kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
22,421 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

238 Commits

Author SHA1 Message Date
Kubernetes Prow Robot 7ae0bae6fc
Merge pull request #17521 from mtulio/cloud-provider-aws-pull-1214 
aws: added permissions to RW*TargetGroupAttributes to CCM
 2025-07-29 13:48:26 -07:00
Marco Braga 1dffab2729
feat/ccm-aws: added permissions to RW*TargetGroupAttributes 
Added permission to read and write/modify Target Group Attributes on
clusters of cloud-provider-aws (CCM) project.

The modify permission is conditional for targget clusters.

This permission is required to be able to test the new requirement,
modify target group attributes, through e2e CI clusters.

More information: https://github.com/kubernetes/cloud-provider-aws/pull/1214
Example of CI job without this permission:
https://prow.k8s.io/view/gs/kubernetes-ci-logs/pr-logs/pull/cloud-provider-aws/1214/pull-cloud-provider-aws-e2e/1948477553773645824
 2025-07-28 17:31:42 -03:00
Rafael da Fonseca 1794614c19 Add support for using ECR as pull-through image cache 
Signed-off-by: Rafael da Fonseca <rafael.fonseca@wildlifestudios.com>
 2025-07-28 12:45:53 +01:00
Antonio Ojea f2c239dd81 add kindnet network plugin 
add kindnet as an experimental network addon

containerd adds the requirement to use the loopback cni plugin,
kindnet provides that capability and containerd does not require it
since containerd/containerd/pull/10238

Change-Id: I1397a90186885b02e98b5ffa444fe629c1046757
 2025-01-08 01:09:37 +00:00
Guilherme Souza a4ac273f63
fix(cluster-autoscaler): add missing permission 2024-09-23 09:45:55 +02:00
justinsb e3db4694ec refactor: simplify signature of AddS3Permissions function 
We were returning a value but really we were modifying the passed-in
value in-place.
 2024-07-04 11:44:20 -04:00
Aaron U'Ren 821ab18649
iam_builder.go: ensure kube-router src/dst permissions 2024-03-31 13:16:28 -05:00
Peter Rifel 3f74f21b7e
Update IAM Policy Principal.Service to stringorset 2024-02-14 17:39:43 -06:00
Peter Rifel b5264488cb
Rename stringorslice package to stringorset 2024-02-12 22:42:13 -06:00
Peter Rifel f098401c49
Rename StringOrSlice to StringOrSet, sort lists 2024-02-12 21:37:27 -06:00
Peter Rifel 21804bf631
Migrate to non-deprecated Sets implementation 2024-02-12 21:12:27 -06:00
Kubernetes Prow Robot 120220913d
Merge pull request #16219 from ameukam/servicelinkrole-elasticlb 
Add permission needed for service-linked role creation
 2024-01-05 02:08:56 +01:00
Arnaud Meukam ce340c6059
Add permission needed for service-linked role creation 
Attempting to fix:
  - https://github.com/kubernetes/kops/issues/16218

by adding the permission needed for the AWS CCM to create a service-linked role for the elastic lb service.

Signed-off-by: Arnaud Meukam <ameukam@gmail.com>
 2024-01-04 23:19:14 +01:00
Peter Rifel 349de70cda
Add comment to remove unused IAM permissions in the future 2024-01-03 21:19:05 -06:00
Ciprian Hacman e95dab5408 aws: Add KMS to EBS CSI Driver 2023-12-13 03:13:04 +02:00
Ciprian Hacman 24a8bc39d5 aws: Always add KMS permissions to control plane 2023-12-13 02:56:23 +02:00
Dan Ports ae1584c6f0 Add Cognito permissions for AWS LBC. 2023-09-14 12:15:30 -04:00
John Gardiner Myers 9ced296724 AWS and GCP always use external CCM 2023-09-04 15:54:16 -07:00
John Gardiner Myers 3756bdad5b v1alpha3: Move secretStore and keyStore uder configStore 2023-07-22 16:04:24 -07:00
John Gardiner Myers 57b0d8e9cd v1alpha3: Move configBase to configStore.base 2023-07-22 15:57:35 -07:00
John Gardiner Myers 6836673cca Stop using redundant configStore setting 2023-07-20 19:10:21 -07:00
John Gardiner Myers 977aacc356 Remove dead code for non-kops-controller bootstrap 2023-07-16 07:40:25 -07:00
John Gardiner Myers aef6fbdd29 Refactor UseKopsControllerForNodeBootstrap() 2023-07-11 09:45:45 -07:00
Ciprian Hacman 59b7653cc3 Update min versions for kOps v1.28 2023-06-20 08:11:21 +03:00
Jesse Haka 382855d7d1 remove s3 access from nodes if using none dns 2023-02-12 21:51:16 +02:00
John Gardiner Myers 1de02c56f1 Use state store for nodeup.Config in Gossip clusters 2023-01-11 21:19:24 -08:00
John Gardiner Myers ca7d82b02a v1alpha3: move AWS-specific fields to AWSSpec 2022-12-18 15:16:49 -08:00
John Gardiner Myers 7c3e32369a Refactor Context into separate cloudup and nodeup types 2022-12-17 17:42:46 -08:00
Kubernetes Prow Robot f827ec7f54
Merge pull request #14721 from johngmyers/nth-default-queue 
Change default for NTH Queue Processor mode to enabled
 2022-12-06 03:18:36 -08:00
John Gardiner Myers be43dc2784 Extract NTH Queue mode enable check to struct receiver 2022-12-04 15:55:58 -08:00
John Gardiner Myers 235aa61594 v1alpha3: move networking fields under networking 2022-12-02 19:19:59 -08:00
Ciprian Hacman dbef6209c2 Remove support for using Vault as state store 
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2022-11-30 18:38:21 +02:00
John Gardiner Myers 76f71512cc v1alpha3: fix miscellaneous capitalization 2022-11-28 21:37:21 -08:00
John Gardiner Myers 0424c474a3 Don't disable AWS src/dst checks in Calico IPv6 2022-11-25 20:57:48 -08:00
Denis Moiseev e7c3dee038 Add `ec2:DescribeAvailabilityZones` to the AWS CCM permissions list 
To workaround the issue with subnets auto-discovery [1]
AWS ccm needs to have permission to retrieve information about
availability zones (specifically to detect outpost, wavelength, and local zones [2]).

[1] https://github.com/kubernetes/cloud-provider-aws/issues/442
[2] https://github.com/kubernetes/cloud-provider-aws/pull/499
 2022-11-25 11:04:27 +01:00
Ciprian Hacman d29812fc6e Replace fi.Bool/Float*/Int*/StringValue() with fi.ValueOf 2022-11-19 03:45:23 +02:00
Kubernetes Prow Robot 6f2ded7fb2
Merge pull request #14501 from hakman/kops-controller_for_config 
Boot nodes without state store access
 2022-11-16 08:32:50 -08:00
Ole Markus With e5142f6818 Add missing create tags permissions for cilium operator in ENI mode 2022-11-15 15:51:36 +01:00
Ciprian Hacman 18b5dcd297 Boot nodes without state store access 2022-11-15 14:40:14 +02:00
Thomas Colomb 9b28c14213 cluster-autoscaler : Add iam permission autoscaling:DescribeScalingActivities needed since 1.24 version 2022-09-23 13:20:21 +02:00
Kubernetes Prow Robot d705765426
Merge pull request #14253 from olemarkus/missing-legacy-ccm-permissions 
Add back missing permissions for legacy CCM. Again.
 2022-09-10 23:55:24 -07:00
John Gardiner Myers 34e32a41c8 AWS LBC needs ec2:DescribeVpcPeeringConnections for IPv6 2022-09-10 14:55:27 -07:00
Ole Markus With f226b03abf Add back missing permissions for legacy CCM. Again. 2022-09-10 19:54:49 +02:00
Ole Markus With afd7c60d77 Make it possible to enable the shield addon for LBC 2022-06-30 16:23:08 +02:00
Steven E. Harris a1495ac4c8
Allow the AWS LB Controller to use WAFs 
By introducing a few new fields within the Cluster spec's
"awsLoadBalancerController" field, allow users to enable the AWS Load
Balancer Controller to associate WAFs with EC2 Application Load
Balancers (ALBs). It's possible to enable separately use of two kinds
of WAF: WAF Classic and the never version 2-era WAF, the latter of
which bears no distinguishing name.

Retain our default configuration of the AWS Load Balancer Controller
in which this capability remains disabled via command-line flags,
overriding the controller program's enabling of this capability by
default.

Signed-off-by: Steven E. Harris <seh@panix.com>
 2022-05-16 12:20:28 -04:00
Peter Rifel 7aae4d11c8
Add IRSA for kube-router 2022-05-05 21:51:01 -05:00
Steven E. Harris de1ecd844d
Allow cluster autoscaler to get EC2 instance types 
When the cluster autoscaler builds its EC2 instance type catalog
dynamically instead of using only its statically defined set, grant it
the additional IAM permissions required to fetch the instance types
from the AWS API.
 2022-04-20 12:22:28 -04:00
Ole Markus With b080abcd88 Add missing permissions to aws lbc for IP targeting 2022-03-16 13:28:20 +01:00
Ole Markus With cd247f0b3a Add missing permissions to aws lbc for irsa 2022-02-18 15:26:05 +01:00
Ole Markus With 9d476c0e9c Add CreateSecurityGroup permission for vpcs 2022-01-20 17:49:36 +01:00