kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,627 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

4761 Commits

Author SHA1 Message Date
Peter Rifel 6a53285ffe
Move AWS CCM image logic into pkg/model and add 1.21 and 1.22 images 2021-09-08 20:56:39 -05:00
Ole Markus With ff714b2359 Ensure heritage record exists 2021-09-08 13:15:48 +02:00
Peter Rifel 24e463adba
Include kops- prefix in external-dns TXT record 
This matches the --txt-owner-id flag we specify in the external-dns pod
 2021-09-07 20:58:58 -05:00
Jesse Haka bb35842eba use ipip Always by default in OpenStack 2021-09-07 17:08:54 +03:00
Antti Paloposki e1ddf87c55 Set explicit fsType to be able to mount volumes 2021-09-06 13:34:09 +03:00
Ole Markus With f5fed2a08d Move nvidia config under containerd 2021-09-05 20:28:07 +02:00
Ole Markus With dae4b123ba Add labels and taints to gpu nodes 2021-09-05 20:17:06 +02:00
Ole Markus With b144304240 Install nvidia device driver addon 2021-09-05 20:09:04 +02:00
Ole Markus With b852a804d9 Don't allow IGs with both GPU and non-GPU types 2021-09-05 20:09:04 +02:00
Ole Markus With 4ab75b01cb Have instances learn about their GPU capabilities 2021-09-05 20:09:04 +02:00
Ole Markus With 2d013e460c Install nvidia container runtime 2021-09-05 20:09:04 +02:00
Kubernetes Prow Robot 543e9c40e1
Merge pull request #12273 from hakman/break_for_non-placeholder_ip 
Fix bootstrap when at least one IP is available
 2021-09-05 02:47:27 -07:00
Kubernetes Prow Robot 75bd1b1f5a
Merge pull request #12251 from zetaab/updatecsios 
update openstack CSI
 2021-09-05 02:47:20 -07:00
Kubernetes Prow Robot d06394def8
Merge pull request #12268 from olemarkus/fix-core 
Fix core manifest
 2021-09-05 00:57:19 -07:00
Ciprian Hacman 053595ad3d Fix bootstrap when at least one IP is available 2021-09-05 10:11:17 +03:00
Ciprian Hacman a8b1b7f0f4 Try to bootstrap when at least one IP is available 2021-09-04 16:42:03 +03:00
Ole Markus With dac7002b39 Fix core manifest 2021-09-04 12:49:59 +02:00
Kubernetes Prow Robot c98d0b54e4
Merge pull request #12265 from olemarkus/cilium-masq-ipv6 
Disable masquerade means disable masquerade if ipv6 too
 2021-09-04 01:27:19 -07:00
Kubernetes Prow Robot 0463fa7ffd
Merge pull request #12258 from olemarkus/ipv6-cloudconfig 
Set NodeIPFamilies in ipv6 mode
 2021-09-04 00:19:19 -07:00
Ole Markus With 1c53e37491 Disable masquerade means disable masquerade if ipv6 too 2021-09-04 08:54:16 +02:00
Ole Markus With bf96c42a60 Use node internal IP for metrics-server 2021-09-03 13:03:35 +02:00
Ole Markus With ec2dcfca48 Set NodeIPFamilies in ipv6 mode 2021-09-03 08:31:09 +02:00
Jesse Haka 0d9ebd5b0e use k8s.gcr.io 2021-09-02 12:08:54 +03:00
Jesse Haka 744d27189f update openstack CSI 2021-09-02 11:37:47 +03:00
Kubernetes Prow Robot c70ced2f66
Merge pull request #12219 from dntosas/nodelocaldns-bump-version 
[addons/node-local-dns] Bump version and make image field configurable
 2021-09-01 04:54:59 -07:00
Ole Markus With e2fd94d104 Make json logging on deployment and enable k8s events 2021-08-31 22:59:30 +02:00
Ole Markus With b52008d9b6 Add instance state change notification to nth 2021-08-31 22:54:21 +02:00
Kubernetes Prow Robot fc91d0d459
Merge pull request #12229 from olemarkus/bump-cm-2212 
Bump cert-manager to 1.5.3
 2021-08-31 07:23:37 -07:00
Kubernetes Prow Robot 5f7b4d7838
Merge pull request #12232 from zetaab/checknilinterface 
check does iface has associations
 2021-08-31 05:53:36 -07:00
Jesse Haka 0cfcd418e7 check does iface has associations 2021-08-31 14:27:55 +03:00
Ole Markus With 4bde644786 Bump cert-manager to 1.5.3 2021-08-31 13:12:58 +02:00
dntosas f558f2441a
[addons/nodelocaldns] Bump image to latest stable v1.20.0 
As per
 3b17e06879,
 node-local-dns addon is now builded with latest coreDNS base v1.8 and
 that brings great consistency between cache and upstream servers in a
 manner of configuration, metrics name convention, etc.

 So in this commit, we bump node-local-dns image to latest v1.20.0 which
 is build upon latest coreDNS and also add support for overriding this
 field.

Signed-off-by: dntosas <ntosas@gmail.com>
 2021-08-31 14:07:19 +03:00
Jesse Haka 5896479b8f fix parse semver 2021-08-31 13:56:08 +03:00
Kubernetes Prow Robot 6403de580c
Merge pull request #12221 from johngmyers/kube-proxy-rbac 
Move bootstrap RBAC from protokube to core bootstrap addon
 2021-08-30 05:38:54 -07:00
Kubernetes Prow Robot 9cc3ffffe3
Merge pull request #12215 from burntcarrot/fix-staticcheck-errors 
Fix new staticcheck errors
 2021-08-30 04:56:53 -07:00
burntcarrot 208ae1eebd Update instance.go 
Signed-off-by: burntcarrot <aadhav.n1@gmail.com>
 2021-08-30 09:18:02 +05:30
John Gardiner Myers 01dd7d562e hack/update-expected.sh 2021-08-29 14:19:02 -07:00
John Gardiner Myers 62c4ce4d93 Move bootstrap RBAC from protokube to core bootstrap addon 2021-08-29 12:36:21 -07:00
John Gardiner Myers be8933b577 Remove code for unsupported features 2021-08-28 13:49:55 -07:00
John Gardiner Myers 6655022ce1 Remove support for the Lyft CNI 2021-08-28 11:54:39 -07:00
burntcarrot 7a6e1c1e68 Fix new staticcheck errors 
Signed-off-by: burntcarrot <aadhav.n1@gmail.com>
 2021-08-28 19:48:17 +05:30
Kubernetes Prow Robot bf559f042d
Merge pull request #12198 from dntosas/metrics-server-bump-minor-version 
[addons/metrics-server] Bump minor version
 2021-08-28 02:38:52 -07:00
John Gardiner Myers 1ea4168cab Release 1.23.0-alpha.1 2021-08-27 21:12:45 -07:00
John Gardiner Myers fa053ffba5 Prepare 1.23 branch 2021-08-27 21:07:14 -07:00
Peter Rifel bfb58af697
Prefix terraform resource names when they'd otherwise begin with a digit 2021-08-27 12:57:56 -05:00
Ole Markus With 67b1ace14f Validate external-dns spec 2021-08-27 06:32:25 +02:00
Ole Markus With 0152c23c1e Remove externaldns feature flag 2021-08-27 06:30:01 +02:00
Ole Markus With 41c3ff2aac Make external dns provider configurable 2021-08-27 06:28:02 +02:00
Ole Markus With 38f805c5ef Make external-dns a drop-in for dns-controller 
Support TXT records
 2021-08-27 06:24:47 +02:00
Kubernetes Prow Robot 446aea1d62
Merge pull request #12188 from olemarkus/kubelet-ip-altnames 
Add ip addresses into kubelet certs
 2021-08-26 21:09:00 -07:00
Ole Markus With ad16042a1f Add IPs to kubelet server cert 
Since AWS does not resolve instance hostnames to ipv6, ipv6-only pods that talk to kubelet API has to use node IP, not hostname. Thus we need to add IPs to kubelet server cert.
 2021-08-26 20:54:02 +02:00
Kubernetes Prow Robot bb38a3e52e
Merge pull request #12067 from h3poteto/iss-11608 
Support AWS LB access log configuration in cluster spec
 2021-08-25 16:51:23 -07:00
AkiraFukushima 73f7307844
Add AccessLog attribute to CloudFormation and Terraform renderer 2021-08-25 22:55:53 +09:00
dntosas 075fd29f20
[addons/metrics-server] Bump minor version 
Updating image and manifest to latest stable version.

Signed-off-by: dntosas <ntosas@gmail.com>
 2021-08-24 11:00:29 +03:00
Peter Rifel bf20cef86f
Add terraform outputs OIDC provider ARN and issuer 
These fields are valuable because their fields are used in the assume role policies of service account IAM roles, based on the docs here:

https://docs.aws.amazon.com/eks/latest/userguide/create-service-account-iam-policy-and-role.html#aws-cli
 2021-08-23 21:48:59 -05:00
Justin SB 0722124e8e Initial IPv6 support for GCE 
Supporting IPv6 values where they can be set by the user, and ensuring
that IPv4 and IPv6 firewall rules are split because on GCP they cannot
be in the same rule.
 2021-08-21 20:09:31 -04:00
Kubernetes Prow Robot 022452a61b
Merge pull request #12189 from olemarkus/bump-cm-2211 
Bump cert-manager to 1.5.2
 2021-08-21 13:49:59 -07:00
Ole Markus With 11ffa653cb Bump cert-manager to 1.5.2 2021-08-21 21:12:23 +02:00
Amit Prasad 48fa73f3bb Add option in Cluster Autoscaler AddOn for AWS EC2 Static instance list 2021-08-21 22:44:31 +05:30
Kubernetes Prow Robot ecb85a207a
Merge pull request #12173 from srikiz/DO-Fix-DNSProvider-Interface-Package 
[DigitalOcean] Code refactor to use the existing dnsprovider package
 2021-08-18 22:53:24 -07:00
Kubernetes Prow Robot 181f278218
Merge pull request #12176 from olemarkus/bump-snapshot-controller-22 
Bump snapshot-controller
 2021-08-18 14:19:45 -07:00
Ole Markus With 7f4066a909 Bump snapshot-controller 2021-08-18 20:39:16 +02:00
Ole Markus With 2288900ae6 Bump cert-manager to 1.5.1 2021-08-18 20:34:05 +02:00
Kubernetes Prow Robot be493f1788
Merge pull request #12158 from olemarkus/cilium-wireguard-support 
Cilium wireguard support
 2021-08-16 23:18:00 -07:00
Reilly Brogan 1b59233c8e Debian 11: Release AMIs use same AWS Owner ID as Buster 2021-08-16 12:06:36 -05:00
Ole Markus With 890187d822 Only ipsec requires ciliumpassword 2021-08-16 14:08:59 +02:00
dntosas 0e8d189aee [cilium] Add support for encryption via WireGuard 
In this commit, we enable users to choose WireGuard as their prefered
encryption type, leveraging this new feature from Cilium.

Ref: https://cilium.io/blog/2021/05/20/cilium-110#wireguard

Signed-off-by: dntosas <ntosas@gmail.com>
 2021-08-16 14:08:59 +02:00
Kubernetes Prow Robot 3afe121a29
Merge pull request #12148 from olemarkus/reconcile-public 
Reconcile if managedFile is public or not
 2021-08-13 12:15:32 -07:00
Ole Markus With 67b4024694 Reconcile if managedFile is public or not 2021-08-13 20:20:44 +02:00
Antonio Ojea f61a5d79ab leverage proxy env variables 2021-08-13 19:27:17 +02:00
Ole Markus With caf46fef6a Bump AWS CSI Driver to 1.2.0 2021-08-13 11:14:05 +02:00
Kubernetes Prow Robot b1e6064501
Merge pull request #12141 from olemarkus/cilium-bump-211 
Bump cilium to 1.10.3
 2021-08-12 13:11:50 -07:00
Ole Markus With 133eb1f7ba Bump cilium to 1.10.3 2021-08-12 21:12:25 +02:00
Ole Markus With 57bd06b281 Bump Cert Manager for 1.22 2021-08-12 08:36:22 +02:00
srikiz 41439109a8 Fix DNS Provider package for DO 2021-08-12 00:01:50 +05:30
Kubernetes Prow Robot 4a0fa2d108
Merge pull request #12122 from mitch000001/openstack-port-metadata 
Openstack: add port metadata
 2021-08-10 12:48:39 -07:00
Mike Splain 03a2557252 Fix cases when the VPC doesn't exist yet 2021-08-09 15:42:41 -04:00
Michael Wagner 99330549e4 feat(openstack): enrich ports with more metadata 
The overall goal is to get rid of the specific port names and replace
them with hashed ones. This in turn allows us to introduce rolling
updates for Openstack in a later stage.
 2021-08-09 08:49:12 +02:00
Kubernetes Prow Robot e7b52981ab
Merge pull request #12119 from rifelpet/dns-controller-api 
Update dns-controller to use networking.k8s.io/v1 Ingress API
 2021-08-08 15:11:30 -07:00
Peter Rifel 95aa8953a2
./hack/update-expected.sh 2021-08-08 16:24:49 -04:00
Peter Rifel b193d2d583
Update addon manifests referencing RBAC v1beta1 2021-08-08 16:12:39 -04:00
Peter Rifel 0789a5ad9c
./hack/update-expected.sh 2021-08-08 15:54:27 -04:00
Peter Rifel 7c2112b32d
Update dns-controller to use networking.k8s.io/v1 for watching Ingresses 2021-08-08 15:54:27 -04:00
Kubernetes Prow Robot b858297fa4
Merge pull request #12114 from olemarkus/metrics-server-secure-not-insecure 
Make metrics-server insecure if insecure is true
 2021-08-07 15:13:36 -07:00
Kubernetes Prow Robot 64f00d71ae
Merge pull request #12109 from olemarkus/useserviceaccountexternalpermissions 
Remove UseServiceAccountIAM feature flag and rename feature to UseServiceAccountExternalPermissions
 2021-08-07 15:13:30 -07:00
Kubernetes Prow Robot a9a5865032
Merge pull request #12111 from rifelpet/os-lb-vipacl 
In-line openstack loadbalancer feature detection
 2021-08-07 12:31:29 -07:00
Ole Markus With 0439bb0d76 Remove UseServiceAccountIAM feature flag and rename feature to UseServiceAccountExternalPermissions 2021-08-07 21:20:03 +02:00
Ole Markus With 612be4b1fc Make metrics-server insecure if insecure is true 
Also add tests for each variation to make sure this sticks
 2021-08-07 20:44:50 +02:00
Ole Markus With ce86d851aa IRSA support for CCM 
Update pkg/model/components/addonmanifests/awscloudcontroller/iam.go

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-08-07 10:27:36 +02:00
Kubernetes Prow Robot 76727cb4a0
Merge pull request #12108 from ReillyBrogan/debian11 
Support Debian 11 Bullseye
 2021-08-06 15:45:29 -07:00
Reilly Brogan 850bca8db6 Support Debian 11 Bullseye 2021-08-06 12:52:16 -05:00
Peter Rifel ce821a614f
In-line openstack loadbalancer feature detection 
This was our only reliance on cloud-provider-openstack which depends on k8s.io/kubernetes.

With the logic in-lined, kops no longer has any indirect dependencies of k/k
 2021-08-06 08:19:53 -04:00
Kubernetes Prow Robot c382408684
Merge pull request #12107 from olemarkus/fix-albc 
Revert most of #12023 and keep awslbc on CP nodes
 2021-08-05 11:23:19 -07:00
Ole Markus With 1839b1ac47 Revert most of #12023 and keep awslbc on CP nodes 2021-08-05 19:30:27 +02:00
John Gardiner Myers 832e773324 Update Kubernetes dependencies to 1.22.0 2021-08-04 16:54:07 -07:00
Kubernetes Prow Robot d148cbed8d
Merge pull request #12049 from iGene/octavia_provider_option 
Add Option to Specify OpenStack Octavia Provider
 2021-08-04 01:33:24 -07:00
Kubernetes Prow Robot 3a293781a6
Merge pull request #11784 from ederst/add-os-config-drive 
Launch Openstack instances with config drive
 2021-08-04 00:49:24 -07:00
Kubernetes Prow Robot 3ee3e30267
Merge pull request #12096 from hakman/docker-20.10.8 
Update Docker to v20.10.8
 2021-08-03 21:39:24 -07:00
Ciprian Hacman 92ab49cdfb Update Docker to v20.10.8 2021-08-04 06:19:43 +03:00
AkiraFukushima 2fd69ba3a3
Remove access log attributes when the spec is removed from cluster spec 2021-08-03 17:45:20 +09:00
Kubernetes Prow Robot 283080bc30
Merge pull request #12083 from CheyiLin/nth 
Add nth rebalance recommendation configs
 2021-08-02 21:40:48 -07:00
AkiraFukushima 226cbe5561
Support AWS LB access log configuration for NetworkLoadBalancer 2021-08-03 12:12:16 +09:00
Cheyi Lin 408bb7dfbe Add nth rebalance recommendation configs 2021-08-02 16:20:17 +08:00
Ciprian Hacman 966d2d6308 Update Calico to v3.20.0 2021-08-02 08:51:37 +03:00
Kubernetes Prow Robot a9207f4a6c
Merge pull request #12087 from johngmyers/sha256-manifest 
Use SHA-256 for manifest hashes
 2021-08-01 21:55:23 -07:00
John Gardiner Myers d6a159a258 hack/update-expected.sh 2021-08-01 16:42:14 -07:00
John Gardiner Myers 03434509e2 Use SHA-256 for manifest hashes 2021-08-01 16:37:01 -07:00
Justin SB 912e28d95a GCE: TargetPool should ignore Lifecycle field 
It's an internal field, it shouldn't be detected as a change to apply.
 2021-07-30 14:57:14 +00:00
Ciprian Hacman 541d328812 Update containerd to v1.4.9 2021-07-30 07:30:42 +03:00
Kubernetes Prow Robot 5bd6a49b26
Merge pull request #12062 from hakman/coredns-1.8.4 
Update core-dns to v1.8.4
 2021-07-29 11:14:57 -07:00
AkiraFukushima 50ab82ed04
Support AWS LB access log configuration in cluster spec 2021-07-29 22:39:23 +09:00
Kubernetes Prow Robot 8c5c8018db
Merge pull request #12065 from MoShitrit/aws-cni-1.9.0 
Update AWS CNI to v1.9.0
 2021-07-28 23:04:19 -07:00
Ciprian Hacman fc3a103baf Update core-dns to v1.8.4 2021-07-29 08:23:35 +03:00
Kubernetes Prow Robot 05964b9375
Merge pull request #12059 from hakman/containerd-1.4.8 
Update containerd to v1.4.8
 2021-07-28 22:20:19 -07:00
Moshe Shitrit 13a489571b update auto-generated files after update-expected and verify-apimachinery 2021-07-29 00:19:44 -04:00
Moshe Shitrit f0f15df565 update aws-cni version to 1.9.0 2021-07-29 00:05:20 -04:00
Ciprian Hacman b6464658d4 Update containerd to v1.4.8 2021-07-29 05:27:10 +03:00
Kubernetes Prow Robot 81432c6d2f
Merge pull request #12043 from johngmyers/sts-region 
Use regional STS endpoint
 2021-07-28 01:39:35 -07:00
John Gardiner Myers 085b43e420 Clean up "kops get secrets" 2021-07-27 21:33:52 -07:00
Ching Kuo 7fba614a3c Add Option to Specify OpenStack Octavia Provider 
In newer version of OpenStack, there are multiple octavia provider to
choose from instead of only "octavia" as provider. This commit added a
command line option "os-octavia-provider", enabling user to specify the
octavia provider that will be use to create load balancers.
 2021-07-27 15:15:17 +08:00
John Gardiner Myers babf07136e Use regional STS endpoint 2021-07-24 22:33:30 -07:00
John Gardiner Myers cd1aa1ab53 Simplify FindSSHPublicKeys() interface 2021-07-24 09:01:22 -07:00
John Gardiner Myers cddefc0a1f Simplify DeleteSSHCredential() interface 2021-07-24 09:01:21 -07:00
John Gardiner Myers 4bbed0339a Split out "delete sshpublickey" command 2021-07-24 09:01:21 -07:00
John Gardiner Myers d935a419f8 Simplify AddSSHPublicKey() interface 2021-07-24 08:59:57 -07:00
Kubernetes Prow Robot 34ce86adf2
Merge pull request #12019 from johngmyers/catasks-nobootstrap 
Fix certificate bootstrap for non-kops-controller-bootstrap cloud providers
 2021-07-19 15:56:15 -07:00
Kubernetes Prow Robot be63d4f1a7
Merge pull request #11953 from rifelpet/tf-cp 
Return a clearer error when terraform is used on an unsupported provider
 2021-07-19 10:52:52 -07:00
Kubernetes Prow Robot 14d58a4e87
Merge pull request #12024 from olemarkus/irsa-nth 
Add irsa support for node termination handler
 2021-07-19 10:06:52 -07:00
Ole Markus With d31c682506 Set vpc-id on aws lbc 2021-07-19 15:14:15 +02:00
Ole Markus With 28bd45a8fa Add irsa support for nth 2021-07-19 15:12:35 +02:00
Peter Rifel 5b62e73726
Add shell completion for `--target` 2021-07-19 08:35:36 -04:00
Peter Rifel ce0d8955ef
Return a clearer error when terraform is used on an unsupported provider 2021-07-19 08:29:05 -04:00
Kubernetes Prow Robot 147b0be4f9
Merge pull request #12020 from johngmyers/refactor-featureflag 
Report unknown feature flags as such
 2021-07-18 18:04:52 -07:00
John Gardiner Myers f244790d51 Make version boundaries const 2021-07-18 16:29:41 -07:00
John Gardiner Myers f6b053de9d Report unknown feature flags as such 2021-07-18 16:24:04 -07:00
John Gardiner Myers e9fc12b4f3 Fix certificate bootstrap for non-kops-controller-bootstrap cloud providers 2021-07-18 13:37:19 -07:00
Peter Rifel 4d872b85d2
Add azure support for specifying a shared vpc 
This allows the `create cluster --vpc` flag to specify the vnet ID for using shared vnets.
 2021-07-18 10:46:58 -07:00
Ciprian Hacman 4d7ebd343c
Release 1.22.0-alpha.2 (#12012) 2021-07-17 21:42:51 -07:00
John Gardiner Myers e6ede8f4a9 Don't provision SSH key by default on AWS 2021-07-17 16:33:26 -07:00
John Gardiner Myers 3ae5413f63 Use keypair IDs for non-kops-controller-issued worker node certs 2021-07-15 14:04:48 -07:00
Kubernetes Prow Robot f24f12f84c
Merge pull request #11982 from johngmyers/bootstrap-keypairid 
Verify CA keypair IDs for kops-controller-issued certs
 2021-07-15 12:31:03 -07:00
Kubernetes Prow Robot e187359069
Merge pull request #11962 from rifelpet/azure-vmss-zone 
Azure - support VMSS availability zones
 2021-07-15 05:58:48 -07:00
Peter Rifel affbeb3c5b
Fix Azure zone number format passed to VMSS API 2021-07-14 19:06:28 -04:00
John Gardiner Myers 191df58267 Verify CA keypair IDs for kops-controller-issued certs 2021-07-14 08:15:28 -07:00
Kubernetes Prow Robot 2526a35962
Merge pull request #11986 from olemarkus/nodeup-containerd 
Move containerd config from cloudup to nodeup
 2021-07-14 02:10:27 -07:00
Ole Markus With c17ec3a7e7 Move containerd config from cloudup to nodeup 2021-07-14 10:28:37 +02:00
Ole Markus With a13cdb38f3 Add region to aws lbc 2021-07-14 08:23:53 +02:00
liranp 786244aa9b
feat(spot/addon): bump ocean-controller to v1.0.77 2021-07-12 12:45:15 +03:00
John Gardiner Myers 9dbf3479d6 Stop writing the certificate-only keyset.yaml 2021-07-11 11:16:11 -07:00
Kubernetes Prow Robot 73b1bce020
Merge pull request #11975 from johngmyers/refactor-legacy 
Issue certs using CA KeypairID in NodeupConfig
 2021-07-11 01:56:47 -07:00