github/k3s - k3s - https://git.xinac.net

Commit Graph

Author	SHA1	Message	Date
Derek Nola	85e02e10d7	Remove secrets encryption controller (#10612 ) * Remove secrets encryption controller Signed-off-by: Derek Nola <derek.nola@suse.com>	2024-08-26 08:31:49 -07:00
Derek Nola	59e0761043	Use higher QPS for secrets reencryption (#10571 ) * Use higher QPS for secrets reencryption Signed-off-by: Derek Nola <derek.nola@suse.com>	2024-07-26 12:07:26 -07:00
Vitor Savian	5d69d6e782	Add tls for kine Signed-off-by: Vitor Savian <vitor.savian@suse.com> Bump kine Signed-off-by: Vitor Savian <vitor.savian@suse.com> Add integration tests for kine with tls Signed-off-by: Vitor Savian <vitor.savian@suse.com>	2024-03-28 11:12:07 -03:00
Derek Nola	fa11850563	Readd `k3s secrets-encrypt rotate-keys` with correct support for KMSv2 GA (#9340 ) * Reorder copy order for caching * Enable longer http timeout requests Signed-off-by: Derek Nola <derek.nola@suse.com> * Setup reencrypt controller to run on all apiserver nodes * Fix reencryption for disabling secrets encryption, reenable drone tests	2024-02-09 11:37:37 -08:00
Hussein Galal	9411196406	Update flannel to v0.24.0 and remove multiclustercidr flag (#9075 ) * update flannel to v0.24.0 Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * remove multiclustercidr flag Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> --------- Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>	2023-12-20 00:25:38 +02:00
Hussein Galal	7101af36bb	Update Kubernetes to v1.29.0+k3s1 (#9052 ) * Update to v1.29.0 Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Update to v1.29.0 Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Update go to 1.21.5 Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * update golangci-lint Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * update flannel to 0.23.0-k3s1 This update uses k3s' fork of flannel to allow the removal of multicluster cidr flag logic from the code Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * fix flannel calls Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * update cri-tools to version v1.29.0-k3s1 Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Remove GOEXPERIMENT=nounified from arm builds Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Skip golangci-lint Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Fix setup logging with newer go version Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Move logging flags to components arguments Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * add sysctl commands to the test script Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Update scripts/test Signed-off-by: Brad Davidson <brad@oatmail.org> * disable secretsencryption tests Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> --------- Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> Signed-off-by: Brad Davidson <brad@oatmail.org> Co-authored-by: Brad Davidson <brad@oatmail.org>	2023-12-19 05:14:02 +02:00
Brad Davidson	231cb6ed20	Remove GA feature-gates (#8970 ) Remove KubeletCredentialProviders and JobTrackingWithFinalizers feature-gates, both of which are GA and cannot be disabled. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2023-12-14 22:57:24 +02:00
Brad Davidson	7ecd5874d2	Skip initial datastore reconcile during cluster-reset Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2023-11-15 14:31:44 -08:00
Brad Davidson	b8dc95539b	Fix CloudDualStackNodeIPs feature-gate inconsistency Enable the feature-gate for both kubelet and cloud-controller-manager. Enabling it on only one side breaks RKE2, where feature-gates are not shared due to running in different processes. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2023-10-17 10:40:12 -07:00
Manuel Buil	e82b37640a	Network defaults are duplicated, remove one Signed-off-by: Manuel Buil <mbuil@suse.com>	2023-10-02 17:21:59 +02:00
Derek Nola	42c2ac95e2	CLI + Backend for Secrets Encryption v3 Signed-off-by: Derek Nola <derek.nola@suse.com>	2023-08-25 14:17:00 -06:00
Hussein Galal	af50e1b096	Update to v1.28.0-k3s1 (#8199 ) * Update to v1.28.0 Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Update golang to v1.20.7 Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * more changes Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * update wrangler Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * update wrangler Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * fix nodepassword test Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * fix nodepassword test Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * disable CGO before running golangci-lint Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * execlude CGO Enabled checks Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Ignore reapply change error with logging Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Update google api client Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> --------- Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>	2023-08-23 00:09:31 +03:00
Brad Davidson	f21ae1d949	Make apiserver egress args conditional on egress-selector-mode Only configure enable-aggregator-routing and egress-selector-config-file if required by egress-selector-mode. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2023-07-31 13:59:41 -07:00
Brad Davidson	64a5f58f1e	Create new kubeconfig for supervisor use Only actual admin actions should use the admin kubeconfig; everything done by the supervisor/deploy/helm controllers will now use a distinct account for audit purposes. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2023-05-30 18:15:11 -07:00
Roberto Bonafiglia	15ee88964b	Added multiClusterCidr feature Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>	2023-03-14 18:30:52 +01:00
Brad Davidson	373df1c8b0	Add support for `k3s token` command Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2023-02-07 14:55:04 -08:00
Brad Davidson	0919ec6755	Ensure cluster-signing CA files contain only a single CA cert Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2023-02-06 15:09:31 -08:00
Brad Davidson	369b81b45e	Honor Service ExternalTrafficPolicy Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2023-01-27 12:09:18 -08:00
Brad Davidson	e08a662509	Disable CCM metrics port when legacy CCM functionality is disabled Prevents port conflicts on upgrade for users that have deployed other cloud controllers. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-11-30 15:08:31 -08:00
Manuel Buil	557fcd28d5	Change the priority of address types depending on flannel-external-ip Signed-off-by: Manuel Buil <mbuil@suse.com>	2022-11-04 09:02:39 +01:00
Brad Davidson	269563e4d2	Check for RBAC before starting tunnel controllers Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-10-26 15:08:13 -07:00
Brad Davidson	d963cb2f70	Disable cloud-node and cloud-node-lifecycle if CCM is disabled If CCM and ServiceLB are both disabled, don't run the cloud-controller-manager at all; this should provide the same CLI flag behavior as previous releases, and not create problems when users disable the CCM but still want ServiceLB. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-09-30 08:17:20 -07:00
Brad Davidson	0b96ca92bc	Move servicelb into cloudprovider LoadBalancer interface Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-09-30 08:17:20 -07:00
Brad Davidson	5eaa0a9422	Replace getLocalhostIP with Loopback helper method Requires tweaking existing method signature to allow specifying whether or not IPv6 addresses should be return URL-safe. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-07-21 16:51:57 -07:00
Brad Davidson	84fb8787f2	Add service-cluster-ip-range to controller-manager args Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-07-21 16:51:57 -07:00
Brad Davidson	ff6c233e41	Fix egress selector proxy/bind-address support Use same kubelet-preferred-address-types setting as RKE2 to improve reliability of the egress selector when using a HTTP proxy. Also, use BindAddressOrLoopback to ensure that the correct supervisor address is used when --bind-address is set. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-07-01 00:07:35 -07:00
Brad Davidson	0710a7198a	Remove deprecated flags from cloud-controller-manager Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-05-11 14:39:07 -07:00
Brad Davidson	703779c32f	Remove deprecated flags from kube-apiserver Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-05-11 14:39:07 -07:00
Brad Davidson	ce5b9347c9	Replace DefaultProxyDialerFn dialer injection with EgressSelector support Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-04-29 17:54:36 -07:00
Brad Davidson	e763fadbba	Ensure that WaitForAPIServerReady always re-dials through the loadbalancer Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-04-29 14:47:30 -07:00
Brad Davidson	af0b496ef3	Add client certificate authentication support to core Authenticator This is required to make the websocket tunnel server functional on etcd-only nodes, and will save some code on the RKE2 side once pulled through. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-04-06 13:03:14 -07:00
Roberto Bonafiglia	4afeb9c5c7	Merge pull request #5325 from rbrtbnfgl/fix-etcd-ipv6-url Fixed etcd URL in case of IPv6 address	2022-04-05 09:55:42 +02:00
Roberto Bonafiglia	dda409b041	Updated localhost address on IPv6 only setup Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>	2022-03-29 09:35:54 +02:00
Brad Davidson	714979bf6a	Ensure that apiserver ready channel checks re-dial every time Closing idle connections isn't guaranteed to close out a pooled connection to a loadbalancer endpoint that has been removed. Instead, ensure that requests used to wait for the apiserver to become ready aren't reused. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-03-23 13:21:58 -07:00
Luther Monson	9a849b1bb7	[master] changing package to k3s-io (#4846 ) * changing package to k3s-io Signed-off-by: Luther Monson <luther.monson@gmail.com> Co-authored-by: Derek Nola <derek.nola@suse.com>	2022-03-02 15:47:27 -08:00
Brad Davidson	5014c9e0e8	Fix adding etcd-only node to existing cluster Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-02-28 19:56:08 -08:00
Brad Davidson	a1b800f0bf	Remove unnecessary copies of etcdconfig struct Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-02-28 12:05:16 -08:00
Brad Davidson	2989b8b2c5	Remove unnecessary copies of runtime struct Several types contained redundant references to ControlRuntime data. Switch to consistently accessing this via config.Runtime instead. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-02-28 12:05:16 -08:00
Ankur Gupta	df4147cd57	Update legacy-unknown-cert and legacy-unknown-key (#5057 ) Signed-off-by: Ankur Gupta <ankur.gupta130887@gmail.com>	2022-02-02 09:15:41 -08:00
Derek Nola	bcb662926d	Secrets-encryption rotation (#4372 ) * Regular CLI framework for encrypt commands * New secrets-encryption feature * New integration test * fixes for flaky integration test CI * Fix to bootstrap on restart of existing nodes * Consolidate event recorder Signed-off-by: Derek Nola <derek.nola@suse.com>	2021-12-07 14:31:32 -08:00
Brad Davidson	5ab6d21a7d	Increase agent's apiserver ready timeout (#4454 ) Since we now start the server's agent sooner and in the background, we may need to wait longer than 30 seconds for the apiserver to become ready on downstream projects such as RKE2. Since this essentially just serves as an analogue for the server's apiReady channel, there's little danger in setting it to something relatively high. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2021-11-11 14:01:49 -07:00
Brian Downs	adaeae351c	update bootstrap logic (#4438 ) * update bootstrap logic resolving a startup bug and account for etcd	2021-11-10 05:33:42 -07:00
Brad Davidson	3da1bb3af2	Fix other uses of NewForConfigOrDie in contexts where we could return err Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2021-10-29 15:18:14 -07:00
Brad Davidson	5a923ab8dc	Add containerd ready channel to delay etcd node join Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2021-10-14 14:03:52 -07:00
Brian Downs	ac7a8d89c6	Add ability to reconcile bootstrap data between datastore and disk (#3398 )	2021-10-07 12:47:00 -07:00
Brad Davidson	753e11ee3c	Enable JobTrackingWithFinalizers FeatureGate Works around issue with Job controller not tracking job pods that are in CrashloopBackoff during upgrade from 1.21 to 1.22. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2021-09-17 11:26:45 -07:00
Brad Davidson	b72306ce3d	Return the error since it just gets logged and retried anyways Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2021-09-14 16:41:27 -07:00
Brad Davidson	5986898419	Use SubjectAccessReview to validate CCM RBAC Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2021-09-14 16:41:27 -07:00
Brad Davidson	dc556cbb72	Set controller authn/authz kubeconfigs Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2021-09-14 16:41:27 -07:00
Brad Davidson	199424b608	Pass context into all Executor functions Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2021-09-14 16:41:27 -07:00

1 2 3

143 Commits (c88e217fe9c7f617068823b459c166da39e2c27d)