Commit Graph

2979 Commits (07ee8549149d520610a98b9a7932f638bc508b23)

Author SHA1 Message Date
Brad Davidson eb982bbbde Bump etcd to v3.5.7
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-03 17:00:30 -07:00
Brad Davidson cee3ddbc4a
Bump Local Path Provisioner version (#7167)
* chore: Bump Local Path Provisioner version
* go generate

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2023-04-03 16:00:16 -07:00
Guilherme Macedo ddd9665fed
Improve Trivy configuration (#7154)
Signed-off-by: Guilherme Macedo <guilherme.macedo@suse.com>
2023-04-03 14:09:21 -05:00
Guilherme Macedo fdf994dc35
[UpdateCLI] Improve workflow (#7142)
* Improve UpdateCLI workflow
* Update Go version to stable in workflow

Signed-off-by: Guilherme Macedo <guilherme.macedo@suse.com>
2023-04-03 13:40:49 -05:00
Guilherme Macedo 37b3f4d25c
Run go generate in local-path-provisioner Updatecli pipeline (#7181)
Signed-off-by: Guilherme Macedo <guilherme.macedo@suse.com>
2023-04-03 09:30:56 -07:00
ShylajaDevadiga 8ec7d5e6b0
fix_get_sha_url (#7187)
Signed-off-by: ShylajaDevadiga <shylaja@rancher.com>
2023-03-31 13:26:29 -07:00
Derek Nola a99376663b
Drone Pipelines enhancement (#7169)
* Dont run most pipelines on nightly cron

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Don't run skipfiles on push to master for arch pipelines

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-03-31 09:06:16 -07:00
Brooks Newberry fb491f5ebf
Update stable channel to v1.26.3+k3s1 (#7161) 2023-03-29 15:49:08 -07:00
Derek Nola d13ee64403
Enhance `k3s check-config` (#7091)
* Move  CONFIG_CGROUP_PIDS to Required

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-03-29 09:55:08 -07:00
Roberto Bonafiglia 01ea3ff27b Update flannel to fix NAT issue with old iptables version
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-03-22 18:15:34 +01:00
Derek Nola c97370be6f
Clean E2E VMs before testing (#7109)
* Cleanup VMs proper

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-03-22 09:32:37 -07:00
Brooks Newberry 7c32f88fec
Pin golangci-lint version to v1.51.2 (#7113) 2023-03-20 09:59:43 -07:00
Brooks Newberry dc4a148725
Update to v1.26.3-k3s1 (#7108) 2023-03-20 05:18:37 -07:00
Derek Nola 561ec056c1
Drone: Cleanup E2E VMs on test panic (#7104)
* Cleanup leftover VMs in E2E pipeline

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-03-17 11:35:05 -07:00
Derek Nola 9980504196
Fix to Rotate CA e2e test (#7101)
* Include note on service keys

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Fix rotate cert ca test

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Remove periods

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Add new test to nightly script

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-03-16 17:56:17 -07:00
Esteban Esquivel Alvarado 85b261096c
Add automation for Restart command for K3s (#7002)
Signed-off-by: est-suse <esteban.esquivel@suse.com>
2023-03-14 15:47:18 -07:00
Chris Wayne 19ac384929
Remove Nikolai from MAINTAINERS list (#7088)
Signed-off-by: Chris Wayne <cwayne18@gmail.com>
2023-03-14 14:33:06 -04:00
Roberto Bonafiglia 7d2f997b3e Added multiClusterCIDR E2E test
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-03-14 18:30:52 +01:00
Roberto Bonafiglia 262cd7de0a Added IPv6 check and agent restart on e2e test utils
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-03-14 18:30:52 +01:00
Roberto Bonafiglia 15ee88964b Added multiClusterCidr feature
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-03-14 18:30:52 +01:00
Daniel Mills 822ee79eb8
Remove deprecated nodeSelector label beta.kubernetes.io/os (#6970)
* Remove deprecated nodeSelector label beta.kubernetes.io/os

Problem:
The nodeSelector label beta.kubernetes.io/os in the CoreDNS deployment was deprecated in 1.14 and will likely be removed soon

Solution:
Change the nodeSelector to remove the beta

Signed-off-by: Dan Mills <evilhamsterman@gmail.com>
2023-03-14 12:56:40 -04:00
Richard Steinmetz a912902aa7
Add missing kernel config checks (#6946)
Add additional kernel config checks for NETFILTER_XT_MATCH_COMMENT and
NETFILTER_XT_MATCH_MULTIPORT as they are both required to run k3s.

Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
2023-03-14 12:55:38 -04:00
Matt Trachier 8503d0143c
skip all pipelines based on what is in the PR (#6996)
* add droneignore, make trivial change to README for testing, updating drone config to use droneignore to skip CI when files are all matched

Signed-off-by: matttrach <matttrach@gmail.com>
2023-03-14 12:49:44 -04:00
Brad Davidson 977a85559e Add support for cross-signing new certs during ca rotation
We need to send the full chain in order for cross-signing to work
properly during switchover to a new root.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-03-13 16:56:28 -07:00
Brad Davidson 68fcb48a35 Update/rename certs.sh; add default cert rotation script
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-03-13 16:56:28 -07:00
Daishan Peng b7f90f389c
Wait for kubelet port to be ready before setting (#7041)
* Wait for kubelet port to be ready before setting
* Wait for kubelet to update the Ready status before reading port

Signed-off-by: Daishan Peng <daishan@acorn.io>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Co-authored-by: Brad Davidson <brad.davidson@rancher.com>
2023-03-13 13:48:02 -07:00
Matt Trachier a45d081027
update stable version in channel server (#7066) 2023-03-13 13:43:22 -07:00
Derek Nola d218068f34
Adds a warning about editing to the containerd config.toml file (#7057)
* Add a warning to the config.toml file

Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Brad Davidson <brad@oatmail.org>
2023-03-13 13:42:17 -07:00
Derek Nola c259403af1
Bump various dependencies for CVEs (#7044)
* Bump wrangler to 1.1.1
* Match golang.org/x/net with flannel version
* Match golang.org/x/sys with containerd version
* Update gax-go to 2.1.1
* Isolate terraform e2e test with seperate go.mod/go.sum
* Bump containerd

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-03-13 09:37:45 -07:00
Roberto Bonafiglia e098b99bfa
Update flannel and kube-router (#7039)
* Update kube-router version to fix iptables rules

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>

* Update Flannel to v0.21.3

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>

---------

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-03-10 19:57:16 -08:00
Derek Nola c78dc4db71
Add flannel adr (#6973)
* Add flannel adr

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Incorporate Brads comments

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Remove the "s"

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Updated table with more info on flags

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Update docs/adrs/flannel-options.md

Co-authored-by: Roberto Bonafiglia <roberto.bonafiglia@gmail.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Roberto Bonafiglia <roberto.bonafiglia@gmail.com>
2023-03-10 19:55:32 -08:00
Derek Nola 522ad1e697
Add E2E to Drone (#6890)
* Initial drone vagrant pipeline

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Build e2e test image

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Add docker registry to E2E pipeline

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Bump libvirt image

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Add ci flag to secretsencryption

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Fix vagrant log on secretsencryption

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Remove DB parallel tests

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Reduce sonobuoy tests even further

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Add local build

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Add cron conformance pipeline

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Add string output for nodes

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Switch snapshot restore for upgrade cluster

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Fix cp

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-03-10 19:53:41 -08:00
Matt Trachier ea094d1d49
Update to v1.26.2-k3s1 (#7011)
* Update to v1.26.2
* update gh workflows and docker files to proper go version
---------
Signed-off-by: matttrach <matttrach@gmail.com>
2023-03-01 16:48:23 -06:00
Brad Davidson ee28c20b62 Bump kine to v0.9.9
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-23 17:19:18 -08:00
Brad Davidson cbe4bcfeee Add test for filterByIPFamily
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-21 14:13:22 -08:00
Brad Davidson cc333d8d0c Fix ServiceLB dual-stack ingress IP listing
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-21 14:13:22 -08:00
Brad Davidson 2156015521 Improve default umask for certs.sh
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-14 09:39:41 -08:00
Brad Davidson 23d98cec22 Fix CACertPath stripping trailing path components
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-14 09:39:41 -08:00
Brad Davidson 0c302f4341 Fix etcd member deletion
Turns out etcd-only nodes were never running **any** of the controllers,
so allowing multiple controllers didn't really fix things.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-14 09:39:41 -08:00
Derek Nola 9efa0797b7
Don't default to local K3s for startup test (#6950)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-02-13 15:00:57 -08:00
Roberto Bonafiglia 7739c8b97e Update flannel to v0.21.1
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-02-10 23:03:10 +01:00
Roberto Bonafiglia b8e69712a3 Updated flannel version to v0.21.0
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-02-10 23:03:10 +01:00
Brad Davidson 3d146d2f1b Allow for multiple sets of leader-elected controllers
Addresses an issue where etcd controllers did not run on etcd-only nodes

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-10 10:46:48 -08:00
Brad Davidson 0d416d797d Wait for server to become ready before creating token
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-10 10:08:23 -08:00
Paul Donohue 290d7e8fd1 Fix access to hostNetwork port on NodeIP when egress-selector-mode=agent
Signed-off-by: Paul Donohue <git@PaulSD.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-10 09:43:34 -08:00
Brad Davidson ddcc4d4034 go generate
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-09 15:20:49 -08:00
Brad Davidson c6d0afd0cb Check for existing resources before creating them
Prevents errors when starting with fail-closed webhooks

Also, use panic instead of Fatalf so that the CloudControllerManager rescue can handle the error

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-09 15:20:49 -08:00
Brad Davidson 32d62c5786 Use default address family when adding kubernetes service address to SAN list
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-09 15:17:21 -08:00
Byron Ruth a92f163c9d
Add NATS to the list of supported data stores (#6876)
Signed-off-by: Byron Ruth <byron@nats.io>
2023-02-08 09:37:23 -08:00
Brad Davidson b43dd7746d Add CI test
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-07 14:55:04 -08:00