rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-08-01 23:33:39 +00:00
Code Issues Releases Wiki Activity
2,191 Commits 44 Branches 748 Tags 740 MiB
ebde95b72a
Commit Graph

672 Commits

Author SHA1 Message Date
Jiaqi Luo
9f5ecdb801 1. enable cri-dockerd when the cluster version >= 1.24 AND the option enable_cri_dockerd is not configured; 2. drop the flag --address when the cluster version >= 1.24 in the DinD case 2022-06-28 17:22:47 -07:00
Jake Hyde
8aa6283dcd
Added retry for snapshot and s3 upload, verify etcd running on host (#2952) 
Added retry for snapshot and s3 upload, verify etcd running on host

Added option to quiet noisy container logs
 2022-06-23 18:30:58 -04:00
Rayan Das
2229ca6256 add logic which will reapply user addons after cluster upgrade 2022-06-13 11:22:28 +05:30
Harrison
b42ebdc402
Merge pull request #2908 from HarrisonWAffel/extra-args-array-field 
Add fields `ExtraArgsArray` and `WindowsExtraArgsArray`
 2022-05-20 10:15:46 -04:00
Kinara Shah
2f85cf19fc Revert "added logic which will reapply user addons after cluster upgrade" 
This reverts commit 3840eb5e5a.
 2022-04-27 22:38:13 +05:30
Kinara Shah
87ec65644a Revert "fix error handling" 
This reverts commit c8a73fd90d.
 2022-04-27 22:38:02 +05:30
Harrison Affel
fbac9aa8f9 add fields ExtraArgsArray and WindowsExtraArgsArray 2022-04-22 10:09:38 -04:00
Rayan Das
c8a73fd90d fix error handling 2022-04-19 20:37:34 +05:30
Rayan Das
3840eb5e5a added logic which will reapply user addons after cluster upgrade 2022-04-08 18:25:38 +05:30
Kinara Shah
ddcd9cd2c0 fix auth kubeconfig not passed to kube-scheduler args 2022-03-15 11:05:36 -07:00
Kinara Shah
f7b293b7ae update scheduler healthcheck port for k8s 1.23 2022-03-03 10:25:05 -08:00
Kinara Shah
eb8b278bcd delete hostname-override for aws cloud provider 
aws cloud provider assigns private dns as the node name,
don't override it since it cannot be changed.
 2022-01-10 09:35:26 -08:00
Sebastiaan van Steenis
6833df8631 Set 'watch-ingress-without-class: true' as default 2021-12-10 20:12:30 +01:00
Kinara Shah
5ac34a1f41 pass authorization-kubeconfig and authentication-kubeconfig for 1.22 
controller manager must start with proper authorization and
authentication kubeconfig in args starting 1.22. k8s 1.22 has
disabled insecure serving for kube controller manager.
 2021-12-03 17:19:47 -08:00
Sebastiaan van Steenis
0cea67e9ff Do not rewrite SELinux labels on volume mounts 2021-11-19 22:39:56 +01:00
Raúl Sánchez
1ae89e56c3
Merge pull request #2701 from rawmind0/encryption13 
Update cluster.parseCustomConfig function to proper decode custom EncryptionConfiguration
 2021-11-11 22:40:56 +01:00
Sebastiaan van Steenis
69dbe30b46
Merge pull request #2729 from superseb/v13_v122 
[release/v1.3] Add compatibility with k8s v1.22
 2021-11-11 17:55:35 +01:00
Kinara Shah
594296bb10 update etcd client to use both v3 and v2 
v3 for >=1.22, v2 otherwise
 2021-11-08 09:50:17 -08:00
Sebastiaan van Steenis
546a61b24a Add compatibility with k8s v1.22 2021-11-04 16:50:58 +01:00
rawmind0
0404dba56d Update cluster.parseCustomConfig function to proper decode custom EncryptionConfiguration 2021-09-21 23:33:20 +02:00
Gaurav Mehta
a618da802b Changed Credential Helper to a predefined type ECRCredentialHelper and associated changes for the same 2021-08-19 15:21:10 -07:00
rawmind0
12c1a8b260 Updated nginx ingress addon to remove admission batch jobs if they exist 2021-08-16 14:29:00 +02:00
Sebastiaan van Steenis
8c7d8d8570
Merge pull request #2624 from rancher/revert-2541-no_selinux_relabel 
Revert "Do not rewrite SELinux labels on volume mounts"
 2021-08-02 18:19:42 +02:00
Sebastiaan van Steenis
0f9d7911b1 Set ingress to hostport in k8s 1.21 and up 2021-07-30 20:15:07 +02:00
Sebastiaan van Steenis
51a6b50a84
Revert "Do not rewrite SELinux labels on volume mounts" 2021-07-29 08:59:54 +02:00
Sebastiaan van Steenis
22b82828ff
Merge pull request #2599 from superseb/ingress_webhook 
Validate Ingress Webhook and pass to template
 2021-07-06 22:53:46 +02:00
Sebastiaan van Steenis
963f59b009
Merge pull request #2262 from ibrokethecloud/ecr-helper 
ecr credential plugin
 2021-07-06 22:35:03 +02:00
Sebastiaan van Steenis
0650395889
Merge pull request #2596 from chaudhryfaisal/CustomCertsEncryptionConfig 
set EncryptionConfig on DesiredState when using CustomCerts
 2021-07-06 22:27:29 +02:00
Sebastiaan van Steenis
97c4b102ce Validate Ingress Webhook and pass to template 2021-07-06 12:11:59 +02:00
Gaurav Mehta
723dd7c670 Initial commit for adding ecr credential plugin 2021-07-05 10:16:44 +10:00
Faisal Chaudhry
441d06df32 set EncryptionConfig on DesiredState when using CustomCerts 2021-07-02 10:01:32 -04:00
Sebastiaan van Steenis
c5efcaeb0c Make it possible to configure dualstack 2021-07-01 19:02:46 +02:00
Sebastiaan van Steenis
a4bebdb8bb Add support for enabling cri-dockerd 2021-06-08 19:05:54 +02:00
Sebastiaan van Steenis
ff49352399
Merge pull request #2564 from superseb/golangcilint_v0401 
Use golangci-lint v1.40.1
 2021-06-08 18:28:53 +02:00
Sebastiaan van Steenis
a58605612e
Merge pull request #2520 from pmorillon/unset_proxy_env_vars_when_using_bastion 
Unset proxy env vars when using bastion
 2021-06-07 14:55:43 +02:00
Sebastiaan van Steenis
9c711e669c Use golangci-lint v0.40.1 2021-06-06 14:20:54 +02:00
Pascal Morillon
8b9385040f Unset proxy env vars when ssh bastion is configured with option ignore_proxy_env_vars 2021-05-31 16:49:01 +02:00
Sebastiaan van Steenis
ca8cc62303
Merge pull request #2541 from superseb/no_selinux_relabel 
Do not rewrite SELinux labels on volume mounts
 2021-05-31 15:06:19 +02:00
Sebastiaan van Steenis
88a4d73e79
Merge pull request #1372 from zhaofengli/mixed-arch-etcd-cluster 
Use the node's architecture to build etcd process
 2021-05-31 10:44:31 +02:00
Kinara Shah
bb0d38e303
Merge pull request #2536 from kinarashah/defaultbackend 
set ingress default backend to false for k8s 1.21+
 2021-05-21 09:57:17 -07:00
Sebastiaan van Steenis
04b71a9fd9
Merge pull request #2537 from superseb/etcdsave_statefile 
Dont deploy statefile if its not readable
 2021-05-21 11:06:48 +02:00
Sebastiaan van Steenis
9757be753f Do not rewrite SELinux labels on volume mounts 2021-05-18 22:22:40 +02:00
Sebastiaan van Steenis
738bda5fb6 Dont deploy statefile if its not readable 2021-05-18 07:24:57 +02:00
Kinara Shah
b2a9ebee75 set ingress default backend to false for k8s 1.21+ 2021-05-14 16:58:25 -07:00
Dan Ramich
d07658cf9b Encryption update 2021-05-14 10:11:17 -06:00
Sebastiaan van Steenis
b9a126c067
Merge pull request #2504 from superseb/etcd_v3415_ciphers 
Add stricter TLS cipher for etcd v3.4.15 and up
 2021-04-06 21:40:05 +02:00
Sebastiaan van Steenis
56b1c16e9f Add stricter TLS cipher for etcd v3.4.15 and up 2021-04-05 13:21:55 +02:00
Sebastiaan van Steenis
05e002bc08 Write kubeconfig/state with stricter permission 2021-03-07 12:41:31 +01:00
Steven Crespo
68453acb6e Add priority class name to addons 2021-02-06 16:46:39 -08:00
Kinara Shah
8c0a4d7f31
Merge pull request #2376 from superseb/add_auditlog_checksum 
Add auditlog checksum to trigger restart on update
 2021-01-27 15:00:35 -08:00
Sebastiaan van Steenis
5e50b51b13 Add auditlog checksum to trigger restart on update 2021-01-27 10:32:57 +01:00
rawmind0
1880404fc3 Added etcd snapshot timeout parameter 2021-01-22 18:35:13 +01:00
Sebastiaan van Steenis
e395badf82
Merge pull request #2412 from superseb/critical_addons 
Mark all default addons as critical
 2021-01-19 15:49:35 +01:00
Sebastiaan van Steenis
49a794c2de Mark all default addons as critical 2021-01-13 14:29:59 +01:00
Sebastiaan van Steenis
a68a64c0ce Add util command 2021-01-08 18:06:21 +01:00
Ryan Sanna
c14c39f8c5 reduce rewrite workers, add additional logging around secrets retrieval 2020-12-22 12:40:17 -07:00
Ryan Sanna
49e158a974
Revert "Revert "Encryption Key Rotation Changes"" 2020-12-14 11:51:46 -07:00
Ryan Sanna
92573270c7
Revert "Encryption Key Rotation Changes" 2020-12-09 13:49:27 -07:00
Ryan Sanna
e42ff49fec key rotation as part of ClusterUp, more robust secrets rewrite, improved logging 2020-12-08 12:00:32 -07:00
Nick Gerace
da6d9dcf9e Set default http backend to be optional 
Set default http backend to be optional for ingress nginx. It will be
enabled by default.
 2020-12-03 14:53:51 -05:00
Sebastiaan van Steenis
99af2bdf95
Merge pull request #2355 from superseb/add_tolerations 
Add tolerations option to addons
 2020-12-03 19:20:54 +01:00
Sebastiaan van Steenis
a1eaee0312
Merge pull request #2322 from superseb/retry_tcpportcheck 
Add retry to TCP port check
 2020-12-02 21:39:31 +01:00
Sebastiaan van Steenis
4e31add8fe Add tolerations option to addons 2020-11-26 17:29:46 +01:00
Kiran Shastri
4f062997bb Introduce ACI CNI network provider 
ACI CNI supports k8s versions 1.18+
Added template and arguments for ACI CNI
Disable cloud options for ACI.
Separate generated code into another commit

Signed-off-by: Kiran Shastri <shastrinator@gmail.com>
(cherry picked from commit e94c54005e)
 2020-11-17 15:29:03 -05:00
Sebastiaan van Steenis
a252645797 Add retry to TCP port check 2020-11-09 18:35:58 +01:00
Jacob Payne
04ea70ee3b updated NodeUpgradeStrategy.Drain to use pointer 2020-10-26 09:59:49 -07:00
kinarashah
8c3c618b63 set default ingress network mode for both rancher and rke 
Problem:
Setting defaults for ingress in parse logic works only for
rke standalone but not when rancher calls rke using ClusterUp.

Solution:
Setting them during the cluster defaults logic
 2020-10-24 13:09:38 +02:00
Sebastiaan van Steenis
16f3089220
Merge pull request #1911 from ibrokethecloud/master 
Allow addons.go to parse http and https ports for ingress controller
 2020-10-22 20:54:09 +02:00
Gaurav Mehta
5a63de09bc Updated cluster/addons.go to allow it to parse and send new http_port and https_ports to the ingress template 
Fixed up yaml import package

Updated rke ingress addon to support a new field hostNetwork. Users can use this now to run ingress controller on overlay network only

Ported additional ingress types changes into types/rke_types

Fixed linting errors related to variable names in addons.go and rke_types

Changed types for hostNetwork and http/https ports

Added validation to check http/https ports are different

Changed rke_types for additional spec in ingressConfig. Changed validation and default logic accordingly
 2020-10-21 19:00:04 +11:00
Sebastiaan van Steenis
422dfff0fd Check etcd cluster health after member delete 2020-09-29 13:53:45 +02:00
Sebastiaan van Steenis
b3ca1f8327 Don't advertise etcd port 4001 in v3.4.13 and up 2020-09-23 09:27:51 -07:00
Darren Shepherd
abf63e4a08 Fix panic when IgnoreDockerVersion is nil 2020-09-18 10:17:44 -07:00
Sebastiaan van Steenis
12b4dcaf59 Remove statefile for dind remove 2020-09-08 21:33:06 -07:00
Chris Kim
526ac7b065 Add CanalControllers to the systemImagesDefaultsMap 
Signed-off-by: Chris Kim <oats87g@gmail.com>
 2020-09-08 16:17:30 -07:00
Chris Kim
0522b664ac Add CanalControllers to support Canal v3.14.0+ 
Signed-off-by: Chris Kim <oats87g@gmail.com>
 2020-09-04 17:49:39 -07:00
Vincent Batts
d77ee0d53f
cluster/plan: don't relabel /lib/modules by default 
As this logic went, it would relabel /lib/modules, except on enterprise
linux and when SELinux is enabled (even just permisive).

Flatcar Container Linux defaults to SELinux on, but permisive, and
`/lib/modules/` is a symlink to the read-only `/usr`.
So `./rke up` would fail on attempting to relabel /usr.

The prior work around is to set `SELINUX=disable` in
/etc/selinux/config.

Signed-off-by: Vincent Batts <vbatts@kinvolk.io>
 2020-08-21 16:17:00 -04:00
Luther Monson
de19c42611 added windows path cleaner 2020-08-20 13:41:18 -07:00
Luther Monson
23d2341172 updates for prefix path 2020-08-20 13:40:21 -07:00
Luther Monson
7d6181a290 add win_ params for prefix path, env, args and binds 
Problem: When building a hybrid cluster with windows nodes there is only
a single set of overrides you can use per service. This limits
configuring the node as service args and prefix_path sometimes need to
be specific for the different OS.
Solution: Add support for `win_` prefixed parameters for cluster level
`path_prefix` and service level `extra_args`, `extra_env` and
`extra_binds`. Params will work as before, passing in the non `win_`
prefixed params, IF you set the `win_` prefixed params it willy only use
those meaning you will need to duplicate the params in both config
sections of your rke cluster yaml.
 2020-08-20 13:39:57 -07:00
Sebastiaan van Steenis
f251e3ca92 Change file copy method for state file 2020-08-14 18:42:37 +02:00
Sebastiaan van Steenis
6761a1a3e1 Add restore flag to use local state 2020-08-04 13:13:43 +02:00
Sebastiaan van Steenis
1883a4c3bf
Merge pull request #2152 from superseb/snapshot_include_state 
Able to include and extract state file in snapshot
 2020-07-24 20:24:28 +02:00
Sebastiaan van Steenis
9bca29befb Able to include and extract state file in snapshot 2020-07-21 11:09:37 +02:00
Darren Shepherd
c405e6ea1b Remove references to rancher/types 2020-07-11 23:29:33 -07:00
Sebastiaan van Steenis
80d7dcc6e9 Revert kubelet fix as Docker 19.03.9 has fix 2020-06-09 19:20:30 +02:00
rawmind0
8ff29b617f Updated api bool fields with default=true to *bool. Go files 2020-06-02 20:15:53 +02:00
aiyengar2
94e9c1a01c
Merge pull request #2079 from aiyengar2/revert_encryption_by_default 
Revert default encryption in k8s 1.18
 2020-05-29 16:30:23 -07:00
Sebastiaan van Steenis
e9819eb069
Merge pull request #2058 from superseb/upstreamdockerselinux 
Dont relabel volumes on upstream Docker & SELinux
 2020-05-29 15:57:39 +02:00
Arvind Iyengar
6e194ab1a6 Revert "Add support for k8s 1.18" 
This reverts commit 763a896380.
 2020-05-27 12:48:10 -07:00
Sebastiaan van Steenis
2b226dc314
Merge pull request #1990 from superseb/remove_user_addons 
Remove user addons when not present
 2020-05-19 22:56:22 +02:00
Sebastiaan van Steenis
0c063587ec Dont relabel volumes on upstream Docker & SELinux 2020-05-19 21:50:24 +02:00
Arvind Iyengar
763a896380 Add support for k8s 1.18 
This commit changes default settings for k8s 1.18 to have encryption at rest by default: https://github.com/rancherlabs/rancher-security/issues/412
 2020-05-12 14:13:11 -07:00
Sebastiaan van Steenis
d91e7efd2d Remove user addons when not present 2020-03-30 21:18:09 +02:00
Darren Shepherd
ecc629f2c3 Refactor to new client-go API in k8s 1.18 2020-03-27 10:55:19 -07:00
Kinara Shah
b9c2d893bc
Merge pull request #1987 from kinarashah/lgt 
log service options data in trace
 2020-03-27 10:15:08 -07:00
rajashree
00f6567714 Use v3 type for addons updateStrategy 2020-03-26 15:52:57 -07:00
kinarashah
ef34e40165 log service options data in trace 2020-03-26 10:03:41 -07:00
Sebastiaan van Steenis
4adf2c9b68
Merge pull request #1980 from superseb/re_try_logging 
Standardize (re-)try logging
 2020-03-23 13:30:37 +01:00
Sebastiaan van Steenis
5f46c748c0 Standardize (re-)try logging 2020-03-21 18:34:16 +01:00
rajashree
1ecf6effbf Reconcile workerplane for NotReady control hosts 2020-03-20 13:37:37 -07:00