Mirror/k3s
1
0
Fork 0
mirror of https://github.com/k3s-io/k3s.git synced 2024-06-07 19:41:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,404 Commits 27 Branches 785 Tags 625 MiB
43fcc5ddcb
Commit Graph

467 Commits

Author SHA1 Message Date
Brad Davidson
43fcc5ddcb Rename flags.conf => config.yaml 
Related to https://github.com/rancher/rke2/issues/150

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2020-08-24 14:56:30 -07:00
Brad Davidson
c980fa68a0
Update helm-controller for HelmChartConfig CRD (#2114) 
* Update helm-controller for HelmChartConfig CRD

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2020-08-20 14:23:50 -07:00
Brian Downs
324bb55986 add ctx to hook, handle hook errors 
Signed-off-by: Brian Downs <brian.downs@gmail.com>
 2020-08-19 16:54:58 -07:00
Brian Downs
fa2c1422b3 change name of variable 
Signed-off-by: Brian Downs <brian.downs@gmail.com>
 2020-08-19 14:30:53 -07:00
Brian Downs
a4b2953017 add setup hook capabilities for rke2 
Signed-off-by: Brian Downs <brian.downs@gmail.com>
 2020-08-19 13:42:45 -07:00
Brad Davidson
79c499f0e0 Fix handling of TLS configuration args 
Also fixes an unrelated error formatting issue turned up while testing.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2020-08-18 16:44:10 -07:00
Brad Davidson
b1d017f892 Update dynamiclistener 
Second round of fixes for #1621

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2020-08-18 10:38:47 -07:00
Jacob Blain Christen
e2089bea18
cli: add --selinux flag to agent/server sub-cmds (#2111) 
* cli: add --selinux flag to agent/server sub-cmds

Introduces --selinux flag to affirmatively enable SELinux in containerd.
Deprecates --disable-selinux flag which now defaults to true which
auto-detection of SELinux configuration for containerd is no longer
supported.  Specifying both --selinux and --disable-selinux will result
in an error message encouraging you to pick a side.

* Update pkg/agent/containerd/containerd.go

update log warning message about enabled selinux host but disabled runtime

Co-authored-by: Brad Davidson <brad@oatmail.org>
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
 2020-08-11 16:17:32 -07:00
Jacob Blain Christen
97ff5affab
Merge pull request #2065 from dweomer/containerd/v1.3.6-selinux 
updated containerd/cri selinux support
 2020-08-07 11:09:28 -07:00
Brad Davidson
3f2551ec05
Merge pull request #1848 from euank/insecure-on-lo 
Listen insecurely on localhost only
 2020-08-05 10:55:09 -07:00
Euan Kemp
4808c4e7d5 Listen insecurely on localhost only 
Before this change, k3s configured the scheduler and controller's
insecure ports to listen on 0.0.0.0. Those ports include pprof, which
provides a DoS vector at the very least.

These ports are only enabled for componentstatus checks in the first
place, and componentstatus is hardcoded to only do the check on
localhost anyway (see
https://github.com/kubernetes/kubernetes/blob/v1.18.2/pkg/registry/core/rest/storage_core.go#L341-L344),
so there shouldn't be any downside to switching them to listen only on
localhost.
 2020-08-05 10:28:11 -07:00
Akihiro Suda
a70cdac356
update rootlesskit to v0.10.0 
Fix intermittent "Connection reset by peer" error during port forwarding

https://github.com/rootless-containers/rootlesskit/issues/153

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-08-05 18:22:05 +09:00
Brad Davidson
3e8141dc65 Update dynamiclistener 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2020-08-04 13:05:37 -07:00
Hussein Galal
169ee63907
Add etcd members as learners (#2066) 
* Add etcd members as learners

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Ignore errors in promote member

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
 2020-07-29 22:52:49 +02:00
Brad Davidson
1eec7348a5 Call setproctitle to conceal node args in ps output 
This is related to #2014.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2020-07-28 15:49:49 -07:00
Jacob Blain Christen
371bee82f9 containerd: bump to v1.3.6 
Remove $NOTIFY_SOCKET, if present, from env when invoking containerd to
prevent gratuitous notifications sent to systemd.

Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
 2020-07-27 14:41:52 -07:00
Brad Davidson
dfd0f9d1a6 Correctly report and propagate kubeconfig write failures 
As seen in issues such as #15 #155 #518 #570 there are situations where
k3s will fail to write the kubeconfig file, but reports that it wrote it
anyway as the success message is printed unconditionally. Also, secondary
actions like setting file mode and creating a symlink are also attempted
even if the file was not created.

This change skips attempting additional actions, and propagates the
failure back upwards.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2020-07-24 12:07:32 -07:00
Brad Davidson
9da8dc4f61 Update coredns version to 1.6.9 for master 
Needed for #1844

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2020-07-21 11:06:44 -07:00
Brian Downs
5a81fdbdc5 update cis flag implementation to propogate the rest of the way through to kubelet 
Signed-off-by: Brian Downs <brian.downs@gmail.com>
 2020-07-20 16:31:56 -07:00
Jason
e3f8789114
Add containerd snapshotter flag (#1991) 
* Add containerd snapshotter flag

Signed-off-by: Jason-ZW <zhenyang@rancher.com>

* Fix CamelCase nit and option description

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Jason-ZW <zhenyang@rancher.com>

Co-authored-by: Brad Davidson <brad@oatmail.org>
 2020-07-18 01:16:23 +02:00
Brian Downs
abb2d9aad1 add flag usage 
Signed-off-by: Brian Downs <brian.downs@gmail.com>
 2020-07-14 15:55:18 -07:00
Brian Downs
57a6319fac add protect-kernel-defaults to kubelet 
Signed-off-by: Brian Downs <brian.downs@gmail.com>
 2020-07-14 15:46:10 -07:00
Erik Wilson
66a8c2ad7f
Merge pull request #1899 from erikwilson/config-file 
Add config file support
 2020-07-14 08:41:45 -07:00
Brian Downs
ebac755da1 add profiling flag with default value of false 
Signed-off-by: Brian Downs <brian.downs@gmail.com>
 2020-07-10 13:08:04 -07:00
Erik Wilson
e1dc3451bc
Add config file support 2020-07-10 10:34:00 -07:00
Brian Downs
99a8bca522 remove hard coded value 
Signed-off-by: Brian Downs <brian.downs@gmail.com>
 2020-07-09 11:20:06 -07:00
Brandon Davidson
538842ffdc
Merge pull request #1768 from brandond/fix_1764 
Configure default signer implementation to use ClientCA instead of ServerCA
 2020-07-07 16:52:14 -07:00
Erik Wilson
0d6a2bfb0b
Merge pull request #1974 from mschneider82/patch-1 
fixed panic in network_policy_controller
 2020-07-01 09:48:00 -07:00
Erik Wilson
42f0b95ac5
Merge pull request #1800 from niusmallnan/dev 
Add retry backoff for starting network-policy controller
 2020-07-01 09:47:21 -07:00
niusmallnan
d713683614 Add retry backoff for starting network-policy controller 
Signed-off-by: niusmallnan <niusmallnan@gmail.com>
 2020-06-30 09:25:09 +08:00
Matthias Schneider
56a083c812 fixed panic in network_policy_controller 
I have rebooted a newly created k3s etcd cluster and this panic was triggered:

    ```
    k3s[948]: [signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x45f2945]
    k3s[948]: goroutine 1 [running]:
    k3s[948]: github.com/rancher/k3s/pkg/agent/netpol.NewNetworkPolicyController(0xc00159e180, 0x61b4a60, 0xc006294000, 0xdf8475800, 0xc011d9a360, 0xc, 0x0, 0xc00bf545b8, 0x2b2edbc)
    k3s[948]:         /home/x/git/k3s/pkg/agent/netpol/network_policy_controller.go:1698 +0x275
    ```

Signed-off-by: Matthias Schneider <ms@wck.biz>
 2020-06-29 20:49:24 +02:00
Jacob Blain Christen
3197d206ce
Merge pull request #1892 from dweomer/servicelb/node-role 
servicelb: fix ineffective toleration
 2020-06-26 13:55:57 -07:00
Brian Downs
58aae57e12 set environment variable and create config for crictl 
Signed-off-by: Brian Downs <brian.downs@gmail.com>
 2020-06-24 14:26:44 -07:00
Brian Downs
63dbf806df create symlink from docker sock to where crictl in k3s is looking for the sock to use 
Signed-off-by: Brian Downs <brian.downs@gmail.com>
 2020-06-23 18:42:45 -07:00
Hussein Galal
f5ee757b86
Add cluster dns configmap (#1785) 2020-06-22 23:06:01 +02:00
Brian Downs
7f4f237575
added profile = false args to api, controllerManager, and scheduler (#1891) 2020-06-12 21:09:41 +02:00
Jacob Blain Christen
1ed12cffa0 servicelb: fix ineffective toleration 
noderole.kubernetes.io/master -> node-role.kubernetes.io/master
 2020-06-11 14:39:12 -07:00
galal-hussein
c580a8b528 Add heartbeat interval and election timeout 2020-06-06 16:39:42 -07:00
Darren Shepherd
6b5b69378f Add embedded etcd support 
This is replaces dqlite with etcd.  The each same UX of dqlite is
followed so there is no change to the CLI args for this.
 2020-06-06 16:39:41 -07:00
Darren Shepherd
39571424dd Generate etcd certificates 2020-06-06 16:39:41 -07:00
Darren Shepherd
a18d387390 Refactor clustered DB framework 2020-06-06 16:39:41 -07:00
Darren Shepherd
4317a91b96 Delete dqlite 2020-06-06 16:39:41 -07:00
Darren Shepherd
7e59c0801e Make program name a variable to be changed at compile time 2020-06-06 16:39:41 -07:00
Taeho Kim
3d59a85dae Upgrade local-path-storage to v0.0.14 2020-06-02 13:47:37 +00:00
Erik Wilson
43b9bf2e50
Merge pull request #1795 from StateFarmIns/support_for_setting_default_ssl_ciphers 
Feature Request #1741: Update to set default CipherSuites
 2020-05-15 09:41:37 -07:00
Erik Wilson
d10d6f7fb3
Merge pull request #1762 from consideRatio/coredns-readinessprobe 
coredns: readiness- and livenessProbe tweaks (~15s -> ~3s startup)
 2020-05-15 09:40:54 -07:00
Chuck Schweizer
19c34bd12d Update to set default CipherSuites 
The default CipherSuites need to be set to disable the insecure TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Cipher
 2020-05-13 08:34:45 -05:00
Chuck Schweizer
ca9c9c2e1e Adding support for TLS MinVersion and CipherSuites 
This will watch for the following kube-apiserver-arg variables and apply
them to the k3s kube-apiserver https listener.

  --kube-apiserver-arg=tls-cipher-suites=XXXXXXX
  --kube-apiserver-arg=tls-min-version=XXXXXXX
 2020-05-07 09:27:09 -05:00
Erik Sundell
27ae2fb9c8 coredns: go generate 2020-05-07 16:21:46 +02:00
Darren Shepherd
cb4b34763e
Merge pull request #1759 from ibuildthecloud/background 
Start kube-apiserver in the background
 2020-05-06 21:50:48 -07:00