Derek Nola
aaf8409096
Use version.Program not K3s in log ( #8653 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-10-16 11:02:12 -07:00
Brad Davidson
9597ea1183
Start etcd client before ensuring self removal
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-13 23:24:16 -07:00
Brad Davidson
3abc8b82ed
Bump traefik, golang.org/x/net, google.golang.org/grpc
...
Fixes exposure to CVE-2023-39325
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-13 09:45:54 -07:00
Roberto Bonafiglia
1ffb4603cd
Use IPv6 in case is the first configured IP with dualstack
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-10-13 10:23:31 +02:00
Brad Davidson
d885162967
Add server token hash to CR and S3
...
This required pulling the token hash stuff out of the cluster package, into util.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
550ab36ab7
Switch to managing ETCDSnapshotFile resources
...
Reconcile snapshot CRs instead of ConfigMap; manage ConfigMap downstream from CR list
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
5cd4f69bfa
Move snapshot delete into local/s3 functions
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
a15b804e00
Sort snapshots by time and key in tabwriter output
...
Fixes snapshot list coming out in non-deterministic order
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
7464007037
Store extra metadata and cluster ID for snapshots
...
Write the extra metadata both locally and to S3. These files are placed such that they will not be used by older versions of K3s that do not make use of them.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
80f909d0ca
Move s3 snapshot list functionality to s3.go
...
Also, don't list ONLY s3 snapshots if S3 is enabled.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
8d47645312
Consistently set snapshotFile timestamp
...
Attempt to use timestamp from creation or filename instead of file/object modification times
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
f1afe153a3
Tidy s3 upload functions
...
Consistently refer to object keys as such, simplify error handling.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
2b0e2e8ada
Elide old snapshot data when apiserver rejects configmap with ErrRequestEntityTooLarge
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
676b00aa0e
Move etcd snapshot code into separate file
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
500744bb94
Add new CRD for etcd snapshots
...
Also adds a hack go script to print the embedded CRDs, for developer use.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
9bb1ce1253
Bump busybox to v1.36.1
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:00:45 -07:00
Derek Nola
dface01de8
Server Token Rotation ( #8265 )
...
* Consolidate NewCertCommands
* Add support for user defined new token
* Add E2E testlets
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Ensure agent token also changes
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-10-09 10:58:49 -07:00
Roberto Bonafiglia
ced25af5b1
Fixed tailscale node IP dualstack mode in case of IPv4 only node
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-10-09 15:17:33 +02:00
Manuel Buil
e82b37640a
Network defaults are duplicated, remove one
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-10-02 17:21:59 +02:00
Manuel Buil
f2c7117374
Take IPFamily precedence based on order
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-09-29 11:04:15 +02:00
Manuel Buil
0b23a478cf
ipFamilyPolicy:PreferDualStack for coredns and metrics-server
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-09-29 10:10:43 +02:00
Brad Davidson
0e5c760625
Pass SystemdCgroup setting through to nvidia runtime options
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-09-27 13:30:26 -07:00
Edgar Lee
fe18b1fce9
Add --image-service-endpoint flag ( #8279 )
...
* Add --image-service-endpoint flag
Problem:
External container runtime can be set but image service endpoint is unchanged
and also is not exposed as a flag. This is useful for using containerd
snapshotters outside of the ones that have built-in support like
stargz-snapshotter.
Solution:
Add a flag --image-service-endpoint and also default image service endpoint to
container runtime endpoint if set.
Signed-off-by: Edgar Lee <edgarhinshunlee@gmail.com>
2023-09-27 13:20:50 -07:00
Manuel Buil
2a9e8e68d5
Merge pull request #8354 from manuelbuil/vpnExtraParams
...
Add extraArgs to vpn provider
2023-09-27 11:34:29 +02:00
Manuel Buil
4dd45b3142
Merge pull request #8439 from manuelbuil/fixGofmt
...
Fix gofmt error
2023-09-26 19:14:07 +02:00
Vitor Savian
b6ab24c4fd
Added error when cluster reset while using server flag
...
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
2023-09-26 11:00:37 -03:00
Manuel Buil
172a7f1d1a
Fix gofmt error
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-09-26 11:09:03 +02:00
Brad Davidson
8705a88bf4
Clear remove annotations on cluster reset; refuse to delete last member from cluster
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-09-25 11:54:23 -07:00
Brad Davidson
002e6c43ee
Reorganize Driver interface and etcd driver to avoid passing context and config into most calls
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-09-25 11:54:23 -07:00
Brad Davidson
890645924f
Don't export functions not needed outside the etcd package
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-09-25 11:54:23 -07:00
Brad Davidson
a3c52d60a5
Skip creating CRDs and setting up event recorder for CLI controller context
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-09-25 11:54:23 -07:00
Brad Davidson
391e61bd72
Use admin kubeconfig instead of supervisor for etcd snapshot CLI
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-09-25 11:54:23 -07:00
Brad Davidson
8c73fd670b
Disable HTTP on main etcd client port
...
Fixes performance issue under load, ref: https://github.com/etcd-io/etcd/issues/15402 and https://github.com/kubernetes/kubernetes/pull/118460
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-09-25 08:29:57 -07:00
Manuel Buil
12459fca97
Add extraArgs to tailscale
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-09-25 17:04:50 +02:00
Manuel Buil
cae8b2b626
Merge pull request #8346 from manuelbuil/interfaceLogs
...
Include the interface name in the error message
2023-09-25 16:50:01 +02:00
Manuel Buil
3194dc7367
Merge pull request #8284 from manuelbuil/improveFlannelLogging
...
Add context to flannel errors
2023-09-25 08:20:33 +02:00
Manuel Buil
8c197bdce4
Include the interface name in the error message
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-09-25 07:55:49 +02:00
Manuel Buil
8146041185
Merge pull request #8250 from manuelbuil/fixWinError
...
Fix error reporting
2023-09-22 18:42:54 +02:00
Johnatas
6330a5b49c
Update to v1.28.2 and go v1.20.8 ( #8364 )
...
* Update to v1.28.2
Signed-off-by: Johnatas <johnatasr@hotmail.com>
* Bump containerd and stargz versions
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Print message on upgrade fail
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Send Bad Gateway instead of Service Unavailable when tunnel dial fails
Works around new handling for Service Unavailable by apiserver aggregation added in kubernetes/kubernetes#119870
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Add 60 seconds to server upgrade wait to account for delays in apiserver readiness
Also change cleanup helper to ensure upgrade test doesn't pollute the
images for the rest of the tests.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
---------
Signed-off-by: Johnatas <johnatasr@hotmail.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Co-authored-by: Brad Davidson <brad.davidson@rancher.com>
2023-09-19 10:18:47 -03:00
Manuel Buil
66cb1064d1
Add context to flannel errors
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-09-07 14:09:22 +02:00
Manuel Buil
d3f7632463
Fix error reporting
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-08-31 17:20:14 +02:00
Brad Davidson
0d23cfe038
Add RWMutex to address controller
...
Fixes race condition when address map is updated by multiple goroutines
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-08-29 20:52:37 -07:00
Brad Davidson
cba9f0d142
Add new CLI flag to disable TLS SAN CN filtering
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-08-29 08:33:45 -07:00
Derek Nola
2cb7023660
Use already imported semver, bump kine
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-08-25 14:17:00 -06:00
Derek Nola
f2d0c5409a
Add check for support on cp nodes
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-08-25 14:17:00 -06:00
Derek Nola
51f1a5a0ab
Review comments and fixes
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-08-25 14:17:00 -06:00
Derek Nola
42c2ac95e2
CLI + Backend for Secrets Encryption v3
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-08-25 14:17:00 -06:00
Derek Nola
b967f92785
Replace os.Write with AtomicWrite function
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-08-25 14:17:00 -06:00
Derek Nola
ced330c66a
[v1.28] CLI Removal for v1.28.0 ( #8203 )
...
* Remove deprecated flannel ipsec
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Remove multipart backend
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Fix secrets-encryption integration test flakiness
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-08-24 22:09:13 -07:00
Hussein Galal
af50e1b096
Update to v1.28.0-k3s1 ( #8199 )
...
* Update to v1.28.0
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Update golang to v1.20.7
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* more changes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* update wrangler
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* update wrangler
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix nodepassword test
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix nodepassword test
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* disable CGO before running golangci-lint
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* execlude CGO Enabled checks
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Ignore reapply change error with logging
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Update google api client
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
---------
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2023-08-23 00:09:31 +03:00