Hidden behind a feature-flag, but when the UseAddonOperators feature
flag is set, we now use the cluster-addons CoreDNS operator instead of
our built-in manifests.
Ensure apiserver role can only be used on AWS (because of firewalling)
Apply api-server label to CP as well
Consolidate node not ready validation message
Guard apiserver nodes with a feature flag
Rename Apiserver role to APIServer
Add an integration test for apiserver nodes
Rename Apiserver role to APIServer
Enumerate all roles in rolling update docs
Apply suggestions from code review
Co-authored-by: Steven E. Harris <seh@panix.com>
kops-controller can now serve the instance group & cluster config to
nodes, as part of the bootstrap process.
This enables nodes to boot without access to the state
store (i.e. without S3 / GCS / etc permissions)
Feature-flagged behind the KopsControllerStateStore feature-flag.
This should be much easier to start and to get under testing; it only
works with a load balancer, it sets the apiserver into anonymous-auth
allowed, it grants the anonymous auth user permission to read our jwks
tokens. But it shouldn't need a second bucket or anything of that
nature.
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
When the PublicJWKS feature-flag is set, we expose the apiserver JWKS
document publicly (including enabling anonymous access). This is a
stepping stone to a more hardened configuration where we copy the JWKS
document to S3/GCS/etc.
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
We will be managing cluster addons using CRDs, and so we want to be
able to apply arbitrary objects as part of cluster bringup.
Start by allowing (behind a feature-flag) for arbitrary objects to be
specified.
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
Should prevent the scenario where etcd-manager can't come up because of a different version.
Can be bypassed with the SkipEtcdVersionCheck feature flag.
We don't call klog.InitFlags yet, because that will cause a flag
redefinition error until we get everyone to stop using glog. That
will happen when we update to k8s 1.13.
This currently just turns off validation of the kubelet cluster dns
flag, which should allow for experimenting with more complicated DNS
configurations such as local proxies, which may address shortcomings
of DNS retries with UDP.
Issue #5584
We delete old AWS LaunchConfigurations when we see that we have more
than 3. We add a feature flag KeepLaunchConfigurations to disable this
functionality, for backwards compatability.
Fixes#329
We previously needed them to allow list operations; however we now use a
keyset.yaml file instead of listing keys. That should be the sole use,
so we should no longer need this permission.
If not, we can re-enable the code easily.
This is part I of multi part Pull Request to enable the
cloud-controller-manager through kops. This specific PR introduces the
cloud-controller-manager api, and puts it behind a feature flag.
Please feel free to merge this.
This will allow us to set CIDRs for nodeport access, which in turn will
allow e2e tests that require nodeport access to pass.
Then add a feature-flagged flag to `kops create cluster` to allow
arbitrary setting of spec values; currently the only value supported is
cluster.spec.nodePortAccess
Ciprian Hacman
John Gardiner Myers
Justin Santa Barbara
Ole Markus With
Bharath Vedartham
Kubernetes Prow Robot
Kenji Kaneda
Barry Melbourne
Rodrigo Menezes
Peter Rifel
liranp
Christian van der Leeden
mikesplain
Rohith
Justin Santa Barbara
Kubernetes Submit Queue
chrislovecnm
wlan0
Seth Pollack
prashima