Fixes issue with localhost access to ServiceLB when
ExternalTrafficPolicy=Local
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 93279d2f59)
* Shortcircuit search with help and version flag
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Keep functions seperate
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
As per https://github.com/golang/go/issues/47001 even subtle.ConstantTimeCompare should never be used with variable-length inputs, as it will return 0 if the lengths do not match. Switch to consistently using constant-time comparisons of hashes for password checks to avoid any possible side-channel leaks that could be combined with other vectors to discover password lengths.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 239021e759)
Also add bandwidth and firewall plugins. The bandwidth plugin is
automatically registered with the appropriate capability, but the
firewall plugin must be configured by the user if they want to use it.
Ref: https://www.cni.dev/plugins/current/meta/firewall/
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit cedefeff24)
Several places in the code used a 5-second retry loop to wait on
Runtime.Core to be set. This caused a race condition where OnChange
handlers could be added after the Wrangler shared informers were already
started. When this happened, the handlers were never called because the
shared informers they relied upon were not started.
Fix that by requiring anything that waits on Runtime.Core to run from a
cluster controller startup hook that is guaranteed to be called before
the shared informers are started, instead of just firing it off in a
goroutine that retries until it is set.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit c44d33d29b)
Don't set up the agent tunnel authorizer on agentless servers, and warn when agentless servers won't have a way to reach in-cluster endpoints.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 31a6386994)
Fixes an issue where CRDs were being created without schema, allowing
resources with invalid content to be created, later stalling the
controller ListWatch event channel when the invalid resources could not
be deserialized.
This also requires moving Addon GVK tracking from a status field to
an annotation, as the GroupVersionKind type has special handling
internal to Kubernetes that prevents it from being serialized to the CRD
when schema validation is enabled.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit ad41fb8c96)
* local-storage: Fix permission
/var/lib/rancher/k3s/storage/ should be 700
/var/lib/rancher/k3s/storage/* should be 777
Fixes#2348
Signed-off-by: Boleyn Su <boleyn.su@gmail.com>
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Boleyn Su <boleyn.su@gmail.com>
Co-authored-by: Brad Davidson <brad@oatmail.org>
This commit adds SearchK3sLog function to find specific strings in integration tests log file and also removes FindStringInCmdAsync function since it was not being used.
Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
(cherry picked from commit 3982213f06)
Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
* Handle multiple arguments with StringSlice flags (#7380)
* Add helper function for multiple arguments in stringslice
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Cleanup server setup with util function
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Enable FindString to search dotD config files (#7323)
* Enable FindString to search dotD config files
* Address multiple arg cases
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
This adds integration tests for the following flags: "--etcd-snapshot-name","--etcd-snapshot-dir","--etcd-snapshot-retention","--etcd-snapshot-schedule-cron" and "--etcd-snapshot-compress". It also refactors K3sStartServer to stop applying strings.Fields() into inputArgs, so it can accept arguments that have space in their definition.
Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
(cherry picked from commit 1ac03aad43)
Brad Davidson