github/k3s - k3s - https://git.xinac.net

Commit Graph

Author	SHA1	Message	Date
Brad Davidson	08f1022663	Don't log 'apiserver disabled' error sent by etcd-only nodes Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2024-04-09 15:36:33 -07:00
Brad Davidson	fe465cc832	Move etcd snapshot management CLI to request/response Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2024-04-09 15:21:26 -07:00
Brad Davidson	60248c42de	Add supervisor cert/key to rotate list Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2024-04-05 10:59:17 -07:00
Brad Davidson	7f659759dd	Add certificate expiry check and warnings * Add ADR * Add `k3s certificate check` command. * Add periodic check and events when certs are about to expire. * Add metrics for certificate validity remaining, labeled by cert subject Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2024-03-28 12:05:21 -07:00
Brad Davidson	7a2a2d075c	Move error response generation code into util Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2024-03-26 15:17:15 -07:00
Brad Davidson	d885162967	Add server token hash to CR and S3 This required pulling the token hash stuff out of the cluster package, into util. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2023-10-12 15:04:45 -07:00
Manuel Buil	f2c7117374	Take IPFamily precedence based on order Signed-off-by: Manuel Buil <mbuil@suse.com>	2023-09-29 11:04:15 +02:00
Manuel Buil	8c197bdce4	Include the interface name in the error message Signed-off-by: Manuel Buil <mbuil@suse.com>	2023-09-25 07:55:49 +02:00
Derek Nola	51f1a5a0ab	Review comments and fixes Signed-off-by: Derek Nola <derek.nola@suse.com>	2023-08-25 14:17:00 -06:00
Derek Nola	b967f92785	Replace os.Write with AtomicWrite function Signed-off-by: Derek Nola <derek.nola@suse.com>	2023-08-25 14:17:00 -06:00
Brad Davidson	aa76942d0f	Add FilterCN function to prevent SAN Stuffing Wire up a node watch to collect addresses of server nodes, to prevent adding unauthorized SANs to the dynamiclistener cert. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2023-08-02 11:15:39 -07:00
Manuel Buil	6c44b06e0a	Merge pull request #7838 from manuelbuil/ipv4ipv6tailscale Check if we are on ipv4, ipv6 or dualStack when doing tailscale	2023-07-06 11:11:26 +02:00
Manuel Buil	d593c83603	Remove file_windows.go Signed-off-by: Manuel Buil <mbuil@suse.com>	2023-07-03 16:08:39 +02:00
Manuel Buil	f21a01474d	Check if we are on ipv4, ipv6 or dualStack when doing tailscale Signed-off-by: Manuel Buil <mbuil@suse.com>	2023-07-03 10:48:59 +02:00
Manuel Buil	869e030bdd	VPN PoC Signed-off-by: Manuel Buil <mbuil@suse.com>	2023-06-09 12:39:33 +02:00
Brad Davidson	8748813a61	Use distinct clients for supervisor, deploy, and helm controllers Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2023-05-30 18:15:11 -07:00
Manuel Buil	437ad128c7	Migrate netutil methods into /utils/net.go Signed-off-by: Manuel Buil <mbuil@suse.com>	2023-05-04 16:49:16 +02:00
Derek Nola	d5f560360e	Handle multiple arguments with StringSlice flags (#7380 ) * Add helper function for multiple arguments in stringslice Signed-off-by: Derek Nola <derek.nola@suse.com> * Cleanup server setup with util function Signed-off-by: Derek Nola <derek.nola@suse.com>	2023-05-02 09:55:48 -07:00
Brad Davidson	977a85559e	Add support for cross-signing new certs during ca rotation We need to send the full chain in order for cross-signing to work properly during switchover to a new root. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2023-03-13 16:56:28 -07:00
Brad Davidson	32d62c5786	Use default address family when adding kubernetes service address to SAN list Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2023-02-09 15:17:21 -08:00
Brad Davidson	3c324335b2	Add utility functions for getting kubernetes client Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2023-02-06 15:09:31 -08:00
Brad Davidson	269563e4d2	Check for RBAC before starting tunnel controllers Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-10-26 15:08:13 -07:00
Brad Davidson	f633732d80	Use structured logging instead of logrus for event recorders Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-10-04 10:26:17 -07:00
Roberto Bonafiglia	abdf0c7319	Fix comments and add check in case of IPv6 only node Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>	2022-08-04 09:54:45 +02:00
Roberto Bonafiglia	d90ba30353	Added NodeIP autodect in case of dualstack connection Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>	2022-08-04 09:54:45 +02:00
Brad Davidson	d3242bea3c	Refactor egress-selector pods mode to watch pods Watching pods appears to be the most reliable way to ensure that the proxy routes and authorizes connections. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-06-08 09:34:53 -07:00
Brad Davidson	e763fadbba	Ensure that WaitForAPIServerReady always re-dials through the loadbalancer Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-04-29 14:47:30 -07:00
Dirk Müller	fa0fa8b1d0	Update golangci-lint to 1.45.2 This requires a further set of gofmt -s improvements to the code, but nothing major. golangci-lint 1.45.2 brings golang 1.18 support which might be needed in the future. Signed-off-by: Dirk Müller <dirk@dmllr.de>	2022-04-13 14:48:42 -07:00
Brad Davidson	965d0a08ef	Fix log spam due to servicelb event recorder namespace conflict Don't hardcode the event namespace when creating event recorders; some controllers want to create events in other namespaces. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-03-23 16:01:21 -07:00
Brad Davidson	714979bf6a	Ensure that apiserver ready channel checks re-dial every time Closing idle connections isn't guaranteed to close out a pooled connection to a loadbalancer endpoint that has been removed. Instead, ensure that requests used to wait for the apiserver to become ready aren't reused. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-03-23 13:21:58 -07:00
Roberto Bonafiglia	3fabc0703b	Merge pull request #4450 from olljanat/support-ipv6-only Add partial support for IPv6 only mode	2022-03-08 11:38:52 +01:00
Brad Davidson	5014c9e0e8	Fix adding etcd-only node to existing cluster Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-02-28 19:56:08 -08:00
Olli Janatuinen	966f4d6a01	Add support for IPv6 only mode Automatically switch to IPv6 only mode if first node-ip is IPv6 address Signed-off-by: Olli Janatuinen <olli.janatuinen@gmail.com>	2022-02-10 20:34:59 +02:00
Alexey Medvedchikov	8f389ab030	Include node-external-ip in serving-kubelet.crt SANs (#4620 ) * Include node-external-ip in serving-kubelet.crt SANs Signed-off-by: Alexey Medvedchikov <alexeymedvedchikov@improbable.io>	2021-12-07 15:42:40 -08:00
Derek Nola	bcb662926d	Secrets-encryption rotation (#4372 ) * Regular CLI framework for encrypt commands * New secrets-encryption feature * New integration test * fixes for flaky integration test CI * Fix to bootstrap on restart of existing nodes * Consolidate event recorder Signed-off-by: Derek Nola <derek.nola@suse.com>	2021-12-07 14:31:32 -08:00
Brad Davidson	5ab6d21a7d	Increase agent's apiserver ready timeout (#4454 ) Since we now start the server's agent sooner and in the background, we may need to wait longer than 30 seconds for the apiserver to become ready on downstream projects such as RKE2. Since this essentially just serves as an analogue for the server's apiReady channel, there's little danger in setting it to something relatively high. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2021-11-11 14:01:49 -07:00
Brad Davidson	57377d2cd4	Minor cleanup on cribbed function Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2021-09-10 17:04:15 -07:00
Brad Davidson	3449d5b9f9	Wait for apiserver readyz instead of healthz Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2021-09-10 17:04:15 -07:00
Brad Davidson	cf12a13175	Add missing node name entry to apiserver SAN list Also honor node-ip when adding the node address to the SAN list, instead of hardcoding the autodetected IP address. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2021-09-01 13:22:32 -07:00
Manuel Buil	96dcef478a	Add functions to separate ipv4 from ipv6 functions Signed-off-by: Manuel Buil <mbuil@suse.com>	2021-08-27 10:14:39 +02:00
Brad Davidson	422d266da2	Disable deprecated insecure port Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2021-08-20 18:47:16 -07:00
Derek Nola	4cc781b5e3	Moved testing utils into tests directory. Improved gotests template. (#3805 ) * Moved testing utils into tests directory. Improved gotests template. * Updated cgroups2 with util folder rename Signed-off-by: dereknola <derek.nola@suse.com>	2021-08-10 11:13:26 -07:00
Jamie Phillips	7704fb6ee5	Exporting the AddFeatureGate function and adding a unit test for it. (#3661 )	2021-07-28 13:04:42 -07:00
Derek Nola	21c8a33647	Introduction of Integration Tests (#3695 ) * Commit of new etcd snapshot integration tests. * Updated integration github action to not run on doc changes. * Update Drone runner to only run unit tests Signed-off-by: dereknola <derek.nola@suse.com>	2021-07-26 09:59:33 -07:00
Derek Nola	c833183517	Add unit tests for pkg/etcd (#3549 ) * Created new etcd unit tests and testing support file Signed-off-by: dereknola <derek.nola@suse.com>	2021-07-01 16:08:35 -07:00
Jamie Phillips	7345ac35ae	Initial windows support for agent (#3375 ) Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>	2021-06-01 12:29:46 -07:00
Brad Davidson	2705431d96	Add support for dual-stack Pod/Service CIDRs and node IP addresses (#3212 ) * Add support for dual-stack cluster/service CIDRs and node addresses Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2021-04-21 15:56:20 -07:00
Xiao Deshi	cfe7e0c734	remove duplicated func GetAddresses refactor tunnel.go and controller.go, remove duplicated lines. Signed-off-by: Xiao Deshi <xiaods@gmail.com>	2021-03-31 14:23:05 -07:00
Knic Knic	c2db115ec3	fix formatting	2020-02-23 00:48:26 -08:00
Knic Knic	2346ccc63f	get build on windows and get api_server to work	2020-02-22 23:17:59 -08:00

50 Commits (bfc17af8bb0f92ce0d6df65ddf1efb0da57336a5)