Commit Graph

1434 Commits (b93fd98a1c733b61ac515e07f4abcaf27d2f6b7f)

Author SHA1 Message Date
William Zhang a4c992ce52 🐳 burp to inetaf/tcpproxy
Problem:
    tcpproxy repository has been moved out of the github.com/google org to github.com/inetaf.

    Solution:
    Switch to the new repo.
    FYI: https://godoc.org/inet.af/tcpproxy/

Signed-off-by: William Zhang <warmchang@outlook.com>
2021-07-08 16:58:09 -07:00
Chris Kim ada145641c
Update etcd snapshot error message to be more informative when etcd database is not found (#3568)
Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-07-07 16:01:50 -07:00
Jamie Phillips a62d143936 Fixing various bugs related to windows.
This changes the crictl template for issues with the socket information. It also addresses a typo in the socket address. Last it makes tweaks to configuration that aren't required or had incorrect logic.

Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>


spelling
2021-07-07 15:50:34 -07:00
Derek Nola 73df2d806b
Update embedded kube-router (#3557)
* Update embedded kube-router

Signed-off-by: dereknola <derek.nola@suse.com>
2021-07-07 08:46:10 -07:00
Deshi Xiao 77fcf2dfc5 missing build tag for windows
Signed-off-by: Deshi Xiao <xiaods@gmail.com>
2021-07-05 22:30:54 +08:00
Derek Nola c833183517
Add unit tests for pkg/etcd (#3549)
* Created new etcd unit tests and testing support file

Signed-off-by: dereknola <derek.nola@suse.com>
2021-07-01 16:08:35 -07:00
Brad Davidson cbfe673c43 Fix spelling to satisfy codespell check
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-07-01 13:29:03 -07:00
Brad Davidson cbacd7107e Allow passing targeted environment variables to containerd
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-07-01 13:29:03 -07:00
Hussein Galal f5fbb9a9a8
Export cli server flags and etcd restoration functions (#3527)
* Export cli server flags and etfd restoration functions

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* export S3

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-06-30 22:29:03 +02:00
Brad Davidson 246b378a27 Bump kine to resolve race condition and unrevisioned delete
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-06-30 09:54:46 -07:00
Derek Nola 3e1693bc97
Changes local storage pods to have 700 permissions (#3537)
* Changes local storage pods to have 700 permissions

Signed-off-by: dereknola <derek.nola@suse.com>
2021-06-29 13:58:12 -07:00
Chris Kim 04398a2582
Move cloud-controller-manager into an embedded executor (#3525)
* Move cloud-controller-manager into an embedded executor
* Import K3s cloud provider and clean up imports

Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-06-29 07:28:38 -07:00
Joe Kralicky a84c75af62 Adds a command-line flag '--disable-helm-controller' that will disable
the server's built-in helm controller.

Problem:
Testing installation and uninstallation of the Helm Controller on k3s is
not possible if the Helm Controller is baked into the k3s server.

Solution:
The Helm Controller can optionally be disabled, which will allow users
to manage its installation manually.

Signed-off-by: Joe Kralicky <joe.kralicky@suse.com>
2021-06-25 14:54:36 -04:00
Jamie Phillips 82394d7d36 Basic windows agent that will join a cluster without CNI.
Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>
2021-06-23 09:07:50 -07:00
Hussein Galal 136dddca11
Fix storing bootstrap data with empty token string (#3422)
* Fix storing bootstrap data with empty token string

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* delete node password secret after restoration

fixes to bootstrap key

vendor update

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix comment

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix typo

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* typos

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Removing dynamic listener file after restoration

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* go mod tidy

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-06-22 22:42:34 +02:00
Derek Nola 4b2ab8b515
Renamed client-cloud-controller crt and key (#3470)
Signed-off-by: dereknola <derek.nola@suse.com>
2021-06-16 13:54:35 -07:00
Derek Nola ef23c6c548
Redux: Change containerd image leases from context lifespan to permanent (#3464)
* Changed containerd image licenses from context lifespan to permanent. Delete any existing licenses owned by k3s on server startup

Signed-off-by: dereknola <derek.nola@suse.com>
2021-06-16 12:11:10 -07:00
Derek Nola b74c499709
Revert "Change containerd image leases from 24h to permanent (#3452)" (#3461)
This reverts commit 86b3ba8dba.
2021-06-15 14:56:14 -07:00
Derek Nola 86b3ba8dba
Change containerd image leases from 24h to permanent (#3452)
* Changed containerd image licenses from 24h to permanent. Delete any existing licenses on server startup

Signed-off-by: dereknola <derek.nola@suse.com>
2021-06-15 11:42:52 -07:00
Brian Downs 88f95ec409
Send systemd notifications for both server and agent (#3430)
* update agent to sent systemd notify after everything starts
2021-06-15 04:20:26 -07:00
Brad Davidson a7d1159ba6 Emit events for AddOn lifecycle
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-06-11 14:00:27 -07:00
Brad Davidson ea2cd6d727 Add comments, clean up imports and function names
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-06-11 14:00:27 -07:00
Brad Davidson 6e48ca9b53 Tidy up function calls with many args
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-06-11 14:00:27 -07:00
Brad Davidson 6ef000091a Add nodename to UA string for deploy controller
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-06-10 17:05:52 -07:00
Brad Davidson f6cec4e75d Add kubernetes.default.svc to serving certs
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-06-08 12:55:20 -07:00
Manuel Buil 243fd14cf1 Change Replace with ReplaceAll function
strings has a specific function to replace all matches. We should use that one instead of strings.Replace(string, old, new string, -1)

Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-06-07 09:52:26 +02:00
Brian Downs afd506a595 fix possible race where bootstrap data might not save
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-06-04 15:05:47 -07:00
Brian Downs 2682183773 add log message indicating etcd snapshots are disabled
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-06-04 09:18:16 -07:00
Derek Nola 664a98919b
Fix RBAC cloud-controller-manager name 3308 (#3388)
* Changed cloud-controller-manager user name in ccm.yaml

Signed-off-by: dereknola <derek.nola@suse.com>

* Changed RBAC name in server.go

Signed-off-by: dereknola <derek.nola@suse.com>

* Changed "k3s" string prefix to version.Program to prevent static hardcoding

Signed-off-by: dereknola <derek.nola@suse.com>

* Changed user in ccm.yaml to k3s-cloud-controller-manager

Signed-off-by: dereknola <derek.nola@suse.com>
2021-06-02 14:50:11 -07:00
Manuel Buil 5153088286
Merge pull request #3385 from manuelbuil/wireguard-fix
Move wireguard's privatekey to flannel config directory
2021-06-02 09:44:27 +02:00
Manuel Buil 1576030d6b Add a path for wireguard's privatekey
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-06-01 21:54:17 +02:00
Jamie Phillips 7345ac35ae
Initial windows support for agent (#3375)
Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>
2021-06-01 12:29:46 -07:00
Brian Downs ecbf17e2ed move object channel defer close to goroutine
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-05-18 19:58:30 -07:00
Brian Downs 254b52077e add retention default and wire in s3 prune
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-05-18 13:57:40 -07:00
Brad Davidson 7e175e8ad4 Handle conntrack-related sysctls in supervisor agent setup
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-18 13:40:44 -07:00
Brian Downs e8ecc00fc8 add etcd snapshot save subcommand
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-05-17 10:55:13 -07:00
Brian Downs 6ee28214fa
Add the ability to prune etcd snapshots (#3310)
* add prune subcommand to force rentention policy enforcement
2021-05-13 13:36:33 -07:00
Brad Davidson 079620ded0 Fix passthrough of SystemDefaultRegistry from server config
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-13 02:18:09 -07:00
MonzElmasry 24474c5734
change --disable-apiserver flag
Signed-off-by: MonzElmasry <menna.elmasry@rancher.com>
2021-05-13 00:00:11 +02:00
Brad Davidson e10524a6b1 Add executor.Bootstrap hook for pre-execution setup
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-11 18:46:15 -07:00
Brian Downs bcd8b67db4
Add the ability to list etcd snapshots (#3303)
* add ability to list local and s3 etcd snapshots
2021-05-11 16:59:33 -07:00
Brad Davidson 02a5bee62f
Add system-default-registry support and remove shared code (#3285)
* Move registries.yaml handling out to rancher/wharfie
* Add system-default-registry support
* Add CLI support for kubelet image credential providers

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-10 15:58:41 -07:00
Hussein Galal 948295e8e8
Fix cluster restoration in rke2 (#3295)
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-05-11 00:06:33 +02:00
Brad Davidson fc037e87f8 Use config file values in node-args annotation
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-10 14:08:02 -07:00
Brian Downs e998cd110d
Add the ability to delete an etcd snapshot locally or from S3 (#3277)
* Add the ability to delete a given set of etcd snapshots from the CLI for locally stored and S3 store snapshots.
2021-05-07 16:10:04 -07:00
Siegfried Weber e77fd18270 Sign CSRs for kubelet-serving with the server CA
Problem:
Only the client CA is passed to the kube-controller-manager and
therefore CSRs with the signer name "kubernetes.io/kubelet-serving" are
signed with the client CA. Serving certificates must be signed with the
server CA otherwise e.g. "kubectl logs" fails with the error message
"x509: certificate signed by unknown authority".

Solution:
Instead of providing only one CA via the kube-controller-manager
parameter "--cluster-signing-cert-file", the corresponding CA for every
signer is set with the parameters
"--cluster-signing-kube-apiserver-client-cert-file",
"--cluster-signing-kubelet-client-cert-file",
"--cluster-signing-kubelet-serving-cert-file", and
"--cluster-signing-legacy-unknown-cert-file".

Signed-off-by: Siegfried Weber <mail@siegfriedweber.net>
2021-05-05 15:59:57 -07:00
Hussein Galal f410fc7d1e
Invoke cluster reset function when only reset flag is passed (#3276)
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-05-05 17:40:04 +02:00
Brian Downs beb0d8397a reference node name when needed
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-05-04 10:03:28 -07:00
Brian Downs c5ad71ce0b
Collect and Store etcd Snapshots and Metadata (#3239)
* Add the ability to store local etcd snapshots and etcd snapshots stored in an S3 compatible object store in a ConfigMap.
2021-04-30 18:26:39 -07:00
Hussein Galal 2db3bf7a89
Export CriConnection function (#3225)
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-04-29 22:11:19 +02:00
Brad Davidson 3cb4ca4b35 Use same SANs on ServingKubeAPICert as dynamiclistener
The kube-apiserver cert should have the same SANs in the same order,
excluding the extra user-configured SANs since this will only be used
in-cluster.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-28 09:58:19 -07:00
Darren Shepherd 8f1a20c0d3 Add ability to append to slice during config file merge
If key ends in "+" the value of the key is appended to previous
values found.  If values are string instead of a slice they are
automatically converted to a slice of one string.

Signed-off-by: Darren Shepherd <darren@rancher.com>
2021-04-27 15:59:03 -07:00
Brad Davidson 2705431d96
Add support for dual-stack Pod/Service CIDRs and node IP addresses (#3212)
* Add support for dual-stack cluster/service CIDRs and node addresses

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-21 15:56:20 -07:00
Darren Shepherd a0a1071aa5
Support .d directory for k3s config file (#3162)
Configuration will be loaded from config.yaml and then config.yaml.d/*.(yaml|yml) in
alphanumeric order.  The merging is done by just taking the last value of
a key found, so LIFO for keys.  Slices are not merged but replaced.

Signed-off-by: Darren Shepherd <darren@rancher.com>
2021-04-15 11:29:24 -07:00
Brad Davidson 601c4984f5 Fix service-account-issuer
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-14 14:51:42 -07:00
Brad Davidson e8381db778 Update Kubernetes to v1.21.0
* Update Kubernetes to v1.21.0
* Update to golang v1.16.2
* Update dependent modules to track with upstream
* Switch to upstream flannel
* Track changes to upstream cloud-controller-manager and FeatureGates

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-14 14:51:42 -07:00
Brian Downs 66ed6efd57 Resolve local retention issue when S3 in use.
Remove early return preventing local retention policy to be enforced
resulting in N number of snapshots being stored.

Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-04-14 10:40:08 -07:00
Brian Downs 80e4baf525 add hidden attribute to disable flags
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-04-13 14:30:47 -07:00
Brian Downs d9381b84ad add etcd s3 secret and access key flags and env vars to secret data
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-04-12 14:47:16 -07:00
Brian Downs 693c5290b1
Update CoreDNS to version 1.8.3. (#3168)
* update CoreDNS to 1.8.3

Rerun go generate and update the CoreDNS RBAC
2021-04-09 16:47:16 -07:00
Brian Downs ad4f04d2fc
Merge pull request #3155 from briandowns/rke2-issue-856
remove hidden attribute from cluster flags and related code
2021-04-09 12:55:27 -07:00
Erik Wilson 9a53fca872 Bump traefik to v2.4.8
Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>
2021-04-08 17:42:58 -07:00
Brad Davidson 58e93feda6
Fix CI failures non-deterministic traefik chart repackaging (#3165)
* Fix CI failures non-deterministic traefik chart repackaging
* Update generated bindata

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-08 15:33:15 -07:00
Brian Downs 4a49b9e40b delete nocluster file and remove build tag
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-04-07 12:16:28 -07:00
Brian Downs 3ed9b0a997 remove hidden attribute from cluster flags and related code
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-04-07 11:36:02 -07:00
Xiao Deshi cfe7e0c734 remove duplicated func GetAddresses
refactor tunnel.go and controller.go, remove duplicated lines.

Signed-off-by: Xiao Deshi <xiaods@gmail.com>
2021-03-31 14:23:05 -07:00
Akihiro Suda cb73461a5b AkihiroSuda/containerd-fuse-overlayfs -> containerd/fuse-overlayfs-snapshotter
The repo has been moved.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-03-24 10:34:34 -07:00
Akihiro Suda e672c988e4 rootless: allow kernel.dmesg_restrict=1
When `/dev/kmsg` is unreadable due to sysctl value `kernel.dmesg_restrict=1`,
bind-mount `/dev/null` into `/dev/kmsg`

Fix issue 3011

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-03-24 01:03:14 -07:00
Akihiro Suda 6e8284e3d4 rootless: enable resource limitation (requires cgroup v2, systemd)
Now rootless mode can be used with cgroup v2 resource limitations.
A pod is executed in a cgroup like "/user.slice/user-1001.slice/user@1001.service/k3s-rootless.service/kubepods/podd0eb6921-c81a-4214-b36c-d3b9bb212fac/63b5a253a1fd4627da16bfce9bec58d72144cf30fe833e0ca9a6d60ebf837475".

This is accomplished by running `kubelet` in a cgroup namespace, and enabling `cgroupfs` driver for the cgroup hierarchy delegated by systemd.

To enable cgroup v2 resource limitation, `k3s server --rootless` needs to be launched as `systemctl --user` service.
Please see the comment lines in `k3s-rootless.service` for the usage.

Running `k3s server --rootless` via a terminal is not supported.
When it really needs to be launched via a terminal, `systemd-run --user -p Delegate --tty` needs to be prepended to create a systemd scope.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-03-24 00:37:30 -07:00
Akihiro Suda 11ef43011a bump up RootlessKit
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-03-24 00:37:30 -07:00
Brian Downs 400a632666 put etcd bootstrap save call in goroutine and update comment
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-03-17 14:33:00 -07:00
Hussein Galal 73df65d93a
remove etcd data dir when etcd is disabled (#3059)
* remove etcd data dir when etcd is disabled

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix comment

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* use debug instead of info logs

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-03-16 18:14:43 +02:00
Jacob Blain Christen 618b0f98bf
registry mirror repository rewrites (#3064)
Support repository regex rewrite rules when fetching image content.

Example configuration:
```yaml
# /etc/rancher/k3s/registries.yaml
mirrors:
  "docker.io":
    endpoint:
    - "https://registry-1.docker.io/v2"
    rewrite:
      "^library/alpine$": "my-org/alpine"
```

This will instruct k3s containerd to fetch content for `alpine` images
from `docker.io/my-org/alpine` instead of the default
`docker.io/library/alpine` locations.

Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2021-03-15 16:17:27 -07:00
Brian Downs 7c99f8645d
Have Bootstrap Data Stored in etcd at Completed Start (#3038)
* have state stored in etcd at completed start and remove unneeded code
2021-03-11 13:07:40 -07:00
Chris Kim 69f96d6225
Define a Controllers and LeaderControllers on the server config (#3043)
Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-03-11 10:39:00 -08:00
Brad Davidson 8ace8975d2 Don't start up multiple apiserver load balancers
get() is called in a loop until client configuration is successfully
retrieved. Each iteration will try to configure the apiserver proxy,
which will in turn create a new load balancer. Skip creating a new
load balancer if we already have one.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-03-08 17:05:25 -08:00
Brad Davidson c0d129003b Handle loadbalancer port in TIME_WAIT
If the port wanted by the client load balancer is in TIME_WAIT, startup
will fail. Set SO_REUSEPORT so that it can be listened on again
immediately.

The configurable Listen call wants a context, so plumb that through as
well.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-03-08 17:05:25 -08:00
Brad Davidson 7cdfaad6ce
Always use static ports for client load-balancers (#3026)
* Always use static ports for the load-balancers

This fixes an issue where RKE2 kube-proxy daemonset pods were failing to
communicate with the apiserver when RKE2 was restarted because the
load-balancer used a different port every time it started up.

This also changes the apiserver load-balancer port to be 1 below the
supervisor port instead of 1 above it. This makes the apiserver port
consistent at 6443 across servers and agents on RKE2.

Additional fixes below were required to successfully test and use this change
on etcd-only nodes.

* Actually add lb-server-port flag to CLI
* Fix nil pointer when starting server with --disable-etcd but no --server
* Don't try to use full URI as initial load-balancer endpoint
* Fix etcd load-balancer pool updates
* Update dynamiclistener to fix cert updates on etcd-only nodes
* Handle recursive initial server URL in load balancer
* Don't run the deploy controller on etcd-only nodes
2021-03-06 02:29:57 -08:00
Hussein Galal c26b737b24
Mark disable components flags as experimental (#3018)
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-03-05 00:05:20 +02:00
Brian Downs 4d1f9eda9d
Etcd Snapshot/Restore to/from S3 Compatible Backends (#2902)
* Add functionality for etcd snapshot/restore to and from S3 compatible backends.
* Update etcd restore functionality to extract and write certificates and configs from snapshot.
2021-03-03 11:14:12 -07:00
Hussein Galal 1bf04b6a50
Merge pull request #3003 from galal-hussein/fix_etcd_only_nodes
Fix etcd only nodes
2021-03-02 02:16:02 +02:00
Brad Davidson 4fb073e799 Log clearer error on startup if NPC cannot be started
Servers should always be upgraded before agents, but generally this
isn't required because things are compatible between versions. In this
case we're OK with failing closed if the user upgrades out of order, but
we should give a clearer message about what steps are required to fix
the issue.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-03-01 14:23:59 -08:00
galal-hussein ef999f0b4f change error to warn when removing self from etcd members
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-03-02 00:19:57 +02:00
galal-hussein d6124981d5 remove etcd member if disable etcd is passed
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-03-01 23:50:50 +02:00
Erik Wilson 4e5218b62c
Apply suggestions from code review
Logging cleanup

Co-authored-by: Brad Davidson <brad@oatmail.org>
2021-03-01 10:44:24 -07:00
Erik Wilson 4aac6b6bd0
Update to Traefik 2.4.2 and combine manifests 2021-03-01 10:44:24 -07:00
Erik Wilson 54a35505f0
Remove Traefik v1 migration 2021-03-01 10:44:24 -07:00
Chin-Ya Huang cc96f8140a
Allow download traefik static file and rename
Allow writing static files regardless of the version.

Signed-off-by: Chin-Ya Huang <chin-ya.huang@suse.com>
2021-03-01 10:44:24 -07:00
Chin-Ya Huang 10e0328977
Traefik v2 integration
K3s upgrade via watch over file change of static file and manifest
and triggers helm-controller for change. It seems reasonable to
only allow upgrade traefik v1->v2 when there is no existing custom
traefik HelmChartConfig in the cluster to avoid any
incompatibility.

Here also separate the CRDs and put them into a different chart
to support CRD upgrade.

Signed-off-by: Chin-Ya Huang <chin-ya.huang@suse.com>
2021-03-01 10:44:23 -07:00
Brad Davidson f970e49b7d Wait for apiserver to become healthy before starting agent controllers
It is possible that the apiserver may serve read requests but not allow
writes yet, in which case flannel will crash on startup when trying to
configure the subnet manager.

Fix this by waiting for the apiserver to become fully ready before
starting flannel and the network policy controller.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-26 19:28:53 -08:00
Brad Davidson 9b39c1c117 Hide the airgap-extra-registry flag
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-26 16:08:49 -08:00
Brad Davidson 88dd601941 Limit zstd decoder memory
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-17 11:48:03 -08:00
Brad Davidson ae5b93a264 Use HasSuffixI utility function
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-17 11:48:03 -08:00
Brad Davidson ec661c67d7 Add support for retagging images on load from tarball
Adds support for retagging images to appear to have been sourced from
one or more additional registries as they are imported from the tarball.
This is intended to support RKE2 use cases with system-default-registry
where the images need to appear to have been pulled from a registry
other than docker.io.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-17 11:48:03 -08:00
Hussein Galal 5749f66aa3
Add disable flags for control components (#2900)
* Add disable flags to control components

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* golint

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fixes to disable flags

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Add comments to functions

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Fix joining problem

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* golint

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix ticker

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix role labels

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-02-12 17:35:57 +02:00
Brian Downs 21d1690d5d
update usage text (#2926)
update to the --cluster-init usage flag to indicate it's for Etcd
2021-02-10 15:54:04 -07:00
Brad Davidson 6e768c301e Use appropriate response codes for authn/authz failures
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-09 16:28:20 -08:00
Brad Davidson 374271e9a0
Collect IPs from all pods before deciding to use internal or external addresses (#2909)
* Collect IPs from all pods before deciding to use internal or external addresses

@Taloth correctly noted that the code that iterates over ServiceLB pods
to collect IP addresses was failing to add additional internal IPs once
the map contained ANY entry from a previous node. This may date back to
when ServiceLB used a Deployment instead of a DaemonSet, so there was
only ever a single pod.

The new behavior is to collect all internal and external IPs, and then
construct the address list of a single type - external if there are any,
otherwise internal.

https://github.com/k3s-io/k3s/issues/1652#issuecomment-774497788

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Co-authored-by: Brian Downs <brian.downs@gmail.com>
2021-02-09 16:26:57 -08:00
Brad Davidson e06119729b
Improve handling of comounted cpu,cpuacct controllers (#2911)
* Improve handling of comounted cpu,cpuacct controllers

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-09 16:12:58 -08:00
Brad Davidson ad5e504cf0
Allow joining clusters when the server CA is trusted by the OS CA bundle (#2743)
* Add tests to clientaccess/token
* Fix issues in clientaccess/token identified by tests
* Update tests to close coverage gaps
* Remove redundant check turned up by code coverage reports
* Add warnings if CA hash will not be validated

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-08 22:28:57 -08:00
Brad Davidson 6c472b5942 Use zstd instead of gzip for embedded tarball
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-08 21:08:35 -08:00
Brad Davidson c5e2676d5c
Update local-path-provisioner and helper busybox (#2885)
* Update local-path-provisioner and helper busybox

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-04 10:49:25 -08:00
Brad Davidson 65c78cc397 Replace options.KubeRouterConfig with config.Node and remove metrics/waitgroup stuff
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-03 10:41:51 -08:00
Brad Davidson 07256cf7ab Add ServiceIPRange and ServiceNodePortRange to agent config
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-03 10:41:51 -08:00
Brad Davidson 95a1a86847 Spell check upstream code
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-03 10:41:51 -08:00
Brad Davidson 29483d0651 Initial update of netpol and utils from upstream
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-03 10:41:51 -08:00
Akihiro Suda f3c41b7650 fix cgroup2 support
Fix issue 900

cgroup2 support was introduced in PR 2584, but got broken in f3de60ff31

It was failing with "F1210 19:13:37.305388    4955 server.go:181] cannot set feature gate SupportPodPidsLimit to false, feature is locked to true"

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-01-25 22:45:07 -08:00
Akihiro Suda 728ebcc027 rootless: remove rootful /run/{netns,containerd} symlinks
Since a recent commit, rootless mode was failing with the following errors:

```
E0122 22:59:47.615567      21 kuberuntime_manager.go:755] createPodSandbox for pod "helm-install-traefik-wf8lc_kube-system(9de0a1b2-e2a2-4ea5-8fb6-22c9272a182f)" failed: rpc error: code = Unknown desc = failed to create network namespace for sandbox "285ab835609387f82d304bac1fefa5fb2a6c49a542a9921995d0c35d33c683d5": failed to setup netns: open /var/run/netns/cni-c628a228-651e-e03e-d27d-bb5e87281846: permission denied
...
E0122 23:31:34.027814      21 pod_workers.go:191] Error syncing pod 1a77d21f-ff3d-4475-9749-224229ddc31a ("coredns-854c77959c-w4d7g_kube-system(1a77d21f-ff3d-4475-9749-224229ddc31a)"), skipping: failed to "CreatePodSandbox" for "coredns-854c77959c-w4d7g_kube-system(1a77d21f-ff3d-4475-9749-224229ddc31a)" with CreatePodSandboxError: "CreatePodSandbox for pod \"coredns-854c77959c-w4d7g_kube-system(1a77d21f-ff3d-4475-9749-224229ddc31a)\" failed: rpc error: code = Unknown desc = failed to create containerd task: io.containerd.runc.v2: create new shim socket: listen unix /run/containerd/s/8f0e40e11a69738407f1ebaf31ced3f08c29bb62022058813314fb004f93c422: bind: permission denied\n: exit status 1: unknown"
```

Remove symlinks to /run/{netns,containerd} so that rootless mode can create their own /run/{netns,containerd}.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-01-22 19:51:43 -08:00
Brad Davidson 071de833ae Fix typo in field tag
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-01-22 19:38:37 -08:00
Brad Davidson 8011697175 Only container-runtime-endpoint wants RuntimeSocket path as URI
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-01-22 18:56:30 -08:00
Yuriy 06fda7accf
Add functionality to bind custom IP address for Etcd metrics endpoint (#2750)
* Add functionality to bind custom IP address for Etcd metrics endpoint

Signed-off-by: yuriydzobak <yurii.dzobak@lotusflare.com>
2021-01-22 17:40:48 -08:00
Brad Davidson f152f656a0
Replace k3s cloud provider wrangler controller with core node informer (#2843)
* Replace k3s cloud provider wrangler controller with core node informer

Upstream k8s has exposed an interface for cloud providers to access the
cloud controller manager's node cache and shared informer since
Kubernetes 1.9. This is used by all the other in-tree cloud providers;
we should use it too instead of running a dedicated wrangler controller.

Doing so also appears to fix an intermittent issue with the uninitialized
taint not getting cleared on nodes in CI.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-01-22 16:59:48 -08:00
Brian Downs 13229019f8
Add ability to perform an etcd on-demand snapshot via cli (#2819)
* add ability to perform an etcd on-demand snapshot via cli
2021-01-21 14:09:15 -07:00
Waqar Ahmed 3ea696815b Do not validate snapshotter argument if docker is enabled
Problem:
While using ZFS on debian and K3s with docker, I am unable to get k3s working as the snapshotter value is being validated and the validation fails.

Solution:
We should not validate snapshotter value if we are using docker as it's a no-op in that case.

Signed-off-by: Waqar Ahmed <waqarahmedjoyia@live.com>
2021-01-20 12:25:28 -08:00
Erik Wilson c71060f288
Merge pull request #2744 from erikwilson/rke2-node-password-bootstrap
Bootstrap node password with local file
2021-01-11 09:51:30 -07:00
MonzElmasry 86f68d5d62
change etcd dir permission if it exists
Signed-off-by: MonzElmasry <menna.elmasry@rancher.com>
2021-01-08 23:47:36 +02:00
Erik Wilson 4245fd7b67 Return http.StatusOK instead of 0
Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>
2020-12-23 16:55:47 -07:00
Erik Wilson 2fb411fc83 Fix spelling mistake
Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>
2020-12-23 15:08:07 -07:00
Erik Wilson 09eb44ba53 Bootstrap node password with local file
Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>
2020-12-23 15:08:06 -07:00
JenTing Hsiao 57041f0239
Add codespell CI test and fix codespell error (#2740)
* Add codespell CI test
* Fix codespell error
2020-12-22 12:35:58 -08:00
Brad Davidson 8936cf577f Bump coredns to 1.8.0
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-12-17 15:20:19 -08:00
Chris Kim 332fd73d46
Add support for both config-file and data-dir at a global level in the self-extracting wrapper for K3s (#2594)
* Add support for both config-file and data-dir at a global level in the self-extracting wrapper for K3s

Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-12-16 09:27:57 -08:00
Erik Wilson 1230d7b7df Fix HA server initialization
Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>
2020-12-15 16:08:28 -08:00
Brad Davidson 8e4d3e645b Restore legacy master role for etcd nodes
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-12-15 15:15:46 -08:00
Chris Kim 61ef2ce95e use version.Program
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-12-09 12:34:13 -08:00
Chris Kim 48925fcb88
Simplify checkCgroups function call
Co-authored-by: Brian Downs <brian.downs@gmail.com>
2020-12-09 11:59:54 -08:00
Chris Kim a3f87a81bd Independently set kubelet-cgroups and runtime-cgroups, and detect if we are running under a systemd scope
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-12-09 11:39:33 -08:00
Brad Davidson c5aad1b5ed Disable the ServiceAccountIssuerDiscovery feature-gate.
We're not setting ``--service-account-issuer` to a https URL, which causes an
error message at startup when the feature gate is enabled. From the
docs on that flag:

> If this option is not a valid URI per the OpenID Discovery 1.0 spec, the
> ServiceAccountIssuerDiscovery feature will remain disabled, even if the
> feature gate is set to true. It is highly recommended that this value
> comply with the OpenID spec:
> https://openid.net/specs/openid-connect-discovery-1_0.html. In practice,
> this means that service-account-issuer must be an https URL. It is also
> highly recommended that this URL be capable of serving OpenID discovery
> documents at {service-account-issuer}/.well-known/openid-configuration.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-12-08 22:51:34 -08:00
Brad Davidson 63f2211b31 deprecate the "node-role.kubernetes.io/master" label / taint
Related to https://github.com/kubernetes/kubernetes/pull/95382

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-12-08 22:51:34 -08:00
Brad Davidson c6950d2cb0 Update Kubernetes to v1.20.0-k3s1
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-12-08 22:51:34 -08:00
Brad Davidson cd27c6fcbe Bump coredns to 1.7.1
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-12-08 15:58:17 -08:00
Erik Wilson 0ae7f2d5ae
Merge pull request #2407 from erikwilson/node-passwd-cleanup
Use secrets for node-passwd entries
2020-12-08 16:25:13 -07:00
Chris Kim 3d1e40eaa3 Handle the case when systemd lives under `/init.scope`
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-12-08 10:26:54 -08:00
Chris Kim e71e11fed0
Merge pull request #2642 from Oats87/issues/k3s/2548-cgroup
Set a cgroup if containerized
2020-12-08 10:05:21 -08:00
Chris Kim f3de60ff31 When there is a defined cgroup for PID 1, assume we are containerized and set a root
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-12-07 13:15:15 -08:00
Hussein Galal fadc5a8057
Add tombstone file to etcd and catch errc etcd channel (#2592)
* Add tombstone file to embedded etcd

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* go mod update

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more changes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* gofmt and goimports

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* go mod update

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* go lint

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* go lint

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* go mod tidy

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2020-12-07 22:30:44 +02:00
Chin-Ya Huang 3f0f2b342e Show go version when executes with --version.
Signed-off-by: Chin-Ya Huang <chin-ya.huang@suse.com>
2020-12-04 12:51:15 -08:00
transhapHigsn 87a43c69e1 Problem: CoreDNS getting preempted by other pods
Solution: Set priorityClassName to system-node-critical of traefik, metrics-server, local storage and coredns deployment
Signed-off-by: transhapHigsn <fet.prashantsingh@gmail.com>
2020-12-04 12:50:12 -08:00
Akihiro Suda eb72d509ce pkg/agent/config: validate containerd snapshotter value
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-12-01 11:00:00 -08:00
Akihiro Suda 05f6255437 add fuse-overlayfs snapshotter (mainly for rootless mode)
Ubuntu and Debian kernels support mounting real overlayfs inside userns,
but the vanilla kernel still does not allow it.

OTOH fuse-overlayfs can be mounted inside userns with the vanilla kernel (>= 4.18).

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-12-01 11:00:00 -08:00
Akihiro Suda 43f7eaedf8 rootless: fix "stat /run/user/1000: no such file or directory" on `kubectl run`
k3s was mounting a tmpfs on `/run` by itself, so it was hiding RootlessKit's `/run`.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-12-01 10:31:21 -08:00
Akihiro Suda 67410d2757 rootless: validate sysctl before starting up
Fix #2420

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-12-01 09:21:39 -08:00
Jacob Blain Christen 3647654fe4
[migration k3s-io] update helm-controller dependency (#2569)
rancher/helm-controller ➡️ k3s-io/helm-controller

Part of https://github.com/rancher/k3s/issues/2189

Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-12-01 08:59:10 -07:00
Akihiro Suda 0b45e32486 Support cgroup v2
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-11-30 22:57:37 -08:00
Jacob Blain Christen 36230daa86
[migration k3s-io] update kine dependency (#2568)
rancher/kine ➡️ k3s-io/kine

Part of https://github.com/rancher/k3s/issues/2189

Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-11-30 16:45:22 -07:00
Brad Davidson b873d3a03b Explicitly set agent paths within --data-dir
Removing the cfg.DataDir mutation in 3e4fd7b did not break anything, but
did change some paths in unwanted ways. Rather than mutating the
user-supplied command-line flags, explicitly specify the agent
subdirectory as needed.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-11 09:26:41 -08:00
Brad Davidson 58b5b21f0d Don't pass cloud-provider flag to controller-manager
As per documentation, the cloud-provider flag should not be passed to
controller-manager when using cloud-controller. However, the legacy
cloud-related controllers still need to be explicitly disabled to
prevent errors from being logged.

Fixing this also prevents controller-manager from creating the
cloud-controller-manager service account that needed extra RBAC.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-09 13:55:09 -08:00
Brad Davidson 3e4fd7b41f Respect --data-dir path for crictl.yaml
Related to rancher/rke2#474

Note that anyone who customizes the data-dir path will have to set
CRI_CONFIG_FILE to the correct path when using the wrapped binaries
(crictl, etc). This is better than dropping files in the incorrect
location.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-05 15:51:10 -08:00
Brad Davidson f50e3140f9 Disable configure-cloud-routes and external service/route programming support when using k3s stub cloud controller
Resolves warning 3 from #2471

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-05 15:51:10 -08:00
Brad Davidson 31575e407a Add Cluster ID support to k3s stub cloud controller
Resolves warning 2 from #2471.

As per https://github.com/kubernetes/cloud-provider/issues/12 the
ClusterID requirement was never really followed through on, so the
flag is probably going to be removed in the future.

One side-effect of this is that the core k8s cloud-controller-manager
also wants to watch nodes, and needs RBAC to do so.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-05 15:51:10 -08:00
Brad Davidson 5b318d093f Fix containerd sock path warning
Resolves warning 1 from #2471

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-05 15:51:10 -08:00
Brad Davidson d1424626ac Disable containerd experimental snapshot labels
Related to #2455 and containerd/containerd#4684

These were not meant to be enabled by default, break images with many
layers, and will be disabled by default on the next containerd release.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-05 15:51:10 -08:00
Erik Wilson 992ca52c31
Enable go test in ci 2020-11-05 09:48:53 -07:00
Erik Wilson 92d04355f4
Use secrets for node-passwd entries and cleanup 2020-11-05 09:48:53 -07:00
Brad Davidson 3b8ec74049 Update disables list when building with no_stage
The --disable/--no-deploy flags actually turn off some built-in
controllers, in addition to preventing manifests from getting loaded.
Make it clear which controllers can still be disabled even when the
packaged components are ommited by the no_stage build tag.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-04 13:39:45 -08:00
Menna Elmasry 523ccaf3f2
Merge pull request #2448 from MonzElmasry/new_b
Make etcd use node private ip
2020-10-29 00:23:56 +02:00
MonzElmasry e8436cc76b
Make etcd use node private ip
Signed-off-by: MonzElmasry <menna.elmasry@rancher.com>
2020-10-28 23:45:24 +02:00
Chris Kim 7b8a147a1b
Merge pull request #2408 from Oats87/rpm-install-selinux
Add auto-install capability to install.sh for k3s-selinux
2020-10-28 14:24:09 -04:00
Hussein Galal fcd18d1b6e
skip node delete from removed member (#2413)
* skip node delete from removed member

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* use grpc errors

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* go imports

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* exit if node is the etcd that being removed

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2020-10-28 18:32:51 +02:00
Chris Kim 96fc4c4b21 Add iptable_nat to modprobe list
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-10-27 14:22:14 -04:00
Brad Davidson de18528412
Make etcd voting members responsible for managing learners (#2399)
* Set etcd timeouts using values from k8s instead of etcdctl
  Fix for one of the warnings from #2303
* Use etcd zap logger instead of deprecated capsnlog
  Fix for one of the warnings from #2303
* Remove member self-promotion code paths
* Add learner promotion tracking code
* Fix RaftAppliedIndex progress check
* Remove ErrGRPCKeyNotFound check
  This is not used by v3 API - it just returns a response with 0 KVs.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-10-27 11:06:26 -07:00
Erik Wilson 6b11d86037
Merge pull request #2377 from erikwilson/no-proxy-fix
Use no_proxy env, add .svc and cluster domains
2020-10-12 13:46:22 -07:00
Erik Wilson 56e077eb29
Use no_proxy env, add .svc and cluster domains 2020-10-12 11:02:07 -07:00
Erik Wilson 114b5ccad1
Merge pull request #2363 from erikwilson/netpol-informers
Add event handlers to network policy controller
2020-10-12 08:53:39 -07:00
Erik Wilson e26e333b7e
Add network policy controller CacheSyncOrTimeout 2020-10-07 12:35:44 -07:00
Erik Wilson 045cd49ab5
Add event handlers to network policy controller 2020-10-07 12:10:27 -07:00
Erik Wilson ce0da0a0f4
Add file verification for data directory 2020-10-06 10:29:27 -07:00
Erik Wilson 66d29148f7
Add Release function for flock 2020-10-06 10:29:27 -07:00
Erik Wilson 360d82d20e
Add flock from k8s.io/kubernetes/pkg/util/flock 2020-10-06 10:29:26 -07:00
Brad Davidson c3c983198f Add temporary fix for issue with interrupted etcd promote
This is a minimal fix for https://github.com/rancher/rke2/issues/392

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-30 11:45:58 -07:00
Hussein Galal 373449ec0a
Allow for multiple etcd snapshot restoration (#2307)
* add reset tmp file

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* go imports

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix multiple lines string

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix typo

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* use resetFile function

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2020-09-30 02:53:31 +02:00
Brad Davidson 8262e23169
Revert removal of EndpointName hooks (#2319)
* Revert "Remove dead EndpointName code"
    This reverts commit 8025da5a8d.
* Fix docstrings based on proper understanding of use
2020-09-28 18:13:55 -07:00
Brad Davidson 360b0f1ee5 Add timeout to clientaccess http client
The default http client does not have an overall request timeout, so
connections to misbehaving or unavailable servers can stall for an
excessive amount of time. At the moment, just attempting to join
an unavailable cluster takes 2 minutes and 40 seconds to timeout.

Resolve that by setting a reasonable request timeout.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:26:27 -07:00
Brad Davidson cdfc6cfa1a Split clientaccess token/kubeconfig code
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:26:27 -07:00
Brad Davidson 45dd4afe50 Simplify token parsing
Improves readability, reduces round-trips to the join server to validate certs.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:26:24 -07:00
Brad Davidson 9074da7405 Fix misc nits and missing/unused imports
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:10:00 -07:00
Brad Davidson 703ba5cde7 Add a bunch of doc comments
Also change identical error messages to clarify where problems are
occurring.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:10:00 -07:00
Brad Davidson ae916c2dec Use const for kube-system namespace
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:10:00 -07:00
Brad Davidson f59e8fc21b Fix etcd directory permissions
Silences warning on startup about insecure directory permissions

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:10:00 -07:00
Brad Davidson ee99660a96 Rename etcd directory helpers to reduce confusion about which datadir we're talking about
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:10:00 -07:00
Brad Davidson 8025da5a8d Remove dead EndpointName code
According to @galal-hussein this is dead code that was probably brought
over from Kine. I certainly couldn't figure out what it is supposed to
be doing.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:10:00 -07:00
Brad Davidson 97eb28a01a Remove unnecessary listener arg from managed DB setup
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:09:45 -07:00
Brad Davidson a3bbd58f37 Fix managed etcd cold startup deadlock issue #2249
We should ignore --token and --server if the managed database is initialized,
just like we ignore --cluster-init. If the user wants to join a new
cluster, or rejoin a cluster after --cluster-reset, they need to delete
the database. This a cleaner way to prevent deadlocking on quorum loss,
and removes the requirement that the target of the --server argument
must be online before already joined nodes can start.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 02:44:49 -07:00
Brad Davidson 42bba04651
Skip etcd snapshots if the local endpoint is still a learner (#2295)
* Don't take snapshots if the local endpoint is still a learner
* Configure timeouts for etcd client dialer
2020-09-21 20:23:18 -07:00
Brian Downs ba70c41cce
Initial Logging Output Update (#2246)
This attempts to update logging statements to make them consistent
through out the code base. It also adds additional context to messages
where possible, simplifies messages, and updates level where necessary.
2020-09-21 09:56:03 -07:00
Hussein Galal 46fe57d7e9
reset etcd name on cluster reset (#2284)
* reset etcd name on cluster reset

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* gofmt

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2020-09-19 03:09:36 +02:00
Brad Davidson 8c6d3567fe Rename k3s-controller based on the build-time program name
Since we're replacing the k3s rolebindings.yaml in rke2, we should allow
renaming this so that we can use the white-labeled name downstream.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-16 10:53:07 -07:00
Brad Davidson ae5519c047
Use rancher-mirrored busybox for local-path-provisioner (#2257)
Related to #1908

Will be fixed upstream by
https://github.com/rancher/local-path-provisioner/pull/135/ but we're
not going to update the LPP image right now since it's undergoing some
changes that we don't want to pick up at the moment.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-15 18:02:51 -07:00
Erik Wilson a08e998bc5 Import containerd images with all platforms
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-14 20:44:58 -07:00
Brad Davidson fcaeebaa18 Add support for disabling all staged content
This reduces the binary footprint for downstream users that won't use
these files anyway.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-14 14:21:37 -07:00
Menna Elmasry edb3e5b7a7
Add error logger to http server (#2242)
* add error logger to http server

Signed-off-by: MonzElmasry <menna.elmasry@rancher.com>
2020-09-14 23:14:30 +02:00
Brian Downs 15d7b61939 Merge remote-tracking branch 'upstream/master' into issue-112 2020-09-04 14:41:42 -07:00
Brian Downs 4c3ec907ab
remove k8s daemon config from setup hook in favor of specific fields from the config (#2206)
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-09-04 09:30:36 -07:00
Brian Downs bb8e5374ea conform to repo conventions
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-09-03 18:48:30 -07:00
Brian Downs 898cbeb9b6 Merge remote-tracking branch 'upstream/master' into issue-112 2020-09-03 17:26:48 -07:00
Darren Shepherd 289ba8df6a All arguments should be of the form --k=v so that bool flags will work
Previously a bool flag would be rendered as --flag false for `flag: false`
which is invalid and results in the opposite of what you'd expect.

Signed-off-by: Darren Shepherd <darren@rancher.com>
2020-09-03 16:25:35 -07:00
Darren Shepherd 64ae6affc5 Missing registering debug/config flags on server subcommand
Signed-off-by: Darren Shepherd <darren@rancher.com>
2020-09-03 13:19:25 -07:00
Brian Downs 00831f9bc8 use version.Program
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-09-03 08:51:17 -07:00
Brian Downs 301fb73952 add node ip to the request header for cert gen
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-09-02 19:15:09 -07:00
Craig Jellick 53b3d0fc56
Merge pull request #2180 from ibuildthecloud/configfile
Go back to urfave v1
2020-09-02 11:05:19 -07:00
Brad Davidson a3e9d31e6c
Merge pull request #2097 from iwilltry42/registry-insecure-skip-verify
Feature: add insecure_skip_verify field to registry config template
2020-09-01 15:58:26 -07:00
Darren Shepherd 551a1842ad
Update pkg/cli/cmds/config.go
Co-authored-by: Jacob Blain Christen <dweomer5@gmail.com>
2020-09-01 10:43:28 -07:00
Darren Shepherd 7657ed2e13
Update pkg/cli/server/server.go
Co-authored-by: Jacob Blain Christen <dweomer5@gmail.com>
2020-09-01 10:43:19 -07:00
Darren Shepherd 21d21ddd4d Add config file support independent of CLI framework
Signed-off-by: Darren Shepherd <darren@rancher.com>
2020-08-29 21:44:13 -07:00
Darren Shepherd ae5c585050 Revert "Add config file support"
This reverts commit e1dc3451bc.

Signed-off-by: Darren Shepherd <darren@rancher.com>
2020-08-29 21:44:07 -07:00
Erik Wilson 447097a597
Merge pull request #2098 from erikwilson/k8s-1.19
Update to k8s 1.19
2020-08-28 18:22:15 -07:00
Erik Wilson c5dc09159f
Move basic authentication to k3s 2020-08-28 17:18:34 -07:00
Erik Wilson 57fc0c9c87
Fix up authenticator 2020-08-28 17:18:34 -07:00
Erik Wilson acc42874d8
Add k8s.io/apiserver/plugins/pkg/authenticator from release-1.18 2020-08-28 17:18:34 -07:00
Erik Wilson 837a943234
Update for k8s 1.19 2020-08-28 17:18:34 -07:00
Erik Wilson daa4beb22c
Update go.mod for k8s 1.19 2020-08-28 17:18:31 -07:00
Erik Wilson 720197b9b1
Fix linting issues 2020-08-28 17:18:29 -07:00
Brian Downs 866dc94cea
Galal hussein etcd backup restore (#2154)
* Add etcd snapshot and restore

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix error logs

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* goimports

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix flag describtion

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Add disable snapshot and retention

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* use creation time for snapshot retention

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* unexport method, update var name

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* adjust snapshot flags

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update var name, string concat

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* revert previous change, create constants

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* updates

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* type assertion error checking

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* pr remediation

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* pr remediation

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* pr remediation

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* pr remediation

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* pr remediation

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* updates

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* updates

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* simplify logic, remove unneeded function

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update flags

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update flags

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* add comment

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* exit on restore completion, update flag names, move retention check

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* exit on restore completion, update flag names, move retention check

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* exit on restore completion, update flag names, move retention check

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update disable snapshots flag and field names

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* move function

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update field names

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update var and field names

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update var and field names

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update defaultSnapshotIntervalMinutes to 12 like rke

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update directory perms

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update etc-snapshot-dir usage

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update interval to 12 hours

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* fix usage typo

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* add cron

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* add cron

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* add cron

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* wire in cron

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* wire in cron

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* wire in cron

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* wire in cron

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* wire in cron

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* wire in cron

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* wire in cron

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update deps target to work, add build/data target for creation, and generate

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* remove dead make targets

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* error handling, cluster reset functionality

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* error handling, cluster reset functionality

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* update

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* remove intermediate dapper file

Signed-off-by: Brian Downs <brian.downs@gmail.com>

Co-authored-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2020-08-28 16:57:40 -07:00
Frederick F. Kautz IV cdce2b7e9a
Add support for compressed images when pre-loading images (#2165)
* Add support for compressed images when pre-loading images

Signed-off-by: Frederick F. Kautz IV <fkautz@alumni.cmu.edu>

* attempting to fix vendor source being dirty

Signed-off-by: Frederick F. Kautz IV <fkautz@alumni.cmu.edu>

* fixing file extension for .tar.lz4

Signed-off-by: Frederick F. Kautz IV <fkautz@alumni.cmu.edu>
2020-08-28 12:27:01 -07:00
Brad Davidson c4ac620b8b
Merge pull request #2159 from brandond/config_file_rename
Rename flags.conf to config.yaml
2020-08-25 21:43:48 -07:00
Brad Davidson b4d81a9e33 Remove lingering references to dqlite
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-08-24 17:09:19 -07:00
Brad Davidson 43fcc5ddcb Rename flags.conf => config.yaml
Related to https://github.com/rancher/rke2/issues/150

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-08-24 14:56:30 -07:00
Brad Davidson c980fa68a0
Update helm-controller for HelmChartConfig CRD (#2114)
* Update helm-controller for HelmChartConfig CRD

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-08-20 14:23:50 -07:00
Brian Downs 324bb55986 add ctx to hook, handle hook errors
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-08-19 16:54:58 -07:00
Brian Downs fa2c1422b3 change name of variable
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-08-19 14:30:53 -07:00
Brian Downs a4b2953017 add setup hook capabilities for rke2
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-08-19 13:42:45 -07:00
Brad Davidson 79c499f0e0 Fix handling of TLS configuration args
Also fixes an unrelated error formatting issue turned up while testing.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-08-18 16:44:10 -07:00
Brad Davidson b1d017f892 Update dynamiclistener
Second round of fixes for #1621

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-08-18 10:38:47 -07:00
Jacob Blain Christen e2089bea18
cli: add --selinux flag to agent/server sub-cmds (#2111)
* cli: add --selinux flag to agent/server sub-cmds

Introduces --selinux flag to affirmatively enable SELinux in containerd.
Deprecates --disable-selinux flag which now defaults to true which
auto-detection of SELinux configuration for containerd is no longer
supported.  Specifying both --selinux and --disable-selinux will result
in an error message encouraging you to pick a side.

* Update pkg/agent/containerd/containerd.go

update log warning message about enabled selinux host but disabled runtime

Co-authored-by: Brad Davidson <brad@oatmail.org>
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-08-11 16:17:32 -07:00
Jacob Blain Christen 97ff5affab
Merge pull request #2065 from dweomer/containerd/v1.3.6-selinux
updated containerd/cri selinux support
2020-08-07 11:09:28 -07:00
Thorsten Klein cf8c101b70
registry template: add insecure_skip_verify field
Signed-off-by: Thorsten Klein <iwilltry42@gmail.com>
2020-08-06 08:02:08 +02:00
Brad Davidson 3f2551ec05
Merge pull request #1848 from euank/insecure-on-lo
Listen insecurely on localhost only
2020-08-05 10:55:09 -07:00
Euan Kemp 4808c4e7d5 Listen insecurely on localhost only
Before this change, k3s configured the scheduler and controller's
insecure ports to listen on 0.0.0.0. Those ports include pprof, which
provides a DoS vector at the very least.

These ports are only enabled for componentstatus checks in the first
place, and componentstatus is hardcoded to only do the check on
localhost anyway (see
https://github.com/kubernetes/kubernetes/blob/v1.18.2/pkg/registry/core/rest/storage_core.go#L341-L344),
so there shouldn't be any downside to switching them to listen only on
localhost.
2020-08-05 10:28:11 -07:00
Akihiro Suda a70cdac356
update rootlesskit to v0.10.0
Fix intermittent "Connection reset by peer" error during port forwarding

https://github.com/rootless-containers/rootlesskit/issues/153

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-08-05 18:22:05 +09:00
Brad Davidson 3e8141dc65 Update dynamiclistener
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-08-04 13:05:37 -07:00
Hussein Galal 169ee63907
Add etcd members as learners (#2066)
* Add etcd members as learners

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Ignore errors in promote member

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2020-07-29 22:52:49 +02:00
Brad Davidson 1eec7348a5 Call setproctitle to conceal node args in ps output
This is related to #2014.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-07-28 15:49:49 -07:00
Jacob Blain Christen 371bee82f9 containerd: bump to v1.3.6
Remove $NOTIFY_SOCKET, if present, from env when invoking containerd to
prevent gratuitous notifications sent to systemd.

Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-07-27 14:41:52 -07:00
Brad Davidson dfd0f9d1a6 Correctly report and propagate kubeconfig write failures
As seen in issues such as #15 #155 #518 #570 there are situations where
k3s will fail to write the kubeconfig file, but reports that it wrote it
anyway as the success message is printed unconditionally. Also, secondary
actions like setting file mode and creating a symlink are also attempted
even if the file was not created.

This change skips attempting additional actions, and propagates the
failure back upwards.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-07-24 12:07:32 -07:00
Brad Davidson 9da8dc4f61 Update coredns version to 1.6.9 for master
Needed for #1844

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-07-21 11:06:44 -07:00
Brian Downs 5a81fdbdc5 update cis flag implementation to propogate the rest of the way through to kubelet
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-07-20 16:31:56 -07:00
Jason e3f8789114
Add containerd snapshotter flag (#1991)
* Add containerd snapshotter flag

Signed-off-by: Jason-ZW <zhenyang@rancher.com>

* Fix CamelCase nit and option description

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Jason-ZW <zhenyang@rancher.com>

Co-authored-by: Brad Davidson <brad@oatmail.org>
2020-07-18 01:16:23 +02:00
Brian Downs abb2d9aad1 add flag usage
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-07-14 15:55:18 -07:00
Brian Downs 57a6319fac add protect-kernel-defaults to kubelet
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-07-14 15:46:10 -07:00
Erik Wilson 66a8c2ad7f
Merge pull request #1899 from erikwilson/config-file
Add config file support
2020-07-14 08:41:45 -07:00
Brian Downs ebac755da1 add profiling flag with default value of false
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-07-10 13:08:04 -07:00
Erik Wilson e1dc3451bc
Add config file support 2020-07-10 10:34:00 -07:00
Brian Downs 99a8bca522 remove hard coded value
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-07-09 11:20:06 -07:00
Brandon Davidson 538842ffdc
Merge pull request #1768 from brandond/fix_1764
Configure default signer implementation to use ClientCA instead of ServerCA
2020-07-07 16:52:14 -07:00
Erik Wilson 0d6a2bfb0b
Merge pull request #1974 from mschneider82/patch-1
fixed panic in network_policy_controller
2020-07-01 09:48:00 -07:00
Erik Wilson 42f0b95ac5
Merge pull request #1800 from niusmallnan/dev
Add retry backoff for starting network-policy controller
2020-07-01 09:47:21 -07:00
niusmallnan d713683614 Add retry backoff for starting network-policy controller
Signed-off-by: niusmallnan <niusmallnan@gmail.com>
2020-06-30 09:25:09 +08:00
Matthias Schneider 56a083c812 fixed panic in network_policy_controller
I have rebooted a newly created k3s etcd cluster and this panic was triggered:

    ```
    k3s[948]: [signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x45f2945]
    k3s[948]: goroutine 1 [running]:
    k3s[948]: github.com/rancher/k3s/pkg/agent/netpol.NewNetworkPolicyController(0xc00159e180, 0x61b4a60, 0xc006294000, 0xdf8475800, 0xc011d9a360, 0xc, 0x0, 0xc00bf545b8, 0x2b2edbc)
    k3s[948]:         /home/x/git/k3s/pkg/agent/netpol/network_policy_controller.go:1698 +0x275
    ```

Signed-off-by: Matthias Schneider <ms@wck.biz>
2020-06-29 20:49:24 +02:00
Jacob Blain Christen 3197d206ce
Merge pull request #1892 from dweomer/servicelb/node-role
servicelb: fix ineffective toleration
2020-06-26 13:55:57 -07:00
Brian Downs 58aae57e12 set environment variable and create config for crictl
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-06-24 14:26:44 -07:00
Brian Downs 63dbf806df create symlink from docker sock to where crictl in k3s is looking for the sock to use
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-06-23 18:42:45 -07:00
Hussein Galal f5ee757b86
Add cluster dns configmap (#1785) 2020-06-22 23:06:01 +02:00
Brian Downs 7f4f237575
added profile = false args to api, controllerManager, and scheduler (#1891) 2020-06-12 21:09:41 +02:00
Jacob Blain Christen 1ed12cffa0 servicelb: fix ineffective toleration
noderole.kubernetes.io/master -> node-role.kubernetes.io/master
2020-06-11 14:39:12 -07:00
galal-hussein c580a8b528 Add heartbeat interval and election timeout 2020-06-06 16:39:42 -07:00
Darren Shepherd 6b5b69378f Add embedded etcd support
This is replaces dqlite with etcd.  The each same UX of dqlite is
followed so there is no change to the CLI args for this.
2020-06-06 16:39:41 -07:00
Darren Shepherd 39571424dd Generate etcd certificates 2020-06-06 16:39:41 -07:00
Darren Shepherd a18d387390 Refactor clustered DB framework 2020-06-06 16:39:41 -07:00
Darren Shepherd 4317a91b96 Delete dqlite 2020-06-06 16:39:41 -07:00
Darren Shepherd 7e59c0801e Make program name a variable to be changed at compile time 2020-06-06 16:39:41 -07:00
Taeho Kim 3d59a85dae Upgrade local-path-storage to v0.0.14 2020-06-02 13:47:37 +00:00
Erik Wilson 43b9bf2e50
Merge pull request #1795 from StateFarmIns/support_for_setting_default_ssl_ciphers
Feature Request #1741: Update to set default CipherSuites
2020-05-15 09:41:37 -07:00
Erik Wilson d10d6f7fb3
Merge pull request #1762 from consideRatio/coredns-readinessprobe
coredns: readiness- and livenessProbe tweaks (~15s -> ~3s startup)
2020-05-15 09:40:54 -07:00
Chuck Schweizer 19c34bd12d Update to set default CipherSuites
The default CipherSuites need to be set to disable the insecure TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Cipher
2020-05-13 08:34:45 -05:00
Chuck Schweizer ca9c9c2e1e Adding support for TLS MinVersion and CipherSuites
This will watch for the following kube-apiserver-arg variables and apply
them to the k3s kube-apiserver https listener.

  --kube-apiserver-arg=tls-cipher-suites=XXXXXXX
  --kube-apiserver-arg=tls-min-version=XXXXXXX
2020-05-07 09:27:09 -05:00
Erik Sundell 27ae2fb9c8 coredns: go generate 2020-05-07 16:21:46 +02:00
Darren Shepherd cb4b34763e
Merge pull request #1759 from ibuildthecloud/background
Start kube-apiserver in the background
2020-05-06 21:50:48 -07:00
Darren Shepherd e5fe184a44
Merge pull request #1757 from ibuildthecloud/separate-port
Add supervisor port
2020-05-06 21:32:45 -07:00
Darren Shepherd 072396f774 Start kube-apiserver in the background
In rke2 everything is a static pod so this causes a chicken and egg situation
in which we need the kubelet running before the kube-apiserver can be
launched.  By starting the apiserver in the background this allows us to
do this odd bootstrapping.
2020-05-06 21:17:23 -07:00
Brad Davidson 71561ecda2 Use ClientCA for the signer controller 2020-05-06 16:51:35 -07:00
Darren Shepherd f38082673d
Merge pull request #1753 from ibuildthecloud/prepull
Support prepulling images on start
2020-05-05 22:11:52 -07:00
Darren Shepherd 74bcf4da0b
Merge pull request #1756 from ibuildthecloud/less-logging
Only echo Waiting for kubelet every 30 seconds
2020-05-05 22:07:50 -07:00
Darren Shepherd 2f5ee914f9 Add supervisor port
In k3s today the kubernetes API and the /v1-k3s API are combined into
one http server.  In rke2 we are running unmodified, non-embedded Kubernetes
and as such it is preferred to run k8s and the /v1-k3s API on different
ports.  The /v1-k3s API port is called the SupervisorPort in the code.

To support this separation of ports a new shim was added on the client in
then pkg/agent/proxy package that will launch two load balancers instead
of just one load balancer.  One load balancer for 6443 and the other
for 9345 (which is the supervisor port).
2020-05-05 15:54:51 -07:00
Darren Shepherd afd6f6d7e7 Encapsulate execution logic
This moves all the calls to cobra root commands to one package
so that we can change the behavior of running components as embedded
or external.
2020-05-05 15:34:32 -07:00
Darren Shepherd 61ba9171ce Only echo Waiting for kubelet every 30 seconds
Don't print a message every second while we are waiting for the
kubelet to report Ready.
2020-05-05 15:23:18 -07:00
Darren Shepherd 1d05e99769
Merge pull request #1752 from ibuildthecloud/disable-ccm
Don't write ccm.yaml if --disable-cloud-controller is set
2020-05-05 15:11:10 -07:00
Darren Shepherd 6932d03bb4 Support prepulling images on start
In the agent/images folder if a .txt file is found it is assumed to
be a line separated list of image names to pull on start.
2020-05-05 14:45:39 -07:00
Darren Shepherd 70ddc799bd
Merge pull request #1691 from ibuildthecloud/staticpod
Suppport static pods at ${datadir}/agent/staticpods
2020-05-05 14:35:45 -07:00
Darren Shepherd 341895c322 Don't write ccm.yaml if --disable-cloud-controller is set 2020-05-05 13:01:52 -07:00
Darren Shepherd 8c7fbe3dde Suppport static pods at ${datadir}/agent/pod-manifests 2020-05-05 12:43:47 -07:00
Erik Wilson 39c3854648
Merge pull request #1720 from ilknarf/master
remove redundant Sprintf
2020-05-04 20:50:58 -07:00
Erik Wilson c71561129e
Merge pull request #1716 from ibuildthecloud/debugpublic
Make debug variable public to be used by wrapper programs
2020-05-04 20:50:36 -07:00
Erik Wilson c941e1d0bb
Merge pull request #1695 from ibuildthecloud/kubeproxy
Add ability to disable kubeproxy
2020-05-04 20:26:22 -07:00
Erik Wilson df1725cb06
Merge pull request #1694 from ibuildthecloud/inittwice
Allow InitLogging to be called twice
2020-05-04 20:22:04 -07:00
Erik Wilson 2fb5bad3e8
Merge pull request #1704 from ibuildthecloud/x509-admin
No longer use basic auth for default admin account
2020-05-04 20:21:12 -07:00
Erik Wilson 21eabd902b
Merge pull request #1693 from ibuildthecloud/disableditem
Move disabled items to a const to keep more consistency
2020-05-04 20:16:42 -07:00
Erik Wilson 21266bab7e
Merge pull request #1692 from ibuildthecloud/err
Check for error on mkdir
2020-05-04 20:16:20 -07:00
Erik Wilson ed8cd9250b
Merge pull request #1690 from ibuildthecloud/flannel
Only need to resolve the path of host-local if Flannel is enabled
2020-05-04 20:15:59 -07:00
Erik Wilson 47bb0939e6
Merge pull request #1611 from Dirbaio/master
Correctly quote auth strings in containerd config. For #1610
2020-05-04 19:27:17 -07:00
Frank a18d94e5f9 remove redundant Sprintf 2020-04-30 10:48:12 -05:00
Darren Shepherd 56770ff2cc Make debug variable public to be used by wrapper programs 2020-04-29 11:37:59 -07:00
Darren Shepherd 3c8e0b4157 No longer use basic auth for default admin account 2020-04-28 16:01:33 -07:00
Darren Shepherd 5715e1ba0d Add ability to disable kubeproxy 2020-04-27 11:24:00 -07:00
Darren Shepherd 7920fa48c9 Only need to resolve the path of host-local if Flannel is enabled 2020-04-27 11:17:41 -07:00
Darren Shepherd 8cc9efdf7c Allow InitLogging to be called twice
This makes it a bit easier to embed k3s into another go program
2020-04-27 11:16:08 -07:00
Darren Shepherd 8b8af94eb2 Move disabled items to a const to keep more consistency
This also help when embedding k3s because we can programmitically know
all the components to disable.
2020-04-27 11:15:35 -07:00
Darren Shepherd c25f1ab1b6 Check for error on mkdir 2020-04-27 11:14:21 -07:00
Darren Shepherd 130e6e31a1
Merge pull request #1664 from KnicKnic/windows-18-build
fix build windows v1.18
2020-04-27 09:23:32 -07:00
Darren Shepherd e4f87f51e2
Merge pull request #1681 from KnicKnic/fix_file_paths
fix usage of path instead of filepath
2020-04-27 09:21:48 -07:00
Darren Shepherd 7d06d2ccc1
Merge pull request #1653 from KnicKnic/enable_agent_windows
enable agent to start on windows
2020-04-27 09:05:12 -07:00
Knic Knic 44b8af097c fix usage of path instead of filepath 2020-04-25 00:29:18 -07:00
Erik Wilson 2c49341113
Merge pull request #1669 from erikwilson/manifest-mod-time
Check modification time before deploying manifests
2020-04-23 14:17:14 -07:00
galal-hussein 1d6b83d8a4 go generate 2020-04-23 02:42:12 +02:00
Erik Wilson fec2c271c2 Check modification time before deploying manifests 2020-04-22 09:58:41 -07:00
Knic Knic d919a0b998 Mock out rootlessports on windows 2020-04-21 15:43:36 -07:00
Darren Shepherd dfcbd5a3c1 Update generated code 2020-04-18 23:59:08 -07:00
Darren Shepherd a8d96112d9 Updates for k8s v1.18 support 2020-04-18 23:59:08 -07:00
Knic Knic 7f77c9a3c8 enable agent to start on windows 2020-04-18 23:43:08 -07:00
Dario Nieuwenhuis cd0b58e920 Correctly quote auth strings in containerd config. Fixes #1610 2020-04-03 02:42:01 +02:00
louis f2a4e1d57d feat: add master taint toleration to klipper, coredns, metrics-server, traefik and local-storage 2020-03-25 19:11:10 +01:00
galal-hussein 2b6faa925f use mirrored images for traefik and coredns 2020-03-23 19:00:30 +02:00
galal-hussein 356fe006a2 Add asterisks for omitted values in nodeconfig 2020-03-12 20:18:56 +02:00
galal-hussein 3f927d8006 Revert "Replace traefik with nginx"
This reverts commit 9a17033095.
2020-03-11 01:45:23 +02:00
galal-hussein c4f18227fc default backend multiarch 2020-03-09 23:52:04 +02:00
galal-hussein 717b5a765e use multiarch image for nginx 2020-03-07 00:19:32 +02:00
Erik Wilson ceff3f58fb
Merge pull request #1466 from galal-hussein/traefik_to_nginx
Replace traefik with nginx
2020-03-02 15:04:09 -07:00
galal-hussein 9a17033095 Replace traefik with nginx 2020-03-03 00:00:39 +02:00
Erik Wilson 8725798578
Merge pull request #1464 from erikwilson/selinux-update
Simplify SELinux detection and add --disable-selinux flag
2020-02-28 15:42:45 -07:00
Erik Wilson a3cb9ee1f6 Simplify SELinux detection and add --disable-selinux flag 2020-02-28 10:10:55 -07:00
Erik Wilson 0aeea78060
Merge pull request #1444 from KnicKnic/k3s_build_windows
K3s build windows (no agents)
2020-02-27 11:46:21 -07:00
Darren Shepherd 4d32fe9959 Support SELinux 2020-02-24 16:03:09 -07:00
Erik Wilson 4210800648
Merge pull request #1343 from ibuildthecloud/rootless
Create pidns for rootless
2020-02-24 15:05:52 -07:00
Knic Knic c2db115ec3 fix formatting 2020-02-23 00:48:26 -08:00
Knic Knic 2346ccc63f get build on windows and get api_server to work 2020-02-22 23:17:59 -08:00
Knic Knic 522e08872a do not rename inuse files 2020-02-21 22:45:05 -08:00
Erik Wilson fe45eb008a
Merge pull request #1416 from erikwilson/device-plugins-path
Use default kubelet device-plugins path
2020-02-14 14:19:51 -07:00
galal-hussein d49ef31767 Inject node config on startup 2020-02-14 21:17:13 +02:00
Erik Wilson b15c4473cd Use default kubelet device-plugins path 2020-02-14 10:18:07 -07:00
Darren Shepherd 782004bec9 Create pidns for rootless 2020-01-31 21:40:34 -07:00
Erik Wilson 0374c4f63d Add --disable flag 2020-01-30 16:45:01 -07:00
Erik Wilson 3592d0bdd9
Merge pull request #1344 from ibuildthecloud/dialer-fallback
If tunnel session does not exist fallback to default dialer
2020-01-27 13:59:45 -07:00
Erik Wilson 1a2690d7be
Merge pull request #1192 from galal-hussein/add_encryption_config
Add secret encryption config
2020-01-27 13:59:09 -07:00
Darren Shepherd bf57a7f419 Don't start node controller if coredns is not deployed 2020-01-22 11:09:36 -07:00
Darren Shepherd 3396a7b099 If tunnel session does not exist fallback to default dialer 2020-01-22 11:04:41 -07:00
Erik Wilson 1b23c891dd
Merge pull request #1304 from erikwilson/fixup-cadvisor
Run kubelet with containerd flag
2020-01-20 15:37:22 -07:00
Erik Wilson 4cacffd7e6
Merge pull request #1298 from erikwilson/warn-npc-fail
Warn if NPC can't start rather than fatal error
2020-01-20 15:36:56 -07:00
Erik Wilson fa03a0df3c Run kubelet with containerd flag
The containerd flag was accidentally added to kubelet and is
deprecated, but needed for cadvisor to properly connect with
the k3s containerd socket, so adding for now.
2020-01-16 10:25:57 -07:00
Erik Wilson 5b98d10e4b Warn if NPC can't start rather than fatal error
If the ip_set kernel module is not available we should warn
that the network policy controller can not start rather than
cause a fatal error.

Also adds module probing and config checks for ip_set.
2020-01-14 14:30:12 -07:00
Erik Wilson 7675f9f85c Clean up host-gw variable names 2020-01-08 17:43:07 -07:00
Segator c23f12765e hostgw flannel support 2020-01-08 17:43:07 -07:00
Segator 6736e24673 support hostgw 2020-01-08 17:43:07 -07:00
Erik Wilson 9421746ccf
Merge pull request #1235 from ibuildthecloud/master
Fix uint64 truncation issue in dqlite
2019-12-23 13:56:18 -07:00
galal-hussein 388cd9c4e8 Add secret encryption configuration 2019-12-23 13:16:27 +02:00
Darren Shepherd 9bda58c81a Fix uint64 truncation issue in dqlite 2019-12-21 08:51:39 -07:00
galal-hussein 07d4c1510d Add lease permissions to ccm cluster role 2019-12-21 04:41:24 +02:00
Erik Wilson 5c37454762
Merge pull request #1198 from narqo/tunel-addr-join-host-port
Respect IPv6 when building proxy address
2019-12-19 15:20:12 -07:00
Erik Wilson 9b2538c2c4 Set wireguard persistent-keepalive on wg set peer 2019-12-19 14:54:48 -07:00
Erik Wilson 3376f31fc2 Revert "Merge pull request #1190 from erikwilson/wireguard-keepalive"
This reverts commit e712cdf7e8, reversing
changes made to d5929bc8c8.

Wireguard docs fail to describe that persistent-keepalive is only valid
when peer is set.
2019-12-19 14:41:38 -07:00
Vladimir Varankin 0c5299c951 pkg/agent/tunnel: respect ipv6 when building proxy addresses 2019-12-19 12:08:07 +01:00
Erik Wilson 6875b11dd2 Fix identity_token -> identitytoken for containerd toml 2019-12-17 21:14:05 -07:00
Darren Shepherd 4acaa0740d Small dqlite fixes 2019-12-16 11:45:01 -07:00
Erik Wilson 97383868bd
Merge pull request #1186 from erikwilson/upgrade-k8s-1.17.0
Upgrade k8s  to v1.17.0
2019-12-16 09:40:38 -07:00
Erik Wilson e712cdf7e8
Merge pull request #1190 from erikwilson/wireguard-keepalive
Set Wireguard keepalive to 25 seconds
2019-12-16 09:40:11 -07:00
Erik Wilson 5679a8bd2f Update generated 2019-12-15 23:28:19 -07:00
Erik Wilson 76281bf731 Update k3s for k8s 1.17.0 2019-12-15 23:28:19 -07:00
Erik Wilson 814c302d7c
Merge pull request #955 from btashton/servicelb-sysctl
Enable ip forwarding on both all and default net config
2019-12-12 17:31:02 -07:00
Erik Wilson 7b62811f98 Set Wireguard keepalive to 25 seconds 2019-12-12 10:40:41 -07:00
Erik Wilson d4959d53af
Merge pull request #1182 from erikwilson/docker-pause-image
Allow --pause-image to set docker sandbox image also
2019-12-11 10:36:07 -07:00
Erik Wilson 2eacfa75cb
Merge pull request #1180 from erikwilson/cleanup-flannel-backend-help-text
Cleanup --flannel-backend help text
2019-12-11 10:35:50 -07:00
Erik Wilson 56b0743653
Merge pull request #1171 from dweomer/mutable-labels
Mutable --node-label values for server/agent sub-commands.
2019-12-11 10:35:27 -07:00
Erik Wilson c2be59e5f3
Allow udp protocol for service-lb ports
For #577
2019-12-11 10:34:11 -07:00
Brennan Ashton a952d5c32a Default device net config enables ip forwarding
The Linux kernel is inconsistent about how devconf is configured for new
network namespaces between ipv4 and ipv6. The behavior can also be
controlled via net.core.devconf_inherit_init_net in Linux 5.1+ so make
sure to enable forwarding on all and default for both ipv6 and ipv4.

This issue first came up testing on a yocto kernel that had this patch:
 ipv4: net namespace does not inherit network configurations

[0] https://www.kernel.org/doc/html/latest/admin-guide/sysctl/net.html#devconf-inherit-init-net
[1] https://lkml.org/lkml/2014/7/29/119

Signed-off-by: Brennan Ashton <brennana@jfrog.com>
2019-12-10 16:29:59 -08:00
Erik Wilson 2de93d70cf Allow --pause-image to set docker sandbox image also 2019-12-10 16:16:26 -07:00
Erik Wilson 11e4d01efe Cleanup --flannel-backend help text 2019-12-10 14:51:16 -07:00
Jacob Blain Christen 063efb25bb Mutable --node-label values for server/agent sub-commands.
Values passed in via the server/agent `--node-label` flag are treated as mutable. They are passed through to the kubelet just as before but after the kubelet comes up they are applied again. This allows for passing labels a k3s start-time that may be necessary for scheduling but may change from boot to boot, e.g. `k3os.io/version` after an upgrade.

Tested locallon on my amd64 workstation with the docker container.

Addresses #1119.
2019-12-09 16:40:15 -07:00
yuzhiquan 24869ddf21 remove []byte trans, handle func error 2019-11-28 19:26:45 +08:00
yuzhiquan 7cc0110081 fix typo 2019-11-28 19:24:19 +08:00
Erik Wilson ce3a03a16a
Merge pull request #1111 from dduportal/patch-1
Bump Traefik to 1.7.19
2019-11-26 15:29:57 -07:00
dduportal 9598a527a2 Regenerate bindata
Signed-off-by: dduportal <1522731+dduportal@users.noreply.github.com>
2019-11-26 17:21:22 +01:00
Guangbo Chen 8ff4c3c256 Update base pause image to rancher repo 2019-11-25 16:09:05 +08:00
galal-hussein 99b8222e8d Change storage to datastore 2019-11-15 21:52:07 -07:00
Darren Shepherd c2e7f9c7b0 Add logging parameters 2019-11-15 21:51:51 -07:00
Darren Shepherd 4e544bded2 Delete unused code 2019-11-15 21:51:51 -07:00
Darren Shepherd ff34c5c5cf Download cert/key to agent with single HTTP request
Since generated cert/keys are stored locally, each server has a different
copy.  In a HA setup we need to ensure we download the cert and key from
the same server so we combined HTTP requests to do that.
2019-11-15 21:51:51 -07:00
Erik Wilson 95ff805c98 Fix broken K3S_TOKEN env 2019-11-14 12:42:42 -07:00
Darren Shepherd 77703b90ff Don't ever change 10252/10251 ports
Kubernetes componentstatus check is hardcoded to 10252 and 10251
so we should never change these ports.  If you do componentstatus
will return error.
2019-11-13 18:20:57 -07:00
Erik Wilson d4151b7739 Add the --with-node-id flag to agent 2019-11-13 16:13:41 -07:00
Erik Wilson 670d4b4162
Merge pull request #914 from erikwilson/validation-utilities
Add check-config for system validation
2019-11-13 09:00:08 -07:00
Erik Wilson a73f8b1773 Update check-config.sh for k3s 2019-11-13 08:34:24 -07:00
Darren Shepherd 9a4df7c05c
Merge pull request #1058 from ibuildthecloud/master
Update kine/dynamiclistener
2019-11-13 15:31:48 +00:00
Darren Shepherd 6063317144 Add a couple more known SANs 2019-11-13 06:05:31 +00:00
Erik Wilson e4b3730fa2 Go DNS lookup order hack 2019-11-12 20:16:31 -07:00
Erik Wilson d383d1b47e
Merge pull request #1054 from erikwilson/sort-deployments
Use lexical (sorted) order for file deployments
2019-11-12 16:51:24 -07:00
Erik Wilson b298733b3f Use lexical (sorted) order for file deployments 2019-11-12 16:05:09 -07:00
Erik Wilson 55c05ac500 Refactor node password location 2019-11-12 15:30:34 -07:00
Erik Wilson eff502342a Fix node-passwd on upgrade missing 3 columns 2019-11-12 13:16:05 -07:00
Darren Shepherd 3e213d1347 Allow --debug to be set with K3S_DEBUG env var 2019-11-12 08:22:48 +00:00
Darren Shepherd 668fcf7e83 Fix broken --cluster-reset 2019-11-12 01:12:24 +00:00
Darren Shepherd b2439788d7 Reduce logging in dqlite 2019-11-12 01:12:24 +00:00
Darren Shepherd 0ae20eb7a3 Support both http and db based bootstrap 2019-11-12 01:12:24 +00:00
Darren Shepherd 3f5fb70116 Move server arguments to experimental for dqlite related 2019-11-12 01:12:24 +00:00
Darren Shepherd 29b270dce6 Wait for apiserver to be health, not just running 2019-11-12 01:09:33 +00:00
Darren Shepherd e2431bdf9d Add dqlite support 2019-11-10 03:49:56 +00:00
Darren Shepherd 53d3ab074c Shrink k3s wrapper binary 2019-11-08 21:35:58 +00:00
Darren Shepherd 91cacb3a14 Fix server join issues 2019-11-08 21:35:58 +00:00
Erik Wilson e9a11c7cc4 Update generated code 2019-11-05 14:34:09 -07:00
Erik Wilson 47a94637dc Move metrics-server manifests to sub-directory 2019-11-05 14:30:50 -07:00
Erik Wilson 01f6e0e64e Add context to server daemon functions that wait 2019-11-05 11:06:07 -07:00
larmog 7aa3d08385 Wait for api-server to report version after starting 2019-11-05 11:05:22 -07:00
Erik Wilson c4eb6ea3ef Update generated data 2019-11-05 10:11:21 -07:00
Erik Wilson 0fef39de65 Add default multi-arch metrics-server deployment 2019-11-05 10:11:08 -07:00
Erik Wilson 931f63073f
Merge pull request #899 from mrueg/coredns-ready
coredns: Add readinessProbe
2019-11-04 14:25:45 -07:00
Erik Wilson 2bbc356f65
Merge pull request #1008 from erikwilson/ip6-system-setup
Improve ip6 system setup & utilities
2019-11-04 14:24:55 -07:00
Erik Wilson afa9422ad9 Improve ip6 system setup & utilities 2019-11-04 11:35:14 -07:00
Darren Shepherd 609c5e5f51 Update generated code 2019-10-30 19:08:26 -07:00
Darren Shepherd ba240d0611 Refactor tokens, bootstrap, and cli args 2019-10-30 19:06:49 -07:00
Manuel Rüger e8ca18ab2b coredns: Add readinessProbe 2019-10-29 11:51:36 +01:00
Erik Wilson 8a8fa8a351 Update go generated data 2019-10-28 16:10:36 -07:00
YAMAMOTO Takashi 4970d6133f Propagate DisableAgent flag
The recent setMasterRoleLabel stuff uses it.
2019-10-28 14:43:53 +09:00
Erik Wilson f648a64ee3
Merge pull request #923 from AkihiroSuda/fix-rootless-kubelet-flags
rootless: add kubelet flags automatically
2019-10-25 01:40:06 -07:00
Akihiro Suda aafccdbccb rootless: add kubelet flags automatically
Fix https://github.com/rancher/k3s/issues/784

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2019-10-25 17:10:14 +09:00
Erik Wilson ad4ea681ce Hide the --disable-agent flag 2019-10-24 21:51:58 -07:00
Erik Wilson 1cd3786a6a
Merge pull request #952 from btashton/bump-klipper-lb
Bump klipper-lb version
2019-10-24 21:30:06 -07:00
Brennan Ashton af7dc09f5c Bump klipper-lb version
Signed-off-by: Brennan Ashton <brennana@jfrog.com>
2019-10-24 14:01:47 -07:00
Erik Wilson aed163b338 Remove trailing whitespace trimming from containerd template 2019-10-23 08:02:07 -07:00
Erik Wilson 2ff2baba49
Merge pull request #913 from erikwilson/kube-router-network-policy
Add network policy support
2019-10-18 16:14:18 -07:00
Erik Wilson da3a7c6bbc Add network policy controller 2019-10-18 16:11:42 -07:00
Erik Wilson 1df72d14b8 Cleanup containerd config template spacing 2019-10-18 12:34:27 -07:00
Erik Wilson 90df4a1921 Use containerd-shim-run-v2 2019-10-18 12:34:27 -07:00
Erik Wilson 12307a4a69 Fallback to /etc/strongswan for config
Needed for docker image
2019-10-17 22:38:48 -07:00
Darren Shepherd 30c14a4db6
Merge pull request #901 from erikwilson/default-kubelet-dir
Use default kubelet directory
2019-10-17 16:49:11 -07:00
Erik Wilson 0ee586c233
Merge pull request #894 from galal-hussein/fix_master_label_ha
Fix Master label in HA setups
2019-10-16 16:31:12 -07:00
Erik Wilson 265181715a
Merge pull request #892 from iwilltry42/master
[Enhancement] include subdirectories for auto-deploy manifests
2019-10-16 16:30:35 -07:00
Erik Wilson 9e14d3e470
Merge pull request #851 from MagnaXSoftware/switch-string-slice
Add comma-separated no-deploy values
2019-10-16 16:00:46 -07:00
galal-hussein 7c60285435 Fix master role label in ha setups 2019-10-16 21:55:40 +02:00
Xavier Landreville 2f4a08c54d Add comma-separated no-deploy values
This allows no-deploy values to be either specified as multiple --no-deploy invocations,
or a single invocation with comma-separated values.
2019-10-16 15:51:04 -04:00
galal-hussein d2c1f66496 Add k3s cloud provider 2019-10-16 21:13:15 +02:00
Erik Wilson c72ef62d2c Use default kubelet directory 2019-10-15 10:47:03 -07:00
Thorsten Klein 50017c39a2 include subdirectories for auto-deploy manifests 2019-10-11 12:59:37 +02:00
Erik Wilson c12d2a1aea
Merge pull request #867 from galal-hussein/private_reg
Add private registry support to containerd
2019-10-10 14:35:37 -07:00
galal-hussein 436ff4ef63 fix cert rotation function 2019-10-10 03:35:32 +02:00
galal-hussein 5ccc880ddb Add private registry to containerd 2019-10-08 01:54:53 +02:00
Erik Wilson cac41db0e1
Merge pull request #816 from galal-hussein/default_local_storage
Add default storage class
2019-10-01 14:09:24 -07:00
galal-hussein 2dc5ba5bae Add certificate rotation 2019-09-30 18:34:58 +02:00
galal-hussein 56e0e5ad7e Add default local storage provisioner 2019-09-30 18:17:33 +02:00
Erik Wilson 6f7a1a70fa Label new flannel flags as experimental 2019-09-27 18:33:05 -07:00
Erik Wilson 0af32bba75 Use newest flannel API 2019-09-27 18:33:05 -07:00
Erik Wilson 999e40d6d3 Add strongswan utilities for ipsec 2019-09-27 18:26:39 -07:00
Erik Wilson 959acf9c92 Add --flannel-backend flag 2019-09-27 18:26:39 -07:00
Erik Wilson 359a77939c Enable hairpin mode 2019-09-27 18:26:39 -07:00
Erik Wilson 36fa425d45 Enable extension and ipsec flannel backends 2019-09-27 18:26:39 -07:00
Erik Wilson 3cd807a657 Add --flannel-conf flag 2019-09-27 18:26:39 -07:00
Darren Shepherd 8dcc09f7be Update generated code 2019-09-27 16:54:37 -07:00
galal-hussein b1891f445b Add master role label on startup 2019-09-27 23:04:24 +02:00
Erik Wilson db9540aa10 Bump CoreDNS to v1.6.3 2019-09-18 17:11:04 -07:00
Darren Shepherd 36ca606073
Merge pull request #793 from yamt/noderestriction
Add back NodeRestriction
2019-09-07 12:07:01 -07:00
Darren Shepherd df1f4551cb Update generated code 2019-09-05 15:16:44 -07:00
YAMAMOTO Takashi 9cf80eacd9 Add back NodeRestriction
It has been removed as a part of #764 for no obvious reasons.

Fix #791
2019-09-05 15:47:46 +09:00
Erik Wilson 197985c673 Add --kubelet-certificate-authority flag 2019-09-02 10:49:23 -07:00
Darren Shepherd 209acb58c1 Revert CSI patch 2019-08-31 22:39:24 -07:00
Darren Shepherd 8f597ba168 Don't run leader elections on controllers when no leader election 2019-08-28 20:53:40 -07:00
Darren Shepherd f0382329a5 Drop openapi hack 2019-08-28 20:53:39 -07:00
Darren Shepherd f34329f4f1 Wrong import 2019-08-28 20:53:39 -07:00
Darren Shepherd f57dd13774 Default kube-apiserver to httpsport + 1 2019-08-28 20:53:38 -07:00
Darren Shepherd 9c8b95be9d Drop unneeded prometheus imports 2019-08-28 20:53:37 -07:00
Darren Shepherd a51a2eaaad Add anonymous-auth=false and remove NodeRestriction 2019-08-28 20:53:37 -07:00
Darren Shepherd b24f214a50 Update to new cri-api import 2019-08-28 20:53:36 -07:00
Manuel Zapf 50227ff894 bump traefik version to 1.7.14 (#769)
* bump traefik version
2019-08-28 20:21:07 -07:00
Erik Wilson a5238098d1
Merge pull request #752 from carlosedp/patch-1
Enable metrics endpoint to Traefik
2019-08-26 21:26:02 -07:00
Erik Wilson 5679cfafaf
Merge pull request #707 from ibuildthecloud/pr683
Integrate Kine
2019-08-26 09:25:37 -07:00
Darren Shepherd 2cb6f52339 Disable storing bootstrap information by default 2019-08-24 22:27:24 -07:00
Carlos Eduardo 993e6a1950 Enable metrics endpoint to Traefik 2019-08-22 19:42:58 -03:00
Erik Wilson e6067314c9 Localhost -> 127.0.0.1 2019-08-22 11:56:00 -07:00
galal-hussein 1ae0c540d7 Refactor bootstrap, move kine startup code to kine, integrate kine 2019-08-22 09:14:43 -07:00
Erik Wilson a76ca2e887 Remove hostname requirement in `/etc/hosts` 2019-08-21 22:56:20 -07:00
William Zhang 458cea6633 Update traefik to 1.7.12
Signed-off-by: William Zhang <warmchang@outlook.com>
2019-08-20 02:35:07 +00:00
Darren Shepherd 99716deb08
Merge pull request #705 from yamt/cg
Appease kubelet warnings on docker for mac
2019-08-15 17:13:14 -07:00
Darren Shepherd 63dfc168d7
Merge pull request #718 from erikwilson/log-update
Cleanup logging
2019-08-15 17:12:29 -07:00
William Zhang bdb8550638 🔧 jteeuwen/go-bindata --> go-bindata/go-bindata
Signed-off-by: William Zhang <warmchang@outlook.com>
2019-08-12 03:24:03 +00:00
Erik Wilson c849525a27
Merge pull request #722 from erikwilson/debug-lb-logs
Change load balancer logging to debug
2019-08-09 14:12:31 -07:00
Erik Wilson 98254a3412 Change load balancer logging to debug 2019-08-08 10:48:11 -07:00
Erik Wilson 30e050a692 Cleanup logging 2019-08-07 22:45:54 -07:00
Erik Wilson 3c342e22a6 Fix panic in node controller 2019-08-06 10:42:42 -07:00
YAMAMOTO Takashi fc8eddae29 Appease kubelet warnings on docker for mac
On my environment, the name=systemd entry in /proc/self/cgroup
looks like:

	13:name=systemd:/docker/917b388b40c70b17a3283d852d38bfcdc84d1bf8242e32a779eacd98a610e499

Kubelet periodically complains like:

	E0802 06:42:52.667123       1 summary_sys_containers.go:47] Failed to get system container stats for "/docker/917b388b40c70b17a3283d852d38bfcdc84d1bf8242e32a779eacd98a610e499/kube-proxy": failed to get cgroup stats for "/docker/917b388b40c70b17a3283d852d38bfcdc84d1bf8242e32a779eacd98a610e499/kube-proxy": failed to get container info for "/docker/917b388b40c70b17a3283d852d38bfcdc84d1bf8242e32a779eacd98a610e499/kube-proxy": unknown container "/docker/917b388b40c70b17a3283d852d38bfcdc84d1bf8242e32a779eacd98a610e499/kube-proxy"
2019-08-02 16:22:51 +09:00
Erik Wilson c170115c54
Merge pull request #676 from erikwilson/go-proxy
Add go load-balancing proxy
2019-08-01 16:03:41 -07:00
Erik Wilson 5deef13086
Merge pull request #687 from yamt/cacerts
Simplify startWrangler a bit
2019-08-01 16:01:42 -07:00
Erik Wilson be0cc6e943
Merge pull request #690 from erikwilson/regenerate-certs-on-ca-change
Regenerate server certs if CA changed
2019-08-01 15:59:54 -07:00
Erik Wilson 739e4214bd
Merge pull request #693 from yamt/insecure-bootstrap
Fix bootstrap with non-tls etcd
2019-07-31 14:18:35 -07:00
Erik Wilson 506d8cdcc3
Merge pull request #691 from erikwilson/early-return-routes
Fix missing early returns on routes
2019-07-31 14:12:09 -07:00
YAMAMOTO Takashi d78701acb1 Fix bootstrap with non-tls etcd 2019-07-31 16:14:13 +09:00
Erik Wilson fdb997b4ee Fix missing early returns on routes 2019-07-30 15:44:34 -07:00
Erik Wilson a74d9e5282 Regenerate server certs if CA changed 2019-07-30 14:55:25 -07:00
Erik Wilson a17e336993 Use go tcpproxy 2019-07-30 09:53:15 -07:00
YAMAMOTO Takashi 88e668cf6f Simplify startWrangler a bit
We no longer make dynamiclistener generate CA certs.
2019-07-30 10:16:45 +09:00
YAMAMOTO Takashi 07eeb56d81 Remove pkg/proxy which is no longer used 2019-07-29 12:49:13 +09:00
YAMAMOTO Takashi 35d972fd72 Sort args to make log outputs a bit more deterministic 2019-07-24 13:16:41 +09:00
Erik Wilson 1833b65fcd
Merge pull request #647 from yamt/remove-proxy-port
Remove agent proxy config which is no longer used
2019-07-23 15:51:51 -07:00
Erik Wilson e1162c7cfa Update agent to notify systemd 2019-07-18 06:40:39 -07:00
Erik Wilson 8ce509ee6b Cleanup tunnel logs 2019-07-18 05:00:07 -07:00
Erik Wilson 23b0797578 Add context to tunnel connect 2019-07-17 18:15:15 -07:00
Erik Wilson b93b4732eb Start endpoint tunnel watch before waiting 2019-07-17 17:13:40 -07:00
Erik Wilson 2d32337334
Merge pull request #650 from erikwilson/update-bootstrap
Bootstrap node key files & fix permissions
2019-07-17 14:22:05 -07:00
Erik Wilson 2f4d2838ea Bootstrap node key files & fix permissions 2019-07-17 13:57:33 -07:00
YAMAMOTO Takashi dc4ebd4c67 Remove agent proxy config which is no longer used 2019-07-17 18:05:16 +09:00
YAMAMOTO Takashi f6a04ea995 Add a few comments in bootstrap.go 2019-07-17 16:25:34 +09:00
Erik Wilson f6701bbe99
Merge pull request #634 from erikwilson/enforce-type-on-bootstrap
Enforce explicit read or write for bootstrap
2019-07-14 00:52:37 -07:00
Erik Wilson fdc1427317 Add more logs for bootstrap 2019-07-14 00:49:08 -07:00
Erik Wilson e77dc568bb Cleanup tunnel 2019-07-14 00:29:21 -07:00
Erik Wilson 34fc4d0336
Merge pull request #629 from erikwilson/update-remotedialer
Update remotedialer & tunnel logs
2019-07-12 16:22:10 -07:00
Erik Wilson 131f3bec44
Merge pull request #619 from erikwilson/node-ip-from-flannel-iface
Default node-ip from flannel-iface
2019-07-12 16:21:05 -07:00
Erik Wilson e79fda96d2 Enforce explicit read or write for bootstrap 2019-07-12 16:18:53 -07:00
Erik Wilson a1ce08d4f1 Default node-ip from flannel-iface 2019-07-12 15:46:36 -07:00
Erik Wilson 7e6664b684 Add resource version to tunnel endpoint watch 2019-07-12 15:38:49 -07:00
Erik Wilson 034a863696 Cleanup remotedialer tunnel logs 2019-07-12 15:38:49 -07:00
Erik Wilson 403e73ab1c
Merge pull request #633 from ibuildthecloud/wrangler
Update wrangler
2019-07-12 11:11:36 -07:00
Darren Shepherd 37a60b18ca Update wrangler 2019-07-12 10:21:15 -07:00
Darren Shepherd dbb7b04c3d Add option to disable scheduler 2019-07-12 09:59:03 -07:00
Erik Wilson 185a8dca13
Merge pull request #615 from erikwilson/master
Use watch-cache for kvsql
2019-07-07 14:46:08 -07:00
Erik Wilson ad11ba583f Use watch-cache for kvsql 2019-07-07 14:43:43 -07:00
Erik Wilson c32e6469a8 Revert "Merge pull request #607 from dramich/mockgen"
This reverts commit cb306b9378, reversing
changes made to ebb12c74c6.
2019-07-07 14:41:19 -07:00
Erik Wilson e0212144e8 Tunnel agent to all servers
Watch the kubernetes endpoints to create a tunnel to all servers.
2019-07-03 13:11:54 -07:00
Dan Ramich 3d50502cae Generated changes 2019-07-02 15:52:42 -07:00
Dan Ramich 760dd6b655 Disable mock generation 2019-07-02 15:36:43 -07:00
Erik Wilson 11a4c71f28 Use watch-cache for etcd3 backend 2019-07-01 14:09:25 -07:00
Erik Wilson 853708c8ba
Merge pull request #591 from erikwilson/add-ctr
Build & enable ctr with k3s server
2019-06-30 13:06:00 -07:00
Erik Wilson 24b73403c7 Cleanup bootstrap 2019-06-30 12:39:54 -07:00
Erik Wilson ed72856d27 Build & enable ctr with k3s server 2019-06-30 09:30:25 -07:00
Erik Wilson 8d979d675e Add tls support for etcd cert storage backend 2019-06-30 08:28:42 -07:00
Erik Wilson 4b540f8d94 Cleanup command help text 2019-06-28 18:18:03 -07:00
galal-hussein 37582b6fac Add cert storage backend flag 2019-06-28 20:47:21 +02:00
galal-hussein 28d9d83be2 Add k3s HA bootstrap 2019-06-27 21:00:43 +02:00
Erik Wilson 7090a7d551 Move node password to separate file 2019-06-25 15:04:04 -07:00
Erik Wilson 29865fd9c9 Remove agent proxy 2019-06-25 15:04:04 -07:00
Erik Wilson c9b62c9a90 Remove CA Certs/Key from listenerconfig storage 2019-06-25 15:04:04 -07:00
Erik Wilson 93f6690f26 Graceful upgrade token to server CA 2019-06-25 15:04:04 -07:00
Erik Wilson 1e035820bf Generated data 2019-06-25 15:04:04 -07:00
Erik Wilson 2c9444399b Refactor certs 2019-06-25 15:04:04 -07:00
Darren Shepherd 30c3c42f93 Add missing ConfigMap cache to helm apply 2019-06-19 13:32:14 -07:00
galal-hussein 94b5a22dda Disable the svclb controller nodeploy for svclb is passed 2019-06-18 23:05:16 +02:00
Darren Shepherd e0d2bd3e2d Merge branch 'pr505' 2019-06-14 13:28:19 -07:00
Darren Shepherd 9f4e43fea6
Merge pull request #506 from AkihiroSuda/bump-up-rootlesskit
rootless: use built-in port driver
2019-06-14 13:23:14 -07:00
Erik Wilson 2b44679352 Generated data 2019-06-14 09:37:59 -07:00
galal-hussein 17d8708ca5 Add storage backend flags 2019-06-12 00:48:47 +02:00
Akihiro Suda 5a51a8de45 rootless: use built-in port driver
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2019-05-29 15:01:38 +09:00
Akihiro Suda 490d6aefe0 rootless: fix mounting /var/lib/cni
k3s was unable to start up when /var/lib/cni is missing on the host.

Fix https://github.com/rancher/k3s/issues/470

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2019-05-29 14:04:28 +09:00
Erik Wilson 199f673676
Merge pull request #479 from galal-hussein/add_storage_backend_options
Add MySQL and Postgress support
2019-05-28 16:57:38 -07:00
Darren Shepherd 7ee554013a Update generated code 2019-05-26 22:35:57 -07:00
Darren Shepherd d94a346a1e Switch to wrangler-api and helm-controller 2019-05-26 22:32:24 -07:00
Darren Shepherd c0702b0492 Port to wrangler 2019-05-26 22:28:50 -07:00
Darren Shepherd 16f7aaab66 Update vendor 2019-05-25 23:44:33 -07:00
Darren Shepherd 4b4dd1b59b
Merge pull request #454 from galal-hussein/node_labels_taints
Expose node labels and taints and add node roles
2019-05-25 00:39:55 +02:00
Darren Shepherd a999cd43aa
Merge pull request #459 from galal-hussein/check_time
Check if server time before 1/1/1970
2019-05-25 00:38:53 +02:00
Darren Shepherd 0c18c5a92a
Merge pull request #461 from galal-hussein/fix_alternate_kubeconfig
Create symlink for kubeconfig when --write-kubeconfig is selected
2019-05-25 00:38:18 +02:00
Darren Shepherd 06b1acb324
Merge pull request #460 from galal-hussein/kubeconfig_readable
change permissions of kubeconfig and issue warning with kubectl wrapper
2019-05-25 00:36:30 +02:00
galal-hussein e9cd8adbf6 Add Storage endpoint option 2019-05-16 01:05:24 +02:00
galal-hussein 4c6cf29e02 Create symlink for kubeconfig when --write-kubeconfig is selected 2019-05-10 21:08:28 +02:00
galal-hussein 483df6fd82 Check if server time before 1/1/1980
Check
2019-05-10 20:29:42 +02:00
Wenxuan Zhao f0f57c1e44
Allow using built-in modules
Signed-off-by: Wenxuan Zhao <viz@linux.com>
2019-05-09 12:23:33 -07:00
galal-hussein 36bab003a3 Make kubeconfig not world readable and issue warning with kubectl wrapper 2019-05-09 00:54:52 +02:00
galal-hussein 930093dfe9 Expose node labels and taints and add node roles 2019-05-08 01:47:07 +02:00
Erik Wilson b0e4228609
Merge pull request #434 from galal-hussein/add_no_proxy
Add no_proxy env to server
2019-05-03 15:20:13 -07:00
Erik Wilson f7376ad979
Update proxy environment for helm controller
Add lowercase no_proxy and all_proxy/ALL_PROXY to environment for helm
2019-05-03 11:10:42 -07:00
galal-hussein d9f958ceeb Add no_proxy environment to server 2019-05-03 19:44:30 +02:00
haokang.ke 52f845ec84 Make pause image configurable (#345) 2019-05-03 10:36:12 -07:00
Darren Shepherd ea94b1af77
Merge pull request #433 from erikwilson/fix-0.5.0-cert-upgrade-bug
Force upgrade of token node cert
2019-05-03 10:35:36 -07:00
Darren Shepherd 5c62dcbb4b
Merge pull request #435 from galal-hussein/svclb_upgrade
handle old service lb deployments
2019-05-03 10:34:12 -07:00
galal-hussein 1e33142f29 handle old service lb deployments 2019-05-03 14:51:02 +02:00
galal-hussein 5d8d9e610b Add timeout to hostname check 2019-05-03 14:41:08 +02:00
Erik Wilson d5ce19caae Force upgrade of token node cert 2019-05-02 16:22:42 -07:00
Darren Shepherd 4ec051d032
Merge pull request #422 from galal-hussein/use_cni_with_docker
Add cni plugin to kubelet if docker is used
2019-05-02 10:45:34 -07:00
Darren Shepherd 9005fd5176
Merge pull request #423 from galal-hussein/change_threshold
Change the stderr threshold for cli
2019-05-02 10:45:21 -07:00
galal-hussein 7e1699cda0 Check if hostname is resolvable before running agent 2019-05-01 22:54:05 +02:00
galal-hussein fae6df0df0 Change the stderr threshold for cli 2019-05-01 05:23:32 +02:00
galal-hussein 191ac9371a Add cni plugin to kubelet if docker is used 2019-04-30 22:12:02 +02:00
Darren Shepherd 2950e81c23
Merge pull request #371 from warmchang/nf_conntrack
🔧 modprobe nf_conntrack
2019-04-26 16:01:13 -07:00
Darren Shepherd 9db91d7de3
Merge pull request #369 from erikwilson/node-dns
Node DNS & cert registration
2019-04-26 16:00:31 -07:00
Darren Shepherd 875ba289de
Merge pull request #375 from galal-hussein/schedule_svclb
Add node selector to service loadbalancer controller
2019-04-26 15:58:33 -07:00
Darren Shepherd 50f405ddfd
Merge pull request #376 from galal-hussein/fix_kubeletarg
Fix extra argument with multiple =
2019-04-26 15:57:16 -07:00
Erik Wilson c9941895d6 Bind kubelet to all interfaces and use webhook auth 2019-04-26 15:02:30 -07:00
galal-hussein f293e14645 Use NodeSelector when node label is enabled 2019-04-26 20:20:11 +02:00
Erik Wilson 305b596745 Remove node OnCreate 2019-04-26 10:50:33 -07:00
William Zhang 22bd3a3ce7 🔧 nf_conntrack module
Signed-off-by: William Zhang <zhang.wanmin@zte.com.cn>
2019-04-26 08:55:48 +08:00
galal-hussein 72d2edc0cb Fix extra argument with multiple = 2019-04-25 22:49:03 +02:00
Darren Shepherd 9376c39adf
Merge pull request #381 from galal-hussein/containerd_tmpl
Add containerd config go template
2019-04-25 13:36:30 -07:00
galal-hussein bdf8a355e1 Add containerd config go template 2019-04-25 22:17:34 +02:00
Darren Shepherd 6a43f63c70
Merge pull request #388 from galal-hussein/pass_proxy_variable_to_helm
Add proxy env to helm controller
2019-04-25 11:33:26 -07:00
Erik Wilson f584197bba Save password as text file 2019-04-25 10:53:21 -07:00
galal-hussein b87684fcb9 Add proxy env to helm controller 2019-04-24 04:27:52 +02:00
Erik Wilson e64c0298f2 Add cert per-node password authentication 2019-04-23 11:02:35 -07:00
Erik Wilson 055a574fee Simplify DNS hosts creation 2019-04-22 16:13:16 -07:00
Erik Wilson 1b2db423de Add node name to node cert generation 2019-04-19 18:20:34 +00:00
Erik Wilson 37dd5cbfd2 Generated data 2019-04-17 22:44:46 +00:00
Erik Wilson 31cf2bc9ee Add coredns entries for nodes 2019-04-17 22:44:46 +00:00
galal-hussein c42ea5ec89 Skip any file with no yaml yml or json suffix 2019-04-18 00:13:11 +02:00
Darren Shepherd be24f837bb
Merge pull request #349 from erikwilson/missing-cgroup-pids-fix
Check for cgroup pids support
2019-04-15 15:52:07 -07:00
Erik Wilson 4bba04023d Check for cgroup pids support
If cgroup pids are not supported add a feature-gates flag
SupportPodPidsLimit=false for kubelet.
2019-04-15 22:26:50 +00:00
Darren Shepherd 0e3711b8b7
Merge pull request #339 from km4rcus/cluster-domain-option
Add --cluster-domain option
2019-04-15 10:06:07 -07:00
Darren Shepherd 08c3d0d4ef
Merge pull request #250 from yoink00/master
Allow flannel interface to be specified on the command line
2019-04-15 10:01:22 -07:00
Stuart Wallace 2268e028a2 Add ability to override flannel interface 2019-04-12 21:06:43 +01:00
Marco Mancini b445bad171 Add --cluster-domain option 2019-04-12 08:06:35 +02:00
galal-hussein e5d8d72e59 Fix comment of bind address 2019-04-12 02:30:49 +02:00
Erik Wilson c48739206a Enable aggregation layer
Configure kube-apiserver, kubelets, and kube-proxy for use with
aggregation layer in order for metrics-server deployment to function
correctly.
2019-04-11 22:43:31 +00:00
Darren Shepherd 046a817818 Add rootless support 2019-04-09 10:38:04 -07:00
galal-hussein 7794528aa1 Add extra flags for server and agent components 2019-04-09 08:20:38 +02:00
Darren Shepherd a11ac8cc40 Pull in parallel for CRI 2019-04-08 22:50:59 -07:00
Darren Shepherd 8010a24c91 Update generated code for k8s 1.14 2019-04-08 22:50:59 -07:00
Darren Shepherd 841f8d29e6 Ensure CSI is initialized properly when running agent and server combined 2019-04-08 22:50:59 -07:00
Darren Shepherd 3c7e103085 Updates for k8s 1.14 2019-04-08 22:50:59 -07:00
Darren Shepherd 9e80177443
Merge pull request #289 from galal-hussein/add_bind_address
Add bind address server config
2019-04-08 22:36:58 -07:00
galal-hussein e8c5b2498c Change address to bind-address for scheduler and api 2019-03-31 14:55:56 +02:00
galal-hussein d255574150 Add bind address server config 2019-03-31 02:10:23 +02:00
Erik Wilson bb14bcb595 Update generated data 2019-03-26 23:13:54 +00:00
Erik Wilson a4df9f4ab1 Kubelet resolv.conf DNS update
Allow the kubelet resolv-conf flag to be set, or automatically
discovered from /etc/resolv.conf & /run/systemd/resolve/resolv.conf if
no loopback devices are present, or create our own which points to
nameserver 8.8.8.8
2019-03-26 23:13:54 +00:00
Erik Wilson 1d61576e54 Fix linting issues 2019-03-25 16:04:29 -07:00
Darren Shepherd 4463408819
Merge pull request #239 from takmatsu/add-hosts
Add tls-san flag
2019-03-25 09:54:21 -07:00
Darren Shepherd 9a57e6fd0f
Merge pull request #257 from mortenlj/master
Skip writing manifest when using `--no-deploy`
2019-03-25 09:51:16 -07:00
Erik Wilson 2768f559c1 Fix go fmt error 2019-03-24 12:19:05 -07:00
Morten Lied Johansen 9033891f88 Skip writing manifest when using `--no-deploy`
Instead of skipping the manifest when listing the directory, we now skip
creating it in the first place. This allows users to deploy manifests
that replaces the ones bundled, without having to come up with a new
name.

Fixes #230.
2019-03-23 22:22:58 +01:00
Takeaki Matsumoto 3a6b305455 Change flag name and type 2019-03-23 17:34:55 +00:00
Erik Wilson 9645048a57 Update klipper-helm version 2019-03-22 06:05:26 +00:00
Erik Wilson 8d57fbd430 Change klipper-helm to PullIfNotPresent
PullAlways ImagePullPolicy causes issues with offline/airgap support,
so only pull if image is not already present.
2019-03-22 00:10:29 +00:00
Erik Wilson e75e5171af Generated bin data 2019-03-20 18:35:25 +00:00
Erik Wilson ffcc9c0c9c Package static assets
Include static Helm assets in the build process needed for air-gap
2019-03-20 18:35:25 +00:00
Erik Wilson 608f3a4e80 Serve static assets
Provide a static assets route for use with helm or other air-gap needs.
2019-03-20 00:24:27 +00:00
Takeaki Matsumoto 9551e1db21 Add advertise-address flag
In NAT or LB environment,
we need not just the certs for local ip, but also additional ips.
advertise-address flag enables to add optional ips.
2019-03-18 08:26:23 +00:00
Darren Shepherd 8649243d34
Merge pull request #229 from epicfilemcnulty/Skip-empty-yaml-objects
Do not process empty yaml objects (fixes #222)
2019-03-17 13:01:40 -07:00
Erik Wilson 7e1abf28f1 Short port names for service load balancer
If a port name is longer than 15 characters we are unable to create
the associated service load balancer containers. Use our own short
name of `lb-port-{port}` to avoid naming issues.

For rancher/k3s/issues/90
2019-03-14 18:53:00 +00:00
Vladimir Zorin d1348b9898 Trim whitespaces before checking if line is empty or comment 2019-03-14 14:12:02 +02:00
Vladimir Zorin 567532d74d Do not process empty yaml objects (fixes #222) 2019-03-14 13:36:26 +02:00
Darren Shepherd 2771ae1ba9
Merge pull request #184 from ibuildthecloud/default-ns
Assign default namespace if not set in manifests
2019-03-07 13:04:50 -07:00
Darren Shepherd 937b379605
Merge pull request #183 from ibuildthecloud/helm
Various helm fixes
2019-03-07 13:04:42 -07:00
Darren Shepherd 9a862610ac
Merge pull request #177 from erikwilson/systemd-notify
Enable systemd ready notification for k3s server
2019-03-07 13:04:34 -07:00
Darren Shepherd a649983228 Any change to helm chart values or values.yaml should upgrade 2019-03-07 13:01:21 -07:00
Darren Shepherd 769c1d5415 Fix manifest polling 2019-03-07 13:01:21 -07:00
Darren Shepherd bef4115657 Assign default namespace if not set in manifests 2019-03-07 13:00:35 -07:00
Darren Shepherd 6e28ede2f8 Fix containerd debug log env var 2019-03-07 11:20:58 -07:00
Darren Shepherd fe9a5b1601 Remove spurious error on start 2019-03-07 10:25:21 -07:00
Erik Wilson 107b5f3985 Enable systemd ready notification for k3s server
Disables k8s generic api server systemd ready notification and send
our own ready notification after server available and kubeconfig
available.

Make sure we unset the NOTIFY_SOCKET environment variable by passing
`true` to SdNotify so the agent can start containers.
2019-03-07 09:54:04 -07:00
Darren Shepherd 2f3da6af94
Merge pull request #175 from ldez/refactor/load-images
refactor: creates preloadImages function.
2019-03-07 09:46:27 -07:00
Fernandez Ludovic e59bd5d489 refactor: creates loadImages function. 2019-03-07 01:45:52 +01:00
Vladimir Zorin 392cfb1231 Add basic templating support for manifests 2019-03-07 01:22:55 +02:00
Vladimir Zorin 44cce9a76f Set ClusterDNS to ServiceCIDR network address + 10 when cluster-dns is not provided 2019-03-06 20:41:07 +02:00
Vladimir Zorin 7ad03ad8b0 Add cluster-dns server arg support 2019-03-06 13:16:04 +02:00
Vladimir Zorin b8c3ff1dab Add --service-cidr server arg support 2019-03-06 12:37:03 +02:00
Adam Liddell b430513abf Enforce lower case hostname for node, references #160 2019-03-05 18:34:24 +00:00
Darren Shepherd 4475456a83
Update pkg/agent/config/config.go
Co-Authored-By: juliens <julien.salleyron@gmail.com>
2019-03-04 23:23:17 +01:00
Julien Salleyron 164b89bce4 fix review. 2019-03-04 21:46:37 +01:00
Julien Salleyron 1895eec684 Preload images 2019-03-04 21:34:24 +01:00
Darren Shepherd 0414f97c78 Revert "Enable systemd ready notification for k3s server"
This reverts commit c73e9187bb.
2019-03-04 13:18:20 -07:00
Darren Shepherd 49d0f20e5b
Merge pull request #110 from ibuildthecloud/tokenfile
Add --token-file support
2019-03-04 10:13:31 -07:00
Darren Shepherd ef4e34b289 Remove dead code 2019-03-04 10:10:17 -07:00
Darren Shepherd 8acc17fcf3
Merge branch 'master' into tokenfile 2019-03-04 10:10:01 -07:00
Darren Shepherd 70e6ca4ab8 Support external CRI implementations 2019-03-04 10:08:12 -07:00
Darren Shepherd 3d113ceb2d Add agent command to server command 2019-03-04 10:08:12 -07:00
Darren Shepherd 964cebb070 Don't return object because double update might revert IP change 2019-03-04 10:08:03 -07:00
Thorsten Schifferdecker 2c398c5d5f Update server.go
fallback to the old --address part and enable the non-tls port to make healthz happy
2019-03-04 10:07:30 -07:00
Thorsten Schifferdecker 35cfc717d3 fix missing "," 2019-03-04 10:07:30 -07:00
Thorsten Schifferdecker ee2fffb0ca make the controller-manager and scheduler usable for the
componentstatus.
Fixes #126

Signed-off-by: Thorsten Schifferdecker <schifferdecker@b1-systems.de>
2019-03-04 10:07:30 -07:00
Darren Shepherd 91f9472751 Add traefik to no-deploy help text 2019-03-04 10:07:10 -07:00
Darren Shepherd fdb51c9f53 Cleanup docker cgroup errors in kubelet 2019-03-04 10:06:59 -07:00
Darren Shepherd e5b7d36c55 Actually pass cluster-cidr on to server 2019-03-04 10:06:37 -07:00
Darren Shepherd e28e497168 Add --token-file support 2019-03-01 17:07:55 -07:00
Erik Wilson c73e9187bb Enable systemd ready notification for k3s server
Disables k8s generic api server systemd ready notification and send
our own ready notification after server available and kubeconfig
available.
2019-03-01 10:47:34 -07:00
Sean Duffy 10f1553564 fix 'fannel' typo. 2019-02-28 10:30:45 -07:00
Darren Shepherd cb5e425457 Set /proc/sys/net/ipv4/ip_forward on agent start 2019-02-23 22:43:59 -07:00
Darren Shepherd 828ce5a24a Disable watch caching, not needed for sqlite 2019-02-22 19:58:42 -07:00
Darren Shepherd b07727ae24 Move default config location to /etc/rancher/k3s/k3s.yaml 2019-02-19 09:53:41 -08:00
Darren Shepherd 8690a277ed Fix ingress 2019-02-14 11:27:26 -07:00
Darren Shepherd 01b3bb315e Fix version printing on startup 2019-02-07 21:45:31 -07:00
Darren Shepherd 56fae079e5 Update generated code 2019-02-07 21:45:31 -07:00
Darren Shepherd b6f9045eca Retry 1000 times on helm failure 2019-02-07 21:45:31 -07:00
Darren Shepherd 91002f1fee Fix looping on startup while installing addons 2019-02-07 21:45:31 -07:00
Darren Shepherd 5e1ce4aa42 Cache self-signed loopback cert on startup 2019-02-07 21:45:31 -07:00
Darren Shepherd af96c908da Disable proxy hostname checks 2019-02-07 21:45:31 -07:00
Darren Shepherd 04c5567346 Validate that memory cgroup exists 2019-02-07 21:45:31 -07:00
Darren Shepherd 8bdd86198c Fix dest port so it's the same as src port 2019-02-07 21:45:31 -07:00
Darren Shepherd 529aa431d1 Adjust debug logging and write containerd logs to a file 2019-02-07 21:45:31 -07:00
Darren Shepherd 3df9155d02 Monitor endpoint changes to trigger service-lb 2019-02-07 21:45:31 -07:00
Darren Shepherd 793ac4fb89 Add crictl 2019-02-07 21:45:31 -07:00
Darren Shepherd 84756df8a2 Only run two service-lb if there are more than 1 nodes ready 2019-02-04 22:04:33 -07:00
Darren Shepherd bd269f8d3e Update generated code 2019-02-04 16:47:53 -07:00
Darren Shepherd 1d666d9515 Add helm controller 2019-02-04 16:47:53 -07:00
Darren Shepherd e832588662 Add embedded service load balancer 2019-02-04 16:47:53 -07:00
Darren Shepherd 400225e73d Prepopulate known IPs in TLS 2019-02-04 16:47:53 -07:00
Darren Shepherd 529e22ef80 Disable leader election for now 2019-02-04 16:47:53 -07:00
Darren Shepherd 1826084b24 Add ping handler 2019-02-04 16:47:53 -07:00
Darren Shepherd 1502ad2530 Package serialized version of openapi 2019-01-25 22:09:46 -07:00
Darren Shepherd 93841ffbcb Support kubectl symlink and avoid data in home dir 2019-01-25 22:09:46 -07:00
Darren Shepherd 3f2a951564 Ensure that br_netfilter module is loaded 2019-01-25 22:09:46 -07:00
Darren Shepherd 84b6c461b9 Fix go vet issue 2019-01-24 10:52:04 -07:00
Darren Shepherd 6fa7f5b3ae Clean up build scripts
Switch binaries to armhf suffix to be more clean on the on
architecture
2019-01-24 10:51:37 -07:00
Darren Shepherd 287e0f44c9 Prepare for initial release 2019-01-22 14:20:29 -07:00
Darren Shepherd 62c62cc7b4 Continued refactoring 2019-01-11 21:52:30 -07:00
Darren Shepherd 9bb7c27c62 Initial Commit 2019-01-01 01:23:01 -07:00