Commit Graph

2940 Commits (d885162967bc7c813289553e392687239ea8da8e)

Author SHA1 Message Date
Manuel Buil 268c9a7684
Merge pull request #7352 from manuelbuil/vpnintegrations-afterparental
Integrate tailscale into k3s
2023-06-09 19:02:46 +02:00
Max cc22c80e49
Add issue template for OS validation (#7695)
* Add issue template for OS validation

Signed-off-by: rancher-max <max.ross@suse.com>
2023-06-09 09:59:29 -07:00
Derek Nola efa86a63e8
Remove unnecessary daemonset addition/deletion (#7696)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-06-09 09:51:41 -07:00
Ian Cardoso 7c151d468f
add private registry e2e test (#7653)
add private registry e2e test

Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
Co-authored-by: Derek Nola <derek.nola@suse.com>
2023-06-09 10:51:21 -03:00
Manuel Buil 869e030bdd VPN PoC
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-06-09 12:39:33 +02:00
Derek Nola 1e73bb8967 Run integration tests on E2E changes, ensures correct coverage values
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-06-08 09:39:48 -07:00
Derek Nola 8f9502233a E2E: Inject gocover ENV for k3s commands
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-06-08 09:39:48 -07:00
Derek Nola 4a68fbd8e9 E2E: Use sudo for all RunCmdOnNode
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-06-08 09:39:48 -07:00
github-actions[bot] 00f3e2413f
chore: Bump Trivy version (#7672)
Made with ❤️️ by updatecli

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2023-06-07 16:22:26 -07:00
Derek Nola dc6c569b98
Shortcircuit commands with version or help flags (#7683)
* Shortcircuit search with help and version flag

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Keep functions seperate

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-06-07 15:57:52 -07:00
Derek Nola 3a8e98a3b8
Bump docker go.mod (#7681)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-06-07 15:55:29 -07:00
Brad Davidson e5e1a674ce Enable containerd aufs/devmapper/zfs snapshotter plugins
These were unintentionally dropped when moving containerd back into the main multicall binary

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-06-05 15:32:30 -07:00
Brad Davidson 5170bc5a04 Improve error response logging
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-06-05 15:31:04 -07:00
Brad Davidson 45d8c1a1a2 Soft-fail on node password verification if the secret cannot be created
Allows nodes to join the cluster during a webhook outage. This also
enhances auditability by creating Kubernetes events for the deferred
verification.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-06-05 15:31:04 -07:00
Derek Nola b0188f5a13
Test Coverage Reports for E2E tests (#7526)
* Move coverage writer into agent and server
* Add coverage report to E2E PR tests
* Add codecov upload to drone

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-06-05 14:15:17 -07:00
Andy Record afc88cec88 check variant before version to decide rpm target and packager
Signed-off-by: Andy Record <adrecord@gmail.com>
2023-06-05 13:02:28 -07:00
Hussein Galal fa0dc5900a
Use el8 rpm for fedora 38 and 39 (#7664)
* Use el8 rpm for fedora 38 and 39

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* nit fix

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

---------

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2023-06-02 01:59:26 +03:00
Ian Cardoso 7c0a7687c6 add format command on Makefile and remove vendor
This commit adds the format command to make it easier to be compliant to golangci-lint issues

Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
2023-06-01 11:06:15 -03:00
Derek Nola 9227e0bde2
Bump vagrant libvirt with fix for plugin installs (#7605)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-05-31 13:48:55 -07:00
Yuxing Deng b64a226ebd Make LB image configurable when compiling k3s
It is no way we can configure the lb image because it is a const value.
It would be better that we make it variable value and we can override
the value like the `helm-controller` job image when compiling k3s/rke2

Signed-off-by: Yuxing Deng <jxfa0043379@hotmail.com>
2023-05-31 08:51:13 -07:00
Manuel Buil f58b7bd9e2
Merge pull request #7628 from manuelbuil/updateFlannel
Update flannel version
2023-05-31 08:37:52 +02:00
github-actions[bot] a5928ee137 chore: Bump golang:alpine version
Made with ❤️️ by updatecli
2023-05-30 18:16:27 -07:00
Brad Davidson 612473755d Add ADR
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-30 18:15:11 -07:00
Brad Davidson 7b61aacb56 Fix test file list
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-30 18:15:11 -07:00
Brad Davidson 64a5f58f1e Create new kubeconfig for supervisor use
Only actual admin actions should use the admin kubeconfig; everything done by the supervisor/deploy/helm controllers will now use a distinct account for audit purposes.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-30 18:15:11 -07:00
Brad Davidson 8748813a61 Use distinct clients for supervisor, deploy, and helm controllers
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-30 18:15:11 -07:00
Brad Davidson e9958cf070 Bump metrics-server to v0.6.3 and update tls-cipher-suites
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-30 17:44:06 -07:00
Brad Davidson 93279d2f59 Bump klipper-lb to v0.4.4
Fixes issue with localhost access to ServiceLB when
ExternalTrafficPolicy=Local

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-30 17:38:59 -07:00
Andrew Roffey 0485a56f33 allow coredns override extensions
Signed-off-by: Andrew Roffey <andrew@roffey.au>
2023-05-30 17:24:00 -07:00
Brian Downs 85e10cf9d2
update channels (#7634) 2023-05-30 16:05:46 -07:00
Hussein Galal 9543470eb7
Add el9 selinux rpm (#7635)
* Add el9 to the install script

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Add rocky-9 install test to test el9 selinux

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Add rocky-9 install test to test el9 selinux to workflow

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Use el8 for fedora 37

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Add a warning to reboot in coreos systems

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* remove k3s-selinux module in case of upgrade in el9

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Check for available container-selinux and k3s-selinux

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* extend selinux upgrade to sle distros

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* create /var/lib/rpm-state in sle systems

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* nit fix

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* extend selinux upgrade to sle distros

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

---------

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2023-05-31 01:51:23 +03:00
Manuel Buil d1b0254b91 Update flannel version
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-05-30 10:41:15 +02:00
Hussein Galal 213d7ad499
Revert "Add el9 selinux rpm (#7443)" (#7608)
This reverts commit d55ec08675.

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2023-05-25 16:41:05 +03:00
Hussein Galal d55ec08675
Add el9 selinux rpm (#7443)
* Add el9 to the install script

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Add rocky-9 install test to test el9 selinux

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Add rocky-9 install test to test el9 selinux to workflow

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Use el8 for fedora 37

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Add a warning to reboot in coreos systems

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* remove k3s-selinux module in case of upgrade in el9

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Check for available container-selinux and k3s-selinux

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* extend selinux upgrade to sle distros

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* create /var/lib/rpm-state in sle systems

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* nit fix

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

---------

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2023-05-25 02:52:07 +03:00
Brad Davidson fe554fe703 Pin emicklei/go-restful to v3.9.0
Fix regression in legacy API prefix, until upstream pulls in support for MergePathStrategy from https://github.com/emicklei/go-restful/pull/523

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-23 18:01:19 -07:00
Roberto Bonafiglia 91c5e0d75a Fix iptables rules clean during upgrade
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-05-22 20:17:59 +02:00
Brian Downs d069a85fcc
Update to v1.27.2-k3s1 (#7575) 2023-05-18 10:24:04 -07:00
Manuel Buil cdcd4a9000
Merge pull request #7567 from manuelbuil/master
Add '-all' flag to apply to inactive systemd units
2023-05-17 18:48:54 +02:00
Manuel Buil 290f67c939 Add '-all' flag to apply to inactive units
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-05-17 12:24:23 +02:00
dependabot[bot] 2b24c9917c
Bump alpine from 3.17 to 3.18 in /conformance (#7551)
Bumps alpine from 3.17 to 3.18.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-15 15:14:29 -04:00
dependabot[bot] 266926693a
Bump alpine from 3.17 to 3.18 in /package (#7550)
Bumps alpine from 3.17 to 3.18.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-15 15:14:08 -04:00
Manuel Buil 10fb39ae60
Merge pull request #7539 from manuelbuil/addLogsKubeRouter
Wrap error stating that it is coming from netpol
2023-05-15 09:40:49 +02:00
Esteban Esquivel Alvarado 9bcfac8b88
Add Rotation certification Check (#7097)
* Add Certification Test to Validate Cluster

Signed-off-by: est-suse <esteban.esquivel@suse.com>

* Fix to stop/start for k3s certificate rotation

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: est-suse <esteban.esquivel@suse.com>
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: est-suse <esteban.esquivel@suse.com>
Co-authored-by: Derek Nola <derek.nola@suse.com>
2023-05-12 10:36:41 -07:00
Manuel Buil 4aafff0219 Wrap error stating that it is coming from netpol
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-05-12 19:33:25 +02:00
Brad Davidson cbe8d33c93 Bump containerd/runc to v1.7.1-k3s1/v1.1.7
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-11 13:32:38 -07:00
Brad Davidson 8f450bafe1 Bump helm-controller version for repo auth/ca support
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-10 14:57:37 -07:00
Chris Wayne 06296815e6
Adding PITS and Getdeck Beiboot as adopters thanks to Schille and Miworfi for the additions (#7524)
Signed-off-by: Chris Wayne <cwayne18@gmail.com>
2023-05-10 11:54:01 -07:00
Brad Davidson 607cbf0ad6 Bump containerd to v1.7.0 and move back into multicall binary
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-10 08:34:03 -07:00
thomasferrandiz b4bc57d049
Merge pull request #7303 from thomasferrandiz/netpol-log-level
ensure that klog verbosity is set to the same level as logrus
2023-05-10 15:01:06 +02:00
Brad Davidson 239021e759 Consistently use constant-time comparison of password hashes
As per https://github.com/golang/go/issues/47001 even subtle.ConstantTimeCompare should never be used with variable-length inputs, as it will return 0 if the lengths do not match. Switch to consistently using constant-time comparisons of hashes for password checks to avoid any possible side-channel leaks that could be combined with other vectors to discover password lengths.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-05-09 13:54:50 -07:00