- Use os.CreateTemp to avoid race conditions with fixed temp filename
- Add f.Sync() before close to ensure data durability
- Check all fmt.Fprintf errors instead of ignoring them
- Preserve original file permissions when overwriting
- Handle dir== edge case from filepath.Split
- Check os.MkdirAll error
- Proper cleanup on all error paths
Signed-off-by: luojiyin <luojiyin@hotmail.com>
Add documentation comments to WriteSubnetFile
Clarify the design choices for atomic file writing:
- Explain why CreateTemp is used (defense-in-depth, avoids pre-existing file issues)
- Document the single-instance assumption
- Note the permission preservation logic
Signed-off-by: luojiyin <luojiyin@hotmail.com>
Update WriteSubnetFile comment to clarify CreateTemp rationale
Remove misleading reference to concurrent writes (K3s is single-instance).
Focus on the actual benefits: avoiding stale temp files from crashes,
handling unexpected permissions/ownership, and O_EXCL guarantees.
Signed-off-by: luojiyin <luojiyin@hotmail.com>
Refactor cleanup to use merr.NewErrors for better error aggregation
Address review feedback from @brandond to improve error handling:
- Change cleanup function to accept error parameter
- Use merr.NewErrors to aggregate original error with Close/Remove errors
- Simplify error handling with consistent return cleanup(err) pattern
Signed-off-by: luojiyin <luojiyin@hotmail.com>
Fix Close error handling to preserve original error
Add cleanupNoClose helper to avoid double Close and preserve the
original Close error when file close fails.
Signed-off-by: luojiyin <luojiyin@hotmail.com>
Move flannel annotations into flannel setup, and use patch helpers to manage other node labels and annotations
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Flannel and VPN setup shouldn't be done in generic agent config as it is only
used with embeded executor's flannel CNI.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Allows properly delegating CNI startup to executor, so that it can be plugged in as platform and distro specific implimentation without relying on cli flag hacks
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Currently only waits on etcd and kine, as other components
are stateless and do not need to shut down cleanly.
Terminal but non-fatal errors now request shutdown via context
cancellation, instead of just logging a fatal error.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Wait for updated ready condition before starting netpol controller, to ensure that node IPs have been updated following a restart. The current checks only ensure that the taint is removed, which works for the initial join - but does not handle changing node IPs on restarts.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
The container runtime endpoint value is passed into cri-dockerd as the docker socket address, so we need to check for --docker BEFORE checking for non-nil --container-runtime-endpoint.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Move the `ipv4` and `ipv6` constants to their own constant
declaration. This ensures that the `iota` expression for the `ipv4`
constant evaluates to 0, not some arbitrary value. (`iota` evaluates
to N for the Nth constant in the constant declaration; see
<https://go.dev/ref/spec#Iota>.) This is also more idiomatic, which
improves readability.
Also switch from incremental integers to bit flags, and use bitwise
operators for checking. This is more idiomatic (the integer is
treated like a set of booleans), it avoids some code duplication, and
it is necessary to avoid ambiguity. Consider the following:
const (
ipv4 = iota
ipv6
)
In the above, `ipv4` would have the value 0 and `ipv6` would have the
value 1. This would make it impossible to distinguish an IPv6-only
stack from a dual-stack configuration because `ipv6` would equal
`ipv4 + ipv6`. With bit flags this problem doesn't exist.
And put the integer holding the bit flags in a custom type with
convenience methods to improve readability.
Signed-off-by: Richard Hansen <rhansen@rhansen.org>
Normally K3s will import all tarballs in the image dir on startup, and
re-import any tarballs that change while it is running.
This change allows users to opt into only importing tarballs that have
changed since they were last imported, even across restarts.
This behavior is opted into by touching a `.cache.json` file in the
images dir. This file is used to track the size and mtime of the image
files when they are imported.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Panic gets rescued by the http server, and was only visible when running in debug mode, but should be handled properly.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Adds maximum in-flight request limits to agent join and p2p peer info
request request handlers.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Move arg-parsing helper functions into util, and use them to see if the user has set an authorization-config flag - and do not set authorization-mode if so.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Move the container runtime ready channel into the executor interface, instead of passing it awkwardly between server and agent config structs
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Splits server startup into prepare/start phases. Server's agent is now
started after server is prepared, but before it is started. This allows
us to properly bootstrap the executor before starting server components,
and use the executor to provide a shared channel to wait on apiserver
readiness.
This allows us to replace four separate callers of WaitForAPIServerReady
with reads from a common ready channel.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Bump rootlesskit tov 1.1.1, last of the v1 line
* Migrate to urfavecli v2
* Disable StringSlice seperattion
Signed-off-by: Derek Nola <derek.nola@suse.com>
