Commit Graph

3358 Commits (38d13e03d9ffa05e96350398a8068382554fca4a)

Author SHA1 Message Date
Brad Davidson 7f659759dd Add certificate expiry check and warnings
* Add ADR
* Add `k3s certificate check` command.
* Add periodic check and events when certs are about to expire.
* Add metrics for certificate validity remaining, labeled by cert subject

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-28 12:05:21 -07:00
Derek Nola 6624273a97 Fix embeddedmirror test
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-03-28 10:12:54 -07:00
Derek Nola 93bcaccad1 E2E setup: Only install jq when we need it
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-03-28 10:12:54 -07:00
Derek Nola c98ca14198 Add wasm test to e2e matrix
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-03-28 10:12:54 -07:00
Derek Nola 6a42c6fcfe
Remove old pinned dependencies (#9806)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-03-28 10:09:48 -07:00
Derek Nola 14f54d0b26
Transition from deprecated pointer library to ptr (#9801)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-03-28 10:07:02 -07:00
Vitor Savian 5d69d6e782 Add tls for kine
Signed-off-by: Vitor Savian <vitor.savian@suse.com>

Bump kine

Signed-off-by: Vitor Savian <vitor.savian@suse.com>

Add integration tests for kine with tls

Signed-off-by: Vitor Savian <vitor.savian@suse.com>
2024-03-28 11:12:07 -03:00
Brad Davidson c51d7bfbd1 Add health-check support to loadbalancer
* Adds support for health-checking loadbalancer servers. If a
  health-check fails when dialing, all existing connections to the
  server will be closed.
* Wires up a remotedialer tunnel connectivity check as the health check
  for supervisor/apiserver connections.
* Wires up a simple ping request to the supervisor port as the health
  check for etcd connections.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-27 16:50:27 -07:00
Brad Davidson edb0440017 Fix etcd snapshot reconcile for agentless nodes
Disable cleanup of orphaned snapshots and patching of node annotations if running agentless

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-27 16:44:36 -07:00
Brad Davidson 7474a6fa43 Add /etc/passwd and /etc/group to k3s docker image
Fixes `cannot find name for user ID 0: No such file or directory` errors when checking user info in docker image

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-27 16:41:46 -07:00
Brian Downs 6c52235848
update channel server (#9808) 2024-03-27 14:28:39 -07:00
Derek Nola c47c85e5da
Move to ubuntu 23.10 for E2E tests (#9755)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-03-27 09:55:13 -07:00
github-actions[bot] b5d0d4ee21
Bump Trivy version (#9780)
Made with ❤️️ by updatecli

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2024-03-27 09:20:44 -07:00
Derek Nola 41377540fd
Use ubuntu latest for better golang caching keys (#9711)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-03-27 09:19:56 -07:00
Derek Nola 5461c3e1c1 Bump k3s-root
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-03-27 09:19:37 -07:00
Vitor Savian 3f649e3bcb Add a new error when kine is with disable apiserver or disable etcd
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
2024-03-27 10:59:34 -03:00
Brad Davidson f099bfa508 Fix error when image has already been pulled
CRI and containerd APIs disagree about the registry names - CRI supports
index.docker.io as an alias for docker.io, while containerd does not.
Use the actual stored RepoTag to determine what image to ask containerd for.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-26 16:19:40 -07:00
Brad Davidson 65cd606832 Respect cloud-provider fields set by kubelet
Don't clobber the providerID field and instance-type/region/zone labels if provided by the kubelet. This allows the user to set these to the correct values when using the embedded CCM in a real cloud environment.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-26 16:18:34 -07:00
Brad Davidson d7cdbb7d4d Send error response if member list cannot be retrieved
Prevents joining nodes from being stuck with bad initial member list if there is a transient failure, or if they try to join themselves

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-26 15:17:15 -07:00
Brad Davidson 7a2a2d075c Move error response generation code into util
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-26 15:17:15 -07:00
Brian Downs 8aecc26b0f
Update to v1.29.3-k3s1 and Go 1.21.8 (#9747) 2024-03-17 13:33:54 -07:00
Brad Davidson bba3e3c66b Fix wildcard entry upstream fallback
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-12 23:31:16 -07:00
Derek Nola 364dfd8b89 Fix flaky check in btrfs test
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-03-08 10:54:28 -08:00
Derek Nola 21c170512c Fix e2e vagrant cacheing
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-03-08 10:54:28 -08:00
Derek Nola aea81c0822 Run docker tests in E2E GH Action
Build image with new input option
Run most of the basic docker tests in E2E
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-03-08 10:54:28 -08:00
John ec5d34dac0
remove repetitive words (#9671)
Signed-off-by: hishope <csqiye@126.com>
2024-03-08 09:44:16 -08:00
Brad Davidson fe2ca9ecf1 Warn and suppress duplicate registry mirror endpoints
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-07 16:30:06 -08:00
Derek Nola 9bd4c8a9fc
Bump upload and download actions to v4 (#9666)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-03-07 15:56:43 -08:00
Brad Davidson 2a091a693a Bump metrics-server to v0.7.0
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-07 12:45:29 -08:00
Derek Nola 1c8be1d011 Improve E2E Aftersuite cleanup
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-03-06 14:04:05 -08:00
Derek Nola af4c51bfc3 Move to ubuntu 2204 for all E2E tests
Simplify node roles

Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-03-06 14:04:05 -08:00
Derek Nola da7312d082 Convert snapshotter test in e2e test
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-03-06 14:04:05 -08:00
Derek Nola d022a506d5 Migrate E2E tests to GitHub Actions
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-03-06 14:04:05 -08:00
Derek Nola 75ccaf9942 Allow non-sudo vagrant
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-03-06 14:04:05 -08:00
Brad Davidson 6f331ea7b5 Include flannel version in flannel cni plugin version
We were misreporting the flannel version as the flannel cni plugin version; restore the actual flannel version as build metadata

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-06 09:46:48 -08:00
github-actions[bot] d37d7a40da
Bump Trivy version (#9528)
Made with ❤️️ by updatecli

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2024-03-06 08:52:55 -08:00
Roberto Bonafiglia 88c431aea5 Adjust first node-ip based on configured clusterCIDR
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2024-03-06 11:10:41 +01:00
Manuel Buil 1fe0371e95 Improve tailscale e2e test
Signed-off-by: Manuel Buil <mbuil@suse.com>
2024-03-06 08:26:36 +01:00
Rishikesh Nair 82cfacb2f3 Update contrib/util/check-config.sh
Co-authored-by: Brad Davidson <brad@oatmail.org>
Signed-off-by: Rishikesh Nair <42700059+rishinair11@users.noreply.github.com>
2024-03-05 15:10:36 -08:00
Rishikesh Nair ce0765c9f8 Rename `RAW_OUTPUT` -> `NO_COLOR`
Also, if NO_COLOR is empty, output will be colored, otherwise not colored.

Signed-off-by: Rishikesh Nair <alienware505@gmail.com>
2024-03-05 15:10:36 -08:00
Rishi ff7cfa2235 Disable color outputs using RAW_OUTPUT env var
Setting this environment variable will not wrap the text in color ANSI code, so that we can print a raw output.

Signed-off-by: Rishikesh Nair <alienware505@gmail.com>
2024-03-05 15:10:36 -08:00
Vitor Savian 59c724f7a6 Fix wildcard with embbeded registry test
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-05 14:38:36 -08:00
Flavio Castelli f82d438f39 e2e tests: cover WebAssembly integration
Add a e2e test that runs some demo WebAssembly applications
using the dedicated containerd shims.

Note: this is not an integration test because we need to install some
binaries (the special containerd shims) on the host.

Signed-off-by: Flavio Castelli <fcastelli@suse.com>
2024-03-05 13:12:08 -08:00
Flavio Castelli 64e4f0e6e7 fix: use correct wasm shims names
Fix the wasm shim detection and the containerd configuration generation.

Prior to this commit, the binary and the `RuntimeType` values were not
correct.

Signed-off-by: Flavio Castelli <fcastelli@suse.com>
2024-03-05 13:12:08 -08:00
Tal Yitzhak 2c4773a5aa
chore(deps): Remediating CVEs found by trivy; CVE-2023-45142 on otelrestful and CVE-2023-48795 on golang.org/x/crypto (#9513)
Signed-off-by: Tal Yitzhak <taly@lightrun.com>
Co-authored-by: Tal Yitzhak <taly@lightrun.com>
2024-03-05 10:56:38 -08:00
Brad Davidson 091a5c8965 Don't register embedded registry address as an upstream registry
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-04 15:11:26 -08:00
Brad Davidson b5a4846e9d Remove filtering of wildcard mirror entry
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-04 15:11:26 -08:00
Brad Davidson 84a071a81e Add env var to allow spegel mirroring of `latest` tag
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-04 15:11:26 -08:00
Philip Laine 26feb25c40 Bump spegel to v0.0.18-k3s4
Signed-off-by: Philip Laine <philip.laine@gmail.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-04 15:11:26 -08:00
Brad Davidson 88d30f940d Use and version flannel/cni-plugin properly
Moves us closer to using the proper upstream for our flannel CNI plugin, instead of the snapshot that is vendored into our plugins fork.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-04 13:36:13 -08:00