Automatic merge from submit-queue.
Refactor VFS CA store to reuse keyset from clientset
This ensures the two behave more similarly, but also will help us parse a
serialized keyset.
Builds on #3836
Automatic merge from submit-queue.
Update code-of-conduct.md
Refer to kubernetes/community as authoritative source for code of conduct
ref: kubernetes/community#1527
Automatic merge from submit-queue.
Remove use of deprecated create-if-missing functions
Generally tightening up the interface to make it easier to remove list
operations.
Builds on #3835
Adding the capbility for kops validate cluster command to output YAML or JSON.
The validate.ValidationCluster struct is used as body of the JSON or
YAML document.
Automatic merge from submit-queue.
Avoid ListSecrets call in nodeup
This helps up with GCE permissions, but also helps us get rid of auth
tokens.
Builds on #3834
Automatic merge from submit-queue.
Refactor: clean up SecretStore to not use KeystoreItem
More moving to use API objects, except in this case we eventually want to
deprecate SecretStore entirely.
Builds on #3833
Automatic merge from submit-queue.
Add --subnets and --utility-subnets to kops create cluster
This change adds two new options to `kops create cluster`
When specifying `--vpc`, `--subnets` can be specified as an unordered array of subnet ids. Kops will then look up the zones of the subnets to find which zone to add the subnet id to.
If `--topology private` is also specified, `--utility-subnets` can similarly be specified.
~If a zone was specified but a subnet wasn't given that matches the zone, then the subnet will be allocated a CIDR with the current behaviour.~ This case fails validation here 7bd0a6a703/pkg/apis/kops/validation/validation.go (L151)
I can add unit tests and docs changes if required, but I am keen to get feedback before I proceed much further.
I have only added support for AWS.
I have tested this by running a command similar to this:
```bash
kops create cluster \
--zones=us-east-1a,us-east-1b,us-east-1c \
--topology private \
--master-zones=us-east-1a,us-east-1b,us-east-1c \
--vpc $vpc_id \
--subnets subnet-111111,subnet-222222,subnet-333333 \
--utility-subnets subnet-444444,subnet-555555,subnet-666666 \
$cluster_hosted_zone_name
```
And the cluster spec was as expected.
Automatic merge from submit-queue.
Support for OIDC 'username-prefix' and 'groups-prefix' flags
### What
Added support for `--oidc-username-prefix` and `--oidc-groups-prefix`.
By passing these it's possible to override the default prefixes used to map the OIDC user with the username in kubernetes.
### See
See: https://kubernetes.io/docs/admin/authentication/#configuring-the-api-server
### IMPORTANT
I'm far from a kubernetes/KOPS, this is not tested so someone needs to have a look and see if something is missing or if this can cause troubles! (don't want to accidentally cause the destruction of the universe 💥 )
It's basically the same done in this other PR: https://github.com/kubernetes/kops/pull/1438/files
I did **not** change the `zz_generated.conversion.go` files as according to comment at the top of them they're autogenerated:
```go
// This file was autogenerated by conversion-gen. Do not edit it manually!
```
(I wonder if they should be `.gitignore`d)
### Fixes
This should fix [#4007: field oidcUsernamePrefix is not recognized in cluster configuration file](https://github.com/kubernetes/kops/issues/4007)
Automatic merge from submit-queue.
work on using files assets
Basic MVP for file assests.
- using file assest builder
- able to upload files
- using URL structs instead of strings everywhere
Automatic merge from submit-queue.
Adds permissions for ELB and NLB req'd by 1.9
Adds appropriate IAM permissions to Masters (in restrictive mode) for ELB and NLB.
Closes https://github.com/kubernetes/kops/issues/3883
File assets and the SHA files are uploaded to the new location. Files
when are users uses s3 are upload public read only. The copyfile task
uses only the existing SHA value.
This PR include major refactoring of the use of URLs. Strings are no
longer categnated, but converted into a URL struct and path.Join is
utlilized.
A new values.go file is included so that we can start refactoring more
code out of the "fi" package.
A
Kubernetes Submit Queue