rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-07-05 03:28:08 +00:00
Code Issues Releases Wiki Activity
1,891 Commits 44 Branches 738 Tags 692 MiB
1049c93db5
Commit Graph

165 Commits

Author SHA1 Message Date
Kinara Shah
3b8991e345 bind rke kubelet docker config path to default docker config path 
rke stores auth info in /var/lib/kubelet/config.json but cri-dockerd
relies on k8.io credential provider which uses only default config
provider, this allows cri-dockerd to pull sandbox pause image using
private registry
 2022-08-04 12:52:42 -07:00
Chris Kim
22b0894c83
Add bind mount for /var/lib/cri-dockerd (#3001) 
* Add dockershim bind to 1.24 and newer of K8s
 2022-08-04 10:59:38 -07:00
Jiaqi Luo
9f5ecdb801 1. enable cri-dockerd when the cluster version >= 1.24 AND the option enable_cri_dockerd is not configured; 2. drop the flag --address when the cluster version >= 1.24 in the DinD case 2022-06-28 17:22:47 -07:00
Harrison Affel
fbac9aa8f9 add fields ExtraArgsArray and WindowsExtraArgsArray 2022-04-22 10:09:38 -04:00
Kinara Shah
ddcd9cd2c0 fix auth kubeconfig not passed to kube-scheduler args 2022-03-15 11:05:36 -07:00
Kinara Shah
f7b293b7ae update scheduler healthcheck port for k8s 1.23 2022-03-03 10:25:05 -08:00
Kinara Shah
eb8b278bcd delete hostname-override for aws cloud provider 
aws cloud provider assigns private dns as the node name,
don't override it since it cannot be changed.
 2022-01-10 09:35:26 -08:00
Kinara Shah
5ac34a1f41 pass authorization-kubeconfig and authentication-kubeconfig for 1.22 
controller manager must start with proper authorization and
authentication kubeconfig in args starting 1.22. k8s 1.22 has
disabled insecure serving for kube controller manager.
 2021-12-03 17:19:47 -08:00
Sebastiaan van Steenis
0cea67e9ff Do not rewrite SELinux labels on volume mounts 2021-11-19 22:39:56 +01:00
Sebastiaan van Steenis
546a61b24a Add compatibility with k8s v1.22 2021-11-04 16:50:58 +01:00
Sebastiaan van Steenis
51a6b50a84
Revert "Do not rewrite SELinux labels on volume mounts" 2021-07-29 08:59:54 +02:00
Sebastiaan van Steenis
a4bebdb8bb Add support for enabling cri-dockerd 2021-06-08 19:05:54 +02:00
Sebastiaan van Steenis
ca8cc62303
Merge pull request #2541 from superseb/no_selinux_relabel 
Do not rewrite SELinux labels on volume mounts
 2021-05-31 15:06:19 +02:00
Sebastiaan van Steenis
88a4d73e79
Merge pull request #1372 from zhaofengli/mixed-arch-etcd-cluster 
Use the node's architecture to build etcd process
 2021-05-31 10:44:31 +02:00
Sebastiaan van Steenis
9757be753f Do not rewrite SELinux labels on volume mounts 2021-05-18 22:22:40 +02:00
Sebastiaan van Steenis
56b1c16e9f Add stricter TLS cipher for etcd v3.4.15 and up 2021-04-05 13:21:55 +02:00
Sebastiaan van Steenis
5e50b51b13 Add auditlog checksum to trigger restart on update 2021-01-27 10:32:57 +01:00
Sebastiaan van Steenis
b3ca1f8327 Don't advertise etcd port 4001 in v3.4.13 and up 2020-09-23 09:27:51 -07:00
Vincent Batts
d77ee0d53f
cluster/plan: don't relabel /lib/modules by default 
As this logic went, it would relabel /lib/modules, except on enterprise
linux and when SELinux is enabled (even just permisive).

Flatcar Container Linux defaults to SELinux on, but permisive, and
`/lib/modules/` is a symlink to the read-only `/usr`.
So `./rke up` would fail on attempting to relabel /usr.

The prior work around is to set `SELINUX=disable` in
/etc/selinux/config.

Signed-off-by: Vincent Batts <vbatts@kinvolk.io>
 2020-08-21 16:17:00 -04:00
Luther Monson
23d2341172 updates for prefix path 2020-08-20 13:40:21 -07:00
Luther Monson
7d6181a290 add win_ params for prefix path, env, args and binds 
Problem: When building a hybrid cluster with windows nodes there is only
a single set of overrides you can use per service. This limits
configuring the node as service args and prefix_path sometimes need to
be specific for the different OS.
Solution: Add support for `win_` prefixed parameters for cluster level
`path_prefix` and service level `extra_args`, `extra_env` and
`extra_binds`. Params will work as before, passing in the non `win_`
prefixed params, IF you set the `win_` prefixed params it willy only use
those meaning you will need to duplicate the params in both config
sections of your rke cluster yaml.
 2020-08-20 13:39:57 -07:00
Darren Shepherd
c405e6ea1b Remove references to rancher/types 2020-07-11 23:29:33 -07:00
Sebastiaan van Steenis
80d7dcc6e9 Revert kubelet fix as Docker 19.03.9 has fix 2020-06-09 19:20:30 +02:00
Sebastiaan van Steenis
0c063587ec Dont relabel volumes on upstream Docker & SELinux 2020-05-19 21:50:24 +02:00
kinarashah
ef34e40165 log service options data in trace 2020-03-26 10:03:41 -07:00
Sebastiaan van Steenis
31a3005733 Add support for nodelocal DNS 2020-03-03 18:09:18 +01:00
kinarashah
12f88f55db error out if service options are not found 
it's unexpected to see empty service options, but node plan shouldn't be generated
in those scenarios
 2020-02-28 11:21:41 -08:00
Sebastiaan van Steenis
1bcaefdacc Add debug logging for serviceoptions 2019-12-20 14:42:06 +01:00
Benjamin S. Allen
4f2c87fcd0 Remove the prefixPath from the /lib/modules bind mount for kube-proxy IPVS support 2019-12-17 14:10:38 -08:00
kinarashah
790a8858f9 respect metadata's service options for etcd 2019-12-09 10:09:16 -08:00
Prachi Damle
5cf3f1c161 Revert mounting modules for windows 2019-12-04 16:29:59 -08:00
Murali Paluru
b9900f3b9c change enc provider arg, update defaults for audit log config 2019-11-21 14:08:33 -08:00
Murali Paluru
b649664af8 add admission control config file arg, enable plugin 2019-11-15 14:25:03 -08:00
Sebastiaan van Steenis
adc5941fd9 Add per node kubelet server certificate 2019-10-31 15:56:44 -07:00
Murali Paluru
bf8688e709 auditlog and eventratelimit changes 2019-10-31 13:48:44 -07:00
Prachi Damle
a1ec25375c Bind mount for ipvs provxy mode 2019-10-29 15:03:44 -07:00
moelsayed
372393ac1b Add Secret Encryption Provider Support 2019-10-29 14:10:32 -07:00
kinarashah
b9bb53ace6 fix applying AlwaysPullImages to commandArgs 
Earlier we checked for AlwaysPullImages only if PodSecurityPolicy
is true clause, need both checks separately.
 2019-10-22 21:48:23 -07:00
Sebastiaan van Steenis
7c4c1324f9 Provide IP for kube-proxy if cloudprovider is set 
If cloudprovider is set (not empty), set the bind address because the node will not be able to retrieve it's IP address because the nodename could be set by the cloud provider (e.g. AWS and Openstack)
 2019-10-18 09:24:02 -07:00
Frank Mai
f45fc47dca Adjust Windows worker plan 
**Issue:**
https://github.com/rancher/rancher/issues/22676
 2019-09-17 12:02:22 -07:00
Dan Ramich
ecfab50fce Update apis for 1.16 2019-09-09 11:20:26 -07:00
kinarashah
9411027476 consider service options based on hostOS info 2019-09-09 11:12:33 -07:00
Sebastiaan van Steenis
ac16bd8b33 Configure MCS labels if selinux is enabled 2019-08-22 13:45:04 -07:00
Frank Mai
277797df0f Support to generate Windows worker plan 
- Put Windows worker plan generating back to reduce the changing from
Windows on rancher/rancher
- Prepare for rke bootstraps Windows cluster

**Issue:**
https://github.com/rancher/rancher/issues/16460
 2019-08-21 20:50:31 -07:00
Sebastiaan van Steenis
3f94e86706 Revert "Add per node kubelet server certificate" 
This reverts commit b860e634db.
 2019-08-08 09:49:47 -07:00
Sebastiaan van Steenis
b860e634db Add per node kubelet server certificate 2019-07-31 14:54:43 -07:00
moelsayed
688d4aedd7 support etcd custom uid/gid 2019-07-29 17:24:16 -07:00
kinarashah
b018c756b1 read serviceOptions from minor version first 2019-07-19 13:25:42 -07:00
galal-hussein
55b1b4db7c use healthz endpoint for kubelet healthcheck 2019-07-18 14:22:07 -07:00
kinarashah
116b47b025 rancher pass serviceoptions and addon templates to rke 2019-07-03 10:04:27 -07:00