[release-1.35] Backports for 2026-01#13446
Merged
brandond merged 48 commits intok3s-io:release-1.35from Jan 9, 2026
Merged
Conversation
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 6 to 7. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v6...v7) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit eb443b4) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Bumps [actions/cache](https://github.com/actions/cache) from 4 to 5. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v4...v5) --- updated-dependencies: - dependency-name: actions/cache dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit 8e41618) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 2d313a6) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
`make validate` use to run in drone, move it into GHA Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 900f6cf) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 8086d7c) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 3164649) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit eee8234) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit d9c4adc) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 5bf4dc7) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 850de3d) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 55f8d9f) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 1227f2c) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 2309312) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 100cb63) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 7c7e442) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit f279a97) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit d8af4f1) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 4d1ad3d) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 26b4f21) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 2910861) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit e416f10) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 83feb3c) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Adds a generic wrapper around lru.Cache Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 62d2737) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 46c7ade) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 49d080c) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 91a41d8) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 8e0e37e) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit c1f02b8) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 003fd44) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit fc506e5) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit e44a77d) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Need to check out one deeper than the number of commits in order to compare to the target branch Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 421e364) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit f08deaf) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit da15d31) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Fixes an issue where copying files out from under a currently-running etcd instance can cause startup reconcile to fail. Direct creation of a mvcc store without any of the raft stuff is faster, and gives us direct control over how the store handles snapshot recovery. Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit d38b4b3) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Reconcile against local etcd would short-circuit and skip reading from the datastore if the cert dirs were missing. Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 0563fc2) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit ae59cd0) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 1f2f610) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit ade30b4) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 926bbce) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
- Use os.CreateTemp to avoid race conditions with fixed temp filename - Add f.Sync() before close to ensure data durability - Check all fmt.Fprintf errors instead of ignoring them - Preserve original file permissions when overwriting - Handle dir== edge case from filepath.Split - Check os.MkdirAll error - Proper cleanup on all error paths Signed-off-by: luojiyin <luojiyin@hotmail.com> Add documentation comments to WriteSubnetFile Clarify the design choices for atomic file writing: - Explain why CreateTemp is used (defense-in-depth, avoids pre-existing file issues) - Document the single-instance assumption - Note the permission preservation logic Signed-off-by: luojiyin <luojiyin@hotmail.com> Update WriteSubnetFile comment to clarify CreateTemp rationale Remove misleading reference to concurrent writes (K3s is single-instance). Focus on the actual benefits: avoiding stale temp files from crashes, handling unexpected permissions/ownership, and O_EXCL guarantees. Signed-off-by: luojiyin <luojiyin@hotmail.com> Refactor cleanup to use merr.NewErrors for better error aggregation Address review feedback from @brandond to improve error handling: - Change cleanup function to accept error parameter - Use merr.NewErrors to aggregate original error with Close/Remove errors - Simplify error handling with consistent return cleanup(err) pattern Signed-off-by: luojiyin <luojiyin@hotmail.com> Fix Close error handling to preserve original error Add cleanupNoClose helper to avoid double Close and preserve the original Close error when file close fails. Signed-off-by: luojiyin <luojiyin@hotmail.com> (cherry picked from commit f42523c) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Fixes HIGH CVE-2025-68156. This is an indirect dep from github.com/nats-io/jsm.go but it appears they have not yet bumped it either Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit e4f6784) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit efeacc1) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Spegel insists on checking containerd features when the store is created, so defer creating it until after contaienerd is up Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 2ed73be) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Manifest from https://raw.githubusercontent.com/longhorn/longhorn/v1.10.1/deploy/longhorn.yaml - with modifications to use rancher-mirrored images to avoid image pull rate limits, and allow operation on a node with fewer resources. Also adds more log dumping on integration test failure. Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 9587f67) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Includes the long-awaited fixes from * k3s-io/kine#549 Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 8c3587d) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
* Move cleanup earlier, to prevent running out of space when restoring caches * Consistently use local setup-go action to avoid saving cache on PR runs * Update local setup-go action Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 358c8cc) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## release-1.35 #13446 +/- ##
================================================
- Coverage 21.51% 21.44% -0.08%
================================================
Files 187 190 +3
Lines 15332 15480 +148
================================================
+ Hits 3299 3320 +21
- Misses 11580 11707 +127
Partials 453 453
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
ShylajaDevadiga
approved these changes
Jan 9, 2026
mgfritch
approved these changes
Jan 9, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Proposed Changes
Backports:
Types of Changes
backports
Verification
see linked issues
Testing
Linked Issues
User-Facing Change
Further Comments