Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[EKS] Change Kubernetes control plane to EKS (the eks branch) #7808

Open
wants to merge 355 commits into
base: dev
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
355 commits
Select commit Hold shift + click to select a range
153724f
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Sep 25, 2024
84e348e
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Sep 25, 2024
68fe435
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Sep 25, 2024
6c97239
Merge pull request #8204 from zalando-incubator/dev-to-eks
demonCoder95 Sep 25, 2024
f656d1f
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Sep 25, 2024
836b92e
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Sep 26, 2024
823753e
schedule previous master components on seed node pool
linki Sep 25, 2024
db0a2eb
Merge pull request #8207 from zalando-incubator/dev-to-eks
mikkeloscar Sep 26, 2024
a917f13
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Sep 26, 2024
8906222
Merge pull request #8215 from zalando-incubator/dev-to-eks
RomanZavodskikh Sep 26, 2024
766108b
Revert to 1.30 AMI for eks
mikkeloscar Sep 26, 2024
32e3289
Merge pull request #8230 from zalando-incubator/eks-1.30-nodes
mikkeloscar Sep 26, 2024
519ab54
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Sep 26, 2024
cc3733f
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Sep 26, 2024
cdd64b1
Make eks okta identity provider optional
mikkeloscar Sep 27, 2024
7c14b24
Merge pull request #8229 from zalando-incubator/dev-to-eks
linki Sep 27, 2024
6df526a
Merge pull request #8232 from zalando-incubator/eks-okta-optional
linki Sep 27, 2024
f3feb1c
Merge branch 'eks-kube-1.30' into eks
linki Sep 27, 2024
11fafea
update EKS control plane to 1.31
linki Sep 27, 2024
2e77a89
Revert "Revert to 1.30 AMI for eks"
linki Sep 27, 2024
ea3cf02
update AMI to latest version with containerd 1.7
linki Sep 27, 2024
1b2d616
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Sep 27, 2024
2dc6080
Merge pull request #8237 from zalando-incubator/dev-to-eks
katyanna Sep 27, 2024
3cce66a
Merge branch 'dev' into eks
mikkeloscar Sep 28, 2024
aa16a78
Provide AWS credentials to aws-node via eks-pod-identity
mikkeloscar Sep 27, 2024
d3d6cbc
eks: aws-node update to latest cni plugin version
mikkeloscar Sep 27, 2024
642bdff
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Sep 30, 2024
953d787
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 1, 2024
df70a79
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 1, 2024
90cd7f5
Merge pull request #8242 from zalando-incubator/eks-aws-node-latest
katyanna Oct 1, 2024
2c7a6bc
Merge pull request #8251 from zalando-incubator/dev-to-eks
linki Oct 1, 2024
adaff69
Merge pull request #8243 from zalando-incubator/eks-pod-identity
mikkeloscar Oct 1, 2024
ef3eac6
Merge branch 'dev' into eks
mikkeloscar Oct 1, 2024
22aa2f5
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 1, 2024
b1faadd
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 1, 2024
80126c5
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 1, 2024
09171ee
Merge pull request #8266 from zalando-incubator/dev-to-eks
demonCoder95 Oct 2, 2024
4b10670
eks: ipv6 support
mikkeloscar May 30, 2024
1ee42ea
Merge pull request #8249 from zalando-incubator/eks-ipv6
demonCoder95 Oct 2, 2024
ebce41e
Merge branch 'dev' into eks
mikkeloscar Oct 2, 2024
c13ce29
Merge branch 'dev' into eks
mikkeloscar Oct 3, 2024
206a891
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 4, 2024
db780e8
eks: Support dynamic IPv4 service CIDR
mikkeloscar Oct 4, 2024
76fb250
Update cluster/manifests/skipper/service-internal.yaml
mikkeloscar Oct 4, 2024
ec9bb94
Merge pull request #8300 from zalando-incubator/dynamic-ipv4-service-…
mikkeloscar Oct 4, 2024
6fc64ed
Merge pull request #8293 from zalando-incubator/dev-to-eks
mikkeloscar Oct 4, 2024
fed0e02
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 4, 2024
a292dd4
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 4, 2024
ae7bd2a
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 4, 2024
4533630
Merge pull request #8301 from zalando-incubator/dev-to-eks
szuecs Oct 7, 2024
d559eef
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 7, 2024
0097278
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 7, 2024
153a126
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 7, 2024
7c41df2
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 8, 2024
e91b74b
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 8, 2024
c3189bc
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 8, 2024
408ae38
Merge pull request #8305 from zalando-incubator/dev-to-eks
demonCoder95 Oct 8, 2024
c058882
Fix ingress.cluster.local feature for eks
mikkeloscar Oct 7, 2024
123d5eb
Move to a variable
mikkeloscar Oct 7, 2024
db22b8f
Filter style join
mikkeloscar Oct 7, 2024
1816bfb
Use list instead of stringSlice
mikkeloscar Oct 8, 2024
3d7418b
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 8, 2024
d0d292c
Merge pull request #8304 from zalando-incubator/skipper-eks
mikkeloscar Oct 8, 2024
ab37a64
Merge pull request #8325 from zalando-incubator/dev-to-eks
demonCoder95 Oct 8, 2024
92969ce
Merge branch 'dev' into eks
mikkeloscar Oct 9, 2024
e6cc619
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 9, 2024
881269d
Merge pull request #8336 from zalando-incubator/dev-to-eks
mikkeloscar Oct 9, 2024
eda6b29
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 9, 2024
bd0eeae
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 9, 2024
bc7e9f2
Merge pull request #8345 from zalando-incubator/dev-to-eks
demonCoder95 Oct 9, 2024
32e69cf
Merge branch 'dev' into eks
mikkeloscar Oct 10, 2024
0faaf19
Merge branch 'dev' into eks
mikkeloscar Oct 11, 2024
a7eb2b5
Merge branch 'dev' into eks
mikkeloscar Oct 11, 2024
49586b3
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 11, 2024
7d34cb6
Merge pull request #8366 from zalando-incubator/dev-to-eks
mikkeloscar Oct 11, 2024
58d0c40
let's see what happens when we use zalando-eks as provider
linki Aug 1, 2024
62cacfe
when looking for cluster-autoscaler, use a deployment for EKS
linki Aug 2, 2024
f725717
make it possible to know cluster provider when looking at the stack
linki Aug 2, 2024
99ed652
Use EKS endpoint for e2e
mikkeloscar Oct 7, 2024
b81c7c4
Define cluster_provider at CDP step level
mikkeloscar Oct 7, 2024
7d4eba6
Use standard apiserver pattern for zalando-iam-aws-proxy
mikkeloscar Oct 8, 2024
367322d
Enable more e2e tests
mikkeloscar Oct 8, 2024
57cdd53
Update AMI with spot-termination-handler fix
mikkeloscar Oct 9, 2024
48b74a0
Disable broken tests
mikkeloscar Oct 10, 2024
8122229
Drop legacy toggle-scaledown script
mikkeloscar Oct 10, 2024
910eeb7
Drop unused variables
mikkeloscar Oct 10, 2024
9c4bf7c
Skip cluster creation via delivery.yaml
mikkeloscar Oct 11, 2024
76d3fa7
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 11, 2024
fd96fcc
Disable load test step for eks
mikkeloscar Oct 11, 2024
27c92c2
Merge pull request #8368 from zalando-incubator/dev-to-eks
mikkeloscar Oct 11, 2024
0163511
Merge pull request #8326 from zalando-incubator/eks-e2e-2
demonCoder95 Oct 14, 2024
8fbb6fe
Merge branch 'dev' into dev-to-eks
demonCoder95 Oct 15, 2024
59c373f
Merge pull request #8379 from zalando-incubator/dev-to-eks
mikkeloscar Oct 16, 2024
6614721
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 16, 2024
3182b16
Merge pull request #8385 from zalando-incubator/dev-to-eks
mikkeloscar Oct 16, 2024
b9a76db
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 16, 2024
653cbea
Merge pull request #8388 from zalando-incubator/dev-to-eks
mikkeloscar Oct 16, 2024
166f95e
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 17, 2024
5465fa4
Merge pull request #8390 from zalando-incubator/dev-to-eks
mikkeloscar Oct 18, 2024
9de7738
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 18, 2024
1adbb5e
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 18, 2024
1912d1e
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 18, 2024
dfe9de8
Merge pull request #8398 from zalando-incubator/dev-to-eks
mikkeloscar Oct 18, 2024
6056601
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 18, 2024
b336aca
Merge pull request #8401 from zalando-incubator/dev-to-eks
mikkeloscar Oct 18, 2024
0d447b3
Merge branch 'dev' into eks
mikkeloscar Oct 18, 2024
cd87270
Update admission-controller to latest
mikkeloscar Oct 21, 2024
001af28
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 21, 2024
bc61942
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 21, 2024
b1a6bf4
Merge pull request #8410 from zalando-incubator/dev-to-eks
mikkeloscar Oct 21, 2024
e4cd198
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 21, 2024
69e37d2
Merge pull request #8412 from zalando-incubator/dev-to-eks
mikkeloscar Oct 21, 2024
f94c827
ZMON roles EKS compatible
mikkeloscar Oct 21, 2024
184213d
Merge branch 'dev' into eks
mikkeloscar Oct 21, 2024
dd8564a
Enable Zalando AWS IAM e2e test
mikkeloscar Oct 17, 2024
e8dce90
Add e2e test case for kube2iam
mikkeloscar Oct 21, 2024
a6e58d9
Fix kube2iam iptables rules for aws-cni
mikkeloscar Oct 20, 2024
796c83a
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 21, 2024
9e49051
Merge pull request #8420 from zalando-incubator/dev-to-eks
mikkeloscar Oct 21, 2024
21b6ea4
Merge pull request #8389 from zalando-incubator/eks-e2e-zalando-aws-iam
mikkeloscar Oct 22, 2024
7fd8ab4
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 22, 2024
90ecd50
Merge pull request #8425 from zalando-incubator/dev-to-eks
mikkeloscar Oct 22, 2024
edc71bb
Merge branch 'dev' into eks
mikkeloscar Oct 22, 2024
5a9cd38
Merge branch 'dev' into eks
mikkeloscar Oct 22, 2024
ab76567
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 22, 2024
a92f5db
Merge pull request #8431 from zalando-incubator/dev-to-eks
mikkeloscar Oct 22, 2024
3134c96
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 22, 2024
d9ea817
Merge pull request #8433 from zalando-incubator/dev-to-eks
mikkeloscar Oct 22, 2024
b5a51a9
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 23, 2024
7664431
Merge pull request #8439 from zalando-incubator/dev-to-eks
mikkeloscar Oct 25, 2024
2fb257a
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 28, 2024
409c5c8
Merge pull request #8450 from zalando-incubator/dev-to-eks
katyanna Oct 28, 2024
59d11da
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 28, 2024
ebd0c7f
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 28, 2024
facfe1f
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 28, 2024
3ceacbf
Update admission-controller to latest version
mikkeloscar Oct 28, 2024
ebd749e
Merge pull request #8457 from zalando-incubator/dev-to-eks
mikkeloscar Oct 29, 2024
5d44f89
Merge branch 'dev' into eks
mikkeloscar Oct 29, 2024
2de2058
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 29, 2024
47ad603
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 29, 2024
a2d1f72
Merge pull request #8466 from zalando-incubator/dev-to-eks
mikkeloscar Oct 29, 2024
f73001c
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 29, 2024
1750a67
Merge pull request #8470 from zalando-incubator/dev-to-eks
mikkeloscar Oct 29, 2024
bbf79ff
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 29, 2024
35f8497
Merge pull request #8473 from zalando-incubator/dev-to-eks
mikkeloscar Oct 29, 2024
6834a3d
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 30, 2024
623d3e1
Merge pull request #8475 from zalando-incubator/dev-to-eks
mikkeloscar Oct 30, 2024
0932ca7
Merge branch 'dev' into eks
mikkeloscar Oct 30, 2024
4cd8b58
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 30, 2024
a474941
Merge pull request #8484 from zalando-incubator/dev-to-eks
mikkeloscar Oct 30, 2024
e641ede
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 30, 2024
408e5c0
Merge pull request #8486 from zalando-incubator/dev-to-eks
mikkeloscar Oct 30, 2024
da9b519
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Oct 31, 2024
c9f61f8
Merge pull request #8493 from zalando-incubator/dev-to-eks
mikkeloscar Oct 31, 2024
e86fc78
Set correct cluster tag on EKS
mikkeloscar Oct 30, 2024
f360c17
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Nov 1, 2024
4449551
Merge pull request #8496 from zalando-incubator/dev-to-eks
mikkeloscar Nov 1, 2024
f0bf4ed
Enable Service Type LoadBalancer test
mikkeloscar Oct 31, 2024
a935713
Use cluster.Name as cluster identifier
mikkeloscar Oct 31, 2024
a48afc1
Merge pull request #8487 from zalando-incubator/eks-fix-cluster-tag
mikkeloscar Nov 1, 2024
09a69b3
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Nov 1, 2024
68b18ea
Merge pull request #8499 from zalando-incubator/dev-to-eks
mikkeloscar Nov 1, 2024
b630e0c
Use Cluster.Name in all cases
mikkeloscar Nov 4, 2024
9ee701d
Merge branch 'dev' into eks
mikkeloscar Nov 4, 2024
b010dbc
Merge pull request #8503 from zalando-incubator/eks-cluster-name
linki Nov 5, 2024
8f58cc1
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Nov 5, 2024
6d85b33
Merge pull request #8508 from zalando-incubator/dev-to-eks
mikkeloscar Nov 5, 2024
035aa9f
Merge branch 'dev' into eks
mikkeloscar Nov 5, 2024
96e44d0
register generic admitter for write protection behind a feature flag
linki Nov 6, 2024
9a36eb6
attach the zalando:administrator group to privileged components
linki Nov 7, 2024
4e72bd5
Merge pull request #8517 from zalando-incubator/write-protection-2
linki Nov 8, 2024
ff8fda5
Merge branch 'dev' into dev-to-eks
linki Nov 8, 2024
1abe493
add config items to control enabling network policies
linki Nov 8, 2024
0ff2b43
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Nov 8, 2024
e1e5eca
Merge branch 'dev' into dev-to-eks
demonCoder95 Nov 12, 2024
f44d256
Merge pull request #8526 from zalando-incubator/dev-to-eks
demonCoder95 Nov 13, 2024
10d28b8
Merge pull request #8525 from zalando-incubator/network-policy
katyanna Nov 15, 2024
e0fd9fe
enable the write-protection via admission-controller
linki Nov 8, 2024
41304ca
Merge pull request #8523 from zalando-incubator/enable-auth-webhook
demonCoder95 Nov 15, 2024
da4a567
Drop unused eks config-item
mikkeloscar Nov 19, 2024
0549895
Merge pull request #8531 from zalando-incubator/drop-eks-config-item
mikkeloscar Nov 20, 2024
1932e3c
switch to generic deny-all admitter, match conditions and fail policy
linki Nov 19, 2024
de0a691
Merge pull request #8529 from zalando-incubator/enable-auth-webhook
demonCoder95 Nov 22, 2024
1300652
Merge branch 'dev' into eks
linki Nov 25, 2024
bb90a11
Update aws-node daemonset to v1.19
mikkeloscar Nov 26, 2024
ae85a4d
Exclude eks-pod-identity-agent from admission-controller to avoid 🐔🥚
mikkeloscar Nov 27, 2024
7beb20e
Merge pull request #8538 from zalando-incubator/eks-cni-v1.19
demonCoder95 Nov 27, 2024
a06687b
Merge pull request #8542 from zalando-incubator/eks-pod-identity-agen…
mikkeloscar Nov 27, 2024
4d3058f
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Nov 27, 2024
f8f5633
Merge pull request #8535 from zalando-incubator/dev-to-eks
demonCoder95 Nov 27, 2024
ec5a366
Scrape metrics from EKS control plane
mikkeloscar Nov 28, 2024
acbf294
Merge pull request #8547 from zalando-incubator/eks-control-plane-met…
mikkeloscar Nov 29, 2024
09b7a91
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Dec 3, 2024
22e5480
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Dec 4, 2024
1bd0912
Merge pull request #8555 from zalando-incubator/dev-to-eks
mikkeloscar Dec 4, 2024
78bf84a
Merge remote-tracking branch 'origin/dev' into eks
linki Dec 4, 2024
602caf2
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Dec 4, 2024
e6411e5
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Dec 4, 2024
a31fbaf
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Dec 4, 2024
27dcf4e
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Dec 4, 2024
f4db260
Merge pull request #8566 from zalando-incubator/dev-to-eks
mikkeloscar Dec 4, 2024
e65a67b
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Dec 4, 2024
3985a4f
Merge pull request #8569 from zalando-incubator/dev-to-eks
mikkeloscar Dec 4, 2024
bf05c30
Drop kube-node-ready folder, missed in merge from dev
mikkeloscar Dec 5, 2024
5378ccb
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Dec 5, 2024
216c1a1
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Dec 5, 2024
b21a29b
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Dec 5, 2024
a37060c
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Dec 5, 2024
049fb35
Merge pull request #8579 from zalando-incubator/dev-to-eks
mikkeloscar Dec 5, 2024
df2e989
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Dec 6, 2024
91ece6d
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Dec 6, 2024
c501816
Merge pull request #8583 from zalando-incubator/dev-to-eks
mikkeloscar Dec 6, 2024
7e3fcf8
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Dec 9, 2024
7e8f70c
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Dec 9, 2024
2534f82
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Dec 9, 2024
ad262ec
Merge pull request #8607 from zalando-incubator/dev-to-eks
mikkeloscar Dec 9, 2024
631109e
Merge branch 'dev' into eks
mikkeloscar Dec 10, 2024
833e4e8
Enable previously disabled e2e tests for authz
mikkeloscar Dec 6, 2024
6576070
skip the existing RBAC e2e tests
demonCoder95 Dec 10, 2024
c1b8d9c
Merge pull request #8588 from zalando-incubator/eks-authz-e2e
mikkeloscar Dec 10, 2024
483ed72
Merge branch 'dev' into dev-to-eks
demonCoder95 Dec 10, 2024
1c716d2
Merge branch 'eks' into dev-to-eks
demonCoder95 Dec 10, 2024
8b35a3f
fix duplicate image key in manifest file
linki Dec 10, 2024
639dd09
Merge pull request #8626 from zalando-incubator/dev-to-eks
mikkeloscar Dec 11, 2024
1d13895
Merge branch 'dev' into eks
mikkeloscar Dec 11, 2024
aa37d19
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Dec 11, 2024
bff78b3
Merge pull request #8640 from zalando-incubator/dev-to-eks
mikkeloscar Dec 12, 2024
be99e94
skipper: Fix formatting of flags
mikkeloscar Dec 12, 2024
f49f48d
Merge pull request #8651 from zalando-incubator/fix-skipper-flags
mikkeloscar Dec 12, 2024
5c28d17
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Dec 12, 2024
1d19f2e
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Dec 12, 2024
df30a1a
add test suite that covers auth-related admission checks
linki Dec 12, 2024
ed67232
Merge pull request #8655 from zalando-incubator/dev-to-eks
demonCoder95 Dec 13, 2024
1edd43e
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Dec 13, 2024
5132299
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Dec 13, 2024
b90b288
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Dec 13, 2024
f4484e5
Merge pull request #8660 from zalando-incubator/dev-to-eks
mikkeloscar Dec 13, 2024
97f4876
add another test suite that covers exec-related admission checks
linki Dec 13, 2024
512726d
explicitly declare AWS_REGION for aws-sdk-go-v2 in e2e tests
linki Dec 13, 2024
d85639b
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Dec 13, 2024
1f89ed6
Merge pull request #8667 from zalando-incubator/dev-to-eks
demonCoder95 Dec 14, 2024
2fa0909
update admission-controller to a version that handles postgres exec c…
linki Dec 16, 2024
f2b828d
slighly refactor test code to be more consistent
linki Dec 16, 2024
98a0e9b
handle the approval of postgres administrator exec permission in code
linki Dec 17, 2024
392f177
Merge remote-tracking branch 'origin/dev' into dev-to-eks
linki Dec 17, 2024
72f9722
Merge pull request #8659 from zalando-incubator/auth-with-admission-c…
linki Dec 17, 2024
0f0c9e7
align CNI path with AMI
linki Dec 18, 2024
8a7b72d
Merge pull request #8675 from zalando-incubator/dev-to-eks
zaklawrencea Dec 18, 2024
08be752
Merge dev to dev-to-eks
k8s-on-aws-manager-app[bot] Dec 18, 2024
14d151d
Merge pull request #8678 from zalando-incubator/dev-to-eks
katyanna Dec 24, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1,325 changes: 1,026 additions & 299 deletions cluster/cluster.yaml

Large diffs are not rendered by default.

21 changes: 19 additions & 2 deletions cluster/config-defaults.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -677,9 +677,9 @@ teapot_admission_controller_configmap_deletion_protection_factories_enabled: "tr
teapot_admission_controller_enable_rolebinding_webhook: "true"

# enable the generic deny-all admission webhook which rejects all requests it receives
teapot_admission_controller_enable_write_protection_webhook: "false"
teapot_admission_controller_enable_write_protection_webhook: "true"
# configure the behaviour of the deny-all admission webhook, `true` blocks everything, `false` allows everything
teapot_admission_controller_prevent_write_operations: "false"
teapot_admission_controller_prevent_write_operations: "true"

# Enable and configure Pod Security Policy rules implemented in admission-controller.
teapot_admission_controller_pod_security_policy_enabled: "true"
Expand Down Expand Up @@ -1194,3 +1194,20 @@ role_sync_controller_enabled: "true"
{{ else }}
role_sync_controller_enabled: "false"
{{ end }}

# EKS specific configuration
eks_control_plane_logging: "false"
eks_ip_family: "ipv4"
eks_zalando_iam_aws_proxy_cpu: "100m"
eks_zalando_iam_aws_proxy_memory: "512Mi"
eks_zalando_iam_aws_proxy_hpa_max_replicas: "10"
eks_zalando_iam_aws_proxy_hpa_cpu_target: "80"
eks_zalando_iam_aws_proxy_hpa_memory_target: "80"
eks_okta_identity_provider: "true"

# prefix delegation can only be configured for ipv4. For ipv6 it can only be true.
aws_vpc_cni_prefix_delegation: "true"
# enable network policy enforcement in the cluster.
aws_vpc_cni_enable_network_policy: "false"
# specify the network policy enforcement mode.
aws_vpc_cni_network_policy_enforcing_mode: "standard"
22 changes: 22 additions & 0 deletions cluster/manifests/01-aws-node/config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
{{- if eq .Cluster.Provider "zalando-eks" }}
apiVersion: v1
kind: ConfigMap
metadata:
name: amazon-vpc-cni
namespace: kube-system
labels:
app.kubernetes.io/instance: aws-vpc-cni
app.kubernetes.io/name: aws-node
app.kubernetes.io/version: v1.19.0
k8s-app: aws-node
application: kubernetes
component: aws-node
data:
branch-eni-cooldown: "60"
enable-network-policy-controller: "{{.Cluster.ConfigItems.aws_vpc_cni_enable_network_policy}}"
enable-windows-ipam: "false"
enable-windows-prefix-delegation: "false"
minimum-ip-target: "3"
warm-ip-target: "1"
warm-prefix-target: "0"
{{- end }}
261 changes: 261 additions & 0 deletions cluster/manifests/01-aws-node/daemonset.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,261 @@
{{- if eq .Cluster.Provider "zalando-eks" }}
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app.kubernetes.io/instance: aws-vpc-cni
app.kubernetes.io/name: aws-node
app.kubernetes.io/version: v1.19.0
k8s-app: aws-node
application: kubernetes
component: aws-node
name: aws-node
namespace: kube-system
spec:
selector:
matchLabels:
k8s-app: aws-node
template:
metadata:
labels:
app.kubernetes.io/instance: aws-vpc-cni
app.kubernetes.io/name: aws-node
k8s-app: aws-node
application: kubernetes
component: aws-node
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
- key: kubernetes.io/arch
operator: In
values:
- amd64
- arm64
- key: eks.amazonaws.com/compute-type
operator: NotIn
values:
- fargate
- hybrid
- auto
containers:
- env:
- name: ADDITIONAL_ENI_TAGS
value: '{}'
- name: ANNOTATE_POD_IP
value: "false"
- name: AWS_VPC_CNI_NODE_PORT_SUPPORT
value: "true"
- name: AWS_VPC_ENI_MTU
value: "9001"
- name: AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG
value: "false"
- name: AWS_VPC_K8S_CNI_EXTERNALSNAT
value: "false"
- name: AWS_VPC_K8S_CNI_LOGLEVEL
value: DEBUG
- name: AWS_VPC_K8S_CNI_LOG_FILE
value: /host/var/log/aws-routed-eni/ipamd.log
- name: AWS_VPC_K8S_CNI_RANDOMIZESNAT
value: prng
- name: AWS_VPC_K8S_CNI_VETHPREFIX
value: eni
- name: AWS_VPC_K8S_PLUGIN_LOG_FILE
value: /var/log/aws-routed-eni/plugin.log
- name: AWS_VPC_K8S_PLUGIN_LOG_LEVEL
value: DEBUG
- name: CLUSTER_NAME
value: "{{ .Cluster.Name }}"
- name: DISABLE_INTROSPECTION
value: "false"
- name: DISABLE_METRICS
value: "false"
- name: DISABLE_NETWORK_RESOURCE_PROVISIONING
value: "false"
- name: ENABLE_IPv4
value: "{{ if eq .Cluster.ConfigItems.eks_ip_family "ipv4" }}true{{else}}false{{end}}"
- name: ENABLE_IPv6
value: "{{ if eq .Cluster.ConfigItems.eks_ip_family "ipv4" }}false{{else}}true{{end}}"
- name: ENABLE_POD_ENI
value: "false"
- name: ENABLE_PREFIX_DELEGATION
value: "{{ if eq .Cluster.ConfigItems.eks_ip_family "ipv4" }}{{.Cluster.ConfigItems.aws_vpc_cni_prefix_delegation}}{{else}}true{{end}}"
- name: ENABLE_SUBNET_DISCOVERY
value: "true"
- name: NETWORK_POLICY_ENFORCING_MODE
value: "{{.Cluster.ConfigItems.aws_vpc_cni_network_policy_enforcing_mode}}"
- name: VPC_CNI_VERSION
value: v1.19.0
- name: VPC_ID
value: "{{ .Cluster.ConfigItems.vpc_id }}"
- name: WARM_ENI_TARGET
value: "1"
- name: WARM_PREFIX_TARGET
value: "1"
- name: MY_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: MY_POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
image: 602401143452.dkr.ecr.eu-central-1.amazonaws.com/amazon-k8s-cni:v1.19.0-eksbuild.1
imagePullPolicy: IfNotPresent
livenessProbe:
exec:
command:
- /app/grpc-health-probe
- -addr=:50051
- -connect-timeout=5s
- -rpc-timeout=5s
failureThreshold: 3
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
name: aws-node
ports:
- containerPort: 61678
hostPort: 61678
name: metrics
protocol: TCP
readinessProbe:
exec:
command:
- /app/grpc-health-probe
- -addr=:50051
- -connect-timeout=5s
- -rpc-timeout=5s
failureThreshold: 3
initialDelaySeconds: 1
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
resources:
requests:
cpu: 25m
securityContext:
capabilities:
add:
- NET_ADMIN
- NET_RAW
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /host/opt/cni/bin
name: cni-bin-dir
- mountPath: /host/etc/cni/net.d
name: cni-net-dir
- mountPath: /host/var/log/aws-routed-eni
name: log-dir
- mountPath: /var/run/aws-node
name: run-dir
- mountPath: /run/xtables.lock
name: xtables-lock
- args:
- --enable-ipv6={{ if eq .Cluster.ConfigItems.eks_ip_family "ipv4" }}false{{else}}true{{end}}
- --enable-network-policy={{.Cluster.ConfigItems.aws_vpc_cni_enable_network_policy}}
- --enable-cloudwatch-logs=false
- --enable-policy-event-logs=false
- --log-file=/var/log/aws-routed-eni/network-policy-agent.log
- --metrics-bind-addr=:8162
- --health-probe-bind-addr=:8163
- --conntrack-cache-cleanup-period=300
env:
- name: MY_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
image: 602401143452.dkr.ecr.eu-central-1.amazonaws.com/amazon/aws-network-policy-agent:v1.1.5-eksbuild.1
imagePullPolicy: IfNotPresent
name: aws-eks-nodeagent
resources:
requests:
cpu: 25m
securityContext:
capabilities:
add:
- NET_ADMIN
privileged: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /host/opt/cni/bin
name: cni-bin-dir
- mountPath: /sys/fs/bpf
name: bpf-pin-path
- mountPath: /var/log/aws-routed-eni
name: log-dir
- mountPath: /var/run/aws-node
name: run-dir
dnsPolicy: ClusterFirst
hostNetwork: true
initContainers:
- env:
- name: DISABLE_TCP_EARLY_DEMUX
value: "false"
- name: ENABLE_IPv6
value: "{{ if eq .Cluster.ConfigItems.eks_ip_family "ipv4" }}false{{else}}true{{end}}"
image: 602401143452.dkr.ecr.eu-central-1.amazonaws.com/amazon-k8s-cni-init:v1.19.0-eksbuild.1
imagePullPolicy: IfNotPresent
name: aws-vpc-cni-init
resources:
requests:
cpu: 25m
securityContext:
privileged: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /host/opt/cni/bin
name: cni-bin-dir
priorityClassName: system-node-critical
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: aws-node
serviceAccountName: aws-node
terminationGracePeriodSeconds: 10
tolerations:
- operator: Exists
volumes:
- hostPath:
path: /sys/fs/bpf
type: ""
name: bpf-pin-path
- hostPath:
path: /opt/cni/bin
type: ""
name: cni-bin-dir
- hostPath:
path: /etc/cni/net.d
type: ""
name: cni-net-dir
- hostPath:
path: /var/log/aws-routed-eni
type: DirectoryOrCreate
name: log-dir
- hostPath:
path: /var/run/aws-node
type: DirectoryOrCreate
name: run-dir
- hostPath:
path: /run/xtables.lock
type: FileOrCreate
name: xtables-lock
updateStrategy:
rollingUpdate:
maxSurge: 0
maxUnavailable: 10%
type: RollingUpdate
{{- end }}
11 changes: 11 additions & 0 deletions cluster/manifests/01-aws-node/sa.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
{{- if eq .Cluster.Provider "zalando-eks"}}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: aws-node
namespace: kube-system
labels:
application: kubernetes
component: aws-node
{{- end}}
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,11 @@ data:
{{ end }}
template IN A {
match "^.*[.]ingress[.]cluster[.]local"
{{- if eq .Cluster.Provider "zalando-eks" }}
answer "{{"{{"}} .Name {{"}}"}} 60 IN AAAA {{ nthAddressFromCIDR .Cluster.ConfigItems.service_cidr 50 }}"
{{- else}}
answer "{{"{{"}} .Name {{"}}"}} 60 IN A 10.5.99.99"
{{- end}}
fallthrough
}
template IN AAAA {
Expand All @@ -83,7 +87,7 @@ data:

# Defines that this server is authority for reverse
# lookups for these ranges.
cluster.local:9254 10.2.0.0/15:9254 10.5.0.0/16:9254 {{ if eq .Cluster.ConfigItems.tracing_coredns_route_traces_to_local_zone "true"}}{{ range $src := split .Cluster.ConfigItems.tracing_coredns_global_traces_endpoint "," }}{{ $src }}:9254 {{ end }} {{ end }} {
cluster.local:9254 {{if eq .Cluster.Provider "zalando-eks"}}in-addr.arpa:9254 ip6.arpa:9254{{else}}10.2.0.0/15:9254 10.5.0.0/16:9254{{end}} {{ if eq .Cluster.ConfigItems.tracing_coredns_route_traces_to_local_zone "true"}}{{ range $src := split .Cluster.ConfigItems.tracing_coredns_global_traces_endpoint "," }}{{ $src }}:9254 {{ end }} {{ end }} {
errors
{{ if eq .Cluster.ConfigItems.tracing_coredns_route_traces_to_local_zone "true"}}
{{- with $cluster := .Cluster }}
Expand All @@ -94,6 +98,9 @@ data:
{{ end }}
kubernetes {
pods insecure
{{- if eq .Cluster.Provider "zalando-eks"}}
fallthrough in-addr.arpa ip6.arpa
{{- end}}
}
cache 30
{{ if eq .Cluster.ConfigItems.coredns_log_svc_names "true"}}
Expand All @@ -118,7 +125,7 @@ data:
{{ else }}
forward . /etc/resolv.conf
{{ end }}
pprof 127.0.0.1:9156
pprof :9156
cache 30
reload
}
Loading