* Update to v1.35.3
Signed-off-by: Rafael Breno <rafael_breno@outlook.com>
* Update how VERSION_GOLANG is set
Signed-off-by: Rafael Breno <rafael_breno@outlook.com>
---------
Signed-off-by: Rafael Breno <rafael_breno@outlook.com>
mux is replaced with a simple wrapper around http.ServeMux with middleware chain support
Unfortunately github.com/rootless-containers/rootlesskit/pkg/parent
still uses it so we can't drop the indirect dep yet.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Add support for the "nix" snapshotter, which enables running container
images built with nix2container. Nix images reference store paths
directly, avoiding layer tarballs and enabling deduplication through
the nix store.
Changes:
- Register nix-snapshotter as a builtin containerd plugin
- Add NixSupported() validation (checks nix-store is in PATH)
- Configure nix-snapshotter image service proxy in V2/V3 templates
with containerd_address for CRI image operations
- Add Transfer service unpack_config with differ=walking for
multi-arch support
- Use containerd state dir for socket path (rootless compatible)
- Disable NRI in rootless mode to prevent bind failures
Usage: k3s server --snapshotter nix
Signed-off-by: Ada <ada@6bit.com>
Co-Authored-By: Joshua Perry <josh@6bit.com>
Signed-off-by: Ada <ada@6bit.com>
* Add store tests with fixtures
* Try connecting to local etcd first, if it is available
* Handle panics from etcd backend code
* Don't try to read WAL and restore v3 snapshots as they almost never exist
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Upgrade docker/docker dependency from v25.0.8 to v25.0.13 to address
CVE-2025-54410 which affects Moby/Docker versions before 25.0.13.
This vulnerability could allow containers across different bridge networks
to access each other's ports when firewalld is reloaded, breaking network
isolation.
Signed-off-by: Rahul Rai <rahul.cncf@gmail.com>
Fixes HIGH CVE-2025-68156. This is an indirect dep from github.com/nats-io/jsm.go but it appears they have not yet bumped it either
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Update to v1.34.3-k3s1 and Go 1.24.11
Signed-off-by: Rafael Breno <rafael_breno@outlook.com>
* Switch to custom action Go setup
Signed-off-by: Rafael Breno <rafael_breno@outlook.com>
---------
Signed-off-by: Rafael Breno <rafael_breno@outlook.com>
New release is out, and the tag on our fork conflicted with upstream tag - our v2.6.2 should have been v2.6.2-k3s1 as it pointed at a different commit than the upstream tag
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
We do not use any vulnerable code from this project, but we should bump it anyway to pacify scanners
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Pass GOOS into Dockerfile.local build args
Fixes issue with build-windows job not actually building for windows
* Remove `go generate` from package-cli
We no longer use codegen in this repo
* Fix go:embed path separator on Windows
* Bump hcsshim for containerd 2.1 compat on windows
* Include failing lister in error message
* Bump k3s-io/api and k3s-io/helm-controller for embedded CRD windows path fix
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Fixes an issue where remotedialer clients may run into a deadlock when closing connections. This prevents the client from reconnecting to the server, and as the Close function has deadlocked, any health-checks that rely on checking remotedialer connection state will continue to pass as it claims to still be connected.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
These versions were replaced here in this project, but they would break projects that import k3s-io/k3s without also replacing them
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
