From ced330c66a26a21a6f9fcbb0596d8ac7837432f4 Mon Sep 17 00:00:00 2001 From: Derek Nola Date: Thu, 24 Aug 2023 22:09:13 -0700 Subject: [PATCH] [v1.28] CLI Removal for v1.28.0 (#8203) * Remove deprecated flannel ipsec Signed-off-by: Derek Nola * Remove multipart backend Signed-off-by: Derek Nola * Fix secrets-encryption integration test flakiness Signed-off-by: Derek Nola --------- Signed-off-by: Derek Nola --- pkg/agent/flannel/setup.go | 15 +-------------- pkg/agent/run.go | 2 +- pkg/cli/cmds/server.go | 2 +- pkg/daemons/config/types.go | 1 - .../secretsencryption_int_test.go | 5 ++++- 5 files changed, 7 insertions(+), 18 deletions(-) diff --git a/pkg/agent/flannel/setup.go b/pkg/agent/flannel/setup.go index 2a5db3f4a2..40e1bd6f10 100644 --- a/pkg/agent/flannel/setup.go +++ b/pkg/agent/flannel/setup.go @@ -68,12 +68,6 @@ const ( "Type": "host-gw" }` - ipsecBackend = `{ - "Type": "ipsec", - "UDPEncap": true, - "PSK": "%psk%" -}` - tailscaledBackend = `{ "Type": "extension", "PostStartupCommand": "tailscale set --accept-routes --advertise-routes=%Routes%", @@ -208,20 +202,13 @@ func createFlannelConf(nodeConfig *config.Node) error { } var backendConf string - parts := strings.SplitN(nodeConfig.FlannelBackend, "=", 2) - backend := parts[0] backendOptions := make(map[string]string) - if len(parts) > 1 { - logrus.Fatalf("The additional options through flannel-backend are deprecated and were removed in k3s v1.27, use flannel-conf instead") - } - switch backend { + switch nodeConfig.FlannelBackend { case config.FlannelBackendVXLAN: backendConf = vxlanBackend case config.FlannelBackendHostGW: backendConf = hostGWBackend - case config.FlannelBackendIPSEC: - logrus.Fatal("The ipsec backend is deprecated and was removed in k3s v1.27; please switch to wireguard-native. Check our docs for information on how to migrate.") case config.FlannelBackendTailscale: var routes string switch netMode { diff --git a/pkg/agent/run.go b/pkg/agent/run.go index 250ba947ba..a826bde964 100644 --- a/pkg/agent/run.go +++ b/pkg/agent/run.go @@ -97,7 +97,7 @@ func run(ctx context.Context, cfg cmds.Agent, proxy proxy.Proxy) error { if !nodeConfig.NoFlannel { if (nodeConfig.FlannelExternalIP) && (len(nodeConfig.AgentConfig.NodeExternalIPs) == 0) { logrus.Warnf("Server has flannel-external-ip flag set but this node does not set node-external-ip. Flannel will use internal address when connecting to this node.") - } else if (nodeConfig.FlannelExternalIP) && (nodeConfig.FlannelBackend != daemonconfig.FlannelBackendWireguardNative) && (nodeConfig.FlannelBackend != daemonconfig.FlannelBackendIPSEC) { + } else if (nodeConfig.FlannelExternalIP) && (nodeConfig.FlannelBackend != daemonconfig.FlannelBackendWireguardNative) { logrus.Warnf("Flannel is using external addresses with an insecure backend: %v. Please consider using an encrypting flannel backend.", nodeConfig.FlannelBackend) } if err := flannel.Prepare(ctx, nodeConfig); err != nil { diff --git a/pkg/cli/cmds/server.go b/pkg/cli/cmds/server.go index 34eb21d473..d2ef6fd790 100644 --- a/pkg/cli/cmds/server.go +++ b/pkg/cli/cmds/server.go @@ -210,7 +210,7 @@ var ServerFlags = []cli.Flag{ ClusterDomain, &cli.StringFlag{ Name: "flannel-backend", - Usage: "(networking) Backend (valid values: 'none', 'vxlan', 'ipsec' (deprecated), 'host-gw', 'wireguard-native'", + Usage: "(networking) Backend (valid values: 'none', 'vxlan', 'host-gw', 'wireguard-native'", Destination: &ServerConfig.FlannelBackend, Value: "vxlan", }, diff --git a/pkg/daemons/config/types.go b/pkg/daemons/config/types.go index 9034b1b334..eac1d99874 100644 --- a/pkg/daemons/config/types.go +++ b/pkg/daemons/config/types.go @@ -24,7 +24,6 @@ const ( FlannelBackendNone = "none" FlannelBackendVXLAN = "vxlan" FlannelBackendHostGW = "host-gw" - FlannelBackendIPSEC = "ipsec" FlannelBackendWireguardNative = "wireguard-native" FlannelBackendTailscale = "tailscale" EgressSelectorModeAgent = "agent" diff --git a/tests/integration/secretsencryption/secretsencryption_int_test.go b/tests/integration/secretsencryption/secretsencryption_int_test.go index 8bab882cdb..247f9d714e 100644 --- a/tests/integration/secretsencryption/secretsencryption_int_test.go +++ b/tests/integration/secretsencryption/secretsencryption_int_test.go @@ -93,7 +93,10 @@ var _ = Describe("secrets encryption rotation", Ordered, func() { Eventually(func() error { return testutil.K3sDefaultDeployments() }, "180s", "5s").Should(Succeed()) - time.Sleep(10 * time.Second) + + Eventually(func() (string, error) { + return testutil.K3sCmd("secrets-encrypt status -d", secretsEncryptionDataDir) + }, "120s", "5s").Should(ContainSubstring("Current Rotation Stage: rotate")) }) It("reencrypts the keys", func() { Expect(testutil.K3sCmd("secrets-encrypt reencrypt -d", secretsEncryptionDataDir)).