Commit Graph

1995 Commits

Author SHA1 Message Date
Brad Davidson
f6cec4e75d Add kubernetes.default.svc to serving certs
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-06-08 12:55:20 -07:00
Manuel Buil
9c2373499c
Merge pull request #3417 from manuelbuil/replaceAll
Change Replace with ReplaceAll function
2021-06-08 10:18:23 +02:00
Manuel Buil
243fd14cf1 Change Replace with ReplaceAll function
strings has a specific function to replace all matches. We should use that one instead of strings.Replace(string, old, new string, -1)

Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-06-07 09:52:26 +02:00
Brian Downs
bd84012061
Merge pull request #3413 from briandowns/possible_race_condition
fix possible race where bootstrap data might not save
2021-06-04 15:42:40 -07:00
Brian Downs
afd506a595 fix possible race where bootstrap data might not save
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-06-04 15:05:47 -07:00
Brian Downs
2554c213db
Merge pull request #3405 from briandowns/issue-430
add log message indicating etcd snapshots are disabled
2021-06-04 10:38:17 -07:00
Brian Downs
2682183773 add log message indicating etcd snapshots are disabled
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-06-04 09:18:16 -07:00
Derek Nola
664a98919b
Fix RBAC cloud-controller-manager name 3308 (#3388)
* Changed cloud-controller-manager user name in ccm.yaml

Signed-off-by: dereknola <derek.nola@suse.com>

* Changed RBAC name in server.go

Signed-off-by: dereknola <derek.nola@suse.com>

* Changed "k3s" string prefix to version.Program to prevent static hardcoding

Signed-off-by: dereknola <derek.nola@suse.com>

* Changed user in ccm.yaml to k3s-cloud-controller-manager

Signed-off-by: dereknola <derek.nola@suse.com>
2021-06-02 14:50:11 -07:00
Manuel Buil
b4542d4317
Merge pull request #3376 from manuelbuil/flannelv0.14
Update flannel version
2021-06-02 09:45:00 +02:00
Manuel Buil
5153088286
Merge pull request #3385 from manuelbuil/wireguard-fix
Move wireguard's privatekey to flannel config directory
2021-06-02 09:44:27 +02:00
Erik Wilson
e5244f375c
Merge pull request #3386 from erikwilson/bump-channel-stable-1.21.1
Bump stable version to v1.21.1+k3s1 and add v1.21 channel
2021-06-01 13:52:06 -07:00
Akihiro Suda
5e0527f304 cgroup2 CI: add rootless
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-06-01 13:13:21 -07:00
Akihiro Suda
daf527ccaf k3s-rootless.service: use fuse-overlayfs snapshotter
Kernel 5.11 added support for rootless overlayfs, but still incompatible
with SELinux, so we should always use fuse-overlayfs.

Related: moby/moby issue 42333

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-06-01 13:13:21 -07:00
Manuel Buil
1576030d6b Add a path for wireguard's privatekey
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-06-01 21:54:17 +02:00
Jamie Phillips
7345ac35ae
Initial windows support for agent (#3375)
Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>
2021-06-01 12:29:46 -07:00
Erik Wilson
3abe7c7cef
Bump stable version to v1.21.1+k3s1 and add v1.21 channel 2021-06-01 10:37:29 -07:00
Manuel Buil
d415e41337 Update flannel version
Signed-off-by: Manuel Buil <mbuil@suse.com>
2021-06-01 19:21:15 +02:00
Erik Wilson
c2e561f25e
Merge pull request #3358 from dweomer/fix/3296/caps
containerd: v1.4.4-k3s2
2021-05-20 13:01:19 -07:00
David Nuzik
99c7d5125c
Merge pull request #3357 from erikwilson/bump-channel-stable-1.20.7
Bump channel stable version to v1.20.7+k3s1
2021-05-20 11:58:36 -07:00
Jacob Blain Christen
cb25835d84 containerd: v1.4.4-k3s2
Pull in backport of containerd/containerd#5017

Addresses #3296

Signed-off-by: Jacob Blain Christen <dweomer5@gmail.com>
2021-05-20 11:37:37 -07:00
Erik Wilson
79cf4a7c83
Bump channel stable version to v1.20.7+k3s1 2021-05-20 11:29:49 -07:00
Brad Davidson
25c2888d28 Fix shell expansion and file permission issues install.sh
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-19 19:00:31 -07:00
Jacob Blain Christen
f11cbc5a8e
runc: v1.0.0-rc95 (#3348)
- Addresses #3299

Signed-off-by: Jacob Blain Christen <dweomer5@gmail.com>
2021-05-19 11:34:44 -07:00
Brian Downs
0ccdbe4ffb
Merge pull request #3346 from briandowns/issue-3240-2
Move object channel defer close to goroutine
2021-05-19 07:58:33 -07:00
Brian Downs
ecbf17e2ed move object channel defer close to goroutine
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-05-18 19:58:30 -07:00
Brian Downs
5bf4d9f687
Merge pull request #3340 from briandowns/issue-3278-2
add retention default and wire in s3 prune
2021-05-18 16:18:04 -07:00
Brian Downs
254b52077e add retention default and wire in s3 prune
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-05-18 13:57:40 -07:00
Brad Davidson
7e175e8ad4 Handle conntrack-related sysctls in supervisor agent setup
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-18 13:40:44 -07:00
Brian Downs
424d75ad43
Merge pull request #3336 from briandowns/issue-3309
Add etcd snapshot save subcommand
2021-05-18 09:18:07 -07:00
Brad Davidson
c824c3bcc1 Add support for multiple env files for systemd unit
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-17 14:18:40 -07:00
Brian Downs
e8ecc00fc8 add etcd snapshot save subcommand
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2021-05-17 10:55:13 -07:00
Erik Wilson
fd4d226e3d
Merge pull request #3328 from erikwilson/v1.21.1-k3s1
Update Kubernetes to v1.21.1-k3s1
2021-05-14 13:54:28 -07:00
Erik Wilson
11c5effca2
Bump to go 1.16.4 2021-05-14 10:36:13 -07:00
Erik Wilson
70430b53a8
Update Kubernetes to v1.21.1-k3s1 2021-05-14 10:12:55 -07:00
Brian Downs
6ee28214fa
Add the ability to prune etcd snapshots (#3310)
* add prune subcommand to force rentention policy enforcement
2021-05-13 13:36:33 -07:00
Brad Davidson
079620ded0 Fix passthrough of SystemDefaultRegistry from server config
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-13 02:18:09 -07:00
Menna Elmasry
f76d6208e4
Merge pull request #3316 from MonzElmasry/disable-apiserver-flag
change --disable-api-server flag to --disable-apiserver
2021-05-13 01:10:55 +02:00
MonzElmasry
24474c5734
change --disable-apiserver flag
Signed-off-by: MonzElmasry <menna.elmasry@rancher.com>
2021-05-13 00:00:11 +02:00
Jacob Blain Christen
0d05b14b71
runc: v1.0.0-rc94 (#3305)
- bump the runc version to v1.0.0-rc94
- build runc from its own source tree instead of from ./vendor/
  - side-steps incompatibility with upstream kubelet container manager

Signed-off-by: Jacob Blain Christen <dweomer5@gmail.com>
2021-05-12 11:50:24 -07:00
Brad Davidson
e10524a6b1 Add executor.Bootstrap hook for pre-execution setup
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-11 18:46:15 -07:00
Brian Downs
bcd8b67db4
Add the ability to list etcd snapshots (#3303)
* add ability to list local and s3 etcd snapshots
2021-05-11 16:59:33 -07:00
Brad Davidson
02a5bee62f
Add system-default-registry support and remove shared code (#3285)
* Move registries.yaml handling out to rancher/wharfie
* Add system-default-registry support
* Add CLI support for kubelet image credential providers

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-10 15:58:41 -07:00
Hussein Galal
948295e8e8
Fix cluster restoration in rke2 (#3295)
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-05-11 00:06:33 +02:00
Brad Davidson
fc037e87f8 Use config file values in node-args annotation
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-05-10 14:08:02 -07:00
Brian Downs
e998cd110d
Add the ability to delete an etcd snapshot locally or from S3 (#3277)
* Add the ability to delete a given set of etcd snapshots from the CLI for locally stored and S3 store snapshots.
2021-05-07 16:10:04 -07:00
Siegfried Weber
e77fd18270 Sign CSRs for kubelet-serving with the server CA
Problem:
Only the client CA is passed to the kube-controller-manager and
therefore CSRs with the signer name "kubernetes.io/kubelet-serving" are
signed with the client CA. Serving certificates must be signed with the
server CA otherwise e.g. "kubectl logs" fails with the error message
"x509: certificate signed by unknown authority".

Solution:
Instead of providing only one CA via the kube-controller-manager
parameter "--cluster-signing-cert-file", the corresponding CA for every
signer is set with the parameters
"--cluster-signing-kube-apiserver-client-cert-file",
"--cluster-signing-kubelet-client-cert-file",
"--cluster-signing-kubelet-serving-cert-file", and
"--cluster-signing-legacy-unknown-cert-file".

Signed-off-by: Siegfried Weber <mail@siegfriedweber.net>
2021-05-05 15:59:57 -07:00
Akihiro Suda
3cfa76fcbf Add cgroup2 CI (Fedora on Vagrant on GHA)
Add `.github/workflows/cgroup2.yaml` for running Fedora on Vagrant on
GitHub Actions to test cgroup2 environment.

Only very basic smoke tests are executed, as Vagrant is too slow to run
the entire sonobuoy.

Relevant:
- kubernetes-sigs/kind PR 2017
- https://github.com/rootless-containers/usernetes/blob/v20210201.0/.github/workflows/main.yaml

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-05-05 15:53:47 -07:00
Menna Elmasry
17d91c5148
Merge pull request #3270 from MonzElmasry/validate-go-mod-ci
Add ci step to validate incorrect replacement fork
2021-05-05 20:00:45 +02:00
Menna Elmasry
91c5797016
add new-line
Co-authored-by: Brian Downs <brian.downs@gmail.com>
2021-05-05 19:06:12 +02:00
Hussein Galal
f410fc7d1e
Invoke cluster reset function when only reset flag is passed (#3276)
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-05-05 17:40:04 +02:00