kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,992 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

2909 Commits

Author SHA1 Message Date
Ole Markus With 3ac61c7ea9 Bump cilium to 1.8.3 2020-09-05 10:47:48 +02:00
Ole Markus With a0e9fab104 Implement cluster autoscaler as bootstrap addon 
Use provider-agnostic node definition for cas instead of aws auto-discovery

Validate clusterAutoscalerSpec

Add spec documentation

Add cas docs

Make CRDs

Apply suggestions from code review

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>

Add enabled flag to cas config

Apply suggestions from code review

Co-authored-by: Guy Templeton <guyjtempleton@googlemail.com>

Add support for custom cas image

Support more k8s versions

Use full image names
 2020-09-03 09:52:13 +02:00
Justin SB 5d1e7bcf82 Refactor IAM route53 construction 
This helps for the JWKS / ServiceAccount role support.
 2020-09-01 11:34:42 -04:00
Kubernetes Prow Robot e11146c0df
Merge pull request #9799 from olemarkus/cloudinstances-refactor 
Cloudinstances refactor
 2020-08-31 23:23:50 -07:00
Ole Markus With 715e46d58e Upgrade cilium versions 2020-08-31 12:01:03 +02:00
Kubernetes Prow Robot 5d09a9a95b
Merge pull request #9667 from justinsb/kubectl_auth_helper 
Support authentication helper for kubectl
 2020-08-30 21:46:21 -07:00
Kubernetes Prow Robot 56bab9fa4f
Merge pull request #9813 from justinsb/expose_jwks 
Expose JWKS via a feature-flag
 2020-08-30 21:06:20 -07:00
Ole Markus With 0ec71686b9 Refactor cloudinstancegroupmember in a more independent cloud instance representation 
Apply suggestions from code review

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-08-30 21:37:03 +02:00
Justin SB 8757a2ce2a kubeconfig generation: add tests for kops plugin 
Also slightly simplify the tests and Kubecfg Builder signature by
passing in the ConfigAccess only when needed.
 2020-08-30 15:17:36 -04:00
Justin SB 0cda0f5068 Support authentication helper for kubectl 
We create a simple exec plugin command which can create and renew
short-lived admin credentials on the fly, essentially leveraging the
security of the underlying cloud credentials.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-08-30 15:16:20 -04:00
Justin SB 786423f617 Expose JWKS via a feature-flag 
When the PublicJWKS feature-flag is set, we expose the apiserver JWKS
document publicly (including enabling anonymous access).  This is a
stepping stone to a more hardened configuration where we copy the JWKS
document to S3/GCS/etc.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-08-30 10:15:11 -04:00
Justin SB c63ce4b5ab Implement setter by reflection 
This means we no longer have to individually hard-code the `kops set`
fields, however we use the "language" we're now demonstrated.

We add tests to ensure we have parity with our existing (hard-coded)
setter logic.
 2020-08-30 09:59:52 -04:00
Kubernetes Prow Robot e6b8c82d88
Merge pull request #9838 from etwillbefine/api-server-cors 
add support for cors-allowed-origins
 2020-08-29 16:54:21 -07:00
etwillbefine 2b0970376e use list of strings for CORS 2020-08-29 22:11:24 +02:00
etwillbefine 1b6ee2c7e8 add support for cors-allowed-origins 
closes https://github.com/kubernetes/kops/issues/2045

correct typo in flag attribute

run code-gen, correct field description
 2020-08-29 19:14:39 +02:00
Justin Santa Barbara f32fcc35fa Addons: Support arbitrary additional objects 
We will be managing cluster addons using CRDs, and so we want to be
able to apply arbitrary objects as part of cluster bringup.

Start by allowing (behind a feature-flag) for arbitrary objects to be
specified.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-08-28 09:03:41 -04:00
Ole Markus With ff6c04938d Add kops delete instance command 
Add support for deleting instance by k8s node name

Add yes flag
 2020-08-28 08:43:30 +02:00
Kubernetes Prow Robot e5e8908cce
Merge pull request #9821 from olemarkus/openstack-newer-nova-3 
Reconcile ports and floating ips
 2020-08-27 07:15:53 -07:00
Kubernetes Prow Robot 3a75ecc864
Merge pull request #9732 from rifelpet/export-kubecfg-internal 
Add --internal flag for export kubecfg that targets the internal dns name
 2020-08-27 06:01:53 -07:00
Kubernetes Prow Robot 6a33402702
Merge pull request #9820 from olemarkus/managed-sgs 
Remove unknown rules from managed security groups on openstack
 2020-08-27 03:43:03 -07:00
Peter Rifel d0b8c654bd
Add --internal flag for export kubecfg that targets the internal dns name 
Kops creates an "api.internal.$clustername" dns A record that points to the master IP(s)

This adds a flag that will use that name and force the CA cert to be included.
This is a workaround for client certificate authentication not working on API ELBs with ACM certificates.
The ELB has a TLS listener rather than TCP, so the client certificate is not passed through to the apiserver.
Using --internal will bypass the API ELB so that the client certificate will be passed directly to the apiserver.
This also requires that the masters' security groups allow 443 access from the client which this does not handle automatically.
 2020-08-26 21:15:18 -05:00
Kubernetes Prow Robot b00f8049b6
Merge pull request #9808 from hakman/kope-to-k8s.gcr.io 
Pull images from k8s.gcr.io/kops instead of docker.io/kope
 2020-08-26 07:18:05 -07:00
Ole Markus With 8e4f3b1458 Tags are never used 2020-08-26 14:17:24 +02:00
Ole Markus With 5cb63fb788 Fail if we find multiple sgs with same name 2020-08-26 13:41:15 +02:00
Kubernetes Prow Robot 165933852d
Merge pull request #9790 from olemarkus/openstack-newer-nova 
Remove compute floating ip extension
 2020-08-26 04:26:03 -07:00
Ole Markus With 14a6f92f53 Delete SG rules that kops don't explicitly add to managed SGs 2020-08-26 11:09:22 +02:00
Ole Markus With 6cc7153bbe Don't fatal on non-fatal things in servergroup tests 2020-08-26 10:52:34 +02:00
Ole Markus With d6615e523d Remove some duplicate code 2020-08-26 10:52:34 +02:00
Justin SB b158ffab04 Refactor: KopsModelContext embeds IAMModelContext 
go syntax makes this an annoying change, unfortunately.
 2020-08-25 11:22:34 -04:00
Ciprian Hacman a4ff90205a Pull images from k8s.gcr.io/kops instead of docker.io/kope 2020-08-25 08:04:36 +03:00
Peter Rifel dd75c1ed91
make apimachinery crds gomod, update-expected.sh 2020-08-24 10:58:09 -05:00
Kubernetes Prow Robot 9cb6797f67
Merge pull request #9801 from hakman/release-1.19.0-alpha.3 
Release 1.19.0-alpha.3
 2020-08-24 08:53:41 -07:00
Peter Rifel 7d9f0a06cf
Update API slice fields to not use pointers 
This is causing problems with the Kubernetes 1.19 code-generator.
A nil entry in these slices wouldn't be valid anyways, so this should have no impact.
 2020-08-24 07:46:38 -05:00
Ciprian Hacman ca2d501950 Update validation for Calico to assume etcd3 as default 2020-08-24 12:54:15 +03:00
Ole Markus With ef25dda399 Migrate floating IP deletion to neutron 2020-08-24 06:44:29 +02:00
Ciprian Hacman 2d61ab0876 Bump kops to v1.19.0-alpha.3 2020-08-23 12:07:44 +03:00
Ole Markus With 8e5e3d4ea5 Mock create server should associate with mock ports 2020-08-22 22:08:02 +02:00
Kubernetes Prow Robot 10405bc4d3
Merge pull request #9792 from olemarkus/openstack-newer-nova-2 
Don't use nova for glance mocks
 2020-08-21 10:19:40 -07:00
Kubernetes Prow Robot 6c5150f786
Merge pull request #9793 from hakman/root-vol-encrypt 
Add flag for root volume encryption
 2020-08-21 09:15:40 -07:00
Ciprian Hacman 2880e22bce Add flag for root volume encryption 2020-08-21 18:31:21 +03:00
Kubernetes Prow Robot 076df5ec84
Merge pull request #9782 from hakman/ignore-flannel-workaround 
Ignore the disableTxChecksumOffloading flag for Flannel and Canal
 2020-08-21 04:47:40 -07:00
Ole Markus With 29682700c7 Don't use nova for glance mocks 
Fetching images through nova is deprecated and removed in newer versions
of the compute API. Mocks now reflect this behavior.
 2020-08-21 10:18:52 +02:00
Ciprian Hacman 68474f7793 Ignore the disableTxChecksumOffloading flag for Flannel and Canal 2020-08-21 07:55:25 +03:00
Kubernetes Prow Robot 8a81d94c7b
Merge pull request #9773 from victorfrancax1/7286 
Adding support for permission boundaries for AWS IAM Roles
 2020-08-19 06:51:11 -07:00
Kubernetes Prow Robot ba6fb0e5eb
Merge pull request #9780 from johngmyers/kubecfg-user 
Put userid in kubecfg cert CommonName
 2020-08-19 06:11:11 -07:00
Michael Wagner df5cc6a71b feat(openstack): propagate cloud labels to machines 2020-08-19 09:05:51 +02:00
Victor Ferreira 3aaa9a7c0f feat(aws): adding support to permission boundaries for IAM Roles 2020-08-19 01:16:13 -03:00
Kubernetes Prow Robot ee366e8958
Merge pull request #9779 from johngmyers/calico-client-iam 
Don't give access to calico-client key when not needed
 2020-08-18 21:07:11 -07:00
Kubernetes Prow Robot f1a0e0312f
Merge pull request #9777 from hakman/containerd-1.4.0 
Add support for containerd v1.4.0
 2020-08-18 14:45:11 -07:00
John Gardiner Myers 7ab0a63571 Put userid in kubecfg cert CommonName 2020-08-18 14:04:42 -07:00
John Gardiner Myers ba96a84926 Don't give access to calico-client key when not needed 2020-08-18 13:45:27 -07:00
Kubernetes Prow Robot af1b935ce2
Merge pull request #9778 from olemarkus/openstack-fix-noisy-env-vars 
Only add OS variables if they are needed
 2020-08-18 13:05:10 -07:00
Ole Markus With 94833faca5 Only add OS variables if they are needed 2020-08-18 20:58:54 +02:00
Ciprian Hacman 537ad60191 Add support for containerd v1.4.0 2020-08-18 10:04:18 +03:00
John Gardiner Myers 07220797b4 Issue the cilium etcd client cert out of kops-controller 2020-08-17 21:15:34 -07:00
John Gardiner Myers b6947ccaee Use kops-controller to issue kube-router cert 2020-08-16 23:40:38 -07:00
John Gardiner Myers 8e43c1d637 Use kops-controller to issue kube-proxy cert 2020-08-16 23:36:42 -07:00
Peter Rifel 4d9f0128a3
Upgrade to klog2 
This splits up the kubernetes 1.19 PR to make it easier to keep up to date until we get it sorted out.
 2020-08-16 20:56:48 -05:00
John Gardiner Myers c5871df319 Get kubelet certificate from kops-controller 2020-08-15 10:30:20 -07:00
John Gardiner Myers bec273ebf1 Implement signing of kubelet cert in kops-controller 2020-08-15 10:30:20 -07:00
John Gardiner Myers 9c01e1f44d Send bootstrap query from nodeup to kops-controller 2020-08-15 09:50:08 -07:00
John Gardiner Myers 00c60ddff6 Add server code to kops-controller 2020-08-15 09:46:30 -07:00
Kubernetes Prow Robot 96ab8423b1
Merge pull request #9566 from hakman/arm64-images 
Add ARM64 support for masters
 2020-08-14 20:46:17 -07:00
Kubernetes Prow Robot ec8b47d725
Merge pull request #9593 from johngmyers/kubectl-lifetime 
Reduce the lifetime of exported kubecfg credentials
 2020-08-14 19:24:18 -07:00
liranp 64c07b336a
feat(spot/ocean): add support for instance types in launchspec 2020-08-13 16:32:54 +03:00
Ole Markus With 9890839cec Add an integration test for openstack floating ip 
* Integration test for floatingip cluster
* Implements mocking of floatingIP (only list for now)
* Expands various cloudmocks
* Fixes an NPR in openstack validation
* Fixes a bug where kops tries to use DNS even if the cluster is gossip
 2020-08-12 12:59:30 +02:00
Kubernetes Prow Robot 46ebae1b4e
Merge pull request #9726 from Evalle/ISSUE-9695 
Add missing cli options for kube-controller-manager and kube-scheduler
 2020-08-12 01:01:45 -07:00
Evgeny Shmarnev 17b2ff0c14 Add authorization-always-allow-paths 2020-08-12 09:10:31 +02:00
Evgeny Shmarnev fd9f4e481f Add missing cli options for kube-controller-manager and kube-scheduler 2020-08-12 08:40:59 +02:00
Ole Markus With 25d98796e2 Add cinder plugin 2020-08-11 10:15:12 +02:00
Peter Rifel 6991655921
Add openstack integration test. 
This will create / update / update / delete an openstack cluster using cloudmock, ensuring there are no lingering changes reported or orphaned resources
 2020-08-10 15:22:49 -05:00
Ciprian Hacman 331d223043 ARM64 support - Side-load multi-arch images 2020-08-10 13:47:07 +03:00
Ciprian Hacman c51a811c21 ARM64 support - Update expected tests output 2020-08-10 13:47:07 +03:00
Ciprian Hacman 172031859d ARM64 support - Build multi-arch images 2020-08-10 13:47:07 +03:00
Kubernetes Prow Robot ea2d0da1cc
Merge pull request #8577 from justinsb/dump 
Capture logs from a kops cluster
 2020-08-09 17:18:19 -07:00
Ole Markus With fbcdeb2ed6 Respect Topology when assigning floating ips or not 2020-08-08 12:23:09 +02:00
Kubernetes Prow Robot d2f716ca80
Merge pull request #9703 from olemarkus/openstack-cilium 
Add support for cilium on openstack
 2020-08-07 12:51:57 -07:00
Kubernetes Prow Robot b9402245a3
Merge pull request #9500 from WarpRat/9468 
Allow configurable backend modes for aws-iam-authenticator
 2020-08-07 10:01:57 -07:00
Kubernetes Prow Robot 2d3fd9c197
Merge pull request #9702 from olemarkus/openstack-application-credentials 
Adds support for using OS application credentials
 2020-08-07 06:16:19 -07:00
Ole Markus With a708a96c05 Adds support for using OS application credentials 
Application credentials allows you to export a purpose-specific set of
credentials for a user instead of exposing user login credentials.
Especially useful when using LDAP or similar for Openstack users.
Also lets you rotate credentials more easily since multiple application
credentials can be provisioned per user.

Update pkg/model/bootstrapscript.go

Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>
 2020-08-07 14:26:47 +02:00
Ole Markus With 84d2dcb624 Use SG to SG rule for cni tcp/udp rules 2020-08-07 09:39:44 +02:00
Ole Markus With c5ddd3885c Add support for cilium on openstack 2020-08-07 09:39:44 +02:00
Robert Russell 6e5544f615 Allow configurable backend modes for aws-iam-authenticator 2020-08-06 21:37:55 -07:00
liranp 0cfa2bb6a7
fix(spot/ocean): default instance group should be optional 2020-08-06 19:32:19 +03:00
Peter Rifel 6c661d236d
openstack - dont panic if the dns zone is not found 2020-08-05 18:37:09 -05:00
liranp 4d8866824f
fix(spot): change `ScaleDown.MaxPercentage` from int to float64 2020-08-04 23:40:44 +03:00
Ole Markus With 6b81916a5d Fix potential npr 2020-08-04 08:22:00 +02:00
Ole Markus With 7e2366ac64 Determine fixedip for api cert directly in nodeup 2020-08-04 08:22:00 +02:00
Ole Markus With 460c0f3801 If there is no external network specified, no router is needed 2020-08-04 08:22:00 +02:00
Ciprian Hacman e439684445 Refactor networking assets finder 2020-08-02 22:36:33 +03:00
Justin SB c64abd4301 Release 1.19.0-alpha.2 2020-07-31 07:59:05 -04:00
Kubernetes Prow Robot 2fbef78143
Merge pull request #9650 from johngmyers/update-notag 
Remove tags from NodeupConfig
 2020-07-31 02:27:08 -07:00
John Gardiner Myers c2cb6646af Remove tags from NodeupConfig 2020-07-29 17:24:39 -07:00
Kubernetes Prow Robot be783014f2
Merge pull request #9637 from hakman/aws-eventual-consistency 
Cleanup AWS EC2 eventual consistency warnings
 2020-07-29 14:20:03 -07:00
Peter Rifel a17581e21d
Add cloud tags to AWS SSH Keys 2020-07-28 13:35:09 -05:00
Ciprian Hacman 85da6b1c85 Cleanup AWS EC2 dependency violation messages 2020-07-28 19:04:32 +03:00
Ciprian Hacman 5a9cc3d216 Fix int to string conversions 2020-07-26 09:09:52 +03:00
John Gardiner Myers 8258dcd395 Exempt OpenStack from the EnableExternalCloudController feature flag 2020-07-25 13:12:25 -07:00
Kubernetes Prow Robot a00268d511
Merge pull request #9554 from olemarkus/openstack-fixes 
Openstack fixes
 2020-07-23 13:06:25 -07:00
Peter Rifel 1faeb36d37
Address feedback and test failures 2020-07-22 22:19:00 -05:00