Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>

Signed-off-by: Shylaja Devadiga <shylaja.devadiga@suse.com>

Signed-off-by: Abirdcfly <fp544037857@gmail.com>

Signed-off-by: Chris Wayne <cwayne18@gmail.com>

Signed-off-by: Chris Wayne <cwayne18@gmail.com>

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

This reverts commit 4a3d283b

.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>

Signed-off-by: Derek Nola <derek.nola@suse.com>

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Consolidate data dir flag
* Group cluster flags together
* Reorder and group agent flags
* Add additional info around vmodule flag
* Hide deprecated flags, and add warning about their removal
Signed-off-by: Derek Nola <derek.nola@suse.com>

Having separate tokens for server and agent nodes is a nice feature.

However, passing server's plain `K3S_AGENT_TOKEN` value
to `k3s agent --token` without CA hash is insecure when CA is
self-signed, and k3s warns about it in the logs:

```
Cluster CA certificate is not trusted by the host CA bundle, but the token does not include a CA hash.
Use the full token from the server's node-token file to enable Cluster CA validation.
```

Okay so I need CA hash but where should I get it?

This commit attempts to fix this issue by saving agent token value to
`agent-token` file with CA hash appended.
Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru>

Signed-off-by: Derek Nola <derek.nola@suse.com>

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

* Update naming on old adrs
* New adr for removing deprecated flags
Signed-off-by: Derek Nola <derek.nola@suse.com>

Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

Requires tweaking existing method signature to allow specifying whether or not IPv6 addresses should be return URL-safe.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

Use k3s-io fork of kube-router to keep the netpol dual-stack contrib
Signed-off-by: thomasferrandiz <thomas.ferrandiz@suse.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

* Use INVOCATION_ID to detect execution under systemd, since as of a9b5a193

 NOTIFY_SOCKET is now cleared by the server code.
* Set the unit type to notify by default for both server and agent, which is what Rancher-managed installs have done for a while.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

Addressess issue where the compact may take more than 10 seconds on slower disks. These disks probably aren't really suitable for etcd, but apparently run fine otherwise.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

This avoids an issue with u-root 7.0.0 which has been retracted by the
author:

  $ go list -u -m all
  $ go list -m: github.com/u-root/u-root@v7.0.0+incompatible: retracted by module author: Published v7 too early (before migrating to go modules)
Signed-off-by: Dirk Müller <dirk@dmllr.de>

Signed-off-by: rancher-max <max.ross@suse.com>

Signed-off-by: rancher-max <max.ross@suse.com>

Signed-off-by: Nikolai Shields <nikolai@nikolaishields.com>

* Increase the default snapshot timeout. The timeout is not currently
  configurable from Rancher, and larger clusters are frequently seeing
  uploads fail at 30 seconds.
* Enable compression for scheduled snapshots if enabled on the
  command-line. The CLI flag was not being passed into the etcd config.
* Only set the S3 content-type to application/zip if the file is zipped.
* Don't run more than one snapshot at once, to prevent misconfigured
  etcd snapshot cron schedules from stacking up.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

87e1806697cd7dfffb7cb0de73c85e889365780d removed the OwnerReferences
field from the DaemonSet, which makes sense since the Service may now be
in a different namespace than the DaemonSet and cross-namespace owner
references are not supported.  Unfortunately, we were relying on
garbage collection to delete the DameonSet, so this started leaving
orphaned DaemonSets when Services were deleted.

We don't want to add an a Service OnRemove handler, since this will add
finalizers to all Services, not just LoadBalancers services, causing
conformance tests to fail. Instead, manage our own finalizers, and
restore the DaemonSet removal Event that was removed by the same commit.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

Since #4438 removed 2-way sync and treats any changed+newer files on disk as an error, we no longer need to determine if files are newer on disk/db or if there is a conflicting mix of both. Any changed+newer file is an error, unless we're doing a cluster reset in which case everything is unconditionally replaced.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

Properly skip restoring bootstrap data for files that don't have a path
set because the feature that would set it isn't enabled.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

* Replace dapper mod test with regular docker
Signed-off-by: Derek Nola <derek.nola@suse.com>

cadvisor still doesn't pull stats via CRI yet, so we have to continue to use the deprecated arg.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

Includes fix for ENOSYS/EPERM issue on s390x.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

Includes fix for recently identified memory leak.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>