4093 commits

This branch

This branch

All branches

Author	SHA1	Message	Date
jvassev	913005658c	tunnel: handle pod IP reuse (#13212) ... * tunnel: handle pod IP reuse a valid tunnel/session may be deleted when an IP is reused while a Complete pod (for example a job) was using that IP but is being gc'ed. This causes timeouts to webhooks after directDial is attempted because session was removed. Solution is to track the owner of the IP and delete the entry only when the the owner pod is deleted. Signed-off-by: Julian Vassev <jvassev@gmail.com>	2025-11-19 20:43:36 -08:00
Brad Davidson	ed57fb5e61	Fix windows build os (#13201) ... * Pass GOOS into Dockerfile.local build args Fixes issue with build-windows job not actually building for windows * Remove `go generate` from package-cli We no longer use codegen in this repo * Fix go:embed path separator on Windows * Bump hcsshim for containerd 2.1 compat on windows * Include failing lister in error message * Bump k3s-io/api and k3s-io/helm-controller for embedded CRD windows path fix Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2025-11-15 02:02:12 -08:00
Rafael	c86b66d05c	Add id-token (#13209) ... Signed-off-by: Rafael Breno <rafael_breno@outlook.com>	2025-11-13 17:25:11 -03:00
Rafael	3cdb5f8cf5	Update to v1.34.2-k3s1 and Go 1.24.9 (#13204) ... Signed-off-by: Rafael Breno <rafael_breno@outlook.com>	2025-11-13 15:45:18 -03:00
Derek Nola	8215b940e3	Bump klipper-helm and helm-controller (#13187) ... Signed-off-by: Derek Nola <derek.nola@suse.com>	2025-11-11 12:49:23 -08:00
Roberto Bonafiglia	3530ab5915	Fix tailscale setup in case of an already running configuration ... Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>	2025-11-11 12:58:21 +01:00
Brad Davidson	7146e2000e	Fix apiserver starting before remote etcd is up ... Fixes issue where the apiserver on control-plane-only nodes does not actually wait for a connection to etcd to be available before starting. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2025-11-07 10:32:02 -08:00
Rafael	8f781acff4	[main] Add Prime assets upload (#13160) ... * Add Prime assets upload Signed-off-by: Rafael Breno <rafael_breno@outlook.com> * fixes Signed-off-by: Rafael Breno <rafael_breno@outlook.com> --------- Signed-off-by: Rafael Breno <rafael_breno@outlook.com>	2025-11-07 12:04:41 -03:00
Brad Davidson	858b109b92	Fix adding OwnerReferences to Nodes seen from initial list ... Apparently Kubernetes objects may not have TypeMeta (APIVersion and Kind) fields set if they come from a List response - so we can't count on the objects passed to the handler having these properly set. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2025-11-06 19:41:14 -08:00
Brad Davidson	e438a3c1a0	Bump containerd to v2.1.5 ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2025-11-06 18:23:44 -08:00
Brad Davidson	a2663f8884	Bump remotedialer to fix deadlock on connection close ... Fixes an issue where remotedialer clients may run into a deadlock when closing connections. This prevents the client from reconnecting to the server, and as the Close function has deadlocked, any health-checks that rely on checking remotedialer connection state will continue to pass as it claims to still be connected. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2025-11-06 10:31:48 -08:00
Brad Davidson	fdc356a9ce	Bump runc to v1.3.3 ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2025-11-05 14:34:47 -08:00
Derek Nola	b8f6f958c8	Streamline E2E startup test (#13137) ... * Streamline E2E startup test - Remove ineffective testlet on prefer-bundled-bin - Minimize waiting for kubeconfig testlet - Only kill docker containers for cri-dockerd testlet * Migrate bad token testlet from E2E to Integration test Signed-off-by: Derek Nola <derek.nola@suse.com>	2025-11-03 09:03:07 -08:00
Derek Nola	b9e90d3e51	Don't look at head for upgrade channel (#13130) ... Signed-off-by: Derek Nola <derek.nola@suse.com>	2025-10-31 11:54:40 -07:00
dependabot[bot]	2459bf7c84	Bump actions/upload-artifact from 4 to 5 (#13104) ... Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-10-31 09:33:34 -07:00
Derek Nola	72ca761529	Migrate Docker Image publishing to GitHub Actions ... Signed-off-by: Derek Nola <derek.nola@suse.com>	2025-10-30 11:31:47 -07:00
Derek Nola	19e8f83d1d	Only run arm64 and amd64 test stage on drone tags ... Signed-off-by: Derek Nola <derek.nola@suse.com>	2025-10-30 11:31:47 -07:00
Brad Davidson	e1238095f0	Bump kine to 0.14.6 ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2025-10-29 15:49:40 -07:00
dependabot[bot]	9e1003029c	Bump actions/download-artifact from 5 to 6 ... Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 5 to 6. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2025-10-29 10:30:30 +01:00
Derek Nola	602d43081e	Migrate dispatch pipeline into GitHub Actions (#13105) ... Signed-off-by: Derek Nola <derek.nola@suse.com>	2025-10-28 09:13:04 -07:00
Brad Davidson	d8790220ff	Move node password secrets into dedicated controller ... Move the node password secret cleanup into its own dedicated controller that also handles auth. We now use a filtered cache of only node-password secrets, instead of using the wrangler secret cache, which stores all secrets from all namespaces. The coredns node-hosts controller also now uses a single-resource watch cache on the coredns configmap, instead of reading it from the apiserver every time a node changes. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2025-10-27 15:06:45 -07:00
Brad Davidson	139d64c129	Create node-password secrets with custom Type ... Allows list/watch node password secrets with fieldselector Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2025-10-27 15:06:45 -07:00
Brad Davidson	d622b18c20	Remove node password file migration code ... K3s stopped using node password files in v1.19 (92d04355f4), so we do not need to support migrating off these any longer. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2025-10-27 15:06:45 -07:00
Brad Davidson	0d9ef273d8	Remove node addresses from filter when node is deleted ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2025-10-27 15:06:45 -07:00
Brad Davidson	171644cf0c	Replace raw ListWatch with NewListWatchFromClient ... NewListWatchFromClient replaces a bunch of boilerplate, and is also context-aware Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2025-10-27 15:06:45 -07:00
Brad Davidson	d50a4a894e	Fix invalid replaced versions ... These versions were replaced here in this project, but they would break projects that import k3s-io/k3s without also replacing them Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2025-10-22 18:53:49 -07:00
Brad Davidson	92a0b7eec2	Bump helm-controller/klipper-helm ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2025-10-22 18:53:01 -07:00
Derek Nola	cfcc9ef65e	Add docker dualstack test (#13070) ... Signed-off-by: Derek Nola <derek.nola@suse.com>	2025-10-22 10:38:21 -07:00
Rafael	5aca8e24b1	Update dispatch script (#13079) ... Signed-off-by: Rafael Breno <rafael_breno@outlook.com>	2025-10-21 16:25:58 -03:00
Jarett Stevens	6381cad10f	rootless ports: add support for udp ... Signed-off-by: Jarett Stevens <jarett.stevens@gmail.com>	2025-10-20 10:44:18 -07:00
Derek Nola	517df31f65	Fix postgres DB container args for nightly conformance (#13069) ... Signed-off-by: Derek Nola <derek.nola@suse.com>	2025-10-16 09:00:47 -07:00
dependabot[bot]	481cd6002a	Bump ossf/scorecard-action from 2.4.2 to 2.4.3 (#13026) ... Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.4.2 to 2.4.3. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](05b42c6244...4eaacf0543) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-version: 2.4.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-10-16 09:00:23 -07:00
dependabot[bot]	65932372c7	Bump github/codeql-action from 3 to 4 (#13065) ... Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3...v4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-10-16 09:00:11 -07:00
dependabot[bot]	989c07f6a2	Bump actions/stale from 10.0.0 to 10.1.0 (#13025) ... Bumps [actions/stale](https://github.com/actions/stale) from 10.0.0 to 10.1.0. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/stale/compare/v10.0.0...v10.1.0) --- updated-dependencies: - dependency-name: actions/stale dependency-version: 10.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-10-16 09:00:03 -07:00
Derek Nola	24dda29fb8	Cleanup wording and decisions on various ADRs (#13068) ... Signed-off-by: Derek Nola <derek.nola@suse.com>	2025-10-15 09:19:54 -07:00
Brad Davidson	0e5bc29d34	Bump kine for idle progress fix ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2025-10-10 12:00:06 -07:00
Khwaja Faraz Ahmed	e8e76e3cf3	move to 1.13.1 ... Signed-off-by: Khwaja Faraz Ahmed <khwaja.ahmed@securiti.ai>	2025-10-09 10:51:11 -07:00
Khwaja Faraz Ahmed	1511d362a4	Bump coredns to v1.12.4 ... Signed-off-by: Khwaja Faraz Ahmed <khwaja.ahmed@securiti.ai>	2025-10-09 10:51:11 -07:00
Brad Davidson	701cc35b7a	Bump kine=v0.14.4, etcd=v3.6.5 ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2025-10-09 07:41:55 -07:00
Will Stephenson	6ba8efd7a1	create policy hint only when all variables defined ... Signed-off-by: Will Stephenson <wstephenson@suse.com>	2025-10-08 15:01:51 -07:00
Roberto Bonafiglia	09762a57df	Update flannel, kube-router and cni plugins ... Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>	2025-10-08 09:31:31 +02:00
Brad Davidson	ef6d6f4c36	Bump kine for postgres object count fix ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2025-10-02 09:49:01 -07:00
Brad Davidson	89adabb672	Drop calls to rand.Seed ... The rng has been automatically seeded since go1.20, and explicitly seeding it has been a no-op since go1.24. Ref: https://go.dev/doc/godebug#go-120 and https://go.dev/doc/godebug#go-124 Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2025-10-02 09:47:25 -07:00
Rafael	3190f30de8	Update stable channel to v1.33.5+k3s1 (#13017) ... Signed-off-by: Rafael Breno <rafael_breno@outlook.com>	2025-10-02 12:44:06 -03:00
Brad Davidson	7a41cce152	Fix ability to rotate server token to an invalid format ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2025-09-30 10:16:04 -07:00
Ashiq N	565d50a3b1	Create dynamic-cert-regenerate file in CA cert rotation handler ... Signed-off-by: Ashiq N <ashiqmoh70@gmail.com>	2025-09-30 10:10:56 -07:00
Brad Davidson	6edbae331b	Fix bootstrap charts ... Use https port for helm-controller bootstrap charts instead of apiserver internal port, which does not listen on all address families in K3s since it is just set to avoid having the apiserver conflict with the supervisor port. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2025-09-30 09:53:43 -07:00
Robert Rose	9a6f602c75	Fix handling of vendored dependencies in version script ... The script formerly failed when a module could not be resolved using the vendor directory. It now ignores the vendor directory. Signed-off-by: Robert Rose <robert.rose@mailbox.org>	2025-09-30 09:41:16 -07:00
Fabian 'xx4h' Sylvester	39d89153da	fix: default forward after override imports ... fixes #12979 Signed-off-by: Fabian 'xx4h' Sylvester <xx4h@xx4h.de>	2025-09-29 11:58:10 -07:00
Brad Davidson	59b4a9d738	Bump kine to v0.14.2 for schema fix ... Signed-off-by: Brad Davidson <brad.davidson@rancher.com>	2025-09-25 10:20:39 -07:00