kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,934 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

322 Commits

Author SHA1 Message Date
Ciprian Hacman d889d61ddb Set default IMDS v2 to "required" for instances in AWS 2021-01-21 11:35:41 +02:00
Ciprian Hacman c8a9b2fb3e Set default volume encryption to "true" for instances in AWS 2021-01-21 11:27:02 +02:00
Ciprian Hacman 18bb14ffed Set default volume type to "gp3" for instances in AWS 2021-01-21 11:27:02 +02:00
Ciprian Hacman 3799d135a3 Fix tests and spelling 2021-01-19 09:06:02 +02:00
Barry Melbourne 337c9c4c66 Set default container runtime to containerd 2021-01-16 14:55:35 +00:00
Ciprian Hacman b0cb0c77d4 Update integration tests for "update cluster" 2021-01-15 15:51:02 +02:00
Ciprian Hacman 65ebf4760d Update integration test for gp3 with etcd volumes 2021-01-15 09:53:10 +02:00
Ciprian Hacman e20900a2de Add CF integration test for gp3 volumes 2021-01-15 09:53:10 +02:00
Ole Markus With afbd057286 Use consistent naming for the remaining SGRs 2021-01-14 12:57:33 +01:00
Kubernetes Prow Robot 09bf333433
Merge pull request #10567 from rifelpet/nlb-listener-order 
Fix NLB listener -> target group association for TF & CF
 2021-01-13 01:04:35 -08:00
Peter Rifel 580d73bdc7
Fix NLB listener -> target group association for TF & CF 
The old code made the incorrect assumption that the NLB's list of TargetGroup tasks is in the same order as the NLB's list of listeners for their associations.
Because the model adds them in opposite orders this resulted in the TLS listener being forwarded to the TCP TG and vice versa.

This updates the terraform and cloudformation generation code to search the NLB's list of target groups by name for the target group that should be associated with the listener.
This matches the logic used in the "direct" target.
 2021-01-12 23:21:55 -06:00
Bharath Vedartham a8d709acf2 Default cgroup driver to systemd from k8s 1.20 
Currently, kOps uses cgroupfs cgroup driver for the kubelet and CRIs. This PR defaults
the cgroup driver to systemd for clusters created with k8s versions >= 1.20.

Using systemd as the cgroup-driver is the recommended way as per
https://kubernetes.io/docs/setup/production-environment/container-runtimes/
 2021-01-12 20:39:25 +05:30
Ole Markus With 2b3a8f133e Add control-plane node role annotation to cp nodes 
Update docs/releases/1.20-NOTES.md

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-01-08 12:39:42 +01:00
Kubernetes Prow Robot 0ca0e38518
Merge pull request #10424 from rifelpet/ebs-tf-012 
Don't allow ebs volume TF resource names to begin with digit
 2021-01-05 09:19:58 -08:00
Kubernetes Prow Robot 551a805ebd
Merge pull request #10530 from hakman/gp3-throughput 
Add possibility to set volume throughput for gp3 volumes
 2021-01-05 04:53:58 -08:00
Ciprian Hacman a7bb949936 Add possibility to set volume throughput for gp3 volumes 2021-01-05 13:18:32 +02:00
Peter Rifel a15957da2f
IRSA - continue adding route53 permisions to masters 
These are needed by protokube to create the kops-controller DNS record to allow nodes to bootstrap.

See these logs: https://storage.googleapis.com/kubernetes-jenkins/logs/e2e-kops-grid-scenario-public-jwks/1345956556562239488/artifacts/ip-172-20-48-1.sa-east-1.compute.internal/protokube.log

```
I0104 05:03:51.264472    6482 dnscache.go:74] querying all DNS zones (no cached results)
I0104 05:03:51.264570    6482 route53.go:53] AWS request: route53 ListHostedZones
W0104 05:03:51.389485    6482 dnscontroller.go:124] Unexpected error in DNS controller, will retry: error querying for zones: error querying for DNS zones: AccessDenied: User: arn:aws:sts::768319786644:assumed-role/masters.e2e-kops-scenario-public-jwks.test-cncf-aws.k8s.io/i-05b1db10d1a5b8637 is not authorized to perform: route53:ListHostedZones
```

and the nodeup logs on nodes that couldn't join the cluster:

```
Jan 04 04:55:53.500187 ip-172-20-38-84 nodeup[2070]: W0104 04:55:53.500117    2070 executor.go:131] error running task "BootstrapClient/BootstrapClient" (9m52s remaining to succeed): Post "https://kops-controller.internal.e2e-kops-scenario-public-jwks.test-cncf-aws.k8s.io:3988/bootstrap": dial tcp: lookup kops-controller.internal.e2e-kops-scenario-public-jwks.test-cncf-aws.k8s.io on 127.0.0.53:53: no such host
```
 2021-01-04 21:03:53 -06:00
Steven E. Harris 76feb2e637 Correct integration test to reflect SG restriction 2021-01-04 08:38:25 -05:00
Kubernetes Prow Robot 22a9a13abf
Merge pull request #10488 from rifelpet/iam-role-tag 
AWS IAM Role Tagging
 2020-12-29 22:33:48 -08:00
Ciprian Hacman 01019f09ed Update integration tests 2020-12-28 21:11:34 +02:00
Ciprian Hacman 66039f150e Add containerd option for registry mirrors 2020-12-28 19:32:06 +02:00
Ciprian Hacman c02e5a20ea Remove support for Kubenet with containerd 2020-12-27 18:21:16 +02:00
Peter Rifel 5406744c55
Update integration test output 2020-12-23 15:13:45 -06:00
Ciprian Hacman ff6a782303 Add config options for container runtime package URL and Hash 2020-12-23 13:29:22 +02:00
Ciprian Hacman eff2af2fe2 Update CNI plugins to v0.8.7 2020-12-21 11:07:57 +02:00
Ciprian Hacman 472faf82d2 Drop support for containerd 1.2 2020-12-21 10:08:24 +02:00
Peter Rifel a5071e08cf
Don't allow ebs volume TF resource names to begin with digit 2020-12-14 23:15:36 -06:00
Bharath Vedartham cebe171805 Explicitly specify http_endpoint in launch_template terraform 
http_endpoint has to be explicitly specified in the metadata_options block
of the launch template terraform according to issue
https://github.com/hashicorp/terraform-provider-aws/issues/12564
 2020-12-10 01:37:15 +05:30
Kubernetes Prow Robot bee16c052d
Merge pull request #10324 from bharath-123/feature/aws-imdv2 
Add support for AWS IMDS v2
 2020-12-07 22:55:11 -08:00
Ciprian Hacman 174f405e39 Update expected outputs of integration tests 2020-12-08 07:08:32 +02:00
Ciprian Hacman 265bf4d106 Add option for setting the volume encryption key in AWS 2020-12-08 07:08:09 +02:00
Bharath Vedartham ee5d8a3435 update integration tests 2020-12-07 02:57:32 +05:30
Ciprian Hacman e11d934268 Add option to reuse existing Elastic IPs for NAT gateways 2020-12-06 09:37:17 +02:00
Kubernetes Prow Robot ec691116a9
Merge pull request #10357 from rdrgmnzs/gzip-nodeup-heredocs 
Give users the option to gzip and base64 encode the heredocs in the nodeup.sh user-data
 2020-12-04 13:37:38 -08:00
Rodrigo Menezes 3fb12c66ae gzip and base64 encode the heredocs in the nodeup.sh portion of user-data 2020-12-04 10:46:18 -08:00
Kubernetes Prow Robot 1b45f876a4
Merge pull request #10335 from hakman/same-tg-multiple-igs 
Allow attaching same external target group to multiple instance groups
 2020-12-02 21:38:59 -08:00
Ciprian Hacman e57cd534b5 Allow attaching same external target group to multiple instance groups 2020-12-03 06:59:59 +02:00
Ciprian Hacman 5510d946e9 Update expected outputs of integration tests 2020-12-02 10:11:27 +02:00
Rodrigo Menezes c9af4de9cf Remove copywrite from nodeup scripts to reduce the user-data size 2020-11-30 12:49:25 -08:00
Kubernetes Prow Robot e789c24c3a
Merge pull request #10275 from rdrgmnzs/kubeapi-mem-cpu-request-limit 
Allow setting CPU limit and Mem request / limit for kube API server
 2020-11-23 11:23:02 -08:00
Rodrigo Menezes da773ba35c Allow setting CPU limit and Mem request / limit for kube API 2020-11-23 10:03:34 -08:00
Ciprian Hacman d5bee0b867 Update integration test for ExternalLoadBalancers 2020-11-21 21:45:57 +02:00
Frank Yang 93dcaddc48 feat(aws): add PolicyNames for ELB to change listener's security policy 2020-11-19 16:07:21 +08:00
Ciprian Hacman 4579a1bcdc Validate external IAM policies 2020-11-12 14:34:35 +02:00
Kubernetes Prow Robot 9b3f13d93f
Merge pull request #10151 from hakman/launch-template-versions 
Use LaunchTemplate versions instead of timestamped LaunchTemplates
 2020-11-10 23:23:48 -08:00
Kubernetes Prow Robot e43efbe102
Merge pull request #10157 from rifelpet/acm-nlb 
Setup a second NLB listener when an AWS ACM certificate is used
 2020-11-10 10:36:41 -08:00
Ciprian Hacman 0c3e3784c8 Use LaunchTemplate name instead of name_prefix for Terraform 2020-11-09 21:40:36 +02:00
Kubernetes Prow Robot 6a57543f6e
Merge pull request #10179 from olemarkus/sgr-consistent-naming 
Consistent naming of security group rules
 2020-11-07 02:07:37 -08:00
Ole Markus With fab694d290 Add ability to consistently name sgrs 
In order to let kops fully control the rules for each security group we need to be able to generate names from the info in AWS. This is similar to the approach we used for openstack

Update pkg/model/firewall.go

Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>
 2020-11-07 10:27:19 +01:00
Peter Rifel 54decbc479
Always use TCP health check protocol for target groups 2020-11-06 11:09:38 -06:00