kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,939 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

1322 Commits

Author SHA1 Message Date
Ciprian Hacman 0934374fe2 Fix various NLB nits 2020-11-10 17:30:23 +02:00
Peter Rifel 4758ea9f2f
Address feedback 2020-11-09 17:24:32 -06:00
Ciprian Hacman 32658075d3 Fix disabling spot instances when using launch templates 2020-11-08 19:11:45 +02:00
liranp fce6a22755
feat(spot/ocean): configure resource limits 2020-11-07 20:32:51 +02:00
Kubernetes Prow Robot 6a57543f6e
Merge pull request #10179 from olemarkus/sgr-consistent-naming 
Consistent naming of security group rules
 2020-11-07 02:07:37 -08:00
Ole Markus With fab694d290 Add ability to consistently name sgrs 
In order to let kops fully control the rules for each security group we need to be able to generate names from the info in AWS. This is similar to the approach we used for openstack

Update pkg/model/firewall.go

Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>
 2020-11-07 10:27:19 +01:00
Jack Andersen 281e6140d9 Compare KubernetesAPIAccess to OpenStack allowedCIDRs deterministically 2020-11-07 00:29:24 -05:00
Peter Rifel 370092cb5a
Update TG ports rather than protocols when adding/removing ACM certs from listeners 
This also renames the TGs to be more descriptive, with tcp and tls prefixes.
 2020-11-06 11:09:38 -06:00
Peter Rifel 9242c34a38
Setup a second NLB listener on 8443 when sslCertificate is set 2020-11-06 11:09:37 -06:00
Peter Rifel 6c5b2fc58f
Add support for multiple NLB listeners and target groups 2020-11-06 11:09:36 -06:00
Ole Markus With 3c76610688 Remove the commented code. We can always retrieve it later 2020-11-06 09:53:10 +01:00
Ciprian Hacman a3a0b91b5f Order policy document sections alphabetically 2020-11-04 16:15:00 +02:00
Kubernetes Prow Robot 578920e921
Merge pull request #10162 from rifelpet/nlb-sg 
Fix additionalSecurityGroups support for NLB
 2020-11-03 08:02:16 -08:00
Peter Rifel 860249f6b7
Fix additionalSecurityGroups support for NLB 
We were correctly adding the security groups to the master ASGs but identified them incorrectly.
 2020-11-03 08:22:24 -06:00
Peter Rifel f08284834e
Move NLB's VPC CIDR security group rule logic into model 
This way the security group rule task doesn't need to be aware of VPCs, since we know the VPC CIDR ahead of time via cluster spec.

This also fixes the terraform and cloudformation rendering of this rule (see the added cidr block in the integration test outputs)

These rules are for NLB's health checks. The AWS docs recommend allowing access from the entire VPC CIDRs
Also add rules for additionalNetworkCIDRs, supporting VPCs with multiple CIDR blocks.
 2020-11-03 08:13:32 -06:00
Christian Joun e91ed11449
Implement API load balancer class with NLB and ELB support on AWS (#9011) 
* refactor TargetLoadBalancer to use DNSTarget interface instead of LoadBalancer

* add LoadBalancerClass fields into api

* make api machinery

* WIP: Implemented API loadbalancer class, allowing NLB and ELB support on AWS for new clusters.

* perform vendoring related tasks and apply fixes identified from hack/

dissallow spotinst + nlb
remove reflection in status_discovery.go
Add precreated additional security groups to the Master nodes in case of NLB
Remove support for attaching individual instances to NLB; only rely on ASG attachments
Don't specify Classic loadbalancer in GCE integration test

* add utility function to the kops model context to make LoadBalancer comparisons simpler

* use DNSTarget interface when locating DNSName of API ELB

* wip: create target group task

* Consolidate TargetGroup tasks

* Use context helper for determining api load balancer type to avoid nil pointers

* Update NLB creation to use target group ARN from separate task rather than creating a TG in-line

* Address staticcheck and bazel failures

* Removing NLB Attachment tasks because they're not used since we switched to defining them as a part of the ASGs

* Address PR review feedback

* Only set LB Class field for AWS clusters, fix nil pointer

* Move target group attributes from NLB task to TG task, removing unused attributes

* Add terraform and cloudformation support for NLBs, listeners, and target groups

* Update integration test for NLB support

* Fix NLB name format to pass terraform validation

* Preserve security group rule names when switching ELB to NLB to reduce destructive terraform changes

* Use elbv2 enums and address some TODOs

* Set healthcheck values in target group

* Find TG tags, fix NLB name detection

* Fix more spurious changes reported by lifecycle integration test

* Fix spotinst validation, more code cleanup

* Address more PR feedback

* ReconcileTargetGroups unit test + more code simplification

* Addressing PR feedback Renaming task 1. awstasks.LoadBalancer -> awstasks.ClassicLoadBalancer

* Addressing PR feedback Renaming task: ELBName() -> CLBName() / LinkToELB() -> LinkToCLB()

* Addressing PR feedback: Various text changes

* fix export of kubecfg

* address TargetGroup should have the same name as the NLB

* should address error when fetching tags due to missing ARN

* Update expected and crds

* Add feature table to NLB docs

* Address more feedback and remove some TODOs that arent applicable anymore

* Update spotinst validation error message

Co-authored-by: Peter Rifel <pgrifel@gmail.com>
 2020-11-02 05:28:52 -08:00
Ciprian Hacman 91d9c061dd Simplify etcd options builder 2020-10-30 09:11:00 +02:00
John Gardiner Myers 2ac17bee69 Remove code for no-longer-supported k8s releases 2020-10-29 16:45:53 -07:00
Peter Rifel 6318e90128
Ignore changes reported by subsequent updates 
Usually this is an "actual.Foo = e.Foo" one-liner but we don't know which LB attached to an ASG is the API ELB so it's a bit more complicated
 2020-10-29 12:34:20 -05:00
Peter Rifel 7497edaf7c
Lookup LoadBalancerName when only the LB task name is known 2020-10-29 12:13:23 -05:00
Kubernetes Prow Robot f466403912
Merge pull request #9794 from rdrgmnzs/lb-attachment 
Prevent unintended resource updates to LB attatchments
 2020-10-28 15:18:59 -07:00
Rodrigo Menezes 41adf07e15 cleanup code 2020-10-28 11:11:58 -07:00
Javi Polo c2684bcf7b Add nodeLocalDNSCache.kubeDnsOnly option 2020-10-27 10:46:25 +01:00
Rodrigo Menezes 9bd0a7aedb Add instruction for no downtime 2020-10-26 18:11:46 -07:00
Rodrigo Menezes dbbd0dd802 Move external LB and target group to inline as well. 2020-10-26 17:30:06 -07:00
Rodrigo Menezes 82d0ebdb56 Prevent unintended resource updates to LB attatchments 2020-10-26 17:29:07 -07:00
Kubernetes Prow Robot c9aa53895a
Merge pull request #10048 from hakman/container-runtime-assets 
Install container runtime packages as assets
 2020-10-25 21:03:01 -07:00
Kubernetes Prow Robot fbb172c08c
Merge pull request #9575 from johngmyers/node-labels 
Take node labels from cloud tags on AWS
 2020-10-23 04:01:45 -07:00
binkkatal e32717f31d FIX: Change int fields to string 
The ./hack/update-expected.sh script generates some fields which are
required to be string fields and hence results in linting errors.

This PR changes those fields to string/*string and removes lint
warnings.
 2020-10-20 19:28:20 +05:30
Kubernetes Prow Robot 18ffb493bf
Merge pull request #10061 from zetaab/fixegress 
do not create egress rules when using vipacl octavia
 2020-10-16 10:01:26 -07:00
Jesse Haka 33e2de60e5 do not create egress rules when using vipacl octavia 2020-10-16 14:11:22 +03:00
Ole Markus With 29a1cb2a9f If we use node local dns, always use the nld local ip as cluster dns 2020-10-16 12:46:17 +02:00
Ciprian Hacman 23e73a5b8e Release 1.19.0-alpha.5 2020-10-15 07:09:46 +03:00
Ciprian Hacman 852bebe165 Install container runtime packages as assets - Misc 2020-10-14 15:41:51 +03:00
Kubernetes Prow Robot 8c6bb14e15
Merge pull request #10033 from hakman/container-runtime-defaults 
Update Docker version defaults for older k8s versions
 2020-10-10 23:14:47 -07:00
Ciprian Hacman 2c15acfa44 Enable Calico AWS src/dest check permissions when CrossSubnet is set 2020-10-10 04:17:19 +03:00
Ciprian Hacman 95f9228e54 Update Docker version defaults for older k8s versions 2020-10-09 17:12:37 +03:00
Ciprian Hacman d0349fd6bb Open etcd port only when Calico uses "etcd" datastore 2020-10-09 09:33:38 +03:00
monicagangwar a63ccd5163 [calico] awsSrcDstCheck to disable src/dest checks in AWS 
* replacing k8s-ec2-srcdst with calico's config awsSrcDstCheck and
  flag FELIX_AWSSRCDSTCHECK
* documentation and iam changes for calico awsSrcDstCheck
 2020-10-08 17:17:23 +05:30
Ole Markus With 7c8ff94631 Make setupmockopenstack standalone 2020-10-01 19:15:39 +02:00
Kubernetes Prow Robot 4840582429
Merge pull request #9996 from rifelpet/additional-network-cidr 
Fix support for multiple additionalNetworkCIDR blocks
 2020-10-01 03:52:56 -07:00
Ole Markus With 7eb1489945 Bump cilium to 1.8.4 2020-10-01 10:21:10 +02:00
Kubernetes Prow Robot 13cbd84886
Merge pull request #9967 from olemarkus/cilium-hubble-pointer 
Cilium hubble pointer
 2020-09-30 12:36:54 -07:00
Peter Rifel db1b4e301c
Reconcile deletion of VPC CIDR block associations 2020-09-30 09:34:22 -05:00
Peter Rifel 4bcfebebcc
Fix the detection and rendering of multiple additionalNetworkCIDR blocks 2020-09-27 20:12:09 -05:00
Ole Markus With 6797998ac1 Consolidate all buildMinimalClusters into a generic test cluster builder 2020-09-19 19:55:19 +02:00
Kubernetes Prow Robot bca601d1da
Merge pull request #9969 from hakman/docker-19.03.13 
Update Docker to v19.03.13
 2020-09-18 10:46:46 -07:00
Kubernetes Prow Robot 255cd59b67
Merge pull request #9964 from rifelpet/sa-partition 
Add AWS partition support to iam service account roles
 2020-09-18 06:48:46 -07:00
Kubernetes Prow Robot e7bfedd1ac
Merge pull request #9921 from olemarkus/nth 
Add addon for aws node termination handler
 2020-09-18 03:10:45 -07:00
Ciprian Hacman 96e3fefd85 Update Docker to v19.03.13 2020-09-18 12:14:43 +03:00
Ole Markus With b9111c78e7 Make hubbleSpec into a pointer 2020-09-18 09:23:52 +02:00
Ciprian Hacman fcc486d250 Update containerd to v1.4.1 2020-09-18 10:01:30 +03:00
Ole Markus With b9212f85ad Add addon for aws node termination handler 2020-09-17 21:09:28 +02:00
Peter Rifel d4d4545345
Add AWS partition support to iam service account roles 2020-09-17 10:01:27 -05:00
Ciprian Hacman 0eb626fcdd Release 1.19.0-alpha.4 2020-09-16 11:37:38 +03:00
Kubernetes Prow Robot 50e61d6bc9
Merge pull request #9924 from hakman/additional-policies-shared-roles 
Only add additional policies to kops managed IAMRoles
 2020-09-15 20:03:19 -07:00
Ole Markus With b8bc6d35b8 Force external cloud controller manager on OS 2020-09-15 18:49:51 +02:00
Ole Markus With 6efb91a15b Don't write application credentials to cloud config unless external CCM is enabled 2020-09-15 09:45:09 +02:00
Kubernetes Prow Robot a93febf5a6
Merge pull request #9911 from hakman/fix-gossip 
Allow the BootstrapClient task to run after Protokube
 2020-09-13 21:10:57 -07:00
Kubernetes Prow Robot 58092b5666
Merge pull request #9925 from olemarkus/cas-fixes 
Add missing flags to cluster autoscaler template
 2020-09-13 00:58:57 -07:00
Ole Markus With 2b5950c24c Add missing flags to template 2020-09-12 08:24:29 +02:00
Ciprian Hacman 07be801a12 Only add additional policies to kops managed IAMRoles 2020-09-12 08:36:24 +03:00
Kubernetes Prow Robot ccd810dad9
Merge pull request #9907 from olemarkus/openstack-no-volume-type 
Remove constraint of setting volume type for OS
 2020-09-11 01:14:14 -07:00
John Gardiner Myers 54c280eed5 update-expected.sh 2020-09-10 20:59:28 -07:00
John Gardiner Myers 7069aaabf6 Take node labels from cloud tags on AWS 2020-09-10 20:59:24 -07:00
Ciprian Hacman c1e0991153 Skip the iamPolicy.DNSZone task when using gossip 2020-09-10 22:55:36 +03:00
Evgeny Zislis 608a561f8c
only apply external policy tasks on non-shared iam 2020-09-10 12:58:54 +03:00
Kubernetes Prow Robot 036ea69525
Merge pull request #9352 from justinsb/irsa_with_public 
Simplified form of IAM Roles for ServiceAccounts
 2020-09-09 22:23:44 -07:00
Ole Markus With ecfdf5715b Remove constraint of setting volume type for OS 
There is no real reason to do this. In some cases this may even prevent
clusters from starting where there is no explicit volume type defined in
cinder.
 2020-09-09 20:53:17 +02:00
Chris Loukas 65610dbcee Update NodeLocalDNSConfig with Mem/CPU requests 
Add NodeLocalDNS.CPURequest and NodeLocalDNS.MemoryRequest to
configure resource requests.

If not explicitly set, fall back to 25m and 5Mi
 2020-09-09 18:40:14 +03:00
Justin SB 6fa8be2716 JSON formatting of IAM: Workaround for optional fields 
AWS IAM is very strict and doesn't support `Resource: []` for example.
We implement a custom MarshalJSON method to work around that.
 2020-09-09 09:57:07 -04:00
Justin Santa Barbara d8895c57ec Add version logic to UseServiceAccountIAM 
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-09-09 09:57:07 -04:00
Justin SB a61ecf4c58 Refactor to use interface for iam Subjects 
Hat-tip to johngmyers for the idea!
 2020-09-09 09:57:07 -04:00
Justin SB f05980f6ba IAM Policy: rely on stub resolution/unification 
This avoids the hacky search through the list of tasks.
 2020-09-09 09:57:06 -04:00
Justin SB 8498ac9dbb Create PublicJWKS feature flag 
This should be much easier to start and to get under testing; it only
works with a load balancer, it sets the apiserver into anonymous-auth
allowed, it grants the anonymous auth user permission to read our jwks
tokens.  But it shouldn't need a second bucket or anything of that
nature.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-09-09 09:57:06 -04:00
Ole Markus With 886b4c97cb Don't explicitly set insecure-bind-address on newer k8s 2020-09-09 11:41:51 +02:00
Ole Markus With 54ccc92829 Remove unused functions 2020-09-05 20:22:21 +02:00
Ole Markus With 0bd29dd4c7 Remove old servergroup test 2020-09-05 20:22:21 +02:00
Ole Markus With 4a21a532da Add golden tests for openstack servergroup 2020-09-05 20:22:21 +02:00
Kubernetes Prow Robot bac4afa3e5
Merge pull request #9871 from olemarkus/cilium-upgrades-sept-2 
Bump cilium to 1.8.3
 2020-09-05 09:15:41 -07:00
Ole Markus With 3ac61c7ea9 Bump cilium to 1.8.3 2020-09-05 10:47:48 +02:00
Ole Markus With a0e9fab104 Implement cluster autoscaler as bootstrap addon 
Use provider-agnostic node definition for cas instead of aws auto-discovery

Validate clusterAutoscalerSpec

Add spec documentation

Add cas docs

Make CRDs

Apply suggestions from code review

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>

Add enabled flag to cas config

Apply suggestions from code review

Co-authored-by: Guy Templeton <guyjtempleton@googlemail.com>

Add support for custom cas image

Support more k8s versions

Use full image names
 2020-09-03 09:52:13 +02:00
Justin SB 5d1e7bcf82 Refactor IAM route53 construction 
This helps for the JWKS / ServiceAccount role support.
 2020-09-01 11:34:42 -04:00
Ole Markus With 715e46d58e Upgrade cilium versions 2020-08-31 12:01:03 +02:00
Justin SB 786423f617 Expose JWKS via a feature-flag 
When the PublicJWKS feature-flag is set, we expose the apiserver JWKS
document publicly (including enabling anonymous access).  This is a
stepping stone to a more hardened configuration where we copy the JWKS
document to S3/GCS/etc.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-08-30 10:15:11 -04:00
Kubernetes Prow Robot e5e8908cce
Merge pull request #9821 from olemarkus/openstack-newer-nova-3 
Reconcile ports and floating ips
 2020-08-27 07:15:53 -07:00
Kubernetes Prow Robot 6a33402702
Merge pull request #9820 from olemarkus/managed-sgs 
Remove unknown rules from managed security groups on openstack
 2020-08-27 03:43:03 -07:00
Kubernetes Prow Robot b00f8049b6
Merge pull request #9808 from hakman/kope-to-k8s.gcr.io 
Pull images from k8s.gcr.io/kops instead of docker.io/kope
 2020-08-26 07:18:05 -07:00
Ole Markus With 8e4f3b1458 Tags are never used 2020-08-26 14:17:24 +02:00
Ole Markus With 5cb63fb788 Fail if we find multiple sgs with same name 2020-08-26 13:41:15 +02:00
Ole Markus With 14a6f92f53 Delete SG rules that kops don't explicitly add to managed SGs 2020-08-26 11:09:22 +02:00
Ole Markus With 6cc7153bbe Don't fatal on non-fatal things in servergroup tests 2020-08-26 10:52:34 +02:00
Ole Markus With d6615e523d Remove some duplicate code 2020-08-26 10:52:34 +02:00
Justin SB b158ffab04 Refactor: KopsModelContext embeds IAMModelContext 
go syntax makes this an annoying change, unfortunately.
 2020-08-25 11:22:34 -04:00
Ciprian Hacman a4ff90205a Pull images from k8s.gcr.io/kops instead of docker.io/kope 2020-08-25 08:04:36 +03:00
Peter Rifel dd75c1ed91
make apimachinery crds gomod, update-expected.sh 2020-08-24 10:58:09 -05:00
Kubernetes Prow Robot 9cb6797f67
Merge pull request #9801 from hakman/release-1.19.0-alpha.3 
Release 1.19.0-alpha.3
 2020-08-24 08:53:41 -07:00
Peter Rifel 7d9f0a06cf
Update API slice fields to not use pointers 
This is causing problems with the Kubernetes 1.19 code-generator.
A nil entry in these slices wouldn't be valid anyways, so this should have no impact.
 2020-08-24 07:46:38 -05:00
Ciprian Hacman 2d61ab0876 Bump kops to v1.19.0-alpha.3 2020-08-23 12:07:44 +03:00
Ciprian Hacman 2880e22bce Add flag for root volume encryption 2020-08-21 18:31:21 +03:00
Kubernetes Prow Robot 8a81d94c7b
Merge pull request #9773 from victorfrancax1/7286 
Adding support for permission boundaries for AWS IAM Roles
 2020-08-19 06:51:11 -07:00
Michael Wagner df5cc6a71b feat(openstack): propagate cloud labels to machines 2020-08-19 09:05:51 +02:00
Victor Ferreira 3aaa9a7c0f feat(aws): adding support to permission boundaries for IAM Roles 2020-08-19 01:16:13 -03:00
Kubernetes Prow Robot ee366e8958
Merge pull request #9779 from johngmyers/calico-client-iam 
Don't give access to calico-client key when not needed
 2020-08-18 21:07:11 -07:00
Kubernetes Prow Robot f1a0e0312f
Merge pull request #9777 from hakman/containerd-1.4.0 
Add support for containerd v1.4.0
 2020-08-18 14:45:11 -07:00
John Gardiner Myers ba96a84926 Don't give access to calico-client key when not needed 2020-08-18 13:45:27 -07:00
Kubernetes Prow Robot af1b935ce2
Merge pull request #9778 from olemarkus/openstack-fix-noisy-env-vars 
Only add OS variables if they are needed
 2020-08-18 13:05:10 -07:00
Ole Markus With 94833faca5 Only add OS variables if they are needed 2020-08-18 20:58:54 +02:00
Ciprian Hacman 537ad60191 Add support for containerd v1.4.0 2020-08-18 10:04:18 +03:00
John Gardiner Myers 07220797b4 Issue the cilium etcd client cert out of kops-controller 2020-08-17 21:15:34 -07:00
John Gardiner Myers b6947ccaee Use kops-controller to issue kube-router cert 2020-08-16 23:40:38 -07:00
John Gardiner Myers 8e43c1d637 Use kops-controller to issue kube-proxy cert 2020-08-16 23:36:42 -07:00
Peter Rifel 4d9f0128a3
Upgrade to klog2 
This splits up the kubernetes 1.19 PR to make it easier to keep up to date until we get it sorted out.
 2020-08-16 20:56:48 -05:00
John Gardiner Myers c5871df319 Get kubelet certificate from kops-controller 2020-08-15 10:30:20 -07:00
John Gardiner Myers 00c60ddff6 Add server code to kops-controller 2020-08-15 09:46:30 -07:00
Kubernetes Prow Robot 96ab8423b1
Merge pull request #9566 from hakman/arm64-images 
Add ARM64 support for masters
 2020-08-14 20:46:17 -07:00
Kubernetes Prow Robot ec8b47d725
Merge pull request #9593 from johngmyers/kubectl-lifetime 
Reduce the lifetime of exported kubecfg credentials
 2020-08-14 19:24:18 -07:00
liranp 64c07b336a
feat(spot/ocean): add support for instance types in launchspec 2020-08-13 16:32:54 +03:00
Ole Markus With 25d98796e2 Add cinder plugin 2020-08-11 10:15:12 +02:00
Ciprian Hacman c51a811c21 ARM64 support - Update expected tests output 2020-08-10 13:47:07 +03:00
Ciprian Hacman 172031859d ARM64 support - Build multi-arch images 2020-08-10 13:47:07 +03:00
Ole Markus With fbcdeb2ed6 Respect Topology when assigning floating ips or not 2020-08-08 12:23:09 +02:00
Kubernetes Prow Robot d2f716ca80
Merge pull request #9703 from olemarkus/openstack-cilium 
Add support for cilium on openstack
 2020-08-07 12:51:57 -07:00
Kubernetes Prow Robot 2d3fd9c197
Merge pull request #9702 from olemarkus/openstack-application-credentials 
Adds support for using OS application credentials
 2020-08-07 06:16:19 -07:00
Ole Markus With a708a96c05 Adds support for using OS application credentials 
Application credentials allows you to export a purpose-specific set of
credentials for a user instead of exposing user login credentials.
Especially useful when using LDAP or similar for Openstack users.
Also lets you rotate credentials more easily since multiple application
credentials can be provisioned per user.

Update pkg/model/bootstrapscript.go

Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>
 2020-08-07 14:26:47 +02:00
Ole Markus With 84d2dcb624 Use SG to SG rule for cni tcp/udp rules 2020-08-07 09:39:44 +02:00
Ole Markus With c5ddd3885c Add support for cilium on openstack 2020-08-07 09:39:44 +02:00
liranp 0cfa2bb6a7
fix(spot/ocean): default instance group should be optional 2020-08-06 19:32:19 +03:00
liranp 4d8866824f
fix(spot): change `ScaleDown.MaxPercentage` from int to float64 2020-08-04 23:40:44 +03:00
Ole Markus With 6b81916a5d Fix potential npr 2020-08-04 08:22:00 +02:00
Ole Markus With 7e2366ac64 Determine fixedip for api cert directly in nodeup 2020-08-04 08:22:00 +02:00
Ole Markus With 460c0f3801 If there is no external network specified, no router is needed 2020-08-04 08:22:00 +02:00
Justin SB c64abd4301 Release 1.19.0-alpha.2 2020-07-31 07:59:05 -04:00
Peter Rifel a17581e21d
Add cloud tags to AWS SSH Keys 2020-07-28 13:35:09 -05:00
John Gardiner Myers 8258dcd395 Exempt OpenStack from the EnableExternalCloudController feature flag 2020-07-25 13:12:25 -07:00
Kubernetes Prow Robot a00268d511
Merge pull request #9554 from olemarkus/openstack-fixes 
Openstack fixes
 2020-07-23 13:06:25 -07:00
John Gardiner Myers a45b07c156 Reduce the lifetime of exported kubecfg credentials 2020-07-17 22:39:01 -07:00
Kubernetes Prow Robot 065824851b
Merge pull request #9476 from srikiz/DO-implement-validate-cluster 
[Digital Ocean] Implement KOPS validate cluster
 2020-07-15 12:12:37 -07:00
Srikanth 160a4b81c9 incorporate review comments to use instance group name for DO instance group tag 2020-07-14 13:25:01 +05:30
Ole Markus With ecca2fda82 When using bastion and expecting no floating IPs, topology should be private 2020-07-12 22:08:30 +02:00
Ole Markus With fd7490e3e2 Only add floating IPs to nodes if we have a public topology for nodes 2020-07-12 21:08:13 +02:00
Ole Markus With b508696cf2 Make Instance task depend on floating ip 
Originally, floating ips depended on instances, but this causes a dependency cycle now that bootstrap scripts require all IPs for the API cert.
This also requires using networking API for creating floating ips instead of compute so that we can name (and later tag) the floating IPs, which is necessary to know which floating IP belongs to which instance prior to association
 2020-07-12 21:08:13 +02:00
Ole Markus With 4a16223361 Create master API security group unconditionally 
Needed somewhere anyway. Failing to create this one errors with missing task
 2020-07-12 21:08:13 +02:00
Kubernetes Prow Robot 33722a9eca
Merge pull request #9534 from johngmyers/fix-multi-master 
Use a stable key for signing service account tokens
 2020-07-12 12:04:33 -07:00
John Gardiner Myers ac13557e03 Add missing lifecycle to etcd keypair tasks 2020-07-11 22:27:53 -07:00
John Gardiner Myers 70926d43fc Use a stable key for signing service account tokens 2020-07-11 13:18:50 -07:00
Ciprian Hacman 06df2cc123 Re-enable disk based evictions for Kubernetes 1.19 2020-07-09 19:36:11 +03:00
John Gardiner Myers 479b4860e8 Remove deprecated function 2020-07-06 22:48:01 -07:00
Kubernetes Prow Robot 0c62641dad
Merge pull request #9354 from johngmyers/refactor-certs-2 
Continue refactoring certs into nodeup
 2020-07-06 17:13:57 -07:00
Kubernetes Prow Robot a97fc42666
Merge pull request #9491 from johngmyers/nodeport-dns 
Default ClusterDNS appropriately when NodeLocalDNS is enabled
 2020-07-05 22:28:50 -07:00