kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,603 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

953 Commits

Author SHA1 Message Date
Justin SB 786423f617 Expose JWKS via a feature-flag 
When the PublicJWKS feature-flag is set, we expose the apiserver JWKS
document publicly (including enabling anonymous access).  This is a
stepping stone to a more hardened configuration where we copy the JWKS
document to S3/GCS/etc.

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-08-30 10:15:11 -04:00
ozdanborne 6ae4337249 remove nodeAffinity from typha 2020-08-27 12:59:08 -04:00
MoShitrit db0111acfe Upgrade AWS VPC CNI to 1.7.1 2020-08-26 13:54:01 -04:00
Kubernetes Prow Robot b00f8049b6
Merge pull request #9808 from hakman/kope-to-k8s.gcr.io 
Pull images from k8s.gcr.io/kops instead of docker.io/kope
 2020-08-26 07:18:05 -07:00
Kubernetes Prow Robot 154335e758
Merge pull request #9818 from hakman/kube-router-1.0.1 
Update kube-router to v1.0.1
 2020-08-26 01:46:03 -07:00
Ciprian Hacman fd62ca9e42 Update kube-router to v1.0.1 2020-08-26 10:53:22 +03:00
Ciprian Hacman eb218cdc1a Update Calico to v3.15.2 for k8s 1.16+ 2020-08-26 10:01:22 +03:00
Ciprian Hacman a4ff90205a Pull images from k8s.gcr.io/kops instead of docker.io/kope 2020-08-25 08:04:36 +03:00
Ciprian Hacman 2d61ab0876 Bump kops to v1.19.0-alpha.3 2020-08-23 12:07:44 +03:00
MoShitrit 9bd7a350eb Upgrade AWS VPC CNI to 1.7.0 2020-08-19 21:51:22 -04:00
Ciprian Hacman 5e8bfa06b6 Update Weave Net to v2.7.0 2020-08-19 19:42:02 +03:00
Kubernetes Prow Robot 655c424ded
Merge pull request #9755 from WarpRat/9750 
Fix backwards compatibility when backend mode isn't set
 2020-08-17 06:28:18 -07:00
Robert Russell 1981c56f67 Fix backwards compatibility when backend mode isnt set 2020-08-16 23:05:04 -07:00
John Gardiner Myers 00c60ddff6 Add server code to kops-controller 2020-08-15 09:46:30 -07:00
Kubernetes Prow Robot e2e5b00620
Merge pull request #9689 from secoya/master 
Support for using hostPort when using kube-router
 2020-08-14 01:08:22 -07:00
Anders Ingemann 905fac677b
kube-router: Enable BGP graceful restart 2020-08-14 09:29:51 +02:00
Ciprian Hacman baac575df2 Update cluster-proportional-autoscaler to v1.8.3 2020-08-13 07:44:19 +03:00
Peter Rifel 008c22d9c0
Upgrade AWS VPC CNI provider to 1.6.4 
This adds support for arm64
 2020-08-11 20:41:02 -05:00
Anders Ingemann 154d8220ba
Support for using hostPort when using kube-router 2020-08-11 10:52:07 +02:00
Ole Markus With 25d98796e2 Add cinder plugin 2020-08-11 10:15:12 +02:00
Robert Russell 6e5544f615 Allow configurable backend modes for aws-iam-authenticator 2020-08-06 21:37:55 -07:00
liranp 4990b71185
feat(spot): upgrade the controller (v1.0.63) 2020-08-06 15:00:04 +03:00
Ciprian Hacman 373510e01d Move cluster-proportional-autoscaler to worker nodes 2020-08-04 08:27:07 +03:00
John Gardiner Myers dc222a06b1 Upgrade cluster-proportional-autoscaler to multi-arch image 2020-08-03 21:39:41 -07:00
Ciprian Hacman 1c6597e177 Prefer nodes with "master" role for Canal Typha pods 2020-08-01 08:30:52 +03:00
Kubernetes Prow Robot 0bd76b5a76
Merge pull request #9656 from hakman/calico-3.15.1 
Update Calico to v3.15.1 for k8s 1.16+
 2020-07-31 06:39:11 -07:00
Ciprian Hacman 89b6d8f20a Update Calico to v3.15.1 for k8s 1.16+ 2020-07-31 15:54:53 +03:00
Justin SB c64abd4301 Release 1.19.0-alpha.2 2020-07-31 07:59:05 -04:00
Steven E. Harris 9a5e54699f Calico: upgrade "k8s-ec2-srcdst" to version v0.3.0 
Upgrading the "k8s-ec2-srcdst" controller to this latest version
allows it to work correctly with the objects containing the new
"metadata.managedFields" field introduced in Kubernetes version
1.18.0.

The previous container image versions used a version of the
"client-go" library that was too old to consume these fields
correctly, causing the controller to fail repeatedly when trying to
read Node objects retrieved from the Kubernetes API server.
 2020-07-29 09:30:16 -04:00
liranp a9f5ef8b9a
feat(spot): upgrade the controller (v1.0.62) 2020-07-28 11:08:45 +03:00
Ciprian Hacman 3336d7b309 Prefer nodes with "master" role for Calico Typha pods 2020-07-22 11:28:01 +03:00
John Gardiner Myers 53e07476df Widen the tolerations of kuberouter 2020-07-09 22:25:59 -07:00
Kubernetes Prow Robot 04ec3ddd13
Merge pull request #8991 from rdrgmnzs/aws-authenticator-update 
Add healthcheck to aws-iam-authenticator
 2020-07-09 19:28:35 -07:00
Kubernetes Prow Robot 60993a4d74
Merge pull request #9541 from rifelpet/coredns-170 
Update CoreDNS to v1.7.0 - Take 2
 2020-07-09 12:46:33 -07:00
Rodrigo Menezes e20f3ba0bc Add healthcheck 2020-07-09 12:23:37 -07:00
Sandeep Rajan 73f12e937e
update coredns to v1.7.0 2020-07-09 14:05:00 -05:00
Peter Rifel eae3fd8fc3
Update AWS IAM Authenticator to 0.5.1 2020-07-09 11:41:28 -05:00
Kubernetes Prow Robot 69d774c524
Merge pull request #9521 from hakman/flag_missing 
Fix KubeDNS missing resourceVersion
 2020-07-08 18:00:35 -07:00
Pedro H. Spagiari 15c241b2cd fix(upup/models/cloudup/resources/addons/kube-dns.addons.k8s.io) missing resourceVersion 2020-07-08 08:07:44 +03:00
Ciprian Hacman 91074906cf Update kube-router to v1.0.0 2020-07-07 06:58:49 +03:00
Justin SB 591626af3c Release 1.19.0-alpha.1 2020-07-04 21:46:14 -04:00
Ole Markus With 263172caac Use new templates for cilium 1.8 2020-07-03 07:56:35 +02:00
Kubernetes Prow Robot 2b7c4089d6
Merge pull request #9462 from hakman/update-kube-dns 
Update KubeDNS to v1.15.13
 2020-06-30 13:54:07 -07:00
Ciprian Hacman b48c2c373f Update KubeDNS to v1.15.13 2020-06-30 12:10:51 +03:00
Ciprian Hacman 4ca7385081 Update Calico to v3.15.0 for k8s 1.16+ 2020-06-30 09:04:51 +03:00
liranp 8501747661
feat(spot): upgrade the controller (v1.0.61) 2020-06-28 17:02:44 +03:00
Ole Markus With 51235b2edc Deploy cilium etcd credentials if the cilium cluster exists 2020-06-27 07:11:19 +02:00
Kubernetes Prow Robot 909117a409
Merge pull request #9431 from olemarkus/arm64-fix-dns-1.13 
Fix dns selectors for older k8s
 2020-06-23 08:43:41 -07:00
Ole Markus With a9300601c2 Fix dns selectors for older k8s 2020-06-23 12:19:23 +02:00
Kubernetes Prow Robot 9708057692
Merge pull request #9404 from vgunapati/dns-controller-fix 
Fix: dns-controller: 3999 port address already in use
 2020-06-22 18:31:41 -07:00
Author Name deaeba1e57
Fix: dns-controller: 3999 port address already in use 2020-06-22 17:54:03 -07:00
Ole Markus With 7b95edc507 Make dns pods work on arm64 clusters 
* Use multiarch where possible. Remove hardcoded use of amd64-only images.
 * Remove Arch templating function as an approach using this will not
   work anyway
 * No multiarch version of dns autoscaler, so force this one to run on
   master for now.
 2020-06-21 20:32:27 +02:00
MoShitrit 1c1044bd69 Upgrade Amazon VPC CNI to 1.6.3 2020-06-19 16:23:18 -04:00
Kubernetes Prow Robot eb39ab7349
Merge pull request #9355 from johngmyers/move-port 
Move host-network services off of port 8080
 2020-06-16 09:10:04 -07:00
Kubernetes Prow Robot 39db604e0c
Merge pull request #9295 from olemarkus/cilium-component 
Validate cilium version
 2020-06-15 10:21:56 -07:00
John Gardiner Myers 5babf00646 Move node-local-dns healthcheck to port 3989 2020-06-12 22:00:15 -07:00
Josh Branham fe173d6d5d Explicitly set default storageclass to support upgrades 2020-06-11 13:00:26 -04:00
Ciprian Hacman df1302887e Update Weave Net to 2.6.5 2020-06-11 09:09:59 +03:00
Ole Markus With e09365b6c2 Validate cilium version 2020-06-11 07:38:14 +02:00
Ole Markus With 39751cfe63 Set cilium defaults in code 2020-06-11 07:38:13 +02:00
Ciprian Hacman c4d10a1bb0 Update Weave for CVE-2020-13597 2020-06-06 13:19:49 +03:00
John Gardiner Myers e88e0cf7ec Remove code supporting dropped k8s versions 2020-06-04 12:11:51 -07:00
Kubernetes Prow Robot 5cc1b5ad8e
Merge pull request #9268 from hakman/calico-CVE-2020-13597 
Update Calico and Canal for CVE-2020-13597
 2020-06-04 04:03:14 -07:00
Kubernetes Prow Robot c6dcaa8199
Merge pull request #9154 from MoShitrit/issue-9031 
Add support for encryption in Cilium
 2020-06-04 03:11:15 -07:00
Ciprian Hacman b1ee578e5c Update Calico and Canal for CVE-2020-13597 2020-06-04 11:40:34 +03:00
Kubernetes Prow Robot c8674f23a0
Merge pull request #9253 from olemarkus/cilium-ipv4 
Don't make it possible to toggle ipv4/6. We only support ipv4 anyway
 2020-06-03 14:02:43 -07:00
Kubernetes Prow Robot 4fe5ad03f8
Merge pull request #9255 from olemarkus/romana-remove 
Remove romana support
 2020-06-03 13:24:59 -07:00
Kubernetes Prow Robot 4ef6bbe229
Merge pull request #9175 from mtl-wgtwo/calico-ip-detection-method 
Enable configuration of the calico IP_AUTODETECTION_METHOD  and IP6_AUTODETECTION_METHOD
 2020-06-03 06:24:18 -07:00
Ole Markus With 991549a5f4 Remove support for Romana 2020-06-03 08:23:53 +02:00
Ole Markus With 972d7a3509 Don't make it possible to toggle ipv4/6. We only support ipv4 anyway 2020-06-03 06:58:13 +02:00
Srikanth 51f9a4a0a8 update RBAC for DO CCM 2020-06-02 19:08:58 +05:30
MoShitrit 90dfe39396 Upgrde amazon vpc cni to 1.6.2 2020-05-30 00:07:28 -04:00
Matt Long c00464f11d Update crds, apis, models. Add limited field validation 2020-05-27 15:24:01 +02:00
Timo Reimann b9c9c7a143 Update DigitalOcean cloud-controller-manager to v0.1.24 
This changes bumps DigitalOcean's cloud-controller-manager to version
0.1.24 which brings a number of new features and bug fixes.
 2020-05-26 11:29:16 +02:00
Matt Long 574442dd7b Enable configuration of the calico IP_AUTODETECTION_METHOD 2020-05-25 13:08:37 +02:00
MoShitrit 316a0e2b00 Adding encryption support for Cilium 
Adding support for 'secret-name' flag

Adding instructions to enable encryption

Updating docs for cli

Addressing comments

Adding ciliumpassword subcommand to 'kops create secret'

Updating command to generate ciliumpassword secret
 2020-05-25 01:54:24 -04:00
Justin SB 27aab12b28 Release 1.18.0-alpha.3 2020-05-06 08:19:06 -04:00
Kubernetes Prow Robot 84687b8394
Merge pull request #9022 from acaire/feature-spotinst-controller-v1.0.58 
Feature spotinst controller v1.0.58
 2020-05-03 06:58:26 -07:00
Ash Caire d523a3d061 feature(spotinst): upgrade controller (v1.0.58) 2020-05-03 20:56:44 +08:00
Ash Caire eff2fe74ca style(spotinst): Remove erroneous YAML separators 
This was causing the following error when applying the channel:

I0429 09:05:44.828460   15185 apply.go:71] configmap/spotinst-kubernetes-cluster-controller-config unchanged
secret/spotinst-kubernetes-cluster-controller-certs unchanged
serviceaccount/spotinst-kubernetes-cluster-controller unchanged
clusterrole.rbac.authorization.k8s.io/spotinst-kubernetes-cluster-controller unchanged
clusterrolebinding.rbac.authorization.k8s.io/spotinst-kubernetes-cluster-controller unchanged
deployment.apps/spotinst-kubernetes-cluster-controller configured
error: error validating "/tmp/channel152526040/manifest.yaml": error validating data: [apiVersion not set, kind not set]; if you choose to ignore these errors, turn validation off with --validate=false
Error: error updating "spotinst-kubernetes-cluster-controller.addons.k8s.io": error applying update from "s3://REDACTED/kops/REDACTED/addons/spotinst-kubernetes-cluster-controller.addons.k8s.io/v1.9.0.yaml": error running kubectl
 2020-05-03 20:56:36 +08:00
Ole Markus With 7c49f283c4 Bump cilium to 1.7.3 2020-04-30 07:29:22 +02:00
Kubernetes Prow Robot a1a6611c8f
Merge pull request #9020 from rifelpet/aws-vpc-cni-161 
Upgrade amazon vpc cni to 1.6.1
 2020-04-28 20:56:25 -07:00
Peter Rifel 4e9d14f51d
Upgrade amazon vpc cni to 1.6.1 
https://github.com/aws/amazon-vpc-cni-k8s/releases/tag/v1.6.1
 2020-04-28 21:27:00 -05:00
Kubernetes Prow Robot 0adf32f973
Merge pull request #8965 from hakman/weave-fixes 
Fix missing changes in Weave manifest
 2020-04-28 08:20:09 -07:00
Kubernetes Prow Robot 8d0933fe35
Merge pull request #8982 from olemarkus/cilium-bump-april 
Bump cilium to 1.7.2
 2020-04-27 13:04:05 -07:00
mosheshitrit 9fffc5f8e0 Make CPU Requests for Calico configurable instead of hard-coded 
Update bindata.go

Apply suggestions from code review

Applying suggested changes.

Co-Authored-By: Ciprian Hacman <ciprianhacman@gmail.com>

Applying changes after running `make gofmt`

Applying changes after running `make crds`

Apply suggestions from code review

Applying suggested changes.

Co-Authored-By: Ciprian Hacman <ciprianhacman@gmail.com>

Applying changes after running `make gofmt`

Fixing broken things

Typo fixes

Apply suggestions from code review

Co-Authored-By: Ciprian Hacman <ciprianhacman@gmail.com>

Apply suggested changes and run necessary `make` steps
 2020-04-26 12:44:14 -04:00
Ole Markus With 3e3b2019dc Bump cilium to 1.7.2 2020-04-25 19:39:40 +02:00
Ciprian Hacman 227a767ce5 Fix missing changes in Weave manifest 2020-04-23 19:58:13 +03:00
Ciprian Hacman 006c2f9025 Update Calico liveness probe for k8s 1.12-1.15 2020-04-23 10:52:50 +03:00
Ciprian Hacman ad835b478d Update Canal to v3.12.1 for k8s 1.15 2020-04-23 10:52:50 +03:00
Ciprian Hacman 916f3014b7 Update Calico and Canal to v3.13.3 for k8s 1.16+ 2020-04-23 10:52:50 +03:00
Ole Markus With 869ab75dea Use etcd-manager for the cilium etcd cluster 2020-04-16 08:42:59 +02:00
Ole Markus With d5019a6c11 Simplify the spec and templates a bit 2020-04-10 10:48:21 +02:00
Salvatore Mazzarino f754cbda7d NodeLocal DNSCache 
Signed-off-by: Salvatore Mazzarino <dev@mazzarino.cz>
 2020-04-10 10:44:53 +02:00
Justin Santa Barbara b903724e0f Fix a spelling mistake; regenerate 2020-04-07 22:57:10 -04:00
Rodrigo Menezes cfeefed17f fix misspelling 2020-04-07 10:41:55 -04:00
Ciprian Hacman 49dfafc606 Remove critical-pod annotation 2020-04-07 11:38:33 +03:00
Ciprian Hacman 5ee9ba2ee6 Update Calico and Canal to v3.13.2 2020-04-07 10:50:54 +03:00
Kashif Saadat 3606865ad4 Canal v3.13.1 2020-03-25 12:09:46 +00:00
Ole Markus With 7e87eddbea Make cilium operator health check go against localhost IP 
Health check will fail otherwise
 2020-03-25 08:38:47 +01:00
fentas 49b18cd3f7 Add cilium option tofqdns-dns-reject-response-code 2020-03-21 16:52:08 +01:00
Ole Markus With e77a7d495c Allow configuration of enable-remote-node-identity 2020-03-19 09:48:59 +01:00
Kubernetes Prow Robot 36cf282870
Merge pull request #8752 from johngmyers/missing-priority 
Add missing priorityClassName to addons
 2020-03-18 17:54:43 -07:00
liranp 526fd98afa
feature(spotinst): upgrade controller (v1.0.57) 2020-03-18 18:48:37 +02:00
Ciprian Hacman eb2c9e336c Update Weave Net to version 2.6.2 2020-03-17 19:44:20 +02:00
John Gardiner Myers 09df6ac844 Remove unreferenced template 2020-03-15 13:51:14 -07:00
John Gardiner Myers 63ccaa14d6 Add missing priorityClassName to addons 2020-03-15 13:51:10 -07:00
Ciprian Hacman b3fbb494c6 Fix template for kube-router v0.4.0 2020-03-15 17:38:59 +02:00
Kubernetes Prow Robot 88600407f4
Merge pull request #8629 from olemarkus/cilium-etcd-operator 
Add option to use etcd managed by cilium-etcd-operator as kvstore
 2020-03-14 17:18:34 -07:00
Ole Markus With 0c27aa3ce8
Update upup/models/cloudup/resources/addons/networking.cilium.io/k8s-1.12.yaml.template 
Co-Authored-By: John Gardiner Myers <jgmyers@proofpoint.com>
 2020-03-14 21:44:44 +01:00
eric-hole 450fad6e4c Fixes the prom to sd params in metadata-proxy 2020-03-14 12:18:05 -07:00
eric-hole bd6a54958f Fix addon manifest version for metadata-proxy 2020-03-14 12:18:05 -07:00
eric-hole b52e322159 Adds metadata concealment addon for GCE node 2020-03-14 12:18:05 -07:00
eric-hole 12ce5f0e9c Node metadata-concealment in GCE, first pass 2020-03-14 12:18:05 -07:00
Kubernetes Prow Robot 7d030ae459
Merge pull request #8742 from hakman/kube-router-0.4.0-2 
Fix template for kube-router v0.4.0
 2020-03-14 10:42:35 -07:00
Kubernetes Prow Robot ae51a5b138
Merge pull request #8582 from joshbranham/feature/better-default-storageclass 
Create New Default StorageClass: kops-ssd-1-17
 2020-03-14 08:46:35 -07:00
Ciprian Hacman 163c11fc6c Fix template for kube-router v0.4.0 2020-03-14 17:23:12 +02:00
Ole Markus With a98666d05a Set kube-proxy-replacement to partial 
Fully relying on kube-proxy breaks network policies.
Setting kube-proxy-replacement to partial instead of disabled makes
cilium behave as in 1.6.
 2020-03-14 08:38:41 +01:00
Ole Markus With e5ecce6edb Remove conditional with only comments 2020-03-13 20:17:42 +01:00
Ole Markus With 2274045924 Add option to use etcd managed by cilium-etcd-operator as kvstore 2020-03-13 20:17:42 +01:00
Ciprian Hacman 84648dce4a Update kube-router to v0.4.0 2020-03-13 17:54:32 +02:00
Kubernetes Prow Robot e902c45a08
Merge pull request #8697 from UnderMyBed/kuberouter-1.16-fix 
Fix kuberouter for k8s 1.16+
 2020-03-12 11:12:38 -07:00
Matt Shipman 26fb6d030b fix kuberouter for k8s 1.16 
Starting in k8s 1.16 the kublet requires that cniVersion is set in the cni config
 2020-03-12 10:27:08 -07:00
Peter Rifel a999b3ea61 fix OWNERS labels format 
These need to be lists
 2020-03-10 22:47:50 -05:00
Ole Markus With e92e70c7d0 When nodeport is enabled, use strict kube-proxy-replacement to ensure cilium fully replaces kube-proxy 2020-03-10 18:05:44 +01:00
Kubernetes Prow Robot db435ee7cd
Merge pull request #8717 from rifelpet/owners-labels 
Add labels to OWNERS files
 2020-03-10 08:23:51 -07:00
Peter Rifel 237a125f2c Add labels to OWNERS files 
This will automatically label PRs that touch these directories.

This makes it easier to query GitHub for PRs that affect certain areas of the code.

I mostly used existing labels but created some new ones as well.
 2020-03-10 08:35:58 -05:00
Ilya Dmitrichenko c304d221a6
Bump Cilium to 1.7.1 for k8s 1.12+ 2020-03-10 11:05:12 +00:00
Ciprian Hacman 689be235e5 Update Weave Net to version 2.6.1 2020-03-06 20:40:23 +02:00
mikesplain 07ffaaefc3
Add env var config 2020-03-05 16:51:03 -05:00
Peter Rifel 70f4429622 Revert "Update AWS IAM Authenticator to 0.5.0" 
This reverts commit 03ccbfeb99.
 2020-03-04 07:38:42 -06:00
Peter Rifel 318e9a1441 Revert "Switch AWS IAM Authenticator to use non-scratch image" 
This reverts commit 79027c18d4.
 2020-03-04 07:38:30 -06:00
Ciprian Hacman f218f0bd7a Update Calico and Canal to v3.12.0 2020-02-27 04:03:42 +02:00
Kubernetes Prow Robot e07f84708e
Merge pull request #8276 from rifelpet/aws-vpc-cni-env-vars 
Add support for custom env vars in amazon-vpc-cni
 2020-02-26 15:07:20 -08:00
Matteo Ruina 555d82b58c
Update coredns to 1.6.7 2020-02-21 09:16:00 +01:00
Ole Markus With 84837a81a4 Fix typo in the cilium default version 2020-02-20 08:07:07 +01:00
Josh Branham 9f033f8e99 Set kops-ssd-1-17 class name 2020-02-19 12:43:09 -05:00
Josh Branham 67d377c49f Update expected 2020-02-19 12:42:54 -05:00
Ole Markus With d0d833144d Bump Cilium to 1.7 for k8s 1.12+ 
Cilium 1.7 requires K8s 1.12 minimum. Changed the templates so that we
can have different cilium versions for different k8s versions.

This also mean that this addon will behave similar to other addons wrt
upgrades. Cilium used to add a fixed version to the cluster spec on cluster creation so
upgrades were slightly more manual. Now, for new clusters, upgrades will
happen implicitly with kops updates unless the .Version is added
manually to the cluster spec.
 2020-02-19 18:26:07 +01:00
Ole Markus With ced8f00201 Add option to use ENI as IPAM mode for Cilium 
* Force cilium-operator run on master nodes
* Add option for setting cilium ipam mode
* If cilium ipam mode is eni, add additional permissions to master nodes
* Allow NonMasqueradeCIDR overlap with NetworkCIDR when Cilium ENI is enabled
 2020-02-16 19:11:01 +01:00
Kubernetes Prow Robot 721ed47e9d
Merge pull request #8555 from rifelpet/aws-iam-authenticator-scratch 
Switch AWS IAM Authenticator to use non-scratch image
 2020-02-13 20:10:17 -08:00
Peter Rifel cd34cf41c5 Switch AWS IAM Authenticator to use non-scratch image 
The authenticator binary uses glog which requires write access to the filesystem under /tmp
On the scratch image /tmp doesnt exist which caused a crash loop:

```
time="2020-02-14T02:06:00Z" level=info msg="creating event broadcaster"
time="2020-02-14T02:06:00Z" level=info msg="setting up event handlers"
W0214 02:06:00.358119       1 client_config.go:539] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
log: exiting because of error: log: cannot create log: open /tmp/aws-iam-authenticator.ip-X-X-X-X.aws-iam-authenticator.log.WARNING.20200214-020600.1: no such file or directory
```

Switching to debian-stretch fixed the issue although it could really be any of the other images in the release [0]

[0] https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/tag/v0.5.0
 2020-02-13 20:29:49 -06:00
Kubernetes Prow Robot 91867ce4b5
Merge pull request #8220 from olemarkus/cilium-nodeport 
Cilium nodeport
 2020-02-13 09:18:36 -08:00
Ciprian Hacman d5f96d7204 Update amazon-vpc-cni-k8s to v1.6.0 2020-02-13 10:32:51 +02:00
Peter Rifel 5ea96fa6a0 Add events RBAC permissions to kops-controller 
I noticed in our new kops-controller logs that there is a permission denied error at startup.

Apparently part of the leader election process involves creating and watching for events off of the kops-controller-leader configmap.
This will add the necessary permissions to silence this error.

https://storage.googleapis.com/kubernetes-jenkins/logs/ci-kubernetes-e2e-kops-aws/1227728236914413570/artifacts/ip-172-20-46-137.ap-northeast-2.compute.internal/kops-controller-6k9sz.log
 2020-02-12 18:34:38 -06:00
Ole Markus With eee672f293 Fixes some issues with running Cilium nodeport 
* Cilium need to talk to the internal cluster API on  public IPs instead of the internal service
* Tell people explicitly they have to disable kubeproxy so it won't conflict with nodeport
 2020-02-11 10:14:59 +01:00
Kubernetes Prow Robot 4606e8ee79
Merge pull request #8423 from rifelpet/aws-authenticator-update 
Update AWS IAM Authenticator to 0.5.0
 2020-02-10 20:12:00 -08:00
Kubernetes Prow Robot 0440876f31
Merge pull request #8497 from johngmyers/runasnonroot 
Mark dns-controller and kops-controller as non-root
 2020-02-10 18:48:00 -08:00
Peter Rifel e506f1b356 Add support for custom environment variables to amazonvpc daemonset 2020-02-10 16:51:47 -06:00
GuyTempleton f6b6f277d9
Revert "Merge pull request #8452 from maruina/coredns-1.6.7" 
This reverts commit 4a9fbdca9c, reversing
changes made to 48eb069e61.
 2020-02-06 23:34:20 +00:00
John Gardiner Myers 7fa990c86a Mark dns-controller and kops-controller as non-root 2020-02-06 12:12:11 -08:00
Kubernetes Prow Robot 4f2cddaa8b
Merge pull request #8433 from olemarkus/cilium-prometheus 
Make it possible to enable Prometheus metrics for Cilium
 2020-02-06 10:17:24 -08:00
Justin SB 9b9615bf53 Release 1.18.0-alpha.2 2020-02-05 21:58:08 -05:00
Justin SB 0cb35638f2
Stop logging to /var/log/kops-controller.log 
Writing to a hostPath from a non-root container requires file
ownership changes, which is difficult to roll out today.  See
discussion in #8454

We were primarily using the logfile for e2e diagnostics, so we're
going to look into collecting the information via other means instead.

We also haven't yet shipped this logfile in a released version (though
we have shipped it in beta releases)
 2020-02-04 06:41:25 -05:00
Ole Markus With eed15b471a Make it possible to enable Prometheus metrics for Cilium 2020-02-03 19:11:34 +01:00
Kubernetes Prow Robot 051ceeea70
Merge pull request #8445 from daviddyball/master 
Cilium - Add missing Identity Allocation Mode to Operator Template
 2020-02-03 09:11:21 -08:00
Kubernetes Prow Robot 4a9fbdca9c
Merge pull request #8452 from maruina/coredns-1.6.7 
Update coredns to 1.6.7
 2020-01-31 14:37:21 -08:00
Justin SB 4416b24ee8 Release 1.18.0-alpha.1 2020-01-31 08:22:33 -05:00
Matteo Ruina cc15043dca Update coredns to 1.6.7 2020-01-31 10:59:48 +01:00
David Dyball cd470b1487 Cilium - Add missing Identity Allocation Mode to Operator Template 2020-01-30 14:33:08 +00:00
Peter Rifel 32e6a6b534 Update AWS IAM Authenticator to 0.5.0 
I merged changes from these manifests:

https://github.com/kubernetes-sigs/aws-iam-authenticator/blob/v0.5.0/deploy/example.yaml

https://github.com/kubernetes-sigs/aws-iam-authenticator/blob/v0.5.0/deploy/iamidentitymapping.yaml

The new version supports replacing the configmap with a IAMIdentityMapping custom resource, but the --backend-mode command argument isnt yet exposed through the kops API, so it will still only use configmaps.
We can expose a BackendMode API field in a followup PR.
 2020-01-30 07:09:07 -06:00
John Gardiner Myers 9f3e31c73b Merge branch 'master' into critical-pod 
Conflicts:
	upup/pkg/fi/cloudup/bootstrapchannelbuilder.go
	upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc/manifest.yaml
	upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml
	upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/manifest.yaml
	upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/weave/manifest.yaml
 2020-01-29 09:15:56 -08:00
Kubernetes Prow Robot 0c2c2e2e1f
Merge pull request #8318 from johngmyers/trim-addons 
Remove addons only applicable to unsupported versions of Kubernetes
 2020-01-27 00:19:02 -08:00
Kubernetes Prow Robot 1860e409d1
Merge pull request #8333 from gjtempleton/CoreDNS-1.6.6 
CoreDNS default image bump to 1.6.6 to resolve CVE
 2020-01-26 23:39:02 -08:00
GuyTempleton d15971e240
Remove tmp volume as well as mount 2020-01-24 15:56:13 +00:00
John Gardiner Myers 38aafc7cdc Add missing priorityClassName for critical pods 2020-01-21 21:03:07 -08:00
Ole Markus With 5a5508aa37 Add Cilium.EnablePolicy back into templates 
This may have dropped out when we bumped Cilium to 1.6
It is possible to set this value in the cluster spec, but it isn't used anywhere
 2020-01-21 08:11:04 +01:00
Ciprian Hacman f1727a5c1b Fix issues with older versions of k8s for basic clusters 2020-01-19 16:40:36 +02:00
John Gardiner Myers 5907f97c90 Merge branch 'master' into trim-addons 
Conflicts:
	upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/manifest.yaml
	upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/weave/manifest.yaml
 2020-01-17 22:17:15 -08:00
Kubernetes Prow Robot a49ce910a8
Merge pull request #8265 from ReillyProcentive/WeaveNpcExtraArgs 
Add support for weave.npcExtraArgs
 2020-01-16 15:06:32 -08:00
Reilly Brogan f5ce3f674b Change description of NPCExtraArgs in response to PR Feedback. Drop support for K8S 1.7 2020-01-15 15:06:03 -06:00
Reilly Brogan a2473156ae Rename NpcExtraArgs to NPCExtraArgs, fix manifest tests 2020-01-14 17:31:19 -06:00
GuyTempleton b4bfdcbfac
CoreDNS default image bump to 1.6.6 
Also updates the default corefile config to make use of the new lameduck functionality for healthcheck
 2020-01-14 14:23:10 +00:00
John Gardiner Myers 6b1a131528 Remove addons only applicable to unsupported versions of Kubernetes 2020-01-11 21:23:58 -08:00
Peter Rifel ae245a497e Remove kops-controller deployment 
The migration was first made in 1.16.0-alpha.1, so that means 2 releases have been out that set the replicas to zero.
This removal negatively impacts anyone that created a cluster from kops HEAD between 1.15.0 and 1.16.0-alpha.1, and then upgraded kops directly to the 1.16.0 release that includes this commit, without having first upgraded to either of the alphas.

That seems like a reasonably small enough audience that this is safe to remove now.
Perhaps we mention in the release notes that anyone using HEAD or one of the alpha releases needs to `kubectl delete -n kube-system deployment kops-controller`
 2020-01-10 10:13:31 -06:00
Ciprian Hacman 36993f5b74 Fix unit name for memory request for weave 2020-01-10 07:34:25 +02:00
Peter Rifel e0fa147b15 Enable host logging for kops-controller 
This makes it easier to get the kops-controller logs from e2e tests since it they only dump log files from systemd services and /var/log files [0]

[0] ec0fe6bd36/kubetest/dump.go (L50-L74)
 2020-01-07 11:00:41 -06:00
Kubernetes Prow Robot cd9e01cb03
Merge pull request #8274 from rifelpet/aws-vpc-cni-cluster-name 
Set CLUSTER_NAME env var on amazon-vpc-cni pods
 2020-01-06 10:40:16 -08:00
Peter Rifel af9c0d0387 Set CLUSTER_NAME env var on amazon-vpc-cni pods 
This will tag ENIs with `cluster.k8s.amazonaws.com/name`
 2020-01-05 13:37:18 -06:00
Reilly Brogan 3e5b211bcd Add support for weave.npcExtraArgs 2020-01-03 21:28:37 -06:00
Kubernetes Prow Robot 2b24f69f9c
Merge pull request #8216 from mmerrill3/feature/issue-8113-weave-resources 
Adding ability to configure resources for weave (#8113)
 2020-01-03 06:43:40 -08:00
mmerrill3 b38bafe79d Adding ability to configure resources for weave (#8113) 
Signed-off-by: mmerrill3 <michael.merrill@vonage.com>
 2019-12-28 18:07:11 -05:00
Kubernetes Prow Robot 423233c6a4
Merge pull request #8131 from rochacon/cniless-dns-controller 
dns-controller: allow it to run on CNI networking mode and remove dependency on kube-proxy
 2019-12-27 21:43:38 -08:00
Kubernetes Prow Robot e558059ca9
Merge pull request #7898 from bboreham/weave-2-6-0 
Update Weave Net to version 2.6.0
 2019-12-26 12:33:38 -08:00
liranp 0c1d22043e
feature(ocean): upgrade controller (v1.0.50) 2019-12-19 11:02:19 +02:00
Rodrigo Chacon e449467543 dns-controller: tolerate lack of CNI on master 
When booting a cluster with `--networking=cni`, `dns-controller` will
not start due to the master node being _tainted_ as "network unreachable".
This adds an extra step when managing your own CNI setup, having to SSH
into a master and publish the CNI manifests from there.

This commit adds tolerance and configuration that allows `dns-controller`
pod to start when running with `--networking=cni`, properly creating the
DNS records so the operator can remotely publish the CNI and extra
manifests to have a full working cluster.

This also removes the dependency on `kube-proxy`, by adding the
`KUBERNETES_SERVICE_HOST` environment variable, bypassing `kube-proxy`
when disabled.

Presumably, as a side-effect, this change also allows for
"host network only" clusters to work.

Signed-off-by: Rodrigo Chacon <rochacon@gmail.com>
 2019-12-19 02:10:35 -03:00
Bryan Boreham 556399e0a7 Update Weave Net to version 2.6.0 
Signed-off-by: Bryan Boreham <bryan@weave.works>
 2019-12-17 13:31:43 +00:00
Ciprian Hacman 5c57ce49f9 Revert ClusterRole name to "calico" 2019-12-14 15:06:27 +02:00
Ciprian Hacman a806f10b4e Make Calico-Typha and Canal templates easier to compare to each other 2019-12-13 21:46:17 +02:00
Ciprian Hacman 7ef9d0a5c1 Add role.kubernetes.io/networking labels for Canal 2019-12-13 21:46:17 +02:00
Ciprian Hacman f6193e0c41 Fix indent of metadata.name field for felixconfigurations.crd.projectcalico.org 2019-12-13 21:46:17 +02:00
Ciprian Hacman 346d0ba9bc Make templates easier to compare with official manifests 2019-12-13 21:46:17 +02:00
Ciprian Hacman 3b25c0c66a Add Calico v3.10.2 2019-12-13 21:46:11 +02:00
Jesse Haka a2e3e57bd3 add missing rbac rules 2019-12-12 11:21:10 +02:00
Ciprian Hacman dd69274cf2 Set FELIX_IPTABLESBACKEND for Calico and Canal 2019-12-10 13:45:33 +02:00
Kubernetes Prow Robot b76ffb359a
Merge pull request #7992 from DavidSie/pr_cloud_controller_template_function 
Cloud controller template function
 2019-12-09 13:54:02 -08:00
Ciprian Hacman f21df7cd6f Fix mounting Calico "flexvol-driver-host" in CoreOS 2019-12-08 16:43:29 +02:00
Kashif Saadat fcf6f0098c Canal Typha spec and apimachinery 2019-12-06 15:36:48 +00:00
Kashif Saadat 9b7a798136 Add Typha support for Canal Networking 2019-12-06 15:36:48 +00:00
Kashif Saadat ebbebc5af3 Canal v3.10 manifest for k8s v1.15+ 2019-12-06 14:50:00 +00:00