82 Refactor IAM route53 construction 
This helps for the JWKS / ServiceAccount role support.
 2020-09-01 11:34:42 -04:00
Ole Markus With 715e46d58e Upgrade cilium versions 2020-08-31 12:01:03 +02:00
Justin SB 786423f617 Expose JWKS via a feature-flag 
When the PublicJWKS feature-flag is set, we expose the apiserver JWKS
document publicly (including enabling anonymous access).  This is a
stepping stone to a more hardened configuration where we copy the JWKS
document to S3/GCS/etc.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-08-30 10:15:11 -04:00
Kubernetes Prow Robot e5e8908cce
Merge pull request #9821 from olemarkus/openstack-newer-nova-3 
Reconcile ports and floating ips
 2020-08-27 07:15:53 -07:00
Kubernetes Prow Robot 6a33402702
Merge pull request #9820 from olemarkus/managed-sgs 
Remove unknown rules from managed security groups on openstack
 2020-08-27 03:43:03 -07:00
Kubernetes Prow Robot b00f8049b6
Merge pull request #9808 from hakman/kope-to-k8s.gcr.io 
Pull images from k8s.gcr.io/kops instead of docker.io/kope
 2020-08-26 07:18:05 -07:00
Ole Markus With 8e4f3b1458 Tags are never used 2020-08-26 14:17:24 +02:00
Ole Markus With 5cb63fb788 Fail if we find multiple sgs with same name 2020-08-26 13:41:15 +02:00
Ole Markus With 14a6f92f53 Delete SG rules that kops don't explicitly add to managed SGs 2020-08-26 11:09:22 +02:00
Ole Markus With 6cc7153bbe Don't fatal on non-fatal things in servergroup tests 2020-08-26 10:52:34 +02:00
Ole Markus With d6615e523d Remove some duplicate code 2020-08-26 10:52:34 +02:00
Justin SB b158ffab04 Refactor: KopsModelContext embeds IAMModelContext 
go syntax makes this an annoying change, unfortunately.
 2020-08-25 11:22:34 -04:00
Ciprian Hacman a4ff90205a Pull images from k8s.gcr.io/kops instead of docker.io/kope 2020-08-25 08:04:36 +03:00
Peter Rifel dd75c1ed91
make apimachinery crds gomod, update-expected.sh 2020-08-24 10:58:09 -05:00
Kubernetes Prow Robot 9cb6797f67
Merge pull request #9801 from hakman/release-1.19.0-alpha.3 
Release 1.19.0-alpha.3
 2020-08-24 08:53:41 -07:00
Peter Rifel 7d9f0a06cf
Update API slice fields to not use pointers 
This is causing problems with the Kubernetes 1.19 code-generator.
A nil entry in these slices wouldn't be valid anyways, so this should have no impact.
 2020-08-24 07:46:38 -05:00