Automatic merge from submit-queue.
Support for OIDC 'username-prefix' and 'groups-prefix' flags
### What
Added support for `--oidc-username-prefix` and `--oidc-groups-prefix`.
By passing these it's possible to override the default prefixes used to map the OIDC user with the username in kubernetes.
### See
See: https://kubernetes.io/docs/admin/authentication/#configuring-the-api-server
### IMPORTANT
I'm far from a kubernetes/KOPS, this is not tested so someone needs to have a look and see if something is missing or if this can cause troubles! (don't want to accidentally cause the destruction of the universe 💥 )
It's basically the same done in this other PR: https://github.com/kubernetes/kops/pull/1438/files
I did **not** change the `zz_generated.conversion.go` files as according to comment at the top of them they're autogenerated:
```go
// This file was autogenerated by conversion-gen. Do not edit it manually!
```
(I wonder if they should be `.gitignore`d)
### Fixes
This should fix [#4007: field oidcUsernamePrefix is not recognized in cluster configuration file](https://github.com/kubernetes/kops/issues/4007)
Automatic merge from submit-queue.
Allow additional SGs to be added to API loadbalancer
Allow adding precreated additional security groups to the API loadbalancer using cluster spec:
```yaml
spec:
api:
loadBalancer:
type: Public
additionalSecurityGroups:
- sg-exampleid3
- sg-exampleid4
```
- [x] Adding additionalSecurityGroups cluster spec
- [x] Adding validation for repeated security groups
- [x] Adding validation for API loadbalancer security groups
- [x] Integration test for API loadbalancer and its security groups
- [x] Update API docs and cluster.spec docs
Automatic merge from submit-queue.
Add additionalNetworkCIDRs to support VPCs with multiple CIDRs in AWS
Add additionalNetworkCIDRs to support VPCs with multiple CIDRs in AWS.
@justinsb I cannot find anywhere that does a check on an existing VPC to see if the networkCIDR matches what is on the VPC defined, I was looking for that so I can add a similar check for this. Am I missing something or is there really no check like that?
Automatic merge from submit-queue.
Fix spurious shared InternetGateway renaming
This fixes the original issue described in #476 where `kops update cluster` would continuously report renaming a shared IGW even though it never actually renames it. I also added tests to confirm the behavior change.
I removed the bug mention from the docs although if you would prefer to keep it and instead say `In kops versions before X, ...` I can do that too
Automatic merge from submit-queue.
Minor update to docs/aws.md
Updates the backtick syntax to `$(...)`, plus a minor grammar fix.
I wasn't sure if I needed to fill out a CLA for just a documentation update. Let me know if I should!
_Update:_ Never mind, I've signed the agreement now!
Automatic merge from submit-queue.
Add edit flag so create instancegroup command is usable on scripts
Until now, the opening of an interactive editor when creating a new instance group was mandatory.
This this commit, a new flag is added, so this is now optional.
This commit is backwards compatible.
* Limit each CNI provider to 100m
* Remove CPU limits - they cause serious problems
(https://github.com/kubernetes/kubernetes/issues/51135), but this also
makes the CPU allocation less problematic.
* Bump versions and start introducing the `-kops.1` suffix preemptively.
* Upgrade flannel to 0.9.0 as it fixes a lot.
Kubernetes Submit Queue
Aldo "xoen" Giambelluca
Manuel de Brito Fontes
Joel Bastos
Rodrigo Menezes
Abdullah Almariah
krogon-dp
Peter Rifel
Sellers, Chris G
Yi Qing Sim
Justin Santa Barbara
Mike Splain
chrislovecnm
Kashif Saadat
Moshe-Immerman
Serge Ohl
Dan Murphy
Johannes 'fish' Ziemke
Julio Chana
Shashank Tomar