Commit Graph

521 Commits

Author SHA1 Message Date
Kubernetes Prow Robot b922aa5a85
Merge pull request #6503 from justinsb/simple_mirror
Simple mirror support
2019-02-26 08:34:11 -08:00
Eric Greer 31a4c40131 merge conflict resolution 2019-02-21 15:20:05 -08:00
Eric Greer 8362b1260e etcd memory requests can now be specified 2019-02-21 15:14:51 -08:00
Justin SB ec2151f229
Update tests for mirrors 2019-02-20 14:32:00 -05:00
Moustafa Baiou ec43c4a6c0
update test case 2019-01-27 16:01:04 -05:00
Moustafa Baiou 2028841338
fix integration test for unmanaged egress
gofmt
2019-01-27 15:53:21 -05:00
Justin Santa Barbara fab5f7f878
Fix integration test to highlight changes
Split out to show the actual changes
2019-01-27 15:53:21 -05:00
Justin Santa Barbara f9f7eb628e
Create integration test for unmanaged networking 2019-01-27 15:53:21 -05:00
David Archer 36d2282d6b AWS: Enable ICMP Type 3 Code 4 for API server ELBs 2019-01-12 07:20:17 -05:00
Kubernetes Prow Robot 38076b3f91
Merge pull request #6296 from justinsb/gce_labels
GCE terraform: support labels
2019-01-09 02:05:29 -08:00
Justin SB d145e1fe6f GCE terraform: map source tags in firewallrule 2019-01-03 23:28:44 -05:00
Justin SB 9494dfeb8c GCE terraform: support labels 2019-01-03 23:22:54 -05:00
Justin SB 4aa2498203
Rationalize deserialiation code
Put it all through kopscodecs.Decode, so that we can rewrite the API
group more easily in a subsequent PR.
2018-12-21 13:59:50 -05:00
Justin SB 26bd75aecb
Bulk spelling fixes
Experimenting with my own spelling checker, these are the typos it caught.
2018-12-20 17:43:56 -05:00
Jared Allard fee9bb1f90
fix(tests/integration/create_cluster): fix up minimal <-> ing mixup 2018-11-24 17:12:04 -08:00
Jared Allard 4c4dd466da
fix(tests/integration/update_cluster): accidentally broke test earlier 2018-11-24 17:09:57 -08:00
Jared Allard c54222bdb8
chore(tests): use minimal as the test not dedicated security one 2018-11-24 17:07:19 -08:00
Jared Allard 19811d9759
chore(tests): fix them up 2018-11-24 17:03:50 -08:00
Jared Allard f4de628519
chore(tests): fix some find and replace issues 2018-11-24 16:23:05 -08:00
Jared Allard 49ceb0a8dc
feat: fix tests and ref link in apply_cluster 2018-11-24 16:17:32 -08:00
Jared Allard 2182b879d9
fix(cmd/kops/create_cluster): set anonymousAuth to false not true, whoops 2018-11-24 11:08:09 -08:00
Jared Allard 2336498467
chore(tests/integration/create_cluster): finalize tests 2018-11-16 23:11:00 -08:00
Jared Allard 19f9d2f4d1
Merge branch 'master' into master 2018-11-16 23:03:38 -08:00
Jared Allard b075964a1d
chore(tests/integration/create_cluster): move test defns lower 2018-11-16 23:02:05 -08:00
Jared Allard 9b5b56aa63
chore(tests/integration/create_cluster): add new field 2018-11-16 22:40:25 -08:00
Ariel Mashraki d63c47149d integration: Fix broken test in externallb
Running `terraform validate` on `externallb/kubernetes.tf` was failing
because resource name can't contain ":".
2018-10-20 18:27:41 +03:00
Ariel Mashraki 7dca8a78d2 terraform: Fix resource formatting for IPv6 CIDRs
Solved #5976
2018-10-20 15:58:42 +03:00
Justin Santa Barbara e119068480 Update tests for channel bump 2018-10-15 16:56:34 -04:00
k8s-ci-robot 646fee8a9d
Merge pull request #5857 from justinsb/strict_cloudformation_output_checking
Stop cloudformation output switching to literal quotes
2018-10-02 22:53:19 -07:00
k8s-ci-robot 3fe0287ff8
Merge pull request #5862 from justinsb/follow_on_5744
Follow on for #5744
2018-10-02 17:22:03 -07:00
k8s-ci-robot b3d61542cd
Merge pull request #5820 from justinsb/etcd_manager_channels_step1
etcd: introduce field to specify whether we are using etcd-manager or legacy mode
2018-10-02 14:20:37 -07:00
Justin Santa Barbara 1e2a62992b Use JoinSuffixes for node->master traffic, also fix AmazonVPC rule
This ensures we are consistently naming our rules
2018-10-02 11:53:41 -07:00
Justin Santa Barbara 1906bcdf5d We need to create the cross-product of rules for SG overrides
e.g. each master SGs need to be configured to talk to each master SG
2018-10-02 11:53:41 -07:00
Justin Santa Barbara 1f2a8042b5 Test case where we mix override & default SGs 2018-10-02 11:53:41 -07:00
Justin Santa Barbara bfb54935ff Build security groups along with suffixes
Fixes the case where we mix use of specified & default SGs.
2018-10-02 11:53:41 -07:00
Justin Santa Barbara 076742f528 Still materialize terraform output in tests
If we skip it, we can't test it.  We do expect that most users will
use a lifecycle that only warns though.
2018-10-02 11:53:39 -07:00
Rodrigo Menezes 4cd8dbae3f Update tests 2018-10-02 01:42:46 -07:00
Rodrigo Menezes a82f548ff8 Allow using existing/shared Security Groups
Verbosely log when a user overwrites LB or IG security groups

Change SecurityGroup to SecurityGroupOverride

Allow using existing/shared Security Groups

Update tests
2018-10-02 00:51:39 -07:00
Justin Santa Barbara 1ad7a84d53 Stop cloudformation output switching to literal quotes
yaml can't store the \r character, so we strip the \r characters in
the expected output to keep the yaml output in block-quote style.

Also don't Fatalf out of an error, rather Errorf so we print all
problems.
2018-10-01 20:44:19 -07:00
Justin Santa Barbara 54c499fe9b Introduce field to specify whether we are using etcd-manager or legacy mode
Splitting this out from the bigger bundle PR
2018-10-01 15:36:24 -07:00
Rohith 2fc634c556 Revert "Apply cloud labels into ELB"
This reverts commit b52c945f9f.
2018-09-25 13:53:38 +01:00
Justin Santa Barbara e6bf6b9f32 Field names are case-sensitive again
There was a regression in apimachinery which meant that kubernetes
tolerated field names with incorrect case.  Upstream bug is
https://github.com/kubernetes/kubernetes/issues/64612

Syncing up with latest kubernetes will mean we get the same breaking
change as kubernetes has/had.  It should only affect people that are
manually building YAML / JSON.

Added as a significant item to release notes.
2018-09-23 19:23:28 -04:00
Justin Santa Barbara 237043dded Update expected test output for script changes 2018-09-21 14:51:45 -04:00
k8s-ci-robot b1c446f8f3
Merge pull request #5503 from mikesplain/fix_suspendprocess
Fix suspendprocess
2018-09-03 16:28:31 -07:00
k8s-ci-robot 2319db8f59
Merge pull request #4797 from justinsb/check_no_legacy_tags_on_shared
lifecycle tests: check no legacy tags on shared resources
2018-09-03 15:28:26 -07:00
k8s-ci-robot c61fb537ac
Merge pull request #5593 from wingyplus/elb_cloud_labels
Apply cloud labels into ELB
2018-08-18 02:00:01 -07:00
Justin Santa Barbara 16985c3abc Remove _kubernetes_master tag
We can get the master role just as readily from the InstanceGroup spec
2018-08-14 21:01:07 -04:00
Justin Santa Barbara 1c3949bdfe Don't assume that we only have one subnet per AZ
I made a mistaken assumption in
dde2100a19 that we only had one subnet
per AZ, but as demonstrated in #5587 this was not the case.

What I was trying to achieve was not to include the cluster name, so
for the case of subnets this commit just uses the subnet name from the
cluster spec, which should be unique and stable.  That is hopefully at
least as meaningful.

Thankfully we hadn't released a version with the erroneous naming.

Fix #5587
2018-08-13 13:15:03 -04:00
Thanabodee Charoenpiriyakij b52c945f9f Apply cloud labels into ELB
Fixes #2048
2018-08-11 00:43:19 +07:00
Justin Santa Barbara a7b22b4876 Remove GetAsgForInstance IAM permission
It isn't a valid IAM permission - it was introduced in error, but IAM
is kind enough to ignore it.

Fixes #5549
2018-08-02 11:27:29 -04:00
Justin Santa Barbara 38fd71605e Add test for additionalPolicies 2018-07-27 00:18:53 -04:00
Mike Splain a93ca798ec Fix tests 2018-07-23 20:55:44 -04:00
Christian Kampka 00cd85d73e Add autoscaling group ids to terraform module output 2018-07-20 13:15:03 +02:00
Justin Santa Barbara fd70778ccf Fix tests that crossed during PR merges 2018-07-19 22:07:02 -04:00
Justin Santa Barbara 630ea429ae
Merge pull request #4677 from usabilla/external-load-balancers
Add the ability to specify external loadbalancers for instancegroups
2018-07-19 21:54:00 -04:00
Justin Santa Barbara c5c2bd1acb Don't repeatedly download nodeup
Only delete if the file doesn't match the hash.

Should help with retry issues / bandwidth
2018-07-19 12:09:13 -04:00
Christian Kampka 978f66266c Generate locals for terraform target 2018-07-13 22:28:27 +02:00
Gijs Kunze 8256c3cc73 Fixed integration tests after rebasing 2018-06-29 12:42:06 +02:00
Gijs Kunze 2c5edfe992 Added integration test for external load balancers 2018-06-29 11:39:21 +02:00
k8s-ci-robot b066b5b8d6
Merge pull request #5359 from justinsb/revert_cos_channel
Revert COS in stable/alpha channel
2018-06-20 20:54:07 -07:00
Justin Santa Barbara 587d8374b5 Revert COS in stable/alpha channel
No problem with COS per-se, but these versions have the newer docker,
which includes the --storage flag.  We fixed that in master in #5258,
but older versions of kops - including the currently released version
1.9.1 - don't have the fix.

Revert to fix the problem immediately, but opened #5358 to track a
more realistic fix.
2018-06-20 20:00:15 -04:00
Justin Santa Barbara 1af610a6c4 Use fast-retry and cleanup task options for tests
The launch configuration test exposed that our integration tests don't
retry for very long, and wait a long time in between retries.

Create a RunTasksOptions type to hold the parameters, in particular
max task time, and the amount of time we wait when all tasks have
failed.
2018-06-18 00:04:23 -04:00
Justin Santa Barbara e2debd99a6 Update expected TF output for latest master 2018-06-11 11:12:23 -04:00
Justin Santa Barbara 93b5e24801
Merge pull request #5030 from chrissnell/export-addl-tf-outputs
Export outputs to aid with VPC peering in Terraform
2018-06-11 11:11:52 -04:00
k8s-ci-robot 1b29b54d5b
Merge pull request #4171 from rifelpet/rifelpet_iam
Add support for external IAM Instance Profiles
2018-06-10 14:54:00 -07:00
k8s-ci-robot a57a6de4a8
Merge pull request #5139 from justinsb/fix_subnet_egress_indexing
Fix issue where we assumed that private zone were in order
2018-06-09 09:27:01 -07:00
Peter Rifel 5f0b63100d Add support for using existing instance profiles 2018-06-08 10:33:09 -07:00
Chris Snell 78b81dd172
Merge branch 'master' into export-addl-tf-outputs 2018-06-08 12:22:43 -05:00
Justin Santa Barbara ef5936d8b5 Support overlay2 in docker
We also have to stop passing the flag on ContainerOS, because it's set
in /etc/docker/default.json and it's now an error to pass the flag.

That in turn means we move those options to code, which are the last of
those legacy config options.  (We still have a few tasks declaratively
defined though)
2018-06-07 17:11:11 -04:00
Rodrigo Menezes 4a131f2a50 Implement AdditionalCIDR configuration on non-shared VPCs 2018-06-05 01:12:06 -07:00
Justin Santa Barbara e24aa79aa9 Updated terraform expected test output 2018-06-04 10:52:08 -07:00
k8s-ci-robot 6741158c97
Merge pull request #5056 from povilasv/gce-ssh
Add public ssh keys for GCE
2018-06-03 10:59:53 -07:00
Justin Santa Barbara e73ee4e3e8 Update tests for alpha -> stable promotion 2018-05-31 07:41:31 -07:00
Justin Santa Barbara bc79f0a69b tests: failing test when multiple egress
Also requires that the subnets be out of order, which is likely why we
didn't hit it in practice.
2018-05-10 13:28:05 -04:00
k8s-ci-robot 02ab1f90be
Merge pull request #5133 from relu/support-ec2-instance-nat-egresses
Add ability to use ec2 nat instance as egress
2018-05-10 08:22:53 -07:00
k8s-ci-robot 827357ef0a
Merge pull request #4958 from appvia/iam-remove-sids
Remove custom Statement IDs from IAM Policy Statements
2018-05-09 18:37:54 -07:00
Aurel Canciu cc8371cb31
Add ability to use ec2 nat instance as egress 2018-05-09 23:04:54 +03:00
Povilas Versockas 8bfa93c304 Add public ssh keys for GCE 2018-04-21 20:15:29 +03:00
Justin Santa Barbara e158f84e9f Set AWS_REGION into bootstrapscript
Fix #4451
2018-04-12 17:39:24 -04:00
Kashif Saadat bf30b2559f Update AWS IAM Policy tests following Statement ID removal 2018-04-10 15:33:51 +01:00
andrewsykim b480898af7 digitalocean: add protokube support 2018-04-01 21:47:31 -04:00
Justin Santa Barbara 51cc74c783 lifecycle tests: check no legacy tags on shared resources 2018-03-26 00:20:07 -04:00
k8s-ci-robot 5cda02ca2b
Merge pull request #4695 from vendrov/instnace_monitroing_support
Add support for instance monitoring
2018-03-25 14:17:01 -07:00
Justin Santa Barbara a148c67cad ElasticIP tags for cloudformation & terraform
We previously weren't populating the terraform configuration with these
tags.
2018-03-25 15:52:50 -04:00
k8s-ci-robot 63225eb674
Merge pull request #4784 from justinsb/always_tag_volumes
Make sure volumes are tagged
2018-03-24 23:32:00 -07:00
Justin Santa Barbara 0ce7dbf4bd Update tests for new volume tags 2018-03-25 00:08:24 -04:00
Justin Santa Barbara 0e22bf4ab5 Update tests for new security group tags 2018-03-24 22:19:59 -04:00
devops d734f35126 Add support for instance monitoring
Add API backward comptability

Add api generated files

documenting detailed-monitoring

instance-group json typo

Update test expected result
to support enable_monitroing

Add instance-monitroing support to CF

Improve doc, test and rename InstanceMonitoring

Rename instnace-monitoring to fit the YAML kops form

typo detailedInstanceMonitoring
2018-03-21 23:06:38 +02:00
Justin Santa Barbara 6ff56e2f05 Fix shared network objects
RouteTables should be created (and owned) only for non-shared subnets.
2018-03-18 17:09:30 -04:00
k8s-ci-robot 403707c9cc
Merge pull request #4650 from justinsb/keyset_format
Define KeysetFormat type, embed into keyset
2018-03-15 19:00:22 -07:00
Justin Santa Barbara 650bd98ea2 Update integration tests with new tags 2018-03-15 20:11:54 -04:00
Justin Santa Barbara 681538831f Use newer version of k8s in shared tests
This enables the non-legacy shared tags.
2018-03-15 20:11:54 -04:00
Gijs Kunze d4b8806b6f Fix integration test 2018-03-14 13:33:16 +01:00
Justin Santa Barbara 5d36f9e37d Update kops version in tests
We need to satisfy the new minimum supported version.
2018-03-12 02:17:49 -04:00
Justin Santa Barbara 4d1abb7d87 Define KeysetFormat type, embed into keyset
The values are 'legacy' when not using keyset.yaml, and the API version
(v1alpha2) for keyset.yaml
2018-03-12 01:45:20 -04:00
Justin Santa Barbara 9ea334d18b keypair integration test: print diffs
We have a nice diff library for printing diffs, use it for the tests.
2018-03-10 16:48:47 -05:00
chrislovecnm f785d2bd12 patching with PR 4598, need to remove this commit 2018-03-09 14:22:12 -07:00
Mike Splain cd0f5b5b3f Update tests 2018-03-08 13:26:34 -05:00
k8s-ci-robot 7d722c359c
Merge pull request #4539 from chrislovecnm/fixing-tests
Fixing integration tests
2018-02-28 11:20:47 -08:00
chrislovecnm 5fef961439 Fixing integration tests 2018-02-28 11:47:20 -07:00
k8s-ci-robot 65ba5391d1
Merge pull request #4538 from justinsb/addons_schema_tweak
Make addon specification into an object
2018-02-28 09:27:46 -08:00
k8s-ci-robot 0ff7d4de99
Merge pull request #4452 from duboisf/support-bastion-user-data
Add support for bastion aws user-data
2018-02-28 03:54:45 -08:00
Justin Santa Barbara f4990e663e Make addon specification into an object
This allows for future extensions
2018-02-28 00:33:50 -05:00
Chris Phillips 6168b9d598 Adds support for more channels to be passed to protokube 2018-02-28 00:33:50 -05:00
Mike Splain 45a57915e2 Fix bazel deprecation notice 2018-02-26 09:36:13 -05:00
k8s-ci-robot aa6e801e18
Merge pull request #3829 from mikesplain/suspendAZRebalance
Add Instance Group Suspend Processes
2018-02-25 22:20:52 -08:00
chrislovecnm 6e32329fb0 updating integration tests 2018-02-23 14:02:50 -07:00
k8s-ci-robot 4d4f86bfba
Merge pull request #4494 from justinsb/gcr_alias_only_for_1_10
Use k8s.gcr.io alias only for 1.10
2018-02-23 07:01:44 -08:00
Justin Santa Barbara e4fafa6065 Use legacy image registry gcr.io/google_containers for <= 1.9
The k8s.gcr.io prefix is an alias, but for CI builds we run from a
docker load, and we only double-tag from 1.10 onwards.  For versions
prior to 1.10, remap k8s.gcr.io to the old name.  This also means that
we won't start using the aliased names on existing clusters, which could
otherwise be surprising to users.
2018-02-22 21:42:33 -08:00
Fernando Battistella 1fb4de5b12 fixes cloudformation tests for #4499 2018-02-22 16:30:15 -05:00
Justin Santa Barbara dde7600dae Initial support for standalone etcd-manager backups
The etcd-manager will (ideally) take over etcd management.  To provide a
nice migration path, and because we want etcd backups, we're creating a
standalone image that just backs up etcd in the etcd-manager format.

This isn't really ready for actual usage, but should be harmless because
it runs as a sidecar container.
2018-02-20 20:06:08 -05:00
k8s-ci-robot 4b8db1eee0
Merge pull request #4137 from thockin-tmp/gcr-vanity
Convert registry to k8s.gcr.io
2018-02-20 08:54:39 -08:00
Mike Splain fdc2695fe1 Add suspendProcesses to IGs 2018-02-20 09:30:18 -05:00
Justin Santa Barbara 6e562e0742 Support updating autoscaling metrics 2018-02-20 00:53:24 -05:00
Fred Dubois 6b38b2c3a6
Add support for bastion aws user-data
Fixes #4444
2018-02-19 08:52:10 -05:00
Tim Hockin 79d5f793e7 Convert registry to k8s.gcr.io 2018-02-14 10:08:41 -08:00
Kashif Saadat ac25853cd5 - Add etcdClusterSpec Image & Version in bootstrap data for Master nodes
- Reuse execWithTee fn for ETCD Command (tee & mkfifo in different path for newer image versions)
2018-02-10 12:14:36 +00:00
k8s-ci-robot b02a73fa2c
Merge pull request #4184 from chrislovecnm/rbac-default
Switching the default for kops to create a cluster with RBAC enabled.
2018-01-26 10:52:33 -08:00
Johannes Würbach 02855fc13f
Enable metrics for AutoScalingGroups
Those metrics simplify monitoring the created ASGs and are free [0].

Enable them by default.

[0] https://aws.amazon.com/about-aws/whats-new/2016/08/free-auto-scaling-group-metrics-with-graphs/
2018-01-25 20:06:10 +01:00
k8s-ci-robot d2bb0ba233
Merge pull request #4317 from justinsb/ensure_gce_disk_name_does_not_start_with_number
Ensure GCE disk name does not start with a number
2018-01-24 12:02:33 -08:00
k8s-ci-robot e190741cc7
Merge pull request #4320 from mikn/iam_region_fix
Fix ASG scaling by adding in ec2:DescribeRegions permission to the nodes IAM role
2018-01-23 17:22:30 -08:00
Justin Santa Barbara 930fe8e740 Promote alpha channel image to stable
The 4.4.111 image is not showing the flakiness on the NFS e2e tests.
2018-01-22 19:42:40 -05:00
Mikael Knutsson e6ebf365d6 Fix cloudformation integration tests 2018-01-22 17:52:29 +08:00
Justin Santa Barbara ec4a916f62 Ensure GCE disk name does not start with a number
As this could not have worked before, we don't have to worry about
compatability with existing users.
2018-01-22 00:24:16 -05:00
Justin Santa Barbara da55c5eaee Update tests with new default image 2018-01-20 00:11:23 -05:00
Kashif Saadat 5850b434b4 Add SubnetType Tag to Subnets 2018-01-08 10:53:58 +00:00
chrislovecnm 4f9ed369e9 Updating tests for having default RBAC setting 2018-01-04 00:12:42 -07:00
Kubernetes Submit Queue e88496a248
Merge pull request #4061 from meringu/create-subnets
Automatic merge from submit-queue.

Add --subnets and --utility-subnets to kops create cluster

This change adds two new options to `kops create cluster`

When specifying `--vpc`, `--subnets` can be specified as an unordered array of subnet ids. Kops will then look up the zones of the subnets to find which zone to add the subnet id to.

If `--topology private` is also specified, `--utility-subnets` can similarly be specified.

~If a zone was specified but a subnet wasn't given that matches the zone, then the subnet will be allocated a CIDR with the current behaviour.~ This case fails validation here 7bd0a6a703/pkg/apis/kops/validation/validation.go (L151)

I can add unit tests and docs changes if required, but I am keen to get feedback before I proceed much further.

I have only added support for AWS.

I have tested this by running a command similar to this:

```bash
kops create cluster \
  --zones=us-east-1a,us-east-1b,us-east-1c \
  --topology private \
  --master-zones=us-east-1a,us-east-1b,us-east-1c  \
  --vpc $vpc_id \
  --subnets subnet-111111,subnet-222222,subnet-333333 \
  --utility-subnets subnet-444444,subnet-555555,subnet-666666 \
  $cluster_hosted_zone_name
```

And the cluster spec was as expected.
2017-12-18 21:12:59 -08:00
chrislovecnm 7057aaf1bb Enabling the file assets
File assets and the SHA files are uploaded to the new location. Files
when are users uses s3 are upload public read only. The copyfile task
uses only the existing SHA value.

This PR include major refactoring of the use of URLs.  Strings are no
longer categnated, but converted into a URL struct and path.Join is
utlilized.

A new values.go file is included so that we can start refactoring more
code out of the "fi" package.

A
2017-12-17 15:26:57 -07:00
Henry Muru Paenga 0491530b6e Lookup vpc if not given to create cluster 2017-12-18 11:12:57 +13:00
Henry Muru Paenga afc1b58722 Tests for create cluster in shared vpc 2017-12-15 18:29:20 +13:00
Kubernetes Submit Queue bea129142a
Merge pull request #4051 from robinpercy/autoscaler-perms
Automatic merge from submit-queue.

Adding DescribeTags to masters

/fixes #2681
2017-12-14 09:25:42 -08:00
Kubernetes Submit Queue d533714aa8
Merge pull request #4036 from almariah/feature-api-elb-security-groups
Automatic merge from submit-queue.

Allow additional SGs to be added to API loadbalancer

Allow adding precreated additional security groups to the API loadbalancer using cluster spec:
```yaml
spec:
  api:
    loadBalancer:
      type: Public
      additionalSecurityGroups:
      - sg-exampleid3
      - sg-exampleid4
```

- [x] Adding additionalSecurityGroups cluster spec
- [x] Adding validation for repeated security groups
- [x] Adding validation for API loadbalancer security groups
- [x] Integration test for API loadbalancer and its security groups
- [x] Update API docs and cluster.spec docs
2017-12-14 02:25:40 -08:00
Robin Percy 6a2ded4681 Adding DescribeTags to masters 2017-12-13 11:48:24 -08:00
Abdullah Almariah 22194c982d Update kubernetes.tf for API loadbalancer 2017-12-13 01:29:16 +01:00
Abdullah Almariah 16ed8982e6 update_cluster complex integration test 2017-12-13 00:31:59 +01:00
Peter Rifel 358e2e222c Create mock igw in integration tests 2017-12-07 16:38:06 -08:00
Justin Santa Barbara a3c9c2f4c2 Promote alpha channel to stable 2017-12-03 12:45:24 -05:00
Kubernetes Submit Queue e33a3ecee5
Merge pull request #3923 from justinsb/lockdown_etcd_peer_ports
Automatic merge from submit-queue.

Block etcd peer port from nodes
2017-11-26 16:17:13 -08:00
Justin Santa Barbara 581e954062 Block etcd peer port from nodes
Ports 2380 & 2381 should not be exposed to nodes.

Fix #3746
2017-11-25 16:36:46 -05:00
Justin Santa Barbara b9ced1957b bazel: fix tests/ directory 2017-11-25 16:03:27 -05:00
Kashif Saadat f0c3ed8965 Include encryptionConfig setting within userdata for masters. 2017-11-16 15:58:59 +00:00
Kubernetes Submit Queue e5ea6ba6a7
Merge pull request #3783 from georgebuckerfield/instancegroup-labels
Automatic merge from submit-queue.

Add a default NodeLabel with the InstanceGroup name

As requested in https://github.com/kubernetes/kops/issues/2999, this change just auto-populates new InstanceGroup specs with a default node label containing the name of the instance group. It would be really useful for those of us managing environments with multiple instance groups.

It allows an admin to easily view the instance groups using kubectl:
```
kubectl get nodes --label-columns kops.k8s.io/instancegroup
NAME                                           STATUS         AGE       VERSION   INSTANCEGROUP
ip-172-20-108-120.eu-west-1.compute.internal   Ready,node     3m        v1.7.4    xtra-large
ip-172-20-117-133.eu-west-1.compute.internal   Ready,master   14m       v1.7.4    master-eu-west-1c
ip-172-20-32-139.eu-west-1.compute.internal    Ready,master   14m       v1.7.4    master-eu-west-1a
ip-172-20-32-92.eu-west-1.compute.internal     Ready,node     12m       v1.7.4    nodes
ip-172-20-67-184.eu-west-1.compute.internal    Ready,master   13m       v1.7.4    master-eu-west-1b
```
2017-11-09 23:29:47 -08:00
Rodrigo Menezes ef24cec62b Fixing naming convention and adding running API machinery. 2017-11-09 14:30:48 -08:00
Rodrigo Menezes 3cfa67c3e6 Merge remote-tracking branch 'upstream/master' into extra_user-data 2017-11-08 22:20:54 -08:00
georgebuckerfield ba4dd61142 Fixing tests 2017-11-07 11:25:59 +00:00
Rodrigo Menezes 1fe56a1603 Move user-data to IG spec 2017-11-06 23:25:37 -08:00
Justin Santa Barbara 7066368f5c
Merge pull request #2063 from pdh/additional-sans
Allows additional Subject Alternate Names
2017-11-06 22:51:52 -05:00
chrislovecnm 609e268a1d gazelle updates with new bazel version 2017-11-05 17:41:53 -07:00
Rodrigo Menezes 565afae2c6 Merge remote-tracking branch 'upstream/master' into extra_user-data 2017-11-04 17:06:43 -07:00
chrislovecnm 1e418c3e13 more goimport updates 2017-11-04 10:03:02 -06:00
Kashif Saadat b30606ffda Enable IAM Container Registry permissions by default when creating a cluster (#3760). 2017-11-03 17:26:51 +00:00
pdh fc6f33db24 Allows additional Subject Alternate Names 2017-11-02 10:26:03 -07:00
Rodrigo Menezes 58faa71d89 Merge remote-tracking branch 'origin/master' into extra_user-data 2017-10-30 20:44:00 -07:00
chrislovecnm 0dc7a6e671 network and security tests are working 2017-10-26 13:17:34 -06:00
chrislovecnm dc338c4829 Refactoring phases to work in sequence properly 2017-10-26 13:17:34 -06:00
chrislovecnm 384c74d66c Refactoring IAM phase to Security Phase 2017-10-26 12:28:50 -06:00
Rodrigo Menezes d803480485 Merge remote-tracking branch 'upstream/master' into extra_user-data 2017-10-24 12:52:19 -07:00
Kashif Saadat 5bfb22ac92 Make the IAM ECR Permissions optional, can be specified within the Cluster Spec. 2017-10-24 09:20:17 +01:00
Eric Hole 239199caed Updates to test files 2017-10-22 11:47:54 -07:00
Rodrigo Menezes 75aa120f43 Merge remote-tracking branch 'upstream/master' into extra_user-data 2017-10-15 17:17:12 -07:00
Rodrigo Menezes e77cda1af1 Allow passing in extra user-data to cloud-init 2017-10-15 17:10:03 -07:00
chrislovecnm eeafe6467c Integration tests for phases - iam works - others are WIP 2017-10-12 14:13:17 -06:00
Justin Santa Barbara d71bd09a6c GCE: Limit length of InstanceTemplate
We explicitly set a separate prefix for the names, and we ensure it is
not too long
2017-10-10 09:48:38 -04:00
chrislovecnm 3e09c2e2fd updating kops version so that we do not get warnings, fixing cf tests 2017-10-05 20:15:48 -06:00
Kubernetes Submit Queue f2e707ef2d Merge pull request #3460 from justinsb/bump_gce_cos
Automatic merge from submit-queue.

Update Google COS image
2017-10-05 00:08:40 -07:00
Justin Santa Barbara b329178f25 Update Google COS image
Equivalent of https://github.com/kubernetes/kubernetes/pull/52120
2017-10-03 23:02:04 -04:00
Justin Santa Barbara 3ab5264ee4 Fix update cluster integration test for bazel
Bazel doesn't like overlapping file paths; this is much cleaner anyway.
2017-10-03 20:51:00 -04:00
Kubernetes Submit Queue 98bf9d35a9 Merge pull request #3477 from chrislovecnm/update-test-yaml-k8s-version
Automatic merge from submit-queue.

bumping k8s versions in test files

updating k8s versions in test YAML files so that we do not get warnings during testing
2017-10-03 14:03:23 -07:00
chrislovecnm 0cf8117b05 removing uneeded kubernetes.tf file 2017-10-03 13:38:39 -06:00
chrislovecnm 0abcaa8026 renaming cf integration test folder 2017-10-03 13:38:13 -06:00
chrislovecnm 5ed0d471f6 fixing cf integration tests 2017-10-03 12:34:22 -06:00
chrislovecnm bda4e9f13e moving cf files for integration test 2017-10-03 12:24:07 -06:00
chrislovecnm 48c6dfdad4 giving cf its own files, because it has hardcoded versions 2017-10-03 12:16:04 -06:00
chrislovecnm 5636dc3298 bumping k8s versions 2017-10-03 12:16:01 -06:00
Justin Santa Barbara 57ceb5dbab bazel: Add targets for cross-package testdata 2017-10-03 10:54:46 -04:00
Kubernetes Submit Queue 518e97d97b Merge pull request #3510 from justinsb/bazel
Automatic merge from submit-queue.

Initial bazel support

Builds on the 1.8 version bump

The "trick" is to strip the BUILD & BUILD.bazel files from the vendor-ed deps.

Will rebase after 1.8 version bump merges.
2017-10-03 01:19:27 -07:00
Kubernetes Submit Queue 1c81ec5e42 Merge pull request #3490 from justinsb/download_with_wget
Automatic merge from submit-queue.

Support wget for download, not just curl
2017-10-03 00:45:04 -07:00
Justin Santa Barbara 0143be7c4f autogen: BUILD and BUILD.bazel 2017-10-02 14:27:21 -04:00
Justin Santa Barbara 544990842a More fixes for 1.8 API changes 2017-10-01 23:02:32 -04:00
Justin Santa Barbara 7fd1196708 Add Zones field to InstanceGroup
The Zones field can specify zones where they are not specified on a
Subnet, for example on GCE where we have regional subnets.
2017-09-30 19:44:35 -04:00
Justin Santa Barbara da99a7270d Subnets on GCE are regional, create one per region
We also make the subnet zone and CIDR optional on GCE
2017-09-30 19:22:14 -04:00
Justin Santa Barbara eb2cd45cdf Support wget for download, not just curl
Some images don't include curl but do have wget.  Prefer curl, but
fallback to wget.

(The official Debian 9 image does not have curl.)
2017-09-30 19:12:58 -04:00
chrislovecnm 892ff7a6b7 fixing integration test 2017-09-30 14:40:39 -06:00
Kubernetes Submit Queue e97efcc4f9 Merge pull request #3436 from justinsb/mock_aws_should_use_same_providerid
Automatic merge from submit-queue. .

AWS mock provider should use the AWS cloudprovider id
2017-09-23 19:47:41 -07:00
Justin Santa Barbara bde0c46b10 AWS mock provider should use the AWS cloudprovider id
Otherwise our tests get a little confused; for example they weren't
outputing the Terraform provider block.
2017-09-23 20:52:54 -04:00
Justin Santa Barbara ecc78c06bd Create GCE networks in auto mode, not legacy mode
auto mode allows for conversion to custom mode at the API level, and
legacy mode is deprecated.
2017-09-23 16:32:52 -04:00
Justin Santa Barbara 73dd870118 GCE integration test: verify TF output 2017-09-23 16:27:15 -04:00
Justin Santa Barbara 055f510c6f Create minimal mock GCECloud, first test
We test create cluster - we actually have an issue with the length of
the names on longer cluster names; first step is to get test coverage.
2017-09-16 11:02:30 -04:00
Kubernetes Submit Queue 52fe2ceab4 Merge pull request #3343 from KashifSaadat/iam-policy-revision
Automatic merge from submit-queue

Revision to IAM Policies created by Kops

Based off of the work done by @chrislovecnm in PR #2497.

This PR tightens down the IAM policies created for Master & Node instance groups. The Cluster Spec `IAMSpec.Legacy` flag is used to control application of stricter policy rules, which is defaulted to true for existing clusters (to limit potential regression impact), and false for new cluster creation.
2017-09-15 08:32:47 -07:00
chrislovecnm 2e6b7eedb9 Revision to IAM Policies created by Kops, and wrapped in Cluster Spec
IAM Legacy flag.
2017-09-15 08:05:23 +01:00
Justin Santa Barbara b29f3a7505 Honor ServiceNodePortRange when opening NodePort access 2017-09-15 00:39:41 -04:00
Kubernetes Submit Queue ec074bb473 Merge pull request #3346 from rushtehrani/update-autoscaling-policy
Automatic merge from submit-queue

add autoscaling:DescribeLaunchConfigurations permission

As of 0.6.1, Cluster Autoscaler supports [scaling node groups from/to 0](https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler/cloudprovider/aws#scaling-a-node-group-to-0), but requires the `autoscaling:DescribeLaunchConfigurations` permission.  

It'd be great to have this in kops since this permission needs to be re-added back to the master policy every time the cluster is updated.
2017-09-14 18:17:42 -07:00
Kubernetes Submit Queue 26e1cb06bf Merge pull request #3190 from justinsb/flannel_vlxan
Automatic merge from submit-queue

Flannel: change default backend type

We support udp, which has to the default for backwards-compatibility,
but also new clusters will now use vxlan.
2017-09-12 19:03:17 -07:00
Kubernetes Submit Queue ae51cfef95 Merge pull request #3336 from justinsb/nodeportaccess
Automatic merge from submit-queue

nodePortAccess, experimental spec override flag
2017-09-08 15:40:01 -07:00
rushtehrani db505adb65 add autoscaling:DescribeLaunchConfigurations action 2017-09-05 23:41:19 -07:00
Justin Santa Barbara 9d31ed1b08 nodePortAccess, experimental spec override flag
This will allow us to set CIDRs for nodeport access, which in turn will
allow e2e tests that require nodeport access to pass.

Then add a feature-flagged flag to `kops create cluster` to allow
arbitrary setting of spec values; currently the only value supported is
cluster.spec.nodePortAccess
2017-09-04 14:27:31 -04:00
Justin Santa Barbara 15d6834113 Flannel: support choosing a backend type
We support udp, which has to the default for backwards-compatibility,
but also new clusters will now use vxlan.
2017-08-30 21:16:21 -04:00
Justin Santa Barbara e793562ee6 Extract UserData from CloudFormation output during testing
This gives us some sanity, so we can peek inside the base64 blob
2017-08-29 09:47:11 -04:00
Kashif Saadat d6e5a62678 Limit the IAM EC2 policy for the master nodes, wrapped in 'Spec.IAM.LegacyIAM' API flag. 2017-08-26 11:46:09 +01:00
Rohith 293292173a Inline Conponent Configuration
The current implementation does not ignore any possible interpolation of bash in the content. This PR wrapped the various spec content in 'EOF' to ignore all.

- updated the tests to reflect the changes
- wrapped the component configuration in 'eof' to ensure interpolation is ignored
2017-08-25 00:36:06 +01:00
Justin Santa Barbara b61b74408b Update images in CI tests 2017-08-24 10:27:27 -04:00
Kashif Saadat 0e5c393f10 Rename IAM switch to legacy, default to false for new cluster creations. 2017-08-22 13:27:55 +01:00
Kubernetes Submit Queue a3fdefa74c Merge pull request #3041 from justinsb/it_shared_vpc_and_subnet
Automatic merge from submit-queue

Add integration tests for shared subnet & VPC
2017-08-18 15:55:53 -07:00
Kubernetes Submit Queue b7efd3ba62 Merge pull request #3120 from KashifSaadat/diff-on-component-config-changes
Automatic merge from submit-queue

Add cluster spec to node user data so component config changes are detected

Related to #3076 

Some cluster changes such as component config modifications are not picked up when performing updates (nodes are not marked as `NEEDUPDATE`). This change introduces the ability to:
1. Include certain cluster specs within the node user data file ~(`enableClusterSpecInUserData: true`)~
2. ~Encode the cluster spec string before placing within the user data file (`enableClusterSpecInUserData: true`)~

~The above flags default to false so shouldn't cause any changes to existing clusters.~

Following feedback I've removed the optional API flags, so component config is included by default within the user data. This WILL cause all nodes to have a required update to their bootstrap scripts.
2017-08-11 03:43:17 -07:00
Kubernetes Submit Queue 6483ba6ac7 Merge pull request #3151 from johanneswuerbach/ssl-healthchecks
Automatic merge from submit-queue

Use SSL in ELB API server health check

This switch causes the ELB to perform a SSL handshake and makes the
`I0427 03:57:55.059255       1 logs.go:41] http: TLS handshake error from IP:PORT: EOF`
disappear from the apiserver logs.

Tested manually and everything looks  

Inspiration from https://github.com/kubernetes-incubator/kube-aws/pull/604
2017-08-10 17:30:26 -07:00
Kashif Saadat e0461b92a9 Add ability to store partial cluster and instancegroup spec in userdata,
so component config changes are detected and causes nodes to be updated
2017-08-09 14:15:02 +01:00
Derek VerLee ffa95b8112 Add support for cluster using http forward proxy 2017-08-07 14:30:42 -04:00
Johannes Würbach 2accc73a72
Use SSL in ELB API server health check
This switch causes the ELB to perform a SSL handshake and makes the
`I0427 03:57:55.059255       1 logs.go:41] http: TLS handshake error from IP:PORT: EOF`
disappear from the apiserver logs.
2017-08-07 13:02:40 +02:00
Justin Santa Barbara 64f0920c8b Add integration tests for shared subnet & VPC 2017-07-24 10:37:07 -04:00
Justin Santa Barbara cde70934dc Create test for ssh-access 2017-07-22 01:45:03 -04:00
Lars Lehtonen c5f8c0f221
Fixed unused import in tests. 2017-07-15 12:35:19 -07:00
Hanfei Shen fc50984f09 support china region 2017-07-16 00:57:38 +08:00
chrislovecnm 1f3212ce94 increase default instance volume size 2017-07-04 20:19:06 -06:00
chrislovecnm 38aae71bee updating found govet issues and adding test directory 2017-06-23 16:42:33 -06:00
Justin Santa Barbara d2df318ecc Move CloudProvider to kops API
This avoids a circular reference when breaking up the fi package
2017-06-17 16:27:07 -04:00
Pierre-Alexandre St-Jean 9a12f56728 Added "cloud-labels" to ebs volumes
Added one integration test
2017-06-12 13:46:30 -04:00
Justin Santa Barbara 4c9385b0fd Update integration tests for new versions
(Separately: when we implemented standalone mode, we should also switch
the tests so they don't rely on the published stable channel!)
2017-05-17 11:36:34 -04:00
Justin Santa Barbara 5e764fbe80 Merge pull request #2424 from while1eq1/fix-iam-terraform
Update the terraform generator to use the value "role" instead of "roles" for the aws_iam_instance_profile resource
2017-05-16 00:41:28 -04:00
Justin Santa Barbara eabbd1402b Add required terraform version declaration
Terraform is changing its schema, and we probably want to encourage
users to use the newer terraform versions anyway.

See #2424
2017-05-15 11:20:32 -04:00
Justin Santa Barbara f9a0ae778b Merge pull request #2508 from pastjean/add-roles-as-outputs
Added instance role as terraform output
2017-05-15 09:13:39 -04:00
Justin Santa Barbara 5d9a5c611f Fix channel version recommendations
We were recommending 1.5.2 based on the kops version, but then 1.5.4
based on that k8s version.

Fix & add a test.
2017-05-05 20:28:46 -04:00
Pierre-Alexandre St-Jean 347dccfa25 Added instance role as terraform output
Added:
- Instance role name
- Instance role arn

as terraform outputs, this can then be references later on to
use as sts:assume role, create after this one
2017-05-05 16:21:43 -04:00
Justin Santa Barbara fb6d1711ee Update tests for new tag 2017-05-02 00:33:25 -04:00
Bill Broach 142c2ceae0 this wants 2 spaces for some reason 2017-04-24 20:32:08 -04:00
Bill Broach d5e7f85b2d fix whitespacing on name 2017-04-24 20:11:16 -04:00
Bill Broach 24d01f9223 fix whitespace 2017-04-24 20:00:26 -04:00
Bill Broach 160e5d7fa8 update integration tests to use role instead of roles for terraform aws_iam_instance_profile resource 2017-04-24 18:08:31 -04:00
Justin Santa Barbara 4dcc6ad067 Merge pull request #2370 from luomiao/userdefined-s3endpoint
Support user-defined s3 endpoint
2017-04-20 01:17:08 -04:00
dima bf06e36a4f change flag to --encrypt-etcd-storage=true 2017-04-19 13:27:56 +02:00
dima 968cf784a9 Merge branch 'master' of https://github.com/kubernetes/kops into feature/extend_PR_398 2017-04-19 12:37:52 +02:00
Miao Luo 76437a77d4 Support user-defined s3 endpoint. 2017-04-18 11:27:07 -07:00
Adam H. Leventhal e8d8e2882e invalid tags field in aws_route53_zone_association terraform resource 2017-04-07 20:32:35 -07:00
Adam H. Leventhal 2a9315ac56 Support dns=private with terraform #1848 2017-04-06 07:44:41 -07:00
dima e7ddeb71ec add tests and fix existed for --encrypt-volume option 2017-04-03 14:47:28 +02:00
Justin Santa Barbara 3f2ee47689 Fix tests 2017-03-29 18:23:19 -04:00
Justin Santa Barbara c6b4288e61 Pull fixes from the integration branch 2017-03-28 20:42:15 -04:00
Justin Santa Barbara 4006741a5d Update for new taints / labels names 2017-03-27 23:13:39 -04:00
Justin Santa Barbara bdf0d04b0a Merge pull request #2104 from justinsb/container_optimized_os
Initial Container-Optimized OS support
2017-03-27 10:21:39 -04:00
Robin Percy 4b030fed69 Added taints property to IG Spec.
- new property is only used when KubernetesVersion is 1.6 or greater
- taints are passed to kubelet via --register-with-taints flag
- Set a default NoSchedule taint on masters
- Set --register-schedule=true when --register-with-taints is used
- Changed the log message in taints.go to be less alarming if taints are
  found - since they are expected on 1.6.0+ clusters
- Added Taints section to the InstanceGroup docs
- Only default taints are allowed in the spec pre-1.6
- Custom taint validation happens as soon as IG specs are edited.
2017-03-25 18:36:00 -07:00
Justin Santa Barbara 9e7c0506f8 Update to fix tests 2017-03-20 23:56:20 -04:00
Justin Santa Barbara 2e7ef573aa Update expected test results: creationTimestamp no longer quoted 2017-03-16 02:40:50 -04:00
Justin Santa Barbara cb4641fea3 Code updates 2017-03-16 02:40:50 -04:00
Eric Hole 8a25a72518 Merge pull request #2051 from justinsb/fix_elb_name_collisions
Use Name tag to match ELBs
2017-03-09 07:32:14 -08:00
Justin Santa Barbara 18886749d9 Always include hash, per code review
Thanks @kris-nova
2017-03-09 09:35:09 -05:00
Justin Santa Barbara 69c38f721e Switch how we build ELB names, but keep a feature flag 2017-03-09 09:18:31 -05:00
Justin Santa Barbara 07d2bfc982 Fix terraform output of shared subnets
Also add a test

Fix #1977
2017-03-08 09:18:34 -05:00
Chris Love c2f2de93e3 Merge pull request #2016 from justinsb/fix_1890
Fix shared NAT gateways
2017-03-01 11:16:44 -07:00
Justin Santa Barbara cdc8b034d1 Fix 1.6.0 validation
We were requiring API servers, but the apiserver flag is removed from
1.6.
2017-03-01 12:58:54 -05:00
Justin Santa Barbara 8230d8a140 Fix shared NAT gateways
Also add a test

Fix #1890
2017-03-01 00:15:12 -05:00