Commit Graph

777 Commits (3cd7a46b8fb9362fb490bec641ddd7e25c1d93f7)

Author SHA1 Message Date
Brad Davidson 3cd7a46b8f Defer ensuring node passwords on etcd-only nodes during initial cluster bootstrap
This allows secondary etcd nodes to bootstrap the kubelet before an
apiserver joins the cluster. Rancher waits for all the etcd nodes to
come up before adding the control-plane nodes, so this needs to be
handled properly.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 38706eeec0)
2022-03-18 13:50:43 -07:00
Brad Davidson e750ee5070 Close additional leaked GPRC clients
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-03-15 18:09:26 -07:00
Brad Davidson e032704684 Bootstrap the executor even when the agent is disabled
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit f090bf2d5e)
2022-03-15 18:09:26 -07:00
Brad Davidson e078a2902f Fix etcd-snapshot commands by making setup more consistent.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit a7878db17f)
2022-03-15 18:09:26 -07:00
Brad Davidson 570ff6ebf7 Ignore cluster membership errors when reconciling from temp etcd
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 9a48086524)
2022-03-15 18:09:26 -07:00
Brad Davidson 198057ac05 Move temporary etcd startup into etcd module
Reuse the existing etcd library code to start up the temporary etcd
server for bootstrap reconcile. This allows us to do proper
health-checking of the datastore on startup, including handling of
alarms.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit e4846c92b4)
2022-03-15 18:09:26 -07:00
Brad Davidson 100f4d1948 Pass context in to embedded etcd so that it can be stopped
Partial cherry-pick from 29c8b238e5

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-03-15 18:09:26 -07:00
Brad Davidson 8fdaa0eaca Add function to clear local alarms on etcd startup
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 555087b9b8)
2022-03-15 18:09:26 -07:00
Brad Davidson 5a7f5fc951 Fix adding etcd-only node to existing cluster
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 5014c9e0e8)
2022-03-15 18:09:26 -07:00
Brad Davidson 197092a972 Remove unnecessary copies of etcdconfig struct
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit a1b800f0bf)
2022-03-15 18:09:26 -07:00
Brad Davidson 3f6b5c19d4 Remove unnecessary copies of runtime struct
Several types contained redundant references to ControlRuntime data. Switch to consistently accessing this via config.Runtime instead.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 2989b8b2c5)
2022-03-15 18:09:26 -07:00
Derek Nola 3368116172
[Release-1.21] Populate EtcdConfig in runtime from datastore when etcd is disabled (#5229)
* Populate EtcdConfig in runtime from datastore when etcd is disabled (#5222)

Fixes issue with secrets-encrypt rotate not having any etcd endpoints
available on nodes without a local etcd server.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

* Revert to old Kine naming

Signed-off-by: Derek Nola <derek.nola@suse.com>

Co-authored-by: Brad Davidson <brad.davidson@rancher.com>
2022-03-08 11:38:28 -08:00
Derek Nola 0ec1c41cd5
Add `--json` flag for `k3s secrets-encrypt status` (#5127) (#5197)
* Add json flag for secrets-encrypt status

Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-03-03 10:25:29 -08:00
Derek Nola 04d44d005e
Create encryption hash file if it doesn't exist (#5168)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-02-28 09:06:06 -08:00
Brian Downs 1232cbcc3a
add ability to specify etcd snapshot list output format (#5132) (#5178) 2022-02-26 12:28:46 -07:00
Hussein Galal 471f5eb3db
Upgrade to V1.21.10+k3s1 (#5137)
* Update to v1.21.10

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Upgrade treafik image to 2.6.1

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Upgrade treafik image in image-list

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* add debug to download script

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Enable make generate to use dapper and standardize go and gzip versions (#4861)

Signed-off-by: Derek Nola <derek.nola@suse.com>

* fix go generate

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix deep copy generated file

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Update go.mod

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

Co-authored-by: Derek Nola <derek.nola@suse.com>
2022-02-20 20:48:06 +02:00
Manuel Buil 5efd5f938f Fix annoying netpol log
Signed-off-by: Manuel Buil <mbuil@suse.com>
2022-02-10 20:16:36 +01:00
Manuel Buil 47c3ce842c
Merge pull request #5089 from manuelbuil/kube-router-lib-1.21
[Release 1.21] netpol: Use kube-router as a library
2022-02-08 08:17:36 +01:00
Michal Rostecki 9de183fb0e netpol: Use kube-router as a library
Before this change, we were copying a part of kube-router code to
pkg/agent/netpol directory with modifications, from which the biggest
one was consumption of k3s node config instead of kube-router config.

However, that approach made it hard to follow new upstream versions.
It's possible to use kube-router as a library, so it seems like a better
way to do that.

Instead of modifying kube-router network policy controller to comsume
k3s configuration, this change just converts k3s node config into
kube-router config. All the functionality of kube-router except netpol
is still disabled.

Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
Signed-off-by: Manuel Buil <mbuil@suse.com>
2022-02-07 19:49:35 +01:00
Derek Nola f586916c5f
Check for `--kubeconfig` flag with embedded `kubectl` (#5064) (#5074)
* Check for kubeconfig flag

Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-02-07 10:49:04 -08:00
Derek Nola 42bc5612ff
[Release-1.21] Add `--server flag` to `k3s secrets-encrypt` (#5054)
* Add server flag to access nonlocal/nondefault k3s server (#5016)

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Update gitignore

Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-02-01 10:45:00 -08:00
Brad Davidson 03bba66760 Move containerd wait into exported function
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-25 13:10:14 -08:00
Roberto Bonafiglia dc970d27ca
Merge pull request #4982 from rbrtbnfgl/ipv6-nat_release-1.21
[Release 1.21] Add IPv6 NAT
2022-01-19 08:45:33 +01:00
Brad Davidson 447279299b go generate
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-18 17:12:11 -08:00
Brad Davidson 683efbb737 Update packaged components
Update images and manifests/charts for coredns, local-path-provisioner, traefik, and pause

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-18 17:12:11 -08:00
Brian Downs 900e5ff519
[Release-1.21] Adds the ability to compress etcd snapshots (#4866) (#4959) 2022-01-18 11:08:46 -07:00
Manuel Buil 42d160da5b Move flannel logs to logrus
Signed-off-by: Manuel Buil <mbuil@suse.com>
2022-01-18 16:31:08 +01:00
Roberto Bonafiglia de12630ec0 Added debug log for IPv6 Masquerading rule
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@gmail.com>
2022-01-18 16:30:51 +01:00
Roberto Bonafiglia bb3fe9b185 Added flannel-ipv6-masq flag to enable IPv6 nat
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@gmail.com>
2022-01-18 16:30:04 +01:00
Roberto Bonafiglia 758331404e Added iptables masquerade rules for ipv6 on flannel
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@gmail.com>
2022-01-18 12:53:19 +01:00
Brad Davidson 6644357d0e Skip CGroup v2 evac when agent is disabled
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-14 13:25:41 -08:00
Derek Nola f11f0748e9
Enable logging on all subcommands (#4921) (#4932)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-01-14 09:21:22 -08:00
Brad Davidson be3c430985 Move ClusterResetRestore handling ControlConfig setup
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-12 12:09:55 -08:00
Brad Davidson a0521c29eb Fix handling of agent-token fallback to token
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-07 10:58:36 -08:00
Brad Davidson 4b3f5be45d Fix use of agent creds for secrets-encrypt and config validate
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-06 14:17:27 -08:00
Luther Monson 1942d18447 code to remove vendor dir
Signed-off-by: Luther Monson <luther.monson@gmail.com>
2021-12-27 15:02:34 -07:00
Brad Davidson 625dd61a60 Close etcd clients to avoid leaking GRPC connections
If you don't explicitly close the etcd client when you're done with it,
the GRPC connection hangs around in the background. Normally this is
harmelss, but in the case of the temporary etcd we start up on 2399 to
reconcile bootstrap data, the client will start logging errors
afterwards when the server goes away.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 8ad7d141e8)
2021-12-22 12:41:47 -08:00
Brad Davidson 5641f9b328 Fix panic checking name of uninitialized etcd member
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-12-21 23:39:28 -08:00
Brian Downs 046961c4c6
Update bootstrap logic to output all changed files on disk (#4800) (#4808)
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-12-21 16:22:16 -07:00
Hussein Galal 7e9ac115f4
[Release-1.21] Close agentReady channel only in k3s (#4794)
* Close agentReady channel only in k3s

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* codespell check

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-12-21 20:29:09 +02:00
Manuel Buil 8d2170f5c4 Remove Disables, Skips and DisableKubeProxy from the comparing configs
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-12-17 18:45:35 +01:00
Derek Nola 6bac01fc58
[Release-1.21] Fix cold boot and reconcilation on secondary servers (#4753)
* Fix cold boot restarts on secondary servers

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Update to match master PR

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Update warning

Signed-off-by: Derek Nola <derek.nola@suse.com>

* golangci-fix

Signed-off-by: Derek Nola <derek.nola@suse.com>
2021-12-15 15:39:04 -08:00
Hussein Galal 0d065c8491 Fix snapshot restoration on fresh nodes (#4737)
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-12-13 18:13:59 -07:00
Brian Downs 98d6d38d61 Resolve Bootstrap Migration Edge Case (#4730)
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-12-13 13:04:33 -07:00
Brian Downs 53ef842a98
Resolve restore bootstrap (#4704) (#4716) 2021-12-09 17:54:39 -07:00
Hussein Galal 3024462196
Add validation to certificate rotation (#4697)
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-12-09 02:45:45 +02:00
Brad Davidson 8e1b2340c9 Bump wharfie to v0.5.1 and use shared decompression code
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 7d3447ceff)
2021-12-08 13:33:45 -08:00
Alexey Medvedchikov b526e98d1b Include node-external-ip in serving-kubelet.crt SANs (#4620)
* Include node-external-ip in serving-kubelet.crt SANs

Signed-off-by: Alexey Medvedchikov <alexeymedvedchikov@improbable.io>
(cherry picked from commit 8f389ab030)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-12-08 10:49:41 -08:00
Manuel Buil 8ea26cdad1 Check HA network parameters
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-12-08 12:50:24 +01:00
Derek Nola 1055837e4f
Backport secrets-encrypte command (#4658)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2021-12-07 17:21:10 -08:00