Commit Graph

1528 Commits (3b8ec74049e1e211ec84efb753a2935912b3e4d9)

Author SHA1 Message Date
Brad Davidson 3b8ec74049 Update disables list when building with no_stage
The --disable/--no-deploy flags actually turn off some built-in
controllers, in addition to preventing manifests from getting loaded.
Make it clear which controllers can still be disabled even when the
packaged components are ommited by the no_stage build tag.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-04 13:39:45 -08:00
Chris Kim ea916030c2
Merge pull request #2456 from Oats87/fix-rpm-install
Support k3s-selinux rpm install more effectively
2020-10-29 12:49:18 -04:00
Chris Kim a8275838d5 Add additional conditional logic to install.sh to prevent errors on Fedora or systems when run as non-root
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-10-29 07:30:03 -07:00
Euan Kemp 0521756dd9 Use 'rm' from path in go generate
/bin/rm is less portable. On some distros, like nixos, it doesn't exist
at all.

Signed-off-by: Euan Kemp <euank@euank.com>
2020-10-29 00:07:46 -07:00
Menna Elmasry 523ccaf3f2
Merge pull request #2448 from MonzElmasry/new_b
Make etcd use node private ip
2020-10-29 00:23:56 +02:00
Ranjib Dey dcff6e7047 remove duplicate systemd directives
Signed-off-by: Ranjib Dey ranjib@linux.com
2020-10-28 14:53:01 -07:00
MonzElmasry e8436cc76b
Make etcd use node private ip
Signed-off-by: MonzElmasry <menna.elmasry@rancher.com>
2020-10-28 23:45:24 +02:00
Chris Kim 05d775b31e
Merge pull request #2441 from Oats87/disable-rpm
Disable RPM publishing
2020-10-28 16:07:53 -04:00
Brad Davidson 7a5a9033a7 Update kine to v0.5.0
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-10-28 13:03:47 -07:00
Chris Kim f981043b89 Remove RPM publishing from .drone.yml
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-10-28 14:27:08 -04:00
Chris Kim 7b8a147a1b
Merge pull request #2408 from Oats87/rpm-install-selinux
Add auto-install capability to install.sh for k3s-selinux
2020-10-28 14:24:09 -04:00
Hussein Galal fcd18d1b6e
skip node delete from removed member (#2413)
* skip node delete from removed member

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* use grpc errors

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* go imports

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* exit if node is the etcd that being removed

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2020-10-28 18:32:51 +02:00
Chris Kim 96fc4c4b21 Add iptable_nat to modprobe list
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-10-27 14:22:14 -04:00
Chris Kim 38109e6c9d Add auto-install capability to install.sh for k3s-selinux
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-10-27 14:22:14 -04:00
Brad Davidson de18528412
Make etcd voting members responsible for managing learners (#2399)
* Set etcd timeouts using values from k8s instead of etcdctl
  Fix for one of the warnings from #2303
* Use etcd zap logger instead of deprecated capsnlog
  Fix for one of the warnings from #2303
* Remove member self-promotion code paths
* Add learner promotion tracking code
* Fix RaftAppliedIndex progress check
* Remove ErrGRPCKeyNotFound check
  This is not used by v3 API - it just returns a response with 0 KVs.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-10-27 11:06:26 -07:00
Brad Davidson 03f05f9337 Update Kubernetes to v1.19.3-k3s1
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-10-16 13:18:59 -07:00
Jeremy Katz b1a7161ccc Add information on reporting security issues
Signed-off-by: Jeremy Katz <jeremy@tidelift.com>
2020-10-16 11:46:16 -07:00
Brian Downs 0063646628
Merge pull request #2396 from briandowns/issue-831
Update kine to v0.4.1
2020-10-15 13:39:08 -07:00
Brian Downs 0363da5196 run go mod tidy
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-10-15 13:03:26 -07:00
Brian Downs 299fe83a1f update kine to v0.4.1
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-10-15 10:34:24 -07:00
Erik Wilson 6b11d86037
Merge pull request #2377 from erikwilson/no-proxy-fix
Use no_proxy env, add .svc and cluster domains
2020-10-12 13:46:22 -07:00
Erik Wilson 56e077eb29
Use no_proxy env, add .svc and cluster domains 2020-10-12 11:02:07 -07:00
Erik Wilson 114b5ccad1
Merge pull request #2363 from erikwilson/netpol-informers
Add event handlers to network policy controller
2020-10-12 08:53:39 -07:00
Erik Wilson e26e333b7e
Add network policy controller CacheSyncOrTimeout 2020-10-07 12:35:44 -07:00
Erik Wilson 045cd49ab5
Add event handlers to network policy controller 2020-10-07 12:10:27 -07:00
Erik Wilson f4e7eaa283
Merge pull request #2358 from erikwilson/check-config-1291
check-config: Remove NF_NAT_IPV4 and NF_NAT_NEEDED from kernel check
2020-10-06 16:02:33 -07:00
Erik Wilson 7f0bdf8a1e
check-config: Remove NF_NAT_IPV4 and NF_NAT_NEEDED from kernel check 2020-10-06 14:30:49 -07:00
Erik Wilson 154b395c03
Merge pull request #2349 from erikwilson/fix-data-extract
Fix race condition in data extraction
2020-10-06 12:40:47 -07:00
Erik Wilson 95b895038c
Add locking and verification for data directory extraction 2020-10-06 10:29:27 -07:00
Erik Wilson ce0da0a0f4
Add file verification for data directory 2020-10-06 10:29:27 -07:00
Erik Wilson 66d29148f7
Add Release function for flock 2020-10-06 10:29:27 -07:00
Erik Wilson 360d82d20e
Add flock from k8s.io/kubernetes/pkg/util/flock 2020-10-06 10:29:26 -07:00
Brad Davidson c3c983198f Add temporary fix for issue with interrupted etcd promote
This is a minimal fix for https://github.com/rancher/rke2/issues/392

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-30 11:45:58 -07:00
Hussein Galal 373449ec0a
Allow for multiple etcd snapshot restoration (#2307)
* add reset tmp file

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* go imports

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix multiple lines string

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix typo

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* use resetFile function

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2020-09-30 02:53:31 +02:00
Brad Davidson 8262e23169
Revert removal of EndpointName hooks (#2319)
* Revert "Remove dead EndpointName code"
    This reverts commit 8025da5a8d.
* Fix docstrings based on proper understanding of use
2020-09-28 18:13:55 -07:00
Brad Davidson 714227bdc7
Merge pull request #2300 from brandond/fix_2249
Fix managed etcd cold startup deadlock issue #2249
2020-09-28 10:56:51 -07:00
Brad Davidson 360b0f1ee5 Add timeout to clientaccess http client
The default http client does not have an overall request timeout, so
connections to misbehaving or unavailable servers can stall for an
excessive amount of time. At the moment, just attempting to join
an unavailable cluster takes 2 minutes and 40 seconds to timeout.

Resolve that by setting a reasonable request timeout.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:26:27 -07:00
Brad Davidson cdfc6cfa1a Split clientaccess token/kubeconfig code
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:26:27 -07:00
Brad Davidson 45dd4afe50 Simplify token parsing
Improves readability, reduces round-trips to the join server to validate certs.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:26:24 -07:00
Brad Davidson 9074da7405 Fix misc nits and missing/unused imports
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:10:00 -07:00
Brad Davidson 703ba5cde7 Add a bunch of doc comments
Also change identical error messages to clarify where problems are
occurring.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:10:00 -07:00
Brad Davidson ae916c2dec Use const for kube-system namespace
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:10:00 -07:00
Brad Davidson f59e8fc21b Fix etcd directory permissions
Silences warning on startup about insecure directory permissions

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:10:00 -07:00
Brad Davidson ee99660a96 Rename etcd directory helpers to reduce confusion about which datadir we're talking about
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:10:00 -07:00
Brad Davidson 8025da5a8d Remove dead EndpointName code
According to @galal-hussein this is dead code that was probably brought
over from Kine. I certainly couldn't figure out what it is supposed to
be doing.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:10:00 -07:00
Brad Davidson 97eb28a01a Remove unnecessary listener arg from managed DB setup
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:09:45 -07:00
Brad Davidson a3bbd58f37 Fix managed etcd cold startup deadlock issue #2249
We should ignore --token and --server if the managed database is initialized,
just like we ignore --cluster-init. If the user wants to join a new
cluster, or rejoin a cluster after --cluster-reset, they need to delete
the database. This a cleaner way to prevent deadlocking on quorum loss,
and removes the requirement that the target of the --server argument
must be online before already joined nodes can start.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 02:44:49 -07:00
Kevin Messer 6c9f3d528a
feat(install): replace rpm by yum for setup_selinux (#1829)
It's a bad practice to install packages via rpm directly. It's better to install all packages with Yum/Dnf. It's also possible to install packages directly via an URL, which is the purpose of this PR.
2020-09-26 01:45:33 -07:00
Adam Farden 86d2e2a5f8
[systemd] really wait for network to come online (#1665)
Wants= is required to actually set the dependency on network-online.service
After= is required or k3s.service will be started at the same time as network-online.service

In network environments with slow DHCP, both are required to ensure valid network configuration for k3s

Signed-off-by: Adam Farden <adam@farden.cz>
2020-09-26 01:44:06 -07:00
Matthew Clive fc55904d82
Add network dependency to installed service file (#2210)
Adds the line `After=network-online.target` to the k3s systemd service
file. This applies the fix mentioned in
[this GH comment](https://github.com/rancher/k3s/issues/1626#issuecomment-642253812)
which I can confirm makes k3s networking survive reboot in Raspbian
Buster.

[It appears, in some docs I found](https://www.digitalocean.com/community/tutorials/understanding-systemd-units-and-unit-files)
that this is a recommended and usual way of specifying that we need the
target to be _completed_ before starting k3s. Using just the `Wants=`
directive doesn't work for this task, you have to add both directives
at once to do this. Quote:

> `Wants=`: This directive is similar to `Requires=`, but less strict.
> `Systemd` will attempt to start any units listed here when this unit
> is activated. If these units are not found or fail to start, the
> current unit will continue to function. This is the recommended way to
> configure most dependency relationships. **Again, this implies a
> parallel activation unless modified by other directives**

> [...]

> `After=`: The units listed in this directive will be started before
> starting the current unit. This does not imply a dependency
> relationship and **one must be established through the above
> directives if this is required.**

- _(Emphasis mine)_

Signed-off-by: Matthew Clive <arcticlight@arcticlight.me>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-26 01:42:17 -07:00