Automatic merge from submit-queue.
add openstack cloud provider
Add an Openstack cloud provider. It does not implement all the interfaces of fi.Cloud, hence, can not create a cluster, but it can pass the work flow of creating cluster for the command like "kops create cluster --cloud openstack --zones nova -v 15 --target direct --yes myoscluster4.k8s.local"
Which issue this PR fixes: #3819
Automatic merge from submit-queue.
Add a default NodeLabel with the InstanceGroup name
As requested in https://github.com/kubernetes/kops/issues/2999, this change just auto-populates new InstanceGroup specs with a default node label containing the name of the instance group. It would be really useful for those of us managing environments with multiple instance groups.
It allows an admin to easily view the instance groups using kubectl:
```
kubectl get nodes --label-columns kops.k8s.io/instancegroup
NAME STATUS AGE VERSION INSTANCEGROUP
ip-172-20-108-120.eu-west-1.compute.internal Ready,node 3m v1.7.4 xtra-large
ip-172-20-117-133.eu-west-1.compute.internal Ready,master 14m v1.7.4 master-eu-west-1c
ip-172-20-32-139.eu-west-1.compute.internal Ready,master 14m v1.7.4 master-eu-west-1a
ip-172-20-32-92.eu-west-1.compute.internal Ready,node 12m v1.7.4 nodes
ip-172-20-67-184.eu-west-1.compute.internal Ready,master 13m v1.7.4 master-eu-west-1b
```
Automatic merge from submit-queue.
Add Node IAM permissions to access kube-router key in S3.
Fixes#3792
An additional S3 IAM permission is added to the nodes policy when `Networking.Kuberouter` is specified.
Automatic merge from submit-queue.
Add node-to-master IPIP to kuberouter
Like Calico and Romana, Kube Router needs IPIP traffic from nodes to masters to be allowed. This adds that firewall rule for all clusters set up with Kube Router.
See:
https://github.com/cloudnativelabs/kube-router/issues/208
Automatic merge from submit-queue.
Template Fixes
- fixing an issue in the way it handled inline yaml documents
- cleaning it up somewhat, the prior version was a little cryptic to read; it's easier to just split into docs, format if required and rejoin at the end.
Apologizes @justinsb ... the prior PR didn't handle YAML separators correctly; I've find it somewhat simpler by a split and join rather than using indexes and such
- fixing an issue in the way it handled inline yaml documents
- cleaning it up somewhat, the prior version was a little cryptic to read; it's easier to just split into docs, format and rejoin at the end
Automatic merge from submit-queue.
Update IAM roles documentation based on recent changes.
The [IAM Roles documentation](https://github.com/kubernetes/kops/blob/master/docs/iam_roles.md) has been updated to reflect recent hardening on the policies generated for Master & Compute nodes.
Fixes#3557.
The challenge here is that we normally only get the instance url. So we
have to do another call to GCE, but we also don't want to do one call
per instance.
Instead, we create a dump operation context object which we pass into the dump.
chrislovecnm