Erik Wilson
fe45eb008a
Merge pull request #1416 from erikwilson/device-plugins-path
...
Use default kubelet device-plugins path
2020-02-14 14:19:51 -07:00
galal-hussein
d49ef31767
Inject node config on startup
2020-02-14 21:17:13 +02:00
Erik Wilson
b15c4473cd
Use default kubelet device-plugins path
2020-02-14 10:18:07 -07:00
Erik Wilson
4cacffd7e6
Merge pull request #1298 from erikwilson/warn-npc-fail
...
Warn if NPC can't start rather than fatal error
2020-01-20 15:36:56 -07:00
Erik Wilson
5b98d10e4b
Warn if NPC can't start rather than fatal error
...
If the ip_set kernel module is not available we should warn
that the network policy controller can not start rather than
cause a fatal error.
Also adds module probing and config checks for ip_set.
2020-01-14 14:30:12 -07:00
Erik Wilson
7675f9f85c
Clean up host-gw variable names
2020-01-08 17:43:07 -07:00
Segator
c23f12765e
hostgw flannel support
2020-01-08 17:43:07 -07:00
Segator
6736e24673
support hostgw
2020-01-08 17:43:07 -07:00
Erik Wilson
5c37454762
Merge pull request #1198 from narqo/tunel-addr-join-host-port
...
Respect IPv6 when building proxy address
2019-12-19 15:20:12 -07:00
Erik Wilson
9b2538c2c4
Set wireguard persistent-keepalive on wg set peer
2019-12-19 14:54:48 -07:00
Erik Wilson
3376f31fc2
Revert "Merge pull request #1190 from erikwilson/wireguard-keepalive"
...
This reverts commit e712cdf7e8
, reversing
changes made to d5929bc8c8
.
Wireguard docs fail to describe that persistent-keepalive is only valid
when peer is set.
2019-12-19 14:41:38 -07:00
Vladimir Varankin
0c5299c951
pkg/agent/tunnel: respect ipv6 when building proxy addresses
2019-12-19 12:08:07 +01:00
Erik Wilson
6875b11dd2
Fix identity_token -> identitytoken for containerd toml
2019-12-17 21:14:05 -07:00
Erik Wilson
97383868bd
Merge pull request #1186 from erikwilson/upgrade-k8s-1.17.0
...
Upgrade k8s to v1.17.0
2019-12-16 09:40:38 -07:00
Erik Wilson
e712cdf7e8
Merge pull request #1190 from erikwilson/wireguard-keepalive
...
Set Wireguard keepalive to 25 seconds
2019-12-16 09:40:11 -07:00
Erik Wilson
76281bf731
Update k3s for k8s 1.17.0
2019-12-15 23:28:19 -07:00
Erik Wilson
814c302d7c
Merge pull request #955 from btashton/servicelb-sysctl
...
Enable ip forwarding on both all and default net config
2019-12-12 17:31:02 -07:00
Erik Wilson
7b62811f98
Set Wireguard keepalive to 25 seconds
2019-12-12 10:40:41 -07:00
Erik Wilson
d4959d53af
Merge pull request #1182 from erikwilson/docker-pause-image
...
Allow --pause-image to set docker sandbox image also
2019-12-11 10:36:07 -07:00
Brennan Ashton
a952d5c32a
Default device net config enables ip forwarding
...
The Linux kernel is inconsistent about how devconf is configured for new
network namespaces between ipv4 and ipv6. The behavior can also be
controlled via net.core.devconf_inherit_init_net in Linux 5.1+ so make
sure to enable forwarding on all and default for both ipv6 and ipv4.
This issue first came up testing on a yocto kernel that had this patch:
ipv4: net namespace does not inherit network configurations
[0] https://www.kernel.org/doc/html/latest/admin-guide/sysctl/net.html#devconf-inherit-init-net
[1] https://lkml.org/lkml/2014/7/29/119
Signed-off-by: Brennan Ashton <brennana@jfrog.com>
2019-12-10 16:29:59 -08:00
Erik Wilson
2de93d70cf
Allow --pause-image to set docker sandbox image also
2019-12-10 16:16:26 -07:00
Jacob Blain Christen
063efb25bb
Mutable --node-label values for server/agent sub-commands.
...
Values passed in via the server/agent `--node-label` flag are treated as mutable. They are passed through to the kubelet just as before but after the kubelet comes up they are applied again. This allows for passing labels a k3s start-time that may be necessary for scheduling but may change from boot to boot, e.g. `k3os.io/version` after an upgrade.
Tested locallon on my amd64 workstation with the docker container.
Addresses #1119 .
2019-12-09 16:40:15 -07:00
yuzhiquan
24869ddf21
remove []byte trans, handle func error
2019-11-28 19:26:45 +08:00
yuzhiquan
7cc0110081
fix typo
2019-11-28 19:24:19 +08:00
Guangbo Chen
8ff4c3c256
Update base pause image to rancher repo
2019-11-25 16:09:05 +08:00
Darren Shepherd
ff34c5c5cf
Download cert/key to agent with single HTTP request
...
Since generated cert/keys are stored locally, each server has a different
copy. In a HA setup we need to ensure we download the cert and key from
the same server so we combined HTTP requests to do that.
2019-11-15 21:51:51 -07:00
Erik Wilson
55c05ac500
Refactor node password location
2019-11-12 15:30:34 -07:00
Erik Wilson
2bbc356f65
Merge pull request #1008 from erikwilson/ip6-system-setup
...
Improve ip6 system setup & utilities
2019-11-04 14:24:55 -07:00
Erik Wilson
afa9422ad9
Improve ip6 system setup & utilities
2019-11-04 11:35:14 -07:00
Darren Shepherd
ba240d0611
Refactor tokens, bootstrap, and cli args
2019-10-30 19:06:49 -07:00
Erik Wilson
f648a64ee3
Merge pull request #923 from AkihiroSuda/fix-rootless-kubelet-flags
...
rootless: add kubelet flags automatically
2019-10-25 01:40:06 -07:00
Akihiro Suda
aafccdbccb
rootless: add kubelet flags automatically
...
Fix https://github.com/rancher/k3s/issues/784
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2019-10-25 17:10:14 +09:00
Erik Wilson
aed163b338
Remove trailing whitespace trimming from containerd template
2019-10-23 08:02:07 -07:00
Erik Wilson
2ff2baba49
Merge pull request #913 from erikwilson/kube-router-network-policy
...
Add network policy support
2019-10-18 16:14:18 -07:00
Erik Wilson
da3a7c6bbc
Add network policy controller
2019-10-18 16:11:42 -07:00
Erik Wilson
1df72d14b8
Cleanup containerd config template spacing
2019-10-18 12:34:27 -07:00
Erik Wilson
90df4a1921
Use containerd-shim-run-v2
2019-10-18 12:34:27 -07:00
Erik Wilson
12307a4a69
Fallback to /etc/strongswan for config
...
Needed for docker image
2019-10-17 22:38:48 -07:00
Darren Shepherd
30c14a4db6
Merge pull request #901 from erikwilson/default-kubelet-dir
...
Use default kubelet directory
2019-10-17 16:49:11 -07:00
galal-hussein
d2c1f66496
Add k3s cloud provider
2019-10-16 21:13:15 +02:00
Erik Wilson
c72ef62d2c
Use default kubelet directory
2019-10-15 10:47:03 -07:00
galal-hussein
5ccc880ddb
Add private registry to containerd
2019-10-08 01:54:53 +02:00
Erik Wilson
0af32bba75
Use newest flannel API
2019-09-27 18:33:05 -07:00
Erik Wilson
999e40d6d3
Add strongswan utilities for ipsec
2019-09-27 18:26:39 -07:00
Erik Wilson
959acf9c92
Add --flannel-backend flag
2019-09-27 18:26:39 -07:00
Erik Wilson
359a77939c
Enable hairpin mode
2019-09-27 18:26:39 -07:00
Erik Wilson
36fa425d45
Enable extension and ipsec flannel backends
2019-09-27 18:26:39 -07:00
Erik Wilson
3cd807a657
Add --flannel-conf flag
2019-09-27 18:26:39 -07:00
Darren Shepherd
b24f214a50
Update to new cri-api import
2019-08-28 20:53:36 -07:00
Erik Wilson
a76ca2e887
Remove hostname requirement in /etc/hosts
2019-08-21 22:56:20 -07:00
Erik Wilson
98254a3412
Change load balancer logging to debug
2019-08-08 10:48:11 -07:00
Erik Wilson
a17e336993
Use go tcpproxy
2019-07-30 09:53:15 -07:00
Erik Wilson
1833b65fcd
Merge pull request #647 from yamt/remove-proxy-port
...
Remove agent proxy config which is no longer used
2019-07-23 15:51:51 -07:00
Erik Wilson
8ce509ee6b
Cleanup tunnel logs
2019-07-18 05:00:07 -07:00
Erik Wilson
23b0797578
Add context to tunnel connect
2019-07-17 18:15:15 -07:00
Erik Wilson
b93b4732eb
Start endpoint tunnel watch before waiting
2019-07-17 17:13:40 -07:00
YAMAMOTO Takashi
dc4ebd4c67
Remove agent proxy config which is no longer used
2019-07-17 18:05:16 +09:00
Erik Wilson
e77dc568bb
Cleanup tunnel
2019-07-14 00:29:21 -07:00
Erik Wilson
7e6664b684
Add resource version to tunnel endpoint watch
2019-07-12 15:38:49 -07:00
Erik Wilson
034a863696
Cleanup remotedialer tunnel logs
2019-07-12 15:38:49 -07:00
Erik Wilson
e0212144e8
Tunnel agent to all servers
...
Watch the kubernetes endpoints to create a tunnel to all servers.
2019-07-03 13:11:54 -07:00
Erik Wilson
29865fd9c9
Remove agent proxy
2019-06-25 15:04:04 -07:00
Erik Wilson
2c9444399b
Refactor certs
2019-06-25 15:04:04 -07:00
Darren Shepherd
c0702b0492
Port to wrangler
2019-05-26 22:28:50 -07:00
Darren Shepherd
4b4dd1b59b
Merge pull request #454 from galal-hussein/node_labels_taints
...
Expose node labels and taints and add node roles
2019-05-25 00:39:55 +02:00
Wenxuan Zhao
f0f57c1e44
Allow using built-in modules
...
Signed-off-by: Wenxuan Zhao <viz@linux.com>
2019-05-09 12:23:33 -07:00
galal-hussein
930093dfe9
Expose node labels and taints and add node roles
2019-05-08 01:47:07 +02:00
haokang.ke
52f845ec84
Make pause image configurable ( #345 )
2019-05-03 10:36:12 -07:00
galal-hussein
5d8d9e610b
Add timeout to hostname check
2019-05-03 14:41:08 +02:00
Darren Shepherd
4ec051d032
Merge pull request #422 from galal-hussein/use_cni_with_docker
...
Add cni plugin to kubelet if docker is used
2019-05-02 10:45:34 -07:00
galal-hussein
7e1699cda0
Check if hostname is resolvable before running agent
2019-05-01 22:54:05 +02:00
galal-hussein
191ac9371a
Add cni plugin to kubelet if docker is used
2019-04-30 22:12:02 +02:00
Darren Shepherd
2950e81c23
Merge pull request #371 from warmchang/nf_conntrack
...
🔧 modprobe nf_conntrack
2019-04-26 16:01:13 -07:00
Darren Shepherd
9db91d7de3
Merge pull request #369 from erikwilson/node-dns
...
Node DNS & cert registration
2019-04-26 16:00:31 -07:00
Erik Wilson
c9941895d6
Bind kubelet to all interfaces and use webhook auth
2019-04-26 15:02:30 -07:00
William Zhang
22bd3a3ce7
🔧 nf_conntrack module
...
Signed-off-by: William Zhang <zhang.wanmin@zte.com.cn>
2019-04-26 08:55:48 +08:00
galal-hussein
bdf8a355e1
Add containerd config go template
2019-04-25 22:17:34 +02:00
Erik Wilson
f584197bba
Save password as text file
2019-04-25 10:53:21 -07:00
Erik Wilson
e64c0298f2
Add cert per-node password authentication
2019-04-23 11:02:35 -07:00
Erik Wilson
1b2db423de
Add node name to node cert generation
2019-04-19 18:20:34 +00:00
Darren Shepherd
0e3711b8b7
Merge pull request #339 from km4rcus/cluster-domain-option
...
Add --cluster-domain option
2019-04-15 10:06:07 -07:00
Stuart Wallace
2268e028a2
Add ability to override flannel interface
2019-04-12 21:06:43 +01:00
Marco Mancini
b445bad171
Add --cluster-domain option
2019-04-12 08:06:35 +02:00
Darren Shepherd
046a817818
Add rootless support
2019-04-09 10:38:04 -07:00
galal-hussein
7794528aa1
Add extra flags for server and agent components
2019-04-09 08:20:38 +02:00
Erik Wilson
a4df9f4ab1
Kubelet resolv.conf DNS update
...
Allow the kubelet resolv-conf flag to be set, or automatically
discovered from /etc/resolv.conf & /run/systemd/resolve/resolv.conf if
no loopback devices are present, or create our own which points to
nameserver 8.8.8.8
2019-03-26 23:13:54 +00:00
Erik Wilson
1d61576e54
Fix linting issues
2019-03-25 16:04:29 -07:00
Darren Shepherd
6e28ede2f8
Fix containerd debug log env var
2019-03-07 11:20:58 -07:00
Darren Shepherd
fe9a5b1601
Remove spurious error on start
2019-03-07 10:25:21 -07:00
Fernandez Ludovic
e59bd5d489
refactor: creates loadImages function.
2019-03-07 01:45:52 +01:00
Adam Liddell
b430513abf
Enforce lower case hostname for node, references #160
2019-03-05 18:34:24 +00:00
Darren Shepherd
4475456a83
Update pkg/agent/config/config.go
...
Co-Authored-By: juliens <julien.salleyron@gmail.com>
2019-03-04 23:23:17 +01:00
Julien Salleyron
164b89bce4
fix review.
2019-03-04 21:46:37 +01:00
Julien Salleyron
1895eec684
Preload images
2019-03-04 21:34:24 +01:00
Darren Shepherd
ef4e34b289
Remove dead code
2019-03-04 10:10:17 -07:00
Darren Shepherd
70e6ca4ab8
Support external CRI implementations
2019-03-04 10:08:12 -07:00
Sean Duffy
10f1553564
fix 'fannel' typo.
2019-02-28 10:30:45 -07:00
Darren Shepherd
cb5e425457
Set /proc/sys/net/ipv4/ip_forward on agent start
2019-02-23 22:43:59 -07:00
Darren Shepherd
04c5567346
Validate that memory cgroup exists
2019-02-07 21:45:31 -07:00
Darren Shepherd
529aa431d1
Adjust debug logging and write containerd logs to a file
2019-02-07 21:45:31 -07:00
Darren Shepherd
3f2a951564
Ensure that br_netfilter module is loaded
2019-01-25 22:09:46 -07:00
Darren Shepherd
287e0f44c9
Prepare for initial release
2019-01-22 14:20:29 -07:00
Darren Shepherd
62c62cc7b4
Continued refactoring
2019-01-11 21:52:30 -07:00