Derek Nola
142eed1a9f
Create encryption hash file if it doesn't exist ( #5140 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-02-25 08:43:03 -08:00
Hussein Galal
43b1cb4820
Update to V1.23.4 k3s1 ( #5135 )
...
* Update to v1.23.4
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Upgrade treafik to 2.6.1
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Upgrade treafik to 2.6.1
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Upgrade treafik image in image-list
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Update kubernetes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2022-02-22 18:57:22 +02:00
Manuel Buil
062fe63dd1
Fix annoying netpol log
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2022-02-10 20:01:27 +01:00
Olli Janatuinen
966f4d6a01
Add support for IPv6 only mode
...
Automatically switch to IPv6 only mode if first node-ip is IPv6 address
Signed-off-by: Olli Janatuinen <olli.janatuinen@gmail.com>
2022-02-10 20:34:59 +02:00
Derek Nola
e28be2912c
Migrate Ginkgo testing framework to V2, consolidate integration tests ( #5097 )
...
* Upgrade and convert ginkgo from v1 to v2
* Move all integration tests into integration folder
* Update TESTING.md
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-02-09 08:22:53 -08:00
Hussein Galal
13728058a4
Add k3s etcd restoration integration test ( #5014 )
...
* Add k3s etcd restoration test
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Fix tests and rebase
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Reorganizing the tests
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Fixing comments
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Fix etcd restore
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* dont check for errors when restoring
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* use eventually to test for restoration
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix tests
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix golint
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2022-02-08 21:24:34 +02:00
Manuel Buil
773c2a4184
Merge pull request #5079 from manuelbuil/michalsPR
...
netpol: Use kube-router as a library
2022-02-07 19:18:15 +01:00
Michal Rostecki
4fed9f4052
netpol: Use kube-router as a library
...
Before this change, we were copying a part of kube-router code to
pkg/agent/netpol directory with modifications, from which the biggest
one was consumption of k3s node config instead of kube-router config.
However, that approach made it hard to follow new upstream versions.
It's possible to use kube-router as a library, so it seems like a better
way to do that.
Instead of modifying kube-router network policy controller to comsume
k3s configuration, this change just converts k3s node config into
kube-router config. All the functionality of kube-router except netpol
is still disabled.
Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
Signed-off-by: Manuel Buil <mbuil@suse.com>
2022-02-07 10:54:08 +01:00
Derek Nola
4f36c82ff7
Check for `--kubeconfig` flag with embedded `kubectl` ( #5064 )
...
* Check for kubeconfig flag
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-02-03 09:00:24 -08:00
Ankur Gupta
df4147cd57
Update legacy-unknown-cert and legacy-unknown-key ( #5057 )
...
Signed-off-by: Ankur Gupta <ankur.gupta130887@gmail.com>
2022-02-02 09:15:41 -08:00
Derek Nola
d583a99f62
Add server flag to access nonlocal/nondefault k3s server ( #5016 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-01-27 10:53:38 -08:00
Brad Davidson
bc7635f01f
Move containerd wait into exported function
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-25 13:09:30 -08:00
Roberto Bonafiglia
bb856c67dc
Merge pull request #4952 from rbrtbnfgl/ipv6-nat
...
Add IPv6 NAT
2022-01-19 08:44:57 +01:00
Brad Davidson
a094dee7dd
Update packaged components
...
Update images and manifests/charts for coredns, local-path-provisioner, traefik, and pause
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-18 16:40:00 -08:00
Brad Davidson
27fe2c3c1b
go generate
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-18 11:01:49 -08:00
Roberto Bonafiglia
8eded2749a
Added debug log for IPv6 Masquerading rule
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@gmail.com>
2022-01-17 10:20:12 +01:00
Brad Davidson
b1e0f4c8fc
Skip CGroup v2 evac when agent is disabled
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-14 13:24:44 -08:00
Roberto Bonafiglia
111c1669fc
Added flannel-ipv6-masq flag to enable IPv6 nat
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@gmail.com>
2022-01-14 18:35:37 +01:00
Roberto Bonafiglia
2253f64b2a
Added iptables masquerade rules for ipv6 on flannel
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@gmail.com>
2022-01-14 18:35:37 +01:00
Brian Downs
effcb15adb
Adds the ability to compress etcd snapshots ( #4866 )
2022-01-14 10:31:22 -07:00
Derek Nola
48ffed3852
Enable logging on all subcommands ( #4921 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-01-12 14:00:40 -08:00
Brad Davidson
a0cadcd343
Move ClusterResetRestore handling ControlConfig setup
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-12 10:46:10 -08:00
Brad Davidson
5ca206ad3b
Fix handling of agent-token fallback to token
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-07 09:56:37 -08:00
Brad Davidson
e7464a17f7
Fix use of agent creds for secrets-encrypt and config validate
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-06 12:55:18 -08:00
Lordran
31f1a00b6f
Fix a typo: advertise-up -> advertise-ip ( #4827 )
...
Signed-off-by: 胥朝阳 <xuzhaoyang@91cyt.com>
2022-01-06 08:52:07 -08:00
Derek Nola
2ac8df3602
Integration tests utilities improvements ( #4832 )
...
* Remove sudo commands from integration tests
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Added cleanup fucntion
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Implement better int cleanup
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Rename test utils
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Enable K3sCmd to be a single string
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Removed parsePod function
Signed-off-by: Derek Nola <derek.nola@suse.com>
* codespell
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Revert startup timeout
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Reorder sonobuoy tests, drop concurrent tests to 3
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Disable etcd
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Skip parallel testing for etcd
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-01-06 08:05:56 -08:00
Luther Monson
66eeabbdfc
linter doesn't actually run on windows, found these while getting it running on a windows machine
...
Signed-off-by: Luther Monson <luther.monson@gmail.com>
2021-12-28 20:44:21 -07:00
Derek Nola
ff49dcf71e
Export default parser
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
(cherry picked from commit 9cc930e4a3
)
2021-12-22 16:06:55 -08:00
Brad Davidson
87395e32d6
Update modules for Kubernetes v1.23
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-12-22 10:47:38 -08:00
Manuel Buil
30c701f5de
Merge pull request #4796 from manuelbuil/flannel-logrus
...
Move flannel logs to logrus
2021-12-22 10:33:43 +01:00
Brad Davidson
a5c6e6a68a
Fix panic checking name of uninitialized etcd member
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-12-21 23:38:20 -08:00
Luther Monson
02f862da5f
Merge pull request #4791 from luthermonson/vendor-rm
...
[master] Remove the Vendor Directory
2021-12-21 15:07:55 -07:00
Brian Downs
3ae550ae51
Update bootstrap logic to output all changed files on disk ( #4800 )
2021-12-21 14:28:32 -07:00
Luther Monson
e6cf8f5982
code changes to drop the vendor dir
...
Signed-off-by: Luther Monson <luther.monson@gmail.com>
2021-12-21 14:23:38 -07:00
Manuel Buil
4eb282edac
Move flannel logs to logrus
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-12-21 14:34:51 +01:00
Hussein Galal
2e91913f54
Close agentReady channel only in k3s ( #4792 )
...
* Close agentReady channel only in k3s
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* codespell check
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-12-21 00:22:49 +02:00
Brad Davidson
8ad7d141e8
Close etcd clients to avoid leaking GRPC connections
...
If you don't explicitly close the etcd client when you're done with it,
the GRPC connection hangs around in the background. Normally this is
harmelss, but in the case of the temporary etcd we start up on 2399 to
reconcile bootstrap data, the client will start logging errors
afterwards when the server goes away.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-12-17 23:55:17 -08:00
Manuel Buil
588d15db8f
Remove Disables, Skips and DisableKubeProxy from the comparing configs
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-12-17 19:04:38 +01:00
Brad Davidson
6f4217a340
Build standalone containerd
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-12-16 12:00:15 -08:00
Derek Nola
17eebe0563
Fix cold boot and reconcilation on secondary servers ( #4747 )
...
* Enable reconcilation on secondary servers
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Remove unused code
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Attempt to reconcile with datastore first
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Added warning on failure
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Update warning
Signed-off-by: Derek Nola <derek.nola@suse.com>
* golangci-lint fix
Signed-off-by: Derek Nola <derek.nola@suse.com>
2021-12-15 15:38:50 -08:00
Hussein Galal
d71b335871
Fix snapshot restoration on fresh nodes ( #4737 )
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-12-14 02:04:39 +02:00
Brian Downs
bf4e037fcf
Resolve Bootstrap Migration Edge Case ( #4730 )
2021-12-13 13:02:30 -07:00
Brian Downs
a6fe2c0bc5
Resolve restore bootstrap ( #4704 )
2021-12-09 14:54:27 -07:00
Brad Davidson
a70487d5ae
Update wharfie usage in windows code path
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-12-09 13:16:22 -08:00
Hussein Galal
3985fd0e26
[master] Add validation to certificate rotation ( #4692 )
...
* Add validation to certificate rotation
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add validation to certificate rotation
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-12-09 18:57:13 +02:00
Manuel Buil
1e0696628e
Merge pull request #4581 from manuelbuil/checking-HA-parameters
...
Verify new control plane nodes joining the cluster share the same config as cluster members
2021-12-08 10:49:28 +01:00
Alexey Medvedchikov
8f389ab030
Include node-external-ip in serving-kubelet.crt SANs ( #4620 )
...
* Include node-external-ip in serving-kubelet.crt SANs
Signed-off-by: Alexey Medvedchikov <alexeymedvedchikov@improbable.io>
2021-12-07 15:42:40 -08:00
Derek Nola
bcb662926d
Secrets-encryption rotation ( #4372 )
...
* Regular CLI framework for encrypt commands
* New secrets-encryption feature
* New integration test
* fixes for flaky integration test CI
* Fix to bootstrap on restart of existing nodes
* Consolidate event recorder
Signed-off-by: Derek Nola <derek.nola@suse.com>
2021-12-07 14:31:32 -08:00
Manuel Buil
1b3187ea07
Check HA network parameters
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-12-07 23:09:05 +01:00
Brad Davidson
7d3447ceff
Bump wharfie to v0.5.1 and use shared decompression code
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-12-07 12:50:57 -08:00
Hussein Galal
77fd3e99ec
Add cert rotation command ( #4495 )
...
* Add cert rotation command
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* add function to check for dynamic listener file
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* Add dynamiclistener cert rotation support
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fixes to the cert rotation
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix ci tests
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fixes to certificate rotation command
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* more fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
Co-authored-by: Brian Downs <brian.downs@gmail.com>
2021-12-02 23:19:16 +02:00
Manuel Buil
8141a933b0
Merge pull request #4550 from manuelbuil/improve_flannel_logging
...
Improve flannel code and logging
2021-12-01 18:22:23 +01:00
Derek Nola
d05c334a78
Improved cleanup for etcd unit test ( #4537 )
...
* Improved cleanup for etcd unit test
Signed-off-by: Derek Nola <derek.nola@suse.com>
2021-11-29 14:46:58 -08:00
Chris Kim
ae4a1a144a
etcd snapshot functionality enhancements ( #4453 )
...
Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-11-29 10:30:04 -08:00
Brad Davidson
0c1f816f24
go generate
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-11-23 16:38:55 -08:00
Manuel Buil
7685da3e24
Improve flannel logging
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-11-22 21:51:52 +01:00
Hussein Galal
03485632ea
Fix regression with cluster reset ( #4521 )
...
* Fix regression with cluster reset
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* typo
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-11-17 23:22:18 +02:00
Derek Nola
ef263bd2b0
Improved regex for double equals arguments ( #4505 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2021-11-16 11:16:13 -08:00
Derek Nola
535a919635
Removed value from warning about skipping flags ( #4491 )
...
* Enabled skipping of unkown flags from config in parser
* Added new unit test, expanded existing
* Add warning back in, without value
Signed-off-by: Derek Nola <derek.nola@suse.com>
2021-11-15 13:17:10 -07:00
Chris Kim
f18b3252c0
[master] Add etcd extra args support for K3s ( #4463 )
...
* Add etcd extra args support for K3s
Signed-off-by: Chris Kim <oats87g@gmail.com>
* Add etcd custom argument integration test
Signed-off-by: Chris Kim <oats87g@gmail.com>
* go generate
Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-11-11 21:03:15 -08:00
Thorsten Klein
41ff19de71
Feature: Add CoreDNS Customization Options
...
Problem:
Before, to customize CoreDNS, one had to edit the default configmap,
which gets re-written on every K3s server restart.
Solution:
Mount an additional coredns-custom configmap into the CoreDNS container
and import overrides and additional server blocks from the included
files.
Signed-off-by: Thorsten Klein <iwilltry42@gmail.com>
2021-11-11 18:41:22 -08:00
Derek Nola
4b57951fb0
Fix to allow etcd-snapshot to use config file with flags that are only used with k3s server. ( #4464 )
...
* Enabled skipping of unknown flags from config in parser
* Added new unit test, expanded existing
Signed-off-by: Derek Nola <derek.nola@suse.com>
2021-11-11 16:01:23 -08:00
Brad Davidson
5ab6d21a7d
Increase agent's apiserver ready timeout ( #4454 )
...
Since we now start the server's agent sooner and in the background, we
may need to wait longer than 30 seconds for the apiserver to become
ready on downstream projects such as RKE2.
Since this essentially just serves as an analogue for the server's
apiReady channel, there's little danger in setting it to something
relatively high.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-11-11 14:01:49 -07:00
Brad Davidson
bc7cdc78ca
go generate
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-11-10 17:36:01 -08:00
Manuel Buil
8271d98a76
Merge pull request #4437 from manuelbuil/fix_svclb_ipv6_rh
...
Allow svclb pod to enable ipv6 forwarding
2021-11-10 19:08:40 +01:00
Manuel Buil
5d168a1d59
Allow svclb pod to enable ipv6 forwarding
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-11-10 18:20:03 +01:00
Brian Downs
adaeae351c
update bootstrap logic ( #4438 )
...
* update bootstrap logic resolving a startup bug and account for etcd
2021-11-10 05:33:42 -07:00
Derek Nola
7bd65047c3
Match to last After keyword for parser ( #4383 )
...
* Made parser able to skip over subcommands
* Edge case coverage, reworked regex with groups
Signed-off-by: Derek Nola <derek.nola@suse.com>
2021-11-08 10:54:48 -08:00
Luther Monson
36c6634cce
[master] updating to new signals package in wrangler ( #4399 )
...
* updating to new signals package in wrangler
Signed-off-by: Luther Monson <luther.monson@gmail.com>
2021-11-08 08:32:43 -07:00
Brad Davidson
f7dcc139ff
Bump klipper-lb image for arm fix
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-11-02 18:55:09 -07:00
Deshi Xiao
f1622129e4
refactor: Use plain channel send or receive
...
fix issue #4369
should use a simple channel send/receive instead of select with a single
case
Signed-off-by: Deshi Xiao <xiaods@gmail.com>
2021-11-01 15:00:49 -07:00
Brad Davidson
f9f1cabe9c
Fix log/reap reexec
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-11-01 14:24:14 -07:00
Jacob Blain Christen
702fe24afe
containerd/cri: enable the btrfs snapshotter ( #4316 )
...
* vendor: btrfs
* enable the btrfs snapshotter
* testing: snapshotter/btrfs
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2021-10-29 23:31:33 -07:00
Brad Davidson
3da1bb3af2
Fix other uses of NewForConfigOrDie in contexts where we could return err
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-10-29 15:18:14 -07:00
Brad Davidson
5acd0b9008
Watch the local Node object instead of get/sleep looping
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-10-29 15:18:14 -07:00
Brad Davidson
3fe460d080
Block scheduler startup on untainted node when using embedded CCM
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-10-29 15:18:14 -07:00
Derek Nola
7c3f21e581
K3s Integration test fixes ( #4341 )
...
* Move tests into sub folders
* Updated documentation
* Prevent infinite loop is user has not made k3s
Signed-off-by: dereknola <derek.nola@suse.com>
2021-10-28 12:35:28 -07:00
galal-hussein
ab3d25a2c5
Update peer address when running cluster-reset
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-10-25 15:43:27 -07:00
Brian Downs
0a0b915921
reset buffer after use ( #4279 )
2021-10-22 15:56:01 -07:00
Derek Nola
918945da45
Added configuration input to etcd-snapshot ( #4280 )
...
Signed-off-by: dereknola <derek.nola@suse.com>
2021-10-22 12:03:32 -07:00
Brian Downs
e11a4bf8bb
set duration to second ( #4231 )
2021-10-15 16:46:39 -07:00
Brian Downs
0452f017c1
Add etcd s3 timeout ( #4207 )
2021-10-15 10:24:14 -07:00
Brian Downs
34080b23b1
Copy old bootstrap buffer data for use during migration ( #4215 )
2021-10-15 10:17:29 -07:00
Manuel Buil
dbc14b8990
Fix race condition in cloud provider
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-10-15 13:28:32 +02:00
Brad Davidson
5a923ab8dc
Add containerd ready channel to delay etcd node join
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-10-14 14:03:52 -07:00
Hussein Galal
b282528ee2
Display cluster tls error only in debug mode ( #4124 )
...
* Display cluster tls error only in debug mode
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-10-13 00:00:28 +02:00
Brad Davidson
dc18ef2e51
Refactor log and reaper exec to omit MAINPID
...
Using MAINPID breaks systemd's exit detection, as it stops watching the
original pid, but is unable to watch the new pid as it is not a child
of systemd itself. The best we can do is just notify when execing the child
process.
We also need to consolidate forking into a sigle place so that we don't
end up with multiple levels of child processes if both redirecting log
output and reaping child processes.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-10-12 13:35:10 -07:00
Derek Nola
feec44572d
Improve error message when using a "K10" prefixed token ( #4180 )
...
* Add new error message with a K10 prefixed secret token
Signed-off-by: dereknola <derek.nola@suse.com>
2021-10-11 10:00:22 -07:00
Brian Downs
ac7a8d89c6
Add ability to reconcile bootstrap data between datastore and disk ( #3398 )
2021-10-07 12:47:00 -07:00
Derek Nola
b6919adf62
Add "etcd-" prefix to etcd-snapshot commands as aliases ( #4161 )
...
* Add "etcd-" prefix to etcd-snapshot commands as alias
Signed-off-by: dereknola <derek.nola@suse.com>
2021-10-06 14:20:22 -07:00
Manuel Buil
635f790eb4
Merge pull request #4114 from manuelbuil/lb-controller-dual-stack
...
Dual-stack support in serviceLB controller
2021-10-06 16:08:10 +02:00
Manuel Buil
00cf4578ec
Dual-stack support LB controller
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-10-06 11:06:20 +02:00
Marc Bachmann
9b35734e1a
Add topologySpreadConstraints to support scaling of coredns
...
Signed-off-by: Marc Bachmann <marc.brookman@gmail.com>
2021-10-05 11:52:44 -07:00
Brad Davidson
12e675e2cc
Don't evacuate the root cgroup when rootless
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-10-01 16:18:12 -07:00
Brad Davidson
5d1a37ee32
Send MAINPID to systemd when reexecing for logfile output
...
This allows the new process to notify systemd when it is ready.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-29 11:41:09 -07:00
Brad Davidson
a16105b348
Properly handle operation as init process
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-28 11:05:34 -07:00
Brian Downs
f4cea90cb9
set transport to skip verify if se skip flag passed ( #4102 )
2021-09-28 10:13:50 -07:00
Manuel Buil
87524a7ac7
Enable the inheritance of settings for ipv6
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-09-28 09:42:08 +02:00
Michal Rostecki
47676eff78
Merge pull request #4080 from manuelbuil/update_klipperlb2
...
Use the new klipper-lb image that has newer go and Alpine versions
2021-09-27 10:11:52 +02:00
Brad Davidson
73e21e739f
Drop broken SupportNoneCgroupDriver support
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-23 16:12:51 -07:00
Manuel Buil
b99b943c17
Use the new klipper-lb image that has newer go and Alpine versions
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-09-22 09:23:38 +02:00
Brad Davidson
28be0de4e8
Revert "Use the newer klipper-lb image"
...
This reverts commit 1d21491094
.
2021-09-20 13:19:38 -07:00
Brad Davidson
64b502e92c
Disable automounting service account token in servicelb pods
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-17 15:52:44 -07:00
Hussein Galal
7826407a2e
Make sure there are no duplicates in etcd member list ( #4025 )
...
* Make sure there are no duplicates in etcd member list
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix node names with hyphens
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* use full server name for etcd node name
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-09-18 00:51:18 +02:00
Manuel Buil
1d21491094
Use the newer klipper-lb image
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-09-17 15:42:48 -07:00
Brad Davidson
753e11ee3c
Enable JobTrackingWithFinalizers FeatureGate
...
Works around issue with Job controller not tracking job pods that
are in CrashloopBackoff during upgrade from 1.21 to 1.22.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-17 11:26:45 -07:00
Derek Nola
eda65b19d9
Remove expiremental from cluster commands ( #4024 )
...
Signed-off-by: dereknola <derek.nola@suse.com>
2021-09-15 16:41:50 -07:00
Joe Kralicky
debb508643
Nvidia container runtime discovery in containerd config template ( #3890 )
...
* Update the default containerd config template with support for adding extra container runtimes. Add logic to discover nvidia container runtimes installed via the the gpu operator or package manager.
Signed-off-by: Joe Kralicky <joe.kralicky@suse.com>
2021-09-15 14:31:11 -07:00
Brad Davidson
086ca8ba6a
Fix premature etcd shutdown when joining an existing cluster
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-15 10:35:07 -07:00
Manuel Buil
60cd86bc42
Merge pull request #3906 from manuelbuil/dual-stack
...
Add dual-stack support on flannel
2021-09-15 18:48:10 +02:00
Brad Davidson
85e11c47d1
Add StargzSupported stub for Windows
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-15 09:45:57 -07:00
Chris Kim
acf9036b63
No-op when etcd member was already removed and use existing name for etcd controller ( #4014 )
...
Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-09-15 08:41:30 -07:00
Manuel Buil
9fcd79baae
Add tests to the dual-stack PR and enable dual-stack with flannel backend
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-09-15 14:11:54 +02:00
Manuel Buil
681058bb40
Add dual-stack support
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-09-15 11:44:48 +02:00
Brad Davidson
b72306ce3d
Return the error since it just gets logged and retried anyways
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-14 16:41:27 -07:00
Brad Davidson
5986898419
Use SubjectAccessReview to validate CCM RBAC
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-14 16:41:27 -07:00
Brad Davidson
dc556cbb72
Set controller authn/authz kubeconfigs
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-14 16:41:27 -07:00
Brad Davidson
199424b608
Pass context into all Executor functions
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-14 16:41:27 -07:00
Chris Kim
928b8531c3
[master] Add `etcd-member-management` controller to K3s ( #4001 )
...
* Initial leader elected etcd member management controller
* Bump etcd to v3.5.0-k3s2
Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-09-14 08:20:38 -07:00
Brad Davidson
57377d2cd4
Minor cleanup on cribbed function
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-10 17:04:15 -07:00
Brad Davidson
3449d5b9f9
Wait for apiserver readyz instead of healthz
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-10 17:04:15 -07:00
Brad Davidson
b4d8c641c6
Add exposed metrics listener instead of replacing loopback listener
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-10 09:39:39 -07:00
Brad Davidson
29c8b238e5
Replace klog with non-exiting fork
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-10 09:36:16 -07:00
Brad Davidson
90960ebf4e
SupportPodPidsLimit is locked to true of 1.20, making pids cgroup support mandatory
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-09 11:49:53 -07:00
Darren Shepherd
741ba95b04
Migrate sqlite data to etcd when initializing the cluster
...
Signed-off-by: Darren Shepherd <darren@rancher.com>
2021-09-09 10:24:02 -07:00
Devin Buhl
a1ec43e0b7
feat: add option to disable s3 over https
...
Signed-off-by: Devin Buhl <devin.kray@gmail.com>
2021-09-05 12:03:49 -04:00
Kohei Tokunaga
8b857eef9c
Ship Stargz Snapshotter ( #2936 )
...
* Ship Stargz Snapshotter
Signed-off-by: ktock <ktokunaga.mail@gmail.com>
* Bump github.com/containerd/stargz-snapshotter to v0.8.0
Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
2021-09-01 16:27:42 -07:00
Brad Davidson
cf12a13175
Add missing node name entry to apiserver SAN list
...
Also honor node-ip when adding the node address to the SAN list, instead
of hardcoding the autodetected IP address.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-01 13:22:32 -07:00
Brad Davidson
b8add39b07
Bump kine for metrics/tls changes
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-01 01:51:30 -07:00
Hussein Galal
933052a02c
Fix condition for adding kubernetes endpoints ( #3941 )
...
* Fix condition for adding kubernetes endpoints
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Fix condition for adding kubernetes endpoints
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-08-31 00:57:17 +02:00
Derek Nola
60297a1bbe
Creation of K3s integration test Sonobuoy plugin ( #3931 )
...
* Added test runner and build files
* Changes to int test to output junit results.
* Updated documentation, removed comments
Signed-off-by: dereknola <derek.nola@suse.com>
2021-08-30 08:27:59 -07:00
Brad Davidson
2a68c7c8a4
Fix issue where addon checksum was never stored
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-08-27 10:26:13 -07:00
Manuel Buil
2e5c9e5cad
Merge pull request #3916 from manuelbuil/net_v6
...
Add functions to separate ipv4 and ipv6 CIDRs
2021-08-27 18:57:54 +02:00
Manuel Buil
96dcef478a
Add functions to separate ipv4 from ipv6 functions
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-08-27 10:14:39 +02:00
Derek Nola
114b30277f
Redux: Enable K3s integration test to run on existing cluster ( #3905 )
...
* Made it possible to run int tests on existing cluster
Signed-off-by: dereknola <derek.nola@suse.com>
2021-08-26 16:26:19 -07:00
Akihiro Suda
331c6fed71
Remove runtime V1 (`containerd-shim`)
...
Fix issue 3105
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-08-26 11:50:33 -07:00
Akihiro Suda
176451f4ea
Fix rootless regression in 1.22 (Set KubeletInUserNamespace gate) ( #3901 )
...
Fix issue 3900
Kubernetes 1.22 requires `KuebletInUserNamespace` feature gate to be set for rootless:
https://kubernetes.io/docs/tasks/administer-cluster/kubelet-in-userns/#userns-the-hard-way
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-08-24 08:27:17 -07:00
Derek Nola
66dacc6ee0
Revert "Enable K3s integration test to run on existing cluster ( #3892 )" ( #3899 )
...
This reverts commit 703b5af950
.
2021-08-24 07:26:14 -07:00
Derek Nola
703b5af950
Enable K3s integration test to run on existing cluster ( #3892 )
...
* Made it possible to run int tests on existing cluster
Signed-off-by: dereknola <derek.nola@suse.com>
2021-08-23 12:12:03 -07:00
Brad Davidson
e95b75409a
Fix lint failures
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-08-20 18:47:16 -07:00
Brad Davidson
a5355f0827
Replace dropped v1beta1 APIs with v1
...
Requires updating traefik as well to drop deprecated types.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-08-20 18:47:16 -07:00
Brad Davidson
dc14f370c4
Update wrangler to v0.8.5
...
Required to support apiextensions.v1 as v1beta1 has been deleted. Also
update helm-controller and dynamiclistener to track wrangler versions.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-08-20 18:47:16 -07:00
Brad Davidson
c434db7cc6
Wrap errors in runControllers for additional context
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-08-20 18:47:16 -07:00
Brad Davidson
422d266da2
Disable deprecated insecure port
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-08-20 18:47:16 -07:00
Brad Davidson
641ab26fde
Update containerd to 1.5
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-08-20 18:47:16 -07:00
Brad Davidson
872855015c
Update etcd to v3.5.0
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-08-20 18:47:16 -07:00
Brad Davidson
e204d863a5
Update Kubernetes to v1.22.1
...
* Update Kubernetes to v1.22.1
* Update dependent modules to track with upstream
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-08-20 18:47:16 -07:00
Derek Nola
ed5991f13b
K3s Flock Integration Test ( #3887 )
...
* Upgraded flock with shared and integration test.
Signed-off-by: dereknola <derek.nola@suse.com>
Co-authored-by: Brian Downs <brian.downs@gmail.com>
2021-08-20 12:34:22 -07:00
Hussein Galal
e322924781
Reset load balancer state during restoraion ( #3877 )
...
* Reset load balancer state during restoraion
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Reset load balancer state during restoraion
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-08-18 01:02:30 +02:00
Malte Starostik
b23955e835
Fix URL pruning when joining an etcd member ( #3832 )
...
* Fix URL pruning when joining an etcd member
Problem:
Existing member clientURLs were checked if they contain the joining
node's IP. In some edge cases this would prune valid URLs when the
joining IP is a substring match of the only existing member's IP.
Because of this, it was impossible to e.g. join 10.0.0.2 to an existing
node that has an IP of 10.0.0.2X or 10.0.0.2XX:
level=fatal msg="starting kubernetes: preparing server: start managed database:
joining etcd cluster: etcdclient: no available endpoints"
Solution:
Fixed by properly parsing the URLs and comparing the IPs for equality
instead of substring match.
Signed-off-by: Malte Starostik <info@stellaware.de>
2021-08-12 15:59:04 -07:00
Derek Nola
a1e36153f9
Added locking system for integration tests ( #3820 )
...
* Added locking system for integration tests
Signed-off-by: dereknola <derek.nola@suse.com>
2021-08-10 16:22:12 -07:00
Jamie Phillips
ae909c73e5
Updated the code to use GetNetworkByName and tweaked logic.
...
Updated the method being called and tweaked the logic.
Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>
2021-08-10 13:53:08 -07:00
Derek Nola
4cc781b5e3
Moved testing utils into tests directory. Improved gotests template. ( #3805 )
...
* Moved testing utils into tests directory. Improved gotests template.
* Updated cgroups2 with util folder rename
Signed-off-by: dereknola <derek.nola@suse.com>
2021-08-10 11:13:26 -07:00
Brian Downs
dcf0657b20
account for an s3 folder when listing objects ( #3807 )
...
* account for an s3 folder when listing objects
2021-08-09 16:14:41 -07:00
Derek Nola
b4eca61aeb
Prevent snapshot commands from creating empty snapshot directory ( #3783 )
...
Signed-off-by: dereknola <derek.nola@suse.com>
2021-08-09 09:04:18 -07:00
Jiaqi Luo
3b01157a3a
Use New Image Names ( #3749 )
...
* switch image names to the ones with the prefix mirrored
* bump rancher/mirrored-coredns-coredns to 1.8.4
Signed-off-by: Jiaqi Luo <6218999+jiaqiluo@users.noreply.github.com>
2021-08-06 16:14:58 -07:00
Hussein Galal
bc96ffb5f3
Fix Node stuck at deletion ( #3771 )
...
* fix Node stuck at deletion
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix Node stuck at deletion
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-08-05 22:32:01 +02:00
Brad Davidson
dfd4e42e57
Wrap context with lease before importing images
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-08-04 10:22:19 -07:00
Hussein Galal
2069cdf4ee
Fix initial start of etcd only nodes ( #3748 )
...
* Fix initial start of etcd only nodes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* more fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* more fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-08-03 19:53:21 +02:00
Ryan Sanna
429af17e4d
update rancher/local-path-provisioner to v0.0.20
...
Signed-off-by: Ryan Sanna <ryansann@umich.edu>
2021-08-02 12:25:47 -07:00
Brad Davidson
5ab3590d9b
Improve config retrieval messages
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-07-30 12:26:50 -07:00
Brad Davidson
869b98bc4c
Sync DisableKubeProxy into control struct
...
Sync DisableKubeProxy from cfg into control before sending control to clients,
as it may have been modified by a startup hook.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-07-30 12:26:50 -07:00
Hussein Galal
b1b5f72dc3
Notify systemd for etcd only node ( #3732 )
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-29 23:42:19 +02:00
Jamie Phillips
7704fb6ee5
Exporting the AddFeatureGate function and adding a unit test for it. ( #3661 )
2021-07-28 13:04:42 -07:00
Jamie Phillips
fc19b805d5
Added logic to strip any existing hyphens before processing the args. ( #3662 )
...
Updated the logic to handle if extra args are passed with existing hyphens in the arg. The test was updated to add the additional case of having pre-existing hyphens. The method name was also refactored based on previous feedback.
2021-07-28 13:04:19 -07:00
Derek Nola
a1d7a62493
Fix to allow non-root users access to storage volumes. ( #3714 )
...
* Fix to prevent non-root users from accessing storage directory, while allowing non-root users access to subdirectories.
Signed-off-by: dereknola <derek.nola@suse.com>
* Added integration test
Signed-off-by: dereknola <derek.nola@suse.com>
2021-07-28 10:25:34 -07:00
Brad Davidson
90445bd581
Wait until server is ready before configuring kube-proxy ( #3716 )
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-07-27 14:56:05 -07:00
Derek Nola
21c8a33647
Introduction of Integration Tests ( #3695 )
...
* Commit of new etcd snapshot integration tests.
* Updated integration github action to not run on doc changes.
* Update Drone runner to only run unit tests
Signed-off-by: dereknola <derek.nola@suse.com>
2021-07-26 09:59:33 -07:00
galal-hussein
20a48734c2
more fixes
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-21 22:42:05 +02:00
galal-hussein
7ebcc4b134
more fixes
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-21 22:39:44 +02:00
galal-hussein
b4401296ec
replace error with warn in delete
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-21 22:18:56 +02:00
galal-hussein
2f82bfcf67
fix warning msg
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-21 22:05:43 +02:00
galal-hussein
b377839148
migrate old token key format
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-21 20:59:57 +02:00
galal-hussein
997ed7b9b4
simplifying the code
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-21 19:56:19 +02:00
galal-hussein
ad17292fa8
migrate empty string key properly
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-21 19:21:38 +02:00
galal-hussein
a65e5b6466
Fix multiple bootstrap keys found
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-21 02:50:42 +02:00
Luther Monson
37fcb61f5e
move go routines for api server ready beneath wait group
...
Signed-off-by: Luther Monson <luther.monson@gmail.com>
2021-07-20 17:36:34 -07:00
Luther Monson
18bc98f60c
adding startup hooks args to access to Disables and Skips ( #3674 )
...
Signed-off-by: Luther Monson <luther.monson@gmail.com>
2021-07-20 05:24:52 +02:00
Derek Nola
bba49ea447
Fix to allow prune to correctly cleanup custom named snapshots ( #3649 )
...
Signed-off-by: dereknola <derek.nola@suse.com>
2021-07-19 14:30:57 -07:00
Jamie Phillips
aef8a6aafd
Adding support for waitgroup to the Startuphooks ( #3654 )
...
The startup hooks where executing after the deploy controller. We needed the deploy controller to wait until the startup hooks had completed.
2021-07-15 19:28:47 -07:00
Hussein Galal
a939decf01
fix a runtime core panic ( #3627 )
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-13 23:33:07 +02:00
Derek Nola
55fe4ff5b0
Convert existing unit tests to standard layout ( #3621 )
...
* Converted parser_test.go, scrypt_test.go, types_test.go, nodeconfig_test.go
Signed-off-by: dereknola <derek.nola@suse.com>
2021-07-13 10:44:11 -07:00
Brian Downs
238dc2086e
prevent snapshot save when snapshots are disabled ( #3475 )
...
* prevent snapshot save when snapshots are disabled
2021-07-09 10:22:49 -07:00
William Zhang
a4c992ce52
🐳 burp to inetaf/tcpproxy
...
Problem:
tcpproxy repository has been moved out of the github.com/google org to github.com/inetaf.
Solution:
Switch to the new repo.
FYI: https://godoc.org/inet.af/tcpproxy/
Signed-off-by: William Zhang <warmchang@outlook.com>
2021-07-08 16:58:09 -07:00
Chris Kim
ada145641c
Update etcd snapshot error message to be more informative when etcd database is not found ( #3568 )
...
Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-07-07 16:01:50 -07:00
Jamie Phillips
a62d143936
Fixing various bugs related to windows.
...
This changes the crictl template for issues with the socket information. It also addresses a typo in the socket address. Last it makes tweaks to configuration that aren't required or had incorrect logic.
Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>
spelling
2021-07-07 15:50:34 -07:00
Derek Nola
73df2d806b
Update embedded kube-router ( #3557 )
...
* Update embedded kube-router
Signed-off-by: dereknola <derek.nola@suse.com>
2021-07-07 08:46:10 -07:00
Deshi Xiao
77fcf2dfc5
missing build tag for windows
...
Signed-off-by: Deshi Xiao <xiaods@gmail.com>
2021-07-05 22:30:54 +08:00
Derek Nola
c833183517
Add unit tests for pkg/etcd ( #3549 )
...
* Created new etcd unit tests and testing support file
Signed-off-by: dereknola <derek.nola@suse.com>
2021-07-01 16:08:35 -07:00
Brad Davidson
cbfe673c43
Fix spelling to satisfy codespell check
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-07-01 13:29:03 -07:00
Brad Davidson
cbacd7107e
Allow passing targeted environment variables to containerd
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-07-01 13:29:03 -07:00
Hussein Galal
f5fbb9a9a8
Export cli server flags and etcd restoration functions ( #3527 )
...
* Export cli server flags and etfd restoration functions
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* export S3
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-06-30 22:29:03 +02:00
Brad Davidson
246b378a27
Bump kine to resolve race condition and unrevisioned delete
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-06-30 09:54:46 -07:00
Derek Nola
3e1693bc97
Changes local storage pods to have 700 permissions ( #3537 )
...
* Changes local storage pods to have 700 permissions
Signed-off-by: dereknola <derek.nola@suse.com>
2021-06-29 13:58:12 -07:00
Chris Kim
04398a2582
Move cloud-controller-manager into an embedded executor ( #3525 )
...
* Move cloud-controller-manager into an embedded executor
* Import K3s cloud provider and clean up imports
Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-06-29 07:28:38 -07:00
Joe Kralicky
a84c75af62
Adds a command-line flag '--disable-helm-controller' that will disable
...
the server's built-in helm controller.
Problem:
Testing installation and uninstallation of the Helm Controller on k3s is
not possible if the Helm Controller is baked into the k3s server.
Solution:
The Helm Controller can optionally be disabled, which will allow users
to manage its installation manually.
Signed-off-by: Joe Kralicky <joe.kralicky@suse.com>
2021-06-25 14:54:36 -04:00
Jamie Phillips
82394d7d36
Basic windows agent that will join a cluster without CNI.
...
Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>
2021-06-23 09:07:50 -07:00
Hussein Galal
136dddca11
Fix storing bootstrap data with empty token string ( #3422 )
...
* Fix storing bootstrap data with empty token string
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* delete node password secret after restoration
fixes to bootstrap key
vendor update
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix comment
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix typo
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* more fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* typos
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Removing dynamic listener file after restoration
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* go mod tidy
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-06-22 22:42:34 +02:00
Derek Nola
4b2ab8b515
Renamed client-cloud-controller crt and key ( #3470 )
...
Signed-off-by: dereknola <derek.nola@suse.com>
2021-06-16 13:54:35 -07:00
Derek Nola
ef23c6c548
Redux: Change containerd image leases from context lifespan to permanent ( #3464 )
...
* Changed containerd image licenses from context lifespan to permanent. Delete any existing licenses owned by k3s on server startup
Signed-off-by: dereknola <derek.nola@suse.com>
2021-06-16 12:11:10 -07:00
Derek Nola
b74c499709
Revert "Change containerd image leases from 24h to permanent ( #3452 )" ( #3461 )
...
This reverts commit 86b3ba8dba
.
2021-06-15 14:56:14 -07:00
Derek Nola
86b3ba8dba
Change containerd image leases from 24h to permanent ( #3452 )
...
* Changed containerd image licenses from 24h to permanent. Delete any existing licenses on server startup
Signed-off-by: dereknola <derek.nola@suse.com>
2021-06-15 11:42:52 -07:00
Brian Downs
88f95ec409
Send systemd notifications for both server and agent ( #3430 )
...
* update agent to sent systemd notify after everything starts
2021-06-15 04:20:26 -07:00
Brad Davidson
a7d1159ba6
Emit events for AddOn lifecycle
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-06-11 14:00:27 -07:00
Brad Davidson
ea2cd6d727
Add comments, clean up imports and function names
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-06-11 14:00:27 -07:00
Brad Davidson
6e48ca9b53
Tidy up function calls with many args
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-06-11 14:00:27 -07:00
Brad Davidson
6ef000091a
Add nodename to UA string for deploy controller
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-06-10 17:05:52 -07:00
Brad Davidson
f6cec4e75d
Add kubernetes.default.svc to serving certs
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-06-08 12:55:20 -07:00
Manuel Buil
243fd14cf1
Change Replace with ReplaceAll function
...
strings has a specific function to replace all matches. We should use that one instead of strings.Replace(string, old, new string, -1)
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-06-07 09:52:26 +02:00
Brian Downs
afd506a595
fix possible race where bootstrap data might not save
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-06-04 15:05:47 -07:00
Brian Downs
2682183773
add log message indicating etcd snapshots are disabled
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-06-04 09:18:16 -07:00
Derek Nola
664a98919b
Fix RBAC cloud-controller-manager name 3308 ( #3388 )
...
* Changed cloud-controller-manager user name in ccm.yaml
Signed-off-by: dereknola <derek.nola@suse.com>
* Changed RBAC name in server.go
Signed-off-by: dereknola <derek.nola@suse.com>
* Changed "k3s" string prefix to version.Program to prevent static hardcoding
Signed-off-by: dereknola <derek.nola@suse.com>
* Changed user in ccm.yaml to k3s-cloud-controller-manager
Signed-off-by: dereknola <derek.nola@suse.com>
2021-06-02 14:50:11 -07:00
Manuel Buil
5153088286
Merge pull request #3385 from manuelbuil/wireguard-fix
...
Move wireguard's privatekey to flannel config directory
2021-06-02 09:44:27 +02:00
Manuel Buil
1576030d6b
Add a path for wireguard's privatekey
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-06-01 21:54:17 +02:00
Jamie Phillips
7345ac35ae
Initial windows support for agent ( #3375 )
...
Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>
2021-06-01 12:29:46 -07:00
Brian Downs
ecbf17e2ed
move object channel defer close to goroutine
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-05-18 19:58:30 -07:00
Brian Downs
254b52077e
add retention default and wire in s3 prune
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-05-18 13:57:40 -07:00
Brad Davidson
7e175e8ad4
Handle conntrack-related sysctls in supervisor agent setup
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-18 13:40:44 -07:00
Brian Downs
e8ecc00fc8
add etcd snapshot save subcommand
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-05-17 10:55:13 -07:00
Brian Downs
6ee28214fa
Add the ability to prune etcd snapshots ( #3310 )
...
* add prune subcommand to force rentention policy enforcement
2021-05-13 13:36:33 -07:00
Brad Davidson
079620ded0
Fix passthrough of SystemDefaultRegistry from server config
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-13 02:18:09 -07:00
MonzElmasry
24474c5734
change --disable-apiserver flag
...
Signed-off-by: MonzElmasry <menna.elmasry@rancher.com>
2021-05-13 00:00:11 +02:00
Brad Davidson
e10524a6b1
Add executor.Bootstrap hook for pre-execution setup
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-11 18:46:15 -07:00
Brian Downs
bcd8b67db4
Add the ability to list etcd snapshots ( #3303 )
...
* add ability to list local and s3 etcd snapshots
2021-05-11 16:59:33 -07:00
Brad Davidson
02a5bee62f
Add system-default-registry support and remove shared code ( #3285 )
...
* Move registries.yaml handling out to rancher/wharfie
* Add system-default-registry support
* Add CLI support for kubelet image credential providers
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-10 15:58:41 -07:00
Hussein Galal
948295e8e8
Fix cluster restoration in rke2 ( #3295 )
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-05-11 00:06:33 +02:00
Brad Davidson
fc037e87f8
Use config file values in node-args annotation
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-10 14:08:02 -07:00
Brian Downs
e998cd110d
Add the ability to delete an etcd snapshot locally or from S3 ( #3277 )
...
* Add the ability to delete a given set of etcd snapshots from the CLI for locally stored and S3 store snapshots.
2021-05-07 16:10:04 -07:00
Siegfried Weber
e77fd18270
Sign CSRs for kubelet-serving with the server CA
...
Problem:
Only the client CA is passed to the kube-controller-manager and
therefore CSRs with the signer name "kubernetes.io/kubelet-serving" are
signed with the client CA. Serving certificates must be signed with the
server CA otherwise e.g. "kubectl logs" fails with the error message
"x509: certificate signed by unknown authority".
Solution:
Instead of providing only one CA via the kube-controller-manager
parameter "--cluster-signing-cert-file", the corresponding CA for every
signer is set with the parameters
"--cluster-signing-kube-apiserver-client-cert-file",
"--cluster-signing-kubelet-client-cert-file",
"--cluster-signing-kubelet-serving-cert-file", and
"--cluster-signing-legacy-unknown-cert-file".
Signed-off-by: Siegfried Weber <mail@siegfriedweber.net>
2021-05-05 15:59:57 -07:00
Hussein Galal
f410fc7d1e
Invoke cluster reset function when only reset flag is passed ( #3276 )
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-05-05 17:40:04 +02:00
Brian Downs
beb0d8397a
reference node name when needed
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-05-04 10:03:28 -07:00
Brian Downs
c5ad71ce0b
Collect and Store etcd Snapshots and Metadata ( #3239 )
...
* Add the ability to store local etcd snapshots and etcd snapshots stored in an S3 compatible object store in a ConfigMap.
2021-04-30 18:26:39 -07:00
Hussein Galal
2db3bf7a89
Export CriConnection function ( #3225 )
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-04-29 22:11:19 +02:00
Brad Davidson
3cb4ca4b35
Use same SANs on ServingKubeAPICert as dynamiclistener
...
The kube-apiserver cert should have the same SANs in the same order,
excluding the extra user-configured SANs since this will only be used
in-cluster.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-28 09:58:19 -07:00
Darren Shepherd
8f1a20c0d3
Add ability to append to slice during config file merge
...
If key ends in "+" the value of the key is appended to previous
values found. If values are string instead of a slice they are
automatically converted to a slice of one string.
Signed-off-by: Darren Shepherd <darren@rancher.com>
2021-04-27 15:59:03 -07:00
Brad Davidson
2705431d96
Add support for dual-stack Pod/Service CIDRs and node IP addresses ( #3212 )
...
* Add support for dual-stack cluster/service CIDRs and node addresses
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-21 15:56:20 -07:00
Darren Shepherd
a0a1071aa5
Support .d directory for k3s config file ( #3162 )
...
Configuration will be loaded from config.yaml and then config.yaml.d/*.(yaml|yml) in
alphanumeric order. The merging is done by just taking the last value of
a key found, so LIFO for keys. Slices are not merged but replaced.
Signed-off-by: Darren Shepherd <darren@rancher.com>
2021-04-15 11:29:24 -07:00
Brad Davidson
601c4984f5
Fix service-account-issuer
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-14 14:51:42 -07:00
Brad Davidson
e8381db778
Update Kubernetes to v1.21.0
...
* Update Kubernetes to v1.21.0
* Update to golang v1.16.2
* Update dependent modules to track with upstream
* Switch to upstream flannel
* Track changes to upstream cloud-controller-manager and FeatureGates
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-14 14:51:42 -07:00
Brian Downs
66ed6efd57
Resolve local retention issue when S3 in use.
...
Remove early return preventing local retention policy to be enforced
resulting in N number of snapshots being stored.
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-04-14 10:40:08 -07:00
Brian Downs
80e4baf525
add hidden attribute to disable flags
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-04-13 14:30:47 -07:00
Brian Downs
d9381b84ad
add etcd s3 secret and access key flags and env vars to secret data
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-04-12 14:47:16 -07:00
Brian Downs
693c5290b1
Update CoreDNS to version 1.8.3. ( #3168 )
...
* update CoreDNS to 1.8.3
Rerun go generate and update the CoreDNS RBAC
2021-04-09 16:47:16 -07:00
Brian Downs
ad4f04d2fc
Merge pull request #3155 from briandowns/rke2-issue-856
...
remove hidden attribute from cluster flags and related code
2021-04-09 12:55:27 -07:00
Erik Wilson
9a53fca872
Bump traefik to v2.4.8
...
Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>
2021-04-08 17:42:58 -07:00
Brad Davidson
58e93feda6
Fix CI failures non-deterministic traefik chart repackaging ( #3165 )
...
* Fix CI failures non-deterministic traefik chart repackaging
* Update generated bindata
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-08 15:33:15 -07:00
Brian Downs
4a49b9e40b
delete nocluster file and remove build tag
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-04-07 12:16:28 -07:00
Brian Downs
3ed9b0a997
remove hidden attribute from cluster flags and related code
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-04-07 11:36:02 -07:00
Xiao Deshi
cfe7e0c734
remove duplicated func GetAddresses
...
refactor tunnel.go and controller.go, remove duplicated lines.
Signed-off-by: Xiao Deshi <xiaods@gmail.com>
2021-03-31 14:23:05 -07:00
Akihiro Suda
cb73461a5b
AkihiroSuda/containerd-fuse-overlayfs -> containerd/fuse-overlayfs-snapshotter
...
The repo has been moved.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-03-24 10:34:34 -07:00