Commit Graph

2454 Commits (f633732d80bb94fa97195851a6705a54c42edb42)

Author SHA1 Message Date
Brad Davidson d2089872bb Fix issue with containerd stats missing from cadvisor metrics
cadvisor still doesn't pull stats via CRI yet, so we have to continue to use the deprecated arg.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-07-08 11:03:02 -07:00
Brad Davidson 7dc78d2cee Bump runc version to v1.1.3
Includes fix for ENOSYS/EPERM issue on s390x.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-07-07 12:23:34 -07:00
Brad Davidson afee83dda2 Bump remotedialer
Includes fix for recently identified memory leak.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-07-07 12:22:37 -07:00
Brad Davidson a237260237 Bump kine to v0.9.3
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-07-01 00:08:15 -07:00
Brad Davidson 961c8274a9 Don't crash when service IPFamiliyPolicy is not set
Service.Spec.IPFamilyPolicy may be a nil pointer on freshly upgraded clusters.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-07-01 00:07:50 -07:00
Brad Davidson ff6c233e41 Fix egress selector proxy/bind-address support
Use same kubelet-preferred-address-types setting as RKE2 to improve reliability of the egress selector when using a HTTP proxy. Also, use BindAddressOrLoopback to ensure that the correct supervisor address is used when --bind-address is set.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-07-01 00:07:35 -07:00
Brad Davidson 4f4cf18fb6 Add tests for down-level etcd join
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-06-30 11:57:41 -07:00
Brad Davidson 96162c07c5 Handle egress-selector-mode change during upgrade
Properly handle unset egress-selector-mode from existing servers during cluster upgrade.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-06-30 11:57:41 -07:00
Nikolai Shields 9345bd05d1
Merge pull request #5774 from nikolaishields/june-update-channel-server
Mark v1.23.8+k3s1 to stable
2022-06-28 16:41:35 -05:00
Derek Nola 918a5dc559
Remove go-powershell dead dependency (#5777)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-06-28 14:24:49 -07:00
Devin Buhl bf9fafc8af
add 1.24 release channel (#5742)
Signed-off-by: Devin Buhl <devin@buhl.casa>
2022-06-28 09:43:31 -07:00
Nikolai Shields 64d420a74c
Mark v1.23.8+k3s1 to stable
Signed-off-by: Nikolai Shields <nikolai@nikolaishields.com>
2022-06-28 09:33:57 -05:00
Nikolai Shields b0ed134855
Merge pull request #5749 from nikolaishields/v1.24.2-k3s1
Update to v1.24.2
2022-06-22 11:23:06 -05:00
Nikolai Shields 61b714b2dd
Update to v1.24.2
Signed-off-by: Nikolai Shields <nikolai@nikolaishields.com>
2022-06-21 15:04:30 -05:00
Brad Davidson a5414bb1fc Bump helm-controller
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-06-16 12:28:13 -07:00
Olli Janatuinen 2968a83bc0 containerd: Enable enable_unprivileged_ports and enable_unprivileged_icmp by default
Signed-off-by: Olli Janatuinen <olli.janatuinen@gmail.com>
2022-06-15 14:49:51 -07:00
Venkata Krishna Rohit Sakala 31b8224f2a Enable compact tests for k3s s390x
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
2022-06-15 12:24:15 -07:00
Brad Davidson 6fad63583b Only listen on loopback when resetting
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-06-15 11:25:54 -07:00
Brad Davidson 3399afed83 Ensure that CONTAINERD_ variables are not shadowed by later entries
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-06-15 10:58:12 -07:00
Brad Davidson fb0a342a20 Sanitize filenames for use in configmap keys
If the user points S3 backups at a bucket containing other files, those
file names may not be valid configmap keys.

For example, RKE1 generates backup files with names like
`s3-c-zrjnb-rs-6hxpk_2022-05-05T12:05:15Z.zip`; the semicolons in the
timestamp portion of the name are not allowed for use in configmap keys.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-06-15 10:54:26 -07:00
Brad Davidson 06e40ec6e7 Disable urfave markdown/man docs generation
From https://github.com/urfave/cli/pull/1383 :
> This removes the resulting binary dependency on cpuguy83/md2man and
> russross/blackfriday (and a few more packages imported by those),
> which saves more than 400 KB (more than 300 KB
> once stripped) from the resulting binary.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-06-15 10:53:42 -07:00
Derek Nola a9b5a1933f
Delay service readiness until after startuphooks have finished (#5649)
* Move startup hooks wg into a runtime pointer, check before notifying systemd
* Switch default systemd notification to server
* Add 1 sec delay to allow etcd to write to disk
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-06-15 09:00:52 -07:00
ShylajaDevadiga 97c69546c5
add arm tests and upgrade tests (#5526)
Signed-off-by: Shylaja Devadiga <shylaja@rancher.com>
2022-06-15 08:55:05 -07:00
Roberto Bonafiglia a693071c74
Merge pull request #5552 from sjoerdsimons/sjoerd/flannel-wireguard-mode
Add cli flag for flannel wireguard mode
2022-06-15 14:28:21 +02:00
Derek Nola 3f9010683e
Add alternate scripts location (#5692)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-06-14 17:50:11 -07:00
Darren Shepherd e6009b1edf Introduce servicelb-namespace parameter
This parameter controls which namespace the klipper-lb pods will be create.
It defaults to kube-system so that k3s does not by default create a new
namespace. It can be changed if users wish to isolate the pods and apply
some policy to them.

Signed-off-by: Darren Shepherd <darren@acorn.io>
2022-06-14 15:48:58 -07:00
Darren Shepherd f4cc1b8788 Move all klipper-lb daemonset to common namespace for PodSecurity
The baseline PodSecurity profile will reject klipper-lb pods from running.
Since klipper-lb pods are put in the same namespace as the Service this
means users can not use PodSecurity baseline profile in combination with
the k3s servicelb.

The solution is to move all klipper-lb pods to a klipper-lb-system where
the security policy of the klipper-lb pods can be different an uniformly
managed.

Signed-off-by: Darren Shepherd <darren@acorn.io>
2022-06-14 15:48:58 -07:00
Derek Nola 12695cea15
E2E: Dualstack test (#5617)
* E2E dualstack test
* Improve testing documentation

Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-06-14 08:40:29 -07:00
Manuel Buil d4522de06a
Merge pull request #5656 from manuelbuil/AddFlannelCniConfFile
Add FlannelCNIConf flag
2022-06-14 10:23:51 +02:00
Manuel Buil 443b23e22f
Merge pull request #5644 from manuelbuil/ipvs-interface
Remove kube-ipvs0 interface when cleaning up
2022-06-14 10:12:18 +02:00
Igor 2999289e68
add support for pprof server (#5527)
Signed-off-by: igor <igor@igor.io>
2022-06-13 22:06:55 -07:00
Guilherme Macedo 763a8bc8fe
Update security email contact (#5607)
Signed-off-by: Guilherme Macedo <guilherme.macedo@suse.com>
2022-06-13 14:58:06 -07:00
Derek Nola efab09bc1f
E2E Improvements and groundwork for test-pad tool (#5593)
* Add rancher install sript, taints to cp/etcd roles
* Revert back to generic/ubuntu2004, libvirt networking is unreliable on opensuse
* Added support for alpine
* Rancher deployment script
* Refactor installType into function
* Cleanup splitserver test
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-06-13 13:36:26 -07:00
Derek Nola 168b14b08e
Integration Test: Startup (#5630)
* New startup integration test
* Add testing section to PR template
* Move helper functions to direct k8s client calls

Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-06-13 13:32:13 -07:00
Brad Davidson 0581808f5c Set default egress-selector-mode to agent
... until QA flakes can be addressed.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-06-10 10:14:15 -07:00
Brad Davidson b550e1183a Remove control-plane egress context and fix agent mode.
The control-plane context handles requests outside the cluster and
should not be sent to the proxy.

In agent mode, we don't watch pods and just direct-dial any request for
a non-node address, which is the original behavior.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-06-10 10:14:15 -07:00
Brad Davidson d3242bea3c Refactor egress-selector pods mode to watch pods
Watching pods appears to be the most reliable way to ensure that the
proxy routes and authorizes connections.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-06-08 09:34:53 -07:00
Manuel Buil c705d34804 Add FlannelConfCNI flag
Signed-off-by: Manuel Buil <mbuil@suse.com>
2022-06-08 11:03:17 +02:00
Brad Davidson c00f953ef9 Bump containerd and runc
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-06-07 13:11:07 -07:00
Sjoerd Simons 8643576985 Add ability to pass configuration options to flannel backend
Allow the flannel backend to be specified as
backend=option=val,option2=val2 to select a given backend with extra options.

In particular this adds the following options to wireguard-native
backend:
* Mode - flannel wireguard tunnel mode
* PersistentKeepaliveInterval- wireguard persistent keepalive interval

Signed-off-by: Sjoerd Simons <sjoerd@collabora.com>
2022-06-07 20:13:28 +02:00
Sjoerd Simons 99cc672d9a Bump flannel to v0.18.1
Signed-off-by: Sjoerd Simons <sjoerd@collabora.com>
2022-06-07 20:13:18 +02:00
Derek Nola f491802b44
Update flaky tests for v1.24 (#5625)
* Update flaky tests for v1.24
* Consolidate flaky-test regex into file
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-06-07 09:37:13 -07:00
Manuel Buil 699ae80de0 Remove kube-ipvs0 interface when cleaning up
Signed-off-by: Manuel Buil <mbuil@suse.com>
2022-06-06 12:14:06 +02:00
Brad Davidson 491aa11e10 Revert "Give kubelet the node-ip value (#5579)"
This reverts commit aa9065749c.

Setting dual-stack node-ip does not work when --cloud-provider is set
to anything, including 'external'. Just set node-ip to the first IP, and
let the cloud provider add the other address.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-06-02 17:36:55 -07:00
Brad Davidson 29397b4e68 Re-add --cloud-provider=external kubelet arg
The cloud-provider arg is deprecated and cannot be set to anything other than external, but must still be used or node addresses are not set properly.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-06-01 14:23:53 -07:00
Hussein Galal a5a0e8fde2
Update to v1.24.1 (#5616)
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2022-05-26 18:09:02 +02:00
Brad Davidson 1ef34728c9 Bump dynamiclistener to v0.3.3
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-05-20 14:17:26 -07:00
Jacob Blain Christen 394ac71076
remove dweomer from maintainers (#5582)
resigning from rancher
2022-05-19 10:19:57 -07:00
Brad Davidson 9d7230496d Add support for configuring the EgressSelector mode
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-05-18 13:26:10 -07:00
Manuel Buil aa9065749c
Give kubelet the node-ip value (#5579)
* Give kubelet all node-ips

Signed-off-by: Manuel Buil <mbuil@suse.com>
Co-authored-by: Brad Davidson <brad.davidson@rancher.com>
2022-05-18 13:21:15 -07:00