github/k3s - k3s - https://git.xinac.net

Commit Graph

Author	SHA1	Message	Date
Derek Nola	944f811dc5	v1.27.1 CLI Deprecation (#7311 ) * Remove Flannel Wireguard * Remove etcd-snapshot (implicit save) * Convert ipsec and multiple backend to fatal Signed-off-by: Derek Nola <derek.nola@suse.com>	2 years ago
Roberto Bonafiglia	3e3512bdae	Updated kube-route version to move the iptables ACCEPT default rule at the end of the chain Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>	2 years ago
Brad Davidson	2992477c4b	Debounce kubernetes service endpoint updates Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2 years ago
Brad Davidson	ece4d8e45c	Fix tests to not hide failure location in dummp assert functions Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2 years ago
Brad Davidson	e54ceaa497	Fix issue with stale connections to removed LB server Track LB connections through each server so that they can be closed when it is removed. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2 years ago
Roberto Bonafiglia	15ee88964b	Added multiClusterCidr feature Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>	2 years ago
Daishan Peng	b7f90f389c	Wait for kubelet port to be ready before setting (#7041 ) * Wait for kubelet port to be ready before setting * Wait for kubelet to update the Ready status before reading port Signed-off-by: Daishan Peng <daishan@acorn.io> Signed-off-by: Brad Davidson <brad.davidson@rancher.com> Co-authored-by: Brad Davidson <brad.davidson@rancher.com>	2 years ago
Derek Nola	d218068f34	Adds a warning about editing to the containerd config.toml file (#7057 ) * Add a warning to the config.toml file Signed-off-by: Derek Nola <derek.nola@suse.com> Co-authored-by: Brad Davidson <brad@oatmail.org>	2 years ago
Roberto Bonafiglia	e098b99bfa	Update flannel and kube-router (#7039 ) * Update kube-router version to fix iptables rules Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com> * Update Flannel to v0.21.3 Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com> --------- Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>	2 years ago
Roberto Bonafiglia	b8e69712a3	Updated flannel version to v0.21.0 Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>	2 years ago
Paul Donohue	290d7e8fd1	Fix access to hostNetwork port on NodeIP when egress-selector-mode=agent Signed-off-by: Paul Donohue <git@PaulSD.com> Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2 years ago
Brad Davidson	992e64993d	Add support for kubeadm token and client certificate auth Allow bootstrapping with kubeadm bootstrap token strings or existing Kubelet certs. This allows agents to join the cluster using kubeadm bootstrap tokens, as created with the `k3s token create` command. When the token expires or is deleted, agents can successfully restart by authenticating with their kubelet certificate via node authentication. If the token is gone and the node is deleted from the cluster, node auth will fail and they will be prevented from rejoining the cluster until provided with a valid token. Servers still must be bootstrapped with the static cluster token, as they will need to know it to decrypt the bootstrap data. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2 years ago
Brad Davidson	3c324335b2	Add utility functions for getting kubernetes client Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2 years ago
Derek Nola	0d4caf4e24	Wait for cri-dockerd socket (#6812 ) * Wait for cri-dockerd socket * Consolidate cri utility functions Signed-off-by: Derek Nola <derek.nola@suse.com>	2 years ago
Brad Davidson	3cb6fa5cc7	Set cri-dockerd version at build time Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2 years ago
Brad Davidson	89f7062431	Add build tag to disable cri-dockerd Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2 years ago
Brad Davidson	f54b5e4fa0	Fix CI tests * General cleanup of test-helpers functions to address CI failures * Install awscli in test image * Log containerd output to file even when running with --debug Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2 years ago
Brad Davidson	0c9b43746b	Preload iptable_filter/ip6table_filter ServiceLB now requires this module, but it will not get autoloaded by the kubelet if the host is using nftables. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2 years ago
Hussein Galal	f8b661d590	Update to v1.26.0-k3s1 (#6370 ) * Update to v1.26.0-alpha.2 Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * go generate Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Default CURRENT_VERSION to VERSION_TAG for alpha versions Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * remove containerd package Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Update k8s to v1.26.0-rc.0-k3s1 cri-tools cri-dockerd and cadvisor Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * replace cri-api reference to the new api Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * go mod tidy Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Fix version script to allow rc and alphas Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Fix version script to allow rc and alphas Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Fix version script to allow rc and alphas Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Update to Kubernetes 1.26.0-rc.1 Signed-off-by: Brad Davidson <brad.davidson@rancher.com> * Undo helm-controller pin Signed-off-by: Brad Davidson <brad.davidson@rancher.com> * Bump containerd to -k3s2 for stargz fix Signed-off-by: Brad Davidson <brad.davidson@rancher.com> * DevicePlugins featuregate is locked to on Signed-off-by: Brad Davidson <brad.davidson@rancher.com> * Bump kine for DeleteRange fix Signed-off-by: Brad Davidson <brad.davidson@rancher.com> * Update to v1.26.0-k3s1 Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * go mod tidy Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Bring back snapshotter checks and update golang to 1.19.4 Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * fix windows containerd snapshotter checks Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> Signed-off-by: Brad Davidson <brad.davidson@rancher.com> Co-authored-by: Brad Davidson <brad.davidson@rancher.com>	2 years ago
Derek Nola	d723775792	Remove deprecated flags in v1.26 (#6574 ) * Remove NoFlannel * Remove cluster-secret * Remove no-deploy * Remove disable-selinux * Convert wireguard to fatal error * Remove reference to no-op K3S_CLUSTER_SECRET Signed-off-by: Derek Nola <derek.nola@suse.com>	2 years ago
Brad Davidson	2835368ecb	Bump k3s-root and remove embedded strongswan support Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2 years ago
Manuel Buil	1beecb2e2d	Merge pull request #6531 from manuelbuil/fixLogs Fix log for flannelExternalIP use case	2 years ago
Brad Davidson	6f2b21c5cd	Add rootless IPv6 support Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2 years ago
Manuel Buil	5188443988	Fix log for flannelExternalIP use case Signed-off-by: Manuel Buil <mbuil@suse.com>	2 years ago
thomasferrandiz	b7d217dbf3	Merge pull request #6405 from thomasferrandiz/log-kube-router-version log kube-router version when starting netpol controller	2 years ago
Manuel Buil	8aff25e192	Merge pull request #6403 from manuelbuil/logsFlannelExternalIP Avoid wrong config for `flannel-external-ip` and add warning if unencrypted backend	2 years ago
Manuel Buil	1682172ac1	Add some helping logs to avoid wrong configs Signed-off-by: Manuel Buil <mbuil@suse.com>	2 years ago
Roberto Bonafiglia	87c7ea81f0	Updated flannel version to 0.20.1 Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>	2 years ago
Thomas Ferrandiz	68ac954489	log kube-router version when starting netpol controller Signed-off-by: Thomas Ferrandiz <thomas.ferrandiz@suse.com>	2 years ago
Petri Kivikangas	6156059136	Convert containerd config.toml.tmpl Linux template to v2 syntax Signed-off-by: Petri Kivikangas <36138+Kitanotori@users.noreply.github.com>	2 years ago
Brad Davidson	76729d813b	Set default kubeletPort Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2 years ago
Brad Davidson	269563e4d2	Check for RBAC before starting tunnel controllers Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2 years ago
Brad Davidson	f2585c1671	Add --flannel-external-ip flag Using the node external IP address for all CNI traffic is a breaking change from previous versions; we should make it an opt-in for distributed clusters instead of default behavior. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2 years ago
Derek Nola	06d81cb936	Replace deprecated ioutil package (#6230 ) * Replace ioutil package * check integration test null pointer * Remove rotate retries Signed-off-by: Derek Nola <derek.nola@suse.com>	2 years ago
Brad Davidson	b411864be5	Handle custom kubelet port in agent tunnel The kubelet port can be overridden by users; we shouldn't assume its always 10250 Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2 years ago
Manuel Buil	5164cf5345	Add flannel-external-ip when there is a k3s node-external-ip Signed-off-by: Manuel Buil <mbuil@suse.com>	2 years ago
Roberto Bonafiglia	26e9405767	Added warning message for flannel backend additional options deprecation Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>	2 years ago
Derek Nola	cd49101fc8	Convert deprecated flags to fatal errors for v1.25 (#6069 ) * Replace warning with fatal errors. * Group system-default-registry under (agent/runtime) Signed-off-by: Derek Nola <derek.nola@suse.com>	2 years ago
Roberto Bonafiglia	a30971efaa	Updated flannel to v0.19.1 Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>	2 years ago
Brad Davidson	4aca21a1f1	Add cri-dockerd support as backend for --docker flag Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2 years ago
Brad Davidson	b1fa63dfb7	Revert "Remove --docker/dockershim support" This reverts commit `4a3d283bc1`. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2 years ago
Roberto Bonafiglia	d90ba30353	Added NodeIP autodect in case of dualstack connection Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>	2 years ago
Derek Nola	118a68c913	Updates to CLI flag grouping + deprecated flag warnings. (#5937 ) * Consolidate data dir flag * Group cluster flags together * Reorder and group agent flags * Add additional info around vmodule flag * Hide deprecated flags, and add warning about their removal Signed-off-by: Derek Nola <derek.nola@suse.com>	2 years ago
Brad Davidson	db2ba7b61d	Don't enable unprivileged ports and icmp on old kernels Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2 years ago
Brad Davidson	bd5fdfce33	Fix server systemd detection * Use INVOCATION_ID to detect execution under systemd, since as of `a9b5a1933f` NOTIFY_SOCKET is now cleared by the server code. * Set the unit type to notify by default for both server and agent, which is what Rancher-managed installs have done for a while. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2 years ago
Brad Davidson	afee83dda2	Bump remotedialer Includes fix for recently identified memory leak. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2 years ago
Olli Janatuinen	2968a83bc0	containerd: Enable enable_unprivileged_ports and enable_unprivileged_icmp by default Signed-off-by: Olli Janatuinen <olli.janatuinen@gmail.com>	2 years ago
Brad Davidson	3399afed83	Ensure that CONTAINERD_ variables are not shadowed by later entries Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2 years ago
Derek Nola	a9b5a1933f	Delay service readiness until after startuphooks have finished (#5649 ) * Move startup hooks wg into a runtime pointer, check before notifying systemd * Switch default systemd notification to server * Add 1 sec delay to allow etcd to write to disk Signed-off-by: Derek Nola <derek.nola@suse.com>	2 years ago
Roberto Bonafiglia	a693071c74	Merge pull request #5552 from sjoerdsimons/sjoerd/flannel-wireguard-mode Add cli flag for flannel wireguard mode	2 years ago
Manuel Buil	d4522de06a	Merge pull request #5656 from manuelbuil/AddFlannelCniConfFile Add FlannelCNIConf flag	2 years ago
Brad Davidson	b550e1183a	Remove control-plane egress context and fix agent mode. The control-plane context handles requests outside the cluster and should not be sent to the proxy. In agent mode, we don't watch pods and just direct-dial any request for a non-node address, which is the original behavior. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Brad Davidson	d3242bea3c	Refactor egress-selector pods mode to watch pods Watching pods appears to be the most reliable way to ensure that the proxy routes and authorizes connections. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Manuel Buil	c705d34804	Add FlannelConfCNI flag Signed-off-by: Manuel Buil <mbuil@suse.com>	3 years ago
Sjoerd Simons	8643576985	Add ability to pass configuration options to flannel backend Allow the flannel backend to be specified as backend=option=val,option2=val2 to select a given backend with extra options. In particular this adds the following options to wireguard-native backend: * Mode - flannel wireguard tunnel mode * PersistentKeepaliveInterval- wireguard persistent keepalive interval Signed-off-by: Sjoerd Simons <sjoerd@collabora.com>	3 years ago
Brad Davidson	9d7230496d	Add support for configuring the EgressSelector mode Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Brad Davidson	4a3d283bc1	Remove --docker/dockershim support Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Brad Davidson	c8447dca56	Bump golang to 1.18.1 Also update all use of 'go get' => 'go install', update CI tooling for 1.18 compatibility, and gofmt everything so lint passes. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Brad Davidson	e6385b2341	Update CNI version in config file Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Brad Davidson	1d4f995edd	Move auto-generated resolv.conf out of /tmp to prevent accidental cleanup Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Manuel Buil	314e3f56dc	Check if user has a correct cluster-cidr and service-cidr config Signed-off-by: Manuel Buil <mbuil@suse.com>	3 years ago
Brad Davidson	ce5b9347c9	Replace DefaultProxyDialerFn dialer injection with EgressSelector support Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Brad Davidson	e763fadbba	Ensure that WaitForAPIServerReady always re-dials through the loadbalancer Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Brad Davidson	13ca10664f	Use ListWatch helpers instead of bare List/Watch Reduces code complexity a bit and ensures we don't have to handle closed watch channels on our own Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Michal Rostecki	5f2a4d4209	server: Allow to enable network policies with IPv6-only After previous changes, network policies are working on IPv6-only installations. Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>	3 years ago
Michal Rostecki	c0045f415b	agent(netpol): Explicitly enable IPv4 when necessary Before this change, kube-router was always assuming that IPv4 is enabled, which is not the case in IPv6-only clusters. To enable network policies in IPv6-only, we need to explicitly let kube-router know when to disable IPv4. Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>	3 years ago
Brad Davidson	a69d635c9b	Drop unnecessary intermediate variable Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Brad Davidson	333311c7ee	Add systemd cgroup controller support Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Brad Davidson	418c3fa858	Fix issue with datastore corruption on cluster-reset (#5515 ) * Bump etcd to v3.5.4-k3s1 * Fix issue with datastore corruption on cluster-reset * Disable unnecessary components during cluster reset Disable control-plane components and the tunnel setup during cluster-reset, even when not doing a restore. This reduces the amount of log clutter during cluster reset/restore, making any errors encountered more obvious. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Brad Davidson	b12cd62935	Move IPv4/v6 selection into helpers Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Brad Davidson	7e447692c5	Fix issue with RKE2 servers hanging on listing apiserver addresses Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Dirk Müller	fa0fa8b1d0	Update golangci-lint to 1.45.2 This requires a further set of gofmt -s improvements to the code, but nothing major. golangci-lint 1.45.2 brings golang 1.18 support which might be needed in the future. Signed-off-by: Dirk Müller <dirk@dmllr.de>	3 years ago
Roberto Bonafiglia	f04c602c07	Updated wireguard-native options and added log message Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>	3 years ago
Roberto Bonafiglia	47abaf362e	Added new flannel backend to use wireguard from flannel Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>	3 years ago
Michal Rostecki	9350016de8	Merge pull request #5387 from vadorovsky/kube-router-dual-stack netpol: Add dual-stack support	3 years ago
Brad Davidson	49544e0d49	Allow agents to query non-apiserver supervisors for apiserver endpoints Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Michal Rostecki	c707948adf	netpol: Add dual-stack support This change allows to define two cluster CIDRs for compatibility with Kubernetes dual-stuck, with an assumption that two CIDRs are usually IPv4 and IPv6. It does that by levearaging changes in out kube-router fork, with the following downstream release: https://github.com/k3s-io/kube-router/releases/tag/v1.3.2%2Bk3s Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>	3 years ago
Euan Kemp	c2e846dc16	Allow using flannel wireguard backend in a custom config Ideally we'd have fully fleshed out support for it (i.e. #5011), but that's a potentially breaking change and taking a little while to merge. This is a much simpler change which won't break anything, but will allow a "Type": "wireguard" reference in the "--flannel-conf" custom config file to work. Signed-off-by: Euan Kemp <euank@euank.com>	3 years ago
Roberto Bonafiglia	4afeb9c5c7	Merge pull request #5325 from rbrtbnfgl/fix-etcd-ipv6-url Fixed etcd URL in case of IPv6 address	3 years ago
Roberto Bonafiglia	06c779c57d	Fixed loadbalancer in case of IPv6 addresses Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>	3 years ago
Luther Monson	13191da58a	add a wrapper around the containerd.New call to fix and pass the proper npipe connector Signed-off-by: Luther Monson <luther.monson@gmail.com>	3 years ago
Roberto Bonafiglia	dda409b041	Updated localhost address on IPv6 only setup Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>	3 years ago
Roberto Bonafiglia	ff85faa7de	Changed ipv6 config on flannel setup Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>	3 years ago
Roberto Bonafiglia	073f155fc4	Added ipv6 only support with flannel Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>	3 years ago
Roberto Bonafiglia	93346904cf	Merge pull request #5215 from rbrtbnfgl/flannel_0.17 Flannel 0.17	3 years ago
Roberto Bonafiglia	3fabc0703b	Merge pull request #4450 from olljanat/support-ipv6-only Add partial support for IPv6 only mode	3 years ago
Roberto Bonafiglia	f3d81544b1	Fixed log in case of ipv6 only config Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>	3 years ago
Roberto Bonafiglia	0c83f50c4c	Added switch case to check netMode Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>	3 years ago
Roberto Bonafiglia	2c39febdd2	Fixed in case of empty address Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>	3 years ago
Roberto Bonafiglia	d7d4c891e2	Updated flannel to 0.17 Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>	3 years ago
Luther Monson	9a849b1bb7	[master] changing package to k3s-io (#4846 ) * changing package to k3s-io Signed-off-by: Luther Monson <luther.monson@gmail.com> Co-authored-by: Derek Nola <derek.nola@suse.com>	3 years ago
Brad Davidson	f090bf2d5e	Bootstrap the executor even when the agent is disabled Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Brad Davidson	5014c9e0e8	Fix adding etcd-only node to existing cluster Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Manuel Buil	062fe63dd1	Fix annoying netpol log Signed-off-by: Manuel Buil <mbuil@suse.com>	3 years ago
Olli Janatuinen	966f4d6a01	Add support for IPv6 only mode Automatically switch to IPv6 only mode if first node-ip is IPv6 address Signed-off-by: Olli Janatuinen <olli.janatuinen@gmail.com>	3 years ago
Michal Rostecki	4fed9f4052	netpol: Use kube-router as a library Before this change, we were copying a part of kube-router code to pkg/agent/netpol directory with modifications, from which the biggest one was consumption of k3s node config instead of kube-router config. However, that approach made it hard to follow new upstream versions. It's possible to use kube-router as a library, so it seems like a better way to do that. Instead of modifying kube-router network policy controller to comsume k3s configuration, this change just converts k3s node config into kube-router config. All the functionality of kube-router except netpol is still disabled. Signed-off-by: Michal Rostecki <mrostecki@opensuse.org> Signed-off-by: Manuel Buil <mbuil@suse.com>	3 years ago
Brad Davidson	bc7635f01f	Move containerd wait into exported function Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Roberto Bonafiglia	8eded2749a	Added debug log for IPv6 Masquerading rule Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@gmail.com>	3 years ago
Roberto Bonafiglia	111c1669fc	Added flannel-ipv6-masq flag to enable IPv6 nat Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@gmail.com>	3 years ago
Roberto Bonafiglia	2253f64b2a	Added iptables masquerade rules for ipv6 on flannel Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@gmail.com>	3 years ago
Brad Davidson	87395e32d6	Update modules for Kubernetes v1.23 Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Manuel Buil	4eb282edac	Move flannel logs to logrus Signed-off-by: Manuel Buil <mbuil@suse.com>	3 years ago
Brad Davidson	a70487d5ae	Update wharfie usage in windows code path Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Alexey Medvedchikov	8f389ab030	Include node-external-ip in serving-kubelet.crt SANs (#4620 ) * Include node-external-ip in serving-kubelet.crt SANs Signed-off-by: Alexey Medvedchikov <alexeymedvedchikov@improbable.io>	3 years ago
Brad Davidson	7d3447ceff	Bump wharfie to v0.5.1 and use shared decompression code Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Manuel Buil	7685da3e24	Improve flannel logging Signed-off-by: Manuel Buil <mbuil@suse.com>	3 years ago
Brad Davidson	5ab6d21a7d	Increase agent's apiserver ready timeout (#4454 ) Since we now start the server's agent sooner and in the background, we may need to wait longer than 30 seconds for the apiserver to become ready on downstream projects such as RKE2. Since this essentially just serves as an analogue for the server's apiReady channel, there's little danger in setting it to something relatively high. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Manuel Buil	5d168a1d59	Allow svclb pod to enable ipv6 forwarding Signed-off-by: Manuel Buil <mbuil@suse.com>	3 years ago
Luther Monson	36c6634cce	[master] updating to new signals package in wrangler (#4399 ) * updating to new signals package in wrangler Signed-off-by: Luther Monson <luther.monson@gmail.com>	3 years ago
Deshi Xiao	f1622129e4	refactor: Use plain channel send or receive fix issue #4369 should use a simple channel send/receive instead of select with a single case Signed-off-by: Deshi Xiao <xiaods@gmail.com>	3 years ago
Brad Davidson	5acd0b9008	Watch the local Node object instead of get/sleep looping Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Brad Davidson	3fe460d080	Block scheduler startup on untainted node when using embedded CCM Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Brad Davidson	5a923ab8dc	Add containerd ready channel to delay etcd node join Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Manuel Buil	87524a7ac7	Enable the inheritance of settings for ipv6 Signed-off-by: Manuel Buil <mbuil@suse.com>	3 years ago
Joe Kralicky	debb508643	Nvidia container runtime discovery in containerd config template (#3890 ) * Update the default containerd config template with support for adding extra container runtimes. Add logic to discover nvidia container runtimes installed via the the gpu operator or package manager. Signed-off-by: Joe Kralicky <joe.kralicky@suse.com>	3 years ago
Manuel Buil	9fcd79baae	Add tests to the dual-stack PR and enable dual-stack with flannel backend Signed-off-by: Manuel Buil <mbuil@suse.com>	3 years ago
Manuel Buil	681058bb40	Add dual-stack support Signed-off-by: Manuel Buil <mbuil@suse.com>	3 years ago
Brad Davidson	3449d5b9f9	Wait for apiserver readyz instead of healthz Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Brad Davidson	29c8b238e5	Replace klog with non-exiting fork Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Kohei Tokunaga	8b857eef9c	Ship Stargz Snapshotter (#2936 ) * Ship Stargz Snapshotter Signed-off-by: ktock <ktokunaga.mail@gmail.com> * Bump github.com/containerd/stargz-snapshotter to v0.8.0 Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>	3 years ago
Brad Davidson	cf12a13175	Add missing node name entry to apiserver SAN list Also honor node-ip when adding the node address to the SAN list, instead of hardcoding the autodetected IP address. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Brad Davidson	e95b75409a	Fix lint failures Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Brad Davidson	641ab26fde	Update containerd to 1.5 Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Brad Davidson	e204d863a5	Update Kubernetes to v1.22.1 * Update Kubernetes to v1.22.1 * Update dependent modules to track with upstream Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Hussein Galal	e322924781	Reset load balancer state during restoraion (#3877 ) * Reset load balancer state during restoraion Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Reset load balancer state during restoraion Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>	3 years ago
Brad Davidson	dfd4e42e57	Wrap context with lease before importing images Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Brad Davidson	5ab3590d9b	Improve config retrieval messages Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Jamie Phillips	fc19b805d5	Added logic to strip any existing hyphens before processing the args. (#3662 ) Updated the logic to handle if extra args are passed with existing hyphens in the arg. The test was updated to add the additional case of having pre-existing hyphens. The method name was also refactored based on previous feedback.	3 years ago
Brad Davidson	90445bd581	Wait until server is ready before configuring kube-proxy (#3716 ) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Derek Nola	21c8a33647	Introduction of Integration Tests (#3695 ) * Commit of new etcd snapshot integration tests. * Updated integration github action to not run on doc changes. * Update Drone runner to only run unit tests Signed-off-by: dereknola <derek.nola@suse.com>	3 years ago
William Zhang	a4c992ce52	🐳 burp to inetaf/tcpproxy Problem: tcpproxy repository has been moved out of the github.com/google org to github.com/inetaf. Solution: Switch to the new repo. FYI: https://godoc.org/inet.af/tcpproxy/ Signed-off-by: William Zhang <warmchang@outlook.com>	3 years ago
Jamie Phillips	a62d143936	Fixing various bugs related to windows. This changes the crictl template for issues with the socket information. It also addresses a typo in the socket address. Last it makes tweaks to configuration that aren't required or had incorrect logic. Signed-off-by: Jamie Phillips <jamie.phillips@suse.com> spelling	3 years ago
Derek Nola	73df2d806b	Update embedded kube-router (#3557 ) * Update embedded kube-router Signed-off-by: dereknola <derek.nola@suse.com>	3 years ago
Deshi Xiao	77fcf2dfc5	missing build tag for windows Signed-off-by: Deshi Xiao <xiaods@gmail.com>	3 years ago
Brad Davidson	cbacd7107e	Allow passing targeted environment variables to containerd Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Jamie Phillips	82394d7d36	Basic windows agent that will join a cluster without CNI. Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>	3 years ago
Derek Nola	ef23c6c548	Redux: Change containerd image leases from context lifespan to permanent (#3464 ) * Changed containerd image licenses from context lifespan to permanent. Delete any existing licenses owned by k3s on server startup Signed-off-by: dereknola <derek.nola@suse.com>	4 years ago
Derek Nola	b74c499709	Revert "Change containerd image leases from 24h to permanent (#3452 )" (#3461 ) This reverts commit `86b3ba8dba`.	4 years ago
Derek Nola	86b3ba8dba	Change containerd image leases from 24h to permanent (#3452 ) * Changed containerd image licenses from 24h to permanent. Delete any existing licenses on server startup Signed-off-by: dereknola <derek.nola@suse.com>	4 years ago
Brian Downs	88f95ec409	Send systemd notifications for both server and agent (#3430 ) * update agent to sent systemd notify after everything starts	4 years ago
Manuel Buil	243fd14cf1	Change Replace with ReplaceAll function strings has a specific function to replace all matches. We should use that one instead of strings.Replace(string, old, new string, -1) Signed-off-by: Manuel Buil <mbuil@suse.com>	4 years ago
Manuel Buil	5153088286	Merge pull request #3385 from manuelbuil/wireguard-fix Move wireguard's privatekey to flannel config directory	4 years ago
Manuel Buil	1576030d6b	Add a path for wireguard's privatekey Signed-off-by: Manuel Buil <mbuil@suse.com>	4 years ago
Jamie Phillips	7345ac35ae	Initial windows support for agent (#3375 ) Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>	4 years ago
Brad Davidson	7e175e8ad4	Handle conntrack-related sysctls in supervisor agent setup Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	4 years ago
Brad Davidson	079620ded0	Fix passthrough of SystemDefaultRegistry from server config Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	4 years ago
Brad Davidson	e10524a6b1	Add executor.Bootstrap hook for pre-execution setup Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	4 years ago
Brad Davidson	02a5bee62f	Add system-default-registry support and remove shared code (#3285 ) * Move registries.yaml handling out to rancher/wharfie * Add system-default-registry support * Add CLI support for kubelet image credential providers Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	4 years ago
Hussein Galal	f410fc7d1e	Invoke cluster reset function when only reset flag is passed (#3276 ) Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>	4 years ago
Hussein Galal	2db3bf7a89	Export CriConnection function (#3225 ) Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>	4 years ago

1 2 3 4 5 ...

435 Commits (6c6d87d1b02fb7ad7edb9cf09984edef826956bc)