Mirror/k3s
1
0
Fork 0
mirror of https://github.com/k3s-io/k3s.git synced 2024-06-07 19:41:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,689 Commits 27 Branches 785 Tags 625 MiB
ece4d8e45c
Commit Graph

1112 Commits

Author SHA1 Message Date
Brad Davidson
ece4d8e45c Fix tests to not hide failure location in dummp assert functions 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-04-04 12:02:22 -07:00
Brad Davidson
e54ceaa497 Fix issue with stale connections to removed LB server 
Track LB connections through each server so that they can be closed when it is removed.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-04-04 12:02:22 -07:00
Brad Davidson
d388b82d25 go generate 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-04-03 19:47:06 -07:00
Brad Davidson
b010db0cff Ensure that loopback is used for the advertised address when resetting 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-04-03 17:01:43 -07:00
Brad Davidson
cee3ddbc4a
Bump Local Path Provisioner version (#7167) 
* chore: Bump Local Path Provisioner version
* go generate

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2023-04-03 16:00:16 -07:00
Roberto Bonafiglia
15ee88964b Added multiClusterCidr feature 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2023-03-14 18:30:52 +01:00
Daniel Mills
822ee79eb8
Remove deprecated nodeSelector label beta.kubernetes.io/os (#6970) 
* Remove deprecated nodeSelector label beta.kubernetes.io/os

Problem:
The nodeSelector label beta.kubernetes.io/os in the CoreDNS deployment was deprecated in 1.14 and will likely be removed soon

Solution:
Change the nodeSelector to remove the beta

Signed-off-by: Dan Mills <evilhamsterman@gmail.com>
 2023-03-14 12:56:40 -04:00
Brad Davidson
977a85559e Add support for cross-signing new certs during ca rotation 
We need to send the full chain in order for cross-signing to work
properly during switchover to a new root.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-03-13 16:56:28 -07:00
Daishan Peng
b7f90f389c
Wait for kubelet port to be ready before setting (#7041) 
* Wait for kubelet port to be ready before setting
* Wait for kubelet to update the Ready status before reading port

Signed-off-by: Daishan Peng <daishan@acorn.io>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Co-authored-by: Brad Davidson <brad.davidson@rancher.com>
 2023-03-13 13:48:02 -07:00
Derek Nola
d218068f34
Adds a warning about editing to the containerd config.toml file (#7057) 
* Add a warning to the config.toml file

Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Brad Davidson <brad@oatmail.org>
 2023-03-13 13:42:17 -07:00
Roberto Bonafiglia
e098b99bfa
Update flannel and kube-router (#7039) 
* Update kube-router version to fix iptables rules

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>

* Update Flannel to v0.21.3

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>

---------

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2023-03-10 19:57:16 -08:00
Brad Davidson
cbe4bcfeee Add test for filterByIPFamily 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-21 14:13:22 -08:00
Brad Davidson
cc333d8d0c Fix ServiceLB dual-stack ingress IP listing 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-21 14:13:22 -08:00
Brad Davidson
23d98cec22 Fix CACertPath stripping trailing path components 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-14 09:39:41 -08:00
Brad Davidson
0c302f4341 Fix etcd member deletion 
Turns out etcd-only nodes were never running **any** of the controllers,
so allowing multiple controllers didn't really fix things.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-14 09:39:41 -08:00
Roberto Bonafiglia
b8e69712a3 Updated flannel version to v0.21.0 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2023-02-10 23:03:10 +01:00
Brad Davidson
3d146d2f1b Allow for multiple sets of leader-elected controllers 
Addresses an issue where etcd controllers did not run on etcd-only nodes

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-10 10:46:48 -08:00
Paul Donohue
290d7e8fd1 Fix access to hostNetwork port on NodeIP when egress-selector-mode=agent 
Signed-off-by: Paul Donohue <git@PaulSD.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-10 09:43:34 -08:00
Brad Davidson
ddcc4d4034 go generate 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-09 15:20:49 -08:00
Brad Davidson
c6d0afd0cb Check for existing resources before creating them 
Prevents errors when starting with fail-closed webhooks

Also, use panic instead of Fatalf so that the CloudControllerManager rescue can handle the error

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-09 15:20:49 -08:00
Brad Davidson
32d62c5786 Use default address family when adding kubernetes service address to SAN list 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-09 15:17:21 -08:00
Byron Ruth
a92f163c9d
Add NATS to the list of supported data stores (#6876) 
Signed-off-by: Byron Ruth <byron@nats.io>
 2023-02-08 09:37:23 -08:00
Brad Davidson
87f9c4ab11 Ensure that node exists when using node auth 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-07 14:55:04 -08:00
Brad Davidson
992e64993d Add support for kubeadm token and client certificate auth 
Allow bootstrapping with kubeadm bootstrap token strings or existing
Kubelet certs. This allows agents to join the cluster using kubeadm
bootstrap tokens, as created with the `k3s token create` command.

When the token expires or is deleted, agents can successfully restart by
authenticating with their kubelet certificate via node authentication.
If the token is gone and the node is deleted from the cluster, node auth
will fail and they will be prevented from rejoining the cluster until
provided with a valid token.

Servers still must be bootstrapped with the static cluster token, as
they will need to know it to decrypt the bootstrap data.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-07 14:55:04 -08:00
Brad Davidson
373df1c8b0 Add support for k3s token command 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-07 14:55:04 -08:00
Derek Nola
7d49202721
Ignore value conflicts when reencrypting secrets (#6850) 
* Ignore conflict secrets

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-02-07 13:58:44 -08:00
Brad Davidson
215fb157ff Add certificate rotate-ca to write updated CA certs to datastore 
This command must be run on a server while the service is running. After this command completes, all the servers in the cluster should be restarted to load the new CA files.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-06 15:09:31 -08:00
Brad Davidson
3c324335b2 Add utility functions for getting kubernetes client 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-06 15:09:31 -08:00
Brad Davidson
58d40327b4 Fix CA cert hash for root certs 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-06 15:09:31 -08:00
Brad Davidson
0919ec6755 Ensure cluster-signing CA files contain only a single CA cert 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-06 15:09:31 -08:00
Derek Nola
32086717fc
Ensure flag type consistency (#6852) 
* Convert all flags to pointers for consistency

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-01-31 12:57:48 -08:00
Akos Elek
9fcc7c0db8
Fix cronjob example (#6707) 
Related PR:
https://github.com/rancher/rke2-docs/pull/38

Signed-off-by: Akos Elek <akose73@tazerve.hu>
 2023-01-30 10:52:22 -08:00
Derek Nola
0d4caf4e24
Wait for cri-dockerd socket (#6812) 
* Wait for cri-dockerd socket
* Consolidate cri utility functions

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-01-27 13:16:59 -08:00
Brad Davidson
1c6fde9a52 go generate 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-27 12:09:18 -08:00
Brad Davidson
369b81b45e Honor Service ExternalTrafficPolicy 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-27 12:09:18 -08:00
Brad Davidson
3cb6fa5cc7 Set cri-dockerd version at build time 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-26 14:32:28 -08:00
Brad Davidson
89f7062431 Add build tag to disable cri-dockerd 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-26 14:29:18 -08:00
Brad Davidson
f54b5e4fa0 Fix CI tests 
* General cleanup of test-helpers functions to address CI failures
* Install awscli in test image
* Log containerd output to file even when running with --debug

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-13 17:22:25 -08:00
Silvio Moioli
23c1040adb
Bugfix: do not break cert-manager when pprof is enabled (#6635) 
Signed-off-by: Silvio Moioli <silvio@moioli.net>
 2023-01-13 16:09:14 -08:00
Brad Davidson
8340b54309 Pass through default tls-cipher-suites 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-12 14:51:04 -08:00
Brad Davidson
a298bfdb18 Add jitter to scheduled snapshots and retry harder on conflicts 
Also ensure that the snapshot job does not attempt to trigger multiple concurrent runs, as this is not supported.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-11 14:32:03 -08:00
Brad Davidson
0c9b43746b Preload iptable_filter/ip6table_filter 
ServiceLB now requires this module, but it will not get autoloaded by the kubelet if the host is using nftables.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-13 12:51:00 -08:00
Hussein Galal
f8b661d590
Update to v1.26.0-k3s1 (#6370) 
* Update to v1.26.0-alpha.2

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* go generate

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Default CURRENT_VERSION to VERSION_TAG for alpha versions

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* remove containerd package

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Update k8s to v1.26.0-rc.0-k3s1 cri-tools cri-dockerd and cadvisor

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* replace cri-api reference to the new api

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* go mod tidy

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Fix version script to allow rc and alphas

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Fix version script to allow rc and alphas

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Fix version script to allow rc and alphas

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Update to Kubernetes 1.26.0-rc.1

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

* Undo helm-controller pin

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

* Bump containerd to -k3s2 for stargz fix

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

* DevicePlugins featuregate is locked to on

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

* Bump kine for DeleteRange fix

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

* Update to v1.26.0-k3s1

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* go mod tidy

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Bring back snapshotter checks and update golang to 1.19.4

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix windows containerd snapshotter checks

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Co-authored-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-10 01:42:15 +02:00
Derek Nola
b5d39df929
Deprecation of etcd-snapshot command in v1.26 (#6575) 
* Consolidate etcd snapshot commands
* Consolidate secrets encryption commands
* Move etcd-snapshot to fatal error stage.

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2022-12-05 15:28:01 -08:00
Derek Nola
d723775792
Remove deprecated flags in v1.26 (#6574) 
* Remove NoFlannel
* Remove cluster-secret
* Remove no-deploy
* Remove disable-selinux
* Convert wireguard to fatal error
* Remove reference to no-op K3S_CLUSTER_SECRET

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2022-12-05 14:01:01 -08:00
Brad Davidson
2835368ecb Bump k3s-root and remove embedded strongswan support 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-01 12:40:40 -08:00
Derek Nola
af8f101bdc
Mark secrets-encryption flag as GA (#6582) 
* Mark secrets-encrypt flag as GA

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2022-12-01 08:50:51 -08:00
Brad Davidson
915c7719fe go generate 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-11-30 15:09:32 -08:00
Brad Davidson
1eeea5c81f go generate 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-11-30 15:09:32 -08:00
Brad Davidson
e08a662509 Disable CCM metrics port when legacy CCM functionality is disabled 
Prevents port conflicts on upgrade for users that have deployed other cloud controllers.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-11-30 15:08:31 -08:00