rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-07-19 01:36:32 +00:00
Code Issues Releases Wiki Activity
2,119 Commits 42 Branches 742 Tags 732 MiB
adaec2efa7
Commit Graph

667 Commits

Author SHA1 Message Date
Kinara Shah
87ec65644a Revert "fix error handling" 
This reverts commit c8a73fd90d.
 2022-04-27 22:38:02 +05:30
Harrison Affel
fbac9aa8f9 add fields ExtraArgsArray and WindowsExtraArgsArray 2022-04-22 10:09:38 -04:00
Rayan Das
c8a73fd90d fix error handling 2022-04-19 20:37:34 +05:30
Rayan Das
3840eb5e5a added logic which will reapply user addons after cluster upgrade 2022-04-08 18:25:38 +05:30
Kinara Shah
ddcd9cd2c0 fix auth kubeconfig not passed to kube-scheduler args 2022-03-15 11:05:36 -07:00
Kinara Shah
f7b293b7ae update scheduler healthcheck port for k8s 1.23 2022-03-03 10:25:05 -08:00
Kinara Shah
eb8b278bcd delete hostname-override for aws cloud provider 
aws cloud provider assigns private dns as the node name,
don't override it since it cannot be changed.
 2022-01-10 09:35:26 -08:00
Sebastiaan van Steenis
6833df8631 Set 'watch-ingress-without-class: true' as default 2021-12-10 20:12:30 +01:00
Kinara Shah
5ac34a1f41 pass authorization-kubeconfig and authentication-kubeconfig for 1.22 
controller manager must start with proper authorization and
authentication kubeconfig in args starting 1.22. k8s 1.22 has
disabled insecure serving for kube controller manager.
 2021-12-03 17:19:47 -08:00
Sebastiaan van Steenis
0cea67e9ff Do not rewrite SELinux labels on volume mounts 2021-11-19 22:39:56 +01:00
Raúl Sánchez
1ae89e56c3
Merge pull request #2701 from rawmind0/encryption13 
Update cluster.parseCustomConfig function to proper decode custom EncryptionConfiguration
 2021-11-11 22:40:56 +01:00
Sebastiaan van Steenis
69dbe30b46
Merge pull request #2729 from superseb/v13_v122 
[release/v1.3] Add compatibility with k8s v1.22
 2021-11-11 17:55:35 +01:00
Kinara Shah
594296bb10 update etcd client to use both v3 and v2 
v3 for >=1.22, v2 otherwise
 2021-11-08 09:50:17 -08:00
Sebastiaan van Steenis
546a61b24a Add compatibility with k8s v1.22 2021-11-04 16:50:58 +01:00
rawmind0
0404dba56d Update cluster.parseCustomConfig function to proper decode custom EncryptionConfiguration 2021-09-21 23:33:20 +02:00
Gaurav Mehta
a618da802b Changed Credential Helper to a predefined type ECRCredentialHelper and associated changes for the same 2021-08-19 15:21:10 -07:00
rawmind0
12c1a8b260 Updated nginx ingress addon to remove admission batch jobs if they exist 2021-08-16 14:29:00 +02:00
Sebastiaan van Steenis
8c7d8d8570
Merge pull request #2624 from rancher/revert-2541-no_selinux_relabel 
Revert "Do not rewrite SELinux labels on volume mounts"
 2021-08-02 18:19:42 +02:00
Sebastiaan van Steenis
0f9d7911b1 Set ingress to hostport in k8s 1.21 and up 2021-07-30 20:15:07 +02:00
Sebastiaan van Steenis
51a6b50a84
Revert "Do not rewrite SELinux labels on volume mounts" 2021-07-29 08:59:54 +02:00
Sebastiaan van Steenis
22b82828ff
Merge pull request #2599 from superseb/ingress_webhook 
Validate Ingress Webhook and pass to template
 2021-07-06 22:53:46 +02:00
Sebastiaan van Steenis
963f59b009
Merge pull request #2262 from ibrokethecloud/ecr-helper 
ecr credential plugin
 2021-07-06 22:35:03 +02:00
Sebastiaan van Steenis
0650395889
Merge pull request #2596 from chaudhryfaisal/CustomCertsEncryptionConfig 
set EncryptionConfig on DesiredState when using CustomCerts
 2021-07-06 22:27:29 +02:00
Sebastiaan van Steenis
97c4b102ce Validate Ingress Webhook and pass to template 2021-07-06 12:11:59 +02:00
Gaurav Mehta
723dd7c670 Initial commit for adding ecr credential plugin 2021-07-05 10:16:44 +10:00
Faisal Chaudhry
441d06df32 set EncryptionConfig on DesiredState when using CustomCerts 2021-07-02 10:01:32 -04:00
Sebastiaan van Steenis
c5efcaeb0c Make it possible to configure dualstack 2021-07-01 19:02:46 +02:00
Sebastiaan van Steenis
a4bebdb8bb Add support for enabling cri-dockerd 2021-06-08 19:05:54 +02:00
Sebastiaan van Steenis
ff49352399
Merge pull request #2564 from superseb/golangcilint_v0401 
Use golangci-lint v1.40.1
 2021-06-08 18:28:53 +02:00
Sebastiaan van Steenis
a58605612e
Merge pull request #2520 from pmorillon/unset_proxy_env_vars_when_using_bastion 
Unset proxy env vars when using bastion
 2021-06-07 14:55:43 +02:00
Sebastiaan van Steenis
9c711e669c Use golangci-lint v0.40.1 2021-06-06 14:20:54 +02:00
Pascal Morillon
8b9385040f Unset proxy env vars when ssh bastion is configured with option ignore_proxy_env_vars 2021-05-31 16:49:01 +02:00
Sebastiaan van Steenis
ca8cc62303
Merge pull request #2541 from superseb/no_selinux_relabel 
Do not rewrite SELinux labels on volume mounts
 2021-05-31 15:06:19 +02:00
Sebastiaan van Steenis
88a4d73e79
Merge pull request #1372 from zhaofengli/mixed-arch-etcd-cluster 
Use the node's architecture to build etcd process
 2021-05-31 10:44:31 +02:00
Kinara Shah
bb0d38e303
Merge pull request #2536 from kinarashah/defaultbackend 
set ingress default backend to false for k8s 1.21+
 2021-05-21 09:57:17 -07:00
Sebastiaan van Steenis
04b71a9fd9
Merge pull request #2537 from superseb/etcdsave_statefile 
Dont deploy statefile if its not readable
 2021-05-21 11:06:48 +02:00
Sebastiaan van Steenis
9757be753f Do not rewrite SELinux labels on volume mounts 2021-05-18 22:22:40 +02:00
Sebastiaan van Steenis
738bda5fb6 Dont deploy statefile if its not readable 2021-05-18 07:24:57 +02:00
Kinara Shah
b2a9ebee75 set ingress default backend to false for k8s 1.21+ 2021-05-14 16:58:25 -07:00
Dan Ramich
d07658cf9b Encryption update 2021-05-14 10:11:17 -06:00
Sebastiaan van Steenis
b9a126c067
Merge pull request #2504 from superseb/etcd_v3415_ciphers 
Add stricter TLS cipher for etcd v3.4.15 and up
 2021-04-06 21:40:05 +02:00
Sebastiaan van Steenis
56b1c16e9f Add stricter TLS cipher for etcd v3.4.15 and up 2021-04-05 13:21:55 +02:00
Sebastiaan van Steenis
05e002bc08 Write kubeconfig/state with stricter permission 2021-03-07 12:41:31 +01:00
Steven Crespo
68453acb6e Add priority class name to addons 2021-02-06 16:46:39 -08:00
Kinara Shah
8c0a4d7f31
Merge pull request #2376 from superseb/add_auditlog_checksum 
Add auditlog checksum to trigger restart on update
 2021-01-27 15:00:35 -08:00
Sebastiaan van Steenis
5e50b51b13 Add auditlog checksum to trigger restart on update 2021-01-27 10:32:57 +01:00
rawmind0
1880404fc3 Added etcd snapshot timeout parameter 2021-01-22 18:35:13 +01:00
Sebastiaan van Steenis
e395badf82
Merge pull request #2412 from superseb/critical_addons 
Mark all default addons as critical
 2021-01-19 15:49:35 +01:00
Sebastiaan van Steenis
49a794c2de Mark all default addons as critical 2021-01-13 14:29:59 +01:00
Sebastiaan van Steenis
a68a64c0ce Add util command 2021-01-08 18:06:21 +01:00
Ryan Sanna
c14c39f8c5 reduce rewrite workers, add additional logging around secrets retrieval 2020-12-22 12:40:17 -07:00
Ryan Sanna
49e158a974
Revert "Revert "Encryption Key Rotation Changes"" 2020-12-14 11:51:46 -07:00
Ryan Sanna
92573270c7
Revert "Encryption Key Rotation Changes" 2020-12-09 13:49:27 -07:00
Ryan Sanna
e42ff49fec key rotation as part of ClusterUp, more robust secrets rewrite, improved logging 2020-12-08 12:00:32 -07:00
Nick Gerace
da6d9dcf9e Set default http backend to be optional 
Set default http backend to be optional for ingress nginx. It will be
enabled by default.
 2020-12-03 14:53:51 -05:00
Sebastiaan van Steenis
99af2bdf95
Merge pull request #2355 from superseb/add_tolerations 
Add tolerations option to addons
 2020-12-03 19:20:54 +01:00
Sebastiaan van Steenis
a1eaee0312
Merge pull request #2322 from superseb/retry_tcpportcheck 
Add retry to TCP port check
 2020-12-02 21:39:31 +01:00
Sebastiaan van Steenis
4e31add8fe Add tolerations option to addons 2020-11-26 17:29:46 +01:00
Kiran Shastri
4f062997bb Introduce ACI CNI network provider 
ACI CNI supports k8s versions 1.18+
Added template and arguments for ACI CNI
Disable cloud options for ACI.
Separate generated code into another commit

Signed-off-by: Kiran Shastri <shastrinator@gmail.com>
(cherry picked from commit e94c54005e)
 2020-11-17 15:29:03 -05:00
Sebastiaan van Steenis
a252645797 Add retry to TCP port check 2020-11-09 18:35:58 +01:00
Jacob Payne
04ea70ee3b updated NodeUpgradeStrategy.Drain to use pointer 2020-10-26 09:59:49 -07:00
kinarashah
8c3c618b63 set default ingress network mode for both rancher and rke 
Problem:
Setting defaults for ingress in parse logic works only for
rke standalone but not when rancher calls rke using ClusterUp.

Solution:
Setting them during the cluster defaults logic
 2020-10-24 13:09:38 +02:00
Sebastiaan van Steenis
16f3089220
Merge pull request #1911 from ibrokethecloud/master 
Allow addons.go to parse http and https ports for ingress controller
 2020-10-22 20:54:09 +02:00
Gaurav Mehta
5a63de09bc Updated cluster/addons.go to allow it to parse and send new http_port and https_ports to the ingress template 
Fixed up yaml import package

Updated rke ingress addon to support a new field hostNetwork. Users can use this now to run ingress controller on overlay network only

Ported additional ingress types changes into types/rke_types

Fixed linting errors related to variable names in addons.go and rke_types

Changed types for hostNetwork and http/https ports

Added validation to check http/https ports are different

Changed rke_types for additional spec in ingressConfig. Changed validation and default logic accordingly
 2020-10-21 19:00:04 +11:00
Sebastiaan van Steenis
422dfff0fd Check etcd cluster health after member delete 2020-09-29 13:53:45 +02:00
Sebastiaan van Steenis
b3ca1f8327 Don't advertise etcd port 4001 in v3.4.13 and up 2020-09-23 09:27:51 -07:00
Darren Shepherd
abf63e4a08 Fix panic when IgnoreDockerVersion is nil 2020-09-18 10:17:44 -07:00
Sebastiaan van Steenis
12b4dcaf59 Remove statefile for dind remove 2020-09-08 21:33:06 -07:00
Chris Kim
526ac7b065 Add CanalControllers to the systemImagesDefaultsMap 
Signed-off-by: Chris Kim <oats87g@gmail.com>
 2020-09-08 16:17:30 -07:00
Chris Kim
0522b664ac Add CanalControllers to support Canal v3.14.0+ 
Signed-off-by: Chris Kim <oats87g@gmail.com>
 2020-09-04 17:49:39 -07:00
Vincent Batts
d77ee0d53f
cluster/plan: don't relabel /lib/modules by default 
As this logic went, it would relabel /lib/modules, except on enterprise
linux and when SELinux is enabled (even just permisive).

Flatcar Container Linux defaults to SELinux on, but permisive, and
`/lib/modules/` is a symlink to the read-only `/usr`.
So `./rke up` would fail on attempting to relabel /usr.

The prior work around is to set `SELINUX=disable` in
/etc/selinux/config.

Signed-off-by: Vincent Batts <vbatts@kinvolk.io>
 2020-08-21 16:17:00 -04:00
Luther Monson
de19c42611 added windows path cleaner 2020-08-20 13:41:18 -07:00
Luther Monson
23d2341172 updates for prefix path 2020-08-20 13:40:21 -07:00
Luther Monson
7d6181a290 add win_ params for prefix path, env, args and binds 
Problem: When building a hybrid cluster with windows nodes there is only
a single set of overrides you can use per service. This limits
configuring the node as service args and prefix_path sometimes need to
be specific for the different OS.
Solution: Add support for `win_` prefixed parameters for cluster level
`path_prefix` and service level `extra_args`, `extra_env` and
`extra_binds`. Params will work as before, passing in the non `win_`
prefixed params, IF you set the `win_` prefixed params it willy only use
those meaning you will need to duplicate the params in both config
sections of your rke cluster yaml.
 2020-08-20 13:39:57 -07:00
Sebastiaan van Steenis
f251e3ca92 Change file copy method for state file 2020-08-14 18:42:37 +02:00
Sebastiaan van Steenis
6761a1a3e1 Add restore flag to use local state 2020-08-04 13:13:43 +02:00
Sebastiaan van Steenis
1883a4c3bf
Merge pull request #2152 from superseb/snapshot_include_state 
Able to include and extract state file in snapshot
 2020-07-24 20:24:28 +02:00
Sebastiaan van Steenis
9bca29befb Able to include and extract state file in snapshot 2020-07-21 11:09:37 +02:00
Darren Shepherd
c405e6ea1b Remove references to rancher/types 2020-07-11 23:29:33 -07:00
Sebastiaan van Steenis
80d7dcc6e9 Revert kubelet fix as Docker 19.03.9 has fix 2020-06-09 19:20:30 +02:00
rawmind0
8ff29b617f Updated api bool fields with default=true to *bool. Go files 2020-06-02 20:15:53 +02:00
aiyengar2
94e9c1a01c
Merge pull request #2079 from aiyengar2/revert_encryption_by_default 
Revert default encryption in k8s 1.18
 2020-05-29 16:30:23 -07:00
Sebastiaan van Steenis
e9819eb069
Merge pull request #2058 from superseb/upstreamdockerselinux 
Dont relabel volumes on upstream Docker & SELinux
 2020-05-29 15:57:39 +02:00
Arvind Iyengar
6e194ab1a6 Revert "Add support for k8s 1.18" 
This reverts commit 763a896380.
 2020-05-27 12:48:10 -07:00
Sebastiaan van Steenis
2b226dc314
Merge pull request #1990 from superseb/remove_user_addons 
Remove user addons when not present
 2020-05-19 22:56:22 +02:00
Sebastiaan van Steenis
0c063587ec Dont relabel volumes on upstream Docker & SELinux 2020-05-19 21:50:24 +02:00
Arvind Iyengar
763a896380 Add support for k8s 1.18 
This commit changes default settings for k8s 1.18 to have encryption at rest by default: https://github.com/rancherlabs/rancher-security/issues/412
 2020-05-12 14:13:11 -07:00
Sebastiaan van Steenis
d91e7efd2d Remove user addons when not present 2020-03-30 21:18:09 +02:00
Darren Shepherd
ecc629f2c3 Refactor to new client-go API in k8s 1.18 2020-03-27 10:55:19 -07:00
Kinara Shah
b9c2d893bc
Merge pull request #1987 from kinarashah/lgt 
log service options data in trace
 2020-03-27 10:15:08 -07:00
rajashree
00f6567714 Use v3 type for addons updateStrategy 2020-03-26 15:52:57 -07:00
kinarashah
ef34e40165 log service options data in trace 2020-03-26 10:03:41 -07:00
Sebastiaan van Steenis
4adf2c9b68
Merge pull request #1980 from superseb/re_try_logging 
Standardize (re-)try logging
 2020-03-23 13:30:37 +01:00
Sebastiaan van Steenis
5f46c748c0 Standardize (re-)try logging 2020-03-21 18:34:16 +01:00
rajashree
1ecf6effbf Reconcile workerplane for NotReady control hosts 2020-03-20 13:37:37 -07:00
Sebastiaan van Steenis
d65d72ae6d Enable kube-api audit log for new k8s versions 2020-03-15 13:55:47 +01:00
rajashree
fc3709507d Reset error to nil if lister works on retries 2020-03-13 15:16:25 -07:00
rajashree
6b94c4a3fb Retain user-configured dnsConfig fields when provider is not set 2020-03-12 23:56:11 -07:00
rajashree
6b25bcf3e0 Remove ignore-upgrade label from zero downtime upgrade 2020-03-10 23:36:17 -07:00
rajashree
bb6873ce48 Addresses following issues: 
1. Compare maxUnavailable with powered off hosts before attempting to reconcile
NotReady hosts
2. Include powered off hosts as failed hosts for controlplane upgrade to return error
3. Change coredns upgrade strategy. With addons changes it was changed to have the k8s
default value for a deployment of 25% maxUnavailable and maxSurge. This commit changes it
back to maxUnavailable of 1 to avoid dns addon upgrade issues
 2020-03-07 14:22:35 -08:00