* Add el9 to the install script
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add rocky-9 install test to test el9 selinux
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add rocky-9 install test to test el9 selinux to workflow
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Use el8 for fedora 37
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add a warning to reboot in coreos systems
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* remove k3s-selinux module in case of upgrade in el9
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Check for available container-selinux and k3s-selinux
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* extend selinux upgrade to sle distros
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* create /var/lib/rpm-state in sle systems
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* nit fix
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
---------
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
Fix regression in legacy API prefix, until upstream pulls in support for MergePathStrategy from https://github.com/emicklei/go-restful/pull/523
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
As per https://github.com/golang/go/issues/47001 even subtle.ConstantTimeCompare should never be used with variable-length inputs, as it will return 0 if the lengths do not match. Switch to consistently using constant-time comparisons of hashes for password checks to avoid any possible side-channel leaks that could be combined with other vectors to discover password lengths.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
This commit adds SearchK3sLog function to find specific strings in integration tests log file and also removes FindStringInCmdAsync function since it was not being used.
Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
Also add bandwidth and firewall plugins. The bandwidth plugin is
automatically registered with the appropriate capability, but the
firewall plugin must be configured by the user if they want to use it.
Ref: https://www.cni.dev/plugins/current/meta/firewall/
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* local-storage: Fix permission
/var/lib/rancher/k3s/storage/ should be 700
/var/lib/rancher/k3s/storage/* should be 777
Fixes#2348
Signed-off-by: Boleyn Su <boleyn.su@gmail.com>
* Fix pod command field type
* Fix to int test
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Boleyn Su <boleyn.su@gmail.com>
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Brad Davidson <brad@oatmail.org>
Co-authored-by: Derek Nola <derek.nola@suse.com>
* Add helper function for multiple arguments in stringslice
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Cleanup server setup with util function
Signed-off-by: Derek Nola <derek.nola@suse.com>
Several places in the code used a 5-second retry loop to wait on
Runtime.Core to be set. This caused a race condition where OnChange
handlers could be added after the Wrangler shared informers were already
started. When this happened, the handlers were never called because the
shared informers they relied upon were not started.
Fix that by requiring anything that waits on Runtime.Core to run from a
cluster controller startup hook that is guaranteed to be called before
the shared informers are started, instead of just firing it off in a
goroutine that retries until it is set.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Don't set up the agent tunnel authorizer on agentless servers, and warn when agentless servers won't have a way to reach in-cluster endpoints.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
This adds integration tests for the following flags: "--etcd-snapshot-name","--etcd-snapshot-dir","--etcd-snapshot-retention","--etcd-snapshot-schedule-cron" and "--etcd-snapshot-compress". It also refactors K3sStartServer to stop applying strings.Fields() into inputArgs, so it can accept arguments that have space in their definition.
Signed-off-by: Ian Cardoso <osodracnai@gmail.com>
* Bump runc
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Bump to containerd, recombine build and go.mod version
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
Fixes an issue where CRDs were being created without schema, allowing
resources with invalid content to be created, later stalling the
controller ListWatch event channel when the invalid resources could not
be deserialized.
This also requires moving Addon GVK tracking from a status field to
an annotation, as the GroupVersionKind type has special handling
internal to Kubernetes that prevents it from being serialized to the CRD
when schema validation is enabled.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
