kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
21,067 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

2694 Commits

Author SHA1 Message Date
Ciprian Hacman 770e56e010 gce: Limit backend names to 63 chars 2024-02-25 18:20:07 +02:00
Ciprian Hacman 97a0800b88 gce: Limit health check names to 63 chars 2024-02-25 08:40:18 +02:00
justinsb da233efe11 gce: Prune old forwarding rules 
Now that we create an new forwarding rule for kops-controller, we want
to remove the old one after the rolling-update.
 2024-02-24 12:20:20 -05:00
justinsb ba7facff41 gce: Always create an internal load balancer 
When we create a external load balancer on GCE, we now also create an
internal load balancer.  The internal load balancer is used for
node/pod -> control-plane traffic, the external load balancer is used
for other traffic (e.g. "user" traffic to kube-apiserver).

This means that we can apply more granular firewall rules, and
generally avoid complex logic around discovery of the internal control
plane addresses for GCE.
 2024-02-24 12:20:19 -05:00
Ciprian Hacman 5a4778f77c aws: Update EBS CSI driver to v1.28.0 2024-02-20 04:48:34 +02:00
Ciprian Hacman 83c88db90a Update Cilium to v1.15.1 2024-02-18 10:28:26 +02:00
justinsb 2a9343a168 Generate revisions of NLB objects, and introduce cleanup phase 
This lets us safely make changes to otherwise immutable fields, in
particular for adding security groups to NLBs created without them.

We detect the older versions, and create deletion tasks to remove
them.  These tasks can be deferred, and we expect them to be
deferred to a "prune" phase that runs after cluster apply.

Co-authored-by: Ciprian Hacman <ciprian@hakman.dev>
 2024-02-17 11:41:15 -05:00
Peter Rifel 70da572ed8
Use pkg/model/iam for building SQS queue policy 2024-02-14 17:39:45 -06:00
Peter Rifel 3f74f21b7e
Update IAM Policy Principal.Service to stringorset 2024-02-14 17:39:43 -06:00
Kubernetes Prow Robot 9f43b03546
Merge pull request #16351 from rifelpet/iam-policy-refactor 
Refactor IAM Policy Builder
 2024-02-13 09:21:31 -08:00
Peter Rifel 4643c66f6b
./hack/update-expected.sh 2024-02-12 22:42:14 -06:00
Peter Rifel b5264488cb
Rename stringorslice package to stringorset 2024-02-12 22:42:13 -06:00
Peter Rifel f098401c49
Rename StringOrSlice to StringOrSet, sort lists 2024-02-12 21:37:27 -06:00
Peter Rifel 21804bf631
Migrate to non-deprecated Sets implementation 2024-02-12 21:12:27 -06:00
Ciprian Hacman eb1dd59e3c azure: Replace lb.ForAPIServer with lb.WellKnownServices 2024-02-11 11:06:17 +02:00
Ciprian Hacman 4198b19438 azure: Migrate model to new SDK version 2024-02-09 04:38:33 +02:00
justinsb bd8cce06ae refactor: Drop TargetGroups from NetworkLoadBalancer task 
They are not needed, they were only used for dependency ordering (and
we now have that dependency on the split out listener task)
 2024-02-04 18:09:17 -05:00
justinsb c35c754eff Refactor: Split out NLB Listener into its own task 
This allows us to use more of our task machinery, including dependency
analysis.  The intent is that we'll be able to support multiple
LoadBalancers and TargetGroups.
 2024-02-04 15:52:25 -05:00
zadjadr 656b3a6956
Update to cilium 1.15 2024-02-02 19:37:04 +01:00
Kubernetes Prow Robot 1067b6279b
Merge pull request #16294 from justinsb/wait_should_be_an_attribute 
refactor: wait for load balancer readiness using a private field
 2024-02-01 16:08:54 -08:00
Jesse Haka b5d1ee8245 update containerd & runc versions 2024-02-01 15:05:55 +02:00
justinsb 086af6458e refactor: wait for load balancer readiness using a private field 
This approach is more explicit than looking at the names of the target
groups, and using a private field is simpler.
 2024-01-29 09:34:56 -05:00
Kubernetes Prow Robot b84ab1e0eb
Merge pull request #16289 from justinsb/nlb_should_set_scheme 
Tweak: Set Scheme on NLB tasks for public load balancers
 2024-01-28 21:13:35 -08:00
justinsb 0b8d3a52cb Tweak: Set Scheme on NLB tasks for public load balancers 
This avoids a spurious diff.
 2024-01-28 16:19:37 -05:00
justinsb 169c96ba11 refactor: NetworkLoadBalancer Name should match Name tag 
It was actually the terraform name, and didn't match the tag.

This change should have no externally-visible effect.
 2024-01-28 16:19:02 -05:00
Jesse Haka 11e84b78f1 hack/update-expected 2024-01-22 19:02:44 +02:00
Jesse Haka 75659b6280 include kube-apiserver controlplane ports in dns=none 2024-01-22 18:41:30 +02:00
Kubernetes Prow Robot 9645e5c7e9
Merge pull request #16265 from borg-land/network-patch 
gce: fix nlb firewall rules, operations and alias network subnets
 2024-01-20 17:20:59 +01:00
Kubernetes Prow Robot 89b7b14176
Merge pull request #15829 from justinsb/refactor_forapiserver 
Refactor: Replace ForAPIServer with WellKnownServices
 2024-01-20 17:20:53 +01:00
upodroid f3bc523b17 fix nlb firewall rules, operations and alias network subnets 2024-01-20 13:41:16 +00:00
Ciprian Hacman 9f7c59236b Update containerd to v1.7.12 2024-01-18 05:27:41 +02:00
justinsb ae226db932 autogen: update expected test values for WellKnownServices 2024-01-12 16:06:43 -05:00
justinsb 50776a7e92 Refactor ForAPIServer 
We instead return a list of the services we are supporting.

We can in future split out internal and external apiserver services.
 2024-01-12 15:53:41 -05:00
Kubernetes Prow Robot c7ad6e9f22
Merge pull request #16239 from hakman/aws-ebs-csi-zone 
aws: Update EBS CSI driver
 2024-01-09 13:17:39 +01:00
Ciprian Hacman 4ebda3e955 aws: Update EBS CSI driver to v1.26.1 2024-01-09 12:28:32 +02:00
Ciprian Hacman 41d4e54920 Replace `k8s.io/utils/strings/slices` with `golang.org/x/exp/slices` 2024-01-09 08:40:57 +02:00
Ciprian Hacman 37a184601b aws: Update EBS CSI driver to v1.26.0 2024-01-05 19:13:01 +02:00
Kubernetes Prow Robot 120220913d
Merge pull request #16219 from ameukam/servicelinkrole-elasticlb 
Add permission needed for service-linked role creation
 2024-01-05 02:08:56 +01:00
Arnaud Meukam 282ae1335d
hack/update-expected.sh execution results 
Signed-off-by: Arnaud Meukam <ameukam@gmail.com>
 2024-01-04 23:55:55 +01:00
Arnaud Meukam ce340c6059
Add permission needed for service-linked role creation 
Attempting to fix:
  - https://github.com/kubernetes/kops/issues/16218

by adding the permission needed for the AWS CCM to create a service-linked role for the elastic lb service.

Signed-off-by: Arnaud Meukam <ameukam@gmail.com>
 2024-01-04 23:19:14 +01:00
Kubernetes Prow Robot a8305d2a17
Merge pull request #16214 from hakman/cilium-1.14.5 
Update to Cilium 1.14.5
 2024-01-04 09:06:02 +01:00
Ciprian Hacman 5277835620 Update to Cilium 1.14.5 2024-01-04 06:49:21 +02:00
Peter Rifel 349de70cda
Add comment to remove unused IAM permissions in the future 2024-01-03 21:19:05 -06:00
Justin Santa Barbara 0300a3b858
Release 1.29.0-alpha.3 (#16183) 2023-12-21 14:24:27 +01:00
Peter Rifel 6e337da7f0
Always set the paginated instance group field 2023-12-20 20:05:48 -06:00
Ciprian Hacman e95dab5408 aws: Add KMS to EBS CSI Driver 2023-12-13 03:13:04 +02:00
Ciprian Hacman 24a8bc39d5 aws: Always add KMS permissions to control plane 2023-12-13 02:56:23 +02:00
Peter Rifel 5ce66a9d28
Upgrade Karpenter to v0.31.3 2023-12-07 19:12:06 -06:00
Kubernetes Prow Robot a4bd641630
Merge pull request #16050 from sl1pm4t/gcp-sa-issuer 
gce: Add support for publishing Service Account Issuer documents to GCS
 2023-12-03 01:41:43 +01:00
Kubernetes Prow Robot 7c17b16a96
Merge pull request #16099 from spotinst/feat/add_multi_arch_base127_rebase 
Spotinst: Feature/add multi arch in VNG and resource tag specification
 2023-11-23 15:59:58 +01:00