Brad Davidson
d1424626ac
Disable containerd experimental snapshot labels
...
Related to #2455 and containerd/containerd#4684
These were not meant to be enabled by default, break images with many
layers, and will be disabled by default on the next containerd release.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-05 15:51:10 -08:00
Erik Wilson
992ca52c31
Enable go test in ci
2020-11-05 09:48:53 -07:00
Erik Wilson
92d04355f4
Use secrets for node-passwd entries and cleanup
2020-11-05 09:48:53 -07:00
Brad Davidson
3b8ec74049
Update disables list when building with no_stage
...
The --disable/--no-deploy flags actually turn off some built-in
controllers, in addition to preventing manifests from getting loaded.
Make it clear which controllers can still be disabled even when the
packaged components are ommited by the no_stage build tag.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-04 13:39:45 -08:00
Chris Kim
ea916030c2
Merge pull request #2456 from Oats87/fix-rpm-install
...
Support k3s-selinux rpm install more effectively
2020-10-29 12:49:18 -04:00
Chris Kim
a8275838d5
Add additional conditional logic to install.sh to prevent errors on Fedora or systems when run as non-root
...
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-10-29 07:30:03 -07:00
Euan Kemp
0521756dd9
Use 'rm' from path in go generate
...
/bin/rm is less portable. On some distros, like nixos, it doesn't exist
at all.
Signed-off-by: Euan Kemp <euank@euank.com>
2020-10-29 00:07:46 -07:00
Menna Elmasry
523ccaf3f2
Merge pull request #2448 from MonzElmasry/new_b
...
Make etcd use node private ip
2020-10-29 00:23:56 +02:00
Ranjib Dey
dcff6e7047
remove duplicate systemd directives
...
Signed-off-by: Ranjib Dey ranjib@linux.com
2020-10-28 14:53:01 -07:00
MonzElmasry
e8436cc76b
Make etcd use node private ip
...
Signed-off-by: MonzElmasry <menna.elmasry@rancher.com>
2020-10-28 23:45:24 +02:00
Chris Kim
05d775b31e
Merge pull request #2441 from Oats87/disable-rpm
...
Disable RPM publishing
2020-10-28 16:07:53 -04:00
Brad Davidson
7a5a9033a7
Update kine to v0.5.0
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-10-28 13:03:47 -07:00
Chris Kim
f981043b89
Remove RPM publishing from .drone.yml
...
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-10-28 14:27:08 -04:00
Chris Kim
7b8a147a1b
Merge pull request #2408 from Oats87/rpm-install-selinux
...
Add auto-install capability to install.sh for k3s-selinux
2020-10-28 14:24:09 -04:00
Hussein Galal
fcd18d1b6e
skip node delete from removed member ( #2413 )
...
* skip node delete from removed member
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* use grpc errors
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* go imports
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* exit if node is the etcd that being removed
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2020-10-28 18:32:51 +02:00
Chris Kim
96fc4c4b21
Add iptable_nat to modprobe list
...
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-10-27 14:22:14 -04:00
Chris Kim
38109e6c9d
Add auto-install capability to install.sh for k3s-selinux
...
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-10-27 14:22:14 -04:00
Brad Davidson
de18528412
Make etcd voting members responsible for managing learners ( #2399 )
...
* Set etcd timeouts using values from k8s instead of etcdctl
Fix for one of the warnings from #2303
* Use etcd zap logger instead of deprecated capsnlog
Fix for one of the warnings from #2303
* Remove member self-promotion code paths
* Add learner promotion tracking code
* Fix RaftAppliedIndex progress check
* Remove ErrGRPCKeyNotFound check
This is not used by v3 API - it just returns a response with 0 KVs.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-10-27 11:06:26 -07:00
Brad Davidson
03f05f9337
Update Kubernetes to v1.19.3-k3s1
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-10-16 13:18:59 -07:00
Jeremy Katz
b1a7161ccc
Add information on reporting security issues
...
Signed-off-by: Jeremy Katz <jeremy@tidelift.com>
2020-10-16 11:46:16 -07:00
Brian Downs
0063646628
Merge pull request #2396 from briandowns/issue-831
...
Update kine to v0.4.1
2020-10-15 13:39:08 -07:00
Brian Downs
0363da5196
run go mod tidy
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-10-15 13:03:26 -07:00
Brian Downs
299fe83a1f
update kine to v0.4.1
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-10-15 10:34:24 -07:00
Erik Wilson
6b11d86037
Merge pull request #2377 from erikwilson/no-proxy-fix
...
Use no_proxy env, add .svc and cluster domains
2020-10-12 13:46:22 -07:00
Erik Wilson
56e077eb29
Use no_proxy env, add .svc and cluster domains
2020-10-12 11:02:07 -07:00
Erik Wilson
114b5ccad1
Merge pull request #2363 from erikwilson/netpol-informers
...
Add event handlers to network policy controller
2020-10-12 08:53:39 -07:00
Erik Wilson
e26e333b7e
Add network policy controller CacheSyncOrTimeout
2020-10-07 12:35:44 -07:00
Erik Wilson
045cd49ab5
Add event handlers to network policy controller
2020-10-07 12:10:27 -07:00
Erik Wilson
f4e7eaa283
Merge pull request #2358 from erikwilson/check-config-1291
...
check-config: Remove NF_NAT_IPV4 and NF_NAT_NEEDED from kernel check
2020-10-06 16:02:33 -07:00
Erik Wilson
7f0bdf8a1e
check-config: Remove NF_NAT_IPV4 and NF_NAT_NEEDED from kernel check
2020-10-06 14:30:49 -07:00
Erik Wilson
154b395c03
Merge pull request #2349 from erikwilson/fix-data-extract
...
Fix race condition in data extraction
2020-10-06 12:40:47 -07:00
Erik Wilson
95b895038c
Add locking and verification for data directory extraction
2020-10-06 10:29:27 -07:00
Erik Wilson
ce0da0a0f4
Add file verification for data directory
2020-10-06 10:29:27 -07:00
Erik Wilson
66d29148f7
Add Release function for flock
2020-10-06 10:29:27 -07:00
Erik Wilson
360d82d20e
Add flock from k8s.io/kubernetes/pkg/util/flock
2020-10-06 10:29:26 -07:00
Brad Davidson
c3c983198f
Add temporary fix for issue with interrupted etcd promote
...
This is a minimal fix for https://github.com/rancher/rke2/issues/392
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-30 11:45:58 -07:00
Hussein Galal
373449ec0a
Allow for multiple etcd snapshot restoration ( #2307 )
...
* add reset tmp file
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* go imports
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix multiple lines string
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix typo
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* use resetFile function
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2020-09-30 02:53:31 +02:00
Brad Davidson
8262e23169
Revert removal of EndpointName hooks ( #2319 )
...
* Revert "Remove dead EndpointName code"
This reverts commit 8025da5a8d
.
* Fix docstrings based on proper understanding of use
2020-09-28 18:13:55 -07:00
Brad Davidson
714227bdc7
Merge pull request #2300 from brandond/fix_2249
...
Fix managed etcd cold startup deadlock issue #2249
2020-09-28 10:56:51 -07:00
Brad Davidson
360b0f1ee5
Add timeout to clientaccess http client
...
The default http client does not have an overall request timeout, so
connections to misbehaving or unavailable servers can stall for an
excessive amount of time. At the moment, just attempting to join
an unavailable cluster takes 2 minutes and 40 seconds to timeout.
Resolve that by setting a reasonable request timeout.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:26:27 -07:00
Brad Davidson
cdfc6cfa1a
Split clientaccess token/kubeconfig code
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:26:27 -07:00
Brad Davidson
45dd4afe50
Simplify token parsing
...
Improves readability, reduces round-trips to the join server to validate certs.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:26:24 -07:00
Brad Davidson
9074da7405
Fix misc nits and missing/unused imports
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:10:00 -07:00
Brad Davidson
703ba5cde7
Add a bunch of doc comments
...
Also change identical error messages to clarify where problems are
occurring.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:10:00 -07:00
Brad Davidson
ae916c2dec
Use const for kube-system namespace
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:10:00 -07:00
Brad Davidson
f59e8fc21b
Fix etcd directory permissions
...
Silences warning on startup about insecure directory permissions
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:10:00 -07:00
Brad Davidson
ee99660a96
Rename etcd directory helpers to reduce confusion about which datadir we're talking about
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:10:00 -07:00
Brad Davidson
8025da5a8d
Remove dead EndpointName code
...
According to @galal-hussein this is dead code that was probably brought
over from Kine. I certainly couldn't figure out what it is supposed to
be doing.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:10:00 -07:00
Brad Davidson
97eb28a01a
Remove unnecessary listener arg from managed DB setup
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:09:45 -07:00
Brad Davidson
a3bbd58f37
Fix managed etcd cold startup deadlock issue #2249
...
We should ignore --token and --server if the managed database is initialized,
just like we ignore --cluster-init. If the user wants to join a new
cluster, or rejoin a cluster after --cluster-reset, they need to delete
the database. This a cleaner way to prevent deadlocking on quorum loss,
and removes the requirement that the target of the --server argument
must be online before already joined nodes can start.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 02:44:49 -07:00