From 371edaca6007c23975d4970279ec748dc1ffda5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dirk=20M=C3=BCller?= Date: Tue, 28 Jun 2022 15:01:15 +0200 Subject: [PATCH 1/8] update rootlesskit to 1.0.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This avoids an issue with u-root 7.0.0 which has been retracted by the author: $ go list -u -m all $ go list -m: github.com/u-root/u-root@v7.0.0+incompatible: retracted by module author: Published v7 too early (before migrating to go modules) Signed-off-by: Dirk Müller (cherry picked from commit 93ca992cdb5be94b65747ce0bca41270183c7e5d) Signed-off-by: Brad Davidson --- go.mod | 4 ++-- go.sum | 20 ++++++++++++-------- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/go.mod b/go.mod index d6ddb28d4088..cee24e5bc03b 100644 --- a/go.mod +++ b/go.mod @@ -117,10 +117,10 @@ require ( github.com/rancher/wharfie v0.5.1 github.com/rancher/wrangler v0.8.10 github.com/robfig/cron/v3 v3.0.1 - github.com/rootless-containers/rootlesskit v0.14.5 + github.com/rootless-containers/rootlesskit v1.0.1 github.com/sirupsen/logrus v1.8.1 github.com/spf13/pflag v1.0.5 - github.com/stretchr/testify v1.7.0 + github.com/stretchr/testify v1.7.1 github.com/tchap/go-patricia v2.3.0+incompatible // indirect github.com/urfave/cli v1.22.9 github.com/vishvananda/netlink v1.2.1-beta.2 diff --git a/go.sum b/go.sum index f723b5f71995..fe1b463b6523 100644 --- a/go.sum +++ b/go.sum @@ -73,8 +73,9 @@ github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZ github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v0.4.1 h1:GaI7EiDXDRfa8VshkTj7Fym7ha+y8/XxIgD2okUIjLw= github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/BurntSushi/toml v1.1.0 h1:ksErzDEI1khOiGPgpwuI7x2ebx/uXQNw7xJpn9Eq1+I= +github.com/BurntSushi/toml v1.1.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/GoogleCloudPlatform/k8s-cloud-provider v0.0.0-20200415212048-7901bc822317 h1:JhyuWIqYrstW7KHMjk/fTqU0xtMpBOHuiTA2FVc7L4E= github.com/GoogleCloudPlatform/k8s-cloud-provider v0.0.0-20200415212048-7901bc822317/go.mod h1:DF8FZRxMHMGv/vP2lQP6h+dYzzjpuRn24VeRiYn3qjQ= @@ -576,7 +577,7 @@ github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= -github.com/insomniacslk/dhcp v0.0.0-20210120172423-cc9239ac6294/go.mod h1:TKl4jN3Voofo4UJIicyNhWGp/nlQqQkFxmwIFTvBkKI= +github.com/insomniacslk/dhcp v0.0.0-20220119180841-3c283ff8b7dd/go.mod h1:h+MxyHxRg9NH3terB1nfRIUaQEcI0XOVkdR9LNBlp8E= github.com/ishidawataru/sctp v0.0.0-20190723014705-7c296d48a2b5/go.mod h1:DM4VvS+hD/kDi1U1QsX2fnZowwBhqD0Dk3bRPKF/Oc8= github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA= github.com/j-keck/arping v1.0.2/go.mod h1:aJbELhR92bSk7tp79AWM/ftfc90EfEi2bQJrbBFOsPw= @@ -827,8 +828,9 @@ github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQ github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8= github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= github.com/moby/sys/mountinfo v0.4.1/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A= -github.com/moby/sys/mountinfo v0.6.0 h1:gUDhXQx58YNrpHlK4nSL+7y2pxFZkUcXqzFDKWdC0Oo= github.com/moby/sys/mountinfo v0.6.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU= +github.com/moby/sys/mountinfo v0.6.1 h1:+H/KnGEAGRpTrEAqNVQ2AM3SiwMgJUt/TXj+Z8cmCIc= +github.com/moby/sys/mountinfo v0.6.1/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU= github.com/moby/sys/symlink v0.2.0 h1:tk1rOM+Ljp0nFmfOIBtlV3rTDlWOwFRhjEeAhZB0nZc= github.com/moby/sys/symlink v0.2.0/go.mod h1:7uZVF2dqJjG/NsClqul95CqKOBRQyYSNnJ6BMgR/gFs= github.com/moby/term v0.0.0-20201216013528-df9cb8a40635/go.mod h1:FBS0z0QWA44HXygs7VXDUOGoN/1TV3RuWkLO04am3wc= @@ -1004,8 +1006,8 @@ github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzG github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rootless-containers/rootlesskit v0.14.5 h1:X4eNt2e1h/uSjlssKqpeTY5fatrjDz9F9FX05RJB7Tw= -github.com/rootless-containers/rootlesskit v0.14.5/go.mod h1:Ai3detLzryb/4EkzXmNfh8aByUcBXp/qqkQusJs1SO8= +github.com/rootless-containers/rootlesskit v1.0.1 h1:jepqW1txFSowKSMAEkVhWH3Oa1TCY9S400MVYe/6Iro= +github.com/rootless-containers/rootlesskit v1.0.1/go.mod h1:t2UAiYagxrJ+wmpFAUIZPcqsm4k2B7ve6g7lILKbloc= github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= github.com/rs/xid v1.4.0 h1:qd7wPTDkN6KQx2VmMBLrpHkiyQwgFXRnkOLacUiaSNY= github.com/rs/xid v1.4.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= @@ -1090,8 +1092,9 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= @@ -1103,15 +1106,16 @@ github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhV github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802 h1:uruHq4dN7GR16kFc5fp3d1RIYzJW5onx8Ybykw2YQFA= github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/u-root/u-root v7.0.0+incompatible/go.mod h1:RYkpo8pTHrNjW08opNd/U6p/RJE7K0D8fXO0d47+3YY= +github.com/u-root/uio v0.0.0-20210528114334-82958018845c/go.mod h1:LpEX5FO/cB+WF4TYGY1V5qktpaZLkKkSegbr0V4eYXA= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.9 h1:cv3/KhXGBGjEXLC4bH0sLuJ9BewaAbpk5oyMOveu4pw= github.com/urfave/cli v1.22.9/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/urfave/cli/v2 v2.3.0 h1:qph92Y649prgesehzOrQjdWyxFOp/QVM+6imKHad91M= github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI= +github.com/urfave/cli/v2 v2.5.1 h1:YKwdkyA0xTBzOaP2G0DVxBnCheHGP+Y9VbKAs4K1Ess= +github.com/urfave/cli/v2 v2.5.1/go.mod h1:oDzoM7pVwz6wHn5ogWgFUU1s4VJayeQS+aEZDqXIEJs= github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4= github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME= github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaWq6kXyQ3VI= From 46cbb4325862435401ecdaf5ceaab193b43040dc Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Tue, 19 Jul 2022 17:21:23 -0700 Subject: [PATCH 2/8] Raise etcd connection test timeout to 30 seconds Addressess issue where the compact may take more than 10 seconds on slower disks. These disks probably aren't really suitable for etcd, but apparently run fine otherwise. Signed-off-by: Brad Davidson (cherry picked from commit 1674b9d6408dd4227a714506296cbe79c249a68d) Signed-off-by: Brad Davidson --- pkg/etcd/etcd.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/etcd/etcd.go b/pkg/etcd/etcd.go index 1a3f4387a28c..14a4afe345e2 100644 --- a/pkg/etcd/etcd.go +++ b/pkg/etcd/etcd.go @@ -53,7 +53,7 @@ import ( ) const ( - testTimeout = time.Second * 10 + testTimeout = time.Second * 30 manageTickerTime = time.Second * 15 learnerMaxStallTime = time.Minute * 5 memberRemovalTimeout = time.Minute * 1 @@ -933,7 +933,7 @@ func (e *ETCD) manageLearners(ctx context.Context) { defer t.Stop() for range t.C { - ctx, cancel := context.WithTimeout(ctx, testTimeout) + ctx, cancel := context.WithTimeout(ctx, manageTickerTime) defer cancel() // Check to see if the local node is the leader. Only the leader should do learner management. From 43e5728f7cfa409f58bbe1c15d1ef71533dd3ea4 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Tue, 12 Jul 2022 17:03:25 -0700 Subject: [PATCH 3/8] Fix server systemd detection * Use INVOCATION_ID to detect execution under systemd, since as of a9b5a1933fbd773062be1433d056df07f138a7bd NOTIFY_SOCKET is now cleared by the server code. * Set the unit type to notify by default for both server and agent, which is what Rancher-managed installs have done for a while. Signed-off-by: Brad Davidson (cherry picked from commit bd5fdfce330fee140936e1ce4ba2453544a036bd) Signed-off-by: Brad Davidson --- install.sh | 6 +----- pkg/agent/containerd/config_linux.go | 5 ++++- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/install.sh b/install.sh index cb190c8a7caf..fc78bdeb72de 100755 --- a/install.sh +++ b/install.sh @@ -217,11 +217,7 @@ setup_env() { if [ -n "${INSTALL_K3S_TYPE}" ]; then SYSTEMD_TYPE=${INSTALL_K3S_TYPE} else - if [ "${CMD_K3S}" = server ]; then - SYSTEMD_TYPE=notify - else - SYSTEMD_TYPE=exec - fi + SYSTEMD_TYPE=notify fi # --- use binary install directory if defined or create default --- diff --git a/pkg/agent/containerd/config_linux.go b/pkg/agent/containerd/config_linux.go index 20697d20dbb1..0a5a198f1008 100644 --- a/pkg/agent/containerd/config_linux.go +++ b/pkg/agent/containerd/config_linux.go @@ -52,7 +52,10 @@ func setupContainerdConfig(ctx context.Context, cfg *config.Node) error { if disableCgroup { logrus.Warn("cgroup v2 controllers are not delegated for rootless. Disabling cgroup.") } else { - cfg.AgentConfig.Systemd = controllers["cpuset"] && os.Getenv("NOTIFY_SOCKET") != "" + // note: this mutatation of the passed agent.Config is later used to set the + // kubelet's cgroup-driver flag. This may merit moving to somewhere else in order + // to avoid mutating the configuration while setting up containerd. + cfg.AgentConfig.Systemd = !isRunningInUserNS && controllers["cpuset"] && os.Getenv("INVOCATION_ID") != "" } var containerdTemplate string From f4e6b21b1169b3b6b86ab0902488d0dafb966a08 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Thu, 21 Jul 2022 14:38:49 -0700 Subject: [PATCH 4/8] Add service-cluster-ip-range to controller-manager args Signed-off-by: Brad Davidson (cherry picked from commit 84fb8787f25304cecb6505ebedb654a29c5bf6d8) Signed-off-by: Brad Davidson --- pkg/daemons/control/server.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/daemons/control/server.go b/pkg/daemons/control/server.go index c2185497bd9c..d886934fd1ec 100644 --- a/pkg/daemons/control/server.go +++ b/pkg/daemons/control/server.go @@ -107,6 +107,7 @@ func controllerManager(ctx context.Context, cfg *config.Control) error { "authentication-kubeconfig": runtime.KubeConfigController, "service-account-private-key-file": runtime.ServiceKey, "allocate-node-cidrs": "true", + "service-cluster-ip-range": util.JoinIPNets(cfg.ServiceIPRanges), "cluster-cidr": util.JoinIPNets(cfg.ClusterIPRanges), "root-ca-file": runtime.ServerCA, "profiling": "false", From 2d9b85ffab3df41899fda7f64e50addd450cb8d2 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Thu, 21 Jul 2022 14:40:09 -0700 Subject: [PATCH 5/8] Replace getLocalhostIP with Loopback helper method Requires tweaking existing method signature to allow specifying whether or not IPv6 addresses should be return URL-safe. Signed-off-by: Brad Davidson (cherry picked from commit 5eaa0a94226e850993f9c532ced93bd4249b7332) Signed-off-by: Brad Davidson --- pkg/cli/server/server.go | 2 +- pkg/daemons/config/types.go | 28 ++++++++++++++++------------ pkg/daemons/control/deps/deps.go | 4 ++-- pkg/daemons/control/server.go | 16 ++++------------ pkg/daemons/control/tunnel.go | 2 +- pkg/etcd/etcd.go | 8 ++++---- pkg/server/server.go | 6 +++--- 7 files changed, 31 insertions(+), 35 deletions(-) diff --git a/pkg/cli/server/server.go b/pkg/cli/server/server.go index 6e5f8fdfb000..706abe71af18 100644 --- a/pkg/cli/server/server.go +++ b/pkg/cli/server/server.go @@ -468,7 +468,7 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont systemd.SdNotify(true, "READY=1\n") }() - url := fmt.Sprintf("https://%s:%d", serverConfig.ControlConfig.BindAddressOrLoopback(false), serverConfig.ControlConfig.SupervisorPort) + url := fmt.Sprintf("https://%s:%d", serverConfig.ControlConfig.BindAddressOrLoopback(false, true), serverConfig.ControlConfig.SupervisorPort) token, err := clientaccess.FormatToken(serverConfig.ControlConfig.Runtime.AgentToken, serverConfig.ControlConfig.Runtime.ServerCA) if err != nil { return err diff --git a/pkg/daemons/config/types.go b/pkg/daemons/config/types.go index f01fa29c269c..47944b2ffa25 100644 --- a/pkg/daemons/config/types.go +++ b/pkg/daemons/config/types.go @@ -215,32 +215,36 @@ type Control struct { Runtime *ControlRuntime `json:"-"` } -// BindAddressOrLoopback returns an IPv4 or IPv6 address suitable for embedding in server -// URLs. If a bind address was configured, that is returned. If the chooseHostInterface -// parameter is true, and a suitable default interface can be found, that interface's -// address is returned. If neither of the previous were used, the loopback address is -// returned. IPv6 addresses are enclosed in square brackets, as per RFC2732. -func (c *Control) BindAddressOrLoopback(chooseHostInterface bool) string { +// BindAddressOrLoopback returns an IPv4 or IPv6 address suitable for embedding in +// server URLs. If a bind address was configured, that is returned. If the +// chooseHostInterface parameter is true, and a suitable default interface can be +// found, that interface's address is returned. If neither of the previous were used, +// the loopback address is returned. If the urlSafe parameter is true, IPv6 addresses +// are enclosed in square brackets, as per RFC2732. +func (c *Control) BindAddressOrLoopback(chooseHostInterface, urlSafe bool) string { ip := c.BindAddress if ip == "" && chooseHostInterface { if hostIP, _ := utilnet.ChooseHostInterface(); len(hostIP) > 0 { ip = hostIP.String() } } - if utilsnet.IsIPv6String(ip) { + if urlSafe && utilsnet.IsIPv6String(ip) { return fmt.Sprintf("[%s]", ip) } else if ip != "" { return ip } - return c.Loopback() + return c.Loopback(urlSafe) } // Loopback returns an IPv4 or IPv6 loopback address, depending on whether the cluster -// service CIDRs indicate an IPv4/Dual-Stack or IPv6 only cluster. IPv6 addresses are -// enclosed in square brackets, as per RFC2732. -func (c *Control) Loopback() string { +// service CIDRs indicate an IPv4/Dual-Stack or IPv6 only cluster. If the urlSafe +// parameter is true, IPv6 addresses are enclosed in square brackets, as per RFC2732. +func (c *Control) Loopback(urlSafe bool) string { if IPv6OnlyService, _ := util.IsIPv6OnlyCIDRs(c.ServiceIPRanges); IPv6OnlyService { - return "[::1]" + if urlSafe { + return "[::1]" + } + return "::1" } return "127.0.0.1" } diff --git a/pkg/daemons/control/deps/deps.go b/pkg/daemons/control/deps/deps.go index 8c9ea2e19220..d5afef45821b 100644 --- a/pkg/daemons/control/deps/deps.go +++ b/pkg/daemons/control/deps/deps.go @@ -314,7 +314,7 @@ func genClientCerts(config *config.Control) error { var certGen bool - apiEndpoint := fmt.Sprintf("https://%s:%d", config.Loopback(), config.APIServerPort) + apiEndpoint := fmt.Sprintf("https://%s:%d", config.Loopback(true), config.APIServerPort) certGen, err = factory("system:admin", []string{user.SystemPrivilegedGroup}, runtime.ClientAdminCert, runtime.ClientAdminKey) if err != nil { @@ -734,7 +734,7 @@ func genEgressSelectorConfig(controlConfig *config.Control) error { ProxyProtocol: apiserver.ProtocolHTTPConnect, Transport: &apiserver.Transport{ TCP: &apiserver.TCPTransport{ - URL: fmt.Sprintf("https://%s:%d", controlConfig.BindAddressOrLoopback(false), controlConfig.SupervisorPort), + URL: fmt.Sprintf("https://%s:%d", controlConfig.BindAddressOrLoopback(false, true), controlConfig.SupervisorPort), TLSConfig: &apiserver.TLSConfig{ CABundle: controlConfig.Runtime.ServerCA, ClientKey: controlConfig.Runtime.ClientKubeAPIKey, diff --git a/pkg/daemons/control/server.go b/pkg/daemons/control/server.go index d886934fd1ec..53484a4e0b28 100644 --- a/pkg/daemons/control/server.go +++ b/pkg/daemons/control/server.go @@ -31,14 +31,6 @@ import ( _ "k8s.io/component-base/metrics/prometheus/restclient" ) -func getLocalhostIP(serviceCIDR []*net.IPNet) net.IP { - IPv6OnlyService, _ := util.IsIPv6OnlyCIDRs(serviceCIDR) - if IPv6OnlyService { - return net.ParseIP("::1") - } - return net.ParseIP("127.0.0.1") -} - func Server(ctx context.Context, cfg *config.Control) error { rand.Seed(time.Now().UTC().UnixNano()) @@ -111,7 +103,7 @@ func controllerManager(ctx context.Context, cfg *config.Control) error { "cluster-cidr": util.JoinIPNets(cfg.ClusterIPRanges), "root-ca-file": runtime.ServerCA, "profiling": "false", - "bind-address": getLocalhostIP(cfg.ServiceIPRanges).String(), + "bind-address": cfg.Loopback(false), "secure-port": "10257", "use-service-account-credentials": "true", "cluster-signing-kube-apiserver-client-cert-file": runtime.ClientCA, @@ -143,7 +135,7 @@ func scheduler(ctx context.Context, cfg *config.Control) error { "kubeconfig": runtime.KubeConfigScheduler, "authorization-kubeconfig": runtime.KubeConfigScheduler, "authentication-kubeconfig": runtime.KubeConfigScheduler, - "bind-address": getLocalhostIP(cfg.ServiceIPRanges).String(), + "bind-address": cfg.Loopback(false), "secure-port": "10259", "profiling": "false", } @@ -180,7 +172,7 @@ func apiServer(ctx context.Context, cfg *config.Control) error { argsMap["insecure-port"] = "0" argsMap["secure-port"] = strconv.Itoa(cfg.APIServerPort) if cfg.APIServerBindAddress == "" { - argsMap["bind-address"] = getLocalhostIP(cfg.ServiceIPRanges).String() + argsMap["bind-address"] = cfg.Loopback(false) } else { argsMap["bind-address"] = cfg.APIServerBindAddress } @@ -317,7 +309,7 @@ func cloudControllerManager(ctx context.Context, cfg *config.Control) error { "authorization-kubeconfig": runtime.KubeConfigCloudController, "authentication-kubeconfig": runtime.KubeConfigCloudController, "node-status-update-frequency": "1m0s", - "bind-address": getLocalhostIP(cfg.ServiceIPRanges).String(), + "bind-address": cfg.Loopback(false), "port": "0", } if cfg.NoLeaderElect { diff --git a/pkg/daemons/control/tunnel.go b/pkg/daemons/control/tunnel.go index 816901c69f49..aafb908ded3c 100644 --- a/pkg/daemons/control/tunnel.go +++ b/pkg/daemons/control/tunnel.go @@ -210,7 +210,7 @@ func (t *TunnelServer) dialBackend(ctx context.Context, addr string) (net.Conn, if err != nil { return nil, err } - loopback := t.config.Loopback() + loopback := t.config.Loopback(true) var nodeName string var toKubelet, useTunnel bool diff --git a/pkg/etcd/etcd.go b/pkg/etcd/etcd.go index 14a4afe345e2..bc492094295b 100644 --- a/pkg/etcd/etcd.go +++ b/pkg/etcd/etcd.go @@ -653,7 +653,7 @@ func getEndpoints(control *config.Control) []string { if len(runtime.EtcdConfig.Endpoints) > 0 { return runtime.EtcdConfig.Endpoints } - return []string{fmt.Sprintf("https://%s:2379", control.Loopback())} + return []string{fmt.Sprintf("https://%s:2379", control.Loopback(true))} } // toTLSConfig converts the ControlRuntime configuration to TLS configuration suitable @@ -769,7 +769,7 @@ func (e *ETCD) peerURL() string { // During cluster reset/restore, we only listen on loopback to avoid having peers // connect mid-process. func (e *ETCD) listenPeerURLs(reset bool) string { - peerURLs := fmt.Sprintf("https://%s:2380", e.config.Loopback()) + peerURLs := fmt.Sprintf("https://%s:2380", e.config.Loopback(true)) if !reset { peerURLs += "," + e.peerURL() } @@ -785,7 +785,7 @@ func (e *ETCD) clientURL() string { // During cluster reset/restore, we only listen on loopback to avoid having the apiserver // connect mid-process. func (e *ETCD) listenClientURLs(reset bool) string { - clientURLs := fmt.Sprintf("https://%s:2379", e.config.Loopback()) + clientURLs := fmt.Sprintf("https://%s:2379", e.config.Loopback(true)) if !reset { clientURLs += "," + e.clientURL() } @@ -794,7 +794,7 @@ func (e *ETCD) listenClientURLs(reset bool) string { // listenMetricsURLs returns a list of URLs to bind to for metrics connections. func (e *ETCD) listenMetricsURLs(reset bool) string { - metricsURLs := fmt.Sprintf("http://%s:2381", e.config.Loopback()) + metricsURLs := fmt.Sprintf("http://%s:2381", e.config.Loopback(true)) if !reset && e.config.EtcdExposeMetrics { metricsURLs += "," + fmt.Sprintf("http://%s", net.JoinHostPort(e.address, "2381")) } diff --git a/pkg/server/server.go b/pkg/server/server.go index 23475b557f9e..8fb9237882ab 100644 --- a/pkg/server/server.go +++ b/pkg/server/server.go @@ -336,18 +336,18 @@ func printTokens(config *config.Control) error { } if len(nodeFile) > 0 { - printToken(config.SupervisorPort, config.BindAddressOrLoopback(true), "To join node to cluster:", "agent") + printToken(config.SupervisorPort, config.BindAddressOrLoopback(true, true), "To join node to cluster:", "agent") } return nil } func writeKubeConfig(certs string, config *Config) error { - ip := config.ControlConfig.BindAddressOrLoopback(false) + ip := config.ControlConfig.BindAddressOrLoopback(false, true) port := config.ControlConfig.HTTPSPort // on servers without a local apiserver, tunnel access via the loadbalancer if config.ControlConfig.DisableAPIServer { - ip = config.ControlConfig.Loopback() + ip = config.ControlConfig.Loopback(true) port = config.ControlConfig.APIServerPort } url := fmt.Sprintf("https://%s:%d", ip, port) From 3a95c60ce6fd6b844433fba635872ab9bb564051 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Thu, 21 Jul 2022 16:55:51 -0700 Subject: [PATCH 6/8] Bump dynamiclistener to fix issue with cert expiration Signed-off-by: Brad Davidson (cherry picked from commit 049004455ab2807b2c37654e965a4b43ad7db695) Signed-off-by: Brad Davidson --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index cee24e5bc03b..bc6a2eb6584a 100644 --- a/go.mod +++ b/go.mod @@ -111,7 +111,7 @@ require ( github.com/opencontainers/selinux v1.10.0 github.com/otiai10/copy v1.7.0 github.com/pkg/errors v0.9.1 - github.com/rancher/dynamiclistener v0.3.3 + github.com/rancher/dynamiclistener v0.3.4-0.20220721210816-8ebd77f8a45a github.com/rancher/lasso v0.0.0-20210616224652-fc3ebd901c08 github.com/rancher/remotedialer v0.2.6-0.20220624190122-ea57207bf2b8 github.com/rancher/wharfie v0.5.1 diff --git a/go.sum b/go.sum index fe1b463b6523..104bdbff7347 100644 --- a/go.sum +++ b/go.sum @@ -990,8 +990,8 @@ github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/qri-io/starlib v0.4.2-0.20200213133954-ff2e8cd5ef8d/go.mod h1:7DPO4domFU579Ga6E61sB9VFNaniPVwJP5C4bBCu3wA= github.com/quobyte/api v0.1.8/go.mod h1:jL7lIHrmqQ7yh05OJ+eEEdHr0u/kmT1Ff9iHd+4H6VI= -github.com/rancher/dynamiclistener v0.3.3 h1:pNwVc3vzuEHsbqAh1e76asq4aeDzHFV/5Ha/fMsk6EA= -github.com/rancher/dynamiclistener v0.3.3/go.mod h1:QwTpy+drx4gvPMefrrUUKpVaWiy74O7vNvkwBXJ+s3E= +github.com/rancher/dynamiclistener v0.3.4-0.20220721210816-8ebd77f8a45a h1:Ouv0wnkDaBcWBhB6nVueGVP/+9lfnrWr9p/hczBa4jQ= +github.com/rancher/dynamiclistener v0.3.4-0.20220721210816-8ebd77f8a45a/go.mod h1:QwTpy+drx4gvPMefrrUUKpVaWiy74O7vNvkwBXJ+s3E= github.com/rancher/lasso v0.0.0-20210616224652-fc3ebd901c08 h1:NxR8Fh0eE7/5/5Zvlog9B5NVjWKqBSb1WYMUF7/IE5c= github.com/rancher/lasso v0.0.0-20210616224652-fc3ebd901c08/go.mod h1:9qZd/S8DqWzfKtjKGgSoHqGEByYmUE3qRaBaaAHwfEM= github.com/rancher/remotedialer v0.2.6-0.20220624190122-ea57207bf2b8 h1:leqh0chjBsXhKWebxxFd5QPcoQLu51EpaHo04ce0o+8= From 8a7dfc7d61513ad5e06628e4f1551a71c218ed20 Mon Sep 17 00:00:00 2001 From: Vladimir Kochnev Date: Tue, 26 Jul 2022 23:47:40 +0300 Subject: [PATCH 7/8] Save agent token to /var/lib/rancher/k3s/server/agent-token Having separate tokens for server and agent nodes is a nice feature. However, passing server's plain `K3S_AGENT_TOKEN` value to `k3s agent --token` without CA hash is insecure when CA is self-signed, and k3s warns about it in the logs: ``` Cluster CA certificate is not trusted by the host CA bundle, but the token does not include a CA hash. Use the full token from the server's node-token file to enable Cluster CA validation. ``` Okay so I need CA hash but where should I get it? This commit attempts to fix this issue by saving agent token value to `agent-token` file with CA hash appended. Signed-off-by: Vladimir Kochnev (cherry picked from commit 13af0b1d884e6c31f581fbec2cd5d4f8181de778) Signed-off-by: Brad Davidson --- pkg/server/server.go | 52 +++++++++++++++++++++++++++++++++----------- 1 file changed, 39 insertions(+), 13 deletions(-) diff --git a/pkg/server/server.go b/pkg/server/server.go index 8fb9237882ab..733cd0c0b82a 100644 --- a/pkg/server/server.go +++ b/pkg/server/server.go @@ -313,14 +313,11 @@ func HomeKubeConfig(write, rootless bool) (string, error) { } func printTokens(config *config.Control) error { - var ( - nodeFile string - ) - if len(config.Runtime.ServerToken) > 0 { - p := filepath.Join(config.DataDir, "token") - if err := writeToken(config.Runtime.ServerToken, p, config.Runtime.ServerCA); err == nil { - logrus.Infof("Node token is available at %s", p) - nodeFile = p + var serverTokenFile string + if config.Runtime.ServerToken != "" { + serverTokenFile = filepath.Join(config.DataDir, "token") + if err := writeToken(config.Runtime.ServerToken, serverTokenFile, config.Runtime.ServerCA); err != nil { + return err } // backwards compatibility @@ -329,14 +326,43 @@ func printTokens(config *config.Control) error { if err := os.RemoveAll(np); err != nil { return err } - if err := os.Symlink(p, np); err != nil { + if err := os.Symlink(serverTokenFile, np); err != nil { return err } } + + logrus.Infof("Server node token is available at %s", serverTokenFile) + printToken(config.SupervisorPort, config.BindAddressOrLoopback(true, true), "To join server node to cluster:", "server", "SERVER_NODE_TOKEN") + } + + var agentTokenFile string + if config.Runtime.AgentToken != "" { + if config.AgentToken != "" { + agentTokenFile = filepath.Join(config.DataDir, "agent-token") + if isSymlink(agentTokenFile) { + if err := os.RemoveAll(agentTokenFile); err != nil { + return err + } + } + if err := writeToken(config.Runtime.AgentToken, agentTokenFile, config.Runtime.ServerCA); err != nil { + return err + } + } else if serverTokenFile != "" { + agentTokenFile = filepath.Join(config.DataDir, "agent-token") + if !isSymlink(agentTokenFile) { + if err := os.RemoveAll(agentTokenFile); err != nil { + return err + } + if err := os.Symlink(serverTokenFile, agentTokenFile); err != nil { + return err + } + } + } } - if len(nodeFile) > 0 { - printToken(config.SupervisorPort, config.BindAddressOrLoopback(true, true), "To join node to cluster:", "agent") + if agentTokenFile != "" { + logrus.Infof("Agent node token is available at %s", agentTokenFile) + printToken(config.SupervisorPort, config.BindAddressOrLoopback(true, true), "To join agent node to cluster:", "agent", "AGENT_NODE_TOKEN") } return nil @@ -423,8 +449,8 @@ func setupDataDirAndChdir(config *config.Control) error { return nil } -func printToken(httpsPort int, advertiseIP, prefix, cmd string) { - logrus.Infof("%s %s %s -s https://%s:%d -t ${NODE_TOKEN}", prefix, version.Program, cmd, advertiseIP, httpsPort) +func printToken(httpsPort int, advertiseIP, prefix, cmd, varName string) { + logrus.Infof("%s %s %s -s https://%s:%d -t ${%s}", prefix, version.Program, cmd, advertiseIP, httpsPort, varName) } func writeToken(token, file, certs string) error { From d92069db9270a63c13571951efbb736f48920af0 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Mon, 1 Aug 2022 14:40:49 -0700 Subject: [PATCH 8/8] Bump minio to v7.0.33 Signed-off-by: Brad Davidson (cherry picked from commit 43508341c14e776c8cdea7479f21a75245f000d8) Signed-off-by: Brad Davidson --- go.mod | 12 ++++++------ go.sum | 43 ++++++++++++++++--------------------------- 2 files changed, 22 insertions(+), 33 deletions(-) diff --git a/go.mod b/go.mod index bc6a2eb6584a..40d987d7f59d 100644 --- a/go.mod +++ b/go.mod @@ -99,11 +99,11 @@ require ( github.com/gorilla/websocket v1.4.2 github.com/k3s-io/helm-controller v0.12.3 github.com/k3s-io/kine v0.9.3 - github.com/klauspost/compress v1.15.1 + github.com/klauspost/compress v1.15.9 github.com/kubernetes-sigs/cri-tools v0.0.0-00010101000000-000000000000 github.com/lib/pq v1.10.2 github.com/mattn/go-sqlite3 v1.14.8 - github.com/minio/minio-go/v7 v7.0.7 + github.com/minio/minio-go/v7 v7.0.33 github.com/natefinch/lumberjack v2.0.0+incompatible github.com/onsi/ginkgo/v2 v2.1.1 github.com/onsi/gomega v1.17.0 @@ -118,7 +118,7 @@ require ( github.com/rancher/wrangler v0.8.10 github.com/robfig/cron/v3 v3.0.1 github.com/rootless-containers/rootlesskit v1.0.1 - github.com/sirupsen/logrus v1.8.1 + github.com/sirupsen/logrus v1.9.0 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.7.1 github.com/tchap/go-patricia v2.3.0+incompatible // indirect @@ -131,10 +131,10 @@ require ( go.etcd.io/etcd/etcdutl/v3 v3.5.4 go.etcd.io/etcd/server/v3 v3.5.4 go.uber.org/zap v1.19.0 - golang.org/x/crypto v0.0.0-20220131195533-30dcbda58838 - golang.org/x/net v0.0.0-20211216030914-fe4d6282115f + golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa + golang.org/x/net v0.0.0-20220722155237-a158d28d115b golang.org/x/sync v0.0.0-20210220032951-036812b2e83c - golang.org/x/sys v0.0.0-20220412211240-33da011f77ad + golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f google.golang.org/grpc v1.45.0 gopkg.in/yaml.v2 v2.4.0 inet.af/tcpproxy v0.0.0-20200125044825-b6bb9b5b8252 diff --git a/go.sum b/go.sum index 104bdbff7347..1afcb9b1d03b 100644 --- a/go.sum +++ b/go.sum @@ -164,7 +164,6 @@ github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5 h1:7aWHqerlJ41 github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5/go.mod h1:/iP1qXHoty45bqomnu2LM+VVyAEdWN+vtSHGlQgyxbw= github.com/checkpoint-restore/go-criu/v5 v5.0.0 h1:TW8f/UvntYoVDMN1K2HlT82qH1rb0sOjpGw3m6Ym+i4= github.com/checkpoint-restore/go-criu/v5 v5.0.0/go.mod h1:cfwC0EG7HMUenopBsUf9d89JlCLQIfgVcNsNN0t6T2M= -github.com/cheggaaa/pb v1.0.29/go.mod h1:W40334L7FMC5JKWldsTWbdGjLo0RxUKK73K+TuPxX30= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= @@ -311,7 +310,6 @@ github.com/fanliao/go-promise v0.0.0-20141029170127-1890db352a72/go.mod h1:Pjfxu github.com/fatih/camelcase v1.0.0 h1:hxNvNX/xYBp0ovncs8WyWZrOrpBNub/JfaMvbURyft8= github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8SPQ= github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/flannel-io/flannel v0.18.1 h1:kokF/aMIcXNrl7tHDg3Q+VcQDdQ5cq65GLcNsoeHmcs= @@ -513,7 +511,6 @@ github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97Dwqy github.com/gophercloud/gophercloud v0.1.0 h1:P/nh25+rzXouhytV2pUHBb65fnds26Ghl8/391+sT5o= github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= -github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00 h1:l5lAOZEym3oK3SQ2HBHWsJUfbNBiTXJDeW2QDxw9AQ0= github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.7.4/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= @@ -616,7 +613,6 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= -github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= @@ -709,11 +705,13 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/klauspost/compress v1.14.4/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= -github.com/klauspost/compress v1.15.1 h1:y9FcTHGyrebwfP0ZZqFiaxTaiDnUrGkJkI+f583BL1A= github.com/klauspost/compress v1.15.1/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= -github.com/klauspost/cpuid v1.2.3/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= -github.com/klauspost/cpuid v1.3.1 h1:5JNjFYYQrZeKRJ0734q51WCEEn2huer72Dc7K+R/b6s= -github.com/klauspost/cpuid v1.3.1/go.mod h1:bYW4mA6ZgKPob1/Dlai2LviZJO7KGI3uoWLd42rAQw4= +github.com/klauspost/compress v1.15.9 h1:wKRjX6JRtDdrE9qwa4b/Cip7ACOshUI4smpCQanqjSY= +github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= +github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= +github.com/klauspost/cpuid/v2 v2.0.4/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= +github.com/klauspost/cpuid/v2 v2.1.0 h1:eyi1Ad2aNJMW95zcSbmGg7Cg6cq3ADwLpMAP96d8rF0= +github.com/klauspost/cpuid/v2 v2.1.0/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -750,11 +748,7 @@ github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7 github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA= github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= -github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= -github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= -github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= @@ -798,18 +792,16 @@ github.com/mindprince/gonvml v0.0.0-20190828220739-9ebdce4bb989 h1:PS1dLCGtD8bb9 github.com/mindprince/gonvml v0.0.0-20190828220739-9ebdce4bb989/go.mod h1:2eu9pRWp8mo84xCg6KswZ+USQHjwgRhNp06sozOdsTY= github.com/minio/highwayhash v1.0.2 h1:Aak5U0nElisjDCfPSG79Tgzkn2gl66NxOMspRrKnA/g= github.com/minio/highwayhash v1.0.2/go.mod h1:BQskDq+xkJ12lmlUUi7U0M5Swg3EWR+dLTk+kldvVxY= -github.com/minio/md5-simd v1.1.0 h1:QPfiOqlZH+Cj9teu0t9b1nTBfPbyTl16Of5MeuShdK4= -github.com/minio/md5-simd v1.1.0/go.mod h1:XpBqgZULrMYD3R+M28PcmP0CkI7PEMzB3U77ZrKZ0Gw= -github.com/minio/minio-go/v7 v7.0.7 h1:Qld/xb8C1Pwbu0jU46xAceyn9xXKCMW+3XfNbpmTB70= -github.com/minio/minio-go/v7 v7.0.7/go.mod h1:pEZBUa+L2m9oECoIA6IcSK8bv/qggtQVLovjeKK5jYc= -github.com/minio/sha256-simd v0.1.1 h1:5QHSlgo3nt5yKOJrC7W8w7X+NFl8cMPZm96iu8kKUJU= -github.com/minio/sha256-simd v0.1.1/go.mod h1:B5e1o+1/KgNmWrSQK08Y6Z1Vb5pwIktudl0J58iy0KM= -github.com/minio/sio v0.2.1/go.mod h1:8b0yPp2avGThviy/+OCJBI6OMpvxoUuiLvE6F1lebhw= +github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34= +github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM= +github.com/minio/minio-go/v7 v7.0.33 h1:jLEHTp9jg2zWBa5w9W1i8WXq6o+oGRcjsdk9HbFgdlc= +github.com/minio/minio-go/v7 v7.0.33/go.mod h1:nCrRzjoSUQh8hgKKtu3Y708OLvRLtuASMg2/nvmbarw= +github.com/minio/sha256-simd v1.0.0 h1:v1ta+49hkWZyvaKwrQB8elexRqm6Y0aMLjCNsrYxo6g= +github.com/minio/sha256-simd v1.0.0/go.mod h1:OuYzVNI5vcoYIAmbIvHPl3N3jUzVedXbKy5RFepssQM= github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible h1:aKW/4cBs+yK6gpqU3K/oIwk9Q/XICqd3zOX/UFuvqmk= github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4= @@ -1008,7 +1000,6 @@ github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6L github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rootless-containers/rootlesskit v1.0.1 h1:jepqW1txFSowKSMAEkVhWH3Oa1TCY9S400MVYe/6Iro= github.com/rootless-containers/rootlesskit v1.0.1/go.mod h1:t2UAiYagxrJ+wmpFAUIZPcqsm4k2B7ve6g7lILKbloc= -github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= github.com/rs/xid v1.4.0 h1:qd7wPTDkN6KQx2VmMBLrpHkiyQwgFXRnkOLacUiaSNY= github.com/rs/xid v1.4.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= github.com/rubiojr/go-vhd v0.0.0-20200706105327-02e210299021 h1:if3/24+h9Sq6eDx8UUz1SO9cT9tizyIsATfB7b4D3tc= @@ -1039,13 +1030,11 @@ github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMB github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= +github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= +github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= -github.com/smartystreets/assertions v1.1.0 h1:MkTeG1DMwsrdH7QtLXy5W+fUxWq+vmb6cLmyJ7aRtF0= github.com/smartystreets/assertions v1.1.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo= -github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= -github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/soheilhy/cmux v0.1.5 h1:jjzc5WVemNEDTLwv9tlmemhC73tI08BNOIGwBOo10Js= @@ -1469,9 +1458,9 @@ gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKW gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/ini.v1 v1.57.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/ini.v1 v1.62.0 h1:duBzk771uxoUuOlyRLkHsygud9+5lrlGjdFBb4mSKDU= gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= +gopkg.in/ini.v1 v1.66.6 h1:LATuAqN/shcYAOkv3wl2L4rkaKqkcgTBQjOyYDvcPKI= +gopkg.in/ini.v1 v1.66.6/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=