Brad Davidson
aa76942d0f
Add FilterCN function to prevent SAN Stuffing
...
Wire up a node watch to collect addresses of server nodes, to prevent adding unauthorized SANs to the dynamiclistener cert.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
1 year ago
Manuel Buil
8c38d1169d
Merge pull request #8077 from manuelbuil/fixTailscale
...
Fix tailscale bug with ip modes
1 year ago
Ikko Eltociear Ashimine
3515d712a7
Fix typo in terraform/README.md ( #8090 )
...
Signed-off-by: Ikko Eltociear Ashimine <eltociear@gmail.com>
1 year ago
Derek Nola
a87b183f9c
E2E: Support GOCOVER for more tests + fixes ( #8080 )
...
* Add support for local build and go coverage to all E2E tests
* Remove unused EXTERNAL_DB from etcd tests
* Fix private reg test
* Add coverage to tailscale
* Cleanup unnecessary "sudo" in commands
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add additonal s3 coverage clause
Signed-off-by: Derek Nola <derek.nola@suse.com>
1 year ago
Derek Nola
46cbbab263
Consolidate CopyFile functions ( #8079 )
...
* Consolidate CopyFile function
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Copy to File, not destination folder
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
1 year ago
Manuel Buil
59eec78c62
Fix tailscale bug with ip modes
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
1 year ago
Johnatas
468bddb59c
update stable channel to v1.27.4+k3s1 ( #8067 )
...
Signed-off-by: Johnatas <johnatas.santos@suse.com>
1 year ago
Hussein Galal
767b64ba58
Fix coreos multiple installs ( #8083 )
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
1 year ago
Guilherme Macedo
cc9dce5764
Security bump to docker/distribution ( #8047 )
...
Signed-off-by: Guilherme Macedo <guilherme@gmacedo.com>
1 year ago
Brad Davidson
f21ae1d949
Make apiserver egress args conditional on egress-selector-mode
...
Only configure enable-aggregator-routing and egress-selector-config-file
if required by egress-selector-mode.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
1 year ago
Simon Kirsten
546dc247a0
Add support for `{{ template "base" . }}` in etc/containerd/config.toml.tmpl ( #7991 )
...
Signed-off-by: Simon Kirsten <simonkirsten24@gmail.com>
1 year ago
Derek Nola
6d360e6473
Unit test for MustFindString ( #8013 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
1 year ago
Derek Nola
946c8ea842
ADR on secrets encryption v3 ( #7938 )
...
* ADR on secrets encryption v3
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Update adr based off design meeting discussion
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Update with acceptance
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
1 year ago
Manuel Buil
76e8e9789a
Merge pull request #8057 from manuelbuil/updateFlannel
...
Update flannel to v0.22.1
1 year ago
Manuel Buil
a37416f38c
Merge pull request #8056 from manuelbuil/update-cniPlugins
...
Update cni plugins version to v1.3.0
1 year ago
Manuel Buil
780e638099
Update flannel to v0.22.1
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
1 year ago
Manuel Buil
e56839b329
Update cni plugins version to v1.3.0
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
1 year ago
Pedro Tashima
36645e7311
fix update go version doc ( #8028 )
...
Signed-off-by: Pedro Tashima <pedro.tashima@suse.com>
Co-authored-by: Pedro Tashima <pedro.tashima@suse.com>
1 year ago
Pedro Tashima
d8ae6ef59b
Update to v1.27.4 ( #8014 )
...
Signed-off-by: Pedro Tashima <pedro.tashima@suse.com>
Co-authored-by: Pedro Tashima <pedro.tashima@suse.com>
1 year ago
Derek Nola
be44243353
Adjust default kubeconfig file permissions ( #7978 )
...
* Adjust default kubeconfig permissions
Signed-off-by: Derek Nola <derek.nola@suse.com>
1 year ago
Derek Nola
0b18a65d4f
Revert "Warn that v1.28 will deprecate reencrypt/prepare ( #7848 )"
...
This reverts commit 4ab01f3941
.
Signed-off-by: Derek Nola <derek.nola@suse.com>
1 year ago
Ian Cardoso
58a8deb25d
fix image_scan.sh script and download trivy version ( #7950 )
...
Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
1 year ago
Derek Nola
3eb4e12c3b
Don't use zgrep in `check-config` if apparmor porfile is enforced ( #7939 )
...
* Don't use zgrep if apparmor is enforced for it
* Bump e2e se timeouts for reencryption time
Signed-off-by: Derek Nola <derek.nola@suse.com>
1 year ago
Bartosz Lenart
34617390d0
Generation of certificates and keys for etcd gated if etcd is disabled. ( #6998 )
...
Problem:
When support for etcd was added in 3957142
, generation of certificates and keys for etcd was not gated behind use of managed etcd.
Keys are generated and distributed across servers even if managed etcd is not enabled.
Solution:
Allow generation of certificates and keys only if managed etc is enabled. Check config.DisableETCD flag.
Signed-off-by: Bartossh <lenartconsulting@gmail.com>
1 year ago
Johnatas
2eddfe6cf4
Add retry for clone step ( #7862 )
...
* Add retry for clone step
Signed-off-by: Johnatas <johnatas.santos@suse.com>
1 year ago
dependabot[bot]
782a3a1cb4
Bump google.golang.org/grpc from 1.51.0 to 1.53.0 in /tests/terraform ( #7879 )
...
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go ) from 1.51.0 to 1.53.0.
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.51.0...v1.53.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/grpc
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 year ago
Derek Nola
8405813c12
Fix rootless node password ( #7887 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
1 year ago
Johnatas
607320d670
Improve for K3s release Docs ( #7864 )
...
* Add changes in k3s release doc
Signed-off-by: Johnatas <johnatas.santos@suse.com>
* Get go version from .go-version file
Signed-off-by: Johnatas <johnatas.santos@suse.com>
* Update tags output
Signed-off-by: Johnatas <johnatas.santos@suse.com>
---------
Signed-off-by: Johnatas <johnatas.santos@suse.com>
1 year ago
Manuel Buil
6121e8cc8e
Merge pull request #7807 from dennwc/headscale
...
Support setting control server URL for Tailscale
1 year ago
Denys Smirnov
b9a2bf11ee
Support setting control server URL for Tailscale.
...
This change enables the use of Headscale - open source implementation of the Tailscale control server.
Signed-off-by: Denys Smirnov <dennwc@pm.me>
1 year ago
Derek Nola
4ab01f3941
Warn that v1.28 will deprecate reencrypt/prepare ( #7848 )
...
* Warn that v1.28 will deprecate reencrypt/prepare
Signed-off-by: Derek Nola <derek.nola@suse.com>
1 year ago
Manuel Buil
6c44b06e0a
Merge pull request #7838 from manuelbuil/ipv4ipv6tailscale
...
Check if we are on ipv4, ipv6 or dualStack when doing tailscale
1 year ago
Ian Cardoso
9e334153cf
add e2e s3 test ( #7833 )
...
Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
1 year ago
Manuel Buil
882297b081
Merge pull request #7858 from manuelbuil/fixCodeSpell
...
Fix code spell check
1 year ago
Manuel Buil
bca0adbca8
Fix code spell check
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
1 year ago
Manuel Buil
9c48d10eba
Merge pull request #7845 from manuelbuil/removeWinFile
...
Remove file_windows.go
1 year ago
Brad Davidson
7f50b40cfe
Fall back to basic/bearer auth when node identity auth is rejected
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
1 year ago
Daishan Peng
ce3443ddf6
Allow k3s to customize apiServerPort on helm-controller
...
Signed-off-by: Daishan Peng <daishan@acorn.io>
1 year ago
Ian Cardoso
324f9ad4da
fix e2e startup flaky test ( #7839 )
...
Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
1 year ago
LeiLei
72d50b1f7c
Add `--data-dir` to the `k3s certificate rotate-ca` cli ( #7791 )
...
Need to add a cli flag for this. Also, should probably have config file loading support for the certificate commands.
Signed-off-by: leilei.zhai <leilei.zhai@qingteng.cn>
1 year ago
Manuel Buil
d593c83603
Remove file_windows.go
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
1 year ago
Manuel Buil
f21a01474d
Check if we are on ipv4, ipv6 or dualStack when doing tailscale
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
1 year ago
Vitor Savian
0809187cff
Adding cli to custom klipper helm image ( #7682 )
...
Adding cli to custom klipper helm image
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
1 year ago
Brooks Newberry
c7dec8ed24
Update stable channel to v1.27.3+k3s1 ( #7827 )
1 year ago
Derek Nola
70691a95ee
Faster K3s Binary Build Option ( #7805 )
...
* Add local build option
Signed-off-by: Derek Nola <derek.nola@suse.com>
1 year ago
guoguangwu
2215870d5d
chore: pkg imported more than once
...
Signed-off-by: guoguangwu <guoguangwu@magic-shield.com>
1 year ago
Brooks Newberry
fe9604cac1
Update Kubernetes to v1.27.3 ( #7790 )
...
Signed-off-by: Brooks Newberry <brooks@newberry.com>
1 year ago
Manuel Buil
30f414e614
Merge pull request #7777 from manuelbuil/deleteTailscale
...
Add commands to remove advertised routes of tailscale in k3s-killall.sh
1 year ago
Manuel Buil
95245c9935
Merge pull request #7776 from manuelbuil/fixErrorReport
...
Fix error logging in tailscale
1 year ago
Manuel Buil
d968e64de0
Add commands to logout from tailscale
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
1 year ago