Brian Downs
bb8e5374ea
conform to repo conventions
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
4 years ago
Brian Downs
898cbeb9b6
Merge remote-tracking branch 'upstream/master' into issue-112
4 years ago
Darren Shepherd
289ba8df6a
All arguments should be of the form --k=v so that bool flags will work
...
Previously a bool flag would be rendered as --flag false for `flag: false`
which is invalid and results in the opposite of what you'd expect.
Signed-off-by: Darren Shepherd <darren@rancher.com>
4 years ago
Darren Shepherd
64ae6affc5
Missing registering debug/config flags on server subcommand
...
Signed-off-by: Darren Shepherd <darren@rancher.com>
4 years ago
Brian Downs
00831f9bc8
use version.Program
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
4 years ago
Brian Downs
301fb73952
add node ip to the request header for cert gen
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
4 years ago
Craig Jellick
53b3d0fc56
Merge pull request #2180 from ibuildthecloud/configfile
...
Go back to urfave v1
4 years ago
Brad Davidson
a3e9d31e6c
Merge pull request #2097 from iwilltry42/registry-insecure-skip-verify
...
Feature: add insecure_skip_verify field to registry config template
4 years ago
Darren Shepherd
551a1842ad
Update pkg/cli/cmds/config.go
...
Co-authored-by: Jacob Blain Christen <dweomer5@gmail.com>
4 years ago
Darren Shepherd
7657ed2e13
Update pkg/cli/server/server.go
...
Co-authored-by: Jacob Blain Christen <dweomer5@gmail.com>
4 years ago
Darren Shepherd
21d21ddd4d
Add config file support independent of CLI framework
...
Signed-off-by: Darren Shepherd <darren@rancher.com>
4 years ago
Darren Shepherd
ae5c585050
Revert "Add config file support"
...
This reverts commit e1dc3451bc
.
Signed-off-by: Darren Shepherd <darren@rancher.com>
4 years ago
Erik Wilson
447097a597
Merge pull request #2098 from erikwilson/k8s-1.19
...
Update to k8s 1.19
4 years ago
Erik Wilson
c5dc09159f
Move basic authentication to k3s
4 years ago
Erik Wilson
57fc0c9c87
Fix up authenticator
4 years ago
Erik Wilson
acc42874d8
Add k8s.io/apiserver/plugins/pkg/authenticator from release-1.18
4 years ago
Erik Wilson
837a943234
Update for k8s 1.19
4 years ago
Erik Wilson
daa4beb22c
Update go.mod for k8s 1.19
4 years ago
Erik Wilson
720197b9b1
Fix linting issues
4 years ago
Brian Downs
866dc94cea
Galal hussein etcd backup restore ( #2154 )
...
* Add etcd snapshot and restore
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix error logs
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* goimports
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix flag describtion
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add disable snapshot and retention
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* use creation time for snapshot retention
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* unexport method, update var name
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* adjust snapshot flags
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update var name, string concat
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* revert previous change, create constants
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* updates
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* type assertion error checking
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* pr remediation
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* pr remediation
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* pr remediation
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* pr remediation
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* pr remediation
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* updates
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* updates
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* simplify logic, remove unneeded function
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update flags
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update flags
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* add comment
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* exit on restore completion, update flag names, move retention check
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* exit on restore completion, update flag names, move retention check
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* exit on restore completion, update flag names, move retention check
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update disable snapshots flag and field names
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* move function
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update field names
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update var and field names
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update var and field names
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update defaultSnapshotIntervalMinutes to 12 like rke
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update directory perms
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update etc-snapshot-dir usage
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update interval to 12 hours
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* fix usage typo
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* add cron
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* add cron
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* add cron
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* wire in cron
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* wire in cron
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* wire in cron
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* wire in cron
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* wire in cron
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* wire in cron
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* wire in cron
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update deps target to work, add build/data target for creation, and generate
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* remove dead make targets
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* error handling, cluster reset functionality
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* error handling, cluster reset functionality
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* remove intermediate dapper file
Signed-off-by: Brian Downs <brian.downs@gmail.com>
Co-authored-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
4 years ago
Frederick F. Kautz IV
cdce2b7e9a
Add support for compressed images when pre-loading images ( #2165 )
...
* Add support for compressed images when pre-loading images
Signed-off-by: Frederick F. Kautz IV <fkautz@alumni.cmu.edu>
* attempting to fix vendor source being dirty
Signed-off-by: Frederick F. Kautz IV <fkautz@alumni.cmu.edu>
* fixing file extension for .tar.lz4
Signed-off-by: Frederick F. Kautz IV <fkautz@alumni.cmu.edu>
4 years ago
Brad Davidson
c4ac620b8b
Merge pull request #2159 from brandond/config_file_rename
...
Rename flags.conf to config.yaml
4 years ago
Brad Davidson
b4d81a9e33
Remove lingering references to dqlite
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
Brad Davidson
43fcc5ddcb
Rename flags.conf => config.yaml
...
Related to https://github.com/rancher/rke2/issues/150
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
Brad Davidson
c980fa68a0
Update helm-controller for HelmChartConfig CRD ( #2114 )
...
* Update helm-controller for HelmChartConfig CRD
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
Brian Downs
324bb55986
add ctx to hook, handle hook errors
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
4 years ago
Brian Downs
fa2c1422b3
change name of variable
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
4 years ago
Brian Downs
a4b2953017
add setup hook capabilities for rke2
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
4 years ago
Brad Davidson
79c499f0e0
Fix handling of TLS configuration args
...
Also fixes an unrelated error formatting issue turned up while testing.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
Brad Davidson
b1d017f892
Update dynamiclistener
...
Second round of fixes for #1621
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
Jacob Blain Christen
e2089bea18
cli: add --selinux flag to agent/server sub-cmds ( #2111 )
...
* cli: add --selinux flag to agent/server sub-cmds
Introduces --selinux flag to affirmatively enable SELinux in containerd.
Deprecates --disable-selinux flag which now defaults to true which
auto-detection of SELinux configuration for containerd is no longer
supported. Specifying both --selinux and --disable-selinux will result
in an error message encouraging you to pick a side.
* Update pkg/agent/containerd/containerd.go
update log warning message about enabled selinux host but disabled runtime
Co-authored-by: Brad Davidson <brad@oatmail.org>
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
4 years ago
Jacob Blain Christen
97ff5affab
Merge pull request #2065 from dweomer/containerd/v1.3.6-selinux
...
updated containerd/cri selinux support
4 years ago
Thorsten Klein
cf8c101b70
registry template: add insecure_skip_verify field
...
Signed-off-by: Thorsten Klein <iwilltry42@gmail.com>
4 years ago
Brad Davidson
3f2551ec05
Merge pull request #1848 from euank/insecure-on-lo
...
Listen insecurely on localhost only
4 years ago
Euan Kemp
4808c4e7d5
Listen insecurely on localhost only
...
Before this change, k3s configured the scheduler and controller's
insecure ports to listen on 0.0.0.0. Those ports include pprof, which
provides a DoS vector at the very least.
These ports are only enabled for componentstatus checks in the first
place, and componentstatus is hardcoded to only do the check on
localhost anyway (see
https://github.com/kubernetes/kubernetes/blob/v1.18.2/pkg/registry/core/rest/storage_core.go#L341-L344 ),
so there shouldn't be any downside to switching them to listen only on
localhost.
4 years ago
Akihiro Suda
a70cdac356
update rootlesskit to v0.10.0
...
Fix intermittent "Connection reset by peer" error during port forwarding
https://github.com/rootless-containers/rootlesskit/issues/153
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
4 years ago
Brad Davidson
3e8141dc65
Update dynamiclistener
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
Hussein Galal
169ee63907
Add etcd members as learners ( #2066 )
...
* Add etcd members as learners
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Ignore errors in promote member
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
4 years ago
Brad Davidson
1eec7348a5
Call setproctitle to conceal node args in ps output
...
This is related to #2014 .
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
Jacob Blain Christen
371bee82f9
containerd: bump to v1.3.6
...
Remove $NOTIFY_SOCKET, if present, from env when invoking containerd to
prevent gratuitous notifications sent to systemd.
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
4 years ago
Brad Davidson
dfd0f9d1a6
Correctly report and propagate kubeconfig write failures
...
As seen in issues such as #15 #155 #518 #570 there are situations where
k3s will fail to write the kubeconfig file, but reports that it wrote it
anyway as the success message is printed unconditionally. Also, secondary
actions like setting file mode and creating a symlink are also attempted
even if the file was not created.
This change skips attempting additional actions, and propagates the
failure back upwards.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
Brad Davidson
9da8dc4f61
Update coredns version to 1.6.9 for master
...
Needed for #1844
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
4 years ago
Brian Downs
5a81fdbdc5
update cis flag implementation to propogate the rest of the way through to kubelet
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
4 years ago
Jason
e3f8789114
Add containerd snapshotter flag ( #1991 )
...
* Add containerd snapshotter flag
Signed-off-by: Jason-ZW <zhenyang@rancher.com>
* Fix CamelCase nit and option description
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Jason-ZW <zhenyang@rancher.com>
Co-authored-by: Brad Davidson <brad@oatmail.org>
4 years ago
Brian Downs
abb2d9aad1
add flag usage
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
4 years ago
Brian Downs
57a6319fac
add protect-kernel-defaults to kubelet
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
4 years ago
Erik Wilson
66a8c2ad7f
Merge pull request #1899 from erikwilson/config-file
...
Add config file support
4 years ago
Brian Downs
ebac755da1
add profiling flag with default value of false
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
4 years ago
Erik Wilson
e1dc3451bc
Add config file support
4 years ago
Brian Downs
99a8bca522
remove hard coded value
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
4 years ago
Brandon Davidson
538842ffdc
Merge pull request #1768 from brandond/fix_1764
...
Configure default signer implementation to use ClientCA instead of ServerCA
4 years ago
Erik Wilson
0d6a2bfb0b
Merge pull request #1974 from mschneider82/patch-1
...
fixed panic in network_policy_controller
4 years ago
Erik Wilson
42f0b95ac5
Merge pull request #1800 from niusmallnan/dev
...
Add retry backoff for starting network-policy controller
4 years ago
niusmallnan
d713683614
Add retry backoff for starting network-policy controller
...
Signed-off-by: niusmallnan <niusmallnan@gmail.com>
4 years ago
Matthias Schneider
56a083c812
fixed panic in network_policy_controller
...
I have rebooted a newly created k3s etcd cluster and this panic was triggered:
```
k3s[948]: [signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x45f2945]
k3s[948]: goroutine 1 [running]:
k3s[948]: github.com/rancher/k3s/pkg/agent/netpol.NewNetworkPolicyController(0xc00159e180, 0x61b4a60, 0xc006294000, 0xdf8475800, 0xc011d9a360, 0xc, 0x0, 0xc00bf545b8, 0x2b2edbc)
k3s[948]: /home/x/git/k3s/pkg/agent/netpol/network_policy_controller.go:1698 +0x275
```
Signed-off-by: Matthias Schneider <ms@wck.biz>
4 years ago
Jacob Blain Christen
3197d206ce
Merge pull request #1892 from dweomer/servicelb/node-role
...
servicelb: fix ineffective toleration
4 years ago
Brian Downs
58aae57e12
set environment variable and create config for crictl
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
4 years ago
Brian Downs
63dbf806df
create symlink from docker sock to where crictl in k3s is looking for the sock to use
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
4 years ago
Hussein Galal
f5ee757b86
Add cluster dns configmap ( #1785 )
4 years ago
Brian Downs
7f4f237575
added profile = false args to api, controllerManager, and scheduler ( #1891 )
5 years ago
Jacob Blain Christen
1ed12cffa0
servicelb: fix ineffective toleration
...
noderole.kubernetes.io/master -> node-role.kubernetes.io/master
5 years ago
galal-hussein
c580a8b528
Add heartbeat interval and election timeout
5 years ago
Darren Shepherd
6b5b69378f
Add embedded etcd support
...
This is replaces dqlite with etcd. The each same UX of dqlite is
followed so there is no change to the CLI args for this.
5 years ago
Darren Shepherd
39571424dd
Generate etcd certificates
5 years ago
Darren Shepherd
a18d387390
Refactor clustered DB framework
5 years ago
Darren Shepherd
4317a91b96
Delete dqlite
5 years ago
Darren Shepherd
7e59c0801e
Make program name a variable to be changed at compile time
5 years ago
Taeho Kim
3d59a85dae
Upgrade local-path-storage to v0.0.14
5 years ago
Erik Wilson
43b9bf2e50
Merge pull request #1795 from StateFarmIns/support_for_setting_default_ssl_ciphers
...
Feature Request #1741 : Update to set default CipherSuites
5 years ago
Erik Wilson
d10d6f7fb3
Merge pull request #1762 from consideRatio/coredns-readinessprobe
...
coredns: readiness- and livenessProbe tweaks (~15s -> ~3s startup)
5 years ago
Chuck Schweizer
19c34bd12d
Update to set default CipherSuites
...
The default CipherSuites need to be set to disable the insecure TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Cipher
5 years ago
Chuck Schweizer
ca9c9c2e1e
Adding support for TLS MinVersion and CipherSuites
...
This will watch for the following kube-apiserver-arg variables and apply
them to the k3s kube-apiserver https listener.
--kube-apiserver-arg=tls-cipher-suites=XXXXXXX
--kube-apiserver-arg=tls-min-version=XXXXXXX
5 years ago
Erik Sundell
27ae2fb9c8
coredns: go generate
5 years ago
Darren Shepherd
cb4b34763e
Merge pull request #1759 from ibuildthecloud/background
...
Start kube-apiserver in the background
5 years ago
Darren Shepherd
e5fe184a44
Merge pull request #1757 from ibuildthecloud/separate-port
...
Add supervisor port
5 years ago
Darren Shepherd
072396f774
Start kube-apiserver in the background
...
In rke2 everything is a static pod so this causes a chicken and egg situation
in which we need the kubelet running before the kube-apiserver can be
launched. By starting the apiserver in the background this allows us to
do this odd bootstrapping.
5 years ago
Brad Davidson
71561ecda2
Use ClientCA for the signer controller
5 years ago
Darren Shepherd
f38082673d
Merge pull request #1753 from ibuildthecloud/prepull
...
Support prepulling images on start
5 years ago
Darren Shepherd
74bcf4da0b
Merge pull request #1756 from ibuildthecloud/less-logging
...
Only echo Waiting for kubelet every 30 seconds
5 years ago
Darren Shepherd
2f5ee914f9
Add supervisor port
...
In k3s today the kubernetes API and the /v1-k3s API are combined into
one http server. In rke2 we are running unmodified, non-embedded Kubernetes
and as such it is preferred to run k8s and the /v1-k3s API on different
ports. The /v1-k3s API port is called the SupervisorPort in the code.
To support this separation of ports a new shim was added on the client in
then pkg/agent/proxy package that will launch two load balancers instead
of just one load balancer. One load balancer for 6443 and the other
for 9345 (which is the supervisor port).
5 years ago
Darren Shepherd
afd6f6d7e7
Encapsulate execution logic
...
This moves all the calls to cobra root commands to one package
so that we can change the behavior of running components as embedded
or external.
5 years ago
Darren Shepherd
61ba9171ce
Only echo Waiting for kubelet every 30 seconds
...
Don't print a message every second while we are waiting for the
kubelet to report Ready.
5 years ago
Darren Shepherd
1d05e99769
Merge pull request #1752 from ibuildthecloud/disable-ccm
...
Don't write ccm.yaml if --disable-cloud-controller is set
5 years ago
Darren Shepherd
6932d03bb4
Support prepulling images on start
...
In the agent/images folder if a .txt file is found it is assumed to
be a line separated list of image names to pull on start.
5 years ago
Darren Shepherd
70ddc799bd
Merge pull request #1691 from ibuildthecloud/staticpod
...
Suppport static pods at ${datadir}/agent/staticpods
5 years ago
Darren Shepherd
341895c322
Don't write ccm.yaml if --disable-cloud-controller is set
5 years ago
Darren Shepherd
8c7fbe3dde
Suppport static pods at ${datadir}/agent/pod-manifests
5 years ago
Erik Wilson
39c3854648
Merge pull request #1720 from ilknarf/master
...
remove redundant Sprintf
5 years ago
Erik Wilson
c71561129e
Merge pull request #1716 from ibuildthecloud/debugpublic
...
Make debug variable public to be used by wrapper programs
5 years ago
Erik Wilson
c941e1d0bb
Merge pull request #1695 from ibuildthecloud/kubeproxy
...
Add ability to disable kubeproxy
5 years ago
Erik Wilson
df1725cb06
Merge pull request #1694 from ibuildthecloud/inittwice
...
Allow InitLogging to be called twice
5 years ago
Erik Wilson
2fb5bad3e8
Merge pull request #1704 from ibuildthecloud/x509-admin
...
No longer use basic auth for default admin account
5 years ago
Erik Wilson
21eabd902b
Merge pull request #1693 from ibuildthecloud/disableditem
...
Move disabled items to a const to keep more consistency
5 years ago
Erik Wilson
21266bab7e
Merge pull request #1692 from ibuildthecloud/err
...
Check for error on mkdir
5 years ago
Erik Wilson
ed8cd9250b
Merge pull request #1690 from ibuildthecloud/flannel
...
Only need to resolve the path of host-local if Flannel is enabled
5 years ago
Erik Wilson
47bb0939e6
Merge pull request #1611 from Dirbaio/master
...
Correctly quote auth strings in containerd config. For #1610
5 years ago
Frank
a18d94e5f9
remove redundant Sprintf
5 years ago
Darren Shepherd
56770ff2cc
Make debug variable public to be used by wrapper programs
5 years ago
Darren Shepherd
3c8e0b4157
No longer use basic auth for default admin account
5 years ago
Darren Shepherd
5715e1ba0d
Add ability to disable kubeproxy
5 years ago
Darren Shepherd
7920fa48c9
Only need to resolve the path of host-local if Flannel is enabled
5 years ago
Darren Shepherd
8cc9efdf7c
Allow InitLogging to be called twice
...
This makes it a bit easier to embed k3s into another go program
5 years ago
Darren Shepherd
8b8af94eb2
Move disabled items to a const to keep more consistency
...
This also help when embedding k3s because we can programmitically know
all the components to disable.
5 years ago
Darren Shepherd
c25f1ab1b6
Check for error on mkdir
5 years ago
Darren Shepherd
130e6e31a1
Merge pull request #1664 from KnicKnic/windows-18-build
...
fix build windows v1.18
5 years ago
Darren Shepherd
e4f87f51e2
Merge pull request #1681 from KnicKnic/fix_file_paths
...
fix usage of path instead of filepath
5 years ago
Darren Shepherd
7d06d2ccc1
Merge pull request #1653 from KnicKnic/enable_agent_windows
...
enable agent to start on windows
5 years ago
Knic Knic
44b8af097c
fix usage of path instead of filepath
5 years ago
Erik Wilson
2c49341113
Merge pull request #1669 from erikwilson/manifest-mod-time
...
Check modification time before deploying manifests
5 years ago
galal-hussein
1d6b83d8a4
go generate
5 years ago
Erik Wilson
fec2c271c2
Check modification time before deploying manifests
5 years ago
Knic Knic
d919a0b998
Mock out rootlessports on windows
5 years ago
Darren Shepherd
dfcbd5a3c1
Update generated code
5 years ago
Darren Shepherd
a8d96112d9
Updates for k8s v1.18 support
5 years ago
Knic Knic
7f77c9a3c8
enable agent to start on windows
5 years ago
Dario Nieuwenhuis
cd0b58e920
Correctly quote auth strings in containerd config. Fixes #1610
5 years ago
louis
f2a4e1d57d
feat: add master taint toleration to klipper, coredns, metrics-server, traefik and local-storage
5 years ago
galal-hussein
2b6faa925f
use mirrored images for traefik and coredns
5 years ago
galal-hussein
356fe006a2
Add asterisks for omitted values in nodeconfig
5 years ago
galal-hussein
3f927d8006
Revert "Replace traefik with nginx"
...
This reverts commit 9a17033095
.
5 years ago
galal-hussein
c4f18227fc
default backend multiarch
5 years ago
galal-hussein
717b5a765e
use multiarch image for nginx
5 years ago
Erik Wilson
ceff3f58fb
Merge pull request #1466 from galal-hussein/traefik_to_nginx
...
Replace traefik with nginx
5 years ago
galal-hussein
9a17033095
Replace traefik with nginx
5 years ago
Erik Wilson
8725798578
Merge pull request #1464 from erikwilson/selinux-update
...
Simplify SELinux detection and add --disable-selinux flag
5 years ago
Erik Wilson
a3cb9ee1f6
Simplify SELinux detection and add --disable-selinux flag
5 years ago
Erik Wilson
0aeea78060
Merge pull request #1444 from KnicKnic/k3s_build_windows
...
K3s build windows (no agents)
5 years ago
Darren Shepherd
4d32fe9959
Support SELinux
5 years ago
Erik Wilson
4210800648
Merge pull request #1343 from ibuildthecloud/rootless
...
Create pidns for rootless
5 years ago
Knic Knic
c2db115ec3
fix formatting
5 years ago
Knic Knic
2346ccc63f
get build on windows and get api_server to work
5 years ago
Knic Knic
522e08872a
do not rename inuse files
5 years ago
Erik Wilson
fe45eb008a
Merge pull request #1416 from erikwilson/device-plugins-path
...
Use default kubelet device-plugins path
5 years ago
galal-hussein
d49ef31767
Inject node config on startup
5 years ago
Erik Wilson
b15c4473cd
Use default kubelet device-plugins path
5 years ago
Darren Shepherd
782004bec9
Create pidns for rootless
5 years ago
Erik Wilson
0374c4f63d
Add --disable flag
5 years ago
Erik Wilson
3592d0bdd9
Merge pull request #1344 from ibuildthecloud/dialer-fallback
...
If tunnel session does not exist fallback to default dialer
5 years ago
Erik Wilson
1a2690d7be
Merge pull request #1192 from galal-hussein/add_encryption_config
...
Add secret encryption config
5 years ago
Darren Shepherd
bf57a7f419
Don't start node controller if coredns is not deployed
5 years ago
Darren Shepherd
3396a7b099
If tunnel session does not exist fallback to default dialer
5 years ago
Erik Wilson
1b23c891dd
Merge pull request #1304 from erikwilson/fixup-cadvisor
...
Run kubelet with containerd flag
5 years ago
Erik Wilson
4cacffd7e6
Merge pull request #1298 from erikwilson/warn-npc-fail
...
Warn if NPC can't start rather than fatal error
5 years ago
Erik Wilson
fa03a0df3c
Run kubelet with containerd flag
...
The containerd flag was accidentally added to kubelet and is
deprecated, but needed for cadvisor to properly connect with
the k3s containerd socket, so adding for now.
5 years ago
Erik Wilson
5b98d10e4b
Warn if NPC can't start rather than fatal error
...
If the ip_set kernel module is not available we should warn
that the network policy controller can not start rather than
cause a fatal error.
Also adds module probing and config checks for ip_set.
5 years ago
Erik Wilson
7675f9f85c
Clean up host-gw variable names
5 years ago
Segator
c23f12765e
hostgw flannel support
5 years ago
Segator
6736e24673
support hostgw
5 years ago
Erik Wilson
9421746ccf
Merge pull request #1235 from ibuildthecloud/master
...
Fix uint64 truncation issue in dqlite
5 years ago
galal-hussein
388cd9c4e8
Add secret encryption configuration
5 years ago
Darren Shepherd
9bda58c81a
Fix uint64 truncation issue in dqlite
5 years ago
galal-hussein
07d4c1510d
Add lease permissions to ccm cluster role
5 years ago
Erik Wilson
5c37454762
Merge pull request #1198 from narqo/tunel-addr-join-host-port
...
Respect IPv6 when building proxy address
5 years ago
Erik Wilson
9b2538c2c4
Set wireguard persistent-keepalive on wg set peer
5 years ago
Erik Wilson
3376f31fc2
Revert "Merge pull request #1190 from erikwilson/wireguard-keepalive"
...
This reverts commit e712cdf7e8
, reversing
changes made to d5929bc8c8
.
Wireguard docs fail to describe that persistent-keepalive is only valid
when peer is set.
5 years ago
Vladimir Varankin
0c5299c951
pkg/agent/tunnel: respect ipv6 when building proxy addresses
5 years ago
Erik Wilson
6875b11dd2
Fix identity_token -> identitytoken for containerd toml
5 years ago
Darren Shepherd
4acaa0740d
Small dqlite fixes
5 years ago
Erik Wilson
97383868bd
Merge pull request #1186 from erikwilson/upgrade-k8s-1.17.0
...
Upgrade k8s to v1.17.0
5 years ago
Erik Wilson
e712cdf7e8
Merge pull request #1190 from erikwilson/wireguard-keepalive
...
Set Wireguard keepalive to 25 seconds
5 years ago
Erik Wilson
5679a8bd2f
Update generated
5 years ago
Erik Wilson
76281bf731
Update k3s for k8s 1.17.0
5 years ago
Erik Wilson
814c302d7c
Merge pull request #955 from btashton/servicelb-sysctl
...
Enable ip forwarding on both all and default net config
5 years ago
Erik Wilson
7b62811f98
Set Wireguard keepalive to 25 seconds
5 years ago
Erik Wilson
d4959d53af
Merge pull request #1182 from erikwilson/docker-pause-image
...
Allow --pause-image to set docker sandbox image also
5 years ago
Erik Wilson
2eacfa75cb
Merge pull request #1180 from erikwilson/cleanup-flannel-backend-help-text
...
Cleanup --flannel-backend help text
5 years ago
Erik Wilson
56b0743653
Merge pull request #1171 from dweomer/mutable-labels
...
Mutable --node-label values for server/agent sub-commands.
5 years ago
Erik Wilson
c2be59e5f3
Allow udp protocol for service-lb ports
...
For #577
5 years ago
Brennan Ashton
a952d5c32a
Default device net config enables ip forwarding
...
The Linux kernel is inconsistent about how devconf is configured for new
network namespaces between ipv4 and ipv6. The behavior can also be
controlled via net.core.devconf_inherit_init_net in Linux 5.1+ so make
sure to enable forwarding on all and default for both ipv6 and ipv4.
This issue first came up testing on a yocto kernel that had this patch:
ipv4: net namespace does not inherit network configurations
[0] https://www.kernel.org/doc/html/latest/admin-guide/sysctl/net.html#devconf-inherit-init-net
[1] https://lkml.org/lkml/2014/7/29/119
Signed-off-by: Brennan Ashton <brennana@jfrog.com>
5 years ago
Erik Wilson
2de93d70cf
Allow --pause-image to set docker sandbox image also
5 years ago
Erik Wilson
11e4d01efe
Cleanup --flannel-backend help text
5 years ago
Jacob Blain Christen
063efb25bb
Mutable --node-label values for server/agent sub-commands.
...
Values passed in via the server/agent `--node-label` flag are treated as mutable. They are passed through to the kubelet just as before but after the kubelet comes up they are applied again. This allows for passing labels a k3s start-time that may be necessary for scheduling but may change from boot to boot, e.g. `k3os.io/version` after an upgrade.
Tested locallon on my amd64 workstation with the docker container.
Addresses #1119 .
5 years ago
yuzhiquan
24869ddf21
remove []byte trans, handle func error
5 years ago
yuzhiquan
7cc0110081
fix typo
5 years ago
Erik Wilson
ce3a03a16a
Merge pull request #1111 from dduportal/patch-1
...
Bump Traefik to 1.7.19
5 years ago
dduportal
9598a527a2
Regenerate bindata
...
Signed-off-by: dduportal <1522731+dduportal@users.noreply.github.com>
5 years ago
Guangbo Chen
8ff4c3c256
Update base pause image to rancher repo
5 years ago
galal-hussein
99b8222e8d
Change storage to datastore
5 years ago
Darren Shepherd
c2e7f9c7b0
Add logging parameters
5 years ago
Darren Shepherd
4e544bded2
Delete unused code
5 years ago
Darren Shepherd
ff34c5c5cf
Download cert/key to agent with single HTTP request
...
Since generated cert/keys are stored locally, each server has a different
copy. In a HA setup we need to ensure we download the cert and key from
the same server so we combined HTTP requests to do that.
5 years ago
Erik Wilson
95ff805c98
Fix broken K3S_TOKEN env
5 years ago
Darren Shepherd
77703b90ff
Don't ever change 10252/10251 ports
...
Kubernetes componentstatus check is hardcoded to 10252 and 10251
so we should never change these ports. If you do componentstatus
will return error.
5 years ago
Erik Wilson
d4151b7739
Add the --with-node-id flag to agent
5 years ago
Erik Wilson
670d4b4162
Merge pull request #914 from erikwilson/validation-utilities
...
Add check-config for system validation
5 years ago
Erik Wilson
a73f8b1773
Update check-config.sh for k3s
5 years ago
Darren Shepherd
9a4df7c05c
Merge pull request #1058 from ibuildthecloud/master
...
Update kine/dynamiclistener
5 years ago
Darren Shepherd
6063317144
Add a couple more known SANs
5 years ago
Erik Wilson
e4b3730fa2
Go DNS lookup order hack
5 years ago
Erik Wilson
d383d1b47e
Merge pull request #1054 from erikwilson/sort-deployments
...
Use lexical (sorted) order for file deployments
5 years ago
Erik Wilson
b298733b3f
Use lexical (sorted) order for file deployments
5 years ago
Erik Wilson
55c05ac500
Refactor node password location
5 years ago
Erik Wilson
eff502342a
Fix node-passwd on upgrade missing 3 columns
5 years ago
Darren Shepherd
3e213d1347
Allow --debug to be set with K3S_DEBUG env var
5 years ago
Darren Shepherd
668fcf7e83
Fix broken --cluster-reset
5 years ago
Darren Shepherd
b2439788d7
Reduce logging in dqlite
5 years ago
Darren Shepherd
0ae20eb7a3
Support both http and db based bootstrap
5 years ago
Darren Shepherd
3f5fb70116
Move server arguments to experimental for dqlite related
5 years ago
Darren Shepherd
29b270dce6
Wait for apiserver to be health, not just running
5 years ago
Darren Shepherd
e2431bdf9d
Add dqlite support
5 years ago