kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
20,867 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

78 Commits

Author SHA1 Message Date
justinsb 50776a7e92 Refactor ForAPIServer 
We instead return a list of the services we are supporting.

We can in future split out internal and external apiserver services.
 2024-01-12 15:53:41 -05:00
Ciprian Hacman 6dd31d9680 aws: Attach security group to NLBs for kops-controller 2023-10-08 09:16:35 +03:00
John Gardiner Myers 2fbc7cf979 aws: Attach security groups to NLBs 2023-10-06 22:33:31 -07:00
John Gardiner Myers 8cc617afd9 Make NLBs dualstack when they're in IPv6-capable subnets 2023-05-11 14:46:23 -07:00
justinsb b7d9319fff EnsureTask should panic on error 
This means that we automatically check the error code.  A linter could
detect errors here (maybe), but in practice we can't recover from
errors here anyway.
 2023-01-04 08:29:20 -05:00
John Gardiner Myers 7c3e32369a Refactor Context into separate cloudup and nodeup types 2022-12-17 17:42:46 -08:00
John Gardiner Myers b024338768 Always include load balancer domain in APIServer certificate 2022-12-17 16:14:08 -08:00
Ciprian Hacman 3a046ded6b aws: Add support for managing target group attributes 2022-12-07 18:56:14 +02:00
John Gardiner Myers 235aa61594 v1alpha3: move networking fields under networking 2022-12-02 19:19:59 -08:00
John Gardiner Myers d39ba74bd7 Change the control-plane IG role to "ControlPlane" in v1alpha3 API 2022-11-22 17:05:29 -08:00
John Gardiner Myers 5fca16aa30 v1alpha3: Move API-related settings under API 2022-11-19 10:27:12 -08:00
Ciprian Hacman 8f79c9bd68 Replace fi.Bool/Float*/Int*/String() with fi.PtrTo() 2022-11-19 03:45:22 +02:00
Kubernetes Prow Robot f982934ae2
Merge pull request #14499 from johngmyers/delete-clb 
aws: delete CLBs after migration to NLB
 2022-11-06 10:20:15 -08:00
John Gardiner Myers 66eb76ada5 aws: delete CLBs after migration to NLB 2022-11-05 14:34:57 -07:00
Ciprian Hacman edb44610f7 aws: Create cluster without DNS or Gossip 2022-11-02 12:54:27 +02:00
Kubernetes Prow Robot 2c4808c5bd
Merge pull request #14440 from hakman/hetzner_no-dns_master 
hetzner: Create cluster without DNS or Gossip
 2022-11-02 02:02:47 -07:00
Ciprian Hacman 1d53eba4b3 aws: Set the target group health check interval to 10s 2022-10-29 10:30:50 +03:00
Ciprian Hacman 4e5ded6dc3 hetzner: Create cluster without DNS or Gossip 2022-10-27 11:29:37 +03:00
Ciprian Hacman dc98c74428 Move Gossip check to cluster struct 2022-10-21 09:48:07 +03:00
Ciprian Hacman 85026145a1 Always infer gossip DNS from cluster name 2022-10-02 12:54:37 +03:00
Ciprian Hacman ff40d18a7d Avoid spurious changes with NLB due to access log config 2022-09-23 20:57:57 +03:00
Kubernetes Prow Robot bffc60202c
Merge pull request #13113 from hierynomus/issue-12925 
Allow PrefixList for sshAccess and kubernetesApiAccess
 2022-02-15 07:20:03 -08:00
Jeroen van Erp 255a0322c9
Allow PrefixList for sshAccess and kubernetesApiAccess 
Signed-off-by: Jeroen van Erp <jeroen@hierynomus.com>
 2022-02-15 14:37:28 +01:00
John Gardiner Myers 5385381633 Use IPv6-only subnets for worker nodes in private IPv6 topology 2022-01-06 21:00:00 -08:00
John Gardiner Myers 3314c18e89 Support creating dualstack internal NLBs 2021-12-19 21:52:56 -08:00
Bronson Mirafuentes 95c520f4af enable connection-draining for aws classic lb 2021-12-03 10:00:45 -08:00
Ciprian Hacman ea7df00719 Run hack/update-gofmt.sh 2021-12-01 22:39:50 +02:00
AkiraFukushima 2fd69ba3a3
Remove access log attributes when the spec is removed from cluster spec 2021-08-03 17:45:20 +09:00
AkiraFukushima 226cbe5561
Support AWS LB access log configuration for NetworkLoadBalancer 2021-08-03 12:12:16 +09:00
AkiraFukushima 50ab82ed04
Support AWS LB access log configuration in cluster spec 2021-07-29 22:39:23 +09:00
Ciprian Hacman 7969f57d07 Address review comments 2021-06-26 21:27:00 +03:00
Ciprian Hacman 7bc629b683 Use DualStack API NLB for IPv6 2021-06-26 19:16:46 +03:00
John Gardiner Myers 7c9e7e9286 Make Lifecycle field non-pointer 2021-06-02 23:02:16 -07:00
John Gardiner Myers 2b146d31d6 Set Lifecycle in APILoadBalancerBuilder 2021-05-31 10:39:33 -07:00
Ciprian Hacman cedbe1f360 Add initial support for configuring IPv6 with AWS 2021-05-19 06:21:07 +03:00
Ciprian Hacman 137fe6c2bb Move firewall to awsmodel 2021-04-30 14:50:46 +03:00
Timothy Clarke 1577b0a54b
Adding Elastic IP Allocations to NLB API 2021-02-18 12:27:28 +00:00
Alexander Block 295fb11ac2 Better readable modification assigning of PrivateIPv4Address 2021-02-10 09:39:32 +01:00
Alexander Block 2c0f9809eb Move validation of ClusterSubnetSpec into pkg/apis/kops/validation 2021-02-10 09:36:39 +01:00
Alexander Block c6eca9db81 Fix check for empty privateIPv4Address 2021-02-10 08:21:22 +01:00
Alexander Block 6facd1b8ab Allow to explicitely choose subnets and private IPs for the API loadbalancer 2021-02-05 17:53:20 +01:00
Alexander Block 49e7ec8890 Use SubnetMappings for NLBs instead of Subnets 
SubnetMappings allow to explicitely set the private IPv4 address that
must be used for the NLB.

SubnetMappings and Subnets in the AWS API are compatible as long as the
address settings are not changes, making this commit backwards compatible.
 2021-02-05 17:53:20 +01:00
Ole Markus With afbd057286 Use consistent naming for the remaining SGRs 2021-01-14 12:57:33 +01:00
Ciprian Hacman e57cd534b5 Allow attaching same external target group to multiple instance groups 2020-12-03 06:59:59 +02:00
Frank Yang 93dcaddc48 feat(aws): add PolicyNames for ELB to change listener's security policy 2020-11-19 16:07:21 +08:00
Peter Rifel 4758ea9f2f
Address feedback 2020-11-09 17:24:32 -06:00
Peter Rifel 370092cb5a
Update TG ports rather than protocols when adding/removing ACM certs from listeners 
This also renames the TGs to be more descriptive, with tcp and tls prefixes.
 2020-11-06 11:09:38 -06:00
Peter Rifel 9242c34a38
Setup a second NLB listener on 8443 when sslCertificate is set 2020-11-06 11:09:37 -06:00
Peter Rifel 6c5b2fc58f
Add support for multiple NLB listeners and target groups 2020-11-06 11:09:36 -06:00
Peter Rifel f08284834e
Move NLB's VPC CIDR security group rule logic into model 
This way the security group rule task doesn't need to be aware of VPCs, since we know the VPC CIDR ahead of time via cluster spec.

This also fixes the terraform and cloudformation rendering of this rule (see the added cidr block in the integration test outputs)

These rules are for NLB's health checks. The AWS docs recommend allowing access from the entire VPC CIDRs
Also add rules for additionalNetworkCIDRs, supporting VPCs with multiple CIDR blocks.
 2020-11-03 08:13:32 -06:00