kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
19,756 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

5106 Commits

Author SHA1 Message Date
Kubernetes Prow Robot e3a639cd73
Merge pull request #15373 from hakman/depup 
Update dependencies to K8s v1.27
 2023-05-08 02:27:17 -07:00
Ciprian Hacman abba0261e8 Update containerd to v1.6.21 2023-05-08 07:55:23 +03:00
Ciprian Hacman 334e9690b9 Fix missing fieldmanager.DecodeManagedFields() 2023-05-08 07:35:36 +03:00
justinsb 9c73c341ae Don't pass env vars if not needed 2023-05-07 13:17:56 -04:00
justinsb 1faee9dd8c digitalocean: bootstrap nodes through kops-controller. 
We start with a simple node verifier.
 2023-05-07 13:17:56 -04:00
justinsb 8657e25f21 digitalocean: Allow dns=none 
This works similar to other clouds, going through the (public) load balancer.
 2023-05-07 12:38:06 -04:00
justinsb c89f434f1b Only use node challenge on hetzner 
DigitalOcean (and others) will follow shortly.

Also create a method for CloudProvider, so that we are more ambivalent
towards bootstrapping methods.
 2023-05-06 08:57:21 -04:00
Justin SB c67f895226 Perform challenge callbacks into a node 
In order to verify that the caller is running on the specified node,
we source the expected IP address from the cloud, and require that the
node set up a simple challenge/response server to answer requests.

Because the challenge server runs on a port outside of the nodePort
range, this also makes it harder for pods to impersonate their host
nodes - though we do combine this with TPM and similar functionality
where it is available.
 2023-05-06 08:03:21 -04:00
Bronson Mirafuentes de171be079 set default runc version to 1.1.5 2023-05-03 08:55:32 -07:00
Bronson Mirafuentes f11fd88020 update runc to 1.1.7 2023-05-02 13:48:02 -07:00
Ole Markus With 5d82e52c48 Use external ECR credential provider as of Kubernetes 1.27 2023-04-29 10:21:57 +02:00
Kubernetes Prow Robot 2875f70cb5
Merge pull request #15347 from justinsb/gce_icmpv6 
gce: fix icmpv6 in firewalls
 2023-04-25 23:06:15 -07:00
justinsb b835184ea4 gce: fix icmpv6 in firewalls 
IPv6 in firewalls must use icmpv6, not icmp.  Remap in our ipv6
generator for simplicity.
 2023-04-25 20:59:47 -04:00
Leïla MARABESE 1e20a4c629 unique instance names to comply with CCM 2023-04-25 16:01:42 +02:00
Jesse Haka 80f8e12fa5 run make apimachinery 2023-04-20 15:10:23 +03:00
Jesse Haka c09b401b38 add csi cinder metrics 2023-04-20 14:40:44 +03:00
Kubernetes Prow Robot 2ef477f190
Merge pull request #15331 from justinsb/gce_address_family_ipalias 
gce: set ip address family on all FirewallRule tasks
 2023-04-19 10:11:11 -07:00
justinsb be588e830f gce: set ip address family on all FirewallRule tasks 
We had missed a few code paths previously.
 2023-04-18 03:45:09 -04:00
Anthony Hausman 5af9c30f32
Update containerd to v1.6.20 2023-04-16 12:32:49 +02:00
Jesse Haka 225e3f4b3f Upgrade k8s-dns-node-cache to 1.22.20 2023-04-13 16:23:46 +03:00
Kubernetes Prow Robot 69691eea23
Merge pull request #15266 from infonova/os-implement-etcd-manager-networkcidr 
OpenStack: Add network-cidr config for etcd-manager
 2023-04-13 02:48:36 -07:00
Kubernetes Prow Robot 7a9277c33f
Merge pull request #15291 from seh/teach-autoscaler-to-ignore-daemon-pods 
Allow Cluster Autoscaler to ignore daemon pods
 2023-04-11 11:25:06 -07:00
srikiz 40899f5fc0 Incorporate featureFlag addition for DO Terraform 2023-04-11 08:40:34 +05:30
Steven E. Harris 9595c833ee
Allow Cluster Autoscaler to ignore daemon pods 
By default the cluster autoscaler takes DaemonSet-managed pods'
resource requests into consideration when computing a node's resource
utilization. Allow toggling its "--ignore-daemonsets-utilization"
command-line flag via a new field in the Cluster
spec—"clusterAutoscaler.ignoreDaemonSetsUtilization." Setting that
field to true causes the autoscaler to ignore such daemon pods'
requests, such that it will more likely judge a node running only
daemon pods as being underutilized and shut down its hosting machine.
 2023-04-05 10:03:24 -04:00
Kubernetes Prow Robot 4cbcbf251b
Merge pull request #15281 from justinsb/gce_ipv6_subnets 
gce: Add IPv6 support to subnet/instances
 2023-03-31 13:43:49 -07:00
Justin SB 98c1109cc6 gce: Add IPv6 support to subnet/instances 
We need to specify StackType & IPv6AccessType
 2023-03-31 09:33:47 -04:00
Justin SB f20e08cab9 GCE FirewallRule: Use an explicit field for ipv4 vs ipv6 
We were previously relying on the name, but the name was "fooled" by
cluster names like ipv6.example.com
 2023-03-31 09:33:29 -04:00
Justin SB d4f3573351 gce: Fix log message about bucket level IAM 
The parameters were the wrong way round.
 2023-03-30 17:16:03 -04:00
ederst 3ccb8746cf OpenStack: Add network-cidr config for etcd-manager 2023-03-27 11:14:25 +02:00
Kubernetes Prow Robot b202130d8f
Merge pull request #15221 from infonova/os-set-allowed-addresses 
OpenStack: Allow setting allowed address pairs for ports
 2023-03-26 23:35:56 -07:00
ederst a0c8bb600a Run make apimachinery and crds 2023-03-24 11:34:34 +01:00
ederst 1e9fc8e6d5 OpenStack: Add OCCM address sort order config 
This will add the OCCM config to specify an address sort order:
* https://github.com/kubernetes/cloud-provider-openstack/pull/1946
 2023-03-24 11:34:22 +01:00
ederst a63328fc5b Run hack/update-expected.sh 2023-03-23 15:01:10 +01:00
ederst 37c2cf56d2 OpenStack: Allow setting allowed address pairs for ports 2023-03-23 15:01:10 +01:00
idanshoham 222e138683
feat(spot): Setting the VNG Size Limits in Launch Spec 2023-03-19 10:30:34 +02:00
Ciprian Hacman 8f703f5509 Fix behaviour for `kops export kubeconfig --internal` 2023-03-17 06:51:26 +02:00
Kubernetes Prow Robot 9d05f3d59c
Merge pull request #15238 from hakman/fix_additional_policies 
aws: Use `control-plane` for additional policies instead of `master`
 2023-03-16 19:31:16 -07:00
Ciprian Hacman 3a8d11c01f aws: Use `control-plane` for additional policies instead of `master` 2023-03-16 10:49:08 +02:00
Ciprian Hacman 88fd444987 gcp: Update terraform rendering for Target Pool 2023-03-16 08:55:15 +02:00
Ciprian Hacman 1db17ab949 gcp: Update terraform rendering for HTTP Health Check 2023-03-16 08:10:25 +02:00
Peter Rifel 3ce30fff48
Don't set CSIMigrationAWS for k8s >=1.27 2023-03-10 21:19:21 -06:00
Justin SB 03af1c7272 gce: Don't reconcile routes when running with "gce" networking. 
If running with GCE "native" networking, we do not need the route
controller (and it causes problems); we turn it off by setting
--configure-cloud-routes=false.

In general we do not need the gkenetworkparams controller (and it
complains about missing CRDs).  We will turn it off in future, but it
isn't in the images we are using currently.
 2023-03-03 10:07:09 -05:00
Justin SB eb7d3c958c gce: When using network native pod IPs, open firewall to apiserver 
If we're not masquerading the pod IPs, we need an explicit firewall
rule for the pods to reach the kube-apiserver.  Normally this is
permitted anyway, but if the apiserver has a locked-down CIDR range
(as the e2e tests do) then we need our own rule.
 2023-03-02 13:15:58 -05:00
Kubernetes Prow Robot 4b61ae77c1
Merge pull request #15183 from anthonyhaussman/feat/kops/nodeLocalDNS_ExternalCoreFile 
feat(NodeLocalDNS): Add possibility to set an ExternalCoreFile
 2023-02-28 23:17:17 -08:00
Anthony Hausman cc47bd278c
feat(nodelocaldns): Add possibility to set an ExternalCoreFile 
Allow users to provide entirely custom CoreFile for NodeLocalDNS to provide improved flexibility.
 2023-02-28 08:19:20 +01:00
Jesse Haka 3f9a1b6462 set node status update freq to 60min in OpenStack 2023-02-27 20:38:30 +02:00
Kubernetes Prow Robot d50995ece3
Merge pull request #15179 from justinsb/cleanup_validate_cidr 
validation cleanup: simplify signature of validateCIDR
 2023-02-24 11:13:30 -08:00
Justin SB 94c35804c9 validation cleanup: simplify signature of validateCIDR 
We split out the "add to a slice" logic, as this is then easier to
reason about.

Should be a no-op in terms of valid inputs, might avoid some crashes
with invalid inputs.
 2023-02-24 11:09:49 -05:00
Kubernetes Prow Robot b5dc9f6371
Merge pull request #15122 from Mia-Cross/scw_profiles 
scaleway: get credentials from Scaleway profile
 2023-02-24 07:43:34 -08:00
Kubernetes Prow Robot e8f704a855
Merge pull request #15036 from johngmyers/addlcidr-subnet 
Improve support for AdditionalNetworkCIDRs
 2023-02-24 06:33:34 -08:00
Kubernetes Prow Robot 511f32a20c
Merge pull request #15138 from zetaab/exitgracefully 
exit nodeup gracefully if server already exists in k8s
 2023-02-20 03:49:49 -08:00
Jesse Haka a765191898 use http.StatusConflict 2023-02-20 13:01:43 +02:00
Ciprian Hacman 8d6a809d10 Update containerd to v1.6.18 2023-02-18 04:38:08 +02:00
Rafael da Fonseca bc37c7408c Add terraform target support for configuring Warm Pool 2023-02-14 14:27:46 +00:00
Kubernetes Prow Robot ca3b53c00a
Merge pull request #15095 from infonova/use-clustername-in-cinder-csi-plugin 
Pass actual cluster name to cinder-csi-plugin
 2023-02-13 09:33:29 -08:00
ederst b4557d4729 Run make apimachinery and crds 2023-02-13 17:34:31 +01:00
ederst cd50ee00ac Pass actual cluster name to cinder-csi-plugin 
This passes the acutal cluster name to the cinder-csi-plugin, so that
the plugin will add the name as metadata to the backing volume in
OpenStack.

Effectively, the change will help to better identify which volume in
OpenStack belongs to which cluster, which is especially helpful when
running multiple clusters in one OpenStack tenant/project.

Setting the cluster name in both - the controller and the nodeserver -
will ensure that dynamic and ephemeral volumes will receive the correct
metadata.
 2023-02-13 17:31:32 +01:00
justinsb 1ad3f6012c hetzner: add dependency logic to deletion 
This avoids warnings about deleting e.g. the volume while it is still
attached to a server.

Co-authored-by: Ciprian Hacman <ciprian@hakman.dev>
 2023-02-13 08:55:12 -05:00
Kubernetes Prow Robot 9ec9d42910
Merge pull request #15131 from hakman/containerd-v1.6.17 
Update containerd to v1.6.17
 2023-02-13 02:27:29 -08:00
Jesse Haka ff557a9cf1 remove cadvisor and etcd client fw rule 2023-02-13 09:31:37 +02:00
Jesse Haka 382855d7d1 remove s3 access from nodes if using none dns 2023-02-12 21:51:16 +02:00
justinsb 150a98e258 DigitalOcean: Support SSH key provisioning 
This means we don't need to pre-upload our SSH keys.
 2023-02-12 10:34:40 -05:00
Jesse Haka 8e6199fa39 exit gracefully if server already exists in k8s 2023-02-12 16:52:13 +02:00
Ciprian Hacman e6e4324b85 Remove compatibility with k8s.gcr.io 2023-02-12 13:46:48 +02:00
Ciprian Hacman 0d39e0920e Update containerd to v1.6.17 2023-02-12 12:27:24 +02:00
Kubernetes Prow Robot 24a83acb66
Merge pull request #15128 from justinsb/do_no_empty_ips 
digitalocean: don't print empty IP addresses
 2023-02-11 17:49:31 -08:00
Kubernetes Prow Robot fce388e3a2
Merge pull request #15124 from justinsb/integration_hetzner 
hetzner: support toolbox dump of instances
 2023-02-11 11:07:29 -08:00
justinsb c7ed41ca70 digitalocean: don't print empty IP addresses 
Now we have some IPv6 support, we were printing an empty address when
machines did not have an IPv6 address.
 2023-02-11 13:25:43 -05:00
Justin SB 0b699832ec Use cloud-discovery on GCE in gossip mode 
It's a little simpler and should speed up our boot.
 2023-02-11 11:03:12 -05:00
justinsb 312ee7fefc hetzner: support toolbox dump of instances 
Makes for easier debugging.
 2023-02-11 10:55:54 -05:00
Leïla MARABESE 9f950f4a3a scaleway profiles feature 2023-02-10 17:02:45 +01:00
Jesse Haka 9df5534a13 add k8s node labels 2023-02-01 21:11:11 +02:00
Ciprian Hacman 884fded69e hack/update-expected.sh 2023-02-01 09:37:37 +02:00
Ciprian Hacman bdd7ff49da Update etcd-manager to v3.0.20230201 2023-02-01 09:35:32 +02:00
Kubernetes Prow Robot 2c619f3f23
Merge pull request #15083 from infonova/os-allow-setting-ignore-volume-microversion 
Allow setting 'ignore-volume-microversion' for OCCP
 2023-01-31 04:32:49 -08:00
ederst f4fdf7df79 Allow setting 'ignore-volume-microversion' for OCCP 
This will allow setting the option `ignore-volume-microversion` for the
cinder-csi-plugin.

Setting this is necessary for older OpenStack APIs so that OCCP can
create PVs.

Note: This will work with cinder-csi-plugin >= 1.25.

For reference:
* https://github.com/kubernetes/cloud-provider-openstack/pull/1986/
 2023-01-31 11:48:25 +01:00
Kubernetes Prow Robot ebebbe8b76
Merge pull request #15068 from hakman/etcd-v3.5.7 
Update etcd to v3.5.7
 2023-01-31 01:54:49 -08:00
Kubernetes Prow Robot 94affad3a4
Merge pull request #15050 from anthonyhaussman/feat/tone/cilium_unreachable_routes_pod_deletion 
Cilium: Add unreachable route for pod IP on deletion option
 2023-01-30 05:26:51 -08:00
Kubernetes Prow Robot 254fd0ca39
Merge pull request #14933 from Mia-Cross/scaleway_load_balancer 
scaleway: load-balancer support
 2023-01-30 00:12:51 -08:00
Ciprian Hacman ae042e7499 Update containerd to v1.6.16 2023-01-29 08:01:37 +02:00
Ciprian Hacman 4ebc882a70 hack/update-expected.sh 2023-01-28 16:29:53 +02:00
Ciprian Hacman 1d8114dd8c Update etcd to v3.5.7 2023-01-28 16:28:07 +02:00
Leïla MARABESE e2a6207ea1 added dependencies between LB, LBbackend and LBfrontend tasks 2023-01-26 17:12:47 +01:00
Leïla MARABESE 43f8f8b29b separated back/front-end tasks from LB task 2023-01-26 17:12:46 +01:00
Leïla MARABESE 3dece51a3a migrated LB regionalized API to zoned API 2023-01-26 17:12:46 +01:00
Leïla MARABESE ea2f7123e1 use of cloud tags + improved error checking and messages 2023-01-26 17:12:46 +01:00
Leïla MARABESE 0fca23addd list and delete load-balancers 2023-01-26 17:12:46 +01:00
Leïla MARABESE e9f2694061 load-balancer model + tasks 2023-01-26 17:12:46 +01:00
John Gardiner Myers b47babf808 Upgrade AWS CCM to 1.25.3 2023-01-24 12:35:24 -08:00
Anthony Hausman 484bde5b9b
cilium: Add unreachable route for pod IP on deletion option 
When a pod is deleted, the route to its IP is replaced with an unreachable route.
When a pod is created, the route is replaced with a route to the pod veth (so if an unreachable existed, it's replaced).

Ref:
 - https://github.com/cilium/cilium/pull/18505
 2023-01-24 14:08:24 +01:00
Kubernetes Prow Robot 0172d03051
Merge pull request #14988 from hakman/etcd_backup_retention 
etcd-manager: Add option to set backup retention
 2023-01-23 00:28:10 -08:00
Ciprian Hacman b1ef66f136 etcd-manager: Add option to set backup retention 2023-01-23 09:43:09 +02:00
Kubernetes Prow Robot b2bdd43dc4
Merge pull request #15024 from zetaab/fixauth 
make openstack kops-controller boostrap auth better
 2023-01-22 23:20:10 -08:00
Kubernetes Prow Robot b64cded2a9
Merge pull request #14785 from hakman/etcd-manager_init-containers 
Load etcd binaries dynamically from container images
 2023-01-22 11:56:02 -08:00
Justin SB 309a2c0b3c tests: Capture iptables chains 
This is helpful debugging information when we see network issues.
 2023-01-22 11:30:29 -05:00
John Gardiner Myers 7d3c20d036 Validate additionalRoutes against additionalNetworkCIDRs 2023-01-21 18:42:58 -08:00
Kubernetes Prow Robot 987eefb48a
Merge pull request #14997 from johngmyers/validate-addlcidrs 
Validate nonMasqueradeCIDR doesn't overlap additionalNetworkCIDRs
 2023-01-21 12:10:02 -08:00
Ciprian Hacman fef8eb4a9b Run hack/update-expected.sh 2023-01-21 09:24:33 +02:00
Ciprian Hacman 61acbe72fa Update etcd-manager to v3.0.20230119 2023-01-21 09:24:33 +02:00
Ciprian Hacman 971c655ecb Run hack/update-expected.sh 2023-01-21 09:24:33 +02:00