kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
20,196 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

32 Commits

Author SHA1 Message Date
Jan Safranek 0d03095fda Add SELinux support to containerd 
Add cluster.Spec.Containerd.SELinuxEnabled field that enables SELinux in
containerd.

With SELinux enabled, all pods that use HostPath volumes must run with
SELinux label `spc_t`, otherwise SELinux denies the pods to touch the host
filesystem.
 2023-06-19 15:20:08 +02:00
Min Ni 8f5892fcb6 upgrade authentication.aws to v0.5.12 2022-12-04 11:34:03 -08:00
Peter Rifel 52a70be55c
Upgrade aws-iam-authenticator to v0.5.9 2022-07-14 16:00:14 -06:00
Peter Rifel 234bf01b73
Remove non-functional scheduler annotations 2022-07-11 20:53:37 -06:00
Peter Rifel abc6378656
Update remaining addon manifests for control-plane node role label 2022-04-19 16:52:06 -05:00
Guillaume Le Biller 74310774f1
Upgrade aws-iam-authenticator to v0.5.5 2022-03-17 19:22:50 +01:00
John Gardiner Myers f65ba3d9cd Rename fields in v1alpha3 componentconfig API to fit acronym convention 2021-11-21 16:16:32 -08:00
justinsb 27c223af25 Fix AWS authentication separator to support multiple objects 
Otherwise the objects overwrite each other, because YAML.
 2021-11-19 09:34:22 -05:00
Peter Rifel b401ec55a3
Add missing status fields to IAMIdentityMapping v1 CRD 2021-11-11 20:28:59 -06:00
Jeroen van Erp 353be50f9b
Configure aws-iam-authenticator using identityMappings defined in cluster.yaml 
Signed-off-by: Jeroen van Erp <jeroen@hierynomus.com>
 2021-10-29 10:30:44 +02:00
Peter Rifel 1c25193dc7
Upgrade aws-iam-authenticator to 0.5.3 2021-09-28 08:29:39 -05:00
Peter Rifel bb46e73ade
aws-iam-authenticator - use v1 CRD API for k8s 1.22 support 2021-09-28 08:29:39 -05:00
Peter Rifel 42ecabae28
Allow aws-iam-authenticator to be scheduled onto dedicated apiserver nodes 2021-09-26 11:09:30 -05:00
Peter Rifel b193d2d583
Update addon manifests referencing RBAC v1beta1 2021-08-08 16:12:39 -04:00
John Gardiner Myers 2ac17bee69 Remove code for no-longer-supported k8s releases 2020-10-29 16:45:53 -07:00
Peter Rifel 4276afe238
Upgrade aws-iam-authenticator to 0.5.2 2020-10-13 11:57:13 -05:00
Robert Russell 1981c56f67 Fix backwards compatibility when backend mode isnt set 2020-08-16 23:05:04 -07:00
Robert Russell 6e5544f615 Allow configurable backend modes for aws-iam-authenticator 2020-08-06 21:37:55 -07:00
Rodrigo Menezes e20f3ba0bc Add healthcheck 2020-07-09 12:23:37 -07:00
Peter Rifel eae3fd8fc3
Update AWS IAM Authenticator to 0.5.1 2020-07-09 11:41:28 -05:00
Peter Rifel 70f4429622 Revert "Update AWS IAM Authenticator to 0.5.0" 
This reverts commit 03ccbfeb99.
 2020-03-04 07:38:42 -06:00
Peter Rifel 318e9a1441 Revert "Switch AWS IAM Authenticator to use non-scratch image" 
This reverts commit 79027c18d4.
 2020-03-04 07:38:30 -06:00
Peter Rifel cd34cf41c5 Switch AWS IAM Authenticator to use non-scratch image 
The authenticator binary uses glog which requires write access to the filesystem under /tmp
On the scratch image /tmp doesnt exist which caused a crash loop:

```
time="2020-02-14T02:06:00Z" level=info msg="creating event broadcaster"
time="2020-02-14T02:06:00Z" level=info msg="setting up event handlers"
W0214 02:06:00.358119       1 client_config.go:539] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
log: exiting because of error: log: cannot create log: open /tmp/aws-iam-authenticator.ip-X-X-X-X.aws-iam-authenticator.log.WARNING.20200214-020600.1: no such file or directory
```

Switching to debian-stretch fixed the issue although it could really be any of the other images in the release [0]

[0] https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/tag/v0.5.0
 2020-02-13 20:29:49 -06:00
Peter Rifel 32e6a6b534 Update AWS IAM Authenticator to 0.5.0 
I merged changes from these manifests:

https://github.com/kubernetes-sigs/aws-iam-authenticator/blob/v0.5.0/deploy/example.yaml

https://github.com/kubernetes-sigs/aws-iam-authenticator/blob/v0.5.0/deploy/iamidentitymapping.yaml

The new version supports replacing the configmap with a IAMIdentityMapping custom resource, but the --backend-mode command argument isnt yet exposed through the kops API, so it will still only use configmaps.
We can expose a BackendMode API field in a followup PR.
 2020-01-30 07:09:07 -06:00
John Gardiner Myers 38aafc7cdc Add missing priorityClassName for critical pods 2020-01-21 21:03:07 -08:00
Rodrigo Menezes 4645582788 fix typo 2019-07-17 14:57:12 -07:00
Rodrigo Menezes e51b364d1d Allow setting Limit & Request for aws-iam-authenticator 2019-07-17 14:38:22 -07:00
Peter Rifel 152f3a85b8 Update aws-iam-authenticator image to 0.4.0 
See https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/tag/v0.4.0
 2019-04-22 14:38:47 -07:00
Peter Rifel c24b0a0918 Allow the AWS IAM Authenticator image name to be overridden 2019-04-05 09:35:30 -05:00
Jordan Liggitt 9a06ff550c Update 1.12 addons to use apps/v1 2019-02-20 09:21:22 -05:00
Jordan Liggitt 3cef342dbe Copy latest addons to 1.12 2019-02-20 09:20:01 -05:00
Rodrigo Menezes 414b3a780b Rename hept.io authenticator to aws authenticator 2018-07-08 10:10:19 -07:00