5385381633
Use IPv6-only subnets for worker nodes in private IPv6 topology
2022-01-06 21:00:00 -08:00
93a6871e9b
gce: don't set per-IG permissions when using shared account
...
If we're using a cluster-level service-account, we shouldn't try to
set bucket permissions on a per-IG level.
For compatibility with the existing behavior, we simply don't set any
permissions in this case.
2021-12-28 10:10:16 -05:00
8b3372ec76
Need to truncate gce serviceaccounts to max 30 characters
2021-12-17 12:57:14 -05:00
746f886718
gce: use per instancegroup serviceaccounts
...
We no longer set the cloudconfig serviceaccount on new clusters, and
instead use a per-IG setting if this is not set.
2021-12-17 12:57:14 -05:00
63e3d98443
gce: Use ServiceAccount task when building model
...
The next step towards supporting custom ServiceAccounts per IG
2021-12-15 11:08:51 -05:00
4cf52d0e51
GCE: Support kops-controller, including in gossip mode
...
We discover the kops-controller in gossip mode using seeding code that
calls into the GCE API, just like gossip itself does.
We refactor the gossip code into a shared gcediscovery library with
minimal dependencies.
2021-12-04 11:51:41 -05:00
85d4bf7497
Add labels to GCE instance templates
2021-12-02 08:20:04 +02:00
0be79b25b7
Merge pull request #12867 from hakman/gofumpt_script
...
Add gofumpt scripts
2021-12-01 22:13:32 -08:00
00a8a68f01
Fix area/provider/gcp GitHub label assignment
2021-12-01 22:43:43 -06:00
ea7df00719
Run hack/update-gofmt.sh
2021-12-01 22:39:50 +02:00
5e4987b246
GCE: support egress specification
...
Empty or "nat" now defaults to creating a per-subnet NAT router for
private topologies. "external" will assume that egress is configured
outside of kOps.
2021-10-26 21:37:03 -04:00
caff7e36ad
gce: open node->master ports for calico and cilium
...
We're taking the opportunity to pursue a locked-down model, but this
means we need to open ports explicitly.
2021-10-25 08:31:21 -04:00
d363bf3dad
GCE: improve network & subnet terraform support
...
We should use the subnet spec in the Cluster, and default to creating
a new subnet/network, but allow an existing one to be specified.
2021-10-24 17:41:14 -04:00
0611e4f638
gce: open kops-controller port from nodes
...
This is now needed in our nodeup bootstrap with vTPM on GCE.
Also remove the cadvisor port, it is no longer running on the control-plane nodes.
2021-10-24 13:47:16 -04:00
af76c4c20a
gce: allow router to refer to network object
...
This allows for our execution model to work a little more smoothly.
2021-10-24 09:19:06 -04:00
860b033ddc
gce: allow network to be marked as shared
2021-10-23 23:54:39 -04:00
e2f7895700
GCE: When using calico, need to open up ipip protocol
...
We need to open up the ipip protocol, which wasn't previously enabled.
Future work could construct the firewall rules in a common library,
and then adapt them to the various clouds.
2021-09-21 21:20:24 -04:00
3e83b771d6
GCE: For IPAlias or Custom Routes, we must recognize source by CIDR
...
SourceTags are not recognized when using IPAlias or custom routes (aka
kubenet), so we must recognize by CIDR instead.
2021-09-21 08:20:17 -04:00
76f816f483
GCE: Always have IPv6 rules in "ipv6 mode"
...
If we don't specify some SourceRanges, it defaults to 0.0.0.0/0, which
is IPv4 and confusing.
2021-09-20 09:26:28 -04:00
0722124e8e
Initial IPv6 support for GCE
...
Supporting IPv6 values where they can be set by the user, and ensuring
that IPv4 and IPv6 firewall rules are split because on GCP they cannot
be in the same rule.
2021-08-21 20:09:31 -04:00
7c9e7e9286
Make Lifecycle field non-pointer
2021-06-02 23:02:16 -07:00
43d8d97e7c
Set lifecycle in GCE APILoadBalancerBuilder
2021-05-31 10:39:34 -07:00
b0664176bc
Merge pull request #11259 from olemarkus/warm-life-cycle-hook
...
Make nodeup able to complete the warming life cycle hook
2021-04-24 02:05:15 -07:00
1ec0bd18e8
Enable support for the ASG WarmPool lifecycle hook
...
Update pkg/model/iam/iam_builder.go
Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>
2021-04-24 09:40:52 +02:00
f37330f53d
Add GCE Router task
...
This commit picks up the change from the previous attempt
(https://github.com/kubernetes/kops/pull/6828 ).
- Add Router to GCE tasks
- Add the HasExternalIP field to InstanceTemplate
- Create a RouterTask and set HasExternalIP to false when
a private topology is specified.
https://github.com/kubernetes/kops/issues/6827
2021-04-23 23:03:38 -07:00
9bc1c0ed77
Merge pull request #10477 from justinsb/refactor_gce_instancetemplate
...
Refactor GCE InstanceTemplate
2020-12-21 17:48:28 -08:00
1945a656a0
Remove deprecated ResourceHolder
...
Cleaning up what is now dead code.
2020-12-19 23:15:37 -05:00
f12c3f95f8
Refactor GCE InstanceTemplate
...
Clearer, and for future cluster-api support.
2020-12-19 17:14:51 -05:00
45d11ba12c
Replace (some) deprecated ResourceHolder with Resource
...
This removes more of the deprecated type, but it also simplifies
refactoring the GCE InstanceTemplate.
2020-12-19 09:51:43 -05:00
a61ecf4c58
Refactor to use interface for iam Subjects
...
Hat-tip to johngmyers for the idea!
2020-09-09 09:57:07 -04:00
8498ac9dbb
Create PublicJWKS feature flag
...
This should be much easier to start and to get under testing; it only
works with a load balancer, it sets the apiserver into anonymous-auth
allowed, it grants the anonymous auth user permission to read our jwks
tokens. But it shouldn't need a second bucket or anything of that
nature.
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
2020-09-09 09:57:06 -04:00
4d9f0128a3
Upgrade to klog2
...
This splits up the kubernetes 1.19 PR to make it easier to keep up to date until we get it sorted out.
2020-08-16 20:56:48 -05:00
f9262b91e7
Merge pull request #9450 from johngmyers/refactor-apiserver-lb
...
Refactor how api-server addresses are exported from tasks
2020-06-28 22:08:15 -07:00
86f157fa27
Refactor how api-server addresses are exported from tasks
2020-06-26 21:38:39 -07:00
013f9bf914
Create bootstrap script in a Task
2020-06-26 19:11:40 -07:00
cef5b175c7
Rename BootstrapScript to BootstrapScriptBuilder
2020-06-26 10:57:36 -07:00
843e5b9b16
Move GCEServiceAccount into CloudConfig
2020-05-03 20:35:32 -07:00
c59314a799
Adds some initial tests. Fixes some logic
...
Need to fix service account implementation first
Fixing tests and iterating on the serviceaccount logic
Run the gce_byo_sa test
2020-04-04 21:20:31 -07:00
b3d65ffce0
Adds a gce-service-account flag so you BYO service-account
...
Generated code and some cleanup
Not sure where that code went
Tests for service account
fixes case on gceserviceaccount
2020-04-04 21:15:56 -07:00
1f508e7e17
Tweak the featureflag.GoogleCloudBucketACL.Enabled
2020-03-14 20:47:11 -07:00
a999b3ea61
fix OWNERS labels format
...
These need to be lists
2020-03-10 22:47:50 -05:00
52537053cc
simplify code and remove unused code
2019-12-17 00:28:35 +08:00
b0c63b4cd9
pkg: fix static check
2019-10-24 14:16:41 +08:00
728e582360
Fill out kops controller functionality
...
k8s 1.16 requires that we move label setting away from the kubelet, to
a central controller. kops-controller is that controller.
2019-09-25 12:04:34 -04:00
9e55b8230a
Update copyright notices
...
Also cleans some white spaces
2019-09-09 14:47:51 -04:00
62f7c26f98
Support "gce" networking mode, which uses ip aliases
2019-07-19 07:54:13 -04:00
76d03b3f71
Generated files: glog -> klog
2019-05-06 12:56:03 -04:00
3e33ac7682
Change code from glog to klog
...
We don't call klog.InitFlags yet, because that will cause a flag
redefinition error until we get everyone to stop using glog. That
will happen when we update to k8s 1.13.
2019-05-06 12:54:51 -04:00
b1aa7892c7
Launch Template Feature Flag
...
- adding a feature flags to allow users to switch over to launch templates completely
2019-02-26 10:17:10 +00:00
168cf56ebe
GCE: storage-rw scope for instances that need it
2018-06-14 17:50:26 -04:00
John Gardiner Myers