Brad Davidson
b1d017f892
Update dynamiclistener
...
Second round of fixes for #1621
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-08-18 10:38:47 -07:00
Jacob Blain Christen
e2089bea18
cli: add --selinux flag to agent/server sub-cmds ( #2111 )
...
* cli: add --selinux flag to agent/server sub-cmds
Introduces --selinux flag to affirmatively enable SELinux in containerd.
Deprecates --disable-selinux flag which now defaults to true which
auto-detection of SELinux configuration for containerd is no longer
supported. Specifying both --selinux and --disable-selinux will result
in an error message encouraging you to pick a side.
* Update pkg/agent/containerd/containerd.go
update log warning message about enabled selinux host but disabled runtime
Co-authored-by: Brad Davidson <brad@oatmail.org>
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-08-11 16:17:32 -07:00
Brian Downs
5a81fdbdc5
update cis flag implementation to propogate the rest of the way through to kubelet
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-07-20 16:31:56 -07:00
Jason
e3f8789114
Add containerd snapshotter flag ( #1991 )
...
* Add containerd snapshotter flag
Signed-off-by: Jason-ZW <zhenyang@rancher.com>
* Fix CamelCase nit and option description
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Jason-ZW <zhenyang@rancher.com>
Co-authored-by: Brad Davidson <brad@oatmail.org>
2020-07-18 01:16:23 +02:00
Darren Shepherd
6b5b69378f
Add embedded etcd support
...
This is replaces dqlite with etcd. The each same UX of dqlite is
followed so there is no change to the CLI args for this.
2020-06-06 16:39:41 -07:00
Darren Shepherd
39571424dd
Generate etcd certificates
2020-06-06 16:39:41 -07:00
Darren Shepherd
a18d387390
Refactor clustered DB framework
2020-06-06 16:39:41 -07:00
Chuck Schweizer
ca9c9c2e1e
Adding support for TLS MinVersion and CipherSuites
...
This will watch for the following kube-apiserver-arg variables and apply
them to the k3s kube-apiserver https listener.
--kube-apiserver-arg=tls-cipher-suites=XXXXXXX
--kube-apiserver-arg=tls-min-version=XXXXXXX
2020-05-07 09:27:09 -05:00
Darren Shepherd
cb4b34763e
Merge pull request #1759 from ibuildthecloud/background
...
Start kube-apiserver in the background
2020-05-06 21:50:48 -07:00
Darren Shepherd
072396f774
Start kube-apiserver in the background
...
In rke2 everything is a static pod so this causes a chicken and egg situation
in which we need the kubelet running before the kube-apiserver can be
launched. By starting the apiserver in the background this allows us to
do this odd bootstrapping.
2020-05-06 21:17:23 -07:00
Darren Shepherd
2f5ee914f9
Add supervisor port
...
In k3s today the kubernetes API and the /v1-k3s API are combined into
one http server. In rke2 we are running unmodified, non-embedded Kubernetes
and as such it is preferred to run k8s and the /v1-k3s API on different
ports. The /v1-k3s API port is called the SupervisorPort in the code.
To support this separation of ports a new shim was added on the client in
then pkg/agent/proxy package that will launch two load balancers instead
of just one load balancer. One load balancer for 6443 and the other
for 9345 (which is the supervisor port).
2020-05-05 15:54:51 -07:00
Darren Shepherd
70ddc799bd
Merge pull request #1691 from ibuildthecloud/staticpod
...
Suppport static pods at ${datadir}/agent/staticpods
2020-05-05 14:35:45 -07:00
Darren Shepherd
8c7fbe3dde
Suppport static pods at ${datadir}/agent/pod-manifests
2020-05-05 12:43:47 -07:00
Erik Wilson
c941e1d0bb
Merge pull request #1695 from ibuildthecloud/kubeproxy
...
Add ability to disable kubeproxy
2020-05-04 20:26:22 -07:00
Darren Shepherd
3c8e0b4157
No longer use basic auth for default admin account
2020-04-28 16:01:33 -07:00
Darren Shepherd
5715e1ba0d
Add ability to disable kubeproxy
2020-04-27 11:24:00 -07:00
Erik Wilson
a3cb9ee1f6
Simplify SELinux detection and add --disable-selinux flag
2020-02-28 10:10:55 -07:00
Erik Wilson
0374c4f63d
Add --disable flag
2020-01-30 16:45:01 -07:00
Erik Wilson
1a2690d7be
Merge pull request #1192 from galal-hussein/add_encryption_config
...
Add secret encryption config
2020-01-27 13:59:09 -07:00
Erik Wilson
7675f9f85c
Clean up host-gw variable names
2020-01-08 17:43:07 -07:00
Segator
6736e24673
support hostgw
2020-01-08 17:43:07 -07:00
galal-hussein
388cd9c4e8
Add secret encryption configuration
2019-12-23 13:16:27 +02:00
galal-hussein
99b8222e8d
Change storage to datastore
2019-11-15 21:52:07 -07:00
Erik Wilson
55c05ac500
Refactor node password location
2019-11-12 15:30:34 -07:00
Darren Shepherd
0ae20eb7a3
Support both http and db based bootstrap
2019-11-12 01:12:24 +00:00
Darren Shepherd
ba240d0611
Refactor tokens, bootstrap, and cli args
2019-10-30 19:06:49 -07:00
Akihiro Suda
aafccdbccb
rootless: add kubelet flags automatically
...
Fix https://github.com/rancher/k3s/issues/784
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2019-10-25 17:10:14 +09:00
Erik Wilson
da3a7c6bbc
Add network policy controller
2019-10-18 16:11:42 -07:00
galal-hussein
d2c1f66496
Add k3s cloud provider
2019-10-16 21:13:15 +02:00
galal-hussein
5ccc880ddb
Add private registry to containerd
2019-10-08 01:54:53 +02:00
galal-hussein
56e0e5ad7e
Add default local storage provisioner
2019-09-30 18:17:33 +02:00
Erik Wilson
999e40d6d3
Add strongswan utilities for ipsec
2019-09-27 18:26:39 -07:00
Erik Wilson
959acf9c92
Add --flannel-backend flag
2019-09-27 18:26:39 -07:00
Erik Wilson
3cd807a657
Add --flannel-conf flag
2019-09-27 18:26:39 -07:00
Darren Shepherd
2cb6f52339
Disable storing bootstrap information by default
2019-08-24 22:27:24 -07:00
galal-hussein
1ae0c540d7
Refactor bootstrap, move kine startup code to kine, integrate kine
2019-08-22 09:14:43 -07:00
YAMAMOTO Takashi
35d972fd72
Sort args to make log outputs a bit more deterministic
2019-07-24 13:16:41 +09:00
YAMAMOTO Takashi
dc4ebd4c67
Remove agent proxy config which is no longer used
2019-07-17 18:05:16 +09:00
Erik Wilson
24b73403c7
Cleanup bootstrap
2019-06-30 12:39:54 -07:00
galal-hussein
37582b6fac
Add cert storage backend flag
2019-06-28 20:47:21 +02:00
Erik Wilson
7090a7d551
Move node password to separate file
2019-06-25 15:04:04 -07:00
Erik Wilson
2c9444399b
Refactor certs
2019-06-25 15:04:04 -07:00
galal-hussein
17d8708ca5
Add storage backend flags
2019-06-12 00:48:47 +02:00
Erik Wilson
199f673676
Merge pull request #479 from galal-hussein/add_storage_backend_options
...
Add MySQL and Postgress support
2019-05-28 16:57:38 -07:00
galal-hussein
e9cd8adbf6
Add Storage endpoint option
2019-05-16 01:05:24 +02:00
galal-hussein
930093dfe9
Expose node labels and taints and add node roles
2019-05-08 01:47:07 +02:00
haokang.ke
52f845ec84
Make pause image configurable ( #345 )
2019-05-03 10:36:12 -07:00
galal-hussein
191ac9371a
Add cni plugin to kubelet if docker is used
2019-04-30 22:12:02 +02:00
Darren Shepherd
9db91d7de3
Merge pull request #369 from erikwilson/node-dns
...
Node DNS & cert registration
2019-04-26 16:00:31 -07:00
Darren Shepherd
50f405ddfd
Merge pull request #376 from galal-hussein/fix_kubeletarg
...
Fix extra argument with multiple =
2019-04-26 15:57:16 -07:00