k0s build(deps): bump github.com/k0sproject/k0sctl from 0.19.0 to 0.19.2 in /hack/tool

Bumps github.com/k0sproject/k0sctl from 0.19.0 to 0.19.2.

Release notes

Sourced from github.com/k0sproject/k0sctl's releases.

v0.19.2

What's Changed

Fix k0s CPLB config parsing interface conversion panic by @kke in k0sproject/k0sctl#776

Full Changelog: https://github.com/k0sproject/k0sctl/compare/v0.19.1...v0.19.2

SHA256 Checksums
8892d497ff53a35e95255aa31fe3dd544a6c65304490c78baa999b4ed75f7e91 *k0sctl-linux-amd64
030545c43ef8bd320267677efd3a7e3a9f18d37f01960181b664a3f047b7e496 *k0sctl-linux-arm64
ce6ad5454a2787dafc43b0906aa9db351a1689df0bda5e3b3b0399d14d274b63 *k0sctl-linux-arm
bebeef270e11cd250772bc264b68a442d2ffc878c6b45cdcbc9ce3109c04d190 *k0sctl-win-amd64.exe
1fbb6fa2216d92c3ce6381067d3d3a01e864cc1f54b757149c2505e86c396d75 *k0sctl-darwin-amd64
a714b77c588d25f2f1cb97c7a7f03d333e9093e34bd4ce686e719fa8bb5417de *k0sctl-darwin-arm64
v0.19.1

What's Changed

Consider k0s onlyBindToAddress option when building API URLs by @kke in k0sproject/k0sctl#772

Fallback to CPLB virtual address when building kube API URLs by @kke in k0sproject/k0sctl#772

Validate worker connectivity to cluster-internal addresses instead of the public address by @kke in k0sproject/k0sctl#772

Remove all k0s config SANs manipulation in k0sctl as k0s does it on its own by @kke in k0sproject/k0sctl#772

Modifiable action.Apply for when using k0sctl as a library by @kke in k0sproject/k0sctl#769

Extract etcd membership validation into a separate phase by @kke in k0sproject/k0sctl#770

Use go1.23.2 and update dependencies by @kke in k0sproject/k0sctl#774

Full Changelog: https://github.com/k0sproject/k0sctl/compare/v0.19.0...v0.19.1

SHA256 Checksums
9b360ef47f1cac3669bd6ea44f1c8b2a5b6070c61085abf9c871df3267f44a39 *k0sctl-linux-amd64
d9aa1616d2c733b9af6cad5c99e4190eb15c41262608708d35a9320ad771422f *k0sctl-linux-arm64
2a803ee49306bbb2493d0581314145318c75801bd9240353869417cc8368a6a6 *k0sctl-linux-arm
f9db46f1ab2bf1c17a6436408960614ebd8f05b2aebdc676f8225c7eceb8f8a9 *k0sctl-win-amd64.exe
c0ac0f36342c14addeb6833c169c57cbbf8206a02d141bfd3260c6daa8e79cea *k0sctl-darwin-amd64
ec0007e79f699780a56d0634f7254ff3507add5143eedc7d1b7a941521ae05dd *k0sctl-darwin-arm64

Commits

081dfeb Fix k0s CPLB config parsing interface conversion panic (#776)
0646847 Use go1.23.2, update dependencies (#774)
09cfd11 Extract etcd membership check into a separate phase (#770)
4c6450d Merge pull request #772 from k0sproject/validate-connection-vrrp-ip
fd0ba50 Remove all SANs manipulation as k0s does it on its own
3f9f91d Validate worker connectivity to cluster-internal addresses
6b9054b Consider k0s onlyBindToAddress option when building API URLs
ec2a1f9 Fall back to CPLB virtual address in external API URL
b8a2fd0 Merge pull request #769 from k0sproject/modifiable-applyaction
5bc7203 Make Apply action phase list modifiable before Run()
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Oct 25 '24 13:10 dependabot[bot]

Need to check the OS tests first.

Oct 25 '24 18:10 twz123

https://github.com/k0sproject/k0s/actions/runs/11555710396

Oct 28 '24 14:10 twz123

https://github.com/k0sproject/k0s/actions/runs/11555710396

Still not working:

time="2024-10-28T14:16:16Z" level=error msg="could not create sonobuoy client: couldn't get sonobuoy api helper: could not get api group resources: Get "https://23.22.141.30:6443/api?timeout=32s": tls: failed to verify certificate: x509: certificate is valid for 127.0.0.1, 172.31.3.84, fe80::c52:27ff:fe02:1e19, 10.96.0.1, not 23.22.141.30"

@kke Mind to have a look?

Oct 28 '24 14:10 twz123

This pull request has merge conflicts that need to be resolved.

Oct 29 '24 18:10 github-actions[bot]

All SANs manipulation was removed from k0sctl as k0s does it on its own.

Looks like some of them were not redundant.

Oct 31 '24 12:10 kke

It was made in https://github.com/k0sproject/k0sctl/pull/772/commits/fd0ba50f48005339846446ffc2452db015e90272

spec.api.externalAddress, the private address and 127.0.0.1 used to be added to sans.

Oct 31 '24 13:10 kke

k0s does this:

// Sans return the given SANS plus all local addresses and externalAddress if given
func (a *APISpec) Sans() []string {
	sans, _ := iface.AllAddresses()
	sans = append(sans, a.Address)
	sans = append(sans, a.SANs...)
	if a.ExternalAddress != "" {
		sans = append(sans, a.ExternalAddress)
	}

	return stringslice.Unique(sans)
}

Oct 31 '24 13:10 kke

Could it be that 23.22.x.x is not returned from iface.AllAddresses()?

	sans = append(sans, a.Address)

k0sctl sets this to the private address of the node or the public one if not set.

Oct 31 '24 13:10 kke

Should k0sctl maybe default spec.api.externalAddress to leader's public address if empty? 🤔

Oct 31 '24 13:10 kke

Adding the public address to SANs could make sense since it could be a NAT address not actually existing on the host.

Nov 01 '24 07:11 kke

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

Nov 08 '24 06:11 dependabot[bot]