Commit Graph

128 Commits

Author SHA1 Message Date
Derek Nola
a1d7a62493
Fix to allow non-root users access to storage volumes. (#3714)
* Fix to prevent non-root users from accessing storage directory, while allowing non-root users access to subdirectories.

Signed-off-by: dereknola <derek.nola@suse.com>

* Added integration test

Signed-off-by: dereknola <derek.nola@suse.com>
2021-07-28 10:25:34 -07:00
Derek Nola
3e1693bc97
Changes local storage pods to have 700 permissions (#3537)
* Changes local storage pods to have 700 permissions

Signed-off-by: dereknola <derek.nola@suse.com>
2021-06-29 13:58:12 -07:00
Brad Davidson
a7d1159ba6 Emit events for AddOn lifecycle
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-06-11 14:00:27 -07:00
Brad Davidson
ea2cd6d727 Add comments, clean up imports and function names
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-06-11 14:00:27 -07:00
Brad Davidson
6ef000091a Add nodename to UA string for deploy controller
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-06-10 17:05:52 -07:00
Derek Nola
664a98919b
Fix RBAC cloud-controller-manager name 3308 (#3388)
* Changed cloud-controller-manager user name in ccm.yaml

Signed-off-by: dereknola <derek.nola@suse.com>

* Changed RBAC name in server.go

Signed-off-by: dereknola <derek.nola@suse.com>

* Changed "k3s" string prefix to version.Program to prevent static hardcoding

Signed-off-by: dereknola <derek.nola@suse.com>

* Changed user in ccm.yaml to k3s-cloud-controller-manager

Signed-off-by: dereknola <derek.nola@suse.com>
2021-06-02 14:50:11 -07:00
Brad Davidson
02a5bee62f
Add system-default-registry support and remove shared code (#3285)
* Move registries.yaml handling out to rancher/wharfie
* Add system-default-registry support
* Add CLI support for kubelet image credential providers

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-10 15:58:41 -07:00
Brian Downs
693c5290b1
Update CoreDNS to version 1.8.3. (#3168)
* update CoreDNS to 1.8.3

Rerun go generate and update the CoreDNS RBAC
2021-04-09 16:47:16 -07:00
Erik Wilson
9a53fca872 Bump traefik to v2.4.8
Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>
2021-04-08 17:42:58 -07:00
Erik Wilson
4aac6b6bd0
Update to Traefik 2.4.2 and combine manifests 2021-03-01 10:44:24 -07:00
Chin-Ya Huang
10e0328977
Traefik v2 integration
K3s upgrade via watch over file change of static file and manifest
and triggers helm-controller for change. It seems reasonable to
only allow upgrade traefik v1->v2 when there is no existing custom
traefik HelmChartConfig in the cluster to avoid any
incompatibility.

Here also separate the CRDs and put them into a different chart
to support CRD upgrade.

Signed-off-by: Chin-Ya Huang <chin-ya.huang@suse.com>
2021-03-01 10:44:23 -07:00
Brad Davidson
ae5b93a264 Use HasSuffixI utility function
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-17 11:48:03 -08:00
Brad Davidson
c5e2676d5c
Update local-path-provisioner and helper busybox (#2885)
* Update local-path-provisioner and helper busybox

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-04 10:49:25 -08:00
Brad Davidson
8936cf577f Bump coredns to 1.8.0
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-12-17 15:20:19 -08:00
Brad Davidson
63f2211b31 deprecate the "node-role.kubernetes.io/master" label / taint
Related to https://github.com/kubernetes/kubernetes/pull/95382

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-12-08 22:51:34 -08:00
Brad Davidson
cd27c6fcbe Bump coredns to 1.7.1
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-12-08 15:58:17 -08:00
transhapHigsn
87a43c69e1 Problem: CoreDNS getting preempted by other pods
Solution: Set priorityClassName to system-node-critical of traefik, metrics-server, local storage and coredns deployment
Signed-off-by: transhapHigsn <fet.prashantsingh@gmail.com>
2020-12-04 12:50:12 -08:00
Brad Davidson
58b5b21f0d Don't pass cloud-provider flag to controller-manager
As per documentation, the cloud-provider flag should not be passed to
controller-manager when using cloud-controller. However, the legacy
cloud-related controllers still need to be explicitly disabled to
prevent errors from being logged.

Fixing this also prevents controller-manager from creating the
cloud-controller-manager service account that needed extra RBAC.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-09 13:55:09 -08:00
Brad Davidson
31575e407a Add Cluster ID support to k3s stub cloud controller
Resolves warning 2 from #2471.

As per https://github.com/kubernetes/cloud-provider/issues/12 the
ClusterID requirement was never really followed through on, so the
flag is probably going to be removed in the future.

One side-effect of this is that the core k8s cloud-controller-manager
also wants to watch nodes, and needs RBAC to do so.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-05 15:51:10 -08:00
Brian Downs
ba70c41cce
Initial Logging Output Update (#2246)
This attempts to update logging statements to make them consistent
through out the code base. It also adds additional context to messages
where possible, simplifies messages, and updates level where necessary.
2020-09-21 09:56:03 -07:00
Brad Davidson
ae5519c047
Use rancher-mirrored busybox for local-path-provisioner (#2257)
Related to #1908

Will be fixed upstream by
https://github.com/rancher/local-path-provisioner/pull/135/ but we're
not going to update the LPP image right now since it's undergoing some
changes that we don't want to pick up at the moment.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-15 18:02:51 -07:00
Brad Davidson
fcaeebaa18 Add support for disabling all staged content
This reduces the binary footprint for downstream users that won't use
these files anyway.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-14 14:21:37 -07:00
Brad Davidson
9da8dc4f61 Update coredns version to 1.6.9 for master
Needed for #1844

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-07-21 11:06:44 -07:00
Taeho Kim
3d59a85dae Upgrade local-path-storage to v0.0.14 2020-06-02 13:47:37 +00:00
Erik Sundell
27ae2fb9c8 coredns: go generate 2020-05-07 16:21:46 +02:00
Erik Wilson
fec2c271c2 Check modification time before deploying manifests 2020-04-22 09:58:41 -07:00
louis
f2a4e1d57d feat: add master taint toleration to klipper, coredns, metrics-server, traefik and local-storage 2020-03-25 19:11:10 +01:00
galal-hussein
2b6faa925f use mirrored images for traefik and coredns 2020-03-23 19:00:30 +02:00
galal-hussein
3f927d8006 Revert "Replace traefik with nginx"
This reverts commit 9a17033095.
2020-03-11 01:45:23 +02:00
galal-hussein
c4f18227fc default backend multiarch 2020-03-09 23:52:04 +02:00
galal-hussein
717b5a765e use multiarch image for nginx 2020-03-07 00:19:32 +02:00
galal-hussein
9a17033095 Replace traefik with nginx 2020-03-03 00:00:39 +02:00
Erik Wilson
0374c4f63d Add --disable flag 2020-01-30 16:45:01 -07:00
galal-hussein
07d4c1510d Add lease permissions to ccm cluster role 2019-12-21 04:41:24 +02:00
dduportal
9598a527a2 Regenerate bindata
Signed-off-by: dduportal <1522731+dduportal@users.noreply.github.com>
2019-11-26 17:21:22 +01:00
Erik Wilson
b298733b3f Use lexical (sorted) order for file deployments 2019-11-12 16:05:09 -07:00
Erik Wilson
e9a11c7cc4 Update generated code 2019-11-05 14:34:09 -07:00
Erik Wilson
47a94637dc Move metrics-server manifests to sub-directory 2019-11-05 14:30:50 -07:00
Erik Wilson
c4eb6ea3ef Update generated data 2019-11-05 10:11:21 -07:00
Erik Wilson
931f63073f
Merge pull request #899 from mrueg/coredns-ready
coredns: Add readinessProbe
2019-11-04 14:25:45 -07:00
Darren Shepherd
609c5e5f51 Update generated code 2019-10-30 19:08:26 -07:00
Manuel Rüger
e8ca18ab2b coredns: Add readinessProbe 2019-10-29 11:51:36 +01:00
Erik Wilson
8a8fa8a351 Update go generated data 2019-10-28 16:10:36 -07:00
Erik Wilson
265181715a
Merge pull request #892 from iwilltry42/master
[Enhancement] include subdirectories for auto-deploy manifests
2019-10-16 16:30:35 -07:00
galal-hussein
d2c1f66496 Add k3s cloud provider 2019-10-16 21:13:15 +02:00
Thorsten Klein
50017c39a2 include subdirectories for auto-deploy manifests 2019-10-11 12:59:37 +02:00
galal-hussein
56e0e5ad7e Add default local storage provisioner 2019-09-30 18:17:33 +02:00
Darren Shepherd
8dcc09f7be Update generated code 2019-09-27 16:54:37 -07:00
Erik Wilson
db9540aa10 Bump CoreDNS to v1.6.3 2019-09-18 17:11:04 -07:00
Manuel Zapf
50227ff894 bump traefik version to 1.7.14 (#769)
* bump traefik version
2019-08-28 20:21:07 -07:00
Carlos Eduardo
993e6a1950 Enable metrics endpoint to Traefik 2019-08-22 19:42:58 -03:00
William Zhang
458cea6633 Update traefik to 1.7.12
Signed-off-by: William Zhang <warmchang@outlook.com>
2019-08-20 02:35:07 +00:00
William Zhang
bdb8550638 🔧 jteeuwen/go-bindata --> go-bindata/go-bindata
Signed-off-by: William Zhang <warmchang@outlook.com>
2019-08-12 03:24:03 +00:00
Erik Wilson
1e035820bf Generated data 2019-06-25 15:04:04 -07:00
Erik Wilson
2b44679352 Generated data 2019-06-14 09:37:59 -07:00
Darren Shepherd
7ee554013a Update generated code 2019-05-26 22:35:57 -07:00
Darren Shepherd
d94a346a1e Switch to wrangler-api and helm-controller 2019-05-26 22:32:24 -07:00
Darren Shepherd
c0702b0492 Port to wrangler 2019-05-26 22:28:50 -07:00
Darren Shepherd
9db91d7de3
Merge pull request #369 from erikwilson/node-dns
Node DNS & cert registration
2019-04-26 16:00:31 -07:00
Erik Wilson
37dd5cbfd2 Generated data 2019-04-17 22:44:46 +00:00
galal-hussein
c42ea5ec89 Skip any file with no yaml yml or json suffix 2019-04-18 00:13:11 +02:00
Marco Mancini
b445bad171 Add --cluster-domain option 2019-04-12 08:06:35 +02:00
Erik Wilson
bb14bcb595 Update generated data 2019-03-26 23:13:54 +00:00
Erik Wilson
1d61576e54 Fix linting issues 2019-03-25 16:04:29 -07:00
Morten Lied Johansen
9033891f88 Skip writing manifest when using --no-deploy
Instead of skipping the manifest when listing the directory, we now skip
creating it in the first place. This allows users to deploy manifests
that replaces the ones bundled, without having to come up with a new
name.

Fixes #230.
2019-03-23 22:22:58 +01:00
Erik Wilson
e75e5171af Generated bin data 2019-03-20 18:35:25 +00:00
Vladimir Zorin
d1348b9898 Trim whitespaces before checking if line is empty or comment 2019-03-14 14:12:02 +02:00
Vladimir Zorin
567532d74d Do not process empty yaml objects (fixes #222) 2019-03-14 13:36:26 +02:00
Darren Shepherd
2771ae1ba9
Merge pull request #184 from ibuildthecloud/default-ns
Assign default namespace if not set in manifests
2019-03-07 13:04:50 -07:00
Darren Shepherd
769c1d5415 Fix manifest polling 2019-03-07 13:01:21 -07:00
Darren Shepherd
bef4115657 Assign default namespace if not set in manifests 2019-03-07 13:00:35 -07:00
Vladimir Zorin
392cfb1231 Add basic templating support for manifests 2019-03-07 01:22:55 +02:00
Darren Shepherd
8690a277ed Fix ingress 2019-02-14 11:27:26 -07:00
Darren Shepherd
56fae079e5 Update generated code 2019-02-07 21:45:31 -07:00
Darren Shepherd
91002f1fee Fix looping on startup while installing addons 2019-02-07 21:45:31 -07:00
Darren Shepherd
bd269f8d3e Update generated code 2019-02-04 16:47:53 -07:00
Darren Shepherd
6fa7f5b3ae Clean up build scripts
Switch binaries to armhf suffix to be more clean on the on
architecture
2019-01-24 10:51:37 -07:00
Darren Shepherd
287e0f44c9 Prepare for initial release 2019-01-22 14:20:29 -07:00