This is needeed for bootstrapping the control plane,
because it's a CRD so can't be registered until the control plane is running.
It's also quite nice because we might want to review the contents of the
host CRD, e.g. to verify the key out-of-band.
This supports workflows that modify the local kubeconfig for advanced configurations,
which were accidentally broken by trying to always generate the config.
Issue #17262
* docs(release): add note to 1.22 about the CA CN rename
- this broke some of my teams' automation code that relied on the CN,
so thought it would be good to call out in case anyone else stumbles
upon this in order to not spend a few hours debugging
- this change may particularly impact Prod environments, where the
cluster has not been rebuilt in some time (years), and so they will
have the old CN while new clusters in lower environments will have
the new CN
- so code that relies on the CN may unexpectedly break Production
while working fine in lower environments
- fortunately we caught this in our QA env, but it passed Dev fine
* Apply suggestion from @hakman
---------
Co-authored-by: Ciprian Hacman <ciprian@hakman.dev>
Squashed commit of the following:
Update documentation and CRDs
Update pkg/model/components/cilium.go
Remove gateway API managed addon
Update CRDs
Fix RBAC and update docs
Fix up files that shouldn't of been touched
Remove namespace from cluster RBAC resources
On a modern (k8s/kops 1.31.x) cluster, etcd CLI tools are located in:
```
# /opt/etcd-v3.5.13/etcdctl version
etcdctl version: 3.5.13
API version: 3.5
```
so I updated the docs example to point to the right place, so it can be used as-is.
add kindnet as an experimental network addon
containerd adds the requirement to use the loopback cni plugin,
kindnet provides that capability and containerd does not require it
since containerd/containerd/pull/10238
Change-Id: I1397a90186885b02e98b5ffa444fe629c1046757
This all-in-one command is a replacement for having to run multiple commands,
while still respecting the version skew policy.
It does the same thing as `kops update cluster --reconcile`:
* Updates the control plane nodes
* Does a rolling update of the control plane nodes
* Updates "normal" nodes and bastion nodes
* Does a rolling update of these nodes
* Prunes old resources that are no longer used
Kubernetes 1.31 now stops nodes joining a cluster if the minor version
of the node is greater than the minor version of the control plane.
The addition of the instance-group-roles flag to update means that we
can now update / rolling-update the control plane first. However, we
must now issue four commands:
* Update control plane
* Rolling update control plane
* Update nodes
* Rolling update nodes
This adds a flag to automate this process. It is implemented by
executing those 4 steps in sequence.
Update is also smart enough to not update the nodes if this would
violate the skew policy, but we do this explicitly in the reconcile
command to be clearer and safer.
Ciprian Hacman
Kubernetes Prow Robot
Rafael da Fonseca
justinsb
Dobes Vandermeer
Anton Gilgur
Peter Rifel
Tanel Mae
runitmisra
Jason Valdron
Runit Misra
Jesse Haka
Vitaliy
Antonio Ojea
Kai Forsthövel