kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
21,067 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

380 Commits

Author SHA1 Message Date
Ciprian Hacman 4091fc00d6 Update OWNERS files 2022-12-02 07:19:59 +02:00
John Gardiner Myers 87925bf0ca Remove CloudFormation support 2022-11-22 21:02:50 -08:00
John Gardiner Myers d39ba74bd7 Change the control-plane IG role to "ControlPlane" in v1alpha3 API 2022-11-22 17:05:29 -08:00
Ciprian Hacman d29812fc6e Replace fi.Bool/Float*/Int*/StringValue() with fi.ValueOf 2022-11-19 03:45:23 +02:00
Ciprian Hacman 8f79c9bd68 Replace fi.Bool/Float*/Int*/String() with fi.PtrTo() 2022-11-19 03:45:22 +02:00
John Gardiner Myers 71017f0307 Use bastion to dump private instances 2022-11-09 21:34:04 -08:00
Ciprian Hacman 35f12c12b1 azure: Update clients to latest (previous) versions 2022-11-08 19:47:17 +02:00
John Gardiner Myers 8675336725 Also dump logs from IPv6 nodes 2022-11-05 16:10:53 -07:00
John Gardiner Myers eb69f8ac60 Remove well known account aliases for unsupported distros 2022-11-01 16:20:27 -07:00
John Gardiner Myers 423a04900f Fix typo 2022-10-27 11:07:17 -07:00
Ciprian Hacman 85026145a1 Always infer gossip DNS from cluster name 2022-10-02 12:54:37 +03:00
justinsb 90a484f049 AWS IAM Role listing: don't ignore "other" errors 
If the error was an AWS error, but not one of the recognized ones, we
ignored it.
 2022-09-01 07:57:03 -04:00
Ole Markus With eb003a19b1 Fix bugs and typo in iam resource deletion logic 2022-08-21 20:01:20 +02:00
Ole Markus With 084ecac2bb Fix no such entity check for iam profiles and roles 2022-08-21 07:29:30 +02:00
Ole Markus With 578e27bb5f Ignore entities not found when deleting IAM roles and profiles 2022-08-20 18:58:04 +02:00
Ole Markus With 535f597bce Rely on tags alone when deleting instance profiles 2022-08-20 10:25:49 +02:00
Ole Markus With e01b233b76 Warn instead of failure if we cannot read IAM role tags 
Since we now try to get tags for all roles in the account, we may encounter roles we are not allowed to get e.g if there is an SCP or similar with explicit deny.
 2022-08-20 09:53:10 +02:00
Ole Markus With 09b604867d Don't skip roles that don't have cluster name prefix 
This should plug the IAM roles leak. It probably a leftover from when roles did not have tags and we relied on the name of the role instead.
 2022-08-20 09:07:15 +02:00
Ole Markus With 8e7a50346b Add iam role deletion test 2022-08-20 09:07:15 +02:00
Ciprian Hacman 5e3e9fabd0 Limit GCE network names to 63 chars 2022-08-17 06:37:26 +03:00
Ciprian Hacman d2e614dd3e Refactor ClusterPrefixedName and ClusterSuffixedName to not return error 2022-06-30 07:59:52 +03:00
Ciprian Hacman bdb1f509f0 Fix cleanup of firewall rules that contain the cluster name hash 2022-06-29 06:30:14 +03:00
Ciprian Hacman 377e26d407 Clean-up firewall rules that contain targets with the cluster name hash 2022-06-25 10:52:30 +03:00
Ciprian Hacman d34e0fd1e0 Fix GCE resource tracking 2022-06-23 19:50:39 +03:00
Ciprian Hacman b5f14b589b Add initial support for Hetzner Cloud 2022-05-09 06:12:15 +03:00
Peter Rifel 780d9cc2ea
Fix OIDC Provider cleanup 
A race can occur where an OIDC provider being deleted is in the List results but is not found in the Get request
 2022-04-28 20:27:24 -05:00
Nat Henderson 9b08c4bb51 Enable internal load balancers when running on GCP 
* Add ILBs, broadly following the AWS model.  The following new
capabilities are added for clusters in GCP:
  * Cluster's spec.api.loadBalancer can be set to 'type: internal' on
    GCP.
    * Therefore, GCP can now create:
        * regional backend services
        * regional (non-legacy) healthchecks
        * firewall rules with "internal" load-balancing scheme
        * firewall rules with dot-notation-specified IP addresses
  * Cluster's spec.api.loadBalancer's 'subnets' field functions
    as in the AWS model.

A few incidental changes are included, either because this change
touched the relevant code or because my use case happened to trigger the
issues that are fixed here.

* Cluster's spec.networkID field can be prefixed by project to use
  GCP's common cross-project networking model.
    * The presumption is that all specified subnets belong to this
      network and therefore this project.

* Add missing operation wait on forwarding rule creation.

* Some Terraform output improvements:
    * Permit no-ACL files in GCS buckets in Terraform output.
    * Enable marginally better cross-resource reference in Terraform outputs
    * Add project to network + subnetwork literals in Terraform output.
    * Add terraform output to backend services and health checks.

Testing:
  * Add mocks for backend services and health checks.
  * Add minimal integration test - copied from gce_private and ilb added.
  * Add update cluster goldens.

Co-authored-by: Travis Reid <travis_reid@apple.com>
 2022-04-25 13:31:47 -07:00
Ole Markus With ce2e877aeb Remove bazel files from vendor 2022-04-12 13:29:03 +02:00
John Gardiner Myers 591dd1aba9 Move Azure settings to cloudProvider.azure 2022-03-03 15:18:23 -08:00
Kubernetes Prow Robot 02dc9dd8b3
Merge pull request #13201 from zetaab/removesa 
cleanup GCP Cluster Service Accounts
 2022-02-23 04:24:19 -08:00
Jesse Haka 67beb3fef5 add const 2022-02-23 10:52:08 +02:00
Kubernetes Prow Robot e29591e21e
Merge pull request #13060 from srikiz/DO-Add-New-VPC 
[DigitalOcean] Implement new VPC if network-cidr flag is specified
 2022-02-18 12:44:23 -08:00
srikiz 97a3ef1566 Initial changes for vpc 
More changes for do vpc

some more minor updates

Fix PrivateIP check

Bazel fixes

Minor changes for vpc listing

Minor fixes for DO VPC

Add delete vpc logic

More fixes for vpc usage with gossip based clusters

Fix minor comments in code

Fix mock DO interface to use missing functions

Another fix for mock cloud do for missing interface function

incorporate review comments

incorporate review comments
 2022-02-15 17:07:09 +05:30
Jesse Haka 0a19533410 remove GCE Cluster Service Accounts 2022-02-04 16:46:27 +02:00
Jesse Haka d3fac0c1be GCP API health checks 2022-02-03 21:02:21 +02:00
Ole Markus With 66e6ed0850 Delete ENIs tagged with k8s tags 2021-12-22 21:45:01 +01:00
justinsb 1eedb7ddee gce: clean up networking objects by reference 
We try to avoid cleaning up by name, and prefer checking references to
(e.g. targeting) a known resource, like an instancegroup.
 2021-12-17 10:08:09 -05:00
John Gardiner Myers a0736b3c29 Remove support for Aliyun/Alibaba Cloud 2021-12-11 21:49:13 -08:00
Jesse Haka 8f3b42222b Cleanup GCE loadbalancers created by k8s 2021-12-05 12:26:43 +02:00
justinsb 9f125b1db4 gce: Add network & subnet to toolbox dump 
Now that we're better managing networks & subnets on GCE, we should
include them.
 2021-12-04 11:30:27 -05:00
Kubernetes Prow Robot 0be79b25b7
Merge pull request #12867 from hakman/gofumpt_script 
Add gofumpt scripts
 2021-12-01 22:13:32 -08:00
Peter Rifel 00a8a68f01
Fix area/provider/gcp GitHub label assignment 2021-12-01 22:43:43 -06:00
Ciprian Hacman ea7df00719 Run hack/update-gofmt.sh 2021-12-01 22:39:50 +02:00
justinsb cfd4e91a2c GCE: Fix race around route deletion 
Because the control-plane can recreate routes, there's a race between
deleting instances and deleting routes.  Add a dependency so we don't
try to delete routes until after we've deleted all the instances.
 2021-11-21 10:14:02 -05:00
John Gardiner Myers b2e9d809b7 Support IPv6 private topology 2021-11-16 21:38:03 -08:00
angeloskaltsikis b284537885
Fix that states AWS IAM Instance Profile blocks IAM Role 
According to [aws-cli docs](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/delete-role.html#examples),
it is needed to delete any Instance profile that uses a role before deleting
the actual role. This fix adds a "blocks" statement to the IAM Instance Profile,
to declare that it should block the IAM Role deletion.
 2021-11-03 18:28:36 +02:00
justinsb 344cc3edef GCE: Delete routes with long cluster names 
GCE "classic" networking sets up routes to each instance.  The route
name looks like `<cluster-name>-<uuid>`.

If the cluster name is long enough, it will be truncated.  This was
confusing the route cleanup logic.
 2021-10-27 09:34:36 -04:00
justinsb e3c3671f76 GCE: Support network deletion 2021-10-24 17:41:14 -04:00
Peter Rifel 3311e45767
Truncate cluster name prefix used in event bridge rules 2021-09-29 19:12:49 -05:00
justinsb 1823bc5963 GCE: Fix subnet deletion 
Subnets are created & owned for IPAlias mode.  We weren't deleting
them because of a bug deleting when there is a hyphen in the name (and
by default they are named after the region, which has a hyphen).
 2021-09-20 09:29:08 -04:00
justinsb fc04d91bc7 Recognize pending EC2 instances as needed deletion 
They should be deleted as they will presumably be running shortly.

Also, this function is used from `kops dump cluster` where presumably
instances are more likely to be pending.
 2021-09-18 16:10:29 -04:00
Ole Markus With 38f805c5ef Make external-dns a drop-in for dns-controller 
Support TXT records
 2021-08-27 06:24:47 +02:00
Justin SB 0722124e8e Initial IPv6 support for GCE 
Supporting IPv6 values where they can be set by the user, and ensuring
that IPv4 and IPv6 firewall rules are split because on GCP they cannot
be in the same rule.
 2021-08-21 20:09:31 -04:00
Kubernetes Prow Robot ecb85a207a
Merge pull request #12173 from srikiz/DO-Fix-DNSProvider-Interface-Package 
[DigitalOcean] Code refactor to use the existing dnsprovider package
 2021-08-18 22:53:24 -07:00
Reilly Brogan 1b59233c8e Debian 11: Release AMIs use same AWS Owner ID as Buster 2021-08-16 12:06:36 -05:00
srikiz 41439109a8 Fix DNS Provider package for DO 2021-08-12 00:01:50 +05:30
Reilly Brogan 850bca8db6 Support Debian 11 Bullseye 2021-08-06 12:52:16 -05:00
John Gardiner Myers 4152667f28 Remove dead code 2021-07-14 20:05:47 -07:00
srikiz 8836b4076e Fix sporadic volume detach error when volume is already detached 
Update pkg/resources/digitalocean/resources.go

Co-authored-by: Ciprian Hacman <ciprian@hakman.dev>

Incorporate review comments
 2021-07-09 20:53:36 +05:30
Ciprian Hacman 7bc629b683 Use DualStack API NLB for IPv6 2021-06-26 19:16:46 +03:00
srikiz b5154bb360 Fix upup cloud.go dependencies based on the new interface spec, also update protokube 2021-05-28 22:37:47 +05:30
srikiz 4cecc64f67 Move cloud.do from pkg/resources/digitalocean/ckoud.go to upup/pkg/fi/cloudup/do directory 2021-05-28 02:17:55 +05:30
Kubernetes Prow Robot 95dcaf2766
Merge pull request #11568 from h3poteto/cleanup-iam-8823 
Cleanup InstanceProfile only that have ownership tags in delete cluster
 2021-05-23 12:13:39 -07:00
AkiraFukushima f37306c89a
Cleanup InstanceProfile only that have ownership tags in delete cluster 2021-05-23 11:13:07 +09:00
John Gardiner Myers 2cf967b2de Fix deletion of IAM roles and policies 2021-05-21 17:46:15 -07:00
Kubernetes Prow Robot 4a5d04d94f
Merge pull request #11497 from johngmyers/cleanup-iam 
Cleanup orphaned IAM service account roles in direct render
 2021-05-19 18:35:05 -07:00
John Gardiner Myers dd605fdbc3 Subsume StatusStore into fi.Cloud 2021-05-15 17:39:32 -07:00
John Gardiner Myers a41d0e21be Delete cluster-owned service account roles upon cluster deletion 2021-05-15 12:06:45 -07:00
srikiz 7e366ff678 use create-args for specifying additional argments for kops create cluster command 
Add create-args parameter only once with spaces separating multiple arguments

Add kops state store

Another fix to check if environment variable are used correctly

Add state store for digital ocean

Add env variables for do related job

check if env is empty

tmp check 1

Revert changes

Use a smaller droplet size

Update make file

Add SSH key for DO

Add private key path

update ssh user

Another fix

try with v1.18

use 1.20

Rebase with master

Fix merge issues

Add DO droplet dump support

I'm hoping this allows our e2e tests to dump system logs into the job artifacts for easier troubleshooting

Use root ssh user

use 2 nodes to reduce cost

another minor fix

Skip services test

Increase master size

Skip flaky tests

Remove pod status test that belongs to v1.20

Add do test file and revert changes to make file

Update make file

Include DigitalOcean in the supported provider flags

incorporate review comments

Update tests/e2e/pkg/tester/tester.go

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>

Fix formatting

Add higher resource master and nodes for running e2e tests

Revert back to use lower size masters
 2021-05-08 12:54:18 +05:30
Kenji Kaneda 71f52363f8 Add a lifecycle test for GCE 
- Move MockGCECloud to cloudmock/gce.
- Change Compute() and CloudDNS() of GCECloud to return interfaces
  for mocking
 2021-04-26 13:05:27 -07:00
Kubernetes Prow Robot 0d9e2e7bb4
Merge pull request #11184 from cloudnatix/kenji/gcp 
Add GCE Router task
 2021-04-24 00:37:15 -07:00
Kenji Kaneda f37330f53d Add GCE Router task 
This commit picks up the change from the previous attempt
(https://github.com/kubernetes/kops/pull/6828).

- Add Router to GCE tasks
- Add the HasExternalIP field to InstanceTemplate
- Create a RouterTask and set HasExternalIP to false when
  a private topology is specified.

https://github.com/kubernetes/kops/issues/6827
 2021-04-23 23:03:38 -07:00
Jason Haugen c2a9bdc515 fix permissions required for NTH Queue Processor 2021-04-23 13:10:29 -05:00
Jason Haugen cceb9dd296 lifecycle integ test, docs, & small cleanup 2021-04-19 15:43:06 -05:00
Jason Haugen 10df4a9a14 integ tests 2021-04-19 15:43:05 -05:00
Jason Haugen c8bb48ba81 fix existing tests 2021-04-19 15:43:05 -05:00
Jason Haugen d07b067249 Add NTH queue-processor mode 2021-04-19 15:43:05 -05:00
Ole Markus With 09615935fd Make kOps CLI handle ASG warm pools 2021-04-15 11:10:23 +02:00
Ole Markus With 5a8d47d45f Fix bug with deleting OIDC providers 2021-03-19 20:07:22 +01:00
Bharath Vedartham 0c0767c0c9 Remove support for launch configurations 2021-03-09 09:04:15 +02:00
Kubernetes Prow Robot 9c5c186442
Merge pull request #10915 from t1cg/caw/publicLoadbalancer 
add support for azure public loadbalancer
 2021-02-24 19:51:24 -08:00
liranp 955e5072dc
fix: prevent igs with same suffix from being deleted 2021-02-24 17:53:34 +02:00
Kubernetes Prow Robot 1b42286cfe
Merge pull request #10832 from rifelpet/aws-sdk 
Add Tagging to Instance Profiles and OIDC Providers
 2021-02-24 05:40:50 -08:00
Collin Woodruff ee7fc850ff add support for azure public loadbalancer 2021-02-23 17:42:33 -05:00
Nicholas Galantowicz 616d446658 add usage of subnet and routetable shared resources in azure 2021-02-22 15:28:55 -05:00
Ciprian Hacman 4f70c4237c Update mock to v1.21.0-alpha.1 2021-02-16 14:19:58 +02:00
Peter Rifel d52fd9f76c
Add tagging support to AWS Instance Profiles and OIDC Providers 2021-02-15 16:48:43 -06:00
Peter Rifel 6e6e072d93
Use AWS SDK const for IAM entities not found 2021-02-15 15:53:59 -06:00
Collin Woodruff 6a8d474acd add internal loadbalancer for azure 2021-02-12 17:13:01 -05:00
Peter Rifel c28c4c728d
Cleanup kops-controller Route53 record during cluster deletion 2021-02-03 22:41:49 -06:00
Jesse Haka 643997320d fix comment 2021-01-13 11:57:01 +02:00
Jesse Haka 1bc330b0bb nameprefix -> groupname 2021-01-13 11:54:07 +02:00
Jesse Haka 38831ff70d fix test 2021-01-12 15:50:40 +02:00
Jesse Haka 46de9f145e update gophercloud dependency 2021-01-11 14:48:22 +02:00
Matthew Wong 7e9392e72c Treat InvalidDhcpOptionsId.NotFound as already-deleted 2020-12-28 17:27:34 -08:00
Kenji Kaneda a61caea8d2 Add Azure support 
This commit contains all changes required to support Azure
(https://github.com/kubernetes/kops/issues/3957).
 2020-12-21 08:27:54 -08:00
srikiz c911976516 Fix tests 2020-11-26 15:55:17 +05:30
Ciprian Hacman c8de1d3042 Handle cluster cleanup more gracefully 2020-11-12 18:21:04 +02:00
Ciprian Hacman 1d6a51aff9 Address review comments 2020-11-09 21:41:58 +02:00
Ciprian Hacman fdf976809e Use pagination when listing LaunchTemplates 2020-11-09 21:41:58 +02:00