Derek Nola
48ffed3852
Enable logging on all subcommands ( #4921 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-01-12 14:00:40 -08:00
Brad Davidson
a0cadcd343
Move ClusterResetRestore handling ControlConfig setup
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-12 10:46:10 -08:00
Brad Davidson
e7464a17f7
Fix use of agent creds for secrets-encrypt and config validate
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-06 12:55:18 -08:00
Lordran
31f1a00b6f
Fix a typo: advertise-up -> advertise-ip ( #4827 )
...
Signed-off-by: 胥朝阳 <xuzhaoyang@91cyt.com>
2022-01-06 08:52:07 -08:00
Hussein Galal
2e91913f54
Close agentReady channel only in k3s ( #4792 )
...
* Close agentReady channel only in k3s
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* codespell check
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-12-21 00:22:49 +02:00
Hussein Galal
d71b335871
Fix snapshot restoration on fresh nodes ( #4737 )
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-12-14 02:04:39 +02:00
Hussein Galal
3985fd0e26
[master] Add validation to certificate rotation ( #4692 )
...
* Add validation to certificate rotation
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add validation to certificate rotation
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-12-09 18:57:13 +02:00
Derek Nola
bcb662926d
Secrets-encryption rotation ( #4372 )
...
* Regular CLI framework for encrypt commands
* New secrets-encryption feature
* New integration test
* fixes for flaky integration test CI
* Fix to bootstrap on restart of existing nodes
* Consolidate event recorder
Signed-off-by: Derek Nola <derek.nola@suse.com>
2021-12-07 14:31:32 -08:00
Hussein Galal
77fd3e99ec
Add cert rotation command ( #4495 )
...
* Add cert rotation command
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* add function to check for dynamic listener file
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* Add dynamiclistener cert rotation support
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fixes to the cert rotation
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix ci tests
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fixes to certificate rotation command
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* more fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
Co-authored-by: Brian Downs <brian.downs@gmail.com>
2021-12-02 23:19:16 +02:00
Chris Kim
ae4a1a144a
etcd snapshot functionality enhancements ( #4453 )
...
Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-11-29 10:30:04 -08:00
Hussein Galal
03485632ea
Fix regression with cluster reset ( #4521 )
...
* Fix regression with cluster reset
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* typo
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-11-17 23:22:18 +02:00
Chris Kim
f18b3252c0
[master] Add etcd extra args support for K3s ( #4463 )
...
* Add etcd extra args support for K3s
Signed-off-by: Chris Kim <oats87g@gmail.com>
* Add etcd custom argument integration test
Signed-off-by: Chris Kim <oats87g@gmail.com>
* go generate
Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-11-11 21:03:15 -08:00
Derek Nola
4b57951fb0
Fix to allow etcd-snapshot to use config file with flags that are only used with k3s server. ( #4464 )
...
* Enabled skipping of unknown flags from config in parser
* Added new unit test, expanded existing
Signed-off-by: Derek Nola <derek.nola@suse.com>
2021-11-11 16:01:23 -08:00
Manuel Buil
8271d98a76
Merge pull request #4437 from manuelbuil/fix_svclb_ipv6_rh
...
Allow svclb pod to enable ipv6 forwarding
2021-11-10 19:08:40 +01:00
Manuel Buil
5d168a1d59
Allow svclb pod to enable ipv6 forwarding
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-11-10 18:20:03 +01:00
Brian Downs
adaeae351c
update bootstrap logic ( #4438 )
...
* update bootstrap logic resolving a startup bug and account for etcd
2021-11-10 05:33:42 -07:00
Luther Monson
36c6634cce
[master] updating to new signals package in wrangler ( #4399 )
...
* updating to new signals package in wrangler
Signed-off-by: Luther Monson <luther.monson@gmail.com>
2021-11-08 08:32:43 -07:00
Brad Davidson
f9f1cabe9c
Fix log/reap reexec
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-11-01 14:24:14 -07:00
Derek Nola
918945da45
Added configuration input to etcd-snapshot ( #4280 )
...
Signed-off-by: dereknola <derek.nola@suse.com>
2021-10-22 12:03:32 -07:00
Brian Downs
e11a4bf8bb
set duration to second ( #4231 )
2021-10-15 16:46:39 -07:00
Brian Downs
0452f017c1
Add etcd s3 timeout ( #4207 )
2021-10-15 10:24:14 -07:00
Brad Davidson
5a923ab8dc
Add containerd ready channel to delay etcd node join
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-10-14 14:03:52 -07:00
Brad Davidson
dc18ef2e51
Refactor log and reaper exec to omit MAINPID
...
Using MAINPID breaks systemd's exit detection, as it stops watching the
original pid, but is unable to watch the new pid as it is not a child
of systemd itself. The best we can do is just notify when execing the child
process.
We also need to consolidate forking into a sigle place so that we don't
end up with multiple levels of child processes if both redirecting log
output and reaping child processes.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-10-12 13:35:10 -07:00
Brian Downs
ac7a8d89c6
Add ability to reconcile bootstrap data between datastore and disk ( #3398 )
2021-10-07 12:47:00 -07:00
Derek Nola
b6919adf62
Add "etcd-" prefix to etcd-snapshot commands as aliases ( #4161 )
...
* Add "etcd-" prefix to etcd-snapshot commands as alias
Signed-off-by: dereknola <derek.nola@suse.com>
2021-10-06 14:20:22 -07:00
Brad Davidson
12e675e2cc
Don't evacuate the root cgroup when rootless
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-10-01 16:18:12 -07:00
Brad Davidson
5d1a37ee32
Send MAINPID to systemd when reexecing for logfile output
...
This allows the new process to notify systemd when it is ready.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-29 11:41:09 -07:00
Brad Davidson
a16105b348
Properly handle operation as init process
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-28 11:05:34 -07:00
Hussein Galal
7826407a2e
Make sure there are no duplicates in etcd member list ( #4025 )
...
* Make sure there are no duplicates in etcd member list
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix node names with hyphens
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* use full server name for etcd node name
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-09-18 00:51:18 +02:00
Derek Nola
eda65b19d9
Remove expiremental from cluster commands ( #4024 )
...
Signed-off-by: dereknola <derek.nola@suse.com>
2021-09-15 16:41:50 -07:00
Manuel Buil
9fcd79baae
Add tests to the dual-stack PR and enable dual-stack with flannel backend
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-09-15 14:11:54 +02:00
Devin Buhl
a1ec43e0b7
feat: add option to disable s3 over https
...
Signed-off-by: Devin Buhl <devin.kray@gmail.com>
2021-09-05 12:03:49 -04:00
Brad Davidson
cf12a13175
Add missing node name entry to apiserver SAN list
...
Also honor node-ip when adding the node address to the SAN list, instead
of hardcoding the autodetected IP address.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-01 13:22:32 -07:00
Brad Davidson
b8add39b07
Bump kine for metrics/tls changes
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-01 01:51:30 -07:00
Hussein Galal
e322924781
Reset load balancer state during restoraion ( #3877 )
...
* Reset load balancer state during restoraion
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Reset load balancer state during restoraion
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-08-18 01:02:30 +02:00
Jiaqi Luo
3b01157a3a
Use New Image Names ( #3749 )
...
* switch image names to the ones with the prefix mirrored
* bump rancher/mirrored-coredns-coredns to 1.8.4
Signed-off-by: Jiaqi Luo <6218999+jiaqiluo@users.noreply.github.com>
2021-08-06 16:14:58 -07:00
Hussein Galal
2069cdf4ee
Fix initial start of etcd only nodes ( #3748 )
...
* Fix initial start of etcd only nodes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* more fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* more fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-08-03 19:53:21 +02:00
Brad Davidson
869b98bc4c
Sync DisableKubeProxy into control struct
...
Sync DisableKubeProxy from cfg into control before sending control to clients,
as it may have been modified by a startup hook.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-07-30 12:26:50 -07:00
Hussein Galal
b1b5f72dc3
Notify systemd for etcd only node ( #3732 )
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-29 23:42:19 +02:00
Derek Nola
21c8a33647
Introduction of Integration Tests ( #3695 )
...
* Commit of new etcd snapshot integration tests.
* Updated integration github action to not run on doc changes.
* Update Drone runner to only run unit tests
Signed-off-by: dereknola <derek.nola@suse.com>
2021-07-26 09:59:33 -07:00
Luther Monson
37fcb61f5e
move go routines for api server ready beneath wait group
...
Signed-off-by: Luther Monson <luther.monson@gmail.com>
2021-07-20 17:36:34 -07:00
Luther Monson
18bc98f60c
adding startup hooks args to access to Disables and Skips ( #3674 )
...
Signed-off-by: Luther Monson <luther.monson@gmail.com>
2021-07-20 05:24:52 +02:00
Jamie Phillips
aef8a6aafd
Adding support for waitgroup to the Startuphooks ( #3654 )
...
The startup hooks where executing after the deploy controller. We needed the deploy controller to wait until the startup hooks had completed.
2021-07-15 19:28:47 -07:00
Brian Downs
238dc2086e
prevent snapshot save when snapshots are disabled ( #3475 )
...
* prevent snapshot save when snapshots are disabled
2021-07-09 10:22:49 -07:00
Chris Kim
ada145641c
Update etcd snapshot error message to be more informative when etcd database is not found ( #3568 )
...
Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-07-07 16:01:50 -07:00
Hussein Galal
f5fbb9a9a8
Export cli server flags and etcd restoration functions ( #3527 )
...
* Export cli server flags and etfd restoration functions
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* export S3
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-06-30 22:29:03 +02:00
Joe Kralicky
a84c75af62
Adds a command-line flag '--disable-helm-controller' that will disable
...
the server's built-in helm controller.
Problem:
Testing installation and uninstallation of the Helm Controller on k3s is
not possible if the Helm Controller is baked into the k3s server.
Solution:
The Helm Controller can optionally be disabled, which will allow users
to manage its installation manually.
Signed-off-by: Joe Kralicky <joe.kralicky@suse.com>
2021-06-25 14:54:36 -04:00
Jamie Phillips
82394d7d36
Basic windows agent that will join a cluster without CNI.
...
Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>
2021-06-23 09:07:50 -07:00
Hussein Galal
136dddca11
Fix storing bootstrap data with empty token string ( #3422 )
...
* Fix storing bootstrap data with empty token string
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* delete node password secret after restoration
fixes to bootstrap key
vendor update
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix comment
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix typo
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* more fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* typos
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Removing dynamic listener file after restoration
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* go mod tidy
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-06-22 22:42:34 +02:00
Brian Downs
88f95ec409
Send systemd notifications for both server and agent ( #3430 )
...
* update agent to sent systemd notify after everything starts
2021-06-15 04:20:26 -07:00
Brian Downs
2682183773
add log message indicating etcd snapshots are disabled
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-06-04 09:18:16 -07:00
Jamie Phillips
7345ac35ae
Initial windows support for agent ( #3375 )
...
Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>
2021-06-01 12:29:46 -07:00
Brian Downs
254b52077e
add retention default and wire in s3 prune
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-05-18 13:57:40 -07:00
Brian Downs
e8ecc00fc8
add etcd snapshot save subcommand
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-05-17 10:55:13 -07:00
Brian Downs
6ee28214fa
Add the ability to prune etcd snapshots ( #3310 )
...
* add prune subcommand to force rentention policy enforcement
2021-05-13 13:36:33 -07:00
MonzElmasry
24474c5734
change --disable-apiserver flag
...
Signed-off-by: MonzElmasry <menna.elmasry@rancher.com>
2021-05-13 00:00:11 +02:00
Brian Downs
bcd8b67db4
Add the ability to list etcd snapshots ( #3303 )
...
* add ability to list local and s3 etcd snapshots
2021-05-11 16:59:33 -07:00
Brad Davidson
02a5bee62f
Add system-default-registry support and remove shared code ( #3285 )
...
* Move registries.yaml handling out to rancher/wharfie
* Add system-default-registry support
* Add CLI support for kubelet image credential providers
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-10 15:58:41 -07:00
Brian Downs
e998cd110d
Add the ability to delete an etcd snapshot locally or from S3 ( #3277 )
...
* Add the ability to delete a given set of etcd snapshots from the CLI for locally stored and S3 store snapshots.
2021-05-07 16:10:04 -07:00
Hussein Galal
f410fc7d1e
Invoke cluster reset function when only reset flag is passed ( #3276 )
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-05-05 17:40:04 +02:00
Brian Downs
c5ad71ce0b
Collect and Store etcd Snapshots and Metadata ( #3239 )
...
* Add the ability to store local etcd snapshots and etcd snapshots stored in an S3 compatible object store in a ConfigMap.
2021-04-30 18:26:39 -07:00
Brad Davidson
2705431d96
Add support for dual-stack Pod/Service CIDRs and node IP addresses ( #3212 )
...
* Add support for dual-stack cluster/service CIDRs and node addresses
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-21 15:56:20 -07:00
Brian Downs
80e4baf525
add hidden attribute to disable flags
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-04-13 14:30:47 -07:00
Brian Downs
4a49b9e40b
delete nocluster file and remove build tag
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-04-07 12:16:28 -07:00
Brian Downs
3ed9b0a997
remove hidden attribute from cluster flags and related code
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-04-07 11:36:02 -07:00
Chris Kim
69f96d6225
Define a Controllers and LeaderControllers on the server config ( #3043 )
...
Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-03-11 10:39:00 -08:00
Brad Davidson
7cdfaad6ce
Always use static ports for client load-balancers ( #3026 )
...
* Always use static ports for the load-balancers
This fixes an issue where RKE2 kube-proxy daemonset pods were failing to
communicate with the apiserver when RKE2 was restarted because the
load-balancer used a different port every time it started up.
This also changes the apiserver load-balancer port to be 1 below the
supervisor port instead of 1 above it. This makes the apiserver port
consistent at 6443 across servers and agents on RKE2.
Additional fixes below were required to successfully test and use this change
on etcd-only nodes.
* Actually add lb-server-port flag to CLI
* Fix nil pointer when starting server with --disable-etcd but no --server
* Don't try to use full URI as initial load-balancer endpoint
* Fix etcd load-balancer pool updates
* Update dynamiclistener to fix cert updates on etcd-only nodes
* Handle recursive initial server URL in load balancer
* Don't run the deploy controller on etcd-only nodes
2021-03-06 02:29:57 -08:00
Hussein Galal
c26b737b24
Mark disable components flags as experimental ( #3018 )
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-03-05 00:05:20 +02:00
Brian Downs
4d1f9eda9d
Etcd Snapshot/Restore to/from S3 Compatible Backends ( #2902 )
...
* Add functionality for etcd snapshot/restore to and from S3 compatible backends.
* Update etcd restore functionality to extract and write certificates and configs from snapshot.
2021-03-03 11:14:12 -07:00
Hussein Galal
1bf04b6a50
Merge pull request #3003 from galal-hussein/fix_etcd_only_nodes
...
Fix etcd only nodes
2021-03-02 02:16:02 +02:00
galal-hussein
d6124981d5
remove etcd member if disable etcd is passed
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-03-01 23:50:50 +02:00
Brad Davidson
9b39c1c117
Hide the airgap-extra-registry flag
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-26 16:08:49 -08:00
Brad Davidson
ec661c67d7
Add support for retagging images on load from tarball
...
Adds support for retagging images to appear to have been sourced from
one or more additional registries as they are imported from the tarball.
This is intended to support RKE2 use cases with system-default-registry
where the images need to appear to have been pulled from a registry
other than docker.io.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-17 11:48:03 -08:00
Hussein Galal
5749f66aa3
Add disable flags for control components ( #2900 )
...
* Add disable flags to control components
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* golint
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* more fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fixes to disable flags
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add comments to functions
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Fix joining problem
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* more fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* golint
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix ticker
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix role labels
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* more fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-02-12 17:35:57 +02:00
Brian Downs
21d1690d5d
update usage text ( #2926 )
...
update to the --cluster-init usage flag to indicate it's for Etcd
2021-02-10 15:54:04 -07:00
Brad Davidson
07256cf7ab
Add ServiceIPRange and ServiceNodePortRange to agent config
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-03 10:41:51 -08:00
Yuriy
06fda7accf
Add functionality to bind custom IP address for Etcd metrics endpoint ( #2750 )
...
* Add functionality to bind custom IP address for Etcd metrics endpoint
Signed-off-by: yuriydzobak <yurii.dzobak@lotusflare.com>
2021-01-22 17:40:48 -08:00
Brian Downs
13229019f8
Add ability to perform an etcd on-demand snapshot via cli ( #2819 )
...
* add ability to perform an etcd on-demand snapshot via cli
2021-01-21 14:09:15 -07:00
Chris Kim
332fd73d46
Add support for both config-file and data-dir at a global level in the self-extracting wrapper for K3s ( #2594 )
...
* Add support for both config-file and data-dir at a global level in the self-extracting wrapper for K3s
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-12-16 09:27:57 -08:00
Brad Davidson
c6950d2cb0
Update Kubernetes to v1.20.0-k3s1
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-12-08 22:51:34 -08:00
Chin-Ya Huang
3f0f2b342e
Show go version when executes with --version.
...
Signed-off-by: Chin-Ya Huang <chin-ya.huang@suse.com>
2020-12-04 12:51:15 -08:00
Brad Davidson
3b8ec74049
Update disables list when building with no_stage
...
The --disable/--no-deploy flags actually turn off some built-in
controllers, in addition to preventing manifests from getting loaded.
Make it clear which controllers can still be disabled even when the
packaged components are ommited by the no_stage build tag.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-04 13:39:45 -08:00
MonzElmasry
e8436cc76b
Make etcd use node private ip
...
Signed-off-by: MonzElmasry <menna.elmasry@rancher.com>
2020-10-28 23:45:24 +02:00
Brian Downs
ba70c41cce
Initial Logging Output Update ( #2246 )
...
This attempts to update logging statements to make them consistent
through out the code base. It also adds additional context to messages
where possible, simplifies messages, and updates level where necessary.
2020-09-21 09:56:03 -07:00
Brian Downs
4c3ec907ab
remove k8s daemon config from setup hook in favor of specific fields from the config ( #2206 )
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-09-04 09:30:36 -07:00
Darren Shepherd
64ae6affc5
Missing registering debug/config flags on server subcommand
...
Signed-off-by: Darren Shepherd <darren@rancher.com>
2020-09-03 13:19:25 -07:00
Darren Shepherd
551a1842ad
Update pkg/cli/cmds/config.go
...
Co-authored-by: Jacob Blain Christen <dweomer5@gmail.com>
2020-09-01 10:43:28 -07:00
Darren Shepherd
7657ed2e13
Update pkg/cli/server/server.go
...
Co-authored-by: Jacob Blain Christen <dweomer5@gmail.com>
2020-09-01 10:43:19 -07:00
Darren Shepherd
21d21ddd4d
Add config file support independent of CLI framework
...
Signed-off-by: Darren Shepherd <darren@rancher.com>
2020-08-29 21:44:13 -07:00
Darren Shepherd
ae5c585050
Revert "Add config file support"
...
This reverts commit e1dc3451bc
.
Signed-off-by: Darren Shepherd <darren@rancher.com>
2020-08-29 21:44:07 -07:00
Brian Downs
866dc94cea
Galal hussein etcd backup restore ( #2154 )
...
* Add etcd snapshot and restore
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix error logs
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* goimports
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix flag describtion
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add disable snapshot and retention
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* use creation time for snapshot retention
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* unexport method, update var name
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* adjust snapshot flags
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update var name, string concat
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* revert previous change, create constants
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* updates
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* type assertion error checking
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* pr remediation
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* pr remediation
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* pr remediation
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* pr remediation
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* pr remediation
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* updates
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* updates
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* simplify logic, remove unneeded function
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update flags
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update flags
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* add comment
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* exit on restore completion, update flag names, move retention check
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* exit on restore completion, update flag names, move retention check
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* exit on restore completion, update flag names, move retention check
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update disable snapshots flag and field names
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* move function
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update field names
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update var and field names
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update var and field names
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update defaultSnapshotIntervalMinutes to 12 like rke
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update directory perms
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update etc-snapshot-dir usage
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update interval to 12 hours
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* fix usage typo
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* add cron
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* add cron
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* add cron
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* wire in cron
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* wire in cron
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* wire in cron
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* wire in cron
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* wire in cron
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* wire in cron
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* wire in cron
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update deps target to work, add build/data target for creation, and generate
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* remove dead make targets
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* error handling, cluster reset functionality
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* error handling, cluster reset functionality
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* remove intermediate dapper file
Signed-off-by: Brian Downs <brian.downs@gmail.com>
Co-authored-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2020-08-28 16:57:40 -07:00
Brad Davidson
c4ac620b8b
Merge pull request #2159 from brandond/config_file_rename
...
Rename flags.conf to config.yaml
2020-08-25 21:43:48 -07:00
Brad Davidson
b4d81a9e33
Remove lingering references to dqlite
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-08-24 17:09:19 -07:00
Brad Davidson
43fcc5ddcb
Rename flags.conf => config.yaml
...
Related to https://github.com/rancher/rke2/issues/150
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-08-24 14:56:30 -07:00
Brian Downs
324bb55986
add ctx to hook, handle hook errors
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-08-19 16:54:58 -07:00
Brian Downs
fa2c1422b3
change name of variable
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-08-19 14:30:53 -07:00
Brian Downs
a4b2953017
add setup hook capabilities for rke2
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-08-19 13:42:45 -07:00
Brad Davidson
79c499f0e0
Fix handling of TLS configuration args
...
Also fixes an unrelated error formatting issue turned up while testing.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-08-18 16:44:10 -07:00
Jacob Blain Christen
e2089bea18
cli: add --selinux flag to agent/server sub-cmds ( #2111 )
...
* cli: add --selinux flag to agent/server sub-cmds
Introduces --selinux flag to affirmatively enable SELinux in containerd.
Deprecates --disable-selinux flag which now defaults to true which
auto-detection of SELinux configuration for containerd is no longer
supported. Specifying both --selinux and --disable-selinux will result
in an error message encouraging you to pick a side.
* Update pkg/agent/containerd/containerd.go
update log warning message about enabled selinux host but disabled runtime
Co-authored-by: Brad Davidson <brad@oatmail.org>
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-08-11 16:17:32 -07:00
Brad Davidson
1eec7348a5
Call setproctitle to conceal node args in ps output
...
This is related to #2014 .
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-07-28 15:49:49 -07:00
Brian Downs
5a81fdbdc5
update cis flag implementation to propogate the rest of the way through to kubelet
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-07-20 16:31:56 -07:00
Jason
e3f8789114
Add containerd snapshotter flag ( #1991 )
...
* Add containerd snapshotter flag
Signed-off-by: Jason-ZW <zhenyang@rancher.com>
* Fix CamelCase nit and option description
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Jason-ZW <zhenyang@rancher.com>
Co-authored-by: Brad Davidson <brad@oatmail.org>
2020-07-18 01:16:23 +02:00
Brian Downs
abb2d9aad1
add flag usage
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-07-14 15:55:18 -07:00
Brian Downs
57a6319fac
add protect-kernel-defaults to kubelet
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-07-14 15:46:10 -07:00
Erik Wilson
e1dc3451bc
Add config file support
2020-07-10 10:34:00 -07:00
Darren Shepherd
7e59c0801e
Make program name a variable to be changed at compile time
2020-06-06 16:39:41 -07:00
Chuck Schweizer
19c34bd12d
Update to set default CipherSuites
...
The default CipherSuites need to be set to disable the insecure TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Cipher
2020-05-13 08:34:45 -05:00
Chuck Schweizer
ca9c9c2e1e
Adding support for TLS MinVersion and CipherSuites
...
This will watch for the following kube-apiserver-arg variables and apply
them to the k3s kube-apiserver https listener.
--kube-apiserver-arg=tls-cipher-suites=XXXXXXX
--kube-apiserver-arg=tls-min-version=XXXXXXX
2020-05-07 09:27:09 -05:00
Darren Shepherd
cb4b34763e
Merge pull request #1759 from ibuildthecloud/background
...
Start kube-apiserver in the background
2020-05-06 21:50:48 -07:00
Darren Shepherd
072396f774
Start kube-apiserver in the background
...
In rke2 everything is a static pod so this causes a chicken and egg situation
in which we need the kubelet running before the kube-apiserver can be
launched. By starting the apiserver in the background this allows us to
do this odd bootstrapping.
2020-05-06 21:17:23 -07:00
Darren Shepherd
2f5ee914f9
Add supervisor port
...
In k3s today the kubernetes API and the /v1-k3s API are combined into
one http server. In rke2 we are running unmodified, non-embedded Kubernetes
and as such it is preferred to run k8s and the /v1-k3s API on different
ports. The /v1-k3s API port is called the SupervisorPort in the code.
To support this separation of ports a new shim was added on the client in
then pkg/agent/proxy package that will launch two load balancers instead
of just one load balancer. One load balancer for 6443 and the other
for 9345 (which is the supervisor port).
2020-05-05 15:54:51 -07:00
Darren Shepherd
341895c322
Don't write ccm.yaml if --disable-cloud-controller is set
2020-05-05 13:01:52 -07:00
Erik Wilson
39c3854648
Merge pull request #1720 from ilknarf/master
...
remove redundant Sprintf
2020-05-04 20:50:58 -07:00
Erik Wilson
c71561129e
Merge pull request #1716 from ibuildthecloud/debugpublic
...
Make debug variable public to be used by wrapper programs
2020-05-04 20:50:36 -07:00
Erik Wilson
c941e1d0bb
Merge pull request #1695 from ibuildthecloud/kubeproxy
...
Add ability to disable kubeproxy
2020-05-04 20:26:22 -07:00
Erik Wilson
df1725cb06
Merge pull request #1694 from ibuildthecloud/inittwice
...
Allow InitLogging to be called twice
2020-05-04 20:22:04 -07:00
Frank
a18d94e5f9
remove redundant Sprintf
2020-04-30 10:48:12 -05:00
Darren Shepherd
56770ff2cc
Make debug variable public to be used by wrapper programs
2020-04-29 11:37:59 -07:00
Darren Shepherd
5715e1ba0d
Add ability to disable kubeproxy
2020-04-27 11:24:00 -07:00
Darren Shepherd
8cc9efdf7c
Allow InitLogging to be called twice
...
This makes it a bit easier to embed k3s into another go program
2020-04-27 11:16:08 -07:00
Darren Shepherd
8b8af94eb2
Move disabled items to a const to keep more consistency
...
This also help when embedding k3s because we can programmitically know
all the components to disable.
2020-04-27 11:15:35 -07:00
Darren Shepherd
7d06d2ccc1
Merge pull request #1653 from KnicKnic/enable_agent_windows
...
enable agent to start on windows
2020-04-27 09:05:12 -07:00
Knic Knic
7f77c9a3c8
enable agent to start on windows
2020-04-18 23:43:08 -07:00
galal-hussein
3f927d8006
Revert "Replace traefik with nginx"
...
This reverts commit 9a17033095
.
2020-03-11 01:45:23 +02:00
Erik Wilson
ceff3f58fb
Merge pull request #1466 from galal-hussein/traefik_to_nginx
...
Replace traefik with nginx
2020-03-02 15:04:09 -07:00
galal-hussein
9a17033095
Replace traefik with nginx
2020-03-03 00:00:39 +02:00
Erik Wilson
a3cb9ee1f6
Simplify SELinux detection and add --disable-selinux flag
2020-02-28 10:10:55 -07:00
Erik Wilson
0374c4f63d
Add --disable flag
2020-01-30 16:45:01 -07:00
Erik Wilson
1a2690d7be
Merge pull request #1192 from galal-hussein/add_encryption_config
...
Add secret encryption config
2020-01-27 13:59:09 -07:00
Erik Wilson
7675f9f85c
Clean up host-gw variable names
2020-01-08 17:43:07 -07:00
Segator
c23f12765e
hostgw flannel support
2020-01-08 17:43:07 -07:00
galal-hussein
388cd9c4e8
Add secret encryption configuration
2019-12-23 13:16:27 +02:00
Erik Wilson
76281bf731
Update k3s for k8s 1.17.0
2019-12-15 23:28:19 -07:00
Erik Wilson
d4959d53af
Merge pull request #1182 from erikwilson/docker-pause-image
...
Allow --pause-image to set docker sandbox image also
2019-12-11 10:36:07 -07:00
Erik Wilson
2eacfa75cb
Merge pull request #1180 from erikwilson/cleanup-flannel-backend-help-text
...
Cleanup --flannel-backend help text
2019-12-11 10:35:50 -07:00
Erik Wilson
2de93d70cf
Allow --pause-image to set docker sandbox image also
2019-12-10 16:16:26 -07:00
Erik Wilson
11e4d01efe
Cleanup --flannel-backend help text
2019-12-10 14:51:16 -07:00
Jacob Blain Christen
063efb25bb
Mutable --node-label values for server/agent sub-commands.
...
Values passed in via the server/agent `--node-label` flag are treated as mutable. They are passed through to the kubelet just as before but after the kubelet comes up they are applied again. This allows for passing labels a k3s start-time that may be necessary for scheduling but may change from boot to boot, e.g. `k3os.io/version` after an upgrade.
Tested locallon on my amd64 workstation with the docker container.
Addresses #1119 .
2019-12-09 16:40:15 -07:00
galal-hussein
99b8222e8d
Change storage to datastore
2019-11-15 21:52:07 -07:00
Erik Wilson
95ff805c98
Fix broken K3S_TOKEN env
2019-11-14 12:42:42 -07:00
Erik Wilson
d4151b7739
Add the --with-node-id flag to agent
2019-11-13 16:13:41 -07:00
Erik Wilson
a73f8b1773
Update check-config.sh for k3s
2019-11-13 08:34:24 -07:00
Erik Wilson
e4b3730fa2
Go DNS lookup order hack
2019-11-12 20:16:31 -07:00
Erik Wilson
55c05ac500
Refactor node password location
2019-11-12 15:30:34 -07:00
Darren Shepherd
3e213d1347
Allow --debug to be set with K3S_DEBUG env var
2019-11-12 08:22:48 +00:00
Darren Shepherd
3f5fb70116
Move server arguments to experimental for dqlite related
2019-11-12 01:12:24 +00:00
Darren Shepherd
e2431bdf9d
Add dqlite support
2019-11-10 03:49:56 +00:00
Darren Shepherd
53d3ab074c
Shrink k3s wrapper binary
2019-11-08 21:35:58 +00:00
Erik Wilson
47a94637dc
Move metrics-server manifests to sub-directory
2019-11-05 14:30:50 -07:00
Erik Wilson
0fef39de65
Add default multi-arch metrics-server deployment
2019-11-05 10:11:08 -07:00