Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[release-1.30] version bumps and backports for 2024-07 release cycle #6317

Merged
merged 10 commits into from
Jul 16, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Dockerfile.windows
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM alpine:3.19 AS build
FROM alpine:3.20 AS build

RUN apk --no-cache add \
curl \
Expand Down
22 changes: 12 additions & 10 deletions bundle/bin/rke2-killall.sh
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,9 @@ do_unmount_and_remove() {
fi
}

export PATH=$PATH:/var/lib/rancher/rke2/bin
RKE2_DATA_DIR=${RKE2_DATA_DIR:-/var/lib/rancher/rke2}

export PATH=$PATH:${RKE2_DATA_DIR}/bin

set -x

Expand All @@ -60,7 +62,7 @@ systemctl stop rke2-agent.service || true
killtree $({ set +x; } 2>/dev/null; getshims; set -x)

do_unmount_and_remove '/run/k3s'
do_unmount_and_remove '/var/lib/rancher/rke2'
do_unmount_and_remove "${RKE2_DATA_DIR}"
do_unmount_and_remove '/var/lib/kubelet/pods'
do_unmount_and_remove '/run/netns/cni-'

Expand Down Expand Up @@ -95,14 +97,14 @@ fi
rm -rf /var/lib/cni/ /var/log/pods/ /var/log/containers

# Remove pod-manifests files for rke2 components
POD_MANIFESTS_DIR=/var/lib/rancher/rke2/agent/pod-manifests

rm -f ${POD_MANIFESTS_DIR}/etcd.yaml \
${POD_MANIFESTS_DIR}/kube-apiserver.yaml \
${POD_MANIFESTS_DIR}/kube-controller-manager.yaml \
${POD_MANIFESTS_DIR}/cloud-controller-manager.yaml\
${POD_MANIFESTS_DIR}/kube-scheduler.yaml \
${POD_MANIFESTS_DIR}/kube-proxy.yaml
POD_MANIFESTS_DIR=${RKE2_DATA_DIR}/agent/pod-manifests

rm -f "${POD_MANIFESTS_DIR}/etcd.yaml" \
"${POD_MANIFESTS_DIR}/kube-apiserver.yaml" \
"${POD_MANIFESTS_DIR}/kube-controller-manager.yaml" \
"${POD_MANIFESTS_DIR}/cloud-controller-manager.yaml" \
"${POD_MANIFESTS_DIR}/kube-scheduler.yaml" \
"${POD_MANIFESTS_DIR}/kube-proxy.yaml"

# Delete iptables created by CNI plugins or Kubernetes (kube-proxy)
iptables-save | grep -v KUBE- | grep -v CNI- | grep -v cali- | grep -v cali: | grep -v CILIUM_ | grep -v flannel | iptables-restore
Expand Down
6 changes: 3 additions & 3 deletions bundle/bin/rke2-uninstall.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ $WarningPreference = 'SilentlyContinue'
$VerbosePreference = 'SilentlyContinue'
$DebugPreference = 'SilentlyContinue'
$InformationPreference = 'SilentlyContinue'

$RKE2_DATA_DIR = if ($env:RKE2_DATA_DIR) { $env:RKE2_DATA_DIR } else { "c:/var/lib/rancher/rke2" };
Set-StrictMode -Version Latest

function Test-Command($cmdname) {
Expand Down Expand Up @@ -322,7 +322,7 @@ function Remove-Containerd () {
# if there are still namespaces and timeout was reached
} elseif ($namespaces -and (Get-Date) -ge $endTime) {
Write-Output "Warning! Not all resources in containerd namespace $ns were able to be removed. " `
"The uninstallation script might not be able to remove all files under /var/lib/rancher/rke2"
"The uninstallation script might not be able to remove all files under $RKE2_DATA_DIR"
break
# if there are no namespaces
} elseif (-not $namespaces) {
Expand Down Expand Up @@ -421,7 +421,7 @@ function Create-Lockfile() {
}

function Invoke-Rke2Uninstall () {
$env:PATH += ";$env:CATTLE_AGENT_BIN_PREFIX/bin/;c:\var\lib\rancher\rke2\bin"
$env:PATH += ";$env:CATTLE_AGENT_BIN_PREFIX/bin/;$RKE2_DATA_DIR/bin"
Remove-Containerd
Stop-Processes
Invoke-CleanServices
Expand Down
4 changes: 3 additions & 1 deletion bundle/bin/rke2-uninstall.sh
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@ check_target_ro() {
test $? -ne 0
}

RKE2_DATA_DIR=${RKE2_DATA_DIR:-/var/lib/rancher/rke2}

. /etc/os-release
if [ -r /etc/redhat-release ] || [ -r /etc/centos-release ] || [ -r /etc/oracle-release ] || [ -r /etc/amazon-linux-release ]; then
# If redhat/oracle family os is detected, double check whether installation mode is yum or tar.
Expand Down Expand Up @@ -97,7 +99,7 @@ uninstall_remove_files()
rm -rf /etc/cni
rm -rf /opt/cni/bin
rm -rf /var/lib/kubelet || true
rm -rf /var/lib/rancher/rke2
rm -rf "${RKE2_DATA_DIR}"
rm -d /var/lib/rancher || true

if type fapolicyd >/dev/null 2>&1; then
Expand Down
8 changes: 7 additions & 1 deletion charts/chart_versions.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,15 @@ charts:
- version: 1.29.002
filename: /charts/rke2-coredns.yaml
bootstrap: true
- version: 4.10.101
- version: 4.10.102
filename: /charts/rke2-ingress-nginx.yaml
bootstrap: false
- version: 25.0.000
filename: /charts/rke2-traefik.yaml
bootstrap: false
- version: 25.0.000
filename: /charts/rke2-traefik-crd.yaml
bootstrap: false
- version: 3.12.002
filename: /charts/rke2-metrics-server.yaml
bootstrap: false
Expand Down
29 changes: 29 additions & 0 deletions docs/adrs/008-traefik-ingress.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
# Support for Alternative Ingress Controllers

Date: 2024-05-21

## Status

Accepted

## Context

RKE2 currently supports only a single ingress controller, ingress-nginx.
It has been requested RKE2 support alternative ingress controllers, similar to how RKE2 supports multiple CNIs.

## Decision

* A new --ingress-controller flag will be added; the default will be only `ingress-nginx` to preserve current behavior.
* All selected ingress controllers will be deployed to the cluster.
* The first selected ingress controller will be set as the default, via the `ingressclass.kubernetes.io/is-default-class` annotation
on the IngressClass resource.
* Any packaged ingress controllers not listed in the flag value will be disabled, similar to how inactive packaged CNIs are handled.
* RKE2 will package Traefik's HelmChart as a supported ingress controller, deploying as a Daemonset + ClusterIP Service
for parity with the `ingress-nginx` default configuration due to RKE2's lack of a default LoadBalancer controller.
* RKE2 will use mirrored upstream Traefik images; custom-rebuilt hardened-traefik images will not be provided or supported.

## Consequences

* We will add an additional packaged component and CLI flag for ingress controller selection.
* We will need to track updates to Traefik and the Traefik chart.
* QA will need additional resources to test the new ingress controllers.
26 changes: 13 additions & 13 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ require (
github.com/google/go-containerregistry v0.19.0
github.com/iamacarpet/go-win64api v0.0.0-20210311141720-fe38760bed28
github.com/k3s-io/helm-controller v0.16.1
github.com/k3s-io/k3s v1.30.2-rc2.0.20240619164758-aa4794b37223 // master
github.com/k3s-io/k3s v1.30.3-0.20240715171250-37830fe170fa // master
github.com/libp2p/go-netroute v0.2.1
github.com/natefinch/lumberjack v2.0.0+incompatible
github.com/onsi/ginkgo/v2 v2.16.0
Expand All @@ -95,7 +95,7 @@ require (
github.com/tigera/operator v1.28.1
github.com/urfave/cli v1.22.14
golang.org/x/sync v0.7.0
golang.org/x/sys v0.19.0
golang.org/x/sys v0.20.0
google.golang.org/grpc v1.63.2
k8s.io/api v0.30.2
k8s.io/apimachinery v0.30.2
Expand Down Expand Up @@ -155,7 +155,7 @@ require (
github.com/coreos/go-oidc v2.2.1+incompatible // indirect
github.com/coreos/go-semver v0.3.1 // indirect
github.com/coreos/go-systemd/v22 v22.5.0 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
github.com/cyphar/filepath-securejoin v0.2.4 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c // indirect
Expand All @@ -177,7 +177,7 @@ require (
github.com/euank/go-kmsg-parser v2.0.0+incompatible // indirect
github.com/evanphx/json-patch v5.6.0+incompatible // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/flannel-io/flannel v0.25.2 // indirect
github.com/flannel-io/flannel v0.25.4 // indirect
github.com/flynn/noise v1.1.0 // indirect
github.com/francoispqt/gojay v1.2.13 // indirect
github.com/fsnotify/fsnotify v1.7.0 // indirect
Expand Down Expand Up @@ -222,7 +222,7 @@ require (
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
github.com/hashicorp/go-retryablehttp v0.7.4 // indirect
github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
github.com/hashicorp/go-version v1.6.0 // indirect
github.com/hashicorp/golang-lru v0.5.4 // indirect
github.com/hashicorp/golang-lru/arc/v2 v2.0.5 // indirect
Expand Down Expand Up @@ -251,7 +251,7 @@ require (
github.com/josharian/intern v1.0.0 // indirect
github.com/josharian/native v1.1.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/k3s-io/kine v0.11.9 // indirect
github.com/k3s-io/kine v0.11.11 // indirect
github.com/karrick/godirwalk v1.17.0 // indirect
github.com/klauspost/compress v1.17.7 // indirect
github.com/klauspost/cpuid/v2 v2.2.7 // indirect
Expand Down Expand Up @@ -345,7 +345,7 @@ require (
github.com/quic-go/webtransport-go v0.6.0 // indirect
github.com/rancher/dynamiclistener v0.6.0-rc1 // indirect
github.com/rancher/lasso v0.0.0-20240430201833-6f3def65ffc5 // indirect
github.com/rancher/remotedialer v0.3.0 // indirect
github.com/rancher/remotedialer v0.4.1 // indirect
github.com/raulk/go-watchdog v1.3.0 // indirect
github.com/robfig/cron/v3 v3.0.1 // indirect
github.com/rootless-containers/rootlesskit v1.0.1 // indirect
Expand Down Expand Up @@ -373,7 +373,7 @@ require (
go.etcd.io/etcd/client/pkg/v3 v3.5.13 // indirect
go.etcd.io/etcd/client/v2 v2.305.13 // indirect
go.etcd.io/etcd/client/v3 v3.5.13 // indirect
go.etcd.io/etcd/etcdutl/v3 v3.5.9 // indirect
go.etcd.io/etcd/etcdutl/v3 v3.5.13 // indirect
go.etcd.io/etcd/pkg/v3 v3.5.13 // indirect
go.etcd.io/etcd/raft/v3 v3.5.13 // indirect
go.etcd.io/etcd/server/v3 v3.5.13 // indirect
Expand All @@ -393,13 +393,13 @@ require (
go.uber.org/mock v0.4.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.27.0 // indirect
golang.org/x/crypto v0.22.0 // indirect
golang.org/x/crypto v0.23.0 // indirect
golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 // indirect
golang.org/x/mod v0.17.0 // indirect
golang.org/x/net v0.24.0 // indirect
golang.org/x/net v0.25.0 // indirect
golang.org/x/oauth2 v0.17.0 // indirect
golang.org/x/term v0.19.0 // indirect
golang.org/x/text v0.14.0 // indirect
golang.org/x/term v0.20.0 // indirect
golang.org/x/text v0.15.0 // indirect
golang.org/x/time v0.5.0 // indirect
golang.org/x/tools v0.20.0 // indirect
golang.zx2c4.com/wireguard v0.0.0-20230325221338-052af4a8072b // indirect
Expand Down Expand Up @@ -445,6 +445,6 @@ require (
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 // indirect
sigs.k8s.io/controller-runtime v0.10.1 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/knftables v0.0.14 // indirect
sigs.k8s.io/knftables v0.0.16 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
)
Loading