github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
3,012 Commits
33 Branches
867 Tags
626 MiB
Commit Graph

226 Commits (bbd68f3a507903442ea093ae5226a7026b307964)

Author SHA1 Message Date
Derek Nola 3190a5faa2
Remove rotate-keys subcommand (#9079) 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-12-20 12:26:41 -08:00
Hussein Galal 9411196406
Update flannel to v0.24.0 and remove multiclustercidr flag (#9075) 
* update flannel to v0.24.0

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* remove multiclustercidr flag

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

---------

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
 2023-12-20 00:25:38 +02:00
Hussein Galal 7101af36bb
Update Kubernetes to v1.29.0+k3s1 (#9052) 
* Update to v1.29.0

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Update to v1.29.0

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Update go to 1.21.5

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* update golangci-lint

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* update flannel to 0.23.0-k3s1

This update uses k3s' fork of flannel to allow the removal of
multicluster cidr flag logic from the code

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix flannel calls

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* update cri-tools to version v1.29.0-k3s1

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Remove GOEXPERIMENT=nounified from arm builds

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Skip golangci-lint

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Fix setup logging with newer go version

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Move logging flags to components arguments

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* add sysctl commands to the test script

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Update scripts/test

Signed-off-by: Brad Davidson <brad@oatmail.org>

* disable secretsencryption tests

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

---------

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
Signed-off-by: Brad Davidson <brad@oatmail.org>
Co-authored-by: Brad Davidson <brad@oatmail.org>
 2023-12-19 05:14:02 +02:00
Brad Davidson 08509a2a90 Allow setting default-runtime on servers 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-12-08 18:18:08 -08:00
Vitor Savian 03532f7c0b Added runtime classes for crun/wasm/nvidia 
Signed-off-by: Vitor Savian <vitor.savian@suse.com>

Added default runtime flag

Signed-off-by: Vitor Savian <vitor.savian@suse.com>
 2023-12-08 15:49:28 -03:00
chenk008 b47cbbfd42
add agent flag disable-apiserver-lb (#8717) 
* add node flag disable-agent-lb
* add agent flag disable-apiserver-lb

Co-authored-by: Brad Davidson <brad@oatmail.org>
Signed-off-by: chenk008 <kongchen28@gmail.com>
 2023-11-14 15:54:32 -08:00
Roberto Bonafiglia 1ffb4603cd Use IPv6 in case is the first configured IP with dualstack 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2023-10-13 10:23:31 +02:00
Derek Nola dface01de8
Server Token Rotation (#8265) 
* Consolidate NewCertCommands
* Add support for user defined new token
* Add E2E testlets

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Ensure agent token also changes

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-10-09 10:58:49 -07:00
Edgar Lee fe18b1fce9
Add --image-service-endpoint flag (#8279) 
* Add --image-service-endpoint flag

Problem:
External container runtime can be set but image service endpoint is unchanged
and also is not exposed as a flag. This is useful for using containerd
snapshotters outside of the ones that have built-in support like
stargz-snapshotter.

Solution:
Add a flag --image-service-endpoint and also default image service endpoint to
container runtime endpoint if set.

Signed-off-by: Edgar Lee <edgarhinshunlee@gmail.com>
 2023-09-27 13:20:50 -07:00
Manuel Buil 12459fca97 Add extraArgs to tailscale 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2023-09-25 17:04:50 +02:00
Brad Davidson cba9f0d142 Add new CLI flag to disable TLS SAN CN filtering 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-08-29 08:33:45 -07:00
Derek Nola 51f1a5a0ab Review comments and fixes 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-08-25 14:17:00 -06:00
Derek Nola 42c2ac95e2 CLI + Backend for Secrets Encryption v3 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-08-25 14:17:00 -06:00
Derek Nola ced330c66a
[v1.28] CLI Removal for v1.28.0 (#8203) 
* Remove deprecated flannel ipsec

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Remove multipart backend

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Fix secrets-encryption integration test flakiness

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-08-24 22:09:13 -07:00
Denys Smirnov b9a2bf11ee Support setting control server URL for Tailscale. 
This change enables the use of Headscale - open source implementation of the Tailscale control server.

Signed-off-by: Denys Smirnov <dennwc@pm.me>
 2023-07-07 10:49:01 +03:00
LeiLei 72d50b1f7c
Add `--data-dir` to the `k3s certificate rotate-ca` cli (#7791) 
Need to add a cli flag for this. Also, should probably have config file loading support for the certificate commands.

Signed-off-by: leilei.zhai <leilei.zhai@qingteng.cn>
 2023-07-03 09:30:04 -07:00
Vitor Savian 0809187cff
Adding cli to custom klipper helm image (#7682) 
Adding cli to custom klipper helm image

Signed-off-by: Vitor Savian <vitor.savian@suse.com>
 2023-06-28 15:31:58 +00:00
Manuel Buil 869e030bdd VPN PoC 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2023-06-09 12:39:33 +02:00
Derek Nola b0188f5a13
Test Coverage Reports for E2E tests (#7526) 
* Move coverage writer into agent and server
* Add coverage report to E2E PR tests
* Add codecov upload to drone

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-06-05 14:15:17 -07:00
Brad Davidson 64a5f58f1e Create new kubeconfig for supervisor use 
Only actual admin actions should use the admin kubeconfig; everything done by the supervisor/deploy/helm controllers will now use a distinct account for audit purposes.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-05-30 18:15:11 -07:00
Derek Nola bc5b42c279
Cleanup help messages (#7369) 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-04-27 13:36:11 -07:00
Derek Nola 944f811dc5
v1.27.1 CLI Deprecation (#7311) 
* Remove Flannel Wireguard
* Remove etcd-snapshot (implicit save)
* Convert ipsec and multiple backend to fatal

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-04-19 12:02:05 -07:00
Roberto Bonafiglia 15ee88964b Added multiClusterCidr feature 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2023-03-14 18:30:52 +01:00
Byron Ruth a92f163c9d
Add NATS to the list of supported data stores (#6876) 
Signed-off-by: Byron Ruth <byron@nats.io>
 2023-02-08 09:37:23 -08:00
Brad Davidson 373df1c8b0 Add support for `k3s token` command 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-07 14:55:04 -08:00
Brad Davidson 215fb157ff Add `certificate rotate-ca` to write updated CA certs to datastore 
This command must be run on a server while the service is running. After this command completes, all the servers in the cluster should be restarted to load the new CA files.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-06 15:09:31 -08:00
Derek Nola 32086717fc
Ensure flag type consistency (#6852) 
* Convert all flags to pointers for consistency

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-01-31 12:57:48 -08:00
Akos Elek 9fcc7c0db8
Fix cronjob example (#6707) 
Related PR:
https://github.com/rancher/rke2-docs/pull/38

Signed-off-by: Akos Elek <akose73@tazerve.hu>
 2023-01-30 10:52:22 -08:00
Derek Nola b5d39df929
Deprecation of `etcd-snapshot` command in v1.26 (#6575) 
* Consolidate etcd snapshot commands
* Consolidate secrets encryption commands
* Move etcd-snapshot to fatal error stage.

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2022-12-05 15:28:01 -08:00
Derek Nola d723775792
Remove deprecated flags in v1.26 (#6574) 
* Remove NoFlannel
* Remove cluster-secret
* Remove no-deploy
* Remove disable-selinux
* Convert wireguard to fatal error
* Remove reference to no-op K3S_CLUSTER_SECRET

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2022-12-05 14:01:01 -08:00
Brad Davidson 2835368ecb Bump k3s-root and remove embedded strongswan support 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-01 12:40:40 -08:00
Derek Nola af8f101bdc
Mark secrets-encryption flag as GA (#6582) 
* Mark secrets-encrypt flag as GA

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2022-12-01 08:50:51 -08:00
Derek Nola 614da78e43
Add `prefer-bundled-bin` as an agent flag (#6545) 
* Add prefer-bundled-bin as an agent flag
* Add E2E test for prefer-bundled-bin

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2022-11-22 13:43:16 -08:00
Derek Nola 0f52088cd3
Add new `prefer-bundled-bin` experimental flag (#6420) 
* initial prefer-bundled-bin ci change
* Add startup testlet
* Convert parsing to pflag library
* Fix code validation
* go mod tidy

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2022-11-21 13:01:36 -08:00
Brad Davidson f2585c1671 Add --flannel-external-ip flag 
Using the node external IP address for all CNI traffic is a breaking change from previous versions; we should make it an opt-in for distributed clusters instead of default behavior.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-10-24 10:10:49 -07:00
Derek Nola cd49101fc8
Convert deprecated flags to fatal errors for v1.25 (#6069) 
* Replace warning with fatal errors.
* Group system-default-registry under (agent/runtime)

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2022-09-01 09:33:59 -07:00
Hussein Galal ba62c79f9b
Update to v1.25.0-k3s1 (#6040) 
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
 2022-08-27 03:33:13 +02:00
Brad Davidson 4aca21a1f1 Add cri-dockerd support as backend for --docker flag 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-08-05 02:39:25 -07:00
Brad Davidson b1fa63dfb7 Revert "Remove --docker/dockershim support" 
This reverts commit 4a3d283bc1.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-08-05 02:39:25 -07:00
Derek Nola 118a68c913
Updates to CLI flag grouping + deprecated flag warnings. (#5937) 
* Consolidate data dir flag
* Group cluster flags together
* Reorder and group agent flags
* Add additional info around vmodule flag
* Hide deprecated flags, and add warning about their removal

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2022-08-02 13:51:16 -07:00
Brad Davidson ffe72eecc4 Address issues with etcd snapshots 
* Increase the default snapshot timeout. The timeout is not currently
  configurable from Rancher, and larger clusters are frequently seeing
  uploads fail at 30 seconds.
* Enable compression for scheduled snapshots if enabled on the
  command-line. The CLI flag was not being passed into the etcd config.
* Only set the S3 content-type to application/zip if the file is zipped.
* Don't run more than one snapshot at once, to prevent misconfigured
  etcd snapshot cron schedules from stacking up.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-07-12 14:41:38 -07:00
Roberto Bonafiglia a693071c74
Merge pull request #5552 from sjoerdsimons/sjoerd/flannel-wireguard-mode 
Add cli flag for flannel wireguard mode
 2022-06-15 14:28:21 +02:00
Darren Shepherd e6009b1edf Introduce servicelb-namespace parameter 
This parameter controls which namespace the klipper-lb pods will be create.
It defaults to kube-system so that k3s does not by default create a new
namespace. It can be changed if users wish to isolate the pods and apply
some policy to them.

Signed-off-by: Darren Shepherd <darren@acorn.io>
 2022-06-14 15:48:58 -07:00
Manuel Buil d4522de06a
Merge pull request #5656 from manuelbuil/AddFlannelCniConfFile 
Add FlannelCNIConf flag
 2022-06-14 10:23:51 +02:00
Igor 2999289e68
add support for pprof server (#5527) 
Signed-off-by: igor <igor@igor.io>
 2022-06-13 22:06:55 -07:00
Brad Davidson 0581808f5c Set default egress-selector-mode to agent 
... until QA flakes can be addressed.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-06-10 10:14:15 -07:00
Manuel Buil c705d34804 Add FlannelConfCNI flag 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2022-06-08 11:03:17 +02:00
Sjoerd Simons 8643576985 Add ability to pass configuration options to flannel backend 
Allow the flannel backend to be specified as
backend=option=val,option2=val2 to select a given backend with extra options.

In particular this adds the following options to wireguard-native
backend:
* Mode - flannel wireguard tunnel mode
* PersistentKeepaliveInterval- wireguard persistent keepalive interval

Signed-off-by: Sjoerd Simons <sjoerd@collabora.com>
 2022-06-07 20:13:28 +02:00
Brad Davidson 9d7230496d Add support for configuring the EgressSelector mode 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-05-18 13:26:10 -07:00
Brad Davidson 4a3d283bc1 Remove --docker/dockershim support 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-05-11 14:39:07 -07:00