upstream/k3s
1
0
Fork 0
mirror of https://github.com/k3s-io/k3s.git synced 2026-06-11 01:44:08 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
4153 commits 40 branches 1057 tags 660 MiB
Commit graph

451 commits

Author SHA1 Message Date
Brad Davidson
55b9400dfc Revert "Add runtime checking of golang version" 
This reverts commit b297996b92.
 2026-06-10 15:19:48 -07:00
Brad Davidson
d29a75314d Reduce GRPC console spam 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit f96256622a)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2026-06-10 15:19:48 -07:00
Brad Davidson
b0681da7dd Wire up flags to new kine config for T4 
T4 reuses datastore TLS config and etcd S3 flags, but needs to not
listen when bootstrapping TLS to avoid trying to connect to the peer
without certs.

T4 only uses TLS between peers when --kine-tls is enabled.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 7c0c335d68)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2026-06-03 14:52:18 -07:00
Brad Davidson
b970782970 Fix kine metrics registration 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit ad2fa9df0c)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2026-06-03 14:52:18 -07:00
Elysia
0a320d2f97 Fix token delete argument handling 
Signed-off-by: Elysia <148540043+elysia090@users.noreply.github.com>
(cherry picked from commit decbab618f)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2026-06-03 14:52:18 -07:00
Brad Davidson
32687ebb94 Move advertise-address setup before server prepare 
Prepare uses the SANs list, so all modifications to that need to be done before preparing

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit eaddca726c)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2026-05-07 18:49:29 -07:00
Brad Davidson
c28aca64ab Fix SANs added from comma-separated node-external-ip list 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2026-04-22 09:31:25 -07:00
Brad Davidson
f891548e32 Fix embedded excutor VPN config injection
Some checks are pending
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
Details 
Allow the executor to modify node config before certs are generated, and use this to add VPN node IPs to kubelet serving cert
 2026-04-14 09:03:05 -07:00
Brad Davidson
a666b7905c Add context to controller event recorders
Some checks failed
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
Details
govulncheck / govulncheck (push) Has been cancelled
Details 
Fixes issue where RKE2 event recorder events were not logged to console due to lack of logging context.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2026-03-25 15:32:15 -07:00
Brad Davidson
268322414f Bump containerd to v2.2.2
Some checks failed
govulncheck / govulncheck (push) Has been cancelled
Details
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Details 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2026-03-11 18:07:30 -07:00
Brad Davidson
f4bb1e60c3 Use etcd-snapshot-retention as default for s3 if etcd-s3-retention is not set 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2026-03-10 12:10:40 -07:00
Brad Davidson
3f5eec4c4e Drop use of github.com/gorilla/mux 
mux is replaced with a simple wrapper around http.ServeMux with middleware chain support

Unfortunately github.com/rootless-containers/rootlesskit/pkg/parent
still uses it so we can't drop the indirect dep yet.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2026-03-09 16:09:01 -07:00
Brad Davidson
3acf8db8f2 Update packages to remove dep on archived github.com/pkg/errors 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2026-03-09 16:09:01 -07:00
Derek Nola
2f527ff16b Revert "Move to rootlesskit v2 (#13486)" 
This reverts commit f1b166f74f.

Signed-off-by: Derek Nola <derek.nola@suse.com>
 2026-02-26 08:38:14 -08:00
Derek Nola
f1b166f74f
Move to rootlesskit v2 (#13486) 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2026-01-21 10:14:10 -08:00
Derek Nola
fd48cd6233 Allow k3s secrets-encrypt enable on existing clusters
Some checks failed
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Details 
- Places an identity provider as a setup to enable later encryption
- Update secrets-encryption test
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2025-12-30 10:34:23 -08:00
Brad Davidson
fc506e56dd lint: unnecessary-format,use-errors-new 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
46c7ade9e9 lint: unexported-naming 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
291086171b lint: redefines-builtin-id 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
d8af4f162a lint: if-return 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
f279a979b3 lint: exported 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
7c7e442be0 lint: empty-lines 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
23093122b0 lint: defer,get-return 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
850de3d04d lint: deep-exit 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
5bf4dc7548 lint: comment-spacings 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
316464975e lint: redundant-build-tag 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-12-18 11:20:07 -08:00
Brad Davidson
f783052df2 Fix airgap-extra-registry flag 
It is hidden and undocumented, but also apparently broken.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-11-21 09:25:00 -08:00
Derek Nola
14e919804d
Fix garbled CLI (#12899) 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2025-09-17 11:27:35 -07:00
Brad Davidson
4974fc7c24 Use sync.WaitGroup to avoid exiting before components have shut down 
Currently only waits on etcd and kine, as other components
are stateless and do not need to shut down cleanly.

Terminal but non-fatal errors now request shutdown via context
cancellation, instead of just logging a fatal error.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-09-17 09:37:08 -07:00
Brad Davidson
7e028854e7 Fix signal handling when pid 1 
When running K3s as a subprocess for reaping or logging purposes, properly wire up signals to send it SIGINT instead of just exiting immediately.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-09-17 09:37:08 -07:00
Brad Davidson
274498fb4d Add pkg/signals for signal handler setup 
Adds some additional functionality and prevents having to take a dep on wrangler in CLI code

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-09-17 09:37:08 -07:00
Brad Davidson
c837bfcdc7 Bump kine for metrics panic fix 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-09-03 09:52:51 -07:00
Brad Davidson
795091a809 Wire up kine metrics 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-08-27 13:41:16 -07:00
Brad Davidson
0ec47408e9 Do not bootstrap etcd-only nodes from existing supervisor 
Changes to how we bootstrap the agent and apiserver address list have
made this unnecessary since 5014c9e was merged, and it is creating
problems due to only etcd-only nodes not using their own config.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-08-25 22:16:48 -07:00
Vitor Savian
a238f33cdd
Add retention flag specific for s3 
* Add retention flag specific for s3
* Add retention for the unit tests:

Signed-off-by: Vitor Savian <vitor.savian@suse.com>
 2025-07-28 13:42:09 -03:00
Brad Davidson
5ce3db779d Update kine and use config defaults helper 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-07-11 10:10:13 -07:00
Vitor Savian
66102c5651
Refac shell completion to a better command structure 
* Refac for shell completion

Signed-off-by: Vitor Savian <vitor.savian@suse.com>

* Change FLAGS to OPTIONS

Signed-off-by: Vitor Savian <vitor.savian@suse.com>

* Refac bash and zsh func names

Signed-off-by: Vitor Savian <vitor.savian@suse.com>

* Refac bash and zsh func names

Signed-off-by: Vitor Savian <vitor.savian@suse.com>

---------

Signed-off-by: Vitor Savian <vitor.savian@suse.com>
 2025-07-10 13:38:54 -03:00
Manuel Buil
e6e301959f
Add usage description for etcd-snapshot (#12557) 2025-07-02 09:24:13 -07:00
haruna
d256968ee4 Improve shebang of bash completion script 
Signed-off-by: haruna <w10776e8w@yahoo.co.jp>
 2025-05-30 10:18:42 -07:00
Brad Davidson
dad64705d3 Fix startuphooks race condition panic 
Ensure startup hooks WaitGroup is initialized before starting goroutine that will wait on it

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-05-15 14:27:40 -07:00
Brad Davidson
10e3d40bf3 Sync datastore config defaults with kine CLI 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-05-09 15:32:53 -07:00
bo.jiang
4c1f014d27 Optimize certificate status check 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
 2025-05-08 11:57:29 -07:00
Brad Davidson
a8f0acbe52 Add CLI flag and config file for s3 bucket lookup type 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-05-07 11:50:22 -07:00
Vitor Savian
dc03cb4b3f
Update k8s version to 1.33 
* Update to 1.33

Signed-off-by: Vitor Savian <vitor.savian@suse.com>

* Fix prints that broke unit tests

Signed-off-by: Vitor Savian <vitor.savian@suse.com>

* Change binary max size to 75

Signed-off-by: Vitor Savian <vitor.savian@suse.com>

* Change containerd version to fix misspelling

Signed-off-by: Vitor Savian <vitor.savian@suse.com>

* Address binary size comment

Signed-off-by: Vitor Savian <vitor.savian@suse.com>

* Update Dependencies

Signed-off-by: Vitor Savian <vitor.savian@suse.com>

* Remove dependencie not used anymore

Signed-off-by: Vitor Savian <vitor.savian@suse.com>

---------

Signed-off-by: Vitor Savian <vitor.savian@suse.com>
 2025-04-30 04:43:37 -03:00
manuelbuil
9505f7ff3b Add error in certificate check 
Signed-off-by: manuelbuil <mbuil@suse.com>
 2025-04-10 13:22:43 +02:00
Derek Nola
fa69c45926 Align Value CLI 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2025-04-07 09:08:22 -07:00
Derek Nola
786efd1bff Mark rotate-keys as GA 
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2025-04-07 09:08:22 -07:00
Derek Nola
aea3703f68 Implement secrets-encryption secretbox provider 
- Add testlet for new provider switch
- Handle migration between providers
- Add exception for criticalcontrolargs
Signed-off-by: Derek Nola <derek.nola@suse.com>
 2025-04-07 09:08:22 -07:00
Brad Davidson
ee036f7bc9 Fix issue caused by default authorization-mode apiserver arg 
Move arg-parsing helper functions into util, and use them to see if the user has set an authorization-config flag - and do not set authorization-mode if so.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-03-31 17:09:43 -07:00
Brad Davidson
d45006be66 Move etcd ready channel into executor 
This eliminates the final channel that was being passed around in an internal struct. The ETCD management code passes in a func that can be polled until etcd is ready; the executor is responsible for polling this after etcd is started and closing the etcd ready channel at the correct time.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2025-03-24 12:42:29 -07:00