Bump k3s-root and remove embedded strongswan support

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 2835368ecb)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

pkg/agent/config/config.go

@@ -461,7 +461,6 @@ func get(ctx context.Context, envInfo *cmds.Agent, proxy proxy.Proxy) (*config.N
 	}
 	nodeConfig.AgentConfig.Snapshotter = envInfo.Snapshotter
 	nodeConfig.AgentConfig.IPSECPSK = controlConfig.IPSECPSK
-	nodeConfig.AgentConfig.StrongSwanDir = filepath.Join(envInfo.DataDir, "agent", "strongswan")
 	nodeConfig.Containerd.Config = filepath.Join(envInfo.DataDir, "agent", "etc", "containerd", "config.toml")
 	nodeConfig.Containerd.Root = filepath.Join(envInfo.DataDir, "agent", "containerd")
 	nodeConfig.CRIDockerd.Root = filepath.Join(envInfo.DataDir, "agent", "cri-dockerd")

pkg/agent/flannel/setup.go

@@ -4,13 +4,12 @@ import (
 	"context"
 	"fmt"
 	"net"
-	"os"
+	"os/exec"
 	"path/filepath"
 	"strings"
 
 	"github.com/k3s-io/k3s/pkg/agent/util"
 	"github.com/k3s-io/k3s/pkg/daemons/config"
-	"github.com/k3s-io/k3s/pkg/version"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	v1 "k8s.io/api/core/v1"
@@ -229,12 +228,13 @@ func createFlannelConf(nodeConfig *config.Node) error {
 		backendConf = hostGWBackend
 	case config.FlannelBackendIPSEC:
 		backendConf = strings.ReplaceAll(ipsecBackend, "%psk%", nodeConfig.AgentConfig.IPSECPSK)
-		if err := setupStrongSwan(nodeConfig); err != nil {
+		if _, err := exec.LookPath("swanctl"); err != nil {
-			return err
+			return errors.Wrap(err, "k3s no longer includes strongswan - please install strongswan's swanctl and charon packages on your host")
 		}
+		logrus.Warnf("The ipsec backend is deprecated and will be removed in k3s v1.27; please switch to wireguard-native. Check our docs for information on how to migrate.")
 	case config.FlannelBackendWireguard:
 		backendConf = strings.ReplaceAll(wireguardBackend, "%flannelConfDir%", filepath.Dir(nodeConfig.FlannelConfFile))
-		logrus.Warnf("The wireguard backend is deprecated and will be removed in k3s v1.26, please switch to wireguard-native. Check our docs for information about how to migrate")
+		logrus.Warnf("The wireguard backend is deprecated and will be removed in k3s v1.26, please switch to wireguard-native. Check our docs for information about how to migrate.")
 	case config.FlannelBackendWireguardNative:
 		mode, ok := backendOptions["Mode"]
 		if !ok {
@@ -255,34 +255,6 @@ func createFlannelConf(nodeConfig *config.Node) error {
 	return util.WriteFile(nodeConfig.FlannelConfFile, confJSON)
 }
 
-func setupStrongSwan(nodeConfig *config.Node) error {
-	// if data dir env is not set point to root
-	dataDir := os.Getenv(version.ProgramUpper + "_DATA_DIR")
-	if dataDir == "" {
-		dataDir = "/"
-	}
-	dataDir = filepath.Join(dataDir, "etc", "strongswan")
-
-	info, err := os.Lstat(nodeConfig.AgentConfig.StrongSwanDir)
-	// something exists but is not a symlink, return
-	if err == nil && info.Mode()&os.ModeSymlink == 0 {
-		return nil
-	}
-	if err == nil {
-		target, err := os.Readlink(nodeConfig.AgentConfig.StrongSwanDir)
-		// current link is the same, return
-		if err == nil && target == dataDir {
-			return nil
-		}
-	}
-
-	// clean up strongswan old link
-	os.Remove(nodeConfig.AgentConfig.StrongSwanDir)
-
-	// make new strongswan link
-	return os.Symlink(dataDir, nodeConfig.AgentConfig.StrongSwanDir)
-}
-
 // fundNetMode returns the mode (ipv4, ipv6 or dual-stack) in which flannel is operating
 func findNetMode(cidrs []*net.IPNet) (int, error) {
 	dualStack, err := utilsnet.IsDualStackCIDRs(cidrs)

pkg/cli/cmds/server.go

@@ -208,7 +208,7 @@ var ServerFlags = []cli.Flag{
 	ClusterDomain,
 	cli.StringFlag{
 		Name:        "flannel-backend",
-		Usage:       "(networking) backend<=option1=val1,option2=val2> where backend is one of 'none', 'vxlan', 'ipsec', 'host-gw', 'wireguard-native', or 'wireguard' (deprecated)",
+		Usage:       "(networking) backend<=option1=val1,option2=val2> where backend is one of 'none', 'vxlan', 'ipsec' (deprecated), 'host-gw', 'wireguard-native', 'wireguard' (deprecated)",
 		Destination: &ServerConfig.FlannelBackend,
 		Value:       "vxlan",
 	},

pkg/daemons/config/types.go

@@ -112,7 +112,6 @@ type Agent struct {
 	ImageCredProvConfig     string
 	IPSECPSK                string
 	FlannelCniConfFile      string
-	StrongSwanDir           string
 	PrivateRegistry         string
 	SystemDefaultRegistry   string
 	AirgapExtraRegistry     []string

scripts/download

@@ -20,7 +20,7 @@ rm -rf ${CONTAINERD_DIR}
 mkdir -p ${CHARTS_DIR}
 mkdir -p ${DATA_DIR}
 
-curl --compressed -sfL https://github.com/k3s-io/k3s-root/releases/download/${VERSION_ROOT}/k3s-root-${ARCH}.tar | tar xf - --exclude=bin/socat
+curl --compressed -sfL https://github.com/k3s-io/k3s-root/releases/download/${VERSION_ROOT}/k3s-root-${ARCH}.tar | tar xf -
 
 git clone --single-branch --branch=${VERSION_RUNC} --depth=1 https://github.com/opencontainers/runc ${RUNC_DIR}
 
@@ -31,4 +31,4 @@ for CHART_FILE in $(grep -rlF HelmChart manifests/ | xargs yq eval --no-doc .spe
   curl -sfL ${CHARTS_URL}/${CHART_NAME}/${CHART_FILE} -o ${CHARTS_DIR}/${CHART_FILE}
 done
 
-cp scripts/wg-add.sh bin/aux/
+cp scripts/wg-add.sh bin/aux

scripts/version.sh

@@ -53,7 +53,7 @@ if [ -z "$VERSION_KUBE_ROUTER" ]; then
     VERSION_KUBE_ROUTER="v0.0.0"
 fi
 
-VERSION_ROOT="v0.11.0"
+VERSION_ROOT="v0.12.0"
 
 if [[ -n "$GIT_TAG" ]]; then
     if [[ ! "$GIT_TAG" =~ ^"$VERSION_K8S"[+-] ]]; then