kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
21,038 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

252 Commits

Author SHA1 Message Date
Peter Rifel 8dc11bdba9
./hack/update-expected.sh 2021-10-29 23:08:28 -05:00
Ole Markus With 795ac25363 Add permissions needed for KCM to provision NLBs 2021-10-26 08:51:28 +02:00
Peter Rifel e5ca2d1cd6
./hack/update-expected.sh 2021-10-20 15:15:36 -07:00
Ciprian Hacman ff03aed9c5 Run hack/update-expected.sh 2021-10-04 22:25:16 +03:00
Ciprian Hacman 729f983c50 Run hack/update-expected.sh 2021-10-04 20:23:16 +03:00
Ciprian Hacman 2622964491 Run hack/update-expected.sh 2021-10-02 07:07:38 +03:00
Peter Rifel 724804025b
./hack/update-expected.sh 2021-09-30 09:20:33 -05:00
justinsb db1ba01e94 Only add IPv6 IAM permissions if using IPv6 
This avoids users wondering what these permissions are for until we
need them.
 2021-09-18 13:49:40 -04:00
Ole Markus With a3a2a9c3bf Have nodeup assign an ipv6 prefix 2021-09-16 19:28:07 +02:00
Ole Markus With 4ab75b01cb Have instances learn about their GPU capabilities 2021-09-05 20:09:04 +02:00
Ole Markus With 38f805c5ef Make external-dns a drop-in for dns-controller 
Support TXT records
 2021-08-27 06:24:47 +02:00
Peter Rifel 3db20bed01
./hack/update-expected.sh 2021-08-20 08:41:25 -05:00
Ole Markus With ce86d851aa IRSA support for CCM 
Update pkg/model/components/addonmanifests/awscloudcontroller/iam.go

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-08-07 10:27:36 +02:00
Ciprian Hacman 92ab49cdfb Update Docker to v20.10.8 2021-08-04 06:19:43 +03:00
Ciprian Hacman 541d328812 Update containerd to v1.4.9 2021-07-30 07:30:42 +03:00
Ciprian Hacman b6464658d4 Update containerd to v1.4.8 2021-07-29 05:27:10 +03:00
John Gardiner Myers 80eb3c42ac hack/update-expected.sh 2021-07-23 14:11:10 -07:00
Kubernetes Prow Robot 14de757bca
Merge pull request #11991 from olemarkus/refactor-iam 
Dedicated function for ccm permissons
 2021-07-16 13:06:10 -07:00
Ole Markus With f0390eda29 Dedicated function for ccm permissons 
Update pkg/model/iam/iam_builder.go

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2021-07-16 19:39:57 +02:00
John Gardiner Myers 10692bc2f4 hack/update-expected.sh 2021-07-14 08:19:10 -07:00
Ole Markus With c17ec3a7e7 Move containerd config from cloudup to nodeup 2021-07-14 10:28:37 +02:00
John Gardiner Myers e185c8148d hack/update-expected.sh 2021-07-11 11:16:11 -07:00
John Gardiner Myers 61606868ab hack/update-expected.sh 2021-07-10 23:23:13 -07:00
John Gardiner Myers a63e65038f hack/update-expected.sh 2021-07-10 17:31:59 -07:00
John Gardiner Myers 86c9ee5506 hack/update-expected.sh 2021-07-09 00:20:18 -07:00
John Gardiner Myers cdf26302b2 hack/update-expected.sh 2021-07-08 18:46:03 -07:00
Kubernetes Prow Robot 2e4a1ae143
Merge pull request #11921 from johngmyers/rename-k8s-ca 
Rename the "ca" keyset to "kubernetes-ca"
 2021-07-03 21:48:18 -07:00
Kubernetes Prow Robot cf834ce5fc
Merge pull request #11843 from olemarkus/reduce-policy-size-further 
Reduce policy size further
 2021-07-03 17:58:18 -07:00
John Gardiner Myers 5834fc2690 hack/update-expected.sh 2021-07-03 17:33:13 -07:00
John Gardiner Myers 5c5969d102 hack/update-expected.sh 2021-07-01 22:25:51 -07:00
Ole Markus With aad2912710 Add sets for the remaining addons 2021-07-01 10:37:57 +02:00
Ole Markus With df5b58b1b3 Add sets for the typical default role perms 2021-07-01 10:28:01 +02:00
Ole Markus With 37271998e1 Use sets for aws lbc permissions 2021-07-01 10:19:40 +02:00
Ole Markus With c7bd1c1529 Add s3 policies to integration tests 2021-07-01 09:26:58 +02:00
Ole Markus With 19833e6b73 Use sets for ebscsidriver permissions 2021-07-01 09:02:04 +02:00
John Gardiner Myers 0f1de5cfc8 hack/update-expected.sh 2021-06-30 18:55:35 -07:00
Kubernetes Prow Robot ee048e89e7
Merge pull request #11872 from johngmyers/refactor-serviceaccount 
Refactor nodeup APIServer builder, part one
 2021-06-28 10:42:01 -07:00
John Gardiner Myers 7dfe9d82ab hack/update-expected.sh 2021-06-27 08:45:06 -07:00
John Gardiner Myers fdf034058d hack/update-expected.sh 2021-06-27 08:45:05 -07:00
Ciprian Hacman 348eed772a Avoid spurious changes for ASG InstanceProtection and LT InstanceMonitoring 2021-06-27 10:08:13 +03:00
John Gardiner Myers 89209df150 hack/update-expected.sh 2021-06-25 22:25:50 -07:00
Ciprian Hacman d7f405f65a Decrease default values for net.ipv4.tcp_rmem and net.ipv4.tcp_wmem 2021-06-25 21:27:56 +03:00
John Gardiner Myers 7dea5af9be hack/update-expected.sh 2021-06-21 19:37:24 -07:00
John Gardiner Myers 48c42fe37f hack/update-expected.sh 2021-06-21 16:10:07 -07:00
Ole Markus With 79a2c111f2 Remove redundant permissions 2021-06-21 08:59:54 +02:00
Ole Markus With b3f274e140 Apply permissions to master role when irsa is not used 2021-06-21 08:56:11 +02:00
John Gardiner Myers 0700ef64a0 hack/update-expected.sh 2021-06-19 10:56:24 -07:00
Ole Markus With b37bc7578e Reduce master policy size for lb controller 2021-06-19 10:12:22 +02:00
Kubernetes Prow Robot 135cdf3461
Merge pull request #11789 from johngmyers/seed-rng 
Seed the random number generator on AWS
 2021-06-18 08:48:06 -07:00
Ole Markus With 33a7de60a7 Enable IRSA for EBS CSI Driver 2021-06-18 08:05:59 +02:00
John Gardiner Myers b1e77af664 hack/update-expected.sh 2021-06-17 23:03:52 -07:00
Ole Markus With 6e8e027aff Enable IRSA for Cluster Autoscaler 2021-06-16 18:03:11 +02:00
Ole Markus With e7fa3fa82c Set containerd config on nodeup.Config instead of clusterspec 
This allows us to set a default containerd config per IG (e.g add a different config for GPU IGs)

Can also be considered a cleanup as we no longer use containerd.overrideConfig as a mechanism for bringing the default containerd config from cloudup to nodeup.
 2021-06-15 11:08:22 +02:00
John Gardiner Myers 74a44c2270 Don't restrict nodeup download to IPv4 2021-06-13 21:46:58 -07:00
Kubernetes Prow Robot cfc93e5178
Merge pull request #9294 from johngmyers/refactor-nodeup-context 
Remove InstanceGroup from NodeupModelContext
 2021-06-12 13:43:01 -07:00
Matthew Wong b6266ce5f0 Run hack/update-expected.sh 2021-06-09 13:53:07 -07:00
John Gardiner Myers 1db6e318a1 hack/update-expected.sh 2021-06-03 21:30:06 -07:00
John Gardiner Myers 91d81e5a1a hack/update-expected.sh 2021-06-03 21:26:51 -07:00
John Gardiner Myers 4bf9150ab6 hack/update-expected.sh 2021-06-03 21:20:43 -07:00
John Gardiner Myers 1d44ee3116 hack/update-expected.sh 2021-06-03 20:41:05 -07:00
Ciprian Hacman 62f54d1401 Run hack/update-expected.sh 2021-06-03 11:16:08 +03:00
Ciprian Hacman 3b80de3bcc Convert all indents to spaces in node bootstrap script 2021-05-27 11:21:52 +03:00
Ole Markus With 46e13c0009 Bump snapshot-controller version 
Update upup/models/cloudup/resources/addons/storage-aws.addons.k8s.io/v1.15.0.yaml.template

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>

Update upup/models/cloudup/resources/addons/storage-aws.addons.k8s.io/v1.15.0.yaml.template

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2021-05-21 15:40:40 +02:00
Alexander Block 5306e27646 Run ./hack/update-expected.sh 2021-05-20 08:11:35 +02:00
Ciprian Hacman c0e71d802d Run hack/update-expected.sh 2021-05-19 20:31:13 +03:00
John Gardiner Myers 65711d05c0 hack/update-expected.sh 2021-05-19 08:02:10 -07:00
John Gardiner Myers fbd7663606 hack/update-expected.sh 2021-05-18 21:49:39 -07:00
Ciprian Hacman 57feaa65c3 Run hack/update-expected.sh 2021-05-19 06:21:07 +03:00
Ole Markus With d3581ebb84 bump aws lb controller to 2.2.0 2021-05-16 18:26:23 +02:00
Ciprian Hacman a39d829f1f Set canonical location for downloads to artifacts.k8s.io 
And remove the legacy location for downloads.
 2021-05-14 00:41:56 +03:00
Ole Markus With 1ec0bd18e8 Enable support for the ASG WarmPool lifecycle hook 
Update pkg/model/iam/iam_builder.go

Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>
 2021-04-24 09:40:52 +02:00
Kubernetes Prow Robot c771b7622e
Merge pull request #11216 from olemarkus/warm-nodeup 
Don't start kubelet if instance is entering the warm pool
 2021-04-15 00:07:49 -07:00
Ciprian Hacman 27e102bd04 Add support for Docker v20.10.6 2021-04-15 07:01:36 +03:00
Ole Markus With af92896dc7 Don't start kubelet if we are warming 2021-04-14 11:05:50 +02:00
Barry Melbourne 6575b6113d Update integration tests to k8s v1.21.0 2021-04-11 17:07:17 +01:00
Barry Melbourne 05123faf5a Update containerd to v1.3.10/v1.4.4 2021-03-23 17:02:01 +00:00
Bharath Vedartham 1d721c3ff8 Update integration tests 2021-03-06 00:33:20 +05:30
Ole Markus With 063e3f6c7b Use internal api url for jwks when required 
The public api url cannot be used by pods and nodes if access is restricted. So by default we need to use the internal one.
This should finally pass the OIDC e2e test

For public access, api server must be publically available and anonymous
auth must be enabled
 2021-03-05 06:52:51 +01:00
Ole Markus With 32fce0d59c Exclude CP nodes from load balancers 2021-02-27 20:14:31 +01:00
Ole Markus With 9a13837629 Fix JWKS path for volume projection 2021-02-18 22:07:35 +01:00
Alexander Block 16f3de29fb Run ./hack/update-expected.sh 2021-02-16 18:46:00 +01:00
Ciprian Hacman 1c4da19881 Update integration test outputs with new mock version 2021-02-16 14:21:15 +02:00
Ole Markus With 783b6c0d6c Make protokube CP label setting consistent with kops-controller 2021-02-12 08:17:14 +01:00
Steven E. Harris d44612cc84 Capture outcome of "hack/update-expected.sh" run 2021-02-11 10:49:49 -05:00
Ciprian Hacman f8d3b76556 Default IMDSv2 to "optional" for AWS 2021-01-29 14:02:14 +02:00
Kubernetes Prow Robot 3d39be7721
Merge pull request #10661 from hakman/etcd-manager-defaults 
Update AWS etcd-manager volumes defaults
 2021-01-28 22:01:41 -08:00
Ciprian Hacman ca408f7e8f Set default volume type to "gp3" for etcd-manager volumes in AWS 2021-01-27 06:23:27 +02:00
Justin SB 1d76a15f69 Set the tcp_rmem sysctl in bootstrap script 
This ensures that we're using our settings for downloading nodeup
itself and any assets that nodeup downloads.  This is a workaround for
reported problems with the initial download on some kernels otherwise.

Issue #10206
 2021-01-24 21:50:45 -05:00
Ciprian Hacman d889d61ddb Set default IMDS v2 to "required" for instances in AWS 2021-01-21 11:35:41 +02:00
Ciprian Hacman c8a9b2fb3e Set default volume encryption to "true" for instances in AWS 2021-01-21 11:27:02 +02:00
Ciprian Hacman 18bb14ffed Set default volume type to "gp3" for instances in AWS 2021-01-21 11:27:02 +02:00
Barry Melbourne 337c9c4c66 Set default container runtime to containerd 2021-01-16 14:55:35 +00:00
Ciprian Hacman b0cb0c77d4 Update integration tests for "update cluster" 2021-01-15 15:51:02 +02:00
Ole Markus With afbd057286 Use consistent naming for the remaining SGRs 2021-01-14 12:57:33 +01:00
Bharath Vedartham a8d709acf2 Default cgroup driver to systemd from k8s 1.20 
Currently, kOps uses cgroupfs cgroup driver for the kubelet and CRIs. This PR defaults
the cgroup driver to systemd for clusters created with k8s versions >= 1.20.

Using systemd as the cgroup-driver is the recommended way as per
https://kubernetes.io/docs/setup/production-environment/container-runtimes/
 2021-01-12 20:39:25 +05:30
Ole Markus With 2b3a8f133e Add control-plane node role annotation to cp nodes 
Update docs/releases/1.20-NOTES.md

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-01-08 12:39:42 +01:00
Kubernetes Prow Robot 22a9a13abf
Merge pull request #10488 from rifelpet/iam-role-tag 
AWS IAM Role Tagging
 2020-12-29 22:33:48 -08:00
Ciprian Hacman 01019f09ed Update integration tests 2020-12-28 21:11:34 +02:00
Ciprian Hacman 66039f150e Add containerd option for registry mirrors 2020-12-28 19:32:06 +02:00
Ciprian Hacman c02e5a20ea Remove support for Kubenet with containerd 2020-12-27 18:21:16 +02:00
Peter Rifel 5406744c55
Update integration test output 2020-12-23 15:13:45 -06:00
Ciprian Hacman ff6a782303 Add config options for container runtime package URL and Hash 2020-12-23 13:29:22 +02:00