Commit Graph

3036 Commits (16d29398ad6adac36b53a827213044133eb36280)

Author SHA1 Message Date
Brad Davidson 3a6284e2b9 Bump dynamiclistener to fix secret sync race
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-11-17 10:09:01 -08:00
Brad Davidson 1e0a7044cf Reorder snapshot configmap reconcile to reduce log spew during initial startup
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-11-17 10:09:01 -08:00
Vitor Savian e53c189587
Handle nil pointer when runtime core is not ready in etcd
Signed-off-by: Vitor <vitor.savian@suse.com>
2023-11-16 15:58:42 -08:00
Brad Davidson 6c544a4679 Add jitter to client config retry
Also:
* Replaces labeled for/continue RETRY loops with wait helpers for improved readability
* Pulls secrets and nodes from cache for node password verification
* Migrate nodepassword tests to wrangler mocks for better code reuse

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-11-16 09:53:28 -08:00
Derek Nola fa4c180637
Update install.sh sha256sum (#8885)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-11-16 09:40:52 -08:00
Johnatas da0593bcf9
More improves for K3s patch release docs (#8800)
* add more improves for patch releases

Signed-off-by: Johnatas <johnatas.santos@suse.com>

* a simple detail

Signed-off-by: Johnatas <johnatas.santos@suse.com>

---------

Signed-off-by: Johnatas <johnatas.santos@suse.com>
2023-11-16 14:35:45 -03:00
Harsimran Singh Maan abc2efdd57
Disable helm CRD installation for disable-helm-controller (#8702)
* Disable helm CRD installation for disable-helm-controller
    The NewContext package requires config as input which would
    require all third-party callers to update when the new go module
    is published.
    
    This change only affects the behaviour of installation of helm
    CRDs. Existing helm crds installed in a cluster would not be removed
    when disable-helm-controller flag is set on the server.
    
    Addresses #8701
* address review comments
* remove redundant check

Signed-off-by: Harsimran Singh Maan <maan.harry@gmail.com>
2023-11-15 14:35:31 -08:00
Jason Costello 07ee854914
Tweaked order of ingress IPs in ServiceLB (#8711)
* Tweaked order of ingress IPs in ServiceLB
    Previously, ingress IPs were only string-sorted when returned
    Sorted by IP family and string-sorted in each family as part of
    filterByIPFamily method
* Update pkg/cloudprovider/servicelb.go
* Formatting

Signed-off-by: Jason Costello <jason@hazy.com>
Co-authored-by: Brad Davidson <brad@oatmail.org>
2023-11-15 14:33:31 -08:00
Brad Davidson 7ecd5874d2 Skip initial datastore reconcile during cluster-reset
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-11-15 14:31:44 -08:00
Brad Davidson 2088218c5f Fix issue with snapshot metadata configmap
Omit snapshot list configmap entries for snapshots without extra metadata; reduce log level of warnings about missing s3 metadata files.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-11-15 14:25:28 -08:00
Hussein Galal fd8db56d5a
Fix wrong warning from restorecon in install script (#8871)
* Fix wrong warning from restorecon in install script

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Fix wrong warning from restorecon in install script

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

---------

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2023-11-16 00:11:25 +02:00
Derek Nola 78ea593780
General updates to README (#8786)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-11-15 09:45:29 -08:00
Samuel Mutel 19fd7e38f6 enh: Force umount for NFS mount (like with longhorn)
Signed-off-by: Samuel Mutel <12967891+smutel@users.noreply.github.com>
2023-11-14 16:34:43 -08:00
chenk008 b47cbbfd42
add agent flag disable-apiserver-lb (#8717)
* add node flag disable-agent-lb
* add agent flag disable-apiserver-lb

Co-authored-by: Brad Davidson <brad@oatmail.org>
Signed-off-by: chenk008 <kongchen28@gmail.com>
2023-11-14 15:54:32 -08:00
Oliver Larsson 30c8ad926d QoS-class resource configuration
Problem:
Configuring qos-class features in containerd requres a custom containerd configuration template.

Solution:
Look for configuration files in default locations and configure containerd to use them if they exist.

Signed-off-by: Oliver Larsson <larsson.e.oliver@gmail.com>
2023-11-14 15:53:14 -08:00
Brad Davidson 32a1efa408 Bump kine to fix multiple issues
Ref: https://github.com/k3s-io/kine/releases/tag/v0.11.0
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-11-14 15:50:56 -08:00
Thorsten Klein a26441613b add: timezone info in image
Signed-off-by: Thorsten Klein <tk@thklein.io>
2023-11-14 15:50:12 -08:00
Leke Ariyo 0011eb5ead
optimize: Simplify and clean up Dockerfile (#8244)
Signed-off-by: leke-ariyo <lekeariyo2015@gmail.com>
2023-11-14 09:37:31 -08:00
Manuel Buil 8f7a8b23b7 Improve dualStack log
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-11-14 10:50:37 +01:00
Hussein Galal f5920d7864
Add warning for multiclustercidr flag (#8758)
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2023-11-14 01:27:52 +02:00
Flavio Castelli ba5fcf13fc
Wasm shims and runtimes detection
Create a generic helper function that finds extra containerd runtimes.
The code was originally inside of the nvidia container discovery file.

Signed-off-by: Flavio Castelli <fcastelli@suse.com>

Discover the containerd shims based on runwasi that are already
available on the node.

The runtimes could have been installed either by a package manager or by
the kwasm operator.

Signed-off-by: Flavio Castelli <fcastelli@suse.com>

The containerd configuration on a Linux system now handles the nvidia
and the WebAssembly runtimes.

Signed-off-by: Flavio Castelli <fcastelli@suse.com>

---------

Signed-off-by: Flavio Castelli <fcastelli@suse.com>
2023-11-13 14:43:41 -08:00
Vitor Savian 875a9d19c6
Added ADR for etcd status
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
2023-11-13 07:46:24 -08:00
Vitor Savian c5cd7b3d65
Added etcd status condition
Signed-off-by: Vitor <vitor.savian@suse.com>
2023-11-13 06:39:24 -08:00
Johnatas 022c49242d
update channels latest to v1.27.7+k3s2 (#8799)
Signed-off-by: Johnatas <johnatas.santos@suse.com>
2023-11-08 22:31:42 -03:00
Brad Davidson bbafb86e91 Don't use iptables-save/iptables-restore if it will corrupt rules
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-11-07 10:01:27 -08:00
Hussein Galal 9e13aad4a8
Update traefik to fix registry value (#8792)
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2023-11-06 23:37:21 +02:00
Hussein Galal 1ae053d944
Upgrade traefik chart to v25.0.0 (#8771)
* Upgrade traefik chart to v25.0.0

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* go generate

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

---------

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2023-11-03 01:55:03 +02:00
Texot f575a05be2
fix: Access outer scope .SystemdCgroup (#8761)
Signed-off-by: Texot <tete1030@gmail.com>
2023-11-02 10:47:16 -07:00
github-actions[bot] c7c339f0b7
chore: Bump Trivy version (#8739)
Made with ❤️️ by updatecli

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2023-11-01 12:31:47 -07:00
github-actions[bot] 1e99a46256
chore: Update sonobuoy image versions (#8710)
Made with ❤️️ by updatecli

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2023-11-01 12:30:27 -07:00
Johnatas 9377accd9e
update stable to v1.27.7+k3s1 (#8753)
Signed-off-by: Johnatas <johnatas.santos@suse.com>
2023-11-01 13:49:40 -03:00
Hussein Galal 112e1339b7
Restore selinux context systemd unit file (#8593)
* Restore context of systemd unit file

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Restore context of systemd unit file

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* update the hash of install.sh file

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

---------

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2023-10-31 22:54:09 +02:00
Brad Davidson 49411e7084 Don't try to read token hash and cluster id during cluster-reset
These fields are only necessary when saving snapshots to S3, and will block restoration if attempted

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-27 15:06:29 -07:00
Johnatas 6aef26e94b
Update to v1.28.3 (#8682) 2023-10-19 16:54:48 -07:00
Brad Davidson 5b6b9685e9 Manually requeue configmap reconcile when no nodes have reconciled snapshots
Silences error message from lasso - this is a normal startup condition
when no snapshots exist so we shouldn't log nasty looking errors.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-18 15:09:25 -07:00
Brad Davidson 3db1d33282 Re-enable etcd endpoint auto-sync
Removing this in 002e6c43ee regressed
control-plane-only nodes, as we rely on the etcd client to update its
endpoint list internally so that we can use it to sync the load-balancer
address list.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-18 08:33:03 -07:00
Brad Davidson b8dc95539b Fix CloudDualStackNodeIPs feature-gate inconsistency
Enable the feature-gate for both kubelet and cloud-controller-manager. Enabling it on only one side breaks RKE2, where feature-gates are not shared due to running in different processes.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-17 10:40:12 -07:00
Sean Yen 0c9bf36fe0
[K3s][Windows Port] Build script, multi-call binary, and Flannel (#7259)
* initial windows port.

Signed-off-by: Sean Yen <seanyen@microsoft.com>
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Wei Ran <weiran@microsoft.com>
2023-10-16 14:53:09 -04:00
Derek Nola aaf8409096
Use version.Program not K3s in log (#8653)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-10-16 11:02:12 -07:00
Brad Davidson 9597ea1183 Start etcd client before ensuring self removal
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-13 23:24:16 -07:00
Brad Davidson 2291d6d079 Add etcd-only/control-plane-only server test
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-13 23:24:16 -07:00
Brad Davidson 7bb4a826af Update kube-router package in build script
Package was changed in version script in bc332ac667 but we missed changing it here as well.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-13 14:42:41 -07:00
Brad Davidson 3abc8b82ed Bump traefik, golang.org/x/net, google.golang.org/grpc
Fixes exposure to CVE-2023-39325

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-13 09:45:54 -07:00
Roberto Bonafiglia 1ffb4603cd Use IPv6 in case is the first configured IP with dualstack
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-10-13 10:23:31 +02:00
dlorenc 3d25e9f66c
Switch build target from main.go to a package. (#8342)
* Switch build target from main.go to a package.
* Dont build with vcs

Signed-off-by: Dan Lorenc <dlorenc@chainguard.dev>
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Derek Nola <derek.nola@suse.com>
2023-10-12 16:20:32 -07:00
Brad Davidson 7c5b69ca1d Fix etcd snapshot integration tests
Snapshot delete/prune tests were only working because the delete command
would report success even when deleting a snapshot that didn't exist,
and the test regex was finding the snapshot name multiple times in
the list output and deleting it twice.

Snapshot restore tests seem to have expected the deployment to be rolled out
immediately, which is not a reasonable expectation.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson d885162967 Add server token hash to CR and S3
This required pulling the token hash stuff out of the cluster package, into util.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson 550ab36ab7 Switch to managing ETCDSnapshotFile resources
Reconcile snapshot CRs instead of ConfigMap; manage ConfigMap downstream from CR list

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson 5cd4f69bfa Move snapshot delete into local/s3 functions
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson a15b804e00 Sort snapshots by time and key in tabwriter output
Fixes snapshot list coming out in non-deterministic order

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00