Commit Graph

93 Commits (e47c1401d12eaa4232c6b3aafc8c66235082ff60)

Author SHA1 Message Date
Chris Kim 69f96d6225
Define a Controllers and LeaderControllers on the server config (#3043)
Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-03-11 10:39:00 -08:00
Brad Davidson 7cdfaad6ce
Always use static ports for client load-balancers (#3026)
* Always use static ports for the load-balancers

This fixes an issue where RKE2 kube-proxy daemonset pods were failing to
communicate with the apiserver when RKE2 was restarted because the
load-balancer used a different port every time it started up.

This also changes the apiserver load-balancer port to be 1 below the
supervisor port instead of 1 above it. This makes the apiserver port
consistent at 6443 across servers and agents on RKE2.

Additional fixes below were required to successfully test and use this change
on etcd-only nodes.

* Actually add lb-server-port flag to CLI
* Fix nil pointer when starting server with --disable-etcd but no --server
* Don't try to use full URI as initial load-balancer endpoint
* Fix etcd load-balancer pool updates
* Update dynamiclistener to fix cert updates on etcd-only nodes
* Handle recursive initial server URL in load balancer
* Don't run the deploy controller on etcd-only nodes
2021-03-06 02:29:57 -08:00
Erik Wilson 4e5218b62c
Apply suggestions from code review
Logging cleanup

Co-authored-by: Brad Davidson <brad@oatmail.org>
2021-03-01 10:44:24 -07:00
Erik Wilson 54a35505f0
Remove Traefik v1 migration 2021-03-01 10:44:24 -07:00
Chin-Ya Huang cc96f8140a
Allow download traefik static file and rename
Allow writing static files regardless of the version.

Signed-off-by: Chin-Ya Huang <chin-ya.huang@suse.com>
2021-03-01 10:44:24 -07:00
Chin-Ya Huang 10e0328977
Traefik v2 integration
K3s upgrade via watch over file change of static file and manifest
and triggers helm-controller for change. It seems reasonable to
only allow upgrade traefik v1->v2 when there is no existing custom
traefik HelmChartConfig in the cluster to avoid any
incompatibility.

Here also separate the CRDs and put them into a different chart
to support CRD upgrade.

Signed-off-by: Chin-Ya Huang <chin-ya.huang@suse.com>
2021-03-01 10:44:23 -07:00
Hussein Galal 5749f66aa3
Add disable flags for control components (#2900)
* Add disable flags to control components

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* golint

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fixes to disable flags

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Add comments to functions

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Fix joining problem

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* golint

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix ticker

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix role labels

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-02-12 17:35:57 +02:00
Brad Davidson 6e768c301e Use appropriate response codes for authn/authz failures
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-09 16:28:20 -08:00
Brian Downs 13229019f8
Add ability to perform an etcd on-demand snapshot via cli (#2819)
* add ability to perform an etcd on-demand snapshot via cli
2021-01-21 14:09:15 -07:00
Erik Wilson 4245fd7b67 Return http.StatusOK instead of 0
Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>
2020-12-23 16:55:47 -07:00
Erik Wilson 2fb411fc83 Fix spelling mistake
Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>
2020-12-23 15:08:07 -07:00
Erik Wilson 09eb44ba53 Bootstrap node password with local file
Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>
2020-12-23 15:08:06 -07:00
Erik Wilson 1230d7b7df Fix HA server initialization
Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>
2020-12-15 16:08:28 -08:00
Brad Davidson 63f2211b31 deprecate the "node-role.kubernetes.io/master" label / taint
Related to https://github.com/kubernetes/kubernetes/pull/95382

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-12-08 22:51:34 -08:00
Erik Wilson 0ae7f2d5ae
Merge pull request #2407 from erikwilson/node-passwd-cleanup
Use secrets for node-passwd entries
2020-12-08 16:25:13 -07:00
Jacob Blain Christen 3647654fe4
[migration k3s-io] update helm-controller dependency (#2569)
rancher/helm-controller ➡️ k3s-io/helm-controller

Part of https://github.com/rancher/k3s/issues/2189

Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-12-01 08:59:10 -07:00
Erik Wilson 92d04355f4
Use secrets for node-passwd entries and cleanup 2020-11-05 09:48:53 -07:00
Erik Wilson 56e077eb29
Use no_proxy env, add .svc and cluster domains 2020-10-12 11:02:07 -07:00
Brian Downs ba70c41cce
Initial Logging Output Update (#2246)
This attempts to update logging statements to make them consistent
through out the code base. It also adds additional context to messages
where possible, simplifies messages, and updates level where necessary.
2020-09-21 09:56:03 -07:00
Brian Downs 15d7b61939 Merge remote-tracking branch 'upstream/master' into issue-112 2020-09-04 14:41:42 -07:00
Brian Downs 4c3ec907ab
remove k8s daemon config from setup hook in favor of specific fields from the config (#2206)
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-09-04 09:30:36 -07:00
Brian Downs bb8e5374ea conform to repo conventions
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-09-03 18:48:30 -07:00
Brian Downs 00831f9bc8 use version.Program
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-09-03 08:51:17 -07:00
Brian Downs 301fb73952 add node ip to the request header for cert gen
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-09-02 19:15:09 -07:00
Erik Wilson 720197b9b1
Fix linting issues 2020-08-28 17:18:29 -07:00
Brad Davidson c980fa68a0
Update helm-controller for HelmChartConfig CRD (#2114)
* Update helm-controller for HelmChartConfig CRD

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-08-20 14:23:50 -07:00
Brian Downs 324bb55986 add ctx to hook, handle hook errors
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-08-19 16:54:58 -07:00
Brian Downs fa2c1422b3 change name of variable
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-08-19 14:30:53 -07:00
Brian Downs a4b2953017 add setup hook capabilities for rke2
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-08-19 13:42:45 -07:00
Brad Davidson dfd0f9d1a6 Correctly report and propagate kubeconfig write failures
As seen in issues such as #15 #155 #518 #570 there are situations where
k3s will fail to write the kubeconfig file, but reports that it wrote it
anyway as the success message is printed unconditionally. Also, secondary
actions like setting file mode and creating a symlink are also attempted
even if the file was not created.

This change skips attempting additional actions, and propagates the
failure back upwards.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-07-24 12:07:32 -07:00
Hussein Galal f5ee757b86
Add cluster dns configmap (#1785) 2020-06-22 23:06:01 +02:00
Darren Shepherd a18d387390 Refactor clustered DB framework 2020-06-06 16:39:41 -07:00
Darren Shepherd 7e59c0801e Make program name a variable to be changed at compile time 2020-06-06 16:39:41 -07:00
Darren Shepherd cb4b34763e
Merge pull request #1759 from ibuildthecloud/background
Start kube-apiserver in the background
2020-05-06 21:50:48 -07:00
Darren Shepherd 072396f774 Start kube-apiserver in the background
In rke2 everything is a static pod so this causes a chicken and egg situation
in which we need the kubelet running before the kube-apiserver can be
launched.  By starting the apiserver in the background this allows us to
do this odd bootstrapping.
2020-05-06 21:17:23 -07:00
Darren Shepherd 2f5ee914f9 Add supervisor port
In k3s today the kubernetes API and the /v1-k3s API are combined into
one http server.  In rke2 we are running unmodified, non-embedded Kubernetes
and as such it is preferred to run k8s and the /v1-k3s API on different
ports.  The /v1-k3s API port is called the SupervisorPort in the code.

To support this separation of ports a new shim was added on the client in
then pkg/agent/proxy package that will launch two load balancers instead
of just one load balancer.  One load balancer for 6443 and the other
for 9345 (which is the supervisor port).
2020-05-05 15:54:51 -07:00
Darren Shepherd 3c8e0b4157 No longer use basic auth for default admin account 2020-04-28 16:01:33 -07:00
galal-hussein 3f927d8006 Revert "Replace traefik with nginx"
This reverts commit 9a17033095.
2020-03-11 01:45:23 +02:00
galal-hussein 717b5a765e use multiarch image for nginx 2020-03-07 00:19:32 +02:00
galal-hussein 9a17033095 Replace traefik with nginx 2020-03-03 00:00:39 +02:00
Erik Wilson 0aeea78060
Merge pull request #1444 from KnicKnic/k3s_build_windows
K3s build windows (no agents)
2020-02-27 11:46:21 -07:00
Knic Knic 2346ccc63f get build on windows and get api_server to work 2020-02-22 23:17:59 -08:00
Darren Shepherd 782004bec9 Create pidns for rootless 2020-01-31 21:40:34 -07:00
Erik Wilson 0374c4f63d Add --disable flag 2020-01-30 16:45:01 -07:00
Darren Shepherd bf57a7f419 Don't start node controller if coredns is not deployed 2020-01-22 11:09:36 -07:00
Erik Wilson 76281bf731 Update k3s for k8s 1.17.0 2019-12-15 23:28:19 -07:00
Darren Shepherd ff34c5c5cf Download cert/key to agent with single HTTP request
Since generated cert/keys are stored locally, each server has a different
copy.  In a HA setup we need to ensure we download the cert and key from
the same server so we combined HTTP requests to do that.
2019-11-15 21:51:51 -07:00
Darren Shepherd 0ae20eb7a3 Support both http and db based bootstrap 2019-11-12 01:12:24 +00:00
Darren Shepherd e2431bdf9d Add dqlite support 2019-11-10 03:49:56 +00:00
Darren Shepherd 91cacb3a14 Fix server join issues 2019-11-08 21:35:58 +00:00