kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,518 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

360 Commits

Author SHA1 Message Date
Peter Rifel 80ceb4200d
Update test outputs 2021-03-26 11:24:11 -07:00
Barry Melbourne 05123faf5a Update containerd to v1.3.10/v1.4.4 2021-03-23 17:02:01 +00:00
Justin SB c75e084158 Re-add integration tests for jwks 
We removed them from #10756, but they can be re-added.
 2021-03-20 22:55:11 -04:00
Ole Markus With 20bd724f5e Add support for scaling out the control plane with dedicated apiserver nodes 
Ensure apiserver role can only be used on AWS (because of firewalling)

Apply api-server label to CP as well

Consolidate node not ready validation message

Guard apiserver nodes with a feature flag

Rename Apiserver role to APIServer

Add an integration test for apiserver nodes

Rename Apiserver role to APIServer

Enumerate all roles in rolling update docs

Apply suggestions from code review

Co-authored-by: Steven E. Harris <seh@panix.com>
 2021-03-20 20:57:00 +01:00
Peter Rifel 7c900b7fae Generate and upload keys.json + discovery.json to public store 
Generate and upload keys.json + discovery.json to public store

Don't enable anonymous auth on publicjwks

Remove tests that won't work using FS VFS anymore
 2021-03-19 20:03:26 +01:00
Peter Rifel ee600fa2dd
Remove extraneous field from integration test 
The api design for using existing instance profiles must have changed during its PR and I never removed the old field from the integration test.
grep shows that this field doesn't exist anywhere else in the codebase.
 2021-03-10 07:36:23 -06:00
Bharath Vedartham 0c0767c0c9 Remove support for launch configurations 2021-03-09 09:04:15 +02:00
Bharath Vedartham 1d721c3ff8 Update integration tests 2021-03-06 00:33:20 +05:30
Ole Markus With 063e3f6c7b Use internal api url for jwks when required 
The public api url cannot be used by pods and nodes if access is restricted. So by default we need to use the internal one.
This should finally pass the OIDC e2e test

For public access, api server must be publically available and anonymous
auth must be enabled
 2021-03-05 06:52:51 +01:00
mmerrill3 1a3cb79d2d Removing duplicate local and output values in terraform(#10786) 
Signed-off-by: mmerrill3 <michael.merrill@vonage.com>
 2021-03-04 16:32:52 -05:00
Kubernetes Prow Robot fcefcb59cc
Merge pull request #10945 from olemarkus/exclude-cp-nodes-from-lbs 
Exclude CP nodes from load balancers
 2021-03-03 05:21:21 -08:00
Peter Rifel dacfa7728e
Use CPUCredits in integration test 2021-03-02 22:54:30 -06:00
Peter Rifel 2ebd448602
Add integration test for transit gateway support 2021-02-28 13:02:11 -06:00
Ole Markus With 32fce0d59c Exclude CP nodes from load balancers 2021-02-27 20:14:31 +01:00
Kubernetes Prow Robot a424958e83
Merge pull request #10872 from timothyclarke/feature/NLB-EIP 
Adding Elastic IP Allocations to NLB API
 2021-02-22 23:48:03 -08:00
Kubernetes Prow Robot 6123c85047
Merge pull request #10884 from hakman/fix-validate-instance-type-and-image 
Improve machine type and image validation
 2021-02-19 09:44:25 -08:00
Ciprian Hacman dee13cecca Improve machine type and image validation 2021-02-19 18:28:57 +02:00
Ole Markus With 9a13837629 Fix JWKS path for volume projection 2021-02-18 22:07:35 +01:00
Timothy Clarke 1577b0a54b
Adding Elastic IP Allocations to NLB API 2021-02-18 12:27:28 +00:00
Alexander Block 16f3de29fb Run ./hack/update-expected.sh 2021-02-16 18:46:00 +01:00
Ciprian Hacman 1c4da19881 Update integration test outputs with new mock version 2021-02-16 14:21:15 +02:00
Kubernetes Prow Robot cd10383fa0
Merge pull request #10741 from codablock/nlb-subnets 
Allow to control which subnets and IPs get used for the API loadbalancer
 2021-02-14 14:23:06 -08:00
Kubernetes Prow Robot 082bdc3878
Merge pull request #10780 from olemarkus/consistent-cp-labelling 
Make protokube CP label setting consistent with kops-controller
 2021-02-12 11:09:58 -08:00
Ole Markus With 783b6c0d6c Make protokube CP label setting consistent with kops-controller 2021-02-12 08:17:14 +01:00
Ciprian Hacman c0d02d7dc9 Update Docker to v19.03.15 2021-02-12 07:10:32 +02:00
Steven E. Harris d44612cc84 Capture outcome of "hack/update-expected.sh" run 2021-02-11 10:49:49 -05:00
Kubernetes Prow Robot 63baa5b579
Merge pull request #10752 from rifelpet/lifecycle-integration-test 
Add overrides testing in lifecycle integration tests
 2021-02-11 00:56:16 -08:00
Alexander Block 684ff3498e Add back "omitempty" to cloudformation SubnetMapping 2021-02-10 18:02:13 +01:00
Alexander Block 091a18a128 Add omitempty to Subnets and SubnetMappings for terraform and cloudformation 2021-02-10 10:29:48 +01:00
Peter Rifel 9f5e225424
Add integration test for one external CLB being attached to multiple ASGs 2021-02-07 10:47:55 -06:00
Peter Rifel dd1ebb8b77
Add overrides support in lifecycle integration tests 
This allows specific changes to be tested during an `update cluster --yes` and ensuring a subsequent `update cluster` dryrun correctly reports no changes.

To specify changes, create a cluster.overrides.txt or instancegroup.<name>.overrides.txt file in the update_cluster integration test's directory.
Each line is a field=value format, each batch of changes is separated by a `---` line.
Each batch will be ran through `update cluster --yes`
 2021-02-06 23:18:15 -06:00
Alexander Block 49e7ec8890 Use SubnetMappings for NLBs instead of Subnets 
SubnetMappings allow to explicitely set the private IPv4 address that
must be used for the NLB.

SubnetMappings and Subnets in the AWS API are compatible as long as the
address settings are not changes, making this commit backwards compatible.
 2021-02-05 17:53:20 +01:00
Ciprian Hacman f8d3b76556 Default IMDSv2 to "optional" for AWS 2021-01-29 14:02:14 +02:00
Kubernetes Prow Robot 3d39be7721
Merge pull request #10661 from hakman/etcd-manager-defaults 
Update AWS etcd-manager volumes defaults
 2021-01-28 22:01:41 -08:00
Ciprian Hacman 5fcd4e4b28 Allow attaching same external load balancer to multiple instance groups 2021-01-27 16:25:39 +02:00
Ciprian Hacman 4c5d7ddabf Remove workaround for volume throughput when using Terraform 2021-01-27 06:33:15 +02:00
Ciprian Hacman ca408f7e8f Set default volume type to "gp3" for etcd-manager volumes in AWS 2021-01-27 06:23:27 +02:00
Justin SB 1d76a15f69 Set the tcp_rmem sysctl in bootstrap script 
This ensures that we're using our settings for downloading nodeup
itself and any assets that nodeup downloads.  This is a workaround for
reported problems with the initial download on some kernels otherwise.

Issue #10206
 2021-01-24 21:50:45 -05:00
Ciprian Hacman d889d61ddb Set default IMDS v2 to "required" for instances in AWS 2021-01-21 11:35:41 +02:00
Ciprian Hacman c8a9b2fb3e Set default volume encryption to "true" for instances in AWS 2021-01-21 11:27:02 +02:00
Ciprian Hacman 18bb14ffed Set default volume type to "gp3" for instances in AWS 2021-01-21 11:27:02 +02:00
Ciprian Hacman 3799d135a3 Fix tests and spelling 2021-01-19 09:06:02 +02:00
Barry Melbourne 337c9c4c66 Set default container runtime to containerd 2021-01-16 14:55:35 +00:00
Ciprian Hacman b0cb0c77d4 Update integration tests for "update cluster" 2021-01-15 15:51:02 +02:00
Ciprian Hacman 65ebf4760d Update integration test for gp3 with etcd volumes 2021-01-15 09:53:10 +02:00
Ciprian Hacman e20900a2de Add CF integration test for gp3 volumes 2021-01-15 09:53:10 +02:00
Ole Markus With afbd057286 Use consistent naming for the remaining SGRs 2021-01-14 12:57:33 +01:00
Kubernetes Prow Robot 09bf333433
Merge pull request #10567 from rifelpet/nlb-listener-order 
Fix NLB listener -> target group association for TF & CF
 2021-01-13 01:04:35 -08:00
Peter Rifel 580d73bdc7
Fix NLB listener -> target group association for TF & CF 
The old code made the incorrect assumption that the NLB's list of TargetGroup tasks is in the same order as the NLB's list of listeners for their associations.
Because the model adds them in opposite orders this resulted in the TLS listener being forwarded to the TCP TG and vice versa.

This updates the terraform and cloudformation generation code to search the NLB's list of target groups by name for the target group that should be associated with the listener.
This matches the logic used in the "direct" target.
 2021-01-12 23:21:55 -06:00
Bharath Vedartham a8d709acf2 Default cgroup driver to systemd from k8s 1.20 
Currently, kOps uses cgroupfs cgroup driver for the kubelet and CRIs. This PR defaults
the cgroup driver to systemd for clusters created with k8s versions >= 1.20.

Using systemd as the cgroup-driver is the recommended way as per
https://kubernetes.io/docs/setup/production-environment/container-runtimes/
 2021-01-12 20:39:25 +05:30