github/k3s - k3s - https://git.xinac.net

Commit Graph

Author	SHA1	Message	Date
Brad Davidson	7f659759dd	Add certificate expiry check and warnings * Add ADR * Add `k3s certificate check` command. * Add periodic check and events when certs are about to expire. * Add metrics for certificate validity remaining, labeled by cert subject Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	8 months ago
Sean Yen	0c9bf36fe0	[K3s][Windows Port] Build script, multi-call binary, and Flannel (#7259 ) * initial windows port. Signed-off-by: Sean Yen <seanyen@microsoft.com> Signed-off-by: Derek Nola <derek.nola@suse.com> Co-authored-by: Derek Nola <derek.nola@suse.com> Co-authored-by: Wei Ran <weiran@microsoft.com>	1 year ago
Derek Nola	dface01de8	Server Token Rotation (#8265 ) * Consolidate NewCertCommands * Add support for user defined new token * Add E2E testlets Signed-off-by: Derek Nola <derek.nola@suse.com> * Ensure agent token also changes Signed-off-by: Derek Nola <derek.nola@suse.com>	1 year ago
Brad Davidson	1e38b5d904	Don't ignore assets in home dir if system assets exist Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	1 year ago
Derek Nola	42c2ac95e2	CLI + Backend for Secrets Encryption v3 Signed-off-by: Derek Nola <derek.nola@suse.com>	1 year ago
Brad Davidson	5348b5e696	Improve error message when CLI wrapper Exec fails Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2 years ago
Derek Nola	944f811dc5	v1.27.1 CLI Deprecation (#7311 ) * Remove Flannel Wireguard * Remove etcd-snapshot (implicit save) * Convert ipsec and multiple backend to fatal Signed-off-by: Derek Nola <derek.nola@suse.com>	2 years ago
Derek Nola	f2bde63eea	Kubernetes v1.27.1 (#7271 ) * Bump go version to 1.20.3 to match upstream * Bump cri-dockerd * Bump golanci-lint * go generate * Bump selinux in cgroup test * Bump to v1.27.1 tags * Release documentation improvements * Only run upgrade e2e test on PR Signed-off-by: Derek Nola <derek.nola@suse.com> Signed-off-by: Brad Davidson <brad.davidson@rancher.com> Co-authored-by: Brad Davidson <brad.davidson@rancher.com>	2 years ago
Brad Davidson	373df1c8b0	Add support for `k3s token` command Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2 years ago
Brad Davidson	215fb157ff	Add `certificate rotate-ca` to write updated CA certs to datastore This command must be run on a server while the service is running. After this command completes, all the servers in the cluster should be restarted to load the new CA files. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2 years ago
Derek Nola	b5d39df929	Deprecation of `etcd-snapshot` command in v1.26 (#6575 ) * Consolidate etcd snapshot commands * Consolidate secrets encryption commands * Move etcd-snapshot to fatal error stage. Signed-off-by: Derek Nola <derek.nola@suse.com>	2 years ago
Derek Nola	0f52088cd3	Add new `prefer-bundled-bin` experimental flag (#6420 ) * initial prefer-bundled-bin ci change * Add startup testlet * Convert parsing to pflag library * Fix code validation * go mod tidy Signed-off-by: Derek Nola <derek.nola@suse.com>	2 years ago
Derek Nola	3e5561daca	Add new `k3s completion` command for shell completion (#5461 ) * Add shell completion CLI Signed-off-by: Derek Nola <derek.nola@suse.com>	3 years ago
Luther Monson	9a849b1bb7	[master] changing package to k3s-io (#4846 ) * changing package to k3s-io Signed-off-by: Luther Monson <luther.monson@gmail.com> Co-authored-by: Derek Nola <derek.nola@suse.com>	3 years ago
Brad Davidson	a7878db17f	Fix etcd-snapshot commands by making setup more consistent. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Brad Davidson	6f4217a340	Build standalone containerd Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Derek Nola	bcb662926d	Secrets-encryption rotation (#4372 ) * Regular CLI framework for encrypt commands * New secrets-encryption feature * New integration test * fixes for flaky integration test CI * Fix to bootstrap on restart of existing nodes * Consolidate event recorder Signed-off-by: Derek Nola <derek.nola@suse.com>	3 years ago
Hussein Galal	77fd3e99ec	Add cert rotation command (#4495 ) * Add cert rotation command Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * add function to check for dynamic listener file Signed-off-by: Brian Downs <brian.downs@gmail.com> * Add dynamiclistener cert rotation support Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * fixes to the cert rotation Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * fix ci tests Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * fixes to certificate rotation command Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> * more fixes Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com> Co-authored-by: Brian Downs <brian.downs@gmail.com>	3 years ago
Brad Davidson	29c8b238e5	Replace klog with non-exiting fork Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	3 years ago
Brian Downs	e8ecc00fc8	add etcd snapshot save subcommand Signed-off-by: Brian Downs <brian.downs@gmail.com>	4 years ago
Brian Downs	6ee28214fa	Add the ability to prune etcd snapshots (#3310 ) * add prune subcommand to force rentention policy enforcement	4 years ago
Brian Downs	bcd8b67db4	Add the ability to list etcd snapshots (#3303 ) * add ability to list local and s3 etcd snapshots	4 years ago
Brian Downs	e998cd110d	Add the ability to delete an etcd snapshot locally or from S3 (#3277 ) * Add the ability to delete a given set of etcd snapshots from the CLI for locally stored and S3 store snapshots.	4 years ago
Brad Davidson	6108045cb2	Fix multiple issues with CLI wrapper data-dir handling We also need to be more careful about setting the crictl.yaml path, as it doesn't have kubectl's nice behavior of checking multiple locations. It's not safe to assume that it's in the user's home data-dir just because we're not running as root. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	4 years ago
Brian Downs	13229019f8	Add ability to perform an etcd on-demand snapshot via cli (#2819 ) * add ability to perform an etcd on-demand snapshot via cli	4 years ago
JenTing Hsiao	3c7fd3d37b	Fix normal user with --rootless or --disable-agent have no permission to start Signed-off-by: JenTing Hsiao <jenting.hsiao@suse.com>	4 years ago
Chris Kim	332fd73d46	Add support for both config-file and data-dir at a global level in the self-extracting wrapper for K3s (#2594 ) * Add support for both config-file and data-dir at a global level in the self-extracting wrapper for K3s Signed-off-by: Chris Kim <oats87g@gmail.com>	4 years ago
Erik Wilson	95b895038c	Add locking and verification for data directory extraction	4 years ago
Darren Shepherd	21d21ddd4d	Add config file support independent of CLI framework Signed-off-by: Darren Shepherd <darren@rancher.com>	4 years ago
Darren Shepherd	ae5c585050	Revert "Add config file support" This reverts commit `e1dc3451bc`. Signed-off-by: Darren Shepherd <darren@rancher.com>	4 years ago
Erik Wilson	720197b9b1	Fix linting issues	4 years ago
Benoit Gaussen	7fb1797fd3	Create a "current" symlink to artifact dir in DataDir (#1786 ) * Create a current symlink to artifact dir in DataDir * Rename symlink to previous instead of current.prev... Co-authored-by: Gaussen Benoît <benoit.gaussen@orange.com>	4 years ago
Erik Wilson	e1dc3451bc	Add config file support	4 years ago
Brian Downs	58aae57e12	set environment variable and create config for crictl Signed-off-by: Brian Downs <brian.downs@gmail.com>	4 years ago
Darren Shepherd	7e59c0801e	Make program name a variable to be changed at compile time	5 years ago
Erik Wilson	a73f8b1773	Update check-config.sh for k3s	5 years ago
Erik Wilson	262a4950bf	Separate CNI plugin dependencies Because: - Current CNI plugins produces an error on Raspbian: `failed to create bridge \"cni0\": could not add \"cni0\": operation not supported"` - Dependencies for CNI plugins may interfere with containerd dependencies. This change will compile and download CNI plugins separately, and will downgrade CNI plugins to v0.7.6 for compatability with armv7.	5 years ago
Erik Wilson	999e40d6d3	Add strongswan utilities for ipsec	5 years ago
Erik Wilson	ed72856d27	Build & enable ctr with k3s server	5 years ago
galal-hussein	e2ecb672db	Use host's mount binary before packaged mount	6 years ago
Erik Wilson	1d61576e54	Fix linting issues	6 years ago
Erik Wilson	91251aadaa	Fix asset lookup of HOME directory Return the directory name if assets are located in HOME, so we can properly set the PATH for binary lookup.	6 years ago
Darren Shepherd	793ac4fb89	Add crictl	6 years ago
Darren Shepherd	93841ffbcb	Support kubectl symlink and avoid data in home dir	6 years ago
Darren Shepherd	287e0f44c9	Prepare for initial release	6 years ago
Darren Shepherd	62c62cc7b4	Continued refactoring	6 years ago

46 Commits (fe7d114c6a462bc0c372e4011e6a3dae318e74e4)