1365 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Euan Kemp	4808c4e7d5	Listen insecurely on localhost only ... Before this change, k3s configured the scheduler and controller's insecure ports to listen on 0.0.0.0. Those ports include pprof, which provides a DoS vector at the very least. These ports are only enabled for componentstatus checks in the first place, and componentstatus is hardcoded to only do the check on localhost anyway (see https://github.com/kubernetes/kubernetes/blob/v1.18.2/pkg/registry/core/rest/storage_core.go#L341-L344), so there shouldn't be any downside to switching them to listen only on localhost.	2020-08-05 10:28:11 -07:00
Brad Davidson	c8282f4939	Merge pull request #2053 from brandond/update_dynamiclistener ... Update dynamiclistener	2020-08-04 14:48:47 -07:00
Brad Davidson	3e8141dc65	Update dynamiclistener ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2020-08-04 13:05:37 -07:00
Brian Downs	6fcec6aea9	Merge pull request #1754 from briandowns/add_pr_template ... add pull request template	2020-08-03 09:25:39 -07:00
Hussein Galal	169ee63907	Add etcd members as learners (#2066) ... * Add etcd members as learners Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Ignore errors in promote member Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>	2020-07-29 22:52:49 +02:00
Brad Davidson	a33494802b	Merge pull request #2072 from brandond/setproctitle ... Call setproctitle to conceal node args in ps output	2020-07-28 18:45:27 -07:00
Brad Davidson	1eec7348a5	Call setproctitle to conceal node args in ps output ... This is related to #2014. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2020-07-28 15:49:49 -07:00
Brad Davidson	375c68524b	Merge pull request #2073 from brandond/update_docker_baseimage ... Update base image version in Dockerfiles	2020-07-28 10:16:47 -07:00
Brad Davidson	1b78715903	Update base image version in Dockerfiles ... Should hopefully fix issues that cropped up with arm builds failing due to the sqlite libs from alpine 3.10 no longer being compatible with alpine edge, which was probably never a safe assumption to begin with. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2020-07-28 00:23:46 -07:00
Brad Davidson	361e218fef	Merge pull request #2064 from brandond/write_kubeconfig_claim ... Correctly report and propagate kubeconfig write failures	2020-07-27 16:28:45 -07:00
Brad Davidson	118d3256b5	Merge pull request #2056 from mcsaucy/http ... Always validate K3S_URL if running agent.	2020-07-24 14:23:00 -07:00
Chris Kim	79931c73bc	Merge pull request #2063 from Oats87/bump-k3s-root-v060-rc3 ... Bump k3s-root to v0.6.0-rc3	2020-07-24 12:38:35 -07:00
Brad Davidson	dfd0f9d1a6	Correctly report and propagate kubeconfig write failures ... As seen in issues such as #15 #155 #518 #570 there are situations where k3s will fail to write the kubeconfig file, but reports that it wrote it anyway as the success message is printed unconditionally. Also, secondary actions like setting file mode and creating a symlink are also attempted even if the file was not created. This change skips attempting additional actions, and propagates the failure back upwards. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2020-07-24 12:07:32 -07:00
Chris Kim	b5e57a10d5	Bump k3s-root to v0.6.0-rc3 for https://github.com/rancher/k3s/issues/1812 ... Signed-off-by: Chris Kim <oats87g@gmail.com>	2020-07-24 11:16:50 -07:00
Josh McSavaney	265bd9848b	Always validate K3S_URL. ... Also move K3S_URL validation to its own function. Signed-off-by: Josh McSavaney <mcsaucy@csh.rit.edu>	2020-07-23 17:21:55 -04:00
Brad Davidson	4eb88a2fd3	Merge pull request #2042 from brandond/coredns_sync_1919-master ... Update coredns version for master	2020-07-21 15:12:59 -07:00
Brad Davidson	77bfe47627	Merge pull request #2037 from brandond/update_k3s-root_slirp4netns ... Update k3s-root to pull in updated slirp4netns	2020-07-21 15:12:27 -07:00
Brad Davidson	9da8dc4f61	Update coredns version to 1.6.9 for master ... Needed for #1844 Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2020-07-21 11:06:44 -07:00
Brian Downs	04f57e5e1d	Merge pull request #2044 from briandowns/add_cis_server_flag ... update cis flag implementation to propogate the rest of the way	2020-07-20 16:56:07 -07:00
Brian Downs	5a81fdbdc5	update cis flag implementation to propogate the rest of the way through to kubelet ... Signed-off-by: Brian Downs <brian.downs@gmail.com>	2020-07-20 16:31:56 -07:00
Hussein Galal	6d59b81479	Fix cli in main.go (#2043)	2020-07-21 00:06:21 +02:00
Erik Wilson	1b62c2802b	Merge pull request #1983 from erikwilson/upgrade-flannel ... Update flannel to v0.12.0-k3s1	2020-07-20 14:18:49 -07:00
Brad Davidson	1de58904ad	Update flannel to v0.12.0-k3s1 ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2020-07-20 13:18:46 -07:00
Brad Davidson	9e00f6dc73	Update k3s-root to pull in updated slirp4netns ... Related to #1709 Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2020-07-17 16:47:44 -07:00
Jason	e3f8789114	Add containerd snapshotter flag (#1991) ... * Add containerd snapshotter flag Signed-off-by: Jason-ZW <zhenyang@rancher.com> * Fix CamelCase nit and option description Signed-off-by: Brad Davidson <brad.davidson@rancher.com> Signed-off-by: Jason-ZW <zhenyang@rancher.com> Co-authored-by: Brad Davidson <brad@oatmail.org>	2020-07-18 01:16:23 +02:00
Brad Davidson	206accbe8d	Update to v1.18.6-k3s1 (#2035) ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2020-07-18 01:14:37 +02:00
David Nuzik	186c4a1c6b	Merge pull request #2022 from davidnuzik/mark-v1.18.6-stable ... Set v1.18.6 as stable in channel server	2020-07-16 17:36:57 -07:00
Brian Downs	f7dae176e9	Merge pull request #2023 from briandowns/add_kubelet_cis_flag ... add protect-kernel-defaults to kubelet	2020-07-14 16:32:43 -07:00
Brian Downs	abb2d9aad1	add flag usage ... Signed-off-by: Brian Downs <brian.downs@gmail.com>	2020-07-14 15:55:18 -07:00
Brian Downs	57a6319fac	add protect-kernel-defaults to kubelet ... Signed-off-by: Brian Downs <brian.downs@gmail.com>	2020-07-14 15:46:10 -07:00
David Nuzik	cecce93ee1	Set v1.18.6 as stable in channel server ... Signed-off-by: David Nuzik <david.nuzik@rancher.com>	2020-07-14 11:55:48 -07:00
Erik Wilson	66a8c2ad7f	Merge pull request #1899 from erikwilson/config-file ... Add config file support	2020-07-14 08:41:45 -07:00
Brad Davidson	5e01bd3558	Merge pull request #1957 from mcsaucy/http ... Perform basic validation on K3S_URL in install.sh	2020-07-13 12:33:24 -07:00
Erik Wilson	466f093943	Stat build to show file size	2020-07-13 10:06:23 -07:00
Erik Wilson	d088adf9c4	Merge pull request #2012 from erikwilson/vagrant-update ... Update Vagrant dev environment	2020-07-13 09:57:19 -07:00
Erik Wilson	176bfdbbb6	Update Vagrant dev environment	2020-07-10 15:36:46 -07:00
Brad Davidson	6b541e6676	Merge pull request #2009 from brandond/fix_1999 ... Update sonobuoy version for k8s 1.18 support	2020-07-10 15:14:16 -07:00
Brian Downs	6a21599f39	Merge pull request #2011 from briandowns/add_profile_flag_to_controller_manager ... add profiling flag with default value of false	2020-07-10 14:15:47 -07:00
Brian Downs	ebac755da1	add profiling flag with default value of false ... Signed-off-by: Brian Downs <brian.downs@gmail.com>	2020-07-10 13:08:04 -07:00
Erik Wilson	e1dc3451bc	Add config file support	2020-07-10 10:34:00 -07:00
Brian Downs	925a6d2da8	Merge pull request #2008 from briandowns/remove_hardcoded_value_for_program ... remove hard coded value from ProgramUpper	2020-07-09 13:20:52 -07:00
Brad Davidson	c7578d97d6	Update sonobuoy version for k8s 1.18 support	2020-07-09 13:08:02 -07:00
Brian Downs	99a8bca522	remove hard coded value ... Signed-off-by: Brian Downs <brian.downs@gmail.com>	2020-07-09 11:20:06 -07:00
Brandon Davidson	538842ffdc	Merge pull request #1768 from brandond/fix_1764 ... Configure default signer implementation to use ClientCA instead of ServerCA	2020-07-07 16:52:14 -07:00
Chris Kim	4637816f40	Merge pull request #1914 from Oats87/nft-aux-iptables ... Implement new k3s-root changes	2020-07-01 16:30:29 -07:00
Chris Kim	2e93004ee7	update k3s-root to v0.5.0 and remove k3s specific modifications to k3s-root (as they have moved into k3s-root) ... Signed-off-by: Chris Kim <oats87g@gmail.com>	2020-07-01 15:56:47 -07:00
Erik Wilson	0d6a2bfb0b	Merge pull request #1974 from mschneider82/patch-1 ... fixed panic in network_policy_controller	2020-07-01 09:48:00 -07:00
Erik Wilson	42f0b95ac5	Merge pull request #1800 from niusmallnan/dev ... Add retry backoff for starting network-policy controller	2020-07-01 09:47:21 -07:00
Erik Wilson	6cc4c8516e	Merge pull request #1978 from erikwilson/nocode ... Replace juju/errors with nocode	2020-06-30 14:24:09 -07:00
Erik Wilson	a535d13df4	Replace juju/errors with nocode	2020-06-30 13:46:20 -07:00