753e11ee3c
Enable JobTrackingWithFinalizers FeatureGate
...
Works around issue with Job controller not tracking job pods that
are in CrashloopBackoff during upgrade from 1.21 to 1.22.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-17 11:26:45 -07:00
eda65b19d9
Remove expiremental from cluster commands ( #4024 )
...
Signed-off-by: dereknola <derek.nola@suse.com>
2021-09-15 16:41:50 -07:00
debb508643
Nvidia container runtime discovery in containerd config template ( #3890 )
...
* Update the default containerd config template with support for adding extra container runtimes. Add logic to discover nvidia container runtimes installed via the the gpu operator or package manager.
Signed-off-by: Joe Kralicky <joe.kralicky@suse.com>
2021-09-15 14:31:11 -07:00
086ca8ba6a
Fix premature etcd shutdown when joining an existing cluster
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-15 10:35:07 -07:00
60cd86bc42
Merge pull request #3906 from manuelbuil/dual-stack
...
Add dual-stack support on flannel
2021-09-15 18:48:10 +02:00
85e11c47d1
Add StargzSupported stub for Windows
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-15 09:45:57 -07:00
acf9036b63
No-op when etcd member was already removed and use existing name for etcd controller ( #4014 )
...
Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-09-15 08:41:30 -07:00
9fcd79baae
Add tests to the dual-stack PR and enable dual-stack with flannel backend
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-09-15 14:11:54 +02:00
681058bb40
Add dual-stack support
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-09-15 11:44:48 +02:00
b72306ce3d
Return the error since it just gets logged and retried anyways
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-14 16:41:27 -07:00
5986898419
Use SubjectAccessReview to validate CCM RBAC
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-14 16:41:27 -07:00
dc556cbb72
Set controller authn/authz kubeconfigs
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-14 16:41:27 -07:00
199424b608
Pass context into all Executor functions
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-14 16:41:27 -07:00
928b8531c3
[master] Add `etcd-member-management` controller to K3s ( #4001 )
...
* Initial leader elected etcd member management controller
* Bump etcd to v3.5.0-k3s2
Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-09-14 08:20:38 -07:00
57377d2cd4
Minor cleanup on cribbed function
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-10 17:04:15 -07:00
3449d5b9f9
Wait for apiserver readyz instead of healthz
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-10 17:04:15 -07:00
b4d8c641c6
Add exposed metrics listener instead of replacing loopback listener
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-10 09:39:39 -07:00
29c8b238e5
Replace klog with non-exiting fork
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-10 09:36:16 -07:00
90960ebf4e
SupportPodPidsLimit is locked to true of 1.20, making pids cgroup support mandatory
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-09 11:49:53 -07:00
741ba95b04
Migrate sqlite data to etcd when initializing the cluster
...
Signed-off-by: Darren Shepherd <darren@rancher.com>
2021-09-09 10:24:02 -07:00
a1ec43e0b7
feat: add option to disable s3 over https
...
Signed-off-by: Devin Buhl <devin.kray@gmail.com>
2021-09-05 12:03:49 -04:00
8b857eef9c
Ship Stargz Snapshotter ( #2936 )
...
* Ship Stargz Snapshotter
Signed-off-by: ktock <ktokunaga.mail@gmail.com>
* Bump github.com/containerd/stargz-snapshotter to v0.8.0
Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
2021-09-01 16:27:42 -07:00
cf12a13175
Add missing node name entry to apiserver SAN list
...
Also honor node-ip when adding the node address to the SAN list, instead
of hardcoding the autodetected IP address.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-01 13:22:32 -07:00
b8add39b07
Bump kine for metrics/tls changes
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-01 01:51:30 -07:00
933052a02c
Fix condition for adding kubernetes endpoints ( #3941 )
...
* Fix condition for adding kubernetes endpoints
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Fix condition for adding kubernetes endpoints
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-08-31 00:57:17 +02:00
60297a1bbe
Creation of K3s integration test Sonobuoy plugin ( #3931 )
...
* Added test runner and build files
* Changes to int test to output junit results.
* Updated documentation, removed comments
Signed-off-by: dereknola <derek.nola@suse.com>
2021-08-30 08:27:59 -07:00
2a68c7c8a4
Fix issue where addon checksum was never stored
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-08-27 10:26:13 -07:00
2e5c9e5cad
Merge pull request #3916 from manuelbuil/net_v6
...
Add functions to separate ipv4 and ipv6 CIDRs
2021-08-27 18:57:54 +02:00
96dcef478a
Add functions to separate ipv4 from ipv6 functions
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-08-27 10:14:39 +02:00
114b30277f
Redux: Enable K3s integration test to run on existing cluster ( #3905 )
...
* Made it possible to run int tests on existing cluster
Signed-off-by: dereknola <derek.nola@suse.com>
2021-08-26 16:26:19 -07:00
331c6fed71
Remove runtime V1 (`containerd-shim`)
...
Fix issue 3105
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-08-26 11:50:33 -07:00
176451f4ea
Fix rootless regression in 1.22 (Set KubeletInUserNamespace gate) ( #3901 )
...
Fix issue 3900
Kubernetes 1.22 requires `KuebletInUserNamespace` feature gate to be set for rootless:
https://kubernetes.io/docs/tasks/administer-cluster/kubelet-in-userns/#userns-the-hard-way
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-08-24 08:27:17 -07:00
66dacc6ee0
Revert "Enable K3s integration test to run on existing cluster ( #3892 )" ( #3899 )
...
This reverts commit 703b5af950
2021-08-24 07:26:14 -07:00
703b5af950
Enable K3s integration test to run on existing cluster ( #3892 )
...
* Made it possible to run int tests on existing cluster
Signed-off-by: dereknola <derek.nola@suse.com>
2021-08-23 12:12:03 -07:00
e95b75409a
Fix lint failures
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-08-20 18:47:16 -07:00
a5355f0827
Replace dropped v1beta1 APIs with v1
...
Requires updating traefik as well to drop deprecated types.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-08-20 18:47:16 -07:00
dc14f370c4
Update wrangler to v0.8.5
...
Required to support apiextensions.v1 as v1beta1 has been deleted. Also
update helm-controller and dynamiclistener to track wrangler versions.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-08-20 18:47:16 -07:00
c434db7cc6
Wrap errors in runControllers for additional context
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-08-20 18:47:16 -07:00
422d266da2
Disable deprecated insecure port
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-08-20 18:47:16 -07:00
641ab26fde
Update containerd to 1.5
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-08-20 18:47:16 -07:00
872855015c
Update etcd to v3.5.0
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-08-20 18:47:16 -07:00
e204d863a5
Update Kubernetes to v1.22.1
...
* Update Kubernetes to v1.22.1
* Update dependent modules to track with upstream
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-08-20 18:47:16 -07:00
ed5991f13b
K3s Flock Integration Test ( #3887 )
...
* Upgraded flock with shared and integration test.
Signed-off-by: dereknola <derek.nola@suse.com>
Co-authored-by: Brian Downs <brian.downs@gmail.com>
2021-08-20 12:34:22 -07:00
e322924781
Reset load balancer state during restoraion ( #3877 )
...
* Reset load balancer state during restoraion
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Reset load balancer state during restoraion
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-08-18 01:02:30 +02:00
b23955e835
Fix URL pruning when joining an etcd member ( #3832 )
...
* Fix URL pruning when joining an etcd member
Problem:
Existing member clientURLs were checked if they contain the joining
node's IP. In some edge cases this would prune valid URLs when the
joining IP is a substring match of the only existing member's IP.
Because of this, it was impossible to e.g. join 10.0.0.2 to an existing
node that has an IP of 10.0.0.2X or 10.0.0.2XX:
level=fatal msg="starting kubernetes: preparing server: start managed database:
joining etcd cluster: etcdclient: no available endpoints"
Solution:
Fixed by properly parsing the URLs and comparing the IPs for equality
instead of substring match.
Signed-off-by: Malte Starostik <info@stellaware.de>
2021-08-12 15:59:04 -07:00
a1e36153f9
Added locking system for integration tests ( #3820 )
...
* Added locking system for integration tests
Signed-off-by: dereknola <derek.nola@suse.com>
2021-08-10 16:22:12 -07:00
ae909c73e5
Updated the code to use GetNetworkByName and tweaked logic.
...
Updated the method being called and tweaked the logic.
Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>
2021-08-10 13:53:08 -07:00
4cc781b5e3
Moved testing utils into tests directory. Improved gotests template. ( #3805 )
...
* Moved testing utils into tests directory. Improved gotests template.
* Updated cgroups2 with util folder rename
Signed-off-by: dereknola <derek.nola@suse.com>
2021-08-10 11:13:26 -07:00
dcf0657b20
account for an s3 folder when listing objects ( #3807 )
...
* account for an s3 folder when listing objects
2021-08-09 16:14:41 -07:00
b4eca61aeb
Prevent snapshot commands from creating empty snapshot directory ( #3783 )
...
Signed-off-by: dereknola <derek.nola@suse.com>
2021-08-09 09:04:18 -07:00
3b01157a3a
Use New Image Names ( #3749 )
...
* switch image names to the ones with the prefix mirrored
* bump rancher/mirrored-coredns-coredns to 1.8.4
Signed-off-by: Jiaqi Luo <6218999+jiaqiluo@users.noreply.github.com>
2021-08-06 16:14:58 -07:00
bc96ffb5f3
Fix Node stuck at deletion ( #3771 )
...
* fix Node stuck at deletion
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix Node stuck at deletion
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-08-05 22:32:01 +02:00
dfd4e42e57
Wrap context with lease before importing images
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-08-04 10:22:19 -07:00
2069cdf4ee
Fix initial start of etcd only nodes ( #3748 )
...
* Fix initial start of etcd only nodes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* more fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* more fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-08-03 19:53:21 +02:00
429af17e4d
update rancher/local-path-provisioner to v0.0.20
...
Signed-off-by: Ryan Sanna <ryansann@umich.edu>
2021-08-02 12:25:47 -07:00
5ab3590d9b
Improve config retrieval messages
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-07-30 12:26:50 -07:00
869b98bc4c
Sync DisableKubeProxy into control struct
...
Sync DisableKubeProxy from cfg into control before sending control to clients,
as it may have been modified by a startup hook.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-07-30 12:26:50 -07:00
b1b5f72dc3
Notify systemd for etcd only node ( #3732 )
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-29 23:42:19 +02:00
7704fb6ee5
Exporting the AddFeatureGate function and adding a unit test for it. ( #3661 )
2021-07-28 13:04:42 -07:00
fc19b805d5
Added logic to strip any existing hyphens before processing the args. ( #3662 )
...
Updated the logic to handle if extra args are passed with existing hyphens in the arg. The test was updated to add the additional case of having pre-existing hyphens. The method name was also refactored based on previous feedback.
2021-07-28 13:04:19 -07:00
a1d7a62493
Fix to allow non-root users access to storage volumes. ( #3714 )
...
* Fix to prevent non-root users from accessing storage directory, while allowing non-root users access to subdirectories.
Signed-off-by: dereknola <derek.nola@suse.com>
* Added integration test
Signed-off-by: dereknola <derek.nola@suse.com>
2021-07-28 10:25:34 -07:00
90445bd581
Wait until server is ready before configuring kube-proxy ( #3716 )
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-07-27 14:56:05 -07:00
21c8a33647
Introduction of Integration Tests ( #3695 )
...
* Commit of new etcd snapshot integration tests.
* Updated integration github action to not run on doc changes.
* Update Drone runner to only run unit tests
Signed-off-by: dereknola <derek.nola@suse.com>
2021-07-26 09:59:33 -07:00
20a48734c2
more fixes
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-21 22:42:05 +02:00
7ebcc4b134
more fixes
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-21 22:39:44 +02:00
b4401296ec
replace error with warn in delete
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-21 22:18:56 +02:00
2f82bfcf67
fix warning msg
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-21 22:05:43 +02:00
b377839148
migrate old token key format
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-21 20:59:57 +02:00
997ed7b9b4
simplifying the code
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-21 19:56:19 +02:00
ad17292fa8
migrate empty string key properly
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-21 19:21:38 +02:00
a65e5b6466
Fix multiple bootstrap keys found
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-21 02:50:42 +02:00
37fcb61f5e
move go routines for api server ready beneath wait group
...
Signed-off-by: Luther Monson <luther.monson@gmail.com>
2021-07-20 17:36:34 -07:00
18bc98f60c
adding startup hooks args to access to Disables and Skips ( #3674 )
...
Signed-off-by: Luther Monson <luther.monson@gmail.com>
2021-07-20 05:24:52 +02:00
bba49ea447
Fix to allow prune to correctly cleanup custom named snapshots ( #3649 )
...
Signed-off-by: dereknola <derek.nola@suse.com>
2021-07-19 14:30:57 -07:00
aef8a6aafd
Adding support for waitgroup to the Startuphooks ( #3654 )
...
The startup hooks where executing after the deploy controller. We needed the deploy controller to wait until the startup hooks had completed.
2021-07-15 19:28:47 -07:00
a939decf01
fix a runtime core panic ( #3627 )
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-13 23:33:07 +02:00
55fe4ff5b0
Convert existing unit tests to standard layout ( #3621 )
...
* Converted parser_test.go, scrypt_test.go, types_test.go, nodeconfig_test.go
Signed-off-by: dereknola <derek.nola@suse.com>
2021-07-13 10:44:11 -07:00
238dc2086e
prevent snapshot save when snapshots are disabled ( #3475 )
...
* prevent snapshot save when snapshots are disabled
2021-07-09 10:22:49 -07:00
a4c992ce52
🐳 burp to inetaf/tcpproxy
...
Problem:
tcpproxy repository has been moved out of the github.com/google org to github.com/inetaf.
Solution:
Switch to the new repo.
FYI: https://godoc.org/inet.af/tcpproxy/
Signed-off-by: William Zhang <warmchang@outlook.com>
2021-07-08 16:58:09 -07:00
ada145641c
Update etcd snapshot error message to be more informative when etcd database is not found ( #3568 )
...
Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-07-07 16:01:50 -07:00
a62d143936
Fixing various bugs related to windows.
...
This changes the crictl template for issues with the socket information. It also addresses a typo in the socket address. Last it makes tweaks to configuration that aren't required or had incorrect logic.
Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>
spelling
2021-07-07 15:50:34 -07:00
73df2d806b
Update embedded kube-router ( #3557 )
...
* Update embedded kube-router
Signed-off-by: dereknola <derek.nola@suse.com>
2021-07-07 08:46:10 -07:00
77fcf2dfc5
missing build tag for windows
...
Signed-off-by: Deshi Xiao <xiaods@gmail.com>
2021-07-05 22:30:54 +08:00
c833183517
Add unit tests for pkg/etcd ( #3549 )
...
* Created new etcd unit tests and testing support file
Signed-off-by: dereknola <derek.nola@suse.com>
2021-07-01 16:08:35 -07:00
cbfe673c43
Fix spelling to satisfy codespell check
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-07-01 13:29:03 -07:00
cbacd7107e
Allow passing targeted environment variables to containerd
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-07-01 13:29:03 -07:00
f5fbb9a9a8
Export cli server flags and etcd restoration functions ( #3527 )
...
* Export cli server flags and etfd restoration functions
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* export S3
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-06-30 22:29:03 +02:00
246b378a27
Bump kine to resolve race condition and unrevisioned delete
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-06-30 09:54:46 -07:00
3e1693bc97
Changes local storage pods to have 700 permissions ( #3537 )
...
* Changes local storage pods to have 700 permissions
Signed-off-by: dereknola <derek.nola@suse.com>
2021-06-29 13:58:12 -07:00
04398a2582
Move cloud-controller-manager into an embedded executor ( #3525 )
...
* Move cloud-controller-manager into an embedded executor
* Import K3s cloud provider and clean up imports
Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-06-29 07:28:38 -07:00
a84c75af62
Adds a command-line flag '--disable-helm-controller' that will disable
...
the server's built-in helm controller.
Problem:
Testing installation and uninstallation of the Helm Controller on k3s is
not possible if the Helm Controller is baked into the k3s server.
Solution:
The Helm Controller can optionally be disabled, which will allow users
to manage its installation manually.
Signed-off-by: Joe Kralicky <joe.kralicky@suse.com>
2021-06-25 14:54:36 -04:00
82394d7d36
Basic windows agent that will join a cluster without CNI.
...
Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>
2021-06-23 09:07:50 -07:00
136dddca11
Fix storing bootstrap data with empty token string ( #3422 )
...
* Fix storing bootstrap data with empty token string
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* delete node password secret after restoration
fixes to bootstrap key
vendor update
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix comment
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix typo
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* more fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* typos
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Removing dynamic listener file after restoration
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* go mod tidy
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-06-22 22:42:34 +02:00
4b2ab8b515
Renamed client-cloud-controller crt and key ( #3470 )
...
Signed-off-by: dereknola <derek.nola@suse.com>
2021-06-16 13:54:35 -07:00
ef23c6c548
Redux: Change containerd image leases from context lifespan to permanent ( #3464 )
...
* Changed containerd image licenses from context lifespan to permanent. Delete any existing licenses owned by k3s on server startup
Signed-off-by: dereknola <derek.nola@suse.com>
2021-06-16 12:11:10 -07:00
b74c499709
Revert "Change containerd image leases from 24h to permanent ( #3452 )" ( #3461 )
...
This reverts commit 86b3ba8dba
2021-06-15 14:56:14 -07:00
86b3ba8dba
Change containerd image leases from 24h to permanent ( #3452 )
...
* Changed containerd image licenses from 24h to permanent. Delete any existing licenses on server startup
Signed-off-by: dereknola <derek.nola@suse.com>
2021-06-15 11:42:52 -07:00
88f95ec409
Send systemd notifications for both server and agent ( #3430 )
...
* update agent to sent systemd notify after everything starts
2021-06-15 04:20:26 -07:00
a7d1159ba6
Emit events for AddOn lifecycle
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-06-11 14:00:27 -07:00
ea2cd6d727
Add comments, clean up imports and function names
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-06-11 14:00:27 -07:00
6e48ca9b53
Tidy up function calls with many args
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-06-11 14:00:27 -07:00
6ef000091a
Add nodename to UA string for deploy controller
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-06-10 17:05:52 -07:00
f6cec4e75d
Add kubernetes.default.svc to serving certs
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-06-08 12:55:20 -07:00
243fd14cf1
Change Replace with ReplaceAll function
...
strings has a specific function to replace all matches. We should use that one instead of strings.Replace(string, old, new string, -1)
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-06-07 09:52:26 +02:00
afd506a595
fix possible race where bootstrap data might not save
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-06-04 15:05:47 -07:00
2682183773
add log message indicating etcd snapshots are disabled
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-06-04 09:18:16 -07:00
664a98919b
Fix RBAC cloud-controller-manager name 3308 ( #3388 )
...
* Changed cloud-controller-manager user name in ccm.yaml
Signed-off-by: dereknola <derek.nola@suse.com>
* Changed RBAC name in server.go
Signed-off-by: dereknola <derek.nola@suse.com>
* Changed "k3s" string prefix to version.Program to prevent static hardcoding
Signed-off-by: dereknola <derek.nola@suse.com>
* Changed user in ccm.yaml to k3s-cloud-controller-manager
Signed-off-by: dereknola <derek.nola@suse.com>
2021-06-02 14:50:11 -07:00
5153088286
Merge pull request #3385 from manuelbuil/wireguard-fix
...
Move wireguard's privatekey to flannel config directory
2021-06-02 09:44:27 +02:00
1576030d6b
Add a path for wireguard's privatekey
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-06-01 21:54:17 +02:00
7345ac35ae
Initial windows support for agent ( #3375 )
...
Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>
2021-06-01 12:29:46 -07:00
ecbf17e2ed
move object channel defer close to goroutine
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-05-18 19:58:30 -07:00
254b52077e
add retention default and wire in s3 prune
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-05-18 13:57:40 -07:00
7e175e8ad4
Handle conntrack-related sysctls in supervisor agent setup
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-18 13:40:44 -07:00
e8ecc00fc8
add etcd snapshot save subcommand
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-05-17 10:55:13 -07:00
6ee28214fa
Add the ability to prune etcd snapshots ( #3310 )
...
* add prune subcommand to force rentention policy enforcement
2021-05-13 13:36:33 -07:00
079620ded0
Fix passthrough of SystemDefaultRegistry from server config
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-13 02:18:09 -07:00
24474c5734
change --disable-apiserver flag
...
Signed-off-by: MonzElmasry <menna.elmasry@rancher.com>
2021-05-13 00:00:11 +02:00
e10524a6b1
Add executor.Bootstrap hook for pre-execution setup
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-11 18:46:15 -07:00
bcd8b67db4
Add the ability to list etcd snapshots ( #3303 )
...
* add ability to list local and s3 etcd snapshots
2021-05-11 16:59:33 -07:00
02a5bee62f
Add system-default-registry support and remove shared code ( #3285 )
...
* Move registries.yaml handling out to rancher/wharfie
* Add system-default-registry support
* Add CLI support for kubelet image credential providers
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-10 15:58:41 -07:00
948295e8e8
Fix cluster restoration in rke2 ( #3295 )
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-05-11 00:06:33 +02:00
fc037e87f8
Use config file values in node-args annotation
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-10 14:08:02 -07:00
e998cd110d
Add the ability to delete an etcd snapshot locally or from S3 ( #3277 )
...
* Add the ability to delete a given set of etcd snapshots from the CLI for locally stored and S3 store snapshots.
2021-05-07 16:10:04 -07:00
e77fd18270
Sign CSRs for kubelet-serving with the server CA
...
Problem:
Only the client CA is passed to the kube-controller-manager and
therefore CSRs with the signer name "kubernetes.io/kubelet-serving" are
signed with the client CA. Serving certificates must be signed with the
server CA otherwise e.g. "kubectl logs" fails with the error message
"x509: certificate signed by unknown authority".
Solution:
Instead of providing only one CA via the kube-controller-manager
parameter "--cluster-signing-cert-file", the corresponding CA for every
signer is set with the parameters
"--cluster-signing-kube-apiserver-client-cert-file",
"--cluster-signing-kubelet-client-cert-file",
"--cluster-signing-kubelet-serving-cert-file", and
"--cluster-signing-legacy-unknown-cert-file".
Signed-off-by: Siegfried Weber <mail@siegfriedweber.net>
2021-05-05 15:59:57 -07:00
f410fc7d1e
Invoke cluster reset function when only reset flag is passed ( #3276 )
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-05-05 17:40:04 +02:00
beb0d8397a
reference node name when needed
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-05-04 10:03:28 -07:00
c5ad71ce0b
Collect and Store etcd Snapshots and Metadata ( #3239 )
...
* Add the ability to store local etcd snapshots and etcd snapshots stored in an S3 compatible object store in a ConfigMap.
2021-04-30 18:26:39 -07:00
2db3bf7a89
Export CriConnection function ( #3225 )
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-04-29 22:11:19 +02:00
3cb4ca4b35
Use same SANs on ServingKubeAPICert as dynamiclistener
...
The kube-apiserver cert should have the same SANs in the same order,
excluding the extra user-configured SANs since this will only be used
in-cluster.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-28 09:58:19 -07:00
8f1a20c0d3
Add ability to append to slice during config file merge
...
If key ends in "+" the value of the key is appended to previous
values found. If values are string instead of a slice they are
automatically converted to a slice of one string.
Signed-off-by: Darren Shepherd <darren@rancher.com>
2021-04-27 15:59:03 -07:00
2705431d96
Add support for dual-stack Pod/Service CIDRs and node IP addresses ( #3212 )
...
* Add support for dual-stack cluster/service CIDRs and node addresses
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-21 15:56:20 -07:00
a0a1071aa5
Support .d directory for k3s config file ( #3162 )
...
Configuration will be loaded from config.yaml and then config.yaml.d/*.(yaml|yml) in
alphanumeric order. The merging is done by just taking the last value of
a key found, so LIFO for keys. Slices are not merged but replaced.
Signed-off-by: Darren Shepherd <darren@rancher.com>
2021-04-15 11:29:24 -07:00
601c4984f5
Fix service-account-issuer
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-14 14:51:42 -07:00
e8381db778
Update Kubernetes to v1.21.0
...
* Update Kubernetes to v1.21.0
* Update to golang v1.16.2
* Update dependent modules to track with upstream
* Switch to upstream flannel
* Track changes to upstream cloud-controller-manager and FeatureGates
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-14 14:51:42 -07:00
66ed6efd57
Resolve local retention issue when S3 in use.
...
Remove early return preventing local retention policy to be enforced
resulting in N number of snapshots being stored.
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-04-14 10:40:08 -07:00
80e4baf525
add hidden attribute to disable flags
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-04-13 14:30:47 -07:00
d9381b84ad
add etcd s3 secret and access key flags and env vars to secret data
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-04-12 14:47:16 -07:00
693c5290b1
Update CoreDNS to version 1.8.3. ( #3168 )
...
* update CoreDNS to 1.8.3
Rerun go generate and update the CoreDNS RBAC
2021-04-09 16:47:16 -07:00
ad4f04d2fc
Merge pull request #3155 from briandowns/rke2-issue-856
...
remove hidden attribute from cluster flags and related code
2021-04-09 12:55:27 -07:00
9a53fca872
Bump traefik to v2.4.8
...
Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>
2021-04-08 17:42:58 -07:00
58e93feda6
Fix CI failures non-deterministic traefik chart repackaging ( #3165 )
...
* Fix CI failures non-deterministic traefik chart repackaging
* Update generated bindata
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-08 15:33:15 -07:00
4a49b9e40b
delete nocluster file and remove build tag
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-04-07 12:16:28 -07:00
3ed9b0a997
remove hidden attribute from cluster flags and related code
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-04-07 11:36:02 -07:00
cfe7e0c734
remove duplicated func GetAddresses
...
refactor tunnel.go and controller.go, remove duplicated lines.
Signed-off-by: Xiao Deshi <xiaods@gmail.com>
2021-03-31 14:23:05 -07:00
cb73461a5b
AkihiroSuda/containerd-fuse-overlayfs -> containerd/fuse-overlayfs-snapshotter
...
The repo has been moved.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-03-24 10:34:34 -07:00
e672c988e4
rootless: allow kernel.dmesg_restrict=1
...
When `/dev/kmsg` is unreadable due to sysctl value `kernel.dmesg_restrict=1`,
bind-mount `/dev/null` into `/dev/kmsg`
Fix issue 3011
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-03-24 01:03:14 -07:00
6e8284e3d4
rootless: enable resource limitation (requires cgroup v2, systemd)
...
Now rootless mode can be used with cgroup v2 resource limitations.
A pod is executed in a cgroup like "/user.slice/user-1001.slice/user@1001.service/k3s-rootless.service/kubepods/podd0eb6921-c81a-4214-b36c-d3b9bb212fac/63b5a253a1fd4627da16bfce9bec58d72144cf30fe833e0ca9a6d60ebf837475".
This is accomplished by running `kubelet` in a cgroup namespace, and enabling `cgroupfs` driver for the cgroup hierarchy delegated by systemd.
To enable cgroup v2 resource limitation, `k3s server --rootless` needs to be launched as `systemctl --user` service.
Please see the comment lines in `k3s-rootless.service` for the usage.
Running `k3s server --rootless` via a terminal is not supported.
When it really needs to be launched via a terminal, `systemd-run --user -p Delegate --tty` needs to be prepended to create a systemd scope.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-03-24 00:37:30 -07:00
11ef43011a
bump up RootlessKit
...
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-03-24 00:37:30 -07:00
400a632666
put etcd bootstrap save call in goroutine and update comment
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-03-17 14:33:00 -07:00
73df65d93a
remove etcd data dir when etcd is disabled ( #3059 )
...
* remove etcd data dir when etcd is disabled
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix comment
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* more fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* use debug instead of info logs
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-03-16 18:14:43 +02:00
Brad Davidson