Commit Graph

1385 Commits (da3e26a624e5b95fca7970d1b209326f9474b073)

Author SHA1 Message Date
David Nuzik da3e26a624
Merge pull request #2134 from tuananh/patch-1
Fix typo
2020-08-17 10:00:31 -07:00
Tuan Anh Tran a1199fca6f Fix typo
Signed-off-by: Tuan Anh Tran <anh.tt@teko.vn>
2020-08-17 11:48:09 +07:00
Jacob Blain Christen 4db4171808 helm-controller: bring in a fix for tolerations
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-08-16 03:06:36 -07:00
Craig Jellick 186c441aa5 initial roadmap
Signed-off-by: Craig Jellick <craig@rancher.com>
2020-08-13 08:06:55 -07:00
Jacob Blain Christen e2089bea18
cli: add --selinux flag to agent/server sub-cmds (#2111)
* cli: add --selinux flag to agent/server sub-cmds

Introduces --selinux flag to affirmatively enable SELinux in containerd.
Deprecates --disable-selinux flag which now defaults to true which
auto-detection of SELinux configuration for containerd is no longer
supported.  Specifying both --selinux and --disable-selinux will result
in an error message encouraging you to pick a side.

* Update pkg/agent/containerd/containerd.go

update log warning message about enabled selinux host but disabled runtime

Co-authored-by: Brad Davidson <brad@oatmail.org>
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-08-11 16:17:32 -07:00
Brad Davidson 4a68698014
Merge pull request #2104 from brandond/update_helm-controller
Update helm-controller
2020-08-10 23:54:52 -07:00
Jacob Blain Christen 89b9dde3c2
Merge pull request #2109 from dweomer/go1.13.15
golang: 1.13.15
2020-08-10 16:11:30 -07:00
Jacob Blain Christen 3f8c94254a golang: 1.13.15
- https://github.com/golang/go/issues?q=milestone%3AGo1.13.15+label%3ACherryPickApproved

Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-08-10 15:39:36 -07:00
Brad Davidson 30345b6974 Update helm-controller
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-08-07 12:17:58 -07:00
Erik Wilson 026584e1f7
Merge pull request #2103 from brandond/fix_2102
Fix removal of /run directories
2020-08-07 11:49:58 -07:00
Brad Davidson 0291bd770e Fix removal of /run directories
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-08-07 11:13:04 -07:00
Jacob Blain Christen 97ff5affab
Merge pull request #2065 from dweomer/containerd/v1.3.6-selinux
updated containerd/cri selinux support
2020-08-07 11:09:28 -07:00
Craig Jellick 4aaebd35f6 etcd mgmt is a work in progress 2020-08-07 10:21:54 -07:00
Craig Jellick dbf59b46f2
Clarify K3s's positioning, goals, intentions, and components 2020-08-07 09:56:50 -07:00
Brad Davidson 9137c45cdb
Merge pull request #1614 from sen-subhabrata/master
install.sh: cleanup /run on uninstall
2020-08-05 11:26:21 -07:00
Brad Davidson 3f2551ec05
Merge pull request #1848 from euank/insecure-on-lo
Listen insecurely on localhost only
2020-08-05 10:55:09 -07:00
Brad Davidson d11570fbdb
Merge pull request #2096 from AkihiroSuda/bump-up-rootlesskit
update rootlesskit to v0.10.0
2020-08-05 10:31:17 -07:00
Euan Kemp 4808c4e7d5 Listen insecurely on localhost only
Before this change, k3s configured the scheduler and controller's
insecure ports to listen on 0.0.0.0. Those ports include pprof, which
provides a DoS vector at the very least.

These ports are only enabled for componentstatus checks in the first
place, and componentstatus is hardcoded to only do the check on
localhost anyway (see
https://github.com/kubernetes/kubernetes/blob/v1.18.2/pkg/registry/core/rest/storage_core.go#L341-L344),
so there shouldn't be any downside to switching them to listen only on
localhost.
2020-08-05 10:28:11 -07:00
Akihiro Suda a70cdac356
update rootlesskit to v0.10.0
Fix intermittent "Connection reset by peer" error during port forwarding

https://github.com/rootless-containers/rootlesskit/issues/153

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-08-05 18:22:05 +09:00
Brad Davidson c8282f4939
Merge pull request #2053 from brandond/update_dynamiclistener
Update dynamiclistener
2020-08-04 14:48:47 -07:00
Brad Davidson 3e8141dc65 Update dynamiclistener
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-08-04 13:05:37 -07:00
Brian Downs 6fcec6aea9
Merge pull request #1754 from briandowns/add_pr_template
add pull request template
2020-08-03 09:25:39 -07:00
Hussein Galal 169ee63907
Add etcd members as learners (#2066)
* Add etcd members as learners

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Ignore errors in promote member

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2020-07-29 22:52:49 +02:00
Brad Davidson a33494802b
Merge pull request #2072 from brandond/setproctitle
Call setproctitle to conceal node args in ps output
2020-07-28 18:45:27 -07:00
Brad Davidson 1eec7348a5 Call setproctitle to conceal node args in ps output
This is related to #2014.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-07-28 15:49:49 -07:00
Brad Davidson 375c68524b
Merge pull request #2073 from brandond/update_docker_baseimage
Update base image version in Dockerfiles
2020-07-28 10:16:47 -07:00
Brad Davidson 1b78715903 Update base image version in Dockerfiles
Should hopefully fix issues that cropped up with arm builds failing due
to the sqlite libs from alpine 3.10 no longer being compatible with
alpine edge, which was probably never a safe assumption to begin with.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-07-28 00:23:46 -07:00
Brad Davidson 361e218fef
Merge pull request #2064 from brandond/write_kubeconfig_claim
Correctly report and propagate kubeconfig write failures
2020-07-27 16:28:45 -07:00
Jacob Blain Christen 371bee82f9 containerd: bump to v1.3.6
Remove $NOTIFY_SOCKET, if present, from env when invoking containerd to
prevent gratuitous notifications sent to systemd.

Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-07-27 14:41:52 -07:00
Brad Davidson 118d3256b5
Merge pull request #2056 from mcsaucy/http
Always validate K3S_URL if running agent.
2020-07-24 14:23:00 -07:00
Chris Kim 79931c73bc
Merge pull request #2063 from Oats87/bump-k3s-root-v060-rc3
Bump k3s-root to v0.6.0-rc3
2020-07-24 12:38:35 -07:00
Brad Davidson dfd0f9d1a6 Correctly report and propagate kubeconfig write failures
As seen in issues such as #15 #155 #518 #570 there are situations where
k3s will fail to write the kubeconfig file, but reports that it wrote it
anyway as the success message is printed unconditionally. Also, secondary
actions like setting file mode and creating a symlink are also attempted
even if the file was not created.

This change skips attempting additional actions, and propagates the
failure back upwards.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-07-24 12:07:32 -07:00
Chris Kim b5e57a10d5 Bump k3s-root to v0.6.0-rc3 for https://github.com/rancher/k3s/issues/1812
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-07-24 11:16:50 -07:00
Josh McSavaney 265bd9848b Always validate K3S_URL.
Also move K3S_URL validation to its own function.

Signed-off-by: Josh McSavaney <mcsaucy@csh.rit.edu>
2020-07-23 17:21:55 -04:00
Brad Davidson 4eb88a2fd3
Merge pull request #2042 from brandond/coredns_sync_1919-master
Update coredns version for master
2020-07-21 15:12:59 -07:00
Brad Davidson 77bfe47627
Merge pull request #2037 from brandond/update_k3s-root_slirp4netns
Update k3s-root to pull in updated slirp4netns
2020-07-21 15:12:27 -07:00
Brad Davidson 9da8dc4f61 Update coredns version to 1.6.9 for master
Needed for #1844

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-07-21 11:06:44 -07:00
Brian Downs 04f57e5e1d
Merge pull request #2044 from briandowns/add_cis_server_flag
update cis flag implementation to propogate the rest of the way
2020-07-20 16:56:07 -07:00
Brian Downs 5a81fdbdc5 update cis flag implementation to propogate the rest of the way through to kubelet
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-07-20 16:31:56 -07:00
Hussein Galal 6d59b81479
Fix cli in main.go (#2043) 2020-07-21 00:06:21 +02:00
Erik Wilson 1b62c2802b
Merge pull request #1983 from erikwilson/upgrade-flannel
Update flannel to v0.12.0-k3s1
2020-07-20 14:18:49 -07:00
Brad Davidson 1de58904ad Update flannel to v0.12.0-k3s1
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-07-20 13:18:46 -07:00
Brad Davidson 9e00f6dc73 Update k3s-root to pull in updated slirp4netns
Related to #1709

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-07-17 16:47:44 -07:00
Jason e3f8789114
Add containerd snapshotter flag (#1991)
* Add containerd snapshotter flag

Signed-off-by: Jason-ZW <zhenyang@rancher.com>

* Fix CamelCase nit and option description

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Jason-ZW <zhenyang@rancher.com>

Co-authored-by: Brad Davidson <brad@oatmail.org>
2020-07-18 01:16:23 +02:00
Brad Davidson 206accbe8d
Update to v1.18.6-k3s1 (#2035)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-07-18 01:14:37 +02:00
David Nuzik 186c4a1c6b
Merge pull request #2022 from davidnuzik/mark-v1.18.6-stable
Set v1.18.6 as stable in channel server
2020-07-16 17:36:57 -07:00
Brian Downs f7dae176e9
Merge pull request #2023 from briandowns/add_kubelet_cis_flag
add protect-kernel-defaults to kubelet
2020-07-14 16:32:43 -07:00
Brian Downs abb2d9aad1 add flag usage
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-07-14 15:55:18 -07:00
Brian Downs 57a6319fac add protect-kernel-defaults to kubelet
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-07-14 15:46:10 -07:00
David Nuzik cecce93ee1 Set v1.18.6 as stable in channel server
Signed-off-by: David Nuzik <david.nuzik@rancher.com>
2020-07-14 11:55:48 -07:00