From e047069e10a8c88ce803b49e5c7ca8eb92a99343 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Mon, 12 Feb 2024 23:24:37 +0000 Subject: [PATCH 1/2] Bump K3s version for v1.26 Updates k3s: https://github.com/k3s-io/k3s/compare/c74395c1a6dd...fe1533303425b5afba5d32333e74724b561b9315 Signed-off-by: Brad Davidson --- go.mod | 7 ++++--- go.sum | 14 ++++++++------ 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 288b5633a1..33211a9716 100644 --- a/go.mod +++ b/go.mod @@ -4,9 +4,9 @@ go 1.19 replace ( github.com/Microsoft/hcsshim => github.com/Microsoft/hcsshim v0.11.0 - github.com/Mirantis/cri-dockerd => github.com/k3s-io/cri-dockerd v0.3.4-k3s1 + github.com/Mirantis/cri-dockerd => github.com/k3s-io/cri-dockerd v0.3.9-k3s1 github.com/benmoss/go-powershell => github.com/k3s-io/go-powershell v0.0.0-20201118222746-51f4c451fbd7 - github.com/cloudnativelabs/kube-router/v2 => github.com/k3s-io/kube-router/v2 v2.0.0-20230925161250-364f994b140b + github.com/cloudnativelabs/kube-router/v2 => github.com/k3s-io/kube-router/v2 v2.0.1 github.com/containerd/containerd => github.com/k3s-io/containerd v1.7.11-k3s2.26 github.com/containerd/stargz-snapshotter => github.com/k3s-io/stargz-snapshotter v0.14.3-k3s1 github.com/docker/distribution => github.com/docker/distribution v2.8.2+incompatible @@ -101,7 +101,7 @@ require ( github.com/google/go-containerregistry v0.14.0 github.com/iamacarpet/go-win64api v0.0.0-20210311141720-fe38760bed28 github.com/k3s-io/helm-controller v0.15.8 - github.com/k3s-io/k3s v1.26.14-0.20240212173408-c74395c1a6dd // release-1.26 + github.com/k3s-io/k3s v1.26.14-0.20240212205601-fe1533303425 // release-1.26 github.com/libp2p/go-netroute v0.2.1 github.com/natefinch/lumberjack v2.0.0+incompatible github.com/onsi/ginkgo/v2 v2.11.0 @@ -265,6 +265,7 @@ require ( github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-retryablehttp v0.7.4 // indirect + github.com/hashicorp/go-version v1.6.0 // indirect github.com/hashicorp/golang-lru v0.5.4 // indirect github.com/hashicorp/golang-lru/arc/v2 v2.0.5 // indirect github.com/hashicorp/golang-lru/v2 v2.0.5 // indirect diff --git a/go.sum b/go.sum index 5862974d51..4e3d0235e3 100644 --- a/go.sum +++ b/go.sum @@ -889,6 +889,8 @@ github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/b github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= +github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= @@ -1016,8 +1018,8 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/k3s-io/containerd v1.7.11-k3s2.26 h1:L+qoTJbpm7g3lse9BzhN23neHsee74XjQwo4m7tvljA= github.com/k3s-io/containerd v1.7.11-k3s2.26/go.mod h1:dLQbKVd9nQsB+/2LO09B/VMzHELxgeORT5OCucwBMVo= -github.com/k3s-io/cri-dockerd v0.3.4-k3s1 h1:eCeVCeXzf10fyanv1gniSwidBjdO83/akv+M72uEnZc= -github.com/k3s-io/cri-dockerd v0.3.4-k3s1/go.mod h1:0KDOU8lLjp+ETJFFCcVBRQbJ8puRoDxaHBDj8C87Fk4= +github.com/k3s-io/cri-dockerd v0.3.9-k3s1 h1:RVgmFWAzzgRLnEksbN40hafvvv0gWpL5A1Ewk2fbHKI= +github.com/k3s-io/cri-dockerd v0.3.9-k3s1/go.mod h1:lFYnfbsh0nMJ4ZBzluuHKrX332DLf4gd06/ZXj7JBi4= github.com/k3s-io/etcd/api/v3 v3.5.9-k3s1 h1:y4ont0HdnS7gtWNTXM8gahpKjAHtctgON/sjVRthlZY= github.com/k3s-io/etcd/api/v3 v3.5.9-k3s1/go.mod h1:uyAal843mC8uUVSLWz6eHa/d971iDGnCRpmKd2Z+X8k= github.com/k3s-io/etcd/client/pkg/v3 v3.5.9-k3s1 h1:LJFtNHaBJg2BqFE3lRxWZkUsKTYLbh0s0NCXPMjW3cg= @@ -1036,16 +1038,16 @@ github.com/k3s-io/etcd/server/v3 v3.5.9-k3s1 h1:B3039IkTPnwQEt4tIMjC6yd6b1Q3Z9ZZ github.com/k3s-io/etcd/server/v3 v3.5.9-k3s1/go.mod h1:GgI1fQClQCFIzuVjlvdbMxNbnISt90gdfYyqiAIt65g= github.com/k3s-io/helm-controller v0.15.8 h1:CAMEPmiqf4ugUCpZdICGINthCn+hkG/l1fadn8aVjfQ= github.com/k3s-io/helm-controller v0.15.8/go.mod h1:AYitg40howLjKloL/zdjDDOPL1jg/K5R4af0tQcyPR8= -github.com/k3s-io/k3s v1.26.14-0.20240212173408-c74395c1a6dd h1:G4msgNwSgFepTO4z4AU4UQmwxPjPPjDHg12NjD6GqKk= -github.com/k3s-io/k3s v1.26.14-0.20240212173408-c74395c1a6dd/go.mod h1:mqo5CfPECXceyBUgNSemG6t41u6BJNWhebBDaFIEewM= +github.com/k3s-io/k3s v1.26.14-0.20240212205601-fe1533303425 h1:yhUPNvaapuIUCsJLih3qj1OMWYiqB2/KYaLG08EwG3M= +github.com/k3s-io/k3s v1.26.14-0.20240212205601-fe1533303425/go.mod h1:mqo5CfPECXceyBUgNSemG6t41u6BJNWhebBDaFIEewM= github.com/k3s-io/kine v0.11.4 h1:ZIXQT4vPPKNL9DwLF4dQ11tWtpJ1C/7OKNIpFmTkImo= github.com/k3s-io/kine v0.11.4/go.mod h1:NmwOWsWgB3aScq5+LEYytAaceqkG7lmCLLjjrWug8v4= github.com/k3s-io/klog v1.0.0-k3s2 h1:yyvD2bQbxG7m85/pvNctLX2bUDmva5kOBvuZ77tTGBA= github.com/k3s-io/klog v1.0.0-k3s2/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= github.com/k3s-io/klog/v2 v2.80.1-k3s1 h1:mGMXURxxmabQurmtRhXuQTJ9jC0pvIhESSxRSymepS8= github.com/k3s-io/klog/v2 v2.80.1-k3s1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -github.com/k3s-io/kube-router/v2 v2.0.0-20230925161250-364f994b140b h1:qskSYKhQcW2OjKyiJkuCmy35FsdLRTMrzPkuMshgGHk= -github.com/k3s-io/kube-router/v2 v2.0.0-20230925161250-364f994b140b/go.mod h1:q4qeG/b4kBDBkjWPwOvwkVz9IOjb5Jjj2u3aXOyQJy4= +github.com/k3s-io/kube-router/v2 v2.0.1 h1:UCsdkQjSfOkVakixilRDDkG9yq775GBSKxBfsyUj8ng= +github.com/k3s-io/kube-router/v2 v2.0.1/go.mod h1:4RaSEL+a50Yq85qIYyAb69bAQItcHrGbVo7uwCQZjfc= github.com/k3s-io/kubernetes v1.26.13-k3s1 h1:eB14pxnM3ogNhlARmEI6hvclSHpU4wzgju6aCnxOJ+o= github.com/k3s-io/kubernetes v1.26.13-k3s1/go.mod h1:Y5N3uFKuSpAI0lqQ8Qo8GY/T3St+nWPs/0k8atin6E8= github.com/k3s-io/kubernetes/staging/src/k8s.io/api v1.26.13-k3s1 h1:7Th61ZOjpq6wh30WEJ80/yH5yt10E9DE+OkhMxjp+SE= From 5729b3309ea0f19c29f5fb86ba06af0c5640ecef Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Wed, 24 Jan 2024 21:55:25 +0000 Subject: [PATCH 2/2] Only run flannel host-network CIS netpol controller when using canal CNI This will leave the existing policy in place in case anyone was depending on it, but new clusters will not have it. Administrators can delete if if they wish, without risk of the controller putting it back. Signed-off-by: Brad Davidson (cherry picked from commit 18d5dbe9b1ebf2bdb6ea74b29b6d7104babbebda) Signed-off-by: Brad Davidson --- pkg/controllers/cisnetworkpolicy/controller.go | 2 +- pkg/rke2/rke2.go | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/pkg/controllers/cisnetworkpolicy/controller.go b/pkg/controllers/cisnetworkpolicy/controller.go index ae39b289de..b8e20f9bf6 100644 --- a/pkg/controllers/cisnetworkpolicy/controller.go +++ b/pkg/controllers/cisnetworkpolicy/controller.go @@ -34,7 +34,7 @@ func register(ctx context.Context, ctx: ctx, k8s: k8s, } - logrus.Debugf("CISNetworkPolicyController: Registering controller hooks") + logrus.Debugf("CISNetworkPolicyController: Registering controller hooks for NetworkPolicy %s", flannelHostNetworkPolicyName) nodes.OnChange(ctx, "cisnetworkpolicy-node", h.handle) nodes.OnRemove(ctx, "cisnetworkpolicy-node", h.handle) return nil diff --git a/pkg/rke2/rke2.go b/pkg/rke2/rke2.go index ef38e92c9e..35ac9e514d 100644 --- a/pkg/rke2/rke2.go +++ b/pkg/rke2/rke2.go @@ -22,6 +22,7 @@ import ( "github.com/pkg/errors" "github.com/rancher/rke2/pkg/controllers/cisnetworkpolicy" "github.com/rancher/rke2/pkg/images" + "github.com/rancher/wrangler/pkg/slice" "github.com/sirupsen/logrus" "github.com/urfave/cli" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -114,7 +115,8 @@ func Server(clx *cli.Context, cfg Config) error { var leaderControllers rawServer.CustomControllers - if cisMode { + cnis := clx.StringSlice("cni") + if cisMode && (len(cnis) == 0 || slice.ContainsString(cnis, "canal")) { leaderControllers = append(leaderControllers, cisnetworkpolicy.Controller) }