[release-1.27] Backports for 2024-01 #9211
Commits on Jan 10, 2024
-
Remove GA feature-gates (k3s-io#8970)
Remove KubeletCredentialProviders and JobTrackingWithFinalizers feature-gates, both of which are GA and cannot be disabled. Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 231cb6e) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
-
Add ServiceLB support for PodHostIPs FeatureGate
If the feature-gate is enabled, use status.hostIPs for dual-stack externalTrafficPolicy=Local support Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit a27d660) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
-
chore: Bump Trivy version (k3s-io#8739)
Made with ❤️️ by updatecli Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
-
optimize: Simplify and clean up Dockerfile (k3s-io#8244)
Signed-off-by: Leke Ariyo <lekeariyo2015@gmail.com> Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
-
Dockerfile.dapper: set $HOME properly
`$HOME` refers to `$DAPPER_SOURCE`, which is set in the same expression and is thus not visible at the time of substitution. This problem is not immediately visible with Docker, Inc.'s docker merely because it resets an unset `$HOME` to `/root` (but still breaking the Go cache). Under podman, this problem is immediately visible because an unset `$HOME` remains unset and subsequently breaks the `go generate` invocation. Fixes k3s-io#9089. Signed-off-by: Ivan Shapovalov <intelfx@intelfx.name> (cherry picked from commit a7fe1aa) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
-
Fix the OTHER log message that prints the wrong variable
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 1e66362) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
-
Handle logging flags when parsing kube-proxy args
Also adds a test to ensure this continues to work. Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit db7091b) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
-
Fix nil map in full snapshot configmap reconcile
If a full reconcile wins the race against sync of an individual snapshot resource, or someone intentionally deletes the configmap, the data map could be nil and cause a crash. Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 319dca3) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
-
Add support for containerd cri registry config_path
Render cri registry mirrors.x.endpoints and configs.x.tls into config_path; keep using mirrors.x.rewrites and configs.x.auth those do not yet have an equivalent in the new format. The new config file format allows disabling containerd's fallback to the default endpoint when using mirror endpoints; a new CLI flag is added to control that behavior. This also re-shares some code that was unnecessarily split into parallel implementations for linux/windows versions. There is probably more work to be done on this front but it's a good start. Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit c45524e) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
-
Add more paths to crun runtime detection (k3s-io#9086)
* add usr/local paths for crun detection Signed-off-by: Lex Rivera <me@lex.io> (cherry picked from commit 5fe074b) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
-
Add runtime checking of golang version
Forces other groups packaging k3s to intentionally choose to build k3s with an unvalidated golang version Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit b297996) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
-
Fix OS PRETTY_NAME on tagged releases
These were always showing up as dev due to the build arg not being set by the drone step. Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit eae221f) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
-
Pin images instead of locking layers with lease
Layer leases never did what we wanted anyways, and this is the new approved interface for ensuring that images do not get GCd Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 5c99bdd) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
-
Move registries.yaml load into agent config
Moving it into config.Agent so that we can use or modify it outside the context of containerd setup Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 16d2939) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
-
Propagate errors up from config.Get
Fixes crash when killing agent while waiting for config from server Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 77846d6) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
-
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit b8f3967) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
-
Add server CLI flag and config fields for embedded registry
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit ef90da5) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
-
Add embedded registry implementation
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 37e9b87) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
-
Add e2e test for embedded registry mirror
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 6072476) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
-
Enable network policy controller metrics
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit ab8d2f5) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
-
Bump quic-go for CVE-2023-49295
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
