Mirror/k3s
1
0
Fork 0
mirror of https://github.com/k3s-io/k3s.git synced 2024-06-07 19:41:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,039 Commits 27 Branches 785 Tags 625 MiB
d85b2468ea
Commit Graph

57 Commits

Author SHA1 Message Date
Brad Davidson
73e21e739f Drop broken SupportNoneCgroupDriver support 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-09-23 16:12:51 -07:00
Brad Davidson
199424b608 Pass context into all Executor functions 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-09-14 16:41:27 -07:00
Brad Davidson
90960ebf4e SupportPodPidsLimit is locked to true of 1.20, making pids cgroup support mandatory 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-09-09 11:49:53 -07:00
Kohei Tokunaga
8b857eef9c
Ship Stargz Snapshotter (#2936) 
* Ship Stargz Snapshotter

Signed-off-by: ktock <ktokunaga.mail@gmail.com>

* Bump github.com/containerd/stargz-snapshotter to v0.8.0

Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
 2021-09-01 16:27:42 -07:00
Akihiro Suda
176451f4ea
Fix rootless regression in 1.22 (Set KubeletInUserNamespace gate) (#3901) 
Fix issue 3900

Kubernetes 1.22 requires `KuebletInUserNamespace` feature gate to be set for rootless:
https://kubernetes.io/docs/tasks/administer-cluster/kubelet-in-userns/#userns-the-hard-way

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2021-08-24 08:27:17 -07:00
Brad Davidson
e204d863a5 Update Kubernetes to v1.22.1 
* Update Kubernetes to v1.22.1
* Update dependent modules to track with upstream

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-08-20 18:47:16 -07:00
Jamie Phillips
ae909c73e5 Updated the code to use GetNetworkByName and tweaked logic. 
Updated the method being called and tweaked the logic.

Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>
 2021-08-10 13:53:08 -07:00
Jamie Phillips
7704fb6ee5
Exporting the AddFeatureGate function and adding a unit test for it. (#3661) 2021-07-28 13:04:42 -07:00
Jamie Phillips
fc19b805d5
Added logic to strip any existing hyphens before processing the args. (#3662) 
Updated the logic to handle if extra args are passed with existing hyphens in the arg. The test was updated to add the additional case of having pre-existing hyphens. The method name was also refactored based on previous feedback.
 2021-07-28 13:04:19 -07:00
Brad Davidson
90445bd581
Wait until server is ready before configuring kube-proxy (#3716) 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-07-27 14:56:05 -07:00
Jamie Phillips
a62d143936 Fixing various bugs related to windows. 
This changes the crictl template for issues with the socket information. It also addresses a typo in the socket address. Last it makes tweaks to configuration that aren't required or had incorrect logic.

Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>


spelling
 2021-07-07 15:50:34 -07:00
Jamie Phillips
82394d7d36 Basic windows agent that will join a cluster without CNI. 
Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>
 2021-06-23 09:07:50 -07:00
Jamie Phillips
7345ac35ae
Initial windows support for agent (#3375) 
Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>
 2021-06-01 12:29:46 -07:00
Brad Davidson
7e175e8ad4 Handle conntrack-related sysctls in supervisor agent setup 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-05-18 13:40:44 -07:00
Brad Davidson
02a5bee62f
Add system-default-registry support and remove shared code (#3285) 
* Move registries.yaml handling out to rancher/wharfie
* Add system-default-registry support
* Add CLI support for kubelet image credential providers

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-05-10 15:58:41 -07:00
Brad Davidson
2705431d96
Add support for dual-stack Pod/Service CIDRs and node IP addresses (#3212) 
* Add support for dual-stack cluster/service CIDRs and node addresses

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-04-21 15:56:20 -07:00
Akihiro Suda
6e8284e3d4 rootless: enable resource limitation (requires cgroup v2, systemd) 
Now rootless mode can be used with cgroup v2 resource limitations.
A pod is executed in a cgroup like "/user.slice/user-1001.slice/user@1001.service/k3s-rootless.service/kubepods/podd0eb6921-c81a-4214-b36c-d3b9bb212fac/63b5a253a1fd4627da16bfce9bec58d72144cf30fe833e0ca9a6d60ebf837475".

This is accomplished by running `kubelet` in a cgroup namespace, and enabling `cgroupfs` driver for the cgroup hierarchy delegated by systemd.

To enable cgroup v2 resource limitation, `k3s server --rootless` needs to be launched as `systemctl --user` service.
Please see the comment lines in `k3s-rootless.service` for the usage.

Running `k3s server --rootless` via a terminal is not supported.
When it really needs to be launched via a terminal, `systemd-run --user -p Delegate --tty` needs to be prepended to create a systemd scope.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2021-03-24 00:37:30 -07:00
Hussein Galal
5749f66aa3
Add disable flags for control components (#2900) 
* Add disable flags to control components

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* golint

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fixes to disable flags

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Add comments to functions

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Fix joining problem

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* golint

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix ticker

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix role labels

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
 2021-02-12 17:35:57 +02:00
Brad Davidson
e06119729b
Improve handling of comounted cpu,cpuacct controllers (#2911) 
* Improve handling of comounted cpu,cpuacct controllers

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-02-09 16:12:58 -08:00
Akihiro Suda
f3c41b7650 fix cgroup2 support 
Fix issue 900

cgroup2 support was introduced in PR 2584, but got broken in f3de60ff31

It was failing with "F1210 19:13:37.305388    4955 server.go:181] cannot set feature gate SupportPodPidsLimit to false, feature is locked to true"

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2021-01-25 22:45:07 -08:00
Brad Davidson
8011697175 Only container-runtime-endpoint wants RuntimeSocket path as URI 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-01-22 18:56:30 -08:00
Chris Kim
61ef2ce95e use version.Program 
Signed-off-by: Chris Kim <oats87g@gmail.com>
 2020-12-09 12:34:13 -08:00
Chris Kim
48925fcb88
Simplify checkCgroups function call 
Co-authored-by: Brian Downs <brian.downs@gmail.com>
 2020-12-09 11:59:54 -08:00
Chris Kim
a3f87a81bd Independently set kubelet-cgroups and runtime-cgroups, and detect if we are running under a systemd scope 
Signed-off-by: Chris Kim <oats87g@gmail.com>
 2020-12-09 11:39:33 -08:00
Chris Kim
3d1e40eaa3 Handle the case when systemd lives under /init.scope 
Signed-off-by: Chris Kim <oats87g@gmail.com>
 2020-12-08 10:26:54 -08:00
Chris Kim
f3de60ff31 When there is a defined cgroup for PID 1, assume we are containerized and set a root 
Signed-off-by: Chris Kim <oats87g@gmail.com>
 2020-12-07 13:15:15 -08:00
Brian Downs
5a81fdbdc5 update cis flag implementation to propogate the rest of the way through to kubelet 
Signed-off-by: Brian Downs <brian.downs@gmail.com>
 2020-07-20 16:31:56 -07:00
Darren Shepherd
afd6f6d7e7 Encapsulate execution logic 
This moves all the calls to cobra root commands to one package
so that we can change the behavior of running components as embedded
or external.
 2020-05-05 15:34:32 -07:00
Darren Shepherd
70ddc799bd
Merge pull request #1691 from ibuildthecloud/staticpod 
Suppport static pods at ${datadir}/agent/staticpods
 2020-05-05 14:35:45 -07:00
Darren Shepherd
8c7fbe3dde Suppport static pods at ${datadir}/agent/pod-manifests 2020-05-05 12:43:47 -07:00
Darren Shepherd
5715e1ba0d Add ability to disable kubeproxy 2020-04-27 11:24:00 -07:00
Erik Wilson
fa03a0df3c Run kubelet with containerd flag 
The containerd flag was accidentally added to kubelet and is
deprecated, but needed for cadvisor to properly connect with
the k3s containerd socket, so adding for now.
 2020-01-16 10:25:57 -07:00
Erik Wilson
76281bf731 Update k3s for k8s 1.17.0 2019-12-15 23:28:19 -07:00
Erik Wilson
2de93d70cf Allow --pause-image to set docker sandbox image also 2019-12-10 16:16:26 -07:00
Erik Wilson
55c05ac500 Refactor node password location 2019-11-12 15:30:34 -07:00
Akihiro Suda
aafccdbccb rootless: add kubelet flags automatically 
Fix https://github.com/rancher/k3s/issues/784

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2019-10-25 17:10:14 +09:00
galal-hussein
d2c1f66496 Add k3s cloud provider 2019-10-16 21:13:15 +02:00
Darren Shepherd
a51a2eaaad Add anonymous-auth=false and remove NodeRestriction 2019-08-28 20:53:37 -07:00
YAMAMOTO Takashi
fc8eddae29 Appease kubelet warnings on docker for mac 
On my environment, the name=systemd entry in /proc/self/cgroup
looks like:

	13:name=systemd:/docker/917b388b40c70b17a3283d852d38bfcdc84d1bf8242e32a779eacd98a610e499

Kubelet periodically complains like:

	E0802 06:42:52.667123       1 summary_sys_containers.go:47] Failed to get system container stats for "/docker/917b388b40c70b17a3283d852d38bfcdc84d1bf8242e32a779eacd98a610e499/kube-proxy": failed to get cgroup stats for "/docker/917b388b40c70b17a3283d852d38bfcdc84d1bf8242e32a779eacd98a610e499/kube-proxy": failed to get container info for "/docker/917b388b40c70b17a3283d852d38bfcdc84d1bf8242e32a779eacd98a610e499/kube-proxy": unknown container "/docker/917b388b40c70b17a3283d852d38bfcdc84d1bf8242e32a779eacd98a610e499/kube-proxy"
 2019-08-02 16:22:51 +09:00
Erik Wilson
2c9444399b Refactor certs 2019-06-25 15:04:04 -07:00
galal-hussein
930093dfe9 Expose node labels and taints and add node roles 2019-05-08 01:47:07 +02:00
galal-hussein
191ac9371a Add cni plugin to kubelet if docker is used 2019-04-30 22:12:02 +02:00
Erik Wilson
c9941895d6 Bind kubelet to all interfaces and use webhook auth 2019-04-26 15:02:30 -07:00
Erik Wilson
1b2db423de Add node name to node cert generation 2019-04-19 18:20:34 +00:00
Darren Shepherd
be24f837bb
Merge pull request #349 from erikwilson/missing-cgroup-pids-fix 
Check for cgroup pids support
 2019-04-15 15:52:07 -07:00
Erik Wilson
4bba04023d Check for cgroup pids support 
If cgroup pids are not supported add a feature-gates flag
SupportPodPidsLimit=false for kubelet.
 2019-04-15 22:26:50 +00:00
Marco Mancini
b445bad171 Add --cluster-domain option 2019-04-12 08:06:35 +02:00
Erik Wilson
c48739206a Enable aggregation layer 
Configure kube-apiserver, kubelets, and kube-proxy for use with
aggregation layer in order for metrics-server deployment to function
correctly.
 2019-04-11 22:43:31 +00:00
Darren Shepherd
046a817818 Add rootless support 2019-04-09 10:38:04 -07:00
galal-hussein
7794528aa1 Add extra flags for server and agent components 2019-04-09 08:20:38 +02:00