rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-07-31 06:49:54 +00:00
Code Issues Releases Wiki Activity
1,620 Commits 44 Branches 748 Tags 740 MiB
51a6b50a84
Commit Graph

598 Commits

Author SHA1 Message Date
Murali Paluru
b7140ab74b change the apiVersion of eventratelimit 2020-01-30 19:14:34 -08:00
Darren Shepherd
25e7f98777 Use eventratelimit from rancher/types 2020-01-23 16:04:43 -07:00
Sebastiaan van Steenis
23e98603bd Determine etcd s3 snapshots by s3 config presence 2020-01-20 18:43:35 +01:00
Luca Berneking
1baa4b2efc Fix log output of full-cluster-state configmap name 
This PR corrects the log output during `rke up`.
The output still contains the legacy configmap name `cluster-state`.
The new cluster state is saved in `full-cluster-state`.
 2020-01-09 14:50:42 +01:00
Sebastiaan van Steenis
ecc658b004
Merge pull request #1845 from superseb/debug_svcoptions 
Add debug logging for serviceoptions
 2020-01-02 12:29:11 +01:00
Brenda Rearden
078f11b8a6 Change MTU from string to int 2019-12-23 14:10:50 -07:00
Sebastiaan van Steenis
1bcaefdacc Add debug logging for serviceoptions 2019-12-20 14:42:06 +01:00
Benjamin S. Allen
4f2c87fcd0 Remove the prefixPath from the /lib/modules bind mount for kube-proxy IPVS support 2019-12-17 14:10:38 -08:00
Sebastiaan van Steenis
3ac9cad743 Add ability to set MTU for CNI 2019-12-11 13:34:34 -08:00
kinarashah
790a8858f9 respect metadata's service options for etcd 2019-12-09 10:09:16 -08:00
Sebastiaan van Steenis
6b68be717a Deploy cloud-config file while contents are empty 2019-12-05 10:51:14 -08:00
Prachi Damle
5cf3f1c161 Revert mounting modules for windows 2019-12-04 16:29:59 -08:00
Alena Prokharchyk
2bc68c7118 Correct system image for etcd snapshot removal 
when removal is executed as a part of restoration
 2019-12-03 15:58:31 -08:00
Murali Paluru
b9900f3b9c change enc provider arg, update defaults for audit log config 2019-11-21 14:08:33 -08:00
Murali Paluru
843e14135f add null check for audit log config 2019-11-15 14:25:03 -08:00
Murali Paluru
b649664af8 add admission control config file arg, enable plugin 2019-11-15 14:25:03 -08:00
rajashree
c31ee1eb4b Handle unmarshal of ingressConfig's k8s native fields separately 
IngressConfig fields ExtraEnvs, ExtraVolumes and ExtraVolumeMounts are k8s types.
The yaml unmarshal done in ParseConfig can't unmarshal these properly because they have
nested fields without yaml tags. This commit adds logic to unmarshal
these fields separately so all nested fields get unmarshaled too.
 2019-11-15 10:54:07 -08:00
rajashree
9c1c0ea999 Accept extraEnv, volumes and volumeMounts for ingress addon 
The fields for ExtraEnv, extraVolumes and extraVolumeMounts for ingress
addon refer the k8s native types EnvVar, Volume and VolumeMounts.
The k8s native types have json tags, so this commit adds a template func to
first marshal and get json encoding and then convert to yaml.
 2019-11-14 10:54:00 -08:00
Alena Prokharchyk
6bc2e1e8f8 Restart api/rewrite secrets on config change 2019-11-05 09:34:46 -08:00
Alena Prokharchyk
5eaf28372b Ability to disable custom encryption 2019-11-05 09:34:46 -08:00
Sebastiaan van Steenis
adc5941fd9 Add per node kubelet server certificate 2019-10-31 15:56:44 -07:00
Murali Paluru
e811e18fb3 review comments, build failure fixes 2019-10-31 13:48:44 -07:00
Murali Paluru
bf8688e709 auditlog and eventratelimit changes 2019-10-31 13:48:44 -07:00
Prachi Damle
a1ec25375c Bind mount for ipvs provxy mode 2019-10-29 15:03:44 -07:00
moelsayed
372393ac1b Add Secret Encryption Provider Support 2019-10-29 14:10:32 -07:00
kinarashah
b9bb53ace6 fix applying AlwaysPullImages to commandArgs 
Earlier we checked for AlwaysPullImages only if PodSecurityPolicy
is true clause, need both checks separately.
 2019-10-22 21:48:23 -07:00
Dax McDonald
4579431ece Catch error on setNetworkOptions 2019-10-22 21:37:34 -07:00
Sebastiaan van Steenis
7c4c1324f9 Provide IP for kube-proxy if cloudprovider is set 
If cloudprovider is set (not empty), set the bind address because the node will not be able to retrieve it's IP address because the nodename could be set by the cloud provider (e.g. AWS and Openstack)
 2019-10-18 09:24:02 -07:00
Dax McDonald
ad678b6a32 Remove dead code 2019-10-04 15:02:14 -07:00
Dax McDonald
8022b815b3 Remove uneeded nil check 2019-10-04 15:01:53 -07:00
Rowan James
9a03d8020b fix typo: ControlPlan -> ControlPlane 2019-10-03 12:30:04 -07:00
Sebastiaan van Steenis
14827e2cdf Print proxy env vars when applying authz resources 2019-09-20 09:16:30 -07:00
Frank Mai
f45fc47dca Adjust Windows worker plan 
**Issue:**
https://github.com/rancher/rancher/issues/22676
 2019-09-17 12:02:22 -07:00
Dan Ramich
ecfab50fce Update apis for 1.16 2019-09-09 11:20:26 -07:00
kinarashah
9411027476 consider service options based on hostOS info 2019-09-09 11:12:33 -07:00
Frank Mai
0a170b22b7 Support to accpet new Windows service options 
**Issue:**
https://github.com/rancher/rancher/issues/22470
 2019-09-05 17:05:34 -07:00
chentanjun
11c49ae59f fix-up cluster/cluster.go main.go spelling-mistake 2019-09-03 12:45:20 -07:00
galal-hussein
798632b3a4 Handle missing request header ca in rotate certificate 2019-08-29 13:42:47 -07:00
rajashree
1b4f7939f1 Add nodeSelector in network and monitoring addons 2019-08-29 11:29:57 -07:00
Chris Kim
5cb6699fe3 Adding DNS Policy support for nginx ingress controller 2019-08-23 16:04:52 -07:00
galal-hussein
c5fefd5c77 Add k8s 1.16 2019-08-23 09:50:49 -07:00
orangedeng
0ef3c0849a Support node taint configuration 
**Problem:**
We can not set node taints in RKE node config.

**Solution:**
Sync taints from config in `SyncLabelsAndTaints` function
 2019-08-22 21:09:05 -07:00
Sebastiaan van Steenis
ac16bd8b33 Configure MCS labels if selinux is enabled 2019-08-22 13:45:04 -07:00
Frank Mai
277797df0f Support to generate Windows worker plan 
- Put Windows worker plan generating back to reduce the changing from
Windows on rancher/rancher
- Prepare for rke bootstraps Windows cluster

**Issue:**
https://github.com/rancher/rancher/issues/16460
 2019-08-21 20:50:31 -07:00
galal-hussein
9c5de9f577 Handle etcd changing its public IP address 2019-08-21 11:47:42 -07:00
Sebastiaan van Steenis
c3e9492716 Print original error regarding kubeconfig 2019-08-21 11:47:08 -07:00
kinarashah
734c651f16 remove support for default versioned templates 2019-08-20 13:59:03 -07:00
moelsayed
06e87ebabb Remove uncompressed snapshot after restore 2019-08-20 12:50:25 -07:00
Darren Shepherd
f8bac2c059 Update to new certs package since latest k8s dropped it 2019-08-19 11:02:43 -07:00
Dan Ramich
4902cf71d9
Merge pull request #1539 from superseb/fixcalicolabels 
Use correct labels to delete calico pods
 2019-08-14 10:15:58 -07:00
Denise
0c405cdc88 Revert "Handle changing public ip for etcd member delete" 
This reverts commit b5d7f5dcd4.
 2019-08-12 11:51:20 -07:00
Rodrigue Cloutier
aff29683b2 Fixed issue 1404: Support of configuration with no node with etcd role 2019-08-09 11:14:10 -07:00
moelsayed
a3e7bef8cd Fix ingress deployment issue with PSP enabled 2019-08-09 11:11:58 -07:00
galal-hussein
b5d7f5dcd4 Handle changing public ip for etcd member delete 2019-08-09 11:07:30 -07:00
Sebastiaan van Steenis
f1cdff2a3e Use correct labels to delete calico pods 2019-08-08 20:35:26 +02:00
Sebastiaan van Steenis
3f94e86706 Revert "Add per node kubelet server certificate" 
This reverts commit b860e634db.
 2019-08-08 09:49:47 -07:00
Sebastiaan van Steenis
b860e634db Add per node kubelet server certificate 2019-07-31 14:54:43 -07:00
moelsayed
fd237d9eef Fix constant kubeapi certificate regeneration 2019-07-31 14:52:46 -07:00
moelsayed
688d4aedd7 support etcd custom uid/gid 2019-07-29 17:24:16 -07:00
galal-hussein
2bc960a01c Add kubeapi proxy cluster role and role binding 2019-07-25 14:16:26 -07:00
kinarashah
b018c756b1 read serviceOptions from minor version first 2019-07-19 13:25:42 -07:00
kinarashah
217e1b41b8 generate correct default rketools 
always use rke's default k8s's rke-tools, even if rancher's default k8s
changes. This is based on assumption that change in rke-tools would also
require a new rke version.
 2019-07-18 14:48:48 -07:00
galal-hussein
55b1b4db7c use healthz endpoint for kubelet healthcheck 2019-07-18 14:22:07 -07:00
moelsayed
17320083e9 Use etcd service extra_env in backup containers 2019-07-17 16:42:26 -07:00
Sebastiaan van Steenis
958042817a Add Calico controller image for 3.7.4 2019-07-16 12:57:46 -07:00
moelsayed
7b5797ce18 reconcile node roles 2019-07-11 14:27:55 -07:00
moelsayed
058f196e72 Fix worker/controlplane reconcile logic 2019-07-11 14:27:55 -07:00
Sebastiaan van Steenis
63b6ece7b9 Check if certificates are present in state 
Problem: If certificates are empty in cluster state (or missing rkestate file), RKE and Rancher would throw NPE.

Solution: Check if certificates are present or error out (for now this situation needs manual intervention)
 2019-07-11 14:27:41 -07:00
kinarashah
f360207416 move metadata init to InitClusterObject 2019-07-08 15:40:31 -07:00
kinarashah
116b47b025 rancher pass serviceoptions and addon templates to rke 2019-07-03 10:04:27 -07:00
kinarashah
c191ed6202 use k8s version info from kontainer-driver-metadata 2019-07-03 10:04:27 -07:00
Sebastiaan van Steenis
42c097275a Add stubdomains to kube-dns 2019-07-01 09:43:31 -07:00
moelsayed
2c907f9f21 rename EndpointCA 2019-06-25 14:17:53 -07:00
Sebastiaan van Steenis
9985bc8bae Add k8s 1.15 2019-06-25 10:41:27 -07:00
moelsayed
38c31b9766 Add option to pass custom CA certificate for S3 backend 2019-06-20 15:00:00 -07:00
galal-hussein
ffa42ab900 fix file permissions 2019-06-18 12:52:42 -07:00
Sebastiaan van Steenis
88768e2527 CoreDNS default DNS provider for k8s 1.14 and up 2019-06-14 11:50:46 -07:00
Sebastiaan van Steenis
ae44a9510f Format user addon YAML before concat 2019-06-11 12:52:44 -07:00
kinarashah
1a1080a234 always use DefaultRKETools for etcd snapshot 2019-06-11 12:52:25 -07:00
galal-hussein
870c073c10 Use Internal Addresses to sort the etcd connection string 2019-05-31 09:48:35 -07:00
Zhaofeng Li
cc3c03746f Use the node's architecture to build etcd process 
This allows for mixed-architecture etcd clusters.
 2019-05-30 03:41:59 -07:00
Erik Wilson
581e3389c4 Reorder etcd servers list 2019-05-28 09:50:29 -07:00
Erik Wilson
e2f7f865ed Force deploy certs if etcd cert was changed 2019-05-24 09:12:39 -07:00
Alena Prokharchyk
f409da01bd Revert "Do preliminary KubeAPI port check using HTTP. Resolves rancher#1256." 
This reverts commit 9c94d6525d.
 2019-05-24 09:12:13 -07:00
jlamillan
9c94d6525d Do preliminary KubeAPI port check using HTTP. Resolves rancher#1256. 2019-05-22 10:25:36 -07:00
kinarashah
5f4cff3f4c remove PersistentVolumeLabel controller 
deprecated post 1.11
 2019-05-08 12:11:44 -07:00
Sebastiaan van Steenis
1127a90a9c Add correct env vars if etcd 3.3 is used 2019-05-02 09:46:26 -07:00
Frank Mai
471146b25c Support to config Flannel backend 
- Add `flannel_backend_port` and `canal_flannel_backend_port` to config
the port of Flannel
- Add `flanneld_backend_vni` and `canal_flannel_backend_vni` to config
the VxLan network identify of Flannel
 2019-04-29 09:29:13 -07:00
Sebastiaan van Steenis
5660fd44d3 Added onetime container and active running checks 2019-04-24 16:56:17 -07:00
galal-hussein
7744f18d6e Force deploy certificates if kubeapi cert got changed 2019-04-24 16:54:19 -07:00
Sebastiaan van Steenis
765746fc77 Correct log messages for file-deployer 2019-04-24 16:54:02 -07:00
galal-hussein
7a0406c44f Check legacy state if kubeconfig doesnt exist 2019-04-23 16:43:07 -07:00
Jan B
9679aca20c Fix: kube-proxy not mounting /run/xtables.lock leading to racy iptables access 
kube-proxy and other processes invoking iptables (e.g. flannel, weave) must share the host fs `/run/xtables.lock` to prevent concurrent access to iptables resulting in errors like "iptables: Resource temporarily unavailable".
 2019-04-17 11:20:04 -07:00
galal-hussein
de0a1d6948 Fix fetching state with prefix path from nodes 2019-04-09 14:56:51 -07:00
jlamillan
d9f2a41e5a Prepend 3 dashes at the beginning of addon YAMLs if missing. Resolves #1251. 2019-04-08 15:35:53 -07:00
Sebastiaan van Steenis
e1d0899efe Show correct filename for webhook auth config file 2019-04-08 15:27:01 -07:00
Sebastiaan van Steenis
21f3a3eff9 Add k8s 1.14 2019-04-05 15:45:19 -07:00
moelsayed
06b709e888 Add RemoveEtcdSnapshot 2019-04-05 13:51:08 -07:00
galal-hussein
3bc6b0a18f Fix desired state in rke rotate 2019-04-03 16:39:21 -07:00
galal-hussein
6341dadc2f Return empty config if bearer token is present 2019-04-02 12:48:52 -07:00
Frank Mai
d2783a9298 Change controllerMgr & scheduler listening address 
**Problem:**
For now, Monitoring cannot scrape metrics from controllerMgr & scheduler

**Solution:**
Change listening address to `0.0.0.0`

**Issue:**
https://github.com/rancher/rancher/issues/17922
 2019-03-19 21:00:09 -07:00
galal-hussein
d3d107a09a Restart cluster agent pod in rotate certs 2019-03-19 12:49:20 -07:00
galal-hussein
32e1071041 Handle missing service account token key when fetching certs from nodes 2019-03-19 08:52:08 -07:00
galal-hussein
c1372bc797 Fetch certificates and state from nodes for legacy cluster 2019-03-18 12:59:52 -07:00
moelsayed
3302099643 Fix backupConfig defaults 2019-03-18 10:35:04 -07:00
galal-hussein
6f6f2c4b90 Restart Kubeapi auth pod 2019-03-13 21:27:40 -07:00
galal-hussein
d9e0a9d749 Revert "Restart Cattle agent pods and kubeapi auth pods" 
This reverts commit 26d10514d8.
 2019-03-13 20:56:34 -07:00
galal-hussein
26d10514d8 Restart Cattle agent pods and kubeapi auth pods 2019-03-13 20:49:27 -07:00
moelsayed
f145eb39b4 Handle mixed providers 2019-03-13 20:35:53 -07:00
Alena Prokharchyk
ac048d30b0 Handle dnsconfig being a pointer 2019-03-12 20:57:22 -07:00
moelsayed
5d1084ad80 Don't disable all backups based on backup flag 2019-03-11 19:04:56 -07:00
jianghang8421
b6d90f4110 Convert aarch64 to arm64 for ETCD_UNSUPPORTED_ARCH env var 2019-03-11 16:20:41 -06:00
galal-hussein
2696b88dfc Upgrade legacy kubeapi service 2019-03-08 19:42:39 -08:00
moelsayed
1e34a7c5fa Add BackupConfig Enabled flag 2019-03-08 14:22:10 -08:00
loganhz
efab83d804 Always set ETCD_UNSUPPORTED_ARCH 2019-03-08 14:09:39 -07:00
jianghang8421
8a219b5c50 Support deploying arm64 k8s and modify cross build script 2019-03-08 14:09:39 -07:00
galal-hussein
cbb7b65643 Fix restart pods for weave plugin 2019-03-07 10:55:57 -08:00
galal-hussein
2aac0e475f Regenerate requestheader ca for legacy clusters 2019-03-06 11:58:24 -08:00
moelsayed
e3d6fb4db9 Restore backup to a new etcd plane 2019-03-06 09:22:52 -08:00
galal-hussein
1926fee1eb Fix weave configmap key 2019-03-05 11:31:05 -08:00
moelsayed
b80785e75e Ensure certs are availaible for restore 2019-03-03 09:14:36 -08:00
galal-hussein
9d85116568 Modify kubernetes version check to allow upgrade 2019-03-01 11:11:16 -08:00
moelsayed
05d19122ac Handle missing backups 2019-02-27 14:46:25 -08:00
moelsayed
eb6116dded Fix versioned templates version check 2019-02-26 15:26:16 -08:00
Sebastiaan van Steenis
40cd80a208 Add node selector for DNS providers 2019-02-20 10:56:36 -08:00
galal-hussein
947b7eeaad Fix Kubedns provider name 2019-02-19 14:07:34 -08:00
moelsayed
f8b6131dd2 Use supported rke-tools for backup and restore in legacy clusters 2019-02-15 14:25:04 -08:00
galal-hussein
30661bc429 Add retries in reconcile when delete hosts 2019-02-15 14:13:46 -08:00
Sebastiaan van Steenis
23aebac488 Add AWS cloudprovider config 2019-02-12 09:10:55 -08:00
orangedeng
642970feb2 Use initContainer for nginx ingress if it is old version 
**Problem:**
The nginx ingress daemonSet securityContext can not be applied to
version before 0.16.0

**Solution:**
When the nginx controller version is older than 0.16.0, we use the old
way to set it up.
 2019-01-29 14:27:30 -08:00
moelsayed
285ac8d81c Automatically sync local backups 2019-01-28 15:27:58 -08:00
galal-hussein
fa332f7e07 Revert "revert to skip network plugin port checks of udp port" 
This reverts commit ea4b16b116.

Revert "Add port checks for network plugins"
This reverts commit c73a58d45c.
 2019-01-28 11:12:42 -08:00
Guangbo Chen
ea4b16b116 revert to skip network plugin port checks of udp port 2019-01-28 09:48:06 -08:00
galal-hussein
860058e878 Check if etcd is healthy before running kubeapi 2019-01-25 16:00:04 -08:00
Mark Lee
c0ee3327ba advertise address on kube-apiserver by internal_address 2019-01-25 11:23:14 -08:00
Sebastiaan van Steenis
4cbca1e90a Add CoreDNS as addon 2019-01-25 11:12:46 -08:00
Guangbo Chen
c73a58d45c Add port checks for network plugins 2019-01-24 13:29:26 -08:00
galal-hussein
f53e30adec Add disable option for metrics server 2019-01-24 12:15:47 -08:00
Jason Greathouse
a64e8f64fb honor kubernetes_version setting 2019-01-24 11:34:07 -08:00
galal-hussein
556e5bb678 Avoid creating dangling volumes with rke tools 2019-01-21 12:38:58 -08:00
moelsayed
cf037b1ed6 Allow local backup for rancher 2019-01-15 10:07:18 -08:00
galal-hussein
82fa8d6305 Add restart components to custom certs 2019-01-14 11:51:11 -08:00
Jason Greathouse
6d36ba86e9 AlwaysPullImages admission plugin option 2019-01-09 11:49:33 -08:00
galal-hussein
9ee750ec01 Adding csr generation and custom certs 2019-01-09 11:47:53 -08:00
galal-hussein
e79da956e9 Update rke to v1.13 and add versioned templates for calico and canal 2019-01-08 13:52:40 -08:00
Jason Greathouse
7afa6e927e update k8s defaults, CIS recommendations 2019-01-07 12:07:46 -08:00
moelsayed
2bf2cd8f5b Don't remove Ready nodes during restore 2019-01-04 14:26:40 -08:00
Guangbo Chen
9cfe5661d8 add etcd s3 uploading and downloading snapshot feature 2019-01-04 13:54:14 -08:00
Erik Wilson
e04b7d4413 Add support for Kubernetes API Authn Webhook 
Allow multiple authn strategies to be defined, including new 'webhook'
strategy. Webhook strategy configuration contains the contents of the
authentication webhook file as well as the cache timeout period.

This change allows a Kubernetes API Auth service to authenticate
user requests without proxying through the Rancher server.
 2019-01-03 17:15:23 -07:00
galal-hussein
3c6c7f1b7b Run rebuild cluster certs from clusterup 2018-12-20 14:04:47 -08:00