github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,922 Commits
33 Branches
860 Tags
624 MiB
Commit Graph

336 Commits (ba750e28b73ad7c69bc05e01fb30f87fa539762e)

Author SHA1 Message Date
Manuel Buil f2c7117374 Take IPFamily precedence based on order 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2023-09-29 11:04:15 +02:00
Manuel Buil 0b23a478cf ipFamilyPolicy:PreferDualStack for coredns and metrics-server 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2023-09-29 10:10:43 +02:00
Edgar Lee fe18b1fce9
Add --image-service-endpoint flag (#8279) 
* Add --image-service-endpoint flag

Problem:
External container runtime can be set but image service endpoint is unchanged
and also is not exposed as a flag. This is useful for using containerd
snapshotters outside of the ones that have built-in support like
stargz-snapshotter.

Solution:
Add a flag --image-service-endpoint and also default image service endpoint to
container runtime endpoint if set.

Signed-off-by: Edgar Lee <edgarhinshunlee@gmail.com>
 2023-09-27 13:20:50 -07:00
Manuel Buil 2a9e8e68d5
Merge pull request #8354 from manuelbuil/vpnExtraParams 
Add extraArgs to vpn provider
 2023-09-27 11:34:29 +02:00
Manuel Buil 4dd45b3142
Merge pull request #8439 from manuelbuil/fixGofmt 
Fix gofmt error
 2023-09-26 19:14:07 +02:00
Vitor Savian b6ab24c4fd
Added error when cluster reset while using server flag 
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
 2023-09-26 11:00:37 -03:00
Manuel Buil 172a7f1d1a Fix gofmt error 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2023-09-26 11:09:03 +02:00
Brad Davidson 002e6c43ee Reorganize Driver interface and etcd driver to avoid passing context and config into most calls 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-09-25 11:54:23 -07:00
Brad Davidson a3c52d60a5 Skip creating CRDs and setting up event recorder for CLI controller context 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-09-25 11:54:23 -07:00
Brad Davidson 391e61bd72 Use admin kubeconfig instead of supervisor for etcd snapshot CLI 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-09-25 11:54:23 -07:00
Manuel Buil 12459fca97 Add extraArgs to tailscale 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2023-09-25 17:04:50 +02:00
Manuel Buil 8c197bdce4 Include the interface name in the error message 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2023-09-25 07:55:49 +02:00
Brad Davidson cba9f0d142 Add new CLI flag to disable TLS SAN CN filtering 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-08-29 08:33:45 -07:00
Derek Nola 51f1a5a0ab Review comments and fixes 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-08-25 14:17:00 -06:00
Derek Nola 42c2ac95e2 CLI + Backend for Secrets Encryption v3 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-08-25 14:17:00 -06:00
Derek Nola ced330c66a
[v1.28] CLI Removal for v1.28.0 (#8203) 
* Remove deprecated flannel ipsec

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Remove multipart backend

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Fix secrets-encryption integration test flakiness

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-08-24 22:09:13 -07:00
Hussein Galal af50e1b096
Update to v1.28.0-k3s1 (#8199) 
* Update to v1.28.0

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Update golang to v1.20.7

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more changes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* update wrangler

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* update wrangler

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix nodepassword test

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix nodepassword test

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* disable CGO before running golangci-lint

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* execlude CGO Enabled checks

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Ignore reapply change error with logging

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Update google api client

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

---------

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
 2023-08-23 00:09:31 +03:00
Vitor Savian c97211866a
Fix for cluster-reset backup from s3 when etcd snapshots are disabled (#8155) 
* Fixed when the user disable the etcd snapshots, but want to backup from s3

Signed-off-by: Vitor <vitor.savian@suse.com>
 2023-08-10 12:23:10 -03:00
Manuel Buil 8c38d1169d
Merge pull request #8077 from manuelbuil/fixTailscale 
Fix tailscale bug with ip modes
 2023-08-02 11:42:20 +02:00
Derek Nola 46cbbab263
Consolidate CopyFile functions (#8079) 
* Consolidate CopyFile function

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Copy to File, not destination folder

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-08-01 08:55:34 -07:00
Manuel Buil 59eec78c62 Fix tailscale bug with ip modes 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2023-08-01 09:43:25 +02:00
Derek Nola 0b18a65d4f
Revert "Warn that v1.28 will deprecate reencrypt/prepare (#7848)" 
This reverts commit 4ab01f3941.

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-07-14 12:38:33 -07:00
Denys Smirnov b9a2bf11ee Support setting control server URL for Tailscale. 
This change enables the use of Headscale - open source implementation of the Tailscale control server.

Signed-off-by: Denys Smirnov <dennwc@pm.me>
 2023-07-07 10:49:01 +03:00
Derek Nola 4ab01f3941
Warn that v1.28 will deprecate reencrypt/prepare (#7848) 
* Warn that v1.28 will deprecate reencrypt/prepare

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-07-06 12:34:51 -07:00
Manuel Buil 6c44b06e0a
Merge pull request #7838 from manuelbuil/ipv4ipv6tailscale 
Check if we are on ipv4, ipv6 or dualStack when doing tailscale
 2023-07-06 11:11:26 +02:00
LeiLei 72d50b1f7c
Add `--data-dir` to the `k3s certificate rotate-ca` cli (#7791) 
Need to add a cli flag for this. Also, should probably have config file loading support for the certificate commands.

Signed-off-by: leilei.zhai <leilei.zhai@qingteng.cn>
 2023-07-03 09:30:04 -07:00
Manuel Buil f21a01474d Check if we are on ipv4, ipv6 or dualStack when doing tailscale 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2023-07-03 10:48:59 +02:00
Vitor Savian 0809187cff
Adding cli to custom klipper helm image (#7682) 
Adding cli to custom klipper helm image

Signed-off-by: Vitor Savian <vitor.savian@suse.com>
 2023-06-28 15:31:58 +00:00
Manuel Buil 869e030bdd VPN PoC 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2023-06-09 12:39:33 +02:00
Derek Nola b0188f5a13
Test Coverage Reports for E2E tests (#7526) 
* Move coverage writer into agent and server
* Add coverage report to E2E PR tests
* Add codecov upload to drone

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-06-05 14:15:17 -07:00
Brad Davidson 64a5f58f1e Create new kubeconfig for supervisor use 
Only actual admin actions should use the admin kubeconfig; everything done by the supervisor/deploy/helm controllers will now use a distinct account for audit purposes.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-05-30 18:15:11 -07:00
Manuel Buil 437ad128c7 Migrate netutil methods into /utils/net.go 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2023-05-04 16:49:16 +02:00
Derek Nola d5f560360e
Handle multiple arguments with StringSlice flags (#7380) 
* Add helper function for multiple arguments in stringslice

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Cleanup server setup with util function

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-05-02 09:55:48 -07:00
Brad Davidson 31a6386994 Improve egress selector handling on agentless servers 
Don't set up the agent tunnel authorizer on agentless servers, and warn when agentless servers won't have a way to reach in-cluster endpoints.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-04-28 11:24:34 -07:00
Derek Nola bc5b42c279
Cleanup help messages (#7369) 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-04-27 13:36:11 -07:00
Derek Nola 944f811dc5
v1.27.1 CLI Deprecation (#7311) 
* Remove Flannel Wireguard
* Remove etcd-snapshot (implicit save)
* Convert ipsec and multiple backend to fatal

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-04-19 12:02:05 -07:00
Roberto Bonafiglia 15ee88964b Added multiClusterCidr feature 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2023-03-14 18:30:52 +01:00
Brad Davidson 23d98cec22 Fix CACertPath stripping trailing path components 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-14 09:39:41 -08:00
Brad Davidson 3d146d2f1b Allow for multiple sets of leader-elected controllers 
Addresses an issue where etcd controllers did not run on etcd-only nodes

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-10 10:46:48 -08:00
Brad Davidson 32d62c5786 Use default address family when adding kubernetes service address to SAN list 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-09 15:17:21 -08:00
Byron Ruth a92f163c9d
Add NATS to the list of supported data stores (#6876) 
Signed-off-by: Byron Ruth <byron@nats.io>
 2023-02-08 09:37:23 -08:00
Brad Davidson 992e64993d Add support for kubeadm token and client certificate auth 
Allow bootstrapping with kubeadm bootstrap token strings or existing
Kubelet certs. This allows agents to join the cluster using kubeadm
bootstrap tokens, as created with the `k3s token create` command.

When the token expires or is deleted, agents can successfully restart by
authenticating with their kubelet certificate via node authentication.
If the token is gone and the node is deleted from the cluster, node auth
will fail and they will be prevented from rejoining the cluster until
provided with a valid token.

Servers still must be bootstrapped with the static cluster token, as
they will need to know it to decrypt the bootstrap data.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-07 14:55:04 -08:00
Brad Davidson 373df1c8b0 Add support for `k3s token` command 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-07 14:55:04 -08:00
Brad Davidson 215fb157ff Add `certificate rotate-ca` to write updated CA certs to datastore 
This command must be run on a server while the service is running. After this command completes, all the servers in the cluster should be restarted to load the new CA files.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-06 15:09:31 -08:00
Derek Nola 32086717fc
Ensure flag type consistency (#6852) 
* Convert all flags to pointers for consistency

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-01-31 12:57:48 -08:00
Akos Elek 9fcc7c0db8
Fix cronjob example (#6707) 
Related PR:
https://github.com/rancher/rke2-docs/pull/38

Signed-off-by: Akos Elek <akose73@tazerve.hu>
 2023-01-30 10:52:22 -08:00
Brad Davidson 8340b54309 Pass through default tls-cipher-suites 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-12 14:51:04 -08:00
Derek Nola b5d39df929
Deprecation of `etcd-snapshot` command in v1.26 (#6575) 
* Consolidate etcd snapshot commands
* Consolidate secrets encryption commands
* Move etcd-snapshot to fatal error stage.

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2022-12-05 15:28:01 -08:00
Derek Nola d723775792
Remove deprecated flags in v1.26 (#6574) 
* Remove NoFlannel
* Remove cluster-secret
* Remove no-deploy
* Remove disable-selinux
* Convert wireguard to fatal error
* Remove reference to no-op K3S_CLUSTER_SECRET

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2022-12-05 14:01:01 -08:00
Brad Davidson 2835368ecb Bump k3s-root and remove embedded strongswan support 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-01 12:40:40 -08:00