diff --git a/cmd/controller/controller.go b/cmd/controller/controller.go index 16939afd2203..2348f331f607 100644 --- a/cmd/controller/controller.go +++ b/cmd/controller/controller.go @@ -214,7 +214,7 @@ func (c *command) start(ctx context.Context) error { enableKonnectivity := !c.SingleNode && !slices.Contains(c.DisableComponents, constant.KonnectivityServerComponentName) disableEndpointReconciler := !slices.Contains(c.DisableComponents, constant.APIEndpointReconcilerComponentName) && - (nodeConfig.Spec.API.ExternalAddress != "" || nodeConfig.Spec.API.TunneledNetworkingMode) + nodeConfig.Spec.API.ExternalAddress != "" nodeComponents.Add(ctx, &controller.APIServer{ ClusterConfig: nodeConfig, @@ -384,14 +384,7 @@ func (c *command) start(ctx context.Context) error { clusterComponents.Add(ctx, controller.NewCRD(manifestsSaver, []string{"autopilot"})) } - if nodeConfig.Spec.API.TunneledNetworkingMode { - clusterComponents.Add(ctx, controller.NewTunneledEndpointReconciler( - leaderElector, - adminClientFactory, - )) - } - - if !slices.Contains(c.DisableComponents, constant.APIEndpointReconcilerComponentName) && nodeConfig.Spec.API.ExternalAddress != "" && !nodeConfig.Spec.API.TunneledNetworkingMode { + if !slices.Contains(c.DisableComponents, constant.APIEndpointReconcilerComponentName) && nodeConfig.Spec.API.ExternalAddress != "" { clusterComponents.Add(ctx, controller.NewEndpointReconciler( nodeConfig, leaderElector, diff --git a/docs/configuration.md b/docs/configuration.md index ae5829dd9680..0f9d296b5a35 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -57,7 +57,6 @@ spec: port: 6443 sans: - 192.168.68.104 - tunneledNetworkingMode: false controllerManager: {} extensions: helm: @@ -135,7 +134,6 @@ spec: | `extraArgs` | Map of key-values (strings) for any extra arguments to pass down to Kubernetes api-server process. | | `port`¹ | Custom port for kube-api server to listen on (default: 6443) | | `k0sApiPort`¹ | Custom port for k0s-api server to listen on (default: 9443) | -| `tunneledNetworkingMode` | Whether to tunnel Kubernetes access from worker nodes via local port forwarding. (default: `false`) | ¹ If `port` and `k0sApiPort` are used with the `externalAddress` element, the loadbalancer serving at `externalAddress` must listen on the same ports. diff --git a/docs/nllb.md b/docs/nllb.md index 023e83339bb9..e0bb31b4bd5b 100644 --- a/docs/nllb.md +++ b/docs/nllb.md @@ -37,9 +37,6 @@ following: * The cluster doesn't use an externally managed load balancer, i.e. the cluster configuration doesn't specify a non-empty [`spec.api.externalAddress`][specapi]. -* The cluster doesn't use tunneled networking mode, i.e. the cluster - configuration doesn't specify [`spec.api.tunneledNetworkingMode`][specapi] as - `true`. * K0s isn't running as a [single node](../k0s-single-node/), i.e. it isn't started using the `--single` flag. * The cluster should have multiple controller nodes. Node-local load balancing diff --git a/embedded-bins/Makefile.variables b/embedded-bins/Makefile.variables index 9a8cf993804e..74b0888a294f 100644 --- a/embedded-bins/Makefile.variables +++ b/embedded-bins/Makefile.variables @@ -51,7 +51,7 @@ etcd_build_go_ldflags = "-w -s" #etcd_build_go_ldflags_extra = konnectivity_buildimage = $(golang_buildimage) -konnectivity_version = 0.0.33-k0s.1 +konnectivity_version = 0.1.4 #konnectivity_build_go_tags = konnectivity_build_go_cgo_enabled = 0 #konnectivity_build_go_cgo_cflags = diff --git a/embedded-bins/konnectivity/Dockerfile b/embedded-bins/konnectivity/Dockerfile index b3331dc88199..0200640c929a 100644 --- a/embedded-bins/konnectivity/Dockerfile +++ b/embedded-bins/konnectivity/Dockerfile @@ -4,7 +4,7 @@ FROM $BUILDIMAGE AS build RUN apk add build-base git make protoc ARG VERSION -RUN git -c advice.detachedHead=false clone -b v$VERSION --depth=1 https://github.com/k0sproject/apiserver-network-proxy.git /apiserver-network-proxy +RUN git -c advice.detachedHead=false clone -b v$VERSION --depth=1 https://github.com/kubernetes-sigs/apiserver-network-proxy.git /apiserver-network-proxy WORKDIR /apiserver-network-proxy ARG TARGET_OS \ @@ -14,9 +14,9 @@ ARG TARGET_OS \ BUILD_GO_LDFLAGS \ BUILD_GO_LDFLAGS_EXTRA -RUN go version RUN go install github.com/golang/mock/mockgen@v1.4.4 && \ - go install github.com/golang/protobuf/protoc-gen-go@v1.4.3 && \ + go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.28 && \ + go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.2 && \ make gen && \ CGO_ENABLED=${BUILD_GO_CGO_ENABLED} \ GOOS=linux \ diff --git a/inttest/Makefile.variables b/inttest/Makefile.variables index 9ad16493544b..7f5cfe812b24 100644 --- a/inttest/Makefile.variables +++ b/inttest/Makefile.variables @@ -53,5 +53,4 @@ smoketests := \ check-psp \ check-singlenode \ check-statussocket \ - check-tunneledkas \ check-upgrade \ diff --git a/inttest/tunneledkas/suite_test.go b/inttest/tunneledkas/suite_test.go deleted file mode 100644 index 56bc3a5fb638..000000000000 --- a/inttest/tunneledkas/suite_test.go +++ /dev/null @@ -1,131 +0,0 @@ -/* -Copyright 2021 k0s authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package tunneledkas - -import ( - "fmt" - "net" - "net/url" - "testing" - - "github.com/stretchr/testify/suite" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/kubernetes" - - "github.com/k0sproject/k0s/inttest/common" -) - -type Suite struct { - common.FootlooseSuite -} - -const config = ` -spec: - api: - port: 7443 - tunneledNetworkingMode: true -` - -func (s *Suite) TestK0sTunneledKasMode() { - s.PutFile(s.ControllerNode(0), "/tmp/k0s.yaml", config) - s.NoError(s.InitController(0, "--config=/tmp/k0s.yaml")) - - token, err := s.GetJoinToken("worker") - s.Require().NoError(err) - s.NoError(s.RunWorkersWithToken(token)) - - // out of cluster client - kc, err := s.KubeClient(s.ControllerNode(0)) - s.Require().NoError(err) - - err = s.WaitForNodeReady(s.WorkerNode(0), kc) - s.NoError(err) - err = s.WaitForNodeReady(s.WorkerNode(1), kc) - s.NoError(err) - - s.Run("Services", func() { - require := s.Require() - s.T().Parallel() - - svc, err := kc.CoreV1().Services("default").Get(s.Context(), "kubernetes", v1.GetOptions{}) - require.NoError(err) - require.Equal("Local", string(*svc.Spec.InternalTrafficPolicy)) - }) - - s.Run("Nodes", func() { - require := s.Require() - s.T().Parallel() - - nodes, err := kc.CoreV1().Nodes().List(s.Context(), v1.ListOptions{}) - require.NoError(err) - require.Len(nodes.Items, s.WorkerCount) - }) - - workerIPs := make([]string, s.WorkerCount) - for i := range workerIPs { - workerIPs[i] = s.GetWorkerIPAddress(i) - } - - s.Run("Endpoints", func() { - require := s.Require() - s.T().Parallel() - - eps, err := kc.CoreV1().Endpoints("default").Get(s.Context(), "kubernetes", v1.GetOptions{}) - require.NoError(err) - require.Len(eps.Subsets, 1) - subsetIPs := make([]string, 0, len(eps.Subsets[0].Addresses)) - for _, addr := range eps.Subsets[0].Addresses { - subsetIPs = append(subsetIPs, addr.IP) - } - require.ElementsMatch(workerIPs, subsetIPs) - }) - - // for each node try to call konnectivity-agent directly - // nodes IPs are not in the config.spec.api.sans - // so skip x509 verification here for the sake of the test - s.Run("Konnectivity", func() { - kubeConfig, err := s.GetKubeConfig(s.ControllerNode(0)) - s.Require().NoError(err) - kubeConfig.TLSClientConfig.Insecure = true - kubeConfig.TLSClientConfig.CAData = nil - - for i, ip := range workerIPs { - ip, kubeConfig := ip, *kubeConfig - s.Run(fmt.Sprintf("worker%d", i), func() { - require := s.Require() - s.T().Parallel() - - kubeConfig.Host = (&url.URL{Scheme: "https", Host: net.JoinHostPort(ip, "6443")}).String() - nodeLocalClient, err := kubernetes.NewForConfig(&kubeConfig) - require.NoError(err) - _, err = nodeLocalClient.CoreV1().Nodes().List(s.Context(), v1.ListOptions{}) - require.NoError(err) - }) - } - }) -} - -func TestK0sTunneledKasModeSuite(t *testing.T) { - s := Suite{ - common.FootlooseSuite{ - ControllerCount: 1, - WorkerCount: 2, - KubeAPIExternalPort: 7443, - }, - } - suite.Run(t, &s) -} diff --git a/pkg/apis/k0s/v1beta1/api.go b/pkg/apis/k0s/v1beta1/api.go index d0cd2bd6e80d..c70f25bc1565 100644 --- a/pkg/apis/k0s/v1beta1/api.go +++ b/pkg/apis/k0s/v1beta1/api.go @@ -37,8 +37,6 @@ type APISpec struct { // The loadbalancer address (for k0s controllers running behind a loadbalancer) ExternalAddress string `json:"externalAddress,omitempty"` - // TunneledNetworkingMode indicates if we access to KAS through konnectivity tunnel - TunneledNetworkingMode bool `json:"tunneledNetworkingMode"` // Map of key-values (strings) for any extra arguments to pass down to Kubernetes api-server process ExtraArgs map[string]string `json:"extraArgs,omitempty"` // Custom port for k0s-api server to listen on (default: 9443) @@ -59,12 +57,11 @@ func DefaultAPISpec() *APISpec { addresses, _ := iface.AllAddresses() publicAddress, _ := iface.FirstPublicAddress() return &APISpec{ - Port: defaultKasPort, - K0sAPIPort: 9443, - SANs: addresses, - Address: publicAddress, - ExtraArgs: make(map[string]string), - TunneledNetworkingMode: false, + Port: defaultKasPort, + K0sAPIPort: 9443, + SANs: addresses, + Address: publicAddress, + ExtraArgs: make(map[string]string), } } @@ -142,8 +139,5 @@ func (a *APISpec) Validate() []error { if a.ExternalAddress != "" { validateIPAddressOrDNSName(field.NewPath("externalAddress"), a.ExternalAddress) } - if a.TunneledNetworkingMode && a.Port == defaultKasPort { - errors = append(errors, fmt.Errorf("can't use default kubeapi port if TunneledNetworkingMode is enabled")) - } return errors } diff --git a/pkg/apis/k0s/v1beta1/api_test.go b/pkg/apis/k0s/v1beta1/api_test.go index cb45b9f0784f..d7551d14baaf 100644 --- a/pkg/apis/k0s/v1beta1/api_test.go +++ b/pkg/apis/k0s/v1beta1/api_test.go @@ -68,14 +68,6 @@ func (s *APISuite) TestValidation() { s.ErrorContains(errors[0], `sans[0]: Invalid value: "something.that.is.not.valid//(())": invalid IP address / DNS name`) } }) - s.T().Run("TunneledNetworkingMode_and_default_kas_port_is_invalid", func(t *testing.T) { - a := DefaultAPISpec() - a.TunneledNetworkingMode = true - errors := a.Validate() - s.NotNil(errors) - s.Len(errors, 1) - s.Contains(errors[0].Error(), "can't use default kubeapi port if TunneledNetworkingMode is enabled") - }) } func TestApiSuite(t *testing.T) { diff --git a/pkg/apis/k0s/v1beta1/clusterconfig_types.go b/pkg/apis/k0s/v1beta1/clusterconfig_types.go index 632f5ca5e85b..f856b2c0929d 100644 --- a/pkg/apis/k0s/v1beta1/clusterconfig_types.go +++ b/pkg/apis/k0s/v1beta1/clusterconfig_types.go @@ -345,10 +345,6 @@ func (s *ClusterSpec) ValidateNodeLocalLoadBalancing() (errs field.ErrorList) { } path := field.NewPath("network", "nodeLocalLoadBalancing", "enabled") - if s.API.TunneledNetworkingMode { - detail := "node-local load balancing cannot be used in tunneled networking mode" - errs = append(errs, field.Forbidden(path, detail)) - } if s.API.ExternalAddress != "" { detail := "node-local load balancing cannot be used in conjunction with an external Kubernetes API server address" diff --git a/pkg/component/controller/konnectivity.go b/pkg/component/controller/konnectivity.go index c6c3e8116bcf..734d9ae24e86 100644 --- a/pkg/component/controller/konnectivity.go +++ b/pkg/component/controller/konnectivity.go @@ -259,14 +259,6 @@ func (k *Konnectivity) writeKonnectivityAgent() error { PullPolicy: k.clusterConfig.Spec.Images.DefaultPullPolicy, } - if k.NodeConfig.Spec.API.TunneledNetworkingMode { - cfg.HostNetwork = true - cfg.BindToNodeIP = true // agent needs to listen on the node IP to be on pair with the tunneled network reconciler - cfg.APIServerPortMapping = fmt.Sprintf("6443:localhost:%d", k.clusterConfig.Spec.API.Port) - } else { - cfg.FeatureGates = "NodeToMasterTraffic=false" - } - if k.clusterConfig.Spec.Network != nil { nllb := k.clusterConfig.Spec.Network.NodeLocalLoadBalancing if nllb.IsEnabled() { diff --git a/pkg/component/controller/tunneledapiendpointreconciller.go b/pkg/component/controller/tunneledapiendpointreconciller.go deleted file mode 100644 index 7109a3cad230..000000000000 --- a/pkg/component/controller/tunneledapiendpointreconciller.go +++ /dev/null @@ -1,225 +0,0 @@ -/* -Copyright 2021 k0s authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package controller - -import ( - "context" - "fmt" - "time" - - "github.com/k0sproject/k0s/pkg/component/controller/leaderelector" - "github.com/k0sproject/k0s/pkg/component/manager" - k8sutil "github.com/k0sproject/k0s/pkg/kubernetes" - - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/kubernetes" - - "github.com/sirupsen/logrus" -) - -type TunneledEndpointReconciler struct { - logger *logrus.Entry - - leaderElector leaderelector.Interface - kubeClientFactory k8sutil.ClientFactoryInterface -} - -var _ manager.Component = (*TunneledEndpointReconciler)(nil) - -func (ter TunneledEndpointReconciler) Init(_ context.Context) error { - return nil -} - -func (ter *TunneledEndpointReconciler) Start(ctx context.Context) error { - go func() { - ticker := time.NewTicker(10 * time.Second) - defer ticker.Stop() - for { - select { - case <-ticker.C: - err := ter.reconcile(ctx) - if err != nil { - ter.logger.WithError(err).Warn("External API address reconciliation failed") - } - case <-ctx.Done(): - ter.logger.Info("Endpoint reconciler done") - return - } - } - }() - return nil -} - -func (ter *TunneledEndpointReconciler) Stop() error { - return nil -} - -func (ter *TunneledEndpointReconciler) reconcile(ctx context.Context) error { - if !ter.leaderElector.IsLeader() { - ter.logger.Debug("Not the leader, not reconciling API endpoints") - return nil - } - - if err := ter.makeDefaultServiceInternalOnly(ctx); err != nil { - return fmt.Errorf("can't make `kubernetes` service be internal only: %w", err) - } - - if err := ter.reconcileEndpoint(ctx); err != nil { - return fmt.Errorf("can't reconcile endpoint for the default service: %w", err) - } - return nil -} - -func (ter TunneledEndpointReconciler) reconcileEndpoint(ctx context.Context) error { - c, err := ter.kubeClientFactory.GetClient() - if err != nil { - return err - } - - epClient := c.CoreV1().Endpoints("default") - - addresses, err := makeNodesAddresses(ctx, c) - if err != nil { - return err - } - if len(addresses) == 0 { - return nil - } - subsets := []corev1.EndpointSubset{ - { - Addresses: addresses, - Ports: []corev1.EndpointPort{ - { - Name: "https", - Protocol: "TCP", - Port: 6443, - }, - }, - }, - } - kubernetesEndpoint, err := epClient.Get(ctx, "kubernetes", metav1.GetOptions{}) - - if err != nil { - if errors.IsNotFound(err) { - return ter.createEndpoint(ctx, subsets) - } - return err - } - - kubernetesEndpoint.Subsets = subsets - _, err = epClient.Update(ctx, kubernetesEndpoint, metav1.UpdateOptions{}) - if err != nil { - return err - } - - return nil -} - -func makeNodesAddresses(ctx context.Context, c kubernetes.Interface) ([]corev1.EndpointAddress, error) { - nodes, err := c.CoreV1().Nodes().List(ctx, metav1.ListOptions{}) - if err != nil { - return nil, fmt.Errorf("can't list nodes: %w", err) - } - - addresses := make([]corev1.EndpointAddress, 0, len(nodes.Items)) - for _, node := range nodes.Items { - var publicAddr string - var internalAddr string - node := node - for _, addr := range node.Status.Addresses { - switch addr.Type { - case corev1.NodeInternalIP: - internalAddr = addr.Address - case corev1.NodeExternalIP: - publicAddr = addr.Address - } - } - if publicAddr == "" && internalAddr == "" { - continue - } - - // try use internal address, if not found fallback to public - address := internalAddr - if address == "" { - address = publicAddr - } - addresses = append(addresses, corev1.EndpointAddress{ - IP: address, - NodeName: &node.Name, - }) - } - return addresses, nil -} - -func (ter TunneledEndpointReconciler) createEndpoint(ctx context.Context, subsets []corev1.EndpointSubset) error { - - ep := &corev1.Endpoints{ - TypeMeta: metav1.TypeMeta{ - Kind: "Endpoints", - APIVersion: "v1", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: "kubernetes", - }, - Subsets: subsets, - } - - c, err := ter.kubeClientFactory.GetClient() - if err != nil { - return err - } - - _, err = c.CoreV1().Endpoints("default").Create(ctx, ep, metav1.CreateOptions{}) - if err != nil { - return fmt.Errorf("can't create new endpoints for kubernetes serice: %w", err) - } - - return nil -} - -func (ter TunneledEndpointReconciler) makeDefaultServiceInternalOnly(ctx context.Context) error { - c, err := ter.kubeClientFactory.GetClient() - if err != nil { - return err - } - - svcClient := c.CoreV1().Services("default") - - svc, err := svcClient.Get(ctx, "kubernetes", metav1.GetOptions{}) - if err != nil { - return fmt.Errorf("can't get default service: %w", err) - } - - newSvc := svc.DeepCopy() - p := corev1.ServiceInternalTrafficPolicyLocal - newSvc.Spec.InternalTrafficPolicy = &p - - if _, err := svcClient.Update(ctx, newSvc, metav1.UpdateOptions{}); err != nil { - return fmt.Errorf("can't update default service: %w", err) - } - return nil -} - -func NewTunneledEndpointReconciler(leaderElector leaderelector.Interface, kubeClientFactory k8sutil.ClientFactoryInterface) *TunneledEndpointReconciler { - return &TunneledEndpointReconciler{ - leaderElector: leaderElector, - kubeClientFactory: kubeClientFactory, - logger: logrus.WithFields(logrus.Fields{"component": "tunneled_endpoint_reconciler"}), - } -} diff --git a/pkg/component/controller/workerconfig/reconciler.go b/pkg/component/controller/workerconfig/reconciler.go index a5c8559037fb..fe5e7b25b65a 100644 --- a/pkg/component/controller/workerconfig/reconciler.go +++ b/pkg/component/controller/workerconfig/reconciler.go @@ -63,12 +63,11 @@ type resources = []*unstructured.Unstructured type Reconciler struct { log logrus.FieldLogger - clusterDomain string - clusterDNSIP net.IP - apiServerReconciliationEnabled bool - clientFactory kubeutil.ClientFactoryInterface - leaderElector leaderelector.Interface - konnectivityEnabled bool + clusterDomain string + clusterDNSIP net.IP + clientFactory kubeutil.ClientFactoryInterface + leaderElector leaderelector.Interface + konnectivityEnabled bool mu sync.Mutex state reconcilerState @@ -112,12 +111,11 @@ func NewReconciler(k0sVars *config.CfgVars, nodeSpec *v1beta1.ClusterSpec, clien reconciler := &Reconciler{ log: log, - clusterDomain: nodeSpec.Network.ClusterDomain, - clusterDNSIP: clusterDNSIP, - apiServerReconciliationEnabled: !nodeSpec.API.TunneledNetworkingMode, - clientFactory: clientFactory, - leaderElector: leaderElector, - konnectivityEnabled: konnectivityEnabled, + clusterDomain: nodeSpec.Network.ClusterDomain, + clusterDNSIP: clusterDNSIP, + clientFactory: clientFactory, + leaderElector: leaderElector, + konnectivityEnabled: konnectivityEnabled, state: reconcilerCreated, } @@ -187,20 +185,16 @@ func (r *Reconciler) Start(context.Context) error { r.runReconcileLoop(reconcilerCtx, updates, apply) }() - // Reconcile API server addresses if enabled. - if r.apiServerReconciliationEnabled { - go func() { - wait.UntilWithContext(reconcilerCtx, func(ctx context.Context) { - err := r.reconcileAPIServers(ctx, updates, stopped) - // Log any reconciliation errors, but only if they don't - // indicate that the reconciler has been stopped concurrently. - if err != nil && !errors.Is(err, reconcilerCtx.Err()) && !errors.Is(err, errStoppedConcurrently) { - r.log.WithError(err).Error("Failed to reconcile API server addresses") - } - }, 10*time.Second) - }() - } - + go func() { + wait.UntilWithContext(reconcilerCtx, func(ctx context.Context) { + err := r.reconcileAPIServers(ctx, updates, stopped) + // Log any reconciliation errors, but only if they don't + // indicate that the reconciler has been stopped concurrently. + if err != nil && !errors.Is(err, reconcilerCtx.Err()) && !errors.Is(err, errStoppedConcurrently) { + r.log.WithError(err).Error("Failed to reconcile API server addresses") + } + }, 10*time.Second) + }() // React to leader elector changes. Enforce a reconciliation whenever the // lease is acquired. r.leaderElector.AddAcquiredLeaseCallback(func() { @@ -261,7 +255,7 @@ func (r *Reconciler) runReconcileLoop(ctx context.Context, updates <-chan update return nil } - if desiredState.configSnapshot == nil || (r.apiServerReconciliationEnabled && len(desiredState.apiServers) < 1) { + if desiredState.configSnapshot == nil || len(desiredState.apiServers) < 1 { r.log.Debug("Skipping reconciliation, snapshot not yet complete") return nil } diff --git a/pkg/constant/constant_shared.go b/pkg/constant/constant_shared.go index a973738a63f1..37dde9e183ec 100644 --- a/pkg/constant/constant_shared.go +++ b/pkg/constant/constant_shared.go @@ -72,7 +72,7 @@ const ( /* Image Constants */ KonnectivityImage = "quay.io/k0sproject/apiserver-network-proxy-agent" - KonnectivityImageVersion = "0.0.33-k0s.1" + KonnectivityImageVersion = "v0.1.4" PushGatewayImage = "quay.io/k0sproject/pushgateway-ttl" PushGatewayImageVersion = "1.4.0-k0s.0" MetricsImage = "registry.k8s.io/metrics-server/metrics-server" diff --git a/pkg/constant/constant_shared_test.go b/pkg/constant/constant_shared_test.go index 13dafb60be6c..71b4a67454a5 100644 --- a/pkg/constant/constant_shared_test.go +++ b/pkg/constant/constant_shared_test.go @@ -33,7 +33,7 @@ import ( func TestConstants(t *testing.T) { for _, test := range []struct{ name, constant, varName string }{ - {"KonnectivityImageVersion", "v" + KonnectivityImageVersion, "konnectivity"}, + {"KonnectivityImageVersion", KonnectivityImageVersion, "konnectivity"}, {"KubeProxyImageVersion", KubeProxyImageVersion, "kubernetes"}, } { t.Run(test.name, func(t *testing.T) { diff --git a/static/manifests/v1beta1/CustomResourceDefinition/k0s.k0sproject.io_clusterconfigs.yaml b/static/manifests/v1beta1/CustomResourceDefinition/k0s.k0sproject.io_clusterconfigs.yaml index 1b564ed84630..4b88bdb778f0 100644 --- a/static/manifests/v1beta1/CustomResourceDefinition/k0s.k0sproject.io_clusterconfigs.yaml +++ b/static/manifests/v1beta1/CustomResourceDefinition/k0s.k0sproject.io_clusterconfigs.yaml @@ -64,10 +64,6 @@ spec: items: type: string type: array - tunneledNetworkingMode: - description: TunneledNetworkingMode indicates if we access to - KAS through konnectivity tunnel - type: boolean type: object controllerManager: description: ControllerManagerSpec defines the fields for the ControllerManager