kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
20,196 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

1830 Commits

Author SHA1 Message Date
Kubernetes Prow Robot defcdedb68
Merge pull request #12366 from justinsb/zone_autocompletion 
Support zone autocompletion
 2021-09-22 17:45:10 -07:00
Kubernetes Prow Robot 74f9a8e2fb
Merge pull request #12342 from eddycharly/irsa-wildcard 
feat: add support for wildcard in roles generated for IRSA
 2021-09-22 16:09:10 -07:00
Charles-Edouard Brétéché 5f523366d6 feat: add support for wildcard in roles generated for IRSA 2021-09-23 00:24:45 +02:00
justinsb c7e6187493 Support zone completion 
Refactor cloud listing & zone guessing into its own package.
 2021-09-20 09:53:33 -04:00
Peter Rifel 3cc7162089
Remove TerraformJSON test 
The FF is deprecated and would require a lot of effort to support disabling TerraformManagedFiles (which is required) in this one integration test case
 2021-09-17 06:42:27 -05:00
Ole Markus With 81177dc634 Add cloud ipam behind a feature flag 2021-09-16 21:12:29 +02:00
Ole Markus With 88bd1953ce Have kops-controller assign instance ipv6 prefix to node 2021-09-16 19:25:19 +02:00
Ole Markus With 02f29bdfe7 Add test for cloudipam 2021-09-16 19:25:16 +02:00
justinsb 153cf97049 tests: create-cluster integration tests should validate additional objects 
As we start creating them for addon support, we want to be sure that
they aren't created elsewhere.
 2021-09-06 14:45:40 -04:00
Ole Markus With f5fed2a08d Move nvidia config under containerd 2021-09-05 20:28:07 +02:00
Ole Markus With b144304240 Install nvidia device driver addon 2021-09-05 20:09:04 +02:00
Ole Markus With b52008d9b6 Add instance state change notification to nth 2021-08-31 22:54:21 +02:00
John Gardiner Myers f041bdafdc More kops 1.23 updates 2021-08-28 11:54:39 -07:00
John Gardiner Myers 6655022ce1 Remove support for the Lyft CNI 2021-08-28 11:54:39 -07:00
Peter Rifel 53f7e3b089
Add integration test for cluster names beginning with a digit 
This will fail until we address each resource type generating terraform resource names that are purely the cluster name
 2021-08-27 12:56:58 -05:00
Ole Markus With 67b1ace14f Validate external-dns spec 2021-08-27 06:32:25 +02:00
Ole Markus With 0152c23c1e Remove externaldns feature flag 2021-08-27 06:30:01 +02:00
Ole Markus With ad16042a1f Add IPs to kubelet server cert 
Since AWS does not resolve instance hostnames to ipv6, ipv6-only pods that talk to kubelet API has to use node IP, not hostname. Thus we need to add IPs to kubelet server cert.
 2021-08-26 20:54:02 +02:00
justinsb 0214c81c89 Update kopeio test to test kopeio networking also 2021-08-15 01:08:59 -04:00
Kubernetes Prow Robot 799b9f4fdf
Merge pull request #12116 from johngmyers/beta-cloud 
Correct list of beta cloud providers
 2021-08-13 08:20:22 -07:00
John Gardiner Myers 4eb5d24e67 Correct list of beta cloud providers 2021-08-07 14:02:06 -07:00
Ole Markus With 0439bb0d76 Remove UseServiceAccountIAM feature flag and rename feature to UseServiceAccountExternalPermissions 2021-08-07 21:20:03 +02:00
Ole Markus With 887439952a Add ccm integration tests 2021-08-07 10:31:31 +02:00
Kubernetes Prow Robot d148cbed8d
Merge pull request #12049 from iGene/octavia_provider_option 
Add Option to Specify OpenStack Octavia Provider
 2021-08-04 01:33:24 -07:00
Justin SB 0b38591e11 Fix cluster list action 
Restoring the behaviour of `kops get cluster`, where it lists clusters
even if one is configured in kubeconfig.
 2021-07-30 13:53:55 +00:00
John Gardiner Myers 009e741b03 Rename for consistency 2021-07-28 20:21:54 -07:00
John Gardiner Myers 4ea591313f Use the passed-in io.Writer 2021-07-28 20:21:54 -07:00
John Gardiner Myers 224eb66169 Remove need for rootCommand to implement Factory 2021-07-28 20:21:53 -07:00
John Gardiner Myers 59f96b9352 Remove redundant printing of error message 2021-07-28 20:21:53 -07:00
John Gardiner Myers 4174430728 Remove rootCommand.Cluster() 2021-07-28 20:21:53 -07:00
John Gardiner Myers 085b43e420 Clean up "kops get secrets" 2021-07-27 21:33:52 -07:00
John Gardiner Myers 7fe9c95677 Add completion for "kops delete secret" 2021-07-27 21:32:05 -07:00
John Gardiner Myers 597192981d Clean up "create secret weavepassword" 2021-07-27 19:05:39 -07:00
John Gardiner Myers df325d28a3 Clean up "create secret encryptionconfig" 2021-07-27 19:05:39 -07:00
John Gardiner Myers a4b91dab0d Clean up "create secret dockerconfig" 2021-07-27 19:05:39 -07:00
John Gardiner Myers 0f5dcc2303 Clean up "create secret ciliumpassword" 2021-07-27 19:05:39 -07:00
Ching Kuo 3ac430731e Add Autocomplete for os-octavia-provider 
This commits adds autocomplete function for os-octavia-provider option
base on the list of available providers from OpenStack document.
 2021-07-28 08:44:15 +08:00
Ching Kuo 7fba614a3c Add Option to Specify OpenStack Octavia Provider 
In newer version of OpenStack, there are multiple octavia provider to
choose from instead of only "octavia" as provider. This commit added a
command line option "os-octavia-provider", enabling user to specify the
octavia provider that will be use to create load balancers.
 2021-07-27 15:15:17 +08:00
John Gardiner Myers cd1aa1ab53 Simplify FindSSHPublicKeys() interface 2021-07-24 09:01:22 -07:00
John Gardiner Myers 0b4345d3fd Split out "get sshpublickeys" command 2021-07-24 09:01:22 -07:00
John Gardiner Myers cddefc0a1f Simplify DeleteSSHCredential() interface 2021-07-24 09:01:21 -07:00
John Gardiner Myers 4bbed0339a Split out "delete sshpublickey" command 2021-07-24 09:01:21 -07:00
John Gardiner Myers d935a419f8 Simplify AddSSHPublicKey() interface 2021-07-24 08:59:57 -07:00
John Gardiner Myers de191e2366 Pull "create sshpublickey" into its own subcommand 2021-07-24 08:59:56 -07:00
John Gardiner Myers de64d287f0 Replace "kops describe keypair" with "kops get keypair -oyaml" 2021-07-22 16:47:59 -07:00
John Gardiner Myers 5670d56b5d Clean up "kops get keypairs" 2021-07-22 14:15:15 -07:00
John Gardiner Myers 1e4dee452e Implement completion for "kops get instances" 2021-07-22 14:15:09 -07:00
John Gardiner Myers 337377c163 Implement completion for "kops get instancegroups" 2021-07-22 13:57:13 -07:00
Kubernetes Prow Robot abfc62ae2f
Merge pull request #12028 from johngmyers/complete-get 
Implement completion for "kops get", part one
 2021-07-22 04:49:52 -07:00
John Gardiner Myers 070aa2ef34 Apply suggestions from code review 
Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2021-07-21 20:41:02 -07:00
Kubernetes Prow Robot 34ce86adf2
Merge pull request #12019 from johngmyers/catasks-nobootstrap 
Fix certificate bootstrap for non-kops-controller-bootstrap cloud providers
 2021-07-19 15:56:15 -07:00
John Gardiner Myers abd95d14f4 Implement completion for "kops get clusters" 2021-07-19 14:58:41 -07:00
John Gardiner Myers c68da24d21 Implement completion for "kops get assets" 2021-07-19 14:10:43 -07:00
John Gardiner Myers c312c19dcb Implement completion for "kops get" 2021-07-19 13:52:55 -07:00
Peter Rifel 5b62e73726
Add shell completion for `--target` 2021-07-19 08:35:36 -04:00
John Gardiner Myers f6b053de9d Report unknown feature flags as such 2021-07-18 16:24:04 -07:00
John Gardiner Myers e9fc12b4f3 Fix certificate bootstrap for non-kops-controller-bootstrap cloud providers 2021-07-18 13:37:19 -07:00
John Gardiner Myers e6ede8f4a9 Don't provision SSH key by default on AWS 2021-07-17 16:33:26 -07:00
John Gardiner Myers d572b2245d Implement completion for "kops toolbox instance-selector" 2021-07-15 23:37:54 -07:00
John Gardiner Myers 69b0117827 Implement completion for "kops toolbox template" 2021-07-15 22:59:14 -07:00
Kubernetes Prow Robot f24f12f84c
Merge pull request #11982 from johngmyers/bootstrap-keypairid 
Verify CA keypair IDs for kops-controller-issued certs
 2021-07-15 12:31:03 -07:00
John Gardiner Myers bf12934709 Clean up "kops toolbox instance-selector" 2021-07-14 14:36:37 -07:00
John Gardiner Myers b517ba687d Implement completion for "kops toolbox dump" 2021-07-14 14:36:37 -07:00
John Gardiner Myers 14320fb3b5 Clean up "kops toolbox" 2021-07-14 14:36:36 -07:00
Kubernetes Prow Robot e08fdb0c4e
Merge pull request #11987 from johngmyers/edit-set 
Change set and unset commands into flags on "kops edit cluster"
 2021-07-14 14:04:40 -07:00
John Gardiner Myers cac4d2c080 More "kops set" cleanup 2021-07-14 13:09:08 -07:00
John Gardiner Myers 191df58267 Verify CA keypair IDs for kops-controller-issued certs 2021-07-14 08:15:28 -07:00
John Gardiner Myers b892ed4235 Fix "kops export kubeconfig" 2021-07-13 22:06:11 -07:00
John Gardiner Myers 66024869a0 Implement "kops edit instancegroup --set" and "--unset" 2021-07-13 20:07:59 -07:00
John Gardiner Myers 8be10e96d0 Implement "kops edit cluster --set" and "--unset" 2021-07-13 20:07:24 -07:00
John Gardiner Myers 010aa2cf27 Minor Cobra cleanups 2021-07-13 13:00:48 -07:00
John Gardiner Myers 1f9f6fc8ce Clean up "kops replace" command 2021-07-13 13:00:32 -07:00
John Gardiner Myers 265e57bada Clean up gen-cli-docs 2021-07-13 13:00:26 -07:00
John Gardiner Myers 0167f689e3 Implement completion for "kops export kubeconfig" 2021-07-13 07:32:08 -07:00
John Gardiner Myers 3091b76ffc Clean up "kops export" 2021-07-13 07:32:08 -07:00
Kubernetes Prow Robot 46aafd55a8
Merge pull request #11980 from johngmyers/complete-edit 
Implement completion for "kops edit" commands
 2021-07-13 04:50:30 -07:00
John Gardiner Myers 3613695248 Fix use of pretty.Bash() 2021-07-12 20:38:47 -07:00
John Gardiner Myers be30a61983 Move EditorEnvs to pkg 2021-07-11 23:05:06 -07:00
John Gardiner Myers 23478734ae Give "edit instancegroup" parity with "edit cluster" 2021-07-11 23:00:08 -07:00
John Gardiner Myers 6eda65d9f7 Implement completion for "kops edit instancegroup" 2021-07-11 22:38:07 -07:00
John Gardiner Myers ea9678573e Implement completion for "kops edit cluster" 2021-07-11 22:10:43 -07:00
John Gardiner Myers b0b83ed125 Clean up "kops edit" 2021-07-11 22:07:02 -07:00
John Gardiner Myers 1c3947220e Add "kops trust keypair" command 2021-07-11 10:36:40 -07:00
Kubernetes Prow Robot 73b1bce020
Merge pull request #11975 from johngmyers/refactor-legacy 
Issue certs using CA KeypairID in NodeupConfig
 2021-07-11 01:56:47 -07:00
Kubernetes Prow Robot 3a68dd63f7
Merge pull request #11970 from johngmyers/complete-delete 
Implement completion for delete commands
 2021-07-11 01:10:46 -07:00
John Gardiner Myers 6f06661a68 Use narrower interface type 2021-07-10 23:23:12 -07:00
John Gardiner Myers 5a2aac4cfd Add "all" variants of key rotation commands 2021-07-10 05:51:31 -07:00
Kubernetes Prow Robot 0bc00046ad
Merge pull request #11964 from johngmyers/rotate-etcd 
Refactor keysets for etcd-manager
 2021-07-10 01:16:46 -07:00
John Gardiner Myers ea8cd3b758 Implement completion for "kops delete instancegroup" 2021-07-10 00:30:32 -07:00
John Gardiner Myers 56b57b5326 Implement completion for "kops delete instance" 2021-07-10 00:30:32 -07:00
John Gardiner Myers b16b742b05 Implement completion for "kops delete cluster" 2021-07-10 00:30:32 -07:00
John Gardiner Myers c864dc02ca Clean up "kops delete -f" 2021-07-10 00:30:31 -07:00
John Gardiner Myers 5095ae93fd Remove -rc.0 k8s versions from completion 2021-07-10 00:30:31 -07:00
Kubernetes Prow Robot db90029595
Merge pull request #11957 from johngmyers/complete-create-more 
Implement completion for "kops create instancegroup"
 2021-07-10 00:28:46 -07:00
John Gardiner Myers 62d5f0ca7a Suppress usage for errors returned from RunE 2021-07-09 19:55:46 -07:00
John Gardiner Myers 8c1e5fd91a Add missing newline 2021-07-09 00:24:02 -07:00
John Gardiner Myers d865df6775 Don't include distrusted keypairs unless specifically asked to 2021-07-09 00:24:01 -07:00
John Gardiner Myers 95665f45c6 Include serial number in Subject of created keypairs 2021-07-09 00:24:01 -07:00
John Gardiner Myers 0e25ceaadd Change "kubernetes-ca" to have that in the CN 2021-07-09 00:12:30 -07:00
John Gardiner Myers 79984bf76e Don't put extraneous "cn=" in CN when creating keypair 2021-07-08 21:57:47 -07:00
John Gardiner Myers c35d101a89 Refactor keysets for etcd-manager 2021-07-08 18:46:03 -07:00
John Gardiner Myers 9cb7e75be5 Implement completion for "kops create instancegroup" 2021-07-08 12:26:14 -07:00
John Gardiner Myers ae9c7a66e7 Implement remaining completion for "kops create cluster" 2021-07-08 06:04:27 -07:00
John Gardiner Myers 6d16c13f24 Implement some completion for "kops create cluster" 2021-07-06 08:16:44 -07:00
John Gardiner Myers dbf4f23654 Fix completion of instancegroups when cluster argument provided 2021-07-06 07:36:54 -07:00
John Gardiner Myers 13bfa283cf Implement completion for "kops create -f" 2021-07-06 07:36:54 -07:00
Kubernetes Prow Robot 7a22c9c5fa
Merge pull request #11935 from olemarkus/manyaddons-no-oidc 
Remove unused golden files from manyaddons test
 2021-07-06 01:36:18 -07:00
Kubernetes Prow Robot 97cd19f2fd
Merge pull request #11927 from johngmyers/complete-validate 
Implement completion for validate and upgrade
 2021-07-06 00:54:18 -07:00
Ole Markus With 735d9a898c Remove unused golden files from manyaddons test 2021-07-06 08:52:56 +02:00
Kubernetes Prow Robot 118c9d7b61
Merge pull request #11932 from johngmyers/remove-dead-files 
Remove obsolete files
 2021-07-05 23:50:18 -07:00
John Gardiner Myers 9c83afb739 Remove obsolete files 2021-07-05 23:11:17 -07:00
John Gardiner Myers abf8e268cd Implement completion for "kops upgrade cluster" 2021-07-05 11:26:33 -07:00
John Gardiner Myers dedf53fd16 Implement completion for "kops validate cluster" 2021-07-05 11:26:33 -07:00
John Gardiner Myers 4771f606a0 Implement completion for "kops update cluster" 2021-07-05 09:18:37 -07:00
John Gardiner Myers e7407b1b56 Clean up "kops version" 2021-07-05 09:18:37 -07:00
Kubernetes Prow Robot 0e351edb4c
Merge pull request #11924 from johngmyers/more-completions 
Implement completion for "kops rolling-update cluster"
 2021-07-05 02:48:55 -07:00
John Gardiner Myers 75f3974f47 Use all-caps for metasyntactic arguments 2021-07-03 23:00:41 -07:00
John Gardiner Myers e3451030ff Implement completion for "kops rolling-update cluster" 2021-07-03 22:57:15 -07:00
John Gardiner Myers ba7641b97d Include completion descriptions for keypairs 2021-07-03 19:52:53 -07:00
John Gardiner Myers 921d09523e Rename the "ca" keyset to "kubernetes-ca" 2021-07-03 17:33:13 -07:00
Kubernetes Prow Robot f66081b414
Merge pull request #11904 from johngmyers/get-keypairs-times 
Improve "kops get keypairs"
 2021-07-02 04:58:12 -07:00
Kubernetes Prow Robot 6689850ebc
Merge pull request #11906 from johngmyers/refactor-aggregator 
Refactor apiserver-aggregator-ca
 2021-07-01 23:32:13 -07:00
John Gardiner Myers 1e0c6cb1aa Refactor apiserver-aggregator-ca 2021-07-01 22:25:47 -07:00
John Gardiner Myers 52fd5ac51a Use Cobra's built-in completion command 2021-07-01 13:04:39 -07:00
John Gardiner Myers d0f20f367d Improve "kops get keypairs" 2021-07-01 08:05:07 -07:00
Kubernetes Prow Robot 39b67210f8
Merge pull request #11897 from johngmyers/refactor-etcd-ca 
Refactor etcd-clients-ca keyset for api-server
 2021-06-30 23:37:55 -07:00
John Gardiner Myers ac1cf0b0ee Implement completion for "kops distrust keypair" 2021-06-30 21:25:47 -07:00
John Gardiner Myers 3de05a500e Refactor etcd-clients-ca keyset for api-server 2021-06-30 18:55:30 -07:00
Kubernetes Prow Robot 6e9b108d16
Merge pull request #11892 from johngmyers/complete-promote 
Implement completion for "kops promote keypair"
 2021-06-29 20:43:03 -07:00
John Gardiner Myers d8e592c421 Implement completion for "kops promote keypair" 2021-06-29 19:47:05 -07:00
Kubernetes Prow Robot 52afacd05c
Merge pull request #9621 from johngmyers/tf-managed 
Render managed files with Terraform
 2021-06-29 19:27:03 -07:00
John Gardiner Myers 22b8ad2d48 Implement completion for "kops create keypair" 2021-06-28 23:26:47 -07:00
John Gardiner Myers 3981711af8 Adjust integration tests 2021-06-28 13:48:34 -07:00
Kubernetes Prow Robot 1bed90a030
Merge pull request #11877 from johngmyers/rotate-cilium 
Allow rotation of etcd-clients-ca-cilium
 2021-06-28 10:42:08 -07:00
Kubernetes Prow Robot ee048e89e7
Merge pull request #11872 from johngmyers/refactor-serviceaccount 
Refactor nodeup APIServer builder, part one
 2021-06-28 10:42:01 -07:00
Ciprian Hacman c8860412f0 Add support for darwin/arm64 on the client-side 2021-06-28 10:18:28 +03:00
John Gardiner Myers 26a5aa179b Improve completion for kops root command 2021-06-27 21:51:15 -07:00
John Gardiner Myers 97583261f8 Allow rotation of etcd-clients-ca-cilium 2021-06-27 12:49:08 -07:00
John Gardiner Myers 3caa6ef5b8 Improve "kops distrust keypair" command 2021-06-27 11:16:34 -07:00
Kubernetes Prow Robot 61778b1fd9
Merge pull request #11845 from johngmyers/mark-deleted 
Retain deleted keypairs
 2021-06-27 10:11:24 -07:00
John Gardiner Myers e1df9f09dd Refactor service-account public keys 2021-06-27 08:45:06 -07:00
Kubernetes Prow Robot 22c11c10f1
Merge pull request #11848 from johngmyers/cilium-etcd-client 
Refactor etcd-client-cilium secrets
 2021-06-27 04:01:24 -07:00
John Gardiner Myers 4a47614e62 Simplify config server protocol 2021-06-26 09:56:47 -07:00
John Gardiner Myers 2faf28379a Refactor etcd-client-cilium secrets 2021-06-25 23:57:23 -07:00
John Gardiner Myers 1752f0f4db Move most of nodeup.Config out of userdata 2021-06-25 22:25:49 -07:00
Ole Markus With 0588986841 Make it simpler to spot missing files in integration tests 2021-06-25 13:25:32 +02:00
John Gardiner Myers cd48f10de5 Rename "kops delete keypair" to "kops distrust keypair" 2021-06-24 19:19:43 -07:00
John Gardiner Myers 584aa56b6b Retain deleted keypairs 2021-06-24 19:03:29 -07:00
Kubernetes Prow Robot d5119c0338
Merge pull request #11833 from johngmyers/update-on-primary-change 
Mark nodes NeedsUpdate when keys they use change
 2021-06-22 08:11:58 -07:00
Kubernetes Prow Robot d869f2d5ea
Merge pull request #11835 from johngmyers/promote 
Add 'kops promote keypair' command
 2021-06-22 00:31:57 -07:00
Kubernetes Prow Robot 364fe4ca86
Merge pull request #11708 from johngmyers/refactor-assets 
Limit concurrency of asset copy tasks
 2021-06-21 23:13:58 -07:00
John Gardiner Myers 5423e18b56 Add 'kops promote keypair' command 2021-06-21 20:58:51 -07:00
John Gardiner Myers d5cea85f7c Use stable keyset IDs 2021-06-21 16:10:06 -07:00
John Gardiner Myers ca8c6d6828 Extract duplicated code to method 2021-06-21 13:35:33 -07:00
John Gardiner Myers c904c743da Remove 'kops import' 2021-06-21 07:34:29 -07:00
John Gardiner Myers 002a1f7fd3 Remove 'kops toolbox convert-imported' 2021-06-21 07:34:29 -07:00
Kubernetes Prow Robot ab0ee8a2a9
Merge pull request #11823 from johngmyers/get-keypairs-2 
Improve the output of 'kops get keypairs'
 2021-06-21 02:19:10 -07:00
Kubernetes Prow Robot 21488a164d
Merge pull request #11822 from johngmyers/rotate-issue 
Support creating new service-account keypairs
 2021-06-21 01:32:59 -07:00
Kubernetes Prow Robot eb7ba5e943
Merge pull request #9229 from johngmyers/version-fullcluster 
Put versioned API of cluster into state store
 2021-06-21 01:32:52 -07:00
John Gardiner Myers 1ed3619362 Improve the output of 'kops get keypairs' 2021-06-20 15:51:09 -07:00
John Gardiner Myers 12d536d3a3 Refactor 'kops delete keypair' 2021-06-20 15:09:15 -07:00
John Gardiner Myers 896330be88 Create fi.NewKeyset() 2021-06-20 14:09:46 -07:00
John Gardiner Myers 3ca8b95005 Support creating new service-account keypairs 2021-06-20 14:09:24 -07:00
John Gardiner Myers bf5176e1bf Remove create_keypair.go to make following diff readable 2021-06-20 14:06:44 -07:00
Ciprian Hacman e347841aa3 Add integration test for Warm Pool images 2021-06-20 23:01:52 +02:00
Kubernetes Prow Robot e4eff07c81
Merge pull request #11809 from johngmyers/rotate-5 
Include multiple cluster CAs in trust stores
 2021-06-20 13:20:51 -07:00
John Gardiner Myers 72ba687744 Split out get, describe, and delete keypairs commands 2021-06-19 13:36:11 -07:00
John Gardiner Myers c337d217ba Refactor kops-controller to use FindPrimaryKeypair and use consistent filenames 2021-06-19 10:56:29 -07:00
John Gardiner Myers 07474c6d30 Fix CA keys for all integration tests 2021-06-19 10:50:53 -07:00
Ole Markus With 507402e315 Fail early if policy size is too large 
This will then also be caught by integration tests
 2021-06-19 10:04:11 +02:00
John Gardiner Myers 42dc659aaa Allow "create keypair ca" to omit certificate 2021-06-18 10:41:54 -07:00
John Gardiner Myers ae6950711f Allow omitting private key for secondary certs 2021-06-18 10:41:40 -07:00
John Gardiner Myers af74e75382 Allow adding secondary keyset items 2021-06-18 10:41:37 -07:00
John Gardiner Myers 9861009759 Extract receiver for keyset item addition 2021-06-18 10:36:35 -07:00
John Gardiner Myers 3793c92b94 Remove "secret" from "kops create secret keypair ca" 2021-06-18 10:36:19 -07:00
John Gardiner Myers 53695fc183 Put versioned API of cluster into state store 2021-06-16 19:33:46 -07:00
Kubernetes Prow Robot 4cd3b58e37
Merge pull request #11763 from johngmyers/ipv6-access 
Make the AdminAccess default inclusive of IPv6
 2021-06-14 23:30:01 -07:00
John Gardiner Myers 1356818d83 Make the AdminAccess default inclusive of IPv6 2021-06-14 21:51:17 -07:00
John Gardiner Myers cab389f2f5 Rename --override to --set 2021-06-14 14:01:18 -07:00
John Gardiner Myers 76fc012f96 Allow unsetting fields from the command line 2021-06-14 08:52:32 -07:00
Ciprian Hacman 2a11fa7dde Add --ipv6 experimental cli flag 2021-06-13 21:48:46 +02:00
Ciprian Hacman fcfba36b14 Pre-add integration test for creating an IPv6 cluster 2021-06-13 13:09:40 +02:00
John Gardiner Myers 09259ad30f Remove unused field 2021-06-12 16:05:53 -07:00
Kubernetes Prow Robot b71ba1d566
Merge pull request #11219 from johngmyers/refactor-keypair 
Refactor keypair code in preparation for secret rotation
 2021-06-12 14:25:00 -07:00
Kubernetes Prow Robot cfc93e5178
Merge pull request #9294 from johngmyers/refactor-nodeup-context 
Remove InstanceGroup from NodeupModelContext
 2021-06-12 13:43:01 -07:00
John Gardiner Myers a983c65a48 Move assettasks to pkg/assets 2021-06-06 23:16:02 -07:00
John Gardiner Myers 3622ee3c14 Move asset copying logic to pkg 2021-06-06 21:17:50 -07:00
John Gardiner Myers e0915887ed Move asset copying out of apply_cluster 2021-06-05 21:17:50 -07:00
John Gardiner Myers fa77f8b964 Rename fi.Keystore.StoreKeypair to StoreKeyset 2021-06-05 16:38:26 -07:00
John Gardiner Myers 2300d89591 Rename pki.FindKeypair to FindPrimaryKeypair 2021-06-05 16:38:26 -07:00
John Gardiner Myers ed1f6ff79e Refactor StoreKeypair and AddCert 2021-06-05 16:38:25 -07:00
John Gardiner Myers 0364a3af25 Refactor FindKeypair interfaces 2021-06-05 16:38:24 -07:00
John Gardiner Myers eb09d31a3c Pass AuxConfig to nodeup 2021-06-03 21:04:21 -07:00
John Gardiner Myers 326a4beb49 Don't describe CloudLabels as being AWS-specific 2021-06-01 23:32:22 -07:00
John Gardiner Myers 0e775023ac Use more consistent terminology 2021-05-30 10:06:25 -07:00
John Gardiner Myers e498c33da3 More "container" to "image" renaming 2021-05-29 16:44:10 -07:00
John Gardiner Myers 95aa3fd13e Rename "DockerImage" to "DownloadLocation" 2021-05-29 16:40:56 -07:00
John Gardiner Myers 34c6f7f295 Rename "ContainerAssets" to "ImageAssets" 2021-05-29 16:36:55 -07:00
John Gardiner Myers 4c2508b6ec Add "kops get assets" command 2021-05-28 21:33:46 -07:00
John Gardiner Myers 3f24a29cca Change toolbox template flag for consistency 2021-05-27 20:42:16 -07:00
Kubernetes Prow Robot fe7d6e5516
Merge pull request #11442 from hakman/ipv6 
Add initial support for configuring IPv6 with AWS
 2021-05-18 21:02:50 -07:00
Ciprian Hacman c08d0e2bdf Pre-add AWS IPv6 integration test 2021-05-18 08:56:16 +03:00
John Gardiner Myers dd605fdbc3 Subsume StatusStore into fi.Cloud 2021-05-15 17:39:32 -07:00
Peter Rifel 640fd531c6
Add gossip integration test 2021-05-12 17:21:01 -05:00
Ciprian Hacman 54961e4ae5 Create new clusters without forcing a container runtime 
Decide which container runtime to use later in model, based on Kubernetes version and other settings.
 2021-05-09 21:43:58 +03:00
John Gardiner Myers d3469d6ec2 Remove code for no-longer-supported k8s versions 2021-05-07 23:40:03 -07:00
John Gardiner Myers 8823f30ad7 Recognize the ServiceAccountIssuerDiscovery featue gate 2021-05-06 08:57:37 -07:00
John Gardiner Myers a79da8ee86 Don't use PublicJWKS in TestAWSLBController 2021-05-06 00:11:23 -07:00
Kubernetes Prow Robot b054fb37b7
Merge pull request #11016 from olemarkus/irsa-custom 
user-configurable IAM roles for ServiceAccounts
 2021-05-02 11:16:01 -07:00
Ciprian Hacman 62c47d23d4 Add integration test for etcd 2021-05-02 08:48:46 +03:00
Ole Markus With 6f8b3647cf Add support for IRSA in he api 
Apply suggestions from code review

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-05-01 16:03:42 +02:00
Ole Markus With 5ca7c9b5d7 Use VFS as service account issuer if configured 
Also add an integration test that uses VFS
 2021-04-30 21:02:30 +02:00
Kenji Kaneda 71f52363f8 Add a lifecycle test for GCE 
- Move MockGCECloud to cloudmock/gce.
- Change Compute() and CloudDNS() of GCECloud to return interfaces
  for mocking
 2021-04-26 13:05:27 -07:00
Kubernetes Prow Robot 0d9e2e7bb4
Merge pull request #11184 from cloudnatix/kenji/gcp 
Add GCE Router task
 2021-04-24 00:37:15 -07:00
Kenji Kaneda f37330f53d Add GCE Router task 
This commit picks up the change from the previous attempt
(https://github.com/kubernetes/kops/pull/6828).

- Add Router to GCE tasks
- Add the HasExternalIP field to InstanceTemplate
- Create a RouterTask and set HasExternalIP to false when
  a private topology is specified.

https://github.com/kubernetes/kops/issues/6827
 2021-04-23 23:03:38 -07:00
ebarped 44500b5b8d create.go: add --name to kops update cluster command 2021-04-23 10:57:18 +02:00
Jason Haugen cceb9dd296 lifecycle integ test, docs, & small cleanup 2021-04-19 15:43:06 -05:00
Jason Haugen 10df4a9a14 integ tests 2021-04-19 15:43:05 -05:00
Kubernetes Prow Robot 5aa8a31819
Merge pull request #11227 from olemarkus/warm-roll 
Give kOps CLI knowledge about ASG warm pools
 2021-04-15 09:46:07 -07:00
Kubernetes Prow Robot 2f1c8f3969
Merge pull request #11186 from integrii/patch-1 
Update kops_create_secret_dockerconfig.md
 2021-04-15 05:55:50 -07:00
Ole Markus With 09615935fd Make kOps CLI handle ASG warm pools 2021-04-15 11:10:23 +02:00
Ciprian Hacman 6c284a886b Apply suggestions from code review 2021-04-15 11:42:27 +03:00
Eric Greer 21c6007e71 Update kops_create_secret_dockerconfig.md 
Today we were implementing an authenticated docker user, but it was unclear how exactly to do that.  We learned that simply making this secret within kops was all that was needed for the docker config to start appearing on newly built nodes.  It would be nice if the documentation here reflected that.  It would have saved us some time.
 2021-04-15 11:30:54 +03:00
Barry Melbourne 1a60629d38 Update Docker to v20.10.5 2021-04-11 19:26:46 +01:00
Ole Markus With dbd23473ef Add irsa support for awslbcontroller 
This commit also introduces support for adding token projection volumes for well-known SAs.
Slightly less complicated than explicitly parsing the objects for a manifest
 2021-04-04 21:24:07 +02:00
Kubernetes Prow Robot f733db7e33
Merge pull request #11175 from olemarkus/aws-lb-controller-test 
Add integration test for aws lb controller
 2021-04-04 11:30:12 -07:00
Ole Markus With 1e3674e896 Add integration test for aws lb controller 2021-04-04 19:46:09 +02:00
Kubernetes Prow Robot 6bb9355361
Merge pull request #11152 from olemarkus/apiserver-cli-flags 
Allow setting dedicated apiserver node count from create cluster cmd
 2021-04-03 22:32:14 -07:00
Justin Santa Barbara e34d9bb579 Expand flag help on --user flags 
It wasn't entirely clear to me that this had to be the name of a user
kubeconfig section.
 2021-03-27 13:41:10 -04:00
Ole Markus With c6e5c4364d Allow setting dedicated apiserver node count from create cluster cmd 2021-03-27 08:59:45 +01:00
Kubernetes Prow Robot 155b765083
Merge pull request #11048 from bharath-123/fix/toolbox-cmd 
Remove instance-selector label
 2021-03-24 04:36:08 -07:00
Justin SB c75e084158 Re-add integration tests for jwks 
We removed them from #10756, but they can be re-added.
 2021-03-20 22:55:11 -04:00
Ole Markus With 20bd724f5e Add support for scaling out the control plane with dedicated apiserver nodes 
Ensure apiserver role can only be used on AWS (because of firewalling)

Apply api-server label to CP as well

Consolidate node not ready validation message

Guard apiserver nodes with a feature flag

Rename Apiserver role to APIServer

Add an integration test for apiserver nodes

Rename Apiserver role to APIServer

Enumerate all roles in rolling update docs

Apply suggestions from code review

Co-authored-by: Steven E. Harris <seh@panix.com>
 2021-03-20 20:57:00 +01:00
Peter Rifel 7c900b7fae Generate and upload keys.json + discovery.json to public store 
Generate and upload keys.json + discovery.json to public store

Don't enable anonymous auth on publicjwks

Remove tests that won't work using FS VFS anymore
 2021-03-19 20:03:26 +01:00
Bharath Vedartham 90ea91b5cb remove instance-selector label 2021-03-16 23:59:56 +05:30
Kubernetes Prow Robot 9dfbd03fa6
Merge pull request #11046 from hakman/channels-arm64 
Add channels entries for image architecture
 2021-03-15 12:16:34 -07:00
Ciprian Hacman 55f8c70779 Add channels entries for image architecture 2021-03-15 20:36:37 +02:00
Peter Rifel ce073593da
cluster validation - allow flapping of validation errors 
Previously with --wait if a cluster successfully validated and then a subsequent validation failed
(perhaps due to a new critical pod being scheduled and not being ready) we would previously fail the `validate cluster` command immediately.

This will now reset the success counter that approaches --count, allowing validation attempts to continue until we timeout from --wait.

I'm hoping this fixes prow job failures like this: https://prow.k8s.io/view/gs/kubernetes-jenkins/logs/e2e-kops-grid-u1804-k18-containerd/1370875829445201920

where `kops validate cluster --count 10 --wait 15m` was invoked at `23:15:48` but exited with failure at `23:22:59`.
In my opinion, `kops validate cluster --count 10 --wait 15m` should only ever exit with failure if the 15 minute timeout has been reached.
 2021-03-14 09:05:58 -05:00
Bharath Vedartham 0c0767c0c9 Remove support for launch configurations 2021-03-09 09:04:15 +02:00
Barry Melbourne 659bfa0daf Update Controller Runtime Go module to v0.8.2 2021-02-25 20:34:12 +00:00
Ciprian Hacman 4f70c4237c Update mock to v1.21.0-alpha.1 2021-02-16 14:19:58 +02:00
Ole Markus With 73a9ec7372 Fix kdi 'must specify' error 2021-02-15 11:36:11 +01:00
Kubernetes Prow Robot 63baa5b579
Merge pull request #10752 from rifelpet/lifecycle-integration-test 
Add overrides testing in lifecycle integration tests
 2021-02-11 00:56:16 -08:00
Kubernetes Prow Robot 4507be8e13
Merge pull request #10469 from justinsb/boot_nodes_from_kops_controller 
Boot nodes without state store access
 2021-02-08 11:28:19 -08:00
Peter Rifel dd1ebb8b77
Add overrides support in lifecycle integration tests 
This allows specific changes to be tested during an `update cluster --yes` and ensuring a subsequent `update cluster` dryrun correctly reports no changes.

To specify changes, create a cluster.overrides.txt or instancegroup.<name>.overrides.txt file in the update_cluster integration test's directory.
Each line is a field=value format, each batch of changes is separated by a `---` line.
Each batch will be ran through `update cluster --yes`
 2021-02-06 23:18:15 -06:00
Bharath Vedartham 515fbf1c1c set_cluster: Remove unused instanceGroup parameter from setClusterFields 2021-01-30 14:31:49 +05:30
Ciprian Hacman 46aa146b31 Add integration tests for older Kubernetes versions 2021-01-29 14:33:36 +02:00
Kubernetes Prow Robot 3d39be7721
Merge pull request #10661 from hakman/etcd-manager-defaults 
Update AWS etcd-manager volumes defaults
 2021-01-28 22:01:41 -08:00
Peter Rifel 2d8bfc040b
Allow SSH user to be overridden for `toolbox dump` 2021-01-28 19:47:22 -06:00
Ciprian Hacman fcea4f5b08 Set default volume encryption to "true" for etcd-manager volumes in AWS 2021-01-26 11:29:27 +02:00
Kubernetes Prow Robot f055dd561c
Merge pull request #10593 from gabrieljackson/set-instancegroup-cmd-redux 
Add `set instancegroup` command
 2021-01-25 05:16:54 -08:00
Gabe Jackson b1282f2591 Correct command help text 2021-01-24 21:19:13 -05:00
Ciprian Hacman 7aeb8c2af3 Add back support for kubenet style networking with containerd 2021-01-24 21:16:45 +02:00
Barry Melbourne 337c9c4c66 Set default container runtime to containerd 2021-01-16 14:55:35 +00:00
Gabe Jackson e90050f134 Add `set instancegroup` command 
This change adds a new command and functionality for updating
instance group configuration via command line arguments. This
behavior mimics the `set cluster` command.
 2021-01-15 12:19:26 -05:00
Ciprian Hacman e20900a2de Add CF integration test for gp3 volumes 2021-01-15 09:53:10 +02:00
Barry Melbourne f2ecb5c153 Upgrade Go v1.15.6 / Bazel v3.4.1 2021-01-10 18:13:12 +00:00
Justin SB 4ac9d5c17b Boot nodes without state store access 
kops-controller can now serve the instance group & cluster config to
nodes, as part of the bootstrap process.

This enables nodes to boot without access to the state
store (i.e. without S3 / GCS / etc permissions)

Feature-flagged behind the KopsControllerStateStore feature-flag.
 2021-01-09 13:08:48 -05:00
Ciprian Hacman a7bb949936 Add possibility to set volume throughput for gp3 volumes 2021-01-05 13:18:32 +02:00
Ciprian Hacman c02e5a20ea Remove support for Kubenet with containerd 2020-12-27 18:21:16 +02:00
Kubernetes Prow Robot b5afd1d6c4
Merge pull request #10473 from hakman/custom-container-runtime-package 
Add config options for container runtime package URL and Hash
 2020-12-23 04:48:28 -08:00
Ciprian Hacman ff6a782303 Add config options for container runtime package URL and Hash 2020-12-23 13:29:22 +02:00
Kenji Kaneda a61caea8d2 Add Azure support 
This commit contains all changes required to support Azure
(https://github.com/kubernetes/kops/issues/3957).
 2020-12-21 08:27:54 -08:00
Ole Markus With 24c9d03477 Use helm's merging of vaulefiles and files 2020-12-16 22:18:58 +01:00
Ole Markus With b6a07c16fe Replace template text with something that builde the entire context 2020-12-16 22:18:58 +01:00
Ole Markus With 64334eba00 Bump helm to v3 2020-12-16 22:18:56 +01:00
Kubernetes Prow Robot 54a5f4e7f0
Merge pull request #10369 from olemarkus/tf-channels 
Template functions for recommended kubernetes versions
 2020-12-15 05:41:48 -08:00
Ole Markus With 4fa6f56ecd Use the kubernetes-sigs version of yaml 2020-12-15 10:38:01 +01:00
Ole Markus With 5fe948bb5c Add template function for preferred version 2020-12-15 08:53:30 +01:00
Ciprian Hacman e11d934268 Add option to reuse existing Elastic IPs for NAT gateways 2020-12-06 09:37:17 +02:00
Kubernetes Prow Robot 0f9c0c03ef
Merge pull request #10365 from hakman/test-ha-shared-zone 
Add integration test for creating an HA cluster in shared zone
 2020-12-04 14:15:26 -08:00
Rodrigo Menezes 3fb12c66ae gzip and base64 encode the heredocs in the nodeup.sh portion of user-data 2020-12-04 10:46:18 -08:00
Ciprian Hacman afbb6475fe Add integration test for creating an HA cluster in shared zone 2020-12-04 20:16:38 +02:00
Ciprian Hacman 2d9d43ab39 Fix multi-arch image pushing 2020-11-19 07:57:30 +02:00
Kubernetes Prow Robot 42e189605a
Merge pull request #10265 from hakman/docker-manifest 
Push multi-arch images
 2020-11-18 12:08:06 -08:00
Kubernetes Prow Robot fe07c9a20a
Merge pull request #10240 from hakman/bazel-0.24.7 
Update Bazel rules for Go to v0.24.7
 2020-11-18 08:58:05 -08:00
Ciprian Hacman 78c28288a2 Push multi-arch images 2020-11-18 16:52:27 +02:00
Ole Markus With 2659a30280 Make get instances respect needs-update annotation 
Make it possible for addons to set needs-update annotation

Use onDelete update strategy for cilium and set needs-update annotation

Rename node roles
 2020-11-16 08:26:17 +01:00
Ciprian Hacman 924ab9effa Update Bazel rules for Go to v0.24.7 2020-11-15 12:32:24 +02:00
Kubernetes Prow Robot 01b17be97e
Merge pull request #10221 from eddycharly/fix-validation 
Fix cluster validation dependency on local kubeconfig
 2020-11-14 14:17:03 -08:00
Ciprian Hacman 3ca128d5ef make gen-cli-docs 2020-11-14 16:02:59 +02:00
axpraka ab05d1873b
Update cmd/kops/root.go 
Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>
 2020-11-14 08:24:15 -05:00
axpraka cb53f89c22 kops as kOps for document 
Updated kops as kOps for document.
 2020-11-13 23:45:11 -05:00
Charles-Edouard Brétéché 116af0c74b pass host only instead of the whole config 2020-11-12 08:37:51 +01:00
Charles-Edouard Brétéché 709e1b6cbd Fix cluster validation dependency on local kubeconfig 2020-11-11 21:11:54 +01:00
John Gardiner Myers cddd30c184 Update validate cluster cli docs 2020-11-11 09:31:18 -08:00
Ole Markus With d24d9e05ba Upgrade helm to 2.17 and use the helm.sh reference 2020-11-07 21:09:08 +01:00
Christian Joun e91ed11449
Implement API load balancer class with NLB and ELB support on AWS (#9011) 
* refactor TargetLoadBalancer to use DNSTarget interface instead of LoadBalancer

* add LoadBalancerClass fields into api

* make api machinery

* WIP: Implemented API loadbalancer class, allowing NLB and ELB support on AWS for new clusters.

* perform vendoring related tasks and apply fixes identified from hack/

dissallow spotinst + nlb
remove reflection in status_discovery.go
Add precreated additional security groups to the Master nodes in case of NLB
Remove support for attaching individual instances to NLB; only rely on ASG attachments
Don't specify Classic loadbalancer in GCE integration test

* add utility function to the kops model context to make LoadBalancer comparisons simpler

* use DNSTarget interface when locating DNSName of API ELB

* wip: create target group task

* Consolidate TargetGroup tasks

* Use context helper for determining api load balancer type to avoid nil pointers

* Update NLB creation to use target group ARN from separate task rather than creating a TG in-line

* Address staticcheck and bazel failures

* Removing NLB Attachment tasks because they're not used since we switched to defining them as a part of the ASGs

* Address PR review feedback

* Only set LB Class field for AWS clusters, fix nil pointer

* Move target group attributes from NLB task to TG task, removing unused attributes

* Add terraform and cloudformation support for NLBs, listeners, and target groups

* Update integration test for NLB support

* Fix NLB name format to pass terraform validation

* Preserve security group rule names when switching ELB to NLB to reduce destructive terraform changes

* Use elbv2 enums and address some TODOs

* Set healthcheck values in target group

* Find TG tags, fix NLB name detection

* Fix more spurious changes reported by lifecycle integration test

* Fix spotinst validation, more code cleanup

* Address more PR feedback

* ReconcileTargetGroups unit test + more code simplification

* Addressing PR feedback Renaming task 1. awstasks.LoadBalancer -> awstasks.ClassicLoadBalancer

* Addressing PR feedback Renaming task: ELBName() -> CLBName() / LinkToELB() -> LinkToCLB()

* Addressing PR feedback: Various text changes

* fix export of kubecfg

* address TargetGroup should have the same name as the NLB

* should address error when fetching tags due to missing ARN

* Update expected and crds

* Add feature table to NLB docs

* Address more feedback and remove some TODOs that arent applicable anymore

* Update spotinst validation error message

Co-authored-by: Peter Rifel <pgrifel@gmail.com>
 2020-11-02 05:28:52 -08:00
Peter Rifel 7d5a39974f
Add lifecycle integration tests for complex and externallb clusters 2020-10-30 10:06:36 -05:00
Kubernetes Prow Robot b7f66a6d98
Merge pull request #10109 from bmelbourne/set-minimum-terraform-0.12 
Set minimum Terraform version to 0.12.26/0.13.0
 2020-10-29 01:52:58 -07:00
Barry Melbourne 84417c330b Set minimum Terraform version to 0.12.26/0.13.0 2020-10-28 20:24:41 +00:00
Ciprian Hacman f69ffeaa63 Update cluster and state store names in CLI docs 2020-10-28 18:22:53 +02:00
Kubernetes Prow Robot d739bae871
Merge pull request #10106 from johngmyers/tf-json 
Remove dependency of TerraformJSON feature flag
 2020-10-26 07:23:01 -07:00
Justin SB e03bb72c2c Default to exporting a kubecfg, even without credentials 
We do log a hint for the user when we have exported an empty kubecfg,
but this now supports the "current cluster" UX.

Issue #9990
 2020-10-25 14:30:32 -04:00
John Gardiner Myers f92d486197 Remove dependency of TerraformJSON feature flag 2020-10-25 10:49:59 -07:00
Kubernetes Prow Robot fbb172c08c
Merge pull request #9575 from johngmyers/node-labels 
Take node labels from cloud tags on AWS
 2020-10-23 04:01:45 -07:00
Nicolas Vanheuverzwijn b0fd89a193 upgrade-cluster: test that new image in stable or alpha channel will receive automated update 2020-10-14 10:14:47 -04:00
Ole Markus With b122d0e3ba Fix nil pointer when deleting instance 2020-10-13 13:23:22 +02:00
Ole Markus With 466dcd001e Apply suggestions from code review 
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-10-09 08:27:08 +02:00
Ole Markus With 809aa93634 Make use of kubelet service certificate 2020-10-09 08:27:08 +02:00
Ole Markus With aa66c4f6d8 Add rolling upgrade to openstack 2020-10-01 20:07:44 +02:00
Ole Markus With 7c8ff94631 Make setupmockopenstack standalone 2020-10-01 19:15:39 +02:00
Kubernetes Prow Robot d6f60b9ee5
Merge pull request #9981 from olemarkus/cleanup-cloud-2 
More removals of BuildCloud
 2020-10-01 05:18:54 -07:00
Kubernetes Prow Robot 257f85962e
Merge pull request #9974 from olemarkus/cleanup-rolling-update-ctx 
Set ctx and cluster on the rolling update struct instead of passing it around everywhere
 2020-09-27 02:24:48 -07:00
Derrik Campau ca70ac2203 Fix small typo in create cluster help output 
Fixes typo in cmd/kops/create_cluster.go and
docs/cli/kops_create_cluster.md where example output had filename.yamlh,
changed to filename.yaml
 2020-09-26 14:45:03 -07:00
Ole Markus With 5df2d2adbd Fix nil pointer when instance has not joined the cluster 2020-09-24 20:31:19 +02:00
Ole Markus With 1d922af364 Pass cloud into populate cluster 2020-09-24 07:22:13 +02:00
Ole Markus With 1a905d2063 Pass cloud into ApplyCluster 2020-09-23 19:57:43 +02:00
Ole Markus With 63f13322d5 Don't pass ctx and cluster everywhere 2020-09-23 08:30:24 +02:00
Ole Markus With 7bc17f4b1f Build cloud outside of PerformAssignments 
We tend to build cloud, call some method, and then build cloud over
again. It would be easier to just pass the first one along.

Passing along cloud would also make it easier to mock cloud.
 2020-09-23 07:54:28 +02:00
Ole Markus With 31ee079c7b Improve kops get instances when api is unavailable 
When the api is unavailable, kops will say all the nodes have not yet
joined the cluster. That is not the case simply because e.g the admin
credentials have been expired. This PR makes it a bit more clear that we
cannot know the node name when the API is unavailable.
 2020-09-19 08:43:53 +02:00
John Gardiner Myers f4cecc58ac Ignore lack of tags on launch templates 2020-09-10 20:59:28 -07:00
John Gardiner Myers 7069aaabf6 Take node labels from cloud tags on AWS 2020-09-10 20:59:24 -07:00
John Gardiner Myers 24ff622d8e Rename NodeReconciler to LegacyNodeReconciler 2020-09-10 20:42:56 -07:00
Kubernetes Prow Robot 036ea69525
Merge pull request #9352 from justinsb/irsa_with_public 
Simplified form of IAM Roles for ServiceAccounts
 2020-09-09 22:23:44 -07:00
Kubernetes Prow Robot 4508406515
Merge pull request #9908 from rdrgmnzs/CacheNodeidentityInfo 
Allow caching of Nodeidentity Info in kops-controller for AWS.
 2020-09-09 13:01:44 -07:00
Rodrigo Menezes 4c057f138a Allow caching of Nodeidentity Info in kops-controller for AWS to reduce the number of DescribeInstances API calls. 2020-09-09 22:11:29 +03:00
Justin SB ccc814dfbc Create tests for JWKS scenarios 2020-09-09 09:57:06 -04:00
Ciprian Hacman c7bc3d4397 Update mock version to 1.19.0-alpha.3 2020-09-08 08:45:25 +03:00
Ole Markus With a483945711 Refactor based on changes to cloud instances 2020-09-01 08:41:53 +02:00
Ole Markus With c01455cf91 Keep the good part from last attempt 2020-09-01 08:30:03 +02:00
Kubernetes Prow Robot e11146c0df
Merge pull request #9799 from olemarkus/cloudinstances-refactor 
Cloudinstances refactor
 2020-08-31 23:23:50 -07:00
Kubernetes Prow Robot 5d09a9a95b
Merge pull request #9667 from justinsb/kubectl_auth_helper 
Support authentication helper for kubectl
 2020-08-30 21:46:21 -07:00
Ole Markus With 0ec71686b9 Refactor cloudinstancegroupmember in a more independent cloud instance representation 
Apply suggestions from code review

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-08-30 21:37:03 +02:00
Justin SB 8757a2ce2a kubeconfig generation: add tests for kops plugin 
Also slightly simplify the tests and Kubecfg Builder signature by
passing in the ConfigAccess only when needed.
 2020-08-30 15:17:36 -04:00
Justin SB 0cda0f5068 Support authentication helper for kubectl 
We create a simple exec plugin command which can create and renew
short-lived admin credentials on the fly, essentially leveraging the
security of the underlying cloud credentials.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-08-30 15:16:20 -04:00
Justin SB 786423f617 Expose JWKS via a feature-flag 
When the PublicJWKS feature-flag is set, we expose the apiserver JWKS
document publicly (including enabling anonymous access).  This is a
stepping stone to a more hardened configuration where we copy the JWKS
document to S3/GCS/etc.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-08-30 10:15:11 -04:00
Justin Santa Barbara f32fcc35fa Addons: Support arbitrary additional objects 
We will be managing cluster addons using CRDs, and so we want to be
able to apply arbitrary objects as part of cluster bringup.

Start by allowing (behind a feature-flag) for arbitrary objects to be
specified.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-08-28 09:03:41 -04:00
Kubernetes Prow Robot e537846b41
Merge pull request #9784 from olemarkus/kops-delete-instance 
Add kops delete instance command
 2020-08-28 00:36:53 -07:00
Ole Markus With ff6c04938d Add kops delete instance command 
Add support for deleting instance by k8s node name

Add yes flag
 2020-08-28 08:43:30 +02:00
Peter Rifel 64f6f5e2cb
Add integration test for GCE private topology with bastion 2020-08-27 14:28:26 -05:00
Peter Rifel d0b8c654bd
Add --internal flag for export kubecfg that targets the internal dns name 
Kops creates an "api.internal.$clustername" dns A record that points to the master IP(s)

This adds a flag that will use that name and force the CA cert to be included.
This is a workaround for client certificate authentication not working on API ELBs with ACM certificates.
The ELB has a TLS listener rather than TCP, so the client certificate is not passed through to the apiserver.
Using --internal will bypass the API ELB so that the client certificate will be passed directly to the apiserver.
This also requires that the masters' security groups allow 443 access from the client which this does not handle automatically.
 2020-08-26 21:15:18 -05:00
John Gardiner Myers 07220797b4 Issue the cilium etcd client cert out of kops-controller 2020-08-17 21:15:34 -07:00
Peter Rifel bae8150e12
Update more klog v1 references to v2 
I missed these in the previous PR. This removes the direct dependency on v1 entirely.
The kubernetes 1.19 upgrade will remove the indirect reference on v1.
 2020-08-17 07:44:48 -05:00
John Gardiner Myers d05f9a3eff Don't issue certs for features not enabled 2020-08-16 23:40:43 -07:00
John Gardiner Myers b6947ccaee Use kops-controller to issue kube-router cert 2020-08-16 23:40:38 -07:00
John Gardiner Myers 8e43c1d637 Use kops-controller to issue kube-proxy cert 2020-08-16 23:36:42 -07:00
Peter Rifel 4d9f0128a3
Upgrade to klog2 
This splits up the kubernetes 1.19 PR to make it easier to keep up to date until we get it sorted out.
 2020-08-16 20:56:48 -05:00
John Gardiner Myers 9e99f76a6e Address review comments 2020-08-15 10:30:21 -07:00
John Gardiner Myers bec273ebf1 Implement signing of kubelet cert in kops-controller 2020-08-15 10:30:20 -07:00
John Gardiner Myers 9cfa169740 Add server code to kops-controller 2020-08-15 10:30:15 -07:00
John Gardiner Myers cfa262a81a Authenticate from nodeup to kops-controller 2020-08-15 09:50:08 -07:00
John Gardiner Myers 9c01e1f44d Send bootstrap query from nodeup to kops-controller 2020-08-15 09:50:08 -07:00
John Gardiner Myers 00c60ddff6 Add server code to kops-controller 2020-08-15 09:46:30 -07:00
Kubernetes Prow Robot 96ab8423b1
Merge pull request #9566 from hakman/arm64-images 
Add ARM64 support for masters
 2020-08-14 20:46:17 -07:00
Kubernetes Prow Robot ec8b47d725
Merge pull request #9593 from johngmyers/kubectl-lifetime 
Reduce the lifetime of exported kubecfg credentials
 2020-08-14 19:24:18 -07:00
Ciprian Hacman b913e35da6 Remove also the flagRootFS flag from NodeUp 2020-08-13 08:37:51 +03:00
Ciprian Hacman d70fb506e5 Remove unused FSRoot from NodeUp 2020-08-12 18:35:35 +03:00
Ole Markus With 9890839cec Add an integration test for openstack floating ip 
* Integration test for floatingip cluster
* Implements mocking of floatingIP (only list for now)
* Expands various cloudmocks
* Fixes an NPR in openstack validation
* Fixes a bug where kops tries to use DNS even if the cluster is gossip
 2020-08-12 12:59:30 +02:00
Kubernetes Prow Robot b7871e2e72
Merge pull request #9478 from bwagner5/feat-instance-selector 
Add instance-selector cmd to toolbox
 2020-08-11 14:15:45 -07:00