kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,322 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

184 Commits

Author SHA1 Message Date
John Gardiner Myers a4e41d47f3 Enable RBN with AWS CCM 1.22.0-alpha.1 2022-02-16 23:08:44 -08:00
Jiahui Feng 10a2ca6daf use pkg/flagbuilder to build argv 2022-02-08 11:29:37 +02:00
Jesse Haka 4b9a985da2 use 1.23.1 ccm for openstack 2022-01-21 12:30:03 +02:00
John Gardiner Myers 73f164e229 Use instance ID as node name when AWS CCM supports it 2021-11-30 17:54:54 -08:00
John Gardiner Myers a502a37990 Support NodeLocalDNS on IPv6 clusters 2021-11-28 15:55:16 -08:00
justinsb 6133250046 gossip: support resolution of k8s.local names from pods 
We add the hosts plugin to CoreDNS, and we populate a ConfigMap from
kops-controller (when in gossip mode).

This enables resolution of the internal apiserver DNS name from Pods,
even when gossip mode (k8s.local) is in use.  This should fix the
failing e2e tests which are assuming that the name in the JWT token is
resolvable from inside the cluster.

This is also a possible step towards a simpler gossip mode, now that
we have a central controller.
 2021-11-19 11:02:15 -05:00
justinsb 0c696d41d3 Create supporting services in kops-controller for gossip-mode 
The intent is that we can then expose these via CoreDNS, so that
internal name resolution will work.
 2021-11-19 11:02:10 -05:00
John Gardiner Myers 1001f1fbd7 Upgrade amazonvpc to v0.10.1 2021-11-15 18:54:24 -08:00
John Gardiner Myers 241e0558cd Watch Ingress by default when using the external-dns provider 2021-11-07 15:17:01 -08:00
John Gardiner Myers 2cebd7ece5 dns-controller: Filter node InternalIPs by pod network families 2021-10-30 13:28:39 -07:00
John Gardiner Myers 7cb4fbe91e Never masquerade IPv6 with Cilium 2021-10-27 23:40:02 -07:00
justinsb 4dc2c062fd Support GCE TPM verification 2021-10-06 08:40:20 -04:00
Nicolas Sterchele 2584e4133d cloudup: add nindent fct reference to templatefunctions 2021-10-04 15:17:03 +02:00
John Gardiner Myers 0fd4dca30e Remove dead code 2021-10-02 20:58:55 -07:00
Jeroen van Erp c30ec8e310
Add ability to provide custom CoreDNS Tolerations and Affinity 
Signed-off-by: Jeroen van Erp <jeroen@hierynomus.com>
 2021-09-28 17:05:48 +02:00
Peter Rifel 42ecabae28
Allow aws-iam-authenticator to be scheduled onto dedicated apiserver nodes 2021-09-26 11:09:30 -05:00
Reilly Brogan bce435da1c Add bidirectional BPF mount for Cilium >= 1.9.10 or >= 1.10.4 
- Cilium versions 1.10.4 and 1.9.10 now auto-mount the bpf file-system automatically
- Also remove redundant capabilities (these are already automatically granted by virtue of this being a privileged container)
 2021-09-23 13:01:58 -05:00
Ole Markus With 88bd1953ce Have kops-controller assign instance ipv6 prefix to node 2021-09-16 19:25:19 +02:00
Peter Rifel 6a53285ffe
Move AWS CCM image logic into pkg/model and add 1.21 and 1.22 images 2021-09-08 20:56:39 -05:00
Jesse Haka bb35842eba use ipip Always by default in OpenStack 2021-09-07 17:08:54 +03:00
Ole Markus With ec2dcfca48 Set NodeIPFamilies in ipv6 mode 2021-09-03 08:31:09 +02:00
Ole Markus With 0152c23c1e Remove externaldns feature flag 2021-08-27 06:30:01 +02:00
Ole Markus With 38f805c5ef Make external-dns a drop-in for dns-controller 
Support TXT records
 2021-08-27 06:24:47 +02:00
Ole Markus With 0439bb0d76 Remove UseServiceAccountIAM feature flag and rename feature to UseServiceAccountExternalPermissions 2021-08-07 21:20:03 +02:00
Ole Markus With 1839b1ac47 Revert most of #12023 and keep awslbc on CP nodes 2021-08-05 19:30:27 +02:00
Ole Markus With d31c682506 Set vpc-id on aws lbc 2021-07-19 15:14:15 +02:00
Kubernetes Prow Robot 89ad2bc453
Merge pull request #11810 from hakman/ipv6_disable_calico_awssrcdstcheck 
Enable cross-subnet mode with Calico by default
 2021-06-25 01:08:45 -07:00
Ciprian Hacman a12b3145ee Enable cross-subnet mode with Calico by default 2021-06-25 07:13:20 +03:00
Moshe Shitrit 6dee0ad09e Comment-out hardcoded default values and add the overriden ones as template functions for ease of customization 
Update auto-generated files
 2021-06-22 12:26:28 +03:00
John Gardiner Myers c0b54d980d Enable IPv6 support for Cilium 2021-06-13 20:47:44 -07:00
Ole Markus With 2fb1861528 Update CAS manifest 
Upstream examples were missing a number of improvements.
This commit also adds template functions for making controllers such as CAS more HA on HA clusters
 2021-05-19 16:12:51 +02:00
Ole Markus With 22f3a4aff8 Add default tags to LB controller and cilium eni resources 2021-05-18 19:02:40 +02:00
Alexander Block 859171eeac Sort --extra-tags of ebs-csi-driver 
Without sorting, the order is random and thus causes unnecessary cluster
updates.
 2021-05-10 07:17:47 +02:00
Jason Haugen 36722afb0f change casing Asg->ASG 2021-04-22 13:07:01 -05:00
Jason Haugen 7e48dad4d2 add ManagedAsgTag, merge templates, improve docs 2021-04-19 16:51:08 -05:00
Jason Haugen a2cc750d62 fix sqs url for china 2021-04-19 15:43:06 -05:00
Jason Haugen cceb9dd296 lifecycle integ test, docs, & small cleanup 2021-04-19 15:43:06 -05:00
Jason Haugen 10df4a9a14 integ tests 2021-04-19 15:43:05 -05:00
Ole Markus With dbd23473ef Add irsa support for awslbcontroller 
This commit also introduces support for adding token projection volumes for well-known SAs.
Slightly less complicated than explicitly parsing the objects for a manifest
 2021-04-04 21:24:07 +02:00
Ole Markus With 20bd724f5e Add support for scaling out the control plane with dedicated apiserver nodes 
Ensure apiserver role can only be used on AWS (because of firewalling)

Apply api-server label to CP as well

Consolidate node not ready validation message

Guard apiserver nodes with a feature flag

Rename Apiserver role to APIServer

Add an integration test for apiserver nodes

Rename Apiserver role to APIServer

Enumerate all roles in rolling update docs

Apply suggestions from code review

Co-authored-by: Steven E. Harris <seh@panix.com>
 2021-03-20 20:57:00 +01:00
Alexander Block 54c509b33c Add CloudLabels as --extra-tags to aws-ebs-csi driver 2021-03-04 12:07:11 +01:00
AkiraFukushima 36acadca59 Fill Role names in kops-controller-config instead of instance profile names when it is specified 
The role names are checked in node bootstrap.
If profile names are provided, bootstrap will fail.
Because profile name and role name do not always mactch in AWS IAM
 2021-02-11 14:28:49 +09:00
Steven E. Harris f0f45b71fd Allow use of Calico's VXLAN networking backend 
Introduce a new "encapsulationMode" field in Calico's portion of the
Cluster specification to allow switching between the the IP-in-IP and
VXLAN encapsulation protocols. For now, we accept the values "ipip"
and "vxlan," and forgo a possible "none" value that would disable
encapsulation altogether (at least for the default Calico IP pool).

Augment the default-populating procedure for Calico to take this field
into account when deciding both which networking backend to use and
whether to use IP-in-IP or VXLAN encapsulation for the default IP
pool. Note that these values supplied for the "CALICO_IPV4POOL_IPIP"
and "CALICO_IPV4POOL_VXLAN" environment variables in the "calico-node"
DaemonSet pod spec only matter for creating the "default" IPPool pool
object when no such objects already exist.

Generalize the documentation for the "crossSubnet" field to cover
environments more broad than just AWS, as Calico can employ this
selective encapsulation in any environment in which it can detect
boundaries between subnets.
 2020-12-18 10:55:11 -05:00
Ciprian Hacman 2844abd225 Delay defaulting to CoreDNS to k8s v1.20 2020-12-16 08:12:04 +02:00
Nick Turner c9feb36f3f Add aws-cloud-controller-manager config to addons 
- Config at aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml.template
- AWSCCMTag function for CCM image tag
 2020-11-30 01:35:07 -08:00
Ole Markus With 3721bbb76b Upgrade sprig to v3 2020-11-07 20:41:02 +01:00
Ole Markus With a7c7af4e97 Don't let node-local-dns add iptables rules 
Since we use the local IP we don't need the iptables rule for the cluster dns IP
 2020-10-16 12:46:16 +02:00
Ole Markus With fdaf5eb38d UseKopsControllerForNodeBootstrap instead of k8s versoin to determine secure tls 2020-10-09 10:18:02 +02:00
Ole Markus With 809aa93634 Make use of kubelet service certificate 2020-10-09 08:27:08 +02:00
liranp 15cc0fefae
feat(spot): upgrade the cluster controller (v1.0.67) 2020-10-01 18:24:31 +03:00