Commit Graph

1539 Commits

Author SHA1 Message Date
Brad Davidson
c72c1867d8 Add GH auth for Trivy
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-09 12:30:39 -08:00
David Nuzik
8e05adc6b5
Merge pull request #2487 from brandond/v1.19.3+k3s2-stable
Mark the latest v1.19.x release as stable
2020-11-09 12:15:02 -07:00
Jacob Blain Christen
ce5c8efbcf
cri: bump to updated fork (#2478)
Addresses rancher/k3s#2240

Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-11-09 10:19:00 -07:00
Brad Davidson
95c0118ba7 Mark the latest v1.19.x release as stable
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-06 16:21:02 -08:00
Brad Davidson
fcb864a5e2
Update sonobuoy version and use rancher mirrored image (#2482)
* Update sonobuoy version
* Use upstream tag for Kubernetes version instead of replacement tag
    Allows building against upstream alpha/beta/rc releases
* Use env variable for sonobuoy version
* Bump version for QA e2e tests

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-06 13:33:31 -08:00
Brad Davidson
50ea2d8164 Fix size check and make script shell consistent
Related to #2205

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-05 15:51:10 -08:00
Brad Davidson
3e4fd7b41f Respect --data-dir path for crictl.yaml
Related to rancher/rke2#474

Note that anyone who customizes the data-dir path will have to set
CRI_CONFIG_FILE to the correct path when using the wrapped binaries
(crictl, etc). This is better than dropping files in the incorrect
location.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-05 15:51:10 -08:00
Brad Davidson
f50e3140f9 Disable configure-cloud-routes and external service/route programming support when using k3s stub cloud controller
Resolves warning 3 from #2471

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-05 15:51:10 -08:00
Brad Davidson
31575e407a Add Cluster ID support to k3s stub cloud controller
Resolves warning 2 from #2471.

As per https://github.com/kubernetes/cloud-provider/issues/12 the
ClusterID requirement was never really followed through on, so the
flag is probably going to be removed in the future.

One side-effect of this is that the core k8s cloud-controller-manager
also wants to watch nodes, and needs RBAC to do so.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-05 15:51:10 -08:00
Brad Davidson
5b318d093f Fix containerd sock path warning
Resolves warning 1 from #2471

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-05 15:51:10 -08:00
Brad Davidson
d1424626ac Disable containerd experimental snapshot labels
Related to #2455 and containerd/containerd#4684

These were not meant to be enabled by default, break images with many
layers, and will be disabled by default on the next containerd release.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-05 15:51:10 -08:00
Brad Davidson
3b8ec74049 Update disables list when building with no_stage
The --disable/--no-deploy flags actually turn off some built-in
controllers, in addition to preventing manifests from getting loaded.
Make it clear which controllers can still be disabled even when the
packaged components are ommited by the no_stage build tag.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-04 13:39:45 -08:00
Chris Kim
ea916030c2
Merge pull request #2456 from Oats87/fix-rpm-install
Support k3s-selinux rpm install more effectively
2020-10-29 12:49:18 -04:00
Chris Kim
a8275838d5 Add additional conditional logic to install.sh to prevent errors on Fedora or systems when run as non-root
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-10-29 07:30:03 -07:00
Euan Kemp
0521756dd9 Use 'rm' from path in go generate
/bin/rm is less portable. On some distros, like nixos, it doesn't exist
at all.

Signed-off-by: Euan Kemp <euank@euank.com>
2020-10-29 00:07:46 -07:00
Menna Elmasry
523ccaf3f2
Merge pull request #2448 from MonzElmasry/new_b
Make etcd use node private ip
2020-10-29 00:23:56 +02:00
Ranjib Dey
dcff6e7047 remove duplicate systemd directives
Signed-off-by: Ranjib Dey ranjib@linux.com
2020-10-28 14:53:01 -07:00
MonzElmasry
e8436cc76b
Make etcd use node private ip
Signed-off-by: MonzElmasry <menna.elmasry@rancher.com>
2020-10-28 23:45:24 +02:00
Chris Kim
05d775b31e
Merge pull request #2441 from Oats87/disable-rpm
Disable RPM publishing
2020-10-28 16:07:53 -04:00
Brad Davidson
7a5a9033a7 Update kine to v0.5.0
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-10-28 13:03:47 -07:00
Chris Kim
f981043b89 Remove RPM publishing from .drone.yml
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-10-28 14:27:08 -04:00
Chris Kim
7b8a147a1b
Merge pull request #2408 from Oats87/rpm-install-selinux
Add auto-install capability to install.sh for k3s-selinux
2020-10-28 14:24:09 -04:00
Hussein Galal
fcd18d1b6e
skip node delete from removed member (#2413)
* skip node delete from removed member

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* use grpc errors

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* go imports

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* exit if node is the etcd that being removed

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2020-10-28 18:32:51 +02:00
Chris Kim
96fc4c4b21 Add iptable_nat to modprobe list
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-10-27 14:22:14 -04:00
Chris Kim
38109e6c9d Add auto-install capability to install.sh for k3s-selinux
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-10-27 14:22:14 -04:00
Brad Davidson
de18528412
Make etcd voting members responsible for managing learners (#2399)
* Set etcd timeouts using values from k8s instead of etcdctl
  Fix for one of the warnings from #2303
* Use etcd zap logger instead of deprecated capsnlog
  Fix for one of the warnings from #2303
* Remove member self-promotion code paths
* Add learner promotion tracking code
* Fix RaftAppliedIndex progress check
* Remove ErrGRPCKeyNotFound check
  This is not used by v3 API - it just returns a response with 0 KVs.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-10-27 11:06:26 -07:00
Brad Davidson
03f05f9337 Update Kubernetes to v1.19.3-k3s1
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-10-16 13:18:59 -07:00
Jeremy Katz
b1a7161ccc Add information on reporting security issues
Signed-off-by: Jeremy Katz <jeremy@tidelift.com>
2020-10-16 11:46:16 -07:00
Brian Downs
0063646628
Merge pull request #2396 from briandowns/issue-831
Update kine to v0.4.1
2020-10-15 13:39:08 -07:00
Brian Downs
0363da5196 run go mod tidy
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-10-15 13:03:26 -07:00
Brian Downs
299fe83a1f update kine to v0.4.1
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-10-15 10:34:24 -07:00
Erik Wilson
6b11d86037
Merge pull request #2377 from erikwilson/no-proxy-fix
Use no_proxy env, add .svc and cluster domains
2020-10-12 13:46:22 -07:00
Erik Wilson
56e077eb29
Use no_proxy env, add .svc and cluster domains 2020-10-12 11:02:07 -07:00
Erik Wilson
114b5ccad1
Merge pull request #2363 from erikwilson/netpol-informers
Add event handlers to network policy controller
2020-10-12 08:53:39 -07:00
Erik Wilson
e26e333b7e
Add network policy controller CacheSyncOrTimeout 2020-10-07 12:35:44 -07:00
Erik Wilson
045cd49ab5
Add event handlers to network policy controller 2020-10-07 12:10:27 -07:00
Erik Wilson
f4e7eaa283
Merge pull request #2358 from erikwilson/check-config-1291
check-config: Remove NF_NAT_IPV4 and NF_NAT_NEEDED from kernel check
2020-10-06 16:02:33 -07:00
Erik Wilson
7f0bdf8a1e
check-config: Remove NF_NAT_IPV4 and NF_NAT_NEEDED from kernel check 2020-10-06 14:30:49 -07:00
Erik Wilson
154b395c03
Merge pull request #2349 from erikwilson/fix-data-extract
Fix race condition in data extraction
2020-10-06 12:40:47 -07:00
Erik Wilson
95b895038c
Add locking and verification for data directory extraction 2020-10-06 10:29:27 -07:00
Erik Wilson
ce0da0a0f4
Add file verification for data directory 2020-10-06 10:29:27 -07:00
Erik Wilson
66d29148f7
Add Release function for flock 2020-10-06 10:29:27 -07:00
Erik Wilson
360d82d20e
Add flock from k8s.io/kubernetes/pkg/util/flock 2020-10-06 10:29:26 -07:00
Brad Davidson
c3c983198f Add temporary fix for issue with interrupted etcd promote
This is a minimal fix for https://github.com/rancher/rke2/issues/392

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-30 11:45:58 -07:00
Hussein Galal
373449ec0a
Allow for multiple etcd snapshot restoration (#2307)
* add reset tmp file

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* go imports

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix multiple lines string

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix typo

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* use resetFile function

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2020-09-30 02:53:31 +02:00
Brad Davidson
8262e23169
Revert removal of EndpointName hooks (#2319)
* Revert "Remove dead EndpointName code"
    This reverts commit 8025da5a8d.
* Fix docstrings based on proper understanding of use
2020-09-28 18:13:55 -07:00
Brad Davidson
714227bdc7
Merge pull request #2300 from brandond/fix_2249
Fix managed etcd cold startup deadlock issue #2249
2020-09-28 10:56:51 -07:00
Brad Davidson
360b0f1ee5 Add timeout to clientaccess http client
The default http client does not have an overall request timeout, so
connections to misbehaving or unavailable servers can stall for an
excessive amount of time. At the moment, just attempting to join
an unavailable cluster takes 2 minutes and 40 seconds to timeout.

Resolve that by setting a reasonable request timeout.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:26:27 -07:00
Brad Davidson
cdfc6cfa1a Split clientaccess token/kubeconfig code
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:26:27 -07:00
Brad Davidson
45dd4afe50 Simplify token parsing
Improves readability, reduces round-trips to the join server to validate certs.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:26:24 -07:00