github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,676 Commits
32 Branches
881 Tags
632 MiB
Commit Graph

2676 Commits (3b650c974df6d56864cc84e9bbe33d5711c58de1)

Author SHA1 Message Date
Brad Davidson 9360022bbe Wait for kubelet to update the Ready status before reading port 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-03-13 20:07:34 -07:00
Daishan Peng abda53075e Wait for kubelet port to be ready before setting 
Signed-off-by: Daishan Peng <daishan@acorn.io>
 2023-03-13 20:07:34 -07:00
Derek Nola 0cf6b03d07
Add dependabot (#7046) 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-03-13 09:40:16 -07:00
Derek Nola b2ae48984f
[Release-1.24] Bump various dependencies for CVEs (#7042) 
* Match golang.org/x/net with flannel version
* Match golang.org/x/sys with containerd version
* Update wrangler to 1.1.1
* Update gax-go to v2.1.1
* Isolate E2E terraform dependencies
* Bump containerd

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-03-13 09:36:32 -07:00
Roberto Bonafiglia cabeae0619
[Release 1.24] Update flannel and kube-router (#7063) 
* Update kube-router version to fix iptables rules

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>

* Update Flannel to v0.21.3

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>

---------

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2023-03-10 20:32:08 -08:00
Matt Trachier c14436a9ec
Update to v1.24.11-k3s1 (#7009) 
* Update to v1.24.11
* the go version will be updated to match upstream in dockerfiles and gh workflows
---------
Signed-off-by: matttrach <matttrach@gmail.com>
 2023-03-01 14:41:08 -06:00
Brad Davidson 4c03ae0af9 Bump kine to v0.9.9 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-23 17:19:43 -08:00
Brad Davidson 0f6e4dcee0 Add test for filterByIPFamily 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-21 14:14:15 -08:00
Brad Davidson 3709e8386c Fix ServiceLB dual-stack ingress IP listing 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-21 14:14:15 -08:00
Brad Davidson 74ed4bef61 Improve default umask for certs.sh 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-14 13:19:22 -08:00
Brad Davidson ecb5f5a2b5 Fix CACertPath stripping trailing path components 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-14 13:19:22 -08:00
Brad Davidson 8ae390ff82 Fix etcd member deletion 
Turns out etcd-only nodes were never running **any** of the controllers,
so allowing multiple controllers didn't really fix things.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-14 13:19:22 -08:00
Brad Davidson 77dbe648ad Allow for multiple sets of leader-elected controllers 
Addresses an issue where etcd controllers did not run on etcd-only nodes

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-10 12:26:09 -08:00
Roberto Bonafiglia dd71479e67 Update flannel to v0.21.1 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2023-02-10 20:07:50 +01:00
Paul Donohue c87d62490f Fix access to hostNetwork port on NodeIP when egress-selector-mode=agent 
Signed-off-by: Paul Donohue <git@PaulSD.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-10 09:43:58 -08:00
Brad Davidson 7ab75db48a Wait for server to become ready before creating token 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-10 09:34:10 -08:00
Brad Davidson 9f4a477c8c Add CI test 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit b43dd7746d)
 2023-02-10 09:34:10 -08:00
Brad Davidson 82a0c4e1f4 Add ADR 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit c900089e88)
 2023-02-10 09:34:10 -08:00
Brad Davidson 478dae4d3d Ensure that node exists when using node auth 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 87f9c4ab11)
 2023-02-10 09:34:10 -08:00
Brad Davidson 73460e28bf Add support for kubeadm token and client certificate auth 
Allow bootstrapping with kubeadm bootstrap token strings or existing
Kubelet certs. This allows agents to join the cluster using kubeadm
bootstrap tokens, as created with the `k3s token create` command.

When the token expires or is deleted, agents can successfully restart by
authenticating with their kubelet certificate via node authentication.
If the token is gone and the node is deleted from the cluster, node auth
will fail and they will be prevented from rejoining the cluster until
provided with a valid token.

Servers still must be bootstrapped with the static cluster token, as
they will need to know it to decrypt the bootstrap data.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 992e64993d)
 2023-02-10 09:34:10 -08:00
Brad Davidson f4fc44ec4a Add support for `k3s token` command 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 373df1c8b0)
 2023-02-10 09:34:10 -08:00
Brad Davidson a2e8484e67 Add e2e tests for CA cert rotation 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit be7f751863)
 2023-02-10 09:34:10 -08:00
Brad Davidson 0d9825aaf7 Add basic test for custom CA certs 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 8a6404f97c)
 2023-02-10 09:34:10 -08:00
Brad Davidson f1577befd0 Clarify ADR based on design review feedback 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 9b6b72941f)
 2023-02-10 09:34:10 -08:00
Brad Davidson c169c9cf20 Add ADR 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit f13768c247)
 2023-02-10 09:34:10 -08:00
Brad Davidson 6ae3370e28 Add `certificate rotate-ca` to write updated CA certs to datastore 
This command must be run on a server while the service is running. After this command completes, all the servers in the cluster should be restarted to load the new CA files.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 215fb157ff)
 2023-02-10 09:34:10 -08:00
Brad Davidson b88c3b8c95 Add utility functions for getting kubernetes client 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 3c324335b2)
 2023-02-10 09:34:10 -08:00
Brad Davidson 631847536c Fix CA cert hash for root certs 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 58d40327b4)
 2023-02-10 09:34:10 -08:00
Brad Davidson e62b921b4f Ensure cluster-signing CA files contain only a single CA cert 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 0919ec6755)
 2023-02-10 09:34:10 -08:00
Brad Davidson 09d38a2f0a Add example certificate generation script 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 1ec242d816)
 2023-02-10 09:34:10 -08:00
Brad Davidson ce0a03648d go generate 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-10 07:27:20 -08:00
Brad Davidson e0967ce763 Check for existing resources before creating them 
Prevents errors when starting with fail-closed webhooks

Also, use panic instead of Fatalf so that the CloudControllerManager rescue can handle the error

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-10 07:27:20 -08:00
Brad Davidson 89b5466a00 Use default address family when adding kubernetes service address to SAN list 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-09 11:56:42 -08:00
Brad Davidson 607ccbd49d
[release-1.24] Allow ServiceLB to honor `ExternalTrafficPolicy=Local` (#6908) 
* Bump wrangler version for EndpointSlice support

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 94d1a87509)

* Honor Service ExternalTrafficPolicy

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 369b81b45e)

* go generate

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 1c6fde9a52)
 2023-02-08 14:04:08 -08:00
Derek Nola c9f450b314
Ignore value conflicts when reencrypting secrets (#6918) 
* Ignore conflict secrets

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-02-08 10:45:13 -08:00
Derek Nola 3052853988
[Release-1.24] Consolidate E2E tests (#6888) 
* Consolidate E2E tests and GH Actions (#6772)

* Consolidate cluster reset and snapshot E2E tests
* Add more context to secrets-encryption test
* Reuse build workflow
* Convert updatecli to job level permissions
* Remove dweomer microos from E2E and install testing

Signed-off-by: Derek Nola <derek.nola@suse.com>

* E2E: Consoldiate docker and prefer bundled tests into new startup test (#6851)

* Convert docker E2E to startup E2E
* Move preferedbundled into the e2e startup test

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-02-07 09:25:27 -08:00
Derek Nola 1b5a3a5b2e
Wait for cri-dockerd socket (#6854) 
* Wait for cri-dockerd socket
* Consolidate cri utility functions

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-02-01 09:24:09 -08:00
Derek Nola f0ce56a02b
Standardize flag declaration (#6868) 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-02-01 09:23:34 -08:00
Derek Nola 564b825152
Fix cron example (#6865) 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-01-31 12:57:15 -08:00
Derek Nola 3a17fbada4
Bump vagrant boxes to fedora37 (#6832) (#6859) 
* Bump to generic/fedora37
* Disable sonobuoy on rootless

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-01-31 08:54:49 -08:00
Silvio Moioli 8e36b16568 Bugfix: do not break cert-manager when pprof is enabled (#6635) 
Signed-off-by: Silvio Moioli <silvio@moioli.net>
(cherry picked from commit 23c1040adb)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-26 17:36:55 -08:00
Brad Davidson be26a6e618 Set cri-dockerd version at build time 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-26 14:43:47 -08:00
Brad Davidson 3897a9e8d1 Bump cri-dockerd 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-26 14:43:47 -08:00
Brad Davidson 21b1da5848 Add jitter to scheduled snapshots and retry harder on conflicts 
Also ensure that the snapshot job does not attempt to trigger multiple concurrent runs, as this is not supported.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-26 14:31:25 -08:00
Brooks Newberry 546a94e9ae
V1.24.10 k3s1 (#6788) 2023-01-19 18:39:14 -08:00
Brooks Newberry a57c3171e6
drone correct plugins/docker tag supporting linux/arm (#6767) 2023-01-18 16:32:52 -08:00
Brad Davidson f7e375979f Fix CI tests 
* General cleanup of test-helpers functions to address CI failures
* Install awscli in test image
* Log containerd output to file even when running with --debug

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit f54b5e4fa0)
 2023-01-18 09:17:39 -08:00
github-actions[bot] 7c4c1da22e chore: Bump golang:alpine version (#6683) 
Made with ❤️️ by updatecli

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
(cherry picked from commit a4549cf989)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-18 09:17:39 -08:00
dependabot[bot] 5141a5b0f5 Bump ubuntu from 20.04 to 22.04 in /tests/e2e/scripts (#6686) 
Bumps ubuntu from 20.04 to 22.04.

---
updated-dependencies:
- dependency-name: ubuntu
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit d85952d6a0)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-18 09:17:39 -08:00
dependabot[bot] ccc9f904c6 Bump alpine from 3.16 to 3.17 in /conformance (#6687) 
Bumps alpine from 3.16 to 3.17.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit e53500f37f)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-18 09:17:39 -08:00