- SHA256 Signature of the install script
- Added a sha256sum invocations in the validate script.
These calls will validate that the install script signatures
match. And when the script is changed the signatures must be
recalculated as reported by the error message in sha256sum.
Signed-off-by: Jose D. Gomez R <jose.gomez@suse.com>
* Update to v1.28.2
Signed-off-by: Johnatas <johnatasr@hotmail.com>
* Bump containerd and stargz versions
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Print message on upgrade fail
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Send Bad Gateway instead of Service Unavailable when tunnel dial fails
Works around new handling for Service Unavailable by apiserver aggregation added in kubernetes/kubernetes#119870
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Add 60 seconds to server upgrade wait to account for delays in apiserver readiness
Also change cleanup helper to ensure upgrade test doesn't pollute the
images for the rest of the tests.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
---------
Signed-off-by: Johnatas <johnatasr@hotmail.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Co-authored-by: Brad Davidson <brad.davidson@rancher.com>
* Use argument that doesn't require file
* Use build-k3s workflow in cgroup
* Bump timeout on integration tests
Signed-off-by: Derek Nola <derek.nola@suse.com>
Also add bandwidth and firewall plugins. The bandwidth plugin is
automatically registered with the appropriate capability, but the
firewall plugin must be configured by the user if they want to use it.
Ref: https://www.cni.dev/plugins/current/meta/firewall/
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Bump runc
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Bump to containerd, recombine build and go.mod version
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Bump wrangler to 1.1.1
* Match golang.org/x/net with flannel version
* Match golang.org/x/sys with containerd version
* Update gax-go to 2.1.1
* Isolate terraform e2e test with seperate go.mod/go.sum
* Bump containerd
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Initial drone vagrant pipeline
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Build e2e test image
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add docker registry to E2E pipeline
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Bump libvirt image
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add ci flag to secretsencryption
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Fix vagrant log on secretsencryption
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Remove DB parallel tests
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Reduce sonobuoy tests even further
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add local build
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add cron conformance pipeline
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add string output for nodes
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Switch snapshot restore for upgrade cluster
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Fix cp
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
* General cleanup of test-helpers functions to address CI failures
* Install awscli in test image
* Log containerd output to file even when running with --debug
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Add python pip pakacge to install aws cli
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Upload build artifacts to aws s3 instead of gcp bucket
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Upload logs to aws s3 instead of google buckets
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Replace gcloud auth with aws credentials for artifact uploading to buckets
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Replace usage of google bucket with aws s3 buckets
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
Problem:
Previously all of Kubernetes' image hosting has been out of gcr.io. There were significant egress costs associated with this when images were pulled from entities outside gcp. Refer to https://github.com/kubernetes/k8s.io/wiki/New-Registry-url-for-Kubernetes-(registry.k8s.io)
Solution:
As highlighted at KubeCon NA 2022 k8s infra SIG update, the replacement for k8s.gcr.io which is registry.k8s.io is now ready for mainstream use and the old k8s.gcr.io has been formally deprecated. This commit migrates all references for k3s to registry.k8s.io.
Signed-off-by: James Blair <mail@jamesblair.net>
Taint the first node so that the helm job doesn't run on it. In a real cluster the helm job would eventually succeed once all the servers were upgraded and had the new chart tarball.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Replace ETCD-JOIN-STABLE-SECOND with ETCD-JOIN-LATEST-FIRST. We don't
support joining down-level servers to existing clusters, as the new
down-level server will try to deploy older versions of the packaged
manifests.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Also reorder validations to perform the short checks first so that
things fail faster if there's a problem.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
From https://github.com/urfave/cli/pull/1383 :
> This removes the resulting binary dependency on cpuguy83/md2man and
> russross/blackfriday (and a few more packages imported by those),
> which saves more than 400 KB (more than 300 KB
> once stripped) from the resulting binary.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Also update all use of 'go get' => 'go install', update CI tooling for
1.18 compatibility, and gofmt everything so lint passes.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Update docs to include s390x arch
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Add s390x drone pipeline
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Install trivy linux arch only for amd64
This is done so that trivy is not installed for s390x arch
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Add s390x arch if condition for Dockerfile.test
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Add s390x arch in install script
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Add s390x GOARCH in build script
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Add SUFFIX s390x in scripts
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Skip image scan for s390x arch
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Update klipper-lb to version v0.3.5
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Update traefik version to v2.6.2
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Update registry to v2.8.1 in tests which supports s390x
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Skip compact tests for s390x arch
This is done because compact test require a previous k3s version which supports s390x and it is not available
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
By default, the most of Vagrant boxes are explicitly disabling IPv6
through sysctl. This change makes sure that IPv6, and also IP forwarding
for all families, are enabled.
This change is necessary for using dual-stack in Vagrant environment.
Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
* Removed vagrant folder
* Fix comments around E2E ENVs
* Eliminate testutil folder
* Convert flock integration test to unit test
* Point to other READMEs
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Do serial only first
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add test-post-hook for extremely flaky tests, enable parallel
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add flaky test post hook to etcd
* Add concurrent parallel, fix flaky tests checks
Signed-off-by: Derek Nola <derek.nola@suse.com>
Kubernetes Metrics Server version upgrade with the following changes:
Remove elevated permissions cap_net_bind_service from metrics-server
Fix bad architecture metadata
Fix reporting inconsistent number of nodes, caused by using invalid Kubelet node start time metric
Fix reporting partial container metrics for pod
Signed-off-by: Farukh Khan <farukhkhan21@gmail.com>