f0ce56a02b
Standardize flag declaration ( #6868 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-02-01 09:23:34 -08:00
564b825152
Fix cron example ( #6865 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-01-31 12:57:15 -08:00
8e36b16568
Bugfix: do not break cert-manager when pprof is enabled ( #6635 )
...
Signed-off-by: Silvio Moioli <silvio@moioli.net>
(cherry picked from commit 23c1040adb
2023-01-26 17:36:55 -08:00
be26a6e618
Set cri-dockerd version at build time
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-26 14:43:47 -08:00
21b1da5848
Add jitter to scheduled snapshots and retry harder on conflicts
...
Also ensure that the snapshot job does not attempt to trigger multiple concurrent runs, as this is not supported.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-26 14:31:25 -08:00
546a94e9ae
V1.24.10 k3s1 ( #6788 )
2023-01-19 18:39:14 -08:00
f7e375979f
Fix CI tests
...
* General cleanup of test-helpers functions to address CI failures
* Install awscli in test image
* Log containerd output to file even when running with --debug
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit f54b5e4fa0
2023-01-18 09:17:39 -08:00
0887800db8
Pass through default tls-cipher-suites
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-13 22:14:58 -08:00
01d519394f
Preload iptable_filter/ip6table_filter
...
ServiceLB now requires this module, but it will not get autoloaded by the kubelet if the host is using nftables.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-12-13 18:28:28 -08:00
d5ef9e1a12
Bump k3s-root and remove embedded strongswan support
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 2835368ecb
2022-12-02 00:20:37 -08:00
af9fac15ff
go generate
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 915c7719fe
2022-12-02 00:20:37 -08:00
6e8c10473d
go generate
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 1eeea5c81f
2022-12-02 00:20:37 -08:00
2531ef3b7b
Disable CCM metrics port when legacy CCM functionality is disabled
...
Prevents port conflicts on upgrade for users that have deployed other cloud controllers.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit e08a662509
2022-12-02 00:20:37 -08:00
cfa7be05cc
Bump klipper-helm and klipper-lb versions
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit a07bb555ba
2022-12-02 00:20:37 -08:00
bec4ff182f
Add `prefer-bundled-bin` as an agent flag ( #6545 )
...
* Add prefer-bundled-bin as an agent flag
* Add E2E test for prefer-bundled-bin
Signed-off-by: Derek Nola <derek.nola@suse.com>
(cherry picked from commit 614da78e43
2022-12-02 00:20:37 -08:00
15d35cad28
Remove stuff which belongs in the windows executor implementation
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
(cherry picked from commit 483e29e783
2022-12-02 00:20:37 -08:00
b5a3126757
Address nits from self-review
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 9ff0943d56
2022-12-02 00:20:37 -08:00
78917e1de6
Allow agent to run rootless
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 56bf7d6ad3
2022-12-02 00:20:37 -08:00
fd7db23961
Add rootless IPv6 support
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 6f2b21c5cd
2022-12-02 00:20:37 -08:00
f4a2be5108
Make rootless settings configurable
...
Add enivironment variables for port-driver, cidr, mtu, and disable-host-loopback settings. Since rootless is still experimental, I don't think they deserve full CLI flag status.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit c02dceb7ad
2022-12-02 00:20:37 -08:00
e7b6ad399a
go generate
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 73171ff20a
2022-12-02 00:20:37 -08:00
f457794d8e
Add new `prefer-bundled-bin` experimental flag ( #6420 )
...
* initial prefer-bundled-bin ci change
* Add startup testlet
* Convert parsing to pflag library
* Fix code validation
* go mod tidy
Signed-off-by: Derek Nola <derek.nola@suse.com>
(cherry picked from commit 0f52088cd3
2022-12-02 00:20:37 -08:00
a10c4fa6c3
Change secrets-encryption flag to GA
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-12-01 12:38:30 -08:00
a3297cc76a
Fix log for flannelExternalIP use case
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2022-11-22 16:55:51 +01:00
7eafff5548
Remove stuff which belongs in the windows executor implementation
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2022-11-18 09:46:19 +01:00
4a36c68bb5
Bump traefik chart to 19.0.4 to fix kubernetes version check
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-14 13:42:56 -08:00
c113444dac
Add Secrets Encryption to CriticalArgs ( #6409 ) ( #6446 )
...
* Add EncryptSecrets to Critical Control Args
* use deep comparison to extract differences
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-11-04 13:38:06 -07:00
8eb4bc589b
Merge pull request #6439 from thomasferrandiz/log-kube-router-1.24
...
[Release 1.24] log kube-router version when starting netpol controller
2022-11-04 15:41:57 +01:00
4b1660f1af
Merge pull request #6434 from manuelbuil/addrTypes124
...
[Release 1.24] Change the priority of address types depending on flannel-external-ip
2022-11-04 15:21:57 +01:00
4a7cbdb338
log kube-router version when starting netpol controller
...
Signed-off-by: Thomas Ferrandiz <thomas.ferrandiz@suse.com>
2022-11-04 11:00:48 +01:00
c955c78afb
Change the priority of address types depending on flannel-external-ip
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2022-11-04 09:10:03 +01:00
26083e884c
Add some helping logs to avoid wrong configs
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2022-11-04 09:04:17 +01:00
62948829ce
go generate
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-03 20:54:07 -07:00
b1c613738c
Fix incorrect defer usage
...
Problem:
Using defer inside a loop can lead to resource leaks
Solution:
Judge newer file in the separate function
Signed-off-by: iyear <ljyngup@gmail.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-03 20:54:07 -07:00
71abdec649
Bump traefik to v2.9.4 / chart v18.3.0
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-03 20:54:07 -07:00
e07917cb70
Convert containerd config.toml.tmpl Linux template to v2 syntax
...
Signed-off-by: Petri Kivikangas <36138+Kitanotori@users.noreply.github.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-03 20:54:07 -07:00
b1dfd884e2
Set default kubeletPort
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-03 20:54:07 -07:00
4e4b631b2e
Check for RBAC before starting tunnel controllers
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-03 20:54:07 -07:00
0e0d283d08
Add GVK lookup to deploy controller
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-03 20:54:07 -07:00
de32ce1776
Update helm-controller to pull in refactor
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-03 20:54:07 -07:00
8620d5033f
Bump Traefik helm chart to v18.0.0
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-03 20:54:07 -07:00
c557e421dd
Update flannel to 0.20.1
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2022-11-03 19:05:06 +01:00
7af5b16788
Add --flannel-external-ip flag
...
Using the node external IP address for all CNI traffic is a breaking change from previous versions; we should make it an opt-in for distributed clusters instead of default behavior.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-10-24 10:14:44 -07:00
e10cfb0e37
Fix RBAC to allow removal of legacy finalizer
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-10-20 16:13:27 -07:00
e3c9d859e8
Return ProviderID in URI format
...
The InstancesV1 interface handled this for us by combining the ProviderName and InstanceID values; the new interface requires us to do it manually
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-10-17 11:02:22 -07:00
e44d22ca61
Add ServiceAccount for svclb pods
...
For 1.24 and earlier, the svclb pods need a ServiceAccount so that we can allow their sysctls in PSPs
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit f25419ca2c
2022-10-14 15:52:25 -07:00
519f13e34d
[Release-1.24] Replace deprecated ioutil package ( #6235 )
...
* Replace ioutil package
* check integration test null pointer
* Remove rotate retries
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-10-07 19:03:46 -07:00
87bfc8883b
Bump traefik to 2.9.1 / chart 12.0.0
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-10-07 16:57:30 -07:00
3a829ae860
Handle custom kubelet port in agent tunnel
...
The kubelet port can be overridden by users; we shouldn't assume its always 10250
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-10-07 16:57:30 -07:00
3f5c88e4a3
Fix occasional "TLS handshake error" in apiserver network proxy.
...
We should be reading from the hijacked bufio.ReaderWriter instead of
directly from the net.Conn. There is a race condition where the
underlying http handler may consume bytes from the hijacked request
stream, if it comes in the same packet as the CONNECT header. These
bytes are left in the buffered reader, which we were not using. This was
causing us to occasionally drop a few bytes from the start of the
tunneled connection's client data stream.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-10-07 16:57:30 -07:00
Derek Nola