* Remove objects when removed from manifests
If a user puts a file in /var/lib/rancher/k3s/server/manifests/ then the
objects contained therein are deployed to the cluster. If the objects
are removed from that file, they are not removed from the cluster.
This change tracks the GVKs in the files and will remove objects when
there are removed from the cluster.
Signed-off-by: Donnie Adams <donnie.adams@suse.com>
(cherry picked from commit c38a8c3b43)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Reduces code complexity a bit and ensures we don't have to handle closed watch channels on our own
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 13ca10664f)
This gives nicer errors from Kubernetes components during startup, and
reduces LOC a bit by using the upstream responsewriters module instead
of writing the headers and body by hand.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 3d01ca1309)
Also update cert gen to ensure leaf certs are regenerated if other key fields change.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 99851b0f84)
Don't hardcode the event namespace when creating event recorders; some controllers want to create events in other namespaces.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 965d0a08ef)
Also add event support to increase visibility of change events.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 44c53743dd)
* Update to v1.22.9
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Update tags to k3s-io for v1.22.9
Signed-off-by: Derek Nola <derek.nola@suse.com>
* netpol: Add dual-stack support
This change allows to define two cluster CIDRs for compatibility with
Kubernetes dual-stuck, with an assumption that two CIDRs are usually
IPv4 and IPv6.
It does that by levearaging changes in out kube-router fork, with the
following downstream release:
https://github.com/k3s-io/kube-router/releases/tag/v1.3.2%2Bk3s
Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add s390x arch support for k3s (#5018)
* Update docs to include s390x arch
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Add s390x drone pipeline
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Install trivy linux arch only for amd64
This is done so that trivy is not installed for s390x arch
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Add s390x arch if condition for Dockerfile.test
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Add s390x arch in install script
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Add s390x GOARCH in build script
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Add SUFFIX s390x in scripts
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Skip image scan for s390x arch
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Update klipper-lb to version v0.3.5
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Update traefik version to v2.6.2
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Update registry to v2.8.1 in tests which supports s390x
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Skip compact tests for s390x arch
This is done because compact test require a previous k3s version which supports s390x and it is not available
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Increase k3s-root version to v0.10.0 which includes s390x support
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Michal Rostecki <vadorovsky@gmail.com>
Co-authored-by: Sakala Venkata Krishna Rohit <rohitsakala@gmail.com>
This change allows to define two cluster CIDRs for compatibility with
Kubernetes dual-stuck, with an assumption that two CIDRs are usually
IPv4 and IPv6.
It does that by levearaging changes in out kube-router fork, with the
following downstream release:
https://github.com/k3s-io/kube-router/releases/tag/v1.3.2%2Bk3s
Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
Also update cert gen to ensure leaf certs are regenerated if other key fields change.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 99851b0f84)
This controller only needs to run when using managed etcd, so move it in
with the rest of the etcd stuff. This change also modifies the
controller to only watch the Kubernetes service endpoint, instead of
watching all endpoints in the entire cluster.
Fixes an error message revealed by use of a newer grpc client in
Kubernetes 1.24, which logs an error when the Put to etcd failed because
kine doesn't support the etcd Put operation. The controller shouldn't
have been running without etcd in the first place.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit f37e7565b8)
Don't attempt to retrieve snapshot metadata configmap if the apiserver
isn't available. This could be triggered if the cron expression caused a
snapshot to be triggered before the apiserver is up.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 2a429aac65)
This is required to make the websocket tunnel server functional on
etcd-only nodes, and will save some code on the RKE2 side once pulled
through.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit af0b496ef3)
Ideally we'd have fully fleshed out support for it (i.e. #5011), but
that's a potentially breaking change and taking a little while to merge.
This is a much simpler change which won't break anything, but will allow
a "Type": "wireguard" reference in the "--flannel-conf" custom config
file to work.
Signed-off-by: Euan Kemp <euank@euank.com>
Brad Davidson