Brad Davidson
550ab36ab7
Switch to managing ETCDSnapshotFile resources
...
Reconcile snapshot CRs instead of ConfigMap; manage ConfigMap downstream from CR list
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
5cd4f69bfa
Move snapshot delete into local/s3 functions
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
a15b804e00
Sort snapshots by time and key in tabwriter output
...
Fixes snapshot list coming out in non-deterministic order
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
7464007037
Store extra metadata and cluster ID for snapshots
...
Write the extra metadata both locally and to S3. These files are placed such that they will not be used by older versions of K3s that do not make use of them.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
80f909d0ca
Move s3 snapshot list functionality to s3.go
...
Also, don't list ONLY s3 snapshots if S3 is enabled.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
8d47645312
Consistently set snapshotFile timestamp
...
Attempt to use timestamp from creation or filename instead of file/object modification times
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
f1afe153a3
Tidy s3 upload functions
...
Consistently refer to object keys as such, simplify error handling.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
2b0e2e8ada
Elide old snapshot data when apiserver rejects configmap with ErrRequestEntityTooLarge
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
676b00aa0e
Move etcd snapshot code into separate file
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
500744bb94
Add new CRD for etcd snapshots
...
Also adds a hack go script to print the embedded CRDs, for developer use.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
9bb1ce1253
Bump busybox to v1.36.1
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:00:45 -07:00
Derek Nola
dface01de8
Server Token Rotation ( #8265 )
...
* Consolidate NewCertCommands
* Add support for user defined new token
* Add E2E testlets
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Ensure agent token also changes
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-10-09 10:58:49 -07:00
Roberto Bonafiglia
ced25af5b1
Fixed tailscale node IP dualstack mode in case of IPv4 only node
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-10-09 15:17:33 +02:00
Manuel Buil
e82b37640a
Network defaults are duplicated, remove one
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-10-02 17:21:59 +02:00
Manuel Buil
f2c7117374
Take IPFamily precedence based on order
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-09-29 11:04:15 +02:00
Manuel Buil
0b23a478cf
ipFamilyPolicy:PreferDualStack for coredns and metrics-server
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-09-29 10:10:43 +02:00
Brad Davidson
0e5c760625
Pass SystemdCgroup setting through to nvidia runtime options
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-09-27 13:30:26 -07:00
Edgar Lee
fe18b1fce9
Add --image-service-endpoint flag ( #8279 )
...
* Add --image-service-endpoint flag
Problem:
External container runtime can be set but image service endpoint is unchanged
and also is not exposed as a flag. This is useful for using containerd
snapshotters outside of the ones that have built-in support like
stargz-snapshotter.
Solution:
Add a flag --image-service-endpoint and also default image service endpoint to
container runtime endpoint if set.
Signed-off-by: Edgar Lee <edgarhinshunlee@gmail.com>
2023-09-27 13:20:50 -07:00
Manuel Buil
2a9e8e68d5
Merge pull request #8354 from manuelbuil/vpnExtraParams
...
Add extraArgs to vpn provider
2023-09-27 11:34:29 +02:00
Manuel Buil
4dd45b3142
Merge pull request #8439 from manuelbuil/fixGofmt
...
Fix gofmt error
2023-09-26 19:14:07 +02:00
Vitor Savian
b6ab24c4fd
Added error when cluster reset while using server flag
...
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
2023-09-26 11:00:37 -03:00
Manuel Buil
172a7f1d1a
Fix gofmt error
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-09-26 11:09:03 +02:00
Brad Davidson
8705a88bf4
Clear remove annotations on cluster reset; refuse to delete last member from cluster
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-09-25 11:54:23 -07:00
Brad Davidson
002e6c43ee
Reorganize Driver interface and etcd driver to avoid passing context and config into most calls
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-09-25 11:54:23 -07:00
Brad Davidson
890645924f
Don't export functions not needed outside the etcd package
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-09-25 11:54:23 -07:00
Brad Davidson
a3c52d60a5
Skip creating CRDs and setting up event recorder for CLI controller context
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-09-25 11:54:23 -07:00
Brad Davidson
391e61bd72
Use admin kubeconfig instead of supervisor for etcd snapshot CLI
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-09-25 11:54:23 -07:00
Brad Davidson
8c73fd670b
Disable HTTP on main etcd client port
...
Fixes performance issue under load, ref: https://github.com/etcd-io/etcd/issues/15402 and https://github.com/kubernetes/kubernetes/pull/118460
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-09-25 08:29:57 -07:00
Manuel Buil
12459fca97
Add extraArgs to tailscale
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-09-25 17:04:50 +02:00
Manuel Buil
cae8b2b626
Merge pull request #8346 from manuelbuil/interfaceLogs
...
Include the interface name in the error message
2023-09-25 16:50:01 +02:00
Manuel Buil
3194dc7367
Merge pull request #8284 from manuelbuil/improveFlannelLogging
...
Add context to flannel errors
2023-09-25 08:20:33 +02:00
Manuel Buil
8c197bdce4
Include the interface name in the error message
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-09-25 07:55:49 +02:00
Manuel Buil
8146041185
Merge pull request #8250 from manuelbuil/fixWinError
...
Fix error reporting
2023-09-22 18:42:54 +02:00
Johnatas
6330a5b49c
Update to v1.28.2 and go v1.20.8 ( #8364 )
...
* Update to v1.28.2
Signed-off-by: Johnatas <johnatasr@hotmail.com>
* Bump containerd and stargz versions
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Print message on upgrade fail
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Send Bad Gateway instead of Service Unavailable when tunnel dial fails
Works around new handling for Service Unavailable by apiserver aggregation added in kubernetes/kubernetes#119870
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Add 60 seconds to server upgrade wait to account for delays in apiserver readiness
Also change cleanup helper to ensure upgrade test doesn't pollute the
images for the rest of the tests.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
---------
Signed-off-by: Johnatas <johnatasr@hotmail.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Co-authored-by: Brad Davidson <brad.davidson@rancher.com>
2023-09-19 10:18:47 -03:00
Manuel Buil
66cb1064d1
Add context to flannel errors
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-09-07 14:09:22 +02:00
Manuel Buil
d3f7632463
Fix error reporting
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-08-31 17:20:14 +02:00
Brad Davidson
0d23cfe038
Add RWMutex to address controller
...
Fixes race condition when address map is updated by multiple goroutines
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-08-29 20:52:37 -07:00
Brad Davidson
cba9f0d142
Add new CLI flag to disable TLS SAN CN filtering
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-08-29 08:33:45 -07:00
Derek Nola
2cb7023660
Use already imported semver, bump kine
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-08-25 14:17:00 -06:00
Derek Nola
f2d0c5409a
Add check for support on cp nodes
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-08-25 14:17:00 -06:00
Derek Nola
51f1a5a0ab
Review comments and fixes
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-08-25 14:17:00 -06:00
Derek Nola
42c2ac95e2
CLI + Backend for Secrets Encryption v3
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-08-25 14:17:00 -06:00
Derek Nola
b967f92785
Replace os.Write with AtomicWrite function
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-08-25 14:17:00 -06:00
Derek Nola
ced330c66a
[v1.28] CLI Removal for v1.28.0 ( #8203 )
...
* Remove deprecated flannel ipsec
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Remove multipart backend
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Fix secrets-encryption integration test flakiness
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-08-24 22:09:13 -07:00
Hussein Galal
af50e1b096
Update to v1.28.0-k3s1 ( #8199 )
...
* Update to v1.28.0
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Update golang to v1.20.7
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* more changes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* update wrangler
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* update wrangler
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix nodepassword test
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix nodepassword test
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* disable CGO before running golangci-lint
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* execlude CGO Enabled checks
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Ignore reapply change error with logging
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Update google api client
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
---------
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2023-08-23 00:09:31 +03:00
Brad Davidson
66bae3e326
Bump dynamiclistener for init deadlock fix
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-08-15 16:36:12 -07:00
Vitor Savian
e83b1ba4aa
Fixed the etcd retention to delete orphaned snapshots based on the date ( #8177 )
...
* Fix retention using name instead of date
Signed-off-by: Vitor <vitor.savian@suse.com>
2023-08-14 18:48:59 -03:00
Vitor Savian
c97211866a
Fix for cluster-reset backup from s3 when etcd snapshots are disabled ( #8155 )
...
* Fixed when the user disable the etcd snapshots, but want to backup from s3
Signed-off-by: Vitor <vitor.savian@suse.com>
2023-08-10 12:23:10 -03:00
Ian Cardoso
e551308db8
fix for etcd-snapshot delete with --etcd-s3 flag ( #8110 )
...
k3s etcd-snapshot save --etcd-s3 ... is creating a local snapshot and uploading it to s3 while k3s etcd-snapshot delete --etcd-s3 ... was deleting the snapshot only on s3 buckets, this commit change the behavior of delete to do it locally and on s3
Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
2023-08-04 14:26:32 -03:00
Vitor Savian
ca7aeed090
Etcd snapshots retention when node name changes ( #8099 )
...
Fixed the etcd retention to delete orphaned snapshots
Signed-off-by: Vitor <vitor.savian@suse.com>
2023-08-03 10:54:40 -03:00
Brad Davidson
aa76942d0f
Add FilterCN function to prevent SAN Stuffing
...
Wire up a node watch to collect addresses of server nodes, to prevent adding unauthorized SANs to the dynamiclistener cert.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-08-02 11:15:39 -07:00
Manuel Buil
8c38d1169d
Merge pull request #8077 from manuelbuil/fixTailscale
...
Fix tailscale bug with ip modes
2023-08-02 11:42:20 +02:00
Derek Nola
46cbbab263
Consolidate CopyFile functions ( #8079 )
...
* Consolidate CopyFile function
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Copy to File, not destination folder
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-08-01 08:55:34 -07:00
Manuel Buil
59eec78c62
Fix tailscale bug with ip modes
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-08-01 09:43:25 +02:00
Brad Davidson
f21ae1d949
Make apiserver egress args conditional on egress-selector-mode
...
Only configure enable-aggregator-routing and egress-selector-config-file
if required by egress-selector-mode.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-07-31 13:59:41 -07:00
Simon Kirsten
546dc247a0
Add support for `{{ template "base" . }}` in etc/containerd/config.toml.tmpl ( #7991 )
...
Signed-off-by: Simon Kirsten <simonkirsten24@gmail.com>
2023-07-31 16:36:23 -04:00
Derek Nola
6d360e6473
Unit test for MustFindString ( #8013 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-07-31 10:22:34 -07:00
Derek Nola
be44243353
Adjust default kubeconfig file permissions ( #7978 )
...
* Adjust default kubeconfig permissions
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-07-14 15:00:27 -07:00
Derek Nola
0b18a65d4f
Revert "Warn that v1.28 will deprecate reencrypt/prepare ( #7848 )"
...
This reverts commit 4ab01f3941
.
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-07-14 12:38:33 -07:00
Bartosz Lenart
34617390d0
Generation of certificates and keys for etcd gated if etcd is disabled. ( #6998 )
...
Problem:
When support for etcd was added in 3957142
, generation of certificates and keys for etcd was not gated behind use of managed etcd.
Keys are generated and distributed across servers even if managed etcd is not enabled.
Solution:
Allow generation of certificates and keys only if managed etc is enabled. Check config.DisableETCD flag.
Signed-off-by: Bartossh <lenartconsulting@gmail.com>
2023-07-11 10:24:35 -07:00
Derek Nola
8405813c12
Fix rootless node password ( #7887 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-07-07 09:14:49 -07:00
Denys Smirnov
b9a2bf11ee
Support setting control server URL for Tailscale.
...
This change enables the use of Headscale - open source implementation of the Tailscale control server.
Signed-off-by: Denys Smirnov <dennwc@pm.me>
2023-07-07 10:49:01 +03:00
Derek Nola
4ab01f3941
Warn that v1.28 will deprecate reencrypt/prepare ( #7848 )
...
* Warn that v1.28 will deprecate reencrypt/prepare
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-07-06 12:34:51 -07:00
Manuel Buil
6c44b06e0a
Merge pull request #7838 from manuelbuil/ipv4ipv6tailscale
...
Check if we are on ipv4, ipv6 or dualStack when doing tailscale
2023-07-06 11:11:26 +02:00
Manuel Buil
bca0adbca8
Fix code spell check
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-07-04 13:02:06 +02:00
Manuel Buil
9c48d10eba
Merge pull request #7845 from manuelbuil/removeWinFile
...
Remove file_windows.go
2023-07-04 12:43:09 +02:00
Brad Davidson
7f50b40cfe
Fall back to basic/bearer auth when node identity auth is rejected
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-07-03 16:20:50 -07:00
Daishan Peng
ce3443ddf6
Allow k3s to customize apiServerPort on helm-controller
...
Signed-off-by: Daishan Peng <daishan@acorn.io>
2023-07-03 11:09:49 -07:00
LeiLei
72d50b1f7c
Add `--data-dir` to the `k3s certificate rotate-ca` cli ( #7791 )
...
Need to add a cli flag for this. Also, should probably have config file loading support for the certificate commands.
Signed-off-by: leilei.zhai <leilei.zhai@qingteng.cn>
2023-07-03 09:30:04 -07:00
Manuel Buil
d593c83603
Remove file_windows.go
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-07-03 16:08:39 +02:00
Manuel Buil
f21a01474d
Check if we are on ipv4, ipv6 or dualStack when doing tailscale
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-07-03 10:48:59 +02:00
Vitor Savian
0809187cff
Adding cli to custom klipper helm image ( #7682 )
...
Adding cli to custom klipper helm image
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
2023-06-28 15:31:58 +00:00
guoguangwu
2215870d5d
chore: pkg imported more than once
...
Signed-off-by: guoguangwu <guoguangwu@magic-shield.com>
2023-06-26 16:58:11 -07:00
Manuel Buil
43611bb5ad
Fix the error report
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-06-14 18:26:59 +02:00
Manuel Buil
268c9a7684
Merge pull request #7352 from manuelbuil/vpnintegrations-afterparental
...
Integrate tailscale into k3s
2023-06-09 19:02:46 +02:00
Manuel Buil
869e030bdd
VPN PoC
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-06-09 12:39:33 +02:00
Derek Nola
dc6c569b98
Shortcircuit commands with version or help flags ( #7683 )
...
* Shortcircuit search with help and version flag
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Keep functions seperate
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-06-07 15:57:52 -07:00
Brad Davidson
e5e1a674ce
Enable containerd aufs/devmapper/zfs snapshotter plugins
...
These were unintentionally dropped when moving containerd back into the main multicall binary
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-06-05 15:32:30 -07:00
Brad Davidson
5170bc5a04
Improve error response logging
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-06-05 15:31:04 -07:00
Brad Davidson
45d8c1a1a2
Soft-fail on node password verification if the secret cannot be created
...
Allows nodes to join the cluster during a webhook outage. This also
enhances auditability by creating Kubernetes events for the deferred
verification.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-06-05 15:31:04 -07:00
Derek Nola
b0188f5a13
Test Coverage Reports for E2E tests ( #7526 )
...
* Move coverage writer into agent and server
* Add coverage report to E2E PR tests
* Add codecov upload to drone
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-06-05 14:15:17 -07:00
Yuxing Deng
b64a226ebd
Make LB image configurable when compiling k3s
...
It is no way we can configure the lb image because it is a const value.
It would be better that we make it variable value and we can override
the value like the `helm-controller` job image when compiling k3s/rke2
Signed-off-by: Yuxing Deng <jxfa0043379@hotmail.com>
2023-05-31 08:51:13 -07:00
Brad Davidson
64a5f58f1e
Create new kubeconfig for supervisor use
...
Only actual admin actions should use the admin kubeconfig; everything done by the supervisor/deploy/helm controllers will now use a distinct account for audit purposes.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-30 18:15:11 -07:00
Brad Davidson
8748813a61
Use distinct clients for supervisor, deploy, and helm controllers
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-30 18:15:11 -07:00
Brad Davidson
e9958cf070
Bump metrics-server to v0.6.3 and update tls-cipher-suites
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-30 17:44:06 -07:00
Brad Davidson
93279d2f59
Bump klipper-lb to v0.4.4
...
Fixes issue with localhost access to ServiceLB when
ExternalTrafficPolicy=Local
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-30 17:38:59 -07:00
Andrew Roffey
0485a56f33
allow coredns override extensions
...
Signed-off-by: Andrew Roffey <andrew@roffey.au>
2023-05-30 17:24:00 -07:00
Manuel Buil
4aafff0219
Wrap error stating that it is coming from netpol
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-05-12 19:33:25 +02:00
Brad Davidson
8f450bafe1
Bump helm-controller version for repo auth/ca support
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-10 14:57:37 -07:00
Brad Davidson
607cbf0ad6
Bump containerd to v1.7.0 and move back into multicall binary
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-10 08:34:03 -07:00
thomasferrandiz
b4bc57d049
Merge pull request #7303 from thomasferrandiz/netpol-log-level
...
ensure that klog verbosity is set to the same level as logrus
2023-05-10 15:01:06 +02:00
Brad Davidson
239021e759
Consistently use constant-time comparison of password hashes
...
As per https://github.com/golang/go/issues/47001 even subtle.ConstantTimeCompare should never be used with variable-length inputs, as it will return 0 if the lengths do not match. Switch to consistently using constant-time comparisons of hashes for password checks to avoid any possible side-channel leaks that could be combined with other vectors to discover password lengths.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-09 13:54:50 -07:00
Derek Nola
c6dc789e25
Add support for `-cover` + integration test code coverage ( #7415 )
...
* Add support for -cover in k3s server
* Update codecov reporting
* Sigterm in StopK3sServer
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-05-08 12:46:51 -07:00
Brad Davidson
cf9ebb3259
Fail to validate server tokens that use bootstrap id/secret format
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-05 12:24:35 -07:00
Manuel Buil
eb83af0de4
Merge pull request #7422 from manuelbuil/modify-utils
...
Migrate netutil methods into /util/net.go
2023-05-05 07:17:41 +02:00
Brad Davidson
cedefeff24
Bump cni plugins to v1.2.0-k3s1
...
Also add bandwidth and firewall plugins. The bandwidth plugin is
automatically registered with the appropriate capability, but the
firewall plugin must be configured by the user if they want to use it.
Ref: https://www.cni.dev/plugins/current/meta/firewall/
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-04 13:58:42 -07:00
Boleyn Su
a736b4b1b9
local-storage: Fix permission ( #7217 )
...
* local-storage: Fix permission
/var/lib/rancher/k3s/storage/ should be 700
/var/lib/rancher/k3s/storage/* should be 777
Fixes #2348
Signed-off-by: Boleyn Su <boleyn.su@gmail.com>
* Fix pod command field type
* Fix to int test
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Boleyn Su <boleyn.su@gmail.com>
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Brad Davidson <brad@oatmail.org>
Co-authored-by: Derek Nola <derek.nola@suse.com>
2023-05-04 10:43:54 -07:00
Manuel Buil
437ad128c7
Migrate netutil methods into /utils/net.go
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-05-04 16:49:16 +02:00
Derek Nola
e1d4cff14c
Enable FindString to search dotD config files ( #7323 )
...
* Enable FindString to search dotD config files
* Address multiple arg cases
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-05-02 11:18:23 -07:00
Derek Nola
d5f560360e
Handle multiple arguments with StringSlice flags ( #7380 )
...
* Add helper function for multiple arguments in stringslice
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Cleanup server setup with util function
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-05-02 09:55:48 -07:00
Brad Davidson
e61fde93c1
Fix MemberList error handling and incorrect etcd-arg passthrough
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-28 22:04:30 -07:00
Brad Davidson
91afb38799
Retry cluster join on "too many learners" error
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-28 11:28:33 -07:00
Brad Davidson
f1b6a3549c
Fix stack log on panic
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-28 11:24:34 -07:00
Brad Davidson
c44d33d29b
Fix race condition in tunnel server startup
...
Several places in the code used a 5-second retry loop to wait on
Runtime.Core to be set. This caused a race condition where OnChange
handlers could be added after the Wrangler shared informers were already
started. When this happened, the handlers were never called because the
shared informers they relied upon were not started.
Fix that by requiring anything that waits on Runtime.Core to run from a
cluster controller startup hook that is guaranteed to be called before
the shared informers are started, instead of just firing it off in a
goroutine that retries until it is set.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-28 11:24:34 -07:00
Brad Davidson
31a6386994
Improve egress selector handling on agentless servers
...
Don't set up the agent tunnel authorizer on agentless servers, and warn when agentless servers won't have a way to reach in-cluster endpoints.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-28 11:24:34 -07:00
Brad Davidson
0247794aa9
go generate
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-28 11:13:47 -07:00
Brad Davidson
ad41fb8c96
Create CRDs with schema
...
Fixes an issue where CRDs were being created without schema, allowing
resources with invalid content to be created, later stalling the
controller ListWatch event channel when the invalid resources could not
be deserialized.
This also requires moving Addon GVK tracking from a status field to
an annotation, as the GroupVersionKind type has special handling
internal to Kubernetes that prevents it from being serialized to the CRD
when schema validation is enabled.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-27 20:42:46 -07:00
Derek Nola
bc5b42c279
Cleanup help messages ( #7369 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-04-27 13:36:11 -07:00
Thomas Ferrandiz
66fcca66cb
ensure that klog verbosity is set to the same level as logrus
...
by repeatedly settting it every second during k3s startup
Signed-off-by: Thomas Ferrandiz <thomas.ferrandiz@suse.com>
2023-04-24 18:08:55 +00:00
Derek Nola
944f811dc5
v1.27.1 CLI Deprecation ( #7311 )
...
* Remove Flannel Wireguard
* Remove etcd-snapshot (implicit save)
* Convert ipsec and multiple backend to fatal
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-04-19 12:02:05 -07:00
Derek Nola
f2bde63eea
Kubernetes v1.27.1 ( #7271 )
...
* Bump go version to 1.20.3 to match upstream
* Bump cri-dockerd
* Bump golanci-lint
* go generate
* Bump selinux in cgroup test
* Bump to v1.27.1 tags
* Release documentation improvements
* Only run upgrade e2e test on PR
Signed-off-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Co-authored-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-18 21:48:36 -07:00
Hussein Galal
30638072c9
Update klipper lb to v0.4.2 ( #7210 )
...
* Update klipper lb to v0.4.2
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Update klipper lb to v0.4.3
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Update klipper lb to v0.4.3 in airgap list
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
---------
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2023-04-06 19:02:00 +02:00
Roberto Bonafiglia
3e3512bdae
Updated kube-route version to move the iptables ACCEPT default rule at the end of the chain
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-04-06 09:55:34 +02:00
Brad Davidson
d95980bba3
Lock bootstrap data with empty key to prevent conflicts
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-05 10:56:57 -07:00
Brad Davidson
2992477c4b
Debounce kubernetes service endpoint updates
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-04 12:02:22 -07:00
Brad Davidson
ece4d8e45c
Fix tests to not hide failure location in dummp assert functions
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-04 12:02:22 -07:00
Brad Davidson
e54ceaa497
Fix issue with stale connections to removed LB server
...
Track LB connections through each server so that they can be closed when it is removed.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-04 12:02:22 -07:00
Brad Davidson
d388b82d25
go generate
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-03 19:47:06 -07:00
Brad Davidson
b010db0cff
Ensure that loopback is used for the advertised address when resetting
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-03 17:01:43 -07:00
Brad Davidson
cee3ddbc4a
Bump Local Path Provisioner version ( #7167 )
...
* chore: Bump Local Path Provisioner version
* go generate
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2023-04-03 16:00:16 -07:00
Roberto Bonafiglia
15ee88964b
Added multiClusterCidr feature
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-03-14 18:30:52 +01:00
Daniel Mills
822ee79eb8
Remove deprecated nodeSelector label beta.kubernetes.io/os ( #6970 )
...
* Remove deprecated nodeSelector label beta.kubernetes.io/os
Problem:
The nodeSelector label beta.kubernetes.io/os in the CoreDNS deployment was deprecated in 1.14 and will likely be removed soon
Solution:
Change the nodeSelector to remove the beta
Signed-off-by: Dan Mills <evilhamsterman@gmail.com>
2023-03-14 12:56:40 -04:00
Brad Davidson
977a85559e
Add support for cross-signing new certs during ca rotation
...
We need to send the full chain in order for cross-signing to work
properly during switchover to a new root.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-03-13 16:56:28 -07:00
Daishan Peng
b7f90f389c
Wait for kubelet port to be ready before setting ( #7041 )
...
* Wait for kubelet port to be ready before setting
* Wait for kubelet to update the Ready status before reading port
Signed-off-by: Daishan Peng <daishan@acorn.io>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Co-authored-by: Brad Davidson <brad.davidson@rancher.com>
2023-03-13 13:48:02 -07:00
Derek Nola
d218068f34
Adds a warning about editing to the containerd config.toml file ( #7057 )
...
* Add a warning to the config.toml file
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Brad Davidson <brad@oatmail.org>
2023-03-13 13:42:17 -07:00
Roberto Bonafiglia
e098b99bfa
Update flannel and kube-router ( #7039 )
...
* Update kube-router version to fix iptables rules
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
* Update Flannel to v0.21.3
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
---------
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-03-10 19:57:16 -08:00
Brad Davidson
cbe4bcfeee
Add test for filterByIPFamily
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-21 14:13:22 -08:00
Brad Davidson
cc333d8d0c
Fix ServiceLB dual-stack ingress IP listing
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-21 14:13:22 -08:00
Brad Davidson
23d98cec22
Fix CACertPath stripping trailing path components
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-14 09:39:41 -08:00
Brad Davidson
0c302f4341
Fix etcd member deletion
...
Turns out etcd-only nodes were never running **any** of the controllers,
so allowing multiple controllers didn't really fix things.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-14 09:39:41 -08:00
Roberto Bonafiglia
b8e69712a3
Updated flannel version to v0.21.0
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-02-10 23:03:10 +01:00
Brad Davidson
3d146d2f1b
Allow for multiple sets of leader-elected controllers
...
Addresses an issue where etcd controllers did not run on etcd-only nodes
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-10 10:46:48 -08:00
Paul Donohue
290d7e8fd1
Fix access to hostNetwork port on NodeIP when egress-selector-mode=agent
...
Signed-off-by: Paul Donohue <git@PaulSD.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-10 09:43:34 -08:00
Brad Davidson
ddcc4d4034
go generate
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-09 15:20:49 -08:00
Brad Davidson
c6d0afd0cb
Check for existing resources before creating them
...
Prevents errors when starting with fail-closed webhooks
Also, use panic instead of Fatalf so that the CloudControllerManager rescue can handle the error
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-09 15:20:49 -08:00
Brad Davidson
32d62c5786
Use default address family when adding kubernetes service address to SAN list
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-09 15:17:21 -08:00
Byron Ruth
a92f163c9d
Add NATS to the list of supported data stores ( #6876 )
...
Signed-off-by: Byron Ruth <byron@nats.io>
2023-02-08 09:37:23 -08:00
Brad Davidson
87f9c4ab11
Ensure that node exists when using node auth
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-07 14:55:04 -08:00
Brad Davidson
992e64993d
Add support for kubeadm token and client certificate auth
...
Allow bootstrapping with kubeadm bootstrap token strings or existing
Kubelet certs. This allows agents to join the cluster using kubeadm
bootstrap tokens, as created with the `k3s token create` command.
When the token expires or is deleted, agents can successfully restart by
authenticating with their kubelet certificate via node authentication.
If the token is gone and the node is deleted from the cluster, node auth
will fail and they will be prevented from rejoining the cluster until
provided with a valid token.
Servers still must be bootstrapped with the static cluster token, as
they will need to know it to decrypt the bootstrap data.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-07 14:55:04 -08:00
Brad Davidson
373df1c8b0
Add support for `k3s token` command
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-07 14:55:04 -08:00
Derek Nola
7d49202721
Ignore value conflicts when reencrypting secrets ( #6850 )
...
* Ignore conflict secrets
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-02-07 13:58:44 -08:00
Brad Davidson
215fb157ff
Add `certificate rotate-ca` to write updated CA certs to datastore
...
This command must be run on a server while the service is running. After this command completes, all the servers in the cluster should be restarted to load the new CA files.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-06 15:09:31 -08:00
Brad Davidson
3c324335b2
Add utility functions for getting kubernetes client
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-06 15:09:31 -08:00
Brad Davidson
58d40327b4
Fix CA cert hash for root certs
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-06 15:09:31 -08:00
Brad Davidson
0919ec6755
Ensure cluster-signing CA files contain only a single CA cert
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-06 15:09:31 -08:00
Derek Nola
32086717fc
Ensure flag type consistency ( #6852 )
...
* Convert all flags to pointers for consistency
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-01-31 12:57:48 -08:00
Akos Elek
9fcc7c0db8
Fix cronjob example ( #6707 )
...
Related PR:
https://github.com/rancher/rke2-docs/pull/38
Signed-off-by: Akos Elek <akose73@tazerve.hu>
2023-01-30 10:52:22 -08:00
Derek Nola
0d4caf4e24
Wait for cri-dockerd socket ( #6812 )
...
* Wait for cri-dockerd socket
* Consolidate cri utility functions
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-01-27 13:16:59 -08:00
Brad Davidson
1c6fde9a52
go generate
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-27 12:09:18 -08:00
Brad Davidson
369b81b45e
Honor Service ExternalTrafficPolicy
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-27 12:09:18 -08:00
Brad Davidson
3cb6fa5cc7
Set cri-dockerd version at build time
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-26 14:32:28 -08:00
Brad Davidson
89f7062431
Add build tag to disable cri-dockerd
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-26 14:29:18 -08:00
Brad Davidson
f54b5e4fa0
Fix CI tests
...
* General cleanup of test-helpers functions to address CI failures
* Install awscli in test image
* Log containerd output to file even when running with --debug
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-13 17:22:25 -08:00
Silvio Moioli
23c1040adb
Bugfix: do not break cert-manager when pprof is enabled ( #6635 )
...
Signed-off-by: Silvio Moioli <silvio@moioli.net>
2023-01-13 16:09:14 -08:00
Brad Davidson
8340b54309
Pass through default tls-cipher-suites
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-12 14:51:04 -08:00
Brad Davidson
a298bfdb18
Add jitter to scheduled snapshots and retry harder on conflicts
...
Also ensure that the snapshot job does not attempt to trigger multiple concurrent runs, as this is not supported.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-11 14:32:03 -08:00
Brad Davidson
0c9b43746b
Preload iptable_filter/ip6table_filter
...
ServiceLB now requires this module, but it will not get autoloaded by the kubelet if the host is using nftables.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-12-13 12:51:00 -08:00
Hussein Galal
f8b661d590
Update to v1.26.0-k3s1 ( #6370 )
...
* Update to v1.26.0-alpha.2
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* go generate
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Default CURRENT_VERSION to VERSION_TAG for alpha versions
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* remove containerd package
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Update k8s to v1.26.0-rc.0-k3s1 cri-tools cri-dockerd and cadvisor
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* replace cri-api reference to the new api
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* go mod tidy
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Fix version script to allow rc and alphas
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Fix version script to allow rc and alphas
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Fix version script to allow rc and alphas
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Update to Kubernetes 1.26.0-rc.1
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Undo helm-controller pin
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Bump containerd to -k3s2 for stargz fix
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* DevicePlugins featuregate is locked to on
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Bump kine for DeleteRange fix
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Update to v1.26.0-k3s1
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* go mod tidy
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Bring back snapshotter checks and update golang to 1.19.4
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix windows containerd snapshotter checks
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Co-authored-by: Brad Davidson <brad.davidson@rancher.com>
2022-12-10 01:42:15 +02:00
Derek Nola
b5d39df929
Deprecation of `etcd-snapshot` command in v1.26 ( #6575 )
...
* Consolidate etcd snapshot commands
* Consolidate secrets encryption commands
* Move etcd-snapshot to fatal error stage.
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-12-05 15:28:01 -08:00
Derek Nola
d723775792
Remove deprecated flags in v1.26 ( #6574 )
...
* Remove NoFlannel
* Remove cluster-secret
* Remove no-deploy
* Remove disable-selinux
* Convert wireguard to fatal error
* Remove reference to no-op K3S_CLUSTER_SECRET
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-12-05 14:01:01 -08:00
Brad Davidson
2835368ecb
Bump k3s-root and remove embedded strongswan support
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-12-01 12:40:40 -08:00
Derek Nola
af8f101bdc
Mark secrets-encryption flag as GA ( #6582 )
...
* Mark secrets-encrypt flag as GA
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-12-01 08:50:51 -08:00
Brad Davidson
915c7719fe
go generate
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-30 15:09:32 -08:00
Brad Davidson
1eeea5c81f
go generate
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-30 15:09:32 -08:00
Brad Davidson
e08a662509
Disable CCM metrics port when legacy CCM functionality is disabled
...
Prevents port conflicts on upgrade for users that have deployed other cloud controllers.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-30 15:08:31 -08:00
Brad Davidson
a07bb555ba
Bump klipper-helm and klipper-lb versions
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-23 14:55:59 -08:00
Derek Nola
614da78e43
Add `prefer-bundled-bin` as an agent flag ( #6545 )
...
* Add prefer-bundled-bin as an agent flag
* Add E2E test for prefer-bundled-bin
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-11-22 13:43:16 -08:00
Manuel Buil
1beecb2e2d
Merge pull request #6531 from manuelbuil/fixLogs
...
Fix log for flannelExternalIP use case
2022-11-22 16:54:26 +01:00
Manuel Buil
483e29e783
Remove stuff which belongs in the windows executor implementation
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2022-11-22 12:32:13 +01:00
Brad Davidson
9ff0943d56
Address nits from self-review
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-21 15:23:30 -08:00
Brad Davidson
56bf7d6ad3
Allow agent to run rootless
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-21 15:23:30 -08:00
Brad Davidson
6f2b21c5cd
Add rootless IPv6 support
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-21 15:23:30 -08:00
Brad Davidson
c02dceb7ad
Make rootless settings configurable
...
Add enivironment variables for port-driver, cidr, mtu, and disable-host-loopback settings. Since rootless is still experimental, I don't think they deserve full CLI flag status.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-21 15:23:30 -08:00
Brad Davidson
73171ff20a
go generate
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-21 13:44:54 -08:00
Derek Nola
0f52088cd3
Add new `prefer-bundled-bin` experimental flag ( #6420 )
...
* initial prefer-bundled-bin ci change
* Add startup testlet
* Convert parsing to pflag library
* Fix code validation
* go mod tidy
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-11-21 13:01:36 -08:00
Manuel Buil
5188443988
Fix log for flannelExternalIP use case
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2022-11-21 17:10:35 +01:00
Manuel Buil
e41e4010e5
Revert "Remove stuff which belongs in the windows executor implementation"
...
This reverts commit 1bc0684fb7
.
Signed-off-by: Manuel Buil <mbuil@suse.com>
2022-11-15 21:40:42 +01:00
Manuel Buil
9419b1a936
Merge pull request #6492 from manuelbuil/removeWinStuff
...
Remove stuff which belongs in the windows executor implementation
2022-11-15 12:07:17 +01:00
Brad Davidson
adb820d859
Bump traefik chart to 19.0.4 to fix kubernetes version check
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-14 13:42:24 -08:00
Manuel Buil
1bc0684fb7
Remove stuff which belongs in the windows executor implementation
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2022-11-14 15:52:04 +01:00
Derek Nola
13c633da12
Add Secrets Encryption to CriticalArgs ( #6409 )
...
* Add EncryptSecrets to Critical Control Args
* use deep comparison to extract differences
Signed-off-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-11-04 10:35:29 -07:00
Manuel Buil
861f8ed8f8
Merge pull request #6386 from manuelbuil/changeAddrTypesMetricsServer
...
Change addr types in metrics server
2022-11-04 11:11:21 +01:00
thomasferrandiz
b7d217dbf3
Merge pull request #6405 from thomasferrandiz/log-kube-router-version
...
log kube-router version when starting netpol controller
2022-11-04 11:07:37 +01:00
Manuel Buil
8aff25e192
Merge pull request #6403 from manuelbuil/logsFlannelExternalIP
...
Avoid wrong config for `flannel-external-ip` and add warning if unencrypted backend
2022-11-04 09:47:30 +01:00
Manuel Buil
557fcd28d5
Change the priority of address types depending on flannel-external-ip
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2022-11-04 09:02:39 +01:00
Manuel Buil
1682172ac1
Add some helping logs to avoid wrong configs
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2022-11-03 18:09:17 +01:00
Roberto Bonafiglia
87c7ea81f0
Updated flannel version to 0.20.1
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2022-11-03 17:49:26 +01:00
Thomas Ferrandiz
68ac954489
log kube-router version when starting netpol controller
...
Signed-off-by: Thomas Ferrandiz <thomas.ferrandiz@suse.com>
2022-11-03 12:26:50 +01:00
Brad Davidson
d7dbf69f7f
go generate
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-02 11:29:05 -07:00
iyear
3aae7b8783
Fix incorrect defer usage
...
Problem:
Using defer inside a loop can lead to resource leaks
Solution:
Judge newer file in the separate function
Signed-off-by: iyear <ljyngup@gmail.com>
2022-11-01 16:23:25 -07:00
Brad Davidson
cb86d2c1f0
Bump traefik to v2.9.4 / chart v18.3.0
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-01 16:05:45 -07:00
Petri Kivikangas
6156059136
Convert containerd config.toml.tmpl Linux template to v2 syntax
...
Signed-off-by: Petri Kivikangas <36138+Kitanotori@users.noreply.github.com>
2022-10-27 16:55:03 -07:00
Brad Davidson
76729d813b
Set default kubeletPort
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-10-26 15:08:13 -07:00
Brad Davidson
269563e4d2
Check for RBAC before starting tunnel controllers
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-10-26 15:08:13 -07:00
Brad Davidson
68a56ff8d8
Add GVK lookup to deploy controller
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-10-26 15:08:13 -07:00
Brad Davidson
8d28a38a18
Update helm-controller to pull in refactor
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-10-26 15:03:13 -07:00
Brad Davidson
16a8b6d6f1
Bump Traefik helm chart to v18.0.0
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-10-26 13:38:13 -07:00
Brad Davidson
f2585c1671
Add --flannel-external-ip flag
...
Using the node external IP address for all CNI traffic is a breaking change from previous versions; we should make it an opt-in for distributed clusters instead of default behavior.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-10-24 10:10:49 -07:00
Brad Davidson
e8c250b8dc
Fix RBAC to allow removal of legacy finalizer
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-10-20 16:12:28 -07:00
Brad Davidson
3c0cd6f2dc
Return ProviderID in URI format
...
The InstancesV1 interface handled this for us by combining the ProviderName and InstanceID values; the new interface requires us to do it manually
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-10-17 11:05:09 -07:00