github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c2e561f25e'
${ noResults }
k3s/pkg/agent/run.go

435 lines
12 KiB
Raw Normal View History Unescape

Continued refactoring
6 years ago
package agent
import (
"context"
Support cgroup v2 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
4 years ago
"fmt"
Validate that memory cgroup exists
6 years ago
"io/ioutil"
Add disable flags for control components (#2900) * Add disable flags to control components Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * golint Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * more fixes Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * fixes to disable flags Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Add comments to functions Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Fix joining problem Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * more fixes Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * golint Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * fix ticker Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * fix role labels Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * more fixes Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
4 years ago
"net/url"
Continued refactoring
6 years ago
"os"
"path/filepath"
Validate that memory cgroup exists
6 years ago
"strings"
Continued refactoring
6 years ago
"time"
Support cgroup v2 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
4 years ago
"github.com/containerd/cgroups"
cgroupsv2 "github.com/containerd/cgroups/v2"
Refactor tokens, bootstrap, and cli args
5 years ago
systemd "github.com/coreos/go-systemd/daemon"
Add support for dual-stack Pod/Service CIDRs and node IP addresses (#3212) * Add support for dual-stack cluster/service CIDRs and node addresses Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
"github.com/pkg/errors"
Continued refactoring
6 years ago
"github.com/rancher/k3s/pkg/agent/config"
"github.com/rancher/k3s/pkg/agent/containerd"
"github.com/rancher/k3s/pkg/agent/flannel"
Add network policy controller
5 years ago
"github.com/rancher/k3s/pkg/agent/netpol"
Add supervisor port In k3s today the kubernetes API and the /v1-k3s API are combined into one http server. In rke2 we are running unmodified, non-embedded Kubernetes and as such it is preferred to run k8s and the /v1-k3s API on different ports. The /v1-k3s API port is called the SupervisorPort in the code. To support this separation of ports a new shim was added on the client in then pkg/agent/proxy package that will launch two load balancers instead of just one load balancer. One load balancer for 6443 and the other for 9345 (which is the supervisor port).
5 years ago
"github.com/rancher/k3s/pkg/agent/proxy"
Continued refactoring
6 years ago
"github.com/rancher/k3s/pkg/agent/syssetup"
"github.com/rancher/k3s/pkg/agent/tunnel"
"github.com/rancher/k3s/pkg/cli/cmds"
Port to wrangler
6 years ago
"github.com/rancher/k3s/pkg/clientaccess"
Add support for dual-stack Pod/Service CIDRs and node IP addresses (#3212) * Add support for dual-stack cluster/service CIDRs and node addresses Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
cp "github.com/rancher/k3s/pkg/cloudprovider"
Continued refactoring
6 years ago
"github.com/rancher/k3s/pkg/daemons/agent"
Add k3s cloud provider
5 years ago
daemonconfig "github.com/rancher/k3s/pkg/daemons/config"
Add executor.Bootstrap hook for pre-execution setup Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
"github.com/rancher/k3s/pkg/daemons/executor"
Inject node config on startup
5 years ago
"github.com/rancher/k3s/pkg/nodeconfig"
Add rootless support
6 years ago
"github.com/rancher/k3s/pkg/rootless"
Add support for dual-stack Pod/Service CIDRs and node IP addresses (#3212) * Add support for dual-stack cluster/service CIDRs and node addresses Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
"github.com/rancher/k3s/pkg/util"
Prepare for initial release
6 years ago
"github.com/sirupsen/logrus"
Refactor tokens, bootstrap, and cli args
5 years ago
"k8s.io/apimachinery/pkg/api/equality"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
Add supervisor port In k3s today the kubernetes API and the /v1-k3s API are combined into one http server. In rke2 we are running unmodified, non-embedded Kubernetes and as such it is preferred to run k8s and the /v1-k3s API on different ports. The /v1-k3s API port is called the SupervisorPort in the code. To support this separation of ports a new shim was added on the client in then pkg/agent/proxy package that will launch two load balancers instead of just one load balancer. One load balancer for 6443 and the other for 9345 (which is the supervisor port).
5 years ago
"k8s.io/apimachinery/pkg/labels"
Refactor tokens, bootstrap, and cli args
5 years ago
"k8s.io/client-go/kubernetes"
v1 "k8s.io/client-go/kubernetes/typed/core/v1"
Add k3s cloud provider
5 years ago
"k8s.io/client-go/tools/clientcmd"
Wait for apiserver to become healthy before starting agent controllers It is possible that the apiserver may serve read requests but not allow writes yet, in which case flannel will crash on startup when trying to configure the subnet manager. Fix this by waiting for the apiserver to become fully ready before starting flannel and the network policy controller. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
"k8s.io/controller-manager/app"
Handle conntrack-related sysctls in supervisor agent setup Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
app2 "k8s.io/kubernetes/cmd/kube-proxy/app"
kubeproxyconfig "k8s.io/kubernetes/pkg/proxy/apis/config"
Add support for dual-stack Pod/Service CIDRs and node IP addresses (#3212) * Add support for dual-stack cluster/service CIDRs and node addresses Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
utilsnet "k8s.io/utils/net"
Handle conntrack-related sysctls in supervisor agent setup Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
utilpointer "k8s.io/utils/pointer"
Continued refactoring
6 years ago
)
set environment variable and create config for crictl Signed-off-by: Brian Downs <brian.downs@gmail.com>
4 years ago
const (
dockershimSock = "unix:///var/run/dockershim.sock"
containerdSock = "unix:///run/k3s/containerd/containerd.sock"
)
Continued refactoring
6 years ago
set environment variable and create config for crictl Signed-off-by: Brian Downs <brian.downs@gmail.com>
4 years ago
// setupCriCtlConfig creates the crictl config file and populates it
// with the given data from config.
func setupCriCtlConfig(cfg cmds.Agent, nodeConfig *daemonconfig.Node) error {
cre := nodeConfig.ContainerRuntimeEndpoint
if cre == "" {
switch {
case cfg.Docker:
cre = dockershimSock
default:
cre = containerdSock
}
}
Respect --data-dir path for crictl.yaml Related to rancher/rke2#474 Note that anyone who customizes the data-dir path will have to set CRI_CONFIG_FILE to the correct path when using the wrapped binaries (crictl, etc). This is better than dropping files in the incorrect location. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
agentConfDir := filepath.Join(cfg.DataDir, "agent", "etc")
set environment variable and create config for crictl Signed-off-by: Brian Downs <brian.downs@gmail.com>
4 years ago
if _, err := os.Stat(agentConfDir); os.IsNotExist(err) {
Respect --data-dir path for crictl.yaml Related to rancher/rke2#474 Note that anyone who customizes the data-dir path will have to set CRI_CONFIG_FILE to the correct path when using the wrapped binaries (crictl, etc). This is better than dropping files in the incorrect location. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
if err := os.MkdirAll(agentConfDir, 0700); err != nil {
create symlink from docker sock to where crictl in k3s is looking for the sock to use Signed-off-by: Brian Downs <brian.downs@gmail.com>
4 years ago
return err
}
}
set environment variable and create config for crictl Signed-off-by: Brian Downs <brian.downs@gmail.com>
4 years ago
crp := "runtime-endpoint: " + cre + "\n"
return ioutil.WriteFile(agentConfDir+"/crictl.yaml", []byte(crp), 0600)
}
func run(ctx context.Context, cfg cmds.Agent, proxy proxy.Proxy) error {
nodeConfig := config.Get(ctx, cfg, proxy)
Add support for dual-stack Pod/Service CIDRs and node IP addresses (#3212) * Add support for dual-stack cluster/service CIDRs and node addresses Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
dualCluster, err := utilsnet.IsDualStackCIDRs(nodeConfig.AgentConfig.ClusterCIDRs)
if err != nil {
return errors.Wrap(err, "failed to validate cluster-cidr")
}
dualService, err := utilsnet.IsDualStackCIDRs(nodeConfig.AgentConfig.ServiceCIDRs)
if err != nil {
return errors.Wrap(err, "failed to validate service-cidr")
}
dualNode, err := utilsnet.IsDualStackIPs(nodeConfig.AgentConfig.NodeIPs)
if err != nil {
return errors.Wrap(err, "failed to validate node-ip")
}
Handle conntrack-related sysctls in supervisor agent setup Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
enableIPv6 := dualCluster || dualService || dualNode
conntrackConfig, err := getConntrackConfig(nodeConfig)
if err != nil {
return errors.Wrap(err, "failed to validate kube-proxy conntrack configuration")
}
syssetup.Configure(enableIPv6, conntrackConfig)
Add support for dual-stack Pod/Service CIDRs and node IP addresses (#3212) * Add support for dual-stack cluster/service CIDRs and node addresses Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
set environment variable and create config for crictl Signed-off-by: Brian Downs <brian.downs@gmail.com>
4 years ago
if err := setupCriCtlConfig(cfg, nodeConfig); err != nil {
return err
}
Add executor.Bootstrap hook for pre-execution setup Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
if err := executor.Bootstrap(ctx, nodeConfig, cfg); err != nil {
return err
}
Continued refactoring
6 years ago
if !nodeConfig.NoFlannel {
if err := flannel.Prepare(ctx, nodeConfig); err != nil {
return err
}
}
Allow --pause-image to set docker sandbox image also
5 years ago
if !nodeConfig.Docker && nodeConfig.ContainerRuntimeEndpoint == "" {
Continued refactoring
6 years ago
if err := containerd.Run(ctx, nodeConfig); err != nil {
return err
}
}
Add disable flags for control components (#2900) * Add disable flags to control components Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * golint Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * more fixes Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * fixes to disable flags Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Add comments to functions Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Fix joining problem Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * more fixes Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * golint Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * fix ticker Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * fix role labels Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * more fixes Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
4 years ago
if err := setupTunnelAndRunAgent(ctx, nodeConfig, cfg, proxy); err != nil {
Continued refactoring
6 years ago
return err
}
Refactor tokens, bootstrap, and cli args
5 years ago
coreClient, err := coreClient(nodeConfig.AgentConfig.KubeConfigKubelet)
if err != nil {
return err
}
Wait for apiserver to become healthy before starting agent controllers It is possible that the apiserver may serve read requests but not allow writes yet, in which case flannel will crash on startup when trying to configure the subnet manager. Fix this by waiting for the apiserver to become fully ready before starting flannel and the network policy controller. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
app.WaitForAPIServer(coreClient, 30*time.Second)
Continued refactoring
6 years ago
if !nodeConfig.NoFlannel {
Refactor tokens, bootstrap, and cli args
5 years ago
if err := flannel.Run(ctx, nodeConfig, coreClient.CoreV1().Nodes()); err != nil {
Continued refactoring
6 years ago
return err
}
}
Inject node config on startup
5 years ago
if err := configureNode(ctx, &nodeConfig.AgentConfig, coreClient.CoreV1().Nodes()); err != nil {
Mutable --node-label values for server/agent sub-commands. Values passed in via the server/agent `--node-label` flag are treated as mutable. They are passed through to the kubelet just as before but after the kubelet comes up they are applied again. This allows for passing labels a k3s start-time that may be necessary for scheduling but may change from boot to boot, e.g. `k3os.io/version` after an upgrade. Tested locallon on my amd64 workstation with the docker container. Addresses #1119.
5 years ago
return err
Add k3s cloud provider
5 years ago
}
Add network policy controller
5 years ago
if !nodeConfig.AgentConfig.DisableNPC {
if err := netpol.Run(ctx, nodeConfig); err != nil {
return err
}
}
Continued refactoring
6 years ago
<-ctx.Done()
return ctx.Err()
}
Handle conntrack-related sysctls in supervisor agent setup Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
// getConntrackConfig uses the kube-proxy code to parse the user-provided kube-proxy-arg values, and
// extract the conntrack settings so that K3s can set them itself. This allows us to soft-fail when
// running K3s in Docker, where kube-proxy is no longer allowed to set conntrack sysctls on newer kernels.
// When running rootless, we do not attempt to set conntrack sysctls - this behavior is copied from kubeadm.
func getConntrackConfig(nodeConfig *daemonconfig.Node) (*kubeproxyconfig.KubeProxyConntrackConfiguration, error) {
ctConfig := &kubeproxyconfig.KubeProxyConntrackConfiguration{
MaxPerCore: utilpointer.Int32Ptr(0),
Min: utilpointer.Int32Ptr(0),
TCPEstablishedTimeout: &metav1.Duration{},
TCPCloseWaitTimeout: &metav1.Duration{},
}
if nodeConfig.AgentConfig.Rootless {
return ctConfig, nil
}
cmd := app2.NewProxyCommand()
if err := cmd.ParseFlags(daemonconfig.GetArgsList(map[string]string{}, nodeConfig.AgentConfig.ExtraKubeProxyArgs)); err != nil {
return nil, err
}
maxPerCore, err := cmd.Flags().GetInt32("conntrack-max-per-core")
if err != nil {
return nil, err
}
ctConfig.MaxPerCore = &maxPerCore
min, err := cmd.Flags().GetInt32("conntrack-min")
if err != nil {
return nil, err
}
ctConfig.Min = &min
establishedTimeout, err := cmd.Flags().GetDuration("conntrack-tcp-timeout-established")
if err != nil {
return nil, err
}
ctConfig.TCPEstablishedTimeout.Duration = establishedTimeout
closeWaitTimeout, err := cmd.Flags().GetDuration("conntrack-tcp-timeout-close-wait")
if err != nil {
return nil, err
}
ctConfig.TCPCloseWaitTimeout.Duration = closeWaitTimeout
return ctConfig, nil
}
Refactor tokens, bootstrap, and cli args
5 years ago
func coreClient(cfg string) (kubernetes.Interface, error) {
restConfig, err := clientcmd.BuildConfigFromFlags("", cfg)
if err != nil {
return nil, err
}
return kubernetes.NewForConfig(restConfig)
}
Continued refactoring
6 years ago
func Run(ctx context.Context, cfg cmds.Agent) error {
Validate that memory cgroup exists
6 years ago
if err := validate(); err != nil {
return err
}
rootless: add kubelet flags automatically Fix https://github.com/rancher/k3s/issues/784 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
5 years ago
if cfg.Rootless && !cfg.RootlessAlreadyUnshared {
Add rootless support
6 years ago
if err := rootless.Rootless(cfg.DataDir); err != nil {
return err
}
}
Respect --data-dir path for crictl.yaml Related to rancher/rke2#474 Note that anyone who customizes the data-dir path will have to set CRI_CONFIG_FILE to the correct path when using the wrapped binaries (crictl, etc). This is better than dropping files in the incorrect location. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
agentDir := filepath.Join(cfg.DataDir, "agent")
if err := os.MkdirAll(agentDir, 0700); err != nil {
Check for error on mkdir
5 years ago
return err
}
Continued refactoring
6 years ago
Handle loadbalancer port in TIME_WAIT If the port wanted by the client load balancer is in TIME_WAIT, startup will fail. Set SO_REUSEPORT so that it can be listened on again immediately. The configurable Listen call wants a context, so plumb that through as well. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
proxy, err := proxy.NewSupervisorProxy(ctx, !cfg.DisableLoadBalancer, agentDir, cfg.ServerURL, cfg.LBServerPort)
Use go tcpproxy
5 years ago
if err != nil {
return err
}
Continued refactoring
6 years ago
for {
Simplify token parsing Improves readability, reduces round-trips to the join server to validate certs. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
newToken, err := clientaccess.ParseAndValidateTokenForUser(proxy.SupervisorURL(), cfg.Token, "node")
Continued refactoring
6 years ago
if err != nil {
logrus.Error(err)
select {
case <-ctx.Done():
return ctx.Err()
case <-time.After(2 * time.Second):
}
continue
}
Simplify token parsing Improves readability, reduces round-trips to the join server to validate certs. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
cfg.Token = newToken.String()
Continued refactoring
6 years ago
break
}
Refactor tokens, bootstrap, and cli args
5 years ago
systemd.SdNotify(true, "READY=1\n")
Add supervisor port In k3s today the kubernetes API and the /v1-k3s API are combined into one http server. In rke2 we are running unmodified, non-embedded Kubernetes and as such it is preferred to run k8s and the /v1-k3s API on different ports. The /v1-k3s API port is called the SupervisorPort in the code. To support this separation of ports a new shim was added on the client in then pkg/agent/proxy package that will launch two load balancers instead of just one load balancer. One load balancer for 6443 and the other for 9345 (which is the supervisor port).
5 years ago
return run(ctx, cfg, proxy)
Continued refactoring
6 years ago
}
Validate that memory cgroup exists
6 years ago
func validate() error {
Support cgroup v2 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
4 years ago
if cgroups.Mode() == cgroups.Unified {
return validateCgroupsV2()
}
return validateCgroupsV1()
}
func validateCgroupsV1() error {
Validate that memory cgroup exists
6 years ago
cgroups, err := ioutil.ReadFile("/proc/self/cgroup")
if err != nil {
return err
}
if !strings.Contains(string(cgroups), "cpuset") {
Initial Logging Output Update (#2246) This attempts to update logging statements to make them consistent through out the code base. It also adds additional context to messages where possible, simplifies messages, and updates level where necessary.
4 years ago
logrus.Warn(`Failed to find cpuset cgroup, you may need to add "cgroup_enable=cpuset" to your linux cmdline (/boot/cmdline.txt on a Raspberry Pi)`)
Validate that memory cgroup exists
6 years ago
}
if !strings.Contains(string(cgroups), "memory") {
msg := "ailed to find memory cgroup, you may need to add \"cgroup_memory=1 cgroup_enable=memory\" to your linux cmdline (/boot/cmdline.txt on a Raspberry Pi)"
logrus.Error("F" + msg)
return errors.New("f" + msg)
}
return nil
}
Add k3s cloud provider
5 years ago
Support cgroup v2 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
4 years ago
func validateCgroupsV2() error {
manager, err := cgroupsv2.LoadManager("/sys/fs/cgroup", "/")
if err != nil {
return err
}
controllers, err := manager.RootControllers()
if err != nil {
return err
}
m := make(map[string]struct{})
for _, controller := range controllers {
m[controller] = struct{}{}
}
for _, controller := range []string{"cpu", "cpuset", "memory"} {
if _, ok := m[controller]; !ok {
Add codespell CI test and fix codespell error (#2740) * Add codespell CI test * Fix codespell error
4 years ago
return fmt.Errorf("failed to find %s cgroup (v2)", controller)
Support cgroup v2 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
4 years ago
}
}
return nil
}
Inject node config on startup
5 years ago
func configureNode(ctx context.Context, agentConfig *daemonconfig.Agent, nodes v1.NodeInterface) error {
Only echo Waiting for kubelet every 30 seconds Don't print a message every second while we are waiting for the kubelet to report Ready.
5 years ago
count := 0
Add k3s cloud provider
5 years ago
for {
Updates for k8s v1.18 support
5 years ago
node, err := nodes.Get(ctx, agentConfig.NodeName, metav1.GetOptions{})
Add k3s cloud provider
5 years ago
if err != nil {
Only echo Waiting for kubelet every 30 seconds Don't print a message every second while we are waiting for the kubelet to report Ready.
5 years ago
if count%30 == 0 {
logrus.Infof("Waiting for kubelet to be ready on node %s: %v", agentConfig.NodeName, err)
}
count++
Add k3s cloud provider
5 years ago
time.Sleep(1 * time.Second)
continue
}
Refactor tokens, bootstrap, and cli args
5 years ago
Add support for dual-stack Pod/Service CIDRs and node IP addresses (#3212) * Add support for dual-stack cluster/service CIDRs and node addresses Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
updateNode := false
if labels, changed := updateMutableLabels(agentConfig, node.Labels); changed {
node.Labels = labels
updateNode = true
}
Mutable --node-label values for server/agent sub-commands. Values passed in via the server/agent `--node-label` flag are treated as mutable. They are passed through to the kubelet just as before but after the kubelet comes up they are applied again. This allows for passing labels a k3s start-time that may be necessary for scheduling but may change from boot to boot, e.g. `k3os.io/version` after an upgrade. Tested locallon on my amd64 workstation with the docker container. Addresses #1119.
5 years ago
Add support for dual-stack Pod/Service CIDRs and node IP addresses (#3212) * Add support for dual-stack cluster/service CIDRs and node addresses Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
if !agentConfig.DisableCCM {
if annotations, changed := updateAddressAnnotations(agentConfig, node.Annotations); changed {
node.Annotations = annotations
updateNode = true
}
if labels, changed := updateLegacyAddressLabels(agentConfig, node.Labels); changed {
node.Labels = labels
updateNode = true
}
Mutable --node-label values for server/agent sub-commands. Values passed in via the server/agent `--node-label` flag are treated as mutable. They are passed through to the kubelet just as before but after the kubelet comes up they are applied again. This allows for passing labels a k3s start-time that may be necessary for scheduling but may change from boot to boot, e.g. `k3os.io/version` after an upgrade. Tested locallon on my amd64 workstation with the docker container. Addresses #1119.
5 years ago
}
Inject node config on startup
5 years ago
// inject node config
Add support for dual-stack Pod/Service CIDRs and node IP addresses (#3212) * Add support for dual-stack cluster/service CIDRs and node addresses Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
if changed, err := nodeconfig.SetNodeConfigAnnotations(node); err != nil {
Inject node config on startup
5 years ago
return err
Add support for dual-stack Pod/Service CIDRs and node IP addresses (#3212) * Add support for dual-stack cluster/service CIDRs and node addresses Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
} else if changed {
Inject node config on startup
5 years ago
updateNode = true
}
Add support for dual-stack Pod/Service CIDRs and node IP addresses (#3212) * Add support for dual-stack cluster/service CIDRs and node addresses Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
Inject node config on startup
5 years ago
if updateNode {
Updates for k8s v1.18 support
5 years ago
if _, err := nodes.Update(ctx, node, metav1.UpdateOptions{}); err != nil {
Refactor tokens, bootstrap, and cli args
5 years ago
logrus.Infof("Failed to update node %s: %v", agentConfig.NodeName, err)
select {
case <-ctx.Done():
return ctx.Err()
case <-time.After(time.Second):
continue
}
Add k3s cloud provider
5 years ago
}
Mutable --node-label values for server/agent sub-commands. Values passed in via the server/agent `--node-label` flag are treated as mutable. They are passed through to the kubelet just as before but after the kubelet comes up they are applied again. This allows for passing labels a k3s start-time that may be necessary for scheduling but may change from boot to boot, e.g. `k3os.io/version` after an upgrade. Tested locallon on my amd64 workstation with the docker container. Addresses #1119.
5 years ago
logrus.Infof("labels have been set successfully on node: %s", agentConfig.NodeName)
Refactor tokens, bootstrap, and cli args
5 years ago
} else {
Mutable --node-label values for server/agent sub-commands. Values passed in via the server/agent `--node-label` flag are treated as mutable. They are passed through to the kubelet just as before but after the kubelet comes up they are applied again. This allows for passing labels a k3s start-time that may be necessary for scheduling but may change from boot to boot, e.g. `k3os.io/version` after an upgrade. Tested locallon on my amd64 workstation with the docker container. Addresses #1119.
5 years ago
logrus.Infof("labels have already set on node: %s", agentConfig.NodeName)
Add k3s cloud provider
5 years ago
}
Refactor tokens, bootstrap, and cli args
5 years ago
break
Add k3s cloud provider
5 years ago
}
Refactor tokens, bootstrap, and cli args
5 years ago
return nil
Add k3s cloud provider
5 years ago
}
Mutable --node-label values for server/agent sub-commands. Values passed in via the server/agent `--node-label` flag are treated as mutable. They are passed through to the kubelet just as before but after the kubelet comes up they are applied again. This allows for passing labels a k3s start-time that may be necessary for scheduling but may change from boot to boot, e.g. `k3os.io/version` after an upgrade. Tested locallon on my amd64 workstation with the docker container. Addresses #1119.
5 years ago
func updateMutableLabels(agentConfig *daemonconfig.Agent, nodeLabels map[string]string) (map[string]string, bool) {
Refactor tokens, bootstrap, and cli args
5 years ago
result := map[string]string{}
Mutable --node-label values for server/agent sub-commands. Values passed in via the server/agent `--node-label` flag are treated as mutable. They are passed through to the kubelet just as before but after the kubelet comes up they are applied again. This allows for passing labels a k3s start-time that may be necessary for scheduling but may change from boot to boot, e.g. `k3os.io/version` after an upgrade. Tested locallon on my amd64 workstation with the docker container. Addresses #1119.
5 years ago
for _, m := range agentConfig.NodeLabels {
var (
v string
p = strings.SplitN(m, `=`, 2)
k = p[0]
)
if len(p) > 1 {
v = p[1]
}
Refactor tokens, bootstrap, and cli args
5 years ago
result[k] = v
Add k3s cloud provider
5 years ago
}
Mutable --node-label values for server/agent sub-commands. Values passed in via the server/agent `--node-label` flag are treated as mutable. They are passed through to the kubelet just as before but after the kubelet comes up they are applied again. This allows for passing labels a k3s start-time that may be necessary for scheduling but may change from boot to boot, e.g. `k3os.io/version` after an upgrade. Tested locallon on my amd64 workstation with the docker container. Addresses #1119.
5 years ago
result = labels.Merge(nodeLabels, result)
return result, !equality.Semantic.DeepEqual(nodeLabels, result)
}
Refactor tokens, bootstrap, and cli args
5 years ago
Add support for dual-stack Pod/Service CIDRs and node IP addresses (#3212) * Add support for dual-stack cluster/service CIDRs and node addresses Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
func updateLegacyAddressLabels(agentConfig *daemonconfig.Agent, nodeLabels map[string]string) (map[string]string, bool) {
ls := labels.Set(nodeLabels)
if ls.Has(cp.InternalIPKey) || ls.Has(cp.HostnameKey) {
result := map[string]string{
cp.InternalIPKey: agentConfig.NodeIP,
cp.HostnameKey: agentConfig.NodeName,
}
if agentConfig.NodeExternalIP != "" {
result[cp.ExternalIPKey] = agentConfig.NodeExternalIP
}
result = labels.Merge(nodeLabels, result)
return result, !equality.Semantic.DeepEqual(nodeLabels, result)
}
return nil, false
}
func updateAddressAnnotations(agentConfig *daemonconfig.Agent, nodeAnnotations map[string]string) (map[string]string, bool) {
Mutable --node-label values for server/agent sub-commands. Values passed in via the server/agent `--node-label` flag are treated as mutable. They are passed through to the kubelet just as before but after the kubelet comes up they are applied again. This allows for passing labels a k3s start-time that may be necessary for scheduling but may change from boot to boot, e.g. `k3os.io/version` after an upgrade. Tested locallon on my amd64 workstation with the docker container. Addresses #1119.
5 years ago
result := map[string]string{
Add support for dual-stack Pod/Service CIDRs and node IP addresses (#3212) * Add support for dual-stack cluster/service CIDRs and node addresses Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
cp.InternalIPKey: util.JoinIPs(agentConfig.NodeIPs),
cp.HostnameKey: agentConfig.NodeName,
Mutable --node-label values for server/agent sub-commands. Values passed in via the server/agent `--node-label` flag are treated as mutable. They are passed through to the kubelet just as before but after the kubelet comes up they are applied again. This allows for passing labels a k3s start-time that may be necessary for scheduling but may change from boot to boot, e.g. `k3os.io/version` after an upgrade. Tested locallon on my amd64 workstation with the docker container. Addresses #1119.
5 years ago
}
if agentConfig.NodeExternalIP != "" {
Add support for dual-stack Pod/Service CIDRs and node IP addresses (#3212) * Add support for dual-stack cluster/service CIDRs and node addresses Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
result[cp.ExternalIPKey] = util.JoinIPs(agentConfig.NodeExternalIPs)
Add k3s cloud provider
5 years ago
}
Refactor tokens, bootstrap, and cli args
5 years ago
Add support for dual-stack Pod/Service CIDRs and node IP addresses (#3212) * Add support for dual-stack cluster/service CIDRs and node addresses Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
result = labels.Merge(nodeAnnotations, result)
return result, !equality.Semantic.DeepEqual(nodeAnnotations, result)
Add k3s cloud provider
5 years ago
}
Add disable flags for control components (#2900) * Add disable flags to control components Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * golint Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * more fixes Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * fixes to disable flags Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Add comments to functions Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Fix joining problem Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * more fixes Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * golint Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * fix ticker Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * fix role labels Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * more fixes Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
4 years ago
// setupTunnelAndRunAgent should start the setup tunnel before starting kubelet and kubeproxy
// there are special case for etcd agents, it will wait until it can find the apiaddress from
// the address channel and update the proxy with the servers addresses, if in rke2 we need to
// start the agent before the tunnel is setup to allow kubelet to start first and start the pods
func setupTunnelAndRunAgent(ctx context.Context, nodeConfig *daemonconfig.Node, cfg cmds.Agent, proxy proxy.Proxy) error {
var agentRan bool
if cfg.ETCDAgent {
// only in rke2 run the agent before the tunnel setup and check for that later in the function
if proxy.IsAPIServerLBEnabled() {
if err := agent.Agent(&nodeConfig.AgentConfig); err != nil {
return err
}
agentRan = true
}
select {
case address := <-cfg.APIAddressCh:
cfg.ServerURL = address
u, err := url.Parse(cfg.ServerURL)
if err != nil {
logrus.Warn(err)
}
proxy.Update([]string{fmt.Sprintf("%s:%d", u.Hostname(), nodeConfig.ServerHTTPSPort)})
case <-ctx.Done():
return ctx.Err()
}
Invoke cluster reset function when only reset flag is passed (#3276) Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
4 years ago
} else if cfg.ClusterReset && proxy.IsAPIServerLBEnabled() {
if err := agent.Agent(&nodeConfig.AgentConfig); err != nil {
return err
}
agentRan = true
Add disable flags for control components (#2900) * Add disable flags to control components Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * golint Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * more fixes Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * fixes to disable flags Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Add comments to functions Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Fix joining problem Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * more fixes Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * golint Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * fix ticker Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * fix role labels Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * more fixes Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
4 years ago
}
if err := tunnel.Setup(ctx, nodeConfig, proxy); err != nil {
return err
}
if !agentRan {
return agent.Agent(&nodeConfig.AgentConfig)
}
return nil
}