Commit Graph

3404 Commits (b93fd98a1c733b61ac515e07f4abcaf27d2f6b7f)

Author SHA1 Message Date
jonarmani 7ca021ea89
Update README.md (#10523)
Half of 8 is 3, in a way.

Signed-off-by: jonarmani <3901100+jonarmani@users.noreply.github.com>
2024-10-02 09:50:45 -07:00
Derek Nola cd02fdfa39
Bump to new wharfie version (#10971)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-10-02 08:58:08 -07:00
Vitor Savian 1ff43bf07f Add user path to runtimes search
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
2024-10-02 09:52:11 -03:00
Derek Nola ab89363e18
Fix trivy vex line (#10970)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-10-01 15:06:49 -07:00
Guilherme Macedo 0553a1a1d9
Pass Rancher's VEX report to Trivy to remove known false-positives CVEs (#10956)
Signed-off-by: Guilherme Macedo <guilherme@gmacedo.com>
2024-10-01 17:20:35 -04:00
Brad Davidson 6c6d87d1b0 Bump traefik to chart 27.0.2 / appVersion v2.11.10
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-09-30 12:49:18 -07:00
github-actions[bot] a809749edc
chore: Bump Trivy version (#10924)
Made with ❤️️ by updatecli

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2024-09-30 12:40:13 -07:00
Derek Nola 2739f50d77
Trivy workflow: Checkout repo to use gh cli (#10949)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-09-25 13:20:26 -07:00
Derek Nola 97e8486032
Fix trivy report download (#10943)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-09-25 10:09:09 -07:00
Brad Davidson cda31ebd67 Bump kine to v0.13.0
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-09-25 10:02:04 -07:00
Derek Nola 3a268acb78
Check k3s-io organization membership not team membership for trivy scans (#10940)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-09-24 14:37:32 -07:00
Derek Nola 6731f4a70d
Fix getMembershipForUserInOrg call (#10937)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-09-24 13:06:27 -07:00
Derek Nola 005711fad6
Breakup trivy scan and check comment author (#10935)
* Check comment author on trivy scan
* Breakup trivy workflow for better permission security

Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-09-24 12:10:31 -07:00
Brad Davidson ed14f7f863 Use static CNI bin dir
Maintain a separate dir for CNI binaries so that additional plugins can be installed in a predictable location that does not change every time k3s is upgraded.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-09-23 11:31:54 -07:00
Brooks Newberry ea5add3c3b
update stable channel tov1.30.5+k3s1 (#10921) 2024-09-23 07:10:06 -07:00
Robert Silén 40eda6a823
Add MariaDB to E2E (#10724)
* add mariadb to Validate and Upgrade E2E tests

Signed-off-by: robertsilen <robert.silen@iki.fi>
Signed-off-by: Robert Silén <robert.silen@iki.fi>
Co-authored-by: Derek Nola <derek.nola@suse.com>
2024-09-19 08:40:02 -07:00
Brooks Newberry 7d66fa7ffa update kubernetes to v1.31.1-k3s3
Signed-off-by: Brooks Newberry <brooks@newberry.com>
2024-09-18 10:47:29 -07:00
github-actions[bot] e6d1cf1009
chore: Bump Trivy version (#10899)
Made with ❤️️ by updatecli

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2024-09-17 10:03:23 -07:00
Manuel Buil 483d76b34a Add int test for flannel-ipv6masq
Signed-off-by: Manuel Buil <mbuil@suse.com>
2024-09-17 12:00:33 +02:00
github-actions[bot] 13612ef376
chore: Bump Trivy version (#10863)
Made with ❤️️ by updatecli

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2024-09-12 09:37:49 -07:00
Brad Davidson d6c20b7452 Fix hosts.toml header var
Resolves issue from 270f85e468 that prevented old hosts.toml files from being cleaned up.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-09-10 14:59:41 -07:00
Derek Nola 61c7011cab
Give good report if no CVEs found in trivy (#10853)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-09-06 14:58:26 -07:00
Arne Winter c4c11e51f1
add node-internal-dns/node-external-dns address pass-through support (#10852)
* add --node-internal-dns and --node-external-dns

Signed-off-by: Arne Winter <github@arnewinter.dev>
Co-authored-by: Brad Davidson <brad@oatmail.org>
2024-09-06 14:15:19 -07:00
Derek Nola 216c3671b7
Remove otelgrpc pinned dependency (#10799)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-09-06 10:56:55 -07:00
Brad Davidson 270f85e468 Only clean up containerd hosts dirs managed by k3s
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-09-05 17:21:55 -07:00
Brad Davidson 378edb939d Tag PR image build as latest before scanning
This is less effort than passing the tag across steps 🤷‍♂️

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-09-05 15:21:56 -07:00
Brad Davidson 662799feec Bump helm-controller for skip-verify/plain-http and updated tolerations
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-09-05 15:21:42 -07:00
Brad Davidson d746073bd0 Bump containerd to v1.7.21, runc to v1.1.14
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-09-05 11:03:31 -07:00
Brad Davidson 29e25a61e6 Add channel for v1.31
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-09-05 08:50:04 -07:00
Derek Nola 36282dc39b
Launch private registry with init so the container can be killed on cleanup (#10822)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-09-04 16:22:24 -07:00
Brad Davidson 3d6e4a793a Fix /trivy action running against target branch instead of PR branch
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-09-04 15:57:39 -07:00
github-actions[bot] de4bb2e13c
chore: Update sonobuoy image versions (#10792)
Made with ❤️️ by updatecli

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2024-09-04 14:00:09 -07:00
Roberto Bonafiglia 28ceeec489 Update CNI plugins version
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2024-09-04 15:40:46 +02:00
dependabot[bot] dacc636cf4
Bump aquasecurity/trivy-action from 0.20.0 to 0.24.0 (#10795)
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.20.0 to 0.24.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.20.0...0.24.0)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-03 09:14:54 -07:00
Derek Nola 254c16fdd5
Cover edge case when on new minor release for E2E upgrade test (#10781)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-09-03 09:13:34 -07:00
Derek Nola fa6940d03d
Add trivy scanning trigger for PRs (#10758)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-08-30 09:00:50 -07:00
Harsimran Singh Maan 0b4d2497e5 Update coredns to 1.11.3 and metrics-server to 0.7.2
Used https://github.com/coredns/corefile-migration to
migrate the corefile. There are no changes for the
default file from 1.10.1 to 1.11.3.

Notable plugin changes include the k8s_external with fallthrough option
and rewrite with cname_target option.

These changes are not part of the default config that ships
with k3s. Customers using these two plugins can start using the new options

Metrics does not have any new features other than build tooling updates.

Requires https://github.com/rancher/image-mirror/pull/704

Signed-off-by: Harsimran Singh Maan <maan.harry@gmail.com>
2024-08-29 15:00:45 -07:00
Brad Davidson bd45aa5c45 Bump traefik to v2.11.8
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-08-29 14:02:58 -07:00
Hussein Galal 9a69ecd58c
Update kubernetes to v1.31.0-k3s3 (#10764)
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2024-08-29 23:56:56 +03:00
Derek Nola 85e02e10d7
Remove secrets encryption controller (#10612)
* Remove secrets encryption controller

Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-08-26 08:31:49 -07:00
Derek Nola fc2eb49e38
Fix deploy latest commit on E2E tests (#10725)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-08-26 08:22:42 -07:00
Brooks Newberry 54e3b44147
update stable channel to v1.30.4+k3s1 (#10739)
Signed-off-by: Brooks Newberry <brooks@newberry.com>
2024-08-22 18:41:54 -07:00
Brad Davidson 69910340a3 Bump runc to v1.1.13
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-08-22 15:46:28 -07:00
Brad Davidson fe3324cb84 Fix rotateca validation failures when not touching default self-signed CAs
Also silences warnings about bootstrap fields that are not intended to be handled by CA rotation

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-08-22 14:47:40 -07:00
Derek Nola c7468edbe7 Bump go dependencies to match upstream 1.31
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-08-22 14:23:34 -07:00
Derek Nola ebbb109840 Update VERSION_K8S to handle any k3s revision
Co-authored-by: Brad Davidson <brad@oatmail.org>
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-08-22 14:23:34 -07:00
Derek Nola f5c6472b16 Bump Kine to v0.12.0
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-08-22 14:23:34 -07:00
Derek Nola d358a89171 Fix secrets-encrypt metrics
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-08-22 14:23:34 -07:00
galal-hussein 178aadbe20 Add k3s-io/kubernetes tags
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2024-08-22 14:23:34 -07:00
galal-hussein 5087240e32 Downgrade Microsoft/hcsshim to v0.8.26
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2024-08-22 14:23:34 -07:00