Commit Graph

2738 Commits

Author SHA1 Message Date
Brad Davidson
8340b54309 Pass through default tls-cipher-suites
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-12 14:51:04 -08:00
Derek Nola
cc3583399a
Add explicit permissions to workflows (#6700)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-01-12 13:57:57 -08:00
dependabot[bot]
d85952d6a0
Bump ubuntu from 20.04 to 22.04 in /tests/e2e/scripts (#6686)
Bumps ubuntu from 20.04 to 22.04.

---
updated-dependencies:
- dependency-name: ubuntu
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-12 13:57:28 -08:00
Derek Nola
674a05478f
Containerd restart testlet (#6696)
* Add containerd testlet to startup integration
* Fix all log dumps
* Stop server gracefully

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-01-12 13:43:31 -08:00
Brad Davidson
d78e490716 Bump containerd to v1.6.15-k3s1
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-12 11:50:43 -08:00
dependabot[bot]
e53500f37f
Bump alpine from 3.16 to 3.17 in /conformance (#6687)
Bumps alpine from 3.16 to 3.17.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-12 14:32:14 -05:00
dependabot[bot]
c7151e8b61
Bump alpine from 3.16 to 3.17 in /package (#6688)
Bumps alpine from 3.16 to 3.17.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-12 14:31:56 -05:00
Chris Wayne
3cafc8e6dd
RIP Codespell (#6701)
* RIP Codespell

Signed-off-by: Chris Wayne <cwayne18@gmail.com>
2023-01-11 16:23:29 -08:00
ShylajaDevadiga
fd8481a29d
Adjust e2e test run script and fixes (#6718)
Signed-off-by: ShylajaDevadiga <shylaja.devadiga@suse.com>
2023-01-11 16:09:45 -08:00
Brad Davidson
a298bfdb18 Add jitter to scheduled snapshots and retry harder on conflicts
Also ensure that the snapshot job does not attempt to trigger multiple concurrent runs, as this is not supported.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-11 14:32:03 -08:00
Brad Davidson
f0ec6a4c12 Exclude December r1 releases from channel server
Stop offering installs of these releases due to the critical containerd regression.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-06 13:34:38 -08:00
Brad Davidson
bc6bebc998 Bump containerd to v1.6.14-k3s1
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-01-04 12:53:07 -08:00
Guilherme Macedo
454440f9a3
Add Dependabot config for security ADR (#6560)
Signed-off-by: Guilherme Macedo <guilherme.macedo@suse.com>
2023-01-03 14:01:57 -05:00
Alexey Vazhnov
870d9c32b0
Fix OpenRC init script error 'openrc-run.sh: source: not found' (#6614)
To avoid error message:

user@server ~ % /etc/init.d/k3s status
/lib/rc/sh/openrc-run.sh: 28: /etc/init.d/k3s: source: not found
/lib/rc/sh/openrc-run.sh: 29: /etc/init.d/k3s: source: not found
 * status: stopped

I've replaced `source` with `sourcex`, defined in https://github.com/OpenRC/openrc/blob/master/sh/openrc-run.sh.in#L30
Classic shell `.` also works.
Tested in Devuan 5 Daedalus (based on Debian 12 bookworm / testing), package `openrc` version 0.45.2-2.

Signed-off-by: Alexey Vazhnov <vazhnov@boot-keys.org>
2023-01-03 14:00:22 -05:00
Guilherme Macedo
97f162291a
Change Updatecli GH action reference branch (#6682)
Signed-off-by: Guilherme Macedo <guilherme.macedo@suse.com>
2023-01-03 13:26:14 -05:00
Nikolai Shields
beafd9eaff
Update stable to v1.25.5 (#6618) 2023-01-03 12:03:58 -06:00
Guilherme Macedo
8f28de259c
Add initial Updatecli ADR automation (#6583)
* Add initial Updatecli ADR automation

Signed-off-by: Guilherme Macedo <guilherme.macedo@suse.com>
2023-01-03 12:56:08 -05:00
Chris Wayne
9e97a3b4aa
Current status badges (#6653)
Signed-off-by: Chris Wayne <cwayne18@gmail.com>
2022-12-28 19:18:51 -05:00
Brad Davidson
fae8817655 Bump k3s-root version to v0.12.1
Adds support for loading compressed kernel modules

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-12-13 16:54:43 -08:00
Brad Davidson
0c9b43746b Preload iptable_filter/ip6table_filter
ServiceLB now requires this module, but it will not get autoloaded by the kubelet if the host is using nftables.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-12-13 12:51:00 -08:00
Hussein Galal
f8b661d590
Update to v1.26.0-k3s1 (#6370)
* Update to v1.26.0-alpha.2

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* go generate

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Default CURRENT_VERSION to VERSION_TAG for alpha versions

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* remove containerd package

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Update k8s to v1.26.0-rc.0-k3s1 cri-tools cri-dockerd and cadvisor

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* replace cri-api reference to the new api

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* go mod tidy

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Fix version script to allow rc and alphas

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Fix version script to allow rc and alphas

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Fix version script to allow rc and alphas

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Update to Kubernetes 1.26.0-rc.1

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

* Undo helm-controller pin

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

* Bump containerd to -k3s2 for stargz fix

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

* DevicePlugins featuregate is locked to on

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

* Bump kine for DeleteRange fix

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

* Update to v1.26.0-k3s1

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* go mod tidy

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Bring back snapshotter checks and update golang to 1.19.4

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* fix windows containerd snapshotter checks

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Co-authored-by: Brad Davidson <brad.davidson@rancher.com>
2022-12-10 01:42:15 +02:00
Derek Nola
b5d39df929
Deprecation of etcd-snapshot command in v1.26 (#6575)
* Consolidate etcd snapshot commands
* Consolidate secrets encryption commands
* Move etcd-snapshot to fatal error stage.

Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-12-05 15:28:01 -08:00
Derek Nola
d723775792
Remove deprecated flags in v1.26 (#6574)
* Remove NoFlannel
* Remove cluster-secret
* Remove no-deploy
* Remove disable-selinux
* Convert wireguard to fatal error
* Remove reference to no-op K3S_CLUSTER_SECRET

Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-12-05 14:01:01 -08:00
Klaas Demter
457e5e7379 Update install.sh to recommend current version of k3s-selinux
Signed-off-by: Klaas Demter <re4il07t@duck.com>
2022-12-05 11:52:33 -08:00
Matt Trachier
95bb3dce97
adding expanded release docs (#6237)
Signed-off-by: matttrach <matttrach@gmail.com>
2022-12-02 16:27:02 -06:00
Derek Nola
b255b07de2
Remove nodejs12 based GH actions (#6593)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-12-02 09:07:21 -08:00
Guilherme Macedo
9d8260a3f6
Add ADR for security bumps automation (#6559)
Signed-off-by: Guilherme Macedo <guilherme.macedo@suse.com>
2022-12-02 12:06:34 -05:00
Roberto Bonafiglia
091017d8c2 Update flannel to v0.20.2
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2022-12-01 22:21:58 +01:00
Brad Davidson
2835368ecb Bump k3s-root and remove embedded strongswan support
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-12-01 12:40:40 -08:00
Derek Nola
af8f101bdc
Mark secrets-encryption flag as GA (#6582)
* Mark secrets-encrypt flag as GA

Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-12-01 08:50:51 -08:00
Brad Davidson
915c7719fe go generate
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-30 15:09:32 -08:00
Brad Davidson
2a496d4fd3 Bump metrics-server to v0.6.2
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-30 15:09:32 -08:00
Brad Davidson
1eeea5c81f go generate
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-30 15:09:32 -08:00
Brad Davidson
d539a0a124 Sync packaged component Deployment config
Don't override replicas; set revisionHistoryLimit and strategy

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-30 15:09:32 -08:00
Brad Davidson
e08a662509 Disable CCM metrics port when legacy CCM functionality is disabled
Prevents port conflicts on upgrade for users that have deployed other cloud controllers.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-30 15:08:31 -08:00
Brad Davidson
953c7699b4 Fix artifact upload with aws s3 cp; update secret
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-28 12:38:56 -08:00
Brad Davidson
16fa128e96 Fix passing AWS creds through Dapper
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-28 10:59:42 -08:00
Sakala Venkata Krishna Rohit
4e2e91e089
Switch from Google Buckets to AWS S3 Buckets (#6497)
* Add python pip pakacge to install aws cli

Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>

* Upload build artifacts to aws s3 instead of gcp bucket

Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>

* Upload logs to aws s3 instead of google buckets

Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>

* Replace gcloud auth with aws credentials for artifact uploading to buckets

Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>

* Replace usage of google bucket with aws s3 buckets

Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>

Signed-off-by: Venkata Krishna Rohit Sakala <rohitsakala@gmail.com>
2022-11-28 19:27:43 +02:00
Brad Davidson
a07bb555ba Bump klipper-helm and klipper-lb versions
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-23 14:55:59 -08:00
Derek Nola
614da78e43
Add prefer-bundled-bin as an agent flag (#6545)
* Add prefer-bundled-bin as an agent flag
* Add E2E test for prefer-bundled-bin

Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-11-22 13:43:16 -08:00
Hussein Galal
1f3e8f69d4
Mark v1.25.4+k3s1 as stable (#6534)
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2022-11-22 20:37:47 +02:00
Manuel Buil
1beecb2e2d
Merge pull request #6531 from manuelbuil/fixLogs
Fix log for flannelExternalIP use case
2022-11-22 16:54:26 +01:00
Manuel Buil
f420a8f35a
Merge pull request #6517 from manuelbuil/fixWinVxlan0
Remove stuff which belongs in the windows executor implementation
2022-11-22 15:11:58 +01:00
Manuel Buil
483e29e783 Remove stuff which belongs in the windows executor implementation
Signed-off-by: Manuel Buil <mbuil@suse.com>
2022-11-22 12:32:13 +01:00
Brad Davidson
9ff0943d56 Address nits from self-review
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-21 15:23:30 -08:00
Brad Davidson
56bf7d6ad3 Allow agent to run rootless
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-21 15:23:30 -08:00
Brad Davidson
6f2b21c5cd Add rootless IPv6 support
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-21 15:23:30 -08:00
Brad Davidson
c02dceb7ad Make rootless settings configurable
Add enivironment variables for port-driver, cidr, mtu, and disable-host-loopback settings. Since rootless is still experimental, I don't think they deserve full CLI flag status.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-21 15:23:30 -08:00
Brad Davidson
73171ff20a go generate
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-21 13:44:54 -08:00
Brad Davidson
7964ada773 Pull modified traefik charts from k3s-charts repo
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2022-11-21 13:44:54 -08:00