36cf282870
Merge pull request #8752 from johngmyers/missing-priority
...
Add missing priorityClassName to addons
2020-03-18 17:54:43 -07:00
526fd98afa
feature(spotinst): upgrade controller (v1.0.57)
2020-03-18 18:48:37 +02:00
eb2c9e336c
Update Weave Net to version 2.6.2
2020-03-17 19:44:20 +02:00
09df6ac844
Remove unreferenced template
2020-03-15 13:51:14 -07:00
63ccaa14d6
Add missing priorityClassName to addons
2020-03-15 13:51:10 -07:00
b3fbb494c6
Fix template for kube-router v0.4.0
2020-03-15 17:38:59 +02:00
88600407f4
Merge pull request #8629 from olemarkus/cilium-etcd-operator
...
Add option to use etcd managed by cilium-etcd-operator as kvstore
2020-03-14 17:18:34 -07:00
0c27aa3ce8
Update upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.12.yaml.template
...
Co-Authored-By: John Gardiner Myers <jgmyers@proofpoint.com>
2020-03-14 21:44:44 +01:00
450fad6e4c
Fixes the prom to sd params in metadata-proxy
2020-03-14 12:18:05 -07:00
bd6a54958f
Fix addon manifest version for metadata-proxy
2020-03-14 12:18:05 -07:00
b52e322159
Adds metadata concealment addon for GCE node
2020-03-14 12:18:05 -07:00
12ce5f0e9c
Node metadata-concealment in GCE, first pass
2020-03-14 12:18:05 -07:00
7d030ae459
Merge pull request #8742 from hakman/kube-router-0.4.0-2
...
Fix template for kube-router v0.4.0
2020-03-14 10:42:35 -07:00
ae51a5b138
Merge pull request #8582 from joshbranham/feature/better-default-storageclass
...
Create New Default StorageClass: kops-ssd-1-17
2020-03-14 08:46:35 -07:00
163c11fc6c
Fix template for kube-router v0.4.0
2020-03-14 17:23:12 +02:00
a98666d05a
Set kube-proxy-replacement to partial
...
Fully relying on kube-proxy breaks network policies.
Setting kube-proxy-replacement to partial instead of disabled makes
cilium behave as in 1.6.
2020-03-14 08:38:41 +01:00
e5ecce6edb
Remove conditional with only comments
2020-03-13 20:17:42 +01:00
2274045924
Add option to use etcd managed by cilium-etcd-operator as kvstore
2020-03-13 20:17:42 +01:00
84648dce4a
Update kube-router to v0.4.0
2020-03-13 17:54:32 +02:00
e902c45a08
Merge pull request #8697 from UnderMyBed/kuberouter-1.16-fix
...
Fix kuberouter for k8s 1.16+
2020-03-12 11:12:38 -07:00
26fb6d030b
fix kuberouter for k8s 1.16
...
Starting in k8s 1.16 the kublet requires that cniVersion is set in the cni config
2020-03-12 10:27:08 -07:00
a999b3ea61
fix OWNERS labels format
...
These need to be lists
2020-03-10 22:47:50 -05:00
e92e70c7d0
When nodeport is enabled, use strict kube-proxy-replacement to ensure cilium fully replaces kube-proxy
2020-03-10 18:05:44 +01:00
db435ee7cd
Merge pull request #8717 from rifelpet/owners-labels
...
Add labels to OWNERS files
2020-03-10 08:23:51 -07:00
237a125f2c
Add labels to OWNERS files
...
This will automatically label PRs that touch these directories.
This makes it easier to query GitHub for PRs that affect certain areas of the code.
I mostly used existing labels but created some new ones as well.
2020-03-10 08:35:58 -05:00
c304d221a6
Bump Cilium to 1.7.1 for k8s 1.12+
2020-03-10 11:05:12 +00:00
689be235e5
Update Weave Net to version 2.6.1
2020-03-06 20:40:23 +02:00
07ffaaefc3
Add env var config
2020-03-05 16:51:03 -05:00
70f4429622
Revert "Update AWS IAM Authenticator to 0.5.0"
...
This reverts commit 03ccbfeb99
2020-03-04 07:38:42 -06:00
318e9a1441
Revert "Switch AWS IAM Authenticator to use non-scratch image"
...
This reverts commit 79027c18d4
2020-03-04 07:38:30 -06:00
f218f0bd7a
Update Calico and Canal to v3.12.0
2020-02-27 04:03:42 +02:00
e07f84708e
Merge pull request #8276 from rifelpet/aws-vpc-cni-env-vars
...
Add support for custom env vars in amazon-vpc-cni
2020-02-26 15:07:20 -08:00
555d82b58c
Update coredns to 1.6.7
2020-02-21 09:16:00 +01:00
84837a81a4
Fix typo in the cilium default version
2020-02-20 08:07:07 +01:00
9f033f8e99
Set kops-ssd-1-17 class name
2020-02-19 12:43:09 -05:00
67d377c49f
Update expected
2020-02-19 12:42:54 -05:00
d0d833144d
Bump Cilium to 1.7 for k8s 1.12+
...
Cilium 1.7 requires K8s 1.12 minimum. Changed the templates so that we
can have different cilium versions for different k8s versions.
This also mean that this addon will behave similar to other addons wrt
upgrades. Cilium used to add a fixed version to the cluster spec on cluster creation so
upgrades were slightly more manual. Now, for new clusters, upgrades will
happen implicitly with kops updates unless the .Version is added
manually to the cluster spec.
2020-02-19 18:26:07 +01:00
ced8f00201
Add option to use ENI as IPAM mode for Cilium
...
* Force cilium-operator run on master nodes
* Add option for setting cilium ipam mode
* If cilium ipam mode is eni, add additional permissions to master nodes
* Allow NonMasqueradeCIDR overlap with NetworkCIDR when Cilium ENI is enabled
2020-02-16 19:11:01 +01:00
721ed47e9d
Merge pull request #8555 from rifelpet/aws-iam-authenticator-scratch
...
Switch AWS IAM Authenticator to use non-scratch image
2020-02-13 20:10:17 -08:00
cd34cf41c5
Switch AWS IAM Authenticator to use non-scratch image
...
The authenticator binary uses glog which requires write access to the filesystem under /tmp
On the scratch image /tmp doesnt exist which caused a crash loop:
```
time="2020-02-14T02:06:00Z" level=info msg="creating event broadcaster"
time="2020-02-14T02:06:00Z" level=info msg="setting up event handlers"
W0214 02:06:00.358119 1 client_config.go:539] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
log: exiting because of error: log: cannot create log: open /tmp/aws-iam-authenticator.ip-X-X-X-X.aws-iam-authenticator.log.WARNING.20200214-020600.1: no such file or directory
```
Switching to debian-stretch fixed the issue although it could really be any of the other images in the release [0]
[0] https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/tag/v0.5.0
2020-02-13 20:29:49 -06:00
91867ce4b5
Merge pull request #8220 from olemarkus/cilium-nodeport
...
Cilium nodeport
2020-02-13 09:18:36 -08:00
d5f96d7204
Update amazon-vpc-cni-k8s to v1.6.0
2020-02-13 10:32:51 +02:00
5ea96fa6a0
Add events RBAC permissions to kops-controller
...
I noticed in our new kops-controller logs that there is a permission denied error at startup.
Apparently part of the leader election process involves creating and watching for events off of the kops-controller-leader configmap.
This will add the necessary permissions to silence this error.
https://storage.googleapis.com/kubernetes-jenkins/logs/ci-kubernetes-e2e-kops-aws/1227728236914413570/artifacts/ip-172-20-46-137.ap-northeast-2.compute.internal/kops-controller-6k9sz.log
2020-02-12 18:34:38 -06:00
eee672f293
Fixes some issues with running Cilium nodeport
...
* Cilium need to talk to the internal cluster API on public IPs instead of the internal service
* Tell people explicitly they have to disable kubeproxy so it won't conflict with nodeport
2020-02-11 10:14:59 +01:00
4606e8ee79
Merge pull request #8423 from rifelpet/aws-authenticator-update
...
Update AWS IAM Authenticator to 0.5.0
2020-02-10 20:12:00 -08:00
0440876f31
Merge pull request #8497 from johngmyers/runasnonroot
...
Mark dns-controller and kops-controller as non-root
2020-02-10 18:48:00 -08:00
e506f1b356
Add support for custom environment variables to amazonvpc daemonset
2020-02-10 16:51:47 -06:00
f6b6f277d9
Revert "Merge pull request #8452 from maruina/coredns-1.6.7"
...
This reverts commit 4a9fbdca9c48eb069e61
2020-02-06 23:34:20 +00:00
7fa990c86a
Mark dns-controller and kops-controller as non-root
2020-02-06 12:12:11 -08:00
4f2cddaa8b
Merge pull request #8433 from olemarkus/cilium-prometheus
...
Make it possible to enable Prometheus metrics for Cilium
2020-02-06 10:17:24 -08:00
9b9615bf53
Release 1.18.0-alpha.2
2020-02-05 21:58:08 -05:00
0cb35638f2
Stop logging to /var/log/kops-controller.log
...
Writing to a hostPath from a non-root container requires file
ownership changes, which is difficult to roll out today. See
discussion in #8454
We were primarily using the logfile for e2e diagnostics, so we're
going to look into collecting the information via other means instead.
We also haven't yet shipped this logfile in a released version (though
we have shipped it in beta releases)
2020-02-04 06:41:25 -05:00
eed15b471a
Make it possible to enable Prometheus metrics for Cilium
2020-02-03 19:11:34 +01:00
051ceeea70
Merge pull request #8445 from daviddyball/master
...
Cilium - Add missing Identity Allocation Mode to Operator Template
2020-02-03 09:11:21 -08:00
4a9fbdca9c
Merge pull request #8452 from maruina/coredns-1.6.7
...
Update coredns to 1.6.7
2020-01-31 14:37:21 -08:00
4416b24ee8
Release 1.18.0-alpha.1
2020-01-31 08:22:33 -05:00
cc15043dca
Update coredns to 1.6.7
2020-01-31 10:59:48 +01:00
cd470b1487
Cilium - Add missing Identity Allocation Mode to Operator Template
2020-01-30 14:33:08 +00:00
32e6a6b534
Update AWS IAM Authenticator to 0.5.0
...
I merged changes from these manifests:
https://github.com/kubernetes-sigs/aws-iam-authenticator/blob/v0.5.0/deploy/example.yaml
https://github.com/kubernetes-sigs/aws-iam-authenticator/blob/v0.5.0/deploy/iamidentitymapping.yaml
The new version supports replacing the configmap with a IAMIdentityMapping custom resource, but the --backend-mode command argument isnt yet exposed through the kops API, so it will still only use configmaps.
We can expose a BackendMode API field in a followup PR.
2020-01-30 07:09:07 -06:00
9f3e31c73b
Merge branch 'master' into critical-pod
...
Conflicts:
upup/pkg/fi/cloudup/bootstrapchannelbuilder.go
upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc/manifest.yaml
upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml
upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/manifest.yaml
upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/weave/manifest.yaml
2020-01-29 09:15:56 -08:00
0c2c2e2e1f
Merge pull request #8318 from johngmyers/trim-addons
...
Remove addons only applicable to unsupported versions of Kubernetes
2020-01-27 00:19:02 -08:00
1860e409d1
Merge pull request #8333 from gjtempleton/CoreDNS-1.6.6
...
CoreDNS default image bump to 1.6.6 to resolve CVE
2020-01-26 23:39:02 -08:00
d15971e240
Remove tmp volume as well as mount
2020-01-24 15:56:13 +00:00
38aafc7cdc
Add missing priorityClassName for critical pods
2020-01-21 21:03:07 -08:00
5a5508aa37
Add Cilium.EnablePolicy back into templates
...
This may have dropped out when we bumped Cilium to 1.6
It is possible to set this value in the cluster spec, but it isn't used anywhere
2020-01-21 08:11:04 +01:00
f1727a5c1b
Fix issues with older versions of k8s for basic clusters
2020-01-19 16:40:36 +02:00
5907f97c90
Merge branch 'master' into trim-addons
...
Conflicts:
upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/manifest.yaml
upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/weave/manifest.yaml
2020-01-17 22:17:15 -08:00
a49ce910a8
Merge pull request #8265 from ReillyProcentive/WeaveNpcExtraArgs
...
Add support for weave.npcExtraArgs
2020-01-16 15:06:32 -08:00
f5ce3f674b
Change description of NPCExtraArgs in response to PR Feedback. Drop support for K8S 1.7
2020-01-15 15:06:03 -06:00
a2473156ae
Rename NpcExtraArgs to NPCExtraArgs, fix manifest tests
2020-01-14 17:31:19 -06:00
b4bfdcbfac
CoreDNS default image bump to 1.6.6
...
Also updates the default corefile config to make use of the new lameduck functionality for healthcheck
2020-01-14 14:23:10 +00:00
6b1a131528
Remove addons only applicable to unsupported versions of Kubernetes
2020-01-11 21:23:58 -08:00
ae245a497e
Remove kops-controller deployment
...
The migration was first made in 1.16.0-alpha.1, so that means 2 releases have been out that set the replicas to zero.
This removal negatively impacts anyone that created a cluster from kops HEAD between 1.15.0 and 1.16.0-alpha.1, and then upgraded kops directly to the 1.16.0 release that includes this commit, without having first upgraded to either of the alphas.
That seems like a reasonably small enough audience that this is safe to remove now.
Perhaps we mention in the release notes that anyone using HEAD or one of the alpha releases needs to `kubectl delete -n kube-system deployment kops-controller`
2020-01-10 10:13:31 -06:00
36993f5b74
Fix unit name for memory request for weave
2020-01-10 07:34:25 +02:00
e0fa147b15
Enable host logging for kops-controller
...
This makes it easier to get the kops-controller logs from e2e tests since it they only dump log files from systemd services and /var/log files [0]
[0] ec0fe6bd36/kubetest/dump.go (L50-L74)
2020-01-07 11:00:41 -06:00
cd9e01cb03
Merge pull request #8274 from rifelpet/aws-vpc-cni-cluster-name
...
Set CLUSTER_NAME env var on amazon-vpc-cni pods
2020-01-06 10:40:16 -08:00
af9c0d0387
Set CLUSTER_NAME env var on amazon-vpc-cni pods
...
This will tag ENIs with `cluster.k8s.amazonaws.com/name`
2020-01-05 13:37:18 -06:00
3e5b211bcd
Add support for weave.npcExtraArgs
2020-01-03 21:28:37 -06:00
2b24f69f9c
Merge pull request #8216 from mmerrill3/feature/issue-8113-weave-resources
...
Adding ability to configure resources for weave (#8113 )
2020-01-03 06:43:40 -08:00
b38bafe79d
Adding ability to configure resources for weave ( #8113 )
...
Signed-off-by: mmerrill3 <michael.merrill@vonage.com>
2019-12-28 18:07:11 -05:00
423233c6a4
Merge pull request #8131 from rochacon/cniless-dns-controller
...
dns-controller: allow it to run on CNI networking mode and remove dependency on kube-proxy
2019-12-27 21:43:38 -08:00
e558059ca9
Merge pull request #7898 from bboreham/weave-2-6-0
...
Update Weave Net to version 2.6.0
2019-12-26 12:33:38 -08:00
0c1d22043e
feature(ocean): upgrade controller (v1.0.50)
2019-12-19 11:02:19 +02:00
e449467543
dns-controller: tolerate lack of CNI on master
...
When booting a cluster with `--networking=cni`, `dns-controller` will
not start due to the master node being _tainted_ as "network unreachable".
This adds an extra step when managing your own CNI setup, having to SSH
into a master and publish the CNI manifests from there.
This commit adds tolerance and configuration that allows `dns-controller`
pod to start when running with `--networking=cni`, properly creating the
DNS records so the operator can remotely publish the CNI and extra
manifests to have a full working cluster.
This also removes the dependency on `kube-proxy`, by adding the
`KUBERNETES_SERVICE_HOST` environment variable, bypassing `kube-proxy`
when disabled.
Presumably, as a side-effect, this change also allows for
"host network only" clusters to work.
Signed-off-by: Rodrigo Chacon <rochacon@gmail.com>
2019-12-19 02:10:35 -03:00
556399e0a7
Update Weave Net to version 2.6.0
...
Signed-off-by: Bryan Boreham <bryan@weave.works>
2019-12-17 13:31:43 +00:00
5c57ce49f9
Revert ClusterRole name to "calico"
2019-12-14 15:06:27 +02:00
a806f10b4e
Make Calico-Typha and Canal templates easier to compare to each other
2019-12-13 21:46:17 +02:00
7ef9d0a5c1
Add role.kubernetes.io/networking labels for Canal
2019-12-13 21:46:17 +02:00
f6193e0c41
Fix indent of metadata.name field for felixconfigurations.crd.projectcalico.org
2019-12-13 21:46:17 +02:00
346d0ba9bc
Make templates easier to compare with official manifests
2019-12-13 21:46:17 +02:00
3b25c0c66a
Add Calico v3.10.2
2019-12-13 21:46:11 +02:00
a2e3e57bd3
add missing rbac rules
2019-12-12 11:21:10 +02:00
dd69274cf2
Set FELIX_IPTABLESBACKEND for Calico and Canal
2019-12-10 13:45:33 +02:00
b76ffb359a
Merge pull request #7992 from DavidSie/pr_cloud_controller_template_function
...
Cloud controller template function
2019-12-09 13:54:02 -08:00
f21df7cd6f
Fix mounting Calico "flexvol-driver-host" in CoreOS
2019-12-08 16:43:29 +02:00
fcf6f0098c
Canal Typha spec and apimachinery
2019-12-06 15:36:48 +00:00
9b7a798136
Add Typha support for Canal Networking
2019-12-06 15:36:48 +00:00
ebbebc5af3
Canal v3.10 manifest for k8s v1.15+
2019-12-06 14:50:00 +00:00
c3004a7b43
BUILD.bazel in openstack.addons.k8s.io
2019-12-05 09:58:45 +01:00
366982fe08
no BUILD.bazel
2019-12-05 09:58:45 +01:00
Kubernetes Prow Robot
liranp
Ciprian Hacman
John Gardiner Myers
Ole Markus With
eric-hole
Ole Markus With
Matt Shipman
Peter Rifel
Ilya Dmitrichenko
mikesplain
Matteo Ruina
Josh Branham
GuyTempleton
Justin SB
David Dyball
Reilly Brogan
mmerrill3
Rodrigo Chacon
Bryan Boreham
Jesse Haka
Kashif Saadat
David Siecinski