kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
21,038 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

252 Commits

Author SHA1 Message Date
Ciprian Hacman a2b811f68c Run hack/update-expected.sh 2023-01-03 11:03:44 +02:00
John Gardiner Myers e44ce84f78 hack/update-expected.sh 2023-01-02 13:58:23 -08:00
John Gardiner Myers 3fe4ee9b84 hack/update-expected.sh 2023-01-02 13:42:11 -08:00
John Gardiner Myers 768299134c hack/update-expected.sh 2023-01-02 12:50:24 -08:00
Ciprian Hacman 84b557d203 Run hack/update-expected.sh 2022-12-26 13:21:43 +02:00
John Gardiner Myers b820f4ac59 hack/update-expected.sh 2022-12-24 21:44:50 -08:00
John Gardiner Myers c0dff11230 Update min versions for 1.27 2022-12-24 21:44:49 -08:00
John Gardiner Myers 70389e6398
Release 1.27.0-alpha.1 (#14866) 2022-12-24 21:43:27 -08:00
Ciprian Hacman f5b72742b4
Release 1.26.0-beta.1 (#14858) 2022-12-23 01:13:27 -08:00
Kubernetes Prow Robot 424af287cf
Merge pull request #14823 from johngmyers/coredns 
Upgrade coredns to v1.10.0
 2022-12-20 00:11:44 -08:00
John Gardiner Myers 472a7f38b6 Upgrade coredns to v1.10.0 2022-12-19 23:26:39 -08:00
John Gardiner Myers 936790e953 Upgrade k8s-dns-node-cache to 1.22.15 2022-12-19 19:26:21 -08:00
John Gardiner Myers 4c036cb261 hack/update-expected.sh 2022-12-19 00:10:16 -08:00
Ciprian Hacman 09dc2c8455 Run hack/update-expected.sh 2022-12-09 08:01:54 +02:00
Ciprian Hacman 20805fe110 Run hack/update-expected.sh 2022-12-06 19:00:23 +02:00
John Gardiner Myers c6349285d4
Release 1.26.0-alpha.2 (#14665) 2022-11-25 09:06:04 -08:00
Denis Moiseev e7c3dee038 Add `ec2:DescribeAvailabilityZones` to the AWS CCM permissions list 
To workaround the issue with subnets auto-discovery [1]
AWS ccm needs to have permission to retrieve information about
availability zones (specifically to detect outpost, wavelength, and local zones [2]).

[1] https://github.com/kubernetes/cloud-provider-aws/issues/442
[2] https://github.com/kubernetes/cloud-provider-aws/pull/499
 2022-11-25 11:04:27 +01:00
John Gardiner Myers 6dd63c8e1f hack/update-expected.sh 2022-11-23 15:55:01 -08:00
John Gardiner Myers b105aa6a86 hack/update-expected.sh 2022-11-22 17:15:51 -08:00
John Gardiner Myers bfa4c124cc hack/update-expected.sh 2022-11-19 10:25:23 -08:00
John Gardiner Myers e0ee3eda2a Remove CloudFormation tests 2022-11-19 10:25:20 -08:00
John Gardiner Myers 8473e8b2e7 Stop making MasterInternalName configurable 2022-11-16 22:06:02 -08:00
Ciprian Hacman 309b37eadf Run hack/update-expected.sh 2022-11-15 14:51:54 +02:00
John Gardiner Myers 81ce39006f hack/update-expected.sh 2022-11-01 17:04:43 -07:00
John Gardiner Myers c53c3bf8f8 Update images in tests 2022-11-01 17:04:43 -07:00
Ole Markus With cd378bff72 Move setting role taints to cloudup 2022-10-18 13:42:00 +02:00
Thomas Colomb 9b28c14213 cluster-autoscaler : Add iam permission autoscaling:DescribeScalingActivities needed since 1.24 version 2022-09-23 13:20:21 +02:00
Ole Markus With f226b03abf Add back missing permissions for legacy CCM. Again. 2022-09-10 19:54:49 +02:00
Ciprian Hacman b9394fed18 Run hack/update-expected.sh 2022-08-12 19:40:25 +03:00
justinsb 8693164f76 Update expected output 2022-08-03 09:51:16 -04:00
Ole Markus With 8bcc640452 Make Karpenter respect IG's spec.Subnets 
This will add tag all subnets with the IGs using that subnet

Update docs/operations/karpenter.md

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2022-08-01 21:06:24 +02:00
Ciprian Hacman 9a591b2aa7 Run hack/update-expected.sh 2022-06-07 09:16:54 +03:00
Ciprian Hacman 30404d64a2 Run hack/update-expected.sh 
Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
 2022-03-18 09:01:59 +02:00
Ole Markus With 7132486ebf hack update-expected 2022-02-11 20:51:42 +01:00
Ole Markus With 9d476c0e9c Add CreateSecurityGroup permission for vpcs 2022-01-20 17:49:36 +01:00
Ole Markus With 666cf710a2 Push partition into the policy struct 2022-01-20 17:49:36 +01:00
Ole Markus With 0a082fed12 Require tag on create for external AWS CCM 2022-01-20 15:32:46 +01:00
Ciprian Hacman df29b6e406 Run hack/update-expected.sh 
Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
 2022-01-19 13:00:36 +02:00
Kubernetes Prow Robot 4eb54f2260
Merge pull request #13114 from olemarkus/nodeup-describe-regions 
Add DescribeRegions to nodeup privs
 2022-01-18 22:14:05 -08:00
Ole Markus With b80488906f Add DescribeRegions to nodeup privs 2022-01-17 09:34:29 +01:00
Ole Markus With f4e538508f Create helper function for ec2 create/tag-on-create IAM permissions 2022-01-14 18:41:28 +01:00
Kubernetes Prow Robot 2f31054e19
Merge pull request #13007 from hakman/skip_non-masquerade-cidr 
Use kubelet --non-masquerade-cidr only for Docker with kubenet
 2021-12-21 18:49:36 -08:00
justinsb e8ddfa4328 Update test data for bash return change 2021-12-20 10:12:07 -05:00
Ciprian Hacman b20dfe162a Run hack/update-expected.sh 2021-12-20 08:47:25 +02:00
Ole Markus With f2f9b9dcbb Determine hostnameOverride entirely in nodeup instead of passing in cloud placeholders from cloudup 2021-11-30 13:29:54 +01:00
Ciprian Hacman 7d34232b4c Run hack/update-expected.sh 2021-11-18 07:58:44 +02:00
Peter Rifel af426a272b
./hack/update-expected.sh 2021-11-03 22:17:41 -05:00
Peter Rifel c3e8420731
Revert "Move some AWS IAM policy actions from tagged conditions to wildcard" 
This reverts commit 91e4767851.
 2021-11-03 21:59:43 -05:00
Peter Rifel a8f7fee499
./hack/update-expected.sh 2021-11-02 20:21:37 -05:00
Peter Rifel 91e4767851
Move some AWS IAM policy actions from tagged conditions to wildcard 
I checked these against the IAM docs for each API and moved the actions that dont support tag conditions:
https://docs.aws.amazon.com/service-authorization/latest/reference/list_elasticloadbalancing.html#elasticloadbalancing-actions-as-permissions
https://docs.aws.amazon.com/service-authorization/latest/reference/list_elasticloadbalancingv2.html#elasticloadbalancingv2-actions-as-permissions
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html#amazonec2-actions-as-permissions
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2autoscaling.html#amazonec2autoscaling-actions-as-permissions
 2021-11-02 20:06:35 -05:00
Peter Rifel 8dc11bdba9
./hack/update-expected.sh 2021-10-29 23:08:28 -05:00
Ole Markus With 795ac25363 Add permissions needed for KCM to provision NLBs 2021-10-26 08:51:28 +02:00
Peter Rifel e5ca2d1cd6
./hack/update-expected.sh 2021-10-20 15:15:36 -07:00
Ciprian Hacman ff03aed9c5 Run hack/update-expected.sh 2021-10-04 22:25:16 +03:00
Ciprian Hacman 729f983c50 Run hack/update-expected.sh 2021-10-04 20:23:16 +03:00
Ciprian Hacman 2622964491 Run hack/update-expected.sh 2021-10-02 07:07:38 +03:00
Peter Rifel 724804025b
./hack/update-expected.sh 2021-09-30 09:20:33 -05:00
justinsb db1ba01e94 Only add IPv6 IAM permissions if using IPv6 
This avoids users wondering what these permissions are for until we
need them.
 2021-09-18 13:49:40 -04:00
Ole Markus With a3a2a9c3bf Have nodeup assign an ipv6 prefix 2021-09-16 19:28:07 +02:00
Ole Markus With 4ab75b01cb Have instances learn about their GPU capabilities 2021-09-05 20:09:04 +02:00
Ole Markus With 38f805c5ef Make external-dns a drop-in for dns-controller 
Support TXT records
 2021-08-27 06:24:47 +02:00
Peter Rifel 3db20bed01
./hack/update-expected.sh 2021-08-20 08:41:25 -05:00
Ole Markus With ce86d851aa IRSA support for CCM 
Update pkg/model/components/addonmanifests/awscloudcontroller/iam.go

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-08-07 10:27:36 +02:00
Ciprian Hacman 92ab49cdfb Update Docker to v20.10.8 2021-08-04 06:19:43 +03:00
Ciprian Hacman 541d328812 Update containerd to v1.4.9 2021-07-30 07:30:42 +03:00
Ciprian Hacman b6464658d4 Update containerd to v1.4.8 2021-07-29 05:27:10 +03:00
John Gardiner Myers 80eb3c42ac hack/update-expected.sh 2021-07-23 14:11:10 -07:00
Kubernetes Prow Robot 14de757bca
Merge pull request #11991 from olemarkus/refactor-iam 
Dedicated function for ccm permissons
 2021-07-16 13:06:10 -07:00
Ole Markus With f0390eda29 Dedicated function for ccm permissons 
Update pkg/model/iam/iam_builder.go

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2021-07-16 19:39:57 +02:00
John Gardiner Myers 10692bc2f4 hack/update-expected.sh 2021-07-14 08:19:10 -07:00
Ole Markus With c17ec3a7e7 Move containerd config from cloudup to nodeup 2021-07-14 10:28:37 +02:00
John Gardiner Myers e185c8148d hack/update-expected.sh 2021-07-11 11:16:11 -07:00
John Gardiner Myers 61606868ab hack/update-expected.sh 2021-07-10 23:23:13 -07:00
John Gardiner Myers a63e65038f hack/update-expected.sh 2021-07-10 17:31:59 -07:00
John Gardiner Myers 86c9ee5506 hack/update-expected.sh 2021-07-09 00:20:18 -07:00
John Gardiner Myers cdf26302b2 hack/update-expected.sh 2021-07-08 18:46:03 -07:00
Kubernetes Prow Robot 2e4a1ae143
Merge pull request #11921 from johngmyers/rename-k8s-ca 
Rename the "ca" keyset to "kubernetes-ca"
 2021-07-03 21:48:18 -07:00
Kubernetes Prow Robot cf834ce5fc
Merge pull request #11843 from olemarkus/reduce-policy-size-further 
Reduce policy size further
 2021-07-03 17:58:18 -07:00
John Gardiner Myers 5834fc2690 hack/update-expected.sh 2021-07-03 17:33:13 -07:00
John Gardiner Myers 5c5969d102 hack/update-expected.sh 2021-07-01 22:25:51 -07:00
Ole Markus With aad2912710 Add sets for the remaining addons 2021-07-01 10:37:57 +02:00
Ole Markus With df5b58b1b3 Add sets for the typical default role perms 2021-07-01 10:28:01 +02:00
Ole Markus With 37271998e1 Use sets for aws lbc permissions 2021-07-01 10:19:40 +02:00
Ole Markus With c7bd1c1529 Add s3 policies to integration tests 2021-07-01 09:26:58 +02:00
Ole Markus With 19833e6b73 Use sets for ebscsidriver permissions 2021-07-01 09:02:04 +02:00
John Gardiner Myers 0f1de5cfc8 hack/update-expected.sh 2021-06-30 18:55:35 -07:00
Kubernetes Prow Robot ee048e89e7
Merge pull request #11872 from johngmyers/refactor-serviceaccount 
Refactor nodeup APIServer builder, part one
 2021-06-28 10:42:01 -07:00
John Gardiner Myers 7dfe9d82ab hack/update-expected.sh 2021-06-27 08:45:06 -07:00
John Gardiner Myers fdf034058d hack/update-expected.sh 2021-06-27 08:45:05 -07:00
Ciprian Hacman 348eed772a Avoid spurious changes for ASG InstanceProtection and LT InstanceMonitoring 2021-06-27 10:08:13 +03:00
John Gardiner Myers 89209df150 hack/update-expected.sh 2021-06-25 22:25:50 -07:00
Ciprian Hacman d7f405f65a Decrease default values for net.ipv4.tcp_rmem and net.ipv4.tcp_wmem 2021-06-25 21:27:56 +03:00
John Gardiner Myers 7dea5af9be hack/update-expected.sh 2021-06-21 19:37:24 -07:00
John Gardiner Myers 48c42fe37f hack/update-expected.sh 2021-06-21 16:10:07 -07:00
Ole Markus With 79a2c111f2 Remove redundant permissions 2021-06-21 08:59:54 +02:00
Ole Markus With b3f274e140 Apply permissions to master role when irsa is not used 2021-06-21 08:56:11 +02:00
John Gardiner Myers 0700ef64a0 hack/update-expected.sh 2021-06-19 10:56:24 -07:00
Ole Markus With b37bc7578e Reduce master policy size for lb controller 2021-06-19 10:12:22 +02:00
Kubernetes Prow Robot 135cdf3461
Merge pull request #11789 from johngmyers/seed-rng 
Seed the random number generator on AWS
 2021-06-18 08:48:06 -07:00
Ole Markus With 33a7de60a7 Enable IRSA for EBS CSI Driver 2021-06-18 08:05:59 +02:00
John Gardiner Myers b1e77af664 hack/update-expected.sh 2021-06-17 23:03:52 -07:00
Ole Markus With 6e8e027aff Enable IRSA for Cluster Autoscaler 2021-06-16 18:03:11 +02:00
Ole Markus With e7fa3fa82c Set containerd config on nodeup.Config instead of clusterspec 
This allows us to set a default containerd config per IG (e.g add a different config for GPU IGs)

Can also be considered a cleanup as we no longer use containerd.overrideConfig as a mechanism for bringing the default containerd config from cloudup to nodeup.
 2021-06-15 11:08:22 +02:00
John Gardiner Myers 74a44c2270 Don't restrict nodeup download to IPv4 2021-06-13 21:46:58 -07:00
Kubernetes Prow Robot cfc93e5178
Merge pull request #9294 from johngmyers/refactor-nodeup-context 
Remove InstanceGroup from NodeupModelContext
 2021-06-12 13:43:01 -07:00
Matthew Wong b6266ce5f0 Run hack/update-expected.sh 2021-06-09 13:53:07 -07:00
John Gardiner Myers 1db6e318a1 hack/update-expected.sh 2021-06-03 21:30:06 -07:00
John Gardiner Myers 91d81e5a1a hack/update-expected.sh 2021-06-03 21:26:51 -07:00
John Gardiner Myers 4bf9150ab6 hack/update-expected.sh 2021-06-03 21:20:43 -07:00
John Gardiner Myers 1d44ee3116 hack/update-expected.sh 2021-06-03 20:41:05 -07:00
Ciprian Hacman 62f54d1401 Run hack/update-expected.sh 2021-06-03 11:16:08 +03:00
Ciprian Hacman 3b80de3bcc Convert all indents to spaces in node bootstrap script 2021-05-27 11:21:52 +03:00
Ole Markus With 46e13c0009 Bump snapshot-controller version 
Update upup/models/cloudup/resources/addons/storage-aws.addons.k8s.io/v1.15.0.yaml.template

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>

Update upup/models/cloudup/resources/addons/storage-aws.addons.k8s.io/v1.15.0.yaml.template

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2021-05-21 15:40:40 +02:00
Alexander Block 5306e27646 Run ./hack/update-expected.sh 2021-05-20 08:11:35 +02:00
Ciprian Hacman c0e71d802d Run hack/update-expected.sh 2021-05-19 20:31:13 +03:00
John Gardiner Myers 65711d05c0 hack/update-expected.sh 2021-05-19 08:02:10 -07:00
John Gardiner Myers fbd7663606 hack/update-expected.sh 2021-05-18 21:49:39 -07:00
Ciprian Hacman 57feaa65c3 Run hack/update-expected.sh 2021-05-19 06:21:07 +03:00
Ole Markus With d3581ebb84 bump aws lb controller to 2.2.0 2021-05-16 18:26:23 +02:00
Ciprian Hacman a39d829f1f Set canonical location for downloads to artifacts.k8s.io 
And remove the legacy location for downloads.
 2021-05-14 00:41:56 +03:00
Ole Markus With 1ec0bd18e8 Enable support for the ASG WarmPool lifecycle hook 
Update pkg/model/iam/iam_builder.go

Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>
 2021-04-24 09:40:52 +02:00
Kubernetes Prow Robot c771b7622e
Merge pull request #11216 from olemarkus/warm-nodeup 
Don't start kubelet if instance is entering the warm pool
 2021-04-15 00:07:49 -07:00
Ciprian Hacman 27e102bd04 Add support for Docker v20.10.6 2021-04-15 07:01:36 +03:00
Ole Markus With af92896dc7 Don't start kubelet if we are warming 2021-04-14 11:05:50 +02:00
Barry Melbourne 6575b6113d Update integration tests to k8s v1.21.0 2021-04-11 17:07:17 +01:00
Barry Melbourne 05123faf5a Update containerd to v1.3.10/v1.4.4 2021-03-23 17:02:01 +00:00
Bharath Vedartham 1d721c3ff8 Update integration tests 2021-03-06 00:33:20 +05:30
Ole Markus With 063e3f6c7b Use internal api url for jwks when required 
The public api url cannot be used by pods and nodes if access is restricted. So by default we need to use the internal one.
This should finally pass the OIDC e2e test

For public access, api server must be publically available and anonymous
auth must be enabled
 2021-03-05 06:52:51 +01:00
Ole Markus With 32fce0d59c Exclude CP nodes from load balancers 2021-02-27 20:14:31 +01:00
Ole Markus With 9a13837629 Fix JWKS path for volume projection 2021-02-18 22:07:35 +01:00
Alexander Block 16f3de29fb Run ./hack/update-expected.sh 2021-02-16 18:46:00 +01:00
Ciprian Hacman 1c4da19881 Update integration test outputs with new mock version 2021-02-16 14:21:15 +02:00
Ole Markus With 783b6c0d6c Make protokube CP label setting consistent with kops-controller 2021-02-12 08:17:14 +01:00
Steven E. Harris d44612cc84 Capture outcome of "hack/update-expected.sh" run 2021-02-11 10:49:49 -05:00
Ciprian Hacman f8d3b76556 Default IMDSv2 to "optional" for AWS 2021-01-29 14:02:14 +02:00
Kubernetes Prow Robot 3d39be7721
Merge pull request #10661 from hakman/etcd-manager-defaults 
Update AWS etcd-manager volumes defaults
 2021-01-28 22:01:41 -08:00
Ciprian Hacman ca408f7e8f Set default volume type to "gp3" for etcd-manager volumes in AWS 2021-01-27 06:23:27 +02:00
Justin SB 1d76a15f69 Set the tcp_rmem sysctl in bootstrap script 
This ensures that we're using our settings for downloading nodeup
itself and any assets that nodeup downloads.  This is a workaround for
reported problems with the initial download on some kernels otherwise.

Issue #10206
 2021-01-24 21:50:45 -05:00
Ciprian Hacman d889d61ddb Set default IMDS v2 to "required" for instances in AWS 2021-01-21 11:35:41 +02:00
Ciprian Hacman c8a9b2fb3e Set default volume encryption to "true" for instances in AWS 2021-01-21 11:27:02 +02:00
Ciprian Hacman 18bb14ffed Set default volume type to "gp3" for instances in AWS 2021-01-21 11:27:02 +02:00
Barry Melbourne 337c9c4c66 Set default container runtime to containerd 2021-01-16 14:55:35 +00:00
Ciprian Hacman b0cb0c77d4 Update integration tests for "update cluster" 2021-01-15 15:51:02 +02:00
Ole Markus With afbd057286 Use consistent naming for the remaining SGRs 2021-01-14 12:57:33 +01:00
Bharath Vedartham a8d709acf2 Default cgroup driver to systemd from k8s 1.20 
Currently, kOps uses cgroupfs cgroup driver for the kubelet and CRIs. This PR defaults
the cgroup driver to systemd for clusters created with k8s versions >= 1.20.

Using systemd as the cgroup-driver is the recommended way as per
https://kubernetes.io/docs/setup/production-environment/container-runtimes/
 2021-01-12 20:39:25 +05:30
Ole Markus With 2b3a8f133e Add control-plane node role annotation to cp nodes 
Update docs/releases/1.20-NOTES.md

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-01-08 12:39:42 +01:00
Kubernetes Prow Robot 22a9a13abf
Merge pull request #10488 from rifelpet/iam-role-tag 
AWS IAM Role Tagging
 2020-12-29 22:33:48 -08:00
Ciprian Hacman 01019f09ed Update integration tests 2020-12-28 21:11:34 +02:00
Ciprian Hacman 66039f150e Add containerd option for registry mirrors 2020-12-28 19:32:06 +02:00
Ciprian Hacman c02e5a20ea Remove support for Kubenet with containerd 2020-12-27 18:21:16 +02:00