Fixes issue where RKE2 event recorder events were not logged to console due to lack of logging context.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
mux is replaced with a simple wrapper around http.ServeMux with middleware chain support
Unfortunately github.com/rootless-containers/rootlesskit/pkg/parent
still uses it so we can't drop the indirect dep yet.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Fixes issue preventing containerd from accessing spegel on ipv6-primary agents. Only affects agents because only agents use the kubelet-serving cert for the supervisor listener.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Pass GOOS into Dockerfile.local build args
Fixes issue with build-windows job not actually building for windows
* Remove `go generate` from package-cli
We no longer use codegen in this repo
* Fix go:embed path separator on Windows
* Bump hcsshim for containerd 2.1 compat on windows
* Include failing lister in error message
* Bump k3s-io/api and k3s-io/helm-controller for embedded CRD windows path fix
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Move the node password secret cleanup into its own dedicated controller
that also handles auth. We now use a filtered cache of only
node-password secrets, instead of using the wrangler secret cache,
which stores all secrets from all namespaces.
The coredns node-hosts controller also now uses a single-resource
watch cache on the coredns configmap, instead of reading it from
the apiserver every time a node changes.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
K3s stopped using node password files in v1.19 (92d04355f4), so we do not need to support migrating off these any longer.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Use https port for helm-controller bootstrap charts instead of apiserver internal port, which does not listen on all address families in K3s since it is just set to avoid having the apiserver conflict with the supervisor port.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Currently only waits on etcd and kine, as other components
are stateless and do not need to shut down cleanly.
Terminal but non-fatal errors now request shutdown via context
cancellation, instead of just logging a fatal error.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Also cleans up some of the server.Context factory creation stuff to eliminate unused code paths and avoid registering the Helm controller when helm is disabled.
As of fe465cc832 we no longer call NewContext outside pkg/server, so the isServer bool flag to use the supervisor kubeconfig and create an event recorder is unnecessary.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Panic gets rescued by the http server, and was only visible when running in debug mode, but should be handled properly.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Adds maximum in-flight request limits to agent join and p2p peer info
request request handlers.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
I assume this was a mistake when copying and the kubelet key should have been used here.
This bug was introduced in #11471.
Signed-off-by: Aaron Dewes <aaron@nirvati.org>
* chore: Bump Klipper Helm and Helm Controller version
Made with ❤️️ by updatecli
* chore: Bump Klipper Helm and Helm Controller version
Made with ❤️️ by updatecli
* Fix build
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Derek Nola <derek.nola@suse.com>
- Add testlet for new provider switch
- Handle migration between providers
- Add exception for criticalcontrolargs
Signed-off-by: Derek Nola <derek.nola@suse.com>
Move the container runtime ready channel into the executor interface, instead of passing it awkwardly between server and agent config structs
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Splits server startup into prepare/start phases. Server's agent is now
started after server is prepared, but before it is started. This allows
us to properly bootstrap the executor before starting server components,
and use the executor to provide a shared channel to wait on apiserver
readiness.
This allows us to replace four separate callers of WaitForAPIServerReady
with reads from a common ready channel.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
We are not making use of the stack traces that these functions capture, so we should avoid using them as unnecessary overhead.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Fixes issue where CA rotation would fail on servers with join URL set due to using old data from disk on other server
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
The servers package, and router.go in particular, had become quite
large. Address this by moving some things out to separate packages:
* http request handlers all move to pkg/server/handlers.
* node password bootstrap auth handler goes into pkg/nodepassword with
the other nodepassword code.
While we're at it, also be more consistent about calling variables that
hold a config.Control struct or reference `control` instead of `config` or `server`.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Add missing default OS for split server test
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Launch go routine and return for k3s secrets-encrypt reencrypt
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
