Darren Shepherd
4d32fe9959
Support SELinux
5 years ago
Knic Knic
c2db115ec3
fix formatting
5 years ago
Knic Knic
2346ccc63f
get build on windows and get api_server to work
5 years ago
Erik Wilson
fe45eb008a
Merge pull request #1416 from erikwilson/device-plugins-path
...
Use default kubelet device-plugins path
5 years ago
galal-hussein
d49ef31767
Inject node config on startup
5 years ago
Erik Wilson
b15c4473cd
Use default kubelet device-plugins path
5 years ago
Erik Wilson
4cacffd7e6
Merge pull request #1298 from erikwilson/warn-npc-fail
...
Warn if NPC can't start rather than fatal error
5 years ago
Erik Wilson
5b98d10e4b
Warn if NPC can't start rather than fatal error
...
If the ip_set kernel module is not available we should warn
that the network policy controller can not start rather than
cause a fatal error.
Also adds module probing and config checks for ip_set.
5 years ago
Erik Wilson
7675f9f85c
Clean up host-gw variable names
5 years ago
Segator
c23f12765e
hostgw flannel support
5 years ago
Segator
6736e24673
support hostgw
5 years ago
Erik Wilson
5c37454762
Merge pull request #1198 from narqo/tunel-addr-join-host-port
...
Respect IPv6 when building proxy address
5 years ago
Erik Wilson
9b2538c2c4
Set wireguard persistent-keepalive on wg set peer
5 years ago
Erik Wilson
3376f31fc2
Revert "Merge pull request #1190 from erikwilson/wireguard-keepalive"
...
This reverts commit e712cdf7e8
, reversing
changes made to d5929bc8c8
.
Wireguard docs fail to describe that persistent-keepalive is only valid
when peer is set.
5 years ago
Vladimir Varankin
0c5299c951
pkg/agent/tunnel: respect ipv6 when building proxy addresses
5 years ago
Erik Wilson
6875b11dd2
Fix identity_token -> identitytoken for containerd toml
5 years ago
Erik Wilson
97383868bd
Merge pull request #1186 from erikwilson/upgrade-k8s-1.17.0
...
Upgrade k8s to v1.17.0
5 years ago
Erik Wilson
e712cdf7e8
Merge pull request #1190 from erikwilson/wireguard-keepalive
...
Set Wireguard keepalive to 25 seconds
5 years ago
Erik Wilson
76281bf731
Update k3s for k8s 1.17.0
5 years ago
Erik Wilson
814c302d7c
Merge pull request #955 from btashton/servicelb-sysctl
...
Enable ip forwarding on both all and default net config
5 years ago
Erik Wilson
7b62811f98
Set Wireguard keepalive to 25 seconds
5 years ago
Erik Wilson
d4959d53af
Merge pull request #1182 from erikwilson/docker-pause-image
...
Allow --pause-image to set docker sandbox image also
5 years ago
Brennan Ashton
a952d5c32a
Default device net config enables ip forwarding
...
The Linux kernel is inconsistent about how devconf is configured for new
network namespaces between ipv4 and ipv6. The behavior can also be
controlled via net.core.devconf_inherit_init_net in Linux 5.1+ so make
sure to enable forwarding on all and default for both ipv6 and ipv4.
This issue first came up testing on a yocto kernel that had this patch:
ipv4: net namespace does not inherit network configurations
[0] https://www.kernel.org/doc/html/latest/admin-guide/sysctl/net.html#devconf-inherit-init-net
[1] https://lkml.org/lkml/2014/7/29/119
Signed-off-by: Brennan Ashton <brennana@jfrog.com>
5 years ago
Erik Wilson
2de93d70cf
Allow --pause-image to set docker sandbox image also
5 years ago
Jacob Blain Christen
063efb25bb
Mutable --node-label values for server/agent sub-commands.
...
Values passed in via the server/agent `--node-label` flag are treated as mutable. They are passed through to the kubelet just as before but after the kubelet comes up they are applied again. This allows for passing labels a k3s start-time that may be necessary for scheduling but may change from boot to boot, e.g. `k3os.io/version` after an upgrade.
Tested locallon on my amd64 workstation with the docker container.
Addresses #1119 .
5 years ago
yuzhiquan
24869ddf21
remove []byte trans, handle func error
5 years ago
yuzhiquan
7cc0110081
fix typo
5 years ago
Guangbo Chen
8ff4c3c256
Update base pause image to rancher repo
5 years ago
Darren Shepherd
ff34c5c5cf
Download cert/key to agent with single HTTP request
...
Since generated cert/keys are stored locally, each server has a different
copy. In a HA setup we need to ensure we download the cert and key from
the same server so we combined HTTP requests to do that.
5 years ago
Erik Wilson
55c05ac500
Refactor node password location
5 years ago
Erik Wilson
2bbc356f65
Merge pull request #1008 from erikwilson/ip6-system-setup
...
Improve ip6 system setup & utilities
5 years ago
Erik Wilson
afa9422ad9
Improve ip6 system setup & utilities
5 years ago
Darren Shepherd
ba240d0611
Refactor tokens, bootstrap, and cli args
5 years ago
Erik Wilson
f648a64ee3
Merge pull request #923 from AkihiroSuda/fix-rootless-kubelet-flags
...
rootless: add kubelet flags automatically
5 years ago
Akihiro Suda
aafccdbccb
rootless: add kubelet flags automatically
...
Fix https://github.com/rancher/k3s/issues/784
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
5 years ago
Erik Wilson
aed163b338
Remove trailing whitespace trimming from containerd template
5 years ago
Erik Wilson
2ff2baba49
Merge pull request #913 from erikwilson/kube-router-network-policy
...
Add network policy support
5 years ago
Erik Wilson
da3a7c6bbc
Add network policy controller
5 years ago
Erik Wilson
1df72d14b8
Cleanup containerd config template spacing
5 years ago
Erik Wilson
90df4a1921
Use containerd-shim-run-v2
5 years ago
Erik Wilson
12307a4a69
Fallback to /etc/strongswan for config
...
Needed for docker image
5 years ago
Darren Shepherd
30c14a4db6
Merge pull request #901 from erikwilson/default-kubelet-dir
...
Use default kubelet directory
5 years ago
galal-hussein
d2c1f66496
Add k3s cloud provider
5 years ago
Erik Wilson
c72ef62d2c
Use default kubelet directory
5 years ago
galal-hussein
5ccc880ddb
Add private registry to containerd
5 years ago
Erik Wilson
0af32bba75
Use newest flannel API
5 years ago
Erik Wilson
999e40d6d3
Add strongswan utilities for ipsec
5 years ago
Erik Wilson
959acf9c92
Add --flannel-backend flag
5 years ago
Erik Wilson
359a77939c
Enable hairpin mode
5 years ago
Erik Wilson
36fa425d45
Enable extension and ipsec flannel backends
5 years ago
Erik Wilson
3cd807a657
Add --flannel-conf flag
5 years ago
Darren Shepherd
b24f214a50
Update to new cri-api import
5 years ago
Erik Wilson
a76ca2e887
Remove hostname requirement in `/etc/hosts`
5 years ago
Erik Wilson
98254a3412
Change load balancer logging to debug
5 years ago
Erik Wilson
a17e336993
Use go tcpproxy
5 years ago
Erik Wilson
1833b65fcd
Merge pull request #647 from yamt/remove-proxy-port
...
Remove agent proxy config which is no longer used
5 years ago
Erik Wilson
8ce509ee6b
Cleanup tunnel logs
5 years ago
Erik Wilson
23b0797578
Add context to tunnel connect
5 years ago
Erik Wilson
b93b4732eb
Start endpoint tunnel watch before waiting
5 years ago
YAMAMOTO Takashi
dc4ebd4c67
Remove agent proxy config which is no longer used
5 years ago
Erik Wilson
e77dc568bb
Cleanup tunnel
5 years ago
Erik Wilson
7e6664b684
Add resource version to tunnel endpoint watch
5 years ago
Erik Wilson
034a863696
Cleanup remotedialer tunnel logs
5 years ago
Erik Wilson
e0212144e8
Tunnel agent to all servers
...
Watch the kubernetes endpoints to create a tunnel to all servers.
5 years ago
Erik Wilson
29865fd9c9
Remove agent proxy
6 years ago
Erik Wilson
2c9444399b
Refactor certs
6 years ago
Darren Shepherd
c0702b0492
Port to wrangler
6 years ago
Darren Shepherd
4b4dd1b59b
Merge pull request #454 from galal-hussein/node_labels_taints
...
Expose node labels and taints and add node roles
6 years ago
Wenxuan Zhao
f0f57c1e44
Allow using built-in modules
...
Signed-off-by: Wenxuan Zhao <viz@linux.com>
6 years ago
galal-hussein
930093dfe9
Expose node labels and taints and add node roles
6 years ago
haokang.ke
52f845ec84
Make pause image configurable ( #345 )
6 years ago
galal-hussein
5d8d9e610b
Add timeout to hostname check
6 years ago
Darren Shepherd
4ec051d032
Merge pull request #422 from galal-hussein/use_cni_with_docker
...
Add cni plugin to kubelet if docker is used
6 years ago
galal-hussein
7e1699cda0
Check if hostname is resolvable before running agent
6 years ago
galal-hussein
191ac9371a
Add cni plugin to kubelet if docker is used
6 years ago
Darren Shepherd
2950e81c23
Merge pull request #371 from warmchang/nf_conntrack
...
🔧 modprobe nf_conntrack
6 years ago
Darren Shepherd
9db91d7de3
Merge pull request #369 from erikwilson/node-dns
...
Node DNS & cert registration
6 years ago
Erik Wilson
c9941895d6
Bind kubelet to all interfaces and use webhook auth
6 years ago
William Zhang
22bd3a3ce7
🔧 nf_conntrack module
...
Signed-off-by: William Zhang <zhang.wanmin@zte.com.cn>
6 years ago
galal-hussein
bdf8a355e1
Add containerd config go template
6 years ago
Erik Wilson
f584197bba
Save password as text file
6 years ago
Erik Wilson
e64c0298f2
Add cert per-node password authentication
6 years ago
Erik Wilson
1b2db423de
Add node name to node cert generation
6 years ago
Darren Shepherd
0e3711b8b7
Merge pull request #339 from km4rcus/cluster-domain-option
...
Add --cluster-domain option
6 years ago
Stuart Wallace
2268e028a2
Add ability to override flannel interface
6 years ago
Marco Mancini
b445bad171
Add --cluster-domain option
6 years ago
Darren Shepherd
046a817818
Add rootless support
6 years ago
galal-hussein
7794528aa1
Add extra flags for server and agent components
6 years ago
Erik Wilson
a4df9f4ab1
Kubelet resolv.conf DNS update
...
Allow the kubelet resolv-conf flag to be set, or automatically
discovered from /etc/resolv.conf & /run/systemd/resolve/resolv.conf if
no loopback devices are present, or create our own which points to
nameserver 8.8.8.8
6 years ago
Erik Wilson
1d61576e54
Fix linting issues
6 years ago
Darren Shepherd
6e28ede2f8
Fix containerd debug log env var
6 years ago
Darren Shepherd
fe9a5b1601
Remove spurious error on start
6 years ago
Fernandez Ludovic
e59bd5d489
refactor: creates loadImages function.
6 years ago
Adam Liddell
b430513abf
Enforce lower case hostname for node, references #160
6 years ago
Darren Shepherd
4475456a83
Update pkg/agent/config/config.go
...
Co-Authored-By: juliens <julien.salleyron@gmail.com>
6 years ago
Julien Salleyron
164b89bce4
fix review.
6 years ago
Julien Salleyron
1895eec684
Preload images
6 years ago
Darren Shepherd
ef4e34b289
Remove dead code
6 years ago
Darren Shepherd
70e6ca4ab8
Support external CRI implementations
6 years ago
Sean Duffy
10f1553564
fix 'fannel' typo.
6 years ago
Darren Shepherd
cb5e425457
Set /proc/sys/net/ipv4/ip_forward on agent start
6 years ago
Darren Shepherd
04c5567346
Validate that memory cgroup exists
6 years ago
Darren Shepherd
529aa431d1
Adjust debug logging and write containerd logs to a file
6 years ago
Darren Shepherd
3f2a951564
Ensure that br_netfilter module is loaded
6 years ago
Darren Shepherd
287e0f44c9
Prepare for initial release
6 years ago
Darren Shepherd
62c62cc7b4
Continued refactoring
6 years ago