Commit Graph

3105 Commits (1a07661b9c97dcb6ec8594a9ed3612505002d549)

Author SHA1 Message Date
Edgar Lee a3770d21e2 Expose rootless containerd socket directories for external access
Signed-off-by: Edgar Lee <edgarhinshunlee@gmail.com>
(cherry picked from commit 0ac4c6a056)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-02-10 00:49:18 -08:00
Edgar Lee 0259b8e535 Expose rootless state dir under ~/.rancher/k3s/rootless
Signed-off-by: Edgar Lee <edgarhinshunlee@gmail.com>
(cherry picked from commit 14c6c63b30)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-02-10 00:49:18 -08:00
Oleg Matskiv 865b454a05 Don't verify the node password if the local host is not running an agent
Signed-off-by: Oleg Matskiv <oleg.matskiv@gmail.com>
(cherry picked from commit e3b237fc35)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-02-10 00:49:18 -08:00
Brad Davidson 493ebb9517 Fix ipv6 endpoint address selection for on-demand snapshots
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 8224a3a7f6)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-02-10 00:49:18 -08:00
Brad Davidson cd7c557754 Fix issue with coredns node hosts controller
The nodes controller was reading from the configmaps cache, but doesn't add any handlers, so if no other controller added configmap handlers, the cache would remain empty.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 888f866dae)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-02-10 00:49:18 -08:00
Brad Davidson 3d46c7da70 Bump CNI plugins to v1.4.0
Ref: https://github.com/rancher/plugins/compare/v1.3.0-k3s1...v1.4.0-k3s2

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 77ba9904d1)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-02-10 00:49:18 -08:00
Brad Davidson b620348998 Add check for etcd-snapshot-dir and fix panic in Walk
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 6ec1926f88)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-02-10 00:49:18 -08:00
Brad Davidson 6b2c1ecb0f Retry startup snapshot reconcile
The reconcile may run before the kubelet has created the node object; retry until it succeeds

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 82e3c32c9f)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-02-10 00:49:18 -08:00
Brad Davidson c2c9a265bf Fix excessive retry on snapshot reconcile
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 4005600d4e)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-02-10 00:49:18 -08:00
Roberto Bonafiglia dda9780f23 Update Kube-router to v2.0.1
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2024-02-09 20:15:42 +01:00
Harrison Affel a922a0e340 allow executors to define containerd and docker behavior
Signed-off-by: Harrison Affel <harrisonaffel@gmail.com>
2024-02-09 16:05:58 -03:00
Hussein Galal 034ee89344 Update flannel to v0.24.0 and remove multiclustercidr flag (#9075)
* update flannel to v0.24.0

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* remove multiclustercidr flag

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

---------

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2024-02-09 09:20:39 +01:00
Manuel Buil 6ff57ab749 Bump flannel version
Signed-off-by: Manuel Buil <mbuil@suse.com>
2024-02-09 09:20:39 +01:00
Vitor Savian 25c7208b7e Changed how lastHeartBeatTime works in the etcd condition
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
2024-02-08 04:55:11 -03:00
Vitor Savian f3b4effb32 Runtimes refactor using exec.LookPath
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
2024-02-08 04:52:53 -03:00
Derek Nola 5eb278b838
[Release-1.28] Auto Dependancy Bump (#9419)
* Bump Trivy version (#9237)

* chore: Bump Trivy version

Made with ❤️️ by updatecli

* chore: Bump Trivy version

Made with ❤️️ by updatecli

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Derek Nola <derek.nola@suse.com>

* build: Align drone base images (#8959)

Align the base images used in drone with the images used across the
ecosystem.

Signed-off-by: Paulo Gomes <paulo.gomes@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: Paulo Gomes <paulo.gomes@suse.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Paulo Gomes <paulo.gomes@suse.com>
2024-02-07 22:34:06 -08:00
Brad Davidson 190864259e Consistently handle component exit on shutdown
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-02-07 17:13:00 -08:00
Brad Davidson 5857584463 Bump cri-dockerd
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-02-07 17:13:00 -08:00
Matt Trachier 35ef1cec92
Bump Local Path Provisioner version (#8953) (#9426)
* chore: Bump Local Path Provisioner version
---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2024-02-07 18:24:30 -06:00
Brad Davidson c9f49a3b06 Bump helm-controller to fix issue with ChartContent
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-02-02 12:41:14 -08:00
Brad Davidson 2f9788ab55 Bump runc and helm-controller versions
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-02-01 18:52:07 -08:00
Brad Davidson 14fdacb85b gofmt config_test.go
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-02-01 18:52:07 -08:00
Brad Davidson aebdccfae5 Fix issues with certs.d template generation
* Fix issue with bare host or IP as endpoint
* Fix issue with localhost registries not defaulting to http.
* Move the registry template prep to a separate function,
  and adds tests of that function so that we can ensure we're
  generating the correct content.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-02-01 18:52:07 -08:00
Aofei Sheng 39a0001575 Use `ipFamilyPolicy: RequireDualStack` for dual-stack kube-dns (#8984)
Signed-off-by: Aofei Sheng <aofei@aofeisheng.com>
(cherry picked from commit 8d2c40cdac)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-18 12:53:42 -08:00
Pedro Tashima c236c9ff77
Update to v1.28.6 (#9260)
Signed-off-by: Pedro Tashima <pedro.tashima@suse.com>
Co-authored-by: Pedro Tashima <pedro.tashima@suse.com>
2024-01-18 10:15:30 -03:00
Vitor Savian 6224ea62af Error getting node in setEtcdStatusCondition
Signed-off-by: Vitor Savian <vitor.savian@suse.com>

Added retry and changed nodes for

Signed-off-by: Vitor Savian <vitor.savian@suse.com>
2024-01-12 17:39:45 -03:00
Brad Davidson 470bcd1bff Move proxy dialer out of init() and fix crash
* Fixes issue where proxy support only honored server address via K3S_URL, not CLI or config.
* Fixes crash when agent proxy is enabled, but proxy env vars do not return a proxy URL for the server address (server URL is in NO_PROXY list).
* Adds tests

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-12 10:41:28 -08:00
Pierre 04ce0ac0a9 Rebase & Squash (#9070)
Signed-off-by: Yodo <pierre@azmed.co>
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-01-12 10:41:28 -08:00
Derek Nola 4724315b8c
Pin opa version for missing dependency chain (#9216)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-01-12 08:14:21 -08:00
Brad Davidson 2858f89a5b Bump quic-go for CVE-2023-49295
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-11 16:29:20 -08:00
Brad Davidson b04e18c4a0 Enable network policy controller metrics
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit ab8d2f55b9)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-11 16:29:20 -08:00
Brad Davidson bda4b73493 Add e2e test for embedded registry mirror
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 6072476432)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-11 16:29:20 -08:00
Brad Davidson f3c6250b28 Add embedded registry implementation
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 37e9b87f62)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-11 16:29:20 -08:00
Brad Davidson ef4e7ae143 Add server CLI flag and config fields for embedded registry
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit ef90da5c6e)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-11 16:29:20 -08:00
Brad Davidson ece564ec93 Add ADR for embedded registry
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit b8f3967ad1)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-11 16:29:20 -08:00
Brad Davidson ea66fe65b4 Propagate errors up from config.Get
Fixes crash when killing agent while waiting for config from server

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 77846d63c1)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-11 16:29:20 -08:00
Brad Davidson a62ee4fd0d Move registries.yaml load into agent config
Moving it into config.Agent so that we can use or modify it outside the context of containerd setup

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 16d29398ad)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-11 16:29:20 -08:00
Brad Davidson ace1714e0c Pin images instead of locking layers with lease
Layer leases never did what we wanted anyways, and this is the new approved interface for ensuring that images do not get GCd

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 5c99bdd9bd)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-11 16:29:20 -08:00
Brad Davidson 3b863906e0 Fix OS PRETTY_NAME on tagged releases
These were always showing up as dev due to the build arg not being set by the drone step.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit eae221f9e5)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-11 16:29:20 -08:00
Brad Davidson ee85990a83 Add runtime checking of golang version
Forces other groups packaging k3s to intentionally choose to build k3s with an unvalidated golang version

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit b297996b92)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-11 16:29:20 -08:00
Lex Rivera 3be858a878 Add more paths to crun runtime detection (#9086)
* add usr/local paths for crun detection

Signed-off-by: Lex Rivera <me@lex.io>
(cherry picked from commit 5fe074b540)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-11 16:29:20 -08:00
Brad Davidson fa798ba272 Add support for containerd cri registry config_path
Render cri registry mirrors.x.endpoints and configs.x.tls into config_path; keep
using mirrors.x.rewrites and configs.x.auth those do not yet have an
equivalent in the new format.

The new config file format allows disabling containerd's fallback to the
default endpoint when using mirror endpoints; a new CLI flag is added to
control that behavior.

This also re-shares some code that was unnecessarily split into parallel
implementations for linux/windows versions. There is probably more work
to be done on this front but it's a good start.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit c45524e662)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-11 16:29:20 -08:00
Brad Davidson f95ab7aaf9 Fix nil map in full snapshot configmap reconcile
If a full reconcile wins the race against sync of an individual snapshot resource, or someone intentionally deletes the configmap, the data map could be nil and cause a crash.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 319dca3e82)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-11 16:29:20 -08:00
Brad Davidson fe19faaf9a Handle logging flags when parsing kube-proxy args
Also adds a test to ensure this continues to work.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit db7091b3f6)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-11 16:29:20 -08:00
Brad Davidson fc3136f54f Fix the OTHER log message that prints the wrong variable
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 1e663622d2)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-11 16:29:20 -08:00
Ivan Shapovalov 9d5950741e Dockerfile.dapper: set $HOME properly
`$HOME` refers to `$DAPPER_SOURCE`, which is set in the same expression
and is thus not visible at the time of substitution.

This problem is not immediately visible with Docker, Inc.'s docker
merely because it resets an unset `$HOME` to `/root` (but still breaking
the Go cache). Under podman, this problem is immediately visible because
an unset `$HOME` remains unset and subsequently breaks the `go generate`
invocation.

Fixes #9089.

Signed-off-by: Ivan Shapovalov <intelfx@intelfx.name>
(cherry picked from commit a7fe1aaaa5)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-11 16:29:20 -08:00
Brad Davidson 3248fd05c7 Add ServiceLB support for PodHostIPs FeatureGate
If the feature-gate is enabled, use status.hostIPs for dual-stack externalTrafficPolicy=Local support

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit a27d660a24)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-11 16:29:20 -08:00
Brad Davidson a503d13591 Remove GA feature-gates (#8970)
Remove KubeletCredentialProviders and JobTrackingWithFinalizers feature-gates, both of which are GA and cannot be disabled.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 231cb6ed20)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-01-11 16:29:20 -08:00
Vitor Savian 53c6e05ef5 Handle etcd status condition when cluster reset and disable etcd
Signed-off-by: Vitor Savian <vitor.savian@suse.com>

Set condition if node is unhealthy

Signed-off-by: Vitor Savian <vitor.savian@suse.com>
2024-01-09 12:00:45 -03:00
Manuel Buil 3d08cfd0fe Wait for taint to be gone in the node before starting the netpol controller
Signed-off-by: Manuel Buil <mbuil@suse.com>
2024-01-09 09:59:13 +01:00