c59820a52a
Allow LPP to read helper logs ( #9834 )
...
Signed-off-by: Thomas Anderson <127358482+zc-devs@users.noreply.github.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-04-11 12:31:54 -07:00
3f906bee79
Update packaged manifests
...
* Update traefik chart to bump image tag and fix quoting
* Fix image quoting in flat manifests
* Update local-path-provisioner config to stop using deprecated hostpath volume type
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-04-11 09:22:51 -07:00
4cc73b1fee
Actually fix agent certificate rotation
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-04-10 09:21:01 -07:00
08f1022663
Don't log 'apiserver disabled' error sent by etcd-only nodes
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-04-09 15:36:33 -07:00
7d9abc9f07
Improve etcd load-balancer startup behavior
...
Prefer the address of the etcd member being joined, and seed the full address list immediately on startup.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-04-09 15:36:33 -07:00
fe465cc832
Move etcd snapshot management CLI to request/response
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-04-09 15:21:26 -07:00
60248c42de
Add supervisor cert/key to rotate list
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-04-05 10:59:17 -07:00
9846a72e92
Bump spegel to v0.0.20-k3s1 ( #9863 )
...
* Bump spegel to v0.0.20-k3s1
* Remove deprecated libp2p Pretty function
* Remove quic-go pin
Pinned version is now out of date, indirect dependencies are now newer, with CVE issue fixed
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-04-05 08:43:19 -07:00
f2961fb5d2
Add workaround for containerd hosts.toml bug
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-04-03 20:47:54 -07:00
7f659759dd
Add certificate expiry check and warnings
...
* Add ADR
* Add `k3s certificate check` command.
* Add periodic check and events when certs are about to expire.
* Add metrics for certificate validity remaining, labeled by cert subject
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-28 12:05:21 -07:00
6a42c6fcfe
Remove old pinned dependencies ( #9806 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-03-28 10:09:48 -07:00
14f54d0b26
Transition from deprecated pointer library to ptr ( #9801 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-03-28 10:07:02 -07:00
5d69d6e782
Add tls for kine
...
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
Bump kine
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
Add integration tests for kine with tls
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
2024-03-28 11:12:07 -03:00
c51d7bfbd1
Add health-check support to loadbalancer
...
* Adds support for health-checking loadbalancer servers. If a
health-check fails when dialing, all existing connections to the
server will be closed.
* Wires up a remotedialer tunnel connectivity check as the health check
for supervisor/apiserver connections.
* Wires up a simple ping request to the supervisor port as the health
check for etcd connections.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-27 16:50:27 -07:00
edb0440017
Fix etcd snapshot reconcile for agentless nodes
...
Disable cleanup of orphaned snapshots and patching of node annotations if running agentless
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-27 16:44:36 -07:00
3f649e3bcb
Add a new error when kine is with disable apiserver or disable etcd
...
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
2024-03-27 10:59:34 -03:00
f099bfa508
Fix error when image has already been pulled
...
CRI and containerd APIs disagree about the registry names - CRI supports
index.docker.io as an alias for docker.io, while containerd does not.
Use the actual stored RepoTag to determine what image to ask containerd for.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-26 16:19:40 -07:00
65cd606832
Respect cloud-provider fields set by kubelet
...
Don't clobber the providerID field and instance-type/region/zone labels if provided by the kubelet. This allows the user to set these to the correct values when using the embedded CCM in a real cloud environment.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-26 16:18:34 -07:00
d7cdbb7d4d
Send error response if member list cannot be retrieved
...
Prevents joining nodes from being stuck with bad initial member list if there is a transient failure, or if they try to join themselves
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-26 15:17:15 -07:00
7a2a2d075c
Move error response generation code into util
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-26 15:17:15 -07:00
bba3e3c66b
Fix wildcard entry upstream fallback
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-12 23:31:16 -07:00
fe2ca9ecf1
Warn and suppress duplicate registry mirror endpoints
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-07 16:30:06 -08:00
2a091a693a
Bump metrics-server to v0.7.0
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-07 12:45:29 -08:00
88c431aea5
Adjust first node-ip based on configured clusterCIDR
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2024-03-06 11:10:41 +01:00
59c724f7a6
Fix wildcard with embbeded registry test
...
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-05 14:38:36 -08:00
64e4f0e6e7
fix: use correct wasm shims names
...
Fix the wasm shim detection and the containerd configuration generation.
Prior to this commit, the binary and the `RuntimeType` values were not
correct.
Signed-off-by: Flavio Castelli <fcastelli@suse.com>
2024-03-05 13:12:08 -08:00
091a5c8965
Don't register embedded registry address as an upstream registry
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-04 15:11:26 -08:00
b5a4846e9d
Remove filtering of wildcard mirror entry
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-04 15:11:26 -08:00
84a071a81e
Add env var to allow spegel mirroring of `latest` tag
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-04 15:11:26 -08:00
26feb25c40
Bump spegel to v0.0.18-k3s4
...
Signed-off-by: Philip Laine <philip.laine@gmail.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-04 15:11:26 -08:00
0b3593205a
Move snapshot-retention to EtcdSnapshotFlags in order to support loading from config
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-04 12:09:29 -08:00
3576ed4327
Clean up snapshotDir create/exists logic
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-04 12:09:29 -08:00
b164d7a270
Fix additional corner cases in registries handling
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-04 11:59:33 -08:00
82432a2df7
Fix issue with etcd node name missing hostname
...
* Set ServerNodeName in snapshot CLI setup
* Raise errer if ServerNodeName ends up empty some other way
* Fix status controller to use etcd node name annotation instead of prefix checking
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-01 13:52:53 -08:00
513c3416e7
Tweak netpol node wait logs
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-01 12:01:34 -08:00
be569f65a9
Fix NodeHosts on dual-stack clusters
...
* Add both dual-stack addresses to the node hosts file
* Add hostname to hosts file as alias for node name to ensure consistent resolution
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-03-01 11:59:59 -08:00
8c83b5e0f3
Rootless mode also bind service nodePort to host for LoadBalancer type
...
Signed-off-by: Edgar Lee <edgarhinshunlee@gmail.com>
2024-03-01 10:43:19 -08:00
3b4f13f28d
Update klipper-lb image version
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2024-03-01 11:28:12 +01:00
86f102134e
Fix netpol startup when flannel is disabled
...
Don't break out of the poll loop if we can't get the node, RBAC might not be ready yet.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-02-26 14:58:48 -08:00
fae41a8b2a
Rename AgentReady to ContainerRuntimeReady for better clarity
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-02-21 12:21:19 -08:00
91cc2feed2
Restore original order of agent startup functions
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2024-02-21 12:21:19 -08:00
de825845b2
Bump kine and set NotifyInterval to what the apiserver expects
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-02-09 14:22:38 -08:00
0ac4c6a056
Expose rootless containerd socket directories for external access
...
Signed-off-by: Edgar Lee <edgarhinshunlee@gmail.com>
2024-02-09 14:22:03 -08:00
14c6c63b30
Expose rootless state dir under ~/.rancher/k3s/rootless
...
Signed-off-by: Edgar Lee <edgarhinshunlee@gmail.com>
2024-02-09 14:21:52 -08:00
e3b237fc35
Don't verify the node password if the local host is not running an agent
...
Signed-off-by: Oleg Matskiv <oleg.matskiv@gmail.com>
2024-02-09 14:21:43 -08:00
fa11850563
Readd `k3s secrets-encrypt rotate-keys` with correct support for KMSv2 GA ( #9340 )
...
* Reorder copy order for caching
* Enable longer http timeout requests
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Setup reencrypt controller to run on all apiserver nodes
* Fix reencryption for disabling secrets encryption, reenable drone tests
2024-02-09 11:37:37 -08:00
cfc3a124ee
[Testing]: Test_UnitApplyContainerdQoSClassConfigFileIfPresent (Created) ( #8945 )
...
Problem:
Function not tested.
Solution:
Unit test added.
Signed-off-by: Oliver Larsson <larsson.e.oliver@gmail.com>
2024-02-09 11:28:06 -08:00
a36cc736bc
allow executors to define containerd and docker behavior
...
Signed-off-by: Harrison Affel <harrisonaffel@gmail.com>
2024-02-09 15:51:35 -03:00
753c00f30c
Consistently handle component exit on shutdown
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-02-07 10:23:54 -08:00
e9cec46a23
Runtimes refactor using exec.LookPath
...
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
2024-02-07 15:06:16 -03:00
Thomas Anderson