kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,422 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

4712 Commits

Author SHA1 Message Date
AkiraFukushima 2fd69ba3a3
Remove access log attributes when the spec is removed from cluster spec 2021-08-03 17:45:20 +09:00
Kubernetes Prow Robot 283080bc30
Merge pull request #12083 from CheyiLin/nth 
Add nth rebalance recommendation configs
 2021-08-02 21:40:48 -07:00
AkiraFukushima 226cbe5561
Support AWS LB access log configuration for NetworkLoadBalancer 2021-08-03 12:12:16 +09:00
Cheyi Lin 408bb7dfbe Add nth rebalance recommendation configs 2021-08-02 16:20:17 +08:00
Ciprian Hacman 966d2d6308 Update Calico to v3.20.0 2021-08-02 08:51:37 +03:00
Kubernetes Prow Robot a9207f4a6c
Merge pull request #12087 from johngmyers/sha256-manifest 
Use SHA-256 for manifest hashes
 2021-08-01 21:55:23 -07:00
John Gardiner Myers d6a159a258 hack/update-expected.sh 2021-08-01 16:42:14 -07:00
John Gardiner Myers 03434509e2 Use SHA-256 for manifest hashes 2021-08-01 16:37:01 -07:00
Justin SB 912e28d95a GCE: TargetPool should ignore Lifecycle field 
It's an internal field, it shouldn't be detected as a change to apply.
 2021-07-30 14:57:14 +00:00
Ciprian Hacman 541d328812 Update containerd to v1.4.9 2021-07-30 07:30:42 +03:00
Kubernetes Prow Robot 5bd6a49b26
Merge pull request #12062 from hakman/coredns-1.8.4 
Update core-dns to v1.8.4
 2021-07-29 11:14:57 -07:00
AkiraFukushima 50ab82ed04
Support AWS LB access log configuration in cluster spec 2021-07-29 22:39:23 +09:00
Kubernetes Prow Robot 8c5c8018db
Merge pull request #12065 from MoShitrit/aws-cni-1.9.0 
Update AWS CNI to v1.9.0
 2021-07-28 23:04:19 -07:00
Ciprian Hacman fc3a103baf Update core-dns to v1.8.4 2021-07-29 08:23:35 +03:00
Kubernetes Prow Robot 05964b9375
Merge pull request #12059 from hakman/containerd-1.4.8 
Update containerd to v1.4.8
 2021-07-28 22:20:19 -07:00
Moshe Shitrit 13a489571b update auto-generated files after update-expected and verify-apimachinery 2021-07-29 00:19:44 -04:00
Moshe Shitrit f0f15df565 update aws-cni version to 1.9.0 2021-07-29 00:05:20 -04:00
Ciprian Hacman b6464658d4 Update containerd to v1.4.8 2021-07-29 05:27:10 +03:00
Kubernetes Prow Robot 81432c6d2f
Merge pull request #12043 from johngmyers/sts-region 
Use regional STS endpoint
 2021-07-28 01:39:35 -07:00
John Gardiner Myers 085b43e420 Clean up "kops get secrets" 2021-07-27 21:33:52 -07:00
Ching Kuo 7fba614a3c Add Option to Specify OpenStack Octavia Provider 
In newer version of OpenStack, there are multiple octavia provider to
choose from instead of only "octavia" as provider. This commit added a
command line option "os-octavia-provider", enabling user to specify the
octavia provider that will be use to create load balancers.
 2021-07-27 15:15:17 +08:00
John Gardiner Myers babf07136e Use regional STS endpoint 2021-07-24 22:33:30 -07:00
John Gardiner Myers cd1aa1ab53 Simplify FindSSHPublicKeys() interface 2021-07-24 09:01:22 -07:00
John Gardiner Myers cddefc0a1f Simplify DeleteSSHCredential() interface 2021-07-24 09:01:21 -07:00
John Gardiner Myers 4bbed0339a Split out "delete sshpublickey" command 2021-07-24 09:01:21 -07:00
John Gardiner Myers d935a419f8 Simplify AddSSHPublicKey() interface 2021-07-24 08:59:57 -07:00
Kubernetes Prow Robot 34ce86adf2
Merge pull request #12019 from johngmyers/catasks-nobootstrap 
Fix certificate bootstrap for non-kops-controller-bootstrap cloud providers
 2021-07-19 15:56:15 -07:00
Kubernetes Prow Robot be63d4f1a7
Merge pull request #11953 from rifelpet/tf-cp 
Return a clearer error when terraform is used on an unsupported provider
 2021-07-19 10:52:52 -07:00
Kubernetes Prow Robot 14d58a4e87
Merge pull request #12024 from olemarkus/irsa-nth 
Add irsa support for node termination handler
 2021-07-19 10:06:52 -07:00
Ole Markus With d31c682506 Set vpc-id on aws lbc 2021-07-19 15:14:15 +02:00
Ole Markus With 28bd45a8fa Add irsa support for nth 2021-07-19 15:12:35 +02:00
Peter Rifel 5b62e73726
Add shell completion for `--target` 2021-07-19 08:35:36 -04:00
Peter Rifel ce0d8955ef
Return a clearer error when terraform is used on an unsupported provider 2021-07-19 08:29:05 -04:00
Kubernetes Prow Robot 147b0be4f9
Merge pull request #12020 from johngmyers/refactor-featureflag 
Report unknown feature flags as such
 2021-07-18 18:04:52 -07:00
John Gardiner Myers f244790d51 Make version boundaries const 2021-07-18 16:29:41 -07:00
John Gardiner Myers f6b053de9d Report unknown feature flags as such 2021-07-18 16:24:04 -07:00
John Gardiner Myers e9fc12b4f3 Fix certificate bootstrap for non-kops-controller-bootstrap cloud providers 2021-07-18 13:37:19 -07:00
Peter Rifel 4d872b85d2
Add azure support for specifying a shared vpc 
This allows the `create cluster --vpc` flag to specify the vnet ID for using shared vnets.
 2021-07-18 10:46:58 -07:00
Ciprian Hacman 4d7ebd343c
Release 1.22.0-alpha.2 (#12012) 2021-07-17 21:42:51 -07:00
John Gardiner Myers e6ede8f4a9 Don't provision SSH key by default on AWS 2021-07-17 16:33:26 -07:00
John Gardiner Myers 3ae5413f63 Use keypair IDs for non-kops-controller-issued worker node certs 2021-07-15 14:04:48 -07:00
Kubernetes Prow Robot f24f12f84c
Merge pull request #11982 from johngmyers/bootstrap-keypairid 
Verify CA keypair IDs for kops-controller-issued certs
 2021-07-15 12:31:03 -07:00
Kubernetes Prow Robot e187359069
Merge pull request #11962 from rifelpet/azure-vmss-zone 
Azure - support VMSS availability zones
 2021-07-15 05:58:48 -07:00
Peter Rifel affbeb3c5b
Fix Azure zone number format passed to VMSS API 2021-07-14 19:06:28 -04:00
John Gardiner Myers 191df58267 Verify CA keypair IDs for kops-controller-issued certs 2021-07-14 08:15:28 -07:00
Kubernetes Prow Robot 2526a35962
Merge pull request #11986 from olemarkus/nodeup-containerd 
Move containerd config from cloudup to nodeup
 2021-07-14 02:10:27 -07:00
Ole Markus With c17ec3a7e7 Move containerd config from cloudup to nodeup 2021-07-14 10:28:37 +02:00
Ole Markus With a13cdb38f3 Add region to aws lbc 2021-07-14 08:23:53 +02:00
liranp 786244aa9b
feat(spot/addon): bump ocean-controller to v1.0.77 2021-07-12 12:45:15 +03:00
John Gardiner Myers 9dbf3479d6 Stop writing the certificate-only keyset.yaml 2021-07-11 11:16:11 -07:00
Kubernetes Prow Robot 73b1bce020
Merge pull request #11975 from johngmyers/refactor-legacy 
Issue certs using CA KeypairID in NodeupConfig
 2021-07-11 01:56:47 -07:00
Kubernetes Prow Robot a3daff9343
Merge pull request #11971 from johngmyers/rotate-all 
Add "all" variants of key rotation commands
 2021-07-11 00:30:46 -07:00
John Gardiner Myers 68041a4f73 Issue certs using CA KeypairID in NodeupConfig 2021-07-10 23:23:12 -07:00
John Gardiner Myers a33a30a859 Refactor out some legacy interfaces 2021-07-10 23:23:12 -07:00
Kubernetes Prow Robot a397a881a1
Merge pull request #11974 from johngmyers/refactor-sakey 
Refactor service-account signing key
 2021-07-10 23:18:46 -07:00
John Gardiner Myers d58a19e1bd Refactor service-account signing key 2021-07-10 17:31:59 -07:00
Kubernetes Prow Robot edf278d382
Merge pull request #11961 from olemarkus/cilium-etcd-fixes 
Cilium etcd fixes
 2021-07-10 14:20:46 -07:00
John Gardiner Myers 5a2aac4cfd Add "all" variants of key rotation commands 2021-07-10 05:51:31 -07:00
Ole Markus With a536929fec Add auto compaction to new cilium etcd clusters and to docs 2021-07-09 15:47:46 +02:00
Ole Markus With 97a41c66f4 Enable k8s event handover when kvstore is used 2021-07-09 15:46:43 +02:00
John Gardiner Myers 9f2c7fe55c Don't (disruptively) reissue CAs just because Subject or SAN changed 2021-07-08 22:09:26 -07:00
Peter Rifel 9552b25050
Azure - support VMSS availability zones 
Azure's subnets are regional so we use similar functionality to GCE where we reference the InstanceGroup's zones rather than a subnet's zone.
IG Zones are already populated on cluster creation here: b358037896/upup/pkg/fi/cloudup/new_cluster.go (L682-L684)
 2021-07-08 23:10:23 -04:00
John Gardiner Myers c35d101a89 Refactor keysets for etcd-manager 2021-07-08 18:46:03 -07:00
Kubernetes Prow Robot 098a4a91ee
Merge pull request #11958 from olivierpilotte/fix-instance-not-under-asg 
check if the instance is under an asg
 2021-07-08 09:14:54 -07:00
Olivier Pilotte 3db2c0d443 check if the instance is under an asg 
add a comment, remove log
 2021-07-08 11:01:13 -04:00
Kubernetes Prow Robot 53c7849d97
Merge pull request #11940 from johngmyers/complete-create 
Implement some completion for "kops create cluster"
 2021-07-08 05:22:53 -07:00
srikiz 27058c3f69 Incorporate review comments 2021-07-07 20:53:38 +05:30
srikiz bdc67e4282 Modify error message when multiple zones are specified 2021-07-07 19:56:41 +05:30
Kubernetes Prow Robot 7f93801afd
Merge pull request #11939 from olemarkus/ccm-issues 
Fix various CCM issues
 2021-07-06 10:12:19 -07:00
John Gardiner Myers 6d16c13f24 Implement some completion for "kops create cluster" 2021-07-06 08:16:44 -07:00
Kubernetes Prow Robot 82c3bfa393
Merge pull request #11938 from olemarkus/cm-ca-cp 
Run cert-manager cainjector on CP nodes as well
 2021-07-06 07:46:18 -07:00
Ole Markus With 2d56558efe Run cert-manager cainjector on CP nodes as well 2021-07-06 16:05:41 +02:00
Ole Markus With af0aefd2e7 Use localhost as API address for CCM 2021-07-06 16:01:20 +02:00
Ole Markus With bedfb409ca Don't always pull the CCM image 2021-07-06 15:50:30 +02:00
Ole Markus With bb367f22ea Add aws- prefix to CCM SA 2021-07-06 15:46:59 +02:00
Kubernetes Prow Robot 33755be3a3
Merge pull request #11936 from srikiz/DO-Remove-Deprecated-PrivateNetworking 
[Digital Ocean] Remove PrivateNetworking option in droplet since it's deprecated
 2021-07-06 03:12:18 -07:00
srikiz ea6e6c9856 Remove PrivateNetworking option in droplet since it's deprecated 2021-07-06 14:04:40 +05:30
Ole Markus With 561161291f Schedule certmanager webhook on control plane 2021-07-06 08:45:12 +02:00
John Gardiner Myers 5834fc2690 hack/update-expected.sh 2021-07-03 17:33:13 -07:00
John Gardiner Myers 921d09523e Rename the "ca" keyset to "kubernetes-ca" 2021-07-03 17:33:13 -07:00
Kubernetes Prow Robot 090b525566
Merge pull request #11907 from hakman/ipv6_dns-controller 
Add support for IPv6 addresses to dns-controller
 2021-07-02 00:30:12 -07:00
Ciprian Hacman 65f18c3946 Add support for IPv6 addresses to dns-controller 2021-07-02 09:34:05 +03:00
John Gardiner Myers 1e0c6cb1aa Refactor apiserver-aggregator-ca 2021-07-01 22:25:47 -07:00
Kubernetes Prow Robot b8aa684bb5
Merge pull request #11901 from rifelpet/tf-project 
Include GCP Project in terraform HCL2 output
 2021-07-01 07:05:55 -07:00
Peter Rifel 13f4305b9c
Include GCP Project in terraform HCL2 output 
This has been included in the JSON output but was missing from HCL2
 2021-07-01 09:23:37 -04:00
Peter Rifel 32c6c0db02
Remove unnecessary parameters from terraform finish methods 2021-07-01 07:55:31 -04:00
Kubernetes Prow Robot 19ffc06d3d
Merge pull request #11853 from johngmyers/override-issuer 
Allow overriding the ServiceAccountIssuer for IRSA
 2021-07-01 04:43:54 -07:00
Kubernetes Prow Robot 39b67210f8
Merge pull request #11897 from johngmyers/refactor-etcd-ca 
Refactor etcd-clients-ca keyset for api-server
 2021-06-30 23:37:55 -07:00
John Gardiner Myers 3de05a500e Refactor etcd-clients-ca keyset for api-server 2021-06-30 18:55:30 -07:00
John Gardiner Myers f9e4f3493a Fix nil-pointer dereference on dryrun 2021-06-29 22:52:48 -07:00
Kubernetes Prow Robot 52afacd05c
Merge pull request #9621 from johngmyers/tf-managed 
Render managed files with Terraform
 2021-06-29 19:27:03 -07:00
Ciprian Hacman b011d5abb5 Set download timeout to 3 minutes 2021-06-29 07:12:47 +03:00
John Gardiner Myers f76c9559bc Create feature flag to disable Terraform managed files 2021-06-28 13:48:35 -07:00
John Gardiner Myers eb076e3713 Render managed files with Terraform 2021-06-28 12:15:15 -07:00
Kubernetes Prow Robot ee048e89e7
Merge pull request #11872 from johngmyers/refactor-serviceaccount 
Refactor nodeup APIServer builder, part one
 2021-06-28 10:42:01 -07:00
Kubernetes Prow Robot bbe9a1a127
Merge pull request #11884 from aojea/download_timeout 
support large/slow downloads
 2021-06-28 06:49:25 -07:00
liranp 289a75b5e7
feat(spot/addon): bump ocean-controller to v1.0.76 2021-06-28 14:29:13 +03:00
Antonio Ojea 19f47d4998 support large/slow downloads 
current download code was using http.client timeout, that will
interrupt reading of the response body, breaking slow downloads
or very large files.

This patch modified the http client to detect idle downloads, and
fail after 30 seconds of innactivity. It still keeps a global
timeout of 5 minutes.
 2021-06-28 12:26:35 +02:00
Kubernetes Prow Robot 917c965c8f
Merge pull request #11873 from hakman/avoid_spurious_changes 
Avoid spurious changes for ASG InstanceProtection and LT InstanceMonitoring
 2021-06-27 19:59:24 -07:00
Kubernetes Prow Robot dd8d2d92d8
Merge pull request #11796 from johngmyers/fullcluster-managedfile 
Write config as ManagedFile
 2021-06-27 10:57:24 -07:00
Kubernetes Prow Robot 61778b1fd9
Merge pull request #11845 from johngmyers/mark-deleted 
Retain deleted keypairs
 2021-06-27 10:11:24 -07:00
John Gardiner Myers e1df9f09dd Refactor service-account public keys 2021-06-27 08:45:06 -07:00
John Gardiner Myers 60ae29c93c Refactor EncryptionConfig 2021-06-27 08:45:05 -07:00
Kubernetes Prow Robot 22c11c10f1
Merge pull request #11848 from johngmyers/cilium-etcd-client 
Refactor etcd-client-cilium secrets
 2021-06-27 04:01:24 -07:00
Kubernetes Prow Robot 81deb2d038
Merge pull request #11871 from johngmyers/configserver-simplify 
Simplify config server protocol
 2021-06-27 00:49:23 -07:00
Ciprian Hacman 348eed772a Avoid spurious changes for ASG InstanceProtection and LT InstanceMonitoring 2021-06-27 10:08:13 +03:00
Ciprian Hacman 7969f57d07 Address review comments 2021-06-26 21:27:00 +03:00
John Gardiner Myers 4a47614e62 Simplify config server protocol 2021-06-26 09:56:47 -07:00
Ciprian Hacman 7bc629b683 Use DualStack API NLB for IPv6 2021-06-26 19:16:46 +03:00
John Gardiner Myers 91fff31697 Control plane nodes need the etcd-clients-ca-cilium keypair 2021-06-26 00:04:52 -07:00
John Gardiner Myers 2faf28379a Refactor etcd-client-cilium secrets 2021-06-25 23:57:23 -07:00
John Gardiner Myers 1752f0f4db Move most of nodeup.Config out of userdata 2021-06-25 22:25:49 -07:00
John Gardiner Myers 49babfdb78 Remove Config.ClusterLocation 2021-06-25 20:05:22 -07:00
John Gardiner Myers c132ae1520 Move fields from AuxConfig to nodeup.Config 2021-06-25 18:41:29 -07:00
John Gardiner Myers 24d1706848 Allow overriding the ServiceAccountIssuer for IRSA 2021-06-25 18:33:07 -07:00
Ciprian Hacman 580129ce00 Run hack/update-expected.sh 2021-06-25 19:25:01 +03:00
Ciprian Hacman 2f3bad686a Remove version from addons 2021-06-25 19:25:01 +03:00
Kubernetes Prow Robot 86afeffe3c
Merge pull request #11863 from johngmyers/keypair-dryrun 
Fix dryrun cluster creation
 2021-06-25 02:46:45 -07:00
Kubernetes Prow Robot 89ad2bc453
Merge pull request #11810 from hakman/ipv6_disable_calico_awssrcdstcheck 
Enable cross-subnet mode with Calico by default
 2021-06-25 01:08:45 -07:00
Kubernetes Prow Robot 830dbab873
Merge pull request #11862 from johngmyers/prune-spotinst 
Remove obsolete Spotinst manifest
 2021-06-24 22:50:45 -07:00
John Gardiner Myers 41776c196a Fix dryrun cluster creation 2021-06-24 22:28:05 -07:00
Kubernetes Prow Robot 21a3e80ce8
Merge pull request #11861 from johngmyers/bootstrap-simplify 
Don't include irrelevant bootstrap addons
 2021-06-24 22:12:45 -07:00
John Gardiner Myers f50a615f8c Remove obsolete Spotinst manifest 2021-06-24 21:21:55 -07:00
Ciprian Hacman a12b3145ee Enable cross-subnet mode with Calico by default 2021-06-25 07:13:20 +03:00
Kubernetes Prow Robot 87238db23e
Merge pull request #11846 from hakman/cni-0.9.1 
Update CNI plugins to v0.9.1
 2021-06-24 20:40:45 -07:00
John Gardiner Myers a8b9aa13eb Don't include irrelevant bootstrap addons 2021-06-24 20:34:17 -07:00
John Gardiner Myers 584aa56b6b Retain deleted keypairs 2021-06-24 19:03:29 -07:00
Kubernetes Prow Robot 698a187a80
Merge pull request #11837 from johngmyers/weaken-signer 
Weaken some interfaces
 2021-06-23 09:46:11 -07:00
Kubernetes Prow Robot 82c050c382
Merge pull request #11816 from MoShitrit/fix-11144-aws-cni-config 
Make aws-cni config more flexible and generalized
 2021-06-23 08:12:11 -07:00
Ciprian Hacman cc850de7a4 Update CNI plugins to v0.9.1 2021-06-23 08:08:01 +03:00
Kubernetes Prow Robot d5119c0338
Merge pull request #11833 from johngmyers/update-on-primary-change 
Mark nodes NeedsUpdate when keys they use change
 2021-06-22 08:11:58 -07:00
Moshe Shitrit 6dee0ad09e Comment-out hardcoded default values and add the overriden ones as template functions for ease of customization 
Update auto-generated files
 2021-06-22 12:26:28 +03:00
Kubernetes Prow Robot d869f2d5ea
Merge pull request #11835 from johngmyers/promote 
Add 'kops promote keypair' command
 2021-06-22 00:31:57 -07:00
Kubernetes Prow Robot 364fe4ca86
Merge pull request #11708 from johngmyers/refactor-assets 
Limit concurrency of asset copy tasks
 2021-06-21 23:13:58 -07:00
John Gardiner Myers 5687b0d5dc Weaken some interfaces 2021-06-21 23:11:47 -07:00
John Gardiner Myers 366210d189 Remove dead code 2021-06-21 21:45:55 -07:00
Ciprian Hacman d8b03da8ae Set priority class for AWS CCM addon 2021-06-22 06:32:53 +03:00
John Gardiner Myers a83bf7b20f Mark nodes NeedsUpdate when keys they use change 2021-06-21 19:37:23 -07:00
John Gardiner Myers c904c743da Remove 'kops import' 2021-06-21 07:34:29 -07:00
John Gardiner Myers 002a1f7fd3 Remove 'kops toolbox convert-imported' 2021-06-21 07:34:29 -07:00
John Gardiner Myers 0ea81d7997 Write config as ManagedFile 2021-06-21 07:32:24 -07:00
John Gardiner Myers 8ab6747188 Remove instance group mirroring code 2021-06-21 07:32:24 -07:00
Kubernetes Prow Robot ab0ee8a2a9
Merge pull request #11823 from johngmyers/get-keypairs-2 
Improve the output of 'kops get keypairs'
 2021-06-21 02:19:10 -07:00
Kubernetes Prow Robot 17c2edc3a1
Merge pull request #11811 from olemarkus/ebs-bump 
Add back createvolume to master + bump ebs driver
 2021-06-21 02:19:03 -07:00
Kubernetes Prow Robot 21488a164d
Merge pull request #11822 from johngmyers/rotate-issue 
Support creating new service-account keypairs
 2021-06-21 01:32:59 -07:00
Kubernetes Prow Robot eb7ba5e943
Merge pull request #9229 from johngmyers/version-fullcluster 
Put versioned API of cluster into state store
 2021-06-21 01:32:52 -07:00
Ole Markus With 14fb35d0d0 Bump EBS Driver to 1.1.0 2021-06-21 08:56:11 +02:00
Ole Markus With b3f274e140 Apply permissions to master role when irsa is not used 2021-06-21 08:56:11 +02:00
Ciprian Hacman f0955ad9d2 Set EnableExternalCloudController to true by default 2021-06-21 06:37:43 +02:00
John Gardiner Myers 1ed3619362 Improve the output of 'kops get keypairs' 2021-06-20 15:51:09 -07:00
John Gardiner Myers 896330be88 Create fi.NewKeyset() 2021-06-20 14:09:46 -07:00
Ciprian Hacman 904f21cd77 Remove previous implementation of pre-pulling container images 2021-06-20 23:01:52 +02:00
Ciprian Hacman 65d21ee463 Pre-pull container images from list of desired prefixes 2021-06-20 23:01:52 +02:00
Kubernetes Prow Robot e4eff07c81
Merge pull request #11809 from johngmyers/rotate-5 
Include multiple cluster CAs in trust stores
 2021-06-20 13:20:51 -07:00
John Gardiner Myers 5cc7a379ce Fix VFSCAStore.ListKeysets() 2021-06-19 16:58:29 -07:00
John Gardiner Myers 0dee785ebf Pass multiple CA certs to kops-controller client 2021-06-19 10:50:53 -07:00
John Gardiner Myers e0d9259be1 Remove dead code 2021-06-19 10:50:52 -07:00
Ole Markus With 507402e315 Fail early if policy size is too large 
This will then also be caught by integration tests
 2021-06-19 10:04:11 +02:00
Kubernetes Prow Robot 41a1c0d953
Merge pull request #11252 from johngmyers/rotate-4 
Allow "kops create keypair" to stage next CA cert
 2021-06-18 23:56:50 -07:00
Kubernetes Prow Robot 5582e27adb
Merge pull request #11805 from MoShitrit/aws-cni-1.8.0 
Upgrade AWS CNI to latest release 1.8.0
 2021-06-18 11:04:06 -07:00
John Gardiner Myers ae6950711f Allow omitting private key for secondary certs 2021-06-18 10:41:40 -07:00
John Gardiner Myers af74e75382 Allow adding secondary keyset items 2021-06-18 10:41:37 -07:00
John Gardiner Myers 9861009759 Extract receiver for keyset item addition 2021-06-18 10:36:35 -07:00
John Gardiner Myers 04df5afb2e Validate Keyset upon storage 
Also treat the map key id as authoratative
 2021-06-18 10:20:42 -07:00
Moshe Shitrit da35c2a6d6 update-expected after aws-cni version bump 2021-06-18 18:48:09 +03:00
Kubernetes Prow Robot 135cdf3461
Merge pull request #11789 from johngmyers/seed-rng 
Seed the random number generator on AWS
 2021-06-18 08:48:06 -07:00
Moshe Shitrit 9e6771118f Update version to 1.8.0 2021-06-18 18:42:03 +03:00
John Gardiner Myers 758b7474d2
Fix function comment 
Co-authored-by: Ciprian Hacman <ciprian@hakman.dev>
 2021-06-18 08:06:16 -07:00
Ole Markus With 33a7de60a7 Enable IRSA for EBS CSI Driver 2021-06-18 08:05:59 +02:00
John Gardiner Myers 42bf3ee85b Seed the random number generator on AWS 2021-06-17 22:59:43 -07:00
Kubernetes Prow Robot 7ec956dd00
Merge pull request #11748 from olemarkus/irsa-cas 
Enable ability to use IRSA for cluster autoscaler
 2021-06-17 21:00:05 -07:00
Kubernetes Prow Robot 559b57ea4c
Merge pull request #11381 from dntosas/addons-add-npd 
[addons] Introduce NodeProblemDetector
 2021-06-17 00:58:19 -07:00
John Gardiner Myers 53695fc183 Put versioned API of cluster into state store 2021-06-16 19:33:46 -07:00
dntosas 20124d3ba9
[addons] Introduce NodeProblemDetector 
Node Problem Detector aims to make various node problems visible to
the upstream layers in the cluster management stack. It is a daemon
that runs on each node, detects node problems and reports them to apiserver
so to avoid scheduling new pods on bad nodes and also easily identify
which are the problems on underlying nodes.

Project Home: https://github.com/kubernetes/node-problem-detector

Signed-off-by: dntosas <ntosas@gmail.com>
 2021-06-16 21:00:22 +03:00
Ole Markus With 6e8e027aff Enable IRSA for Cluster Autoscaler 2021-06-16 18:03:11 +02:00
ederst bb59f762a1 Add config drive option for Openstack instances 
This enables to use config drives instead of the metadata service as a
source for the user data (cloudinit).
 2021-06-16 13:32:50 +02:00
Kubernetes Prow Robot 8d91f868b1
Merge pull request #11780 from olemarkus/bump-cas-addon-version 
Bump the cas addon version.
 2021-06-16 04:13:58 -07:00
Ole Markus With 03ee36832d Bump the cas addon version. 
Between kOps 1.19 and 1.20, the version went from 1.19.1 to 1.19.0, which prevents any further changes from being applied to the cluster. Bumping to 1.19.2 so that channels can apply again
 2021-06-16 12:32:39 +02:00
Kubernetes Prow Robot 84a730c9d6
Merge pull request #11678 from dntosas/safe-cilium 
[cni/cilium] Add support for additional config options
 2021-06-16 02:47:58 -07:00
dntosas 7bf65ff7ef
[cni/cilium] Add support for additional config options 
In this commit, we enable users define their setup with following
additional fields:

- DisableEndpointCRD
- EnableEndpointHealthChecking
- IdentityAllocationMode
- IdentityChangeGracePeriod
- BPFLBAlgorithm
- BPFLBMaglevTableSize
- BPFNATGlobalMax
- BPFNeighGlobalMax
- BPFPolicyMapMax
- EnableBPFMasquerade
- EnableL7Proxy

Added also validation tests to prevent conflicting value combinations to
reach actual cluster state.

Signed-off-by: dntosas <ntosas@gmail.com>
Co-authored-by: hwoarang <markos@chandras.me>
Signed-off-by: dntosas <ntosas@gmail.com>
 2021-06-16 09:35:42 +03:00
Kubernetes Prow Robot caf41e899f
Merge pull request #11772 from johngmyers/smaller-podcidr 
Allocate smaller IPv6 PodCIDRs by default
 2021-06-15 22:29:59 -07:00
Kubernetes Prow Robot 847040de53
Merge pull request #11750 from olemarkus/containerd-per-ig 
Set containerd config on nodeup.Config instead of clusterspec
 2021-06-15 15:13:43 -07:00
Kubernetes Prow Robot b0b1ae1ea7
Merge pull request #11771 from olemarkus/fix-default-sc 
fix enable default SC when EBS driver is not installed
 2021-06-15 14:29:43 -07:00
John Gardiner Myers e9317551f3 Allocate smaller IPv6 PodCIDRs by default 2021-06-15 13:31:49 -07:00
Ole Markus With 0798553565 fix enable default SC when EBS driver is not installed 2021-06-15 22:08:59 +02:00
Eric Bailey f58482c584
Update populate_instancegroup_spec.go 
fix typo: APIServrNodes -> APIServerNodes
 2021-06-15 13:59:35 -05:00
Ole Markus With e7fa3fa82c Set containerd config on nodeup.Config instead of clusterspec 
This allows us to set a default containerd config per IG (e.g add a different config for GPU IGs)

Can also be considered a cleanup as we no longer use containerd.overrideConfig as a mechanism for bringing the default containerd config from cloudup to nodeup.
 2021-06-15 11:08:22 +02:00
Kubernetes Prow Robot 7a017af159
Merge pull request #11725 from johngmyers/is-ipv6 
Simplify Calico IPv6 configuration
 2021-06-15 01:46:00 -07:00
John Gardiner Myers 1356818d83 Make the AdminAccess default inclusive of IPv6 2021-06-14 21:51:17 -07:00
John Gardiner Myers 07ee0c2206 Simplify Calico IPv6 configuration 2021-06-14 08:06:10 -07:00
Kubernetes Prow Robot 0347d79a14
Merge pull request #11754 from johngmyers/ipv6-cilium 
Enable IPv6 support for Cilium
 2021-06-14 07:27:04 -07:00
Kubernetes Prow Robot 392b517fda
Merge pull request #11756 from johngmyers/pod-cidr 
Set default ClusterCIDR through the PodCIDR
 2021-06-14 02:37:04 -07:00
John Gardiner Myers 51d0697dc3 Set default ClusterCIDR through the PodCIDR 2021-06-13 22:46:32 -07:00
John Gardiner Myers 3cf8234d01 Cilium: disable masquerade by default when in ENI IPAM mode 2021-06-13 21:36:56 -07:00
John Gardiner Myers c0b54d980d Enable IPv6 support for Cilium 2021-06-13 20:47:44 -07:00
Kubernetes Prow Robot b29c612b9c
Merge pull request #11629 from hakman/ipv6_experimental_flag 
Add --ipv6 experimental cli flag
 2021-06-13 13:29:02 -07:00
Ciprian Hacman 2a11fa7dde Add --ipv6 experimental cli flag 2021-06-13 21:48:46 +02:00
Kubernetes Prow Robot 6c4dec4f1f
Merge pull request #11741 from ederst/os-fix-security-group-sorting 
Compare OpenStack security groups deterministically
 2021-06-13 04:59:02 -07:00
Kubernetes Prow Robot b71ba1d566
Merge pull request #11219 from johngmyers/refactor-keypair 
Refactor keypair code in preparation for secret rotation
 2021-06-12 14:25:00 -07:00
Kubernetes Prow Robot cfc93e5178
Merge pull request #9294 from johngmyers/refactor-nodeup-context 
Remove InstanceGroup from NodeupModelContext
 2021-06-12 13:43:01 -07:00