e6bf6b9f32
Field names are case-sensitive again
...
There was a regression in apimachinery which meant that kubernetes
tolerated field names with incorrect case. Upstream bug is
https://github.com/kubernetes/kubernetes/issues/64612
Syncing up with latest kubernetes will mean we get the same breaking
change as kubernetes has/had. It should only affect people that are
manually building YAML / JSON.
Added as a significant item to release notes.
2018-09-23 19:23:28 -04:00
666e290983
Merge pull request #5547 from justinsb/etcd_manager_tests
...
Add test for etcd-manager output
2018-09-22 08:29:30 -07:00
237043dded
Update expected test output for script changes
2018-09-21 14:51:45 -04:00
8a483c124e
Avoid using which, CoreOS doesn't always have it
...
We just try executing `curl --version` instead, and fall back to wget.
We can't use `wget --version` because busybox wget doesn't support
`--version`.
2018-09-21 13:54:13 -04:00
7cf432fcba
Add test for etcd-manager output
...
We need to get this under test coverage so we can start changing it confidently!
2018-09-14 08:46:32 -04:00
8132073ad9
Add elasticloadbalancing:DeregisterTargets permission to master policy
...
Without this permission, controller-manager gets the following error:
failed to ensure load balancer for service XXX: Error trying to
deregister targets in target group:
"AccessDenied: User: arn:aws:sts::XXX:assumed-role/masters...
is not authorized to perform: elasticloadbalancing:DeregisterTargets
on resource: arn:aws:elasticloadbalancing:XXX
2018-09-05 14:01:01 -04:00
b1c446f8f3
Merge pull request #5503 from mikesplain/fix_suspendprocess
...
Fix suspendprocess
2018-09-03 16:28:31 -07:00
6dc9f01a41
add kube-proxy hostname override
2018-08-16 23:26:37 -04:00
b208bd44b3
Create ExperimentalClusterDNS feature flag
...
This currently just turns off validation of the kubelet cluster dns
flag, which should allow for experimenting with more complicated DNS
configurations such as local proxies, which may address shortcomings
of DNS retries with UDP.
Issue #5584
2018-08-14 14:59:20 -04:00
1c3949bdfe
Don't assume that we only have one subnet per AZ
...
I made a mistaken assumption in
dde2100a19#5587 this was not the case.
What I was trying to achieve was not to include the cluster name, so
for the case of subnets this commit just uses the subnet name from the
cluster spec, which should be unique and stable. That is hopefully at
least as meaningful.
Thankfully we hadn't released a version with the erroneous naming.
Fix #5587
2018-08-13 13:15:03 -04:00
03e18d37af
Add AWS IAM permission to check for volume resize
2018-08-10 16:47:20 +01:00
1540f906d2
Don't set kube-proxy cluster-cidr with aws-vpc-cni
...
Signed-off-by: Spike Curtis <spike@tigera.io>
2018-08-03 15:48:14 -07:00
a7b22b4876
Remove GetAsgForInstance IAM permission
...
It isn't a valid IAM permission - it was introduced in error, but IAM
is kind enough to ignore it.
Fixes #5549
2018-08-02 11:27:29 -04:00
8f15a58e8c
Validate IAM additionalPolicies
...
We now validate them with the cluster, so we should give early and
clear feedback if the IAM policy is not valid.
2018-07-27 15:22:24 -04:00
d7486e490f
Merge pull request #5533 from justinsb/hotfix_5522
...
Check errors when parsing JSON on IAM policies
2018-07-27 12:20:56 -07:00
f3fb513852
Remove unnecessary reflect.ValueOf
...
We can replace with a simpler string cast
2018-07-27 00:58:14 -04:00
3ddf598448
Check errors when parsing JSON on IAM policies
...
We weren't checking the error code, and this led to #5522
2018-07-27 00:54:57 -04:00
a93ca798ec
Fix tests
2018-07-23 20:55:44 -04:00
547bf470a0
Not required
2018-07-23 20:44:37 -04:00
84d63cbe60
Fix suspend proccesst to also resume
...
Also fixed internal consistency error by switching from
[]*string to *[]string.
2018-07-23 20:44:37 -04:00
4b07a07ad5
Merge branch 'master' into issue-4252-dns
2018-07-23 14:00:09 +01:00
8ccf42f4a2
GH-4252 Better name for the config value and also add to v1alpha1 API
2018-07-23 13:48:35 +01:00
2dbb6e84f6
Merge pull request #5077 from yancl/master
...
change gossip dns conn limit by ENV
2018-07-19 21:40:52 -07:00
630ea429ae
Merge pull request #4677 from usabilla/external-load-balancers
...
Add the ability to specify external loadbalancers for instancegroups
2018-07-19 21:54:00 -04:00
a9de76ad6e
Merge pull request #5462 from justinsb/dont_repeatedly_download_nodeup
...
Don't repeatedly download nodeup
2018-07-19 11:55:25 -07:00
266b764d7b
Merge pull request #5466 from justinsb/more_test_autofix
...
More autofix of expected test output
2018-07-19 10:00:54 -07:00
af867403f9
More autofix of expected test output
...
Rename to HACK_UPDATE_EXPECTED_IN_PLACE as it isn't just terraform any more.
2018-07-19 12:11:38 -04:00
c5c2bd1acb
Don't repeatedly download nodeup
...
Only delete if the file doesn't match the hash.
Should help with retry issues / bandwidth
2018-07-19 12:09:13 -04:00
54cbe492cb
Merge pull request #5414 from Raffo/master
...
[WIP] Initial implementation of ACM certificate for API server ELB
2018-07-19 08:34:54 -07:00
56ccfac26d
Merge pull request #5317 from gambol99/node_registration
...
Node Authorization Service
2018-07-19 05:17:41 -07:00
70e3653291
Merge pull request #5417 from mikesplain/fix_docker_config
...
Fixes issue when setting docker version
2018-07-15 17:17:55 -07:00
414b3a780b
Rename hept.io authenticator to aws authenticator
2018-07-08 10:10:19 -07:00
92115b2341
- dropping the specific flags and using a genenic --feature gate model for the authorizers, meaning i don't need to come back to the API whenever we want to make changes
2018-07-06 20:15:18 +01:00
ce55c257eb
- making the node-authorizer image default v0.0.1 (with sha) or use an environment variable override
2018-07-06 20:14:35 +01:00
fd6cef8180
Requested Changes
...
- switching to using code rather than a template for the systemd unit creation as requested in review
- as part of the review, changing the name of the ca from tls-ca to tls-client-ca
- changing the api from DisableAddressCheck to EnableAddressCheck and defaulting to true if no set
- fixing up the test for node-authorizer and shifting the parsing of the certificates as suggested in reviews to a method
2018-07-06 20:14:35 +01:00
79cff25eb4
- fixing up on the comments raised by on the review
2018-07-06 20:14:35 +01:00
338a6d721c
Changes
...
- including the config only when there is something to include i.e. no nulls please
- fixing up the pod security policies for system:nodes groups, needs a mapping to permit manifests
2018-07-06 20:14:35 +01:00
304d0ce8a9
- consuming the node authorization api spec in nodeup binary
...
- adding the options builder to fill in the model
- adding the spec into the bootstrap config
2018-07-06 20:14:35 +01:00
48c9f3d7c9
Fixes issue when setting docker version
...
Previously when setting docker version, logdriver was automatically
added to cluster config. Switching it to a pointer fixes this issue.
Fixes #5384
2018-07-06 11:29:11 -04:00
2f0fdbc6d7
Add IAM ec2:ModifyVolume permission to allow EBS volume resize
2018-07-06 15:49:34 +01:00
d477e96c38
Added initial implementation of ACM cert for Kubernetes API ELB
2018-07-06 09:29:54 +02:00
e307021a6c
remove log
2018-07-03 10:26:13 +01:00
ae327e1e8c
wrestling with the api stuff
2018-07-02 15:16:37 +01:00
cc589ae538
Reworked to use loadbalancer only if config is specified
2018-07-02 12:02:50 +01:00
b605a27cb5
Added external load balancer support for terraform
2018-06-29 11:39:21 +02:00
b3346c28cd
Added the ability to specify external loadbalancers in instancegroups
2018-06-29 11:39:20 +02:00
59b28164f7
add ALI volume model and apply_cluster codes
2018-06-22 20:28:33 +08:00
f6f49693ea
Merge pull request #5364 from AliyunContainerService/scalingModel
...
add ScalingGroup model for AliCloud
2018-06-21 19:00:58 -07:00
cdd8bb6101
add ScalingGroup model
2018-06-22 00:32:20 +08:00
f346efd290
Merge pull request #5240 from nebril/etcd-tls
...
Add etcd TLS support for Cilium
2018-06-21 09:23:37 -07:00
Justin Santa Barbara
Justin Santa Barbara
Kelly Campbell
k8s-ci-robot
andrewsykim
Kashif Saadat
Spike Curtis
Mike Splain
Rob Graham
Rodrigo Menezes
Rohith
Raffaele Di Fazio
Gijs Kunze
LilyFaFa