k3s etcd-snapshot save --etcd-s3 ... is creating a local snapshot and uploading it to s3 while k3s etcd-snapshot delete --etcd-s3 ... was deleting the snapshot only on s3 buckets, this commit change the behavior of delete to do it locally and on s3
Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
(cherry picked from commit e551308db8)
Wire up a node watch to collect addresses of server nodes, to prevent adding unauthorized SANs to the dynamiclistener cert.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit aa76942d0f)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Only configure enable-aggregator-routing and egress-selector-config-file
if required by egress-selector-mode.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit f21ae1d949)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Unit test for MustFindString (#8013)
* Consolidate CopyFile functions (#8079)
* Remove unnecessary E2E envs
Signed-off-by: Derek Nola <derek.nola@suse.com>
Problem:
When support for etcd was added in 3957142, generation of certificates and keys for etcd was not gated behind use of managed etcd.
Keys are generated and distributed across servers even if managed etcd is not enabled.
Solution:
Allow generation of certificates and keys only if managed etc is enabled. Check config.DisableETCD flag.
Signed-off-by: Bartossh <lenartconsulting@gmail.com>
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Bartosz Lenart <lenart.consulting@gmail.com>
Need to add a cli flag for this. Also, should probably have config file loading support for the certificate commands.
Signed-off-by: leilei.zhai <leilei.zhai@qingteng.cn>
(cherry picked from commit 72d50b1f7c)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
These were unintentionally dropped when moving containerd back into the main multicall binary
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit e5e1a674ce)
Allows nodes to join the cluster during a webhook outage. This also
enhances auditability by creating Kubernetes events for the deferred
verification.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 45d8c1a1a2)
It is no way we can configure the lb image because it is a const value.
It would be better that we make it variable value and we can override
the value like the `helm-controller` job image when compiling k3s/rke2
Signed-off-by: Yuxing Deng <jxfa0043379@hotmail.com>
(cherry picked from commit b64a226ebd)
Only actual admin actions should use the admin kubeconfig; everything done by the supervisor/deploy/helm controllers will now use a distinct account for audit purposes.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 64a5f58f1e)
Fixes issue with localhost access to ServiceLB when
ExternalTrafficPolicy=Local
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 93279d2f59)
Johnatas