kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,212 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

30 Commits

Author SHA1 Message Date
Justin Santa Barbara a879521ba3 Initial aggregation support 
Create the keypairs, which are supposed to be signed by a different CA.

Set the `--requestheader-...` flags on apiserver.

Fix #3152
Fix #2691
 2017-10-22 14:41:38 -04:00
Justin Santa Barbara 559d885480 Mirror keystore & secretstore 
This allows us to have our API objects in kops-server, but our
configuration on S3 or GCS.
 2017-09-24 00:09:02 -04:00
Justin Santa Barbara 914fe68ee2 SecretStore and CAStore implementations backed by API 
Not yet wired in
 2017-09-17 23:01:13 -04:00
Kubernetes Submit Queue 593f444297 Merge pull request #3359 from justinsb/delete_more_secrets 
Automatic merge from submit-queue

Support for deleting tokens & keypairs
 2017-09-14 19:30:08 -07:00
Justin Santa Barbara 0769d218dc Fxies per code review 2017-09-14 09:33:06 -04:00
Justin Santa Barbara 106875115d Support for deleting tokens & keypairs 
This now allows for deleting all secrets, which means we can have a
procedure for rotating all keys.
 2017-09-09 01:04:45 -04:00
Justin Santa Barbara 9f8ef34f75 Warn if SSH fingerprint is obviously bad 
In particular this catches double-encoding
 2017-08-28 11:22:19 -04:00
Justin Santa Barbara a16c8b1500 Refactor PKI classes into their own package 
This will support generation of keys on the node.
 2017-08-27 08:14:55 -04:00
Kashif Saadat fd0ce236dc Remove node requirement to access private ca and master keys in S3 2017-08-11 16:12:32 +01:00
Justin Santa Barbara 3dcddf5b67 Reuse the public key if it exists 
This avoids breaking all the service account signatures if a minor
change is made to the certs.
 2017-03-31 01:52:04 -04:00
Chris Love 0d78c65498 Merge pull request #660 from justinsb/fix_upgrade 
Fix upgrade from kube-up
 2016-10-18 10:39:33 -06:00
chrislovecnm 8fa2aac99f fixing more headers 2016-10-15 19:20:56 -06:00
Justin Santa Barbara 1b7db6a60b Fix log message when adding a certificate 2016-10-15 14:18:30 -04:00
Justin Santa Barbara c284a181dc Refactor CA/Key interface 
We create a simplified interface for use in tasks, vs the CLI which has
more diagnostic functionality
 2016-10-11 09:48:43 -04:00
Justin Santa Barbara 5f8d68ec85 Refactor shared packages into util directory 2016-09-25 18:27:09 -04:00
Justin Santa Barbara de0482a411 More consistency in publickey CLI 
Also docs skeleton
 2016-08-05 01:23:13 -04:00
Justin Santa Barbara 05c724f780 Support for deleting secrets 2016-08-05 00:58:11 -04:00
Justin Santa Barbara af841d50c0 Create more consistent secret CLI 2016-08-04 22:18:29 -04:00
Justin Santa Barbara 39a3d71def Revert "Import SSH public key into the keystore" 
This reverts commit bd3ab166b7.
 2016-07-29 13:06:37 -04:00
Justin Santa Barbara cf1529e9df Revert "Add `kops get secrets` command" 
This reverts commit 19e19a0f09.
 2016-07-29 13:06:26 -04:00
Justin Santa Barbara 19e19a0f09 Add `kops get secrets` command 
Matches our naming pattern, and now using our text grid output
 2016-07-29 01:12:03 -04:00
Justin Santa Barbara bd3ab166b7 Import SSH public key into the keystore 
This means it only needs to be specified during `kops create`.  We
remove the option from `kops update` for consistency.

This will shortly be manageable using the secrets functionality.

Fix #221
 2016-07-29 00:45:37 -04:00
Justin Santa Barbara 9a741043bc Fix build with golang 1.5 
Replace big.Int Text(10) with String()

Also create a makefile target to test building with golang 1.5:
check-builds-in-go15

Fixes #163
 2016-07-22 22:49:54 -04:00
Justin Santa Barbara 2fa3bcc952 UX: Split create command into `create` and `update` 
We separate out the `create cluster` operation from the `update cluster`
operation.  Now create cluster only creates the spec (unless you pass
--yes), and is only for new clusters.

`update cluster` works on new or existing clusters, and should be called
to apply changes.

`update` is not the best name, because it means something different in
kubectl, but I think it's a good start.
 2016-07-21 11:54:09 -04:00
Justin Santa Barbara d1b399a97d Fix reissue of CA key 2016-07-11 00:09:47 -04:00
Justin Santa Barbara 1d59f2aa80 Replace StateStore with a registry 
StateStore was highly orientated towards a VFS system; replace it with a
Registry abstraction that is more object based.

We also rationalize much of the CLI (cmd) command logic also.
 2016-07-11 00:07:59 -04:00
Justin Santa Barbara d427858477 Rename to kops 
The upup tool is now called kops, and we have moved repos
 2016-06-30 09:25:25 -04:00
Justin Santa Barbara 93f634b428 upup: use vfs for secretstore/keystore 
This is needed so that we can have encrypted storage and complex keys
(e.g. multiple CA certs).  Multiple CA certs are needed for an in-place
upgrade from kube-up v1.
 2016-06-23 08:58:54 -04:00
Justin Santa Barbara 0559ec1210 upup: Support for shared VPCs 
A lot of work that had to happen here:

* Better reuse of config
* Ability to mark VPC & InternetGateway as shared
* Find models relative to the executable, to run from a dir-per-cluster

Fixes #95
 2016-06-13 11:37:06 -04:00
Justin Santa Barbara 338f158d22 upup: Add VFS for storing state in S3 or locally 
This also fixes a few concurrency issues, because we're writing in one
place now.
 2016-06-09 23:08:10 -04:00