rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-07-19 01:36:32 +00:00
Code Issues Releases Wiki Activity
2,119 Commits 42 Branches 742 Tags 732 MiB
adaec2efa7
Commit Graph

667 Commits

Author SHA1 Message Date
Ryan Sanna
c14c39f8c5 reduce rewrite workers, add additional logging around secrets retrieval 2020-12-22 12:40:17 -07:00
Ryan Sanna
49e158a974
Revert "Revert "Encryption Key Rotation Changes"" 2020-12-14 11:51:46 -07:00
Ryan Sanna
92573270c7
Revert "Encryption Key Rotation Changes" 2020-12-09 13:49:27 -07:00
Ryan Sanna
e42ff49fec key rotation as part of ClusterUp, more robust secrets rewrite, improved logging 2020-12-08 12:00:32 -07:00
Nick Gerace
da6d9dcf9e Set default http backend to be optional 
Set default http backend to be optional for ingress nginx. It will be
enabled by default.
 2020-12-03 14:53:51 -05:00
Sebastiaan van Steenis
99af2bdf95
Merge pull request #2355 from superseb/add_tolerations 
Add tolerations option to addons
 2020-12-03 19:20:54 +01:00
Sebastiaan van Steenis
a1eaee0312
Merge pull request #2322 from superseb/retry_tcpportcheck 
Add retry to TCP port check
 2020-12-02 21:39:31 +01:00
Sebastiaan van Steenis
4e31add8fe Add tolerations option to addons 2020-11-26 17:29:46 +01:00
Kiran Shastri
4f062997bb Introduce ACI CNI network provider 
ACI CNI supports k8s versions 1.18+
Added template and arguments for ACI CNI
Disable cloud options for ACI.
Separate generated code into another commit

Signed-off-by: Kiran Shastri <shastrinator@gmail.com>
(cherry picked from commit e94c54005e)
 2020-11-17 15:29:03 -05:00
Sebastiaan van Steenis
a252645797 Add retry to TCP port check 2020-11-09 18:35:58 +01:00
Jacob Payne
04ea70ee3b updated NodeUpgradeStrategy.Drain to use pointer 2020-10-26 09:59:49 -07:00
kinarashah
8c3c618b63 set default ingress network mode for both rancher and rke 
Problem:
Setting defaults for ingress in parse logic works only for
rke standalone but not when rancher calls rke using ClusterUp.

Solution:
Setting them during the cluster defaults logic
 2020-10-24 13:09:38 +02:00
Sebastiaan van Steenis
16f3089220
Merge pull request #1911 from ibrokethecloud/master 
Allow addons.go to parse http and https ports for ingress controller
 2020-10-22 20:54:09 +02:00
Gaurav Mehta
5a63de09bc Updated cluster/addons.go to allow it to parse and send new http_port and https_ports to the ingress template 
Fixed up yaml import package

Updated rke ingress addon to support a new field hostNetwork. Users can use this now to run ingress controller on overlay network only

Ported additional ingress types changes into types/rke_types

Fixed linting errors related to variable names in addons.go and rke_types

Changed types for hostNetwork and http/https ports

Added validation to check http/https ports are different

Changed rke_types for additional spec in ingressConfig. Changed validation and default logic accordingly
 2020-10-21 19:00:04 +11:00
Sebastiaan van Steenis
422dfff0fd Check etcd cluster health after member delete 2020-09-29 13:53:45 +02:00
Sebastiaan van Steenis
b3ca1f8327 Don't advertise etcd port 4001 in v3.4.13 and up 2020-09-23 09:27:51 -07:00
Darren Shepherd
abf63e4a08 Fix panic when IgnoreDockerVersion is nil 2020-09-18 10:17:44 -07:00
Sebastiaan van Steenis
12b4dcaf59 Remove statefile for dind remove 2020-09-08 21:33:06 -07:00
Chris Kim
526ac7b065 Add CanalControllers to the systemImagesDefaultsMap 
Signed-off-by: Chris Kim <oats87g@gmail.com>
 2020-09-08 16:17:30 -07:00
Chris Kim
0522b664ac Add CanalControllers to support Canal v3.14.0+ 
Signed-off-by: Chris Kim <oats87g@gmail.com>
 2020-09-04 17:49:39 -07:00
Vincent Batts
d77ee0d53f
cluster/plan: don't relabel /lib/modules by default 
As this logic went, it would relabel /lib/modules, except on enterprise
linux and when SELinux is enabled (even just permisive).

Flatcar Container Linux defaults to SELinux on, but permisive, and
`/lib/modules/` is a symlink to the read-only `/usr`.
So `./rke up` would fail on attempting to relabel /usr.

The prior work around is to set `SELINUX=disable` in
/etc/selinux/config.

Signed-off-by: Vincent Batts <vbatts@kinvolk.io>
 2020-08-21 16:17:00 -04:00
Luther Monson
de19c42611 added windows path cleaner 2020-08-20 13:41:18 -07:00
Luther Monson
23d2341172 updates for prefix path 2020-08-20 13:40:21 -07:00
Luther Monson
7d6181a290 add win_ params for prefix path, env, args and binds 
Problem: When building a hybrid cluster with windows nodes there is only
a single set of overrides you can use per service. This limits
configuring the node as service args and prefix_path sometimes need to
be specific for the different OS.
Solution: Add support for `win_` prefixed parameters for cluster level
`path_prefix` and service level `extra_args`, `extra_env` and
`extra_binds`. Params will work as before, passing in the non `win_`
prefixed params, IF you set the `win_` prefixed params it willy only use
those meaning you will need to duplicate the params in both config
sections of your rke cluster yaml.
 2020-08-20 13:39:57 -07:00
Sebastiaan van Steenis
f251e3ca92 Change file copy method for state file 2020-08-14 18:42:37 +02:00
Sebastiaan van Steenis
6761a1a3e1 Add restore flag to use local state 2020-08-04 13:13:43 +02:00
Sebastiaan van Steenis
1883a4c3bf
Merge pull request #2152 from superseb/snapshot_include_state 
Able to include and extract state file in snapshot
 2020-07-24 20:24:28 +02:00
Sebastiaan van Steenis
9bca29befb Able to include and extract state file in snapshot 2020-07-21 11:09:37 +02:00
Darren Shepherd
c405e6ea1b Remove references to rancher/types 2020-07-11 23:29:33 -07:00
Sebastiaan van Steenis
80d7dcc6e9 Revert kubelet fix as Docker 19.03.9 has fix 2020-06-09 19:20:30 +02:00
rawmind0
8ff29b617f Updated api bool fields with default=true to *bool. Go files 2020-06-02 20:15:53 +02:00
aiyengar2
94e9c1a01c
Merge pull request #2079 from aiyengar2/revert_encryption_by_default 
Revert default encryption in k8s 1.18
 2020-05-29 16:30:23 -07:00
Sebastiaan van Steenis
e9819eb069
Merge pull request #2058 from superseb/upstreamdockerselinux 
Dont relabel volumes on upstream Docker & SELinux
 2020-05-29 15:57:39 +02:00
Arvind Iyengar
6e194ab1a6 Revert "Add support for k8s 1.18" 
This reverts commit 763a896380.
 2020-05-27 12:48:10 -07:00
Sebastiaan van Steenis
2b226dc314
Merge pull request #1990 from superseb/remove_user_addons 
Remove user addons when not present
 2020-05-19 22:56:22 +02:00
Sebastiaan van Steenis
0c063587ec Dont relabel volumes on upstream Docker & SELinux 2020-05-19 21:50:24 +02:00
Arvind Iyengar
763a896380 Add support for k8s 1.18 
This commit changes default settings for k8s 1.18 to have encryption at rest by default: https://github.com/rancherlabs/rancher-security/issues/412
 2020-05-12 14:13:11 -07:00
Sebastiaan van Steenis
d91e7efd2d Remove user addons when not present 2020-03-30 21:18:09 +02:00
Darren Shepherd
ecc629f2c3 Refactor to new client-go API in k8s 1.18 2020-03-27 10:55:19 -07:00
Kinara Shah
b9c2d893bc
Merge pull request #1987 from kinarashah/lgt 
log service options data in trace
 2020-03-27 10:15:08 -07:00
rajashree
00f6567714 Use v3 type for addons updateStrategy 2020-03-26 15:52:57 -07:00
kinarashah
ef34e40165 log service options data in trace 2020-03-26 10:03:41 -07:00
Sebastiaan van Steenis
4adf2c9b68
Merge pull request #1980 from superseb/re_try_logging 
Standardize (re-)try logging
 2020-03-23 13:30:37 +01:00
Sebastiaan van Steenis
5f46c748c0 Standardize (re-)try logging 2020-03-21 18:34:16 +01:00
rajashree
1ecf6effbf Reconcile workerplane for NotReady control hosts 2020-03-20 13:37:37 -07:00
Sebastiaan van Steenis
d65d72ae6d Enable kube-api audit log for new k8s versions 2020-03-15 13:55:47 +01:00
rajashree
fc3709507d Reset error to nil if lister works on retries 2020-03-13 15:16:25 -07:00
rajashree
6b94c4a3fb Retain user-configured dnsConfig fields when provider is not set 2020-03-12 23:56:11 -07:00
rajashree
6b25bcf3e0 Remove ignore-upgrade label from zero downtime upgrade 2020-03-10 23:36:17 -07:00
rajashree
bb6873ce48 Addresses following issues: 
1. Compare maxUnavailable with powered off hosts before attempting to reconcile
NotReady hosts
2. Include powered off hosts as failed hosts for controlplane upgrade to return error
3. Change coredns upgrade strategy. With addons changes it was changed to have the k8s
default value for a deployment of 25% maxUnavailable and maxSurge. This commit changes it
back to maxUnavailable of 1 to avoid dns addon upgrade issues
 2020-03-07 14:22:35 -08:00
Darren Shepherd
1e34d2b464 Remove n^2 algorithm. At 5000+ nodes plus this gets to be a real problem 2020-03-06 08:52:56 -07:00
Sebastiaan van Steenis
eaf643e6a2
Merge pull request #1945 from superseb/move_log_trace 
Add logging structs/file content to trace loglevel
 2020-03-05 22:19:22 +01:00
Sebastiaan van Steenis
5c7daf4fb1 Add logging structs/file content to trace loglevel 2020-03-05 19:42:05 +01:00
Chris Kim
97371fe82d Add custom flexvolume capabilities to canal and calico 2020-03-05 08:18:40 -08:00
Sebastiaan van Steenis
64f0d7808d
Merge pull request #1872 from Lucaber/fix/cluster-state-log 
Fix log output of full-cluster-state configmap name
 2020-03-05 14:56:56 +01:00
Rajashree Mandaogane
b9b29be0e5
Merge pull request #1943 from mrajashree/rename_label 
Rename ignore label and return error on controlplane failure
 2020-03-04 15:27:16 -08:00
rajashree
c61d531af1 Rename ignore label and return error on controlplane failure 2020-03-04 15:20:48 -08:00
Sebastiaan van Steenis
31a3005733 Add support for nodelocal DNS 2020-03-03 18:09:18 +01:00
rajashree
d420881c41 Check role before including host in inactive host list 2020-03-01 19:03:07 -08:00
kinarashah
12f88f55db error out if service options are not found 
it's unexpected to see empty service options, but node plan shouldn't be generated
in those scenarios
 2020-02-28 11:21:41 -08:00
rajashree
e27a05f8b1 Attempt upgrade on NotReady hosts 2020-02-26 14:14:42 -08:00
Dax McDonald
d7a4f2d2c3 Fix formatting 2020-02-26 12:08:10 -07:00
Rajashree Mandaogane
6664be5e3b
Merge pull request #1912 from mrajashree/zero_downtime_bugfixes 
Accept label to ignore nodes during upgrade
 2020-02-24 10:06:57 -08:00
Daishan
d2d72767a7 Move rke away from kdm vendor 2020-02-24 10:14:25 -07:00
rajashree
968a399f26 Accept label to ignore nodes during upgrade 
RKE does a cluster scan to find the unreachable hosts, and if that number
is same as or exceeds maxUnavailable, upgrade won't proceed.
This commit introduces a label users can provide for their nodes so they
don't get counted as unavailable and are excluded from upgrade.
This commit also includes a couple of bug fixes
 2020-02-22 14:23:47 -08:00
rajashree
4e38cdf825 Parse updateStrategy, replicas and autoscaler fields 2020-02-18 09:01:29 -08:00
Rajashree Mandaogane
92714e5523
Merge pull request #1800 from mrajashree/workers_upgrade 
Change RKE upgrade logic for zero downtime
 2020-02-06 11:03:29 -08:00
rajashree
11678a3f98 Change RKE upgrade logic for zero downtime 2020-02-05 16:19:47 -08:00
Sebastiaan van Steenis
56d4c1b937
Merge pull request #1888 from superseb/local_s3_snapshots_check 
Determine etcd s3 snapshots by s3 config presence
 2020-02-05 10:40:53 +01:00
Murali Paluru
b7140ab74b change the apiVersion of eventratelimit 2020-01-30 19:14:34 -08:00
Darren Shepherd
25e7f98777 Use eventratelimit from rancher/types 2020-01-23 16:04:43 -07:00
Sebastiaan van Steenis
23e98603bd Determine etcd s3 snapshots by s3 config presence 2020-01-20 18:43:35 +01:00
Luca Berneking
1baa4b2efc Fix log output of full-cluster-state configmap name 
This PR corrects the log output during `rke up`.
The output still contains the legacy configmap name `cluster-state`.
The new cluster state is saved in `full-cluster-state`.
 2020-01-09 14:50:42 +01:00
Sebastiaan van Steenis
ecc658b004
Merge pull request #1845 from superseb/debug_svcoptions 
Add debug logging for serviceoptions
 2020-01-02 12:29:11 +01:00
Brenda Rearden
078f11b8a6 Change MTU from string to int 2019-12-23 14:10:50 -07:00
Sebastiaan van Steenis
1bcaefdacc Add debug logging for serviceoptions 2019-12-20 14:42:06 +01:00
Benjamin S. Allen
4f2c87fcd0 Remove the prefixPath from the /lib/modules bind mount for kube-proxy IPVS support 2019-12-17 14:10:38 -08:00
Sebastiaan van Steenis
3ac9cad743 Add ability to set MTU for CNI 2019-12-11 13:34:34 -08:00
kinarashah
790a8858f9 respect metadata's service options for etcd 2019-12-09 10:09:16 -08:00
Sebastiaan van Steenis
6b68be717a Deploy cloud-config file while contents are empty 2019-12-05 10:51:14 -08:00
Prachi Damle
5cf3f1c161 Revert mounting modules for windows 2019-12-04 16:29:59 -08:00
Alena Prokharchyk
2bc68c7118 Correct system image for etcd snapshot removal 
when removal is executed as a part of restoration
 2019-12-03 15:58:31 -08:00
Murali Paluru
b9900f3b9c change enc provider arg, update defaults for audit log config 2019-11-21 14:08:33 -08:00
Murali Paluru
843e14135f add null check for audit log config 2019-11-15 14:25:03 -08:00
Murali Paluru
b649664af8 add admission control config file arg, enable plugin 2019-11-15 14:25:03 -08:00
rajashree
c31ee1eb4b Handle unmarshal of ingressConfig's k8s native fields separately 
IngressConfig fields ExtraEnvs, ExtraVolumes and ExtraVolumeMounts are k8s types.
The yaml unmarshal done in ParseConfig can't unmarshal these properly because they have
nested fields without yaml tags. This commit adds logic to unmarshal
these fields separately so all nested fields get unmarshaled too.
 2019-11-15 10:54:07 -08:00
rajashree
9c1c0ea999 Accept extraEnv, volumes and volumeMounts for ingress addon 
The fields for ExtraEnv, extraVolumes and extraVolumeMounts for ingress
addon refer the k8s native types EnvVar, Volume and VolumeMounts.
The k8s native types have json tags, so this commit adds a template func to
first marshal and get json encoding and then convert to yaml.
 2019-11-14 10:54:00 -08:00
Alena Prokharchyk
6bc2e1e8f8 Restart api/rewrite secrets on config change 2019-11-05 09:34:46 -08:00
Alena Prokharchyk
5eaf28372b Ability to disable custom encryption 2019-11-05 09:34:46 -08:00
Sebastiaan van Steenis
adc5941fd9 Add per node kubelet server certificate 2019-10-31 15:56:44 -07:00
Murali Paluru
e811e18fb3 review comments, build failure fixes 2019-10-31 13:48:44 -07:00
Murali Paluru
bf8688e709 auditlog and eventratelimit changes 2019-10-31 13:48:44 -07:00
Prachi Damle
a1ec25375c Bind mount for ipvs provxy mode 2019-10-29 15:03:44 -07:00
moelsayed
372393ac1b Add Secret Encryption Provider Support 2019-10-29 14:10:32 -07:00
kinarashah
b9bb53ace6 fix applying AlwaysPullImages to commandArgs 
Earlier we checked for AlwaysPullImages only if PodSecurityPolicy
is true clause, need both checks separately.
 2019-10-22 21:48:23 -07:00
Dax McDonald
4579431ece Catch error on setNetworkOptions 2019-10-22 21:37:34 -07:00
Sebastiaan van Steenis
7c4c1324f9 Provide IP for kube-proxy if cloudprovider is set 
If cloudprovider is set (not empty), set the bind address because the node will not be able to retrieve it's IP address because the nodename could be set by the cloud provider (e.g. AWS and Openstack)
 2019-10-18 09:24:02 -07:00
Dax McDonald
ad678b6a32 Remove dead code 2019-10-04 15:02:14 -07:00
Dax McDonald
8022b815b3 Remove uneeded nil check 2019-10-04 15:01:53 -07:00
Rowan James
9a03d8020b fix typo: ControlPlan -> ControlPlane 2019-10-03 12:30:04 -07:00
Sebastiaan van Steenis
14827e2cdf Print proxy env vars when applying authz resources 2019-09-20 09:16:30 -07:00
Frank Mai
f45fc47dca Adjust Windows worker plan 
**Issue:**
https://github.com/rancher/rancher/issues/22676
 2019-09-17 12:02:22 -07:00
Dan Ramich
ecfab50fce Update apis for 1.16 2019-09-09 11:20:26 -07:00
kinarashah
9411027476 consider service options based on hostOS info 2019-09-09 11:12:33 -07:00
Frank Mai
0a170b22b7 Support to accpet new Windows service options 
**Issue:**
https://github.com/rancher/rancher/issues/22470
 2019-09-05 17:05:34 -07:00
chentanjun
11c49ae59f fix-up cluster/cluster.go main.go spelling-mistake 2019-09-03 12:45:20 -07:00
galal-hussein
798632b3a4 Handle missing request header ca in rotate certificate 2019-08-29 13:42:47 -07:00
rajashree
1b4f7939f1 Add nodeSelector in network and monitoring addons 2019-08-29 11:29:57 -07:00
Chris Kim
5cb6699fe3 Adding DNS Policy support for nginx ingress controller 2019-08-23 16:04:52 -07:00
galal-hussein
c5fefd5c77 Add k8s 1.16 2019-08-23 09:50:49 -07:00
orangedeng
0ef3c0849a Support node taint configuration 
**Problem:**
We can not set node taints in RKE node config.

**Solution:**
Sync taints from config in `SyncLabelsAndTaints` function
 2019-08-22 21:09:05 -07:00
Sebastiaan van Steenis
ac16bd8b33 Configure MCS labels if selinux is enabled 2019-08-22 13:45:04 -07:00
Frank Mai
277797df0f Support to generate Windows worker plan 
- Put Windows worker plan generating back to reduce the changing from
Windows on rancher/rancher
- Prepare for rke bootstraps Windows cluster

**Issue:**
https://github.com/rancher/rancher/issues/16460
 2019-08-21 20:50:31 -07:00
galal-hussein
9c5de9f577 Handle etcd changing its public IP address 2019-08-21 11:47:42 -07:00
Sebastiaan van Steenis
c3e9492716 Print original error regarding kubeconfig 2019-08-21 11:47:08 -07:00
kinarashah
734c651f16 remove support for default versioned templates 2019-08-20 13:59:03 -07:00
moelsayed
06e87ebabb Remove uncompressed snapshot after restore 2019-08-20 12:50:25 -07:00
Darren Shepherd
f8bac2c059 Update to new certs package since latest k8s dropped it 2019-08-19 11:02:43 -07:00
Dan Ramich
4902cf71d9
Merge pull request #1539 from superseb/fixcalicolabels 
Use correct labels to delete calico pods
 2019-08-14 10:15:58 -07:00
Denise
0c405cdc88 Revert "Handle changing public ip for etcd member delete" 
This reverts commit b5d7f5dcd4.
 2019-08-12 11:51:20 -07:00
Rodrigue Cloutier
aff29683b2 Fixed issue 1404: Support of configuration with no node with etcd role 2019-08-09 11:14:10 -07:00
moelsayed
a3e7bef8cd Fix ingress deployment issue with PSP enabled 2019-08-09 11:11:58 -07:00
galal-hussein
b5d7f5dcd4 Handle changing public ip for etcd member delete 2019-08-09 11:07:30 -07:00
Sebastiaan van Steenis
f1cdff2a3e Use correct labels to delete calico pods 2019-08-08 20:35:26 +02:00
Sebastiaan van Steenis
3f94e86706 Revert "Add per node kubelet server certificate" 
This reverts commit b860e634db.
 2019-08-08 09:49:47 -07:00
Sebastiaan van Steenis
b860e634db Add per node kubelet server certificate 2019-07-31 14:54:43 -07:00
moelsayed
fd237d9eef Fix constant kubeapi certificate regeneration 2019-07-31 14:52:46 -07:00
moelsayed
688d4aedd7 support etcd custom uid/gid 2019-07-29 17:24:16 -07:00
galal-hussein
2bc960a01c Add kubeapi proxy cluster role and role binding 2019-07-25 14:16:26 -07:00
kinarashah
b018c756b1 read serviceOptions from minor version first 2019-07-19 13:25:42 -07:00
kinarashah
217e1b41b8 generate correct default rketools 
always use rke's default k8s's rke-tools, even if rancher's default k8s
changes. This is based on assumption that change in rke-tools would also
require a new rke version.
 2019-07-18 14:48:48 -07:00
galal-hussein
55b1b4db7c use healthz endpoint for kubelet healthcheck 2019-07-18 14:22:07 -07:00
moelsayed
17320083e9 Use etcd service extra_env in backup containers 2019-07-17 16:42:26 -07:00
Sebastiaan van Steenis
958042817a Add Calico controller image for 3.7.4 2019-07-16 12:57:46 -07:00
moelsayed
7b5797ce18 reconcile node roles 2019-07-11 14:27:55 -07:00
moelsayed
058f196e72 Fix worker/controlplane reconcile logic 2019-07-11 14:27:55 -07:00
Sebastiaan van Steenis
63b6ece7b9 Check if certificates are present in state 
Problem: If certificates are empty in cluster state (or missing rkestate file), RKE and Rancher would throw NPE.

Solution: Check if certificates are present or error out (for now this situation needs manual intervention)
 2019-07-11 14:27:41 -07:00
kinarashah
f360207416 move metadata init to InitClusterObject 2019-07-08 15:40:31 -07:00
kinarashah
116b47b025 rancher pass serviceoptions and addon templates to rke 2019-07-03 10:04:27 -07:00
kinarashah
c191ed6202 use k8s version info from kontainer-driver-metadata 2019-07-03 10:04:27 -07:00
Sebastiaan van Steenis
42c097275a Add stubdomains to kube-dns 2019-07-01 09:43:31 -07:00
moelsayed
2c907f9f21 rename EndpointCA 2019-06-25 14:17:53 -07:00
Sebastiaan van Steenis
9985bc8bae Add k8s 1.15 2019-06-25 10:41:27 -07:00
moelsayed
38c31b9766 Add option to pass custom CA certificate for S3 backend 2019-06-20 15:00:00 -07:00
galal-hussein
ffa42ab900 fix file permissions 2019-06-18 12:52:42 -07:00
Sebastiaan van Steenis
88768e2527 CoreDNS default DNS provider for k8s 1.14 and up 2019-06-14 11:50:46 -07:00
Sebastiaan van Steenis
ae44a9510f Format user addon YAML before concat 2019-06-11 12:52:44 -07:00
kinarashah
1a1080a234 always use DefaultRKETools for etcd snapshot 2019-06-11 12:52:25 -07:00
galal-hussein
870c073c10 Use Internal Addresses to sort the etcd connection string 2019-05-31 09:48:35 -07:00
Zhaofeng Li
cc3c03746f Use the node's architecture to build etcd process 
This allows for mixed-architecture etcd clusters.
 2019-05-30 03:41:59 -07:00