kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,936 Commits 116 Branches 250 Tags 533 MiB
Commit Graph

323 Commits

Author SHA1 Message Date
John Gardiner Myers cd48f10de5 Rename "kops delete keypair" to "kops distrust keypair" 2021-06-24 19:19:43 -07:00
John Gardiner Myers 584aa56b6b Retain deleted keypairs 2021-06-24 19:03:29 -07:00
John Gardiner Myers 5423e18b56 Add 'kops promote keypair' command 2021-06-21 20:58:51 -07:00
John Gardiner Myers c904c743da Remove 'kops import' 2021-06-21 07:34:29 -07:00
John Gardiner Myers 002a1f7fd3 Remove 'kops toolbox convert-imported' 2021-06-21 07:34:29 -07:00
Kubernetes Prow Robot ab0ee8a2a9
Merge pull request #11823 from johngmyers/get-keypairs-2 
Improve the output of 'kops get keypairs'
 2021-06-21 02:19:10 -07:00
John Gardiner Myers 12d536d3a3 Refactor 'kops delete keypair' 2021-06-20 15:09:15 -07:00
John Gardiner Myers 3ca8b95005 Support creating new service-account keypairs 2021-06-20 14:09:24 -07:00
John Gardiner Myers 72ba687744 Split out get, describe, and delete keypairs commands 2021-06-19 13:36:11 -07:00
John Gardiner Myers af74e75382 Allow adding secondary keyset items 2021-06-18 10:41:37 -07:00
John Gardiner Myers 3793c92b94 Remove "secret" from "kops create secret keypair ca" 2021-06-18 10:36:19 -07:00
John Gardiner Myers 1356818d83 Make the AdminAccess default inclusive of IPv6 2021-06-14 21:51:17 -07:00
John Gardiner Myers 76fc012f96 Allow unsetting fields from the command line 2021-06-14 08:52:32 -07:00
John Gardiner Myers e0915887ed Move asset copying out of apply_cluster 2021-06-05 21:17:50 -07:00
John Gardiner Myers 326a4beb49 Don't describe CloudLabels as being AWS-specific 2021-06-01 23:32:22 -07:00
John Gardiner Myers 4c2508b6ec Add "kops get assets" command 2021-05-28 21:33:46 -07:00
John Gardiner Myers 3f24a29cca Change toolbox template flag for consistency 2021-05-27 20:42:16 -07:00
Ciprian Hacman 54961e4ae5 Create new clusters without forcing a container runtime 
Decide which container runtime to use later in model, based on Kubernetes version and other settings.
 2021-05-09 21:43:58 +03:00
Ciprian Hacman 6c284a886b Apply suggestions from code review 2021-04-15 11:42:27 +03:00
Eric Greer 21c6007e71 Update kops_create_secret_dockerconfig.md 
Today we were implementing an authenticated docker user, but it was unclear how exactly to do that.  We learned that simply making this secret within kops was all that was needed for the docker config to start appearing on newly built nodes.  It would be nice if the documentation here reflected that.  It would have saved us some time.
 2021-04-15 11:30:54 +03:00
Justin Santa Barbara e34d9bb579 Expand flag help on --user flags 
It wasn't entirely clear to me that this had to be the name of a user
kubeconfig section.
 2021-03-27 13:41:10 -04:00
Ole Markus With 20bd724f5e Add support for scaling out the control plane with dedicated apiserver nodes 
Ensure apiserver role can only be used on AWS (because of firewalling)

Apply api-server label to CP as well

Consolidate node not ready validation message

Guard apiserver nodes with a feature flag

Rename Apiserver role to APIServer

Add an integration test for apiserver nodes

Rename Apiserver role to APIServer

Enumerate all roles in rolling update docs

Apply suggestions from code review

Co-authored-by: Steven E. Harris <seh@panix.com>
 2021-03-20 20:57:00 +01:00
Barry Melbourne e30bf1cf35 Update Go modules to latest versions 2021-03-14 15:08:27 +00:00
Peter Rifel 2d8bfc040b
Allow SSH user to be overridden for `toolbox dump` 2021-01-28 19:47:22 -06:00
Kubernetes Prow Robot f055dd561c
Merge pull request #10593 from gabrieljackson/set-instancegroup-cmd-redux 
Add `set instancegroup` command
 2021-01-25 05:16:54 -08:00
Gabe Jackson b1282f2591 Correct command help text 2021-01-24 21:19:13 -05:00
Barry Melbourne 337c9c4c66 Set default container runtime to containerd 2021-01-16 14:55:35 +00:00
Gabe Jackson e90050f134 Add `set instancegroup` command 
This change adds a new command and functionality for updating
instance group configuration via command line arguments. This
behavior mimics the `set cluster` command.
 2021-01-15 12:19:26 -05:00
Ole Markus With 5fe948bb5c Add template function for preferred version 2020-12-15 08:53:30 +01:00
Kubernetes Prow Robot 0b5646e94a
Merge pull request #10266 from rifelpet/k8s120 
Update k8s dependencies to 1.20.0-beta.2
 2020-11-18 10:48:07 -08:00
Peter Rifel f78bf5bf5e
regenerate cli docs 2020-11-18 12:02:58 -06:00
Ciprian Hacman 3ca128d5ef make gen-cli-docs 2020-11-14 16:02:59 +02:00
axpraka 3033caa5e7 Update kops as kOps and remove extra spaces from .md files 
- Updated kops as kOps in .md files.
- Remove extra spaces from .md files
 2020-11-13 20:09:51 -05:00
John Gardiner Myers cddd30c184 Update validate cluster cli docs 2020-11-11 09:31:18 -08:00
Christian Joun e91ed11449
Implement API load balancer class with NLB and ELB support on AWS (#9011) 
* refactor TargetLoadBalancer to use DNSTarget interface instead of LoadBalancer

* add LoadBalancerClass fields into api

* make api machinery

* WIP: Implemented API loadbalancer class, allowing NLB and ELB support on AWS for new clusters.

* perform vendoring related tasks and apply fixes identified from hack/

dissallow spotinst + nlb
remove reflection in status_discovery.go
Add precreated additional security groups to the Master nodes in case of NLB
Remove support for attaching individual instances to NLB; only rely on ASG attachments
Don't specify Classic loadbalancer in GCE integration test

* add utility function to the kops model context to make LoadBalancer comparisons simpler

* use DNSTarget interface when locating DNSName of API ELB

* wip: create target group task

* Consolidate TargetGroup tasks

* Use context helper for determining api load balancer type to avoid nil pointers

* Update NLB creation to use target group ARN from separate task rather than creating a TG in-line

* Address staticcheck and bazel failures

* Removing NLB Attachment tasks because they're not used since we switched to defining them as a part of the ASGs

* Address PR review feedback

* Only set LB Class field for AWS clusters, fix nil pointer

* Move target group attributes from NLB task to TG task, removing unused attributes

* Add terraform and cloudformation support for NLBs, listeners, and target groups

* Update integration test for NLB support

* Fix NLB name format to pass terraform validation

* Preserve security group rule names when switching ELB to NLB to reduce destructive terraform changes

* Use elbv2 enums and address some TODOs

* Set healthcheck values in target group

* Find TG tags, fix NLB name detection

* Fix more spurious changes reported by lifecycle integration test

* Fix spotinst validation, more code cleanup

* Address more PR feedback

* ReconcileTargetGroups unit test + more code simplification

* Addressing PR feedback Renaming task 1. awstasks.LoadBalancer -> awstasks.ClassicLoadBalancer

* Addressing PR feedback Renaming task: ELBName() -> CLBName() / LinkToELB() -> LinkToCLB()

* Addressing PR feedback: Various text changes

* fix export of kubecfg

* address TargetGroup should have the same name as the NLB

* should address error when fetching tags due to missing ARN

* Update expected and crds

* Add feature table to NLB docs

* Address more feedback and remove some TODOs that arent applicable anymore

* Update spotinst validation error message

Co-authored-by: Peter Rifel <pgrifel@gmail.com>
 2020-11-02 05:28:52 -08:00
Ciprian Hacman 35d49a40a2 Update shell style for CLI docs for better compatibility 2020-10-28 18:23:23 +02:00
Ciprian Hacman f69ffeaa63 Update cluster and state store names in CLI docs 2020-10-28 18:22:53 +02:00
Justin SB e03bb72c2c Default to exporting a kubecfg, even without credentials 
We do log a hint for the user when we have exported an empty kubecfg,
but this now supports the "current cluster" UX.

Issue #9990
 2020-10-25 14:30:32 -04:00
Derrik Campau ca70ac2203 Fix small typo in create cluster help output 
Fixes typo in cmd/kops/create_cluster.go and
docs/cli/kops_create_cluster.md where example output had filename.yamlh,
changed to filename.yaml
 2020-09-26 14:45:03 -07:00
Ole Markus With c01455cf91 Keep the good part from last attempt 2020-09-01 08:30:03 +02:00
Justin SB 0cda0f5068 Support authentication helper for kubectl 
We create a simple exec plugin command which can create and renew
short-lived admin credentials on the fly, essentially leveraging the
security of the underlying cloud credentials.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-08-30 15:16:20 -04:00
Ole Markus With ff6c04938d Add kops delete instance command 
Add support for deleting instance by k8s node name

Add yes flag
 2020-08-28 08:43:30 +02:00
Peter Rifel d0b8c654bd
Add --internal flag for export kubecfg that targets the internal dns name 
Kops creates an "api.internal.$clustername" dns A record that points to the master IP(s)

This adds a flag that will use that name and force the CA cert to be included.
This is a workaround for client certificate authentication not working on API ELBs with ACM certificates.
The ELB has a TLS listener rather than TCP, so the client certificate is not passed through to the apiserver.
Using --internal will bypass the API ELB so that the client certificate will be passed directly to the apiserver.
This also requires that the masters' security groups allow 443 access from the client which this does not handle automatically.
 2020-08-26 21:15:18 -05:00
Peter Rifel 4d9f0128a3
Upgrade to klog2 
This splits up the kubernetes 1.19 PR to make it easier to keep up to date until we get it sorted out.
 2020-08-16 20:56:48 -05:00
Kubernetes Prow Robot ec8b47d725
Merge pull request #9593 from johngmyers/kubectl-lifetime 
Reduce the lifetime of exported kubecfg credentials
 2020-08-14 19:24:18 -07:00
Brandon Wagner c4e2497a8a change defaults 2020-08-11 15:40:54 -05:00
Brandon Wagner 2d6d7ec4ad update cli docs 2020-08-10 17:13:49 -05:00
Brandon Wagner 602564d26c use byte quantity flag instead of int MiBs for memory args 2020-08-10 16:16:51 -05:00
Brandon Wagner b4bc9b5d56 update cli docs for instance-selector 2020-08-10 16:16:51 -05:00
Brandon Wagner 9d9ca8441e feat toolbox instance-selector implementation 2020-08-10 16:16:51 -05:00
Kubernetes Prow Robot ea2d0da1cc
Merge pull request #8577 from justinsb/dump 
Capture logs from a kops cluster
 2020-08-09 17:18:19 -07:00
Peter Rifel 40a25bd8ba
Expose private key as a flag 2020-07-24 20:15:45 -05:00
Peter Rifel 1faeb36d37
Address feedback and test failures 2020-07-22 22:19:00 -05:00
John Gardiner Myers a45b07c156 Reduce the lifetime of exported kubecfg credentials 2020-07-17 22:39:01 -07:00
Kubernetes Prow Robot 022fec8606
Merge pull request #9471 from johngmyers/ig-per-zone 
Create one nodes instance group per zone
 2020-07-17 12:34:54 -07:00
John Gardiner Myers e9b8e4e39a Create zero-node IGs if more zones than nodes 2020-07-17 11:26:09 -07:00
John Gardiner Myers fbc235a3fe Create one nodes IG per zone 2020-07-17 11:26:09 -07:00
John Gardiner Myers 3201cc4dd8 Require extra flag when updating cluster with downgraded kops version 2020-07-17 11:11:12 -07:00
Kubernetes Prow Robot 6f3c067e5e
Merge pull request #9280 from olemarkus/no-admin 
Specify user on export kubecfg
 2020-07-17 11:00:51 -07:00
Ole Markus With aab5054ffc Add networking provider for using etcd-manager for cilium 
This is the only feasible way of adding the additional etcd cluster for a cilium e2e test
 2020-07-07 21:06:21 +02:00
Peter Rifel 7582109b23
Update AWS VPC CNI docs to use --networking amazonvpc 2020-07-06 17:40:21 -05:00
Ole Markus With 72fd007acf Don't export admin user by default. Allow specifying existing user when exporting context 2020-06-24 19:54:25 +02:00
John Gardiner Myers a76a1cd127 Remove unused model options 2020-06-21 22:37:16 -07:00
Ciprian Hacman 279fd313ec Address review comments 
Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2020-06-20 19:33:42 +03:00
Ciprian Hacman fa9b4ac217 Add master and node image options when creating a cluster 2020-06-19 22:23:05 +03:00
John Gardiner Myers 0d74344a43 Remove the baremetal cloud provider 2020-06-14 10:38:29 -07:00
Ole Markus With 2abded190a Update cmd help text 2020-06-11 08:37:10 +02:00
John Gardiner Myers f9b0415093 Update generated files 2020-06-04 12:13:49 -07:00
Kubernetes Prow Robot c6dcaa8199
Merge pull request #9154 from MoShitrit/issue-9031 
Add support for encryption in Cilium
 2020-06-04 03:11:15 -07:00
Zhou Hao deb90e4ea4 Add example for describe secret 
Signed-off-by: Zhou Hao <zhouhao@cn.fujitsu.com>
 2020-06-02 10:38:34 +08:00
Ole Markus With 7342525872 Remove vsphere from kops files 2020-05-30 13:36:55 +02:00
Zhou Hao 6f1fcf1944 Add example for delete secret 
Signed-off-by: Zhou Hao <zhouhao@cn.fujitsu.com>
 2020-05-29 08:40:29 +08:00
MoShitrit 316a0e2b00 Adding encryption support for Cilium 
Adding support for 'secret-name' flag

Adding instructions to enable encryption

Updating docs for cli

Addressing comments

Adding ciliumpassword subcommand to 'kops create secret'

Updating command to generate ciliumpassword secret
 2020-05-25 01:54:24 -04:00
Ole Markus With 6e04586361 Docs fixes 2020-05-22 08:08:58 +02:00
Ole Markus With 95d2170fa6 Update networking in kops create 
* Remove classic from cli docs. Add missing providers
* Use cilium instead of weave in example since we don't consider weave stable
 2020-05-22 08:08:58 +02:00
Jesse Haka 11eaacd53e validationtimes -> validationcount 2020-04-08 13:55:29 +03:00
Jesse Haka e1e79790ef validate cluster n times in rolling update 2020-04-08 13:55:24 +03:00
eric-hole b3d65ffce0 Adds a gce-service-account flag so you BYO service-account 
Generated code and some cleanup

Not sure where that code went

Tests for service account

fixes case on gceserviceaccount
 2020-04-04 21:15:56 -07:00
Kubernetes Prow Robot 51e8563bd5
Merge pull request #8515 from hakman/validate-wait-consecutive 
Wait for validation to succeed N consecutive times
 2020-03-20 05:02:35 -07:00
John Gardiner Myers 2e920d75c1 Fix command descriptions to match new cluster validation behavior 2020-03-15 17:25:13 -07:00
John Gardiner Myers 33e23166e4 Support the kops.k8s.io/needs-update annotation on nodes 2020-03-09 22:43:09 -07:00
John Gardiner Myers b098e4c4c2 Fix punctuation 2020-03-02 19:11:12 -08:00
Ciprian Hacman ad247a9c75 Wait for validation to succeed N consecutive times 2020-02-21 16:18:04 +02:00
Justin Santa Barbara adf2a5c681
Update cli docs 
klog added a flag (add_dir_header).
 2020-01-17 06:35:22 -05:00
Kubernetes Prow Robot 6978d68e87
Merge pull request #8179 from vvbogdanov87/add-all-export-config 
Add all flag to export cluster command
 2019-12-27 09:30:15 -08:00
Ciprian Hacman 8b15e5b03a Add --container-runtime cli flag 2019-12-22 22:16:04 +02:00
vvbogdanov87 526cdce3c7 Add all flag to export cluster command 2019-12-22 19:46:04 +08:00
Kubernetes Prow Robot db11481e37
Merge pull request #8110 from vvbogdanov87/validate-cluster-kubeconfig 
Add kubeconfig flag to validate cluster command
 2019-12-17 06:41:59 -08:00
eric-hole 4d280e44a6 update gnerated CLI docs as per Pete's typo fix 2019-12-16 20:10:16 -08:00
Eric Hole 8d1d0f6f15
Update docs/cli/kops_create_cluster.md 
Co-Authored-By: Peter Rifel <rifelpet@users.noreply.github.com>
 2019-12-16 16:16:34 -08:00
vvbogdanov87 9befa17496 Generate cli documentation 2019-12-16 19:53:41 +08:00
eric-hole 723abce4e5 Generated code: kops_create_cluster 2019-12-15 23:54:39 -08:00
Josh Branham ff5364b59a Fix gen docs 2019-11-23 19:50:25 -05:00
Jesse Haka 5e3b94ae17 use existing network and subnet 2019-10-27 08:21:25 +02:00
Kubernetes Prow Robot 927094fcda
Merge pull request #7371 from justinsb/kops_validate_now_supports_wait 
Add --wait argument to kops validate
 2019-09-19 11:57:00 -07:00
Jesse Haka d9da911457 run gen docs 2019-08-30 08:22:50 +03:00
Justin SB eb4fe3f8ff
Generate docs 
https://github.com/kubernetes/kubernetes/pull/72137 appears to have
introduced spurious spaces, but I think we can live with it for now.
 2019-08-26 07:54:30 -07:00
Justin SB 6a6bd7d8a0
Add --wait argument to kops validate 
With this argument, kops validate will poll until the timeout expires,
waiting for readiness.  On readiness or on timer expiration, it exits
as if wait was not present.
 2019-08-16 09:50:29 -04:00
Justin SB 9df2e4bbfb
Speed up rolling-update - longer timeout on validation, less scheduled holds 
We reduce the amount of time we wait on a purely scheduled basis
during a rolling-update, and instead increase the timeout on the
validation.

This will be a behavioural change - particularly for `--cloudonly`
mode, but that mode seems more useful when things are going wrong
anyway, when people will likely set _even lower_ timeouts.
 2019-05-16 03:37:35 -07:00
Justin SB 547b5bbbb9
Update CLI docs 2019-05-06 13:44:41 -04:00