Brad Davidson
8c6d3567fe
Rename k3s-controller based on the build-time program name
...
Since we're replacing the k3s rolebindings.yaml in rke2, we should allow
renaming this so that we can use the white-labeled name downstream.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-16 10:53:07 -07:00
Erik Wilson
c5dc09159f
Move basic authentication to k3s
2020-08-28 17:18:34 -07:00
Brad Davidson
b1d017f892
Update dynamiclistener
...
Second round of fixes for #1621
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-08-18 10:38:47 -07:00
Euan Kemp
4808c4e7d5
Listen insecurely on localhost only
...
Before this change, k3s configured the scheduler and controller's
insecure ports to listen on 0.0.0.0. Those ports include pprof, which
provides a DoS vector at the very least.
These ports are only enabled for componentstatus checks in the first
place, and componentstatus is hardcoded to only do the check on
localhost anyway (see
https://github.com/kubernetes/kubernetes/blob/v1.18.2/pkg/registry/core/rest/storage_core.go#L341-L344 ),
so there shouldn't be any downside to switching them to listen only on
localhost.
2020-08-05 10:28:11 -07:00
Brian Downs
ebac755da1
add profiling flag with default value of false
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-07-10 13:08:04 -07:00
Brandon Davidson
538842ffdc
Merge pull request #1768 from brandond/fix_1764
...
Configure default signer implementation to use ClientCA instead of ServerCA
2020-07-07 16:52:14 -07:00
Brian Downs
7f4f237575
added profile = false args to api, controllerManager, and scheduler ( #1891 )
2020-06-12 21:09:41 +02:00
Darren Shepherd
6b5b69378f
Add embedded etcd support
...
This is replaces dqlite with etcd. The each same UX of dqlite is
followed so there is no change to the CLI args for this.
2020-06-06 16:39:41 -07:00
Darren Shepherd
39571424dd
Generate etcd certificates
2020-06-06 16:39:41 -07:00
Darren Shepherd
a18d387390
Refactor clustered DB framework
2020-06-06 16:39:41 -07:00
Darren Shepherd
7e59c0801e
Make program name a variable to be changed at compile time
2020-06-06 16:39:41 -07:00
Darren Shepherd
cb4b34763e
Merge pull request #1759 from ibuildthecloud/background
...
Start kube-apiserver in the background
2020-05-06 21:50:48 -07:00
Darren Shepherd
e5fe184a44
Merge pull request #1757 from ibuildthecloud/separate-port
...
Add supervisor port
2020-05-06 21:32:45 -07:00
Darren Shepherd
072396f774
Start kube-apiserver in the background
...
In rke2 everything is a static pod so this causes a chicken and egg situation
in which we need the kubelet running before the kube-apiserver can be
launched. By starting the apiserver in the background this allows us to
do this odd bootstrapping.
2020-05-06 21:17:23 -07:00
Brad Davidson
71561ecda2
Use ClientCA for the signer controller
2020-05-06 16:51:35 -07:00
Darren Shepherd
2f5ee914f9
Add supervisor port
...
In k3s today the kubernetes API and the /v1-k3s API are combined into
one http server. In rke2 we are running unmodified, non-embedded Kubernetes
and as such it is preferred to run k8s and the /v1-k3s API on different
ports. The /v1-k3s API port is called the SupervisorPort in the code.
To support this separation of ports a new shim was added on the client in
then pkg/agent/proxy package that will launch two load balancers instead
of just one load balancer. One load balancer for 6443 and the other
for 9345 (which is the supervisor port).
2020-05-05 15:54:51 -07:00
Darren Shepherd
afd6f6d7e7
Encapsulate execution logic
...
This moves all the calls to cobra root commands to one package
so that we can change the behavior of running components as embedded
or external.
2020-05-05 15:34:32 -07:00
Darren Shepherd
3c8e0b4157
No longer use basic auth for default admin account
2020-04-28 16:01:33 -07:00
Knic Knic
44b8af097c
fix usage of path instead of filepath
2020-04-25 00:29:18 -07:00
Erik Wilson
3592d0bdd9
Merge pull request #1344 from ibuildthecloud/dialer-fallback
...
If tunnel session does not exist fallback to default dialer
2020-01-27 13:59:45 -07:00
Erik Wilson
1a2690d7be
Merge pull request #1192 from galal-hussein/add_encryption_config
...
Add secret encryption config
2020-01-27 13:59:09 -07:00
Darren Shepherd
3396a7b099
If tunnel session does not exist fallback to default dialer
2020-01-22 11:04:41 -07:00
galal-hussein
388cd9c4e8
Add secret encryption configuration
2019-12-23 13:16:27 +02:00
Darren Shepherd
4acaa0740d
Small dqlite fixes
2019-12-16 11:45:01 -07:00
Erik Wilson
76281bf731
Update k3s for k8s 1.17.0
2019-12-15 23:28:19 -07:00
galal-hussein
99b8222e8d
Change storage to datastore
2019-11-15 21:52:07 -07:00
Darren Shepherd
77703b90ff
Don't ever change 10252/10251 ports
...
Kubernetes componentstatus check is hardcoded to 10252 and 10251
so we should never change these ports. If you do componentstatus
will return error.
2019-11-13 18:20:57 -07:00
Darren Shepherd
0ae20eb7a3
Support both http and db based bootstrap
2019-11-12 01:12:24 +00:00
Darren Shepherd
29b270dce6
Wait for apiserver to be health, not just running
2019-11-12 01:09:33 +00:00
Darren Shepherd
91cacb3a14
Fix server join issues
2019-11-08 21:35:58 +00:00
Erik Wilson
01f6e0e64e
Add context to server daemon functions that wait
2019-11-05 11:06:07 -07:00
larmog
7aa3d08385
Wait for api-server to report version after starting
2019-11-05 11:05:22 -07:00
Darren Shepherd
ba240d0611
Refactor tokens, bootstrap, and cli args
2019-10-30 19:06:49 -07:00
galal-hussein
d2c1f66496
Add k3s cloud provider
2019-10-16 21:13:15 +02:00
galal-hussein
436ff4ef63
fix cert rotation function
2019-10-10 03:35:32 +02:00
galal-hussein
2dc5ba5bae
Add certificate rotation
2019-09-30 18:34:58 +02:00
Erik Wilson
959acf9c92
Add --flannel-backend flag
2019-09-27 18:26:39 -07:00
Darren Shepherd
36ca606073
Merge pull request #793 from yamt/noderestriction
...
Add back NodeRestriction
2019-09-07 12:07:01 -07:00
YAMAMOTO Takashi
9cf80eacd9
Add back NodeRestriction
...
It has been removed as a part of #764 for no obvious reasons.
Fix #791
2019-09-05 15:47:46 +09:00
Erik Wilson
197985c673
Add --kubelet-certificate-authority flag
2019-09-02 10:49:23 -07:00
Darren Shepherd
f57dd13774
Default kube-apiserver to httpsport + 1
2019-08-28 20:53:38 -07:00
Darren Shepherd
9c8b95be9d
Drop unneeded prometheus imports
2019-08-28 20:53:37 -07:00
Darren Shepherd
a51a2eaaad
Add anonymous-auth=false and remove NodeRestriction
2019-08-28 20:53:37 -07:00
Erik Wilson
5679cfafaf
Merge pull request #707 from ibuildthecloud/pr683
...
Integrate Kine
2019-08-26 09:25:37 -07:00
Darren Shepherd
2cb6f52339
Disable storing bootstrap information by default
2019-08-24 22:27:24 -07:00
Erik Wilson
e6067314c9
Localhost -> 127.0.0.1
2019-08-22 11:56:00 -07:00
galal-hussein
1ae0c540d7
Refactor bootstrap, move kine startup code to kine, integrate kine
2019-08-22 09:14:43 -07:00
YAMAMOTO Takashi
d78701acb1
Fix bootstrap with non-tls etcd
2019-07-31 16:14:13 +09:00
Erik Wilson
1833b65fcd
Merge pull request #647 from yamt/remove-proxy-port
...
Remove agent proxy config which is no longer used
2019-07-23 15:51:51 -07:00
Erik Wilson
2d32337334
Merge pull request #650 from erikwilson/update-bootstrap
...
Bootstrap node key files & fix permissions
2019-07-17 14:22:05 -07:00