Commit Graph

2215 Commits (dda409b0412471758a51edb0baacc5953b0c92cc)

Author SHA1 Message Date
Brian Downs e8ecc00fc8 add etcd snapshot save subcommand
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-05-17 10:55:13 -07:00
Erik Wilson fd4d226e3d
Merge pull request #3328 from erikwilson/v1.21.1-k3s1
Update Kubernetes to v1.21.1-k3s1
2021-05-14 13:54:28 -07:00
Erik Wilson 11c5effca2
Bump to go 1.16.4 2021-05-14 10:36:13 -07:00
Erik Wilson 70430b53a8
Update Kubernetes to v1.21.1-k3s1 2021-05-14 10:12:55 -07:00
Brian Downs 6ee28214fa
Add the ability to prune etcd snapshots (#3310)
* add prune subcommand to force rentention policy enforcement
2021-05-13 13:36:33 -07:00
Brad Davidson 079620ded0 Fix passthrough of SystemDefaultRegistry from server config
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-13 02:18:09 -07:00
Menna Elmasry f76d6208e4
Merge pull request #3316 from MonzElmasry/disable-apiserver-flag
change --disable-api-server flag to --disable-apiserver
2021-05-13 01:10:55 +02:00
MonzElmasry 24474c5734
change --disable-apiserver flag
Signed-off-by: MonzElmasry <menna.elmasry@rancher.com>
2021-05-13 00:00:11 +02:00
Jacob Blain Christen 0d05b14b71
runc: v1.0.0-rc94 (#3305)
- bump the runc version to v1.0.0-rc94
- build runc from its own source tree instead of from ./vendor/
  - side-steps incompatibility with upstream kubelet container manager

Signed-off-by: Jacob Blain Christen <dweomer5@gmail.com>
2021-05-12 11:50:24 -07:00
Brad Davidson e10524a6b1 Add executor.Bootstrap hook for pre-execution setup
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-11 18:46:15 -07:00
Brian Downs bcd8b67db4
Add the ability to list etcd snapshots (#3303)
* add ability to list local and s3 etcd snapshots
2021-05-11 16:59:33 -07:00
Brad Davidson 02a5bee62f
Add system-default-registry support and remove shared code (#3285)
* Move registries.yaml handling out to rancher/wharfie
* Add system-default-registry support
* Add CLI support for kubelet image credential providers

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-10 15:58:41 -07:00
Hussein Galal 948295e8e8
Fix cluster restoration in rke2 (#3295)
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-05-11 00:06:33 +02:00
Brad Davidson fc037e87f8 Use config file values in node-args annotation
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-10 14:08:02 -07:00
Brian Downs e998cd110d
Add the ability to delete an etcd snapshot locally or from S3 (#3277)
* Add the ability to delete a given set of etcd snapshots from the CLI for locally stored and S3 store snapshots.
2021-05-07 16:10:04 -07:00
Siegfried Weber e77fd18270 Sign CSRs for kubelet-serving with the server CA
Problem:
Only the client CA is passed to the kube-controller-manager and
therefore CSRs with the signer name "kubernetes.io/kubelet-serving" are
signed with the client CA. Serving certificates must be signed with the
server CA otherwise e.g. "kubectl logs" fails with the error message
"x509: certificate signed by unknown authority".

Solution:
Instead of providing only one CA via the kube-controller-manager
parameter "--cluster-signing-cert-file", the corresponding CA for every
signer is set with the parameters
"--cluster-signing-kube-apiserver-client-cert-file",
"--cluster-signing-kubelet-client-cert-file",
"--cluster-signing-kubelet-serving-cert-file", and
"--cluster-signing-legacy-unknown-cert-file".

Signed-off-by: Siegfried Weber <mail@siegfriedweber.net>
2021-05-05 15:59:57 -07:00
Akihiro Suda 3cfa76fcbf Add cgroup2 CI (Fedora on Vagrant on GHA)
Add `.github/workflows/cgroup2.yaml` for running Fedora on Vagrant on
GitHub Actions to test cgroup2 environment.

Only very basic smoke tests are executed, as Vagrant is too slow to run
the entire sonobuoy.

Relevant:
- kubernetes-sigs/kind PR 2017
- https://github.com/rootless-containers/usernetes/blob/v20210201.0/.github/workflows/main.yaml

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-05-05 15:53:47 -07:00
Menna Elmasry 17d91c5148
Merge pull request #3270 from MonzElmasry/validate-go-mod-ci
Add ci step to validate incorrect replacement fork
2021-05-05 20:00:45 +02:00
Menna Elmasry 91c5797016
add new-line
Co-authored-by: Brian Downs <brian.downs@gmail.com>
2021-05-05 19:06:12 +02:00
Hussein Galal f410fc7d1e
Invoke cluster reset function when only reset flag is passed (#3276)
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-05-05 17:40:04 +02:00
MonzElmasry 45265620c1
Add ci step to validate incorerct replacement fork
Signed-off-by: MonzElmasry <menna.elmasry@rancher.com>
2021-05-05 17:10:40 +02:00
Brian Downs e1b9067d21
Merge pull request #3268 from briandowns/fix_node_name
Reference node name when needed
2021-05-04 10:48:26 -07:00
Brian Downs beb0d8397a reference node name when needed
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-05-04 10:03:28 -07:00
Vegetto 64577a070d fixes #3264 - unmount CSI plugins on uninstall
Signed-off-by: angelnu <git@angelnucom>
2021-05-03 20:05:26 -07:00
Brian Downs 245efe0d66
Merge pull request #3257 from briandowns/remove_dapperfile
remove accidentially commited dapper files
2021-04-30 20:38:40 -07:00
Brian Downs 259d7ce655 remove accidentially commited dapper files
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-04-30 18:38:42 -07:00
Brian Downs c5ad71ce0b
Collect and Store etcd Snapshots and Metadata (#3239)
* Add the ability to store local etcd snapshots and etcd snapshots stored in an S3 compatible object store in a ConfigMap.
2021-04-30 18:26:39 -07:00
Loren Lisk fceb20fe0c Typo fix in README.md
Just a small typo fix

Signed-off-by: Loren Lisk <loren.lisk@liskl.com>
2021-04-30 08:43:55 -07:00
Hussein Galal 2db3bf7a89
Export CriConnection function (#3225)
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-04-29 22:11:19 +02:00
Brad Davidson 3cb4ca4b35 Use same SANs on ServingKubeAPICert as dynamiclistener
The kube-apiserver cert should have the same SANs in the same order,
excluding the extra user-configured SANs since this will only be used
in-cluster.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-28 09:58:19 -07:00
Darren Shepherd 8f1a20c0d3 Add ability to append to slice during config file merge
If key ends in "+" the value of the key is appended to previous
values found.  If values are string instead of a slice they are
automatically converted to a slice of one string.

Signed-off-by: Darren Shepherd <darren@rancher.com>
2021-04-27 15:59:03 -07:00
Chris Kim 7a10a9971f
Add install script option to force a restart of the K3s service (#3235)
Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-04-27 08:49:03 -07:00
Brad Davidson 2705431d96
Add support for dual-stack Pod/Service CIDRs and node IP addresses (#3212)
* Add support for dual-stack cluster/service CIDRs and node addresses

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-21 15:56:20 -07:00
David Nuzik ac507e530d
Merge pull request #3219 from davidnuzik/mark-1.20.6-stable
Mark v1.20.6+k3s1 as stable
2021-04-19 16:50:05 -07:00
David Nuzik 6d939494bd mark v1.20.6+k3s1 as stable
Signed-off-by: David Nuzik <david.nuzik@rancher.com>
2021-04-19 16:48:35 -07:00
David Nuzik c2eff9298c
Update bug_report.md language 2021-04-16 14:35:54 -07:00
David Nuzik 32bdd86e53
Update feature_request.md
Add html comments so that helper text is not shown when posting the feature request.
2021-04-16 14:29:44 -07:00
Darren Shepherd a0a1071aa5
Support .d directory for k3s config file (#3162)
Configuration will be loaded from config.yaml and then config.yaml.d/*.(yaml|yml) in
alphanumeric order.  The merging is done by just taking the last value of
a key found, so LIFO for keys.  Slices are not merged but replaced.

Signed-off-by: Darren Shepherd <darren@rancher.com>
2021-04-15 11:29:24 -07:00
Brad Davidson 601c4984f5 Fix service-account-issuer
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-14 14:51:42 -07:00
Brad Davidson 4fbc241679 Update to forked protobuf 1.4.3-k3s1
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-14 14:51:42 -07:00
Brad Davidson 94266658f6 Reduce node and service wait times
Some of the new node compat tests take a while before failing as
expected. We don't seem to need the additional time any longer to avoid
flakes, so turn it down a bit.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-14 14:51:42 -07:00
Brad Davidson e8381db778 Update Kubernetes to v1.21.0
* Update Kubernetes to v1.21.0
* Update to golang v1.16.2
* Update dependent modules to track with upstream
* Switch to upstream flannel
* Track changes to upstream cloud-controller-manager and FeatureGates

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-14 14:51:42 -07:00
Brian Downs e47c1401d1
Merge pull request #3197 from briandowns/issue-3178
Resolve local retention issue when S3 in use.
2021-04-14 11:55:52 -07:00
Brian Downs 66ed6efd57 Resolve local retention issue when S3 in use.
Remove early return preventing local retention policy to be enforced
resulting in N number of snapshots being stored.

Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-04-14 10:40:08 -07:00
Brian Downs 3083059953
Merge pull request #3191 from briandowns/update_disable_flags_state
Add hidden attribute to disable flags
2021-04-13 16:18:24 -07:00
Brian Downs 80e4baf525 add hidden attribute to disable flags
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-04-13 14:30:47 -07:00
Brian Downs 18cd9886b1
Merge pull request #3180 from briandowns/security-issue-584
add etcd s3 secret and access key flags to secret data
2021-04-12 15:41:09 -07:00
Brian Downs d9381b84ad add etcd s3 secret and access key flags and env vars to secret data
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-04-12 14:47:16 -07:00
Brad Davidson 503d6813bb Add gzip and zst airgap artifacts
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-04-09 16:57:59 -07:00
Brian Downs 693c5290b1
Update CoreDNS to version 1.8.3. (#3168)
* update CoreDNS to 1.8.3

Rerun go generate and update the CoreDNS RBAC
2021-04-09 16:47:16 -07:00