Mirror/k3s
1
0
Fork 0
mirror of https://github.com/k3s-io/k3s.git synced 2024-06-07 19:41:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,763 Commits 27 Branches 785 Tags 625 MiB
e9958cf070
Commit Graph

1143 Commits

Author SHA1 Message Date
Derek Nola
3d425e5d20
Secrets Encryption: Add RetryOnConflict around updating nodes (#5495) 
* Add RetryOnConflict around updating nodes

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2022-04-22 16:32:10 -07:00
Brad Davidson
f2ceeb01d9
Fix issue with long-running apiserver endpoints watch (#5478) 
Use ListWatch helpers to retry when the watch channel is closed.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-04-21 09:24:34 -07:00
Derek Nola
93f9562272
Update Kubernetes to v1.23.6 (#5477) 
* Go generate
* Update tags to k3s-io for v1.23.6

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2022-04-21 08:53:26 -07:00
Manuel Buil
6a8de31a92
Fix default ipv6 cidr (#5467) 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2022-04-20 08:41:41 -07:00
Sakala Venkata Krishna Rohit
3e3549e45c
Add s390x arch support for k3s (#5018) 
* Update docs to include s390x arch

Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>

* Add s390x drone pipeline

Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>

* Install trivy linux arch only for amd64

This is done so that trivy is not installed for s390x arch

Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>

* Add s390x arch if condition for Dockerfile.test

Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>

* Add s390x arch in install script

Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>

* Add s390x GOARCH in build script

Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>

* Add SUFFIX s390x in scripts

Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>

* Skip image scan for s390x arch

Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>

* Update klipper-lb to version v0.3.5

Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>

* Update traefik version to v2.6.2

Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>

* Update registry to v2.8.1 in tests which supports s390x

Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>

* Skip compact tests for s390x arch

This is done because compact test require a previous k3s version which supports s390x and it is not available

Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
 2022-04-15 09:41:40 -07:00
Brad Davidson
7760e2177a Bump etcd to 3.5.3-k3s1 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-04-15 01:53:18 -07:00
Brad Davidson
b12cd62935 Move IPv4/v6 selection into helpers 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-04-15 01:02:42 -07:00
Brad Davidson
7e447692c5 Fix issue with RKE2 servers hanging on listing apiserver addresses 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-04-15 01:02:42 -07:00
Brad Davidson
5b2c14b123 Print a helpful error when trying to join additional servers but etcd is not in use 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-04-15 01:02:42 -07:00
Brad Davidson
99851b0f84 Use core constants for cert user/group values 
Also update cert gen to ensure leaf certs are regenerated if other key fields change.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-04-15 01:02:42 -07:00
Terry Cain
b6e71ef990 Added support for repeated extra arguments 
Problem:
Specifying extra arguments for the API server for example is not supported as
the arguments get stored in a map before being passed to the API server.

Solution:
Updated the GetArgs function to store the arguments in a map that can have
multiple values. Some more logic is added so that repeated extra arguments
retain their order when sorted whilst overall the arguments can still be
sorted for improved readability when logged.

Support has been added for prefixing and suffixing default argument values
by using -= and += when specifying extra arguments.

Signed-off-by: Terry Cain <terry@terrys-home.co.uk>
 2022-04-14 13:59:57 -07:00
Roberto Bonafiglia
e4d2824fb6
Merge pull request #5420 from rbrtbnfgl/etcd-default-endpoint 
Added default endpoint for IPv6
 2022-04-14 18:50:12 +02:00
Roberto Bonafiglia
9c9adda61b Added default endpoint for IPv6 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2022-04-14 09:58:40 +02:00
Roberto Bonafiglia
dfb779d09d
Merge pull request #5422 from rbrtbnfgl/fix-flannel-backend-help 
Fixed flannel backend helper text
 2022-04-14 09:06:40 +02:00
Dirk Müller
fa0fa8b1d0 Update golangci-lint to 1.45.2 
This requires a further set of gofmt -s improvements to the
code, but nothing major. golangci-lint 1.45.2 brings golang 1.18
support which might be needed in the future.

Signed-off-by: Dirk Müller <dirk@dmllr.de>
 2022-04-13 14:48:42 -07:00
Roberto Bonafiglia
8767395d40 Fixed flannel backend helper text 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2022-04-13 09:38:22 +02:00
Deshi Xiao
c1095dd015
fix: non-idiomatic returning of boolean expression (#5343) 
should use 'return disables[baseName]' instead of 'if disables[baseName] { return true }; return false'

Signed-off-by: Deshi Xiao <xiaods@gmail.com>
 2022-04-11 12:46:29 -07:00
Roberto Bonafiglia
2037e9179a
Merge pull request #5391 from rbrtbnfgl/wireguard-update 
Add wireguard native flannel backend
 2022-04-08 09:13:04 +02:00
Brad Davidson
f37e7565b8 Move the apiserver addresses controller into the etcd package 
This controller only needs to run when using managed etcd, so move it in
with the rest of the etcd stuff. This change also modifies the
controller to only watch the Kubernetes service endpoint, instead of
watching all endpoints in the entire cluster.

Fixes an error message revealed by use of a newer grpc client in
Kubernetes 1.24, which logs an error when the Put to etcd failed because
kine doesn't support the etcd Put operation. The controller shouldn't
have been running without etcd in the first place.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-04-07 11:28:15 -07:00
Roberto Bonafiglia
f04c602c07 Updated wireguard-native options and added log message 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2022-04-07 19:31:21 +02:00
Roberto Bonafiglia
47abaf362e Added new flannel backend to use wireguard from flannel 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2022-04-07 19:31:13 +02:00
Brad Davidson
2a429aac65 Fix crash on early snapshot 
Don't attempt to retrieve snapshot metadata configmap if the apiserver
isn't available. This could be triggered if the cron expression caused a
snapshot to be triggered before the apiserver is up.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-04-07 09:23:34 -07:00
Michal Rostecki
9350016de8
Merge pull request #5387 from vadorovsky/kube-router-dual-stack 
netpol: Add dual-stack support
 2022-04-07 11:24:38 +02:00
Brad Davidson
0bf7c09569 Don't print password conversion rate 
Avoids divide-by-zero when the password file is empty

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-04-06 15:55:45 -07:00
Brad Davidson
49544e0d49 Allow agents to query non-apiserver supervisors for apiserver endpoints 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-04-06 13:03:14 -07:00
Brad Davidson
af0b496ef3 Add client certificate authentication support to core Authenticator 
This is required to make the websocket tunnel server functional on
etcd-only nodes, and will save some code on the RKE2 side once pulled
through.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-04-06 13:03:14 -07:00
Brad Davidson
e7437d4ad8 Redact datastore and etcd snapshot config from serialization 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-04-06 13:03:14 -07:00
Michal Rostecki
c707948adf netpol: Add dual-stack support 
This change allows to define two cluster CIDRs for compatibility with
Kubernetes dual-stuck, with an assumption that two CIDRs are usually
IPv4 and IPv6.

It does that by levearaging changes in out kube-router fork, with the
following downstream release:

https://github.com/k3s-io/kube-router/releases/tag/v1.3.2%2Bk3s

Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
 2022-04-06 14:43:09 +02:00
Euan Kemp
c2e846dc16 Allow using flannel wireguard backend in a custom config 
Ideally we'd have fully fleshed out support for it (i.e. #5011), but
that's a potentially breaking change and taking a little while to merge.

This is a much simpler change which won't break anything, but will allow
a "Type": "wireguard" reference in the "--flannel-conf" custom config
file to work.

Signed-off-by: Euan Kemp <euank@euank.com>
 2022-04-05 09:44:26 -07:00
Roberto Bonafiglia
4afeb9c5c7
Merge pull request #5325 from rbrtbnfgl/fix-etcd-ipv6-url 
Fixed etcd URL in case of IPv6 address
 2022-04-05 09:55:42 +02:00
Roberto Bonafiglia
0746dde758 Fixed http URL on etcd 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2022-03-31 14:24:59 +02:00
Roberto Bonafiglia
06c779c57d Fixed loadbalancer in case of IPv6 addresses 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2022-03-31 11:49:30 +02:00
Roberto Bonafiglia
b66974145c Fixed etcd register 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2022-03-30 18:23:30 +02:00
Luther Monson
313aaca547
Merge pull request #5361 from luthermonson/fix-containerd-npipe 
[master] Wrap containerd.New
 2022-03-30 07:35:50 -07:00
Roberto Bonafiglia
e29771b9ff Fixed client URL 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2022-03-30 10:59:39 +02:00
Brad Davidson
62cc1ed24f Skip setting up client tls when etcd server does not have tls enabled 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-03-30 01:03:41 -07:00
Luther Monson
13191da58a add a wrapper around the containerd.New call to fix and pass the proper npipe connector 
Signed-off-by: Luther Monson <luther.monson@gmail.com>
 2022-03-29 18:06:48 -07:00
Roberto Bonafiglia
dda409b041 Updated localhost address on IPv6 only setup 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2022-03-29 09:35:54 +02:00
Brad Davidson
1339626a5b Defragment etcd datastore before clearing alarms 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-03-28 09:27:59 -07:00
Brad Davidson
e811689df9 Fix etcd-only secrets encryption rotation 
Improve feedback when running secrets-encrypt commands on etcd-only nodes, and
allow etcd-only nodes to properly restart when effecting rotation.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-03-25 10:40:58 -07:00
Brad Davidson
d25ae8fbc2 Properly attach secrets-encrypt events to the node resource 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-03-23 16:01:21 -07:00
Brad Davidson
965d0a08ef Fix log spam due to servicelb event recorder namespace conflict 
Don't hardcode the event namespace when creating event recorders; some controllers want to create events in other namespaces.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-03-23 16:01:21 -07:00
Brad Davidson
714979bf6a Ensure that apiserver ready channel checks re-dial every time 
Closing idle connections isn't guaranteed to close out a pooled connection to a
loadbalancer endpoint that has been removed. Instead, ensure that requests used
to wait for the apiserver to become ready aren't reused.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-03-23 13:21:58 -07:00
Roberto Bonafiglia
2285aa699b Fixed etcd URL in case of IPv6 address 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2022-03-23 15:35:51 +01:00
Brad Davidson
df94b3729f go generate 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-03-18 14:51:57 -07:00
Brad Davidson
38706eeec0 Defer ensuring node passwords on etcd-only nodes during initial cluster bootstrap 
This allows secondary etcd nodes to bootstrap the kubelet before an
apiserver joins the cluster. Rancher waits for all the etcd nodes to
come up before adding the control-plane nodes, so this needs to be
handled properly.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-03-18 10:58:37 -07:00
Brad Davidson
3cebde924b Handle empty entries in bootstrap path map 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-03-17 13:42:27 -07:00
Brad Davidson
a93b9b6d53 Update helm-controller 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-03-16 23:49:14 -07:00
Brad Davidson
66e350ea88 Track upstream changes to kubectl command execution 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-03-16 17:19:18 -07:00
Brad Davidson
078da46532 Close additional leaked GPRC clients 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-03-15 18:07:55 -07:00
Derek Nola
1f7abe5dbb
Testing directory and documentation rework. (#5256) 
* Removed vagrant folder
* Fix comments around E2E ENVs
* Eliminate testutil folder
* Convert flock integration test to unit test
* Point to other READMEs

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2022-03-15 10:29:56 -07:00
Roberto Bonafiglia
ff85faa7de Changed ipv6 config on flannel setup 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2022-03-09 12:30:33 +01:00
Roberto Bonafiglia
073f155fc4 Added ipv6 only support with flannel 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2022-03-09 09:35:01 +01:00
Roberto Bonafiglia
93346904cf
Merge pull request #5215 from rbrtbnfgl/flannel_0.17 
Flannel 0.17
 2022-03-09 08:51:10 +01:00
Brian Downs
8083ef5824
fix function arg call (#5234) 2022-03-08 17:00:57 -07:00
Brad Davidson
003e094b45
Populate EtcdConfig in runtime from datastore when etcd is disabled (#5222) 
Fixes issue with secrets-encrypt rotate not having any etcd endpoints
available on nodes without a local etcd server.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-03-08 09:04:31 -08:00
Roberto Bonafiglia
3fabc0703b
Merge pull request #4450 from olljanat/support-ipv6-only 
Add partial support for IPv6 only mode
 2022-03-08 11:38:52 +01:00
Roberto Bonafiglia
f3d81544b1 Fixed log in case of ipv6 only config 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2022-03-08 09:42:25 +01:00
Roberto Bonafiglia
0c83f50c4c Added switch case to check netMode 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2022-03-08 09:34:25 +01:00
Roberto Bonafiglia
2c39febdd2 Fixed in case of empty address 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2022-03-07 14:09:29 +01:00
Roberto Bonafiglia
d7d4c891e2 Updated flannel to 0.17 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2022-03-07 14:09:05 +01:00
Brad Davidson
44c53743dd Support MixedProtocolLBService and clean up Daemonsets on type change. 
Also add event support to increase visibility of change events.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-03-03 15:30:04 -08:00
Luther Monson
9a849b1bb7
[master] changing package to k3s-io (#4846) 
* changing package to k3s-io

Signed-off-by: Luther Monson <luther.monson@gmail.com>

Co-authored-by: Derek Nola <derek.nola@suse.com>
 2022-03-02 15:47:27 -08:00
robertlestak
a82ac4fdc7 servicelb pool selector 
adds a new optional node label
"svccontroller.k3s.cattle.io/lbpool=<pool>" that can be set on nodes.
ServiceType: LoadBalancer services can then specify a matching label,
which will schedule the DaemonSet only on specified nodes. This allows
operators to specify different pools of nodes that can serve different
LoadBalancer services on the same ports.

Signed-off-by: robertlestak <robert.lestak@umusic.com>
 2022-03-02 15:10:41 -08:00
Brad Davidson
f090bf2d5e Bootstrap the executor even when the agent is disabled 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-03-02 02:47:54 -08:00
Brad Davidson
a7878db17f Fix etcd-snapshot commands by making setup more consistent. 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-03-01 20:25:20 -08:00
Brad Davidson
9a48086524 Ignore cluster membership errors when reconciling from temp etcd 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-03-01 20:25:20 -08:00
Brad Davidson
e4846c92b4 Move temporary etcd startup into etcd module 
Reuse the existing etcd library code to start up the temporary etcd
server for bootstrap reconcile. This allows us to do proper
health-checking of the datastore on startup, including handling of
alarms.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-03-01 20:25:20 -08:00
Brad Davidson
555087b9b8 Add function to clear local alarms on etcd startup 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-03-01 11:56:52 -08:00
Kamil Madac
333248466b
Add http/2 support to API server (#5149) 
fix issue #5148

Signed-off-by: Kamil Madac <kamil.madac@gmail.com>
 2022-03-01 11:27:52 -08:00
Brad Davidson
5014c9e0e8 Fix adding etcd-only node to existing cluster 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-02-28 19:56:08 -08:00
Brad Davidson
a1b800f0bf Remove unnecessary copies of etcdconfig struct 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-02-28 12:05:16 -08:00
Brad Davidson
2989b8b2c5 Remove unnecessary copies of runtime struct 
Several types contained redundant references to ControlRuntime data. Switch to consistently accessing this via config.Runtime instead.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-02-28 12:05:16 -08:00
Brad Davidson
54bb65064e Fix cluster bootstrap test 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-02-28 12:05:16 -08:00
Derek Nola
a698ece9c5
Add --json flag for k3s secrets-encrypt status (#5127) 
* Add json flag for secrets-encrypt status

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2022-02-28 09:14:32 -08:00
Brian Downs
40a46e1412
add ability to specify etcd snapshot list output format (#5132) 2022-02-25 14:00:00 -07:00
Derek Nola
142eed1a9f
Create encryption hash file if it doesn't exist (#5140) 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2022-02-25 08:43:03 -08:00
Hussein Galal
43b1cb4820
Update to V1.23.4 k3s1 (#5135) 
* Update to v1.23.4

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Upgrade treafik to 2.6.1

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Upgrade treafik to 2.6.1

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Upgrade treafik image in image-list

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Update kubernetes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
 2022-02-22 18:57:22 +02:00
Manuel Buil
062fe63dd1 Fix annoying netpol log 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2022-02-10 20:01:27 +01:00
Olli Janatuinen
966f4d6a01 Add support for IPv6 only mode 
Automatically switch to IPv6 only mode if first node-ip is IPv6 address

Signed-off-by: Olli Janatuinen <olli.janatuinen@gmail.com>
 2022-02-10 20:34:59 +02:00
Derek Nola
e28be2912c
Migrate Ginkgo testing framework to V2, consolidate integration tests (#5097) 
* Upgrade and convert ginkgo from v1 to v2
* Move all integration tests into integration folder
* Update TESTING.md

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2022-02-09 08:22:53 -08:00
Hussein Galal
13728058a4
Add k3s etcd restoration integration test (#5014) 
* Add k3s etcd restoration test

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Fix tests and rebase

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Reorganizing the tests

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Fixing comments

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Fix etcd restore

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* dont check for errors when restoring

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* use eventually to test for restoration

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix tests

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix golint

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
 2022-02-08 21:24:34 +02:00
Manuel Buil
773c2a4184
Merge pull request #5079 from manuelbuil/michalsPR 
netpol: Use kube-router as a library
 2022-02-07 19:18:15 +01:00
Michal Rostecki
4fed9f4052 netpol: Use kube-router as a library 
Before this change, we were copying a part of kube-router code to
pkg/agent/netpol directory with modifications, from which the biggest
one was consumption of k3s node config instead of kube-router config.

However, that approach made it hard to follow new upstream versions.
It's possible to use kube-router as a library, so it seems like a better
way to do that.

Instead of modifying kube-router network policy controller to comsume
k3s configuration, this change just converts k3s node config into
kube-router config. All the functionality of kube-router except netpol
is still disabled.

Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2022-02-07 10:54:08 +01:00
Derek Nola
4f36c82ff7
Check for --kubeconfig flag with embedded kubectl (#5064) 
* Check for kubeconfig flag

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2022-02-03 09:00:24 -08:00
Ankur Gupta
df4147cd57
Update legacy-unknown-cert and legacy-unknown-key (#5057) 
Signed-off-by: Ankur Gupta <ankur.gupta130887@gmail.com>
 2022-02-02 09:15:41 -08:00
Derek Nola
d583a99f62
Add server flag to access nonlocal/nondefault k3s server (#5016) 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2022-01-27 10:53:38 -08:00
Brad Davidson
bc7635f01f Move containerd wait into exported function 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-01-25 13:09:30 -08:00
Roberto Bonafiglia
bb856c67dc
Merge pull request #4952 from rbrtbnfgl/ipv6-nat 
Add IPv6 NAT
 2022-01-19 08:44:57 +01:00
Brad Davidson
a094dee7dd Update packaged components 
Update images and manifests/charts for coredns, local-path-provisioner, traefik, and pause

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-01-18 16:40:00 -08:00
Brad Davidson
27fe2c3c1b go generate 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-01-18 11:01:49 -08:00
Roberto Bonafiglia
8eded2749a Added debug log for IPv6 Masquerading rule 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@gmail.com>
 2022-01-17 10:20:12 +01:00
Brad Davidson
b1e0f4c8fc Skip CGroup v2 evac when agent is disabled 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-01-14 13:24:44 -08:00
Roberto Bonafiglia
111c1669fc Added flannel-ipv6-masq flag to enable IPv6 nat 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@gmail.com>
 2022-01-14 18:35:37 +01:00
Roberto Bonafiglia
2253f64b2a Added iptables masquerade rules for ipv6 on flannel 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@gmail.com>
 2022-01-14 18:35:37 +01:00
Brian Downs
effcb15adb
Adds the ability to compress etcd snapshots (#4866) 2022-01-14 10:31:22 -07:00
Derek Nola
48ffed3852
Enable logging on all subcommands (#4921) 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2022-01-12 14:00:40 -08:00
Brad Davidson
a0cadcd343 Move ClusterResetRestore handling ControlConfig setup 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-01-12 10:46:10 -08:00
Brad Davidson
5ca206ad3b Fix handling of agent-token fallback to token 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-01-07 09:56:37 -08:00
Brad Davidson
e7464a17f7 Fix use of agent creds for secrets-encrypt and config validate 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-01-06 12:55:18 -08:00
Lordran
31f1a00b6f
Fix a typo: advertise-up -> advertise-ip (#4827) 
Signed-off-by: 胥朝阳 <xuzhaoyang@91cyt.com>
 2022-01-06 08:52:07 -08:00
Derek Nola
2ac8df3602
Integration tests utilities improvements (#4832) 
* Remove sudo commands from integration tests

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Added cleanup fucntion

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Implement better int cleanup

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Rename test utils

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Enable K3sCmd to be a single string

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Removed parsePod function

Signed-off-by: Derek Nola <derek.nola@suse.com>

* codespell

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Revert startup timeout

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Reorder sonobuoy tests, drop concurrent tests to 3

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Disable etcd

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Skip parallel testing for etcd

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2022-01-06 08:05:56 -08:00
Luther Monson
66eeabbdfc linter doesn't actually run on windows, found these while getting it running on a windows machine 
Signed-off-by: Luther Monson <luther.monson@gmail.com>
 2021-12-28 20:44:21 -07:00
Derek Nola
ff49dcf71e Export default parser 
Signed-off-by: Derek Nola <derek.nola@suse.com>
(cherry picked from commit 9cc930e4a3)
 2021-12-22 16:06:55 -08:00
Brad Davidson
87395e32d6 Update modules for Kubernetes v1.23 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-12-22 10:47:38 -08:00
Manuel Buil
30c701f5de
Merge pull request #4796 from manuelbuil/flannel-logrus 
Move flannel logs to logrus
 2021-12-22 10:33:43 +01:00
Brad Davidson
a5c6e6a68a Fix panic checking name of uninitialized etcd member 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-12-21 23:38:20 -08:00
Luther Monson
02f862da5f
Merge pull request #4791 from luthermonson/vendor-rm 
[master] Remove the Vendor Directory
 2021-12-21 15:07:55 -07:00
Brian Downs
3ae550ae51
Update bootstrap logic to output all changed files on disk (#4800) 2021-12-21 14:28:32 -07:00
Luther Monson
e6cf8f5982 code changes to drop the vendor dir 
Signed-off-by: Luther Monson <luther.monson@gmail.com>
 2021-12-21 14:23:38 -07:00
Manuel Buil
4eb282edac Move flannel logs to logrus 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2021-12-21 14:34:51 +01:00
Hussein Galal
2e91913f54
Close agentReady channel only in k3s (#4792) 
* Close agentReady channel only in k3s

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* codespell check

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
 2021-12-21 00:22:49 +02:00
Brad Davidson
8ad7d141e8 Close etcd clients to avoid leaking GRPC connections 
If you don't explicitly close the etcd client when you're done with it,
the GRPC connection hangs around in the background. Normally this is
harmelss, but in the case of the temporary etcd we start up on 2399 to
reconcile bootstrap data, the client will start logging errors
afterwards when the server goes away.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-12-17 23:55:17 -08:00
Manuel Buil
588d15db8f Remove Disables, Skips and DisableKubeProxy from the comparing configs 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2021-12-17 19:04:38 +01:00
Brad Davidson
6f4217a340 Build standalone containerd 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-12-16 12:00:15 -08:00
Derek Nola
17eebe0563
Fix cold boot and reconcilation on secondary servers (#4747) 
* Enable reconcilation on secondary servers

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Remove unused code

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Attempt to reconcile with datastore first

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Added warning on failure

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Update warning

Signed-off-by: Derek Nola <derek.nola@suse.com>

* golangci-lint fix

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2021-12-15 15:38:50 -08:00
Hussein Galal
d71b335871
Fix snapshot restoration on fresh nodes (#4737) 
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
 2021-12-14 02:04:39 +02:00
Brian Downs
bf4e037fcf
Resolve Bootstrap Migration Edge Case (#4730) 2021-12-13 13:02:30 -07:00
Brian Downs
a6fe2c0bc5
Resolve restore bootstrap (#4704) 2021-12-09 14:54:27 -07:00
Brad Davidson
a70487d5ae Update wharfie usage in windows code path 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-12-09 13:16:22 -08:00
Hussein Galal
3985fd0e26
[master] Add validation to certificate rotation (#4692) 
* Add validation to certificate rotation

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Add validation to certificate rotation

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
 2021-12-09 18:57:13 +02:00
Manuel Buil
1e0696628e
Merge pull request #4581 from manuelbuil/checking-HA-parameters 
Verify new control plane nodes joining the cluster share the same config as cluster members
 2021-12-08 10:49:28 +01:00
Alexey Medvedchikov
8f389ab030
Include node-external-ip in serving-kubelet.crt SANs (#4620) 
* Include node-external-ip in serving-kubelet.crt SANs

Signed-off-by: Alexey Medvedchikov <alexeymedvedchikov@improbable.io>
 2021-12-07 15:42:40 -08:00
Derek Nola
bcb662926d
Secrets-encryption rotation (#4372) 
* Regular CLI framework for encrypt commands
* New secrets-encryption feature
* New integration test
* fixes for flaky integration test CI
* Fix to bootstrap on restart of existing nodes
* Consolidate event recorder

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2021-12-07 14:31:32 -08:00
Manuel Buil
1b3187ea07 Check HA network parameters 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2021-12-07 23:09:05 +01:00
Brad Davidson
7d3447ceff Bump wharfie to v0.5.1 and use shared decompression code 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-12-07 12:50:57 -08:00
Hussein Galal
77fd3e99ec
Add cert rotation command (#4495) 
* Add cert rotation command

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* add function to check for dynamic listener file

Signed-off-by: Brian Downs <brian.downs@gmail.com>

* Add dynamiclistener cert rotation support

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fixes to the cert rotation

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix ci tests

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fixes to certificate rotation command

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

Co-authored-by: Brian Downs <brian.downs@gmail.com>
 2021-12-02 23:19:16 +02:00
Manuel Buil
8141a933b0
Merge pull request #4550 from manuelbuil/improve_flannel_logging 
Improve flannel code and logging
 2021-12-01 18:22:23 +01:00
Derek Nola
d05c334a78
Improved cleanup for etcd unit test (#4537) 
* Improved cleanup for etcd unit test

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2021-11-29 14:46:58 -08:00
Chris Kim
ae4a1a144a
etcd snapshot functionality enhancements (#4453) 
Signed-off-by: Chris Kim <oats87g@gmail.com>
 2021-11-29 10:30:04 -08:00
Brad Davidson
0c1f816f24 go generate 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-11-23 16:38:55 -08:00
Manuel Buil
7685da3e24 Improve flannel logging 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2021-11-22 21:51:52 +01:00
Hussein Galal
03485632ea
Fix regression with cluster reset (#4521) 
* Fix regression with cluster reset

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* typo

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
 2021-11-17 23:22:18 +02:00
Derek Nola
ef263bd2b0
Improved regex for double equals arguments (#4505) 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2021-11-16 11:16:13 -08:00
Derek Nola
535a919635
Removed value from warning about skipping flags (#4491) 
* Enabled skipping of unkown flags from config in parser
* Added new unit test, expanded existing
* Add warning back in, without value

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2021-11-15 13:17:10 -07:00
Chris Kim
f18b3252c0
[master] Add etcd extra args support for K3s (#4463) 
* Add etcd extra args support for K3s

Signed-off-by: Chris Kim <oats87g@gmail.com>

* Add etcd custom argument integration test

Signed-off-by: Chris Kim <oats87g@gmail.com>

* go generate

Signed-off-by: Chris Kim <oats87g@gmail.com>
 2021-11-11 21:03:15 -08:00
Thorsten Klein
41ff19de71 Feature: Add CoreDNS Customization Options 
Problem:
Before, to customize CoreDNS, one had to edit the default configmap,
which gets re-written on every K3s server restart.

Solution:
Mount an additional coredns-custom configmap into the CoreDNS container
and import overrides and additional server blocks from the included
files.

Signed-off-by: Thorsten Klein <iwilltry42@gmail.com>
 2021-11-11 18:41:22 -08:00
Derek Nola
4b57951fb0
Fix to allow etcd-snapshot to use config file with flags that are only used with k3s server. (#4464) 
* Enabled skipping of unknown flags from config in parser
* Added new unit test, expanded existing

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2021-11-11 16:01:23 -08:00
Brad Davidson
5ab6d21a7d
Increase agent's apiserver ready timeout (#4454) 
Since we now start the server's agent sooner and in the background, we
may need to wait longer than 30 seconds for the apiserver to become
ready on downstream projects such as RKE2.

Since this essentially just serves as an analogue for the server's
apiReady channel, there's little danger in setting it to something
relatively high.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-11-11 14:01:49 -07:00
Brad Davidson
bc7cdc78ca go generate 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-11-10 17:36:01 -08:00
Manuel Buil
8271d98a76
Merge pull request #4437 from manuelbuil/fix_svclb_ipv6_rh 
Allow svclb pod to enable ipv6 forwarding
 2021-11-10 19:08:40 +01:00
Manuel Buil
5d168a1d59 Allow svclb pod to enable ipv6 forwarding 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2021-11-10 18:20:03 +01:00
Brian Downs
adaeae351c
update bootstrap logic (#4438) 
* update bootstrap logic resolving a startup bug and account for etcd
 2021-11-10 05:33:42 -07:00
Derek Nola
7bd65047c3
Match to last After keyword for parser (#4383) 
* Made parser able to skip over subcommands
* Edge case coverage, reworked regex with groups
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2021-11-08 10:54:48 -08:00
Luther Monson
36c6634cce
[master] updating to new signals package in wrangler (#4399) 
* updating to new signals package in wrangler

Signed-off-by: Luther Monson <luther.monson@gmail.com>
 2021-11-08 08:32:43 -07:00
Brad Davidson
f7dcc139ff Bump klipper-lb image for arm fix 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-11-02 18:55:09 -07:00
Deshi Xiao
f1622129e4 refactor: Use plain channel send or receive 
fix issue #4369

should use a simple channel send/receive instead of select with a single
case

Signed-off-by: Deshi Xiao <xiaods@gmail.com>
 2021-11-01 15:00:49 -07:00
Brad Davidson
f9f1cabe9c Fix log/reap reexec 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-11-01 14:24:14 -07:00
Jacob Blain Christen
702fe24afe
containerd/cri: enable the btrfs snapshotter (#4316) 
* vendor: btrfs
* enable the btrfs snapshotter
* testing: snapshotter/btrfs

Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
 2021-10-29 23:31:33 -07:00
Brad Davidson
3da1bb3af2 Fix other uses of NewForConfigOrDie in contexts where we could return err 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-10-29 15:18:14 -07:00
Brad Davidson
5acd0b9008 Watch the local Node object instead of get/sleep looping 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-10-29 15:18:14 -07:00
Brad Davidson
3fe460d080 Block scheduler startup on untainted node when using embedded CCM 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-10-29 15:18:14 -07:00
Derek Nola
7c3f21e581
K3s Integration test fixes (#4341) 
* Move tests into sub folders
* Updated documentation
* Prevent infinite loop is user has not made k3s

Signed-off-by: dereknola <derek.nola@suse.com>
 2021-10-28 12:35:28 -07:00
galal-hussein
ab3d25a2c5 Update peer address when running cluster-reset 
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
 2021-10-25 15:43:27 -07:00
Brian Downs
0a0b915921
reset buffer after use (#4279) 2021-10-22 15:56:01 -07:00
Derek Nola
918945da45
Added configuration input to etcd-snapshot (#4280) 
Signed-off-by: dereknola <derek.nola@suse.com>
 2021-10-22 12:03:32 -07:00
Brian Downs
e11a4bf8bb
set duration to second (#4231) 2021-10-15 16:46:39 -07:00
Brian Downs
0452f017c1
Add etcd s3 timeout (#4207) 2021-10-15 10:24:14 -07:00
Brian Downs
34080b23b1
Copy old bootstrap buffer data for use during migration (#4215) 2021-10-15 10:17:29 -07:00
Manuel Buil
dbc14b8990 Fix race condition in cloud provider 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2021-10-15 13:28:32 +02:00
Brad Davidson
5a923ab8dc Add containerd ready channel to delay etcd node join 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-10-14 14:03:52 -07:00
Hussein Galal
b282528ee2
Display cluster tls error only in debug mode (#4124) 
* Display cluster tls error only in debug mode

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
 2021-10-13 00:00:28 +02:00
Brad Davidson
dc18ef2e51 Refactor log and reaper exec to omit MAINPID 
Using MAINPID breaks systemd's exit detection, as it stops watching the
original pid, but is unable to watch the new pid as it is not a child
of systemd itself. The best we can do is just notify when execing the child
process.

We also need to consolidate forking into a sigle place so that we don't
end up with multiple levels of child processes if both redirecting log
output and reaping child processes.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-10-12 13:35:10 -07:00
Derek Nola
feec44572d
Improve error message when using a "K10" prefixed token (#4180) 
* Add new error message with a K10 prefixed secret token

Signed-off-by: dereknola <derek.nola@suse.com>
 2021-10-11 10:00:22 -07:00
Brian Downs
ac7a8d89c6
Add ability to reconcile bootstrap data between datastore and disk (#3398) 2021-10-07 12:47:00 -07:00
Derek Nola
b6919adf62
Add "etcd-" prefix to etcd-snapshot commands as aliases (#4161) 
* Add "etcd-" prefix to etcd-snapshot commands as alias

Signed-off-by: dereknola <derek.nola@suse.com>
 2021-10-06 14:20:22 -07:00
Manuel Buil
635f790eb4
Merge pull request #4114 from manuelbuil/lb-controller-dual-stack 
Dual-stack support in serviceLB controller
 2021-10-06 16:08:10 +02:00
Manuel Buil
00cf4578ec Dual-stack support LB controller 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2021-10-06 11:06:20 +02:00
Marc Bachmann
9b35734e1a Add topologySpreadConstraints to support scaling of coredns 
Signed-off-by: Marc Bachmann <marc.brookman@gmail.com>
 2021-10-05 11:52:44 -07:00
Brad Davidson
12e675e2cc Don't evacuate the root cgroup when rootless 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-10-01 16:18:12 -07:00
Brad Davidson
5d1a37ee32 Send MAINPID to systemd when reexecing for logfile output 
This allows the new process to notify systemd when it is ready.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-09-29 11:41:09 -07:00
Brad Davidson
a16105b348 Properly handle operation as init process 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-09-28 11:05:34 -07:00
Brian Downs
f4cea90cb9
set transport to skip verify if se skip flag passed (#4102) 2021-09-28 10:13:50 -07:00
Manuel Buil
87524a7ac7 Enable the inheritance of settings for ipv6 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2021-09-28 09:42:08 +02:00
Michal Rostecki
47676eff78
Merge pull request #4080 from manuelbuil/update_klipperlb2 
Use the new klipper-lb image that has newer go and Alpine versions
 2021-09-27 10:11:52 +02:00
Brad Davidson
73e21e739f Drop broken SupportNoneCgroupDriver support 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-09-23 16:12:51 -07:00
Manuel Buil
b99b943c17 Use the new klipper-lb image that has newer go and Alpine versions 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2021-09-22 09:23:38 +02:00
Brad Davidson
28be0de4e8 Revert "Use the newer klipper-lb image" 
This reverts commit 1d21491094.
 2021-09-20 13:19:38 -07:00
Brad Davidson
64b502e92c Disable automounting service account token in servicelb pods 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-09-17 15:52:44 -07:00
Hussein Galal
7826407a2e
Make sure there are no duplicates in etcd member list (#4025) 
* Make sure there are no duplicates in etcd member list

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix node names with hyphens

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* use full server name for etcd node name

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
 2021-09-18 00:51:18 +02:00
Manuel Buil
1d21491094 Use the newer klipper-lb image 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2021-09-17 15:42:48 -07:00
Brad Davidson
753e11ee3c Enable JobTrackingWithFinalizers FeatureGate 
Works around issue with Job controller not tracking job pods that
are in CrashloopBackoff during upgrade from 1.21 to 1.22.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-09-17 11:26:45 -07:00
Derek Nola
eda65b19d9
Remove expiremental from cluster commands (#4024) 
Signed-off-by: dereknola <derek.nola@suse.com>
 2021-09-15 16:41:50 -07:00
Joe Kralicky
debb508643
Nvidia container runtime discovery in containerd config template (#3890) 
* Update the default containerd config template with support for adding extra container runtimes. Add logic to discover nvidia container runtimes installed via the the gpu operator or package manager.

Signed-off-by: Joe Kralicky <joe.kralicky@suse.com>
 2021-09-15 14:31:11 -07:00
Brad Davidson
086ca8ba6a Fix premature etcd shutdown when joining an existing cluster 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-09-15 10:35:07 -07:00
Manuel Buil
60cd86bc42
Merge pull request #3906 from manuelbuil/dual-stack 
Add dual-stack support on flannel
 2021-09-15 18:48:10 +02:00
Brad Davidson
85e11c47d1 Add StargzSupported stub for Windows 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-09-15 09:45:57 -07:00
Chris Kim
acf9036b63
No-op when etcd member was already removed and use existing name for etcd controller (#4014) 
Signed-off-by: Chris Kim <oats87g@gmail.com>
 2021-09-15 08:41:30 -07:00
Manuel Buil
9fcd79baae Add tests to the dual-stack PR and enable dual-stack with flannel backend 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2021-09-15 14:11:54 +02:00
Manuel Buil
681058bb40 Add dual-stack support 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2021-09-15 11:44:48 +02:00
Brad Davidson
b72306ce3d Return the error since it just gets logged and retried anyways 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-09-14 16:41:27 -07:00
Brad Davidson
5986898419 Use SubjectAccessReview to validate CCM RBAC 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-09-14 16:41:27 -07:00
Brad Davidson
dc556cbb72 Set controller authn/authz kubeconfigs 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-09-14 16:41:27 -07:00
Brad Davidson
199424b608 Pass context into all Executor functions 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-09-14 16:41:27 -07:00
Chris Kim
928b8531c3
[master] Add etcd-member-management controller to K3s (#4001) 
* Initial leader elected etcd member management controller
* Bump etcd to v3.5.0-k3s2

Signed-off-by: Chris Kim <oats87g@gmail.com>
 2021-09-14 08:20:38 -07:00
Brad Davidson
57377d2cd4 Minor cleanup on cribbed function 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-09-10 17:04:15 -07:00
Brad Davidson
3449d5b9f9 Wait for apiserver readyz instead of healthz 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-09-10 17:04:15 -07:00
Brad Davidson
b4d8c641c6 Add exposed metrics listener instead of replacing loopback listener 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-09-10 09:39:39 -07:00
Brad Davidson
29c8b238e5 Replace klog with non-exiting fork 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-09-10 09:36:16 -07:00
Brad Davidson
90960ebf4e SupportPodPidsLimit is locked to true of 1.20, making pids cgroup support mandatory 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-09-09 11:49:53 -07:00
Darren Shepherd
741ba95b04 Migrate sqlite data to etcd when initializing the cluster 
Signed-off-by: Darren Shepherd <darren@rancher.com>
 2021-09-09 10:24:02 -07:00
Devin Buhl
a1ec43e0b7
feat: add option to disable s3 over https 
Signed-off-by: Devin Buhl <devin.kray@gmail.com>
 2021-09-05 12:03:49 -04:00
Kohei Tokunaga
8b857eef9c
Ship Stargz Snapshotter (#2936) 
* Ship Stargz Snapshotter

Signed-off-by: ktock <ktokunaga.mail@gmail.com>

* Bump github.com/containerd/stargz-snapshotter to v0.8.0

Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
 2021-09-01 16:27:42 -07:00
Brad Davidson
cf12a13175 Add missing node name entry to apiserver SAN list 
Also honor node-ip when adding the node address to the SAN list, instead
of hardcoding the autodetected IP address.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-09-01 13:22:32 -07:00
Brad Davidson
b8add39b07 Bump kine for metrics/tls changes 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-09-01 01:51:30 -07:00
Hussein Galal
933052a02c
Fix condition for adding kubernetes endpoints (#3941) 
* Fix condition for adding kubernetes endpoints

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Fix condition for adding kubernetes endpoints

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
 2021-08-31 00:57:17 +02:00
Derek Nola
60297a1bbe
Creation of K3s integration test Sonobuoy plugin (#3931) 
* Added test runner and build files
* Changes to int test to output junit results.
* Updated documentation, removed comments

Signed-off-by: dereknola <derek.nola@suse.com>
 2021-08-30 08:27:59 -07:00
Brad Davidson
2a68c7c8a4 Fix issue where addon checksum was never stored 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-08-27 10:26:13 -07:00
Manuel Buil
2e5c9e5cad
Merge pull request #3916 from manuelbuil/net_v6 
Add functions to separate ipv4 and ipv6 CIDRs
 2021-08-27 18:57:54 +02:00
Manuel Buil
96dcef478a Add functions to separate ipv4 from ipv6 functions 
Signed-off-by: Manuel Buil <mbuil@suse.com>
 2021-08-27 10:14:39 +02:00
Derek Nola
114b30277f
Redux: Enable K3s integration test to run on existing cluster (#3905) 
* Made it possible to run int tests on existing cluster

Signed-off-by: dereknola <derek.nola@suse.com>
 2021-08-26 16:26:19 -07:00
Akihiro Suda
331c6fed71 Remove runtime V1 (containerd-shim) 
Fix issue 3105

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2021-08-26 11:50:33 -07:00
Akihiro Suda
176451f4ea
Fix rootless regression in 1.22 (Set KubeletInUserNamespace gate) (#3901) 
Fix issue 3900

Kubernetes 1.22 requires `KuebletInUserNamespace` feature gate to be set for rootless:
https://kubernetes.io/docs/tasks/administer-cluster/kubelet-in-userns/#userns-the-hard-way

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2021-08-24 08:27:17 -07:00
Derek Nola
66dacc6ee0
Revert "Enable K3s integration test to run on existing cluster (#3892)" (#3899) 
This reverts commit 703b5af950.
 2021-08-24 07:26:14 -07:00
Derek Nola
703b5af950
Enable K3s integration test to run on existing cluster (#3892) 
* Made it possible to run int tests on existing cluster

Signed-off-by: dereknola <derek.nola@suse.com>
 2021-08-23 12:12:03 -07:00
Brad Davidson
e95b75409a Fix lint failures 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-08-20 18:47:16 -07:00
Brad Davidson
a5355f0827 Replace dropped v1beta1 APIs with v1 
Requires updating traefik as well to drop deprecated types.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-08-20 18:47:16 -07:00
Brad Davidson
dc14f370c4 Update wrangler to v0.8.5 
Required to support apiextensions.v1 as v1beta1 has been deleted. Also
update helm-controller and dynamiclistener to track wrangler versions.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-08-20 18:47:16 -07:00
Brad Davidson
c434db7cc6 Wrap errors in runControllers for additional context 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-08-20 18:47:16 -07:00
Brad Davidson
422d266da2 Disable deprecated insecure port 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-08-20 18:47:16 -07:00
Brad Davidson
641ab26fde Update containerd to 1.5 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-08-20 18:47:16 -07:00
Brad Davidson
872855015c Update etcd to v3.5.0 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-08-20 18:47:16 -07:00
Brad Davidson
e204d863a5 Update Kubernetes to v1.22.1 
* Update Kubernetes to v1.22.1
* Update dependent modules to track with upstream

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-08-20 18:47:16 -07:00
Derek Nola
ed5991f13b
K3s Flock Integration Test (#3887) 
* Upgraded flock with shared and integration test.

Signed-off-by: dereknola <derek.nola@suse.com>

Co-authored-by: Brian Downs <brian.downs@gmail.com>
 2021-08-20 12:34:22 -07:00
Hussein Galal
e322924781
Reset load balancer state during restoraion (#3877) 
* Reset load balancer state during restoraion

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Reset load balancer state during restoraion

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
 2021-08-18 01:02:30 +02:00
Malte Starostik
b23955e835
Fix URL pruning when joining an etcd member (#3832) 
* Fix URL pruning when joining an etcd member

Problem:
Existing member clientURLs were checked if they contain the joining
node's IP. In some edge cases this would prune valid URLs when the
joining IP is a substring match of the only existing member's IP.
Because of this, it was impossible to e.g. join 10.0.0.2 to an existing
node that has an IP of 10.0.0.2X or 10.0.0.2XX:

level=fatal msg="starting kubernetes: preparing server: start managed database:
joining etcd cluster: etcdclient: no available endpoints"

Solution:
Fixed by properly parsing the URLs and comparing the IPs for equality
instead of substring match.

Signed-off-by: Malte Starostik <info@stellaware.de>
 2021-08-12 15:59:04 -07:00
Derek Nola
a1e36153f9
Added locking system for integration tests (#3820) 
* Added locking system for integration tests
Signed-off-by: dereknola <derek.nola@suse.com>
 2021-08-10 16:22:12 -07:00
Jamie Phillips
ae909c73e5 Updated the code to use GetNetworkByName and tweaked logic. 
Updated the method being called and tweaked the logic.

Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>
 2021-08-10 13:53:08 -07:00
Derek Nola
4cc781b5e3
Moved testing utils into tests directory. Improved gotests template. (#3805) 
* Moved testing utils into tests directory. Improved gotests template.
* Updated cgroups2 with util folder rename

Signed-off-by: dereknola <derek.nola@suse.com>
 2021-08-10 11:13:26 -07:00
Brian Downs
dcf0657b20
account for an s3 folder when listing objects (#3807) 
* account for an s3 folder when listing objects
 2021-08-09 16:14:41 -07:00
Derek Nola
b4eca61aeb
Prevent snapshot commands from creating empty snapshot directory (#3783) 
Signed-off-by: dereknola <derek.nola@suse.com>
 2021-08-09 09:04:18 -07:00
Jiaqi Luo
3b01157a3a
Use New Image Names (#3749) 
* switch image names to the ones with the prefix mirrored
* bump rancher/mirrored-coredns-coredns to 1.8.4

Signed-off-by: Jiaqi Luo <6218999+jiaqiluo@users.noreply.github.com>
 2021-08-06 16:14:58 -07:00
Hussein Galal
bc96ffb5f3
Fix Node stuck at deletion (#3771) 
* fix Node stuck at deletion

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix Node stuck at deletion

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
 2021-08-05 22:32:01 +02:00
Brad Davidson
dfd4e42e57 Wrap context with lease before importing images 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-08-04 10:22:19 -07:00
Hussein Galal
2069cdf4ee
Fix initial start of etcd only nodes (#3748) 
* Fix initial start of etcd only nodes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
 2021-08-03 19:53:21 +02:00
Ryan Sanna
429af17e4d update rancher/local-path-provisioner to v0.0.20 
Signed-off-by: Ryan Sanna <ryansann@umich.edu>
 2021-08-02 12:25:47 -07:00
Brad Davidson
5ab3590d9b Improve config retrieval messages 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-07-30 12:26:50 -07:00
Brad Davidson
869b98bc4c Sync DisableKubeProxy into control struct 
Sync DisableKubeProxy from cfg into control before sending control to clients,
as it may have been modified by a startup hook.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-07-30 12:26:50 -07:00
Hussein Galal
b1b5f72dc3
Notify systemd for etcd only node (#3732) 
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
 2021-07-29 23:42:19 +02:00
Jamie Phillips
7704fb6ee5
Exporting the AddFeatureGate function and adding a unit test for it. (#3661) 2021-07-28 13:04:42 -07:00
Jamie Phillips
fc19b805d5
Added logic to strip any existing hyphens before processing the args. (#3662) 
Updated the logic to handle if extra args are passed with existing hyphens in the arg. The test was updated to add the additional case of having pre-existing hyphens. The method name was also refactored based on previous feedback.
 2021-07-28 13:04:19 -07:00
Derek Nola
a1d7a62493
Fix to allow non-root users access to storage volumes. (#3714) 
* Fix to prevent non-root users from accessing storage directory, while allowing non-root users access to subdirectories.

Signed-off-by: dereknola <derek.nola@suse.com>

* Added integration test

Signed-off-by: dereknola <derek.nola@suse.com>
 2021-07-28 10:25:34 -07:00
Brad Davidson
90445bd581
Wait until server is ready before configuring kube-proxy (#3716) 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2021-07-27 14:56:05 -07:00
Derek Nola
21c8a33647
Introduction of Integration Tests (#3695) 
* Commit of new etcd snapshot integration tests.
* Updated integration github action to not run on doc changes.
* Update Drone runner to only run unit tests

Signed-off-by: dereknola <derek.nola@suse.com>
 2021-07-26 09:59:33 -07:00
galal-hussein
20a48734c2 more fixes 
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
 2021-07-21 22:42:05 +02:00
galal-hussein
7ebcc4b134 more fixes 
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
 2021-07-21 22:39:44 +02:00
galal-hussein
b4401296ec replace error with warn in delete 
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
 2021-07-21 22:18:56 +02:00
galal-hussein
2f82bfcf67 fix warning msg 
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
 2021-07-21 22:05:43 +02:00
galal-hussein
b377839148 migrate old token key format 
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
 2021-07-21 20:59:57 +02:00
galal-hussein
997ed7b9b4 simplifying the code 
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
 2021-07-21 19:56:19 +02:00