kubernetes/kops - kops - Gitea: Git with a cup of tea

Commit Graph

Author	SHA1	Message	Date
John Gardiner Myers	d39ba74bd7	Change the control-plane IG role to "ControlPlane" in v1alpha3 API	2022-11-22 17:05:29 -08:00
John Gardiner Myers	70f7d9bdb2	Use function to get cloud provider from cluster spec	2022-03-02 21:59:47 -08:00
Ciprian Hacman	ea7df00719	Run hack/update-gofmt.sh	2021-12-01 22:39:50 +02:00
John Gardiner Myers	24d1706848	Allow overriding the ServiceAccountIssuer for IRSA	2021-06-25 18:33:07 -07:00
Ole Markus With	33a7de60a7	Enable IRSA for EBS CSI Driver	2021-06-18 08:05:59 +02:00
Ole Markus With	7b850555eb	Don't add volume multiple times to a pod	2021-06-18 07:31:33 +02:00
John Gardiner Myers	fc9ec13bb7	Set BindAddress appropriately when in IPv6-only mode	2021-06-13 09:41:19 -07:00
AkiraFukushima	d52ec60c02	Fix issuer and jwks object path for IRSA	2021-06-01 23:35:21 +09:00
Peter Rifel	9165309032	Use kubernetes.default for OIDC discovery in gossip clusters It doesn't make sense to use a gossip hostname as the discovery url because it wont be resolveable. For gossip clusters that dont provide a public VFS store, we can at least use kubernetes.default for internal oidc usage.	2021-05-12 14:18:53 -05:00
Ole Markus With	6f8b3647cf	Add support for IRSA in he api Apply suggestions from code review Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>	2021-05-01 16:03:42 +02:00
Ole Markus With	5ca7c9b5d7	Use VFS as service account issuer if configured Also add an integration test that uses VFS	2021-04-30 21:02:30 +02:00
Ole Markus With	25b5f0cfb2	Move publicDataStore to serviceAccountIssuerDiscovery.discoveryStore	2021-04-30 19:19:06 +02:00
Ole Markus With	1ec0bd18e8	Enable support for the ASG WarmPool lifecycle hook Update pkg/model/iam/iam_builder.go Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>	2021-04-24 09:40:52 +02:00
Justin SB	c75e084158	Re-add integration tests for jwks We removed them from #10756, but they can be re-added.	2021-03-20 22:55:11 -04:00
Ole Markus With	20bd724f5e	Add support for scaling out the control plane with dedicated apiserver nodes Ensure apiserver role can only be used on AWS (because of firewalling) Apply api-server label to CP as well Consolidate node not ready validation message Guard apiserver nodes with a feature flag Rename Apiserver role to APIServer Add an integration test for apiserver nodes Rename Apiserver role to APIServer Enumerate all roles in rolling update docs Apply suggestions from code review Co-authored-by: Steven E. Harris <seh@panix.com>	2021-03-20 20:57:00 +01:00
Justin SB	48ebac6892	Improve error messages around PublicJWKS I left off the publicDataStore (must pass --overwrite on create, I believe), and the error message was a type-cast failure.	2021-03-20 13:59:14 -04:00
Peter Rifel	7c900b7fae	Generate and upload keys.json + discovery.json to public store Generate and upload keys.json + discovery.json to public store Don't enable anonymous auth on publicjwks Remove tests that won't work using FS VFS anymore	2021-03-19 20:03:26 +01:00
Ole Markus With	063e3f6c7b	Use internal api url for jwks when required The public api url cannot be used by pods and nodes if access is restricted. So by default we need to use the internal one. This should finally pass the OIDC e2e test For public access, api server must be publically available and anonymous auth must be enabled	2021-03-05 06:52:51 +01:00
John Gardiner Myers	e7508cc973	Use custom-configured ServiceAccountIssuer when present	2020-12-04 09:03:03 -08:00
John Gardiner Myers	4f5def8610	Address review comment	2020-12-03 23:24:43 -08:00
John Gardiner Myers	9607b9955c	Set --service-account-issuer for k8s 1.20+	2020-11-20 22:20:39 -08:00
Peter Rifel	d4d4545345	Add AWS partition support to iam service account roles	2020-09-17 10:01:27 -05:00
Justin SB	a61ecf4c58	Refactor to use interface for iam Subjects Hat-tip to johngmyers for the idea!	2020-09-09 09:57:07 -04:00

23 Commits