This should be much easier to start and to get under testing; it only
works with a load balancer, it sets the apiserver into anonymous-auth
allowed, it grants the anonymous auth user permission to read our jwks
tokens. But it shouldn't need a second bucket or anything of that
nature.
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
Use provider-agnostic node definition for cas instead of aws auto-discovery
Validate clusterAutoscalerSpec
Add spec documentation
Add cas docs
Make CRDs
Apply suggestions from code review
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
Add enabled flag to cas config
Apply suggestions from code review
Co-authored-by: Guy Templeton <guyjtempleton@googlemail.com>
Add support for custom cas image
Support more k8s versions
Use full image names
We will be managing cluster addons using CRDs, and so we want to be
able to apply arbitrary objects as part of cluster bringup.
Start by allowing (behind a feature-flag) for arbitrary objects to be
specified.
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
This is causing problems with the Kubernetes 1.19 code-generator.
A nil entry in these slices wouldn't be valid anyways, so this should have no impact.
* Integration test for floatingip cluster
* Implements mocking of floatingIP (only list for now)
* Expands various cloudmocks
* Fixes an NPR in openstack validation
* Fixes a bug where kops tries to use DNS even if the cluster is gossip
Openstack can use floating IPs as master API address. Setting these defauls and using floating ips ends up in a nil pointer error somewhere in the lbaasv2 code
Errors being fixed or ignored:
```
Errors from staticcheck:
cmd/kops/create_cluster.go:740:37: possible nil pointer dereference (SA5011)
cmd/kops/create_cluster.go:736:7: this check suggests that the pointer can be nil
cmd/kops/create_cluster.go:828:30: possible nil pointer dereference (SA5011)
cmd/kops/create_cluster.go:825:7: this check suggests that the pointer can be nil
dns-controller/pkg/dns/dnscontroller.go:585:5: this value of existing is never used (SA4006)
nodeup/pkg/model/kubelet_test.go:67:23: possible nil pointer dereference (SA5011)
nodeup/pkg/model/kubelet_test.go:63:5: this check suggests that the pointer can be nil
pkg/apis/kops/validation/legacy.go:138:97: unnecessary use of fmt.Sprintf (S1039)
pkg/apis/kops/validation/legacy.go:150:112: unnecessary use of fmt.Sprintf (S1039)
upup/pkg/fi/nodeup/nodetasks/update_packages.go:48:9: unnecessary use of fmt.Sprintf (S1039)
cmd/kops-controller/controllers/node_controller.go:89:1: comment on exported method Reconcile should be of the form "Reconcile ..." (ST1020)
dnsprovider/pkg/dnsprovider/dns.go:102:1: comment on exported function ResourceRecordSetsEquivalent should be of the form "ResourceRecordSetsEquivalent ..." (ST1020)
dnsprovider/pkg/dnsprovider/plugins.go:65:1: comment on exported function RegisteredDnsProviders should be of the form "RegisteredDnsProviders ..." (ST1020)
dnsprovider/pkg/dnsprovider/providers/aws/route53/stubs/route53api.go:30:1: comment on exported type Route53API should be of the form "Route53API ..." (with optional leading article) (ST1021)
dnsprovider/pkg/dnsprovider/providers/google/clouddns/internal/stubs/clouddns.go:26:2: comment on exported type Project should be of the form "Project ..." (with optional leading article) (ST1021)
dnsprovider/pkg/dnsprovider/tests/commontests.go:28:1: comment on exported function CommonTestResourceRecordSetsReplace should be of the form "CommonTestResourceRecordSetsReplace ..." (ST1020)
dnsprovider/pkg/dnsprovider/tests/commontests.go:52:1: comment on exported function CommonTestResourceRecordSetsReplaceAll should be of the form "CommonTestResourceRecordSetsReplaceAll ..." (ST1020)
dnsprovider/pkg/dnsprovider/tests/commontests.go:78:1: comment on exported function CommonTestResourceRecordSetsDifferentTypes should be of the form "CommonTestResourceRecordSetsDifferentTypes ..." (ST1020)
pkg/apis/kops/instancegroup.go:318:1: comment on exported type LoadBalancer should be of the form "LoadBalancer ..." (with optional leading article) (ST1021)
pkg/apis/kops/v1alpha2/instancegroup.go:23:1: comment on exported type InstanceGroup should be of the form "InstanceGroup ..." (with optional leading article) (ST1021)
pkg/apis/kops/v1alpha2/networking.go:449:1: comment on exported type LyftVPCNetworkingSpec should be of the form "LyftVPCNetworkingSpec ..." (with optional leading article) (ST1021)
pkg/dns/gossip.go:21:1: comment on exported function IsGossipHostname should be of the form "IsGossipHostname ..." (ST1020)
pkg/kubeconfig/kubecfg_builder.go:47:1: comment on exported function NewKubeconfigBuilder should be of the form "NewKubeconfigBuilder ..." (ST1020)
pkg/kubeconfig/kubecfg_builder.go:82:1: comment on exported method BuildRestConfig should be of the form "BuildRestConfig ..." (ST1020)
pkg/kubeconfig/kubecfg_builder.go:102:1: comment on exported method WriteKubecfg should be of the form "WriteKubecfg ..." (ST1020)
pkg/model/alimodel/context.go:52:1: comment on exported method LinkToNatGateway should be of the form "LinkToNatGateway ..." (ST1020)
pkg/model/domodel/context.go:21:1: comment on exported type DOModelContext should be of the form "DOModelContext ..." (with optional leading article) (ST1021)
pkg/model/gcemodel/autoscalinggroup.go:38:1: comment on exported type AutoscalingGroupModelBuilder should be of the form "AutoscalingGroupModelBuilder ..." (with optional leading article) (ST1021)
pkg/nodeidentity/do/identify.go:51:1: comment on exported method Token should be of the form "Token ..." (ST1020)
pkg/resources/aws/aws.go:1560:1: comment on exported function ListELBV2s should be of the form "ListELBV2s ..." (ST1020)
pkg/resources/digitalocean/cloud.go:47:1: comment on exported method Token should be of the form "Token ..." (ST1020)
pkg/resources/spotinst/spotinst.go:84:1: comment on exported function NewInstanceGroup should be of the form "NewInstanceGroup ..." (ST1020)
protokube/pkg/gossip/dns/dns.go:29:1: comment on exported const DefaultZoneName should be of the form "DefaultZoneName ..." (ST1022)
protokube/pkg/gossip/mesh/mesh.pb.go:421:4: this value of iNdEx is never used (SA4006)
protokube/pkg/protokube/openstack_volume.go:53:1: comment on exported type OpenstackVolumes should be of the form "OpenstackVolumes ..." (with optional leading article) (ST1021)
upup/pkg/fi/assetstore.go:132:1: comment on exported method AddForTest should be of the form "AddForTest ..." (ST1020)
upup/pkg/fi/cloudup/alitasks/disk.go:128:1: comment on exported method RenderALI should be of the form "RenderALI ..." (ST1020)
upup/pkg/fi/cloudup/alitasks/eip_natgateway_association.go:34:1: comment on exported type EIP should be of the form "EIP ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/alitasks/loadbalancer.go:169:1: comment on exported method RenderALI should be of the form "RenderALI ..." (ST1020)
upup/pkg/fi/cloudup/alitasks/loadbalancerlistener.go:33:1: comment on exported type LoadBalancerListener should be of the form "LoadBalancerListener ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/alitasks/loadbalancerlistener.go:106:1: comment on exported method RenderALI should be of the form "RenderALI ..." (ST1020)
upup/pkg/fi/cloudup/alitasks/natgateway.go:30:1: comment on exported type NatGateway should be of the form "NatGateway ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/alitasks/securitygroup.go:32:1: comment on exported const SecurityResource should be of the form "SecurityResource ..." (ST1022)
upup/pkg/fi/cloudup/alitasks/sshkey.go:33:1: comment on exported type SSHKey should be of the form "SSHKey ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/alitasks/vpc.go:30:1: comment on exported type VPC should be of the form "VPC ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/alitasks/vswitch.go:31:1: comment on exported type VSwitch should be of the form "VSwitch ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/alitasks/vswitchSNAT.go:31:1: comment on exported type VSwitchSNAT should be of the form "VSwitchSNAT ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/aliup/ali_cloud.go:50:1: comment on exported var KubernetesKopsIdentity should be of the form "KubernetesKopsIdentity ..." (ST1022)
upup/pkg/fi/cloudup/awstasks/dhcp_options.go:33:1: comment on exported type DHCPOptions should be of the form "DHCPOptions ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/dnsname.go:33:1: comment on exported type DNSName should be of the form "DNSName ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/ebsvolume.go:32:1: comment on exported type EBSVolume should be of the form "EBSVolume ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/external_load_balancer_attachment.go:31:1: comment on exported type ExternalLoadBalancerAttachment should be of the form "ExternalLoadBalancerAttachment ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/external_target_group_attachment.go:32:1: comment on exported type ExternalTargetGroupAttachment should be of the form "ExternalTargetGroupAttachment ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/iaminstanceprofile.go:34:1: comment on exported type IAMInstanceProfile should be of the form "IAMInstanceProfile ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/iaminstanceprofilerole.go:32:1: comment on exported type IAMInstanceProfileRole should be of the form "IAMInstanceProfileRole ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/iamoidcprovider.go:32:1: comment on exported type IAMOIDCProvider should be of the form "IAMOIDCProvider ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/iamrole.go:38:1: comment on exported type IAMRole should be of the form "IAMRole ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/iamrolepolicy.go:37:1: comment on exported type IAMRolePolicy should be of the form "IAMRolePolicy ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/internetgateway.go:30:1: comment on exported type InternetGateway should be of the form "InternetGateway ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/launchtemplate_target_cloudformation.go:150:1: comment on exported method CloudformationVersion should be of the form "CloudformationVersion ..." (ST1020)
upup/pkg/fi/cloudup/awstasks/load_balancer.go:39:1: comment on exported type LoadBalancer should be of the form "LoadBalancer ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/load_balancer_attachment.go:32:1: comment on exported type LoadBalancerAttachment should be of the form "LoadBalancerAttachment ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/natgateway.go:32:1: comment on exported type NatGateway should be of the form "NatGateway ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/route.go:31:1: comment on exported type Route should be of the form "Route ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/routetable.go:31:1: comment on exported type RouteTable should be of the form "RouteTable ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/routetableassociation.go:31:1: comment on exported type RouteTableAssociation should be of the form "RouteTableAssociation ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/securitygroup.go:33:1: comment on exported type SecurityGroup should be of the form "SecurityGroup ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/securitygrouprule.go:34:1: comment on exported type SecurityGroupRule should be of the form "SecurityGroupRule ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/sshkey.go:34:1: comment on exported type SSHKey should be of the form "SSHKey ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/subnet.go:32:1: comment on exported type Subnet should be of the form "Subnet ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/vpc.go:33:1: comment on exported type VPC should be of the form "VPC ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/vpc_dhcpoptions_association.go:30:1: comment on exported type VPCDHCPOptionsAssociation should be of the form "VPCDHCPOptionsAssociation ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awstasks/vpccidrblock.go:29:1: comment on exported type VPCCIDRBlock should be of the form "VPCCIDRBlock ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/awsup/aws_cloud.go:58:1: comment on exported const ClientMaxRetries should be of the form "ClientMaxRetries ..." (ST1022)
upup/pkg/fi/cloudup/awsup/status.go:44:1: comment on exported method FindClusterStatus should be of the form "FindClusterStatus ..." (ST1020)
upup/pkg/fi/cloudup/dotasks/droplet.go:32:1: comment on exported type Droplet should be of the form "Droplet ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/dotasks/loadbalancer.go:35:1: comment on exported type LoadBalancer should be of the form "LoadBalancer ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/dotasks/volume.go:32:1: comment on exported type Volume should be of the form "Volume ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/gcetasks/address.go:29:1: comment on exported type Address should be of the form "Address ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/gcetasks/instance.go:33:1: comment on exported type Instance should be of the form "Instance ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/gcetasks/instancegroupmanager.go:29:1: comment on exported type InstanceGroupManager should be of the form "InstanceGroupManager ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/gcetasks/instancetemplate.go:35:1: comment on exported const InstanceTemplateNamePrefixMaxLength should be of the form "InstanceTemplateNamePrefixMaxLength ..." (ST1022)
upup/pkg/fi/cloudup/gcetasks/network.go:30:1: comment on exported type Network should be of the form "Network ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/gcetasks/subnet.go:30:1: comment on exported type Subnet should be of the form "Subnet ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/floatingip.go:32:1: comment on exported type FloatingIP should be of the form "FloatingIP ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/instance.go:32:1: comment on exported type Instance should be of the form "Instance ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/lb.go:34:1: comment on exported type LB should be of the form "LB ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/lblistener.go:30:1: comment on exported type LBListener should be of the form "LBListener ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/lbpool.go:28:1: comment on exported type LBPool should be of the form "LBPool ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/network.go:28:1: comment on exported type Network should be of the form "Network ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/poolassociation.go:30:1: comment on exported type PoolAssociation should be of the form "PoolAssociation ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/port.go:29:1: comment on exported type Port should be of the form "Port ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/router.go:28:1: comment on exported type Router should be of the form "Router ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/routerinterface.go:29:1: comment on exported type RouterInterface should be of the form "RouterInterface ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/securitygroup.go:31:1: comment on exported type SecurityGroup should be of the form "SecurityGroup ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/servergroup.go:30:1: comment on exported type ServerGroup should be of the form "ServerGroup ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/sshkey.go:31:1: comment on exported type SSHKey should be of the form "SSHKey ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/subnet.go:29:1: comment on exported type Subnet should be of the form "Subnet ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/openstacktasks/volume.go:28:1: comment on exported type Volume should be of the form "Volume ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/spotinsttasks/elastigroup.go:42:1: comment on exported type Elastigroup should be of the form "Elastigroup ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/spotinsttasks/launch_spec.go:37:1: comment on exported type LaunchSpec should be of the form "LaunchSpec ..." (with optional leading article) (ST1021)
upup/pkg/fi/cloudup/spotinsttasks/ocean.go:39:1: comment on exported type Ocean should be of the form "Ocean ..." (with optional leading article) (ST1021)
upup/pkg/fi/context.go:249:1: comment on exported function NewExistsAndWarnIfChangesError should be of the form "NewExistsAndWarnIfChangesError ..." (ST1020)
upup/pkg/fi/context.go:256:1: comment on exported method Error should be of the form "Error ..." (ST1020)
upup/pkg/fi/fitasks/keypair.go:31:1: comment on exported type Keypair should be of the form "Keypair ..." (with optional leading article) (ST1021)
upup/pkg/fi/fitasks/keypair.go:55:1: comment on exported method CheckExisting should be of the form "CheckExisting ..." (ST1020)
upup/pkg/fi/fitasks/managedfile.go:29:1: comment on exported type ManagedFile should be of the form "ManagedFile ..." (with optional leading article) (ST1021)
upup/pkg/fi/fitasks/mirrorkeystore.go:25:1: comment on exported type MirrorKeystore should be of the form "MirrorKeystore ..." (with optional leading article) (ST1021)
upup/pkg/fi/fitasks/mirrorsecrets.go:26:1: comment on exported type MirrorSecrets should be of the form "MirrorSecrets ..." (with optional leading article) (ST1021)
upup/pkg/fi/fitasks/secret.go:25:1: comment on exported type Secret should be of the form "Secret ..." (with optional leading article) (ST1021)
upup/pkg/fi/fitasks/secret.go:33:1: comment on exported method CheckExisting should be of the form "CheckExisting ..." (ST1020)
upup/pkg/fi/resources.go:248:1: comment on exported method AsBytes should be of the form "AsBytes ..." (ST1020)
upup/pkg/kutil/import_cluster.go:680:1: comment on exported function GetInstanceUserData should be of the form "GetInstanceUserData ..." (ST1020)
```
This requires passing a cloud object in additional places throughout the validation package and originating mostly from cmd/kops
This means that some kops commands now require valid cloud provider credentials, but I don't think this is an issue because the vast majority of use-cases already require the same cloud provider credentials in order to interact with the state store.
The mixed instance policy is also useful for spot instances, and
generally overriding the instances doesn't seem to be required.
Also both 0 and 1 instance type overrides appear to be supported by
AWS.
Adding support for 'secret-name' flag
Adding instructions to enable encryption
Updating docs for cli
Addressing comments
Adding ciliumpassword subcommand to 'kops create secret'
Updating command to generate ciliumpassword secret
kube-apiserver doesn't expose the healthcheck via a dedicated
endpoint, instead relying on anonyomous-access being enabled. That
has previously forced us to enable the unauthenticated endpoint on
127.0.0.1:8080.
Instead we now run a small sidecar container, which
proxies /healthz and /readyz requests (only) adding appropriate
authentication using a client certificate.
This will also enable better load balancer checks in future, as these
have previously been hampered by the custom CA certificate.
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
Chris Loukas