kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
17,916 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

112 Commits

Author SHA1 Message Date
Ole Markus With 921d1b8ce0 OIDC flags are no longer optional 2022-06-07 15:45:56 +02:00
Peter Rifel 827326b860
Only rewrite to k8s.gcr.io until k8s 1.25 
1.25 is when official images have been migrated to registry.k8s.io, so we only need to rewrite until 1.25
 2022-06-06 20:20:42 -05:00
Ciprian Hacman fcb6ac3834 Add load balancer support for Hetzner 2022-05-11 09:44:46 +03:00
Ciprian Hacman b5f14b589b Add initial support for Hetzner Cloud 2022-05-09 06:12:15 +03:00
Ciprian Hacman 759172c3f0 Use k8s.gcr.io for k8s side-loaded images 
Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
 2022-03-23 12:15:57 +02:00
AkiraFukushima 313cc69127
Disable some flags in kube-apiserver when logging-format is not text 
Disable these flags because these are not accepted.
* --logtostderr
* --alsologtostderr
* --log-file
 2022-02-17 00:41:06 +09:00
justinsb 45ad8b50ae Enhance AddHostPathMapping to support a fluent style 
This allows for the helper to be used in more places.
 2021-12-31 13:26:12 -05:00
Ole Markus With 4a1e43526f Kube components log to stdout 2021-12-27 14:59:06 +01:00
John Gardiner Myers c5e1dea184 Remove code for no-longer-supported k8s version 2021-12-11 16:30:51 -08:00
Kubernetes Prow Robot c073ff595b
Merge pull request #12923 from justinsb/nodeup_store_cloudprovider 
nodeup: store the CloudProvider in the context
 2021-12-11 08:37:57 -08:00
justinsb 8220211655 nodeup: store the CloudProvider in the context 
This is a bit simpler than fetching it from the cluster every time,
and also can allow things like mixed-cloud clusters (in future).
 2021-12-11 09:16:03 -05:00
Ole Markus With 2088849768 Do not set insecure port on k8s 1.20+ 2021-12-11 12:44:56 +01:00
Ciprian Hacman 1f5a814d3a Replace Handler with ProbeHandler for container probes 2021-12-03 22:57:43 +02:00
Ciprian Hacman ea7df00719 Run hack/update-gofmt.sh 2021-12-01 22:39:50 +02:00
John Gardiner Myers ef754ce71f Make requests and limits be *resource.Quantity 2021-11-29 22:50:31 -08:00
John Gardiner Myers 5a42c10fd3 Rename fields in v1alpha3 cluster API to fit acronym convention 2021-11-21 16:16:32 -08:00
Peter Rifel db639664a1
Replace klog flags with go-runner in k8s 1.23 
These flags have been deprecated, see https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/2845-deprecate-klog-specific-flags-in-k8s-components
 2021-10-06 08:10:20 -05:00
Peter Rifel 88ddff3baf
Use separate cloud.config files for in-tree vs out-of-tree components 2021-09-30 09:20:33 -05:00
Ole Markus With 18faee636f Set kube-apiserver as default logs container 
Apply suggestions from code review

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2021-09-02 08:29:30 +02:00
John Gardiner Myers be8933b577 Remove code for unsupported features 2021-08-28 13:49:55 -07:00
John Gardiner Myers 526dd38e16 Remove apiserver's access to controller-manager secrets 2021-07-17 14:25:19 -07:00
John Gardiner Myers 226380bf5b Refactor legacy etcd manager etcd-client keypair 2021-07-17 14:25:19 -07:00
John Gardiner Myers 7c1ed8de66 Refactor kube-apiserver kubelet-api certificate 2021-07-16 23:07:14 -07:00
John Gardiner Myers 68bb8f5ddb Refactor kube-apiserver static credentials 2021-07-16 22:55:50 -07:00
John Gardiner Myers c8b1a586b8 Refactor kube-apiserver server certificate 2021-07-16 22:42:23 -07:00
John Gardiner Myers 68041a4f73 Issue certs using CA KeypairID in NodeupConfig 2021-07-10 23:23:12 -07:00
John Gardiner Myers 6ddccf5f79 Refactor some users of FindPrimaryKeypair 2021-07-10 23:23:12 -07:00
John Gardiner Myers d58a19e1bd Refactor service-account signing key 2021-07-10 17:31:59 -07:00
John Gardiner Myers 1e0c6cb1aa Refactor apiserver-aggregator-ca 2021-07-01 22:25:47 -07:00
John Gardiner Myers 7162a7473a Remove dead code 2021-07-01 13:58:51 -07:00
John Gardiner Myers 3de05a500e Refactor etcd-clients-ca keyset for api-server 2021-06-30 18:55:30 -07:00
John Gardiner Myers e1df9f09dd Refactor service-account public keys 2021-06-27 08:45:06 -07:00
John Gardiner Myers 60ae29c93c Refactor EncryptionConfig 2021-06-27 08:45:05 -07:00
John Gardiner Myers 1312163edd Update nodes with an APIServer when APIServer spec changes 2021-06-27 08:45:04 -07:00
John Gardiner Myers fc94505a76 Include multiple certs in aws-iam-authenticator trust bundle 2021-06-21 07:35:50 -07:00
John Gardiner Myers 12465ac27c Simplify extraction of service-account public keys 2021-06-05 16:38:28 -07:00
John Gardiner Myers 6b2250a9af Have apiserver trust all service-account keys 2021-06-05 16:38:08 -07:00
Alexander Block bb52334222 Make the events etcd cluster optional 2021-05-20 08:05:42 +02:00
John Gardiner Myers d3469d6ec2 Remove code for no-longer-supported k8s versions 2021-05-07 23:40:03 -07:00
Ole Markus With bd731ce989 Use secure kubelet auth 
Without secure node auth enabled, commands like `kubectl logs` may fail
with certain configurations.

Previously, we checked if anonymousAuth was enabled on the kubelet
before securing node communication, but this isn't really relevant. We
can still authenticate even if anonymous access is allowed.
 2021-04-13 08:59:39 +02:00
Ole Markus With 20bd724f5e Add support for scaling out the control plane with dedicated apiserver nodes 
Ensure apiserver role can only be used on AWS (because of firewalling)

Apply api-server label to CP as well

Consolidate node not ready validation message

Guard apiserver nodes with a feature flag

Rename Apiserver role to APIServer

Add an integration test for apiserver nodes

Rename Apiserver role to APIServer

Enumerate all roles in rolling update docs

Apply suggestions from code review

Co-authored-by: Steven E. Harris <seh@panix.com>
 2021-03-20 20:57:00 +01:00
shil dc03028e5d Update the logic to set kubeAPIServer.ClientCAFile 2021-02-02 12:10:43 -08:00
shil a0350a0dfa Use the kubeApiServerConfig clientCAFile field 2021-02-01 15:26:09 -08:00
Rodrigo Menezes da773ba35c Allow setting CPU limit and Mem request / limit for kube API 2020-11-23 10:03:34 -08:00
John Gardiner Myers 2ac17bee69 Remove code for no-longer-supported k8s releases 2020-10-29 16:45:53 -07:00
Ole Markus With 192d6a46f9 Errors when encryptionConfig is enabled, but no encryptionconfig secret 
When encryptionConfig is enabled, but the secret is missing, there is no
visible errors anywhere. kube-apiserver just goes into a crashloop
without any complains. This PR adds warnings both on the client side and
through nodeup.
 2020-09-08 17:46:18 +02:00
Justin SB 786423f617 Expose JWKS via a feature-flag 
When the PublicJWKS feature-flag is set, we expose the apiserver JWKS
document publicly (including enabling anonymous access).  This is a
stepping stone to a more hardened configuration where we copy the JWKS
document to S3/GCS/etc.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-08-30 10:15:11 -04:00
John Gardiner Myers 70926d43fc Use a stable key for signing service account tokens 2020-07-11 13:18:50 -07:00
John Gardiner Myers f4f4763dc2 Refactor more certs to be issued by nodeup 2020-06-28 23:12:13 -07:00
Ciprian Hacman 70a3a2e978 ARM64 support - Update side-loading for multi-arch 2020-06-19 04:42:11 +03:00