kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
20,196 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

1830 Commits

Author SHA1 Message Date
Kubernetes Prow Robot 34ce86adf2
Merge pull request #12019 from johngmyers/catasks-nobootstrap 
Fix certificate bootstrap for non-kops-controller-bootstrap cloud providers
 2021-07-19 15:56:15 -07:00
John Gardiner Myers abd95d14f4 Implement completion for "kops get clusters" 2021-07-19 14:58:41 -07:00
John Gardiner Myers c68da24d21 Implement completion for "kops get assets" 2021-07-19 14:10:43 -07:00
John Gardiner Myers c312c19dcb Implement completion for "kops get" 2021-07-19 13:52:55 -07:00
Peter Rifel 5b62e73726
Add shell completion for `--target` 2021-07-19 08:35:36 -04:00
John Gardiner Myers f6b053de9d Report unknown feature flags as such 2021-07-18 16:24:04 -07:00
John Gardiner Myers e9fc12b4f3 Fix certificate bootstrap for non-kops-controller-bootstrap cloud providers 2021-07-18 13:37:19 -07:00
John Gardiner Myers e6ede8f4a9 Don't provision SSH key by default on AWS 2021-07-17 16:33:26 -07:00
John Gardiner Myers d572b2245d Implement completion for "kops toolbox instance-selector" 2021-07-15 23:37:54 -07:00
John Gardiner Myers 69b0117827 Implement completion for "kops toolbox template" 2021-07-15 22:59:14 -07:00
Kubernetes Prow Robot f24f12f84c
Merge pull request #11982 from johngmyers/bootstrap-keypairid 
Verify CA keypair IDs for kops-controller-issued certs
 2021-07-15 12:31:03 -07:00
John Gardiner Myers bf12934709 Clean up "kops toolbox instance-selector" 2021-07-14 14:36:37 -07:00
John Gardiner Myers b517ba687d Implement completion for "kops toolbox dump" 2021-07-14 14:36:37 -07:00
John Gardiner Myers 14320fb3b5 Clean up "kops toolbox" 2021-07-14 14:36:36 -07:00
Kubernetes Prow Robot e08fdb0c4e
Merge pull request #11987 from johngmyers/edit-set 
Change set and unset commands into flags on "kops edit cluster"
 2021-07-14 14:04:40 -07:00
John Gardiner Myers cac4d2c080 More "kops set" cleanup 2021-07-14 13:09:08 -07:00
John Gardiner Myers 191df58267 Verify CA keypair IDs for kops-controller-issued certs 2021-07-14 08:15:28 -07:00
John Gardiner Myers b892ed4235 Fix "kops export kubeconfig" 2021-07-13 22:06:11 -07:00
John Gardiner Myers 66024869a0 Implement "kops edit instancegroup --set" and "--unset" 2021-07-13 20:07:59 -07:00
John Gardiner Myers 8be10e96d0 Implement "kops edit cluster --set" and "--unset" 2021-07-13 20:07:24 -07:00
John Gardiner Myers 010aa2cf27 Minor Cobra cleanups 2021-07-13 13:00:48 -07:00
John Gardiner Myers 1f9f6fc8ce Clean up "kops replace" command 2021-07-13 13:00:32 -07:00
John Gardiner Myers 265e57bada Clean up gen-cli-docs 2021-07-13 13:00:26 -07:00
John Gardiner Myers 0167f689e3 Implement completion for "kops export kubeconfig" 2021-07-13 07:32:08 -07:00
John Gardiner Myers 3091b76ffc Clean up "kops export" 2021-07-13 07:32:08 -07:00
Kubernetes Prow Robot 46aafd55a8
Merge pull request #11980 from johngmyers/complete-edit 
Implement completion for "kops edit" commands
 2021-07-13 04:50:30 -07:00
John Gardiner Myers 3613695248 Fix use of pretty.Bash() 2021-07-12 20:38:47 -07:00
John Gardiner Myers be30a61983 Move EditorEnvs to pkg 2021-07-11 23:05:06 -07:00
John Gardiner Myers 23478734ae Give "edit instancegroup" parity with "edit cluster" 2021-07-11 23:00:08 -07:00
John Gardiner Myers 6eda65d9f7 Implement completion for "kops edit instancegroup" 2021-07-11 22:38:07 -07:00
John Gardiner Myers ea9678573e Implement completion for "kops edit cluster" 2021-07-11 22:10:43 -07:00
John Gardiner Myers b0b83ed125 Clean up "kops edit" 2021-07-11 22:07:02 -07:00
John Gardiner Myers 1c3947220e Add "kops trust keypair" command 2021-07-11 10:36:40 -07:00
Kubernetes Prow Robot 73b1bce020
Merge pull request #11975 from johngmyers/refactor-legacy 
Issue certs using CA KeypairID in NodeupConfig
 2021-07-11 01:56:47 -07:00
Kubernetes Prow Robot 3a68dd63f7
Merge pull request #11970 from johngmyers/complete-delete 
Implement completion for delete commands
 2021-07-11 01:10:46 -07:00
John Gardiner Myers 6f06661a68 Use narrower interface type 2021-07-10 23:23:12 -07:00
John Gardiner Myers 5a2aac4cfd Add "all" variants of key rotation commands 2021-07-10 05:51:31 -07:00
Kubernetes Prow Robot 0bc00046ad
Merge pull request #11964 from johngmyers/rotate-etcd 
Refactor keysets for etcd-manager
 2021-07-10 01:16:46 -07:00
John Gardiner Myers ea8cd3b758 Implement completion for "kops delete instancegroup" 2021-07-10 00:30:32 -07:00
John Gardiner Myers 56b57b5326 Implement completion for "kops delete instance" 2021-07-10 00:30:32 -07:00
John Gardiner Myers b16b742b05 Implement completion for "kops delete cluster" 2021-07-10 00:30:32 -07:00
John Gardiner Myers c864dc02ca Clean up "kops delete -f" 2021-07-10 00:30:31 -07:00
John Gardiner Myers 5095ae93fd Remove -rc.0 k8s versions from completion 2021-07-10 00:30:31 -07:00
Kubernetes Prow Robot db90029595
Merge pull request #11957 from johngmyers/complete-create-more 
Implement completion for "kops create instancegroup"
 2021-07-10 00:28:46 -07:00
John Gardiner Myers 62d5f0ca7a Suppress usage for errors returned from RunE 2021-07-09 19:55:46 -07:00
John Gardiner Myers 8c1e5fd91a Add missing newline 2021-07-09 00:24:02 -07:00
John Gardiner Myers d865df6775 Don't include distrusted keypairs unless specifically asked to 2021-07-09 00:24:01 -07:00
John Gardiner Myers 95665f45c6 Include serial number in Subject of created keypairs 2021-07-09 00:24:01 -07:00
John Gardiner Myers 0e25ceaadd Change "kubernetes-ca" to have that in the CN 2021-07-09 00:12:30 -07:00
John Gardiner Myers 79984bf76e Don't put extraneous "cn=" in CN when creating keypair 2021-07-08 21:57:47 -07:00
John Gardiner Myers c35d101a89 Refactor keysets for etcd-manager 2021-07-08 18:46:03 -07:00
John Gardiner Myers 9cb7e75be5 Implement completion for "kops create instancegroup" 2021-07-08 12:26:14 -07:00
John Gardiner Myers ae9c7a66e7 Implement remaining completion for "kops create cluster" 2021-07-08 06:04:27 -07:00
John Gardiner Myers 6d16c13f24 Implement some completion for "kops create cluster" 2021-07-06 08:16:44 -07:00
John Gardiner Myers dbf4f23654 Fix completion of instancegroups when cluster argument provided 2021-07-06 07:36:54 -07:00
John Gardiner Myers 13bfa283cf Implement completion for "kops create -f" 2021-07-06 07:36:54 -07:00
Kubernetes Prow Robot 7a22c9c5fa
Merge pull request #11935 from olemarkus/manyaddons-no-oidc 
Remove unused golden files from manyaddons test
 2021-07-06 01:36:18 -07:00
Kubernetes Prow Robot 97cd19f2fd
Merge pull request #11927 from johngmyers/complete-validate 
Implement completion for validate and upgrade
 2021-07-06 00:54:18 -07:00
Ole Markus With 735d9a898c Remove unused golden files from manyaddons test 2021-07-06 08:52:56 +02:00
Kubernetes Prow Robot 118c9d7b61
Merge pull request #11932 from johngmyers/remove-dead-files 
Remove obsolete files
 2021-07-05 23:50:18 -07:00
John Gardiner Myers 9c83afb739 Remove obsolete files 2021-07-05 23:11:17 -07:00
John Gardiner Myers abf8e268cd Implement completion for "kops upgrade cluster" 2021-07-05 11:26:33 -07:00
John Gardiner Myers dedf53fd16 Implement completion for "kops validate cluster" 2021-07-05 11:26:33 -07:00
John Gardiner Myers 4771f606a0 Implement completion for "kops update cluster" 2021-07-05 09:18:37 -07:00
John Gardiner Myers e7407b1b56 Clean up "kops version" 2021-07-05 09:18:37 -07:00
Kubernetes Prow Robot 0e351edb4c
Merge pull request #11924 from johngmyers/more-completions 
Implement completion for "kops rolling-update cluster"
 2021-07-05 02:48:55 -07:00
John Gardiner Myers 75f3974f47 Use all-caps for metasyntactic arguments 2021-07-03 23:00:41 -07:00
John Gardiner Myers e3451030ff Implement completion for "kops rolling-update cluster" 2021-07-03 22:57:15 -07:00
John Gardiner Myers ba7641b97d Include completion descriptions for keypairs 2021-07-03 19:52:53 -07:00
John Gardiner Myers 921d09523e Rename the "ca" keyset to "kubernetes-ca" 2021-07-03 17:33:13 -07:00
Kubernetes Prow Robot f66081b414
Merge pull request #11904 from johngmyers/get-keypairs-times 
Improve "kops get keypairs"
 2021-07-02 04:58:12 -07:00
Kubernetes Prow Robot 6689850ebc
Merge pull request #11906 from johngmyers/refactor-aggregator 
Refactor apiserver-aggregator-ca
 2021-07-01 23:32:13 -07:00
John Gardiner Myers 1e0c6cb1aa Refactor apiserver-aggregator-ca 2021-07-01 22:25:47 -07:00
John Gardiner Myers 52fd5ac51a Use Cobra's built-in completion command 2021-07-01 13:04:39 -07:00
John Gardiner Myers d0f20f367d Improve "kops get keypairs" 2021-07-01 08:05:07 -07:00
Kubernetes Prow Robot 39b67210f8
Merge pull request #11897 from johngmyers/refactor-etcd-ca 
Refactor etcd-clients-ca keyset for api-server
 2021-06-30 23:37:55 -07:00
John Gardiner Myers ac1cf0b0ee Implement completion for "kops distrust keypair" 2021-06-30 21:25:47 -07:00
John Gardiner Myers 3de05a500e Refactor etcd-clients-ca keyset for api-server 2021-06-30 18:55:30 -07:00
Kubernetes Prow Robot 6e9b108d16
Merge pull request #11892 from johngmyers/complete-promote 
Implement completion for "kops promote keypair"
 2021-06-29 20:43:03 -07:00
John Gardiner Myers d8e592c421 Implement completion for "kops promote keypair" 2021-06-29 19:47:05 -07:00
Kubernetes Prow Robot 52afacd05c
Merge pull request #9621 from johngmyers/tf-managed 
Render managed files with Terraform
 2021-06-29 19:27:03 -07:00
John Gardiner Myers 22b8ad2d48 Implement completion for "kops create keypair" 2021-06-28 23:26:47 -07:00
John Gardiner Myers 3981711af8 Adjust integration tests 2021-06-28 13:48:34 -07:00
Kubernetes Prow Robot 1bed90a030
Merge pull request #11877 from johngmyers/rotate-cilium 
Allow rotation of etcd-clients-ca-cilium
 2021-06-28 10:42:08 -07:00
Kubernetes Prow Robot ee048e89e7
Merge pull request #11872 from johngmyers/refactor-serviceaccount 
Refactor nodeup APIServer builder, part one
 2021-06-28 10:42:01 -07:00
Ciprian Hacman c8860412f0 Add support for darwin/arm64 on the client-side 2021-06-28 10:18:28 +03:00
John Gardiner Myers 26a5aa179b Improve completion for kops root command 2021-06-27 21:51:15 -07:00
John Gardiner Myers 97583261f8 Allow rotation of etcd-clients-ca-cilium 2021-06-27 12:49:08 -07:00
John Gardiner Myers 3caa6ef5b8 Improve "kops distrust keypair" command 2021-06-27 11:16:34 -07:00
Kubernetes Prow Robot 61778b1fd9
Merge pull request #11845 from johngmyers/mark-deleted 
Retain deleted keypairs
 2021-06-27 10:11:24 -07:00
John Gardiner Myers e1df9f09dd Refactor service-account public keys 2021-06-27 08:45:06 -07:00
Kubernetes Prow Robot 22c11c10f1
Merge pull request #11848 from johngmyers/cilium-etcd-client 
Refactor etcd-client-cilium secrets
 2021-06-27 04:01:24 -07:00
John Gardiner Myers 4a47614e62 Simplify config server protocol 2021-06-26 09:56:47 -07:00
John Gardiner Myers 2faf28379a Refactor etcd-client-cilium secrets 2021-06-25 23:57:23 -07:00
John Gardiner Myers 1752f0f4db Move most of nodeup.Config out of userdata 2021-06-25 22:25:49 -07:00
Ole Markus With 0588986841 Make it simpler to spot missing files in integration tests 2021-06-25 13:25:32 +02:00
John Gardiner Myers cd48f10de5 Rename "kops delete keypair" to "kops distrust keypair" 2021-06-24 19:19:43 -07:00
John Gardiner Myers 584aa56b6b Retain deleted keypairs 2021-06-24 19:03:29 -07:00
Kubernetes Prow Robot d5119c0338
Merge pull request #11833 from johngmyers/update-on-primary-change 
Mark nodes NeedsUpdate when keys they use change
 2021-06-22 08:11:58 -07:00
Kubernetes Prow Robot d869f2d5ea
Merge pull request #11835 from johngmyers/promote 
Add 'kops promote keypair' command
 2021-06-22 00:31:57 -07:00
Kubernetes Prow Robot 364fe4ca86
Merge pull request #11708 from johngmyers/refactor-assets 
Limit concurrency of asset copy tasks
 2021-06-21 23:13:58 -07:00
John Gardiner Myers 5423e18b56 Add 'kops promote keypair' command 2021-06-21 20:58:51 -07:00
John Gardiner Myers d5cea85f7c Use stable keyset IDs 2021-06-21 16:10:06 -07:00
John Gardiner Myers ca8c6d6828 Extract duplicated code to method 2021-06-21 13:35:33 -07:00
John Gardiner Myers c904c743da Remove 'kops import' 2021-06-21 07:34:29 -07:00
John Gardiner Myers 002a1f7fd3 Remove 'kops toolbox convert-imported' 2021-06-21 07:34:29 -07:00
Kubernetes Prow Robot ab0ee8a2a9
Merge pull request #11823 from johngmyers/get-keypairs-2 
Improve the output of 'kops get keypairs'
 2021-06-21 02:19:10 -07:00
Kubernetes Prow Robot 21488a164d
Merge pull request #11822 from johngmyers/rotate-issue 
Support creating new service-account keypairs
 2021-06-21 01:32:59 -07:00
Kubernetes Prow Robot eb7ba5e943
Merge pull request #9229 from johngmyers/version-fullcluster 
Put versioned API of cluster into state store
 2021-06-21 01:32:52 -07:00
John Gardiner Myers 1ed3619362 Improve the output of 'kops get keypairs' 2021-06-20 15:51:09 -07:00
John Gardiner Myers 12d536d3a3 Refactor 'kops delete keypair' 2021-06-20 15:09:15 -07:00
John Gardiner Myers 896330be88 Create fi.NewKeyset() 2021-06-20 14:09:46 -07:00
John Gardiner Myers 3ca8b95005 Support creating new service-account keypairs 2021-06-20 14:09:24 -07:00
John Gardiner Myers bf5176e1bf Remove create_keypair.go to make following diff readable 2021-06-20 14:06:44 -07:00
Ciprian Hacman e347841aa3 Add integration test for Warm Pool images 2021-06-20 23:01:52 +02:00
Kubernetes Prow Robot e4eff07c81
Merge pull request #11809 from johngmyers/rotate-5 
Include multiple cluster CAs in trust stores
 2021-06-20 13:20:51 -07:00
John Gardiner Myers 72ba687744 Split out get, describe, and delete keypairs commands 2021-06-19 13:36:11 -07:00
John Gardiner Myers c337d217ba Refactor kops-controller to use FindPrimaryKeypair and use consistent filenames 2021-06-19 10:56:29 -07:00
John Gardiner Myers 07474c6d30 Fix CA keys for all integration tests 2021-06-19 10:50:53 -07:00
Ole Markus With 507402e315 Fail early if policy size is too large 
This will then also be caught by integration tests
 2021-06-19 10:04:11 +02:00
John Gardiner Myers 42dc659aaa Allow "create keypair ca" to omit certificate 2021-06-18 10:41:54 -07:00
John Gardiner Myers ae6950711f Allow omitting private key for secondary certs 2021-06-18 10:41:40 -07:00
John Gardiner Myers af74e75382 Allow adding secondary keyset items 2021-06-18 10:41:37 -07:00
John Gardiner Myers 9861009759 Extract receiver for keyset item addition 2021-06-18 10:36:35 -07:00
John Gardiner Myers 3793c92b94 Remove "secret" from "kops create secret keypair ca" 2021-06-18 10:36:19 -07:00
John Gardiner Myers 53695fc183 Put versioned API of cluster into state store 2021-06-16 19:33:46 -07:00
Kubernetes Prow Robot 4cd3b58e37
Merge pull request #11763 from johngmyers/ipv6-access 
Make the AdminAccess default inclusive of IPv6
 2021-06-14 23:30:01 -07:00
John Gardiner Myers 1356818d83 Make the AdminAccess default inclusive of IPv6 2021-06-14 21:51:17 -07:00
John Gardiner Myers cab389f2f5 Rename --override to --set 2021-06-14 14:01:18 -07:00
John Gardiner Myers 76fc012f96 Allow unsetting fields from the command line 2021-06-14 08:52:32 -07:00
Ciprian Hacman 2a11fa7dde Add --ipv6 experimental cli flag 2021-06-13 21:48:46 +02:00
Ciprian Hacman fcfba36b14 Pre-add integration test for creating an IPv6 cluster 2021-06-13 13:09:40 +02:00
John Gardiner Myers 09259ad30f Remove unused field 2021-06-12 16:05:53 -07:00
Kubernetes Prow Robot b71ba1d566
Merge pull request #11219 from johngmyers/refactor-keypair 
Refactor keypair code in preparation for secret rotation
 2021-06-12 14:25:00 -07:00
Kubernetes Prow Robot cfc93e5178
Merge pull request #9294 from johngmyers/refactor-nodeup-context 
Remove InstanceGroup from NodeupModelContext
 2021-06-12 13:43:01 -07:00
John Gardiner Myers a983c65a48 Move assettasks to pkg/assets 2021-06-06 23:16:02 -07:00
John Gardiner Myers 3622ee3c14 Move asset copying logic to pkg 2021-06-06 21:17:50 -07:00
John Gardiner Myers e0915887ed Move asset copying out of apply_cluster 2021-06-05 21:17:50 -07:00
John Gardiner Myers fa77f8b964 Rename fi.Keystore.StoreKeypair to StoreKeyset 2021-06-05 16:38:26 -07:00
John Gardiner Myers 2300d89591 Rename pki.FindKeypair to FindPrimaryKeypair 2021-06-05 16:38:26 -07:00
John Gardiner Myers ed1f6ff79e Refactor StoreKeypair and AddCert 2021-06-05 16:38:25 -07:00
John Gardiner Myers 0364a3af25 Refactor FindKeypair interfaces 2021-06-05 16:38:24 -07:00
John Gardiner Myers eb09d31a3c Pass AuxConfig to nodeup 2021-06-03 21:04:21 -07:00
John Gardiner Myers 326a4beb49 Don't describe CloudLabels as being AWS-specific 2021-06-01 23:32:22 -07:00
John Gardiner Myers 0e775023ac Use more consistent terminology 2021-05-30 10:06:25 -07:00
John Gardiner Myers e498c33da3 More "container" to "image" renaming 2021-05-29 16:44:10 -07:00
John Gardiner Myers 95aa3fd13e Rename "DockerImage" to "DownloadLocation" 2021-05-29 16:40:56 -07:00
John Gardiner Myers 34c6f7f295 Rename "ContainerAssets" to "ImageAssets" 2021-05-29 16:36:55 -07:00
John Gardiner Myers 4c2508b6ec Add "kops get assets" command 2021-05-28 21:33:46 -07:00
John Gardiner Myers 3f24a29cca Change toolbox template flag for consistency 2021-05-27 20:42:16 -07:00
Kubernetes Prow Robot fe7d6e5516
Merge pull request #11442 from hakman/ipv6 
Add initial support for configuring IPv6 with AWS
 2021-05-18 21:02:50 -07:00
Ciprian Hacman c08d0e2bdf Pre-add AWS IPv6 integration test 2021-05-18 08:56:16 +03:00
John Gardiner Myers dd605fdbc3 Subsume StatusStore into fi.Cloud 2021-05-15 17:39:32 -07:00
Peter Rifel 640fd531c6
Add gossip integration test 2021-05-12 17:21:01 -05:00
Ciprian Hacman 54961e4ae5 Create new clusters without forcing a container runtime 
Decide which container runtime to use later in model, based on Kubernetes version and other settings.
 2021-05-09 21:43:58 +03:00
John Gardiner Myers d3469d6ec2 Remove code for no-longer-supported k8s versions 2021-05-07 23:40:03 -07:00
John Gardiner Myers 8823f30ad7 Recognize the ServiceAccountIssuerDiscovery featue gate 2021-05-06 08:57:37 -07:00
John Gardiner Myers a79da8ee86 Don't use PublicJWKS in TestAWSLBController 2021-05-06 00:11:23 -07:00
Kubernetes Prow Robot b054fb37b7
Merge pull request #11016 from olemarkus/irsa-custom 
user-configurable IAM roles for ServiceAccounts
 2021-05-02 11:16:01 -07:00
Ciprian Hacman 62c47d23d4 Add integration test for etcd 2021-05-02 08:48:46 +03:00
Ole Markus With 6f8b3647cf Add support for IRSA in he api 
Apply suggestions from code review

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-05-01 16:03:42 +02:00
Ole Markus With 5ca7c9b5d7 Use VFS as service account issuer if configured 
Also add an integration test that uses VFS
 2021-04-30 21:02:30 +02:00
Kenji Kaneda 71f52363f8 Add a lifecycle test for GCE 
- Move MockGCECloud to cloudmock/gce.
- Change Compute() and CloudDNS() of GCECloud to return interfaces
  for mocking
 2021-04-26 13:05:27 -07:00
Kubernetes Prow Robot 0d9e2e7bb4
Merge pull request #11184 from cloudnatix/kenji/gcp 
Add GCE Router task
 2021-04-24 00:37:15 -07:00
Kenji Kaneda f37330f53d Add GCE Router task 
This commit picks up the change from the previous attempt
(https://github.com/kubernetes/kops/pull/6828).

- Add Router to GCE tasks
- Add the HasExternalIP field to InstanceTemplate
- Create a RouterTask and set HasExternalIP to false when
  a private topology is specified.

https://github.com/kubernetes/kops/issues/6827
 2021-04-23 23:03:38 -07:00
ebarped 44500b5b8d create.go: add --name to kops update cluster command 2021-04-23 10:57:18 +02:00
Jason Haugen cceb9dd296 lifecycle integ test, docs, & small cleanup 2021-04-19 15:43:06 -05:00
Jason Haugen 10df4a9a14 integ tests 2021-04-19 15:43:05 -05:00
Kubernetes Prow Robot 5aa8a31819
Merge pull request #11227 from olemarkus/warm-roll 
Give kOps CLI knowledge about ASG warm pools
 2021-04-15 09:46:07 -07:00
Kubernetes Prow Robot 2f1c8f3969
Merge pull request #11186 from integrii/patch-1 
Update kops_create_secret_dockerconfig.md
 2021-04-15 05:55:50 -07:00
Ole Markus With 09615935fd Make kOps CLI handle ASG warm pools 2021-04-15 11:10:23 +02:00
Ciprian Hacman 6c284a886b Apply suggestions from code review 2021-04-15 11:42:27 +03:00
Eric Greer 21c6007e71 Update kops_create_secret_dockerconfig.md 
Today we were implementing an authenticated docker user, but it was unclear how exactly to do that.  We learned that simply making this secret within kops was all that was needed for the docker config to start appearing on newly built nodes.  It would be nice if the documentation here reflected that.  It would have saved us some time.
 2021-04-15 11:30:54 +03:00
Barry Melbourne 1a60629d38 Update Docker to v20.10.5 2021-04-11 19:26:46 +01:00
Ole Markus With dbd23473ef Add irsa support for awslbcontroller 
This commit also introduces support for adding token projection volumes for well-known SAs.
Slightly less complicated than explicitly parsing the objects for a manifest
 2021-04-04 21:24:07 +02:00
Kubernetes Prow Robot f733db7e33
Merge pull request #11175 from olemarkus/aws-lb-controller-test 
Add integration test for aws lb controller
 2021-04-04 11:30:12 -07:00
Ole Markus With 1e3674e896 Add integration test for aws lb controller 2021-04-04 19:46:09 +02:00
Kubernetes Prow Robot 6bb9355361
Merge pull request #11152 from olemarkus/apiserver-cli-flags 
Allow setting dedicated apiserver node count from create cluster cmd
 2021-04-03 22:32:14 -07:00
Justin Santa Barbara e34d9bb579 Expand flag help on --user flags 
It wasn't entirely clear to me that this had to be the name of a user
kubeconfig section.
 2021-03-27 13:41:10 -04:00
Ole Markus With c6e5c4364d Allow setting dedicated apiserver node count from create cluster cmd 2021-03-27 08:59:45 +01:00
Kubernetes Prow Robot 155b765083
Merge pull request #11048 from bharath-123/fix/toolbox-cmd 
Remove instance-selector label
 2021-03-24 04:36:08 -07:00
Justin SB c75e084158 Re-add integration tests for jwks 
We removed them from #10756, but they can be re-added.
 2021-03-20 22:55:11 -04:00
Ole Markus With 20bd724f5e Add support for scaling out the control plane with dedicated apiserver nodes 
Ensure apiserver role can only be used on AWS (because of firewalling)

Apply api-server label to CP as well

Consolidate node not ready validation message

Guard apiserver nodes with a feature flag

Rename Apiserver role to APIServer

Add an integration test for apiserver nodes

Rename Apiserver role to APIServer

Enumerate all roles in rolling update docs

Apply suggestions from code review

Co-authored-by: Steven E. Harris <seh@panix.com>
 2021-03-20 20:57:00 +01:00
Peter Rifel 7c900b7fae Generate and upload keys.json + discovery.json to public store 
Generate and upload keys.json + discovery.json to public store

Don't enable anonymous auth on publicjwks

Remove tests that won't work using FS VFS anymore
 2021-03-19 20:03:26 +01:00
Bharath Vedartham 90ea91b5cb remove instance-selector label 2021-03-16 23:59:56 +05:30
Kubernetes Prow Robot 9dfbd03fa6
Merge pull request #11046 from hakman/channels-arm64 
Add channels entries for image architecture
 2021-03-15 12:16:34 -07:00
Ciprian Hacman 55f8c70779 Add channels entries for image architecture 2021-03-15 20:36:37 +02:00
Peter Rifel ce073593da
cluster validation - allow flapping of validation errors 
Previously with --wait if a cluster successfully validated and then a subsequent validation failed
(perhaps due to a new critical pod being scheduled and not being ready) we would previously fail the `validate cluster` command immediately.

This will now reset the success counter that approaches --count, allowing validation attempts to continue until we timeout from --wait.

I'm hoping this fixes prow job failures like this: https://prow.k8s.io/view/gs/kubernetes-jenkins/logs/e2e-kops-grid-u1804-k18-containerd/1370875829445201920

where `kops validate cluster --count 10 --wait 15m` was invoked at `23:15:48` but exited with failure at `23:22:59`.
In my opinion, `kops validate cluster --count 10 --wait 15m` should only ever exit with failure if the 15 minute timeout has been reached.
 2021-03-14 09:05:58 -05:00
Bharath Vedartham 0c0767c0c9 Remove support for launch configurations 2021-03-09 09:04:15 +02:00
Barry Melbourne 659bfa0daf Update Controller Runtime Go module to v0.8.2 2021-02-25 20:34:12 +00:00
Ciprian Hacman 4f70c4237c Update mock to v1.21.0-alpha.1 2021-02-16 14:19:58 +02:00
Ole Markus With 73a9ec7372 Fix kdi 'must specify' error 2021-02-15 11:36:11 +01:00
Kubernetes Prow Robot 63baa5b579
Merge pull request #10752 from rifelpet/lifecycle-integration-test 
Add overrides testing in lifecycle integration tests
 2021-02-11 00:56:16 -08:00
Kubernetes Prow Robot 4507be8e13
Merge pull request #10469 from justinsb/boot_nodes_from_kops_controller 
Boot nodes without state store access
 2021-02-08 11:28:19 -08:00
Peter Rifel dd1ebb8b77
Add overrides support in lifecycle integration tests 
This allows specific changes to be tested during an `update cluster --yes` and ensuring a subsequent `update cluster` dryrun correctly reports no changes.

To specify changes, create a cluster.overrides.txt or instancegroup.<name>.overrides.txt file in the update_cluster integration test's directory.
Each line is a field=value format, each batch of changes is separated by a `---` line.
Each batch will be ran through `update cluster --yes`
 2021-02-06 23:18:15 -06:00
Bharath Vedartham 515fbf1c1c set_cluster: Remove unused instanceGroup parameter from setClusterFields 2021-01-30 14:31:49 +05:30
Ciprian Hacman 46aa146b31 Add integration tests for older Kubernetes versions 2021-01-29 14:33:36 +02:00
Kubernetes Prow Robot 3d39be7721
Merge pull request #10661 from hakman/etcd-manager-defaults 
Update AWS etcd-manager volumes defaults
 2021-01-28 22:01:41 -08:00
Peter Rifel 2d8bfc040b
Allow SSH user to be overridden for `toolbox dump` 2021-01-28 19:47:22 -06:00
Ciprian Hacman fcea4f5b08 Set default volume encryption to "true" for etcd-manager volumes in AWS 2021-01-26 11:29:27 +02:00
Kubernetes Prow Robot f055dd561c
Merge pull request #10593 from gabrieljackson/set-instancegroup-cmd-redux 
Add `set instancegroup` command
 2021-01-25 05:16:54 -08:00
Gabe Jackson b1282f2591 Correct command help text 2021-01-24 21:19:13 -05:00
Ciprian Hacman 7aeb8c2af3 Add back support for kubenet style networking with containerd 2021-01-24 21:16:45 +02:00
Barry Melbourne 337c9c4c66 Set default container runtime to containerd 2021-01-16 14:55:35 +00:00
Gabe Jackson e90050f134 Add `set instancegroup` command 
This change adds a new command and functionality for updating
instance group configuration via command line arguments. This
behavior mimics the `set cluster` command.
 2021-01-15 12:19:26 -05:00
Ciprian Hacman e20900a2de Add CF integration test for gp3 volumes 2021-01-15 09:53:10 +02:00
Barry Melbourne f2ecb5c153 Upgrade Go v1.15.6 / Bazel v3.4.1 2021-01-10 18:13:12 +00:00
Justin SB 4ac9d5c17b Boot nodes without state store access 
kops-controller can now serve the instance group & cluster config to
nodes, as part of the bootstrap process.

This enables nodes to boot without access to the state
store (i.e. without S3 / GCS / etc permissions)

Feature-flagged behind the KopsControllerStateStore feature-flag.
 2021-01-09 13:08:48 -05:00
Ciprian Hacman a7bb949936 Add possibility to set volume throughput for gp3 volumes 2021-01-05 13:18:32 +02:00
Ciprian Hacman c02e5a20ea Remove support for Kubenet with containerd 2020-12-27 18:21:16 +02:00
Kubernetes Prow Robot b5afd1d6c4
Merge pull request #10473 from hakman/custom-container-runtime-package 
Add config options for container runtime package URL and Hash
 2020-12-23 04:48:28 -08:00
Ciprian Hacman ff6a782303 Add config options for container runtime package URL and Hash 2020-12-23 13:29:22 +02:00
Kenji Kaneda a61caea8d2 Add Azure support 
This commit contains all changes required to support Azure
(https://github.com/kubernetes/kops/issues/3957).
 2020-12-21 08:27:54 -08:00
Ole Markus With 24c9d03477 Use helm's merging of vaulefiles and files 2020-12-16 22:18:58 +01:00
Ole Markus With b6a07c16fe Replace template text with something that builde the entire context 2020-12-16 22:18:58 +01:00
Ole Markus With 64334eba00 Bump helm to v3 2020-12-16 22:18:56 +01:00
Kubernetes Prow Robot 54a5f4e7f0
Merge pull request #10369 from olemarkus/tf-channels 
Template functions for recommended kubernetes versions
 2020-12-15 05:41:48 -08:00
Ole Markus With 4fa6f56ecd Use the kubernetes-sigs version of yaml 2020-12-15 10:38:01 +01:00
Ole Markus With 5fe948bb5c Add template function for preferred version 2020-12-15 08:53:30 +01:00
Ciprian Hacman e11d934268 Add option to reuse existing Elastic IPs for NAT gateways 2020-12-06 09:37:17 +02:00
Kubernetes Prow Robot 0f9c0c03ef
Merge pull request #10365 from hakman/test-ha-shared-zone 
Add integration test for creating an HA cluster in shared zone
 2020-12-04 14:15:26 -08:00
Rodrigo Menezes 3fb12c66ae gzip and base64 encode the heredocs in the nodeup.sh portion of user-data 2020-12-04 10:46:18 -08:00
Ciprian Hacman afbb6475fe Add integration test for creating an HA cluster in shared zone 2020-12-04 20:16:38 +02:00
Ciprian Hacman 2d9d43ab39 Fix multi-arch image pushing 2020-11-19 07:57:30 +02:00
Kubernetes Prow Robot 42e189605a
Merge pull request #10265 from hakman/docker-manifest 
Push multi-arch images
 2020-11-18 12:08:06 -08:00
Kubernetes Prow Robot fe07c9a20a
Merge pull request #10240 from hakman/bazel-0.24.7 
Update Bazel rules for Go to v0.24.7
 2020-11-18 08:58:05 -08:00
Ciprian Hacman 78c28288a2 Push multi-arch images 2020-11-18 16:52:27 +02:00
Ole Markus With 2659a30280 Make get instances respect needs-update annotation 
Make it possible for addons to set needs-update annotation

Use onDelete update strategy for cilium and set needs-update annotation

Rename node roles
 2020-11-16 08:26:17 +01:00
Ciprian Hacman 924ab9effa Update Bazel rules for Go to v0.24.7 2020-11-15 12:32:24 +02:00
Kubernetes Prow Robot 01b17be97e
Merge pull request #10221 from eddycharly/fix-validation 
Fix cluster validation dependency on local kubeconfig
 2020-11-14 14:17:03 -08:00
Ciprian Hacman 3ca128d5ef make gen-cli-docs 2020-11-14 16:02:59 +02:00
axpraka ab05d1873b
Update cmd/kops/root.go 
Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>
 2020-11-14 08:24:15 -05:00
axpraka cb53f89c22 kops as kOps for document 
Updated kops as kOps for document.
 2020-11-13 23:45:11 -05:00
Charles-Edouard Brétéché 116af0c74b pass host only instead of the whole config 2020-11-12 08:37:51 +01:00
Charles-Edouard Brétéché 709e1b6cbd Fix cluster validation dependency on local kubeconfig 2020-11-11 21:11:54 +01:00
John Gardiner Myers cddd30c184 Update validate cluster cli docs 2020-11-11 09:31:18 -08:00
Ole Markus With d24d9e05ba Upgrade helm to 2.17 and use the helm.sh reference 2020-11-07 21:09:08 +01:00
Christian Joun e91ed11449
Implement API load balancer class with NLB and ELB support on AWS (#9011) 
* refactor TargetLoadBalancer to use DNSTarget interface instead of LoadBalancer

* add LoadBalancerClass fields into api

* make api machinery

* WIP: Implemented API loadbalancer class, allowing NLB and ELB support on AWS for new clusters.

* perform vendoring related tasks and apply fixes identified from hack/

dissallow spotinst + nlb
remove reflection in status_discovery.go
Add precreated additional security groups to the Master nodes in case of NLB
Remove support for attaching individual instances to NLB; only rely on ASG attachments
Don't specify Classic loadbalancer in GCE integration test

* add utility function to the kops model context to make LoadBalancer comparisons simpler

* use DNSTarget interface when locating DNSName of API ELB

* wip: create target group task

* Consolidate TargetGroup tasks

* Use context helper for determining api load balancer type to avoid nil pointers

* Update NLB creation to use target group ARN from separate task rather than creating a TG in-line

* Address staticcheck and bazel failures

* Removing NLB Attachment tasks because they're not used since we switched to defining them as a part of the ASGs

* Address PR review feedback

* Only set LB Class field for AWS clusters, fix nil pointer

* Move target group attributes from NLB task to TG task, removing unused attributes

* Add terraform and cloudformation support for NLBs, listeners, and target groups

* Update integration test for NLB support

* Fix NLB name format to pass terraform validation

* Preserve security group rule names when switching ELB to NLB to reduce destructive terraform changes

* Use elbv2 enums and address some TODOs

* Set healthcheck values in target group

* Find TG tags, fix NLB name detection

* Fix more spurious changes reported by lifecycle integration test

* Fix spotinst validation, more code cleanup

* Address more PR feedback

* ReconcileTargetGroups unit test + more code simplification

* Addressing PR feedback Renaming task 1. awstasks.LoadBalancer -> awstasks.ClassicLoadBalancer

* Addressing PR feedback Renaming task: ELBName() -> CLBName() / LinkToELB() -> LinkToCLB()

* Addressing PR feedback: Various text changes

* fix export of kubecfg

* address TargetGroup should have the same name as the NLB

* should address error when fetching tags due to missing ARN

* Update expected and crds

* Add feature table to NLB docs

* Address more feedback and remove some TODOs that arent applicable anymore

* Update spotinst validation error message

Co-authored-by: Peter Rifel <pgrifel@gmail.com>
 2020-11-02 05:28:52 -08:00
Peter Rifel 7d5a39974f
Add lifecycle integration tests for complex and externallb clusters 2020-10-30 10:06:36 -05:00
Kubernetes Prow Robot b7f66a6d98
Merge pull request #10109 from bmelbourne/set-minimum-terraform-0.12 
Set minimum Terraform version to 0.12.26/0.13.0
 2020-10-29 01:52:58 -07:00
Barry Melbourne 84417c330b Set minimum Terraform version to 0.12.26/0.13.0 2020-10-28 20:24:41 +00:00
Ciprian Hacman f69ffeaa63 Update cluster and state store names in CLI docs 2020-10-28 18:22:53 +02:00
Kubernetes Prow Robot d739bae871
Merge pull request #10106 from johngmyers/tf-json 
Remove dependency of TerraformJSON feature flag
 2020-10-26 07:23:01 -07:00
Justin SB e03bb72c2c Default to exporting a kubecfg, even without credentials 
We do log a hint for the user when we have exported an empty kubecfg,
but this now supports the "current cluster" UX.

Issue #9990
 2020-10-25 14:30:32 -04:00
John Gardiner Myers f92d486197 Remove dependency of TerraformJSON feature flag 2020-10-25 10:49:59 -07:00
Kubernetes Prow Robot fbb172c08c
Merge pull request #9575 from johngmyers/node-labels 
Take node labels from cloud tags on AWS
 2020-10-23 04:01:45 -07:00
Nicolas Vanheuverzwijn b0fd89a193 upgrade-cluster: test that new image in stable or alpha channel will receive automated update 2020-10-14 10:14:47 -04:00
Ole Markus With b122d0e3ba Fix nil pointer when deleting instance 2020-10-13 13:23:22 +02:00
Ole Markus With 466dcd001e Apply suggestions from code review 
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-10-09 08:27:08 +02:00
Ole Markus With 809aa93634 Make use of kubelet service certificate 2020-10-09 08:27:08 +02:00
Ole Markus With aa66c4f6d8 Add rolling upgrade to openstack 2020-10-01 20:07:44 +02:00
Ole Markus With 7c8ff94631 Make setupmockopenstack standalone 2020-10-01 19:15:39 +02:00
Kubernetes Prow Robot d6f60b9ee5
Merge pull request #9981 from olemarkus/cleanup-cloud-2 
More removals of BuildCloud
 2020-10-01 05:18:54 -07:00
Kubernetes Prow Robot 257f85962e
Merge pull request #9974 from olemarkus/cleanup-rolling-update-ctx 
Set ctx and cluster on the rolling update struct instead of passing it around everywhere
 2020-09-27 02:24:48 -07:00
Derrik Campau ca70ac2203 Fix small typo in create cluster help output 
Fixes typo in cmd/kops/create_cluster.go and
docs/cli/kops_create_cluster.md where example output had filename.yamlh,
changed to filename.yaml
 2020-09-26 14:45:03 -07:00
Ole Markus With 5df2d2adbd Fix nil pointer when instance has not joined the cluster 2020-09-24 20:31:19 +02:00
Ole Markus With 1d922af364 Pass cloud into populate cluster 2020-09-24 07:22:13 +02:00
Ole Markus With 1a905d2063 Pass cloud into ApplyCluster 2020-09-23 19:57:43 +02:00
Ole Markus With 63f13322d5 Don't pass ctx and cluster everywhere 2020-09-23 08:30:24 +02:00
Ole Markus With 7bc17f4b1f Build cloud outside of PerformAssignments 
We tend to build cloud, call some method, and then build cloud over
again. It would be easier to just pass the first one along.

Passing along cloud would also make it easier to mock cloud.
 2020-09-23 07:54:28 +02:00
Ole Markus With 31ee079c7b Improve kops get instances when api is unavailable 
When the api is unavailable, kops will say all the nodes have not yet
joined the cluster. That is not the case simply because e.g the admin
credentials have been expired. This PR makes it a bit more clear that we
cannot know the node name when the API is unavailable.
 2020-09-19 08:43:53 +02:00
John Gardiner Myers f4cecc58ac Ignore lack of tags on launch templates 2020-09-10 20:59:28 -07:00
John Gardiner Myers 7069aaabf6 Take node labels from cloud tags on AWS 2020-09-10 20:59:24 -07:00
John Gardiner Myers 24ff622d8e Rename NodeReconciler to LegacyNodeReconciler 2020-09-10 20:42:56 -07:00
Kubernetes Prow Robot 036ea69525
Merge pull request #9352 from justinsb/irsa_with_public 
Simplified form of IAM Roles for ServiceAccounts
 2020-09-09 22:23:44 -07:00
Kubernetes Prow Robot 4508406515
Merge pull request #9908 from rdrgmnzs/CacheNodeidentityInfo 
Allow caching of Nodeidentity Info in kops-controller for AWS.
 2020-09-09 13:01:44 -07:00
Rodrigo Menezes 4c057f138a Allow caching of Nodeidentity Info in kops-controller for AWS to reduce the number of DescribeInstances API calls. 2020-09-09 22:11:29 +03:00
Justin SB ccc814dfbc Create tests for JWKS scenarios 2020-09-09 09:57:06 -04:00
Ciprian Hacman c7bc3d4397 Update mock version to 1.19.0-alpha.3 2020-09-08 08:45:25 +03:00
Ole Markus With a483945711 Refactor based on changes to cloud instances 2020-09-01 08:41:53 +02:00
Ole Markus With c01455cf91 Keep the good part from last attempt 2020-09-01 08:30:03 +02:00
Kubernetes Prow Robot e11146c0df
Merge pull request #9799 from olemarkus/cloudinstances-refactor 
Cloudinstances refactor
 2020-08-31 23:23:50 -07:00
Kubernetes Prow Robot 5d09a9a95b
Merge pull request #9667 from justinsb/kubectl_auth_helper 
Support authentication helper for kubectl
 2020-08-30 21:46:21 -07:00
Ole Markus With 0ec71686b9 Refactor cloudinstancegroupmember in a more independent cloud instance representation 
Apply suggestions from code review

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-08-30 21:37:03 +02:00
Justin SB 8757a2ce2a kubeconfig generation: add tests for kops plugin 
Also slightly simplify the tests and Kubecfg Builder signature by
passing in the ConfigAccess only when needed.
 2020-08-30 15:17:36 -04:00
Justin SB 0cda0f5068 Support authentication helper for kubectl 
We create a simple exec plugin command which can create and renew
short-lived admin credentials on the fly, essentially leveraging the
security of the underlying cloud credentials.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-08-30 15:16:20 -04:00
Justin SB 786423f617 Expose JWKS via a feature-flag 
When the PublicJWKS feature-flag is set, we expose the apiserver JWKS
document publicly (including enabling anonymous access).  This is a
stepping stone to a more hardened configuration where we copy the JWKS
document to S3/GCS/etc.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-08-30 10:15:11 -04:00
Justin Santa Barbara f32fcc35fa Addons: Support arbitrary additional objects 
We will be managing cluster addons using CRDs, and so we want to be
able to apply arbitrary objects as part of cluster bringup.

Start by allowing (behind a feature-flag) for arbitrary objects to be
specified.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-08-28 09:03:41 -04:00
Kubernetes Prow Robot e537846b41
Merge pull request #9784 from olemarkus/kops-delete-instance 
Add kops delete instance command
 2020-08-28 00:36:53 -07:00
Ole Markus With ff6c04938d Add kops delete instance command 
Add support for deleting instance by k8s node name

Add yes flag
 2020-08-28 08:43:30 +02:00
Peter Rifel 64f6f5e2cb
Add integration test for GCE private topology with bastion 2020-08-27 14:28:26 -05:00
Peter Rifel d0b8c654bd
Add --internal flag for export kubecfg that targets the internal dns name 
Kops creates an "api.internal.$clustername" dns A record that points to the master IP(s)

This adds a flag that will use that name and force the CA cert to be included.
This is a workaround for client certificate authentication not working on API ELBs with ACM certificates.
The ELB has a TLS listener rather than TCP, so the client certificate is not passed through to the apiserver.
Using --internal will bypass the API ELB so that the client certificate will be passed directly to the apiserver.
This also requires that the masters' security groups allow 443 access from the client which this does not handle automatically.
 2020-08-26 21:15:18 -05:00
John Gardiner Myers 07220797b4 Issue the cilium etcd client cert out of kops-controller 2020-08-17 21:15:34 -07:00
Peter Rifel bae8150e12
Update more klog v1 references to v2 
I missed these in the previous PR. This removes the direct dependency on v1 entirely.
The kubernetes 1.19 upgrade will remove the indirect reference on v1.
 2020-08-17 07:44:48 -05:00
John Gardiner Myers d05f9a3eff Don't issue certs for features not enabled 2020-08-16 23:40:43 -07:00
John Gardiner Myers b6947ccaee Use kops-controller to issue kube-router cert 2020-08-16 23:40:38 -07:00
John Gardiner Myers 8e43c1d637 Use kops-controller to issue kube-proxy cert 2020-08-16 23:36:42 -07:00
Peter Rifel 4d9f0128a3
Upgrade to klog2 
This splits up the kubernetes 1.19 PR to make it easier to keep up to date until we get it sorted out.
 2020-08-16 20:56:48 -05:00
John Gardiner Myers 9e99f76a6e Address review comments 2020-08-15 10:30:21 -07:00
John Gardiner Myers bec273ebf1 Implement signing of kubelet cert in kops-controller 2020-08-15 10:30:20 -07:00
John Gardiner Myers 9cfa169740 Add server code to kops-controller 2020-08-15 10:30:15 -07:00
John Gardiner Myers cfa262a81a Authenticate from nodeup to kops-controller 2020-08-15 09:50:08 -07:00
John Gardiner Myers 9c01e1f44d Send bootstrap query from nodeup to kops-controller 2020-08-15 09:50:08 -07:00
John Gardiner Myers 00c60ddff6 Add server code to kops-controller 2020-08-15 09:46:30 -07:00
Kubernetes Prow Robot 96ab8423b1
Merge pull request #9566 from hakman/arm64-images 
Add ARM64 support for masters
 2020-08-14 20:46:17 -07:00
Kubernetes Prow Robot ec8b47d725
Merge pull request #9593 from johngmyers/kubectl-lifetime 
Reduce the lifetime of exported kubecfg credentials
 2020-08-14 19:24:18 -07:00
Ciprian Hacman b913e35da6 Remove also the flagRootFS flag from NodeUp 2020-08-13 08:37:51 +03:00
Ciprian Hacman d70fb506e5 Remove unused FSRoot from NodeUp 2020-08-12 18:35:35 +03:00
Ole Markus With 9890839cec Add an integration test for openstack floating ip 
* Integration test for floatingip cluster
* Implements mocking of floatingIP (only list for now)
* Expands various cloudmocks
* Fixes an NPR in openstack validation
* Fixes a bug where kops tries to use DNS even if the cluster is gossip
 2020-08-12 12:59:30 +02:00
Kubernetes Prow Robot b7871e2e72
Merge pull request #9478 from bwagner5/feat-instance-selector 
Add instance-selector cmd to toolbox
 2020-08-11 14:15:45 -07:00
Brandon Wagner c4e2497a8a change defaults 2020-08-11 15:40:54 -05:00
Brandon Wagner e1136f6d9a fix new cli api for byte quantities 2020-08-10 17:13:43 -05:00
Brandon Wagner 602564d26c use byte quantity flag instead of int MiBs for memory args 2020-08-10 16:16:51 -05:00
Brandon Wagner 89c90c8b49 cpuarch amd64 is now supported in upstream lib 2020-08-10 16:16:51 -05:00
Brandon Wagner b4bc9b5d56 update cli docs for instance-selector 2020-08-10 16:16:51 -05:00
Brandon Wagner 2a33b98317 ove instance-group-name to arg like create ig 2020-08-10 16:16:51 -05:00
Brandon Wagner 1bb593aa1a move from zones input to subnets input 2020-08-10 16:16:51 -05:00
Brandon Wagner 8d81c225a9 pr comments 2020-08-10 16:16:51 -05:00
Brandon Wagner 9d9ca8441e feat toolbox instance-selector implementation 2020-08-10 16:16:51 -05:00
Brandon Wagner fe3671fff5 go.mod deps for feat toolbox instance-selector 2020-08-10 16:16:51 -05:00
Peter Rifel 6991655921
Add openstack integration test. 
This will create / update / update / delete an openstack cluster using cloudmock, ensuring there are no lingering changes reported or orphaned resources
 2020-08-10 15:22:49 -05:00
Ciprian Hacman 172031859d ARM64 support - Build multi-arch images 2020-08-10 13:47:07 +03:00
Kubernetes Prow Robot ea2d0da1cc
Merge pull request #8577 from justinsb/dump 
Capture logs from a kops cluster
 2020-08-09 17:18:19 -07:00
John Gardiner Myers 8258dcd395 Exempt OpenStack from the EnableExternalCloudController feature flag 2020-07-25 13:12:25 -07:00
Peter Rifel 40a25bd8ba
Expose private key as a flag 2020-07-24 20:15:45 -05:00
Peter Rifel 3f03094e79
Try to list nodes for dumping logs 2020-07-24 20:12:53 -05:00
Peter Rifel 1faeb36d37
Address feedback and test failures 2020-07-22 22:19:00 -05:00
John Gardiner Myers a45b07c156 Reduce the lifetime of exported kubecfg credentials 2020-07-17 22:39:01 -07:00
Kubernetes Prow Robot 022fec8606
Merge pull request #9471 from johngmyers/ig-per-zone 
Create one nodes instance group per zone
 2020-07-17 12:34:54 -07:00
John Gardiner Myers e9b8e4e39a Create zero-node IGs if more zones than nodes 2020-07-17 11:26:09 -07:00
John Gardiner Myers fbc235a3fe Create one nodes IG per zone 2020-07-17 11:26:09 -07:00
John Gardiner Myers 3201cc4dd8 Require extra flag when updating cluster with downgraded kops version 2020-07-17 11:11:12 -07:00
Kubernetes Prow Robot 6f3c067e5e
Merge pull request #9280 from olemarkus/no-admin 
Specify user on export kubecfg
 2020-07-17 11:00:51 -07:00
Justin Santa Barbara d8b69ab2e3
Capture logs from a kops cluster 
This is derived from the dumping code in kubetest.  If we want to run
tests outside of kubetest (e.g. upgrade tests), we're going to need
that functionality.
 2020-07-17 10:00:06 -05:00
Ciprian Hacman 827d8c041f Update mock version to 1.19.0-alpha.1 2020-07-08 18:31:18 +03:00
Ole Markus With aab5054ffc Add networking provider for using etcd-manager for cilium 
This is the only feasible way of adding the additional etcd cluster for a cilium e2e test
 2020-07-07 21:06:21 +02:00
John Gardiner Myers 03c5f4c024 Move remaining new cluster setup to pkg 2020-07-06 21:28:08 -07:00
Kubernetes Prow Robot f5c7003aff
Merge pull request #9509 from rifelpet/amazonvpc-docs 
Update AWS VPC CNI docs to use `--networking amazonvpc`
 2020-07-06 18:41:57 -07:00
Kubernetes Prow Robot 222756b35d
Merge pull request #9490 from johngmyers/newcluster-4 
Move more cluster creation code to NewCluster()
 2020-07-06 16:23:57 -07:00
Peter Rifel 7582109b23
Update AWS VPC CNI docs to use --networking amazonvpc 2020-07-06 17:40:21 -05:00
John Gardiner Myers d60eeabade Move topology setup to pkg 2020-07-03 10:49:50 -07:00
John Gardiner Myers de0e20ee7b Move network provider setup to pkg 2020-07-03 10:49:16 -07:00
John Gardiner Myers b4c3b38436 Move more cloud provider setup to pkg 2020-07-03 10:48:29 -07:00
Ole Markus With 263172caac Use new templates for cilium 1.8 2020-07-03 07:56:35 +02:00
Kubernetes Prow Robot 734a0eb5f3
Merge pull request #9415 from johngmyers/refactor-nodeup-2 
Continue moving InstanceGroup data to NodeupConfig
 2020-07-02 20:50:47 -07:00
Kubernetes Prow Robot 38195fbd41
Merge pull request #9467 from johngmyers/newcluster-3 
Move more cluster creation code to NewCluster()
 2020-07-02 17:02:47 -07:00
Ciprian Hacman a7c8d2087c Use github.com/blang/semver/v4 2020-07-01 08:54:42 +03:00
John Gardiner Myers f1a9297cb5 Move node setup to pkg and refactor 2020-06-30 22:45:38 -07:00
John Gardiner Myers a5b60ccac3 Move master setup to pkg and refactor 2020-06-30 21:52:06 -07:00
John Gardiner Myers a33acc0ae4 Move zone setup to pkg and refactor 2020-06-30 20:20:09 -07:00
John Gardiner Myers 56e5adc67e Move VPC setup into NewCluster() 2020-06-30 12:37:46 -07:00
John Gardiner Myers fe66b0011b Move CloudProvider determination into NewCluster() 2020-06-30 12:37:11 -07:00
John Gardiner Myers bd2890c0db Refactor more cluster creation code into NewCluster() 2020-06-30 12:37:10 -07:00
Ole Markus With d529afe637 Only enable nodeport by default if k8s is 1.12 or newer 2020-06-29 21:42:09 +02:00
Ole Markus With 4d1897ab90 Enable nodeport by default 2020-06-29 21:42:09 +02:00
John Gardiner Myers 44fb283e3f Move NodeLabels into the NodeupConfig 2020-06-28 18:52:03 -07:00
Kubernetes Prow Robot 679b9db9a1
Merge pull request #9422 from johngmyers/trim-loader 
Remove dead cloudup code
 2020-06-28 13:42:14 -07:00
Ole Markus With 72fd007acf Don't export admin user by default. Allow specifying existing user when exporting context 2020-06-24 19:54:25 +02:00
Kubernetes Prow Robot 028aad06ce
Merge pull request #9413 from johngmyers/create-pkg 
Start pushing create_cluster logic into pkg
 2020-06-24 05:57:16 -07:00
John Gardiner Myers a76a1cd127 Remove unused model options 2020-06-21 22:37:16 -07:00
Kubernetes Prow Robot 10553e143f
Merge pull request #9410 from johngmyers/refactor-lyft 
Refactor lyft config file to Go code
 2020-06-20 13:42:39 -07:00
John Gardiner Myers be6ff2adb7 Start pushing create_cluster logic into pkg 2020-06-20 12:46:35 -07:00
Kubernetes Prow Robot 8b371acef0
Merge pull request #9094 from olemarkus/vault-vfs 
Implement VFS for vault
 2020-06-20 12:02:39 -07:00
Kubernetes Prow Robot a5b47e9c18
Merge pull request #9407 from hakman/master-node-image 
Add master and node image options when creating a cluster
 2020-06-20 11:08:39 -07:00
Ciprian Hacman 279fd313ec Address review comments 
Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2020-06-20 19:33:42 +03:00
John Gardiner Myers 99c8c4b8fc Move apply logic down into pkg for import use 2020-06-19 23:51:41 -07:00
John Gardiner Myers 87a981093b Remove unused loading code from Loader 2020-06-19 23:30:56 -07:00
Peter Rifel 75ccf45eb7
Fold multiple integration test cases into the complex cluster test 
Each integration test cluster adds many LoC and some overhead in running the integration tests.
Since many of the tests are only testing a specific feature, it would be simpler to combine all of the non-mutually exclusive features into the complex cluster.
 2020-06-19 22:09:22 -05:00
Ciprian Hacman fa9b4ac217 Add master and node image options when creating a cluster 2020-06-19 22:23:05 +03:00
Peter Rifel 9eba72c2b4
Add a couple more "area" labels 2020-06-18 07:01:05 -05:00
Ole Markus With acaa1e1dfc Implement VFS for vault 2020-06-18 13:02:37 +02:00
Kubernetes Prow Robot eb39ab7349
Merge pull request #9355 from johngmyers/move-port 
Move host-network services off of port 8080
 2020-06-16 09:10:04 -07:00
John Gardiner Myers 0d74344a43 Remove the baremetal cloud provider 2020-06-14 10:38:29 -07:00
John Gardiner Myers 4bf8302f14 Move kube-apiserver-healthcheck to port 3990 2020-06-12 22:00:14 -07:00
Kubernetes Prow Robot 54d4a81ea8
Merge pull request #9289 from johngmyers/launch-template 
Use launch templates by default
 2020-06-11 13:40:57 -07:00
Ole Markus With 2abded190a Update cmd help text 2020-06-11 08:37:10 +02:00
John Gardiner Myers 3ce8dd165b Use launch templates by default 2020-06-10 09:34:48 -07:00
Peter Rifel ba62bbea74
Fix NPD when creating a kube-router cluster 2020-06-10 07:04:40 -05:00
Peter Rifel 0895218e3d
Disable kubeproxy when creating a kube-router cluster 2020-06-09 21:53:53 -05:00
Peter Rifel bc074e857c
Use ec2.DescribeInstanceTypes in awsup.GetMachineTypeInfo 
This requires passing a cloud object in additional places throughout the validation package and originating mostly from cmd/kops

This means that some kops commands now require valid cloud provider credentials, but I don't think this is an issue because the vast majority of use-cases already require the same cloud provider credentials in order to interact with the state store.
 2020-06-09 10:13:01 -05:00
ZouYu 2fc52ec6be fix some go-lint warning 
Signed-off-by: ZouYu <zouy.fnst@cn.fujitsu.com>
 2020-06-09 08:52:50 +08:00
Kubernetes Prow Robot d18e97140e
Merge pull request #9130 from johngmyers/pki-refactor 
Refactor cert issuance code
 2020-06-05 01:43:43 -07:00
John Gardiner Myers f9b0415093 Update generated files 2020-06-04 12:13:49 -07:00
John Gardiner Myers e88e0cf7ec Remove code supporting dropped k8s versions 2020-06-04 12:11:51 -07:00
John Gardiner Myers c142483cfa Move cert issuance code to pki module 2020-06-04 10:26:42 -07:00
Kubernetes Prow Robot c6dcaa8199
Merge pull request #9154 from MoShitrit/issue-9031 
Add support for encryption in Cilium
 2020-06-04 03:11:15 -07:00
Ole Markus With 991549a5f4 Remove support for Romana 2020-06-03 08:23:53 +02:00
Peter Rifel 0117881962
Remove redundant ValidateInstanceGroup call 
The `cloudup.PopulateInstanceGroupSpec` directly after this calls `ValidateInstanceGroup` so this first call is redundant.

This is minor cleanup to help simplify the aws instance type validation PR
 2020-06-02 22:01:02 -05:00
Zhou Hao deb90e4ea4 Add example for describe secret 
Signed-off-by: Zhou Hao <zhouhao@cn.fujitsu.com>
 2020-06-02 10:38:34 +08:00
Kubernetes Prow Robot 7b067983df
Merge pull request #9177 from olemarkus/remove-vsphere 
Remove vsphere cloud provider
 2020-06-01 06:19:54 -07:00
Justin SB ac36147372 GCE: fix typo 2020-05-31 23:37:16 -04:00
John Gardiner Myers 121cd926eb Remove unused file 2020-05-30 17:15:47 -07:00
Ole Markus With 7342525872 Remove vsphere from kops files 2020-05-30 13:36:55 +02:00
Kubernetes Prow Robot ba08b248f0
Merge pull request #9198 from q384566678/add-example 
Add example for delete secret
 2020-05-29 19:23:53 -07:00
Zhou Hao 6f1fcf1944 Add example for delete secret 
Signed-off-by: Zhou Hao <zhouhao@cn.fujitsu.com>
 2020-05-29 08:40:29 +08:00
Kubernetes Prow Robot 6830cf6d44
Merge pull request #9065 from johngmyers/remove-distro 
Remove support for CoreOS and Jessie
 2020-05-27 23:22:01 -07:00
MoShitrit 316a0e2b00 Adding encryption support for Cilium 
Adding support for 'secret-name' flag

Adding instructions to enable encryption

Updating docs for cli

Addressing comments

Adding ciliumpassword subcommand to 'kops create secret'

Updating command to generate ciliumpassword secret
 2020-05-25 01:54:24 -04:00
John Gardiner Myers 2d98e5609c Remove/fix more CoreOS references 2020-05-22 20:54:41 -07:00
Ole Markus With 6e04586361 Docs fixes 2020-05-22 08:08:58 +02:00
Ole Markus With e3055a6906 Inline supportsPrivateTopology 2020-05-22 08:08:58 +02:00
Ole Markus With eebb605c9c Remove as much of the classic networking logic as we can 2020-05-22 08:08:58 +02:00
Ole Markus With d1ff25bb4e Remove some rather long networking nil checks 2020-05-22 08:08:58 +02:00
Ole Markus With 95d2170fa6 Update networking in kops create 
* Remove classic from cli docs. Add missing providers
* Use cilium instead of weave in example since we don't consider weave stable
 2020-05-22 08:08:58 +02:00
John Gardiner Myers 8a6d29cd40 Remove support for reading legacy-format keypairs 2020-05-20 13:28:13 -07:00
Kubernetes Prow Robot 50a1a8edfb
Merge pull request #9121 from atmosx/master 
Add EC2 Instance LifeCycle label
 2020-05-15 11:17:37 -07:00
Panagiotis Atmatzidis 31acabf8cd
Add EC2 instance lifecycle label to nodes 
When using a "mixed instance policy"[1] instance group spot and onDemand nodes are part of the same
ASG. The ASG handles the percentage of spot vs onDemand instances. There are no annotations, EC2 tags or labels to identify which
instances are onDemand vs spot. There is a field called `InstanceLifecycle` accessible through `EC2.DescribeInstances`.

The field `InstanceLifecycle` is available only in `spot` and
`scheduled` AWS EC2 instance types.

This PR introduces a new label to be attached on AWS EC2 spot nodes.

The label is:

```
node-role.kubernetes.io/spot-worker: "true"
```

or

```
node-role.kubernetes.io/scheduled-worker: "true"
```

[^1]: https://github.com/kubernetes/kops/blob/master/docs/instance_groups.md#mixedinstancepolicy-aws-only
 2020-05-15 09:33:37 +03:00
John Gardiner Myers 154833e652 Fail cluster validation if too few nodes for ig's target size 2020-05-12 22:28:26 -07:00
Kubernetes Prow Robot 6e0aea35ce
Merge pull request #9108 from olemarkus/zsh-completion 
Fix zsh completion
 2020-05-12 06:14:21 -07:00
Jesse Haka b242c44dd2 use v3 api in kubernetes also 2020-05-11 08:17:47 +03:00
Ole Markus With 520ba275f3 Fix zsh completion 2020-05-10 15:40:54 +02:00