686 Commits

Author SHA1 Message Date
Anders F Björklund
9479b9cd56 Detect ip6tables failure without full ipv6 support
Error when running with kernel from Kata Containers:
    can't initialize ip6tables table `filter':
    Table does not exist (do you need to insmod?)
    Perhaps ip6tables or your kernel needs to be upgraded.

This happens also in Apple Containers. Fallback to ipv4 only.
The alternative is building a custom kernel, with full support.
2025-09-29 18:31:53 +02:00
Benjamin Elder
aba08f4642 remove redundant var log dump from docker provider 2025-08-13 16:07:25 -07:00
Benjamin Elder
9f2c81070d refactor and conslidate per-node common log collection 2025-08-04 19:02:45 -07:00
Benjamin Elder
d1e0343d4d move most log dumping logic out of individual providers 2025-08-04 19:02:45 -07:00
Davanum Srinivas
665b093491 Drop usages sigs.k8s.io/yaml/goyaml.v3
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2025-07-10 19:23:02 -04:00
Ondra Kupka
02c862ec30 loadbalancer/config: Parse resolv.conf for DNS
Control plane in HA setup doesn't currently work using Podman.
This is because the haproxy DNS server is hard-coded to use
127.0.0.1:53, which is not available on Podman.

To get the actual NS address, /etc/resolv.conf must be consulted.
So this patch adds parse-resolv-conf to the haproxy resolvers block,
which makes HA control plane work on Podman instantly.

This works for Docker as well as resolv.conf is populated too.
2025-07-01 08:15:45 +02:00
Benjamin Elder
1e21827948 eliminate yaml.v3
not convinced these were necessary, users can patch arbitrary yaml in anyhow, I don't think there's a realistic threat model resolved by safetext/yamltemplate

further, the safetext repo doesn't seem to be responsively maintained, last commit 9 months ago, and the small number of issues are going unresponded (4 open, 0 closed, some multiple years old)
2025-04-24 22:00:51 -07:00
Benjamin Elder
b229bcf3d1 migrate off of gopkg.in/yaml.v3 2025-04-03 22:42:37 +01:00
Akihiro Suda
586b038936 update containerd to v2.0.2
Fix issue 3768

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2025-01-14 15:15:55 +09:00
Benjamin Elder
07f58a1c02 update shellescape to latest with new vanity import 2025-01-07 11:41:07 -08:00
Kenichi Kamiya
836f3dfad6 fix kind get clusters via nerdctl
Now raising errors when using nerdctl for the provider

```console
> ./kind --version
kind version 0.26.0-alpha
> nerdctl --version
nerdctl version 2.0.1
> ./kind get clusters
ERROR: failed to list clusters: command "nerdctl ps -a --filter label=io.x-k8s.kind.cluster --format '{{index .Labels "io.x-k8s.kind.cluster"}}'" failed with error: exit status 1
Command Output: time="2024-12-09T18:01:03+09:00" level=fatal msg="template: :1:2: executing \"\" at <index .Labels \"io.x-k8s.kind.cluster\">: error calling index: cannot index slice/array with type string"
```

nerdctl fixed the `.Label` behavior in v1.7.0.
2af4cef9e7
However `index .Labels` syntax is not yet supported at least in v2.0.1.
(The style is also used for podman provider, and it is available)

This commit follows up https://github.com/kubernetes-sigs/kind/pull/3429

Signed-off-by: Kenichi Kamiya <kachick1@gmail.com>
2024-12-09 18:29:08 +09:00
Kebe
1852589dd7 Setting the default hostIP for get kubeconfig
Update pkg/cluster/internal/providers/podman/provider.go

Co-authored-by: Antonio Ojea <antonio.ojea.garcia@gmail.com>
2024-11-07 21:58:02 +08:00
Benjamin Elder
ef0b4d02ab fix missing space in ip6tables error matching 2024-10-15 15:17:40 -07:00
Benjamin Elder
43c99ea29c detect ip6tables setup failure and fallback to ipv4 only 2024-10-04 13:12:50 -07:00
dominic.qi
f96632a3c8 Fix Kubeadm template format
Signed-off-by: dominic.qi <dominic.qi@jaco.live>
2024-07-25 19:15:40 +08:00
Giuseppe Scrivano
ceb72e47d8 cluster: drop DisableLocalStorageCapacityIsolation
it was used to workaround a kubelet crash issue with rootless
providers.

The Kubelet seems to work fine now with localStorageCapacityIsolation
enabled in a user namespace so drop the special handling.  After this
change, ephemeral storage can be used in a rootless cluster.

Closes: https://github.com/kubernetes-sigs/kind/issues/3359

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2024-06-11 12:57:39 -07:00
Jon Huhn
4d9c950122 update comments regarding skipping preflight kubeadm phase 2024-05-29 17:16:45 +00:00
Jon Huhn
e0d157b9a4 set skipPhases in Init and JoinConfiguration 2024-05-21 18:14:21 +00:00
Antonio Ojea
b939fa0f43 set nf_conntrack_tcp_be_liberal for nftables mode 2024-04-22 09:04:12 +00:00
Antonio Ojea
a5b2309373 kubeproxy mode const is lowercase 2024-04-22 08:40:31 +00:00
Antonio Ojea
296749aa2d support kube-proxy nftables mode 2024-04-11 14:47:54 +00:00
Kay Yan
724ea1a7ae Update pkg/cluster/internal/providers/nerdctl/provider.go
Add todo nerdctl handles concurrency better

Co-authored-by: Antonio Ojea <antonio.ojea.garcia@gmail.com>
Signed-off-by: Kay Yan <kay.yan@daocloud.io>
2024-04-07 08:24:17 +00:00
Kay Yan
a73cd978ae using no concrrent create container with nerdctl
Signed-off-by: Kay Yan <kay.yan@daocloud.io>
2024-04-03 06:10:31 +00:00
Benjamin Elder
58508bc576 nerdctl: fix if-return lint 2024-04-01 15:59:46 -07:00
Benjamin Elder
5f59a835fa fix if-return redundant if ...; err != nil check lint 2024-04-01 15:52:31 -07:00
Phil Estes
1759f35318 Determine which nerdctl implementation
When called via the library path, the nerdctl provider is
instantiated without a binary name. We still need to do
a lookup to determine if finch or nerdctl is the installed
binary to provide the local runtime command line

Signed-off-by: Phil Estes <estesp@gmail.com>
2024-03-25 14:34:06 -04:00
Kay Yan
974fa25b0d update docs for nerdctl support
Co-authored-by: Sean McGinnis <sean.mcginnis@gmail.com>
Signed-off-by: Kay Yan <kay.yan@daocloud.io>
2024-02-28 04:44:16 +00:00
Phil Estes
86c7c2e414 Initial provider for nerdctl/Finch
Adds implementation for a provider based on nerdctl. Several todos
in the code but the core functionality of creating/deleting clusters
is working and a simple application deployed works properly

Signed-off-by: Phil Estes <estesp@gmail.com>
2024-02-16 12:56:46 -05:00
Wouter
6a13c47996 Support multiple random ExtraPortMappings
When the default value, 0, is used for the HostPort in ExtraPortMappings
then Kind will determine a random HostPort to use for this mapping. The
validation only allowed a single instance of such a mapping, but now allows
multiple.

Also delay the closing of the randomly determined port until all random
ports have been determined to ensure the same port cannot be returned
multiple times by the operating system.
2024-02-09 02:47:09 +01:00
John Howard
18bb5af02f Remove exclude-from-external-load-balancers from single node clusters
Part of https://github.com/kubernetes-sigs/kind/issues/3506
2024-02-05 14:58:13 -08:00
Benjamin Elder
f52e77250f update haproxy image to latest build 2023-06-14 17:16:25 -07:00
Benjamin Elder
5588e0f186 move amwat to emeritus_approvers 2023-05-18 20:01:07 -07:00
Benjamin Elder
d16895a467 set cgroupns=private 2023-05-18 20:00:15 -07:00
Benjamin Elder
b63b495230 upgrade haproxy image to latest 2023-05-11 14:19:20 -07:00
Benjamin Elder
df2a59f3e2 Merge pull request #3157 from yanggangtony/delete-ioutil
Delete ioutil as it is Deprecated since Go 1.16
2023-05-11 10:00:06 -07:00
Antonio Ojea
4bc8c5892f podman: create ipv4 network if ipv6 is disabled
Signed-off-by: Antonio Ojea <aojea@google.com>
2023-04-24 21:51:46 +00:00
yanggang
6a7169806f Delete ioutil as it is Deprecated since Go 1.16
Signed-off-by: yanggang <gang.yang@daocloud.io>
2023-04-19 04:51:34 +08:00
Benjamin Elder
9fb3d908e4 bump haproxy image 2023-04-04 09:14:26 -07:00
yanggang
72d13903c5 fix error notes for interface Provider.GetAPIServerInternalEndpoint
Signed-off-by: yanggang <gang.yang@daocloud.io>
2023-04-03 15:42:20 +08:00
Lucas Ramage
6be3cfa9d0 Improve log output for delete cluster (#2934)
* Improve log output for delete cluster

* Revert logging removal of context from kubeconfig
2023-03-23 01:28:23 -07:00
Daniel Lipovetsky
47dfc9e840 fix: Limit HAProxy maximum concurrent connections
If the limit is not configured, HAProxy derives it from the file
descriptor limit. The higher the limit, the more memory HAProxy
allocates. That limit can be so high on modern Linux distros that
HAproxy allocates all available memory.
2023-03-04 15:53:17 -08:00
Antonio Ojea
153c0c517b bump haproxy to docker.io/kindest/haproxy:v20230227-d46f45b6 2023-02-27 21:00:40 +00:00
John Howard
1964100d41 Do it in post 2023-02-15 07:55:37 -08:00
John Howard
33c4eaf560 Add dnsSearch cluster option
Fixes https://github.com/kubernetes-sigs/kind/issues/3097
2023-02-14 13:45:31 -08:00
Benjamin Elder
b357fa4f86 bump haproxy image 2022-12-20 14:19:28 -08:00
Curt Bushko
3f6f231bee add --all-platforms flag to LoadImageArchive 2022-10-06 23:40:19 -04:00
Kubernetes Prow Robot
41b35032b3 Merge pull request #2911 from BenTheElder/safeyaml
switch to safetext/yamltemplate for yaml templating
2022-10-04 15:04:01 -07:00
Benjamin Elder
b1c16db489 mark StructuralData
this tells safetext that we *intend* to have input-based field keys here
2022-10-04 14:15:39 -07:00
Benjamin Elder
bd637d823d don't use index 2022-10-04 14:15:38 -07:00
Kubernetes Prow Robot
b241f7fc83 Merge pull request #2910 from BenTheElder/podman-overlap
check for new podman overlap error message
2022-09-22 00:27:04 -07:00