kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,395 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

853 Commits

Author SHA1 Message Date
Ciprian Hacman 4d7ebd343c
Release 1.22.0-alpha.2 (#12012) 2021-07-17 21:42:51 -07:00
Kubernetes Prow Robot 14de757bca
Merge pull request #11991 from olemarkus/refactor-iam 
Dedicated function for ccm permissons
 2021-07-16 13:06:10 -07:00
Ole Markus With f0390eda29 Dedicated function for ccm permissons 
Update pkg/model/iam/iam_builder.go

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2021-07-16 19:39:57 +02:00
John Gardiner Myers 10692bc2f4 hack/update-expected.sh 2021-07-14 08:19:10 -07:00
Kubernetes Prow Robot 2526a35962
Merge pull request #11986 from olemarkus/nodeup-containerd 
Move containerd config from cloudup to nodeup
 2021-07-14 02:10:27 -07:00
Ole Markus With c17ec3a7e7 Move containerd config from cloudup to nodeup 2021-07-14 10:28:37 +02:00
Ole Markus With a13cdb38f3 Add region to aws lbc 2021-07-14 08:23:53 +02:00
John Gardiner Myers e185c8148d hack/update-expected.sh 2021-07-11 11:16:11 -07:00
John Gardiner Myers 61606868ab hack/update-expected.sh 2021-07-10 23:23:13 -07:00
Kubernetes Prow Robot a397a881a1
Merge pull request #11974 from johngmyers/refactor-sakey 
Refactor service-account signing key
 2021-07-10 23:18:46 -07:00
John Gardiner Myers a63e65038f hack/update-expected.sh 2021-07-10 17:31:59 -07:00
Kubernetes Prow Robot edf278d382
Merge pull request #11961 from olemarkus/cilium-etcd-fixes 
Cilium etcd fixes
 2021-07-10 14:20:46 -07:00
Ole Markus With 97a41c66f4 Enable k8s event handover when kvstore is used 2021-07-09 15:46:43 +02:00
John Gardiner Myers 86c9ee5506 hack/update-expected.sh 2021-07-09 00:20:18 -07:00
John Gardiner Myers cdf26302b2 hack/update-expected.sh 2021-07-08 18:46:03 -07:00
Ciprian Hacman fd08e2b047 Run hack/update-expected.sh 2021-07-08 22:12:12 +03:00
Ole Markus With 2d56558efe Run cert-manager cainjector on CP nodes as well 2021-07-06 16:05:41 +02:00
Kubernetes Prow Robot 0e458331b0
Merge pull request #11934 from olemarkus/cm-webhook-cp 
Schedule certmanager webhook on control plane
 2021-07-06 02:18:20 -07:00
Ole Markus With 735d9a898c Remove unused golden files from manyaddons test 2021-07-06 08:52:56 +02:00
Ole Markus With 561161291f Schedule certmanager webhook on control plane 2021-07-06 08:45:12 +02:00
John Gardiner Myers 9c83afb739 Remove obsolete files 2021-07-05 23:11:17 -07:00
Kubernetes Prow Robot 2e4a1ae143
Merge pull request #11921 from johngmyers/rename-k8s-ca 
Rename the "ca" keyset to "kubernetes-ca"
 2021-07-03 21:48:18 -07:00
Kubernetes Prow Robot cf834ce5fc
Merge pull request #11843 from olemarkus/reduce-policy-size-further 
Reduce policy size further
 2021-07-03 17:58:18 -07:00
John Gardiner Myers 5834fc2690 hack/update-expected.sh 2021-07-03 17:33:13 -07:00
Peter Rifel c5fbcccfa6
Update pause image to 3.5 2021-07-02 06:40:27 -04:00
John Gardiner Myers 5c5969d102 hack/update-expected.sh 2021-07-01 22:25:51 -07:00
John Gardiner Myers 186aaf6d96 hack/update-expected.sh 2021-07-01 14:45:32 -07:00
Peter Rifel 13f4305b9c
Include GCP Project in terraform HCL2 output 
This has been included in the JSON output but was missing from HCL2
 2021-07-01 09:23:37 -04:00
Ole Markus With aad2912710 Add sets for the remaining addons 2021-07-01 10:37:57 +02:00
Ole Markus With df5b58b1b3 Add sets for the typical default role perms 2021-07-01 10:28:01 +02:00
Ole Markus With 37271998e1 Use sets for aws lbc permissions 2021-07-01 10:19:40 +02:00
Ole Markus With c7bd1c1529 Add s3 policies to integration tests 2021-07-01 09:26:58 +02:00
Ole Markus With 9885714957 Use NewPolicy for the non-master roles 2021-07-01 09:19:35 +02:00
Ole Markus With 19833e6b73 Use sets for ebscsidriver permissions 2021-07-01 09:02:04 +02:00
John Gardiner Myers 0f1de5cfc8 hack/update-expected.sh 2021-06-30 18:55:35 -07:00
John Gardiner Myers e90f2cc834 hack/update-expected.sh 2021-06-28 13:48:35 -07:00
Kubernetes Prow Robot ee048e89e7
Merge pull request #11872 from johngmyers/refactor-serviceaccount 
Refactor nodeup APIServer builder, part one
 2021-06-28 10:42:01 -07:00
Kubernetes Prow Robot 917c965c8f
Merge pull request #11873 from hakman/avoid_spurious_changes 
Avoid spurious changes for ASG InstanceProtection and LT InstanceMonitoring
 2021-06-27 19:59:24 -07:00
John Gardiner Myers 7dfe9d82ab hack/update-expected.sh 2021-06-27 08:45:06 -07:00
John Gardiner Myers fdf034058d hack/update-expected.sh 2021-06-27 08:45:05 -07:00
Kubernetes Prow Robot 22c11c10f1
Merge pull request #11848 from johngmyers/cilium-etcd-client 
Refactor etcd-client-cilium secrets
 2021-06-27 04:01:24 -07:00
Ciprian Hacman 348eed772a Avoid spurious changes for ASG InstanceProtection and LT InstanceMonitoring 2021-06-27 10:08:13 +03:00
Ciprian Hacman 7bc629b683 Use DualStack API NLB for IPv6 2021-06-26 19:16:46 +03:00
John Gardiner Myers 91fff31697 Control plane nodes need the etcd-clients-ca-cilium keypair 2021-06-26 00:04:52 -07:00
John Gardiner Myers 2ef765bbcb hack/update-expected.sh 2021-06-26 00:01:34 -07:00
John Gardiner Myers 89209df150 hack/update-expected.sh 2021-06-25 22:25:50 -07:00
Ciprian Hacman d7f405f65a Decrease default values for net.ipv4.tcp_rmem and net.ipv4.tcp_wmem 2021-06-25 21:27:56 +03:00
Moshe Shitrit 47ef8e32cc update-expected 2021-06-25 13:02:40 +03:00
Kubernetes Prow Robot 89ad2bc453
Merge pull request #11810 from hakman/ipv6_disable_calico_awssrcdstcheck 
Enable cross-subnet mode with Calico by default
 2021-06-25 01:08:45 -07:00
Ciprian Hacman a12b3145ee Enable cross-subnet mode with Calico by default 2021-06-25 07:13:20 +03:00
John Gardiner Myers 7dea5af9be hack/update-expected.sh 2021-06-21 19:37:24 -07:00
John Gardiner Myers 48c42fe37f hack/update-expected.sh 2021-06-21 16:10:07 -07:00
John Gardiner Myers d5cea85f7c Use stable keyset IDs 2021-06-21 16:10:06 -07:00
Ole Markus With 79a2c111f2 Remove redundant permissions 2021-06-21 08:59:54 +02:00
Ole Markus With b3f274e140 Apply permissions to master role when irsa is not used 2021-06-21 08:56:11 +02:00
Ciprian Hacman 65d21ee463 Pre-pull container images from list of desired prefixes 2021-06-20 23:01:52 +02:00
Ciprian Hacman e347841aa3 Add integration test for Warm Pool images 2021-06-20 23:01:52 +02:00
Kubernetes Prow Robot e4eff07c81
Merge pull request #11809 from johngmyers/rotate-5 
Include multiple cluster CAs in trust stores
 2021-06-20 13:20:51 -07:00
Ole Markus With 778323eec9 Add missing lbc permission 2021-06-19 20:03:40 +02:00
John Gardiner Myers 0700ef64a0 hack/update-expected.sh 2021-06-19 10:56:24 -07:00
John Gardiner Myers 07474c6d30 Fix CA keys for all integration tests 2021-06-19 10:50:53 -07:00
Ole Markus With b37bc7578e Reduce master policy size for lb controller 2021-06-19 10:12:22 +02:00
Ole Markus With 507402e315 Fail early if policy size is too large 
This will then also be caught by integration tests
 2021-06-19 10:04:11 +02:00
Kubernetes Prow Robot 135cdf3461
Merge pull request #11789 from johngmyers/seed-rng 
Seed the random number generator on AWS
 2021-06-18 08:48:06 -07:00
Ole Markus With 33a7de60a7 Enable IRSA for EBS CSI Driver 2021-06-18 08:05:59 +02:00
John Gardiner Myers b1e77af664 hack/update-expected.sh 2021-06-17 23:03:52 -07:00
Ole Markus With 6e8e027aff Enable IRSA for Cluster Autoscaler 2021-06-16 18:03:11 +02:00
Kubernetes Prow Robot 847040de53
Merge pull request #11750 from olemarkus/containerd-per-ig 
Set containerd config on nodeup.Config instead of clusterspec
 2021-06-15 15:13:43 -07:00
Ole Markus With e7fa3fa82c Set containerd config on nodeup.Config instead of clusterspec 
This allows us to set a default containerd config per IG (e.g add a different config for GPU IGs)

Can also be considered a cleanup as we no longer use containerd.overrideConfig as a mechanism for bringing the default containerd config from cloudup to nodeup.
 2021-06-15 11:08:22 +02:00
Kubernetes Prow Robot 4cd3b58e37
Merge pull request #11763 from johngmyers/ipv6-access 
Make the AdminAccess default inclusive of IPv6
 2021-06-14 23:30:01 -07:00
John Gardiner Myers 9d531edb85 hack/update-expected.sh 2021-06-14 21:51:40 -07:00
John Gardiner Myers cab389f2f5 Rename --override to --set 2021-06-14 14:01:18 -07:00
John Gardiner Myers 74a44c2270 Don't restrict nodeup download to IPv4 2021-06-13 21:46:58 -07:00
Ciprian Hacman 2a11fa7dde Add --ipv6 experimental cli flag 2021-06-13 21:48:46 +02:00
Ciprian Hacman fcfba36b14 Pre-add integration test for creating an IPv6 cluster 2021-06-13 13:09:40 +02:00
Kubernetes Prow Robot cfc93e5178
Merge pull request #9294 from johngmyers/refactor-nodeup-context 
Remove InstanceGroup from NodeupModelContext
 2021-06-12 13:43:01 -07:00
Matthew Wong b6266ce5f0 Run hack/update-expected.sh 2021-06-09 13:53:07 -07:00
Ole Markus With 6582235312 Make AWS EBS CSI Driver default as of k8s 1.22 2021-06-08 22:29:16 +02:00
Ciprian Hacman 47bb825061 Generate AWSEBSCSIDriver model only when using AWS 2021-06-08 08:20:21 +03:00
Ole Markus With b3a60d3bc2 Set IMDSv2 on by default for nodes 
Bastion, nodes, and api servers get limit of 1
API servers tend to run pods requiring metadata access. The hop limit
depends on CNI, but all should work with a limit of 3.
 2021-06-05 08:17:12 +02:00
John Gardiner Myers 1db6e318a1 hack/update-expected.sh 2021-06-03 21:30:06 -07:00
John Gardiner Myers 91d81e5a1a hack/update-expected.sh 2021-06-03 21:26:51 -07:00
John Gardiner Myers 4bf9150ab6 hack/update-expected.sh 2021-06-03 21:20:43 -07:00
John Gardiner Myers 1d44ee3116 hack/update-expected.sh 2021-06-03 20:41:05 -07:00
Ciprian Hacman 62f54d1401 Run hack/update-expected.sh 2021-06-03 11:16:08 +03:00
Kubernetes Prow Robot 3c4b6068b9
Merge pull request #11649 from h3poteto/fix-jwks-location 
Fix jwks object path in S3 for IRSA
 2021-06-01 08:26:27 -07:00
AkiraFukushima 361b02fa44
Fix integration test for oidc because the object path is changed 2021-06-01 23:35:21 +09:00
John Gardiner Myers 0a48b9050f Protokube needs dns-controller IAM permissions 2021-05-31 06:58:59 -07:00
Ciprian Hacman 3b80de3bcc Convert all indents to spaces in node bootstrap script 2021-05-27 11:21:52 +03:00
Ole Markus With 04b15e404e Enable AWS EBS CSI driver by default 2021-05-26 08:47:14 +02:00
Ole Markus With 46e13c0009 Bump snapshot-controller version 
Update upup/models/cloudup/resources/addons/storage-aws.addons.k8s.io/v1.15.0.yaml.template

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>

Update upup/models/cloudup/resources/addons/storage-aws.addons.k8s.io/v1.15.0.yaml.template

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2021-05-21 15:40:40 +02:00
Alexander Block 5306e27646 Run ./hack/update-expected.sh 2021-05-20 08:11:35 +02:00
Peter Rifel c9f810d57e
Support terraform 0.12+'s filebase64() in json output 
Originally the JSON output was meant as a bridge between the 0.11 and 0.12 support.
Now that we've dropped support for 0.11, we can use filebase64() instead of encoding the userdata in the file ourselves.
 2021-05-19 17:42:50 -05:00
Ciprian Hacman c0e71d802d Run hack/update-expected.sh 2021-05-19 20:31:13 +03:00
John Gardiner Myers 65711d05c0 hack/update-expected.sh 2021-05-19 08:02:10 -07:00
John Gardiner Myers fbd7663606 hack/update-expected.sh 2021-05-18 21:49:39 -07:00
Ciprian Hacman 57feaa65c3 Run hack/update-expected.sh 2021-05-19 06:21:07 +03:00
Ciprian Hacman cedbe1f360 Add initial support for configuring IPv6 with AWS 2021-05-19 06:21:07 +03:00
Ciprian Hacman c08d0e2bdf Pre-add AWS IPv6 integration test 2021-05-18 08:56:16 +03:00
Ole Markus With d3581ebb84 bump aws lb controller to 2.2.0 2021-05-16 18:26:23 +02:00
Ciprian Hacman a39d829f1f Set canonical location for downloads to artifacts.k8s.io 
And remove the legacy location for downloads.
 2021-05-14 00:41:56 +03:00
Peter Rifel 640fd531c6
Add gossip integration test 2021-05-12 17:21:01 -05:00
Ciprian Hacman 54961e4ae5 Create new clusters without forcing a container runtime 
Decide which container runtime to use later in model, based on Kubernetes version and other settings.
 2021-05-09 21:43:58 +03:00
John Gardiner Myers 36f93d0069 hack/update-expected.sh 2021-05-07 23:40:03 -07:00
John Gardiner Myers d3469d6ec2 Remove code for no-longer-supported k8s versions 2021-05-07 23:40:03 -07:00
John Gardiner Myers 81956f622c Prepare for kOps 1.22 2021-05-07 13:44:58 -07:00
Kubernetes Prow Robot f0307cdcc9
Merge pull request #11393 from olemarkus/fix-lb-controller-nlb-permissions 
Add elasticloadbalancing:ModifyTargetGroupAttributes to aws lb controller
 2021-05-07 03:57:03 -07:00
John Gardiner Myers 8823f30ad7 Recognize the ServiceAccountIssuerDiscovery featue gate 2021-05-06 08:57:37 -07:00
Ole Markus With cd9ddd6716 Add elasticloadbalancing:ModifyTargetGroupAttributes to aws lb controller 2021-05-06 15:27:39 +02:00
John Gardiner Myers d21cb0f306 Use consistent ServiceAccountJWKSURI default for PublicJWKS 2021-05-06 00:15:15 -07:00
John Gardiner Myers a79da8ee86 Don't use PublicJWKS in TestAWSLBController 2021-05-06 00:11:23 -07:00
John Gardiner Myers 5c4f1c4f6c Adjust sorting of resources in hcl2 2021-05-02 19:39:23 -07:00
Kubernetes Prow Robot b054fb37b7
Merge pull request #11016 from olemarkus/irsa-custom 
user-configurable IAM roles for ServiceAccounts
 2021-05-02 11:16:01 -07:00
Ciprian Hacman 689b76d0ff Mark control-plane node for update when etcd manager config changes 2021-05-02 08:50:42 +03:00
Ciprian Hacman 62c47d23d4 Add integration test for etcd 2021-05-02 08:48:46 +03:00
Ole Markus With 6f8b3647cf Add support for IRSA in he api 
Apply suggestions from code review

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-05-01 16:03:42 +02:00
Ciprian Hacman d64cfba365 Mark control-plane node for update when etcd volume size changes 
etcd-manager expands the data volume on restart to the max available.
 2021-05-01 12:06:22 +03:00
Ole Markus With 5ca7c9b5d7 Use VFS as service account issuer if configured 
Also add an integration test that uses VFS
 2021-04-30 21:02:30 +02:00
Ole Markus With 460586833b Add toggle for AWS OIDC provider. Free it from any feature flag 2021-04-30 19:19:06 +02:00
Ole Markus With 25b5f0cfb2 Move publicDataStore to serviceAccountIssuerDiscovery.discoveryStore 2021-04-30 19:19:06 +02:00
Ole Markus With 849ff56c96 Fix SQS resource flapping 
* one case of AWS returning different JSON than we passed
* AWS returning a field we do not (and can not) build an expected value of
 2021-04-27 20:47:24 +02:00
Kenji Kaneda 71f52363f8 Add a lifecycle test for GCE 
- Move MockGCECloud to cloudmock/gce.
- Change Compute() and CloudDNS() of GCECloud to return interfaces
  for mocking
 2021-04-26 13:05:27 -07:00
Ciprian Hacman 55e154a526 Update Ubuntu images to latest version 2021-04-25 09:24:20 +03:00
Kubernetes Prow Robot b0664176bc
Merge pull request #11259 from olemarkus/warm-life-cycle-hook 
Make nodeup able to complete the warming life cycle hook
 2021-04-24 02:05:15 -07:00
Ole Markus With 1ec0bd18e8 Enable support for the ASG WarmPool lifecycle hook 
Update pkg/model/iam/iam_builder.go

Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>
 2021-04-24 09:40:52 +02:00
Kenji Kaneda f37330f53d Add GCE Router task 
This commit picks up the change from the previous attempt
(https://github.com/kubernetes/kops/pull/6828).

- Add Router to GCE tasks
- Add the HasExternalIP field to InstanceTemplate
- Create a RouterTask and set HasExternalIP to false when
  a private topology is specified.

https://github.com/kubernetes/kops/issues/6827
 2021-04-23 23:03:38 -07:00
Jason Haugen 36722afb0f change casing Asg->ASG 2021-04-22 13:07:01 -05:00
Jason Haugen 7e48dad4d2 add ManagedAsgTag, merge templates, improve docs 2021-04-19 16:51:08 -05:00
Jason Haugen cceb9dd296 lifecycle integ test, docs, & small cleanup 2021-04-19 15:43:06 -05:00
Jason Haugen 211c77f224 rebase & update tf output 2021-04-19 15:43:05 -05:00
Jason Haugen f91a71d901 update cloudformation test output 2021-04-19 15:43:05 -05:00
Jason Haugen fb3f317e42 fix cloudformation verify 2021-04-19 15:43:05 -05:00
Jason Haugen 318a116ba6 fix staticcheck 2021-04-19 15:43:05 -05:00
Jason Haugen 10df4a9a14 integ tests 2021-04-19 15:43:05 -05:00
Ciprian Hacman d33508d51f Update kOps recommended versions and images 2021-04-17 08:52:50 +03:00
Kubernetes Prow Robot c771b7622e
Merge pull request #11216 from olemarkus/warm-nodeup 
Don't start kubelet if instance is entering the warm pool
 2021-04-15 00:07:49 -07:00
Ciprian Hacman 27e102bd04 Add support for Docker v20.10.6 2021-04-15 07:01:36 +03:00
Ole Markus With af92896dc7 Don't start kubelet if we are warming 2021-04-14 11:05:50 +02:00
Barry Melbourne 1a60629d38 Update Docker to v20.10.5 2021-04-11 19:26:46 +01:00
Barry Melbourne 6575b6113d Update integration tests to k8s v1.21.0 2021-04-11 17:07:17 +01:00
Ole Markus With dbd23473ef Add irsa support for awslbcontroller 
This commit also introduces support for adding token projection volumes for well-known SAs.
Slightly less complicated than explicitly parsing the objects for a manifest
 2021-04-04 21:24:07 +02:00
Ole Markus With 1e3674e896 Add integration test for aws lb controller 2021-04-04 19:46:09 +02:00
Peter Rifel 80ceb4200d
Update test outputs 2021-03-26 11:24:11 -07:00
Barry Melbourne 05123faf5a Update containerd to v1.3.10/v1.4.4 2021-03-23 17:02:01 +00:00
Ciprian Hacman fa72535f95 Release 1.21.0-alpha.2 2021-03-22 08:38:47 +02:00
Kubernetes Prow Robot d14ba1bba1
Merge pull request #11087 from justinsb/readd_jwks_tests 
Re-add integration tests for jwks
 2021-03-21 00:33:49 -07:00
Kubernetes Prow Robot d43fb1e807
Merge pull request #11083 from bmelbourne/update-ubuntu-20.04-ami 
Update Ubuntu 20.04 to latest AMI
 2021-03-21 00:33:42 -07:00
Justin SB c75e084158 Re-add integration tests for jwks 
We removed them from #10756, but they can be re-added.
 2021-03-20 22:55:11 -04:00
Ole Markus With 20bd724f5e Add support for scaling out the control plane with dedicated apiserver nodes 
Ensure apiserver role can only be used on AWS (because of firewalling)

Apply api-server label to CP as well

Consolidate node not ready validation message

Guard apiserver nodes with a feature flag

Rename Apiserver role to APIServer

Add an integration test for apiserver nodes

Rename Apiserver role to APIServer

Enumerate all roles in rolling update docs

Apply suggestions from code review

Co-authored-by: Steven E. Harris <seh@panix.com>
 2021-03-20 20:57:00 +01:00
Barry Melbourne d13b7407a0 Update Ubuntu 20.04 to latest AMI 2021-03-20 10:52:28 +00:00