kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,603 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

1421 Commits

Author SHA1 Message Date
Barry Melbourne 659bfa0daf Update Controller Runtime Go module to v0.8.2 2021-02-25 20:34:12 +00:00
Kubernetes Prow Robot 9c5c186442
Merge pull request #10915 from t1cg/caw/publicLoadbalancer 
add support for azure public loadbalancer
 2021-02-24 19:51:24 -08:00
Kubernetes Prow Robot 1b42286cfe
Merge pull request #10832 from rifelpet/aws-sdk 
Add Tagging to Instance Profiles and OIDC Providers
 2021-02-24 05:40:50 -08:00
Collin Woodruff ee7fc850ff add support for azure public loadbalancer 2021-02-23 17:42:33 -05:00
Kubernetes Prow Robot a424958e83
Merge pull request #10872 from timothyclarke/feature/NLB-EIP 
Adding Elastic IP Allocations to NLB API
 2021-02-22 23:48:03 -08:00
Nicholas Galantowicz 616d446658 add usage of subnet and routetable shared resources in azure 2021-02-22 15:28:55 -05:00
Ole Markus With 4d4bcba315 Enforce 1.14 deprecation 2021-02-21 17:59:39 +01:00
Ole Markus With 9a13837629 Fix JWKS path for volume projection 2021-02-18 22:07:35 +01:00
Ole Markus With 4ee43a849c k/k changed the feature gate for disabling in-tree CSI 2021-02-18 21:12:51 +01:00
Timothy Clarke 1577b0a54b
Adding Elastic IP Allocations to NLB API 2021-02-18 12:27:28 +00:00
Ole Markus With 8486650c33 Add support for cluster autoscaler 1.20.x 
Update upup/models/cloudup/resources/addons/cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml.template

Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>
 2021-02-17 14:05:09 +01:00
Alexander Block 8f0cb3af1f Actually enable systemd cgroup for containerd 2021-02-16 18:46:00 +01:00
Chuan Li 0eb7012e8d Add additional IOPS validation for AWS EBS gp3 volumes 2021-02-16 18:39:54 +08:00
Ciprian Hacman 35ea2f49b3 Release 1.21.0-alpha.1 2021-02-16 10:44:34 +02:00
Peter Rifel d52fd9f76c
Add tagging support to AWS Instance Profiles and OIDC Providers 2021-02-15 16:48:43 -06:00
Kubernetes Prow Robot cd10383fa0
Merge pull request #10741 from codablock/nlb-subnets 
Allow to control which subnets and IPs get used for the API loadbalancer
 2021-02-14 14:23:06 -08:00
Kubernetes Prow Robot 7d8ef74bcd
Merge pull request #10797 from t1cg/azureManagedImage 
Allow managed images for Azure instance groups
 2021-02-12 16:27:05 -08:00
Kubernetes Prow Robot 688aeb873a
Merge pull request #10744 from t1cg/caw/azureLoadbalancer 
add azure support for internal loadbalancer to k8s api
 2021-02-12 14:53:04 -08:00
Collin Woodruff 6a8d474acd add internal loadbalancer for azure 2021-02-12 17:13:01 -05:00
Kubernetes Prow Robot 082bdc3878
Merge pull request #10780 from olemarkus/consistent-cp-labelling 
Make protokube CP label setting consistent with kops-controller
 2021-02-12 11:09:58 -08:00
Ole Markus With 783b6c0d6c Make protokube CP label setting consistent with kops-controller 2021-02-12 08:17:14 +01:00
Ciprian Hacman c0d02d7dc9 Update Docker to v19.03.15 2021-02-12 07:10:32 +02:00
Nicholas Schleicher 1ac3265a14 Allow managed images for Azure instance groups 2021-02-11 15:42:17 -05:00
Steven E. Harris d1432bf1d4 Establish default CloudConfiguration values 2021-02-11 10:49:49 -05:00
Ole Markus With a86abcfd3e CSIMigrationAWSComplete feature gate does not work unless also CSIMigrationAWS is enabled 2021-02-11 12:41:50 +01:00
Kubernetes Prow Robot b233f031a3
Merge pull request #10489 from olemarkus/aws-loadbalancer-controller 
Add AWS LoadBalancerController
 2021-02-11 02:06:16 -08:00
Ole Markus With 56330188d0 Add AWS LoadBalancerController 2021-02-11 08:47:03 +01:00
Alexander Block 295fb11ac2 Better readable modification assigning of PrivateIPv4Address 2021-02-10 09:39:32 +01:00
Alexander Block 2c0f9809eb Move validation of ClusterSubnetSpec into pkg/apis/kops/validation 2021-02-10 09:36:39 +01:00
Alexander Block c6eca9db81 Fix check for empty privateIPv4Address 2021-02-10 08:21:22 +01:00
Ole Markus With e0c3490cc3 Add support for creating world-readable managedFiles 2021-02-09 21:06:28 +01:00
Kubernetes Prow Robot 4507be8e13
Merge pull request #10469 from justinsb/boot_nodes_from_kops_controller 
Boot nodes without state store access
 2021-02-08 11:28:19 -08:00
Ciprian Hacman ede4daf7ce Release 1.20.0-alpha.2 2021-02-08 13:36:48 +02:00
Peter Rifel e7ede2b13e
Use EnsureTask instead of prepending IG names to external ELB tasks 
This way we end up with one CLB task per CLB regardless of how many ASGs to which it is attached.
 2021-02-07 10:45:38 -06:00
Kubernetes Prow Robot 0aa9cf1921
Merge pull request #10695 from olemarkus/cilium-1-9 
Add support for cilium 1.9
 2021-02-07 01:07:11 -08:00
Ole Markus With a6dce2e820 Add support for cilium 1.9 
Apply suggestions from code review

Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>
 2021-02-07 08:00:54 +01:00
Alexander Block 6facd1b8ab Allow to explicitely choose subnets and private IPs for the API loadbalancer 2021-02-05 17:53:20 +01:00
Alexander Block 49e7ec8890 Use SubnetMappings for NLBs instead of Subnets 
SubnetMappings allow to explicitely set the private IPv4 address that
must be used for the NLB.

SubnetMappings and Subnets in the AWS API are compatible as long as the
address settings are not changes, making this commit backwards compatible.
 2021-02-05 17:53:20 +01:00
Jesse Haka 034dad258c modify names 2021-02-05 09:57:54 +02:00
Jesse Haka 41d04d8d4b add user agent to openstack api requests 2021-02-04 23:04:06 +02:00
Kubernetes Prow Robot 40ae752e46
Merge pull request #10545 from olemarkus/channels-certs 
Have channels create PKI for addons
 2021-01-31 01:21:49 -08:00
Ole Markus With 7ac74ab61c Fix bug preventing tasks using gp2 2021-01-30 19:46:30 +01:00
Ole Markus With 1db7b72843 Use serving cert for metrics-server 2021-01-30 09:01:36 +01:00
Ciprian Hacman f8d3b76556 Default IMDSv2 to "optional" for AWS 2021-01-29 14:02:14 +02:00
Kubernetes Prow Robot 3d39be7721
Merge pull request #10661 from hakman/etcd-manager-defaults 
Update AWS etcd-manager volumes defaults
 2021-01-28 22:01:41 -08:00
Ciprian Hacman 5fcd4e4b28 Allow attaching same external load balancer to multiple instance groups 2021-01-27 16:25:39 +02:00
Ciprian Hacman ca408f7e8f Set default volume type to "gp3" for etcd-manager volumes in AWS 2021-01-27 06:23:27 +02:00
Justin SB 1d76a15f69 Set the tcp_rmem sysctl in bootstrap script 
This ensures that we're using our settings for downloading nodeup
itself and any assets that nodeup downloads.  This is a workaround for
reported problems with the initial download on some kernels otherwise.

Issue #10206
 2021-01-24 21:50:45 -05:00
Ciprian Hacman 7aeb8c2af3 Add back support for kubenet style networking with containerd 2021-01-24 21:16:45 +02:00
Justin SB 28f184f68a etcd-manager: Update to 3.0.20210122 
Upstream changes:

* Release notes for 3.0.20201209
* Handling hanging list command from etcd client during reconciliation loop
* Update dependencies to match kOps 1.19
* Include IPs in peer certificates
* Use etcd v3.4.13 in tests
* Eager-broadcast leadership on every leader iteration
* Update Go to 1.15.7
 2021-01-22 16:01:03 -05:00
liranp 5f30cdedf9
fix(spot/ocean): avoid unnecessary duplication of tasks 2021-01-21 21:44:43 +02:00
Ciprian Hacman d889d61ddb Set default IMDS v2 to "required" for instances in AWS 2021-01-21 11:35:41 +02:00
Ciprian Hacman c8a9b2fb3e Set default volume encryption to "true" for instances in AWS 2021-01-21 11:27:02 +02:00
Ciprian Hacman 18bb14ffed Set default volume type to "gp3" for instances in AWS 2021-01-21 11:27:02 +02:00
Ciprian Hacman 85fbf1c6a2 Add iops field for gp3 volumes only with launch templates 2021-01-21 11:27:02 +02:00
Otto Sulin 46a8a00adc Fix broken tests 2021-01-20 14:24:49 +02:00
Otto Sulin c66a079e3e Add network and router availability zone hints to OpenStack 
This pull request makes it possible to add availability zone hints to routers and networks if the hints are supported.
 2021-01-20 13:34:08 +02:00
Barry Melbourne 337c9c4c66 Set default container runtime to containerd 2021-01-16 14:55:35 +00:00
Ciprian Hacman bb787d3075 Release 1.20.0-alpha.1 2021-01-15 15:29:55 +02:00
Ole Markus With afbd057286 Use consistent naming for the remaining SGRs 2021-01-14 12:57:33 +01:00
Kubernetes Prow Robot fb0fbb5280
Merge pull request #10557 from zetaab/feature/hashname 
[OpenStack] Use new hash format in instance names
 2021-01-13 09:24:36 -08:00
Kubernetes Prow Robot 0412bf7566
Merge pull request #10561 from spotinst/feat-launchspec-restrictions 
Spotinst: Specify whether scale-down activities should be restricted
 2021-01-13 08:24:36 -08:00
Jesse Haka 1bc330b0bb nameprefix -> groupname 2021-01-13 11:54:07 +02:00
Kubernetes Prow Robot a140168c70
Merge pull request #10467 from olemarkus/ebs-csi 
AWS CSI driver
 2021-01-12 13:36:35 -08:00
Kubernetes Prow Robot e4f4a20d27
Merge pull request #10419 from bharath-123/task/default-systemd 
Default cgroup driver to systemd from k8s 1.20
 2021-01-12 08:30:27 -08:00
Bharath Vedartham a8d709acf2 Default cgroup driver to systemd from k8s 1.20 
Currently, kOps uses cgroupfs cgroup driver for the kubelet and CRIs. This PR defaults
the cgroup driver to systemd for clusters created with k8s versions >= 1.20.

Using systemd as the cgroup-driver is the recommended way as per
https://kubernetes.io/docs/setup/production-environment/container-runtimes/
 2021-01-12 20:39:25 +05:30
Jesse Haka 185ccba246 Use random instance names in OpenStack 2021-01-12 14:52:39 +02:00
liranp 9fe505abed
feat(spot/ocean): new label: spotinst.io/restrict-scale-down 2021-01-12 11:35:28 +02:00
liranp eee856392b
fix(spot/model): iterate metadata labels only once 2021-01-12 10:26:11 +02:00
Ole Markus With f5ae5f8808 AWS CSI driver 2021-01-12 07:09:10 +01:00
Kubernetes Prow Robot 695be2666c
Merge pull request #10281 from dntosas/cluster-autoscaler-improvements 
[addons/CA] Add support for specifying resources and metrics
 2021-01-11 12:16:26 -08:00
dntosas 56fe4bab24
[addons/CA] Add support for specifying resources and metrics 
- Resources
We enable users to set their desired capacity for cluster-autoscaler addon.
There are edge cases, especially in big clusters, where autoscaler needs
to reconcile a large number of objects thus may need increased memory or
increased cpu to avoid saturation.

- Metrics
Cluster autoscaler provides valuable insights for monitoring capacity
allocation and scheduling aspects of a cluster. In this commit, we
add proper annotation on deployment to enable Prometheus scrape metrics.

We also bump patch version of container images.

Signed-off-by: dntosas <ntosas@gmail.com>
 2021-01-11 20:53:08 +02:00
Ole Markus With 4d2eca199f Remove node-authorization 2021-01-11 18:59:45 +01:00
Kubernetes Prow Robot b3be6478dd
Merge pull request #10551 from spotinst/feat-launchspec-strategy 
Spotinst: Specify Spot percentage per Instance Group
 2021-01-11 04:33:07 -08:00
Justin SB 2f5ba0fbac Update OpenStack expected test output for removal of Members 
It is now an internal field.
 2021-01-10 11:11:11 -05:00
liranp 2f874be0a1
feat(spot/ocean): set spot percentage on launchspec level 2021-01-10 15:22:43 +02:00
Justin SB d5294b0b7c Update test data for richer bootstrap script 2021-01-09 13:29:18 -05:00
Justin SB 4ac9d5c17b Boot nodes without state store access 
kops-controller can now serve the instance group & cluster config to
nodes, as part of the bootstrap process.

This enables nodes to boot without access to the state
store (i.e. without S3 / GCS / etc permissions)

Feature-flagged behind the KopsControllerStateStore feature-flag.
 2021-01-09 13:08:48 -05:00
Ole Markus With 2b3a8f133e Add control-plane node role annotation to cp nodes 
Update docs/releases/1.20-NOTES.md

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-01-08 12:39:42 +01:00
Kubernetes Prow Robot 551a805ebd
Merge pull request #10530 from hakman/gp3-throughput 
Add possibility to set volume throughput for gp3 volumes
 2021-01-05 04:53:58 -08:00
Ciprian Hacman a7bb949936 Add possibility to set volume throughput for gp3 volumes 2021-01-05 13:18:32 +02:00
Peter Rifel a15957da2f
IRSA - continue adding route53 permisions to masters 
These are needed by protokube to create the kops-controller DNS record to allow nodes to bootstrap.

See these logs: https://storage.googleapis.com/kubernetes-jenkins/logs/e2e-kops-grid-scenario-public-jwks/1345956556562239488/artifacts/ip-172-20-48-1.sa-east-1.compute.internal/protokube.log

```
I0104 05:03:51.264472    6482 dnscache.go:74] querying all DNS zones (no cached results)
I0104 05:03:51.264570    6482 route53.go:53] AWS request: route53 ListHostedZones
W0104 05:03:51.389485    6482 dnscontroller.go:124] Unexpected error in DNS controller, will retry: error querying for zones: error querying for DNS zones: AccessDenied: User: arn:aws:sts::768319786644:assumed-role/masters.e2e-kops-scenario-public-jwks.test-cncf-aws.k8s.io/i-05b1db10d1a5b8637 is not authorized to perform: route53:ListHostedZones
```

and the nodeup logs on nodes that couldn't join the cluster:

```
Jan 04 04:55:53.500187 ip-172-20-38-84 nodeup[2070]: W0104 04:55:53.500117    2070 executor.go:131] error running task "BootstrapClient/BootstrapClient" (9m52s remaining to succeed): Post "https://kops-controller.internal.e2e-kops-scenario-public-jwks.test-cncf-aws.k8s.io:3988/bootstrap": dial tcp: lookup kops-controller.internal.e2e-kops-scenario-public-jwks.test-cncf-aws.k8s.io on 127.0.0.53:53: no such host
```
 2021-01-04 21:03:53 -06:00
Kubernetes Prow Robot 22c5975591
Merge pull request #10519 from seh/restrict-api-server-security-groups-to-masters 
Only include API server additional security groups in InstanceGroups for masters
 2021-01-04 14:15:58 -08:00
Kubernetes Prow Robot 6d5549e730
Merge pull request #10453 from msidwell/gp3-etcd 
Add gp3 Volume Type to etcd
 2021-01-04 11:29:57 -08:00
msidwell ebf05facc2 add gp3 volume default params 
add io2 case and correct IOPS minimum value check

add gp3 case

add io2 and gp3 parameter ratio validation logic

add volumeThroughput parameter for disks that support it

add volumeThroughput components throughout ebs structs

add volumeThroughput to versioned api

updated api machinery and crds

apimachinery update
 2021-01-04 17:08:11 +00:00
Steven E. Harris 2a89d25ed0 Test that launch templates include additional SGs 2021-01-04 08:38:25 -05:00
Steven E. Harris 252d4177f0 Only include API server SGs in IGs for masters 
When using an AWS NLB in front of the Kubernetes API servers, we can't
attach the EC2 security groups nominated in the Cluster
"spec.api.loadBalancer.additionalSecurityGroups" field directly to the
load balancer, as NLBs don't have associated security groups. Instead,
we intend to attach those nominated security groups to the machines
that will receive network traffic forwarded from the NLB's
listeners. For the API servers, since that program runs only on the
master or control plane machines, we need only attach those security
groups to the machines that will host the "kube-apiserver" program, by
way of the ASG launch templates that come from kOps InstanceGroups of
role "master."

We were mistakenly including these security groups in launch templates
derived from InstanceGroups of all of our three current roles:
"bastion," "master," and "node." Instead, skip InstanceGroups of the
"bastion" and "node" roles and only target those of role "master."
 2021-01-04 08:38:25 -05:00
Steven E. Harris ad4ac4f474 Test that AWS launch templates include wrong SG 2021-01-04 08:38:25 -05:00
Kubernetes Prow Robot 22a9a13abf
Merge pull request #10488 from rifelpet/iam-role-tag 
AWS IAM Role Tagging
 2020-12-29 22:33:48 -08:00
Ciprian Hacman 66039f150e Add containerd option for registry mirrors 2020-12-28 19:32:06 +02:00
Ciprian Hacman c02e5a20ea Remove support for Kubenet with containerd 2020-12-27 18:21:16 +02:00
Peter Rifel 4ee5d7a543
Add tagging support for AWS IAM Roles 2020-12-23 15:11:07 -06:00
Ciprian Hacman c02434269f Fix cluster setup when KOPS_ARCH is set 2020-12-23 17:08:20 +02:00
Kubernetes Prow Robot 9bc1c0ed77
Merge pull request #10477 from justinsb/refactor_gce_instancetemplate 
Refactor GCE InstanceTemplate
 2020-12-21 17:48:28 -08:00
Kenji Kaneda a61caea8d2 Add Azure support 
This commit contains all changes required to support Azure
(https://github.com/kubernetes/kops/issues/3957).
 2020-12-21 08:27:54 -08:00
Kubernetes Prow Robot 8d3e42cd36
Merge pull request #10475 from justinsb/refactor_mirrored_asset 
Refactor MirroredAsset into mirrors package
 2020-12-19 23:12:25 -08:00
Justin SB 1945a656a0 Remove deprecated ResourceHolder 
Cleaning up what is now dead code.
 2020-12-19 23:15:37 -05:00
Justin SB 7d9ff3ba96 Refactor MirroredAsset into mirrors package 
This means we can use MirroredAsset for nodeup without circular
dependencies.  Also removes a duplicate constant that was declared
twice.
 2020-12-19 18:39:09 -05:00
Justin SB f12c3f95f8 Refactor GCE InstanceTemplate 
Clearer, and for future cluster-api support.
 2020-12-19 17:14:51 -05:00
Justin SB 2d143e6340 Update tests for ResourceHolder -> Resource 2020-12-19 09:51:58 -05:00