kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
21,067 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

359 Commits

Author SHA1 Message Date
Kubernetes Prow Robot da9775972c
Merge pull request #14832 from justinsb/aws_s3_context 
vfs: add context to s3 functions
 2022-12-20 16:25:25 -08:00
Kubernetes Prow Robot 93a5be1599
Merge pull request #14833 from justinsb/cleanup_double_license_header 
Cleanup double-license header in file
 2022-12-20 14:11:35 -08:00
justinsb b233bdd67d Cleanup double-license header in file 
We somehow ended up with 2 license headers here (the same, though with
different dates).
 2022-12-20 15:36:31 -05:00
justinsb bba2eaf946 vfs: add context to s3 functions 
We don't have the early initialization problem, but we do want to pass
the context through to the requests e.g. for tracing.
 2022-12-20 15:34:42 -05:00
justinsb 46f27168b8 vfs: avoid early initialization of GCS client 
By initializing on demand, we avoid the need for some context.Context
during "build" time and better reflect the notion of (passive)
builders vs (active) requests.
 2022-12-20 15:23:16 -05:00
John Gardiner Myers 89cda928e1 Fixes for checking if S3 bucket is public 2022-12-17 11:05:38 -08:00
justinsb f4984dafab Support public buckets for serviceAccountIssuers on S3 
S3 is also nudging towards bucket level permissions, so don't set an ACL when bucket is public.
 2022-12-17 09:57:45 -08:00
justinsb 5fde739814 Introduce context.Context into some of our "Context" objects 
The rule of thumb is that we shouldn't be embedding a context.Context,
but it is reasonable when the lifetime is similar and when the
refactor would otherwise be unacceptably large.

This is a minimal way to introduce it, based on adding the support
needed in the GCS support for serviceAccountIssuerDiscovery.  We will
need to plumb through the context in many more places over time.
 2022-12-12 09:56:09 -05:00
John Gardiner Myers 235aa61594 v1alpha3: move networking fields under networking 2022-12-02 19:19:59 -08:00
Ciprian Hacman dbef6209c2 Remove support for using Vault as state store 
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2022-11-30 18:38:21 +02:00
John Gardiner Myers 8b6f2973f8 Refactor GSPath use of Literal 2022-11-26 19:24:23 -08:00
John Gardiner Myers c2d9b871a5 Refactor Literal unit tests 2022-11-26 19:24:16 -08:00
Ole Markus With 8042756967 Add test confirming json merge behavior 2022-09-29 10:49:24 +02:00
Leïla MARABESE 0fa996890d featureflag and env vars for nodeup ready for testing 2022-09-26 13:55:08 +02:00
Leïla MARABESE 76562f80d5 support for scaleway in s3 buckets 2022-09-01 12:06:23 +02:00
Ciprian Hacman cb99db0757 Run make goimports 2022-08-17 07:03:33 +03:00
Ciprian Hacman 3d24d76cd6 Set higher verbosity when logging the endpoint of non-AWS S3 backend 2022-08-03 04:54:47 +03:00
Abirdcfly 9983ed68fb
delete t.FailNow after t.Fatalf 
Signed-off-by: Abirdcfly <fp544037857@gmail.com>
 2022-07-22 00:14:53 +08:00
Rémy Léone 80d2d53643 fix tenv linter 2022-06-15 18:06:28 +02:00
Kubernetes Prow Robot 6377b68811
Merge pull request #13572 from hakman/hetzner 
Add initial support for Hetzner Cloud
 2022-05-08 20:57:18 -07:00
Ciprian Hacman b5f14b589b Add initial support for Hetzner Cloud 2022-05-09 06:12:15 +03:00
Steven E. Harris 9300ac1ad5
Avoid resolv.conf file loopback for Flatcar distro 
In Flatcar Container Linux versions at 2748.0 and later, configure the
kubelet to use an alternate DNS resolver configuration. Rather than
using the "/etc/resolv.conf" file, use systemd-resolved's
"/run/systemd/resolve/resolv.conf" file.

Without this configuration, pods like CoreDNS that use the "Default"
DNS policy wind up with a DNS forwarding loop.

Signed-off-by: Steven E. Harris <seh@panix.com>
 2022-05-08 06:58:50 -04:00
Jesse Haka 52d2cb08a8 update deps 2022-05-04 10:25:42 +03:00
Ciprian Hacman c8645f0156 Add support for Rocky Linux 8 
... as an alternative to CentOS 8, after its deprecation and removal.
 2022-04-26 12:23:14 +03:00
Kubernetes Prow Robot 5e641c77bb
Merge pull request #13557 from hakman/ubuntu-18.04 
Add back support for Ubuntu 18.04
 2022-04-25 23:06:52 -07:00
Ciprian Hacman 4fe9822cf1 Add back support for Ubuntu 18.04 2022-04-26 08:22:50 +03:00
Nat Henderson 9b08c4bb51 Enable internal load balancers when running on GCP 
* Add ILBs, broadly following the AWS model.  The following new
capabilities are added for clusters in GCP:
  * Cluster's spec.api.loadBalancer can be set to 'type: internal' on
    GCP.
    * Therefore, GCP can now create:
        * regional backend services
        * regional (non-legacy) healthchecks
        * firewall rules with "internal" load-balancing scheme
        * firewall rules with dot-notation-specified IP addresses
  * Cluster's spec.api.loadBalancer's 'subnets' field functions
    as in the AWS model.

A few incidental changes are included, either because this change
touched the relevant code or because my use case happened to trigger the
issues that are fixed here.

* Cluster's spec.networkID field can be prefixed by project to use
  GCP's common cross-project networking model.
    * The presumption is that all specified subnets belong to this
      network and therefore this project.

* Add missing operation wait on forwarding rule creation.

* Some Terraform output improvements:
    * Permit no-ACL files in GCS buckets in Terraform output.
    * Enable marginally better cross-resource reference in Terraform outputs
    * Add project to network + subnetwork literals in Terraform output.
    * Add terraform output to backend services and health checks.

Testing:
  * Add mocks for backend services and health checks.
  * Add minimal integration test - copied from gce_private and ilb added.
  * Add update cluster goldens.

Co-authored-by: Travis Reid <travis_reid@apple.com>
 2022-04-25 13:31:47 -07:00
Ciprian Hacman 6a51577cb0 Creaate kubeconfig for the root user on Ubuntu 2022-04-24 10:45:37 +03:00
Tessia Piboubès 705a7b536c Use a pointer type in type assertion 2022-04-20 20:07:58 +02:00
Kubernetes Prow Robot 6d264080ed
Merge pull request #13484 from olemarkus/no-bazel-targets 
Remove bazel targets and tools
 2022-04-17 23:16:41 -07:00
Ciprian Hacman 8b8dd8d2dd Use aws_s3_object instead of deprecated aws_s3_bucket_object 2022-04-13 16:49:03 +03:00
Ole Markus With ce2e877aeb Remove bazel files from vendor 2022-04-12 13:29:03 +02:00
Justin Menga 210d072da9 Correctly detect GovCloud regions 2022-03-24 12:59:32 -07:00
Eng Zer Jun deede3ecd4
test: use `T.TempDir` to create temporary test directory 
The directory created by `T.TempDir` is automatically removed when the
test and all its subtests complete.

Reference: https://pkg.go.dev/testing#T.TempDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
 2022-02-18 16:57:41 +08:00
justinsb 9ccc100f92 tests: ensure that we use ACLs with memfs 
They weren't fully wired up previously
 2022-01-30 15:04:11 -05:00
Robbie Lankford 88a9d50e73
fix ineffectual assignments 2021-12-12 18:16:46 -06:00
Ole Markus With af4c12c5e9
Revert "Recognize debian bullseye as having "broken" resolv.conf" 2021-12-12 14:41:52 +01:00
John Gardiner Myers a0736b3c29 Remove support for Aliyun/Alibaba Cloud 2021-12-11 21:49:13 -08:00
justinsb 689f66a390 Recognize debian bullseye as having "broken" resolv.conf 
Debian bullseye also has the loopback resolv.conf that needs special
handling.
 2021-12-11 10:15:46 -05:00
Ciprian Hacman e19a1bbad9 Remove support for RHEL/CentOS 7 2021-12-03 21:40:10 +02:00
Ciprian Hacman 2030055c54 Remove support for Ubuntu 18.04 2021-12-03 21:28:12 +02:00
Ciprian Hacman 45094241f6 Remove support for Ubuntu 16.04 2021-12-03 21:28:12 +02:00
Ciprian Hacman 2055eec0f9 Remove support for Debian 9 2021-12-03 21:12:28 +02:00
Kubernetes Prow Robot ca966310e8
Merge pull request #12121 from rifelpet/gcs-tf 
Support GSFS Terraform Managed Files
 2021-12-03 06:32:27 -08:00
John Gardiner Myers c070c4def5 Remove support for CentOS 8 2021-12-02 23:09:08 -08:00
Peter Rifel f5f52eec92
Add mock GCP credentials to fix unit tests 2021-12-02 08:01:35 -06:00
Peter Rifel f56f98154a
Add TerraformProvider 2021-12-02 08:01:35 -06:00
Peter Rifel 675754edeb
Add Terraform support for GS Paths 2021-12-02 08:01:34 -06:00
Peter Rifel 5813b7f0e0
Add a unit test for S3Path.RenderTerraform 
Unfortunately it needs to be in a different package to avoid a rather complex import loop: terraform -> kops api -> vfs -> terraform
 2021-12-02 07:55:45 -06:00
Ciprian Hacman ea7df00719 Run hack/update-gofmt.sh 2021-12-01 22:39:50 +02:00
Ole Markus With 2fa53989c4 Configure dualstack endpoint for s3 
Use dualstack https endpoints on ipv6only cluster. Always use
dualstack endpoints through the SDK
 2021-11-20 08:00:00 +01:00
John Gardiner Myers 18d58f900c Support setting empty maps and structs 2021-11-13 19:10:29 -08:00
Kubernetes Prow Robot 49162378aa
Merge pull request #12722 from Juneezee/deprecate-ioutil 
refactor: move from io/ioutil to io and os packages
 2021-11-12 20:50:53 -08:00
Ciprian Hacman 471bcefb89 Recognize Ubuntu 22.04 (Jammy Jellyfish) 2021-11-13 05:23:09 +02:00
Eng Zer Jun 425173ae9f
refactor: move from io/ioutil to io and os packages 
The io/ioutil package has been deprecated as of Go 1.16, see
https://golang.org/doc/go1.16#ioutil. This commit replaces the existing
io/ioutil functions with their new definitions in io and os packages.

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
 2021-11-12 15:37:18 +08:00
Peter Rifel 7eaa647b2a
Include the provider alias on TerraformPath resources that reference their provider 2021-09-17 18:08:59 -05:00
Peter Rifel c3a7f9f75a
Add TerraformProvider definition to TerraformPath interface 2021-09-17 18:08:58 -05:00
Kubernetes Prow Robot 1b431b4c9c
Merge pull request #11628 from olemarkus/gpu-runtime 
Pre-install nvidia container runtime + drivers on GPU instances
 2021-09-11 13:00:07 -07:00
Ciprian Hacman a7bb55b72f Recognize Ubuntu 21.10 (Impish Indri) 2021-09-11 08:56:33 +03:00
Ole Markus With 4ab75b01cb Have instances learn about their GPU capabilities 2021-09-05 20:09:04 +02:00
justinsb c2914ccba7 Warn if KOPS_ARCH is not a recognized value 
Otherwise we were silently rejecting it.
 2021-08-23 08:41:07 -04:00
Yadnesh Kulkarni 670fa3aaf7 Incorrect url to the swift container 
Swift path prefix in ReadTree and ReadDir should not be empty
when adding "/" to it.
 2021-08-15 04:21:34 -04:00
Ole Markus With 67b4024694 Reconcile if managedFile is public or not 2021-08-13 20:20:44 +02:00
Reilly Brogan 850bca8db6 Support Debian 11 Bullseye 2021-08-06 12:52:16 -05:00
Ole Markus With 4bf0fae33a Add function for getting memfs location 2021-07-01 08:27:48 +02:00
John Gardiner Myers eb076e3713 Render managed files with Terraform 2021-06-28 12:15:15 -07:00
John Gardiner Myers ead0941ae8 Make SpecOverride append to slices 2021-06-14 14:01:22 -07:00
John Gardiner Myers 76fc012f96 Allow unsetting fields from the command line 2021-06-14 08:52:32 -07:00
Kubernetes Prow Robot 3c4b6068b9
Merge pull request #11649 from h3poteto/fix-jwks-location 
Fix jwks object path in S3 for IRSA
 2021-06-01 08:26:27 -07:00
AkiraFukushima d52ec60c02
Fix issuer and jwks object path for IRSA 2021-06-01 23:35:21 +09:00
John Gardiner Myers e896a8a215 Fix detection of virtual-hosted-style S3 urls in us-east-1 2021-05-31 19:07:56 -07:00
Kubernetes Prow Robot 3a376e9048
Merge pull request #11387 from johngmyers/aws-config 
Enable reading shared config when possibly from CLI
 2021-05-23 15:15:38 -07:00
Ciprian Hacman a39d829f1f Set canonical location for downloads to artifacts.k8s.io 
And remove the legacy location for downloads.
 2021-05-14 00:41:56 +03:00
John Gardiner Myers 23de00da6e Enable reading shared config when possibly from CLI 2021-05-05 22:08:54 -07:00
Ciprian Hacman e0eab51c5c Recognize Ubuntu 21.04 2021-04-27 12:54:42 +03:00
Peter Rifel 7c900b7fae Generate and upload keys.json + discovery.json to public store 
Generate and upload keys.json + discovery.json to public store

Don't enable anonymous auth on publicjwks

Remove tests that won't work using FS VFS anymore
 2021-03-19 20:03:26 +01:00
Kubernetes Prow Robot 2083133cfc
Merge pull request #11047 from bmelbourne/update-misc-go-mods 
Update Go modules to latest versions
 2021-03-15 00:11:04 -07:00
Peter Rifel 21389c8276
Cleanup some nodeup & protokube logging 
Also log a channels error that we're seeing on flatcar to help with troubleshooting
 2021-03-14 21:49:35 -05:00
Barry Melbourne e30bf1cf35 Update Go modules to latest versions 2021-03-14 15:08:27 +00:00
Bharath Vedartham e5aa8177b6 Add protokube and channels urls 2021-03-06 00:31:18 +05:30
Kubernetes Prow Robot 016b0e5500
Merge pull request #10732 from zetaab/feature/uagent 
add user agent to openstack api requests
 2021-02-06 23:53:12 -08:00
Jesse Haka 034dad258c modify names 2021-02-05 09:57:54 +02:00
Jesse Haka 41d04d8d4b add user agent to openstack api requests 2021-02-04 23:04:06 +02:00
Bharath Vedartham 49f3ab0703 Throw error if path being set by kops set is not present in struct 2021-01-31 12:00:42 +05:30
Kubernetes Prow Robot 95e9cbf8ab
Merge pull request #10566 from rifelpet/fs-err 
Fix file not found error detection in fs://
 2021-01-12 22:42:35 -08:00
Peter Rifel 0df5f6c24d
Fix file not found error detection in fs:// 2021-01-12 20:57:33 -06:00
Justin Santa Barbara 78b139465c Refactor and centralize distribution logic 
Use of a struct makes it more sustainable, centralizing into the
distribution package makes it simpler to follow.
 2021-01-05 11:50:23 -05:00
Justin SB b17e44b709 Recognize ubuntu 20.10 
Teach nodeup about ubuntu 20.10, including the unusual
/etc/resolv.conf configuration.
 2021-01-05 10:53:40 -05:00
Kenji Kaneda a61caea8d2 Add Azure support 
This commit contains all changes required to support Azure
(https://github.com/kubernetes/kops/issues/3957).
 2020-12-21 08:27:54 -08:00
Justin SB 7d9ff3ba96 Refactor MirroredAsset into mirrors package 
This means we can use MirroredAsset for nodeup without circular
dependencies.  Also removes a duplicate constant that was declared
twice.
 2020-12-19 18:39:09 -05:00
Kenji Kaneda 40c944aa5c Fix a typo in an error message returned from buildAzureBlobPath 
invalid Azure Blob schem -> invalid Azure Blob scheme
 2020-11-23 08:16:39 -08:00
Kenji Kaneda 4555c0b2df Add support of Azure Blob storage to VFS 
The schema is "azureblob".

azureClient provides two ways to set up credential. One approach is to
use an account key stored in env var. This approach is used when
accessing Blob from kops CLI. The second approach is to retrieve
credentials from Instance Metadata Service. This works only when
azureClient is created on a VM that has sufficient privilege to access
a specified blob. This approach is used from nodeup, etcd-manager,
etc.
 2020-11-19 10:47:03 -08:00
Jesse Haka 67d69f16a9 allow reauth for openstack client 2020-10-30 08:57:49 +02:00
Ole Markus With f6ce70e5c3 Minor fixes to swiftfs.go 2020-10-08 20:32:29 +02:00
Ciprian Hacman 0c6f1c733c Use all kops mirrors to determine artifacts hashes 2020-09-18 09:44:37 +03:00
Kubernetes Prow Robot a5fc8895dc
Merge pull request #9857 from hakman/detect-aws-region 
Detect AWS region for S3 inside containers
 2020-09-09 23:17:44 -07:00
John Gardiner Myers 1e92c7740c Map ENOENT to ErrNotExist in FSPath 2020-09-05 21:46:57 -07:00
Ciprian Hacman 32e6da7576 Detect AWS region for S3 inside containers 2020-09-02 06:41:12 +03:00
Kubernetes Prow Robot fc66e0161e
Merge pull request #9836 from justinsb/openstack_reauth 
Always use OpenStack Swift reauthentication
 2020-08-31 00:40:20 -07:00
Justin SB c63ce4b5ab Implement setter by reflection 
This means we no longer have to individually hard-code the `kops set`
fields, however we use the "language" we're now demonstrated.

We add tests to ensure we have parity with our existing (hard-coded)
setter logic.
 2020-08-30 09:59:52 -04:00