A new environment variable RKE_ADMISSION_CONFIG_CHECKSUM whose value is the checksum of the content of the admission configuration file is added to the env list that is set in the `kube-apiserver` container configuration, so any changes in the admission configuration file will result in a change in the container's configuration. RKE will detect the changes during reconciliation and therefore restart the kube-apiserver container on all CP nodes. The upgrade cadence is thresholded by the upgrade strategy in the cluster.
This PR also drops the unnecessary appending of env var to the cluster object which shows in the cluster.rkestate file.
Signed-off-by: Jiaqi Luo <6218999+jiaqiluo@users.noreply.github.com>
A new environment variable RKE_ADMISSION_CONFIG_CHECKSUM whose value is the checksum of the content of the admission configuration file is added to the env list that is set in the `kube-apiserver` container configuration, so any changes in the admission configuration file will result in a change in the container's configuration. RKE will detect the changes during reconciliation and therefore restart the kube-apiserver container on all CP nodes. The upgrade cadence is thresholded by the upgrade strategy in the cluster.
This PR also drops the unnecessary appending of env var to the cluster object which shows in the cluster.rkestate file.
Signed-off-by: Jiaqi Luo <6218999+jiaqiluo@users.noreply.github.com>
RKE will panic if we enable rotate_encryption_key but disable secrets_encryption_config when creating a cluster. The panic happens because RKE tries to use the rkeConfig, which does not exist. The rkeConfig will be made after the rke up command succeeds.
Solution:
Skip the rotateEncryptionKey operation when creating a new cluster. Also, In this case, keys are just made for the first time, so there is no need to rotate them.
If restore flag is set to true on RKEConfig, the reconcileCluster flag in
ClusterUp should not be set to true, so that DeployControlPlane and DeployWorkerPlane
call the non-zero downtime upgrade functions RunControlPlane and RunWorkerPlane respectively
RKE does a cluster scan to find the unreachable hosts, and if that number
is same as or exceeds maxUnavailable, upgrade won't proceed.
This commit introduces a label users can provide for their nodes so they
don't get counted as unavailable and are excluded from upgrade.
This commit also includes a couple of bug fixes
remove extra cert generation for etcd in reconcile
fix reconcile and etcd add and remove cluster state with rke remove
fix add/remove issues
Fix the up command
Fix default paths for kubeconfig and rkestate
