kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
20,196 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

1298 Commits

Author SHA1 Message Date
Ole Markus With 8423d49bf3 Add control-plane taint and remove master node-role label 2022-04-18 13:56:13 +02:00
Ole Markus With ce2e877aeb Remove bazel files from vendor 2022-04-12 13:29:03 +02:00
John Gardiner Myers aff5f587f3 Move Openstack settings to cloudProvider.openstack 2022-04-07 10:04:19 -07:00
Kubernetes Prow Robot 5cbb338528
Merge pull request #13065 from johngmyers/move-azure 
Move Azure settings to cloudProvider.azure
 2022-04-07 09:37:57 -07:00
Ciprian Hacman 759172c3f0 Use k8s.gcr.io for k8s side-loaded images 
Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
 2022-03-23 12:15:57 +02:00
Ciprian Hacman 30404d64a2 Run hack/update-expected.sh 
Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
 2022-03-18 09:01:59 +02:00
John Gardiner Myers 591dd1aba9 Move Azure settings to cloudProvider.azure 2022-03-03 15:18:23 -08:00
John Gardiner Myers cac727c357 Make cloudProvider a struct in v1alpha3 API 2022-03-02 21:59:49 -08:00
John Gardiner Myers 70f7d9bdb2 Use function to get cloud provider from cluster spec 2022-03-02 21:59:47 -08:00
Vivek Jain 503b73747d
Append policy config map arguments only if UsePolicyConfigmap is true (#13308) 
* check if UsePolicyConfigMap flag is true

* use suggested changes

Co-authored-by: Ciprian Hacman <ciprian@hakman.dev>

Co-authored-by: Ciprian Hacman <ciprian@hakman.dev>
 2022-03-02 20:44:48 -08:00
Kubernetes Prow Robot 49776c1924
Merge pull request #13264 from h3poteto/iss-13245 
Disable some flags in kube-apiserver when logging-format is not text
 2022-02-17 01:05:36 -08:00
AkiraFukushima 313cc69127
Disable some flags in kube-apiserver when logging-format is not text 
Disable these flags because these are not accepted.
* --logtostderr
* --alsologtostderr
* --log-file
 2022-02-17 00:41:06 +09:00
Ciprian Hacman 5746093297 Install contained from the release package 
Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
 2022-02-14 11:27:26 +02:00
Ole Markus With 19bce47653 Fix nilpointer when graceful shutdown is not configured 2022-02-13 21:11:07 +01:00
Ciprian Hacman dfd0f49594 Install runc from opencontainers/runc 
Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
 2022-02-12 14:02:43 +02:00
Ole Markus With 2625264fe5 Add support for graceful node shutdown 
Update docs/cluster_spec.md

Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>
 2022-02-11 20:51:02 +01:00
Ole Markus With 66e3202f34 Fix CSI migration feature gates 
We had a bug for KCM feature gate, and the scheuler and apiserver gate was missing entirely.
 2022-02-04 15:29:28 +01:00
Ciprian Hacman 68b4611066 Clean up kubelet networking flags for dockershim 
Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
 2022-01-19 17:36:18 +02:00
Ciprian Hacman bf82a8f260 Update pause image to v3.6 
Signed-off-by: Ciprian Hacman <ciprian@hakman.dev>
 2022-01-19 13:00:36 +02:00
justinsb 45ad8b50ae Enhance AddHostPathMapping to support a fluent style 
This allows for the helper to be used in more places.
 2021-12-31 13:26:12 -05:00
Kubernetes Prow Robot 47e6acd09f
Merge pull request #13039 from olemarkus/kube-proxy-label 
Add managed-by label to static kube-proxy pods
 2021-12-27 16:26:18 -08:00
Ole Markus With 8794b84368 Add managed-by label to static kube-proxy pods 2021-12-27 17:23:28 +01:00
Ole Markus With 4a1e43526f Kube components log to stdout 2021-12-27 14:59:06 +01:00
Kubernetes Prow Robot 2f31054e19
Merge pull request #13007 from hakman/skip_non-masquerade-cidr 
Use kubelet --non-masquerade-cidr only for Docker with kubenet
 2021-12-21 18:49:36 -08:00
Kubernetes Prow Robot 28dc7d2815
Merge pull request #12917 from olemarkus/cgroups 
Create cgroups for kube and runtime if configured
 2021-12-20 12:53:33 -08:00
justinsb 8d7f4485db staticcheck cleanup: fixup nodeup/pkg/model 
These pop up in VSCode and are pretty simple to fix:

```
nodeup/pkg/model/cloudconfig_test.go:86:17: possible nil pointer dereference (SA5011)
        nodeup/pkg/model/cloudconfig_test.go:83:5: this check suggests that the pointer can be nil
nodeup/pkg/model/cloudconfig_test.go:155:17: possible nil pointer dereference (SA5011)
        nodeup/pkg/model/cloudconfig_test.go:152:5: this check suggests that the pointer can be nil
nodeup/pkg/model/sysctls.go:172:12: error strings should not be capitalized (ST1005)
nodeup/pkg/model/sysctls.go:184:12: error strings should not be capitalized (ST1005)
nodeup/pkg/model/volumes.go:59:11: error strings should not be capitalized (ST1005)
```
 2021-12-20 10:36:54 -05:00
Ole Markus With 166860b668 Create cgroups for kube and runtime if configured 2021-12-20 13:36:45 +01:00
Ciprian Hacman cb6d424675 Use kubelet --non-masquerade-cidr only for Docker with kubenet 2021-12-20 08:47:02 +02:00
Robbie Lankford b5b87b19af
remove ineffectual assignment; this codeblock should likely have been removed with commit e19a1bbad9 2021-12-12 18:16:42 -06:00
John Gardiner Myers c5e1dea184 Remove code for no-longer-supported k8s version 2021-12-11 16:30:51 -08:00
John Gardiner Myers ed5eb8c034 hack/update-expected.sh 2021-12-11 15:50:46 -08:00
John Gardiner Myers 63955f84d9 Bump unsupported k8s version for tests 2021-12-11 15:50:46 -08:00
Kubernetes Prow Robot c073ff595b
Merge pull request #12923 from justinsb/nodeup_store_cloudprovider 
nodeup: store the CloudProvider in the context
 2021-12-11 08:37:57 -08:00
justinsb 03cbb0381b tests: Improve logging on test failure 
I encountered a test failure that was hard to track down; this
additional logging on failure helped me figure it out.
 2021-12-11 09:17:08 -05:00
justinsb 8220211655 nodeup: store the CloudProvider in the context 
This is a bit simpler than fetching it from the cluster every time,
and also can allow things like mixed-cloud clusters (in future).
 2021-12-11 09:16:03 -05:00
Ole Markus With 2088849768 Do not set insecure port on k8s 1.20+ 2021-12-11 12:44:56 +01:00
Kai Lueke d93033ae75 Simplify Flatcar containerd exec command 
The containerd command used in
https://github.com/kubernetes/kops/pull/12177 is a modification from
the torcx containerd unit. However, how torcx starts containerd is a
implementation detail and it's better to not hardcode torcx in case it
isn't used anymore.
Change the ExecStard command to use /usr/bin/containerd directly,
making it simpler and more future-proof.
 2021-12-06 14:07:39 +01:00
Kubernetes Prow Robot f7e66049d6
Merge pull request #12862 from johngmyers/instanceid-nodename 
Use instance ID as node name when AWS CCM supports it
 2021-12-05 14:58:32 -08:00
justinsb 4cf52d0e51 GCE: Support kops-controller, including in gossip mode 
We discover the kops-controller in gossip mode using seeding code that
calls into the GCE API, just like gossip itself does.

We refactor the gossip code into a shared gcediscovery library with
minimal dependencies.
 2021-12-04 11:51:41 -05:00
Kubernetes Prow Robot 576dc1946a
Merge pull request #12883 from hakman/k8s-1.23.0-rc.0 
Update k8s dependencies to v1.23.0-rc.0
 2021-12-03 20:48:33 -08:00
Ciprian Hacman 1f5a814d3a Replace Handler with ProbeHandler for container probes 2021-12-03 22:57:43 +02:00
Ciprian Hacman e19a1bbad9 Remove support for RHEL/CentOS 7 2021-12-03 21:40:10 +02:00
Ciprian Hacman 45094241f6 Remove support for Ubuntu 16.04 2021-12-03 21:28:12 +02:00
Ciprian Hacman ea7df00719 Run hack/update-gofmt.sh 2021-12-01 22:39:50 +02:00
John Gardiner Myers 73f164e229 Use instance ID as node name when AWS CCM supports it 2021-11-30 17:54:54 -08:00
Ole Markus With f2f9b9dcbb Determine hostnameOverride entirely in nodeup instead of passing in cloud placeholders from cloudup 2021-11-30 13:29:54 +01:00
Ole Markus With 91b40385e6 Remove redundant evaluation of hostnameOverride 
The override is already resolved in upup/pkg/fi/nodeup/command.go
 2021-11-30 11:22:02 +01:00
John Gardiner Myers ef754ce71f Make requests and limits be *resource.Quantity 2021-11-29 22:50:31 -08:00
Kubernetes Prow Robot 2b059a06d3
Merge pull request #12844 from bwagner5/metadata-hostname 
Use AWS metadata to retrieve local-hostname in nodeup
 2021-11-27 07:10:41 -08:00
Brandon 652eea951c update bazel 2021-11-26 23:33:51 -06:00
Brandon 4bc48fc7b6 use metadata to retrieve instance hostname in nodeup 2021-11-26 19:24:04 -06:00
John Gardiner Myers e4bad43098 Reverse the sense of hook enablement in v1alpha3 2021-11-25 18:45:13 -08:00
Kubernetes Prow Robot 0e56286aa3
Merge pull request #12816 from johngmyers/rename-fields-2 
Rename fields to fit acronym conventions
 2021-11-24 23:14:33 -08:00
John Gardiner Myers 03157c5894 hack/update-expected.sh 2021-11-24 17:46:00 -08:00
Kubernetes Prow Robot a8289da46e
Merge pull request #12789 from WeTransfer/dnsopt 
Add support for --dns flag in Docker config
 2021-11-24 08:18:20 -08:00
John Gardiner Myers b9ac79ec6e Rename fields in v1alpha3 networking API to fit acronym convention 2021-11-22 08:07:55 -08:00
John Gardiner Myers f4d2cb0437 Rename fields in v1alpha3 keyset API to fit acronym convention 2021-11-22 08:07:55 -08:00
John Gardiner Myers f65ba3d9cd Rename fields in v1alpha3 componentconfig API to fit acronym convention 2021-11-21 16:16:32 -08:00
John Gardiner Myers 5a42c10fd3 Rename fields in v1alpha3 cluster API to fit acronym convention 2021-11-21 16:16:32 -08:00
Jeff Wolski a9ecfa47b5 Add support for --dns flag in Docker config 
This commit adds support for the --dns flag which is provided as a
Docker daemon startup flag. The flag is used to set the IP address of
the DNS server that the daemon injects into containers. Multiple --dns
flags are supported.
 2021-11-19 10:02:12 +01:00
Kubernetes Prow Robot 6c6ea761b0
Merge pull request #12712 from rifelpet/kube-proxy-go-runner 
Migrate kube-proxy manifest to use go-runner for logging
 2021-11-18 06:15:02 -08:00
Kubernetes Prow Robot 2c9183509d
Merge pull request #12699 from zetaab/hostnamesuffix 
Add ingress hostname suffix configurable to kOps
 2021-11-16 07:13:27 -08:00
Ole Markus With bb490decb5 Do not return error when there is no error checking for cgroupfs 2021-11-15 11:15:55 +01:00
Kubernetes Prow Robot 0176f079e7
Merge pull request #12726 from johngmyers/revert-leader-migration 
Revert leader migration
 2021-11-12 22:50:48 -08:00
John Gardiner Myers 561b562a65 Revert "Update automatically generated files" 
This reverts commit 3d5d5b38d6.
 2021-11-12 22:07:18 -08:00
Eng Zer Jun 425173ae9f
refactor: move from io/ioutil to io and os packages 
The io/ioutil package has been deprecated as of Go 1.16, see
https://golang.org/doc/go1.16#ioutil. This commit replaces the existing
io/ioutil functions with their new definitions in io and os packages.

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
 2021-11-12 15:37:18 +08:00
Peter Rifel 90d9b4e54e
Migrade kube-proxy manifest to use go-runner for logging 2021-11-11 17:14:40 -06:00
Jesse Haka 5a5390335e fix 2021-11-09 10:40:30 +02:00
Jesse Haka 5af63f0fe8 Add ingress hostname suffix configurable to kOps 2021-11-09 10:22:05 +02:00
Kubernetes Prow Robot e230cc95aa
Merge pull request #12676 from johngmyers/leader-migration 
Migrate to AWS CCM in k8s 1.24
 2021-11-05 23:14:51 -07:00
Ciprian Hacman 5ec40c0c32 Use chrony for synchronizing time in Ubuntu 2021-11-04 10:20:41 +02:00
John Gardiner Myers 3d5d5b38d6 Update automatically generated files 2021-11-02 23:08:03 -07:00
Peter Rifel 3442f95d59
Revert "Migrade kube-proxy manifest to use go-runner for logging" 
This reverts commit b0e585c751.
 2021-11-02 06:48:01 -05:00
Peter Rifel b0e585c751
Migrade kube-proxy manifest to use go-runner for logging 2021-11-01 17:01:19 -05:00
Ciprian Hacman d1375353b0 Enable Router Advertisements for Debian 11 on ens* interfaces 2021-10-31 15:16:10 +02:00
John Gardiner Myers 5447fa62e0 Prohibit masquerading in IPv6 clusters 2021-10-30 12:57:07 -07:00
Ciprian Hacman 91e215de96 Enable Router Advertisements for Debian 11 2021-10-30 10:22:43 +03:00
John Gardiner Myers 7cb4fbe91e Never masquerade IPv6 with Cilium 2021-10-27 23:40:02 -07:00
Ciprian Hacman 2f4bdde429 Respect any MaxPods value the user sets explicitly 
even for AWS VPC CNI.
 2021-10-25 06:39:34 +03:00
Kubernetes Prow Robot 03044b79a6
Merge pull request #12587 from justinsb/chrony_on_ubuntu_gce 
GCE: use chrony on Ubuntu + GCE
 2021-10-23 14:02:21 -07:00
Kubernetes Prow Robot 6cf33f74a0
Merge pull request #12554 from justinsb/nodeup_gossip_seed 
gossip: Seed /etc/hosts in nodeup
 2021-10-23 13:16:32 -07:00
justinsb f54cf000fd GCE: use chrony on Ubuntu + GCE 
Ubuntu on GCE has systemd-timesyncd masked, and recommends (and
preconfigures) chrony instead.
 2021-10-23 13:36:50 -04:00
justinsb 71264d5fec gossip: Seed /etc/hosts in nodeup 
In some scenarios (e.g. cilium), we rely on the internal DNS name
being available, but this isn't the case with gossip clusters.

nodeup can seed /etc/hosts for the control-plane nodes, breaking the
deadlock.
 2021-10-19 09:26:07 -04:00
justinsb c34fd83365 Add SystemGeneration to channel version tracker 
This allows us to reapply a manifest when we introduce new
functionality, such as pruning.

Otherwise an old version can apply the manifest, mark the manifest as
applied, and we won't reapply.
 2021-10-15 17:47:13 -04:00
Jesse Haka 43c5c9f9ab Enable ingress hostname feature for OpenStack 2021-10-12 10:12:41 +03:00
John Gardiner Myers 7963b9b9ec Remove some unused fields from v1alpha3 componentconfig 2021-10-07 23:29:53 -07:00
Kubernetes Prow Robot fcfdbab4b1
Merge pull request #12420 from justinsb/gce_tpm 
Support GCE TPM verification
 2021-10-06 23:33:47 -07:00
Peter Rifel f176380550
./hack/update-expected.sh 2021-10-06 08:11:04 -05:00
Peter Rifel db639664a1
Replace klog flags with go-runner in k8s 1.23 
These flags have been deprecated, see https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/2845-deprecate-klog-specific-flags-in-k8s-components
 2021-10-06 08:10:20 -05:00
justinsb 4dc2c062fd Support GCE TPM verification 2021-10-06 08:40:20 -04:00
Ciprian Hacman 71a0bcf353 Add kubescheduler.config.k8s.io/v1beta2 for k8s 1.22+ 2021-10-05 10:27:02 +03:00
John Gardiner Myers 0fd4dca30e Remove dead code 2021-10-02 20:58:55 -07:00
Ciprian Hacman 290d3d3e3d Remove unnecessary sysctl "net.ipv6.conf.all.accept_ra=2" 2021-10-02 08:07:04 +03:00
Peter Rifel 7ce1cdc065
Set kubelet's --no-ip on IPv6-only clusters 2021-09-30 09:20:33 -05:00
Peter Rifel 724804025b
./hack/update-expected.sh 2021-09-30 09:20:33 -05:00
Peter Rifel 88ddff3baf
Use separate cloud.config files for in-tree vs out-of-tree components 2021-09-30 09:20:33 -05:00
Kubernetes Prow Robot b9d5e37e1f
Merge pull request #12431 from olemarkus/cilium-al2 
Mount cgroupv2 for cilium at a custom location
 2021-09-28 07:14:43 -07:00
Ole Markus With 39178703c8 Mount cgroupv2 for cilium at a custom location 2021-09-27 19:29:36 +02:00
justinsb fad6db8beb Refactor bootstrap verifier/authenticator into its own package 
No code changes, but this avoids a circular package dependency that we
would otherwise introduce in the GCE logic.
 2021-09-26 09:43:53 -04:00
Ole Markus With fed0c16085 Revert "Remove unneeded network related sysctls" 
This reverts commit ce08ec68df.
 2021-09-25 08:24:47 +02:00
Peter Rifel ca044455a3
Remove critical-pod scheduler annotation. 
This is no longer recognized in all supported k8s versions (1.16+)

ea07644522/CHANGELOG/CHANGELOG-1.16.md (deprecations-and-removals)
 2021-09-22 21:14:50 -05:00
Ciprian Hacman ce08ec68df Remove unneeded network related sysctls 2021-09-22 06:51:10 +03:00
Ole Markus With a3a2a9c3bf Have nodeup assign an ipv6 prefix 2021-09-16 19:28:07 +02:00
Ole Markus With 29771b73c1 Use TLS for kubescheduler health check as of k8s 1.23 2021-09-16 07:46:16 +02:00
Kubernetes Prow Robot 3fd7b446c0
Merge pull request #12305 from hakman/node_ip_families 
Make AWS CCM NodeIPFamilies configurable
 2021-09-12 06:26:14 -07:00
Kubernetes Prow Robot 1b431b4c9c
Merge pull request #11628 from olemarkus/gpu-runtime 
Pre-install nvidia container runtime + drivers on GPU instances
 2021-09-11 13:00:07 -07:00
Ciprian Hacman dde08e839d Make AWS CCM NodeIPFamilies configurable 2021-09-11 13:09:08 +03:00
Ole Markus With f5fed2a08d Move nvidia config under containerd 2021-09-05 20:28:07 +02:00
Ole Markus With 4ab75b01cb Have instances learn about their GPU capabilities 2021-09-05 20:09:04 +02:00
Ole Markus With 2d013e460c Install nvidia container runtime 2021-09-05 20:09:04 +02:00
Ciprian Hacman 58fb2676eb Fix kernel parameter for IPv6 forwarding 2021-09-05 09:35:35 +03:00
Ole Markus With ec2dcfca48 Set NodeIPFamilies in ipv6 mode 2021-09-03 08:31:09 +02:00
Kubernetes Prow Robot c7eb08c76f
Merge pull request #12193 from olemarkus/protect-kernel-defaults 
Enable protect-kernel-defaults by default and set the correct sysctls in nodeup
 2021-09-02 04:42:09 -07:00
Ole Markus With 18faee636f Set kube-apiserver as default logs container 
Apply suggestions from code review

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2021-09-02 08:29:30 +02:00
John Gardiner Myers 01dd7d562e hack/update-expected.sh 2021-08-29 14:19:02 -07:00
John Gardiner Myers 62c4ce4d93 Move bootstrap RBAC from protokube to core bootstrap addon 2021-08-29 12:36:21 -07:00
John Gardiner Myers a6de058dc3 hack/update-expected.sh 2021-08-28 13:49:55 -07:00
John Gardiner Myers be8933b577 Remove code for unsupported features 2021-08-28 13:49:55 -07:00
John Gardiner Myers 6655022ce1 Remove support for the Lyft CNI 2021-08-28 11:54:39 -07:00
Ole Markus With ad16042a1f Add IPs to kubelet server cert 
Since AWS does not resolve instance hostnames to ipv6, ipv6-only pods that talk to kubelet API has to use node IP, not hostname. Thus we need to add IPs to kubelet server cert.
 2021-08-26 20:54:02 +02:00
Ole Markus With 4ef0172ee9 Enable protect-kernel-defaults by default and set the correct sysctls in nodeup 2021-08-23 11:48:20 +02:00
Ciprian Hacman 84bdfd900d Hardcode Flatcar containerd exec command 2021-08-19 09:50:08 +03:00
Ole Markus With ab596a49bc Enable ipv6 forwarding and router announcements 2021-08-11 11:09:29 +02:00
Reilly Brogan 13e2b54abc Debian 11: python-apt is not available 2021-08-10 14:33:48 -05:00
Ole Markus With f1a8565024 Fix disabling unattended upgrades 
Current default AMIs pre-install and pre-configure unattended upgrades.
We therefor need to explicitly disable it if the update policy requires
it.
 2021-08-10 12:51:49 +02:00
Ole Markus With 820683bba0 Test if update_service behaves as intended 2021-08-10 12:51:44 +02:00
John Gardiner Myers beb9741943 hack/update-expected.sh 2021-07-22 21:00:03 -07:00
John Gardiner Myers 3a53fdb139 Provision TLS server certs for controller-manager and scheduler 2021-07-22 20:59:58 -07:00
John Gardiner Myers cfd1582b0d Use kubeconfig for authentication and authorization as well 2021-07-21 19:24:06 -07:00
John Gardiner Myers 8416bd0c39 hack/update-expected.sh 2021-07-17 14:25:19 -07:00
John Gardiner Myers 526dd38e16 Remove apiserver's access to controller-manager secrets 2021-07-17 14:25:19 -07:00
John Gardiner Myers 226380bf5b Refactor legacy etcd manager etcd-client keypair 2021-07-17 14:25:19 -07:00
Kubernetes Prow Robot 67cfa9d4d4
Merge pull request #12003 from johngmyers/apiserver-server-cert 
Refactor more kube-apiserver credentials
 2021-07-17 13:52:50 -07:00
John Gardiner Myers 12c988160c hack/update-expected.sh 2021-07-16 23:12:22 -07:00
John Gardiner Myers 7c1ed8de66 Refactor kube-apiserver kubelet-api certificate 2021-07-16 23:07:14 -07:00
John Gardiner Myers 68bb8f5ddb Refactor kube-apiserver static credentials 2021-07-16 22:55:50 -07:00
John Gardiner Myers 781b302fac hack/update-expected.sh 2021-07-16 22:46:41 -07:00
John Gardiner Myers c8b1a586b8 Refactor kube-apiserver server certificate 2021-07-16 22:42:23 -07:00
John Gardiner Myers 3282549577 Issue kubelet cert on apiserver nodes for k8s before 1.19 2021-07-16 10:13:20 -07:00
John Gardiner Myers 3ae5413f63 Use keypair IDs for non-kops-controller-issued worker node certs 2021-07-15 14:04:48 -07:00
John Gardiner Myers 10692bc2f4 hack/update-expected.sh 2021-07-14 08:19:10 -07:00
John Gardiner Myers 191df58267 Verify CA keypair IDs for kops-controller-issued certs 2021-07-14 08:15:28 -07:00
Ole Markus With c17ec3a7e7 Move containerd config from cloudup to nodeup 2021-07-14 10:28:37 +02:00
John Gardiner Myers 9dbf3479d6 Stop writing the certificate-only keyset.yaml 2021-07-11 11:16:11 -07:00
Kubernetes Prow Robot 73b1bce020
Merge pull request #11975 from johngmyers/refactor-legacy 
Issue certs using CA KeypairID in NodeupConfig
 2021-07-11 01:56:47 -07:00
Kubernetes Prow Robot a3daff9343
Merge pull request #11971 from johngmyers/rotate-all 
Add "all" variants of key rotation commands
 2021-07-11 00:30:46 -07:00
John Gardiner Myers 61606868ab hack/update-expected.sh 2021-07-10 23:23:13 -07:00
John Gardiner Myers 68041a4f73 Issue certs using CA KeypairID in NodeupConfig 2021-07-10 23:23:12 -07:00
John Gardiner Myers 6ddccf5f79 Refactor some users of FindPrimaryKeypair 2021-07-10 23:23:12 -07:00
John Gardiner Myers 6f06661a68 Use narrower interface type 2021-07-10 23:23:12 -07:00
John Gardiner Myers a33a30a859 Refactor out some legacy interfaces 2021-07-10 23:23:12 -07:00
John Gardiner Myers a63e65038f hack/update-expected.sh 2021-07-10 17:31:59 -07:00
John Gardiner Myers d58a19e1bd Refactor service-account signing key 2021-07-10 17:31:59 -07:00
John Gardiner Myers 5a2aac4cfd Add "all" variants of key rotation commands 2021-07-10 05:51:31 -07:00
John Gardiner Myers 6846ef3a80
Fix function comment 
Co-authored-by: Ole Markus With <olemarkus@gmail.com>
 2021-07-09 23:50:02 -07:00
John Gardiner Myers c35d101a89 Refactor keysets for etcd-manager 2021-07-08 18:46:03 -07:00
Ciprian Hacman 0ed8942835 Add log rotation for etcd-cilium.log 2021-07-07 08:31:08 +03:00
John Gardiner Myers 5834fc2690 hack/update-expected.sh 2021-07-03 17:33:13 -07:00
John Gardiner Myers 921d09523e Rename the "ca" keyset to "kubernetes-ca" 2021-07-03 17:33:13 -07:00
Peter Rifel c5fbcccfa6
Update pause image to 3.5 2021-07-02 06:40:27 -04:00
John Gardiner Myers 5c5969d102 hack/update-expected.sh 2021-07-01 22:25:51 -07:00
John Gardiner Myers 1e0c6cb1aa Refactor apiserver-aggregator-ca 2021-07-01 22:25:47 -07:00
John Gardiner Myers 7162a7473a Remove dead code 2021-07-01 13:58:51 -07:00
John Gardiner Myers 0f1de5cfc8 hack/update-expected.sh 2021-06-30 18:55:35 -07:00
John Gardiner Myers 3de05a500e Refactor etcd-clients-ca keyset for api-server 2021-06-30 18:55:30 -07:00
John Gardiner Myers 7dfe9d82ab hack/update-expected.sh 2021-06-27 08:45:06 -07:00
John Gardiner Myers e1df9f09dd Refactor service-account public keys 2021-06-27 08:45:06 -07:00
John Gardiner Myers 20ca7082d7 hack/update-expected.sh 2021-06-27 08:45:05 -07:00
John Gardiner Myers 7e0c6acbad Take poorly formed keypair out of tests 2021-06-27 08:45:05 -07:00
John Gardiner Myers 60ae29c93c Refactor EncryptionConfig 2021-06-27 08:45:05 -07:00
John Gardiner Myers fdf034058d hack/update-expected.sh 2021-06-27 08:45:05 -07:00
John Gardiner Myers 1312163edd Update nodes with an APIServer when APIServer spec changes 2021-06-27 08:45:04 -07:00
John Gardiner Myers 5de6d16e76 Catch calls to GetBootstrapCert from control plane 2021-06-26 00:04:52 -07:00
John Gardiner Myers 2faf28379a Refactor etcd-client-cilium secrets 2021-06-25 23:57:23 -07:00
John Gardiner Myers 1752f0f4db Move most of nodeup.Config out of userdata 2021-06-25 22:25:49 -07:00
John Gardiner Myers c132ae1520 Move fields from AuxConfig to nodeup.Config 2021-06-25 18:41:29 -07:00
Ciprian Hacman d7f405f65a Decrease default values for net.ipv4.tcp_rmem and net.ipv4.tcp_wmem 2021-06-25 21:27:56 +03:00
Kubernetes Prow Robot 0e4d766deb
Merge pull request #11852 from hakman/hooks-containerd 
Handle containerExec hooks when using containerd
 2021-06-23 23:27:40 -07:00
Ciprian Hacman cf19ba343b Handle containerExec hooks when using containerd 2021-06-24 07:42:53 +03:00
Ciprian Hacman cb179b3b62 Pre-add hooks integration test 2021-06-24 06:38:20 +03:00
John Gardiner Myers 1e89064be3 Refactor kube-controller-manager secrets 2021-06-22 22:32:52 -07:00
Kubernetes Prow Robot d5119c0338
Merge pull request #11833 from johngmyers/update-on-primary-change 
Mark nodes NeedsUpdate when keys they use change
 2021-06-22 08:11:58 -07:00
John Gardiner Myers 366210d189 Remove dead code 2021-06-21 21:45:55 -07:00
John Gardiner Myers a83bf7b20f Mark nodes NeedsUpdate when keys they use change 2021-06-21 19:37:23 -07:00
Kubernetes Prow Robot 9a0e90e1ed
Merge pull request #11824 from johngmyers/remove-kubeup 
Remove support for importing and converting kubeup clusters
 2021-06-21 12:46:50 -07:00
John Gardiner Myers fc94505a76 Include multiple certs in aws-iam-authenticator trust bundle 2021-06-21 07:35:50 -07:00
John Gardiner Myers 002a1f7fd3 Remove 'kops toolbox convert-imported' 2021-06-21 07:34:29 -07:00
Kubernetes Prow Robot ab0ee8a2a9
Merge pull request #11823 from johngmyers/get-keypairs-2 
Improve the output of 'kops get keypairs'
 2021-06-21 02:19:10 -07:00
John Gardiner Myers 1ed3619362 Improve the output of 'kops get keypairs' 2021-06-20 15:51:09 -07:00
Ciprian Hacman 904f21cd77 Remove previous implementation of pre-pulling container images 2021-06-20 23:01:52 +02:00
Ciprian Hacman 65d21ee463 Pre-pull container images from list of desired prefixes 2021-06-20 23:01:52 +02:00
John Gardiner Myers 204a134a7d Include multiple CA certificates in the common trust store 2021-06-19 10:56:30 -07:00
John Gardiner Myers c337d217ba Refactor kops-controller to use FindPrimaryKeypair and use consistent filenames 2021-06-19 10:56:29 -07:00
John Gardiner Myers 6b9aebae88 Include multiple CA certificates in bootstrap kubeconfigs 2021-06-19 10:56:29 -07:00
John Gardiner Myers 0dee785ebf Pass multiple CA certs to kops-controller client 2021-06-19 10:50:53 -07:00
John Gardiner Myers e0d9259be1 Remove dead code 2021-06-19 10:50:52 -07:00
John Gardiner Myers 42bf3ee85b Seed the random number generator on AWS 2021-06-17 22:59:43 -07:00
Kubernetes Prow Robot d35bce0ff8
Merge pull request #11764 from olemarkus/cilium-etcd-fix 
Don't try to build etcd-manager secrets for cilium twice
 2021-06-17 00:14:20 -07:00
Ole Markus With f80b550c7a Use internal name for cilium etcd if we do not enable api server nodes 2021-06-16 08:27:26 +02:00
Ole Markus With a3cfe8d098 Don't try to build etcd-manager secrets for cilium twice 2021-06-15 12:42:11 +02:00
Ole Markus With e7fa3fa82c Set containerd config on nodeup.Config instead of clusterspec 
This allows us to set a default containerd config per IG (e.g add a different config for GPU IGs)

Can also be considered a cleanup as we no longer use containerd.overrideConfig as a mechanism for bringing the default containerd config from cloudup to nodeup.
 2021-06-15 11:08:22 +02:00
Kubernetes Prow Robot b71ba1d566
Merge pull request #11219 from johngmyers/refactor-keypair 
Refactor keypair code in preparation for secret rotation
 2021-06-12 14:25:00 -07:00
Kubernetes Prow Robot cfc93e5178
Merge pull request #9294 from johngmyers/refactor-nodeup-context 
Remove InstanceGroup from NodeupModelContext
 2021-06-12 13:43:01 -07:00
Ole Markus With 224cae1113 Only warm-pull images used by the CSI DS 
Pulling the Deployment images serves no purpose as they tend not to run on normal nodes
 2021-06-10 09:28:53 +02:00
Ole Markus With c162013a3c Use quay images for cilium 2021-06-08 23:01:08 +02:00
John Gardiner Myers e0915887ed Move asset copying out of apply_cluster 2021-06-05 21:17:50 -07:00
John Gardiner Myers 12465ac27c Simplify extraction of service-account public keys 2021-06-05 16:38:28 -07:00
John Gardiner Myers fa77f8b964 Rename fi.Keystore.StoreKeypair to StoreKeyset 2021-06-05 16:38:26 -07:00
John Gardiner Myers 2300d89591 Rename pki.FindKeypair to FindPrimaryKeypair 2021-06-05 16:38:26 -07:00
John Gardiner Myers ed1f6ff79e Refactor StoreKeypair and AddCert 2021-06-05 16:38:25 -07:00
John Gardiner Myers 0364a3af25 Refactor FindKeypair interfaces 2021-06-05 16:38:24 -07:00
John Gardiner Myers 6b2250a9af Have apiserver trust all service-account keys 2021-06-05 16:38:08 -07:00
John Gardiner Myers b45c0b4489 Remove InstanceGroup from NodeupModelContext 2021-06-03 21:27:01 -07:00
John Gardiner Myers 14ab4a3453 Move UpdatePolicy into NodeConfig 2021-06-03 21:20:56 -07:00
John Gardiner Myers 59c8826b17 Move FileAssets into the NodeupAuxConfig 2021-06-03 21:20:55 -07:00
John Gardiner Myers 06658c9d13 Move Hooks into the NodeupAuxConfig 2021-06-03 21:09:45 -07:00
John Gardiner Myers c3c1aca3c1 Include AuxConfig output in TestBootstrapUserData 2021-06-03 21:09:45 -07:00
John Gardiner Myers 2e1629c610 Introduce nodeup.AuxConfig 2021-06-03 20:37:22 -07:00
Kubernetes Prow Robot c62090fc6c
Merge pull request #11552 from hakman/etcd-events-tests 
Add etcd-server related tests
 2021-05-21 09:29:35 -07:00
Ciprian Hacman 48ef1555bb Add etcd-server related tests for kube-apiserver 2021-05-21 18:53:54 +03:00
Ciprian Hacman f4ec3df187 Prepare etcd-server related tests for kube-apiserver 2021-05-21 18:53:54 +03:00
Ole Markus With 46e13c0009 Bump snapshot-controller version 
Update upup/models/cloudup/resources/addons/storage-aws.addons.k8s.io/v1.15.0.yaml.template

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>

Update upup/models/cloudup/resources/addons/storage-aws.addons.k8s.io/v1.15.0.yaml.template

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2021-05-21 15:40:40 +02:00
Alexander Block bb52334222 Make the events etcd cluster optional 2021-05-20 08:05:42 +02:00
Peter Rifel 47add60546
Fix KCM livenessProbe to use secure port 2021-05-11 08:01:42 -05:00
John Gardiner Myers 36f93d0069 hack/update-expected.sh 2021-05-07 23:40:03 -07:00
John Gardiner Myers d3469d6ec2 Remove code for no-longer-supported k8s versions 2021-05-07 23:40:03 -07:00
Peter Rifel cc4fae3f71
Remove unused k8s version parsing 2021-05-03 17:23:23 -05:00
dntosas 9481246e22
[csi/aws] Add support for warm pools 
Add pulling needed images as initial task for warming up instances for
csi driver resources.

Signed-off-by: dntosas <ntosas@gmail.com>
 2021-04-25 16:59:57 +03:00
Ole Markus With df2f66e1e5 Make API servers provision themselves. 
API servers also have access to secret store, so there is no need to go through kops-controller.
This lets API server only depend on etcd from the CP nodes, which should make it easier to scale out API servers under pressure
 2021-04-23 06:59:15 +02:00
Ole Markus With 769c6e584f Add install section to kubelet unit 2021-04-19 19:19:46 +02:00
Ole Markus With df4f429ceb Apply suggestions from code review 
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-04-19 07:25:42 +02:00
Ole Markus With 202e440920 Pre-pull cilium and kube-proxy in warming mode 2021-04-18 18:42:59 +02:00
Ole Markus With aac4741b0e Add a golden test for warmpool mode 2021-04-15 07:01:33 +02:00
Ole Markus With af92896dc7 Don't start kubelet if we are warming 2021-04-14 11:05:50 +02:00
Ciprian Hacman 1737925c44 Replace k8s.io/utils/mount with k8s.io/mount-utils 2021-04-14 07:01:43 +03:00
Ole Markus With bd731ce989 Use secure kubelet auth 
Without secure node auth enabled, commands like `kubectl logs` may fail
with certain configurations.

Previously, we checked if anonymousAuth was enabled on the kubelet
before securing node communication, but this isn't really relevant. We
can still authenticate even if anonymous access is allowed.
 2021-04-13 08:59:39 +02:00
John Gardiner Myers fdc61b4bdb Rename the service account key 2021-04-11 08:11:27 -07:00
Kenji Kaneda baff30d66e Add an option to skip NTP installation 
Add NTPConfig to ClusterSpec. NTPConfig has the SkipInstall option.

https://github.com/kubernetes/kops/issues/9661
 2021-03-31 12:33:32 -07:00
Peter Rifel e2ea5f8a95
Update protokube systemd unit docs link 2021-03-24 20:57:00 -05:00
Barry Melbourne 05123faf5a Update containerd to v1.3.10/v1.4.4 2021-03-23 17:02:01 +00:00
Ciprian Hacman 1b57bfbb8f Load env vars from file for kops-configuration service 2021-03-23 04:32:34 +02:00
Kubernetes Prow Robot 8b5be9baf9
Merge pull request #11082 from bharath-123/task/remove-dbus 
Remove dbus dependency
 2021-03-21 21:31:43 -07:00
Ole Markus With 20bd724f5e Add support for scaling out the control plane with dedicated apiserver nodes 
Ensure apiserver role can only be used on AWS (because of firewalling)

Apply api-server label to CP as well

Consolidate node not ready validation message

Guard apiserver nodes with a feature flag

Rename Apiserver role to APIServer

Add an integration test for apiserver nodes

Rename Apiserver role to APIServer

Enumerate all roles in rolling update docs

Apply suggestions from code review

Co-authored-by: Steven E. Harris <seh@panix.com>
 2021-03-20 20:57:00 +01:00
Bharath Vedartham 26319c6e96 Remove dbus dependency 2021-03-20 15:06:10 +05:30
Peter Rifel b57318fc3d
Download kubectl to /opt/kops/bin on Flatcar OS 
Also add it to protokube's PATH.

Our flatcar job is currently failing because channels arent being applied.
A newly added error log reports that kubectl isn't in protokube's PATH.

This adds the kubectl's location (/opt/bin) to protokube's PATH.

See https://storage.googleapis.com/kubernetes-jenkins/logs/e2e-kops-aws-distro-imageflatcar/1371379886664454144/artifacts/54.206.100.130/protokube.log
 2021-03-18 22:26:38 -05:00
Bharath Vedartham 368f3e94f2 Create an environment file for kops-configuration systemd process 2021-03-13 16:25:04 +05:30
Kubernetes Prow Robot ad7c793050
Merge pull request #10913 from seh/scope-os-update-policy-to-instance-group-too 
Honor OS update policy at InstanceGroup level too
 2021-03-12 22:03:03 -08:00
Ciprian Hacman 79a0720143 Fix rendering of multiple Docker insecure registries 2021-03-12 16:30:15 +02:00
Ciprian Hacman 77b72efe1d Fix various nits when changing Protokube to run as service 2021-03-08 07:19:48 +02:00
Bharath Vedartham d45514cff3 Make protokube a systemd process 2021-03-06 00:32:44 +05:30