a92f163c9d
Add NATS to the list of supported data stores ( #6876 )
...
Signed-off-by: Byron Ruth <byron@nats.io>
2023-02-08 09:37:23 -08:00
b43dd7746d
Add CI test
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-07 14:55:04 -08:00
c900089e88
Add ADR
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-07 14:55:04 -08:00
87f9c4ab11
Ensure that node exists when using node auth
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-07 14:55:04 -08:00
992e64993d
Add support for kubeadm token and client certificate auth
...
Allow bootstrapping with kubeadm bootstrap token strings or existing
Kubelet certs. This allows agents to join the cluster using kubeadm
bootstrap tokens, as created with the `k3s token create` command.
When the token expires or is deleted, agents can successfully restart by
authenticating with their kubelet certificate via node authentication.
If the token is gone and the node is deleted from the cluster, node auth
will fail and they will be prevented from rejoining the cluster until
provided with a valid token.
Servers still must be bootstrapped with the static cluster token, as
they will need to know it to decrypt the bootstrap data.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-07 14:55:04 -08:00
373df1c8b0
Add support for `k3s token` command
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-07 14:55:04 -08:00
7d49202721
Ignore value conflicts when reencrypting secrets ( #6850 )
...
* Ignore conflict secrets
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-02-07 13:58:44 -08:00
be7f751863
Add e2e tests for CA cert rotation
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-06 15:09:31 -08:00
8a6404f97c
Add basic test for custom CA certs
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-06 15:09:31 -08:00
9b6b72941f
Clarify ADR based on design review feedback
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-06 15:09:31 -08:00
f13768c247
Add ADR
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-06 15:09:31 -08:00
215fb157ff
Add `certificate rotate-ca` to write updated CA certs to datastore
...
This command must be run on a server while the service is running. After this command completes, all the servers in the cluster should be restarted to load the new CA files.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-06 15:09:31 -08:00
3c324335b2
Add utility functions for getting kubernetes client
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-06 15:09:31 -08:00
58d40327b4
Fix CA cert hash for root certs
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-06 15:09:31 -08:00
0919ec6755
Ensure cluster-signing CA files contain only a single CA cert
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-06 15:09:31 -08:00
1ec242d816
Add example certificate generation script
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-06 15:09:31 -08:00
7e59376bb9
Fix check for (open)SUSE version ( #6791 )
...
Fix the check, if we're running SUSE or openSUSE in the installer
script.
Signed-off-by: phoenix <felix.niederwanger@suse.com>
2023-02-06 11:27:12 -08:00
ee007bc7cf
Bump deps: trivy, sonobuoy, dapper ( #6807 )
...
- trivy v0.36.1
- sonobuoy v0.56.14
- golangci-lint v1.50.1
- gopls v0.11.0
- dapper v0.6.0
- golang v1.19.5
Signed-off-by: Paulo Gomes <paulo.gomes@suse.com>
2023-02-06 11:25:24 -08:00
bb353f5d2b
Fix reference to documentation ( #6860 )
...
The documentation is no longer part of the Rancher project but can be found in
k3s-io/docs. Fix the wording an link in the contribution docs to point the
potential contributor to the proper location
Signed-off-by: Robert Schweikert <rjschwei@suse.com>
2023-02-06 11:16:14 -08:00
7cad3db251
E2E: Consoldiate docker and prefer bundled tests into new startup test ( #6851 )
...
* Convert docker E2E to startup E2E
* Move preferedbundled into the e2e startup test
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-02-06 10:39:46 -08:00
32086717fc
Ensure flag type consistency ( #6852 )
...
* Convert all flags to pointers for consistency
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-01-31 12:57:48 -08:00
750cff561d
Bump vagrant boxes to fedora37 ( #6832 )
...
* Bump to generic/fedora37
* fix epic permissions
* Disable sonobuoy on rootless
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-01-30 13:14:29 -08:00
9fcc7c0db8
Fix cronjob example ( #6707 )
...
Related PR:
https://github.com/rancher/rke2-docs/pull/38
Signed-off-by: Akos Elek <akose73@tazerve.hu>
2023-01-30 10:52:22 -08:00
0d4caf4e24
Wait for cri-dockerd socket ( #6812 )
...
* Wait for cri-dockerd socket
* Consolidate cri utility functions
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-01-27 13:16:59 -08:00
1c6fde9a52
go generate
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-27 12:09:18 -08:00
369b81b45e
Honor Service ExternalTrafficPolicy
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-27 12:09:18 -08:00
94d1a87509
Bump wrangler version for EndpointSlice support
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-27 12:09:18 -08:00
86e36225f5
Consolidate E2E tests and GH Actions ( #6772 )
...
* Consolidate cluster reset and snapshot E2E tests
* Add more context to secrets-encryption test
* Reuse build workflow
* Convert updatecli to job level permissions
* Remove dweomer microos from E2E and install testing
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-01-27 09:01:13 -08:00
808c71a63e
Add Ayedo ( #6801 )
...
Signed-off-by: Hrittik Roy <67012359+hrittikhere@users.noreply.github.com>
2023-01-27 11:37:44 -05:00
75f77ab951
E2E Rancher and Hardened script improvements ( #6778 )
...
* Improve test-pad rancher script
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Improve hardened script and added kube-bench utility script
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Apply same audits for 1.22 and older
Signed-off-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-01-26 18:17:33 -08:00
f0655f153e
update stable channel to v1.25.6+k3s1 ( #6828 )
2023-01-26 18:09:46 -08:00
3cb6fa5cc7
Set cri-dockerd version at build time
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-26 14:32:28 -08:00
f72649d1bd
Bump cri-dockerd
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-26 14:32:28 -08:00
89f7062431
Add build tag to disable cri-dockerd
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-26 14:29:18 -08:00
f10af367c3
Update to v1.26.1-k3s1 ( #6774 )
2023-01-19 07:56:32 -08:00
f19892c2d2
drone correct plugins/docker tag supporting linux/arm ( #6769 )
2023-01-18 12:38:51 -08:00
291f8bfe00
Slow dependency CI to weekly ( #6764 )
...
* Add labels to updatecli PRs
* Run weekly
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-01-18 09:39:46 -08:00
2007cdd54f
generate report and upload test results ( #6737 )
...
Signed-off-by: ShylajaDevadiga <shylaja.devadiga@suse.com>
Signed-off-by: ShylajaDevadiga <shylaja.devadiga@suse.com>
Co-authored-by: ShylajaDevadiga <shylaja.devadiga@suse.com>
2023-01-18 09:34:52 -08:00
7bbcac92fd
Bump download action to v3 ( #6746 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-01-17 11:04:34 -08:00
d71ab6317e
Update stable to 1.25.5+k3s2 ( #6753 )
2023-01-14 12:12:51 -06:00
f54b5e4fa0
Fix CI tests
...
* General cleanup of test-helpers functions to address CI failures
* Install awscli in test image
* Log containerd output to file even when running with --debug
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-13 17:22:25 -08:00
23c1040adb
Bugfix: do not break cert-manager when pprof is enabled ( #6635 )
...
Signed-off-by: Silvio Moioli <silvio@moioli.net>
2023-01-13 16:09:14 -08:00
a4549cf989
chore: Bump golang:alpine version ( #6683 )
...
Made with ❤️ ️ by updatecli
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2023-01-12 18:58:04 -05:00
8340b54309
Pass through default tls-cipher-suites
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-12 14:51:04 -08:00
cc3583399a
Add explicit permissions to workflows ( #6700 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-01-12 13:57:57 -08:00
d85952d6a0
Bump ubuntu from 20.04 to 22.04 in /tests/e2e/scripts ( #6686 )
...
Bumps ubuntu from 20.04 to 22.04.
---
updated-dependencies:
- dependency-name: ubuntu
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-12 13:57:28 -08:00
674a05478f
Containerd restart testlet ( #6696 )
...
* Add containerd testlet to startup integration
* Fix all log dumps
* Stop server gracefully
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-01-12 13:43:31 -08:00
d78e490716
Bump containerd to v1.6.15-k3s1
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-12 11:50:43 -08:00
e53500f37f
Bump alpine from 3.16 to 3.17 in /conformance ( #6687 )
...
Bumps alpine from 3.16 to 3.17.
---
updated-dependencies:
- dependency-name: alpine
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-12 14:32:14 -05:00
c7151e8b61
Bump alpine from 3.16 to 3.17 in /package ( #6688 )
...
Bumps alpine from 3.16 to 3.17.
---
updated-dependencies:
- dependency-name: alpine
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-12 14:31:56 -05:00
Byron Ruth