github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,560 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

2560 Commits (9f4a477c8cba0b9ff397199b67b70632c938fb10)

Author SHA1 Message Date
Brad Davidson 9f4a477c8c Add CI test 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit b43dd7746d)
 2023-02-10 09:34:10 -08:00
Brad Davidson 82a0c4e1f4 Add ADR 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit c900089e88)
 2023-02-10 09:34:10 -08:00
Brad Davidson 478dae4d3d Ensure that node exists when using node auth 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 87f9c4ab11)
 2023-02-10 09:34:10 -08:00
Brad Davidson 73460e28bf Add support for kubeadm token and client certificate auth 
Allow bootstrapping with kubeadm bootstrap token strings or existing
Kubelet certs. This allows agents to join the cluster using kubeadm
bootstrap tokens, as created with the `k3s token create` command.

When the token expires or is deleted, agents can successfully restart by
authenticating with their kubelet certificate via node authentication.
If the token is gone and the node is deleted from the cluster, node auth
will fail and they will be prevented from rejoining the cluster until
provided with a valid token.

Servers still must be bootstrapped with the static cluster token, as
they will need to know it to decrypt the bootstrap data.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 992e64993d)
 2023-02-10 09:34:10 -08:00
Brad Davidson f4fc44ec4a Add support for `k3s token` command 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 373df1c8b0)
 2023-02-10 09:34:10 -08:00
Brad Davidson a2e8484e67 Add e2e tests for CA cert rotation 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit be7f751863)
 2023-02-10 09:34:10 -08:00
Brad Davidson 0d9825aaf7 Add basic test for custom CA certs 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 8a6404f97c)
 2023-02-10 09:34:10 -08:00
Brad Davidson f1577befd0 Clarify ADR based on design review feedback 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 9b6b72941f)
 2023-02-10 09:34:10 -08:00
Brad Davidson c169c9cf20 Add ADR 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit f13768c247)
 2023-02-10 09:34:10 -08:00
Brad Davidson 6ae3370e28 Add `certificate rotate-ca` to write updated CA certs to datastore 
This command must be run on a server while the service is running. After this command completes, all the servers in the cluster should be restarted to load the new CA files.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 215fb157ff)
 2023-02-10 09:34:10 -08:00
Brad Davidson b88c3b8c95 Add utility functions for getting kubernetes client 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 3c324335b2)
 2023-02-10 09:34:10 -08:00
Brad Davidson 631847536c Fix CA cert hash for root certs 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 58d40327b4)
 2023-02-10 09:34:10 -08:00
Brad Davidson e62b921b4f Ensure cluster-signing CA files contain only a single CA cert 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 0919ec6755)
 2023-02-10 09:34:10 -08:00
Brad Davidson 09d38a2f0a Add example certificate generation script 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 1ec242d816)
 2023-02-10 09:34:10 -08:00
Brad Davidson ce0a03648d go generate 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-10 07:27:20 -08:00
Brad Davidson e0967ce763 Check for existing resources before creating them 
Prevents errors when starting with fail-closed webhooks

Also, use panic instead of Fatalf so that the CloudControllerManager rescue can handle the error

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-10 07:27:20 -08:00
Brad Davidson 89b5466a00 Use default address family when adding kubernetes service address to SAN list 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-09 11:56:42 -08:00
Brad Davidson 607ccbd49d
[release-1.24] Allow ServiceLB to honor `ExternalTrafficPolicy=Local` (#6908) 
* Bump wrangler version for EndpointSlice support

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 94d1a87509)

* Honor Service ExternalTrafficPolicy

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 369b81b45e)

* go generate

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 1c6fde9a52)
 2023-02-08 14:04:08 -08:00
Derek Nola c9f450b314
Ignore value conflicts when reencrypting secrets (#6918) 
* Ignore conflict secrets

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-02-08 10:45:13 -08:00
Derek Nola 3052853988
[Release-1.24] Consolidate E2E tests (#6888) 
* Consolidate E2E tests and GH Actions (#6772)

* Consolidate cluster reset and snapshot E2E tests
* Add more context to secrets-encryption test
* Reuse build workflow
* Convert updatecli to job level permissions
* Remove dweomer microos from E2E and install testing

Signed-off-by: Derek Nola <derek.nola@suse.com>

* E2E: Consoldiate docker and prefer bundled tests into new startup test (#6851)

* Convert docker E2E to startup E2E
* Move preferedbundled into the e2e startup test

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-02-07 09:25:27 -08:00
Derek Nola 1b5a3a5b2e
Wait for cri-dockerd socket (#6854) 
* Wait for cri-dockerd socket
* Consolidate cri utility functions

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-02-01 09:24:09 -08:00
Derek Nola f0ce56a02b
Standardize flag declaration (#6868) 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-02-01 09:23:34 -08:00
Derek Nola 564b825152
Fix cron example (#6865) 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-01-31 12:57:15 -08:00
Derek Nola 3a17fbada4
Bump vagrant boxes to fedora37 (#6832) (#6859) 
* Bump to generic/fedora37
* Disable sonobuoy on rootless

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-01-31 08:54:49 -08:00
Silvio Moioli 8e36b16568 Bugfix: do not break cert-manager when pprof is enabled (#6635) 
Signed-off-by: Silvio Moioli <silvio@moioli.net>
(cherry picked from commit 23c1040adb)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-26 17:36:55 -08:00
Brad Davidson be26a6e618 Set cri-dockerd version at build time 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-26 14:43:47 -08:00
Brad Davidson 3897a9e8d1 Bump cri-dockerd 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-26 14:43:47 -08:00
Brad Davidson 21b1da5848 Add jitter to scheduled snapshots and retry harder on conflicts 
Also ensure that the snapshot job does not attempt to trigger multiple concurrent runs, as this is not supported.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-26 14:31:25 -08:00
Brooks Newberry 546a94e9ae
V1.24.10 k3s1 (#6788) 2023-01-19 18:39:14 -08:00
Brooks Newberry a57c3171e6
drone correct plugins/docker tag supporting linux/arm (#6767) 2023-01-18 16:32:52 -08:00
Brad Davidson f7e375979f Fix CI tests 
* General cleanup of test-helpers functions to address CI failures
* Install awscli in test image
* Log containerd output to file even when running with --debug

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit f54b5e4fa0)
 2023-01-18 09:17:39 -08:00
github-actions[bot] 7c4c1da22e chore: Bump golang:alpine version (#6683) 
Made with ❤️️ by updatecli

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
(cherry picked from commit a4549cf989)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-18 09:17:39 -08:00
dependabot[bot] 5141a5b0f5 Bump ubuntu from 20.04 to 22.04 in /tests/e2e/scripts (#6686) 
Bumps ubuntu from 20.04 to 22.04.

---
updated-dependencies:
- dependency-name: ubuntu
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit d85952d6a0)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-18 09:17:39 -08:00
dependabot[bot] ccc9f904c6 Bump alpine from 3.16 to 3.17 in /conformance (#6687) 
Bumps alpine from 3.16 to 3.17.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit e53500f37f)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-18 09:17:39 -08:00
dependabot[bot] c737882e34 Bump alpine from 3.16 to 3.17 in /package (#6688) 
Bumps alpine from 3.16 to 3.17.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit c7151e8b61)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-18 09:17:39 -08:00
Derek Nola f09ba80ed8
Bump download artifact to v3 (#6748) 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-01-17 09:40:34 -08:00
Brad Davidson 739be58a8b Bump containerd to v1.6.15-k3s1 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-13 22:15:59 -08:00
Brad Davidson 0887800db8 Pass through default tls-cipher-suites 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-13 22:14:58 -08:00
Brad Davidson 0d4e64f7bd Bump containerd to v1.6.14-k3s1 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-04 14:25:43 -08:00
Derek Nola 6a2db7fe21
[Release-1.24] Backport missing E2E test commits (#6616) 
* Backport PR 6131

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Add cluster reset test to nightly builds
* Add journalctl logs to E2E tests
* Expand nightly E2E tests (#6354)
* Add snapshot restore e2e test (#6396)
* Convert test output  to JSON format (#6410)
* Fix E2E test for prefer-bundled-bin
* Fix external ip test

Signed-off-by: Shylaja Devadiga <shylaja@rancher.com>
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-01-03 14:25:11 -08:00
Brad Davidson 4dcf0a33bc Bump k3s-root version to v0.12.1 
Adds support for loading compressed kernel modules

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-13 18:28:28 -08:00
Brad Davidson 01d519394f Preload iptable_filter/ip6table_filter 
ServiceLB now requires this module, but it will not get autoloaded by the kubelet if the host is using nftables.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-13 18:28:28 -08:00
Brad Davidson 339d4e36a5 Bump containerd to v1.6.12 
Also bump containerd client module to v1.5.16-k3s1

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-09 17:33:12 -08:00
Nikolai Shields 776beb0e41
Update to v1.24.9-k3s1 (#6623) 2022-12-08 22:13:37 -06:00
Derek Nola dabd995365
Remove nodejs12 based GH actions (#6595) 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2022-12-02 09:06:53 -08:00
Brad Davidson d5ef9e1a12 Bump k3s-root and remove embedded strongswan support 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 2835368ecb)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-02 00:20:37 -08:00
Brad Davidson af9fac15ff go generate 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 915c7719fe)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-02 00:20:37 -08:00
Brad Davidson 3edc59522b Bump metrics-server to v0.6.2 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 2a496d4fd3)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-02 00:20:37 -08:00
Brad Davidson 6e8c10473d go generate 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 1eeea5c81f)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-02 00:20:37 -08:00
Brad Davidson 5fde2e74f7 Sync packaged component Deployment config 
Don't override replicas; set revisionHistoryLimit and strategy

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit d539a0a124)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2022-12-02 00:20:37 -08:00