kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
19,577 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

96 Commits

Author SHA1 Message Date
justinsb 1faee9dd8c digitalocean: bootstrap nodes through kops-controller. 
We start with a simple node verifier.
 2023-05-07 13:17:56 -04:00
justinsb c89f434f1b Only use node challenge on hetzner 
DigitalOcean (and others) will follow shortly.

Also create a method for CloudProvider, so that we are more ambivalent
towards bootstrapping methods.
 2023-05-06 08:57:21 -04:00
Justin SB c67f895226 Perform challenge callbacks into a node 
In order to verify that the caller is running on the specified node,
we source the expected IP address from the cloud, and require that the
node set up a simple challenge/response server to answer requests.

Because the challenge server runs on a port outside of the nodePort
range, this also makes it harder for pods to impersonate their host
nodes - though we do combine this with TPM and similar functionality
where it is available.
 2023-05-06 08:03:21 -04:00
justinsb 868823bbcf Block bootstrap when the node already exists 
We now do this across all clouds, as it has been demonstrated on
OpenStack.
 2023-04-27 11:47:42 -04:00
Jesse Haka a765191898 use http.StatusConflict 2023-02-20 13:01:43 +02:00
Jesse Haka 8e6199fa39 exit gracefully if server already exists in k8s 2023-02-12 16:52:13 +02:00
Justin SB 9b02017059 openstack verifier: support IPv6 
Add IPv6 support to the openstack verifier and polish up a few error messages.
 2023-01-28 10:54:48 -05:00
Jesse Haka b3c134be06 make openstack kops-controller boostrap auth better 2023-01-19 10:07:11 +02:00
Kubernetes Prow Robot 08f308232f
Merge pull request #15006 from zetaab/osnodeidentifier 
update OpenStack node identifier to use Identifier
 2023-01-15 23:20:51 -08:00
Jesse Haka eaa1a6836e update OpenStack node identifier to use Identifier instead of LegacyIdentifier 2023-01-15 10:14:51 +02:00
John Gardiner Myers 775ed65820 Run kops-controller server on non-leaders as well 2023-01-14 10:20:04 -08:00
Jesse Haka 3dab0eb807 Use kops-controller to boostrap nodes in OpenStack 2023-01-14 13:54:14 +02:00
justinsb 6c2edaee7e Add Context arg to vfs ReadFile 
This is an "action" method, so should take a context.
 2023-01-01 09:51:44 -05:00
Ciprian Hacman b3a07ee83e Use short service name with discovery labels 2022-12-26 13:21:43 +02:00
justinsb 817c1e63b3 FindKeyset can return nil 
We had missed a case in nodeup; add a Context argument to force us to
revisit the codepaths.
 2022-12-24 16:12:21 -05:00
Kubernetes Prow Robot c9e6a915cc
Merge pull request #14736 from Mia-Cross/scaleway_nodeidentity 
scaleway : nodeidentity
 2022-12-13 22:29:34 -08:00
Ole Markus With 7375bbb487 kops-controller: increase verbosity level on logs in gossip controller 2022-12-08 20:18:31 +01:00
Leïla MARABESE 3b9a57efb7 scaleway nodeidentity 2022-12-07 11:49:53 +01:00
Ciprian Hacman 8f79c9bd68 Replace fi.Bool/Float*/Int*/String() with fi.PtrTo() 2022-11-19 03:45:22 +02:00
Ciprian Hacman 61eaeddb9b Serve secrets from kops-controller for nodes without state store access 2022-11-15 14:51:54 +02:00
Ciprian Hacman c9d1eb9761 hetzner: Use kops-controller for node bootstrap 2022-11-02 12:43:25 +02:00
Ciprian Hacman b5f14b589b Add initial support for Hetzner Cloud 2022-05-09 06:12:15 +03:00
Ole Markus With ce2e877aeb Remove bazel files from vendor 2022-04-12 13:29:03 +02:00
Ole Markus With 5cac1eea56 Set command using entrypoint instead of cmd 2022-03-11 16:02:46 +01:00
justinsb f60f2476ed kops-controller: use controller-runtime manager 
This gives us access to a managed client, and it lets us hook into the
lifecycle.
 2021-12-18 19:38:53 -05:00
Kubernetes Prow Robot f7e66049d6
Merge pull request #12862 from johngmyers/instanceid-nodename 
Use instance ID as node name when AWS CCM supports it
 2021-12-05 14:58:32 -08:00
Ciprian Hacman ea7df00719 Run hack/update-gofmt.sh 2021-12-01 22:39:50 +02:00
John Gardiner Myers 73f164e229 Use instance ID as node name when AWS CCM supports it 2021-11-30 17:54:54 -08:00
justinsb 6133250046 gossip: support resolution of k8s.local names from pods 
We add the hosts plugin to CoreDNS, and we populate a ConfigMap from
kops-controller (when in gossip mode).

This enables resolution of the internal apiserver DNS name from Pods,
even when gossip mode (k8s.local) is in use.  This should fix the
failing e2e tests which are assuming that the name in the JWT token is
resolvable from inside the cluster.

This is also a possible step towards a simpler gossip mode, now that
we have a central controller.
 2021-11-19 11:02:15 -05:00
justinsb 813f2f1431 kops-controller should log port it is listening on 2021-11-14 10:45:13 -05:00
Eng Zer Jun 425173ae9f
refactor: move from io/ioutil to io and os packages 
The io/ioutil package has been deprecated as of Go 1.16, see
https://golang.org/doc/go1.16#ioutil. This commit replaces the existing
io/ioutil functions with their new definitions in io and os packages.

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
 2021-11-12 15:37:18 +08:00
justinsb 6c46de3270 kops-controller: register coordination scheme 
Otherwise we log an error message because we can't discover the GVK
when reporting the leader-election events.
 2021-10-19 09:21:12 -04:00
justinsb 4dc2c062fd Support GCE TPM verification 2021-10-06 08:40:20 -04:00
justinsb fad6db8beb Refactor bootstrap verifier/authenticator into its own package 
No code changes, but this avoids a circular package dependency that we
would otherwise introduce in the GCE logic.
 2021-09-26 09:43:53 -04:00
Ole Markus With 88bd1953ce Have kops-controller assign instance ipv6 prefix to node 2021-09-16 19:25:19 +02:00
Ole Markus With ad16042a1f Add IPs to kubelet server cert 
Since AWS does not resolve instance hostnames to ipv6, ipv6-only pods that talk to kubelet API has to use node IP, not hostname. Thus we need to add IPs to kubelet server cert.
 2021-08-26 20:54:02 +02:00
John Gardiner Myers 191df58267 Verify CA keypair IDs for kops-controller-issued certs 2021-07-14 08:15:28 -07:00
John Gardiner Myers 4a47614e62 Simplify config server protocol 2021-06-26 09:56:47 -07:00
John Gardiner Myers 1752f0f4db Move most of nodeup.Config out of userdata 2021-06-25 22:25:49 -07:00
Kubernetes Prow Robot eb7ba5e943
Merge pull request #9229 from johngmyers/version-fullcluster 
Put versioned API of cluster into state store
 2021-06-21 01:32:52 -07:00
John Gardiner Myers c337d217ba Refactor kops-controller to use FindPrimaryKeypair and use consistent filenames 2021-06-19 10:56:29 -07:00
John Gardiner Myers 53695fc183 Put versioned API of cluster into state store 2021-06-16 19:33:46 -07:00
John Gardiner Myers 09259ad30f Remove unused field 2021-06-12 16:05:53 -07:00
Kubernetes Prow Robot b71ba1d566
Merge pull request #11219 from johngmyers/refactor-keypair 
Refactor keypair code in preparation for secret rotation
 2021-06-12 14:25:00 -07:00
John Gardiner Myers 2300d89591 Rename pki.FindKeypair to FindPrimaryKeypair 2021-06-05 16:38:26 -07:00
John Gardiner Myers 0364a3af25 Refactor FindKeypair interfaces 2021-06-05 16:38:24 -07:00
John Gardiner Myers eb09d31a3c Pass AuxConfig to nodeup 2021-06-03 21:04:21 -07:00
Barry Melbourne 659bfa0daf Update Controller Runtime Go module to v0.8.2 2021-02-25 20:34:12 +00:00
Kubernetes Prow Robot 4507be8e13
Merge pull request #10469 from justinsb/boot_nodes_from_kops_controller 
Boot nodes without state store access
 2021-02-08 11:28:19 -08:00
Barry Melbourne f2ecb5c153 Upgrade Go v1.15.6 / Bazel v3.4.1 2021-01-10 18:13:12 +00:00