Commit Graph

2835 Commits (6d360e6473917ca6742167a36ab2617b5bf394f9)

Author SHA1 Message Date
Brad Davidson cf9ebb3259 Fail to validate server tokens that use bootstrap id/secret format
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-05 12:24:35 -07:00
Derek Nola 7175ebe2be
E2E: Startup test cleanup + RunCommand Enhancement (#7388)
* Add beforesuite to startup
* Reduce timeouts for startup
* Fix cleanup + set kubeconfig

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-05-05 11:00:47 -07:00
Matt Trachier bbb8ee0b2d
Add dependabot label and reviewer (#7423)
Signed-off-by: Matt Trachier <matttrach@gmail.com>
2023-05-05 09:30:51 -05:00
Manuel Buil eb83af0de4
Merge pull request #7422 from manuelbuil/modify-utils
Migrate netutil methods into /util/net.go
2023-05-05 07:17:41 +02:00
Brad Davidson cedefeff24 Bump cni plugins to v1.2.0-k3s1
Also add bandwidth and firewall plugins. The bandwidth plugin is
automatically registered with the appropriate capability, but the
firewall plugin must be configured by the user if they want to use it.

Ref: https://www.cni.dev/plugins/current/meta/firewall/

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-04 13:58:42 -07:00
Boleyn Su a736b4b1b9
local-storage: Fix permission (#7217)
* local-storage: Fix permission

/var/lib/rancher/k3s/storage/ should be 700
/var/lib/rancher/k3s/storage/* should be 777

Fixes #2348

Signed-off-by: Boleyn Su <boleyn.su@gmail.com>

* Fix pod command field type

* Fix to int test

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Boleyn Su <boleyn.su@gmail.com>
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Brad Davidson <brad@oatmail.org>
Co-authored-by: Derek Nola <derek.nola@suse.com>
2023-05-04 10:43:54 -07:00
Manuel Buil 437ad128c7 Migrate netutil methods into /utils/net.go
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-05-04 16:49:16 +02:00
Derek Nola e1d4cff14c
Enable FindString to search dotD config files (#7323)
* Enable FindString to search dotD config files
* Address multiple arg cases

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-05-02 11:18:23 -07:00
Derek Nola 132b41c3bf
Add v1.27 channel (#7387)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-05-02 09:57:47 -07:00
Derek Nola d5f560360e
Handle multiple arguments with StringSlice flags (#7380)
* Add helper function for multiple arguments in stringslice

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Cleanup server setup with util function

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-05-02 09:55:48 -07:00
github-actions[bot] a3ddff2f29 chore: Bump Trivy version
Made with ❤️️ by updatecli
2023-05-01 12:34:37 -07:00
Brad Davidson e61fde93c1 Fix MemberList error handling and incorrect etcd-arg passthrough
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-28 22:04:30 -07:00
Brad Davidson 91afb38799 Retry cluster join on "too many learners" error
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-28 11:28:33 -07:00
Brad Davidson f1b6a3549c Fix stack log on panic
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-28 11:24:34 -07:00
Brad Davidson c44d33d29b Fix race condition in tunnel server startup
Several places in the code used a 5-second retry loop to wait on
Runtime.Core to be set. This caused a race condition where OnChange
handlers could be added after the Wrangler shared informers were already
started. When this happened, the handlers were never called because the
shared informers they relied upon were not started.

Fix that by requiring anything that waits on Runtime.Core to run from a
cluster controller startup hook that is guaranteed to be called before
the shared informers are started, instead of just firing it off in a
goroutine that retries until it is set.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-28 11:24:34 -07:00
Brad Davidson 1ca035accc Add e2e test for --disable-agent
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-28 11:24:34 -07:00
Brad Davidson 31a6386994 Improve egress selector handling on agentless servers
Don't set up the agent tunnel authorizer on agentless servers, and warn when agentless servers won't have a way to reach in-cluster endpoints.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-28 11:24:34 -07:00
Brad Davidson 5348b5e696 Improve error message when CLI wrapper Exec fails
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-28 11:21:30 -07:00
Brooks Newberry bbda54b332
Add longhorn storage test (#6445)
Signed-off-by: Brooks Newberry <brooks@newberry.com>
2023-04-28 11:17:19 -07:00
Brad Davidson 0247794aa9 go generate
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-28 11:13:47 -07:00
Brad Davidson 0bbc6ad3f0 Bump traefik to v2.9.10
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-28 11:13:47 -07:00
Ian Cardoso 1ac03aad43
Add integration tests for etc-snapshot server flags and refactor /tests/integration/integration.go/K3sStartServer (#7300)
This adds integration tests for the following flags: "--etcd-snapshot-name","--etcd-snapshot-dir","--etcd-snapshot-retention","--etcd-snapshot-schedule-cron" and "--etcd-snapshot-compress". It also refactors K3sStartServer to stop applying strings.Fields() into inputArgs, so it can accept arguments that have space in their definition.

Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
2023-04-28 14:07:11 -03:00
Derek Nola ef648b7a5d
Bump Runc and Containerd (#7339)
* Bump runc

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Bump to containerd, recombine build and go.mod version

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-04-28 09:37:32 -07:00
Brad Davidson 9539147ee1 Bump k3s-root for aarch64 page size fix
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-27 20:43:22 -07:00
Brad Davidson ad41fb8c96 Create CRDs with schema
Fixes an issue where CRDs were being created without schema, allowing
resources with invalid content to be created, later stalling the
controller ListWatch event channel when the invalid resources could not
be deserialized.

This also requires moving Addon GVK tracking from a status field to
an annotation, as the GroupVersionKind type has special handling
internal to Kubernetes that prevents it from being serialized to the CRD
when schema validation is enabled.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-27 20:42:46 -07:00
Derek Nola bc5b42c279
Cleanup help messages (#7369)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-04-27 13:36:11 -07:00
Derek Nola f076080b2b
Bump cri-dockerd (#7347)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-04-24 15:57:14 -07:00
Brian Downs 87f0dc5dd3
update channel server for april 2023 (#7327) 2023-04-24 14:27:09 -04:00
Thomas Ferrandiz 66fcca66cb ensure that klog verbosity is set to the same level as logrus
by repeatedly settting it every second during k3s startup

Signed-off-by: Thomas Ferrandiz <thomas.ferrandiz@suse.com>
2023-04-24 18:08:55 +00:00
Roberto Bonafiglia 36699bbd60 Changed command -v redirection for iptables bin check
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-04-21 10:31:01 +02:00
Derek Nola 944f811dc5
v1.27.1 CLI Deprecation (#7311)
* Remove Flannel Wireguard
* Remove etcd-snapshot (implicit save)
* Convert ipsec and multiple backend to fatal

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-04-19 12:02:05 -07:00
Derek Nola f2bde63eea
Kubernetes v1.27.1 (#7271)
* Bump go version to 1.20.3 to match upstream
* Bump cri-dockerd
* Bump golanci-lint
* go generate
* Bump selinux in cgroup test
* Bump to v1.27.1 tags
* Release documentation improvements
* Only run upgrade e2e test on PR

Signed-off-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Co-authored-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-18 21:48:36 -07:00
github-actions[bot] 8d0255af07
Bump Trivy version (#7257)
* chore: Bump Trivy version

Made with ❤️️ by updatecli

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2023-04-18 09:48:27 -07:00
github-actions[bot] 779d5f3aa2
chore: Updated the content of the file "/tmp/updatecli/github/k3s-io/... (#7256)
... k3s/conformance/Dockerfile"
Updated the content of the file "/tmp/updatecli/github/k3s-io/k3s/Dockerfile.test"

Made with ❤️️ by updatecli

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2023-04-18 09:46:56 -07:00
github-actions[bot] 554ad87c8d
chore: Bump golang:alpine version (#7292)
Made with ❤️️ by updatecli

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2023-04-18 09:46:42 -07:00
Brian Downs 257fa2c54c
Update to v1.26.4-k3s1 (#7282) 2023-04-13 13:51:37 -07:00
Roberto Bonafiglia d9f40d4f5b Update install script to clean iptables rules before start
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-04-12 22:33:10 +02:00
Roberto Bonafiglia 0c683720ad Update kube-router to insert iptables rules right after kubernetes ones
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-04-12 22:33:10 +02:00
Hussein Galal 6b51ed478d
Fix call for k3s-selinux versions in airgapped environments (#7264)
* Fix call for k3s-selinux versions in airgapped environments

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* use timeout options in the donwloader

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more fixes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* run verify_downloader in case binary was skipped

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

---------

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2023-04-11 22:32:48 +02:00
Hussein Galal 027cc187ce
Add coreos and sle micro to selinux support (#6945)
* Add coreos and sle micro to selinux support

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Add fix for rpm-ostree

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Add uninstall for rpm-ostree (coreos)

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Don't start k3s on coreos

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Don't apply live

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Typo fix

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Derek Nola <derek.nola@suse.com>
2023-04-06 23:44:07 +02:00
Hussein Galal 30638072c9
Update klipper lb to v0.4.2 (#7210)
* Update klipper lb to v0.4.2

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Update klipper lb to v0.4.3

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Update klipper lb to v0.4.3 in airgap list

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

---------

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2023-04-06 19:02:00 +02:00
fmoral2 6c394abb32
Add make commands to terraform automation and fix external dbs related issue (#7159)
* test: add make commands and dependencies

Signed-off-by: Francisco <francisco.moral@suse.com>

* fix: fix issue on logic for using external dbs and dependencies

Signed-off-by: Francisco <francisco.moral@suse.com>

---------

Signed-off-by: Francisco <francisco.moral@suse.com>
2023-04-06 12:17:13 -03:00
Roberto Bonafiglia 3e3512bdae Updated kube-route version to move the iptables ACCEPT default rule at the end of the chain
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-04-06 09:55:34 +02:00
Brad Davidson d95980bba3 Lock bootstrap data with empty key to prevent conflicts
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-05 10:56:57 -07:00
dependabot[bot] 12091fc724 Bump actions/setup-go from 3 to 4
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-04 16:45:13 -07:00
Brad Davidson 2992477c4b Debounce kubernetes service endpoint updates
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-04 12:02:22 -07:00
Brad Davidson ece4d8e45c Fix tests to not hide failure location in dummp assert functions
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-04 12:02:22 -07:00
Brad Davidson e54ceaa497 Fix issue with stale connections to removed LB server
Track LB connections through each server so that they can be closed when it is removed.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-04 12:02:22 -07:00
Brad Davidson 5dece799df Update remotedialer to silence errors when disconnecting
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-04 12:02:22 -07:00
Guilherme Macedo 4182dcaac8
[UpdateCLI] Improve Klipper Helm and Helm controller bumps (#7146)
Signed-off-by: Guilherme Macedo <guilherme.macedo@suse.com>
2023-04-04 13:43:12 -05:00