Commit Graph

253 Commits

Author SHA1 Message Date
Erik Wilson
fe45eb008a
Merge pull request #1416 from erikwilson/device-plugins-path
Use default kubelet device-plugins path
2020-02-14 14:19:51 -07:00
galal-hussein
d49ef31767 Inject node config on startup 2020-02-14 21:17:13 +02:00
Erik Wilson
b15c4473cd Use default kubelet device-plugins path 2020-02-14 10:18:07 -07:00
Erik Wilson
4cacffd7e6
Merge pull request #1298 from erikwilson/warn-npc-fail
Warn if NPC can't start rather than fatal error
2020-01-20 15:36:56 -07:00
Erik Wilson
5b98d10e4b Warn if NPC can't start rather than fatal error
If the ip_set kernel module is not available we should warn
that the network policy controller can not start rather than
cause a fatal error.

Also adds module probing and config checks for ip_set.
2020-01-14 14:30:12 -07:00
Erik Wilson
7675f9f85c Clean up host-gw variable names 2020-01-08 17:43:07 -07:00
Segator
c23f12765e hostgw flannel support 2020-01-08 17:43:07 -07:00
Segator
6736e24673 support hostgw 2020-01-08 17:43:07 -07:00
Erik Wilson
5c37454762
Merge pull request #1198 from narqo/tunel-addr-join-host-port
Respect IPv6 when building proxy address
2019-12-19 15:20:12 -07:00
Erik Wilson
9b2538c2c4 Set wireguard persistent-keepalive on wg set peer 2019-12-19 14:54:48 -07:00
Erik Wilson
3376f31fc2 Revert "Merge pull request #1190 from erikwilson/wireguard-keepalive"
This reverts commit e712cdf7e8, reversing
changes made to d5929bc8c8.

Wireguard docs fail to describe that persistent-keepalive is only valid
when peer is set.
2019-12-19 14:41:38 -07:00
Vladimir Varankin
0c5299c951 pkg/agent/tunnel: respect ipv6 when building proxy addresses 2019-12-19 12:08:07 +01:00
Erik Wilson
6875b11dd2 Fix identity_token -> identitytoken for containerd toml 2019-12-17 21:14:05 -07:00
Erik Wilson
97383868bd
Merge pull request #1186 from erikwilson/upgrade-k8s-1.17.0
Upgrade k8s  to v1.17.0
2019-12-16 09:40:38 -07:00
Erik Wilson
e712cdf7e8
Merge pull request #1190 from erikwilson/wireguard-keepalive
Set Wireguard keepalive to 25 seconds
2019-12-16 09:40:11 -07:00
Erik Wilson
76281bf731 Update k3s for k8s 1.17.0 2019-12-15 23:28:19 -07:00
Erik Wilson
814c302d7c
Merge pull request #955 from btashton/servicelb-sysctl
Enable ip forwarding on both all and default net config
2019-12-12 17:31:02 -07:00
Erik Wilson
7b62811f98 Set Wireguard keepalive to 25 seconds 2019-12-12 10:40:41 -07:00
Erik Wilson
d4959d53af
Merge pull request #1182 from erikwilson/docker-pause-image
Allow --pause-image to set docker sandbox image also
2019-12-11 10:36:07 -07:00
Brennan Ashton
a952d5c32a Default device net config enables ip forwarding
The Linux kernel is inconsistent about how devconf is configured for new
network namespaces between ipv4 and ipv6. The behavior can also be
controlled via net.core.devconf_inherit_init_net in Linux 5.1+ so make
sure to enable forwarding on all and default for both ipv6 and ipv4.

This issue first came up testing on a yocto kernel that had this patch:
 ipv4: net namespace does not inherit network configurations

[0] https://www.kernel.org/doc/html/latest/admin-guide/sysctl/net.html#devconf-inherit-init-net
[1] https://lkml.org/lkml/2014/7/29/119

Signed-off-by: Brennan Ashton <brennana@jfrog.com>
2019-12-10 16:29:59 -08:00
Erik Wilson
2de93d70cf Allow --pause-image to set docker sandbox image also 2019-12-10 16:16:26 -07:00
Jacob Blain Christen
063efb25bb Mutable --node-label values for server/agent sub-commands.
Values passed in via the server/agent `--node-label` flag are treated as mutable. They are passed through to the kubelet just as before but after the kubelet comes up they are applied again. This allows for passing labels a k3s start-time that may be necessary for scheduling but may change from boot to boot, e.g. `k3os.io/version` after an upgrade.

Tested locallon on my amd64 workstation with the docker container.

Addresses #1119.
2019-12-09 16:40:15 -07:00
yuzhiquan
24869ddf21 remove []byte trans, handle func error 2019-11-28 19:26:45 +08:00
yuzhiquan
7cc0110081 fix typo 2019-11-28 19:24:19 +08:00
Guangbo Chen
8ff4c3c256 Update base pause image to rancher repo 2019-11-25 16:09:05 +08:00
Darren Shepherd
ff34c5c5cf Download cert/key to agent with single HTTP request
Since generated cert/keys are stored locally, each server has a different
copy.  In a HA setup we need to ensure we download the cert and key from
the same server so we combined HTTP requests to do that.
2019-11-15 21:51:51 -07:00
Erik Wilson
55c05ac500 Refactor node password location 2019-11-12 15:30:34 -07:00
Erik Wilson
2bbc356f65
Merge pull request #1008 from erikwilson/ip6-system-setup
Improve ip6 system setup & utilities
2019-11-04 14:24:55 -07:00
Erik Wilson
afa9422ad9 Improve ip6 system setup & utilities 2019-11-04 11:35:14 -07:00
Darren Shepherd
ba240d0611 Refactor tokens, bootstrap, and cli args 2019-10-30 19:06:49 -07:00
Erik Wilson
f648a64ee3
Merge pull request #923 from AkihiroSuda/fix-rootless-kubelet-flags
rootless: add kubelet flags automatically
2019-10-25 01:40:06 -07:00
Akihiro Suda
aafccdbccb rootless: add kubelet flags automatically
Fix https://github.com/rancher/k3s/issues/784

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2019-10-25 17:10:14 +09:00
Erik Wilson
aed163b338 Remove trailing whitespace trimming from containerd template 2019-10-23 08:02:07 -07:00
Erik Wilson
2ff2baba49
Merge pull request #913 from erikwilson/kube-router-network-policy
Add network policy support
2019-10-18 16:14:18 -07:00
Erik Wilson
da3a7c6bbc Add network policy controller 2019-10-18 16:11:42 -07:00
Erik Wilson
1df72d14b8 Cleanup containerd config template spacing 2019-10-18 12:34:27 -07:00
Erik Wilson
90df4a1921 Use containerd-shim-run-v2 2019-10-18 12:34:27 -07:00
Erik Wilson
12307a4a69 Fallback to /etc/strongswan for config
Needed for docker image
2019-10-17 22:38:48 -07:00
Darren Shepherd
30c14a4db6
Merge pull request #901 from erikwilson/default-kubelet-dir
Use default kubelet directory
2019-10-17 16:49:11 -07:00
galal-hussein
d2c1f66496 Add k3s cloud provider 2019-10-16 21:13:15 +02:00
Erik Wilson
c72ef62d2c Use default kubelet directory 2019-10-15 10:47:03 -07:00
galal-hussein
5ccc880ddb Add private registry to containerd 2019-10-08 01:54:53 +02:00
Erik Wilson
0af32bba75 Use newest flannel API 2019-09-27 18:33:05 -07:00
Erik Wilson
999e40d6d3 Add strongswan utilities for ipsec 2019-09-27 18:26:39 -07:00
Erik Wilson
959acf9c92 Add --flannel-backend flag 2019-09-27 18:26:39 -07:00
Erik Wilson
359a77939c Enable hairpin mode 2019-09-27 18:26:39 -07:00
Erik Wilson
36fa425d45 Enable extension and ipsec flannel backends 2019-09-27 18:26:39 -07:00
Erik Wilson
3cd807a657 Add --flannel-conf flag 2019-09-27 18:26:39 -07:00
Darren Shepherd
b24f214a50 Update to new cri-api import 2019-08-28 20:53:36 -07:00
Erik Wilson
a76ca2e887 Remove hostname requirement in /etc/hosts 2019-08-21 22:56:20 -07:00
Erik Wilson
98254a3412 Change load balancer logging to debug 2019-08-08 10:48:11 -07:00
Erik Wilson
a17e336993 Use go tcpproxy 2019-07-30 09:53:15 -07:00
Erik Wilson
1833b65fcd
Merge pull request #647 from yamt/remove-proxy-port
Remove agent proxy config which is no longer used
2019-07-23 15:51:51 -07:00
Erik Wilson
8ce509ee6b Cleanup tunnel logs 2019-07-18 05:00:07 -07:00
Erik Wilson
23b0797578 Add context to tunnel connect 2019-07-17 18:15:15 -07:00
Erik Wilson
b93b4732eb Start endpoint tunnel watch before waiting 2019-07-17 17:13:40 -07:00
YAMAMOTO Takashi
dc4ebd4c67 Remove agent proxy config which is no longer used 2019-07-17 18:05:16 +09:00
Erik Wilson
e77dc568bb Cleanup tunnel 2019-07-14 00:29:21 -07:00
Erik Wilson
7e6664b684 Add resource version to tunnel endpoint watch 2019-07-12 15:38:49 -07:00
Erik Wilson
034a863696 Cleanup remotedialer tunnel logs 2019-07-12 15:38:49 -07:00
Erik Wilson
e0212144e8 Tunnel agent to all servers
Watch the kubernetes endpoints to create a tunnel to all servers.
2019-07-03 13:11:54 -07:00
Erik Wilson
29865fd9c9 Remove agent proxy 2019-06-25 15:04:04 -07:00
Erik Wilson
2c9444399b Refactor certs 2019-06-25 15:04:04 -07:00
Darren Shepherd
c0702b0492 Port to wrangler 2019-05-26 22:28:50 -07:00
Darren Shepherd
4b4dd1b59b
Merge pull request #454 from galal-hussein/node_labels_taints
Expose node labels and taints and add node roles
2019-05-25 00:39:55 +02:00
Wenxuan Zhao
f0f57c1e44
Allow using built-in modules
Signed-off-by: Wenxuan Zhao <viz@linux.com>
2019-05-09 12:23:33 -07:00
galal-hussein
930093dfe9 Expose node labels and taints and add node roles 2019-05-08 01:47:07 +02:00
haokang.ke
52f845ec84 Make pause image configurable (#345) 2019-05-03 10:36:12 -07:00
galal-hussein
5d8d9e610b Add timeout to hostname check 2019-05-03 14:41:08 +02:00
Darren Shepherd
4ec051d032
Merge pull request #422 from galal-hussein/use_cni_with_docker
Add cni plugin to kubelet if docker is used
2019-05-02 10:45:34 -07:00
galal-hussein
7e1699cda0 Check if hostname is resolvable before running agent 2019-05-01 22:54:05 +02:00
galal-hussein
191ac9371a Add cni plugin to kubelet if docker is used 2019-04-30 22:12:02 +02:00
Darren Shepherd
2950e81c23
Merge pull request #371 from warmchang/nf_conntrack
🔧 modprobe nf_conntrack
2019-04-26 16:01:13 -07:00
Darren Shepherd
9db91d7de3
Merge pull request #369 from erikwilson/node-dns
Node DNS & cert registration
2019-04-26 16:00:31 -07:00
Erik Wilson
c9941895d6 Bind kubelet to all interfaces and use webhook auth 2019-04-26 15:02:30 -07:00
William Zhang
22bd3a3ce7 🔧 nf_conntrack module
Signed-off-by: William Zhang <zhang.wanmin@zte.com.cn>
2019-04-26 08:55:48 +08:00
galal-hussein
bdf8a355e1 Add containerd config go template 2019-04-25 22:17:34 +02:00
Erik Wilson
f584197bba Save password as text file 2019-04-25 10:53:21 -07:00
Erik Wilson
e64c0298f2 Add cert per-node password authentication 2019-04-23 11:02:35 -07:00
Erik Wilson
1b2db423de Add node name to node cert generation 2019-04-19 18:20:34 +00:00
Darren Shepherd
0e3711b8b7
Merge pull request #339 from km4rcus/cluster-domain-option
Add --cluster-domain option
2019-04-15 10:06:07 -07:00
Stuart Wallace
2268e028a2 Add ability to override flannel interface 2019-04-12 21:06:43 +01:00
Marco Mancini
b445bad171 Add --cluster-domain option 2019-04-12 08:06:35 +02:00
Darren Shepherd
046a817818 Add rootless support 2019-04-09 10:38:04 -07:00
galal-hussein
7794528aa1 Add extra flags for server and agent components 2019-04-09 08:20:38 +02:00
Erik Wilson
a4df9f4ab1 Kubelet resolv.conf DNS update
Allow the kubelet resolv-conf flag to be set, or automatically
discovered from /etc/resolv.conf & /run/systemd/resolve/resolv.conf if
no loopback devices are present, or create our own which points to
nameserver 8.8.8.8
2019-03-26 23:13:54 +00:00
Erik Wilson
1d61576e54 Fix linting issues 2019-03-25 16:04:29 -07:00
Darren Shepherd
6e28ede2f8 Fix containerd debug log env var 2019-03-07 11:20:58 -07:00
Darren Shepherd
fe9a5b1601 Remove spurious error on start 2019-03-07 10:25:21 -07:00
Fernandez Ludovic
e59bd5d489 refactor: creates loadImages function. 2019-03-07 01:45:52 +01:00
Adam Liddell
b430513abf Enforce lower case hostname for node, references #160 2019-03-05 18:34:24 +00:00
Darren Shepherd
4475456a83
Update pkg/agent/config/config.go
Co-Authored-By: juliens <julien.salleyron@gmail.com>
2019-03-04 23:23:17 +01:00
Julien Salleyron
164b89bce4 fix review. 2019-03-04 21:46:37 +01:00
Julien Salleyron
1895eec684 Preload images 2019-03-04 21:34:24 +01:00
Darren Shepherd
ef4e34b289 Remove dead code 2019-03-04 10:10:17 -07:00
Darren Shepherd
70e6ca4ab8 Support external CRI implementations 2019-03-04 10:08:12 -07:00
Sean Duffy
10f1553564 fix 'fannel' typo. 2019-02-28 10:30:45 -07:00
Darren Shepherd
cb5e425457 Set /proc/sys/net/ipv4/ip_forward on agent start 2019-02-23 22:43:59 -07:00
Darren Shepherd
04c5567346 Validate that memory cgroup exists 2019-02-07 21:45:31 -07:00
Darren Shepherd
529aa431d1 Adjust debug logging and write containerd logs to a file 2019-02-07 21:45:31 -07:00
Darren Shepherd
3f2a951564 Ensure that br_netfilter module is loaded 2019-01-25 22:09:46 -07:00
Darren Shepherd
287e0f44c9 Prepare for initial release 2019-01-22 14:20:29 -07:00
Darren Shepherd
62c62cc7b4 Continued refactoring 2019-01-11 21:52:30 -07:00