kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
22,421 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

312 Commits

Author SHA1 Message Date
Kubernetes Prow Robot 7ae0bae6fc
Merge pull request #17521 from mtulio/cloud-provider-aws-pull-1214 
aws: added permissions to RW*TargetGroupAttributes to CCM
 2025-07-29 13:48:26 -07:00
Marco Braga 04ce51ab56
feat/ccm-aws/gen: generated files by hack/update-expected.sh 2025-07-29 10:03:16 -03:00
Marco Braga 1dffab2729
feat/ccm-aws: added permissions to RW*TargetGroupAttributes 
Added permission to read and write/modify Target Group Attributes on
clusters of cloud-provider-aws (CCM) project.

The modify permission is conditional for targget clusters.

This permission is required to be able to test the new requirement,
modify target group attributes, through e2e CI clusters.

More information: https://github.com/kubernetes/cloud-provider-aws/pull/1214
Example of CI job without this permission:
https://prow.k8s.io/view/gs/kubernetes-ci-logs/pr-logs/pull/cloud-provider-aws/1214/pull-cloud-provider-aws-e2e/1948477553773645824
 2025-07-28 17:31:42 -03:00
Rafael da Fonseca 1794614c19 Add support for using ECR as pull-through image cache 
Signed-off-by: Rafael da Fonseca <rafael.fonseca@wildlifestudios.com>
 2025-07-28 12:45:53 +01:00
Antonio Ojea f2c239dd81 add kindnet network plugin 
add kindnet as an experimental network addon

containerd adds the requirement to use the loopback cni plugin,
kindnet provides that capability and containerd does not require it
since containerd/containerd/pull/10238

Change-Id: I1397a90186885b02e98b5ffa444fe629c1046757
 2025-01-08 01:09:37 +00:00
Guilherme Souza a4ac273f63
fix(cluster-autoscaler): add missing permission 2024-09-23 09:45:55 +02:00
justinsb 3646a610b1 refactor: Move GetCloudProvider to cluster 
This lets us use labels (or annotations), meaning we can experiment
with different clouds without changing the API.

We also add initial (experimental/undocumented) support for exposing a "Metal" provider.
 2024-08-26 08:20:37 -04:00
justinsb e3db4694ec refactor: simplify signature of AddS3Permissions function 
We were returning a value but really we were modifying the passed-in
value in-place.
 2024-07-04 11:44:20 -04:00
Kubernetes Prow Robot 393aac40df
Merge pull request #16440 from aauren/kube-router_v2.X 
Update kube-router to v2.1.0
 2024-03-31 23:05:34 -07:00
Aaron U'Ren 821ab18649
iam_builder.go: ensure kube-router src/dst permissions 2024-03-31 13:16:28 -05:00
Peter Rifel 8882bcbafb
Migrate IAM to aws-sdk-go-v2 2024-03-30 10:46:57 -05:00
Peter Rifel 3f74f21b7e
Update IAM Policy Principal.Service to stringorset 2024-02-14 17:39:43 -06:00
Peter Rifel 4643c66f6b
./hack/update-expected.sh 2024-02-12 22:42:14 -06:00
Peter Rifel b5264488cb
Rename stringorslice package to stringorset 2024-02-12 22:42:13 -06:00
Peter Rifel f098401c49
Rename StringOrSlice to StringOrSet, sort lists 2024-02-12 21:37:27 -06:00
Peter Rifel 21804bf631
Migrate to non-deprecated Sets implementation 2024-02-12 21:12:27 -06:00
Kubernetes Prow Robot 120220913d
Merge pull request #16219 from ameukam/servicelinkrole-elasticlb 
Add permission needed for service-linked role creation
 2024-01-05 02:08:56 +01:00
Arnaud Meukam 282ae1335d
hack/update-expected.sh execution results 
Signed-off-by: Arnaud Meukam <ameukam@gmail.com>
 2024-01-04 23:55:55 +01:00
Arnaud Meukam ce340c6059
Add permission needed for service-linked role creation 
Attempting to fix:
  - https://github.com/kubernetes/kops/issues/16218

by adding the permission needed for the AWS CCM to create a service-linked role for the elastic lb service.

Signed-off-by: Arnaud Meukam <ameukam@gmail.com>
 2024-01-04 23:19:14 +01:00
Peter Rifel 349de70cda
Add comment to remove unused IAM permissions in the future 2024-01-03 21:19:05 -06:00
Ciprian Hacman e95dab5408 aws: Add KMS to EBS CSI Driver 2023-12-13 03:13:04 +02:00
Ciprian Hacman 24a8bc39d5 aws: Always add KMS permissions to control plane 2023-12-13 02:56:23 +02:00
Dan Ports ae1584c6f0 Add Cognito permissions for AWS LBC. 2023-09-14 12:15:30 -04:00
John Gardiner Myers 9ced296724 AWS and GCP always use external CCM 2023-09-04 15:54:16 -07:00
John Gardiner Myers daf3d0808c Update IAM builder tests to use external CCM 2023-09-04 15:54:05 -07:00
John Gardiner Myers 3756bdad5b v1alpha3: Move secretStore and keyStore uder configStore 2023-07-22 16:04:24 -07:00
John Gardiner Myers 57b0d8e9cd v1alpha3: Move configBase to configStore.base 2023-07-22 15:57:35 -07:00
John Gardiner Myers 6836673cca Stop using redundant configStore setting 2023-07-20 19:10:21 -07:00
John Gardiner Myers 977aacc356 Remove dead code for non-kops-controller bootstrap 2023-07-16 07:40:25 -07:00
John Gardiner Myers aef6fbdd29 Refactor UseKopsControllerForNodeBootstrap() 2023-07-11 09:45:45 -07:00
Kubernetes Prow Robot dcdbec93e1
Merge pull request #15526 from justinsb/remove_duplicate_cluster 
Remove duplicate Cluster field in BootstrapScriptBuilder
 2023-06-20 04:26:22 -07:00
Ciprian Hacman 59b7653cc3 Update min versions for kOps v1.28 2023-06-20 08:11:21 +03:00
justinsb 2f0a94c34b Remove duplicate Cluster field in BootstrapScriptBuilder 
We had an identically named Cluster field in the "base class" (the
unnamed embedded objects we inherit), causing shadowing and the
potential for a nil-pointer panic.
 2023-06-19 14:34:02 -04:00
Jesse Haka 382855d7d1 remove s3 access from nodes if using none dns 2023-02-12 21:51:16 +02:00
John Gardiner Myers 0a419953d3 Expand TestPolicyGeneration to cover gossip/no-gossip cases 2023-01-11 22:06:01 -08:00
John Gardiner Myers c1c75ca340 hack/update-expected.sh 2023-01-11 21:19:24 -08:00
John Gardiner Myers 1de02c56f1 Use state store for nodeup.Config in Gossip clusters 2023-01-11 21:19:24 -08:00
John Gardiner Myers dec7d33be6 v1alpha3: Move AWS EBS CSI spec under CloudProvider.AWS 2022-12-19 00:10:16 -08:00
John Gardiner Myers ca7d82b02a v1alpha3: move AWS-specific fields to AWSSpec 2022-12-18 15:16:49 -08:00
John Gardiner Myers 7c3e32369a Refactor Context into separate cloudup and nodeup types 2022-12-17 17:42:46 -08:00
Kubernetes Prow Robot f827ec7f54
Merge pull request #14721 from johngmyers/nth-default-queue 
Change default for NTH Queue Processor mode to enabled
 2022-12-06 03:18:36 -08:00
John Gardiner Myers be43dc2784 Extract NTH Queue mode enable check to struct receiver 2022-12-04 15:55:58 -08:00
John Gardiner Myers 235aa61594 v1alpha3: move networking fields under networking 2022-12-02 19:19:59 -08:00
Ciprian Hacman dbef6209c2 Remove support for using Vault as state store 
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2022-11-30 18:38:21 +02:00
John Gardiner Myers 76f71512cc v1alpha3: fix miscellaneous capitalization 2022-11-28 21:37:21 -08:00
John Gardiner Myers 0424c474a3 Don't disable AWS src/dst checks in Calico IPv6 2022-11-25 20:57:48 -08:00
Denis Moiseev e7c3dee038 Add `ec2:DescribeAvailabilityZones` to the AWS CCM permissions list 
To workaround the issue with subnets auto-discovery [1]
AWS ccm needs to have permission to retrieve information about
availability zones (specifically to detect outpost, wavelength, and local zones [2]).

[1] https://github.com/kubernetes/cloud-provider-aws/issues/442
[2] https://github.com/kubernetes/cloud-provider-aws/pull/499
 2022-11-25 11:04:27 +01:00
John Gardiner Myers d39ba74bd7 Change the control-plane IG role to "ControlPlane" in v1alpha3 API 2022-11-22 17:05:29 -08:00
Ciprian Hacman d29812fc6e Replace fi.Bool/Float*/Int*/StringValue() with fi.ValueOf 2022-11-19 03:45:23 +02:00
Ciprian Hacman 8f79c9bd68 Replace fi.Bool/Float*/Int*/String() with fi.PtrTo() 2022-11-19 03:45:22 +02:00