kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
21,067 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

17 Commits

Author SHA1 Message Date
Justin SB c67f895226 Perform challenge callbacks into a node 
In order to verify that the caller is running on the specified node,
we source the expected IP address from the cloud, and require that the
node set up a simple challenge/response server to answer requests.

Because the challenge server runs on a port outside of the nodePort
range, this also makes it harder for pods to impersonate their host
nodes - though we do combine this with TPM and similar functionality
where it is available.
 2023-05-06 08:03:21 -04:00
John Gardiner Myers ad92d2760c Run pods needing control-plane instance credentials on hostNetwork 2023-01-10 20:48:05 -08:00
Ciprian Hacman 71d0dfdc21 gce: Allow metrics-server to access kubelet API 2022-12-05 00:20:09 +02:00
Ciprian Hacman 21e0110dc2 gce: Allow Cilium to connect to its etcd cluster 2022-11-24 21:03:16 +02:00
Ole Markus With ce2e877aeb Remove bazel files from vendor 2022-04-12 13:29:03 +02:00
justinsb caff7e36ad gce: open node->master ports for calico and cilium 
We're taking the opportunity to pursue a locked-down model, but this
means we need to open ports explicitly.
 2021-10-25 08:31:21 -04:00
justinsb 0611e4f638 gce: open kops-controller port from nodes 
This is now needed in our nodeup bootstrap with vTPM on GCE.

Also remove the cadvisor port, it is no longer running on the control-plane nodes.
 2021-10-24 13:47:16 -04:00
Ole Markus With e8134b706c Sort wellknown ports and add missing ports to table 2020-10-08 08:27:51 +02:00
Ole Markus With 1f739b0418 Move kops-controller serving port out of conflict 2020-10-08 07:25:43 +02:00
John Gardiner Myers 00c60ddff6 Add server code to kops-controller 2020-08-15 09:46:30 -07:00
Ole Markus With 263172caac Use new templates for cilium 1.8 2020-07-03 07:56:35 +02:00
John Gardiner Myers 5babf00646 Move node-local-dns healthcheck to port 3989 2020-06-12 22:00:15 -07:00
John Gardiner Myers 4bf8302f14 Move kube-apiserver-healthcheck to port 3990 2020-06-12 22:00:14 -07:00
Justin Santa Barbara 86fb6031fd Fix port conflict on etcd-cilium vs dns-controller memberlist 
Both were allocated port 3993; etcd-cilium is new and so it is less
impactful to renumber that.
 2020-05-08 10:53:53 -04:00
Ole Markus With 869ab75dea Use etcd-manager for the cilium etcd cluster 2020-04-16 08:42:59 +02:00
Jesse Haka a09a920e92 fix firewalls for openstack 2019-10-27 21:58:40 +02:00
Justin SB b6862103bb
Change default port for memberlist from 3997 
We had a port collision on 3997; change the default memberlist ports
to avoid the collision (we haven't shipped a release with this in it).

Also create a go file so that we can use constants to keep track of
our port numbers, rather than magic values.
 2019-10-14 07:26:27 -04:00