The k8s.gcr.io prefix is an alias, but for CI builds we run from a
docker load, and we only double-tag from 1.10 onwards. For versions
prior to 1.10, remap k8s.gcr.io to the old name. This also means that
we won't start using the aliased names on existing clusters, which could
otherwise be surprising to users.
The etcd-manager will (ideally) take over etcd management. To provide a
nice migration path, and because we want etcd backups, we're creating a
standalone image that just backs up etcd in the etcd-manager format.
This isn't really ready for actual usage, but should be harmless because
it runs as a sidecar container.
Automatic merge from submit-queue.
Add --subnets and --utility-subnets to kops create cluster
This change adds two new options to `kops create cluster`
When specifying `--vpc`, `--subnets` can be specified as an unordered array of subnet ids. Kops will then look up the zones of the subnets to find which zone to add the subnet id to.
If `--topology private` is also specified, `--utility-subnets` can similarly be specified.
~If a zone was specified but a subnet wasn't given that matches the zone, then the subnet will be allocated a CIDR with the current behaviour.~ This case fails validation here 7bd0a6a703/pkg/apis/kops/validation/validation.go (L151)
I can add unit tests and docs changes if required, but I am keen to get feedback before I proceed much further.
I have only added support for AWS.
I have tested this by running a command similar to this:
```bash
kops create cluster \
--zones=us-east-1a,us-east-1b,us-east-1c \
--topology private \
--master-zones=us-east-1a,us-east-1b,us-east-1c \
--vpc $vpc_id \
--subnets subnet-111111,subnet-222222,subnet-333333 \
--utility-subnets subnet-444444,subnet-555555,subnet-666666 \
$cluster_hosted_zone_name
```
And the cluster spec was as expected.
File assets and the SHA files are uploaded to the new location. Files
when are users uses s3 are upload public read only. The copyfile task
uses only the existing SHA value.
This PR include major refactoring of the use of URLs. Strings are no
longer categnated, but converted into a URL struct and path.Join is
utlilized.
A new values.go file is included so that we can start refactoring more
code out of the "fi" package.
A
Automatic merge from submit-queue.
Allow additional SGs to be added to API loadbalancer
Allow adding precreated additional security groups to the API loadbalancer using cluster spec:
```yaml
spec:
api:
loadBalancer:
type: Public
additionalSecurityGroups:
- sg-exampleid3
- sg-exampleid4
```
- [x] Adding additionalSecurityGroups cluster spec
- [x] Adding validation for repeated security groups
- [x] Adding validation for API loadbalancer security groups
- [x] Integration test for API loadbalancer and its security groups
- [x] Update API docs and cluster.spec docs
Automatic merge from submit-queue.
Add a default NodeLabel with the InstanceGroup name
As requested in https://github.com/kubernetes/kops/issues/2999, this change just auto-populates new InstanceGroup specs with a default node label containing the name of the instance group. It would be really useful for those of us managing environments with multiple instance groups.
It allows an admin to easily view the instance groups using kubectl:
```
kubectl get nodes --label-columns kops.k8s.io/instancegroup
NAME STATUS AGE VERSION INSTANCEGROUP
ip-172-20-108-120.eu-west-1.compute.internal Ready,node 3m v1.7.4 xtra-large
ip-172-20-117-133.eu-west-1.compute.internal Ready,master 14m v1.7.4 master-eu-west-1c
ip-172-20-32-139.eu-west-1.compute.internal Ready,master 14m v1.7.4 master-eu-west-1a
ip-172-20-32-92.eu-west-1.compute.internal Ready,node 12m v1.7.4 nodes
ip-172-20-67-184.eu-west-1.compute.internal Ready,master 13m v1.7.4 master-eu-west-1b
```
Mike Splain
k8s-ci-robot
chrislovecnm
Justin Santa Barbara
Chris Phillips
Fernando Battistella
Fred Dubois
Tim Hockin
Kashif Saadat
Johannes Würbach
Mikael Knutsson
Kubernetes Submit Queue
Henry Muru Paenga
Robin Percy
Abdullah Almariah
Peter Rifel
Rodrigo Menezes
georgebuckerfield