kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
21,067 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

54 Commits

Author SHA1 Message Date
Peter Rifel 4643c66f6b
./hack/update-expected.sh 2024-02-12 22:42:14 -06:00
Arnaud Meukam 282ae1335d
hack/update-expected.sh execution results 
Signed-off-by: Arnaud Meukam <ameukam@gmail.com>
 2024-01-04 23:55:55 +01:00
John Gardiner Myers daf3d0808c Update IAM builder tests to use external CCM 2023-09-04 15:54:05 -07:00
John Gardiner Myers 0a419953d3 Expand TestPolicyGeneration to cover gossip/no-gossip cases 2023-01-11 22:06:01 -08:00
Denis Moiseev e7c3dee038 Add `ec2:DescribeAvailabilityZones` to the AWS CCM permissions list 
To workaround the issue with subnets auto-discovery [1]
AWS ccm needs to have permission to retrieve information about
availability zones (specifically to detect outpost, wavelength, and local zones [2]).

[1] https://github.com/kubernetes/cloud-provider-aws/issues/442
[2] https://github.com/kubernetes/cloud-provider-aws/pull/499
 2022-11-25 11:04:27 +01:00
Thomas Colomb 9b28c14213 cluster-autoscaler : Add iam permission autoscaling:DescribeScalingActivities needed since 1.24 version 2022-09-23 13:20:21 +02:00
Ole Markus With f226b03abf Add back missing permissions for legacy CCM. Again. 2022-09-10 19:54:49 +02:00
Ole Markus With 9d476c0e9c Add CreateSecurityGroup permission for vpcs 2022-01-20 17:49:36 +01:00
Ole Markus With 666cf710a2 Push partition into the policy struct 2022-01-20 17:49:36 +01:00
Ole Markus With 0a082fed12 Require tag on create for external AWS CCM 2022-01-20 15:32:46 +01:00
Ole Markus With f4e538508f Create helper function for ec2 create/tag-on-create IAM permissions 2022-01-14 18:41:28 +01:00
Peter Rifel af426a272b
./hack/update-expected.sh 2021-11-03 22:17:41 -05:00
Peter Rifel a8f7fee499
./hack/update-expected.sh 2021-11-02 20:21:37 -05:00
Peter Rifel c734f5c08d
Update IAMBuilder to include the current partition in ARNs 2021-10-29 23:07:31 -05:00
Ole Markus With 795ac25363 Add permissions needed for KCM to provision NLBs 2021-10-26 08:51:28 +02:00
Peter Rifel e5ca2d1cd6
./hack/update-expected.sh 2021-10-20 15:15:36 -07:00
justinsb db1ba01e94 Only add IPv6 IAM permissions if using IPv6 
This avoids users wondering what these permissions are for until we
need them.
 2021-09-18 13:49:40 -04:00
Ole Markus With a3a2a9c3bf Have nodeup assign an ipv6 prefix 2021-09-16 19:28:07 +02:00
Ole Markus With 4ab75b01cb Have instances learn about their GPU capabilities 2021-09-05 20:09:04 +02:00
Peter Rifel 3db20bed01
./hack/update-expected.sh 2021-08-20 08:41:25 -05:00
Ole Markus With ce86d851aa IRSA support for CCM 
Update pkg/model/components/addonmanifests/awscloudcontroller/iam.go

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-08-07 10:27:36 +02:00
Ole Markus With f0390eda29 Dedicated function for ccm permissons 
Update pkg/model/iam/iam_builder.go

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2021-07-16 19:39:57 +02:00
Ole Markus With aad2912710 Add sets for the remaining addons 2021-07-01 10:37:57 +02:00
Ole Markus With df5b58b1b3 Add sets for the typical default role perms 2021-07-01 10:28:01 +02:00
Ole Markus With 37271998e1 Use sets for aws lbc permissions 2021-07-01 10:19:40 +02:00
Ole Markus With 19833e6b73 Use sets for ebscsidriver permissions 2021-07-01 09:02:04 +02:00
Ole Markus With 79a2c111f2 Remove redundant permissions 2021-06-21 08:59:54 +02:00
Ole Markus With b3f274e140 Apply permissions to master role when irsa is not used 2021-06-21 08:56:11 +02:00
Ole Markus With b37bc7578e Reduce master policy size for lb controller 2021-06-19 10:12:22 +02:00
Kubernetes Prow Robot 135cdf3461
Merge pull request #11789 from johngmyers/seed-rng 
Seed the random number generator on AWS
 2021-06-18 08:48:06 -07:00
Ole Markus With 33a7de60a7 Enable IRSA for EBS CSI Driver 2021-06-18 08:05:59 +02:00
John Gardiner Myers b1e77af664 hack/update-expected.sh 2021-06-17 23:03:52 -07:00
Ole Markus With 6e8e027aff Enable IRSA for Cluster Autoscaler 2021-06-16 18:03:11 +02:00
Matthew Wong b6266ce5f0 Run hack/update-expected.sh 2021-06-09 13:53:07 -07:00
Ole Markus With 1ec0bd18e8 Enable support for the ASG WarmPool lifecycle hook 
Update pkg/model/iam/iam_builder.go

Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>
 2021-04-24 09:40:52 +02:00
Ole Markus With af92896dc7 Don't start kubelet if we are warming 2021-04-14 11:05:50 +02:00
Ciprian Hacman a3a0b91b5f Order policy document sections alphabetically 2020-11-04 16:15:00 +02:00
Justin SB 1e559618f5 Ensure we have IAM bucket permissions to other S3 buckets 
If we are expected to write to other buckets, we need to have suitable
permissions to e.g. determine their location.
 2020-06-04 22:37:17 -04:00
Ciprian Hacman 00cbbce2b5 Allow listing versions for objects in the S3 bucket 2020-05-29 08:50:56 +03:00
Michal Schott c2d5c0fb91
Updating master IAM policies. 2019-09-13 13:07:52 +02:00
Ryan Bonham 54ef99ef54 Update Tests 2019-04-30 09:15:08 -05:00
Jay Eno 7228721439
Update test for new role 2018-11-02 23:46:02 -06:00
Kelly Campbell 8132073ad9 Add elasticloadbalancing:DeregisterTargets permission to master policy 
Without this permission, controller-manager gets the following error:

    failed to ensure load balancer for service XXX: Error trying to
    deregister targets in target group:
    "AccessDenied: User: arn:aws:sts::XXX:assumed-role/masters...
    is not authorized to perform: elasticloadbalancing:DeregisterTargets
    on resource: arn:aws:elasticloadbalancing:XXX
 2018-09-05 14:01:01 -04:00
Kashif Saadat 03e18d37af Add AWS IAM permission to check for volume resize 2018-08-10 16:47:20 +01:00
Justin Santa Barbara a7b22b4876 Remove GetAsgForInstance IAM permission 
It isn't a valid IAM permission - it was introduced in error, but IAM
is kind enough to ignore it.

Fixes #5549
 2018-08-02 11:27:29 -04:00
Kashif Saadat 2f0fdbc6d7 Add IAM ec2:ModifyVolume permission to allow EBS volume resize 2018-07-06 15:49:34 +01:00
Kashif Saadat bf30b2559f Update AWS IAM Policy tests following Statement ID removal 2018-04-10 15:33:51 +01:00
Shane Starcher ffc92d4da3 updating the test 2018-02-08 10:52:07 -05:00
Caleb Gilmour 1e74216b94 Update route-related IAM permissions for Romana 2018-02-02 00:37:46 +00:00
Eric Hole 59bc52a05a Adds permissions for ELB and NLB req'd by 1.9 2017-12-17 13:03:54 -08:00