f686ab0b80
Use 'go list -m' instead of grep to look up versions
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-08-04 16:31:16 -07:00
67fc10bcfb
Bump kine to v0.10.2
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit fd531140e5
2023-08-04 16:31:16 -07:00
3c8a2350ef
Bump versions for containerd, runc, kine
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 23d6842f9a
2023-08-04 16:31:16 -07:00
45cac1c07e
Bump docker/docker to latest v20.10
...
Fixes issue with invalid HTTP host headers over unix sockets caused by
recent releases of golang rejecting invalid header values.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit a0da8eded3
2023-08-04 16:31:16 -07:00
ab82705c9c
Add FilterCN function to prevent SAN Stuffing
...
Wire up a node watch to collect addresses of server nodes, to prevent adding unauthorized SANs to the dynamiclistener cert.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit aa76942d0f
2023-08-04 16:31:16 -07:00
33f2e498fa
Security bump to docker/distribution ( #8047 )
...
Signed-off-by: Guilherme Macedo <guilherme@gmacedo.com>
(cherry picked from commit cc9dce5764
2023-08-04 16:31:16 -07:00
67e3613148
Make apiserver egress args conditional on egress-selector-mode
...
Only configure enable-aggregator-routing and egress-selector-config-file
if required by egress-selector-mode.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit f21ae1d949
2023-08-04 16:31:16 -07:00
5122700225
Add support for `{{ template "base" . }}` in etc/containerd/config.toml.tmpl ( #7991 )
...
Signed-off-by: Simon Kirsten <simonkirsten24@gmail.com>
(cherry picked from commit 546dc247a0
2023-08-04 16:31:16 -07:00
3b650c974d
[Release-1.24] August Test Backports ( #8128 )
...
* Unit test for MustFindString (#8013 )
* Consolidate CopyFile functions (#8079 )
* Remove unnecessary E2E envs
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-08-04 11:40:14 -07:00
3efc14ea6a
Fixed the etcd retention to delete orphaned snapshots
...
Signed-off-by: Vitor <vitor.savian@suse.com>
2023-08-04 10:33:58 -03:00
7d84f0e331
Merge pull request #8087 from manuelbuil/updatePlugins124
...
[Release 1.24] Update cni plugins version to v1.3.0
2023-08-01 10:01:58 +02:00
ea4b55dc9d
Update cni plugins version to v1.3.0
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-08-01 08:37:59 +02:00
ccae12ed8c
Update to v1.24.16 ( #8023 )
...
Signed-off-by: Johnatas <johnatasr@hotmail.com>
2023-07-20 18:56:23 -03:00
40ac54a6da
Adjust default kubeconfig file permissions ( #7985 )
...
* Adjust default kubeconfig permissions
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-07-14 22:44:16 -07:00
1bf10109cd
fix image_scan.sh script and download trivy version ( #7950 ) ( #7970 )
...
Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
(cherry picked from commit 58a8deb25d
2023-07-14 09:58:05 -03:00
807d800e1e
Don't use zgrep in `check-config` if apparmor porfile is enforced ( #7955 )
...
* Don't use zgrep if apparmor is enforced for it
* Bump e2e se timeouts for reencryption time
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-07-13 09:13:17 -07:00
b016e3d58b
Generation of certificates and keys for etcd gated if etcd is disabled. ( #7946 )
...
Problem:
When support for etcd was added in 3957142
2023-07-11 14:19:02 -07:00
98a18f9d55
Adding cli to custom klipper helm image ( #7682 )
...
Adding cli to custom klipper helm image
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
(cherry picked from commit 0809187cff
2023-07-07 16:49:57 -07:00
765a853a4c
Fall back to basic/bearer auth when node identity auth is rejected
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 7f50b40cfe
2023-07-07 14:16:50 -07:00
562f97cda7
Add `--data-dir` to the `k3s certificate rotate-ca` cli ( #7791 )
...
Need to add a cli flag for this. Also, should probably have config file loading support for the certificate commands.
Signed-off-by: leilei.zhai <leilei.zhai@qingteng.cn>
(cherry picked from commit 72d50b1f7c
2023-07-07 14:16:50 -07:00
70f82496fc
Fix rootless node password ( #7899 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-07-07 10:19:46 -07:00
062fdf2306
Merge pull request #7857 from manuelbuil/removeFileWindows124
...
[Release 1.24] Remove file_windows.go
2023-07-06 11:39:39 +02:00
3f2fda56d9
Allow k3s to customize apiServerPort on helm-controller ( #7872 )
...
Signed-off-by: Daishan Peng <daishan@acorn.io>
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Daishan Peng <daishan@acorn.io>
2023-07-05 11:57:04 -07:00
4aa8a8fc66
Remove file_windows.go
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-07-05 18:08:32 +02:00
f5597e7af1
Merge pull request #7861 from manuelbuil/fixSpell124
...
[Release 1.24] Fix code spell check
2023-07-05 18:07:54 +02:00
7180631dec
Fix code spell check
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-07-05 10:53:02 +02:00
20e246114f
Update Kubernetes to v1.24.15 ( #7785 )
...
Signed-off-by: Brooks Newberry <brooks@newberry.com>
2023-06-14 14:49:32 -07:00
362ae114f8
add format command on Makefile and remove vendor
...
This commit adds the format command to make it easier to be compliant to golangci-lint issues
Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
2023-06-14 13:34:08 -03:00
13983e35dd
Merge pull request #7759 from manuelbuil/removeLibvirtLines124
...
[Release 1.24] Remove unused libvirt config
2023-06-13 17:47:30 +02:00
d74fa4f478
Fix validatecluster e2e test
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-06-13 15:51:02 +02:00
5070ee5681
Remove useless libvirt config
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-06-13 08:19:21 +02:00
38e0baa935
Bump helm-controller to v0.15.0 for create-namespace support
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-06-12 10:53:41 -07:00
3092f625fb
Enable containerd aufs/devmapper/zfs snapshotter plugins
...
These were unintentionally dropped when moving containerd back into the main multicall binary
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit e5e1a674ce
2023-06-12 10:53:41 -07:00
39218e3fee
Improve error response logging
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 5170bc5a04
2023-06-12 10:53:41 -07:00
fb89c153a0
Soft-fail on node password verification if the secret cannot be created
...
Allows nodes to join the cluster during a webhook outage. This also
enhances auditability by creating Kubernetes events for the deferred
verification.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 45d8c1a1a2
2023-06-12 10:53:41 -07:00
ccd0168ac8
Make LB image configurable when compiling k3s
...
It is no way we can configure the lb image because it is a const value.
It would be better that we make it variable value and we can override
the value like the `helm-controller` job image when compiling k3s/rke2
Signed-off-by: Yuxing Deng <jxfa0043379@hotmail.com>
(cherry picked from commit b64a226ebd
2023-06-12 10:53:41 -07:00
81da67b9aa
chore: Bump golang:alpine version
...
Made with ❤️ ️ by updatecli
(cherry picked from commit a5928ee137
2023-06-12 10:53:41 -07:00
768de3d469
Add ADR
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 612473755d
2023-06-12 10:53:41 -07:00
49a1310951
Create new kubeconfig for supervisor use
...
Only actual admin actions should use the admin kubeconfig; everything done by the supervisor/deploy/helm controllers will now use a distinct account for audit purposes.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 64a5f58f1e
2023-06-12 10:53:41 -07:00
d11adfd33a
Use distinct clients for supervisor, deploy, and helm controllers
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 8748813a61
2023-06-12 10:53:41 -07:00
9e37a9d053
Bump metrics-server to v0.6.3 and update tls-cipher-suites
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit e9958cf070
2023-06-12 10:53:41 -07:00
56d775e5c4
Bump klipper-lb to v0.4.4
...
Fixes issue with localhost access to ServiceLB when
ExternalTrafficPolicy=Local
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 93279d2f59
2023-06-12 10:53:41 -07:00
d707fec67f
allow coredns override extensions
...
Signed-off-by: Andrew Roffey <andrew@roffey.au>
(cherry picked from commit 0485a56f33
2023-06-12 10:53:41 -07:00
d38189d042
Merge pull request #7742 from manuelbuil/revertVPN124
...
[Release 1.24] Revert "VPN integration"
2023-06-12 18:09:58 +02:00
8803ccab31
Merge pull request #7753 from manuelbuil/fixSpelling124
...
[Release 1.24] Fix spelling check
2023-06-12 18:00:14 +02:00
4e0cb88d39
Fix spelling check
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-06-12 15:45:19 +02:00
cf4bbc26c5
Revert "VPN integration"
...
This reverts commit 19f86eb080
2023-06-12 11:24:29 +02:00
71a47fb2e2
Merge pull request #7729 from manuelbuil/tailscale124
...
[Release 1.24] VPN integration
2023-06-12 11:04:44 +02:00
19f86eb080
VPN integration
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-06-12 10:19:25 +02:00
2105147ce7
Remove unnecessary daemonset addition/deletion
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-06-09 17:08:19 -07:00
Brad Davidson