kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
918 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

68 Commits

Author SHA1 Message Date
Justin Santa Barbara 204d1364ac Switch to image published under kope account 2016-10-01 17:30:52 -04:00
Justin Santa Barbara 146babbd27 Disable ingress DNS integration for 1.4.0 
There are still some problems with the default nginx controller
 2016-10-01 17:25:11 -04:00
Justin Santa Barbara 1a4558a736 Fix DNS deployment manifest 2016-10-01 15:26:10 -04:00
Justin Santa Barbara 655a61588e Switch all the final switches for release 1.4 
Also apply the 1.4 schema changes.
 2016-10-01 13:50:19 -04:00
Justin Santa Barbara 3ead9fe0ce Create addons for 1.4 
(It isn't activated yet though)
 2016-10-01 09:35:20 -04:00
Justin Santa Barbara 8839e67f0b Merge fixups 2016-09-24 11:46:34 -04:00
Justin Santa Barbara 41e2bee204 Merge pull request #495 from justinsb/setup_machine_id 
Call /bin/systemd-machine-id-setup as part of init
 2016-09-24 11:42:44 -04:00
Justin Santa Barbara d494d83436 Merge pull request #452 from yissachar/support-shared-subnets 
Add support for shared subnets
 2016-09-24 11:41:28 -04:00
Justin Santa Barbara d7639691e9 Call /bin/systemd-machine-id-setup as part of init 
Just in case nobody else sets it!
 2016-09-24 10:18:30 -04:00
Justin Santa Barbara 9356b5b215 Merge pull request #460 from justinsb/security_group_rule_removal 
Support deletion of items
 2016-09-20 11:42:42 -04:00
Justin Santa Barbara 352bc52a9f Honor minSize/maxSize for ASGs for master 
Normally we expect the size to be 1, but it turns out there is an
exception - in the case when we want to suspend a cluster.  So honor the
values if the user sets them.

Thanks for spotting @sekka1

Fix #403
 2016-09-17 23:17:18 -04:00
Justin Santa Barbara f8bbdb1467 Support deletion of items 
We don't normally need to delete items, but we do need to purge old
security group rules.
 2016-09-17 23:06:15 -04:00
Yissachar Radcliffe 5217bd432d Add support for shared subnets 2016-09-16 12:17:44 -04:00
Justin Santa Barbara 6d139d06d1 Support labels on k8s nodes and AWS instances 
A lot of supporting work was needed, including improvements to the model
and model generation logic.
 2016-09-13 12:47:16 -04:00
Justin Santa Barbara b9c20a7c0d Fix logic around `or nillable true` in text template 
A false value is also treated as false, so the expression will always be
true
 2016-09-09 11:35:49 -04:00
Justin Santa Barbara 8c1cbec9b6 Default AssociatePublicIP to true 
If AssociatePublicIP is nil, treat that as true.

The full fix is likely to version InstanceGroups, but this is also
"defense in depth".
 2016-09-09 10:12:26 -04:00
Justin Santa Barbara 9ee663764f Merge pull request #378 from justinsb/reapply_365 
Reapply #365
 2016-09-09 10:04:55 -04:00
Justin Santa Barbara ebf84d33d6 Merge pull request #273 from moleksyuk/master 
Add no-public-ip option to instance groups
 2016-09-08 11:45:43 -04:00
Justin Santa Barbara 62d5451b25 Initial (experimental) Ubuntu 16.04 support 2016-09-08 10:20:42 -04:00
Justin Santa Barbara d3ab070b0d Use go-bindata to embed our models 
This allows us to have single-file deployment
 2016-09-07 11:56:03 -04:00
Mykhailo Oleksiuk aa6693a6ed megre from upstream 2016-09-01 13:23:50 +03:00
Justin Santa Barbara 1b91f417e5 Build IAM policy in code 
Easier to get right than relying on string manipulation, but we're still
doing the same policies, with the improvements as done by @weargoogles.
 2016-08-27 21:18:23 -04:00
Justin Santa Barbara a3eda654db Revert "Revert "include change to node policy to cover #363"" 
This reverts commit ca1a52ff3e.
 2016-08-27 17:38:01 -04:00
Justin Santa Barbara 4df50773c1 Revert "Revert "Restrict master access to state store bucket"" 
This reverts commit c11a370c9a.
 2016-08-27 17:37:55 -04:00
Justin Santa Barbara c11a370c9a Revert "Restrict master access to state store bucket" 
This reverts commit 369a6ea1db.
 2016-08-27 16:31:53 -04:00
Justin Santa Barbara ca1a52ff3e Revert "include change to node policy to cover #363" 
This reverts commit 969af97b60.
 2016-08-27 16:31:38 -04:00
Pete Wildsmith 969af97b60 include change to node policy to cover #363 2016-08-24 17:19:54 +01:00
Pete Wildsmith 369a6ea1db Restrict master access to state store bucket 
This change increases the specificity of the master's state store bucket contents permission to only the top-level folder named after the cluster.

Fixes #365
 2016-08-24 17:03:10 +01:00
Justin Santa Barbara 7699dc8fd2 Merge pull request #294 from justinsb/use_ssh_key 
SSH key improvements
 2016-08-11 22:28:41 -04:00
Justin Santa Barbara a3cfec6c24 Support changing the SSH public key 
This requires that we include the OpenSSH fingerprint in the AWS key
name.
 2016-08-11 12:00:52 -04:00
Justin Santa Barbara 8fb4215e17 Run CI versions of k8s 
CI versions are not pushed to gcr.io, so we need to preload the images
by downloading them and doing a docker load.
 2016-08-11 01:32:42 -04:00
Mykhailo Oleksiuk fad3d3a4f4 move --no-associate-public-ip to instance group 2016-08-06 14:46:46 +03:00
Mykhailo Oleksiuk a860fdbdfd add parameter --no-associate-public-ip 2016-08-04 17:19:20 +03:00
Justin Santa Barbara 2b3f55563e Run the master on the pod network, unless IsolateMaster=true 
The master is now registered as a Node.  It is marked as Unschedulable,
so normal pods will not run on it.  But Daemonsets will, and it is
surprising that they don't work unless hostNetwork=true.

The default is now what seems to be expected:
* we allocate the master a real CIDR on the pod network
* kube-proxy runs on the master, so it can talk to pods
* we run kubelet on the master with enable-debugging-handlers, so
  kubectl logs etc works

To get the old behaviour, edit the cluster spec and set
`isolateMasters: true`
 2016-07-28 12:12:16 -04:00
Fotios Lindiakos be2fcca933 Remove trimming in AWS templates 2016-07-26 11:14:55 -04:00
Justin Santa Barbara 9e9855d1a4 Simpler upgrade procedure: reuse subnet 
By reusing the subnet & security groups, we are able to skip the ELB
steps of the upgrade procedure.  The new cluster also has the same
identity as the old cluster for security groups, so we don't need to
reconfigure ELB etc.

Fixes #175
Fixes #174
 2016-07-22 11:47:12 -04:00
Justin Santa Barbara 11d51b04a9 Adapt IAM policies when running in cn-north-1 
Fix #27
 2016-07-21 22:19:43 -04:00
Justin Santa Barbara 302f23463e Configuration of admin access to ports 22 and master-443 
Fix #143
 2016-07-14 10:33:26 -04:00
Justin Santa Barbara f771c2af4c Add support for spot instances 
Fixes #58
 2016-07-10 23:56:16 -04:00
Justin Santa Barbara 5b8b4d4da3 Detect & delete new ASG launch configs 
We now output a ClusterName property into the launchconfig, even though
we don't technically need it.  But it allows us to more easily detect
the cluster, and it generally seems like a good idea.

Also rename to 'autoscaling-config' and clean up the cluster name
detection logic.

Fix #96
 2016-07-09 22:07:24 -04:00
Justin Santa Barbara 126c508426 Fix model: numbers must be quoted 2016-07-09 01:41:04 -04:00
Justin Santa Barbara 13e514aeac Merge pull request #93 from justinsb/fix_24 
Allow configurable RootDeviceSize & RootDeviceType
 2016-07-09 01:25:20 -04:00
Justin Santa Barbara b42765816e Change node role tag to match master pattern 
It's not currently used, and we hadn't updated it to match the better
pattern.

k8s.io/role=master can only be in one role
k8s.io/role/master=1 allows for multiple roles
 2016-07-08 22:02:32 -04:00
Justin Santa Barbara 13b8e81bd6 Allow configurable RootDeviceSize & RootDeviceType 
This allows for a larger EBS root volume (and we now default to 20GB,
just like kube-up did).

We remove the BlockDeviceMappings support because it wasn't used and
made things a lot more complicated.  We always map the ephemeral
devices.

Issue #24
 2016-07-08 01:11:14 -04:00
Justin Santa Barbara 947a045667 Rename DNSDomain -> ClusterDNSDomain for clarity 2016-06-27 15:36:11 -04:00
Justin Santa Barbara 26d05341b4 Move options to common stage, so that it works with terraform generation 2016-06-27 15:21:31 -04:00
Justin Santa Barbara c36607644b Better shared VPC support: more validation 2016-06-27 15:00:51 -04:00
Justin Santa Barbara a0d8302255 Merge pull request #156 from slack/protokube-dns 
upup/protokube: tell protokube to use --dns-zone-name
 2016-06-27 00:41:11 -04:00
Justin Santa Barbara b6cf38c96e AllocateNodeCIDRs need no longer be "bubbled down" 
We have it on the KCM config; just set it there
 2016-06-27 00:32:19 -04:00
Justin Santa Barbara eeed4a3031 Rationalize API to something we want to support forever 2016-06-26 23:09:02 -04:00