6 Commits

Author	SHA1	Message	Date
Serge Logvinov	c7e6225671	chore: update coredns to 1.8.4 ... * Coredns 1.8.0 -> 1.8.4 * Add RBAC endpointslices list/watch Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>	2021-06-24 07:47:36 -07:00
Andrey Smirnov	5b5089ab95	fix: mark kube-proxy as system critical priority ... This makes sure control plane components are evicted last in case of resource shortage. Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>	2021-06-21 09:20:45 -07:00
Alexey Palazhchenko	5ad314fe7e	feat: implement basic RBAC interceptors ... It is not enforced yet. Refs #3421. Signed-off-by: Alexey Palazhchenko <alexey.palazhchenko@gmail.com>	2021-06-07 09:28:22 -07:00
Andrey Smirnov	7a6e0cd3e5	fix: correctly escape extra args in kube-proxy manifest ... JSON is a subset of YAML, so we can use JSON to escape whole YAML value to handle any kind of symbols. Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>	2021-02-19 10:56:47 -08:00
Andrey Smirnov	b914398154	refactor: split kubernetes/etcd resource generation into subresources ... Fixes #3062 There's no user-visible change in this PR. It carefully separates generated secrets (e.g. certs) from source secrets from the config (e.g. CAs), so that certs are generated on config changes which actually affect cert input. And same way separates etcd and Kubernetes PKI, so if etcd CA got changed, only etcd certs will be regenerated. This should have noticeable impact with RSA-based PKI as it reduces number of times PKI gets generated. Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>	2021-02-18 22:01:28 -08:00
Andrey Smirnov	0aaf8fa968	feat: replace bootkube with Talos-managed control plane ... Control plane components are running as static pods managed by the kubelets. Whole subsystem is managed via resources/controllers from os-runtime. Many supporting changes/refactoring to enable new code paths. Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>	2021-01-26 14:22:35 -08:00