Enable the feature-gate for both kubelet and cloud-controller-manager. Enabling it on only one side breaks RKE2, where feature-gates are not shared due to running in different processes.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Snapshot delete/prune tests were only working because the delete command
would report success even when deleting a snapshot that didn't exist,
and the test regex was finding the snapshot name multiple times in
the list output and deleting it twice.
Snapshot restore tests seem to have expected the deployment to be rolled out
immediately, which is not a reasonable expectation.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Consolidate NewCertCommands
* Add support for user defined new token
* Add E2E testlets
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Ensure agent token also changes
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Use argument that doesn't require file
* Use build-k3s workflow in cgroup
* Bump timeout on integration tests
Signed-off-by: Derek Nola <derek.nola@suse.com>
k3s etcd-snapshot save --etcd-s3 ... is creating a local snapshot and uploading it to s3 while k3s etcd-snapshot delete --etcd-s3 ... was deleting the snapshot only on s3 buckets, this commit change the behavior of delete to do it locally and on s3
Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
* Add support for local build and go coverage to all E2E tests
* Remove unused EXTERNAL_DB from etcd tests
* Fix private reg test
* Add coverage to tailscale
* Cleanup unnecessary "sudo" in commands
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add additonal s3 coverage clause
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Move coverage writer into agent and server
* Add coverage report to E2E PR tests
* Add codecov upload to drone
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add el9 to the install script
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add rocky-9 install test to test el9 selinux
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add rocky-9 install test to test el9 selinux to workflow
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Use el8 for fedora 37
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add a warning to reboot in coreos systems
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* remove k3s-selinux module in case of upgrade in el9
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Check for available container-selinux and k3s-selinux
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* extend selinux upgrade to sle distros
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* create /var/lib/rpm-state in sle systems
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* nit fix
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* extend selinux upgrade to sle distros
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
---------
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add el9 to the install script
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add rocky-9 install test to test el9 selinux
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add rocky-9 install test to test el9 selinux to workflow
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Use el8 for fedora 37
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add a warning to reboot in coreos systems
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* remove k3s-selinux module in case of upgrade in el9
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Check for available container-selinux and k3s-selinux
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* extend selinux upgrade to sle distros
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* create /var/lib/rpm-state in sle systems
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* nit fix
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
---------
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
This commit adds SearchK3sLog function to find specific strings in integration tests log file and also removes FindStringInCmdAsync function since it was not being used.
Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
* local-storage: Fix permission
/var/lib/rancher/k3s/storage/ should be 700
/var/lib/rancher/k3s/storage/* should be 777
Fixes#2348
Signed-off-by: Boleyn Su <boleyn.su@gmail.com>
* Fix pod command field type
* Fix to int test
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Boleyn Su <boleyn.su@gmail.com>
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Brad Davidson <brad@oatmail.org>
Co-authored-by: Derek Nola <derek.nola@suse.com>
This adds integration tests for the following flags: "--etcd-snapshot-name","--etcd-snapshot-dir","--etcd-snapshot-retention","--etcd-snapshot-schedule-cron" and "--etcd-snapshot-compress". It also refactors K3sStartServer to stop applying strings.Fields() into inputArgs, so it can accept arguments that have space in their definition.
Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
* Bump go version to 1.20.3 to match upstream
* Bump cri-dockerd
* Bump golanci-lint
* go generate
* Bump selinux in cgroup test
* Bump to v1.27.1 tags
* Release documentation improvements
* Only run upgrade e2e test on PR
Signed-off-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Co-authored-by: Brad Davidson <brad.davidson@rancher.com>
* test: add make commands and dependencies
Signed-off-by: Francisco <francisco.moral@suse.com>
* fix: fix issue on logic for using external dbs and dependencies
Signed-off-by: Francisco <francisco.moral@suse.com>
---------
Signed-off-by: Francisco <francisco.moral@suse.com>
* Include note on service keys
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Fix rotate cert ca test
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Remove periods
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add new test to nightly script
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Bump wrangler to 1.1.1
* Match golang.org/x/net with flannel version
* Match golang.org/x/sys with containerd version
* Update gax-go to 2.1.1
* Isolate terraform e2e test with seperate go.mod/go.sum
* Bump containerd
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Initial drone vagrant pipeline
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Build e2e test image
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add docker registry to E2E pipeline
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Bump libvirt image
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add ci flag to secretsencryption
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Fix vagrant log on secretsencryption
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Remove DB parallel tests
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Reduce sonobuoy tests even further
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add local build
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add cron conformance pipeline
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add string output for nodes
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Switch snapshot restore for upgrade cluster
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Fix cp
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Consolidate cluster reset and snapshot E2E tests
* Add more context to secrets-encryption test
* Reuse build workflow
* Convert updatecli to job level permissions
* Remove dweomer microos from E2E and install testing
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Improve test-pad rancher script
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Improve hardened script and added kube-bench utility script
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Apply same audits for 1.22 and older
Signed-off-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add python pip pakacge to install aws cli
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Upload build artifacts to aws s3 instead of gcp bucket
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Upload logs to aws s3 instead of google buckets
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Replace gcloud auth with aws credentials for artifact uploading to buckets
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Replace usage of google bucket with aws s3 buckets
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Add EncryptSecrets to Critical Control Args
* use deep comparison to extract differences
Signed-off-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: Derek Nola <derek.nola@suse.com>
Problem:
Previously all of Kubernetes' image hosting has been out of gcr.io. There were significant egress costs associated with this when images were pulled from entities outside gcp. Refer to https://github.com/kubernetes/k8s.io/wiki/New-Registry-url-for-Kubernetes-(registry.k8s.io)
Solution:
As highlighted at KubeCon NA 2022 k8s infra SIG update, the replacement for k8s.gcr.io which is registry.k8s.io is now ready for mainstream use and the old k8s.gcr.io has been formally deprecated. This commit migrates all references for k3s to registry.k8s.io.
Signed-off-by: James Blair <mail@jamesblair.net>
CA cert will never be equal to the serving-kube-apiserver cert so it seems like a copy-paste error.
Signed-off-by: Vladimir Pouzanov <farcaller@gmail.com>
Brad Davidson