Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
devel:kubic
k3s
k3s.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File k3s.changes of Package k3s
------------------------------------------------------------------- Thu May 23 11:01:19 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 1.30.1+k3s1: * Update to v1.30.1 (#10105) * windows changes * Update channels with 1.30 (#10097) * Replace deprecated ruby function ------------------------------------------------------------------- Tue May 14 05:35:04 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 1.30.0+k3s1: * Fix e2e tests (#10061) * Deprecate pod-infra-container-image kubelet flag (#7409) * Kubernetes V1.30.0-k3s1 (#10063) * Bump E2E opensuse leap to 15.6, fix btrfs test (#10057) * Add E2E Split Server to Drone, support parrallel testing in Drone (#9940) * update stable channel to v1.29.4+k3s1 (#10031) ------------------------------------------------------------------- Sun May 05 07:41:47 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 1.29.4+k3s1: * Send error response if member list cannot be retrieved (#9722) * Respect cloud-provider fields set by kubelet (#9721) - The k3s stub cloud provider now respects the kubelet's requested provider-id, instance type, and topology labels * Fix error when image has already been pulled (#9770) * Add a new error when kine is with disable apiserver or disable etcd (#9766) * Bump k3s-root to v0.13.0 (#9718) * Use ubuntu latest for better golang caching keys (#9711) * Bump Trivy version (#9780) * Move to ubuntu 23.10 for E2E tests (#9755) * Update channel server (#9808) * Add /etc/passwd and /etc/group to k3s docker image (#9784) * Fix etcd snapshot reconcile for agentless servers (#9809) * Add health-check support to loadbalancer (#9757) * Add tls for kine (#9572) - Kine is now able to use TLS * Transition from deprecated pointer library to ptr (#9801) * Remove old pinned dependencies (#9806) * Several E2E Matrix improvments (#9802) * Add certificate expiry check, events, and metrics (#9772) * Add updatecli policy to update k3s-root (#9844) * Bump Trivy version (#9840) * Add workaround for containerd hosts.toml bug when passing config for default registry endpoint (#9853) * Fix: agent volume in example docker compose (#9838) * Bump spegel to v0.0.20-k3s1 (#9863) * Add supervisor cert/key to rotate list (#9832) * Add quotes to avoid useless updatecli updates (#9877) * Bump containerd and cri-dockerd (#9886) - The embedded containerd has been bumped to v1.7.15 - The embedded cri-dockerd has been bumped to v0.3.12 * Move etcd snapshot management CLI to request/response (#9816) - The k3s etcd-snapshot command has been reworked for improved consistency. All snapshots operations are now performed by the server process, with the CLI acting as a client to initiate and report results. As a side effect, the CLI is now less noisy when managing snapshots. * Improve etcd load-balancer startup behavior (#9883) * Actually fix agent certificate rotation (#9902) * Bump latest to v1.29.3+k3s1 (#9909) * Update packaged manifests (#9920) - Traefik has been bumped to v2.10.7. - Traefik pod annotations are now set properly in the default chart values. - The system-default-registry value now supports RFC2732 IPv6 literals. - The local-path provisioner now defaults to creating local volumes, instead of hostPath. * Allow Local path provisioner to read helper logs (#9835) * Update kube-router to v2.1.0 (#9926) * Match setup-go caching key in GitHub Actions (#9890) * Add startup testlet on preloaded images (#9941) * Update to v1.29.4-k3s1 and Go 1.21.9 (#9960) * Fix on-demand snapshots timing out; not honoring folder (#9984) * Make /db/info available anonymously from localhost (#10001) ------------------------------------------------------------------- Sun May 5 07:32:48 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de> - add conflicts for rke2 and kubernetes-kubelet-common, as those also use /var/lib/kubelet ------------------------------------------------------------------- Fri Apr 19 05:37:37 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de> - add Recommends for the flannel CNI plugin ------------------------------------------------------------------- Thu Apr 18 19:34:53 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de> - change to obs_scm ------------------------------------------------------------------- Sun Apr 7 14:30:16 UTC 2024 - Berthold Gunreben <azouhr@opensuse.org> - k3s will not start if VERSION_GOLANG has not been set with -ldflags ------------------------------------------------------------------- Thu Apr 04 09:17:36 UTC 2024 - azouhr@opensuse.org - Update to version 1.29.3+k3s1: * Update to v1.29.3-k3s1 and Go 1.21.8 (#9747) * Fix wildcard entry upstream fallback * Fix flaky check in btrfs test * Fix e2e vagrant cacheing * Run docker tests in E2E GH Action * remove repetitive words (#9671) * Warn and suppress duplicate registry mirror endpoints * Bump upload and download actions to v4 (#9666) * Bump metrics-server to v0.7.0 * Improve E2E Aftersuite cleanup * Move to ubuntu 2204 for all E2E tests * Convert snapshotter test in e2e test * Migrate E2E tests to GitHub Actions * Allow non-sudo vagrant * Include flannel version in flannel cni plugin version * Bump Trivy version (#9528) * Adjust first node-ip based on configured clusterCIDR * Improve tailscale e2e test * Update contrib/util/check-config.sh * Rename `RAW_OUTPUT` -> `NO_COLOR` * Disable color outputs using RAW_OUTPUT env var * Fix wildcard with embbeded registry test * e2e tests: cover WebAssembly integration * fix: use correct wasm shims names * chore(deps): Remediating CVEs found by trivy; CVE-2023-45142 on otelrestful and CVE-2023-48795 on golang.org/x/crypto (#9513) * Don't register embedded registry address as an upstream registry * Remove filtering of wildcard mirror entry * Add env var to allow spegel mirroring of `latest` tag * Bump spegel to v0.0.18-k3s4 * Use and version flannel/cni-plugin properly * Move snapshot-retention to EtcdSnapshotFlags in order to support loading from config * Clean up snapshotDir create/exists logic * Fix additional corner cases in registries handling * Fix setup-go typos (#9634) * Move docker tests into tests folder (#9555) * Reenable Install and Snapshotter Testing (#9601) * update stable channel to v1.28.7+k3s1 (#9615) * Bump helm-controller/klipper-helm versions * Fix issue with etcd node name missing hostname * Tweak netpol node wait logs * Fix NodeHosts on dual-stack clusters * Rootless mode also bind service nodePort to host for LoadBalancer type * Correct formatting of GH PR sha256sum artifact (#9472) * Better GitHub CI caching strategy for golang (#9495) * Add an integration test for flannel-backend=none * Update klipper-lb image version * Update install test OS matrix (#9480) * Unit Testing Matrix and Actions bump (#9479) * Testing ADR (#9562) * Fix netpol startup when flannel is disabled * Use 3/2/1 cluster for split role test * Change default number of etcd nodes in E2E splitserver test * Rename AgentReady to ContainerRuntimeReady for better clarity * Restore original order of agent startup functions * remove e2e logs drone step (#9517) * Fix drone publish for arm (#9503) * Update Kubernetes to v1.29.2 (#9493) * Bump kine and set NotifyInterval to what the apiserver expects * Expose rootless containerd socket directories for external access * Expose rootless state dir under ~/.rancher/k3s/rootless * Don't verify the node password if the local host is not running an agent * Fix iptables check when sbin isn't in user PATH * Readd `k3s secrets-encrypt rotate-keys` with correct support for KMSv2 GA (#9340) * [Testing]: Test_UnitApplyContainerdQoSClassConfigFileIfPresent (Created) (#8945) * Update Kube-router to v2.0.1 * allow executors to define containerd and docker behavior * Add codcov secret for integration tests on Push (#9422) * Consistently handle component exit on shutdown * Bump cri-dockerd * Runtimes refactor using exec.LookPath * Changed how lastHeartBeatTime works in the etcd condition * build: Align drone base images (#8959) * Bump flannel version * Fix ipv6 endpoint address selection for on-demand snapshots * Fix issue with coredns node hosts controller * Bump CNI plugins to v1.4.0 * Add check for etcd-snapshot-dir and fix panic in Walk * Retry startup snapshot reconcile * Fix excessive retry on snapshot reconcile * update channel (#9388) * Bump codecov/codecov-action from 3 to 4 (#9353) * Bump Trivy version (#9237) * Add ability to install K3s PR Artifact from GitHub (#9185) * Bump Local Path Provisioner version (#8953) ------------------------------------------------------------------- Mon Feb 12 10:26:30 UTC 2024 - dcermak@suse.com - Update to version 1.29.1+k3s2: * Bump helm-controller to fix issue with ChartContent * Bump runc and helm-controller versions * gofmt config_test.go * Fix issues with certs.d template generation ------------------------------------------------------------------- Wed Jan 31 08:11:12 UTC 2024 - azouhr@opensuse.org - Update to version 1.29.1+k3s1: * Delete old stalebot * New stale action * Update to v1.29.1 (#9259) * Error getting node in setEtcdStatusCondition * Move proxy dialer out of init() and fix crash * Fix nonexistent dependency repositories (#9213) * Enable network policy controller metrics * Bump quic-go for CVE-2023-49295 * Add e2e test for embedded registry mirror * Add embedded registry implementation * Add server CLI flag and config fields for embedded registry * Add ADR for embedded registry * Propagate errors up from config.Get * Move registries.yaml load into agent config * Pin images instead of locking layers with lease * add e2e startup test for rootless k3s (#8383) * update s3 e2e test (#9025) * Handle etcd status condition when cluster reset and disable etcd * Use `ipFamilyPolicy: RequireDualStack` for dual-stack kube-dns (#8984) * fix: update trivy from 0.46.1 to 0.48.1 (#8812) * Wait for taint to be gone in the node before starting the netpol controller * Print error when downloading file error inside install script (#6874) * Fix OS PRETTY_NAME on tagged releases * Add runtime checking of golang version * Add more paths to crun runtime detection (#9086) * Add support for containerd cri registry config_path * Fix nil map in full snapshot configmap reconcile * Handle logging flags when parsing kube-proxy args * Fix the OTHER log message that prints the wrong variable * Fix install script checksum * add system-agent-installer-k3s step to ga release (#9153) * Dockerfile.dapper: set $HOME properly * Add 2>dev/null when checking nm-cloud systemd unit * Added support for env *_PROXY variables for agent loadbalancer (#9118) * Add ServiceLB support for PodHostIPs FeatureGate * Silence SELinux warning on INSTALL_K3S_SKIP_SELINUX_RPM (#8703) * Add a retry around updating a secrets-encrypt node annotations (#9039) * Rebase & Squash (#9070) * update stable channel to v1.28.5+k3s1 and add v1.29 channel (#9110) * chore: Update Code of Conduct to Redirect to CNCF CoC (#9104) * Bump actions/setup-go from 4 to 5 (#9036) * chore: Update sonobuoy image versions (#8910) ------------------------------------------------------------------- Fri Jan 19 08:37:34 UTC 2024 - Berthold Gunreben <azouhr@opensuse.org> - Make older distributions work again - Remove obsolete tar archive of previous version ------------------------------------------------------------------- Wed Jan 17 13:11:41 UTC 2024 - Berthold Gunreben <azouhr@opensuse.org> - Adopt specfile to new github directory - Revert https://github.com/k3s-io/k3s/pull/8998 that removed s390x from PLUGIN_PLATFORMS - Add go_modules service to _service and add resulting vendor.tar.gz to package ------------------------------------------------------------------- Wed Jan 17 12:42:32 UTC 2024 - azouhr@opensuse.org - Update to version 1.29.0+k3s1: * Remove rotate-keys subcommand (#9079) * Update flannel to v0.24.0 and remove multiclustercidr flag (#9075) * Update Kubernetes to v1.29.0+k3s1 (#9052) * Only publish to code_cov on merged E2E builds (#9051) * Remove GA feature-gates (#8970) * Bump containerd to v1.7.11 * Allow setting default-runtime on servers * Bump containerd/runc to v1.7.10-k3s1/v1.1.10 * Added runtime classes for crun/wasm/nvidia * Nov 2023 stable channel update (#9022) * Modify CONTRIBUTING.md guide * Fix overlapping address range * remove s390x from manifest (#8998) * remove s390x steps temporarily since runners are disabled * Update to v1.28.4 (#8920) * Print key instead of file path in snapshot metadata log message * Don't apply s3 retention if S3 client failed to initialize * Don't request metadata when listing objects * Fix flakey dynamic-cert.json in cert rotation e2e test * Revert e2e pipeline depends_on change * Bump dynamiclistener to fix secret sync race * Reorder snapshot configmap reconcile to reduce log spew during initial startup * Handle nil pointer when runtime core is not ready in etcd * Add jitter to client config retry * Update install.sh sha256sum (#8885) * More improves for K3s patch release docs (#8800) * Disable helm CRD installation for disable-helm-controller (#8702) * Tweaked order of ingress IPs in ServiceLB (#8711) * Skip initial datastore reconcile during cluster-reset * Fix issue with snapshot metadata configmap * Fix wrong warning from restorecon in install script (#8871) * General updates to README (#8786) * enh: Force umount for NFS mount (like with longhorn) * add agent flag disable-apiserver-lb (#8717) * QoS-class resource configuration * Bump kine to fix multiple issues * add: timezone info in image * optimize: Simplify and clean up Dockerfile (#8244) * Improve dualStack log * Add warning for multiclustercidr flag (#8758) * Wasm shims and runtimes detection * Added ADR for etcd status * Added etcd status condition * update channels latest to v1.27.7+k3s2 (#8799) * Don't use iptables-save/iptables-restore if it will corrupt rules * Update traefik to fix registry value (#8792) * Upgrade traefik chart to v25.0.0 (#8771) * fix: Access outer scope .SystemdCgroup (#8761) * chore: Bump Trivy version (#8739) * chore: Update sonobuoy image versions (#8710) * update stable to v1.27.7+k3s1 (#8753) * Restore selinux context systemd unit file (#8593) * Don't try to read token hash and cluster id during cluster-reset * Update to v1.28.3 (#8682) * Manually requeue configmap reconcile when no nodes have reconciled snapshots * Re-enable etcd endpoint auto-sync * Fix CloudDualStackNodeIPs feature-gate inconsistency * [K3s][Windows Port] Build script, multi-call binary, and Flannel (#7259) * Use version.Program not K3s in log (#8653) * Start etcd client before ensuring self removal * Add etcd-only/control-plane-only server test * Update kube-router package in build script * Bump traefik, golang.org/x/net, google.golang.org/grpc * Use IPv6 in case is the first configured IP with dualstack * Switch build target from main.go to a package. (#8342) * Fix etcd snapshot integration tests * Add server token hash to CR and S3 * Switch to managing ETCDSnapshotFile resources * Move snapshot delete into local/s3 functions * Sort snapshots by time and key in tabwriter output * Store extra metadata and cluster ID for snapshots * Move s3 snapshot list functionality to s3.go * Consistently set snapshotFile timestamp * Tidy s3 upload functions * Elide old snapshot data when apiserver rejects configmap with ErrRequestEntityTooLarge * Move etcd snapshot code into separate file * Add new CRD for etcd snapshots * Minor updates as per design review discussion * Add ADR for etcd snapshot CRD migration * Bump busybox to v1.36.1 * Bump containerd to v1.7.7-k3s1 * E2E Domain Drone Cleanup (#8579) * Server Token Rotation (#8265) * Fixed tailscale node IP dualstack mode in case of IPv4 only node * [v1.28] System agent push tags fix (#8568) * Update install.sh.sha256sum * Fix slemicro check for selinux (#8526) * Network defaults are duplicated, remove one * Fix spellcheck problem (boostrap ==> bootstrap) * Take IPFamily precedence based on order * ipFamilyPolicy:PreferDualStack for coredns and metrics-server * Improve release docs - updated (#8414) * Pass SystemdCgroup setting through to nvidia runtime options * Don't ignore assets in home dir if system assets exist * Add --image-service-endpoint flag (#8279) * Create and validate install.sh signatures (#8312) * Update kube-router * Added error when cluster reset while using server flag * Fix .github regex to skip drone runs on gh action bumps (#8433) * Added cluster reset from non bootstrap nodes on snapshot restore e2e test * Added advertise address integration test * Fix gofmt error * Clear remove annotations on cluster reset; refuse to delete last member from cluster * Reorganize Driver interface and etcd driver to avoid passing context and config into most calls * Don't export functions not needed outside the etcd package * Skip creating CRDs and setting up event recorder for CLI controller context * Use admin kubeconfig instead of supervisor for etcd snapshot CLI * Typo fix * Set server-token adr to accepted * Server token rotation ADR * Disable HTTP on main etcd client port * Add extraArgs to tailscale * Include the interface name in the error message * add link to drone in documentation (#8295) * Update channel latest to v1.27.6+k3s1 (#8397) * Update to v1.28.2 and go v1.20.8 (#8364) * Bump kine to v0.10.3 * update channel for version v1.28 (#8305) * Add context to flannel errors * Fix error reporting * Add RWMutex to address controller * Add new CLI flag to disable TLS SAN CN filtering * Use already imported semver, bump kine * Add check for support on cp nodes * Review comments and fixes * CLI + Backend for Secrets Encryption v3 * Add new encryption test * Replace os.Write with AtomicWrite function * [v1.28] CLI Removal for v1.28.0 (#8203) * Update to v1.28.1 (#8239) * Update to v1.28.0-k3s1 (#8199) * Move flannel to 0.22.2 * E2E test for token coverage (#8184) * Bump helm-controller/klipper-helm versions * Bump dynamiclistener for init deadlock fix * Fixed the etcd retention to delete orphaned snapshots based on the date (#8177) * chore: Bump Trivy version (#8178) * chore: Bump Trivy version (#8150) * Run integration test CI in parallel (#8156) * Fix for cluster-reset backup from s3 when etcd snapshots are disabled (#8155) * Fix for Kubeflag Integration test (#8154) * Use VERSION_K8S in tests instead of grep go.mod * Use 'go list -m' instead of grep to look up versions * add --disable-cloud-controller and --disable-kube-proxy test (#8018) * fix for etcd-snapshot delete with --etcd-s3 flag (#8110) * Remove terraform test package (#8136) * Bump kine to v0.10.2 * Etcd snapshots retention when node name changes (#8099) * Bump versions for etcd, containerd, runc, kine * Bump docker/docker to master commit * Add FilterCN function to prevent SAN Stuffing * Fix typo in terraform/README.md (#8090) * E2E: Support GOCOVER for more tests + fixes (#8080) * Consolidate CopyFile functions (#8079) * Fix tailscale bug with ip modes * update stable channel to v1.27.4+k3s1 (#8067) * Fix coreos multiple installs (#8083) * Security bump to docker/distribution (#8047) * Make apiserver egress args conditional on egress-selector-mode * Add support for `{{ template "base" . }}` in etc/containerd/config.toml.tmpl (#7991) * Unit test for MustFindString (#8013) * ADR on secrets encryption v3 (#7938) * Update flannel to v0.22.1 * Update cni plugins version to v1.3.0 * fix update go version doc (#8028) * Update to v1.27.4 (#8014) * Adjust default kubeconfig file permissions (#7978) * Revert "Warn that v1.28 will deprecate reencrypt/prepare (#7848)" * fix image_scan.sh script and download trivy version (#7950) * Don't use zgrep in `check-config` if apparmor porfile is enforced (#7939) * Generation of certificates and keys for etcd gated if etcd is disabled. (#6998) * Add retry for clone step (#7862) * Bump google.golang.org/grpc from 1.51.0 to 1.53.0 in /tests/terraform (#7879) * Fix rootless node password (#7887) * Improve for K3s release Docs (#7864) * Support setting control server URL for Tailscale. * Warn that v1.28 will deprecate reencrypt/prepare (#7848) * add e2e s3 test (#7833) * Fix code spell check * Fall back to basic/bearer auth when node identity auth is rejected * Allow k3s to customize apiServerPort on helm-controller * fix e2e startup flaky test (#7839) * Add `--data-dir` to the `k3s certificate rotate-ca` cli (#7791) * Remove file_windows.go * Check if we are on ipv4, ipv6 or dualStack when doing tailscale * Adding cli to custom klipper helm image (#7682) * Update stable channel to v1.27.3+k3s1 (#7827) * Faster K3s Binary Build Option (#7805) * chore: pkg imported more than once * Update Kubernetes to v1.27.3 (#7790) * Add commands to logout from tailscale * Fix the error report * Bump helm-controller to v0.15.0 for create-namespace support * Remove unused libvirt config * Fix spelling check * Add issue template for OS validation (#7695) * Remove unnecessary daemonset addition/deletion (#7696) * add private registry e2e test (#7653) * VPN PoC * Run integration tests on E2E changes, ensures correct coverage values * E2E: Inject gocover ENV for k3s commands * E2E: Use sudo for all RunCmdOnNode * chore: Bump Trivy version (#7672) * Shortcircuit commands with version or help flags (#7683) * Bump docker go.mod (#7681) * Enable containerd aufs/devmapper/zfs snapshotter plugins * Improve error response logging * Soft-fail on node password verification if the secret cannot be created * Test Coverage Reports for E2E tests (#7526) * check variant before version to decide rpm target and packager * Use el8 rpm for fedora 38 and 39 (#7664) * add format command on Makefile and remove vendor * Bump vagrant libvirt with fix for plugin installs (#7605) * Make LB image configurable when compiling k3s * chore: Bump golang:alpine version * Add ADR * Fix test file list * Create new kubeconfig for supervisor use * Use distinct clients for supervisor, deploy, and helm controllers * Bump metrics-server to v0.6.3 and update tls-cipher-suites * Bump klipper-lb to v0.4.4 * allow coredns override extensions * update channels (#7634) * Add el9 selinux rpm (#7635) * Update flannel version * Revert "Add el9 selinux rpm (#7443)" (#7608) * Add el9 selinux rpm (#7443) * Pin emicklei/go-restful to v3.9.0 * Fix iptables rules clean during upgrade * Update to v1.27.2-k3s1 (#7575) * Add '-all' flag to apply to inactive units * Bump alpine from 3.17 to 3.18 in /conformance (#7551) * Bump alpine from 3.17 to 3.18 in /package (#7550) * Add Rotation certification Check (#7097) * Wrap error stating that it is coming from netpol * Bump containerd/runc to v1.7.1-k3s1/v1.1.7 * Bump helm-controller version for repo auth/ca support * Adding PITS and Getdeck Beiboot as adopters thanks to Schille and Miworfi for the additions (#7524) * Bump containerd to v1.7.0 and move back into multicall binary * Consistently use constant-time comparison of password hashes * Bump kube-router version to fix a bug when a port name is used * Add support for `-cover` + integration test code coverage (#7415) * add kube-* server flags integration tests (#7416) * Bump kine to v0.10.1 * Fix token startup test * Fail to validate server tokens that use bootstrap id/secret format * E2E: Startup test cleanup + RunCommand Enhancement (#7388) * Add dependabot label and reviewer (#7423) * Bump cni plugins to v1.2.0-k3s1 * local-storage: Fix permission (#7217) * Migrate netutil methods into /utils/net.go * Enable FindString to search dotD config files (#7323) * Add v1.27 channel (#7387) * Handle multiple arguments with StringSlice flags (#7380) * chore: Bump Trivy version * Fix MemberList error handling and incorrect etcd-arg passthrough * Retry cluster join on "too many learners" error * Fix stack log on panic * Fix race condition in tunnel server startup * Add e2e test for --disable-agent * Improve egress selector handling on agentless servers * Improve error message when CLI wrapper Exec fails * Add longhorn storage test (#6445) * go generate * Bump traefik to v2.9.10 * Add integration tests for etc-snapshot server flags and refactor /tests/integration/integration.go/K3sStartServer (#7300) * Bump Runc and Containerd (#7339) * Bump k3s-root for aarch64 page size fix * Create CRDs with schema * Cleanup help messages (#7369) * Bump cri-dockerd (#7347) * update channel server for april 2023 (#7327) * ensure that klog verbosity is set to the same level as logrus by repeatedly settting it every second during k3s startup * Changed command -v redirection for iptables bin check * v1.27.1 CLI Deprecation (#7311) * Kubernetes v1.27.1 (#7271) * Bump Trivy version (#7257) * chore: Updated the content of the file "/tmp/updatecli/github/k3s-io/... (#7256) * chore: Bump golang:alpine version (#7292) * Update to v1.26.4-k3s1 (#7282) * Update install script to clean iptables rules before start * Update kube-router to insert iptables rules right after kubernetes ones * Fix call for k3s-selinux versions in airgapped environments (#7264) * Add coreos and sle micro to selinux support (#6945) * Update klipper lb to v0.4.2 (#7210) * Add make commands to terraform automation and fix external dbs related issue (#7159) * Updated kube-route version to move the iptables ACCEPT default rule at the end of the chain * Lock bootstrap data with empty key to prevent conflicts * Bump actions/setup-go from 3 to 4 * Debounce kubernetes service endpoint updates * Fix tests to not hide failure location in dummp assert functions * Fix issue with stale connections to removed LB server * Update remotedialer to silence errors when disconnecting * [UpdateCLI] Improve Klipper Helm and Helm controller bumps (#7146) * Upgrade helm-controller to v0.13.3 (#7209) * Don't apply hardened args to agent (#7089) * go generate * Ensure that loopback is used for the advertised address when resetting * Ensure that loopback is used for the advertised address when resetting * Bump runc to v1.1.5 * Bump etcd to v3.5.7 * Bump Local Path Provisioner version (#7167) * Improve Trivy configuration (#7154) * [UpdateCLI] Improve workflow (#7142) * Run go generate in local-path-provisioner Updatecli pipeline (#7181) * fix_get_sha_url (#7187) * Drone Pipelines enhancement (#7169) * Update stable channel to v1.26.3+k3s1 (#7161) * Enhance `k3s check-config` (#7091) * Update flannel to fix NAT issue with old iptables version * Clean E2E VMs before testing (#7109) * Pin golangci-lint version to v1.51.2 (#7113) * Update to v1.26.3-k3s1 (#7108) * Drone: Cleanup E2E VMs on test panic (#7104) * Fix to Rotate CA e2e test (#7101) * Add automation for Restart command for K3s (#7002) * Remove Nikolai from MAINTAINERS list (#7088) * Added multiClusterCIDR E2E test * Added IPv6 check and agent restart on e2e test utils * Added multiClusterCidr feature * Remove deprecated nodeSelector label beta.kubernetes.io/os (#6970) * Add missing kernel config checks (#6946) * skip all pipelines based on what is in the PR (#6996) * Add support for cross-signing new certs during ca rotation * Update/rename certs.sh; add default cert rotation script * Wait for kubelet port to be ready before setting (#7041) * update stable version in channel server (#7066) * Adds a warning about editing to the containerd config.toml file (#7057) * Bump various dependencies for CVEs (#7044) * Update flannel and kube-router (#7039) * Add flannel adr (#6973) * Add E2E to Drone (#6890) * Update to v1.26.2-k3s1 (#7011) * Bump kine to v0.9.9 * Add test for filterByIPFamily * Fix ServiceLB dual-stack ingress IP listing * Improve default umask for certs.sh * Fix CACertPath stripping trailing path components * Fix etcd member deletion * Don't default to local K3s for startup test (#6950) * Update flannel to v0.21.1 * Updated flannel version to v0.21.0 * Allow for multiple sets of leader-elected controllers * Wait for server to become ready before creating token * Fix access to hostNetwork port on NodeIP when egress-selector-mode=agent * go generate * Check for existing resources before creating them * Use default address family when adding kubernetes service address to SAN list * Add NATS to the list of supported data stores (#6876) * Add CI test * Add ADR * Ensure that node exists when using node auth * Add support for kubeadm token and client certificate auth * Add support for `k3s token` command * Ignore value conflicts when reencrypting secrets (#6850) * Add e2e tests for CA cert rotation * Add basic test for custom CA certs * Clarify ADR based on design review feedback * Add ADR * Add `certificate rotate-ca` to write updated CA certs to datastore * Add utility functions for getting kubernetes client * Fix CA cert hash for root certs * Ensure cluster-signing CA files contain only a single CA cert * Add example certificate generation script * Fix check for (open)SUSE version (#6791) * Bump deps: trivy, sonobuoy, dapper (#6807) * Fix reference to documentation (#6860) * E2E: Consoldiate docker and prefer bundled tests into new startup test (#6851) * Ensure flag type consistency (#6852) * Bump vagrant boxes to fedora37 (#6832) * Fix cronjob example (#6707) * Wait for cri-dockerd socket (#6812) * go generate * Honor Service ExternalTrafficPolicy * Bump wrangler version for EndpointSlice support * Consolidate E2E tests and GH Actions (#6772) * Add Ayedo (#6801) * E2E Rancher and Hardened script improvements (#6778) * update stable channel to v1.25.6+k3s1 (#6828) * Set cri-dockerd version at build time * Bump cri-dockerd * Add build tag to disable cri-dockerd * Update to v1.26.1-k3s1 (#6774) * drone correct plugins/docker tag supporting linux/arm (#6769) * Slow dependency CI to weekly (#6764) * generate report and upload test results (#6737) * Bump download action to v3 (#6746) * Update stable to 1.25.5+k3s2 (#6753) * Fix CI tests * Bugfix: do not break cert-manager when pprof is enabled (#6635) * chore: Bump golang:alpine version (#6683) * Pass through default tls-cipher-suites * Add explicit permissions to workflows (#6700) * Bump ubuntu from 20.04 to 22.04 in /tests/e2e/scripts (#6686) * Containerd restart testlet (#6696) * Bump containerd to v1.6.15-k3s1 * Bump alpine from 3.16 to 3.17 in /conformance (#6687) * Bump alpine from 3.16 to 3.17 in /package (#6688) * RIP Codespell (#6701) * Adjust e2e test run script and fixes (#6718) * Add jitter to scheduled snapshots and retry harder on conflicts * Exclude December r1 releases from channel server * Bump containerd to v1.6.14-k3s1 * Add Dependabot config for security ADR (#6560) * Fix OpenRC init script error 'openrc-run.sh: source: not found' (#6614) * Change Updatecli GH action reference branch (#6682) * Update stable to v1.25.5 (#6618) * Add initial Updatecli ADR automation (#6583) * Current status badges (#6653) * Bump k3s-root version to v0.12.1 * Preload iptable_filter/ip6table_filter * Update to v1.26.0-k3s1 (#6370) * Deprecation of `etcd-snapshot` command in v1.26 (#6575) * Remove deprecated flags in v1.26 (#6574) * Update install.sh to recommend current version of k3s-selinux * adding expanded release docs (#6237) * Remove nodejs12 based GH actions (#6593) * Add ADR for security bumps automation (#6559) * Update flannel to v0.20.2 * Bump k3s-root and remove embedded strongswan support * Mark secrets-encryption flag as GA (#6582) * go generate * Bump metrics-server to v0.6.2 * go generate * Sync packaged component Deployment config * Disable CCM metrics port when legacy CCM functionality is disabled * Fix artifact upload with `aws s3 cp`; update secret * Fix passing AWS creds through Dapper * Switch from Google Buckets to AWS S3 Buckets (#6497) * Bump klipper-helm and klipper-lb versions * Add `prefer-bundled-bin` as an agent flag (#6545) * Mark v1.25.4+k3s1 as stable (#6534) * Remove stuff which belongs in the windows executor implementation * Address nits from self-review * Allow agent to run rootless * Add rootless IPv6 support * Make rootless settings configurable * go generate * Pull modified traefik charts from k3s-charts repo * Add ADR for new repo * Bump containerd to v1.6.10-k3s1 * Add new `prefer-bundled-bin` experimental flag (#6420) * Github CI Updates (#6522) * Fix Carolines github id (#6464) * Fix log for flannelExternalIP use case * Revert "Remove stuff which belongs in the windows executor implementation" * Move traefik chart repo again * Bump traefik chart to 19.0.4 to fix kubernetes version check * Remove stuff which belongs in the windows executor implementation * Update to v1.25.4 (#6477) * Nightly test fix (#6475) * Pull traefik helm chart directly from GH * Convert test output to JSON format (#6410) * Add Secrets Encryption to CriticalArgs (#6409) * Change the priority of address types depending on flannel-external-ip * Fix test-mods to allow for pinning version from k8s.io * Add some helping logs to avoid wrong configs * Updated flannel version to 0.20.1 * Add Kairos to ADOPTERS (#6417) * log kube-router version when starting netpol controller * Update codespell ignore words * go generate * Bump coredns to v1.9.4 * Bump traefik chart to v19.0.0 * Bump local-path-provisioner to v0.0.23 * Fix sonobouy tests on v1.25 * Add snapshot restore e2e test (#6396) * Fix incorrect defer usage * Replace deprecated k8s registry references. * Bump traefik to v2.9.4 / chart v18.3.0 * Remove vagrant dev env (#6395) * Expand nightly E2E tests (#6354) * Disable optimizations and symbol stripping on debug builds (#6147) * Add test for node-external-ip config parameter * Convert containerd config.toml.tmpl Linux template to v2 syntax * Replace fedora-coreos with fedora 36 for install tests (#6315) * Set default kubeletPort * Check for RBAC before starting tunnel controllers * Add GVK lookup to deploy controller * Update helm-controller to pull in refactor * mark v1.25.3+k3s1 as stable (#6338) * Bump Traefik helm chart to v18.0.0 * Add new tests to test list * Add upgrade test * Add hardened cluster test * Fix flakey traefik upgrade in etcd test * Bump test framework versions and add hooks to helpers * Bump kine to v0.9.6 * Bump all alpine images to 3.16 (#6334) * Add a netpol test for podSelector & ingress type * Add info on libvirt ubuntu 22.04 (#6316) * Bump testing to opensuse Leap 15.4 (#6337) * Update maintainers (#6298) * Update kube-router * Bump dynamiclistener * Add --flannel-external-ip flag * Fix RBAC to allow removal of legacy finalizer * Add the gateway parameter in netplan * Return ProviderID in URI format * Update to v1.25.3-k3s1 (#6269) * Add ServiceAccount for svclb pods * Fix dualStack test * Replace deprecated ioutil package (#6230) * Fix flakey etcd test * Fix helm job failure on multi-server tests * Bump traefik to 2.9.1 / chart 12.0.0 * Add journalctl logs to E2E tests * Use setup-go action to cache dependencies * Fix the typo in the test * Handle custom kubelet port in agent tunnel * Fix occasional "TLS handshake error" in apiserver network proxy. * Use structured logging instead of logrus for event recorders * Dump info on coredns when deployment rollout fails * Add ADR for ServiceLB move to CCM * Disable cloud-node and cloud-node-lifecycle if CCM is disabled * Move servicelb into cloudprovider LoadBalancer interface * Move DisableServiceLB/Rootless/ServiceLBNamespace into config.Control * Implement InstancesV2 instead of Instances * Bump metrics-server to v0.6.1 * Add cluster reset test to nightly builds * Add cluster reset test to nightly builds * mark v1.24.6+k3s1 as stable (#6193) * Add flannel-external-ip when there is a k3s node-external-ip * Update to v1.25.2-k3s1 (#6168) * add registry cache capability to upgradecluster_test.go * Add missing env variable * Remove docker login secret, move to docker registry cache * Update to v1.25.1 (#6140) * Add K3S Release Documentation (#6135) * Remove old CreateCluster function * Replaced deprecated Ginkgo reporting * add vagrant-scp to init script * Enable E2E testing with local k3s binary * Added optional docker hub login * Convert createCluster to parallel * Cleanup init and run_test scripts * Make all E2E tests ordered * remove quotest to match style * Modify install GH action * Add binary skip option * Restore original skip_download behavior * Add k3s v1.25 to the release channel (#6129) * Added warning message for flannel backend additional options deprecation * Fix deprecation message * Bump containerd to v1.6.8-k3s1 * Bump runc to v1.1.4 * Update Flannel to v0.19.2 to fix older iptables issue * Convert deprecated flags to fatal errors for v1.25 (#6069) * Update go.mod version to 1.19 (#6049) * Expand startup integration test (#6030) * Add validation check to confirm correct golang version for Kubernetes * Remove wireguard interfaces when deleting the cluster * Update README.md (#6048) * Update to v1.25.0-k3s1 (#6040) * Fix e2e tests (#6018) * Fix dualStack test and change ipv6 network (#6023) * CI: update Fedora 34 -> 35 (#5996) * Convert install tests to run PR build of k3s (#6003) * E2E: Add support for CentOS 7 and Rocky 8 (#6015) * mark v1.24.4+k3s1 as stable (#6036) * Export agent.NetworkName for Windows * The Windows kubelet does not accept cadvisor flags * Update to v1.24.4 (#6014) * Remove codespell from Drone, add to GH Actions (#6004) * Add nightly install github action (#5998) * E2E: Local cluster testing (#5977) * Convert vagrant tests to yaml based config (#5992) * Update run scripts (#5979) * Updated flannel to v0.19.1 * Add scripts to run e2e test using ansible (#5134) * fix checkError in terraform/testutils (#5893) * Removing checkbox indicating backports since the policy is to backport everything (#5947) * Update MAINTAINERS with new folks and departures (#5948) * Add docker e2e test * Add ADR for inclusion of cri-dockerd * Add cri-dockerd support as backend for --docker flag * Revert "Remove --docker/dockershim support" * Print stack on panic * Fix comments and add check in case of IPv6 only node * Added NodeIP autodect in case of dualstack connection * Upgrade macos-10.15 to macos-12 (#5953) * Bump minio to v7.0.33 * Fix secrets reencryption for 8K+ secrets (#5936) * Updates to CLI flag grouping + deprecated flag warnings. (#5937) * Save agent token to /var/lib/rancher/k3s/server/agent-token * Update etcd error to match correct url (#5909) * Don't enable unprivileged ports and icmp on old kernels * ADR: Depreciating and Removing Old Flags (#5890) * Move v1.24.3+k3s1 to stable (#5889) * Bump dynamiclistener to fix issue with cert expiration * Replace getLocalhostIP with Loopback helper method * Add service-cluster-ip-range to controller-manager args * Upgrade kube-router to v1.5.0 * Fix server systemd detection * Raise etcd connection test timeout to 30 seconds * update rootlesskit to 1.0.1 * Put terraform tests into packages and cleanup upgrade test * Update terraform package and make running locally easier * Update to v1.24.3 (#5870) * Address issues with etcd snapshots * Fix deletion of svclb DaemonSet when Service is deleted * Remove legacy bidirectional datastore sync code * Fix fatal error when reconciling bootstrap data * Promote v1.23.8+k3s2 to stable * Replace dapper testing with regular docker (#5805) * Fix issue with containerd stats missing from cadvisor metrics * Bump runc version to v1.1.3 * Bump remotedialer * Bump kine to v0.9.3 * Don't crash when service IPFamiliyPolicy is not set * Fix egress selector proxy/bind-address support * Add tests for down-level etcd join * Handle egress-selector-mode change during upgrade * Remove go-powershell dead dependency (#5777) * add 1.24 release channel (#5742) * Mark v1.23.8+k3s1 to stable * Update to v1.24.2 * Bump helm-controller * containerd: Enable enable_unprivileged_ports and enable_unprivileged_icmp by default * Enable compact tests for k3s s390x * Only listen on loopback when resetting * Ensure that CONTAINERD_ variables are not shadowed by later entries * Sanitize filenames for use in configmap keys * Disable urfave markdown/man docs generation * Delay service readiness until after startuphooks have finished (#5649) * add arm tests and upgrade tests (#5526) * Add alternate scripts location (#5692) * Introduce servicelb-namespace parameter * Move all klipper-lb daemonset to common namespace for PodSecurity * E2E: Dualstack test (#5617) * add support for pprof server (#5527) * Update security email contact (#5607) * E2E Improvements and groundwork for test-pad tool (#5593) * Integration Test: Startup (#5630) * Set default egress-selector-mode to agent * Remove control-plane egress context and fix agent mode. * Refactor egress-selector pods mode to watch pods * Add FlannelConfCNI flag * Bump containerd and runc * Add ability to pass configuration options to flannel backend * Bump flannel to v0.18.1 * Update flaky tests for v1.24 (#5625) * Remove kube-ipvs0 interface when cleaning up * Revert "Give kubelet the node-ip value (#5579)" * Re-add --cloud-provider=external kubelet arg * Update to v1.24.1 (#5616) * Bump dynamiclistener to v0.3.3 * remove dweomer from maintainers (#5582) * Add support for configuring the EgressSelector mode * Give kubelet the node-ip value (#5579) * Remove errant unversioned etcd go.mod entry * Remove objects when removed from manifests (#5560) * Add apparmor-parser to OpenSUSE/SLE Micro test VMs * Bump sonobuoy version and fix deprecated arg * Build standalone containerd 1.6 * Remove --docker/dockershim support * Always set pod-infra-container-image to protect it from image GC * Remove deprecated flags from cloud-controller-manager * Remove deprecated flags from kube-apiserver * Remove deprecated flags from kubelet * Update Kubernetes to v1.24 * Bump golang to 1.18.1 * Update CNI version in config file * Fix typo in image scan script * Mark v1.23.6+k3s1 stable * Add "ipFamilyPolicy: PreferDualStack" to have dual-stack ingress support * Move auto-generated resolv.conf out of /tmp to prevent accidental cleanup * Check if user has a correct cluster-cidr and service-cidr config * Replace DefaultProxyDialerFn dialer injection with EgressSelector support * Ensure that WaitForAPIServerReady always re-dials through the loadbalancer * Don't start embedded kubelet until after apiserver is up * Add new `k3s completion` command for shell completion (#5461) * Use ListWatch helpers instead of bare List/Watch * server: Allow to enable network policies with IPv6-only * agent(netpol): Explicitly enable IPv4 when necessary * Bump kine to v0.9.1 for nats.io support * Make supervisor errors parsable by Kubernetes client libs * Drop unnecessary intermediate variable * Add systemd cgroup controller support * Add CNI Plugins and Flannel version to build scripts * Fix issue with datastore corruption on cluster-reset (#5515) * Bump containerd for selinux fix (#5507) * Secrets Encryption: Add RetryOnConflict around updating nodes (#5495) * Fix issue with long-running apiserver endpoints watch (#5478) * Update Kubernetes to v1.23.6 (#5477) * Fix default ipv6 cidr (#5467) * E2E Validation Improvements (#5444) * Add s390x arch support for k3s (#5018) * Bump etcd to 3.5.3-k3s1 * Move IPv4/v6 selection into helpers * Fix issue with RKE2 servers hanging on listing apiserver addresses * Print a helpful error when trying to join additional servers but etcd is not in use * Use core constants for cert user/group values * Bump containerd to v1.5.11-k3s1 * Added option to deploy hardened k3s (#5415) * Added support for repeated extra arguments * update sonobuoy to 0.56.4 (#5419) * Bump Reencryption Test timeout, improve comments (#5431) * Added default endpoint for IPv6 * Update golangci-lint to 1.45.2 * fixes and updates to jenkinsfile (#5370) * Fixed flannel backend helper text * update trivy to 0.25.3 * fix: non-idiomatic returning of boolean expression (#5343) * Add certificate rotation integration tests (#5393) * Update helm-controller version * Move the apiserver addresses controller into the etcd package * Updated wireguard-native options and added log message * Added new flannel backend to use wireguard from flannel * Fix crash on early snapshot * Don't print password conversion rate * Allow agents to query non-apiserver supervisors for apiserver endpoints * Add client certificate authentication support to core Authenticator * Redact datastore and etcd snapshot config from serialization * netpol: Add dual-stack support * Allow using flannel wireguard backend in a custom config * Fixed http URL on etcd * Fixed loadbalancer in case of IPv6 addresses * Fixed etcd register * Fixed client URL * Skip setting up client tls when etcd server does not have tls enabled * add a wrapper around the containerd.New call to fix and pass the proper npipe connector * Updated localhost address on IPv6 only setup * Defragment etcd datastore before clearing alarms * Fix etcd-only secrets encryption rotation * Properly attach secrets-encrypt events to the node resource * Fix log spam due to servicelb event recorder namespace conflict * Ensure that apiserver ready channel checks re-dial every time * Fixed etcd URL in case of IPv6 address * vagrant: Set mount options for NFS * vagrant: Enable IPv6 and IP forwarding * go generate * Bump coredns to v1.9.1 * Update Kubernetes to v1.23.5-k3s1 * Refactor automation using terraform (#5268) * Defer ensuring node passwords on etcd-only nodes during initial cluster bootstrap * Replace CentOS 8 with Rocky Linux 8 for install testing (#5279) * E2E Split Server Test (#5286) * Handle empty entries in bootstrap path map * Update helm-controller * Track upstream changes to kubectl command execution * Add cross-compilation as sanity check (#5255) * Close additional leaked GPRC clients * Testing directory and documentation rework. (#5256) * Changed ipv6 config on flannel setup * Added ipv6 only support with flannel * fix function arg call (#5234) * Populate EtcdConfig in runtime from datastore when etcd is disabled (#5222) * Fixed log in case of ipv6 only config * Added switch case to check netMode * Fixed in case of empty address * Updated flannel to 0.17 * Support MixedProtocolLBService and clean up Daemonsets on type change. * Update Fossa API key variable to match what the plugin wants * Bump containerd to v1.5.10-k3s1 * Mark 1.22.7 as stable (#5192) * [master] changing package to k3s-io (#4846) * servicelb pool selector * Switch to drone-fossa plugin * E2E Add external DB options to ValidateCluster test (#5157) * Bootstrap the executor even when the agent is disabled * Fix etcd-snapshot commands by making setup more consistent. * Ignore cluster membership errors when reconciling from temp etcd * Move temporary etcd startup into etcd module * Wait for process to exit before returning from kill helper * Add function to clear local alarms on etcd startup * E2E secrets encryption test (#5144) * Add http/2 support to API server (#5149) * Disable ineffassign CI plugin for excessive false positives * Fix adding etcd-only node to existing cluster * Bump up github.com/containerd/stargz-snapshotter (v0.11.0) (#5032) * Remove unnecessary copies of etcdconfig struct * Remove unnecessary copies of runtime struct * Fix cluster bootstrap test * Add contributors documentation (#5154) * Add `--json` flag for `k3s secrets-encrypt status` (#5127) * add ability to specify etcd snapshot list output format (#5132) * Create encryption hash file if it doesn't exist (#5140) * Move testing lock from server creation to test start (#5155) * Update to V1.23.4 k3s1 (#5135) * Fix deploy controller resource deletion * Fix annoying netpol log * Add support for IPv6 only mode * E2E Test Improvements (#5102) * Migrate Ginkgo testing framework to V2, consolidate integration tests (#5097) * Add k3s etcd restoration integration test (#5014) * Remove the iptables rules from ipmasq flannel * Fix cluster validation and add upgrade cluster test (#5020) * Update CentOS 8 smoke vm's with vault repositories (#5092) * netpol: Use kube-router as a library * Check for `--kubeconfig` flag with embedded `kubectl` (#5064) * Update legacy-unknown-cert and legacy-unknown-key (#5057) * Bump K3s stable to v1.22.6 (#5050) * Update versions: * Fixes to Drone CI Stability (#4897) * Add server flag to access nonlocal/nondefault k3s server (#5016) * Update to v1.23.3 (#5027) * Add Rocket.Chat to list of adopters (#5017) * Move containerd wait into exported function * Update to v1.23.2 (#4997) * Add new upgradecluster E2E test (#4900) * Update packaged components * go generate * Upgrade: metrics server version bump from v0.5.0 to v0.5.2 * Remove ip6table rules when cleaning up k3s * Added debug log for IPv6 Masquerading rule * Bump etcd and containerd to track upstream * Skip CGroup v2 evac when agent is disabled * Added flannel-ipv6-masq flag to enable IPv6 nat * Added iptables masquerade rules for ipv6 on flannel * Adds the ability to compress etcd snapshots (#4866) * Enable logging on all subcommands (#4921) * Move ClusterResetRestore handling ControlConfig setup * Update building documentation for macOS (#4850) * Add basic etcd join test * Fix handling of agent-token fallback to token * Fix use of agent creds for secrets-encrypt and config validate * Don't skip the dev image when skipping airgap * Fix a typo: advertise-up -> advertise-ip (#4827) * Integration tests utilities improvements (#4832) * Enable make generate to use dapper and standardize go and gzip versions (#4861) * linter doesn't actually run on windows, found these while getting it running on a windows machine * Update channel.yaml for 1.23 * Export default parser * Require integration test to be run as sudo/root (#4824) * Fix cgroup smoke test (#4823) * Update golang * Update modules for Kubernetes v1.23 * Add tests to use vagrantfile (#4722) * Bump stable to v1.22.5+k3s1 (#4821) * package rename wasnt approved yet, backing out cruft that snuck into last pr * Fix panic checking name of uninitialized etcd member * Add etcd sonobuoy tests * Add variable to enforce max test concurrency * Fix previous channel detection * More codespell ignores * Update bootstrap logic to output all changed files on disk (#4800) * delete vendor dir * code changes to drop the vendor dir * Move flannel logs to logrus * Close agentReady channel only in k3s (#4792) * Close etcd clients to avoid leaking GRPC connections * Remove Disables, Skips and DisableKubeProxy from the comparing configs * Add initial skeleton ADOPTERS.md to better track large use cases (#4764) * Add ADR * Build standalone containerd * Build script cleanups * Bump k3s-root to v0.10.1 * Fix cold boot and reconcilation on secondary servers (#4747) * docs: adrs: Dual-stack in network policy agent * Fix snapshot restoration on fresh nodes (#4737) * Resolve Bootstrap Migration Edge Case (#4730) * Add in docs/adr to ensure we capture decisions properly during design calls (#4707) * Resolve restore bootstrap (#4704) * Update wharfie usage in windows code path * [master] Add validation to certificate rotation (#4692) * Bump runc to v1.0.3 * Add `SKIP_AIRGAP` enviroment variable for make (#4688) * Include node-external-ip in serving-kubelet.crt SANs (#4620) * Secrets-encryption rotation (#4372) * Check HA network parameters * Bump wharfie to v0.5.1 and use shared decompression code * bump kine to v0.8.1 * Update dynamiclistener * Nighlty automation vagrant rework (#4574) * Bump stable to v1.21.7+k3s1 (#4636) * Add cert rotation command (#4495) * Update maintainers list (#4622) * Improved cleanup for etcd unit test (#4537) * etcd snapshot functionality enhancements (#4453) * go generate * Add package version to traefik helm chart * Improve flannel logging * [master] Bump golang and containerd (#4538) * [master] Bump Kubernetes to v1.22.4-k3s1 (#4536) * Fix regression with cluster reset (#4521) * Improved regex for double equals arguments (#4505) * Removed value from warning about skipping flags (#4491) * tests/vagrant: refactor vagrant smoke tests (#4484) * [master] Add etcd extra args support for K3s (#4463) * Feature: Add CoreDNS Customization Options * Fix to allow etcd-snapshot to use config file with flags that are only used with k3s server. (#4464) * Increase agent's apiserver ready timeout (#4454) * go generate * Add dashboard annotations to Traefik helm chart * Allow svclb pod to enable ipv6 forwarding * update bootstrap logic (#4438) * Corrected skip check for dualstack on CI (#4427) * install: /usr/sbin/transactional-update (#4403) * Match to last After keyword for parser (#4383) * Replace gzip with pigz for faster builds (#4411) * Remove unit tests from drone CI (#4424) * [master] updating to new signals package in wrangler (#4399) * install.sh: fix path detection for sle-micro (#4398) * containerd: v1.5.7-k3s2 (#4387) * Bump klipper-lb image for arm fix * Update k3s CI to run all integration tests (#4358) * Enable Epics Action to automatically check off child issues in an epic (#4353) * refactor: Use plain channel send or receive * Fix log/reap reexec * containerd/cri: enable the btrfs snapshotter (#4316) * Fix other uses of NewForConfigOrDie in contexts where we could return err * Watch the local Node object instead of get/sleep looping * Block scheduler startup on untainted node when using embedded CCM * install.sh: initial support for sle-micro (#4331) * Update to v1.22.3 (#4354) * K3s Integration test fixes (#4341) * Update peer address when running cluster-reset * reset buffer after use (#4279) * Bump klipper-helm version * Added configuration input to etcd-snapshot (#4280) * install.sh: capture quoted environment variables (#4275) * Update to the newest flannel * Bump klog fork version * set duration to second (#4231) * Add etcd s3 timeout (#4207) * Copy old bootstrap buffer data for use during migration (#4215) * Fix race condition in cloud provider * Add containerd ready channel to delay etcd node join * maintainers: add Manuel and Michal (#4193) * Display cluster tls error only in debug mode (#4124) * Refactor log and reaper exec to omit MAINPID * vagrant: Add Ubuntu 21.04 support * vagrant: Update package list for Ubuntu * vagrant: Add support for vagrant-libvirt * vagrant: Change OS environment variable to DISTRO * Improve error message when using a "K10" prefixed token (#4180) * Add ability to reconcile bootstrap data between datastore and disk (#3398) * moving fossa to being inline step with a sles image * Add "etcd-" prefix to etcd-snapshot commands as aliases (#4161) * Dual-stack support LB controller * Update stable to v1.21.5+k3s2 * Add topologySpreadConstraints to support scaling of coredns * Bump containerd to v1.5.7+k3s1 * Don't evacuate the root cgroup when rootless * Skip tests that violate version skew policy * Send MAINPID to systemd when reexecing for logfile output * Properly handle operation as init process * set transport to skip verify if se skip flag passed (#4102) * Bump stable to v1.21.5+k3s1 (#4068) * Enable the inheritance of settings for ipv6 * Adding fossa anaylze/test drone step * Drop broken SupportNoneCgroupDriver support * Add 1.22 channel * Update build images to python3 for compat with recent gsutil change * Use the new klipper-lb image that has newer go and Alpine versions ------------------------------------------------------------------- Mon Jul 25 04:07:49 UTC 2022 - Jeff Kowalczyk <jkowalczyk@suse.com> - Add _constraints overwrite ppc64le disk requires 7GB to build ------------------------------------------------------------------- Mon May 2 08:33:45 UTC 2022 - Martin Liška <mliska@suse.cz> - Remove dependency on binutils-gold as the package will be removed in the future. Gold linker is unmaintained by the upstream project. ------------------------------------------------------------------- Thu Nov 04 17:44:06 UTC 2021 - egotthold@suse.com - Update to version 1.22.3+k3s1: * Upgrade containerd * Bump klipper-lb image for arm fix * Fix log/reap reexec * Fix other uses of NewForConfigOrDie in contexts where we could return err * Watch the local Node object instead of get/sleep looping * Block scheduler startup on untainted node when using embedded CCM * Update to v1.22.3 (#4348) * Revert "Add ability to reconcile bootstrap data between datastore and disk (#3398)" * reset buffer after use (#4279) (#4329) * remove integration test * Copy old bootstrap buffer data for use during migration (#4215) * Add ability to reconcile bootstrap data between datastore and disk (#3398) * Update peer address when running cluster-reset * Bump klipper-helm version * Added configuration input to etcd-snapshot (#4280) (#4281) * Update to the newest flannel * Refactor log and reaper exec to omit MAINPID * Add containerd ready channel to delay etcd node join * Bump klog fork version * [Release-1.22] - Add etcd s3 timeout (#4207) (#4230) * Fix race condition in cloud provider * Display cluster tls error only in debug mode (#4200) * set transport to skip verify if se skip flag passed (#4102) (#4103) * Add "etcd-" prefix to etcd-snapshot commands as aliases (#4161) (#4170) * Dual-stack support LB controller * Bump containerd to v1.5.7+k3s1 * Don't evacuate the root cgroup when rootless * Skip tests that violate version skew policy * Properly handle operation as init process * Enable the inheritance of settings for ipv6 * Update build images to python3 for compat with recent gsutil change * Revert "Use the newer klipper-lb image" * Disable automounting service account token in servicelb pods * Make sure there are no duplicates in etcd member list (#4025) * Use the newer klipper-lb image * Enable JobTrackingWithFinalizers FeatureGate * Fix regression from commit 137e80cd865efe51aa3ef0323fd6b0a014b7b9de * Bump golang version * Update Kubernetes to v1.22.2-k3s1 * Remove expiremental from cluster commands (#4024) * Nvidia container runtime discovery in containerd config template (#3890) * Fix premature etcd shutdown when joining an existing cluster * Add StargzSupported stub for Windows * Retrieve "CONTAINERD_" environment variables * No-op when etcd member was already removed and use existing name for etcd controller (#4014) * Add tests to the dual-stack PR and enable dual-stack with flannel backend * Add dual-stack support * Bump helm-controller and klipper-helm image version * Return the error since it just gets logged and retried anyways * Use SubjectAccessReview to validate CCM RBAC * Set controller authn/authz kubeconfigs * Pass context into all Executor functions * Handle cgroup v1/2/hybrid in check-config.sh more explicitly/accurately * [master] Add `etcd-member-management` controller to K3s (#4001) * go mod tidy * Minor cleanup on cribbed function * Wait for apiserver readyz instead of healthz * Anything not EL7 is EL8 * Add exposed metrics listener instead of replacing loopback listener * Replace klog with non-exiting fork * SupportPodPidsLimit is locked to true of 1.20, making pids cgroup support mandatory * Migrate sqlite data to etcd when initializing the cluster * feat: add option to disable s3 over https * Ship Stargz Snapshotter (#2936) * Add missing node name entry to apiserver SAN list * added raspberry installation hint (#2379) * Update maintainers to reflect team changes * Bump kine for metrics/tls changes * Small updates to CONTRIBUTING (#3734) * Fix condition for adding kubernetes endpoints (#3941) * Bump stable to v1.21.4+k3s1 * Creation of K3s integration test Sonobuoy plugin (#3931) * Make consistent use of os-release vars * Fix issue where addon checksum was never stored * Move cniplugins version to 0.9.1 * Add functions to separate ipv4 from ipv6 functions * github actions: enable workflow_dispatch (#3923) * Redux: Enable K3s integration test to run on existing cluster (#3905) * Check /etc/os-release exists before sourcing it * install.sh: Inform user of current k3s+SELinux support status for SUSE/openSUSE systems * Remove runtime V1 (`containerd-shim`) * Update RootlessKit to v0.14.5 (#3902) * Fix rootless regression in 1.22 (Set KubeletInUserNamespace gate) (#3901) * Revert "Enable K3s integration test to run on existing cluster (#3892)" (#3899) * Enable K3s integration test to run on existing cluster (#3892) * Set osImage for docker image * Fix PREVIOUS_CHANNEL lookup when current minor release is not stable * Fix lint failures * Replace dropped v1beta1 APIs with v1 * Update wrangler to v0.8.5 * Wrap errors in runControllers for additional context * Disable deprecated insecure port * Update containerd to 1.5 * Update grpc * Update kine for etcd v3.5 compat * update golangci config to sync with RKE2 * Bump gopls and golangci-lint * Update etcd to v3.5.0 * Update Kubernetes to v1.22.1 * K3s Flock Integration Test (#3887) * Reset load balancer state during restoraion (#3877) * Add missing labels to stalebot config * Update Kubernetes to v1.21.4-k3s1 * Bump containerd to v1.4.9-k3s1 * Bump helm-controller to work around tiller crashes * Fix URL pruning when joining an etcd member (#3832) * Added new testing documentation (#3823) * Added locking system for integration tests (#3820) * Updated the code to use GetNetworkByName and tweaked logic. * Moved testing utils into tests directory. Improved gotests template. (#3805) * account for an s3 folder when listing objects (#3807) * Prevent snapshot commands from creating empty snapshot directory (#3783) * Use New Image Names (#3749) * Fix Node stuck at deletion (#3771) * Bump helm-controller to v0.10.2 * install.sh: Use built-in shell functionality instead of awk * Wrap context with lease before importing images * Fix initial start of etcd only nodes (#3748) * update rancher/local-path-provisioner to v0.0.20 * Update MAINTAINERS (#3744) * Improve config retrieval messages * Sync DisableKubeProxy into control struct * Add nightly automation tests * Add in stalebot config, starting with 6mo old stale issues. (#3739) * Notify systemd for etcd only node (#3732) * Exporting the AddFeatureGate function and adding a unit test for it. (#3661) * Added logic to strip any existing hyphens before processing the args. (#3662) * Fix to allow non-root users access to storage volumes. (#3714) * Wait until server is ready before configuring kube-proxy (#3716) * Introduction of Integration Tests (#3695) * add gotests templates (#3709) * Ignore markdown files for github actions (#3676) * Update 1.21 stable version * more fixes * more fixes * replace error with warn in delete * fix warning msg * migrate old token key format * simplifying the code * migrate empty string key properly * Fix multiple bootstrap keys found * move go routines for api server ready beneath wait group * Bump Kubernetes to v1.21.3 * Bump containerd to v1.4.8-k3s1 * adding startup hooks args to access to Disables and Skips (#3674) * Update .github/ISSUE_TEMPLATE/feature_request.md * Update .github/ISSUE_TEMPLATE/bug_report.md * Fix to allow prune to correctly cleanup custom named snapshots (#3649) * Add checkbox to denote backporting required on issue templates * Adding support for waitgroup to the Startuphooks (#3654) * Bump helm-controller to v0.10.1 (#3644) * Add issue template for creating release checklist issues (#3604) * fix a runtime core panic (#3627) * Convert existing unit tests to standard layout (#3621) * Upgrade k3s-root version * prevent snapshot save when snapshots are disabled (#3475) * 🐳 burp to inetaf/tcpproxy * Bump the packaged runc binary version * Update etcd snapshot error message to be more informative when etcd database is not found (#3568) * Fixing various bugs related to windows. * Update ROADMAP.md * Dispatch to rancher/system-agent-installer-k3s when tagged (#3589) * Update embedded kube-router (#3557) * missing build tag for windows * Set ulimits in docker-compose.yml * Update to v1.21.2 * Fix coverage reporting to include all packages, not just those with tests * Add unit tests for pkg/etcd (#3549) * Fix spelling to satisfy codespell check * Allow passing targeted environment variables to containerd * Add user-facing change section to PR template * (docs) Update README.md * Export cli server flags and etcd restoration functions (#3527) * Bump kine to resolve race condition and unrevisioned delete * Changes local storage pods to have 700 permissions (#3537) * Redux: Add Unit Test Coverage to CI (#3524) * Move cloud-controller-manager into an embedded executor (#3525) * Bump stable version to v1.21.2+k3s1 (#3526) * Adds a command-line flag '--disable-helm-controller' that will disable the server's built-in helm controller. * Revert "Add Unit Test Coverage to CI (#3494)" (#3499) * Add Unit Test Coverage to CI (#3494) * Basic windows agent that will join a cluster without CNI. * Fix storing bootstrap data with empty token string (#3422) * Fail to start k3s if nm-cloud-setup is enabled * Renamed client-cloud-controller crt and key (#3470) * Redux: Change containerd image leases from context lifespan to permanent (#3464) * Revert "Change containerd image leases from 24h to permanent (#3452)" (#3461) * Change containerd image leases from 24h to permanent (#3452) * Send systemd notifications for both server and agent (#3430) * Emit events for AddOn lifecycle * Add comments, clean up imports and function names * Tidy up function calls with many args * Add nodename to UA string for deploy controller * Changed iptables version check for fail if version is between 1.8.0 and 1.8.3 and using nf_tables mode (#3425) * Add kubernetes.default.svc to serving certs * Change Replace with ReplaceAll function * fix possible race where bootstrap data might not save * add log message indicating etcd snapshots are disabled * Fix RBAC cloud-controller-manager name 3308 (#3388) * cgroup2 CI: add rootless * k3s-rootless.service: use fuse-overlayfs snapshotter * Add a path for wireguard's privatekey * Initial windows support for agent (#3375) * Bump stable version to v1.21.1+k3s1 and add v1.21 channel * Update flannel version * containerd: v1.4.4-k3s2 * Bump channel stable version to v1.20.7+k3s1 * Fix shell expansion and file permission issues install.sh * runc: v1.0.0-rc95 (#3348) * move object channel defer close to goroutine * add retention default and wire in s3 prune * Handle conntrack-related sysctls in supervisor agent setup * Add support for multiple env files for systemd unit * add etcd snapshot save subcommand ------------------------------------------------------------------- Fri Jul 23 09:58:56 UTC 2021 - alexandre.vicenzi@suse.com - Update to version 1.21.3+k3s1: * Fix multiple bootstrap keys found * Bump containerd to v1.4.8-k3s1 * Fix to allow prune to correctly cleanup custom named snapshots (#3649) (#3672) * Upgrade k3s-root version * Bump Kubernetes to v1.21.3 (#3652) * Backport Fix storing bootstrap data with empty token string (#3514) * Emit events for AddOn lifecycle * Add comments, clean up imports and function names * Tidy up function calls with many args * Add nodename to UA string for deploy controller * prevent snapshot save when snapshots are disabled (#3475) (#3610) * Bump the packaged runc binary version * Update etcd snapshot error message to be more informative when etcd database is not found (#3592) * Dispatch to rancher/system-agent-installer-k3s when tagged * Update embedded kube-router (#3557) (#3595) * Fix spelling to satisfy codespell check * Bump rancher/klipper-helm image in airgap image-list.txt * Bump helm-controller to v0.10.1 * Changes local storage pods to have 700 permissions (#3537) (#3548) * Move cloud-controller-manager into an embedded executor (#3530) * fix possible race where bootstrap data might not save * Renamed client-cloud-controller crt and key (#3472) * Send systemd notifications for both server and agent (#3430) (#3460) * Changed iptables version check for fail if version is between 1.8.0 and 1.8.3 and using nf_tables mode (#3454) * Add kubernetes.default.svc to serving certs * Fix RBAC cloud-controller-manager name 3308 (#3388) (#3408) * Add a path for wireguard's privatekey * Update flannel version * move object channel defer close to goroutine * add retention default and wire in s3 prune * add etcd snapshot save subcommand - Update go to 1.16 ------------------------------------------------------------------- Mon Jun 21 10:52:40 UTC 2021 - Sayali Lunkad <sayali.lunkad@suse.com> - Add binutils-gold for aarch64 builds (bsc#1187497) ------------------------------------------------------------------- Thu Jun 3 13:23:59 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org> - Drop cni-bin-dir.patch in favor a sed command to handle multiple %{_libexec} values - boo#1186566 ------------------------------------------------------------------- Mon May 24 12:51:31 UTC 2021 - alexandre.vicenzi@suse.com - Update to version 1.21.1+k3s1: * [backport 1.21] containerd: v1.4.4-k3s2 * [backport 1.21] runc: v1.0.0-rc95 (#3348) (#3352) * Handle conntrack-related sysctls in supervisor agent setup * Bump to go 1.16.4 * Update Kubernetes to v1.21.1-k3s1 * Add the ability to prune etcd snapshots (#3310) * Fix passthrough of SystemDefaultRegistry from server config * change --disable-apiserver flag * runc: v1.0.0-rc94 (#3305) * Add executor.Bootstrap hook for pre-execution setup * Add the ability to list etcd snapshots (#3303) * Add system-default-registry support and remove shared code (#3285) * Fix cluster restoration in rke2 (#3295) * Use config file values in node-args annotation * Add the ability to delete an etcd snapshot locally or from S3 (#3277) * Sign CSRs for kubelet-serving with the server CA * Add cgroup2 CI (Fedora on Vagrant on GHA) * add new-line * Invoke cluster reset function when only reset flag is passed (#3276) * Add ci step to validate incorerct replacement fork * reference node name when needed * fixes #3264 - unmount CSI plugins on uninstall * remove accidentially commited dapper files * Collect and Store etcd Snapshots and Metadata (#3239) * Typo fix in README.md * Export CriConnection function (#3225) * Use same SANs on ServingKubeAPICert as dynamiclistener * Add ability to append to slice during config file merge * Add install script option to force a restart of the K3s service (#3235) ------------------------------------------------------------------- Thu Apr 29 09:11:09 UTC 2021 - alexandre.vicenzi@suse.com - Update to version 1.21.0+k3s1: * Add support for dual-stack Pod/Service CIDRs and node IP addresses (#3212) * mark v1.20.6+k3s1 as stable * Update bug_report.md language * Update feature_request.md * Support .d directory for k3s config file (#3162) * Fix service-account-issuer * Update to forked protobuf 1.4.3-k3s1 * Reduce node and service wait times * Update Kubernetes to v1.21.0 * Resolve local retention issue when S3 in use. * add hidden attribute to disable flags * add etcd s3 secret and access key flags and env vars to secret data * Add gzip and zst airgap artifacts * Update CoreDNS to version 1.8.3. (#3168) * Fix up vagrant provision scripts * Bump traefik to v2.4.8 * Fix CI failures non-deterministic traefik chart repackaging (#3165) * delete nocluster file and remove build tag * remove hidden attribute from cluster flags and related code * Make v1.20.5+k3s1 stable * remove duplicated func GetAddresses * Update to Kubernetes v1.20.5 (#3094) * Replace which with command -v (#3125) * AkihiroSuda/containerd-fuse-overlayfs -> containerd/fuse-overlayfs-snapshotter * rootless: allow kernel.dmesg_restrict=1 * rootless: enable resource limitation (requires cgroup v2, systemd) * bump up RootlessKit * containerd: v1.4.4-k3s1 (#3090) * put etcd bootstrap save call in goroutine and update comment * Remove unit files after disabling, instead of before * remove etcd data dir when etcd is disabled (#3059) * registry mirror repository rewrites (#3064) * Have Bootstrap Data Stored in etcd at Completed Start (#3038) * Define a Controllers and LeaderControllers on the server config (#3043) * Don't start up multiple apiserver load balancers * Handle loadbalancer port in TIME_WAIT * Always use static ports for client load-balancers (#3026) * Update GITHUB_URL * Update .md files with url and email corrections * Mark disable components flags as experimental (#3018) * Etcd Snapshot/Restore to/from S3 Compatible Backends (#2902) * Suppress test failure due to incompatible server * Log clearer error on startup if NPC cannot be started * Add script to test server/agent version compatibility * change error to warn when removing self from etcd members * update dynamiclistener * remove etcd member if disable etcd is passed * Apply suggestions from code review * Update to Traefik 2.4.2 and combine manifests * Remove Traefik v1 migration * Allow download traefik static file and rename * Traefik v2 integration * Wait for apiserver to become healthy before starting agent controllers * Hide the airgap-extra-registry flag * update master to 1.20.4 * use v1.20.4-k3s1 as stable * Update k3s-root to v0.8.1 * Limit zstd decoder memory * Use HasSuffixI utility function * Add support for retagging images on load from tarball * Add disable flags for control components (#2900) * update usage text (#2926) ------------------------------------------------------------------- Mon Apr 19 10:54:43 UTC 2021 - alexandre.vicenzi@suse.com - Update to version 1.20.6+k3s1: * Update to v1.20.6 * add cloud controller manager fixes from master * Update to v1.20.6 * Resolve local retention issue when S3 in use. * add hidden attribute to disable flags * delete nocluster file and remove build tag * remove hidden attribute from cluster flags and related code * add etcd s3 secret and access key flags and env vars to secret data * put etcd bootstrap save call in goroutine and update comment * remove duplicate method * Have Bootstrap Data Stored in etcd at Completed Start (#3038) * Etcd Snapshot/Restore to/from S3 Compatible Backends (#2902) * Add ability to perform an etcd on-demand snapshot via cli (#2819) * Update to Kubernetes v1.20.5 (#3094) * [release 1.20] containerd: v1.4.4-k3s1 (#3086) * Define a Controllers and LeaderControllers on the server config (#3053) * Suppress test failure due to incompatible server * Log clearer error on startup if NPC cannot be started * Add script to test server/agent version compatibility * [release-1.20] Add disable components flags (#3019) * Update to v1.20.4 (#2960) * Update k3s-root to v0.8.1 * Use appropriate response codes for authn/authz failures - Bump go version to 1.15 ------------------------------------------------------------------- Wed Apr 14 14:26:22 UTC 2021 - Michal Suchanek <msuchanek@suse.com> - Add disk size requirement in constraints - host-local path fixup * Refresh cni-bin-dir.patch ------------------------------------------------------------------- Thu Mar 25 14:25:49 UTC 2021 - Michal Suchanek <msuchanek@suse.com> - Update to upstream version 1.20.4+k3s1 * Known Issues - K3s servers should always be upgraded before agents. Agents upgraded to this release before all servers have been upgraded will fail to start due to the issue described at #2996 * Changes since v1.20.2+k3s2: + Upgrade Kubernetes to v1.20.4 (#2960) + K3s servers now use appropriate HTTP response codes to node join failures caused by incorrect credentials (#2915) + ServiceLB now adds IP addresses for all nodes running LB pods to the Service ingress IP list (#2909) + K3s will now reliably enable CFS quotas when the cpu and cpuacct cgroup controllers are comounted (#2911) + K3s nodes can now successfully join clusters when the cluster CA certificate is trusted by the OS CA bundle (#2743) + K3s binary size has been reduced; time to first launch a new version of K3s should be reduced as well (#2905) + K3s is now compiled with golang 1.15.8, resolving a common source of crashes on 32bit arm systems (#2896) + Crictl will more reliably locate its config file when run by non-root users (#2894) + The K3s systemd unit will successfully start with a missing EnvironmentFile (#2886 @AkihiroSuda) + The K3s Network Policy Controller has been updated, offering improved performance and reliability of network policy enforcement (#2867) + K3s containerd now supports AppArmor signal mediation (#2877) + The K3s embedded userspace (k3s-root) has been updated to fix several BusyBox CVEs and allow use of the fuse-overlayfs snapshotter (#2862 #2847) + K3s now supports cgroupv2 (#2844) + Several regressions in rootless support have been resolved (#2846) + Cadvisor statistics are no longer missing pod labels (#2836) + Embedded etcd's Prometheus metrics can now be exposed beyond localhost (#2750 @yuriydzobak) + The node.cloudprovider.kubernetes.io/uninitialized taint on new nodes is now cleared more reliably (#2843) + Embedded etc snapshots can now be performed on-demand (#2819) + K3s no longer validates containerd snapshotter functionality when not using the embedded containerd (#2800 @sonicaj) * Embedded Component Versions * Kubernetes v1.20.4 * Kine v0.6.0 * SQLite 3.33.0 * Etcd v3.4.13-k3s1 * Containerd v1.4.3-k3s3 * Flannel v0.12.0-k3s1 * Metrics-server v0.3.6 * Traefik v1.7.19 * CoreDNS v1.8.0 * Helm-controller v0.8.3 * Local-path-provisioner v0.0.19 - Refresh cni-bin-dir.patch - hyperkube no longer available ------------------------------------------------------------------- Tue Aug 4 11:41:14 UTC 2020 - Dirk Mueller <dmueller@suse.com> - add conflicts and minimal update-alternatives for new kubectl implementation ------------------------------------------------------------------- Mon Aug 3 17:02:25 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com> - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) ------------------------------------------------------------------- Thu May 2 12:44:52 UTC 2019 - Duncan Mac-Vicar <dmacvicar@suse.de> - Update to version 0.4.0 * Features and Enhancements - Update to kubernetes v1.14.1 - Upgraded from Kubernetes v1.13.5. This Kubernetes upgrade moves pid limiting to beta and is enabled by default, which may not be supported by all kernels. K3s will auto-detect cgroup pids support and add flags as needed if the pids module is not available. [#335] - Add --bind-address flag for API server [#214] Support custom bind address for kubernetes API server to bind to. - Add --cluster-domain flag for custom kubelet and DNS configuration [#267] Support configuring custom DNS cluster domains. - Add --flannel-iface flag for agent [#72] Support custom flannel interface. - Add passthrough args [#290] Support for overriding k3s default arguments or passing custom arguments to Kubernetes processes: --kube-apiserver-arg value Customized flag for kube-apiserver process --kube-scheduler-arg value Customized flag for kube-scheduler process --kube-controller-arg value Customized flag for kube-controller-manager process --kubelet-arg value (agent) Customized flag for kubelet process --kube-proxy-arg value (agent) Customized flag for kube-proxy process - Initial metrics-server support [#252] Configures aggregation layer so metrics server can be launched and metrics scraped. Future enhancements will remove need for a custom metrics server deployment. - Add experimental rootless support Provides --rootless flag for running k3s agent as a user. * Bug fixes - Fixed an issue where k3s may not connect to the API server when using proxy settings [#325] - Changes from Release v0.3.0 * Features and Enhancements - Airgap support with helm and preinstalled images [#166] Support static helm charts through the API server and loading container images on agents. See our documentation for details on how to perform airgap installations. - Add --tls-san flag for API server cert validation [#200] Support alternate names for cert generation to avoid API cert issues. - Add --resolv-conf flag for custom kubelet DNS configuration [#53] - Support configuring custom DNS resolvers or using the host system's resolv.conf configuration. If the host system's resolv.conf doesn't supply any viable resolvers, intelligently fallback to 8.8.8.8 (Google Public DNS). - Update to kubernetes v1.13.5 This upgrade from v1.13.4 addresses Kubernetes CVE-2019-9946 and CVE-2019-1002101. * Bug fixes - Fixed an issue where the k3s service load balancer will not be created if the port name is longer than 15 characters #90 - Fixed an issue where k3s does not ignore empty yaml documents in a manfest #222 - Fixed an issue where k3s may not run with selinux, the installer will now add selinux permissions #227 - Fixed an issue where k3s deployment manifests are created even if --no-deploy is specified #230 ------------------------------------------------------------------- Fri Mar 15 18:57:35 UTC 2019 - Jan Engelhardt <jengelh@inai.de> - Replace the sales pitch in the description by new wording, sourced from second block paragraph of k3s's README.md and Wikipedia, so as to fulfill the openSUSE description recommendations on what k3s is, and how it differs from other implementations of its kind. ------------------------------------------------------------------- Fri Mar 15 10:40:37 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org> - Fix 'Conflicts' - Add 'iptables' requires - Package hyperkube sepraretly - Add a workaround for https://github.com/rancher/k3s/issues/231 - Add kubectl and crictl symlinks - Update description ------------------------------------------------------------------- Wed Mar 13 22:07:33 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org> - Add requires to 'conntrack-tools' and 'runc' as it is needed at runtime ------------------------------------------------------------------- Wed Mar 13 15:07:20 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org> - Fix k3s-agent.service as '-u' is not a valid option ------------------------------------------------------------------- Tue Mar 12 15:02:30 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org> - Update to version 0.2.0: * Features and Enhancements: - Support arbitrary CRI implementations [#107] - Users can now configure k3s to use cri-o and other CRI implementations that are not packaged into k3s. - Support for preloading images [#92] - Users can now have node agents load docker images from a location on the host at startup, eliminating the need to pull images from a remote location. - Upgrade to Kubernetes v1.13.4 [#95] - Update to the latest release of Kubernetes. - Support k3s on Rancher [#69] - Users can now import k3s clusters into Rancher (supported in Rancher v2.2.0-rc3 and later). - Support agent options in server command [#73] - Users can now set any of the options available to agents when starting the k3s server node. - Support the ability to run k3s as non-root user [#38] - User can now run the k3s server as a non-root user. - Support the ability to read node token from a file [#98] - Users can now have the node-agent read its token from a file rather than passing it as a string. * Bug fixes: - Fixed an issue where preloaded deployment manifests fail to deploy if no namespace is specified #151 - Fixed an issue where changes to helm chart values or values.yaml aren't always triggering an upgrade #187 - Fixed an issue where nodes with uppercase hostnames hang indefinitely #160 - Fixed an issue where containerd log level environment variable is not respected #188 - Fixed an issue where node-token path doesn't resolve for root user in agent scripts #189 - Fixed an issue where traefik is not listed in the --no-deploy flag's help text #186 - Fixed an issue where changing cluster CIDR was not possible #93 - Fixed an issue where k3s systemd service should wait until the server is ready #57 - Fixed an issue where test volume mount e2e fails for k3s image #45 - Fixed an issue where component status is not accurate #126 - Fixed an issue where install script fails if wget is not available #48 - Added the ability to dynamically install the latest release of k3s #47 ------------------------------------------------------------------- Mon Mar 4 14:35:14 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org> - Add _constraints to avoid 'cannot allocate memory' error seen on aarch64 ------------------------------------------------------------------- Thu Feb 28 07:33:11 UTC 2019 - Duncan Mac-Vicar <dmacvicar@suse.de> - Initial package - v0.1.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor