kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,483 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

184 Commits

Author SHA1 Message Date
Kubernetes Prow Robot fda6210e29
Merge pull request #13104 from olemarkus/tag-on-create-func 
Create helper function for ec2 create/tag-on-create IAM permissions
 2022-01-18 19:30:06 -08:00
Ole Markus With 0ef596dd49 Do not create an IAM role for dns-controller on gossip clusters 2022-01-16 10:31:11 +01:00
Ole Markus With f4e538508f Create helper function for ec2 create/tag-on-create IAM permissions 2022-01-14 18:41:28 +01:00
Ole Markus With 0cfea49250 Do not expose the policy actions sets out of package 2021-12-13 09:14:20 +01:00
Ole Markus With 794cb72112 Karpenter addon 
Constrain the instance types to what is supported by the AMI

Add taints and label to karpenter provisioner

Add instance types to karpenter provisioner
 2021-12-12 19:33:41 +01:00
Ciprian Hacman ea7df00719 Run hack/update-gofmt.sh 2021-12-01 22:39:50 +02:00
John Gardiner Myers b9ac79ec6e Rename fields in v1alpha3 networking API to fit acronym convention 2021-11-22 08:07:55 -08:00
John Gardiner Myers 5a42c10fd3 Rename fields in v1alpha3 cluster API to fit acronym convention 2021-11-21 16:16:32 -08:00
Kubernetes Prow Robot b47e023b1e
Merge pull request #12680 from rifelpet/fix-iam-conditions 
Fix ELB IAM conditions (part 2)
 2021-11-03 23:34:03 -07:00
Peter Rifel 9d0d1998cb
Move CLB CreateLoadBalancer* IAM actions to cluster-tagged 
Manual testing confirmed that these require aws:ResourceTag rater than aws:RequestTag
 2021-11-03 22:16:30 -05:00
Peter Rifel c3e8420731
Revert "Move some AWS IAM policy actions from tagged conditions to wildcard" 
This reverts commit 91e4767851.
 2021-11-03 21:59:43 -05:00
Kubernetes Prow Robot 1e97b0cf76
Merge pull request #12674 from rifelpet/fix-iam-conditions 
Remove tag conditions on certain AWS IAM actions
 2021-11-03 02:24:59 -07:00
Peter Rifel 91e4767851
Move some AWS IAM policy actions from tagged conditions to wildcard 
I checked these against the IAM docs for each API and moved the actions that dont support tag conditions:
https://docs.aws.amazon.com/service-authorization/latest/reference/list_elasticloadbalancing.html#elasticloadbalancing-actions-as-permissions
https://docs.aws.amazon.com/service-authorization/latest/reference/list_elasticloadbalancingv2.html#elasticloadbalancingv2-actions-as-permissions
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html#amazonec2-actions-as-permissions
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2autoscaling.html#amazonec2autoscaling-actions-as-permissions
 2021-11-02 20:06:35 -05:00
Peter Rifel dede42efd2
Fix cluster name used in IAM policies 2021-11-02 17:39:57 -05:00
Kubernetes Prow Robot 9bc5887610
Merge pull request #12638 from rifelpet/arn-partition 
Fix hardcoded ARN partitions
 2021-10-29 23:37:19 -07:00
Peter Rifel c734f5c08d
Update IAMBuilder to include the current partition in ARNs 2021-10-29 23:07:31 -05:00
Ciprian Hacman 9d1e11c73a Allow kops-controller to describe network interfaces 2021-10-30 06:50:32 +03:00
Kubernetes Prow Robot 5bfdefb43c
Merge pull request #12623 from johngmyers/cilium-ipv6-ipam 
Never masquerade IPv6 with Cilium
 2021-10-29 05:56:51 -07:00
John Gardiner Myers 7cb4fbe91e Never masquerade IPv6 with Cilium 2021-10-27 23:40:02 -07:00
Ciprian Hacman a3f4ed7502 Update node permissions 2021-10-28 07:47:09 +03:00
Ole Markus With 795ac25363 Add permissions needed for KCM to provision NLBs 2021-10-26 08:51:28 +02:00
Kubernetes Prow Robot af85e5e52e
Merge pull request #12309 from olemarkus/lbc-security 
Allow AWS LBC to attach certificates
 2021-10-23 13:16:21 -07:00
Peter Rifel 7b3fc875f9
Add ec2:DescribeLaunchTemplateVersions to CA IAM policy 2021-10-20 15:15:06 -07:00
John Gardiner Myers 8e6214c046 Stop requiring the cluster IAM substruct be present 2021-10-02 20:18:46 -07:00
justinsb db1ba01e94 Only add IPv6 IAM permissions if using IPv6 
This avoids users wondering what these permissions are for until we
need them.
 2021-09-18 13:49:40 -04:00
Ole Markus With a3a2a9c3bf Have nodeup assign an ipv6 prefix 2021-09-16 19:28:07 +02:00
Ole Markus With bdad72e9aa Allow AWS LBC to attach certificates 2021-09-11 12:50:37 +02:00
Ole Markus With 4ab75b01cb Have instances learn about their GPU capabilities 2021-09-05 20:09:04 +02:00
John Gardiner Myers 6655022ce1 Remove support for the Lyft CNI 2021-08-28 11:54:39 -07:00
Ole Markus With 38f805c5ef Make external-dns a drop-in for dns-controller 
Support TXT records
 2021-08-27 06:24:47 +02:00
Peter Rifel 3db20bed01
./hack/update-expected.sh 2021-08-20 08:41:25 -05:00
Peter Rifel 67007e1a0a
Consolidate IAM statements 2021-08-19 23:16:04 -05:00
Ole Markus With 0439bb0d76 Remove UseServiceAccountIAM feature flag and rename feature to UseServiceAccountExternalPermissions 2021-08-07 21:20:03 +02:00
Ole Markus With ce86d851aa IRSA support for CCM 
Update pkg/model/components/addonmanifests/awscloudcontroller/iam.go

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-08-07 10:27:36 +02:00
John Gardiner Myers b94bcafe56 Remove unnecessary IAM permission 2021-07-23 14:03:41 -07:00
Ole Markus With 7c448d3535 Remove redundant call to addSnapshotPermissions 2021-07-19 21:19:05 +02:00
Ole Markus With 28bd45a8fa Add irsa support for nth 2021-07-19 15:12:35 +02:00
Ole Markus With f0390eda29 Dedicated function for ccm permissons 
Update pkg/model/iam/iam_builder.go

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2021-07-16 19:39:57 +02:00
John Gardiner Myers 9dbf3479d6 Stop writing the certificate-only keyset.yaml 2021-07-11 11:16:11 -07:00
Ole Markus With a98bfdb64f Allow filefs to be used to mock s3 policies 2021-07-04 07:34:56 +02:00
Ole Markus With aad2912710 Add sets for the remaining addons 2021-07-01 10:37:57 +02:00
Ole Markus With df5b58b1b3 Add sets for the typical default role perms 2021-07-01 10:28:01 +02:00
Ole Markus With 37271998e1 Use sets for aws lbc permissions 2021-07-01 10:19:40 +02:00
Ole Markus With c7bd1c1529 Add s3 policies to integration tests 2021-07-01 09:26:58 +02:00
Ole Markus With 9885714957 Use NewPolicy for the non-master roles 2021-07-01 09:19:35 +02:00
Ole Markus With 19833e6b73 Use sets for ebscsidriver permissions 2021-07-01 09:02:04 +02:00
Ole Markus With d8bf4dcae1 NewPolicy function for instantiating policy struct 2021-07-01 08:39:43 +02:00
John Gardiner Myers 2faf28379a Refactor etcd-client-cilium secrets 2021-06-25 23:57:23 -07:00
Kubernetes Prow Robot 89ad2bc453
Merge pull request #11810 from hakman/ipv6_disable_calico_awssrcdstcheck 
Enable cross-subnet mode with Calico by default
 2021-06-25 01:08:45 -07:00
Ciprian Hacman a12b3145ee Enable cross-subnet mode with Calico by default 2021-06-25 07:13:20 +03:00