Commit Graph

1067 Commits (2835368ecb57fbf47ea1826953b133253b769b99)

Author SHA1 Message Date
Derek Nola 142eed1a9f
Create encryption hash file if it doesn't exist (#5140)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-02-25 08:43:03 -08:00
Hussein Galal 43b1cb4820
Update to V1.23.4 k3s1 (#5135)
* Update to v1.23.4

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Upgrade treafik to 2.6.1

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Upgrade treafik to 2.6.1

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Upgrade treafik image in image-list

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Update kubernetes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2022-02-22 18:57:22 +02:00
Manuel Buil 062fe63dd1 Fix annoying netpol log
Signed-off-by: Manuel Buil <mbuil@suse.com>
2022-02-10 20:01:27 +01:00
Olli Janatuinen 966f4d6a01 Add support for IPv6 only mode
Automatically switch to IPv6 only mode if first node-ip is IPv6 address

Signed-off-by: Olli Janatuinen <olli.janatuinen@gmail.com>
2022-02-10 20:34:59 +02:00
Derek Nola e28be2912c
Migrate Ginkgo testing framework to V2, consolidate integration tests (#5097)
* Upgrade and convert ginkgo from v1 to v2
* Move all integration tests into integration folder
* Update TESTING.md

Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-02-09 08:22:53 -08:00
Hussein Galal 13728058a4
Add k3s etcd restoration integration test (#5014)
* Add k3s etcd restoration test

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Fix tests and rebase

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Reorganizing the tests

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Fixing comments

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Fix etcd restore

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* dont check for errors when restoring

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* use eventually to test for restoration

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix tests

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix golint

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2022-02-08 21:24:34 +02:00
Manuel Buil 773c2a4184
Merge pull request #5079 from manuelbuil/michalsPR
netpol: Use kube-router as a library
2022-02-07 19:18:15 +01:00
Michal Rostecki 4fed9f4052 netpol: Use kube-router as a library
Before this change, we were copying a part of kube-router code to
pkg/agent/netpol directory with modifications, from which the biggest
one was consumption of k3s node config instead of kube-router config.

However, that approach made it hard to follow new upstream versions.
It's possible to use kube-router as a library, so it seems like a better
way to do that.

Instead of modifying kube-router network policy controller to comsume
k3s configuration, this change just converts k3s node config into
kube-router config. All the functionality of kube-router except netpol
is still disabled.

Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
Signed-off-by: Manuel Buil <mbuil@suse.com>
2022-02-07 10:54:08 +01:00
Derek Nola 4f36c82ff7
Check for `--kubeconfig` flag with embedded `kubectl` (#5064)
* Check for kubeconfig flag

Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-02-03 09:00:24 -08:00
Ankur Gupta df4147cd57
Update legacy-unknown-cert and legacy-unknown-key (#5057)
Signed-off-by: Ankur Gupta <ankur.gupta130887@gmail.com>
2022-02-02 09:15:41 -08:00
Derek Nola d583a99f62
Add server flag to access nonlocal/nondefault k3s server (#5016)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-01-27 10:53:38 -08:00
Brad Davidson bc7635f01f Move containerd wait into exported function
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-25 13:09:30 -08:00
Roberto Bonafiglia bb856c67dc
Merge pull request #4952 from rbrtbnfgl/ipv6-nat
Add IPv6 NAT
2022-01-19 08:44:57 +01:00
Brad Davidson a094dee7dd Update packaged components
Update images and manifests/charts for coredns, local-path-provisioner, traefik, and pause

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-18 16:40:00 -08:00
Brad Davidson 27fe2c3c1b go generate
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-18 11:01:49 -08:00
Roberto Bonafiglia 8eded2749a Added debug log for IPv6 Masquerading rule
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@gmail.com>
2022-01-17 10:20:12 +01:00
Brad Davidson b1e0f4c8fc Skip CGroup v2 evac when agent is disabled
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-14 13:24:44 -08:00
Roberto Bonafiglia 111c1669fc Added flannel-ipv6-masq flag to enable IPv6 nat
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@gmail.com>
2022-01-14 18:35:37 +01:00
Roberto Bonafiglia 2253f64b2a Added iptables masquerade rules for ipv6 on flannel
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@gmail.com>
2022-01-14 18:35:37 +01:00
Brian Downs effcb15adb
Adds the ability to compress etcd snapshots (#4866) 2022-01-14 10:31:22 -07:00
Derek Nola 48ffed3852
Enable logging on all subcommands (#4921)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-01-12 14:00:40 -08:00
Brad Davidson a0cadcd343 Move ClusterResetRestore handling ControlConfig setup
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-12 10:46:10 -08:00
Brad Davidson 5ca206ad3b Fix handling of agent-token fallback to token
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-07 09:56:37 -08:00
Brad Davidson e7464a17f7 Fix use of agent creds for secrets-encrypt and config validate
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-06 12:55:18 -08:00
Lordran 31f1a00b6f
Fix a typo: advertise-up -> advertise-ip (#4827)
Signed-off-by: 胥朝阳 <xuzhaoyang@91cyt.com>
2022-01-06 08:52:07 -08:00
Derek Nola 2ac8df3602
Integration tests utilities improvements (#4832)
* Remove sudo commands from integration tests

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Added cleanup fucntion

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Implement better int cleanup

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Rename test utils

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Enable K3sCmd to be a single string

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Removed parsePod function

Signed-off-by: Derek Nola <derek.nola@suse.com>

* codespell

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Revert startup timeout

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Reorder sonobuoy tests, drop concurrent tests to 3

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Disable etcd

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Skip parallel testing for etcd

Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-01-06 08:05:56 -08:00
Luther Monson 66eeabbdfc linter doesn't actually run on windows, found these while getting it running on a windows machine
Signed-off-by: Luther Monson <luther.monson@gmail.com>
2021-12-28 20:44:21 -07:00
Derek Nola ff49dcf71e Export default parser
Signed-off-by: Derek Nola <derek.nola@suse.com>
(cherry picked from commit 9cc930e4a3)
2021-12-22 16:06:55 -08:00
Brad Davidson 87395e32d6 Update modules for Kubernetes v1.23
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-12-22 10:47:38 -08:00
Manuel Buil 30c701f5de
Merge pull request #4796 from manuelbuil/flannel-logrus
Move flannel logs to logrus
2021-12-22 10:33:43 +01:00
Brad Davidson a5c6e6a68a Fix panic checking name of uninitialized etcd member
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-12-21 23:38:20 -08:00
Luther Monson 02f862da5f
Merge pull request #4791 from luthermonson/vendor-rm
[master] Remove the Vendor Directory
2021-12-21 15:07:55 -07:00
Brian Downs 3ae550ae51
Update bootstrap logic to output all changed files on disk (#4800) 2021-12-21 14:28:32 -07:00
Luther Monson e6cf8f5982 code changes to drop the vendor dir
Signed-off-by: Luther Monson <luther.monson@gmail.com>
2021-12-21 14:23:38 -07:00
Manuel Buil 4eb282edac Move flannel logs to logrus
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-12-21 14:34:51 +01:00
Hussein Galal 2e91913f54
Close agentReady channel only in k3s (#4792)
* Close agentReady channel only in k3s

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* codespell check

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-12-21 00:22:49 +02:00
Brad Davidson 8ad7d141e8 Close etcd clients to avoid leaking GRPC connections
If you don't explicitly close the etcd client when you're done with it,
the GRPC connection hangs around in the background. Normally this is
harmelss, but in the case of the temporary etcd we start up on 2399 to
reconcile bootstrap data, the client will start logging errors
afterwards when the server goes away.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-12-17 23:55:17 -08:00
Manuel Buil 588d15db8f Remove Disables, Skips and DisableKubeProxy from the comparing configs
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-12-17 19:04:38 +01:00
Brad Davidson 6f4217a340 Build standalone containerd
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-12-16 12:00:15 -08:00
Derek Nola 17eebe0563
Fix cold boot and reconcilation on secondary servers (#4747)
* Enable reconcilation on secondary servers

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Remove unused code

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Attempt to reconcile with datastore first

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Added warning on failure

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Update warning

Signed-off-by: Derek Nola <derek.nola@suse.com>

* golangci-lint fix

Signed-off-by: Derek Nola <derek.nola@suse.com>
2021-12-15 15:38:50 -08:00
Hussein Galal d71b335871
Fix snapshot restoration on fresh nodes (#4737)
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-12-14 02:04:39 +02:00
Brian Downs bf4e037fcf
Resolve Bootstrap Migration Edge Case (#4730) 2021-12-13 13:02:30 -07:00
Brian Downs a6fe2c0bc5
Resolve restore bootstrap (#4704) 2021-12-09 14:54:27 -07:00
Brad Davidson a70487d5ae Update wharfie usage in windows code path
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-12-09 13:16:22 -08:00
Hussein Galal 3985fd0e26
[master] Add validation to certificate rotation (#4692)
* Add validation to certificate rotation

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Add validation to certificate rotation

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-12-09 18:57:13 +02:00
Manuel Buil 1e0696628e
Merge pull request #4581 from manuelbuil/checking-HA-parameters
Verify new control plane nodes joining the cluster share the same config as cluster members
2021-12-08 10:49:28 +01:00
Alexey Medvedchikov 8f389ab030
Include node-external-ip in serving-kubelet.crt SANs (#4620)
* Include node-external-ip in serving-kubelet.crt SANs

Signed-off-by: Alexey Medvedchikov <alexeymedvedchikov@improbable.io>
2021-12-07 15:42:40 -08:00
Derek Nola bcb662926d
Secrets-encryption rotation (#4372)
* Regular CLI framework for encrypt commands
* New secrets-encryption feature
* New integration test
* fixes for flaky integration test CI
* Fix to bootstrap on restart of existing nodes
* Consolidate event recorder

Signed-off-by: Derek Nola <derek.nola@suse.com>
2021-12-07 14:31:32 -08:00
Manuel Buil 1b3187ea07 Check HA network parameters
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-12-07 23:09:05 +01:00
Brad Davidson 7d3447ceff Bump wharfie to v0.5.1 and use shared decompression code
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-12-07 12:50:57 -08:00
Hussein Galal 77fd3e99ec
Add cert rotation command (#4495)
* Add cert rotation command

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* add function to check for dynamic listener file

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* Add dynamiclistener cert rotation support

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fixes to the cert rotation

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix ci tests

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fixes to certificate rotation command

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

Co-authored-by: Brian Downs <brian.downs@gmail.com>
2021-12-02 23:19:16 +02:00
Manuel Buil 8141a933b0
Merge pull request #4550 from manuelbuil/improve_flannel_logging
Improve flannel code and logging
2021-12-01 18:22:23 +01:00
Derek Nola d05c334a78
Improved cleanup for etcd unit test (#4537)
* Improved cleanup for etcd unit test

Signed-off-by: Derek Nola <derek.nola@suse.com>
2021-11-29 14:46:58 -08:00
Chris Kim ae4a1a144a
etcd snapshot functionality enhancements (#4453)
Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-11-29 10:30:04 -08:00
Brad Davidson 0c1f816f24 go generate
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-11-23 16:38:55 -08:00
Manuel Buil 7685da3e24 Improve flannel logging
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-11-22 21:51:52 +01:00
Hussein Galal 03485632ea
Fix regression with cluster reset (#4521)
* Fix regression with cluster reset

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* typo

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-11-17 23:22:18 +02:00
Derek Nola ef263bd2b0
Improved regex for double equals arguments (#4505)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2021-11-16 11:16:13 -08:00
Derek Nola 535a919635
Removed value from warning about skipping flags (#4491)
* Enabled skipping of unkown flags from config in parser
* Added new unit test, expanded existing
* Add warning back in, without value

Signed-off-by: Derek Nola <derek.nola@suse.com>
2021-11-15 13:17:10 -07:00
Chris Kim f18b3252c0
[master] Add etcd extra args support for K3s (#4463)
* Add etcd extra args support for K3s

Signed-off-by: Chris Kim <oats87g@gmail.com>

* Add etcd custom argument integration test

Signed-off-by: Chris Kim <oats87g@gmail.com>

* go generate

Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-11-11 21:03:15 -08:00
Thorsten Klein 41ff19de71 Feature: Add CoreDNS Customization Options
Problem:
Before, to customize CoreDNS, one had to edit the default configmap,
which gets re-written on every K3s server restart.

Solution:
Mount an additional coredns-custom configmap into the CoreDNS container
and import overrides and additional server blocks from the included
files.

Signed-off-by: Thorsten Klein <iwilltry42@gmail.com>
2021-11-11 18:41:22 -08:00
Derek Nola 4b57951fb0
Fix to allow etcd-snapshot to use config file with flags that are only used with k3s server. (#4464)
* Enabled skipping of unknown flags from config in parser
* Added new unit test, expanded existing

Signed-off-by: Derek Nola <derek.nola@suse.com>
2021-11-11 16:01:23 -08:00
Brad Davidson 5ab6d21a7d
Increase agent's apiserver ready timeout (#4454)
Since we now start the server's agent sooner and in the background, we
may need to wait longer than 30 seconds for the apiserver to become
ready on downstream projects such as RKE2.

Since this essentially just serves as an analogue for the server's
apiReady channel, there's little danger in setting it to something
relatively high.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-11-11 14:01:49 -07:00
Brad Davidson bc7cdc78ca go generate
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-11-10 17:36:01 -08:00
Manuel Buil 8271d98a76
Merge pull request #4437 from manuelbuil/fix_svclb_ipv6_rh
Allow svclb pod to enable ipv6 forwarding
2021-11-10 19:08:40 +01:00
Manuel Buil 5d168a1d59 Allow svclb pod to enable ipv6 forwarding
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-11-10 18:20:03 +01:00
Brian Downs adaeae351c
update bootstrap logic (#4438)
* update bootstrap logic resolving a startup bug and account for etcd
2021-11-10 05:33:42 -07:00
Derek Nola 7bd65047c3
Match to last After keyword for parser (#4383)
* Made parser able to skip over subcommands
* Edge case coverage, reworked regex with groups
Signed-off-by: Derek Nola <derek.nola@suse.com>
2021-11-08 10:54:48 -08:00
Luther Monson 36c6634cce
[master] updating to new signals package in wrangler (#4399)
* updating to new signals package in wrangler

Signed-off-by: Luther Monson <luther.monson@gmail.com>
2021-11-08 08:32:43 -07:00
Brad Davidson f7dcc139ff Bump klipper-lb image for arm fix
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-11-02 18:55:09 -07:00
Deshi Xiao f1622129e4 refactor: Use plain channel send or receive
fix issue #4369

should use a simple channel send/receive instead of select with a single
case

Signed-off-by: Deshi Xiao <xiaods@gmail.com>
2021-11-01 15:00:49 -07:00
Brad Davidson f9f1cabe9c Fix log/reap reexec
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-11-01 14:24:14 -07:00
Jacob Blain Christen 702fe24afe
containerd/cri: enable the btrfs snapshotter (#4316)
* vendor: btrfs
* enable the btrfs snapshotter
* testing: snapshotter/btrfs

Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2021-10-29 23:31:33 -07:00
Brad Davidson 3da1bb3af2 Fix other uses of NewForConfigOrDie in contexts where we could return err
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-10-29 15:18:14 -07:00
Brad Davidson 5acd0b9008 Watch the local Node object instead of get/sleep looping
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-10-29 15:18:14 -07:00
Brad Davidson 3fe460d080 Block scheduler startup on untainted node when using embedded CCM
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-10-29 15:18:14 -07:00
Derek Nola 7c3f21e581
K3s Integration test fixes (#4341)
* Move tests into sub folders
* Updated documentation
* Prevent infinite loop is user has not made k3s

Signed-off-by: dereknola <derek.nola@suse.com>
2021-10-28 12:35:28 -07:00
galal-hussein ab3d25a2c5 Update peer address when running cluster-reset
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-10-25 15:43:27 -07:00
Brian Downs 0a0b915921
reset buffer after use (#4279) 2021-10-22 15:56:01 -07:00
Derek Nola 918945da45
Added configuration input to etcd-snapshot (#4280)
Signed-off-by: dereknola <derek.nola@suse.com>
2021-10-22 12:03:32 -07:00
Brian Downs e11a4bf8bb
set duration to second (#4231) 2021-10-15 16:46:39 -07:00
Brian Downs 0452f017c1
Add etcd s3 timeout (#4207) 2021-10-15 10:24:14 -07:00
Brian Downs 34080b23b1
Copy old bootstrap buffer data for use during migration (#4215) 2021-10-15 10:17:29 -07:00
Manuel Buil dbc14b8990 Fix race condition in cloud provider
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-10-15 13:28:32 +02:00
Brad Davidson 5a923ab8dc Add containerd ready channel to delay etcd node join
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-10-14 14:03:52 -07:00
Hussein Galal b282528ee2
Display cluster tls error only in debug mode (#4124)
* Display cluster tls error only in debug mode

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-10-13 00:00:28 +02:00
Brad Davidson dc18ef2e51 Refactor log and reaper exec to omit MAINPID
Using MAINPID breaks systemd's exit detection, as it stops watching the
original pid, but is unable to watch the new pid as it is not a child
of systemd itself. The best we can do is just notify when execing the child
process.

We also need to consolidate forking into a sigle place so that we don't
end up with multiple levels of child processes if both redirecting log
output and reaping child processes.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-10-12 13:35:10 -07:00
Derek Nola feec44572d
Improve error message when using a "K10" prefixed token (#4180)
* Add new error message with a K10 prefixed secret token

Signed-off-by: dereknola <derek.nola@suse.com>
2021-10-11 10:00:22 -07:00
Brian Downs ac7a8d89c6
Add ability to reconcile bootstrap data between datastore and disk (#3398) 2021-10-07 12:47:00 -07:00
Derek Nola b6919adf62
Add "etcd-" prefix to etcd-snapshot commands as aliases (#4161)
* Add "etcd-" prefix to etcd-snapshot commands as alias

Signed-off-by: dereknola <derek.nola@suse.com>
2021-10-06 14:20:22 -07:00
Manuel Buil 635f790eb4
Merge pull request #4114 from manuelbuil/lb-controller-dual-stack
Dual-stack support in serviceLB controller
2021-10-06 16:08:10 +02:00
Manuel Buil 00cf4578ec Dual-stack support LB controller
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-10-06 11:06:20 +02:00
Marc Bachmann 9b35734e1a Add topologySpreadConstraints to support scaling of coredns
Signed-off-by: Marc Bachmann <marc.brookman@gmail.com>
2021-10-05 11:52:44 -07:00
Brad Davidson 12e675e2cc Don't evacuate the root cgroup when rootless
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-10-01 16:18:12 -07:00
Brad Davidson 5d1a37ee32 Send MAINPID to systemd when reexecing for logfile output
This allows the new process to notify systemd when it is ready.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-29 11:41:09 -07:00
Brad Davidson a16105b348 Properly handle operation as init process
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-28 11:05:34 -07:00
Brian Downs f4cea90cb9
set transport to skip verify if se skip flag passed (#4102) 2021-09-28 10:13:50 -07:00
Manuel Buil 87524a7ac7 Enable the inheritance of settings for ipv6
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-09-28 09:42:08 +02:00
Michal Rostecki 47676eff78
Merge pull request #4080 from manuelbuil/update_klipperlb2
Use the new klipper-lb image that has newer go and Alpine versions
2021-09-27 10:11:52 +02:00
Brad Davidson 73e21e739f Drop broken SupportNoneCgroupDriver support
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-23 16:12:51 -07:00
Manuel Buil b99b943c17 Use the new klipper-lb image that has newer go and Alpine versions
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-09-22 09:23:38 +02:00
Brad Davidson 28be0de4e8 Revert "Use the newer klipper-lb image"
This reverts commit 1d21491094.
2021-09-20 13:19:38 -07:00
Brad Davidson 64b502e92c Disable automounting service account token in servicelb pods
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-17 15:52:44 -07:00
Hussein Galal 7826407a2e
Make sure there are no duplicates in etcd member list (#4025)
* Make sure there are no duplicates in etcd member list

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix node names with hyphens

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* use full server name for etcd node name

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-09-18 00:51:18 +02:00
Manuel Buil 1d21491094 Use the newer klipper-lb image
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-09-17 15:42:48 -07:00
Brad Davidson 753e11ee3c Enable JobTrackingWithFinalizers FeatureGate
Works around issue with Job controller not tracking job pods that
are in CrashloopBackoff during upgrade from 1.21 to 1.22.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-17 11:26:45 -07:00
Derek Nola eda65b19d9
Remove expiremental from cluster commands (#4024)
Signed-off-by: dereknola <derek.nola@suse.com>
2021-09-15 16:41:50 -07:00
Joe Kralicky debb508643
Nvidia container runtime discovery in containerd config template (#3890)
* Update the default containerd config template with support for adding extra container runtimes. Add logic to discover nvidia container runtimes installed via the the gpu operator or package manager.

Signed-off-by: Joe Kralicky <joe.kralicky@suse.com>
2021-09-15 14:31:11 -07:00
Brad Davidson 086ca8ba6a Fix premature etcd shutdown when joining an existing cluster
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-15 10:35:07 -07:00
Manuel Buil 60cd86bc42
Merge pull request #3906 from manuelbuil/dual-stack
Add dual-stack support on flannel
2021-09-15 18:48:10 +02:00
Brad Davidson 85e11c47d1 Add StargzSupported stub for Windows
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-15 09:45:57 -07:00
Chris Kim acf9036b63
No-op when etcd member was already removed and use existing name for etcd controller (#4014)
Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-09-15 08:41:30 -07:00
Manuel Buil 9fcd79baae Add tests to the dual-stack PR and enable dual-stack with flannel backend
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-09-15 14:11:54 +02:00
Manuel Buil 681058bb40 Add dual-stack support
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-09-15 11:44:48 +02:00
Brad Davidson b72306ce3d Return the error since it just gets logged and retried anyways
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-14 16:41:27 -07:00
Brad Davidson 5986898419 Use SubjectAccessReview to validate CCM RBAC
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-14 16:41:27 -07:00
Brad Davidson dc556cbb72 Set controller authn/authz kubeconfigs
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-14 16:41:27 -07:00
Brad Davidson 199424b608 Pass context into all Executor functions
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-14 16:41:27 -07:00
Chris Kim 928b8531c3
[master] Add `etcd-member-management` controller to K3s (#4001)
* Initial leader elected etcd member management controller
* Bump etcd to v3.5.0-k3s2

Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-09-14 08:20:38 -07:00
Brad Davidson 57377d2cd4 Minor cleanup on cribbed function
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-10 17:04:15 -07:00
Brad Davidson 3449d5b9f9 Wait for apiserver readyz instead of healthz
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-10 17:04:15 -07:00
Brad Davidson b4d8c641c6 Add exposed metrics listener instead of replacing loopback listener
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-10 09:39:39 -07:00
Brad Davidson 29c8b238e5 Replace klog with non-exiting fork
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-10 09:36:16 -07:00
Brad Davidson 90960ebf4e SupportPodPidsLimit is locked to true of 1.20, making pids cgroup support mandatory
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-09 11:49:53 -07:00
Darren Shepherd 741ba95b04 Migrate sqlite data to etcd when initializing the cluster
Signed-off-by: Darren Shepherd <darren@rancher.com>
2021-09-09 10:24:02 -07:00
Devin Buhl a1ec43e0b7
feat: add option to disable s3 over https
Signed-off-by: Devin Buhl <devin.kray@gmail.com>
2021-09-05 12:03:49 -04:00
Kohei Tokunaga 8b857eef9c
Ship Stargz Snapshotter (#2936)
* Ship Stargz Snapshotter

Signed-off-by: ktock <ktokunaga.mail@gmail.com>

* Bump github.com/containerd/stargz-snapshotter to v0.8.0

Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
2021-09-01 16:27:42 -07:00
Brad Davidson cf12a13175 Add missing node name entry to apiserver SAN list
Also honor node-ip when adding the node address to the SAN list, instead
of hardcoding the autodetected IP address.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-01 13:22:32 -07:00
Brad Davidson b8add39b07 Bump kine for metrics/tls changes
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-01 01:51:30 -07:00
Hussein Galal 933052a02c
Fix condition for adding kubernetes endpoints (#3941)
* Fix condition for adding kubernetes endpoints

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Fix condition for adding kubernetes endpoints

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-08-31 00:57:17 +02:00
Derek Nola 60297a1bbe
Creation of K3s integration test Sonobuoy plugin (#3931)
* Added test runner and build files
* Changes to int test to output junit results.
* Updated documentation, removed comments

Signed-off-by: dereknola <derek.nola@suse.com>
2021-08-30 08:27:59 -07:00
Brad Davidson 2a68c7c8a4 Fix issue where addon checksum was never stored
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-08-27 10:26:13 -07:00
Manuel Buil 2e5c9e5cad
Merge pull request #3916 from manuelbuil/net_v6
Add functions to separate ipv4 and ipv6 CIDRs
2021-08-27 18:57:54 +02:00
Manuel Buil 96dcef478a Add functions to separate ipv4 from ipv6 functions
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-08-27 10:14:39 +02:00
Derek Nola 114b30277f
Redux: Enable K3s integration test to run on existing cluster (#3905)
* Made it possible to run int tests on existing cluster

Signed-off-by: dereknola <derek.nola@suse.com>
2021-08-26 16:26:19 -07:00
Akihiro Suda 331c6fed71 Remove runtime V1 (`containerd-shim`)
Fix issue 3105

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-08-26 11:50:33 -07:00
Akihiro Suda 176451f4ea
Fix rootless regression in 1.22 (Set KubeletInUserNamespace gate) (#3901)
Fix issue 3900

Kubernetes 1.22 requires `KuebletInUserNamespace` feature gate to be set for rootless:
https://kubernetes.io/docs/tasks/administer-cluster/kubelet-in-userns/#userns-the-hard-way

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-08-24 08:27:17 -07:00
Derek Nola 66dacc6ee0
Revert "Enable K3s integration test to run on existing cluster (#3892)" (#3899)
This reverts commit 703b5af950.
2021-08-24 07:26:14 -07:00
Derek Nola 703b5af950
Enable K3s integration test to run on existing cluster (#3892)
* Made it possible to run int tests on existing cluster

Signed-off-by: dereknola <derek.nola@suse.com>
2021-08-23 12:12:03 -07:00
Brad Davidson e95b75409a Fix lint failures
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-08-20 18:47:16 -07:00
Brad Davidson a5355f0827 Replace dropped v1beta1 APIs with v1
Requires updating traefik as well to drop deprecated types.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-08-20 18:47:16 -07:00
Brad Davidson dc14f370c4 Update wrangler to v0.8.5
Required to support apiextensions.v1 as v1beta1 has been deleted. Also
update helm-controller and dynamiclistener to track wrangler versions.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-08-20 18:47:16 -07:00
Brad Davidson c434db7cc6 Wrap errors in runControllers for additional context
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-08-20 18:47:16 -07:00
Brad Davidson 422d266da2 Disable deprecated insecure port
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-08-20 18:47:16 -07:00
Brad Davidson 641ab26fde Update containerd to 1.5
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-08-20 18:47:16 -07:00
Brad Davidson 872855015c Update etcd to v3.5.0
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-08-20 18:47:16 -07:00
Brad Davidson e204d863a5 Update Kubernetes to v1.22.1
* Update Kubernetes to v1.22.1
* Update dependent modules to track with upstream

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-08-20 18:47:16 -07:00
Derek Nola ed5991f13b
K3s Flock Integration Test (#3887)
* Upgraded flock with shared and integration test.

Signed-off-by: dereknola <derek.nola@suse.com>

Co-authored-by: Brian Downs <brian.downs@gmail.com>
2021-08-20 12:34:22 -07:00
Hussein Galal e322924781
Reset load balancer state during restoraion (#3877)
* Reset load balancer state during restoraion

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Reset load balancer state during restoraion

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-08-18 01:02:30 +02:00
Malte Starostik b23955e835
Fix URL pruning when joining an etcd member (#3832)
* Fix URL pruning when joining an etcd member

Problem:
Existing member clientURLs were checked if they contain the joining
node's IP. In some edge cases this would prune valid URLs when the
joining IP is a substring match of the only existing member's IP.
Because of this, it was impossible to e.g. join 10.0.0.2 to an existing
node that has an IP of 10.0.0.2X or 10.0.0.2XX:

level=fatal msg="starting kubernetes: preparing server: start managed database:
joining etcd cluster: etcdclient: no available endpoints"

Solution:
Fixed by properly parsing the URLs and comparing the IPs for equality
instead of substring match.

Signed-off-by: Malte Starostik <info@stellaware.de>
2021-08-12 15:59:04 -07:00
Derek Nola a1e36153f9
Added locking system for integration tests (#3820)
* Added locking system for integration tests
Signed-off-by: dereknola <derek.nola@suse.com>
2021-08-10 16:22:12 -07:00
Jamie Phillips ae909c73e5 Updated the code to use GetNetworkByName and tweaked logic.
Updated the method being called and tweaked the logic.

Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>
2021-08-10 13:53:08 -07:00
Derek Nola 4cc781b5e3
Moved testing utils into tests directory. Improved gotests template. (#3805)
* Moved testing utils into tests directory. Improved gotests template.
* Updated cgroups2 with util folder rename

Signed-off-by: dereknola <derek.nola@suse.com>
2021-08-10 11:13:26 -07:00
Brian Downs dcf0657b20
account for an s3 folder when listing objects (#3807)
* account for an s3 folder when listing objects
2021-08-09 16:14:41 -07:00
Derek Nola b4eca61aeb
Prevent snapshot commands from creating empty snapshot directory (#3783)
Signed-off-by: dereknola <derek.nola@suse.com>
2021-08-09 09:04:18 -07:00
Jiaqi Luo 3b01157a3a
Use New Image Names (#3749)
* switch image names to the ones with the prefix mirrored
* bump rancher/mirrored-coredns-coredns to 1.8.4

Signed-off-by: Jiaqi Luo <6218999+jiaqiluo@users.noreply.github.com>
2021-08-06 16:14:58 -07:00
Hussein Galal bc96ffb5f3
Fix Node stuck at deletion (#3771)
* fix Node stuck at deletion

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix Node stuck at deletion

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-08-05 22:32:01 +02:00
Brad Davidson dfd4e42e57 Wrap context with lease before importing images
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-08-04 10:22:19 -07:00
Hussein Galal 2069cdf4ee
Fix initial start of etcd only nodes (#3748)
* Fix initial start of etcd only nodes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-08-03 19:53:21 +02:00
Ryan Sanna 429af17e4d update rancher/local-path-provisioner to v0.0.20
Signed-off-by: Ryan Sanna <ryansann@umich.edu>
2021-08-02 12:25:47 -07:00
Brad Davidson 5ab3590d9b Improve config retrieval messages
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-07-30 12:26:50 -07:00
Brad Davidson 869b98bc4c Sync DisableKubeProxy into control struct
Sync DisableKubeProxy from cfg into control before sending control to clients,
as it may have been modified by a startup hook.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-07-30 12:26:50 -07:00
Hussein Galal b1b5f72dc3
Notify systemd for etcd only node (#3732)
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-29 23:42:19 +02:00
Jamie Phillips 7704fb6ee5
Exporting the AddFeatureGate function and adding a unit test for it. (#3661) 2021-07-28 13:04:42 -07:00
Jamie Phillips fc19b805d5
Added logic to strip any existing hyphens before processing the args. (#3662)
Updated the logic to handle if extra args are passed with existing hyphens in the arg. The test was updated to add the additional case of having pre-existing hyphens. The method name was also refactored based on previous feedback.
2021-07-28 13:04:19 -07:00
Derek Nola a1d7a62493
Fix to allow non-root users access to storage volumes. (#3714)
* Fix to prevent non-root users from accessing storage directory, while allowing non-root users access to subdirectories.

Signed-off-by: dereknola <derek.nola@suse.com>

* Added integration test

Signed-off-by: dereknola <derek.nola@suse.com>
2021-07-28 10:25:34 -07:00
Brad Davidson 90445bd581
Wait until server is ready before configuring kube-proxy (#3716)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-07-27 14:56:05 -07:00
Derek Nola 21c8a33647
Introduction of Integration Tests (#3695)
* Commit of new etcd snapshot integration tests.
* Updated integration github action to not run on doc changes.
* Update Drone runner to only run unit tests

Signed-off-by: dereknola <derek.nola@suse.com>
2021-07-26 09:59:33 -07:00
galal-hussein 20a48734c2 more fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-21 22:42:05 +02:00
galal-hussein 7ebcc4b134 more fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-21 22:39:44 +02:00
galal-hussein b4401296ec replace error with warn in delete
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-21 22:18:56 +02:00
galal-hussein 2f82bfcf67 fix warning msg
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-21 22:05:43 +02:00
galal-hussein b377839148 migrate old token key format
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-21 20:59:57 +02:00
galal-hussein 997ed7b9b4 simplifying the code
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-21 19:56:19 +02:00
galal-hussein ad17292fa8 migrate empty string key properly
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-21 19:21:38 +02:00
galal-hussein a65e5b6466 Fix multiple bootstrap keys found
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-21 02:50:42 +02:00
Luther Monson 37fcb61f5e move go routines for api server ready beneath wait group
Signed-off-by: Luther Monson <luther.monson@gmail.com>
2021-07-20 17:36:34 -07:00
Luther Monson 18bc98f60c
adding startup hooks args to access to Disables and Skips (#3674)
Signed-off-by: Luther Monson <luther.monson@gmail.com>
2021-07-20 05:24:52 +02:00
Derek Nola bba49ea447
Fix to allow prune to correctly cleanup custom named snapshots (#3649)
Signed-off-by: dereknola <derek.nola@suse.com>
2021-07-19 14:30:57 -07:00
Jamie Phillips aef8a6aafd
Adding support for waitgroup to the Startuphooks (#3654)
The startup hooks where executing after the deploy controller. We needed the deploy controller to wait until the startup hooks had completed.
2021-07-15 19:28:47 -07:00
Hussein Galal a939decf01
fix a runtime core panic (#3627)
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-13 23:33:07 +02:00
Derek Nola 55fe4ff5b0
Convert existing unit tests to standard layout (#3621)
* Converted parser_test.go, scrypt_test.go, types_test.go, nodeconfig_test.go

Signed-off-by: dereknola <derek.nola@suse.com>
2021-07-13 10:44:11 -07:00
Brian Downs 238dc2086e
prevent snapshot save when snapshots are disabled (#3475)
* prevent snapshot save when snapshots are disabled
2021-07-09 10:22:49 -07:00
William Zhang a4c992ce52 🐳 burp to inetaf/tcpproxy
Problem:
    tcpproxy repository has been moved out of the github.com/google org to github.com/inetaf.

    Solution:
    Switch to the new repo.
    FYI: https://godoc.org/inet.af/tcpproxy/

Signed-off-by: William Zhang <warmchang@outlook.com>
2021-07-08 16:58:09 -07:00
Chris Kim ada145641c
Update etcd snapshot error message to be more informative when etcd database is not found (#3568)
Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-07-07 16:01:50 -07:00
Jamie Phillips a62d143936 Fixing various bugs related to windows.
This changes the crictl template for issues with the socket information. It also addresses a typo in the socket address. Last it makes tweaks to configuration that aren't required or had incorrect logic.

Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>


spelling
2021-07-07 15:50:34 -07:00
Derek Nola 73df2d806b
Update embedded kube-router (#3557)
* Update embedded kube-router

Signed-off-by: dereknola <derek.nola@suse.com>
2021-07-07 08:46:10 -07:00
Deshi Xiao 77fcf2dfc5 missing build tag for windows
Signed-off-by: Deshi Xiao <xiaods@gmail.com>
2021-07-05 22:30:54 +08:00
Derek Nola c833183517
Add unit tests for pkg/etcd (#3549)
* Created new etcd unit tests and testing support file

Signed-off-by: dereknola <derek.nola@suse.com>
2021-07-01 16:08:35 -07:00
Brad Davidson cbfe673c43 Fix spelling to satisfy codespell check
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-07-01 13:29:03 -07:00
Brad Davidson cbacd7107e Allow passing targeted environment variables to containerd
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-07-01 13:29:03 -07:00
Hussein Galal f5fbb9a9a8
Export cli server flags and etcd restoration functions (#3527)
* Export cli server flags and etfd restoration functions

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* export S3

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-06-30 22:29:03 +02:00
Brad Davidson 246b378a27 Bump kine to resolve race condition and unrevisioned delete
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-06-30 09:54:46 -07:00
Derek Nola 3e1693bc97
Changes local storage pods to have 700 permissions (#3537)
* Changes local storage pods to have 700 permissions

Signed-off-by: dereknola <derek.nola@suse.com>
2021-06-29 13:58:12 -07:00
Chris Kim 04398a2582
Move cloud-controller-manager into an embedded executor (#3525)
* Move cloud-controller-manager into an embedded executor
* Import K3s cloud provider and clean up imports

Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-06-29 07:28:38 -07:00
Joe Kralicky a84c75af62 Adds a command-line flag '--disable-helm-controller' that will disable
the server's built-in helm controller.

Problem:
Testing installation and uninstallation of the Helm Controller on k3s is
not possible if the Helm Controller is baked into the k3s server.

Solution:
The Helm Controller can optionally be disabled, which will allow users
to manage its installation manually.

Signed-off-by: Joe Kralicky <joe.kralicky@suse.com>
2021-06-25 14:54:36 -04:00
Jamie Phillips 82394d7d36 Basic windows agent that will join a cluster without CNI.
Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>
2021-06-23 09:07:50 -07:00
Hussein Galal 136dddca11
Fix storing bootstrap data with empty token string (#3422)
* Fix storing bootstrap data with empty token string

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* delete node password secret after restoration

fixes to bootstrap key

vendor update

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix comment

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix typo

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* typos

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Removing dynamic listener file after restoration

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* go mod tidy

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-06-22 22:42:34 +02:00
Derek Nola 4b2ab8b515
Renamed client-cloud-controller crt and key (#3470)
Signed-off-by: dereknola <derek.nola@suse.com>
2021-06-16 13:54:35 -07:00
Derek Nola ef23c6c548
Redux: Change containerd image leases from context lifespan to permanent (#3464)
* Changed containerd image licenses from context lifespan to permanent. Delete any existing licenses owned by k3s on server startup

Signed-off-by: dereknola <derek.nola@suse.com>
2021-06-16 12:11:10 -07:00
Derek Nola b74c499709
Revert "Change containerd image leases from 24h to permanent (#3452)" (#3461)
This reverts commit 86b3ba8dba.
2021-06-15 14:56:14 -07:00
Derek Nola 86b3ba8dba
Change containerd image leases from 24h to permanent (#3452)
* Changed containerd image licenses from 24h to permanent. Delete any existing licenses on server startup

Signed-off-by: dereknola <derek.nola@suse.com>
2021-06-15 11:42:52 -07:00
Brian Downs 88f95ec409
Send systemd notifications for both server and agent (#3430)
* update agent to sent systemd notify after everything starts
2021-06-15 04:20:26 -07:00
Brad Davidson a7d1159ba6 Emit events for AddOn lifecycle
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-06-11 14:00:27 -07:00
Brad Davidson ea2cd6d727 Add comments, clean up imports and function names
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-06-11 14:00:27 -07:00
Brad Davidson 6e48ca9b53 Tidy up function calls with many args
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-06-11 14:00:27 -07:00
Brad Davidson 6ef000091a Add nodename to UA string for deploy controller
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-06-10 17:05:52 -07:00
Brad Davidson f6cec4e75d Add kubernetes.default.svc to serving certs
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-06-08 12:55:20 -07:00
Manuel Buil 243fd14cf1 Change Replace with ReplaceAll function
strings has a specific function to replace all matches. We should use that one instead of strings.Replace(string, old, new string, -1)

Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-06-07 09:52:26 +02:00
Brian Downs afd506a595 fix possible race where bootstrap data might not save
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-06-04 15:05:47 -07:00
Brian Downs 2682183773 add log message indicating etcd snapshots are disabled
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-06-04 09:18:16 -07:00
Derek Nola 664a98919b
Fix RBAC cloud-controller-manager name 3308 (#3388)
* Changed cloud-controller-manager user name in ccm.yaml

Signed-off-by: dereknola <derek.nola@suse.com>

* Changed RBAC name in server.go

Signed-off-by: dereknola <derek.nola@suse.com>

* Changed "k3s" string prefix to version.Program to prevent static hardcoding

Signed-off-by: dereknola <derek.nola@suse.com>

* Changed user in ccm.yaml to k3s-cloud-controller-manager

Signed-off-by: dereknola <derek.nola@suse.com>
2021-06-02 14:50:11 -07:00
Manuel Buil 5153088286
Merge pull request #3385 from manuelbuil/wireguard-fix
Move wireguard's privatekey to flannel config directory
2021-06-02 09:44:27 +02:00
Manuel Buil 1576030d6b Add a path for wireguard's privatekey
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-06-01 21:54:17 +02:00
Jamie Phillips 7345ac35ae
Initial windows support for agent (#3375)
Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>
2021-06-01 12:29:46 -07:00
Brian Downs ecbf17e2ed move object channel defer close to goroutine
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-05-18 19:58:30 -07:00
Brian Downs 254b52077e add retention default and wire in s3 prune
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-05-18 13:57:40 -07:00
Brad Davidson 7e175e8ad4 Handle conntrack-related sysctls in supervisor agent setup
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-18 13:40:44 -07:00
Brian Downs e8ecc00fc8 add etcd snapshot save subcommand
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-05-17 10:55:13 -07:00
Brian Downs 6ee28214fa
Add the ability to prune etcd snapshots (#3310)
* add prune subcommand to force rentention policy enforcement
2021-05-13 13:36:33 -07:00
Brad Davidson 079620ded0 Fix passthrough of SystemDefaultRegistry from server config
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-13 02:18:09 -07:00
MonzElmasry 24474c5734
change --disable-apiserver flag
Signed-off-by: MonzElmasry <menna.elmasry@rancher.com>
2021-05-13 00:00:11 +02:00
Brad Davidson e10524a6b1 Add executor.Bootstrap hook for pre-execution setup
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-11 18:46:15 -07:00
Brian Downs bcd8b67db4
Add the ability to list etcd snapshots (#3303)
* add ability to list local and s3 etcd snapshots
2021-05-11 16:59:33 -07:00
Brad Davidson 02a5bee62f
Add system-default-registry support and remove shared code (#3285)
* Move registries.yaml handling out to rancher/wharfie
* Add system-default-registry support
* Add CLI support for kubelet image credential providers

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-10 15:58:41 -07:00
Hussein Galal 948295e8e8
Fix cluster restoration in rke2 (#3295)
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-05-11 00:06:33 +02:00
Brad Davidson fc037e87f8 Use config file values in node-args annotation
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-10 14:08:02 -07:00
Brian Downs e998cd110d
Add the ability to delete an etcd snapshot locally or from S3 (#3277)
* Add the ability to delete a given set of etcd snapshots from the CLI for locally stored and S3 store snapshots.
2021-05-07 16:10:04 -07:00
Siegfried Weber e77fd18270 Sign CSRs for kubelet-serving with the server CA
Problem:
Only the client CA is passed to the kube-controller-manager and
therefore CSRs with the signer name "kubernetes.io/kubelet-serving" are
signed with the client CA. Serving certificates must be signed with the
server CA otherwise e.g. "kubectl logs" fails with the error message
"x509: certificate signed by unknown authority".

Solution:
Instead of providing only one CA via the kube-controller-manager
parameter "--cluster-signing-cert-file", the corresponding CA for every
signer is set with the parameters
"--cluster-signing-kube-apiserver-client-cert-file",
"--cluster-signing-kubelet-client-cert-file",
"--cluster-signing-kubelet-serving-cert-file", and
"--cluster-signing-legacy-unknown-cert-file".

Signed-off-by: Siegfried Weber <mail@siegfriedweber.net>
2021-05-05 15:59:57 -07:00
Hussein Galal f410fc7d1e
Invoke cluster reset function when only reset flag is passed (#3276)
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-05-05 17:40:04 +02:00
Brian Downs beb0d8397a reference node name when needed
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-05-04 10:03:28 -07:00
Brian Downs c5ad71ce0b
Collect and Store etcd Snapshots and Metadata (#3239)
* Add the ability to store local etcd snapshots and etcd snapshots stored in an S3 compatible object store in a ConfigMap.
2021-04-30 18:26:39 -07:00
Hussein Galal 2db3bf7a89
Export CriConnection function (#3225)
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-04-29 22:11:19 +02:00
Brad Davidson 3cb4ca4b35 Use same SANs on ServingKubeAPICert as dynamiclistener
The kube-apiserver cert should have the same SANs in the same order,
excluding the extra user-configured SANs since this will only be used
in-cluster.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-28 09:58:19 -07:00
Darren Shepherd 8f1a20c0d3 Add ability to append to slice during config file merge
If key ends in "+" the value of the key is appended to previous
values found.  If values are string instead of a slice they are
automatically converted to a slice of one string.

Signed-off-by: Darren Shepherd <darren@rancher.com>
2021-04-27 15:59:03 -07:00
Brad Davidson 2705431d96
Add support for dual-stack Pod/Service CIDRs and node IP addresses (#3212)
* Add support for dual-stack cluster/service CIDRs and node addresses

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-21 15:56:20 -07:00
Darren Shepherd a0a1071aa5
Support .d directory for k3s config file (#3162)
Configuration will be loaded from config.yaml and then config.yaml.d/*.(yaml|yml) in
alphanumeric order.  The merging is done by just taking the last value of
a key found, so LIFO for keys.  Slices are not merged but replaced.

Signed-off-by: Darren Shepherd <darren@rancher.com>
2021-04-15 11:29:24 -07:00
Brad Davidson 601c4984f5 Fix service-account-issuer
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-14 14:51:42 -07:00
Brad Davidson e8381db778 Update Kubernetes to v1.21.0
* Update Kubernetes to v1.21.0
* Update to golang v1.16.2
* Update dependent modules to track with upstream
* Switch to upstream flannel
* Track changes to upstream cloud-controller-manager and FeatureGates

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-14 14:51:42 -07:00
Brian Downs 66ed6efd57 Resolve local retention issue when S3 in use.
Remove early return preventing local retention policy to be enforced
resulting in N number of snapshots being stored.

Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-04-14 10:40:08 -07:00
Brian Downs 80e4baf525 add hidden attribute to disable flags
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-04-13 14:30:47 -07:00
Brian Downs d9381b84ad add etcd s3 secret and access key flags and env vars to secret data
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-04-12 14:47:16 -07:00
Brian Downs 693c5290b1
Update CoreDNS to version 1.8.3. (#3168)
* update CoreDNS to 1.8.3

Rerun go generate and update the CoreDNS RBAC
2021-04-09 16:47:16 -07:00
Brian Downs ad4f04d2fc
Merge pull request #3155 from briandowns/rke2-issue-856
remove hidden attribute from cluster flags and related code
2021-04-09 12:55:27 -07:00
Erik Wilson 9a53fca872 Bump traefik to v2.4.8
Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>
2021-04-08 17:42:58 -07:00
Brad Davidson 58e93feda6
Fix CI failures non-deterministic traefik chart repackaging (#3165)
* Fix CI failures non-deterministic traefik chart repackaging
* Update generated bindata

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-08 15:33:15 -07:00
Brian Downs 4a49b9e40b delete nocluster file and remove build tag
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-04-07 12:16:28 -07:00
Brian Downs 3ed9b0a997 remove hidden attribute from cluster flags and related code
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-04-07 11:36:02 -07:00
Xiao Deshi cfe7e0c734 remove duplicated func GetAddresses
refactor tunnel.go and controller.go, remove duplicated lines.

Signed-off-by: Xiao Deshi <xiaods@gmail.com>
2021-03-31 14:23:05 -07:00
Akihiro Suda cb73461a5b AkihiroSuda/containerd-fuse-overlayfs -> containerd/fuse-overlayfs-snapshotter
The repo has been moved.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-03-24 10:34:34 -07:00