kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
20,227 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

120 Commits

Author SHA1 Message Date
justinsb 8765d73ed3 gce: Only select forwardingRules for our cluster 
Avoids issues when we have two clusters in the same GCP project.
 2023-07-28 23:48:41 -04:00
justinsb 3cce79d4e4 gce: Refactor resource labeling 
Create a more strongly-typed label object and use it when labeling
cluster resources.
 2023-07-28 23:48:41 -04:00
justinsb fb8e80e3f5 gce: Set labels on ForwardingRules 
We add the cluster-name label, now that labels are supported on
ForwardingRules.
 2023-07-28 23:48:41 -04:00
John Gardiner Myers d926989600 v1alpha3: Rename GCE networking to GCP 2023-07-09 16:48:26 -07:00
Ciprian Hacman 04a4e02920 gce: Update logic for internal LB 2023-07-08 04:34:43 +03:00
Ciprian Hacman 89f7568deb Use the legacy TPM API 2023-06-30 12:02:55 +03:00
Justin SB c67f895226 Perform challenge callbacks into a node 
In order to verify that the caller is running on the specified node,
we source the expected IP address from the cloud, and require that the
node set up a simple challenge/response server to answer requests.

Because the challenge server runs on a port outside of the nodePort
range, this also makes it harder for pods to impersonate their host
nodes - though we do combine this with TPM and similar functionality
where it is available.
 2023-05-06 08:03:21 -04:00
Justin SB ca47771cff Set the nonMasqueradeCIDR for GCE networking 
We do need a non-masquerade CIDR, and we can use the range we draw the
pod CIDRs from (10.0.0.0/8).
 2023-03-02 07:45:11 -05:00
Jesse Haka b3c134be06 make openstack kops-controller boostrap auth better 2023-01-19 10:07:11 +02:00
justinsb f016c396ec gce: try to avoid concurrent IAM project operations 
We set up a process-wide table of mutexes, to avoid concurrent IAM
operations on GCE projects.  Best-effort is reasonable here, we will
retry, but avoiding concurrent operations just avoids logspam and a
needless retry from self-conflicts.
 2023-01-01 18:15:20 -05:00
John Gardiner Myers 7abacb9b3b Get default CheckExisting from Target 2022-12-20 12:00:37 -08:00
John Gardiner Myers 7c3e32369a Refactor Context into separate cloudup and nodeup types 2022-12-17 17:42:46 -08:00
John Gardiner Myers 235aa61594 v1alpha3: move networking fields under networking 2022-12-02 19:19:59 -08:00
John Gardiner Myers d39ba74bd7 Change the control-plane IG role to "ControlPlane" in v1alpha3 API 2022-11-22 17:05:29 -08:00
John Gardiner Myers bc36f5b022 Rename ClusterSubnetSpec's ProviderID field to ID 2022-11-20 15:36:54 -08:00
Ciprian Hacman d29812fc6e Replace fi.Bool/Float*/Int*/StringValue() with fi.ValueOf 2022-11-19 03:45:23 +02:00
justinsb 1472ae51ca Fix typo in format string 
Fixing Warning that should have been a Warningf
 2022-10-08 09:24:28 -04:00
Ciprian Hacman 5e3e9fabd0 Limit GCE network names to 63 chars 2022-08-17 06:37:26 +03:00
Ciprian Hacman 5a8472313f Limit GCE names to 63 chars for various resources 2022-06-30 14:15:17 +03:00
Ciprian Hacman d2e614dd3e Refactor ClusterPrefixedName and ClusterSuffixedName to not return error 2022-06-30 07:59:52 +03:00
Ciprian Hacman ccf31f7491 Limit GCE tag for role to 63 chars 2022-06-24 17:49:34 +03:00
Nat Henderson 9b08c4bb51 Enable internal load balancers when running on GCP 
* Add ILBs, broadly following the AWS model.  The following new
capabilities are added for clusters in GCP:
  * Cluster's spec.api.loadBalancer can be set to 'type: internal' on
    GCP.
    * Therefore, GCP can now create:
        * regional backend services
        * regional (non-legacy) healthchecks
        * firewall rules with "internal" load-balancing scheme
        * firewall rules with dot-notation-specified IP addresses
  * Cluster's spec.api.loadBalancer's 'subnets' field functions
    as in the AWS model.

A few incidental changes are included, either because this change
touched the relevant code or because my use case happened to trigger the
issues that are fixed here.

* Cluster's spec.networkID field can be prefixed by project to use
  GCP's common cross-project networking model.
    * The presumption is that all specified subnets belong to this
      network and therefore this project.

* Add missing operation wait on forwarding rule creation.

* Some Terraform output improvements:
    * Permit no-ACL files in GCS buckets in Terraform output.
    * Enable marginally better cross-resource reference in Terraform outputs
    * Add project to network + subnetwork literals in Terraform output.
    * Add terraform output to backend services and health checks.

Testing:
  * Add mocks for backend services and health checks.
  * Add minimal integration test - copied from gce_private and ilb added.
  * Add update cluster goldens.

Co-authored-by: Travis Reid <travis_reid@apple.com>
 2022-04-25 13:31:47 -07:00
Ole Markus With ce2e877aeb Remove bazel files from vendor 2022-04-12 13:29:03 +02:00
Kubernetes Prow Robot 02dc9dd8b3
Merge pull request #13201 from zetaab/removesa 
cleanup GCP Cluster Service Accounts
 2022-02-23 04:24:19 -08:00
Jesse Haka 67beb3fef5 add const 2022-02-23 10:52:08 +02:00
Jesse Haka 0a19533410 remove GCE Cluster Service Accounts 2022-02-04 16:46:27 +02:00
Jesse Haka d3fac0c1be GCP API health checks 2022-02-03 21:02:21 +02:00
Jesse Haka b88d110f58 Drain OpenStack loadbalancers 2021-12-31 13:16:02 +02:00
justinsb 8b3372ec76 Need to truncate gce serviceaccounts to max 30 characters 2021-12-17 12:57:14 -05:00
justinsb faeeb1fe80 GCE: Project IAM Binding task 
This allows us to grant a project-level permission to a service account.
 2021-12-13 13:48:55 -05:00
Kubernetes Prow Robot 1c78abb288
Merge pull request #12894 from zetaab/detectlbs 
Cleanup GCE loadbalancers created by k8s
 2021-12-07 19:53:44 -08:00
Kubernetes Prow Robot f7e66049d6
Merge pull request #12862 from johngmyers/instanceid-nodename 
Use instance ID as node name when AWS CCM supports it
 2021-12-05 14:58:32 -08:00
Jesse Haka 8f3b42222b Cleanup GCE loadbalancers created by k8s 2021-12-05 12:26:43 +02:00
justinsb 4cf52d0e51 GCE: Support kops-controller, including in gossip mode 
We discover the kops-controller in gossip mode using seeding code that
calls into the GCE API, just like gossip itself does.

We refactor the gossip code into a shared gcediscovery library with
minimal dependencies.
 2021-12-04 11:51:41 -05:00
Peter Rifel 85d4bf7497 Add labels to GCE instance templates 2021-12-02 08:20:04 +02:00
Kubernetes Prow Robot 0be79b25b7
Merge pull request #12867 from hakman/gofumpt_script 
Add gofumpt scripts
 2021-12-01 22:13:32 -08:00
Peter Rifel 00a8a68f01
Fix area/provider/gcp GitHub label assignment 2021-12-01 22:43:43 -06:00
Ciprian Hacman ea7df00719 Run hack/update-gofmt.sh 2021-12-01 22:39:50 +02:00
John Gardiner Myers 73f164e229 Use instance ID as node name when AWS CCM supports it 2021-11-30 17:54:54 -08:00
John Gardiner Myers e5a6b79c19 Rename fields in v1alpha3 status API to fit acronym convention 2021-11-22 08:07:55 -08:00
justinsb e3c3671f76 GCE: Support network deletion 2021-10-24 17:41:14 -04:00
justinsb d363bf3dad GCE: improve network & subnet terraform support 
We should use the subnet spec in the Cluster, and default to creating
a new subnet/network, but allow an existing one to be specified.
 2021-10-24 17:41:14 -04:00
justinsb 4dc2c062fd Support GCE TPM verification 2021-10-06 08:40:20 -04:00
Justin Santa Barbara 1db266f15a Move cidrmap to subnet package 
This will enable reuse outside of gce.
 2021-09-20 09:33:10 -04:00
John Gardiner Myers dd605fdbc3 Subsume StatusStore into fi.Cloud 2021-05-15 17:39:32 -07:00
Kenji Kaneda 71f52363f8 Add a lifecycle test for GCE 
- Move MockGCECloud to cloudmock/gce.
- Change Compute() and CloudDNS() of GCECloud to return interfaces
  for mocking
 2021-04-26 13:05:27 -07:00
Ole Markus With 0ec71686b9 Refactor cloudinstancegroupmember in a more independent cloud instance representation 
Apply suggestions from code review

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-08-30 21:37:03 +02:00
Peter Rifel 4d9f0128a3
Upgrade to klog2 
This splits up the kubernetes 1.19 PR to make it easier to keep up to date until we get it sorted out.
 2020-08-16 20:56:48 -05:00
John Gardiner Myers 154833e652 Fail cluster validation if too few nodes for ig's target size 2020-05-12 22:28:26 -07:00
eric-hole f25b26ff07 Migrates GCE sdk from v0.beta to v1 2020-04-24 10:54:19 -07:00