Commit Graph

2688 Commits

Author SHA1 Message Date
Brad Davidson
e54ceaa497 Fix issue with stale connections to removed LB server
Track LB connections through each server so that they can be closed when it is removed.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-04 12:02:22 -07:00
Brad Davidson
5dece799df Update remotedialer to silence errors when disconnecting
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-04 12:02:22 -07:00
Guilherme Macedo
4182dcaac8
[UpdateCLI] Improve Klipper Helm and Helm controller bumps (#7146)
Signed-off-by: Guilherme Macedo <guilherme.macedo@suse.com>
2023-04-04 13:43:12 -05:00
Hussein Galal
127cea1f3f
Upgrade helm-controller to v0.13.3 (#7209)
* Upgrade helm-controller to v0.13.3

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

* Upgrade klipper-helm image in the airgap list

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

---------

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2023-04-04 20:20:40 +02:00
Derek Nola
d2e04b826a
Don't apply hardened args to agent (#7089)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-04-04 09:35:28 -07:00
Brad Davidson
d388b82d25 go generate
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-03 19:47:06 -07:00
Brad Davidson
de80c07053 Ensure that loopback is used for the advertised address when resetting
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-03 19:47:06 -07:00
Brad Davidson
b010db0cff Ensure that loopback is used for the advertised address when resetting
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-03 17:01:43 -07:00
Brad Davidson
877247a691 Bump runc to v1.1.5
Addresses GHSA-m8cg-xc2p-r3fc GHSA-vpvm-3wq2-2wvm GHSA-g2j6-57v7-gm8c

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-03 17:00:44 -07:00
Brad Davidson
eb982bbbde Bump etcd to v3.5.7
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-04-03 17:00:30 -07:00
Brad Davidson
cee3ddbc4a
Bump Local Path Provisioner version (#7167)
* chore: Bump Local Path Provisioner version
* go generate

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2023-04-03 16:00:16 -07:00
Guilherme Macedo
ddd9665fed
Improve Trivy configuration (#7154)
Signed-off-by: Guilherme Macedo <guilherme.macedo@suse.com>
2023-04-03 14:09:21 -05:00
Guilherme Macedo
fdf994dc35
[UpdateCLI] Improve workflow (#7142)
* Improve UpdateCLI workflow
* Update Go version to stable in workflow

Signed-off-by: Guilherme Macedo <guilherme.macedo@suse.com>
2023-04-03 13:40:49 -05:00
Guilherme Macedo
37b3f4d25c
Run go generate in local-path-provisioner Updatecli pipeline (#7181)
Signed-off-by: Guilherme Macedo <guilherme.macedo@suse.com>
2023-04-03 09:30:56 -07:00
ShylajaDevadiga
8ec7d5e6b0
fix_get_sha_url (#7187)
Signed-off-by: ShylajaDevadiga <shylaja@rancher.com>
2023-03-31 13:26:29 -07:00
Derek Nola
a99376663b
Drone Pipelines enhancement (#7169)
* Dont run most pipelines on nightly cron

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Don't run skipfiles on push to master for arch pipelines

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-03-31 09:06:16 -07:00
Brooks Newberry
fb491f5ebf
Update stable channel to v1.26.3+k3s1 (#7161) 2023-03-29 15:49:08 -07:00
Derek Nola
d13ee64403
Enhance k3s check-config (#7091)
* Move  CONFIG_CGROUP_PIDS to Required

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-03-29 09:55:08 -07:00
Roberto Bonafiglia
01ea3ff27b Update flannel to fix NAT issue with old iptables version
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-03-22 18:15:34 +01:00
Derek Nola
c97370be6f
Clean E2E VMs before testing (#7109)
* Cleanup VMs proper

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-03-22 09:32:37 -07:00
Brooks Newberry
7c32f88fec
Pin golangci-lint version to v1.51.2 (#7113) 2023-03-20 09:59:43 -07:00
Brooks Newberry
dc4a148725
Update to v1.26.3-k3s1 (#7108) 2023-03-20 05:18:37 -07:00
Derek Nola
561ec056c1
Drone: Cleanup E2E VMs on test panic (#7104)
* Cleanup leftover VMs in E2E pipeline

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-03-17 11:35:05 -07:00
Derek Nola
9980504196
Fix to Rotate CA e2e test (#7101)
* Include note on service keys

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Fix rotate cert ca test

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Remove periods

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Add new test to nightly script

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-03-16 17:56:17 -07:00
Esteban Esquivel Alvarado
85b261096c
Add automation for Restart command for K3s (#7002)
Signed-off-by: est-suse <esteban.esquivel@suse.com>
2023-03-14 15:47:18 -07:00
Chris Wayne
19ac384929
Remove Nikolai from MAINTAINERS list (#7088)
Signed-off-by: Chris Wayne <cwayne18@gmail.com>
2023-03-14 14:33:06 -04:00
Roberto Bonafiglia
7d2f997b3e Added multiClusterCIDR E2E test
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-03-14 18:30:52 +01:00
Roberto Bonafiglia
262cd7de0a Added IPv6 check and agent restart on e2e test utils
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-03-14 18:30:52 +01:00
Roberto Bonafiglia
15ee88964b Added multiClusterCidr feature
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-03-14 18:30:52 +01:00
Daniel Mills
822ee79eb8
Remove deprecated nodeSelector label beta.kubernetes.io/os (#6970)
* Remove deprecated nodeSelector label beta.kubernetes.io/os

Problem:
The nodeSelector label beta.kubernetes.io/os in the CoreDNS deployment was deprecated in 1.14 and will likely be removed soon

Solution:
Change the nodeSelector to remove the beta

Signed-off-by: Dan Mills <evilhamsterman@gmail.com>
2023-03-14 12:56:40 -04:00
Richard Steinmetz
a912902aa7
Add missing kernel config checks (#6946)
Add additional kernel config checks for NETFILTER_XT_MATCH_COMMENT and
NETFILTER_XT_MATCH_MULTIPORT as they are both required to run k3s.

Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
2023-03-14 12:55:38 -04:00
Matt Trachier
8503d0143c
skip all pipelines based on what is in the PR (#6996)
* add droneignore, make trivial change to README for testing, updating drone config to use droneignore to skip CI when files are all matched

Signed-off-by: matttrach <matttrach@gmail.com>
2023-03-14 12:49:44 -04:00
Brad Davidson
977a85559e Add support for cross-signing new certs during ca rotation
We need to send the full chain in order for cross-signing to work
properly during switchover to a new root.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-03-13 16:56:28 -07:00
Brad Davidson
68fcb48a35 Update/rename certs.sh; add default cert rotation script
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-03-13 16:56:28 -07:00
Daishan Peng
b7f90f389c
Wait for kubelet port to be ready before setting (#7041)
* Wait for kubelet port to be ready before setting
* Wait for kubelet to update the Ready status before reading port

Signed-off-by: Daishan Peng <daishan@acorn.io>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Co-authored-by: Brad Davidson <brad.davidson@rancher.com>
2023-03-13 13:48:02 -07:00
Matt Trachier
a45d081027
update stable version in channel server (#7066) 2023-03-13 13:43:22 -07:00
Derek Nola
d218068f34
Adds a warning about editing to the containerd config.toml file (#7057)
* Add a warning to the config.toml file

Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Brad Davidson <brad@oatmail.org>
2023-03-13 13:42:17 -07:00
Derek Nola
c259403af1
Bump various dependencies for CVEs (#7044)
* Bump wrangler to 1.1.1
* Match golang.org/x/net with flannel version
* Match golang.org/x/sys with containerd version
* Update gax-go to 2.1.1
* Isolate terraform e2e test with seperate go.mod/go.sum
* Bump containerd

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-03-13 09:37:45 -07:00
Roberto Bonafiglia
e098b99bfa
Update flannel and kube-router (#7039)
* Update kube-router version to fix iptables rules

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>

* Update Flannel to v0.21.3

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>

---------

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-03-10 19:57:16 -08:00
Derek Nola
c78dc4db71
Add flannel adr (#6973)
* Add flannel adr

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Incorporate Brads comments

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Remove the "s"

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Updated table with more info on flags

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Update docs/adrs/flannel-options.md

Co-authored-by: Roberto Bonafiglia <roberto.bonafiglia@gmail.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Roberto Bonafiglia <roberto.bonafiglia@gmail.com>
2023-03-10 19:55:32 -08:00
Derek Nola
522ad1e697
Add E2E to Drone (#6890)
* Initial drone vagrant pipeline

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Build e2e test image

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Add docker registry to E2E pipeline

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Bump libvirt image

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Add ci flag to secretsencryption

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Fix vagrant log on secretsencryption

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Remove DB parallel tests

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Reduce sonobuoy tests even further

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Add local build

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Add cron conformance pipeline

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Add string output for nodes

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Switch snapshot restore for upgrade cluster

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Fix cp

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-03-10 19:53:41 -08:00
Matt Trachier
ea094d1d49
Update to v1.26.2-k3s1 (#7011)
* Update to v1.26.2
* update gh workflows and docker files to proper go version
---------
Signed-off-by: matttrach <matttrach@gmail.com>
2023-03-01 16:48:23 -06:00
Brad Davidson
ee28c20b62 Bump kine to v0.9.9
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-23 17:19:18 -08:00
Brad Davidson
cbe4bcfeee Add test for filterByIPFamily
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-21 14:13:22 -08:00
Brad Davidson
cc333d8d0c Fix ServiceLB dual-stack ingress IP listing
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-21 14:13:22 -08:00
Brad Davidson
2156015521 Improve default umask for certs.sh
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-14 09:39:41 -08:00
Brad Davidson
23d98cec22 Fix CACertPath stripping trailing path components
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-14 09:39:41 -08:00
Brad Davidson
0c302f4341 Fix etcd member deletion
Turns out etcd-only nodes were never running **any** of the controllers,
so allowing multiple controllers didn't really fix things.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-14 09:39:41 -08:00
Derek Nola
9efa0797b7
Don't default to local K3s for startup test (#6950)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-02-13 15:00:57 -08:00
Roberto Bonafiglia
7739c8b97e Update flannel to v0.21.1
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2023-02-10 23:03:10 +01:00