Brad Davidson
be7f751863
Add e2e tests for CA cert rotation
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
Brad Davidson
8a6404f97c
Add basic test for custom CA certs
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
Brad Davidson
9b6b72941f
Clarify ADR based on design review feedback
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
Brad Davidson
f13768c247
Add ADR
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
Brad Davidson
215fb157ff
Add `certificate rotate-ca` to write updated CA certs to datastore
...
This command must be run on a server while the service is running. After this command completes, all the servers in the cluster should be restarted to load the new CA files.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
Brad Davidson
3c324335b2
Add utility functions for getting kubernetes client
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
Brad Davidson
58d40327b4
Fix CA cert hash for root certs
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
Brad Davidson
0919ec6755
Ensure cluster-signing CA files contain only a single CA cert
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
Brad Davidson
1ec242d816
Add example certificate generation script
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
Felix Niederwanger
7e59376bb9
Fix check for (open)SUSE version ( #6791 )
...
Fix the check, if we're running SUSE or openSUSE in the installer
script.
Signed-off-by: phoenix <felix.niederwanger@suse.com>
2 years ago
Paulo Gomes
ee007bc7cf
Bump deps: trivy, sonobuoy, dapper ( #6807 )
...
- trivy v0.36.1
- sonobuoy v0.56.14
- golangci-lint v1.50.1
- gopls v0.11.0
- dapper v0.6.0
- golang v1.19.5
Signed-off-by: Paulo Gomes <paulo.gomes@suse.com>
2 years ago
Robert Schweikert
bb353f5d2b
Fix reference to documentation ( #6860 )
...
The documentation is no longer part of the Rancher project but can be found in
k3s-io/docs. Fix the wording an link in the contribution docs to point the
potential contributor to the proper location
Signed-off-by: Robert Schweikert <rjschwei@suse.com>
2 years ago
Derek Nola
7cad3db251
E2E: Consoldiate docker and prefer bundled tests into new startup test ( #6851 )
...
* Convert docker E2E to startup E2E
* Move preferedbundled into the e2e startup test
Signed-off-by: Derek Nola <derek.nola@suse.com>
2 years ago
Derek Nola
32086717fc
Ensure flag type consistency ( #6852 )
...
* Convert all flags to pointers for consistency
Signed-off-by: Derek Nola <derek.nola@suse.com>
2 years ago
Derek Nola
750cff561d
Bump vagrant boxes to fedora37 ( #6832 )
...
* Bump to generic/fedora37
* fix epic permissions
* Disable sonobuoy on rootless
Signed-off-by: Derek Nola <derek.nola@suse.com>
2 years ago
Akos Elek
9fcc7c0db8
Fix cronjob example ( #6707 )
...
Related PR:
https://github.com/rancher/rke2-docs/pull/38
Signed-off-by: Akos Elek <akose73@tazerve.hu>
2 years ago
Derek Nola
0d4caf4e24
Wait for cri-dockerd socket ( #6812 )
...
* Wait for cri-dockerd socket
* Consolidate cri utility functions
Signed-off-by: Derek Nola <derek.nola@suse.com>
2 years ago
Brad Davidson
1c6fde9a52
go generate
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
Brad Davidson
369b81b45e
Honor Service ExternalTrafficPolicy
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
Brad Davidson
94d1a87509
Bump wrangler version for EndpointSlice support
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
Derek Nola
86e36225f5
Consolidate E2E tests and GH Actions ( #6772 )
...
* Consolidate cluster reset and snapshot E2E tests
* Add more context to secrets-encryption test
* Reuse build workflow
* Convert updatecli to job level permissions
* Remove dweomer microos from E2E and install testing
Signed-off-by: Derek Nola <derek.nola@suse.com>
2 years ago
Hrittik Roy
808c71a63e
Add Ayedo ( #6801 )
...
Signed-off-by: Hrittik Roy <67012359+hrittikhere@users.noreply.github.com>
2 years ago
Derek Nola
75f77ab951
E2E Rancher and Hardened script improvements ( #6778 )
...
* Improve test-pad rancher script
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Improve hardened script and added kube-bench utility script
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Apply same audits for 1.22 and older
Signed-off-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: Derek Nola <derek.nola@suse.com>
2 years ago
Brooks Newberry
f0655f153e
update stable channel to v1.25.6+k3s1 ( #6828 )
2 years ago
Brad Davidson
3cb6fa5cc7
Set cri-dockerd version at build time
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
Brad Davidson
f72649d1bd
Bump cri-dockerd
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
Brad Davidson
89f7062431
Add build tag to disable cri-dockerd
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
Brooks Newberry
f10af367c3
Update to v1.26.1-k3s1 ( #6774 )
2 years ago
Brooks Newberry
f19892c2d2
drone correct plugins/docker tag supporting linux/arm ( #6769 )
2 years ago
Derek Nola
291f8bfe00
Slow dependency CI to weekly ( #6764 )
...
* Add labels to updatecli PRs
* Run weekly
Signed-off-by: Derek Nola <derek.nola@suse.com>
2 years ago
ShylajaDevadiga
2007cdd54f
generate report and upload test results ( #6737 )
...
Signed-off-by: ShylajaDevadiga <shylaja.devadiga@suse.com>
Signed-off-by: ShylajaDevadiga <shylaja.devadiga@suse.com>
Co-authored-by: ShylajaDevadiga <shylaja.devadiga@suse.com>
2 years ago
Derek Nola
7bbcac92fd
Bump download action to v3 ( #6746 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2 years ago
Nikolai Shields
d71ab6317e
Update stable to 1.25.5+k3s2 ( #6753 )
2 years ago
Brad Davidson
f54b5e4fa0
Fix CI tests
...
* General cleanup of test-helpers functions to address CI failures
* Install awscli in test image
* Log containerd output to file even when running with --debug
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
Silvio Moioli
23c1040adb
Bugfix: do not break cert-manager when pprof is enabled ( #6635 )
...
Signed-off-by: Silvio Moioli <silvio@moioli.net>
2 years ago
github-actions[bot]
a4549cf989
chore: Bump golang:alpine version ( #6683 )
...
Made with ❤️ ️ by updatecli
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2 years ago
Brad Davidson
8340b54309
Pass through default tls-cipher-suites
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
Derek Nola
cc3583399a
Add explicit permissions to workflows ( #6700 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2 years ago
dependabot[bot]
d85952d6a0
Bump ubuntu from 20.04 to 22.04 in /tests/e2e/scripts ( #6686 )
...
Bumps ubuntu from 20.04 to 22.04.
---
updated-dependencies:
- dependency-name: ubuntu
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 years ago
Derek Nola
674a05478f
Containerd restart testlet ( #6696 )
...
* Add containerd testlet to startup integration
* Fix all log dumps
* Stop server gracefully
Signed-off-by: Derek Nola <derek.nola@suse.com>
2 years ago
Brad Davidson
d78e490716
Bump containerd to v1.6.15-k3s1
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
dependabot[bot]
e53500f37f
Bump alpine from 3.16 to 3.17 in /conformance ( #6687 )
...
Bumps alpine from 3.16 to 3.17.
---
updated-dependencies:
- dependency-name: alpine
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 years ago
dependabot[bot]
c7151e8b61
Bump alpine from 3.16 to 3.17 in /package ( #6688 )
...
Bumps alpine from 3.16 to 3.17.
---
updated-dependencies:
- dependency-name: alpine
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 years ago
Chris Wayne
3cafc8e6dd
RIP Codespell ( #6701 )
...
* RIP Codespell
Signed-off-by: Chris Wayne <cwayne18@gmail.com>
2 years ago
ShylajaDevadiga
fd8481a29d
Adjust e2e test run script and fixes ( #6718 )
...
Signed-off-by: ShylajaDevadiga <shylaja.devadiga@suse.com>
2 years ago
Brad Davidson
a298bfdb18
Add jitter to scheduled snapshots and retry harder on conflicts
...
Also ensure that the snapshot job does not attempt to trigger multiple concurrent runs, as this is not supported.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
Brad Davidson
f0ec6a4c12
Exclude December r1 releases from channel server
...
Stop offering installs of these releases due to the critical containerd regression.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
Brad Davidson
bc6bebc998
Bump containerd to v1.6.14-k3s1
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2 years ago
Guilherme Macedo
454440f9a3
Add Dependabot config for security ADR ( #6560 )
...
Signed-off-by: Guilherme Macedo <guilherme.macedo@suse.com>
2 years ago
Alexey Vazhnov
870d9c32b0
Fix OpenRC init script error 'openrc-run.sh: source: not found' ( #6614 )
...
To avoid error message:
user@server ~ % /etc/init.d/k3s status
/lib/rc/sh/openrc-run.sh: 28: /etc/init.d/k3s: source: not found
/lib/rc/sh/openrc-run.sh: 29: /etc/init.d/k3s: source: not found
* status: stopped
I've replaced `source` with `sourcex`, defined in https://github.com/OpenRC/openrc/blob/master/sh/openrc-run.sh.in#L30
Classic shell `.` also works.
Tested in Devuan 5 Daedalus (based on Debian 12 bookworm / testing), package `openrc` version 0.45.2-2.
Signed-off-by: Alexey Vazhnov <vazhnov@boot-keys.org>
2 years ago