c6392c9ffc
Fix issue that caused passwd file and psk to be regenerated when rotating CA certs
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-10-08 17:03:31 -07:00
b1a42e5d43
Add ca-cert rotation integration test
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-10-08 17:03:31 -07:00
e9c529530c
chore: Bump Trivy version ( #10996 )
...
Made with ❤️ ️ by updatecli
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2024-10-07 13:38:24 -07:00
0826ebc142
Fix race condition when multiple nodes reconcile S3 snapshots
...
Don't delete s3 etcdsnapshotfiles if they are missing from s3 but less than a minute old, its possible the other node just finished uploading it and the object key has not yet become visible.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-10-07 11:11:58 -07:00
38d13e03d9
Allow additional Rootless CopyUpDirs through K3S_ROOTLESS_COPYUPDIRS env variable ( #10386 )
...
Signed-off-by: Ludo Stellingwerff <ludo.stellingwerff@gmail.com>
2024-10-07 09:38:11 -07:00
0942e6a0c5
Fix sqlite endpoint when migrating from sqlite to etcd
...
Support for 'sqlite' as the endpoint was removed in
https://github.com/k3s-io/kine/pull/320 and the constant removed in
https://github.com/k3s-io/kine/pull/325
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-10-03 10:54:03 -07:00
c9e7b05971
Bump kine
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-10-03 10:54:03 -07:00
f288ccea7e
Remove trailing whitespace ( #9362 )
...
* Remove trailing whitespace from install.sh
Signed-off-by: Papiris <contributions@ingeniorskap.no>
* Update install.sh.sha256sum
Signed-off-by: Papiris <contributions@ingeniorskap.no>
---------
Signed-off-by: Papiris <contributions@ingeniorskap.no>
2024-10-02 09:51:11 -07:00
7ca021ea89
Update README.md ( #10523 )
...
Half of 8 is 3, in a way.
Signed-off-by: jonarmani <3901100+jonarmani@users.noreply.github.com>
2024-10-02 09:50:45 -07:00
cd02fdfa39
Bump to new wharfie version ( #10971 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-10-02 08:58:08 -07:00
1ff43bf07f
Add user path to runtimes search
...
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
2024-10-02 09:52:11 -03:00
ab89363e18
Fix trivy vex line ( #10970 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-10-01 15:06:49 -07:00
0553a1a1d9
Pass Rancher's VEX report to Trivy to remove known false-positives CVEs ( #10956 )
...
Signed-off-by: Guilherme Macedo <guilherme@gmacedo.com>
2024-10-01 17:20:35 -04:00
6c6d87d1b0
Bump traefik to chart 27.0.2 / appVersion v2.11.10
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-09-30 12:49:18 -07:00
a809749edc
chore: Bump Trivy version ( #10924 )
...
Made with ❤️ ️ by updatecli
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2024-09-30 12:40:13 -07:00
2739f50d77
Trivy workflow: Checkout repo to use gh cli ( #10949 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-09-25 13:20:26 -07:00
97e8486032
Fix trivy report download ( #10943 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-09-25 10:09:09 -07:00
cda31ebd67
Bump kine to v0.13.0
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-09-25 10:02:04 -07:00
3a268acb78
Check k3s-io organization membership not team membership for trivy scans ( #10940 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-09-24 14:37:32 -07:00
6731f4a70d
Fix getMembershipForUserInOrg call ( #10937 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-09-24 13:06:27 -07:00
005711fad6
Breakup trivy scan and check comment author ( #10935 )
...
* Check comment author on trivy scan
* Breakup trivy workflow for better permission security
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-09-24 12:10:31 -07:00
ed14f7f863
Use static CNI bin dir
...
Maintain a separate dir for CNI binaries so that additional plugins can be installed in a predictable location that does not change every time k3s is upgraded.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-09-23 11:31:54 -07:00
ea5add3c3b
update stable channel tov1.30.5+k3s1 ( #10921 )
2024-09-23 07:10:06 -07:00
40eda6a823
Add MariaDB to E2E ( #10724 )
...
* add mariadb to Validate and Upgrade E2E tests
Signed-off-by: robertsilen <robert.silen@iki.fi>
Signed-off-by: Robert Silén <robert.silen@iki.fi>
Co-authored-by: Derek Nola <derek.nola@suse.com>
2024-09-19 08:40:02 -07:00
7d66fa7ffa
update kubernetes to v1.31.1-k3s3
...
Signed-off-by: Brooks Newberry <brooks@newberry.com>
2024-09-18 10:47:29 -07:00
e6d1cf1009
chore: Bump Trivy version ( #10899 )
...
Made with ❤️ ️ by updatecli
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2024-09-17 10:03:23 -07:00
483d76b34a
Add int test for flannel-ipv6masq
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2024-09-17 12:00:33 +02:00
13612ef376
chore: Bump Trivy version ( #10863 )
...
Made with ❤️ ️ by updatecli
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2024-09-12 09:37:49 -07:00
d6c20b7452
Fix hosts.toml header var
...
Resolves issue from 270f85e468
2024-09-10 14:59:41 -07:00
61c7011cab
Give good report if no CVEs found in trivy ( #10853 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-09-06 14:58:26 -07:00
c4c11e51f1
add node-internal-dns/node-external-dns address pass-through support ( #10852 )
...
* add --node-internal-dns and --node-external-dns
Signed-off-by: Arne Winter <github@arnewinter.dev>
Co-authored-by: Brad Davidson <brad@oatmail.org>
2024-09-06 14:15:19 -07:00
216c3671b7
Remove otelgrpc pinned dependency ( #10799 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-09-06 10:56:55 -07:00
270f85e468
Only clean up containerd hosts dirs managed by k3s
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-09-05 17:21:55 -07:00
378edb939d
Tag PR image build as latest before scanning
...
This is less effort than passing the tag across steps 🤷♂️
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-09-05 15:21:56 -07:00
662799feec
Bump helm-controller for skip-verify/plain-http and updated tolerations
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-09-05 15:21:42 -07:00
d746073bd0
Bump containerd to v1.7.21, runc to v1.1.14
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-09-05 11:03:31 -07:00
29e25a61e6
Add channel for v1.31
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-09-05 08:50:04 -07:00
36282dc39b
Launch private registry with init so the container can be killed on cleanup ( #10822 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-09-04 16:22:24 -07:00
3d6e4a793a
Fix /trivy action running against target branch instead of PR branch
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-09-04 15:57:39 -07:00
de4bb2e13c
chore: Update sonobuoy image versions ( #10792 )
...
Made with ❤️ ️ by updatecli
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2024-09-04 14:00:09 -07:00
28ceeec489
Update CNI plugins version
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2024-09-04 15:40:46 +02:00
dacc636cf4
Bump aquasecurity/trivy-action from 0.20.0 to 0.24.0 ( #10795 )
...
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action ) from 0.20.0 to 0.24.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases )
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.20.0...0.24.0 )
---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-03 09:14:54 -07:00
254c16fdd5
Cover edge case when on new minor release for E2E upgrade test ( #10781 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-09-03 09:13:34 -07:00
fa6940d03d
Add trivy scanning trigger for PRs ( #10758 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-08-30 09:00:50 -07:00
0b4d2497e5
Update coredns to 1.11.3 and metrics-server to 0.7.2
...
Used https://github.com/coredns/corefile-migration to
migrate the corefile. There are no changes for the
default file from 1.10.1 to 1.11.3.
Notable plugin changes include the k8s_external with fallthrough option
and rewrite with cname_target option.
These changes are not part of the default config that ships
with k3s. Customers using these two plugins can start using the new options
Metrics does not have any new features other than build tooling updates.
Requires https://github.com/rancher/image-mirror/pull/704
Signed-off-by: Harsimran Singh Maan <maan.harry@gmail.com>
2024-08-29 15:00:45 -07:00
bd45aa5c45
Bump traefik to v2.11.8
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-08-29 14:02:58 -07:00
9a69ecd58c
Update kubernetes to v1.31.0-k3s3 ( #10764 )
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2024-08-29 23:56:56 +03:00
85e02e10d7
Remove secrets encryption controller ( #10612 )
...
* Remove secrets encryption controller
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-08-26 08:31:49 -07:00
fc2eb49e38
Fix deploy latest commit on E2E tests ( #10725 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-08-26 08:22:42 -07:00
54e3b44147
update stable channel to v1.30.4+k3s1 ( #10739 )
...
Signed-off-by: Brooks Newberry <brooks@newberry.com>
2024-08-22 18:41:54 -07:00
Brad Davidson