From 67dd704acfd6575bc242cc76898aa289a776bbc2 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Tue, 1 Nov 2022 23:28:19 +0000 Subject: [PATCH] Bump k3s-root and remove embedded strongswan support Signed-off-by: Brad Davidson (cherry picked from commit 2835368ecb57fbf47ea1826953b133253b769b99) Signed-off-by: Brad Davidson --- pkg/agent/config/config.go | 1 - pkg/agent/flannel/setup.go | 38 +++++-------------------------------- pkg/cli/cmds/server.go | 2 +- pkg/daemons/config/types.go | 1 - scripts/download | 4 ++-- scripts/version.sh | 2 +- 6 files changed, 9 insertions(+), 39 deletions(-) diff --git a/pkg/agent/config/config.go b/pkg/agent/config/config.go index 0abac5c6ace9..1949e1087b9e 100644 --- a/pkg/agent/config/config.go +++ b/pkg/agent/config/config.go @@ -461,7 +461,6 @@ func get(ctx context.Context, envInfo *cmds.Agent, proxy proxy.Proxy) (*config.N } nodeConfig.AgentConfig.Snapshotter = envInfo.Snapshotter nodeConfig.AgentConfig.IPSECPSK = controlConfig.IPSECPSK - nodeConfig.AgentConfig.StrongSwanDir = filepath.Join(envInfo.DataDir, "agent", "strongswan") nodeConfig.Containerd.Config = filepath.Join(envInfo.DataDir, "agent", "etc", "containerd", "config.toml") nodeConfig.Containerd.Root = filepath.Join(envInfo.DataDir, "agent", "containerd") if !nodeConfig.Docker && nodeConfig.ContainerRuntimeEndpoint == "" { diff --git a/pkg/agent/flannel/setup.go b/pkg/agent/flannel/setup.go index a1f290897d76..a32c141df6d2 100644 --- a/pkg/agent/flannel/setup.go +++ b/pkg/agent/flannel/setup.go @@ -4,13 +4,12 @@ import ( "context" "fmt" "net" - "os" + "os/exec" "path/filepath" "strings" "github.com/k3s-io/k3s/pkg/agent/util" "github.com/k3s-io/k3s/pkg/daemons/config" - "github.com/k3s-io/k3s/pkg/version" "github.com/pkg/errors" "github.com/sirupsen/logrus" v1 "k8s.io/api/core/v1" @@ -229,12 +228,13 @@ func createFlannelConf(nodeConfig *config.Node) error { backendConf = hostGWBackend case config.FlannelBackendIPSEC: backendConf = strings.ReplaceAll(ipsecBackend, "%psk%", nodeConfig.AgentConfig.IPSECPSK) - if err := setupStrongSwan(nodeConfig); err != nil { - return err + if _, err := exec.LookPath("swanctl"); err != nil { + return errors.Wrap(err, "k3s no longer includes strongswan - please install strongswan's swanctl and charon packages on your host") } + logrus.Warnf("The ipsec backend is deprecated and will be removed in k3s v1.27; please switch to wireguard-native. Check our docs for information on how to migrate.") case config.FlannelBackendWireguard: backendConf = strings.ReplaceAll(wireguardBackend, "%flannelConfDir%", filepath.Dir(nodeConfig.FlannelConfFile)) - logrus.Warnf("The wireguard backend is deprecated and will be removed in k3s v1.26, please switch to wireguard-native. Check our docs for information about how to migrate") + logrus.Warnf("The wireguard backend is deprecated and will be removed in k3s v1.26, please switch to wireguard-native. Check our docs for information about how to migrate.") case config.FlannelBackendWireguardNative: mode, ok := backendOptions["Mode"] if !ok { @@ -255,34 +255,6 @@ func createFlannelConf(nodeConfig *config.Node) error { return util.WriteFile(nodeConfig.FlannelConfFile, confJSON) } -func setupStrongSwan(nodeConfig *config.Node) error { - // if data dir env is not set point to root - dataDir := os.Getenv(version.ProgramUpper + "_DATA_DIR") - if dataDir == "" { - dataDir = "/" - } - dataDir = filepath.Join(dataDir, "etc", "strongswan") - - info, err := os.Lstat(nodeConfig.AgentConfig.StrongSwanDir) - // something exists but is not a symlink, return - if err == nil && info.Mode()&os.ModeSymlink == 0 { - return nil - } - if err == nil { - target, err := os.Readlink(nodeConfig.AgentConfig.StrongSwanDir) - // current link is the same, return - if err == nil && target == dataDir { - return nil - } - } - - // clean up strongswan old link - os.Remove(nodeConfig.AgentConfig.StrongSwanDir) - - // make new strongswan link - return os.Symlink(dataDir, nodeConfig.AgentConfig.StrongSwanDir) -} - // fundNetMode returns the mode (ipv4, ipv6 or dual-stack) in which flannel is operating func findNetMode(cidrs []*net.IPNet) (int, error) { dualStack, err := utilsnet.IsDualStackCIDRs(cidrs) diff --git a/pkg/cli/cmds/server.go b/pkg/cli/cmds/server.go index ae48253907a0..c0ec9b82f9b9 100644 --- a/pkg/cli/cmds/server.go +++ b/pkg/cli/cmds/server.go @@ -208,7 +208,7 @@ var ServerFlags = []cli.Flag{ ClusterDomain, cli.StringFlag{ Name: "flannel-backend", - Usage: "(networking) backend<=option1=val1,option2=val2> where backend is one of 'none', 'vxlan', 'ipsec', 'host-gw', 'wireguard-native', or 'wireguard' (deprecated)", + Usage: "(networking) backend<=option1=val1,option2=val2> where backend is one of 'none', 'vxlan', 'ipsec' (deprecated), 'host-gw', 'wireguard-native', 'wireguard' (deprecated)", Destination: &ServerConfig.FlannelBackend, Value: "vxlan", }, diff --git a/pkg/daemons/config/types.go b/pkg/daemons/config/types.go index 5c8d8b05d06a..5c4288447d07 100644 --- a/pkg/daemons/config/types.go +++ b/pkg/daemons/config/types.go @@ -106,7 +106,6 @@ type Agent struct { ImageCredProvConfig string IPSECPSK string FlannelCniConfFile string - StrongSwanDir string PrivateRegistry string SystemDefaultRegistry string AirgapExtraRegistry []string diff --git a/scripts/download b/scripts/download index c2abb8b8cd8d..58c37b3f1c80 100755 --- a/scripts/download +++ b/scripts/download @@ -20,7 +20,7 @@ rm -rf ${CONTAINERD_DIR} mkdir -p ${CHARTS_DIR} mkdir -p ${DATA_DIR} -curl --compressed -sfL https://github.com/k3s-io/k3s-root/releases/download/${VERSION_ROOT}/k3s-root-${ARCH}.tar | tar xf - --exclude=bin/socat +curl --compressed -sfL https://github.com/k3s-io/k3s-root/releases/download/${VERSION_ROOT}/k3s-root-${ARCH}.tar | tar xf - git clone --single-branch --branch=${VERSION_RUNC} --depth=1 https://github.com/opencontainers/runc ${RUNC_DIR} @@ -31,4 +31,4 @@ for CHART_FILE in $(grep -rlF HelmChart manifests/ | xargs yq eval --no-doc .spe curl -sfL ${CHARTS_URL}/${CHART_NAME}/${CHART_FILE} -o ${CHARTS_DIR}/${CHART_FILE} done -cp scripts/wg-add.sh bin/aux/ +cp scripts/wg-add.sh bin/aux diff --git a/scripts/version.sh b/scripts/version.sh index 6e319be52aa1..f730a7bdea29 100755 --- a/scripts/version.sh +++ b/scripts/version.sh @@ -51,7 +51,7 @@ if [ -z "$VERSION_KUBE_ROUTER" ]; then VERSION_KUBE_ROUTER="v0.0.0" fi -VERSION_ROOT="v0.11.0" +VERSION_ROOT="v0.12.0" if [[ -n "$GIT_TAG" ]]; then if [[ ! "$GIT_TAG" =~ ^"$VERSION_K8S"[+-] ]]; then