The nodes controller was reading from the configmaps cache, but doesn't add any handlers, so if no other controller added configmap handlers, the cache would remain empty.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 888f866dae)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
The reconcile may run before the kubelet has created the node object; retry until it succeeds
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 82e3c32c9f)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Bump Trivy version (#9237)
* chore: Bump Trivy version
Made with ❤️️ by updatecli
* chore: Bump Trivy version
Made with ❤️️ by updatecli
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Derek Nola <derek.nola@suse.com>
* build: Align drone base images (#8959)
Align the base images used in drone with the images used across the
ecosystem.
Signed-off-by: Paulo Gomes <paulo.gomes@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: Paulo Gomes <paulo.gomes@suse.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Paulo Gomes <paulo.gomes@suse.com>
* Fix issue with bare host or IP as endpoint
* Fix issue with localhost registries not defaulting to http.
* Move the registry template prep to a separate function,
and adds tests of that function so that we can ensure we're
generating the correct content.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Fixes issue where proxy support only honored server address via K3S_URL, not CLI or config.
* Fixes crash when agent proxy is enabled, but proxy env vars do not return a proxy URL for the server address (server URL is in NO_PROXY list).
* Adds tests
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Fixes crash when killing agent while waiting for config from server
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 77846d63c1)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Moving it into config.Agent so that we can use or modify it outside the context of containerd setup
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 16d29398ad)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Layer leases never did what we wanted anyways, and this is the new approved interface for ensuring that images do not get GCd
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 5c99bdd9bd)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
These were always showing up as dev due to the build arg not being set by the drone step.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit eae221f9e5)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Forces other groups packaging k3s to intentionally choose to build k3s with an unvalidated golang version
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit b297996b92)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Render cri registry mirrors.x.endpoints and configs.x.tls into config_path; keep
using mirrors.x.rewrites and configs.x.auth those do not yet have an
equivalent in the new format.
The new config file format allows disabling containerd's fallback to the
default endpoint when using mirror endpoints; a new CLI flag is added to
control that behavior.
This also re-shares some code that was unnecessarily split into parallel
implementations for linux/windows versions. There is probably more work
to be done on this front but it's a good start.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit c45524e662)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
If a full reconcile wins the race against sync of an individual snapshot resource, or someone intentionally deletes the configmap, the data map could be nil and cause a crash.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 319dca3e82)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Also adds a test to ensure this continues to work.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit db7091b3f6)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
`$HOME` refers to `$DAPPER_SOURCE`, which is set in the same expression
and is thus not visible at the time of substitution.
This problem is not immediately visible with Docker, Inc.'s docker
merely because it resets an unset `$HOME` to `/root` (but still breaking
the Go cache). Under podman, this problem is immediately visible because
an unset `$HOME` remains unset and subsequently breaks the `go generate`
invocation.
Fixes#9089.
Signed-off-by: Ivan Shapovalov <intelfx@intelfx.name>
(cherry picked from commit a7fe1aaaa5)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
If the feature-gate is enabled, use status.hostIPs for dual-stack externalTrafficPolicy=Local support
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit a27d660a24)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Remove KubeletCredentialProviders and JobTrackingWithFinalizers feature-gates, both of which are GA and cannot be disabled.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
(cherry picked from commit 231cb6ed20)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>