0a9d5c6e70
Bump runc, containerd, and docker dependencies ( #7452 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-05-08 12:48:04 -07:00
c41febb7f2
Merge pull request #7433 from manuelbuil/netutil1.25
...
[Release 1.25] Migrate netutil methods into /utils/net.go
2023-05-05 09:15:10 +02:00
cb23cf0a1e
Migrate netutil methods into /utils/net.go
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-05-05 07:24:22 +02:00
e6793519d7
[Release-1.25] CLI + Config Enhancement ( #7404 )
...
* Handle multiple arguments with StringSlice flags (#7380 )
* Add helper function for multiple arguments in stringslice
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Cleanup server setup with util function
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Enable FindString to search dotD config files (#7323 )
* Enable FindString to search dotD config files
* Address multiple arg cases
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-05-02 14:03:59 -07:00
86f4e50d2a
Add integration tests for etc-snapshot server flags and refactor /tests/integration/integration.go/K3sStartServer ( #7300 )
...
This adds integration tests for the following flags: "--etcd-snapshot-name","--etcd-snapshot-dir","--etcd-snapshot-retention","--etcd-snapshot-schedule-cron" and "--etcd-snapshot-compress". It also refactors K3sStartServer to stop applying strings.Fields() into inputArgs, so it can accept arguments that have space in their definition.
Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
(cherry picked from commit 1ac03aad43
2023-05-02 10:12:00 -03:00
31980fbb93
Containerd restart testlet ( #6696 )
...
* Add containerd testlet to startup integration
* Fix all log dumps
* Stop server gracefully
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-05-02 10:12:00 -03:00
71e53ae606
[Release-1.25] Add E2E testing in Drone ( #7375 )
...
* Add E2E to Drone
* Build e2e test image
* Add ci flag to secretsencryption
* Fix vagrant log on secretsencryption
* Add cron conformance pipeline
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add string output for nodes
* Switch snapshot restore for upgrade cluster
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Added IPv6 check and agent restart on e2e test utils
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
* Cleanup leftover VMs in E2E pipeline
* Dont run most pipelines on nightly cron
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Don't default to local K3s for startup test (#6950 )
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Added multiClusterCIDR E2E test
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
* fix_get_sha_url (#7187 )
Signed-off-by: ShylajaDevadiga <shylaja@rancher.com>
* Improve RunCmdOnNode error
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Pin upgradecluster to v1.25
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
Signed-off-by: ShylajaDevadiga <shylaja@rancher.com>
Co-authored-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
Co-authored-by: ShylajaDevadiga <56045581+ShylajaDevadiga@users.noreply.github.com>
2023-05-01 14:15:49 -07:00
7502ce6a6e
Update to v1.25.9-k3s1 ( #7283 )
2023-04-13 13:51:17 -07:00
59e573d111
Update install script to clean iptables rules before start
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-04-12 22:33:42 +02:00
53f1fd4c28
Update kube-router to insert iptables rules right after kubernetes ones
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-04-12 22:33:42 +02:00
540d19b097
[release-1.25] Update klipper lb and helm-controller ( #7240 )
...
* Update klipper lb and helm-controller
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* update klipper helm image
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
---------
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2023-04-06 22:17:21 +02:00
af81ed062a
Updated kube-route version to move the iptables ACCEPT default rule at the end of the chain
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-04-06 09:57:18 +02:00
355ddda647
Lock bootstrap data with empty key to prevent conflicts
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit d95980bba3
2023-04-05 16:29:13 -07:00
64709f401d
Debounce kubernetes service endpoint updates
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 2992477c4b
2023-04-05 16:29:13 -07:00
7036323cd7
Fix tests to not hide failure location in dummp assert functions
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit ece4d8e45c
2023-04-05 16:29:13 -07:00
5fc65fcda7
Fix issue with stale connections to removed LB server
...
Track LB connections through each server so that they can be closed when it is removed.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit e54ceaa497
2023-04-05 16:29:13 -07:00
50f46016da
Update remotedialer to silence errors when disconnecting
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 5dece799df
2023-04-05 16:29:13 -07:00
66dd02cbcc
go generate
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit d388b82d25
2023-04-05 16:29:13 -07:00
7686c73624
Ensure that loopback is used for the advertised address when resetting
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit de80c07053
2023-04-05 16:29:13 -07:00
45670c8ae4
Ensure that loopback is used for the advertised address when resetting
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit b010db0cff
2023-04-05 16:29:13 -07:00
e81356a287
Bump runc to v1.1.5
...
Addresses GHSA-m8cg-xc2p-r3fc GHSA-vpvm-3wq2-2wvm GHSA-g2j6-57v7-gm8c
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 877247a691
2023-04-05 16:29:13 -07:00
88d5a723ce
Bump Local Path Provisioner version ( #7167 )
...
* chore: Bump Local Path Provisioner version
* go generate
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
(cherry picked from commit cee3ddbc4a
2023-04-05 16:29:13 -07:00
c25f611eed
Remove deprecated nodeSelector label beta.kubernetes.io/os ( #6970 ) ( #7121 )
...
* Remove deprecated nodeSelector label beta.kubernetes.io/os
Problem:
The nodeSelector label beta.kubernetes.io/os in the CoreDNS deployment was deprecated in 1.14 and will likely be removed soon
Solution:
Change the nodeSelector to remove the beta
Signed-off-by: Dan Mills <evilhamsterman@gmail.com>
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
Co-authored-by: Daniel Mills <evilhamsterman@users.noreply.github.com>
2023-04-04 21:04:18 +02:00
9e22489daf
[Release-1.25] Enhance `check-config` ( #7164 )
...
* Add missing kernel config checks (#6946 )
Add additional kernel config checks for NETFILTER_XT_MATCH_COMMENT and
NETFILTER_XT_MATCH_MULTIPORT as they are both required to run k3s.
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
* Enhance `k3s check-config` (#7091 )
* Move CONFIG_CGROUP_PIDS to Required
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Richard Steinmetz <richard@steinmetz.cloud>
2023-03-29 12:15:38 -07:00
6c5ac02248
Update flannel to fix NAT issue with old iptables version
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-03-22 18:15:47 +01:00
46fd19b30e
Update to v1.25.8-k3s1 ( #7106 )
2023-03-17 15:28:28 -07:00
37a26379d5
Add support for cross-signing new certs during ca rotation
...
We need to send the full chain in order for cross-signing to work
properly during switchover to a new root.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-03-13 20:04:11 -07:00
27f032ddb9
Update/rename certs.sh; add default cert rotation script
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-03-13 20:04:11 -07:00
a6cac3e9e7
Adds a warning about editing to the containerd config.toml file ( #7075 )
...
* Add a warning to the config.toml file
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Brad Davidson <brad@oatmail.org>
2023-03-13 15:33:20 -07:00
7a7304e3d3
Wait for kubelet to update the Ready status before reading port
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-03-13 14:30:11 -07:00
0369a5a6a4
Wait for kubelet port to be ready before setting
...
Signed-off-by: Daishan Peng <daishan@acorn.io>
2023-03-13 14:30:11 -07:00
c904d97363
[Release-1.25] Enable dependabot ( #7045 )
...
* Enable dependabot on 1.25
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-03-13 09:38:26 -07:00
6728824743
[Release-1.25] Bump various dependencies for CVEs ( #7043 )
...
* Match flannel for x/net
* Match containerd for x/sys
* Update replace for go-gax
* Isolate e2e terraform depedencies
* Bump containerd
* Bump wrangler to 1.1.1
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-03-13 09:36:59 -07:00
f5d1f976d3
[Release 1.25] Update flannel and kube-router ( #7061 )
...
* Update kube-router version to fix iptables rules
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
* Update Flannel to v0.21.3
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
---------
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-03-10 20:31:52 -08:00
f7c20e237d
Update to v1.25.7-k3s1 ( #7010 )
...
* Update to v1.25.7
* update gh workflows and docker files to proper go version
---------
Signed-off-by: matttrach <matttrach@gmail.com>
2023-03-01 15:29:10 -06:00
8f6997883d
Bump kine to v0.9.9
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-23 17:19:31 -08:00
27b5441c96
Add test for filterByIPFamily
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-21 14:13:34 -08:00
0a2bdfdd7a
Fix ServiceLB dual-stack ingress IP listing
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-21 14:13:34 -08:00
97100de8d0
Improve default umask for certs.sh
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-14 13:18:12 -08:00
c3fbb30c2e
Fix CACertPath stripping trailing path components
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-14 13:18:12 -08:00
4e03608119
Fix etcd member deletion
...
Turns out etcd-only nodes were never running **any** of the controllers,
so allowing multiple controllers didn't really fix things.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-14 13:18:12 -08:00
14f2226b67
Allow for multiple sets of leader-elected controllers
...
Addresses an issue where etcd controllers did not run on etcd-only nodes
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-10 11:35:29 -08:00
e5e85b1723
Update flannel to v0.21.1
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-02-10 18:53:15 +01:00
dda9e48dfc
Updated flannel version to v0.21.0
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-02-10 18:53:15 +01:00
0ba4732c1f
Fix access to hostNetwork port on NodeIP when egress-selector-mode=agent
...
Signed-off-by: Paul Donohue <git@PaulSD.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-10 09:43:53 -08:00
a2521856f5
Wait for server to become ready before creating token
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-10 09:33:55 -08:00
d06052880e
Add CI test
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit b43dd7746d
2023-02-10 09:33:55 -08:00
af26f1816c
Add ADR
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit c900089e88
2023-02-10 09:33:55 -08:00
33c6488bbc
Ensure that node exists when using node auth
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 87f9c4ab11
2023-02-10 09:33:55 -08:00
ade6203aad
Add support for kubeadm token and client certificate auth
...
Allow bootstrapping with kubeadm bootstrap token strings or existing
Kubelet certs. This allows agents to join the cluster using kubeadm
bootstrap tokens, as created with the `k3s token create` command.
When the token expires or is deleted, agents can successfully restart by
authenticating with their kubelet certificate via node authentication.
If the token is gone and the node is deleted from the cluster, node auth
will fail and they will be prevented from rejoining the cluster until
provided with a valid token.
Servers still must be bootstrapped with the static cluster token, as
they will need to know it to decrypt the bootstrap data.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 992e64993d
2023-02-10 09:33:55 -08:00
Derek Nola