kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,549 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

45 Commits

Author SHA1 Message Date
Kubernetes Prow Robot 17c2edc3a1
Merge pull request #11811 from olemarkus/ebs-bump 
Add back createvolume to master + bump ebs driver
 2021-06-21 02:19:03 -07:00
Kubernetes Prow Robot eb7ba5e943
Merge pull request #9229 from johngmyers/version-fullcluster 
Put versioned API of cluster into state store
 2021-06-21 01:32:52 -07:00
Ole Markus With 79a2c111f2 Remove redundant permissions 2021-06-21 08:59:54 +02:00
Ole Markus With b3f274e140 Apply permissions to master role when irsa is not used 2021-06-21 08:56:11 +02:00
Ole Markus With b37bc7578e Reduce master policy size for lb controller 2021-06-19 10:12:22 +02:00
Kubernetes Prow Robot 135cdf3461
Merge pull request #11789 from johngmyers/seed-rng 
Seed the random number generator on AWS
 2021-06-18 08:48:06 -07:00
Ole Markus With 33a7de60a7 Enable IRSA for EBS CSI Driver 2021-06-18 08:05:59 +02:00
John Gardiner Myers b1e77af664 hack/update-expected.sh 2021-06-17 23:03:52 -07:00
John Gardiner Myers 53695fc183 Put versioned API of cluster into state store 2021-06-16 19:33:46 -07:00
Ole Markus With 6e8e027aff Enable IRSA for Cluster Autoscaler 2021-06-16 18:03:11 +02:00
John Gardiner Myers 4fe25196d8 Trim unnecessary paths from worker node IAM 2021-06-15 21:03:13 -07:00
Kubernetes Prow Robot cfc93e5178
Merge pull request #9294 from johngmyers/refactor-nodeup-context 
Remove InstanceGroup from NodeupModelContext
 2021-06-12 13:43:01 -07:00
Matthew Wong b6266ce5f0 Run hack/update-expected.sh 2021-06-09 13:53:07 -07:00
John Gardiner Myers 9cba5e345d hack/update-expected.sh 2021-06-03 21:09:15 -07:00
Ole Markus With 1ec0bd18e8 Enable support for the ASG WarmPool lifecycle hook 
Update pkg/model/iam/iam_builder.go

Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>
 2021-04-24 09:40:52 +02:00
Ole Markus With af92896dc7 Don't start kubelet if we are warming 2021-04-14 11:05:50 +02:00
Ciprian Hacman a3a0b91b5f Order policy document sections alphabetically 2020-11-04 16:15:00 +02:00
Justin SB 1e559618f5 Ensure we have IAM bucket permissions to other S3 buckets 
If we are expected to write to other buckets, we need to have suitable
permissions to e.g. determine their location.
 2020-06-04 22:37:17 -04:00
Ciprian Hacman 00cbbce2b5 Allow listing versions for objects in the S3 bucket 2020-05-29 08:50:56 +03:00
Michal Schott c2d5c0fb91
Updating master IAM policies. 2019-09-13 13:07:52 +02:00
Ryan Bonham 54ef99ef54 Update Tests 2019-04-30 09:15:08 -05:00
Jay Eno e0948842f3
Update iam_builder_node_strict_ecr.json 2018-11-03 01:03:01 -06:00
Jay Eno e5c12bdbef
Update iam_builder_node_strict.json 2018-11-03 01:02:42 -06:00
Jay Eno b0201c5922
Update iam_builder_node_legacy.json 2018-11-03 01:02:24 -06:00
Jay Eno ccfee27165
Update iam_builder_master_strict_ecr.json 2018-11-03 01:01:47 -06:00
Jay Eno d7dab870c9
Update iam_builder_master_legacy.json 2018-11-03 01:01:08 -06:00
Jay Eno 7228721439
Update test for new role 2018-11-02 23:46:02 -06:00
Kelly Campbell 8132073ad9 Add elasticloadbalancing:DeregisterTargets permission to master policy 
Without this permission, controller-manager gets the following error:

    failed to ensure load balancer for service XXX: Error trying to
    deregister targets in target group:
    "AccessDenied: User: arn:aws:sts::XXX:assumed-role/masters...
    is not authorized to perform: elasticloadbalancing:DeregisterTargets
    on resource: arn:aws:elasticloadbalancing:XXX
 2018-09-05 14:01:01 -04:00
Kashif Saadat 03e18d37af Add AWS IAM permission to check for volume resize 2018-08-10 16:47:20 +01:00
Justin Santa Barbara a7b22b4876 Remove GetAsgForInstance IAM permission 
It isn't a valid IAM permission - it was introduced in error, but IAM
is kind enough to ignore it.

Fixes #5549
 2018-08-02 11:27:29 -04:00
Kashif Saadat 2f0fdbc6d7 Add IAM ec2:ModifyVolume permission to allow EBS volume resize 2018-07-06 15:49:34 +01:00
Justin Santa Barbara 8064f19fc4 Avoid changing IAM policy for users 
Follow on to #5253, making it so that users that don't adopt bootstrap
kubelet config don't have their IAM policies change.
 2018-06-12 11:58:08 -04:00
Rohith 2d5bd2cfd9 - update the IAM policy to ensure the kubelet permision is skipped 
- update the PKI to ensure on new clusters the certificate it not created
 2018-06-11 09:57:26 +01:00
Kashif Saadat bf30b2559f Update AWS IAM Policy tests following Statement ID removal 2018-04-10 15:33:51 +01:00
Shane Starcher b1fdb35118 fixing ecr policy test 2018-02-08 11:12:51 -05:00
Shane Starcher ffc92d4da3 updating the test 2018-02-08 10:52:07 -05:00
Caleb Gilmour 1e74216b94 Update route-related IAM permissions for Romana 2018-02-02 00:37:46 +00:00
Mikael Knutsson 1dbd435019 Fix ASG scaling by adding in ec2:DescribeRegions permission 2018-01-22 17:11:49 +08:00
Eric Hole 59bc52a05a Adds permissions for ELB and NLB req'd by 1.9 2017-12-17 13:03:54 -08:00
Robin Percy 6a2ded4681 Adding DescribeTags to masters 2017-12-13 11:48:24 -08:00
Manuel de Brito Fontes 683799c9ab Add missing permissions for NLB creation 2017-12-01 08:56:55 -03:00
Fabricio Toresan d4eef657d6 Changing the prefix of the ResourceTag condition to match the one specified in the ASG documentation 2017-11-18 09:17:07 -02:00
Kashif Saadat 5bfb22ac92 Make the IAM ECR Permissions optional, can be specified within the Cluster Spec. 2017-10-24 09:20:17 +01:00
Kashif Saadat 28c4b7aca9 Add IAM Permissions so nodes can access AWS ECR 2017-10-23 10:11:27 +01:00
chrislovecnm 2e6b7eedb9 Revision to IAM Policies created by Kops, and wrapped in Cluster Spec 
IAM Legacy flag.
 2017-09-15 08:05:23 +01:00