8633571a5b
Sort snapshots by time and key in tabwriter output
...
Fixes snapshot list coming out in non-deterministic order
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit a15b804e00
2023-10-13 12:28:56 -07:00
61bbad7d9e
Store extra metadata and cluster ID for snapshots
...
Write the extra metadata both locally and to S3. These files are placed such that they will not be used by older versions of K3s that do not make use of them.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 7464007037
2023-10-13 12:28:56 -07:00
db4ee1b2ae
Move s3 snapshot list functionality to s3.go
...
Also, don't list ONLY s3 snapshots if S3 is enabled.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 80f909d0ca
2023-10-13 12:28:56 -07:00
514bcade78
Consistently set snapshotFile timestamp
...
Attempt to use timestamp from creation or filename instead of file/object modification times
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 8d47645312
2023-10-13 12:28:56 -07:00
a89645dfb4
Tidy s3 upload functions
...
Consistently refer to object keys as such, simplify error handling.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit f1afe153a3
2023-10-13 12:28:56 -07:00
a8d117dc42
Elide old snapshot data when apiserver rejects configmap with ErrRequestEntityTooLarge
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 2b0e2e8ada
2023-10-13 12:28:56 -07:00
e2296d8538
Move etcd snapshot code into separate file
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 676b00aa0e
2023-10-13 12:28:56 -07:00
a0e04b3068
Add new CRD for etcd snapshots
...
Also adds a hack go script to print the embedded CRDs, for developer use.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 500744bb94
2023-10-13 12:28:56 -07:00
34d8b325f1
Bump busybox to v1.36.1
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 9bb1ce1253
2023-10-13 12:28:56 -07:00
11bc2c29f6
Pass SystemdCgroup setting through to nvidia runtime options
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 0e5c760625
2023-10-13 12:28:56 -07:00
babe286e20
Disable HTTP on main etcd client port
...
Fixes performance issue under load, ref: https://github.com/etcd-io/etcd/issues/15402 and https://github.com/kubernetes/kubernetes/pull/118460
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 8c73fd670b
2023-10-13 12:28:56 -07:00
722fca3b82
Use IPv6 in case is the first configured IP with dualstack
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-10-13 10:25:34 +02:00
0816812c99
[Release-1.25] Clear remove annotations on cluster reset ( #8589 )
...
* Use admin kubeconfig instead of supervisor for etcd snapshot CLI
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Skip creating CRDs and setting up event recorder for CLI controller context
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Don't export functions not needed outside the etcd package
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Reorganize Driver interface and etcd driver to avoid passing context and config into most calls
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Clear remove annotations on cluster reset; refuse to delete last member from cluster
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
---------
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Co-authored-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 08:11:34 -07:00
6afee00eaf
Server Token Rotation ( #8578 )
...
* Consolidate NewCertCommands
* Add support for user defined new token
* Add E2E testlets
* Ensure agent token also changes
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-10-10 09:45:27 -07:00
07646f6877
Fixed tailscale node IP dualstack mode in case of IPv4 only node
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-10-10 10:38:14 +02:00
67380ddb01
Network defaults are duplicated, remove one
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-10-04 08:25:25 +02:00
7e1e1867d4
Take IPFamily precedence based on order
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-10-02 18:40:56 +02:00
6f550cd9a1
ipFamilyPolicy:PreferDualStack for coredns and metrics-server
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-10-02 11:35:15 +02:00
00cc29ba27
Merge pull request #8466 from manuelbuil/vpnExtraArgs125
...
[Release-1.25] Add extraArgs to tailscale
2023-09-28 10:06:03 +02:00
940bbd19bb
Added error when cluster reset while using server flag
...
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
2023-09-27 16:42:23 -03:00
221fdd60c4
Add extraArgs to tailscale
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-09-27 11:39:08 +02:00
c4e30c6f11
Include the interface name in the error message
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-09-26 11:08:14 +02:00
b5dc298552
Merge pull request #8421 from manuelbuil/flannelErrors125
...
[Release 1.25] Add context to flannel errors
2023-09-25 16:33:21 +02:00
51969e6e7c
Add context to flannel errors
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-09-25 08:28:57 +02:00
c3d9410216
Fix error reporting
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-09-22 19:05:26 +02:00
622f183730
Send Bad Gateway instead of Service Unavailable when tunnel dial fails
...
Works around new handling for Service Unavailable by apiserver aggregation added in kubernetes/kubernetes#119870
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-09-19 10:56:55 -07:00
8fcbc2bc85
Add RWMutex to address controller
...
Fixes race condition when address map is updated by multiple goroutines
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 0d23cfe038
2023-08-30 01:35:07 -07:00
8d84d1581e
Add new CLI flag to enable TLS SAN CN filtering
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-08-29 08:35:21 -07:00
4b4de04f0b
Bump dynamiclistener for init deadlock fix
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 66bae3e326
2023-08-16 14:37:34 -07:00
ce85b98858
Fixed the etcd retention to delete orphaned snapshots based on the date
...
Signed-off-by: Vitor <vitor.savian@suse.com>
2023-08-15 12:41:06 -03:00
5a2506145e
Fix for cluster-reset backup from s3 when etcd snapshots are disabled ( #8155 )
...
* Fixed when the user disable the etcd snapshots, but want to backup from s3
Signed-off-by: Vitor <vitor.savian@suse.com>
2023-08-10 16:10:23 -03:00
8e945c53e7
fix for etcd-snapshot delete with --etcd-s3 flag ( #8110 )
...
k3s etcd-snapshot save --etcd-s3 ... is creating a local snapshot and uploading it to s3 while k3s etcd-snapshot delete --etcd-s3 ... was deleting the snapshot only on s3 buckets, this commit change the behavior of delete to do it locally and on s3
Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
(cherry picked from commit e551308db8
2023-08-04 19:20:33 -07:00
ddbe499d9a
Add FilterCN function to prevent SAN Stuffing
...
Wire up a node watch to collect addresses of server nodes, to prevent adding unauthorized SANs to the dynamiclistener cert.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit aa76942d0f
2023-08-04 16:08:16 -07:00
4c6f7bfb08
Make apiserver egress args conditional on egress-selector-mode
...
Only configure enable-aggregator-routing and egress-selector-config-file
if required by egress-selector-mode.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit f21ae1d949
2023-08-04 16:08:16 -07:00
739141a79b
Add support for `{{ template "base" . }}` in etc/containerd/config.toml.tmpl ( #7991 )
...
Signed-off-by: Simon Kirsten <simonkirsten24@gmail.com>
(cherry picked from commit 546dc247a0
2023-08-04 16:08:16 -07:00
ba8cb071e7
[Release-1.25] August Test Backports ( #8127 )
...
* Unit test for MustFindString (#8013 )
* Consolidate CopyFile functions (#8079 )
* Remove unnecessary E2E envs
* Cleanup unnecessary "sudo" in commands
* Add additonal s3 coverage clause
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-08-04 11:38:23 -07:00
00df50ded1
Fixed the etcd retention to delete orphaned snapshots
...
Signed-off-by: Vitor <vitor.savian@suse.com>
2023-08-04 10:34:08 -03:00
5164dc185a
Fix tailscale bug with ip modes
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-08-02 11:43:42 +02:00
f7ab577cfa
Adjust default kubeconfig file permissions ( #7984 )
...
* Adjust default kubeconfig permissions
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-07-15 08:46:08 -07:00
a268ab4058
Generation of certificates and keys for etcd gated if etcd is disabled.( #7945 )
...
Problem:
When support for etcd was added in 3957142
2023-07-11 14:18:53 -07:00
e8a4961732
Adding cli to custom klipper helm image ( #7682 )
...
Adding cli to custom klipper helm image
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
(cherry picked from commit 0809187cff
2023-07-07 16:28:16 -07:00
696a642d1d
Fall back to basic/bearer auth when node identity auth is rejected
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 7f50b40cfe
2023-07-07 14:12:02 -07:00
5e3c63718d
Add `--data-dir` to the `k3s certificate rotate-ca` cli ( #7791 )
...
Need to add a cli flag for this. Also, should probably have config file loading support for the certificate commands.
Signed-off-by: leilei.zhai <leilei.zhai@qingteng.cn>
(cherry picked from commit 72d50b1f7c
2023-07-07 14:12:02 -07:00
c850132b5f
Fix rootless node password ( #7900 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-07-07 11:03:14 -07:00
f1a4b9f6cb
Support setting control server URL for Tailscale.
...
This change enables the use of Headscale - open source implementation of the Tailscale control server.
Signed-off-by: Denys Smirnov <dennwc@pm.me>
2023-07-07 12:31:19 +02:00
647539920b
Check if we are on ipv4, ipv6 or dualStack when doing tailscale
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-07-06 11:13:11 +02:00
e1a315189b
Allow k3s to customize apiServerPort on helm-controller ( #7873 )
...
Signed-off-by: Daishan Peng <daishan@acorn.io>
Co-authored-by: Daishan Peng <daishan@acorn.io>
2023-07-05 11:56:58 -07:00
7d3319908f
Merge pull request #7860 from manuelbuil/fixSpell125
...
[Release 1.25] Fix code spell check
2023-07-05 10:37:51 +02:00
5a7f40dba3
Fix code spell check
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-07-04 15:53:34 +02:00
382fe9599f
Remove file_windows.go
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-07-04 12:47:05 +02:00
Brad Davidson