github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,701 Commits
32 Branches
881 Tags
632 MiB
Commit Graph

337 Commits (17c534022eb24405c5f2cbd98fe4069ec40c1195)

Author SHA1 Message Date
Manuel Buil 98333e8a22 VPN integration 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2023-06-12 09:22:06 +02:00
Manuel Buil 0b14452817 Wrap error stating that it is coming from netpol 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2023-05-15 09:44:26 +02:00
Brad Davidson 5227fe8cd5 Bump cni plugins to v1.2.0-k3s1 
Also add bandwidth and firewall plugins. The bandwidth plugin is
automatically registered with the appropriate capability, but the
firewall plugin must be configured by the user if they want to use it.

Ref: https://www.cni.dev/plugins/current/meta/firewall/

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit cedefeff24)
 2023-05-10 15:18:54 -07:00
Brad Davidson 95f5069514 Fix stack log on panic 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit f1b6a3549c)
 2023-05-10 15:18:54 -07:00
Brad Davidson 3ef61de230 Improve egress selector handling on agentless servers 
Don't set up the agent tunnel authorizer on agentless servers, and warn when agentless servers won't have a way to reach in-cluster endpoints.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 31a6386994)
 2023-05-10 15:18:54 -07:00
Derek Nola 71e53ae606
[Release-1.25] Add E2E testing in Drone (#7375) 
* Add E2E to Drone 
* Build e2e test image
* Add ci flag to secretsencryption
* Fix vagrant log on secretsencryption
* Add cron conformance pipeline

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Add string output for nodes
* Switch snapshot restore for upgrade cluster

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Added IPv6 check and agent restart on e2e test utils

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>

* Cleanup leftover VMs in E2E pipeline
* Dont run most pipelines on nightly cron

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Don't default to local K3s for startup test (#6950)

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Added multiClusterCIDR E2E test

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>

* fix_get_sha_url (#7187)

Signed-off-by: ShylajaDevadiga <shylaja@rancher.com>

* Improve RunCmdOnNode error

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Pin upgradecluster to v1.25

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
Signed-off-by: ShylajaDevadiga <shylaja@rancher.com>
Co-authored-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
Co-authored-by: ShylajaDevadiga <56045581+ShylajaDevadiga@users.noreply.github.com>
 2023-05-01 14:15:49 -07:00
Roberto Bonafiglia af81ed062a Updated kube-route version to move the iptables ACCEPT default rule at the end of the chain 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2023-04-06 09:57:18 +02:00
Brad Davidson 64709f401d Debounce kubernetes service endpoint updates 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 2992477c4b)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-04-05 16:29:13 -07:00
Brad Davidson 7036323cd7 Fix tests to not hide failure location in dummp assert functions 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit ece4d8e45c)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-04-05 16:29:13 -07:00
Brad Davidson 5fc65fcda7 Fix issue with stale connections to removed LB server 
Track LB connections through each server so that they can be closed when it is removed.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit e54ceaa497)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-04-05 16:29:13 -07:00
Derek Nola a6cac3e9e7
Adds a warning about editing to the containerd config.toml file (#7075) 
* Add a warning to the config.toml file

Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Brad Davidson <brad@oatmail.org>
 2023-03-13 15:33:20 -07:00
Brad Davidson 7a7304e3d3 Wait for kubelet to update the Ready status before reading port 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-03-13 14:30:11 -07:00
Daishan Peng 0369a5a6a4 Wait for kubelet port to be ready before setting 
Signed-off-by: Daishan Peng <daishan@acorn.io>
 2023-03-13 14:30:11 -07:00
Roberto Bonafiglia f5d1f976d3
[Release 1.25] Update flannel and kube-router (#7061) 
* Update kube-router version to fix iptables rules

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>

* Update Flannel to v0.21.3

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>

---------

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2023-03-10 20:31:52 -08:00
Roberto Bonafiglia dda9e48dfc Updated flannel version to v0.21.0 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2023-02-10 18:53:15 +01:00
Paul Donohue 0ba4732c1f Fix access to hostNetwork port on NodeIP when egress-selector-mode=agent 
Signed-off-by: Paul Donohue <git@PaulSD.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-10 09:43:53 -08:00
Brad Davidson ade6203aad Add support for kubeadm token and client certificate auth 
Allow bootstrapping with kubeadm bootstrap token strings or existing
Kubelet certs. This allows agents to join the cluster using kubeadm
bootstrap tokens, as created with the `k3s token create` command.

When the token expires or is deleted, agents can successfully restart by
authenticating with their kubelet certificate via node authentication.
If the token is gone and the node is deleted from the cluster, node auth
will fail and they will be prevented from rejoining the cluster until
provided with a valid token.

Servers still must be bootstrapped with the static cluster token, as
they will need to know it to decrypt the bootstrap data.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 992e64993d)
 2023-02-10 09:33:55 -08:00
Brad Davidson 03fd2f278a Add utility functions for getting kubernetes client 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 3c324335b2)
 2023-02-10 09:33:55 -08:00
Derek Nola be8d8bb412
Wait for cri-dockerd socket (#6853) 
* Wait for cri-dockerd socket
* Consolidate cri utility functions

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-01-31 09:43:23 -08:00
Brad Davidson 4c17994391 Set cri-dockerd version at build time 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-26 14:33:04 -08:00
Brad Davidson c350594f18 Fix CI tests 
* General cleanup of test-helpers functions to address CI failures
* Install awscli in test image
* Log containerd output to file even when running with --debug

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit f54b5e4fa0)
 2023-01-17 18:15:24 -08:00
Brad Davidson a6684bd5d8 Preload iptable_filter/ip6table_filter 
ServiceLB now requires this module, but it will not get autoloaded by the kubelet if the host is using nftables.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-13 17:39:11 -08:00
Brad Davidson 2835368ecb Bump k3s-root and remove embedded strongswan support 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-01 12:40:40 -08:00
Manuel Buil 1beecb2e2d
Merge pull request #6531 from manuelbuil/fixLogs 
Fix log for flannelExternalIP use case
 2022-11-22 16:54:26 +01:00
Brad Davidson 6f2b21c5cd Add rootless IPv6 support 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-11-21 15:23:30 -08:00
Manuel Buil 5188443988 Fix log for flannelExternalIP use case 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2022-11-21 17:10:35 +01:00
thomasferrandiz b7d217dbf3
Merge pull request #6405 from thomasferrandiz/log-kube-router-version 
log kube-router version when starting netpol controller
 2022-11-04 11:07:37 +01:00
Manuel Buil 8aff25e192
Merge pull request #6403 from manuelbuil/logsFlannelExternalIP 
Avoid wrong config for `flannel-external-ip` and add warning if unencrypted backend
 2022-11-04 09:47:30 +01:00
Manuel Buil 1682172ac1 Add some helping logs to avoid wrong configs 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2022-11-03 18:09:17 +01:00
Roberto Bonafiglia 87c7ea81f0 Updated flannel version to 0.20.1 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2022-11-03 17:49:26 +01:00
Thomas Ferrandiz 68ac954489 log kube-router version when starting netpol controller 
Signed-off-by: Thomas Ferrandiz <thomas.ferrandiz@suse.com>
 2022-11-03 12:26:50 +01:00
Petri Kivikangas 6156059136 Convert containerd config.toml.tmpl Linux template to v2 syntax 
Signed-off-by: Petri Kivikangas <36138+Kitanotori@users.noreply.github.com>
 2022-10-27 16:55:03 -07:00
Brad Davidson 76729d813b Set default kubeletPort 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-10-26 15:08:13 -07:00
Brad Davidson 269563e4d2 Check for RBAC before starting tunnel controllers 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-10-26 15:08:13 -07:00
Brad Davidson f2585c1671 Add --flannel-external-ip flag 
Using the node external IP address for all CNI traffic is a breaking change from previous versions; we should make it an opt-in for distributed clusters instead of default behavior.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-10-24 10:10:49 -07:00
Derek Nola 06d81cb936
Replace deprecated ioutil package (#6230) 
* Replace ioutil package
* check integration test null pointer
* Remove rotate retries

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2022-10-07 17:36:57 -07:00
Brad Davidson b411864be5 Handle custom kubelet port in agent tunnel 
The kubelet port can be overridden by users; we shouldn't assume its always 10250

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-10-05 21:10:38 -07:00
Manuel Buil 5164cf5345 Add flannel-external-ip when there is a k3s node-external-ip 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2022-09-26 16:24:00 +02:00
Roberto Bonafiglia 26e9405767 Added warning message for flannel backend additional options deprecation 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2022-09-09 20:04:04 +02:00
Derek Nola cd49101fc8
Convert deprecated flags to fatal errors for v1.25 (#6069) 
* Replace warning with fatal errors.
* Group system-default-registry under (agent/runtime)

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2022-09-01 09:33:59 -07:00
Roberto Bonafiglia a30971efaa Updated flannel to v0.19.1 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2022-08-08 09:57:56 +02:00
Brad Davidson 4aca21a1f1 Add cri-dockerd support as backend for --docker flag 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-08-05 02:39:25 -07:00
Brad Davidson b1fa63dfb7 Revert "Remove --docker/dockershim support" 
This reverts commit 4a3d283bc1.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-08-05 02:39:25 -07:00
Roberto Bonafiglia d90ba30353 Added NodeIP autodect in case of dualstack connection 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2022-08-04 09:54:45 +02:00
Derek Nola 118a68c913
Updates to CLI flag grouping + deprecated flag warnings. (#5937) 
* Consolidate data dir flag
* Group cluster flags together
* Reorder and group agent flags
* Add additional info around vmodule flag
* Hide deprecated flags, and add warning about their removal

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2022-08-02 13:51:16 -07:00
Brad Davidson db2ba7b61d Don't enable unprivileged ports and icmp on old kernels 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-07-28 14:33:20 -07:00
Brad Davidson bd5fdfce33 Fix server systemd detection 
* Use INVOCATION_ID to detect execution under systemd, since as of a9b5a1933f NOTIFY_SOCKET is now cleared by the server code.
* Set the unit type to notify by default for both server and agent, which is what Rancher-managed installs have done for a while.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-07-21 13:42:20 -07:00
Brad Davidson afee83dda2 Bump remotedialer 
Includes fix for recently identified memory leak.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-07-07 12:22:37 -07:00
Olli Janatuinen 2968a83bc0 containerd: Enable enable_unprivileged_ports and enable_unprivileged_icmp by default 
Signed-off-by: Olli Janatuinen <olli.janatuinen@gmail.com>
 2022-06-15 14:49:51 -07:00
Brad Davidson 3399afed83 Ensure that CONTAINERD_ variables are not shadowed by later entries 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-06-15 10:58:12 -07:00