Commit Graph

65 Commits (57fc0c9c87b0e07dde510d55a42925b20bf3b199)

Author SHA1 Message Date
Brad Davidson b1d017f892 Update dynamiclistener
Second round of fixes for #1621

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-08-18 10:38:47 -07:00
Jacob Blain Christen e2089bea18
cli: add --selinux flag to agent/server sub-cmds (#2111)
* cli: add --selinux flag to agent/server sub-cmds

Introduces --selinux flag to affirmatively enable SELinux in containerd.
Deprecates --disable-selinux flag which now defaults to true which
auto-detection of SELinux configuration for containerd is no longer
supported.  Specifying both --selinux and --disable-selinux will result
in an error message encouraging you to pick a side.

* Update pkg/agent/containerd/containerd.go

update log warning message about enabled selinux host but disabled runtime

Co-authored-by: Brad Davidson <brad@oatmail.org>
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-08-11 16:17:32 -07:00
Brian Downs 5a81fdbdc5 update cis flag implementation to propogate the rest of the way through to kubelet
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-07-20 16:31:56 -07:00
Jason e3f8789114
Add containerd snapshotter flag (#1991)
* Add containerd snapshotter flag

Signed-off-by: Jason-ZW <zhenyang@rancher.com>

* Fix CamelCase nit and option description

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Jason-ZW <zhenyang@rancher.com>

Co-authored-by: Brad Davidson <brad@oatmail.org>
2020-07-18 01:16:23 +02:00
Darren Shepherd 6b5b69378f Add embedded etcd support
This is replaces dqlite with etcd.  The each same UX of dqlite is
followed so there is no change to the CLI args for this.
2020-06-06 16:39:41 -07:00
Darren Shepherd 39571424dd Generate etcd certificates 2020-06-06 16:39:41 -07:00
Darren Shepherd a18d387390 Refactor clustered DB framework 2020-06-06 16:39:41 -07:00
Chuck Schweizer ca9c9c2e1e Adding support for TLS MinVersion and CipherSuites
This will watch for the following kube-apiserver-arg variables and apply
them to the k3s kube-apiserver https listener.

  --kube-apiserver-arg=tls-cipher-suites=XXXXXXX
  --kube-apiserver-arg=tls-min-version=XXXXXXX
2020-05-07 09:27:09 -05:00
Darren Shepherd cb4b34763e
Merge pull request #1759 from ibuildthecloud/background
Start kube-apiserver in the background
2020-05-06 21:50:48 -07:00
Darren Shepherd 072396f774 Start kube-apiserver in the background
In rke2 everything is a static pod so this causes a chicken and egg situation
in which we need the kubelet running before the kube-apiserver can be
launched.  By starting the apiserver in the background this allows us to
do this odd bootstrapping.
2020-05-06 21:17:23 -07:00
Darren Shepherd 2f5ee914f9 Add supervisor port
In k3s today the kubernetes API and the /v1-k3s API are combined into
one http server.  In rke2 we are running unmodified, non-embedded Kubernetes
and as such it is preferred to run k8s and the /v1-k3s API on different
ports.  The /v1-k3s API port is called the SupervisorPort in the code.

To support this separation of ports a new shim was added on the client in
then pkg/agent/proxy package that will launch two load balancers instead
of just one load balancer.  One load balancer for 6443 and the other
for 9345 (which is the supervisor port).
2020-05-05 15:54:51 -07:00
Darren Shepherd 70ddc799bd
Merge pull request #1691 from ibuildthecloud/staticpod
Suppport static pods at ${datadir}/agent/staticpods
2020-05-05 14:35:45 -07:00
Darren Shepherd 8c7fbe3dde Suppport static pods at ${datadir}/agent/pod-manifests 2020-05-05 12:43:47 -07:00
Erik Wilson c941e1d0bb
Merge pull request #1695 from ibuildthecloud/kubeproxy
Add ability to disable kubeproxy
2020-05-04 20:26:22 -07:00
Darren Shepherd 3c8e0b4157 No longer use basic auth for default admin account 2020-04-28 16:01:33 -07:00
Darren Shepherd 5715e1ba0d Add ability to disable kubeproxy 2020-04-27 11:24:00 -07:00
Erik Wilson a3cb9ee1f6 Simplify SELinux detection and add --disable-selinux flag 2020-02-28 10:10:55 -07:00
Erik Wilson 0374c4f63d Add --disable flag 2020-01-30 16:45:01 -07:00
Erik Wilson 1a2690d7be
Merge pull request #1192 from galal-hussein/add_encryption_config
Add secret encryption config
2020-01-27 13:59:09 -07:00
Erik Wilson 7675f9f85c Clean up host-gw variable names 2020-01-08 17:43:07 -07:00
Segator 6736e24673 support hostgw 2020-01-08 17:43:07 -07:00
galal-hussein 388cd9c4e8 Add secret encryption configuration 2019-12-23 13:16:27 +02:00
galal-hussein 99b8222e8d Change storage to datastore 2019-11-15 21:52:07 -07:00
Erik Wilson 55c05ac500 Refactor node password location 2019-11-12 15:30:34 -07:00
Darren Shepherd 0ae20eb7a3 Support both http and db based bootstrap 2019-11-12 01:12:24 +00:00
Darren Shepherd ba240d0611 Refactor tokens, bootstrap, and cli args 2019-10-30 19:06:49 -07:00
Akihiro Suda aafccdbccb rootless: add kubelet flags automatically
Fix https://github.com/rancher/k3s/issues/784

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2019-10-25 17:10:14 +09:00
Erik Wilson da3a7c6bbc Add network policy controller 2019-10-18 16:11:42 -07:00
galal-hussein d2c1f66496 Add k3s cloud provider 2019-10-16 21:13:15 +02:00
galal-hussein 5ccc880ddb Add private registry to containerd 2019-10-08 01:54:53 +02:00
galal-hussein 56e0e5ad7e Add default local storage provisioner 2019-09-30 18:17:33 +02:00
Erik Wilson 999e40d6d3 Add strongswan utilities for ipsec 2019-09-27 18:26:39 -07:00
Erik Wilson 959acf9c92 Add --flannel-backend flag 2019-09-27 18:26:39 -07:00
Erik Wilson 3cd807a657 Add --flannel-conf flag 2019-09-27 18:26:39 -07:00
Darren Shepherd 2cb6f52339 Disable storing bootstrap information by default 2019-08-24 22:27:24 -07:00
galal-hussein 1ae0c540d7 Refactor bootstrap, move kine startup code to kine, integrate kine 2019-08-22 09:14:43 -07:00
YAMAMOTO Takashi 35d972fd72 Sort args to make log outputs a bit more deterministic 2019-07-24 13:16:41 +09:00
YAMAMOTO Takashi dc4ebd4c67 Remove agent proxy config which is no longer used 2019-07-17 18:05:16 +09:00
Erik Wilson 24b73403c7 Cleanup bootstrap 2019-06-30 12:39:54 -07:00
galal-hussein 37582b6fac Add cert storage backend flag 2019-06-28 20:47:21 +02:00
Erik Wilson 7090a7d551 Move node password to separate file 2019-06-25 15:04:04 -07:00
Erik Wilson 2c9444399b Refactor certs 2019-06-25 15:04:04 -07:00
galal-hussein 17d8708ca5 Add storage backend flags 2019-06-12 00:48:47 +02:00
Erik Wilson 199f673676
Merge pull request #479 from galal-hussein/add_storage_backend_options
Add MySQL and Postgress support
2019-05-28 16:57:38 -07:00
galal-hussein e9cd8adbf6 Add Storage endpoint option 2019-05-16 01:05:24 +02:00
galal-hussein 930093dfe9 Expose node labels and taints and add node roles 2019-05-08 01:47:07 +02:00
haokang.ke 52f845ec84 Make pause image configurable (#345) 2019-05-03 10:36:12 -07:00
galal-hussein 191ac9371a Add cni plugin to kubelet if docker is used 2019-04-30 22:12:02 +02:00
Darren Shepherd 9db91d7de3
Merge pull request #369 from erikwilson/node-dns
Node DNS & cert registration
2019-04-26 16:00:31 -07:00
Darren Shepherd 50f405ddfd
Merge pull request #376 from galal-hussein/fix_kubeletarg
Fix extra argument with multiple =
2019-04-26 15:57:16 -07:00