github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,691 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

338 Commits (407bbe73007404ccf40a750c61f4bec5544fdebf)

Author SHA1 Message Date
Simon Kirsten 5122700225 Add support for `{{ template "base" . }}` in etc/containerd/config.toml.tmpl (#7991) 
Signed-off-by: Simon Kirsten <simonkirsten24@gmail.com>
(cherry picked from commit 546dc247a0)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-08-04 16:31:16 -07:00
Derek Nola 3b650c974d
[Release-1.24] August Test Backports (#8128) 
* Unit test for MustFindString (#8013)
* Consolidate CopyFile functions (#8079)
* Remove unnecessary E2E envs

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-08-04 11:40:14 -07:00
Brad Davidson 765a853a4c Fall back to basic/bearer auth when node identity auth is rejected 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 7f50b40cfe)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-07-07 14:16:50 -07:00
Manuel Buil 7180631dec Fix code spell check 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2023-07-05 10:53:02 +02:00
Manuel Buil cf4bbc26c5 Revert "VPN integration" 
This reverts commit 19f86eb080.

Signed-off-by: Manuel Buil <mbuil@suse.com>
 2023-06-12 11:24:29 +02:00
Manuel Buil 19f86eb080 VPN integration 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2023-06-12 10:19:25 +02:00
Manuel Buil b834ac9730 Wrap error stating that it is coming from netpol 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2023-05-15 09:44:56 +02:00
Brad Davidson 391b08309c Bump cni plugins to v1.2.0-k3s1 
Also add bandwidth and firewall plugins. The bandwidth plugin is
automatically registered with the appropriate capability, but the
firewall plugin must be configured by the user if they want to use it.

Ref: https://www.cni.dev/plugins/current/meta/firewall/

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit cedefeff24)
 2023-05-10 15:02:29 -07:00
Brad Davidson a82dbacd4a Fix stack log on panic 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit f1b6a3549c)
 2023-05-10 15:02:29 -07:00
Brad Davidson f705a8ff1c Improve egress selector handling on agentless servers 
Don't set up the agent tunnel authorizer on agentless servers, and warn when agentless servers won't have a way to reach in-cluster endpoints.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 31a6386994)
 2023-05-10 15:02:29 -07:00
Derek Nola 8f27774e8b
[Release-1.24] Add E2E testing in Drone (#7376) 
* Initial drone vagrant pipeline

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Build e2e test image
* Add ci flag to secretsencryption
* Fix vagrant log on secretsencryption
* Add cron conformance pipeline
* Add string output for nodes
* Switch snapshot restore for upgrade cluster

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Added IPv6 check and agent restart on e2e test utils

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>

* Drone: Cleanup E2E VMs on test panic (#7104)

* Cleanup leftover VMs in E2E pipeline

* Clean E2E VMs before testing (#7109)

* Cleanup VMs proper

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Dont run most pipelines on nightly cron
* Improve RunCmdOnNode error
* Pin upgradecluster to v1.24

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
Co-authored-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2023-05-01 14:14:28 -07:00
Roberto Bonafiglia e8ec681cea Updated kube-route version to move the iptables ACCEPT default rule at the end of the chain 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2023-04-06 11:10:04 +02:00
Brad Davidson e8408f3af7 Debounce kubernetes service endpoint updates 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 2992477c4b)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-04-05 16:29:31 -07:00
Brad Davidson ab6c64342c Fix tests to not hide failure location in dummp assert functions 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit ece4d8e45c)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-04-05 16:29:31 -07:00
Brad Davidson 01253a5b84 Fix issue with stale connections to removed LB server 
Track LB connections through each server so that they can be closed when it is removed.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit e54ceaa497)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-04-05 16:29:31 -07:00
Derek Nola 7fee87d976
Adds a warning about editing to the containerd config.toml file (#7076) 
* Add a warning to the config.toml file

Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Brad Davidson <brad@oatmail.org>
 2023-03-14 09:33:21 -07:00
Brad Davidson 9360022bbe Wait for kubelet to update the Ready status before reading port 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-03-13 20:07:34 -07:00
Daishan Peng abda53075e Wait for kubelet port to be ready before setting 
Signed-off-by: Daishan Peng <daishan@acorn.io>
 2023-03-13 20:07:34 -07:00
Roberto Bonafiglia cabeae0619
[Release 1.24] Update flannel and kube-router (#7063) 
* Update kube-router version to fix iptables rules

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>

* Update Flannel to v0.21.3

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>

---------

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2023-03-10 20:32:08 -08:00
Roberto Bonafiglia dd71479e67 Update flannel to v0.21.1 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2023-02-10 20:07:50 +01:00
Paul Donohue c87d62490f Fix access to hostNetwork port on NodeIP when egress-selector-mode=agent 
Signed-off-by: Paul Donohue <git@PaulSD.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-10 09:43:58 -08:00
Brad Davidson 73460e28bf Add support for kubeadm token and client certificate auth 
Allow bootstrapping with kubeadm bootstrap token strings or existing
Kubelet certs. This allows agents to join the cluster using kubeadm
bootstrap tokens, as created with the `k3s token create` command.

When the token expires or is deleted, agents can successfully restart by
authenticating with their kubelet certificate via node authentication.
If the token is gone and the node is deleted from the cluster, node auth
will fail and they will be prevented from rejoining the cluster until
provided with a valid token.

Servers still must be bootstrapped with the static cluster token, as
they will need to know it to decrypt the bootstrap data.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 992e64993d)
 2023-02-10 09:34:10 -08:00
Brad Davidson b88c3b8c95 Add utility functions for getting kubernetes client 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 3c324335b2)
 2023-02-10 09:34:10 -08:00
Derek Nola 1b5a3a5b2e
Wait for cri-dockerd socket (#6854) 
* Wait for cri-dockerd socket
* Consolidate cri utility functions

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-02-01 09:24:09 -08:00
Brad Davidson be26a6e618 Set cri-dockerd version at build time 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-26 14:43:47 -08:00
Brad Davidson f7e375979f Fix CI tests 
* General cleanup of test-helpers functions to address CI failures
* Install awscli in test image
* Log containerd output to file even when running with --debug

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit f54b5e4fa0)
 2023-01-18 09:17:39 -08:00
Brad Davidson 01d519394f Preload iptable_filter/ip6table_filter 
ServiceLB now requires this module, but it will not get autoloaded by the kubelet if the host is using nftables.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-13 18:28:28 -08:00
Brad Davidson d5ef9e1a12 Bump k3s-root and remove embedded strongswan support 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 2835368ecb)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-02 00:20:37 -08:00
Brad Davidson fd7db23961 Add rootless IPv6 support 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 6f2b21c5cd)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-02 00:20:37 -08:00
Manuel Buil a3297cc76a Fix log for flannelExternalIP use case 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2022-11-22 16:55:51 +01:00
thomasferrandiz 8eb4bc589b
Merge pull request #6439 from thomasferrandiz/log-kube-router-1.24 
[Release 1.24] log kube-router version when starting netpol controller
 2022-11-04 15:41:57 +01:00
Thomas Ferrandiz 4a7cbdb338 log kube-router version when starting netpol controller 
Signed-off-by: Thomas Ferrandiz <thomas.ferrandiz@suse.com>
 2022-11-04 11:00:48 +01:00
Manuel Buil 26083e884c Add some helping logs to avoid wrong configs 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2022-11-04 09:04:17 +01:00
Petri Kivikangas e07917cb70 Convert containerd config.toml.tmpl Linux template to v2 syntax 
Signed-off-by: Petri Kivikangas <36138+Kitanotori@users.noreply.github.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-11-03 20:54:07 -07:00
Brad Davidson b1dfd884e2 Set default kubeletPort 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-11-03 20:54:07 -07:00
Brad Davidson 4e4b631b2e Check for RBAC before starting tunnel controllers 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-11-03 20:54:07 -07:00
Roberto Bonafiglia c557e421dd Update flannel to 0.20.1 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2022-11-03 19:05:06 +01:00
Brad Davidson 7af5b16788 Add --flannel-external-ip flag 
Using the node external IP address for all CNI traffic is a breaking change from previous versions; we should make it an opt-in for distributed clusters instead of default behavior.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-10-24 10:14:44 -07:00
Derek Nola 519f13e34d
[Release-1.24] Replace deprecated ioutil package (#6235) 
* Replace ioutil package
* check integration test null pointer
* Remove rotate retries

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2022-10-07 19:03:46 -07:00
Brad Davidson 3a829ae860 Handle custom kubelet port in agent tunnel 
The kubelet port can be overridden by users; we shouldn't assume its always 10250

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-10-07 16:57:30 -07:00
Manuel Buil 0be4ef9213 Add flannel-external-ip when there is a k3s node-external-ip 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2022-09-29 10:01:56 +02:00
Roberto Bonafiglia a30971efaa Updated flannel to v0.19.1 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2022-08-08 09:57:56 +02:00
Brad Davidson 4aca21a1f1 Add cri-dockerd support as backend for --docker flag 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-08-05 02:39:25 -07:00
Brad Davidson b1fa63dfb7 Revert "Remove --docker/dockershim support" 
This reverts commit 4a3d283bc1.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-08-05 02:39:25 -07:00
Roberto Bonafiglia d90ba30353 Added NodeIP autodect in case of dualstack connection 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2022-08-04 09:54:45 +02:00
Derek Nola 118a68c913
Updates to CLI flag grouping + deprecated flag warnings. (#5937) 
* Consolidate data dir flag
* Group cluster flags together
* Reorder and group agent flags
* Add additional info around vmodule flag
* Hide deprecated flags, and add warning about their removal

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2022-08-02 13:51:16 -07:00
Brad Davidson db2ba7b61d Don't enable unprivileged ports and icmp on old kernels 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-07-28 14:33:20 -07:00
Brad Davidson bd5fdfce33 Fix server systemd detection 
* Use INVOCATION_ID to detect execution under systemd, since as of a9b5a1933f NOTIFY_SOCKET is now cleared by the server code.
* Set the unit type to notify by default for both server and agent, which is what Rancher-managed installs have done for a while.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-07-21 13:42:20 -07:00
Brad Davidson afee83dda2 Bump remotedialer 
Includes fix for recently identified memory leak.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-07-07 12:22:37 -07:00
Olli Janatuinen 2968a83bc0 containerd: Enable enable_unprivileged_ports and enable_unprivileged_icmp by default 
Signed-off-by: Olli Janatuinen <olli.janatuinen@gmail.com>
 2022-06-15 14:49:51 -07:00