kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,301 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

521 Commits

Author SHA1 Message Date
Ciprian Hacman d1bdc1632d Update expected outputs of integration tests 2020-09-08 08:46:09 +03:00
Kubernetes Prow Robot 277038d419
Merge pull request #9839 from rifelpet/tf-cert-id 
Dont generate the ssl_certificate_id field on TCP listeners in Terraform
 2020-08-31 06:14:21 -07:00
Kubernetes Prow Robot 56bab9fa4f
Merge pull request #9813 from justinsb/expose_jwks 
Expose JWKS via a feature-flag
 2020-08-30 21:06:20 -07:00
Peter Rifel 0326ce4ad7
Dont generate the ssl_certificate_id field on TCP listeners in Terraform 2020-08-30 09:44:16 -05:00
Justin SB 786423f617 Expose JWKS via a feature-flag 
When the PublicJWKS feature-flag is set, we expose the apiserver JWKS
document publicly (including enabling anonymous access).  This is a
stepping stone to a more hardened configuration where we copy the JWKS
document to S3/GCS/etc.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-08-30 10:15:11 -04:00
Justin SB c63ce4b5ab Implement setter by reflection 
This means we no longer have to individually hard-code the `kops set`
fields, however we use the "language" we're now demonstrated.

We add tests to ensure we have parity with our existing (hard-coded)
setter logic.
 2020-08-30 09:59:52 -04:00
Peter Rifel 55f33c68b3
Cleanup old v1alpha1 test outputs 2020-08-27 14:30:10 -05:00
Peter Rifel 64f6f5e2cb
Add integration test for GCE private topology with bastion 2020-08-27 14:28:26 -05:00
Ciprian Hacman cd82550088 Update integration test for Calico after validation changes 2020-08-24 12:54:15 +03:00
Ciprian Hacman 3f8edd74fe Update integration test for Calico 2020-08-24 12:30:37 +03:00
Ciprian Hacman 2880e22bce Add flag for root volume encryption 2020-08-21 18:31:21 +03:00
Kubernetes Prow Robot 8a81d94c7b
Merge pull request #9773 from victorfrancax1/7286 
Adding support for permission boundaries for AWS IAM Roles
 2020-08-19 06:51:11 -07:00
Victor Ferreira 3aaa9a7c0f feat(aws): adding support to permission boundaries for IAM Roles 2020-08-19 01:16:13 -03:00
Kubernetes Prow Robot 96ab8423b1
Merge pull request #9566 from hakman/arm64-images 
Add ARM64 support for masters
 2020-08-14 20:46:17 -07:00
Ole Markus With 9890839cec Add an integration test for openstack floating ip 
* Integration test for floatingip cluster
* Implements mocking of floatingIP (only list for now)
* Expands various cloudmocks
* Fixes an NPR in openstack validation
* Fixes a bug where kops tries to use DNS even if the cluster is gossip
 2020-08-12 12:59:30 +02:00
Kubernetes Prow Robot 9b46e3fb9a
Merge pull request #9721 from hakman/ghw-win-2019 
Add windows job to GH workflows
 2020-08-11 11:20:18 -07:00
Ciprian Hacman f9f8ecfcf5 Fix API conversion tests for Windows 2020-08-11 14:28:37 +03:00
Ciprian Hacman 2359a25b84 Fix integration tests EOLs for Windows 2020-08-11 14:28:37 +03:00
Peter Rifel 6991655921
Add openstack integration test. 
This will create / update / update / delete an openstack cluster using cloudmock, ensuring there are no lingering changes reported or orphaned resources
 2020-08-10 15:22:49 -05:00
Ciprian Hacman 527b1eb36f ARM64 support - Update expected tests output 2020-08-10 12:05:24 +03:00
Kubernetes Prow Robot 2fbef78143
Merge pull request #9650 from johngmyers/update-notag 
Remove tags from NodeupConfig
 2020-07-31 02:27:08 -07:00
John Gardiner Myers d434733254 update-expected.sh 2020-07-30 19:42:07 -07:00
John Gardiner Myers cd2941b56c update-expected.sh 2020-07-29 17:24:39 -07:00
Peter Rifel f3e6ac874d
Update integration test outputs with new ssh key tags 2020-07-28 13:35:10 -05:00
John Gardiner Myers be3e311c12 update-expected.sh 2020-07-17 19:32:53 -07:00
John Gardiner Myers c0774d7ffa Stop using legacy IAM in integration tests 2020-07-17 19:32:48 -07:00
John Gardiner Myers d0b30cf771 update-expected.sh 2020-07-17 11:26:09 -07:00
Peter Rifel 4bcc1e1ffa
Remove old unused files 
The yaml files were most likely meant to live in tests/integration/update_cluster/minimal_gce but those files already exist.

The md file is very old and not relevant
 2020-07-13 12:48:28 -05:00
Peter Rifel f213854330
Update integration test outputs with filebase64 2020-07-08 23:24:11 -05:00
Ciprian Hacman 827d8c041f Update mock version to 1.19.0-alpha.1 2020-07-08 18:31:18 +03:00
Peter Rifel 69f2c71cc3
Add tag support to AWS launch templates 
In addition to TagSpecifications which allow tagging of instances and volumes, launch templates support tags of their own.

This adds the usual tags to LTs, as seen in the kubernetes.tf additions. Cloudformation does not yet support it [0], so only "api" and "terraform" targets are updated.

[0] https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html
 2020-07-07 22:43:45 -05:00
Ciprian Hacman 69511a998e Use kubelet docker-specific flags only for Docker 2020-07-05 07:57:10 +03:00
Ole Markus With 53f670aeb0 Rebase with master 2020-07-03 08:39:43 +02:00
Ole Markus With 263172caac Use new templates for cilium 1.8 2020-07-03 07:56:35 +02:00
Kubernetes Prow Robot 734a0eb5f3
Merge pull request #9415 from johngmyers/refactor-nodeup-2 
Continue moving InstanceGroup data to NodeupConfig
 2020-07-02 20:50:47 -07:00
Ciprian Hacman a7c8d2087c Use github.com/blang/semver/v4 2020-07-01 08:54:42 +03:00
John Gardiner Myers 56e5adc67e Move VPC setup into NewCluster() 2020-06-30 12:37:46 -07:00
John Gardiner Myers fe66b0011b Move CloudProvider determination into NewCluster() 2020-06-30 12:37:11 -07:00
John Gardiner Myers 5f45389124 update-expected.sh 2020-06-28 18:52:03 -07:00
John Gardiner Myers 35645b49c4 update-expected.sh 2020-06-28 18:51:42 -07:00
John Gardiner Myers 64167b7420 update-expected.sh 2020-06-28 18:51:16 -07:00
Peter Rifel 75ccf45eb7
Fold multiple integration test cases into the complex cluster test 
Each integration test cluster adds many LoC and some overhead in running the integration tests.
Since many of the tests are only testing a specific feature, it would be simpler to combine all of the non-mutually exclusive features into the complex cluster.
 2020-06-19 22:09:22 -05:00
Ciprian Hacman 80295961fb ARM64 support - Update tests output 2020-06-19 04:42:11 +03:00
John Gardiner Myers 91c741d8fb update-expected.sh 2020-06-17 09:09:24 -07:00
Peter Rifel c5882446c8
Only store launchtemplate userdata in plaintext for terraform 0.12+ 2020-06-16 17:16:41 -05:00
Peter Rifel 964d402eb5
Store terraform launchtemplate userdata in plaintext rather than b64 
This makes it easier to grok the userdata contents
 2020-06-16 16:53:49 -05:00
Ciprian Hacman d888b1f517 Update integration tests 2020-06-12 06:24:08 +03:00
John Gardiner Myers 1b03e7237b hack/update-expected.sh 2020-06-10 09:34:48 -07:00
Ciprian Hacman 3eda07aec0 Update tests output 2020-06-03 17:25:53 +03:00
Ciprian Hacman c0b62a74ca Remove all traces of utils.tar.gz 2020-06-03 09:55:45 +03:00
Kubernetes Prow Robot e6d73b5ba0
Merge pull request #9135 from justinsb/gce_no_hostname_no_worries 
GCE: don't rely on hostname being correct
 2020-05-22 17:43:10 -07:00
Peter Rifel 7228223781
Update integration test outputs 2020-05-22 18:48:20 -05:00
Kubernetes Prow Robot 2c899d859a
Merge pull request #9104 from hakman/containerd-kubenet 
Add support for Kubenet with containerd
 2020-05-21 22:20:38 -07:00
John Gardiner Myers 8a6d29cd40 Remove support for reading legacy-format keypairs 2020-05-20 13:28:13 -07:00
Kubernetes Prow Robot 204cf58c96
Merge pull request #9124 from johngmyers/bastion-private 
Don't put bastions in the utility subnets
 2020-05-19 21:26:18 -07:00
Kubernetes Prow Robot bda2a15ee6
Merge pull request #9024 from tomesm/support_launch_template 
Added Launch Template support for instance interruption behavior
 2020-05-17 15:35:36 -07:00
John Gardiner Myers ec4fe1e7e8 Don't put bastions in the utility subnets 2020-05-12 22:06:34 -07:00
Ciprian Hacman e608cd5265 Add support for Kubenet with containerd 2020-05-12 17:20:59 +03:00
Peter Rifel ef6abbcd5c
Don't use file references for single line strings in gce's metadata fields 2020-05-06 23:06:24 -05:00
John Gardiner Myers 843e5b9b16 Move GCEServiceAccount into CloudConfig 2020-05-03 20:35:32 -07:00
Ciprian Hacman 78de18a803 Update k8s.gcr.io/pause image to version 3.2 2020-05-01 22:12:42 +03:00
Ole Markus With 74732487d5 Fix various tests that used masters without etcd members 2020-04-30 18:32:28 +02:00
Martin Tomes c66180bc58 Added support for instance interruption behavior 2020-04-29 14:53:17 +02:00
Peter Rifel fd17a118f5
Remove irrelevant TODO comment from userdata 
This comment is from 2016, isn't clear, and I believe may be no longer relevant.

This will cleanup the TODO comment from everyone's userdata.
 2020-04-18 08:54:35 -05:00
Nicolas Vanheuverzwijn bcb141ab74 bastion: add test for loadbalancer.additionalSecurityGroups 2020-04-16 12:04:59 -04:00
Ole Markus With d174faf116 Add some integration tests for cilium 2020-04-16 16:22:58 +02:00
Ole Markus With a7f631e7c9 Apply suggestions from code review 
Co-Authored-By: Peter Rifel <rifelpet@users.noreply.github.com>
 2020-04-16 08:42:59 +02:00
Ole Markus With 869ab75dea Use etcd-manager for the cilium etcd cluster 2020-04-16 08:42:59 +02:00
Peter Rifel 460cdbfc67 Add CloudLabels tags to additional AWS resources 
This adds any labels defined in the Cluster spec's CloudLabels to the tags of the following AWS resource types:

Elastic IP
Internet Gateway
NAT Gateway
Route Table
Security Group
Subnet
VPC DHCP Options
VPC
 2020-04-11 13:25:52 -05:00
Peter Rifel fb7fba0152 Update GCE integration test output 2020-04-08 22:16:57 -05:00
Peter Rifel fa2d64c3a3 Update expected outputs of terraform tests 2020-04-05 21:24:49 -05:00
eric-hole c59314a799 Adds some initial tests. Fixes some logic 
Need to fix service account implementation first

Fixing tests and iterating on the serviceaccount logic

Run the gce_byo_sa test
 2020-04-04 21:20:31 -07:00
eric-hole b3d65ffce0 Adds a gce-service-account flag so you BYO service-account 
Generated code and some cleanup

Not sure where that code went

Tests for service account

fixes case on gceserviceaccount
 2020-04-04 21:15:56 -07:00
Kubernetes Prow Robot 759e24a490
Merge pull request #8802 from thejasbabu/feature/spot-block 
Add support for Spot block in launch template
 2020-04-01 10:15:27 -07:00
Peter Rifel a0e1672cdc add terraform testing 2020-03-31 14:50:45 -05:00
Thejas B dda8dc3f37 Add support for Spot block in launch template 
- Launch configuration does not support the field SpotDurationInMinutes which is used to reserve the spot instances, but however Launch Template does
 2020-03-31 20:07:01 +05:30
Peter Rifel ee86488d98 Don't set terraform's user_data if it is an empty string 
Bastion hosts have no user_data by default.
This is not valid in terraform, based on the error messages reported here [0]

The Terraform provider code says user_data is optional for both LaunchConfigurations and LaunchTemplates [1] [2]

This change prevents the user_data property from being added to aws_launch_configuration and aws_launch_template resources unless the string is not empty.

[0] https://travis-ci.org/github/kubernetes/kops/jobs/662472020
[1] 04d24f80f3/aws/resource_aws_launch_configuration.go (L74-L76)
[2] 04d24f80f3/aws/resource_aws_launch_template.go (L510-L512)
 2020-03-31 09:33:16 -05:00
Peter Rifel 833b22575f Disable anonymous auth in integration test clusters 
This silences the anonymousAuth warning printed during `update cluster`, reducing the integration test output by >500 lines.
 2020-03-29 22:21:10 -05:00
John Gardiner Myers b645dac752 Remove support for v1alpha1 and before 2020-03-24 19:49:15 -07:00
John Gardiner Myers d9e999d377 Convert TestMinimal_json to v1alpha2 API 2020-03-24 19:49:07 -07:00
Ciprian Hacman 5c8cc493af Set default log level to "info" for containerd 2020-03-22 20:53:58 +02:00
eric-hole 31285f921b Adds a minimal GCE integration test 2020-03-17 01:19:49 -07:00
Ciprian Hacman 576e546b5e Update integration tests for launch templates 2020-03-16 18:41:39 +02:00
Ciprian Hacman 59a6b065a0 Add root volume tags for CF and TF targets 2020-03-16 18:41:39 +02:00
Ciprian Hacman 7398f9bd47 Add LaunchTemplate integration tests 2020-03-16 16:01:57 +02:00
eric-hole 0daa5388ba Fixing gce integration tests (thanks Peter) with nodeLabels 2020-03-14 12:18:05 -07:00
Peter Rifel cd66f93a97 Remove unused integration test files, make complex cluster spec consistent 2020-03-13 23:24:48 -05:00
Ciprian Hacman 661bd6dfbd Add "owned" tag for all instance groups related resources 2020-03-02 10:39:50 +02:00
Matt Ouille f025ff0e70
Add External Policies (AWS managed policy attachments) 2020-02-16 21:54:12 -08:00
Ole Markus With 98ea9119a3 Fix tests 2020-02-06 19:41:47 +01:00
Justin SB 5d7fc87102
Update expected output to include v in github URLs 2020-02-05 20:58:03 -05:00
Christian van der Leeden 549f54de48 Enabling JSON output for Terraform instead of writing the HCL syntax tf file. JSON syntax is officially supported in 0.12 and a terraform version requirement will be set. For previous installations you need to delete the .tf file by hand. JSON generation will fail if kubernetes.tf is present. 
Added Integration Test using minimal test setup

Added documentation. For terraform 0.12 support the resource names need to be changed still
 2020-01-17 22:03:19 +01:00
Peter Rifel e0cebf30e5 Update terraform resource names to be 0.12 compatible. 
According to the upgrade guide [0] resource names cannot start with digits.
Currently both routes and VPC CIDR associations start with digits, so this adds prefixes to them so that they are valid resource identifiers in 0.12.

This is a significant change because on its own, terraform will destroy and recreate the route which impact the cluster networking.
To avoid this, existing clusters this will require moving the resources within the terraform state prior to the next `apply`.

```
kops update cluster --target terraform --out ./
terraform state mv aws_route.0-0-0-0--0 aws_route.route-0-0-0-0--0 # repeat for all aws_route resources
terraform plan
terraform apply
```

The exact terraform state command may vary depending on how Kops' terraform output is used.
See the command documentation [1] for more details.
Always run a terraform plan first to ensure the `aws_route` and `aws_vpc_ipv4_cidr_block_association` resources are not getting recreated.

Due to the potential impact, this notice should be very prominant in the Kops release notes

[0] https://www.terraform.io/upgrade-guides/0-12.html
[1] https://www.terraform.io/docs/commands/state/mv.html
 2020-01-17 07:51:39 -06:00
Austin Moore 4a88f7b5a5
Add ability to specify no ssh key by setting sshKeyName to empty 
Add tests for no ssh key functionality

Add docs for setting no ssh key

Disable sshKey rendering for cloudformation if nosshkey is set

Fix broken test

make goimports

Fix

Formatting fix

Update kubernetes version for tests

Update expected test output

Fix imports in mesh.pb.go

Run hack/update-expected.sh

Change digital ocean logic to handle *string for SSHKeyName

Fix expected output

Missed a few
 2020-01-15 15:24:32 -05:00
Nicolas Vanheuverzwijn 6db1b185e6 run hack/update-expected.sh 2020-01-13 16:12:47 -05:00
Nicolas Vanheuverzwijn eaa025effd run hack/update-expected.sh: we now consistenly output an empty user-data for bastion node 2020-01-13 15:28:20 -05:00
Kubernetes Prow Robot 7116d80467
Merge pull request #8284 from johngmyers/validate-cidr 
Improve CIDR validation
 2020-01-11 21:21:45 -08:00
John Gardiner Myers bbf85d0a15 Improve CIDR validation 2020-01-06 22:27:34 -08:00
Kubernetes Prow Robot 63930904c3
Merge pull request #8269 from justinsb/ops_kops_writeable 
Make /opt/kops writeable on COS
 2020-01-06 01:33:34 -08:00
Kubernetes Prow Robot e4da659509
Merge pull request #8196 from justinsb/dont_preload_unused_images 
For dev, don't preload docker images on nodes
 2020-01-04 16:15:40 -08:00