rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-08-02 07:43:04 +00:00
Code Issues Releases Wiki Activity
1,969 Commits 44 Branches 748 Tags 740 MiB
12ac38f4ad
Commit Graph

640 Commits

Author SHA1 Message Date
Sebastiaan van Steenis
9bca29befb Able to include and extract state file in snapshot 2020-07-21 11:09:37 +02:00
Darren Shepherd
c405e6ea1b Remove references to rancher/types 2020-07-11 23:29:33 -07:00
Sebastiaan van Steenis
80d7dcc6e9 Revert kubelet fix as Docker 19.03.9 has fix 2020-06-09 19:20:30 +02:00
rawmind0
8ff29b617f Updated api bool fields with default=true to *bool. Go files 2020-06-02 20:15:53 +02:00
aiyengar2
94e9c1a01c
Merge pull request #2079 from aiyengar2/revert_encryption_by_default 
Revert default encryption in k8s 1.18
 2020-05-29 16:30:23 -07:00
Sebastiaan van Steenis
e9819eb069
Merge pull request #2058 from superseb/upstreamdockerselinux 
Dont relabel volumes on upstream Docker & SELinux
 2020-05-29 15:57:39 +02:00
Arvind Iyengar
6e194ab1a6 Revert "Add support for k8s 1.18" 
This reverts commit 763a896380.
 2020-05-27 12:48:10 -07:00
Sebastiaan van Steenis
2b226dc314
Merge pull request #1990 from superseb/remove_user_addons 
Remove user addons when not present
 2020-05-19 22:56:22 +02:00
Sebastiaan van Steenis
0c063587ec Dont relabel volumes on upstream Docker & SELinux 2020-05-19 21:50:24 +02:00
Arvind Iyengar
763a896380 Add support for k8s 1.18 
This commit changes default settings for k8s 1.18 to have encryption at rest by default: https://github.com/rancherlabs/rancher-security/issues/412
 2020-05-12 14:13:11 -07:00
Sebastiaan van Steenis
d91e7efd2d Remove user addons when not present 2020-03-30 21:18:09 +02:00
Darren Shepherd
ecc629f2c3 Refactor to new client-go API in k8s 1.18 2020-03-27 10:55:19 -07:00
Kinara Shah
b9c2d893bc
Merge pull request #1987 from kinarashah/lgt 
log service options data in trace
 2020-03-27 10:15:08 -07:00
rajashree
00f6567714 Use v3 type for addons updateStrategy 2020-03-26 15:52:57 -07:00
kinarashah
ef34e40165 log service options data in trace 2020-03-26 10:03:41 -07:00
Sebastiaan van Steenis
4adf2c9b68
Merge pull request #1980 from superseb/re_try_logging 
Standardize (re-)try logging
 2020-03-23 13:30:37 +01:00
Sebastiaan van Steenis
5f46c748c0 Standardize (re-)try logging 2020-03-21 18:34:16 +01:00
rajashree
1ecf6effbf Reconcile workerplane for NotReady control hosts 2020-03-20 13:37:37 -07:00
Sebastiaan van Steenis
d65d72ae6d Enable kube-api audit log for new k8s versions 2020-03-15 13:55:47 +01:00
rajashree
fc3709507d Reset error to nil if lister works on retries 2020-03-13 15:16:25 -07:00
rajashree
6b94c4a3fb Retain user-configured dnsConfig fields when provider is not set 2020-03-12 23:56:11 -07:00
rajashree
6b25bcf3e0 Remove ignore-upgrade label from zero downtime upgrade 2020-03-10 23:36:17 -07:00
rajashree
bb6873ce48 Addresses following issues: 
1. Compare maxUnavailable with powered off hosts before attempting to reconcile
NotReady hosts
2. Include powered off hosts as failed hosts for controlplane upgrade to return error
3. Change coredns upgrade strategy. With addons changes it was changed to have the k8s
default value for a deployment of 25% maxUnavailable and maxSurge. This commit changes it
back to maxUnavailable of 1 to avoid dns addon upgrade issues
 2020-03-07 14:22:35 -08:00
Darren Shepherd
1e34d2b464 Remove n^2 algorithm. At 5000+ nodes plus this gets to be a real problem 2020-03-06 08:52:56 -07:00
Sebastiaan van Steenis
eaf643e6a2
Merge pull request #1945 from superseb/move_log_trace 
Add logging structs/file content to trace loglevel
 2020-03-05 22:19:22 +01:00
Sebastiaan van Steenis
5c7daf4fb1 Add logging structs/file content to trace loglevel 2020-03-05 19:42:05 +01:00
Chris Kim
97371fe82d Add custom flexvolume capabilities to canal and calico 2020-03-05 08:18:40 -08:00
Sebastiaan van Steenis
64f0d7808d
Merge pull request #1872 from Lucaber/fix/cluster-state-log 
Fix log output of full-cluster-state configmap name
 2020-03-05 14:56:56 +01:00
Rajashree Mandaogane
b9b29be0e5
Merge pull request #1943 from mrajashree/rename_label 
Rename ignore label and return error on controlplane failure
 2020-03-04 15:27:16 -08:00
rajashree
c61d531af1 Rename ignore label and return error on controlplane failure 2020-03-04 15:20:48 -08:00
Sebastiaan van Steenis
31a3005733 Add support for nodelocal DNS 2020-03-03 18:09:18 +01:00
rajashree
d420881c41 Check role before including host in inactive host list 2020-03-01 19:03:07 -08:00
kinarashah
12f88f55db error out if service options are not found 
it's unexpected to see empty service options, but node plan shouldn't be generated
in those scenarios
 2020-02-28 11:21:41 -08:00
rajashree
e27a05f8b1 Attempt upgrade on NotReady hosts 2020-02-26 14:14:42 -08:00
Dax McDonald
d7a4f2d2c3 Fix formatting 2020-02-26 12:08:10 -07:00
Rajashree Mandaogane
6664be5e3b
Merge pull request #1912 from mrajashree/zero_downtime_bugfixes 
Accept label to ignore nodes during upgrade
 2020-02-24 10:06:57 -08:00
Daishan
d2d72767a7 Move rke away from kdm vendor 2020-02-24 10:14:25 -07:00
rajashree
968a399f26 Accept label to ignore nodes during upgrade 
RKE does a cluster scan to find the unreachable hosts, and if that number
is same as or exceeds maxUnavailable, upgrade won't proceed.
This commit introduces a label users can provide for their nodes so they
don't get counted as unavailable and are excluded from upgrade.
This commit also includes a couple of bug fixes
 2020-02-22 14:23:47 -08:00
rajashree
4e38cdf825 Parse updateStrategy, replicas and autoscaler fields 2020-02-18 09:01:29 -08:00
Rajashree Mandaogane
92714e5523
Merge pull request #1800 from mrajashree/workers_upgrade 
Change RKE upgrade logic for zero downtime
 2020-02-06 11:03:29 -08:00
rajashree
11678a3f98 Change RKE upgrade logic for zero downtime 2020-02-05 16:19:47 -08:00
Sebastiaan van Steenis
56d4c1b937
Merge pull request #1888 from superseb/local_s3_snapshots_check 
Determine etcd s3 snapshots by s3 config presence
 2020-02-05 10:40:53 +01:00
Murali Paluru
b7140ab74b change the apiVersion of eventratelimit 2020-01-30 19:14:34 -08:00
Darren Shepherd
25e7f98777 Use eventratelimit from rancher/types 2020-01-23 16:04:43 -07:00
Sebastiaan van Steenis
23e98603bd Determine etcd s3 snapshots by s3 config presence 2020-01-20 18:43:35 +01:00
Luca Berneking
1baa4b2efc Fix log output of full-cluster-state configmap name 
This PR corrects the log output during `rke up`.
The output still contains the legacy configmap name `cluster-state`.
The new cluster state is saved in `full-cluster-state`.
 2020-01-09 14:50:42 +01:00
Sebastiaan van Steenis
ecc658b004
Merge pull request #1845 from superseb/debug_svcoptions 
Add debug logging for serviceoptions
 2020-01-02 12:29:11 +01:00
Brenda Rearden
078f11b8a6 Change MTU from string to int 2019-12-23 14:10:50 -07:00
Sebastiaan van Steenis
1bcaefdacc Add debug logging for serviceoptions 2019-12-20 14:42:06 +01:00
Benjamin S. Allen
4f2c87fcd0 Remove the prefixPath from the /lib/modules bind mount for kube-proxy IPVS support 2019-12-17 14:10:38 -08:00
Sebastiaan van Steenis
3ac9cad743 Add ability to set MTU for CNI 2019-12-11 13:34:34 -08:00
kinarashah
790a8858f9 respect metadata's service options for etcd 2019-12-09 10:09:16 -08:00
Sebastiaan van Steenis
6b68be717a Deploy cloud-config file while contents are empty 2019-12-05 10:51:14 -08:00
Prachi Damle
5cf3f1c161 Revert mounting modules for windows 2019-12-04 16:29:59 -08:00
Alena Prokharchyk
2bc68c7118 Correct system image for etcd snapshot removal 
when removal is executed as a part of restoration
 2019-12-03 15:58:31 -08:00
Murali Paluru
b9900f3b9c change enc provider arg, update defaults for audit log config 2019-11-21 14:08:33 -08:00
Murali Paluru
843e14135f add null check for audit log config 2019-11-15 14:25:03 -08:00
Murali Paluru
b649664af8 add admission control config file arg, enable plugin 2019-11-15 14:25:03 -08:00
rajashree
c31ee1eb4b Handle unmarshal of ingressConfig's k8s native fields separately 
IngressConfig fields ExtraEnvs, ExtraVolumes and ExtraVolumeMounts are k8s types.
The yaml unmarshal done in ParseConfig can't unmarshal these properly because they have
nested fields without yaml tags. This commit adds logic to unmarshal
these fields separately so all nested fields get unmarshaled too.
 2019-11-15 10:54:07 -08:00
rajashree
9c1c0ea999 Accept extraEnv, volumes and volumeMounts for ingress addon 
The fields for ExtraEnv, extraVolumes and extraVolumeMounts for ingress
addon refer the k8s native types EnvVar, Volume and VolumeMounts.
The k8s native types have json tags, so this commit adds a template func to
first marshal and get json encoding and then convert to yaml.
 2019-11-14 10:54:00 -08:00
Alena Prokharchyk
6bc2e1e8f8 Restart api/rewrite secrets on config change 2019-11-05 09:34:46 -08:00
Alena Prokharchyk
5eaf28372b Ability to disable custom encryption 2019-11-05 09:34:46 -08:00
Sebastiaan van Steenis
adc5941fd9 Add per node kubelet server certificate 2019-10-31 15:56:44 -07:00
Murali Paluru
e811e18fb3 review comments, build failure fixes 2019-10-31 13:48:44 -07:00
Murali Paluru
bf8688e709 auditlog and eventratelimit changes 2019-10-31 13:48:44 -07:00
Prachi Damle
a1ec25375c Bind mount for ipvs provxy mode 2019-10-29 15:03:44 -07:00
moelsayed
372393ac1b Add Secret Encryption Provider Support 2019-10-29 14:10:32 -07:00
kinarashah
b9bb53ace6 fix applying AlwaysPullImages to commandArgs 
Earlier we checked for AlwaysPullImages only if PodSecurityPolicy
is true clause, need both checks separately.
 2019-10-22 21:48:23 -07:00
Dax McDonald
4579431ece Catch error on setNetworkOptions 2019-10-22 21:37:34 -07:00
Sebastiaan van Steenis
7c4c1324f9 Provide IP for kube-proxy if cloudprovider is set 
If cloudprovider is set (not empty), set the bind address because the node will not be able to retrieve it's IP address because the nodename could be set by the cloud provider (e.g. AWS and Openstack)
 2019-10-18 09:24:02 -07:00
Dax McDonald
ad678b6a32 Remove dead code 2019-10-04 15:02:14 -07:00
Dax McDonald
8022b815b3 Remove uneeded nil check 2019-10-04 15:01:53 -07:00
Rowan James
9a03d8020b fix typo: ControlPlan -> ControlPlane 2019-10-03 12:30:04 -07:00
Sebastiaan van Steenis
14827e2cdf Print proxy env vars when applying authz resources 2019-09-20 09:16:30 -07:00
Frank Mai
f45fc47dca Adjust Windows worker plan 
**Issue:**
https://github.com/rancher/rancher/issues/22676
 2019-09-17 12:02:22 -07:00
Dan Ramich
ecfab50fce Update apis for 1.16 2019-09-09 11:20:26 -07:00
kinarashah
9411027476 consider service options based on hostOS info 2019-09-09 11:12:33 -07:00
Frank Mai
0a170b22b7 Support to accpet new Windows service options 
**Issue:**
https://github.com/rancher/rancher/issues/22470
 2019-09-05 17:05:34 -07:00
chentanjun
11c49ae59f fix-up cluster/cluster.go main.go spelling-mistake 2019-09-03 12:45:20 -07:00
galal-hussein
798632b3a4 Handle missing request header ca in rotate certificate 2019-08-29 13:42:47 -07:00
rajashree
1b4f7939f1 Add nodeSelector in network and monitoring addons 2019-08-29 11:29:57 -07:00
Chris Kim
5cb6699fe3 Adding DNS Policy support for nginx ingress controller 2019-08-23 16:04:52 -07:00
galal-hussein
c5fefd5c77 Add k8s 1.16 2019-08-23 09:50:49 -07:00
orangedeng
0ef3c0849a Support node taint configuration 
**Problem:**
We can not set node taints in RKE node config.

**Solution:**
Sync taints from config in `SyncLabelsAndTaints` function
 2019-08-22 21:09:05 -07:00
Sebastiaan van Steenis
ac16bd8b33 Configure MCS labels if selinux is enabled 2019-08-22 13:45:04 -07:00
Frank Mai
277797df0f Support to generate Windows worker plan 
- Put Windows worker plan generating back to reduce the changing from
Windows on rancher/rancher
- Prepare for rke bootstraps Windows cluster

**Issue:**
https://github.com/rancher/rancher/issues/16460
 2019-08-21 20:50:31 -07:00
galal-hussein
9c5de9f577 Handle etcd changing its public IP address 2019-08-21 11:47:42 -07:00
Sebastiaan van Steenis
c3e9492716 Print original error regarding kubeconfig 2019-08-21 11:47:08 -07:00
kinarashah
734c651f16 remove support for default versioned templates 2019-08-20 13:59:03 -07:00
moelsayed
06e87ebabb Remove uncompressed snapshot after restore 2019-08-20 12:50:25 -07:00
Darren Shepherd
f8bac2c059 Update to new certs package since latest k8s dropped it 2019-08-19 11:02:43 -07:00
Dan Ramich
4902cf71d9
Merge pull request #1539 from superseb/fixcalicolabels 
Use correct labels to delete calico pods
 2019-08-14 10:15:58 -07:00
Denise
0c405cdc88 Revert "Handle changing public ip for etcd member delete" 
This reverts commit b5d7f5dcd4.
 2019-08-12 11:51:20 -07:00
Rodrigue Cloutier
aff29683b2 Fixed issue 1404: Support of configuration with no node with etcd role 2019-08-09 11:14:10 -07:00
moelsayed
a3e7bef8cd Fix ingress deployment issue with PSP enabled 2019-08-09 11:11:58 -07:00
galal-hussein
b5d7f5dcd4 Handle changing public ip for etcd member delete 2019-08-09 11:07:30 -07:00
Sebastiaan van Steenis
f1cdff2a3e Use correct labels to delete calico pods 2019-08-08 20:35:26 +02:00
Sebastiaan van Steenis
3f94e86706 Revert "Add per node kubelet server certificate" 
This reverts commit b860e634db.
 2019-08-08 09:49:47 -07:00
Sebastiaan van Steenis
b860e634db Add per node kubelet server certificate 2019-07-31 14:54:43 -07:00
moelsayed
fd237d9eef Fix constant kubeapi certificate regeneration 2019-07-31 14:52:46 -07:00
moelsayed
688d4aedd7 support etcd custom uid/gid 2019-07-29 17:24:16 -07:00
galal-hussein
2bc960a01c Add kubeapi proxy cluster role and role binding 2019-07-25 14:16:26 -07:00
kinarashah
b018c756b1 read serviceOptions from minor version first 2019-07-19 13:25:42 -07:00
kinarashah
217e1b41b8 generate correct default rketools 
always use rke's default k8s's rke-tools, even if rancher's default k8s
changes. This is based on assumption that change in rke-tools would also
require a new rke version.
 2019-07-18 14:48:48 -07:00
galal-hussein
55b1b4db7c use healthz endpoint for kubelet healthcheck 2019-07-18 14:22:07 -07:00
moelsayed
17320083e9 Use etcd service extra_env in backup containers 2019-07-17 16:42:26 -07:00
Sebastiaan van Steenis
958042817a Add Calico controller image for 3.7.4 2019-07-16 12:57:46 -07:00
moelsayed
7b5797ce18 reconcile node roles 2019-07-11 14:27:55 -07:00
moelsayed
058f196e72 Fix worker/controlplane reconcile logic 2019-07-11 14:27:55 -07:00
Sebastiaan van Steenis
63b6ece7b9 Check if certificates are present in state 
Problem: If certificates are empty in cluster state (or missing rkestate file), RKE and Rancher would throw NPE.

Solution: Check if certificates are present or error out (for now this situation needs manual intervention)
 2019-07-11 14:27:41 -07:00
kinarashah
f360207416 move metadata init to InitClusterObject 2019-07-08 15:40:31 -07:00
kinarashah
116b47b025 rancher pass serviceoptions and addon templates to rke 2019-07-03 10:04:27 -07:00
kinarashah
c191ed6202 use k8s version info from kontainer-driver-metadata 2019-07-03 10:04:27 -07:00
Sebastiaan van Steenis
42c097275a Add stubdomains to kube-dns 2019-07-01 09:43:31 -07:00
moelsayed
2c907f9f21 rename EndpointCA 2019-06-25 14:17:53 -07:00
Sebastiaan van Steenis
9985bc8bae Add k8s 1.15 2019-06-25 10:41:27 -07:00
moelsayed
38c31b9766 Add option to pass custom CA certificate for S3 backend 2019-06-20 15:00:00 -07:00
galal-hussein
ffa42ab900 fix file permissions 2019-06-18 12:52:42 -07:00
Sebastiaan van Steenis
88768e2527 CoreDNS default DNS provider for k8s 1.14 and up 2019-06-14 11:50:46 -07:00
Sebastiaan van Steenis
ae44a9510f Format user addon YAML before concat 2019-06-11 12:52:44 -07:00
kinarashah
1a1080a234 always use DefaultRKETools for etcd snapshot 2019-06-11 12:52:25 -07:00
galal-hussein
870c073c10 Use Internal Addresses to sort the etcd connection string 2019-05-31 09:48:35 -07:00
Zhaofeng Li
cc3c03746f Use the node's architecture to build etcd process 
This allows for mixed-architecture etcd clusters.
 2019-05-30 03:41:59 -07:00
Erik Wilson
581e3389c4 Reorder etcd servers list 2019-05-28 09:50:29 -07:00
Erik Wilson
e2f7f865ed Force deploy certs if etcd cert was changed 2019-05-24 09:12:39 -07:00
Alena Prokharchyk
f409da01bd Revert "Do preliminary KubeAPI port check using HTTP. Resolves rancher#1256." 
This reverts commit 9c94d6525d.
 2019-05-24 09:12:13 -07:00
jlamillan
9c94d6525d Do preliminary KubeAPI port check using HTTP. Resolves rancher#1256. 2019-05-22 10:25:36 -07:00
kinarashah
5f4cff3f4c remove PersistentVolumeLabel controller 
deprecated post 1.11
 2019-05-08 12:11:44 -07:00
Sebastiaan van Steenis
1127a90a9c Add correct env vars if etcd 3.3 is used 2019-05-02 09:46:26 -07:00
Frank Mai
471146b25c Support to config Flannel backend 
- Add `flannel_backend_port` and `canal_flannel_backend_port` to config
the port of Flannel
- Add `flanneld_backend_vni` and `canal_flannel_backend_vni` to config
the VxLan network identify of Flannel
 2019-04-29 09:29:13 -07:00
Sebastiaan van Steenis
5660fd44d3 Added onetime container and active running checks 2019-04-24 16:56:17 -07:00
galal-hussein
7744f18d6e Force deploy certificates if kubeapi cert got changed 2019-04-24 16:54:19 -07:00
Sebastiaan van Steenis
765746fc77 Correct log messages for file-deployer 2019-04-24 16:54:02 -07:00
galal-hussein
7a0406c44f Check legacy state if kubeconfig doesnt exist 2019-04-23 16:43:07 -07:00
Jan B
9679aca20c Fix: kube-proxy not mounting /run/xtables.lock leading to racy iptables access 
kube-proxy and other processes invoking iptables (e.g. flannel, weave) must share the host fs `/run/xtables.lock` to prevent concurrent access to iptables resulting in errors like "iptables: Resource temporarily unavailable".
 2019-04-17 11:20:04 -07:00
galal-hussein
de0a1d6948 Fix fetching state with prefix path from nodes 2019-04-09 14:56:51 -07:00
jlamillan
d9f2a41e5a Prepend 3 dashes at the beginning of addon YAMLs if missing. Resolves #1251. 2019-04-08 15:35:53 -07:00
Sebastiaan van Steenis
e1d0899efe Show correct filename for webhook auth config file 2019-04-08 15:27:01 -07:00
Sebastiaan van Steenis
21f3a3eff9 Add k8s 1.14 2019-04-05 15:45:19 -07:00
moelsayed
06b709e888 Add RemoveEtcdSnapshot 2019-04-05 13:51:08 -07:00
galal-hussein
3bc6b0a18f Fix desired state in rke rotate 2019-04-03 16:39:21 -07:00
galal-hussein
6341dadc2f Return empty config if bearer token is present 2019-04-02 12:48:52 -07:00
Frank Mai
d2783a9298 Change controllerMgr & scheduler listening address 
**Problem:**
For now, Monitoring cannot scrape metrics from controllerMgr & scheduler

**Solution:**
Change listening address to `0.0.0.0`

**Issue:**
https://github.com/rancher/rancher/issues/17922
 2019-03-19 21:00:09 -07:00
galal-hussein
d3d107a09a Restart cluster agent pod in rotate certs 2019-03-19 12:49:20 -07:00
galal-hussein
32e1071041 Handle missing service account token key when fetching certs from nodes 2019-03-19 08:52:08 -07:00
galal-hussein
c1372bc797 Fetch certificates and state from nodes for legacy cluster 2019-03-18 12:59:52 -07:00
moelsayed
3302099643 Fix backupConfig defaults 2019-03-18 10:35:04 -07:00
galal-hussein
6f6f2c4b90 Restart Kubeapi auth pod 2019-03-13 21:27:40 -07:00
galal-hussein
d9e0a9d749 Revert "Restart Cattle agent pods and kubeapi auth pods" 
This reverts commit 26d10514d8.
 2019-03-13 20:56:34 -07:00
galal-hussein
26d10514d8 Restart Cattle agent pods and kubeapi auth pods 2019-03-13 20:49:27 -07:00