kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
20,884 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

138 Commits

Author SHA1 Message Date
zadjadr 30aa24f6de
Update to Cilium 1.14.3 2023-10-24 16:59:21 +02:00
zadjadr fdb601cefa
cilium: Set correct affinity & update strategy 2023-10-24 16:55:38 +02:00
zadjadr b0e12aa60d
Revert addition of readiness probe from cilium-operator 2023-10-24 16:55:38 +02:00
zadjadr 2d95ec3d00
Remove depricated cni option 2023-10-24 16:55:37 +02:00
zadjadr 98dbfdc11e
Add labels 2023-10-24 16:55:37 +02:00
zadjadr 981f23964a
Use hubble-relay peer service instead of socket mount 2023-10-24 16:55:37 +02:00
zadjadr ef8a1f3d7e
Use privileged approach 
As done before updating to 1.14

This allows us to have a simpler update. We can add unprivileged mode later on (it was not working all the time for me)
 2023-10-24 16:55:37 +02:00
zadjadr 4dfaba5242
Bump Cilium to v1.14.2 2023-10-24 16:55:37 +02:00
zadjadr bc76c3f8ad Implement node encryption 2023-09-11 13:15:15 +02:00
Zadjad Rezai 592e84d042 Populate ingress spec values only when needed 
Co-authored-by: Ciprian Hacman <ciprian@hakman.dev>

fmt
 2023-09-10 09:05:51 +02:00
zadjadr 61d036933e hardcode ingress secrets namespace & lb mode 2023-09-10 08:57:04 +02:00
zadjadr 4807f2c0c6 Implement Cilium Ingress 2023-09-10 08:57:03 +02:00
John Gardiner Myers b3908e592c Remove support for Kubernetes 1.23 2023-09-03 16:22:18 -07:00
Jack Andersen af6269f82a
Add a new field for using a custom registry for Cilium 
Signed-off-by: Jack Andersen <jandersen@plaid.com>
 2023-08-17 10:54:00 -04:00
zadjadr 43469e40e0 Fix hubble certificate dnsname 2023-08-09 15:34:01 +02:00
zadjadr d2358df1d7 feature: Add cluster-id for Cilium 
hack/update-expected.sh
 2023-08-06 18:08:39 +02:00
Ole Markus With a0d67fc475 Bump cilium to 1.13.5 
Bump to Cilium 1.14.0

hack/update-expected.sh
 2023-08-03 21:03:56 +02:00
Jan Safranek 0d03095fda Add SELinux support to containerd 
Add cluster.Spec.Containerd.SELinuxEnabled field that enables SELinux in
containerd.

With SELinux enabled, all pods that use HostPath volumes must run with
SELinux label `spc_t`, otherwise SELinux denies the pods to touch the host
filesystem.
 2023-06-19 15:20:08 +02:00
Kubernetes Prow Robot 1b00592526
Merge pull request #15336 from anthonyhaussman/fix/kops/cilium_1.12.8_init_fix 
fix(cilium): install CNI plugin binary in an InitContainer
 2023-05-22 22:58:27 -07:00
Kubernetes Prow Robot 9d61e527e8
Merge pull request #15360 from s3than/master 
If the Cluster Name is not default the hubble relay shows TLS errors
 2023-05-10 15:47:13 -07:00
Moshe Vayner 99ff00df61 Support Cilium operator pod annotations 2023-05-09 21:50:36 -04:00
Tim Colbert 033585cb2c
If the Cluster Name is not default the hubble relay shows TLS errors on request from the hubble UI 
Updated Files
 * Update: upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.16-v1.12.yaml.template
 2023-05-03 03:03:36 +00:00
Anthony Hausman 2283d620e8
fix(cilium): install CNI plugin binary in an InitContainer 
Starting cilium version `1.12.8` and to reduces the potential security surface of the agent, Cilium removes the bind-mount of `/opt/cni/bin` into the template.
Instead, write the binaries once in an initContainer.

Ref:
 - https://github.com/cilium/cilium/pull/24075
 2023-04-24 14:21:17 +02:00
Anthony Hausman 484bde5b9b
cilium: Add unreachable route for pod IP on deletion option 
When a pod is deleted, the route to its IP is replaced with an unreachable route.
When a pod is created, the route is replaced with a route to the pod veth (so if an unreachable existed, it's replaced).

Ref:
 - https://github.com/cilium/cilium/pull/18505
 2023-01-24 14:08:24 +01:00
Ole Markus With a5684f969f Bump cilium to 1.12.4 2022-12-07 18:33:03 +01:00
Ole Markus With ea1d919d0c Fix disabling masquerade for cilium 1.11+ 2022-11-30 14:27:04 +01:00
Kubernetes Prow Robot d405d4c5a2
Merge pull request #14507 from johngmyers/internalname 
Stop making MasterInternalName configurable
 2022-11-18 13:38:29 -08:00
Ole Markus With 58195904ee Bump cilium to 1.11.11 2022-11-18 08:44:55 +01:00
John Gardiner Myers 8473e8b2e7 Stop making MasterInternalName configurable 2022-11-16 22:06:02 -08:00
Nicolas Sterchele 5b58586537
cilium: fix agent pod annotation templating 2022-08-10 14:14:19 +02:00
Reilly Brogan f3a421d600 Update Cilium to 1.11.6 2022-06-29 13:18:21 -05:00
Ole Markus With 9c8cc8fe1e Merge the cilium templates 2022-06-16 09:10:22 +02:00
Ole Markus With 885bc3094b Create cilium manifest for k8s 1.25 2022-06-08 10:30:34 +02:00
Ole Markus With 4029d2bf33 Remove support for older cilium versions 2022-06-07 20:39:25 +02:00
Ole Markus With 77ebba84b8 Add support for configuring which metrics cilium will export 2022-05-26 09:33:19 +02:00
Ole Markus With 2d50b9ff2c Bump Cilium to 1.11.5 
Since this introduced some backwards breaking RBAC changes, the manifest got forked
 2022-05-18 21:44:19 +02:00
Jesse Haka c050c49ac8 set nodeselector null 2022-05-15 23:30:00 +03:00
Ole Markus With b1387368a6 Fix affinity and taints for cilium 2022-04-18 13:55:51 +02:00
Ole Markus With 1fadc39a59 Add PDB for cilium operator 2022-04-09 07:06:59 +02:00
Ole Markus With 468280d3f2 Improve HA for various addons 2021-12-24 08:53:27 +01:00
Ole Markus With 89f0c85e90 Use spread constraints rather than affinity to spread pods (templates) 2021-12-20 09:33:20 +01:00
Ole Markus With 7cbad719da Hubble relay should not tolerate anything 2021-12-14 11:56:05 +01:00
Ole Markus With 57fd343e1d Make service topology for cilium configurable 2021-12-12 07:54:21 +01:00
John Gardiner Myers 5a60d34e14 Change sense of Cilium IPTablesRulesNoinstall in v1alpha3 2021-11-25 18:45:13 -08:00
John Gardiner Myers 837176340d Change sense of Cilium DisableMasquerade in v1alpha3 2021-11-25 18:45:13 -08:00
John Gardiner Myers b9ac79ec6e Rename fields in v1alpha3 networking API to fit acronym convention 2021-11-22 08:07:55 -08:00
zhengtianbao 55c3120ff6 Fix render template cilium AgentPrometheusPort into a UNICODE char 2021-11-12 14:45:45 +08:00
John Gardiner Myers 7cb4fbe91e Never masquerade IPv6 with Cilium 2021-10-27 23:40:02 -07:00
John Gardiner Myers fdc128fda4 Remove vestigial Cilium ContainerRuntimeLabels code 2021-10-26 16:10:21 -07:00
Ole Markus With 11e68308d1 Disable CNP status updates by default 2021-10-20 14:01:48 +02:00