github/k3s - k3s - https://git.xinac.net

Commit Graph

Author	SHA1	Message	Date
Derek Nola	85e02e10d7	Remove secrets encryption controller (#10612 ) * Remove secrets encryption controller Signed-off-by: Derek Nola <derek.nola@suse.com>	2024-08-26 08:31:49 -07:00
Derek Nola	d358a89171	Fix secrets-encrypt metrics Signed-off-by: Derek Nola <derek.nola@suse.com>	2024-08-22 14:23:34 -07:00
Will Andrews	3ec086f6f7	Update pkg/secretsencrypt/config.go Co-authored-by: Brad Davidson <brad@oatmail.org> Signed-off-by: Will Andrews <will7989@hotmail.com>	2024-07-29 16:23:17 -07:00
Will	e4f3cc7b54	remove deprecated use of wait functions Signed-off-by: Will <will7989@hotmail.com>	2024-07-29 16:23:17 -07:00
Derek Nola	59e0761043	Use higher QPS for secrets reencryption (#10571 ) * Use higher QPS for secrets reencryption Signed-off-by: Derek Nola <derek.nola@suse.com>	2024-07-26 12:07:26 -07:00
Brad Davidson	891e72f90f	Update secretsencrypt pagination Make secretsencrypt page size and iteration consistent with other paginators Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2024-07-24 12:44:29 -07:00
Hussein Galal	144f5ad333	Kubernetes V1.30.0-k3s1 (#10063 ) * kubernetes 1.30.0-k3s1 Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Update go version to v1.22.2 Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * update dynamiclistener and helm-controller Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * update go in go.mod to 1.22.2 Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * update go in Dockerfiles Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * update cri-dockerd Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Add proctitle package with linux and windows constraints Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * go mod tidy Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * Fixing setproctitle function Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * update dynamiclistener to v0.6.0-rc1 Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> --------- Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>	2024-05-06 19:42:27 +03:00
Derek Nola	fa11850563	Readd `k3s secrets-encrypt rotate-keys` with correct support for KMSv2 GA (#9340 ) * Reorder copy order for caching * Enable longer http timeout requests Signed-off-by: Derek Nola <derek.nola@suse.com> * Setup reencrypt controller to run on all apiserver nodes * Fix reencryption for disabling secrets encryption, reenable drone tests	2024-02-09 11:37:37 -08:00
Derek Nola	42c2ac95e2	CLI + Backend for Secrets Encryption v3 Signed-off-by: Derek Nola <derek.nola@suse.com>	2023-08-25 14:17:00 -06:00
Derek Nola	b967f92785	Replace os.Write with AtomicWrite function Signed-off-by: Derek Nola <derek.nola@suse.com>	2023-08-25 14:17:00 -06:00
Brad Davidson	aa76942d0f	Add FilterCN function to prevent SAN Stuffing Wire up a node watch to collect addresses of server nodes, to prevent adding unauthorized SANs to the dynamiclistener cert. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2023-08-02 11:15:39 -07:00
Derek Nola	7d49202721	Ignore value conflicts when reencrypting secrets (#6850 ) * Ignore conflict secrets Signed-off-by: Derek Nola <derek.nola@suse.com>	2023-02-07 13:58:44 -08:00
Derek Nola	06d81cb936	Replace deprecated ioutil package (#6230 ) * Replace ioutil package * check integration test null pointer * Remove rotate retries Signed-off-by: Derek Nola <derek.nola@suse.com>	2022-10-07 17:36:57 -07:00
Derek Nola	035c03cfaa	Remove codespell from Drone, add to GH Actions (#6004 ) Signed-off-by: Derek Nola <derek.nola@suse.com>	2022-08-18 09:21:56 -07:00
Derek Nola	1c17f05b8e	Fix secrets reencryption for 8K+ secrets (#5936 ) Signed-off-by: Derek Nola <derek.nola@suse.com>	2022-08-02 14:08:06 -07:00
Derek Nola	3d425e5d20	Secrets Encryption: Add RetryOnConflict around updating nodes (#5495 ) * Add RetryOnConflict around updating nodes Signed-off-by: Derek Nola <derek.nola@suse.com>	2022-04-22 16:32:10 -07:00
Brad Davidson	e811689df9	Fix etcd-only secrets encryption rotation Improve feedback when running secrets-encrypt commands on etcd-only nodes, and allow etcd-only nodes to properly restart when effecting rotation. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-03-25 10:40:58 -07:00
Brad Davidson	d25ae8fbc2	Properly attach secrets-encrypt events to the node resource Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-03-23 16:01:21 -07:00
Brad Davidson	965d0a08ef	Fix log spam due to servicelb event recorder namespace conflict Don't hardcode the event namespace when creating event recorders; some controllers want to create events in other namespaces. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-03-23 16:01:21 -07:00
Luther Monson	9a849b1bb7	[master] changing package to k3s-io (#4846 ) * changing package to k3s-io Signed-off-by: Luther Monson <luther.monson@gmail.com> Co-authored-by: Derek Nola <derek.nola@suse.com>	2022-03-02 15:47:27 -08:00
Brad Davidson	a1b800f0bf	Remove unnecessary copies of etcdconfig struct Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2022-02-28 12:05:16 -08:00
Derek Nola	bcb662926d	Secrets-encryption rotation (#4372 ) * Regular CLI framework for encrypt commands * New secrets-encryption feature * New integration test * fixes for flaky integration test CI * Fix to bootstrap on restart of existing nodes * Consolidate event recorder Signed-off-by: Derek Nola <derek.nola@suse.com>	2021-12-07 14:31:32 -08:00

22 Commits (f2f57b4a4b00ff80fdc96676f462a204150a0007)