kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,134 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

267 Commits

Author SHA1 Message Date
Amit Prasad 48fa73f3bb Add option in Cluster Autoscaler AddOn for AWS EC2 Static instance list 2021-08-21 22:44:31 +05:30
dntosas 0e8d189aee [cilium] Add support for encryption via WireGuard 
In this commit, we enable users to choose WireGuard as their prefered
encryption type, leveraging this new feature from Cilium.

Ref: https://cilium.io/blog/2021/05/20/cilium-110#wireguard

Signed-off-by: dntosas <ntosas@gmail.com>
 2021-08-16 14:08:59 +02:00
Ole Markus With 0439bb0d76 Remove UseServiceAccountIAM feature flag and rename feature to UseServiceAccountExternalPermissions 2021-08-07 21:20:03 +02:00
Kubernetes Prow Robot 3a293781a6
Merge pull request #11784 from ederst/add-os-config-drive 
Launch Openstack instances with config drive
 2021-08-04 00:49:24 -07:00
Cheyi Lin 408bb7dfbe Add nth rebalance recommendation configs 2021-08-02 16:20:17 +08:00
Peter Rifel a0a6e3c974
Cleanup various references to LaunchConfigurations 2021-07-29 22:25:01 -04:00
John Gardiner Myers 3a53fdb139 Provision TLS server certs for controller-manager and scheduler 2021-07-22 20:59:58 -07:00
Oleg Atamanenko 7d013d5dc6 Add podPidsLimit / --pod-max-pids support 2021-07-06 11:06:49 -07:00
Kubernetes Prow Robot 61778b1fd9
Merge pull request #11845 from johngmyers/mark-deleted 
Retain deleted keypairs
 2021-06-27 10:11:24 -07:00
Kubernetes Prow Robot 89ad2bc453
Merge pull request #11810 from hakman/ipv6_disable_calico_awssrcdstcheck 
Enable cross-subnet mode with Calico by default
 2021-06-25 01:08:45 -07:00
Ciprian Hacman a12b3145ee Enable cross-subnet mode with Calico by default 2021-06-25 07:13:20 +03:00
John Gardiner Myers 584aa56b6b Retain deleted keypairs 2021-06-24 19:03:29 -07:00
Moshe Shitrit 6dee0ad09e Comment-out hardcoded default values and add the overriden ones as template functions for ease of customization 
Update auto-generated files
 2021-06-22 12:26:28 +03:00
Kubernetes Prow Robot 4df9da09d0
Merge pull request #11583 from dntosas/json-logging 
Add support for logging-format option (text/json)
 2021-06-21 02:18:51 -07:00
dntosas 43dc375ced
Add support for logging-format option (text/json) 
Signed-off-by: dntosas <ntosas@gmail.com>
 2021-06-21 10:10:56 +03:00
Kubernetes Prow Robot 559b57ea4c
Merge pull request #11381 from dntosas/addons-add-npd 
[addons] Introduce NodeProblemDetector
 2021-06-17 00:58:19 -07:00
dntosas 20124d3ba9
[addons] Introduce NodeProblemDetector 
Node Problem Detector aims to make various node problems visible to
the upstream layers in the cluster management stack. It is a daemon
that runs on each node, detects node problems and reports them to apiserver
so to avoid scheduling new pods on bad nodes and also easily identify
which are the problems on underlying nodes.

Project Home: https://github.com/kubernetes/node-problem-detector

Signed-off-by: dntosas <ntosas@gmail.com>
 2021-06-16 21:00:22 +03:00
ederst 2d84e7484a Add gen files for Openstack config drive option 2021-06-16 13:52:47 +02:00
dntosas 7bf65ff7ef
[cni/cilium] Add support for additional config options 
In this commit, we enable users define their setup with following
additional fields:

- DisableEndpointCRD
- EnableEndpointHealthChecking
- IdentityAllocationMode
- IdentityChangeGracePeriod
- BPFLBAlgorithm
- BPFLBMaglevTableSize
- BPFNATGlobalMax
- BPFNeighGlobalMax
- BPFPolicyMapMax
- EnableBPFMasquerade
- EnableL7Proxy

Added also validation tests to prevent conflicting value combinations to
reach actual cluster state.

Signed-off-by: dntosas <ntosas@gmail.com>
Co-authored-by: hwoarang <markos@chandras.me>
Signed-off-by: dntosas <ntosas@gmail.com>
 2021-06-16 09:35:42 +03:00
John Gardiner Myers 07ee0c2206 Simplify Calico IPv6 configuration 2021-06-14 08:06:10 -07:00
Kubernetes Prow Robot b71ba1d566
Merge pull request #11219 from johngmyers/refactor-keypair 
Refactor keypair code in preparation for secret rotation
 2021-06-12 14:25:00 -07:00
John Gardiner Myers 2a431c03a9 Improve description of PrimaryId 2021-06-05 16:38:25 -07:00
Kubernetes Prow Robot 7001de3486
Merge pull request #11688 from hakman/ipv6-calico 
Add options for configuring IPv4 and IPv6 support with Calico
 2021-06-05 16:06:38 -07:00
John Gardiner Myers 3b54486cdd make apimachinery crds 2021-06-05 16:00:54 -07:00
Ciprian Hacman 70f77a34d1 Add options for configuring IPv4 and IPv6 support with Calico 2021-06-04 17:05:40 +03:00
Ryan Dyer 65b750e732 add init image field 2021-05-25 17:57:49 +00:00
Ole Markus With 1868313497 Add snapshot-controller 2021-05-22 09:19:35 +02:00
Ciprian Hacman cedbe1f360 Add initial support for configuring IPv6 with AWS 2021-05-19 06:21:07 +03:00
Ole Markus With 6199174d78 Apply suggestions from code review 
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-05-02 07:56:57 +02:00
Ole Markus With 6f8b3647cf Add support for IRSA in he api 
Apply suggestions from code review

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-05-01 16:03:42 +02:00
Kubernetes Prow Robot 3704ffd2c9
Merge pull request #11354 from codablock/external-cert-manager 
Allow cert-manager to be provisioned externally
 2021-04-30 13:45:59 -07:00
Alexander Block d1ab0af511 Allow cert-manager to be provisioned externally 2021-04-30 20:33:59 +02:00
Ole Markus With 460586833b Add toggle for AWS OIDC provider. Free it from any feature flag 2021-04-30 19:19:06 +02:00
Ole Markus With 25b5f0cfb2 Move publicDataStore to serviceAccountIssuerDiscovery.discoveryStore 2021-04-30 19:19:06 +02:00
dntosas 7e20f87822
[addons/nth] Add capability to define resources 
Node termination handler as all daemonSets may play a critical role in
capacity planning, define resource policy for chosing instanceType etc.

In this commit, we enable users to define resources themselves to meet
their needs and also removed limits to convey with the chosen strategy
to avoid limits on such components.

Signed-off-by: dntosas <ntosas@gmail.com>
 2021-04-30 14:13:11 +03:00
bjhaid 88ed9f68bd Add support for configuring Cilium enable-host-reachable-services. 
After upgrading Cilium to 1.8 via kops one of our clusters had a total
outage due to cilium reporting errors as below:

```
level=error msg="endpoint regeneration failed" containerID= datapathPolicyRevision=0 desiredPolicyRevision=1 endpointID=592 error="Failed to load tc filter: exit status 1" identity=40147 ipv4= ipv6= k8sPodName=/ subsys=endpoint
```

upon searching Cilium slack we found the below thread:

https://cilium.slack.com/archives/C1MATJ5U5/p1616400216167600

which recommended setting `enable-host-reachable-services` to true will
address the problems. We set the field and it fixed our issues too,
however we observed that kops does not have a means to configure this
hence this PR.

We will like to have this backported after it has been merged.
 2021-04-27 12:49:27 -05:00
Kubernetes Prow Robot 17e46e5a2c
Merge pull request #11322 from johngmyers/warmpool-cluster 
Add cluster-level warmPool settings
 2021-04-27 02:09:38 -07:00
Kubernetes Prow Robot d90ace058b
Merge pull request #11304 from dntosas/update-aws-csi-ebs 
[csi/aws] Bump templates + add support for warm pools
 2021-04-26 02:37:01 -07:00
John Gardiner Myers 428041bc0f Add cluster-level warmPool settings 2021-04-25 20:22:04 -07:00
John Gardiner Myers 5ad32230bb Fix typo 2021-04-25 13:42:12 -07:00
dntosas af6d4d585f
[csi/aws] Bump templates to latest stable version … 
- Update manifests
- Bump components version
- Add API capability of setting Version + VolumeLimit
- Remove snapshot-controller resources as it should be independent from
any CSI driver

Signed-off-by: dntosas <ntosas@gmail.com>
 2021-04-25 16:45:15 +03:00
Kubernetes Prow Robot b0664176bc
Merge pull request #11259 from olemarkus/warm-life-cycle-hook 
Make nodeup able to complete the warming life cycle hook
 2021-04-24 02:05:15 -07:00
Kubernetes Prow Robot bc20262a47
Merge pull request #11281 from javipolo/cert-manager-default-issuer 
Add ability to set a default Issuer in certManager addon
 2021-04-24 01:21:14 -07:00
Ole Markus With 1ec0bd18e8 Enable support for the ASG WarmPool lifecycle hook 
Update pkg/model/iam/iam_builder.go

Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>
 2021-04-24 09:40:52 +02:00
Kubernetes Prow Robot 2649cbc598
Merge pull request #10995 from haugenj/release-1.19 
Add NTH Queue Processor Mode
 2021-04-22 12:15:58 -07:00
Jason Haugen 36722afb0f change casing Asg->ASG 2021-04-22 13:07:01 -05:00
Javi Polo bf20c6a4b7 Add ability to set a default Issuer in certManager addon 2021-04-21 22:39:25 +02:00
Kubernetes Prow Robot 9c46f5046a
Merge pull request #11235 from olemarkus/warm-provision 
Make it possible to enable/configure warm pool
 2021-04-20 21:44:10 -07:00
Ole Markus With 020652e096 Add ability to enable/configure warm pool for ASG 
Apply suggestions from code review

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>

Apply suggestions from code review

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-04-20 09:02:09 +02:00
Jason Haugen 7e48dad4d2 add ManagedAsgTag, merge templates, improve docs 2021-04-19 16:51:08 -05:00