github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,579 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

1094 Commits (7fee87d9765d01f1e478b06553b0b100410de289)

Author SHA1 Message Date
Derek Nola 7fee87d976
Adds a warning about editing to the containerd config.toml file (#7076) 
* Add a warning to the config.toml file

Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Brad Davidson <brad@oatmail.org>
 2023-03-14 09:33:21 -07:00
Brad Davidson 41c24b6a88 Add support for cross-signing new certs during ca rotation 
We need to send the full chain in order for cross-signing to work
properly during switchover to a new root.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-03-13 20:08:26 -07:00
Brad Davidson 9360022bbe Wait for kubelet to update the Ready status before reading port 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-03-13 20:07:34 -07:00
Daishan Peng abda53075e Wait for kubelet port to be ready before setting 
Signed-off-by: Daishan Peng <daishan@acorn.io>
 2023-03-13 20:07:34 -07:00
Roberto Bonafiglia cabeae0619
[Release 1.24] Update flannel and kube-router (#7063) 
* Update kube-router version to fix iptables rules

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>

* Update Flannel to v0.21.3

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>

---------

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2023-03-10 20:32:08 -08:00
Brad Davidson 0f6e4dcee0 Add test for filterByIPFamily 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-21 14:14:15 -08:00
Brad Davidson 3709e8386c Fix ServiceLB dual-stack ingress IP listing 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-21 14:14:15 -08:00
Brad Davidson ecb5f5a2b5 Fix CACertPath stripping trailing path components 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-14 13:19:22 -08:00
Brad Davidson 8ae390ff82 Fix etcd member deletion 
Turns out etcd-only nodes were never running **any** of the controllers,
so allowing multiple controllers didn't really fix things.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-14 13:19:22 -08:00
Brad Davidson 77dbe648ad Allow for multiple sets of leader-elected controllers 
Addresses an issue where etcd controllers did not run on etcd-only nodes

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-10 12:26:09 -08:00
Roberto Bonafiglia dd71479e67 Update flannel to v0.21.1 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2023-02-10 20:07:50 +01:00
Paul Donohue c87d62490f Fix access to hostNetwork port on NodeIP when egress-selector-mode=agent 
Signed-off-by: Paul Donohue <git@PaulSD.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-10 09:43:58 -08:00
Brad Davidson 478dae4d3d Ensure that node exists when using node auth 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 87f9c4ab11)
 2023-02-10 09:34:10 -08:00
Brad Davidson 73460e28bf Add support for kubeadm token and client certificate auth 
Allow bootstrapping with kubeadm bootstrap token strings or existing
Kubelet certs. This allows agents to join the cluster using kubeadm
bootstrap tokens, as created with the `k3s token create` command.

When the token expires or is deleted, agents can successfully restart by
authenticating with their kubelet certificate via node authentication.
If the token is gone and the node is deleted from the cluster, node auth
will fail and they will be prevented from rejoining the cluster until
provided with a valid token.

Servers still must be bootstrapped with the static cluster token, as
they will need to know it to decrypt the bootstrap data.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 992e64993d)
 2023-02-10 09:34:10 -08:00
Brad Davidson f4fc44ec4a Add support for `k3s token` command 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 373df1c8b0)
 2023-02-10 09:34:10 -08:00
Brad Davidson 6ae3370e28 Add `certificate rotate-ca` to write updated CA certs to datastore 
This command must be run on a server while the service is running. After this command completes, all the servers in the cluster should be restarted to load the new CA files.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 215fb157ff)
 2023-02-10 09:34:10 -08:00
Brad Davidson b88c3b8c95 Add utility functions for getting kubernetes client 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 3c324335b2)
 2023-02-10 09:34:10 -08:00
Brad Davidson 631847536c Fix CA cert hash for root certs 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 58d40327b4)
 2023-02-10 09:34:10 -08:00
Brad Davidson e62b921b4f Ensure cluster-signing CA files contain only a single CA cert 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 0919ec6755)
 2023-02-10 09:34:10 -08:00
Brad Davidson ce0a03648d go generate 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-10 07:27:20 -08:00
Brad Davidson e0967ce763 Check for existing resources before creating them 
Prevents errors when starting with fail-closed webhooks

Also, use panic instead of Fatalf so that the CloudControllerManager rescue can handle the error

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-10 07:27:20 -08:00
Brad Davidson 89b5466a00 Use default address family when adding kubernetes service address to SAN list 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-09 11:56:42 -08:00
Brad Davidson 607ccbd49d
[release-1.24] Allow ServiceLB to honor `ExternalTrafficPolicy=Local` (#6908) 
* Bump wrangler version for EndpointSlice support

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 94d1a87509)

* Honor Service ExternalTrafficPolicy

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 369b81b45e)

* go generate

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 1c6fde9a52)
 2023-02-08 14:04:08 -08:00
Derek Nola c9f450b314
Ignore value conflicts when reencrypting secrets (#6918) 
* Ignore conflict secrets

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-02-08 10:45:13 -08:00
Derek Nola 1b5a3a5b2e
Wait for cri-dockerd socket (#6854) 
* Wait for cri-dockerd socket
* Consolidate cri utility functions

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-02-01 09:24:09 -08:00
Derek Nola f0ce56a02b
Standardize flag declaration (#6868) 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-02-01 09:23:34 -08:00
Derek Nola 564b825152
Fix cron example (#6865) 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-01-31 12:57:15 -08:00
Silvio Moioli 8e36b16568 Bugfix: do not break cert-manager when pprof is enabled (#6635) 
Signed-off-by: Silvio Moioli <silvio@moioli.net>
(cherry picked from commit 23c1040adb)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-26 17:36:55 -08:00
Brad Davidson be26a6e618 Set cri-dockerd version at build time 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-26 14:43:47 -08:00
Brad Davidson 21b1da5848 Add jitter to scheduled snapshots and retry harder on conflicts 
Also ensure that the snapshot job does not attempt to trigger multiple concurrent runs, as this is not supported.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-26 14:31:25 -08:00
Brooks Newberry 546a94e9ae
V1.24.10 k3s1 (#6788) 2023-01-19 18:39:14 -08:00
Brad Davidson f7e375979f Fix CI tests 
* General cleanup of test-helpers functions to address CI failures
* Install awscli in test image
* Log containerd output to file even when running with --debug

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit f54b5e4fa0)
 2023-01-18 09:17:39 -08:00
Brad Davidson 0887800db8 Pass through default tls-cipher-suites 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-13 22:14:58 -08:00
Brad Davidson 01d519394f Preload iptable_filter/ip6table_filter 
ServiceLB now requires this module, but it will not get autoloaded by the kubelet if the host is using nftables.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-13 18:28:28 -08:00
Brad Davidson d5ef9e1a12 Bump k3s-root and remove embedded strongswan support 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 2835368ecb)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-02 00:20:37 -08:00
Brad Davidson af9fac15ff go generate 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 915c7719fe)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-02 00:20:37 -08:00
Brad Davidson 6e8c10473d go generate 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 1eeea5c81f)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-02 00:20:37 -08:00
Brad Davidson 2531ef3b7b Disable CCM metrics port when legacy CCM functionality is disabled 
Prevents port conflicts on upgrade for users that have deployed other cloud controllers.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit e08a662509)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-02 00:20:37 -08:00
Brad Davidson cfa7be05cc Bump klipper-helm and klipper-lb versions 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit a07bb555ba)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-02 00:20:37 -08:00
Derek Nola bec4ff182f Add `prefer-bundled-bin` as an agent flag (#6545) 
* Add prefer-bundled-bin as an agent flag
* Add E2E test for prefer-bundled-bin

Signed-off-by: Derek Nola <derek.nola@suse.com>
(cherry picked from commit 614da78e43)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-02 00:20:37 -08:00
Manuel Buil 15d35cad28 Remove stuff which belongs in the windows executor implementation 
Signed-off-by: Manuel Buil <mbuil@suse.com>
(cherry picked from commit 483e29e783)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-02 00:20:37 -08:00
Brad Davidson b5a3126757 Address nits from self-review 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 9ff0943d56)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-02 00:20:37 -08:00
Brad Davidson 78917e1de6 Allow agent to run rootless 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 56bf7d6ad3)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-02 00:20:37 -08:00
Brad Davidson fd7db23961 Add rootless IPv6 support 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 6f2b21c5cd)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-02 00:20:37 -08:00
Brad Davidson f4a2be5108 Make rootless settings configurable 
Add enivironment variables for port-driver, cidr, mtu, and disable-host-loopback settings. Since rootless is still experimental, I don't think they deserve full CLI flag status.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit c02dceb7ad)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-02 00:20:37 -08:00
Brad Davidson e7b6ad399a go generate 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 73171ff20a)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-02 00:20:37 -08:00
Derek Nola f457794d8e Add new `prefer-bundled-bin` experimental flag (#6420) 
* initial prefer-bundled-bin ci change
* Add startup testlet
* Convert parsing to pflag library
* Fix code validation
* go mod tidy

Signed-off-by: Derek Nola <derek.nola@suse.com>
(cherry picked from commit 0f52088cd3)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-02 00:20:37 -08:00
Derek Nola a10c4fa6c3
Change secrets-encryption flag to GA 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2022-12-01 12:38:30 -08:00
Manuel Buil a3297cc76a Fix log for flannelExternalIP use case 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2022-11-22 16:55:51 +01:00
Manuel Buil 7eafff5548 Remove stuff which belongs in the windows executor implementation 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2022-11-18 09:46:19 +01:00