Brad Davidson
5c99bdd9bd
Pin images instead of locking layers with lease
...
Layer leases never did what we wanted anyways, and this is the new approved interface for ensuring that images do not get GCd
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-09 15:23:05 -08:00
Manuel Buil
6330e26bb3
Wait for taint to be gone in the node before starting the netpol controller
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2024-01-08 12:04:18 +01:00
Lex Rivera
5fe074b540
Add more paths to crun runtime detection ( #9086 )
...
* add usr/local paths for crun detection
Signed-off-by: Lex Rivera <me@lex.io>
2024-01-04 16:51:13 -08:00
Brad Davidson
c45524e662
Add support for containerd cri registry config_path
...
Render cri registry mirrors.x.endpoints and configs.x.tls into config_path; keep
using mirrors.x.rewrites and configs.x.auth those do not yet have an
equivalent in the new format.
The new config file format allows disabling containerd's fallback to the
default endpoint when using mirror endpoints; a new CLI flag is added to
control that behavior.
This also re-shares some code that was unnecessarily split into parallel
implementations for linux/windows versions. There is probably more work
to be done on this front but it's a good start.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-04 16:50:26 -08:00
Brad Davidson
db7091b3f6
Handle logging flags when parsing kube-proxy args
...
Also adds a test to ensure this continues to work.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-04 16:23:03 -08:00
Pierre
bbd68f3a50
Rebase & Squash ( #9070 )
...
Signed-off-by: Yodo <pierre@azmed.co>
2024-01-02 12:05:36 -08:00
Hussein Galal
9411196406
Update flannel to v0.24.0 and remove multiclustercidr flag ( #9075 )
...
* update flannel to v0.24.0
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* remove multiclustercidr flag
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
---------
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2023-12-20 00:25:38 +02:00
Hussein Galal
7101af36bb
Update Kubernetes to v1.29.0+k3s1 ( #9052 )
...
* Update to v1.29.0
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Update to v1.29.0
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Update go to 1.21.5
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* update golangci-lint
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* update flannel to 0.23.0-k3s1
This update uses k3s' fork of flannel to allow the removal of
multicluster cidr flag logic from the code
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix flannel calls
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* update cri-tools to version v1.29.0-k3s1
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Remove GOEXPERIMENT=nounified from arm builds
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Skip golangci-lint
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Fix setup logging with newer go version
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Move logging flags to components arguments
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* add sysctl commands to the test script
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Update scripts/test
Signed-off-by: Brad Davidson <brad@oatmail.org>
* disable secretsencryption tests
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
---------
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
Signed-off-by: Brad Davidson <brad@oatmail.org>
Co-authored-by: Brad Davidson <brad@oatmail.org>
2023-12-19 05:14:02 +02:00
Vitor Savian
03532f7c0b
Added runtime classes for crun/wasm/nvidia
...
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
Added default runtime flag
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
2023-12-08 15:49:28 -03:00
Brad Davidson
6c544a4679
Add jitter to client config retry
...
Also:
* Replaces labeled for/continue RETRY loops with wait helpers for improved readability
* Pulls secrets and nodes from cache for node password verification
* Migrate nodepassword tests to wrangler mocks for better code reuse
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-11-16 09:53:28 -08:00
Oliver Larsson
30c8ad926d
QoS-class resource configuration
...
Problem:
Configuring qos-class features in containerd requres a custom containerd configuration template.
Solution:
Look for configuration files in default locations and configure containerd to use them if they exist.
Signed-off-by: Oliver Larsson <larsson.e.oliver@gmail.com>
2023-11-14 15:53:14 -08:00
Manuel Buil
8f7a8b23b7
Improve dualStack log
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-11-14 10:50:37 +01:00
Flavio Castelli
ba5fcf13fc
Wasm shims and runtimes detection
...
Create a generic helper function that finds extra containerd runtimes.
The code was originally inside of the nvidia container discovery file.
Signed-off-by: Flavio Castelli <fcastelli@suse.com>
Discover the containerd shims based on runwasi that are already
available on the node.
The runtimes could have been installed either by a package manager or by
the kwasm operator.
Signed-off-by: Flavio Castelli <fcastelli@suse.com>
The containerd configuration on a Linux system now handles the nvidia
and the WebAssembly runtimes.
Signed-off-by: Flavio Castelli <fcastelli@suse.com>
---------
Signed-off-by: Flavio Castelli <fcastelli@suse.com>
2023-11-13 14:43:41 -08:00
Texot
f575a05be2
fix: Access outer scope .SystemdCgroup ( #8761 )
...
Signed-off-by: Texot <tete1030@gmail.com>
2023-11-02 10:47:16 -07:00
Sean Yen
0c9bf36fe0
[K3s][Windows Port] Build script, multi-call binary, and Flannel ( #7259 )
...
* initial windows port.
Signed-off-by: Sean Yen <seanyen@microsoft.com>
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Wei Ran <weiran@microsoft.com>
2023-10-16 14:53:09 -04:00
Roberto Bonafiglia
1ffb4603cd
Use IPv6 in case is the first configured IP with dualstack
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-10-13 10:23:31 +02:00
Roberto Bonafiglia
ced25af5b1
Fixed tailscale node IP dualstack mode in case of IPv4 only node
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-10-09 15:17:33 +02:00
Manuel Buil
f2c7117374
Take IPFamily precedence based on order
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-09-29 11:04:15 +02:00
Brad Davidson
0e5c760625
Pass SystemdCgroup setting through to nvidia runtime options
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-09-27 13:30:26 -07:00
Edgar Lee
fe18b1fce9
Add --image-service-endpoint flag ( #8279 )
...
* Add --image-service-endpoint flag
Problem:
External container runtime can be set but image service endpoint is unchanged
and also is not exposed as a flag. This is useful for using containerd
snapshotters outside of the ones that have built-in support like
stargz-snapshotter.
Solution:
Add a flag --image-service-endpoint and also default image service endpoint to
container runtime endpoint if set.
Signed-off-by: Edgar Lee <edgarhinshunlee@gmail.com>
2023-09-27 13:20:50 -07:00
Manuel Buil
cae8b2b626
Merge pull request #8346 from manuelbuil/interfaceLogs
...
Include the interface name in the error message
2023-09-25 16:50:01 +02:00
Manuel Buil
3194dc7367
Merge pull request #8284 from manuelbuil/improveFlannelLogging
...
Add context to flannel errors
2023-09-25 08:20:33 +02:00
Manuel Buil
8c197bdce4
Include the interface name in the error message
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-09-25 07:55:49 +02:00
Manuel Buil
66cb1064d1
Add context to flannel errors
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-09-07 14:09:22 +02:00
Manuel Buil
d3f7632463
Fix error reporting
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-08-31 17:20:14 +02:00
Derek Nola
ced330c66a
[v1.28] CLI Removal for v1.28.0 ( #8203 )
...
* Remove deprecated flannel ipsec
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Remove multipart backend
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Fix secrets-encryption integration test flakiness
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-08-24 22:09:13 -07:00
Manuel Buil
8c38d1169d
Merge pull request #8077 from manuelbuil/fixTailscale
...
Fix tailscale bug with ip modes
2023-08-02 11:42:20 +02:00
Derek Nola
46cbbab263
Consolidate CopyFile functions ( #8079 )
...
* Consolidate CopyFile function
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Copy to File, not destination folder
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-08-01 08:55:34 -07:00
Manuel Buil
59eec78c62
Fix tailscale bug with ip modes
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-08-01 09:43:25 +02:00
Simon Kirsten
546dc247a0
Add support for `{{ template "base" . }}` in etc/containerd/config.toml.tmpl ( #7991 )
...
Signed-off-by: Simon Kirsten <simonkirsten24@gmail.com>
2023-07-31 16:36:23 -04:00
Denys Smirnov
b9a2bf11ee
Support setting control server URL for Tailscale.
...
This change enables the use of Headscale - open source implementation of the Tailscale control server.
Signed-off-by: Denys Smirnov <dennwc@pm.me>
2023-07-07 10:49:01 +03:00
Manuel Buil
6c44b06e0a
Merge pull request #7838 from manuelbuil/ipv4ipv6tailscale
...
Check if we are on ipv4, ipv6 or dualStack when doing tailscale
2023-07-06 11:11:26 +02:00
Manuel Buil
bca0adbca8
Fix code spell check
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-07-04 13:02:06 +02:00
Brad Davidson
7f50b40cfe
Fall back to basic/bearer auth when node identity auth is rejected
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-07-03 16:20:50 -07:00
Manuel Buil
f21a01474d
Check if we are on ipv4, ipv6 or dualStack when doing tailscale
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-07-03 10:48:59 +02:00
guoguangwu
2215870d5d
chore: pkg imported more than once
...
Signed-off-by: guoguangwu <guoguangwu@magic-shield.com>
2023-06-26 16:58:11 -07:00
Manuel Buil
869e030bdd
VPN PoC
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-06-09 12:39:33 +02:00
Manuel Buil
4aafff0219
Wrap error stating that it is coming from netpol
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-05-12 19:33:25 +02:00
Brad Davidson
cedefeff24
Bump cni plugins to v1.2.0-k3s1
...
Also add bandwidth and firewall plugins. The bandwidth plugin is
automatically registered with the appropriate capability, but the
firewall plugin must be configured by the user if they want to use it.
Ref: https://www.cni.dev/plugins/current/meta/firewall/
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-04 13:58:42 -07:00
Brad Davidson
f1b6a3549c
Fix stack log on panic
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-28 11:24:34 -07:00
Brad Davidson
31a6386994
Improve egress selector handling on agentless servers
...
Don't set up the agent tunnel authorizer on agentless servers, and warn when agentless servers won't have a way to reach in-cluster endpoints.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-28 11:24:34 -07:00
Derek Nola
944f811dc5
v1.27.1 CLI Deprecation ( #7311 )
...
* Remove Flannel Wireguard
* Remove etcd-snapshot (implicit save)
* Convert ipsec and multiple backend to fatal
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-04-19 12:02:05 -07:00
Roberto Bonafiglia
3e3512bdae
Updated kube-route version to move the iptables ACCEPT default rule at the end of the chain
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-04-06 09:55:34 +02:00
Brad Davidson
2992477c4b
Debounce kubernetes service endpoint updates
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-04 12:02:22 -07:00
Brad Davidson
ece4d8e45c
Fix tests to not hide failure location in dummp assert functions
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-04 12:02:22 -07:00
Brad Davidson
e54ceaa497
Fix issue with stale connections to removed LB server
...
Track LB connections through each server so that they can be closed when it is removed.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-04 12:02:22 -07:00
Roberto Bonafiglia
15ee88964b
Added multiClusterCidr feature
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-03-14 18:30:52 +01:00
Daishan Peng
b7f90f389c
Wait for kubelet port to be ready before setting ( #7041 )
...
* Wait for kubelet port to be ready before setting
* Wait for kubelet to update the Ready status before reading port
Signed-off-by: Daishan Peng <daishan@acorn.io>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Co-authored-by: Brad Davidson <brad.davidson@rancher.com>
2023-03-13 13:48:02 -07:00
Derek Nola
d218068f34
Adds a warning about editing to the containerd config.toml file ( #7057 )
...
* Add a warning to the config.toml file
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Brad Davidson <brad@oatmail.org>
2023-03-13 13:42:17 -07:00
Roberto Bonafiglia
e098b99bfa
Update flannel and kube-router ( #7039 )
...
* Update kube-router version to fix iptables rules
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
* Update Flannel to v0.21.3
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
---------
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-03-10 19:57:16 -08:00
Roberto Bonafiglia
b8e69712a3
Updated flannel version to v0.21.0
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-02-10 23:03:10 +01:00
Paul Donohue
290d7e8fd1
Fix access to hostNetwork port on NodeIP when egress-selector-mode=agent
...
Signed-off-by: Paul Donohue <git@PaulSD.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-10 09:43:34 -08:00
Brad Davidson
992e64993d
Add support for kubeadm token and client certificate auth
...
Allow bootstrapping with kubeadm bootstrap token strings or existing
Kubelet certs. This allows agents to join the cluster using kubeadm
bootstrap tokens, as created with the `k3s token create` command.
When the token expires or is deleted, agents can successfully restart by
authenticating with their kubelet certificate via node authentication.
If the token is gone and the node is deleted from the cluster, node auth
will fail and they will be prevented from rejoining the cluster until
provided with a valid token.
Servers still must be bootstrapped with the static cluster token, as
they will need to know it to decrypt the bootstrap data.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-07 14:55:04 -08:00
Brad Davidson
3c324335b2
Add utility functions for getting kubernetes client
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-06 15:09:31 -08:00
Derek Nola
0d4caf4e24
Wait for cri-dockerd socket ( #6812 )
...
* Wait for cri-dockerd socket
* Consolidate cri utility functions
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-01-27 13:16:59 -08:00
Brad Davidson
3cb6fa5cc7
Set cri-dockerd version at build time
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-26 14:32:28 -08:00
Brad Davidson
89f7062431
Add build tag to disable cri-dockerd
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-26 14:29:18 -08:00
Brad Davidson
f54b5e4fa0
Fix CI tests
...
* General cleanup of test-helpers functions to address CI failures
* Install awscli in test image
* Log containerd output to file even when running with --debug
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-13 17:22:25 -08:00
Brad Davidson
0c9b43746b
Preload iptable_filter/ip6table_filter
...
ServiceLB now requires this module, but it will not get autoloaded by the kubelet if the host is using nftables.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-12-13 12:51:00 -08:00
Hussein Galal
f8b661d590
Update to v1.26.0-k3s1 ( #6370 )
...
* Update to v1.26.0-alpha.2
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* go generate
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Default CURRENT_VERSION to VERSION_TAG for alpha versions
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* remove containerd package
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Update k8s to v1.26.0-rc.0-k3s1 cri-tools cri-dockerd and cadvisor
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* replace cri-api reference to the new api
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* go mod tidy
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Fix version script to allow rc and alphas
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Fix version script to allow rc and alphas
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Fix version script to allow rc and alphas
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Update to Kubernetes 1.26.0-rc.1
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Undo helm-controller pin
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Bump containerd to -k3s2 for stargz fix
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* DevicePlugins featuregate is locked to on
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Bump kine for DeleteRange fix
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Update to v1.26.0-k3s1
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* go mod tidy
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Bring back snapshotter checks and update golang to 1.19.4
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix windows containerd snapshotter checks
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Co-authored-by: Brad Davidson <brad.davidson@rancher.com>
2022-12-10 01:42:15 +02:00
Derek Nola
d723775792
Remove deprecated flags in v1.26 ( #6574 )
...
* Remove NoFlannel
* Remove cluster-secret
* Remove no-deploy
* Remove disable-selinux
* Convert wireguard to fatal error
* Remove reference to no-op K3S_CLUSTER_SECRET
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-12-05 14:01:01 -08:00
Brad Davidson
2835368ecb
Bump k3s-root and remove embedded strongswan support
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-12-01 12:40:40 -08:00
Manuel Buil
1beecb2e2d
Merge pull request #6531 from manuelbuil/fixLogs
...
Fix log for flannelExternalIP use case
2022-11-22 16:54:26 +01:00
Brad Davidson
6f2b21c5cd
Add rootless IPv6 support
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-21 15:23:30 -08:00
Manuel Buil
5188443988
Fix log for flannelExternalIP use case
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2022-11-21 17:10:35 +01:00
thomasferrandiz
b7d217dbf3
Merge pull request #6405 from thomasferrandiz/log-kube-router-version
...
log kube-router version when starting netpol controller
2022-11-04 11:07:37 +01:00
Manuel Buil
8aff25e192
Merge pull request #6403 from manuelbuil/logsFlannelExternalIP
...
Avoid wrong config for `flannel-external-ip` and add warning if unencrypted backend
2022-11-04 09:47:30 +01:00
Manuel Buil
1682172ac1
Add some helping logs to avoid wrong configs
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2022-11-03 18:09:17 +01:00
Roberto Bonafiglia
87c7ea81f0
Updated flannel version to 0.20.1
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2022-11-03 17:49:26 +01:00
Thomas Ferrandiz
68ac954489
log kube-router version when starting netpol controller
...
Signed-off-by: Thomas Ferrandiz <thomas.ferrandiz@suse.com>
2022-11-03 12:26:50 +01:00
Petri Kivikangas
6156059136
Convert containerd config.toml.tmpl Linux template to v2 syntax
...
Signed-off-by: Petri Kivikangas <36138+Kitanotori@users.noreply.github.com>
2022-10-27 16:55:03 -07:00
Brad Davidson
76729d813b
Set default kubeletPort
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-10-26 15:08:13 -07:00
Brad Davidson
269563e4d2
Check for RBAC before starting tunnel controllers
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-10-26 15:08:13 -07:00
Brad Davidson
f2585c1671
Add --flannel-external-ip flag
...
Using the node external IP address for all CNI traffic is a breaking change from previous versions; we should make it an opt-in for distributed clusters instead of default behavior.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-10-24 10:10:49 -07:00
Derek Nola
06d81cb936
Replace deprecated ioutil package ( #6230 )
...
* Replace ioutil package
* check integration test null pointer
* Remove rotate retries
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-10-07 17:36:57 -07:00
Brad Davidson
b411864be5
Handle custom kubelet port in agent tunnel
...
The kubelet port can be overridden by users; we shouldn't assume its always 10250
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-10-05 21:10:38 -07:00
Manuel Buil
5164cf5345
Add flannel-external-ip when there is a k3s node-external-ip
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2022-09-26 16:24:00 +02:00
Roberto Bonafiglia
26e9405767
Added warning message for flannel backend additional options deprecation
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2022-09-09 20:04:04 +02:00
Derek Nola
cd49101fc8
Convert deprecated flags to fatal errors for v1.25 ( #6069 )
...
* Replace warning with fatal errors.
* Group system-default-registry under (agent/runtime)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-09-01 09:33:59 -07:00
Roberto Bonafiglia
a30971efaa
Updated flannel to v0.19.1
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2022-08-08 09:57:56 +02:00
Brad Davidson
4aca21a1f1
Add cri-dockerd support as backend for --docker flag
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-08-05 02:39:25 -07:00
Brad Davidson
b1fa63dfb7
Revert "Remove --docker/dockershim support"
...
This reverts commit 4a3d283bc1
.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-08-05 02:39:25 -07:00
Roberto Bonafiglia
d90ba30353
Added NodeIP autodect in case of dualstack connection
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2022-08-04 09:54:45 +02:00
Derek Nola
118a68c913
Updates to CLI flag grouping + deprecated flag warnings. ( #5937 )
...
* Consolidate data dir flag
* Group cluster flags together
* Reorder and group agent flags
* Add additional info around vmodule flag
* Hide deprecated flags, and add warning about their removal
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-08-02 13:51:16 -07:00
Brad Davidson
db2ba7b61d
Don't enable unprivileged ports and icmp on old kernels
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-07-28 14:33:20 -07:00
Brad Davidson
bd5fdfce33
Fix server systemd detection
...
* Use INVOCATION_ID to detect execution under systemd, since as of a9b5a1933f
NOTIFY_SOCKET is now cleared by the server code.
* Set the unit type to notify by default for both server and agent, which is what Rancher-managed installs have done for a while.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-07-21 13:42:20 -07:00
Brad Davidson
afee83dda2
Bump remotedialer
...
Includes fix for recently identified memory leak.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-07-07 12:22:37 -07:00
Olli Janatuinen
2968a83bc0
containerd: Enable enable_unprivileged_ports and enable_unprivileged_icmp by default
...
Signed-off-by: Olli Janatuinen <olli.janatuinen@gmail.com>
2022-06-15 14:49:51 -07:00
Brad Davidson
3399afed83
Ensure that CONTAINERD_ variables are not shadowed by later entries
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-06-15 10:58:12 -07:00
Derek Nola
a9b5a1933f
Delay service readiness until after startuphooks have finished ( #5649 )
...
* Move startup hooks wg into a runtime pointer, check before notifying systemd
* Switch default systemd notification to server
* Add 1 sec delay to allow etcd to write to disk
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-06-15 09:00:52 -07:00
Roberto Bonafiglia
a693071c74
Merge pull request #5552 from sjoerdsimons/sjoerd/flannel-wireguard-mode
...
Add cli flag for flannel wireguard mode
2022-06-15 14:28:21 +02:00
Manuel Buil
d4522de06a
Merge pull request #5656 from manuelbuil/AddFlannelCniConfFile
...
Add FlannelCNIConf flag
2022-06-14 10:23:51 +02:00
Brad Davidson
b550e1183a
Remove control-plane egress context and fix agent mode.
...
The control-plane context handles requests outside the cluster and
should not be sent to the proxy.
In agent mode, we don't watch pods and just direct-dial any request for
a non-node address, which is the original behavior.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-06-10 10:14:15 -07:00
Brad Davidson
d3242bea3c
Refactor egress-selector pods mode to watch pods
...
Watching pods appears to be the most reliable way to ensure that the
proxy routes and authorizes connections.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-06-08 09:34:53 -07:00
Manuel Buil
c705d34804
Add FlannelConfCNI flag
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2022-06-08 11:03:17 +02:00
Sjoerd Simons
8643576985
Add ability to pass configuration options to flannel backend
...
Allow the flannel backend to be specified as
backend=option=val,option2=val2 to select a given backend with extra options.
In particular this adds the following options to wireguard-native
backend:
* Mode - flannel wireguard tunnel mode
* PersistentKeepaliveInterval- wireguard persistent keepalive interval
Signed-off-by: Sjoerd Simons <sjoerd@collabora.com>
2022-06-07 20:13:28 +02:00
Brad Davidson
9d7230496d
Add support for configuring the EgressSelector mode
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-05-18 13:26:10 -07:00
Brad Davidson
4a3d283bc1
Remove --docker/dockershim support
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-05-11 14:39:07 -07:00
Brad Davidson
c8447dca56
Bump golang to 1.18.1
...
Also update all use of 'go get' => 'go install', update CI tooling for
1.18 compatibility, and gofmt everything so lint passes.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-05-11 14:39:07 -07:00
Brad Davidson
e6385b2341
Update CNI version in config file
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-05-11 14:39:07 -07:00