rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-04-27 11:21:08 +00:00
Code Issues Releases Wiki Activity
1,620 Commits 78 Branches 723 Tags 658 MiB
51a6b50a84
Commit Graph

155 Commits

Author SHA1 Message Date
Sebastiaan van Steenis
51a6b50a84
Revert "Do not rewrite SELinux labels on volume mounts" 2021-07-29 08:59:54 +02:00
Sebastiaan van Steenis
a4bebdb8bb Add support for enabling cri-dockerd 2021-06-08 19:05:54 +02:00
Sebastiaan van Steenis
ca8cc62303
Merge pull request #2541 from superseb/no_selinux_relabel 
Do not rewrite SELinux labels on volume mounts
 2021-05-31 15:06:19 +02:00
Sebastiaan van Steenis
88a4d73e79
Merge pull request #1372 from zhaofengli/mixed-arch-etcd-cluster 
Use the node's architecture to build etcd process
 2021-05-31 10:44:31 +02:00
Sebastiaan van Steenis
9757be753f Do not rewrite SELinux labels on volume mounts 2021-05-18 22:22:40 +02:00
Sebastiaan van Steenis
56b1c16e9f Add stricter TLS cipher for etcd v3.4.15 and up 2021-04-05 13:21:55 +02:00
Sebastiaan van Steenis
5e50b51b13 Add auditlog checksum to trigger restart on update 2021-01-27 10:32:57 +01:00
Sebastiaan van Steenis
b3ca1f8327 Don't advertise etcd port 4001 in v3.4.13 and up 2020-09-23 09:27:51 -07:00
Vincent Batts
d77ee0d53f
cluster/plan: don't relabel /lib/modules by default 
As this logic went, it would relabel /lib/modules, except on enterprise
linux and when SELinux is enabled (even just permisive).

Flatcar Container Linux defaults to SELinux on, but permisive, and
`/lib/modules/` is a symlink to the read-only `/usr`.
So `./rke up` would fail on attempting to relabel /usr.

The prior work around is to set `SELINUX=disable` in
/etc/selinux/config.

Signed-off-by: Vincent Batts <vbatts@kinvolk.io>
 2020-08-21 16:17:00 -04:00
Luther Monson
23d2341172 updates for prefix path 2020-08-20 13:40:21 -07:00
Luther Monson
7d6181a290 add win_ params for prefix path, env, args and binds 
Problem: When building a hybrid cluster with windows nodes there is only
a single set of overrides you can use per service. This limits
configuring the node as service args and prefix_path sometimes need to
be specific for the different OS.
Solution: Add support for `win_` prefixed parameters for cluster level
`path_prefix` and service level `extra_args`, `extra_env` and
`extra_binds`. Params will work as before, passing in the non `win_`
prefixed params, IF you set the `win_` prefixed params it willy only use
those meaning you will need to duplicate the params in both config
sections of your rke cluster yaml.
 2020-08-20 13:39:57 -07:00
Darren Shepherd
c405e6ea1b Remove references to rancher/types 2020-07-11 23:29:33 -07:00
Sebastiaan van Steenis
80d7dcc6e9 Revert kubelet fix as Docker 19.03.9 has fix 2020-06-09 19:20:30 +02:00
Sebastiaan van Steenis
0c063587ec Dont relabel volumes on upstream Docker & SELinux 2020-05-19 21:50:24 +02:00
kinarashah
ef34e40165 log service options data in trace 2020-03-26 10:03:41 -07:00
Sebastiaan van Steenis
31a3005733 Add support for nodelocal DNS 2020-03-03 18:09:18 +01:00
kinarashah
12f88f55db error out if service options are not found 
it's unexpected to see empty service options, but node plan shouldn't be generated
in those scenarios
 2020-02-28 11:21:41 -08:00
Sebastiaan van Steenis
1bcaefdacc Add debug logging for serviceoptions 2019-12-20 14:42:06 +01:00
Benjamin S. Allen
4f2c87fcd0 Remove the prefixPath from the /lib/modules bind mount for kube-proxy IPVS support 2019-12-17 14:10:38 -08:00
kinarashah
790a8858f9 respect metadata's service options for etcd 2019-12-09 10:09:16 -08:00
Prachi Damle
5cf3f1c161 Revert mounting modules for windows 2019-12-04 16:29:59 -08:00
Murali Paluru
b9900f3b9c change enc provider arg, update defaults for audit log config 2019-11-21 14:08:33 -08:00
Murali Paluru
b649664af8 add admission control config file arg, enable plugin 2019-11-15 14:25:03 -08:00
Sebastiaan van Steenis
adc5941fd9 Add per node kubelet server certificate 2019-10-31 15:56:44 -07:00
Murali Paluru
bf8688e709 auditlog and eventratelimit changes 2019-10-31 13:48:44 -07:00
Prachi Damle
a1ec25375c Bind mount for ipvs provxy mode 2019-10-29 15:03:44 -07:00
moelsayed
372393ac1b Add Secret Encryption Provider Support 2019-10-29 14:10:32 -07:00
kinarashah
b9bb53ace6 fix applying AlwaysPullImages to commandArgs 
Earlier we checked for AlwaysPullImages only if PodSecurityPolicy
is true clause, need both checks separately.
 2019-10-22 21:48:23 -07:00
Sebastiaan van Steenis
7c4c1324f9 Provide IP for kube-proxy if cloudprovider is set 
If cloudprovider is set (not empty), set the bind address because the node will not be able to retrieve it's IP address because the nodename could be set by the cloud provider (e.g. AWS and Openstack)
 2019-10-18 09:24:02 -07:00
Frank Mai
f45fc47dca Adjust Windows worker plan 
**Issue:**
https://github.com/rancher/rancher/issues/22676
 2019-09-17 12:02:22 -07:00
Dan Ramich
ecfab50fce Update apis for 1.16 2019-09-09 11:20:26 -07:00
kinarashah
9411027476 consider service options based on hostOS info 2019-09-09 11:12:33 -07:00
Sebastiaan van Steenis
ac16bd8b33 Configure MCS labels if selinux is enabled 2019-08-22 13:45:04 -07:00
Frank Mai
277797df0f Support to generate Windows worker plan 
- Put Windows worker plan generating back to reduce the changing from
Windows on rancher/rancher
- Prepare for rke bootstraps Windows cluster

**Issue:**
https://github.com/rancher/rancher/issues/16460
 2019-08-21 20:50:31 -07:00
Sebastiaan van Steenis
3f94e86706 Revert "Add per node kubelet server certificate" 
This reverts commit b860e634db.
 2019-08-08 09:49:47 -07:00
Sebastiaan van Steenis
b860e634db Add per node kubelet server certificate 2019-07-31 14:54:43 -07:00
moelsayed
688d4aedd7 support etcd custom uid/gid 2019-07-29 17:24:16 -07:00
kinarashah
b018c756b1 read serviceOptions from minor version first 2019-07-19 13:25:42 -07:00
galal-hussein
55b1b4db7c use healthz endpoint for kubelet healthcheck 2019-07-18 14:22:07 -07:00
kinarashah
116b47b025 rancher pass serviceoptions and addon templates to rke 2019-07-03 10:04:27 -07:00
kinarashah
c191ed6202 use k8s version info from kontainer-driver-metadata 2019-07-03 10:04:27 -07:00
Sebastiaan van Steenis
9985bc8bae Add k8s 1.15 2019-06-25 10:41:27 -07:00
galal-hussein
870c073c10 Use Internal Addresses to sort the etcd connection string 2019-05-31 09:48:35 -07:00
Zhaofeng Li
cc3c03746f Use the node's architecture to build etcd process 
This allows for mixed-architecture etcd clusters.
 2019-05-30 03:41:59 -07:00
Erik Wilson
581e3389c4 Reorder etcd servers list 2019-05-28 09:50:29 -07:00
kinarashah
5f4cff3f4c remove PersistentVolumeLabel controller 
deprecated post 1.11
 2019-05-08 12:11:44 -07:00
Sebastiaan van Steenis
1127a90a9c Add correct env vars if etcd 3.3 is used 2019-05-02 09:46:26 -07:00
Jan B
9679aca20c Fix: kube-proxy not mounting /run/xtables.lock leading to racy iptables access 
kube-proxy and other processes invoking iptables (e.g. flannel, weave) must share the host fs `/run/xtables.lock` to prevent concurrent access to iptables resulting in errors like "iptables: Resource temporarily unavailable".
 2019-04-17 11:20:04 -07:00
Sebastiaan van Steenis
21f3a3eff9 Add k8s 1.14 2019-04-05 15:45:19 -07:00
Frank Mai
d2783a9298 Change controllerMgr & scheduler listening address 
**Problem:**
For now, Monitoring cannot scrape metrics from controllerMgr & scheduler

**Solution:**
Change listening address to `0.0.0.0`

**Issue:**
https://github.com/rancher/rancher/issues/17922
 2019-03-19 21:00:09 -07:00