Manuel Buil
681058bb40
Add dual-stack support
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
3 years ago
Brad Davidson
b72306ce3d
Return the error since it just gets logged and retried anyways
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
3 years ago
Brad Davidson
5986898419
Use SubjectAccessReview to validate CCM RBAC
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
3 years ago
Brad Davidson
dc556cbb72
Set controller authn/authz kubeconfigs
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
3 years ago
Brad Davidson
199424b608
Pass context into all Executor functions
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
3 years ago
Chris Kim
928b8531c3
[master] Add `etcd-member-management` controller to K3s ( #4001 )
...
* Initial leader elected etcd member management controller
* Bump etcd to v3.5.0-k3s2
Signed-off-by: Chris Kim <oats87g@gmail.com>
3 years ago
Brad Davidson
57377d2cd4
Minor cleanup on cribbed function
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
3 years ago
Brad Davidson
3449d5b9f9
Wait for apiserver readyz instead of healthz
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
3 years ago
Brad Davidson
b4d8c641c6
Add exposed metrics listener instead of replacing loopback listener
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
3 years ago
Brad Davidson
29c8b238e5
Replace klog with non-exiting fork
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
3 years ago
Brad Davidson
90960ebf4e
SupportPodPidsLimit is locked to true of 1.20, making pids cgroup support mandatory
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
3 years ago
Darren Shepherd
741ba95b04
Migrate sqlite data to etcd when initializing the cluster
...
Signed-off-by: Darren Shepherd <darren@rancher.com>
3 years ago
Devin Buhl
a1ec43e0b7
feat: add option to disable s3 over https
...
Signed-off-by: Devin Buhl <devin.kray@gmail.com>
3 years ago
Kohei Tokunaga
8b857eef9c
Ship Stargz Snapshotter ( #2936 )
...
* Ship Stargz Snapshotter
Signed-off-by: ktock <ktokunaga.mail@gmail.com>
* Bump github.com/containerd/stargz-snapshotter to v0.8.0
Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
3 years ago
Brad Davidson
cf12a13175
Add missing node name entry to apiserver SAN list
...
Also honor node-ip when adding the node address to the SAN list, instead
of hardcoding the autodetected IP address.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
3 years ago
Brad Davidson
b8add39b07
Bump kine for metrics/tls changes
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
3 years ago
Hussein Galal
933052a02c
Fix condition for adding kubernetes endpoints ( #3941 )
...
* Fix condition for adding kubernetes endpoints
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Fix condition for adding kubernetes endpoints
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
3 years ago
Derek Nola
60297a1bbe
Creation of K3s integration test Sonobuoy plugin ( #3931 )
...
* Added test runner and build files
* Changes to int test to output junit results.
* Updated documentation, removed comments
Signed-off-by: dereknola <derek.nola@suse.com>
3 years ago
Brad Davidson
2a68c7c8a4
Fix issue where addon checksum was never stored
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
3 years ago
Manuel Buil
2e5c9e5cad
Merge pull request #3916 from manuelbuil/net_v6
...
Add functions to separate ipv4 and ipv6 CIDRs
3 years ago
Manuel Buil
96dcef478a
Add functions to separate ipv4 from ipv6 functions
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
3 years ago
Derek Nola
114b30277f
Redux: Enable K3s integration test to run on existing cluster ( #3905 )
...
* Made it possible to run int tests on existing cluster
Signed-off-by: dereknola <derek.nola@suse.com>
3 years ago
Akihiro Suda
331c6fed71
Remove runtime V1 (`containerd-shim`)
...
Fix issue 3105
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
3 years ago
Akihiro Suda
176451f4ea
Fix rootless regression in 1.22 (Set KubeletInUserNamespace gate) ( #3901 )
...
Fix issue 3900
Kubernetes 1.22 requires `KuebletInUserNamespace` feature gate to be set for rootless:
https://kubernetes.io/docs/tasks/administer-cluster/kubelet-in-userns/#userns-the-hard-way
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
3 years ago
Derek Nola
66dacc6ee0
Revert "Enable K3s integration test to run on existing cluster ( #3892 )" ( #3899 )
...
This reverts commit 703b5af950
.
3 years ago
Derek Nola
703b5af950
Enable K3s integration test to run on existing cluster ( #3892 )
...
* Made it possible to run int tests on existing cluster
Signed-off-by: dereknola <derek.nola@suse.com>
3 years ago
Brad Davidson
e95b75409a
Fix lint failures
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
3 years ago
Brad Davidson
a5355f0827
Replace dropped v1beta1 APIs with v1
...
Requires updating traefik as well to drop deprecated types.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
3 years ago
Brad Davidson
dc14f370c4
Update wrangler to v0.8.5
...
Required to support apiextensions.v1 as v1beta1 has been deleted. Also
update helm-controller and dynamiclistener to track wrangler versions.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
3 years ago
Brad Davidson
c434db7cc6
Wrap errors in runControllers for additional context
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
3 years ago
Brad Davidson
422d266da2
Disable deprecated insecure port
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
3 years ago
Brad Davidson
641ab26fde
Update containerd to 1.5
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
3 years ago
Brad Davidson
872855015c
Update etcd to v3.5.0
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
3 years ago
Brad Davidson
e204d863a5
Update Kubernetes to v1.22.1
...
* Update Kubernetes to v1.22.1
* Update dependent modules to track with upstream
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
3 years ago
Derek Nola
ed5991f13b
K3s Flock Integration Test ( #3887 )
...
* Upgraded flock with shared and integration test.
Signed-off-by: dereknola <derek.nola@suse.com>
Co-authored-by: Brian Downs <brian.downs@gmail.com>
3 years ago
Hussein Galal
e322924781
Reset load balancer state during restoraion ( #3877 )
...
* Reset load balancer state during restoraion
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Reset load balancer state during restoraion
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
3 years ago
Malte Starostik
b23955e835
Fix URL pruning when joining an etcd member ( #3832 )
...
* Fix URL pruning when joining an etcd member
Problem:
Existing member clientURLs were checked if they contain the joining
node's IP. In some edge cases this would prune valid URLs when the
joining IP is a substring match of the only existing member's IP.
Because of this, it was impossible to e.g. join 10.0.0.2 to an existing
node that has an IP of 10.0.0.2X or 10.0.0.2XX:
level=fatal msg="starting kubernetes: preparing server: start managed database:
joining etcd cluster: etcdclient: no available endpoints"
Solution:
Fixed by properly parsing the URLs and comparing the IPs for equality
instead of substring match.
Signed-off-by: Malte Starostik <info@stellaware.de>
3 years ago
Derek Nola
a1e36153f9
Added locking system for integration tests ( #3820 )
...
* Added locking system for integration tests
Signed-off-by: dereknola <derek.nola@suse.com>
3 years ago
Jamie Phillips
ae909c73e5
Updated the code to use GetNetworkByName and tweaked logic.
...
Updated the method being called and tweaked the logic.
Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>
3 years ago
Derek Nola
4cc781b5e3
Moved testing utils into tests directory. Improved gotests template. ( #3805 )
...
* Moved testing utils into tests directory. Improved gotests template.
* Updated cgroups2 with util folder rename
Signed-off-by: dereknola <derek.nola@suse.com>
3 years ago
Brian Downs
dcf0657b20
account for an s3 folder when listing objects ( #3807 )
...
* account for an s3 folder when listing objects
3 years ago
Derek Nola
b4eca61aeb
Prevent snapshot commands from creating empty snapshot directory ( #3783 )
...
Signed-off-by: dereknola <derek.nola@suse.com>
3 years ago
Jiaqi Luo
3b01157a3a
Use New Image Names ( #3749 )
...
* switch image names to the ones with the prefix mirrored
* bump rancher/mirrored-coredns-coredns to 1.8.4
Signed-off-by: Jiaqi Luo <6218999+jiaqiluo@users.noreply.github.com>
3 years ago
Hussein Galal
bc96ffb5f3
Fix Node stuck at deletion ( #3771 )
...
* fix Node stuck at deletion
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix Node stuck at deletion
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
3 years ago
Brad Davidson
dfd4e42e57
Wrap context with lease before importing images
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
3 years ago
Hussein Galal
2069cdf4ee
Fix initial start of etcd only nodes ( #3748 )
...
* Fix initial start of etcd only nodes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* more fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* more fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
3 years ago
Ryan Sanna
429af17e4d
update rancher/local-path-provisioner to v0.0.20
...
Signed-off-by: Ryan Sanna <ryansann@umich.edu>
3 years ago
Brad Davidson
5ab3590d9b
Improve config retrieval messages
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
3 years ago
Brad Davidson
869b98bc4c
Sync DisableKubeProxy into control struct
...
Sync DisableKubeProxy from cfg into control before sending control to clients,
as it may have been modified by a startup hook.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
3 years ago
Hussein Galal
b1b5f72dc3
Notify systemd for etcd only node ( #3732 )
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
3 years ago
Jamie Phillips
7704fb6ee5
Exporting the AddFeatureGate function and adding a unit test for it. ( #3661 )
3 years ago
Jamie Phillips
fc19b805d5
Added logic to strip any existing hyphens before processing the args. ( #3662 )
...
Updated the logic to handle if extra args are passed with existing hyphens in the arg. The test was updated to add the additional case of having pre-existing hyphens. The method name was also refactored based on previous feedback.
3 years ago
Derek Nola
a1d7a62493
Fix to allow non-root users access to storage volumes. ( #3714 )
...
* Fix to prevent non-root users from accessing storage directory, while allowing non-root users access to subdirectories.
Signed-off-by: dereknola <derek.nola@suse.com>
* Added integration test
Signed-off-by: dereknola <derek.nola@suse.com>
3 years ago
Brad Davidson
90445bd581
Wait until server is ready before configuring kube-proxy ( #3716 )
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
3 years ago
Derek Nola
21c8a33647
Introduction of Integration Tests ( #3695 )
...
* Commit of new etcd snapshot integration tests.
* Updated integration github action to not run on doc changes.
* Update Drone runner to only run unit tests
Signed-off-by: dereknola <derek.nola@suse.com>
3 years ago
galal-hussein
20a48734c2
more fixes
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
3 years ago
galal-hussein
7ebcc4b134
more fixes
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
3 years ago
galal-hussein
b4401296ec
replace error with warn in delete
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
3 years ago
galal-hussein
2f82bfcf67
fix warning msg
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
3 years ago
galal-hussein
b377839148
migrate old token key format
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
3 years ago
galal-hussein
997ed7b9b4
simplifying the code
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
3 years ago
galal-hussein
ad17292fa8
migrate empty string key properly
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
3 years ago
galal-hussein
a65e5b6466
Fix multiple bootstrap keys found
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
3 years ago
Luther Monson
37fcb61f5e
move go routines for api server ready beneath wait group
...
Signed-off-by: Luther Monson <luther.monson@gmail.com>
3 years ago
Luther Monson
18bc98f60c
adding startup hooks args to access to Disables and Skips ( #3674 )
...
Signed-off-by: Luther Monson <luther.monson@gmail.com>
3 years ago
Derek Nola
bba49ea447
Fix to allow prune to correctly cleanup custom named snapshots ( #3649 )
...
Signed-off-by: dereknola <derek.nola@suse.com>
3 years ago
Jamie Phillips
aef8a6aafd
Adding support for waitgroup to the Startuphooks ( #3654 )
...
The startup hooks where executing after the deploy controller. We needed the deploy controller to wait until the startup hooks had completed.
3 years ago
Hussein Galal
a939decf01
fix a runtime core panic ( #3627 )
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
3 years ago
Derek Nola
55fe4ff5b0
Convert existing unit tests to standard layout ( #3621 )
...
* Converted parser_test.go, scrypt_test.go, types_test.go, nodeconfig_test.go
Signed-off-by: dereknola <derek.nola@suse.com>
3 years ago
Brian Downs
238dc2086e
prevent snapshot save when snapshots are disabled ( #3475 )
...
* prevent snapshot save when snapshots are disabled
3 years ago
William Zhang
a4c992ce52
🐳 burp to inetaf/tcpproxy
...
Problem:
tcpproxy repository has been moved out of the github.com/google org to github.com/inetaf.
Solution:
Switch to the new repo.
FYI: https://godoc.org/inet.af/tcpproxy/
Signed-off-by: William Zhang <warmchang@outlook.com>
3 years ago
Chris Kim
ada145641c
Update etcd snapshot error message to be more informative when etcd database is not found ( #3568 )
...
Signed-off-by: Chris Kim <oats87g@gmail.com>
3 years ago
Jamie Phillips
a62d143936
Fixing various bugs related to windows.
...
This changes the crictl template for issues with the socket information. It also addresses a typo in the socket address. Last it makes tweaks to configuration that aren't required or had incorrect logic.
Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>
spelling
3 years ago
Derek Nola
73df2d806b
Update embedded kube-router ( #3557 )
...
* Update embedded kube-router
Signed-off-by: dereknola <derek.nola@suse.com>
3 years ago
Deshi Xiao
77fcf2dfc5
missing build tag for windows
...
Signed-off-by: Deshi Xiao <xiaods@gmail.com>
3 years ago
Derek Nola
c833183517
Add unit tests for pkg/etcd ( #3549 )
...
* Created new etcd unit tests and testing support file
Signed-off-by: dereknola <derek.nola@suse.com>
3 years ago
Brad Davidson
cbfe673c43
Fix spelling to satisfy codespell check
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
3 years ago
Brad Davidson
cbacd7107e
Allow passing targeted environment variables to containerd
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
3 years ago
Hussein Galal
f5fbb9a9a8
Export cli server flags and etcd restoration functions ( #3527 )
...
* Export cli server flags and etfd restoration functions
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* export S3
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
3 years ago
Brad Davidson
246b378a27
Bump kine to resolve race condition and unrevisioned delete
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
3 years ago
Derek Nola
3e1693bc97
Changes local storage pods to have 700 permissions ( #3537 )
...
* Changes local storage pods to have 700 permissions
Signed-off-by: dereknola <derek.nola@suse.com>
3 years ago
Chris Kim
04398a2582
Move cloud-controller-manager into an embedded executor ( #3525 )
...
* Move cloud-controller-manager into an embedded executor
* Import K3s cloud provider and clean up imports
Signed-off-by: Chris Kim <oats87g@gmail.com>
3 years ago
Joe Kralicky
a84c75af62
Adds a command-line flag '--disable-helm-controller' that will disable
...
the server's built-in helm controller.
Problem:
Testing installation and uninstallation of the Helm Controller on k3s is
not possible if the Helm Controller is baked into the k3s server.
Solution:
The Helm Controller can optionally be disabled, which will allow users
to manage its installation manually.
Signed-off-by: Joe Kralicky <joe.kralicky@suse.com>
3 years ago
Jamie Phillips
82394d7d36
Basic windows agent that will join a cluster without CNI.
...
Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>
3 years ago
Hussein Galal
136dddca11
Fix storing bootstrap data with empty token string ( #3422 )
...
* Fix storing bootstrap data with empty token string
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* delete node password secret after restoration
fixes to bootstrap key
vendor update
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix comment
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix typo
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* more fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* typos
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Removing dynamic listener file after restoration
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* go mod tidy
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
3 years ago
Derek Nola
4b2ab8b515
Renamed client-cloud-controller crt and key ( #3470 )
...
Signed-off-by: dereknola <derek.nola@suse.com>
3 years ago
Derek Nola
ef23c6c548
Redux: Change containerd image leases from context lifespan to permanent ( #3464 )
...
* Changed containerd image licenses from context lifespan to permanent. Delete any existing licenses owned by k3s on server startup
Signed-off-by: dereknola <derek.nola@suse.com>
3 years ago
Derek Nola
b74c499709
Revert "Change containerd image leases from 24h to permanent ( #3452 )" ( #3461 )
...
This reverts commit 86b3ba8dba
.
4 years ago
Derek Nola
86b3ba8dba
Change containerd image leases from 24h to permanent ( #3452 )
...
* Changed containerd image licenses from 24h to permanent. Delete any existing licenses on server startup
Signed-off-by: dereknola <derek.nola@suse.com>
4 years ago
Brian Downs
88f95ec409
Send systemd notifications for both server and agent ( #3430 )
...
* update agent to sent systemd notify after everything starts
4 years ago
Brad Davidson
a7d1159ba6
Emit events for AddOn lifecycle
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
Brad Davidson
ea2cd6d727
Add comments, clean up imports and function names
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
Brad Davidson
6e48ca9b53
Tidy up function calls with many args
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
Brad Davidson
6ef000091a
Add nodename to UA string for deploy controller
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
Brad Davidson
f6cec4e75d
Add kubernetes.default.svc to serving certs
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
Manuel Buil
243fd14cf1
Change Replace with ReplaceAll function
...
strings has a specific function to replace all matches. We should use that one instead of strings.Replace(string, old, new string, -1)
Signed-off-by: Manuel Buil <mbuil@suse.com>
4 years ago
Brian Downs
afd506a595
fix possible race where bootstrap data might not save
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
4 years ago
Brian Downs
2682183773
add log message indicating etcd snapshots are disabled
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
4 years ago
Derek Nola
664a98919b
Fix RBAC cloud-controller-manager name 3308 ( #3388 )
...
* Changed cloud-controller-manager user name in ccm.yaml
Signed-off-by: dereknola <derek.nola@suse.com>
* Changed RBAC name in server.go
Signed-off-by: dereknola <derek.nola@suse.com>
* Changed "k3s" string prefix to version.Program to prevent static hardcoding
Signed-off-by: dereknola <derek.nola@suse.com>
* Changed user in ccm.yaml to k3s-cloud-controller-manager
Signed-off-by: dereknola <derek.nola@suse.com>
4 years ago
Manuel Buil
5153088286
Merge pull request #3385 from manuelbuil/wireguard-fix
...
Move wireguard's privatekey to flannel config directory
4 years ago