kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,755 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

770 Commits

Author SHA1 Message Date
Justin SB 2be21562a9 Support writing a full certificate chain 
This means that our https endpoint will serve the ca.crt as well.
 2020-08-25 11:09:04 -04:00
Ciprian Hacman f267c54b9a Stop trying to pull the Protokube image 2020-08-25 09:04:45 +03:00
Kubernetes Prow Robot f1a0e0312f
Merge pull request #9777 from hakman/containerd-1.4.0 
Add support for containerd v1.4.0
 2020-08-18 14:45:11 -07:00
Kubernetes Prow Robot bacd944dea
Merge pull request #9776 from johngmyers/cni-client-certs 
Issue the cilium etcd client cert out of kops-controller
 2020-08-18 08:13:30 -07:00
Ciprian Hacman 537ad60191 Add support for containerd v1.4.0 2020-08-18 10:04:18 +03:00
Kubernetes Prow Robot ffe3b3468d
Merge pull request #9766 from hakman/distros 
Use /etc/os-release to identify the distribution
 2020-08-17 22:37:30 -07:00
John Gardiner Myers 07220797b4 Issue the cilium etcd client cert out of kops-controller 2020-08-17 21:15:34 -07:00
John Gardiner Myers 2d898fa645 Inline some methods 2020-08-17 00:18:00 -07:00
John Gardiner Myers b6947ccaee Use kops-controller to issue kube-router cert 2020-08-16 23:40:38 -07:00
John Gardiner Myers 8e43c1d637 Use kops-controller to issue kube-proxy cert 2020-08-16 23:36:42 -07:00
Ciprian Hacman 22ec1512dc Use numbers for distribution names 2020-08-17 07:25:43 +03:00
Ciprian Hacman e68ee80a93 Move and rename the "distros" package 2020-08-17 07:25:43 +03:00
Peter Rifel 4d9f0128a3
Upgrade to klog2 
This splits up the kubernetes 1.19 PR to make it easier to keep up to date until we get it sorted out.
 2020-08-16 20:56:48 -05:00
John Gardiner Myers 1a253dc574 Send the STS queries to the local region 2020-08-15 10:30:22 -07:00
John Gardiner Myers fb381c4c8b Don't issue kubelet cert on masters before k8s 1.19 2020-08-15 10:30:21 -07:00
John Gardiner Myers c5871df319 Get kubelet certificate from kops-controller 2020-08-15 10:30:20 -07:00
John Gardiner Myers bec273ebf1 Implement signing of kubelet cert in kops-controller 2020-08-15 10:30:20 -07:00
John Gardiner Myers 321035f460 Allow cert/key file tasks to specify owner 2020-08-15 10:30:20 -07:00
John Gardiner Myers cfa262a81a Authenticate from nodeup to kops-controller 2020-08-15 09:50:08 -07:00
John Gardiner Myers 9c01e1f44d Send bootstrap query from nodeup to kops-controller 2020-08-15 09:50:08 -07:00
John Gardiner Myers 82c75211cf update-expected.sh 2020-08-15 09:50:07 -07:00
John Gardiner Myers 00c60ddff6 Add server code to kops-controller 2020-08-15 09:46:30 -07:00
Kubernetes Prow Robot 96ab8423b1
Merge pull request #9566 from hakman/arm64-images 
Add ARM64 support for masters
 2020-08-14 20:46:17 -07:00
John Gardiner Myers e405d24f8c Default kubelet authenticationTokenWebhook to true for k8s 1.19+ 2020-08-14 11:57:56 -07:00
Ciprian Hacman 331d223043 ARM64 support - Side-load multi-arch images 2020-08-10 13:47:07 +03:00
John Gardiner Myers d2e7e2a41d Default kubelet authorization-mode to Webhook for k8s 1.19+ 2020-08-08 21:00:48 -07:00
Ole Markus With a708a96c05 Adds support for using OS application credentials 
Application credentials allows you to export a purpose-specific set of
credentials for a user instead of exposing user login credentials.
Especially useful when using LDAP or similar for Openstack users.
Also lets you rotate credentials more easily since multiple application
credentials can be provisioned per user.

Update pkg/model/bootstrapscript.go

Co-authored-by: Ciprian Hacman <ciprianhacman@gmail.com>
 2020-08-07 14:26:47 +02:00
Ole Markus With 7e2366ac64 Determine fixedip for api cert directly in nodeup 2020-08-04 08:22:00 +02:00
Ciprian Hacman 479da6e4bf Fix test that tries to find the default user's home dir 2020-07-29 05:12:53 +03:00
Ciprian Hacman 0566e65f9b Add Ubuntu 20.04 support for Docker 18.06.3 2020-07-23 14:32:03 +03:00
Ciprian Hacman 234149559b Restore default SELinux security contexts for container runtime binaries 2020-07-20 05:44:19 +03:00
John Gardiner Myers c0774d7ffa Stop using legacy IAM in integration tests 2020-07-17 19:32:48 -07:00
John Gardiner Myers ef1765b734 Use fixed UID for etcd user and restrict to legacy provider 2020-07-15 23:48:19 -07:00
Kubernetes Prow Robot 7a61e9f07a
Merge pull request #9403 from hakman/protokube-distroless 
Use distroless image as base for Protokube
 2020-07-12 20:32:34 -07:00
Kubernetes Prow Robot 33722a9eca
Merge pull request #9534 from johngmyers/fix-multi-master 
Use a stable key for signing service account tokens
 2020-07-12 12:04:33 -07:00
John Gardiner Myers ee88693b5b update-expected.sh 2020-07-11 13:18:59 -07:00
John Gardiner Myers 70926d43fc Use a stable key for signing service account tokens 2020-07-11 13:18:50 -07:00
Ciprian Hacman ed3f43bf4c Remove the checksum workaround for Flannel VXLAN 2020-07-10 07:55:52 +03:00
Kubernetes Prow Robot 0c62641dad
Merge pull request #9354 from johngmyers/refactor-certs-2 
Continue refactoring certs into nodeup
 2020-07-06 17:13:57 -07:00
Ciprian Hacman 94104810c8 Update tests output 2020-07-05 14:41:29 +03:00
Ciprian Hacman 64fff220c9 Mount host bin dirs for "utils/nsenter" and "utils/mount" 2020-07-05 14:41:29 +03:00
Ciprian Hacman 3a057aa27c Use distroless image as base for protokube 2020-07-05 14:41:29 +03:00
Justin SB 6cdf9d5001 Don't start kubelet in protokube 
Previously as an optimization we would start the kubelet from
protokube, after we had mounted the disks.  This helped avoid e.g. the
apiserver going into backoff waiting for etcd.

However, this no longer achieves anything with etcd-manager - nothing
happens on this front until after we start the kubelet anyway.

Doing this both takes protokube out of the dependency sequence here
(slightly faster boot time), but also removes the systemd dependency
from the protokube image.  (So we can get a smaller image, perhaps
even distroless)
 2020-07-05 14:41:29 +03:00
Ciprian Hacman 69511a998e Use kubelet docker-specific flags only for Docker 2020-07-05 07:57:10 +03:00
Kubernetes Prow Robot 734a0eb5f3
Merge pull request #9415 from johngmyers/refactor-nodeup-2 
Continue moving InstanceGroup data to NodeupConfig
 2020-07-02 20:50:47 -07:00
Ciprian Hacman 44b66d66ac Add DockerBuilder test for Docker 19.03.11 2020-07-01 21:22:53 +03:00
Ciprian Hacman e9a9da0953 Add containerd service dependency for newer Docker versions 2020-07-01 08:54:42 +03:00
Ciprian Hacman a7c8d2087c Use github.com/blang/semver/v4 2020-07-01 08:54:42 +03:00
Ciprian Hacman 11b8b8d13b Rearrange manifest to match official manifest 2020-07-01 08:27:38 +03:00
Ciprian Hacman 307548b976 Remove workaround for socket activation on CentOS/RHEL distros 2020-07-01 07:17:52 +03:00