8c73fd670b
Disable HTTP on main etcd client port
...
Fixes performance issue under load, ref: https://github.com/etcd-io/etcd/issues/15402 and https://github.com/kubernetes/kubernetes/pull/118460
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
1 year ago
cae8b2b626
Merge pull request #8346 from manuelbuil/interfaceLogs
...
Include the interface name in the error message
1 year ago
3194dc7367
Merge pull request #8284 from manuelbuil/improveFlannelLogging
...
Add context to flannel errors
1 year ago
8c197bdce4
Include the interface name in the error message
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
1 year ago
8146041185
Merge pull request #8250 from manuelbuil/fixWinError
...
Fix error reporting
1 year ago
6330a5b49c
Update to v1.28.2 and go v1.20.8 ( #8364 )
...
* Update to v1.28.2
Signed-off-by: Johnatas <johnatasr@hotmail.com>
* Bump containerd and stargz versions
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Print message on upgrade fail
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Send Bad Gateway instead of Service Unavailable when tunnel dial fails
Works around new handling for Service Unavailable by apiserver aggregation added in kubernetes/kubernetes#119870
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Add 60 seconds to server upgrade wait to account for delays in apiserver readiness
Also change cleanup helper to ensure upgrade test doesn't pollute the
images for the rest of the tests.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
---------
Signed-off-by: Johnatas <johnatasr@hotmail.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Co-authored-by: Brad Davidson <brad.davidson@rancher.com>
1 year ago
66cb1064d1
Add context to flannel errors
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
1 year ago
d3f7632463
Fix error reporting
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
1 year ago
0d23cfe038
Add RWMutex to address controller
...
Fixes race condition when address map is updated by multiple goroutines
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
1 year ago
cba9f0d142
Add new CLI flag to disable TLS SAN CN filtering
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
1 year ago
2cb7023660
Use already imported semver, bump kine
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
1 year ago
f2d0c5409a
Add check for support on cp nodes
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
1 year ago
51f1a5a0ab
Review comments and fixes
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
1 year ago
42c2ac95e2
CLI + Backend for Secrets Encryption v3
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
1 year ago
b967f92785
Replace os.Write with AtomicWrite function
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
1 year ago
ced330c66a
[v1.28] CLI Removal for v1.28.0 ( #8203 )
...
* Remove deprecated flannel ipsec
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Remove multipart backend
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Fix secrets-encryption integration test flakiness
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
1 year ago
af50e1b096
Update to v1.28.0-k3s1 ( #8199 )
...
* Update to v1.28.0
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Update golang to v1.20.7
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* more changes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* update wrangler
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* update wrangler
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix nodepassword test
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix nodepassword test
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* disable CGO before running golangci-lint
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* execlude CGO Enabled checks
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Ignore reapply change error with logging
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Update google api client
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
---------
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
1 year ago
66bae3e326
Bump dynamiclistener for init deadlock fix
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
1 year ago
e83b1ba4aa
Fixed the etcd retention to delete orphaned snapshots based on the date ( #8177 )
...
* Fix retention using name instead of date
Signed-off-by: Vitor <vitor.savian@suse.com>
1 year ago
c97211866a
Fix for cluster-reset backup from s3 when etcd snapshots are disabled ( #8155 )
...
* Fixed when the user disable the etcd snapshots, but want to backup from s3
Signed-off-by: Vitor <vitor.savian@suse.com>
1 year ago
e551308db8
fix for etcd-snapshot delete with --etcd-s3 flag ( #8110 )
...
k3s etcd-snapshot save --etcd-s3 ... is creating a local snapshot and uploading it to s3 while k3s etcd-snapshot delete --etcd-s3 ... was deleting the snapshot only on s3 buckets, this commit change the behavior of delete to do it locally and on s3
Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
1 year ago
ca7aeed090
Etcd snapshots retention when node name changes ( #8099 )
...
Fixed the etcd retention to delete orphaned snapshots
Signed-off-by: Vitor <vitor.savian@suse.com>
1 year ago
aa76942d0f
Add FilterCN function to prevent SAN Stuffing
...
Wire up a node watch to collect addresses of server nodes, to prevent adding unauthorized SANs to the dynamiclistener cert.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
1 year ago
8c38d1169d
Merge pull request #8077 from manuelbuil/fixTailscale
...
Fix tailscale bug with ip modes
1 year ago
46cbbab263
Consolidate CopyFile functions ( #8079 )
...
* Consolidate CopyFile function
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Copy to File, not destination folder
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
1 year ago
59eec78c62
Fix tailscale bug with ip modes
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
1 year ago
f21ae1d949
Make apiserver egress args conditional on egress-selector-mode
...
Only configure enable-aggregator-routing and egress-selector-config-file
if required by egress-selector-mode.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
1 year ago
546dc247a0
Add support for `{{ template "base" . }}` in etc/containerd/config.toml.tmpl ( #7991 )
...
Signed-off-by: Simon Kirsten <simonkirsten24@gmail.com>
1 year ago
6d360e6473
Unit test for MustFindString ( #8013 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
1 year ago
be44243353
Adjust default kubeconfig file permissions ( #7978 )
...
* Adjust default kubeconfig permissions
Signed-off-by: Derek Nola <derek.nola@suse.com>
1 year ago
0b18a65d4f
Revert "Warn that v1.28 will deprecate reencrypt/prepare ( #7848 )"
...
This reverts commit 4ab01f3941
1 year ago
34617390d0
Generation of certificates and keys for etcd gated if etcd is disabled. ( #6998 )
...
Problem:
When support for etcd was added in 3957142
1 year ago
8405813c12
Fix rootless node password ( #7887 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
1 year ago
b9a2bf11ee
Support setting control server URL for Tailscale.
...
This change enables the use of Headscale - open source implementation of the Tailscale control server.
Signed-off-by: Denys Smirnov <dennwc@pm.me>
1 year ago
4ab01f3941
Warn that v1.28 will deprecate reencrypt/prepare ( #7848 )
...
* Warn that v1.28 will deprecate reencrypt/prepare
Signed-off-by: Derek Nola <derek.nola@suse.com>
1 year ago
6c44b06e0a
Merge pull request #7838 from manuelbuil/ipv4ipv6tailscale
...
Check if we are on ipv4, ipv6 or dualStack when doing tailscale
1 year ago
bca0adbca8
Fix code spell check
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
1 year ago
9c48d10eba
Merge pull request #7845 from manuelbuil/removeWinFile
...
Remove file_windows.go
1 year ago
7f50b40cfe
Fall back to basic/bearer auth when node identity auth is rejected
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
1 year ago
ce3443ddf6
Allow k3s to customize apiServerPort on helm-controller
...
Signed-off-by: Daishan Peng <daishan@acorn.io>
1 year ago
72d50b1f7c
Add `--data-dir` to the `k3s certificate rotate-ca` cli ( #7791 )
...
Need to add a cli flag for this. Also, should probably have config file loading support for the certificate commands.
Signed-off-by: leilei.zhai <leilei.zhai@qingteng.cn>
1 year ago
d593c83603
Remove file_windows.go
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
1 year ago
f21a01474d
Check if we are on ipv4, ipv6 or dualStack when doing tailscale
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
1 year ago
0809187cff
Adding cli to custom klipper helm image ( #7682 )
...
Adding cli to custom klipper helm image
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
1 year ago
2215870d5d
chore: pkg imported more than once
...
Signed-off-by: guoguangwu <guoguangwu@magic-shield.com>
1 year ago
43611bb5ad
Fix the error report
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
1 year ago
268c9a7684
Merge pull request #7352 from manuelbuil/vpnintegrations-afterparental
...
Integrate tailscale into k3s
1 year ago
869e030bdd
VPN PoC
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
1 year ago
dc6c569b98
Shortcircuit commands with version or help flags ( #7683 )
...
* Shortcircuit search with help and version flag
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Keep functions seperate
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
2 years ago
e5e1a674ce
Enable containerd aufs/devmapper/zfs snapshotter plugins
...
These were unintentionally dropped when moving containerd back into the main multicall binary
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
Brad Davidson