d40fc0878f
allow helm controller set owner reference
...
Signed-off-by: huangzy <huangzynn@outlook.com>
(cherry picked from commit 6fcaad553d
2024-05-31 09:16:55 -07:00
8a7b0b75fe
Follow directory symlinks in auto deploying manifests ( #9288 )
...
Signed-off-by: Robert Rose <robert.rose@mailbox.org>
(cherry picked from commit 6886c0977f
2024-05-31 09:16:55 -07:00
d386eaf904
Validate resolv.conf for presence of nameserver entries
...
Co-authored-by: Brad Davidson <brad@oatmail.org>
Signed-off-by: linxin <linxin@geedgenetworks.com>
(cherry picked from commit f24ba9d3a9
2024-05-31 09:16:55 -07:00
d1b3a02af2
Add support for svclb pod PriorityClassName
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 37f97b33c9
2024-05-31 09:16:55 -07:00
6452a5ea1b
Update local-path-provisioner helper script
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit b453630478
2024-05-31 09:16:55 -07:00
2f3d3aa05b
Fix issue with local traffic policy for single-stack services on dual-stack nodes.
...
Just enable IP forwarding for all address families regardless of service address families.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 095ecdb034
2024-05-31 09:16:55 -07:00
ef8bd94480
Bump spegel version
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 5cf4d75749
2024-05-31 09:16:55 -07:00
c7d8e98b37
Switch stargz over to cri registry config_path
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 30999f9a07
2024-05-31 09:16:55 -07:00
bfc17af8bb
Use fixed stream server bind address for cri-dockerd
...
Will now use 127.0.0.1:10010, same as containerd's CRI
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 7374010c0c
2024-05-31 09:16:55 -07:00
c4226adc8f
Add WithSkipMissing to not fail import on missing blobs
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 5f6b813cc8
2024-05-31 09:16:55 -07:00
7ebc6903fa
Use TrafficManager interface when calling flannel
...
Signed-off-by: Thomas Ferrandiz <thomas.ferrandiz@suse.com>
2024-05-28 07:58:19 +00:00
1ec25d8f64
Bump flannel version to v0.25.2
...
Signed-off-by: Thomas Ferrandiz <thomas.ferrandiz@suse.com>
2024-05-28 07:58:19 +00:00
86ad488227
Fix bug when using tailscale config by file
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2024-05-24 07:56:20 +02:00
1689846299
windows changes
...
Signed-off-by: Harrison Affel <harrisonaffel@gmail.com>
2024-05-16 14:55:16 -07:00
94e29e2ef5
Make /db/info available anonymously from localhost
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-04-22 19:34:43 -07:00
d3b60543e7
Fix 10 second etcd-snapshot request timeout
...
The default clientaccess request timeout is too short. Wait longer by default, and add the s3 timeout if s3 is enabled.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-04-19 23:26:51 -07:00
5b431ca531
Fix on-demand snapshots not honoring folder
...
Also fix etcd s3 tests to actually check that the files are saved to s3 🙃
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-04-19 23:26:51 -07:00
c59820a52a
Allow LPP to read helper logs ( #9834 )
...
Signed-off-by: Thomas Anderson <127358482+zc-devs@users.noreply.github.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-04-11 12:31:54 -07:00
3f906bee79
Update packaged manifests
...
* Update traefik chart to bump image tag and fix quoting
* Fix image quoting in flat manifests
* Update local-path-provisioner config to stop using deprecated hostpath volume type
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-04-11 09:22:51 -07:00
4cc73b1fee
Actually fix agent certificate rotation
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-04-10 09:21:01 -07:00
08f1022663
Don't log 'apiserver disabled' error sent by etcd-only nodes
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-04-09 15:36:33 -07:00
7d9abc9f07
Improve etcd load-balancer startup behavior
...
Prefer the address of the etcd member being joined, and seed the full address list immediately on startup.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-04-09 15:36:33 -07:00
fe465cc832
Move etcd snapshot management CLI to request/response
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-04-09 15:21:26 -07:00
60248c42de
Add supervisor cert/key to rotate list
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-04-05 10:59:17 -07:00
9846a72e92
Bump spegel to v0.0.20-k3s1 ( #9863 )
...
* Bump spegel to v0.0.20-k3s1
* Remove deprecated libp2p Pretty function
* Remove quic-go pin
Pinned version is now out of date, indirect dependencies are now newer, with CVE issue fixed
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-04-05 08:43:19 -07:00
f2961fb5d2
Add workaround for containerd hosts.toml bug
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-04-03 20:47:54 -07:00
7f659759dd
Add certificate expiry check and warnings
...
* Add ADR
* Add `k3s certificate check` command.
* Add periodic check and events when certs are about to expire.
* Add metrics for certificate validity remaining, labeled by cert subject
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-28 12:05:21 -07:00
6a42c6fcfe
Remove old pinned dependencies ( #9806 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-03-28 10:09:48 -07:00
14f54d0b26
Transition from deprecated pointer library to ptr ( #9801 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-03-28 10:07:02 -07:00
5d69d6e782
Add tls for kine
...
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
Bump kine
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
Add integration tests for kine with tls
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
2024-03-28 11:12:07 -03:00
c51d7bfbd1
Add health-check support to loadbalancer
...
* Adds support for health-checking loadbalancer servers. If a
health-check fails when dialing, all existing connections to the
server will be closed.
* Wires up a remotedialer tunnel connectivity check as the health check
for supervisor/apiserver connections.
* Wires up a simple ping request to the supervisor port as the health
check for etcd connections.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-27 16:50:27 -07:00
edb0440017
Fix etcd snapshot reconcile for agentless nodes
...
Disable cleanup of orphaned snapshots and patching of node annotations if running agentless
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-27 16:44:36 -07:00
3f649e3bcb
Add a new error when kine is with disable apiserver or disable etcd
...
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
2024-03-27 10:59:34 -03:00
f099bfa508
Fix error when image has already been pulled
...
CRI and containerd APIs disagree about the registry names - CRI supports
index.docker.io as an alias for docker.io, while containerd does not.
Use the actual stored RepoTag to determine what image to ask containerd for.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-26 16:19:40 -07:00
65cd606832
Respect cloud-provider fields set by kubelet
...
Don't clobber the providerID field and instance-type/region/zone labels if provided by the kubelet. This allows the user to set these to the correct values when using the embedded CCM in a real cloud environment.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-26 16:18:34 -07:00
d7cdbb7d4d
Send error response if member list cannot be retrieved
...
Prevents joining nodes from being stuck with bad initial member list if there is a transient failure, or if they try to join themselves
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-26 15:17:15 -07:00
7a2a2d075c
Move error response generation code into util
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-26 15:17:15 -07:00
bba3e3c66b
Fix wildcard entry upstream fallback
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-12 23:31:16 -07:00
fe2ca9ecf1
Warn and suppress duplicate registry mirror endpoints
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-07 16:30:06 -08:00
2a091a693a
Bump metrics-server to v0.7.0
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-07 12:45:29 -08:00
88c431aea5
Adjust first node-ip based on configured clusterCIDR
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2024-03-06 11:10:41 +01:00
59c724f7a6
Fix wildcard with embbeded registry test
...
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-05 14:38:36 -08:00
64e4f0e6e7
fix: use correct wasm shims names
...
Fix the wasm shim detection and the containerd configuration generation.
Prior to this commit, the binary and the `RuntimeType` values were not
correct.
Signed-off-by: Flavio Castelli <fcastelli@suse.com>
2024-03-05 13:12:08 -08:00
091a5c8965
Don't register embedded registry address as an upstream registry
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-04 15:11:26 -08:00
b5a4846e9d
Remove filtering of wildcard mirror entry
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-04 15:11:26 -08:00
84a071a81e
Add env var to allow spegel mirroring of `latest` tag
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-04 15:11:26 -08:00
26feb25c40
Bump spegel to v0.0.18-k3s4
...
Signed-off-by: Philip Laine <philip.laine@gmail.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-04 15:11:26 -08:00
0b3593205a
Move snapshot-retention to EtcdSnapshotFlags in order to support loading from config
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-04 12:09:29 -08:00
3576ed4327
Clean up snapshotDir create/exists logic
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-04 12:09:29 -08:00
b164d7a270
Fix additional corner cases in registries handling
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-04 11:59:33 -08:00
huangzy