kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
21,067 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

2694 Commits

Author SHA1 Message Date
zadjadr 0ea7e55f25 Add missing security groups for cilium etcd 2023-08-11 13:47:15 +02:00
Marco Palmisano 6a7723176d
fix: fixed an edge case with setting NodePort access in Hetzner Cloud 2023-08-10 16:17:28 +02:00
John Gardiner Myers edac43faed
Release 1.28.0-alpha.2 (#15758) 2023-08-09 21:13:26 -07:00
John Gardiner Myers 37be4741e1 hack/update-expected.sh 2023-08-09 18:12:37 -07:00
John Gardiner Myers 688097bd85 Remove unnecessary data from userdata 2023-08-09 18:12:37 -07:00
John Gardiner Myers 0f36b1344e hack/update-expected.sh 2023-08-09 18:12:37 -07:00
Kubernetes Prow Robot dc2db03de2
Merge pull request #15715 from johngmyers/nodeup-cloudconfig 
Remove references to cloudconfig-related fields from ClusterSpec in nodeup
 2023-08-08 22:03:50 -07:00
Ciprian Hacman 60b0fee1e0 aws: Add instance group tag to subnets only with Karpenter 2023-08-05 07:50:24 +03:00
Kubernetes Prow Robot ba7b4e716a
Merge pull request #15730 from zadjadr/feature/cilium-13 
Bump cilium to v1.13.5
 2023-08-04 07:44:23 -07:00
Kubernetes Prow Robot 29aa8257f4
Merge pull request #15737 from hakman/azure_nat_gateway 
azure: Add support for NAT gateway
 2023-08-03 21:42:20 -07:00
Ole Markus With a0d67fc475 Bump cilium to 1.13.5 
Bump to Cilium 1.14.0

hack/update-expected.sh
 2023-08-03 21:03:56 +02:00
Jesse Haka e3bcb1f195
OpenStack: add server group name override annotation (#15735) 
* OpenStack: add server group name override annotation

* use retries to listinstances

* add support for multiple clusters in same tenant

* run hack-expected.sh

* add test for serverGroupName annotation

* use retry
 2023-08-03 00:04:20 -07:00
Ciprian Hacman d382b0e44f azure: Add support for NAT gateway 2023-08-03 07:12:51 +03:00
Kubernetes Prow Robot 12b6991ad3
Merge pull request #15677 from hakman/azure_application_security_groups 
azure: Add support for application security groups
 2023-07-30 07:32:02 -07:00
Ciprian Hacman 10fa740e3d azure: Add support for application security groups 2023-07-30 14:40:14 +03:00
John Gardiner Myers 93bc577488 Remove code for unsupported k8s version 2023-07-29 05:08:38 -07:00
John Gardiner Myers 11069febb1 Fix AWS CCM defaults for IPAM to match KCM 2023-07-29 04:50:42 -07:00
John Gardiner Myers ed9883651c Remove references to Openstack ClusterSpec fields from nodeup 2023-07-29 04:42:07 -07:00
Kubernetes Prow Robot a8fa8952ba
Merge pull request #15647 from johngmyers/nodeup-protokube 
Remove more references to ClusterSpec fields from nodeup
 2023-07-29 00:01:59 -07:00
Kubernetes Prow Robot b29714a98c
Merge pull request #15708 from justinsb/gce_multi_lbs 
gce load balancers: set LoadBalancingScheme to EXTERNAL explicitly
 2023-07-28 23:13:59 -07:00
Kubernetes Prow Robot fd131bc730
Merge pull request #15706 from johngmyers/upgrade-ccm 
Upgrade AWS CCM
 2023-07-28 22:22:00 -07:00
justinsb 7bc5a71773 gce load balancers: set LoadBalancingScheme to EXTERNAL explicitly 
This avoids a spurious change being printed, and is more correct - we
actually want this to be external (vs nil, which implicitly means
"don't care").
 2023-07-29 08:15:29 +03:00
justinsb 3cce79d4e4 gce: Refactor resource labeling 
Create a more strongly-typed label object and use it when labeling
cluster resources.
 2023-07-28 23:48:41 -04:00
justinsb fb8e80e3f5 gce: Set labels on ForwardingRules 
We add the cluster-name label, now that labels are supported on
ForwardingRules.
 2023-07-28 23:48:41 -04:00
John Gardiner Myers fc8c19ea74
Update pkg/model/components/awscloudcontrollermanager.go 
Co-authored-by: Ciprian Hacman <ciprian@hakman.dev>
 2023-07-28 13:39:06 -07:00
Kubernetes Prow Robot 223b66c3f7
Merge pull request #15666 from johngmyers/nth 
Enable NTH by default on AWS
 2023-07-28 11:55:42 -07:00
John Gardiner Myers 3d100d1921 hack/update-expected.sh 2023-07-28 08:27:31 -07:00
John Gardiner Myers 845fb8880a Upgrade AWS CCM 2023-07-28 06:39:20 -07:00
John Gardiner Myers 4e47ae5705 Upgrade cluster-autoscaler 2023-07-28 02:59:30 -07:00
John Gardiner Myers 3756bdad5b v1alpha3: Move secretStore and keyStore uder configStore 2023-07-22 16:04:24 -07:00
John Gardiner Myers 57b0d8e9cd v1alpha3: Move configBase to configStore.base 2023-07-22 15:57:35 -07:00
Kubernetes Prow Robot dbba2ae410
Merge pull request #15678 from johngmyers/no-configstore 
v1alpha3: remove redundant ConfigStore
 2023-07-22 00:32:07 -07:00
Kubernetes Prow Robot b7f017b016
Merge pull request #15565 from justinsb/symlink_approach_2 
etcd-manager: support symlinking versions
 2023-07-20 23:40:07 -07:00
John Gardiner Myers 6836673cca Stop using redundant configStore setting 2023-07-20 19:10:21 -07:00
John Gardiner Myers 9b64707159 Ignore no-longer-used topology fields in ClusterSpec 2023-07-19 08:48:38 -07:00
John Gardiner Myers 1c0b75ae99 hack/update-expected.sh 2023-07-18 22:21:05 -07:00
John Gardiner Myers f1f8b0637b Enable NTH by default on AWS 2023-07-18 16:13:22 -07:00
John Gardiner Myers 1358851c7d Get VFSContext from caller in NewAssetBuilder() 2023-07-18 08:49:06 -07:00
Ciprian Hacman c4ec894578 azure: Perform challenge callbacks into a node 2023-07-18 06:04:51 +03:00
Anthony Hausman 4a01fc30c4
feat(karpenter): Variabilize Image, logFormat and logLevel 2023-07-17 13:13:37 +02:00
John Gardiner Myers bbff6298e7 Remove support for bootstrap tokens 2023-07-16 12:12:00 -07:00
Kubernetes Prow Robot bb4dbdce90
Merge pull request #15646 from johngmyers/prune-dead 
Remove dead code for non-kops-controller bootstrap
 2023-07-16 11:37:06 -07:00
Kubernetes Prow Robot 61fb95d8c4
Merge pull request #15645 from johngmyers/nodeup-clusterdomain 
Remove references to more ClusterSpec fields from nodeup
 2023-07-16 08:35:08 -07:00
John Gardiner Myers 977aacc356 Remove dead code for non-kops-controller bootstrap 2023-07-16 07:40:25 -07:00
Kubernetes Prow Robot 2a0cc8a7dc
Merge pull request #15627 from hakman/azure_dns_none 
azure: Add support for dns=none
 2023-07-16 04:27:05 -07:00
John Gardiner Myers 56a8f46952 hack/update-expected.sh 2023-07-15 21:27:02 -07:00
John Gardiner Myers 62f7faa4da Remove references to ClusterSpec.API from nodeup 2023-07-15 14:55:38 -07:00
Kubernetes Prow Robot 141a040aec
Merge pull request #15607 from hakman/gce_cloud-init 
gce: Use `user-data` instead of `startup-script` metadata key
 2023-07-15 11:47:05 -07:00
Ciprian Hacman 80944323f3 azure: Allow full load balancer access only when public 2023-07-15 19:16:59 +03:00
Kubernetes Prow Robot 5613a12027
Merge pull request #15635 from zetaab/hubblerules 
open hubble port 4244 for openstack
 2023-07-15 01:33:04 -07:00
Jesse Haka cbe1666012 open hubble port 4244 2023-07-15 09:40:28 +03:00
Ciprian Hacman 15b44bad52 azure: Remove permissions for nodes when dns=none 2023-07-14 13:46:26 +03:00
Ciprian Hacman 36b119d599 aws: Allow using the same instance ID as egress for multiple subnets 2023-07-13 09:12:26 +03:00
Ciprian Hacman 83d14d4343 azure: Add support for dns=none 2023-07-13 09:04:06 +03:00
John Gardiner Myers aef6fbdd29 Refactor UseKopsControllerForNodeBootstrap() 2023-07-11 09:45:45 -07:00
Kubernetes Prow Robot 4b79e04b6f
Merge pull request #15614 from hakman/gce_bastion_ssh_rules 
gce: Rename firewall SSH rules for bastion
 2023-07-10 09:31:17 -07:00
Kubernetes Prow Robot 4ad116ec78
Merge pull request #15611 from justinsb/gce_lb_firewall 
gce: Set firewall rules for Internal LBs also
 2023-07-10 09:31:05 -07:00
justinsb 79c6d954d4 Update expected output for symlinks 2023-07-10 11:21:01 -04:00
justinsb c19788e83c etcd: only support 3.4 and 3.5 
We also fill in all the symlinks for these versions.
 2023-07-10 11:19:04 -04:00
justinsb 8b813b3051 Update expected test output 2023-07-10 11:11:59 -04:00
justinsb d6350a5a6e etcd-manager: support symlinking versions 
This is an easy way for us to signal that certain versions are
compatible with each to etcd-manager, which is otherwise
overly-cautious when it comes to unknown versions.

We extend kops-utils to support the `-t` flag (like cp) to write to a
directory; and the `-s` flag (like cp) to use symlinks.  The syntax
isn't identical to cp, but should be semi-familiar and allows us to
minimize the number of initContainers we use.
 2023-07-10 11:11:59 -04:00
Ciprian Hacman 53e45886f3 gce: Rename firewall SSH rules for bastion 2023-07-10 07:06:07 +03:00
John Gardiner Myers d926989600 v1alpha3: Rename GCE networking to GCP 2023-07-09 16:48:26 -07:00
justinsb 3613f586c8 GCE: Set firewall rules for Internal LBs also 
It seems we can use the exact same rules.
 2023-07-09 19:25:42 -04:00
Kubernetes Prow Robot 114ac311c1
Merge pull request #15332 from hakman/gce_internal_lb 
gce: Update logic for internal LB
 2023-07-09 14:11:04 -07:00
Ciprian Hacman fb66f1770f gce: Use `user-data` instead of `startup-script` metadata key 2023-07-09 13:50:00 +03:00
Ciprian Hacman 4656743c22 gce: Add support for bastions 2023-07-08 18:19:40 +03:00
Ciprian Hacman 04a4e02920 gce: Update logic for internal LB 2023-07-08 04:34:43 +03:00
Justin SB cf9134489c kops-controller: create IPAM controller for GCE 
We observe the IPv6 CIDRs assigned to nodes, and reflect them into the node.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2023-07-05 12:34:55 -04:00
Ciprian Hacman 7d68ee9eb7 hetzner: Update CCM to v1.16.0 2023-07-02 08:29:56 +03:00
Kubernetes Prow Robot 49a6ed4188
Merge pull request #15570 from hakman/azure_network_security 
azure: Add support for network security groups
 2023-07-01 06:54:48 -07:00
Ciprian Hacman 4fe84705a5 azure: Add support for network security groups 2023-07-01 10:06:25 +03:00
Ciprian Hacman 4085da870f hack/update-expected.sh 2023-07-01 09:51:22 +03:00
Ciprian Hacman 015c80f950 Update etcd-manager to v3.0.20230630 2023-07-01 09:48:40 +03:00
Kubernetes Prow Robot bda5e9e63d
Merge pull request #15564 from hakman/revert_remove_obsolete_versions 
Revert "Remove obsolete etcd versions"
 2023-06-30 21:24:44 -07:00
Ciprian Hacman df97b95972 azure: Hardcode DiskControllerType to SCSI 2023-06-30 21:29:06 +03:00
Ciprian Hacman 67f0abb541 hack/update-expected.sh 2023-06-30 21:24:44 +03:00
Ciprian Hacman be69b25221 Revert "Remove obsolete etcd versions" 
This reverts commit 76cacc5c6f.
 2023-06-30 21:20:30 +03:00
Ciprian Hacman e8980bc21a Add option for specifying the list of etcd metrics urls 2023-06-27 19:50:05 +03:00
John Gardiner Myers cad5b69446
Release 1.28.0-alpha.1 (#15548) 2023-06-24 20:45:09 -07:00
John Gardiner Myers 0dfac69d83 Remove support for Weave networking 2023-06-22 23:03:24 -07:00
justinsb 476f1661f7 etcd-manager: set environment variables once 
Previously we were setting the env variable up to 3 times in an HA
control-plane, because we were adding to the etcd-manager
configuration once for each replica.
 2023-06-22 17:14:51 +03:00
Kubernetes Prow Robot dcdbec93e1
Merge pull request #15526 from justinsb/remove_duplicate_cluster 
Remove duplicate Cluster field in BootstrapScriptBuilder
 2023-06-20 04:26:22 -07:00
Ciprian Hacman cbddb4a9fd Remove duplicate Cluster field from tests 2023-06-20 12:19:04 +03:00
Ciprian Hacman 59b7653cc3 Update min versions for kOps v1.28 2023-06-20 08:11:21 +03:00
justinsb 2f0a94c34b Remove duplicate Cluster field in BootstrapScriptBuilder 
We had an identically named Cluster field in the "base class" (the
unnamed embedded objects we inherit), causing shadowing and the
potential for a nil-pointer panic.
 2023-06-19 14:34:02 -04:00
Kubernetes Prow Robot b5adab4d53
Merge pull request #15520 from hakman/fix-kops-utils-cp 
Fix promotion of `kops-utils-cp`
 2023-06-19 10:54:22 -07:00
Kubernetes Prow Robot b4c5a75829
Merge pull request #15487 from jsafrane/add-selinux 
Add optional SELinux support to RHEL clusters
 2023-06-19 08:54:22 -07:00
Kubernetes Prow Robot 0546addf29
Merge pull request #15515 from justinsb/strict_node_label_checking 
node labeling: don't ignore unknown roles
 2023-06-19 07:48:21 -07:00
Ciprian Hacman 60b14823bd hack/update-expected.sh 2023-06-19 16:52:28 +03:00
Ciprian Hacman 1d0fbfc4f1 Fix promotion of `kops-utils-cp` 2023-06-19 16:40:40 +03:00
Jan Safranek 0d03095fda Add SELinux support to containerd 
Add cluster.Spec.Containerd.SELinuxEnabled field that enables SELinux in
containerd.

With SELinux enabled, all pods that use HostPath volumes must run with
SELinux label `spc_t`, otherwise SELinux denies the pods to touch the host
filesystem.
 2023-06-19 15:20:08 +02:00
Ciprian Hacman cd1c7434e8 hack/update-expected.sh 2023-06-19 15:12:11 +03:00
Alasdair Tran 63cbe32293 Remap all init container images of etcd-manager 2023-06-19 00:09:32 +00:00
justinsb 36a763c88f node labeling: don't ignore unknown roles 
We were silently ignoring unknown roles, which makes it hard to know
when our expectations aren't met.  It looks like the rename of the
role from "Master" to "ControlPlane" may have caused some drift
against our expectations also.
 2023-06-18 19:40:56 -04:00
Ciprian Hacman 1026a131a1
Release 1.27.0-beta.1 (#15510) 2023-06-17 07:16:20 -07:00
Kubernetes Prow Robot 7117a67870
Merge pull request #15509 from hakman/kops-utils-cp 
Rename `kops-copy` to `kops-utils-cp`
 2023-06-17 02:56:20 -07:00
Ciprian Hacman ccb75c1e33 hack/update-expected.sh 2023-06-16 22:28:38 +03:00
Ciprian Hacman bec7226ad1 Rename `kops-copy` to `kops-utils-cp` 2023-06-16 22:24:51 +03:00
Ciprian Hacman 8a8f1be1ed Update pause image to v3.9 2023-06-16 21:15:50 +03:00
Ciprian Hacman 059e7c7f11 Update containerd to v1.7.2 2023-06-16 11:58:55 +03:00
Leïla MARABESE 39ed84601f keep support for gossip clusters 2023-06-14 15:15:22 +02:00
Leïla MARABESE dab001c3e9 scaleway authenticator and verifier 2023-06-14 15:15:17 +02:00
Leïla MARABESE 49465a62c7 add backend for kops controller port 2023-06-14 15:11:53 +02:00
Kubernetes Prow Robot 3eac17c582
Merge pull request #15479 from fchiacchiaretta/openstack-metrics-sg-rules 
New OpenStack security group rules for metrics
 2023-06-11 11:35:46 -07:00
justinsb abd274b3f9 Use kops-controller on hetzner, even with gossip 
This is a more secure configuration.
 2023-06-11 07:15:31 -04:00
Federico Chiacchiaretta 110dd89eaf
New OpenStack security group rules to allow scraping of metrics for 
kubeControllerManager and kubeScheduler
 2023-06-07 18:04:06 +02:00
Ciprian Hacman 4810cc18b7 hack/update-expected.sh 2023-06-05 16:46:37 +03:00
Ciprian Hacman 825e60b3ff etcd-manager: Add back etcd v3.5.7 binaries 2023-06-05 16:46:31 +03:00
Ciprian Hacman 9201263abb hack/update-expected.sh 2023-05-31 12:57:30 +03:00
Ciprian Hacman 071d272ad3 Use `opt` instead for volume name 2023-05-31 12:54:57 +03:00
Ciprian Hacman f51e347f99 Build and use cp replacement 2023-05-27 05:18:53 +03:00
Ciprian Hacman 77130df276 hack/update-expected.sh 2023-05-26 07:33:13 +03:00
Ciprian Hacman 2f07263d3d Update etcd to v3.5.9 2023-05-26 07:33:12 +03:00
Ciprian Hacman 461c0871cf Update Cilium to v1.12.10 2023-05-25 08:31:18 +03:00
Kubernetes Prow Robot c5ad898ef9
Merge pull request #15424 from spotinst/feature/add_spreadNodesBy 
Spotinst: add feature spread nodes by count/vcpu to markets
 2023-05-24 05:15:04 -07:00
Alex Last e296a8573b feat(hetzner): bump cloud-controller-manager and csi-driver 2023-05-24 08:28:48 +01:00
Ciprian Hacman 062f665dd5 hack/update-expected.sh 2023-05-23 12:52:56 +03:00
justinsb ca67b1ca1e Refactor: rename IsGossip -> UsesLegacyGossip 
We want to be able to use "dns=none" (without peer-to-peer gossip)
even for clusters that have the k8s.local extension.  These were
previously called "gossip clusters", but really that is an
implementation; what actually matters to users is that they don't rely
on writing records into a DNS zone (such as Route53).
 2023-05-22 21:50:16 -04:00
Kubernetes Prow Robot b78f1fab3a
Merge pull request #15301 from infonova/os-rework-retry-failed-servers 
OpenStack: Use task engine to retry failed servers
 2023-05-22 14:34:34 -07:00
ederst c6da418579 Run hack/update-expected.sh 2023-05-22 13:44:01 +02:00
Kubernetes Prow Robot 35cc07324d
Merge pull request #15375 from hakman/runc-1.1.7 
Update runc to v1.1.7
 2023-05-20 08:48:20 -07:00
Kubernetes Prow Robot 1cd895ccce
Merge pull request #15112 from hakman/etcd-manager_slimmer 
Remove obsolete etcd versions
 2023-05-20 07:04:19 -07:00
Ciprian Hacman a11c7189d0 Update runc to v1.1.7 2023-05-20 08:30:36 +03:00
Ciprian Hacman 2e1394dc57 Release 1.27.0-alpha.2 2023-05-19 21:35:09 +03:00
yehielnetapp faf4da0014 add cluster orientation cluster config 2023-05-18 16:15:34 +03:00
Ciprian Hacman 1c7d91b33c hack/update-expected.sh 2023-05-17 13:15:10 +03:00
Ciprian Hacman 76cacc5c6f Remove obsolete etcd versions 2023-05-17 13:00:02 +03:00
yehielnetapp 497898328f add feature spread nodes by to cluster 2023-05-17 12:56:44 +03:00
Kubernetes Prow Robot eccf23c920
Merge pull request #15420 from spotinst/feature/new_integrate_instance_metadata 
Spotinst: integrate AWS instance metadata config to instance groups #2
 2023-05-16 13:11:37 -07:00
Jesse Haka dbccba2f45 hack/update-expected.sh 2023-05-16 16:29:12 +03:00
Jesse Haka 6ac7903449 update etcd-manager to v3.0.20230516 2023-05-16 16:26:11 +03:00
yehielnetapp 12067887d3 fix vng size try 2 2023-05-16 16:13:02 +03:00
yehielnetapp 30894869e7 fix vng size 2023-05-16 16:10:35 +03:00
yehielnetapp 39d242a2fe add instance metdata config again 2023-05-16 13:44:09 +03:00
Aurelio Forese 6de63e3dd7 OpenStack model servergroup tests with loadbalancer update-expected 
Files changed after running './hack/update-expected.sh'
 2023-05-13 11:03:27 +02:00
Aurelio Forese efd50d000a OpenStack Octavia LoadBalancer supports for FlavorID 
When using Octavia as OpenStack Load Balancer, it is now possible to
specify the Octavia flavor ID to use.
 2023-05-13 10:17:44 +02:00
Kubernetes Prow Robot 9efad9c00c
Merge pull request #15410 from johngmyers/dualstack-nlb 
Make NLBs dualstack when they're in IPv6-capable subnets
 2023-05-12 22:53:26 -07:00
Kubernetes Prow Robot 4885e78bfd
Merge pull request #15406 from justinsb/options_pattern_for_hostpathmapping 
nodeup: Use functional options pattern for HostPathMapping
 2023-05-12 08:37:02 -07:00
Leïla MARABESE 3446b935c1 scaleway resources are tagged with cloud tags 2023-05-12 11:28:26 +02:00
John Gardiner Myers 8cc617afd9 Make NLBs dualstack when they're in IPv6-capable subnets 2023-05-11 14:46:23 -07:00
justinsb 6bdbbc4fd4 nodeup: Use functional options pattern for HostPathMapping 
This means that the object is not mutated after construction, making
it easier to do validity checks (such as whether we have mounted the
same path twice).
 2023-05-11 10:16:30 -04:00
Ciprian Hacman 0e37112f46 hack/update-expected.sh 2023-05-09 12:28:06 +03:00
Ciprian Hacman 81b4fbf8ac Add kubescheduler.config.k8s.io/v1 for K8s 1.25+ 2023-05-09 12:26:57 +03:00
Kubernetes Prow Robot 68bf1870f9
Merge pull request #15378 from hakman/containerd-1.6.21 
Update containerd to v1.6.21
 2023-05-08 05:51:17 -07:00
Ciprian Hacman abba0261e8 Update containerd to v1.6.21 2023-05-08 07:55:23 +03:00
justinsb 9c73c341ae Don't pass env vars if not needed 2023-05-07 13:17:56 -04:00
Bronson Mirafuentes de171be079 set default runc version to 1.1.5 2023-05-03 08:55:32 -07:00
Bronson Mirafuentes f11fd88020 update runc to 1.1.7 2023-05-02 13:48:02 -07:00
Kubernetes Prow Robot 2875f70cb5
Merge pull request #15347 from justinsb/gce_icmpv6 
gce: fix icmpv6 in firewalls
 2023-04-25 23:06:15 -07:00