kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
20,512 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

2634 Commits

Author SHA1 Message Date
justinsb d6350a5a6e etcd-manager: support symlinking versions 
This is an easy way for us to signal that certain versions are
compatible with each to etcd-manager, which is otherwise
overly-cautious when it comes to unknown versions.

We extend kops-utils to support the `-t` flag (like cp) to write to a
directory; and the `-s` flag (like cp) to use symlinks.  The syntax
isn't identical to cp, but should be semi-familiar and allows us to
minimize the number of initContainers we use.
 2023-07-10 11:11:59 -04:00
Ciprian Hacman 53e45886f3 gce: Rename firewall SSH rules for bastion 2023-07-10 07:06:07 +03:00
John Gardiner Myers d926989600 v1alpha3: Rename GCE networking to GCP 2023-07-09 16:48:26 -07:00
justinsb 3613f586c8 GCE: Set firewall rules for Internal LBs also 
It seems we can use the exact same rules.
 2023-07-09 19:25:42 -04:00
Kubernetes Prow Robot 114ac311c1
Merge pull request #15332 from hakman/gce_internal_lb 
gce: Update logic for internal LB
 2023-07-09 14:11:04 -07:00
Ciprian Hacman fb66f1770f gce: Use `user-data` instead of `startup-script` metadata key 2023-07-09 13:50:00 +03:00
Ciprian Hacman 4656743c22 gce: Add support for bastions 2023-07-08 18:19:40 +03:00
Ciprian Hacman 04a4e02920 gce: Update logic for internal LB 2023-07-08 04:34:43 +03:00
Justin SB cf9134489c kops-controller: create IPAM controller for GCE 
We observe the IPv6 CIDRs assigned to nodes, and reflect them into the node.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2023-07-05 12:34:55 -04:00
Ciprian Hacman 7d68ee9eb7 hetzner: Update CCM to v1.16.0 2023-07-02 08:29:56 +03:00
Kubernetes Prow Robot 49a6ed4188
Merge pull request #15570 from hakman/azure_network_security 
azure: Add support for network security groups
 2023-07-01 06:54:48 -07:00
Ciprian Hacman 4fe84705a5 azure: Add support for network security groups 2023-07-01 10:06:25 +03:00
Ciprian Hacman 4085da870f hack/update-expected.sh 2023-07-01 09:51:22 +03:00
Ciprian Hacman 015c80f950 Update etcd-manager to v3.0.20230630 2023-07-01 09:48:40 +03:00
Kubernetes Prow Robot bda5e9e63d
Merge pull request #15564 from hakman/revert_remove_obsolete_versions 
Revert "Remove obsolete etcd versions"
 2023-06-30 21:24:44 -07:00
Ciprian Hacman df97b95972 azure: Hardcode DiskControllerType to SCSI 2023-06-30 21:29:06 +03:00
Ciprian Hacman 67f0abb541 hack/update-expected.sh 2023-06-30 21:24:44 +03:00
Ciprian Hacman be69b25221 Revert "Remove obsolete etcd versions" 
This reverts commit 76cacc5c6f.
 2023-06-30 21:20:30 +03:00
Ciprian Hacman e8980bc21a Add option for specifying the list of etcd metrics urls 2023-06-27 19:50:05 +03:00
John Gardiner Myers cad5b69446
Release 1.28.0-alpha.1 (#15548) 2023-06-24 20:45:09 -07:00
John Gardiner Myers 0dfac69d83 Remove support for Weave networking 2023-06-22 23:03:24 -07:00
justinsb 476f1661f7 etcd-manager: set environment variables once 
Previously we were setting the env variable up to 3 times in an HA
control-plane, because we were adding to the etcd-manager
configuration once for each replica.
 2023-06-22 17:14:51 +03:00
Kubernetes Prow Robot dcdbec93e1
Merge pull request #15526 from justinsb/remove_duplicate_cluster 
Remove duplicate Cluster field in BootstrapScriptBuilder
 2023-06-20 04:26:22 -07:00
Ciprian Hacman cbddb4a9fd Remove duplicate Cluster field from tests 2023-06-20 12:19:04 +03:00
Ciprian Hacman 59b7653cc3 Update min versions for kOps v1.28 2023-06-20 08:11:21 +03:00
justinsb 2f0a94c34b Remove duplicate Cluster field in BootstrapScriptBuilder 
We had an identically named Cluster field in the "base class" (the
unnamed embedded objects we inherit), causing shadowing and the
potential for a nil-pointer panic.
 2023-06-19 14:34:02 -04:00
Kubernetes Prow Robot b5adab4d53
Merge pull request #15520 from hakman/fix-kops-utils-cp 
Fix promotion of `kops-utils-cp`
 2023-06-19 10:54:22 -07:00
Kubernetes Prow Robot b4c5a75829
Merge pull request #15487 from jsafrane/add-selinux 
Add optional SELinux support to RHEL clusters
 2023-06-19 08:54:22 -07:00
Kubernetes Prow Robot 0546addf29
Merge pull request #15515 from justinsb/strict_node_label_checking 
node labeling: don't ignore unknown roles
 2023-06-19 07:48:21 -07:00
Ciprian Hacman 60b14823bd hack/update-expected.sh 2023-06-19 16:52:28 +03:00
Ciprian Hacman 1d0fbfc4f1 Fix promotion of `kops-utils-cp` 2023-06-19 16:40:40 +03:00
Jan Safranek 0d03095fda Add SELinux support to containerd 
Add cluster.Spec.Containerd.SELinuxEnabled field that enables SELinux in
containerd.

With SELinux enabled, all pods that use HostPath volumes must run with
SELinux label `spc_t`, otherwise SELinux denies the pods to touch the host
filesystem.
 2023-06-19 15:20:08 +02:00
Ciprian Hacman cd1c7434e8 hack/update-expected.sh 2023-06-19 15:12:11 +03:00
Alasdair Tran 63cbe32293 Remap all init container images of etcd-manager 2023-06-19 00:09:32 +00:00
justinsb 36a763c88f node labeling: don't ignore unknown roles 
We were silently ignoring unknown roles, which makes it hard to know
when our expectations aren't met.  It looks like the rename of the
role from "Master" to "ControlPlane" may have caused some drift
against our expectations also.
 2023-06-18 19:40:56 -04:00
Ciprian Hacman 1026a131a1
Release 1.27.0-beta.1 (#15510) 2023-06-17 07:16:20 -07:00
Kubernetes Prow Robot 7117a67870
Merge pull request #15509 from hakman/kops-utils-cp 
Rename `kops-copy` to `kops-utils-cp`
 2023-06-17 02:56:20 -07:00
Ciprian Hacman ccb75c1e33 hack/update-expected.sh 2023-06-16 22:28:38 +03:00
Ciprian Hacman bec7226ad1 Rename `kops-copy` to `kops-utils-cp` 2023-06-16 22:24:51 +03:00
Ciprian Hacman 8a8f1be1ed Update pause image to v3.9 2023-06-16 21:15:50 +03:00
Ciprian Hacman 059e7c7f11 Update containerd to v1.7.2 2023-06-16 11:58:55 +03:00
Leïla MARABESE 39ed84601f keep support for gossip clusters 2023-06-14 15:15:22 +02:00
Leïla MARABESE dab001c3e9 scaleway authenticator and verifier 2023-06-14 15:15:17 +02:00
Leïla MARABESE 49465a62c7 add backend for kops controller port 2023-06-14 15:11:53 +02:00
Kubernetes Prow Robot 3eac17c582
Merge pull request #15479 from fchiacchiaretta/openstack-metrics-sg-rules 
New OpenStack security group rules for metrics
 2023-06-11 11:35:46 -07:00
justinsb abd274b3f9 Use kops-controller on hetzner, even with gossip 
This is a more secure configuration.
 2023-06-11 07:15:31 -04:00
Federico Chiacchiaretta 110dd89eaf
New OpenStack security group rules to allow scraping of metrics for 
kubeControllerManager and kubeScheduler
 2023-06-07 18:04:06 +02:00
Ciprian Hacman 4810cc18b7 hack/update-expected.sh 2023-06-05 16:46:37 +03:00
Ciprian Hacman 825e60b3ff etcd-manager: Add back etcd v3.5.7 binaries 2023-06-05 16:46:31 +03:00
Ciprian Hacman 9201263abb hack/update-expected.sh 2023-05-31 12:57:30 +03:00
Ciprian Hacman 071d272ad3 Use `opt` instead for volume name 2023-05-31 12:54:57 +03:00
Ciprian Hacman f51e347f99 Build and use cp replacement 2023-05-27 05:18:53 +03:00
Ciprian Hacman 77130df276 hack/update-expected.sh 2023-05-26 07:33:13 +03:00
Ciprian Hacman 2f07263d3d Update etcd to v3.5.9 2023-05-26 07:33:12 +03:00
Ciprian Hacman 461c0871cf Update Cilium to v1.12.10 2023-05-25 08:31:18 +03:00
Kubernetes Prow Robot c5ad898ef9
Merge pull request #15424 from spotinst/feature/add_spreadNodesBy 
Spotinst: add feature spread nodes by count/vcpu to markets
 2023-05-24 05:15:04 -07:00
Alex Last e296a8573b feat(hetzner): bump cloud-controller-manager and csi-driver 2023-05-24 08:28:48 +01:00
Ciprian Hacman 062f665dd5 hack/update-expected.sh 2023-05-23 12:52:56 +03:00
justinsb ca67b1ca1e Refactor: rename IsGossip -> UsesLegacyGossip 
We want to be able to use "dns=none" (without peer-to-peer gossip)
even for clusters that have the k8s.local extension.  These were
previously called "gossip clusters", but really that is an
implementation; what actually matters to users is that they don't rely
on writing records into a DNS zone (such as Route53).
 2023-05-22 21:50:16 -04:00
Kubernetes Prow Robot b78f1fab3a
Merge pull request #15301 from infonova/os-rework-retry-failed-servers 
OpenStack: Use task engine to retry failed servers
 2023-05-22 14:34:34 -07:00
ederst c6da418579 Run hack/update-expected.sh 2023-05-22 13:44:01 +02:00
Kubernetes Prow Robot 35cc07324d
Merge pull request #15375 from hakman/runc-1.1.7 
Update runc to v1.1.7
 2023-05-20 08:48:20 -07:00
Kubernetes Prow Robot 1cd895ccce
Merge pull request #15112 from hakman/etcd-manager_slimmer 
Remove obsolete etcd versions
 2023-05-20 07:04:19 -07:00
Ciprian Hacman a11c7189d0 Update runc to v1.1.7 2023-05-20 08:30:36 +03:00
Ciprian Hacman 2e1394dc57 Release 1.27.0-alpha.2 2023-05-19 21:35:09 +03:00
yehielnetapp faf4da0014 add cluster orientation cluster config 2023-05-18 16:15:34 +03:00
Ciprian Hacman 1c7d91b33c hack/update-expected.sh 2023-05-17 13:15:10 +03:00
Ciprian Hacman 76cacc5c6f Remove obsolete etcd versions 2023-05-17 13:00:02 +03:00
yehielnetapp 497898328f add feature spread nodes by to cluster 2023-05-17 12:56:44 +03:00
Kubernetes Prow Robot eccf23c920
Merge pull request #15420 from spotinst/feature/new_integrate_instance_metadata 
Spotinst: integrate AWS instance metadata config to instance groups #2
 2023-05-16 13:11:37 -07:00
Jesse Haka dbccba2f45 hack/update-expected.sh 2023-05-16 16:29:12 +03:00
Jesse Haka 6ac7903449 update etcd-manager to v3.0.20230516 2023-05-16 16:26:11 +03:00
yehielnetapp 12067887d3 fix vng size try 2 2023-05-16 16:13:02 +03:00
yehielnetapp 30894869e7 fix vng size 2023-05-16 16:10:35 +03:00
yehielnetapp 39d242a2fe add instance metdata config again 2023-05-16 13:44:09 +03:00
Aurelio Forese 6de63e3dd7 OpenStack model servergroup tests with loadbalancer update-expected 
Files changed after running './hack/update-expected.sh'
 2023-05-13 11:03:27 +02:00
Aurelio Forese efd50d000a OpenStack Octavia LoadBalancer supports for FlavorID 
When using Octavia as OpenStack Load Balancer, it is now possible to
specify the Octavia flavor ID to use.
 2023-05-13 10:17:44 +02:00
Kubernetes Prow Robot 9efad9c00c
Merge pull request #15410 from johngmyers/dualstack-nlb 
Make NLBs dualstack when they're in IPv6-capable subnets
 2023-05-12 22:53:26 -07:00
Kubernetes Prow Robot 4885e78bfd
Merge pull request #15406 from justinsb/options_pattern_for_hostpathmapping 
nodeup: Use functional options pattern for HostPathMapping
 2023-05-12 08:37:02 -07:00
Leïla MARABESE 3446b935c1 scaleway resources are tagged with cloud tags 2023-05-12 11:28:26 +02:00
John Gardiner Myers 8cc617afd9 Make NLBs dualstack when they're in IPv6-capable subnets 2023-05-11 14:46:23 -07:00
justinsb 6bdbbc4fd4 nodeup: Use functional options pattern for HostPathMapping 
This means that the object is not mutated after construction, making
it easier to do validity checks (such as whether we have mounted the
same path twice).
 2023-05-11 10:16:30 -04:00
Ciprian Hacman 0e37112f46 hack/update-expected.sh 2023-05-09 12:28:06 +03:00
Ciprian Hacman 81b4fbf8ac Add kubescheduler.config.k8s.io/v1 for K8s 1.25+ 2023-05-09 12:26:57 +03:00
Kubernetes Prow Robot 68bf1870f9
Merge pull request #15378 from hakman/containerd-1.6.21 
Update containerd to v1.6.21
 2023-05-08 05:51:17 -07:00
Ciprian Hacman abba0261e8 Update containerd to v1.6.21 2023-05-08 07:55:23 +03:00
justinsb 9c73c341ae Don't pass env vars if not needed 2023-05-07 13:17:56 -04:00
Bronson Mirafuentes de171be079 set default runc version to 1.1.5 2023-05-03 08:55:32 -07:00
Bronson Mirafuentes f11fd88020 update runc to 1.1.7 2023-05-02 13:48:02 -07:00
Kubernetes Prow Robot 2875f70cb5
Merge pull request #15347 from justinsb/gce_icmpv6 
gce: fix icmpv6 in firewalls
 2023-04-25 23:06:15 -07:00
justinsb b835184ea4 gce: fix icmpv6 in firewalls 
IPv6 in firewalls must use icmpv6, not icmp.  Remap in our ipv6
generator for simplicity.
 2023-04-25 20:59:47 -04:00
Leïla MARABESE 1e20a4c629 unique instance names to comply with CCM 2023-04-25 16:01:42 +02:00
Jesse Haka c09b401b38 add csi cinder metrics 2023-04-20 14:40:44 +03:00
Kubernetes Prow Robot 2ef477f190
Merge pull request #15331 from justinsb/gce_address_family_ipalias 
gce: set ip address family on all FirewallRule tasks
 2023-04-19 10:11:11 -07:00
justinsb be588e830f gce: set ip address family on all FirewallRule tasks 
We had missed a few code paths previously.
 2023-04-18 03:45:09 -04:00
Anthony Hausman 5af9c30f32
Update containerd to v1.6.20 2023-04-16 12:32:49 +02:00
Jesse Haka 225e3f4b3f Upgrade k8s-dns-node-cache to 1.22.20 2023-04-13 16:23:46 +03:00
Kubernetes Prow Robot 69691eea23
Merge pull request #15266 from infonova/os-implement-etcd-manager-networkcidr 
OpenStack: Add network-cidr config for etcd-manager
 2023-04-13 02:48:36 -07:00
Steven E. Harris 9595c833ee
Allow Cluster Autoscaler to ignore daemon pods 
By default the cluster autoscaler takes DaemonSet-managed pods'
resource requests into consideration when computing a node's resource
utilization. Allow toggling its "--ignore-daemonsets-utilization"
command-line flag via a new field in the Cluster
spec—"clusterAutoscaler.ignoreDaemonSetsUtilization." Setting that
field to true causes the autoscaler to ignore such daemon pods'
requests, such that it will more likely judge a node running only
daemon pods as being underutilized and shut down its hosting machine.
 2023-04-05 10:03:24 -04:00
Kubernetes Prow Robot 4cbcbf251b
Merge pull request #15281 from justinsb/gce_ipv6_subnets 
gce: Add IPv6 support to subnet/instances
 2023-03-31 13:43:49 -07:00
Justin SB 98c1109cc6 gce: Add IPv6 support to subnet/instances 
We need to specify StackType & IPv6AccessType
 2023-03-31 09:33:47 -04:00
Justin SB f20e08cab9 GCE FirewallRule: Use an explicit field for ipv4 vs ipv6 
We were previously relying on the name, but the name was "fooled" by
cluster names like ipv6.example.com
 2023-03-31 09:33:29 -04:00
Justin SB d4f3573351 gce: Fix log message about bucket level IAM 
The parameters were the wrong way round.
 2023-03-30 17:16:03 -04:00
ederst 3ccb8746cf OpenStack: Add network-cidr config for etcd-manager 2023-03-27 11:14:25 +02:00
Kubernetes Prow Robot b202130d8f
Merge pull request #15221 from infonova/os-set-allowed-addresses 
OpenStack: Allow setting allowed address pairs for ports
 2023-03-26 23:35:56 -07:00
ederst a63328fc5b Run hack/update-expected.sh 2023-03-23 15:01:10 +01:00
ederst 37c2cf56d2 OpenStack: Allow setting allowed address pairs for ports 2023-03-23 15:01:10 +01:00
idanshoham 222e138683
feat(spot): Setting the VNG Size Limits in Launch Spec 2023-03-19 10:30:34 +02:00
Kubernetes Prow Robot 9d05f3d59c
Merge pull request #15238 from hakman/fix_additional_policies 
aws: Use `control-plane` for additional policies instead of `master`
 2023-03-16 19:31:16 -07:00
Ciprian Hacman 3a8d11c01f aws: Use `control-plane` for additional policies instead of `master` 2023-03-16 10:49:08 +02:00
Ciprian Hacman 88fd444987 gcp: Update terraform rendering for Target Pool 2023-03-16 08:55:15 +02:00
Ciprian Hacman 1db17ab949 gcp: Update terraform rendering for HTTP Health Check 2023-03-16 08:10:25 +02:00
Peter Rifel 3ce30fff48
Don't set CSIMigrationAWS for k8s >=1.27 2023-03-10 21:19:21 -06:00
Justin SB 03af1c7272 gce: Don't reconcile routes when running with "gce" networking. 
If running with GCE "native" networking, we do not need the route
controller (and it causes problems); we turn it off by setting
--configure-cloud-routes=false.

In general we do not need the gkenetworkparams controller (and it
complains about missing CRDs).  We will turn it off in future, but it
isn't in the images we are using currently.
 2023-03-03 10:07:09 -05:00
Justin SB eb7d3c958c gce: When using network native pod IPs, open firewall to apiserver 
If we're not masquerading the pod IPs, we need an explicit firewall
rule for the pods to reach the kube-apiserver.  Normally this is
permitted anyway, but if the apiserver has a locked-down CIDR range
(as the e2e tests do) then we need our own rule.
 2023-03-02 13:15:58 -05:00
Jesse Haka 3f9a1b6462 set node status update freq to 60min in OpenStack 2023-02-27 20:38:30 +02:00
Kubernetes Prow Robot b5dc9f6371
Merge pull request #15122 from Mia-Cross/scw_profiles 
scaleway: get credentials from Scaleway profile
 2023-02-24 07:43:34 -08:00
Ciprian Hacman 8d6a809d10 Update containerd to v1.6.18 2023-02-18 04:38:08 +02:00
Rafael da Fonseca bc37c7408c Add terraform target support for configuring Warm Pool 2023-02-14 14:27:46 +00:00
Kubernetes Prow Robot 9ec9d42910
Merge pull request #15131 from hakman/containerd-v1.6.17 
Update containerd to v1.6.17
 2023-02-13 02:27:29 -08:00
Jesse Haka ff557a9cf1 remove cadvisor and etcd client fw rule 2023-02-13 09:31:37 +02:00
Jesse Haka 382855d7d1 remove s3 access from nodes if using none dns 2023-02-12 21:51:16 +02:00
justinsb 150a98e258 DigitalOcean: Support SSH key provisioning 
This means we don't need to pre-upload our SSH keys.
 2023-02-12 10:34:40 -05:00
Ciprian Hacman 0d39e0920e Update containerd to v1.6.17 2023-02-12 12:27:24 +02:00
Leïla MARABESE 9f950f4a3a scaleway profiles feature 2023-02-10 17:02:45 +01:00
Ciprian Hacman 884fded69e hack/update-expected.sh 2023-02-01 09:37:37 +02:00
Ciprian Hacman bdd7ff49da Update etcd-manager to v3.0.20230201 2023-02-01 09:35:32 +02:00
Kubernetes Prow Robot ebebbe8b76
Merge pull request #15068 from hakman/etcd-v3.5.7 
Update etcd to v3.5.7
 2023-01-31 01:54:49 -08:00
Kubernetes Prow Robot 94affad3a4
Merge pull request #15050 from anthonyhaussman/feat/tone/cilium_unreachable_routes_pod_deletion 
Cilium: Add unreachable route for pod IP on deletion option
 2023-01-30 05:26:51 -08:00
Kubernetes Prow Robot 254fd0ca39
Merge pull request #14933 from Mia-Cross/scaleway_load_balancer 
scaleway: load-balancer support
 2023-01-30 00:12:51 -08:00
Ciprian Hacman ae042e7499 Update containerd to v1.6.16 2023-01-29 08:01:37 +02:00
Ciprian Hacman 4ebc882a70 hack/update-expected.sh 2023-01-28 16:29:53 +02:00
Ciprian Hacman 1d8114dd8c Update etcd to v3.5.7 2023-01-28 16:28:07 +02:00
Leïla MARABESE e2a6207ea1 added dependencies between LB, LBbackend and LBfrontend tasks 2023-01-26 17:12:47 +01:00
Leïla MARABESE 43f8f8b29b separated back/front-end tasks from LB task 2023-01-26 17:12:46 +01:00
Leïla MARABESE 3dece51a3a migrated LB regionalized API to zoned API 2023-01-26 17:12:46 +01:00
Leïla MARABESE ea2f7123e1 use of cloud tags + improved error checking and messages 2023-01-26 17:12:46 +01:00
Leïla MARABESE e9f2694061 load-balancer model + tasks 2023-01-26 17:12:46 +01:00
John Gardiner Myers b47babf808 Upgrade AWS CCM to 1.25.3 2023-01-24 12:35:24 -08:00
Anthony Hausman 484bde5b9b
cilium: Add unreachable route for pod IP on deletion option 
When a pod is deleted, the route to its IP is replaced with an unreachable route.
When a pod is created, the route is replaced with a route to the pod veth (so if an unreachable existed, it's replaced).

Ref:
 - https://github.com/cilium/cilium/pull/18505
 2023-01-24 14:08:24 +01:00
Ciprian Hacman b1ef66f136 etcd-manager: Add option to set backup retention 2023-01-23 09:43:09 +02:00
Ciprian Hacman fef8eb4a9b Run hack/update-expected.sh 2023-01-21 09:24:33 +02:00
Ciprian Hacman 61acbe72fa Update etcd-manager to v3.0.20230119 2023-01-21 09:24:33 +02:00
Ciprian Hacman 971c655ecb Run hack/update-expected.sh 2023-01-21 09:24:33 +02:00
Ciprian Hacman 40bf0b9f52 Load etcd binaries dynamically from container images 2023-01-21 09:24:33 +02:00
Kubernetes Prow Robot ddd1583244
Merge pull request #15022 from Mia-Cross/scw_refacto_instance_and_tags 
scaleway: refactoring: instance and tags
 2023-01-18 21:50:34 -08:00
Kubernetes Prow Robot 6b04c3e9f5
Merge pull request #15020 from johngmyers/nth 
Upgrade Node Termination Handler to 1.18.3
 2023-01-18 10:12:34 -08:00
John Gardiner Myers 56092cd2b7 Upgrade Node Termination Handler to 1.18.3 2023-01-18 08:12:59 -08:00
Leïla MARABESE e52af91e34 scaleway: refactoring: instance and tags 2023-01-18 15:50:37 +01:00
Kubernetes Prow Robot e88fbf5d7d
Merge pull request #15016 from johngmyers/nodeup-network2 
Move more networking settings into nodeup.Config
 2023-01-18 02:04:35 -08:00