kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
22,377 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

1375 Commits

Author SHA1 Message Date
Evan Lezar b76a215e5e Update NVIDIA Container Toolkit URL 
The NVIDIA Container Toolkit packaging has been simplified to produce
a single deb (or rpm) package. This means that the URL is no longer
distribution dependent and the stable/deb repository path is used
instead.

Signed-off-by: Evan Lezar <evanlezar@gmail.com>
 2024-02-26 09:30:44 +02:00
AkiraFukushima bd9cf4a3dc
Fix nits error messages 2024-02-26 00:05:31 +09:00
AkiraFukushima 2beee63f3e
Install crictl on node 2024-02-25 12:40:12 +09:00
AkiraFukushima d6e74ef9a1
Install nerdctl on nodes 2024-02-23 23:02:05 +09:00
Davanum Srinivas 29408196ca
Add support for AL2023 AMI to use Amazon VPC CNI 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2024-02-12 23:13:33 -05:00
Davanum Srinivas e1d696ab00
Set LimitNOFILE to 1048576 instead of `infinity` 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2024-02-08 09:50:19 -05:00
Moshe Vayner 1342fd1afa fix(nodeup): set `MACAddressPolicy` to `none` when using AWS CNI and Ubuntu 22.04 2024-02-02 23:03:30 -05:00
Jesse Haka f445dfc456
Revert "Don't set LimitNoFile for containerd systemd unit file" 2024-01-30 17:35:47 +02:00
Dmytro Kozlovskyi d9075f1d18 aws: fix maxPods when cilium ipam is used 
Co-authored-by: Ciprian Hacman <ciprian@hakman.dev>
 2024-01-17 16:12:09 +02:00
Ciprian Hacman 3c7e05f335 aws: Set provider ID when starting kubelet 2024-01-05 10:18:48 +02:00
Ciprian Hacman 91b261c86d aws: Use IMDS to retrieve certificate names 2024-01-04 18:02:01 +02:00
Ciprian Hacman f0376b7b2f aws: Retrieve instance info only when max pods is not set 2024-01-04 12:37:31 +02:00
Ciprian Hacman 62f9d4df6d Update k8s.io/* to v0.29.0 2024-01-02 08:46:39 +02:00
Ciprian Hacman 0be02417df gce: Remove custom resolver 2023-12-23 08:17:47 +02:00
upodroid 275c948cb6 stop specifying LimitNoFILE 2023-12-03 21:57:46 +00:00
justinsb 010a0d5e4c feat: Support PKI bootstrap 
Similar to the TPM bootstrapping on GCE (indeed, a lot of the code is
modified from there), but we verify the PKI signature against a public
key in a Host CRD object.
 2023-11-30 18:35:58 -05:00
Ciprian Hacman 3597bddeaf Fix vet error 2023-11-04 05:57:08 +02:00
Ciprian Hacman 7a1af66152 Add option to provide additional config entries for containerd 2023-10-27 08:56:34 +03:00
Kubernetes Prow Robot f7bd516b79
Merge pull request #15994 from fmuyassarov/add-nri-support 
containerd: introduce a new field to enable NRI
 2023-10-21 04:52:02 +02:00
Feruzjon Muyassarov 0aeab5e523 containerd: introduce a new field containerd.nri to enable NRI 
Node Resource Interface (NRI) is a common framework for plugging
domain or vendor-specific custom logic into container runtime like
containerd. This commit introduces a new congiguration field
`containerd.nri`, providing cluster admins the flexibility to opt
in for this feature in containerd and tune some of its parameters.
By default, NRI is disabled here in accordance with the containerd's
default config file.

Signed-off-by: Feruzjon Muyassarov <feruzjon.muyassarov@intel.com>
 2023-10-21 00:26:54 +03:00
upodroid 2b056b9b17 add support for auth-provider-gcp cred provider 2023-10-10 10:29:16 +01:00
upodroid 587233bddc fix cos mounter url 2023-09-14 21:31:36 +01:00
Ciprian Hacman 6e6a2a4e7b Address review comments 2023-09-05 12:34:20 +03:00
Ciprian Hacman c43b48a8d8 Remove Docker config option 2023-09-05 07:22:33 +03:00
John Gardiner Myers 1ea0fd3004 AWS always uses resource-based names 2023-09-04 16:08:48 -07:00
John Gardiner Myers b3908e592c Remove support for Kubernetes 1.23 2023-09-03 16:22:18 -07:00
Peter Rifel e8ede32ae7
Stop installing misc utils on RHEL distros 2023-08-17 21:24:49 -05:00
John Gardiner Myers ed9883651c Remove references to Openstack ClusterSpec fields from nodeup 2023-07-29 04:42:07 -07:00
John Gardiner Myers 63aa25aa8c Remove references to Azure ClusterSpec fields from nodeup 2023-07-29 04:42:01 -07:00
John Gardiner Myers e317648d57 Remove references to control-plane-specific ClusterSpec fields from nodeup 2023-07-28 08:20:43 -07:00
John Gardiner Myers 683761a816 Remove references to Gossip-specific ClusterSpec fields from nodeup 2023-07-28 08:20:43 -07:00
John Gardiner Myers 9b64707159 Ignore no-longer-used topology fields in ClusterSpec 2023-07-19 08:48:38 -07:00
John Gardiner Myers 2420991954 Determine default API access method by IG subnet type 2023-07-18 22:21:05 -07:00
John Gardiner Myers 1358851c7d Get VFSContext from caller in NewAssetBuilder() 2023-07-18 08:49:06 -07:00
John Gardiner Myers 245cd64a3a Get VFSContext from caller in LoadChannel() 2023-07-17 21:45:43 -07:00
John Gardiner Myers bbff6298e7 Remove support for bootstrap tokens 2023-07-16 12:12:00 -07:00
Kubernetes Prow Robot bb4dbdce90
Merge pull request #15646 from johngmyers/prune-dead 
Remove dead code for non-kops-controller bootstrap
 2023-07-16 11:37:06 -07:00
Kubernetes Prow Robot 61fb95d8c4
Merge pull request #15645 from johngmyers/nodeup-clusterdomain 
Remove references to more ClusterSpec fields from nodeup
 2023-07-16 08:35:08 -07:00
John Gardiner Myers 977aacc356 Remove dead code for non-kops-controller bootstrap 2023-07-16 07:40:25 -07:00
Kubernetes Prow Robot 2a0cc8a7dc
Merge pull request #15627 from hakman/azure_dns_none 
azure: Add support for dns=none
 2023-07-16 04:27:05 -07:00
John Gardiner Myers 9368470fc4 Remove references to ClusterSpec.EtcdClusters from nodeup 2023-07-15 21:34:31 -07:00
John Gardiner Myers 75db4d76a9 Remove references to api-server-specific ClusterSpec fields from nodeup 2023-07-15 21:27:02 -07:00
John Gardiner Myers 62f7faa4da Remove references to ClusterSpec.API from nodeup 2023-07-15 14:55:38 -07:00
Kubernetes Prow Robot ef284b11e5
Merge pull request #14960 from johngmyers/vfscontext 
Add VFSContext to various clientsets
 2023-07-15 14:55:05 -07:00
Ciprian Hacman 80afaaead2 Add support for using swap memory 2023-07-14 07:50:48 +03:00
Ciprian Hacman 83d14d4343 azure: Add support for dns=none 2023-07-13 09:04:06 +03:00
John Gardiner Myers a56e8eb049 Refactor UsesExternalECRCredentialsProvider() 2023-07-11 09:46:01 -07:00
John Gardiner Myers aef6fbdd29 Refactor UseKopsControllerForNodeBootstrap() 2023-07-11 09:45:45 -07:00
Kubernetes Prow Robot 65fe676967
Merge pull request #15613 from johngmyers/nodeup-sysctls 
Remove references to ClusterSpec from nodeup sysctls.go
 2023-07-10 01:23:05 -07:00
John Gardiner Myers f5fc710d6c Remove references to ClusterSpec from nodeup sysctls.go 2023-07-09 21:11:54 -07:00
John Gardiner Myers d926989600 v1alpha3: Rename GCE networking to GCP 2023-07-09 16:48:26 -07:00
John Gardiner Myers 11304807f2 Hold reference to VFSContext from simple.Clientset 2023-07-06 19:41:45 -07:00
justinsb 62e2b9690b ipv6: containerd routes support for IPv6 
If using IPv6 and a kubenet-style CNI (which is more common with
IPv6), we need to support an IPv6 route on the pod, or else Pods will
be unable to reach other Pods.

Co-authored-by: Ciprian Hacman <ciprian@hakman.dev>
 2023-07-05 22:53:16 -04:00
Ciprian Hacman 3a4e0717a7 hack/update-expected.sh 2023-06-20 08:11:21 +03:00
Ciprian Hacman 26198a22b2 Update tests for kOps v1.28 2023-06-20 08:11:21 +03:00
Ciprian Hacman 59b7653cc3 Update min versions for kOps v1.28 2023-06-20 08:11:21 +03:00
Kubernetes Prow Robot b4c5a75829
Merge pull request #15487 from jsafrane/add-selinux 
Add optional SELinux support to RHEL clusters
 2023-06-19 08:54:22 -07:00
Jan Safranek 0d03095fda Add SELinux support to containerd 
Add cluster.Spec.Containerd.SELinuxEnabled field that enables SELinux in
containerd.

With SELinux enabled, all pods that use HostPath volumes must run with
SELinux label `spc_t`, otherwise SELinux denies the pods to touch the host
filesystem.
 2023-06-19 15:20:08 +02:00
Kubernetes Prow Robot cddf5ba763
Merge pull request #15037 from johngmyers/nonmasq 
Don't set up masquerade if NonMasqueradeCIDR is /0
 2023-06-17 00:44:19 -07:00
Ciprian Hacman 2aff39dce5 hack/update-expected.sh 2023-06-16 21:17:16 +03:00
Leïla MARABESE dab001c3e9 scaleway authenticator and verifier 2023-06-14 15:15:17 +02:00
Alasdair Tran dde5dcca2f Fix Amazon ECR endpoint in China 2023-06-10 05:49:49 +00:00
Jan Safranek 51fbeb650b Remove python2 from RHEL9 
It's not available there.
 2023-06-08 15:00:20 +02:00
Jan Safranek 22ef857494 Remove libcgroup from RHEL9 
The package is not available there.
 2023-06-08 14:56:26 +02:00
justinsb ca67b1ca1e Refactor: rename IsGossip -> UsesLegacyGossip 
We want to be able to use "dns=none" (without peer-to-peer gossip)
even for clusters that have the k8s.local extension.  These were
previously called "gossip clusters", but really that is an
implementation; what actually matters to users is that they don't rely
on writing records into a DNS zone (such as Route53).
 2023-05-22 21:50:16 -04:00
Ciprian Hacman cd59ed1a56 Update CNI plugins to v1.2.0 for K8s 1.27+ 2023-05-20 22:01:35 +03:00
Kubernetes Prow Robot b90c78ef61
Merge pull request #15399 from zetaab/mountifneeded 
do not mount same dir twice
 2023-05-16 05:27:36 -07:00
Kubernetes Prow Robot 4885e78bfd
Merge pull request #15406 from justinsb/options_pattern_for_hostpathmapping 
nodeup: Use functional options pattern for HostPathMapping
 2023-05-12 08:37:02 -07:00
Kulwant Singh d6776bb780 use dl.k8s.io not gs://kubernetes-release 2023-05-11 09:01:31 -07:00
justinsb 6bdbbc4fd4 nodeup: Use functional options pattern for HostPathMapping 
This means that the object is not mutated after construction, making
it easier to do validity checks (such as whether we have mounted the
same path twice).
 2023-05-11 10:16:30 -04:00
Jesse Haka d67942fba0 do not mount same dir twice 2023-05-11 11:15:08 +03:00
Ciprian Hacman 81b4fbf8ac Add kubescheduler.config.k8s.io/v1 for K8s 1.25+ 2023-05-09 12:26:57 +03:00
Kubernetes Prow Robot e3a639cd73
Merge pull request #15373 from hakman/depup 
Update dependencies to K8s v1.27
 2023-05-08 02:27:17 -07:00
Ciprian Hacman 73fe92945c hack/update-expected.sh 2023-05-08 07:35:36 +03:00
justinsb 1faee9dd8c digitalocean: bootstrap nodes through kops-controller. 
We start with a simple node verifier.
 2023-05-07 13:17:56 -04:00
justinsb c89f434f1b Only use node challenge on hetzner 
DigitalOcean (and others) will follow shortly.

Also create a method for CloudProvider, so that we are more ambivalent
towards bootstrapping methods.
 2023-05-06 08:57:21 -04:00
Justin SB c67f895226 Perform challenge callbacks into a node 
In order to verify that the caller is running on the specified node,
we source the expected IP address from the cloud, and require that the
node set up a simple challenge/response server to answer requests.

Because the challenge server runs on a port outside of the nodePort
range, this also makes it harder for pods to impersonate their host
nodes - though we do combine this with TPM and similar functionality
where it is available.
 2023-05-06 08:03:21 -04:00
Ole Markus With 5d82e52c48 Use external ECR credential provider as of Kubernetes 1.27 2023-04-29 10:21:57 +02:00
Šimon Mišenčík 4f7f5dff4e
Increase max_map_count in sysctls.go 2023-04-13 09:14:17 +02:00
Justin SB d48d86f4a9 gce ipv6: nodeup should only run the AWS prefix assigner on AWS 
The Prefix task is specific to AWS, and is not needed on GCE.
 2023-03-31 09:36:50 -04:00
Peter Rifel 106e2f75cf
Dont try to install curl and python2 on AL2023 
```
W0317 01:46:07.374788   27111 executor.go:139] error running task "Package/python2" (6m1s remaining to succeed): error installing package "python2": exit status 1: Last metadata expiration check: 0:14:55 ago on Fri Mar 17 01:31:12 2023.
No match for argument: python2
Error: Unable to find a match: python2
W0317 01:46:07.374820   27111 executor.go:139] error running task "Package/curl" (6m1s remaining to succeed): error installing package "curl": exit status 1: Last metadata expiration check: 0:14:55 ago on Fri Mar 17 01:31:12 2023.
Error:
 Problem: problem with installed package curl-minimal-7.88.1-1.amzn2023.0.1.x86_64
  - package curl-minimal-7.88.1-1.amzn2023.0.1.x86_64 conflicts with curl provided by curl-7.87.0-2.amzn2023.0.2.x86_64
  - package curl-minimal-7.87.0-2.amzn2023.0.2.x86_64 conflicts with curl provided by curl-7.87.0-2.amzn2023.0.2.x86_64
  - package curl-minimal-7.88.0-1.amzn2023.0.1.x86_64 conflicts with curl provided by curl-7.87.0-2.amzn2023.0.2.x86_64
  - conflicting requests
  - package curl-minimal-7.88.1-1.amzn2023.0.1.x86_64 conflicts with curl provided by curl-7.88.0-1.amzn2023.0.1.x86_64
  - package curl-minimal-7.87.0-2.amzn2023.0.2.x86_64 conflicts with curl provided by curl-7.88.0-1.amzn2023.0.1.x86_64
  - package curl-minimal-7.88.0-1.amzn2023.0.1.x86_64 conflicts with curl provided by curl-7.88.0-1.amzn2023.0.1.x86_64
  - package curl-minimal-7.88.1-1.amzn2023.0.1.x86_64 conflicts with curl provided by curl-7.88.1-1.amzn2023.0.1.x86_64
  - package curl-minimal-7.87.0-2.amzn2023.0.2.x86_64 conflicts with curl provided by curl-7.88.1-1.amzn2023.0.1.x86_64
  - package curl-minimal-7.88.0-1.amzn2023.0.1.x86_64 conflicts with curl provided by curl-7.88.1-1.amzn2023.0.1.x86_64
(try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages)
```
 2023-03-16 20:53:29 -05:00
Kubernetes Prow Robot b5dc9f6371
Merge pull request #15122 from Mia-Cross/scw_profiles 
scaleway: get credentials from Scaleway profile
 2023-02-24 07:43:34 -08:00
Kubernetes Prow Robot 553270a06a
Merge pull request #15134 from hakman/registry.k8s.io 
Update remaining references from k8s.gcr.io to registry.k8s.io
 2023-02-12 05:33:30 -08:00
Ciprian Hacman 56900bcbad hack/update-expected.sh 2023-02-12 13:48:44 +02:00
Ciprian Hacman e6e4324b85 Remove compatibility with k8s.gcr.io 2023-02-12 13:46:48 +02:00
Ciprian Hacman 0321150ae1
Revert "disable kops-configuration.service after successful execution" 2023-02-12 12:29:06 +02:00
justinsb 29d3a6f2f9 Refactor authenticator building 
Prefer explicit error checking to the "fallthrough" pattern.
 2023-02-11 11:04:32 -05:00
Justin SB 0b699832ec Use cloud-discovery on GCE in gossip mode 
It's a little simpler and should speed up our boot.
 2023-02-11 11:03:12 -05:00
Leïla MARABESE 9f950f4a3a scaleway profiles feature 2023-02-10 17:02:45 +01:00
Ciprian Hacman 48404f87fd hack/update-expected.sh 2023-02-06 08:12:15 +02:00
Ciprian Hacman 96115de2eb Switch contained config file path to `/etc/containerd/config.toml` 2023-02-06 08:12:15 +02:00
Evan Lezar 02adbc7335 Install nvidia-container-toolkit as top-level package 
As of the NVIDIA Container Toolkit v1.6.0 release the nvidia-container-toolkit
is the top-level package for installing the NVIDIA container stack with the
nvidia-container-runtime provided as a meta-package to support "legacy"
workflows such as this.

This change installs the nvidia-container-toolkit package directly instead.

Note that the nvidia-container-runtime binary is included in this package.

See https://github.com/NVIDIA/nvidia-container-toolkit/releases/tag/v1.6.0

Signed-off-by: Evan Lezar <evanlezar@gmail.com>
 2023-02-02 14:47:18 +01:00
Evan Lezar cf066cfa0f Use gpgkey from libnvidia-container repository 
The same gpgkey is served from both the nvidia-container-runtime and
libnvidia-container repos.

Signed-off-by: Evan Lezar <evanlezar@gmail.com>
 2023-02-02 14:47:10 +01:00
Evan Lezar 1f0b2eb0bf Use ubuntu18.04 repos for nvidia-container-toolkit 
The ubuntu20.04 and ubunut22.04 repositories are "mirrors" of the
ubuntu18.04 repository. This change ensures that the ubuntu18.04 repository
is used regardless of the Ubuntu distribution.

Signed-off-by: Evan Lezar <evanlezar@gmail.com>
 2023-02-02 14:46:52 +01:00
Jesse Haka 8f061dbc8e disable kops-configuration.service after successful execution 2023-01-31 11:37:36 +02:00
Ciprian Hacman 5e7b5ddd9a TMP 2023-01-25 16:08:54 +02:00
Ciprian Hacman 6f5eeb2e39 Always disable the reboot manager for Flatcar 2023-01-25 08:49:39 +02:00
Kubernetes Prow Robot b2bdd43dc4
Merge pull request #15024 from zetaab/fixauth 
make openstack kops-controller boostrap auth better
 2023-01-22 23:20:10 -08:00
John Gardiner Myers c7d0fd7dad Don't set up masquerade if NonMasqueradeCIDR is /0 2023-01-21 22:58:08 -08:00
Justin SB 89125664ef nodeup: don't set up masquerade if nonMasqueradeCIDR not set 
If the non-masquerade CIDR is not set, take that as an indication that
we don't want masquerade, rather than failing nodeup.

Not setting a non-masquerade CIDR means that we likely won't preserve
pod IPs for pod-to-pod traffic, but likely just means that more
NATting is done than might be needed.

Omitting the value can also be useful if we're using something like
the ip-masq-agent to manage masquerade rules for us.
 2023-01-21 23:13:31 -05:00