Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-1.26] Backports for 2023-08 release #8129

Merged
merged 9 commits into from
Aug 4, 2023
Merged

[release-1.26] Backports for 2023-08 release #8129

merged 9 commits into from
Aug 4, 2023

Conversation

brandond
Copy link
Contributor

@brandond brandond commented Aug 3, 2023

Proposed Changes

Backports:

Types of Changes

backports

Verification

See linked issues

Testing

Linked Issues

User-Facing Change

K3s's external apiserver listener now declines to add to its certificate any subject names not associated with the kubernetes apiserver service, server nodes, or values of the --tls-san option. This prevents the certificate's SAN list from being filled with unwanted entries.
K3s no longer enables the apiserver's `enable-aggregator-routing` flag when the egress proxy is not being used to route connections to in-cluster endpoints.
Updated the embedded containerd to v1.7.3+k3s1
Updated the embedded runc to v1.1.8
Updated the embedded etcd to v3.5.9+k3s1
User-provided containerd config templates may now use `{{ template "base" . }}` to include the default K3s template content. This makes it easier to maintain user configuration if the only need is to add additional sections to the file.
Bump docker/docker module version to fix issues with cri-dockerd caused by recent releases of golang rejecting invalid host headers sent by the docker client.
Updated kine to v0.10.2

Further Comments

@brandond brandond requested a review from a team as a code owner August 3, 2023 22:39
@brandond brandond force-pushed the 2023-08-backports_release-1.26 branch from b5fd87d to 67109e1 Compare August 3, 2023 22:40
skirsten and others added 5 commits August 3, 2023 22:53
@skirsten @brandond
Add support for {{ template "base" . }} in etc/containerd/config.to…
2118f04 
…ml.tmpl (k3s-io#7991)

Signed-off-by: Simon Kirsten <simonkirsten24@gmail.com>
(cherry picked from commit 546dc24)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
@brandond
Make apiserver egress args conditional on egress-selector-mode
4001047 
Only configure enable-aggregator-routing and egress-selector-config-file
if required by egress-selector-mode.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit f21ae1d)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
@macedogm @brandond
Security bump to docker/distribution (k3s-io#8047)
ea5d746 
Signed-off-by: Guilherme Macedo <guilherme@gmacedo.com>
(cherry picked from commit cc9dce5)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
@brandond
Add FilterCN function to prevent SAN Stuffing
78cdfae 
Wire up a node watch to collect addresses of server nodes, to prevent adding unauthorized SANs to the dynamiclistener cert.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit aa76942)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
@brandond
Bump docker/docker to master commit
2335012 
Fixes issue with invalid HTTP host headers over unix sockets caused by
recent releases of golang rejecting invalid header values.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit a0da8ed)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
@brandond brandond force-pushed the 2023-08-backports_release-1.26 branch from 67109e1 to 99cd47e Compare August 3, 2023 22:57
@brandond
Bump versions for etcd, containerd, runc, kine
160c9b5 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 23d6842)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
@brandond
Bump kine to v0.10.2
8a340c6 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit fd53114)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
@brandond brandond force-pushed the 2023-08-backports_release-1.26 branch from 99cd47e to 8a340c6 Compare August 4, 2023 01:26
@brandond
Use 'go list -m' instead of grep to look up versions
63bb6a4 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
@brandond
Use VERSION_K8S in tests instead of grep go.mod
521b92c 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
@brandond
Copy link
Contributor Author

brandond commented Aug 4, 2023

s390 issue; merging

@brandond brandond merged commit a1d0095 into k3s-io:release-1.26 Aug 4, 2023
5 of 6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@manuelbuil manuelbuil manuelbuil approved these changes

@osodracnai osodracnai osodracnai approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@brandond @manuelbuil @osodracnai @skirsten @macedogm