upstream/k3s
1
0
Fork 0
mirror of https://github.com/k3s-io/k3s.git synced 2026-04-06 18:05:05 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
4048 commits 44 branches 1027 tags 651 MiB
Commit graph

442 commits

Author SHA1 Message Date
Brad Davidson
268322414f Bump containerd to v2.2.2
Some checks failed
govulncheck / govulncheck (push) Has been cancelled
Details
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Details 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2026-03-11 18:07:30 -07:00
Brad Davidson
f4bb1e60c3 Use etcd-snapshot-retention as default for s3 if etcd-s3-retention is not set 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2026-03-10 12:10:40 -07:00
Brad Davidson
3f5eec4c4e Drop use of github.com/gorilla/mux 
mux is replaced with a simple wrapper around http.ServeMux with middleware chain support

Unfortunately github.com/rootless-containers/rootlesskit/pkg/parent
still uses it so we can't drop the indirect dep yet.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2026-03-09 16:09:01 -07:00
Brad Davidson
3acf8db8f2 Update packages to remove dep on archived github.com/pkg/errors 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2026-03-09 16:09:01 -07:00
Derek Nola
2f527ff16b Revert "Move to rootlesskit v2 (#13486)" 
This reverts commit f1b166f74f.

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2026-02-26 08:38:14 -08:00
Derek Nola
f1b166f74f
Move to rootlesskit v2 (#13486) 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2026-01-21 10:14:10 -08:00
Derek Nola
fd48cd6233 Allow k3s secrets-encrypt enable on existing clusters
Some checks failed
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Details 
- Places an identity provider as a setup to enable later encryption
- Update secrets-encryption test
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2025-12-30 10:34:23 -08:00
Brad Davidson
fc506e56dd lint: unnecessary-format,use-errors-new 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
46c7ade9e9 lint: unexported-naming 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
291086171b lint: redefines-builtin-id 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
d8af4f162a lint: if-return 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
f279a979b3 lint: exported 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
7c7e442be0 lint: empty-lines 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
23093122b0 lint: defer,get-return 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
850de3d04d lint: deep-exit 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
5bf4dc7548 lint: comment-spacings 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
316464975e lint: redundant-build-tag 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
f783052df2 Fix airgap-extra-registry flag 
It is hidden and undocumented, but also apparently broken.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-11-21 09:25:00 -08:00
Derek Nola
14e919804d
Fix garbled CLI (#12899) 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2025-09-17 11:27:35 -07:00
Brad Davidson
4974fc7c24 Use sync.WaitGroup to avoid exiting before components have shut down 
Currently only waits on etcd and kine, as other components
are stateless and do not need to shut down cleanly.

Terminal but non-fatal errors now request shutdown via context
cancellation, instead of just logging a fatal error.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-09-17 09:37:08 -07:00
Brad Davidson
7e028854e7 Fix signal handling when pid 1 
When running K3s as a subprocess for reaping or logging purposes, properly wire up signals to send it SIGINT instead of just exiting immediately.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-09-17 09:37:08 -07:00
Brad Davidson
274498fb4d Add pkg/signals for signal handler setup 
Adds some additional functionality and prevents having to take a dep on wrangler in CLI code

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-09-17 09:37:08 -07:00
Brad Davidson
c837bfcdc7 Bump kine for metrics panic fix 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-09-03 09:52:51 -07:00
Brad Davidson
795091a809 Wire up kine metrics 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-08-27 13:41:16 -07:00
Brad Davidson
0ec47408e9 Do not bootstrap etcd-only nodes from existing supervisor 
Changes to how we bootstrap the agent and apiserver address list have
made this unnecessary since 5014c9e was merged, and it is creating
problems due to only etcd-only nodes not using their own config.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-08-25 22:16:48 -07:00
Vitor Savian
a238f33cdd
Add retention flag specific for s3 
* Add retention flag specific for s3
* Add retention for the unit tests:

Signed-off-by: Vitor Savian <vitor.savian@suse.com>
 2025-07-28 13:42:09 -03:00
Brad Davidson
5ce3db779d Update kine and use config defaults helper 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-07-11 10:10:13 -07:00
Vitor Savian
66102c5651
Refac shell completion to a better command structure 
* Refac for shell completion

Signed-off-by: Vitor Savian <vitor.savian@suse.com>

* Change FLAGS to OPTIONS

Signed-off-by: Vitor Savian <vitor.savian@suse.com>

* Refac bash and zsh func names

Signed-off-by: Vitor Savian <vitor.savian@suse.com>

* Refac bash and zsh func names

Signed-off-by: Vitor Savian <vitor.savian@suse.com>

---------

Signed-off-by: Vitor Savian <vitor.savian@suse.com>
 2025-07-10 13:38:54 -03:00
Manuel Buil
e6e301959f
Add usage description for etcd-snapshot (#12557) 2025-07-02 09:24:13 -07:00
haruna
d256968ee4 Improve shebang of bash completion script 
Signed-off-by: haruna <w10776e8w@yahoo.co.jp>
 2025-05-30 10:18:42 -07:00
Brad Davidson
dad64705d3 Fix startuphooks race condition panic 
Ensure startup hooks WaitGroup is initialized before starting goroutine that will wait on it

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-05-15 14:27:40 -07:00
Brad Davidson
10e3d40bf3 Sync datastore config defaults with kine CLI 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-05-09 15:32:53 -07:00
bo.jiang
4c1f014d27 Optimize certificate status check 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2025-05-08 11:57:29 -07:00
Brad Davidson
a8f0acbe52 Add CLI flag and config file for s3 bucket lookup type 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-05-07 11:50:22 -07:00
Vitor Savian
dc03cb4b3f
Update k8s version to 1.33 
* Update to 1.33

Signed-off-by: Vitor Savian <vitor.savian@suse.com>

* Fix prints that broke unit tests

Signed-off-by: Vitor Savian <vitor.savian@suse.com>

* Change binary max size to 75

Signed-off-by: Vitor Savian <vitor.savian@suse.com>

* Change containerd version to fix misspelling

Signed-off-by: Vitor Savian <vitor.savian@suse.com>

* Address binary size comment

Signed-off-by: Vitor Savian <vitor.savian@suse.com>

* Update Dependencies

Signed-off-by: Vitor Savian <vitor.savian@suse.com>

* Remove dependencie not used anymore

Signed-off-by: Vitor Savian <vitor.savian@suse.com>

---------

Signed-off-by: Vitor Savian <vitor.savian@suse.com>
 2025-04-30 04:43:37 -03:00
manuelbuil
9505f7ff3b Add error in certificate check 
Signed-off-by: manuelbuil <mbuil@suse.com>
 2025-04-10 13:22:43 +02:00
Derek Nola
fa69c45926 Align Value CLI 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2025-04-07 09:08:22 -07:00
Derek Nola
786efd1bff Mark rotate-keys as GA 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2025-04-07 09:08:22 -07:00
Derek Nola
aea3703f68 Implement secrets-encryption secretbox provider 
- Add testlet for new provider switch
- Handle migration between providers
- Add exception for criticalcontrolargs
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2025-04-07 09:08:22 -07:00
Brad Davidson
ee036f7bc9 Fix issue caused by default authorization-mode apiserver arg 
Move arg-parsing helper functions into util, and use them to see if the user has set an authorization-config flag - and do not set authorization-mode if so.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-03-31 17:09:43 -07:00
Brad Davidson
d45006be66 Move etcd ready channel into executor 
This eliminates the final channel that was being passed around in an internal struct. The ETCD management code passes in a func that can be polled until etcd is ready; the executor is responsible for polling this after etcd is started and closing the etcd ready channel at the correct time.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-03-24 12:42:29 -07:00
Brad Davidson
a8bc412422 Move container runtime ready channel into executor 
Move the container runtime ready channel into the executor interface, instead of passing it awkwardly between server and agent config structs

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-03-24 12:42:29 -07:00
Brad Davidson
529e748ac7 Move apiserver ready wait into common channel 
Splits server startup into prepare/start phases. Server's agent is now
started after server is prepared, but before it is started. This allows
us to properly bootstrap the executor before starting server components,
and use the executor to provide a shared channel to wait on apiserver
readiness.

This allows us to replace four separate callers of WaitForAPIServerReady
with reads from a common ready channel.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-03-24 12:42:29 -07:00
Derek Nola
ac38633c71
Migrate to UrfaveCLI v2 (#11831) 
* Bump rootlesskit tov 1.1.1, last of the v1 line
* Migrate to urfavecli v2
* Disable StringSlice seperattion

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2025-03-12 09:02:45 -07:00
Brad Davidson
d694dd1db9 Add periodic background snapshot reconcile 
Interval is configurable with new etcd-snapshot-reconcile-interval flag

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-03-05 12:18:19 -08:00
Brad Davidson
bed1f66880 Avoid use of github.com/pkg/errors functions that capture stack 
We are not making use of the stack traces that these functions capture, so we should avoid using them as unnecessary overhead.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-03-05 00:41:38 -08:00
Brad Davidson
5894af30ff Move CR APIs to k3s-io/api 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-02-24 11:17:27 -08:00
Brad Davidson
124e46bccf Upgrade containerd to v2.0.2 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-02-07 12:03:48 -08:00
Brad Davidson
85987ac23f Fix default pause image on windows 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-02-07 07:46:19 -08:00
Brad Davidson
838d68777f Fix permissions checks on windows 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-02-07 07:46:19 -08:00