kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,687 Commits 31 Branches 256 Tags 544 MiB
Commit Graph

1811 Commits

Author SHA1 Message Date
justinsb 345f3d85f1 Fix controller defaults for both bootstrap tokens and ipv6 
The previous logic would override the controller slice in each
condition, instead of building it up.
 2021-09-18 13:12:26 -04:00
Ole Markus With dc4c559d41 Set some needed defaults for cloud ipam 2021-09-16 21:11:09 +02:00
Ole Markus With a3a2a9c3bf Have nodeup assign an ipv6 prefix 2021-09-16 19:28:07 +02:00
Ole Markus With 384b9796f7 Don't set cluster ip if we use cloud ipam 2021-09-16 19:26:48 +02:00
Kubernetes Prow Robot 7a67dce053
Merge pull request #12314 from olemarkus/sgr-ids 
Use sg rule ids and tags where possible
 2021-09-12 07:10:07 -07:00
Kubernetes Prow Robot 3fd7b446c0
Merge pull request #12305 from hakman/node_ip_families 
Make AWS CCM NodeIPFamilies configurable
 2021-09-12 06:26:14 -07:00
Kubernetes Prow Robot 2e3ca721a5
Merge pull request #12291 from hakman/aws-ccm-1.22.0-alpha.0 
Default to latest staging image for AWS CCM
 2021-09-12 06:26:07 -07:00
Ole Markus With d98994686a Use sg rule ids and tags where possible 2021-09-12 14:32:58 +02:00
Kubernetes Prow Robot 1b431b4c9c
Merge pull request #11628 from olemarkus/gpu-runtime 
Pre-install nvidia container runtime + drivers on GPU instances
 2021-09-11 13:00:07 -07:00
Ciprian Hacman cf8b11b0d4 Default to latest staging image for AWS CCM 2021-09-11 18:38:24 +03:00
Ole Markus With bba3c3abfe Bump aws ebs csi driver to 1.2.1 2021-09-11 14:15:31 +02:00
Ole Markus With bdad72e9aa Allow AWS LBC to attach certificates 2021-09-11 12:50:37 +02:00
Ciprian Hacman dde08e839d Make AWS CCM NodeIPFamilies configurable 2021-09-11 13:09:08 +03:00
Peter Rifel 0d13da839a
Use MasterInternalName for gossip cluster SA issuer 
This reverts a change introduced earlier in 1.22 that resulted in existing service account tokens becoming invalid after a kops upgrade.
 2021-09-10 14:40:07 -04:00
Kubernetes Prow Robot 39eb930646
Merge pull request #12290 from rifelpet/imds-ipv6 
Enable IMDS IPv6 endpoint
 2021-09-09 06:04:11 -07:00
Peter Rifel 60c86e1a44
Enable IMDS IPv6 endpoint when IPv6AddressCount > 0 2021-09-09 07:24:14 -05:00
Kubernetes Prow Robot 5a917b5186
Merge pull request #12104 from rifelpet/ccm-tag 
Update AWS CCM tags
 2021-09-09 02:54:11 -07:00
Peter Rifel 6a53285ffe
Move AWS CCM image logic into pkg/model and add 1.21 and 1.22 images 2021-09-08 20:56:39 -05:00
Simone Sciarrati 6773fdf495 option to omit --cluster-cidr from kubeproxy config 2021-09-08 14:46:06 +02:00
Ole Markus With f5fed2a08d Move nvidia config under containerd 2021-09-05 20:28:07 +02:00
Ole Markus With 4ab75b01cb Have instances learn about their GPU capabilities 2021-09-05 20:09:04 +02:00
Ole Markus With 2d013e460c Install nvidia container runtime 2021-09-05 20:09:04 +02:00
Ole Markus With c390d45f76 Set ipv6 nameservers on aws 
AWS now provides ipv6 DNS server endpoint at a fixed address (rather than ipv4, which depends on the VPC CIDR block). This isn't provided in dhcp, and anyways we want to ensure we use this endpoint in ipv6 mode and not have ipv4 in the mix.
 2021-09-03 09:47:37 +02:00
Kubernetes Prow Robot c7eb08c76f
Merge pull request #12193 from olemarkus/protect-kernel-defaults 
Enable protect-kernel-defaults by default and set the correct sysctls in nodeup
 2021-09-02 04:42:09 -07:00
Kubernetes Prow Robot c70ced2f66
Merge pull request #12219 from dntosas/nodelocaldns-bump-version 
[addons/node-local-dns] Bump version and make image field configurable
 2021-09-01 04:54:59 -07:00
Ole Markus With b52008d9b6 Add instance state change notification to nth 2021-08-31 22:54:21 +02:00
dntosas f558f2441a
[addons/nodelocaldns] Bump image to latest stable v1.20.0 
As per
 3b17e06879,
 node-local-dns addon is now builded with latest coreDNS base v1.8 and
 that brings great consistency between cache and upstream servers in a
 manner of configuration, metrics name convention, etc.

 So in this commit, we bump node-local-dns image to latest v1.20.0 which
 is build upon latest coreDNS and also add support for overriding this
 field.

Signed-off-by: dntosas <ntosas@gmail.com>
 2021-08-31 14:07:19 +03:00
John Gardiner Myers be8933b577 Remove code for unsupported features 2021-08-28 13:49:55 -07:00
John Gardiner Myers f041bdafdc More kops 1.23 updates 2021-08-28 11:54:39 -07:00
John Gardiner Myers 6655022ce1 Remove support for the Lyft CNI 2021-08-28 11:54:39 -07:00
John Gardiner Myers 1ea4168cab Release 1.23.0-alpha.1 2021-08-27 21:12:45 -07:00
Ole Markus With b3982e1033 Apply suggestions from code review 
Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2021-08-27 06:45:50 +02:00
Ole Markus With 0152c23c1e Remove externaldns feature flag 2021-08-27 06:30:01 +02:00
Ole Markus With 41c3ff2aac Make external dns provider configurable 2021-08-27 06:28:02 +02:00
Ole Markus With 38f805c5ef Make external-dns a drop-in for dns-controller 
Support TXT records
 2021-08-27 06:24:47 +02:00
Kubernetes Prow Robot bb38a3e52e
Merge pull request #12067 from h3poteto/iss-11608 
Support AWS LB access log configuration in cluster spec
 2021-08-25 16:51:23 -07:00
Ole Markus With 4ef0172ee9 Enable protect-kernel-defaults by default and set the correct sysctls in nodeup 2021-08-23 11:48:20 +02:00
Kubernetes Prow Robot 20e472eded
Merge pull request #12170 from justinsb/gce_ipv6 
Initial IPv6 support for GCE
 2021-08-22 00:31:59 -07:00
Kubernetes Prow Robot cf2b0febf1
Merge pull request #12183 from rifelpet/consolidate-iam 
Consolidate statements in control plane IAM role
 2021-08-21 19:09:59 -07:00
Justin SB 0722124e8e Initial IPv6 support for GCE 
Supporting IPv6 values where they can be set by the user, and ensuring
that IPv4 and IPv6 firewall rules are split because on GCP they cannot
be in the same rule.
 2021-08-21 20:09:31 -04:00
Amit Prasad 48fa73f3bb Add option in Cluster Autoscaler AddOn for AWS EC2 Static instance list 2021-08-21 22:44:31 +05:30
Peter Rifel 3db20bed01
./hack/update-expected.sh 2021-08-20 08:41:25 -05:00
Peter Rifel 67007e1a0a
Consolidate IAM statements 2021-08-19 23:16:04 -05:00
Ole Markus With 83d818705e Don't set encryption type if encryption is disabled 2021-08-16 14:08:59 +02:00
Ole Markus With 7534890b3a Use enum for cilium encryption types 2021-08-16 14:08:59 +02:00
dntosas 0e8d189aee [cilium] Add support for encryption via WireGuard 
In this commit, we enable users to choose WireGuard as their prefered
encryption type, leveraging this new feature from Cilium.

Ref: https://cilium.io/blog/2021/05/20/cilium-110#wireguard

Signed-off-by: dntosas <ntosas@gmail.com>
 2021-08-16 14:08:59 +02:00
Ole Markus With caf46fef6a Bump AWS CSI Driver to 1.2.0 2021-08-13 11:14:05 +02:00
Ole Markus With 133eb1f7ba Bump cilium to 1.10.3 2021-08-12 21:12:25 +02:00
Ole Markus With 4e589431d5 Bump CAS for 1.22 2021-08-11 09:55:03 +02:00
Michael Wagner e1f3c5dbf8 chore(openstack): make sure our port tags are short 
OpenStack limits the tag length to 60 characters.
 2021-08-09 08:49:12 +02:00
Michael Wagner 99330549e4 feat(openstack): enrich ports with more metadata 
The overall goal is to get rid of the specific port names and replace
them with hashed ones. This in turn allows us to introduce rolling
updates for Openstack in a later stage.
 2021-08-09 08:49:12 +02:00
Peter Rifel 9c824e80f8
Pass AZURE_ENVIRONMENT to nodeup 
This allows nodeup to use the same azure environment as the kops cli, working towards support for azure government.
 2021-08-08 15:34:44 -04:00
Kubernetes Prow Robot 64f00d71ae
Merge pull request #12109 from olemarkus/useserviceaccountexternalpermissions 
Remove UseServiceAccountIAM feature flag and rename feature to UseServiceAccountExternalPermissions
 2021-08-07 15:13:30 -07:00
Kubernetes Prow Robot a9a5865032
Merge pull request #12111 from rifelpet/os-lb-vipacl 
In-line openstack loadbalancer feature detection
 2021-08-07 12:31:29 -07:00
Ole Markus With 0439bb0d76 Remove UseServiceAccountIAM feature flag and rename feature to UseServiceAccountExternalPermissions 2021-08-07 21:20:03 +02:00
Ole Markus With ce86d851aa IRSA support for CCM 
Update pkg/model/components/addonmanifests/awscloudcontroller/iam.go

Co-authored-by: John Gardiner Myers <jgmyers@proofpoint.com>
 2021-08-07 10:27:36 +02:00
Ole Markus With 2042912a5b Remap IRSA for DaemonSets too 2021-08-07 07:41:47 +02:00
Peter Rifel ce821a614f
In-line openstack loadbalancer feature detection 
This was our only reliance on cloud-provider-openstack which depends on k8s.io/kubernetes.

With the logic in-lined, kops no longer has any indirect dependencies of k/k
 2021-08-06 08:19:53 -04:00
Kubernetes Prow Robot 3a293781a6
Merge pull request #11784 from ederst/add-os-config-drive 
Launch Openstack instances with config drive
 2021-08-04 00:49:24 -07:00
Kubernetes Prow Robot 3ee3e30267
Merge pull request #12096 from hakman/docker-20.10.8 
Update Docker to v20.10.8
 2021-08-03 21:39:24 -07:00
Ciprian Hacman 92ab49cdfb Update Docker to v20.10.8 2021-08-04 06:19:43 +03:00
AkiraFukushima 2fd69ba3a3
Remove access log attributes when the spec is removed from cluster spec 2021-08-03 17:45:20 +09:00
AkiraFukushima 226cbe5561
Support AWS LB access log configuration for NetworkLoadBalancer 2021-08-03 12:12:16 +09:00
Cheyi Lin 408bb7dfbe Add nth rebalance recommendation configs 2021-08-02 16:20:17 +08:00
Ciprian Hacman 541d328812 Update containerd to v1.4.9 2021-07-30 07:30:42 +03:00
Kubernetes Prow Robot 91ee2e31fb
Merge pull request #12072 from rifelpet/lc-cleanup 
Cleanup various references to LaunchConfigurations
 2021-07-29 20:29:37 -07:00
Peter Rifel a0a6e3c974
Cleanup various references to LaunchConfigurations 2021-07-29 22:25:01 -04:00
AkiraFukushima 50ab82ed04
Support AWS LB access log configuration in cluster spec 2021-07-29 22:39:23 +09:00
Ciprian Hacman b6464658d4 Update containerd to v1.4.8 2021-07-29 05:27:10 +03:00
John Gardiner Myers 80eb3c42ac hack/update-expected.sh 2021-07-23 14:11:10 -07:00
John Gardiner Myers b94bcafe56 Remove unnecessary IAM permission 2021-07-23 14:03:41 -07:00
Kubernetes Prow Robot 34ce86adf2
Merge pull request #12019 from johngmyers/catasks-nobootstrap 
Fix certificate bootstrap for non-kops-controller-bootstrap cloud providers
 2021-07-19 15:56:15 -07:00
Ole Markus With 7c448d3535 Remove redundant call to addSnapshotPermissions 2021-07-19 21:19:05 +02:00
Ole Markus With 28bd45a8fa Add irsa support for nth 2021-07-19 15:12:35 +02:00
John Gardiner Myers 1f705615c7 hack/update-expected.sh 2021-07-18 13:37:20 -07:00
John Gardiner Myers e9fc12b4f3 Fix certificate bootstrap for non-kops-controller-bootstrap cloud providers 2021-07-18 13:37:19 -07:00
Ciprian Hacman 4d7ebd343c
Release 1.22.0-alpha.2 (#12012) 2021-07-17 21:42:51 -07:00
John Gardiner Myers e6ede8f4a9 Don't provision SSH key by default on AWS 2021-07-17 16:33:26 -07:00
Ole Markus With f0390eda29 Dedicated function for ccm permissons 
Update pkg/model/iam/iam_builder.go

Co-authored-by: Peter Rifel <rifelpet@users.noreply.github.com>
 2021-07-16 19:39:57 +02:00
Kubernetes Prow Robot e187359069
Merge pull request #11962 from rifelpet/azure-vmss-zone 
Azure - support VMSS availability zones
 2021-07-15 05:58:48 -07:00
Peter Rifel affbeb3c5b
Fix Azure zone number format passed to VMSS API 2021-07-14 19:06:28 -04:00
John Gardiner Myers e185c8148d hack/update-expected.sh 2021-07-11 11:16:11 -07:00
John Gardiner Myers 9dbf3479d6 Stop writing the certificate-only keyset.yaml 2021-07-11 11:16:11 -07:00
John Gardiner Myers d58a19e1bd Refactor service-account signing key 2021-07-10 17:31:59 -07:00
John Gardiner Myers 0e25ceaadd Change "kubernetes-ca" to have that in the CN 2021-07-09 00:12:30 -07:00
Peter Rifel 9552b25050
Azure - support VMSS availability zones 
Azure's subnets are regional so we use similar functionality to GCE where we reference the InstanceGroup's zones rather than a subnet's zone.
IG Zones are already populated on cluster creation here: b358037896/upup/pkg/fi/cloudup/new_cluster.go (L682-L684)
 2021-07-08 23:10:23 -04:00
John Gardiner Myers cdf26302b2 hack/update-expected.sh 2021-07-08 18:46:03 -07:00
John Gardiner Myers c35d101a89 Refactor keysets for etcd-manager 2021-07-08 18:46:03 -07:00
Ciprian Hacman fd08e2b047 Run hack/update-expected.sh 2021-07-08 22:12:12 +03:00
Ciprian Hacman 1e41439e36 Use etcd v3.5.0 for Kubernetes 1.22+ 2021-07-08 22:09:22 +03:00
Ole Markus With a98bfdb64f Allow filefs to be used to mock s3 policies 2021-07-04 07:34:56 +02:00
Kubernetes Prow Robot 2e4a1ae143
Merge pull request #11921 from johngmyers/rename-k8s-ca 
Rename the "ca" keyset to "kubernetes-ca"
 2021-07-03 21:48:18 -07:00
Kubernetes Prow Robot cf834ce5fc
Merge pull request #11843 from olemarkus/reduce-policy-size-further 
Reduce policy size further
 2021-07-03 17:58:18 -07:00
John Gardiner Myers 5834fc2690 hack/update-expected.sh 2021-07-03 17:33:13 -07:00
John Gardiner Myers 921d09523e Rename the "ca" keyset to "kubernetes-ca" 2021-07-03 17:33:13 -07:00
Peter Rifel df1f9d4986
Remove unused test files from legacy IAM 2021-07-03 12:17:59 -04:00
Ole Markus With aefa906491 Do not set both CIDR and IPv6CIDR on sg rules 2021-07-03 07:57:35 +02:00
Peter Rifel c5fbcccfa6
Update pause image to 3.5 2021-07-02 06:40:27 -04:00
John Gardiner Myers 5c5969d102 hack/update-expected.sh 2021-07-01 22:25:51 -07:00
John Gardiner Myers 1e0c6cb1aa Refactor apiserver-aggregator-ca 2021-07-01 22:25:47 -07:00