kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,714 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

572 Commits

Author SHA1 Message Date
Peter Rifel a15957da2f
IRSA - continue adding route53 permisions to masters 
These are needed by protokube to create the kops-controller DNS record to allow nodes to bootstrap.

See these logs: https://storage.googleapis.com/kubernetes-jenkins/logs/e2e-kops-grid-scenario-public-jwks/1345956556562239488/artifacts/ip-172-20-48-1.sa-east-1.compute.internal/protokube.log

```
I0104 05:03:51.264472    6482 dnscache.go:74] querying all DNS zones (no cached results)
I0104 05:03:51.264570    6482 route53.go:53] AWS request: route53 ListHostedZones
W0104 05:03:51.389485    6482 dnscontroller.go:124] Unexpected error in DNS controller, will retry: error querying for zones: error querying for DNS zones: AccessDenied: User: arn:aws:sts::768319786644:assumed-role/masters.e2e-kops-scenario-public-jwks.test-cncf-aws.k8s.io/i-05b1db10d1a5b8637 is not authorized to perform: route53:ListHostedZones
```

and the nodeup logs on nodes that couldn't join the cluster:

```
Jan 04 04:55:53.500187 ip-172-20-38-84 nodeup[2070]: W0104 04:55:53.500117    2070 executor.go:131] error running task "BootstrapClient/BootstrapClient" (9m52s remaining to succeed): Post "https://kops-controller.internal.e2e-kops-scenario-public-jwks.test-cncf-aws.k8s.io:3988/bootstrap": dial tcp: lookup kops-controller.internal.e2e-kops-scenario-public-jwks.test-cncf-aws.k8s.io on 127.0.0.53:53: no such host
```
 2021-01-04 21:03:53 -06:00
Kubernetes Prow Robot 22c5975591
Merge pull request #10519 from seh/restrict-api-server-security-groups-to-masters 
Only include API server additional security groups in InstanceGroups for masters
 2021-01-04 14:15:58 -08:00
Kubernetes Prow Robot 137c8368d3
Merge pull request #10524 from justinsb/kubetest2_gce 
kubetest2: add initial support for GCE
 2021-01-04 10:51:56 -08:00
Justin Santa Barbara 28261a5dcc kubetest2: Pass through some AWS env vars 
To run directly, I need to specify AWS_PROFILE.
 2021-01-04 11:34:31 -05:00
Justin Santa Barbara 28184756c3 kubetest2: add initial support for GCE 
Filling in some of the GCE-equivalents to the AWS code.
 2021-01-04 11:32:12 -05:00
Steven E. Harris 76feb2e637 Correct integration test to reflect SG restriction 2021-01-04 08:38:25 -05:00
Peter Rifel cf74053426
Dump cluster and IG manifests into artifacts 2021-01-03 21:49:32 -06:00
Peter Rifel d8abaa77fd
cleanup some input validation error messages 2021-01-03 19:50:53 -06:00
Peter Rifel 0ac86d13e3
Support a --kubernetes-version flag that is passed to `kops create cluster` 2021-01-03 19:50:53 -06:00
Kubernetes Prow Robot 66fe512b69
Merge pull request #10504 from rifelpet/kubetest2-test 
Run k/k's e2e suite via new kubetest2 make target
 2020-12-31 09:17:51 -08:00
Kubernetes Prow Robot 22a9a13abf
Merge pull request #10488 from rifelpet/iam-role-tag 
AWS IAM Role Tagging
 2020-12-29 22:33:48 -08:00
Ciprian Hacman 01019f09ed Update integration tests 2020-12-28 21:11:34 +02:00
Ciprian Hacman 66039f150e Add containerd option for registry mirrors 2020-12-28 19:32:06 +02:00
Peter Rifel 95b7210e27
Dump cluster logs to artifacts directory 2020-12-28 11:29:39 -06:00
Peter Rifel 38215210c6
Run k/k's e2e suite via new kubetest2 make target 2020-12-27 13:25:27 -06:00
Ciprian Hacman c02e5a20ea Remove support for Kubenet with containerd 2020-12-27 18:21:16 +02:00
Peter Rifel 5406744c55
Update integration test output 2020-12-23 15:13:45 -06:00
Ciprian Hacman ff6a782303 Add config options for container runtime package URL and Hash 2020-12-23 13:29:22 +02:00
Ciprian Hacman eff2af2fe2 Update CNI plugins to v0.8.7 2020-12-21 11:07:57 +02:00
Ciprian Hacman 472faf82d2 Drop support for containerd 1.2 2020-12-21 10:08:24 +02:00
Ole Markus With d89a7a55ce Add template function for upgrade version 2020-12-15 09:00:28 +01:00
Ole Markus With 2b0e84b432 Move mock channel to own package 2020-12-15 08:48:13 +01:00
Bharath Vedartham cebe171805 Explicitly specify http_endpoint in launch_template terraform 
http_endpoint has to be explicitly specified in the metadata_options block
of the launch template terraform according to issue
https://github.com/hashicorp/terraform-provider-aws/issues/12564
 2020-12-10 01:37:15 +05:30
Kubernetes Prow Robot bee16c052d
Merge pull request #10324 from bharath-123/feature/aws-imdv2 
Add support for AWS IMDS v2
 2020-12-07 22:55:11 -08:00
Ciprian Hacman 174f405e39 Update expected outputs of integration tests 2020-12-08 07:08:32 +02:00
Ciprian Hacman 265bf4d106 Add option for setting the volume encryption key in AWS 2020-12-08 07:08:09 +02:00
Bharath Vedartham ee5d8a3435 update integration tests 2020-12-07 02:57:32 +05:30
Ciprian Hacman e11d934268 Add option to reuse existing Elastic IPs for NAT gateways 2020-12-06 09:37:17 +02:00
Kubernetes Prow Robot 0f9c0c03ef
Merge pull request #10365 from hakman/test-ha-shared-zone 
Add integration test for creating an HA cluster in shared zone
 2020-12-04 14:15:26 -08:00
Kubernetes Prow Robot ec691116a9
Merge pull request #10357 from rdrgmnzs/gzip-nodeup-heredocs 
Give users the option to gzip and base64 encode the heredocs in the nodeup.sh user-data
 2020-12-04 13:37:38 -08:00
Rodrigo Menezes 3fb12c66ae gzip and base64 encode the heredocs in the nodeup.sh portion of user-data 2020-12-04 10:46:18 -08:00
Ciprian Hacman afbb6475fe Add integration test for creating an HA cluster in shared zone 2020-12-04 20:16:38 +02:00
Kubernetes Prow Robot 5ccbcb3056
Merge pull request #10326 from AdamKorcz/fuzz3 
Add fuzzer and OSS-fuzz build script
 2020-12-04 06:57:59 -08:00
AdamKorcz 5a1f13d123 Added fuzzer to integrate with OSS-fuzz 2020-12-04 10:53:48 +00:00
Kubernetes Prow Robot 1b45f876a4
Merge pull request #10335 from hakman/same-tg-multiple-igs 
Allow attaching same external target group to multiple instance groups
 2020-12-02 21:38:59 -08:00
Ciprian Hacman e57cd534b5 Allow attaching same external target group to multiple instance groups 2020-12-03 06:59:59 +02:00
Kubernetes Prow Robot c86e509dbc
Merge pull request #10341 from hakman/docker-19.03.13 
Update containerd and Docker versions
 2020-12-02 04:22:50 -08:00
Ciprian Hacman 5510d946e9 Update expected outputs of integration tests 2020-12-02 10:11:27 +02:00
MoShitrit c8b2d7b9cd update-expected.sh 2020-12-01 22:12:18 -05:00
Rodrigo Menezes c9af4de9cf Remove copywrite from nodeup scripts to reduce the user-data size 2020-11-30 12:49:25 -08:00
Kubernetes Prow Robot e789c24c3a
Merge pull request #10275 from rdrgmnzs/kubeapi-mem-cpu-request-limit 
Allow setting CPU limit and Mem request / limit for kube API server
 2020-11-23 11:23:02 -08:00
Rodrigo Menezes da773ba35c Allow setting CPU limit and Mem request / limit for kube API 2020-11-23 10:03:34 -08:00
Ciprian Hacman d5bee0b867 Update integration test for ExternalLoadBalancers 2020-11-21 21:45:57 +02:00
Frank Yang 93dcaddc48 feat(aws): add PolicyNames for ELB to change listener's security policy 2020-11-19 16:07:21 +08:00
Ciprian Hacman 4579a1bcdc Validate external IAM policies 2020-11-12 14:34:35 +02:00
Kubernetes Prow Robot 9b3f13d93f
Merge pull request #10151 from hakman/launch-template-versions 
Use LaunchTemplate versions instead of timestamped LaunchTemplates
 2020-11-10 23:23:48 -08:00
Kubernetes Prow Robot e43efbe102
Merge pull request #10157 from rifelpet/acm-nlb 
Setup a second NLB listener when an AWS ACM certificate is used
 2020-11-10 10:36:41 -08:00
Ciprian Hacman 0c3e3784c8 Use LaunchTemplate name instead of name_prefix for Terraform 2020-11-09 21:40:36 +02:00
Kubernetes Prow Robot 6a57543f6e
Merge pull request #10179 from olemarkus/sgr-consistent-naming 
Consistent naming of security group rules
 2020-11-07 02:07:37 -08:00
Ole Markus With fab694d290 Add ability to consistently name sgrs 
In order to let kops fully control the rules for each security group we need to be able to generate names from the info in AWS. This is similar to the approach we used for openstack

Update pkg/model/firewall.go

Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>
 2020-11-07 10:27:19 +01:00