c707948adf
netpol: Add dual-stack support
...
This change allows to define two cluster CIDRs for compatibility with
Kubernetes dual-stuck, with an assumption that two CIDRs are usually
IPv4 and IPv6.
It does that by levearaging changes in out kube-router fork, with the
following downstream release:
https://github.com/k3s-io/kube-router/releases/tag/v1.3.2%2Bk3s
Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
2022-04-06 14:43:09 +02:00
c2e846dc16
Allow using flannel wireguard backend in a custom config
...
Ideally we'd have fully fleshed out support for it (i.e. #5011 ), but
that's a potentially breaking change and taking a little while to merge.
This is a much simpler change which won't break anything, but will allow
a "Type": "wireguard" reference in the "--flannel-conf" custom config
file to work.
Signed-off-by: Euan Kemp <euank@euank.com>
2022-04-05 09:44:26 -07:00
4afeb9c5c7
Merge pull request #5325 from rbrtbnfgl/fix-etcd-ipv6-url
...
Fixed etcd URL in case of IPv6 address
2022-04-05 09:55:42 +02:00
0746dde758
Fixed http URL on etcd
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2022-03-31 14:24:59 +02:00
06c779c57d
Fixed loadbalancer in case of IPv6 addresses
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2022-03-31 11:49:30 +02:00
b66974145c
Fixed etcd register
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2022-03-30 18:23:30 +02:00
313aaca547
Merge pull request #5361 from luthermonson/fix-containerd-npipe
...
[master] Wrap containerd.New
2022-03-30 07:35:50 -07:00
e29771b9ff
Fixed client URL
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2022-03-30 10:59:39 +02:00
62cc1ed24f
Skip setting up client tls when etcd server does not have tls enabled
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-03-30 01:03:41 -07:00
13191da58a
add a wrapper around the containerd.New call to fix and pass the proper npipe connector
...
Signed-off-by: Luther Monson <luther.monson@gmail.com>
2022-03-29 18:06:48 -07:00
dda409b041
Updated localhost address on IPv6 only setup
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2022-03-29 09:35:54 +02:00
1339626a5b
Defragment etcd datastore before clearing alarms
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-03-28 09:27:59 -07:00
e811689df9
Fix etcd-only secrets encryption rotation
...
Improve feedback when running secrets-encrypt commands on etcd-only nodes, and
allow etcd-only nodes to properly restart when effecting rotation.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-03-25 10:40:58 -07:00
d25ae8fbc2
Properly attach secrets-encrypt events to the node resource
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-03-23 16:01:21 -07:00
965d0a08ef
Fix log spam due to servicelb event recorder namespace conflict
...
Don't hardcode the event namespace when creating event recorders; some controllers want to create events in other namespaces.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-03-23 16:01:21 -07:00
714979bf6a
Ensure that apiserver ready channel checks re-dial every time
...
Closing idle connections isn't guaranteed to close out a pooled connection to a
loadbalancer endpoint that has been removed. Instead, ensure that requests used
to wait for the apiserver to become ready aren't reused.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-03-23 13:21:58 -07:00
2285aa699b
Fixed etcd URL in case of IPv6 address
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2022-03-23 15:35:51 +01:00
df94b3729f
go generate
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-03-18 14:51:57 -07:00
38706eeec0
Defer ensuring node passwords on etcd-only nodes during initial cluster bootstrap
...
This allows secondary etcd nodes to bootstrap the kubelet before an
apiserver joins the cluster. Rancher waits for all the etcd nodes to
come up before adding the control-plane nodes, so this needs to be
handled properly.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-03-18 10:58:37 -07:00
3cebde924b
Handle empty entries in bootstrap path map
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-03-17 13:42:27 -07:00
a93b9b6d53
Update helm-controller
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-03-16 23:49:14 -07:00
66e350ea88
Track upstream changes to kubectl command execution
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-03-16 17:19:18 -07:00
078da46532
Close additional leaked GPRC clients
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-03-15 18:07:55 -07:00
1f7abe5dbb
Testing directory and documentation rework. ( #5256 )
...
* Removed vagrant folder
* Fix comments around E2E ENVs
* Eliminate testutil folder
* Convert flock integration test to unit test
* Point to other READMEs
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-03-15 10:29:56 -07:00
ff85faa7de
Changed ipv6 config on flannel setup
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2022-03-09 12:30:33 +01:00
073f155fc4
Added ipv6 only support with flannel
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2022-03-09 09:35:01 +01:00
93346904cf
Merge pull request #5215 from rbrtbnfgl/flannel_0.17
...
Flannel 0.17
2022-03-09 08:51:10 +01:00
8083ef5824
fix function arg call ( #5234 )
2022-03-08 17:00:57 -07:00
003e094b45
Populate EtcdConfig in runtime from datastore when etcd is disabled ( #5222 )
...
Fixes issue with secrets-encrypt rotate not having any etcd endpoints
available on nodes without a local etcd server.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-03-08 09:04:31 -08:00
3fabc0703b
Merge pull request #4450 from olljanat/support-ipv6-only
...
Add partial support for IPv6 only mode
2022-03-08 11:38:52 +01:00
f3d81544b1
Fixed log in case of ipv6 only config
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2022-03-08 09:42:25 +01:00
0c83f50c4c
Added switch case to check netMode
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2022-03-08 09:34:25 +01:00
2c39febdd2
Fixed in case of empty address
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2022-03-07 14:09:29 +01:00
d7d4c891e2
Updated flannel to 0.17
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2022-03-07 14:09:05 +01:00
44c53743dd
Support MixedProtocolLBService and clean up Daemonsets on type change.
...
Also add event support to increase visibility of change events.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-03-03 15:30:04 -08:00
9a849b1bb7
[master] changing package to k3s-io ( #4846 )
...
* changing package to k3s-io
Signed-off-by: Luther Monson <luther.monson@gmail.com>
Co-authored-by: Derek Nola <derek.nola@suse.com>
2022-03-02 15:47:27 -08:00
a82ac4fdc7
servicelb pool selector
...
adds a new optional node label
"svccontroller.k3s.cattle.io/lbpool=<pool>" that can be set on nodes.
ServiceType: LoadBalancer services can then specify a matching label,
which will schedule the DaemonSet only on specified nodes. This allows
operators to specify different pools of nodes that can serve different
LoadBalancer services on the same ports.
Signed-off-by: robertlestak <robert.lestak@umusic.com>
2022-03-02 15:10:41 -08:00
f090bf2d5e
Bootstrap the executor even when the agent is disabled
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-03-02 02:47:54 -08:00
a7878db17f
Fix etcd-snapshot commands by making setup more consistent.
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-03-01 20:25:20 -08:00
9a48086524
Ignore cluster membership errors when reconciling from temp etcd
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-03-01 20:25:20 -08:00
e4846c92b4
Move temporary etcd startup into etcd module
...
Reuse the existing etcd library code to start up the temporary etcd
server for bootstrap reconcile. This allows us to do proper
health-checking of the datastore on startup, including handling of
alarms.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-03-01 20:25:20 -08:00
555087b9b8
Add function to clear local alarms on etcd startup
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-03-01 11:56:52 -08:00
333248466b
Add http/2 support to API server ( #5149 )
...
fix issue #5148
Signed-off-by: Kamil Madac <kamil.madac@gmail.com>
2022-03-01 11:27:52 -08:00
5014c9e0e8
Fix adding etcd-only node to existing cluster
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-02-28 19:56:08 -08:00
a1b800f0bf
Remove unnecessary copies of etcdconfig struct
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-02-28 12:05:16 -08:00
2989b8b2c5
Remove unnecessary copies of runtime struct
...
Several types contained redundant references to ControlRuntime data. Switch to consistently accessing this via config.Runtime instead.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-02-28 12:05:16 -08:00
54bb65064e
Fix cluster bootstrap test
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-02-28 12:05:16 -08:00
a698ece9c5
Add `--json` flag for `k3s secrets-encrypt status` ( #5127 )
...
* Add json flag for secrets-encrypt status
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-02-28 09:14:32 -08:00
40a46e1412
add ability to specify etcd snapshot list output format ( #5132 )
2022-02-25 14:00:00 -07:00
142eed1a9f
Create encryption hash file if it doesn't exist ( #5140 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-02-25 08:43:03 -08:00
43b1cb4820
Update to V1.23.4 k3s1 ( #5135 )
...
* Update to v1.23.4
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Upgrade treafik to 2.6.1
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Upgrade treafik to 2.6.1
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Upgrade treafik image in image-list
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Update kubernetes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2022-02-22 18:57:22 +02:00
062fe63dd1
Fix annoying netpol log
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2022-02-10 20:01:27 +01:00
966f4d6a01
Add support for IPv6 only mode
...
Automatically switch to IPv6 only mode if first node-ip is IPv6 address
Signed-off-by: Olli Janatuinen <olli.janatuinen@gmail.com>
2022-02-10 20:34:59 +02:00
e28be2912c
Migrate Ginkgo testing framework to V2, consolidate integration tests ( #5097 )
...
* Upgrade and convert ginkgo from v1 to v2
* Move all integration tests into integration folder
* Update TESTING.md
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-02-09 08:22:53 -08:00
13728058a4
Add k3s etcd restoration integration test ( #5014 )
...
* Add k3s etcd restoration test
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Fix tests and rebase
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Reorganizing the tests
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Fixing comments
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Fix etcd restore
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* dont check for errors when restoring
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* use eventually to test for restoration
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix tests
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix golint
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2022-02-08 21:24:34 +02:00
773c2a4184
Merge pull request #5079 from manuelbuil/michalsPR
...
netpol: Use kube-router as a library
2022-02-07 19:18:15 +01:00
4fed9f4052
netpol: Use kube-router as a library
...
Before this change, we were copying a part of kube-router code to
pkg/agent/netpol directory with modifications, from which the biggest
one was consumption of k3s node config instead of kube-router config.
However, that approach made it hard to follow new upstream versions.
It's possible to use kube-router as a library, so it seems like a better
way to do that.
Instead of modifying kube-router network policy controller to comsume
k3s configuration, this change just converts k3s node config into
kube-router config. All the functionality of kube-router except netpol
is still disabled.
Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
Signed-off-by: Manuel Buil <mbuil@suse.com>
2022-02-07 10:54:08 +01:00
4f36c82ff7
Check for `--kubeconfig` flag with embedded `kubectl` ( #5064 )
...
* Check for kubeconfig flag
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-02-03 09:00:24 -08:00
df4147cd57
Update legacy-unknown-cert and legacy-unknown-key ( #5057 )
...
Signed-off-by: Ankur Gupta <ankur.gupta130887@gmail.com>
2022-02-02 09:15:41 -08:00
d583a99f62
Add server flag to access nonlocal/nondefault k3s server ( #5016 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-01-27 10:53:38 -08:00
bc7635f01f
Move containerd wait into exported function
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-25 13:09:30 -08:00
bb856c67dc
Merge pull request #4952 from rbrtbnfgl/ipv6-nat
...
Add IPv6 NAT
2022-01-19 08:44:57 +01:00
a094dee7dd
Update packaged components
...
Update images and manifests/charts for coredns, local-path-provisioner, traefik, and pause
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-18 16:40:00 -08:00
27fe2c3c1b
go generate
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-18 11:01:49 -08:00
8eded2749a
Added debug log for IPv6 Masquerading rule
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@gmail.com>
2022-01-17 10:20:12 +01:00
b1e0f4c8fc
Skip CGroup v2 evac when agent is disabled
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-14 13:24:44 -08:00
111c1669fc
Added flannel-ipv6-masq flag to enable IPv6 nat
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@gmail.com>
2022-01-14 18:35:37 +01:00
2253f64b2a
Added iptables masquerade rules for ipv6 on flannel
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@gmail.com>
2022-01-14 18:35:37 +01:00
effcb15adb
Adds the ability to compress etcd snapshots ( #4866 )
2022-01-14 10:31:22 -07:00
48ffed3852
Enable logging on all subcommands ( #4921 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-01-12 14:00:40 -08:00
a0cadcd343
Move ClusterResetRestore handling ControlConfig setup
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-12 10:46:10 -08:00
5ca206ad3b
Fix handling of agent-token fallback to token
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-07 09:56:37 -08:00
e7464a17f7
Fix use of agent creds for secrets-encrypt and config validate
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-06 12:55:18 -08:00
31f1a00b6f
Fix a typo: advertise-up -> advertise-ip ( #4827 )
...
Signed-off-by: 胥朝阳 <xuzhaoyang@91cyt.com>
2022-01-06 08:52:07 -08:00
2ac8df3602
Integration tests utilities improvements ( #4832 )
...
* Remove sudo commands from integration tests
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Added cleanup fucntion
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Implement better int cleanup
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Rename test utils
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Enable K3sCmd to be a single string
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Removed parsePod function
Signed-off-by: Derek Nola <derek.nola@suse.com>
* codespell
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Revert startup timeout
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Reorder sonobuoy tests, drop concurrent tests to 3
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Disable etcd
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Skip parallel testing for etcd
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-01-06 08:05:56 -08:00
66eeabbdfc
linter doesn't actually run on windows, found these while getting it running on a windows machine
...
Signed-off-by: Luther Monson <luther.monson@gmail.com>
2021-12-28 20:44:21 -07:00
ff49dcf71e
Export default parser
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
(cherry picked from commit 9cc930e4a3
2021-12-22 16:06:55 -08:00
87395e32d6
Update modules for Kubernetes v1.23
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-12-22 10:47:38 -08:00
30c701f5de
Merge pull request #4796 from manuelbuil/flannel-logrus
...
Move flannel logs to logrus
2021-12-22 10:33:43 +01:00
a5c6e6a68a
Fix panic checking name of uninitialized etcd member
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-12-21 23:38:20 -08:00
02f862da5f
Merge pull request #4791 from luthermonson/vendor-rm
...
[master] Remove the Vendor Directory
2021-12-21 15:07:55 -07:00
3ae550ae51
Update bootstrap logic to output all changed files on disk ( #4800 )
2021-12-21 14:28:32 -07:00
e6cf8f5982
code changes to drop the vendor dir
...
Signed-off-by: Luther Monson <luther.monson@gmail.com>
2021-12-21 14:23:38 -07:00
4eb282edac
Move flannel logs to logrus
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-12-21 14:34:51 +01:00
2e91913f54
Close agentReady channel only in k3s ( #4792 )
...
* Close agentReady channel only in k3s
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* codespell check
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-12-21 00:22:49 +02:00
8ad7d141e8
Close etcd clients to avoid leaking GRPC connections
...
If you don't explicitly close the etcd client when you're done with it,
the GRPC connection hangs around in the background. Normally this is
harmelss, but in the case of the temporary etcd we start up on 2399 to
reconcile bootstrap data, the client will start logging errors
afterwards when the server goes away.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-12-17 23:55:17 -08:00
588d15db8f
Remove Disables, Skips and DisableKubeProxy from the comparing configs
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-12-17 19:04:38 +01:00
6f4217a340
Build standalone containerd
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-12-16 12:00:15 -08:00
17eebe0563
Fix cold boot and reconcilation on secondary servers ( #4747 )
...
* Enable reconcilation on secondary servers
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Remove unused code
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Attempt to reconcile with datastore first
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Added warning on failure
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Update warning
Signed-off-by: Derek Nola <derek.nola@suse.com>
* golangci-lint fix
Signed-off-by: Derek Nola <derek.nola@suse.com>
2021-12-15 15:38:50 -08:00
d71b335871
Fix snapshot restoration on fresh nodes ( #4737 )
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-12-14 02:04:39 +02:00
bf4e037fcf
Resolve Bootstrap Migration Edge Case ( #4730 )
2021-12-13 13:02:30 -07:00
a6fe2c0bc5
Resolve restore bootstrap ( #4704 )
2021-12-09 14:54:27 -07:00
a70487d5ae
Update wharfie usage in windows code path
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-12-09 13:16:22 -08:00
3985fd0e26
[master] Add validation to certificate rotation ( #4692 )
...
* Add validation to certificate rotation
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add validation to certificate rotation
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-12-09 18:57:13 +02:00
1e0696628e
Merge pull request #4581 from manuelbuil/checking-HA-parameters
...
Verify new control plane nodes joining the cluster share the same config as cluster members
2021-12-08 10:49:28 +01:00
8f389ab030
Include node-external-ip in serving-kubelet.crt SANs ( #4620 )
...
* Include node-external-ip in serving-kubelet.crt SANs
Signed-off-by: Alexey Medvedchikov <alexeymedvedchikov@improbable.io>
2021-12-07 15:42:40 -08:00
bcb662926d
Secrets-encryption rotation ( #4372 )
...
* Regular CLI framework for encrypt commands
* New secrets-encryption feature
* New integration test
* fixes for flaky integration test CI
* Fix to bootstrap on restart of existing nodes
* Consolidate event recorder
Signed-off-by: Derek Nola <derek.nola@suse.com>
2021-12-07 14:31:32 -08:00
1b3187ea07
Check HA network parameters
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-12-07 23:09:05 +01:00
7d3447ceff
Bump wharfie to v0.5.1 and use shared decompression code
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-12-07 12:50:57 -08:00
77fd3e99ec
Add cert rotation command ( #4495 )
...
* Add cert rotation command
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* add function to check for dynamic listener file
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* Add dynamiclistener cert rotation support
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fixes to the cert rotation
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix ci tests
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fixes to certificate rotation command
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* more fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
Co-authored-by: Brian Downs <brian.downs@gmail.com>
2021-12-02 23:19:16 +02:00
8141a933b0
Merge pull request #4550 from manuelbuil/improve_flannel_logging
...
Improve flannel code and logging
2021-12-01 18:22:23 +01:00
d05c334a78
Improved cleanup for etcd unit test ( #4537 )
...
* Improved cleanup for etcd unit test
Signed-off-by: Derek Nola <derek.nola@suse.com>
2021-11-29 14:46:58 -08:00
ae4a1a144a
etcd snapshot functionality enhancements ( #4453 )
...
Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-11-29 10:30:04 -08:00
0c1f816f24
go generate
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-11-23 16:38:55 -08:00
7685da3e24
Improve flannel logging
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-11-22 21:51:52 +01:00
03485632ea
Fix regression with cluster reset ( #4521 )
...
* Fix regression with cluster reset
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* typo
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-11-17 23:22:18 +02:00
ef263bd2b0
Improved regex for double equals arguments ( #4505 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2021-11-16 11:16:13 -08:00
535a919635
Removed value from warning about skipping flags ( #4491 )
...
* Enabled skipping of unkown flags from config in parser
* Added new unit test, expanded existing
* Add warning back in, without value
Signed-off-by: Derek Nola <derek.nola@suse.com>
2021-11-15 13:17:10 -07:00
f18b3252c0
[master] Add etcd extra args support for K3s ( #4463 )
...
* Add etcd extra args support for K3s
Signed-off-by: Chris Kim <oats87g@gmail.com>
* Add etcd custom argument integration test
Signed-off-by: Chris Kim <oats87g@gmail.com>
* go generate
Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-11-11 21:03:15 -08:00
41ff19de71
Feature: Add CoreDNS Customization Options
...
Problem:
Before, to customize CoreDNS, one had to edit the default configmap,
which gets re-written on every K3s server restart.
Solution:
Mount an additional coredns-custom configmap into the CoreDNS container
and import overrides and additional server blocks from the included
files.
Signed-off-by: Thorsten Klein <iwilltry42@gmail.com>
2021-11-11 18:41:22 -08:00
4b57951fb0
Fix to allow etcd-snapshot to use config file with flags that are only used with k3s server. ( #4464 )
...
* Enabled skipping of unknown flags from config in parser
* Added new unit test, expanded existing
Signed-off-by: Derek Nola <derek.nola@suse.com>
2021-11-11 16:01:23 -08:00
5ab6d21a7d
Increase agent's apiserver ready timeout ( #4454 )
...
Since we now start the server's agent sooner and in the background, we
may need to wait longer than 30 seconds for the apiserver to become
ready on downstream projects such as RKE2.
Since this essentially just serves as an analogue for the server's
apiReady channel, there's little danger in setting it to something
relatively high.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-11-11 14:01:49 -07:00
bc7cdc78ca
go generate
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-11-10 17:36:01 -08:00
8271d98a76
Merge pull request #4437 from manuelbuil/fix_svclb_ipv6_rh
...
Allow svclb pod to enable ipv6 forwarding
2021-11-10 19:08:40 +01:00
5d168a1d59
Allow svclb pod to enable ipv6 forwarding
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-11-10 18:20:03 +01:00
adaeae351c
update bootstrap logic ( #4438 )
...
* update bootstrap logic resolving a startup bug and account for etcd
2021-11-10 05:33:42 -07:00
7bd65047c3
Match to last After keyword for parser ( #4383 )
...
* Made parser able to skip over subcommands
* Edge case coverage, reworked regex with groups
Signed-off-by: Derek Nola <derek.nola@suse.com>
2021-11-08 10:54:48 -08:00
36c6634cce
[master] updating to new signals package in wrangler ( #4399 )
...
* updating to new signals package in wrangler
Signed-off-by: Luther Monson <luther.monson@gmail.com>
2021-11-08 08:32:43 -07:00
f7dcc139ff
Bump klipper-lb image for arm fix
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-11-02 18:55:09 -07:00
f1622129e4
refactor: Use plain channel send or receive
...
fix issue #4369
should use a simple channel send/receive instead of select with a single
case
Signed-off-by: Deshi Xiao <xiaods@gmail.com>
2021-11-01 15:00:49 -07:00
f9f1cabe9c
Fix log/reap reexec
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-11-01 14:24:14 -07:00
702fe24afe
containerd/cri: enable the btrfs snapshotter ( #4316 )
...
* vendor: btrfs
* enable the btrfs snapshotter
* testing: snapshotter/btrfs
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2021-10-29 23:31:33 -07:00
3da1bb3af2
Fix other uses of NewForConfigOrDie in contexts where we could return err
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-10-29 15:18:14 -07:00
5acd0b9008
Watch the local Node object instead of get/sleep looping
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-10-29 15:18:14 -07:00
3fe460d080
Block scheduler startup on untainted node when using embedded CCM
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-10-29 15:18:14 -07:00
7c3f21e581
K3s Integration test fixes ( #4341 )
...
* Move tests into sub folders
* Updated documentation
* Prevent infinite loop is user has not made k3s
Signed-off-by: dereknola <derek.nola@suse.com>
2021-10-28 12:35:28 -07:00
ab3d25a2c5
Update peer address when running cluster-reset
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-10-25 15:43:27 -07:00
0a0b915921
reset buffer after use ( #4279 )
2021-10-22 15:56:01 -07:00
918945da45
Added configuration input to etcd-snapshot ( #4280 )
...
Signed-off-by: dereknola <derek.nola@suse.com>
2021-10-22 12:03:32 -07:00
e11a4bf8bb
set duration to second ( #4231 )
2021-10-15 16:46:39 -07:00
0452f017c1
Add etcd s3 timeout ( #4207 )
2021-10-15 10:24:14 -07:00
34080b23b1
Copy old bootstrap buffer data for use during migration ( #4215 )
2021-10-15 10:17:29 -07:00
dbc14b8990
Fix race condition in cloud provider
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-10-15 13:28:32 +02:00
5a923ab8dc
Add containerd ready channel to delay etcd node join
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-10-14 14:03:52 -07:00
b282528ee2
Display cluster tls error only in debug mode ( #4124 )
...
* Display cluster tls error only in debug mode
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-10-13 00:00:28 +02:00
dc18ef2e51
Refactor log and reaper exec to omit MAINPID
...
Using MAINPID breaks systemd's exit detection, as it stops watching the
original pid, but is unable to watch the new pid as it is not a child
of systemd itself. The best we can do is just notify when execing the child
process.
We also need to consolidate forking into a sigle place so that we don't
end up with multiple levels of child processes if both redirecting log
output and reaping child processes.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-10-12 13:35:10 -07:00
feec44572d
Improve error message when using a "K10" prefixed token ( #4180 )
...
* Add new error message with a K10 prefixed secret token
Signed-off-by: dereknola <derek.nola@suse.com>
2021-10-11 10:00:22 -07:00
ac7a8d89c6
Add ability to reconcile bootstrap data between datastore and disk ( #3398 )
2021-10-07 12:47:00 -07:00
b6919adf62
Add "etcd-" prefix to etcd-snapshot commands as aliases ( #4161 )
...
* Add "etcd-" prefix to etcd-snapshot commands as alias
Signed-off-by: dereknola <derek.nola@suse.com>
2021-10-06 14:20:22 -07:00
635f790eb4
Merge pull request #4114 from manuelbuil/lb-controller-dual-stack
...
Dual-stack support in serviceLB controller
2021-10-06 16:08:10 +02:00
00cf4578ec
Dual-stack support LB controller
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-10-06 11:06:20 +02:00
9b35734e1a
Add topologySpreadConstraints to support scaling of coredns
...
Signed-off-by: Marc Bachmann <marc.brookman@gmail.com>
2021-10-05 11:52:44 -07:00
12e675e2cc
Don't evacuate the root cgroup when rootless
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-10-01 16:18:12 -07:00
5d1a37ee32
Send MAINPID to systemd when reexecing for logfile output
...
This allows the new process to notify systemd when it is ready.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-29 11:41:09 -07:00
a16105b348
Properly handle operation as init process
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-28 11:05:34 -07:00
f4cea90cb9
set transport to skip verify if se skip flag passed ( #4102 )
2021-09-28 10:13:50 -07:00
87524a7ac7
Enable the inheritance of settings for ipv6
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-09-28 09:42:08 +02:00
47676eff78
Merge pull request #4080 from manuelbuil/update_klipperlb2
...
Use the new klipper-lb image that has newer go and Alpine versions
2021-09-27 10:11:52 +02:00
73e21e739f
Drop broken SupportNoneCgroupDriver support
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-23 16:12:51 -07:00
b99b943c17
Use the new klipper-lb image that has newer go and Alpine versions
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-09-22 09:23:38 +02:00
Michal Rostecki