mirror of
https://github.com/k3s-io/k3s.git
synced 2024-06-07 19:41:36 +00:00
Merge branch 'master' into docker-fix
This commit is contained in:
commit
c0bfc5d8cc
@ -163,14 +163,14 @@ Open ports / Network security
|
||||
---------------------------
|
||||
|
||||
The server needs port 6443 to be accessible by the nodes. The nodes need to be able to reach
|
||||
other nodes over UDP port 4789. This is used for flannel VXLAN. If you don't use flannel
|
||||
and provide your own custom CNI, then 4789 is not needed by k3s. The node should not listen
|
||||
other nodes over UDP port 8472. This is used for flannel VXLAN. If you don't use flannel
|
||||
and provide your own custom CNI, then 8472 is not needed by k3s. The node should not listen
|
||||
on any other port. k3s uses reverse tunneling such that the nodes make outbound connections
|
||||
to the server and all kubelet traffic runs through that tunnel.
|
||||
|
||||
IMPORTANT. The VXLAN port on nodes should not be exposed to the world, it opens up your
|
||||
cluster network to accessed by anyone. Run your nodes behind a firewall/security group that
|
||||
disables access to port 4789.
|
||||
disables access to port 8472.
|
||||
|
||||
|
||||
Server HA
|
||||
@ -217,7 +217,7 @@ k3s includes and defaults to containerd. Why? Because it's just plain better. If
|
||||
run with Docker first stop and think, "Really? Do I really want more headache?" If still
|
||||
yes then you just need to run the agent with the `--docker` flag
|
||||
|
||||
k3s agent -u ${SERVER_URL} -t ${NODE_TOKEN} --docker &
|
||||
k3s agent -s ${SERVER_URL} -t ${NODE_TOKEN} --docker &
|
||||
|
||||
systemd
|
||||
-------
|
||||
|
@ -251,6 +251,18 @@ func checksum(bytes []byte) string {
|
||||
return hex.EncodeToString(d[:])
|
||||
}
|
||||
|
||||
func isEmptyYaml(yaml []byte) bool {
|
||||
isEmpty := true
|
||||
lines := bytes.Split(yaml, []byte("\n"))
|
||||
for _, l := range lines {
|
||||
s := bytes.TrimSpace(l)
|
||||
if string(s) != "---" && !bytes.HasPrefix(s, []byte("#")) && string(s) != "" {
|
||||
isEmpty = false
|
||||
}
|
||||
}
|
||||
return isEmpty
|
||||
}
|
||||
|
||||
func yamlToObjects(in io.Reader) ([]runtime.Object, error) {
|
||||
var result []runtime.Object
|
||||
reader := yamlDecoder.NewYAMLReader(bufio.NewReaderSize(in, 4096))
|
||||
@ -263,6 +275,7 @@ func yamlToObjects(in io.Reader) ([]runtime.Object, error) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if !isEmptyYaml(raw) {
|
||||
obj, err := toObjects(raw)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@ -270,6 +283,7 @@ func yamlToObjects(in io.Reader) ([]runtime.Object, error) {
|
||||
|
||||
result = append(result, obj...)
|
||||
}
|
||||
}
|
||||
|
||||
return result, nil
|
||||
}
|
||||
@ -279,6 +293,7 @@ func toObjects(bytes []byte) ([]runtime.Object, error) {
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
obj, _, err := unstructured.UnstructuredJSONScheme.Decode(bytes, nil, nil)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -272,11 +272,8 @@ func (h *handler) newDeployment(svc *core.Service) (*apps.Deployment, error) {
|
||||
},
|
||||
}
|
||||
|
||||
for i, port := range svc.Spec.Ports {
|
||||
portName := port.Name
|
||||
if portName == "" {
|
||||
portName = fmt.Sprintf("port-%d", i)
|
||||
}
|
||||
for _, port := range svc.Spec.Ports {
|
||||
portName := fmt.Sprintf("lb-port-%d", port.Port)
|
||||
container := core.Container{
|
||||
Name: portName,
|
||||
Image: image,
|
||||
|
Loading…
Reference in New Issue
Block a user