kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,683 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

1811 Commits

Author SHA1 Message Date
justinsb caff7e36ad gce: open node->master ports for calico and cilium 
We're taking the opportunity to pursue a locked-down model, but this
means we need to open ports explicitly.
 2021-10-25 08:31:21 -04:00
justinsb d363bf3dad GCE: improve network & subnet terraform support 
We should use the subnet spec in the Cluster, and default to creating
a new subnet/network, but allow an existing one to be specified.
 2021-10-24 17:41:14 -04:00
justinsb 0611e4f638 gce: open kops-controller port from nodes 
This is now needed in our nodeup bootstrap with vTPM on GCE.

Also remove the cadvisor port, it is no longer running on the control-plane nodes.
 2021-10-24 13:47:16 -04:00
Kubernetes Prow Robot 16003d1b30
Merge pull request #12549 from spotinst/feat-ocean-itypes 
Spotinst: Get instance types from `mixedInstancesPolicy` field
 2021-10-24 08:26:22 -07:00
justinsb af76c4c20a gce: allow router to refer to network object 
This allows for our execution model to work a little more smoothly.
 2021-10-24 09:19:06 -04:00
Kubernetes Prow Robot 7912fe22e8
Merge pull request #12590 from justinsb/gce_network_shared 
GCE: Allow network to be marked as shared
 2021-10-23 22:38:21 -07:00
justinsb 860b033ddc gce: allow network to be marked as shared 2021-10-23 23:54:39 -04:00
Kubernetes Prow Robot af85e5e52e
Merge pull request #12309 from olemarkus/lbc-security 
Allow AWS LBC to attach certificates
 2021-10-23 13:16:21 -07:00
Kubernetes Prow Robot f8ba8b11f7
Merge pull request #12437 from olemarkus/cas-delay 
Make it possible to set CAS max-node-provision-time
 2021-10-22 09:34:38 -07:00
Peter Rifel e5ca2d1cd6
./hack/update-expected.sh 2021-10-20 15:15:36 -07:00
Peter Rifel 7b3fc875f9
Add ec2:DescribeLaunchTemplateVersions to CA IAM policy 2021-10-20 15:15:06 -07:00
Ole Markus With 11e68308d1 Disable CNP status updates by default 2021-10-20 14:01:48 +02:00
Ole Markus With 258fd4f9d9 Make it possible to set CAS max-node-provision-time 2021-10-20 13:53:37 +02:00
liranp b3a3526ad0
feat(spot/ocean): get instance types from `mixedInstancesPolicy` 2021-10-18 16:08:45 +03:00
Peter Rifel b1fa018c36
Don't hard-code the SQS Queue ARN partition 2021-10-15 09:49:57 -07:00
Peter Rifel 99c0778106
Upgrade EBS CSI driver to v1.4.0 2021-10-12 14:44:02 -07:00
liranp 30f09f9f07
feat(spot): new metadata label: utilize-commitments 2021-10-12 01:32:09 +03:00
Ciprian Hacman efe21a8d1b Run hack/update-expected.sh 2021-10-07 13:25:37 +03:00
Ciprian Hacman 78f136705e Update etcd-manager to 3.0.20211007 2021-10-07 13:25:37 +03:00
Kubernetes Prow Robot cd4c475851
Merge pull request #12485 from srikiz/DO-implement-vpc-support 
[DigitalOcean] Incorporate existing vpc support for kops
 2021-10-05 03:23:09 -07:00
srikiz 63d6a29021 Minor changes to remove additional logging 2021-10-05 12:17:39 +05:30
Ciprian Hacman 4c8f887547 Update Docker to v20.10.9 2021-10-04 22:25:15 +03:00
Ciprian Hacman af861a8e61 Update containerd to v1.4.11 2021-10-04 20:20:29 +03:00
srikiz 153081f84c Minor changes for fixing vpc association with droplets 2021-10-04 22:21:38 +05:30
John Gardiner Myers 3a346cdc37 Remove unnecessary code 2021-10-02 21:46:17 -07:00
John Gardiner Myers 0fd4dca30e Remove dead code 2021-10-02 20:58:55 -07:00
John Gardiner Myers 8e6214c046 Stop requiring the cluster IAM substruct be present 2021-10-02 20:18:46 -07:00
Kubernetes Prow Robot a61075634c
Merge pull request #12406 from johngmyers/v1alpha3 
Create v1alpha3 apiVersion
 2021-10-02 10:13:06 -07:00
Ole Markus With 8eef72d8e8 Bump CAS images 2021-10-02 09:13:22 +02:00
Ciprian Hacman 1ddc11f0a6 Update containerd to v1.4.10 2021-10-02 07:03:59 +03:00
Peter Rifel 88ddff3baf
Use separate cloud.config files for in-tree vs out-of-tree components 2021-09-30 09:20:33 -05:00
Kubernetes Prow Robot 3dc1d25454
Merge pull request #12439 from rifelpet/nth-truncate 
Truncate cluster name in NTH EventBridgeRules
 2021-09-30 00:58:07 -07:00
Peter Rifel 3311e45767
Truncate cluster name prefix used in event bridge rules 2021-09-29 19:12:49 -05:00
Charles-Edouard Brétéché 7c8c9b9a23 feat: add support for custom audience in aws oidc provider 
fix: missing json tags


fix: code gen


fix: switch to additional audiences


fix: oidc task


fix: add integration test
 2021-09-28 22:39:56 +02:00
Kubernetes Prow Robot ef22270b3f
Merge pull request #12394 from ReillyBrogan/reilly/ciliumBidirectionalMount 
Add bidirectional BPF mount for Cilium >= 1.9.10 or >= 1.10.4
 2021-09-25 09:42:21 -07:00
Kubernetes Prow Robot 92ea7d58cb
Merge pull request #12398 from rifelpet/scheduler-critical 
Remove critical-pod scheduler annotation.
 2021-09-24 08:07:23 -07:00
Kubernetes Prow Robot 1774e6cae3
Merge pull request #12321 from dezmodue/private_bastion 
Add option to create an internal load balancer for the bastion
 2021-09-24 07:23:24 -07:00
John Gardiner Myers 63009934e7 update-bazel.sh 2021-09-23 23:40:08 -07:00
John Gardiner Myers 29efbe5881 Create v1alpha3 API 2021-09-23 22:27:56 -07:00
Reilly Brogan 9c6bf83c93 Update Cilium to 1.10.4 
- Release notes available [here](https://github.com/cilium/cilium/releases/tag/v1.10.4)
 2021-09-23 13:08:57 -05:00
Peter Rifel ca044455a3
Remove critical-pod scheduler annotation. 
This is no longer recognized in all supported k8s versions (1.16+)

ea07644522/CHANGELOG/CHANGELOG-1.16.md (deprecations-and-removals)
 2021-09-22 21:14:50 -05:00
Kubernetes Prow Robot 74f9a8e2fb
Merge pull request #12342 from eddycharly/irsa-wildcard 
feat: add support for wildcard in roles generated for IRSA
 2021-09-22 16:09:10 -07:00
Charles-Edouard Brétéché 5f523366d6 feat: add support for wildcard in roles generated for IRSA 2021-09-23 00:24:45 +02:00
justinsb e2f7895700 GCE: When using calico, need to open up ipip protocol 
We need to open up the ipip protocol, which wasn't previously enabled.

Future work could construct the firewall rules in a common library,
and then adapt them to the various clouds.
 2021-09-21 21:20:24 -04:00
justinsb 3e83b771d6 GCE: For IPAlias or Custom Routes, we must recognize source by CIDR 
SourceTags are not recognized when using IPAlias or custom routes (aka
kubenet), so we must recognize by CIDR instead.
 2021-09-21 08:20:17 -04:00
justinsb 76f816f483 GCE: Always have IPv6 rules in "ipv6 mode" 
If we don't specify some SourceRanges, it defaults to 0.0.0.0/0, which
is IPv4 and confusing.
 2021-09-20 09:26:28 -04:00
justinsb 99764fb168 AWS: Move some subnet functions into AWS model 
We want to move all these eventually, and this is preparing for better
GCE subnet support.
 2021-09-19 12:08:09 -04:00
Kubernetes Prow Robot 66edcba37b
Merge pull request #12354 from justinsb/kcm_conditions_fix 
Fix controller defaults for both bootstrap tokens and ipv6
 2021-09-19 06:48:08 -07:00
Simone Sciarrati 61763d488a Add option to create an internal load balancer for the bastion 2021-09-18 20:47:55 +02:00
justinsb db1ba01e94 Only add IPv6 IAM permissions if using IPv6 
This avoids users wondering what these permissions are for until we
need them.
 2021-09-18 13:49:40 -04:00