* chore: Bump Trivy version
Made with ❤️️ by updatecli
* chore: Bump Trivy version
Made with ❤️️ by updatecli
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* Fix issue with bare host or IP as endpoint
* Fix issue with localhost registries not defaulting to http.
* Move the registry template prep to a separate function,
and adds tests of that function so that we can ensure we're
generating the correct content.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
This PR adds a new github stale action. This will replace our previous (and now deprecated) stalebot. Two notable differences are that issues will now go stale after 45 days of inactivity, and the most commonly used priority labels have been added for exemption.
Docs and list of inputs for stale action for reference here.
Signed-off-by: caroline-suse-rancher <caroline.davis@suse.com>
* Fixes issue where proxy support only honored server address via K3S_URL, not CLI or config.
* Fixes crash when agent proxy is enabled, but proxy env vars do not return a proxy URL for the server address (server URL is in NO_PROXY list).
* Adds tests
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Moving it into config.Agent so that we can use or modify it outside the context of containerd setup
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Layer leases never did what we wanted anyways, and this is the new approved interface for ensuring that images do not get GCd
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Forces other groups packaging k3s to intentionally choose to build k3s with an unvalidated golang version
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Render cri registry mirrors.x.endpoints and configs.x.tls into config_path; keep
using mirrors.x.rewrites and configs.x.auth those do not yet have an
equivalent in the new format.
The new config file format allows disabling containerd's fallback to the
default endpoint when using mirror endpoints; a new CLI flag is added to
control that behavior.
This also re-shares some code that was unnecessarily split into parallel
implementations for linux/windows versions. There is probably more work
to be done on this front but it's a good start.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
If a full reconcile wins the race against sync of an individual snapshot resource, or someone intentionally deletes the configmap, the data map could be nil and cause a crash.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
`$HOME` refers to `$DAPPER_SOURCE`, which is set in the same expression
and is thus not visible at the time of substitution.
This problem is not immediately visible with Docker, Inc.'s docker
merely because it resets an unset `$HOME` to `/root` (but still breaking
the Go cache). Under podman, this problem is immediately visible because
an unset `$HOME` remains unset and subsequently breaks the `go generate`
invocation.
Fixes#9089.
Signed-off-by: Ivan Shapovalov <intelfx@intelfx.name>
Signed-off-by: Yodo <pierre@azmed.co>
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: Pierre <129078893+pierre-az@users.noreply.github.com>
If the feature-gate is enabled, use status.hostIPs for dual-stack externalTrafficPolicy=Local support
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
When k3s is installed with INSTALL_K3S_SKIP_SELINUX_RPM=true or
INSTALL_K3S_SKIP_DOWNLOAD=true or INSTALL_K3S_SKIP_DOWNLOAD=selinux,
the following message(or similar) is seen on Amazon Linux 2023/Centos
```
[INFO] Skipping installation of SELinux RPM
[WARN] Failed to find the k3s-selinux policy, please install:
dnf install -y container-selinux
dnf install -y https://rpm.rancher.io/k3s/stable/common/centos/8/noarch/
[INFO] Creating /usr/bin/kubectl symlink to k3s
```
whereas now
```
[INFO] Skipping installation of SELinux RPM
[INFO] Creating /usr/bin/kubectl symlink to k3s
```
Signed-off-by: Harsimran Singh Maan <maan.harry@gmail.com>