- implementing as new subcommand keypair to secret
- rename of LoadPEMCertificate to ParsePEMCertificate to have
the same naming of parsing of certificate/private key bytes in
the same package result is
pki.ParsePEMPrivateKey(privateKeyBytes)
pki.ParsePEMCertificate(certBytes)
We modelled our VFS clientset (for API objects backed by a VFS path)
after the "real" clientsets, so now it is relatively easy to add a
second implementation that will be backed by a real clientset.
The snafu here is that we weren't really using namespaces previously.
Namespaces do seem to be the primary RBAC scoping mechanism though, so
we start using them with the real clientset.
The namespace is currently inferred from the cluster name. We map dots
to dashes, because of namespace limitations, which could yield
collisions, but we'll deal with this by simply preventing users from
creating conflicting cluster names - i.e. you simply won't be able to
create a.b.example.com and a-b.example.com
* Zones are now subnets
* Utility subnet is no longer part of Zone
* Bastion InstanceGroup type added instead
* Etcd clusters defined in terms of InstanceGroups, not zones
* AdminAccess split into SSHAccess & APIAccess
* Dropped unused Multizone flag
This is a breaking change for people using the API (sorry), but is
hopefully a simple search and replace:
"k8s.io/kops/upup/pkg/api"
-> api "k8s.io/kops/pkg/apis/kops"
"k8s.io/kops/upup/pkg/api/registry"
-> "k8s.io/kops/pkg/apis/kops/registry"
This is the "correct" place for it in the k8s API infrastructure - we
are working towards a versioned API here.
Beginnings of a mock for the AWSCloud, so that hopefully we aren't
calling out to AWS at all in the tests. We will likely start mocking
the actual EC2 APIs in future, but this seems a good starting point.
Fix#425
The old upgrade command (which was only called as part of a kube-up ->
kops upgrade) is now `kops toolbox convert-imported`. The docs are
updated, but this is only normally called once per import so this should
not be high impact.
The upgrade command now looks for things that need upgrading. Currently
only `upgrade cluster` is implemented; it currently only checks the
KubernetesVersion. If KubernetesVersion is out of date, it will be
printed, and if --yes is specified the cluster spec will be set to the
next value.
By reusing the subnet & security groups, we are able to skip the ELB
steps of the upgrade procedure. The new cluster also has the same
identity as the old cluster for security groups, so we don't need to
reconfigure ELB etc.
Fixes#175Fixes#174
We can at least give the user better instructions on how to proceed.
Because this is not in general safe though, I'm not sure we want to
gloss over this.
Issue #69
StateStore was highly orientated towards a VFS system; replace it with a
Registry abstraction that is more object based.
We also rationalize much of the CLI (cmd) command logic also.
Zhenhai Gao
Justin Santa Barbara
Alexander Brandstedt
Kubernetes Submit Queue
andrewsykim
Chris Love