Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-1.27] Backports for 2024-04 release cycle #9912

Merged
merged 16 commits into from
Apr 11, 2024
Merged

[release-1.27] Backports for 2024-04 release cycle #9912

merged 16 commits into from
Apr 11, 2024

Commits on Apr 10, 2024

  1. Move error response generation code into util 

    Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 7a2a2d0)
    @brandond
    brandond committed Apr 10, 2024
    Configuration menu
    Copy the full SHA
    67befa8 View commit details
    Browse the repository at this point in the history

  2. Send error response if member list cannot be retrieved 

    Prevents joining nodes from being stuck with bad initial member list if there is a transient failure, or if they try to join themselves

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit d7cdbb7)
    @brandond
    brandond committed Apr 10, 2024
    Configuration menu
    Copy the full SHA
    bcab430 View commit details
    Browse the repository at this point in the history

  3. Respect cloud-provider fields set by kubelet 

    Don't clobber the providerID field and instance-type/region/zone labels if provided by the kubelet. This allows the user to set these to the correct values when using the embedded CCM in a real cloud environment.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 65cd606)
    @brandond
    brandond committed Apr 10, 2024
    Configuration menu
    Copy the full SHA
    437f85f View commit details
    Browse the repository at this point in the history

  4. Fix error when image has already been pulled 

    CRI and containerd APIs disagree about the registry names - CRI supports
index.docker.io as an alias for docker.io, while containerd does not.
Use the actual stored RepoTag to determine what image to ask containerd for.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit f099bfa)
    @brandond
    brandond committed Apr 10, 2024
    Configuration menu
    Copy the full SHA
    741cf5a View commit details
    Browse the repository at this point in the history

  5. Add /etc/passwd and /etc/group to k3s docker image 

    Fixes `cannot find name for user ID 0: No such file or directory` errors when checking user info in docker image

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 7474a6f)
    @brandond
    brandond committed Apr 10, 2024
    Configuration menu
    Copy the full SHA
    12b2fd3 View commit details
    Browse the repository at this point in the history

  6. Fix etcd snapshot reconcile for agentless nodes 

    Disable cleanup of orphaned snapshots and patching of node annotations if running agentless

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit edb0440)
    @brandond
    brandond committed Apr 10, 2024
    Configuration menu
    Copy the full SHA
    acfa70d View commit details
    Browse the repository at this point in the history

  7. Add health-check support to loadbalancer 

    * Adds support for health-checking loadbalancer servers. If a
  health-check fails when dialing, all existing connections to the
  server will be closed.
* Wires up a remotedialer tunnel connectivity check as the health check
  for supervisor/apiserver connections.
* Wires up a simple ping request to the supervisor port as the health
  check for etcd connections.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit c51d7bf)
    @brandond
    brandond committed Apr 10, 2024
    Configuration menu
    Copy the full SHA
    5e4572e View commit details
    Browse the repository at this point in the history

  8. Add certificate expiry check and warnings 

    * Add ADR
* Add `k3s certificate check` command.
* Add periodic check and events when certs are about to expire.
* Add metrics for certificate validity remaining, labeled by cert subject

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 7f65975)
    @brandond
    brandond committed Apr 10, 2024
    Configuration menu
    Copy the full SHA
    5c96d67 View commit details
    Browse the repository at this point in the history

  9. Add workaround for containerd hosts.toml bug 

    Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit f2961fb)
    @brandond
    brandond committed Apr 10, 2024
    Configuration menu
    Copy the full SHA
    a202cec View commit details
    Browse the repository at this point in the history

  10. Add supervisor cert/key to rotate list 

    Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 60248c4)
    @brandond
    brandond committed Apr 10, 2024
    Configuration menu
    Copy the full SHA
    67819f7 View commit details
    Browse the repository at this point in the history

  11. Bump containerd and cri-dockerd 

    Bump containerd to v1.7.15
Bump cri-dockerd to v0.3.12

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 0792461)
    @brandond
    brandond committed Apr 10, 2024
    Configuration menu
    Copy the full SHA
    417800a View commit details
    Browse the repository at this point in the history

  12. Move etcd snapshot management CLI to request/response 

    Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit fe465cc)
    @brandond
    brandond committed Apr 10, 2024
    Configuration menu
    Copy the full SHA
    1daa530 View commit details
    Browse the repository at this point in the history

  13. Improve etcd load-balancer startup behavior 

    Prefer the address of the etcd member being joined, and seed the full address list immediately on startup.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 7d9abc9)
    @brandond
    brandond committed Apr 10, 2024
    Configuration menu
    Copy the full SHA
    be56ade View commit details
    Browse the repository at this point in the history

  14. Don't log 'apiserver disabled' error sent by etcd-only nodes 

    Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 08f1022)
    @brandond
    brandond committed Apr 10, 2024
    Configuration menu
    Copy the full SHA
    aec89c5 View commit details
    Browse the repository at this point in the history

  15. Actually fix agent certificate rotation 

    Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 4cc73b1)
    @brandond
    brandond committed Apr 10, 2024
    Configuration menu
    Copy the full SHA
    4d81a72 View commit details
    Browse the repository at this point in the history

Commits on Apr 11, 2024

  1. Update packaged manifests 

    * Update traefik chart to bump image tag and fix quoting
* Fix image quoting in flat manifests
* Update local-path-provisioner config to stop using deprecated hostpath volume type

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
    @brandond
    brandond committed Apr 11, 2024
    Configuration menu
    Copy the full SHA
    2f2ccc9 View commit details
    Browse the repository at this point in the history