82 Commits (551a1842ada1d5e1d3502e139f86847a13431112)

Author	SHA1	Message	Date
Erik Wilson	c5dc09159f	Move basic authentication to k3s	4 years ago
Brad Davidson	b1d017f892	Update dynamiclistener ... Second round of fixes for #1621 Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	4 years ago
Euan Kemp	4808c4e7d5	Listen insecurely on localhost only ... Before this change, k3s configured the scheduler and controller's insecure ports to listen on 0.0.0.0. Those ports include pprof, which provides a DoS vector at the very least. These ports are only enabled for componentstatus checks in the first place, and componentstatus is hardcoded to only do the check on localhost anyway (see https://github.com/kubernetes/kubernetes/blob/v1.18.2/pkg/registry/core/rest/storage_core.go#L341-L344), so there shouldn't be any downside to switching them to listen only on localhost.	4 years ago
Brian Downs	ebac755da1	add profiling flag with default value of false ... Signed-off-by: Brian Downs <brian.downs@gmail.com>	4 years ago
Brandon Davidson	538842ffdc	Merge pull request #1768 from brandond/fix_1764 ... Configure default signer implementation to use ClientCA instead of ServerCA	4 years ago
Brian Downs	7f4f237575	added profile = false args to api, controllerManager, and scheduler (#1891)	5 years ago
Darren Shepherd	6b5b69378f	Add embedded etcd support ... This is replaces dqlite with etcd. The each same UX of dqlite is followed so there is no change to the CLI args for this.	5 years ago
Darren Shepherd	39571424dd	Generate etcd certificates	5 years ago
Darren Shepherd	a18d387390	Refactor clustered DB framework	5 years ago
Darren Shepherd	7e59c0801e	Make program name a variable to be changed at compile time	5 years ago
Darren Shepherd	cb4b34763e	Merge pull request #1759 from ibuildthecloud/background ... Start kube-apiserver in the background	5 years ago
Darren Shepherd	e5fe184a44	Merge pull request #1757 from ibuildthecloud/separate-port ... Add supervisor port	5 years ago
Darren Shepherd	072396f774	Start kube-apiserver in the background ... In rke2 everything is a static pod so this causes a chicken and egg situation in which we need the kubelet running before the kube-apiserver can be launched. By starting the apiserver in the background this allows us to do this odd bootstrapping.	5 years ago
Brad Davidson	71561ecda2	Use ClientCA for the signer controller	5 years ago
Darren Shepherd	2f5ee914f9	Add supervisor port ... In k3s today the kubernetes API and the /v1-k3s API are combined into one http server. In rke2 we are running unmodified, non-embedded Kubernetes and as such it is preferred to run k8s and the /v1-k3s API on different ports. The /v1-k3s API port is called the SupervisorPort in the code. To support this separation of ports a new shim was added on the client in then pkg/agent/proxy package that will launch two load balancers instead of just one load balancer. One load balancer for 6443 and the other for 9345 (which is the supervisor port).	5 years ago
Darren Shepherd	afd6f6d7e7	Encapsulate execution logic ... This moves all the calls to cobra root commands to one package so that we can change the behavior of running components as embedded or external.	5 years ago
Darren Shepherd	3c8e0b4157	No longer use basic auth for default admin account	5 years ago
Knic Knic	44b8af097c	fix usage of path instead of filepath	5 years ago
Erik Wilson	3592d0bdd9	Merge pull request #1344 from ibuildthecloud/dialer-fallback ... If tunnel session does not exist fallback to default dialer	5 years ago
Erik Wilson	1a2690d7be	Merge pull request #1192 from galal-hussein/add_encryption_config ... Add secret encryption config	5 years ago
Darren Shepherd	3396a7b099	If tunnel session does not exist fallback to default dialer	5 years ago
galal-hussein	388cd9c4e8	Add secret encryption configuration	5 years ago
Darren Shepherd	4acaa0740d	Small dqlite fixes	5 years ago
Erik Wilson	76281bf731	Update k3s for k8s 1.17.0	5 years ago
galal-hussein	99b8222e8d	Change storage to datastore	5 years ago
Darren Shepherd	77703b90ff	Don't ever change 10252/10251 ports ... Kubernetes componentstatus check is hardcoded to 10252 and 10251 so we should never change these ports. If you do componentstatus will return error.	5 years ago
Darren Shepherd	0ae20eb7a3	Support both http and db based bootstrap	5 years ago
Darren Shepherd	29b270dce6	Wait for apiserver to be health, not just running	5 years ago
Darren Shepherd	91cacb3a14	Fix server join issues	5 years ago
Erik Wilson	01f6e0e64e	Add context to server daemon functions that wait	5 years ago
larmog	7aa3d08385	Wait for api-server to report version after starting	5 years ago
Darren Shepherd	ba240d0611	Refactor tokens, bootstrap, and cli args	5 years ago
galal-hussein	d2c1f66496	Add k3s cloud provider	5 years ago
galal-hussein	436ff4ef63	fix cert rotation function	5 years ago
galal-hussein	2dc5ba5bae	Add certificate rotation	5 years ago
Erik Wilson	959acf9c92	Add --flannel-backend flag	5 years ago
Darren Shepherd	36ca606073	Merge pull request #793 from yamt/noderestriction ... Add back NodeRestriction	5 years ago
YAMAMOTO Takashi	9cf80eacd9	Add back NodeRestriction ... It has been removed as a part of #764 for no obvious reasons. Fix #791	5 years ago
Erik Wilson	197985c673	Add --kubelet-certificate-authority flag	5 years ago
Darren Shepherd	f57dd13774	Default kube-apiserver to httpsport + 1	5 years ago
Darren Shepherd	9c8b95be9d	Drop unneeded prometheus imports	5 years ago
Darren Shepherd	a51a2eaaad	Add anonymous-auth=false and remove NodeRestriction	5 years ago
Erik Wilson	5679cfafaf	Merge pull request #707 from ibuildthecloud/pr683 ... Integrate Kine	5 years ago
Darren Shepherd	2cb6f52339	Disable storing bootstrap information by default	5 years ago
Erik Wilson	e6067314c9	Localhost -> 127.0.0.1	5 years ago
galal-hussein	1ae0c540d7	Refactor bootstrap, move kine startup code to kine, integrate kine	5 years ago
YAMAMOTO Takashi	d78701acb1	Fix bootstrap with non-tls etcd	5 years ago
Erik Wilson	1833b65fcd	Merge pull request #647 from yamt/remove-proxy-port ... Remove agent proxy config which is no longer used	5 years ago
Erik Wilson	2d32337334	Merge pull request #650 from erikwilson/update-bootstrap ... Bootstrap node key files & fix permissions	5 years ago
Erik Wilson	2f4d2838ea	Bootstrap node key files & fix permissions	5 years ago