51f1a5a0ab
Review comments and fixes
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
1 year ago
42c2ac95e2
CLI + Backend for Secrets Encryption v3
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
1 year ago
b967f92785
Replace os.Write with AtomicWrite function
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
1 year ago
ced330c66a
[v1.28] CLI Removal for v1.28.0 ( #8203 )
...
* Remove deprecated flannel ipsec
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Remove multipart backend
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Fix secrets-encryption integration test flakiness
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
1 year ago
af50e1b096
Update to v1.28.0-k3s1 ( #8199 )
...
* Update to v1.28.0
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Update golang to v1.20.7
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* more changes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* update wrangler
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* update wrangler
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix nodepassword test
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix nodepassword test
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* disable CGO before running golangci-lint
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* execlude CGO Enabled checks
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Ignore reapply change error with logging
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Update google api client
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
---------
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
1 year ago
66bae3e326
Bump dynamiclistener for init deadlock fix
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
1 year ago
e83b1ba4aa
Fixed the etcd retention to delete orphaned snapshots based on the date ( #8177 )
...
* Fix retention using name instead of date
Signed-off-by: Vitor <vitor.savian@suse.com>
1 year ago
c97211866a
Fix for cluster-reset backup from s3 when etcd snapshots are disabled ( #8155 )
...
* Fixed when the user disable the etcd snapshots, but want to backup from s3
Signed-off-by: Vitor <vitor.savian@suse.com>
1 year ago
e551308db8
fix for etcd-snapshot delete with --etcd-s3 flag ( #8110 )
...
k3s etcd-snapshot save --etcd-s3 ... is creating a local snapshot and uploading it to s3 while k3s etcd-snapshot delete --etcd-s3 ... was deleting the snapshot only on s3 buckets, this commit change the behavior of delete to do it locally and on s3
Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
1 year ago
ca7aeed090
Etcd snapshots retention when node name changes ( #8099 )
...
Fixed the etcd retention to delete orphaned snapshots
Signed-off-by: Vitor <vitor.savian@suse.com>
1 year ago
aa76942d0f
Add FilterCN function to prevent SAN Stuffing
...
Wire up a node watch to collect addresses of server nodes, to prevent adding unauthorized SANs to the dynamiclistener cert.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
1 year ago
8c38d1169d
Merge pull request #8077 from manuelbuil/fixTailscale
...
Fix tailscale bug with ip modes
1 year ago
46cbbab263
Consolidate CopyFile functions ( #8079 )
...
* Consolidate CopyFile function
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Copy to File, not destination folder
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
1 year ago
59eec78c62
Fix tailscale bug with ip modes
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
1 year ago
f21ae1d949
Make apiserver egress args conditional on egress-selector-mode
...
Only configure enable-aggregator-routing and egress-selector-config-file
if required by egress-selector-mode.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
1 year ago
546dc247a0
Add support for `{{ template "base" . }}` in etc/containerd/config.toml.tmpl ( #7991 )
...
Signed-off-by: Simon Kirsten <simonkirsten24@gmail.com>
1 year ago
6d360e6473
Unit test for MustFindString ( #8013 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
1 year ago
be44243353
Adjust default kubeconfig file permissions ( #7978 )
...
* Adjust default kubeconfig permissions
Signed-off-by: Derek Nola <derek.nola@suse.com>
1 year ago
0b18a65d4f
Revert "Warn that v1.28 will deprecate reencrypt/prepare ( #7848 )"
...
This reverts commit 4ab01f3941
1 year ago
34617390d0
Generation of certificates and keys for etcd gated if etcd is disabled. ( #6998 )
...
Problem:
When support for etcd was added in 3957142
1 year ago
8405813c12
Fix rootless node password ( #7887 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
1 year ago
b9a2bf11ee
Support setting control server URL for Tailscale.
...
This change enables the use of Headscale - open source implementation of the Tailscale control server.
Signed-off-by: Denys Smirnov <dennwc@pm.me>
1 year ago
4ab01f3941
Warn that v1.28 will deprecate reencrypt/prepare ( #7848 )
...
* Warn that v1.28 will deprecate reencrypt/prepare
Signed-off-by: Derek Nola <derek.nola@suse.com>
1 year ago
6c44b06e0a
Merge pull request #7838 from manuelbuil/ipv4ipv6tailscale
...
Check if we are on ipv4, ipv6 or dualStack when doing tailscale
1 year ago
bca0adbca8
Fix code spell check
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
1 year ago
9c48d10eba
Merge pull request #7845 from manuelbuil/removeWinFile
...
Remove file_windows.go
1 year ago
7f50b40cfe
Fall back to basic/bearer auth when node identity auth is rejected
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
1 year ago
ce3443ddf6
Allow k3s to customize apiServerPort on helm-controller
...
Signed-off-by: Daishan Peng <daishan@acorn.io>
1 year ago
72d50b1f7c
Add `--data-dir` to the `k3s certificate rotate-ca` cli ( #7791 )
...
Need to add a cli flag for this. Also, should probably have config file loading support for the certificate commands.
Signed-off-by: leilei.zhai <leilei.zhai@qingteng.cn>
1 year ago
d593c83603
Remove file_windows.go
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
1 year ago
f21a01474d
Check if we are on ipv4, ipv6 or dualStack when doing tailscale
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
1 year ago
0809187cff
Adding cli to custom klipper helm image ( #7682 )
...
Adding cli to custom klipper helm image
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
1 year ago
2215870d5d
chore: pkg imported more than once
...
Signed-off-by: guoguangwu <guoguangwu@magic-shield.com>
1 year ago
43611bb5ad
Fix the error report
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
1 year ago
268c9a7684
Merge pull request #7352 from manuelbuil/vpnintegrations-afterparental
...
Integrate tailscale into k3s
1 year ago
869e030bdd
VPN PoC
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
1 year ago
dc6c569b98
Shortcircuit commands with version or help flags ( #7683 )
...
* Shortcircuit search with help and version flag
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Keep functions seperate
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
2 years ago
e5e1a674ce
Enable containerd aufs/devmapper/zfs snapshotter plugins
...
These were unintentionally dropped when moving containerd back into the main multicall binary
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
5170bc5a04
Improve error response logging
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
45d8c1a1a2
Soft-fail on node password verification if the secret cannot be created
...
Allows nodes to join the cluster during a webhook outage. This also
enhances auditability by creating Kubernetes events for the deferred
verification.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
b0188f5a13
Test Coverage Reports for E2E tests ( #7526 )
...
* Move coverage writer into agent and server
* Add coverage report to E2E PR tests
* Add codecov upload to drone
Signed-off-by: Derek Nola <derek.nola@suse.com>
2 years ago
b64a226ebd
Make LB image configurable when compiling k3s
...
It is no way we can configure the lb image because it is a const value.
It would be better that we make it variable value and we can override
the value like the `helm-controller` job image when compiling k3s/rke2
Signed-off-by: Yuxing Deng <jxfa0043379@hotmail.com>
2 years ago
64a5f58f1e
Create new kubeconfig for supervisor use
...
Only actual admin actions should use the admin kubeconfig; everything done by the supervisor/deploy/helm controllers will now use a distinct account for audit purposes.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
8748813a61
Use distinct clients for supervisor, deploy, and helm controllers
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
e9958cf070
Bump metrics-server to v0.6.3 and update tls-cipher-suites
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
93279d2f59
Bump klipper-lb to v0.4.4
...
Fixes issue with localhost access to ServiceLB when
ExternalTrafficPolicy=Local
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
0485a56f33
allow coredns override extensions
...
Signed-off-by: Andrew Roffey <andrew@roffey.au>
2 years ago
4aafff0219
Wrap error stating that it is coming from netpol
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2 years ago
8f450bafe1
Bump helm-controller version for repo auth/ca support
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
607cbf0ad6
Bump containerd to v1.7.0 and move back into multicall binary
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
Derek Nola