Kubernetes Prow Robot
b922aa5a85
Merge pull request #6503 from justinsb/simple_mirror
...
Simple mirror support
2019-02-26 08:34:11 -08:00
Eric Greer
31a4c40131
merge conflict resolution
2019-02-21 15:20:05 -08:00
Eric Greer
8362b1260e
etcd memory requests can now be specified
2019-02-21 15:14:51 -08:00
Justin SB
ec2151f229
Update tests for mirrors
2019-02-20 14:32:00 -05:00
Moustafa Baiou
ec43c4a6c0
update test case
2019-01-27 16:01:04 -05:00
Moustafa Baiou
2028841338
fix integration test for unmanaged egress
...
gofmt
2019-01-27 15:53:21 -05:00
Justin Santa Barbara
fab5f7f878
Fix integration test to highlight changes
...
Split out to show the actual changes
2019-01-27 15:53:21 -05:00
Justin Santa Barbara
f9f7eb628e
Create integration test for unmanaged networking
2019-01-27 15:53:21 -05:00
David Archer
36d2282d6b
AWS: Enable ICMP Type 3 Code 4 for API server ELBs
2019-01-12 07:20:17 -05:00
Kubernetes Prow Robot
38076b3f91
Merge pull request #6296 from justinsb/gce_labels
...
GCE terraform: support labels
2019-01-09 02:05:29 -08:00
Justin SB
d145e1fe6f
GCE terraform: map source tags in firewallrule
2019-01-03 23:28:44 -05:00
Justin SB
9494dfeb8c
GCE terraform: support labels
2019-01-03 23:22:54 -05:00
Justin SB
4aa2498203
Rationalize deserialiation code
...
Put it all through kopscodecs.Decode, so that we can rewrite the API
group more easily in a subsequent PR.
2018-12-21 13:59:50 -05:00
Justin SB
26bd75aecb
Bulk spelling fixes
...
Experimenting with my own spelling checker, these are the typos it caught.
2018-12-20 17:43:56 -05:00
Jared Allard
fee9bb1f90
fix(tests/integration/create_cluster): fix up minimal <-> ing mixup
2018-11-24 17:12:04 -08:00
Jared Allard
4c4dd466da
fix(tests/integration/update_cluster): accidentally broke test earlier
2018-11-24 17:09:57 -08:00
Jared Allard
c54222bdb8
chore(tests): use minimal as the test not dedicated security one
2018-11-24 17:07:19 -08:00
Jared Allard
19811d9759
chore(tests): fix them up
2018-11-24 17:03:50 -08:00
Jared Allard
f4de628519
chore(tests): fix some find and replace issues
2018-11-24 16:23:05 -08:00
Jared Allard
49ceb0a8dc
feat: fix tests and ref link in apply_cluster
2018-11-24 16:17:32 -08:00
Jared Allard
2182b879d9
fix(cmd/kops/create_cluster): set anonymousAuth to false not true, whoops
2018-11-24 11:08:09 -08:00
Jared Allard
2336498467
chore(tests/integration/create_cluster): finalize tests
2018-11-16 23:11:00 -08:00
Jared Allard
19f9d2f4d1
Merge branch 'master' into master
2018-11-16 23:03:38 -08:00
Jared Allard
b075964a1d
chore(tests/integration/create_cluster): move test defns lower
2018-11-16 23:02:05 -08:00
Jared Allard
9b5b56aa63
chore(tests/integration/create_cluster): add new field
2018-11-16 22:40:25 -08:00
Ariel Mashraki
d63c47149d
integration: Fix broken test in externallb
...
Running `terraform validate` on `externallb/kubernetes.tf` was failing
because resource name can't contain ":".
2018-10-20 18:27:41 +03:00
Ariel Mashraki
7dca8a78d2
terraform: Fix resource formatting for IPv6 CIDRs
...
Solved #5976
2018-10-20 15:58:42 +03:00
Justin Santa Barbara
e119068480
Update tests for channel bump
2018-10-15 16:56:34 -04:00
k8s-ci-robot
646fee8a9d
Merge pull request #5857 from justinsb/strict_cloudformation_output_checking
...
Stop cloudformation output switching to literal quotes
2018-10-02 22:53:19 -07:00
k8s-ci-robot
3fe0287ff8
Merge pull request #5862 from justinsb/follow_on_5744
...
Follow on for #5744
2018-10-02 17:22:03 -07:00
k8s-ci-robot
b3d61542cd
Merge pull request #5820 from justinsb/etcd_manager_channels_step1
...
etcd: introduce field to specify whether we are using etcd-manager or legacy mode
2018-10-02 14:20:37 -07:00
Justin Santa Barbara
1e2a62992b
Use JoinSuffixes for node->master traffic, also fix AmazonVPC rule
...
This ensures we are consistently naming our rules
2018-10-02 11:53:41 -07:00
Justin Santa Barbara
1906bcdf5d
We need to create the cross-product of rules for SG overrides
...
e.g. each master SGs need to be configured to talk to each master SG
2018-10-02 11:53:41 -07:00
Justin Santa Barbara
1f2a8042b5
Test case where we mix override & default SGs
2018-10-02 11:53:41 -07:00
Justin Santa Barbara
bfb54935ff
Build security groups along with suffixes
...
Fixes the case where we mix use of specified & default SGs.
2018-10-02 11:53:41 -07:00
Justin Santa Barbara
076742f528
Still materialize terraform output in tests
...
If we skip it, we can't test it. We do expect that most users will
use a lifecycle that only warns though.
2018-10-02 11:53:39 -07:00
Rodrigo Menezes
4cd8dbae3f
Update tests
2018-10-02 01:42:46 -07:00
Rodrigo Menezes
a82f548ff8
Allow using existing/shared Security Groups
...
Verbosely log when a user overwrites LB or IG security groups
Change SecurityGroup to SecurityGroupOverride
Allow using existing/shared Security Groups
Update tests
2018-10-02 00:51:39 -07:00
Justin Santa Barbara
1ad7a84d53
Stop cloudformation output switching to literal quotes
...
yaml can't store the \r character, so we strip the \r characters in
the expected output to keep the yaml output in block-quote style.
Also don't Fatalf out of an error, rather Errorf so we print all
problems.
2018-10-01 20:44:19 -07:00
Justin Santa Barbara
54c499fe9b
Introduce field to specify whether we are using etcd-manager or legacy mode
...
Splitting this out from the bigger bundle PR
2018-10-01 15:36:24 -07:00
Rohith
2fc634c556
Revert "Apply cloud labels into ELB"
...
This reverts commit b52c945f9f
.
2018-09-25 13:53:38 +01:00
Justin Santa Barbara
e6bf6b9f32
Field names are case-sensitive again
...
There was a regression in apimachinery which meant that kubernetes
tolerated field names with incorrect case. Upstream bug is
https://github.com/kubernetes/kubernetes/issues/64612
Syncing up with latest kubernetes will mean we get the same breaking
change as kubernetes has/had. It should only affect people that are
manually building YAML / JSON.
Added as a significant item to release notes.
2018-09-23 19:23:28 -04:00
Justin Santa Barbara
237043dded
Update expected test output for script changes
2018-09-21 14:51:45 -04:00
k8s-ci-robot
b1c446f8f3
Merge pull request #5503 from mikesplain/fix_suspendprocess
...
Fix suspendprocess
2018-09-03 16:28:31 -07:00
k8s-ci-robot
2319db8f59
Merge pull request #4797 from justinsb/check_no_legacy_tags_on_shared
...
lifecycle tests: check no legacy tags on shared resources
2018-09-03 15:28:26 -07:00
k8s-ci-robot
c61fb537ac
Merge pull request #5593 from wingyplus/elb_cloud_labels
...
Apply cloud labels into ELB
2018-08-18 02:00:01 -07:00
Justin Santa Barbara
16985c3abc
Remove _kubernetes_master tag
...
We can get the master role just as readily from the InstanceGroup spec
2018-08-14 21:01:07 -04:00
Justin Santa Barbara
1c3949bdfe
Don't assume that we only have one subnet per AZ
...
I made a mistaken assumption in
dde2100a19
that we only had one subnet
per AZ, but as demonstrated in #5587 this was not the case.
What I was trying to achieve was not to include the cluster name, so
for the case of subnets this commit just uses the subnet name from the
cluster spec, which should be unique and stable. That is hopefully at
least as meaningful.
Thankfully we hadn't released a version with the erroneous naming.
Fix #5587
2018-08-13 13:15:03 -04:00
Thanabodee Charoenpiriyakij
b52c945f9f
Apply cloud labels into ELB
...
Fixes #2048
2018-08-11 00:43:19 +07:00
Justin Santa Barbara
a7b22b4876
Remove GetAsgForInstance IAM permission
...
It isn't a valid IAM permission - it was introduced in error, but IAM
is kind enough to ignore it.
Fixes #5549
2018-08-02 11:27:29 -04:00
Justin Santa Barbara
38fd71605e
Add test for additionalPolicies
2018-07-27 00:18:53 -04:00
Mike Splain
a93ca798ec
Fix tests
2018-07-23 20:55:44 -04:00
Christian Kampka
00cd85d73e
Add autoscaling group ids to terraform module output
2018-07-20 13:15:03 +02:00
Justin Santa Barbara
fd70778ccf
Fix tests that crossed during PR merges
2018-07-19 22:07:02 -04:00
Justin Santa Barbara
630ea429ae
Merge pull request #4677 from usabilla/external-load-balancers
...
Add the ability to specify external loadbalancers for instancegroups
2018-07-19 21:54:00 -04:00
Justin Santa Barbara
c5c2bd1acb
Don't repeatedly download nodeup
...
Only delete if the file doesn't match the hash.
Should help with retry issues / bandwidth
2018-07-19 12:09:13 -04:00
Christian Kampka
978f66266c
Generate locals for terraform target
2018-07-13 22:28:27 +02:00
Gijs Kunze
8256c3cc73
Fixed integration tests after rebasing
2018-06-29 12:42:06 +02:00
Gijs Kunze
2c5edfe992
Added integration test for external load balancers
2018-06-29 11:39:21 +02:00
k8s-ci-robot
b066b5b8d6
Merge pull request #5359 from justinsb/revert_cos_channel
...
Revert COS in stable/alpha channel
2018-06-20 20:54:07 -07:00
Justin Santa Barbara
587d8374b5
Revert COS in stable/alpha channel
...
No problem with COS per-se, but these versions have the newer docker,
which includes the --storage flag. We fixed that in master in #5258 ,
but older versions of kops - including the currently released version
1.9.1 - don't have the fix.
Revert to fix the problem immediately, but opened #5358 to track a
more realistic fix.
2018-06-20 20:00:15 -04:00
Justin Santa Barbara
1af610a6c4
Use fast-retry and cleanup task options for tests
...
The launch configuration test exposed that our integration tests don't
retry for very long, and wait a long time in between retries.
Create a RunTasksOptions type to hold the parameters, in particular
max task time, and the amount of time we wait when all tasks have
failed.
2018-06-18 00:04:23 -04:00
Justin Santa Barbara
e2debd99a6
Update expected TF output for latest master
2018-06-11 11:12:23 -04:00
Justin Santa Barbara
93b5e24801
Merge pull request #5030 from chrissnell/export-addl-tf-outputs
...
Export outputs to aid with VPC peering in Terraform
2018-06-11 11:11:52 -04:00
k8s-ci-robot
1b29b54d5b
Merge pull request #4171 from rifelpet/rifelpet_iam
...
Add support for external IAM Instance Profiles
2018-06-10 14:54:00 -07:00
k8s-ci-robot
a57a6de4a8
Merge pull request #5139 from justinsb/fix_subnet_egress_indexing
...
Fix issue where we assumed that private zone were in order
2018-06-09 09:27:01 -07:00
Peter Rifel
5f0b63100d
Add support for using existing instance profiles
2018-06-08 10:33:09 -07:00
Chris Snell
78b81dd172
Merge branch 'master' into export-addl-tf-outputs
2018-06-08 12:22:43 -05:00
Justin Santa Barbara
ef5936d8b5
Support overlay2 in docker
...
We also have to stop passing the flag on ContainerOS, because it's set
in /etc/docker/default.json and it's now an error to pass the flag.
That in turn means we move those options to code, which are the last of
those legacy config options. (We still have a few tasks declaratively
defined though)
2018-06-07 17:11:11 -04:00
Rodrigo Menezes
4a131f2a50
Implement AdditionalCIDR configuration on non-shared VPCs
2018-06-05 01:12:06 -07:00
Justin Santa Barbara
e24aa79aa9
Updated terraform expected test output
2018-06-04 10:52:08 -07:00
k8s-ci-robot
6741158c97
Merge pull request #5056 from povilasv/gce-ssh
...
Add public ssh keys for GCE
2018-06-03 10:59:53 -07:00
Justin Santa Barbara
e73ee4e3e8
Update tests for alpha -> stable promotion
2018-05-31 07:41:31 -07:00
Justin Santa Barbara
bc79f0a69b
tests: failing test when multiple egress
...
Also requires that the subnets be out of order, which is likely why we
didn't hit it in practice.
2018-05-10 13:28:05 -04:00
k8s-ci-robot
02ab1f90be
Merge pull request #5133 from relu/support-ec2-instance-nat-egresses
...
Add ability to use ec2 nat instance as egress
2018-05-10 08:22:53 -07:00
k8s-ci-robot
827357ef0a
Merge pull request #4958 from appvia/iam-remove-sids
...
Remove custom Statement IDs from IAM Policy Statements
2018-05-09 18:37:54 -07:00
Aurel Canciu
cc8371cb31
Add ability to use ec2 nat instance as egress
2018-05-09 23:04:54 +03:00
Povilas Versockas
8bfa93c304
Add public ssh keys for GCE
2018-04-21 20:15:29 +03:00
Justin Santa Barbara
e158f84e9f
Set AWS_REGION into bootstrapscript
...
Fix #4451
2018-04-12 17:39:24 -04:00
Kashif Saadat
bf30b2559f
Update AWS IAM Policy tests following Statement ID removal
2018-04-10 15:33:51 +01:00
andrewsykim
b480898af7
digitalocean: add protokube support
2018-04-01 21:47:31 -04:00
Justin Santa Barbara
51cc74c783
lifecycle tests: check no legacy tags on shared resources
2018-03-26 00:20:07 -04:00
k8s-ci-robot
5cda02ca2b
Merge pull request #4695 from vendrov/instnace_monitroing_support
...
Add support for instance monitoring
2018-03-25 14:17:01 -07:00
Justin Santa Barbara
a148c67cad
ElasticIP tags for cloudformation & terraform
...
We previously weren't populating the terraform configuration with these
tags.
2018-03-25 15:52:50 -04:00
k8s-ci-robot
63225eb674
Merge pull request #4784 from justinsb/always_tag_volumes
...
Make sure volumes are tagged
2018-03-24 23:32:00 -07:00
Justin Santa Barbara
0ce7dbf4bd
Update tests for new volume tags
2018-03-25 00:08:24 -04:00
Justin Santa Barbara
0e22bf4ab5
Update tests for new security group tags
2018-03-24 22:19:59 -04:00
devops
d734f35126
Add support for instance monitoring
...
Add API backward comptability
Add api generated files
documenting detailed-monitoring
instance-group json typo
Update test expected result
to support enable_monitroing
Add instance-monitroing support to CF
Improve doc, test and rename InstanceMonitoring
Rename instnace-monitoring to fit the YAML kops form
typo detailedInstanceMonitoring
2018-03-21 23:06:38 +02:00
Justin Santa Barbara
6ff56e2f05
Fix shared network objects
...
RouteTables should be created (and owned) only for non-shared subnets.
2018-03-18 17:09:30 -04:00
k8s-ci-robot
403707c9cc
Merge pull request #4650 from justinsb/keyset_format
...
Define KeysetFormat type, embed into keyset
2018-03-15 19:00:22 -07:00
Justin Santa Barbara
650bd98ea2
Update integration tests with new tags
2018-03-15 20:11:54 -04:00
Justin Santa Barbara
681538831f
Use newer version of k8s in shared tests
...
This enables the non-legacy shared tags.
2018-03-15 20:11:54 -04:00
Gijs Kunze
d4b8806b6f
Fix integration test
2018-03-14 13:33:16 +01:00
Justin Santa Barbara
5d36f9e37d
Update kops version in tests
...
We need to satisfy the new minimum supported version.
2018-03-12 02:17:49 -04:00
Justin Santa Barbara
4d1abb7d87
Define KeysetFormat type, embed into keyset
...
The values are 'legacy' when not using keyset.yaml, and the API version
(v1alpha2) for keyset.yaml
2018-03-12 01:45:20 -04:00
Justin Santa Barbara
9ea334d18b
keypair integration test: print diffs
...
We have a nice diff library for printing diffs, use it for the tests.
2018-03-10 16:48:47 -05:00
chrislovecnm
f785d2bd12
patching with PR 4598, need to remove this commit
2018-03-09 14:22:12 -07:00
Mike Splain
cd0f5b5b3f
Update tests
2018-03-08 13:26:34 -05:00
k8s-ci-robot
7d722c359c
Merge pull request #4539 from chrislovecnm/fixing-tests
...
Fixing integration tests
2018-02-28 11:20:47 -08:00
chrislovecnm
5fef961439
Fixing integration tests
2018-02-28 11:47:20 -07:00
k8s-ci-robot
65ba5391d1
Merge pull request #4538 from justinsb/addons_schema_tweak
...
Make addon specification into an object
2018-02-28 09:27:46 -08:00
k8s-ci-robot
0ff7d4de99
Merge pull request #4452 from duboisf/support-bastion-user-data
...
Add support for bastion aws user-data
2018-02-28 03:54:45 -08:00
Justin Santa Barbara
f4990e663e
Make addon specification into an object
...
This allows for future extensions
2018-02-28 00:33:50 -05:00
Chris Phillips
6168b9d598
Adds support for more channels to be passed to protokube
2018-02-28 00:33:50 -05:00
Mike Splain
45a57915e2
Fix bazel deprecation notice
2018-02-26 09:36:13 -05:00
k8s-ci-robot
aa6e801e18
Merge pull request #3829 from mikesplain/suspendAZRebalance
...
Add Instance Group Suspend Processes
2018-02-25 22:20:52 -08:00
chrislovecnm
6e32329fb0
updating integration tests
2018-02-23 14:02:50 -07:00
k8s-ci-robot
4d4f86bfba
Merge pull request #4494 from justinsb/gcr_alias_only_for_1_10
...
Use k8s.gcr.io alias only for 1.10
2018-02-23 07:01:44 -08:00
Justin Santa Barbara
e4fafa6065
Use legacy image registry gcr.io/google_containers for <= 1.9
...
The k8s.gcr.io prefix is an alias, but for CI builds we run from a
docker load, and we only double-tag from 1.10 onwards. For versions
prior to 1.10, remap k8s.gcr.io to the old name. This also means that
we won't start using the aliased names on existing clusters, which could
otherwise be surprising to users.
2018-02-22 21:42:33 -08:00
Fernando Battistella
1fb4de5b12
fixes cloudformation tests for #4499
2018-02-22 16:30:15 -05:00
Justin Santa Barbara
dde7600dae
Initial support for standalone etcd-manager backups
...
The etcd-manager will (ideally) take over etcd management. To provide a
nice migration path, and because we want etcd backups, we're creating a
standalone image that just backs up etcd in the etcd-manager format.
This isn't really ready for actual usage, but should be harmless because
it runs as a sidecar container.
2018-02-20 20:06:08 -05:00
k8s-ci-robot
4b8db1eee0
Merge pull request #4137 from thockin-tmp/gcr-vanity
...
Convert registry to k8s.gcr.io
2018-02-20 08:54:39 -08:00
Mike Splain
fdc2695fe1
Add suspendProcesses to IGs
2018-02-20 09:30:18 -05:00
Justin Santa Barbara
6e562e0742
Support updating autoscaling metrics
2018-02-20 00:53:24 -05:00
Fred Dubois
6b38b2c3a6
Add support for bastion aws user-data
...
Fixes #4444
2018-02-19 08:52:10 -05:00
Tim Hockin
79d5f793e7
Convert registry to k8s.gcr.io
2018-02-14 10:08:41 -08:00
Kashif Saadat
ac25853cd5
- Add etcdClusterSpec Image & Version in bootstrap data for Master nodes
...
- Reuse execWithTee fn for ETCD Command (tee & mkfifo in different path for newer image versions)
2018-02-10 12:14:36 +00:00
k8s-ci-robot
b02a73fa2c
Merge pull request #4184 from chrislovecnm/rbac-default
...
Switching the default for kops to create a cluster with RBAC enabled.
2018-01-26 10:52:33 -08:00
Johannes Würbach
02855fc13f
Enable metrics for AutoScalingGroups
...
Those metrics simplify monitoring the created ASGs and are free [0].
Enable them by default.
[0] https://aws.amazon.com/about-aws/whats-new/2016/08/free-auto-scaling-group-metrics-with-graphs/
2018-01-25 20:06:10 +01:00
k8s-ci-robot
d2bb0ba233
Merge pull request #4317 from justinsb/ensure_gce_disk_name_does_not_start_with_number
...
Ensure GCE disk name does not start with a number
2018-01-24 12:02:33 -08:00
k8s-ci-robot
e190741cc7
Merge pull request #4320 from mikn/iam_region_fix
...
Fix ASG scaling by adding in ec2:DescribeRegions permission to the nodes IAM role
2018-01-23 17:22:30 -08:00
Justin Santa Barbara
930fe8e740
Promote alpha channel image to stable
...
The 4.4.111 image is not showing the flakiness on the NFS e2e tests.
2018-01-22 19:42:40 -05:00
Mikael Knutsson
e6ebf365d6
Fix cloudformation integration tests
2018-01-22 17:52:29 +08:00
Justin Santa Barbara
ec4a916f62
Ensure GCE disk name does not start with a number
...
As this could not have worked before, we don't have to worry about
compatability with existing users.
2018-01-22 00:24:16 -05:00
Justin Santa Barbara
da55c5eaee
Update tests with new default image
2018-01-20 00:11:23 -05:00
Kashif Saadat
5850b434b4
Add SubnetType Tag to Subnets
2018-01-08 10:53:58 +00:00
chrislovecnm
4f9ed369e9
Updating tests for having default RBAC setting
2018-01-04 00:12:42 -07:00
Kubernetes Submit Queue
e88496a248
Merge pull request #4061 from meringu/create-subnets
...
Automatic merge from submit-queue.
Add --subnets and --utility-subnets to kops create cluster
This change adds two new options to `kops create cluster`
When specifying `--vpc`, `--subnets` can be specified as an unordered array of subnet ids. Kops will then look up the zones of the subnets to find which zone to add the subnet id to.
If `--topology private` is also specified, `--utility-subnets` can similarly be specified.
~If a zone was specified but a subnet wasn't given that matches the zone, then the subnet will be allocated a CIDR with the current behaviour.~ This case fails validation here 7bd0a6a703/pkg/apis/kops/validation/validation.go (L151)
I can add unit tests and docs changes if required, but I am keen to get feedback before I proceed much further.
I have only added support for AWS.
I have tested this by running a command similar to this:
```bash
kops create cluster \
--zones=us-east-1a,us-east-1b,us-east-1c \
--topology private \
--master-zones=us-east-1a,us-east-1b,us-east-1c \
--vpc $vpc_id \
--subnets subnet-111111,subnet-222222,subnet-333333 \
--utility-subnets subnet-444444,subnet-555555,subnet-666666 \
$cluster_hosted_zone_name
```
And the cluster spec was as expected.
2017-12-18 21:12:59 -08:00
chrislovecnm
7057aaf1bb
Enabling the file assets
...
File assets and the SHA files are uploaded to the new location. Files
when are users uses s3 are upload public read only. The copyfile task
uses only the existing SHA value.
This PR include major refactoring of the use of URLs. Strings are no
longer categnated, but converted into a URL struct and path.Join is
utlilized.
A new values.go file is included so that we can start refactoring more
code out of the "fi" package.
A
2017-12-17 15:26:57 -07:00
Henry Muru Paenga
0491530b6e
Lookup vpc if not given to create cluster
2017-12-18 11:12:57 +13:00
Henry Muru Paenga
afc1b58722
Tests for create cluster in shared vpc
2017-12-15 18:29:20 +13:00
Kubernetes Submit Queue
bea129142a
Merge pull request #4051 from robinpercy/autoscaler-perms
...
Automatic merge from submit-queue.
Adding DescribeTags to masters
/fixes #2681
2017-12-14 09:25:42 -08:00
Kubernetes Submit Queue
d533714aa8
Merge pull request #4036 from almariah/feature-api-elb-security-groups
...
Automatic merge from submit-queue.
Allow additional SGs to be added to API loadbalancer
Allow adding precreated additional security groups to the API loadbalancer using cluster spec:
```yaml
spec:
api:
loadBalancer:
type: Public
additionalSecurityGroups:
- sg-exampleid3
- sg-exampleid4
```
- [x] Adding additionalSecurityGroups cluster spec
- [x] Adding validation for repeated security groups
- [x] Adding validation for API loadbalancer security groups
- [x] Integration test for API loadbalancer and its security groups
- [x] Update API docs and cluster.spec docs
2017-12-14 02:25:40 -08:00
Robin Percy
6a2ded4681
Adding DescribeTags to masters
2017-12-13 11:48:24 -08:00
Abdullah Almariah
22194c982d
Update kubernetes.tf for API loadbalancer
2017-12-13 01:29:16 +01:00
Abdullah Almariah
16ed8982e6
update_cluster complex integration test
2017-12-13 00:31:59 +01:00
Peter Rifel
358e2e222c
Create mock igw in integration tests
2017-12-07 16:38:06 -08:00
Justin Santa Barbara
a3c9c2f4c2
Promote alpha channel to stable
2017-12-03 12:45:24 -05:00
Kubernetes Submit Queue
e33a3ecee5
Merge pull request #3923 from justinsb/lockdown_etcd_peer_ports
...
Automatic merge from submit-queue.
Block etcd peer port from nodes
2017-11-26 16:17:13 -08:00
Justin Santa Barbara
581e954062
Block etcd peer port from nodes
...
Ports 2380 & 2381 should not be exposed to nodes.
Fix #3746
2017-11-25 16:36:46 -05:00
Justin Santa Barbara
b9ced1957b
bazel: fix tests/ directory
2017-11-25 16:03:27 -05:00
Kashif Saadat
f0c3ed8965
Include encryptionConfig setting within userdata for masters.
2017-11-16 15:58:59 +00:00
Kubernetes Submit Queue
e5ea6ba6a7
Merge pull request #3783 from georgebuckerfield/instancegroup-labels
...
Automatic merge from submit-queue.
Add a default NodeLabel with the InstanceGroup name
As requested in https://github.com/kubernetes/kops/issues/2999 , this change just auto-populates new InstanceGroup specs with a default node label containing the name of the instance group. It would be really useful for those of us managing environments with multiple instance groups.
It allows an admin to easily view the instance groups using kubectl:
```
kubectl get nodes --label-columns kops.k8s.io/instancegroup
NAME STATUS AGE VERSION INSTANCEGROUP
ip-172-20-108-120.eu-west-1.compute.internal Ready,node 3m v1.7.4 xtra-large
ip-172-20-117-133.eu-west-1.compute.internal Ready,master 14m v1.7.4 master-eu-west-1c
ip-172-20-32-139.eu-west-1.compute.internal Ready,master 14m v1.7.4 master-eu-west-1a
ip-172-20-32-92.eu-west-1.compute.internal Ready,node 12m v1.7.4 nodes
ip-172-20-67-184.eu-west-1.compute.internal Ready,master 13m v1.7.4 master-eu-west-1b
```
2017-11-09 23:29:47 -08:00
Rodrigo Menezes
ef24cec62b
Fixing naming convention and adding running API machinery.
2017-11-09 14:30:48 -08:00
Rodrigo Menezes
3cfa67c3e6
Merge remote-tracking branch 'upstream/master' into extra_user-data
2017-11-08 22:20:54 -08:00
georgebuckerfield
ba4dd61142
Fixing tests
2017-11-07 11:25:59 +00:00
Rodrigo Menezes
1fe56a1603
Move user-data to IG spec
2017-11-06 23:25:37 -08:00
Justin Santa Barbara
7066368f5c
Merge pull request #2063 from pdh/additional-sans
...
Allows additional Subject Alternate Names
2017-11-06 22:51:52 -05:00
chrislovecnm
609e268a1d
gazelle updates with new bazel version
2017-11-05 17:41:53 -07:00
Rodrigo Menezes
565afae2c6
Merge remote-tracking branch 'upstream/master' into extra_user-data
2017-11-04 17:06:43 -07:00
chrislovecnm
1e418c3e13
more goimport updates
2017-11-04 10:03:02 -06:00
Kashif Saadat
b30606ffda
Enable IAM Container Registry permissions by default when creating a cluster ( #3760 ).
2017-11-03 17:26:51 +00:00
pdh
fc6f33db24
Allows additional Subject Alternate Names
2017-11-02 10:26:03 -07:00
Rodrigo Menezes
58faa71d89
Merge remote-tracking branch 'origin/master' into extra_user-data
2017-10-30 20:44:00 -07:00
chrislovecnm
0dc7a6e671
network and security tests are working
2017-10-26 13:17:34 -06:00
chrislovecnm
dc338c4829
Refactoring phases to work in sequence properly
2017-10-26 13:17:34 -06:00
chrislovecnm
384c74d66c
Refactoring IAM phase to Security Phase
2017-10-26 12:28:50 -06:00
Rodrigo Menezes
d803480485
Merge remote-tracking branch 'upstream/master' into extra_user-data
2017-10-24 12:52:19 -07:00
Kashif Saadat
5bfb22ac92
Make the IAM ECR Permissions optional, can be specified within the Cluster Spec.
2017-10-24 09:20:17 +01:00
Eric Hole
239199caed
Updates to test files
2017-10-22 11:47:54 -07:00
Rodrigo Menezes
75aa120f43
Merge remote-tracking branch 'upstream/master' into extra_user-data
2017-10-15 17:17:12 -07:00
Rodrigo Menezes
e77cda1af1
Allow passing in extra user-data to cloud-init
2017-10-15 17:10:03 -07:00
chrislovecnm
eeafe6467c
Integration tests for phases - iam works - others are WIP
2017-10-12 14:13:17 -06:00
Justin Santa Barbara
d71bd09a6c
GCE: Limit length of InstanceTemplate
...
We explicitly set a separate prefix for the names, and we ensure it is
not too long
2017-10-10 09:48:38 -04:00
chrislovecnm
3e09c2e2fd
updating kops version so that we do not get warnings, fixing cf tests
2017-10-05 20:15:48 -06:00
Kubernetes Submit Queue
f2e707ef2d
Merge pull request #3460 from justinsb/bump_gce_cos
...
Automatic merge from submit-queue.
Update Google COS image
2017-10-05 00:08:40 -07:00
Justin Santa Barbara
b329178f25
Update Google COS image
...
Equivalent of https://github.com/kubernetes/kubernetes/pull/52120
2017-10-03 23:02:04 -04:00
Justin Santa Barbara
3ab5264ee4
Fix update cluster integration test for bazel
...
Bazel doesn't like overlapping file paths; this is much cleaner anyway.
2017-10-03 20:51:00 -04:00
Kubernetes Submit Queue
98bf9d35a9
Merge pull request #3477 from chrislovecnm/update-test-yaml-k8s-version
...
Automatic merge from submit-queue.
bumping k8s versions in test files
updating k8s versions in test YAML files so that we do not get warnings during testing
2017-10-03 14:03:23 -07:00
chrislovecnm
0cf8117b05
removing uneeded kubernetes.tf file
2017-10-03 13:38:39 -06:00
chrislovecnm
0abcaa8026
renaming cf integration test folder
2017-10-03 13:38:13 -06:00
chrislovecnm
5ed0d471f6
fixing cf integration tests
2017-10-03 12:34:22 -06:00
chrislovecnm
bda4e9f13e
moving cf files for integration test
2017-10-03 12:24:07 -06:00
chrislovecnm
48c6dfdad4
giving cf its own files, because it has hardcoded versions
2017-10-03 12:16:04 -06:00
chrislovecnm
5636dc3298
bumping k8s versions
2017-10-03 12:16:01 -06:00
Justin Santa Barbara
57ceb5dbab
bazel: Add targets for cross-package testdata
2017-10-03 10:54:46 -04:00
Kubernetes Submit Queue
518e97d97b
Merge pull request #3510 from justinsb/bazel
...
Automatic merge from submit-queue.
Initial bazel support
Builds on the 1.8 version bump
The "trick" is to strip the BUILD & BUILD.bazel files from the vendor-ed deps.
Will rebase after 1.8 version bump merges.
2017-10-03 01:19:27 -07:00
Kubernetes Submit Queue
1c81ec5e42
Merge pull request #3490 from justinsb/download_with_wget
...
Automatic merge from submit-queue.
Support wget for download, not just curl
2017-10-03 00:45:04 -07:00
Justin Santa Barbara
0143be7c4f
autogen: BUILD and BUILD.bazel
2017-10-02 14:27:21 -04:00
Justin Santa Barbara
544990842a
More fixes for 1.8 API changes
2017-10-01 23:02:32 -04:00
Justin Santa Barbara
7fd1196708
Add Zones field to InstanceGroup
...
The Zones field can specify zones where they are not specified on a
Subnet, for example on GCE where we have regional subnets.
2017-09-30 19:44:35 -04:00
Justin Santa Barbara
da99a7270d
Subnets on GCE are regional, create one per region
...
We also make the subnet zone and CIDR optional on GCE
2017-09-30 19:22:14 -04:00
Justin Santa Barbara
eb2cd45cdf
Support wget for download, not just curl
...
Some images don't include curl but do have wget. Prefer curl, but
fallback to wget.
(The official Debian 9 image does not have curl.)
2017-09-30 19:12:58 -04:00
chrislovecnm
892ff7a6b7
fixing integration test
2017-09-30 14:40:39 -06:00
Kubernetes Submit Queue
e97efcc4f9
Merge pull request #3436 from justinsb/mock_aws_should_use_same_providerid
...
Automatic merge from submit-queue. .
AWS mock provider should use the AWS cloudprovider id
2017-09-23 19:47:41 -07:00
Justin Santa Barbara
bde0c46b10
AWS mock provider should use the AWS cloudprovider id
...
Otherwise our tests get a little confused; for example they weren't
outputing the Terraform provider block.
2017-09-23 20:52:54 -04:00
Justin Santa Barbara
ecc78c06bd
Create GCE networks in auto mode, not legacy mode
...
auto mode allows for conversion to custom mode at the API level, and
legacy mode is deprecated.
2017-09-23 16:32:52 -04:00
Justin Santa Barbara
73dd870118
GCE integration test: verify TF output
2017-09-23 16:27:15 -04:00
Justin Santa Barbara
055f510c6f
Create minimal mock GCECloud, first test
...
We test create cluster - we actually have an issue with the length of
the names on longer cluster names; first step is to get test coverage.
2017-09-16 11:02:30 -04:00
Kubernetes Submit Queue
52fe2ceab4
Merge pull request #3343 from KashifSaadat/iam-policy-revision
...
Automatic merge from submit-queue
Revision to IAM Policies created by Kops
Based off of the work done by @chrislovecnm in PR #2497 .
This PR tightens down the IAM policies created for Master & Node instance groups. The Cluster Spec `IAMSpec.Legacy` flag is used to control application of stricter policy rules, which is defaulted to true for existing clusters (to limit potential regression impact), and false for new cluster creation.
2017-09-15 08:32:47 -07:00
chrislovecnm
2e6b7eedb9
Revision to IAM Policies created by Kops, and wrapped in Cluster Spec
...
IAM Legacy flag.
2017-09-15 08:05:23 +01:00
Justin Santa Barbara
b29f3a7505
Honor ServiceNodePortRange when opening NodePort access
2017-09-15 00:39:41 -04:00
Kubernetes Submit Queue
ec074bb473
Merge pull request #3346 from rushtehrani/update-autoscaling-policy
...
Automatic merge from submit-queue
add autoscaling:DescribeLaunchConfigurations permission
As of 0.6.1, Cluster Autoscaler supports [scaling node groups from/to 0](https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler/cloudprovider/aws#scaling-a-node-group-to-0 ), but requires the `autoscaling:DescribeLaunchConfigurations` permission.
It'd be great to have this in kops since this permission needs to be re-added back to the master policy every time the cluster is updated.
2017-09-14 18:17:42 -07:00
Kubernetes Submit Queue
26e1cb06bf
Merge pull request #3190 from justinsb/flannel_vlxan
...
Automatic merge from submit-queue
Flannel: change default backend type
We support udp, which has to the default for backwards-compatibility,
but also new clusters will now use vxlan.
2017-09-12 19:03:17 -07:00
Kubernetes Submit Queue
ae51cfef95
Merge pull request #3336 from justinsb/nodeportaccess
...
Automatic merge from submit-queue
nodePortAccess, experimental spec override flag
2017-09-08 15:40:01 -07:00
rushtehrani
db505adb65
add autoscaling:DescribeLaunchConfigurations action
2017-09-05 23:41:19 -07:00
Justin Santa Barbara
9d31ed1b08
nodePortAccess, experimental spec override flag
...
This will allow us to set CIDRs for nodeport access, which in turn will
allow e2e tests that require nodeport access to pass.
Then add a feature-flagged flag to `kops create cluster` to allow
arbitrary setting of spec values; currently the only value supported is
cluster.spec.nodePortAccess
2017-09-04 14:27:31 -04:00
Justin Santa Barbara
15d6834113
Flannel: support choosing a backend type
...
We support udp, which has to the default for backwards-compatibility,
but also new clusters will now use vxlan.
2017-08-30 21:16:21 -04:00
Justin Santa Barbara
e793562ee6
Extract UserData from CloudFormation output during testing
...
This gives us some sanity, so we can peek inside the base64 blob
2017-08-29 09:47:11 -04:00
Kashif Saadat
d6e5a62678
Limit the IAM EC2 policy for the master nodes, wrapped in 'Spec.IAM.LegacyIAM' API flag.
2017-08-26 11:46:09 +01:00
Rohith
293292173a
Inline Conponent Configuration
...
The current implementation does not ignore any possible interpolation of bash in the content. This PR wrapped the various spec content in 'EOF' to ignore all.
- updated the tests to reflect the changes
- wrapped the component configuration in 'eof' to ensure interpolation is ignored
2017-08-25 00:36:06 +01:00
Justin Santa Barbara
b61b74408b
Update images in CI tests
2017-08-24 10:27:27 -04:00
Kashif Saadat
0e5c393f10
Rename IAM switch to legacy, default to false for new cluster creations.
2017-08-22 13:27:55 +01:00
Kubernetes Submit Queue
a3fdefa74c
Merge pull request #3041 from justinsb/it_shared_vpc_and_subnet
...
Automatic merge from submit-queue
Add integration tests for shared subnet & VPC
2017-08-18 15:55:53 -07:00
Kubernetes Submit Queue
b7efd3ba62
Merge pull request #3120 from KashifSaadat/diff-on-component-config-changes
...
Automatic merge from submit-queue
Add cluster spec to node user data so component config changes are detected
Related to #3076
Some cluster changes such as component config modifications are not picked up when performing updates (nodes are not marked as `NEEDUPDATE`). This change introduces the ability to:
1. Include certain cluster specs within the node user data file ~(`enableClusterSpecInUserData: true`)~
2. ~Encode the cluster spec string before placing within the user data file (`enableClusterSpecInUserData: true`)~
~The above flags default to false so shouldn't cause any changes to existing clusters.~
Following feedback I've removed the optional API flags, so component config is included by default within the user data. This WILL cause all nodes to have a required update to their bootstrap scripts.
2017-08-11 03:43:17 -07:00
Kubernetes Submit Queue
6483ba6ac7
Merge pull request #3151 from johanneswuerbach/ssl-healthchecks
...
Automatic merge from submit-queue
Use SSL in ELB API server health check
This switch causes the ELB to perform a SSL handshake and makes the
`I0427 03:57:55.059255 1 logs.go:41] http: TLS handshake error from IP:PORT: EOF`
disappear from the apiserver logs.
Tested manually and everything looks ✅
Inspiration from https://github.com/kubernetes-incubator/kube-aws/pull/604
2017-08-10 17:30:26 -07:00
Kashif Saadat
e0461b92a9
Add ability to store partial cluster and instancegroup spec in userdata,
...
so component config changes are detected and causes nodes to be updated
2017-08-09 14:15:02 +01:00
Derek VerLee
ffa95b8112
Add support for cluster using http forward proxy
2017-08-07 14:30:42 -04:00
Johannes Würbach
2accc73a72
Use SSL in ELB API server health check
...
This switch causes the ELB to perform a SSL handshake and makes the
`I0427 03:57:55.059255 1 logs.go:41] http: TLS handshake error from IP:PORT: EOF`
disappear from the apiserver logs.
2017-08-07 13:02:40 +02:00
Justin Santa Barbara
64f0920c8b
Add integration tests for shared subnet & VPC
2017-07-24 10:37:07 -04:00
Justin Santa Barbara
cde70934dc
Create test for ssh-access
2017-07-22 01:45:03 -04:00
Lars Lehtonen
c5f8c0f221
Fixed unused import in tests.
2017-07-15 12:35:19 -07:00
Hanfei Shen
fc50984f09
support china region
2017-07-16 00:57:38 +08:00
chrislovecnm
1f3212ce94
increase default instance volume size
2017-07-04 20:19:06 -06:00
chrislovecnm
38aae71bee
updating found govet issues and adding test directory
2017-06-23 16:42:33 -06:00
Justin Santa Barbara
d2df318ecc
Move CloudProvider to kops API
...
This avoids a circular reference when breaking up the fi package
2017-06-17 16:27:07 -04:00
Pierre-Alexandre St-Jean
9a12f56728
Added "cloud-labels" to ebs volumes
...
Added one integration test
2017-06-12 13:46:30 -04:00
Justin Santa Barbara
4c9385b0fd
Update integration tests for new versions
...
(Separately: when we implemented standalone mode, we should also switch
the tests so they don't rely on the published stable channel!)
2017-05-17 11:36:34 -04:00
Justin Santa Barbara
5e764fbe80
Merge pull request #2424 from while1eq1/fix-iam-terraform
...
Update the terraform generator to use the value "role" instead of "roles" for the aws_iam_instance_profile resource
2017-05-16 00:41:28 -04:00
Justin Santa Barbara
eabbd1402b
Add required terraform version declaration
...
Terraform is changing its schema, and we probably want to encourage
users to use the newer terraform versions anyway.
See #2424
2017-05-15 11:20:32 -04:00
Justin Santa Barbara
f9a0ae778b
Merge pull request #2508 from pastjean/add-roles-as-outputs
...
Added instance role as terraform output
2017-05-15 09:13:39 -04:00
Justin Santa Barbara
5d9a5c611f
Fix channel version recommendations
...
We were recommending 1.5.2 based on the kops version, but then 1.5.4
based on that k8s version.
Fix & add a test.
2017-05-05 20:28:46 -04:00
Pierre-Alexandre St-Jean
347dccfa25
Added instance role as terraform output
...
Added:
- Instance role name
- Instance role arn
as terraform outputs, this can then be references later on to
use as sts:assume role, create after this one
2017-05-05 16:21:43 -04:00
Justin Santa Barbara
fb6d1711ee
Update tests for new tag
2017-05-02 00:33:25 -04:00
Bill Broach
142c2ceae0
this wants 2 spaces for some reason
2017-04-24 20:32:08 -04:00
Bill Broach
d5e7f85b2d
fix whitespacing on name
2017-04-24 20:11:16 -04:00
Bill Broach
24d01f9223
fix whitespace
2017-04-24 20:00:26 -04:00
Bill Broach
160e5d7fa8
update integration tests to use role instead of roles for terraform aws_iam_instance_profile resource
2017-04-24 18:08:31 -04:00
Justin Santa Barbara
4dcc6ad067
Merge pull request #2370 from luomiao/userdefined-s3endpoint
...
Support user-defined s3 endpoint
2017-04-20 01:17:08 -04:00
dima
bf06e36a4f
change flag to --encrypt-etcd-storage=true
2017-04-19 13:27:56 +02:00
dima
968cf784a9
Merge branch 'master' of https://github.com/kubernetes/kops into feature/extend_PR_398
2017-04-19 12:37:52 +02:00
Miao Luo
76437a77d4
Support user-defined s3 endpoint.
2017-04-18 11:27:07 -07:00
Adam H. Leventhal
e8d8e2882e
invalid tags field in aws_route53_zone_association terraform resource
2017-04-07 20:32:35 -07:00
Adam H. Leventhal
2a9315ac56
Support dns=private with terraform #1848
2017-04-06 07:44:41 -07:00
dima
e7ddeb71ec
add tests and fix existed for --encrypt-volume option
2017-04-03 14:47:28 +02:00
Justin Santa Barbara
3f2ee47689
Fix tests
2017-03-29 18:23:19 -04:00
Justin Santa Barbara
c6b4288e61
Pull fixes from the integration branch
2017-03-28 20:42:15 -04:00
Justin Santa Barbara
4006741a5d
Update for new taints / labels names
2017-03-27 23:13:39 -04:00
Justin Santa Barbara
bdf0d04b0a
Merge pull request #2104 from justinsb/container_optimized_os
...
Initial Container-Optimized OS support
2017-03-27 10:21:39 -04:00
Robin Percy
4b030fed69
Added taints property to IG Spec.
...
- new property is only used when KubernetesVersion is 1.6 or greater
- taints are passed to kubelet via --register-with-taints flag
- Set a default NoSchedule taint on masters
- Set --register-schedule=true when --register-with-taints is used
- Changed the log message in taints.go to be less alarming if taints are
found - since they are expected on 1.6.0+ clusters
- Added Taints section to the InstanceGroup docs
- Only default taints are allowed in the spec pre-1.6
- Custom taint validation happens as soon as IG specs are edited.
2017-03-25 18:36:00 -07:00
Justin Santa Barbara
9e7c0506f8
Update to fix tests
2017-03-20 23:56:20 -04:00
Justin Santa Barbara
2e7ef573aa
Update expected test results: creationTimestamp no longer quoted
2017-03-16 02:40:50 -04:00
Justin Santa Barbara
cb4641fea3
Code updates
2017-03-16 02:40:50 -04:00
Eric Hole
8a25a72518
Merge pull request #2051 from justinsb/fix_elb_name_collisions
...
Use Name tag to match ELBs
2017-03-09 07:32:14 -08:00
Justin Santa Barbara
18886749d9
Always include hash, per code review
...
Thanks @kris-nova
2017-03-09 09:35:09 -05:00
Justin Santa Barbara
69c38f721e
Switch how we build ELB names, but keep a feature flag
2017-03-09 09:18:31 -05:00
Justin Santa Barbara
07d2bfc982
Fix terraform output of shared subnets
...
Also add a test
Fix #1977
2017-03-08 09:18:34 -05:00
Chris Love
c2f2de93e3
Merge pull request #2016 from justinsb/fix_1890
...
Fix shared NAT gateways
2017-03-01 11:16:44 -07:00
Justin Santa Barbara
cdc8b034d1
Fix 1.6.0 validation
...
We were requiring API servers, but the apiserver flag is removed from
1.6.
2017-03-01 12:58:54 -05:00
Justin Santa Barbara
8230d8a140
Fix shared NAT gateways
...
Also add a test
Fix #1890
2017-03-01 00:15:12 -05:00