kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,683 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

1811 Commits

Author SHA1 Message Date
Michael Wagner 99330549e4 feat(openstack): enrich ports with more metadata 
The overall goal is to get rid of the specific port names and replace
them with hashed ones. This in turn allows us to introduce rolling
updates for Openstack in a later stage.
 2021-08-09 08:49:12 +02:00
Peter Rifel 9c824e80f8
Pass AZURE_ENVIRONMENT to nodeup 
This allows nodeup to use the same azure environment as the kops cli, working towards support for azure government.
 2021-08-08 15:34:44 -04:00
Kubernetes Prow Robot 64f00d71ae
Merge pull request #12109 from olemarkus/useserviceaccountexternalpermissions 
Remove UseServiceAccountIAM feature flag and rename feature to UseServiceAccountExternalPermissions
 2021-08-07 15:13:30 -07:00
Kubernetes Prow Robot a9a5865032
Merge pull request #12111 from rifelpet/os-lb-vipacl 
In-line openstack loadbalancer feature detection
 2021-08-07 12:31:29 -07:00
Ole Markus With 0439bb0d76 Remove UseServiceAccountIAM feature flag and rename feature to UseServiceAccountExternalPermissions 2021-08-07 21:20:03 +02:00
Ole Markus With ce86d851aa IRSA support for CCM 
Update pkg/model/components/addonmanifests/awscloudcontroller/iam.go

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-08-07 10:27:36 +02:00
Ole Markus With 2042912a5b Remap IRSA for DaemonSets too 2021-08-07 07:41:47 +02:00
Peter Rifel ce821a614f
In-line openstack loadbalancer feature detection 
This was our only reliance on cloud-provider-openstack which depends on k8s.io/kubernetes.

With the logic in-lined, kops no longer has any indirect dependencies of k/k
 2021-08-06 08:19:53 -04:00
Kubernetes Prow Robot 3a293781a6
Merge pull request #11784 from ederst/add-os-config-drive 
Launch Openstack instances with config drive
 2021-08-04 00:49:24 -07:00
Kubernetes Prow Robot 3ee3e30267
Merge pull request #12096 from hakman/docker-20.10.8 
Update Docker to v20.10.8
 2021-08-03 21:39:24 -07:00
Ciprian Hacman 92ab49cdfb Update Docker to v20.10.8 2021-08-04 06:19:43 +03:00
AkiraFukushima 2fd69ba3a3
Remove access log attributes when the spec is removed from cluster spec 2021-08-03 17:45:20 +09:00
AkiraFukushima 226cbe5561
Support AWS LB access log configuration for NetworkLoadBalancer 2021-08-03 12:12:16 +09:00
Cheyi Lin 408bb7dfbe Add nth rebalance recommendation configs 2021-08-02 16:20:17 +08:00
Ciprian Hacman 541d328812 Update containerd to v1.4.9 2021-07-30 07:30:42 +03:00
Kubernetes Prow Robot 91ee2e31fb
Merge pull request #12072 from rifelpet/lc-cleanup 
Cleanup various references to LaunchConfigurations
 2021-07-29 20:29:37 -07:00
Peter Rifel a0a6e3c974
Cleanup various references to LaunchConfigurations 2021-07-29 22:25:01 -04:00
AkiraFukushima 50ab82ed04
Support AWS LB access log configuration in cluster spec 2021-07-29 22:39:23 +09:00
Ciprian Hacman b6464658d4 Update containerd to v1.4.8 2021-07-29 05:27:10 +03:00
John Gardiner Myers 80eb3c42ac hack/update-expected.sh 2021-07-23 14:11:10 -07:00
John Gardiner Myers b94bcafe56 Remove unnecessary IAM permission 2021-07-23 14:03:41 -07:00
Kubernetes Prow Robot 34ce86adf2
Merge pull request #12019 from johngmyers/catasks-nobootstrap 
Fix certificate bootstrap for non-kops-controller-bootstrap cloud providers
 2021-07-19 15:56:15 -07:00
Ole Markus With 7c448d3535 Remove redundant call to addSnapshotPermissions 2021-07-19 21:19:05 +02:00
Ole Markus With 28bd45a8fa Add irsa support for nth 2021-07-19 15:12:35 +02:00
John Gardiner Myers 1f705615c7 hack/update-expected.sh 2021-07-18 13:37:20 -07:00
John Gardiner Myers e9fc12b4f3 Fix certificate bootstrap for non-kops-controller-bootstrap cloud providers 2021-07-18 13:37:19 -07:00
Ciprian Hacman 4d7ebd343c
Release 1.22.0-alpha.2 (#12012) 2021-07-17 21:42:51 -07:00
John Gardiner Myers e6ede8f4a9 Don't provision SSH key by default on AWS 2021-07-17 16:33:26 -07:00
Ole Markus With f0390eda29 Dedicated function for ccm permissons 
Update pkg/model/iam/iam_builder.go

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2021-07-16 19:39:57 +02:00
Kubernetes Prow Robot e187359069
Merge pull request #11962 from rifelpet/azure-vmss-zone 
Azure - support VMSS availability zones
 2021-07-15 05:58:48 -07:00
Peter Rifel affbeb3c5b
Fix Azure zone number format passed to VMSS API 2021-07-14 19:06:28 -04:00
John Gardiner Myers e185c8148d hack/update-expected.sh 2021-07-11 11:16:11 -07:00
John Gardiner Myers 9dbf3479d6 Stop writing the certificate-only keyset.yaml 2021-07-11 11:16:11 -07:00
John Gardiner Myers d58a19e1bd Refactor service-account signing key 2021-07-10 17:31:59 -07:00
John Gardiner Myers 0e25ceaadd Change "kubernetes-ca" to have that in the CN 2021-07-09 00:12:30 -07:00
Peter Rifel 9552b25050
Azure - support VMSS availability zones 
Azure's subnets are regional so we use similar functionality to GCE where we reference the InstanceGroup's zones rather than a subnet's zone.
IG Zones are already populated on cluster creation here: b358037896/upup/pkg/fi/cloudup/new_cluster.go (L682-L684)
 2021-07-08 23:10:23 -04:00
John Gardiner Myers cdf26302b2 hack/update-expected.sh 2021-07-08 18:46:03 -07:00
John Gardiner Myers c35d101a89 Refactor keysets for etcd-manager 2021-07-08 18:46:03 -07:00
Ciprian Hacman fd08e2b047 Run hack/update-expected.sh 2021-07-08 22:12:12 +03:00
Ciprian Hacman 1e41439e36 Use etcd v3.5.0 for Kubernetes 1.22+ 2021-07-08 22:09:22 +03:00
Ole Markus With a98bfdb64f Allow filefs to be used to mock s3 policies 2021-07-04 07:34:56 +02:00
Kubernetes Prow Robot 2e4a1ae143
Merge pull request #11921 from johngmyers/rename-k8s-ca 
Rename the "ca" keyset to "kubernetes-ca"
 2021-07-03 21:48:18 -07:00
Kubernetes Prow Robot cf834ce5fc
Merge pull request #11843 from olemarkus/reduce-policy-size-further 
Reduce policy size further
 2021-07-03 17:58:18 -07:00
John Gardiner Myers 5834fc2690 hack/update-expected.sh 2021-07-03 17:33:13 -07:00
John Gardiner Myers 921d09523e Rename the "ca" keyset to "kubernetes-ca" 2021-07-03 17:33:13 -07:00
Peter Rifel df1f9d4986
Remove unused test files from legacy IAM 2021-07-03 12:17:59 -04:00
Ole Markus With aefa906491 Do not set both CIDR and IPv6CIDR on sg rules 2021-07-03 07:57:35 +02:00
Peter Rifel c5fbcccfa6
Update pause image to 3.5 2021-07-02 06:40:27 -04:00
John Gardiner Myers 5c5969d102 hack/update-expected.sh 2021-07-01 22:25:51 -07:00
John Gardiner Myers 1e0c6cb1aa Refactor apiserver-aggregator-ca 2021-07-01 22:25:47 -07:00
John Gardiner Myers 186aaf6d96 hack/update-expected.sh 2021-07-01 14:45:32 -07:00
John Gardiner Myers 7162a7473a Remove dead code 2021-07-01 13:58:51 -07:00
Kubernetes Prow Robot 19ffc06d3d
Merge pull request #11853 from johngmyers/override-issuer 
Allow overriding the ServiceAccountIssuer for IRSA
 2021-07-01 04:43:54 -07:00
Ole Markus With aad2912710 Add sets for the remaining addons 2021-07-01 10:37:57 +02:00
Ole Markus With df5b58b1b3 Add sets for the typical default role perms 2021-07-01 10:28:01 +02:00
Ole Markus With 37271998e1 Use sets for aws lbc permissions 2021-07-01 10:19:40 +02:00
Ole Markus With c7bd1c1529 Add s3 policies to integration tests 2021-07-01 09:26:58 +02:00
Ole Markus With 9885714957 Use NewPolicy for the non-master roles 2021-07-01 09:19:35 +02:00
Ole Markus With 19833e6b73 Use sets for ebscsidriver permissions 2021-07-01 09:02:04 +02:00
Ole Markus With d8bf4dcae1 NewPolicy function for instantiating policy struct 2021-07-01 08:39:43 +02:00
John Gardiner Myers 3de05a500e Refactor etcd-clients-ca keyset for api-server 2021-06-30 18:55:30 -07:00
Kubernetes Prow Robot ee048e89e7
Merge pull request #11872 from johngmyers/refactor-serviceaccount 
Refactor nodeup APIServer builder, part one
 2021-06-28 10:42:01 -07:00
Kubernetes Prow Robot 917c965c8f
Merge pull request #11873 from hakman/avoid_spurious_changes 
Avoid spurious changes for ASG InstanceProtection and LT InstanceMonitoring
 2021-06-27 19:59:24 -07:00
Kubernetes Prow Robot dd8d2d92d8
Merge pull request #11796 from johngmyers/fullcluster-managedfile 
Write config as ManagedFile
 2021-06-27 10:57:24 -07:00
Kubernetes Prow Robot 61778b1fd9
Merge pull request #11845 from johngmyers/mark-deleted 
Retain deleted keypairs
 2021-06-27 10:11:24 -07:00
John Gardiner Myers 7dfe9d82ab hack/update-expected.sh 2021-06-27 08:45:06 -07:00
John Gardiner Myers e1df9f09dd Refactor service-account public keys 2021-06-27 08:45:06 -07:00
John Gardiner Myers fdf034058d hack/update-expected.sh 2021-06-27 08:45:05 -07:00
Kubernetes Prow Robot 22c11c10f1
Merge pull request #11848 from johngmyers/cilium-etcd-client 
Refactor etcd-client-cilium secrets
 2021-06-27 04:01:24 -07:00
Ciprian Hacman 348eed772a Avoid spurious changes for ASG InstanceProtection and LT InstanceMonitoring 2021-06-27 10:08:13 +03:00
Kubernetes Prow Robot 51daab932e
Merge pull request #11870 from hakman/ipv6_use_dualstack_nlb 
Use DualStack API NLB for IPv6
 2021-06-26 12:45:24 -07:00
Ciprian Hacman 7969f57d07 Address review comments 2021-06-26 21:27:00 +03:00
Ole Markus With dc79acb1bb Don't reconcile roles and policies if a profile is provided 2021-06-26 19:45:19 +02:00
Ciprian Hacman 7bc629b683 Use DualStack API NLB for IPv6 2021-06-26 19:16:46 +03:00
John Gardiner Myers 2faf28379a Refactor etcd-client-cilium secrets 2021-06-25 23:57:23 -07:00
John Gardiner Myers 89209df150 hack/update-expected.sh 2021-06-25 22:25:50 -07:00
John Gardiner Myers 1752f0f4db Move most of nodeup.Config out of userdata 2021-06-25 22:25:49 -07:00
John Gardiner Myers 24d1706848 Allow overriding the ServiceAccountIssuer for IRSA 2021-06-25 18:33:07 -07:00
Kubernetes Prow Robot e5185b2f46
Merge pull request #11867 from hakman/remove_addon_version 
Remove version from addons
 2021-06-25 14:12:47 -07:00
Ciprian Hacman d7f405f65a Decrease default values for net.ipv4.tcp_rmem and net.ipv4.tcp_wmem 2021-06-25 21:27:56 +03:00
Ciprian Hacman 2f3bad686a Remove version from addons 2021-06-25 19:25:01 +03:00
Kubernetes Prow Robot 89ad2bc453
Merge pull request #11810 from hakman/ipv6_disable_calico_awssrcdstcheck 
Enable cross-subnet mode with Calico by default
 2021-06-25 01:08:45 -07:00
Ciprian Hacman a12b3145ee Enable cross-subnet mode with Calico by default 2021-06-25 07:13:20 +03:00
John Gardiner Myers 584aa56b6b Retain deleted keypairs 2021-06-24 19:03:29 -07:00
Kubernetes Prow Robot 698a187a80
Merge pull request #11837 from johngmyers/weaken-signer 
Weaken some interfaces
 2021-06-23 09:46:11 -07:00
John Gardiner Myers 5687b0d5dc Weaken some interfaces 2021-06-21 23:11:47 -07:00
John Gardiner Myers 7dea5af9be hack/update-expected.sh 2021-06-21 19:37:24 -07:00
John Gardiner Myers a83bf7b20f Mark nodes NeedsUpdate when keys they use change 2021-06-21 19:37:23 -07:00
John Gardiner Myers 0ea81d7997 Write config as ManagedFile 2021-06-21 07:32:24 -07:00
Kubernetes Prow Robot 17c2edc3a1
Merge pull request #11811 from olemarkus/ebs-bump 
Add back createvolume to master + bump ebs driver
 2021-06-21 02:19:03 -07:00
Kubernetes Prow Robot eb7ba5e943
Merge pull request #9229 from johngmyers/version-fullcluster 
Put versioned API of cluster into state store
 2021-06-21 01:32:52 -07:00
Ole Markus With 79a2c111f2 Remove redundant permissions 2021-06-21 08:59:54 +02:00
Ole Markus With 14fb35d0d0 Bump EBS Driver to 1.1.0 2021-06-21 08:56:11 +02:00
Ole Markus With b3f274e140 Apply permissions to master role when irsa is not used 2021-06-21 08:56:11 +02:00
Kubernetes Prow Robot e4eff07c81
Merge pull request #11809 from johngmyers/rotate-5 
Include multiple cluster CAs in trust stores
 2021-06-20 13:20:51 -07:00
Ole Markus With 778323eec9 Add missing lbc permission 2021-06-19 20:03:40 +02:00
John Gardiner Myers 0700ef64a0 hack/update-expected.sh 2021-06-19 10:56:24 -07:00
John Gardiner Myers 0dee785ebf Pass multiple CA certs to kops-controller client 2021-06-19 10:50:53 -07:00
John Gardiner Myers 0458fa74e4 hack/update-expected.sh 2021-06-19 10:50:53 -07:00
John Gardiner Myers 820b0ea115 Pass lifecycle down to BootstrapScript 2021-06-19 10:50:53 -07:00
Ole Markus With b37bc7578e Reduce master policy size for lb controller 2021-06-19 10:12:22 +02:00
Kubernetes Prow Robot 135cdf3461
Merge pull request #11789 from johngmyers/seed-rng 
Seed the random number generator on AWS
 2021-06-18 08:48:06 -07:00
Ole Markus With 33a7de60a7 Enable IRSA for EBS CSI Driver 2021-06-18 08:05:59 +02:00
John Gardiner Myers b1e77af664 hack/update-expected.sh 2021-06-17 23:03:52 -07:00
John Gardiner Myers 42bf3ee85b Seed the random number generator on AWS 2021-06-17 22:59:43 -07:00
Ole Markus With 7b850555eb Don't add volume multiple times to a pod 2021-06-18 07:31:33 +02:00
Kubernetes Prow Robot 7ec956dd00
Merge pull request #11748 from olemarkus/irsa-cas 
Enable ability to use IRSA for cluster autoscaler
 2021-06-17 21:00:05 -07:00
Kubernetes Prow Robot 559b57ea4c
Merge pull request #11381 from dntosas/addons-add-npd 
[addons] Introduce NodeProblemDetector
 2021-06-17 00:58:19 -07:00
Kubernetes Prow Robot d35bce0ff8
Merge pull request #11764 from olemarkus/cilium-etcd-fix 
Don't try to build etcd-manager secrets for cilium twice
 2021-06-17 00:14:20 -07:00
John Gardiner Myers 53695fc183 Put versioned API of cluster into state store 2021-06-16 19:33:46 -07:00
dntosas 20124d3ba9
[addons] Introduce NodeProblemDetector 
Node Problem Detector aims to make various node problems visible to
the upstream layers in the cluster management stack. It is a daemon
that runs on each node, detects node problems and reports them to apiserver
so to avoid scheduling new pods on bad nodes and also easily identify
which are the problems on underlying nodes.

Project Home: https://github.com/kubernetes/node-problem-detector

Signed-off-by: dntosas <ntosas@gmail.com>
 2021-06-16 21:00:22 +03:00
Ole Markus With 6e8e027aff Enable IRSA for Cluster Autoscaler 2021-06-16 18:03:11 +02:00
Ole Markus With b2588b637b fix missing lifecycle when deleting iam roles 2021-06-16 13:59:19 +02:00
ederst fd2c7e87e0 Adapt tests for Openstack config drive option 2021-06-16 13:52:26 +02:00
ederst bb59f762a1 Add config drive option for Openstack instances 
This enables to use config drives instead of the metadata service as a
source for the user data (cloudinit).
 2021-06-16 13:32:50 +02:00
Kubernetes Prow Robot 84a730c9d6
Merge pull request #11678 from dntosas/safe-cilium 
[cni/cilium] Add support for additional config options
 2021-06-16 02:47:58 -07:00
dntosas 7bf65ff7ef
[cni/cilium] Add support for additional config options 
In this commit, we enable users define their setup with following
additional fields:

- DisableEndpointCRD
- EnableEndpointHealthChecking
- IdentityAllocationMode
- IdentityChangeGracePeriod
- BPFLBAlgorithm
- BPFLBMaglevTableSize
- BPFNATGlobalMax
- BPFNeighGlobalMax
- BPFPolicyMapMax
- EnableBPFMasquerade
- EnableL7Proxy

Added also validation tests to prevent conflicting value combinations to
reach actual cluster state.

Signed-off-by: dntosas <ntosas@gmail.com>
Co-authored-by: hwoarang <markos@chandras.me>
Signed-off-by: dntosas <ntosas@gmail.com>
 2021-06-16 09:35:42 +03:00
Ole Markus With f80b550c7a Use internal name for cilium etcd if we do not enable api server nodes 2021-06-16 08:27:26 +02:00
John Gardiner Myers 4fe25196d8 Trim unnecessary paths from worker node IAM 2021-06-15 21:03:13 -07:00
Kubernetes Prow Robot 847040de53
Merge pull request #11750 from olemarkus/containerd-per-ig 
Set containerd config on nodeup.Config instead of clusterspec
 2021-06-15 15:13:43 -07:00
Ole Markus With e7fa3fa82c Set containerd config on nodeup.Config instead of clusterspec 
This allows us to set a default containerd config per IG (e.g add a different config for GPU IGs)

Can also be considered a cleanup as we no longer use containerd.overrideConfig as a mechanism for bringing the default containerd config from cloudup to nodeup.
 2021-06-15 11:08:22 +02:00
John Gardiner Myers 2f71fb2cf4 Default the NodeCIDRMaskSize appropriately for IPv6 2021-06-14 20:43:09 -07:00
Kubernetes Prow Robot 0347d79a14
Merge pull request #11754 from johngmyers/ipv6-cilium 
Enable IPv6 support for Cilium
 2021-06-14 07:27:04 -07:00
Kubernetes Prow Robot 392b517fda
Merge pull request #11756 from johngmyers/pod-cidr 
Set default ClusterCIDR through the PodCIDR
 2021-06-14 02:37:04 -07:00
Kubernetes Prow Robot 9a5259c826
Merge pull request #11753 from johngmyers/cilium-masq 
Cilium: disable masquerade by default when in ENI IPAM mode
 2021-06-13 23:35:04 -07:00
John Gardiner Myers 51d0697dc3 Set default ClusterCIDR through the PodCIDR 2021-06-13 22:46:32 -07:00
John Gardiner Myers 74a44c2270 Don't restrict nodeup download to IPv4 2021-06-13 21:46:58 -07:00
John Gardiner Myers 0b7f6e3082 Remove dead code 2021-06-13 21:37:01 -07:00
John Gardiner Myers 3cf8234d01 Cilium: disable masquerade by default when in ENI IPAM mode 2021-06-13 21:36:56 -07:00
John Gardiner Myers c0b54d980d Enable IPv6 support for Cilium 2021-06-13 20:47:44 -07:00
Kubernetes Prow Robot 78d0089242
Merge pull request #11737 from johngmyers/ipv6-bindaddr 
Set BindAddress appropriately when in IPv6-only mode
 2021-06-13 12:23:02 -07:00
John Gardiner Myers fc9ec13bb7 Set BindAddress appropriately when in IPv6-only mode 2021-06-13 09:41:19 -07:00
Ciprian Hacman eb574a414c Don't set Subnet dependency on AmazonIPv6CIDR for shared VPCs 2021-06-13 12:25:42 +02:00
Kubernetes Prow Robot b71ba1d566
Merge pull request #11219 from johngmyers/refactor-keypair 
Refactor keypair code in preparation for secret rotation
 2021-06-12 14:25:00 -07:00
Kubernetes Prow Robot cfc93e5178
Merge pull request #9294 from johngmyers/refactor-nodeup-context 
Remove InstanceGroup from NodeupModelContext
 2021-06-12 13:43:01 -07:00
Kubernetes Prow Robot 92af7b88f4
Merge pull request #11523 from hakman/ipv6_cidr_subnet 
Calculate IPv6 subnet CIDR based on cluster CIDR
 2021-06-10 21:40:13 -07:00
Kubernetes Prow Robot 4005c209ff
Merge pull request #11604 from spotinst/feat-aws-nlb 
Spotinst: Support for API Load Balancer with AWS/NLB
 2021-06-10 04:29:28 -07:00
Matthew Wong b6266ce5f0 Run hack/update-expected.sh 2021-06-09 13:53:07 -07:00
Matthew Wong 4e9b45b324 Allow master to touch volumes tagged with kubernetes.io/cluster/<clusterName>:owned 2021-06-09 13:52:48 -07:00
Ciprian Hacman 99268697c0 Add Subnet dependency on VPCAmazonIPv6CIDRBlock 2021-06-09 09:57:53 +03:00
Ole Markus With 6582235312 Make AWS EBS CSI Driver default as of k8s 1.22 2021-06-08 22:29:16 +02:00
Ciprian Hacman 47bb825061 Generate AWSEBSCSIDriver model only when using AWS 2021-06-08 08:20:21 +03:00
John Gardiner Myers e0915887ed Move asset copying out of apply_cluster 2021-06-05 21:17:50 -07:00
John Gardiner Myers 3127dacc0c Expose all service-account keys through OIDC 2021-06-05 16:38:25 -07:00
John Gardiner Myers 1db6e318a1 hack/update-expected.sh 2021-06-03 21:30:06 -07:00
John Gardiner Myers b45c0b4489 Remove InstanceGroup from NodeupModelContext 2021-06-03 21:27:01 -07:00
John Gardiner Myers 91d81e5a1a hack/update-expected.sh 2021-06-03 21:26:51 -07:00
John Gardiner Myers 221f02b1af hack/update-expected.sh 2021-06-03 21:20:56 -07:00
John Gardiner Myers 59c8826b17 Move FileAssets into the NodeupAuxConfig 2021-06-03 21:20:55 -07:00
John Gardiner Myers 4bf9150ab6 hack/update-expected.sh 2021-06-03 21:20:43 -07:00