This PR adds the base tags to DHCP Options, IGW, and Route Tables.
These components are not tagged correctly, and this can cause issues
with deletion. Name tags are not added to shared resources, as we allow
shared resources to have maintained names. A owned/shared tags with the
syntax "kubernetes.io/cluster/$CLUSTERNAME" = "owned" is added to the
resources as well. We are maintaining the Name tag value for private
route tables, as these resources do not use the standard value.
This PR implmenents a new custom error that is returned when a task
lifecycle set to fi.LifecycleExistsAndWarnIfChanges. This will allow
a task to to fail validation, but the task is marked as completed and
the error is cleared.
The current implementation when Etcd TLS was added does not support using calico as the configuration and client certificates are not present. This PR updates the calico manifests and adds the distribution of the client certificate
Weave limits the number of connections between peers and the default is 30.
As described here: ce9c5162bd/site/kubernetes/kube-addon.md
Setting the CONN_LIMIT environment variable controls this setting. Adding a field in the
WeaveNetworkingSpec and adding the env var to the associated templates lets users
have clusters larger than 30 nodes and still use weave's peer discovery
The weave authors have indicated that 100 is not an unreasonable setting.
https://github.com/weaveworks/weave/issues/1621#issuecomment-152713060
Because the primary use-case is S3-style stores, we haven't really used
directories. If we have a use-case, we can always pass a boolean
parameter or create an alternative function.
We previously needed them to allow list operations; however we now use a
keyset.yaml file instead of listing keys. That should be the sole use,
so we should no longer need this permission.
If not, we can re-enable the code easily.
Automatic merge from submit-queue.
Force nodeup to use the bundle
We disable fallback entirely for nodeup, so we can still share code, but
won't accidentally be using the wrong code path.
Builds on #3839
Automatic merge from submit-queue.
Fix null pointer issues when custom PROTOKUBE_IMAGE is specified.
When setting a custom protokube location via the environment variable `PROTOKUBE_IMAGE`, this appeared to not be getting set properly at the time of applying Cluster updates (via `kops update cluster ${KOPS_CLUSTER_NAME} --yes`), resulting in a runtime exception.
This PR resolves the above issue, so cluster updates are correctly applied with reference to a custom protokube image location (if provided).
This avoids the need to list directories, which is problematic on GCE.
It also makes for a more consistent experience; we can move nodeup to
use the bundle always, and we can move writing to the Mirror task, so
that VFS & kops-server are more similar.
Automatic merge from submit-queue.
Refactor VFS CA store to reuse keyset from clientset
This ensures the two behave more similarly, but also will help us parse a
serialized keyset.
Builds on #3836
Automatic merge from submit-queue.
Refactor: clean up SecretStore to not use KeystoreItem
More moving to use API objects, except in this case we eventually want to
deprecate SecretStore entirely.
Builds on #3833
Automatic merge from submit-queue.
Add --subnets and --utility-subnets to kops create cluster
This change adds two new options to `kops create cluster`
When specifying `--vpc`, `--subnets` can be specified as an unordered array of subnet ids. Kops will then look up the zones of the subnets to find which zone to add the subnet id to.
If `--topology private` is also specified, `--utility-subnets` can similarly be specified.
~If a zone was specified but a subnet wasn't given that matches the zone, then the subnet will be allocated a CIDR with the current behaviour.~ This case fails validation here 7bd0a6a703/pkg/apis/kops/validation/validation.go (L151)
I can add unit tests and docs changes if required, but I am keen to get feedback before I proceed much further.
I have only added support for AWS.
I have tested this by running a command similar to this:
```bash
kops create cluster \
--zones=us-east-1a,us-east-1b,us-east-1c \
--topology private \
--master-zones=us-east-1a,us-east-1b,us-east-1c \
--vpc $vpc_id \
--subnets subnet-111111,subnet-222222,subnet-333333 \
--utility-subnets subnet-444444,subnet-555555,subnet-666666 \
$cluster_hosted_zone_name
```
And the cluster spec was as expected.
Automatic merge from submit-queue.
work on using files assets
Basic MVP for file assests.
- using file assest builder
- able to upload files
- using URL structs instead of strings everywhere
Mike Splain
Justin Santa Barbara
k8s-ci-robot
Rohith
chrislovecnm
Seth Pollack
Tim Hockin
Manabu Sakai
Ilya Dmitrichenko
Kenji Kaneda
Caleb Gilmour
Chris Phillips
Albert
wlan0
Martyn Ranyard
Johannes Würbach
Dennis Webb
Jeff Grafton
Blake
Kashif Saadat
Otto Yiu
Kubernetes Submit Queue
Peter Whitesell
Manuel de Brito Fontes
Raúl Cuza