Commit Graph

26 Commits

Author SHA1 Message Date
Leonard Cohnen
e5c4171a14 fix cilium encryption in gcp 2022-06-04 18:43:42 +02:00
Leonard Cohnen
791d5564ba replace flannel with cilium 2022-06-02 13:08:25 +02:00
Christoph Meyer
db5468a886 Deploy KMS server image in Constellation
Add image pull secret for ghcr.io
2022-05-31 11:13:26 +02:00
Malte Poll
1331ee4077 Install kubernetes on init / join and restart kubelet after reboot
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-23 11:40:22 +02:00
Malte Poll
f67cf2d31f k8s binary components version map and install directives
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-23 11:40:22 +02:00
Malte Poll
14f6985fe3 Implement binary file installer & extractor
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-23 11:40:22 +02:00
Moritz Eckert
6dc97590fe Enable and configure k8s audit-log (#160)
* Enable and configure k8s audit-log

* Update coordinator/kubernetes/k8sapi/kubeadm_config.go

Co-authored-by: Malte Poll <mp@edgeless.systems>

* add mount point for audit log dir in kubeadm conf

* Mount audit policy into kube-apiserver static pod

* Write default auditpolicy on cluster init / cluster join

Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-05-20 17:30:37 +02:00
Moritz Eckert
5ad34e0425 Apply CIS benchmark to kubelet conf
Signed-off-by: Malte Poll <mp@edgeless.systems>
Co-authored-by: Moritz Eckert <me@edgeless.systems>
2022-05-12 17:25:45 +02:00
Moritz Eckert
adda637609 Apply CIS benchmark for kubeadm clusterconf
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-12 17:25:45 +02:00
Malte Poll
c9226de9ab Create kubernetes join token on demand
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-06 12:12:44 +02:00
Malte Poll
ddcb4dc95f Pin kubernetes version deployed by kubeadm init
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-05 09:15:41 +02:00
katexochen
7614c53142 Remove checks for leaking flushDaemon 2022-05-04 17:16:40 +02:00
Daniel Weiße
29206ac845 Use any instead of interface
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-05-04 08:48:31 +02:00
Daniel Weiße
d9940fddae Only set cloud-provider as external if supported by the CSP
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-28 14:46:24 +02:00
datosh
51068abc27 Ref/want err from err expected (#82)
consistent naming for test values using 'want' instead of 'expect/ed'
2022-04-26 16:54:05 +02:00
katexochen
482f675dac Capitalize Kubernetes 2022-04-26 12:02:17 +02:00
Benedict Schlueter
0ac9617dac kubernetes: support for certKey request / support for control-plane join
Signed-off-by: Benedict Schlueter <bs@edgeless.systems>
2022-04-25 17:39:18 +02:00
Malte Poll
f77536b38b Use containerd CRI socket in kubernetes 2022-04-04 10:57:54 +02:00
Malte Poll
1e7794b4c2 Add Secrets / Volumes / VolumeMounts / Env to cluster-autoscaler deployment 2022-03-29 15:13:30 +02:00
Malte Poll
391e36c0ac create and use kubeadm join token with no expiry 2022-03-28 13:58:09 +02:00
Malte Poll
78d2358b9c k8s: Use cloud provider ip as kubelet node-ip (if available) 2022-03-28 13:35:21 +02:00
Malte Poll
f5eddf8af0 Cloud providers: Add CloudNodeManager 2022-03-28 13:35:21 +02:00
Malte Poll
2158377f9f Cloud providers: Extend CCM with ExtraArgs / ConfigMaps / Secrets / Volumes / VolumeMounts and provide CloudServiceAccountURI 2022-03-28 13:35:21 +02:00
Malte Poll
bf726ebd87 k8s resource marshaler tests 2022-03-28 13:35:21 +02:00
Malte Poll
2ab846dd1a Extend k8s resource marshaling to slices 2022-03-28 13:35:21 +02:00
Leonard Cohnen
2d8fcd9bf4 monorepo
Co-authored-by: Malte Poll <mp@edgeless.systems>
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
Co-authored-by: Benedict Schlueter <bs@edgeless.systems>
Co-authored-by: leongross <leon.gross@rub.de>
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
2022-03-22 16:09:39 +01:00