RKE will panic if we enable rotate_encryption_key but disable secrets_encryption_config when creating a cluster. The panic happens because RKE tries to use the rkeConfig, which does not exist. The rkeConfig will be made after the rke up command succeeds.
Solution:
Skip the rotateEncryptionKey operation when creating a new cluster. Also, In this case, keys are just made for the first time, so there is no need to rotate them.
ACI CNI supports k8s versions 1.18+
Added template and arguments for ACI CNI
Disable cloud options for ACI.
Separate generated code into another commit
Signed-off-by: Kiran Shastri <shastrinator@gmail.com>
(cherry picked from commit e94c54005e)
Fixed a small typo in `config.go` at:
```
const (
comments = `# If you intened to deploy Kubernetes in an air-gapped environment,
# please consult the documentation on how to configure custom RKE images.`
)
```
to:
```
const (
comments = `# If you intended to deploy Kubernetes in an air-gapped environment,
# please consult the documentation on how to configure custom RKE images.`
)
```
Before this change, `rke etcd snapshot-restore` did not support
`--custom-certs` and `--cert-dir` flags. As a result, an attempt to
restore snapshot on cluster using custom certificates resulted in fatal
error:
```
FATA[0032] CA Certificate or Key is empty
```
This commit adds `--custom-certs` and `--cert-dir` flag handling similar
to `rke up` command, resolving the issue.
If restore flag is set to true on RKEConfig, the reconcileCluster flag in
ClusterUp should not be set to true, so that DeployControlPlane and DeployWorkerPlane
call the non-zero downtime upgrade functions RunControlPlane and RunWorkerPlane respectively
RKE does a cluster scan to find the unreachable hosts, and if that number
is same as or exceeds maxUnavailable, upgrade won't proceed.
This commit introduces a label users can provide for their nodes so they
don't get counted as unavailable and are excluded from upgrade.
This commit also includes a couple of bug fixes
