Using the node external IP address for all CNI traffic is a breaking change from previous versions; we should make it an opt-in for distributed clusters instead of default behavior.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
The InstancesV1 interface handled this for us by combining the ProviderName and InstanceID values; the new interface requires us to do it manually
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
For 1.24 and earlier, the svclb pods need a ServiceAccount so that we can allow their sysctls in PSPs
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit f25419ca2c)
Taint the first node so that the helm job doesn't run on it. In a real cluster the helm job would eventually succeed once all the servers were upgraded and had the new chart tarball.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Replace ETCD-JOIN-STABLE-SECOND with ETCD-JOIN-LATEST-FIRST. We don't
support joining down-level servers to existing clusters, as the new
down-level server will try to deploy older versions of the packaged
manifests.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
CA cert will never be equal to the serving-kube-apiserver cert so it seems like a copy-paste error.
Signed-off-by: Vladimir Pouzanov <farcaller@gmail.com>
We should be reading from the hijacked bufio.ReaderWriter instead of
directly from the net.Conn. There is a race condition where the
underlying http handler may consume bytes from the hijacked request
stream, if it comes in the same packet as the CONNECT header. These
bytes are left in the buffered reader, which we were not using. This was
causing us to occasionally drop a few bytes from the start of the
tunneled connection's client data stream.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
If CCM and ServiceLB are both disabled, don't run the cloud-controller-manager at all;
this should provide the same CLI flag behavior as previous releases, and not create
problems when users disable the CCM but still want ServiceLB.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Also reorder validations to perform the short checks first so that
things fail faster if there's a problem.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 8f41fe1a3f)
* Expand startup integration test
* add new data-dir subtest
* Added node flag subtest
* Fix to E2E tests
* Convert existing test to new server logging
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Convert nightly install to v1.24 channel
Signed-off-by: Derek Nola <derek.nola@suse.com>
Manuel Buil