github/k3s - k3s - https://git.xinac.net

Commit Graph

Author	SHA1	Message	Date
Brad Davidson	a1b800f0bf	Remove unnecessary copies of etcdconfig struct Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Brad Davidson	e7464a17f7	Fix use of agent creds for secrets-encrypt and config validate Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Derek Nola	bcb662926d	Secrets-encryption rotation (#4372 ) * Regular CLI framework for encrypt commands * New secrets-encryption feature * New integration test * fixes for flaky integration test CI * Fix to bootstrap on restart of existing nodes * Consolidate event recorder Signed-off-by: Derek Nola <derek.nola@suse.com>	3 years ago
Brad Davidson	3da1bb3af2	Fix other uses of NewForConfigOrDie in contexts where we could return err Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Brad Davidson	5a923ab8dc	Add containerd ready channel to delay etcd node join Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Chris Kim	928b8531c3	[master] Add `etcd-member-management` controller to K3s (#4001 ) * Initial leader elected etcd member management controller * Bump etcd to v3.5.0-k3s2 Signed-off-by: Chris Kim <oats87g@gmail.com>	3 years ago
Brad Davidson	29c8b238e5	Replace klog with non-exiting fork Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Brad Davidson	e95b75409a	Fix lint failures Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Brad Davidson	dc14f370c4	Update wrangler to v0.8.5 Required to support apiextensions.v1 as v1beta1 has been deleted. Also update helm-controller and dynamiclistener to track wrangler versions. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Brad Davidson	c434db7cc6	Wrap errors in runControllers for additional context Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Brad Davidson	869b98bc4c	Sync DisableKubeProxy into control struct Sync DisableKubeProxy from cfg into control before sending control to clients, as it may have been modified by a startup hook. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Brad Davidson	90445bd581	Wait until server is ready before configuring kube-proxy (#3716 ) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Luther Monson	37fcb61f5e	move go routines for api server ready beneath wait group Signed-off-by: Luther Monson <luther.monson@gmail.com>	3 years ago
Luther Monson	18bc98f60c	adding startup hooks args to access to Disables and Skips (#3674 ) Signed-off-by: Luther Monson <luther.monson@gmail.com>	3 years ago
Jamie Phillips	aef8a6aafd	Adding support for waitgroup to the Startuphooks (#3654 ) The startup hooks where executing after the deploy controller. We needed the deploy controller to wait until the startup hooks had completed.	3 years ago
Joe Kralicky	a84c75af62	Adds a command-line flag '--disable-helm-controller' that will disable the server's built-in helm controller. Problem: Testing installation and uninstallation of the Helm Controller on k3s is not possible if the Helm Controller is baked into the k3s server. Solution: The Helm Controller can optionally be disabled, which will allow users to manage its installation manually. Signed-off-by: Joe Kralicky <joe.kralicky@suse.com>	3 years ago
Hussein Galal	136dddca11	Fix storing bootstrap data with empty token string (#3422 ) * Fix storing bootstrap data with empty token string Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * delete node password secret after restoration fixes to bootstrap key vendor update Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * fix comment Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * fix typo Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * more fixes Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * fixes Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * fixes Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * typos Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Removing dynamic listener file after restoration Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * go mod tidy Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>	3 years ago
Brad Davidson	a7d1159ba6	Emit events for AddOn lifecycle Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	4 years ago
Brad Davidson	6e48ca9b53	Tidy up function calls with many args Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	4 years ago
Brad Davidson	6ef000091a	Add nodename to UA string for deploy controller Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	4 years ago
Brad Davidson	02a5bee62f	Add system-default-registry support and remove shared code (#3285 ) * Move registries.yaml handling out to rancher/wharfie * Add system-default-registry support * Add CLI support for kubelet image credential providers Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	4 years ago
Brian Downs	c5ad71ce0b	Collect and Store etcd Snapshots and Metadata (#3239 ) * Add the ability to store local etcd snapshots and etcd snapshots stored in an S3 compatible object store in a ConfigMap.	4 years ago
Brad Davidson	2705431d96	Add support for dual-stack Pod/Service CIDRs and node IP addresses (#3212 ) * Add support for dual-stack cluster/service CIDRs and node addresses Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	4 years ago
Chris Kim	69f96d6225	Define a Controllers and LeaderControllers on the server config (#3043 ) Signed-off-by: Chris Kim <oats87g@gmail.com>	4 years ago
Brad Davidson	7cdfaad6ce	Always use static ports for client load-balancers (#3026 ) * Always use static ports for the load-balancers This fixes an issue where RKE2 kube-proxy daemonset pods were failing to communicate with the apiserver when RKE2 was restarted because the load-balancer used a different port every time it started up. This also changes the apiserver load-balancer port to be 1 below the supervisor port instead of 1 above it. This makes the apiserver port consistent at 6443 across servers and agents on RKE2. Additional fixes below were required to successfully test and use this change on etcd-only nodes. * Actually add lb-server-port flag to CLI * Fix nil pointer when starting server with --disable-etcd but no --server * Don't try to use full URI as initial load-balancer endpoint * Fix etcd load-balancer pool updates * Update dynamiclistener to fix cert updates on etcd-only nodes * Handle recursive initial server URL in load balancer * Don't run the deploy controller on etcd-only nodes	4 years ago
Erik Wilson	4e5218b62c	Apply suggestions from code review Logging cleanup Co-authored-by: Brad Davidson <brad@oatmail.org>	4 years ago
Erik Wilson	54a35505f0	Remove Traefik v1 migration	4 years ago
Chin-Ya Huang	cc96f8140a	Allow download traefik static file and rename Allow writing static files regardless of the version. Signed-off-by: Chin-Ya Huang <chin-ya.huang@suse.com>	4 years ago
Chin-Ya Huang	10e0328977	Traefik v2 integration K3s upgrade via watch over file change of static file and manifest and triggers helm-controller for change. It seems reasonable to only allow upgrade traefik v1->v2 when there is no existing custom traefik HelmChartConfig in the cluster to avoid any incompatibility. Here also separate the CRDs and put them into a different chart to support CRD upgrade. Signed-off-by: Chin-Ya Huang <chin-ya.huang@suse.com>	4 years ago
Hussein Galal	5749f66aa3	Add disable flags for control components (#2900 ) * Add disable flags to control components Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * golint Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * more fixes Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * fixes to disable flags Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Add comments to functions Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Fix joining problem Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * more fixes Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * golint Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * fix ticker Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * fix role labels Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * more fixes Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>	4 years ago
Brad Davidson	6e768c301e	Use appropriate response codes for authn/authz failures Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	4 years ago
Brian Downs	13229019f8	Add ability to perform an etcd on-demand snapshot via cli (#2819 ) * add ability to perform an etcd on-demand snapshot via cli	4 years ago
Erik Wilson	4245fd7b67	Return http.StatusOK instead of 0 Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>	4 years ago
Erik Wilson	2fb411fc83	Fix spelling mistake Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>	4 years ago
Erik Wilson	09eb44ba53	Bootstrap node password with local file Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>	4 years ago
Erik Wilson	1230d7b7df	Fix HA server initialization Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>	4 years ago
Brad Davidson	63f2211b31	deprecate the "node-role.kubernetes.io/master" label / taint Related to https://github.com/kubernetes/kubernetes/pull/95382 Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	4 years ago
Erik Wilson	0ae7f2d5ae	Merge pull request #2407 from erikwilson/node-passwd-cleanup Use secrets for node-passwd entries	4 years ago
Jacob Blain Christen	3647654fe4	[migration k3s-io] update helm-controller dependency (#2569 ) rancher/helm-controller ➡️ k3s-io/helm-controller Part of https://github.com/rancher/k3s/issues/2189 Signed-off-by: Jacob Blain Christen <jacob@rancher.com>	4 years ago
Erik Wilson	92d04355f4	Use secrets for node-passwd entries and cleanup	4 years ago
Erik Wilson	56e077eb29	Use no_proxy env, add .svc and cluster domains	4 years ago
Brian Downs	ba70c41cce	Initial Logging Output Update (#2246 ) This attempts to update logging statements to make them consistent through out the code base. It also adds additional context to messages where possible, simplifies messages, and updates level where necessary.	4 years ago
Brian Downs	15d7b61939	Merge remote-tracking branch 'upstream/master' into issue-112	4 years ago
Brian Downs	4c3ec907ab	remove k8s daemon config from setup hook in favor of specific fields from the config (#2206 ) Signed-off-by: Brian Downs <brian.downs@gmail.com>	4 years ago
Brian Downs	bb8e5374ea	conform to repo conventions Signed-off-by: Brian Downs <brian.downs@gmail.com>	4 years ago
Brian Downs	00831f9bc8	use version.Program Signed-off-by: Brian Downs <brian.downs@gmail.com>	4 years ago
Brian Downs	301fb73952	add node ip to the request header for cert gen Signed-off-by: Brian Downs <brian.downs@gmail.com>	4 years ago
Erik Wilson	720197b9b1	Fix linting issues	4 years ago
Brad Davidson	c980fa68a0	Update helm-controller for HelmChartConfig CRD (#2114 ) * Update helm-controller for HelmChartConfig CRD Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	4 years ago
Brian Downs	324bb55986	add ctx to hook, handle hook errors Signed-off-by: Brian Downs <brian.downs@gmail.com>	4 years ago
Brian Downs	fa2c1422b3	change name of variable Signed-off-by: Brian Downs <brian.downs@gmail.com>	4 years ago
Brian Downs	a4b2953017	add setup hook capabilities for rke2 Signed-off-by: Brian Downs <brian.downs@gmail.com>	4 years ago
Brad Davidson	dfd0f9d1a6	Correctly report and propagate kubeconfig write failures As seen in issues such as #15 #155 #518 #570 there are situations where k3s will fail to write the kubeconfig file, but reports that it wrote it anyway as the success message is printed unconditionally. Also, secondary actions like setting file mode and creating a symlink are also attempted even if the file was not created. This change skips attempting additional actions, and propagates the failure back upwards. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	4 years ago
Hussein Galal	f5ee757b86	Add cluster dns configmap (#1785 )	4 years ago
Darren Shepherd	a18d387390	Refactor clustered DB framework	5 years ago
Darren Shepherd	7e59c0801e	Make program name a variable to be changed at compile time	5 years ago
Darren Shepherd	cb4b34763e	Merge pull request #1759 from ibuildthecloud/background Start kube-apiserver in the background	5 years ago
Darren Shepherd	072396f774	Start kube-apiserver in the background In rke2 everything is a static pod so this causes a chicken and egg situation in which we need the kubelet running before the kube-apiserver can be launched. By starting the apiserver in the background this allows us to do this odd bootstrapping.	5 years ago
Darren Shepherd	2f5ee914f9	Add supervisor port In k3s today the kubernetes API and the /v1-k3s API are combined into one http server. In rke2 we are running unmodified, non-embedded Kubernetes and as such it is preferred to run k8s and the /v1-k3s API on different ports. The /v1-k3s API port is called the SupervisorPort in the code. To support this separation of ports a new shim was added on the client in then pkg/agent/proxy package that will launch two load balancers instead of just one load balancer. One load balancer for 6443 and the other for 9345 (which is the supervisor port).	5 years ago
Darren Shepherd	3c8e0b4157	No longer use basic auth for default admin account	5 years ago
galal-hussein	3f927d8006	Revert "Replace traefik with nginx" This reverts commit `9a17033095`.	5 years ago
galal-hussein	717b5a765e	use multiarch image for nginx	5 years ago
galal-hussein	9a17033095	Replace traefik with nginx	5 years ago
Erik Wilson	0aeea78060	Merge pull request #1444 from KnicKnic/k3s_build_windows K3s build windows (no agents)	5 years ago
Knic Knic	2346ccc63f	get build on windows and get api_server to work	5 years ago
Darren Shepherd	782004bec9	Create pidns for rootless	5 years ago
Erik Wilson	0374c4f63d	Add --disable flag	5 years ago
Darren Shepherd	bf57a7f419	Don't start node controller if coredns is not deployed	5 years ago
Erik Wilson	76281bf731	Update k3s for k8s 1.17.0	5 years ago
Darren Shepherd	ff34c5c5cf	Download cert/key to agent with single HTTP request Since generated cert/keys are stored locally, each server has a different copy. In a HA setup we need to ensure we download the cert and key from the same server so we combined HTTP requests to do that.	5 years ago
Darren Shepherd	0ae20eb7a3	Support both http and db based bootstrap	5 years ago
Darren Shepherd	e2431bdf9d	Add dqlite support	5 years ago
Darren Shepherd	91cacb3a14	Fix server join issues	5 years ago
Darren Shepherd	ba240d0611	Refactor tokens, bootstrap, and cli args	5 years ago
galal-hussein	7c60285435	Fix master role label in ha setups	5 years ago
galal-hussein	56e0e5ad7e	Add default local storage provisioner	5 years ago
galal-hussein	b1891f445b	Add master role label on startup	5 years ago
Darren Shepherd	8f597ba168	Don't run leader elections on controllers when no leader election	5 years ago
Darren Shepherd	f0382329a5	Drop openapi hack	5 years ago
Darren Shepherd	f34329f4f1	Wrong import	5 years ago
Erik Wilson	e6067314c9	Localhost -> 127.0.0.1	5 years ago
Erik Wilson	5deef13086	Merge pull request #687 from yamt/cacerts Simplify startWrangler a bit	5 years ago
Erik Wilson	fdb997b4ee	Fix missing early returns on routes	5 years ago
YAMAMOTO Takashi	88e668cf6f	Simplify startWrangler a bit We no longer make dynamiclistener generate CA certs.	5 years ago
Erik Wilson	7090a7d551	Move node password to separate file	6 years ago
Erik Wilson	2c9444399b	Refactor certs	6 years ago
Darren Shepherd	30c3c42f93	Add missing ConfigMap cache to helm apply	6 years ago
galal-hussein	94b5a22dda	Disable the svclb controller nodeploy for svclb is passed	6 years ago
Darren Shepherd	d94a346a1e	Switch to wrangler-api and helm-controller	6 years ago
Darren Shepherd	c0702b0492	Port to wrangler	6 years ago
Darren Shepherd	0c18c5a92a	Merge pull request #461 from galal-hussein/fix_alternate_kubeconfig Create symlink for kubeconfig when --write-kubeconfig is selected	6 years ago
galal-hussein	4c6cf29e02	Create symlink for kubeconfig when --write-kubeconfig is selected	6 years ago
galal-hussein	36bab003a3	Make kubeconfig not world readable and issue warning with kubectl wrapper	6 years ago
galal-hussein	d9f958ceeb	Add no_proxy environment to server	6 years ago
Erik Wilson	e64c0298f2	Add cert per-node password authentication	6 years ago
Erik Wilson	1b2db423de	Add node name to node cert generation	6 years ago
Erik Wilson	31cf2bc9ee	Add coredns entries for nodes	6 years ago
Marco Mancini	b445bad171	Add --cluster-domain option	6 years ago
Darren Shepherd	046a817818	Add rootless support	6 years ago
galal-hussein	d255574150	Add bind address server config	6 years ago

1 2 3 4

166 Commits (b3bb7e5a11cf3356c7902ea1e59a16711f396b79)