kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,395 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

62 Commits

Author SHA1 Message Date
Ole Markus With 88bd1953ce Have kops-controller assign instance ipv6 prefix to node 2021-09-16 19:25:19 +02:00
Ole Markus With ad16042a1f Add IPs to kubelet server cert 
Since AWS does not resolve instance hostnames to ipv6, ipv6-only pods that talk to kubelet API has to use node IP, not hostname. Thus we need to add IPs to kubelet server cert.
 2021-08-26 20:54:02 +02:00
John Gardiner Myers 191df58267 Verify CA keypair IDs for kops-controller-issued certs 2021-07-14 08:15:28 -07:00
John Gardiner Myers 4a47614e62 Simplify config server protocol 2021-06-26 09:56:47 -07:00
John Gardiner Myers 1752f0f4db Move most of nodeup.Config out of userdata 2021-06-25 22:25:49 -07:00
Kubernetes Prow Robot eb7ba5e943
Merge pull request #9229 from johngmyers/version-fullcluster 
Put versioned API of cluster into state store
 2021-06-21 01:32:52 -07:00
John Gardiner Myers c337d217ba Refactor kops-controller to use FindPrimaryKeypair and use consistent filenames 2021-06-19 10:56:29 -07:00
John Gardiner Myers 53695fc183 Put versioned API of cluster into state store 2021-06-16 19:33:46 -07:00
John Gardiner Myers 09259ad30f Remove unused field 2021-06-12 16:05:53 -07:00
Kubernetes Prow Robot b71ba1d566
Merge pull request #11219 from johngmyers/refactor-keypair 
Refactor keypair code in preparation for secret rotation
 2021-06-12 14:25:00 -07:00
John Gardiner Myers 2300d89591 Rename pki.FindKeypair to FindPrimaryKeypair 2021-06-05 16:38:26 -07:00
John Gardiner Myers 0364a3af25 Refactor FindKeypair interfaces 2021-06-05 16:38:24 -07:00
John Gardiner Myers eb09d31a3c Pass AuxConfig to nodeup 2021-06-03 21:04:21 -07:00
Barry Melbourne 659bfa0daf Update Controller Runtime Go module to v0.8.2 2021-02-25 20:34:12 +00:00
Kubernetes Prow Robot 4507be8e13
Merge pull request #10469 from justinsb/boot_nodes_from_kops_controller 
Boot nodes without state store access
 2021-02-08 11:28:19 -08:00
Barry Melbourne f2ecb5c153 Upgrade Go v1.15.6 / Bazel v3.4.1 2021-01-10 18:13:12 +00:00
Justin SB 4ac9d5c17b Boot nodes without state store access 
kops-controller can now serve the instance group & cluster config to
nodes, as part of the bootstrap process.

This enables nodes to boot without access to the state
store (i.e. without S3 / GCS / etc permissions)

Feature-flagged behind the KopsControllerStateStore feature-flag.
 2021-01-09 13:08:48 -05:00
Kenji Kaneda a61caea8d2 Add Azure support 
This commit contains all changes required to support Azure
(https://github.com/kubernetes/kops/issues/3957).
 2020-12-21 08:27:54 -08:00
Ciprian Hacman 2d9d43ab39 Fix multi-arch image pushing 2020-11-19 07:57:30 +02:00
Kubernetes Prow Robot 42e189605a
Merge pull request #10265 from hakman/docker-manifest 
Push multi-arch images
 2020-11-18 12:08:06 -08:00
Ciprian Hacman 78c28288a2 Push multi-arch images 2020-11-18 16:52:27 +02:00
Ciprian Hacman 924ab9effa Update Bazel rules for Go to v0.24.7 2020-11-15 12:32:24 +02:00
Kubernetes Prow Robot fbb172c08c
Merge pull request #9575 from johngmyers/node-labels 
Take node labels from cloud tags on AWS
 2020-10-23 04:01:45 -07:00
Ole Markus With 466dcd001e Apply suggestions from code review 
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-10-09 08:27:08 +02:00
Ole Markus With 809aa93634 Make use of kubelet service certificate 2020-10-09 08:27:08 +02:00
John Gardiner Myers 7069aaabf6 Take node labels from cloud tags on AWS 2020-09-10 20:59:24 -07:00
John Gardiner Myers 24ff622d8e Rename NodeReconciler to LegacyNodeReconciler 2020-09-10 20:42:56 -07:00
Rodrigo Menezes 4c057f138a Allow caching of Nodeidentity Info in kops-controller for AWS to reduce the number of DescribeInstances API calls. 2020-09-09 22:11:29 +03:00
John Gardiner Myers 07220797b4 Issue the cilium etcd client cert out of kops-controller 2020-08-17 21:15:34 -07:00
Peter Rifel bae8150e12
Update more klog v1 references to v2 
I missed these in the previous PR. This removes the direct dependency on v1 entirely.
The kubernetes 1.19 upgrade will remove the indirect reference on v1.
 2020-08-17 07:44:48 -05:00
John Gardiner Myers d05f9a3eff Don't issue certs for features not enabled 2020-08-16 23:40:43 -07:00
John Gardiner Myers b6947ccaee Use kops-controller to issue kube-router cert 2020-08-16 23:40:38 -07:00
John Gardiner Myers 8e43c1d637 Use kops-controller to issue kube-proxy cert 2020-08-16 23:36:42 -07:00
Peter Rifel 4d9f0128a3
Upgrade to klog2 
This splits up the kubernetes 1.19 PR to make it easier to keep up to date until we get it sorted out.
 2020-08-16 20:56:48 -05:00
John Gardiner Myers 9e99f76a6e Address review comments 2020-08-15 10:30:21 -07:00
John Gardiner Myers bec273ebf1 Implement signing of kubelet cert in kops-controller 2020-08-15 10:30:20 -07:00
John Gardiner Myers 9cfa169740 Add server code to kops-controller 2020-08-15 10:30:15 -07:00
John Gardiner Myers cfa262a81a Authenticate from nodeup to kops-controller 2020-08-15 09:50:08 -07:00
John Gardiner Myers 9c01e1f44d Send bootstrap query from nodeup to kops-controller 2020-08-15 09:50:08 -07:00
John Gardiner Myers 00c60ddff6 Add server code to kops-controller 2020-08-15 09:46:30 -07:00
Ciprian Hacman 172031859d ARM64 support - Build multi-arch images 2020-08-10 13:47:07 +03:00
John Gardiner Myers 44fb283e3f Move NodeLabels into the NodeupConfig 2020-06-28 18:52:03 -07:00
Peter Rifel 9eba72c2b4
Add a couple more "area" labels 2020-06-18 07:01:05 -05:00
Panagiotis Atmatzidis 31acabf8cd
Add EC2 instance lifecycle label to nodes 
When using a "mixed instance policy"[1] instance group spot and onDemand nodes are part of the same
ASG. The ASG handles the percentage of spot vs onDemand instances. There are no annotations, EC2 tags or labels to identify which
instances are onDemand vs spot. There is a field called `InstanceLifecycle` accessible through `EC2.DescribeInstances`.

The field `InstanceLifecycle` is available only in `spot` and
`scheduled` AWS EC2 instance types.

This PR introduces a new label to be attached on AWS EC2 spot nodes.

The label is:

```
node-role.kubernetes.io/spot-worker: "true"
```

or

```
node-role.kubernetes.io/scheduled-worker: "true"
```

[^1]: https://github.com/kubernetes/kops/blob/master/docs/instance_groups.md#mixedinstancepolicy-aws-only
 2020-05-15 09:33:37 +03:00
Justin Santa Barbara 31bb16d4d1 Add context.Context to most signatures 
The client-go signature for most methods adds a context.Context
object, and also makes Options mandatory.  Feed through a
context.Context through many of our methods (but use context.TODO to
stop it getting totally out of hand!)
 2020-04-11 14:44:17 -04:00
Peter Rifel afd9aa1a4d Enable stamping on bazel image builds 
Currently the images have a timestamp of epoch 0:

```
$ docker inspect kope/kops-controller:1.18.0-alpha.2 -f '{{ .Created }}'
1970-01-01T00:00:00Z
```

The `container_image` bazel rule [0] mentions that `creation_time` has a default value of 0 unless `stamp = True`, so this should be enabled on all container_image rules that are pushed to a docker registry.

[0] https://github.com/bazelbuild/rules_docker#container_image-1
 2020-04-02 20:27:14 -05:00
Justin SB 46c8cc6d86 makefile: use more hash helpers when building images 
It's cleaner & more consistent.
 2020-02-16 13:10:31 -05:00
Justin SB 0cb35638f2
Stop logging to /var/log/kops-controller.log 
Writing to a hostPath from a non-root container requires file
ownership changes, which is difficult to roll out today.  See
discussion in #8454

We were primarily using the logfile for e2e diagnostics, so we're
going to look into collecting the information via other means instead.

We also haven't yet shipped this logfile in a released version (though
we have shipped it in beta releases)
 2020-02-04 06:41:25 -05:00
John Gardiner Myers 14bc441d8d Run dns-controller and kops-controller as non-root user 2019-12-21 21:28:44 -08:00
Srikanth 7467d1a6a4 Remove ununsed code 2019-11-24 12:56:46 +05:30