kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,818 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

667 Commits

Author SHA1 Message Date
Kubernetes Prow Robot b47e023b1e
Merge pull request #12680 from rifelpet/fix-iam-conditions 
Fix ELB IAM conditions (part 2)
 2021-11-03 23:34:03 -07:00
Peter Rifel af426a272b
./hack/update-expected.sh 2021-11-03 22:17:41 -05:00
Peter Rifel c3e8420731
Revert "Move some AWS IAM policy actions from tagged conditions to wildcard" 
This reverts commit 91e4767851.
 2021-11-03 21:59:43 -05:00
Kubernetes Prow Robot 1e97b0cf76
Merge pull request #12674 from rifelpet/fix-iam-conditions 
Remove tag conditions on certain AWS IAM actions
 2021-11-03 02:24:59 -07:00
Peter Rifel a8f7fee499
./hack/update-expected.sh 2021-11-02 20:21:37 -05:00
Peter Rifel 91e4767851
Move some AWS IAM policy actions from tagged conditions to wildcard 
I checked these against the IAM docs for each API and moved the actions that dont support tag conditions:
https://docs.aws.amazon.com/service-authorization/latest/reference/list_elasticloadbalancing.html#elasticloadbalancing-actions-as-permissions
https://docs.aws.amazon.com/service-authorization/latest/reference/list_elasticloadbalancingv2.html#elasticloadbalancingv2-actions-as-permissions
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html#amazonec2-actions-as-permissions
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2autoscaling.html#amazonec2autoscaling-actions-as-permissions
 2021-11-02 20:06:35 -05:00
Peter Rifel dede42efd2
Fix cluster name used in IAM policies 2021-11-02 17:39:57 -05:00
Peter Rifel df902cca65
Enable lifecycle hook in integration test 2021-11-02 17:38:23 -05:00
Ciprian Hacman a5ae36b9d1 Run hack/update-expected.sh 2021-11-01 16:31:29 +02:00
John Gardiner Myers 3a97dbaa8d Release 1.23.0-alpha.2 2021-10-31 13:46:07 -07:00
John Gardiner Myers a2269c886c hack/update-expected.sh 2021-10-31 12:26:30 -07:00
John Gardiner Myers 9f99d41323 IPv6 requires external CCM 2021-10-31 12:26:30 -07:00
John Gardiner Myers 1ec56c509e hack/update-expected.sh 2021-10-30 13:28:39 -07:00
Ciprian Hacman 76898881cb Use prefixes for IPv6 with Calico 2021-10-30 20:57:40 +03:00
Kubernetes Prow Robot 9bc5887610
Merge pull request #12638 from rifelpet/arn-partition 
Fix hardcoded ARN partitions
 2021-10-29 23:37:19 -07:00
Kubernetes Prow Robot fce557c72b
Merge pull request #12641 from hakman/kops-controller_ipam_perms 
Allow kops-controller to describe network interfaces
 2021-10-29 21:34:14 -07:00
Peter Rifel 0bd7348ad9
Fix ARN partition in SQS queue policy 2021-10-29 23:08:30 -05:00
Peter Rifel 8dc11bdba9
./hack/update-expected.sh 2021-10-29 23:08:28 -05:00
Peter Rifel 5d82ce0b5f
Update cloudmock and integration test inputs to use aws-test partition 2021-10-29 23:07:30 -05:00
Ciprian Hacman 9d1e11c73a Allow kops-controller to describe network interfaces 2021-10-30 06:50:32 +03:00
Peter Rifel 1f37132fc9
Check for orphaned data files in integration test source directories 2021-10-29 17:07:51 -05:00
Peter Rifel c860293783
Add missing cloudformation test invocations 2021-10-29 17:06:15 -05:00
Ciprian Hacman 4597e856de Add more IPv6 integration tests 2021-10-29 17:35:51 +03:00
Kubernetes Prow Robot 5bfdefb43c
Merge pull request #12623 from johngmyers/cilium-ipv6-ipam 
Never masquerade IPv6 with Cilium
 2021-10-29 05:56:51 -07:00
John Gardiner Myers 7b5fdc7c43 Update automatically generated files 2021-10-27 23:40:02 -07:00
John Gardiner Myers 7cb4fbe91e Never masquerade IPv6 with Cilium 2021-10-27 23:40:02 -07:00
Ciprian Hacman a3f4ed7502 Update node permissions 2021-10-28 07:47:09 +03:00
Kubernetes Prow Robot 77e6186fe4
Merge pull request #12615 from johngmyers/ciliuim-runtime-labels 
Remove vestigial Cilium ContainerRuntimeLabels code
 2021-10-26 23:37:25 -07:00
Kubernetes Prow Robot 228c82cb6e
Merge pull request #12571 from rifelpet/sqs-arn 
Use the SQS Queue's ARN reference
 2021-10-26 22:19:26 -07:00
Peter Rifel 7f8e1b8182
Fix GCE router terraform reference 2021-10-26 22:37:58 -05:00
justinsb 5e4987b246 GCE: support egress specification 
Empty or "nat" now defaults to creating a per-subnet NAT router for
private topologies.  "external" will assume that egress is configured
outside of kOps.
 2021-10-26 21:37:03 -04:00
Kubernetes Prow Robot 3a056c288b
Merge pull request #12382 from justinsb/gce_subnet_support_refactor 
GCE: improve network & subnet terraform support
 2021-10-26 17:53:41 -07:00
John Gardiner Myers ad6235e428 Update automatically generated files 2021-10-26 16:12:50 -07:00
Ole Markus With 795ac25363 Add permissions needed for KCM to provision NLBs 2021-10-26 08:51:28 +02:00
justinsb d363bf3dad GCE: improve network & subnet terraform support 
We should use the subnet spec in the Cluster, and default to creating
a new subnet/network, but allow an existing one to be specified.
 2021-10-24 17:41:14 -04:00
justinsb 0611e4f638 gce: open kops-controller port from nodes 
This is now needed in our nodeup bootstrap with vTPM on GCE.

Also remove the cadvisor port, it is no longer running on the control-plane nodes.
 2021-10-24 13:47:16 -04:00
Kubernetes Prow Robot 329e752192
Merge pull request #12594 from hakman/canal_tweaks 
Update Canal based on Calico
 2021-10-24 07:46:21 -07:00
justinsb af76c4c20a gce: allow router to refer to network object 
This allows for our execution model to work a little more smoothly.
 2021-10-24 09:19:06 -04:00
Ciprian Hacman b3e7a9705c Run hack/update-expected.sh 2021-10-24 12:27:56 +03:00
Kubernetes Prow Robot eb3f04702c
Merge pull request #12593 from hakman/canal_ckc 
Add calico-kube-controllers for Canal
 2021-10-24 00:12:21 -07:00
Ciprian Hacman 35be914a90 Run hack/update-expected.sh 2021-10-24 08:54:00 +03:00
Kubernetes Prow Robot 7912fe22e8
Merge pull request #12590 from justinsb/gce_network_shared 
GCE: Allow network to be marked as shared
 2021-10-23 22:38:21 -07:00
justinsb f0aa776d46 gce: update tests for shared networks 
Also need to populate mocks.
 2021-10-23 23:59:21 -04:00
Kubernetes Prow Robot 7e58bddce1
Merge pull request #12584 from rifelpet/canal320 
Upgrade Canal to v3.20 with k8s 1.22 support
 2021-10-23 17:52:21 -07:00
Peter Rifel 958db43bb8
./hack/update-expected.sh 2021-10-23 18:01:44 -06:00
Kubernetes Prow Robot af85e5e52e
Merge pull request #12309 from olemarkus/lbc-security 
Allow AWS LBC to attach certificates
 2021-10-23 13:16:21 -07:00
Kubernetes Prow Robot 727cdf73ad
Merge pull request #12156 from justinsb/prune_via_labels 
Prune addons via labels
 2021-10-22 12:54:43 -07:00
Kubernetes Prow Robot f8ba8b11f7
Merge pull request #12437 from olemarkus/cas-delay 
Make it possible to set CAS max-node-provision-time
 2021-10-22 09:34:38 -07:00
Kubernetes Prow Robot 900dae9db3
Merge pull request #12573 from rifelpet/vpc-cni-193 
Upgrade AWS VPC CNI to 1.9.3 w/ k8s 1.22 support
 2021-10-20 23:16:09 -07:00
Peter Rifel 477d930348
Upgrade AWS VPC CNI to 1.9.3 w/ k8s 1.22 support 2021-10-20 22:29:54 -07:00