kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
21,067 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

2010 Commits

Author SHA1 Message Date
Kubernetes Prow Robot fc30975eba
Merge pull request #15791 from hakman/number_of_subnets 
Create clusters with bigger default subnets
 2023-08-20 21:57:22 -07:00
Kubernetes Prow Robot e1dc807a0c
Merge pull request #15798 from hakman/endpoint-updates-batch-period 
kcm: Add support for `--endpoint/slice-updates-batch-period`
 2023-08-18 05:40:29 -07:00
Ciprian Hacman 30ddb9efa4 kcm: Add support for --endpoint/slice-updates-batch-period 2023-08-18 14:52:41 +03:00
Jack Andersen af6269f82a
Add a new field for using a custom registry for Cilium 
Signed-off-by: Jack Andersen <jandersen@plaid.com>
 2023-08-17 10:54:00 -04:00
Ciprian Hacman 460a327fc5 aws: Ignore overlapping pod and network CIDRs with AWS VPC CNI 2023-08-17 07:56:03 +03:00
John Gardiner Myers 0d9c130b07 Remove use of ClusterSpec in nodeup 2023-08-09 18:12:37 -07:00
Kubernetes Prow Robot dc2db03de2
Merge pull request #15715 from johngmyers/nodeup-cloudconfig 
Remove references to cloudconfig-related fields from ClusterSpec in nodeup
 2023-08-08 22:03:50 -07:00
zadjadr d2358df1d7 feature: Add cluster-id for Cilium 
hack/update-expected.sh
 2023-08-06 18:08:39 +02:00
Ole Markus With a0d67fc475 Bump cilium to 1.13.5 
Bump to Cilium 1.14.0

hack/update-expected.sh
 2023-08-03 21:03:56 +02:00
John Gardiner Myers ed9883651c Remove references to Openstack ClusterSpec fields from nodeup 2023-07-29 04:42:07 -07:00
John Gardiner Myers 63aa25aa8c Remove references to Azure ClusterSpec fields from nodeup 2023-07-29 04:42:01 -07:00
John Gardiner Myers e317648d57 Remove references to control-plane-specific ClusterSpec fields from nodeup 2023-07-28 08:20:43 -07:00
John Gardiner Myers 683761a816 Remove references to Gossip-specific ClusterSpec fields from nodeup 2023-07-28 08:20:43 -07:00
John Gardiner Myers 3756bdad5b v1alpha3: Move secretStore and keyStore uder configStore 2023-07-22 16:04:24 -07:00
John Gardiner Myers 57b0d8e9cd v1alpha3: Move configBase to configStore.base 2023-07-22 15:57:35 -07:00
John Gardiner Myers 4a7abcef51 v1alpha3: remove unused ConfigStore 2023-07-20 19:10:21 -07:00
John Gardiner Myers 6836673cca Stop using redundant configStore setting 2023-07-20 19:10:21 -07:00
John Gardiner Myers be9325aac2 Skip ssh-to-all-nodes test in private topology 2023-07-20 17:26:50 -07:00
John Gardiner Myers d57df6d064 v1alpha3: Remove no-longer-used topology fields 2023-07-19 08:54:47 -07:00
John Gardiner Myers 9b64707159 Ignore no-longer-used topology fields in ClusterSpec 2023-07-19 08:48:38 -07:00
Kubernetes Prow Robot d5c2458518
Merge pull request #15623 from johngmyers/service-ip-range 
Improve validation of PodCIDR and ServiceClusterIPRange
 2023-07-19 00:58:06 -07:00
John Gardiner Myers 2420991954 Determine default API access method by IG subnet type 2023-07-18 22:21:05 -07:00
Kubernetes Prow Robot 9781e0a0ba
Merge pull request #15659 from hakman/azure_validate_tags 
azure: Verify node identity using VMSS name instead of tags
 2023-07-18 06:03:10 -07:00
John Gardiner Myers 76ed6b9e27 Get VFSContext from caller in ValidateCluster() 2023-07-17 22:20:57 -07:00
John Gardiner Myers 7489469414 Get VFSContext from caller in ConfigBase() 2023-07-17 21:56:01 -07:00
John Gardiner Myers 245cd64a3a Get VFSContext from caller in LoadChannel() 2023-07-17 21:45:43 -07:00
Ciprian Hacman c4ec894578 azure: Perform challenge callbacks into a node 2023-07-18 06:04:51 +03:00
Anthony Hausman 4a01fc30c4
feat(karpenter): Variabilize Image, logFormat and logLevel 2023-07-17 13:13:37 +02:00
John Gardiner Myers bbff6298e7 Remove support for bootstrap tokens 2023-07-16 12:12:00 -07:00
Kubernetes Prow Robot bb4dbdce90
Merge pull request #15646 from johngmyers/prune-dead 
Remove dead code for non-kops-controller bootstrap
 2023-07-16 11:37:06 -07:00
Kubernetes Prow Robot 61fb95d8c4
Merge pull request #15645 from johngmyers/nodeup-clusterdomain 
Remove references to more ClusterSpec fields from nodeup
 2023-07-16 08:35:08 -07:00
John Gardiner Myers 977aacc356 Remove dead code for non-kops-controller bootstrap 2023-07-16 07:40:25 -07:00
Kubernetes Prow Robot 2a0cc8a7dc
Merge pull request #15627 from hakman/azure_dns_none 
azure: Add support for dns=none
 2023-07-16 04:27:05 -07:00
John Gardiner Myers 9368470fc4 Remove references to ClusterSpec.EtcdClusters from nodeup 2023-07-15 21:34:31 -07:00
John Gardiner Myers 75db4d76a9 Remove references to api-server-specific ClusterSpec fields from nodeup 2023-07-15 21:27:02 -07:00
John Gardiner Myers 62f7faa4da Remove references to ClusterSpec.API from nodeup 2023-07-15 14:55:38 -07:00
Kubernetes Prow Robot 343d8cd6d5
Merge pull request #15632 from hakman/swap_memory 
Add support for using swap memory
 2023-07-15 10:47:05 -07:00
John Gardiner Myers b0aaf3b3ab Deprecate Canal, Flannel, and Kube-router 2023-07-14 21:57:33 -07:00
Ciprian Hacman 80afaaead2 Add support for using swap memory 2023-07-14 07:50:48 +03:00
Ciprian Hacman 83d14d4343 azure: Add support for dns=none 2023-07-13 09:04:06 +03:00
John Gardiner Myers 36373b11ba Improve validation of PodCIDR and ServiceClusterIPRange 2023-07-11 21:16:03 -07:00
John Gardiner Myers a56e8eb049 Refactor UsesExternalECRCredentialsProvider() 2023-07-11 09:46:01 -07:00
John Gardiner Myers aef6fbdd29 Refactor UseKopsControllerForNodeBootstrap() 2023-07-11 09:45:45 -07:00
Kubernetes Prow Robot 65fe676967
Merge pull request #15613 from johngmyers/nodeup-sysctls 
Remove references to ClusterSpec from nodeup sysctls.go
 2023-07-10 01:23:05 -07:00
Kubernetes Prow Robot b915c6047c
Merge pull request #15612 from johngmyers/gcp-network 
v1alpha3: Rename GCE networking to GCP
 2023-07-09 21:13:05 -07:00
John Gardiner Myers f5fc710d6c Remove references to ClusterSpec from nodeup sysctls.go 2023-07-09 21:11:54 -07:00
John Gardiner Myers d926989600 v1alpha3: Rename GCE networking to GCP 2023-07-09 16:48:26 -07:00
John Gardiner Myers f4f8fc5bda Move GCE networkCIDR prohibition to validateNetworking() 2023-07-09 15:49:51 -07:00
Kubernetes Prow Robot 6f1e3e6dc4
Merge pull request #14921 from johngmyers/nonmasq-overlap 
Validate additionalNetworkCIDRs only set on AWS
 2023-07-05 23:19:04 -07:00
Tone c2ed4b6f64
Upgrade Karpenter to v0.27.5 (#15144) 
* feat(karpenter): Upgrade to version 0.27.0

Upgrade Karpenter to current last stable version `0.27.0`.
Template have been updated to use the same templates than the Helm chart.

* feat(karpenter): Use AWSNodeTemplate for launchTemplate

To set Launch Templates is deprecated into the provisioner, it is recommends using the `AWSNodeTemplate` to set it.
Ref:
 - https://karpenter.sh/v0.27.0/concepts/node-templates/

* feat(karpenter): Enable pruning addon

* Use extra flags in upgrade-ab scenario test

* feat(karpenter): Drop `karpenter` feature flag

* feat(karpenter): Add release note for `1.27`

* feat(karpenter): Upgrade to version 0.27.3

* feat(karpenter):  fix template

* feat(karpenter): Upgrade to version 0.27.5

* Update Karpenter documentation with depending kops version

* Delete KOPS_FEATURE_FLAGS from e2e test `run-test`

* Run hack/update-expected.sh
 2023-06-29 22:57:45 -07:00
Ciprian Hacman e8980bc21a Add option for specifying the list of etcd metrics urls 2023-06-27 19:50:05 +03:00
John Gardiner Myers f16c807f09 Validate additionalNetworkCIDRs only set on AWS 2023-06-25 00:25:17 -07:00
John Gardiner Myers 0dfac69d83 Remove support for Weave networking 2023-06-22 23:03:24 -07:00
Ciprian Hacman 59b7653cc3 Update min versions for kOps v1.28 2023-06-20 08:11:21 +03:00
Kubernetes Prow Robot b4c5a75829
Merge pull request #15487 from jsafrane/add-selinux 
Add optional SELinux support to RHEL clusters
 2023-06-19 08:54:22 -07:00
Jan Safranek 134727a2e7 Generate API 2023-06-19 15:20:08 +02:00
Jan Safranek 0d03095fda Add SELinux support to containerd 
Add cluster.Spec.Containerd.SELinuxEnabled field that enables SELinux in
containerd.

With SELinux enabled, all pods that use HostPath volumes must run with
SELinux label `spc_t`, otherwise SELinux denies the pods to touch the host
filesystem.
 2023-06-19 15:20:08 +02:00
Leïla MARABESE 39ed84601f keep support for gossip clusters 2023-06-14 15:15:22 +02:00
Leïla MARABESE dab001c3e9 scaleway authenticator and verifier 2023-06-14 15:15:17 +02:00
Kubernetes Prow Robot 38b99df517
Merge pull request #15493 from justinsb/hetzner_kops_controller 
Use kops-controller on hetzner, even with gossip
 2023-06-11 08:57:47 -07:00
Kubernetes Prow Robot 1f750303d6
Merge pull request #15475 from hakman/default_ubuntu_jammy 
Use Ubuntu 22.04 (Jammy) as the default distro for K8s 1.27+
 2023-06-11 05:21:46 -07:00
justinsb abd274b3f9 Use kops-controller on hetzner, even with gossip 
This is a more secure configuration.
 2023-06-11 07:15:31 -04:00
Jesse Haka d7d7a55c41 add additional config for node local dns 2023-06-10 10:22:32 +03:00
Ciprian Hacman 5901a8ae30 Use Ubuntu 22.04 (Jammy) as the default distro for K8s 1.27+ 2023-06-07 14:52:25 +03:00
Kubernetes Prow Robot fe3e5cd6e1
Merge pull request #15436 from hakman/etcd-3.5.9 
Update etcd to v3.5.9
 2023-05-31 10:25:48 -07:00
John Gardiner Myers 1e7576c9c5 Upgrade external-dns to v0.13.5 2023-05-30 17:47:59 -07:00
Ciprian Hacman 2f07263d3d Update etcd to v3.5.9 2023-05-26 07:33:12 +03:00
Kubernetes Prow Robot f7d97dba3c
Merge pull request #15422 from scaleway/scw_none_dns 
scaleway: none DNS option available
 2023-05-24 05:14:51 -07:00
justinsb ca67b1ca1e Refactor: rename IsGossip -> UsesLegacyGossip 
We want to be able to use "dns=none" (without peer-to-peer gossip)
even for clusters that have the k8s.local extension.  These were
previously called "gossip clusters", but really that is an
implementation; what actually matters to users is that they don't rely
on writing records into a DNS zone (such as Route53).
 2023-05-22 21:50:16 -04:00
Leïla MARABESE fddab4d8e9 scaleway: none DNS option available 2023-05-16 18:20:34 +02:00
Aurelio Forese efd50d000a OpenStack Octavia LoadBalancer supports for FlavorID 
When using Octavia as OpenStack Load Balancer, it is now possible to
specify the Octavia flavor ID to use.
 2023-05-13 10:17:44 +02:00
Moshe Vayner 881bd4e55f make apimachinery && make crds 2023-05-09 21:56:42 -04:00
Moshe Vayner 99ff00df61 Support Cilium operator pod annotations 2023-05-09 21:50:36 -04:00
justinsb 1faee9dd8c digitalocean: bootstrap nodes through kops-controller. 
We start with a simple node verifier.
 2023-05-07 13:17:56 -04:00
justinsb 8657e25f21 digitalocean: Allow dns=none 
This works similar to other clouds, going through the (public) load balancer.
 2023-05-07 12:38:06 -04:00
justinsb c89f434f1b Only use node challenge on hetzner 
DigitalOcean (and others) will follow shortly.

Also create a method for CloudProvider, so that we are more ambivalent
towards bootstrapping methods.
 2023-05-06 08:57:21 -04:00
Justin SB c67f895226 Perform challenge callbacks into a node 
In order to verify that the caller is running on the specified node,
we source the expected IP address from the cloud, and require that the
node set up a simple challenge/response server to answer requests.

Because the challenge server runs on a port outside of the nodePort
range, this also makes it harder for pods to impersonate their host
nodes - though we do combine this with TPM and similar functionality
where it is available.
 2023-05-06 08:03:21 -04:00
Ole Markus With 5d82e52c48 Use external ECR credential provider as of Kubernetes 1.27 2023-04-29 10:21:57 +02:00
Jesse Haka 80f8e12fa5 run make apimachinery 2023-04-20 15:10:23 +03:00
Jesse Haka c09b401b38 add csi cinder metrics 2023-04-20 14:40:44 +03:00
Steven E. Harris 9595c833ee
Allow Cluster Autoscaler to ignore daemon pods 
By default the cluster autoscaler takes DaemonSet-managed pods'
resource requests into consideration when computing a node's resource
utilization. Allow toggling its "--ignore-daemonsets-utilization"
command-line flag via a new field in the Cluster
spec—"clusterAutoscaler.ignoreDaemonSetsUtilization." Setting that
field to true causes the autoscaler to ignore such daemon pods'
requests, such that it will more likely judge a node running only
daemon pods as being underutilized and shut down its hosting machine.
 2023-04-05 10:03:24 -04:00
ederst a0c8bb600a Run make apimachinery and crds 2023-03-24 11:34:34 +01:00
ederst 1e9fc8e6d5 OpenStack: Add OCCM address sort order config 
This will add the OCCM config to specify an address sort order:
* https://github.com/kubernetes/cloud-provider-openstack/pull/1946
 2023-03-24 11:34:22 +01:00
Kubernetes Prow Robot 4b61ae77c1
Merge pull request #15183 from anthonyhaussman/feat/kops/nodeLocalDNS_ExternalCoreFile 
feat(NodeLocalDNS): Add possibility to set an ExternalCoreFile
 2023-02-28 23:17:17 -08:00
Anthony Hausman cc47bd278c
feat(nodelocaldns): Add possibility to set an ExternalCoreFile 
Allow users to provide entirely custom CoreFile for NodeLocalDNS to provide improved flexibility.
 2023-02-28 08:19:20 +01:00
Jesse Haka 3f9a1b6462 set node status update freq to 60min in OpenStack 2023-02-27 20:38:30 +02:00
Justin SB 94c35804c9 validation cleanup: simplify signature of validateCIDR 
We split out the "add to a slice" logic, as this is then easier to
reason about.

Should be a no-op in terms of valid inputs, might avoid some crashes
with invalid inputs.
 2023-02-24 11:09:49 -05:00
Kubernetes Prow Robot e8f704a855
Merge pull request #15036 from johngmyers/addlcidr-subnet 
Improve support for AdditionalNetworkCIDRs
 2023-02-24 06:33:34 -08:00
Kubernetes Prow Robot ca3b53c00a
Merge pull request #15095 from infonova/use-clustername-in-cinder-csi-plugin 
Pass actual cluster name to cinder-csi-plugin
 2023-02-13 09:33:29 -08:00
ederst b4557d4729 Run make apimachinery and crds 2023-02-13 17:34:31 +01:00
ederst cd50ee00ac Pass actual cluster name to cinder-csi-plugin 
This passes the acutal cluster name to the cinder-csi-plugin, so that
the plugin will add the name as metadata to the backing volume in
OpenStack.

Effectively, the change will help to better identify which volume in
OpenStack belongs to which cluster, which is especially helpful when
running multiple clusters in one OpenStack tenant/project.

Setting the cluster name in both - the controller and the nodeserver -
will ensure that dynamic and ephemeral volumes will receive the correct
metadata.
 2023-02-13 17:31:32 +01:00
Justin SB 0b699832ec Use cloud-discovery on GCE in gossip mode 
It's a little simpler and should speed up our boot.
 2023-02-11 11:03:12 -05:00
ederst f4fdf7df79 Allow setting 'ignore-volume-microversion' for OCCP 
This will allow setting the option `ignore-volume-microversion` for the
cinder-csi-plugin.

Setting this is necessary for older OpenStack APIs so that OCCP can
create PVs.

Note: This will work with cinder-csi-plugin >= 1.25.

For reference:
* https://github.com/kubernetes/cloud-provider-openstack/pull/1986/
 2023-01-31 11:48:25 +01:00
Anthony Hausman 484bde5b9b
cilium: Add unreachable route for pod IP on deletion option 
When a pod is deleted, the route to its IP is replaced with an unreachable route.
When a pod is created, the route is replaced with a route to the pod veth (so if an unreachable existed, it's replaced).

Ref:
 - https://github.com/cilium/cilium/pull/18505
 2023-01-24 14:08:24 +01:00
Ciprian Hacman b1ef66f136 etcd-manager: Add option to set backup retention 2023-01-23 09:43:09 +02:00
John Gardiner Myers 7d3c20d036 Validate additionalRoutes against additionalNetworkCIDRs 2023-01-21 18:42:58 -08:00
Kubernetes Prow Robot 987eefb48a
Merge pull request #14997 from johngmyers/validate-addlcidrs 
Validate nonMasqueradeCIDR doesn't overlap additionalNetworkCIDRs
 2023-01-21 12:10:02 -08:00
Kubernetes Prow Robot e88fbf5d7d
Merge pull request #15016 from johngmyers/nodeup-network2 
Move more networking settings into nodeup.Config
 2023-01-18 02:04:35 -08:00
Jesse Haka 39ab519269 support multiple ConfigServers 2023-01-16 10:51:50 +02:00
John Gardiner Myers 0c323445fb Move UsesKubenet to nodeup.Config 2023-01-15 23:12:00 -08:00