Commit graph

3873 commits

Author SHA1 Message Date
Brad Davidson
d582a0da84 Reorganize flannel consts and fields
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-12-08 12:53:10 -08:00
Brad Davidson
d1989567ea Use patch helper for secrets-encryption labels and annotations
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-12-08 12:53:10 -08:00
Brad Davidson
1cb80fbe75 Use patch helper for spegel annotations and labels
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-12-08 12:53:10 -08:00
Brad Davidson
57210b87cc Use patch helper for node labels and annotations
Move flannel annotations into flannel setup, and use patch helpers to manage other node labels and annotations

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-12-08 12:53:10 -08:00
Brad Davidson
713cf8fbde Use patch helper for etcd labels and annotations
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-12-08 12:53:10 -08:00
Brad Davidson
2b39b6808a Use patch helper for etcd member controller
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-12-08 12:53:10 -08:00
Brad Davidson
785cfad963 Use patch helper for etcd snapshot annotation patch
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-12-08 12:53:10 -08:00
Brad Davidson
ceebaade3e Add JSON patch helper
Adds helper function for building JsonPatch operation lists,
which allows modifying a resource without having to manually
refresh the object and retry the change on conflict.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-12-08 12:53:10 -08:00
Brad Davidson
efcf8eb7ac Move embedded flannel and vpn config setup into embedded executor
Flannel and VPN setup shouldn't be done in generic agent config as it is only
used with embeded executor's flannel CNI.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-12-08 12:53:10 -08:00
Brad Davidson
ec3cc04214 Move CNI execution into executor
Allows properly delegating CNI startup to executor, so that it can be plugged in as platform and distro specific implimentation without relying on cli flag hacks

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-12-08 12:53:10 -08:00
Brad Davidson
b7ca944774 Move etcd metrics to separate package
Allows importing pkg/metrics without pulling in pkg/etcd, which was causing an import loop in a follow-up commit.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-12-08 12:53:10 -08:00
Derek Nola
543b6307a6
Define DefaultHelmJobImage in K3s, overriding what helm-controller defaults to. (#13258)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2025-12-08 12:44:05 -08:00
Derek Nola
0d39c86b5c Move from ranchertest to mirrored-busybox
Signed-off-by: Derek Nola <derek.nola@suse.com>
2025-12-08 09:09:40 -08:00
Derek Nola
cd08e731f6 Fix naming convention for docker test import
Signed-off-by: Derek Nola <derek.nola@suse.com>
2025-12-08 09:09:40 -08:00
Derek Nola
572cc8e2bf Consolidate RunCommand between Docker and E2E tests
Signed-off-by: Derek Nola <derek.nola@suse.com>
2025-12-08 09:09:40 -08:00
Roberto Bonafiglia
e3cc61c43c Update kube-router to v2.6.2
Some checks failed
govulncheck / govulncheck (push) Has been cancelled
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2025-12-03 16:07:03 +01:00
Xelus22
8e0676ad46
update busybox image version to 1.37.0 (#13237)
Some checks failed
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Signed-off-by: Xelus22 <xelus22@gmail.com>
Co-authored-by: Xelus22 <xelus22@gmail.com>
2025-11-25 11:55:06 -08:00
dependabot[bot]
68749aac76
Bump actions/checkout from 5 to 6 (#13256)
Some checks failed
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
Install Script / build (push) Has been cancelled
Install Script / Smoke Test (push) Has been cancelled
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-24 11:32:03 -08:00
Brad Davidson
96ed4393c1 Remove remaining references to drone
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-11-24 11:23:49 -08:00
Brian Downs
1262649fda
update channels to 1.33.6 (#13246)
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2025-11-24 12:29:45 -05:00
thomasferrandiz
46cca2402f
Merge pull request #13216 from thomasferrandiz/add-multus-test-2
Some checks are pending
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
Add multus e2e test
2025-11-24 09:29:56 +01:00
Brad Davidson
3de08883f7 Bump opencontainers/selinux
Some checks failed
govulncheck / govulncheck (push) Has been cancelled
Install Script / build (push) Has been cancelled
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Install Script / Smoke Test (push) Has been cancelled
We do not use any vulnerable code from this project, but we should bump it anyway to pacify scanners

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-11-21 13:18:37 -08:00
Brad Davidson
f726966062 Clean tools from runners before tests
Remove optional tools from runners to make space available for docker/vagrant

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-11-21 09:25:00 -08:00
Brad Davidson
74088f5175 Use docker containerd snapshotter for stable image digests
The legacy Docker snapshotter flattens application/vnd.docker.distribution.manifest.v2+json manifests to application/vnd.oci.image.manifest.v1+json when saving. Switching to the containerd snapshotter allows us to keep the original manifest digest when pulling and saving image tarballs.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-11-21 09:25:00 -08:00
Brad Davidson
f783052df2 Fix airgap-extra-registry flag
It is hidden and undocumented, but also apparently broken.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-11-21 09:25:00 -08:00
Brad Davidson
af441c29a0 Add test for sharing imported images by digest
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-11-21 09:25:00 -08:00
Brad Davidson
1037dcbff4 Add digests and source labels for imported images
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-11-21 09:25:00 -08:00
Brad Davidson
9806524a48 Fix spegel ready checks to give server more time to find a peer
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-11-21 09:25:00 -08:00
Brad Davidson
f0d54528d0 Stop waiting on CRI ready if context is cancelled
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-11-21 09:25:00 -08:00
Thomas Ferrandiz
871094b5c6 Add multus e2e test
We test that a basic deployment of the latest multus chart works
correctly.

Signed-off-by: Thomas Ferrandiz <thomas.ferrandiz@suse.com>
2025-11-21 13:05:52 +00:00
jvassev
913005658c
tunnel: handle pod IP reuse (#13212)
Some checks failed
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
* tunnel: handle pod IP reuse

a valid tunnel/session may be deleted when an IP is reused while a
Complete pod (for example a job) was using that IP but is being gc'ed.

This causes timeouts to webhooks after directDial is attempted because
session was removed.

Solution is to track the owner of the IP and delete the entry only when
the the owner pod is deleted.

Signed-off-by: Julian Vassev <jvassev@gmail.com>
2025-11-19 20:43:36 -08:00
Brad Davidson
ed57fb5e61
Fix windows build os (#13201)
Some checks failed
govulncheck / govulncheck (push) Has been cancelled
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
* Pass GOOS into Dockerfile.local build args
  Fixes issue with build-windows job not actually building for windows
* Remove `go generate` from package-cli
  We no longer use codegen in this repo
* Fix go:embed path separator on Windows
* Bump hcsshim for containerd 2.1 compat on windows
* Include failing lister in error message
* Bump k3s-io/api and k3s-io/helm-controller for embedded CRD windows path fix

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-11-15 02:02:12 -08:00
Rafael
c86b66d05c
Add id-token (#13209)
Some checks failed
govulncheck / govulncheck (push) Has been cancelled
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Signed-off-by: Rafael Breno <rafael_breno@outlook.com>
2025-11-13 17:25:11 -03:00
Rafael
3cdb5f8cf5
Update to v1.34.2-k3s1 and Go 1.24.9 (#13204)
Signed-off-by: Rafael Breno <rafael_breno@outlook.com>
2025-11-13 15:45:18 -03:00
Derek Nola
8215b940e3
Bump klipper-helm and helm-controller (#13187)
Some checks failed
govulncheck / govulncheck (push) Has been cancelled
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Signed-off-by: Derek Nola <derek.nola@suse.com>
2025-11-11 12:49:23 -08:00
Roberto Bonafiglia
3530ab5915 Fix tailscale setup in case of an already running configuration
Some checks are pending
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
2025-11-11 12:58:21 +01:00
Brad Davidson
7146e2000e Fix apiserver starting before remote etcd is up
Some checks failed
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Fixes issue where the apiserver on control-plane-only nodes does not
actually wait for a connection to etcd to be available before starting.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-11-07 10:32:02 -08:00
Rafael
8f781acff4
[main] Add Prime assets upload (#13160)
Some checks are pending
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
* Add Prime assets upload

Signed-off-by: Rafael Breno <rafael_breno@outlook.com>

* fixes

Signed-off-by: Rafael Breno <rafael_breno@outlook.com>

---------

Signed-off-by: Rafael Breno <rafael_breno@outlook.com>
2025-11-07 12:04:41 -03:00
Brad Davidson
858b109b92 Fix adding OwnerReferences to Nodes seen from initial list
Some checks failed
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
govulncheck / govulncheck (push) Has been cancelled
Apparently Kubernetes objects may not have TypeMeta (APIVersion and Kind) fields set if they come from a List response - so we can't count on the objects passed to the handler having these properly set.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-11-06 19:41:14 -08:00
Brad Davidson
e438a3c1a0 Bump containerd to v2.1.5
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-11-06 18:23:44 -08:00
Brad Davidson
a2663f8884 Bump remotedialer to fix deadlock on connection close
Some checks are pending
govulncheck / govulncheck (push) Waiting to run
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
Fixes an issue where remotedialer clients may run into a deadlock when closing connections. This prevents the client from reconnecting to the server, and as the Close function has deadlocked, any health-checks that rely on checking remotedialer connection state will continue to pass as it claims to still be connected.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-11-06 10:31:48 -08:00
Brad Davidson
fdc356a9ce Bump runc to v1.3.3
Some checks are pending
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-11-05 14:34:47 -08:00
Derek Nola
b8f6f958c8
Streamline E2E startup test (#13137)
Some checks failed
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
* Streamline E2E startup test

- Remove ineffective testlet on prefer-bundled-bin
- Minimize waiting for kubeconfig testlet
- Only kill docker containers for cri-dockerd testlet
* Migrate bad token testlet from E2E to Integration test

Signed-off-by: Derek Nola <derek.nola@suse.com>
2025-11-03 09:03:07 -08:00
Derek Nola
b9e90d3e51
Don't look at head for upgrade channel (#13130)
Some checks failed
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Signed-off-by: Derek Nola <derek.nola@suse.com>
2025-10-31 11:54:40 -07:00
dependabot[bot]
2459bf7c84
Bump actions/upload-artifact from 4 to 5 (#13104)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-31 09:33:34 -07:00
Derek Nola
72ca761529 Migrate Docker Image publishing to GitHub Actions
Some checks are pending
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
Signed-off-by: Derek Nola <derek.nola@suse.com>
2025-10-30 11:31:47 -07:00
Derek Nola
19e8f83d1d Only run arm64 and amd64 test stage on drone tags
Signed-off-by: Derek Nola <derek.nola@suse.com>
2025-10-30 11:31:47 -07:00
Brad Davidson
e1238095f0 Bump kine to 0.14.6
Some checks failed
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
govulncheck / govulncheck (push) Has been cancelled
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2025-10-29 15:49:40 -07:00
dependabot[bot]
9e1003029c Bump actions/download-artifact from 5 to 6
Some checks failed
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
Install Script / build (push) Has been cancelled
Install Script / Smoke Test (push) Has been cancelled
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 5 to 6.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-10-29 10:30:30 +01:00
Derek Nola
602d43081e
Migrate dispatch pipeline into GitHub Actions (#13105)
Some checks are pending
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
Signed-off-by: Derek Nola <derek.nola@suse.com>
2025-10-28 09:13:04 -07:00