kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
21,038 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

370 Commits

Author SHA1 Message Date
Ciprian Hacman 2622964491 Run hack/update-expected.sh 2021-10-02 07:07:38 +03:00
Kubernetes Prow Robot 8449d605bd
Merge pull request #12416 from olemarkus/channel-versions 
Add fixed version to all addons
 2021-09-30 12:21:15 -07:00
Peter Rifel 724804025b
./hack/update-expected.sh 2021-09-30 09:20:33 -05:00
Ole Markus With e7a5437a34 Add fixed version to all addons 
This will make also older channels trigger addon updates
 2021-09-30 15:25:29 +02:00
Peter Rifel ca044455a3
Remove critical-pod scheduler annotation. 
This is no longer recognized in all supported k8s versions (1.16+)

ea07644522/CHANGELOG/CHANGELOG-1.16.md (deprecations-and-removals)
 2021-09-22 21:14:50 -05:00
Ole Markus With f06fcc5af2 Add specific taints to dns-controller. 
Also set kops-controller as cluster critical, not node critical
 2021-09-22 16:40:08 +02:00
Kubernetes Prow Robot 8ab1f8bbc4
Merge pull request #12355 from justinsb/gate_ipv6_permissions 
Only add IPv6 IAM permissions if using IPv6
 2021-09-19 00:54:08 -07:00
justinsb db1ba01e94 Only add IPv6 IAM permissions if using IPv6 
This avoids users wondering what these permissions are for until we
need them.
 2021-09-18 13:49:40 -04:00
Peter Rifel 476eb96970
./hack/update-expected.sh 2021-09-17 18:08:59 -05:00
Peter Rifel 5247bb8cc2
./hack/update-expected.sh 2021-09-16 20:04:36 -05:00
Ole Markus With 1323ed9040 Add more tolerations to kops-controller and CCM . 
CCM and kops-controller taint each other out. This will make them
schedule, and schedule earlier.
 2021-09-16 21:09:45 +02:00
Ole Markus With a3a2a9c3bf Have nodeup assign an ipv6 prefix 2021-09-16 19:28:07 +02:00
Ole Markus With bdad72e9aa Allow AWS LBC to attach certificates 2021-09-11 12:50:37 +02:00
Ole Markus With 4ab75b01cb Have instances learn about their GPU capabilities 2021-09-05 20:09:04 +02:00
Ole Markus With dac7002b39 Fix core manifest 2021-09-04 12:49:59 +02:00
Kubernetes Prow Robot c70ced2f66
Merge pull request #12219 from dntosas/nodelocaldns-bump-version 
[addons/node-local-dns] Bump version and make image field configurable
 2021-09-01 04:54:59 -07:00
Kubernetes Prow Robot fc91d0d459
Merge pull request #12229 from olemarkus/bump-cm-2212 
Bump cert-manager to 1.5.3
 2021-08-31 07:23:37 -07:00
Ole Markus With 4bde644786 Bump cert-manager to 1.5.3 2021-08-31 13:12:58 +02:00
dntosas f558f2441a
[addons/nodelocaldns] Bump image to latest stable v1.20.0 
As per
 3b17e06879,
 node-local-dns addon is now builded with latest coreDNS base v1.8 and
 that brings great consistency between cache and upstream servers in a
 manner of configuration, metrics name convention, etc.

 So in this commit, we bump node-local-dns image to latest v1.20.0 which
 is build upon latest coreDNS and also add support for overriding this
 field.

Signed-off-by: dntosas <ntosas@gmail.com>
 2021-08-31 14:07:19 +03:00
John Gardiner Myers 01dd7d562e hack/update-expected.sh 2021-08-29 14:19:02 -07:00
John Gardiner Myers 1ea4168cab Release 1.23.0-alpha.1 2021-08-27 21:12:45 -07:00
Ole Markus With 41c3ff2aac Make external dns provider configurable 2021-08-27 06:28:02 +02:00
Ole Markus With 38f805c5ef Make external-dns a drop-in for dns-controller 
Support TXT records
 2021-08-27 06:24:47 +02:00
Peter Rifel bf20cef86f
Add terraform outputs OIDC provider ARN and issuer 
These fields are valuable because their fields are used in the assume role policies of service account IAM roles, based on the docs here:

https://docs.aws.amazon.com/eks/latest/userguide/create-service-account-iam-policy-and-role.html#aws-cli
 2021-08-23 21:48:59 -05:00
Kubernetes Prow Robot cf2b0febf1
Merge pull request #12183 from rifelpet/consolidate-iam 
Consolidate statements in control plane IAM role
 2021-08-21 19:09:59 -07:00
Ole Markus With 11ffa653cb Bump cert-manager to 1.5.2 2021-08-21 21:12:23 +02:00
Peter Rifel 3db20bed01
./hack/update-expected.sh 2021-08-20 08:41:25 -05:00
Ole Markus With 2288900ae6 Bump cert-manager to 1.5.1 2021-08-18 20:34:05 +02:00
Ole Markus With 57bd06b281 Bump Cert Manager for 1.22 2021-08-12 08:36:22 +02:00
Peter Rifel 0789a5ad9c
./hack/update-expected.sh 2021-08-08 15:54:27 -04:00
Ole Markus With 0439bb0d76 Remove UseServiceAccountIAM feature flag and rename feature to UseServiceAccountExternalPermissions 2021-08-07 21:20:03 +02:00
Ole Markus With ce86d851aa IRSA support for CCM 
Update pkg/model/components/addonmanifests/awscloudcontroller/iam.go

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-08-07 10:27:36 +02:00
Ole Markus With 1839b1ac47 Revert most of #12023 and keep awslbc on CP nodes 2021-08-05 19:30:27 +02:00
Ciprian Hacman 92ab49cdfb Update Docker to v20.10.8 2021-08-04 06:19:43 +03:00
Kubernetes Prow Robot a9207f4a6c
Merge pull request #12087 from johngmyers/sha256-manifest 
Use SHA-256 for manifest hashes
 2021-08-01 21:55:23 -07:00
John Gardiner Myers d6a159a258 hack/update-expected.sh 2021-08-01 16:42:14 -07:00
Ciprian Hacman 541d328812 Update containerd to v1.4.9 2021-07-30 07:30:42 +03:00
Ciprian Hacman fc3a103baf Update core-dns to v1.8.4 2021-07-29 08:23:35 +03:00
Ciprian Hacman b6464658d4 Update containerd to v1.4.8 2021-07-29 05:27:10 +03:00
John Gardiner Myers 80eb3c42ac hack/update-expected.sh 2021-07-23 14:11:10 -07:00
Ole Markus With d31c682506 Set vpc-id on aws lbc 2021-07-19 15:14:15 +02:00
Ciprian Hacman 4d7ebd343c
Release 1.22.0-alpha.2 (#12012) 2021-07-17 21:42:51 -07:00
Kubernetes Prow Robot 14de757bca
Merge pull request #11991 from olemarkus/refactor-iam 
Dedicated function for ccm permissons
 2021-07-16 13:06:10 -07:00
Ole Markus With f0390eda29 Dedicated function for ccm permissons 
Update pkg/model/iam/iam_builder.go

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2021-07-16 19:39:57 +02:00
John Gardiner Myers 10692bc2f4 hack/update-expected.sh 2021-07-14 08:19:10 -07:00
Kubernetes Prow Robot 2526a35962
Merge pull request #11986 from olemarkus/nodeup-containerd 
Move containerd config from cloudup to nodeup
 2021-07-14 02:10:27 -07:00
Ole Markus With c17ec3a7e7 Move containerd config from cloudup to nodeup 2021-07-14 10:28:37 +02:00
Ole Markus With a13cdb38f3 Add region to aws lbc 2021-07-14 08:23:53 +02:00
John Gardiner Myers e185c8148d hack/update-expected.sh 2021-07-11 11:16:11 -07:00
John Gardiner Myers 61606868ab hack/update-expected.sh 2021-07-10 23:23:13 -07:00
John Gardiner Myers a63e65038f hack/update-expected.sh 2021-07-10 17:31:59 -07:00
John Gardiner Myers 86c9ee5506 hack/update-expected.sh 2021-07-09 00:20:18 -07:00
John Gardiner Myers cdf26302b2 hack/update-expected.sh 2021-07-08 18:46:03 -07:00
Ciprian Hacman fd08e2b047 Run hack/update-expected.sh 2021-07-08 22:12:12 +03:00
Ole Markus With 2d56558efe Run cert-manager cainjector on CP nodes as well 2021-07-06 16:05:41 +02:00
Kubernetes Prow Robot 0e458331b0
Merge pull request #11934 from olemarkus/cm-webhook-cp 
Schedule certmanager webhook on control plane
 2021-07-06 02:18:20 -07:00
Ole Markus With 561161291f Schedule certmanager webhook on control plane 2021-07-06 08:45:12 +02:00
John Gardiner Myers 9c83afb739 Remove obsolete files 2021-07-05 23:11:17 -07:00
Kubernetes Prow Robot 2e4a1ae143
Merge pull request #11921 from johngmyers/rename-k8s-ca 
Rename the "ca" keyset to "kubernetes-ca"
 2021-07-03 21:48:18 -07:00
Kubernetes Prow Robot cf834ce5fc
Merge pull request #11843 from olemarkus/reduce-policy-size-further 
Reduce policy size further
 2021-07-03 17:58:18 -07:00
John Gardiner Myers 5834fc2690 hack/update-expected.sh 2021-07-03 17:33:13 -07:00
John Gardiner Myers 5c5969d102 hack/update-expected.sh 2021-07-01 22:25:51 -07:00
John Gardiner Myers 186aaf6d96 hack/update-expected.sh 2021-07-01 14:45:32 -07:00
Ole Markus With df5b58b1b3 Add sets for the typical default role perms 2021-07-01 10:28:01 +02:00
Ole Markus With 37271998e1 Use sets for aws lbc permissions 2021-07-01 10:19:40 +02:00
Ole Markus With c7bd1c1529 Add s3 policies to integration tests 2021-07-01 09:26:58 +02:00
John Gardiner Myers 0f1de5cfc8 hack/update-expected.sh 2021-06-30 18:55:35 -07:00
John Gardiner Myers e90f2cc834 hack/update-expected.sh 2021-06-28 13:48:35 -07:00
Kubernetes Prow Robot ee048e89e7
Merge pull request #11872 from johngmyers/refactor-serviceaccount 
Refactor nodeup APIServer builder, part one
 2021-06-28 10:42:01 -07:00
John Gardiner Myers 7dfe9d82ab hack/update-expected.sh 2021-06-27 08:45:06 -07:00
John Gardiner Myers fdf034058d hack/update-expected.sh 2021-06-27 08:45:05 -07:00
Ciprian Hacman 348eed772a Avoid spurious changes for ASG InstanceProtection and LT InstanceMonitoring 2021-06-27 10:08:13 +03:00
John Gardiner Myers 89209df150 hack/update-expected.sh 2021-06-25 22:25:50 -07:00
Ciprian Hacman d7f405f65a Decrease default values for net.ipv4.tcp_rmem and net.ipv4.tcp_wmem 2021-06-25 21:27:56 +03:00
John Gardiner Myers 7dea5af9be hack/update-expected.sh 2021-06-21 19:37:24 -07:00
John Gardiner Myers 48c42fe37f hack/update-expected.sh 2021-06-21 16:10:07 -07:00
Ole Markus With 79a2c111f2 Remove redundant permissions 2021-06-21 08:59:54 +02:00
Ole Markus With b3f274e140 Apply permissions to master role when irsa is not used 2021-06-21 08:56:11 +02:00
Kubernetes Prow Robot e4eff07c81
Merge pull request #11809 from johngmyers/rotate-5 
Include multiple cluster CAs in trust stores
 2021-06-20 13:20:51 -07:00
Ole Markus With 778323eec9 Add missing lbc permission 2021-06-19 20:03:40 +02:00
John Gardiner Myers 0700ef64a0 hack/update-expected.sh 2021-06-19 10:56:24 -07:00
John Gardiner Myers 07474c6d30 Fix CA keys for all integration tests 2021-06-19 10:50:53 -07:00
Ole Markus With b37bc7578e Reduce master policy size for lb controller 2021-06-19 10:12:22 +02:00
Kubernetes Prow Robot 135cdf3461
Merge pull request #11789 from johngmyers/seed-rng 
Seed the random number generator on AWS
 2021-06-18 08:48:06 -07:00
Ole Markus With 33a7de60a7 Enable IRSA for EBS CSI Driver 2021-06-18 08:05:59 +02:00
John Gardiner Myers b1e77af664 hack/update-expected.sh 2021-06-17 23:03:52 -07:00
Ole Markus With 6e8e027aff Enable IRSA for Cluster Autoscaler 2021-06-16 18:03:11 +02:00
Ole Markus With e7fa3fa82c Set containerd config on nodeup.Config instead of clusterspec 
This allows us to set a default containerd config per IG (e.g add a different config for GPU IGs)

Can also be considered a cleanup as we no longer use containerd.overrideConfig as a mechanism for bringing the default containerd config from cloudup to nodeup.
 2021-06-15 11:08:22 +02:00
John Gardiner Myers 74a44c2270 Don't restrict nodeup download to IPv4 2021-06-13 21:46:58 -07:00
Kubernetes Prow Robot cfc93e5178
Merge pull request #9294 from johngmyers/refactor-nodeup-context 
Remove InstanceGroup from NodeupModelContext
 2021-06-12 13:43:01 -07:00
Matthew Wong b6266ce5f0 Run hack/update-expected.sh 2021-06-09 13:53:07 -07:00
John Gardiner Myers 1db6e318a1 hack/update-expected.sh 2021-06-03 21:30:06 -07:00
John Gardiner Myers 91d81e5a1a hack/update-expected.sh 2021-06-03 21:26:51 -07:00
John Gardiner Myers 4bf9150ab6 hack/update-expected.sh 2021-06-03 21:20:43 -07:00
John Gardiner Myers 1d44ee3116 hack/update-expected.sh 2021-06-03 20:41:05 -07:00
Ciprian Hacman 62f54d1401 Run hack/update-expected.sh 2021-06-03 11:16:08 +03:00
Kubernetes Prow Robot 3c4b6068b9
Merge pull request #11649 from h3poteto/fix-jwks-location 
Fix jwks object path in S3 for IRSA
 2021-06-01 08:26:27 -07:00
AkiraFukushima 361b02fa44
Fix integration test for oidc because the object path is changed 2021-06-01 23:35:21 +09:00
John Gardiner Myers 0a48b9050f Protokube needs dns-controller IAM permissions 2021-05-31 06:58:59 -07:00
Ciprian Hacman 3b80de3bcc Convert all indents to spaces in node bootstrap script 2021-05-27 11:21:52 +03:00
Ole Markus With 46e13c0009 Bump snapshot-controller version 
Update upup/models/cloudup/resources/addons/storage-aws.addons.k8s.io/v1.15.0.yaml.template

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>

Update upup/models/cloudup/resources/addons/storage-aws.addons.k8s.io/v1.15.0.yaml.template

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2021-05-21 15:40:40 +02:00
Alexander Block 5306e27646 Run ./hack/update-expected.sh 2021-05-20 08:11:35 +02:00
Ciprian Hacman c0e71d802d Run hack/update-expected.sh 2021-05-19 20:31:13 +03:00
John Gardiner Myers 65711d05c0 hack/update-expected.sh 2021-05-19 08:02:10 -07:00
John Gardiner Myers fbd7663606 hack/update-expected.sh 2021-05-18 21:49:39 -07:00
Ciprian Hacman 57feaa65c3 Run hack/update-expected.sh 2021-05-19 06:21:07 +03:00
Ole Markus With d3581ebb84 bump aws lb controller to 2.2.0 2021-05-16 18:26:23 +02:00
Ciprian Hacman a39d829f1f Set canonical location for downloads to artifacts.k8s.io 
And remove the legacy location for downloads.
 2021-05-14 00:41:56 +03:00
Ole Markus With cd9ddd6716 Add elasticloadbalancing:ModifyTargetGroupAttributes to aws lb controller 2021-05-06 15:27:39 +02:00
John Gardiner Myers a79da8ee86 Don't use PublicJWKS in TestAWSLBController 2021-05-06 00:11:23 -07:00
John Gardiner Myers 5c4f1c4f6c Adjust sorting of resources in hcl2 2021-05-02 19:39:23 -07:00
Ole Markus With 460586833b Add toggle for AWS OIDC provider. Free it from any feature flag 2021-04-30 19:19:06 +02:00
Ole Markus With 25b5f0cfb2 Move publicDataStore to serviceAccountIssuerDiscovery.discoveryStore 2021-04-30 19:19:06 +02:00
Ole Markus With 1ec0bd18e8 Enable support for the ASG WarmPool lifecycle hook 
Update pkg/model/iam/iam_builder.go

Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>
 2021-04-24 09:40:52 +02:00
Kubernetes Prow Robot c771b7622e
Merge pull request #11216 from olemarkus/warm-nodeup 
Don't start kubelet if instance is entering the warm pool
 2021-04-15 00:07:49 -07:00
Ciprian Hacman 27e102bd04 Add support for Docker v20.10.6 2021-04-15 07:01:36 +03:00
Ole Markus With af92896dc7 Don't start kubelet if we are warming 2021-04-14 11:05:50 +02:00
Barry Melbourne 6575b6113d Update integration tests to k8s v1.21.0 2021-04-11 17:07:17 +01:00
Ole Markus With dbd23473ef Add irsa support for awslbcontroller 
This commit also introduces support for adding token projection volumes for well-known SAs.
Slightly less complicated than explicitly parsing the objects for a manifest
 2021-04-04 21:24:07 +02:00
Ole Markus With 1e3674e896 Add integration test for aws lb controller 2021-04-04 19:46:09 +02:00