Commit Graph

1742 Commits (64577a070d70654125bd2af0069e49eaa10f284f)

Author SHA1 Message Date
Brad Davidson c5aad1b5ed Disable the ServiceAccountIssuerDiscovery feature-gate.
We're not setting ``--service-account-issuer` to a https URL, which causes an
error message at startup when the feature gate is enabled. From the
docs on that flag:

> If this option is not a valid URI per the OpenID Discovery 1.0 spec, the
> ServiceAccountIssuerDiscovery feature will remain disabled, even if the
> feature gate is set to true. It is highly recommended that this value
> comply with the OpenID spec:
> https://openid.net/specs/openid-connect-discovery-1_0.html. In practice,
> this means that service-account-issuer must be an https URL. It is also
> highly recommended that this URL be capable of serving OpenID discovery
> documents at {service-account-issuer}/.well-known/openid-configuration.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-12-08 22:51:34 -08:00
Brad Davidson 63f2211b31 deprecate the "node-role.kubernetes.io/master" label / taint
Related to https://github.com/kubernetes/kubernetes/pull/95382

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-12-08 22:51:34 -08:00
Brad Davidson c6950d2cb0 Update Kubernetes to v1.20.0-k3s1
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-12-08 22:51:34 -08:00
Brad Davidson cd27c6fcbe Bump coredns to 1.7.1
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-12-08 15:58:17 -08:00
Erik Wilson 0ae7f2d5ae
Merge pull request #2407 from erikwilson/node-passwd-cleanup
Use secrets for node-passwd entries
2020-12-08 16:25:13 -07:00
Hussein Galal 989c936993
update etcd to fix the panic for etcd tombstone issue (#2658)
* update etcd

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* go mod tidy

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2020-12-09 01:06:37 +02:00
Chris Kim cd5591cc85
Merge pull request #2654 from Oats87/issues/k3s/2548-mst-suppl
Add check for `/init.scope` for cgroup
2020-12-08 13:35:28 -08:00
Brian Downs 821fa6d93f
bump Go to version 1.15.5 (#2638)
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-12-08 11:50:31 -07:00
Chris Kim 3d1e40eaa3 Handle the case when systemd lives under `/init.scope`
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-12-08 10:26:54 -08:00
Chris Kim e71e11fed0
Merge pull request #2642 from Oats87/issues/k3s/2548-cgroup
Set a cgroup if containerized
2020-12-08 10:05:21 -08:00
Erik Wilson cccba681a9
Test script cleanup backport from RKE2 (#2650)
* Test script cleanup backport from RKE2

Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>

* Update scripts/test

Co-authored-by: Brian Downs <brian.downs@gmail.com>

Co-authored-by: Brian Downs <brian.downs@gmail.com>
2020-12-08 10:43:31 -07:00
Chris Kim f3de60ff31 When there is a defined cgroup for PID 1, assume we are containerized and set a root
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-12-07 13:15:15 -08:00
Hussein Galal fadc5a8057
Add tombstone file to etcd and catch errc etcd channel (#2592)
* Add tombstone file to embedded etcd

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* go mod update

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more changes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* gofmt and goimports

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* go mod update

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* go lint

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* go lint

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* go mod tidy

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2020-12-07 22:30:44 +02:00
Jacob Blain Christen 10b43c8fe5
channels: tweak testing channel config(s) (#2643)
Limit the `testing` channel(s) to alpha, beta, and rc pre-releases.

Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-12-07 12:37:28 -07:00
Erik Wilson f6153201ba Add diagnostics collection scripts
Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>
2020-12-07 11:08:47 -07:00
Jacob Blain Christen 47019226bb
containerd: v1.4.3-k3s1 (#2631)
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-12-07 10:02:56 -07:00
Brad Davidson 15d03c5930 Fix alternate bindir logic for #2551
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-12-04 21:56:22 -08:00
Brian Downs a7bf00bb9d
Update uninstall script to remove mount point path after umount (#2542)
* update uninstall script to remove mount point path after umount
2020-12-04 20:17:10 -07:00
Vincent Batts eb3e4c154c
install.sh: support install on Flatcar with no args (#2551)
* install.sh: test if BIN_DIR is readonly, else use /opt

On flatcar /usr is a readonly partition, while /opt is allowed for
writing.

Signed-off-by: Vincent Batts <vbatts@kinvolk.io>

* install.sh: only warn on Flatcar about selinux

This check is a bit more explicit, but only warn about finding the rpm
installed policy when on Flatcar Container Linux

Signed-off-by: Vincent Batts <vbatts@kinvolk.io>

* Update install.sh

Co-authored-by: Brad Davidson <brad@oatmail.org>
Signed-off-by: Vincent Batts <vbatts@kinvolk.io>

Co-authored-by: Brad Davidson <brad@oatmail.org>
2020-12-04 18:19:01 -08:00
Jacob Blain Christen e43a9096b8
[migration k3s-io] drone: initial move to k3s-io (#2609)
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-12-04 14:07:04 -07:00
Chin-Ya Huang 3f0f2b342e Show go version when executes with --version.
Signed-off-by: Chin-Ya Huang <chin-ya.huang@suse.com>
2020-12-04 12:51:15 -08:00
transhapHigsn 87a43c69e1 Problem: CoreDNS getting preempted by other pods
Solution: Set priorityClassName to system-node-critical of traefik, metrics-server, local storage and coredns deployment
Signed-off-by: transhapHigsn <fet.prashantsingh@gmail.com>
2020-12-04 12:50:12 -08:00
Akihiro Suda 27e64c72a1 rancher/k3s-root -> k3s-io/k3s-root
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-12-01 11:00:00 -08:00
Akihiro Suda 679e4df1b0 Bump k3s-root to v0.7.1
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-12-01 11:00:00 -08:00
Akihiro Suda eb72d509ce pkg/agent/config: validate containerd snapshotter value
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-12-01 11:00:00 -08:00
Akihiro Suda 05f6255437 add fuse-overlayfs snapshotter (mainly for rootless mode)
Ubuntu and Debian kernels support mounting real overlayfs inside userns,
but the vanilla kernel still does not allow it.

OTOH fuse-overlayfs can be mounted inside userns with the vanilla kernel (>= 4.18).

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-12-01 11:00:00 -08:00
Akihiro Suda 43f7eaedf8 rootless: fix "stat /run/user/1000: no such file or directory" on `kubectl run`
k3s was mounting a tmpfs on `/run` by itself, so it was hiding RootlessKit's `/run`.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-12-01 10:31:21 -08:00
Akihiro Suda 67410d2757 rootless: validate sysctl before starting up
Fix #2420

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-12-01 09:21:39 -08:00
Jacob Blain Christen 3647654fe4
[migration k3s-io] update helm-controller dependency (#2569)
rancher/helm-controller ➡️ k3s-io/helm-controller

Part of https://github.com/rancher/k3s/issues/2189

Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-12-01 08:59:10 -07:00
Jacob Blain Christen b4a51f2b9a
[migration k3s-io] update flannel and go-powershell replace directives (#2576)
rancher/flannel ➡️ k3s-io/flannel
rancher/go-powershell ➡️ k3s-io/go-powershell

Part of https://github.com/rancher/k3s/issues/2189

Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-12-01 08:12:18 -07:00
Jacob Blain Christen 898fd0848f
[migration k3s-io] update etcd replace directive (#2578)
rancher/etcd ➡️ k3s-io/etcd

Part of https://github.com/rancher/k3s/issues/2189

Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-12-01 08:08:58 -07:00
Akihiro Suda 0b45e32486 Support cgroup v2
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-11-30 22:57:37 -08:00
Jacob Blain Christen 36230daa86
[migration k3s-io] update kine dependency (#2568)
rancher/kine ➡️ k3s-io/kine

Part of https://github.com/rancher/k3s/issues/2189

Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-11-30 16:45:22 -07:00
David Nuzik ff5a6fe3dd
Merge pull request #2605 from davidnuzik/add-davidnuzik-to-maintainers
Add davidnuzik (David Nuzik) to the list of maintainers
2020-11-30 11:52:25 -07:00
David Nuzik 0ac7497f1e Add davidnuzik (David Nuzik) to the list of maintainers
Signed-off-by: David Nuzik <david.nuzik@rancher.com>
2020-11-30 11:45:38 -07:00
David Nuzik 0b394ecd39
Merge pull request #2604 from Oats87/add-oats87-to-maintainers
Add Oats87 (Chris Kim) to the list of maintainers for K3s
2020-11-30 11:39:28 -07:00
Chris Kim 5136abbd80 Add Oats87 (Chris Kim) to the list of maintainers for K3s
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-11-30 10:23:28 -08:00
David Nuzik 3d8a8b5d60
Merge pull request #2575 from MonzElmasry/update_stable
Mark v1.19.4+k3s1 as stable
2020-11-30 11:08:58 -07:00
Jacob Blain Christen cc32e2f9a0
[migration k3s-io] update containerd, cri, and cri-tools replace directives (#2591)
- rancher/cri ➡️ k3s-io/cri
- rancher/cri-tools ➡️ k3s-io/cri-tools
- rancher/containerd ➡️ k3s-io/containerd

Part of https://github.com/rancher/k3s/issues/2189

Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-11-30 10:40:54 -07:00
Jacob Blain Christen f88d93db37
[migration k3s-io] go.mod replace kubernetes/kubernetes (#2567)
This change set replaces these go.mod replacement directives with references to k3s-io repositories.

- rancher/kubernetes
- rancher/nocode

Part of https://github.com/rancher/k3s/issues/2189

Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-11-30 09:39:38 -07:00
MonzElmasry 0399d17ebb
update stable release to v1.19.4+k3s1
Signed-off-by: MonzElmasry <menna.elmasry@rancher.com>
2020-11-23 20:52:20 +02:00
Brad Davidson 5896fb06c2 Update Kubernetes to v1.19.4-k3s1
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-18 15:25:39 -08:00
Brad Davidson 10474638d7 Clean up architecture handling
* Remove unused release.sh and DAPPER_HOST_ARCH
* Reliably use ARCH from version.sh
* Export GOARCH and GOARM so that they are used by `go build`

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-18 15:25:39 -08:00
Chris Kim cb5b9edf32
Merge pull request #2536 from Oats87/issues/k3s/2517-2518
Enhance install.sh to help with k3s upgrade and uninstall scenarios
2020-11-18 09:23:52 -08:00
Chris Kim 25d2ce435b
Update install.sh
Change from file check to yum check for uninstall script

Co-authored-by: Jacob Blain Christen <dweomer5@gmail.com>
2020-11-17 09:08:38 -08:00
Chris Kim 66d87698fd Enhance install.sh to help with k3s upgrade and uninstall scenarios for k3s-selinux
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-11-16 13:57:07 -08:00
David Nuzik 316ff1f324 Update stable channel to v1.19.3+k3s3
* v1.19.3+k3s3 contains a critical fix for kine. Refer to the release notes for details.

Signed-off-by: David Nuzik <david.nuzik@rancher.com>
2020-11-13 00:41:00 -07:00
Brad Davidson ea312a303e Update kine to v0.5.1 for compact fix
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-12 19:46:22 -08:00
Jacob Blain Christen 2c666af483
cri: pull in updated /dev/shm fix (#2506)
Do not relabel container /dev/shm when it is host /dev/shm.

Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-11-11 17:08:59 -07:00
Brad Davidson b873d3a03b Explicitly set agent paths within --data-dir
Removing the cfg.DataDir mutation in 3e4fd7b did not break anything, but
did change some paths in unwanted ways. Rather than mutating the
user-supplied command-line flags, explicitly specify the agent
subdirectory as needed.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-11 09:26:41 -08:00