* Add --image-service-endpoint flag
Problem:
External container runtime can be set but image service endpoint is unchanged
and also is not exposed as a flag. This is useful for using containerd
snapshotters outside of the ones that have built-in support like
stargz-snapshotter.
Solution:
Add a flag --image-service-endpoint and also default image service endpoint to
container runtime endpoint if set.
Signed-off-by: Edgar Lee <edgarhinshunlee@gmail.com>
(cherry picked from commit fe18b1fce9)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
This required pulling the token hash stuff out of the cluster package, into util.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit d885162967)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Fixes snapshot list coming out in non-deterministic order
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit a15b804e00)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Write the extra metadata both locally and to S3. These files are placed such that they will not be used by older versions of K3s that do not make use of them.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 7464007037)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Also, don't list ONLY s3 snapshots if S3 is enabled.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 80f909d0ca)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Attempt to use timestamp from creation or filename instead of file/object modification times
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 8d47645312)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Also adds a hack go script to print the embedded CRDs, for developer use.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 500744bb94)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Consolidate NewCertCommands
* Add support for user defined new token
* Add E2E testlets
* Ensure agent token also changes
Signed-off-by: Derek Nola <derek.nola@suse.com>
Works around new handling for Service Unavailable by apiserver aggregation added in kubernetes/kubernetes#119870
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
k3s etcd-snapshot save --etcd-s3 ... is creating a local snapshot and uploading it to s3 while k3s etcd-snapshot delete --etcd-s3 ... was deleting the snapshot only on s3 buckets, this commit change the behavior of delete to do it locally and on s3
Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
(cherry picked from commit e551308db8)
Wire up a node watch to collect addresses of server nodes, to prevent adding unauthorized SANs to the dynamiclistener cert.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit aa76942d0f)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Only configure enable-aggregator-routing and egress-selector-config-file
if required by egress-selector-mode.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit f21ae1d949)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Problem:
When support for etcd was added in 3957142, generation of certificates and keys for etcd was not gated behind use of managed etcd.
Keys are generated and distributed across servers even if managed etcd is not enabled.
Solution:
Allow generation of certificates and keys only if managed etc is enabled. Check config.DisableETCD flag.
Signed-off-by: Bartossh <lenartconsulting@gmail.com>
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Bartosz Lenart <lenart.consulting@gmail.com>
Edgar Lee