kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,560 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

39 Commits

Author SHA1 Message Date
Peter Rifel 504087b1cb Setup a second NLB listener on 8443 when sslCertificate is set 2020-11-10 21:01:16 +02:00
Ciprian Hacman d0349fd6bb Open etcd port only when Calico uses "etcd" datastore 2020-10-09 09:33:38 +03:00
Peter Rifel 4d9f0128a3
Upgrade to klog2 
This splits up the kubernetes 1.19 PR to make it easier to keep up to date until we get it sorted out.
 2020-08-16 20:56:48 -05:00
Ole Markus With 991549a5f4 Remove support for Romana 2020-06-03 08:23:53 +02:00
Ole Markus With a7f631e7c9 Apply suggestions from code review 
Co-Authored-By: Peter Rifel <rifelpet@users.noreply.github.com>
 2020-04-16 08:42:59 +02:00
Ole Markus With 869ab75dea Use etcd-manager for the cilium etcd cluster 2020-04-16 08:42:59 +02:00
Maciej Kwiek 74e10dadec Change Cilium templates to standalone version 
This commit doesn't include any Cilium configuration, just takes the
quick install yaml from
https://github.com/cilium/cilium/blob/v1.6.0/install/kubernetes/quick-install.yaml

Signed-off-by: Maciej Kwiek <maciej@isovalent.com>
 2019-09-12 17:23:50 +02:00
mikesplain 9e55b8230a Update copyright notices 
Also cleans some white spaces
 2019-09-09 14:47:51 -04:00
Justin SB 3e33ac7682
Change code from glog to klog 
We don't call klog.InitFlags yet, because that will cause a flag
redefinition error until we get everyone to stop using glog.  That
will happen when we update to k8s 1.13.
 2019-05-06 12:54:51 -04:00
Rodrigo Menezes a7903adfe8 Fix for when node and master use the same SG. 2018-12-06 01:05:54 -08:00
Justin Santa Barbara 789b7c9f28 Remove duplicate security-group overrides 2018-10-02 12:46:55 -07:00
Justin Santa Barbara 81cadec4ca Simplify building of security groups 
Also add comments about why we don't set e.g. RemoveExtraRules
 2018-10-02 11:53:41 -07:00
Justin Santa Barbara 9a6653421c Support override security groups with bastion 2018-10-02 11:53:41 -07:00
Justin Santa Barbara 1e2a62992b Use JoinSuffixes for node->master traffic, also fix AmazonVPC rule 
This ensures we are consistently naming our rules
 2018-10-02 11:53:41 -07:00
Justin Santa Barbara 1906bcdf5d We need to create the cross-product of rules for SG overrides 
e.g. each master SGs need to be configured to talk to each master SG
 2018-10-02 11:53:41 -07:00
Justin Santa Barbara bfb54935ff Build security groups along with suffixes 
Fixes the case where we mix use of specified & default SGs.
 2018-10-02 11:53:41 -07:00
Rodrigo Menezes 87eec75f5b Fix blocker 2018-10-02 10:22:09 -07:00
Rodrigo Menezes a82f548ff8 Allow using existing/shared Security Groups 
Verbosely log when a user overwrites LB or IG security groups

Change SecurityGroup to SecurityGroupOverride

Allow using existing/shared Security Groups

Update tests
 2018-10-02 00:51:39 -07:00
k8s-ci-robot fc1bed4353
Merge pull request #4224 from nebril/cilium-support 
Add Cilium as CNI plugin
 2018-03-26 07:49:02 -07:00
Justin Santa Barbara 12873d3868 SecurityGroups: ensure owned security groups are tagged 2018-03-24 22:19:54 -04:00
Maciej Kwiek bca52dede9 Add Cilium as CNI plugin 
Signed-off-by: Maciej Kwiek <maciej@covalent.io>
 2018-03-20 13:07:26 +01:00
Manuel de Brito Fontes 2e05dd17aa Add support for Amazon VPC CNI plugin 2017-12-17 18:08:24 -03:00
Justin Santa Barbara 581e954062 Block etcd peer port from nodes 
Ports 2380 & 2381 should not be exposed to nodes.

Fix #3746
 2017-11-25 16:36:46 -05:00
Adam Sunderland fd8fe5ea18 Add node-to-master IPIP to kuberouter 2017-10-30 09:51:21 -05:00
Caleb Gilmour 79d331e590 Add support for Romana as a networking option 2017-09-13 22:48:18 +00:00
Justin Santa Barbara 15d6834113 Flannel: support choosing a backend type 
We support udp, which has to the default for backwards-compatibility,
but also new clusters will now use vxlan.
 2017-08-30 21:16:21 -04:00
Rohith 74f59612c7 Fixes 
- added the master option back the protokube, updating the nodeup model and protokube code
- removed any comments no related to the PR as suggested
- reverted the ordering of the mutex in the AWSVolumes in protokube
 2017-08-06 18:52:38 +01:00
Rohith a73d255b03 Etcd TLS Options 
The current implementation does not put any transport security on the etcd cluster. The PR provides and optional flag to enable TLS the etcd cluster

- cleaned up and fixed any formatting issues on the journey
- added two new certificates (server/client) for etcd peers and a client certificate for kubeapi and others perhaps (perhaps calico?)
- disabled the protokube service for nodes completely is not required; note this was first raised in https://github.com/kubernetes/kops/pull/3091, but figured it would be easier to place in here given the relation
- updated protokube codebase to reflect the changes, removing the master option as its no longer required
- added additional integretion tests for the protokube manifests;
- note, still need to add documentation, but opening the PR to get feedback
- one outstanding issue is the migration from http -> https for preexisting clusters, i'm gonna hit the coreos board to ask for the best options
 2017-08-06 17:06:46 +01:00
Justin Santa Barbara 3dfe48e5ae Wiring up lifecycle 2017-07-15 22:03:54 -04:00
Justin Santa Barbara 645f330dad Re-enable GCE support 
We move everything to the models.  We feature-flag it, because we
probably want to change the names etc, and we aren't going to be able to
offer smooth upgrades until that is done.
 2017-02-28 20:08:03 -05:00
Johannes Würbach 01bcf416e2
Allow node -> master on tcp 10255 
This port serves the read-only kubelet api and is required by heapster
 2017-02-23 00:06:46 +01:00
Justin Santa Barbara 80a732527d Just block specific traffic from node -> master 
We _should_ block per port... but:
 * It causes e2e tests to break
 * Users expect to be able to reach pods
 * If we are running an overlay, we allow all ports anyway
 2017-02-22 13:21:49 -05:00
Matthew Mihok bc235765d1 Adding basic flannel support 2017-02-11 16:26:18 -05:00
Justin Santa Barbara 7140117780 Separate protocol rule naming from AWS rules 2017-01-09 11:35:18 -05:00
Justin Santa Barbara 71c52db994 Open etcd for calico 2017-01-09 10:52:33 -05:00
Justin Santa Barbara a52f1e7342 Security rules for calico & weave 2017-01-09 10:52:33 -05:00
Justin Santa Barbara ec1e99f1d2 Lock down master security group rules 2017-01-09 10:52:33 -05:00
Justin Santa Barbara 50296f1a30 Fix file headers 2016-12-19 00:23:20 -05:00
Justin Santa Barbara fed68310fa Schema v1alpha2 
* Zones are now subnets
* Utility subnet is no longer part of Zone
* Bastion InstanceGroup type added instead
* Etcd clusters defined in terms of InstanceGroups, not zones
* AdminAccess split into SSHAccess & APIAccess
* Dropped unused Multizone flag
 2016-12-18 21:56:57 -05:00