kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,172 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

213 Commits

Author SHA1 Message Date
Kashif Saadat 5bfb22ac92 Make the IAM ECR Permissions optional, can be specified within the Cluster Spec. 2017-10-24 09:20:17 +01:00
Eric Hole 239199caed Updates to test files 2017-10-22 11:47:54 -07:00
Rodrigo Menezes 75aa120f43 Merge remote-tracking branch 'upstream/master' into extra_user-data 2017-10-15 17:17:12 -07:00
Rodrigo Menezes e77cda1af1 Allow passing in extra user-data to cloud-init 2017-10-15 17:10:03 -07:00
chrislovecnm eeafe6467c Integration tests for phases - iam works - others are WIP 2017-10-12 14:13:17 -06:00
Justin Santa Barbara d71bd09a6c GCE: Limit length of InstanceTemplate 
We explicitly set a separate prefix for the names, and we ensure it is
not too long
 2017-10-10 09:48:38 -04:00
chrislovecnm 3e09c2e2fd updating kops version so that we do not get warnings, fixing cf tests 2017-10-05 20:15:48 -06:00
Kubernetes Submit Queue f2e707ef2d Merge pull request #3460 from justinsb/bump_gce_cos 
Automatic merge from submit-queue.

Update Google COS image
 2017-10-05 00:08:40 -07:00
Justin Santa Barbara b329178f25 Update Google COS image 
Equivalent of https://github.com/kubernetes/kubernetes/pull/52120
 2017-10-03 23:02:04 -04:00
Justin Santa Barbara 3ab5264ee4 Fix update cluster integration test for bazel 
Bazel doesn't like overlapping file paths; this is much cleaner anyway.
 2017-10-03 20:51:00 -04:00
Kubernetes Submit Queue 98bf9d35a9 Merge pull request #3477 from chrislovecnm/update-test-yaml-k8s-version 
Automatic merge from submit-queue.

bumping k8s versions in test files

updating k8s versions in test YAML files so that we do not get warnings during testing
 2017-10-03 14:03:23 -07:00
chrislovecnm 0cf8117b05 removing uneeded kubernetes.tf file 2017-10-03 13:38:39 -06:00
chrislovecnm 0abcaa8026 renaming cf integration test folder 2017-10-03 13:38:13 -06:00
chrislovecnm 5ed0d471f6 fixing cf integration tests 2017-10-03 12:34:22 -06:00
chrislovecnm bda4e9f13e moving cf files for integration test 2017-10-03 12:24:07 -06:00
chrislovecnm 48c6dfdad4 giving cf its own files, because it has hardcoded versions 2017-10-03 12:16:04 -06:00
chrislovecnm 5636dc3298 bumping k8s versions 2017-10-03 12:16:01 -06:00
Justin Santa Barbara 57ceb5dbab bazel: Add targets for cross-package testdata 2017-10-03 10:54:46 -04:00
Kubernetes Submit Queue 518e97d97b Merge pull request #3510 from justinsb/bazel 
Automatic merge from submit-queue.

Initial bazel support

Builds on the 1.8 version bump

The "trick" is to strip the BUILD & BUILD.bazel files from the vendor-ed deps.

Will rebase after 1.8 version bump merges.
 2017-10-03 01:19:27 -07:00
Kubernetes Submit Queue 1c81ec5e42 Merge pull request #3490 from justinsb/download_with_wget 
Automatic merge from submit-queue.

Support wget for download, not just curl
 2017-10-03 00:45:04 -07:00
Justin Santa Barbara 0143be7c4f autogen: BUILD and BUILD.bazel 2017-10-02 14:27:21 -04:00
Justin Santa Barbara 544990842a More fixes for 1.8 API changes 2017-10-01 23:02:32 -04:00
Justin Santa Barbara 7fd1196708 Add Zones field to InstanceGroup 
The Zones field can specify zones where they are not specified on a
Subnet, for example on GCE where we have regional subnets.
 2017-09-30 19:44:35 -04:00
Justin Santa Barbara da99a7270d Subnets on GCE are regional, create one per region 
We also make the subnet zone and CIDR optional on GCE
 2017-09-30 19:22:14 -04:00
Justin Santa Barbara eb2cd45cdf Support wget for download, not just curl 
Some images don't include curl but do have wget.  Prefer curl, but
fallback to wget.

(The official Debian 9 image does not have curl.)
 2017-09-30 19:12:58 -04:00
chrislovecnm 892ff7a6b7 fixing integration test 2017-09-30 14:40:39 -06:00
Kubernetes Submit Queue e97efcc4f9 Merge pull request #3436 from justinsb/mock_aws_should_use_same_providerid 
Automatic merge from submit-queue. .

AWS mock provider should use the AWS cloudprovider id
 2017-09-23 19:47:41 -07:00
Justin Santa Barbara bde0c46b10 AWS mock provider should use the AWS cloudprovider id 
Otherwise our tests get a little confused; for example they weren't
outputing the Terraform provider block.
 2017-09-23 20:52:54 -04:00
Justin Santa Barbara ecc78c06bd Create GCE networks in auto mode, not legacy mode 
auto mode allows for conversion to custom mode at the API level, and
legacy mode is deprecated.
 2017-09-23 16:32:52 -04:00
Justin Santa Barbara 73dd870118 GCE integration test: verify TF output 2017-09-23 16:27:15 -04:00
Justin Santa Barbara 055f510c6f Create minimal mock GCECloud, first test 
We test create cluster - we actually have an issue with the length of
the names on longer cluster names; first step is to get test coverage.
 2017-09-16 11:02:30 -04:00
Kubernetes Submit Queue 52fe2ceab4 Merge pull request #3343 from KashifSaadat/iam-policy-revision 
Automatic merge from submit-queue

Revision to IAM Policies created by Kops

Based off of the work done by @chrislovecnm in PR #2497.

This PR tightens down the IAM policies created for Master & Node instance groups. The Cluster Spec `IAMSpec.Legacy` flag is used to control application of stricter policy rules, which is defaulted to true for existing clusters (to limit potential regression impact), and false for new cluster creation.
 2017-09-15 08:32:47 -07:00
chrislovecnm 2e6b7eedb9 Revision to IAM Policies created by Kops, and wrapped in Cluster Spec 
IAM Legacy flag.
 2017-09-15 08:05:23 +01:00
Justin Santa Barbara b29f3a7505 Honor ServiceNodePortRange when opening NodePort access 2017-09-15 00:39:41 -04:00
Kubernetes Submit Queue ec074bb473 Merge pull request #3346 from rushtehrani/update-autoscaling-policy 
Automatic merge from submit-queue

add autoscaling:DescribeLaunchConfigurations permission

As of 0.6.1, Cluster Autoscaler supports [scaling node groups from/to 0](https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler/cloudprovider/aws#scaling-a-node-group-to-0), but requires the `autoscaling:DescribeLaunchConfigurations` permission.  

It'd be great to have this in kops since this permission needs to be re-added back to the master policy every time the cluster is updated.
 2017-09-14 18:17:42 -07:00
Kubernetes Submit Queue 26e1cb06bf Merge pull request #3190 from justinsb/flannel_vlxan 
Automatic merge from submit-queue

Flannel: change default backend type

We support udp, which has to the default for backwards-compatibility,
but also new clusters will now use vxlan.
 2017-09-12 19:03:17 -07:00
Kubernetes Submit Queue ae51cfef95 Merge pull request #3336 from justinsb/nodeportaccess 
Automatic merge from submit-queue

nodePortAccess, experimental spec override flag
 2017-09-08 15:40:01 -07:00
rushtehrani db505adb65 add autoscaling:DescribeLaunchConfigurations action 2017-09-05 23:41:19 -07:00
Justin Santa Barbara 9d31ed1b08 nodePortAccess, experimental spec override flag 
This will allow us to set CIDRs for nodeport access, which in turn will
allow e2e tests that require nodeport access to pass.

Then add a feature-flagged flag to `kops create cluster` to allow
arbitrary setting of spec values; currently the only value supported is
cluster.spec.nodePortAccess
 2017-09-04 14:27:31 -04:00
Justin Santa Barbara 15d6834113 Flannel: support choosing a backend type 
We support udp, which has to the default for backwards-compatibility,
but also new clusters will now use vxlan.
 2017-08-30 21:16:21 -04:00
Justin Santa Barbara e793562ee6 Extract UserData from CloudFormation output during testing 
This gives us some sanity, so we can peek inside the base64 blob
 2017-08-29 09:47:11 -04:00
Kashif Saadat d6e5a62678 Limit the IAM EC2 policy for the master nodes, wrapped in 'Spec.IAM.LegacyIAM' API flag. 2017-08-26 11:46:09 +01:00
Rohith 293292173a Inline Conponent Configuration 
The current implementation does not ignore any possible interpolation of bash in the content. This PR wrapped the various spec content in 'EOF' to ignore all.

- updated the tests to reflect the changes
- wrapped the component configuration in 'eof' to ensure interpolation is ignored
 2017-08-25 00:36:06 +01:00
Justin Santa Barbara b61b74408b Update images in CI tests 2017-08-24 10:27:27 -04:00
Kashif Saadat 0e5c393f10 Rename IAM switch to legacy, default to false for new cluster creations. 2017-08-22 13:27:55 +01:00
Kubernetes Submit Queue a3fdefa74c Merge pull request #3041 from justinsb/it_shared_vpc_and_subnet 
Automatic merge from submit-queue

Add integration tests for shared subnet & VPC
 2017-08-18 15:55:53 -07:00
Kubernetes Submit Queue b7efd3ba62 Merge pull request #3120 from KashifSaadat/diff-on-component-config-changes 
Automatic merge from submit-queue

Add cluster spec to node user data so component config changes are detected

Related to #3076 

Some cluster changes such as component config modifications are not picked up when performing updates (nodes are not marked as `NEEDUPDATE`). This change introduces the ability to:
1. Include certain cluster specs within the node user data file ~(`enableClusterSpecInUserData: true`)~
2. ~Encode the cluster spec string before placing within the user data file (`enableClusterSpecInUserData: true`)~

~The above flags default to false so shouldn't cause any changes to existing clusters.~

Following feedback I've removed the optional API flags, so component config is included by default within the user data. This WILL cause all nodes to have a required update to their bootstrap scripts.
 2017-08-11 03:43:17 -07:00
Kubernetes Submit Queue 6483ba6ac7 Merge pull request #3151 from johanneswuerbach/ssl-healthchecks 
Automatic merge from submit-queue

Use SSL in ELB API server health check

This switch causes the ELB to perform a SSL handshake and makes the
`I0427 03:57:55.059255       1 logs.go:41] http: TLS handshake error from IP:PORT: EOF`
disappear from the apiserver logs.

Tested manually and everything looks  

Inspiration from https://github.com/kubernetes-incubator/kube-aws/pull/604
 2017-08-10 17:30:26 -07:00
Kashif Saadat e0461b92a9 Add ability to store partial cluster and instancegroup spec in userdata, 
so component config changes are detected and causes nodes to be updated
 2017-08-09 14:15:02 +01:00
Derek VerLee ffa95b8112 Add support for cluster using http forward proxy 2017-08-07 14:30:42 -04:00
Johannes Würbach 2accc73a72
Use SSL in ELB API server health check 
This switch causes the ELB to perform a SSL handshake and makes the
`I0427 03:57:55.059255       1 logs.go:41] http: TLS handshake error from IP:PORT: EOF`
disappear from the apiserver logs.
 2017-08-07 13:02:40 +02:00
Justin Santa Barbara 64f0920c8b Add integration tests for shared subnet & VPC 2017-07-24 10:37:07 -04:00
Justin Santa Barbara cde70934dc Create test for ssh-access 2017-07-22 01:45:03 -04:00
Lars Lehtonen c5f8c0f221
Fixed unused import in tests. 2017-07-15 12:35:19 -07:00
Hanfei Shen fc50984f09 support china region 2017-07-16 00:57:38 +08:00
chrislovecnm 1f3212ce94 increase default instance volume size 2017-07-04 20:19:06 -06:00
chrislovecnm 38aae71bee updating found govet issues and adding test directory 2017-06-23 16:42:33 -06:00
Justin Santa Barbara d2df318ecc Move CloudProvider to kops API 
This avoids a circular reference when breaking up the fi package
 2017-06-17 16:27:07 -04:00
Pierre-Alexandre St-Jean 9a12f56728 Added "cloud-labels" to ebs volumes 
Added one integration test
 2017-06-12 13:46:30 -04:00
Justin Santa Barbara 4c9385b0fd Update integration tests for new versions 
(Separately: when we implemented standalone mode, we should also switch
the tests so they don't rely on the published stable channel!)
 2017-05-17 11:36:34 -04:00
Justin Santa Barbara 5e764fbe80 Merge pull request #2424 from while1eq1/fix-iam-terraform 
Update the terraform generator to use the value "role" instead of "roles" for the aws_iam_instance_profile resource
 2017-05-16 00:41:28 -04:00
Justin Santa Barbara eabbd1402b Add required terraform version declaration 
Terraform is changing its schema, and we probably want to encourage
users to use the newer terraform versions anyway.

See #2424
 2017-05-15 11:20:32 -04:00
Justin Santa Barbara f9a0ae778b Merge pull request #2508 from pastjean/add-roles-as-outputs 
Added instance role as terraform output
 2017-05-15 09:13:39 -04:00
Justin Santa Barbara 5d9a5c611f Fix channel version recommendations 
We were recommending 1.5.2 based on the kops version, but then 1.5.4
based on that k8s version.

Fix & add a test.
 2017-05-05 20:28:46 -04:00
Pierre-Alexandre St-Jean 347dccfa25 Added instance role as terraform output 
Added:
- Instance role name
- Instance role arn

as terraform outputs, this can then be references later on to
use as sts:assume role, create after this one
 2017-05-05 16:21:43 -04:00
Justin Santa Barbara fb6d1711ee Update tests for new tag 2017-05-02 00:33:25 -04:00
Bill Broach 142c2ceae0 this wants 2 spaces for some reason 2017-04-24 20:32:08 -04:00
Bill Broach d5e7f85b2d fix whitespacing on name 2017-04-24 20:11:16 -04:00
Bill Broach 24d01f9223 fix whitespace 2017-04-24 20:00:26 -04:00
Bill Broach 160e5d7fa8 update integration tests to use role instead of roles for terraform aws_iam_instance_profile resource 2017-04-24 18:08:31 -04:00
Justin Santa Barbara 4dcc6ad067 Merge pull request #2370 from luomiao/userdefined-s3endpoint 
Support user-defined s3 endpoint
 2017-04-20 01:17:08 -04:00
dima bf06e36a4f change flag to --encrypt-etcd-storage=true 2017-04-19 13:27:56 +02:00
dima 968cf784a9 Merge branch 'master' of https://github.com/kubernetes/kops into feature/extend_PR_398 2017-04-19 12:37:52 +02:00
Miao Luo 76437a77d4 Support user-defined s3 endpoint. 2017-04-18 11:27:07 -07:00
Adam H. Leventhal e8d8e2882e invalid tags field in aws_route53_zone_association terraform resource 2017-04-07 20:32:35 -07:00
Adam H. Leventhal 2a9315ac56 Support dns=private with terraform #1848 2017-04-06 07:44:41 -07:00
dima e7ddeb71ec add tests and fix existed for --encrypt-volume option 2017-04-03 14:47:28 +02:00
Justin Santa Barbara 3f2ee47689 Fix tests 2017-03-29 18:23:19 -04:00
Justin Santa Barbara c6b4288e61 Pull fixes from the integration branch 2017-03-28 20:42:15 -04:00
Justin Santa Barbara 4006741a5d Update for new taints / labels names 2017-03-27 23:13:39 -04:00
Justin Santa Barbara bdf0d04b0a Merge pull request #2104 from justinsb/container_optimized_os 
Initial Container-Optimized OS support
 2017-03-27 10:21:39 -04:00
Robin Percy 4b030fed69 Added taints property to IG Spec. 
- new property is only used when KubernetesVersion is 1.6 or greater
- taints are passed to kubelet via --register-with-taints flag
- Set a default NoSchedule taint on masters
- Set --register-schedule=true when --register-with-taints is used
- Changed the log message in taints.go to be less alarming if taints are
  found - since they are expected on 1.6.0+ clusters
- Added Taints section to the InstanceGroup docs
- Only default taints are allowed in the spec pre-1.6
- Custom taint validation happens as soon as IG specs are edited.
 2017-03-25 18:36:00 -07:00
Justin Santa Barbara 9e7c0506f8 Update to fix tests 2017-03-20 23:56:20 -04:00
Justin Santa Barbara 2e7ef573aa Update expected test results: creationTimestamp no longer quoted 2017-03-16 02:40:50 -04:00
Justin Santa Barbara cb4641fea3 Code updates 2017-03-16 02:40:50 -04:00
Eric Hole 8a25a72518 Merge pull request #2051 from justinsb/fix_elb_name_collisions 
Use Name tag to match ELBs
 2017-03-09 07:32:14 -08:00
Justin Santa Barbara 18886749d9 Always include hash, per code review 
Thanks @kris-nova
 2017-03-09 09:35:09 -05:00
Justin Santa Barbara 69c38f721e Switch how we build ELB names, but keep a feature flag 2017-03-09 09:18:31 -05:00
Justin Santa Barbara 07d2bfc982 Fix terraform output of shared subnets 
Also add a test

Fix #1977
 2017-03-08 09:18:34 -05:00
Chris Love c2f2de93e3 Merge pull request #2016 from justinsb/fix_1890 
Fix shared NAT gateways
 2017-03-01 11:16:44 -07:00
Justin Santa Barbara cdc8b034d1 Fix 1.6.0 validation 
We were requiring API servers, but the apiserver flag is removed from
1.6.
 2017-03-01 12:58:54 -05:00
Justin Santa Barbara 8230d8a140 Fix shared NAT gateways 
Also add a test

Fix #1890
 2017-03-01 00:15:12 -05:00
Justin Santa Barbara 56e79d669e Fix tests - another cross-merge 2017-02-24 09:15:55 -05:00
Justin Santa Barbara bf2edddb8d Merge pull request #1935 from justinsb/terraform_variable_output 
Output variables from terraform, for reuse in a module
 2017-02-24 09:06:20 -05:00
Justin Santa Barbara c4993f684d Merge pull request #1909 from justinsb/socat_coreos_option_2 
Add socat to CoreOS
 2017-02-24 02:16:38 -05:00
Justin Santa Barbara 4557ee7b9e Add socat to CoreOS 
We build a statically linked version and distribute it with kops.

Note that our version of socat does not include libssl, but kubernetes
does not use it anyway.
 2017-02-24 01:24:25 -05:00
yissachar 8219e52c79 Merge pull request #1957 from justinsb/fix_1956 
Cleanup nil handling in kubelet options
 2017-02-24 00:26:33 -05:00
Justin Santa Barbara e09037dff0 Merge pull request #1969 from zytek/fix-1949 
Resolve DNS Hosted Zone ID while building IAM policy
 2017-02-23 10:21:39 -05:00
Justin Santa Barbara 08419fcae8 Merge pull request #1750 from robinpercy/cli-cloud-labels 
WIP: Exposing cloud labels as a CLI option
 2017-02-23 09:51:08 -05:00
Jakub Paweł Głazik 26fac5e17d Update cloudformation test (IAM policy) 2017-02-23 11:46:06 +01:00