Backoff starts at 1s and doubles, up to max of 32 seconds
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 79b2e9ee84)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Replaces helm-job-image flag, and allows setting other new helm-controller options (job-resources and job-tolerations)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 9b575c4e56)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Add deprecation message in the flag description
Signed-off-by: Manuel Buil <mbuil@suse.com>
(cherry picked from commit 7595fe7b83)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
In the embedded executor, all Kubernetes components share a single
global utilfeature.DefaultFeatureGate. Feature gate flag parsing
normally occurs inside command.ExecuteContext(), but the API server's
REST storage registration can read the global gate before flags are
parsed, seeing alpha-default values instead of user-configured ones.
This causes an intermittent race condition where alpha feature gates
(e.g. InPlacePodVerticalScaling on K8s v1.32) are ignored even when
correctly configured via the k3s config file. The race depends on
goroutine scheduling: REST storage registration may complete before
the feature gate flag is parsed, causing the API server to not
register the corresponding subresources (e.g. pods/resize).
Fix: extract the feature-gates value from the API server args and
apply it to DefaultMutableFeatureGate before creating the API server
command and starting its goroutine. This ensures the global gate
reflects user configuration before any component reads it. The
subsequent flag parsing in ExecuteContext() will set the same values
again (idempotent).
Ref k3s-io/k3s#14286
AI-assisted: This change was developed with AI assistance.
Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>
(cherry picked from commit 43c121791c)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
fix: trim comment and include feature-gates value in warning
Apply reviewer suggestion: reduce verbose comment to a single line
and include the feature-gates value in the warning message.
Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>
(cherry picked from commit ae1d51f4f4)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
I am not sure if cre was used there on purpose, but it seems that the image service endpoint is the correct variable that should be used there.
Signed-off-by: Neil <khair_talap@outlook.com>
Signed-off-by: neiltalap <khair_talap@outlook.com>
(cherry picked from commit f6d226eaf3)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Image names are used to re-add the pinned label when importing is
skipped due to the image being skipped due to cache checks. This is done
once on startup, same as pinned label clearing.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit aed887dafb)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Expand unit tests for cridockerd and flannel packages
* Cover utility functions in loadbalancer package
* Add unit tests for encrypt/decrypt helper functions
* Add unit tests for isolated methods/functions
Signed-off-by: Derek Nola <derek.nola@suse.com>
The replace directive pinned golang.org/x/net to v0.49.0, which is
affected by CVE-2026-39821 / GO-2026-5026: idna.ToASCII and ToUnicode
incorrectly accept Punycode-encoded labels that decode to ASCII-only
labels, which can lead to a hostname-based privilege-escalation bypass.
govulncheck confirms the vulnerable symbol is reachable from k3s code
(idna.ToASCII via the http2 transport's authorityAddr when dialing the
apiserver, and via httpproxy config in pkg/agent/loadbalancer). The
fix is in golang.org/x/net v0.55.0.
This only touches the idna/http2 internals; k3s's direct use of the
proxy, context and http/httpproxy packages is unchanged and the bump
requires no code adaptation.
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
(cherry picked from commit c9e0bc85ed)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Amaan Ul Haq Siddiqui <amaanulhaq.s@outlook.com>
(cherry picked from commit ddf4dc023a)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>