kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,024 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

425 Commits

Author SHA1 Message Date
Ripta Pasay dfa4190cb5 Add --enable-admission-plugins API server flag, deprecating --admission-control in v1.10 2018-05-29 16:42:23 -07:00
k8s-ci-robot ad60dbd63d
Merge pull request #5178 from dims/patch-1 
Add a FIXME and don't log about insecure ports
 2018-05-26 14:22:41 -07:00
k8s-ci-robot e323fa918f
Merge pull request #5126 from justinsb/optional_etcd_manager 
Support (optional) etcd-manager
 2018-05-25 15:45:32 -07:00
Justin Santa Barbara ba87c36f73 Support (optional) etcd-manager 2018-05-25 16:01:22 -04:00
Davanum Srinivas 3e075fcab5
Add a FIXME and don't log about insecure ports 
Thanks to @craigtracey for spotting this.
 2018-05-25 09:35:06 -07:00
Rohith de977e627e Customize KubeDNS 
This PR adds the ability for users to customize the kubedns upstream nameservers and provider stubdomains, as per [here](https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/)
 2018-05-13 17:08:56 +01:00
andrewsykim 2b325be8cf digitalocean: don't set --cloud-provider=external on control plane starting v1.10 2018-04-16 18:19:38 -04:00
James McMinn 458f59d5d8 Add dnsmasq parameteres to kubeDNS config 2018-04-06 09:09:54 +10:00
andrewsykim 54bee09f47 digitalocean: add kubelet hostname override 2018-04-03 01:16:50 -04:00
k8s-ci-robot fc1bed4353
Merge pull request #4224 from nebril/cilium-support 
Add Cilium as CNI plugin
 2018-03-26 07:49:02 -07:00
Justin Santa Barbara 2bccf880d2 etcd-quorum-read flag: explicitly default to off for v2 
Kubernetes 1.9 changed the default for etcd-quorum-read flag value to
true, in the hope of fixing some of the edge-case controller issues.

However, while this is cheap on etcd3, that fix was not backported to
etcd2, and performance there of quorum reads is poor.

For non-HA clusters with etcd2, it still goes through raft, but does not
need to - we set etcd-quorum-read to false, as this is just a missed
optimization in etcd2.

For HA clusters with etcd2, it's trickier, but at least for now we're
going to avoid the (crippling) performance regression.  kops 1.10 should
have etcd-manager (allowing upgrades to etcd3), and the ability to
configure IOPS on the etcd volume, so we can revisit this in 1.10 /
1.11.
 2018-03-25 19:08:05 -04:00
Maciej Kwiek ed67c013f5 Validate etcd and k8s version for Cilium 
Signed-off-by: Maciej Kwiek <maciej@covalent.io>
 2018-03-20 13:08:39 +01:00
Maciej Kwiek bca52dede9 Add Cilium as CNI plugin 
Signed-off-by: Maciej Kwiek <maciej@covalent.io>
 2018-03-20 13:07:26 +01:00
Justin Santa Barbara b2fa0bfa09
Merge pull request #4443 from zacblazic/update-default-docker-in-k8s-1.8 
Set the default docker for kubernetes 1.9 to 17.03.2
 2018-02-28 00:23:18 -05:00
k8s-ci-robot 0ab8b57c2a
Merge pull request #4493 from justinsb/vfs_streaming 
VFS: WriteFile takes an io.ReadSeeker
 2018-02-26 15:50:45 -08:00
Zac Blazic 935251413c
Set the default docker for kubernetes 1.9 to 17.03.02 
As 17.03.2 has been validated for 1.8 and 1.9.
 2018-02-26 19:11:18 +02:00
Zac Blazic 2518b3b656
Revert default docker version for kubernetes 1.8 back to 1.13.1 2018-02-26 19:10:23 +02:00
Mike Splain 45a57915e2 Fix bazel deprecation notice 2018-02-26 09:36:13 -05:00
Justin Santa Barbara 412cf377c2 VFS: WriteFile takes an io.ReadSeeker 
Means we don't have to buffer big files in memory, in combination with
WriteTo for reading.
 2018-02-26 09:09:17 -05:00
chrislovecnm fe790df0ce fixing bazel files to pass CI 2018-02-23 17:36:43 -07:00
Justin Santa Barbara c74f956697 Add test for image name remap 2018-02-22 21:42:41 -08:00
Justin Santa Barbara b68f58d746 Change NewAssetBuilder to take a kops.Cluseter 2018-02-22 21:42:40 -08:00
Justin Santa Barbara dde7600dae Initial support for standalone etcd-manager backups 
The etcd-manager will (ideally) take over etcd management.  To provide a
nice migration path, and because we want etcd backups, we're creating a
standalone image that just backs up etcd in the etcd-manager format.

This isn't really ready for actual usage, but should be harmless because
it runs as a sidecar container.
 2018-02-20 20:06:08 -05:00
Tim Hockin 79d5f793e7 Convert registry to k8s.gcr.io 2018-02-14 10:08:41 -08:00
Zac Blazic 32a7f770b8
Set the default docker for kubernetes 1.8 to 17.03.02 
Since 17.03.2 has been validated for 1.8 and GKE are now using
it in their COS images, I think it's a better default than 1.13.1.
 2018-02-14 18:34:01 +02:00
zhangxiaoyu-zidif 30b10cb1c8 modify check require-kubeconfig 2018-01-30 17:53:16 +08:00
k8s-ci-robot cbf16fd6e2
Merge pull request #4245 from ottoyiu/etcd-override 
Allow image override for etcd
 2018-01-26 10:11:33 -08:00
k8s-ci-robot b68ff3893f
Merge pull request #4308 from justinsb/stop_specifying_require_kubeconfig 
Don't specify require-kubeconfig from 1.10
 2018-01-23 15:44:01 -08:00
Justin Santa Barbara 4dccf6d56d Don't specify require-kubeconfig from 1.10 
Should fix https://github.com/kubernetes/kubernetes/pull/58367
 2018-01-20 17:57:58 -05:00
Blake e37be9a88c Update list of AdmissionControllers for k8s 1.9 2018-01-18 13:40:23 -08:00
Otto Yiu 2b12b59d75 add ability to override etcd image and update apimachinery generated files from EtcdClusterSpec changes 2018-01-10 13:39:07 -08:00
chrislovecnm 4dd3bb1dea Updating bazel BUILD files with new go_rules version 2017-12-29 15:03:14 -07:00
Kubernetes Submit Queue 15c7d61dfb
Merge pull request #3997 from aledbf/amazon-vpc-cni 
Automatic merge from submit-queue.

Add support for Amazon VPC CNI plugin

TODO:
- [x] IAM perms so that the CNI provider only has perms for the nodes in the cluster
- [x] Cleanup of security groups
- [ ] Replace image aledbf/k8s-ec2-srcdst:v0.1.0-5 with the official after https://github.com/ottoyiu/k8s-ec2-srcdst/pull/5 and https://github.com/ottoyiu/k8s-ec2-srcdst/pull/6
 2017-12-17 21:41:13 -08:00
chrislovecnm 7057aaf1bb Enabling the file assets 
File assets and the SHA files are uploaded to the new location. Files
when are users uses s3 are upload public read only. The copyfile task
uses only the existing SHA value.

This PR include major refactoring of the use of URLs.  Strings are no
longer categnated, but converted into a URL struct and path.Join is
utlilized.

A new values.go file is included so that we can start refactoring more
code out of the "fi" package.

A
 2017-12-17 15:26:57 -07:00
Manuel de Brito Fontes 2e05dd17aa Add support for Amazon VPC CNI plugin 2017-12-17 18:08:24 -03:00
Kubernetes Submit Queue ac7ae3fd58
Merge pull request #3809 from rdrgmnzs/hostnameOverride_use_hostname 
Automatic merge from submit-queue.

Let a user set a hostnameOverride when the cloud provider is aws.

Let a user use the hostname or set a hostnameOverride when the cloud provider is aws. This would allow for a more descriptive name to be used. The name of the hosts when using @hostname can be set by using a hook or some other method.
 2017-12-13 17:46:21 -08:00
zengchen1024 f9c98c3b4c add openstack cloud provider 2017-11-13 16:59:24 +08:00
Rodrigo Menezes 255305b8ef Let a user use the hostname or set a hostnameOverride when the cloud provider is aws 2017-11-08 23:59:21 -08:00
chrislovecnm 609e268a1d gazelle updates with new bazel version 2017-11-05 17:41:53 -07:00
chrislovecnm 9647b1d349 deprecated API values that are no longer used with kube-dns 2017-11-04 22:15:48 -06:00
chrislovecnm 1e418c3e13 more goimport updates 2017-11-04 10:03:02 -06:00
chrislovecnm 8d1ee1fa16 updating files for goimports 2017-11-01 12:51:43 -06:00
Manatsawin Hanmongkolchai a708919bf4 Generate scheduler policy by dynamic cluster addons 2017-10-27 08:56:07 +07:00
chrislovecnm 4de78b0055 setting up etcd to use asset builder for its container 2017-10-26 17:25:50 -06:00
Kubernetes Submit Queue 8df13bd468 Merge pull request #3679 from justinsb/support_api_aggregation 
Automatic merge from submit-queue.

Initial aggregation work

Create the keypairs, which are supposed to be signed by a different CA.
    
Set the `--requestheader-...` flags on apiserver.
    
Fix #3152
Fix #2691
 2017-10-24 12:08:27 -07:00
Justin Santa Barbara a879521ba3 Initial aggregation support 
Create the keypairs, which are supposed to be signed by a different CA.

Set the `--requestheader-...` flags on apiserver.

Fix #3152
Fix #2691
 2017-10-22 14:41:38 -04:00
wlan0 d3143ec3cc add Cloud Controller Manager addon 2017-10-19 12:33:44 -07:00
Justin Santa Barbara 19677523c0 Mock kops version in tests 
This avoids having to update the tests every time our version changes.
 2017-10-10 11:11:57 -04:00
Manatsawin Hanmongkolchai a06fbbac79 Added documentation that PolicyConfigMap should not be used during cluster creation 2017-10-10 09:33:48 +07:00
Manatsawin Hanmongkolchai c00f5ea9a7 Added error when trying to use kube-scheduler policyConfigMap before Kube 1.7.x 2017-10-10 09:10:05 +07:00
Justin Santa Barbara cc559dc373 Map docker 1.13.1 & 17.03.2, default 1.8 to 1.13.1 
Kubernetes 1.8 is validated with 1.13.1 and 17.03.2.

For 1.8, the default should be 1.13.1
 2017-10-03 19:04:20 -04:00
Justin Santa Barbara 0143be7c4f autogen: BUILD and BUILD.bazel 2017-10-02 14:27:21 -04:00
Justin Santa Barbara 3478031533 API types changed package 2017-10-01 14:03:56 -04:00
Kubernetes Submit Queue fc3716677a Merge pull request #3345 from andreychernih/enable-critical-feature-gate 
Automatic merge from submit-queue. .

Enable ExperimentalCriticalPodAnnotation feature gate

Otherwise, it is possible that critical system components will be evicted

https://github.com/kubernetes/kops/issues/3194
https://github.com/kubernetes/kubernetes/issues/51432
 2017-09-24 21:59:49 -07:00
Justin Santa Barbara 45032502c6 baremetal: fill out more of the baremetal mappings 
This gets us to the point where we can create the objects.
 2017-09-22 23:03:07 -04:00
Andrey Chernih b3acc4b5f8 Merge branch 'master' into enable-critical-feature-gate 2017-09-18 20:05:22 -07:00
Andrey Chernih 56553c5971 Add ability to override feature gates and check version 2017-09-18 20:04:54 -07:00
Caleb Gilmour 79d331e590 Add support for Romana as a networking option 2017-09-13 22:48:18 +00:00
Andrey Chernih 11c702ea0c Enable ExperimentalCriticalPodAnnotation feature gate 
Otherwise, it is possible that critical system components will be
evicted

https://github.com/kubernetes/kops/issues/3194
https://github.com/kubernetes/kubernetes/issues/51432

Closes #3194
 2017-09-05 21:28:13 -07:00
Justin Santa Barbara 4d52a7c9e6 Add Initializers admission controller 
Also sync up Admission controllers with current default sets for 1.7 &
1.8
 2017-08-27 20:53:57 -04:00
georgebuckerfield 58960f39cd Move etcd config for apiserver into code, set cloud provider for Digital Ocean to external 2017-08-26 08:23:19 +01:00
georgebuckerfield ff7f60dc35 Initial work on moving apiserver templates into code 2017-08-26 00:32:28 +01:00
Kubernetes Submit Queue 2d7fb51c2a Merge pull request #3025 from chrislovecnm/mapping-and-uploading-kubernetes-assets 
Automatic merge from submit-queue

inventory assets - mapping and uploading kubernetes containers
 2017-08-22 19:15:31 -07:00
andrewsykim 0411ba270e Create cluster requirements for DigitalOcean 2017-08-22 09:01:19 -04:00
chrislovecnm 2afdb5ab2e mapping-and-uploading-kube-assets 2017-08-21 15:16:56 -06:00
Rohith 7cd214266a Requested Changes - Etvd v3 
- removing the StorageType on the etcd cluster spec (sticking with the Version field only)
- changed the protokube flag back to -etcd-image
- users have to explicitly set the etcd version now; the latest version in gcr.io is 3.0.17
- reverted the ordering on the populate spec
 2017-08-11 21:08:09 +01:00
Rohith f3e98af217 Etcd V3 Support 
The current implementation is running v2.2.1 which is two year old and end of life. This PR add the ability to use etcd and set the versions if required. Note at the moment the image is still using the gcr.io registry image. As note, much like TLS their presently is not 'automated' migration path from v2 to v3.

- the feature is gated behine the storageType of the etcd cluster, bot clusters events and main must use the same storage type
- the version for v2 is unchanged and pinned at v2.2.1 with v2 using v3.0.17
- @question: we shoudl consider allowing the use to override the images though I think this should be addresses more generically, than one offs here and then. I know chris is working on a asset registry??
 2017-08-11 21:04:31 +01:00
Justin Santa Barbara 0115ece62d Remap pause image through our AssetBuilder 2017-07-22 00:35:37 -04:00
Justin Santa Barbara c9cec3b3d2 kube-proxy: set hostname-override on AWS 
So that it matches the Node.Name

Fix #2915
 2017-07-14 10:31:07 -04:00
Chris Love 20535248b4 Merge pull request #2773 from justinsb/authn_integration 
Initial support for authentication (kopeio)
 2017-07-06 14:11:22 -06:00
Justin Santa Barbara 7c8dcc4a0d Code changes for 1.7 2017-07-02 13:10:28 -04:00
Justin Santa Barbara 752150ef22 Initial support for authentication (kopeio) 
Still experimental, so not doing a flag yet.
 2017-06-20 00:15:39 -04:00
Justin Santa Barbara d2df318ecc Move CloudProvider to kops API 
This avoids a circular reference when breaking up the fi package
 2017-06-17 16:27:07 -04:00
Justin Santa Barbara 8fb99a87e2 Merge pull request #2680 from murali-reddy/kube-router 
add support for kube-router as CNI networking provider
 2017-06-16 10:37:49 -04:00
Murali Reddy e872dbcb86 add support for kube-router as CNI networking provider 
fixes #2606

Most part of the changes are similar to current supported CNI networking
provider. Kube-router also support IPVS bassed service proxy which can
be used as replacement for kube-proxy. So the manifest for kube-router
included with this patch enables kube-router to provide pod-to-pod
networking, IPVS based service proxy and ingress pod firewall.
 2017-06-09 17:01:31 +05:30
chrislovecnm 9b4a86a616 tweak to log level 2017-05-19 20:19:05 -06:00
Chris Love d135085e54 Merge pull request #2447 from justinsb/deprecate_babysit_daemons 
Remove babysit-daemons flag from 1.7
 2017-05-08 08:36:53 -06:00
Justin Santa Barbara 42ea0d4770 Remove babysit-daemons flag from 1.7 2017-04-27 01:47:39 -04:00
Abrar Shivani 5889814c90 Support for vSphere Cloud Provider 2017-04-20 23:33:21 -07:00
SandeepPissay 3ed60bd708 Fixed the formatting and added copyright headers to new files 2017-04-20 23:31:49 -07:00
SandeepPissay 82f9f0668d vsphere initial support. 2017-04-20 23:31:21 -07:00
Chris Love c5daf400ba Merge pull request #2283 from justinsb/docker_1_12_6 
Update to docker 1.12.6 for k8s 1.6
 2017-04-06 13:34:28 -06:00
Chris Love 72754d896e Merge pull request #2105 from justinsb/kopeio_networking_no_configure_cloud_routes 
kopeio networking should not set configure-cloud-routes
 2017-04-06 13:29:50 -06:00
Justin Santa Barbara bc0063e1cb Update to docker 1.12.6 for k8s 1.6 2017-04-04 01:24:49 -04:00
Justin Santa Barbara db5e435c55 Merge pull request #2233 from justinsb/authorization_flag 
Add authorization flag to kops create
 2017-03-29 19:31:52 -04:00
Justin Santa Barbara c9f412f0c8 Add authorization flag 
Also add AlwaysAllow to the schema
 2017-03-29 13:53:06 -04:00
Chris Love f63c52c425 Merge pull request #2225 from justinsb/use_kcm_serviceaccounts 
Set --use-service-account-credentials for 1.6
 2017-03-29 10:50:42 -06:00
Justin Santa Barbara 19db8b37a0 Set --use-service-account-credentials for 1.6 2017-03-29 11:42:24 -04:00
Justin Santa Barbara 736a51d2ef Enable insecure port after all 
Temporary workaround for
https://github.com/kubernetes/kubernetes/issues/43784 until we can find
a better solution.
 2017-03-28 23:47:18 -04:00
Justin Santa Barbara 8b965a0ad9 Disable insecure port for apiserver 
All components need a kubeconfig
 2017-03-28 21:26:17 -04:00
Justin Santa Barbara 4c28bd30e4 Enable RBAC on 1.6 2017-03-28 20:14:13 -04:00
Justin Santa Barbara eecf22d593 Merge pull request #2206 from justinsb/kubeproxy_to_code 
Move kubeproxy configuration to code
 2017-03-28 19:51:02 -04:00
Justin Santa Barbara 533efb7c51 Add Authorization / RBAC option to schema 2017-03-28 15:28:54 -04:00
Justin Santa Barbara e2a06a389a Move kubeproxy configuration to code 
Also map kube-proxy ClusterCIDR arg.
 2017-03-28 10:03:17 -04:00
Justin Santa Barbara fea4df5868 Merge pull request #2202 from justinsb/post_2095 
More log options for k8s 1.6
 2017-03-28 01:25:20 -04:00
Justin Santa Barbara 1e9c2cb2d8 Multiple log-opt, log-driver options for docker 
Also only change for 1.6
 2017-03-28 00:53:26 -04:00
Justin Santa Barbara e6fb0a3d67 Move kube-scheduler to code & RBAC 2017-03-28 00:26:59 -04:00
Justin Santa Barbara ae52277272 Update error message for golang style 2017-03-27 10:23:32 -04:00
Justin Santa Barbara b9204e9911 Initial Container-Optimized OS support 
Add initial support for google's container-optimized OS (available on
GCE).
 2017-03-20 23:47:37 -04:00
Justin Santa Barbara c4fe3cbfa0 kopeio networking should not set configure-cloud-routes 2017-03-16 21:48:28 -04:00
Justin Santa Barbara cb4641fea3 Code updates 2017-03-16 02:40:50 -04:00
Justin Santa Barbara 3d14d07616 Support cloud-config on GCE 2017-02-28 20:08:03 -05:00
Justin Santa Barbara 645f330dad Re-enable GCE support 
We move everything to the models.  We feature-flag it, because we
probably want to change the names etc, and we aren't going to be able to
offer smooth upgrades until that is done.
 2017-02-28 20:08:03 -05:00
Michael Taufen c24a017ed5 use --kubeconfig on kubelet instead of --api-servers in post 1.6 clusters 2017-02-27 15:49:11 -08:00
Justin Santa Barbara 363cf2a2aa Update cgroup hierarchies for k8s 1.6 
We're going with a much cleaner cgroup hierarchy for k8s 1.6
 2017-02-20 23:30:33 -05:00
Justin Santa Barbara 55b6d86454 Move more options to code 
User reports of kubelet flags not being passed; moved more to code.

Also found & fixed the likely root-cause issue: we have two copies of
the cluster spec and were not being precise about which one we wanted to
use at all times.
 2017-02-15 13:11:12 -05:00
Matthew Mihok bc235765d1 Adding basic flannel support 2017-02-11 16:26:18 -05:00
Stephen Schlie 991fc5bc7c Integrating Canal (Flannel + Calico) for CNI (#1459) 
* Integrating Canal (Flannel + Calico) for CNI

Initial steps to integrate Canal as a CNI provider for kops

Removed CNI in help as per chrislovecnm

* Integration tests, getting closer to working

- Added some integration tests for Canal
- Finding more places Canal needed to be added
- Sneaking in update to Calico Policy Controller

* Add updated conversion file

* turned back on canal integration tests

* fixed some rebase issues

* Fixed tests and flannel version

* Fixed canal yaml, and some rebasing errors

- Added some env vars to the install-cni container to get the proper
  node name handed off

* Added resource limits

- set resource limits on containers for Canal
- Ran through basic calico tutorials to verify functionality

* Updating Calico parts to Calico 2.0.2
 2017-02-11 11:03:23 -05:00
Justin Santa Barbara 1172fb2b95 Add Eviction flags 
Otherwise we were not evicting based on low inodes

Also add the notion of a flag-default, so we can pass fewer spurious
flags, and gget closer to the component model
 2017-01-31 23:12:35 -05:00
Chris Love 849815b638 Merge pull request #1601 from justinsb/validate_subnet_no_mixing 
validation: Validate we specify ids for all subnets
 2017-01-24 23:01:41 -07:00
Justin Santa Barbara 9e015285f8 validation: Validate we specify ids for all subnets 
Move our validation to the apimachinery style.  And then add a
validation that we specify IDs either for all subnets or no subnets.
 2017-01-24 12:38:52 -05:00
chrislovecnm 2144f43981 updated per review, improving testing 2017-01-23 11:48:42 -07:00
chrislovecnm e7cd49814a Fixing bug and adding more tests 2017-01-23 11:01:31 -07:00
Justin Santa Barbara 35f878c620 Resolve nodes by IP before trying by name 
Fix #1556
 2017-01-20 00:00:26 -05:00
chrislovecnm 2f86c3ae34 Tweaking function comments 2017-01-18 14:17:34 -08:00
chrislovecnm 48a4cd1b91 pr review updates 2017-01-18 12:58:30 -08:00
chrislovecnm 3cabfb25d0 Updates to add new flag used by Kubernetes Controller manager: attach-detach-reconcile-sync-period 2017-01-18 12:29:29 -08:00
Justin Santa Barbara 09cb9b654c Change int to int32 in API 
We shouldn't be using the variable-sized int in the API
 2017-01-15 18:23:44 -05:00
Justin Santa Barbara 09e834849d Specify storage-backend=etcd2 explicitly 
The default may change to etcd3, but we want to stick with etcd2 until
upgrade has been fully vetted.
 2017-01-04 11:27:31 -05:00
Justin Santa Barbara 5c7a1c7138 Don't specify configure-cidr for k8s >= 1.5 2017-01-03 13:06:08 -05:00
Justin Santa Barbara 8f9be902ce Only set PodCIDR on master in <= 1.4 2016-12-28 13:26:45 -05:00
Justin Santa Barbara 3aae164d80 Only specify --configure-cbr0 when running with k8s <= 1.4 2016-12-27 21:09:06 -05:00
Justin Santa Barbara 846b7601db Configure DockerVersion in Docker Spec 
And automatically choose 1.12.3 for k8s >= 1.5, 1.11.2 for < 1.5

Fix #849
 2016-12-20 00:34:40 -05:00
Justin Santa Barbara 132a001a40 Fixes per code review 2016-12-05 02:30:53 -05:00
Justin Santa Barbara d1ea4f969a Make sure we set APIServerCount 
It looks like it got lost in a refactor.  Add a unit test, and move
initialization to code (and have the code self-check as well).

Also we can now have a fairly long code comment about the reasons why
this is such a mess...

Fix #371
 2016-12-05 02:30:53 -05:00