Use data-dir and wal-dir to restore etcd snapshots

Dockerfile.dapper

@@ -11,9 +11,9 @@ RUN apt-get update && \
 ENV GOLANG_ARCH_amd64=amd64 GOLANG_ARCH_arm=armv6l GOLANG_ARCH_arm64=arm64 GOLANG_ARCH=GOLANG_ARCH_${ARCH} \
     GOPATH=/go PATH=/go/bin:/usr/local/go/bin:${PATH} SHELL=/bin/bash
 
-RUN wget -O - https://storage.googleapis.com/golang/go1.16.4.linux-${!GOLANG_ARCH}.tar.gz | tar -xzf - -C /usr/local
+RUN wget -O - https://storage.googleapis.com/golang/go1.16.6.linux-${!GOLANG_ARCH}.tar.gz | tar -xzf - -C /usr/local
 
-RUN curl -sL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s v1.40.1
+RUN curl -sL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s v1.41.1
 
 ENV DOCKER_URL_amd64=https://get.docker.com/builds/Linux/x86_64/docker-1.10.3 \
     DOCKER_URL_arm=https://github.com/rancher/docker/releases/download/v1.10.3-ros1/docker-1.10.3_arm \

README.md

@@ -4,7 +4,7 @@ Rancher Kubernetes Engine, an extremely simple, lightning fast Kubernetes instal
 
 ## Latest Release
 
-* v1.2.9 - Read the full release [notes](https://github.com/rancher/rke/releases/tag/v1.2.9).
+* v1.2.11 - Read the full release [notes](https://github.com/rancher/rke/releases/tag/v1.2.11).
 
 ## Download
 

cluster/cluster.go

@@ -99,7 +99,6 @@ const (
 	NameLabel              = "name"
 
 	WorkerThreads = util.WorkerThreads
-	SELinuxLabel  = services.SELinuxLabel
 
 	serviceAccountTokenFileParam = "service-account-key-file"
 

cluster/defaults.go

@@ -123,6 +123,7 @@ const (
 	DefaultHTTPPort                   = 80
 	DefaultHTTPSPort                  = 443
 	DefaultNetworkMode                = "hostNetwork"
+	DefaultNetworkModeV121            = "hostPort"
 )
 
 var (
@@ -804,9 +805,26 @@ func (c *Cluster) setAddonsDefaults() {
 	if c.Monitoring.Replicas == nil {
 		c.Monitoring.Replicas = &DefaultMonitoringAddonReplicas
 	}
+	k8sVersion := c.RancherKubernetesEngineConfig.Version
+	toMatch, err := semver.Make(k8sVersion[1:])
+	if err != nil {
+		logrus.Warnf("Cluster version [%s] can not be parsed as semver", k8sVersion)
+	}
 
 	if c.Ingress.NetworkMode == "" {
-		c.Ingress.NetworkMode = DefaultNetworkMode
+		networkMode := DefaultNetworkMode
+		logrus.Debugf("Checking network mode for ingress for cluster version [%s]", k8sVersion)
+		// network mode will be hostport for k8s 1.21 and up
+		hostPortRange, err := semver.ParseRange(">=1.21.0-rancher0")
+		if err != nil {
+			logrus.Warnf("Failed to parse semver range for checking ingress network mode")
+		}
+		if hostPortRange(toMatch) {
+			logrus.Debugf("Cluster version [%s] needs to have ingress network mode set to hostPort", k8sVersion)
+			networkMode = DefaultNetworkModeV121
+		}
+
+		c.Ingress.NetworkMode = networkMode
 	}
 
 	if c.Ingress.HTTPPort == 0 {
@@ -819,11 +837,6 @@ func (c *Cluster) setAddonsDefaults() {
 
 	if c.Ingress.DefaultBackend == nil {
 		defaultBackend := true
-		k8sVersion := c.RancherKubernetesEngineConfig.Version
-		toMatch, err := semver.Make(k8sVersion[1:])
-		if err != nil {
-			logrus.Warnf("Cluster version [%s] can not be parsed as semver", k8sVersion)
-		}
 		logrus.Debugf("Checking ingress default backend for cluster version [%s]", k8sVersion)
 		// default backend will be false for k8s 1.21 and up
 		disableIngressDefaultBackendRange, err := semver.ParseRange(">=1.21.0-rancher0")

cluster/file-deployer.go

@@ -60,15 +60,9 @@ func doDeployFile(ctx context.Context, host *hosts.Host, fileName, fileContents,
 	}
 	hostCfg := &container.HostConfig{
 		Binds: []string{
-			fmt.Sprintf("%s:/etc/kubernetes", path.Join(host.PrefixPath, "/etc/kubernetes")),
+			fmt.Sprintf("%s:/etc/kubernetes:z", path.Join(host.PrefixPath, "/etc/kubernetes")),
 		},
 	}
-	if hosts.IsDockerSELinuxEnabled(host) {
-		// We apply the label because we do not rewrite SELinux labels anymore on volume mounts (no :z)
-		logrus.Debugf("Applying security opt label [%s] for [%s] container on host [%s]", SELinuxLabel, ContainerName, host.Address)
-		hostCfg.SecurityOpt = append(hostCfg.SecurityOpt, SELinuxLabel)
-	}
-
 	if err := docker.DoRunOnetimeContainer(ctx, host.DClient, imageCfg, hostCfg, ContainerName, host.Address, ServiceName, prsMap); err != nil {
 		return err
 	}

cluster/plan.go

@@ -266,10 +266,10 @@ func (c *Cluster) BuildKubeAPIProcess(host *hosts.Host, serviceOptions v3.Kubern
 		services.SidekickContainerName,
 	}
 	Binds := []string{
-		fmt.Sprintf("%s:/etc/kubernetes", path.Join(host.PrefixPath, "/etc/kubernetes")),
+		fmt.Sprintf("%s:/etc/kubernetes:z", path.Join(host.PrefixPath, "/etc/kubernetes")),
 	}
 	if c.Services.KubeAPI.AuditLog != nil && c.Services.KubeAPI.AuditLog.Enabled {
-		Binds = append(Binds, fmt.Sprintf("%s:/var/log/kube-audit", path.Join(host.PrefixPath, "/var/log/kube-audit")))
+		Binds = append(Binds, fmt.Sprintf("%s:/var/log/kube-audit:z", path.Join(host.PrefixPath, "/var/log/kube-audit")))
 		bytes, err := yaml.Marshal(c.Services.KubeAPI.AuditLog.Configuration.Policy)
 		if err != nil {
 			logrus.Warnf("Error while marshalling auditlog policy: %v", err)
@@ -358,7 +358,7 @@ func (c *Cluster) BuildKubeControllerProcess(host *hosts.Host, serviceOptions v3
 		services.SidekickContainerName,
 	}
 	Binds := []string{
-		fmt.Sprintf("%s:/etc/kubernetes", path.Join(host.PrefixPath, "/etc/kubernetes")),
+		fmt.Sprintf("%s:/etc/kubernetes:z", path.Join(host.PrefixPath, "/etc/kubernetes")),
 	}
 
 	for arg, value := range c.Services.KubeController.ExtraArgs {
@@ -485,29 +485,29 @@ func (c *Cluster) BuildKubeletProcess(host *hosts.Host, serviceOptions v3.Kubern
 		}
 	} else {
 		Binds = []string{
-			fmt.Sprintf("%s:/etc/kubernetes", path.Join(host.PrefixPath, "/etc/kubernetes")),
-			"/etc/cni:/etc/cni:rw",
-			"/opt/cni:/opt/cni:rw",
-			fmt.Sprintf("%s:/var/lib/cni", path.Join(host.PrefixPath, "/var/lib/cni")),
-			"/var/lib/calico:/var/lib/calico",
+			fmt.Sprintf("%s:/etc/kubernetes:z", path.Join(host.PrefixPath, "/etc/kubernetes")),
+			"/etc/cni:/etc/cni:rw,z",
+			"/opt/cni:/opt/cni:rw,z",
+			fmt.Sprintf("%s:/var/lib/cni:z", path.Join(host.PrefixPath, "/var/lib/cni")),
+			"/var/lib/calico:/var/lib/calico:z",
 			"/etc/resolv.conf:/etc/resolv.conf",
 			"/sys:/sys:rprivate",
-			host.DockerInfo.DockerRootDir + ":" + host.DockerInfo.DockerRootDir + ":rw,rslave",
-			fmt.Sprintf("%s:%s:shared", path.Join(host.PrefixPath, "/var/lib/kubelet"), path.Join(host.PrefixPath, "/var/lib/kubelet")),
-			"/var/lib/rancher:/var/lib/rancher:shared",
+			host.DockerInfo.DockerRootDir + ":" + host.DockerInfo.DockerRootDir + ":rw,rslave,z",
+			fmt.Sprintf("%s:%s:shared,z", path.Join(host.PrefixPath, "/var/lib/kubelet"), path.Join(host.PrefixPath, "/var/lib/kubelet")),
+			"/var/lib/rancher:/var/lib/rancher:shared,z",
 			"/var/run:/var/run:rw,rprivate",
 			"/run:/run:rprivate",
 			fmt.Sprintf("%s:/etc/ceph", path.Join(host.PrefixPath, "/etc/ceph")),
 			"/dev:/host/dev:rprivate",
-			"/var/log/containers:/var/log/containers",
-			"/var/log/pods:/var/log/pods",
+			"/var/log/containers:/var/log/containers:z",
+			"/var/log/pods:/var/log/pods:z",
 			"/usr:/host/usr:ro",
 			"/etc:/host/etc:ro",
 		}
 
 		// Special case to simplify using flex volumes
 		if path.Join(host.PrefixPath, "/var/lib/kubelet") != "/var/lib/kubelet" {
-			Binds = append(Binds, "/var/lib/kubelet/volumeplugins:/var/lib/kubelet/volumeplugins:shared")
+			Binds = append(Binds, "/var/lib/kubelet/volumeplugins:/var/lib/kubelet/volumeplugins:shared,z")
 		}
 	}
 	Binds = append(Binds, host.GetExtraBinds(kubelet.BaseService)...)
@@ -622,7 +622,7 @@ func (c *Cluster) BuildKubeProxyProcess(host *hosts.Host, serviceOptions v3.Kube
 		}
 	} else {
 		Binds = []string{
-			fmt.Sprintf("%s:/etc/kubernetes", path.Join(host.PrefixPath, "/etc/kubernetes")),
+			fmt.Sprintf("%s:/etc/kubernetes:z", path.Join(host.PrefixPath, "/etc/kubernetes")),
 			"/run:/run",
 		}
 
@@ -740,7 +740,7 @@ func (c *Cluster) BuildSchedulerProcess(host *hosts.Host, serviceOptions v3.Kube
 		services.SidekickContainerName,
 	}
 	Binds := []string{
-		fmt.Sprintf("%s:/etc/kubernetes", path.Join(host.PrefixPath, "/etc/kubernetes")),
+		fmt.Sprintf("%s:/etc/kubernetes:z", path.Join(host.PrefixPath, "/etc/kubernetes")),
 	}
 
 	for arg, value := range c.Services.Scheduler.ExtraArgs {
@@ -910,8 +910,8 @@ func (c *Cluster) BuildEtcdProcess(host *hosts.Host, etcdHosts []*hosts.Host, se
 	}
 
 	Binds := []string{
-		fmt.Sprintf("%s:%s", path.Join(host.PrefixPath, "/var/lib/etcd"), services.EtcdDataDir),
-		fmt.Sprintf("%s:/etc/kubernetes", path.Join(host.PrefixPath, "/etc/kubernetes")),
+		fmt.Sprintf("%s:%s:z", path.Join(host.PrefixPath, "/var/lib/etcd"), services.EtcdDataDir),
+		fmt.Sprintf("%s:/etc/kubernetes:z", path.Join(host.PrefixPath, "/etc/kubernetes")),
 	}
 
 	if serviceOptions.Etcd != nil {