Commit Graph

3054 Commits (57482a1c1bb9c67b5f893418a114edca1004258e)

Author SHA1 Message Date
Derek Nola 86e36225f5
Consolidate E2E tests and GH Actions (#6772)
* Consolidate cluster reset and snapshot E2E tests
* Add more context to secrets-encryption test
* Reuse build workflow
* Convert updatecli to job level permissions
* Remove dweomer microos from E2E and install testing

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-01-27 09:01:13 -08:00
Hrittik Roy 808c71a63e
Add Ayedo (#6801)
Signed-off-by: Hrittik Roy <67012359+hrittikhere@users.noreply.github.com>
2023-01-27 11:37:44 -05:00
Derek Nola 75f77ab951
E2E Rancher and Hardened script improvements (#6778)
* Improve test-pad rancher script

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Improve hardened script and added kube-bench utility script

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Apply same audits for 1.22 and older

Signed-off-by: Derek Nola <derek.nola@suse.com>

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-01-26 18:17:33 -08:00
Brooks Newberry f0655f153e
update stable channel to v1.25.6+k3s1 (#6828) 2023-01-26 18:09:46 -08:00
Brad Davidson 3cb6fa5cc7 Set cri-dockerd version at build time
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-26 14:32:28 -08:00
Brad Davidson f72649d1bd Bump cri-dockerd
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-26 14:32:28 -08:00
Brad Davidson 89f7062431 Add build tag to disable cri-dockerd
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-26 14:29:18 -08:00
Brooks Newberry f10af367c3
Update to v1.26.1-k3s1 (#6774) 2023-01-19 07:56:32 -08:00
Brooks Newberry f19892c2d2
drone correct plugins/docker tag supporting linux/arm (#6769) 2023-01-18 12:38:51 -08:00
Derek Nola 291f8bfe00
Slow dependency CI to weekly (#6764)
* Add labels to updatecli PRs
* Run weekly

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-01-18 09:39:46 -08:00
ShylajaDevadiga 2007cdd54f
generate report and upload test results (#6737)
Signed-off-by: ShylajaDevadiga <shylaja.devadiga@suse.com>

Signed-off-by: ShylajaDevadiga <shylaja.devadiga@suse.com>
Co-authored-by: ShylajaDevadiga <shylaja.devadiga@suse.com>
2023-01-18 09:34:52 -08:00
Derek Nola 7bbcac92fd
Bump download action to v3 (#6746)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-01-17 11:04:34 -08:00
Nikolai Shields d71ab6317e
Update stable to 1.25.5+k3s2 (#6753) 2023-01-14 12:12:51 -06:00
Brad Davidson f54b5e4fa0 Fix CI tests
* General cleanup of test-helpers functions to address CI failures
* Install awscli in test image
* Log containerd output to file even when running with --debug

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-13 17:22:25 -08:00
Silvio Moioli 23c1040adb
Bugfix: do not break cert-manager when pprof is enabled (#6635)
Signed-off-by: Silvio Moioli <silvio@moioli.net>
2023-01-13 16:09:14 -08:00
github-actions[bot] a4549cf989
chore: Bump golang:alpine version (#6683)
Made with ❤️️ by updatecli

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2023-01-12 18:58:04 -05:00
Brad Davidson 8340b54309 Pass through default tls-cipher-suites
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-12 14:51:04 -08:00
Derek Nola cc3583399a
Add explicit permissions to workflows (#6700)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-01-12 13:57:57 -08:00
dependabot[bot] d85952d6a0
Bump ubuntu from 20.04 to 22.04 in /tests/e2e/scripts (#6686)
Bumps ubuntu from 20.04 to 22.04.

---
updated-dependencies:
- dependency-name: ubuntu
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-12 13:57:28 -08:00
Derek Nola 674a05478f
Containerd restart testlet (#6696)
* Add containerd testlet to startup integration
* Fix all log dumps
* Stop server gracefully

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-01-12 13:43:31 -08:00
Brad Davidson d78e490716 Bump containerd to v1.6.15-k3s1
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-12 11:50:43 -08:00
dependabot[bot] e53500f37f
Bump alpine from 3.16 to 3.17 in /conformance (#6687)
Bumps alpine from 3.16 to 3.17.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-12 14:32:14 -05:00
dependabot[bot] c7151e8b61
Bump alpine from 3.16 to 3.17 in /package (#6688)
Bumps alpine from 3.16 to 3.17.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-12 14:31:56 -05:00
Chris Wayne 3cafc8e6dd
RIP Codespell (#6701)
* RIP Codespell

Signed-off-by: Chris Wayne <cwayne18@gmail.com>
2023-01-11 16:23:29 -08:00
ShylajaDevadiga fd8481a29d
Adjust e2e test run script and fixes (#6718)
Signed-off-by: ShylajaDevadiga <shylaja.devadiga@suse.com>
2023-01-11 16:09:45 -08:00
Brad Davidson a298bfdb18 Add jitter to scheduled snapshots and retry harder on conflicts
Also ensure that the snapshot job does not attempt to trigger multiple concurrent runs, as this is not supported.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-11 14:32:03 -08:00
Brad Davidson f0ec6a4c12 Exclude December r1 releases from channel server
Stop offering installs of these releases due to the critical containerd regression.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-06 13:34:38 -08:00
Brad Davidson bc6bebc998 Bump containerd to v1.6.14-k3s1
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-04 12:53:07 -08:00
Guilherme Macedo 454440f9a3
Add Dependabot config for security ADR (#6560)
Signed-off-by: Guilherme Macedo <guilherme.macedo@suse.com>
2023-01-03 14:01:57 -05:00
Alexey Vazhnov 870d9c32b0
Fix OpenRC init script error 'openrc-run.sh: source: not found' (#6614)
To avoid error message:

user@server ~ % /etc/init.d/k3s status
/lib/rc/sh/openrc-run.sh: 28: /etc/init.d/k3s: source: not found
/lib/rc/sh/openrc-run.sh: 29: /etc/init.d/k3s: source: not found
 * status: stopped

I've replaced `source` with `sourcex`, defined in https://github.com/OpenRC/openrc/blob/master/sh/openrc-run.sh.in#L30
Classic shell `.` also works.
Tested in Devuan 5 Daedalus (based on Debian 12 bookworm / testing), package `openrc` version 0.45.2-2.

Signed-off-by: Alexey Vazhnov <vazhnov@boot-keys.org>
2023-01-03 14:00:22 -05:00
Guilherme Macedo 97f162291a
Change Updatecli GH action reference branch (#6682)
Signed-off-by: Guilherme Macedo <guilherme.macedo@suse.com>
2023-01-03 13:26:14 -05:00
Nikolai Shields beafd9eaff
Update stable to v1.25.5 (#6618) 2023-01-03 12:03:58 -06:00
Guilherme Macedo 8f28de259c
Add initial Updatecli ADR automation (#6583)
* Add initial Updatecli ADR automation

Signed-off-by: Guilherme Macedo <guilherme.macedo@suse.com>
2023-01-03 12:56:08 -05:00
Chris Wayne 9e97a3b4aa
Current status badges (#6653)
Signed-off-by: Chris Wayne <cwayne18@gmail.com>
2022-12-28 19:18:51 -05:00
Brad Davidson fae8817655 Bump k3s-root version to v0.12.1
Adds support for loading compressed kernel modules

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-12-13 16:54:43 -08:00
Brad Davidson 0c9b43746b Preload iptable_filter/ip6table_filter
ServiceLB now requires this module, but it will not get autoloaded by the kubelet if the host is using nftables.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-12-13 12:51:00 -08:00
Hussein Galal f8b661d590
Update to v1.26.0-k3s1 (#6370)
* Update to v1.26.0-alpha.2

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* go generate

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Default CURRENT_VERSION to VERSION_TAG for alpha versions

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* remove containerd package

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Update k8s to v1.26.0-rc.0-k3s1 cri-tools cri-dockerd and cadvisor

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* replace cri-api reference to the new api

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* go mod tidy

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Fix version script to allow rc and alphas

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Fix version script to allow rc and alphas

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Fix version script to allow rc and alphas

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Update to Kubernetes 1.26.0-rc.1

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

* Undo helm-controller pin

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

* Bump containerd to -k3s2 for stargz fix

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

* DevicePlugins featuregate is locked to on

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

* Bump kine for DeleteRange fix

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

* Update to v1.26.0-k3s1

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* go mod tidy

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Bring back snapshotter checks and update golang to 1.19.4

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix windows containerd snapshotter checks

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Co-authored-by: Brad Davidson <brad.davidson@rancher.com>
2022-12-10 01:42:15 +02:00
Derek Nola b5d39df929
Deprecation of `etcd-snapshot` command in v1.26 (#6575)
* Consolidate etcd snapshot commands
* Consolidate secrets encryption commands
* Move etcd-snapshot to fatal error stage.

Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-12-05 15:28:01 -08:00
Derek Nola d723775792
Remove deprecated flags in v1.26 (#6574)
* Remove NoFlannel
* Remove cluster-secret
* Remove no-deploy
* Remove disable-selinux
* Convert wireguard to fatal error
* Remove reference to no-op K3S_CLUSTER_SECRET

Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-12-05 14:01:01 -08:00
Klaas Demter 457e5e7379 Update install.sh to recommend current version of k3s-selinux
Signed-off-by: Klaas Demter <re4il07t@duck.com>
2022-12-05 11:52:33 -08:00
Matt Trachier 95bb3dce97
adding expanded release docs (#6237)
Signed-off-by: matttrach <matttrach@gmail.com>
2022-12-02 16:27:02 -06:00
Derek Nola b255b07de2
Remove nodejs12 based GH actions (#6593)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-12-02 09:07:21 -08:00
Guilherme Macedo 9d8260a3f6
Add ADR for security bumps automation (#6559)
Signed-off-by: Guilherme Macedo <guilherme.macedo@suse.com>
2022-12-02 12:06:34 -05:00
Roberto Bonafiglia 091017d8c2 Update flannel to v0.20.2
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2022-12-01 22:21:58 +01:00
Brad Davidson 2835368ecb Bump k3s-root and remove embedded strongswan support
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-12-01 12:40:40 -08:00
Derek Nola af8f101bdc
Mark secrets-encryption flag as GA (#6582)
* Mark secrets-encrypt flag as GA

Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-12-01 08:50:51 -08:00
Brad Davidson 915c7719fe go generate
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-30 15:09:32 -08:00
Brad Davidson 2a496d4fd3 Bump metrics-server to v0.6.2
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-30 15:09:32 -08:00
Brad Davidson 1eeea5c81f go generate
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-30 15:09:32 -08:00
Brad Davidson d539a0a124 Sync packaged component Deployment config
Don't override replicas; set revisionHistoryLimit and strategy

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-30 15:09:32 -08:00