Commit Graph

1264 Commits (bbd68f3a507903442ea093ae5226a7026b307964)

Author SHA1 Message Date
Manuel Buil e82b37640a Network defaults are duplicated, remove one
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-10-02 17:21:59 +02:00
Manuel Buil f2c7117374 Take IPFamily precedence based on order
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-09-29 11:04:15 +02:00
Manuel Buil 0b23a478cf ipFamilyPolicy:PreferDualStack for coredns and metrics-server
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-09-29 10:10:43 +02:00
Brad Davidson 0e5c760625 Pass SystemdCgroup setting through to nvidia runtime options
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-09-27 13:30:26 -07:00
Edgar Lee fe18b1fce9
Add --image-service-endpoint flag (#8279)
* Add --image-service-endpoint flag

Problem:
External container runtime can be set but image service endpoint is unchanged
and also is not exposed as a flag. This is useful for using containerd
snapshotters outside of the ones that have built-in support like
stargz-snapshotter.

Solution:
Add a flag --image-service-endpoint and also default image service endpoint to
container runtime endpoint if set.

Signed-off-by: Edgar Lee <edgarhinshunlee@gmail.com>
2023-09-27 13:20:50 -07:00
Manuel Buil 2a9e8e68d5
Merge pull request #8354 from manuelbuil/vpnExtraParams
Add extraArgs to vpn provider
2023-09-27 11:34:29 +02:00
Manuel Buil 4dd45b3142
Merge pull request #8439 from manuelbuil/fixGofmt
Fix gofmt error
2023-09-26 19:14:07 +02:00
Vitor Savian b6ab24c4fd
Added error when cluster reset while using server flag
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
2023-09-26 11:00:37 -03:00
Manuel Buil 172a7f1d1a Fix gofmt error
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-09-26 11:09:03 +02:00
Brad Davidson 8705a88bf4 Clear remove annotations on cluster reset; refuse to delete last member from cluster
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-09-25 11:54:23 -07:00
Brad Davidson 002e6c43ee Reorganize Driver interface and etcd driver to avoid passing context and config into most calls
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-09-25 11:54:23 -07:00
Brad Davidson 890645924f Don't export functions not needed outside the etcd package
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-09-25 11:54:23 -07:00
Brad Davidson a3c52d60a5 Skip creating CRDs and setting up event recorder for CLI controller context
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-09-25 11:54:23 -07:00
Brad Davidson 391e61bd72 Use admin kubeconfig instead of supervisor for etcd snapshot CLI
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-09-25 11:54:23 -07:00
Brad Davidson 8c73fd670b Disable HTTP on main etcd client port
Fixes performance issue under load, ref: https://github.com/etcd-io/etcd/issues/15402 and https://github.com/kubernetes/kubernetes/pull/118460

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-09-25 08:29:57 -07:00
Manuel Buil 12459fca97 Add extraArgs to tailscale
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-09-25 17:04:50 +02:00
Manuel Buil cae8b2b626
Merge pull request #8346 from manuelbuil/interfaceLogs
Include the interface name in the error message
2023-09-25 16:50:01 +02:00
Manuel Buil 3194dc7367
Merge pull request #8284 from manuelbuil/improveFlannelLogging
Add context to flannel errors
2023-09-25 08:20:33 +02:00
Manuel Buil 8c197bdce4 Include the interface name in the error message
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-09-25 07:55:49 +02:00
Manuel Buil 8146041185
Merge pull request #8250 from manuelbuil/fixWinError
Fix error reporting
2023-09-22 18:42:54 +02:00
Johnatas 6330a5b49c
Update to v1.28.2 and go v1.20.8 (#8364)
* Update to v1.28.2

Signed-off-by: Johnatas <johnatasr@hotmail.com>

* Bump containerd and stargz versions

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

* Print message on upgrade fail

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

* Send Bad Gateway instead of Service Unavailable when tunnel dial fails

Works around new handling for Service Unavailable by apiserver aggregation added in kubernetes/kubernetes#119870

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

* Add 60 seconds to server upgrade wait to account for delays in apiserver readiness

Also change cleanup helper to ensure upgrade test doesn't pollute the
images for the rest of the tests.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

---------

Signed-off-by: Johnatas <johnatasr@hotmail.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Co-authored-by: Brad Davidson <brad.davidson@rancher.com>
2023-09-19 10:18:47 -03:00
Manuel Buil 66cb1064d1 Add context to flannel errors
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-09-07 14:09:22 +02:00
Manuel Buil d3f7632463 Fix error reporting
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-08-31 17:20:14 +02:00
Brad Davidson 0d23cfe038 Add RWMutex to address controller
Fixes race condition when address map is updated by multiple goroutines

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-08-29 20:52:37 -07:00
Brad Davidson cba9f0d142 Add new CLI flag to disable TLS SAN CN filtering
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-08-29 08:33:45 -07:00
Derek Nola 2cb7023660 Use already imported semver, bump kine
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-08-25 14:17:00 -06:00
Derek Nola f2d0c5409a Add check for support on cp nodes
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-08-25 14:17:00 -06:00
Derek Nola 51f1a5a0ab Review comments and fixes
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-08-25 14:17:00 -06:00
Derek Nola 42c2ac95e2 CLI + Backend for Secrets Encryption v3
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-08-25 14:17:00 -06:00
Derek Nola b967f92785 Replace os.Write with AtomicWrite function
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-08-25 14:17:00 -06:00
Derek Nola ced330c66a
[v1.28] CLI Removal for v1.28.0 (#8203)
* Remove deprecated flannel ipsec

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Remove multipart backend

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Fix secrets-encryption integration test flakiness

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-08-24 22:09:13 -07:00
Hussein Galal af50e1b096
Update to v1.28.0-k3s1 (#8199)
* Update to v1.28.0

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Update golang to v1.20.7

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* more changes

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* update wrangler

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* update wrangler

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix nodepassword test

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix nodepassword test

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* disable CGO before running golangci-lint

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* execlude CGO Enabled checks

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Ignore reapply change error with logging

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Update google api client

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

---------

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2023-08-23 00:09:31 +03:00
Brad Davidson 66bae3e326 Bump dynamiclistener for init deadlock fix
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-08-15 16:36:12 -07:00
Vitor Savian e83b1ba4aa
Fixed the etcd retention to delete orphaned snapshots based on the date (#8177)
* Fix retention using name instead of date

Signed-off-by: Vitor <vitor.savian@suse.com>
2023-08-14 18:48:59 -03:00
Vitor Savian c97211866a
Fix for cluster-reset backup from s3 when etcd snapshots are disabled (#8155)
* Fixed when the user disable the etcd snapshots, but want to backup from s3

Signed-off-by: Vitor <vitor.savian@suse.com>
2023-08-10 12:23:10 -03:00
Ian Cardoso e551308db8
fix for etcd-snapshot delete with --etcd-s3 flag (#8110)
k3s etcd-snapshot save --etcd-s3 ... is creating a local snapshot and uploading it to s3 while k3s etcd-snapshot delete --etcd-s3 ... was deleting the snapshot only on s3 buckets, this commit change the behavior of delete to do it locally and on s3

Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
2023-08-04 14:26:32 -03:00
Vitor Savian ca7aeed090
Etcd snapshots retention when node name changes (#8099)
Fixed the etcd retention to delete orphaned snapshots

Signed-off-by: Vitor <vitor.savian@suse.com>
2023-08-03 10:54:40 -03:00
Brad Davidson aa76942d0f Add FilterCN function to prevent SAN Stuffing
Wire up a node watch to collect addresses of server nodes, to prevent adding unauthorized SANs to the dynamiclistener cert.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-08-02 11:15:39 -07:00
Manuel Buil 8c38d1169d
Merge pull request #8077 from manuelbuil/fixTailscale
Fix tailscale bug with ip modes
2023-08-02 11:42:20 +02:00
Derek Nola 46cbbab263
Consolidate CopyFile functions (#8079)
* Consolidate CopyFile function

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Copy to File, not destination folder

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-08-01 08:55:34 -07:00
Manuel Buil 59eec78c62 Fix tailscale bug with ip modes
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-08-01 09:43:25 +02:00
Brad Davidson f21ae1d949 Make apiserver egress args conditional on egress-selector-mode
Only configure enable-aggregator-routing and egress-selector-config-file
if required by egress-selector-mode.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-07-31 13:59:41 -07:00
Simon Kirsten 546dc247a0
Add support for `{{ template "base" . }}` in etc/containerd/config.toml.tmpl (#7991)
Signed-off-by: Simon Kirsten <simonkirsten24@gmail.com>
2023-07-31 16:36:23 -04:00
Derek Nola 6d360e6473
Unit test for MustFindString (#8013)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-07-31 10:22:34 -07:00
Derek Nola be44243353
Adjust default kubeconfig file permissions (#7978)
* Adjust default kubeconfig permissions

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-07-14 15:00:27 -07:00
Derek Nola 0b18a65d4f
Revert "Warn that v1.28 will deprecate reencrypt/prepare (#7848)"
This reverts commit 4ab01f3941.

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-07-14 12:38:33 -07:00
Bartosz Lenart 34617390d0
Generation of certificates and keys for etcd gated if etcd is disabled. (#6998)
Problem:
When support for etcd was added in 3957142, generation of certificates and keys for etcd was not gated behind use of managed etcd.
Keys are generated and distributed across servers even if managed etcd is not enabled.

Solution:
Allow generation of certificates and keys only if managed etc is enabled. Check config.DisableETCD flag.

Signed-off-by: Bartossh <lenartconsulting@gmail.com>
2023-07-11 10:24:35 -07:00
Derek Nola 8405813c12
Fix rootless node password (#7887)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-07-07 09:14:49 -07:00
Denys Smirnov b9a2bf11ee Support setting control server URL for Tailscale.
This change enables the use of Headscale - open source implementation of the Tailscale control server.

Signed-off-by: Denys Smirnov <dennwc@pm.me>
2023-07-07 10:49:01 +03:00
Derek Nola 4ab01f3941
Warn that v1.28 will deprecate reencrypt/prepare (#7848)
* Warn that v1.28 will deprecate reencrypt/prepare

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-07-06 12:34:51 -07:00
Manuel Buil 6c44b06e0a
Merge pull request #7838 from manuelbuil/ipv4ipv6tailscale
Check if we are on ipv4, ipv6 or dualStack when doing tailscale
2023-07-06 11:11:26 +02:00
Manuel Buil bca0adbca8 Fix code spell check
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-07-04 13:02:06 +02:00
Manuel Buil 9c48d10eba
Merge pull request #7845 from manuelbuil/removeWinFile
Remove file_windows.go
2023-07-04 12:43:09 +02:00
Brad Davidson 7f50b40cfe Fall back to basic/bearer auth when node identity auth is rejected
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-07-03 16:20:50 -07:00
Daishan Peng ce3443ddf6 Allow k3s to customize apiServerPort on helm-controller
Signed-off-by: Daishan Peng <daishan@acorn.io>
2023-07-03 11:09:49 -07:00
LeiLei 72d50b1f7c
Add `--data-dir` to the `k3s certificate rotate-ca` cli (#7791)
Need to add a cli flag for this. Also, should probably have config file loading support for the certificate commands.

Signed-off-by: leilei.zhai <leilei.zhai@qingteng.cn>
2023-07-03 09:30:04 -07:00
Manuel Buil d593c83603 Remove file_windows.go
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-07-03 16:08:39 +02:00
Manuel Buil f21a01474d Check if we are on ipv4, ipv6 or dualStack when doing tailscale
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-07-03 10:48:59 +02:00
Vitor Savian 0809187cff
Adding cli to custom klipper helm image (#7682)
Adding cli to custom klipper helm image

Signed-off-by: Vitor Savian <vitor.savian@suse.com>
2023-06-28 15:31:58 +00:00
guoguangwu 2215870d5d chore: pkg imported more than once
Signed-off-by: guoguangwu <guoguangwu@magic-shield.com>
2023-06-26 16:58:11 -07:00
Manuel Buil 43611bb5ad Fix the error report
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-06-14 18:26:59 +02:00
Manuel Buil 268c9a7684
Merge pull request #7352 from manuelbuil/vpnintegrations-afterparental
Integrate tailscale into k3s
2023-06-09 19:02:46 +02:00
Manuel Buil 869e030bdd VPN PoC
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-06-09 12:39:33 +02:00
Derek Nola dc6c569b98
Shortcircuit commands with version or help flags (#7683)
* Shortcircuit search with help and version flag

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Keep functions seperate

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-06-07 15:57:52 -07:00
Brad Davidson e5e1a674ce Enable containerd aufs/devmapper/zfs snapshotter plugins
These were unintentionally dropped when moving containerd back into the main multicall binary

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-06-05 15:32:30 -07:00
Brad Davidson 5170bc5a04 Improve error response logging
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-06-05 15:31:04 -07:00
Brad Davidson 45d8c1a1a2 Soft-fail on node password verification if the secret cannot be created
Allows nodes to join the cluster during a webhook outage. This also
enhances auditability by creating Kubernetes events for the deferred
verification.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-06-05 15:31:04 -07:00
Derek Nola b0188f5a13
Test Coverage Reports for E2E tests (#7526)
* Move coverage writer into agent and server
* Add coverage report to E2E PR tests
* Add codecov upload to drone

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-06-05 14:15:17 -07:00
Yuxing Deng b64a226ebd Make LB image configurable when compiling k3s
It is no way we can configure the lb image because it is a const value.
It would be better that we make it variable value and we can override
the value like the `helm-controller` job image when compiling k3s/rke2

Signed-off-by: Yuxing Deng <jxfa0043379@hotmail.com>
2023-05-31 08:51:13 -07:00
Brad Davidson 64a5f58f1e Create new kubeconfig for supervisor use
Only actual admin actions should use the admin kubeconfig; everything done by the supervisor/deploy/helm controllers will now use a distinct account for audit purposes.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-30 18:15:11 -07:00
Brad Davidson 8748813a61 Use distinct clients for supervisor, deploy, and helm controllers
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-30 18:15:11 -07:00
Brad Davidson e9958cf070 Bump metrics-server to v0.6.3 and update tls-cipher-suites
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-30 17:44:06 -07:00
Brad Davidson 93279d2f59 Bump klipper-lb to v0.4.4
Fixes issue with localhost access to ServiceLB when
ExternalTrafficPolicy=Local

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-30 17:38:59 -07:00
Andrew Roffey 0485a56f33 allow coredns override extensions
Signed-off-by: Andrew Roffey <andrew@roffey.au>
2023-05-30 17:24:00 -07:00
Manuel Buil 4aafff0219 Wrap error stating that it is coming from netpol
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-05-12 19:33:25 +02:00
Brad Davidson 8f450bafe1 Bump helm-controller version for repo auth/ca support
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-10 14:57:37 -07:00
Brad Davidson 607cbf0ad6 Bump containerd to v1.7.0 and move back into multicall binary
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-10 08:34:03 -07:00
thomasferrandiz b4bc57d049
Merge pull request #7303 from thomasferrandiz/netpol-log-level
ensure that klog verbosity is set to the same level as logrus
2023-05-10 15:01:06 +02:00
Brad Davidson 239021e759 Consistently use constant-time comparison of password hashes
As per https://github.com/golang/go/issues/47001 even subtle.ConstantTimeCompare should never be used with variable-length inputs, as it will return 0 if the lengths do not match. Switch to consistently using constant-time comparisons of hashes for password checks to avoid any possible side-channel leaks that could be combined with other vectors to discover password lengths.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-09 13:54:50 -07:00
Derek Nola c6dc789e25
Add support for `-cover` + integration test code coverage (#7415)
* Add support for -cover in k3s server
* Update codecov reporting
* Sigterm in StopK3sServer
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-05-08 12:46:51 -07:00
Brad Davidson cf9ebb3259 Fail to validate server tokens that use bootstrap id/secret format
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-05 12:24:35 -07:00
Manuel Buil eb83af0de4
Merge pull request #7422 from manuelbuil/modify-utils
Migrate netutil methods into /util/net.go
2023-05-05 07:17:41 +02:00
Brad Davidson cedefeff24 Bump cni plugins to v1.2.0-k3s1
Also add bandwidth and firewall plugins. The bandwidth plugin is
automatically registered with the appropriate capability, but the
firewall plugin must be configured by the user if they want to use it.

Ref: https://www.cni.dev/plugins/current/meta/firewall/

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-04 13:58:42 -07:00
Boleyn Su a736b4b1b9
local-storage: Fix permission (#7217)
* local-storage: Fix permission

/var/lib/rancher/k3s/storage/ should be 700
/var/lib/rancher/k3s/storage/* should be 777

Fixes #2348

Signed-off-by: Boleyn Su <boleyn.su@gmail.com>

* Fix pod command field type

* Fix to int test

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Boleyn Su <boleyn.su@gmail.com>
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Brad Davidson <brad@oatmail.org>
Co-authored-by: Derek Nola <derek.nola@suse.com>
2023-05-04 10:43:54 -07:00
Manuel Buil 437ad128c7 Migrate netutil methods into /utils/net.go
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-05-04 16:49:16 +02:00
Derek Nola e1d4cff14c
Enable FindString to search dotD config files (#7323)
* Enable FindString to search dotD config files
* Address multiple arg cases

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-05-02 11:18:23 -07:00
Derek Nola d5f560360e
Handle multiple arguments with StringSlice flags (#7380)
* Add helper function for multiple arguments in stringslice

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Cleanup server setup with util function

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-05-02 09:55:48 -07:00
Brad Davidson e61fde93c1 Fix MemberList error handling and incorrect etcd-arg passthrough
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-28 22:04:30 -07:00
Brad Davidson 91afb38799 Retry cluster join on "too many learners" error
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-28 11:28:33 -07:00
Brad Davidson f1b6a3549c Fix stack log on panic
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-28 11:24:34 -07:00
Brad Davidson c44d33d29b Fix race condition in tunnel server startup
Several places in the code used a 5-second retry loop to wait on
Runtime.Core to be set. This caused a race condition where OnChange
handlers could be added after the Wrangler shared informers were already
started. When this happened, the handlers were never called because the
shared informers they relied upon were not started.

Fix that by requiring anything that waits on Runtime.Core to run from a
cluster controller startup hook that is guaranteed to be called before
the shared informers are started, instead of just firing it off in a
goroutine that retries until it is set.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-28 11:24:34 -07:00
Brad Davidson 31a6386994 Improve egress selector handling on agentless servers
Don't set up the agent tunnel authorizer on agentless servers, and warn when agentless servers won't have a way to reach in-cluster endpoints.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-28 11:24:34 -07:00
Brad Davidson 0247794aa9 go generate
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-28 11:13:47 -07:00
Brad Davidson ad41fb8c96 Create CRDs with schema
Fixes an issue where CRDs were being created without schema, allowing
resources with invalid content to be created, later stalling the
controller ListWatch event channel when the invalid resources could not
be deserialized.

This also requires moving Addon GVK tracking from a status field to
an annotation, as the GroupVersionKind type has special handling
internal to Kubernetes that prevents it from being serialized to the CRD
when schema validation is enabled.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-27 20:42:46 -07:00
Derek Nola bc5b42c279
Cleanup help messages (#7369)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-04-27 13:36:11 -07:00
Thomas Ferrandiz 66fcca66cb ensure that klog verbosity is set to the same level as logrus
by repeatedly settting it every second during k3s startup

Signed-off-by: Thomas Ferrandiz <thomas.ferrandiz@suse.com>
2023-04-24 18:08:55 +00:00
Derek Nola 944f811dc5
v1.27.1 CLI Deprecation (#7311)
* Remove Flannel Wireguard
* Remove etcd-snapshot (implicit save)
* Convert ipsec and multiple backend to fatal

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-04-19 12:02:05 -07:00
Derek Nola f2bde63eea
Kubernetes v1.27.1 (#7271)
* Bump go version to 1.20.3 to match upstream
* Bump cri-dockerd
* Bump golanci-lint
* go generate
* Bump selinux in cgroup test
* Bump to v1.27.1 tags
* Release documentation improvements
* Only run upgrade e2e test on PR

Signed-off-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Co-authored-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-18 21:48:36 -07:00
Hussein Galal 30638072c9
Update klipper lb to v0.4.2 (#7210)
* Update klipper lb to v0.4.2

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Update klipper lb to v0.4.3

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Update klipper lb to v0.4.3 in airgap list

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

---------

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2023-04-06 19:02:00 +02:00
Roberto Bonafiglia 3e3512bdae Updated kube-route version to move the iptables ACCEPT default rule at the end of the chain
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-04-06 09:55:34 +02:00