diff --git a/README.md b/README.md index ff24e640e7..5ecaed0512 100644 --- a/README.md +++ b/README.md @@ -123,7 +123,7 @@ sudo kubectl get nodes `K3S_TOKEN` is created at `/var/lib/rancher/k3s/server/node-token` on your server. To install on worker nodes, pass `K3S_URL` along with -`K3S_TOKEN` or `K3S_CLUSTER_SECRET` environment variables, for example: +`K3S_TOKEN` environment variables, for example: ```bash curl -sfL https://get.k3s.io | K3S_URL=https://myserver:6443 K3S_TOKEN=XXX sh - diff --git a/install.sh b/install.sh index 2302a49bcb..230769b989 100755 --- a/install.sh +++ b/install.sh @@ -18,7 +18,7 @@ set -o noglob # Environment variables which begin with K3S_ will be preserved for the # systemd service to use. Setting K3S_URL without explicitly setting # a systemd exec command will default the command to "agent", and we -# enforce that K3S_TOKEN or K3S_CLUSTER_SECRET is also set. +# enforce that K3S_TOKEN is also set. # # - INSTALL_K3S_SKIP_DOWNLOAD # If set to true will not download k3s hash or binary. @@ -170,8 +170,8 @@ setup_env() { if [ -z "${K3S_URL}" ]; then CMD_K3S=server else - if [ -z "${K3S_TOKEN}" ] && [ -z "${K3S_TOKEN_FILE}" ] && [ -z "${K3S_CLUSTER_SECRET}" ]; then - fatal "Defaulted k3s exec command to 'agent' because K3S_URL is defined, but K3S_TOKEN, K3S_TOKEN_FILE or K3S_CLUSTER_SECRET is not defined." + if [ -z "${K3S_TOKEN}" ] && [ -z "${K3S_TOKEN_FILE}" ]; then + fatal "Defaulted k3s exec command to 'agent' because K3S_URL is defined, but K3S_TOKEN or K3S_TOKEN_FILE is not defined." fi CMD_K3S=agent fi diff --git a/package/rpm/install.sh b/package/rpm/install.sh index 5acaf7092c..93b79a1aba 100755 --- a/package/rpm/install.sh +++ b/package/rpm/install.sh @@ -17,7 +17,7 @@ set -e # Environment variables which begin with K3S_ will be preserved for the # systemd service to use. Setting K3S_URL without explicitly setting # a systemd exec command will default the command to "agent", and we -# enforce that K3S_TOKEN or K3S_CLUSTER_SECRET is also set. +# enforce that K3S_TOKEN is also set. # # - INSTALL_K3S_SKIP_DOWNLOAD # If set to true will not download k3s hash or binary. @@ -166,8 +166,8 @@ setup_env() { if [ -z "${K3S_URL}" ]; then CMD_K3S=server else - if [ -z "${K3S_TOKEN}" ] && [ -z "${K3S_CLUSTER_SECRET}" ]; then - fatal "Defaulted k3s exec command to 'agent' because K3S_URL is defined, but K3S_TOKEN or K3S_CLUSTER_SECRET is not defined." + if [ -z "${K3S_TOKEN}" ]; then + fatal "Defaulted k3s exec command to 'agent' because K3S_URL is defined, but K3S_TOKEN is not defined." fi CMD_K3S=agent fi diff --git a/pkg/agent/config/config.go b/pkg/agent/config/config.go index b46ed7568d..08b50377e2 100644 --- a/pkg/agent/config/config.go +++ b/pkg/agent/config/config.go @@ -340,7 +340,7 @@ func get(ctx context.Context, envInfo *cmds.Agent, proxy proxy.Proxy) (*config.N } var flannelIface *net.Interface - if !envInfo.NoFlannel && len(envInfo.FlannelIface) > 0 { + if controlConfig.FlannelBackend != config.FlannelBackendNone && len(envInfo.FlannelIface) > 0 { flannelIface, err = net.InterfaceByName(envInfo.FlannelIface) if err != nil { return nil, errors.Wrapf(err, "unable to find interface") @@ -512,14 +512,7 @@ func get(ctx context.Context, envInfo *cmds.Agent, proxy proxy.Proxy) (*config.N nodeConfig.AgentConfig.NodeExternalIP = nodeExternalIP.String() } - if nodeConfig.FlannelBackend == config.FlannelBackendNone { - nodeConfig.NoFlannel = true - } else if envInfo.NoFlannel { - logrus.Fatal("no-flannel is deprecated. Use --flannel-backend=none instead.") - } else { - nodeConfig.NoFlannel = envInfo.NoFlannel - } - + nodeConfig.NoFlannel = nodeConfig.FlannelBackend == config.FlannelBackendNone if !nodeConfig.NoFlannel { hostLocal, err := exec.LookPath("host-local") if err != nil { diff --git a/pkg/agent/flannel/setup.go b/pkg/agent/flannel/setup.go index 529d22b4e2..df8ed5e212 100644 --- a/pkg/agent/flannel/setup.go +++ b/pkg/agent/flannel/setup.go @@ -69,15 +69,6 @@ const ( "PSK": "%psk%" }` - wireguardBackend = `{ - "Type": "extension", - "PreStartupCommand": "wg genkey | tee %flannelConfDir%/privatekey | wg pubkey", - "PostStartupCommand": "export SUBNET_IP=$(echo $SUBNET | cut -d'/' -f 1); ip link del flannel.1 2>/dev/null; echo $PATH >&2; wg-add.sh flannel.1 && wg set flannel.1 listen-port 51820 private-key %flannelConfDir%/privatekey && ip addr add $SUBNET_IP/32 dev flannel.1 && ip link set flannel.1 up && ip route add $NETWORK dev flannel.1", - "ShutdownCommand": "ip link del flannel.1", - "SubnetAddCommand": "read PUBLICKEY; wg set flannel.1 peer $PUBLICKEY endpoint $PUBLIC_IP:51820 allowed-ips $SUBNET persistent-keepalive 25", - "SubnetRemoveCommand": "read PUBLICKEY; wg set flannel.1 peer $PUBLICKEY remove" -}` - wireguardNativeBackend = `{ "Type": "wireguard", "PersistentKeepaliveInterval": %PersistentKeepaliveInterval%, @@ -234,8 +225,7 @@ func createFlannelConf(nodeConfig *config.Node) error { } logrus.Warnf("The ipsec backend is deprecated and will be removed in k3s v1.27; please switch to wireguard-native. Check our docs for information on how to migrate.") case config.FlannelBackendWireguard: - backendConf = strings.ReplaceAll(wireguardBackend, "%flannelConfDir%", filepath.Dir(nodeConfig.FlannelConfFile)) - logrus.Warnf("The wireguard backend is deprecated and will be removed in k3s v1.26, please switch to wireguard-native. Check our docs for information about how to migrate.") + logrus.Fatalf("The wireguard backend was deprecated in K3s v1.26, please switch to wireguard-native. Check our docs at docs.k3s.io/installation/network-options for information about how to migrate.") case config.FlannelBackendWireguardNative: mode, ok := backendOptions["Mode"] if !ok { diff --git a/pkg/agent/flannel/setup_test.go b/pkg/agent/flannel/setup_test.go index f71ea5b387..78d7bbf240 100644 --- a/pkg/agent/flannel/setup_test.go +++ b/pkg/agent/flannel/setup_test.go @@ -62,7 +62,7 @@ func Test_createFlannelConf(t *testing.T) { var agent = config.Agent{} agent.ClusterCIDR = stringToCIDR(tt.args)[0] agent.ClusterCIDRs = stringToCIDR(tt.args) - var nodeConfig = &config.Node{Docker: false, ContainerRuntimeEndpoint: "", NoFlannel: false, SELinux: false, FlannelBackend: "vxlan", FlannelConfFile: "test_file", FlannelConfOverride: false, FlannelIface: nil, Containerd: containerd, Images: "", AgentConfig: agent, Token: "", Certificate: nil, ServerHTTPSPort: 0} + var nodeConfig = &config.Node{Docker: false, ContainerRuntimeEndpoint: "", SELinux: false, FlannelBackend: "vxlan", FlannelConfFile: "test_file", FlannelConfOverride: false, FlannelIface: nil, Containerd: containerd, Images: "", AgentConfig: agent, Token: "", Certificate: nil, ServerHTTPSPort: 0} t.Run(tt.name, func(t *testing.T) { if err := createFlannelConf(nodeConfig); (err != nil) != tt.wantErr { diff --git a/pkg/cli/agent/agent.go b/pkg/cli/agent/agent.go index ecc010871f..e6c4a94f02 100644 --- a/pkg/cli/agent/agent.go +++ b/pkg/cli/agent/agent.go @@ -45,10 +45,6 @@ func Run(ctx *cli.Context) error { cmds.AgentConfig.Token = token } - if cmds.AgentConfig.Token == "" && cmds.AgentConfig.ClusterSecret != "" { - logrus.Fatal("cluster-secret is deprecated. Use --token instead.") - } - if cmds.AgentConfig.Token == "" { return fmt.Errorf("--token is required") } diff --git a/pkg/cli/cmds/agent.go b/pkg/cli/cmds/agent.go index 4abc4899a5..52552e8c1b 100644 --- a/pkg/cli/cmds/agent.go +++ b/pkg/cli/cmds/agent.go @@ -5,7 +5,6 @@ import ( "path/filepath" "github.com/k3s-io/k3s/pkg/version" - "github.com/pkg/errors" "github.com/urfave/cli" ) @@ -28,7 +27,6 @@ type Agent struct { Snapshotter string Docker bool ContainerRuntimeEndpoint string - NoFlannel bool FlannelIface string FlannelConf string FlannelCniConfFile string @@ -191,35 +189,13 @@ var ( Destination: &AgentConfig.ImageCredProvConfig, Value: "/var/lib/rancher/credentialprovider/config.yaml", } - DisableSELinuxFlag = cli.BoolTFlag{ - Name: "disable-selinux", - Usage: "(deprecated) Use --selinux to explicitly enable SELinux", - Hidden: true, - } - FlannelFlag = cli.BoolFlag{ - Hidden: true, - Name: "no-flannel", - Usage: "(deprecated) use --flannel-backend=none", - Destination: &AgentConfig.NoFlannel, - } ) -func CheckSELinuxFlags(ctx *cli.Context) error { - disable, enable := DisableSELinuxFlag.Name, SELinuxFlag.Name - switch { - case ctx.IsSet(disable) && ctx.IsSet(enable): - return errors.Errorf("--%s is deprecated in favor of --%s to affirmatively enable it in containerd", disable, enable) - case ctx.IsSet(disable): - AgentConfig.EnableSELinux = !ctx.Bool(disable) - } - return nil -} func NewAgentCommand(action func(ctx *cli.Context) error) cli.Command { return cli.Command{ Name: "agent", Usage: "Run node agent", UsageText: appName + " agent [OPTIONS]", - Before: CheckSELinuxFlags, Action: action, Flags: []cli.Flag{ ConfigFlag, @@ -277,16 +253,7 @@ func NewAgentCommand(action func(ctx *cli.Context) error) cli.Command { }, PreferBundledBin, // Deprecated/hidden below - &DisableSELinuxFlag, DockerFlag, - FlannelFlag, - cli.StringFlag{ - Name: "cluster-secret", - Usage: "(deprecated) use --token", - Destination: &AgentConfig.ClusterSecret, - EnvVar: version.ProgramUpper + "_CLUSTER_SECRET", - Hidden: true, - }, }, } } diff --git a/pkg/cli/cmds/server.go b/pkg/cli/cmds/server.go index 80cef0d732..6826be50ad 100644 --- a/pkg/cli/cmds/server.go +++ b/pkg/cli/cmds/server.go @@ -249,7 +249,7 @@ var ServerFlags = []cli.Flag{ ServerToken, cli.StringFlag{ Name: "token-file", - Usage: "(cluster) File containing the cluster-secret/token", + Usage: "(cluster) File containing the token", Destination: &ServerConfig.TokenFile, EnvVar: version.ProgramUpper + "_TOKEN_FILE", }, @@ -520,20 +520,6 @@ var ServerFlags = []cli.Flag{ // Hidden/Deprecated flags below - &DisableSELinuxFlag, - FlannelFlag, - cli.StringSliceFlag{ - Name: "no-deploy", - Usage: "(deprecated) Do not deploy packaged components (valid items: " + DisableItems + ")", - Hidden: true, - }, - cli.StringFlag{ - Name: "cluster-secret", - Usage: "(deprecated) use --token", - Destination: &ServerConfig.ClusterSecret, - EnvVar: version.ProgramUpper + "_CLUSTER_SECRET", - Hidden: true, - }, cli.BoolFlag{ Name: "disable-agent", Usage: "Do not run a local agent and register a local kubelet", @@ -559,7 +545,6 @@ func NewServerCommand(action func(*cli.Context) error) cli.Command { Name: "server", Usage: "Run management server", UsageText: appName + " server [OPTIONS]", - Before: CheckSELinuxFlags, Action: action, Flags: ServerFlags, } diff --git a/pkg/cli/server/server.go b/pkg/cli/server/server.go index 0076d97dc3..bbf126e179 100644 --- a/pkg/cli/server/server.go +++ b/pkg/cli/server/server.go @@ -91,10 +91,6 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont } } - if cfg.Token == "" && cfg.ClusterSecret != "" { - logrus.Fatal("cluster-secret is deprecated. Use --token instead.") - } - agentReady := make(chan struct{}) serverConfig := server.Config{} @@ -352,9 +348,6 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont } serverConfig.ControlConfig.Skips = map[string]bool{} - if noDeploy := app.StringSlice("no-deploy"); len(noDeploy) > 0 { - logrus.Fatal("no-deploy flag is deprecated. Use --disable instead.") - } serverConfig.ControlConfig.Disables = map[string]bool{} for _, disable := range app.StringSlice("disable") { for _, v := range strings.Split(disable, ",") { diff --git a/pkg/nodeconfig/nodeconfig.go b/pkg/nodeconfig/nodeconfig.go index ee6dc46ac7..b057413e60 100644 --- a/pkg/nodeconfig/nodeconfig.go +++ b/pkg/nodeconfig/nodeconfig.go @@ -129,7 +129,6 @@ func isSecret(key string) bool { "-t", "--agent-token", "--datastore-endpoint", - "--cluster-secret", "--etcd-s3-access-key", "--etcd-s3-secret-key", } diff --git a/pkg/nodeconfig/nodeconfig_test.go b/pkg/nodeconfig/nodeconfig_test.go index ef1c2dca60..6a6317758d 100644 --- a/pkg/nodeconfig/nodeconfig_test.go +++ b/pkg/nodeconfig/nodeconfig_test.go @@ -28,16 +28,16 @@ var FakeNodeWithAnnotation = &corev1.Node{ ObjectMeta: metav1.ObjectMeta{ Name: "fakeNode-with-annotation", Annotations: map[string]string{ - NodeArgsAnnotation: `["server","--no-flannel"]`, + NodeArgsAnnotation: `["server","--flannel-backend=none"]`, NodeEnvAnnotation: `{"` + TestEnvName + `":"fakeNode-with-annotation"}`, - NodeConfigHashAnnotation: "LNQOAOIMOQIBRMEMACW7LYHXUNPZADF6RFGOSPIHJCOS47UVUJAA====", + NodeConfigHashAnnotation: "5E6GSWFRVCOEB3BFFVXKWVD7IQEVJFJAALHPOTCLV7SL33N6SIYA====", }, }, } func Test_UnitSetExistingNodeConfigAnnotations(t *testing.T) { // adding same config - os.Args = []string{version.Program, "server", "--no-flannel"} + os.Args = []string{version.Program, "server", "--flannel-backend=none"} os.Setenv(version.ProgramUpper+"_NODE_NAME", "fakeNode-with-annotation") nodeUpdated, err := SetNodeConfigAnnotations(FakeNodeWithAnnotation) if err != nil { @@ -73,21 +73,21 @@ func Test_UnitSetNodeConfigAnnotations(t *testing.T) { name: "Set empty NodeConfigAnnotations", args: args{ node: FakeNodeWithAnnotation, - osArgs: []string{version.Program, "server", "--no-flannel"}, + osArgs: []string{version.Program, "server", "--flannel-backend=none"}, }, want: true, - wantNodeArgs: `["server","--no-flannel"]`, + wantNodeArgs: `["server","--flannel-backend","none"]`, wantNodeEnv: `{"` + TestEnvName + `":"fakeNode-with-no-annotation"}`, - wantNodeConfigHash: "FBV4UQYLF2N7NH7EK42GKOTU5YA24TXB4WAYZHA5ZOFNGZHC4ZPA====", + wantNodeConfigHash: "DRWW63TXZZGSKLARSFZLNSJ3RZ6VR7LQ46WPKZMSLTSGNI2J42WA====", }, { name: "Set args with equal", args: args{ node: FakeNodeWithNoAnnotation, - osArgs: []string{version.Program, "server", "--no-flannel", "--write-kubeconfig-mode=777"}, + osArgs: []string{version.Program, "server", "--flannel-backend=none", "--write-kubeconfig-mode=777"}, }, want: true, - wantNodeArgs: `["server","--no-flannel","--write-kubeconfig-mode","777"]`, + wantNodeArgs: `["server","--flannel-backend","none","--write-kubeconfig-mode","777"]`, wantNodeEnv: `{"` + TestEnvName + `":"fakeNode-with-no-annotation"}`, }, }