Automatic merge from submit-queue.
Downgrade Flannel in Canal deployment to v0.9.0
Flannel v0.9.1 introduces a single change to add 2 iptables rules to the `FORWARD` chain, permitting traffic in/out of the pod network (introduced to improve compatibility with newer versions of Docker). This change is unnecessary for Canal deployments for the following reasons:
- Calico's `DefaultEndpointToHostAction` is set to `ACCEPT` in the manifest deployed by kops, allowing traffic by default once all other Calico rules are processed.
- If Calico's `ChainInsertMode` is set to `APPEND`, the flannel rules will be processed before the Calico rules, accepting traffic by default, and so Kubernetes network policies will not take effect
This change is temporary until a more permanent resolution is available with Flannel, such as providing a configurable option to disable the addition of these rules when deployed with Calico.
Related to #4037
Automatic merge from submit-queue.
Bastion output line
- cleaning up the bastion username line, stop you from getting
```shell
* to ssh to the bastion, you probably want to configure a bastionPublicNameThe admin user is specific to Debian...
```
Automatic merge from submit-queue.
Fix spurious shared InternetGateway renaming
This fixes the original issue described in #476 where `kops update cluster` would continuously report renaming a shared IGW even though it never actually renames it. I also added tests to confirm the behavior change.
I removed the bug mention from the docs although if you would prefer to keep it and instead say `In kops versions before X, ...` I can do that too
Automatic merge from submit-queue.
Fix libcgroup dependency typo
Fixes#4029
In nodeup/pkg/model/docker.go, libcgroup is listed as a dependency for various environments. A couple times this is misspelled as libgcroup
Automatic merge from submit-queue.
Minor update to docs/aws.md
Updates the backtick syntax to `$(...)`, plus a minor grammar fix.
I wasn't sure if I needed to fill out a CLA for just a documentation update. Let me know if I should!
_Update:_ Never mind, I've signed the agreement now!
Automatic merge from submit-queue.
When using private DNS add ELB name to the api certificate
This fixes issue #2032 by using the gossip paths with private dns as well:
* When creating the api server certificate, include the ELB hostname
* When generating kubeconfig, use the ELB hostname as the api server name
Automatic merge from submit-queue.
Update aws-sdk-go to v1.10.34
Update aws-sdk-go to v1.10.34
This is in preparation to make Kops support AWS VPCs with multiple CIDRs.
Automatic merge from submit-queue.
Add missing permissions for NLB creation
Without this permissions is not possible to create a network load balancer (alpha in k8s >= 1.9)
Justin Santa Barbara