This PR adds the base tags to DHCP Options, IGW, and Route Tables.
These components are not tagged correctly, and this can cause issues
with deletion. Name tags are not added to shared resources, as we allow
shared resources to have maintained names. A owned/shared tags with the
syntax "kubernetes.io/cluster/$CLUSTERNAME" = "owned" is added to the
resources as well. We are maintaining the Name tag value for private
route tables, as these resources do not use the standard value.
The current implementation when Etcd TLS was added does not support using calico as the configuration and client certificates are not present. This PR updates the calico manifests and adds the distribution of the client certificate
Weave limits the number of connections between peers and the default is 30.
As described here: ce9c5162bd/site/kubernetes/kube-addon.md
Setting the CONN_LIMIT environment variable controls this setting. Adding a field in the
WeaveNetworkingSpec and adding the env var to the associated templates lets users
have clusters larger than 30 nodes and still use weave's peer discovery
The weave authors have indicated that 100 is not an unreasonable setting.
https://github.com/weaveworks/weave/issues/1621#issuecomment-152713060
We previously needed them to allow list operations; however we now use a
keyset.yaml file instead of listing keys. That should be the sole use,
so we should no longer need this permission.
If not, we can re-enable the code easily.
Automatic merge from submit-queue.
Force nodeup to use the bundle
We disable fallback entirely for nodeup, so we can still share code, but
won't accidentally be using the wrong code path.
Builds on #3839
Automatic merge from submit-queue.
Fix null pointer issues when custom PROTOKUBE_IMAGE is specified.
When setting a custom protokube location via the environment variable `PROTOKUBE_IMAGE`, this appeared to not be getting set properly at the time of applying Cluster updates (via `kops update cluster ${KOPS_CLUSTER_NAME} --yes`), resulting in a runtime exception.
This PR resolves the above issue, so cluster updates are correctly applied with reference to a custom protokube image location (if provided).
Automatic merge from submit-queue.
Add --subnets and --utility-subnets to kops create cluster
This change adds two new options to `kops create cluster`
When specifying `--vpc`, `--subnets` can be specified as an unordered array of subnet ids. Kops will then look up the zones of the subnets to find which zone to add the subnet id to.
If `--topology private` is also specified, `--utility-subnets` can similarly be specified.
~If a zone was specified but a subnet wasn't given that matches the zone, then the subnet will be allocated a CIDR with the current behaviour.~ This case fails validation here 7bd0a6a703/pkg/apis/kops/validation/validation.go (L151)
I can add unit tests and docs changes if required, but I am keen to get feedback before I proceed much further.
I have only added support for AWS.
I have tested this by running a command similar to this:
```bash
kops create cluster \
--zones=us-east-1a,us-east-1b,us-east-1c \
--topology private \
--master-zones=us-east-1a,us-east-1b,us-east-1c \
--vpc $vpc_id \
--subnets subnet-111111,subnet-222222,subnet-333333 \
--utility-subnets subnet-444444,subnet-555555,subnet-666666 \
$cluster_hosted_zone_name
```
And the cluster spec was as expected.
chrislovecnm