kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,683 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

1811 Commits

Author SHA1 Message Date
John Gardiner Myers 186aaf6d96 hack/update-expected.sh 2021-07-01 14:45:32 -07:00
John Gardiner Myers 7162a7473a Remove dead code 2021-07-01 13:58:51 -07:00
Kubernetes Prow Robot 19ffc06d3d
Merge pull request #11853 from johngmyers/override-issuer 
Allow overriding the ServiceAccountIssuer for IRSA
 2021-07-01 04:43:54 -07:00
Ole Markus With aad2912710 Add sets for the remaining addons 2021-07-01 10:37:57 +02:00
Ole Markus With df5b58b1b3 Add sets for the typical default role perms 2021-07-01 10:28:01 +02:00
Ole Markus With 37271998e1 Use sets for aws lbc permissions 2021-07-01 10:19:40 +02:00
Ole Markus With c7bd1c1529 Add s3 policies to integration tests 2021-07-01 09:26:58 +02:00
Ole Markus With 9885714957 Use NewPolicy for the non-master roles 2021-07-01 09:19:35 +02:00
Ole Markus With 19833e6b73 Use sets for ebscsidriver permissions 2021-07-01 09:02:04 +02:00
Ole Markus With d8bf4dcae1 NewPolicy function for instantiating policy struct 2021-07-01 08:39:43 +02:00
John Gardiner Myers 3de05a500e Refactor etcd-clients-ca keyset for api-server 2021-06-30 18:55:30 -07:00
Kubernetes Prow Robot ee048e89e7
Merge pull request #11872 from johngmyers/refactor-serviceaccount 
Refactor nodeup APIServer builder, part one
 2021-06-28 10:42:01 -07:00
Kubernetes Prow Robot 917c965c8f
Merge pull request #11873 from hakman/avoid_spurious_changes 
Avoid spurious changes for ASG InstanceProtection and LT InstanceMonitoring
 2021-06-27 19:59:24 -07:00
Kubernetes Prow Robot dd8d2d92d8
Merge pull request #11796 from johngmyers/fullcluster-managedfile 
Write config as ManagedFile
 2021-06-27 10:57:24 -07:00
Kubernetes Prow Robot 61778b1fd9
Merge pull request #11845 from johngmyers/mark-deleted 
Retain deleted keypairs
 2021-06-27 10:11:24 -07:00
John Gardiner Myers 7dfe9d82ab hack/update-expected.sh 2021-06-27 08:45:06 -07:00
John Gardiner Myers e1df9f09dd Refactor service-account public keys 2021-06-27 08:45:06 -07:00
John Gardiner Myers fdf034058d hack/update-expected.sh 2021-06-27 08:45:05 -07:00
Kubernetes Prow Robot 22c11c10f1
Merge pull request #11848 from johngmyers/cilium-etcd-client 
Refactor etcd-client-cilium secrets
 2021-06-27 04:01:24 -07:00
Ciprian Hacman 348eed772a Avoid spurious changes for ASG InstanceProtection and LT InstanceMonitoring 2021-06-27 10:08:13 +03:00
Kubernetes Prow Robot 51daab932e
Merge pull request #11870 from hakman/ipv6_use_dualstack_nlb 
Use DualStack API NLB for IPv6
 2021-06-26 12:45:24 -07:00
Ciprian Hacman 7969f57d07 Address review comments 2021-06-26 21:27:00 +03:00
Ole Markus With dc79acb1bb Don't reconcile roles and policies if a profile is provided 2021-06-26 19:45:19 +02:00
Ciprian Hacman 7bc629b683 Use DualStack API NLB for IPv6 2021-06-26 19:16:46 +03:00
John Gardiner Myers 2faf28379a Refactor etcd-client-cilium secrets 2021-06-25 23:57:23 -07:00
John Gardiner Myers 89209df150 hack/update-expected.sh 2021-06-25 22:25:50 -07:00
John Gardiner Myers 1752f0f4db Move most of nodeup.Config out of userdata 2021-06-25 22:25:49 -07:00
John Gardiner Myers 24d1706848 Allow overriding the ServiceAccountIssuer for IRSA 2021-06-25 18:33:07 -07:00
Kubernetes Prow Robot e5185b2f46
Merge pull request #11867 from hakman/remove_addon_version 
Remove version from addons
 2021-06-25 14:12:47 -07:00
Ciprian Hacman d7f405f65a Decrease default values for net.ipv4.tcp_rmem and net.ipv4.tcp_wmem 2021-06-25 21:27:56 +03:00
Ciprian Hacman 2f3bad686a Remove version from addons 2021-06-25 19:25:01 +03:00
Kubernetes Prow Robot 89ad2bc453
Merge pull request #11810 from hakman/ipv6_disable_calico_awssrcdstcheck 
Enable cross-subnet mode with Calico by default
 2021-06-25 01:08:45 -07:00
Ciprian Hacman a12b3145ee Enable cross-subnet mode with Calico by default 2021-06-25 07:13:20 +03:00
John Gardiner Myers 584aa56b6b Retain deleted keypairs 2021-06-24 19:03:29 -07:00
Kubernetes Prow Robot 698a187a80
Merge pull request #11837 from johngmyers/weaken-signer 
Weaken some interfaces
 2021-06-23 09:46:11 -07:00
John Gardiner Myers 5687b0d5dc Weaken some interfaces 2021-06-21 23:11:47 -07:00
John Gardiner Myers 7dea5af9be hack/update-expected.sh 2021-06-21 19:37:24 -07:00
John Gardiner Myers a83bf7b20f Mark nodes NeedsUpdate when keys they use change 2021-06-21 19:37:23 -07:00
John Gardiner Myers 0ea81d7997 Write config as ManagedFile 2021-06-21 07:32:24 -07:00
Kubernetes Prow Robot 17c2edc3a1
Merge pull request #11811 from olemarkus/ebs-bump 
Add back createvolume to master + bump ebs driver
 2021-06-21 02:19:03 -07:00
Kubernetes Prow Robot eb7ba5e943
Merge pull request #9229 from johngmyers/version-fullcluster 
Put versioned API of cluster into state store
 2021-06-21 01:32:52 -07:00
Ole Markus With 79a2c111f2 Remove redundant permissions 2021-06-21 08:59:54 +02:00
Ole Markus With 14fb35d0d0 Bump EBS Driver to 1.1.0 2021-06-21 08:56:11 +02:00
Ole Markus With b3f274e140 Apply permissions to master role when irsa is not used 2021-06-21 08:56:11 +02:00
Kubernetes Prow Robot e4eff07c81
Merge pull request #11809 from johngmyers/rotate-5 
Include multiple cluster CAs in trust stores
 2021-06-20 13:20:51 -07:00
Ole Markus With 778323eec9 Add missing lbc permission 2021-06-19 20:03:40 +02:00
John Gardiner Myers 0700ef64a0 hack/update-expected.sh 2021-06-19 10:56:24 -07:00
John Gardiner Myers 0dee785ebf Pass multiple CA certs to kops-controller client 2021-06-19 10:50:53 -07:00
John Gardiner Myers 0458fa74e4 hack/update-expected.sh 2021-06-19 10:50:53 -07:00
John Gardiner Myers 820b0ea115 Pass lifecycle down to BootstrapScript 2021-06-19 10:50:53 -07:00
Ole Markus With b37bc7578e Reduce master policy size for lb controller 2021-06-19 10:12:22 +02:00
Kubernetes Prow Robot 135cdf3461
Merge pull request #11789 from johngmyers/seed-rng 
Seed the random number generator on AWS
 2021-06-18 08:48:06 -07:00
Ole Markus With 33a7de60a7 Enable IRSA for EBS CSI Driver 2021-06-18 08:05:59 +02:00
John Gardiner Myers b1e77af664 hack/update-expected.sh 2021-06-17 23:03:52 -07:00
John Gardiner Myers 42bf3ee85b Seed the random number generator on AWS 2021-06-17 22:59:43 -07:00
Ole Markus With 7b850555eb Don't add volume multiple times to a pod 2021-06-18 07:31:33 +02:00
Kubernetes Prow Robot 7ec956dd00
Merge pull request #11748 from olemarkus/irsa-cas 
Enable ability to use IRSA for cluster autoscaler
 2021-06-17 21:00:05 -07:00
Kubernetes Prow Robot 559b57ea4c
Merge pull request #11381 from dntosas/addons-add-npd 
[addons] Introduce NodeProblemDetector
 2021-06-17 00:58:19 -07:00
Kubernetes Prow Robot d35bce0ff8
Merge pull request #11764 from olemarkus/cilium-etcd-fix 
Don't try to build etcd-manager secrets for cilium twice
 2021-06-17 00:14:20 -07:00
John Gardiner Myers 53695fc183 Put versioned API of cluster into state store 2021-06-16 19:33:46 -07:00
dntosas 20124d3ba9
[addons] Introduce NodeProblemDetector 
Node Problem Detector aims to make various node problems visible to
the upstream layers in the cluster management stack. It is a daemon
that runs on each node, detects node problems and reports them to apiserver
so to avoid scheduling new pods on bad nodes and also easily identify
which are the problems on underlying nodes.

Project Home: https://github.com/kubernetes/node-problem-detector

Signed-off-by: dntosas <ntosas@gmail.com>
 2021-06-16 21:00:22 +03:00
Ole Markus With 6e8e027aff Enable IRSA for Cluster Autoscaler 2021-06-16 18:03:11 +02:00
Ole Markus With b2588b637b fix missing lifecycle when deleting iam roles 2021-06-16 13:59:19 +02:00
ederst fd2c7e87e0 Adapt tests for Openstack config drive option 2021-06-16 13:52:26 +02:00
ederst bb59f762a1 Add config drive option for Openstack instances 
This enables to use config drives instead of the metadata service as a
source for the user data (cloudinit).
 2021-06-16 13:32:50 +02:00
Kubernetes Prow Robot 84a730c9d6
Merge pull request #11678 from dntosas/safe-cilium 
[cni/cilium] Add support for additional config options
 2021-06-16 02:47:58 -07:00
dntosas 7bf65ff7ef
[cni/cilium] Add support for additional config options 
In this commit, we enable users define their setup with following
additional fields:

- DisableEndpointCRD
- EnableEndpointHealthChecking
- IdentityAllocationMode
- IdentityChangeGracePeriod
- BPFLBAlgorithm
- BPFLBMaglevTableSize
- BPFNATGlobalMax
- BPFNeighGlobalMax
- BPFPolicyMapMax
- EnableBPFMasquerade
- EnableL7Proxy

Added also validation tests to prevent conflicting value combinations to
reach actual cluster state.

Signed-off-by: dntosas <ntosas@gmail.com>
Co-authored-by: hwoarang <markos@chandras.me>
Signed-off-by: dntosas <ntosas@gmail.com>
 2021-06-16 09:35:42 +03:00
Ole Markus With f80b550c7a Use internal name for cilium etcd if we do not enable api server nodes 2021-06-16 08:27:26 +02:00
John Gardiner Myers 4fe25196d8 Trim unnecessary paths from worker node IAM 2021-06-15 21:03:13 -07:00
Kubernetes Prow Robot 847040de53
Merge pull request #11750 from olemarkus/containerd-per-ig 
Set containerd config on nodeup.Config instead of clusterspec
 2021-06-15 15:13:43 -07:00
Ole Markus With e7fa3fa82c Set containerd config on nodeup.Config instead of clusterspec 
This allows us to set a default containerd config per IG (e.g add a different config for GPU IGs)

Can also be considered a cleanup as we no longer use containerd.overrideConfig as a mechanism for bringing the default containerd config from cloudup to nodeup.
 2021-06-15 11:08:22 +02:00
John Gardiner Myers 2f71fb2cf4 Default the NodeCIDRMaskSize appropriately for IPv6 2021-06-14 20:43:09 -07:00
Kubernetes Prow Robot 0347d79a14
Merge pull request #11754 from johngmyers/ipv6-cilium 
Enable IPv6 support for Cilium
 2021-06-14 07:27:04 -07:00
Kubernetes Prow Robot 392b517fda
Merge pull request #11756 from johngmyers/pod-cidr 
Set default ClusterCIDR through the PodCIDR
 2021-06-14 02:37:04 -07:00
Kubernetes Prow Robot 9a5259c826
Merge pull request #11753 from johngmyers/cilium-masq 
Cilium: disable masquerade by default when in ENI IPAM mode
 2021-06-13 23:35:04 -07:00
John Gardiner Myers 51d0697dc3 Set default ClusterCIDR through the PodCIDR 2021-06-13 22:46:32 -07:00
John Gardiner Myers 74a44c2270 Don't restrict nodeup download to IPv4 2021-06-13 21:46:58 -07:00
John Gardiner Myers 0b7f6e3082 Remove dead code 2021-06-13 21:37:01 -07:00
John Gardiner Myers 3cf8234d01 Cilium: disable masquerade by default when in ENI IPAM mode 2021-06-13 21:36:56 -07:00
John Gardiner Myers c0b54d980d Enable IPv6 support for Cilium 2021-06-13 20:47:44 -07:00
Kubernetes Prow Robot 78d0089242
Merge pull request #11737 from johngmyers/ipv6-bindaddr 
Set BindAddress appropriately when in IPv6-only mode
 2021-06-13 12:23:02 -07:00
John Gardiner Myers fc9ec13bb7 Set BindAddress appropriately when in IPv6-only mode 2021-06-13 09:41:19 -07:00
Ciprian Hacman eb574a414c Don't set Subnet dependency on AmazonIPv6CIDR for shared VPCs 2021-06-13 12:25:42 +02:00
Kubernetes Prow Robot b71ba1d566
Merge pull request #11219 from johngmyers/refactor-keypair 
Refactor keypair code in preparation for secret rotation
 2021-06-12 14:25:00 -07:00
Kubernetes Prow Robot cfc93e5178
Merge pull request #9294 from johngmyers/refactor-nodeup-context 
Remove InstanceGroup from NodeupModelContext
 2021-06-12 13:43:01 -07:00
Kubernetes Prow Robot 92af7b88f4
Merge pull request #11523 from hakman/ipv6_cidr_subnet 
Calculate IPv6 subnet CIDR based on cluster CIDR
 2021-06-10 21:40:13 -07:00
Kubernetes Prow Robot 4005c209ff
Merge pull request #11604 from spotinst/feat-aws-nlb 
Spotinst: Support for API Load Balancer with AWS/NLB
 2021-06-10 04:29:28 -07:00
Matthew Wong b6266ce5f0 Run hack/update-expected.sh 2021-06-09 13:53:07 -07:00
Matthew Wong 4e9b45b324 Allow master to touch volumes tagged with kubernetes.io/cluster/<clusterName>:owned 2021-06-09 13:52:48 -07:00
Ciprian Hacman 99268697c0 Add Subnet dependency on VPCAmazonIPv6CIDRBlock 2021-06-09 09:57:53 +03:00
Ole Markus With 6582235312 Make AWS EBS CSI Driver default as of k8s 1.22 2021-06-08 22:29:16 +02:00
Ciprian Hacman 47bb825061 Generate AWSEBSCSIDriver model only when using AWS 2021-06-08 08:20:21 +03:00
John Gardiner Myers e0915887ed Move asset copying out of apply_cluster 2021-06-05 21:17:50 -07:00
John Gardiner Myers 3127dacc0c Expose all service-account keys through OIDC 2021-06-05 16:38:25 -07:00
John Gardiner Myers 1db6e318a1 hack/update-expected.sh 2021-06-03 21:30:06 -07:00
John Gardiner Myers b45c0b4489 Remove InstanceGroup from NodeupModelContext 2021-06-03 21:27:01 -07:00
John Gardiner Myers 91d81e5a1a hack/update-expected.sh 2021-06-03 21:26:51 -07:00
John Gardiner Myers 221f02b1af hack/update-expected.sh 2021-06-03 21:20:56 -07:00
John Gardiner Myers 59c8826b17 Move FileAssets into the NodeupAuxConfig 2021-06-03 21:20:55 -07:00
John Gardiner Myers 4bf9150ab6 hack/update-expected.sh 2021-06-03 21:20:43 -07:00
John Gardiner Myers 06658c9d13 Move Hooks into the NodeupAuxConfig 2021-06-03 21:09:45 -07:00
John Gardiner Myers c3c1aca3c1 Include AuxConfig output in TestBootstrapUserData 2021-06-03 21:09:45 -07:00
John Gardiner Myers 9cba5e345d hack/update-expected.sh 2021-06-03 21:09:15 -07:00
John Gardiner Myers eb09d31a3c Pass AuxConfig to nodeup 2021-06-03 21:04:21 -07:00
John Gardiner Myers 1d44ee3116 hack/update-expected.sh 2021-06-03 20:41:05 -07:00
John Gardiner Myers 2e1629c610 Introduce nodeup.AuxConfig 2021-06-03 20:37:22 -07:00
Kubernetes Prow Robot 874d476cc4
Merge pull request #11673 from johngmyers/simplify-lifecycle 
Make Lifecycle field non-pointer
 2021-06-03 18:41:26 -07:00
Ole Markus With c7dc807fb4
Update pkg/model/issuerdiscovery.go 
Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2021-06-03 15:49:06 +02:00
Ole Markus With 736b9d6856 Drop trailing slash from oidc issuer 2021-06-03 15:07:55 +02:00
John Gardiner Myers fc4f0888ac hack/update-expected.sh 2021-06-02 23:02:17 -07:00
John Gardiner Myers 7c9e7e9286 Make Lifecycle field non-pointer 2021-06-02 23:02:16 -07:00
Kubernetes Prow Robot 5da2d526a0
Merge pull request #11665 from johngmyers/droplet-lifecycle 
Set lifecycle on Droplet task
 2021-06-01 23:04:32 -07:00
Peter Rifel efef53cb2a
Add more lifecycles to HasLifecycle tasks 2021-06-01 23:08:49 -05:00
John Gardiner Myers 2badc381c4 Set lifecycle on Droplet task 2021-06-01 20:43:02 -07:00
Kubernetes Prow Robot 3c4b6068b9
Merge pull request #11649 from h3poteto/fix-jwks-location 
Fix jwks object path in S3 for IRSA
 2021-06-01 08:26:27 -07:00
AkiraFukushima d52ec60c02
Fix issuer and jwks object path for IRSA 2021-06-01 23:35:21 +09:00
Kubernetes Prow Robot 91d8ffeea5
Merge pull request #11592 from srikiz/DO-Use-Interfaces 
[Digital Ocean] Code cleanup with no functional modifications
 2021-06-01 07:18:27 -07:00
Kubernetes Prow Robot 373c37d948
Merge pull request #11659 from olemarkus/cilium-1-10-default 
Bump default cilium to 1.10
 2021-06-01 01:06:27 -07:00
Ole Markus With 553fdd5840 Bump default cilium to 1.10 2021-06-01 08:12:20 +02:00
Kubernetes Prow Robot dfbac2d5c7
Merge pull request #11645 from johngmyers/fix-protokube-iam 
Protokube needs dns-controller IAM permissions
 2021-05-31 14:48:28 -07:00
John Gardiner Myers 43d8d97e7c Set lifecycle in GCE APILoadBalancerBuilder 2021-05-31 10:39:34 -07:00
John Gardiner Myers 7d4a8f6fa7 hack/update-expected.sh 2021-05-31 10:39:34 -07:00
John Gardiner Myers c8abc19bb5 Set Lifecycle in ServerGroupModelBuilder 2021-05-31 10:39:33 -07:00
John Gardiner Myers 2b146d31d6 Set Lifecycle in APILoadBalancerBuilder 2021-05-31 10:39:33 -07:00
John Gardiner Myers 64dac12216 Set Lifecycle in AutoscalingGroupModelBuilder 2021-05-31 10:39:33 -07:00
John Gardiner Myers a99ce3241a Set Lifecycle in PKIModelBuilder 2021-05-31 10:39:33 -07:00
John Gardiner Myers 0a48b9050f Protokube needs dns-controller IAM permissions 2021-05-31 06:58:59 -07:00
John Gardiner Myers b82b129a54 Remove fallback support for legacy IAM 2021-05-30 16:52:42 -07:00
John Gardiner Myers 024b3653c0 Set lifecycle on WarmPool task 2021-05-28 20:05:44 -07:00
srikiz b5154bb360 Fix upup cloud.go dependencies based on the new interface spec, also update protokube 2021-05-28 22:37:47 +05:30
srikiz 4cecc64f67 Move cloud.do from pkg/resources/digitalocean/ckoud.go to upup/pkg/fi/cloudup/do directory 2021-05-28 02:17:55 +05:30
Ciprian Hacman 3b80de3bcc Convert all indents to spaces in node bootstrap script 2021-05-27 11:21:52 +03:00
liranp 1d97fbd78c
feat(spot): support for api load balancer with aws/nlb 2021-05-26 03:35:37 +03:00
Ole Markus With 2d643fff11 Don't set the master address for aws ccm 
Use the kubernetes.default service for now. Ideally we would not rely on this as this in turn relies on CNI. But fixing this means also fixing PKI, so we have to revisit this later
 2021-05-23 22:24:31 +02:00
Kubernetes Prow Robot 5e720e940d
Merge pull request #11571 from olemarkus/snapshot-tighten-deletion 
Only allow deletion of snapshots owned by the cluster
 2021-05-23 07:45:38 -07:00
Ole Markus With 0004bcec77 Only allow deletion of snapshots owned by the cluster 2021-05-23 08:13:10 +02:00
Ole Markus With 3d90769e1c Set flags on AWS CCM mimicking KCM 2021-05-22 14:15:53 +02:00
Ole Markus With 1868313497 Add snapshot-controller 2021-05-22 09:19:35 +02:00
Ole Markus With 5869d4e6d4 Bump default cilium to 1.9.7 2021-05-21 18:54:03 +02:00
Ole Markus With 46e13c0009 Bump snapshot-controller version 
Update upup/models/cloudup/resources/addons/storage-aws.addons.k8s.io/v1.15.0.yaml.template

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>

Update upup/models/cloudup/resources/addons/storage-aws.addons.k8s.io/v1.15.0.yaml.template

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2021-05-21 15:40:40 +02:00
Alexander Block bb52334222 Make the events etcd cluster optional 2021-05-20 08:05:42 +02:00
Kubernetes Prow Robot 4a5d04d94f
Merge pull request #11497 from johngmyers/cleanup-iam 
Cleanup orphaned IAM service account roles in direct render
 2021-05-19 18:35:05 -07:00
Kubernetes Prow Robot 12b98196aa
Merge pull request #11535 from hakman/containerd-1.4.6 
Update containerd to v1.4.6
 2021-05-19 12:00:51 -07:00
Kubernetes Prow Robot da6eee03b0
Merge pull request #11531 from mitch000001/openstack-configurable-server-group-affinity 
feat(openstack): enable configuration of servergroup affinities
 2021-05-19 11:10:50 -07:00
Ciprian Hacman 6e6a224f9d Update containerd to v1.4.6 2021-05-19 20:27:28 +03:00
John Gardiner Myers 65711d05c0 hack/update-expected.sh 2021-05-19 08:02:10 -07:00
John Gardiner Myers 602d1be0ba Don't download nodeup if already in the AMI 2021-05-19 07:57:16 -07:00
Michael Wagner e4a2a5b86c feat(openstack): enable configuration of servergroup affinities 
This enables us to change the ServerGroup affinity policies using
annotations on instance groups.

The default affinity policy still is "anti-affinity".
 2021-05-19 13:11:08 +02:00
John Gardiner Myers fbd7663606 hack/update-expected.sh 2021-05-18 21:49:39 -07:00
John Gardiner Myers e2b84efd11 Remove dead code in bootstrap script 2021-05-18 21:46:31 -07:00
Ciprian Hacman cedbe1f360 Add initial support for configuring IPv6 with AWS 2021-05-19 06:21:07 +03:00
Ole Markus With d3581ebb84 bump aws lb controller to 2.2.0 2021-05-16 18:26:23 +02:00
John Gardiner Myers 4baf2cbdcf Delete IAM roles no longer in the model 2021-05-15 12:03:23 -07:00
Kubernetes Prow Robot 06151727aa
Merge pull request #11470 from rifelpet/oidc-gossip 
Use kubernetes.default for OIDC discovery in gossip clusters
 2021-05-12 16:04:25 -07:00
Peter Rifel 9165309032
Use kubernetes.default for OIDC discovery in gossip clusters 
It doesn't make sense to use a gossip hostname as the discovery url because it wont be resolveable.
For gossip clusters that dont provide a public VFS store, we can at least use kubernetes.default for internal oidc usage.
 2021-05-12 14:18:53 -05:00
Kubernetes Prow Robot 1144c1b559
Merge pull request #11461 from johngmyers/refactor-lt-2 
Simplify buildLaunchTemplateTask() part two
 2021-05-12 08:32:16 -07:00
Kubernetes Prow Robot 31d32cdc88
Merge pull request #11462 from olemarkus/cas-1-21 
Add support for CAS 1.21.0
 2021-05-12 02:07:38 -07:00
Ole Markus With 103e3f3b7e Add support for CAS 1.21.0 2021-05-12 08:10:36 +02:00
John Gardiner Myers 0c1f9f4772 Refactor LaunchTemplate.SecurityGroups 2021-05-11 14:48:00 -07:00
John Gardiner Myers 5d3af39311 Refactor LaunchTemplate.UserData 2021-05-11 14:48:00 -07:00
John Gardiner Myers 4a5e46922f Refactor LaunchTemplate.Tenancy 2021-05-11 14:48:00 -07:00
John Gardiner Myers 4d9018282c Refactor LaunchTemplate.SSHKey 2021-05-11 14:48:00 -07:00
John Gardiner Myers b0bcf40921 Refactor LaunchTemplate.RootVolumeEncryptionKey 2021-05-11 14:48:00 -07:00
John Gardiner Myers 945e56294f Refactor LaunchTemplate.RootVolumeEncryption 2021-05-11 14:48:00 -07:00
John Gardiner Myers 1a39c9060e Refactor LaunchTemplate.RootVolumeSize 2021-05-11 14:48:00 -07:00
John Gardiner Myers 3097a3a746 Refactor LaunchTemplate.RootVolumeOptimization 2021-05-11 14:48:00 -07:00
John Gardiner Myers 436dbe8435 Refactor LaunchTemplate.RootVolumeIops 2021-05-11 14:47:57 -07:00
John Gardiner Myers 01a55812ac Refactor LaunchTemplate.RootVolumeType 2021-05-11 13:38:20 -07:00
John Gardiner Myers a4898c9d7d Refactor LaunchTemplate.InstanceType 2021-05-10 23:22:41 -07:00
John Gardiner Myers d2adf498f6 Refactor LaunchTemplate.InstanceMonitoring 2021-05-10 23:12:21 -07:00
John Gardiner Myers a1db8f1e82 Refactor LaunchTemplate.InstanceInterruptionBehavior 2021-05-10 23:11:17 -07:00
John Gardiner Myers d0793bd6ed Refactor LaunchTemplate.ImageID 2021-05-10 23:08:21 -07:00
John Gardiner Myers bfd8034cce Refactor LaunchTemplate.IAMInstanceProfile 2021-05-10 23:08:21 -07:00
John Gardiner Myers 07aa346e68 Refactor LaunchTemplate.HTTPTokens 2021-05-10 23:08:20 -07:00
John Gardiner Myers 98502cd0b2 Refactor LaunchTemplate.HTTPPutResponseHopLimit 2021-05-10 23:08:16 -07:00
John Gardiner Myers 33590eb617 Refactor LaunchTemplate.CPUCredits 2021-05-10 23:07:24 -07:00
John Gardiner Myers 0557414111 Refactor LaunchTemplate.BlockDeviceMappings 2021-05-10 22:51:00 -07:00
John Gardiner Myers 4657cb94d6 Refactor LaunchTemplate.AssociatePublicIP 2021-05-10 22:47:48 -07:00
Kubernetes Prow Robot 7db45cb5fa
Merge pull request #11418 from dntosas/aws-csi-ga-release 
[addons/awscsidriver] Bump to GA release
 2021-05-08 02:46:47 -07:00
dntosas f8ece50a96
[addons/awscsidriver] Bump to GA release 
Bump version and manifests of AWS EBS CSI Driver to the first GA
release.

Signed-off-by: dntosas <ntosas@gmail.com>
 2021-05-08 11:47:43 +03:00
John Gardiner Myers 36f93d0069 hack/update-expected.sh 2021-05-07 23:40:03 -07:00
John Gardiner Myers d3469d6ec2 Remove code for no-longer-supported k8s versions 2021-05-07 23:40:03 -07:00
Ciprian Hacman 305e4bbe99 Use etcd-backup built from etcdadm repo 2021-05-08 07:11:21 +03:00
Justin SB c1dd7e7698 Use etcd-manager built from etcdadm repo 
We can now use etcd-manager as built from the kubernetes-sigs/etcdadm
repo.
 2021-05-08 07:11:21 +03:00
John Gardiner Myers 3aa8d40052 Release 1.22.0-alpha.1 2021-05-07 13:45:35 -07:00
Kubernetes Prow Robot f0307cdcc9
Merge pull request #11393 from olemarkus/fix-lb-controller-nlb-permissions 
Add elasticloadbalancing:ModifyTargetGroupAttributes to aws lb controller
 2021-05-07 03:57:03 -07:00
John Gardiner Myers 8bac63f951 Don't publish OIDC discovery if DiscoveryStore not set 2021-05-06 13:35:57 -07:00
John Gardiner Myers 8823f30ad7 Recognize the ServiceAccountIssuerDiscovery featue gate 2021-05-06 08:57:37 -07:00
Ole Markus With cd9ddd6716 Add elasticloadbalancing:ModifyTargetGroupAttributes to aws lb controller 2021-05-06 15:27:39 +02:00
Kubernetes Prow Robot a04d787d81
Merge pull request #11392 from olemarkus/guard-sa-remap 
Don't add IRSA env vars if feature flag is not enabled
 2021-05-06 03:57:16 -07:00
Ole Markus With 5d4f6e6dee Don't add IRSA env vars if feature flag is not enabled 2021-05-06 11:18:07 +02:00
John Gardiner Myers d21cb0f306 Use consistent ServiceAccountJWKSURI default for PublicJWKS 2021-05-06 00:15:15 -07:00
Ole Markus With aadcd9d448 Add more support for cilium 1.10 2021-05-03 16:10:56 +02:00
Kubernetes Prow Robot b054fb37b7
Merge pull request #11016 from olemarkus/irsa-custom 
user-configurable IAM roles for ServiceAccounts
 2021-05-02 11:16:01 -07:00
Ciprian Hacman 689b76d0ff Mark control-plane node for update when etcd manager config changes 2021-05-02 08:50:42 +03:00
Ole Markus With 6f8b3647cf Add support for IRSA in he api 
Apply suggestions from code review

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-05-01 16:03:42 +02:00
Ciprian Hacman d64cfba365 Mark control-plane node for update when etcd volume size changes 
etcd-manager expands the data volume on restart to the max available.
 2021-05-01 12:06:22 +03:00
Ole Markus With 5ca7c9b5d7 Use VFS as service account issuer if configured 
Also add an integration test that uses VFS
 2021-04-30 21:02:30 +02:00
Ole Markus With 460586833b Add toggle for AWS OIDC provider. Free it from any feature flag 2021-04-30 19:19:06 +02:00
Ole Markus With 25b5f0cfb2 Move publicDataStore to serviceAccountIssuerDiscovery.discoveryStore 2021-04-30 19:19:06 +02:00