diff --git a/apis/management.cattle.io/v3/k8s_defaults.go b/apis/management.cattle.io/v3/k8s_defaults.go index 5292928a..768f64b5 100644 --- a/apis/management.cattle.io/v3/k8s_defaults.go +++ b/apis/management.cattle.io/v3/k8s_defaults.go @@ -30,6 +30,7 @@ var ( // different k8s version tag "v1.12.7-rancher1-2", "v1.13.5-rancher1-2", + "v1.14.0-rancher1-1", } // K8sVersionToRKESystemImages is dynamically populated on init() with the latest versions @@ -37,10 +38,20 @@ var ( // K8sVersionServiceOptions - service options per k8s version K8sVersionServiceOptions = map[string]KubernetesServicesOptions{ + "v1.14": { + KubeAPI: map[string]string{ + "tls-cipher-suites": "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", + "enable-admission-plugins": "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota", + }, + Kubelet: map[string]string{ + "tls-cipher-suites": "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", + }, + }, "v1.13": { KubeAPI: map[string]string{ "tls-cipher-suites": "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", "enable-admission-plugins": "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota", + "repair-malformed-updates": "false", }, Kubelet: map[string]string{ "tls-cipher-suites": "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", @@ -50,6 +61,7 @@ var ( KubeAPI: map[string]string{ "tls-cipher-suites": "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", "enable-admission-plugins": "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota", + "repair-malformed-updates": "false", }, Kubelet: map[string]string{ "tls-cipher-suites": "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", @@ -59,6 +71,7 @@ var ( KubeAPI: map[string]string{ "tls-cipher-suites": "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", "enable-admission-plugins": "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota", + "repair-malformed-updates": "false", }, Kubelet: map[string]string{ "tls-cipher-suites": "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", @@ -70,6 +83,7 @@ var ( "tls-cipher-suites": "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", "endpoint-reconciler-type": "lease", "enable-admission-plugins": "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota", + "repair-malformed-updates": "false", }, Kubelet: map[string]string{ "tls-cipher-suites": "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", @@ -80,6 +94,7 @@ var ( KubeAPI: map[string]string{ "endpoint-reconciler-type": "lease", "admission-control": "ServiceAccount,NamespaceLifecycle,LimitRanger,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds", + "repair-malformed-updates": "false", }, Kubelet: map[string]string{ "cadvisor-port": "0", @@ -1068,6 +1083,34 @@ var ( CoreDNS: m("coredns/coredns:1.2.6"), CoreDNSAutoscaler: m("gcr.io/google_containers/cluster-proportional-autoscaler:1.0.0"), }, + "v1.14.0-rancher1-1": { + Etcd: m("quay.io/coreos/etcd:v3.3.10-rancher1"), + Kubernetes: m("rancher/hyperkube:v1.14.0-rancher1"), + Alpine: m("rancher/rke-tools:v0.1.28"), + NginxProxy: m("rancher/rke-tools:v0.1.28"), + CertDownloader: m("rancher/rke-tools:v0.1.28"), + KubernetesServicesSidecar: m("rancher/rke-tools:v0.1.28"), + KubeDNS: m("gcr.io/google_containers/k8s-dns-kube-dns:1.15.0"), + DNSmasq: m("gcr.io/google_containers/k8s-dns-dnsmasq-nanny:1.15.0"), + KubeDNSSidecar: m("gcr.io/google_containers/k8s-dns-sidecar:1.15.0"), + KubeDNSAutoscaler: m("gcr.io/google_containers/cluster-proportional-autoscaler:1.3.0"), + Flannel: m("quay.io/coreos/flannel:v0.10.0-rancher1"), + FlannelCNI: m("rancher/flannel-cni:v0.3.0-rancher1"), + CalicoNode: m("quay.io/calico/node:v3.4.0"), + CalicoCNI: m("quay.io/calico/cni:v3.4.0"), + CalicoCtl: m("quay.io/calico/ctl:v2.0.0"), + CanalNode: m("quay.io/calico/node:v3.4.0"), + CanalCNI: m("quay.io/calico/cni:v3.4.0"), + CanalFlannel: m("quay.io/coreos/flannel:v0.10.0"), + WeaveNode: m("weaveworks/weave-kube:2.5.0"), + WeaveCNI: m("weaveworks/weave-npc:2.5.0"), + PodInfraContainer: m("gcr.io/google_containers/pause:3.1"), + Ingress: m("rancher/nginx-ingress-controller:0.21.0-rancher3"), + IngressBackend: m("k8s.gcr.io/defaultbackend:1.5-rancher1"), + MetricsServer: m("gcr.io/google_containers/metrics-server:v0.3.1"), + CoreDNS: m("coredns/coredns:1.3.1"), + CoreDNSAutoscaler: m("gcr.io/google_containers/cluster-proportional-autoscaler:1.3.0"), + }, // k8s version from 2.1.x release with old rke-tools to allow upgrade from 2.1.x clusters // without all clusters being restarted "v1.12.5-rancher1-1": { diff --git a/apis/management.cattle.io/v3/k8s_windows_default.go b/apis/management.cattle.io/v3/k8s_windows_default.go index 3c8463d7..11d3473f 100644 --- a/apis/management.cattle.io/v3/k8s_windows_default.go +++ b/apis/management.cattle.io/v3/k8s_windows_default.go @@ -293,6 +293,14 @@ var ( CanalCNIBinaries: m("rancher/canal-cni:v0.0.1-nanoserver-1803"), KubeletPause: m("rancher/kubelet-pause:v0.0.1-nanoserver-1803"), }, + "v1.14.0-rancher1-1": { + NginxProxy: m("rancher/nginx-proxy:v0.0.1-nanoserver-1803"), + KubernetesBinaries: m("rancher/hyperkube:v1.14.0-nanoserver-1803"), + FlannelCNIBinaries: m("rancher/flannel-cni:v0.0.1-nanoserver-1803"), + CalicoCNIBinaries: m("rancher/calico-cni:v0.0.1-nanoserver-1803"), + CanalCNIBinaries: m("rancher/canal-cni:v0.0.1-nanoserver-1803"), + KubeletPause: m("rancher/kubelet-pause:v0.0.1-nanoserver-1803"), + }, } )