kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,547 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

130 Commits

Author SHA1 Message Date
Ciprian Hacman 68b4611066 Clean up kubelet networking flags for dockershim 
Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
 2022-01-19 17:36:18 +02:00
Ole Markus With 166860b668 Create cgroups for kube and runtime if configured 2021-12-20 13:36:45 +01:00
John Gardiner Myers c5e1dea184 Remove code for no-longer-supported k8s version 2021-12-11 16:30:51 -08:00
justinsb 8220211655 nodeup: store the CloudProvider in the context 
This is a bit simpler than fetching it from the cluster every time,
and also can allow things like mixed-cloud clusters (in future).
 2021-12-11 09:16:03 -05:00
Kubernetes Prow Robot f7e66049d6
Merge pull request #12862 from johngmyers/instanceid-nodename 
Use instance ID as node name when AWS CCM supports it
 2021-12-05 14:58:32 -08:00
Ciprian Hacman ea7df00719 Run hack/update-gofmt.sh 2021-12-01 22:39:50 +02:00
John Gardiner Myers 73f164e229 Use instance ID as node name when AWS CCM supports it 2021-11-30 17:54:54 -08:00
Ciprian Hacman 2f4bdde429 Respect any MaxPods value the user sets explicitly 
even for AWS VPC CNI.
 2021-10-25 06:39:34 +03:00
John Gardiner Myers 7963b9b9ec Remove some unused fields from v1alpha3 componentconfig 2021-10-07 23:29:53 -07:00
Peter Rifel 7ce1cdc065
Set kubelet's --no-ip on IPv6-only clusters 2021-09-30 09:20:33 -05:00
Peter Rifel 88ddff3baf
Use separate cloud.config files for in-tree vs out-of-tree components 2021-09-30 09:20:33 -05:00
Ole Markus With ad16042a1f Add IPs to kubelet server cert 
Since AWS does not resolve instance hostnames to ipv6, ipv6-only pods that talk to kubelet API has to use node IP, not hostname. Thus we need to add IPs to kubelet server cert.
 2021-08-26 20:54:02 +02:00
John Gardiner Myers 3282549577 Issue kubelet cert on apiserver nodes for k8s before 1.19 2021-07-16 10:13:20 -07:00
John Gardiner Myers 191df58267 Verify CA keypair IDs for kops-controller-issued certs 2021-07-14 08:15:28 -07:00
John Gardiner Myers 68041a4f73 Issue certs using CA KeypairID in NodeupConfig 2021-07-10 23:23:12 -07:00
John Gardiner Myers 1752f0f4db Move most of nodeup.Config out of userdata 2021-06-25 22:25:49 -07:00
John Gardiner Myers b45c0b4489 Remove InstanceGroup from NodeupModelContext 2021-06-03 21:27:01 -07:00
John Gardiner Myers d3469d6ec2 Remove code for no-longer-supported k8s versions 2021-05-07 23:40:03 -07:00
Ole Markus With df2f66e1e5 Make API servers provision themselves. 
API servers also have access to secret store, so there is no need to go through kops-controller.
This lets API server only depend on etcd from the CP nodes, which should make it easier to scale out API servers under pressure
 2021-04-23 06:59:15 +02:00
Ole Markus With 769c6e584f Add install section to kubelet unit 2021-04-19 19:19:46 +02:00
Ole Markus With af92896dc7 Don't start kubelet if we are warming 2021-04-14 11:05:50 +02:00
Ole Markus With bd731ce989 Use secure kubelet auth 
Without secure node auth enabled, commands like `kubectl logs` may fail
with certain configurations.

Previously, we checked if anonymousAuth was enabled on the kubelet
before securing node communication, but this isn't really relevant. We
can still authenticate even if anonymous access is allowed.
 2021-04-13 08:59:39 +02:00
Ole Markus With 20bd724f5e Add support for scaling out the control plane with dedicated apiserver nodes 
Ensure apiserver role can only be used on AWS (because of firewalling)

Apply api-server label to CP as well

Consolidate node not ready validation message

Guard apiserver nodes with a feature flag

Rename Apiserver role to APIServer

Add an integration test for apiserver nodes

Rename Apiserver role to APIServer

Enumerate all roles in rolling update docs

Apply suggestions from code review

Co-authored-by: Steven E. Harris <seh@panix.com>
 2021-03-20 20:57:00 +01:00
Kubernetes Prow Robot 4ee8936d63
Merge pull request #10547 from justinsb/cos_var_lib_kubelet 
COS/GCE: exec on kubelet/flexvolume dirs
 2021-01-10 08:23:17 -08:00
Justin Santa Barbara e9f6623a80 COS/GCE: exec on kubelet/flexvolume dirs 
Upstream bind mounts /var/lib/kubelet with exec, dev and suid
permissions, because emptyDirs end up inheriting these permissions.

Similarly, /home/kubernetes/flexvolume needs exec permission to
support flexdrivers.
 2021-01-09 13:56:18 -05:00
Justin Santa Barbara 78b139465c Refactor and centralize distribution logic 
Use of a struct makes it more sustainable, centralizing into the
distribution package makes it simpler to follow.
 2021-01-05 11:50:23 -05:00
Justin SB b17e44b709 Recognize ubuntu 20.10 
Teach nodeup about ubuntu 20.10, including the unusual
/etc/resolv.conf configuration.
 2021-01-05 10:53:40 -05:00
Ole Markus With 1525ccdee9 Fix circular dependency in tasks related to kubelet serving cert 2020-10-24 09:02:41 +02:00
Ole Markus With 466dcd001e Apply suggestions from code review 
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-10-09 08:27:08 +02:00
Ole Markus With 809aa93634 Make use of kubelet service certificate 2020-10-09 08:27:08 +02:00
Ciprian Hacman 07ffd665a7 Allow container runtime to run before BootstrapKubeconfig 2020-09-12 08:13:40 +03:00
Ciprian Hacman 22ec1512dc Use numbers for distribution names 2020-08-17 07:25:43 +03:00
Ciprian Hacman e68ee80a93 Move and rename the "distros" package 2020-08-17 07:25:43 +03:00
Peter Rifel 4d9f0128a3
Upgrade to klog2 
This splits up the kubernetes 1.19 PR to make it easier to keep up to date until we get it sorted out.
 2020-08-16 20:56:48 -05:00
John Gardiner Myers fb381c4c8b Don't issue kubelet cert on masters before k8s 1.19 2020-08-15 10:30:21 -07:00
John Gardiner Myers c5871df319 Get kubelet certificate from kops-controller 2020-08-15 10:30:20 -07:00
John Gardiner Myers e405d24f8c Default kubelet authenticationTokenWebhook to true for k8s 1.19+ 2020-08-14 11:57:56 -07:00
John Gardiner Myers d2e7e2a41d Default kubelet authorization-mode to Webhook for k8s 1.19+ 2020-08-08 21:00:48 -07:00
Kubernetes Prow Robot 7a61e9f07a
Merge pull request #9403 from hakman/protokube-distroless 
Use distroless image as base for Protokube
 2020-07-12 20:32:34 -07:00
Justin SB 6cdf9d5001 Don't start kubelet in protokube 
Previously as an optimization we would start the kubelet from
protokube, after we had mounted the disks.  This helped avoid e.g. the
apiserver going into backoff waiting for etcd.

However, this no longer achieves anything with etcd-manager - nothing
happens on this front until after we start the kubelet anyway.

Doing this both takes protokube out of the dependency sequence here
(slightly faster boot time), but also removes the systemd dependency
from the protokube image.  (So we can get a smaller image, perhaps
even distroless)
 2020-07-05 14:41:29 +03:00
Ciprian Hacman 69511a998e Use kubelet docker-specific flags only for Docker 2020-07-05 07:57:10 +03:00
John Gardiner Myers 75ca231693 Move default machine type to NodeupConfig 2020-06-28 18:52:04 -07:00
John Gardiner Myers 44fb283e3f Move NodeLabels into the NodeupConfig 2020-06-28 18:52:03 -07:00
John Gardiner Myers 1ba0f0d463 Move Taints into the NodeupConfig 2020-06-28 18:51:42 -07:00
John Gardiner Myers 5e5f25703d Move KubeletConfig into the NodeupConfig 2020-06-28 18:51:16 -07:00
John Gardiner Myers 8a2dfeb377 Refactor buildMasterKubeletKubeconfig 2020-06-16 21:37:56 -07:00
Peter Rifel bc074e857c
Use ec2.DescribeInstanceTypes in awsup.GetMachineTypeInfo 
This requires passing a cloud object in additional places throughout the validation package and originating mostly from cmd/kops

This means that some kops commands now require valid cloud provider credentials, but I don't think this is an issue because the vast majority of use-cases already require the same cloud provider credentials in order to interact with the state store.
 2020-06-09 10:13:01 -05:00
ZouYu 2fc52ec6be fix some go-lint warning 
Signed-off-by: ZouYu <zouy.fnst@cn.fujitsu.com>
 2020-06-09 08:52:50 +08:00
Kubernetes Prow Robot d18e97140e
Merge pull request #9130 from johngmyers/pki-refactor 
Refactor cert issuance code
 2020-06-05 01:43:43 -07:00
John Gardiner Myers e88e0cf7ec Remove code supporting dropped k8s versions 2020-06-04 12:11:51 -07:00