c3d9410216
Fix error reporting
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-09-22 19:05:26 +02:00
3624e6c42c
Add 60 seconds to server upgrade wait to account for delays in apiserver readiness
...
Also change cleanup helper to ensure upgrade test doesn't pollute the
images for the rest of the tests.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-09-19 10:56:55 -07:00
622f183730
Send Bad Gateway instead of Service Unavailable when tunnel dial fails
...
Works around new handling for Service Unavailable by apiserver aggregation added in kubernetes/kubernetes#119870
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-09-19 10:56:55 -07:00
e874d1663d
Print message on upgrade fail
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-09-19 10:56:55 -07:00
1386f49ddc
Bump containerd and stargz versions
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-09-19 10:56:55 -07:00
c20a619525
Update to v1.25.14 ( #8350 )
...
Signed-off-by: Pedro Tashima <pedro.tashima@suse.com>
Co-authored-by: Pedro Tashima <pedro.tashima@suse.com>
2023-09-13 20:17:31 -03:00
8ad3cb03cb
Bump kine to v0.10.3
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-09-08 13:03:01 -07:00
8fcbc2bc85
Add RWMutex to address controller
...
Fixes race condition when address map is updated by multiple goroutines
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 0d23cfe038
2023-08-30 01:35:07 -07:00
8d84d1581e
Add new CLI flag to enable TLS SAN CN filtering
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-08-29 08:35:21 -07:00
04c1b54c6e
Fix runc version bump
...
Module version bump got dropped when backporting in 4f14d61d40
2023-08-25 12:36:57 -07:00
17411bf0c6
Update to v1.25.13 ( #8241 )
...
Signed-off-by: Pedro Tashima <pedro.tashima@suse.com>
Co-authored-by: Pedro Tashima <pedro.tashima@suse.com>
2023-08-24 22:45:06 -03:00
80e1c74a6e
Merge pull request #8223 from manuelbuil/updateFlannel125
...
[Release 1.25] Move flannel to 0.22.2
2023-08-18 12:04:50 +02:00
6277f3da43
Move flannel to 0.22.2
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-08-18 09:25:41 +02:00
393ac6293f
Bump helm-controller/klipper-helm versions
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 84ded911e9
2023-08-16 14:37:34 -07:00
4b4de04f0b
Bump dynamiclistener for init deadlock fix
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 66bae3e326
2023-08-16 14:37:34 -07:00
ce85b98858
Fixed the etcd retention to delete orphaned snapshots based on the date
...
Signed-off-by: Vitor <vitor.savian@suse.com>
2023-08-15 12:41:06 -03:00
5a2506145e
Fix for cluster-reset backup from s3 when etcd snapshots are disabled ( #8155 )
...
* Fixed when the user disable the etcd snapshots, but want to backup from s3
Signed-off-by: Vitor <vitor.savian@suse.com>
2023-08-10 16:10:23 -03:00
8e945c53e7
fix for etcd-snapshot delete with --etcd-s3 flag ( #8110 )
...
k3s etcd-snapshot save --etcd-s3 ... is creating a local snapshot and uploading it to s3 while k3s etcd-snapshot delete --etcd-s3 ... was deleting the snapshot only on s3 buckets, this commit change the behavior of delete to do it locally and on s3
Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
(cherry picked from commit e551308db8
2023-08-04 19:20:33 -07:00
5bcaa01a09
Use VERSION_K8S in tests instead of grep go.mod
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-08-04 16:08:16 -07:00
47d5eda69f
Use 'go list -m' instead of grep to look up versions
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-08-04 16:08:16 -07:00
f44629323e
Bump kine to v0.10.2
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit fd531140e5
2023-08-04 16:08:16 -07:00
4ae502b1d8
Bump versions for containerd, runc, kine
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 23d6842f9a
2023-08-04 16:08:16 -07:00
fafb693522
Bump docker/docker to latest v20.10
...
Fixes issue with invalid HTTP host headers over unix sockets caused by
recent releases of golang rejecting invalid header values.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit a0da8eded3
2023-08-04 16:08:16 -07:00
ddbe499d9a
Add FilterCN function to prevent SAN Stuffing
...
Wire up a node watch to collect addresses of server nodes, to prevent adding unauthorized SANs to the dynamiclistener cert.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit aa76942d0f
2023-08-04 16:08:16 -07:00
3dc5979147
Security bump to docker/distribution ( #8047 )
...
Signed-off-by: Guilherme Macedo <guilherme@gmacedo.com>
(cherry picked from commit cc9dce5764
2023-08-04 16:08:16 -07:00
4c6f7bfb08
Make apiserver egress args conditional on egress-selector-mode
...
Only configure enable-aggregator-routing and egress-selector-config-file
if required by egress-selector-mode.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit f21ae1d949
2023-08-04 16:08:16 -07:00
739141a79b
Add support for `{{ template "base" . }}` in etc/containerd/config.toml.tmpl ( #7991 )
...
Signed-off-by: Simon Kirsten <simonkirsten24@gmail.com>
(cherry picked from commit 546dc247a0
2023-08-04 16:08:16 -07:00
ba8cb071e7
[Release-1.25] August Test Backports ( #8127 )
...
* Unit test for MustFindString (#8013 )
* Consolidate CopyFile functions (#8079 )
* Remove unnecessary E2E envs
* Cleanup unnecessary "sudo" in commands
* Add additonal s3 coverage clause
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-08-04 11:38:23 -07:00
00df50ded1
Fixed the etcd retention to delete orphaned snapshots
...
Signed-off-by: Vitor <vitor.savian@suse.com>
2023-08-04 10:34:08 -03:00
9685f9869f
Merge pull request #8098 from manuelbuil/fixTailscale125
...
[Release 1.25] Fix tailscale bug with ip modes
2023-08-03 09:13:28 +02:00
5164dc185a
Fix tailscale bug with ip modes
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-08-02 11:43:42 +02:00
7cc896ffc7
Merge pull request #8076 from manuelbuil/updateFlannelAndPugins125
...
[Release 1.25] Update flannel and pugins
2023-08-01 08:36:33 +02:00
bef708409c
Update flannel to v0.22.1
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-07-31 11:03:44 +02:00
80aff75466
Update cni plugins version to v1.3.0
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-07-31 11:02:47 +02:00
7515237f85
Update to v1.25.12 ( #8021 )
...
Signed-off-by: Pedro Tashima <pedro.tashima@suse.com>
Co-authored-by: Pedro Tashima <pedro.tashima@suse.com>
2023-07-20 16:12:22 -03:00
f7ab577cfa
Adjust default kubeconfig file permissions ( #7984 )
...
* Adjust default kubeconfig permissions
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-07-15 08:46:08 -07:00
a9b8c87fcc
fix image_scan.sh script and download trivy version ( #7950 ) ( #7969 )
...
Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
(cherry picked from commit 58a8deb25d
2023-07-14 09:24:11 -03:00
c3eab737ad
Don't use zgrep in `check-config` if apparmor porfile is enforced ( #7954 )
...
* Don't use zgrep if apparmor is enforced for it
* Bump e2e se timeouts for reencryption time
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-07-13 09:13:29 -07:00
a268ab4058
Generation of certificates and keys for etcd gated if etcd is disabled.( #7945 )
...
Problem:
When support for etcd was added in 3957142
2023-07-11 14:18:53 -07:00
e8a4961732
Adding cli to custom klipper helm image ( #7682 )
...
Adding cli to custom klipper helm image
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
(cherry picked from commit 0809187cff
2023-07-07 16:28:16 -07:00
696a642d1d
Fall back to basic/bearer auth when node identity auth is rejected
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 7f50b40cfe
2023-07-07 14:12:02 -07:00
5e3c63718d
Add `--data-dir` to the `k3s certificate rotate-ca` cli ( #7791 )
...
Need to add a cli flag for this. Also, should probably have config file loading support for the certificate commands.
Signed-off-by: leilei.zhai <leilei.zhai@qingteng.cn>
(cherry picked from commit 72d50b1f7c
2023-07-07 14:12:02 -07:00
c850132b5f
Fix rootless node password ( #7900 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-07-07 11:03:14 -07:00
e2c35c1bc7
add e2e s3 test ( #7833 )
...
Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
(cherry picked from commit 9e334153cf
2023-07-07 11:14:23 -03:00
f22bcd4fc4
fix e2e startup flaky test ( #7839 )
...
Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
(cherry picked from commit 324f9ad4da
2023-07-07 11:14:23 -03:00
27ac011309
Merge pull request #7894 from manuelbuil/headscale125
...
[Release 1.25] Support setting control server URL for Tailscale.
2023-07-07 15:29:45 +02:00
f1a4b9f6cb
Support setting control server URL for Tailscale.
...
This change enables the use of Headscale - open source implementation of the Tailscale control server.
Signed-off-by: Denys Smirnov <dennwc@pm.me>
2023-07-07 12:31:19 +02:00
a827ad28dd
Merge pull request #7883 from manuelbuil/ip4ip6dualstack125
...
[Release 1.25] Check if we are on ipv4, ipv6 or dualStack when doing tailscale
2023-07-07 11:28:28 +02:00
647539920b
Check if we are on ipv4, ipv6 or dualStack when doing tailscale
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-07-06 11:13:11 +02:00
e1a315189b
Allow k3s to customize apiServerPort on helm-controller ( #7873 )
...
Signed-off-by: Daishan Peng <daishan@acorn.io>
Co-authored-by: Daishan Peng <daishan@acorn.io>
2023-07-05 11:56:58 -07:00
Manuel Buil