kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
21,067 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

232 Commits

Author SHA1 Message Date
Ole Markus With ce2e877aeb Remove bazel files from vendor 2022-04-12 13:29:03 +02:00
Justin Menga 210d072da9 Correctly detect GovCloud regions 2022-03-24 12:59:32 -07:00
Eng Zer Jun deede3ecd4
test: use `T.TempDir` to create temporary test directory 
The directory created by `T.TempDir` is automatically removed when the
test and all its subtests complete.

Reference: https://pkg.go.dev/testing#T.TempDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
 2022-02-18 16:57:41 +08:00
justinsb 9ccc100f92 tests: ensure that we use ACLs with memfs 
They weren't fully wired up previously
 2022-01-30 15:04:11 -05:00
John Gardiner Myers a0736b3c29 Remove support for Aliyun/Alibaba Cloud 2021-12-11 21:49:13 -08:00
Peter Rifel f5f52eec92
Add mock GCP credentials to fix unit tests 2021-12-02 08:01:35 -06:00
Peter Rifel f56f98154a
Add TerraformProvider 2021-12-02 08:01:35 -06:00
Peter Rifel 675754edeb
Add Terraform support for GS Paths 2021-12-02 08:01:34 -06:00
Peter Rifel 5813b7f0e0
Add a unit test for S3Path.RenderTerraform 
Unfortunately it needs to be in a different package to avoid a rather complex import loop: terraform -> kops api -> vfs -> terraform
 2021-12-02 07:55:45 -06:00
Ciprian Hacman ea7df00719 Run hack/update-gofmt.sh 2021-12-01 22:39:50 +02:00
Ole Markus With 2fa53989c4 Configure dualstack endpoint for s3 
Use dualstack https endpoints on ipv6only cluster. Always use
dualstack endpoints through the SDK
 2021-11-20 08:00:00 +01:00
Eng Zer Jun 425173ae9f
refactor: move from io/ioutil to io and os packages 
The io/ioutil package has been deprecated as of Go 1.16, see
https://golang.org/doc/go1.16#ioutil. This commit replaces the existing
io/ioutil functions with their new definitions in io and os packages.

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
 2021-11-12 15:37:18 +08:00
Peter Rifel 7eaa647b2a
Include the provider alias on TerraformPath resources that reference their provider 2021-09-17 18:08:59 -05:00
Peter Rifel c3a7f9f75a
Add TerraformProvider definition to TerraformPath interface 2021-09-17 18:08:58 -05:00
Yadnesh Kulkarni 670fa3aaf7 Incorrect url to the swift container 
Swift path prefix in ReadTree and ReadDir should not be empty
when adding "/" to it.
 2021-08-15 04:21:34 -04:00
Ole Markus With 67b4024694 Reconcile if managedFile is public or not 2021-08-13 20:20:44 +02:00
Ole Markus With 4bf0fae33a Add function for getting memfs location 2021-07-01 08:27:48 +02:00
John Gardiner Myers eb076e3713 Render managed files with Terraform 2021-06-28 12:15:15 -07:00
Kubernetes Prow Robot 3c4b6068b9
Merge pull request #11649 from h3poteto/fix-jwks-location 
Fix jwks object path in S3 for IRSA
 2021-06-01 08:26:27 -07:00
AkiraFukushima d52ec60c02
Fix issuer and jwks object path for IRSA 2021-06-01 23:35:21 +09:00
John Gardiner Myers e896a8a215 Fix detection of virtual-hosted-style S3 urls in us-east-1 2021-05-31 19:07:56 -07:00
John Gardiner Myers 23de00da6e Enable reading shared config when possibly from CLI 2021-05-05 22:08:54 -07:00
Peter Rifel 7c900b7fae Generate and upload keys.json + discovery.json to public store 
Generate and upload keys.json + discovery.json to public store

Don't enable anonymous auth on publicjwks

Remove tests that won't work using FS VFS anymore
 2021-03-19 20:03:26 +01:00
Barry Melbourne e30bf1cf35 Update Go modules to latest versions 2021-03-14 15:08:27 +00:00
Jesse Haka 034dad258c modify names 2021-02-05 09:57:54 +02:00
Jesse Haka 41d04d8d4b add user agent to openstack api requests 2021-02-04 23:04:06 +02:00
Peter Rifel 0df5f6c24d
Fix file not found error detection in fs:// 2021-01-12 20:57:33 -06:00
Kenji Kaneda 40c944aa5c Fix a typo in an error message returned from buildAzureBlobPath 
invalid Azure Blob schem -> invalid Azure Blob scheme
 2020-11-23 08:16:39 -08:00
Kenji Kaneda 4555c0b2df Add support of Azure Blob storage to VFS 
The schema is "azureblob".

azureClient provides two ways to set up credential. One approach is to
use an account key stored in env var. This approach is used when
accessing Blob from kops CLI. The second approach is to retrieve
credentials from Instance Metadata Service. This works only when
azureClient is created on a VM that has sufficient privilege to access
a specified blob. This approach is used from nodeup, etcd-manager,
etc.
 2020-11-19 10:47:03 -08:00
Jesse Haka 67d69f16a9 allow reauth for openstack client 2020-10-30 08:57:49 +02:00
Ole Markus With f6ce70e5c3 Minor fixes to swiftfs.go 2020-10-08 20:32:29 +02:00
Ciprian Hacman 0c6f1c733c Use all kops mirrors to determine artifacts hashes 2020-09-18 09:44:37 +03:00
Kubernetes Prow Robot a5fc8895dc
Merge pull request #9857 from hakman/detect-aws-region 
Detect AWS region for S3 inside containers
 2020-09-09 23:17:44 -07:00
John Gardiner Myers 1e92c7740c Map ENOENT to ErrNotExist in FSPath 2020-09-05 21:46:57 -07:00
Ciprian Hacman 32e6da7576 Detect AWS region for S3 inside containers 2020-09-02 06:41:12 +03:00
Justin SB d4480e4721 Always use OpenStack Swift reauthentication 
If we were using credentials from env vars, we would not do
reauthentication with Swift.
 2020-08-29 08:25:59 -04:00
Peter Rifel 4d9f0128a3
Upgrade to klog2 
This splits up the kubernetes 1.19 PR to make it easier to keep up to date until we get it sorted out.
 2020-08-16 20:56:48 -05:00
Ole Markus With a708a96c05 Adds support for using OS application credentials 
Application credentials allows you to export a purpose-specific set of
credentials for a user instead of exposing user login credentials.
Especially useful when using LDAP or similar for Openstack users.
Also lets you rotate credentials more easily since multiple application
credentials can be provisioned per user.

Update pkg/model/bootstrapscript.go

Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>
 2020-08-07 14:26:47 +02:00
Ole Markus With d1479fb666 Add support for reading openstack metadata in vfs 2020-08-04 08:22:00 +02:00
John Gardiner Myers fed5587d77 Improve locking in memfs 2020-07-19 16:01:47 -07:00
Zhou Hao d6695b822f Add err judgment to os.RemoveAll 
Signed-off-by: Zhou Hao <zhouhao@cn.fujitsu.com>
 2020-07-09 16:48:35 +08:00
Zhou Hao 34931ed930 Add err judgment to ioutil.TempDir 
Signed-off-by: Zhou Hao <zhouhao@cn.fujitsu.com>
 2020-07-09 16:45:12 +08:00
Li Zhijian c3fc293ede cleanup tempfiles for fs_test 
Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
 2020-07-02 10:09:34 +08:00
Xiaoyu Zhong 98c35cd220 Rename accessKeyId to accessKeyID 2020-06-22 09:32:20 +08:00
Ole Markus With acaa1e1dfc Implement VFS for vault 2020-06-18 13:02:37 +02:00
Kubernetes Prow Robot 5e27f74dd8
Merge pull request #9228 from justinsb/paginate_delete_all_versions 
S3 DeleteAllVersions: use pagination
 2020-05-31 15:59:54 -07:00
Justin SB 319ddcc333 S3 DeleteAllVersions: use pagination 
This way we're not limited to one page of versions.  This is likely a
purely theoretical concern, at least as we're using it today.
 2020-05-31 18:21:05 -04:00
Justin SB 7d7b8969ea Use AWS SDK to fetch metadata 
Previously the EC2 metadata service was straightforward HTTP, but IMDS
v2 now requires managing a session token (and is more secure for it).

We now use the AWS SDK when retrieving metadata; it automatically
supports IMDS v2.
 2020-05-31 17:23:01 -04:00
Ciprian Hacman d54aadc89c Fix nits for removal of S3 file versions 2020-05-28 06:50:32 +03:00
Kubernetes Prow Robot 92f8e22002
Merge pull request #9174 from johngmyers/remove-vfsscan 
Remove unused VFSScan
 2020-05-27 09:24:48 -07:00
Ciprian Hacman 9675692b84 Implement RemoveAll() for S3 paths 2020-05-25 07:46:32 +03:00
John Gardiner Myers 62ebbc5a5d Remove unused VFSScan 2020-05-24 21:27:28 -07:00
Ciprian Hacman b565122875 Remove delete markers also from S3 bucket 2020-05-24 17:42:02 +03:00
Ciprian Hacman a48ccfa06c Return warning instead of error to hide issues during cluster teardown 2020-05-24 15:20:20 +03:00
Ciprian Hacman 1a38a3feaa Return os.ErrNotExist when no versions are found 2020-05-24 11:42:18 +03:00
Ciprian Hacman 56af880c53 Remove TODO that was not addressed for a long time 2020-05-24 10:11:56 +03:00
Ciprian Hacman 831e3f0e57 Remove all versions of a file form the S3 bucket 2020-05-24 08:38:46 +03:00
Justin SB 5ed11fd9c7 GCE: don't rely on hostname being correct 
Distros that use systemd for DHCP often don't have the hostname
correct, due to e.g. the requirement for policy kit.

We don't rely on it being set correctly on other clouds; no real
reason to require it on GCP either!
 2020-05-17 15:20:58 -04:00
Kubernetes Prow Robot 5fc7ee69da
Merge pull request #8997 from littleroad/add_unit_test 
util/pkg/vfs/fs.go: Add Unit Test for WriteTo
 2020-05-04 17:29:08 -07:00
Johannes Würbach b92ef68bd6
Support S3 Virtual Hosted Style 2020-05-03 07:44:44 +02:00
Lu Fengqi f7990cad35 util/pkg/vfs/fs.go: Add Unit Test for WriteTo 
Signed-off-by: Lu Fengqi <lufq.fnst@cn.fujitsu.com>
 2020-04-27 17:46:07 +08:00
Justin Santa Barbara 108d1eee5d Replace deprecated x/net/context with context 
It's not x-perimental any more!
 2020-04-09 23:58:19 -04:00
Dao Cong Tien af6ff9b50d Add UT for util/pkg/vfs/memfs.go 
Signed-off-by: Dao Cong Tien <tiendc@vn.fujitsu.com>
 2020-03-12 19:04:24 +07:00
tiendc ce134f71b9
Update fs_test.go 2020-03-09 15:45:12 +07:00
tiendc 293233248c
Update fs_test.go 
Update fs_test.go
 2020-03-09 15:32:03 +07:00
Dao Cong Tien b95a24d43e Add UT for util/pkg/vfs/fs.go 
Signed-off-by: Dao Cong Tien <tiendc@vn.fujitsu.com>
 2020-03-06 13:43:24 +07:00
Kubernetes Prow Robot a34ad252ff
Merge pull request #8496 from justinsb/log_acls 
GCS: Log ACLs if we're writing them
 2020-02-06 22:49:43 -08:00
Justin SB 9fb80f9048
GCS: Log ACLs if we're writing them 
We log at V(4) because they are fairly verbose.
 2020-02-06 14:46:41 -05:00
Justin SB 9e7a026332
GCS: Fix bug where around retry on GCS 
We were recomputing the MD5, but we would need to rewind the stream first.
 2020-02-06 14:45:39 -05:00
Kubernetes Prow Robot b356bd4dc7
Merge pull request #6465 from ari-becker/bugfix/allow-local-filesystem-state-store 
Allow local filesystem state stores (to aid CI pull-request workflows)
 2020-01-17 10:52:26 -08:00
Justin Santa Barbara 5ebbfc96b9
Replace deprecated method calls to google cloud libraries 
Required for static-check to pass.
 2020-01-17 06:38:43 -05:00
Ari Becker 3236ba135b
Allow local filesystem state stores 2019-12-29 09:12:51 +02:00
Kubernetes Prow Robot be6e8a83e2
Merge pull request #8194 from bittopaz/ali-patch-2 
Alicloud: refine Alicloud RAM role policy
 2019-12-27 09:30:23 -08:00
Xiaoyu Zhong 5287f6d024 Refine Alicloud RAM role policy 2019-12-25 11:02:41 +08:00
tanjunchen 3f9400a588 util/pkg/vfs/:staticcheck 2019-12-23 10:20:56 +08:00
Xiaoyu Zhong e580c5fff7 Alicloud: allow use RAM role for OSS client 2019-12-04 10:44:41 +08:00
feifei.zhang@huawei.com 48ebd260d3 fix golint failures 2019-11-24 16:38:58 +08:00
Xiaoyu Zhong 002ddbb270 Alicloud: add hostname override 2019-10-16 21:53:40 +08:00
Justin SB cdaa7a3a48
Fix boilerplate: headers & packages 2019-09-25 12:48:14 -04:00
Justin SB 728e582360
Fill out kops controller functionality 
k8s 1.16 requires that we move label setting away from the kubelet, to
a central controller.  kops-controller is that controller.
 2019-09-25 12:04:34 -04:00
mikesplain 9e55b8230a Update copyright notices 
Also cleans some white spaces
 2019-09-09 14:47:51 -04:00
Guangming Wang ad752f4887 fix static check error in vfssync.go 2019-09-01 15:33:31 +08:00
Lars Lehtonen 420273b309 util/pkg/vfs: Fix swallowed errors 2019-08-28 14:03:57 -07:00
Justin SB eca2ac6b80
Look for sha256 and sha1 files for artifacts 2019-08-23 18:26:25 -04:00
Justin SB 93f0b914cf
S3 VFS: Default to current region from metadata service 
We need a region to start from to make AWS calls.  us-east-1 works for
most credentials, but not for cn-north-1 credentials.  Instead, we get
the current region from metadata when running on EC2; and we continue
to fall-back to us-east-1.

For CLI commands (kops) the user will still have to set AWS_REGION,
but for system binaries (nodeup, etcd-manager), this should default
appropriately.

Note that the region doesn't have to be the actual region of the
bucket, just a region we can access.

Issue #6098
 2019-05-13 02:33:21 -07:00
Justin SB 76d03b3f71
Generated files: glog -> klog 2019-05-06 12:56:03 -04:00
Justin SB 3e33ac7682
Change code from glog to klog 
We don't call klog.InitFlags yet, because that will cause a flag
redefinition error until we get everyone to stop using glog.  That
will happen when we update to k8s 1.13.
 2019-05-06 12:54:51 -04:00
xichengliudui 3cd5c71330 Using const() defines constants together (part:3) 2019-04-11 15:19:27 -04:00
Derek Lemon -T (delemon - AEROTEK INC at Cisco) 4e752ca62d Openstack Environment Variable Mapping 2019-01-15 14:21:41 -07:00
Derek Lemon -T (delemon - AEROTEK INC at Cisco) d0713c633a Use gophercloud to configure environment authentication 2019-01-15 14:21:31 -07:00
Derek Lemon -T (delemon - AEROTEK INC at Cisco) fb0939af9b Openstack Model, tasks, and cloud ops refactor 2019-01-15 14:16:08 -07:00
Jon Perritt 3064f6be15 server groups, lb, instance, and dns tasks, models and resources 2019-01-15 14:06:54 -07:00
Justin SB 4522a9bc66
Always log when a retry loop fails 
We want to be sure the retry loop is working, and we want to know when
we're incurring retry failures (if something is expected to fail).
 2018-12-21 14:16:51 -05:00
Justin SB 26bd75aecb
Bulk spelling fixes 
Experimenting with my own spelling checker, these are the typos it caught.
 2018-12-20 17:43:56 -05:00
Justin Santa Barbara 85d47cd67d s3: lazy-evaluate encryption policy 
Should help performance a little bit, and should be a little faster.
 2018-10-11 06:46:34 -07:00
Justin Santa Barbara 49e5797bc0 Google Cloud Storage md5 decoding fix 
The MD5 is presented base64 encoded; we were trying to decode it as
hex.
 2018-10-09 18:16:15 -07:00
k8s-ci-robot 66b9e0e8b0
Merge pull request #5726 from davidarcher/patch-1 
Use appropriate log level for KOPS_STATE_S3_ACL debug message
 2018-09-05 08:14:48 -07:00
Levi Blackstone c4e2db4afc
Vendor servergroup module from gophercloud 
* Bump gophercloud sha to f29afc2
* Add a prereq check for bazel and dep which is needed by `make dep-ensure`
* Document the process to add a vendored dependency
 2018-08-30 11:25:54 -06:00
David Archer 83db56fab0
Use appropriate log level for KOPS_STATE_S3_ACL debug message 2018-08-30 09:58:23 -04:00
Justin Santa Barbara 1753423027 DigitalOcean: don't try to set SSE 
We lost the p.sse check in a bad merge; restoring it here.

Fix #5519
 2018-08-14 21:26:18 -04:00