Commit Graph

3225 Commits (3d14092f76f27f4978968597174707a5cb2a80e7)

Author SHA1 Message Date
Derek Nola 75ccaf9942 Allow non-sudo vagrant
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-03-06 14:04:05 -08:00
Brad Davidson 6f331ea7b5 Include flannel version in flannel cni plugin version
We were misreporting the flannel version as the flannel cni plugin version; restore the actual flannel version as build metadata

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-06 09:46:48 -08:00
github-actions[bot] d37d7a40da
Bump Trivy version (#9528)
Made with ❤️️ by updatecli

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2024-03-06 08:52:55 -08:00
Roberto Bonafiglia 88c431aea5 Adjust first node-ip based on configured clusterCIDR
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2024-03-06 11:10:41 +01:00
Manuel Buil 1fe0371e95 Improve tailscale e2e test
Signed-off-by: Manuel Buil <mbuil@suse.com>
2024-03-06 08:26:36 +01:00
Rishikesh Nair 82cfacb2f3 Update contrib/util/check-config.sh
Co-authored-by: Brad Davidson <brad@oatmail.org>
Signed-off-by: Rishikesh Nair <42700059+rishinair11@users.noreply.github.com>
2024-03-05 15:10:36 -08:00
Rishikesh Nair ce0765c9f8 Rename `RAW_OUTPUT` -> `NO_COLOR`
Also, if NO_COLOR is empty, output will be colored, otherwise not colored.

Signed-off-by: Rishikesh Nair <alienware505@gmail.com>
2024-03-05 15:10:36 -08:00
Rishi ff7cfa2235 Disable color outputs using RAW_OUTPUT env var
Setting this environment variable will not wrap the text in color ANSI code, so that we can print a raw output.

Signed-off-by: Rishikesh Nair <alienware505@gmail.com>
2024-03-05 15:10:36 -08:00
Vitor Savian 59c724f7a6 Fix wildcard with embbeded registry test
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-05 14:38:36 -08:00
Flavio Castelli f82d438f39 e2e tests: cover WebAssembly integration
Add a e2e test that runs some demo WebAssembly applications
using the dedicated containerd shims.

Note: this is not an integration test because we need to install some
binaries (the special containerd shims) on the host.

Signed-off-by: Flavio Castelli <fcastelli@suse.com>
2024-03-05 13:12:08 -08:00
Flavio Castelli 64e4f0e6e7 fix: use correct wasm shims names
Fix the wasm shim detection and the containerd configuration generation.

Prior to this commit, the binary and the `RuntimeType` values were not
correct.

Signed-off-by: Flavio Castelli <fcastelli@suse.com>
2024-03-05 13:12:08 -08:00
Tal Yitzhak 2c4773a5aa
chore(deps): Remediating CVEs found by trivy; CVE-2023-45142 on otelrestful and CVE-2023-48795 on golang.org/x/crypto (#9513)
Signed-off-by: Tal Yitzhak <taly@lightrun.com>
Co-authored-by: Tal Yitzhak <taly@lightrun.com>
2024-03-05 10:56:38 -08:00
Brad Davidson 091a5c8965 Don't register embedded registry address as an upstream registry
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-04 15:11:26 -08:00
Brad Davidson b5a4846e9d Remove filtering of wildcard mirror entry
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-04 15:11:26 -08:00
Brad Davidson 84a071a81e Add env var to allow spegel mirroring of `latest` tag
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-04 15:11:26 -08:00
Philip Laine 26feb25c40 Bump spegel to v0.0.18-k3s4
Signed-off-by: Philip Laine <philip.laine@gmail.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-04 15:11:26 -08:00
Brad Davidson 88d30f940d Use and version flannel/cni-plugin properly
Moves us closer to using the proper upstream for our flannel CNI plugin, instead of the snapshot that is vendored into our plugins fork.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-04 13:36:13 -08:00
Brad Davidson 0b3593205a Move snapshot-retention to EtcdSnapshotFlags in order to support loading from config
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-04 12:09:29 -08:00
Brad Davidson 3576ed4327 Clean up snapshotDir create/exists logic
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-04 12:09:29 -08:00
Brad Davidson b164d7a270 Fix additional corner cases in registries handling
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-04 11:59:33 -08:00
Derek Nola 29c73e6965
Fix setup-go typos (#9634)
* Fix setup-go typos

Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-03-04 10:18:36 -08:00
Derek Nola 935ad1dbac
Move docker tests into tests folder (#9555)
* Move docker tests into tests folder
* Remove old test certs
* Update TESTING.md with docker test inf

Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-03-04 09:15:40 -08:00
Derek Nola 138a107f4c
Reenable Install and Snapshotter Testing (#9601)
* Use regular ubuntu runners for install and snapshotter tests
* Workaround for vagrant box caching
* Update testing readme
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-03-04 09:11:04 -08:00
Brooks Newberry 81a60de256
update stable channel to v1.28.7+k3s1 (#9615) 2024-03-01 14:40:41 -08:00
Brad Davidson 109e3e454c Bump helm-controller/klipper-helm versions
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-01 13:55:36 -08:00
Brad Davidson 82432a2df7 Fix issue with etcd node name missing hostname
* Set ServerNodeName in snapshot CLI setup
* Raise errer if ServerNodeName ends up empty some other way
* Fix status controller to use etcd node name annotation instead of prefix checking

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-01 13:52:53 -08:00
Brad Davidson 513c3416e7 Tweak netpol node wait logs
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-01 12:01:34 -08:00
Brad Davidson be569f65a9 Fix NodeHosts on dual-stack clusters
* Add both dual-stack addresses to the node hosts file
* Add hostname to hosts file as alias for node name to ensure consistent resolution

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-01 11:59:59 -08:00
Edgar Lee 8c83b5e0f3 Rootless mode also bind service nodePort to host for LoadBalancer type
Signed-off-by: Edgar Lee <edgarhinshunlee@gmail.com>
2024-03-01 10:43:19 -08:00
Derek Nola 3e948aa0d5
Correct formatting of GH PR sha256sum artifact (#9472)
* Conform to how the install script wants the sha256sum name
* Remove no-op sed for GH PR install

Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-03-01 08:45:01 -08:00
Derek Nola 8f777d04f8
Better GitHub CI caching strategy for golang (#9495)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-03-01 08:41:09 -08:00
Manuel Buil 736fb2bc8d Add an integration test for flannel-backend=none
Signed-off-by: Manuel Buil <mbuil@suse.com>
2024-03-01 12:08:09 +01:00
Manuel Buil 3b4f13f28d Update klipper-lb image version
Signed-off-by: Manuel Buil <mbuil@suse.com>
2024-03-01 11:28:12 +01:00
Derek Nola fa37d03395
Update install test OS matrix (#9480)
* Remove old cgroupsv2 test
* Consolidate install test clauses into functions
* Unpin vagrant-k3s plugin version, run latest
* Add ubuntu-2204 as install test, remove ubuntu-focal
* Update nightly install matrix
* Move to Leap 15.5
* Consolidate vagrant box caching key to improve cache hits on all VM testing

Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-02-29 15:41:56 -08:00
Derek Nola 922c5a6bed
Unit Testing Matrix and Actions bump (#9479)
cache is now on by default

Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-02-29 15:41:05 -08:00
Derek Nola 57e11c72d1
Testing ADR (#9562)
* Update contributing with new links
* Testing ADR

Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-02-29 15:36:11 -08:00
Brad Davidson 86f102134e Fix netpol startup when flannel is disabled
Don't break out of the poll loop if we can't get the node, RBAC might not be ready yet.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-02-26 14:58:48 -08:00
Brad Davidson fae0d99863 Use 3/2/1 cluster for split role test
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-02-21 12:21:19 -08:00
Derek Nola f90fd7b744 Change default number of etcd nodes in E2E splitserver test
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-02-21 12:21:19 -08:00
Derek Nola fae41a8b2a Rename AgentReady to ContainerRuntimeReady for better clarity
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-02-21 12:21:19 -08:00
Derek Nola 91cc2feed2 Restore original order of agent startup functions
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-02-21 12:21:19 -08:00
Brooks Newberry 1c1746114c
remove e2e logs drone step (#9517)
Signed-off-by: Brooks Newberry <brooks@newberry.com>
2024-02-16 06:32:55 -08:00
Derek Nola 085ccbb0ac
Fix drone publish for arm (#9503)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-02-15 16:53:10 -08:00
Brooks Newberry 3e13e3619c
Update Kubernetes to v1.29.2 (#9493)
Signed-off-by: Brooks Newberry <brooks@newberry.com>
2024-02-15 12:48:20 -08:00
Brad Davidson de825845b2 Bump kine and set NotifyInterval to what the apiserver expects
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-02-09 14:22:38 -08:00
Edgar Lee 0ac4c6a056 Expose rootless containerd socket directories for external access
Signed-off-by: Edgar Lee <edgarhinshunlee@gmail.com>
2024-02-09 14:22:03 -08:00
Edgar Lee 14c6c63b30 Expose rootless state dir under ~/.rancher/k3s/rootless
Signed-off-by: Edgar Lee <edgarhinshunlee@gmail.com>
2024-02-09 14:21:52 -08:00
Oleg Matskiv e3b237fc35 Don't verify the node password if the local host is not running an agent
Signed-off-by: Oleg Matskiv <oleg.matskiv@gmail.com>
2024-02-09 14:21:43 -08:00
Mikhail Vorobyov 701e7e45ce Fix iptables check when sbin isn't in user PATH
Signed-off-by: Mikhail Vorobyov <mikhail.vorobev@uni.lu>
2024-02-09 13:59:47 -08:00
Derek Nola fa11850563
Readd `k3s secrets-encrypt rotate-keys` with correct support for KMSv2 GA (#9340)
* Reorder copy order for caching
* Enable longer http timeout requests

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Setup reencrypt controller to run on all apiserver nodes
* Fix reencryption for disabling secrets encryption, reenable drone tests
2024-02-09 11:37:37 -08:00