From ff3c106f770ff0d8585a34154e2612d4764dcb48 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Mon, 1 Jul 2024 22:56:48 +0000 Subject: [PATCH 01/10] Fix ClusterRoleBinding subject growth Fixed an issue where failing to include APIGroup on the subjects caused the reconcile helpers to think the subject needed to be re-added every time RKE2 starts up. Signed-off-by: Brad Davidson (cherry picked from commit af73b78bbb03ceb950ef73c0c3bb974b6da26488) Signed-off-by: Brad Davidson --- pkg/rke2/clusterrole.go | 35 +++++++++++++++++++++++++++++++ pkg/rke2/clusterrole_bootstrap.go | 4 ++-- 2 files changed, 37 insertions(+), 2 deletions(-) diff --git a/pkg/rke2/clusterrole.go b/pkg/rke2/clusterrole.go index 543fa28279..bc2bc110e2 100644 --- a/pkg/rke2/clusterrole.go +++ b/pkg/rke2/clusterrole.go @@ -2,11 +2,16 @@ package rke2 import ( "context" + "encoding/json" "sync" "github.com/k3s-io/k3s/pkg/cli/cmds" "github.com/sirupsen/logrus" + rbacv1 "k8s.io/api/rbac/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" genericapiserver "k8s.io/apiserver/pkg/server" + "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/clientcmd" rbacrest "k8s.io/kubernetes/pkg/registry/rbac/rest" ) @@ -21,6 +26,10 @@ func setClusterRoles() cmds.StartupHook { logrus.Info("Applying Cluster Role Bindings") config, err := clientcmd.BuildConfigFromFlags("", args.KubeConfigSupervisor) + if err != nil { + logrus.Fatalf("clusterrole: new k8s restConfig: %v", err) + } + client, err := kubernetes.NewForConfig(config) if err != nil { logrus.Fatalf("clusterrole: new k8s client: %v", err) } @@ -45,6 +54,32 @@ func setClusterRoles() cmds.StartupHook { logrus.Fatalf("clusterrole: EnsureRBACPolicy failed: %v", err) } + // Begin remediation for https://github.com/rancher/rke2/issues/6272 + // This can be removed after ~1 year of shipping releases not affected by this issue. + + // stub binding/clusterrolebinding for marshalling the patch json + type binding struct { + Subjects []rbacv1.Subject `json:"subjects"` + } + + // It is not critical if these fail, the excess subjects just need to be cleaned up eventually + for ns, rbs := range policy.RoleBindings { + for _, rb := range rbs { + b, _ := json.Marshal(binding{Subjects: rb.Subjects}) + if _, err := client.RbacV1().RoleBindings(ns).Patch(ctx, rb.Name, types.MergePatchType, b, metav1.PatchOptions{}); err != nil { + logrus.Debugf("Failed to patch RoleBinding %s/%s subjects: %v", ns, rb.Name, err) + } + } + } + for _, crb := range policy.ClusterRoleBindings { + b, _ := json.Marshal(binding{Subjects: crb.Subjects}) + if _, err := client.RbacV1().ClusterRoleBindings().Patch(ctx, crb.Name, types.MergePatchType, b, metav1.PatchOptions{}); err != nil { + logrus.Debugf("Failed to patch ClusterRoleBinding %s subjects: %v", crb.Name, err) + } + } + + // End remediation for https://github.com/rancher/rke2/issues/6272 + logrus.Info("Cluster Role Bindings applied successfully") }() return nil diff --git a/pkg/rke2/clusterrole_bootstrap.go b/pkg/rke2/clusterrole_bootstrap.go index b023536283..5268789a3f 100644 --- a/pkg/rke2/clusterrole_bootstrap.go +++ b/pkg/rke2/clusterrole_bootstrap.go @@ -102,7 +102,7 @@ func roleBindings() map[string][]rbacv1.RoleBinding { // For some reason the core helpers don't have any methods for adding namespaced users, only namespaced service accounts. func RoleBindingNamespacedUsers(r *rbacv1helpers.RoleBindingBuilder, namespace string, users ...string) *rbacv1helpers.RoleBindingBuilder { for _, user := range users { - r.RoleBinding.Subjects = append(r.RoleBinding.Subjects, rbacv1.Subject{Kind: rbacv1.UserKind, Namespace: namespace, Name: user}) + r.RoleBinding.Subjects = append(r.RoleBinding.Subjects, rbacv1.Subject{APIGroup: rbacv1.GroupName, Kind: rbacv1.UserKind, Namespace: namespace, Name: user}) } return r } @@ -119,7 +119,7 @@ func RoleBindingName(r *rbacv1helpers.RoleBindingBuilder, name string) *rbacv1he // For some reason the core helpers don't have any methods for adding namespaced users, only namespaced service accounts. func ClusterRoleBindingNamespacedUsers(r *rbacv1helpers.ClusterRoleBindingBuilder, namespace string, users ...string) *rbacv1helpers.ClusterRoleBindingBuilder { for _, user := range users { - r.ClusterRoleBinding.Subjects = append(r.ClusterRoleBinding.Subjects, rbacv1.Subject{Kind: rbacv1.UserKind, Namespace: namespace, Name: user}) + r.ClusterRoleBinding.Subjects = append(r.ClusterRoleBinding.Subjects, rbacv1.Subject{APIGroup: rbacv1.GroupName, Kind: rbacv1.UserKind, Namespace: namespace, Name: user}) } return r } From c2c5ce5f3b2095f6d0d7db7de88162a260ceccc2 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Tue, 2 Jul 2024 18:57:36 +0000 Subject: [PATCH 02/10] Fix agent logs dir default permissions Signed-off-by: Brad Davidson (cherry picked from commit 8121a5eec6e7a285dfbecda519177d2e8212d692) Signed-off-by: Brad Davidson --- pkg/cli/defaults/defaults.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/cli/defaults/defaults.go b/pkg/cli/defaults/defaults.go index 8b55d23abb..3a5dfbfdc9 100644 --- a/pkg/cli/defaults/defaults.go +++ b/pkg/cli/defaults/defaults.go @@ -17,7 +17,7 @@ func Set(_ *cli.Context, dataDir string) error { } logsDir := filepath.Join(dataDir, "agent", "logs") - if err := os.MkdirAll(logsDir, 0755); err != nil { + if err := os.MkdirAll(logsDir, 0750); err != nil { return errors.Wrapf(err, "failed to create directory %s", logsDir) } From 3e0bef35bcd06cdd9d6d89ef5af127c25a30d1f2 Mon Sep 17 00:00:00 2001 From: Jake Hyde Date: Tue, 9 Jul 2024 17:14:16 -0400 Subject: [PATCH 03/10] Add data-dir to uninstall and killall scripts Signed-off-by: Jake Hyde (cherry picked from commit aa33fa4fac1225bcfc10ae8d5b5a8bec7b73c5ed) Signed-off-by: Brad Davidson --- bundle/bin/rke2-killall.sh | 22 ++++++++++++---------- bundle/bin/rke2-uninstall.ps1 | 6 +++--- bundle/bin/rke2-uninstall.sh | 4 +++- 3 files changed, 18 insertions(+), 14 deletions(-) diff --git a/bundle/bin/rke2-killall.sh b/bundle/bin/rke2-killall.sh index 1099ad90d7..371849482a 100755 --- a/bundle/bin/rke2-killall.sh +++ b/bundle/bin/rke2-killall.sh @@ -50,7 +50,9 @@ do_unmount_and_remove() { fi } -export PATH=$PATH:/var/lib/rancher/rke2/bin +RKE2_DATA_DIR=${RKE2_DATA_DIR:-/var/lib/rancher/rke2} + +export PATH=$PATH:${RKE2_DATA_DIR}/bin set -x @@ -60,7 +62,7 @@ systemctl stop rke2-agent.service || true killtree $({ set +x; } 2>/dev/null; getshims; set -x) do_unmount_and_remove '/run/k3s' -do_unmount_and_remove '/var/lib/rancher/rke2' +do_unmount_and_remove "${RKE2_DATA_DIR}" do_unmount_and_remove '/var/lib/kubelet/pods' do_unmount_and_remove '/run/netns/cni-' @@ -95,14 +97,14 @@ fi rm -rf /var/lib/cni/ /var/log/pods/ /var/log/containers # Remove pod-manifests files for rke2 components -POD_MANIFESTS_DIR=/var/lib/rancher/rke2/agent/pod-manifests - -rm -f ${POD_MANIFESTS_DIR}/etcd.yaml \ - ${POD_MANIFESTS_DIR}/kube-apiserver.yaml \ - ${POD_MANIFESTS_DIR}/kube-controller-manager.yaml \ - ${POD_MANIFESTS_DIR}/cloud-controller-manager.yaml\ - ${POD_MANIFESTS_DIR}/kube-scheduler.yaml \ - ${POD_MANIFESTS_DIR}/kube-proxy.yaml +POD_MANIFESTS_DIR=${RKE2_DATA_DIR}/agent/pod-manifests + +rm -f "${POD_MANIFESTS_DIR}/etcd.yaml" \ + "${POD_MANIFESTS_DIR}/kube-apiserver.yaml" \ + "${POD_MANIFESTS_DIR}/kube-controller-manager.yaml" \ + "${POD_MANIFESTS_DIR}/cloud-controller-manager.yaml" \ + "${POD_MANIFESTS_DIR}/kube-scheduler.yaml" \ + "${POD_MANIFESTS_DIR}/kube-proxy.yaml" # Delete iptables created by CNI plugins or Kubernetes (kube-proxy) iptables-save | grep -v KUBE- | grep -v CNI- | grep -v cali- | grep -v cali: | grep -v CILIUM_ | grep -v flannel | iptables-restore diff --git a/bundle/bin/rke2-uninstall.ps1 b/bundle/bin/rke2-uninstall.ps1 index 7a7d9068b7..262f781747 100644 --- a/bundle/bin/rke2-uninstall.ps1 +++ b/bundle/bin/rke2-uninstall.ps1 @@ -18,7 +18,7 @@ $WarningPreference = 'SilentlyContinue' $VerbosePreference = 'SilentlyContinue' $DebugPreference = 'SilentlyContinue' $InformationPreference = 'SilentlyContinue' - +$RKE2_DATA_DIR = if ($env:RKE2_DATA_DIR) { $env:RKE2_DATA_DIR } else { "c:/var/lib/rancher/rke2" }; Set-StrictMode -Version Latest function Test-Command($cmdname) { @@ -322,7 +322,7 @@ function Remove-Containerd () { # if there are still namespaces and timeout was reached } elseif ($namespaces -and (Get-Date) -ge $endTime) { Write-Output "Warning! Not all resources in containerd namespace $ns were able to be removed. " ` - "The uninstallation script might not be able to remove all files under /var/lib/rancher/rke2" + "The uninstallation script might not be able to remove all files under $RKE2_DATA_DIR" break # if there are no namespaces } elseif (-not $namespaces) { @@ -421,7 +421,7 @@ function Create-Lockfile() { } function Invoke-Rke2Uninstall () { - $env:PATH += ";$env:CATTLE_AGENT_BIN_PREFIX/bin/;c:\var\lib\rancher\rke2\bin" + $env:PATH += ";$env:CATTLE_AGENT_BIN_PREFIX/bin/;$RKE2_DATA_DIR/bin" Remove-Containerd Stop-Processes Invoke-CleanServices diff --git a/bundle/bin/rke2-uninstall.sh b/bundle/bin/rke2-uninstall.sh index e83228ee98..b8cb05d788 100755 --- a/bundle/bin/rke2-uninstall.sh +++ b/bundle/bin/rke2-uninstall.sh @@ -18,6 +18,8 @@ check_target_ro() { test $? -ne 0 } +RKE2_DATA_DIR=${RKE2_DATA_DIR:-/var/lib/rancher/rke2} + . /etc/os-release if [ -r /etc/redhat-release ] || [ -r /etc/centos-release ] || [ -r /etc/oracle-release ] || [ -r /etc/amazon-linux-release ]; then # If redhat/oracle family os is detected, double check whether installation mode is yum or tar. @@ -97,7 +99,7 @@ uninstall_remove_files() rm -rf /etc/cni rm -rf /opt/cni/bin rm -rf /var/lib/kubelet || true - rm -rf /var/lib/rancher/rke2 + rm -rf "${RKE2_DATA_DIR}" rm -d /var/lib/rancher || true if type fapolicyd >/dev/null 2>&1; then From deb96478a42f581d6b79434e0f51ec254b4404cc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Jun 2024 22:15:55 +0000 Subject: [PATCH 04/10] Bump github.com/hashicorp/go-retryablehttp from 0.7.4 to 0.7.7 Bumps [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp) from 0.7.4 to 0.7.7. - [Changelog](https://github.com/hashicorp/go-retryablehttp/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/go-retryablehttp/compare/v0.7.4...v0.7.7) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-retryablehttp dependency-type: indirect ... Signed-off-by: dependabot[bot] (cherry picked from commit d3abda1f3051c5e0c1225f812fdb3750d5aced2b) Signed-off-by: Brad Davidson --- go.mod | 4 ++-- go.sum | 9 ++++++--- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index fa2b7d2d95..687d57be37 100644 --- a/go.mod +++ b/go.mod @@ -95,7 +95,7 @@ require ( github.com/tigera/operator v1.28.1 github.com/urfave/cli v1.22.14 golang.org/x/sync v0.7.0 - golang.org/x/sys v0.19.0 + golang.org/x/sys v0.20.0 google.golang.org/grpc v1.63.2 k8s.io/api v0.30.2 k8s.io/apimachinery v0.30.2 @@ -222,7 +222,7 @@ require ( github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect - github.com/hashicorp/go-retryablehttp v0.7.4 // indirect + github.com/hashicorp/go-retryablehttp v0.7.7 // indirect github.com/hashicorp/go-version v1.6.0 // indirect github.com/hashicorp/golang-lru v0.5.4 // indirect github.com/hashicorp/golang-lru/arc/v2 v2.0.5 // indirect diff --git a/go.sum b/go.sum index 7bbc69bed1..d2e955dbda 100644 --- a/go.sum +++ b/go.sum @@ -627,8 +627,9 @@ github.com/evanphx/json-patch/v5 v5.2.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2Vvl github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.12.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM= -github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs= github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw= +github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= +github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= @@ -963,8 +964,9 @@ github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9n github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI= github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= -github.com/hashicorp/go-hclog v0.12.0 h1:d4QkX8FRTYaKaCZBoXYY8zJX2BXjWxurN/GA2tkrmZM= github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= +github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= +github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-kms-wrapping/entropy v0.1.0/go.mod h1:d1g9WGtAunDNpek8jUIEJnBlbgKS1N2Q61QkHiZyR1g= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= @@ -976,8 +978,9 @@ github.com/hashicorp/go-plugin v1.0.1/go.mod h1:++UyYGoz3o5w9ZzAdZxtQKrWWP+iqPBn github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= github.com/hashicorp/go-retryablehttp v0.6.4/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= -github.com/hashicorp/go-retryablehttp v0.7.4 h1:ZQgVdpTdAL7WpMIwLzCfbalOcSUdkDZnpUv3/+BxzFA= github.com/hashicorp/go-retryablehttp v0.7.4/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= +github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= +github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= From 98c784cf85d278f9c439d1cab556581b099fdef9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 May 2024 11:44:05 +0000 Subject: [PATCH 05/10] Bump alpine from 3.19 to 3.20 Bumps alpine from 3.19 to 3.20. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] (cherry picked from commit 6229777ba04d880db6e5a55b3512299ee7314afb) Signed-off-by: Brad Davidson --- Dockerfile.windows | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.windows b/Dockerfile.windows index 1aee19713c..822e2363a2 100644 --- a/Dockerfile.windows +++ b/Dockerfile.windows @@ -1,4 +1,4 @@ -FROM alpine:3.19 AS build +FROM alpine:3.20 AS build RUN apk --no-cache add \ curl \ From 304fd695bfe90626e8ec992baff91cb06abb78e7 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Tue, 21 May 2024 20:48:35 +0000 Subject: [PATCH 06/10] Add alternative ingress controller support ADR Signed-off-by: Brad Davidson (cherry picked from commit 6309945755c26d7eab74b558c87ade2e71763da0) Signed-off-by: Brad Davidson --- docs/adrs/008-traefik-ingress.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 docs/adrs/008-traefik-ingress.md diff --git a/docs/adrs/008-traefik-ingress.md b/docs/adrs/008-traefik-ingress.md new file mode 100644 index 0000000000..2f128b02c5 --- /dev/null +++ b/docs/adrs/008-traefik-ingress.md @@ -0,0 +1,29 @@ +# Support for Alternative Ingress Controllers + +Date: 2024-05-21 + +## Status + +Accepted + +## Context + +RKE2 currently supports only a single ingress controller, ingress-nginx. +It has been requested RKE2 support alternative ingress controllers, similar to how RKE2 supports multiple CNIs. + +## Decision + +* A new --ingress-controller flag will be added; the default will be only `ingress-nginx` to preserve current behavior. +* All selected ingress controllers will be deployed to the cluster. +* The first selected ingress controller will be set as the default, via the `ingressclass.kubernetes.io/is-default-class` annotation + on the IngressClass resource. +* Any packaged ingress controllers not listed in the flag value will be disabled, similar to how inactive packaged CNIs are handled. +* RKE2 will package Traefik's HelmChart as a supported ingress controller, deploying as a Daemonset + ClusterIP Service + for parity with the `ingress-nginx` default configuration due to RKE2's lack of a default LoadBalancer controller. +* RKE2 will use mirrored upstream Traefik images; custom-rebuilt hardened-traefik images will not be provided or supported. + +## Consequences + +* We will add an additional packaged component and CLI flag for ingress controller selection. +* We will need to track updates to Traefik and the Traefik chart. +* QA will need additional resources to test the new ingress controllers. From 33fb936a3427f1018a6e08b98eabfa2a03442713 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Wed, 22 May 2024 00:48:19 +0000 Subject: [PATCH 07/10] Add CLI flag for ingress controllers * Add new --ingress-controller CLI flag * Refactor --ingress-controller and --cni flags to use common helper for disabling all unused charts * Wire first ingress controller name into global.systemDefaultIngressClass chart variable Signed-off-by: Brad Davidson (cherry picked from commit 76d4fb3bf430e6cee4435b02b20020907c27e2c3) Signed-off-by: Brad Davidson --- pkg/bootstrap/bootstrap.go | 7 +- pkg/cli/cmds/server.go | 125 ++++++++++++++++++++----------- pkg/pebinaryexecutor/pebinary.go | 15 ++-- pkg/podexecutor/staticpod.go | 26 +++---- pkg/rke2/rke2.go | 27 ++++++- pkg/rke2/rke2_linux.go | 6 ++ pkg/rke2/rke2_windows.go | 28 ++++--- 7 files changed, 154 insertions(+), 80 deletions(-) diff --git a/pkg/bootstrap/bootstrap.go b/pkg/bootstrap/bootstrap.go index c0e3bce280..dfc4db3d24 100644 --- a/pkg/bootstrap/bootstrap.go +++ b/pkg/bootstrap/bootstrap.go @@ -162,7 +162,7 @@ func Stage(resolver *images.Resolver, nodeConfig *daemonconfig.Node, cfg cmds.Ag // UpdateManifests copies the staged manifests into the server's manifests dir, and applies // cluster configuration values to any HelmChart manifests found in the manifests directory. -func UpdateManifests(resolver *images.Resolver, nodeConfig *daemonconfig.Node, cfg cmds.Agent) error { +func UpdateManifests(resolver *images.Resolver, ingressController string, nodeConfig *daemonconfig.Node, cfg cmds.Agent) error { ref, err := resolver.GetReference(images.Runtime) if err != nil { return err @@ -189,7 +189,7 @@ func UpdateManifests(resolver *images.Resolver, nodeConfig *daemonconfig.Node, c // Fix up HelmCharts to pass through configured values. // This needs to be done every time in order to sync values from the CLI - if err := setChartValues(manifestsDir, nodeConfig, cfg); err != nil { + if err := setChartValues(manifestsDir, ingressController, nodeConfig, cfg); err != nil { return errors.Wrap(err, "failed to rewrite HelmChart manifests to pass through CLI values") } return nil @@ -309,7 +309,7 @@ func copyFile(target, source string) error { // pass through settings to both the Helm job and the chart values. // NOTE: This will probably fail if any manifest contains multiple documents. This should // not matter for any of our packaged components, but may prevent this from working on user manifests. -func setChartValues(manifestsDir string, nodeConfig *daemonconfig.Node, cfg cmds.Agent) error { +func setChartValues(manifestsDir, ingressController string, nodeConfig *daemonconfig.Node, cfg cmds.Agent) error { chartValues := map[string]string{ "global.clusterCIDR": util.JoinIPNets(nodeConfig.AgentConfig.ClusterCIDRs), "global.clusterCIDRv4": util.JoinIP4Nets(nodeConfig.AgentConfig.ClusterCIDRs), @@ -318,6 +318,7 @@ func setChartValues(manifestsDir string, nodeConfig *daemonconfig.Node, cfg cmds "global.clusterDomain": nodeConfig.AgentConfig.ClusterDomain, "global.rke2DataDir": cfg.DataDir, "global.serviceCIDR": util.JoinIPNets(nodeConfig.AgentConfig.ServiceCIDRs), + "global.systemDefaultIngressClass": ingressController, "global.systemDefaultRegistry": nodeConfig.AgentConfig.SystemDefaultRegistry, "global.cattle.systemDefaultRegistry": nodeConfig.AgentConfig.SystemDefaultRegistry, } diff --git a/pkg/cli/cmds/server.go b/pkg/cli/cmds/server.go index c63a40ff8c..e184e46c67 100644 --- a/pkg/cli/cmds/server.go +++ b/pkg/cli/cmds/server.go @@ -1,6 +1,7 @@ package cmds import ( + "errors" "strings" "github.com/k3s-io/k3s/pkg/cli/cmds" @@ -9,6 +10,7 @@ import ( "github.com/rancher/wrangler/v3/pkg/slice" "github.com/sirupsen/logrus" "github.com/urfave/cli" + "k8s.io/apimachinery/pkg/util/sets" ) const ( @@ -16,22 +18,12 @@ const ( ) var ( - DisableItems = []string{"rke2-coredns", "rke2-ingress-nginx", "rke2-metrics-server"} - CNIItems = []string{"calico", "canal", "cilium", "flannel"} - config = rke2.Config{} serverFlag = []cli.Flag{ - &cli.StringSliceFlag{ - Name: "cni", - Usage: "(networking) CNI Plugins to deploy, one of none, " + strings.Join(CNIItems, ", ") + "; optionally with multus as the first value to enable the multus meta-plugin (default: canal)", - EnvVar: "RKE2_CNI", - }, - &cli.BoolFlag{ - Name: "enable-servicelb", - Usage: "(components) Enable rke2 default cloud controller manager's service controller", - EnvVar: "RKE2_ENABLE_SERVICELB", - }, + rke2.CNIFlag, + rke2.IngressControllerFlag, + rke2.ServiceLBFlag, } k3sServerBase = mustCmdFromK3S(cmds.NewServerCommand(ServerRun), K3SFlagSet{ @@ -81,7 +73,7 @@ var ( "kine-tls": dropFlag, "default-local-storage-path": dropFlag, "disable": { - Usage: "(components) Do not deploy packaged components and delete any deployed components (valid items: " + strings.Join(DisableItems, ", ") + ")", + Usage: "(components) Do not deploy packaged components and delete any deployed components (valid items: " + strings.Join(rke2.DisableItems, ", ") + ")", }, "disable-scheduler": copyFlag, "disable-cloud-controller": copyFlag, @@ -166,47 +158,90 @@ func ServerRun(clx *cli.Context) error { validateCloudProviderName(clx, Server) validateProfile(clx, Server) validateCNI(clx) + validateIngress(clx) return rke2.Server(clx, config) } +// validateCNI validates the CNI selection, and disables any un-selected CNI charts func validateCNI(clx *cli.Context) { - cnis := []string{} - for _, cni := range clx.StringSlice("cni") { - for _, v := range strings.Split(cni, ",") { - cnis = append(cnis, v) + disableExceptSelected(clx, rke2.CNIItems, rke2.CNIFlag, func(values cli.StringSlice) (cli.StringSlice, error) { + switch len(values) { + case 0: + values = append(values, "canal") + fallthrough + case 1: + if values[0] == "multus" { + return nil, errors.New("multus must be used alongside another primary cni selection") + } + clx.Set("disable", "rke2-multus") + case 2: + if values[0] == "multus" { + values = values[1:] + } else { + return nil, errors.New("may only provide multiple values if multus is the first value") + } + default: + return nil, errors.New("must specify 1 or 2 values") } - } + return values, nil + }) +} - switch len(cnis) { - case 0: - cnis = append(cnis, "canal") - fallthrough - case 1: - if cnis[0] == "multus" { - logrus.Fatal("invalid value provided for --cni flag: multus must be used alongside another primary cni selection") +// validateCNI validates the ingress controller selection, and disables any un-selected ingress controller charts +func validateIngress(clx *cli.Context) { + disableExceptSelected(clx, rke2.IngressItems, rke2.IngressControllerFlag, func(values cli.StringSlice) (cli.StringSlice, error) { + if len(values) == 0 { + values = append(values, "ingress-nginx") } - clx.Set("disable", "rke2-multus") - case 2: - if cnis[0] == "multus" { - cnis = cnis[1:] - } else { - logrus.Fatal("invalid values provided for --cni flag: may only provide multiple values if multus is the first value") + return values, nil + }) +} + +// disableExceptSelected takes a list of valid flag values, and a CLI StringSlice flag that holds the user's selected values. +// Selected values are split to support comma-separated lists, in addition to repeated use of the same flag. +// Once the list has been split, a validation function is called to allow for custom validation or defaulting of selected values. +// Finally, charts for any valid items not selected are added to the --disable list. +// A value of 'none' will cause all valid items to be disabled. +// Errors from the validation function, or selection of a value not in the valid list, will cause a fatal error to be logged. +func disableExceptSelected(clx *cli.Context, valid []string, flag *cli.StringSliceFlag, validateFunc func(cli.StringSlice) (cli.StringSlice, error)) { + // split comma-separated values + values := cli.StringSlice{} + if flag.Value != nil { + for _, value := range *flag.Value { + for _, v := range strings.Split(value, ",") { + values = append(values, v) + } } - default: - logrus.Fatal("invalid values provided for --cni flag: may not provide more than two values") } - switch { - case cnis[0] == "none": - fallthrough - case slice.ContainsString(CNIItems, cnis[0]): - for _, d := range CNIItems { - if cnis[0] != d { - clx.Set("disable", "rke2-"+d) - clx.Set("disable", "rke2-"+d+"-crd") - } + // validate the flag after splitting values + if v, err := validateFunc(values); err != nil { + logrus.Fatalf("Failed to validate --%s flag: %v", flag.Name, err) + } else { + flag.Value = &v + } + + // prepare a list of items to disable, based on all valid components. + // we have to use an intermediate set because the flag interface + // doesn't allow us to remove flag values once added. + disabledCharts := sets.Set[string]{} + for _, d := range valid { + disabledCharts.Insert("rke2-"+d, "rke2-"+d+"-crd") + } + + // re-enable components for any selected flag values + for _, d := range *flag.Value { + switch { + case d == "none": + break + case slice.ContainsString(valid, d): + disabledCharts.Delete("rke2-"+d, "rke2-"+d+"-crd") + default: + logrus.Fatalf("Invalid value %s for --%s flag: must be one of %s", d, flag.Name, strings.Join(valid, ",")) } - default: - logrus.Fatal("invalid value provided for --cni flag") + } + + for _, c := range disabledCharts.UnsortedList() { + clx.Set("disable", c) } } diff --git a/pkg/pebinaryexecutor/pebinary.go b/pkg/pebinaryexecutor/pebinary.go index ab1e9683b4..059b90a6e6 100644 --- a/pkg/pebinaryexecutor/pebinary.go +++ b/pkg/pebinaryexecutor/pebinary.go @@ -46,19 +46,20 @@ var ( ) type PEBinaryConfig struct { - ManifestsDir string - ImagesDir string - Resolver *images.Resolver + CNIPlugin win.CNIPlugin CloudProvider *CloudProviderConfig - CISMode bool + Resolver *images.Resolver + ManifestsDir string DataDir string AuditPolicyFile string KubeletPath string + CNIName string + ImagesDir string KubeConfigKubeProxy string + IngressController string + CISMode bool DisableETCD bool IsServer bool - CNIName string - CNIPlugin win.CNIPlugin } type CloudProviderConfig struct { @@ -105,7 +106,7 @@ func (p *PEBinaryConfig) Bootstrap(ctx context.Context, nodeConfig *config.Node, } if p.IsServer { - return bootstrap.UpdateManifests(p.Resolver, nodeConfig, cfg) + return bootstrap.UpdateManifests(p.Resolver, p.IngressController, nodeConfig, cfg) } restConfig, err := clientcmd.BuildConfigFromFlags("", nodeConfig.AgentConfig.KubeConfigK3sController) diff --git a/pkg/podexecutor/staticpod.go b/pkg/podexecutor/staticpod.go index ee74cfa154..b120489e5d 100644 --- a/pkg/podexecutor/staticpod.go +++ b/pkg/podexecutor/staticpod.go @@ -105,25 +105,25 @@ type ControlPlaneProbeConfs struct { } type StaticPodConfig struct { + Resolver *images.Resolver + stopKubelet context.CancelFunc + CloudProvider *CloudProviderConfig ControlPlaneResources - ControlPlaneProbeConfs + DataDir string + RuntimeEndpoint string + ManifestsDir string + IngressController string + ImagesDir string + AuditPolicyFile string + PSAConfigFile string + KubeletPath string ControlPlaneEnv ControlPlaneMounts - ManifestsDir string - ImagesDir string - Resolver *images.Resolver - CloudProvider *CloudProviderConfig - DataDir string - AuditPolicyFile string - PSAConfigFile string - KubeletPath string - RuntimeEndpoint string + ControlPlaneProbeConfs CISMode bool DisableETCD bool ExternalDatabase bool IsServer bool - - stopKubelet context.CancelFunc } type CloudProviderConfig struct { @@ -159,7 +159,7 @@ func (s *StaticPodConfig) Bootstrap(_ context.Context, nodeConfig *daemonconfig. return err } if s.IsServer { - return bootstrap.UpdateManifests(s.Resolver, nodeConfig, cfg) + return bootstrap.UpdateManifests(s.Resolver, s.IngressController, nodeConfig, cfg) } // Remove the kube-proxy static pod manifest before starting the agent. diff --git a/pkg/rke2/rke2.go b/pkg/rke2/rke2.go index 8d5c832743..aecec1df28 100644 --- a/pkg/rke2/rke2.go +++ b/pkg/rke2/rke2.go @@ -22,6 +22,7 @@ import ( "github.com/pkg/errors" "github.com/rancher/rke2/pkg/controllers/cisnetworkpolicy" "github.com/rancher/rke2/pkg/images" + "github.com/rancher/wrangler/v3/pkg/slice" "github.com/sirupsen/logrus" "github.com/urfave/cli" @@ -62,6 +63,30 @@ type ExtraEnv struct { CloudControllerManager cli.StringSlice } +var ( + DisableItems = []string{"rke2-coredns", "rke2-metrics-server", "rke2-snapshot-controller", "rke2-snapshot-controller-crd", "rke2-snapshot-validation-webhook"} + CNIItems = []string{"calico", "canal", "cilium", "flannel"} + IngressItems = []string{"ingress-nginx", "traefik"} + + CNIFlag = &cli.StringSliceFlag{ + Name: "cni", + Usage: "(networking) CNI Plugins to deploy, one of none, " + strings.Join(CNIItems, ", ") + "; optionally with multus as the first value to enable the multus meta-plugin (default: canal)", + EnvVar: "RKE2_CNI", + Value: &cli.StringSlice{}, + } + IngressControllerFlag = &cli.StringSliceFlag{ + Name: "ingress-controller", + Usage: "(networking) Ingress Controllers to deploy, one of none, " + strings.Join(IngressItems, ", ") + "; the first value will be set as the default ingress class (default: ingress-nginx)", + EnvVar: "RKE_INGRESS_CONTROLLER", + Value: &cli.StringSlice{}, + } + ServiceLBFlag = &cli.BoolFlag{ + Name: "enable-servicelb", + Usage: "(components) Enable rke2 default cloud controller manager's service controller", + EnvVar: "RKE2_ENABLE_SERVICELB", + } +) + // Valid CIS Profile versions const ( CISProfile123 = "cis-1.23" @@ -115,7 +140,7 @@ func Server(clx *cli.Context, cfg Config) error { var leaderControllers rawServer.CustomControllers - cnis := clx.StringSlice("cni") + cnis := *CNIFlag.Value if cisMode && (len(cnis) == 0 || slice.ContainsString(cnis, "canal")) { leaderControllers = append(leaderControllers, cisnetworkpolicy.Controller) } else { diff --git a/pkg/rke2/rke2_linux.go b/pkg/rke2/rke2_linux.go index 7c1bb14b79..e21b43f8c0 100644 --- a/pkg/rke2/rke2_linux.go +++ b/pkg/rke2/rke2_linux.go @@ -140,6 +140,11 @@ func initExecutor(clx *cli.Context, cfg Config, isServer bool) (*podexecutor.Sta containerRuntimeEndpoint = containerdSock } + var ingressControllerName string + if IngressControllerFlag.Value != nil && len(*IngressControllerFlag.Value) > 0 { + ingressControllerName = (*IngressControllerFlag.Value)[0] + } + return &podexecutor.StaticPodConfig{ Resolver: resolver, ImagesDir: agentImagesDir, @@ -154,6 +159,7 @@ func initExecutor(clx *cli.Context, cfg Config, isServer bool) (*podexecutor.Sta DisableETCD: clx.Bool("disable-etcd"), ExternalDatabase: ExternalDatabase, IsServer: isServer, + IngressController: ingressControllerName, ControlPlaneResources: *controlPlaneResources, ControlPlaneProbeConfs: *controlPlaneProbeConfs, ControlPlaneEnv: *extraEnv, diff --git a/pkg/rke2/rke2_windows.go b/pkg/rke2/rke2_windows.go index 54cb196920..ba011275ff 100644 --- a/pkg/rke2/rke2_windows.go +++ b/pkg/rke2/rke2_windows.go @@ -58,17 +58,23 @@ func initExecutor(clx *cli.Context, cfg Config, isServer bool) (*pebinaryexecuto cfg.KubeletPath = "kubelet" } + var ingressControllerName string + if IngressControllerFlag.Value != nil && len(*IngressControllerFlag.Value) > 0 { + ingressControllerName = (*IngressControllerFlag.Value)[0] + } + return &pebinaryexecutor.PEBinaryConfig{ - Resolver: resolver, - ImagesDir: agentImagesDir, - ManifestsDir: agentManifestsDir, - CISMode: isCISMode(clx), - CloudProvider: cpConfig, - DataDir: dataDir, - AuditPolicyFile: clx.String("audit-policy-file"), - KubeletPath: cfg.KubeletPath, - DisableETCD: clx.Bool("disable-etcd"), - IsServer: isServer, - CNIName: "", + Resolver: resolver, + ImagesDir: agentImagesDir, + ManifestsDir: agentManifestsDir, + CISMode: isCISMode(clx), + CloudProvider: cpConfig, + DataDir: dataDir, + AuditPolicyFile: clx.String("audit-policy-file"), + KubeletPath: cfg.KubeletPath, + DisableETCD: clx.Bool("disable-etcd"), + IsServer: isServer, + IngressController: ingressControllerName, + CNIName: "", }, nil } From ae3a40900693a8a47a0820c832563c852688e9ad Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Wed, 22 May 2024 22:44:21 +0000 Subject: [PATCH 08/10] Update ingress charts Signed-off-by: Brad Davidson (cherry picked from commit 3134a11c95eab59351984df240d4ec0323c307da) Signed-off-by: Brad Davidson --- charts/chart_versions.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/charts/chart_versions.yaml b/charts/chart_versions.yaml index 88a4974cb3..4638c51a2f 100644 --- a/charts/chart_versions.yaml +++ b/charts/chart_versions.yaml @@ -14,9 +14,15 @@ charts: - version: 1.29.002 filename: /charts/rke2-coredns.yaml bootstrap: true - - version: 4.10.101 + - version: 4.10.102 filename: /charts/rke2-ingress-nginx.yaml bootstrap: false + - version: 25.0.000 + filename: /charts/rke2-traefik.yaml + bootstrap: false + - version: 25.0.000 + filename: /charts/rke2-traefik-crd.yaml + bootstrap: false - version: 3.12.002 filename: /charts/rke2-metrics-server.yaml bootstrap: false From e77de68e8c6e42c150ec73866c036ef9750a5143 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Mon, 15 Jul 2024 17:54:40 +0000 Subject: [PATCH 09/10] Bump K3s version for v1.30 Updates k3s: https://github.com/k3s-io/k3s/compare/aa4794b37223...37830fe170fa994caea8fe337ee30173f82acbe7 Signed-off-by: Brad Davidson --- go.mod | 22 +++++++++++----------- go.sum | 34 ++++++++++++++++++---------------- 2 files changed, 29 insertions(+), 27 deletions(-) diff --git a/go.mod b/go.mod index 687d57be37..cb2a39fc1b 100644 --- a/go.mod +++ b/go.mod @@ -79,7 +79,7 @@ require ( github.com/google/go-containerregistry v0.19.0 github.com/iamacarpet/go-win64api v0.0.0-20210311141720-fe38760bed28 github.com/k3s-io/helm-controller v0.16.1 - github.com/k3s-io/k3s v1.30.2-rc2.0.20240619164758-aa4794b37223 // master + github.com/k3s-io/k3s v1.30.3-0.20240715171250-37830fe170fa // master github.com/libp2p/go-netroute v0.2.1 github.com/natefinch/lumberjack v2.0.0+incompatible github.com/onsi/ginkgo/v2 v2.16.0 @@ -155,7 +155,7 @@ require ( github.com/coreos/go-oidc v2.2.1+incompatible // indirect github.com/coreos/go-semver v0.3.1 // indirect github.com/coreos/go-systemd/v22 v22.5.0 // indirect - github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect github.com/cyphar/filepath-securejoin v0.2.4 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c // indirect @@ -177,7 +177,7 @@ require ( github.com/euank/go-kmsg-parser v2.0.0+incompatible // indirect github.com/evanphx/json-patch v5.6.0+incompatible // indirect github.com/felixge/httpsnoop v1.0.4 // indirect - github.com/flannel-io/flannel v0.25.2 // indirect + github.com/flannel-io/flannel v0.25.4 // indirect github.com/flynn/noise v1.1.0 // indirect github.com/francoispqt/gojay v1.2.13 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect @@ -251,7 +251,7 @@ require ( github.com/josharian/intern v1.0.0 // indirect github.com/josharian/native v1.1.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/k3s-io/kine v0.11.9 // indirect + github.com/k3s-io/kine v0.11.11 // indirect github.com/karrick/godirwalk v1.17.0 // indirect github.com/klauspost/compress v1.17.7 // indirect github.com/klauspost/cpuid/v2 v2.2.7 // indirect @@ -345,7 +345,7 @@ require ( github.com/quic-go/webtransport-go v0.6.0 // indirect github.com/rancher/dynamiclistener v0.6.0-rc1 // indirect github.com/rancher/lasso v0.0.0-20240430201833-6f3def65ffc5 // indirect - github.com/rancher/remotedialer v0.3.0 // indirect + github.com/rancher/remotedialer v0.4.1 // indirect github.com/raulk/go-watchdog v1.3.0 // indirect github.com/robfig/cron/v3 v3.0.1 // indirect github.com/rootless-containers/rootlesskit v1.0.1 // indirect @@ -373,7 +373,7 @@ require ( go.etcd.io/etcd/client/pkg/v3 v3.5.13 // indirect go.etcd.io/etcd/client/v2 v2.305.13 // indirect go.etcd.io/etcd/client/v3 v3.5.13 // indirect - go.etcd.io/etcd/etcdutl/v3 v3.5.9 // indirect + go.etcd.io/etcd/etcdutl/v3 v3.5.13 // indirect go.etcd.io/etcd/pkg/v3 v3.5.13 // indirect go.etcd.io/etcd/raft/v3 v3.5.13 // indirect go.etcd.io/etcd/server/v3 v3.5.13 // indirect @@ -393,13 +393,13 @@ require ( go.uber.org/mock v0.4.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/crypto v0.22.0 // indirect + golang.org/x/crypto v0.23.0 // indirect golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 // indirect golang.org/x/mod v0.17.0 // indirect - golang.org/x/net v0.24.0 // indirect + golang.org/x/net v0.25.0 // indirect golang.org/x/oauth2 v0.17.0 // indirect - golang.org/x/term v0.19.0 // indirect - golang.org/x/text v0.14.0 // indirect + golang.org/x/term v0.20.0 // indirect + golang.org/x/text v0.15.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.20.0 // indirect golang.zx2c4.com/wireguard v0.0.0-20230325221338-052af4a8072b // indirect @@ -445,6 +445,6 @@ require ( sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 // indirect sigs.k8s.io/controller-runtime v0.10.1 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/knftables v0.0.14 // indirect + sigs.k8s.io/knftables v0.0.16 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) diff --git a/go.sum b/go.sum index d2e955dbda..438751cb8e 100644 --- a/go.sum +++ b/go.sum @@ -510,8 +510,9 @@ github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwc github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4= +github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= @@ -634,8 +635,8 @@ github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/flannel-io/flannel v0.25.2 h1:ATQ4PhZqd2MUpLm+NKbAaNxm2PJSLE+mS9WUI4RkKPs= -github.com/flannel-io/flannel v0.25.2/go.mod h1:o5FAm9Rl28TydPKw1cQFYWPopfQKIjlYrcdFzBusaGI= +github.com/flannel-io/flannel v0.25.4 h1:pFTwjpP7rmxGNknNXzuW0iXWcwXMRTpwDIfaSDWqTw0= +github.com/flannel-io/flannel v0.25.4/go.mod h1:utw3+DnHJVv8FdURRRRSPV1swOfG8MN2uQHlvhHL36g= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/flynn/noise v1.1.0 h1:KjPQoQCEFdZDiP03phOvGi11+SVVhBG2wOWAorLsstg= github.com/flynn/noise v1.1.0/go.mod h1:xbMo+0i6+IGbYdJhF31t2eR1BIU0CYc12+BNAKwUTag= @@ -1143,10 +1144,10 @@ github.com/k3s-io/etcd/server/v3 v3.5.13-k3s1 h1:Pqcxkg7V60c26ZpHoekP9QoUdLuduxF github.com/k3s-io/etcd/server/v3 v3.5.13-k3s1/go.mod h1:K/8nbsGupHqmr5MkgaZpLlH1QdX1pcNQLAkODy44XcQ= github.com/k3s-io/helm-controller v0.16.1 h1:4sdJSYdAeTvMjjq3Pt1ZcyenRTJIAvKojTWRg/i8Ne4= github.com/k3s-io/helm-controller v0.16.1/go.mod h1:AcSxEhOIUgeVvBTnJOAwcezBZXtYew/RhKwO5xp3RlM= -github.com/k3s-io/k3s v1.30.2-rc2.0.20240619164758-aa4794b37223 h1:jj3dDBGtW9uUQS5oKzf8pxv4sHB+HXXME9oNI7qzBrM= -github.com/k3s-io/k3s v1.30.2-rc2.0.20240619164758-aa4794b37223/go.mod h1:iPpEd1L/pF0hMJdBLAxcQbbX4PtRFMt11THqi2bnKxU= -github.com/k3s-io/kine v0.11.9 h1:7HfWSwtOowb7GuV6nECnNlFKShgRgVBLdWXj0/4t0sE= -github.com/k3s-io/kine v0.11.9/go.mod h1:N8rc1GDmEvvYRuTxhKTZfSc4fm/vyI6GbDxwBjccAjs= +github.com/k3s-io/k3s v1.30.3-0.20240715171250-37830fe170fa h1:e10fSy6kOLn/6PmTnBbgdB6vV4w1TZbGDHB+/uBmGmk= +github.com/k3s-io/k3s v1.30.3-0.20240715171250-37830fe170fa/go.mod h1:P2DbmuA0en/cuqTJAESELQUh5UjI4fIXorDz+klhX9A= +github.com/k3s-io/kine v0.11.11 h1:f1DhpGNjCDVd1HFWPbeA824YP7MtsrKgstoJ5M0SRgs= +github.com/k3s-io/kine v0.11.11/go.mod h1:L4x3qotFebVh1ZVzYwFVL5PPfqw2sRJTjDTIeViO70Y= github.com/k3s-io/klog v1.0.0-k3s2/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= github.com/k3s-io/klog/v2 v2.120.1-k3s1 h1:7twAHPFpZA21KdMnMNnj68STQMPldAxF2Zsaol57dxw= github.com/k3s-io/klog/v2 v2.120.1-k3s1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= @@ -1704,8 +1705,8 @@ github.com/rancher/lasso v0.0.0-20240430201833-6f3def65ffc5/go.mod h1:7WkdfPEvWA github.com/rancher/permissions v0.0.0-20240523180510-4001d3d637f7 h1:0Kg2SGoMeU1ll4xPi4DE0+qNHLFO/U5MwtK0WrIdK+o= github.com/rancher/permissions v0.0.0-20240523180510-4001d3d637f7/go.mod h1:fsbs0YOsGn1ofPD5p+BuI4qDhbMbSJtTegKt6Ucna+c= github.com/rancher/remotedialer v0.2.6-0.20201012155453-8b1b7bb7d05f/go.mod h1:dbzn9NF1JWbGEHL6Q/1KG4KFROILiY/j6wmfF1Np3fk= -github.com/rancher/remotedialer v0.3.0 h1:y1EO8JCsgZo0RcqTUp6U8FXcBAv27R+TLnWRcpvX1sM= -github.com/rancher/remotedialer v0.3.0/go.mod h1:BwwztuvViX2JrLLUwDlsYt5DiyUwHLlzynRwkZLAY0Q= +github.com/rancher/remotedialer v0.4.1 h1:jwOf2kPRjBBpSFofv1OuZHWaYHeC9Eb6/XgDvbkoTgc= +github.com/rancher/remotedialer v0.4.1/go.mod h1:Ys004RpJuTLSm+k4aYUCoFiOOad37ubYev3TkOFg/5w= github.com/rancher/wharfie v0.6.6 h1:ESxPxBDiq9RXd8G9fC71qc7+AbetThVtxPC9K8VVZ2Y= github.com/rancher/wharfie v0.6.6/go.mod h1:sfCy07HF8EE1MDKhpDc/cLptLTiTC0y/wisD44gr8uc= github.com/rancher/wins v0.1.1 h1:WyqxkAyCstwuv+04tdJiGODXv0De/lOyRHV6MJVfrUo= @@ -1728,8 +1729,8 @@ github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= -github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= -github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/rootless-containers/rootlesskit v1.0.1 h1:jepqW1txFSowKSMAEkVhWH3Oa1TCY9S400MVYe/6Iro= github.com/rootless-containers/rootlesskit v1.0.1/go.mod h1:t2UAiYagxrJ+wmpFAUIZPcqsm4k2B7ve6g7lILKbloc= github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= @@ -2232,8 +2233,8 @@ golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= -golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= +golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= +golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -2254,8 +2255,9 @@ golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= +golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -2643,8 +2645,8 @@ sigs.k8s.io/controller-tools v0.6.2/go.mod h1:oaeGpjXn6+ZSEIQkUe/+3I40PNiDYp9aea sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/kind v0.11.1/go.mod h1:fRpgVhtqAWrtLB9ED7zQahUimpUXuG/iHT88xYqEGIA= -sigs.k8s.io/knftables v0.0.14 h1:VzKQoDMCGBOH8c85sGrWSXSPCS0XrIpEfOlcCLBXiC0= -sigs.k8s.io/knftables v0.0.14/go.mod h1:f/5ZLKYEUPUhVjUCg6l80ACdL7CIIyeL0DxfgojGRTk= +sigs.k8s.io/knftables v0.0.16 h1:ZpTfNsjnidgoXdxxzcZLdSctqkpSO3QB3jo3zQ4PXqM= +sigs.k8s.io/knftables v0.0.16/go.mod h1:f/5ZLKYEUPUhVjUCg6l80ACdL7CIIyeL0DxfgojGRTk= sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= From 285fe32b119acd53e15b8013a0a9244c2c67e9b1 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Mon, 15 Jul 2024 17:49:49 +0000 Subject: [PATCH 10/10] Sync cli with k3s Signed-off-by: Brad Davidson --- pkg/cli/cmds/etcd_snapshot.go | 16 +++++++++------- pkg/cli/cmds/server.go | 12 +++++++----- 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/pkg/cli/cmds/etcd_snapshot.go b/pkg/cli/cmds/etcd_snapshot.go index 387031224d..679d76276b 100644 --- a/pkg/cli/cmds/etcd_snapshot.go +++ b/pkg/cli/cmds/etcd_snapshot.go @@ -21,24 +21,26 @@ func NewEtcdSnapshotCommand() cli.Command { Usage: "(data) Folder to hold state", Default: rke2Path, }, - "server": { + "etcd-server": { Default: "https://127.0.0.1:9345", }, - "token": copyFlag, + "etcd-token": copyFlag, "name": copyFlag, "dir": copyFlag, "snapshot-compress": copyFlag, "snapshot-retention": copyFlag, "s3": copyFlag, - "s3-endpoint": copyFlag, - "s3-endpoint-ca": copyFlag, - "s3-skip-ssl-verify": copyFlag, "s3-access-key": copyFlag, - "s3-secret-key": copyFlag, "s3-bucket": copyFlag, - "s3-region": copyFlag, + "s3-config-secret": copyFlag, + "s3-endpoint": copyFlag, + "s3-endpoint-ca": copyFlag, "s3-folder": copyFlag, "s3-insecure": copyFlag, + "s3-proxy": copyFlag, + "s3-region": copyFlag, + "s3-secret-key": copyFlag, + "s3-skip-ssl-verify": copyFlag, "s3-timeout": copyFlag, } subcommandOpts := map[string]K3SFlagSet{ diff --git a/pkg/cli/cmds/server.go b/pkg/cli/cmds/server.go index e184e46c67..aa3a7f938a 100644 --- a/pkg/cli/cmds/server.go +++ b/pkg/cli/cmds/server.go @@ -129,15 +129,17 @@ var ( "etcd-expose-metrics": copyFlag, "airgap-extra-registry": copyFlag, "etcd-s3": copyFlag, - "etcd-s3-endpoint": copyFlag, - "etcd-s3-endpoint-ca": copyFlag, - "etcd-s3-skip-ssl-verify": copyFlag, "etcd-s3-access-key": copyFlag, - "etcd-s3-secret-key": copyFlag, "etcd-s3-bucket": copyFlag, - "etcd-s3-region": copyFlag, + "etcd-s3-config-secret": copyFlag, + "etcd-s3-endpoint": copyFlag, + "etcd-s3-endpoint-ca": copyFlag, "etcd-s3-folder": copyFlag, "etcd-s3-insecure": copyFlag, + "etcd-s3-proxy": copyFlag, + "etcd-s3-region": copyFlag, + "etcd-s3-secret-key": copyFlag, + "etcd-s3-skip-ssl-verify": copyFlag, "etcd-s3-timeout": copyFlag, "disable-helm-controller": dropFlag, "helm-job-image": copyFlag,