Commit graph

3957 commits

Author SHA1 Message Date
Brad Davidson
7dadc8a18e Bump cni plugins to v1.9.1
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-03-16 16:07:57 -07:00
Manuel Buil
be98773c59 Bump Traefik helm chart version
Signed-off-by: Manuel Buil <mbuil@suse.com>
2026-03-16 21:46:01 +01:00
Brad Davidson
0c341c8899 Bump runc to v1.4.1
Some checks failed
govulncheck / govulncheck (push) Has been cancelled
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-03-13 21:03:24 -07:00
Brad Davidson
5c183fc25e Bump containerd to v2.2.2
Some checks failed
govulncheck / govulncheck (push) Has been cancelled
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-03-11 18:07:57 -07:00
Brad Davidson
c1043c4571 Bump traefik and local-path-provisioner
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 509562e215)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-03-11 18:07:57 -07:00
Brad Davidson
a52b2b5fa4 Use etcd-snapshot-retention as default for s3 if etcd-s3-retention is not set
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit f4bb1e60c3)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-03-11 18:07:57 -07:00
dependabot[bot]
e882039ee1 build(deps): bump github.com/pion/dtls/v3 from 3.0.6 to 3.0.11
Bumps [github.com/pion/dtls/v3](https://github.com/pion/dtls) from 3.0.6 to 3.0.11.
- [Release notes](https://github.com/pion/dtls/releases)
- [Commits](https://github.com/pion/dtls/compare/v3.0.6...v3.0.11)

---
updated-dependencies:
- dependency-name: github.com/pion/dtls/v3
  dependency-version: 3.0.11
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit 36785d1993)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-03-11 18:07:57 -07:00
dependabot[bot]
17ab728496 Bump github.com/docker/cli
Bumps [github.com/docker/cli](https://github.com/docker/cli) from 28.3.2+incompatible to 29.2.0+incompatible.
- [Commits](https://github.com/docker/cli/compare/v28.3.2...v29.2.0)

---
updated-dependencies:
- dependency-name: github.com/docker/cli
  dependency-version: 29.2.0+incompatible
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit 74ad4d3f09)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-03-11 18:07:57 -07:00
dependabot[bot]
cc083044ac Bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0
Bumps [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) from 1.39.0 to 1.40.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.39.0...v1.40.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-version: 1.40.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit f8c52914ed)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-03-11 18:07:57 -07:00
dependabot[bot]
18a89012dd Bump docker/setup-docker-action from 4 to 5
Bumps [docker/setup-docker-action](https://github.com/docker/setup-docker-action) from 4 to 5.
- [Release notes](https://github.com/docker/setup-docker-action/releases)
- [Commits](https://github.com/docker/setup-docker-action/compare/v4...v5)

---
updated-dependencies:
- dependency-name: docker/setup-docker-action
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit 7cd98146d8)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-03-11 18:07:57 -07:00
dependabot[bot]
8b21ab4ef5 Bump docker/setup-qemu-action from 3 to 4
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3 to 4.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit 3975a57306)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-03-11 18:07:57 -07:00
dependabot[bot]
ee071002dc Bump docker/build-push-action from 6 to 7
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6 to 7.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v6...v7)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit be7e63dd59)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-03-11 18:07:57 -07:00
dependabot[bot]
5c2a879b2e Bump DeterminateSystems/nix-installer-action from 17 to 21
Bumps [DeterminateSystems/nix-installer-action](https://github.com/determinatesystems/nix-installer-action) from 17 to 21.
- [Release notes](https://github.com/determinatesystems/nix-installer-action/releases)
- [Commits](https://github.com/determinatesystems/nix-installer-action/compare/v17...v21)

---
updated-dependencies:
- dependency-name: DeterminateSystems/nix-installer-action
  dependency-version: '21'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit de13a6435d)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-03-11 18:07:57 -07:00
Brad Davidson
eeee3af7c6 Drop use of github.com/gorilla/mux
mux is replaced with a simple wrapper around http.ServeMux with middleware chain support

Unfortunately github.com/rootless-containers/rootlesskit/pkg/parent
still uses it so we can't drop the indirect dep yet.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 3f5eec4c4e)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-03-11 18:07:57 -07:00
Brad Davidson
187094a8dd Replace merr.NewErrors with errors.Join
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 270484f01b)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-03-11 18:07:57 -07:00
Brad Davidson
5381978123 Update packages to remove dep on archived github.com/pkg/errors
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 3acf8db8f2)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-03-11 18:07:57 -07:00
github-actions[bot]
63062d9758 chore: Bump golang:alpine image version in Dockerfiles
Made with ❤️️ by updatecli

(cherry picked from commit 64207c324f)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-03-11 18:07:57 -07:00
Brad Davidson
ec5b42708c Bump klipper-lb and klipper-helm
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 6ffcd77ffd)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-03-11 18:07:57 -07:00
dependabot[bot]
42f2f69d77 Bump softprops/action-gh-release from 2.2.1 to 2.5.0
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.2.1 to 2.5.0.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/action-gh-release/compare/v2.2.1...v2.5.0)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: 2.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit 669bb79f08)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-03-11 18:07:57 -07:00
dependabot[bot]
5284f477da build(deps): bump aws-actions/configure-aws-credentials from 5 to 6
Bumps [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) from 5 to 6.
- [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases)
- [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws-actions/configure-aws-credentials/compare/v5...v6)

---
updated-dependencies:
- dependency-name: aws-actions/configure-aws-credentials
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit 340623bf53)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-03-11 18:07:57 -07:00
dependabot[bot]
f6de0ae56c build(deps): bump aquasecurity/trivy-action from 0.33.1 to 0.34.1
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.33.1 to 0.34.1.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.1)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.34.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit 7563007cd4)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-03-11 18:07:57 -07:00
dependabot[bot]
91dedfc973 build(deps): bump actions/stale from 10.1.1 to 10.2.0
Bumps [actions/stale](https://github.com/actions/stale) from 10.1.1 to 10.2.0.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v10.1.1...v10.2.0)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-version: 10.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit d648c8cb89)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-03-11 18:07:57 -07:00
dependabot[bot]
f820237ee0 Bump actions/download-artifact from 7 to 8
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 7 to 8.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v7...v8)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit 45bdf9c9f8)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-03-11 18:07:57 -07:00
Brad Davidson
6ea9e61ec3 Do not create etcd name file if etcd is not in use
etcd.setName was being called during managed driver creation, even if the managed driver (etcd) is not in use. Let etcd.Register handle calling setName.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 8908d5fcde)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-03-11 18:07:57 -07:00
Ada
fdcc754e72 Add nix-snapshotter integration test
Docker-based integration test that verifies nix-snapshotter works
with k3s. The test builds a nix hello image, starts k3s with
--snapshotter nix, pulls the image via nix:0 ref, and runs it as
a pod, verifying "Hello, world!" output.

Signed-off-by: Ada <ada@6bit.com>
Co-Authored-By: Joshua Perry <josh@6bit.com>
Signed-off-by: Ada <ada@6bit.com>
(cherry picked from commit 20c02eda5a)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-03-11 18:07:57 -07:00
Ada
4a468a208d Add nix-snapshotter support to the embedded containerd
Add support for the "nix" snapshotter, which enables running container
images built with nix2container. Nix images reference store paths
directly, avoiding layer tarballs and enabling deduplication through
the nix store.

Changes:
- Register nix-snapshotter as a builtin containerd plugin
- Add NixSupported() validation (checks nix-store is in PATH)
- Configure nix-snapshotter image service proxy in V2/V3 templates
  with containerd_address for CRI image operations
- Add Transfer service unpack_config with differ=walking for
  multi-arch support
- Use containerd state dir for socket path (rootless compatible)
- Disable NRI in rootless mode to prevent bind failures

Usage: k3s server --snapshotter nix

Signed-off-by: Ada <ada@6bit.com>
Co-Authored-By: Joshua Perry <josh@6bit.com>
Signed-off-by: Ada <ada@6bit.com>
(cherry picked from commit de59b6327c)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-03-11 18:07:57 -07:00
Fabiano Fidêncio
77b243929e config: add default imports to containerd base templates
Add imports to the generated containerd config so containerd loads
drop-in TOML files: config.toml.d for v2, config-v3.toml.d for v3
(e.g. /var/lib/rancher/k3s/agent/etc/containerd/config.toml.d and
/var/lib/rancher/k3s/agent/etc/containerd/config-v3.toml.d).

Also fix the v3 header comment to say config-v3.toml.tmpl instead
of config.toml.tmpl.

Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com>
(cherry picked from commit b51167a996)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-03-11 18:07:57 -07:00
Derek Nola
573223538a
Save cluster state before reencyrpting secrets with newly created key (#13773)
Signed-off-by: Derek Nola <derek.nola@suse.com>
2026-03-10 11:25:08 -07:00
github-actions[bot]
70403b7c43 chore: Update CoreDNS image version in manifests/coredns.yaml
Made with ❤️️ by updatecli

(cherry picked from commit 5855ed5345)
2026-03-09 20:12:57 -06:00
github-actions[bot]
c05f25fb66 chore: Update CoreDNS image version in scripts/airgap/image-list
Made with ❤️️ by updatecli

(cherry picked from commit 22e8e41356)
2026-03-09 20:12:57 -06:00
Rafael
f93a18d13d
Update to v1.33.9 (#13705)
Some checks failed
govulncheck / govulncheck (push) Has been cancelled
Signed-off-by: Rafael Breno <rafael_breno@outlook.com>
2026-02-27 13:47:27 -03:00
Manuel Buil
77981baa87 Bump Traefik to v3.6.9
Signed-off-by: Manuel Buil <mbuil@suse.com>
2026-02-27 16:23:24 +01:00
Brad Davidson
58c8edf69e Improve resilience of datastore bootstrap reconcile from etcd
Some checks are pending
govulncheck / govulncheck (push) Waiting to run
* Add store tests with fixtures
* Try connecting to local etcd first, if it is available
* Handle panics from etcd backend code
* Don't try to read WAL and restore v3 snapshots as they almost never exist

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit d300004f29)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-02-26 13:14:02 -08:00
Michael Moll
27dfa98a67 Install binutils-gold only for arm64 builds
Signed-off-by: Michael Moll <kvedulv@kvedulv.de>
(cherry picked from commit 39ccf3e075)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-02-26 13:14:02 -08:00
Brad Davidson
c628d5dc32 Bump kine to v0.14.12
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit ed7141a2ed)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-02-26 13:14:02 -08:00
Derek Nola
79bb336a5d Fix rootless test to work with -local flag
Signed-off-by: Derek Nola <derek.nola@suse.com>
2026-02-26 13:02:02 -08:00
Derek Nola
52bd766aa6 Revert "Move to rootlesskit v2 (#13486)"
This reverts commit f1b166f74f.

Signed-off-by: Derek Nola <derek.nola@suse.com>
2026-02-26 13:02:02 -08:00
Derek Nola
b06994d6be Bump rancher/systemd-node version for docker tests
Signed-off-by: Derek Nola <derek.nola@suse.com>
2026-02-26 13:02:02 -08:00
Derek Nola
346c832a18 Fix support for E2E commit installs
Signed-off-by: Derek Nola <derek.nola@suse.com>
2026-02-26 13:02:02 -08:00
Rafael
3552cfc260
Update to v1.33.8 (#13635)
Some checks failed
govulncheck / govulncheck (push) Has been cancelled
Signed-off-by: Rafael Breno <rafael_breno@outlook.com>
2026-02-11 11:59:12 -03:00
Brad Davidson
2b74b290a2 Fix removal of init node
Removing the initial node from the cluster would previously cause etcd to panic on startup. Fixes to etcd reconcile have stopped that from happening, but now the node will successfully come up and start a new cluster - which is not right either. Require either manual removal of DB files to create a new cluster, or setting server address to join an existing cluster.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-02-10 15:50:00 -08:00
Brad Davidson
2505a99041 Bump klipper-helm and klipper-lb images
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-02-10 14:57:00 -08:00
Rafael
2bf126ace7
Add registry prefix to image-list file (#13600)
Signed-off-by: Rafael Breno <rafael_breno@outlook.com>
2026-02-10 11:24:37 -03:00
Michael Fritch
288948f150
Merge pull request #13610 from mgfritch/coredns-1.14.1-metrics-server-0.8.1-release-1.33
[Release-1.33] - Bump to coredns 1.14.1 and metrics-server v0.8.1
2026-02-09 20:05:18 -07:00
Michael Fritch
ebe19355a9
Bump metrics-server to v0.8.1
Signed-off-by: Michael Fritch <mfritch@suse.com>
(cherry picked from commit 917aacfbd7)
2026-02-09 17:36:49 -07:00
github-actions[bot]
165d1092f2
chore: Bump rancher/mirrored-coredns-coredns image version
Made with ❤️️ by updatecli

(cherry picked from commit 61469dc334)
2026-02-09 17:36:49 -07:00
github-actions[bot]
e40d1b21c0
chore: Bump rancher/mirrored-coredns-coredns image version
Made with ❤️️ by updatecli

(cherry picked from commit fff51ec8b8)
2026-02-09 17:36:49 -07:00
Derek Nola
3b21a5488e
Fix VPN node IP not being applied to kubelet (#13562)
Some checks failed
govulncheck / govulncheck (push) Has been cancelled
Signed-off-by: zijiren233 <pyh1670605849@gmail.com>
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: zijiren <84728412+zijiren233@users.noreply.github.com>
2026-02-06 08:27:40 -08:00
Brad Davidson
dd8c453592 Bump kine for list/watch revision fixes
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-02-05 16:25:59 -08:00
Brad Davidson
bce480328b Add helper function for including stack trace with error message
Not currently used, but was useful in tracking down the specific call path for the empty token handling

Prints error as:
> `msg="Error: starting kubernetes: failed to start cluster: failed to normalize server token; must be in format K10<CA-HASH>::<USERNAME>:<PASSWORD> or <PASSWORD> at github.com/urfave/cli/v2.(*App).RunContext(app.go:333)->github.com/urfave/cli/v2.(*Command).Run(command.go:269)->github.com/urfave/cli/v2.(*Command).Run(command.go:276)->github.com/k3s-io/k3s/pkg/cli/server.Run(server.go:48)->github.com/k3s-io/k3s/pkg/cli/server.run(server.go:629)->github.com/k3s-io/k3s/pkg/server.StartServer(server.go:74)->github.com/k3s-io/k3s/pkg/daemons/control.Server(server.go:72)->github.com/k3s-io/k3s/pkg/cluster.(*Cluster).Start(cluster.go:75)->github.com/k3s-io/k3s/pkg/cluster.Save(storage.go:79)->github.com/k3s-io/k3s/pkg/util.NormalizeToken(token.go:51)"`

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit ce17fce058)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-02-05 14:50:00 -08:00