1071 Commits

Author	SHA1	Message	Date
Brad Davidson	0c9b43746b	Preload iptable_filter/ip6table_filter ... ServiceLB now requires this module, but it will not get autoloaded by the kubelet if the host is using nftables. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-12-13 12:51:00 -08:00
Hussein Galal	f8b661d590	Update to v1.26.0-k3s1 (#6370) ... * Update to v1.26.0-alpha.2 Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * go generate Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Default CURRENT_VERSION to VERSION_TAG for alpha versions Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * remove containerd package Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Update k8s to v1.26.0-rc.0-k3s1 cri-tools cri-dockerd and cadvisor Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * replace cri-api reference to the new api Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * go mod tidy Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Fix version script to allow rc and alphas Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Fix version script to allow rc and alphas Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Fix version script to allow rc and alphas Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Update to Kubernetes 1.26.0-rc.1 Signed-off-by: Brad Davidson <brad.davidson@rancher.com> * Undo helm-controller pin Signed-off-by: Brad Davidson <brad.davidson@rancher.com> * Bump containerd to -k3s2 for stargz fix Signed-off-by: Brad Davidson <brad.davidson@rancher.com> * DevicePlugins featuregate is locked to on Signed-off-by: Brad Davidson <brad.davidson@rancher.com> * Bump kine for DeleteRange fix Signed-off-by: Brad Davidson <brad.davidson@rancher.com> * Update to v1.26.0-k3s1 Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * go mod tidy Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Bring back snapshotter checks and update golang to 1.19.4 Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * fix windows containerd snapshotter checks Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> Signed-off-by: Brad Davidson <brad.davidson@rancher.com> Co-authored-by: Brad Davidson <brad.davidson@rancher.com>	2022-12-10 01:42:15 +02:00
Derek Nola	b5d39df929	Deprecation of etcd-snapshot command in v1.26 (#6575) ... * Consolidate etcd snapshot commands * Consolidate secrets encryption commands * Move etcd-snapshot to fatal error stage. Signed-off-by: Derek Nola <derek.nola@suse.com>	2022-12-05 15:28:01 -08:00
Derek Nola	d723775792	Remove deprecated flags in v1.26 (#6574) ... * Remove NoFlannel * Remove cluster-secret * Remove no-deploy * Remove disable-selinux * Convert wireguard to fatal error * Remove reference to no-op K3S_CLUSTER_SECRET Signed-off-by: Derek Nola <derek.nola@suse.com>	2022-12-05 14:01:01 -08:00
Brad Davidson	2835368ecb	Bump k3s-root and remove embedded strongswan support ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-12-01 12:40:40 -08:00
Derek Nola	af8f101bdc	Mark secrets-encryption flag as GA (#6582) ... * Mark secrets-encrypt flag as GA Signed-off-by: Derek Nola <derek.nola@suse.com>	2022-12-01 08:50:51 -08:00
Brad Davidson	915c7719fe	go generate ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-11-30 15:09:32 -08:00
Brad Davidson	1eeea5c81f	go generate ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-11-30 15:09:32 -08:00
Brad Davidson	e08a662509	Disable CCM metrics port when legacy CCM functionality is disabled ... Prevents port conflicts on upgrade for users that have deployed other cloud controllers. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-11-30 15:08:31 -08:00
Brad Davidson	a07bb555ba	Bump klipper-helm and klipper-lb versions ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-11-23 14:55:59 -08:00
Derek Nola	614da78e43	Add prefer-bundled-bin as an agent flag (#6545) ... * Add prefer-bundled-bin as an agent flag * Add E2E test for prefer-bundled-bin Signed-off-by: Derek Nola <derek.nola@suse.com>	2022-11-22 13:43:16 -08:00
Manuel Buil	1beecb2e2d	Merge pull request #6531 from manuelbuil/fixLogs ... Fix log for flannelExternalIP use case	2022-11-22 16:54:26 +01:00
Manuel Buil	483e29e783	Remove stuff which belongs in the windows executor implementation ... Signed-off-by: Manuel Buil <mbuil@suse.com>	2022-11-22 12:32:13 +01:00
Brad Davidson	9ff0943d56	Address nits from self-review ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-11-21 15:23:30 -08:00
Brad Davidson	56bf7d6ad3	Allow agent to run rootless ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-11-21 15:23:30 -08:00
Brad Davidson	6f2b21c5cd	Add rootless IPv6 support ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-11-21 15:23:30 -08:00
Brad Davidson	c02dceb7ad	Make rootless settings configurable ... Add enivironment variables for port-driver, cidr, mtu, and disable-host-loopback settings. Since rootless is still experimental, I don't think they deserve full CLI flag status. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-11-21 15:23:30 -08:00
Brad Davidson	73171ff20a	go generate ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-11-21 13:44:54 -08:00
Derek Nola	0f52088cd3	Add new prefer-bundled-bin experimental flag (#6420) ... * initial prefer-bundled-bin ci change * Add startup testlet * Convert parsing to pflag library * Fix code validation * go mod tidy Signed-off-by: Derek Nola <derek.nola@suse.com>	2022-11-21 13:01:36 -08:00
Manuel Buil	5188443988	Fix log for flannelExternalIP use case ... Signed-off-by: Manuel Buil <mbuil@suse.com>	2022-11-21 17:10:35 +01:00
Manuel Buil	e41e4010e5	Revert "Remove stuff which belongs in the windows executor implementation" ... This reverts commit 1bc0684fb7. Signed-off-by: Manuel Buil <mbuil@suse.com>	2022-11-15 21:40:42 +01:00
Manuel Buil	9419b1a936	Merge pull request #6492 from manuelbuil/removeWinStuff ... Remove stuff which belongs in the windows executor implementation	2022-11-15 12:07:17 +01:00
Brad Davidson	adb820d859	Bump traefik chart to 19.0.4 to fix kubernetes version check ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-11-14 13:42:24 -08:00
Manuel Buil	1bc0684fb7	Remove stuff which belongs in the windows executor implementation ... Signed-off-by: Manuel Buil <mbuil@suse.com>	2022-11-14 15:52:04 +01:00
Derek Nola	13c633da12	Add Secrets Encryption to CriticalArgs (#6409) ... * Add EncryptSecrets to Critical Control Args * use deep comparison to extract differences Signed-off-by: Derek Nola <derek.nola@suse.com> Signed-off-by: Derek Nola <derek.nola@suse.com>	2022-11-04 10:35:29 -07:00
Manuel Buil	861f8ed8f8	Merge pull request #6386 from manuelbuil/changeAddrTypesMetricsServer ... Change addr types in metrics server	2022-11-04 11:11:21 +01:00
thomasferrandiz	b7d217dbf3	Merge pull request #6405 from thomasferrandiz/log-kube-router-version ... log kube-router version when starting netpol controller	2022-11-04 11:07:37 +01:00
Manuel Buil	8aff25e192	Merge pull request #6403 from manuelbuil/logsFlannelExternalIP ... Avoid wrong config for `flannel-external-ip` and add warning if unencrypted backend	2022-11-04 09:47:30 +01:00
Manuel Buil	557fcd28d5	Change the priority of address types depending on flannel-external-ip ... Signed-off-by: Manuel Buil <mbuil@suse.com>	2022-11-04 09:02:39 +01:00
Manuel Buil	1682172ac1	Add some helping logs to avoid wrong configs ... Signed-off-by: Manuel Buil <mbuil@suse.com>	2022-11-03 18:09:17 +01:00
Roberto Bonafiglia	87c7ea81f0	Updated flannel version to 0.20.1 ... Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>	2022-11-03 17:49:26 +01:00
Thomas Ferrandiz	68ac954489	log kube-router version when starting netpol controller ... Signed-off-by: Thomas Ferrandiz <thomas.ferrandiz@suse.com>	2022-11-03 12:26:50 +01:00
Brad Davidson	d7dbf69f7f	go generate ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-11-02 11:29:05 -07:00
iyear	3aae7b8783	Fix incorrect defer usage ... Problem: Using defer inside a loop can lead to resource leaks Solution: Judge newer file in the separate function Signed-off-by: iyear <ljyngup@gmail.com>	2022-11-01 16:23:25 -07:00
Brad Davidson	cb86d2c1f0	Bump traefik to v2.9.4 / chart v18.3.0 ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-11-01 16:05:45 -07:00
Petri Kivikangas	6156059136	Convert containerd config.toml.tmpl Linux template to v2 syntax ... Signed-off-by: Petri Kivikangas <36138+Kitanotori@users.noreply.github.com>	2022-10-27 16:55:03 -07:00
Brad Davidson	76729d813b	Set default kubeletPort ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-10-26 15:08:13 -07:00
Brad Davidson	269563e4d2	Check for RBAC before starting tunnel controllers ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-10-26 15:08:13 -07:00
Brad Davidson	68a56ff8d8	Add GVK lookup to deploy controller ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-10-26 15:08:13 -07:00
Brad Davidson	8d28a38a18	Update helm-controller to pull in refactor ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-10-26 15:03:13 -07:00
Brad Davidson	16a8b6d6f1	Bump Traefik helm chart to v18.0.0 ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-10-26 13:38:13 -07:00
Brad Davidson	f2585c1671	Add --flannel-external-ip flag ... Using the node external IP address for all CNI traffic is a breaking change from previous versions; we should make it an opt-in for distributed clusters instead of default behavior. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-10-24 10:10:49 -07:00
Brad Davidson	e8c250b8dc	Fix RBAC to allow removal of legacy finalizer ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-10-20 16:12:28 -07:00
Brad Davidson	3c0cd6f2dc	Return ProviderID in URI format ... The InstancesV1 interface handled this for us by combining the ProviderName and InstanceID values; the new interface requires us to do it manually Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-10-17 11:05:09 -07:00
Brad Davidson	f25419ca2c	Add ServiceAccount for svclb pods ... For 1.24 and earlier, the svclb pods need a ServiceAccount so that we can allow their sysctls in PSPs Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-10-10 17:40:39 -07:00
Derek Nola	06d81cb936	Replace deprecated ioutil package (#6230) ... * Replace ioutil package * check integration test null pointer * Remove rotate retries Signed-off-by: Derek Nola <derek.nola@suse.com>	2022-10-07 17:36:57 -07:00
Brad Davidson	25e83cfa4f	Bump traefik to 2.9.1 / chart 12.0.0 ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-10-06 16:20:21 -07:00
Brad Davidson	b411864be5	Handle custom kubelet port in agent tunnel ... The kubelet port can be overridden by users; we shouldn't assume its always 10250 Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-10-05 21:10:38 -07:00
Brad Davidson	11072e2516	Fix occasional "TLS handshake error" in apiserver network proxy. ... We should be reading from the hijacked bufio.ReaderWriter instead of directly from the net.Conn. There is a race condition where the underlying http handler may consume bytes from the hijacked request stream, if it comes in the same packet as the CONNECT header. These bytes are left in the buffered reader, which we were not using. This was causing us to occasionally drop a few bytes from the start of the tunneled connection's client data stream. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-10-05 21:10:38 -07:00
Brad Davidson	f633732d80	Use structured logging instead of logrus for event recorders ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-10-04 10:26:17 -07:00