* Shortcircuit search with help and version flag
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Keep functions seperate
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
Allows nodes to join the cluster during a webhook outage. This also
enhances auditability by creating Kubernetes events for the deferred
verification.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Move coverage writer into agent and server
* Add coverage report to E2E PR tests
* Add codecov upload to drone
Signed-off-by: Derek Nola <derek.nola@suse.com>
It is no way we can configure the lb image because it is a const value.
It would be better that we make it variable value and we can override
the value like the `helm-controller` job image when compiling k3s/rke2
Signed-off-by: Yuxing Deng <jxfa0043379@hotmail.com>
Only actual admin actions should use the admin kubeconfig; everything done by the supervisor/deploy/helm controllers will now use a distinct account for audit purposes.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Add el9 to the install script
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add rocky-9 install test to test el9 selinux
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add rocky-9 install test to test el9 selinux to workflow
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Use el8 for fedora 37
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add a warning to reboot in coreos systems
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* remove k3s-selinux module in case of upgrade in el9
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Check for available container-selinux and k3s-selinux
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* extend selinux upgrade to sle distros
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* create /var/lib/rpm-state in sle systems
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* nit fix
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* extend selinux upgrade to sle distros
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
---------
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add el9 to the install script
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add rocky-9 install test to test el9 selinux
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add rocky-9 install test to test el9 selinux to workflow
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Use el8 for fedora 37
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add a warning to reboot in coreos systems
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* remove k3s-selinux module in case of upgrade in el9
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Check for available container-selinux and k3s-selinux
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* extend selinux upgrade to sle distros
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* create /var/lib/rpm-state in sle systems
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* nit fix
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
---------
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
Fix regression in legacy API prefix, until upstream pulls in support for MergePathStrategy from https://github.com/emicklei/go-restful/pull/523
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
As per https://github.com/golang/go/issues/47001 even subtle.ConstantTimeCompare should never be used with variable-length inputs, as it will return 0 if the lengths do not match. Switch to consistently using constant-time comparisons of hashes for password checks to avoid any possible side-channel leaks that could be combined with other vectors to discover password lengths.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
