Allow kube-proxy to change nf_conntrack_max on lxc #2777
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
neoaggelos
approved these changes
Dec 6, 2021
joedborg
added a commit
that referenced
this pull request
Jan 13, 2022
* Include ingress for addon status check * Add addon to expose dashboard over ingress (#906) * Add validator for dashboard-ingress (#906) * Add note and workaround for nip.io in tests * Force HTTPS redirect on dashboard ingress * Fix lint on validator changes at dashboard_ingress * Add config args to dashboard-ingress addon (#906) * fix unclosed monospace text on nip.io workaround * Move storage-dir argument to k8s-dqlite (#2672) * Move storage-dir argument to k8s-dqlite * Fix the config values * Remove empty line * Use Docker's own registry image (#2679) * Update k8s-dqlite to include the empty cluster.yaml fix (#2683) * Upgrade linkerd to version 2.11.1 * Fix yaml loading in tests (#2698) * Update EnVar plugin (#2704) * Installer 2.2.1 release (#2705) * Bump actions/checkout from 2.3.5 to 2.4.0 (#2706) Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.5 to 2.4.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v2.3.5...v2.4.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update inaccel add-on (#2681) * Set `kube-system` as the default namespace * Test mutating webhook features Signed-off-by: Elias Koromilas <elias.koromilas@gmail.com> * Inspect report to include basic dqlite info (#2688) * Update check-formatting.yml (#2721) Rename `build` to `check-formatting`. This helps when running locally with `act`. * Add clustering tests. Remove dead tests. (#2697) * Update GPU operator to v1.8.2 and fix its test (#2708) * updated portainer disable script (#2693) * Update default kube-apiserver arguments (#2731) - Disable profiling (--profiling=false) - Reduce event TTL to 5 minutes (--event-ttl=5m) * Bump ingress to v1.0.5 (#2732) * Bump actions/setup-python from 2.2.2 to 2.3.0 (#2738) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2.2.2 to 2.3.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v2.2.2...v2.3.0) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Use SafeLoader instead of FullLoader (#2726) * Pull inspection tarball out of the multipass VM (#2711) * upgrade keda to the latest version * upgrade jaeger operator * upgrade metrics server to v0.5.2 * Worker only node with dqlite (#2444) microk8s join command has an additional --worker option to add the node as a worker node not running the control plane. Kubelet and kube-proxy contact a Traefik loadbalancer running locally on port 16443 (same as the API server) and Traefik forwards the requests towards a set of configured API servers. Kubelet and kube-proxy are authenticated based on x509 certificates so it does not matter which master node they contact. Nodes running the control plane are labeled with node.kubernetes.io/microk8s-controlplane=microk8s-controlplane, worker nodes are labeled with node.kubernetes.io/microk8s-worker=microk8s-worker. Nodes labeled with node.kubernetes.io/microk8s-controlplane=microk8s-controlplane at the time of the joining operation will be added to the Traefik loadbalancer. The leave, join and reset operations were refactored to use click. * Fixed a typo * Improve handling for missing k8s-dqlite arguments file (#2753) * Fix typo in configure script (#2758) * Remove the --insecure-port argument (#2756) * Fix add-node output in etcd based clusters (#2760) * Warn rpi users they need extra modules (#2754) * Remove deprecated configuration from containerd-template.toml and adapt it as suggested by containerd documentation. (#2648) * Fix removal of callback tokens (#2759) Co-authored-by: Angelos Kolaitis <angelos.kolaitis@canonical.com> * Bump actions/setup-python from 2.3.0 to 2.3.1 (#2765) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2.3.0 to 2.3.1. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v2.3.0...v2.3.1) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Replace depreated call from net-tools to iproute2 (#2751) * Replace deprecated network tools in inspect script (#2657) Use networks tools from iproute2 (ip addr + ss) instead of net-tools (ifconfig, netstat) * Replacement of deprecated net-tools to iproute2 tools It removes the use of the deprecated ifconfig and netstat tools notably when performing enabling/disabling host-access action and inside common/utils functions * Print warning for docker iff docker daemon is installed (#2769) * Update the PATH containerd-shims has to find runc (#2772) * Build traefik from source for s390x (#2768) * Remove colon from localhost ctonatinerd configuration (#2781) * Allow kube-proxy to change nf_conntrack_max on lxc (#2777) * Allow kube-proxy to change nf_conntrack_max on lxc * If you detect we are on lxc do not try set any conntrack params * Prepare for v1.23 (#2787) * Remove insecure-port only from local config (#2789) * Runc now requires Go 1.16 minimum in order to go get (#2799) * Hotfix ElasticSearch for Log4Shell (#2802) * Return inspect to old command * Bump Multipass and default track (#2794) * fix ingress leader election when rbac is enabled (#2813) * fix ingress rbac so it can acquire lock * upgrade nginx ingress to v1.1.0 and update the rolebinding to use only resourceName * Bump carlosperate/download-file-action from 1.0.3 to 1.1.0 (#2808) Bumps [carlosperate/download-file-action](https://github.com/carlosperate/download-file-action) from 1.0.3 to 1.1.0. - [Release notes](https://github.com/carlosperate/download-file-action/releases) - [Commits](carlosperate/download-file-action@v1.0.3...v1.1.0) --- updated-dependencies: - dependency-name: carlosperate/download-file-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * upgrade dashboard to v2.3.0 to fix ingress API 404 (#2792) * Bump traefik version to 2.5 (#2809) Co-authored-by: Konstantinos Tsakalozos <konstantinos.tsakalozos@canonical.com> * Fix inspect * Add helm interfaces to disable * Add kubernetes-support interface for helm and enable/disable Co-authored-by: John P Lettman <john.lettman@canonical.com> Co-authored-by: Konstantinos Tsakalozos <kos.tsakalozos@canonical.com> Co-authored-by: Tobias Muehl <t@muehl.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Elias Koromilas <elias.koromilas@gmail.com> Co-authored-by: balasu <balasundarammaster@gmail.com> Co-authored-by: Angelos Kolaitis <angelos.kolaitis@canonical.com> Co-authored-by: Mohammad Faraz <farazm708@gmail.com> Co-authored-by: balchua <balchua@yahoo.com> Co-authored-by: Stefano Palazzo <stefano.palazzo@gmail.com> Co-authored-by: Babis K <babis_k@outlook.com> Co-authored-by: odufourc <84727096+odufourc@users.noreply.github.com> Co-authored-by: YanZheng <vincent19376@gmail.com> Co-authored-by: Miroslav Balaz <gpslayer@gmail.com> Co-authored-by: Konstantinos Tsakalozos <konstantinos.tsakalozos@canonical.com>
joedborg
added a commit
that referenced
this pull request
Jan 19, 2022
* Include ingress for addon status check * Add addon to expose dashboard over ingress (#906) * Add validator for dashboard-ingress (#906) * Add note and workaround for nip.io in tests * Force HTTPS redirect on dashboard ingress * Fix lint on validator changes at dashboard_ingress * Add config args to dashboard-ingress addon (#906) * fix unclosed monospace text on nip.io workaround * Move storage-dir argument to k8s-dqlite (#2672) * Move storage-dir argument to k8s-dqlite * Fix the config values * Remove empty line * Use Docker's own registry image (#2679) * Update k8s-dqlite to include the empty cluster.yaml fix (#2683) * Upgrade linkerd to version 2.11.1 * Fix yaml loading in tests (#2698) * Update EnVar plugin (#2704) * Installer 2.2.1 release (#2705) * Bump actions/checkout from 2.3.5 to 2.4.0 (#2706) Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.5 to 2.4.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v2.3.5...v2.4.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update inaccel add-on (#2681) * Set `kube-system` as the default namespace * Test mutating webhook features Signed-off-by: Elias Koromilas <elias.koromilas@gmail.com> * Inspect report to include basic dqlite info (#2688) * Update check-formatting.yml (#2721) Rename `build` to `check-formatting`. This helps when running locally with `act`. * Add clustering tests. Remove dead tests. (#2697) * Update GPU operator to v1.8.2 and fix its test (#2708) * updated portainer disable script (#2693) * Update default kube-apiserver arguments (#2731) - Disable profiling (--profiling=false) - Reduce event TTL to 5 minutes (--event-ttl=5m) * Bump ingress to v1.0.5 (#2732) * Bump actions/setup-python from 2.2.2 to 2.3.0 (#2738) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2.2.2 to 2.3.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v2.2.2...v2.3.0) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Use SafeLoader instead of FullLoader (#2726) * Pull inspection tarball out of the multipass VM (#2711) * upgrade keda to the latest version * upgrade jaeger operator * upgrade metrics server to v0.5.2 * Worker only node with dqlite (#2444) microk8s join command has an additional --worker option to add the node as a worker node not running the control plane. Kubelet and kube-proxy contact a Traefik loadbalancer running locally on port 16443 (same as the API server) and Traefik forwards the requests towards a set of configured API servers. Kubelet and kube-proxy are authenticated based on x509 certificates so it does not matter which master node they contact. Nodes running the control plane are labeled with node.kubernetes.io/microk8s-controlplane=microk8s-controlplane, worker nodes are labeled with node.kubernetes.io/microk8s-worker=microk8s-worker. Nodes labeled with node.kubernetes.io/microk8s-controlplane=microk8s-controlplane at the time of the joining operation will be added to the Traefik loadbalancer. The leave, join and reset operations were refactored to use click. * Fixed a typo * Improve handling for missing k8s-dqlite arguments file (#2753) * Fix typo in configure script (#2758) * Remove the --insecure-port argument (#2756) * Fix add-node output in etcd based clusters (#2760) * Warn rpi users they need extra modules (#2754) * Remove deprecated configuration from containerd-template.toml and adapt it as suggested by containerd documentation. (#2648) * Fix removal of callback tokens (#2759) Co-authored-by: Angelos Kolaitis <angelos.kolaitis@canonical.com> * Bump actions/setup-python from 2.3.0 to 2.3.1 (#2765) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2.3.0 to 2.3.1. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v2.3.0...v2.3.1) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Replace depreated call from net-tools to iproute2 (#2751) * Replace deprecated network tools in inspect script (#2657) Use networks tools from iproute2 (ip addr + ss) instead of net-tools (ifconfig, netstat) * Replacement of deprecated net-tools to iproute2 tools It removes the use of the deprecated ifconfig and netstat tools notably when performing enabling/disabling host-access action and inside common/utils functions * Print warning for docker iff docker daemon is installed (#2769) * Update the PATH containerd-shims has to find runc (#2772) * Build traefik from source for s390x (#2768) * Remove colon from localhost ctonatinerd configuration (#2781) * Allow kube-proxy to change nf_conntrack_max on lxc (#2777) * Allow kube-proxy to change nf_conntrack_max on lxc * If you detect we are on lxc do not try set any conntrack params * Prepare for v1.23 (#2787) * Remove insecure-port only from local config (#2789) * Runc now requires Go 1.16 minimum in order to go get (#2799) * Hotfix ElasticSearch for Log4Shell (#2802) * Bump Multipass and default track (#2794) * fix ingress leader election when rbac is enabled (#2813) * fix ingress rbac so it can acquire lock * upgrade nginx ingress to v1.1.0 and update the rolebinding to use only resourceName * Bump carlosperate/download-file-action from 1.0.3 to 1.1.0 (#2808) Bumps [carlosperate/download-file-action](https://github.com/carlosperate/download-file-action) from 1.0.3 to 1.1.0. - [Release notes](https://github.com/carlosperate/download-file-action/releases) - [Commits](carlosperate/download-file-action@v1.0.3...v1.1.0) --- updated-dependencies: - dependency-name: carlosperate/download-file-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * upgrade dashboard to v2.3.0 to fix ingress API 404 (#2792) * Bump traefik version to 2.5 (#2809) Co-authored-by: Konstantinos Tsakalozos <konstantinos.tsakalozos@canonical.com> * Refuse joining nodes when hostname does not resolve (#2838) * Add low-memory guard (#2828) * Deprecate storage addon (#2833) * Replace 'storage' with 'hostpath-storage' * Do not start traefik and k8s-dqlite until interfaces are connected (#2851) * Remove sudo * Add touch installed lock back in Co-authored-by: John P Lettman <john.lettman@canonical.com> Co-authored-by: Konstantinos Tsakalozos <kos.tsakalozos@canonical.com> Co-authored-by: Tobias Muehl <t@muehl.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Elias Koromilas <elias.koromilas@gmail.com> Co-authored-by: balasu <balasundarammaster@gmail.com> Co-authored-by: Angelos Kolaitis <angelos.kolaitis@canonical.com> Co-authored-by: Mohammad Faraz <farazm708@gmail.com> Co-authored-by: balchua <balchua@yahoo.com> Co-authored-by: Stefano Palazzo <stefano.palazzo@gmail.com> Co-authored-by: Babis K <babis_k@outlook.com> Co-authored-by: odufourc <84727096+odufourc@users.noreply.github.com> Co-authored-by: YanZheng <vincent19376@gmail.com> Co-authored-by: Miroslav Balaz <gpslayer@gmail.com> Co-authored-by: Konstantinos Tsakalozos <konstantinos.tsakalozos@canonical.com>
joedborg
added a commit
that referenced
this pull request
Jan 24, 2022
* Include ingress for addon status check * Add addon to expose dashboard over ingress (#906) * Add validator for dashboard-ingress (#906) * Add note and workaround for nip.io in tests * Force HTTPS redirect on dashboard ingress * Fix lint on validator changes at dashboard_ingress * Add config args to dashboard-ingress addon (#906) * fix unclosed monospace text on nip.io workaround * Move storage-dir argument to k8s-dqlite (#2672) * Move storage-dir argument to k8s-dqlite * Fix the config values * Remove empty line * Use Docker's own registry image (#2679) * Update k8s-dqlite to include the empty cluster.yaml fix (#2683) * Upgrade linkerd to version 2.11.1 * Fix yaml loading in tests (#2698) * Update EnVar plugin (#2704) * Installer 2.2.1 release (#2705) * Bump actions/checkout from 2.3.5 to 2.4.0 (#2706) Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.5 to 2.4.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v2.3.5...v2.4.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update inaccel add-on (#2681) * Set `kube-system` as the default namespace * Test mutating webhook features Signed-off-by: Elias Koromilas <elias.koromilas@gmail.com> * Inspect report to include basic dqlite info (#2688) * Update check-formatting.yml (#2721) Rename `build` to `check-formatting`. This helps when running locally with `act`. * Add clustering tests. Remove dead tests. (#2697) * Update GPU operator to v1.8.2 and fix its test (#2708) * updated portainer disable script (#2693) * Update default kube-apiserver arguments (#2731) - Disable profiling (--profiling=false) - Reduce event TTL to 5 minutes (--event-ttl=5m) * Bump ingress to v1.0.5 (#2732) * Bump actions/setup-python from 2.2.2 to 2.3.0 (#2738) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2.2.2 to 2.3.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v2.2.2...v2.3.0) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Use SafeLoader instead of FullLoader (#2726) * Pull inspection tarball out of the multipass VM (#2711) * upgrade keda to the latest version * upgrade jaeger operator * upgrade metrics server to v0.5.2 * Worker only node with dqlite (#2444) microk8s join command has an additional --worker option to add the node as a worker node not running the control plane. Kubelet and kube-proxy contact a Traefik loadbalancer running locally on port 16443 (same as the API server) and Traefik forwards the requests towards a set of configured API servers. Kubelet and kube-proxy are authenticated based on x509 certificates so it does not matter which master node they contact. Nodes running the control plane are labeled with node.kubernetes.io/microk8s-controlplane=microk8s-controlplane, worker nodes are labeled with node.kubernetes.io/microk8s-worker=microk8s-worker. Nodes labeled with node.kubernetes.io/microk8s-controlplane=microk8s-controlplane at the time of the joining operation will be added to the Traefik loadbalancer. The leave, join and reset operations were refactored to use click. * Fixed a typo * Improve handling for missing k8s-dqlite arguments file (#2753) * Fix typo in configure script (#2758) * Remove the --insecure-port argument (#2756) * Fix add-node output in etcd based clusters (#2760) * Warn rpi users they need extra modules (#2754) * Remove deprecated configuration from containerd-template.toml and adapt it as suggested by containerd documentation. (#2648) * Fix removal of callback tokens (#2759) Co-authored-by: Angelos Kolaitis <angelos.kolaitis@canonical.com> * Bump actions/setup-python from 2.3.0 to 2.3.1 (#2765) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2.3.0 to 2.3.1. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v2.3.0...v2.3.1) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Replace depreated call from net-tools to iproute2 (#2751) * Replace deprecated network tools in inspect script (#2657) Use networks tools from iproute2 (ip addr + ss) instead of net-tools (ifconfig, netstat) * Replacement of deprecated net-tools to iproute2 tools It removes the use of the deprecated ifconfig and netstat tools notably when performing enabling/disabling host-access action and inside common/utils functions * Print warning for docker iff docker daemon is installed (#2769) * Update the PATH containerd-shims has to find runc (#2772) * Build traefik from source for s390x (#2768) * Remove colon from localhost ctonatinerd configuration (#2781) * Allow kube-proxy to change nf_conntrack_max on lxc (#2777) * Allow kube-proxy to change nf_conntrack_max on lxc * If you detect we are on lxc do not try set any conntrack params * Prepare for v1.23 (#2787) * Remove insecure-port only from local config (#2789) * Runc now requires Go 1.16 minimum in order to go get (#2799) * Hotfix ElasticSearch for Log4Shell (#2802) * Bump Multipass and default track (#2794) * fix ingress leader election when rbac is enabled (#2813) * fix ingress rbac so it can acquire lock * upgrade nginx ingress to v1.1.0 and update the rolebinding to use only resourceName * Bump carlosperate/download-file-action from 1.0.3 to 1.1.0 (#2808) Bumps [carlosperate/download-file-action](https://github.com/carlosperate/download-file-action) from 1.0.3 to 1.1.0. - [Release notes](https://github.com/carlosperate/download-file-action/releases) - [Commits](carlosperate/download-file-action@v1.0.3...v1.1.0) --- updated-dependencies: - dependency-name: carlosperate/download-file-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * upgrade dashboard to v2.3.0 to fix ingress API 404 (#2792) * Bump traefik version to 2.5 (#2809) Co-authored-by: Konstantinos Tsakalozos <konstantinos.tsakalozos@canonical.com> * Refuse joining nodes when hostname does not resolve (#2838) * Add low-memory guard (#2828) * Deprecate storage addon (#2833) * Replace 'storage' with 'hostpath-storage' * Upgrade hostpath-provisioner (#2853) * Upgrade hostpath-provisioner image to 1.1.0 * Enable storage addon on s390x * Enable storage addon even if hostpath directory exists (#2857) * Drop RemoveSelfLink=false feature flag (#2870) * Drop RemoveSelfLink=false feature flag from kube-apiserver * Add inspect check for hostpath storage addon version * Remove the dqlite related argument from the API server when disabling HA (#2864) * Silence the hostpath-provisioner error if the provisioner is not installed (#2873) * Enable hostpath-storage addon for s390x (#2874) * Update k8s-dqlite build version (#2872) * Fix bad merge Co-authored-by: John P Lettman <john.lettman@canonical.com> Co-authored-by: Konstantinos Tsakalozos <kos.tsakalozos@canonical.com> Co-authored-by: Tobias Muehl <t@muehl.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Elias Koromilas <elias.koromilas@gmail.com> Co-authored-by: balasu <balasundarammaster@gmail.com> Co-authored-by: Angelos Kolaitis <angelos.kolaitis@canonical.com> Co-authored-by: Mohammad Faraz <farazm708@gmail.com> Co-authored-by: balchua <balchua@yahoo.com> Co-authored-by: Stefano Palazzo <stefano.palazzo@gmail.com> Co-authored-by: Babis K <babis_k@outlook.com> Co-authored-by: odufourc <84727096+odufourc@users.noreply.github.com> Co-authored-by: YanZheng <vincent19376@gmail.com> Co-authored-by: Miroslav Balaz <gpslayer@gmail.com> Co-authored-by: Konstantinos Tsakalozos <konstantinos.tsakalozos@canonical.com>
neoaggelos
pushed a commit
that referenced
this pull request
Feb 8, 2022
* Allow kube-proxy to change nf_conntrack_max on lxc * If you detect we are on lxc do not try set any conntrack params
neoaggelos
pushed a commit
that referenced
this pull request
Feb 8, 2022
* Allow kube-proxy to change nf_conntrack_max on lxc * If you detect we are on lxc do not try set any conntrack params
ktsakalozos
added a commit
that referenced
this pull request
Feb 9, 2022
ktsakalozos
added a commit
that referenced
this pull request
Feb 9, 2022
joedborg
added a commit
that referenced
this pull request
Feb 23, 2022
* Include ingress for addon status check * Add addon to expose dashboard over ingress (#906) * Add validator for dashboard-ingress (#906) * Add note and workaround for nip.io in tests * Force HTTPS redirect on dashboard ingress * Fix lint on validator changes at dashboard_ingress * Add config args to dashboard-ingress addon (#906) * fix unclosed monospace text on nip.io workaround * Move storage-dir argument to k8s-dqlite (#2672) * Move storage-dir argument to k8s-dqlite * Fix the config values * Remove empty line * Use Docker's own registry image (#2679) * Update k8s-dqlite to include the empty cluster.yaml fix (#2683) * Upgrade linkerd to version 2.11.1 * Fix yaml loading in tests (#2698) * Update EnVar plugin (#2704) * Installer 2.2.1 release (#2705) * Bump actions/checkout from 2.3.5 to 2.4.0 (#2706) Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.5 to 2.4.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v2.3.5...v2.4.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update inaccel add-on (#2681) * Set `kube-system` as the default namespace * Test mutating webhook features Signed-off-by: Elias Koromilas <elias.koromilas@gmail.com> * Inspect report to include basic dqlite info (#2688) * Update check-formatting.yml (#2721) Rename `build` to `check-formatting`. This helps when running locally with `act`. * Add clustering tests. Remove dead tests. (#2697) * Update GPU operator to v1.8.2 and fix its test (#2708) * updated portainer disable script (#2693) * Update default kube-apiserver arguments (#2731) - Disable profiling (--profiling=false) - Reduce event TTL to 5 minutes (--event-ttl=5m) * Bump ingress to v1.0.5 (#2732) * Bump actions/setup-python from 2.2.2 to 2.3.0 (#2738) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2.2.2 to 2.3.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v2.2.2...v2.3.0) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Use SafeLoader instead of FullLoader (#2726) * Pull inspection tarball out of the multipass VM (#2711) * upgrade keda to the latest version * upgrade jaeger operator * upgrade metrics server to v0.5.2 * Worker only node with dqlite (#2444) microk8s join command has an additional --worker option to add the node as a worker node not running the control plane. Kubelet and kube-proxy contact a Traefik loadbalancer running locally on port 16443 (same as the API server) and Traefik forwards the requests towards a set of configured API servers. Kubelet and kube-proxy are authenticated based on x509 certificates so it does not matter which master node they contact. Nodes running the control plane are labeled with node.kubernetes.io/microk8s-controlplane=microk8s-controlplane, worker nodes are labeled with node.kubernetes.io/microk8s-worker=microk8s-worker. Nodes labeled with node.kubernetes.io/microk8s-controlplane=microk8s-controlplane at the time of the joining operation will be added to the Traefik loadbalancer. The leave, join and reset operations were refactored to use click. * Fixed a typo * Improve handling for missing k8s-dqlite arguments file (#2753) * Fix typo in configure script (#2758) * Remove the --insecure-port argument (#2756) * Fix add-node output in etcd based clusters (#2760) * Warn rpi users they need extra modules (#2754) * Remove deprecated configuration from containerd-template.toml and adapt it as suggested by containerd documentation. (#2648) * Fix removal of callback tokens (#2759) Co-authored-by: Angelos Kolaitis <angelos.kolaitis@canonical.com> * Bump actions/setup-python from 2.3.0 to 2.3.1 (#2765) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2.3.0 to 2.3.1. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v2.3.0...v2.3.1) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Replace depreated call from net-tools to iproute2 (#2751) * Replace deprecated network tools in inspect script (#2657) Use networks tools from iproute2 (ip addr + ss) instead of net-tools (ifconfig, netstat) * Replacement of deprecated net-tools to iproute2 tools It removes the use of the deprecated ifconfig and netstat tools notably when performing enabling/disabling host-access action and inside common/utils functions * Print warning for docker iff docker daemon is installed (#2769) * Update the PATH containerd-shims has to find runc (#2772) * Build traefik from source for s390x (#2768) * Remove colon from localhost ctonatinerd configuration (#2781) * Allow kube-proxy to change nf_conntrack_max on lxc (#2777) * Allow kube-proxy to change nf_conntrack_max on lxc * If you detect we are on lxc do not try set any conntrack params * Prepare for v1.23 (#2787) * Remove insecure-port only from local config (#2789) * Runc now requires Go 1.16 minimum in order to go get (#2799) * Hotfix ElasticSearch for Log4Shell (#2802) * Bump Multipass and default track (#2794) * fix ingress leader election when rbac is enabled (#2813) * fix ingress rbac so it can acquire lock * upgrade nginx ingress to v1.1.0 and update the rolebinding to use only resourceName * Bump carlosperate/download-file-action from 1.0.3 to 1.1.0 (#2808) Bumps [carlosperate/download-file-action](https://github.com/carlosperate/download-file-action) from 1.0.3 to 1.1.0. - [Release notes](https://github.com/carlosperate/download-file-action/releases) - [Commits](carlosperate/download-file-action@v1.0.3...v1.1.0) --- updated-dependencies: - dependency-name: carlosperate/download-file-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * upgrade dashboard to v2.3.0 to fix ingress API 404 (#2792) * Bump traefik version to 2.5 (#2809) Co-authored-by: Konstantinos Tsakalozos <konstantinos.tsakalozos@canonical.com> * Refuse joining nodes when hostname does not resolve (#2838) * Add low-memory guard (#2828) * Deprecate storage addon (#2833) * Replace 'storage' with 'hostpath-storage' * Upgrade hostpath-provisioner (#2853) * Upgrade hostpath-provisioner image to 1.1.0 * Enable storage addon on s390x * Enable storage addon even if hostpath directory exists (#2857) * Drop RemoveSelfLink=false feature flag (#2870) * Drop RemoveSelfLink=false feature flag from kube-apiserver * Add inspect check for hostpath storage addon version * Remove the dqlite related argument from the API server when disabling HA (#2864) * Silence the hostpath-provisioner error if the provisioner is not installed (#2873) * Enable hostpath-storage addon for s390x (#2874) * Update k8s-dqlite build version (#2872) * Fix RBAC rules for new hostpath-provisioner * Fix error retrieving resource lock (#2885) * Remove kubeflow and juju addons (#2869) * Remove kubeflow and juju addons * Upgrade containerd to 1.5.9 (#2899) * Bump actions/setup-python from 2.3.1 to 2.3.2 (#2904) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2.3.1 to 2.3.2. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v2.3.1...v2.3.2) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Initial split of addon out of the main repository (#2892) * Remove replicated slots * Pin addons branch to strict * Delete addons dir if already created on previous build Co-authored-by: John P Lettman <john.lettman@canonical.com> Co-authored-by: Konstantinos Tsakalozos <kos.tsakalozos@canonical.com> Co-authored-by: Tobias Muehl <t@muehl.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Elias Koromilas <elias.koromilas@gmail.com> Co-authored-by: balasu <balasundarammaster@gmail.com> Co-authored-by: Angelos Kolaitis <angelos.kolaitis@canonical.com> Co-authored-by: Mohammad Faraz <farazm708@gmail.com> Co-authored-by: balchua <balchua@yahoo.com> Co-authored-by: Stefano Palazzo <stefano.palazzo@gmail.com> Co-authored-by: Babis K <babis_k@outlook.com> Co-authored-by: odufourc <84727096+odufourc@users.noreply.github.com> Co-authored-by: YanZheng <vincent19376@gmail.com> Co-authored-by: Miroslav Balaz <gpslayer@gmail.com> Co-authored-by: Konstantinos Tsakalozos <konstantinos.tsakalozos@canonical.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When kube-proxy starts it tries to set the contents of
/proc/sys/net/netfilter/nf_conntrack_maxto131072if it is set to another number. On lxc containers this file is read only causing kube-proxy to fail. With this PR we update the LXC profiles to allow changing this file. This will address the issue on the pre-1.23 tracksWe also try to detect that we run on lxc and we set the conntrack-max-per-core argument so kube-proxy will not bother with contrack. This behavior will apply for the 1.23+ releases.
Fixes: #1438