Allows nodes to join the cluster during a webhook outage. This also
enhances auditability by creating Kubernetes events for the deferred
verification.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Move coverage writer into agent and server
* Add coverage report to E2E PR tests
* Add codecov upload to drone
Signed-off-by: Derek Nola <derek.nola@suse.com>
It is no way we can configure the lb image because it is a const value.
It would be better that we make it variable value and we can override
the value like the `helm-controller` job image when compiling k3s/rke2
Signed-off-by: Yuxing Deng <jxfa0043379@hotmail.com>
Only actual admin actions should use the admin kubeconfig; everything done by the supervisor/deploy/helm controllers will now use a distinct account for audit purposes.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Add el9 to the install script
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add rocky-9 install test to test el9 selinux
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add rocky-9 install test to test el9 selinux to workflow
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Use el8 for fedora 37
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add a warning to reboot in coreos systems
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* remove k3s-selinux module in case of upgrade in el9
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Check for available container-selinux and k3s-selinux
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* extend selinux upgrade to sle distros
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* create /var/lib/rpm-state in sle systems
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* nit fix
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* extend selinux upgrade to sle distros
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
---------
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add el9 to the install script
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add rocky-9 install test to test el9 selinux
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add rocky-9 install test to test el9 selinux to workflow
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Use el8 for fedora 37
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add a warning to reboot in coreos systems
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* remove k3s-selinux module in case of upgrade in el9
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Check for available container-selinux and k3s-selinux
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* extend selinux upgrade to sle distros
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* create /var/lib/rpm-state in sle systems
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* nit fix
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
---------
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
Fix regression in legacy API prefix, until upstream pulls in support for MergePathStrategy from https://github.com/emicklei/go-restful/pull/523
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
As per https://github.com/golang/go/issues/47001 even subtle.ConstantTimeCompare should never be used with variable-length inputs, as it will return 0 if the lengths do not match. Switch to consistently using constant-time comparisons of hashes for password checks to avoid any possible side-channel leaks that could be combined with other vectors to discover password lengths.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
This commit adds SearchK3sLog function to find specific strings in integration tests log file and also removes FindStringInCmdAsync function since it was not being used.
Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
Also add bandwidth and firewall plugins. The bandwidth plugin is
automatically registered with the appropriate capability, but the
firewall plugin must be configured by the user if they want to use it.
Ref: https://www.cni.dev/plugins/current/meta/firewall/
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>