rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-06-20 12:44:30 +00:00
Code Issues Releases Wiki Activity
1,449 Commits 44 Branches 738 Tags 691 MiB
e42ff49fec
Commit Graph

563 Commits

Author SHA1 Message Date
kinarashah
9411027476 consider service options based on hostOS info 2019-09-09 11:12:33 -07:00
Frank Mai
0a170b22b7 Support to accpet new Windows service options 
**Issue:**
https://github.com/rancher/rancher/issues/22470
 2019-09-05 17:05:34 -07:00
chentanjun
11c49ae59f fix-up cluster/cluster.go main.go spelling-mistake 2019-09-03 12:45:20 -07:00
galal-hussein
798632b3a4 Handle missing request header ca in rotate certificate 2019-08-29 13:42:47 -07:00
rajashree
1b4f7939f1 Add nodeSelector in network and monitoring addons 2019-08-29 11:29:57 -07:00
Chris Kim
5cb6699fe3 Adding DNS Policy support for nginx ingress controller 2019-08-23 16:04:52 -07:00
galal-hussein
c5fefd5c77 Add k8s 1.16 2019-08-23 09:50:49 -07:00
orangedeng
0ef3c0849a Support node taint configuration 
**Problem:**
We can not set node taints in RKE node config.

**Solution:**
Sync taints from config in `SyncLabelsAndTaints` function
 2019-08-22 21:09:05 -07:00
Sebastiaan van Steenis
ac16bd8b33 Configure MCS labels if selinux is enabled 2019-08-22 13:45:04 -07:00
Frank Mai
277797df0f Support to generate Windows worker plan 
- Put Windows worker plan generating back to reduce the changing from
Windows on rancher/rancher
- Prepare for rke bootstraps Windows cluster

**Issue:**
https://github.com/rancher/rancher/issues/16460
 2019-08-21 20:50:31 -07:00
galal-hussein
9c5de9f577 Handle etcd changing its public IP address 2019-08-21 11:47:42 -07:00
Sebastiaan van Steenis
c3e9492716 Print original error regarding kubeconfig 2019-08-21 11:47:08 -07:00
kinarashah
734c651f16 remove support for default versioned templates 2019-08-20 13:59:03 -07:00
moelsayed
06e87ebabb Remove uncompressed snapshot after restore 2019-08-20 12:50:25 -07:00
Darren Shepherd
f8bac2c059 Update to new certs package since latest k8s dropped it 2019-08-19 11:02:43 -07:00
Dan Ramich
4902cf71d9
Merge pull request #1539 from superseb/fixcalicolabels 
Use correct labels to delete calico pods
 2019-08-14 10:15:58 -07:00
Denise
0c405cdc88 Revert "Handle changing public ip for etcd member delete" 
This reverts commit b5d7f5dcd4.
 2019-08-12 11:51:20 -07:00
Rodrigue Cloutier
aff29683b2 Fixed issue 1404: Support of configuration with no node with etcd role 2019-08-09 11:14:10 -07:00
moelsayed
a3e7bef8cd Fix ingress deployment issue with PSP enabled 2019-08-09 11:11:58 -07:00
galal-hussein
b5d7f5dcd4 Handle changing public ip for etcd member delete 2019-08-09 11:07:30 -07:00
Sebastiaan van Steenis
f1cdff2a3e Use correct labels to delete calico pods 2019-08-08 20:35:26 +02:00
Sebastiaan van Steenis
3f94e86706 Revert "Add per node kubelet server certificate" 
This reverts commit b860e634db.
 2019-08-08 09:49:47 -07:00
Sebastiaan van Steenis
b860e634db Add per node kubelet server certificate 2019-07-31 14:54:43 -07:00
moelsayed
fd237d9eef Fix constant kubeapi certificate regeneration 2019-07-31 14:52:46 -07:00
moelsayed
688d4aedd7 support etcd custom uid/gid 2019-07-29 17:24:16 -07:00
galal-hussein
2bc960a01c Add kubeapi proxy cluster role and role binding 2019-07-25 14:16:26 -07:00
kinarashah
b018c756b1 read serviceOptions from minor version first 2019-07-19 13:25:42 -07:00
kinarashah
217e1b41b8 generate correct default rketools 
always use rke's default k8s's rke-tools, even if rancher's default k8s
changes. This is based on assumption that change in rke-tools would also
require a new rke version.
 2019-07-18 14:48:48 -07:00
galal-hussein
55b1b4db7c use healthz endpoint for kubelet healthcheck 2019-07-18 14:22:07 -07:00
moelsayed
17320083e9 Use etcd service extra_env in backup containers 2019-07-17 16:42:26 -07:00
Sebastiaan van Steenis
958042817a Add Calico controller image for 3.7.4 2019-07-16 12:57:46 -07:00
moelsayed
7b5797ce18 reconcile node roles 2019-07-11 14:27:55 -07:00
moelsayed
058f196e72 Fix worker/controlplane reconcile logic 2019-07-11 14:27:55 -07:00
Sebastiaan van Steenis
63b6ece7b9 Check if certificates are present in state 
Problem: If certificates are empty in cluster state (or missing rkestate file), RKE and Rancher would throw NPE.

Solution: Check if certificates are present or error out (for now this situation needs manual intervention)
 2019-07-11 14:27:41 -07:00
kinarashah
f360207416 move metadata init to InitClusterObject 2019-07-08 15:40:31 -07:00
kinarashah
116b47b025 rancher pass serviceoptions and addon templates to rke 2019-07-03 10:04:27 -07:00
kinarashah
c191ed6202 use k8s version info from kontainer-driver-metadata 2019-07-03 10:04:27 -07:00
Sebastiaan van Steenis
42c097275a Add stubdomains to kube-dns 2019-07-01 09:43:31 -07:00
moelsayed
2c907f9f21 rename EndpointCA 2019-06-25 14:17:53 -07:00
Sebastiaan van Steenis
9985bc8bae Add k8s 1.15 2019-06-25 10:41:27 -07:00
moelsayed
38c31b9766 Add option to pass custom CA certificate for S3 backend 2019-06-20 15:00:00 -07:00
galal-hussein
ffa42ab900 fix file permissions 2019-06-18 12:52:42 -07:00
Sebastiaan van Steenis
88768e2527 CoreDNS default DNS provider for k8s 1.14 and up 2019-06-14 11:50:46 -07:00
Sebastiaan van Steenis
ae44a9510f Format user addon YAML before concat 2019-06-11 12:52:44 -07:00
kinarashah
1a1080a234 always use DefaultRKETools for etcd snapshot 2019-06-11 12:52:25 -07:00
galal-hussein
870c073c10 Use Internal Addresses to sort the etcd connection string 2019-05-31 09:48:35 -07:00
Erik Wilson
581e3389c4 Reorder etcd servers list 2019-05-28 09:50:29 -07:00
Erik Wilson
e2f7f865ed Force deploy certs if etcd cert was changed 2019-05-24 09:12:39 -07:00
Alena Prokharchyk
f409da01bd Revert "Do preliminary KubeAPI port check using HTTP. Resolves rancher#1256." 
This reverts commit 9c94d6525d.
 2019-05-24 09:12:13 -07:00
jlamillan
9c94d6525d Do preliminary KubeAPI port check using HTTP. Resolves rancher#1256. 2019-05-22 10:25:36 -07:00
kinarashah
5f4cff3f4c remove PersistentVolumeLabel controller 
deprecated post 1.11
 2019-05-08 12:11:44 -07:00
Sebastiaan van Steenis
1127a90a9c Add correct env vars if etcd 3.3 is used 2019-05-02 09:46:26 -07:00
Frank Mai
471146b25c Support to config Flannel backend 
- Add `flannel_backend_port` and `canal_flannel_backend_port` to config
the port of Flannel
- Add `flanneld_backend_vni` and `canal_flannel_backend_vni` to config
the VxLan network identify of Flannel
 2019-04-29 09:29:13 -07:00
Sebastiaan van Steenis
5660fd44d3 Added onetime container and active running checks 2019-04-24 16:56:17 -07:00
galal-hussein
7744f18d6e Force deploy certificates if kubeapi cert got changed 2019-04-24 16:54:19 -07:00
Sebastiaan van Steenis
765746fc77 Correct log messages for file-deployer 2019-04-24 16:54:02 -07:00
galal-hussein
7a0406c44f Check legacy state if kubeconfig doesnt exist 2019-04-23 16:43:07 -07:00
Jan B
9679aca20c Fix: kube-proxy not mounting /run/xtables.lock leading to racy iptables access 
kube-proxy and other processes invoking iptables (e.g. flannel, weave) must share the host fs `/run/xtables.lock` to prevent concurrent access to iptables resulting in errors like "iptables: Resource temporarily unavailable".
 2019-04-17 11:20:04 -07:00
galal-hussein
de0a1d6948 Fix fetching state with prefix path from nodes 2019-04-09 14:56:51 -07:00
jlamillan
d9f2a41e5a Prepend 3 dashes at the beginning of addon YAMLs if missing. Resolves #1251. 2019-04-08 15:35:53 -07:00
Sebastiaan van Steenis
e1d0899efe Show correct filename for webhook auth config file 2019-04-08 15:27:01 -07:00
Sebastiaan van Steenis
21f3a3eff9 Add k8s 1.14 2019-04-05 15:45:19 -07:00
moelsayed
06b709e888 Add RemoveEtcdSnapshot 2019-04-05 13:51:08 -07:00
galal-hussein
3bc6b0a18f Fix desired state in rke rotate 2019-04-03 16:39:21 -07:00
galal-hussein
6341dadc2f Return empty config if bearer token is present 2019-04-02 12:48:52 -07:00
Frank Mai
d2783a9298 Change controllerMgr & scheduler listening address 
**Problem:**
For now, Monitoring cannot scrape metrics from controllerMgr & scheduler

**Solution:**
Change listening address to `0.0.0.0`

**Issue:**
https://github.com/rancher/rancher/issues/17922
 2019-03-19 21:00:09 -07:00
galal-hussein
d3d107a09a Restart cluster agent pod in rotate certs 2019-03-19 12:49:20 -07:00
galal-hussein
32e1071041 Handle missing service account token key when fetching certs from nodes 2019-03-19 08:52:08 -07:00
galal-hussein
c1372bc797 Fetch certificates and state from nodes for legacy cluster 2019-03-18 12:59:52 -07:00
moelsayed
3302099643 Fix backupConfig defaults 2019-03-18 10:35:04 -07:00
galal-hussein
6f6f2c4b90 Restart Kubeapi auth pod 2019-03-13 21:27:40 -07:00
galal-hussein
d9e0a9d749 Revert "Restart Cattle agent pods and kubeapi auth pods" 
This reverts commit 26d10514d8.
 2019-03-13 20:56:34 -07:00
galal-hussein
26d10514d8 Restart Cattle agent pods and kubeapi auth pods 2019-03-13 20:49:27 -07:00
moelsayed
f145eb39b4 Handle mixed providers 2019-03-13 20:35:53 -07:00
Alena Prokharchyk
ac048d30b0 Handle dnsconfig being a pointer 2019-03-12 20:57:22 -07:00
moelsayed
5d1084ad80 Don't disable all backups based on backup flag 2019-03-11 19:04:56 -07:00
jianghang8421
b6d90f4110 Convert aarch64 to arm64 for ETCD_UNSUPPORTED_ARCH env var 2019-03-11 16:20:41 -06:00
galal-hussein
2696b88dfc Upgrade legacy kubeapi service 2019-03-08 19:42:39 -08:00
moelsayed
1e34a7c5fa Add BackupConfig Enabled flag 2019-03-08 14:22:10 -08:00
loganhz
efab83d804 Always set ETCD_UNSUPPORTED_ARCH 2019-03-08 14:09:39 -07:00
jianghang8421
8a219b5c50 Support deploying arm64 k8s and modify cross build script 2019-03-08 14:09:39 -07:00
galal-hussein
cbb7b65643 Fix restart pods for weave plugin 2019-03-07 10:55:57 -08:00
galal-hussein
2aac0e475f Regenerate requestheader ca for legacy clusters 2019-03-06 11:58:24 -08:00
moelsayed
e3d6fb4db9 Restore backup to a new etcd plane 2019-03-06 09:22:52 -08:00
galal-hussein
1926fee1eb Fix weave configmap key 2019-03-05 11:31:05 -08:00
moelsayed
b80785e75e Ensure certs are availaible for restore 2019-03-03 09:14:36 -08:00
galal-hussein
9d85116568 Modify kubernetes version check to allow upgrade 2019-03-01 11:11:16 -08:00
moelsayed
05d19122ac Handle missing backups 2019-02-27 14:46:25 -08:00
moelsayed
eb6116dded Fix versioned templates version check 2019-02-26 15:26:16 -08:00
Sebastiaan van Steenis
40cd80a208 Add node selector for DNS providers 2019-02-20 10:56:36 -08:00
galal-hussein
947b7eeaad Fix Kubedns provider name 2019-02-19 14:07:34 -08:00
moelsayed
f8b6131dd2 Use supported rke-tools for backup and restore in legacy clusters 2019-02-15 14:25:04 -08:00
galal-hussein
30661bc429 Add retries in reconcile when delete hosts 2019-02-15 14:13:46 -08:00
Sebastiaan van Steenis
23aebac488 Add AWS cloudprovider config 2019-02-12 09:10:55 -08:00
orangedeng
642970feb2 Use initContainer for nginx ingress if it is old version 
**Problem:**
The nginx ingress daemonSet securityContext can not be applied to
version before 0.16.0

**Solution:**
When the nginx controller version is older than 0.16.0, we use the old
way to set it up.
 2019-01-29 14:27:30 -08:00
moelsayed
285ac8d81c Automatically sync local backups 2019-01-28 15:27:58 -08:00
galal-hussein
fa332f7e07 Revert "revert to skip network plugin port checks of udp port" 
This reverts commit ea4b16b116.

Revert "Add port checks for network plugins"
This reverts commit c73a58d45c.
 2019-01-28 11:12:42 -08:00
Guangbo Chen
ea4b16b116 revert to skip network plugin port checks of udp port 2019-01-28 09:48:06 -08:00
galal-hussein
860058e878 Check if etcd is healthy before running kubeapi 2019-01-25 16:00:04 -08:00
Mark Lee
c0ee3327ba advertise address on kube-apiserver by internal_address 2019-01-25 11:23:14 -08:00
Sebastiaan van Steenis
4cbca1e90a Add CoreDNS as addon 2019-01-25 11:12:46 -08:00
Guangbo Chen
c73a58d45c Add port checks for network plugins 2019-01-24 13:29:26 -08:00
galal-hussein
f53e30adec Add disable option for metrics server 2019-01-24 12:15:47 -08:00
Jason Greathouse
a64e8f64fb honor kubernetes_version setting 2019-01-24 11:34:07 -08:00
galal-hussein
556e5bb678 Avoid creating dangling volumes with rke tools 2019-01-21 12:38:58 -08:00
moelsayed
cf037b1ed6 Allow local backup for rancher 2019-01-15 10:07:18 -08:00
galal-hussein
82fa8d6305 Add restart components to custom certs 2019-01-14 11:51:11 -08:00
Jason Greathouse
6d36ba86e9 AlwaysPullImages admission plugin option 2019-01-09 11:49:33 -08:00
galal-hussein
9ee750ec01 Adding csr generation and custom certs 2019-01-09 11:47:53 -08:00
galal-hussein
e79da956e9 Update rke to v1.13 and add versioned templates for calico and canal 2019-01-08 13:52:40 -08:00
Jason Greathouse
7afa6e927e update k8s defaults, CIS recommendations 2019-01-07 12:07:46 -08:00
moelsayed
2bf2cd8f5b Don't remove Ready nodes during restore 2019-01-04 14:26:40 -08:00
Guangbo Chen
9cfe5661d8 add etcd s3 uploading and downloading snapshot feature 2019-01-04 13:54:14 -08:00
Erik Wilson
e04b7d4413 Add support for Kubernetes API Authn Webhook 
Allow multiple authn strategies to be defined, including new 'webhook'
strategy. Webhook strategy configuration contains the contents of the
authentication webhook file as well as the cache timeout period.

This change allows a Kubernetes API Auth service to authenticate
user requests without proxying through the Rancher server.
 2019-01-03 17:15:23 -07:00
galal-hussein
3c6c7f1b7b Run rebuild cluster certs from clusterup 2018-12-20 14:04:47 -08:00
galal-hussein
4d23fb4288 Return api and client certs to rotate certs 2018-12-18 16:35:20 -08:00
galal-hussein
66fb2c4ac0 Get checksum of the cloud file content 2018-12-06 16:23:20 -08:00
Chris Kim
afaad6c824 Adding ability to set cluster network to none 2018-12-03 11:34:18 -08:00
galal-hussein
ff4c93e179 refactor etcd restoration process 2018-11-30 12:48:41 -08:00
Mike Kelley
5941368767 add support for weave password 2018-11-29 16:39:45 -08:00
galal-hussein
f3bbd81c52 Update etcd save/restore to work with new state managemnet 2018-11-27 11:09:56 -08:00
galal-hussein
11aa0caabc Fix rotate certificates with new state 2018-11-14 05:15:57 +08:00
moelsayed
b67a67c3bb Force lowercase node names 2018-11-14 04:54:35 +08:00
galal-hussein
696b61679c Final fixes and cleanup for state management 
Fix dind and local and etcd snapshots

add ExternalFlags and dialer options
 2018-11-09 11:16:17 -08:00
moelsayed
6da35256a8 handle upgrade cases 
backup state to kubernetes
 2018-11-09 11:16:17 -08:00
galal-hussein
8b8870311b refactor the build state 
remove extra cert generation for etcd in reconcile

fix reconcile and etcd add and remove cluster state with rke remove

fix add/remove issues

Fix the up command

Fix default paths for kubeconfig and rkestate
 2018-11-09 11:16:17 -08:00
moelsayed
90fd13db65 Update main code path to use new state 2018-11-09 11:16:17 -08:00
galal-hussein
f48da22d8e init commit for refactor state 
add init test

use rkeconfig for init

reconcile old state file
 2018-11-09 11:16:17 -08:00
galal-hussein
631c0725f4 Fix broken etcd rolling snapshot 2018-11-08 13:14:15 -08:00
galal-hussein
f0572f48b4 Fix etcd snapshot 2018-11-07 12:43:25 -08:00
galal-hussein
deb3518d78 Enable etcd snapshot by default 2018-11-02 09:35:57 -07:00
galal-hussein
3551e6e4b6 Add Rotate certificates command to rke 2018-10-31 12:08:31 -07:00
moelsayed
dd4d19a945 Fix remove performance issues 2018-10-24 10:24:14 -07:00
moelsayed
b7d98733cf Run state save in a worker pool 2018-10-19 17:24:02 -07:00
moelsayed
90c426d73e Switch all concurrent tasks to use worker pool 2018-10-18 13:24:59 -07:00
galal-hussein
4fb01ab69e Fix scaling problems with cluster state deployer 2018-10-18 10:34:32 -07:00
Sebastiaan van Steenis
22a339ea33 Update to Golang 1.11 2018-10-18 09:27:46 -07:00
Sebastiaan van Steenis
a161d30f78 Added info in log messages, more consistency in log messages 2018-10-18 09:27:13 -07:00
galal-hussein
c2071495ac use errgroup for tunneling hosts 2018-10-18 09:26:30 -07:00
moelsayed
24a8465941 Fix flannel issue with k8s 1.12 2018-10-18 09:26:17 -07:00
galal-hussein
cf76401978 Change the etcd member add steps 2018-10-18 09:25:59 -07:00
moelsayed
9c85b5b451 Refactor taints and labels sync to improve performance 2018-10-18 09:25:27 -07:00
moelsayed
22dc19205f Handle upgrade from metrics server 0.2.x to 0.3.x 2018-10-04 14:48:00 -07:00
moelsayed
496d1a46a5 Allow replacing a single contorl node 2018-10-04 13:14:28 -07:00
Sebastiaan van Steenis
12559a21c7 Use clusterversion to check supported Docker versions 2018-10-04 11:31:35 -07:00
moelsayed
d4759bcc4f Remove ServiceOption if empty 2018-10-02 12:58:21 -07:00
galal-hussein
ce62c898bb Handle deleting all controlplane nodes when nodes are unreachable 2018-09-26 17:03:53 -07:00
galal-hussein
2bd4577b19 Add default heartbeat and election timeout to etcd 
Reload the etcd cluster in the right order
 2018-09-25 18:24:52 -07:00
galal-hussein
95ba4ea61f Fix cluster state network port check issue 2018-09-20 10:26:25 -07:00
galal-hussein
925df98ea6 Save state to the nodes backup path 2018-09-14 18:30:40 -07:00