kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,610 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

107 Commits

Author SHA1 Message Date
John Gardiner Myers 1312163edd Update nodes with an APIServer when APIServer spec changes 2021-06-27 08:45:04 -07:00
John Gardiner Myers 5de6d16e76 Catch calls to GetBootstrapCert from control plane 2021-06-26 00:04:52 -07:00
John Gardiner Myers 2faf28379a Refactor etcd-client-cilium secrets 2021-06-25 23:57:23 -07:00
John Gardiner Myers 1752f0f4db Move most of nodeup.Config out of userdata 2021-06-25 22:25:49 -07:00
John Gardiner Myers c132ae1520 Move fields from AuxConfig to nodeup.Config 2021-06-25 18:41:29 -07:00
John Gardiner Myers a83bf7b20f Mark nodes NeedsUpdate when keys they use change 2021-06-21 19:37:23 -07:00
Ciprian Hacman 904f21cd77 Remove previous implementation of pre-pulling container images 2021-06-20 23:01:52 +02:00
John Gardiner Myers c337d217ba Refactor kops-controller to use FindPrimaryKeypair and use consistent filenames 2021-06-19 10:56:29 -07:00
John Gardiner Myers 6b9aebae88 Include multiple CA certificates in bootstrap kubeconfigs 2021-06-19 10:56:29 -07:00
John Gardiner Myers b45c0b4489 Remove InstanceGroup from NodeupModelContext 2021-06-03 21:27:01 -07:00
John Gardiner Myers 2e1629c610 Introduce nodeup.AuxConfig 2021-06-03 20:37:22 -07:00
Ole Markus With df2f66e1e5 Make API servers provision themselves. 
API servers also have access to secret store, so there is no need to go through kops-controller.
This lets API server only depend on etcd from the CP nodes, which should make it easier to scale out API servers under pressure
 2021-04-23 06:59:15 +02:00
Ole Markus With df4f429ceb Apply suggestions from code review 
Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-04-19 07:25:42 +02:00
Ole Markus With af92896dc7 Don't start kubelet if we are warming 2021-04-14 11:05:50 +02:00
Ciprian Hacman 1737925c44 Replace k8s.io/utils/mount with k8s.io/mount-utils 2021-04-14 07:01:43 +03:00
Ole Markus With bd731ce989 Use secure kubelet auth 
Without secure node auth enabled, commands like `kubectl logs` may fail
with certain configurations.

Previously, we checked if anonymousAuth was enabled on the kubelet
before securing node communication, but this isn't really relevant. We
can still authenticate even if anonymous access is allowed.
 2021-04-13 08:59:39 +02:00
Ole Markus With 20bd724f5e Add support for scaling out the control plane with dedicated apiserver nodes 
Ensure apiserver role can only be used on AWS (because of firewalling)

Apply api-server label to CP as well

Consolidate node not ready validation message

Guard apiserver nodes with a feature flag

Rename Apiserver role to APIServer

Add an integration test for apiserver nodes

Rename Apiserver role to APIServer

Enumerate all roles in rolling update docs

Apply suggestions from code review

Co-authored-by: Steven E. Harris <seh@panix.com>
 2021-03-20 20:57:00 +01:00
Peter Rifel b57318fc3d
Download kubectl to /opt/kops/bin on Flatcar OS 
Also add it to protokube's PATH.

Our flatcar job is currently failing because channels arent being applied.
A newly added error log reports that kubectl isn't in protokube's PATH.

This adds the kubectl's location (/opt/bin) to protokube's PATH.

See https://storage.googleapis.com/kubernetes-jenkins/logs/e2e-kops-aws-distro-imageflatcar/1371379886664454144/artifacts/54.206.100.130/protokube.log
 2021-03-18 22:26:38 -05:00
Ole Markus With 4d2eca199f Remove node-authorization 2021-01-11 18:59:45 +01:00
Ciprian Hacman c36262009b Install container runtime packages as assets - Code Review 1 2020-10-23 11:05:41 +03:00
Ciprian Hacman 852bebe165 Install container runtime packages as assets - Misc 2020-10-14 15:41:51 +03:00
Justin SB 2be21562a9 Support writing a full certificate chain 
This means that our https endpoint will serve the ca.crt as well.
 2020-08-25 11:09:04 -04:00
Kubernetes Prow Robot bacd944dea
Merge pull request #9776 from johngmyers/cni-client-certs 
Issue the cilium etcd client cert out of kops-controller
 2020-08-18 08:13:30 -07:00
Kubernetes Prow Robot ffe3b3468d
Merge pull request #9766 from hakman/distros 
Use /etc/os-release to identify the distribution
 2020-08-17 22:37:30 -07:00
John Gardiner Myers 07220797b4 Issue the cilium etcd client cert out of kops-controller 2020-08-17 21:15:34 -07:00
John Gardiner Myers 2d898fa645 Inline some methods 2020-08-17 00:18:00 -07:00
Ciprian Hacman e68ee80a93 Move and rename the "distros" package 2020-08-17 07:25:43 +03:00
Peter Rifel 4d9f0128a3
Upgrade to klog2 
This splits up the kubernetes 1.19 PR to make it easier to keep up to date until we get it sorted out.
 2020-08-16 20:56:48 -05:00
John Gardiner Myers c5871df319 Get kubelet certificate from kops-controller 2020-08-15 10:30:20 -07:00
John Gardiner Myers 321035f460 Allow cert/key file tasks to specify owner 2020-08-15 10:30:20 -07:00
John Gardiner Myers 00c60ddff6 Add server code to kops-controller 2020-08-15 09:46:30 -07:00
Kubernetes Prow Robot 734a0eb5f3
Merge pull request #9415 from johngmyers/refactor-nodeup-2 
Continue moving InstanceGroup data to NodeupConfig
 2020-07-02 20:50:47 -07:00
Ciprian Hacman a7c8d2087c Use github.com/blang/semver/v4 2020-07-01 08:54:42 +03:00
John Gardiner Myers 5e5f25703d Move KubeletConfig into the NodeupConfig 2020-06-28 18:51:16 -07:00
John Gardiner Myers 386286d172 Move VolumeMounts into the NodeupConfig 2020-06-17 09:09:24 -07:00
John Gardiner Myers a5f5acc09d Move the instancegroup role into NodeupConfig 2020-06-17 09:05:15 -07:00
Justin SB bf11a65bd3 Try wrapping pkix.Name 2020-06-09 20:24:09 -07:00
John Gardiner Myers b0694300df Issue kube-scheduler cert in nodeup 2020-06-09 20:23:33 -07:00
ZouYu 2fc52ec6be fix some go-lint warning 
Signed-off-by: ZouYu <zouy.fnst@cn.fujitsu.com>
 2020-06-09 08:52:50 +08:00
Kubernetes Prow Robot 9e4bf1699a
Merge pull request #9216 from hakman/prepare-multi-arch 
Prepare Kops for multi-architecture support
 2020-06-04 21:35:43 -07:00
Ole Markus With b62f6aa894 Move networking in nodeup to dedicated subpackage 2020-06-04 17:32:41 +02:00
Ciprian Hacman 654a0d2d8a Detect supported architecture during node setup 2020-06-03 17:23:59 +03:00
John Gardiner Myers c1562291d7 Update adding_a_feature.md with more modern example 2020-05-28 23:19:14 -07:00
Kubernetes Prow Robot 6830cf6d44
Merge pull request #9065 from johngmyers/remove-distro 
Remove support for CoreOS and Jessie
 2020-05-27 23:22:01 -07:00
Ole Markus With d1ff25bb4e Remove some rather long networking nil checks 2020-05-22 08:08:58 +02:00
Justin SB 75fd939a62
kube-apiserver: healthcheck via sidecar container 
kube-apiserver doesn't expose the healthcheck via a dedicated
endpoint, instead relying on anonyomous-access being enabled.  That
has previously forced us to enable the unauthenticated endpoint on
127.0.0.1:8080.

Instead we now run a small sidecar container, which
proxies /healthz and /readyz requests (only) adding appropriate
authentication using a client certificate.

This will also enable better load balancer checks in future, as these
have previously been hampered by the custom CA certificate.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-05-07 08:06:52 -04:00
John Gardiner Myers 06c6ac1bee Remove support for CoreOS and Jessie 2020-05-04 23:09:52 -07:00
Ciprian Hacman 4d7aa9b0f3 Always run Docker "health-check" for older versions of Kubernetes 2020-03-15 09:51:03 +02:00
Ole Markus With ced8f00201 Add option to use ENI as IPAM mode for Cilium 
* Force cilium-operator run on master nodes
* Add option for setting cilium ipam mode
* If cilium ipam mode is eni, add additional permissions to master nodes
* Allow NonMasqueradeCIDR overlap with NetworkCIDR when Cilium ENI is enabled
 2020-02-16 19:11:01 +01:00
Kubernetes Prow Robot 77d6d381c3
Merge pull request #8327 from johngmyers/remove-code 
Remove code for unsupported Kubernetes versions
 2020-01-15 14:54:22 -08:00