kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
19,785 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

197 Commits

Author SHA1 Message Date
Ciprian Hacman 84b557d203 Run hack/update-expected.sh 2022-12-26 13:21:43 +02:00
John Gardiner Myers b820f4ac59 hack/update-expected.sh 2022-12-24 21:44:50 -08:00
John Gardiner Myers c0dff11230 Update min versions for 1.27 2022-12-24 21:44:49 -08:00
John Gardiner Myers 70389e6398
Release 1.27.0-alpha.1 (#14866) 2022-12-24 21:43:27 -08:00
Ciprian Hacman f5b72742b4
Release 1.26.0-beta.1 (#14858) 2022-12-23 01:13:27 -08:00
Kubernetes Prow Robot 424af287cf
Merge pull request #14823 from johngmyers/coredns 
Upgrade coredns to v1.10.0
 2022-12-20 00:11:44 -08:00
John Gardiner Myers 472a7f38b6 Upgrade coredns to v1.10.0 2022-12-19 23:26:39 -08:00
John Gardiner Myers 936790e953 Upgrade k8s-dns-node-cache to 1.22.15 2022-12-19 19:26:21 -08:00
John Gardiner Myers 4c036cb261 hack/update-expected.sh 2022-12-19 00:10:16 -08:00
Ciprian Hacman 09dc2c8455 Run hack/update-expected.sh 2022-12-09 08:01:54 +02:00
Ciprian Hacman 20805fe110 Run hack/update-expected.sh 2022-12-06 19:00:23 +02:00
John Gardiner Myers c6349285d4
Release 1.26.0-alpha.2 (#14665) 2022-11-25 09:06:04 -08:00
Denis Moiseev e7c3dee038 Add `ec2:DescribeAvailabilityZones` to the AWS CCM permissions list 
To workaround the issue with subnets auto-discovery [1]
AWS ccm needs to have permission to retrieve information about
availability zones (specifically to detect outpost, wavelength, and local zones [2]).

[1] https://github.com/kubernetes/cloud-provider-aws/issues/442
[2] https://github.com/kubernetes/cloud-provider-aws/pull/499
 2022-11-25 11:04:27 +01:00
John Gardiner Myers 6dd63c8e1f hack/update-expected.sh 2022-11-23 15:55:01 -08:00
John Gardiner Myers b105aa6a86 hack/update-expected.sh 2022-11-22 17:15:51 -08:00
John Gardiner Myers bfa4c124cc hack/update-expected.sh 2022-11-19 10:25:23 -08:00
John Gardiner Myers e0ee3eda2a Remove CloudFormation tests 2022-11-19 10:25:20 -08:00
John Gardiner Myers 8473e8b2e7 Stop making MasterInternalName configurable 2022-11-16 22:06:02 -08:00
Ciprian Hacman 309b37eadf Run hack/update-expected.sh 2022-11-15 14:51:54 +02:00
John Gardiner Myers 81ce39006f hack/update-expected.sh 2022-11-01 17:04:43 -07:00
John Gardiner Myers c53c3bf8f8 Update images in tests 2022-11-01 17:04:43 -07:00
Ole Markus With cd378bff72 Move setting role taints to cloudup 2022-10-18 13:42:00 +02:00
Thomas Colomb 9b28c14213 cluster-autoscaler : Add iam permission autoscaling:DescribeScalingActivities needed since 1.24 version 2022-09-23 13:20:21 +02:00
Ole Markus With f226b03abf Add back missing permissions for legacy CCM. Again. 2022-09-10 19:54:49 +02:00
Ciprian Hacman b9394fed18 Run hack/update-expected.sh 2022-08-12 19:40:25 +03:00
justinsb 8693164f76 Update expected output 2022-08-03 09:51:16 -04:00
Ole Markus With 8bcc640452 Make Karpenter respect IG's spec.Subnets 
This will add tag all subnets with the IGs using that subnet

Update docs/operations/karpenter.md

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2022-08-01 21:06:24 +02:00
Ciprian Hacman 9a591b2aa7 Run hack/update-expected.sh 2022-06-07 09:16:54 +03:00
Ciprian Hacman 30404d64a2 Run hack/update-expected.sh 
Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
 2022-03-18 09:01:59 +02:00
Ole Markus With 7132486ebf hack update-expected 2022-02-11 20:51:42 +01:00
Ole Markus With 9d476c0e9c Add CreateSecurityGroup permission for vpcs 2022-01-20 17:49:36 +01:00
Ole Markus With 666cf710a2 Push partition into the policy struct 2022-01-20 17:49:36 +01:00
Ole Markus With 0a082fed12 Require tag on create for external AWS CCM 2022-01-20 15:32:46 +01:00
Ciprian Hacman df29b6e406 Run hack/update-expected.sh 
Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
 2022-01-19 13:00:36 +02:00
Kubernetes Prow Robot 4eb54f2260
Merge pull request #13114 from olemarkus/nodeup-describe-regions 
Add DescribeRegions to nodeup privs
 2022-01-18 22:14:05 -08:00
Ole Markus With b80488906f Add DescribeRegions to nodeup privs 2022-01-17 09:34:29 +01:00
Ole Markus With f4e538508f Create helper function for ec2 create/tag-on-create IAM permissions 2022-01-14 18:41:28 +01:00
Kubernetes Prow Robot 2f31054e19
Merge pull request #13007 from hakman/skip_non-masquerade-cidr 
Use kubelet --non-masquerade-cidr only for Docker with kubenet
 2021-12-21 18:49:36 -08:00
justinsb e8ddfa4328 Update test data for bash return change 2021-12-20 10:12:07 -05:00
Ciprian Hacman b20dfe162a Run hack/update-expected.sh 2021-12-20 08:47:25 +02:00
Ole Markus With f2f9b9dcbb Determine hostnameOverride entirely in nodeup instead of passing in cloud placeholders from cloudup 2021-11-30 13:29:54 +01:00
Ciprian Hacman 7d34232b4c Run hack/update-expected.sh 2021-11-18 07:58:44 +02:00
Peter Rifel af426a272b
./hack/update-expected.sh 2021-11-03 22:17:41 -05:00
Peter Rifel c3e8420731
Revert "Move some AWS IAM policy actions from tagged conditions to wildcard" 
This reverts commit 91e4767851.
 2021-11-03 21:59:43 -05:00
Peter Rifel a8f7fee499
./hack/update-expected.sh 2021-11-02 20:21:37 -05:00
Peter Rifel 91e4767851
Move some AWS IAM policy actions from tagged conditions to wildcard 
I checked these against the IAM docs for each API and moved the actions that dont support tag conditions:
https://docs.aws.amazon.com/service-authorization/latest/reference/list_elasticloadbalancing.html#elasticloadbalancing-actions-as-permissions
https://docs.aws.amazon.com/service-authorization/latest/reference/list_elasticloadbalancingv2.html#elasticloadbalancingv2-actions-as-permissions
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html#amazonec2-actions-as-permissions
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2autoscaling.html#amazonec2autoscaling-actions-as-permissions
 2021-11-02 20:06:35 -05:00
Peter Rifel 8dc11bdba9
./hack/update-expected.sh 2021-10-29 23:08:28 -05:00
Ole Markus With 795ac25363 Add permissions needed for KCM to provision NLBs 2021-10-26 08:51:28 +02:00
Peter Rifel e5ca2d1cd6
./hack/update-expected.sh 2021-10-20 15:15:36 -07:00
Ciprian Hacman ff03aed9c5 Run hack/update-expected.sh 2021-10-04 22:25:16 +03:00
Ciprian Hacman 729f983c50 Run hack/update-expected.sh 2021-10-04 20:23:16 +03:00
Ciprian Hacman 2622964491 Run hack/update-expected.sh 2021-10-02 07:07:38 +03:00
Peter Rifel 724804025b
./hack/update-expected.sh 2021-09-30 09:20:33 -05:00
justinsb db1ba01e94 Only add IPv6 IAM permissions if using IPv6 
This avoids users wondering what these permissions are for until we
need them.
 2021-09-18 13:49:40 -04:00
Ole Markus With a3a2a9c3bf Have nodeup assign an ipv6 prefix 2021-09-16 19:28:07 +02:00
Ole Markus With 4ab75b01cb Have instances learn about their GPU capabilities 2021-09-05 20:09:04 +02:00
Ole Markus With 38f805c5ef Make external-dns a drop-in for dns-controller 
Support TXT records
 2021-08-27 06:24:47 +02:00
Peter Rifel 3db20bed01
./hack/update-expected.sh 2021-08-20 08:41:25 -05:00
Ole Markus With ce86d851aa IRSA support for CCM 
Update pkg/model/components/addonmanifests/awscloudcontroller/iam.go

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-08-07 10:27:36 +02:00
Ciprian Hacman 92ab49cdfb Update Docker to v20.10.8 2021-08-04 06:19:43 +03:00
Ciprian Hacman 541d328812 Update containerd to v1.4.9 2021-07-30 07:30:42 +03:00
Ciprian Hacman b6464658d4 Update containerd to v1.4.8 2021-07-29 05:27:10 +03:00
John Gardiner Myers 80eb3c42ac hack/update-expected.sh 2021-07-23 14:11:10 -07:00
Kubernetes Prow Robot 14de757bca
Merge pull request #11991 from olemarkus/refactor-iam 
Dedicated function for ccm permissons
 2021-07-16 13:06:10 -07:00
Ole Markus With f0390eda29 Dedicated function for ccm permissons 
Update pkg/model/iam/iam_builder.go

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2021-07-16 19:39:57 +02:00
John Gardiner Myers 10692bc2f4 hack/update-expected.sh 2021-07-14 08:19:10 -07:00
Ole Markus With c17ec3a7e7 Move containerd config from cloudup to nodeup 2021-07-14 10:28:37 +02:00
John Gardiner Myers e185c8148d hack/update-expected.sh 2021-07-11 11:16:11 -07:00
John Gardiner Myers 61606868ab hack/update-expected.sh 2021-07-10 23:23:13 -07:00
John Gardiner Myers a63e65038f hack/update-expected.sh 2021-07-10 17:31:59 -07:00
John Gardiner Myers 86c9ee5506 hack/update-expected.sh 2021-07-09 00:20:18 -07:00
John Gardiner Myers cdf26302b2 hack/update-expected.sh 2021-07-08 18:46:03 -07:00
Kubernetes Prow Robot 2e4a1ae143
Merge pull request #11921 from johngmyers/rename-k8s-ca 
Rename the "ca" keyset to "kubernetes-ca"
 2021-07-03 21:48:18 -07:00
Kubernetes Prow Robot cf834ce5fc
Merge pull request #11843 from olemarkus/reduce-policy-size-further 
Reduce policy size further
 2021-07-03 17:58:18 -07:00
John Gardiner Myers 5834fc2690 hack/update-expected.sh 2021-07-03 17:33:13 -07:00
John Gardiner Myers 5c5969d102 hack/update-expected.sh 2021-07-01 22:25:51 -07:00
Ole Markus With aad2912710 Add sets for the remaining addons 2021-07-01 10:37:57 +02:00
Ole Markus With df5b58b1b3 Add sets for the typical default role perms 2021-07-01 10:28:01 +02:00
Ole Markus With 37271998e1 Use sets for aws lbc permissions 2021-07-01 10:19:40 +02:00
Ole Markus With c7bd1c1529 Add s3 policies to integration tests 2021-07-01 09:26:58 +02:00
Ole Markus With 19833e6b73 Use sets for ebscsidriver permissions 2021-07-01 09:02:04 +02:00
John Gardiner Myers 0f1de5cfc8 hack/update-expected.sh 2021-06-30 18:55:35 -07:00
Kubernetes Prow Robot ee048e89e7
Merge pull request #11872 from johngmyers/refactor-serviceaccount 
Refactor nodeup APIServer builder, part one
 2021-06-28 10:42:01 -07:00
John Gardiner Myers 7dfe9d82ab hack/update-expected.sh 2021-06-27 08:45:06 -07:00
John Gardiner Myers fdf034058d hack/update-expected.sh 2021-06-27 08:45:05 -07:00
Ciprian Hacman 348eed772a Avoid spurious changes for ASG InstanceProtection and LT InstanceMonitoring 2021-06-27 10:08:13 +03:00
John Gardiner Myers 89209df150 hack/update-expected.sh 2021-06-25 22:25:50 -07:00
Ciprian Hacman d7f405f65a Decrease default values for net.ipv4.tcp_rmem and net.ipv4.tcp_wmem 2021-06-25 21:27:56 +03:00
John Gardiner Myers 7dea5af9be hack/update-expected.sh 2021-06-21 19:37:24 -07:00
John Gardiner Myers 48c42fe37f hack/update-expected.sh 2021-06-21 16:10:07 -07:00
Ole Markus With 79a2c111f2 Remove redundant permissions 2021-06-21 08:59:54 +02:00
Ole Markus With b3f274e140 Apply permissions to master role when irsa is not used 2021-06-21 08:56:11 +02:00
John Gardiner Myers 0700ef64a0 hack/update-expected.sh 2021-06-19 10:56:24 -07:00
Ole Markus With b37bc7578e Reduce master policy size for lb controller 2021-06-19 10:12:22 +02:00
Kubernetes Prow Robot 135cdf3461
Merge pull request #11789 from johngmyers/seed-rng 
Seed the random number generator on AWS
 2021-06-18 08:48:06 -07:00
Ole Markus With 33a7de60a7 Enable IRSA for EBS CSI Driver 2021-06-18 08:05:59 +02:00
John Gardiner Myers b1e77af664 hack/update-expected.sh 2021-06-17 23:03:52 -07:00
Ole Markus With 6e8e027aff Enable IRSA for Cluster Autoscaler 2021-06-16 18:03:11 +02:00
Ole Markus With e7fa3fa82c Set containerd config on nodeup.Config instead of clusterspec 
This allows us to set a default containerd config per IG (e.g add a different config for GPU IGs)

Can also be considered a cleanup as we no longer use containerd.overrideConfig as a mechanism for bringing the default containerd config from cloudup to nodeup.
 2021-06-15 11:08:22 +02:00
John Gardiner Myers 74a44c2270 Don't restrict nodeup download to IPv4 2021-06-13 21:46:58 -07:00