upstream/k3s
1
0
Fork 0
mirror of https://github.com/k3s-io/k3s.git synced 2026-02-03 20:39:49 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
3950 commits 39 branches 1002 tags 641 MiB
Commit graph

3950 commits

This branch
This branch
All branches
Author SHA1 Message Date
luojiyin
f42523c55f Fix atomic write in WriteSubnetFile 
- Use os.CreateTemp to avoid race conditions with fixed temp filename
   - Add f.Sync() before close to ensure data durability
   - Check all fmt.Fprintf errors instead of ignoring them
   - Preserve original file permissions when overwriting
   - Handle dir== edge case from filepath.Split
   - Check os.MkdirAll error
   - Proper cleanup on all error paths

Signed-off-by: luojiyin <luojiyin@hotmail.com>

Add documentation comments to WriteSubnetFile

   Clarify the design choices for atomic file writing:
   - Explain why CreateTemp is used (defense-in-depth, avoids pre-existing file issues)
   - Document the single-instance assumption
   - Note the permission preservation logic

Signed-off-by: luojiyin <luojiyin@hotmail.com>

Update WriteSubnetFile comment to clarify CreateTemp rationale

   Remove misleading reference to concurrent writes (K3s is single-instance).
   Focus on the actual benefits: avoiding stale temp files from crashes,
   handling unexpected permissions/ownership, and O_EXCL guarantees.

Signed-off-by: luojiyin <luojiyin@hotmail.com>

Refactor cleanup to use merr.NewErrors for better error aggregation

   Address review feedback from @brandond to improve error handling:
   - Change cleanup function to accept error parameter
   - Use merr.NewErrors to aggregate original error with Close/Remove errors
   - Simplify error handling with consistent return cleanup(err) pattern

Signed-off-by: luojiyin <luojiyin@hotmail.com>

Fix Close error handling to preserve original error

   Add cleanupNoClose helper to avoid double Close and preserve the
   original Close error when file close fails.

Signed-off-by: luojiyin <luojiyin@hotmail.com>
 2026-01-08 11:37:41 -08:00
Brad Davidson
926bbce8aa Drop use of deprecated docker reexec package 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2026-01-08 11:33:17 -08:00
Brad Davidson
ade30b4568 Bump CNI plugins 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2026-01-08 11:33:17 -08:00
Rafael
b167ee165d
Push GA images to staging registry (#13438) 
Signed-off-by: Rafael Breno <rafael_breno@outlook.com>
 2026-01-08 14:46:19 -03:00
Derek Nola
2e5f63ba37
Bump local path provisioner to v0.0.34 (#13430)
Some checks are pending
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
Details 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2026-01-07 13:31:26 -08:00
Brad Davidson
1f2f610b5a Remove flannel external-ip annotations when disabled
Some checks are pending
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
Details 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2026-01-07 11:58:56 -08:00
Derek Nola
2ef2865ebd Bump coredns to 1.13.2
Some checks failed
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Details 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2026-01-05 13:53:48 -08:00
Derek Nola
1fd611df35 Bump traefik to 3.6.6 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2026-01-05 13:53:48 -08:00
Brad Davidson
ae59cd0173 Add tests for etcd local reconcile
Some checks failed
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
Details
Install Script / build (push) Has been cancelled
Details
Install Script / Smoke Test (push) Has been cancelled
Details 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2026-01-05 09:59:29 -08:00
Brad Davidson
0563fc258f Fix etcd reconcile with empty TLS dirs 
Reconcile against local etcd would short-circuit and skip reading from the datastore if the cert dirs were missing.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2026-01-05 09:59:29 -08:00
Brad Davidson
d38b4b30cd Replace temporary etcd server with raw mvcc store access 
Fixes an issue where copying files out from under a currently-running etcd instance can cause startup reconcile to fail. Direct creation of a mvcc store without any of the raft stuff is faster, and gives us direct control over how the store handles snapshot recovery.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2026-01-05 09:59:29 -08:00
Brad Davidson
da15d31856 Don't enforce use of wg.Go instead of Add/Done 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2026-01-05 09:59:29 -08:00
dependabot[bot]
8e416186d7
Bump actions/cache from 4 to 5 (#13347) 
Bumps [actions/cache](https://github.com/actions/cache) from 4 to 5.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-05 09:41:31 -08:00
Ricardo Noriega
75cb83b672
Fix typos in documentation (#13411) 
Signed-off-by: Ricardo Noriega De Soto <rnoriega@redhat.com>
 2026-01-05 09:36:15 -08:00
Derek Nola
a8b4befa6d
Use Get, not Head for channel page (#13402) 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2026-01-05 09:35:06 -08:00
github-actions[bot]
9c89e960cd
chore: Bump Local Path Provisioner version (#13387) 
Made with ❤️️ by updatecli

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2026-01-05 09:32:38 -08:00
Derek Nola
fd48cd6233 Allow k3s secrets-encrypt enable on existing clusters
Some checks failed
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Details 
- Places an identity provider as a setup to enable later encryption
- Update secrets-encryption test
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2025-12-30 10:34:23 -08:00
Derek Nola
7ece08a0dc Bump rancher/systemd-node to v0.0.7 (SLES 16.0) 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2025-12-30 10:34:23 -08:00
Brad Davidson
f08deaf851 Bump stable to 1.34 and add 1.35
Some checks failed
Install Script / build (push) Has been cancelled
Details
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Details
Install Script / Smoke Test (push) Has been cancelled
Details 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-22 14:10:34 -08:00
dependabot[bot]
eb443b4179
Bump actions/download-artifact from 6 to 7 (#13346)
Some checks are pending
Install Script / build (push) Waiting to run
Details
Install Script / Smoke Test (push) Blocked by required conditions
Details
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
Details 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 6 to 7.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-22 09:22:56 -08:00
Rafael
149bb91da0
Update stable channel to v1.34.3+k3s1 (#13374) 
Signed-off-by: Rafael Breno <rafael_breno@outlook.com>
 2025-12-22 10:35:33 -03:00
Brad Davidson
421e364cc9 Fix PR lint checkout depth
Some checks failed
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Details 
Need to check out one deeper than the number of commits in order to compare to the target branch

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 14:46:59 -08:00
Brad Davidson
e44a77d475 lint: nested-structs
Some checks failed
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
Details
govulncheck / govulncheck (push) Has been cancelled
Details 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
fc506e56dd lint: unnecessary-format,use-errors-new 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
003fd4471c lint: unhandled-error 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
c1f02b8b19 lint: identical-switch-branches 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
8e0e37e303 lint: useless-break 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
91a41d8c30 lint: unnecessary-stmt 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
49d080c7b7 lint: unexported-return 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
46c7ade9e9 lint: unexported-naming 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
62d2737faa lint: unchecked-type-assertion 
Adds a generic wrapper around lru.Cache

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
83feb3c31d lint: superfluous-else 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
e416f10e3a lint: struct-tag 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
291086171b lint: redefines-builtin-id 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
26b4f21479 lint: indent-error-flow 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
4d1ad3d595 lint: import-alias-naming 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
d8af4f162a lint: if-return 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
f279a979b3 lint: exported 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
7c7e442be0 lint: empty-lines 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
100cb633a3 lint: duplicated-imports 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
23093122b0 lint: defer,get-return 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
1227f2c435 lint: bool-literal-in-expr 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
55f8d9f731 lint: bare-return 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
850de3d04d lint: deep-exit 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
5bf4dc7548 lint: comment-spacings 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
d9c4adc4cd lint: dot-imports 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
eee8234720 lint: use-any 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
316464975e lint: redundant-build-tag 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
8086d7cb25 lint: file is not properly formatted 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
900f6cfe8d Add lint/validate job 
`make validate` use to run in drone, move it into GHA

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00