github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,819 Commits
32 Branches
881 Tags
632 MiB
Commit Graph

2819 Commits (fdd80188b023cc0bd2dd6491555ec161378b53e8)

Author SHA1 Message Date
Brad Davidson 0a2bdfdd7a Fix ServiceLB dual-stack ingress IP listing 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-21 14:13:34 -08:00
Brad Davidson 97100de8d0 Improve default umask for certs.sh 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-14 13:18:12 -08:00
Brad Davidson c3fbb30c2e Fix CACertPath stripping trailing path components 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-14 13:18:12 -08:00
Brad Davidson 4e03608119 Fix etcd member deletion 
Turns out etcd-only nodes were never running **any** of the controllers,
so allowing multiple controllers didn't really fix things.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-14 13:18:12 -08:00
Brad Davidson 14f2226b67 Allow for multiple sets of leader-elected controllers 
Addresses an issue where etcd controllers did not run on etcd-only nodes

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-10 11:35:29 -08:00
Roberto Bonafiglia e5e85b1723 Update flannel to v0.21.1 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2023-02-10 18:53:15 +01:00
Roberto Bonafiglia dda9e48dfc Updated flannel version to v0.21.0 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
 2023-02-10 18:53:15 +01:00
Paul Donohue 0ba4732c1f Fix access to hostNetwork port on NodeIP when egress-selector-mode=agent 
Signed-off-by: Paul Donohue <git@PaulSD.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-10 09:43:53 -08:00
Brad Davidson a2521856f5 Wait for server to become ready before creating token 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-10 09:33:55 -08:00
Brad Davidson d06052880e Add CI test 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit b43dd7746d)
 2023-02-10 09:33:55 -08:00
Brad Davidson af26f1816c Add ADR 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit c900089e88)
 2023-02-10 09:33:55 -08:00
Brad Davidson 33c6488bbc Ensure that node exists when using node auth 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 87f9c4ab11)
 2023-02-10 09:33:55 -08:00
Brad Davidson ade6203aad Add support for kubeadm token and client certificate auth 
Allow bootstrapping with kubeadm bootstrap token strings or existing
Kubelet certs. This allows agents to join the cluster using kubeadm
bootstrap tokens, as created with the `k3s token create` command.

When the token expires or is deleted, agents can successfully restart by
authenticating with their kubelet certificate via node authentication.
If the token is gone and the node is deleted from the cluster, node auth
will fail and they will be prevented from rejoining the cluster until
provided with a valid token.

Servers still must be bootstrapped with the static cluster token, as
they will need to know it to decrypt the bootstrap data.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 992e64993d)
 2023-02-10 09:33:55 -08:00
Brad Davidson 97c506cc65 Add support for `k3s token` command 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 373df1c8b0)
 2023-02-10 09:33:55 -08:00
Brad Davidson ced164c080 Add e2e tests for CA cert rotation 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit be7f751863)
 2023-02-10 09:33:55 -08:00
Brad Davidson af753a8700 Add basic test for custom CA certs 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 8a6404f97c)
 2023-02-10 09:33:55 -08:00
Brad Davidson 9fe00c8ecb Clarify ADR based on design review feedback 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 9b6b72941f)
 2023-02-10 09:33:55 -08:00
Brad Davidson 5eb1e7e1b9 Add ADR 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit f13768c247)
 2023-02-10 09:33:55 -08:00
Brad Davidson 5eac6f977c Add `certificate rotate-ca` to write updated CA certs to datastore 
This command must be run on a server while the service is running. After this command completes, all the servers in the cluster should be restarted to load the new CA files.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 215fb157ff)
 2023-02-10 09:33:55 -08:00
Brad Davidson 03fd2f278a Add utility functions for getting kubernetes client 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 3c324335b2)
 2023-02-10 09:33:55 -08:00
Brad Davidson 4a28be3c57 Fix CA cert hash for root certs 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 58d40327b4)
 2023-02-10 09:33:55 -08:00
Brad Davidson 7fce823e82 Ensure cluster-signing CA files contain only a single CA cert 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 0919ec6755)
 2023-02-10 09:33:55 -08:00
Brad Davidson c47f12354c Add example certificate generation script 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 1ec242d816)
 2023-02-10 09:33:55 -08:00
Brad Davidson cf689d8126 go generate 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-10 07:26:50 -08:00
Brad Davidson 1ed38578c2 Check for existing resources before creating them 
Prevents errors when starting with fail-closed webhooks

Also, use panic instead of Fatalf so that the CloudControllerManager rescue can handle the error

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-10 07:26:50 -08:00
Brad Davidson 058c6e24b3 go generate 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 1c6fde9a52)
 2023-02-09 15:17:55 -08:00
Brad Davidson 1a5b77b486 Honor Service ExternalTrafficPolicy 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 369b81b45e)
 2023-02-09 15:17:55 -08:00
Brad Davidson 8ff0308247 Bump wrangler version for EndpointSlice support 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 94d1a87509)
 2023-02-09 15:17:55 -08:00
Brad Davidson ae874ea57f Use default address family when adding kubernetes service address to SAN list 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-02-09 11:51:56 -08:00
Derek Nola 4944776f88
Ignore value conflicts when reencrypting secrets (#6919) 
* Ignore conflict secrets

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-02-08 12:14:22 -08:00
Derek Nola 8fc229521a
[Release-1.25] Consolidate E2E tests (#6887) 
* Consolidate E2E tests and GH Actions (#6772)

* Consolidate cluster reset and snapshot E2E tests
* Add more context to secrets-encryption test
* Reuse build workflow
* Convert updatecli to job level permissions
* Remove dweomer microos from E2E and install testing

Signed-off-by: Derek Nola <derek.nola@suse.com>

* E2E: Consoldiate docker and prefer bundled tests into new startup test (#6851)

* Convert docker E2E to startup E2E
* Move preferedbundled into the e2e startup test

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Update nightly channel

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-02-06 14:58:32 -08:00
Derek Nola f4a75678d8
[Release-1.25] Ensure flag type consistency (#6867) 
* Standardize flag declaration

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-02-01 09:23:43 -08:00
Derek Nola 9874f95d6b
Fix cron example (#6864) 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-01-31 11:33:51 -08:00
Derek Nola 2745bd25bd
Bump vagrant boxes to fedora37 (#6858) 
* Bump to generic/fedora37
* fix epic permissions
* Disable sonobuoy on rootless

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-01-31 09:43:49 -08:00
Derek Nola be8d8bb412
Wait for cri-dockerd socket (#6853) 
* Wait for cri-dockerd socket
* Consolidate cri utility functions

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-01-31 09:43:23 -08:00
Silvio Moioli d6fa972b2c Bugfix: do not break cert-manager when pprof is enabled (#6635) 
Signed-off-by: Silvio Moioli <silvio@moioli.net>
(cherry picked from commit 23c1040adb)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-26 17:36:12 -08:00
Brad Davidson 4c17994391 Set cri-dockerd version at build time 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-26 14:33:04 -08:00
Brad Davidson ab9c5f9577 Bump cri-dockerd 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-26 14:33:04 -08:00
Brad Davidson 6344590447 Add jitter to scheduled snapshots and retry harder on conflicts 
Also ensure that the snapshot job does not attempt to trigger multiple concurrent runs, as this is not supported.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-26 14:31:08 -08:00
Brooks Newberry 9176e03c57
Update to v1.25.6+k3s1 (#6775) 2023-01-19 07:56:25 -08:00
Brooks Newberry 8b5cbf0629
drone correct plugins/docker tag supporting linux/arm (#6768) 2023-01-18 12:21:48 -08:00
Brad Davidson c350594f18 Fix CI tests 
* General cleanup of test-helpers functions to address CI failures
* Install awscli in test image
* Log containerd output to file even when running with --debug

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit f54b5e4fa0)
 2023-01-17 18:15:24 -08:00
github-actions[bot] 42e3390507 chore: Bump golang:alpine version (#6683) 
Made with ❤️️ by updatecli

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
(cherry picked from commit a4549cf989)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-17 18:15:24 -08:00
dependabot[bot] c7359fe537 Bump ubuntu from 20.04 to 22.04 in /tests/e2e/scripts (#6686) 
Bumps ubuntu from 20.04 to 22.04.

---
updated-dependencies:
- dependency-name: ubuntu
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit d85952d6a0)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-17 18:15:24 -08:00
dependabot[bot] 8c2147a684 Bump alpine from 3.16 to 3.17 in /conformance (#6687) 
Bumps alpine from 3.16 to 3.17.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit e53500f37f)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-17 18:15:24 -08:00
dependabot[bot] dc53acb3bc Bump alpine from 3.16 to 3.17 in /package (#6688) 
Bumps alpine from 3.16 to 3.17.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit c7151e8b61)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-17 18:15:24 -08:00
Derek Nola f95e8ffbfa
Bump download artifact to v3 (#6747) 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2023-01-17 09:40:20 -08:00
Brad Davidson 6d43d65fb6 Bump containerd to v1.6.15-k3s1 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-13 22:15:39 -08:00
Brad Davidson 45c337bb1f Pass through default tls-cipher-suites 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-13 17:17:21 -08:00
Brad Davidson de654222cb Bump containerd to v1.6.14-k3s1 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-01-04 13:16:52 -08:00