Brad Davidson
c5aad1b5ed
Disable the ServiceAccountIssuerDiscovery feature-gate.
...
We're not setting ``--service-account-issuer` to a https URL, which causes an
error message at startup when the feature gate is enabled. From the
docs on that flag:
> If this option is not a valid URI per the OpenID Discovery 1.0 spec, the
> ServiceAccountIssuerDiscovery feature will remain disabled, even if the
> feature gate is set to true. It is highly recommended that this value
> comply with the OpenID spec:
> https://openid.net/specs/openid-connect-discovery-1_0.html . In practice,
> this means that service-account-issuer must be an https URL. It is also
> highly recommended that this URL be capable of serving OpenID discovery
> documents at {service-account-issuer}/.well-known/openid-configuration.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-12-08 22:51:34 -08:00
Brad Davidson
63f2211b31
deprecate the "node-role.kubernetes.io/master" label / taint
...
Related to https://github.com/kubernetes/kubernetes/pull/95382
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-12-08 22:51:34 -08:00
Brad Davidson
c6950d2cb0
Update Kubernetes to v1.20.0-k3s1
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-12-08 22:51:34 -08:00
Brad Davidson
cd27c6fcbe
Bump coredns to 1.7.1
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-12-08 15:58:17 -08:00
Erik Wilson
0ae7f2d5ae
Merge pull request #2407 from erikwilson/node-passwd-cleanup
...
Use secrets for node-passwd entries
2020-12-08 16:25:13 -07:00
Hussein Galal
989c936993
update etcd to fix the panic for etcd tombstone issue ( #2658 )
...
* update etcd
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* go mod tidy
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2020-12-09 01:06:37 +02:00
Chris Kim
cd5591cc85
Merge pull request #2654 from Oats87/issues/k3s/2548-mst-suppl
...
Add check for `/init.scope` for cgroup
2020-12-08 13:35:28 -08:00
Brian Downs
821fa6d93f
bump Go to version 1.15.5 ( #2638 )
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-12-08 11:50:31 -07:00
Chris Kim
3d1e40eaa3
Handle the case when systemd lives under `/init.scope`
...
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-12-08 10:26:54 -08:00
Chris Kim
e71e11fed0
Merge pull request #2642 from Oats87/issues/k3s/2548-cgroup
...
Set a cgroup if containerized
2020-12-08 10:05:21 -08:00
Erik Wilson
cccba681a9
Test script cleanup backport from RKE2 ( #2650 )
...
* Test script cleanup backport from RKE2
Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>
* Update scripts/test
Co-authored-by: Brian Downs <brian.downs@gmail.com>
Co-authored-by: Brian Downs <brian.downs@gmail.com>
2020-12-08 10:43:31 -07:00
Chris Kim
f3de60ff31
When there is a defined cgroup for PID 1, assume we are containerized and set a root
...
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-12-07 13:15:15 -08:00
Hussein Galal
fadc5a8057
Add tombstone file to etcd and catch errc etcd channel ( #2592 )
...
* Add tombstone file to embedded etcd
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* go mod update
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* more fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* more changes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* gofmt and goimports
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* go mod update
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* go lint
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* go lint
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* go mod tidy
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2020-12-07 22:30:44 +02:00
Jacob Blain Christen
10b43c8fe5
channels: tweak testing channel config(s) ( #2643 )
...
Limit the `testing` channel(s) to alpha, beta, and rc pre-releases.
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-12-07 12:37:28 -07:00
Erik Wilson
f6153201ba
Add diagnostics collection scripts
...
Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>
2020-12-07 11:08:47 -07:00
Jacob Blain Christen
47019226bb
containerd: v1.4.3-k3s1 ( #2631 )
...
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-12-07 10:02:56 -07:00
Brad Davidson
15d03c5930
Fix alternate bindir logic for #2551
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-12-04 21:56:22 -08:00
Brian Downs
a7bf00bb9d
Update uninstall script to remove mount point path after umount ( #2542 )
...
* update uninstall script to remove mount point path after umount
2020-12-04 20:17:10 -07:00
Vincent Batts
eb3e4c154c
install.sh: support install on Flatcar with no args ( #2551 )
...
* install.sh: test if BIN_DIR is readonly, else use /opt
On flatcar /usr is a readonly partition, while /opt is allowed for
writing.
Signed-off-by: Vincent Batts <vbatts@kinvolk.io>
* install.sh: only warn on Flatcar about selinux
This check is a bit more explicit, but only warn about finding the rpm
installed policy when on Flatcar Container Linux
Signed-off-by: Vincent Batts <vbatts@kinvolk.io>
* Update install.sh
Co-authored-by: Brad Davidson <brad@oatmail.org>
Signed-off-by: Vincent Batts <vbatts@kinvolk.io>
Co-authored-by: Brad Davidson <brad@oatmail.org>
2020-12-04 18:19:01 -08:00
Jacob Blain Christen
e43a9096b8
[migration k3s-io] drone: initial move to k3s-io ( #2609 )
...
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-12-04 14:07:04 -07:00
Chin-Ya Huang
3f0f2b342e
Show go version when executes with --version.
...
Signed-off-by: Chin-Ya Huang <chin-ya.huang@suse.com>
2020-12-04 12:51:15 -08:00
transhapHigsn
87a43c69e1
Problem: CoreDNS getting preempted by other pods
...
Solution: Set priorityClassName to system-node-critical of traefik, metrics-server, local storage and coredns deployment
Signed-off-by: transhapHigsn <fet.prashantsingh@gmail.com>
2020-12-04 12:50:12 -08:00
Akihiro Suda
27e64c72a1
rancher/k3s-root -> k3s-io/k3s-root
...
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-12-01 11:00:00 -08:00
Akihiro Suda
679e4df1b0
Bump k3s-root to v0.7.1
...
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-12-01 11:00:00 -08:00
Akihiro Suda
eb72d509ce
pkg/agent/config: validate containerd snapshotter value
...
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-12-01 11:00:00 -08:00
Akihiro Suda
05f6255437
add fuse-overlayfs snapshotter (mainly for rootless mode)
...
Ubuntu and Debian kernels support mounting real overlayfs inside userns,
but the vanilla kernel still does not allow it.
OTOH fuse-overlayfs can be mounted inside userns with the vanilla kernel (>= 4.18).
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-12-01 11:00:00 -08:00
Akihiro Suda
43f7eaedf8
rootless: fix "stat /run/user/1000: no such file or directory" on `kubectl run`
...
k3s was mounting a tmpfs on `/run` by itself, so it was hiding RootlessKit's `/run`.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-12-01 10:31:21 -08:00
Akihiro Suda
67410d2757
rootless: validate sysctl before starting up
...
Fix #2420
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-12-01 09:21:39 -08:00
Jacob Blain Christen
3647654fe4
[migration k3s-io] update helm-controller dependency ( #2569 )
...
rancher/helm-controller ➡️ k3s-io/helm-controller
Part of https://github.com/rancher/k3s/issues/2189
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-12-01 08:59:10 -07:00
Jacob Blain Christen
b4a51f2b9a
[migration k3s-io] update flannel and go-powershell replace directives ( #2576 )
...
rancher/flannel ➡️ k3s-io/flannel
rancher/go-powershell ➡️ k3s-io/go-powershell
Part of https://github.com/rancher/k3s/issues/2189
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-12-01 08:12:18 -07:00
Jacob Blain Christen
898fd0848f
[migration k3s-io] update etcd replace directive ( #2578 )
...
rancher/etcd ➡️ k3s-io/etcd
Part of https://github.com/rancher/k3s/issues/2189
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-12-01 08:08:58 -07:00
Akihiro Suda
0b45e32486
Support cgroup v2
...
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-11-30 22:57:37 -08:00
Jacob Blain Christen
36230daa86
[migration k3s-io] update kine dependency ( #2568 )
...
rancher/kine ➡️ k3s-io/kine
Part of https://github.com/rancher/k3s/issues/2189
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-11-30 16:45:22 -07:00
David Nuzik
ff5a6fe3dd
Merge pull request #2605 from davidnuzik/add-davidnuzik-to-maintainers
...
Add davidnuzik (David Nuzik) to the list of maintainers
2020-11-30 11:52:25 -07:00
David Nuzik
0ac7497f1e
Add davidnuzik (David Nuzik) to the list of maintainers
...
Signed-off-by: David Nuzik <david.nuzik@rancher.com>
2020-11-30 11:45:38 -07:00
David Nuzik
0b394ecd39
Merge pull request #2604 from Oats87/add-oats87-to-maintainers
...
Add Oats87 (Chris Kim) to the list of maintainers for K3s
2020-11-30 11:39:28 -07:00
Chris Kim
5136abbd80
Add Oats87 (Chris Kim) to the list of maintainers for K3s
...
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-11-30 10:23:28 -08:00
David Nuzik
3d8a8b5d60
Merge pull request #2575 from MonzElmasry/update_stable
...
Mark v1.19.4+k3s1 as stable
2020-11-30 11:08:58 -07:00
Jacob Blain Christen
cc32e2f9a0
[migration k3s-io] update containerd, cri, and cri-tools replace directives ( #2591 )
...
- rancher/cri ➡️ k3s-io/cri
- rancher/cri-tools ➡️ k3s-io/cri-tools
- rancher/containerd ➡️ k3s-io/containerd
Part of https://github.com/rancher/k3s/issues/2189
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-11-30 10:40:54 -07:00
Jacob Blain Christen
f88d93db37
[migration k3s-io] go.mod replace kubernetes/kubernetes ( #2567 )
...
This change set replaces these go.mod replacement directives with references to k3s-io repositories.
- rancher/kubernetes
- rancher/nocode
Part of https://github.com/rancher/k3s/issues/2189
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-11-30 09:39:38 -07:00
MonzElmasry
0399d17ebb
update stable release to v1.19.4+k3s1
...
Signed-off-by: MonzElmasry <menna.elmasry@rancher.com>
2020-11-23 20:52:20 +02:00
Brad Davidson
5896fb06c2
Update Kubernetes to v1.19.4-k3s1
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-18 15:25:39 -08:00
Brad Davidson
10474638d7
Clean up architecture handling
...
* Remove unused release.sh and DAPPER_HOST_ARCH
* Reliably use ARCH from version.sh
* Export GOARCH and GOARM so that they are used by `go build`
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-18 15:25:39 -08:00
Chris Kim
cb5b9edf32
Merge pull request #2536 from Oats87/issues/k3s/2517-2518
...
Enhance install.sh to help with k3s upgrade and uninstall scenarios
2020-11-18 09:23:52 -08:00
Chris Kim
25d2ce435b
Update install.sh
...
Change from file check to yum check for uninstall script
Co-authored-by: Jacob Blain Christen <dweomer5@gmail.com>
2020-11-17 09:08:38 -08:00
Chris Kim
66d87698fd
Enhance install.sh to help with k3s upgrade and uninstall scenarios for k3s-selinux
...
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-11-16 13:57:07 -08:00
David Nuzik
316ff1f324
Update stable channel to v1.19.3+k3s3
...
* v1.19.3+k3s3 contains a critical fix for kine. Refer to the release notes for details.
Signed-off-by: David Nuzik <david.nuzik@rancher.com>
2020-11-13 00:41:00 -07:00
Brad Davidson
ea312a303e
Update kine to v0.5.1 for compact fix
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-12 19:46:22 -08:00
Jacob Blain Christen
2c666af483
cri: pull in updated /dev/shm fix ( #2506 )
...
Do not relabel container /dev/shm when it is host /dev/shm.
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-11-11 17:08:59 -07:00
Brad Davidson
b873d3a03b
Explicitly set agent paths within --data-dir
...
Removing the cfg.DataDir mutation in 3e4fd7b
did not break anything, but
did change some paths in unwanted ways. Rather than mutating the
user-supplied command-line flags, explicitly specify the agent
subdirectory as needed.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-11 09:26:41 -08:00