Commit Graph

3117 Commits

Author SHA1 Message Date
Hussein Galal
f5920d7864
Add warning for multiclustercidr flag (#8758)
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2023-11-14 01:27:52 +02:00
Flavio Castelli
ba5fcf13fc
Wasm shims and runtimes detection
Create a generic helper function that finds extra containerd runtimes.
The code was originally inside of the nvidia container discovery file.

Signed-off-by: Flavio Castelli <fcastelli@suse.com>

Discover the containerd shims based on runwasi that are already
available on the node.

The runtimes could have been installed either by a package manager or by
the kwasm operator.

Signed-off-by: Flavio Castelli <fcastelli@suse.com>

The containerd configuration on a Linux system now handles the nvidia
and the WebAssembly runtimes.

Signed-off-by: Flavio Castelli <fcastelli@suse.com>

---------

Signed-off-by: Flavio Castelli <fcastelli@suse.com>
2023-11-13 14:43:41 -08:00
Vitor Savian
875a9d19c6
Added ADR for etcd status
Signed-off-by: Vitor Savian <vitor.savian@suse.com>
2023-11-13 07:46:24 -08:00
Vitor Savian
c5cd7b3d65
Added etcd status condition
Signed-off-by: Vitor <vitor.savian@suse.com>
2023-11-13 06:39:24 -08:00
Johnatas
022c49242d
update channels latest to v1.27.7+k3s2 (#8799)
Signed-off-by: Johnatas <johnatas.santos@suse.com>
2023-11-08 22:31:42 -03:00
Brad Davidson
bbafb86e91 Don't use iptables-save/iptables-restore if it will corrupt rules
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-11-07 10:01:27 -08:00
Hussein Galal
9e13aad4a8
Update traefik to fix registry value (#8792)
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2023-11-06 23:37:21 +02:00
Hussein Galal
1ae053d944
Upgrade traefik chart to v25.0.0 (#8771)
* Upgrade traefik chart to v25.0.0

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* go generate

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

---------

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2023-11-03 01:55:03 +02:00
Texot
f575a05be2
fix: Access outer scope .SystemdCgroup (#8761)
Signed-off-by: Texot <tete1030@gmail.com>
2023-11-02 10:47:16 -07:00
github-actions[bot]
c7c339f0b7
chore: Bump Trivy version (#8739)
Made with ❤️️ by updatecli

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2023-11-01 12:31:47 -07:00
github-actions[bot]
1e99a46256
chore: Update sonobuoy image versions (#8710)
Made with ❤️️ by updatecli

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2023-11-01 12:30:27 -07:00
Johnatas
9377accd9e
update stable to v1.27.7+k3s1 (#8753)
Signed-off-by: Johnatas <johnatas.santos@suse.com>
2023-11-01 13:49:40 -03:00
Hussein Galal
112e1339b7
Restore selinux context systemd unit file (#8593)
* Restore context of systemd unit file

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Restore context of systemd unit file

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* update the hash of install.sh file

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

---------

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2023-10-31 22:54:09 +02:00
Brad Davidson
49411e7084 Don't try to read token hash and cluster id during cluster-reset
These fields are only necessary when saving snapshots to S3, and will block restoration if attempted

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-27 15:06:29 -07:00
Johnatas
6aef26e94b
Update to v1.28.3 (#8682) 2023-10-19 16:54:48 -07:00
Brad Davidson
5b6b9685e9 Manually requeue configmap reconcile when no nodes have reconciled snapshots
Silences error message from lasso - this is a normal startup condition
when no snapshots exist so we shouldn't log nasty looking errors.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-18 15:09:25 -07:00
Brad Davidson
3db1d33282 Re-enable etcd endpoint auto-sync
Removing this in 002e6c43ee regressed
control-plane-only nodes, as we rely on the etcd client to update its
endpoint list internally so that we can use it to sync the load-balancer
address list.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-18 08:33:03 -07:00
Brad Davidson
b8dc95539b Fix CloudDualStackNodeIPs feature-gate inconsistency
Enable the feature-gate for both kubelet and cloud-controller-manager. Enabling it on only one side breaks RKE2, where feature-gates are not shared due to running in different processes.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-17 10:40:12 -07:00
Sean Yen
0c9bf36fe0
[K3s][Windows Port] Build script, multi-call binary, and Flannel (#7259)
* initial windows port.

Signed-off-by: Sean Yen <seanyen@microsoft.com>
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Wei Ran <weiran@microsoft.com>
2023-10-16 14:53:09 -04:00
Derek Nola
aaf8409096
Use version.Program not K3s in log (#8653)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-10-16 11:02:12 -07:00
Brad Davidson
9597ea1183 Start etcd client before ensuring self removal
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-13 23:24:16 -07:00
Brad Davidson
2291d6d079 Add etcd-only/control-plane-only server test
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-13 23:24:16 -07:00
Brad Davidson
7bb4a826af Update kube-router package in build script
Package was changed in version script in bc332ac667 but we missed changing it here as well.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-13 14:42:41 -07:00
Brad Davidson
3abc8b82ed Bump traefik, golang.org/x/net, google.golang.org/grpc
Fixes exposure to CVE-2023-39325

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-13 09:45:54 -07:00
Roberto Bonafiglia
1ffb4603cd Use IPv6 in case is the first configured IP with dualstack
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-10-13 10:23:31 +02:00
dlorenc
3d25e9f66c
Switch build target from main.go to a package. (#8342)
* Switch build target from main.go to a package.
* Dont build with vcs

Signed-off-by: Dan Lorenc <dlorenc@chainguard.dev>
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Derek Nola <derek.nola@suse.com>
2023-10-12 16:20:32 -07:00
Brad Davidson
7c5b69ca1d Fix etcd snapshot integration tests
Snapshot delete/prune tests were only working because the delete command
would report success even when deleting a snapshot that didn't exist,
and the test regex was finding the snapshot name multiple times in
the list output and deleting it twice.

Snapshot restore tests seem to have expected the deployment to be rolled out
immediately, which is not a reasonable expectation.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
d885162967 Add server token hash to CR and S3
This required pulling the token hash stuff out of the cluster package, into util.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
550ab36ab7 Switch to managing ETCDSnapshotFile resources
Reconcile snapshot CRs instead of ConfigMap; manage ConfigMap downstream from CR list

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
5cd4f69bfa Move snapshot delete into local/s3 functions
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
a15b804e00 Sort snapshots by time and key in tabwriter output
Fixes snapshot list coming out in non-deterministic order

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
7464007037 Store extra metadata and cluster ID for snapshots
Write the extra metadata both locally and to S3. These files are placed such that they will not be used by older versions of K3s that do not make use of them.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
80f909d0ca Move s3 snapshot list functionality to s3.go
Also, don't list ONLY s3 snapshots if S3 is enabled.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
8d47645312 Consistently set snapshotFile timestamp
Attempt to use timestamp from creation or filename instead of file/object modification times

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
f1afe153a3 Tidy s3 upload functions
Consistently refer to object keys as such, simplify error handling.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
2b0e2e8ada Elide old snapshot data when apiserver rejects configmap with ErrRequestEntityTooLarge
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
676b00aa0e Move etcd snapshot code into separate file
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
500744bb94 Add new CRD for etcd snapshots
Also adds a hack go script to print the embedded CRDs, for developer use.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
64107b54e4 Minor updates as per design review discussion
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
22065affa2 Add ADR for etcd snapshot CRD migration
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:04:45 -07:00
Brad Davidson
9bb1ce1253 Bump busybox to v1.36.1
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 15:00:45 -07:00
Brad Davidson
5fe4f6709a Bump containerd to v1.7.7-k3s1
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-10-12 14:46:26 -07:00
Derek Nola
7d38b4a3db
E2E Domain Drone Cleanup (#8579)
* Cleanup inactive vm domains
* Have e2e depend on amd64 pipeline

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-10-10 09:54:51 -07:00
Derek Nola
dface01de8
Server Token Rotation (#8265)
* Consolidate NewCertCommands
* Add support for user defined new token
* Add E2E testlets

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Ensure agent token also changes

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-10-09 10:58:49 -07:00
Roberto Bonafiglia
ced25af5b1 Fixed tailscale node IP dualstack mode in case of IPv4 only node
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-10-09 15:17:33 +02:00
Johnatas
ba750e28b7
[v1.28] System agent push tags fix (#8568)
* change script and drone

Signed-off-by: Johnatas <johnatasr@hotmail.com>

* adjust secret

Signed-off-by: Johnatas <johnatasr@hotmail.com>

---------

Signed-off-by: Johnatas <johnatasr@hotmail.com>
2023-10-06 16:33:48 -03:00
Manuel Buil
a5485a5067
Merge pull request #8566 from manuelbuil/updateInstall.shSHA
Update install.sh.sha256sum
2023-10-06 17:36:11 +02:00
Manuel Buil
e33359d375 Update install.sh.sha256sum
Signed-off-by: Manuel Buil <mbuil@suse.com>
2023-10-06 15:31:37 +02:00
Manuel Buil
1c65568fa4
Merge pull request #8523 from manuelbuil/RemoveNetworkDefaults
Network defaults are duplicated, remove one
2023-10-04 08:21:55 +02:00
Hussein Galal
a6acdd0d75
Fix slemicro check for selinux (#8526)
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2023-10-04 00:40:35 +03:00