Problem:
Previously all of Kubernetes' image hosting has been out of gcr.io. There were significant egress costs associated with this when images were pulled from entities outside gcp. Refer to https://github.com/kubernetes/k8s.io/wiki/New-Registry-url-for-Kubernetes-(registry.k8s.io)
Solution:
As highlighted at KubeCon NA 2022 k8s infra SIG update, the replacement for k8s.gcr.io which is registry.k8s.io is now ready for mainstream use and the old k8s.gcr.io has been formally deprecated. This commit migrates all references for k3s to registry.k8s.io.
Signed-off-by: James Blair <mail@jamesblair.net>
Taint the first node so that the helm job doesn't run on it. In a real cluster the helm job would eventually succeed once all the servers were upgraded and had the new chart tarball.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Replace ETCD-JOIN-STABLE-SECOND with ETCD-JOIN-LATEST-FIRST. We don't
support joining down-level servers to existing clusters, as the new
down-level server will try to deploy older versions of the packaged
manifests.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Also reorder validations to perform the short checks first so that
things fail faster if there's a problem.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
From https://github.com/urfave/cli/pull/1383 :
> This removes the resulting binary dependency on cpuguy83/md2man and
> russross/blackfriday (and a few more packages imported by those),
> which saves more than 400 KB (more than 300 KB
> once stripped) from the resulting binary.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Also update all use of 'go get' => 'go install', update CI tooling for
1.18 compatibility, and gofmt everything so lint passes.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Update docs to include s390x arch
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Add s390x drone pipeline
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Install trivy linux arch only for amd64
This is done so that trivy is not installed for s390x arch
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Add s390x arch if condition for Dockerfile.test
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Add s390x arch in install script
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Add s390x GOARCH in build script
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Add SUFFIX s390x in scripts
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Skip image scan for s390x arch
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Update klipper-lb to version v0.3.5
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Update traefik version to v2.6.2
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Update registry to v2.8.1 in tests which supports s390x
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Skip compact tests for s390x arch
This is done because compact test require a previous k3s version which supports s390x and it is not available
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
By default, the most of Vagrant boxes are explicitly disabling IPv6
through sysctl. This change makes sure that IPv6, and also IP forwarding
for all families, are enabled.
This change is necessary for using dual-stack in Vagrant environment.
Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
* Removed vagrant folder
* Fix comments around E2E ENVs
* Eliminate testutil folder
* Convert flock integration test to unit test
* Point to other READMEs
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Do serial only first
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add test-post-hook for extremely flaky tests, enable parallel
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add flaky test post hook to etcd
* Add concurrent parallel, fix flaky tests checks
Signed-off-by: Derek Nola <derek.nola@suse.com>
Kubernetes Metrics Server version upgrade with the following changes:
Remove elevated permissions cap_net_bind_service from metrics-server
Fix bad architecture metadata
Fix reporting inconsistent number of nodes, caused by using invalid Kubelet node start time metric
Fix reporting partial container metrics for pod
Signed-off-by: Farukh Khan <farukhkhan21@gmail.com>
* Remove sudo commands from integration tests
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Added cleanup fucntion
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Implement better int cleanup
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Rename test utils
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Enable K3sCmd to be a single string
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Removed parsePod function
Signed-off-by: Derek Nola <derek.nola@suse.com>
* codespell
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Revert startup timeout
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Reorder sonobuoy tests, drop concurrent tests to 3
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Disable etcd
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Skip parallel testing for etcd
Signed-off-by: Derek Nola <derek.nola@suse.com>
Closes a gap in test coverage. Also fixes an issue where args and hooks
from previous test runs were not being reset for subsequent runs.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Move runc and k3s-root versions into versions.sh
* Remove commented-out cruft from build script
* Other minor tweaks
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Regular CLI framework for encrypt commands
* New secrets-encryption feature
* New integration test
* fixes for flaky integration test CI
* Fix to bootstrap on restart of existing nodes
* Consolidate event recorder
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Increase test timeout to 60m
* Bump golang to v1.16.10
* Bump sonobuoy to v0.55.0
* Bump containerd to v1.5.8-k3s1
Signed-off-by: Chris Kim <oats87g@gmail.com>
Before this change, Ubuntu provisioning script used the package list
from Alpine. But a lot of packages from that list have name mismatches.
Biggest example - `docker`, which has nothing to do with Docker as a
container engine in Ubuntu (the proper package is `docker.io`). Let's
just keep the full list for Ubuntu in its own provisioning script.
Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
* Added test runner and build files
* Changes to int test to output junit results.
* Updated documentation, removed comments
Signed-off-by: dereknola <derek.nola@suse.com>
* switch image names to the ones with the prefix mirrored
* bump rancher/mirrored-coredns-coredns to 1.8.4
Signed-off-by: Jiaqi Luo <6218999+jiaqiluo@users.noreply.github.com>
* Commit of new etcd snapshot integration tests.
* Updated integration github action to not run on doc changes.
* Update Drone runner to only run unit tests
Signed-off-by: dereknola <derek.nola@suse.com>
Not bumping runc in go.mod yet, as upstream Kubernetes still requires
runc/libcontainer v1.0.0-rc95
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
- bump the runc version to v1.0.0-rc94
- build runc from its own source tree instead of from ./vendor/
- side-steps incompatibility with upstream kubelet container manager
Signed-off-by: Jacob Blain Christen <dweomer5@gmail.com>
* Move registries.yaml handling out to rancher/wharfie
* Add system-default-registry support
* Add CLI support for kubelet image credential providers
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Some of the new node compat tests take a while before failing as
expected. We don't seem to need the additional time any longer to avoid
flakes, so turn it down a bit.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
We have had a couple issues with newer agents not working with old
servers or vice versa. Add a CI test to test variations on
uplevel/downlevel server/agent against latest, stable, and the previous
branch.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
K3s upgrade via watch over file change of static file and manifest
and triggers helm-controller for change. It seems reasonable to
only allow upgrade traefik v1->v2 when there is no existing custom
traefik HelmChartConfig in the cluster to avoid any
incompatibility.
Here also separate the CRDs and put them into a different chart
to support CRD upgrade.
Signed-off-by: Chin-Ya Huang <chin-ya.huang@suse.com>
* Test script cleanup backport from RKE2
Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>
* Update scripts/test
Co-authored-by: Brian Downs <brian.downs@gmail.com>
Co-authored-by: Brian Downs <brian.downs@gmail.com>