Commit Graph

63 Commits

Author SHA1 Message Date
Derek Nola
d13ee64403
Enhance k3s check-config (#7091)
* Move  CONFIG_CGROUP_PIDS to Required

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-03-29 09:55:08 -07:00
Derek Nola
9980504196
Fix to Rotate CA e2e test (#7101)
* Include note on service keys

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Fix rotate cert ca test

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Remove periods

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Add new test to nightly script

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-03-16 17:56:17 -07:00
Richard Steinmetz
a912902aa7
Add missing kernel config checks (#6946)
Add additional kernel config checks for NETFILTER_XT_MATCH_COMMENT and
NETFILTER_XT_MATCH_MULTIPORT as they are both required to run k3s.

Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
2023-03-14 12:55:38 -04:00
Brad Davidson
68fcb48a35 Update/rename certs.sh; add default cert rotation script
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-03-13 16:56:28 -07:00
Brad Davidson
2156015521 Improve default umask for certs.sh
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-14 09:39:41 -08:00
Brad Davidson
1ec242d816 Add example certificate generation script
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-06 15:09:31 -08:00
Derek Nola
fd79a1cfea
Bump testing to opensuse Leap 15.4 (#6337)
* Bump to Leap 15.4 for testing

Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-10-26 08:38:18 -07:00
Luther Monson
9a849b1bb7
[master] changing package to k3s-io (#4846)
* changing package to k3s-io

Signed-off-by: Luther Monson <luther.monson@gmail.com>

Co-authored-by: Derek Nola <derek.nola@suse.com>
2022-03-02 15:47:27 -08:00
Rowan Thorpe
dccee4e87b Fix regression from commit 137e80cd86
Problem:

A false-negative in check-config.sh for cgroups v2 systems was fixed but the
commit introduced a regression based on a small assumption that content of
/sys/fs/cgroup/cgroup.controllers would have the same format as the content
of /proc/self/cgroup. It doesn't.

Solution:

This just tweaks the regex to count occurrences of either cgroup
subsystem-names on each line (as occurs in the sysfs pseudo-file), or those
names with colons either side (as occurs in the procfs pseudo-file).

Signed-off-by: Rowan Thorpe <rowan@rowanthorpe.com>
2021-09-17 11:21:17 -07:00
Rowan Thorpe
137e80cd86 Handle cgroup v1/2/hybrid in check-config.sh more explicitly/accurately
Problem:
 In check-config.sh assumptions are made about cgroups v1/v2/hybrid,
 causes false-negative on pure V2 system.

Solution:
 In check-config.sh implement the same validation as found in
 ./pkg/agent/run.go -> validate(), validateCgroupsV1(), validateCgroupsV2()
 [ which use containerd/cgroups:utils.go -> Mode() ]

Signed-off-by: Rowan Thorpe <rowan@rowanthorpe.com>
2021-09-14 15:53:12 -07:00
Derek Nola
4cc781b5e3
Moved testing utils into tests directory. Improved gotests template. (#3805)
* Moved testing utils into tests directory. Improved gotests template.
* Updated cgroups2 with util folder rename

Signed-off-by: dereknola <derek.nola@suse.com>
2021-08-10 11:13:26 -07:00
Brian Downs
f99b1c8798
add gotests templates (#3709)
add gotests templates
2021-07-24 19:36:36 -07:00
Derek Nola
2afa3dbe1c
Changed iptables version check for fail if version is between 1.8.0 and 1.8.3 and using nf_tables mode (#3425)
Signed-off-by: dereknola <derek.nola@suse.com>
2021-06-10 10:47:03 -07:00
Erik Wilson
f6153201ba Add diagnostics collection scripts
Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>
2020-12-07 11:08:47 -07:00
Erik Wilson
7f0bdf8a1e
check-config: Remove NF_NAT_IPV4 and NF_NAT_NEEDED from kernel check 2020-10-06 14:30:49 -07:00
Jean-Philippe Evrard
eabc82c724 Remove trailing whitespaces
To please my OCD, and remove my editor flashing boxes,
I am removing trailing whitespaces. They have no purpose in life.
2020-05-27 17:27:30 +02:00
Julien DOCHE
55cca7bba3 contrib/ansible: Remove duplication and redirect to new repository
Signed-off-by: Julien DOCHE <julien.doche@gmail.com>
2020-05-12 17:47:20 +02:00
Craig Jellick
ad4c542ad5
Merge pull request #1735 from stellirin/performance
[systemd] Add value to LimitNOFILE due to performance problems
2020-05-06 16:37:37 -07:00
David Nuzik
de48f0c43d
Merge pull request #1730 from geerlingguy/1729-ansible-changed
Fixes #1729: Use 'is changed' instead of non-existent changed filter.
2020-05-04 09:36:38 -07:00
Adam Farden
b4335630b7 [systemd] Add value to LimitNOFILE due to performance problems
When k3s is installed on an OS with default high ulimits, performance
issues can be observed. This was discovered on CoreOS where the default
value is 1073741816. Symptoms include very slow file operations such
as installing a Rook/Ceph cluster will take ~6 hours instead of ~10 minutes.

A google search for 'container LimitNOFILE' will show that most major
projects set this already, including the (unused) containerd systemd unit
found in this repository at /vendor/github.com/containerd/containerd/containerd.service

k3OS is not affected becuasse the default there is already 1048576.

See description in coreos/fedora-coreos-tracker#329
2020-05-03 09:37:00 +02:00
Jeff Geerling
3fef74bcb9 Fix typo in Ansible README file scp command. 2020-05-01 23:02:08 -05:00
Jeff Geerling
27215a5ec0 Fixes #1729: Use 'is changed' instead of non-existent changed filter. 2020-05-01 22:42:42 -05:00
Julien DOCHE
3c98290f0b
contrib/ansible: Add reset role and playbook to reset a node (#1565)
Signed-off-by: Julien DOCHE <julien.doche@gmail.com>
2020-03-25 12:36:28 -07:00
Joakim Roubert
4286ba7163 Fix markdown files according to markdownlint recommendations
There are some issues and quirks in the markdown documentation files
suggested by the markdownlint project checker that might benefit from
being fixed, which this patch does.

Change-Id: I33245825e5bb543b5ce1732204984d4a0b169668
Signed-off-by: Joakim Roubert <joakimr@axis.com>
2020-03-04 11:06:55 +01:00
Arpan Kapoor
d01978147e
Add ExecStartPre to ansible systemd node unit files 2020-03-01 19:32:19 +05:30
Arpan Kapoor
4f57cdd5e0
Add Type and TimeoutStartSec to ansible systemd unit files 2020-03-01 19:31:31 +05:30
Erik Wilson
9a1f9a8a4c
Merge pull request #1430 from St0rmingBr4in/fix-home
contrib/ansible: Fix home path and use kubectl to set the server url in conf
2020-02-24 15:24:33 -07:00
Julien DOCHE
cddcbe7833 contrib/ansible: Add extra_server_args variable
Signed-off-by: Julien DOCHE <julien.doche@gmail.com>
2020-02-17 21:42:40 +01:00
Julien DOCHE
afbef43efd contrib/ansible: Use kubectl to set the server url in conf
Sometimes https://127.0.0.1:6443 can be written in the conf, the regexp does
not account for that.

Signed-off-by: Julien DOCHE <julien.doche@gmail.com>
2020-02-17 20:55:44 +01:00
Julien DOCHE
9c23860ce8 contrib/ansible: Fix home is not necessarily in /home
Signed-off-by: Julien DOCHE <julien.doche@gmail.com>
2020-02-17 20:49:01 +01:00
Julien DOCHE
fd891d0bd9 contrib/ansible: Move example inventory to its own subdirectory
Signed-off-by: Julien DOCHE <julien.doche@gmail.com>
2020-02-16 21:08:42 +01:00
Erik Wilson
5b98d10e4b Warn if NPC can't start rather than fatal error
If the ip_set kernel module is not available we should warn
that the network policy controller can not start rather than
cause a fatal error.

Also adds module probing and config checks for ip_set.
2020-01-14 14:30:12 -07:00
Erik Wilson
3c945476f6 Revert check-config's "Silence modprobe warnings"
This reverts commit 8edbe30c8c.
2019-11-14 10:56:37 -07:00
Erik Wilson
8edbe30c8c Silence modprobe warnings 2019-11-13 17:39:02 -07:00
Erik Wilson
c83ec56cbe Non-fatal warning for check-config modules 2019-11-13 17:08:15 -07:00
Erik Wilson
7b3a2d33d1 Clean up check-config exit code & text 2019-11-13 14:57:58 -07:00
Erik Wilson
cc4026e1e2 Search system path for iptables in check-config 2019-11-13 12:21:56 -07:00
Erik Wilson
a73f8b1773 Update check-config.sh for k3s 2019-11-13 08:34:24 -07:00
Erik Wilson
b0d1ca9c21 Add check-config.sh from moby 2019-11-13 02:16:16 -07:00
James Harrington
8431b0ead0 Fix indentation 2019-10-27 23:34:34 -04:00
Matthias Riegler
5c870d18da CentOS/RHEL compatibility for Ansible roles
- Setting IPv4 & IPv6 forwarding
- Setting `sysctl:net.bridge.bridge-nf-call-iptables` and `bridge-nf-call-ip6tables` to enabled since it is disabled by default on some CentOS systems
2019-09-29 00:19:18 +02:00
Erik Wilson
9c99578bd6 Update k3s v0.8.0 to v0.8.1 2019-08-20 17:32:49 -07:00
Erik Wilson
7028320ca3 Update v0.7.0 to v0.8.0 2019-08-05 15:11:49 -07:00
Erik Wilson
23501c08cb
Merge pull request #662 from cryptk/systemd-delay
Add a little extra delay between restart attempts
2019-07-27 07:57:45 -07:00
Chris Jowett
612b2c1596 Add RestartSec to ansible systemd unit files 2019-07-26 13:05:54 -05:00
Thorsten Schifferdecker
f2654b039f
bump k3s versions to v0.7.0 2019-07-23 23:38:15 +02:00
Pieter van der Merwe
db5f6c6e5c Createsymlinks for kubectl and crictl 2019-07-13 21:10:33 +02:00
Pieter van der Merwe
2714ae68f9 Add wait for node-token file 2019-07-07 17:24:37 +02:00
Ted Wexler
122b8c36b0
Fix an inconsistency in contrib/ansible/README.md
The example inventory uses the group `kube-cluster`, but the playbooks references `k3s-cluster`. This resolves the inconsistency.
2019-06-24 19:24:47 -04:00
Thorsten Schifferdecker
ca4620b6c3 update to v0.6.1 2019-06-24 07:09:47 +02:00