kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,992 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

1174 Commits

Author SHA1 Message Date
Ciprian Hacman 2d61ab0876 Bump kops to v1.19.0-alpha.3 2020-08-23 12:07:44 +03:00
Ciprian Hacman 2880e22bce Add flag for root volume encryption 2020-08-21 18:31:21 +03:00
Kubernetes Prow Robot 8a81d94c7b
Merge pull request #9773 from victorfrancax1/7286 
Adding support for permission boundaries for AWS IAM Roles
 2020-08-19 06:51:11 -07:00
Michael Wagner df5cc6a71b feat(openstack): propagate cloud labels to machines 2020-08-19 09:05:51 +02:00
Victor Ferreira 3aaa9a7c0f feat(aws): adding support to permission boundaries for IAM Roles 2020-08-19 01:16:13 -03:00
Kubernetes Prow Robot ee366e8958
Merge pull request #9779 from johngmyers/calico-client-iam 
Don't give access to calico-client key when not needed
 2020-08-18 21:07:11 -07:00
Kubernetes Prow Robot f1a0e0312f
Merge pull request #9777 from hakman/containerd-1.4.0 
Add support for containerd v1.4.0
 2020-08-18 14:45:11 -07:00
John Gardiner Myers ba96a84926 Don't give access to calico-client key when not needed 2020-08-18 13:45:27 -07:00
Kubernetes Prow Robot af1b935ce2
Merge pull request #9778 from olemarkus/openstack-fix-noisy-env-vars 
Only add OS variables if they are needed
 2020-08-18 13:05:10 -07:00
Ole Markus With 94833faca5 Only add OS variables if they are needed 2020-08-18 20:58:54 +02:00
Ciprian Hacman 537ad60191 Add support for containerd v1.4.0 2020-08-18 10:04:18 +03:00
John Gardiner Myers 07220797b4 Issue the cilium etcd client cert out of kops-controller 2020-08-17 21:15:34 -07:00
John Gardiner Myers b6947ccaee Use kops-controller to issue kube-router cert 2020-08-16 23:40:38 -07:00
John Gardiner Myers 8e43c1d637 Use kops-controller to issue kube-proxy cert 2020-08-16 23:36:42 -07:00
Peter Rifel 4d9f0128a3
Upgrade to klog2 
This splits up the kubernetes 1.19 PR to make it easier to keep up to date until we get it sorted out.
 2020-08-16 20:56:48 -05:00
John Gardiner Myers c5871df319 Get kubelet certificate from kops-controller 2020-08-15 10:30:20 -07:00
John Gardiner Myers 00c60ddff6 Add server code to kops-controller 2020-08-15 09:46:30 -07:00
Kubernetes Prow Robot 96ab8423b1
Merge pull request #9566 from hakman/arm64-images 
Add ARM64 support for masters
 2020-08-14 20:46:17 -07:00
Kubernetes Prow Robot ec8b47d725
Merge pull request #9593 from johngmyers/kubectl-lifetime 
Reduce the lifetime of exported kubecfg credentials
 2020-08-14 19:24:18 -07:00
liranp 64c07b336a
feat(spot/ocean): add support for instance types in launchspec 2020-08-13 16:32:54 +03:00
Ole Markus With 25d98796e2 Add cinder plugin 2020-08-11 10:15:12 +02:00
Ciprian Hacman c51a811c21 ARM64 support - Update expected tests output 2020-08-10 13:47:07 +03:00
Ciprian Hacman 172031859d ARM64 support - Build multi-arch images 2020-08-10 13:47:07 +03:00
Ole Markus With fbcdeb2ed6 Respect Topology when assigning floating ips or not 2020-08-08 12:23:09 +02:00
Kubernetes Prow Robot d2f716ca80
Merge pull request #9703 from olemarkus/openstack-cilium 
Add support for cilium on openstack
 2020-08-07 12:51:57 -07:00
Kubernetes Prow Robot 2d3fd9c197
Merge pull request #9702 from olemarkus/openstack-application-credentials 
Adds support for using OS application credentials
 2020-08-07 06:16:19 -07:00
Ole Markus With a708a96c05 Adds support for using OS application credentials 
Application credentials allows you to export a purpose-specific set of
credentials for a user instead of exposing user login credentials.
Especially useful when using LDAP or similar for Openstack users.
Also lets you rotate credentials more easily since multiple application
credentials can be provisioned per user.

Update pkg/model/bootstrapscript.go

Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>
 2020-08-07 14:26:47 +02:00
Ole Markus With 84d2dcb624 Use SG to SG rule for cni tcp/udp rules 2020-08-07 09:39:44 +02:00
Ole Markus With c5ddd3885c Add support for cilium on openstack 2020-08-07 09:39:44 +02:00
liranp 0cfa2bb6a7
fix(spot/ocean): default instance group should be optional 2020-08-06 19:32:19 +03:00
liranp 4d8866824f
fix(spot): change `ScaleDown.MaxPercentage` from int to float64 2020-08-04 23:40:44 +03:00
Ole Markus With 6b81916a5d Fix potential npr 2020-08-04 08:22:00 +02:00
Ole Markus With 7e2366ac64 Determine fixedip for api cert directly in nodeup 2020-08-04 08:22:00 +02:00
Ole Markus With 460c0f3801 If there is no external network specified, no router is needed 2020-08-04 08:22:00 +02:00
Justin SB c64abd4301 Release 1.19.0-alpha.2 2020-07-31 07:59:05 -04:00
Peter Rifel a17581e21d
Add cloud tags to AWS SSH Keys 2020-07-28 13:35:09 -05:00
John Gardiner Myers 8258dcd395 Exempt OpenStack from the EnableExternalCloudController feature flag 2020-07-25 13:12:25 -07:00
Kubernetes Prow Robot a00268d511
Merge pull request #9554 from olemarkus/openstack-fixes 
Openstack fixes
 2020-07-23 13:06:25 -07:00
John Gardiner Myers a45b07c156 Reduce the lifetime of exported kubecfg credentials 2020-07-17 22:39:01 -07:00
Kubernetes Prow Robot 065824851b
Merge pull request #9476 from srikiz/DO-implement-validate-cluster 
[Digital Ocean] Implement KOPS validate cluster
 2020-07-15 12:12:37 -07:00
Srikanth 160a4b81c9 incorporate review comments to use instance group name for DO instance group tag 2020-07-14 13:25:01 +05:30
Ole Markus With ecca2fda82 When using bastion and expecting no floating IPs, topology should be private 2020-07-12 22:08:30 +02:00
Ole Markus With fd7490e3e2 Only add floating IPs to nodes if we have a public topology for nodes 2020-07-12 21:08:13 +02:00
Ole Markus With b508696cf2 Make Instance task depend on floating ip 
Originally, floating ips depended on instances, but this causes a dependency cycle now that bootstrap scripts require all IPs for the API cert.
This also requires using networking API for creating floating ips instead of compute so that we can name (and later tag) the floating IPs, which is necessary to know which floating IP belongs to which instance prior to association
 2020-07-12 21:08:13 +02:00
Ole Markus With 4a16223361 Create master API security group unconditionally 
Needed somewhere anyway. Failing to create this one errors with missing task
 2020-07-12 21:08:13 +02:00
Kubernetes Prow Robot 33722a9eca
Merge pull request #9534 from johngmyers/fix-multi-master 
Use a stable key for signing service account tokens
 2020-07-12 12:04:33 -07:00
John Gardiner Myers ac13557e03 Add missing lifecycle to etcd keypair tasks 2020-07-11 22:27:53 -07:00
John Gardiner Myers 70926d43fc Use a stable key for signing service account tokens 2020-07-11 13:18:50 -07:00
Ciprian Hacman 06df2cc123 Re-enable disk based evictions for Kubernetes 1.19 2020-07-09 19:36:11 +03:00
John Gardiner Myers 479b4860e8 Remove deprecated function 2020-07-06 22:48:01 -07:00
Kubernetes Prow Robot 0c62641dad
Merge pull request #9354 from johngmyers/refactor-certs-2 
Continue refactoring certs into nodeup
 2020-07-06 17:13:57 -07:00
Kubernetes Prow Robot a97fc42666
Merge pull request #9491 from johngmyers/nodeport-dns 
Default ClusterDNS appropriately when NodeLocalDNS is enabled
 2020-07-05 22:28:50 -07:00
Kubernetes Prow Robot b944b6973c
Merge pull request #9495 from hakman/docker-specific-flags 
Use kubelet docker-specific flags only for Docker
 2020-07-05 12:44:49 -07:00
Ciprian Hacman 69511a998e Use kubelet docker-specific flags only for Docker 2020-07-05 07:57:10 +03:00
Justin SB 591626af3c Release 1.19.0-alpha.1 2020-07-04 21:46:14 -04:00
John Gardiner Myers 004f7b578f Default ClusterDNS appropriately when NodeLocalDNS is enabled 2020-07-03 16:57:03 -07:00
Ole Markus With 53f670aeb0 Rebase with master 2020-07-03 08:39:43 +02:00
Ole Markus With 263172caac Use new templates for cilium 1.8 2020-07-03 07:56:35 +02:00
Kubernetes Prow Robot 734a0eb5f3
Merge pull request #9415 from johngmyers/refactor-nodeup-2 
Continue moving InstanceGroup data to NodeupConfig
 2020-07-02 20:50:47 -07:00
Rodrigo Menezes 627b71557e Fix where etcd-cluster-spec is writen when etcd's BackupStore is defined - v2 2020-07-02 00:01:43 -07:00
Ciprian Hacman a7c8d2087c Use github.com/blang/semver/v4 2020-07-01 08:54:42 +03:00
John Gardiner Myers d2e270c844 update-expected.sh 2020-06-28 23:12:13 -07:00
John Gardiner Myers f4f4763dc2 Refactor more certs to be issued by nodeup 2020-06-28 23:12:13 -07:00
Kubernetes Prow Robot f9262b91e7
Merge pull request #9450 from johngmyers/refactor-apiserver-lb 
Refactor how api-server addresses are exported from tasks
 2020-06-28 22:08:15 -07:00
John Gardiner Myers 5f45389124 update-expected.sh 2020-06-28 18:52:03 -07:00
John Gardiner Myers 44fb283e3f Move NodeLabels into the NodeupConfig 2020-06-28 18:52:03 -07:00
John Gardiner Myers 35645b49c4 update-expected.sh 2020-06-28 18:51:42 -07:00
John Gardiner Myers 1ba0f0d463 Move Taints into the NodeupConfig 2020-06-28 18:51:42 -07:00
John Gardiner Myers 64167b7420 update-expected.sh 2020-06-28 18:51:16 -07:00
John Gardiner Myers 5e5f25703d Move KubeletConfig into the NodeupConfig 2020-06-28 18:51:16 -07:00
Kubernetes Prow Robot d461bfddaf
Merge pull request #9449 from johngmyers/userdata-task 
Refactor BootstrapScript into a Task
 2020-06-28 16:40:14 -07:00
liranp b80a0af843
feat(spot/launchspec): add support for root volume size 2020-06-28 16:34:13 +03:00
Kubernetes Prow Robot 764881c476
Merge pull request #9451 from olemarkus/fix-cilium-etcd-migration 
Fix cilium etcd migration
 2020-06-27 06:16:15 -07:00
Ole Markus With 2fd6e52af7
Apply suggestions from code review 
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-06-27 07:43:30 +02:00
Ole Markus With 51235b2edc Deploy cilium etcd credentials if the cilium cluster exists 2020-06-27 07:11:19 +02:00
John Gardiner Myers 86f157fa27 Refactor how api-server addresses are exported from tasks 2020-06-26 21:38:39 -07:00
John Gardiner Myers 013f9bf914 Create bootstrap script in a Task 2020-06-26 19:11:40 -07:00
John Gardiner Myers cef5b175c7 Rename BootstrapScript to BootstrapScriptBuilder 2020-06-26 10:57:36 -07:00
John Gardiner Myers 87446f8894 Make all users of userdata declare it as a dependency 2020-06-26 10:31:52 -07:00
Kubernetes Prow Robot 07dc255559
Merge pull request #9402 from johngmyers/refactor-userdata 
Prepatory refactoring of BootstrapScript
 2020-06-26 05:23:31 -07:00
liranp febcb04c9c
fix(spot): add missing lifecycle to awstasks.SecurityGroup 2020-06-25 19:23:31 +03:00
Xiaoyu Zhong 709e7ef33c Refactor Alicloud LoadBalancerWhiteList to LoadBalancerACL 2020-06-22 09:32:21 +08:00
Kubernetes Prow Robot 8b371acef0
Merge pull request #9094 from olemarkus/vault-vfs 
Implement VFS for vault
 2020-06-20 12:02:39 -07:00
John Gardiner Myers 304476cebf Refactor BootstrapScript 2020-06-18 22:17:39 -07:00
Ciprian Hacman 80295961fb ARM64 support - Update tests output 2020-06-19 04:42:11 +03:00
Ciprian Hacman 95aca3def5 ARM64 support - Update bazel files 2020-06-19 04:42:11 +03:00
Ciprian Hacman 602cb825e7 ARM64 support - Update bootstrap script for multi-arch 2020-06-19 04:42:11 +03:00
Ole Markus With acaa1e1dfc Implement VFS for vault 2020-06-18 13:02:37 +02:00
Kubernetes Prow Robot e7d5d323bf
Merge pull request #9378 from johngmyers/refactor-certs-3 
Issue aws-iam-authenticator cert in nodeup
 2020-06-18 00:20:05 -07:00
John Gardiner Myers 91c741d8fb update-expected.sh 2020-06-17 09:09:24 -07:00
John Gardiner Myers a5f5acc09d Move the instancegroup role into NodeupConfig 2020-06-17 09:05:15 -07:00
John Gardiner Myers c8b523e8b6 Issue aws-iam-authenticator cert in nodeup 2020-06-16 21:05:11 -07:00
Justin SB 74c787b598 NodeLocalDNS config population: small tweaks 
Minor tweaks to the code-style when filling out the NodeLocalDNS
config, just to make it more consistent.
 2020-06-16 16:23:38 -04:00
Kubernetes Prow Robot eb39ab7349
Merge pull request #9355 from johngmyers/move-port 
Move host-network services off of port 8080
 2020-06-16 09:10:04 -07:00
John Gardiner Myers 747aa6e8c4 Revert "Fix kube-apiserver-healthcheck image" 
This reverts commit 7e52f223
 2020-06-16 07:39:53 -07:00
Kubernetes Prow Robot f3e69e85c9
Merge pull request #9356 from johngmyers/refactor-kubelet-api 
Issue kubelet-api cert in nodeup
 2020-06-16 00:04:03 -07:00
Kubernetes Prow Robot 2a73c9dd73
Merge pull request #9334 from hakman/docker-selinux 
Add "--selinux-enabled" flag for Docker
 2020-06-15 22:52:04 -07:00
Kubernetes Prow Robot dc0c219727
Merge pull request #9360 from johngmyers/remove-baremetal 
Remove the baremetal cloud provider
 2020-06-15 21:11:57 -07:00
Kubernetes Prow Robot 06840579c2
Merge pull request #9359 from coreypobrien/fixkubeapihealthimage 
Fix kube-apiserver-healthcheck image
 2020-06-15 11:59:57 -07:00
Kubernetes Prow Robot 39db604e0c
Merge pull request #9295 from olemarkus/cilium-component 
Validate cilium version
 2020-06-15 10:21:56 -07:00