Hussein Galal
f5920d7864
Add warning for multiclustercidr flag ( #8758 )
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2023-11-14 01:27:52 +02:00
Flavio Castelli
ba5fcf13fc
Wasm shims and runtimes detection
...
Create a generic helper function that finds extra containerd runtimes.
The code was originally inside of the nvidia container discovery file.
Signed-off-by: Flavio Castelli <fcastelli@suse.com>
Discover the containerd shims based on runwasi that are already
available on the node.
The runtimes could have been installed either by a package manager or by
the kwasm operator.
Signed-off-by: Flavio Castelli <fcastelli@suse.com>
The containerd configuration on a Linux system now handles the nvidia
and the WebAssembly runtimes.
Signed-off-by: Flavio Castelli <fcastelli@suse.com>
---------
Signed-off-by: Flavio Castelli <fcastelli@suse.com>
2023-11-13 14:43:41 -08:00
Vitor Savian
875a9d19c6
Added ADR for etcd status
...
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
2023-11-13 07:46:24 -08:00
Vitor Savian
c5cd7b3d65
Added etcd status condition
...
Signed-off-by: Vitor <vitor.savian@suse.com>
2023-11-13 06:39:24 -08:00
Johnatas
022c49242d
update channels latest to v1.27.7+k3s2 ( #8799 )
...
Signed-off-by: Johnatas <johnatas.santos@suse.com>
2023-11-08 22:31:42 -03:00
Brad Davidson
bbafb86e91
Don't use iptables-save/iptables-restore if it will corrupt rules
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-11-07 10:01:27 -08:00
Hussein Galal
9e13aad4a8
Update traefik to fix registry value ( #8792 )
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2023-11-06 23:37:21 +02:00
Hussein Galal
1ae053d944
Upgrade traefik chart to v25.0.0 ( #8771 )
...
* Upgrade traefik chart to v25.0.0
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* go generate
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
---------
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2023-11-03 01:55:03 +02:00
Texot
f575a05be2
fix: Access outer scope .SystemdCgroup ( #8761 )
...
Signed-off-by: Texot <tete1030@gmail.com>
2023-11-02 10:47:16 -07:00
github-actions[bot]
c7c339f0b7
chore: Bump Trivy version ( #8739 )
...
Made with ❤️ ️ by updatecli
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2023-11-01 12:31:47 -07:00
github-actions[bot]
1e99a46256
chore: Update sonobuoy image versions ( #8710 )
...
Made with ❤️ ️ by updatecli
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2023-11-01 12:30:27 -07:00
Johnatas
9377accd9e
update stable to v1.27.7+k3s1 ( #8753 )
...
Signed-off-by: Johnatas <johnatas.santos@suse.com>
2023-11-01 13:49:40 -03:00
Hussein Galal
112e1339b7
Restore selinux context systemd unit file ( #8593 )
...
* Restore context of systemd unit file
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Restore context of systemd unit file
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* update the hash of install.sh file
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
---------
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2023-10-31 22:54:09 +02:00
Brad Davidson
49411e7084
Don't try to read token hash and cluster id during cluster-reset
...
These fields are only necessary when saving snapshots to S3, and will block restoration if attempted
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-27 15:06:29 -07:00
Johnatas
6aef26e94b
Update to v1.28.3 ( #8682 )
2023-10-19 16:54:48 -07:00
Brad Davidson
5b6b9685e9
Manually requeue configmap reconcile when no nodes have reconciled snapshots
...
Silences error message from lasso - this is a normal startup condition
when no snapshots exist so we shouldn't log nasty looking errors.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-18 15:09:25 -07:00
Brad Davidson
3db1d33282
Re-enable etcd endpoint auto-sync
...
Removing this in 002e6c43ee
regressed
control-plane-only nodes, as we rely on the etcd client to update its
endpoint list internally so that we can use it to sync the load-balancer
address list.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-18 08:33:03 -07:00
Brad Davidson
b8dc95539b
Fix CloudDualStackNodeIPs feature-gate inconsistency
...
Enable the feature-gate for both kubelet and cloud-controller-manager. Enabling it on only one side breaks RKE2, where feature-gates are not shared due to running in different processes.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-17 10:40:12 -07:00
Sean Yen
0c9bf36fe0
[K3s][Windows Port] Build script, multi-call binary, and Flannel ( #7259 )
...
* initial windows port.
Signed-off-by: Sean Yen <seanyen@microsoft.com>
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Wei Ran <weiran@microsoft.com>
2023-10-16 14:53:09 -04:00
Derek Nola
aaf8409096
Use version.Program not K3s in log ( #8653 )
...
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-10-16 11:02:12 -07:00
Brad Davidson
9597ea1183
Start etcd client before ensuring self removal
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-13 23:24:16 -07:00
Brad Davidson
2291d6d079
Add etcd-only/control-plane-only server test
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-13 23:24:16 -07:00
Brad Davidson
7bb4a826af
Update kube-router package in build script
...
Package was changed in version script in bc332ac667
but we missed changing it here as well.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-13 14:42:41 -07:00
Brad Davidson
3abc8b82ed
Bump traefik, golang.org/x/net, google.golang.org/grpc
...
Fixes exposure to CVE-2023-39325
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-13 09:45:54 -07:00
Roberto Bonafiglia
1ffb4603cd
Use IPv6 in case is the first configured IP with dualstack
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-10-13 10:23:31 +02:00
dlorenc
3d25e9f66c
Switch build target from main.go to a package. ( #8342 )
...
* Switch build target from main.go to a package.
* Dont build with vcs
Signed-off-by: Dan Lorenc <dlorenc@chainguard.dev>
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Derek Nola <derek.nola@suse.com>
2023-10-12 16:20:32 -07:00
Brad Davidson
7c5b69ca1d
Fix etcd snapshot integration tests
...
Snapshot delete/prune tests were only working because the delete command
would report success even when deleting a snapshot that didn't exist,
and the test regex was finding the snapshot name multiple times in
the list output and deleting it twice.
Snapshot restore tests seem to have expected the deployment to be rolled out
immediately, which is not a reasonable expectation.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
d885162967
Add server token hash to CR and S3
...
This required pulling the token hash stuff out of the cluster package, into util.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
550ab36ab7
Switch to managing ETCDSnapshotFile resources
...
Reconcile snapshot CRs instead of ConfigMap; manage ConfigMap downstream from CR list
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
5cd4f69bfa
Move snapshot delete into local/s3 functions
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
a15b804e00
Sort snapshots by time and key in tabwriter output
...
Fixes snapshot list coming out in non-deterministic order
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
7464007037
Store extra metadata and cluster ID for snapshots
...
Write the extra metadata both locally and to S3. These files are placed such that they will not be used by older versions of K3s that do not make use of them.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
80f909d0ca
Move s3 snapshot list functionality to s3.go
...
Also, don't list ONLY s3 snapshots if S3 is enabled.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
8d47645312
Consistently set snapshotFile timestamp
...
Attempt to use timestamp from creation or filename instead of file/object modification times
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
f1afe153a3
Tidy s3 upload functions
...
Consistently refer to object keys as such, simplify error handling.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
2b0e2e8ada
Elide old snapshot data when apiserver rejects configmap with ErrRequestEntityTooLarge
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
676b00aa0e
Move etcd snapshot code into separate file
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
500744bb94
Add new CRD for etcd snapshots
...
Also adds a hack go script to print the embedded CRDs, for developer use.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
64107b54e4
Minor updates as per design review discussion
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
22065affa2
Add ADR for etcd snapshot CRD migration
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
9bb1ce1253
Bump busybox to v1.36.1
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:00:45 -07:00
Brad Davidson
5fe4f6709a
Bump containerd to v1.7.7-k3s1
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 14:46:26 -07:00
Derek Nola
7d38b4a3db
E2E Domain Drone Cleanup ( #8579 )
...
* Cleanup inactive vm domains
* Have e2e depend on amd64 pipeline
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-10-10 09:54:51 -07:00
Derek Nola
dface01de8
Server Token Rotation ( #8265 )
...
* Consolidate NewCertCommands
* Add support for user defined new token
* Add E2E testlets
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Ensure agent token also changes
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-10-09 10:58:49 -07:00
Roberto Bonafiglia
ced25af5b1
Fixed tailscale node IP dualstack mode in case of IPv4 only node
...
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-10-09 15:17:33 +02:00
Johnatas
ba750e28b7
[v1.28] System agent push tags fix ( #8568 )
...
* change script and drone
Signed-off-by: Johnatas <johnatasr@hotmail.com>
* adjust secret
Signed-off-by: Johnatas <johnatasr@hotmail.com>
---------
Signed-off-by: Johnatas <johnatasr@hotmail.com>
2023-10-06 16:33:48 -03:00
Manuel Buil
a5485a5067
Merge pull request #8566 from manuelbuil/updateInstall.shSHA
...
Update install.sh.sha256sum
2023-10-06 17:36:11 +02:00
Manuel Buil
e33359d375
Update install.sh.sha256sum
...
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-10-06 15:31:37 +02:00
Manuel Buil
1c65568fa4
Merge pull request #8523 from manuelbuil/RemoveNetworkDefaults
...
Network defaults are duplicated, remove one
2023-10-04 08:21:55 +02:00
Hussein Galal
a6acdd0d75
Fix slemicro check for selinux ( #8526 )
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2023-10-04 00:40:35 +03:00