15ee88964b
Added multiClusterCidr feature
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2 years ago
822ee79eb8
Remove deprecated nodeSelector label beta.kubernetes.io/os ( #6970 )
...
* Remove deprecated nodeSelector label beta.kubernetes.io/os
Problem:
The nodeSelector label beta.kubernetes.io/os in the CoreDNS deployment was deprecated in 1.14 and will likely be removed soon
Solution:
Change the nodeSelector to remove the beta
Signed-off-by: Dan Mills <evilhamsterman@gmail.com>
2 years ago
977a85559e
Add support for cross-signing new certs during ca rotation
...
We need to send the full chain in order for cross-signing to work
properly during switchover to a new root.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
b7f90f389c
Wait for kubelet port to be ready before setting ( #7041 )
...
* Wait for kubelet port to be ready before setting
* Wait for kubelet to update the Ready status before reading port
Signed-off-by: Daishan Peng <daishan@acorn.io>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Co-authored-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
d218068f34
Adds a warning about editing to the containerd config.toml file ( #7057 )
...
* Add a warning to the config.toml file
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Brad Davidson <brad@oatmail.org>
2 years ago
e098b99bfa
Update flannel and kube-router ( #7039 )
...
* Update kube-router version to fix iptables rules
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
* Update Flannel to v0.21.3
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
---------
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2 years ago
cbe4bcfeee
Add test for filterByIPFamily
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
cc333d8d0c
Fix ServiceLB dual-stack ingress IP listing
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
23d98cec22
Fix CACertPath stripping trailing path components
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
0c302f4341
Fix etcd member deletion
...
Turns out etcd-only nodes were never running **any** of the controllers,
so allowing multiple controllers didn't really fix things.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
b8e69712a3
Updated flannel version to v0.21.0
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2 years ago
3d146d2f1b
Allow for multiple sets of leader-elected controllers
...
Addresses an issue where etcd controllers did not run on etcd-only nodes
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
290d7e8fd1
Fix access to hostNetwork port on NodeIP when egress-selector-mode=agent
...
Signed-off-by: Paul Donohue <git@PaulSD.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
ddcc4d4034
go generate
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
c6d0afd0cb
Check for existing resources before creating them
...
Prevents errors when starting with fail-closed webhooks
Also, use panic instead of Fatalf so that the CloudControllerManager rescue can handle the error
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
32d62c5786
Use default address family when adding kubernetes service address to SAN list
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
a92f163c9d
Add NATS to the list of supported data stores ( #6876 )
...
Signed-off-by: Byron Ruth <byron@nats.io>
2 years ago
87f9c4ab11
Ensure that node exists when using node auth
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
992e64993d
Add support for kubeadm token and client certificate auth
...
Allow bootstrapping with kubeadm bootstrap token strings or existing
Kubelet certs. This allows agents to join the cluster using kubeadm
bootstrap tokens, as created with the `k3s token create` command.
When the token expires or is deleted, agents can successfully restart by
authenticating with their kubelet certificate via node authentication.
If the token is gone and the node is deleted from the cluster, node auth
will fail and they will be prevented from rejoining the cluster until
provided with a valid token.
Servers still must be bootstrapped with the static cluster token, as
they will need to know it to decrypt the bootstrap data.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
373df1c8b0
Add support for `k3s token` command
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
7d49202721
Ignore value conflicts when reencrypting secrets ( #6850 )
...
* Ignore conflict secrets
Signed-off-by: Derek Nola <derek.nola@suse.com>
2 years ago
215fb157ff
Add `certificate rotate-ca` to write updated CA certs to datastore
...
This command must be run on a server while the service is running. After this command completes, all the servers in the cluster should be restarted to load the new CA files.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
3c324335b2
Add utility functions for getting kubernetes client
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
58d40327b4
Fix CA cert hash for root certs
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
0919ec6755
Ensure cluster-signing CA files contain only a single CA cert
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
32086717fc
Ensure flag type consistency ( #6852 )
...
* Convert all flags to pointers for consistency
Signed-off-by: Derek Nola <derek.nola@suse.com>
2 years ago
9fcc7c0db8
Fix cronjob example ( #6707 )
...
Related PR:
https://github.com/rancher/rke2-docs/pull/38
Signed-off-by: Akos Elek <akose73@tazerve.hu>
2 years ago
0d4caf4e24
Wait for cri-dockerd socket ( #6812 )
...
* Wait for cri-dockerd socket
* Consolidate cri utility functions
Signed-off-by: Derek Nola <derek.nola@suse.com>
2 years ago
1c6fde9a52
go generate
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
369b81b45e
Honor Service ExternalTrafficPolicy
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
3cb6fa5cc7
Set cri-dockerd version at build time
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
89f7062431
Add build tag to disable cri-dockerd
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
f54b5e4fa0
Fix CI tests
...
* General cleanup of test-helpers functions to address CI failures
* Install awscli in test image
* Log containerd output to file even when running with --debug
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
23c1040adb
Bugfix: do not break cert-manager when pprof is enabled ( #6635 )
...
Signed-off-by: Silvio Moioli <silvio@moioli.net>
2 years ago
8340b54309
Pass through default tls-cipher-suites
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
a298bfdb18
Add jitter to scheduled snapshots and retry harder on conflicts
...
Also ensure that the snapshot job does not attempt to trigger multiple concurrent runs, as this is not supported.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
0c9b43746b
Preload iptable_filter/ip6table_filter
...
ServiceLB now requires this module, but it will not get autoloaded by the kubelet if the host is using nftables.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
f8b661d590
Update to v1.26.0-k3s1 ( #6370 )
...
* Update to v1.26.0-alpha.2
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* go generate
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Default CURRENT_VERSION to VERSION_TAG for alpha versions
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* remove containerd package
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Update k8s to v1.26.0-rc.0-k3s1 cri-tools cri-dockerd and cadvisor
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* replace cri-api reference to the new api
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* go mod tidy
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Fix version script to allow rc and alphas
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Fix version script to allow rc and alphas
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Fix version script to allow rc and alphas
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Update to Kubernetes 1.26.0-rc.1
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Undo helm-controller pin
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Bump containerd to -k3s2 for stargz fix
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* DevicePlugins featuregate is locked to on
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Bump kine for DeleteRange fix
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Update to v1.26.0-k3s1
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* go mod tidy
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Bring back snapshotter checks and update golang to 1.19.4
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix windows containerd snapshotter checks
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Co-authored-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
b5d39df929
Deprecation of `etcd-snapshot` command in v1.26 ( #6575 )
...
* Consolidate etcd snapshot commands
* Consolidate secrets encryption commands
* Move etcd-snapshot to fatal error stage.
Signed-off-by: Derek Nola <derek.nola@suse.com>
2 years ago
d723775792
Remove deprecated flags in v1.26 ( #6574 )
...
* Remove NoFlannel
* Remove cluster-secret
* Remove no-deploy
* Remove disable-selinux
* Convert wireguard to fatal error
* Remove reference to no-op K3S_CLUSTER_SECRET
Signed-off-by: Derek Nola <derek.nola@suse.com>
2 years ago
2835368ecb
Bump k3s-root and remove embedded strongswan support
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
af8f101bdc
Mark secrets-encryption flag as GA ( #6582 )
...
* Mark secrets-encrypt flag as GA
Signed-off-by: Derek Nola <derek.nola@suse.com>
2 years ago
915c7719fe
go generate
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
1eeea5c81f
go generate
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
e08a662509
Disable CCM metrics port when legacy CCM functionality is disabled
...
Prevents port conflicts on upgrade for users that have deployed other cloud controllers.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
a07bb555ba
Bump klipper-helm and klipper-lb versions
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
614da78e43
Add `prefer-bundled-bin` as an agent flag ( #6545 )
...
* Add prefer-bundled-bin as an agent flag
* Add E2E test for prefer-bundled-bin
Signed-off-by: Derek Nola <derek.nola@suse.com>
2 years ago
1beecb2e2d
Merge pull request #6531 from manuelbuil/fixLogs
...
Fix log for flannelExternalIP use case
2 years ago
483e29e783
Remove stuff which belongs in the windows executor implementation
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2 years ago
9ff0943d56
Address nits from self-review
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
Roberto Bonafiglia