* local-storage: Fix permission
/var/lib/rancher/k3s/storage/ should be 700
/var/lib/rancher/k3s/storage/* should be 777
Fixes#2348
Signed-off-by: Boleyn Su <boleyn.su@gmail.com>
* Fix pod command field type
* Fix to int test
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Boleyn Su <boleyn.su@gmail.com>
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Brad Davidson <brad@oatmail.org>
Co-authored-by: Derek Nola <derek.nola@suse.com>
This adds integration tests for the following flags: "--etcd-snapshot-name","--etcd-snapshot-dir","--etcd-snapshot-retention","--etcd-snapshot-schedule-cron" and "--etcd-snapshot-compress". It also refactors K3sStartServer to stop applying strings.Fields() into inputArgs, so it can accept arguments that have space in their definition.
Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
* Bump go version to 1.20.3 to match upstream
* Bump cri-dockerd
* Bump golanci-lint
* go generate
* Bump selinux in cgroup test
* Bump to v1.27.1 tags
* Release documentation improvements
* Only run upgrade e2e test on PR
Signed-off-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Co-authored-by: Brad Davidson <brad.davidson@rancher.com>
* test: add make commands and dependencies
Signed-off-by: Francisco <francisco.moral@suse.com>
* fix: fix issue on logic for using external dbs and dependencies
Signed-off-by: Francisco <francisco.moral@suse.com>
---------
Signed-off-by: Francisco <francisco.moral@suse.com>
* Include note on service keys
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Fix rotate cert ca test
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Remove periods
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add new test to nightly script
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Bump wrangler to 1.1.1
* Match golang.org/x/net with flannel version
* Match golang.org/x/sys with containerd version
* Update gax-go to 2.1.1
* Isolate terraform e2e test with seperate go.mod/go.sum
* Bump containerd
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Initial drone vagrant pipeline
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Build e2e test image
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add docker registry to E2E pipeline
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Bump libvirt image
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add ci flag to secretsencryption
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Fix vagrant log on secretsencryption
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Remove DB parallel tests
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Reduce sonobuoy tests even further
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add local build
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add cron conformance pipeline
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add string output for nodes
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Switch snapshot restore for upgrade cluster
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Fix cp
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Consolidate cluster reset and snapshot E2E tests
* Add more context to secrets-encryption test
* Reuse build workflow
* Convert updatecli to job level permissions
* Remove dweomer microos from E2E and install testing
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Improve test-pad rancher script
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Improve hardened script and added kube-bench utility script
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Apply same audits for 1.22 and older
Signed-off-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add python pip pakacge to install aws cli
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Upload build artifacts to aws s3 instead of gcp bucket
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Upload logs to aws s3 instead of google buckets
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Replace gcloud auth with aws credentials for artifact uploading to buckets
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Replace usage of google bucket with aws s3 buckets
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
* Add EncryptSecrets to Critical Control Args
* use deep comparison to extract differences
Signed-off-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: Derek Nola <derek.nola@suse.com>
Problem:
Previously all of Kubernetes' image hosting has been out of gcr.io. There were significant egress costs associated with this when images were pulled from entities outside gcp. Refer to https://github.com/kubernetes/k8s.io/wiki/New-Registry-url-for-Kubernetes-(registry.k8s.io)
Solution:
As highlighted at KubeCon NA 2022 k8s infra SIG update, the replacement for k8s.gcr.io which is registry.k8s.io is now ready for mainstream use and the old k8s.gcr.io has been formally deprecated. This commit migrates all references for k3s to registry.k8s.io.
Signed-off-by: James Blair <mail@jamesblair.net>
CA cert will never be equal to the serving-kube-apiserver cert so it seems like a copy-paste error.
Signed-off-by: Vladimir Pouzanov <farcaller@gmail.com>
* add new data-dir subtest
* Added node flag subtest
* Fix to E2E tests
* Convert existing test to new server logging
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add rancher install sript, taints to cp/etcd roles
* Revert back to generic/ubuntu2004, libvirt networking is unreliable on opensuse
* Added support for alpine
* Rancher deployment script
* Refactor installType into function
* Cleanup splitserver test
Signed-off-by: Derek Nola <derek.nola@suse.com>
* New startup integration test
* Add testing section to PR template
* Move helper functions to direct k8s client calls
Signed-off-by: Derek Nola <derek.nola@suse.com>
Also update all use of 'go get' => 'go install', update CI tooling for
1.18 compatibility, and gofmt everything so lint passes.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Bump etcd to v3.5.4-k3s1
* Fix issue with datastore corruption on cluster-reset
* Disable unnecessary components during cluster reset
Disable control-plane components and the tunnel setup during
cluster-reset, even when not doing a restore. This reduces the amount of
log clutter during cluster reset/restore, making any errors encountered
more obvious.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Simplify role in existing tests
* Update other tests to output vagrant log on failure
* go test for split server
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Removed vagrant folder
* Fix comments around E2E ENVs
* Eliminate testutil folder
* Convert flock integration test to unit test
* Point to other READMEs
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Initial mysql, postgres external db
* Convert test options to env variables
* Add explicit ETCD option and bump memory for docker node
Signed-off-by: Derek Nola <derek.nola@suse.com>
Several types contained redundant references to ControlRuntime data. Switch to consistently accessing this via config.Runtime instead.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>