* Add a warning to the config.toml file
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Brad Davidson <brad@oatmail.org>

We need to send the full chain in order for cross-signing to work
properly during switchover to a new root.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

Signed-off-by: Daishan Peng <daishan@acorn.io>

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Match golang.org/x/net with flannel version
* Match golang.org/x/sys with containerd version
* Update wrangler to 1.1.1
* Update gax-go to v2.1.1
* Isolate E2E terraform dependencies
* Bump containerd
Signed-off-by: Derek Nola <derek.nola@suse.com>

* Update kube-router version to fix iptables rules
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>

* Update Flannel to v0.21.3
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>

---------
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>

* Update to v1.24.11
* the go version will be updated to match upstream in dockerfiles and gh workflows
---------
Signed-off-by: matttrach <matttrach@gmail.com>

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

Turns out etcd-only nodes were never running **any** of the controllers,
so allowing multiple controllers didn't really fix things.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

Addresses an issue where etcd controllers did not run on etcd-only nodes
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>

Signed-off-by: Paul Donohue <git@PaulSD.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit b43dd774)

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit c900089e)

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 87f9c4ab)

Allow bootstrapping with kubeadm bootstrap token strings or existing
Kubelet certs. This allows agents to join the cluster using kubeadm
bootstrap tokens, as created with the `k3s token create` command.

When the token expires or is deleted, agents can successfully restart by
authenticating with their kubelet certificate via node authentication.
If the token is gone and the node is deleted from the cluster, node auth
will fail and they will be prevented from rejoining the cluster until
provided with a valid token.

Servers still must be bootstrapped with the static cluster token, as
they will need to know it to decrypt the bootstrap data.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 992e6499)

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 373df1c8)

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit be7f7518)

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 8a6404f9)

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 9b6b7294)

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit f13768c2)

This command must be run on a server while the service is running. After this command completes, all the servers in the cluster should be restarted to load the new CA files.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 215fb157)

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 3c324335)

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 58d40327)

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 0919ec67)

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 1ec242d8)

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

Prevents errors when starting with fail-closed webhooks

Also, use panic instead of Fatalf so that the CloudControllerManager rescue can handle the error
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>

* Bump wrangler version for EndpointSlice support
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 94d1a875)

* Honor Service ExternalTrafficPolicy
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 369b81b4)

* go generate
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 1c6fde9a)

* Ignore conflict secrets
Signed-off-by: Derek Nola <derek.nola@suse.com>

* Consolidate E2E tests and GH Actions (#6772)

* Consolidate cluster reset and snapshot E2E tests
* Add more context to secrets-encryption test
* Reuse build workflow
* Convert updatecli to job level permissions
* Remove dweomer microos from E2E and install testing
Signed-off-by: Derek Nola <derek.nola@suse.com>

* E2E: Consoldiate docker and prefer bundled tests into new startup test (#6851)

* Convert docker E2E to startup E2E
* Move preferedbundled into the e2e startup test
Signed-off-by: Derek Nola <derek.nola@suse.com>

---------
Signed-off-by: Derek Nola <derek.nola@suse.com>