Commit Graph

327 Commits (890645924fd39b8edd454df33ac87500eb1f875b)

Author SHA1 Message Date
Derek Nola 48ffed3852
Enable logging on all subcommands (#4921)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-01-12 14:00:40 -08:00
Brad Davidson a0cadcd343 Move ClusterResetRestore handling ControlConfig setup
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-12 10:46:10 -08:00
Brad Davidson e7464a17f7 Fix use of agent creds for secrets-encrypt and config validate
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-01-06 12:55:18 -08:00
Lordran 31f1a00b6f
Fix a typo: advertise-up -> advertise-ip (#4827)
Signed-off-by: 胥朝阳 <xuzhaoyang@91cyt.com>
2022-01-06 08:52:07 -08:00
Hussein Galal 2e91913f54
Close agentReady channel only in k3s (#4792)
* Close agentReady channel only in k3s

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* codespell check

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-12-21 00:22:49 +02:00
Hussein Galal d71b335871
Fix snapshot restoration on fresh nodes (#4737)
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-12-14 02:04:39 +02:00
Hussein Galal 3985fd0e26
[master] Add validation to certificate rotation (#4692)
* Add validation to certificate rotation

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Add validation to certificate rotation

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-12-09 18:57:13 +02:00
Derek Nola bcb662926d
Secrets-encryption rotation (#4372)
* Regular CLI framework for encrypt commands
* New secrets-encryption feature
* New integration test
* fixes for flaky integration test CI
* Fix to bootstrap on restart of existing nodes
* Consolidate event recorder

Signed-off-by: Derek Nola <derek.nola@suse.com>
2021-12-07 14:31:32 -08:00
Hussein Galal 77fd3e99ec
Add cert rotation command (#4495)
* Add cert rotation command

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* add function to check for dynamic listener file

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* Add dynamiclistener cert rotation support

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fixes to the cert rotation

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix ci tests

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fixes to certificate rotation command

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

Co-authored-by: Brian Downs <brian.downs@gmail.com>
2021-12-02 23:19:16 +02:00
Chris Kim ae4a1a144a
etcd snapshot functionality enhancements (#4453)
Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-11-29 10:30:04 -08:00
Hussein Galal 03485632ea
Fix regression with cluster reset (#4521)
* Fix regression with cluster reset

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* typo

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-11-17 23:22:18 +02:00
Chris Kim f18b3252c0
[master] Add etcd extra args support for K3s (#4463)
* Add etcd extra args support for K3s

Signed-off-by: Chris Kim <oats87g@gmail.com>

* Add etcd custom argument integration test

Signed-off-by: Chris Kim <oats87g@gmail.com>

* go generate

Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-11-11 21:03:15 -08:00
Derek Nola 4b57951fb0
Fix to allow etcd-snapshot to use config file with flags that are only used with k3s server. (#4464)
* Enabled skipping of unknown flags from config in parser
* Added new unit test, expanded existing

Signed-off-by: Derek Nola <derek.nola@suse.com>
2021-11-11 16:01:23 -08:00
Manuel Buil 8271d98a76
Merge pull request #4437 from manuelbuil/fix_svclb_ipv6_rh
Allow svclb pod to enable ipv6 forwarding
2021-11-10 19:08:40 +01:00
Manuel Buil 5d168a1d59 Allow svclb pod to enable ipv6 forwarding
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-11-10 18:20:03 +01:00
Brian Downs adaeae351c
update bootstrap logic (#4438)
* update bootstrap logic resolving a startup bug and account for etcd
2021-11-10 05:33:42 -07:00
Luther Monson 36c6634cce
[master] updating to new signals package in wrangler (#4399)
* updating to new signals package in wrangler

Signed-off-by: Luther Monson <luther.monson@gmail.com>
2021-11-08 08:32:43 -07:00
Brad Davidson f9f1cabe9c Fix log/reap reexec
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-11-01 14:24:14 -07:00
Derek Nola 918945da45
Added configuration input to etcd-snapshot (#4280)
Signed-off-by: dereknola <derek.nola@suse.com>
2021-10-22 12:03:32 -07:00
Brian Downs e11a4bf8bb
set duration to second (#4231) 2021-10-15 16:46:39 -07:00
Brian Downs 0452f017c1
Add etcd s3 timeout (#4207) 2021-10-15 10:24:14 -07:00
Brad Davidson 5a923ab8dc Add containerd ready channel to delay etcd node join
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-10-14 14:03:52 -07:00
Brad Davidson dc18ef2e51 Refactor log and reaper exec to omit MAINPID
Using MAINPID breaks systemd's exit detection, as it stops watching the
original pid, but is unable to watch the new pid as it is not a child
of systemd itself. The best we can do is just notify when execing the child
process.

We also need to consolidate forking into a sigle place so that we don't
end up with multiple levels of child processes if both redirecting log
output and reaping child processes.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-10-12 13:35:10 -07:00
Brian Downs ac7a8d89c6
Add ability to reconcile bootstrap data between datastore and disk (#3398) 2021-10-07 12:47:00 -07:00
Derek Nola b6919adf62
Add "etcd-" prefix to etcd-snapshot commands as aliases (#4161)
* Add "etcd-" prefix to etcd-snapshot commands as alias

Signed-off-by: dereknola <derek.nola@suse.com>
2021-10-06 14:20:22 -07:00
Brad Davidson 12e675e2cc Don't evacuate the root cgroup when rootless
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-10-01 16:18:12 -07:00
Brad Davidson 5d1a37ee32 Send MAINPID to systemd when reexecing for logfile output
This allows the new process to notify systemd when it is ready.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-29 11:41:09 -07:00
Brad Davidson a16105b348 Properly handle operation as init process
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-28 11:05:34 -07:00
Hussein Galal 7826407a2e
Make sure there are no duplicates in etcd member list (#4025)
* Make sure there are no duplicates in etcd member list

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix node names with hyphens

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* use full server name for etcd node name

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-09-18 00:51:18 +02:00
Derek Nola eda65b19d9
Remove expiremental from cluster commands (#4024)
Signed-off-by: dereknola <derek.nola@suse.com>
2021-09-15 16:41:50 -07:00
Manuel Buil 9fcd79baae Add tests to the dual-stack PR and enable dual-stack with flannel backend
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-09-15 14:11:54 +02:00
Devin Buhl a1ec43e0b7
feat: add option to disable s3 over https
Signed-off-by: Devin Buhl <devin.kray@gmail.com>
2021-09-05 12:03:49 -04:00
Brad Davidson cf12a13175 Add missing node name entry to apiserver SAN list
Also honor node-ip when adding the node address to the SAN list, instead
of hardcoding the autodetected IP address.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-01 13:22:32 -07:00
Brad Davidson b8add39b07 Bump kine for metrics/tls changes
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-01 01:51:30 -07:00
Hussein Galal e322924781
Reset load balancer state during restoraion (#3877)
* Reset load balancer state during restoraion

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Reset load balancer state during restoraion

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-08-18 01:02:30 +02:00
Jiaqi Luo 3b01157a3a
Use New Image Names (#3749)
* switch image names to the ones with the prefix mirrored
* bump rancher/mirrored-coredns-coredns to 1.8.4

Signed-off-by: Jiaqi Luo <6218999+jiaqiluo@users.noreply.github.com>
2021-08-06 16:14:58 -07:00
Hussein Galal 2069cdf4ee
Fix initial start of etcd only nodes (#3748)
* Fix initial start of etcd only nodes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-08-03 19:53:21 +02:00
Brad Davidson 869b98bc4c Sync DisableKubeProxy into control struct
Sync DisableKubeProxy from cfg into control before sending control to clients,
as it may have been modified by a startup hook.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-07-30 12:26:50 -07:00
Hussein Galal b1b5f72dc3
Notify systemd for etcd only node (#3732)
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-07-29 23:42:19 +02:00
Derek Nola 21c8a33647
Introduction of Integration Tests (#3695)
* Commit of new etcd snapshot integration tests.
* Updated integration github action to not run on doc changes.
* Update Drone runner to only run unit tests

Signed-off-by: dereknola <derek.nola@suse.com>
2021-07-26 09:59:33 -07:00
Luther Monson 37fcb61f5e move go routines for api server ready beneath wait group
Signed-off-by: Luther Monson <luther.monson@gmail.com>
2021-07-20 17:36:34 -07:00
Luther Monson 18bc98f60c
adding startup hooks args to access to Disables and Skips (#3674)
Signed-off-by: Luther Monson <luther.monson@gmail.com>
2021-07-20 05:24:52 +02:00
Jamie Phillips aef8a6aafd
Adding support for waitgroup to the Startuphooks (#3654)
The startup hooks where executing after the deploy controller. We needed the deploy controller to wait until the startup hooks had completed.
2021-07-15 19:28:47 -07:00
Brian Downs 238dc2086e
prevent snapshot save when snapshots are disabled (#3475)
* prevent snapshot save when snapshots are disabled
2021-07-09 10:22:49 -07:00
Chris Kim ada145641c
Update etcd snapshot error message to be more informative when etcd database is not found (#3568)
Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-07-07 16:01:50 -07:00
Hussein Galal f5fbb9a9a8
Export cli server flags and etcd restoration functions (#3527)
* Export cli server flags and etfd restoration functions

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* export S3

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-06-30 22:29:03 +02:00
Joe Kralicky a84c75af62 Adds a command-line flag '--disable-helm-controller' that will disable
the server's built-in helm controller.

Problem:
Testing installation and uninstallation of the Helm Controller on k3s is
not possible if the Helm Controller is baked into the k3s server.

Solution:
The Helm Controller can optionally be disabled, which will allow users
to manage its installation manually.

Signed-off-by: Joe Kralicky <joe.kralicky@suse.com>
2021-06-25 14:54:36 -04:00
Jamie Phillips 82394d7d36 Basic windows agent that will join a cluster without CNI.
Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>
2021-06-23 09:07:50 -07:00
Hussein Galal 136dddca11
Fix storing bootstrap data with empty token string (#3422)
* Fix storing bootstrap data with empty token string

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* delete node password secret after restoration

fixes to bootstrap key

vendor update

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix comment

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix typo

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* typos

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Removing dynamic listener file after restoration

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* go mod tidy

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-06-22 22:42:34 +02:00
Brian Downs 88f95ec409
Send systemd notifications for both server and agent (#3430)
* update agent to sent systemd notify after everything starts
2021-06-15 04:20:26 -07:00
Brian Downs 2682183773 add log message indicating etcd snapshots are disabled
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-06-04 09:18:16 -07:00
Jamie Phillips 7345ac35ae
Initial windows support for agent (#3375)
Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>
2021-06-01 12:29:46 -07:00
Brian Downs 254b52077e add retention default and wire in s3 prune
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-05-18 13:57:40 -07:00
Brian Downs e8ecc00fc8 add etcd snapshot save subcommand
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-05-17 10:55:13 -07:00
Brian Downs 6ee28214fa
Add the ability to prune etcd snapshots (#3310)
* add prune subcommand to force rentention policy enforcement
2021-05-13 13:36:33 -07:00
MonzElmasry 24474c5734
change --disable-apiserver flag
Signed-off-by: MonzElmasry <menna.elmasry@rancher.com>
2021-05-13 00:00:11 +02:00
Brian Downs bcd8b67db4
Add the ability to list etcd snapshots (#3303)
* add ability to list local and s3 etcd snapshots
2021-05-11 16:59:33 -07:00
Brad Davidson 02a5bee62f
Add system-default-registry support and remove shared code (#3285)
* Move registries.yaml handling out to rancher/wharfie
* Add system-default-registry support
* Add CLI support for kubelet image credential providers

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-10 15:58:41 -07:00
Brian Downs e998cd110d
Add the ability to delete an etcd snapshot locally or from S3 (#3277)
* Add the ability to delete a given set of etcd snapshots from the CLI for locally stored and S3 store snapshots.
2021-05-07 16:10:04 -07:00
Hussein Galal f410fc7d1e
Invoke cluster reset function when only reset flag is passed (#3276)
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-05-05 17:40:04 +02:00
Brian Downs c5ad71ce0b
Collect and Store etcd Snapshots and Metadata (#3239)
* Add the ability to store local etcd snapshots and etcd snapshots stored in an S3 compatible object store in a ConfigMap.
2021-04-30 18:26:39 -07:00
Brad Davidson 2705431d96
Add support for dual-stack Pod/Service CIDRs and node IP addresses (#3212)
* Add support for dual-stack cluster/service CIDRs and node addresses

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-21 15:56:20 -07:00
Brian Downs 80e4baf525 add hidden attribute to disable flags
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-04-13 14:30:47 -07:00
Brian Downs 4a49b9e40b delete nocluster file and remove build tag
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-04-07 12:16:28 -07:00
Brian Downs 3ed9b0a997 remove hidden attribute from cluster flags and related code
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-04-07 11:36:02 -07:00
Chris Kim 69f96d6225
Define a Controllers and LeaderControllers on the server config (#3043)
Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-03-11 10:39:00 -08:00
Brad Davidson 7cdfaad6ce
Always use static ports for client load-balancers (#3026)
* Always use static ports for the load-balancers

This fixes an issue where RKE2 kube-proxy daemonset pods were failing to
communicate with the apiserver when RKE2 was restarted because the
load-balancer used a different port every time it started up.

This also changes the apiserver load-balancer port to be 1 below the
supervisor port instead of 1 above it. This makes the apiserver port
consistent at 6443 across servers and agents on RKE2.

Additional fixes below were required to successfully test and use this change
on etcd-only nodes.

* Actually add lb-server-port flag to CLI
* Fix nil pointer when starting server with --disable-etcd but no --server
* Don't try to use full URI as initial load-balancer endpoint
* Fix etcd load-balancer pool updates
* Update dynamiclistener to fix cert updates on etcd-only nodes
* Handle recursive initial server URL in load balancer
* Don't run the deploy controller on etcd-only nodes
2021-03-06 02:29:57 -08:00
Hussein Galal c26b737b24
Mark disable components flags as experimental (#3018)
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-03-05 00:05:20 +02:00
Brian Downs 4d1f9eda9d
Etcd Snapshot/Restore to/from S3 Compatible Backends (#2902)
* Add functionality for etcd snapshot/restore to and from S3 compatible backends.
* Update etcd restore functionality to extract and write certificates and configs from snapshot.
2021-03-03 11:14:12 -07:00
Hussein Galal 1bf04b6a50
Merge pull request #3003 from galal-hussein/fix_etcd_only_nodes
Fix etcd only nodes
2021-03-02 02:16:02 +02:00
galal-hussein d6124981d5 remove etcd member if disable etcd is passed
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-03-01 23:50:50 +02:00
Brad Davidson 9b39c1c117 Hide the airgap-extra-registry flag
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-26 16:08:49 -08:00
Brad Davidson ec661c67d7 Add support for retagging images on load from tarball
Adds support for retagging images to appear to have been sourced from
one or more additional registries as they are imported from the tarball.
This is intended to support RKE2 use cases with system-default-registry
where the images need to appear to have been pulled from a registry
other than docker.io.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-17 11:48:03 -08:00
Hussein Galal 5749f66aa3
Add disable flags for control components (#2900)
* Add disable flags to control components

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* golint

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fixes to disable flags

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Add comments to functions

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Fix joining problem

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* golint

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix ticker

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix role labels

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-02-12 17:35:57 +02:00
Brian Downs 21d1690d5d
update usage text (#2926)
update to the --cluster-init usage flag to indicate it's for Etcd
2021-02-10 15:54:04 -07:00
Brad Davidson 07256cf7ab Add ServiceIPRange and ServiceNodePortRange to agent config
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-03 10:41:51 -08:00
Yuriy 06fda7accf
Add functionality to bind custom IP address for Etcd metrics endpoint (#2750)
* Add functionality to bind custom IP address for Etcd metrics endpoint

Signed-off-by: yuriydzobak <yurii.dzobak@lotusflare.com>
2021-01-22 17:40:48 -08:00
Brian Downs 13229019f8
Add ability to perform an etcd on-demand snapshot via cli (#2819)
* add ability to perform an etcd on-demand snapshot via cli
2021-01-21 14:09:15 -07:00
Chris Kim 332fd73d46
Add support for both config-file and data-dir at a global level in the self-extracting wrapper for K3s (#2594)
* Add support for both config-file and data-dir at a global level in the self-extracting wrapper for K3s

Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-12-16 09:27:57 -08:00
Brad Davidson c6950d2cb0 Update Kubernetes to v1.20.0-k3s1
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-12-08 22:51:34 -08:00
Chin-Ya Huang 3f0f2b342e Show go version when executes with --version.
Signed-off-by: Chin-Ya Huang <chin-ya.huang@suse.com>
2020-12-04 12:51:15 -08:00
Brad Davidson 3b8ec74049 Update disables list when building with no_stage
The --disable/--no-deploy flags actually turn off some built-in
controllers, in addition to preventing manifests from getting loaded.
Make it clear which controllers can still be disabled even when the
packaged components are ommited by the no_stage build tag.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-04 13:39:45 -08:00
MonzElmasry e8436cc76b
Make etcd use node private ip
Signed-off-by: MonzElmasry <menna.elmasry@rancher.com>
2020-10-28 23:45:24 +02:00
Brian Downs ba70c41cce
Initial Logging Output Update (#2246)
This attempts to update logging statements to make them consistent
through out the code base. It also adds additional context to messages
where possible, simplifies messages, and updates level where necessary.
2020-09-21 09:56:03 -07:00
Brian Downs 4c3ec907ab
remove k8s daemon config from setup hook in favor of specific fields from the config (#2206)
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-09-04 09:30:36 -07:00
Darren Shepherd 64ae6affc5 Missing registering debug/config flags on server subcommand
Signed-off-by: Darren Shepherd <darren@rancher.com>
2020-09-03 13:19:25 -07:00
Darren Shepherd 551a1842ad
Update pkg/cli/cmds/config.go
Co-authored-by: Jacob Blain Christen <dweomer5@gmail.com>
2020-09-01 10:43:28 -07:00
Darren Shepherd 7657ed2e13
Update pkg/cli/server/server.go
Co-authored-by: Jacob Blain Christen <dweomer5@gmail.com>
2020-09-01 10:43:19 -07:00
Darren Shepherd 21d21ddd4d Add config file support independent of CLI framework
Signed-off-by: Darren Shepherd <darren@rancher.com>
2020-08-29 21:44:13 -07:00
Darren Shepherd ae5c585050 Revert "Add config file support"
This reverts commit e1dc3451bc.

Signed-off-by: Darren Shepherd <darren@rancher.com>
2020-08-29 21:44:07 -07:00
Brian Downs 866dc94cea
Galal hussein etcd backup restore (#2154)
* Add etcd snapshot and restore

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix error logs

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* goimports

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix flag describtion

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Add disable snapshot and retention

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* use creation time for snapshot retention

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* unexport method, update var name

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* adjust snapshot flags

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update var name, string concat

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* revert previous change, create constants

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* updates

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* type assertion error checking

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* pr remediation

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* pr remediation

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* pr remediation

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* pr remediation

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* pr remediation

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* updates

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* updates

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* simplify logic, remove unneeded function

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update flags

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update flags

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* add comment

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* exit on restore completion, update flag names, move retention check

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* exit on restore completion, update flag names, move retention check

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* exit on restore completion, update flag names, move retention check

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update disable snapshots flag and field names

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* move function

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update field names

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update var and field names

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update var and field names

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update defaultSnapshotIntervalMinutes to 12 like rke

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update directory perms

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update etc-snapshot-dir usage

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update interval to 12 hours

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* fix usage typo

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* add cron

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* add cron

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* add cron

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* wire in cron

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* wire in cron

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* wire in cron

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* wire in cron

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* wire in cron

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* wire in cron

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* wire in cron

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update deps target to work, add build/data target for creation, and generate

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* remove dead make targets

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* error handling, cluster reset functionality

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* error handling, cluster reset functionality

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* remove intermediate dapper file

Signed-off-by: Brian Downs <brian.downs@gmail.com>

Co-authored-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2020-08-28 16:57:40 -07:00
Brad Davidson c4ac620b8b
Merge pull request #2159 from brandond/config_file_rename
Rename flags.conf to config.yaml
2020-08-25 21:43:48 -07:00
Brad Davidson b4d81a9e33 Remove lingering references to dqlite
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-08-24 17:09:19 -07:00
Brad Davidson 43fcc5ddcb Rename flags.conf => config.yaml
Related to https://github.com/rancher/rke2/issues/150

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-08-24 14:56:30 -07:00
Brian Downs 324bb55986 add ctx to hook, handle hook errors
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-08-19 16:54:58 -07:00
Brian Downs fa2c1422b3 change name of variable
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-08-19 14:30:53 -07:00
Brian Downs a4b2953017 add setup hook capabilities for rke2
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-08-19 13:42:45 -07:00
Brad Davidson 79c499f0e0 Fix handling of TLS configuration args
Also fixes an unrelated error formatting issue turned up while testing.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-08-18 16:44:10 -07:00
Jacob Blain Christen e2089bea18
cli: add --selinux flag to agent/server sub-cmds (#2111)
* cli: add --selinux flag to agent/server sub-cmds

Introduces --selinux flag to affirmatively enable SELinux in containerd.
Deprecates --disable-selinux flag which now defaults to true which
auto-detection of SELinux configuration for containerd is no longer
supported.  Specifying both --selinux and --disable-selinux will result
in an error message encouraging you to pick a side.

* Update pkg/agent/containerd/containerd.go

update log warning message about enabled selinux host but disabled runtime

Co-authored-by: Brad Davidson <brad@oatmail.org>
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-08-11 16:17:32 -07:00
Brad Davidson 1eec7348a5 Call setproctitle to conceal node args in ps output
This is related to #2014.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-07-28 15:49:49 -07:00
Brian Downs 5a81fdbdc5 update cis flag implementation to propogate the rest of the way through to kubelet
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-07-20 16:31:56 -07:00
Jason e3f8789114
Add containerd snapshotter flag (#1991)
* Add containerd snapshotter flag

Signed-off-by: Jason-ZW <zhenyang@rancher.com>

* Fix CamelCase nit and option description

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Jason-ZW <zhenyang@rancher.com>

Co-authored-by: Brad Davidson <brad@oatmail.org>
2020-07-18 01:16:23 +02:00
Brian Downs abb2d9aad1 add flag usage
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-07-14 15:55:18 -07:00
Brian Downs 57a6319fac add protect-kernel-defaults to kubelet
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-07-14 15:46:10 -07:00
Erik Wilson e1dc3451bc
Add config file support 2020-07-10 10:34:00 -07:00
Darren Shepherd 7e59c0801e Make program name a variable to be changed at compile time 2020-06-06 16:39:41 -07:00
Chuck Schweizer 19c34bd12d Update to set default CipherSuites
The default CipherSuites need to be set to disable the insecure TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Cipher
2020-05-13 08:34:45 -05:00
Chuck Schweizer ca9c9c2e1e Adding support for TLS MinVersion and CipherSuites
This will watch for the following kube-apiserver-arg variables and apply
them to the k3s kube-apiserver https listener.

  --kube-apiserver-arg=tls-cipher-suites=XXXXXXX
  --kube-apiserver-arg=tls-min-version=XXXXXXX
2020-05-07 09:27:09 -05:00
Darren Shepherd cb4b34763e
Merge pull request #1759 from ibuildthecloud/background
Start kube-apiserver in the background
2020-05-06 21:50:48 -07:00
Darren Shepherd 072396f774 Start kube-apiserver in the background
In rke2 everything is a static pod so this causes a chicken and egg situation
in which we need the kubelet running before the kube-apiserver can be
launched.  By starting the apiserver in the background this allows us to
do this odd bootstrapping.
2020-05-06 21:17:23 -07:00
Darren Shepherd 2f5ee914f9 Add supervisor port
In k3s today the kubernetes API and the /v1-k3s API are combined into
one http server.  In rke2 we are running unmodified, non-embedded Kubernetes
and as such it is preferred to run k8s and the /v1-k3s API on different
ports.  The /v1-k3s API port is called the SupervisorPort in the code.

To support this separation of ports a new shim was added on the client in
then pkg/agent/proxy package that will launch two load balancers instead
of just one load balancer.  One load balancer for 6443 and the other
for 9345 (which is the supervisor port).
2020-05-05 15:54:51 -07:00
Darren Shepherd 341895c322 Don't write ccm.yaml if --disable-cloud-controller is set 2020-05-05 13:01:52 -07:00
Erik Wilson 39c3854648
Merge pull request #1720 from ilknarf/master
remove redundant Sprintf
2020-05-04 20:50:58 -07:00
Erik Wilson c71561129e
Merge pull request #1716 from ibuildthecloud/debugpublic
Make debug variable public to be used by wrapper programs
2020-05-04 20:50:36 -07:00
Erik Wilson c941e1d0bb
Merge pull request #1695 from ibuildthecloud/kubeproxy
Add ability to disable kubeproxy
2020-05-04 20:26:22 -07:00
Erik Wilson df1725cb06
Merge pull request #1694 from ibuildthecloud/inittwice
Allow InitLogging to be called twice
2020-05-04 20:22:04 -07:00
Frank a18d94e5f9 remove redundant Sprintf 2020-04-30 10:48:12 -05:00
Darren Shepherd 56770ff2cc Make debug variable public to be used by wrapper programs 2020-04-29 11:37:59 -07:00
Darren Shepherd 5715e1ba0d Add ability to disable kubeproxy 2020-04-27 11:24:00 -07:00
Darren Shepherd 8cc9efdf7c Allow InitLogging to be called twice
This makes it a bit easier to embed k3s into another go program
2020-04-27 11:16:08 -07:00
Darren Shepherd 8b8af94eb2 Move disabled items to a const to keep more consistency
This also help when embedding k3s because we can programmitically know
all the components to disable.
2020-04-27 11:15:35 -07:00
Darren Shepherd 7d06d2ccc1
Merge pull request #1653 from KnicKnic/enable_agent_windows
enable agent to start on windows
2020-04-27 09:05:12 -07:00
Knic Knic 7f77c9a3c8 enable agent to start on windows 2020-04-18 23:43:08 -07:00
galal-hussein 3f927d8006 Revert "Replace traefik with nginx"
This reverts commit 9a17033095.
2020-03-11 01:45:23 +02:00
Erik Wilson ceff3f58fb
Merge pull request #1466 from galal-hussein/traefik_to_nginx
Replace traefik with nginx
2020-03-02 15:04:09 -07:00
galal-hussein 9a17033095 Replace traefik with nginx 2020-03-03 00:00:39 +02:00
Erik Wilson a3cb9ee1f6 Simplify SELinux detection and add --disable-selinux flag 2020-02-28 10:10:55 -07:00
Erik Wilson 0374c4f63d Add --disable flag 2020-01-30 16:45:01 -07:00
Erik Wilson 1a2690d7be
Merge pull request #1192 from galal-hussein/add_encryption_config
Add secret encryption config
2020-01-27 13:59:09 -07:00
Erik Wilson 7675f9f85c Clean up host-gw variable names 2020-01-08 17:43:07 -07:00
Segator c23f12765e hostgw flannel support 2020-01-08 17:43:07 -07:00
galal-hussein 388cd9c4e8 Add secret encryption configuration 2019-12-23 13:16:27 +02:00
Erik Wilson 76281bf731 Update k3s for k8s 1.17.0 2019-12-15 23:28:19 -07:00
Erik Wilson d4959d53af
Merge pull request #1182 from erikwilson/docker-pause-image
Allow --pause-image to set docker sandbox image also
2019-12-11 10:36:07 -07:00
Erik Wilson 2eacfa75cb
Merge pull request #1180 from erikwilson/cleanup-flannel-backend-help-text
Cleanup --flannel-backend help text
2019-12-11 10:35:50 -07:00
Erik Wilson 2de93d70cf Allow --pause-image to set docker sandbox image also 2019-12-10 16:16:26 -07:00
Erik Wilson 11e4d01efe Cleanup --flannel-backend help text 2019-12-10 14:51:16 -07:00
Jacob Blain Christen 063efb25bb Mutable --node-label values for server/agent sub-commands.
Values passed in via the server/agent `--node-label` flag are treated as mutable. They are passed through to the kubelet just as before but after the kubelet comes up they are applied again. This allows for passing labels a k3s start-time that may be necessary for scheduling but may change from boot to boot, e.g. `k3os.io/version` after an upgrade.

Tested locallon on my amd64 workstation with the docker container.

Addresses #1119.
2019-12-09 16:40:15 -07:00
galal-hussein 99b8222e8d Change storage to datastore 2019-11-15 21:52:07 -07:00
Erik Wilson 95ff805c98 Fix broken K3S_TOKEN env 2019-11-14 12:42:42 -07:00
Erik Wilson d4151b7739 Add the --with-node-id flag to agent 2019-11-13 16:13:41 -07:00
Erik Wilson a73f8b1773 Update check-config.sh for k3s 2019-11-13 08:34:24 -07:00
Erik Wilson e4b3730fa2 Go DNS lookup order hack 2019-11-12 20:16:31 -07:00
Erik Wilson 55c05ac500 Refactor node password location 2019-11-12 15:30:34 -07:00
Darren Shepherd 3e213d1347 Allow --debug to be set with K3S_DEBUG env var 2019-11-12 08:22:48 +00:00
Darren Shepherd 3f5fb70116 Move server arguments to experimental for dqlite related 2019-11-12 01:12:24 +00:00
Darren Shepherd e2431bdf9d Add dqlite support 2019-11-10 03:49:56 +00:00
Darren Shepherd 53d3ab074c Shrink k3s wrapper binary 2019-11-08 21:35:58 +00:00
Erik Wilson 47a94637dc Move metrics-server manifests to sub-directory 2019-11-05 14:30:50 -07:00
Erik Wilson 0fef39de65 Add default multi-arch metrics-server deployment 2019-11-05 10:11:08 -07:00