Edgar Lee
0ac4c6a056
Expose rootless containerd socket directories for external access
...
Signed-off-by: Edgar Lee <edgarhinshunlee@gmail.com>
2024-02-09 14:22:03 -08:00
Edgar Lee
14c6c63b30
Expose rootless state dir under ~/.rancher/k3s/rootless
...
Signed-off-by: Edgar Lee <edgarhinshunlee@gmail.com>
2024-02-09 14:21:52 -08:00
Oleg Matskiv
e3b237fc35
Don't verify the node password if the local host is not running an agent
...
Signed-off-by: Oleg Matskiv <oleg.matskiv@gmail.com>
2024-02-09 14:21:43 -08:00
Derek Nola
fa11850563
Readd `k3s secrets-encrypt rotate-keys` with correct support for KMSv2 GA ( #9340 )
...
* Reorder copy order for caching
* Enable longer http timeout requests
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Setup reencrypt controller to run on all apiserver nodes
* Fix reencryption for disabling secrets encryption, reenable drone tests
2024-02-09 11:37:37 -08:00
Oliver Larsson
cfc3a124ee
[Testing]: Test_UnitApplyContainerdQoSClassConfigFileIfPresent (Created) ( #8945 )
...
Problem:
Function not tested.
Solution:
Unit test added.
Signed-off-by: Oliver Larsson <larsson.e.oliver@gmail.com>
2024-02-09 11:28:06 -08:00
Harrison Affel
a36cc736bc
allow executors to define containerd and docker behavior
...
Signed-off-by: Harrison Affel <harrisonaffel@gmail.com>
2024-02-09 15:51:35 -03:00
Brad Davidson
753c00f30c
Consistently handle component exit on shutdown
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-02-07 10:23:54 -08:00
Vitor Savian
e9cec46a23
Runtimes refactor using exec.LookPath
...
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
2024-02-07 15:06:16 -03:00
Vitor Savian
f9ee66f4d8
Changed how lastHeartBeatTime works in the etcd condition
...
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
2024-02-07 15:05:33 -03:00
Brad Davidson
8224a3a7f6
Fix ipv6 endpoint address selection for on-demand snapshots
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-02-06 18:02:36 -08:00
Brad Davidson
888f866dae
Fix issue with coredns node hosts controller
...
The nodes controller was reading from the configmaps cache, but doesn't add any handlers, so if no other controller added configmap handlers, the cache would remain empty.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-02-06 18:02:06 -08:00
Brad Davidson
6ec1926f88
Add check for etcd-snapshot-dir and fix panic in Walk
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-02-06 17:47:33 -08:00
Brad Davidson
82e3c32c9f
Retry startup snapshot reconcile
...
The reconcile may run before the kubelet has created the node object; retry until it succeeds
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-02-06 17:46:24 -08:00
Brad Davidson
4005600d4e
Fix excessive retry on snapshot reconcile
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-02-06 17:46:24 -08:00
github-actions[bot]
f249fcc2f1
Bump Local Path Provisioner version ( #8953 )
...
* chore: Bump Local Path Provisioner version
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2024-02-06 16:57:07 -06:00
Brad Davidson
c635818956
Bump runc and helm-controller versions
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-02-01 18:51:51 -08:00
Brad Davidson
97a22632b9
gofmt config_test.go
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-02-01 18:51:51 -08:00
Brad Davidson
29848dea3d
Fix issues with certs.d template generation
...
* Fix issue with bare host or IP as endpoint
* Fix issue with localhost registries not defaulting to http.
* Move the registry template prep to a separate function,
and adds tests of that function so that we can ensure we're
generating the correct content.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-02-01 12:09:13 -08:00
Vitor Savian
9a70021a9e
Error getting node in setEtcdStatusCondition
...
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
Added retry and changed nodes for
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
2024-01-11 22:06:36 -03:00
Brad Davidson
c87e6e5f7e
Move proxy dialer out of init() and fix crash
...
* Fixes issue where proxy support only honored server address via K3S_URL, not CLI or config.
* Fixes crash when agent proxy is enabled, but proxy env vars do not return a proxy URL for the server address (server URL is in NO_PROXY list).
* Adds tests
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-11 16:12:15 -08:00
Brad Davidson
76fa022045
Enable network policy controller metrics
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-11 10:19:39 -08:00
Brad Davidson
37e9b87f62
Add embedded registry implementation
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-09 15:23:05 -08:00
Brad Davidson
ef90da5c6e
Add server CLI flag and config fields for embedded registry
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-09 15:23:05 -08:00
Brad Davidson
77846d63c1
Propagate errors up from config.Get
...
Fixes crash when killing agent while waiting for config from server
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-09 15:23:05 -08:00
Brad Davidson
16d29398ad
Move registries.yaml load into agent config
...
Moving it into config.Agent so that we can use or modify it outside the context of containerd setup
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-09 15:23:05 -08:00
Brad Davidson
5c99bdd9bd
Pin images instead of locking layers with lease
...
Layer leases never did what we wanted anyways, and this is the new approved interface for ensuring that images do not get GCd
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-09 15:23:05 -08:00
Vitor Savian
4a92ced8ee
Handle etcd status condition when cluster reset and disable etcd
...
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
Set condition if node is unhealthy
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
2024-01-09 11:20:41 -03:00
Aofei Sheng
8d2c40cdac
Use `ipFamilyPolicy: RequireDualStack` for dual-stack kube-dns ( #8984 )
...
Signed-off-by: Aofei Sheng <aofei@aofeisheng.com>
2024-01-09 00:44:03 +02:00
Manuel Buil
6330e26bb3
Wait for taint to be gone in the node before starting the netpol controller
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2024-01-08 12:04:18 +01:00
Brad Davidson
b297996b92
Add runtime checking of golang version
...
Forces other groups packaging k3s to intentionally choose to build k3s with an unvalidated golang version
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-04 17:22:46 -08:00
Lex Rivera
5fe074b540
Add more paths to crun runtime detection ( #9086 )
...
* add usr/local paths for crun detection
Signed-off-by: Lex Rivera <me@lex.io>
2024-01-04 16:51:13 -08:00
Brad Davidson
c45524e662
Add support for containerd cri registry config_path
...
Render cri registry mirrors.x.endpoints and configs.x.tls into config_path; keep
using mirrors.x.rewrites and configs.x.auth those do not yet have an
equivalent in the new format.
The new config file format allows disabling containerd's fallback to the
default endpoint when using mirror endpoints; a new CLI flag is added to
control that behavior.
This also re-shares some code that was unnecessarily split into parallel
implementations for linux/windows versions. There is probably more work
to be done on this front but it's a good start.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-04 16:50:26 -08:00
Brad Davidson
319dca3e82
Fix nil map in full snapshot configmap reconcile
...
If a full reconcile wins the race against sync of an individual snapshot resource, or someone intentionally deletes the configmap, the data map could be nil and cause a crash.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-04 16:49:58 -08:00
Brad Davidson
db7091b3f6
Handle logging flags when parsing kube-proxy args
...
Also adds a test to ensure this continues to work.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-04 16:23:03 -08:00
Brad Davidson
1e663622d2
Fix the OTHER log message that prints the wrong variable
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-04 15:23:39 -08:00
Brad Davidson
a27d660a24
Add ServiceLB support for PodHostIPs FeatureGate
...
If the feature-gate is enabled, use status.hostIPs for dual-stack externalTrafficPolicy=Local support
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-02 16:00:09 -08:00
Derek Nola
aca1c2fd11
Add a retry around updating a secrets-encrypt node annotations ( #9039 )
...
* Add a retry around updating a se node annotations
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-01-02 12:21:37 -08:00
Pierre
bbd68f3a50
Rebase & Squash ( #9070 )
...
Signed-off-by: Yodo <pierre@azmed.co>
2024-01-02 12:05:36 -08:00
Derek Nola
3190a5faa2
Remove rotate-keys subcommand ( #9079 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-12-20 12:26:41 -08:00
Hussein Galal
9411196406
Update flannel to v0.24.0 and remove multiclustercidr flag ( #9075 )
...
* update flannel to v0.24.0
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* remove multiclustercidr flag
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
---------
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2023-12-20 00:25:38 +02:00
Hussein Galal
7101af36bb
Update Kubernetes to v1.29.0+k3s1 ( #9052 )
...
* Update to v1.29.0
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Update to v1.29.0
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Update go to 1.21.5
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* update golangci-lint
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* update flannel to 0.23.0-k3s1
This update uses k3s' fork of flannel to allow the removal of
multicluster cidr flag logic from the code
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix flannel calls
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* update cri-tools to version v1.29.0-k3s1
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Remove GOEXPERIMENT=nounified from arm builds
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Skip golangci-lint
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Fix setup logging with newer go version
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Move logging flags to components arguments
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* add sysctl commands to the test script
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Update scripts/test
Signed-off-by: Brad Davidson <brad@oatmail.org>
* disable secretsencryption tests
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
---------
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
Signed-off-by: Brad Davidson <brad@oatmail.org>
Co-authored-by: Brad Davidson <brad@oatmail.org>
2023-12-19 05:14:02 +02:00
Brad Davidson
231cb6ed20
Remove GA feature-gates ( #8970 )
...
Remove KubeletCredentialProviders and JobTrackingWithFinalizers feature-gates, both of which are GA and cannot be disabled.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-12-14 22:57:24 +02:00
Brad Davidson
08509a2a90
Allow setting default-runtime on servers
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-12-08 18:18:08 -08:00
Brad Davidson
b9c288f702
Bump containerd/runc to v1.7.10-k3s1/v1.1.10
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-12-08 18:17:19 -08:00
Vitor Savian
03532f7c0b
Added runtime classes for crun/wasm/nvidia
...
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
Added default runtime flag
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
2023-12-08 15:49:28 -03:00
Brad Davidson
6d3a92a658
Print key instead of file path in snapshot metadata log message
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-11-21 14:03:27 -08:00
Brad Davidson
b23e70d519
Don't apply s3 retention if S3 client failed to initialize
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-11-21 14:03:27 -08:00
Brad Davidson
a92c4a0f17
Don't request metadata when listing objects
...
While some implementations may support it, it appears that most don't,
and some may in fact return an error if it is requested.
We already stat the object to get the metadata anyway, so this was
unnecessary if harmless on most implementations.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-11-21 14:03:27 -08:00
Brad Davidson
1e0a7044cf
Reorder snapshot configmap reconcile to reduce log spew during initial startup
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-11-17 10:09:01 -08:00
Vitor Savian
e53c189587
Handle nil pointer when runtime core is not ready in etcd
...
Signed-off-by: Vitor <vitor.savian@suse.com>
2023-11-16 15:58:42 -08:00