From 4edc3b8031ec7ce01ec709d89e0e13b5b59ca2c3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 Dec 2025 03:29:11 +0000 Subject: [PATCH 01/48] Bump actions/upload-artifact from 5 to 6 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5 to 6. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/airgap.yaml | 2 +- .github/workflows/build-k3s.yaml | 2 +- .github/workflows/e2e.yaml | 4 ++-- .github/workflows/integration.yaml | 2 +- .github/workflows/scorecard.yml | 2 +- .github/workflows/trivy-scan.yml | 2 +- .github/workflows/trivy-trigger.yml | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/airgap.yaml b/.github/workflows/airgap.yaml index 5ae22c56a8f5..8e622080ac45 100644 --- a/.github/workflows/airgap.yaml +++ b/.github/workflows/airgap.yaml @@ -40,7 +40,7 @@ jobs: ./scripts/package-airgap ${{ matrix.arch }} - name: Upload Artifacts - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: images-${{ matrix.arch }} path: dist/artifacts/k3s-airgap-images-${{ matrix.arch }}.* diff --git a/.github/workflows/build-k3s.yaml b/.github/workflows/build-k3s.yaml index 4551a13a49e3..eeef200cc744 100644 --- a/.github/workflows/build-k3s.yaml +++ b/.github/workflows/build-k3s.yaml @@ -128,7 +128,7 @@ jobs: mv ./build/out/data-linux.tar.zst ./dist/artifacts/data-linux${{ env.ARCH_EXT }}.tar.zst - name: "Upload K3s Artifacts" - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: k3s${{ env.ARCH_EXT }} path: dist/artifacts/ diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 5cbd83d61b82..eda3a1ea67c8 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -118,7 +118,7 @@ jobs: cd tests/e2e/${{ matrix.etest }} go test -timeout=45m ./${{ matrix.etest }}_test.go -test.v -ginkgo.v -ci -local - name: On Failure, Upload Journald Logs - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 if: ${{ failure() }} with: name: e2e-${{ matrix.etest }}-logs @@ -156,7 +156,7 @@ jobs: mkdir -p ./dist/artifacts go test -c -ldflags="-w -s" -o ./dist/artifacts ./tests/docker/... - name: Upload Go Tests - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: docker-go-tests-${{ matrix.arch }} path: ./dist/artifacts/*.test diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml index 509a5c243301..64feb06b4060 100644 --- a/.github/workflows/integration.yaml +++ b/.github/workflows/integration.yaml @@ -65,7 +65,7 @@ jobs: cd tests/integration/${{ matrix.itest }} sudo -E env "PATH=$PATH" go test -timeout=45m ./... -run Integration -ginkgo.v -test.v - name: On Failure, Upload Logs - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 if: ${{ failure() }} with: name: integration-${{ matrix.itest }}-logs diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index bfa61932613e..26e98545eb99 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -64,7 +64,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: SARIF file path: results.sarif diff --git a/.github/workflows/trivy-scan.yml b/.github/workflows/trivy-scan.yml index c95e3ecc9c9a..667e75bf4d77 100644 --- a/.github/workflows/trivy-scan.yml +++ b/.github/workflows/trivy-scan.yml @@ -69,7 +69,7 @@ jobs: TRIVY_SHOW_SUPPRESSED: true - name: Upload Trivy Report - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: trivy-report path: trivy-report.txt diff --git a/.github/workflows/trivy-trigger.yml b/.github/workflows/trivy-trigger.yml index a7d35a365559..f58652abdd44 100644 --- a/.github/workflows/trivy-trigger.yml +++ b/.github/workflows/trivy-trigger.yml @@ -61,7 +61,7 @@ jobs: mv k3s.tar pr-context/k3s.tar - name: Upload PR context artifact - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: pr-context-for-scan path: pr-context/ From 16de711ff2fb7be750e8474b2c4324583584c3b6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Dec 2025 09:22:56 -0800 Subject: [PATCH 02/48] Bump actions/download-artifact from 6 to 7 (#13346) Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 6 to 7. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v6...v7) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit eb443b417949c5d0a50f73d474f3958c74ff16a8) Signed-off-by: Brad Davidson --- .github/workflows/e2e.yaml | 6 +++--- .github/workflows/install.yaml | 2 +- .github/workflows/integration.yaml | 4 ++-- .github/workflows/trivy-scan.yml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index eda3a1ea67c8..d4569bc39f45 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -88,7 +88,7 @@ jobs: curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl - name: "Download k3s binary" - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v7 with: name: k3s-amd64 path: ./dist/artifacts @@ -205,7 +205,7 @@ jobs: - name: Checkout uses: actions/checkout@v6 - name: "Download K3s image" - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v7 with: name: k3s-${{ matrix.arch }} path: ./dist/artifacts @@ -225,7 +225,7 @@ jobs: IMAGE_TAG=$(docker image ls --format '{{.Repository}}:{{.Tag}}' | grep 'rancher/k3s') echo "K3S_IMAGE=$IMAGE_TAG" >> $GITHUB_ENV - name: Download Go Tests - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v7 with: name: docker-go-tests-${{ matrix.arch }} path: ./dist/artifacts diff --git a/.github/workflows/install.yaml b/.github/workflows/install.yaml index 8b0795f02bab..b0763c1c530c 100644 --- a/.github/workflows/install.yaml +++ b/.github/workflows/install.yaml @@ -52,7 +52,7 @@ jobs: - name: "Vagrant Plugin(s)" run: vagrant plugin install vagrant-k3s vagrant-reload vagrant-scp - name: "Download k3s binary" - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v7 with: name: k3s-amd64 path: tests/install/${{ matrix.vm }} diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml index 64feb06b4060..4ddf975c8b75 100644 --- a/.github/workflows/integration.yaml +++ b/.github/workflows/integration.yaml @@ -54,7 +54,7 @@ jobs: - name: Install Go uses: ./.github/actions/setup-go - name: "Download k3s binary" - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v7 with: name: k3s-amd64 path: ./dist/artifacts @@ -100,7 +100,7 @@ jobs: - name: Install Go uses: ./.github/actions/setup-go - name: Download k3s binary - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v7 with: name: k3s-windows path: dist/artifacts/ diff --git a/.github/workflows/trivy-scan.yml b/.github/workflows/trivy-scan.yml index 667e75bf4d77..d95869f43fbc 100644 --- a/.github/workflows/trivy-scan.yml +++ b/.github/workflows/trivy-scan.yml @@ -85,7 +85,7 @@ jobs: steps: - name: Download Trivy Report artifact - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v7 if: needs.trivy_scan.result == 'success' with: name: trivy-report From 001a7cd512c11cbadbfb3d0a12498392a2b459fb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Jan 2026 09:41:31 -0800 Subject: [PATCH 03/48] Bump actions/cache from 4 to 5 (#13347) Bumps [actions/cache](https://github.com/actions/cache) from 4 to 5. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/cache dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit 8e416186d7ab3ba224f48e6fda975d21137ef0da) Signed-off-by: Brad Davidson --- .github/workflows/e2e.yaml | 4 ++-- .github/workflows/install.yaml | 2 +- .github/workflows/nightly-install.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index d4569bc39f45..bf5bd5cc41a4 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -67,14 +67,14 @@ jobs: uses: ./.github/actions/vagrant-setup - name: Vagrant R/W Cache if: matrix.etest != 'btrfs' && github.ref == 'refs/heads/main' - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.vagrant.d/boxes key: ${{ matrix.etest != 'btrfs' && 'vagrant-box-ubuntu-2404' || 'vagrant-box-leap' }} - name: Vagrant Read Cache if: matrix.etest != 'btrfs' && github.ref != 'refs/heads/main' - uses: actions/cache/restore@v4 + uses: actions/cache/restore@v5 with: path: | ~/.vagrant.d/boxes diff --git a/.github/workflows/install.yaml b/.github/workflows/install.yaml index b0763c1c530c..0e5e4251162d 100644 --- a/.github/workflows/install.yaml +++ b/.github/workflows/install.yaml @@ -44,7 +44,7 @@ jobs: - name: Set up vagrant and libvirt uses: ./.github/actions/vagrant-setup - name: "Vagrant Cache" - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.vagrant.d/boxes diff --git a/.github/workflows/nightly-install.yaml b/.github/workflows/nightly-install.yaml index 32b459a39f14..11f79f370b63 100644 --- a/.github/workflows/nightly-install.yaml +++ b/.github/workflows/nightly-install.yaml @@ -30,7 +30,7 @@ jobs: - name: Set up vagrant and libvirt uses: ./.github/actions/vagrant-setup - name: "Vagrant Cache" - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: | ~/.vagrant.d/boxes From aade45239e22c62b6b8e86691b848e9a62a7aad4 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Fri, 12 Dec 2025 01:06:39 +0000 Subject: [PATCH 04/48] Bump golangci-lint for go1.25 Signed-off-by: Brad Davidson (cherry picked from commit 2d313a6f7209211d720835cdbe5acd45755cb1c9) Signed-off-by: Brad Davidson --- .golangci.json | 46 ------------------------------------------- .golangci.yml | 50 +++++++++++++++++++++++++++++++++++++++++++++++ Dockerfile.dapper | 4 ++-- Dockerfile.local | 4 ++-- scripts/validate | 12 +++++------- 5 files changed, 59 insertions(+), 57 deletions(-) delete mode 100644 .golangci.json create mode 100644 .golangci.yml diff --git a/.golangci.json b/.golangci.json deleted file mode 100644 index 28a4b5daf003..000000000000 --- a/.golangci.json +++ /dev/null @@ -1,46 +0,0 @@ -{ - "linters": { - "disable-all": true, - "enable": [ - "govet", - "revive", - "goimports", - "misspell", - "gofmt" - ] - }, - "run": { - "deadline": "5m" - }, - "issues": { - "exclude-dirs": [ - "build", - "contrib", - "manifests", - "package", - "scripts", - "vendor" - ], - "exclude-files": [ - "/zz_generated_" - ], - "exclude-rules": [ - { - "linters": "typecheck", - "text": "imported but not used" - }, - { - "linters": "typecheck", - "text": "build constraints exclude all Go files" - }, - { - "linters": "revive", - "text": "should have comment" - }, - { - "linters": "revive", - "text": "exported" - } - ] - } -} diff --git a/.golangci.yml b/.golangci.yml new file mode 100644 index 000000000000..c024faebc88c --- /dev/null +++ b/.golangci.yml @@ -0,0 +1,50 @@ +formatters: + enable: + - gofmt + - goimports + exclusions: + generated: lax + paths: + - third_party$ + - builtin$ + - examples$ +linters: + default: none + enable: + - govet + - revive + settings: + revive: + enable-all-rules: true + rules: + - {name: add-constant, disabled: true} + - {name: cognitive-complexity, disabled: true} + - {name: confusing-naming, disabled: true} + - {name: confusing-results, disabled: true} + - {name: cyclomatic, disabled: true} + - {name: early-return, disabled: true} + - {name: enforce-switch-style, disabled: true} + - {name: flag-parameter, disabled: true} + - {name: function-length, disabled: true} + - {name: function-result-limit, disabled: true} + - {name: import-shadowing, disabled: true} + - {name: line-length-limit, disabled: true} + - {name: redundant-import-alias, disabled: true} + - {name: max-control-nesting, disabled: true} + - {name: max-public-structs, disabled: true} + - {name: unused-parameter, disabled: true} + - {name: unused-receiver, disabled: true} + - {name: var-naming, disabled: true} + exclusions: + generated: lax + paths: + - third_party$ + - builtin$ + - examples$ + - tests/ + presets: + - comments + - common-false-positives + - legacy + - std-error-handling +version: "2" diff --git a/Dockerfile.dapper b/Dockerfile.dapper index 498114f8dd5a..0511b6d6950d 100644 --- a/Dockerfile.dapper +++ b/Dockerfile.dapper @@ -28,14 +28,14 @@ RUN case "$(go env GOARCH)" in \ fi # Install goimports -RUN GOPROXY=direct go install golang.org/x/tools/cmd/goimports@gopls/v0.16.0 +RUN GOPROXY=direct go install golang.org/x/tools/cmd/goimports@gopls/v0.20.0 # Cleanup RUN rm -rf /go/src /go/pkg # Install golangci-lint for amd64 RUN if [ "$(go env GOARCH)" = "amd64" ]; then \ - curl -sL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.55.2; \ + curl -sL https://raw.githubusercontent.com/golangci/golangci-lint/refs/tags/v2.7.2/install.sh | sh -s -- v2.7.2; \ fi # Set SELINUX environment variable diff --git a/Dockerfile.local b/Dockerfile.local index 2ca3e4ed9c59..1a4e242d8608 100644 --- a/Dockerfile.local +++ b/Dockerfile.local @@ -11,11 +11,11 @@ RUN apk -U --no-cache add bash git gcc musl-dev docker vim less file curl wget c fi # Install goimports -RUN GOPROXY=direct go install golang.org/x/tools/cmd/goimports@gopls/v0.16.0 +RUN GOPROXY=direct go install golang.org/x/tools/cmd/goimports@gopls/v0.20.0 RUN rm -rf /go/src /go/pkg RUN if [ "$(go env GOARCH)" = "amd64" ]; then \ - curl -sL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.51.2; \ + curl -sL https://raw.githubusercontent.com/golangci/golangci-lint/refs/tags/v2.7.2/install.sh | sh -s -- v2.7.2; \ fi ARG SELINUX=true diff --git a/scripts/validate b/scripts/validate index b879db309d04..d5708d5f9b08 100755 --- a/scripts/validate +++ b/scripts/validate @@ -1,6 +1,8 @@ #!/bin/bash set -e +export GIT_PAGER=cat + if [ -n "$SKIP_VALIDATE" ]; then echo Skipping validation exit @@ -38,11 +40,7 @@ if [ ! -e build/data ];then mkdir -p build/data fi -if ! command -v golangci-lint; then - echo Skipping validation: no golangci-lint available - exit +if [ -z "$SKIP_LINT" ] && command -v golangci-lint; then + echo Running: golangci-lint + golangci-lint run --timeout=5m fi - -#echo Running: golangci-lint -## https://github.com/golangci/golangci-lint/issues/2788 -#CGO_ENABLED=0 golangci-lint run -v From 0bd1e128f0a116d00f20d929223c9714ae5df098 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Fri, 12 Dec 2025 22:44:21 +0000 Subject: [PATCH 05/48] Add lint/validate job `make validate` use to run in drone, move it into GHA Signed-off-by: Brad Davidson (cherry picked from commit 900f6cfe8d8be252fdaeac4a71a8e50dc279f166) Signed-off-by: Brad Davidson --- .github/workflows/validate.yaml | 63 +++++++++++++++++++++++++++++++++ .golangci.yml | 8 ++++- 2 files changed, 70 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/validate.yaml diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml new file mode 100644 index 000000000000..9f537b83e939 --- /dev/null +++ b/.github/workflows/validate.yaml @@ -0,0 +1,63 @@ +name: Validate +on: + pull_request: + paths-ignore: + - "**.md" + - "channel.yaml" + - "install.sh" + - "tests/**" + - "!tests/e2e**" + - "!tests/docker**" + - ".github/**" + - "!.github/actions/**" + - "!.github/workflows/validate.yaml" + +permissions: + contents: read + +jobs: + validate: + name: Validate + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v6 + with: + fetch-depth: ${{ github.event.pull_request.commits }} + + - name: Set Go Version + run: | + source ./scripts/version.sh + { + echo "GOTOOLCHAIN=${VERSION_GOLANG/go}" + } >> "$GITHUB_ENV" + + - name: Setup Go + uses: actions/setup-go@v6 + with: + go-version: "${{ env.GOTOOLCHAIN }}" + + - name: Lint + uses: golangci/golangci-lint-action@v9 + with: + version: v2.7 + args: "--new-from-merge-base ${{ github.event.pull_request.base.sha }}" + + - name: Lint (windows) + uses: golangci/golangci-lint-action@v9 + with: + version: v2.7 + args: "--new-from-merge-base ${{ github.event.pull_request.base.sha }} ./pkg/... ./cmd/..." + env: + GOOS: "windows" + + - name: Validate + run: ./scripts/validate + env: + SKIP_LINT: "true" + + - name: Validate (windows) + run: ./scripts/validate + env: + SKIP_LINT: "true" + GOOS: "windows" diff --git a/.golangci.yml b/.golangci.yml index c024faebc88c..31f748c17cea 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,3 +1,6 @@ +issues: + max-issues-per-linter: 1000 + max-same-issues: 100 formatters: enable: - gofmt @@ -18,20 +21,23 @@ linters: enable-all-rules: true rules: - {name: add-constant, disabled: true} + - {name: argument-limit, disabled: true} - {name: cognitive-complexity, disabled: true} - {name: confusing-naming, disabled: true} - {name: confusing-results, disabled: true} - {name: cyclomatic, disabled: true} - {name: early-return, disabled: true} + - {name: empty-block, disabled: true} - {name: enforce-switch-style, disabled: true} - {name: flag-parameter, disabled: true} - {name: function-length, disabled: true} - {name: function-result-limit, disabled: true} - {name: import-shadowing, disabled: true} - {name: line-length-limit, disabled: true} - - {name: redundant-import-alias, disabled: true} - {name: max-control-nesting, disabled: true} - {name: max-public-structs, disabled: true} + - {name: redundant-import-alias, disabled: true} + - {name: unsecure-url-scheme, disabled: true} - {name: unused-parameter, disabled: true} - {name: unused-receiver, disabled: true} - {name: var-naming, disabled: true} From 8b03bed28e34d3f9dfd7eff130269616ad514b66 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Mon, 15 Dec 2025 21:55:50 +0000 Subject: [PATCH 06/48] lint: file is not properly formatted Signed-off-by: Brad Davidson (cherry picked from commit 8086d7cb255262933256e664e3ff2ec0edd5b614) Signed-off-by: Brad Davidson --- pkg/vpn/vpn.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/vpn/vpn.go b/pkg/vpn/vpn.go index 39d2611bf6b8..e571d73b19e9 100644 --- a/pkg/vpn/vpn.go +++ b/pkg/vpn/vpn.go @@ -21,7 +21,7 @@ const ( type TailscaleOutput struct { TailscaleIPs []string `json:"TailscaleIPs"` - BackendState string `json:"BackendState"` + BackendState string `json:"BackendState"` } type TailscalePrefsOutput struct { From 35751e24832aeb11c484039e2000466cc4bfdb26 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Mon, 15 Dec 2025 22:11:17 +0000 Subject: [PATCH 07/48] lint: redundant-build-tag Signed-off-by: Brad Davidson (cherry picked from commit 316464975e19398ec64dcb30e67d1f31fd9c3fbb) Signed-off-by: Brad Davidson --- cmd/k3s/main_linux.go | 1 - cmd/k3s/main_windows.go | 1 - pkg/agent/config/config_linux.go | 1 - pkg/agent/config/config_linux_test.go | 1 - pkg/agent/config/config_windows.go | 1 - pkg/agent/containerd/config_linux.go | 1 - pkg/agent/containerd/config_windows.go | 1 - pkg/agent/containerd/runtimes.go | 1 - pkg/agent/containerd/runtimes_test.go | 1 - pkg/agent/cri/cri_linux.go | 1 - pkg/agent/cri/cri_windows.go | 1 - pkg/agent/cridockerd/config_linux.go | 1 - pkg/agent/cridockerd/config_windows.go | 1 - pkg/agent/cridockerd/cridockerd.go | 1 - pkg/agent/cridockerd/nocridockerd.go | 1 - pkg/agent/flannel/setup_linux.go | 1 - pkg/agent/flannel/setup_windows.go | 1 - pkg/agent/loadbalancer/utility_windows.go | 1 - pkg/agent/netpol/netpol.go | 1 - pkg/agent/run_linux.go | 1 - pkg/agent/run_windows.go | 1 - pkg/agent/templates/templates_windows.go | 1 - pkg/cgroups/cgroups_linux.go | 1 - pkg/cgroups/cgroups_windows.go | 1 - pkg/cli/cmds/const_windows.go | 1 - pkg/cli/cmds/init_default.go | 1 - pkg/cli/cmds/log_default.go | 1 - pkg/cli/cmds/log_linux.go | 1 - pkg/cli/cmds/nostage.go | 1 - pkg/clientaccess/token_linux_test.go | 1 - pkg/containerd/builtins.go | 1 - pkg/containerd/builtins_cri.go | 1 - pkg/containerd/builtins_linux.go | 1 - pkg/containerd/builtins_windows.go | 1 - pkg/containerd/main.go | 1 - pkg/containerd/utility_windows.go | 1 - pkg/daemons/agent/agent_linux.go | 1 - pkg/daemons/agent/agent_windows.go | 1 - pkg/deploy/nostage.go | 1 - pkg/deploy/stage.go | 1 - pkg/etcd/etcd_linux_test.go | 1 - pkg/executor/embed/embed.go | 1 - pkg/executor/embed/embed_linux.go | 1 - pkg/executor/embed/embed_windows.go | 1 - pkg/flock/flock_other.go | 1 - pkg/proctitle/proctile.go | 1 - pkg/proctitle/proctile_windows.go | 1 - pkg/rootless/mounts.go | 1 - pkg/rootless/portdriver.go | 1 - pkg/rootless/rootless.go | 1 - pkg/rootlessports/controller.go | 1 - pkg/signals/signals_posix.go | 1 - pkg/signals/signals_windows.go | 1 - pkg/static/nostage.go | 1 - pkg/static/stage.go | 1 - pkg/util/net_unix.go | 1 - pkg/util/net_windows.go | 1 - pkg/util/permissions/permissions_others.go | 1 - pkg/util/permissions/permissions_windows.go | 1 - 59 files changed, 59 deletions(-) diff --git a/cmd/k3s/main_linux.go b/cmd/k3s/main_linux.go index bc427498caef..21247bfb3728 100644 --- a/cmd/k3s/main_linux.go +++ b/cmd/k3s/main_linux.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux package main diff --git a/cmd/k3s/main_windows.go b/cmd/k3s/main_windows.go index cefca3c91e67..876b13fe4672 100644 --- a/cmd/k3s/main_windows.go +++ b/cmd/k3s/main_windows.go @@ -1,5 +1,4 @@ //go:build windows -// +build windows package main diff --git a/pkg/agent/config/config_linux.go b/pkg/agent/config/config_linux.go index 34d8216c033f..4f4a227dd18a 100644 --- a/pkg/agent/config/config_linux.go +++ b/pkg/agent/config/config_linux.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux package config diff --git a/pkg/agent/config/config_linux_test.go b/pkg/agent/config/config_linux_test.go index 868304fcb86c..bfb0b4048f53 100644 --- a/pkg/agent/config/config_linux_test.go +++ b/pkg/agent/config/config_linux_test.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux package config diff --git a/pkg/agent/config/config_windows.go b/pkg/agent/config/config_windows.go index 03f16f4d654c..65a0cf060f17 100644 --- a/pkg/agent/config/config_windows.go +++ b/pkg/agent/config/config_windows.go @@ -1,5 +1,4 @@ //go:build windows -// +build windows package config diff --git a/pkg/agent/containerd/config_linux.go b/pkg/agent/containerd/config_linux.go index 0ef89e5e33f7..7a34ad7bb3bd 100644 --- a/pkg/agent/containerd/config_linux.go +++ b/pkg/agent/containerd/config_linux.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux package containerd diff --git a/pkg/agent/containerd/config_windows.go b/pkg/agent/containerd/config_windows.go index 5935de31c103..6e5ebcdf6ac8 100644 --- a/pkg/agent/containerd/config_windows.go +++ b/pkg/agent/containerd/config_windows.go @@ -1,5 +1,4 @@ //go:build windows -// +build windows package containerd diff --git a/pkg/agent/containerd/runtimes.go b/pkg/agent/containerd/runtimes.go index ca0a225c5b50..d96ad88ee087 100644 --- a/pkg/agent/containerd/runtimes.go +++ b/pkg/agent/containerd/runtimes.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux package containerd diff --git a/pkg/agent/containerd/runtimes_test.go b/pkg/agent/containerd/runtimes_test.go index f388b13f71e4..8f5310384b42 100644 --- a/pkg/agent/containerd/runtimes_test.go +++ b/pkg/agent/containerd/runtimes_test.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux package containerd diff --git a/pkg/agent/cri/cri_linux.go b/pkg/agent/cri/cri_linux.go index d6e3387d584d..8757ac46aca8 100644 --- a/pkg/agent/cri/cri_linux.go +++ b/pkg/agent/cri/cri_linux.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux package cri diff --git a/pkg/agent/cri/cri_windows.go b/pkg/agent/cri/cri_windows.go index 5eaff1c8a84f..0fe294a63538 100644 --- a/pkg/agent/cri/cri_windows.go +++ b/pkg/agent/cri/cri_windows.go @@ -1,5 +1,4 @@ //go:build windows -// +build windows package cri diff --git a/pkg/agent/cridockerd/config_linux.go b/pkg/agent/cridockerd/config_linux.go index e50ec3c462a5..b49ed87cd9bc 100644 --- a/pkg/agent/cridockerd/config_linux.go +++ b/pkg/agent/cridockerd/config_linux.go @@ -1,5 +1,4 @@ //go:build linux && !no_cri_dockerd -// +build linux,!no_cri_dockerd package cridockerd diff --git a/pkg/agent/cridockerd/config_windows.go b/pkg/agent/cridockerd/config_windows.go index 3630c26eae15..86b146b3fdd3 100644 --- a/pkg/agent/cridockerd/config_windows.go +++ b/pkg/agent/cridockerd/config_windows.go @@ -1,5 +1,4 @@ //go:build windows && !no_cri_dockerd -// +build windows,!no_cri_dockerd package cridockerd diff --git a/pkg/agent/cridockerd/cridockerd.go b/pkg/agent/cridockerd/cridockerd.go index d528d0c1e8b5..46bb9df29da6 100644 --- a/pkg/agent/cridockerd/cridockerd.go +++ b/pkg/agent/cridockerd/cridockerd.go @@ -1,5 +1,4 @@ //go:build !no_cri_dockerd -// +build !no_cri_dockerd package cridockerd diff --git a/pkg/agent/cridockerd/nocridockerd.go b/pkg/agent/cridockerd/nocridockerd.go index ba244743e3ab..a9cb1b777223 100644 --- a/pkg/agent/cridockerd/nocridockerd.go +++ b/pkg/agent/cridockerd/nocridockerd.go @@ -1,5 +1,4 @@ //go:build no_cri_dockerd -// +build no_cri_dockerd package cridockerd diff --git a/pkg/agent/flannel/setup_linux.go b/pkg/agent/flannel/setup_linux.go index 36404a01c68f..6bddf24dd59d 100644 --- a/pkg/agent/flannel/setup_linux.go +++ b/pkg/agent/flannel/setup_linux.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux package flannel diff --git a/pkg/agent/flannel/setup_windows.go b/pkg/agent/flannel/setup_windows.go index 7b9c513cd364..83106105c747 100644 --- a/pkg/agent/flannel/setup_windows.go +++ b/pkg/agent/flannel/setup_windows.go @@ -1,5 +1,4 @@ //go:build windows -// +build windows package flannel diff --git a/pkg/agent/loadbalancer/utility_windows.go b/pkg/agent/loadbalancer/utility_windows.go index 60fe130434e4..8e3d18027a6d 100644 --- a/pkg/agent/loadbalancer/utility_windows.go +++ b/pkg/agent/loadbalancer/utility_windows.go @@ -1,5 +1,4 @@ //go:build windows -// +build windows package loadbalancer diff --git a/pkg/agent/netpol/netpol.go b/pkg/agent/netpol/netpol.go index d057c0cc0dfd..854e2b0b52f5 100644 --- a/pkg/agent/netpol/netpol.go +++ b/pkg/agent/netpol/netpol.go @@ -2,7 +2,6 @@ // - modified from https://github.com/cloudnativelabs/kube-router/blob/73b1b03b32c5755b240f6c077bb097abe3888314/pkg/controllers/netpol.go //go:build !windows -// +build !windows package netpol diff --git a/pkg/agent/run_linux.go b/pkg/agent/run_linux.go index 32aa9dd92c52..5858cecd74c9 100644 --- a/pkg/agent/run_linux.go +++ b/pkg/agent/run_linux.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux package agent diff --git a/pkg/agent/run_windows.go b/pkg/agent/run_windows.go index e2ff62298394..686b76857239 100644 --- a/pkg/agent/run_windows.go +++ b/pkg/agent/run_windows.go @@ -1,5 +1,4 @@ //go:build windows -// +build windows package agent diff --git a/pkg/agent/templates/templates_windows.go b/pkg/agent/templates/templates_windows.go index d3338a983add..34857968d433 100644 --- a/pkg/agent/templates/templates_windows.go +++ b/pkg/agent/templates/templates_windows.go @@ -1,5 +1,4 @@ //go:build windows -// +build windows package templates diff --git a/pkg/cgroups/cgroups_linux.go b/pkg/cgroups/cgroups_linux.go index 5b2f684b6584..e2ff531ea1f9 100644 --- a/pkg/cgroups/cgroups_linux.go +++ b/pkg/cgroups/cgroups_linux.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux package cgroups diff --git a/pkg/cgroups/cgroups_windows.go b/pkg/cgroups/cgroups_windows.go index b38ba9fb6a3a..ae24e3ab1981 100644 --- a/pkg/cgroups/cgroups_windows.go +++ b/pkg/cgroups/cgroups_windows.go @@ -1,5 +1,4 @@ //go:build windows -// +build windows package cgroups diff --git a/pkg/cli/cmds/const_windows.go b/pkg/cli/cmds/const_windows.go index 2d05392cdd42..dffdd63e80c5 100644 --- a/pkg/cli/cmds/const_windows.go +++ b/pkg/cli/cmds/const_windows.go @@ -1,5 +1,4 @@ //go:build windows -// +build windows package cmds diff --git a/pkg/cli/cmds/init_default.go b/pkg/cli/cmds/init_default.go index 283e18b960e0..3e793079d9ff 100644 --- a/pkg/cli/cmds/init_default.go +++ b/pkg/cli/cmds/init_default.go @@ -1,5 +1,4 @@ //go:build !linux || !cgo -// +build !linux !cgo package cmds diff --git a/pkg/cli/cmds/log_default.go b/pkg/cli/cmds/log_default.go index bafcda915699..abe58425bc21 100644 --- a/pkg/cli/cmds/log_default.go +++ b/pkg/cli/cmds/log_default.go @@ -1,5 +1,4 @@ //go:build !linux || !cgo -// +build !linux !cgo package cmds diff --git a/pkg/cli/cmds/log_linux.go b/pkg/cli/cmds/log_linux.go index 8a6bcb027b84..4d42e72b3923 100644 --- a/pkg/cli/cmds/log_linux.go +++ b/pkg/cli/cmds/log_linux.go @@ -1,5 +1,4 @@ //go:build linux && cgo -// +build linux,cgo package cmds diff --git a/pkg/cli/cmds/nostage.go b/pkg/cli/cmds/nostage.go index bb9f1b9f0884..d6899e86f703 100644 --- a/pkg/cli/cmds/nostage.go +++ b/pkg/cli/cmds/nostage.go @@ -1,5 +1,4 @@ //go:build no_stage -// +build no_stage package cmds diff --git a/pkg/clientaccess/token_linux_test.go b/pkg/clientaccess/token_linux_test.go index 9334e89bb16a..e4568fdc14e2 100644 --- a/pkg/clientaccess/token_linux_test.go +++ b/pkg/clientaccess/token_linux_test.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux package clientaccess diff --git a/pkg/containerd/builtins.go b/pkg/containerd/builtins.go index bbad23a0aa84..24d83f3b448e 100644 --- a/pkg/containerd/builtins.go +++ b/pkg/containerd/builtins.go @@ -1,5 +1,4 @@ //go:build ctrd -// +build ctrd /* Copyright The containerd Authors. diff --git a/pkg/containerd/builtins_cri.go b/pkg/containerd/builtins_cri.go index 1bbe3bf74c38..a28e4ba25553 100644 --- a/pkg/containerd/builtins_cri.go +++ b/pkg/containerd/builtins_cri.go @@ -1,5 +1,4 @@ //go:build ctrd -// +build ctrd /* Copyright The containerd Authors. diff --git a/pkg/containerd/builtins_linux.go b/pkg/containerd/builtins_linux.go index ff31fa41e1d2..c238899a884a 100644 --- a/pkg/containerd/builtins_linux.go +++ b/pkg/containerd/builtins_linux.go @@ -1,5 +1,4 @@ //go:build ctrd -// +build ctrd /* Copyright The containerd Authors. diff --git a/pkg/containerd/builtins_windows.go b/pkg/containerd/builtins_windows.go index 401993f216a5..c2a2947f375a 100644 --- a/pkg/containerd/builtins_windows.go +++ b/pkg/containerd/builtins_windows.go @@ -1,5 +1,4 @@ //go:build ctrd -// +build ctrd /* Copyright The containerd Authors. diff --git a/pkg/containerd/main.go b/pkg/containerd/main.go index eff2e865c73d..762ec98ee4df 100644 --- a/pkg/containerd/main.go +++ b/pkg/containerd/main.go @@ -1,5 +1,4 @@ //go:build ctrd -// +build ctrd package containerd diff --git a/pkg/containerd/utility_windows.go b/pkg/containerd/utility_windows.go index ecb741b98fa8..3c26e2295a00 100644 --- a/pkg/containerd/utility_windows.go +++ b/pkg/containerd/utility_windows.go @@ -1,5 +1,4 @@ //go:build windows -// +build windows package containerd diff --git a/pkg/daemons/agent/agent_linux.go b/pkg/daemons/agent/agent_linux.go index 560ae28ca882..0c6dadc75607 100644 --- a/pkg/daemons/agent/agent_linux.go +++ b/pkg/daemons/agent/agent_linux.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux package agent diff --git a/pkg/daemons/agent/agent_windows.go b/pkg/daemons/agent/agent_windows.go index ec0f0d9f571c..ff2fa4856ca7 100644 --- a/pkg/daemons/agent/agent_windows.go +++ b/pkg/daemons/agent/agent_windows.go @@ -1,5 +1,4 @@ //go:build windows -// +build windows package agent diff --git a/pkg/deploy/nostage.go b/pkg/deploy/nostage.go index 553d624c77f2..6542040b4bd0 100644 --- a/pkg/deploy/nostage.go +++ b/pkg/deploy/nostage.go @@ -1,5 +1,4 @@ //go:build no_stage -// +build no_stage package deploy diff --git a/pkg/deploy/stage.go b/pkg/deploy/stage.go index c7b458ccb9a1..937190a7ca9e 100644 --- a/pkg/deploy/stage.go +++ b/pkg/deploy/stage.go @@ -1,5 +1,4 @@ //go:build !no_stage -// +build !no_stage package deploy diff --git a/pkg/etcd/etcd_linux_test.go b/pkg/etcd/etcd_linux_test.go index 63b0a877062b..e61304506fe7 100644 --- a/pkg/etcd/etcd_linux_test.go +++ b/pkg/etcd/etcd_linux_test.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux package etcd diff --git a/pkg/executor/embed/embed.go b/pkg/executor/embed/embed.go index df6557541860..0e26fcc71e5e 100644 --- a/pkg/executor/embed/embed.go +++ b/pkg/executor/embed/embed.go @@ -1,5 +1,4 @@ //go:build !no_embedded_executor -// +build !no_embedded_executor package embed diff --git a/pkg/executor/embed/embed_linux.go b/pkg/executor/embed/embed_linux.go index a41449e32a19..4deeb1133ef0 100644 --- a/pkg/executor/embed/embed_linux.go +++ b/pkg/executor/embed/embed_linux.go @@ -1,5 +1,4 @@ //go:build linux && !no_embedded_executor -// +build linux,!no_embedded_executor package embed diff --git a/pkg/executor/embed/embed_windows.go b/pkg/executor/embed/embed_windows.go index cdd5e09d3238..30a8ec72d0c8 100644 --- a/pkg/executor/embed/embed_windows.go +++ b/pkg/executor/embed/embed_windows.go @@ -1,5 +1,4 @@ //go:build windows && !no_embedded_executor -// +build windows,!no_embedded_executor package embed diff --git a/pkg/flock/flock_other.go b/pkg/flock/flock_other.go index dfb7d03a6e3b..ac2af4a15f94 100644 --- a/pkg/flock/flock_other.go +++ b/pkg/flock/flock_other.go @@ -1,5 +1,4 @@ //go:build !linux && !darwin && !freebsd && !openbsd && !netbsd && !dragonfly -// +build !linux,!darwin,!freebsd,!openbsd,!netbsd,!dragonfly /* Copyright 2016 The Kubernetes Authors. diff --git a/pkg/proctitle/proctile.go b/pkg/proctitle/proctile.go index 178dfa9ef069..43cec6e232c4 100644 --- a/pkg/proctitle/proctile.go +++ b/pkg/proctitle/proctile.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux package proctitle diff --git a/pkg/proctitle/proctile_windows.go b/pkg/proctitle/proctile_windows.go index 9ade88241c7c..f34722c28775 100644 --- a/pkg/proctitle/proctile_windows.go +++ b/pkg/proctitle/proctile_windows.go @@ -1,5 +1,4 @@ //go:build windows -// +build windows package proctitle diff --git a/pkg/rootless/mounts.go b/pkg/rootless/mounts.go index 3dfcd6ed91a7..d17d1263efb8 100644 --- a/pkg/rootless/mounts.go +++ b/pkg/rootless/mounts.go @@ -1,5 +1,4 @@ //go:build !windows -// +build !windows package rootless diff --git a/pkg/rootless/portdriver.go b/pkg/rootless/portdriver.go index 9736ad878c43..5c4d95b5f7ee 100644 --- a/pkg/rootless/portdriver.go +++ b/pkg/rootless/portdriver.go @@ -1,5 +1,4 @@ //go:build !windows -// +build !windows package rootless diff --git a/pkg/rootless/rootless.go b/pkg/rootless/rootless.go index e4abb37c413e..a1931b5327f9 100644 --- a/pkg/rootless/rootless.go +++ b/pkg/rootless/rootless.go @@ -1,5 +1,4 @@ //go:build !windows -// +build !windows package rootless diff --git a/pkg/rootlessports/controller.go b/pkg/rootlessports/controller.go index a60aa7d2a00e..821799e2f808 100644 --- a/pkg/rootlessports/controller.go +++ b/pkg/rootlessports/controller.go @@ -1,5 +1,4 @@ //go:build !windows -// +build !windows package rootlessports diff --git a/pkg/signals/signals_posix.go b/pkg/signals/signals_posix.go index 489dfc0423a9..33cfbd233093 100644 --- a/pkg/signals/signals_posix.go +++ b/pkg/signals/signals_posix.go @@ -1,5 +1,4 @@ //go:build !windows -// +build !windows package signals diff --git a/pkg/signals/signals_windows.go b/pkg/signals/signals_windows.go index 027dc49d60b7..29ab33f0c5db 100644 --- a/pkg/signals/signals_windows.go +++ b/pkg/signals/signals_windows.go @@ -1,5 +1,4 @@ //go:build windows -// +build windows package signals diff --git a/pkg/static/nostage.go b/pkg/static/nostage.go index f3fc60490124..7c086e34d396 100644 --- a/pkg/static/nostage.go +++ b/pkg/static/nostage.go @@ -1,5 +1,4 @@ //go:build no_stage -// +build no_stage package static diff --git a/pkg/static/stage.go b/pkg/static/stage.go index 7f0836390806..303c4f6c7e38 100644 --- a/pkg/static/stage.go +++ b/pkg/static/stage.go @@ -1,5 +1,4 @@ //go:build !no_stage -// +build !no_stage package static diff --git a/pkg/util/net_unix.go b/pkg/util/net_unix.go index 521e577cd15c..cf3b35cb9140 100644 --- a/pkg/util/net_unix.go +++ b/pkg/util/net_unix.go @@ -1,5 +1,4 @@ //go:build !windows -// +build !windows package util diff --git a/pkg/util/net_windows.go b/pkg/util/net_windows.go index bb895c095a77..281cf6a3f4c1 100644 --- a/pkg/util/net_windows.go +++ b/pkg/util/net_windows.go @@ -1,5 +1,4 @@ //go:build windows -// +build windows package util diff --git a/pkg/util/permissions/permissions_others.go b/pkg/util/permissions/permissions_others.go index 3d43c323244a..e2d1ab1d4cbf 100644 --- a/pkg/util/permissions/permissions_others.go +++ b/pkg/util/permissions/permissions_others.go @@ -1,5 +1,4 @@ //go:build !windows -// +build !windows package permissions diff --git a/pkg/util/permissions/permissions_windows.go b/pkg/util/permissions/permissions_windows.go index df0e6988139f..03df43aba7d1 100644 --- a/pkg/util/permissions/permissions_windows.go +++ b/pkg/util/permissions/permissions_windows.go @@ -1,5 +1,4 @@ //go:build windows -// +build windows package permissions From 93b4662df2eafd51e85622f05c124052041c8988 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Mon, 15 Dec 2025 22:13:49 +0000 Subject: [PATCH 08/48] lint: use-any Signed-off-by: Brad Davidson (cherry picked from commit eee8234720c64bd013e2caaf05221ec4a2f4d99a) Signed-off-by: Brad Davidson --- pkg/agent/templates/templates.go | 4 ++-- pkg/agent/templates/templates_linux.go | 2 +- pkg/agent/templates/templates_windows.go | 2 +- pkg/bootstrap/bootstrap.go | 2 +- pkg/bootstrap/bootstrap_test.go | 2 +- pkg/cloudprovider/servicelb.go | 2 +- pkg/configfilearg/parser.go | 12 ++++++------ pkg/daemons/executor/executor.go | 2 +- pkg/nodepassword/nodepassword_test.go | 4 ++-- pkg/util/condition.go | 4 ++-- pkg/util/reflect.go | 2 +- 11 files changed, 19 insertions(+), 19 deletions(-) diff --git a/pkg/agent/templates/templates.go b/pkg/agent/templates/templates.go index 78260fb895d4..aadf6c0112eb 100644 --- a/pkg/agent/templates/templates.go +++ b/pkg/agent/templates/templates.go @@ -326,7 +326,7 @@ skip_verify = true {{ end -}} ` -func ParseTemplateFromConfig(userTemplate, baseTemplate string, config interface{}) (string, error) { +func ParseTemplateFromConfig(userTemplate, baseTemplate string, config any) (string, error) { out := new(bytes.Buffer) t := template.Must(template.New("compiled_template").Funcs(templateFuncs).Parse(userTemplate)) template.Must(t.New("base").Parse(baseTemplate)) @@ -336,7 +336,7 @@ func ParseTemplateFromConfig(userTemplate, baseTemplate string, config interface return trimEmpty(out) } -func ParseHostsTemplateFromConfig(userTemplate string, config interface{}) (string, error) { +func ParseHostsTemplateFromConfig(userTemplate string, config any) (string, error) { out := new(bytes.Buffer) t := template.Must(template.New("compiled_template").Funcs(templateFuncs).Parse(userTemplate)) if err := t.Execute(out, config); err != nil { diff --git a/pkg/agent/templates/templates_linux.go b/pkg/agent/templates/templates_linux.go index 912d12d7023a..bf302be6f5e4 100644 --- a/pkg/agent/templates/templates_linux.go +++ b/pkg/agent/templates/templates_linux.go @@ -12,7 +12,7 @@ var templateFuncs = template.FuncMap{ "deschemify": func(s string) string { return s }, - "toJson": func(v interface{}) string { + "toJson": func(v any) string { output, _ := json.Marshal(v) return string(output) }, diff --git a/pkg/agent/templates/templates_windows.go b/pkg/agent/templates/templates_windows.go index 34857968d433..300df300e3e6 100644 --- a/pkg/agent/templates/templates_windows.go +++ b/pkg/agent/templates/templates_windows.go @@ -21,7 +21,7 @@ var templateFuncs = template.FuncMap{ } return s }, - "toJson": func(v interface{}) string { + "toJson": func(v any) string { output, _ := json.Marshal(v) return string(output) }, diff --git a/pkg/bootstrap/bootstrap.go b/pkg/bootstrap/bootstrap.go index 756e0df80d3e..40b2a95dc28b 100644 --- a/pkg/bootstrap/bootstrap.go +++ b/pkg/bootstrap/bootstrap.go @@ -84,7 +84,7 @@ func WriteToDiskFromStorage(files PathsDataformat, bootstrap *config.ControlRunt return nil } -func ObjToMap(obj interface{}) (map[string]string, error) { +func ObjToMap(obj any) (map[string]string, error) { bytes, err := json.Marshal(obj) if err != nil { return nil, err diff --git a/pkg/bootstrap/bootstrap_test.go b/pkg/bootstrap/bootstrap_test.go index 96c66aee0179..ca0245ce6c03 100644 --- a/pkg/bootstrap/bootstrap_test.go +++ b/pkg/bootstrap/bootstrap_test.go @@ -8,7 +8,7 @@ import ( func TestObjToMap(t *testing.T) { type args struct { - obj interface{} + obj any } tests := []struct { name string diff --git a/pkg/cloudprovider/servicelb.go b/pkg/cloudprovider/servicelb.go index 76bbb634a444..732c2f4225fc 100644 --- a/pkg/cloudprovider/servicelb.go +++ b/pkg/cloudprovider/servicelb.go @@ -201,7 +201,7 @@ func (k *k3s) processNextWorkItem() bool { // processSingleItem processes a single item from the work queue, // requeueing it if the handler fails. -func (k *k3s) processSingleItem(obj interface{}) error { +func (k *k3s) processSingleItem(obj any) error { var ( key string ok bool diff --git a/pkg/configfilearg/parser.go b/pkg/configfilearg/parser.go index 6d86f2c0c71e..b54ac30439d3 100644 --- a/pkg/configfilearg/parser.go +++ b/pkg/configfilearg/parser.go @@ -263,7 +263,7 @@ func readConfigFile(file string) (result []string, _ error) { var ( keySeen = map[string]bool{} keyOrder []string - values = map[string]interface{}{} + values = map[string]any{} ) for _, file := range files { bytes, err := readConfigFileData(file) @@ -302,7 +302,7 @@ func readConfigFile(file string) (result []string, _ error) { prefix = "-" } - if slice, ok := v.([]interface{}); ok { + if slice, ok := v.([]any); ok { for _, v := range slice { result = append(result, prefix+k+"="+convert.ToString(v)) } @@ -315,18 +315,18 @@ func readConfigFile(file string) (result []string, _ error) { return } -func toSlice(v interface{}) []interface{} { +func toSlice(v any) []any { switch k := v.(type) { case string: - return []interface{}{k} - case []interface{}: + return []any{k} + case []any: return k default: str := strings.TrimSpace(convert.ToString(v)) if str == "" { return nil } - return []interface{}{str} + return []any{str} } } diff --git a/pkg/daemons/executor/executor.go b/pkg/daemons/executor/executor.go index 7d092e744d59..7e32efec3d8f 100644 --- a/pkg/daemons/executor/executor.go +++ b/pkg/daemons/executor/executor.go @@ -105,7 +105,7 @@ func (e ETCDConfig) ToConfigFile(extraArgs []string) (string, error) { } if len(extraArgs) > 0 { - var s map[string]interface{} + var s map[string]any if err := yaml2.Unmarshal(bytes, &s); err != nil { return "", err } diff --git a/pkg/nodepassword/nodepassword_test.go b/pkg/nodepassword/nodepassword_test.go index 360990cc7af5..4c7a82f5a9f3 100644 --- a/pkg/nodepassword/nodepassword_test.go +++ b/pkg/nodepassword/nodepassword_test.go @@ -30,13 +30,13 @@ func Test_PasswordError(t *testing.T) { // -------------------------- // utility functions -func assertEqual(t *testing.T, a interface{}, b interface{}) { +func assertEqual(t *testing.T, a any, b any) { if a != b { t.Fatalf("[ %v != %v ]", a, b) } } -func assertNotEqual(t *testing.T, a interface{}, b interface{}) { +func assertNotEqual(t *testing.T, a any, b any) { if a == b { t.Fatalf("[ %v == %v ]", a, b) } diff --git a/pkg/util/condition.go b/pkg/util/condition.go index 4aa7c7e7454f..2ad9ebc60a35 100644 --- a/pkg/util/condition.go +++ b/pkg/util/condition.go @@ -30,8 +30,8 @@ func SetNodeCondition(core config.CoreFactory, nodeName string, condition corev1 return ErrCoreNotReady } condition.LastHeartbeatTime = metav1.NewTime(time.Now()) - patch, err := json.Marshal(map[string]interface{}{ - "status": map[string]interface{}{ + patch, err := json.Marshal(map[string]any{ + "status": map[string]any{ "conditions": []corev1.NodeCondition{condition}, }, }) diff --git a/pkg/util/reflect.go b/pkg/util/reflect.go index 9530f02e9b46..758707e26664 100644 --- a/pkg/util/reflect.go +++ b/pkg/util/reflect.go @@ -5,6 +5,6 @@ import ( "runtime" ) -func GetFunctionName(i interface{}) string { +func GetFunctionName(i any) string { return runtime.FuncForPC(reflect.ValueOf(i).Pointer()).Name() } From d9392da705b3c7ae6e0296231c393c47dcd5f81c Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Mon, 15 Dec 2025 22:23:46 +0000 Subject: [PATCH 09/48] lint: dot-imports Signed-off-by: Brad Davidson (cherry picked from commit d9c4adc4cd5c42d5e3c51dca882b53a51489a94f) Signed-off-by: Brad Davidson --- pkg/agent/loadbalancer/loadbalancer_test.go | 2 ++ pkg/daemons/control/server_test.go | 1 + pkg/server/handlers/handlers_test.go | 4 +++- 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/pkg/agent/loadbalancer/loadbalancer_test.go b/pkg/agent/loadbalancer/loadbalancer_test.go index 69b4fca10cab..f78ef2cb5472 100644 --- a/pkg/agent/loadbalancer/loadbalancer_test.go +++ b/pkg/agent/loadbalancer/loadbalancer_test.go @@ -10,8 +10,10 @@ import ( "testing" "time" + //revive:disable:dot-imports . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" + "github.com/sirupsen/logrus" ) diff --git a/pkg/daemons/control/server_test.go b/pkg/daemons/control/server_test.go index 7bcb483ad8e8..4c248a0153ba 100644 --- a/pkg/daemons/control/server_test.go +++ b/pkg/daemons/control/server_test.go @@ -8,6 +8,7 @@ import ( "testing" "time" + //revive:disable:dot-imports . "github.com/onsi/gomega" "github.com/k3s-io/k3s/pkg/cli/cmds" diff --git a/pkg/server/handlers/handlers_test.go b/pkg/server/handlers/handlers_test.go index 0589bbe27918..248e0b829797 100644 --- a/pkg/server/handlers/handlers_test.go +++ b/pkg/server/handlers/handlers_test.go @@ -18,6 +18,9 @@ import ( "path/filepath" "testing" + //revive:disable:dot-imports + . "github.com/onsi/gomega" + "github.com/k3s-io/k3s/pkg/authenticator" "github.com/k3s-io/k3s/pkg/cli/cmds" "github.com/k3s-io/k3s/pkg/daemons/config" @@ -27,7 +30,6 @@ import ( "github.com/k3s-io/k3s/pkg/version" testutil "github.com/k3s-io/k3s/tests" "github.com/k3s-io/k3s/tests/mock" - . "github.com/onsi/gomega" "github.com/onsi/gomega/types" certutil "github.com/rancher/dynamiclistener/cert" "github.com/sirupsen/logrus" From fcc16b370be50165758ec285ec89b9c7ff942438 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Mon, 15 Dec 2025 22:35:10 +0000 Subject: [PATCH 10/48] lint: comment-spacings Signed-off-by: Brad Davidson (cherry picked from commit 5bf4dc7548ddb07e8aaa34ca771ebfa5053bbcd5) Signed-off-by: Brad Davidson --- pkg/agent/flannel/flannel.go | 8 ++++---- pkg/cli/server/server.go | 2 +- pkg/configfilearg/parser.go | 2 +- pkg/server/handlers/handlers_test.go | 26 +++++++++++++------------- 4 files changed, 19 insertions(+), 19 deletions(-) diff --git a/pkg/agent/flannel/flannel.go b/pkg/agent/flannel/flannel.go index 0c6cd311da89..71b063a42371 100644 --- a/pkg/agent/flannel/flannel.go +++ b/pkg/agent/flannel/flannel.go @@ -100,7 +100,7 @@ func flannel(ctx context.Context, wg *sync.WaitGroup, flannelIface *net.Interfac return errors.New("ipv4 mode requested but no ipv4 network provided") } - //setup masq rules + // setup masq rules prevNetwork := ReadCIDRFromSubnetFile(subnetFile, "FLANNEL_NETWORK") prevSubnet := ReadCIDRFromSubnetFile(subnetFile, "FLANNEL_SUBNET") @@ -109,14 +109,14 @@ func flannel(ctx context.Context, wg *sync.WaitGroup, flannelIface *net.Interfac if flannelIPv6Masq { err = trafficMngr.SetupAndEnsureMasqRules(ctx, config.Network, prevSubnet, prevNetwork, config.IPv6Network, prevIPv6Subnet, prevIPv6Network, bn.Lease(), 60, false) } else { - //set empty flannel ipv6 Network to prevent masquerading + // set empty flannel ipv6 Network to prevent masquerading err = trafficMngr.SetupAndEnsureMasqRules(ctx, config.Network, prevSubnet, prevNetwork, ip.IP6Net{}, prevIPv6Subnet, prevIPv6Network, bn.Lease(), 60, false) } if err != nil { return pkgerrors.WithMessage(err, "failed to setup masq rules") } - //setup forward rules + // setup forward rules trafficMngr.SetupAndEnsureForwardRules(ctx, config.Network, config.IPv6Network, 50) if err := WriteSubnetFile(subnetFile, config.Network, config.IPv6Network, true, bn, nm); err != nil { @@ -219,7 +219,7 @@ func WriteSubnetFile(path string, nw ip.IP4Net, nwv6 ip.IP6Net, ipMasq bool, bn // rename(2) the temporary file to the desired location so that it becomes // atomically visible with the contents return os.Rename(tempFile, path) - //TODO - is this safe? What if it's not on the same FS? + // TODO - is this safe? What if it's not on the same FS? } // ReadCIDRFromSubnetFile reads the flannel subnet file and extracts the value of IPv4 network CIDRKey diff --git a/pkg/cli/server/server.go b/pkg/cli/server/server.go index b61f23c6642b..f16d32236782 100644 --- a/pkg/cli/server/server.go +++ b/pkg/cli/server/server.go @@ -340,7 +340,7 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont // if we ended up with any advertise-ips, ensure they're added to the SAN list; // note that kube-apiserver does not support dual-stack advertise-ip as of 1.21.0: - /// https://github.com/kubernetes/kubeadm/issues/1612#issuecomment-772583989 + // https://github.com/kubernetes/kubeadm/issues/1612#issuecomment-772583989 if serverConfig.ControlConfig.AdvertiseIP != "" { serverConfig.ControlConfig.SANs = append(serverConfig.ControlConfig.SANs, serverConfig.ControlConfig.AdvertiseIP) } diff --git a/pkg/configfilearg/parser.go b/pkg/configfilearg/parser.go index b54ac30439d3..23267cea0684 100644 --- a/pkg/configfilearg/parser.go +++ b/pkg/configfilearg/parser.go @@ -75,7 +75,7 @@ func (p *Parser) stripInvalidFlags(command string, args []string) ([]string, err } validFlags := make(map[string]bool, len(cmdFlags)) for _, f := range cmdFlags { - //split flags with aliases into 2 entries + // split flags with aliases into 2 entries for _, s := range f.Names() { validFlags[s] = true } diff --git a/pkg/server/handlers/handlers_test.go b/pkg/server/handlers/handlers_test.go index 248e0b829797..85ab74e215d2 100644 --- a/pkg/server/handlers/handlers_test.go +++ b/pkg/server/handlers/handlers_test.go @@ -107,11 +107,11 @@ func Test_UnitHandlers(t *testing.T) { paths []pathTest }{ { - //*** tests with runtime core not ready *** + // *** tests with runtime core not ready *** name: "no runtime core", controlFunc: getCorelessControl, paths: []pathTest{ - //** paths accessible with node cert or agent token, and specific headers ** + // ** paths accessible with node cert or agent token, and specific headers ** { method: http.MethodGet, path: "/v1-k3s/serving-kubelet.crt", @@ -358,7 +358,7 @@ func Test_UnitHandlers(t *testing.T) { }, }, { - //*** tests with runtime core not ready and bind address set *** + // *** tests with runtime core not ready and bind address set *** name: "no runtime core with bind-address", controlFunc: func(t *testing.T) (*config.Control, context.CancelFunc) { control, cancel := getCorelessControl(t) @@ -366,7 +366,7 @@ func Test_UnitHandlers(t *testing.T) { return control, cancel }, paths: []pathTest{ - //** paths accessible with node cert or agent token, and specific headers ** + // ** paths accessible with node cert or agent token, and specific headers ** { method: http.MethodGet, path: "/v1-k3s/serving-kubelet.crt", @@ -613,11 +613,11 @@ func Test_UnitHandlers(t *testing.T) { }, }, { - //*** tests with no agent and runtime core not ready *** + // *** tests with no agent and runtime core not ready *** name: "agentless no runtime core", controlFunc: getCorelessAgentlessControl, paths: []pathTest{ - //** paths accessible with node cert or agent token, and specific headers ** + // ** paths accessible with node cert or agent token, and specific headers ** { method: http.MethodGet, path: "/v1-k3s/serving-kubelet.crt", @@ -876,11 +876,11 @@ func Test_UnitHandlers(t *testing.T) { }, }, { - //*** tests with mocked core controllers *** + // *** tests with mocked core controllers *** name: "mocked", controlFunc: getMockedControl, paths: []pathTest{ - //** paths accessible with node cert or agent token, and specific headers ** + // ** paths accessible with node cert or agent token, and specific headers ** { method: http.MethodGet, path: "/v1-k3s/serving-kubelet.crt", @@ -1135,7 +1135,7 @@ func Test_UnitHandlers(t *testing.T) { }, ), }, - //** paths accessible with node cert or agent token ** + // ** paths accessible with node cert or agent token ** { method: http.MethodGet, path: "/v1-k3s/client-kube-proxy.crt", @@ -1442,7 +1442,7 @@ func Test_UnitHandlers(t *testing.T) { }, ), }, - //** paths accessible with node cert ** + // ** paths accessible with node cert ** { method: http.MethodGet, path: "/v1-k3s/connect", @@ -1462,7 +1462,7 @@ func Test_UnitHandlers(t *testing.T) { }, ), }, - //** paths accessible with server token ** + // ** paths accessible with server token ** { method: http.MethodGet, path: "/v1-k3s/encrypt/status", @@ -1537,7 +1537,7 @@ func Test_UnitHandlers(t *testing.T) { }, ), }, - //** paths accessible with apiserver cert ** + // ** paths accessible with apiserver cert ** { method: http.MethodConnect, path: "/", @@ -1553,7 +1553,7 @@ func Test_UnitHandlers(t *testing.T) { }, ), }, - //** paths accessible anonymously ** + // ** paths accessible anonymously ** { method: http.MethodGet, path: "/ping", From 73201f6b2a0f9c32124ef7f9b36479d807b0bd31 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Mon, 15 Dec 2025 22:37:45 +0000 Subject: [PATCH 11/48] lint: deep-exit Signed-off-by: Brad Davidson (cherry picked from commit 850de3d04de85c8fb8124ab3a116dcc5ba702486) Signed-off-by: Brad Davidson --- pkg/cli/cmds/log_linux.go | 2 ++ pkg/nodepassword/nodepassword_test.go | 2 ++ pkg/rootless/rootless.go | 2 ++ pkg/signals/signals.go | 2 ++ 4 files changed, 8 insertions(+) diff --git a/pkg/cli/cmds/log_linux.go b/pkg/cli/cmds/log_linux.go index 4d42e72b3923..cd742b729f50 100644 --- a/pkg/cli/cmds/log_linux.go +++ b/pkg/cli/cmds/log_linux.go @@ -77,6 +77,8 @@ func forkIfLoggingOrReaping() error { systemd.SdNotify(true, "READY=1\n") cmd.Wait() + + //revive:disable-next-line:deep-exit os.Exit(cmd.ProcessState.ExitCode()) } return nil diff --git a/pkg/nodepassword/nodepassword_test.go b/pkg/nodepassword/nodepassword_test.go index 4c7a82f5a9f3..2c803a0897af 100644 --- a/pkg/nodepassword/nodepassword_test.go +++ b/pkg/nodepassword/nodepassword_test.go @@ -15,6 +15,8 @@ import ( const migrateNumNodes = 10 const createNumNodes = 3 +//revive:disable:deep-exit + func Test_UnitAsserts(t *testing.T) { assertEqual(t, 1, 1) assertNotEqual(t, 1, 0) diff --git a/pkg/rootless/rootless.go b/pkg/rootless/rootless.go index a1931b5327f9..a59b3bda7727 100644 --- a/pkg/rootless/rootless.go +++ b/pkg/rootless/rootless.go @@ -80,6 +80,8 @@ func Rootless(stateDir string, enableIPv6 bool) error { if err := parent.Parent(*parentOpt); err != nil { logrus.Fatal(err) } + + //revive:disable-next-line:deep-exit os.Exit(0) return nil diff --git a/pkg/signals/signals.go b/pkg/signals/signals.go index 6bc55a9c6b5c..fe6b02999d22 100644 --- a/pkg/signals/signals.go +++ b/pkg/signals/signals.go @@ -37,6 +37,8 @@ func SetupSignalContext() context.Context { cancel() s := <-signalHandler logrus.Infof("Second shutdown signal received: %s, exiting...", s) + + //revive:disable-next-line:deep-exit os.Exit(1) }() From 85854566a40b21afe80bd24f8fe0320607ebd844 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Mon, 15 Dec 2025 22:45:08 +0000 Subject: [PATCH 12/48] lint: bare-return Signed-off-by: Brad Davidson (cherry picked from commit 55f8d9f731b911c50562b2cb716ec016c716cfd4) Signed-off-by: Brad Davidson --- pkg/agent/config/config.go | 2 +- pkg/cgroups/cgroups_linux.go | 10 +++++----- pkg/cgroups/cgroups_windows.go | 2 +- pkg/configfilearg/parser.go | 4 ++-- pkg/daemons/control/tunnel.go | 2 +- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/pkg/agent/config/config.go b/pkg/agent/config/config.go index 7268dfdc9d46..9a337da76354 100644 --- a/pkg/agent/config/config.go +++ b/pkg/agent/config/config.go @@ -343,7 +343,7 @@ func splitCertKeyPEM(bytes []byte) (certPem []byte, keyPem []byte) { } } - return + return certPem, keyPem } // getKubeletClientCert fills the kubelet client certificate with content returned diff --git a/pkg/cgroups/cgroups_linux.go b/pkg/cgroups/cgroups_linux.go index e2ff531ea1f9..e8954041c2ed 100644 --- a/pkg/cgroups/cgroups_linux.go +++ b/pkg/cgroups/cgroups_linux.go @@ -82,11 +82,11 @@ func CheckCgroups() (kubeletRoot, runtimeRoot string, controllers map[string]boo if cgroupsModeV2 { m, err := cgroupsv2.NewManager("/sys/fs/cgroup", "/", &cgroupsv2.Resources{}) if err != nil { - return + return kubeletRoot, runtimeRoot, controllers } enabledControllers, err := m.Controllers() if err != nil { - return + return kubeletRoot, runtimeRoot, controllers } // Intentionally using an expressionless switch to match the logic below for _, controller := range enabledControllers { @@ -96,7 +96,7 @@ func CheckCgroups() (kubeletRoot, runtimeRoot string, controllers map[string]boo f, err := os.Open("/proc/self/cgroup") if err != nil { - return + return kubeletRoot, runtimeRoot, controllers } defer f.Close() @@ -150,7 +150,7 @@ func CheckCgroups() (kubeletRoot, runtimeRoot string, controllers map[string]boo // a host PID scenario but we don't support this. g, err := os.Open("/proc/1/cgroup") if err != nil { - return + return kubeletRoot, runtimeRoot, controllers } defer g.Close() scan = bufio.NewScanner(g) @@ -174,5 +174,5 @@ func CheckCgroups() (kubeletRoot, runtimeRoot string, controllers map[string]boo } } } - return + return kubeletRoot, runtimeRoot, controllers } diff --git a/pkg/cgroups/cgroups_windows.go b/pkg/cgroups/cgroups_windows.go index ae24e3ab1981..154dd7ef662d 100644 --- a/pkg/cgroups/cgroups_windows.go +++ b/pkg/cgroups/cgroups_windows.go @@ -7,5 +7,5 @@ func Validate() error { } func CheckCgroups() (kubeletRoot, runtimeRoot string, controllers map[string]bool) { - return + return kubeletRoot, runtimeRoot, controllers } diff --git a/pkg/configfilearg/parser.go b/pkg/configfilearg/parser.go index 23267cea0684..a1a4b5d61edc 100644 --- a/pkg/configfilearg/parser.go +++ b/pkg/configfilearg/parser.go @@ -237,7 +237,7 @@ func dotDFiles(basefile string) (result []string, _ error) { } result = append(result, filepath.Join(basefile+".d", file.Name())) } - return + return result, nil } // readConfigFile returns a flattened arg list generated from the specified config @@ -312,7 +312,7 @@ func readConfigFile(file string) (result []string, _ error) { } } - return + return result, nil } func toSlice(v any) []any { diff --git a/pkg/daemons/control/tunnel.go b/pkg/daemons/control/tunnel.go index 1a4a959dc6d6..8cd111ff4e51 100644 --- a/pkg/daemons/control/tunnel.go +++ b/pkg/daemons/control/tunnel.go @@ -297,5 +297,5 @@ func (crw *connReadWriteCloser) Write(b []byte) (n int, err error) { func (crw *connReadWriteCloser) Close() (err error) { crw.once.Do(func() { err = crw.conn.Close() }) - return + return err } From 1e69d34856acd98f1f9e1c72c9d5160c599efa91 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Mon, 15 Dec 2025 22:47:51 +0000 Subject: [PATCH 13/48] lint: bool-literal-in-expr Signed-off-by: Brad Davidson (cherry picked from commit 1227f2c435bc0941e6584e3e00ebd6a7ee728f56) Signed-off-by: Brad Davidson --- pkg/agent/config/config.go | 2 +- pkg/clientaccess/token_test.go | 2 +- pkg/util/api.go | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/agent/config/config.go b/pkg/agent/config/config.go index 9a337da76354..c65ddfddc004 100644 --- a/pkg/agent/config/config.go +++ b/pkg/agent/config/config.go @@ -833,7 +833,7 @@ func validateNetworkConfig(nodeConfig *config.Node) error { // Old versions of the server do not send enough information to correctly start the NPC. Users // need to upgrade the server to at least the same version as the agent, or disable the NPC // cluster-wide. - if nodeConfig.AgentConfig.DisableNPC == false && (nodeConfig.AgentConfig.ServiceCIDR == nil || nodeConfig.AgentConfig.ServiceNodePortRange.Size == 0) { + if !nodeConfig.AgentConfig.DisableNPC && (nodeConfig.AgentConfig.ServiceCIDR == nil || nodeConfig.AgentConfig.ServiceNodePortRange.Size == 0) { return fmt.Errorf("incompatible down-level server detected; servers must be upgraded to at least %s, or restarted with --disable-network-policy", version.Version) } diff --git a/pkg/clientaccess/token_test.go b/pkg/clientaccess/token_test.go index fd392223df1b..7fd84ab86591 100644 --- a/pkg/clientaccess/token_test.go +++ b/pkg/clientaccess/token_test.go @@ -296,7 +296,7 @@ func newTLSServer(t *testing.T, username, password string, sendWrongCA bool) *ht var server *httptest.Server server = httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.URL.Path == "/v1-k3s/server-bootstrap" { - if authUsername, authPassword, ok := r.BasicAuth(); ok != true || authPassword != password || authUsername != username { + if authUsername, authPassword, ok := r.BasicAuth(); !ok || authPassword != password || authUsername != username { http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } diff --git a/pkg/util/api.go b/pkg/util/api.go index c0400202316f..80f857e5ca18 100644 --- a/pkg/util/api.go +++ b/pkg/util/api.go @@ -65,7 +65,7 @@ func GetAddressesFromSlices(slices ...discoveryv1.EndpointSlice) []string { port = "443" } for _, endpoint := range slice.Endpoints { - if endpoint.Conditions.Ready == nil || *endpoint.Conditions.Ready == true { + if endpoint.Conditions.Ready == nil || *endpoint.Conditions.Ready { for _, address := range endpoint.Addresses { serverAddresses = append(serverAddresses, net.JoinHostPort(address, port)) } From 78ae44eec6406f4e184fce7584dcaf3d3545ff96 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Mon, 15 Dec 2025 23:04:18 +0000 Subject: [PATCH 14/48] lint: defer,get-return Signed-off-by: Brad Davidson (cherry picked from commit 23093122b0fe502412958376d4befd6e7348f74a) Signed-off-by: Brad Davidson --- pkg/agent/loadbalancer/servers.go | 3 +++ pkg/cli/server/server.go | 22 ++++++++++------------ pkg/etcd/snapshot.go | 4 ++++ 3 files changed, 17 insertions(+), 12 deletions(-) diff --git a/pkg/agent/loadbalancer/servers.go b/pkg/agent/loadbalancer/servers.go index 13334ea881dc..c965e97ba48e 100644 --- a/pkg/agent/loadbalancer/servers.go +++ b/pkg/agent/loadbalancer/servers.go @@ -249,16 +249,19 @@ func (sl *serverList) recordSuccess(srv *server, r reason) { switch s.state { case stateFailed, stateStandby, stateRecovering, stateHealthy: // close connections to other non-active servers whenever we have a new active server + //revive:disable-next-line:defer defer s.closeAll() case stateActive: if len(s.connections) > len(srv.connections) { // if there is a currently active server that has more connections than we do, // close our connections and go to preferred instead new_state = statePreferred + //revive:disable-next-line:defer defer srv.closeAll() } else { // otherwise, close its connections and demote it to preferred s.state = statePreferred + //revive:disable-next-line:defer defer s.closeAll() } } diff --git a/pkg/cli/server/server.go b/pkg/cli/server/server.go index f16d32236782..0411047817e9 100644 --- a/pkg/cli/server/server.go +++ b/pkg/cli/server/server.go @@ -38,6 +38,7 @@ import ( "github.com/urfave/cli/v2" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" utilnet "k8s.io/apimachinery/pkg/util/net" + "k8s.io/apimachinery/pkg/util/wait" kubeapiserverflag "k8s.io/component-base/cli/flag" "k8s.io/kubernetes/pkg/controlplane/apiserver/options" utilsnet "k8s.io/utils/net" @@ -567,7 +568,7 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont // initialize the apiAddress Channel for receiving the api address from etcd agentConfig.APIAddressCh = make(chan []string) - go getAPIAddressFromEtcd(ctx, serverConfig, agentConfig) + go pollAPIAddressFromEtcd(ctx, serverConfig, agentConfig) } // Until the agent is run and retrieves config from the server, we won't know @@ -648,23 +649,20 @@ func validateNetworkConfiguration(serverConfig server.Config) error { return nil } -func getAPIAddressFromEtcd(ctx context.Context, serverConfig server.Config, agentConfig cmds.Agent) { +func pollAPIAddressFromEtcd(ctx context.Context, serverConfig server.Config, agentConfig cmds.Agent) { defer close(agentConfig.APIAddressCh) - for { - toCtx, cancel := context.WithTimeout(ctx, 5*time.Second) + pollDuration := time.Second * 5 + wait.PollUntilContextCancel(ctx, pollDuration, true, func(ctx context.Context) (bool, error) { + ctx, cancel := context.WithTimeout(ctx, pollDuration) defer cancel() - serverAddresses, err := etcd.GetAPIServerURLsFromETCD(toCtx, &serverConfig.ControlConfig) + serverAddresses, err := etcd.GetAPIServerURLsFromETCD(ctx, &serverConfig.ControlConfig) if err == nil && len(serverAddresses) > 0 { agentConfig.APIAddressCh <- serverAddresses - return + return true, nil } if !errors.Is(err, etcd.ErrAddressNotSet) { logrus.Warnf("Failed to get apiserver address from etcd: %v", err) } - select { - case <-toCtx.Done(): - case <-ctx.Done(): - return - } - } + return false, nil + }) } diff --git a/pkg/etcd/snapshot.go b/pkg/etcd/snapshot.go index 45cbdd001699..7d88bd15605a 100644 --- a/pkg/etcd/snapshot.go +++ b/pkg/etcd/snapshot.go @@ -169,12 +169,16 @@ func (e *ETCD) decompressSnapshot(snapshotDir, snapshotFile string) (string, err if err != nil { return "", err } + + //revive:disable-next-line:defer defer decompressed.Close() ss, err := sf.Open() if err != nil { return "", err } + + //revive:disable-next-line:defer defer ss.Close() if _, err := io.Copy(decompressed, ss); err != nil { From 4554b15e9bb11fbcf25451f46c45c8b721917bf5 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Mon, 15 Dec 2025 23:12:04 +0000 Subject: [PATCH 15/48] lint: duplicated-imports Signed-off-by: Brad Davidson (cherry picked from commit 100cb633a3dcc0640d02868c9fef37fef41c1d29) Signed-off-by: Brad Davidson --- pkg/agent/netpol/netpol.go | 13 ++++++------- pkg/agent/proxy/apiproxy.go | 11 +++++------ pkg/daemons/agent/agent.go | 3 +-- pkg/etcd/snapshot_controller.go | 7 +++---- 4 files changed, 15 insertions(+), 19 deletions(-) diff --git a/pkg/agent/netpol/netpol.go b/pkg/agent/netpol/netpol.go index 854e2b0b52f5..f8b1f0f3a921 100644 --- a/pkg/agent/netpol/netpol.go +++ b/pkg/agent/netpol/netpol.go @@ -29,7 +29,6 @@ import ( pkgerrors "github.com/pkg/errors" "github.com/sirupsen/logrus" v1 "k8s.io/api/core/v1" - v1core "k8s.io/api/core/v1" "k8s.io/client-go/informers" "k8s.io/client-go/kubernetes" ) @@ -125,21 +124,21 @@ func Run(ctx context.Context, wg *sync.WaitGroup, nodeConfig *config.Node) error informerFactory.Start(stopCh) informerFactory.WaitForCacheSync(stopCh) - iptablesCmdHandlers := make(map[v1core.IPFamily]utils.IPTablesHandler, 2) - ipSetHandlers := make(map[v1core.IPFamily]utils.IPSetHandler, 2) + iptablesCmdHandlers := make(map[v1.IPFamily]utils.IPTablesHandler, 2) + ipSetHandlers := make(map[v1.IPFamily]utils.IPSetHandler, 2) if nodeConfig.AgentConfig.EnableIPv4 { iptHandler, err := iptables.NewWithProtocol(iptables.ProtocolIPv4) if err != nil { return pkgerrors.WithMessage(err, "failed to create iptables handler") } - iptablesCmdHandlers[v1core.IPv4Protocol] = iptHandler + iptablesCmdHandlers[v1.IPv4Protocol] = iptHandler ipset, err := utils.NewIPSet(false) if err != nil { return pkgerrors.WithMessage(err, "failed to create ipset handler") } - ipSetHandlers[v1core.IPv4Protocol] = ipset + ipSetHandlers[v1.IPv4Protocol] = ipset } if nodeConfig.AgentConfig.EnableIPv6 { @@ -147,13 +146,13 @@ func Run(ctx context.Context, wg *sync.WaitGroup, nodeConfig *config.Node) error if err != nil { return pkgerrors.WithMessage(err, "failed to create iptables handler") } - iptablesCmdHandlers[v1core.IPv6Protocol] = ipt6Handler + iptablesCmdHandlers[v1.IPv6Protocol] = ipt6Handler ipset, err := utils.NewIPSet(true) if err != nil { return pkgerrors.WithMessage(err, "failed to create ipset handler") } - ipSetHandlers[v1core.IPv6Protocol] = ipset + ipSetHandlers[v1.IPv6Protocol] = ipset } // Start kube-router healthcheck controller; netpol requires it diff --git a/pkg/agent/proxy/apiproxy.go b/pkg/agent/proxy/apiproxy.go index c291a59799cb..3f521ae4bab7 100644 --- a/pkg/agent/proxy/apiproxy.go +++ b/pkg/agent/proxy/apiproxy.go @@ -3,7 +3,6 @@ package proxy import ( "context" "net" - sysnet "net" "net/url" "strconv" @@ -117,12 +116,12 @@ func (p *proxy) SetHealthCheck(address string, healthCheck loadbalancer.HealthCh func (p *proxy) setSupervisorPort(addresses []string) []string { var newAddresses []string for _, address := range addresses { - h, _, err := sysnet.SplitHostPort(address) + h, _, err := net.SplitHostPort(address) if err != nil { logrus.Errorf("Failed to parse address %s, dropping: %v", address, err) continue } - newAddresses = append(newAddresses, sysnet.JoinHostPort(h, p.supervisorPort)) + newAddresses = append(newAddresses, net.JoinHostPort(h, p.supervisorPort)) } return newAddresses } @@ -143,7 +142,7 @@ func (p *proxy) SetAPIServerPort(port int, isIPv6 bool) error { return pkgerrors.WithMessagef(err, "failed to parse server URL %s", p.initialSupervisorURL) } p.apiServerPort = strconv.Itoa(port) - u.Host = sysnet.JoinHostPort(u.Hostname(), p.apiServerPort) + u.Host = net.JoinHostPort(u.Hostname(), p.apiServerPort) if p.lbEnabled && p.apiServerLB == nil { lbServerPort := p.lbServerPort @@ -170,14 +169,14 @@ func (p *proxy) SetAPIServerPort(port int, isIPv6 bool) error { // supervisor must be used to bootstrap the agent config, but then switched over to // another node running an apiserver once one is available. func (p *proxy) SetSupervisorDefault(address string) { - host, port, err := sysnet.SplitHostPort(address) + host, port, err := net.SplitHostPort(address) if err != nil { logrus.Errorf("Failed to parse address %s, dropping: %v", address, err) return } if p.apiServerEnabled { port = p.supervisorPort - address = sysnet.JoinHostPort(host, port) + address = net.JoinHostPort(host, port) } p.fallbackSupervisorAddress = address if p.supervisorLB == nil { diff --git a/pkg/daemons/agent/agent.go b/pkg/daemons/agent/agent.go index c905e8cfc0f0..c29b762ce002 100644 --- a/pkg/daemons/agent/agent.go +++ b/pkg/daemons/agent/agent.go @@ -22,7 +22,6 @@ import ( "github.com/sirupsen/logrus" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/component-base/logs" - logsapi "k8s.io/component-base/logs/api/v1" logsv1 "k8s.io/component-base/logs/api/v1" _ "k8s.io/component-base/metrics/prometheus/restclient" // for client metric registration _ "k8s.io/component-base/metrics/prometheus/version" // for version metric registration @@ -34,7 +33,7 @@ import ( ) func Agent(ctx context.Context, nodeConfig *daemonconfig.Node, proxy proxy.Proxy) error { - logsapi.ReapplyHandling = logsapi.ReapplyHandlingIgnoreUnchanged + logsv1.ReapplyHandling = logsv1.ReapplyHandlingIgnoreUnchanged logs.InitLogs() defer logs.FlushLogs() diff --git a/pkg/etcd/snapshot_controller.go b/pkg/etcd/snapshot_controller.go index 09af0d1a12ff..9c9ef7cde7a1 100644 --- a/pkg/etcd/snapshot_controller.go +++ b/pkg/etcd/snapshot_controller.go @@ -9,7 +9,6 @@ import ( "strings" "time" - apisv1 "github.com/k3s-io/api/k3s.cattle.io/v1" k3s "github.com/k3s-io/api/k3s.cattle.io/v1" controllersv1 "github.com/k3s-io/api/pkg/generated/controllers/k3s.cattle.io/v1" "github.com/k3s-io/k3s/pkg/etcd/snapshot" @@ -70,7 +69,7 @@ func registerSnapshotHandlers(ctx context.Context, etcd *ETCD) { go wait.JitterUntil(func() { snapshots.Enqueue(reconcileKey) }, reconcileInterval, 0.04, false, ctx.Done()) } -func (e *etcdSnapshotHandler) sync(key string, esf *apisv1.ETCDSnapshotFile) (*apisv1.ETCDSnapshotFile, error) { +func (e *etcdSnapshotHandler) sync(key string, esf *k3s.ETCDSnapshotFile) (*k3s.ETCDSnapshotFile, error) { if key == reconcileKey { err := e.reconcile() if err == errNotReconciled { @@ -149,7 +148,7 @@ func (e *etcdSnapshotHandler) sync(key string, esf *apisv1.ETCDSnapshotFile) (*a return nil, err } -func (e *etcdSnapshotHandler) onRemove(key string, esf *apisv1.ETCDSnapshotFile) (*apisv1.ETCDSnapshotFile, error) { +func (e *etcdSnapshotHandler) onRemove(key string, esf *k3s.ETCDSnapshotFile) (*k3s.ETCDSnapshotFile, error) { if esf == nil { return nil, nil } @@ -220,7 +219,7 @@ func (e *etcdSnapshotHandler) reconcile() error { logrus.Infof("Reconciling snapshot ConfigMap data") // Get a list of existing snapshots - snapshots := map[string]*apisv1.ETCDSnapshotFile{} + snapshots := map[string]*k3s.ETCDSnapshotFile{} snapshotPager := pager.New(pager.SimplePageFunc(func(opts metav1.ListOptions) (k8sruntime.Object, error) { return e.snapshots.List(opts) })) snapshotPager.PageSize = snapshotListPageSize From 2faa240eca7d44f6a3f03663aecf5ab9245b6d49 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Mon, 15 Dec 2025 23:17:49 +0000 Subject: [PATCH 16/48] lint: empty-lines Signed-off-by: Brad Davidson (cherry picked from commit 7c7e442be0a819dfbc37d1a1198c6b86703b4508) Signed-off-by: Brad Davidson --- pkg/agent/flannel/flannel.go | 2 -- pkg/agent/flannel/setup_test.go | 1 - pkg/agent/loadbalancer/loadbalancer_test.go | 1 - pkg/certmonitor/certmonitor.go | 1 - pkg/cli/cert/cert.go | 1 - pkg/cli/server/server.go | 1 - pkg/cloudprovider/servicelb.go | 1 - pkg/daemons/control/proxy/proxy.go | 1 - pkg/etcd/etcd.go | 1 - pkg/etcd/metadata_controller.go | 1 - pkg/kubeadm/utils.go | 1 - pkg/secretsencrypt/config.go | 3 --- pkg/util/args.go | 3 --- pkg/util/net.go | 1 - pkg/vpn/vpn.go | 1 - 15 files changed, 20 deletions(-) diff --git a/pkg/agent/flannel/flannel.go b/pkg/agent/flannel/flannel.go index 71b063a42371..e72ca8b3def8 100644 --- a/pkg/agent/flannel/flannel.go +++ b/pkg/agent/flannel/flannel.go @@ -252,7 +252,6 @@ func ReadCIDRsFromSubnetFile(path string, CIDRKey string) []ip.IP4Net { } prevCIDRs = append(prevCIDRs, ip.FromIPNet(cidr)) } - } } return prevCIDRs @@ -288,7 +287,6 @@ func ReadIP6CIDRsFromSubnetFile(path string, CIDRKey string) []ip.IP6Net { } prevCIDRs = append(prevCIDRs, ip.FromIP6Net(cidr)) } - } } return prevCIDRs diff --git a/pkg/agent/flannel/setup_test.go b/pkg/agent/flannel/setup_test.go index 20450deb8cb1..4a5375b8224d 100644 --- a/pkg/agent/flannel/setup_test.go +++ b/pkg/agent/flannel/setup_test.go @@ -35,7 +35,6 @@ func Test_findNetMode(t *testing.T) { {"wrong input", "wrong", false, false, true}, } for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { netCidrs := stringToCIDR(tt.args) got, err := findNetMode(netCidrs) diff --git a/pkg/agent/loadbalancer/loadbalancer_test.go b/pkg/agent/loadbalancer/loadbalancer_test.go index f78ef2cb5472..7de442e192a4 100644 --- a/pkg/agent/loadbalancer/loadbalancer_test.go +++ b/pkg/agent/loadbalancer/loadbalancer_test.go @@ -263,7 +263,6 @@ var _ = Describe("LoadBalancer", func() { // confirm that the default is still listed as default Expect(lb.servers.getDefaultAddress()).To(Equal(defaultServer.address), "default server is not default") - }) It("does not return the default server in the address list after removing it", func() { diff --git a/pkg/certmonitor/certmonitor.go b/pkg/certmonitor/certmonitor.go index 38b97edbf223..63b82b3e4e60 100644 --- a/pkg/certmonitor/certmonitor.go +++ b/pkg/certmonitor/certmonitor.go @@ -107,7 +107,6 @@ func Setup(ctx context.Context, nodeConfig *daemonconfig.Node, dataDir string) e recorder.Event(nodeRef, corev1.EventTypeNormal, "CertificateExpirationOK", message) } }) - }, certCheckInterval, ctx.Done()) return nil diff --git a/pkg/cli/cert/cert.go b/pkg/cli/cert/cert.go index d353bc93dcbe..11f1b4386ffd 100644 --- a/pkg/cli/cert/cert.go +++ b/pkg/cli/cert/cert.go @@ -70,7 +70,6 @@ func collectCertInfo(controlConfig config.Control, ServicesList []string) (*Cert } for _, cert := range certs { - expiration := cert.NotAfter status := k3sutil.GetCertStatus(cert, now, warn) if status == k3sutil.CertStatusNotYetValid { diff --git a/pkg/cli/server/server.go b/pkg/cli/server/server.go index 0411047817e9..c5ed4cb5097a 100644 --- a/pkg/cli/server/server.go +++ b/pkg/cli/server/server.go @@ -327,7 +327,6 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont } logrus.Warn("Etcd IP (PrivateIP) remains the local IP. Running etcd traffic over VPN is not recommended due to performance issues") } else { - // if not set, try setting advertise-ip from agent node-external-ip if serverConfig.ControlConfig.AdvertiseIP == "" && len(cmds.AgentConfig.NodeExternalIP.Value()) != 0 { serverConfig.ControlConfig.AdvertiseIP = util.GetFirstValidIPString(cmds.AgentConfig.NodeExternalIP.Value()) diff --git a/pkg/cloudprovider/servicelb.go b/pkg/cloudprovider/servicelb.go index 732c2f4225fc..a0e0bf937e73 100644 --- a/pkg/cloudprovider/servicelb.go +++ b/pkg/cloudprovider/servicelb.go @@ -222,7 +222,6 @@ func (k *k3s) processSingleItem(obj any) error { k.workqueue.Forget(obj) return nil - } // updateServiceStatus updates the load balancer status for the matching service, if it exists and is a diff --git a/pkg/daemons/control/proxy/proxy.go b/pkg/daemons/control/proxy/proxy.go index ae6d3c7d5dc1..76665bed6ba6 100644 --- a/pkg/daemons/control/proxy/proxy.go +++ b/pkg/daemons/control/proxy/proxy.go @@ -53,5 +53,4 @@ func (p *proxy) pipe(src, dst io.ReadWriter) { return } } - } diff --git a/pkg/etcd/etcd.go b/pkg/etcd/etcd.go index 2e5931c473eb..848746992af4 100644 --- a/pkg/etcd/etcd.go +++ b/pkg/etcd/etcd.go @@ -1435,7 +1435,6 @@ func (e *ETCD) setEtcdStatusCondition(node *v1.Node, memberName string, memberSt } if find, condition := util.GetNodeCondition(&node.Status, etcdStatusType); find >= 0 { - // if the condition is not changing, we only want to update the last heartbeat time if condition.Status == newCondition.Status && condition.Reason == newCondition.Reason && condition.Message == newCondition.Message { logrus.Debugf("Node %s is not changing etcd status condition", memberName) diff --git a/pkg/etcd/metadata_controller.go b/pkg/etcd/metadata_controller.go index 3186f63f6dcb..cac9943070a3 100644 --- a/pkg/etcd/metadata_controller.go +++ b/pkg/etcd/metadata_controller.go @@ -38,7 +38,6 @@ type metadataHandler struct { } func (m *metadataHandler) sync(key string, node *v1.Node) (*v1.Node, error) { - if node == nil { return nil, nil } diff --git a/pkg/kubeadm/utils.go b/pkg/kubeadm/utils.go index f3181d9a041a..18bd4d437ed7 100644 --- a/pkg/kubeadm/utils.go +++ b/pkg/kubeadm/utils.go @@ -78,7 +78,6 @@ func encodeTokenSecretData(token *BootstrapToken, now time.Time) map[string][]by // TODO: This maybe should be a helper function in bootstraputil? expirationString := token.Expires.Time.UTC().Format(time.RFC3339) data[bootstrapapi.BootstrapTokenExpirationKey] = []byte(expirationString) - } else if token.TTL != nil && token.TTL.Duration > 0 { // Only if .Expires is unset, TTL might have an effect // Get the current time, add the specified duration, and format it accordingly diff --git a/pkg/secretsencrypt/config.go b/pkg/secretsencrypt/config.go index 309a49e62110..2549ab2268c7 100644 --- a/pkg/secretsencrypt/config.go +++ b/pkg/secretsencrypt/config.go @@ -70,7 +70,6 @@ func GetEncryptionProviders(runtime *config.ControlRuntime) ([]apiserverconfigv1 // GetEncryptionKeys returns a list of encryption keys from the current encryption configuration. func GetEncryptionKeys(runtime *config.ControlRuntime) (*EncryptionKeys, error) { - currentKeys := &EncryptionKeys{} providers, err := GetEncryptionProviders(runtime) if err != nil { @@ -102,7 +101,6 @@ func GetEncryptionKeys(runtime *config.ControlRuntime) (*EncryptionKeys, error) // WriteEncryptionConfig writes the encryption configuration to the file system. // The provider arg will be placed first, and is used to encrypt new secrets. func WriteEncryptionConfig(runtime *config.ControlRuntime, keys *EncryptionKeys, provider string, enable bool) error { - var providers []apiserverconfigv1.ProviderConfiguration var primary apiserverconfigv1.ProviderConfiguration var secondary *apiserverconfigv1.ProviderConfiguration @@ -220,7 +218,6 @@ func GenEncryptionConfigHash(runtime *config.ControlRuntime) (string, error) { // GenReencryptHash generates a sha256 hash from the existing secrets keys and // any identity providers plus a new key based on the input arguments. func GenReencryptHash(runtime *config.ControlRuntime, keyName string) (string, error) { - // To retain compatibility with the older encryption hash format, // we contruct the hash as: aescbc + secretbox + identity + newkey currentKeys, err := GetEncryptionKeys(runtime) diff --git a/pkg/util/args.go b/pkg/util/args.go index 02838dd95dfe..712de9149fa3 100644 --- a/pkg/util/args.go +++ b/pkg/util/args.go @@ -25,7 +25,6 @@ func ArgValue(searchArg string, extraArgs []string) string { // GetArgs appends extra arguments to existing arguments with logic to override any default // arguments whilst also allowing to prefix and suffix default string slice arguments. func GetArgs(initialArgs map[string]string, extraArgs []string) []string { - multiArgs := make(map[string][]string) for _, unsplitArg := range extraArgs { @@ -51,7 +50,6 @@ func GetArgs(initialArgs map[string]string, extraArgs []string) []string { newValues = append(newValues, existingValues...) } newValues = append(newValues, value) - } else if strings.HasSuffix(arg, "-") { // Prepend value to initial args newValues = append(newValues, value) if initialValueExists { @@ -69,7 +67,6 @@ func GetArgs(initialArgs map[string]string, extraArgs []string) []string { delete(initialArgs, cleanedArg) multiArgs[cleanedArg] = newValues - } // Add any remaining initial args to the map diff --git a/pkg/util/net.go b/pkg/util/net.go index 05fd2180b15d..dd0e6be0bc1b 100644 --- a/pkg/util/net.go +++ b/pkg/util/net.go @@ -206,7 +206,6 @@ func GetFirstValidIPString(s []string) string { // GetFirstIP checks what is the IPFamily of the first item. Based on that, returns a set of values func GetDefaultAddresses(nodeIP net.IP) (string, string, string, error) { - if netutils.IsIPv4(nodeIP) { ListenAddress := "0.0.0.0" clusterCIDR := "10.42.0.0/16" diff --git a/pkg/vpn/vpn.go b/pkg/vpn/vpn.go index e571d73b19e9..da7787cd4ed1 100644 --- a/pkg/vpn/vpn.go +++ b/pkg/vpn/vpn.go @@ -179,7 +179,6 @@ func GetAdvertisedRoutes() ([]netip.Prefix, error) { } return tailscaleOutput.AdvertiseRoutes, nil - } // processCLIArgs separates the extraArgs part from the command. From 9ec02895b25c539ff3ddc241b33b5c24251d8451 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Mon, 15 Dec 2025 23:25:02 +0000 Subject: [PATCH 17/48] lint: exported Signed-off-by: Brad Davidson (cherry picked from commit f279a979b321f28748ebb2f8b14dbc3875eefa90) Signed-off-by: Brad Davidson --- pkg/cli/cert/cert.go | 6 +++--- pkg/cli/server/server.go | 2 +- pkg/etcd/resolver.go | 8 ++++---- pkg/etcd/snapshot/types.go | 24 ++++++++++++------------ pkg/executor/embed/embed.go | 8 ++++---- pkg/vpn/vpn.go | 22 +++++++++++----------- 6 files changed, 35 insertions(+), 35 deletions(-) diff --git a/pkg/cli/cert/cert.go b/pkg/cli/cert/cert.go index 11f1b4386ffd..38e3338c114f 100644 --- a/pkg/cli/cert/cert.go +++ b/pkg/cli/cert/cert.go @@ -92,8 +92,8 @@ func collectCertInfo(controlConfig config.Control, ServicesList []string) (*Cert return result, nil } -// CertFormatter defines the interface for formatting certificate information -type CertFormatter interface { +// Formatter defines the interface for formatting certificate information +type Formatter interface { Format(*CertificateInfo) error } @@ -232,7 +232,7 @@ func check(app *cli.Context, cfg *cmds.Server) error { } outFmt := app.String("output") - var formatter CertFormatter + var formatter Formatter switch outFmt { case "text": formatter = &TextFormatter{Writer: os.Stdout} diff --git a/pkg/cli/server/server.go b/pkg/cli/server/server.go index c5ed4cb5097a..e53f7d236c24 100644 --- a/pkg/cli/server/server.go +++ b/pkg/cli/server/server.go @@ -297,7 +297,7 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont // if not set, try setting advertise-ip from agent VPN if cmds.AgentConfig.VPNAuth != "" { - vpnInfo, err := vpn.GetVPNInfo(cmds.AgentConfig.VPNAuth) + vpnInfo, err := vpn.GetInfo(cmds.AgentConfig.VPNAuth) if err != nil { return err } diff --git a/pkg/etcd/resolver.go b/pkg/etcd/resolver.go index f91c71567e7f..7168cfb2ce09 100644 --- a/pkg/etcd/resolver.go +++ b/pkg/etcd/resolver.go @@ -11,7 +11,7 @@ import ( const scheme = "etcd-endpoint" -type EtcdSimpleResolver struct { +type SimpleResolver struct { *manual.Resolver endpoint string } @@ -19,12 +19,12 @@ type EtcdSimpleResolver struct { // Cribbed from https://github.com/etcd-io/etcd/blob/v3.5.25/client/v3/internal/resolver/resolver.go // but only supports a single fixed endpoint. We use this instead of the internal etcd client resolver // because the agent loadbalancer handles failover and we don't want etcd or grpc's special behavior. -func NewSimpleResolver(endpoint string) *EtcdSimpleResolver { +func NewSimpleResolver(endpoint string) *SimpleResolver { r := manual.NewBuilderWithScheme(scheme) - return &EtcdSimpleResolver{Resolver: r, endpoint: endpoint} + return &SimpleResolver{Resolver: r, endpoint: endpoint} } -func (r *EtcdSimpleResolver) Build(target resolver.Target, cc resolver.ClientConn, opts resolver.BuildOptions) (resolver.Resolver, error) { +func (r *SimpleResolver) Build(target resolver.Target, cc resolver.ClientConn, opts resolver.BuildOptions) (resolver.Resolver, error) { res, err := r.Resolver.Build(target, cc, opts) if err != nil { return nil, err diff --git a/pkg/etcd/snapshot/types.go b/pkg/etcd/snapshot/types.go index 362a1e0ea198..ff25f6d0b7d5 100644 --- a/pkg/etcd/snapshot/types.go +++ b/pkg/etcd/snapshot/types.go @@ -23,11 +23,11 @@ import ( "k8s.io/utils/ptr" ) -type SnapshotStatus string +type Status string const ( - SuccessfulStatus SnapshotStatus = "successful" - FailedStatus SnapshotStatus = "failed" + SuccessfulStatus Status = "successful" + FailedStatus Status = "failed" CompressedExtension = ".zip" MetadataDir = ".metadata" @@ -59,15 +59,15 @@ type File struct { Name string `json:"name"` // Location contains the full path of the snapshot. For // local paths, the location will be prefixed with "file://". - Location string `json:"location,omitempty"` - Metadata string `json:"metadata,omitempty"` - Message string `json:"message,omitempty"` - NodeName string `json:"nodeName,omitempty"` - CreatedAt *metav1.Time `json:"createdAt,omitempty"` - Size int64 `json:"size,omitempty"` - Status SnapshotStatus `json:"status,omitempty"` - S3 *S3Config `json:"s3Config,omitempty"` - Compressed bool `json:"compressed"` + Location string `json:"location,omitempty"` + Metadata string `json:"metadata,omitempty"` + Message string `json:"message,omitempty"` + NodeName string `json:"nodeName,omitempty"` + CreatedAt *metav1.Time `json:"createdAt,omitempty"` + Size int64 `json:"size,omitempty"` + Status Status `json:"status,omitempty"` + S3 *S3Config `json:"s3Config,omitempty"` + Compressed bool `json:"compressed"` // these fields are used for the internal representation of the snapshot // to populate other fields before serialization to the legacy configmap. diff --git a/pkg/executor/embed/embed.go b/pkg/executor/embed/embed.go index 0e26fcc71e5e..08b85842c87e 100644 --- a/pkg/executor/embed/embed.go +++ b/pkg/executor/embed/embed.go @@ -102,9 +102,9 @@ func (e *Embedded) Bootstrap(ctx context.Context, nodeConfig *daemonconfig.Node, } // If there is a VPN, we must overwrite NodeIP and flannel interface - var vpnInfo vpn.VPNInfo + var vpnInfo *vpn.Info if cfg.VPNAuth != "" { - vpnInfo, err = vpn.GetVPNInfo(cfg.VPNAuth) + vpnInfo, err = vpn.GetInfo(cfg.VPNAuth) if err != nil { return err } @@ -136,9 +136,9 @@ func (e *Embedded) Bootstrap(ctx context.Context, nodeConfig *daemonconfig.Node, logrus.Warn("VPN provider overrides node-external-ip parameter") } nodeIPs = vpnIPs - nodeConfig.Flannel.Iface, err = net.InterfaceByName(vpnInfo.VPNInterface) + nodeConfig.Flannel.Iface, err = net.InterfaceByName(vpnInfo.Interface) if err != nil { - return pkgerrors.WithMessagef(err, "unable to find vpn interface: %s", vpnInfo.VPNInterface) + return pkgerrors.WithMessagef(err, "unable to find vpn interface: %s", vpnInfo.Interface) } } } diff --git a/pkg/vpn/vpn.go b/pkg/vpn/vpn.go index da7787cd4ed1..9580f8bc42c7 100644 --- a/pkg/vpn/vpn.go +++ b/pkg/vpn/vpn.go @@ -28,14 +28,14 @@ type TailscalePrefsOutput struct { AdvertiseRoutes []netip.Prefix `json:"AdvertiseRoutes"` } -// VPNInfo includes node information of the VPN. It is a general struct in case we want to add more vpn integrations -type VPNInfo struct { +// Info includes node information of the VPN. It is a general struct in case we want to add more vpn integrations +type Info struct { BackendState string IPv4Address net.IP IPv6Address net.IP NodeID string ProviderName string - VPNInterface string + Interface string } // vpnCliAuthInfo includes auth information of the VPN. It is a general struct in case we want to add more vpn integrations @@ -82,17 +82,17 @@ func StartVPN(vpnAuthConfigFile string) error { } } -// GetVPNInfo returns a VPNInfo object with details about the VPN. General function in case we want to add more vpn integrations -func GetVPNInfo(vpnAuth string) (VPNInfo, error) { +// GetInfo returns an Info object with details about the VPN. General function in case we want to add more vpn integrations +func GetInfo(vpnAuth string) (*Info, error) { authInfo, err := getVPNAuthInfo(vpnAuth) if err != nil { - return VPNInfo{}, err + return nil, err } if authInfo.Name == "tailscale" { return getTailscaleInfo() } - return VPNInfo{}, nil + return nil, nil } // getVPNAuthInfo returns the required authInfo object @@ -142,10 +142,10 @@ func isVPNConfigOK(authInfo vpnCliAuthInfo) error { } // getTailscaleInfo returns the IPs of the interface -func getTailscaleInfo() (VPNInfo, error) { +func getTailscaleInfo() (*Info, error) { output, err := util.ExecCommand("tailscale", []string{"status", "--json"}) if err != nil { - return VPNInfo{}, fmt.Errorf("failed to run tailscale status --json: %v", err) + return nil, fmt.Errorf("failed to run tailscale status --json: %v", err) } logrus.Debugf("Output from tailscale status --json: %v", output) @@ -153,14 +153,14 @@ func getTailscaleInfo() (VPNInfo, error) { var tailscaleOutput TailscaleOutput err = json.Unmarshal([]byte(output), &tailscaleOutput) if err != nil { - return VPNInfo{}, fmt.Errorf("failed to unmarshal tailscale output: %v", err) + return nil, fmt.Errorf("failed to unmarshal tailscale output: %v", err) } // Errors are ignored because the interface might not have ipv4 or ipv6 addresses (that's the only possible error) ipv4Address, _ := util.GetFirst4String(tailscaleOutput.TailscaleIPs) ipv6Address, _ := util.GetFirst6String(tailscaleOutput.TailscaleIPs) - return VPNInfo{BackendState: tailscaleOutput.BackendState, IPv4Address: net.ParseIP(ipv4Address), IPv6Address: net.ParseIP(ipv6Address), NodeID: "", ProviderName: "tailscale", VPNInterface: tailscaleIf}, nil + return &Info{BackendState: tailscaleOutput.BackendState, IPv4Address: net.ParseIP(ipv4Address), IPv6Address: net.ParseIP(ipv6Address), NodeID: "", ProviderName: "tailscale", Interface: tailscaleIf}, nil } // get Tailscale advertised route list From 90faec708620ac5db126f8a4748f6530c2fb05ec Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Mon, 15 Dec 2025 23:28:18 +0000 Subject: [PATCH 18/48] lint: if-return Signed-off-by: Brad Davidson (cherry picked from commit d8af4f162a37e376a48fd4d20801056464fb247d) Signed-off-by: Brad Davidson --- pkg/agent/containerd/runtimes_test.go | 6 +----- pkg/cli/agent/agent.go | 6 +----- pkg/cli/server/server.go | 6 +----- pkg/cluster/storage.go | 6 +----- 4 files changed, 4 insertions(+), 20 deletions(-) diff --git a/pkg/agent/containerd/runtimes_test.go b/pkg/agent/containerd/runtimes_test.go index 8f5310384b42..08dc026293cc 100644 --- a/pkg/agent/containerd/runtimes_test.go +++ b/pkg/agent/containerd/runtimes_test.go @@ -129,9 +129,5 @@ func createExec(path string) error { return err } - if err := os.Chmod(path, 0755); err != nil { - return err - } - - return nil + return os.Chmod(path, 0755) } diff --git a/pkg/cli/agent/agent.go b/pkg/cli/agent/agent.go index d88a82d041e0..83d3aa0c0857 100644 --- a/pkg/cli/agent/agent.go +++ b/pkg/cli/agent/agent.go @@ -145,9 +145,5 @@ func Run(clx *cli.Context) (rerr error) { return https.Start(ctx, nodeConfig, nil) } - if err := agent.Run(ctx, wg, cfg); err != nil { - return err - } - - return nil + return agent.Run(ctx, wg, cfg) } diff --git a/pkg/cli/server/server.go b/pkg/cli/server/server.go index e53f7d236c24..edb3de0f8d94 100644 --- a/pkg/cli/server/server.go +++ b/pkg/cli/server/server.go @@ -626,11 +626,7 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont systemd.SdNotify(true, "READY=1\n") }() - if err := server.StartServer(ctx, wg, &serverConfig, cfg); err != nil { - return err - } - - return nil + return server.StartServer(ctx, wg, &serverConfig, cfg) } // validateNetworkConfig ensures that the network configuration values make sense. diff --git a/pkg/cluster/storage.go b/pkg/cluster/storage.go index ed71bb23414e..0dcebe72d722 100644 --- a/pkg/cluster/storage.go +++ b/pkg/cluster/storage.go @@ -54,11 +54,7 @@ func RotateBootstrapToken(ctx context.Context, config *config.Control, oldToken return err } // reuse the existing migration function to reencrypt bootstrap data with new token - if err := migrateTokens(ctx, bootstrapList, storageClient, "", tokenKey, normalizedToken, normalizedOldToken); err != nil { - return err - } - - return nil + return migrateTokens(ctx, bootstrapList, storageClient, "", tokenKey, normalizedToken, normalizedOldToken) } // Save writes the current ControlRuntimeBootstrap data to the datastore. This contains a complete From 944cf6419c7e56cca13836ff0a44a36cd540ca3c Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Mon, 15 Dec 2025 23:31:20 +0000 Subject: [PATCH 19/48] lint: import-alias-naming Signed-off-by: Brad Davidson (cherry picked from commit 4d1ad3d595a8ae8cdc770727756f2e258d24c4ac) Signed-off-by: Brad Davidson --- pkg/agent/loadbalancer/httpproxy.go | 4 ++-- pkg/deploy/controller.go | 6 +++--- pkg/rootlessports/controller.go | 8 ++++---- pkg/rootlessports/controller_windows.go | 4 ++-- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/pkg/agent/loadbalancer/httpproxy.go b/pkg/agent/loadbalancer/httpproxy.go index 991db1d56c3f..685060a1c03d 100644 --- a/pkg/agent/loadbalancer/httpproxy.go +++ b/pkg/agent/loadbalancer/httpproxy.go @@ -9,7 +9,7 @@ import ( "time" "github.com/k3s-io/k3s/pkg/version" - http_dialer "github.com/mwitkow/go-http-dialer" + httpdialer "github.com/mwitkow/go-http-dialer" pkgerrors "github.com/pkg/errors" "github.com/sirupsen/logrus" "golang.org/x/net/http/httpproxy" @@ -60,7 +60,7 @@ func SetHTTPProxy(address string) error { func proxyDialer(proxyURL *url.URL, forward proxy.Dialer) (proxy.Dialer, error) { if proxyURL.Scheme == "http" || proxyURL.Scheme == "https" { // Create a new HTTP proxy dialer - httpProxyDialer := http_dialer.New(proxyURL, http_dialer.WithConnectionTimeout(10*time.Second), http_dialer.WithDialer(forward.(*net.Dialer))) + httpProxyDialer := httpdialer.New(proxyURL, httpdialer.WithConnectionTimeout(10*time.Second), httpdialer.WithDialer(forward.(*net.Dialer))) return httpProxyDialer, nil } else if proxyURL.Scheme == "socks5" { // For SOCKS5 proxies, use the proxy package's FromURL diff --git a/pkg/deploy/controller.go b/pkg/deploy/controller.go index b99da9930691..e1456c6aeb27 100644 --- a/pkg/deploy/controller.go +++ b/pkg/deploy/controller.go @@ -31,7 +31,7 @@ import ( "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" - yamlDecoder "k8s.io/apimachinery/pkg/util/yaml" + "k8s.io/apimachinery/pkg/util/yaml" "k8s.io/client-go/discovery" "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/record" @@ -419,7 +419,7 @@ func isEmptyYaml(yaml []byte) bool { // yamlToObjects returns an object slice yielded from documents in a chunk of YAML func yamlToObjects(in io.Reader) ([]runtime.Object, error) { var result []runtime.Object - reader := yamlDecoder.NewYAMLReader(bufio.NewReaderSize(in, 4096)) + reader := yaml.NewYAMLReader(bufio.NewReaderSize(in, 4096)) for { raw, err := reader.Read() if err == io.EOF { @@ -444,7 +444,7 @@ func yamlToObjects(in io.Reader) ([]runtime.Object, error) { // Returns one or more objects from a single YAML document func toObjects(bytes []byte) ([]runtime.Object, error) { - bytes, err := yamlDecoder.ToJSON(bytes) + bytes, err := yaml.ToJSON(bytes) if err != nil { return nil, err } diff --git a/pkg/rootlessports/controller.go b/pkg/rootlessports/controller.go index 821799e2f808..b4638c669d2f 100644 --- a/pkg/rootlessports/controller.go +++ b/pkg/rootlessports/controller.go @@ -7,7 +7,7 @@ import ( "time" "github.com/k3s-io/k3s/pkg/rootless" - coreClients "github.com/rancher/wrangler/v3/pkg/generated/controllers/core/v1" + corev1 "github.com/rancher/wrangler/v3/pkg/generated/controllers/core/v1" "github.com/rootless-containers/rootlesskit/pkg/api/client" "github.com/rootless-containers/rootlesskit/pkg/port" "github.com/sirupsen/logrus" @@ -19,7 +19,7 @@ var ( all = "_all_" ) -func Register(ctx context.Context, serviceController coreClients.ServiceController, enabled bool, httpsPort int) error { +func Register(ctx context.Context, serviceController corev1.ServiceController, enabled bool, httpsPort int) error { var ( err error rootlessClient client.Client @@ -59,8 +59,8 @@ func Register(ctx context.Context, serviceController coreClients.ServiceControll type handler struct { enabled bool rootlessClient client.Client - serviceClient coreClients.ServiceController - serviceCache coreClients.ServiceCache + serviceClient corev1.ServiceController + serviceCache corev1.ServiceCache httpsPort int ctx context.Context } diff --git a/pkg/rootlessports/controller_windows.go b/pkg/rootlessports/controller_windows.go index 0a5126923341..3e179696352e 100644 --- a/pkg/rootlessports/controller_windows.go +++ b/pkg/rootlessports/controller_windows.go @@ -3,9 +3,9 @@ package rootlessports import ( "context" - coreClients "github.com/rancher/wrangler/v3/pkg/generated/controllers/core/v1" + corev1 "github.com/rancher/wrangler/v3/pkg/generated/controllers/core/v1" ) -func Register(ctx context.Context, serviceController coreClients.ServiceController, enabled bool, httpsPort int) error { +func Register(ctx context.Context, serviceController corev1.ServiceController, enabled bool, httpsPort int) error { panic("Rootless is not supported on windows") } From 1bcdd78826d81b7f15ecf187a8c9c1ccdb027237 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Mon, 15 Dec 2025 23:35:38 +0000 Subject: [PATCH 20/48] lint: indent-error-flow Signed-off-by: Brad Davidson (cherry picked from commit 26b4f21479f9731562b8660ce0f202312f37782f) Signed-off-by: Brad Davidson --- pkg/agent/config/config.go | 3 +-- pkg/agent/flannel/flannel.go | 6 ++---- pkg/agent/run.go | 3 +-- pkg/cluster/bootstrap.go | 36 +++++++++++++++++------------------ pkg/daemons/agent/agent.go | 6 +++--- pkg/daemons/control/server.go | 6 +++--- pkg/etcd/etcd.go | 9 ++++----- pkg/nodepassword/validate.go | 5 ++--- 8 files changed, 34 insertions(+), 40 deletions(-) diff --git a/pkg/agent/config/config.go b/pkg/agent/config/config.go index c65ddfddc004..75d9d225cd62 100644 --- a/pkg/agent/config/config.go +++ b/pkg/agent/config/config.go @@ -392,9 +392,8 @@ func isValidResolvConf(resolvConfFile string) bool { if len(ipMatch) == 2 { if !isValidNameserver(ipMatch[1]) { return false - } else { - foundNameserver = true } + foundNameserver = true } } if err := scanner.Err(); err != nil { diff --git a/pkg/agent/flannel/flannel.go b/pkg/agent/flannel/flannel.go index e72ca8b3def8..63263b869f56 100644 --- a/pkg/agent/flannel/flannel.go +++ b/pkg/agent/flannel/flannel.go @@ -231,9 +231,8 @@ func ReadCIDRFromSubnetFile(path string, CIDRKey string) ip.IP4Net { } else if len(prevCIDRs) > 1 { logrus.Errorf("error reading subnet: more than 1 entry found for key: %s in file %s: ", CIDRKey, path) return ip.IP4Net{IP: 0, PrefixLen: 0} - } else { - return prevCIDRs[0] } + return prevCIDRs[0] } func ReadCIDRsFromSubnetFile(path string, CIDRKey string) []ip.IP4Net { @@ -266,9 +265,8 @@ func ReadIP6CIDRFromSubnetFile(path string, CIDRKey string) ip.IP6Net { } else if len(prevCIDRs) > 1 { logrus.Errorf("error reading subnet: more than 1 entry found for key: %s in file %s: ", CIDRKey, path) return ip.IP6Net{IP: (*ip.IP6)(big.NewInt(0)), PrefixLen: 0} - } else { - return prevCIDRs[0] } + return prevCIDRs[0] } func ReadIP6CIDRsFromSubnetFile(path string, CIDRKey string) []ip.IP6Net { diff --git a/pkg/agent/run.go b/pkg/agent/run.go index 25a122402752..ef691c2e3e09 100644 --- a/pkg/agent/run.go +++ b/pkg/agent/run.go @@ -180,9 +180,8 @@ func startCRI(ctx context.Context, nodeConfig *daemonconfig.Node) error { return err } return executor.Containerd(ctx, nodeConfig) - } else { - return executor.CRI(ctx, nodeConfig) } + return executor.CRI(ctx, nodeConfig) } // startNetwork updates the network annotations on the node and starts the CNI diff --git a/pkg/cluster/bootstrap.go b/pkg/cluster/bootstrap.go index b20837fd3dfb..2dc76e76e4ea 100644 --- a/pkg/cluster/bootstrap.go +++ b/pkg/cluster/bootstrap.go @@ -114,26 +114,26 @@ func (c *Cluster) shouldBootstrapLoad(ctx context.Context) (bool, bool, error) { // Not initialized, not joining - must be initializing (cluster-init) logrus.Infof("Managed %s cluster initializing", c.managedDB.EndpointName()) return false, false, nil - } else { - // Not initialized, but have a Join URL - fail if there's no token; if there is then validate it. - // Note that this is the path taken by control-plane-only nodes every startup, as they have a non-nil managedDB that is never initialized. - if c.config.Token == "" { - return false, false, errors.New("token is required to join a cluster") - } + } - // Fail if the token isn't syntactically valid, or if the CA hash on the remote server doesn't match - // the hash in the token. The password isn't actually checked until later when actually bootstrapping. - info, err := clientaccess.ParseAndValidateToken(c.config.JoinURL, c.config.Token, opts...) - if err != nil { - return false, false, pkgerrors.WithMessage(err, "failed to validate token") - } - c.clientAccessInfo = info + // Not initialized, but have a Join URL - fail if there's no token; if there is then validate it. + // Note that this is the path taken by control-plane-only nodes every startup, as they have a non-nil managedDB that is never initialized. + if c.config.Token == "" { + return false, false, errors.New("token is required to join a cluster") + } - if c.config.DisableETCD { - logrus.Infof("Managed %s disabled on this node", c.managedDB.EndpointName()) - } else { - logrus.Infof("Managed %s cluster not yet initialized", c.managedDB.EndpointName()) - } + // Fail if the token isn't syntactically valid, or if the CA hash on the remote server doesn't match + // the hash in the token. The password isn't actually checked until later when actually bootstrapping. + info, err := clientaccess.ParseAndValidateToken(c.config.JoinURL, c.config.Token, opts...) + if err != nil { + return false, false, pkgerrors.WithMessage(err, "failed to validate token") + } + c.clientAccessInfo = info + + if c.config.DisableETCD { + logrus.Infof("Managed %s disabled on this node", c.managedDB.EndpointName()) + } else { + logrus.Infof("Managed %s cluster not yet initialized", c.managedDB.EndpointName()) } } diff --git a/pkg/daemons/agent/agent.go b/pkg/daemons/agent/agent.go index c29b762ce002..88aed28f2112 100644 --- a/pkg/daemons/agent/agent.go +++ b/pkg/daemons/agent/agent.go @@ -251,12 +251,12 @@ func defaultKubeletConfig(cfg *daemonconfig.Agent) (*kubeletconfig.KubeletConfig return nil, pkgerrors.WithMessagef(err, "failed to create static pod manifest dir %s", defaultConfig.StaticPodPath) } - if t, _, err := taints.ParseTaints(cfg.NodeTaints); err != nil { + t, _, err := taints.ParseTaints(cfg.NodeTaints) + if err != nil { return nil, pkgerrors.WithMessage(err, "failed to parse node taints") - } else { - defaultConfig.RegisterWithTaints = t } + defaultConfig.RegisterWithTaints = t logsv1.VModuleConfigurationPflag(&defaultConfig.Logging.VModule).Set(cfg.VModule) return defaultConfig, nil diff --git a/pkg/daemons/control/server.go b/pkg/daemons/control/server.go index 22f529a93390..41a482069175 100644 --- a/pkg/daemons/control/server.go +++ b/pkg/daemons/control/server.go @@ -311,12 +311,12 @@ func prepare(ctx context.Context, wg *sync.WaitGroup, config *config.Control) er return err } - if dataDir, err := filepath.Abs(config.DataDir); err != nil { + dataDir, err := filepath.Abs(config.DataDir) + if err != nil { return err - } else { - config.DataDir = dataDir } + config.DataDir = dataDir os.MkdirAll(filepath.Join(config.DataDir, "etc"), 0700) os.MkdirAll(filepath.Join(config.DataDir, "tls"), 0700) os.MkdirAll(filepath.Join(config.DataDir, "cred"), 0700) diff --git a/pkg/etcd/etcd.go b/pkg/etcd/etcd.go index 848746992af4..dd96c975fbd3 100644 --- a/pkg/etcd/etcd.go +++ b/pkg/etcd/etcd.go @@ -336,13 +336,13 @@ func (e *ETCD) IsInitialized() (bool, error) { } dir := walDir(e.config) - if s, err := os.Stat(dir); err == nil && s.IsDir() { + s, err := os.Stat(dir) + if err == nil && s.IsDir() { return true, nil } else if os.IsNotExist(err) { return false, nil - } else { - return false, pkgerrors.WithMessage(err, "invalid state for wal directory "+dir) } + return false, pkgerrors.WithMessage(err, "invalid state for wal directory "+dir) } // Reset resets an etcd node to a single node cluster. @@ -421,9 +421,8 @@ func (e *ETCD) Reset(ctx context.Context, wg *sync.WaitGroup, rebootstrap func() if err != nil { if errors.Is(err, s3.ErrNoConfigSecret) { return errors.New("cannot use S3 config secret when restoring snapshot; configuration must be set in CLI or config file") - } else { - return pkgerrors.WithMessage(err, "failed to initialize S3 client") } + return pkgerrors.WithMessage(err, "failed to initialize S3 client") } dir, err := snapshotDir(e.config, true) if err != nil { diff --git a/pkg/nodepassword/validate.go b/pkg/nodepassword/validate.go index ab7102eeaa01..598822448729 100644 --- a/pkg/nodepassword/validate.go +++ b/pkg/nodepassword/validate.go @@ -67,10 +67,9 @@ func GetNodeAuthValidator(ctx context.Context, control *config.Control) NodeAuth // If we're running on an etcd-only node, and the request didn't use Node Identity auth, // defer node password verification until an apiserver joins the cluster. return verifyRemotePassword(ctx, control, &mu, deferredNodes, node) - } else { - // Otherwise, reject the request until the controller is ready. - return "", http.StatusServiceUnavailable, util.ErrCoreNotReady } + // Otherwise, reject the request until the controller is ready. + return "", http.StatusServiceUnavailable, util.ErrCoreNotReady } // verify that the node exists, if using Node Identity auth From 699d9b7073d3de92bd86867a2e3b5948c96bbea2 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Mon, 15 Dec 2025 23:43:57 +0000 Subject: [PATCH 21/48] lint: redefines-builtin-id Signed-off-by: Brad Davidson (cherry picked from commit 291086171ba9810f16e30595622bb401bd1d326e) Signed-off-by: Brad Davidson --- pkg/agent/run.go | 4 ++-- pkg/cli/cmds/etcd_snapshot.go | 10 +++++----- pkg/cli/cmds/token.go | 12 ++++++------ pkg/cli/etcdsnapshot/etcd_snapshot.go | 4 ++-- pkg/cli/token/token.go | 4 ++-- pkg/deploy/controller.go | 4 ++-- pkg/util/args.go | 6 +++--- 7 files changed, 22 insertions(+), 22 deletions(-) diff --git a/pkg/agent/run.go b/pkg/agent/run.go index ef691c2e3e09..39290301db6b 100644 --- a/pkg/agent/run.go +++ b/pkg/agent/run.go @@ -225,11 +225,11 @@ func getConntrackConfig(nodeConfig *daemonconfig.Node) (*kubeproxyconfig.KubePro return nil, err } ctConfig.MaxPerCore = &maxPerCore - min, err := cmd.Flags().GetInt32("conntrack-min") + ctMin, err := cmd.Flags().GetInt32("conntrack-min") if err != nil { return nil, err } - ctConfig.Min = &min + ctConfig.Min = &ctMin establishedTimeout, err := cmd.Flags().GetDuration("conntrack-tcp-timeout-established") if err != nil { return nil, err diff --git a/pkg/cli/cmds/etcd_snapshot.go b/pkg/cli/cmds/etcd_snapshot.go index bd9176e19db7..57a4b4aa6786 100644 --- a/pkg/cli/cmds/etcd_snapshot.go +++ b/pkg/cli/cmds/etcd_snapshot.go @@ -164,7 +164,7 @@ var EtcdSnapshotFlags = []cli.Flag{ }, } -func NewEtcdSnapshotCommands(delete, list, prune, save func(ctx *cli.Context) error) *cli.Command { +func NewEtcdSnapshotCommands(deleteFunc, listFunc, pruneFunc, saveFunc func(ctx *cli.Context) error) *cli.Command { return &cli.Command{ Name: EtcdSnapshotCommand, Usage: "Manage etcd snapshots", @@ -174,14 +174,14 @@ func NewEtcdSnapshotCommands(delete, list, prune, save func(ctx *cli.Context) er Name: "save", Usage: "Trigger an immediate etcd snapshot", SkipFlagParsing: false, - Action: save, + Action: saveFunc, Flags: EtcdSnapshotFlags, }, { Name: "delete", Usage: "Delete given snapshot(s)", SkipFlagParsing: false, - Action: delete, + Action: deleteFunc, Flags: EtcdSnapshotFlags, }, { @@ -189,7 +189,7 @@ func NewEtcdSnapshotCommands(delete, list, prune, save func(ctx *cli.Context) er Aliases: []string{"list", "l"}, Usage: "List snapshots", SkipFlagParsing: false, - Action: list, + Action: listFunc, Flags: append(EtcdSnapshotFlags, &cli.StringFlag{ Name: "output", Aliases: []string{"o"}, @@ -201,7 +201,7 @@ func NewEtcdSnapshotCommands(delete, list, prune, save func(ctx *cli.Context) er Name: "prune", Usage: "Remove snapshots that match the name prefix that exceed the configured retention count", SkipFlagParsing: false, - Action: prune, + Action: pruneFunc, Flags: EtcdSnapshotFlags, }, }, diff --git a/pkg/cli/cmds/token.go b/pkg/cli/cmds/token.go index a0ace8e6338a..6b57257c21d6 100644 --- a/pkg/cli/cmds/token.go +++ b/pkg/cli/cmds/token.go @@ -35,7 +35,7 @@ var ( } ) -func NewTokenCommands(create, delete, generate, list, rotate func(ctx *cli.Context) error) *cli.Command { +func NewTokenCommands(createFunc, deleteFunc, generateFunc, listFunc, rotateFunc func(ctx *cli.Context) error) *cli.Command { return &cli.Command{ Name: TokenCommand, Usage: "Manage tokens", @@ -63,21 +63,21 @@ func NewTokenCommands(create, delete, generate, list, rotate func(ctx *cli.Conte Destination: &TokenConfig.Usages, }), SkipFlagParsing: false, - Action: create, + Action: createFunc, }, { Name: "delete", Usage: "Delete bootstrap tokens on the server", Flags: TokenFlags, SkipFlagParsing: false, - Action: delete, + Action: deleteFunc, }, { Name: "generate", Usage: "Generate and print a bootstrap token, but do not create it on the server", Flags: TokenFlags, SkipFlagParsing: false, - Action: generate, + Action: generateFunc, }, { Name: "list", @@ -89,7 +89,7 @@ func NewTokenCommands(create, delete, generate, list, rotate func(ctx *cli.Conte Destination: &TokenConfig.Output, }), SkipFlagParsing: false, - Action: list, + Action: listFunc, }, { Name: "rotate", @@ -116,7 +116,7 @@ func NewTokenCommands(create, delete, generate, list, rotate func(ctx *cli.Conte Destination: &TokenConfig.NewToken, }), SkipFlagParsing: false, - Action: rotate, + Action: rotateFunc, }, }, } diff --git a/pkg/cli/etcdsnapshot/etcd_snapshot.go b/pkg/cli/etcdsnapshot/etcd_snapshot.go index 1f20a06f23d8..2bcca5923674 100644 --- a/pkg/cli/etcdsnapshot/etcd_snapshot.go +++ b/pkg/cli/etcdsnapshot/etcd_snapshot.go @@ -147,10 +147,10 @@ func Delete(app *cli.Context) error { if err := cmds.InitLogging(); err != nil { return err } - return delete(app, &cmds.ServerConfig) + return deleteSnapshot(app, &cmds.ServerConfig) } -func delete(app *cli.Context, cfg *cmds.Server) error { +func deleteSnapshot(app *cli.Context, cfg *cmds.Server) error { snapshots := app.Args() if snapshots.Len() == 0 { return errors.New("no snapshots given for removal") diff --git a/pkg/cli/token/token.go b/pkg/cli/token/token.go index 8957a93a928d..4be197b537b3 100644 --- a/pkg/cli/token/token.go +++ b/pkg/cli/token/token.go @@ -97,10 +97,10 @@ func Delete(app *cli.Context) error { if err := cmds.InitLogging(); err != nil { return err } - return delete(app, &cmds.TokenConfig) + return deleteToken(app, &cmds.TokenConfig) } -func delete(app *cli.Context, cfg *cmds.Token) error { +func deleteToken(app *cli.Context, cfg *cmds.Token) error { args := app.Args() if args.Len() < 1 { return errors.New("missing argument; 'token delete' is missing token") diff --git a/pkg/deploy/controller.go b/pkg/deploy/controller.go index e1456c6aeb27..6dcbd4cce323 100644 --- a/pkg/deploy/controller.go +++ b/pkg/deploy/controller.go @@ -457,8 +457,8 @@ func toObjects(bytes []byte) ([]runtime.Object, error) { if l, ok := obj.(*unstructured.UnstructuredList); ok { var result []runtime.Object for _, obj := range l.Items { - copy := obj - result = append(result, ©) + newObj := obj + result = append(result, &newObj) } return result, nil } diff --git a/pkg/util/args.go b/pkg/util/args.go index 712de9149fa3..b39de6fd1755 100644 --- a/pkg/util/args.go +++ b/pkg/util/args.go @@ -95,9 +95,9 @@ func GetArgs(initialArgs map[string]string, extraArgs []string) []string { } // AddFeatureGate correctly appends a feature gate key pair to the feature gates CLI switch. -func AddFeatureGate(current, new string) string { +func AddFeatureGate(current, toAdd string) string { if current == "" { - return new + return toAdd } - return current + "," + new + return current + "," + toAdd } From 4f914d3a36bfae889117a5250ed2d664bad0807a Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Mon, 15 Dec 2025 23:45:16 +0000 Subject: [PATCH 22/48] lint: struct-tag Signed-off-by: Brad Davidson (cherry picked from commit e416f10e3a692c0057ec45a972476356aaadf259) Signed-off-by: Brad Davidson --- pkg/daemons/executor/executor.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/daemons/executor/executor.go b/pkg/daemons/executor/executor.go index 7e32efec3d8f..7b95dbf1b2cf 100644 --- a/pkg/daemons/executor/executor.go +++ b/pkg/daemons/executor/executor.go @@ -54,6 +54,7 @@ type ETCDSocketOpts struct { ReusePort bool `json:"reuse-port,omitempty"` } +//revive:disable:struct-tag type ETCDConfig struct { InitialOptions `json:",inline"` Name string `json:"name,omitempty"` From 8eb1b8ef3d3d84c895437c69882b09975ca3e87b Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Mon, 15 Dec 2025 23:47:53 +0000 Subject: [PATCH 23/48] lint: superfluous-else Signed-off-by: Brad Davidson (cherry picked from commit 83feb3c31d274f10ebc7d1edb57be23bb242dbf5) Signed-off-by: Brad Davidson --- pkg/agent/containerd/config.go | 16 ++++++++-------- pkg/rootlessports/controller.go | 6 +++--- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/pkg/agent/containerd/config.go b/pkg/agent/containerd/config.go index b139c4aa725b..077e60b195ba 100644 --- a/pkg/agent/containerd/config.go +++ b/pkg/agent/containerd/config.go @@ -162,17 +162,17 @@ func getHostConfigs(registry *registries.Registry, noDefaultEndpoint bool, mirro // create the default config, if it wasn't explicitly mentioned in the config section config, ok := hosts[host] if !ok { - if c, err := defaultHostConfig(host, mirrorAddr, configForHost(registry.Configs, host)); err != nil { + c, err := defaultHostConfig(host, mirrorAddr, configForHost(registry.Configs, host)) + if err != nil { logrus.Errorf("Failed to generate config for registry %s: %v", host, err) continue - } else { - if noDefaultEndpoint { - c.Default = nil - } else if host == "*" { - c.Default = &templates.RegistryEndpoint{URL: &url.URL{}} - } - config = *c } + if noDefaultEndpoint { + c.Default = nil + } else if host == "*" { + c.Default = &templates.RegistryEndpoint{URL: &url.URL{}} + } + config = *c } // track which endpoints we've already seen to avoid creating duplicates diff --git a/pkg/rootlessports/controller.go b/pkg/rootlessports/controller.go index b4638c669d2f..fb37f455e86a 100644 --- a/pkg/rootlessports/controller.go +++ b/pkg/rootlessports/controller.go @@ -33,11 +33,11 @@ func Register(ctx context.Context, serviceController corev1.ServiceController, e rootlessClient, err = client.New(rootless.Sock) if err == nil { break - } else { - logrus.Infof("Waiting for rootless API socket %s: %v", rootless.Sock, err) - time.Sleep(1 * time.Second) } + logrus.Infof("Waiting for rootless API socket %s: %v", rootless.Sock, err) + time.Sleep(1 * time.Second) } + if err != nil { return err } From b06802f677b62cd078a9852389667aa1821cce66 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Tue, 16 Dec 2025 00:11:04 +0000 Subject: [PATCH 24/48] lint: unchecked-type-assertion Adds a generic wrapper around lru.Cache Signed-off-by: Brad Davidson (cherry picked from commit 62d2737faa6cc3a2ddc6364765a3dd6562818fc0) Signed-off-by: Brad Davidson --- pkg/etcd/s3/s3.go | 7 ++--- pkg/etcd/s3/s3_test.go | 38 +++++++++++------------ pkg/server/handlers/handlers.go | 14 +++++++-- pkg/util/logger/logger.go | 5 ++- pkg/util/lru.go | 54 +++++++++++++++++++++++++++++++++ 5 files changed, 92 insertions(+), 26 deletions(-) create mode 100644 pkg/util/lru.go diff --git a/pkg/etcd/s3/s3.go b/pkg/etcd/s3/s3.go index f1aa7aa1cbe3..94a174a5934e 100644 --- a/pkg/etcd/s3/s3.go +++ b/pkg/etcd/s3/s3.go @@ -33,7 +33,6 @@ import ( v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/utils/lru" ) var ( @@ -65,7 +64,7 @@ type Controller struct { tokenHash string nodeName string core core.Interface - clientCache *lru.Cache + clientCache *util.Cache[*Client] } // Client holds state for a given configuration - a preconfigured minio client, @@ -83,7 +82,7 @@ type Client struct { func Start(ctx context.Context, config *config.Control) (*Controller, error) { once.Do(func() { c := &Controller{ - clientCache: lru.New(5), + clientCache: util.NewCache[*Client](5), nodeName: os.Getenv("NODE_NAME"), } @@ -161,7 +160,7 @@ func (c *Controller) GetClient(ctx context.Context, etcdS3 *config.EtcdS3) (*Cli // print the endpoint and bucket name to avoid leaking creds into the logs. if client, ok := c.clientCache.Get(*etcdS3); ok { logrus.Infof("Reusing cached S3 client for endpoint=%q bucket=%q folder=%q", scheme+etcdS3.Endpoint, etcdS3.Bucket, etcdS3.Folder) - return client.(*Client), nil + return client, nil } logrus.Infof("Attempting to create new S3 client for endpoint=%q bucket=%q folder=%q", scheme+etcdS3.Endpoint, etcdS3.Bucket, etcdS3.Folder) diff --git a/pkg/etcd/s3/s3_test.go b/pkg/etcd/s3/s3_test.go index b48ba20b01ec..e8714a9b5856 100644 --- a/pkg/etcd/s3/s3_test.go +++ b/pkg/etcd/s3/s3_test.go @@ -17,6 +17,7 @@ import ( "github.com/gorilla/mux" "github.com/k3s-io/k3s/pkg/daemons/config" "github.com/k3s-io/k3s/pkg/etcd/snapshot" + "github.com/k3s-io/k3s/pkg/util" "github.com/k3s-io/k3s/tests/mock" "github.com/rancher/dynamiclistener/cert" "github.com/rancher/wrangler/v3/pkg/generated/controllers/core" @@ -24,7 +25,6 @@ import ( "go.uber.org/mock/gomock" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/utils/lru" ) var gmt = time.FixedZone("GMT", 0) @@ -65,7 +65,7 @@ func Test_UnitControllerGetClient(t *testing.T) { clusterID string tokenHash string nodeName string - clientCache *lru.Cache + clientCache *util.Cache[*Client] } type args struct { ctx context.Context @@ -88,7 +88,7 @@ func Test_UnitControllerGetClient(t *testing.T) { clusterID: "1234", tokenHash: "abcd", nodeName: "server01", - clientCache: lru.New(5), + clientCache: util.NewCache[*Client](5), }, wantErr: true, setup: func(t *testing.T, a args, f fields, c *Client) (core.Interface, error) { @@ -113,7 +113,7 @@ func Test_UnitControllerGetClient(t *testing.T) { clusterID: "1234", tokenHash: "abcd", nodeName: "server01", - clientCache: lru.New(5), + clientCache: util.NewCache[*Client](5), }, wantErr: true, setup: func(t *testing.T, a args, f fields, c *Client) (core.Interface, error) { @@ -139,7 +139,7 @@ func Test_UnitControllerGetClient(t *testing.T) { clusterID: "1234", tokenHash: "abcd", nodeName: "server01", - clientCache: lru.New(5), + clientCache: util.NewCache[*Client](5), }, wantErr: true, setup: func(t *testing.T, a args, f fields, c *Client) (core.Interface, error) { @@ -163,7 +163,7 @@ func Test_UnitControllerGetClient(t *testing.T) { clusterID: "1234", tokenHash: "abcd", nodeName: "server01", - clientCache: lru.New(5), + clientCache: util.NewCache[*Client](5), }, wantErr: true, setup: func(t *testing.T, a args, f fields, c *Client) (core.Interface, error) { @@ -190,7 +190,7 @@ func Test_UnitControllerGetClient(t *testing.T) { clusterID: "1234", tokenHash: "abcd", nodeName: "server01", - clientCache: lru.New(5), + clientCache: util.NewCache[*Client](5), }, setup: func(t *testing.T, a args, f fields, c *Client) (core.Interface, error) { coreMock := mock.NewCore(gomock.NewController(t)) @@ -231,7 +231,7 @@ func Test_UnitControllerGetClient(t *testing.T) { clusterID: "1234", tokenHash: "abcd", nodeName: "server01", - clientCache: lru.New(5), + clientCache: util.NewCache[*Client](5), }, setup: func(t *testing.T, a args, f fields, c *Client) (core.Interface, error) { coreMock := mock.NewCore(gomock.NewController(t)) @@ -287,7 +287,7 @@ func Test_UnitControllerGetClient(t *testing.T) { clusterID: "1234", tokenHash: "abcd", nodeName: "server01", - clientCache: lru.New(5), + clientCache: util.NewCache[*Client](5), }, wantErr: true, setup: func(t *testing.T, a args, f fields, c *Client) (core.Interface, error) { @@ -338,7 +338,7 @@ func Test_UnitControllerGetClient(t *testing.T) { clusterID: "1234", tokenHash: "abcd", nodeName: "server01", - clientCache: lru.New(5), + clientCache: util.NewCache[*Client](5), }, setup: func(t *testing.T, a args, f fields, c *Client) (core.Interface, error) { coreMock := mock.NewCore(gomock.NewController(t)) @@ -364,7 +364,7 @@ func Test_UnitControllerGetClient(t *testing.T) { clusterID: "1234", tokenHash: "abcd", nodeName: "server01", - clientCache: lru.New(5), + clientCache: util.NewCache[*Client](5), }, setup: func(t *testing.T, a args, f fields, c *Client) (core.Interface, error) { coreMock := mock.NewCore(gomock.NewController(t)) @@ -389,7 +389,7 @@ func Test_UnitControllerGetClient(t *testing.T) { clusterID: "1234", tokenHash: "abcd", nodeName: "server01", - clientCache: lru.New(5), + clientCache: util.NewCache[*Client](5), }, setup: func(t *testing.T, a args, f fields, c *Client) (core.Interface, error) { coreMock := mock.NewCore(gomock.NewController(t)) @@ -412,7 +412,7 @@ func Test_UnitControllerGetClient(t *testing.T) { clusterID: "1234", tokenHash: "abcd", nodeName: "server01", - clientCache: lru.New(5), + clientCache: util.NewCache[*Client](5), }, want: &Client{}, setup: func(t *testing.T, a args, f fields, c *Client) (core.Interface, error) { @@ -465,7 +465,7 @@ func Test_UnitControllerGetClient(t *testing.T) { clusterID: "1234", tokenHash: "abcd", nodeName: "server01", - clientCache: lru.New(5), + clientCache: util.NewCache[*Client](5), }, want: &Client{}, setup: func(t *testing.T, a args, f fields, c *Client) (core.Interface, error) { @@ -495,7 +495,7 @@ func Test_UnitControllerGetClient(t *testing.T) { clusterID: "1234", tokenHash: "abcd", nodeName: "server01", - clientCache: lru.New(5), + clientCache: util.NewCache[*Client](5), }, setup: func(t *testing.T, a args, f fields, c *Client) (core.Interface, error) { coreMock := mock.NewCore(gomock.NewController(t)) @@ -522,7 +522,7 @@ func Test_UnitControllerGetClient(t *testing.T) { clusterID: "1234", tokenHash: "abcd", nodeName: "server01", - clientCache: lru.New(5), + clientCache: util.NewCache[*Client](5), }, wantErr: true, setup: func(t *testing.T, a args, f fields, c *Client) (core.Interface, error) { @@ -550,7 +550,7 @@ func Test_UnitControllerGetClient(t *testing.T) { clusterID: "1234", tokenHash: "abcd", nodeName: "server01", - clientCache: lru.New(5), + clientCache: util.NewCache[*Client](5), }, wantErr: true, setup: func(t *testing.T, a args, f fields, c *Client) (core.Interface, error) { @@ -577,7 +577,7 @@ func Test_UnitControllerGetClient(t *testing.T) { clusterID: "1234", tokenHash: "abcd", nodeName: "server01", - clientCache: lru.New(5), + clientCache: util.NewCache[*Client](5), }, setup: func(t *testing.T, a args, f fields, c *Client) (core.Interface, error) { coreMock := mock.NewCore(gomock.NewController(t)) @@ -603,7 +603,7 @@ func Test_UnitControllerGetClient(t *testing.T) { clusterID: "1234", tokenHash: "abcd", nodeName: "server01", - clientCache: lru.New(5), + clientCache: util.NewCache[*Client](5), }, wantErr: true, setup: func(t *testing.T, a args, f fields, c *Client) (core.Interface, error) { diff --git a/pkg/server/handlers/handlers.go b/pkg/server/handlers/handlers.go index 4c2650699a8c..ca2371e1def9 100644 --- a/pkg/server/handlers/handlers.go +++ b/pkg/server/handlers/handlers.go @@ -257,7 +257,12 @@ func signAndSend(resp http.ResponseWriter, req *http.Request, caCertFile, caKeyF util.SendError(err, resp, req) return } - key = pk.(crypto.Signer) + k, ok := pk.(crypto.Signer) + if !ok { + util.SendError(errors.New("type assertion failed"), resp, req) + return + } + key = k } // create the signed cert using dynamiclistener cert utils @@ -298,7 +303,12 @@ func getCACertAndKey(caCertFile, caKeyFile string) ([]*x509.Certificate, crypto. return nil, nil, err } - return caCert, caKey.(crypto.Signer), nil + k, ok := caKey.(crypto.Signer) + if !ok { + return nil, nil, errors.New("type assertion failed") + } + + return caCert, k, nil } // getCSR decodes a x509.CertificateRequest from a POST request body. diff --git a/pkg/util/logger/logger.go b/pkg/util/logger/logger.go index cc60dbb7c4c1..a23e824fe744 100644 --- a/pkg/util/logger/logger.go +++ b/pkg/util/logger/logger.go @@ -28,7 +28,10 @@ func mapLevel(level int) logrus.Level { func mapKV(kvs []any) logrus.Fields { fields := logrus.Fields{} for i := 0; i < len(kvs); i += 2 { - k := kvs[i].(string) + k, ok := kvs[i].(string) + if !ok { + k = fmt.Sprint(kvs[i]) + } if len(kvs) > i+1 { fields[k] = kvs[i+1] } else { diff --git a/pkg/util/lru.go b/pkg/util/lru.go new file mode 100644 index 000000000000..c81e022a8780 --- /dev/null +++ b/pkg/util/lru.go @@ -0,0 +1,54 @@ +package util + +import "k8s.io/utils/lru" + +// Cache is a generic wrapper around lru.Cache that handles type assertions when +// retrieving cached entries. +type Cache[T any] struct { + cache *lru.Cache +} + +func NewCache[T any](size int) *Cache[T] { + return &Cache[T]{ + cache: lru.New(size), + } +} + +func NewCacheWithEvictionFunc[T any](size int, f lru.EvictionFunc) *Cache[T] { + return &Cache[T]{ + cache: lru.NewWithEvictionFunc(size, f), + } +} + +func (c *Cache[T]) Add(key lru.Key, value T) { + c.cache.Add(key, value) +} + +func (c *Cache[T]) Clear() { + c.cache.Clear() +} + +func (c *Cache[T]) Get(key lru.Key) (value T, ok bool) { + v, ok := c.cache.Get(key) + if !ok { + return value, ok + } + value, ok = v.(T) + return value, ok +} + +func (c *Cache[T]) Len() int { + return c.cache.Len() +} + +func (c *Cache[T]) Remove(key lru.Key) { + c.cache.Remove(key) +} + +func (c *Cache[T]) RemoveOldest() { + c.cache.RemoveOldest() +} + +func (c *Cache[T]) SetEvictionFunc(f lru.EvictionFunc) { + c.cache.SetEvictionFunc(f) +} From 9e8641ccfa8a99eb4c2483c5568467298fea4f0d Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Tue, 16 Dec 2025 00:16:34 +0000 Subject: [PATCH 25/48] lint: unexported-naming Signed-off-by: Brad Davidson (cherry picked from commit 46c7ade9e9d50b41522e77b481aacd76315ab09d) Signed-off-by: Brad Davidson --- pkg/agent/flannel/flannel.go | 36 ++++++++++++++++---------------- pkg/cli/cert/cert.go | 4 ++-- pkg/daemons/control/deps/deps.go | 10 ++++----- pkg/util/net.go | 18 +++++----------- 4 files changed, 30 insertions(+), 38 deletions(-) diff --git a/pkg/agent/flannel/flannel.go b/pkg/agent/flannel/flannel.go index 63263b869f56..c9cda4834209 100644 --- a/pkg/agent/flannel/flannel.go +++ b/pkg/agent/flannel/flannel.go @@ -222,32 +222,32 @@ func WriteSubnetFile(path string, nw ip.IP4Net, nwv6 ip.IP6Net, ipMasq bool, bn // TODO - is this safe? What if it's not on the same FS? } -// ReadCIDRFromSubnetFile reads the flannel subnet file and extracts the value of IPv4 network CIDRKey -func ReadCIDRFromSubnetFile(path string, CIDRKey string) ip.IP4Net { - prevCIDRs := ReadCIDRsFromSubnetFile(path, CIDRKey) +// ReadCIDRFromSubnetFile reads the flannel subnet file and extracts the value of IPv4 network key +func ReadCIDRFromSubnetFile(path string, key string) ip.IP4Net { + prevCIDRs := ReadCIDRsFromSubnetFile(path, key) if len(prevCIDRs) == 0 { - logrus.Warningf("no subnet found for key: %s in file: %s", CIDRKey, path) + logrus.Warningf("no subnet found for key: %s in file: %s", key, path) return ip.IP4Net{IP: 0, PrefixLen: 0} } else if len(prevCIDRs) > 1 { - logrus.Errorf("error reading subnet: more than 1 entry found for key: %s in file %s: ", CIDRKey, path) + logrus.Errorf("error reading subnet: more than 1 entry found for key: %s in file %s: ", key, path) return ip.IP4Net{IP: 0, PrefixLen: 0} } return prevCIDRs[0] } -func ReadCIDRsFromSubnetFile(path string, CIDRKey string) []ip.IP4Net { +func ReadCIDRsFromSubnetFile(path string, key string) []ip.IP4Net { prevCIDRs := make([]ip.IP4Net, 0) if _, err := os.Stat(path); !os.IsNotExist(err) { prevSubnetVals, err := godotenv.Read(path) if err != nil { - logrus.Errorf("Couldn't fetch previous %s from subnet file at %s: %v", CIDRKey, path, err) - } else if prevCIDRString, ok := prevSubnetVals[CIDRKey]; ok { + logrus.Errorf("Couldn't fetch previous %s from subnet file at %s: %v", key, path, err) + } else if prevCIDRString, ok := prevSubnetVals[key]; ok { cidrs := strings.Split(prevCIDRString, ",") prevCIDRs = make([]ip.IP4Net, 0) for i := range cidrs { _, cidr, err := net.ParseCIDR(cidrs[i]) if err != nil { - logrus.Errorf("Couldn't parse previous %s from subnet file at %s: %v", CIDRKey, path, err) + logrus.Errorf("Couldn't parse previous %s from subnet file at %s: %v", key, path, err) } prevCIDRs = append(prevCIDRs, ip.FromIPNet(cidr)) } @@ -256,32 +256,32 @@ func ReadCIDRsFromSubnetFile(path string, CIDRKey string) []ip.IP4Net { return prevCIDRs } -// ReadIP6CIDRFromSubnetFile reads the flannel subnet file and extracts the value of IPv6 network CIDRKey -func ReadIP6CIDRFromSubnetFile(path string, CIDRKey string) ip.IP6Net { - prevCIDRs := ReadIP6CIDRsFromSubnetFile(path, CIDRKey) +// ReadIP6CIDRFromSubnetFile reads the flannel subnet file and extracts the value of IPv6 network key +func ReadIP6CIDRFromSubnetFile(path string, key string) ip.IP6Net { + prevCIDRs := ReadIP6CIDRsFromSubnetFile(path, key) if len(prevCIDRs) == 0 { - logrus.Warningf("no subnet found for key: %s in file: %s", CIDRKey, path) + logrus.Warningf("no subnet found for key: %s in file: %s", key, path) return ip.IP6Net{IP: (*ip.IP6)(big.NewInt(0)), PrefixLen: 0} } else if len(prevCIDRs) > 1 { - logrus.Errorf("error reading subnet: more than 1 entry found for key: %s in file %s: ", CIDRKey, path) + logrus.Errorf("error reading subnet: more than 1 entry found for key: %s in file %s: ", key, path) return ip.IP6Net{IP: (*ip.IP6)(big.NewInt(0)), PrefixLen: 0} } return prevCIDRs[0] } -func ReadIP6CIDRsFromSubnetFile(path string, CIDRKey string) []ip.IP6Net { +func ReadIP6CIDRsFromSubnetFile(path string, key string) []ip.IP6Net { prevCIDRs := make([]ip.IP6Net, 0) if _, err := os.Stat(path); !os.IsNotExist(err) { prevSubnetVals, err := godotenv.Read(path) if err != nil { - logrus.Errorf("Couldn't fetch previous %s from subnet file at %s: %v", CIDRKey, path, err) - } else if prevCIDRString, ok := prevSubnetVals[CIDRKey]; ok { + logrus.Errorf("Couldn't fetch previous %s from subnet file at %s: %v", key, path, err) + } else if prevCIDRString, ok := prevSubnetVals[key]; ok { cidrs := strings.Split(prevCIDRString, ",") prevCIDRs = make([]ip.IP6Net, 0) for i := range cidrs { _, cidr, err := net.ParseCIDR(cidrs[i]) if err != nil { - logrus.Errorf("Couldn't parse previous %s from subnet file at %s: %v", CIDRKey, path, err) + logrus.Errorf("Couldn't parse previous %s from subnet file at %s: %v", key, path, err) } prevCIDRs = append(prevCIDRs, ip.FromIP6Net(cidr)) } diff --git a/pkg/cli/cert/cert.go b/pkg/cli/cert/cert.go index 38e3338c114f..f74edcff9ec1 100644 --- a/pkg/cli/cert/cert.go +++ b/pkg/cli/cert/cert.go @@ -51,12 +51,12 @@ type CertificateInfo struct { } // collectCertInfo collects information about certificates -func collectCertInfo(controlConfig config.Control, ServicesList []string) (*CertificateInfo, error) { +func collectCertInfo(controlConfig config.Control, servicesList []string) (*CertificateInfo, error) { result := &CertificateInfo{} now := time.Now() warn := now.Add(time.Hour * 24 * config.CertificateRenewDays) - fileMap, err := services.FilesForServices(controlConfig, ServicesList) + fileMap, err := services.FilesForServices(controlConfig, servicesList) if err != nil { return nil, err } diff --git a/pkg/daemons/control/deps/deps.go b/pkg/daemons/control/deps/deps.go index d2aed7cb8e63..d076e99eb58a 100644 --- a/pkg/daemons/control/deps/deps.go +++ b/pkg/daemons/control/deps/deps.go @@ -538,15 +538,15 @@ type signedCertFactory = func(commonName string, organization []string, certFile func createServerSigningCertKey(config *config.Control) (bool, error) { runtime := config.Runtime - TokenCA := filepath.Join(config.DataDir, "tls", "token-ca.crt") - TokenCAKey := filepath.Join(config.DataDir, "tls", "token-ca.key") + tokenCA := filepath.Join(config.DataDir, "tls", "token-ca.crt") + tokenCAKey := filepath.Join(config.DataDir, "tls", "token-ca.key") - if exists(TokenCA, TokenCAKey) && !exists(runtime.ServerCA) && !exists(runtime.ServerCAKey) { + if exists(tokenCA, tokenCAKey) && !exists(runtime.ServerCA) && !exists(runtime.ServerCAKey) { logrus.Infof("Upgrading token-ca files to server-ca") - if err := os.Link(TokenCA, runtime.ServerCA); err != nil { + if err := os.Link(tokenCA, runtime.ServerCA); err != nil { return false, err } - if err := os.Link(TokenCAKey, runtime.ServerCAKey); err != nil { + if err := os.Link(tokenCAKey, runtime.ServerCAKey); err != nil { return false, err } return true, nil diff --git a/pkg/util/net.go b/pkg/util/net.go index dd0e6be0bc1b..e6a0a7b537cc 100644 --- a/pkg/util/net.go +++ b/pkg/util/net.go @@ -207,19 +207,11 @@ func GetFirstValidIPString(s []string) string { // GetFirstIP checks what is the IPFamily of the first item. Based on that, returns a set of values func GetDefaultAddresses(nodeIP net.IP) (string, string, string, error) { if netutils.IsIPv4(nodeIP) { - ListenAddress := "0.0.0.0" - clusterCIDR := "10.42.0.0/16" - serviceCIDR := "10.43.0.0/16" - - return ListenAddress, clusterCIDR, serviceCIDR, nil + return "0.0.0.0", "10.42.0.0/16", "10.43.0.0/16", nil } if netutils.IsIPv6(nodeIP) { - ListenAddress := "::" - clusterCIDR := "fd00:42::/56" - serviceCIDR := "fd00:43::/112" - - return ListenAddress, clusterCIDR, serviceCIDR, nil + return "::", "fd00:42::/56", "fd00:43::/112", nil } return "", "", "", fmt.Errorf("ip: %v is not ipv4 or ipv6", nodeIP) @@ -230,15 +222,15 @@ func GetDefaultAddresses(nodeIP net.IP) (string, string, string, error) { // if neither of IPv4 or IPv6 are found an error is raised. func GetFirstString(elems []string) (string, bool, error) { ip, err := GetFirst4String(elems) - IPv6only := false + v6only := false if err != nil { ip, err = GetFirst6String(elems) if err != nil { return "", false, err } - IPv6only = true + v6only = true } - return ip, IPv6only, nil + return ip, v6only, nil } // IPToIPNet converts an IP to an IPNet, using a fully filled mask appropriate for the address family. From befc7158c0583a3545c55c0c8a2682ae4075a71a Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Tue, 16 Dec 2025 00:22:52 +0000 Subject: [PATCH 26/48] lint: unexported-return Signed-off-by: Brad Davidson (cherry picked from commit 49d080c7b7d48125eebafceb4ca20491818856ef) Signed-off-by: Brad Davidson --- pkg/util/logger/logger.go | 24 ++++++++++++------------ pkg/util/patch.go | 20 ++++++++++---------- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/pkg/util/logger/logger.go b/pkg/util/logger/logger.go index a23e824fe744..3adcaa875ef6 100644 --- a/pkg/util/logger/logger.go +++ b/pkg/util/logger/logger.go @@ -8,7 +8,7 @@ import ( ) // implicit interface check -var _ logr.LogSink = &logrusSink{} +var _ logr.LogSink = &LogrusSink{} // mapLevel maps logr log verbosities to logrus log levels // logr does not have "log levels", but Info prints at verbosity 0 @@ -42,46 +42,46 @@ func mapKV(kvs []any) logrus.Fields { } // LogrusSink wraps logrus the Logger/Entry types for use as a logr LogSink. -type logrusSink struct { +type LogrusSink struct { e *logrus.Entry ri logr.RuntimeInfo } -func NewLogrusSink(l *logrus.Logger) *logrusSink { +func NewLogrusSink(l *logrus.Logger) *LogrusSink { if l == nil { l = logrus.StandardLogger() } - return &logrusSink{e: logrus.NewEntry(l)} + return &LogrusSink{e: logrus.NewEntry(l)} } -func (ls *logrusSink) AsLogr() logr.Logger { +func (ls *LogrusSink) AsLogr() logr.Logger { return logr.New(ls) } -func (ls *logrusSink) Init(ri logr.RuntimeInfo) { +func (ls *LogrusSink) Init(ri logr.RuntimeInfo) { ls.ri = ri } -func (ls *logrusSink) Enabled(level int) bool { +func (ls *LogrusSink) Enabled(level int) bool { return ls.e.Logger.IsLevelEnabled(mapLevel(level)) } -func (ls *logrusSink) Info(level int, msg string, kvs ...any) { +func (ls *LogrusSink) Info(level int, msg string, kvs ...any) { ls.e.WithFields(mapKV(kvs)).Log(mapLevel(level), msg) } -func (ls *logrusSink) Error(err error, msg string, kvs ...any) { +func (ls *LogrusSink) Error(err error, msg string, kvs ...any) { ls.e.WithError(err).WithFields(mapKV(kvs)).Error(msg) } -func (ls *logrusSink) WithValues(kvs ...any) logr.LogSink { - return &logrusSink{ +func (ls *LogrusSink) WithValues(kvs ...any) logr.LogSink { + return &LogrusSink{ e: ls.e.WithFields(mapKV(kvs)), ri: ls.ri, } } -func (ls *logrusSink) WithName(name string) logr.LogSink { +func (ls *LogrusSink) WithName(name string) logr.LogSink { if base, ok := ls.e.Data["logger"]; ok { name = fmt.Sprintf("%s/%s", base, name) } diff --git a/pkg/util/patch.go b/pkg/util/patch.go index 26f9b98fd79b..64a6afdd207c 100644 --- a/pkg/util/patch.go +++ b/pkg/util/patch.go @@ -21,21 +21,21 @@ type clientPatcher[T runtime.Object] interface { Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (T, error) } -// patchWrapper wraps the Patch functions provided by either wrangler or client-go -type patchWrapper[T runtime.Object] struct { - patcher any +// Patcher wraps the Patch functions provided by either wrangler or client-go +type Patcher[T runtime.Object] struct { + impl any } // NewPatcher wraps the provided controller or client for use as a generic patcher // note that the patcher is not validated for use until `Patch` is called -func NewPatcher[T runtime.Object](patcher any) *patchWrapper[T] { - return &patchWrapper[T]{ - patcher: patcher, +func NewPatcher[T runtime.Object](patcher any) *Patcher[T] { + return &Patcher[T]{ + impl: patcher, } } // Patch applies the provided PatchList to the specified resource -func (p *patchWrapper[T]) Patch(ctx context.Context, pl *PatchList, name string, subresources ...string) (T, error) { +func (p *Patcher[T]) Patch(ctx context.Context, pl *PatchList, name string, subresources ...string) (T, error) { var t T if pl == nil { pl = NewPatchList() @@ -44,13 +44,13 @@ func (p *patchWrapper[T]) Patch(ctx context.Context, pl *PatchList, name string, if err != nil { return t, err } - if patch, ok := p.patcher.(clientPatcher[T]); ok { + if patch, ok := p.impl.(clientPatcher[T]); ok { return patch.Patch(ctx, name, types.JSONPatchType, b, metav1.PatchOptions{}, subresources...) } - if patch, ok := p.patcher.(controllerPatcher[T]); ok { + if patch, ok := p.impl.(controllerPatcher[T]); ok { return patch.Patch(name, types.JSONPatchType, b, subresources...) } - return t, fmt.Errorf("unable to patch %T with %T", t, p.patcher) + return t, fmt.Errorf("unable to patch %T with %T", t, p.impl) } // PatchList is a generic list of JSONPatch operations to apply to a resource From 2950a537aa14f3d51f35e5d6188ae4d3de55c4a8 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Tue, 16 Dec 2025 00:33:33 +0000 Subject: [PATCH 27/48] lint: unnecessary-stmt Signed-off-by: Brad Davidson (cherry picked from commit 91a41d8c30adc66026978fd945782ed510360bd4) Signed-off-by: Brad Davidson --- pkg/cgroups/cgroups_linux.go | 3 +-- pkg/etcd/etcd.go | 12 ++---------- pkg/etcd/s3/config_secret.go | 6 +----- pkg/etcd/s3/s3_test.go | 3 +-- pkg/nodepassword/nodepassword.go | 6 +----- 5 files changed, 6 insertions(+), 24 deletions(-) diff --git a/pkg/cgroups/cgroups_linux.go b/pkg/cgroups/cgroups_linux.go index e8954041c2ed..7e582f6175c2 100644 --- a/pkg/cgroups/cgroups_linux.go +++ b/pkg/cgroups/cgroups_linux.go @@ -163,8 +163,7 @@ func CheckCgroups() (kubeletRoot, runtimeRoot string, controllers map[string]boo // For v1 or hybrid, controller can be a single value {"blkio"}, or a comounted set {"cpu","cpuacct"} // For v2, controllers = {""} (only contains a single empty string) for _, controller := range controllers { - switch { - case controller == "name=systemd" || cgroupsModeV2: + if controller == "name=systemd" || cgroupsModeV2 { last := parts[len(parts)-1] if last != "/" && last != "/init.scope" { kubeletRoot = "/" + version.Program diff --git a/pkg/etcd/etcd.go b/pkg/etcd/etcd.go index dd96c975fbd3..eae357f140fd 100644 --- a/pkg/etcd/etcd.go +++ b/pkg/etcd/etcd.go @@ -143,11 +143,7 @@ func (e *membershipError) Error() string { } func (e *membershipError) Is(target error) bool { - switch target { - case ErrNotMember: - return true - } - return false + return target == ErrNotMember } func errNotMember() error { return &membershipError{} } @@ -161,11 +157,7 @@ func (e *memberListError) Error() string { } func (e *memberListError) Is(target error) bool { - switch target { - case ErrMemberListFailed: - return true - } - return false + return target == ErrMemberListFailed } func errMemberListFailed() error { return &memberListError{} } diff --git a/pkg/etcd/s3/config_secret.go b/pkg/etcd/s3/config_secret.go index e7c8462c23d0..a54600f93a54 100644 --- a/pkg/etcd/s3/config_secret.go +++ b/pkg/etcd/s3/config_secret.go @@ -24,11 +24,7 @@ func (e *secretError) Error() string { } func (e *secretError) Is(target error) bool { - switch target { - case ErrNoConfigSecret: - return true - } - return false + return target == ErrNoConfigSecret } func errNoConfigSecret() error { return &secretError{} } diff --git a/pkg/etcd/s3/s3_test.go b/pkg/etcd/s3/s3_test.go index e8714a9b5856..131757ced05a 100644 --- a/pkg/etcd/s3/s3_test.go +++ b/pkg/etcd/s3/s3_test.go @@ -1558,8 +1558,7 @@ func s3Router(t *testing.T) http.Handler { // HeadBucket router.Path("/{bucket}/").Methods(http.MethodHead).HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { vars := mux.Vars(r) - switch vars["bucket"] { - case "badbucket": + if vars["bucket"] == "badbucket" { rw.WriteHeader(http.StatusNotFound) } }) diff --git a/pkg/nodepassword/nodepassword.go b/pkg/nodepassword/nodepassword.go index e1421ffb3b7a..577cfbcc82f7 100644 --- a/pkg/nodepassword/nodepassword.go +++ b/pkg/nodepassword/nodepassword.go @@ -34,11 +34,7 @@ func (e *passwordError) Error() string { } func (e *passwordError) Is(target error) bool { - switch target { - case ErrVerifyFailed: - return true - } - return false + return target == ErrVerifyFailed } func (e *passwordError) Unwrap() error { From 730001c44381bdb9cbc040ed2ffd05e5f0273166 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Tue, 16 Dec 2025 00:42:11 +0000 Subject: [PATCH 28/48] lint: useless-break Signed-off-by: Brad Davidson (cherry picked from commit 8e0e37e30371af6a1b5fa757ef898ab828378886) Signed-off-by: Brad Davidson --- pkg/cluster/bootstrap.go | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/pkg/cluster/bootstrap.go b/pkg/cluster/bootstrap.go index 2dc76e76e4ea..7b55276afb27 100644 --- a/pkg/cluster/bootstrap.go +++ b/pkg/cluster/bootstrap.go @@ -29,6 +29,7 @@ import ( "github.com/otiai10/copy" pkgerrors "github.com/pkg/errors" "github.com/sirupsen/logrus" + "k8s.io/apimachinery/pkg/util/wait" ) // Bootstrap attempts to load a managed database driver, if one has been initialized or should be created/joined. @@ -563,19 +564,15 @@ func (c *Cluster) reconcileEtcd(ctx context.Context) error { return err } - for { - if err := e.Test(reconcileCtx, true); err != nil && !errors.Is(err, etcd.ErrNotMember) { + if err := wait.PollUntilContextCancel(reconcileCtx, time.Second*5, true, func(ctx context.Context) (bool, error) { + if err := e.Test(ctx, true); err != nil && !errors.Is(err, etcd.ErrNotMember) { logrus.Infof("Failed to test temporary data store connection: %v", err) - } else { - logrus.Info(e.EndpointName() + " temporary data store connection OK") - break - } - - select { - case <-time.After(5 * time.Second): - case <-reconcileCtx.Done(): - break + return false, nil } + logrus.Info(e.EndpointName() + " temporary data store connection OK") + return true, nil + }); err != nil { + return err } data, err := c.readBootstrapFromDisk() From 69244ed1ed81ec13eb984481ca4baae4a2e54460 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Tue, 16 Dec 2025 00:51:05 +0000 Subject: [PATCH 29/48] lint: identical-switch-branches Signed-off-by: Brad Davidson (cherry picked from commit c1f02b8b194e46aa1b92a3ce6aca75880f97cbe5) Signed-off-by: Brad Davidson --- pkg/agent/flannel/setup.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/pkg/agent/flannel/setup.go b/pkg/agent/flannel/setup.go index 3dcec2431eb0..f90ac440befd 100644 --- a/pkg/agent/flannel/setup.go +++ b/pkg/agent/flannel/setup.go @@ -216,18 +216,18 @@ func createFlannelConf(nodeConfig *config.Node) error { confJSON = strings.ReplaceAll(confJSON, "%CIDR_IPV6%", emptyIPv6Network) } - var backendConf string - - // precheck and error out unsupported flannel backends. - switch nodeConfig.Flannel.Backend { - case BackendHostGW: - case BackendTailscale: - case BackendWireguardNative: - if goruntime.GOOS == "windows" { + // precheck and error out unsupported flannel backends for windows. + if goruntime.GOOS == "windows" { + switch nodeConfig.Flannel.Backend { + case BackendVXLAN, BackendNone: + // these are the only supported backends + default: return fmt.Errorf("unsupported flannel backend '%s' for Windows", nodeConfig.Flannel.Backend) } } + var backendConf string + switch nodeConfig.Flannel.Backend { case BackendVXLAN: backendConf = vxlanBackend From 5a2771088edb5ec9d9c376db4d8d3a75d9732e7e Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Tue, 16 Dec 2025 00:52:36 +0000 Subject: [PATCH 30/48] lint: unhandled-error Signed-off-by: Brad Davidson (cherry picked from commit 003fd4471cef7349114f87e83c7b9f95e54b95fe) Signed-off-by: Brad Davidson --- pkg/clientaccess/token_linux_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/clientaccess/token_linux_test.go b/pkg/clientaccess/token_linux_test.go index e4568fdc14e2..cc4ff0e2d294 100644 --- a/pkg/clientaccess/token_linux_test.go +++ b/pkg/clientaccess/token_linux_test.go @@ -41,7 +41,7 @@ func Test_UnitTrustedCA(t *testing.T) { // as it is cached for the duration of the process lifetime. // Ref: https://github.com/golang/go/issues/41888 path := t.TempDir() + "/ca.crt" - writeServerCA(server, path) + _ = writeServerCA(server, path) os.Setenv("SSL_CERT_FILE", path) for _, testCase := range testCases { From bd064cbfe1e258ecee37f72bf44cdd4461e134c9 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Tue, 16 Dec 2025 01:09:33 +0000 Subject: [PATCH 31/48] lint: unnecessary-format,use-errors-new Signed-off-by: Brad Davidson (cherry picked from commit fc506e56dd449dd6f04475c9bc11dcbeec52c517) Signed-off-by: Brad Davidson --- pkg/agent/flannel/setup.go | 2 +- pkg/agent/flannel/setup_test.go | 2 +- pkg/agent/loadbalancer/loadbalancer_test.go | 2 +- pkg/agent/run.go | 2 +- pkg/authenticator/passwordfile/passwordfile_test.go | 4 ++-- pkg/cli/agent/agent.go | 6 +++--- pkg/cli/cert/cert.go | 4 ++-- pkg/cloudprovider/cloudprovider.go | 4 ++-- pkg/cloudprovider/servicelb.go | 5 +++-- pkg/cluster/encrypt.go | 4 ++-- pkg/cluster/https.go | 3 +-- pkg/etcd/etcd.go | 2 +- pkg/etcd/s3/s3.go | 2 +- pkg/etcd/snapshot_handler.go | 4 ++-- pkg/nodepassword/nodepassword_test.go | 4 ++-- pkg/secretsencrypt/config.go | 5 +++-- pkg/server/handlers/cert.go | 2 +- pkg/server/handlers/secrets-encrypt.go | 10 +++++----- pkg/server/handlers/token.go | 6 +++--- pkg/util/net.go | 4 ++-- pkg/util/permissions/permissions_others.go | 4 ++-- pkg/util/permissions/permissions_windows.go | 4 ++-- 22 files changed, 43 insertions(+), 42 deletions(-) diff --git a/pkg/agent/flannel/setup.go b/pkg/agent/flannel/setup.go index f90ac440befd..7e17f1c90dd1 100644 --- a/pkg/agent/flannel/setup.go +++ b/pkg/agent/flannel/setup.go @@ -242,7 +242,7 @@ func createFlannelConf(nodeConfig *config.Node) error { routes = append(routes, "$IPV6SUBNET") } if len(routes) == 0 { - return fmt.Errorf("incorrect netMode for flannel tailscale backend") + return errors.New("incorrect netMode for flannel tailscale backend") } advertisedRoutes, err := vpn.GetAdvertisedRoutes() if err == nil && advertisedRoutes != nil { diff --git a/pkg/agent/flannel/setup_test.go b/pkg/agent/flannel/setup_test.go index 4a5375b8224d..2e1cef697aee 100644 --- a/pkg/agent/flannel/setup_test.go +++ b/pkg/agent/flannel/setup_test.go @@ -79,7 +79,7 @@ func Test_createFlannelConf(t *testing.T) { } data, err := os.ReadFile("test_file") if err != nil { - t.Errorf("Something went wrong when reading the flannel config file") + t.Error("Something went wrong when reading the flannel config file") } for _, config := range tt.wantConfig { isExist, _ := regexp.Match(config, data) diff --git a/pkg/agent/loadbalancer/loadbalancer_test.go b/pkg/agent/loadbalancer/loadbalancer_test.go index 7de442e192a4..213105782663 100644 --- a/pkg/agent/loadbalancer/loadbalancer_test.go +++ b/pkg/agent/loadbalancer/loadbalancer_test.go @@ -84,7 +84,7 @@ func (s *testServer) echo(conn net.Conn) { } func ping(conn net.Conn) (string, error) { - fmt.Fprintf(conn, "ping\n") + fmt.Fprint(conn, "ping\n") result, err := bufio.NewReader(conn).ReadString('\n') if err != nil { return "", err diff --git a/pkg/agent/run.go b/pkg/agent/run.go index 39290301db6b..4c0347b20a13 100644 --- a/pkg/agent/run.go +++ b/pkg/agent/run.go @@ -93,7 +93,7 @@ func run(ctx context.Context, cfg cmds.Agent, proxy proxy.Proxy) error { // dualStack or IPv6 are not supported on Windows node if (goruntime.GOOS == "windows") && enableIPv6 { - return fmt.Errorf("dual-stack or IPv6 are not supported on Windows node") + return errors.New("dual-stack or IPv6 are not supported on Windows node") } conntrackConfig, err := getConntrackConfig(nodeConfig) diff --git a/pkg/authenticator/passwordfile/passwordfile_test.go b/pkg/authenticator/passwordfile/passwordfile_test.go index ff65da69c1a7..633c1c2d52a3 100644 --- a/pkg/authenticator/passwordfile/passwordfile_test.go +++ b/pkg/authenticator/passwordfile/passwordfile_test.go @@ -134,13 +134,13 @@ password2,user2,uid2 password3,user3 password4 `); err == nil { - t.Fatalf("unexpected non error") + t.Fatal("unexpected non error") } } func Test_UnitInsufficientColumnsPasswordFile(t *testing.T) { if _, err := newWithContents(t, "password4\n"); err == nil { - t.Fatalf("unexpected non error") + t.Fatal("unexpected non error") } } diff --git a/pkg/cli/agent/agent.go b/pkg/cli/agent/agent.go index 83d3aa0c0857..7fd2ef06a3a5 100644 --- a/pkg/cli/agent/agent.go +++ b/pkg/cli/agent/agent.go @@ -3,7 +3,7 @@ package agent import ( "context" "crypto/tls" - "fmt" + "errors" "os" "path/filepath" "sync" @@ -82,11 +82,11 @@ func Run(clx *cli.Context) (rerr error) { _, err := tls.LoadX509KeyPair(clientKubeletCert, clientKubeletKey) if err != nil && cmds.AgentConfig.Token == "" { - return fmt.Errorf("--token is required") + return errors.New("--token is required") } if cmds.AgentConfig.ServerURL == "" { - return fmt.Errorf("--server is required") + return errors.New("--server is required") } if cmds.AgentConfig.FlannelIface != "" && len(cmds.AgentConfig.NodeIP.Value()) == 0 { diff --git a/pkg/cli/cert/cert.go b/pkg/cli/cert/cert.go index f74edcff9ec1..8e2a840ce5a0 100644 --- a/pkg/cli/cert/cert.go +++ b/pkg/cli/cert/cert.go @@ -133,8 +133,8 @@ func (f *TableFormatter) Format(certInfo *CertificateInfo) error { now := certInfo.ReferenceTime defer w.Flush() - fmt.Fprintf(w, "\nFILENAME\tSUBJECT\tUSAGES\tEXPIRES\tRESIDUAL TIME\tSTATUS\n") - fmt.Fprintf(w, "--------\t-------\t------\t-------\t-------------\t------\n") + fmt.Fprint(w, "\nFILENAME\tSUBJECT\tUSAGES\tEXPIRES\tRESIDUAL TIME\tSTATUS\n") + fmt.Fprint(w, "--------\t-------\t------\t-------\t-------------\t------\n") for _, cert := range certInfo.Certificates { fmt.Fprintf(w, "%s\t%s\t%s\t%s\t%s\t%s\n", diff --git a/pkg/cloudprovider/cloudprovider.go b/pkg/cloudprovider/cloudprovider.go index 5900b9ac8544..54ec3134bd92 100644 --- a/pkg/cloudprovider/cloudprovider.go +++ b/pkg/cloudprovider/cloudprovider.go @@ -2,7 +2,7 @@ package cloudprovider import ( "encoding/json" - "fmt" + "errors" "io" "github.com/k3s-io/k3s/pkg/util" @@ -74,7 +74,7 @@ func init() { } if !k.LBEnabled && !k.NodeEnabled { - return nil, fmt.Errorf("all cloud-provider functionality disabled by config") + return nil, errors.New("all cloud-provider functionality disabled by config") } return &k, err diff --git a/pkg/cloudprovider/servicelb.go b/pkg/cloudprovider/servicelb.go index a0e0bf937e73..92f51ac7422a 100644 --- a/pkg/cloudprovider/servicelb.go +++ b/pkg/cloudprovider/servicelb.go @@ -3,6 +3,7 @@ package cloudprovider import ( "context" "encoding/json" + "errors" "fmt" "sort" "strconv" @@ -739,11 +740,11 @@ func validateToleration(toleration *core.Toleration) error { } if toleration.Key == "" && toleration.Operator != core.TolerationOpExists { - return fmt.Errorf("toleration with empty key must have operator 'Exists'") + return errors.New("toleration with empty key must have operator 'Exists'") } if toleration.Operator == core.TolerationOpExists && toleration.Value != "" { - return fmt.Errorf("toleration with operator 'Exists' must have an empty value") + return errors.New("toleration with operator 'Exists' must have an empty value") } return nil diff --git a/pkg/cluster/encrypt.go b/pkg/cluster/encrypt.go index b39fdc151370..75ed6f26392d 100644 --- a/pkg/cluster/encrypt.go +++ b/pkg/cluster/encrypt.go @@ -6,7 +6,7 @@ import ( "crypto/rand" "crypto/sha1" "encoding/base64" - "fmt" + "errors" "io" "strings" @@ -54,7 +54,7 @@ func encrypt(passphrase string, plaintext []byte) ([]byte, error) { func decrypt(passphrase string, ciphertext []byte) ([]byte, error) { parts := strings.SplitN(string(ciphertext), ":", 2) if len(parts) != 2 { - return nil, fmt.Errorf("invalid cipher text, not : delimited") + return nil, errors.New("invalid cipher text, not : delimited") } clearKey := pbkdf2.Key([]byte(passphrase), []byte(parts[0]), 4096, 32, sha1.New) diff --git a/pkg/cluster/https.go b/pkg/cluster/https.go index df5446b98a75..332a2e8b0666 100644 --- a/pkg/cluster/https.go +++ b/pkg/cluster/https.go @@ -4,7 +4,6 @@ import ( "context" "crypto/tls" "errors" - "fmt" "io" "log" "net" @@ -105,7 +104,7 @@ func (c *Cluster) initClusterAndHTTPS(ctx context.Context) error { if c.config.Runtime.Handler != nil { c.config.Runtime.Handler.ServeHTTP(rw, req) } else { - util.SendError(fmt.Errorf("starting"), rw, req, http.StatusServiceUnavailable) + util.SendError(errors.New("starting"), rw, req, http.StatusServiceUnavailable) } }) diff --git a/pkg/etcd/etcd.go b/pkg/etcd/etcd.go index eae357f140fd..1e4fb6d7ca2d 100644 --- a/pkg/etcd/etcd.go +++ b/pkg/etcd/etcd.go @@ -758,7 +758,7 @@ func (e *ETCD) handler(next http.Handler) http.Handler { func (e *ETCD) infoHandler() http.Handler { return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { if req.Method != http.MethodGet { - util.SendError(fmt.Errorf("method not allowed"), rw, req, http.StatusMethodNotAllowed) + util.SendError(errors.New("method not allowed"), rw, req, http.StatusMethodNotAllowed) return } diff --git a/pkg/etcd/s3/s3.go b/pkg/etcd/s3/s3.go index 94a174a5934e..e659b226deec 100644 --- a/pkg/etcd/s3/s3.go +++ b/pkg/etcd/s3/s3.go @@ -200,7 +200,7 @@ func (c *Controller) GetClient(ctx context.Context, etcdS3 *config.EtcdS3) (*Cli return nil, pkgerrors.WithMessage(err, "failed to parse etcd-s3-proxy value as URL") } if u.Scheme == "" || u.Host == "" { - return nil, fmt.Errorf("proxy URL must include scheme and host") + return nil, errors.New("proxy URL must include scheme and host") } } tr.Proxy = http.ProxyURL(u) diff --git a/pkg/etcd/snapshot_handler.go b/pkg/etcd/snapshot_handler.go index 5d591d9832c2..1d156bcdcdec 100644 --- a/pkg/etcd/snapshot_handler.go +++ b/pkg/etcd/snapshot_handler.go @@ -3,7 +3,7 @@ package etcd import ( "context" "encoding/json" - "fmt" + "errors" "io" "net/http" @@ -136,7 +136,7 @@ func (e *ETCD) handleDelete(rw http.ResponseWriter, req *http.Request, snapshots } func (e *ETCD) handleInvalid(rw http.ResponseWriter, req *http.Request) error { - util.SendErrorWithID(fmt.Errorf("invalid snapshot operation"), "etcd-snapshot", rw, req, http.StatusBadRequest) + util.SendErrorWithID(errors.New("invalid snapshot operation"), "etcd-snapshot", rw, req, http.StatusBadRequest) return nil } diff --git a/pkg/nodepassword/nodepassword_test.go b/pkg/nodepassword/nodepassword_test.go index 2c803a0897af..57606aafbac2 100644 --- a/pkg/nodepassword/nodepassword_test.go +++ b/pkg/nodepassword/nodepassword_test.go @@ -23,9 +23,9 @@ func Test_UnitAsserts(t *testing.T) { } func Test_PasswordError(t *testing.T) { - err := &passwordError{node: "test", err: fmt.Errorf("inner error")} + err := &passwordError{node: "test", err: errors.New("inner error")} assertEqual(t, errors.Is(err, ErrVerifyFailed), true) - assertEqual(t, errors.Is(err, fmt.Errorf("different error")), false) + assertEqual(t, errors.Is(err, errors.New("different error")), false) assertNotEqual(t, errors.Unwrap(err), nil) } diff --git a/pkg/secretsencrypt/config.go b/pkg/secretsencrypt/config.go index 2549ab2268c7..3457b36beb4f 100644 --- a/pkg/secretsencrypt/config.go +++ b/pkg/secretsencrypt/config.go @@ -6,6 +6,7 @@ import ( "crypto/sha256" "encoding/hex" "encoding/json" + "errors" "fmt" "os" "path/filepath" @@ -92,7 +93,7 @@ func GetEncryptionKeys(runtime *config.ControlRuntime) (*EncryptionKeys, error) currentKeys.SBKeys = append(currentKeys.SBKeys, p.Secretbox.Keys...) } if p.AESGCM != nil || p.KMS != nil { - return nil, fmt.Errorf("unsupported encryption keys found") + return nil, errors.New("unsupported encryption keys found") } } return currentKeys, nil @@ -366,7 +367,7 @@ func GetEncryptionConfigMetrics(runtime *config.ControlRuntime, initialMetrics b unixUpdateTime = int64(tsMetric.GetMetric()[0].GetGauge().GetValue()) if time.Now().Unix() < unixUpdateTime { - return true, fmt.Errorf("encryption reload time is incorrectly ahead of current time") + return true, errors.New("encryption reload time is incorrectly ahead of current time") } for _, totalMetric := range totalMetrics.GetMetric() { diff --git a/pkg/server/handlers/cert.go b/pkg/server/handlers/cert.go index e1cd6be1e115..82e748e32f3f 100644 --- a/pkg/server/handlers/cert.go +++ b/pkg/server/handlers/cert.go @@ -33,7 +33,7 @@ import ( func CACertReplace(control *config.Control) http.HandlerFunc { return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) { if req.Method != http.MethodPut { - util.SendError(fmt.Errorf("method not allowed"), resp, req, http.StatusMethodNotAllowed) + util.SendError(errors.New("method not allowed"), resp, req, http.StatusMethodNotAllowed) return } force, _ := strconv.ParseBool(req.FormValue("force")) diff --git a/pkg/server/handlers/secrets-encrypt.go b/pkg/server/handlers/secrets-encrypt.go index 7d5b18e0b445..59cc55a185fd 100644 --- a/pkg/server/handlers/secrets-encrypt.go +++ b/pkg/server/handlers/secrets-encrypt.go @@ -185,7 +185,7 @@ func encryptionEnable(ctx context.Context, control *config.Control, enable bool) logrus.Infoln("Secrets encryption already enabled") return nil } else { - return fmt.Errorf("unable to enable/disable secrets encryption, unknown configuration") + return errors.New("unable to enable/disable secrets encryption, unknown configuration") } if err := cluster.Save(ctx, control, true); err != nil { return err @@ -196,7 +196,7 @@ func encryptionEnable(ctx context.Context, control *config.Control, enable bool) func EncryptionConfig(ctx context.Context, control *config.Control) http.Handler { return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) { if req.Method != http.MethodPut { - util.SendError(fmt.Errorf("method not allowed"), resp, req, http.StatusMethodNotAllowed) + util.SendError(errors.New("method not allowed"), resp, req, http.StatusMethodNotAllowed) return } @@ -245,7 +245,7 @@ func encryptionPrepare(ctx context.Context, control *config.Control, force bool) return err } if control.EncryptProvider == secretsencrypt.SecretBoxProvider { - return fmt.Errorf("prepare does not support secretbox key type, use rotate-keys instead") + return errors.New("prepare does not support secretbox key type, use rotate-keys instead") } curKeys, err := secretsencrypt.GetEncryptionKeys(control.Runtime) @@ -273,7 +273,7 @@ func encryptionRotate(ctx context.Context, control *config.Control, force bool) return err } if control.EncryptProvider == secretsencrypt.SecretBoxProvider { - return fmt.Errorf("rotate does not support secretbox key type, use rotate-keys instead") + return errors.New("rotate does not support secretbox key type, use rotate-keys instead") } curKeys, err := secretsencrypt.GetEncryptionKeys(control.Runtime) @@ -309,7 +309,7 @@ func encryptionReencrypt(ctx context.Context, control *config.Control, force boo return err } if control.EncryptProvider == secretsencrypt.SecretBoxProvider { - return fmt.Errorf("reencrypt does not support secretbox key type, use rotate-keys instead") + return errors.New("reencrypt does not support secretbox key type, use rotate-keys instead") } // Set the reencrypt-active annotation so other nodes know we are in the process of reencrypting. diff --git a/pkg/server/handlers/token.go b/pkg/server/handlers/token.go index fd782d2b4758..8203351f7a77 100644 --- a/pkg/server/handlers/token.go +++ b/pkg/server/handlers/token.go @@ -3,7 +3,7 @@ package handlers import ( "context" "encoding/json" - "fmt" + "errors" "io" "net/http" "os" @@ -35,7 +35,7 @@ func getServerTokenRequest(req *http.Request) (TokenRotateRequest, error) { func TokenRequest(ctx context.Context, control *config.Control) http.Handler { return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) { if req.Method != http.MethodPut { - util.SendError(fmt.Errorf("method not allowed"), resp, req, http.StatusMethodNotAllowed) + util.SendError(errors.New("method not allowed"), resp, req, http.StatusMethodNotAllowed) return } var err error @@ -73,7 +73,7 @@ func tokenRotate(ctx context.Context, control *config.Control, newToken string) oldToken, found := passwd.Pass("server") if !found { - return fmt.Errorf("server token not found") + return errors.New("server token not found") } if newToken == "" { newToken, err = util.Random(16) diff --git a/pkg/util/net.go b/pkg/util/net.go index e6a0a7b537cc..4123493537e5 100644 --- a/pkg/util/net.go +++ b/pkg/util/net.go @@ -396,9 +396,9 @@ func (ml *multiListener) Accept() (net.Conn, error) { if ok { return res.conn, res.err } - return nil, fmt.Errorf("connection channel closed") + return nil, errors.New("connection channel closed") case <-ml.closing: - return nil, fmt.Errorf("listener closed") + return nil, errors.New("listener closed") } } diff --git a/pkg/util/permissions/permissions_others.go b/pkg/util/permissions/permissions_others.go index e2d1ab1d4cbf..e25605ea7468 100644 --- a/pkg/util/permissions/permissions_others.go +++ b/pkg/util/permissions/permissions_others.go @@ -3,7 +3,7 @@ package permissions import ( - "fmt" + "errors" "os" ) @@ -11,7 +11,7 @@ import ( // Ref: https://github.com/kubernetes/kubernetes/pull/96616 func IsPrivileged() error { if os.Getuid() != 0 { - return fmt.Errorf("not running as root") + return errors.New("not running as root") } return nil } diff --git a/pkg/util/permissions/permissions_windows.go b/pkg/util/permissions/permissions_windows.go index 03df43aba7d1..0b4a9109198c 100644 --- a/pkg/util/permissions/permissions_windows.go +++ b/pkg/util/permissions/permissions_windows.go @@ -3,7 +3,7 @@ package permissions import ( - "fmt" + "errors" pkgerrors "github.com/pkg/errors" "golang.org/x/sys/windows" @@ -39,7 +39,7 @@ func IsPrivileged() error { } if !member { - return fmt.Errorf("not running as member of BUILTIN\\Administrators group") + return errors.New("not running as member of BUILTIN\\Administrators group") } return nil From dc30b086eb175561184c00411a4389e1e50c6e2a Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Tue, 16 Dec 2025 18:41:09 +0000 Subject: [PATCH 32/48] lint: nested-structs Signed-off-by: Brad Davidson (cherry picked from commit e44a77d475de4cff620a65f86d6d420657a8ae4b) Signed-off-by: Brad Davidson --- pkg/executor/embed/embed_windows.go | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/pkg/executor/embed/embed_windows.go b/pkg/executor/embed/embed_windows.go index 30a8ec72d0c8..bd75b9405291 100644 --- a/pkg/executor/embed/embed_windows.go +++ b/pkg/executor/embed/embed_windows.go @@ -18,10 +18,12 @@ const ( networkName = "flannel.4096" ) +type IP4 struct { + IP string `json:"ip"` +} + type SourceVipResponse struct { - IP4 struct { - IP string `json:"ip"` - } `json:"ip4"` + IP4 IP4 `json:"ip4"` } func platformKubeProxyArgs(nodeConfig *daemonconfig.Node) map[string]string { From d0c9b21d6bf9712ec3877aba609387f8f64509da Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Thu, 18 Dec 2025 20:50:25 +0000 Subject: [PATCH 33/48] Fix PR lint checkout depth Need to check out one deeper than the number of commits in order to compare to the target branch Signed-off-by: Brad Davidson (cherry picked from commit 421e364cc9abc2601b3e5f0d21f80492e65a8224) Signed-off-by: Brad Davidson --- .github/workflows/validate.yaml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml index 9f537b83e939..29c5ddb377f4 100644 --- a/.github/workflows/validate.yaml +++ b/.github/workflows/validate.yaml @@ -20,17 +20,19 @@ jobs: name: Validate runs-on: ubuntu-latest steps: + - name: Set Commit Count + run: | + echo "GITHUB_CHECKOUT_FETCH_DEPTH=$( expr 1 + ${{ github.event.pull_request.commits }} )" >> "$GITHUB_ENV" + - name: Checkout uses: actions/checkout@v6 with: - fetch-depth: ${{ github.event.pull_request.commits }} + fetch-depth: ${{ env.GITHUB_CHECKOUT_FETCH_DEPTH }} - name: Set Go Version run: | source ./scripts/version.sh - { - echo "GOTOOLCHAIN=${VERSION_GOLANG/go}" - } >> "$GITHUB_ENV" + echo "GOTOOLCHAIN=${VERSION_GOLANG/go}" >> "$GITHUB_ENV" - name: Setup Go uses: actions/setup-go@v6 From f3853e2402af9f69fa7ce42db4e236beb0382979 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Thu, 18 Dec 2025 21:16:25 +0000 Subject: [PATCH 34/48] Don't enforce use of wg.Go instead of Add/Done Signed-off-by: Brad Davidson (cherry picked from commit da15d318560ade0424080e06eaddea2fbdfa7b6c) Signed-off-by: Brad Davidson --- .golangci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.golangci.yml b/.golangci.yml index 31f748c17cea..d8de1e7498d4 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -40,6 +40,7 @@ linters: - {name: unsecure-url-scheme, disabled: true} - {name: unused-parameter, disabled: true} - {name: unused-receiver, disabled: true} + - {name: use-waitgroup-go, disabled: true} - {name: var-naming, disabled: true} exclusions: generated: lax From ba11e8dba05a389f58c62701ed6250c10e96534f Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Thu, 18 Dec 2025 02:15:39 +0000 Subject: [PATCH 35/48] Replace temporary etcd server with raw mvcc store access Fixes an issue where copying files out from under a currently-running etcd instance can cause startup reconcile to fail. Direct creation of a mvcc store without any of the raft stuff is faster, and gives us direct control over how the store handles snapshot recovery. Signed-off-by: Brad Davidson (cherry picked from commit d38b4b30cde0c71ab844708ca48d672e14584042) Signed-off-by: Brad Davidson --- go.mod | 16 +-- go.sum | 32 ++--- pkg/cluster/bootstrap.go | 65 ++------- pkg/cluster/storage.go | 59 +++++---- pkg/etcd/etcd.go | 70 ---------- pkg/etcd/store/store.go | 279 +++++++++++++++++++++++++++++++++++++++ 6 files changed, 349 insertions(+), 172 deletions(-) create mode 100644 pkg/etcd/store/store.go diff --git a/go.mod b/go.mod index 8d3b04522940..f8a6f7453382 100644 --- a/go.mod +++ b/go.mod @@ -24,14 +24,14 @@ replace ( github.com/prometheus/client_golang => github.com/prometheus/client_golang v1.22.0 github.com/prometheus/common => github.com/prometheus/common v0.62.0 github.com/spegel-org/spegel => github.com/k3s-io/spegel v0.4.0-k3s3 - go.etcd.io/etcd/api/v3 => github.com/k3s-io/etcd/api/v3 v3.5.25-k3s1 - go.etcd.io/etcd/client/pkg/v3 => github.com/k3s-io/etcd/client/pkg/v3 v3.5.25-k3s1 - go.etcd.io/etcd/client/v2 => github.com/k3s-io/etcd/client/v2 v2.305.25-k3s1 - go.etcd.io/etcd/client/v3 => github.com/k3s-io/etcd/client/v3 v3.5.25-k3s1 - go.etcd.io/etcd/etcdutl/v3 => github.com/k3s-io/etcd/etcdutl/v3 v3.5.25-k3s1 - go.etcd.io/etcd/pkg/v3 => github.com/k3s-io/etcd/pkg/v3 v3.5.25-k3s1 - go.etcd.io/etcd/raft/v3 => github.com/k3s-io/etcd/raft/v3 v3.5.25-k3s1 - go.etcd.io/etcd/server/v3 => github.com/k3s-io/etcd/server/v3 v3.5.25-k3s1 + go.etcd.io/etcd/api/v3 => github.com/k3s-io/etcd/api/v3 v3.5.25-k3s2 + go.etcd.io/etcd/client/pkg/v3 => github.com/k3s-io/etcd/client/pkg/v3 v3.5.25-k3s2 + go.etcd.io/etcd/client/v2 => github.com/k3s-io/etcd/client/v2 v2.305.25-k3s2 + go.etcd.io/etcd/client/v3 => github.com/k3s-io/etcd/client/v3 v3.5.25-k3s2 + go.etcd.io/etcd/etcdutl/v3 => github.com/k3s-io/etcd/etcdutl/v3 v3.5.25-k3s2 + go.etcd.io/etcd/pkg/v3 => github.com/k3s-io/etcd/pkg/v3 v3.5.25-k3s2 + go.etcd.io/etcd/raft/v3 => github.com/k3s-io/etcd/raft/v3 v3.5.25-k3s2 + go.etcd.io/etcd/server/v3 => github.com/k3s-io/etcd/server/v3 v3.5.25-k3s2 go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful => go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful v0.44.0 golang.org/x/crypto => golang.org/x/crypto v0.36.0 golang.org/x/net => golang.org/x/net v0.38.0 diff --git a/go.sum b/go.sum index f85032598d96..266da4cead87 100644 --- a/go.sum +++ b/go.sum @@ -792,22 +792,22 @@ github.com/k3s-io/cri-dockerd v0.3.19-k3s2 h1:sCIh+EJQiaIcqeRYX09vT5sKDOBQjcDLCw github.com/k3s-io/cri-dockerd v0.3.19-k3s2/go.mod h1:O/Zkr8Jv7OGldRszxS4MLHmCO/93S/PNS50piYrusRs= github.com/k3s-io/cri-tools v1.33.0-k3s2 h1:V9rZcV1KDzKdAEHuCQf4b2MndcLdq0dKqxgHbMvbidY= github.com/k3s-io/cri-tools v1.33.0-k3s2/go.mod h1:JPw6cL1gGUJFc15KE1+4qSnQDK5yHWNnMhHLzTzdhbk= -github.com/k3s-io/etcd/api/v3 v3.5.25-k3s1 h1:Y/cJV9h11QzfXJa/9ZGRfVbrpvEimcN3NVESp4MMnVI= -github.com/k3s-io/etcd/api/v3 v3.5.25-k3s1/go.mod h1:ZIZh7LPgjzvjycAVgMJnx9WGkAMERMR8VOP+u9Ov2SY= -github.com/k3s-io/etcd/client/pkg/v3 v3.5.25-k3s1 h1:MiZN+429bCtEnDsHYXvE0rQC770xIEG3HDF1hK5MYgg= -github.com/k3s-io/etcd/client/pkg/v3 v3.5.25-k3s1/go.mod h1:WTiGlZqg2WSdqjF8xRycqyHZTx2YmyqGcdTwKgQtJBk= -github.com/k3s-io/etcd/client/v2 v2.305.25-k3s1 h1:cKMr+nnG3LFC+O6/qt3W7LBbndyaq9SsbHxaVFZdg9g= -github.com/k3s-io/etcd/client/v2 v2.305.25-k3s1/go.mod h1:7kF8IYWVJmKKx2L4Sl88WZOduwZ0wVuAVBxsIEouO7Y= -github.com/k3s-io/etcd/client/v3 v3.5.25-k3s1 h1:UZNNGWYWEccKUvRxO4iFN1PEn1a5O4N041zCwuiVeKM= -github.com/k3s-io/etcd/client/v3 v3.5.25-k3s1/go.mod h1:6QqI2Y9iqtIaUTS55285OyZqpF1QLCghATMEx1mhS0I= -github.com/k3s-io/etcd/etcdutl/v3 v3.5.25-k3s1 h1:cAsw7CSepxnAHHQouu5LIPu3cBpWb5weY7c4FhqFDuk= -github.com/k3s-io/etcd/etcdutl/v3 v3.5.25-k3s1/go.mod h1:aQK2d+yGPQF+NZnSWDCzJYMGze/nUQRFFwMArh/Ms8s= -github.com/k3s-io/etcd/pkg/v3 v3.5.25-k3s1 h1:CkReY5VGBXY9v7NcwnSbOGyNUSpYAm0xDknDPY1bTcc= -github.com/k3s-io/etcd/pkg/v3 v3.5.25-k3s1/go.mod h1:7Iblpd8vfikj+LBGqeJMYnEE028pCAdTolxuQTbl3M8= -github.com/k3s-io/etcd/raft/v3 v3.5.25-k3s1 h1:7YIrJNDwh+k/qPR0TuJupl3NLv1UneKgMg9m7Q+XSOw= -github.com/k3s-io/etcd/raft/v3 v3.5.25-k3s1/go.mod h1:Lo+X66UF2NPamAlswk5HeHdEXMHpBp4nYH7mjCk6p2k= -github.com/k3s-io/etcd/server/v3 v3.5.25-k3s1 h1:OPJFc6hoT7I+1mVmssTGRQNEHErlsq2YsasWYkcG4sA= -github.com/k3s-io/etcd/server/v3 v3.5.25-k3s1/go.mod h1:FEA8m9ioIsPieWqKOvzDf6bD/GeiQA0flsN3Ho/Errw= +github.com/k3s-io/etcd/api/v3 v3.5.25-k3s2 h1:YWhpHdyWkGoBf44FIkoRmjRaNQzaaeciXL1mVYR9+aw= +github.com/k3s-io/etcd/api/v3 v3.5.25-k3s2/go.mod h1:ZIZh7LPgjzvjycAVgMJnx9WGkAMERMR8VOP+u9Ov2SY= +github.com/k3s-io/etcd/client/pkg/v3 v3.5.25-k3s2 h1:CZ3rrlnu9rZbULzgyvgFzEjL2mnSWVRdCngCtX+lES0= +github.com/k3s-io/etcd/client/pkg/v3 v3.5.25-k3s2/go.mod h1:WTiGlZqg2WSdqjF8xRycqyHZTx2YmyqGcdTwKgQtJBk= +github.com/k3s-io/etcd/client/v2 v2.305.25-k3s2 h1:uFH7QMkSjGLdCb5qHEsKPpt0Y+Ng1pHjavgwAhhtN0c= +github.com/k3s-io/etcd/client/v2 v2.305.25-k3s2/go.mod h1:7kF8IYWVJmKKx2L4Sl88WZOduwZ0wVuAVBxsIEouO7Y= +github.com/k3s-io/etcd/client/v3 v3.5.25-k3s2 h1:iNNjlpTE2GJzEH55/DH0R35gfBrlGH1CKIkGx3z7AlA= +github.com/k3s-io/etcd/client/v3 v3.5.25-k3s2/go.mod h1:6QqI2Y9iqtIaUTS55285OyZqpF1QLCghATMEx1mhS0I= +github.com/k3s-io/etcd/etcdutl/v3 v3.5.25-k3s2 h1:0EEWy4vpSi5a0sYvnqayEQDN0POxIITc0H8w7IJ6XHI= +github.com/k3s-io/etcd/etcdutl/v3 v3.5.25-k3s2/go.mod h1:aQK2d+yGPQF+NZnSWDCzJYMGze/nUQRFFwMArh/Ms8s= +github.com/k3s-io/etcd/pkg/v3 v3.5.25-k3s2 h1:hN6R7TU+/dxsqy3wV3CwIa2a5b2ILNxEJen5lYfnLyY= +github.com/k3s-io/etcd/pkg/v3 v3.5.25-k3s2/go.mod h1:7Iblpd8vfikj+LBGqeJMYnEE028pCAdTolxuQTbl3M8= +github.com/k3s-io/etcd/raft/v3 v3.5.25-k3s2 h1:DR0vRVKlZdc1innysiwQ++CLb7FU4/2bXjoUQbPhOaI= +github.com/k3s-io/etcd/raft/v3 v3.5.25-k3s2/go.mod h1:Lo+X66UF2NPamAlswk5HeHdEXMHpBp4nYH7mjCk6p2k= +github.com/k3s-io/etcd/server/v3 v3.5.25-k3s2 h1:fA49dggKVMAc2AM3Tq8hK146dRkkSua7GCxEnogDfKw= +github.com/k3s-io/etcd/server/v3 v3.5.25-k3s2/go.mod h1:FEA8m9ioIsPieWqKOvzDf6bD/GeiQA0flsN3Ho/Errw= github.com/k3s-io/helm-controller v0.16.17 h1:VXMmXQmmTB49x6bnN/PsJUTVKHb0r69b+SffIDUTMTM= github.com/k3s-io/helm-controller v0.16.17/go.mod h1:jmrgGttLQbh2yB1kcf9XFAigNW6U8oWCswCSuEjkxXU= github.com/k3s-io/kine v0.14.9 h1:R4ZOeATGnDuwQ0fmY1bwQNVPDLowfpG15/pjh/hf1T8= diff --git a/pkg/cluster/bootstrap.go b/pkg/cluster/bootstrap.go index 7b55276afb27..397e33e92cc5 100644 --- a/pkg/cluster/bootstrap.go +++ b/pkg/cluster/bootstrap.go @@ -14,22 +14,19 @@ import ( "reflect" "strconv" "strings" - "sync" "time" "github.com/go-test/deep" "github.com/k3s-io/k3s/pkg/bootstrap" "github.com/k3s-io/k3s/pkg/clientaccess" "github.com/k3s-io/k3s/pkg/daemons/config" - "github.com/k3s-io/k3s/pkg/etcd" + "github.com/k3s-io/k3s/pkg/etcd/store" "github.com/k3s-io/k3s/pkg/util" "github.com/k3s-io/k3s/pkg/version" - "github.com/k3s-io/kine/pkg/client" - "github.com/k3s-io/kine/pkg/endpoint" "github.com/otiai10/copy" pkgerrors "github.com/pkg/errors" "github.com/sirupsen/logrus" - "k8s.io/apimachinery/pkg/util/wait" + "go.etcd.io/etcd/api/v3/mvccpb" ) // Bootstrap attempts to load a managed database driver, if one has been initialized or should be created/joined. @@ -67,10 +64,11 @@ func (c *Cluster) Bootstrap(ctx context.Context, clusterReset bool) error { return nil } } - // Not a secondary server or failed to reconcile via join URL, start up a temporary etcd - // with the local datastore and use that to reconcile. + // Not a secondary server or failed to reconcile via join URL, + // extract bootstrap data from a copy of the etcd mvcc store and reconcile + // against that. if err := c.reconcileEtcd(ctx); err != nil { - logrus.Fatalf("Failed to reconcile with temporary etcd: %v", err) + logrus.Fatalf("Failed to reconcile with local datastore: %v", err) } } } @@ -284,23 +282,23 @@ func (c *Cluster) ReconcileBootstrapData(ctx context.Context, buf io.ReadSeeker, return err } - var value *client.Value + var kv *mvccpb.KeyValue - storageClient, err := client.New(c.config.Runtime.EtcdConfig) + storageClient, err := store.NewTemporaryStore(filepath.Join(c.config.DataDir, "db", "etcd")) if err != nil { return err } defer storageClient.Close() - value, c.saveBootstrap, err = getBootstrapKeyFromStorage(ctx, storageClient, normalizedToken, token) + kv, c.saveBootstrap, err = getBootstrapKeyFromStorage(ctx, storageClient, normalizedToken, token) if err != nil { return err } - if value == nil { + if kv == nil { return nil } - dbRawData, err = decrypt(normalizedToken, value.Data) + dbRawData, err = decrypt(normalizedToken, kv.Value) if err != nil { return err } @@ -537,48 +535,13 @@ func ipsTo16Bytes(mySlice []*net.IPNet) { } } -// reconcileEtcd starts a temporary single-member etcd cluster using a copy of the -// etcd database, and uses it to reconcile bootstrap data. This is necessary -// because the full etcd cluster may not have quorum during startup, but we still -// need to extract data from the datastore. +// reconcileEtcd compares the current bootstrap data against a temporary copy of the data from +// the etcd datastore. func (c *Cluster) reconcileEtcd(ctx context.Context) error { - logrus.Info("Starting temporary etcd to reconcile with datastore") - - tempConfig := endpoint.ETCDConfig{Endpoints: []string{"http://127.0.0.1:2399"}} - originalConfig := c.config.Runtime.EtcdConfig - c.config.Runtime.EtcdConfig = tempConfig - reconcileCtx, cancel := context.WithCancel(ctx) - wg := &sync.WaitGroup{} - - defer func() { - cancel() - c.config.Runtime.EtcdConfig = originalConfig - wg.Wait() - }() - - e := etcd.NewETCD() - if err := e.SetControlConfig(c.config); err != nil { - return err - } - if err := e.StartEmbeddedTemporary(reconcileCtx, wg); err != nil { - return err - } - - if err := wait.PollUntilContextCancel(reconcileCtx, time.Second*5, true, func(ctx context.Context) (bool, error) { - if err := e.Test(ctx, true); err != nil && !errors.Is(err, etcd.ErrNotMember) { - logrus.Infof("Failed to test temporary data store connection: %v", err) - return false, nil - } - logrus.Info(e.EndpointName() + " temporary data store connection OK") - return true, nil - }); err != nil { - return err - } - data, err := c.readBootstrapFromDisk() if err != nil { return err } - return c.ReconcileBootstrapData(reconcileCtx, bytes.NewReader(data.Bytes()), &c.config.Runtime.ControlRuntimeBootstrap, false) + return c.ReconcileBootstrapData(ctx, bytes.NewReader(data.Bytes()), &c.config.Runtime.ControlRuntimeBootstrap, false) } diff --git a/pkg/cluster/storage.go b/pkg/cluster/storage.go index 0dcebe72d722..1007b3be1808 100644 --- a/pkg/cluster/storage.go +++ b/pkg/cluster/storage.go @@ -8,9 +8,10 @@ import ( "github.com/k3s-io/k3s/pkg/bootstrap" "github.com/k3s-io/k3s/pkg/daemons/config" + "github.com/k3s-io/k3s/pkg/etcd/store" "github.com/k3s-io/k3s/pkg/util" - "github.com/k3s-io/kine/pkg/client" "github.com/sirupsen/logrus" + "go.etcd.io/etcd/api/v3/mvccpb" "go.etcd.io/etcd/api/v3/v3rpc/rpctypes" "k8s.io/apimachinery/pkg/util/wait" ) @@ -30,7 +31,7 @@ func RotateBootstrapToken(ctx context.Context, config *config.Control, oldToken return err } - storageClient, err := client.New(config.Runtime.EtcdConfig) + storageClient, err := store.NewRemoteStore(config.Runtime.EtcdConfig) if err != nil { return err } @@ -38,7 +39,7 @@ func RotateBootstrapToken(ctx context.Context, config *config.Control, oldToken tokenKey := storageKey(normalizedToken) - var bootstrapList []client.Value + var bootstrapList []mvccpb.KeyValue if err := wait.PollUntilContextCancel(ctx, 5*time.Second, true, func(ctx context.Context) (bool, error) { bootstrapList, err = storageClient.List(ctx, "/bootstrap", 0) if err != nil { @@ -85,19 +86,19 @@ func Save(ctx context.Context, config *config.Control, override bool) error { return err } - storageClient, err := client.New(config.Runtime.EtcdConfig) + storageClient, err := store.NewRemoteStore(config.Runtime.EtcdConfig) if err != nil { return err } defer storageClient.Close() - currentKey, _, err := getBootstrapKeyFromStorage(ctx, storageClient, normalizedToken, token) + kv, _, err := getBootstrapKeyFromStorage(ctx, storageClient, normalizedToken, token) if err != nil { return err } // If there's an empty bootstrap key, then we've locked it and can override. - if currentKey != nil && len(currentKey.Data) == 0 { + if kv != nil && len(kv.Value) == 0 { logrus.Info("Bootstrap key lock is held") override = true } @@ -109,7 +110,7 @@ func Save(ctx context.Context, config *config.Control, override bool) error { if err != nil { return err } - return storageClient.Update(ctx, storageKey(normalizedToken), bsd.Modified, data) + return storageClient.Update(ctx, storageKey(normalizedToken), bsd.ModRevision, data) } logrus.Warn("Bootstrap key already exists") return nil @@ -125,7 +126,7 @@ func Save(ctx context.Context, config *config.Control, override bool) error { // bootstrapKeyData lists keys stored in the datastore with the prefix "/bootstrap", and // will return the first such key. It will return an error if not exactly one key is found. -func bootstrapKeyData(ctx context.Context, storageClient client.Client) (*client.Value, error) { +func bootstrapKeyData(ctx context.Context, storageClient store.ReadCloser) (*mvccpb.KeyValue, error) { bootstrapList, err := storageClient.List(ctx, "/bootstrap", 0) if err != nil { return nil, err @@ -163,7 +164,7 @@ func (c *Cluster) storageBootstrap(ctx context.Context) error { } } - storageClient, err := client.New(c.config.Runtime.EtcdConfig) + storageClient, err := store.NewRemoteStore(c.config.Runtime.EtcdConfig) if err != nil { return err } @@ -207,13 +208,13 @@ func (c *Cluster) storageBootstrap(ctx context.Context) error { ctx, cancel := context.WithTimeout(ctx, 10*time.Second) defer cancel() - value, saveBootstrap, err := getBootstrapKeyFromStorage(ctx, storageClient, normalizedToken, token) + kv, saveBootstrap, err := getBootstrapKeyFromStorage(ctx, storageClient, normalizedToken, token) c.saveBootstrap = saveBootstrap if err != nil { return false, err } - if value == nil { + if kv == nil { // No bootstrap keys found in the datastore - create an empty bootstrap key as a lock to // ensure that no other node races us to populate it. If we fail to create the key, then // some other node beat us to it and we should just wait for them to finish. @@ -228,14 +229,14 @@ func (c *Cluster) storageBootstrap(ctx context.Context) error { return true, nil } - if len(value.Data) == 0 { + if len(kv.Value) == 0 { // Empty (locked) bootstrap key found - check to see if we should continue waiting, or // delete it and attempt to retake the lock on the next iteration (assuming that the // other node failed while holding the lock). if attempts >= maxBootstrapWaitAttempts { logrus.Info("Bootstrap key lock timed out - deleting lock and retrying") attempts = 0 - if err := storageClient.Delete(ctx, tokenKey, value.Modified); err != nil { + if err := storageClient.Delete(ctx, tokenKey, kv.ModRevision); err != nil { return false, err } } else { @@ -244,7 +245,7 @@ func (c *Cluster) storageBootstrap(ctx context.Context) error { return false, nil } - data, err := decrypt(normalizedToken, value.Data) + data, err := decrypt(normalizedToken, kv.Value) if err != nil { return false, err } @@ -255,7 +256,7 @@ func (c *Cluster) storageBootstrap(ctx context.Context) error { // getBootstrapData makes a single attempt to retrieve and decrypt bootstrap data from the datastore. func (c *Cluster) getBootstrapData(ctx context.Context, token string) ([]byte, error) { - storageClient, err := client.New(c.config.Runtime.EtcdConfig) + storageClient, err := store.NewRemoteStore(c.config.Runtime.EtcdConfig) if err != nil { return nil, err } @@ -264,17 +265,17 @@ func (c *Cluster) getBootstrapData(ctx context.Context, token string) ([]byte, e ctx, cancel := context.WithTimeout(ctx, 10*time.Second) defer cancel() - value, err := storageClient.Get(ctx, storageKey(token)) + kv, err := storageClient.Get(ctx, storageKey(token)) if err != nil { return nil, err } - return decrypt(token, value.Data) + return decrypt(token, kv.Value) } // getBootstrapValues returns the value of all keys under the "/bootstrap" prefix, with a 10 second timeout. -func getBootstrapValues(ctx context.Context, storageClient client.Client) ([]client.Value, error) { - var bootstrapList []client.Value +func getBootstrapValues(ctx context.Context, storageClient store.ReadCloser) ([]mvccpb.KeyValue, error) { + var bootstrapList []mvccpb.KeyValue var err error if err := wait.PollUntilContextCancel(ctx, 5*time.Second, true, func(ctx context.Context) (bool, error) { @@ -300,7 +301,7 @@ func getBootstrapValues(ctx context.Context, storageClient client.Client) ([]cli // passed to it, it will return error if it finds a key that is hashed with different token and will return // value if it finds the key hashed by passed token or empty string. // Upon receiving a "not supported for learner" error from etcd, this function will retry until the context is cancelled. -func getBootstrapKeyFromStorage(ctx context.Context, storageClient client.Client, normalizedToken, oldToken string) (*client.Value, bool, error) { +func getBootstrapKeyFromStorage(ctx context.Context, storageClient store.ReadCloser, normalizedToken, oldToken string) (*mvccpb.KeyValue, bool, error) { emptyStringKey := storageKey("") tokenKey := storageKey(normalizedToken) @@ -316,8 +317,12 @@ func getBootstrapKeyFromStorage(ctx context.Context, storageClient client.Client logrus.Warn("found multiple bootstrap keys in storage") } // check for empty string key and for old token format with k10 prefix - if err := migrateTokens(ctx, bootstrapList, storageClient, emptyStringKey, tokenKey, normalizedToken, oldToken); err != nil { - return nil, false, err + if storageWriter, ok := storageClient.(store.ReadWriteCloser); ok { + if err := migrateTokens(ctx, bootstrapList, storageWriter, emptyStringKey, tokenKey, normalizedToken, oldToken); err != nil { + return nil, false, err + } + } else { + logrus.Debugf("Skipping bootstrap token migration checks: storage client %T is not writable", storageClient) } // getting the list of bootstrap again after migrating the empty key @@ -339,7 +344,7 @@ func getBootstrapKeyFromStorage(ctx context.Context, storageClient client.Client // migrateTokens will list all keys that has prefix /bootstrap and will check for key that is // hashed with empty string and keys that is hashed with old token format before normalizing // then migrate those and resave only with the normalized token -func migrateTokens(ctx context.Context, bootstrapList []client.Value, storageClient client.Client, emptyStringKey, tokenKey, token, oldToken string) error { +func migrateTokens(ctx context.Context, bootstrapList []mvccpb.KeyValue, storageClient store.ReadWriteCloser, emptyStringKey, tokenKey, token, oldToken string) error { oldTokenKey := storageKey(oldToken) for _, bootstrapKV := range bootstrapList { @@ -352,7 +357,7 @@ func migrateTokens(ctx context.Context, bootstrapList []client.Value, storageCli } } else if string(bootstrapKV.Key) == oldTokenKey && oldTokenKey != tokenKey { if emptyStringKey != "" { - logrus.Warn("bootstrap data encrypted with old token format string, deleting and resaving with token") + logrus.Warn("Bootstrap data encrypted with old token format string, deleting and resaving with token") } if err := doMigrateToken(ctx, storageClient, bootstrapKV, oldToken, oldTokenKey, token, tokenKey); err != nil { return err @@ -363,9 +368,9 @@ func migrateTokens(ctx context.Context, bootstrapList []client.Value, storageCli return nil } -func doMigrateToken(ctx context.Context, storageClient client.Client, keyValue client.Value, oldToken, oldTokenKey, newToken, newTokenKey string) error { +func doMigrateToken(ctx context.Context, storageClient store.ReadWriteCloser, kv mvccpb.KeyValue, oldToken, oldTokenKey, newToken, newTokenKey string) error { // make sure that the process is non-destructive by decrypting/re-encrypting/storing the data before deleting the old key - data, err := decrypt(oldToken, keyValue.Data) + data, err := decrypt(oldToken, kv.Value) if err != nil { return err } @@ -389,7 +394,7 @@ func doMigrateToken(ctx context.Context, storageClient client.Client, keyValue c logrus.Infof("created bootstrap key %s", newTokenKey) // deleting the old key - if err := storageClient.Delete(ctx, oldTokenKey, keyValue.Modified); err != nil { + if err := storageClient.Delete(ctx, oldTokenKey, kv.ModRevision); err != nil { logrus.Warnf("failed to delete old bootstrap key %s", oldTokenKey) } diff --git a/pkg/etcd/etcd.go b/pkg/etcd/etcd.go index 1e4fb6d7ca2d..49f22a25b22a 100644 --- a/pkg/etcd/etcd.go +++ b/pkg/etcd/etcd.go @@ -28,7 +28,6 @@ import ( "github.com/k3s-io/k3s/pkg/daemons/executor" "github.com/k3s-io/k3s/pkg/etcd/s3" "github.com/k3s-io/k3s/pkg/etcd/snapshot" - embedded "github.com/k3s-io/k3s/pkg/executor/embed/etcd" "github.com/k3s-io/k3s/pkg/server/auth" "github.com/k3s-io/k3s/pkg/signals" "github.com/k3s-io/k3s/pkg/util" @@ -36,7 +35,6 @@ import ( kine "github.com/k3s-io/kine/pkg/app" "github.com/k3s-io/kine/pkg/client" "github.com/k3s-io/kine/pkg/endpoint" - "github.com/otiai10/copy" pkgerrors "github.com/pkg/errors" certutil "github.com/rancher/dynamiclistener/cert" controllerv1 "github.com/rancher/wrangler/v3/pkg/generated/controllers/core/v1" @@ -1072,74 +1070,6 @@ func (e *ETCD) cluster(ctx context.Context, wg *sync.WaitGroup, reset bool, opti }, e.config.ExtraEtcdArgs, e.Test) } -func (e *ETCD) StartEmbeddedTemporary(ctx context.Context, wg *sync.WaitGroup) error { - etcdDataDir := dbDir(e.config) - tmpDataDir := etcdDataDir + "-tmp" - os.RemoveAll(tmpDataDir) - - go func() { - <-ctx.Done() - if err := os.RemoveAll(tmpDataDir); err != nil { - logrus.Warnf("Failed to remove etcd temp dir: %v", err) - } - }() - - if e.client != nil { - return errors.New("etcd datastore already started") - } - - client, conn, err := getClient(ctx, e.config) - if err != nil { - return err - } - e.client = client - - go func() { - <-ctx.Done() - e.client = nil - conn.Close() - }() - - if err := copy.Copy(etcdDataDir, tmpDataDir, copy.Options{PreserveOwner: true}); err != nil { - return err - } - - endpoints := getEndpoints(e.config) - clientURL := endpoints[0] - // peer URL is usually 1 more than client - peerURL, err := addPort(endpoints[0], 1) - if err != nil { - return err - } - // client http URL is usually 3 more than client, after peer and metrics - clientHTTPURL, err := addPort(endpoints[0], 3) - if err != nil { - return err - } - - return embedded.StartETCD(ctx, wg, &executor.ETCDConfig{ - InitialOptions: executor.InitialOptions{AdvertisePeerURL: peerURL}, - DataDir: tmpDataDir, - ForceNewCluster: true, - AdvertiseClientURLs: clientURL, - ListenClientURLs: clientURL, - ListenClientHTTPURLs: clientHTTPURL, - ListenPeerURLs: peerURL, - Logger: "zap", - LogOutputs: []string{"stderr"}, - HeartbeatInterval: 500, - ElectionTimeout: 5000, - SnapshotCount: 10000, - Name: e.name, - SocketOpts: executor.ETCDSocketOpts{ - ReuseAddress: true, - ReusePort: true, - }, - ExperimentalInitialCorruptCheck: true, - ExperimentalWatchProgressNotifyInterval: e.config.Datastore.NotifyInterval, - }, append(e.config.ExtraEtcdArgs, "--max-snapshots=0", "--max-wals=0")) -} - func addPort(address string, offset int) (string, error) { u, err := url.Parse(address) if err != nil { diff --git a/pkg/etcd/store/store.go b/pkg/etcd/store/store.go new file mode 100644 index 000000000000..7375ee45c378 --- /dev/null +++ b/pkg/etcd/store/store.go @@ -0,0 +1,279 @@ +package store + +import ( + "context" + "errors" + "fmt" + "os" + "time" + + "github.com/k3s-io/kine/pkg/endpoint" + "github.com/otiai10/copy" + "github.com/rancher/wrangler/v3/pkg/merr" + "github.com/sirupsen/logrus" + "go.etcd.io/etcd/api/v3/mvccpb" + "go.etcd.io/etcd/client/pkg/v3/logutil" + clientv3 "go.etcd.io/etcd/client/v3" + "go.etcd.io/etcd/server/v3/config" + "go.etcd.io/etcd/server/v3/etcdserver" + "go.etcd.io/etcd/server/v3/etcdserver/api/snap" + "go.etcd.io/etcd/server/v3/etcdserver/cindex" + "go.etcd.io/etcd/server/v3/lease" + "go.etcd.io/etcd/server/v3/mvcc" + "go.etcd.io/etcd/server/v3/mvcc/backend" + "go.etcd.io/etcd/server/v3/wal" + "go.uber.org/zap/zapcore" +) + +// ReadCloser is a generic wrapper around a MVCC store that provides only read/close functions +type ReadCloser interface { + List(ctx context.Context, key string, rev int64) ([]mvccpb.KeyValue, error) + Get(ctx context.Context, key string) (mvccpb.KeyValue, error) + Close() error +} + +type ReadWriteCloser interface { + ReadCloser + Create(ctx context.Context, key string, value []byte) error + Update(ctx context.Context, key string, revision int64, value []byte) error + Delete(ctx context.Context, key string, revision int64) error +} + +// explicit interface check +var _ ReadWriteCloser = &RemoteStore{} + +// RemoteStore is a wrapper around a remote etcd datastore. +// This is much like kine/pkg/client.Client but it uses the native +// mvccpb types for interop with the raw MVCC stores +type RemoteStore struct { + client *clientv3.Client +} + +func NewRemoteStore(config endpoint.ETCDConfig) (*RemoteStore, error) { + tlsConfig, err := config.TLSConfig.ClientConfig() + if err != nil { + return nil, err + } + + logger, err := logutil.CreateDefaultZapLogger(zapcore.InfoLevel) + if err != nil { + return nil, err + } + + c, err := clientv3.New(clientv3.Config{ + Endpoints: config.Endpoints, + DialTimeout: 5 * time.Second, + Logger: logger, + TLS: tlsConfig, + }) + if err != nil { + return nil, err + } + + return &RemoteStore{client: c}, nil +} + +func (r *RemoteStore) List(ctx context.Context, key string, rev int64) ([]mvccpb.KeyValue, error) { + resp, err := r.client.Get(ctx, key, clientv3.WithPrefix(), clientv3.WithRev(rev)) + if err != nil { + return nil, err + } + vals := make([]mvccpb.KeyValue, len(resp.Kvs)) + for i := range resp.Kvs { + vals[i] = *resp.Kvs[i] + } + return vals, nil +} + +func (r *RemoteStore) Get(ctx context.Context, key string) (mvccpb.KeyValue, error) { + resp, err := r.client.Get(ctx, key) + if err != nil { + return mvccpb.KeyValue{}, err + } + if len(resp.Kvs) == 1 { + return *resp.Kvs[0], nil + } + return mvccpb.KeyValue{}, etcdserver.ErrKeyNotFound +} + +func (r *RemoteStore) Close() error { + return r.client.Close() +} + +func (r *RemoteStore) Create(ctx context.Context, key string, value []byte) error { + resp, err := r.client.Txn(ctx). + If(clientv3.Compare(clientv3.ModRevision(key), "=", 0)). + Then(clientv3.OpPut(key, string(value))). + Commit() + if err != nil { + return err + } + if !resp.Succeeded { + return errors.New("key exists") + } + return nil +} + +func (r *RemoteStore) Update(ctx context.Context, key string, revision int64, value []byte) error { + resp, err := r.client.Txn(ctx). + If(clientv3.Compare(clientv3.ModRevision(key), "=", revision)). + Then(clientv3.OpPut(key, string(value))). + Else(clientv3.OpGet(key)). + Commit() + if err != nil { + return err + } + if !resp.Succeeded { + return fmt.Errorf("revision %d doesnt match", revision) + } + return nil +} + +func (r *RemoteStore) Delete(ctx context.Context, key string, revision int64) error { + resp, err := r.client.Txn(ctx). + If(clientv3.Compare(clientv3.ModRevision(key), "=", revision)). + Then(clientv3.OpDelete(key)). + Else(clientv3.OpGet(key)). + Commit() + if err != nil { + return err + } + if !resp.Succeeded { + return fmt.Errorf("revision %d doesnt match", revision) + } + return nil +} + +// explicit interface check +var _ ReadCloser = &TemporaryStore{} + +// TemporaryStore is a wrapper around Store. A temporary copy of the specified +// etcd database files is created when the store is opened, and the files +// are deleted when it is closed. +type TemporaryStore struct { + store *Store + dataDir string +} + +func NewTemporaryStore(dataDir string) (*TemporaryStore, error) { + tempDir := dataDir + "-tmp" + if err := os.RemoveAll(tempDir); err != nil { + return nil, err + } + + if err := copy.Copy(dataDir, tempDir, copy.Options{PreserveOwner: true}); err != nil { + return nil, err + } + + s, err := NewStore(tempDir) + if err != nil { + return nil, err + } + + return &TemporaryStore{store: s, dataDir: tempDir}, nil +} + +func (t *TemporaryStore) List(ctx context.Context, key string, rev int64) ([]mvccpb.KeyValue, error) { + return t.store.List(ctx, key, rev) +} + +func (t *TemporaryStore) Get(ctx context.Context, key string) (mvccpb.KeyValue, error) { + return t.store.Get(ctx, key) +} + +func (t *TemporaryStore) Close() error { + return merr.NewErrors(t.store.Close(), os.RemoveAll(t.dataDir)) +} + +// explicit interface check +var _ ReadCloser = &Store{} + +// Store is a wrapper around an etcd MVCC store. It provides many of the same interfaces as +// a running etcd server, but without any of the raft clustering bits, by directly opening +// the bbolt database. +type Store struct { + kv mvcc.KV +} + +func NewStore(dataDir string) (*Store, error) { + var currentIndex, latestIndex uint64 + logger, err := logutil.CreateDefaultZapLogger(zapcore.InfoLevel) + if err != nil { + return nil, err + } + + cfg := config.ServerConfig{Logger: logger, DataDir: dataDir} + logrus.Infof("Opening etcd MVCC KV store at %s", cfg.BackendPath()) + + // open backend database + bcfg := backend.DefaultBackendConfig() + bcfg.Path = cfg.BackendPath() + bcfg.Logger = logger + bcfg.UnsafeNoFsync = true + bcfg.BatchInterval = 0 + bcfg.BatchLimit = 0 + be := backend.New(bcfg) + + // get current index from backend + currentIndex, _ = cindex.ReadConsistentIndex(be.ReadTx()) + + // list snapshots from WAL dir + walSnaps, err := wal.ValidSnapshotEntries(cfg.Logger, cfg.WALDir()) + if err != nil { + return nil, err + } + + // find latest available snapshot index + ss := snap.New(logger, cfg.SnapDir()) + snapshot, err := ss.LoadNewestAvailable(walSnaps) + if err != nil && !errors.Is(err, snap.ErrNoSnapshot) { + return nil, err + } + if snapshot != nil { + latestIndex = snapshot.Metadata.Index + } + + // restore from snapshot if available + if latestIndex > currentIndex { + logrus.Warnf("MVCC database index %d is less than latest snapshot index %d", currentIndex, latestIndex) + path, err := ss.DBFilePath(latestIndex) + if err != nil { + logrus.Warnf("MVCC database for snapshot index %d not available; data may be stale", latestIndex) + } else { + logrus.Infof("MVCC database restoring snapshot index %d from %s", latestIndex, path) + be, err = etcdserver.RecoverSnapshotBackend(cfg, be, *snapshot, true, etcdserver.NewBackendHooks(cfg.Logger, cindex.NewConsistentIndex(nil))) + if err != nil { + be.Close() + return nil, err + } + } + } + + return &Store{kv: mvcc.NewStore(cfg.Logger, be, &lease.FakeLessor{}, mvcc.StoreConfig{})}, nil +} + +func (s *Store) Close() error { + logrus.Info("Closing etcd MVCC KV store") + return s.kv.Close() +} + +func (s *Store) List(ctx context.Context, key string, rev int64) ([]mvccpb.KeyValue, error) { + resp, err := s.kv.Range(ctx, []byte(key), []byte(key+"\xff"), mvcc.RangeOptions{Rev: rev}) + if err != nil { + return nil, err + } + return resp.KVs, nil +} + +func (s *Store) Get(ctx context.Context, key string) (mvccpb.KeyValue, error) { + resp, err := s.kv.Range(ctx, []byte(key), nil, mvcc.RangeOptions{}) + if err != nil { + return mvccpb.KeyValue{}, err + } + + if len(resp.KVs) == 1 { + return resp.KVs[0], nil + } + + return mvccpb.KeyValue{}, etcdserver.ErrKeyNotFound +} From e934e3bd43dd5df2e408d791d2c15e5c3c5f9e9c Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Fri, 19 Dec 2025 19:43:51 +0000 Subject: [PATCH 36/48] Fix etcd reconcile with empty TLS dirs Reconcile against local etcd would short-circuit and skip reading from the datastore if the cert dirs were missing. Signed-off-by: Brad Davidson (cherry picked from commit 0563fc258f174eb802e05e42f3e3f618e6b0e85d) Signed-off-by: Brad Davidson --- pkg/cluster/bootstrap.go | 36 +++++++++++++++-------------------- pkg/cluster/bootstrap_test.go | 8 ++++---- 2 files changed, 19 insertions(+), 25 deletions(-) diff --git a/pkg/cluster/bootstrap.go b/pkg/cluster/bootstrap.go index 397e33e92cc5..c5c2d76e7ada 100644 --- a/pkg/cluster/bootstrap.go +++ b/pkg/cluster/bootstrap.go @@ -67,9 +67,10 @@ func (c *Cluster) Bootstrap(ctx context.Context, clusterReset bool) error { // Not a secondary server or failed to reconcile via join URL, // extract bootstrap data from a copy of the etcd mvcc store and reconcile // against that. - if err := c.reconcileEtcd(ctx); err != nil { - logrus.Fatalf("Failed to reconcile with local datastore: %v", err) + if err := c.ReconcileBootstrapData(ctx, nil, &c.config.Runtime.ControlRuntimeBootstrap, false); err != nil { + return pkgerrors.WithMessage(err, "failed to reconcile with local datastore") } + logrus.Info("Successfully reconciled with local datastore") } } @@ -157,9 +158,10 @@ func isDirEmpty(name string) (bool, error) { return false, err } -// certDirsExist checks to see if the directories -// that contain the needed certificates exist. -func (c *Cluster) certDirsExist() error { +// checkCertDirs checks to see if the directories +// that contain the server certificates exist. +// An error is returned if any dirs are missing or empty. +func (c *Cluster) checkCertDirs() error { bootstrapDirs := []string{ "cred", "tls", @@ -244,7 +246,7 @@ func isMigrated(buf io.ReadSeeker, files *bootstrap.PathsDataformat) bool { func (c *Cluster) ReconcileBootstrapData(ctx context.Context, buf io.ReadSeeker, crb *config.ControlRuntimeBootstrap, isHTTP bool) error { logrus.Info("Reconciling bootstrap data between datastore and disk") - if err := c.certDirsExist(); err != nil { + if err := c.checkCertDirs(); err != nil && buf != nil { // we need to see if the data has been migrated before writing to disk. This // is because the data may have been given to us via the HTTP bootstrap process // from an older version of k3s. That version might not have the new data format @@ -261,7 +263,6 @@ func (c *Cluster) ReconcileBootstrapData(ctx context.Context, buf io.ReadSeeker, return bootstrap.WriteToDiskFromStorage(files, crb) } - var dbRawData []byte if c.managedDB != nil && !isHTTP { token := c.config.Token if token == "" { @@ -294,11 +295,11 @@ func (c *Cluster) ReconcileBootstrapData(ctx context.Context, buf io.ReadSeeker, if err != nil { return err } - if kv == nil { - return nil + if kv == nil || len(kv.Value) == 0 { + return errors.New("no bootstrap data found in datastore - check server token value and verify datastore integrity") } - dbRawData, err = decrypt(normalizedToken, kv.Value) + dbRawData, err := decrypt(normalizedToken, kv.Value) if err != nil { return err } @@ -306,6 +307,10 @@ func (c *Cluster) ReconcileBootstrapData(ctx context.Context, buf io.ReadSeeker, buf = bytes.NewReader(dbRawData) } + if buf == nil { + return errors.New("no bootstrap data is available to reconcile against") + } + paths, err := bootstrap.ObjToMap(crb) if err != nil { return err @@ -534,14 +539,3 @@ func ipsTo16Bytes(mySlice []*net.IPNet) { ipNet.IP = ipNet.IP.To16() } } - -// reconcileEtcd compares the current bootstrap data against a temporary copy of the data from -// the etcd datastore. -func (c *Cluster) reconcileEtcd(ctx context.Context) error { - data, err := c.readBootstrapFromDisk() - if err != nil { - return err - } - - return c.ReconcileBootstrapData(ctx, bytes.NewReader(data.Bytes()), &c.config.Runtime.ControlRuntimeBootstrap, false) -} diff --git a/pkg/cluster/bootstrap_test.go b/pkg/cluster/bootstrap_test.go index f8d212656987..101b617a1f6d 100644 --- a/pkg/cluster/bootstrap_test.go +++ b/pkg/cluster/bootstrap_test.go @@ -78,7 +78,7 @@ func Test_isDirEmpty(t *testing.T) { } } -func TestCluster_certDirsExist(t *testing.T) { +func TestCluster_checkCertrtDirs(t *testing.T) { const testDataDir = "/tmp/k3s/" testCredDir := filepath.Join(testDataDir, "server", "cred") @@ -134,11 +134,11 @@ func TestCluster_certDirsExist(t *testing.T) { } defer tt.teardown() if err := tt.setup(); err != nil { - t.Errorf("Setup for Cluster.certDirsExist() failed = %v", err) + t.Errorf("Setup for Cluster.checkCertDirs() failed = %v", err) return } - if err := c.certDirsExist(); (err != nil) != tt.wantErr { - t.Errorf("Cluster.certDirsExist() error = %v, wantErr %v", err, tt.wantErr) + if err := c.checkCertDirs(); (err != nil) != tt.wantErr { + t.Errorf("Cluster.checkCertDirs() error = %v, wantErr %v", err, tt.wantErr) } }) } From f09b5c63025221d43a53402413b0fd53ed411d5c Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Fri, 19 Dec 2025 21:38:59 +0000 Subject: [PATCH 37/48] Add tests for etcd local reconcile Signed-off-by: Brad Davidson (cherry picked from commit ae59cd01735c434c68afdcbb5b1e9399b9e3f6d9) Signed-off-by: Brad Davidson --- tests/integration/startup/startup_int_test.go | 77 +++++++++++++++++++ 1 file changed, 77 insertions(+) diff --git a/tests/integration/startup/startup_int_test.go b/tests/integration/startup/startup_int_test.go index e279859702af..19f305f333ed 100644 --- a/tests/integration/startup/startup_int_test.go +++ b/tests/integration/startup/startup_int_test.go @@ -318,6 +318,83 @@ var _ = Describe("startup tests", Ordered, func() { Expect(testutil.K3sCleanup(-1, "")).To(Succeed()) }) }) + // test for etcd reconcile restoring the correct CAs + When("a server with embedded etcd", func() { + var serverCA string + It("is created", func() { + var err error + startupServerArgs = []string{"--cluster-init"} + startupServer, err = testutil.K3sStartServer(startupServerArgs...) + Expect(err).ToNot(HaveOccurred()) + }) + It("has the default pods deployed", func() { + Eventually(func() error { + return tests.CheckDefaultDeployments(testutil.DefaultConfig) + }, "120s", "5s").Should(Succeed()) + }) + It("has a server CA", func() { + var err error + serverCA, err = testutil.RunCommand("cat /var/lib/rancher/k3s/server/tls/server-ca.crt") + Expect(err).ToNot(HaveOccurred()) + }) + It("restarts the server", func() { + var err error + Expect(testutil.K3sStopServer(startupServer)).To(Succeed()) + _, err = testutil.RunCommand("rm -rf /var/lib/rancher/k3s/server/tls") + Expect(err).ToNot(HaveOccurred()) + startupServer, err = testutil.K3sStartServer(startupServerArgs...) + Expect(err).ToNot(HaveOccurred()) + Eventually(func() error { + return tests.CheckDefaultDeployments(testutil.DefaultConfig) + }, "180s", "5s").Should(Succeed()) + }) + It("has the same server CA", func() { + newCA, err := testutil.RunCommand("cat /var/lib/rancher/k3s/server/tls/server-ca.crt") + Expect(err).ToNot(HaveOccurred()) + Expect(newCA).To(Equal(serverCA)) + }) + It("dies cleanly", func() { + Expect(testutil.K3sKillServer(startupServer)).To(Succeed()) + Expect(testutil.K3sCleanup(-1, "")).To(Succeed()) + }) + }) + // test for etcd reconcile with invalid token + When("a server with embedded etcd", func() { + It("is created", func() { + var err error + startupServerArgs = []string{"--cluster-init", "--token=goodtoken"} + startupServer, err = testutil.K3sStartServer(startupServerArgs...) + Expect(err).ToNot(HaveOccurred()) + }) + It("has the default pods deployed", func() { + Eventually(func() error { + return tests.CheckDefaultDeployments(testutil.DefaultConfig) + }, "120s", "5s").Should(Succeed()) + }) + It("fails to restart the server with invalid token", func() { + var err error + Expect(testutil.K3sStopServer(startupServer)).To(Succeed()) + startupServerArgs = []string{"--cluster-init", "--token=badtoken"} + startupServer, err = testutil.K3sStartServer(startupServerArgs...) + Expect(err).NotTo(HaveOccurred()) + }) + It("search for the error log", func() { + Eventually(func() error { + match, err := testutil.SearchK3sLog(startupServer, "bootstrap data already found and encrypted with different token") + if err != nil { + return err + } + if match { + return nil + } + return errors.New("no error found for invalid bootstrap token") + }, "30s", "2s").Should(Succeed()) + }) + It("dies cleanly", func() { + Expect(testutil.K3sKillServer(startupServer)).To(Succeed()) + Expect(testutil.K3sCleanup(-1, "")).To(Succeed()) + }) + }) When("a server with datastore-endpoint and disable apiserver is created", func() { It("is created with datastore-endpoint and disable apiserver flags", func() { var err error From 0b152f7ce1adff80d567a571e45f73fdcb898eea Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Tue, 6 Jan 2026 19:09:59 +0000 Subject: [PATCH 38/48] Remove flannel external-ip annotations when disabled Signed-off-by: Brad Davidson (cherry picked from commit 1f2f610b5a2af1c1808b300557316e2898c28bf1) Signed-off-by: Brad Davidson --- pkg/agent/flannel/setup.go | 31 ++++++++++++++++++++++--------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/pkg/agent/flannel/setup.go b/pkg/agent/flannel/setup.go index 7e17f1c90dd1..59d0fd65bfea 100644 --- a/pkg/agent/flannel/setup.go +++ b/pkg/agent/flannel/setup.go @@ -83,10 +83,10 @@ func Run(ctx context.Context, wg *sync.WaitGroup, nodeConfig *config.Node) error return err } - // use the kubelet kubeconfig to add node annotations, as the k3s-controller + // use the kubelet kubeconfig to sync node annotations, as the k3s-controller // rbac does not allow create or update of nodes. - if err := setAnnotations(ctx, nodeConfig, coreClient); err != nil { - return pkgerrors.WithMessage(err, "flannel failed to set address annotations") + if err := syncAnnotations(ctx, nodeConfig, coreClient); err != nil { + return pkgerrors.WithMessage(err, "flannel failed to sync address annotations") } resourceAttrs := authorizationv1.ResourceAttributes{Verb: "list", Resource: "nodes"} @@ -283,19 +283,32 @@ func findNetMode(cidrs []*net.IPNet) (netMode, error) { return 0, errors.New("Failed checking netMode") } -func setAnnotations(ctx context.Context, nodeConfig *config.Node, coreClient kubernetes.Interface) error { +func syncAnnotations(ctx context.Context, nodeConfig *config.Node, coreClient kubernetes.Interface) error { + nodes := coreClient.CoreV1().Nodes() + node, err := nodes.Get(ctx, nodeConfig.AgentConfig.NodeName, metav1.GetOptions{}) + if err != nil { + return err + } + patch := util.NewPatchList() - patcher := util.NewPatcher[*v1.Node](coreClient.CoreV1().Nodes()) - if nodeConfig.AgentConfig.NodeExternalIP != "" && nodeConfig.Flannel.ExternalIP { + patcher := util.NewPatcher[*v1.Node](nodes) + if nodeConfig.Flannel.ExternalIP { for _, ipAddress := range nodeConfig.AgentConfig.NodeExternalIPs { - if utilsnet.IsIPv4(ipAddress) { + if utilsnet.IsIPv4(ipAddress) && node.Annotations[ExternalIPv4Annotation] != ipAddress.String() { patch.Add(ipAddress.String(), "metadata", "annotations", ExternalIPv4Annotation) } - if utilsnet.IsIPv6(ipAddress) { + if utilsnet.IsIPv6(ipAddress) && node.Annotations[ExternalIPv6Annotation] != ipAddress.String() { patch.Add(ipAddress.String(), "metadata", "annotations", ExternalIPv6Annotation) } } + } else { + if _, ok := node.Annotations[ExternalIPv4Annotation]; ok { + patch.Remove("metadata", "annotations", ExternalIPv4Annotation) + } + if _, ok := node.Annotations[ExternalIPv6Annotation]; ok { + patch.Remove("metadata", "annotations", ExternalIPv6Annotation) + } } - _, err := patcher.Patch(ctx, patch, nodeConfig.AgentConfig.NodeName) + _, err = patcher.Patch(ctx, patch, nodeConfig.AgentConfig.NodeName) return err } From c611816ed278dcb0b5afb70a02b9a9c00a72fb0c Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Wed, 7 Jan 2026 18:28:40 +0000 Subject: [PATCH 39/48] Bump CNI plugins Signed-off-by: Brad Davidson (cherry picked from commit ade30b4568879f3081b202ac65ffae3876cffdf5) Signed-off-by: Brad Davidson --- go.mod | 41 ++++++++++++++++++------------------- go.sum | 50 ++++++++++++++++++++++++---------------------- scripts/version.sh | 4 ++-- 3 files changed, 49 insertions(+), 46 deletions(-) diff --git a/go.mod b/go.mod index f8a6f7453382..e0ee341f2ece 100644 --- a/go.mod +++ b/go.mod @@ -95,7 +95,7 @@ require ( github.com/docker/docker v28.1.1+incompatible github.com/dustin/go-humanize v1.0.1 github.com/erikdubbelboer/gspt v0.0.0-20190125194910-e68493906b83 - github.com/flannel-io/flannel v0.27.4 + github.com/flannel-io/flannel v0.28.0 github.com/fsnotify/fsnotify v1.9.0 github.com/go-logr/logr v1.4.3 github.com/go-test/deep v1.0.7 @@ -118,8 +118,8 @@ require ( github.com/moby/sys/userns v0.1.0 github.com/mwitkow/go-http-dialer v0.0.0-20161116154839-378f744fb2b8 github.com/natefinch/lumberjack v2.0.0+incompatible - github.com/onsi/ginkgo/v2 v2.23.4 - github.com/onsi/gomega v1.37.0 + github.com/onsi/ginkgo/v2 v2.25.1 + github.com/onsi/gomega v1.38.1 github.com/opencontainers/cgroups v0.0.4 github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.1.1 @@ -143,18 +143,18 @@ require ( github.com/urfave/cli/v2 v2.27.7 github.com/vishvananda/netlink v1.3.1 github.com/yl2chen/cidranger v1.0.2 - go.etcd.io/etcd/api/v3 v3.6.6 - go.etcd.io/etcd/client/pkg/v3 v3.6.6 - go.etcd.io/etcd/client/v3 v3.6.6 + go.etcd.io/etcd/api/v3 v3.6.7 + go.etcd.io/etcd/client/pkg/v3 v3.6.7 + go.etcd.io/etcd/client/v3 v3.6.7 go.etcd.io/etcd/etcdutl/v3 v3.5.18 - go.etcd.io/etcd/server/v3 v3.6.6 + go.etcd.io/etcd/server/v3 v3.6.7 go.uber.org/mock v0.5.2 go.uber.org/zap v1.27.1 - golang.org/x/crypto v0.42.0 - golang.org/x/mod v0.28.0 - golang.org/x/net v0.44.0 - golang.org/x/sync v0.17.0 - golang.org/x/sys v0.36.0 + golang.org/x/crypto v0.45.0 + golang.org/x/mod v0.29.0 + golang.org/x/net v0.47.0 + golang.org/x/sync v0.19.0 + golang.org/x/sys v0.39.0 google.golang.org/grpc v1.75.1 gopkg.in/yaml.v2 v2.4.0 k8s.io/api v0.34.2 @@ -199,6 +199,7 @@ require ( github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect github.com/JeffAshton/win_pdh v0.0.0-20161109143554-76bb4ee9f0ab // indirect github.com/MakeNowJust/heredoc v1.0.0 // indirect + github.com/Masterminds/semver/v3 v3.4.0 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect github.com/Microsoft/hnslib v0.1.1 // indirect github.com/NYTimes/gziphandler v1.1.1 // indirect @@ -206,7 +207,7 @@ require ( github.com/antithesishq/antithesis-sdk-go v0.5.0 // indirect github.com/armon/circbuf v0.0.0-20190214190532-5111143e8da2 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect - github.com/avast/retry-go/v4 v4.6.1 // indirect + github.com/avast/retry-go/v4 v4.7.0 // indirect github.com/benbjohnson/clock v1.3.5 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver v3.5.1+incompatible // indirect @@ -235,7 +236,7 @@ require ( github.com/containerd/ttrpc v1.2.7 // indirect github.com/containerd/typeurl/v2 v2.2.3 // indirect github.com/containernetworking/cni v1.3.0 // indirect - github.com/containernetworking/plugins v1.7.1 // indirect + github.com/containernetworking/plugins v1.9.0 // indirect github.com/containers/ocicrypt v1.2.1 // indirect github.com/coreos/go-oidc v2.3.0+incompatible // indirect github.com/coreos/go-semver v0.3.1 // indirect @@ -297,7 +298,7 @@ require ( github.com/google/go-tpm v0.9.6 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/gopacket v1.1.19 // indirect - github.com/google/pprof v0.0.0-20250607225305-033d6d78b36a // indirect + github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect @@ -460,7 +461,7 @@ require ( github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect go.etcd.io/bbolt v1.4.3 // indirect go.etcd.io/etcd/client/v2 v2.305.25 // indirect - go.etcd.io/etcd/pkg/v3 v3.6.6 // indirect + go.etcd.io/etcd/pkg/v3 v3.6.7 // indirect go.etcd.io/etcd/raft/v3 v3.5.25 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/auto/sdk v1.1.0 // indirect @@ -482,11 +483,11 @@ require ( go.yaml.in/yaml/v3 v3.0.4 // indirect golang.org/x/exp v0.0.0-20250911091902-df9299821621 // indirect golang.org/x/oauth2 v0.30.0 // indirect - golang.org/x/telemetry v0.0.0-20250908211612-aef8a434d053 // indirect - golang.org/x/term v0.35.0 // indirect - golang.org/x/text v0.29.0 // indirect + golang.org/x/telemetry v0.0.0-20251008203120-078029d740a8 // indirect + golang.org/x/term v0.37.0 // indirect + golang.org/x/text v0.31.0 // indirect golang.org/x/time v0.13.0 // indirect - golang.org/x/tools v0.37.0 // indirect + golang.org/x/tools v0.38.0 // indirect golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173 // indirect golang.zx2c4.com/wireguard/wgctrl v0.0.0-20241231184526-a9ab2273dd10 // indirect gonum.org/v1/gonum v0.16.0 // indirect diff --git a/go.sum b/go.sum index 266da4cead87..2f938a86a739 100644 --- a/go.sum +++ b/go.sum @@ -244,6 +244,8 @@ github.com/JeffAshton/win_pdh v0.0.0-20161109143554-76bb4ee9f0ab/go.mod h1:3VYc5 github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c/go.mod h1:X0CRv0ky0k6m906ixxpzmDRLvX58TFUKS2eePweuyxk= github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ= github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE= +github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0= +github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/Microsoft/hcsshim v0.13.0 h1:/BcXOiS6Qi7N9XqUcv27vkIuVOkBEcWstd2pMlWSeaA= @@ -276,8 +278,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= -github.com/avast/retry-go/v4 v4.6.1 h1:VkOLRubHdisGrHnTu89g08aQEWEgRU7LVEop3GbIcMk= -github.com/avast/retry-go/v4 v4.6.1/go.mod h1:V6oF8njAwxJ5gRo1Q7Cxab24xs5NCWZBeaHHBklR8mA= +github.com/avast/retry-go/v4 v4.7.0 h1:yjDs35SlGvKwRNSykujfjdMxMhMQQM0TnIjJaHB+Zio= +github.com/avast/retry-go/v4 v4.7.0/go.mod h1:ZMPDa3sY2bKgpLtap9JRUgk2yTAba7cgiFhqxY2Sg6Q= github.com/bahlo/generic-list-go v0.2.0 h1:5sz/EEAK+ls5wF+NeqDpk5+iNdMDXrh3z3nPnH1Wvgk= github.com/bahlo/generic-list-go v0.2.0/go.mod h1:2KvAjgMlE5NNynlg/5iLrrCCZ2+5xWbdbCW3pNTGyYg= github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= @@ -372,8 +374,8 @@ github.com/containerd/zfs/v2 v2.0.0-rc.0 h1:0dRlgpoaepW7HuovtcvYQMF7NlpceQVdn7+3 github.com/containerd/zfs/v2 v2.0.0-rc.0/go.mod h1:g36g/XCEGDRxUXIFdM3oWAEvmTvhfz/eKWElqg4Secw= github.com/containernetworking/cni v1.3.0 h1:v6EpN8RznAZj9765HhXQrtXgX+ECGebEYEmnuFjskwo= github.com/containernetworking/cni v1.3.0/go.mod h1:Bs8glZjjFfGPHMw6hQu82RUgEPNGEaBb9KS5KtNMnJ4= -github.com/containernetworking/plugins v1.7.1 h1:CNAR0jviDj6FS5Vg85NTgKWLDzZPfi/lj+VJfhMDTIs= -github.com/containernetworking/plugins v1.7.1/go.mod h1:xuMdjuio+a1oVQsHKjr/mgzuZ24leAsqUYRnzGoXHy0= +github.com/containernetworking/plugins v1.9.0 h1:Mg3SXBdRGkdXyFC4lcwr6u2ZB2SDeL6LC3U+QrEANuQ= +github.com/containernetworking/plugins v1.9.0/go.mod h1:JG3BxoJifxxHBhG3hFyxyhid7JgRVBu/wtooGEvWf1c= github.com/containers/ocicrypt v1.2.1 h1:0qIOTT9DoYwcKmxSt8QJt+VzMY18onl9jUXsxpVhSmM= github.com/containers/ocicrypt v1.2.1/go.mod h1:aD0AAqfMp0MtwqWgHM1bUwe1anx0VazI108CRrSKINQ= github.com/coreos/go-iptables v0.8.0 h1:MPc2P89IhuVpLI7ETL/2tx3XZ61VeICZjYqDEgNsPRc= @@ -461,8 +463,8 @@ github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/filecoin-project/go-clock v0.1.0 h1:SFbYIM75M8NnFm1yMHhN9Ahy3W5bEZV9gd6MPfXbKVU= github.com/filecoin-project/go-clock v0.1.0/go.mod h1:4uB/O4PvOjlx1VCMdZ9MyDZXRm//gkj1ELEbxfI1AZs= -github.com/flannel-io/flannel v0.27.4 h1:/i1Bj6/wtBoHSJApQYhve7zK4kycDdFa8yyFDZnUiNE= -github.com/flannel-io/flannel v0.27.4/go.mod h1:3yYRh0umOdrVe9rV81IL4KUSseRv9ICeehA54HeFnCk= +github.com/flannel-io/flannel v0.28.0 h1:epGv3HCi62bafyBhfpgHBl5y/yMZo9WmaKYauMFy4ug= +github.com/flannel-io/flannel v0.28.0/go.mod h1:PtWf/4updL7hr0TgfE/pTenWafOgraPqhCOLhYav6lA= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/flynn/noise v1.1.0 h1:KjPQoQCEFdZDiP03phOvGi11+SVVhBG2wOWAorLsstg= github.com/flynn/noise v1.1.0/go.mod h1:xbMo+0i6+IGbYdJhF31t2eR1BIU0CYc12+BNAKwUTag= @@ -642,8 +644,8 @@ github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20250607225305-033d6d78b36a h1://KbezygeMJZCSHH+HgUZiTeSoiuFspbMg1ge+eFj18= -github.com/google/pprof v0.0.0-20250607225305-033d6d78b36a/go.mod h1:5hDyRhoBCxViHszMt12TnOpEI4VVi+U8Gm9iphldiMA= +github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6 h1:EEHtgt9IwisQ2AZ4pIsMjahcegHh6rmhqxzIRQIyepY= +github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.3/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= @@ -1090,11 +1092,11 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.23.4 h1:ktYTpKJAVZnDT4VjxSbiBenUjmlL/5QkBEocaWXiQus= -github.com/onsi/ginkgo/v2 v2.23.4/go.mod h1:Bt66ApGPBFzHyR+JO10Zbt0Gsp4uWxu5mIOTusL46e8= +github.com/onsi/ginkgo/v2 v2.25.1 h1:Fwp6crTREKM+oA6Cz4MsO8RhKQzs2/gOIVOUscMAfZY= +github.com/onsi/ginkgo/v2 v2.25.1/go.mod h1:ppTWQ1dh9KM/F1XgpeRqelR+zHVwV81DGRSDnFxK7Sk= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/onsi/gomega v1.37.0 h1:CdEG8g0S133B4OswTDC/5XPSzE1OeP29QOioj2PID2Y= -github.com/onsi/gomega v1.37.0/go.mod h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0= +github.com/onsi/gomega v1.38.1 h1:FaLA8GlcpXDwsb7m0h2A9ew2aTk3vnZMlzFgg5tz/pk= +github.com/onsi/gomega v1.38.1/go.mod h1:LfcV8wZLvwcYRwPiJysphKAEsmcFnLMK/9c+PjvlX8g= github.com/opencontainers/cgroups v0.0.4 h1:XVj8P/IHVms/j+7eh8ggdkTLAxjz84ZzuFyGoE28DR4= github.com/opencontainers/cgroups v0.0.4/go.mod h1:s8lktyhlGUqM7OSRL5P7eAW6Wb+kWPNvt4qvVfzA5vs= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= @@ -1526,8 +1528,8 @@ golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.28.0 h1:gQBtGhjxykdjY9YhZpSlZIsbnaE2+PgjfLWUQTnoZ1U= -golang.org/x/mod v0.28.0/go.mod h1:yfB/L0NOf/kmEbXjzCPOx1iK1fRutOydrCMsqRhEBxI= +golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA= +golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w= golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8= golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -1590,17 +1592,17 @@ golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= -golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug= -golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= +golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0= -golang.org/x/telemetry v0.0.0-20250908211612-aef8a434d053 h1:dHQOQddU4YHS5gY33/6klKjq7Gp3WwMyOXGNp5nzRj8= -golang.org/x/telemetry v0.0.0-20250908211612-aef8a434d053/go.mod h1:+nZKN+XVh4LCiA9DV3ywrzN4gumyCnKjau3NGb9SGoE= +golang.org/x/telemetry v0.0.0-20251008203120-078029d740a8 h1:LvzTn0GQhWuvKH/kVRS3R3bVAsdQWI7hvfLHGgh9+lU= +golang.org/x/telemetry v0.0.0-20251008203120-078029d740a8/go.mod h1:Pi4ztBfryZoJEkyFTI5/Ocsu2jXyDr6iSdgJiYE/uwE= golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g= -golang.org/x/term v0.35.0 h1:bZBVKBudEyhRcajGcNc3jIfWPqV4y/Kt2XcoigOWtDQ= -golang.org/x/term v0.35.0/go.mod h1:TPGtkTLesOwf2DE8CgVYiZinHAOuy5AYUYT1lENIZnA= +golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU= +golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1624,8 +1626,8 @@ golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY= golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= -golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk= -golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4= +golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM= +golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1702,8 +1704,8 @@ golang.org/x/tools v0.11.0/go.mod h1:anzJrxPjNtfgiYQYirP2CPGzGLxrH2u2QBhn6Bf3qY8 golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c= -golang.org/x/tools v0.37.0 h1:DVSRzp7FwePZW356yEAChSdNcQo6Nsp+fex1SUW09lE= -golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w= +golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ= +golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/scripts/version.sh b/scripts/version.sh index 2d35c7869002..ed29f1c8b43a 100755 --- a/scripts/version.sh +++ b/scripts/version.sh @@ -54,8 +54,8 @@ if [ -z "$VERSION_CRI_DOCKERD" ]; then VERSION_CRI_DOCKERD="v0.0.0" fi -VERSION_CNIPLUGINS="v1.8.0-k3s1" -VERSION_FLANNEL_PLUGIN="v1.8.0-flannel1" +VERSION_CNIPLUGINS="v1.9.0-k3s1" +VERSION_FLANNEL_PLUGIN="v1.9.0-flannel1" VERSION_KUBE_ROUTER=$(get-module-version github.com/cloudnativelabs/kube-router/v2) if [ -z "$VERSION_KUBE_ROUTER" ]; then From 461128d23de5825e980f4d6066cfef2a890ec4df Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Wed, 7 Jan 2026 18:37:05 +0000 Subject: [PATCH 40/48] Drop use of deprecated docker reexec package Signed-off-by: Brad Davidson (cherry picked from commit 926bbce8aab75e112e24ff696dd2a8242a7b4eba) Signed-off-by: Brad Davidson --- cmd/server/main.go | 2 +- go.mod | 1 + go.sum | 2 ++ 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/cmd/server/main.go b/cmd/server/main.go index 97b0449a1bf6..da25369a10dd 100644 --- a/cmd/server/main.go +++ b/cmd/server/main.go @@ -6,7 +6,6 @@ import ( "os" "path/filepath" - "github.com/docker/docker/pkg/reexec" "github.com/k3s-io/k3s/pkg/cli/agent" "github.com/k3s-io/k3s/pkg/cli/cert" "github.com/k3s-io/k3s/pkg/cli/cmds" @@ -22,6 +21,7 @@ import ( "github.com/k3s-io/k3s/pkg/containerd" ctr2 "github.com/k3s-io/k3s/pkg/ctr" kubectl2 "github.com/k3s-io/k3s/pkg/kubectl" + "github.com/moby/sys/reexec" "github.com/sirupsen/logrus" "github.com/urfave/cli/v2" crictl2 "sigs.k8s.io/cri-tools/cmd/crictl" diff --git a/go.mod b/go.mod index e0ee341f2ece..c29c949933e6 100644 --- a/go.mod +++ b/go.mod @@ -115,6 +115,7 @@ require ( github.com/klauspost/compress v1.18.2 github.com/libp2p/go-libp2p v0.43.0 github.com/minio/minio-go/v7 v7.0.91 + github.com/moby/sys/reexec v0.1.0 github.com/moby/sys/userns v0.1.0 github.com/mwitkow/go-http-dialer v0.0.0-20161116154839-378f744fb2b8 github.com/natefinch/lumberjack v2.0.0+incompatible diff --git a/go.sum b/go.sum index 2f938a86a739..66f901defa4c 100644 --- a/go.sum +++ b/go.sum @@ -1012,6 +1012,8 @@ github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/moby/sys/mountinfo v0.7.2 h1:1shs6aH5s4o5H2zQLn796ADW1wMrIwHsyJ2v9KouLrg= github.com/moby/sys/mountinfo v0.7.2/go.mod h1:1YOa8w8Ih7uW0wALDUgT1dTTSBrZ+HiBLGws92L2RU4= +github.com/moby/sys/reexec v0.1.0 h1:RrBi8e0EBTLEgfruBOFcxtElzRGTEUkeIFaVXgU7wok= +github.com/moby/sys/reexec v0.1.0/go.mod h1:EqjBg8F3X7iZe5pU6nRZnYCMUTXoxsjiIfHup5wYIN8= github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU= github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko= github.com/moby/sys/signal v0.7.1 h1:PrQxdvxcGijdo6UXXo/lU/TvHUWyPhj7UOpSo8tuvk0= From 749a9efb53311aea227a4f141a1203d13fa01f30 Mon Sep 17 00:00:00 2001 From: luojiyin Date: Fri, 26 Dec 2025 16:31:50 +0800 Subject: [PATCH 41/48] Fix atomic write in WriteSubnetFile - Use os.CreateTemp to avoid race conditions with fixed temp filename - Add f.Sync() before close to ensure data durability - Check all fmt.Fprintf errors instead of ignoring them - Preserve original file permissions when overwriting - Handle dir== edge case from filepath.Split - Check os.MkdirAll error - Proper cleanup on all error paths Signed-off-by: luojiyin Add documentation comments to WriteSubnetFile Clarify the design choices for atomic file writing: - Explain why CreateTemp is used (defense-in-depth, avoids pre-existing file issues) - Document the single-instance assumption - Note the permission preservation logic Signed-off-by: luojiyin Update WriteSubnetFile comment to clarify CreateTemp rationale Remove misleading reference to concurrent writes (K3s is single-instance). Focus on the actual benefits: avoiding stale temp files from crashes, handling unexpected permissions/ownership, and O_EXCL guarantees. Signed-off-by: luojiyin Refactor cleanup to use merr.NewErrors for better error aggregation Address review feedback from @brandond to improve error handling: - Change cleanup function to accept error parameter - Use merr.NewErrors to aggregate original error with Close/Remove errors - Simplify error handling with consistent return cleanup(err) pattern Signed-off-by: luojiyin Fix Close error handling to preserve original error Add cleanupNoClose helper to avoid double Close and preserve the original Close error when file close fails. Signed-off-by: luojiyin (cherry picked from commit f42523c55fac715ca228d3e6a67e30d901bef089) Signed-off-by: Brad Davidson --- pkg/agent/flannel/flannel.go | 72 ++++++++++++++++++++++++++++-------- 1 file changed, 57 insertions(+), 15 deletions(-) diff --git a/pkg/agent/flannel/flannel.go b/pkg/agent/flannel/flannel.go index c9cda4834209..158165cb2676 100644 --- a/pkg/agent/flannel/flannel.go +++ b/pkg/agent/flannel/flannel.go @@ -30,6 +30,7 @@ import ( "github.com/flannel-io/flannel/pkg/trafficmngr/iptables" "github.com/joho/godotenv" pkgerrors "github.com/pkg/errors" + "github.com/rancher/wrangler/v3/pkg/merr" "github.com/sirupsen/logrus" "golang.org/x/net/context" @@ -183,43 +184,84 @@ func LookupExtInterface(iface *net.Interface, nm netMode) (*backend.ExternalInte }, nil } +// WriteSubnetFile atomically writes the flannel subnet configuration file. +// Uses CreateTemp to avoid issues with pre-existing temp files (stale files +// from crashes, unexpected permissions/ownership) and to ensure clean atomic +// rename semantics with O_EXCL guarantees. func WriteSubnetFile(path string, nw ip.IP4Net, nwv6 ip.IP6Net, ipMasq bool, bn backend.Network, nm netMode) error { dir, name := filepath.Split(path) - os.MkdirAll(dir, 0755) + if dir == "" { + dir = "." + } + if err := os.MkdirAll(dir, 0755); err != nil { + return err + } + + // Preserve original file permissions if the file already exists + perm := os.FileMode(0644) + if info, err := os.Stat(path); err == nil { + perm = info.Mode().Perm() + } - tempFile := filepath.Join(dir, "."+name) - f, err := os.Create(tempFile) + f, err := os.CreateTemp(dir, "."+name+".") if err != nil { return err } + tempFile := f.Name() + cleanupNoClose := func(err error) error { + return merr.NewErrors(err, os.Remove(tempFile)) + } + cleanup := func(err error) error { + return merr.NewErrors(err, f.Close(), os.Remove(tempFile)) + } + if err := f.Chmod(perm); err != nil { + return cleanup(err) + } // Write out the first usable IP by incrementing // sn.IP by one sn := bn.Lease().Subnet sn.IP++ if nm.IPv4Enabled() { - fmt.Fprintf(f, "FLANNEL_NETWORK=%s\n", nw) - fmt.Fprintf(f, "FLANNEL_SUBNET=%s\n", sn) + if _, err := fmt.Fprintf(f, "FLANNEL_NETWORK=%s\n", nw); err != nil { + return cleanup(err) + } + if _, err := fmt.Fprintf(f, "FLANNEL_SUBNET=%s\n", sn); err != nil { + return cleanup(err) + } } if nwv6.String() != emptyIPv6Network { snv6 := bn.Lease().IPv6Subnet snv6.IncrementIP() - fmt.Fprintf(f, "FLANNEL_IPV6_NETWORK=%s\n", nwv6) - fmt.Fprintf(f, "FLANNEL_IPV6_SUBNET=%s\n", snv6) + if _, err := fmt.Fprintf(f, "FLANNEL_IPV6_NETWORK=%s\n", nwv6); err != nil { + return cleanup(err) + } + if _, err := fmt.Fprintf(f, "FLANNEL_IPV6_SUBNET=%s\n", snv6); err != nil { + return cleanup(err) + } } - fmt.Fprintf(f, "FLANNEL_MTU=%d\n", bn.MTU()) - _, err = fmt.Fprintf(f, "FLANNEL_IPMASQ=%v\n", ipMasq) - f.Close() - if err != nil { - return err + if _, err := fmt.Fprintf(f, "FLANNEL_MTU=%d\n", bn.MTU()); err != nil { + return cleanup(err) + } + if _, err := fmt.Fprintf(f, "FLANNEL_IPMASQ=%v\n", ipMasq); err != nil { + return cleanup(err) + } + if err := f.Sync(); err != nil { + return cleanup(err) + } + if err := f.Close(); err != nil { + return cleanupNoClose(err) } // rename(2) the temporary file to the desired location so that it becomes - // atomically visible with the contents - return os.Rename(tempFile, path) - // TODO - is this safe? What if it's not on the same FS? + // atomically visible with the contents (same directory keeps it on the same FS) + if err := os.Rename(tempFile, path); err != nil { + _ = os.Remove(tempFile) + return err + } + return nil } // ReadCIDRFromSubnetFile reads the flannel subnet file and extracts the value of IPv4 network key From be68a901aa66d36a61c93e2684748444b08fb26e Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Wed, 7 Jan 2026 19:09:29 +0000 Subject: [PATCH 42/48] Bump expr-lang/expr Fixes HIGH CVE-2025-68156. This is an indirect dep from github.com/nats-io/jsm.go but it appears they have not yet bumped it either Signed-off-by: Brad Davidson (cherry picked from commit e4f67846fe6ec2a27d713eb1cb98696eebbb9830) Signed-off-by: Brad Davidson --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index c29c949933e6..126fb531a18f 100644 --- a/go.mod +++ b/go.mod @@ -258,7 +258,7 @@ require ( github.com/euank/go-kmsg-parser v2.0.0+incompatible // indirect github.com/evanphx/json-patch v5.9.11+incompatible // indirect github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect - github.com/expr-lang/expr v1.17.6 // indirect + github.com/expr-lang/expr v1.17.7 // indirect github.com/fatih/camelcase v1.0.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/filecoin-project/go-clock v0.1.0 // indirect diff --git a/go.sum b/go.sum index 66f901defa4c..c58a2e00710b 100644 --- a/go.sum +++ b/go.sum @@ -453,8 +453,8 @@ github.com/evanphx/json-patch v5.9.11+incompatible h1:ixHHqfcGvxhWkniF1tWxBHA0yb github.com/evanphx/json-patch v5.9.11+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4= github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc= -github.com/expr-lang/expr v1.17.6 h1:1h6i8ONk9cexhDmowO/A64VPxHScu7qfSl2k8OlINec= -github.com/expr-lang/expr v1.17.6/go.mod h1:8/vRC7+7HBzESEqt5kKpYXxrxkr31SaO8r40VO/1IT4= +github.com/expr-lang/expr v1.17.7 h1:Q0xY/e/2aCIp8g9s/LGvMDCC5PxYlvHgDZRQ4y16JX8= +github.com/expr-lang/expr v1.17.7/go.mod h1:8/vRC7+7HBzESEqt5kKpYXxrxkr31SaO8r40VO/1IT4= github.com/fatih/camelcase v1.0.0 h1:hxNvNX/xYBp0ovncs8WyWZrOrpBNub/JfaMvbURyft8= github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc= github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= From 1d848812ca2f38ca60dae195bc31d33d9747d8d2 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Wed, 12 Nov 2025 22:57:36 +0000 Subject: [PATCH 43/48] Bump spegel to v0.6.0 Signed-off-by: Brad Davidson (cherry picked from commit efeacc1ed82493d76da28e7e7a8e29666e7d5fb7) Signed-off-by: Brad Davidson --- go.mod | 89 ++++++++------- go.sum | 261 ++++++++++++++++++------------------------- pkg/spegel/spegel.go | 69 +++++++++--- 3 files changed, 207 insertions(+), 212 deletions(-) diff --git a/go.mod b/go.mod index 126fb531a18f..c58bc2fb4556 100644 --- a/go.mod +++ b/go.mod @@ -10,6 +10,7 @@ replace ( github.com/containerd/containerd/api => github.com/containerd/containerd/api v1.9.0 github.com/containerd/containerd/v2 => github.com/k3s-io/containerd/v2 v2.1.5-k3s1.33 github.com/containerd/imgcrypt => github.com/containerd/imgcrypt v1.1.11 + github.com/cyphar/filepath-securejoin => github.com/cyphar/filepath-securejoin v0.5.2 github.com/distribution/reference => github.com/distribution/reference v0.5.0 github.com/docker/distribution => github.com/docker/distribution v2.8.3+incompatible github.com/docker/docker => github.com/docker/docker v25.0.8+incompatible @@ -23,7 +24,7 @@ replace ( github.com/opencontainers/selinux => github.com/opencontainers/selinux v1.13.1 github.com/prometheus/client_golang => github.com/prometheus/client_golang v1.22.0 github.com/prometheus/common => github.com/prometheus/common v0.62.0 - github.com/spegel-org/spegel => github.com/k3s-io/spegel v0.4.0-k3s3 + github.com/spegel-org/spegel => github.com/k3s-io/spegel v0.6.0-k3s1 go.etcd.io/etcd/api/v3 => github.com/k3s-io/etcd/api/v3 v3.5.25-k3s2 go.etcd.io/etcd/client/pkg/v3 => github.com/k3s-io/etcd/client/pkg/v3 v3.5.25-k3s2 go.etcd.io/etcd/client/v2 => github.com/k3s-io/etcd/client/v2 v2.305.25-k3s2 @@ -78,13 +79,13 @@ replace ( ) require ( - github.com/Microsoft/hcsshim v0.13.0 + github.com/Microsoft/hcsshim v0.14.0-rc.1 github.com/Mirantis/cri-dockerd v0.0.0-00010101000000-000000000000 github.com/blang/semver/v4 v4.0.0 github.com/cloudnativelabs/kube-router/v2 v2.0.0-00010101000000-000000000000 - github.com/containerd/cgroups/v3 v3.0.5 - github.com/containerd/containerd/api v1.9.0 - github.com/containerd/containerd/v2 v2.1.4 + github.com/containerd/cgroups/v3 v3.1.0 + github.com/containerd/containerd/api v1.10.0 + github.com/containerd/containerd/v2 v2.2.0 github.com/containerd/errdefs v1.0.0 github.com/containerd/fuse-overlayfs-snapshotter/v2 v2.1.6 github.com/containerd/stargz-snapshotter v0.17.0 @@ -106,14 +107,14 @@ require ( github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 github.com/inetaf/tcpproxy v0.0.0-20240214030015-3ce58045626c github.com/ipfs/go-ds-leveldb v0.5.0 - github.com/ipfs/go-log/v2 v2.8.0 + github.com/ipfs/go-log/v2 v2.9.0 github.com/joho/godotenv v1.5.1 github.com/json-iterator/go v1.1.12 github.com/k3s-io/api v0.1.4 github.com/k3s-io/helm-controller v0.16.17 github.com/k3s-io/kine v0.14.9 github.com/klauspost/compress v1.18.2 - github.com/libp2p/go-libp2p v0.43.0 + github.com/libp2p/go-libp2p v0.46.0 github.com/minio/minio-go/v7 v7.0.91 github.com/moby/sys/reexec v0.1.0 github.com/moby/sys/userns v0.1.0 @@ -138,7 +139,7 @@ require ( github.com/robfig/cron/v3 v3.0.1 github.com/rootless-containers/rootlesskit v1.1.1 github.com/sirupsen/logrus v1.9.3 - github.com/spegel-org/spegel v0.4.0 + github.com/spegel-org/spegel v0.6.0 github.com/spf13/pflag v1.0.10 github.com/stretchr/testify v1.11.1 github.com/urfave/cli/v2 v2.27.7 @@ -152,15 +153,15 @@ require ( go.uber.org/mock v0.5.2 go.uber.org/zap v1.27.1 golang.org/x/crypto v0.45.0 - golang.org/x/mod v0.29.0 + golang.org/x/mod v0.30.0 golang.org/x/net v0.47.0 golang.org/x/sync v0.19.0 golang.org/x/sys v0.39.0 - google.golang.org/grpc v1.75.1 + google.golang.org/grpc v1.77.0 gopkg.in/yaml.v2 v2.4.0 k8s.io/api v0.34.2 k8s.io/apiextensions-apiserver v0.33.7 - k8s.io/apimachinery v0.34.2 + k8s.io/apimachinery v0.34.3 k8s.io/apiserver v0.34.2 k8s.io/cli-runtime v0.33.7 k8s.io/client-go v0.34.2 @@ -168,7 +169,7 @@ require ( k8s.io/cluster-bootstrap v0.33.7 k8s.io/component-base v0.34.2 k8s.io/component-helpers v0.33.7 - k8s.io/cri-api v0.34.1 + k8s.io/cri-api v0.34.3 k8s.io/cri-client v0.33.7 k8s.io/klog/v2 v2.130.1 k8s.io/kube-proxy v0.33.7 @@ -195,7 +196,7 @@ require ( require ( cel.dev/expr v0.20.0 // indirect - dario.cat/mergo v1.0.1 // indirect + dario.cat/mergo v1.0.2 // indirect filippo.io/edwards25519 v1.1.0 // indirect github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect github.com/JeffAshton/win_pdh v0.0.0-20161109143554-76bb4ee9f0ab // indirect @@ -213,7 +214,7 @@ require ( github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver v3.5.1+incompatible // indirect github.com/bronze1man/goStrongswanVici v0.0.0-20231128135937-211cef3b0b20 // indirect - github.com/cenkalti/backoff/v5 v5.0.2 // indirect + github.com/cenkalti/backoff/v5 v5.0.3 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/chai2010/gettext-go v1.0.2 // indirect github.com/checkpoint-restore/checkpointctl v1.3.0 // indirect @@ -231,7 +232,7 @@ require ( github.com/containerd/log v0.1.0 // indirect github.com/containerd/nri v0.8.0 // indirect github.com/containerd/otelttrpc v0.1.0 // indirect - github.com/containerd/platforms v1.0.0-rc.1 // indirect + github.com/containerd/platforms v1.0.0-rc.2 // indirect github.com/containerd/plugin v1.0.0 // indirect github.com/containerd/stargz-snapshotter/estargz v0.17.0 // indirect github.com/containerd/ttrpc v1.2.7 // indirect @@ -242,7 +243,7 @@ require ( github.com/coreos/go-oidc v2.3.0+incompatible // indirect github.com/coreos/go-semver v0.3.1 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect - github.com/cyphar/filepath-securejoin v0.5.2 // indirect + github.com/cyphar/filepath-securejoin v0.6.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c // indirect github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 // indirect @@ -263,7 +264,7 @@ require ( github.com/felixge/httpsnoop v1.0.4 // indirect github.com/filecoin-project/go-clock v0.1.0 // indirect github.com/flynn/noise v1.1.0 // indirect - github.com/francoispqt/gojay v1.2.13 // indirect + github.com/gammazero/deque v1.2.0 // indirect github.com/ghodss/yaml v1.0.0 // indirect github.com/go-errors/errors v1.4.2 // indirect github.com/go-ini/ini v1.67.0 // indirect @@ -291,7 +292,7 @@ require ( github.com/golang-jwt/jwt/v4 v4.5.2 // indirect github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect github.com/golang/protobuf v1.5.4 // indirect - github.com/golang/snappy v0.0.4 // indirect + github.com/golang/snappy v0.0.5-0.20231225225746-43d5d4cd4e0e // indirect github.com/google/btree v1.1.3 // indirect github.com/google/cel-go v0.23.2 // indirect github.com/google/gnostic-models v0.7.0 // indirect @@ -305,7 +306,8 @@ require ( github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.1 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2 // indirect + github.com/guillaumemichel/reservedpool v0.3.0 // indirect github.com/hanwen/go-fuse/v2 v2.8.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect @@ -317,9 +319,11 @@ require ( github.com/huin/goupnp v1.3.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/intel/goresctrl v0.8.0 // indirect - github.com/ipfs/boxo v0.33.1 // indirect - github.com/ipfs/go-cid v0.5.0 // indirect - github.com/ipfs/go-datastore v0.8.2 // indirect + github.com/ipfs/boxo v0.35.2 // indirect + github.com/ipfs/go-block-format v0.2.3 // indirect + github.com/ipfs/go-cid v0.6.0 // indirect + github.com/ipfs/go-datastore v0.9.0 // indirect + github.com/ipfs/go-test v0.2.3 // indirect github.com/ipld/go-ipld-prime v0.21.0 // indirect github.com/jackc/pgerrcode v0.0.0-20240316143900-6e2875d9b438 // indirect github.com/jackc/pgpassfile v1.0.0 // indirect @@ -340,12 +344,12 @@ require ( github.com/libp2p/go-cidranger v1.1.0 // indirect github.com/libp2p/go-flow-metrics v0.3.0 // indirect github.com/libp2p/go-libp2p-asn-util v0.4.1 // indirect - github.com/libp2p/go-libp2p-kad-dht v0.34.0 // indirect - github.com/libp2p/go-libp2p-kbucket v0.7.0 // indirect + github.com/libp2p/go-libp2p-kad-dht v0.36.0 // indirect + github.com/libp2p/go-libp2p-kbucket v0.8.0 // indirect github.com/libp2p/go-libp2p-record v0.3.1 // indirect github.com/libp2p/go-libp2p-routing-helpers v0.7.5 // indirect github.com/libp2p/go-msgio v0.3.0 // indirect - github.com/libp2p/go-netroute v0.2.2 // indirect + github.com/libp2p/go-netroute v0.3.0 // indirect github.com/libp2p/go-reuseport v0.4.0 // indirect github.com/libp2p/go-yamux/v5 v5.0.1 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect @@ -358,7 +362,7 @@ require ( github.com/mdlayher/netlink v1.7.2 // indirect github.com/mdlayher/socket v0.5.1 // indirect github.com/mdlayher/vsock v1.2.1 // indirect - github.com/miekg/dns v1.1.68 // indirect + github.com/miekg/dns v1.1.69 // indirect github.com/miekg/pkcs11 v1.1.1 // indirect github.com/mikioh/tcpinfo v0.0.0-20190314235526-30a79bb1804b // indirect github.com/mikioh/tcpopt v0.0.0-20190314235656-172688c1accc // indirect @@ -391,10 +395,10 @@ require ( github.com/multiformats/go-multiaddr-dns v0.4.1 // indirect github.com/multiformats/go-multiaddr-fmt v0.1.0 // indirect github.com/multiformats/go-multibase v0.2.0 // indirect - github.com/multiformats/go-multicodec v0.9.2 // indirect + github.com/multiformats/go-multicodec v0.10.0 // indirect github.com/multiformats/go-multihash v0.2.3 // indirect github.com/multiformats/go-multistream v0.6.1 // indirect - github.com/multiformats/go-varint v0.0.7 // indirect + github.com/multiformats/go-varint v0.1.0 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect github.com/nats-io/jsm.go v0.3.0 // indirect @@ -433,10 +437,11 @@ require ( github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/polydawn/refmt v0.89.0 // indirect github.com/pquerna/cachecontrol v0.1.0 // indirect + github.com/probe-lab/go-libdht v0.4.0 // indirect github.com/prometheus/client_model v0.6.2 // indirect github.com/prometheus/procfs v0.17.0 // indirect - github.com/quic-go/qpack v0.5.1 // indirect - github.com/quic-go/quic-go v0.54.0 // indirect + github.com/quic-go/qpack v0.6.0 // indirect + github.com/quic-go/quic-go v0.57.1 // indirect github.com/quic-go/webtransport-go v0.9.0 // indirect github.com/rs/xid v1.6.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect @@ -465,37 +470,37 @@ require ( go.etcd.io/etcd/pkg/v3 v3.6.7 // indirect go.etcd.io/etcd/raft/v3 v3.5.25 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/auto/sdk v1.1.0 // indirect + go.opentelemetry.io/auto/sdk v1.2.1 // indirect go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful v0.42.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 // indirect go.opentelemetry.io/otel v1.38.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.37.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.37.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0 // indirect go.opentelemetry.io/otel/metric v1.38.0 // indirect go.opentelemetry.io/otel/sdk v1.38.0 // indirect go.opentelemetry.io/otel/trace v1.38.0 // indirect - go.opentelemetry.io/proto/otlp v1.7.0 // indirect + go.opentelemetry.io/proto/otlp v1.7.1 // indirect go.uber.org/automaxprocs v1.6.0 // indirect go.uber.org/dig v1.19.0 // indirect go.uber.org/fx v1.24.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.yaml.in/yaml/v2 v2.4.3 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/exp v0.0.0-20250911091902-df9299821621 // indirect - golang.org/x/oauth2 v0.30.0 // indirect - golang.org/x/telemetry v0.0.0-20251008203120-078029d740a8 // indirect + golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 // indirect + golang.org/x/oauth2 v0.32.0 // indirect + golang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54 // indirect golang.org/x/term v0.37.0 // indirect golang.org/x/text v0.31.0 // indirect - golang.org/x/time v0.13.0 // indirect - golang.org/x/tools v0.38.0 // indirect + golang.org/x/time v0.14.0 // indirect + golang.org/x/tools v0.39.0 // indirect golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173 // indirect golang.zx2c4.com/wireguard/wgctrl v0.0.0-20241231184526-a9ab2273dd10 // indirect gonum.org/v1/gonum v0.16.0 // indirect google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250707201910-8d1bb00bc6a7 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 // indirect - google.golang.org/protobuf v1.36.9 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20250825161204-c5933d9347a5 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8 // indirect + google.golang.org/protobuf v1.36.10 // indirect gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect diff --git a/go.sum b/go.sum index c58a2e00710b..b96e03b56f35 100644 --- a/go.sum +++ b/go.sum @@ -3,9 +3,7 @@ cel.dev/expr v0.16.0/go.mod h1:TRSuuV7DlVCE/uwv5QbAiW/v8l5O8C4eEPHeu7gf7Sg= cel.dev/expr v0.19.0/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw= cel.dev/expr v0.20.0 h1:OunBvVCfvpWlt4dN7zg3FM6TDkzOePe1+foGJ9AXeeI= cel.dev/expr v0.20.0/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw= -cloud.google.com/go v0.31.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.37.0/go.mod h1:TS1dMSSfndXH133OKGwekG838Om/cQT0BUHV3HcBgoo= cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= @@ -217,17 +215,12 @@ cloud.google.com/go/websecurityscanner v1.5.0/go.mod h1:Y6xdCPy81yi0SQnDY1xdNTNp cloud.google.com/go/workflows v1.10.0/go.mod h1:fZ8LmRmZQWacon9UCX1r/g/DfAXx5VcPALq2CxzdePw= cuelabs.dev/go/oci/ociregistry v0.0.0-20250530080122-d0efc28a5723 h1:FGl278ML+6v4yF1FkYELcMXvP+BAsvsW+H3WkGQy+aE= cuelabs.dev/go/oci/ociregistry v0.0.0-20250530080122-d0efc28a5723/go.mod h1:dqrnoZx62xbOZr11giMPrWbhlaV8euHwciXZEy3baT8= -dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= -dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= -dmitri.shuralyov.com/app/changes v0.0.0-20180602232624-0a106ad413e3/go.mod h1:Yl+fi1br7+Rr3LqpNJf1/uxUdtRUV+Tnj0o93V2B9MU= +dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8= +dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -dmitri.shuralyov.com/html/belt v0.0.0-20180602232347-f7d459c86be0/go.mod h1:JLBrvjyP0v+ecvNYvCpyZgu5/xkfAUhi6wJj28eUfSU= -dmitri.shuralyov.com/service/change v0.0.0-20181023043359-a85b471d5412/go.mod h1:a1inKt/atXimZ4Mv927x+r7UpyzRUf4emIoiiSC2TN4= -dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D6DFvNNtx+9ybjezNCa8XF0xaYcETyp6rHWU= filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zumjgTw83q2ge/PI+yyw8= -git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg= git.sr.ht/~sbinet/gg v0.3.1/go.mod h1:KGYtlADtqsqANL9ueOFkWymvzUvLMQllU5Ixo+8v3pc= github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk= github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= @@ -237,6 +230,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03 github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg= github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= +github.com/DataDog/zstd v1.5.7 h1:ybO8RBeh29qrxIhCA9E8gKY6xfONU9T6G6aP9DTKfLE= +github.com/DataDog/zstd v1.5.7/go.mod h1:g4AWEaM3yOg3HYfnJ3YIawPnVdXJh9QME85blwSAmyw= github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0/go.mod h1:obipzmGjfSjam60XLwGfqUkJsfiheAl+TUjG+4yzyPM= github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.26.0/go.mod h1:2bIszWvQRlJVmJLiuLhukLImRjKPcYdzzsx6darK02A= github.com/JeffAshton/win_pdh v0.0.0-20161109143554-76bb4ee9f0ab h1:UKkYhof1njT1/xq4SEg5z+VpTgjmNeHwPGRQl7takDI= @@ -254,6 +249,10 @@ github.com/Microsoft/hnslib v0.1.1 h1:JsZy681SnvSOUAfCZVAxkX4LgQGp+CZZwPbLV0/pdF github.com/Microsoft/hnslib v0.1.1/go.mod h1:DRQR4IjLae6WHYVhW7uqe44hmFUiNhmaWA+jwMbz5tM= github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I= github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= +github.com/RaduBerinde/axisds v0.0.0-20250419182453-5135a0650657 h1:8XBWWQD+vFF+JqOsm16t0Kab1a7YWV8+GISVEP8AuZ8= +github.com/RaduBerinde/axisds v0.0.0-20250419182453-5135a0650657/go.mod h1:UHGJonU9z4YYGKJxSaC6/TNcLOBptpmM5m2Cksbnw0Y= +github.com/RaduBerinde/btreemap v0.0.0-20250419174037-3d62b7205d54 h1:bsU8Tzxr/PNz75ayvCnxKZWEYdLMPDkUgticP4a4Bvk= +github.com/RaduBerinde/btreemap v0.0.0-20250419174037-3d62b7205d54/go.mod h1:0tr7FllbE9gJkHq7CVeeDDFAFKQVy5RnCSSNBOvdqbc= github.com/Rican7/retry v0.3.1 h1:scY4IbO8swckzoA/11HgBwaZRJEyY9vaNJshcdhp1Mc= github.com/Rican7/retry v0.3.1/go.mod h1:CxSDrhAyXmTMeEuRAnArMu1FHu48vtfjLREWqVl7Vw0= github.com/ajstarks/deck v0.0.0-20200831202436-30c9fc6549a9/go.mod h1:JynElWSGnm/4RlzPXRlREEwqTHAN3T56Bv2ITsFT3gY= @@ -263,7 +262,6 @@ github.com/ajstarks/svgo v0.0.0-20211024235047-1546f124cd8b/go.mod h1:1KcenG0jGW github.com/alecthomas/kingpin/v2 v2.4.0/go.mod h1:0gyi0zQnjuFk8xrkNKamJoyUo382HRL7ATRpFZCw6tE= github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE= github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= -github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/antithesishq/antithesis-sdk-go v0.5.0 h1:cudCFF83pDDANcXFzkQPUHHedfnnIbUO3JMr9fqwFJs= github.com/antithesishq/antithesis-sdk-go v0.5.0/go.mod h1:IUpT2DPAKh6i/YhSbt6Gl3v2yvUZjmKncl7U91fup7E= @@ -284,7 +282,6 @@ github.com/bahlo/generic-list-go v0.2.0 h1:5sz/EEAK+ls5wF+NeqDpk5+iNdMDXrh3z3nPn github.com/bahlo/generic-list-go v0.2.0/go.mod h1:2KvAjgMlE5NNynlg/5iLrrCCZ2+5xWbdbCW3pNTGyYg= github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= -github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= @@ -293,14 +290,12 @@ github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= -github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/bronze1man/goStrongswanVici v0.0.0-20231128135937-211cef3b0b20 h1:JMoL5xJSYxo1QVJ3c+4FutWQnks3gZX9DYkgAnvg+5g= github.com/bronze1man/goStrongswanVici v0.0.0-20231128135937-211cef3b0b20/go.mod h1:fWUtBEPt2yjrr3WFhOqvajM8JSEU8bEeBcoeSCsKRpc= -github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs= github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= -github.com/cenkalti/backoff/v5 v5.0.2 h1:rIfFVxEf1QsI7E1ZHfp/B4DF/6QBAUhmgkxc0H7Zss8= -github.com/cenkalti/backoff/v5 v5.0.2/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw= +github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM= +github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw= github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= @@ -324,14 +319,28 @@ github.com/cncf/xds/go v0.0.0-20230105202645-06c439db220b/go.mod h1:eXthEFrGJvWH github.com/cncf/xds/go v0.0.0-20240723142845-024c85f92f20/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= github.com/cncf/xds/go v0.0.0-20250121191232-2f005788dc42/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= +github.com/cockroachdb/crlib v0.0.0-20241112164430-1264a2edc35b h1:SHlYZ/bMx7frnmeqCu+xm0TCxXLzX3jQIVuFbnFGtFU= +github.com/cockroachdb/crlib v0.0.0-20241112164430-1264a2edc35b/go.mod h1:Gq51ZeKaFCXk6QwuGM0w1dnaOqc/F5zKT2zA9D6Xeac= github.com/cockroachdb/datadriven v1.0.2 h1:H9MtNqVoVhvd9nCBwOyDjUEdZCREqbIdCJD93PBm/jA= github.com/cockroachdb/datadriven v1.0.2/go.mod h1:a9RdTaap04u637JoCzcUoIcDmvwSUtcUFtT/C3kJlTU= +github.com/cockroachdb/errors v1.11.3 h1:5bA+k2Y6r+oz/6Z/RFlNeVCesGARKuC6YymtcDrbC/I= +github.com/cockroachdb/errors v1.11.3/go.mod h1:m4UIW4CDjx+R5cybPsNrRbreomiFqt8o1h1wUVazSd8= +github.com/cockroachdb/logtags v0.0.0-20230118201751-21c54148d20b h1:r6VH0faHjZeQy818SGhaone5OnYfxFR/+AzdY3sf5aE= +github.com/cockroachdb/logtags v0.0.0-20230118201751-21c54148d20b/go.mod h1:Vz9DsVWQQhf3vs21MhPMZpMGSht7O/2vFW2xusFUVOs= +github.com/cockroachdb/pebble/v2 v2.1.2 h1:IwYt+Y2Cdw6egblwk1kWzdmJvD2680t5VK/3i0BJ6IA= +github.com/cockroachdb/pebble/v2 v2.1.2/go.mod h1:Aza05DCCc05ghIJZkB4Q/axv/JK9wx5cFwWcnhG0eGw= +github.com/cockroachdb/redact v1.1.5 h1:u1PMllDkdFfPWaNGMyLD1+so+aq3uUItthCFqzwPJ30= +github.com/cockroachdb/redact v1.1.5/go.mod h1:BVNblN9mBWFyMyqK1k3AAiSxhvhfK2oOZZ2lK+dpvRg= +github.com/cockroachdb/swiss v0.0.0-20250624142022-d6e517c1d961 h1:Nua446ru3juLHLZd4AwKNzClZgL1co3pUPGv3o8FlcA= +github.com/cockroachdb/swiss v0.0.0-20250624142022-d6e517c1d961/go.mod h1:yBRu/cnL4ks9bgy4vAASdjIW+/xMlFwuHKqtmh3GZQg= +github.com/cockroachdb/tokenbucket v0.0.0-20230807174530-cc333fc44b06 h1:zuQyyAKVxetITBuuhv3BI9cMrmStnpT18zmgmTxunpo= +github.com/cockroachdb/tokenbucket v0.0.0-20230807174530-cc333fc44b06/go.mod h1:7nc4anLGjupUW/PeY5qiNYsdNXj7zopG+eqsS7To5IQ= github.com/container-storage-interface/spec v1.9.0 h1:zKtX4STsq31Knz3gciCYCi1SXtO2HJDecIjDVboYavY= github.com/container-storage-interface/spec v1.9.0/go.mod h1:ZfDu+3ZRyeVqxZM0Ds19MVLkN2d1XJ5MAfi1L3VjlT0= github.com/containerd/btrfs/v2 v2.0.0 h1:FN4wsx7KQrYoLXN7uLP0vBV4oVWHOIKDRQ1G2Z0oL5M= github.com/containerd/btrfs/v2 v2.0.0/go.mod h1:swkD/7j9HApWpzl8OHfrHNxppPd9l44DFZdF94BUj9k= -github.com/containerd/cgroups/v3 v3.0.5 h1:44na7Ud+VwyE7LIoJ8JTNQOa549a8543BmzaJHo6Bzo= -github.com/containerd/cgroups/v3 v3.0.5/go.mod h1:SA5DLYnXO8pTGYiAHXz94qvLQTKfVM5GEVisn4jpins= +github.com/containerd/cgroups/v3 v3.1.0 h1:azxYVj+91ZgSnIBp2eI3k9y2iYQSR/ZQIgh9vKO+HSY= +github.com/containerd/cgroups/v3 v3.1.0/go.mod h1:SA5DLYnXO8pTGYiAHXz94qvLQTKfVM5GEVisn4jpins= github.com/containerd/console v1.0.5 h1:R0ymNeydRqH2DmakFNdmjR2k0t7UPuiOV/N/27/qqsc= github.com/containerd/console v1.0.5/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk= github.com/containerd/containerd/api v1.9.0 h1:HZ/licowTRazus+wt9fM6r/9BQO7S0vD5lMcWspGIg0= @@ -358,8 +367,8 @@ github.com/containerd/nri v0.8.0 h1:n1S753B9lX8RFrHYeSgwVvS1yaUcHjxbB+f+xzEncRI= github.com/containerd/nri v0.8.0/go.mod h1:uSkgBrCdEtAiEz4vnrq8gmAC4EnVAM5Klt0OuK5rZYQ= github.com/containerd/otelttrpc v0.1.0 h1:UOX68eVTE8H/T45JveIg+I22Ev2aFj4qPITCmXsskjw= github.com/containerd/otelttrpc v0.1.0/go.mod h1:XhoA2VvaGPW1clB2ULwrBZfXVuEWuyOd2NUD1IM0yTg= -github.com/containerd/platforms v1.0.0-rc.1 h1:83KIq4yy1erSRgOVHNk1HYdPvzdJ5CnsWaRoJX4C41E= -github.com/containerd/platforms v1.0.0-rc.1/go.mod h1:J71L7B+aiM5SdIEqmd9wp6THLVRzJGXfNuWCZCllLA4= +github.com/containerd/platforms v1.0.0-rc.2 h1:0SPgaNZPVWGEi4grZdV8VRYQn78y+nm6acgLGv/QzE4= +github.com/containerd/platforms v1.0.0-rc.2/go.mod h1:J71L7B+aiM5SdIEqmd9wp6THLVRzJGXfNuWCZCllLA4= github.com/containerd/plugin v1.0.0 h1:c8Kf1TNl6+e2TtMHZt+39yAPDbouRH9WAToRjex483Y= github.com/containerd/plugin v1.0.0/go.mod h1:hQfJe5nmWfImiqT1q8Si3jLv3ynMUIBB47bQ+KexvO8= github.com/containerd/stargz-snapshotter v0.17.0 h1:djNS4KU8ztFhLdEDZ1bsfzOiYuVHT6TgSU5qwRk+cNc= @@ -384,7 +393,6 @@ github.com/coreos/go-oidc v2.3.0+incompatible h1:+5vEsrgprdLjjQ9FzIKAzQz1wwPD+83 github.com/coreos/go-oidc v2.3.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4= github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= -github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.6.0 h1:aGVa/v8B7hpb0TKl0MWoAavPDmHvobFe5R5zn0bCJWo= github.com/coreos/go-systemd/v22 v22.6.0/go.mod h1:iG+pp635Fo7ZmV/j14KUcmEyWF+0X7Lua8rrTWzYgWU= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= @@ -394,7 +402,6 @@ github.com/cpuguy83/go-md2man/v2 v2.0.7/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6N github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= -github.com/cyphar/filepath-securejoin v0.5.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= github.com/cyphar/filepath-securejoin v0.5.2 h1:w/T2bhKr4pgwG0SUGjU4S/Is9+zUknLh5ROTJLzWX8E= github.com/cyphar/filepath-securejoin v0.5.2/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -465,13 +472,10 @@ github.com/filecoin-project/go-clock v0.1.0 h1:SFbYIM75M8NnFm1yMHhN9Ahy3W5bEZV9g github.com/filecoin-project/go-clock v0.1.0/go.mod h1:4uB/O4PvOjlx1VCMdZ9MyDZXRm//gkj1ELEbxfI1AZs= github.com/flannel-io/flannel v0.28.0 h1:epGv3HCi62bafyBhfpgHBl5y/yMZo9WmaKYauMFy4ug= github.com/flannel-io/flannel v0.28.0/go.mod h1:PtWf/4updL7hr0TgfE/pTenWafOgraPqhCOLhYav6lA= -github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/flynn/noise v1.1.0 h1:KjPQoQCEFdZDiP03phOvGi11+SVVhBG2wOWAorLsstg= github.com/flynn/noise v1.1.0/go.mod h1:xbMo+0i6+IGbYdJhF31t2eR1BIU0CYc12+BNAKwUTag= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= -github.com/francoispqt/gojay v1.2.13 h1:d2m3sFjloqoIUQU3TsHBgj6qg/BVGlTBeHDUmyJnXKk= -github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= @@ -479,10 +483,12 @@ github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM= github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= +github.com/gammazero/deque v1.2.0 h1:scEFO8Uidhw6KDU5qg1HA5fYwM0+us2qdeJqm43bitU= +github.com/gammazero/deque v1.2.0/go.mod h1:JVrR+Bj1NMQbPnYclvDlvSX0nVGReLrQZ0aUMuWLctg= +github.com/getsentry/sentry-go v0.27.0 h1:Pv98CIbtB3LkMWmXi4Joa5OOcwbmnX88sF5qbK3r3Ps= +github.com/getsentry/sentry-go v0.27.0/go.mod h1:lc76E2QywIyW8WuBnwl8Lc4bkmQH4+w1gwTf25trprY= github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= -github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-fonts/dejavu v0.1.0/go.mod h1:4Wt4I4OU2Nq9asgDCteaAaWZOV24E+0/Pwo0gppep4g= @@ -584,8 +590,9 @@ github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/golang/snappy v0.0.5-0.20231225225746-43d5d4cd4e0e h1:4bw4WeyTYPp0smaXiJZCNnLrvVBqirQVreixayXezGc= +github.com/golang/snappy v0.0.5-0.20231225225746-43d5d4cd4e0e/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= @@ -615,8 +622,6 @@ github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/go-containerregistry v0.20.2 h1:B1wPJ1SN/S7pB+ZAimcciVD+r+yV/l/DSArMxlbwseo= github.com/google/go-containerregistry v0.20.2/go.mod h1:z38EKdKh4h7IP2gSfUUqEvalZBqs6AoLeWfUy34nQC8= -github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= -github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/go-tpm v0.9.6 h1:Ku42PT4LmjDu1H5C5ISWLlpI1mj+Zq7sPGKoRw2XROA= github.com/google/go-tpm v0.9.6/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -663,7 +668,6 @@ github.com/googleapis/enterprise-certificate-proxy v0.2.0/go.mod h1:8C0jb7/mgJe/ github.com/googleapis/enterprise-certificate-proxy v0.2.1/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= github.com/googleapis/enterprise-certificate-proxy v0.2.4/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= -github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU= github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= @@ -675,21 +679,21 @@ github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWS github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo= github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA= -github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA= github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw= github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= -github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw= github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3/go.mod h1:o//XUCC/F+yRGJoPO/VU0GSB0f8Nhgmxx0VIRUvaC0w= github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.1 h1:X5VWvz21y3gzm9Nw/kaUeku/1+uBhcekkmy4IkffJww= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.1/go.mod h1:Zanoh4+gvIgluNqcfMVTJueD4wSS5hT7zTt4Mrutd90= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2 h1:8Tjv8EJ+pM1xP8mK6egEbD1OgnVTyacbefKhmbLhIhU= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2/go.mod h1:pkJQ2tZHJ0aFOVEEot6oZmaVEZcRme73eIFmhiVuRWs= +github.com/guillaumemichel/reservedpool v0.3.0 h1:eqqO/QvTllLBrit7LVtVJBqw4cD0WdV9ajUe7WNTajw= +github.com/guillaumemichel/reservedpool v0.3.0/go.mod h1:sXSDIaef81TFdAJglsCFCMfgF5E5Z5xK1tFhjDhvbUc= github.com/hanwen/go-fuse/v2 v2.8.0 h1:wV8rG7rmCz8XHSOwBZhG5YcVqcYjkzivjmbaMafPlAs= github.com/hanwen/go-fuse/v2 v2.8.0/go.mod h1:yE6D2PqWwm3CbYRxFXV9xUd8Md5d6NG0WBs5spCswmI= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -728,24 +732,26 @@ github.com/intel/goresctrl v0.8.0 h1:N3shVbS3kA1Hk2AmcbHv8805Hjbv+zqsCIZCGktxx50 github.com/intel/goresctrl v0.8.0/go.mod h1:T3ZZnuHSNouwELB5wvOoUJaB7l/4Rm23rJy/wuWJlr0= github.com/invopop/jsonschema v0.13.0 h1:KvpoAJWEjR3uD9Kbm2HWJmqsEaHt8lBUpd0qHcIi21E= github.com/invopop/jsonschema v0.13.0/go.mod h1:ffZ5Km5SWWRAIN6wbDXItl95euhFz2uON45H2qjYt+0= -github.com/ipfs/boxo v0.33.1 h1:89m+ksw+cYi0ecTNTJ71IRS5ZrLiovmO6XWHIOGhAEg= -github.com/ipfs/boxo v0.33.1/go.mod h1:KwlJTzv5fb1GLlA9KyMqHQmvP+4mrFuiE3PnjdrPJHs= -github.com/ipfs/go-block-format v0.2.2 h1:uecCTgRwDIXyZPgYspaLXoMiMmxQpSx2aq34eNc4YvQ= -github.com/ipfs/go-block-format v0.2.2/go.mod h1:vmuefuWU6b+9kIU0vZJgpiJt1yicQz9baHXE8qR+KB8= -github.com/ipfs/go-cid v0.5.0 h1:goEKKhaGm0ul11IHA7I6p1GmKz8kEYniqFopaB5Otwg= -github.com/ipfs/go-cid v0.5.0/go.mod h1:0L7vmeNXpQpUS9vt+yEARkJ8rOg43DF3iPgn4GIN0mk= +github.com/ipfs/boxo v0.35.2 h1:0QZJJh6qrak28abENOi5OA8NjBnZM4p52SxeuIDqNf8= +github.com/ipfs/boxo v0.35.2/go.mod h1:bZn02OFWwJtY8dDW9XLHaki59EC5o+TGDECXEbe1w8U= +github.com/ipfs/go-block-format v0.2.3 h1:mpCuDaNXJ4wrBJLrtEaGFGXkferrw5eqVvzaHhtFKQk= +github.com/ipfs/go-block-format v0.2.3/go.mod h1:WJaQmPAKhD3LspLixqlqNFxiZ3BZ3xgqxxoSR/76pnA= +github.com/ipfs/go-cid v0.6.0 h1:DlOReBV1xhHBhhfy/gBNNTSyfOM6rLiIx9J7A4DGf30= +github.com/ipfs/go-cid v0.6.0/go.mod h1:NC4kS1LZjzfhK40UGmpXv5/qD2kcMzACYJNntCUiDhQ= github.com/ipfs/go-datastore v0.5.0/go.mod h1:9zhEApYMTl17C8YDp7JmU7sQZi2/wqiYh73hakZ90Bk= -github.com/ipfs/go-datastore v0.8.2 h1:Jy3wjqQR6sg/LhyY0NIePZC3Vux19nLtg7dx0TVqr6U= -github.com/ipfs/go-datastore v0.8.2/go.mod h1:W+pI1NsUsz3tcsAACMtfC+IZdnQTnC/7VfPoJBQuts0= +github.com/ipfs/go-datastore v0.9.0 h1:WocriPOayqalEsueHv6SdD4nPVl4rYMfYGLD4bqCZ+w= +github.com/ipfs/go-datastore v0.9.0/go.mod h1:uT77w/XEGrvJWwHgdrMr8bqCN6ZTW9gzmi+3uK+ouHg= github.com/ipfs/go-detect-race v0.0.1 h1:qX/xay2W3E4Q1U7d9lNs1sU9nvguX0a7319XbyQ6cOk= github.com/ipfs/go-detect-race v0.0.1/go.mod h1:8BNT7shDZPo99Q74BpGMK+4D8Mn4j46UU0LZ723meps= github.com/ipfs/go-ds-leveldb v0.5.0 h1:s++MEBbD3ZKc9/8/njrn4flZLnCuY9I79v94gBUNumo= github.com/ipfs/go-ds-leveldb v0.5.0/go.mod h1:d3XG9RUDzQ6V4SHi8+Xgj9j1XuEk1z82lquxrVbml/Q= +github.com/ipfs/go-ds-pebble v0.5.7 h1:4PQI46y3fjjxUTgHwYqcOVyoxiU6v1sqN6ONeRXGQTM= +github.com/ipfs/go-ds-pebble v0.5.7/go.mod h1:rsIgXE2qN+VfHKBin2cOOGFTZ/Agor6i8wBWA6ihbr0= github.com/ipfs/go-ipfs-delay v0.0.0-20181109222059-70721b86a9a8/go.mod h1:8SP1YXK1M1kXuc4KJZINY3TQQ03J2rwBG9QfXmbRPrw= -github.com/ipfs/go-log/v2 v2.8.0 h1:SptNTPJQV3s5EF4FdrTu/yVdOKfGbDgn1EBZx4til2o= -github.com/ipfs/go-log/v2 v2.8.0/go.mod h1:2LEEhdv8BGubPeSFTyzbqhCqrwqxCbuTNTLWqgNAipo= -github.com/ipfs/go-test v0.2.2 h1:1yjYyfbdt1w93lVzde6JZ2einh3DIV40at4rVoyEcE8= -github.com/ipfs/go-test v0.2.2/go.mod h1:cmLisgVwkdRCnKu/CFZOk2DdhOcwghr5GsHeqwexoRA= +github.com/ipfs/go-log/v2 v2.9.0 h1:l4b06AwVXwldIzbVPZy5z7sKp9lHFTX0KWfTBCtHaOk= +github.com/ipfs/go-log/v2 v2.9.0/go.mod h1:UhIYAwMV7Nb4ZmihUxfIRM2Istw/y9cAk3xaK+4Zs2c= +github.com/ipfs/go-test v0.2.3 h1:Z/jXNAReQFtCYyn7bsv/ZqUwS6E7iIcSpJ2CuzCvnrc= +github.com/ipfs/go-test v0.2.3/go.mod h1:QW8vSKkwYvWFwIZQLGQXdkt9Ud76eQXRQ9Ao2H+cA1o= github.com/ipld/go-ipld-prime v0.21.0 h1:n4JmcpOlPDIxBcY037SVfpd1G+Sj1nKZah0m6QH9C2E= github.com/ipld/go-ipld-prime v0.21.0/go.mod h1:3RLqy//ERg/y5oShXXdx5YIp50cFGOanyMctpPjsvxQ= github.com/jackc/pgerrcode v0.0.0-20240316143900-6e2875d9b438 h1:Dj0L5fhJ9F82ZJyVOmBx6msDp/kfd1t9GRfny/mfJA0= @@ -764,7 +770,6 @@ github.com/jbenet/go-cienv v0.1.0/go.mod h1:TqNnHUmJgXau0nCzC7kXWeotg3J9W34CUv5D github.com/jbenet/go-temp-err-catcher v0.1.0 h1:zpb3ZH6wIE8Shj2sKS+khgRvf7T7RABoLk/+KKHggpk= github.com/jbenet/go-temp-err-catcher v0.1.0/go.mod h1:0kJRvmDZXNMIiJirNPEYfhpPwbGVtZVWC34vc5WLsDk= github.com/jbenet/goprocess v0.1.4/go.mod h1:5yspPrukOVuOLORacaBi858NqyClJPQxYZlqdZVfqY4= -github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU= github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0= github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4= github.com/jonboulle/clockwork v0.5.0 h1:Hyh9A8u51kptdkR+cqRpT1EebBwTn1oK9YfGYbdFz6I= @@ -774,7 +779,6 @@ github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFF github.com/josharian/native v1.1.0 h1:uuaP0hAbW7Y4l0ZRQ6C9zfb7Mg1mbFKry/xzDAfmtLA= github.com/josharian/native v1.1.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= -github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= @@ -872,8 +876,8 @@ github.com/k3s-io/kubernetes/staging/src/k8s.io/mount-utils v1.33.7-k3s1 h1:PZOR github.com/k3s-io/kubernetes/staging/src/k8s.io/mount-utils v1.33.7-k3s1/go.mod h1:1JR4rKymg8B8bCPo618hpSAdrpO6XLh0Acqok/xVwPE= github.com/k3s-io/kubernetes/staging/src/k8s.io/pod-security-admission v1.33.7-k3s1 h1:24jgo5+G6SEn6gPIfSQ9ruO5nPVwTYrQBHaM1balDDg= github.com/k3s-io/kubernetes/staging/src/k8s.io/pod-security-admission v1.33.7-k3s1/go.mod h1:f+y3xOAIihI4JaYo/QurW4nd5mufzM9raim+oEt2a7c= -github.com/k3s-io/spegel v0.4.0-k3s3 h1:UpgZQn9JjzNB0jD+64br6OPR9ql72IH1qkvP0wRnkb8= -github.com/k3s-io/spegel v0.4.0-k3s3/go.mod h1:KdwRvRZqpyAf1xFaTkJbKcp/SMUU1DIO08dh2wuio/I= +github.com/k3s-io/spegel v0.6.0-k3s1 h1:GUdEnBaNrwXcl95vZLkXYvL5SacfVO+ps1QVanz04zI= +github.com/k3s-io/spegel v0.6.0-k3s1/go.mod h1:x6yD3BfTF6zhhpjSWXPflm5QDtwCh2U6fIVE6Gt3hFM= github.com/karrick/godirwalk v1.17.0 h1:b4kY7nqDdioR/6qnbHQyDvmA17u5G1cZ6J+CZXwSWoI= github.com/karrick/godirwalk v1.17.0/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk= github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8= @@ -900,7 +904,6 @@ github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NB github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= @@ -914,14 +917,14 @@ github.com/libp2p/go-cidranger v1.1.0 h1:ewPN8EZ0dd1LSnrtuwd4709PXVcITVeuwbag38y github.com/libp2p/go-cidranger v1.1.0/go.mod h1:KWZTfSr+r9qEo9OkI9/SIEeAtw+NNoU0dXIXt15Okic= github.com/libp2p/go-flow-metrics v0.3.0 h1:q31zcHUvHnwDO0SHaukewPYgwOBSxtt830uJtUx6784= github.com/libp2p/go-flow-metrics v0.3.0/go.mod h1:nuhlreIwEguM1IvHAew3ij7A8BMlyHQJ279ao24eZZo= -github.com/libp2p/go-libp2p v0.43.0 h1:b2bg2cRNmY4HpLK8VHYQXLX2d3iND95OjodLFymvqXU= -github.com/libp2p/go-libp2p v0.43.0/go.mod h1:IiSqAXDyP2sWH+J2gs43pNmB/y4FOi2XQPbsb+8qvzc= +github.com/libp2p/go-libp2p v0.46.0 h1:0T2yvIKpZ3DVYCuPOFxPD1layhRU486pj9rSlGWYnDM= +github.com/libp2p/go-libp2p v0.46.0/go.mod h1:TbIDnpDjBLa7isdgYpbxozIVPBTmM/7qKOJP4SFySrQ= github.com/libp2p/go-libp2p-asn-util v0.4.1 h1:xqL7++IKD9TBFMgnLPZR6/6iYhawHKHl950SO9L6n94= github.com/libp2p/go-libp2p-asn-util v0.4.1/go.mod h1:d/NI6XZ9qxw67b4e+NgpQexCIiFYJjErASrYW4PFDN8= -github.com/libp2p/go-libp2p-kad-dht v0.34.0 h1:yvJ/Vrt36GVjsqPxiGcuuwOloKuZLV9Aa7awIKyNXy0= -github.com/libp2p/go-libp2p-kad-dht v0.34.0/go.mod h1:JNbkES4W5tajS6uYivw6MPs0842cPHAwhgaPw8sQG4o= -github.com/libp2p/go-libp2p-kbucket v0.7.0 h1:vYDvRjkyJPeWunQXqcW2Z6E93Ywx7fX0jgzb/dGOKCs= -github.com/libp2p/go-libp2p-kbucket v0.7.0/go.mod h1:blOINGIj1yiPYlVEX0Rj9QwEkmVnz3EP8LK1dRKBC6g= +github.com/libp2p/go-libp2p-kad-dht v0.36.0 h1:7QuXhV36+Vyj+L6A7mrYkn2sYLrbRcbjvsYDu/gXhn8= +github.com/libp2p/go-libp2p-kad-dht v0.36.0/go.mod h1:O24LxTH9Rt3I5XU8nmiA9VynS4TrTwAyj+zBJKB05vQ= +github.com/libp2p/go-libp2p-kbucket v0.8.0 h1:QAK7RzKJpYe+EuSEATAaaHYMYLkPDGC18m9jxPLnU8s= +github.com/libp2p/go-libp2p-kbucket v0.8.0/go.mod h1:JMlxqcEyKwO6ox716eyC0hmiduSWZZl6JY93mGaaqc4= github.com/libp2p/go-libp2p-record v0.3.1 h1:cly48Xi5GjNw5Wq+7gmjfBiG9HCzQVkiZOUZ8kUl+Fg= github.com/libp2p/go-libp2p-record v0.3.1/go.mod h1:T8itUkLcWQLCYMqtX7Th6r7SexyUJpIyPgks757td/E= github.com/libp2p/go-libp2p-routing-helpers v0.7.5 h1:HdwZj9NKovMx0vqq6YNPTh6aaNzey5zHD7HeLJtq6fI= @@ -930,8 +933,8 @@ github.com/libp2p/go-libp2p-testing v0.12.0 h1:EPvBb4kKMWO29qP4mZGyhVzUyR25dvfUI github.com/libp2p/go-libp2p-testing v0.12.0/go.mod h1:KcGDRXyN7sQCllucn1cOOS+Dmm7ujhfEyXQL5lvkcPg= github.com/libp2p/go-msgio v0.3.0 h1:mf3Z8B1xcFN314sWX+2vOTShIE0Mmn2TXn3YCUQGNj0= github.com/libp2p/go-msgio v0.3.0/go.mod h1:nyRM819GmVaF9LX3l03RMh10QdOroF++NBbxAb0mmDM= -github.com/libp2p/go-netroute v0.2.2 h1:Dejd8cQ47Qx2kRABg6lPwknU7+nBnFRpko45/fFPuZ8= -github.com/libp2p/go-netroute v0.2.2/go.mod h1:Rntq6jUAH0l9Gg17w5bFGhcC9a+vk4KNXs6s7IljKYE= +github.com/libp2p/go-netroute v0.3.0 h1:nqPCXHmeNmgTJnktosJ/sIef9hvwYCrsLxXmfNks/oc= +github.com/libp2p/go-netroute v0.3.0/go.mod h1:Nkd5ShYgSMS5MUKy/MU2T57xFoOKvvLR92Lic48LEyA= github.com/libp2p/go-reuseport v0.4.0 h1:nR5KU7hD0WxXCJbmw7r2rhRYruNRl2koHw8fQscQm2s= github.com/libp2p/go-reuseport v0.4.0/go.mod h1:ZtI03j/wO5hZVDFo2jKywN6bYKWLOy8Se6DrI2E1cLU= github.com/libp2p/go-yamux/v5 v5.0.1 h1:f0WoX/bEF2E8SbE4c/k1Mo+/9z0O4oC/hWEA+nfYRSg= @@ -940,14 +943,14 @@ github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhn github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= github.com/lithammer/dedent v1.1.0 h1:VNzHMVCBNG1j0fh3OrsFRkVUwStdDArbgBWoPAffktY= github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc= -github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/lyft/protoc-gen-star v0.6.0/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA= github.com/lyft/protoc-gen-star v0.6.1/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA= github.com/lyft/protoc-gen-star/v2 v2.0.3/go.mod h1:amey7yeodaJhXSbf/TlLvWiqQfLOSpEk//mLlc+axEk= github.com/lyft/protoc-gen-star/v2 v2.0.4-0.20230330145011-496ad1ac90a4/go.mod h1:amey7yeodaJhXSbf/TlLvWiqQfLOSpEk//mLlc+axEk= -github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.9.1 h1:LbtsOm5WAswyWbvTEOqhypdPeZzHavpZx96/n553mR8= github.com/mailru/easyjson v0.9.1/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU= +github.com/marcopolo/simnet v0.0.1 h1:rSMslhPz6q9IvJeFWDoMGxMIrlsbXau3NkuIXHGJxfg= +github.com/marcopolo/simnet v0.0.1/go.mod h1:WDaQkgLAjqDUEBAOXz22+1j6wXKfGlC5sD5XWt3ddOs= github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd h1:br0buuQ854V8u83wA0rVZ8ttrq5CpaPZdvrK0LP2lOk= github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd/go.mod h1:QuCEs1Nt24+FYQEqAAncTDPJIuGs+LxK1MCiFL25pMU= github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE= @@ -959,7 +962,6 @@ github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/mattn/go-sqlite3 v1.14.32 h1:JD12Ag3oLy1zQA+BNn74xRgaBbdhbNIDYvQUEuuErjs= github.com/mattn/go-sqlite3 v1.14.32/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= -github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/mdlayher/genetlink v1.3.2 h1:KdrNKe+CTu+IbZnm/GVUMXSqBBLqcGpRDa0xkQy56gw= github.com/mdlayher/genetlink v1.3.2/go.mod h1:tcC3pkCrPUGIKKsCsp0B3AdaaKuHtaxoJRz3cc+528o= github.com/mdlayher/netlink v1.7.2 h1:/UtM3ofJap7Vl4QWCPDGXY8d3GIY2UGSDbK+QWmY8/g= @@ -968,9 +970,8 @@ github.com/mdlayher/socket v0.5.1 h1:VZaqt6RkGkt2OE9l3GcC6nZkqD3xKeQLyfleW/uBcos github.com/mdlayher/socket v0.5.1/go.mod h1:TjPLHI1UgwEv5J1B5q0zTZq12A/6H7nKmtTanQE37IQ= github.com/mdlayher/vsock v1.2.1 h1:pC1mTJTvjo1r9n9fbm7S1j04rCgCzhCOS5DY0zqHlnQ= github.com/mdlayher/vsock v1.2.1/go.mod h1:NRfCibel++DgeMD8z/hP+PPTjlNJsdPOmxcnENvE+SE= -github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= -github.com/miekg/dns v1.1.68 h1:jsSRkNozw7G/mnmXULynzMNIsgY2dHC8LO6U6Ij2JEA= -github.com/miekg/dns v1.1.68/go.mod h1:fujopn7TB3Pu3JM69XaawiU0wqjpL9/8xGop5UrTPps= +github.com/miekg/dns v1.1.69 h1:Kb7Y/1Jo+SG+a2GtfoFUfDkG//csdRPwRLkCsxDG9Sc= +github.com/miekg/dns v1.1.69/go.mod h1:7OyjD9nEba5OkqQ/hB4fy3PIoxafSZJtducccIelz3g= github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU= github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/mikioh/ipaddr v0.0.0-20190404000644-d465c8ab6721 h1:RlZweED6sbSArvlE924+mUcZuXKLBHA35U7LN621Bws= @@ -992,6 +993,8 @@ github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34= github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM= github.com/minio/minio-go/v7 v7.0.91 h1:tWLZnEfo3OZl5PoXQwcwTAPNNrjyWwOh6cbZitW5JQc= github.com/minio/minio-go/v7 v7.0.91/go.mod h1:uvMUcGrpgeSAAI6+sD3818508nUyMULw94j2Nxku/Go= +github.com/minio/minlz v1.0.1-0.20250507153514-87eb42fe8882 h1:0lgqHvJWHLGW5TuObJrfyEi6+ASTKDBWikGvPqy9Yiw= +github.com/minio/minlz v1.0.1-0.20250507153514-87eb42fe8882/go.mod h1:qT0aEB35q79LLornSzeDH75LBf3aH1MV+jB5w9Wasec= github.com/minio/sha256-simd v0.1.1-0.20190913151208-6de447530771/go.mod h1:B5e1o+1/KgNmWrSQK08Y6Z1Vb5pwIktudl0J58iy0KM= github.com/minio/sha256-simd v1.0.1 h1:6kaan5IFmwTNynnKKpDHe6FWHohJOHhCPchzK49dzMM= github.com/minio/sha256-simd v1.0.1/go.mod h1:Pz6AKMiUdngCLpeTL/RJY1M9rUuPMYujV5xJjtbRSN8= @@ -1029,7 +1032,6 @@ github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFL github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFdJifH4BDsTlE89Zl93FEloxaWZfGcifgq8= github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= @@ -1056,15 +1058,15 @@ github.com/multiformats/go-multiaddr-fmt v0.1.0 h1:WLEFClPycPkp4fnIzoFoV9FVd49/e github.com/multiformats/go-multiaddr-fmt v0.1.0/go.mod h1:hGtDIW4PU4BqJ50gW2quDuPVjyWNZxToGUh/HwTZYJo= github.com/multiformats/go-multibase v0.2.0 h1:isdYCVLvksgWlMW9OZRYJEa9pZETFivncJHmHnnd87g= github.com/multiformats/go-multibase v0.2.0/go.mod h1:bFBZX4lKCA/2lyOFSAoKH5SS6oPyjtnzK/XTFDPkNuk= -github.com/multiformats/go-multicodec v0.9.2 h1:YrlXCuqxjqm3bXl+vBq5LKz5pz4mvAsugdqy78k0pXQ= -github.com/multiformats/go-multicodec v0.9.2/go.mod h1:LLWNMtyV5ithSBUo3vFIMaeDy+h3EbkMTek1m+Fybbo= +github.com/multiformats/go-multicodec v0.10.0 h1:UpP223cig/Cx8J76jWt91njpK3GTAO1w02sdcjZDSuc= +github.com/multiformats/go-multicodec v0.10.0/go.mod h1:wg88pM+s2kZJEQfRCKBNU+g32F5aWBEjyFHXvZLTcLI= github.com/multiformats/go-multihash v0.0.8/go.mod h1:YSLudS+Pi8NHE7o6tb3D8vrpKa63epEDmG8nTduyAew= github.com/multiformats/go-multihash v0.2.3 h1:7Lyc8XfX/IY2jWb/gI7JP+o7JEq9hOa7BFvVU9RSh+U= github.com/multiformats/go-multihash v0.2.3/go.mod h1:dXgKXCXjBzdscBLk9JkjINiEsCKRVch90MdaGiKsvSM= github.com/multiformats/go-multistream v0.6.1 h1:4aoX5v6T+yWmc2raBHsTvzmFhOI8WVOer28DeBBEYdQ= github.com/multiformats/go-multistream v0.6.1/go.mod h1:ksQf6kqHAb6zIsyw7Zm+gAuVo57Qbq84E27YlYqavqw= -github.com/multiformats/go-varint v0.0.7 h1:sWSGR+f/eu5ABZA2ZpYKBILXTTs9JWpdEM/nEGOHFS8= -github.com/multiformats/go-varint v0.0.7/go.mod h1:r8PUYw/fD/SjBCiKOoDlGF6QawOELpZAu9eioSos/OU= +github.com/multiformats/go-varint v0.1.0 h1:i2wqFp4sdl3IcIxfAonHQV9qU5OsZ4Ts9IOoETFs5dI= +github.com/multiformats/go-varint v0.1.0/go.mod h1:5KVAVXegtfmNQQm/lCY+ATvDzvJJhSkUlGQV9wgObdI= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= @@ -1086,8 +1088,6 @@ github.com/nats-io/nkeys v0.4.11 h1:q44qGV008kYd9W1b1nEBkNzvnWxtRSQ7A8BoqRrcfa0= github.com/nats-io/nkeys v0.4.11/go.mod h1:szDimtgmfOi9n25JpfIdGw12tZFYXqhGxjhVxsatHVE= github.com/nats-io/nuid v1.0.1 h1:5iA8DT8V7q8WK2EScv2padNa/rTESc1KdnPw4TC2paw= github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= -github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= -github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= @@ -1115,7 +1115,6 @@ github.com/opencontainers/runtime-tools v0.9.1-0.20221107090550-2e043c6bd626/go. github.com/opencontainers/selinux v1.13.1 h1:A8nNeceYngH9Ow++M+VVEwJVpdFmrlxsN22F+ISDCJE= github.com/opencontainers/selinux v1.13.1/go.mod h1:S10WXZ/osk2kWOYKy1x2f/eXF5ZHJoUs8UU/2caNRbg= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= -github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= github.com/otiai10/copy v1.7.0 h1:hVoPiN+t+7d2nzzwMiDHPSOogsWAStewq3TwU05+clE= github.com/otiai10/copy v1.7.0/go.mod h1:rmRl6QPdJj6EiUqXQ/4Nn2lLXoNQjFCQbbNrxgc/t3U= github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE= @@ -1195,9 +1194,10 @@ github.com/pquerna/cachecontrol v0.1.0 h1:yJMy84ti9h/+OEWa752kBTKv4XC30OtVVHYv/8 github.com/pquerna/cachecontrol v0.1.0/go.mod h1:NrUG3Z7Rdu85UNR3vm7SOsl1nFIeSiQnrHV5K9mBcUI= github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g= github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U= +github.com/probe-lab/go-libdht v0.4.0 h1:LAqHuko/owRW6+0cs5wmJXbHzg09EUMJEh5DI37yXqo= +github.com/probe-lab/go-libdht v0.4.0/go.mod h1:hamw22kI6YkPQFGy5P6BrWWDrgE9ety5Si8iWAyuDvc= github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q= github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0= -github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.0/go.mod h1:NTQHnmxFpouOD0DpvP4XujX3CdOAGQPoaGhyTchlyt8= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= @@ -1205,14 +1205,13 @@ github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNw github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE= github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ2Io= github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I= -github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/prometheus/procfs v0.17.0 h1:FuLQ+05u4ZI+SS/w9+BWEM2TXiHKsUQ9TADiRH7DuK0= github.com/prometheus/procfs v0.17.0/go.mod h1:oPQLaDAMRbA+u8H5Pbfq+dl3VDAvHxMUOVhe0wYB2zw= -github.com/quic-go/qpack v0.5.1 h1:giqksBPnT/HDtZ6VhtFKgoLOWmlyo9Ei6u9PqzIMbhI= -github.com/quic-go/qpack v0.5.1/go.mod h1:+PC4XFrEskIVkcLzpEkbLqq1uCoxPhQuvK5rH1ZgaEg= -github.com/quic-go/quic-go v0.54.0 h1:6s1YB9QotYI6Ospeiguknbp2Znb/jZYjZLRXn9kMQBg= -github.com/quic-go/quic-go v0.54.0/go.mod h1:e68ZEaCdyviluZmy44P6Iey98v/Wfz6HCjQEm+l8zTY= +github.com/quic-go/qpack v0.6.0 h1:g7W+BMYynC1LbYLSqRt8PBg5Tgwxn214ZZR34VIOjz8= +github.com/quic-go/qpack v0.6.0/go.mod h1:lUpLKChi8njB4ty2bFLX2x4gzDqXwUpaO1DP9qMDZII= +github.com/quic-go/quic-go v0.57.1 h1:25KAAR9QR8KZrCZRThWMKVAwGoiHIrNbT72ULHTuI10= +github.com/quic-go/quic-go v0.57.1/go.mod h1:ly4QBAjHA2VhdnxhojRsCUOeJwKYg+taDlos92xb1+s= github.com/quic-go/webtransport-go v0.9.0 h1:jgys+7/wm6JarGDrW+lD/r9BGqBAmqY/ssklE09bA70= github.com/quic-go/webtransport-go v0.9.0/go.mod h1:4FUYIiUc75XSsF6HShcLeXXYZJ9AGwo/xh3L8M/P1ao= github.com/rancher/dynamiclistener v0.7.1 h1:vt4AGDw/s19qFCfpyYSQS8HcRc6THcTD7PIAPAK2R1o= @@ -1236,13 +1235,13 @@ github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTE github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= -github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= +github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= +github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= github.com/rootless-containers/rootlesskit v1.1.1 h1:F5psKWoWY9/VjZ3ifVcaosjvFZJOagX85U22M0/EQZE= github.com/rootless-containers/rootlesskit v1.1.1/go.mod h1:UD5GoA3dqKCJrnvnhVgQQnweMF2qZnf9KLw8EewcMZI= github.com/rs/xid v1.6.0 h1:fV591PaemRlL6JfRxGDEPl69wICngIQ3shQtzfy2gxU= github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0= -github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= @@ -1250,34 +1249,11 @@ github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfF github.com/ruudk/golang-pdf417 v0.0.0-20201230142125-a7e3863a1245/go.mod h1:pQAZKsJ8yyVxGRWYNEm9oFB8ieLgKFnamEyDmSA0BRk= github.com/sasha-s/go-deadlock v0.3.5 h1:tNCOEEDG6tBqrNDOX35j/7hL5FcFViG6awUGROb2NsU= github.com/sasha-s/go-deadlock v0.3.5/go.mod h1:bugP6EGbdGYObIlx7pUZtWqlvo8k9H6vCBBsiChJQ5U= -github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/shengdoushi/base58 v1.0.0 h1:tGe4o6TmdXFJWoI31VoSWvuaKxf0Px3gqa3sUWhAxBs= github.com/shengdoushi/base58 v1.0.0/go.mod h1:m5uIILfzcKMw6238iWAhP4l3s5+uXyF3+bJKUNhAL9I= -github.com/shurcooL/component v0.0.0-20170202220835-f88ec8f54cc4/go.mod h1:XhFIlyj5a1fBNx5aJTbKoIq0mNaPvOagO+HjB3EtxrY= -github.com/shurcooL/events v0.0.0-20181021180414-410e4ca65f48/go.mod h1:5u70Mqkb5O5cxEA8nxTsgrgLehJeAw6Oc4Ab1c/P1HM= -github.com/shurcooL/github_flavored_markdown v0.0.0-20181002035957-2122de532470/go.mod h1:2dOwnU2uBioM+SGy2aZoq1f/Sd1l9OkAeAUvjSyvgU0= -github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk= -github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ= -github.com/shurcooL/gofontwoff v0.0.0-20180329035133-29b52fc0a18d/go.mod h1:05UtEgK5zq39gLST6uB0cf3NEHjETfB4Fgr3Gx5R9Vw= -github.com/shurcooL/gopherjslib v0.0.0-20160914041154-feb6d3990c2c/go.mod h1:8d3azKNyqcHP1GaQE/c6dDgjkgSx2BZ4IoEi4F1reUI= -github.com/shurcooL/highlight_diff v0.0.0-20170515013008-09bb4053de1b/go.mod h1:ZpfEhSmds4ytuByIcDnOLkTHGUI6KNqRNPDLHDk+mUU= -github.com/shurcooL/highlight_go v0.0.0-20181028180052-98c3abbbae20/go.mod h1:UDKB5a1T23gOMUJrI+uSuH0VRDStOiUVSjBTRDVBVag= -github.com/shurcooL/home v0.0.0-20181020052607-80b7ffcb30f9/go.mod h1:+rgNQw2P9ARFAs37qieuu7ohDNQ3gds9msbT2yn85sg= -github.com/shurcooL/htmlg v0.0.0-20170918183704-d01228ac9e50/go.mod h1:zPn1wHpTIePGnXSHpsVPWEktKXHr6+SS6x/IKRb7cpw= -github.com/shurcooL/httperror v0.0.0-20170206035902-86b7830d14cc/go.mod h1:aYMfkZ6DWSJPJ6c4Wwz3QtW22G7mf/PEgaB9k/ik5+Y= -github.com/shurcooL/httpfs v0.0.0-20171119174359-809beceb2371/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg= -github.com/shurcooL/httpgzip v0.0.0-20180522190206-b1c53ac65af9/go.mod h1:919LwcH0M7/W4fcZ0/jy0qGght1GIhqyS/EgWGH2j5Q= -github.com/shurcooL/issues v0.0.0-20181008053335-6292fdc1e191/go.mod h1:e2qWDig5bLteJ4fwvDAc2NHzqFEthkqn7aOZAOpj+PQ= -github.com/shurcooL/issuesapp v0.0.0-20180602232740-048589ce2241/go.mod h1:NPpHK2TI7iSaM0buivtFUc9offApnI0Alt/K8hcHy0I= -github.com/shurcooL/notifications v0.0.0-20181007000457-627ab5aea122/go.mod h1:b5uSkrEVM1jQUspwbixRBhaIjIzL2xazXp6kntxYle0= -github.com/shurcooL/octicon v0.0.0-20181028054416-fa4f57f9efb2/go.mod h1:eWdoE5JD4R5UVWDucdOPg1g2fqQRq78IQa9zlOV1vpQ= -github.com/shurcooL/reactions v0.0.0-20181006231557-f2e0b4ca5b82/go.mod h1:TCR1lToEk4d2s07G3XGfz2QrgHXg4RJBvjrOozvoWfk= -github.com/shurcooL/sanitized_anchor_name v0.0.0-20170918181015-86672fcb3f95/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= -github.com/shurcooL/users v0.0.0-20180125191416-49c67e49c537/go.mod h1:QJTqeLYEDaXHZDBsXlPCDqdhQuJkuw4NOtaxYe3xii4= -github.com/shurcooL/webdavfs v0.0.0-20170829043945-18c3829fa133/go.mod h1:hKmq5kWdCj2z2KEozexVbfEZIWiTjhE0+UjmZgPqehw= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= @@ -1290,9 +1266,6 @@ github.com/smartystreets/goconvey v1.7.2 h1:9RBaZCeXEQ3UselpuwUQHltGVXvdwm6cv1hg github.com/smartystreets/goconvey v1.7.2/go.mod h1:Vw0tHAZW6lzCRk3xgdin6fKYcG+G3Pg9vgXWeJpQFMM= github.com/soheilhy/cmux v0.1.5 h1:jjzc5WVemNEDTLwv9tlmemhC73tI08BNOIGwBOo10Js= github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= -github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE= -github.com/sourcegraph/go-diff v0.6.0/go.mod h1:iBszgVvyxdc8SFZ7gm69go2KDdt3ag071iBaWPF6cjs= -github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA= github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI= github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4= @@ -1334,7 +1307,6 @@ github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtse github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/goleveldb v1.0.0 h1:fBdIW9lB4Iz0n9khmH8w27SJ3QEJ7+IgjPEwGSZiFdE= github.com/syndtr/goleveldb v1.0.0/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ= -github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA= github.com/tchap/go-patricia/v2 v2.3.2 h1:xTHFutuitO2zqKAQ5rCROYgUb7Or/+IC3fts9/Yc7nM= github.com/tchap/go-patricia/v2 v2.3.2/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= github.com/tidwall/btree v1.8.1 h1:27ehoXvm5AG/g+1VxLS1SD3vRhp/H7LuEfwNvddEdmA= @@ -1347,8 +1319,6 @@ github.com/urfave/cli/v2 v2.27.7 h1:bH59vdhbjLv3LAvIu6gd0usJHgoTTPhCFib8qqOwXYU= github.com/urfave/cli/v2 v2.27.7/go.mod h1:CyNAG/xg+iAOg0N4MPGZqVmv2rCoP267496AOXUZjA4= github.com/vbatts/tar-split v0.12.1 h1:CqKoORW7BUWBe7UL/iqTVvkTBOF8UvOMKOIZykxnnbo= github.com/vbatts/tar-split v0.12.1/go.mod h1:eF6B6i6ftWQcDqEn3/iGFRFRo8cBIMSJVOpnNdfTMFA= -github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU= -github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= github.com/vishvananda/netlink v1.3.1 h1:3AEMt62VKqz90r0tmNhog0r/PpWKmrEShJU0wJW6bV0= github.com/vishvananda/netlink v1.3.1/go.mod h1:ARtKouGSTGchR8aMwmkzC0qiNPrrWO5JS/XMVl45+b4= github.com/vishvananda/netns v0.0.5 h1:DfiHV+j8bA32MFM7bfEunvT8IAqQ/NzSJHtcmW5zdEY= @@ -1392,7 +1362,6 @@ github.com/zeebo/errs v1.4.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtC github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA= go.etcd.io/bbolt v1.4.3 h1:dEadXpI6G79deX5prL3QRNP6JB8UxVkqo4UPnHaNXJo= go.etcd.io/bbolt v1.4.3/go.mod h1:tKQlpPaYCVFctUIgFKFnAlvbmB3tpy1vkTnDWohtc0E= -go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -1402,8 +1371,9 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= +go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= +go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= go.opentelemetry.io/contrib/detectors/gcp v1.34.0/go.mod h1:cV4BMFcscUR/ckqLkbfQmF0PRsq8w/lMGzdbCSveBHo= go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful v0.44.0 h1:KemlMZlVwBSEGaO91WKgp41BBFsnWqqj9sKRwmOqC40= go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful v0.44.0/go.mod h1:uq8DrRaen3suIWTpdR/JNHCGpurSvMv9D5Nr5CU5TXc= @@ -1417,12 +1387,12 @@ go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGi go.opentelemetry.io/otel v1.34.0/go.mod h1:OWFPOQ+h4G8xpyjgqo4SxJYdDQ/qmRH+wivy7zzx9oI= go.opentelemetry.io/otel v1.38.0 h1:RkfdswUDRimDg0m2Az18RKOsnI8UDzppJAtj01/Ymk8= go.opentelemetry.io/otel v1.38.0/go.mod h1:zcmtmQ1+YmQM9wrNsTGV/q/uyusom3P8RxwExxkZhjM= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.37.0 h1:Ahq7pZmv87yiyn3jeFz/LekZmPLLdKejuO3NcK9MssM= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.37.0/go.mod h1:MJTqhM0im3mRLw1i8uGHnCvUEeS7VwRyxlLC78PA18M= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.37.0 h1:EtFWSnwW9hGObjkIdmlnWSydO+Qs8OwzfzXLUPg4xOc= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.37.0/go.mod h1:QjUEoiGCPkvFZ/MjK6ZZfNOS6mfVEVKYE99dFhuN2LI= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.37.0 h1:bDMKF3RUSxshZ5OjOTi8rsHGaPKsAt76FaqgvIUySLc= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.37.0/go.mod h1:dDT67G/IkA46Mr2l9Uj7HsQVwsjASyV9SjGofsiUZDA= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 h1:GqRJVj7UmLjCVyVJ3ZFLdPRmhDUp2zFmQe3RHIOsw24= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0/go.mod h1:ri3aaHSmCTVYu2AWv44YMauwAQc0aqI9gHKIcSbI1pU= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0 h1:lwI4Dc5leUqENgGuQImwLo4WnuXFPetmPpkLi2IrX54= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0/go.mod h1:Kz/oCE7z5wuyhPxsXDuaPteSWqjSBD5YaSdbxZYGbGk= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.38.0 h1:aTL7F04bJHUlztTsNGJ2l+6he8c+y/b//eR0jjjemT4= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.38.0/go.mod h1:kldtb7jDTeol0l3ewcmd8SDvx3EmIE7lyvqbasU3QC4= go.opentelemetry.io/otel/metric v1.32.0/go.mod h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8= go.opentelemetry.io/otel/metric v1.34.0/go.mod h1:CEDrp0fy2D0MvkXE+dPV7cMi8tWZwX3dmaIhwPOaqHE= go.opentelemetry.io/otel/metric v1.38.0 h1:Kl6lzIYGAh5M159u9NgiRkmoMKjvbsKtYRwgfrA6WpA= @@ -1439,8 +1409,8 @@ go.opentelemetry.io/otel/trace v1.38.0 h1:Fxk5bKrDZJUH+AMyyIXGcFAPah0oRcT+LuNtJr go.opentelemetry.io/otel/trace v1.38.0/go.mod h1:j1P9ivuFsTceSWe1oY+EeW3sc+Pp42sO++GHkg4wwhs= go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= -go.opentelemetry.io/proto/otlp v1.7.0 h1:jX1VolD6nHuFzOYso2E73H85i92Mv8JQYk0K9vz09os= -go.opentelemetry.io/proto/otlp v1.7.0/go.mod h1:fSKjH6YJ7HDlwzltzyMj036AJ3ejJLCgCSHGj4efDDo= +go.opentelemetry.io/proto/otlp v1.7.1 h1:gTOMpGDb0WTBOP8JaO72iL3auEZhVmAQg4ipjOVAtj4= +go.opentelemetry.io/proto/otlp v1.7.1/go.mod h1:b2rVh6rfI/s2pHWNlB7ILJcRALpcNDzKhACevjI+ZnE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs= @@ -1465,8 +1435,6 @@ go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= -go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= -golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+MfF/py+xQ/tYqIWW03b70/CG9Rw= golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34= golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1484,8 +1452,8 @@ golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20220827204233-334a2380cb91/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE= -golang.org/x/exp v0.0.0-20250911091902-df9299821621 h1:2id6c1/gto0kaHYyrixvknJ8tUK/Qs5IsmBtrc+FtgU= -golang.org/x/exp v0.0.0-20250911091902-df9299821621/go.mod h1:TwQYMMnGpvZyc+JpB/UAuTNIsVJifOlSkrZkhcvpVUk= +golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 h1:mgKeJMpvi0yx/sU5GsxQ7p6s2wtOnGAHZWCHUM4KGzY= +golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546/go.mod h1:j/pmGrbnkbPtQfxEe5D0VQhZC6qKbfKifgD0oM7sR70= golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= @@ -1499,7 +1467,6 @@ golang.org/x/image v0.0.0-20210607152325-775e3b0c77b9/go.mod h1:023OzeP/+EPmXeap golang.org/x/image v0.0.0-20210628002857-a66eb6448b8d/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= golang.org/x/image v0.0.0-20211028202545-6944b10bf410/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= golang.org/x/image v0.0.0-20220302094943-723b81ca9867/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= @@ -1530,13 +1497,11 @@ golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA= -golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w= +golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk= +golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc= golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8= golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1567,9 +1532,8 @@ golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4 golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/oauth2 v0.26.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= -golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= -golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= -golang.org/x/perf v0.0.0-20180704124530-6e6d33e29852/go.mod h1:JLpeXjPJfIyPr5TlbXLkXWLhP8nz10XfvxElABhCtcw= +golang.org/x/oauth2 v0.32.0 h1:jsCblLleRMDrxMN29H3z/k1KliIvpLgCkE6R8FXXNgY= +golang.org/x/oauth2 v0.32.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1600,8 +1564,8 @@ golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0= -golang.org/x/telemetry v0.0.0-20251008203120-078029d740a8 h1:LvzTn0GQhWuvKH/kVRS3R3bVAsdQWI7hvfLHGgh9+lU= -golang.org/x/telemetry v0.0.0-20251008203120-078029d740a8/go.mod h1:Pi4ztBfryZoJEkyFTI5/Ocsu2jXyDr6iSdgJiYE/uwE= +golang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54 h1:E2/AqCUMZGgd73TQkxUMcMla25GB9i/5HOdLr+uH7Vo= +golang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54/go.mod h1:hKdjCMrbv9skySur+Nek8Hd0uJ0GuxJIoIX2payrIdQ= golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g= golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU= golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254= @@ -1630,19 +1594,16 @@ golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY= golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM= golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM= -golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.1.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.13.0 h1:eUlYslOIt32DgYD6utsuUeHs4d7AsEYLuIAdg7FlYgI= -golang.org/x/time v0.13.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4= +golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI= +golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4= golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181030000716-a0a13e073c7b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= @@ -1706,8 +1667,8 @@ golang.org/x/tools v0.11.0/go.mod h1:anzJrxPjNtfgiYQYirP2CPGzGLxrH2u2QBhn6Bf3qY8 golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c= -golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ= -golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs= +golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ= +golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1730,9 +1691,6 @@ gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6d gonum.org/v1/plot v0.0.0-20190515093506-e2840ee46a6b/go.mod h1:Wt8AAjI+ypCyYX3nZBvf6cAIx93T+c/OS2HFAYskSZc= gonum.org/v1/plot v0.9.0/go.mod h1:3Pcqqmp6RHvJI72kgb8fThyUnav364FOsdDo2aGW5lY= gonum.org/v1/plot v0.10.1/go.mod h1:VZW5OlhkL1mysU9vaqNHnsy86inf6Ot+jB3r+BczCEo= -google.golang.org/api v0.0.0-20180910000450-7ca32eb868bf/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= -google.golang.org/api v0.0.0-20181030000543-1d582fd0359e/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= -google.golang.org/api v0.1.0/go.mod h1:UGEZY7KEX120AnNLIHFMKIo4obdJhkp2tPbaPlQx13Y= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= @@ -1785,8 +1743,6 @@ google.golang.org/api v0.111.0/go.mod h1:qtFHvU9mhgTJegR31csQ+rwxyUTHOKFqCKWp1J0 google.golang.org/api v0.114.0/go.mod h1:ifYI2ZsFK6/uGddGfAD5BMxlnkBqCmqHSDUVi45N5Yg= google.golang.org/api v0.122.0/go.mod h1:gcitW0lvnyWjSp9nKxAbdHKIZ6vF4aajGueeslZOyms= google.golang.org/api v0.128.0/go.mod h1:Y611qgqaE92On/7g65MQgxYul3c0rEB894kniWLY750= -google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= @@ -1802,8 +1758,8 @@ google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d/go. google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142/go.mod h1:d6be+8HhtEtucleCbxpPW9PA9XwISACu8nvpPqF0BVo= google.golang.org/genproto/googleapis/api v0.0.0-20241202173237-19429a94021a/go.mod h1:jehYqy3+AhJU9ve55aNOaSml7wUXjF9x6z2LcCfpAhY= google.golang.org/genproto/googleapis/api v0.0.0-20250218202821-56aae31c358a/go.mod h1:3kWAYMk1I75K4vykHtKt2ycnOgpA6974V7bREqbsenU= -google.golang.org/genproto/googleapis/api v0.0.0-20250707201910-8d1bb00bc6a7 h1:FiusG7LWj+4byqhbvmB+Q93B/mOxJLN2DTozDuZm4EU= -google.golang.org/genproto/googleapis/api v0.0.0-20250707201910-8d1bb00bc6a7/go.mod h1:kXqgZtrWaf6qS3jZOCnCH7WYfrvFjkC51bM8fz3RsCA= +google.golang.org/genproto/googleapis/api v0.0.0-20250825161204-c5933d9347a5 h1:BIRfGDEjiHRrk0QKZe3Xv2ieMhtgRGeLcZQ0mIVn4EY= +google.golang.org/genproto/googleapis/api v0.0.0-20250825161204-c5933d9347a5/go.mod h1:j3QtIyytwqGr1JUDtYXwtMXWPKsEa5LtzIFN1Wn5WvE= google.golang.org/genproto/googleapis/bytestream v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:ylj+BE99M198VPbBh6A8d9n3w8fChvyLK3wwBOjXBFA= google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234015-3fc162c6f38a/go.mod h1:xURIpW9ES5+/GZhnV6beoEtxQrnkRGIfP5VQG2tCBLc= google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= @@ -1818,8 +1774,8 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697/go. google.golang.org/genproto/googleapis/rpc v0.0.0-20241202173237-19429a94021a/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= google.golang.org/genproto/googleapis/rpc v0.0.0-20250212204824-5a70512c5d8b/go.mod h1:8BS3B93F/U1juMFq9+EDk+qOT5CO1R9IzXxG3PTqiRk= google.golang.org/genproto/googleapis/rpc v0.0.0-20250218202821-56aae31c358a/go.mod h1:uRxBH1mhmO8PGhU89cMcHaXKZqO+OfakD8QQO0oYwlQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 h1:pFyd6EwwL2TqFf8emdthzeX+gZE1ElRq3iM8pui4KBY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8 h1:M1rk8KBnUsBDg1oPGHNCxG4vc1f49epmTO7xscSajMk= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= google.golang.org/grpc v1.72.1 h1:HR03wO6eyZ7lknl75XlxABNVLLFc2PAb6mHlYh756mA= google.golang.org/grpc v1.72.1/go.mod h1:wH5Aktxcg25y1I3w7H69nHfXdOG3UiadoBtjh3izSDM= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= @@ -1841,8 +1797,8 @@ google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojt google.golang.org/protobuf v1.36.3/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= google.golang.org/protobuf v1.36.4/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= -google.golang.org/protobuf v1.36.9 h1:w2gp2mA27hUeUzj9Ex9FBjsBm40zfaDtEWow293U7Iw= -google.golang.org/protobuf v1.36.9/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU= +google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= +google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -1870,7 +1826,6 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.5.0 h1:Ljk6PdHdOhAb5aDMWXjDLMMhph+BpztA4v1QdqEW2eY= gotest.tools/v3 v3.5.0/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU= -grpc.go4.org v0.0.0-20170609214715-11d0a25b4919/go.mod h1:77eQGdRu53HpSqPFJFmuJdjuHRquDANNeA4x7B8WQ9o= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/pkg/spegel/spegel.go b/pkg/spegel/spegel.go index 8ebab3856877..e9ba2083bdef 100644 --- a/pkg/spegel/spegel.go +++ b/pkg/spegel/spegel.go @@ -2,6 +2,8 @@ package spegel import ( "context" + "crypto/tls" + "crypto/x509" "encoding/json" "errors" "fmt" @@ -10,12 +12,12 @@ import ( "net/url" "os" "path/filepath" + "regexp" "strconv" "time" "github.com/containerd/containerd/v2/core/remotes/docker" "github.com/k3s-io/k3s/pkg/agent/https" - "github.com/k3s-io/k3s/pkg/clientaccess" "github.com/k3s-io/k3s/pkg/daemons/config" "github.com/k3s-io/k3s/pkg/server/auth" "github.com/k3s-io/k3s/pkg/util/logger" @@ -132,6 +134,18 @@ func (c *Config) Start(ctx context.Context, nodeConfig *config.Node, criReadyCha return nil } + filters := []oci.Filter{} + regFilter, err := oci.FilterForMirroredRegistries(urls) + if err != nil { + return err + } + if regFilter != nil { + filters = append(filters, *regFilter) + } + if !resolveLatestTag { + filters = append(filters, oci.RegexFilter{Regex: regexp.MustCompile(`:latest$`)}) + } + logrus.Infof("Starting distributed registry mirror at https://%s:%s/v2 for registries %v", c.ExternalAddress, c.RegistryPort, registries) @@ -144,8 +158,31 @@ func (c *Config) Start(ctx context.Context, nodeConfig *config.Node, criReadyCha ipfslog.SetAllLoggers(level) // Get containerd client - ociOpts := []oci.ContainerdOption{oci.WithContentPath(filepath.Join(nodeConfig.Containerd.Root, "io.containerd.content.v1.content"))} - ociStore, err := oci.NewContainerd(nodeConfig.Containerd.Address, registryNamespace, nodeConfig.Containerd.Registry, urls, ociOpts...) + caCert, err := os.ReadFile(c.ServerCAFile) + if err != nil { + return pkgerrors.WithMessage(err, "failed to read server CA") + } + + certPool := x509.NewCertPool() + certPool.AppendCertsFromPEM(caCert) + + clientCert, err := tls.LoadX509KeyPair(c.ClientCertFile, c.ClientKeyFile) + if err != nil { + return err + } + + clientOpts := []oci.ClientOption{ + oci.WithTLS(certPool, []tls.Certificate{clientCert}), + } + ociClient, err := oci.NewClient(clientOpts...) + if err != nil { + return err + } + + storeOpts := []oci.ContainerdOption{ + oci.WithContentPath(filepath.Join(nodeConfig.Containerd.Root, "io.containerd.content.v1.content")), + } + ociStore, err := oci.NewContainerd(ctx, nodeConfig.Containerd.Address, registryNamespace, storeOpts...) if err != nil { return pkgerrors.WithMessage(err, "failed to create OCI store") } @@ -197,28 +234,26 @@ func (c *Config) Start(ctx context.Context, nodeConfig *config.Node, criReadyCha routerAddr := net.JoinHostPort(c.ExternalAddress, routerPort) logrus.Infof("Starting distributed registry P2P node at %s", routerAddr) - opts := routing.WithLibP2POptions( - libp2p.Identity(p2pKey), - libp2p.Peerstore(ps), - libp2p.PrivateNetwork(c.PSK), - ) - c.router, err = routing.NewP2PRouter(ctx, routerAddr, NewNotSelfBootstrapper(c.Bootstrapper), c.RegistryPort, opts) + opts := []routing.P2PRouterOption{ + routing.WithLogConnectivityErrors(false), + routing.WithLibP2POptions( + libp2p.Identity(p2pKey), + libp2p.Peerstore(ps), + libp2p.PrivateNetwork(c.PSK), + ), + } + c.router, err = routing.NewP2PRouter(ctx, routerAddr, NewNotSelfBootstrapper(c.Bootstrapper), c.RegistryPort, opts...) if err != nil { return pkgerrors.WithMessage(err, "failed to create P2P router") } go c.router.Run(ctx) - caCert, err := os.ReadFile(c.ServerCAFile) - if err != nil { - return pkgerrors.WithMessage(err, "failed to read server CA") - } - client := clientaccess.GetHTTPClient(caCert, c.ClientCertFile, c.ClientKeyFile) metrics.Register() registryOpts := []registry.RegistryOption{ - registry.WithResolveLatestTag(resolveLatestTag), + registry.WithRegistryFilters(filters), registry.WithResolveRetries(resolveRetries), registry.WithResolveTimeout(resolveTimeout), - registry.WithTransport(client.Transport), + registry.WithOCIClient(ociClient), } reg, err := registry.NewRegistry(ociStore, c.router, registryOpts...) if err != nil { @@ -230,7 +265,7 @@ func (c *Config) Start(ctx context.Context, nodeConfig *config.Node, criReadyCha } trackerOpts := []state.TrackerOption{ - state.WithResolveLatestTag(resolveLatestTag), + state.WithRegistryFilters(filters), } // Track images available in containerd and publish via p2p router From 89a27ab2627d93c64753d7f6266371ea2d0b36e2 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Wed, 12 Nov 2025 23:56:32 +0000 Subject: [PATCH 44/48] Add deferred store implimentation Spegel insists on checking containerd features when the store is created, so defer creating it until after contaienerd is up Signed-off-by: Brad Davidson (cherry picked from commit 2ed73bed3976214a17e999ec4151088c3037a0d8) Signed-off-by: Brad Davidson --- pkg/spegel/spegel.go | 6 ++- pkg/spegel/store.go | 107 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 112 insertions(+), 1 deletion(-) create mode 100644 pkg/spegel/store.go diff --git a/pkg/spegel/spegel.go b/pkg/spegel/spegel.go index e9ba2083bdef..fba456edfcef 100644 --- a/pkg/spegel/spegel.go +++ b/pkg/spegel/spegel.go @@ -182,7 +182,7 @@ func (c *Config) Start(ctx context.Context, nodeConfig *config.Node, criReadyCha storeOpts := []oci.ContainerdOption{ oci.WithContentPath(filepath.Join(nodeConfig.Containerd.Root, "io.containerd.content.v1.content")), } - ociStore, err := oci.NewContainerd(ctx, nodeConfig.Containerd.Address, registryNamespace, storeOpts...) + ociStore, err := NewDeferredContainerd(ctx, nodeConfig.Containerd.Address, registryNamespace, storeOpts...) if err != nil { return pkgerrors.WithMessage(err, "failed to create OCI store") } @@ -270,9 +270,13 @@ func (c *Config) Start(ctx context.Context, nodeConfig *config.Node, criReadyCha // Track images available in containerd and publish via p2p router go func() { + defer ociStore.Close() <-criReadyChan for { logrus.Debug("Starting embedded registry image state tracker") + if err := ociStore.Start(); err != nil { + logrus.Errorf("Failed to start deferred OCI store: %v", err) + } err := state.Track(ctx, ociStore, c.router, trackerOpts...) if err != nil && errors.Is(err, context.Canceled) { return diff --git a/pkg/spegel/store.go b/pkg/spegel/store.go new file mode 100644 index 000000000000..ee3e79f98339 --- /dev/null +++ b/pkg/spegel/store.go @@ -0,0 +1,107 @@ +package spegel + +import ( + "context" + "errors" + "io" + + "github.com/opencontainers/go-digest" + ocispec "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/spegel-org/spegel/pkg/oci" +) + +var errStoreNotStarted = errors.New("deferred OCI Store not started") + +// DeferredStore extends `oci.Store` by allowing for delayed connection +// to the backend. Functions are expected to return errors until the store +// has been started. +type DeferredStore interface { + oci.Store + io.Closer + Start() error +} + +// explicit interface check +var _ DeferredStore = &deferredStore{} + +type deferredStore struct { + store oci.Store + create func() (oci.Store, error) +} + +func (ds *deferredStore) Name() string { + if ds.store == nil { + return "deferred" + } + return ds.store.Name() +} + +func (ds *deferredStore) ListImages(ctx context.Context) ([]oci.Image, error) { + if ds.store == nil { + return nil, errStoreNotStarted + } + return ds.store.ListImages(ctx) +} + +func (ds *deferredStore) ListContent(ctx context.Context) ([][]oci.Reference, error) { + if ds.store == nil { + return nil, errStoreNotStarted + } + return ds.store.ListContent(ctx) +} + +func (ds *deferredStore) Resolve(ctx context.Context, ref string) (digest.Digest, error) { + if ds.store == nil { + return "", errStoreNotStarted + } + return ds.store.Resolve(ctx, ref) +} + +func (ds *deferredStore) Descriptor(ctx context.Context, dgst digest.Digest) (ocispec.Descriptor, error) { + if ds.store == nil { + return ocispec.Descriptor{}, errStoreNotStarted + } + return ds.store.Descriptor(ctx, dgst) +} + +func (ds *deferredStore) Open(ctx context.Context, dgst digest.Digest) (io.ReadSeekCloser, error) { + if ds.store == nil { + return nil, errStoreNotStarted + } + return ds.store.Open(ctx, dgst) +} + +func (ds *deferredStore) Subscribe(ctx context.Context) (<-chan oci.OCIEvent, error) { + if ds.store == nil { + return nil, errStoreNotStarted + } + return ds.store.Subscribe(ctx) +} + +// Close is not part of the Store interface, but probably should be. Containerd impliments it. +func (ds *deferredStore) Close() error { + store := ds.store + ds.store = nil + if closer, ok := store.(io.Closer); ok { + return closer.Close() + } + return nil +} + +// Start is called to actuall make a connection to the store backend +func (ds *deferredStore) Start() error { + var err error + if ds.store == nil && ds.create != nil { + ds.store, err = ds.create() + } + return err +} + +// NewDeferredContainerd creates a deferred store that creates a new Containerd store when Start is called. +func NewDeferredContainerd(ctx context.Context, sock, namespace string, opts ...oci.ContainerdOption) (DeferredStore, error) { + return &deferredStore{ + create: func() (oci.Store, error) { + return oci.NewContainerd(ctx, sock, namespace, opts...) + }, + }, nil +} From 7aa4f601109c7508b24da75bb4647d422a0f6c2c Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Thu, 8 Jan 2026 19:27:07 +0000 Subject: [PATCH 45/48] Update longhorn version in integration test from v1.4.0 to v1.10.1 Manifest from https://raw.githubusercontent.com/longhorn/longhorn/v1.10.1/deploy/longhorn.yaml - with modifications to use rancher-mirrored images to avoid image pull rate limits, and allow operation on a node with fewer resources. Also adds more log dumping on integration test failure. Signed-off-by: Brad Davidson (cherry picked from commit 9587f67dd1b7b748f1cc56cccfddf1e6a2d52467) Signed-off-by: Brad Davidson --- .github/workflows/integration.yaml | 18 + .../cacertrotation/cacertrotation_int_test.go | 2 + .../certrotation/certrotation_int_test.go | 2 + .../custometcdargs/custometcdargs_int_test.go | 2 + .../dualstack/dualstack_int_test.go | 2 + .../etcdrestore/etcd_restore_int_test.go | 2 + .../etcdsnapshot/etcdsnapshot_int_test.go | 2 + .../flannelipv6masq_int_test.go | 2 + .../flannelnone/flannelnone_int_test.go | 2 + tests/integration/integration.go | 24 + tests/integration/kubeflags/kubeflags_test.go | 2 + .../localstorage/localstorage_int_test.go | 2 + .../integration/longhorn/longhorn_int_test.go | 6 +- .../longhorn/testdata/longhorn.yaml | 3074 +++++++++-------- .../secretsencryption_int_test.go | 2 + tests/integration/startup/startup_int_test.go | 2 + 16 files changed, 1707 insertions(+), 1439 deletions(-) diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml index 4ddf975c8b75..aa592e1ad7d7 100644 --- a/.github/workflows/integration.yaml +++ b/.github/workflows/integration.yaml @@ -58,6 +58,24 @@ jobs: with: name: k3s-amd64 path: ./dist/artifacts + - name: Remove Unnecessary Tools + run: | + sudo rm -rf \ + /home/linuxbrew \ + /home/packer \ + /opt/az \ + /opt/microsoft \ + /usr/lib/firefox \ + /usr/lib/google-cloud-sdk \ + /usr/local/julia* \ + /usr/local/share/boost \ + /usr/local/share/chromium \ + /usr/local/share/powershell \ + /usr/share/az* \ + /usr/share/dotnet \ + /usr/share/miniconda \ + /usr/share/swift + df -khl - name: Run Integration Tests run: | chmod +x ./dist/artifacts/k3s diff --git a/tests/integration/cacertrotation/cacertrotation_int_test.go b/tests/integration/cacertrotation/cacertrotation_int_test.go index 97daba33b0ef..ad6bc7ba6a9c 100644 --- a/tests/integration/cacertrotation/cacertrotation_int_test.go +++ b/tests/integration/cacertrotation/cacertrotation_int_test.go @@ -93,6 +93,8 @@ var _ = DescribeTableSubtree("ca certificate rotation", Ordered, func(serverArgs if !testutil.IsExistingServer() { if failed { testutil.K3sSaveLog(server, false) + testutil.K3sCopyPodLogs(server) + testutil.K3sDumpResources(server, "node", "pod", "pvc", "pv") } Expect(testutil.K3sKillServer(server)).To(Succeed()) Expect(testutil.K3sCleanup(-1, "")).To(Succeed()) diff --git a/tests/integration/certrotation/certrotation_int_test.go b/tests/integration/certrotation/certrotation_int_test.go index 33349a9a4bea..3dc17b03989f 100644 --- a/tests/integration/certrotation/certrotation_int_test.go +++ b/tests/integration/certrotation/certrotation_int_test.go @@ -98,6 +98,8 @@ var _ = AfterSuite(func() { if !testutil.IsExistingServer() { if failed { testutil.K3sSaveLog(server, false) + testutil.K3sCopyPodLogs(server) + testutil.K3sDumpResources(server, "node", "pod", "pvc", "pv") } Expect(testutil.K3sKillServer(server)).To(Succeed()) Expect(testutil.K3sCleanup(-1, "")).To(Succeed()) diff --git a/tests/integration/custometcdargs/custometcdargs_int_test.go b/tests/integration/custometcdargs/custometcdargs_int_test.go index f61c46cffabd..3a852591ba86 100644 --- a/tests/integration/custometcdargs/custometcdargs_int_test.go +++ b/tests/integration/custometcdargs/custometcdargs_int_test.go @@ -62,6 +62,8 @@ var _ = AfterSuite(func() { if !testutil.IsExistingServer() { if failed { testutil.K3sSaveLog(customEtcdArgsServer, false) + testutil.K3sCopyPodLogs(customEtcdArgsServer) + testutil.K3sDumpResources(customEtcdArgsServer, "node", "pod", "pvc", "pv") } Expect(testutil.K3sKillServer(customEtcdArgsServer)).To(Succeed()) Expect(testutil.K3sCleanup(testLock, "")).To(Succeed()) diff --git a/tests/integration/dualstack/dualstack_int_test.go b/tests/integration/dualstack/dualstack_int_test.go index 9b19e045d009..e1cce3ec321e 100644 --- a/tests/integration/dualstack/dualstack_int_test.go +++ b/tests/integration/dualstack/dualstack_int_test.go @@ -61,6 +61,8 @@ var _ = AfterSuite(func() { if !testutil.IsExistingServer() && os.Getenv("CI") != "true" { if failed { testutil.K3sSaveLog(dualStackServer, false) + testutil.K3sCopyPodLogs(dualStackServer) + testutil.K3sDumpResources(dualStackServer, "node", "pod", "pvc", "pv") } Expect(testutil.K3sKillServer(dualStackServer)).To(Succeed()) Expect(testutil.K3sCleanup(testLock, "")).To(Succeed()) diff --git a/tests/integration/etcdrestore/etcd_restore_int_test.go b/tests/integration/etcdrestore/etcd_restore_int_test.go index 1a4f200f60b4..dcafee23964e 100644 --- a/tests/integration/etcdrestore/etcd_restore_int_test.go +++ b/tests/integration/etcdrestore/etcd_restore_int_test.go @@ -121,6 +121,8 @@ var _ = AfterSuite(func() { if !testutil.IsExistingServer() { if failed { testutil.K3sSaveLog(server1, false) + testutil.K3sCopyPodLogs(server1) + testutil.K3sDumpResources(server1, "node", "pod", "pvc", "pv") } Expect(testutil.K3sKillServer(server1)).To(Succeed()) Expect(testutil.K3sKillServer(server2)).To(Succeed()) diff --git a/tests/integration/etcdsnapshot/etcdsnapshot_int_test.go b/tests/integration/etcdsnapshot/etcdsnapshot_int_test.go index dc11b9e438d6..090ecaa430ae 100644 --- a/tests/integration/etcdsnapshot/etcdsnapshot_int_test.go +++ b/tests/integration/etcdsnapshot/etcdsnapshot_int_test.go @@ -183,6 +183,8 @@ var _ = AfterSuite(func() { if !testutil.IsExistingServer() { if failed { testutil.K3sSaveLog(server, false) + testutil.K3sCopyPodLogs(server) + testutil.K3sDumpResources(server, "node", "pod", "pvc", "pv") } Expect(testutil.K3sKillServer(server)).To(Succeed()) Expect(testutil.K3sCleanup(testLock, "")).To(Succeed()) diff --git a/tests/integration/flannelipv6masq/flannelipv6masq_int_test.go b/tests/integration/flannelipv6masq/flannelipv6masq_int_test.go index 7f776584016c..bca941b0a0e0 100644 --- a/tests/integration/flannelipv6masq/flannelipv6masq_int_test.go +++ b/tests/integration/flannelipv6masq/flannelipv6masq_int_test.go @@ -67,6 +67,8 @@ var _ = AfterSuite(func() { if !testutil.IsExistingServer() && os.Getenv("CI") != "true" { if failed { testutil.K3sSaveLog(server, false) + testutil.K3sCopyPodLogs(server) + testutil.K3sDumpResources(server, "node", "pod", "pvc", "pv") } Expect(testutil.K3sKillServer(server)).To(Succeed()) Expect(testutil.K3sCleanup(testLock, "")).To(Succeed()) diff --git a/tests/integration/flannelnone/flannelnone_int_test.go b/tests/integration/flannelnone/flannelnone_int_test.go index 7697305bc030..2ab85cbf4ecc 100644 --- a/tests/integration/flannelnone/flannelnone_int_test.go +++ b/tests/integration/flannelnone/flannelnone_int_test.go @@ -71,6 +71,8 @@ var _ = AfterSuite(func() { if !testutil.IsExistingServer() && os.Getenv("CI") != "true" { if failed { testutil.K3sSaveLog(server, false) + testutil.K3sCopyPodLogs(server) + testutil.K3sDumpResources(server, "node", "pod", "pvc", "pv") } Expect(testutil.K3sKillServer(server)).To(Succeed()) Expect(testutil.K3sCleanup(testLock, "")).To(Succeed()) diff --git a/tests/integration/integration.go b/tests/integration/integration.go index 571cb668e66a..c3be0d2d12e5 100644 --- a/tests/integration/integration.go +++ b/tests/integration/integration.go @@ -313,6 +313,30 @@ func K3sSaveLog(server *K3sServer, dump bool) error { return nil } +func K3sCopyPodLogs(server *K3sServer) error { + f, err := os.Create("var-log-pods-log.txt") + if err != nil { + return err + } + defer f.Close() + + results, _ := RunCommand("find /var/log/pods -type f | xargs tail -n 10000") + _, err = fmt.Fprint(f, results) + return err +} + +func K3sDumpResources(server *K3sServer, resources ...string) error { + f, err := os.Create("resources-dump-log.txt") + if err != nil { + return err + } + defer f.Close() + + results, _ := K3sCmd("kubectl", "get", "-A", "-o", "yaml", strings.Join(resources, ",")) + _, err = fmt.Fprint(f, results) + return err +} + func GetEndpointsAddresses() (string, error) { client, err := tests.K8sClient(DefaultConfig) if err != nil { diff --git a/tests/integration/kubeflags/kubeflags_test.go b/tests/integration/kubeflags/kubeflags_test.go index 4c9f662447d8..b6874dc7a2bf 100644 --- a/tests/integration/kubeflags/kubeflags_test.go +++ b/tests/integration/kubeflags/kubeflags_test.go @@ -208,6 +208,8 @@ var _ = AfterSuite(func() { if !testutil.IsExistingServer() { if failed { testutil.K3sSaveLog(server, false) + testutil.K3sCopyPodLogs(server) + testutil.K3sDumpResources(server, "node", "pod", "pvc", "pv") } Expect(testutil.K3sKillServer(server)).To(Succeed()) Expect(testutil.K3sCleanup(testLock, "")).To(Succeed()) diff --git a/tests/integration/localstorage/localstorage_int_test.go b/tests/integration/localstorage/localstorage_int_test.go index d7a898c8ebd0..098784a5f8b3 100644 --- a/tests/integration/localstorage/localstorage_int_test.go +++ b/tests/integration/localstorage/localstorage_int_test.go @@ -105,6 +105,8 @@ var _ = AfterSuite(func() { if !testutil.IsExistingServer() { if failed { testutil.K3sSaveLog(localStorageServer, false) + testutil.K3sCopyPodLogs(localStorageServer) + testutil.K3sDumpResources(localStorageServer, "node", "pod", "pvc", "pv") } Expect(testutil.K3sKillServer(localStorageServer)).To(Succeed()) Expect(testutil.K3sCleanup(testLock, "")).To(Succeed()) diff --git a/tests/integration/longhorn/longhorn_int_test.go b/tests/integration/longhorn/longhorn_int_test.go index 35a280fea478..ec8e88c67dbc 100644 --- a/tests/integration/longhorn/longhorn_int_test.go +++ b/tests/integration/longhorn/longhorn_int_test.go @@ -50,10 +50,7 @@ var _ = Describe("longhorn", Ordered, func() { Expect(result).To(ContainSubstring("namespace/longhorn-system created")) Expect(result).To(ContainSubstring("daemonset.apps/longhorn-manager created")) Expect(result).To(ContainSubstring("deployment.apps/longhorn-driver-deployer created")) - Expect(result).To(ContainSubstring("deployment.apps/longhorn-recovery-backend created")) Expect(result).To(ContainSubstring("deployment.apps/longhorn-ui created")) - Expect(result).To(ContainSubstring("deployment.apps/longhorn-conversion-webhook created")) - Expect(result).To(ContainSubstring("deployment.apps/longhorn-admission-webhook created")) }) It("starts the longhorn pods with no problems", func() { Eventually(func() error { @@ -142,6 +139,9 @@ var _ = AfterSuite(func() { if !testutil.IsExistingServer() && server != nil { if failed { testutil.K3sSaveLog(server, false) + testutil.K3sCopyPodLogs(server) + testutil.K3sDumpResources(server, "node", "pod", "pvc", "pv") + testutil.RunCommand("find /var/lib/longhorn/logs -type f | xargs tail -n 10000 &> longhorn-log.txt") } Expect(testutil.K3sKillServer(server)).To(Succeed()) Expect(testutil.K3sCleanup(testLock, "")).To(Succeed()) diff --git a/tests/integration/longhorn/testdata/longhorn.yaml b/tests/integration/longhorn/testdata/longhorn.yaml index f1e1cdb9c3da..528b462eee54 100644 --- a/tests/integration/longhorn/testdata/longhorn.yaml +++ b/tests/integration/longhorn/testdata/longhorn.yaml @@ -5,6 +5,20 @@ kind: Namespace metadata: name: longhorn-system --- +# Source: longhorn/templates/priorityclass.yaml +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + name: "longhorn-critical" + labels: + app.kubernetes.io/name: longhorn + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.10.1 +description: "Ensure Longhorn pods have the highest priority to prevent any unexpected eviction by the Kubernetes scheduler under node pressure" +globalDefault: false +preemptionPolicy: PreemptLowerPriority +value: 1000000000 +--- # Source: longhorn/templates/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount @@ -14,7 +28,18 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 +--- +# Source: longhorn/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: longhorn-ui-service-account + namespace: longhorn-system + labels: + app.kubernetes.io/name: longhorn + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.10.1 --- # Source: longhorn/templates/serviceaccount.yaml apiVersion: v1 @@ -25,7 +50,20 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 +--- +# Source: longhorn/templates/default-resource.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: longhorn-default-resource + namespace: longhorn-system + labels: + app.kubernetes.io/name: longhorn + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.10.1 +data: + default-resource.yaml: |- --- # Source: longhorn/templates/default-setting.yaml apiVersion: v1 @@ -36,10 +74,15 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 data: default-setting.yaml: |- - storage-minimal-available-percentage: "10" + default-replica-count: 1 + disable-revision-counter: "{\"v1\":\"true\"}" + guaranteed-instance-manager-cpu: "{\"v1\":\"4\",\"v2\":\"4\"}" + priority-class: "longhorn-critical" + storage-minimal-available-percentage: 5 + storage-reserved-percentage-for-default-disk: 5 --- # Source: longhorn/templates/storageclass.yaml apiVersion: v1 @@ -50,7 +93,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 data: storageclass.yaml: | kind: StorageClass @@ -64,23 +107,27 @@ data: reclaimPolicy: "Delete" volumeBindingMode: Immediate parameters: - numberOfReplicas: "3" + numberOfReplicas: "1" staleReplicaTimeout: "30" fromBackup: "" fsType: "ext4" dataLocality: "disabled" + unmapMarkSnapChainRemoved: "ignored" + disableRevisionCounter: "true" + dataEngine: "v1" + backupTargetName: "default" --- # Source: longhorn/templates/crds.yaml +# Generated crds.yaml from github.com/longhorn/longhorn-manager/k8s/pkg/apis and the crds.yaml will be copied to longhorn/longhorn chart/templates and cannot be directly used by kubectl apply. apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.17.1 labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 longhorn-manager: "" name: backingimagedatasources.longhorn.io spec: @@ -94,54 +141,13 @@ spec: singular: backingimagedatasource scope: Namespaced versions: - - additionalPrinterColumns: - - description: The current state of the pod used to provision the backing image file from source - jsonPath: .status.currentState - name: State - type: string - - description: The data source type - jsonPath: .spec.sourceType - name: SourceType - type: string - - description: The node the backing image file will be prepared on - jsonPath: .spec.nodeID - name: Node - type: string - - description: The disk the backing image file will be prepared on - jsonPath: .spec.diskUUID - name: DiskUUID - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: BackingImageDataSource is where Longhorn stores backing image data source object. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - x-kubernetes-preserve-unknown-fields: true - status: - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: false - subresources: - status: {} - additionalPrinterColumns: - description: The system generated UUID of the provisioned backing image file jsonPath: .spec.uuid name: UUID type: string - - description: The current state of the pod used to provision the backing image file from source + - description: The current state of the pod used to provision the backing image + file from source jsonPath: .status.currentState name: State type: string @@ -167,18 +173,29 @@ spec: name: v1beta2 schema: openAPIV3Schema: - description: BackingImageDataSource is where Longhorn stores backing image data source object. + description: BackingImageDataSource is where Longhorn stores backing image + data source object. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: BackingImageDataSourceSpec defines the desired state of the Longhorn backing image data source + description: BackingImageDataSourceSpec defines the desired state of the + Longhorn backing image data source properties: checksum: type: string @@ -199,12 +216,15 @@ spec: - download - upload - export-from-volume + - restore + - clone type: string uuid: type: string type: object status: - description: BackingImageDataSourceStatus defines the observed state of the Longhorn backing image data source + description: BackingImageDataSourceStatus defines the observed state of + the Longhorn backing image data source properties: checksum: type: string @@ -234,24 +254,17 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- # Source: longhorn/templates/crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.17.1 labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 longhorn-manager: "" name: backingimagemanagers.longhorn.io spec: @@ -265,52 +278,6 @@ spec: singular: backingimagemanager scope: Namespaced versions: - - additionalPrinterColumns: - - description: The current state of the manager - jsonPath: .status.currentState - name: State - type: string - - description: The image the manager pod will use - jsonPath: .spec.image - name: Image - type: string - - description: The node the manager is on - jsonPath: .spec.nodeID - name: Node - type: string - - description: The disk the manager is responsible for - jsonPath: .spec.diskUUID - name: DiskUUID - type: string - - description: The disk path the manager is using - jsonPath: .spec.diskPath - name: DiskPath - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: BackingImageManager is where Longhorn stores backing image manager object. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - x-kubernetes-preserve-unknown-fields: true - status: - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: false - subresources: - status: {} - additionalPrinterColumns: - description: The current state of the manager jsonPath: .status.currentState @@ -338,18 +305,29 @@ spec: name: v1beta2 schema: openAPIV3Schema: - description: BackingImageManager is where Longhorn stores backing image manager object. + description: BackingImageManager is where Longhorn stores backing image manager + object. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: BackingImageManagerSpec defines the desired state of the Longhorn backing image manager + description: BackingImageManagerSpec defines the desired state of the + Longhorn backing image manager properties: backingImages: additionalProperties: @@ -365,7 +343,8 @@ spec: type: string type: object status: - description: BackingImageManagerStatus defines the observed state of the Longhorn backing image manager + description: BackingImageManagerStatus defines the observed state of the + Longhorn backing image manager properties: apiMinVersion: type: integer @@ -376,18 +355,15 @@ spec: properties: currentChecksum: type: string - directory: - description: 'Deprecated: This field is useless.' - type: string - downloadProgress: - description: 'Deprecated: This field is renamed to `Progress`.' - type: integer message: type: string name: type: string progress: type: integer + realSize: + format: int64 + type: integer senderManagerAddress: type: string sendingReference: @@ -397,11 +373,11 @@ spec: type: integer state: type: string - url: - description: 'Deprecated: This field is useless now. The manager of backing image files doesn''t care if a file is downloaded and how.' - type: string uuid: type: string + virtualSize: + format: int64 + type: integer type: object nullable: true type: object @@ -419,39 +395,20 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- # Source: longhorn/templates/crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.17.1 labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 longhorn-manager: "" name: backingimages.longhorn.io spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: longhorn-conversion-webhook - namespace: longhorn-system - path: /v1/webhook/conversion - port: 9443 - conversionReviewVersions: - - v1beta2 - - v1beta1 group: longhorn.io names: kind: BackingImage @@ -462,36 +419,6 @@ spec: singular: backingimage scope: Namespaced versions: - - additionalPrinterColumns: - - description: The backing image name - jsonPath: .spec.image - name: Image - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: BackingImage is where Longhorn stores backing image object. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - x-kubernetes-preserve-unknown-fields: true - status: - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: false - subresources: - status: {} - additionalPrinterColumns: - description: The system generated UUID jsonPath: .status.uuid @@ -505,6 +432,10 @@ spec: jsonPath: .status.size name: Size type: string + - description: The virtual size of the image (may be larger than file size) + jsonPath: .status.virtualSize + name: VirtualSize + type: string - jsonPath: .metadata.creationTimestamp name: Age type: date @@ -514,24 +445,65 @@ spec: description: BackingImage is where Longhorn stores backing image object. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: BackingImageSpec defines the desired state of the Longhorn backing image + description: BackingImageSpec defines the desired state of the Longhorn + backing image properties: checksum: type: string + dataEngine: + default: v1 + enum: + - v1 + - v2 + type: string + diskFileSpecMap: + additionalProperties: + properties: + dataEngine: + enum: + - v1 + - v2 + type: string + evictionRequested: + type: boolean + type: object + type: object + diskSelector: + items: + type: string + type: array disks: additionalProperties: type: string + description: Deprecated. We are now using DiskFileSpecMap to assign + different spec to the file on different disks. type: object - imageURL: - description: 'Deprecated: This kind of info will be included in the related BackingImageDataSource.' + minNumberOfCopies: + type: integer + nodeSelector: + items: + type: string + type: array + secret: + type: string + secretNamespace: type: string sourceParameters: additionalProperties: @@ -542,29 +514,24 @@ spec: - download - upload - export-from-volume + - restore + - clone type: string type: object status: - description: BackingImageStatus defines the observed state of the Longhorn backing image status + description: BackingImageStatus defines the observed state of the Longhorn + backing image status properties: checksum: type: string - diskDownloadProgressMap: - additionalProperties: - type: integer - description: 'Deprecated: Replaced by field `Progress` in `DiskFileStatusMap`.' - nullable: true - type: object - diskDownloadStateMap: - additionalProperties: - description: BackingImageDownloadState is replaced by BackingImageState. - type: string - description: 'Deprecated: Replaced by field `State` in `DiskFileStatusMap`.' - nullable: true - type: object diskFileStatusMap: additionalProperties: properties: + dataEngine: + enum: + - v1 + - v2 + type: string lastStateTransitionTime: type: string message: @@ -583,188 +550,374 @@ spec: type: object ownerID: type: string + realSize: + description: Real size of image in bytes, which may be smaller than + the size when the file is a sparse file. Will be zero until known + (e.g. while a backing image is uploading) + format: int64 + type: integer size: format: int64 type: integer uuid: type: string + v2FirstCopyDisk: + type: string + v2FirstCopyStatus: + description: It is pending -> in-progress -> ready/failed + type: string + virtualSize: + description: Virtual size of image in bytes, which may be larger than + physical size. Will be zero until known (e.g. while a backing image + is uploading) + format: int64 + type: integer type: object type: object served: true storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- # Source: longhorn/templates/crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.17.1 labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 longhorn-manager: "" - name: backups.longhorn.io + name: backupbackingimages.longhorn.io spec: group: longhorn.io names: - kind: Backup - listKind: BackupList - plural: backups + kind: BackupBackingImage + listKind: BackupBackingImageList + plural: backupbackingimages shortNames: - - lhb - singular: backup + - lhbbi + singular: backupbackingimage scope: Namespaced versions: - additionalPrinterColumns: - - description: The snapshot name - jsonPath: .status.snapshotName - name: SnapshotName - type: string - - description: The snapshot size - jsonPath: .status.size - name: SnapshotSize - type: string - - description: The snapshot creation time - jsonPath: .status.snapshotCreatedAt - name: SnapshotCreatedAt - type: string - - description: The backup state - jsonPath: .status.state - name: State - type: string - - description: The backup last synced time - jsonPath: .status.lastSyncedAt - name: LastSyncedAt - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: Backup is where Longhorn stores backup object. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - x-kubernetes-preserve-unknown-fields: true - status: - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: The snapshot name - jsonPath: .status.snapshotName - name: SnapshotName + - description: The backing image name + jsonPath: .status.backingImage + name: BackingImage type: string - - description: The snapshot size + - description: The backing image size jsonPath: .status.size - name: SnapshotSize + name: Size type: string - - description: The snapshot creation time - jsonPath: .status.snapshotCreatedAt - name: SnapshotCreatedAt + - description: The backing image backup upload finished time + jsonPath: .status.backupCreatedAt + name: BackupCreatedAt type: string - - description: The backup state + - description: The backing image backup state jsonPath: .status.state name: State type: string - - description: The backup last synced time + - description: The last synced time jsonPath: .status.lastSyncedAt name: LastSyncedAt type: string name: v1beta2 schema: openAPIV3Schema: - description: Backup is where Longhorn stores backup object. + description: BackupBackingImage is where Longhorn stores backing image backup + object. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: BackupSpec defines the desired state of the Longhorn backup + description: BackupBackingImageSpec defines the desired state of the Longhorn + backing image backup properties: + backingImage: + description: The backing image name. + type: string + backupTargetName: + description: The backup target name. + nullable: true + type: string labels: additionalProperties: type: string - description: The labels of snapshot backup. + description: The labels of backing image backup. type: object - snapshotName: - description: The snapshot name. - type: string syncRequestedAt: - description: The time to request run sync the remote backup. + description: The time to request run sync the remote backing image + backup. format: date-time nullable: true type: string + userCreated: + description: Is this CR created by user through API or UI. + type: boolean + required: + - backingImage + - userCreated type: object status: - description: BackupStatus defines the observed state of the Longhorn backup + description: BackupBackingImageStatus defines the observed state of the + Longhorn backing image backup properties: + backingImage: + description: The backing image name. + type: string backupCreatedAt: - description: The snapshot backup upload finished time. + description: The backing image backup upload finished time. + type: string + checksum: + description: The checksum of the backing image. + type: string + compressionMethod: + description: Compression method type: string error: - description: The error message when taking the snapshot backup. + description: The error message when taking the backing image backup. type: string labels: additionalProperties: type: string - description: The labels of snapshot backup. + description: The labels of backing image backup. nullable: true type: object lastSyncedAt: - description: The last time that the backup was synced with the remote backup target. + description: The last time that the backing image backup was synced + with the remote backup target. format: date-time nullable: true type: string + managerAddress: + description: The address of the backing image manager that runs backing + image backup. + type: string messages: additionalProperties: type: string - description: The error messages when calling longhorn engine on listing or inspecting backups. + description: The error messages when listing or inspecting backing + image backup. nullable: true type: object ownerID: - description: The node ID on which the controller is responsible to reconcile this backup CR. + description: The node ID on which the controller is responsible to + reconcile this CR. type: string progress: - description: The snapshot backup progress. + description: The backing image backup progress. type: integer - replicaAddress: - description: The address of the replica that runs snapshot backup. + secret: + description: Record the secret if this backup backing image is encrypted + type: string + secretNamespace: + description: Record the secret namespace if this backup backing image + is encrypted type: string size: - description: The snapshot size. + description: The backing image size. + format: int64 + type: integer + state: + description: |- + The backing image backup creation state. + Can be "", "InProgress", "Completed", "Error", "Unknown". type: string - snapshotCreatedAt: - description: The snapshot creation time. + url: + description: The backing image backup URL. type: string - snapshotName: + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +# Source: longhorn/templates/crds.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.1 + labels: + app.kubernetes.io/name: longhorn + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.10.1 + longhorn-manager: "" + name: backups.longhorn.io +spec: + group: longhorn.io + names: + kind: Backup + listKind: BackupList + plural: backups + shortNames: + - lhb + singular: backup + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The snapshot name + jsonPath: .status.snapshotName + name: SnapshotName + type: string + - description: The snapshot size + jsonPath: .status.size + name: SnapshotSize + type: string + - description: The snapshot creation time + jsonPath: .status.snapshotCreatedAt + name: SnapshotCreatedAt + type: string + - description: The backup target name + jsonPath: .status.backupTargetName + name: BackupTarget + type: string + - description: The backup state + jsonPath: .status.state + name: State + type: string + - description: The backup last synced time + jsonPath: .status.lastSyncedAt + name: LastSyncedAt + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: Backup is where Longhorn stores backup object. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BackupSpec defines the desired state of the Longhorn backup + properties: + backupBlockSize: + description: The backup block size. 0 means the legacy default size + 2MiB, and -1 indicate the block size is invalid. + enum: + - "-1" + - "2097152" + - "16777216" + format: int64 + type: string + backupMode: + description: |- + The backup mode of this backup. + Can be "full" or "incremental" + enum: + - full + - incremental + - "" + type: string + labels: + additionalProperties: + type: string + description: The labels of snapshot backup. + type: object + snapshotName: + description: The snapshot name. + type: string + syncRequestedAt: + description: The time to request run sync the remote backup. + format: date-time + nullable: true + type: string + type: object + status: + description: BackupStatus defines the observed state of the Longhorn backup + properties: + backupCreatedAt: + description: The snapshot backup upload finished time. + type: string + backupTargetName: + description: The backup target name. + type: string + compressionMethod: + description: Compression method + type: string + error: + description: The error message when taking the snapshot backup. + type: string + labels: + additionalProperties: + type: string + description: The labels of snapshot backup. + nullable: true + type: object + lastSyncedAt: + description: The last time that the backup was synced with the remote + backup target. + format: date-time + nullable: true + type: string + messages: + additionalProperties: + type: string + description: The error messages when calling longhorn engine on listing + or inspecting backups. + nullable: true + type: object + newlyUploadDataSize: + description: Size in bytes of newly uploaded data + type: string + ownerID: + description: The node ID on which the controller is responsible to + reconcile this backup CR. + type: string + progress: + description: The snapshot backup progress. + type: integer + reUploadedDataSize: + description: Size in bytes of reuploaded data + type: string + replicaAddress: + description: The address of the replica that runs snapshot backup. + type: string + size: + description: The snapshot size. + type: string + snapshotCreatedAt: + description: The snapshot creation time. + type: string + snapshotName: description: The snapshot name. type: string state: - description: The backup creation state. Can be "", "InProgress", "Completed", "Error", "Unknown". + description: |- + The backup creation state. + Can be "", "InProgress", "Completed", "Error", "Unknown". type: string url: description: The snapshot backup URL. @@ -787,39 +940,20 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- # Source: longhorn/templates/crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.17.1 labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 longhorn-manager: "" name: backuptargets.longhorn.io spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: longhorn-conversion-webhook - namespace: longhorn-system - path: /v1/webhook/conversion - port: 9443 - conversionReviewVersions: - - v1beta2 - - v1beta1 group: longhorn.io names: kind: BackupTarget @@ -830,49 +964,6 @@ spec: singular: backuptarget scope: Namespaced versions: - - additionalPrinterColumns: - - description: The backup target URL - jsonPath: .spec.backupTargetURL - name: URL - type: string - - description: The backup target credential secret - jsonPath: .spec.credentialSecret - name: Credential - type: string - - description: The backup target poll interval - jsonPath: .spec.pollInterval - name: LastBackupAt - type: string - - description: Indicate whether the backup target is available or not - jsonPath: .status.available - name: Available - type: boolean - - description: The backup target last synced time - jsonPath: .status.lastSyncedAt - name: LastSyncedAt - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: BackupTarget is where Longhorn stores backup target object. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - x-kubernetes-preserve-unknown-fields: true - status: - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: false - subresources: - status: {} - additionalPrinterColumns: - description: The backup target URL jsonPath: .spec.backupTargetURL @@ -900,15 +991,25 @@ spec: description: BackupTarget is where Longhorn stores backup target object. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: BackupTargetSpec defines the desired state of the Longhorn backup target + description: BackupTargetSpec defines the desired state of the Longhorn + backup target properties: backupTargetURL: description: The backup target URL. @@ -917,7 +1018,8 @@ spec: description: The backup target credential secret. type: string pollInterval: - description: The interval that the cluster needs to run sync with the backup target. + description: The interval that the cluster needs to run sync with + the backup target. type: string syncRequestedAt: description: The time to request run sync the remote backup target. @@ -926,10 +1028,12 @@ spec: type: string type: object status: - description: BackupTargetStatus defines the observed state of the Longhorn backup target + description: BackupTargetStatus defines the observed state of the Longhorn + backup target properties: available: - description: Available indicates if the remote backup target is available or not. + description: Available indicates if the remote backup target is available + or not. type: boolean conditions: description: Records the reason on why the backup target is unavailable. @@ -939,16 +1043,21 @@ spec: description: Last time we probed the condition. type: string lastTransitionTime: - description: Last time the condition transitioned from one status to another. + description: Last time the condition transitioned from one status + to another. type: string message: - description: Human-readable message indicating details about last transition. + description: Human-readable message indicating details about + last transition. type: string reason: - description: Unique, one-word, CamelCase reason for the condition's last transition. + description: Unique, one-word, CamelCase reason for the condition's + last transition. type: string status: - description: Status is the status of the condition. Can be True, False, Unknown. + description: |- + Status is the status of the condition. + Can be True, False, Unknown. type: string type: description: Type is the type of the condition. @@ -957,12 +1066,14 @@ spec: nullable: true type: array lastSyncedAt: - description: The last time that the controller synced with the remote backup target. + description: The last time that the controller synced with the remote + backup target. format: date-time nullable: true type: string ownerID: - description: The node ID on which the controller is responsible to reconcile this backup target CR. + description: The node ID on which the controller is responsible to + reconcile this backup target CR. type: string type: object type: object @@ -970,24 +1081,17 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- # Source: longhorn/templates/crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.17.1 labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 longhorn-manager: "" name: backupvolumes.longhorn.io spec: @@ -1002,45 +1106,10 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: - - description: The backup volume creation time - jsonPath: .status.createdAt - name: CreatedAt - type: string - - description: The backup volume last backup name - jsonPath: .status.lastBackupName - name: LastBackupName - type: string - - description: The backup volume last backup time - jsonPath: .status.lastBackupAt - name: LastBackupAt - type: string - - description: The backup volume last synced time - jsonPath: .status.lastSyncedAt - name: LastSyncedAt + - description: The backup target name + jsonPath: .spec.backupTargetName + name: BackupTarget type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: BackupVolume is where Longhorn stores backup volume object. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - x-kubernetes-preserve-unknown-fields: true - status: - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - description: The backup volume creation time jsonPath: .status.createdAt name: CreatedAt @@ -1063,24 +1132,42 @@ spec: description: BackupVolume is where Longhorn stores backup volume object. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: BackupVolumeSpec defines the desired state of the Longhorn backup volume + description: BackupVolumeSpec defines the desired state of the Longhorn + backup volume properties: + backupTargetName: + description: The backup target name that the backup volume was synced. + nullable: true + type: string syncRequestedAt: description: The time to request run sync the remote backup volume. format: date-time nullable: true type: string + volumeName: + description: The volume name that the backup volume was used to backup. + type: string type: object status: - description: BackupVolumeStatus defines the observed state of the Longhorn backup volume + description: BackupVolumeStatus defines the observed state of the Longhorn + backup volume properties: backingImageChecksum: description: the backing image checksum. @@ -1112,62 +1199,48 @@ spec: nullable: true type: string lastSyncedAt: - description: The last time that the backup volume was synced into the cluster. + description: The last time that the backup volume was synced into + the cluster. format: date-time nullable: true type: string messages: additionalProperties: type: string - description: The error messages when call longhorn engine on list or inspect backup volumes. + description: The error messages when call longhorn engine on list + or inspect backup volumes. nullable: true type: object ownerID: - description: The node ID on which the controller is responsible to reconcile this backup volume CR. + description: The node ID on which the controller is responsible to + reconcile this backup volume CR. type: string size: description: The backup volume size. type: string + storageClassName: + description: the storage class name of pv/pvc binding with the volume. + type: string type: object type: object served: true storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- # Source: longhorn/templates/crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.17.1 labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 longhorn-manager: "" name: engineimages.longhorn.io spec: - preserveUnknownFields: false - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: longhorn-conversion-webhook - namespace: longhorn-system - path: /v1/webhook/conversion - port: 9443 - conversionReviewVersions: - - v1beta2 - - v1beta1 group: longhorn.io names: kind: EngineImage @@ -1179,48 +1252,10 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: - - description: State of the engine image - jsonPath: .status.state - name: State - type: string - - description: The Longhorn engine image - jsonPath: .spec.image - name: Image - type: string - - description: Number of resources using the engine image - jsonPath: .status.refCount - name: RefCount - type: integer - - description: The build date of the engine image - jsonPath: .status.buildDate - name: BuildDate - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: EngineImage is where Longhorn stores engine image object. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - x-kubernetes-preserve-unknown-fields: true - status: - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: + - description: Compatibility of the engine image + jsonPath: .status.incompatible + name: Incompatible + type: boolean - description: State of the engine image jsonPath: .status.state name: State @@ -1246,15 +1281,25 @@ spec: description: EngineImage is where Longhorn stores engine image object. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: EngineImageSpec defines the desired state of the Longhorn engine image + description: EngineImageSpec defines the desired state of the Longhorn + engine image properties: image: minLength: 1 @@ -1263,7 +1308,8 @@ spec: - image type: object status: - description: EngineImageStatus defines the observed state of the Longhorn engine image + description: EngineImageStatus defines the observed state of the Longhorn + engine image properties: buildDate: type: string @@ -1278,16 +1324,21 @@ spec: description: Last time we probed the condition. type: string lastTransitionTime: - description: Last time the condition transitioned from one status to another. + description: Last time the condition transitioned from one status + to another. type: string message: - description: Human-readable message indicating details about last transition. + description: Human-readable message indicating details about + last transition. type: string reason: - description: Unique, one-word, CamelCase reason for the condition's last transition. + description: Unique, one-word, CamelCase reason for the condition's + last transition. type: string status: - description: Status is the status of the condition. Can be True, False, Unknown. + description: |- + Status is the status of the condition. + Can be True, False, Unknown. type: string type: description: Type is the type of the condition. @@ -1305,6 +1356,8 @@ spec: type: integer gitCommit: type: string + incompatible: + type: boolean noRefSince: type: string nodeDeploymentMap: @@ -1326,24 +1379,17 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- # Source: longhorn/templates/crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.17.1 labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 longhorn-manager: "" name: engines.longhorn.io spec: @@ -1358,6 +1404,10 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: + - description: The data engine of the engine + jsonPath: .spec.dataEngine + name: Data Engine + type: string - description: The current state of the engine jsonPath: .status.currentState name: State @@ -1377,58 +1427,25 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - name: v1beta1 + name: v1beta2 schema: openAPIV3Schema: description: Engine is where Longhorn stores engine object. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - x-kubernetes-preserve-unknown-fields: true - status: - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: The current state of the engine - jsonPath: .status.currentState - name: State - type: string - - description: The node that the engine is on - jsonPath: .spec.nodeID - name: Node - type: string - - description: The instance manager of the engine - jsonPath: .status.instanceManagerName - name: InstanceManager - type: string - - description: The current image of the engine - jsonPath: .status.currentImage - name: Image - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta2 - schema: - openAPIV3Schema: - description: Engine is where Longhorn stores engine object. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -1439,18 +1456,25 @@ spec: type: boolean backupVolume: type: string + dataEngine: + enum: + - v1 + - v2 + type: string desireState: type: string disableFrontend: type: boolean - engineImage: - type: string frontend: enum: - blockdev - iscsi + - nvmf + - ublk - "" type: string + image: + type: string logRequested: type: boolean nodeID: @@ -1467,6 +1491,11 @@ spec: type: boolean salvageRequested: type: boolean + snapshotMaxCount: + type: integer + snapshotMaxSize: + format: int64 + type: string unmapMarkSnapChainRemovedEnabled: type: boolean upgradedReplicaAddressMap: @@ -1525,16 +1554,21 @@ spec: description: Last time we probed the condition. type: string lastTransitionTime: - description: Last time the condition transitioned from one status to another. + description: Last time the condition transitioned from one status + to another. type: string message: - description: Human-readable message indicating details about last transition. + description: Human-readable message indicating details about + last transition. type: string reason: - description: Unique, one-word, CamelCase reason for the condition's last transition. + description: Unique, one-word, CamelCase reason for the condition's + last transition. type: string status: - description: Status is the status of the condition. Can be True, False, Unknown. + description: |- + Status is the status of the condition. + Can be True, False, Unknown. type: string type: description: Type is the type of the condition. @@ -1591,6 +1625,9 @@ spec: rebuildStatus: additionalProperties: properties: + appliedRebuildingMBps: + format: int64 + type: integer error: type: string fromReplicaAddress: @@ -1609,6 +1646,14 @@ spec: type: string nullable: true type: object + replicaTransitionTimeMap: + additionalProperties: + type: string + description: |- + ReplicaTransitionTimeMap records the time a replica in ReplicaModeMap transitions from one mode to another (or + from not being in the ReplicaModeMap to being in it). This information is sometimes required by other controllers + (e.g. the volume controller uses it to determine the correct value for replica.Spec.lastHealthyAt). + type: object restoreStatus: additionalProperties: properties: @@ -1633,6 +1678,11 @@ spec: type: object salvageExecuted: type: boolean + snapshotMaxCount: + type: integer + snapshotMaxSize: + format: int64 + type: string snapshots: additionalProperties: properties: @@ -1665,34 +1715,34 @@ spec: type: string started: type: boolean + starting: + type: boolean storageIP: type: string + ublkID: + format: int32 + type: integer unmapMarkSnapChainRemovedEnabled: type: boolean + uuid: + type: string type: object type: object served: true storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- # Source: longhorn/templates/crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.17.1 labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 longhorn-manager: "" name: instancemanagers.longhorn.io spec: @@ -1707,44 +1757,10 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: - - description: The state of the instance manager - jsonPath: .status.currentState - name: State - type: string - - description: The type of the instance manager (engine or replica) - jsonPath: .spec.type - name: Type - type: string - - description: The node that the instance manager is running on - jsonPath: .spec.nodeID - name: Node + - description: The data engine of the instance manager + jsonPath: .spec.dataEngine + name: Data Engine type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: InstanceManager is where Longhorn stores instance manager object. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - x-kubernetes-preserve-unknown-fields: true - status: - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - description: The state of the instance manager jsonPath: .status.currentState name: State @@ -1766,52 +1782,217 @@ spec: description: InstanceManager is where Longhorn stores instance manager object. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: InstanceManagerSpec defines the desired state of the Longhorn instancer manager + description: InstanceManagerSpec defines the desired state of the Longhorn + instance manager properties: - engineImage: - description: 'TODO: deprecate this field' + dataEngine: type: string + dataEngineSpec: + properties: + v2: + properties: + cpuMask: + type: string + type: object + type: object image: type: string nodeID: type: string type: enum: + - aio - engine - replica type: string type: object status: - description: InstanceManagerStatus defines the observed state of the Longhorn instance manager + description: InstanceManagerStatus defines the observed state of the Longhorn + instance manager properties: apiMinVersion: type: integer apiVersion: type: integer - proxyApiMinVersion: - type: integer - proxyApiVersion: - type: integer + backingImages: + additionalProperties: + properties: + currentChecksum: + type: string + diskUUID: + type: string + message: + type: string + name: + type: string + progress: + type: integer + size: + format: int64 + type: integer + state: + type: string + uuid: + type: string + type: object + nullable: true + type: object currentState: type: string + dataEngineStatus: + properties: + v2: + properties: + cpuMask: + type: string + interruptModeEnabled: + description: |- + InterruptModeEnabled indicates whether the V2 data engine is running in + interrupt mode (true) or polling mode (false). Set by Longhorn manager; + read-only to users. + enum: + - "" + - "true" + - "false" + type: string + type: object + type: object + instanceEngines: + additionalProperties: + properties: + spec: + properties: + dataEngine: + type: string + name: + type: string + type: object + status: + properties: + conditions: + additionalProperties: + type: boolean + nullable: true + type: object + endpoint: + type: string + errorMsg: + type: string + listen: + type: string + portEnd: + format: int32 + type: integer + portStart: + format: int32 + type: integer + resourceVersion: + format: int64 + type: integer + state: + type: string + targetPortEnd: + format: int32 + type: integer + targetPortStart: + format: int32 + type: integer + type: + type: string + ublkID: + format: int32 + type: integer + uuid: + type: string + type: object + type: object + nullable: true + type: object + instanceReplicas: + additionalProperties: + properties: + spec: + properties: + dataEngine: + type: string + name: + type: string + type: object + status: + properties: + conditions: + additionalProperties: + type: boolean + nullable: true + type: object + endpoint: + type: string + errorMsg: + type: string + listen: + type: string + portEnd: + format: int32 + type: integer + portStart: + format: int32 + type: integer + resourceVersion: + format: int64 + type: integer + state: + type: string + targetPortEnd: + format: int32 + type: integer + targetPortStart: + format: int32 + type: integer + type: + type: string + ublkID: + format: int32 + type: integer + uuid: + type: string + type: object + type: object + nullable: true + type: object instances: additionalProperties: properties: spec: properties: + dataEngine: + type: string name: type: string type: object status: properties: + conditions: + additionalProperties: + type: boolean + nullable: true + type: object endpoint: type: string errorMsg: @@ -1829,56 +2010,52 @@ spec: type: integer state: type: string + targetPortEnd: + format: int32 + type: integer + targetPortStart: + format: int32 + type: integer type: type: string + ublkID: + format: int32 + type: integer + uuid: + type: string type: object type: object + description: 'Deprecated: Replaced by InstanceEngines and InstanceReplicas' nullable: true type: object ip: type: string ownerID: type: string + proxyApiMinVersion: + type: integer + proxyApiVersion: + type: integer type: object type: object served: true storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- # Source: longhorn/templates/crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.17.1 labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 longhorn-manager: "" name: nodes.longhorn.io spec: - preserveUnknownFields: false - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: longhorn-conversion-webhook - namespace: longhorn-system - path: /v1/webhook/conversion - port: 9443 - conversionReviewVersions: - - v1beta2 - - v1beta1 group: longhorn.io names: kind: Node @@ -1889,50 +2066,13 @@ spec: singular: node scope: Namespaced versions: - - additionalPrinterColumns: - - description: Indicate whether the node is ready - jsonPath: .status.conditions['Ready']['status'] - name: Ready - type: string - - description: Indicate whether the user disabled/enabled replica scheduling for the node - jsonPath: .spec.allowScheduling - name: AllowScheduling - type: boolean - - description: Indicate whether Longhorn can schedule replicas on the node - jsonPath: .status.conditions['Schedulable']['status'] - name: Schedulable - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: Node is where Longhorn stores Longhorn node object. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - x-kubernetes-preserve-unknown-fields: true - status: - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: false - subresources: - status: {} - additionalPrinterColumns: - description: Indicate whether the node is ready jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string - - description: Indicate whether the user disabled/enabled replica scheduling for the node + - description: Indicate whether the user disabled/enabled replica scheduling for + the node jsonPath: .spec.allowScheduling name: AllowScheduling type: boolean @@ -1949,10 +2089,19 @@ spec: description: Node is where Longhorn stores Longhorn node object. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -1966,6 +2115,18 @@ spec: properties: allowScheduling: type: boolean + diskDriver: + enum: + - "" + - auto + - aio + - nvme + type: string + diskType: + enum: + - filesystem + - block + type: string evictionRequested: type: boolean path: @@ -1979,14 +2140,12 @@ spec: type: array type: object type: object - engineManagerCPURequest: - type: integer evictionRequested: type: boolean + instanceManagerCPURequest: + type: integer name: type: string - replicaManagerCPURequest: - type: integer tags: items: type: string @@ -1995,6 +2154,8 @@ spec: status: description: NodeStatus defines the observed state of the Longhorn node properties: + autoEvicting: + type: boolean conditions: items: properties: @@ -2002,16 +2163,21 @@ spec: description: Last time we probed the condition. type: string lastTransitionTime: - description: Last time the condition transitioned from one status to another. + description: Last time the condition transitioned from one status + to another. type: string message: - description: Human-readable message indicating details about last transition. + description: Human-readable message indicating details about + last transition. type: string reason: - description: Unique, one-word, CamelCase reason for the condition's last transition. + description: Unique, one-word, CamelCase reason for the condition's + last transition. type: string status: - description: Status is the status of the condition. Can be True, False, Unknown. + description: |- + Status is the status of the condition. + Can be True, False, Unknown. type: string type: description: Type is the type of the condition. @@ -2029,16 +2195,21 @@ spec: description: Last time we probed the condition. type: string lastTransitionTime: - description: Last time the condition transitioned from one status to another. + description: Last time the condition transitioned from + one status to another. type: string message: - description: Human-readable message indicating details about last transition. + description: Human-readable message indicating details + about last transition. type: string reason: - description: Unique, one-word, CamelCase reason for the condition's last transition. + description: Unique, one-word, CamelCase reason for the + condition's last transition. type: string status: - description: Status is the status of the condition. Can be True, False, Unknown. + description: |- + Status is the status of the condition. + Can be True, False, Unknown. type: string type: description: Type is the type of the condition. @@ -2046,8 +2217,26 @@ spec: type: object nullable: true type: array + diskDriver: + type: string + diskName: + type: string + diskPath: + type: string + diskType: + type: string diskUUID: type: string + filesystemType: + type: string + instanceManagerName: + type: string + scheduledBackingImage: + additionalProperties: + format: int64 + type: integer + nullable: true + type: object scheduledReplica: additionalProperties: format: int64 @@ -2073,8 +2262,6 @@ spec: lastPeriodicCheckedAt: format: date-time type: string - snapshotCheckState: - type: string type: object zone: type: string @@ -2084,24 +2271,17 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- # Source: longhorn/templates/crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.17.1 labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 longhorn-manager: "" name: orphans.longhorn.io spec: @@ -2130,21 +2310,42 @@ spec: description: Orphan is where Longhorn stores orphan object. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: OrphanSpec defines the desired state of the Longhorn orphaned data + description: OrphanSpec defines the desired state of the Longhorn orphaned + data properties: + dataEngine: + description: |- + The type of data engine for instance orphan. + Can be "v1", "v2". + enum: + - v1 + - v2 + type: string nodeID: - description: The node ID on which the controller is responsible to reconcile this orphan CR. + description: The node ID on which the controller is responsible to + reconcile this orphan CR. type: string orphanType: - description: The type of the orphaned data. Can be "replica". + description: |- + The type of the orphaned data. + Can be "replica". type: string parameters: additionalProperties: @@ -2153,7 +2354,8 @@ spec: type: object type: object status: - description: OrphanStatus defines the observed state of the Longhorn orphaned data + description: OrphanStatus defines the observed state of the Longhorn orphaned + data properties: conditions: items: @@ -2162,16 +2364,21 @@ spec: description: Last time we probed the condition. type: string lastTransitionTime: - description: Last time the condition transitioned from one status to another. + description: Last time the condition transitioned from one status + to another. type: string message: - description: Human-readable message indicating details about last transition. + description: Human-readable message indicating details about + last transition. type: string reason: - description: Unique, one-word, CamelCase reason for the condition's last transition. + description: Unique, one-word, CamelCase reason for the condition's + last transition. type: string status: - description: Status is the status of the condition. Can be True, False, Unknown. + description: |- + Status is the status of the condition. + Can be True, False, Unknown. type: string type: description: Type is the type of the condition. @@ -2187,21 +2394,17 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- # Source: longhorn/templates/crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.17.1 labels: + app.kubernetes.io/name: longhorn + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.10.1 longhorn-manager: "" name: recurringjobs.longhorn.io spec: @@ -2216,61 +2419,13 @@ spec: scope: Namespaced versions: - additionalPrinterColumns: - - description: Sets groupings to the jobs. When set to "default" group will be added to the volume label when no other job label exist in volume - jsonPath: .spec.groups - name: Groups - type: string - - description: Should be one of "backup" or "snapshot" - jsonPath: .spec.task - name: Task - type: string - - description: The cron expression represents recurring job scheduling - jsonPath: .spec.cron - name: Cron - type: string - - description: The number of snapshots/backups to keep for the volume - jsonPath: .spec.retain - name: Retain - type: integer - - description: The concurrent job to run by each cron job - jsonPath: .spec.concurrency - name: Concurrency - type: integer - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Specify the labels - jsonPath: .spec.labels - name: Labels - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: RecurringJob is where Longhorn stores recurring job object. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - x-kubernetes-preserve-unknown-fields: true - status: - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Sets groupings to the jobs. When set to "default" group will be added to the volume label when no other job label exist in volume + - description: Sets groupings to the jobs. When set to "default" group will be + added to the volume label when no other job label exist in volume jsonPath: .spec.groups name: Groups type: string - - description: Should be one of "backup" or "snapshot" + - description: Should be one of "snapshot", "snapshot-force-create", "snapshot-cleanup", + "snapshot-delete", "backup", "backup-force-create", "filesystem-trim" or "system-backup" jsonPath: .spec.task name: Task type: string @@ -2299,15 +2454,25 @@ spec: description: RecurringJob is where Longhorn stores recurring job object. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: RecurringJobSpec defines the desired state of the Longhorn recurring job + description: RecurringJobSpec defines the desired state of the Longhorn + recurring job properties: concurrency: description: The concurrency of taking the snapshot/backup. @@ -2328,106 +2493,77 @@ spec: name: description: The recurring job name. type: string + parameters: + additionalProperties: + type: string + description: |- + The parameters of the snapshot/backup. + Support parameters: "full-backup-interval", "volume-backup-policy". + type: object retain: description: The retain count of the snapshot/backup. type: integer task: - description: The recurring job type. Can be "snapshot" or "backup". - enum: - - snapshot - - backup - type: string - type: object - status: - description: RecurringJobStatus defines the observed state of the Longhorn recurring job - properties: - ownerID: - description: The owner ID which is responsible to reconcile this recurring job CR. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -# Source: longhorn/templates/crds.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null - labels: - app.kubernetes.io/name: longhorn - app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 - longhorn-manager: "" - name: replicas.longhorn.io -spec: - group: longhorn.io - names: - kind: Replica - listKind: ReplicaList - plural: replicas - shortNames: - - lhr - singular: replica - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The current state of the replica - jsonPath: .status.currentState - name: State - type: string - - description: The node that the replica is on - jsonPath: .spec.nodeID - name: Node - type: string - - description: The disk that the replica is on - jsonPath: .spec.diskID - name: Disk - type: string - - description: The instance manager of the replica - jsonPath: .status.instanceManagerName - name: InstanceManager - type: string - - description: The current image of the replica - jsonPath: .status.currentImage - name: Image - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: Replica is where Longhorn stores replica object. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: + description: |- + The recurring job task. + Can be "snapshot", "snapshot-force-create", "snapshot-cleanup", "snapshot-delete", "backup", "backup-force-create", "filesystem-trim" or "system-backup". + enum: + - snapshot + - snapshot-force-create + - snapshot-cleanup + - snapshot-delete + - backup + - backup-force-create + - filesystem-trim + - system-backup + type: string type: object - spec: - x-kubernetes-preserve-unknown-fields: true status: - x-kubernetes-preserve-unknown-fields: true + description: RecurringJobStatus defines the observed state of the Longhorn + recurring job + properties: + executionCount: + description: The number of jobs that have been triggered. + type: integer + ownerID: + description: The owner ID which is responsible to reconcile this recurring + job CR. + type: string + type: object type: object served: true - storage: false + storage: true subresources: status: {} +--- +# Source: longhorn/templates/crds.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.1 + labels: + app.kubernetes.io/name: longhorn + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.10.1 + longhorn-manager: "" + name: replicas.longhorn.io +spec: + group: longhorn.io + names: + kind: Replica + listKind: ReplicaList + plural: replicas + shortNames: + - lhr + singular: replica + scope: Namespaced + versions: - additionalPrinterColumns: + - description: The data engine of the replica + jsonPath: .spec.dataEngine + name: Data Engine + type: string - description: The current state of the replica jsonPath: .status.currentState name: State @@ -2457,10 +2593,19 @@ spec: description: Replica is where Longhorn stores replica object. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -2471,13 +2616,12 @@ spec: type: boolean backingImage: type: string - baseImage: - description: Deprecated. Rename to BackingImage - type: string dataDirectoryName: type: string - dataPath: - description: Deprecated + dataEngine: + enum: + - v1 + - v2 type: string desireState: type: string @@ -2485,18 +2629,56 @@ spec: type: string diskPath: type: string - engineImage: - type: string engineName: type: string + evictionRequested: + type: boolean failedAt: + description: |- + FailedAt is set when a running replica fails or when a running engine is unable to use a replica for any reason. + FailedAt indicates the time the failure occurred. When FailedAt is set, a replica is likely to have useful + (though possibly stale) data. A replica with FailedAt set must be rebuilt from a non-failed replica (or it can + be used in a salvage if all replicas are failed). FailedAt is cleared before a rebuild or salvage. FailedAt may + be later than the corresponding entry in an engine's replicaTransitionTimeMap because it is set when the volume + controller acknowledges the change. type: string hardNodeAffinity: type: string healthyAt: + description: |- + HealthyAt is set the first time a replica becomes read/write in an engine after creation or rebuild. HealthyAt + indicates the time the last successful rebuild occurred. When HealthyAt is set, a replica is likely to have + useful (though possibly stale) data. HealthyAt is cleared before a rebuild. HealthyAt may be later than the + corresponding entry in an engine's replicaTransitionTimeMap because it is set when the volume controller + acknowledges the change. + type: string + image: + type: string + lastFailedAt: + description: |- + LastFailedAt is always set at the same time as FailedAt. Unlike FailedAt, LastFailedAt is never cleared. + LastFailedAt is not a reliable indicator of the state of a replica's data. For example, a replica with + LastFailedAt may already be healthy and in use again. However, because it is never cleared, it can be compared to + LastHealthyAt to help prevent dangerous replica deletion in some corner cases. LastFailedAt may be later than the + corresponding entry in an engine's replicaTransitionTimeMap because it is set when the volume controller + acknowledges the change. + type: string + lastHealthyAt: + description: |- + LastHealthyAt is set every time a replica becomes read/write in an engine. Unlike HealthyAt, LastHealthyAt is + never cleared. LastHealthyAt is not a reliable indicator of the state of a replica's data. For example, a + replica with LastHealthyAt set may be in the middle of a rebuild. However, because it is never cleared, it can be + compared to LastFailedAt to help prevent dangerous replica deletion in some corner cases. LastHealthyAt may be + later than the corresponding entry in an engine's replicaTransitionTimeMap because it is set when the volume + controller acknowledges the change. type: string logRequested: type: boolean + migrationEngineName: + description: |- + MigrationEngineName is indicating the migrating engine which current connected to this replica. This is only + used for live migration of v2 data engine + type: string nodeID: type: string rebuildRetryCount: @@ -2505,6 +2687,11 @@ spec: type: boolean salvageRequested: type: boolean + snapshotMaxCount: + type: integer + snapshotMaxSize: + format: int64 + type: string unmapMarkDiskChainRemovedEnabled: type: boolean volumeName: @@ -2514,7 +2701,8 @@ spec: type: string type: object status: - description: ReplicaStatus defines the observed state of the Longhorn replica + description: ReplicaStatus defines the observed state of the Longhorn + replica properties: conditions: items: @@ -2523,16 +2711,21 @@ spec: description: Last time we probed the condition. type: string lastTransitionTime: - description: Last time the condition transitioned from one status to another. + description: Last time the condition transitioned from one status + to another. type: string message: - description: Human-readable message indicating details about last transition. + description: Human-readable message indicating details about + last transition. type: string reason: - description: Unique, one-word, CamelCase reason for the condition's last transition. + description: Unique, one-word, CamelCase reason for the condition's + last transition. type: string status: - description: Status is the status of the condition. Can be True, False, Unknown. + description: |- + Status is the status of the condition. + Can be True, False, Unknown. type: string type: description: Type is the type of the condition. @@ -2544,8 +2737,6 @@ spec: type: string currentState: type: string - evictionRequested: - type: boolean instanceManagerName: type: string ip: @@ -2560,32 +2751,32 @@ spec: type: boolean started: type: boolean + starting: + type: boolean storageIP: type: string + ublkID: + format: int32 + type: integer + uuid: + type: string type: object type: object served: true storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- # Source: longhorn/templates/crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.17.1 labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 longhorn-manager: "" name: settings.longhorn.io spec: @@ -2604,36 +2795,10 @@ spec: jsonPath: .value name: Value type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: Setting is where Longhorn stores setting object. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - value: - type: string - required: - - value - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: The value of the setting - jsonPath: .value - name: Value - type: string + - description: The setting is applied + jsonPath: .status.applied + name: Applied + type: boolean - jsonPath: .metadata.creationTimestamp name: Age type: date @@ -2643,14 +2808,36 @@ spec: description: Setting is where Longhorn stores setting object. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object + status: + description: The status of the setting. + properties: + applied: + description: The setting is applied. + type: boolean + required: + - applied + type: object value: + description: |- + The value of the setting. + - It can be a non-JSON formatted string that is applied to all the applicable data engines listed in the setting definition. + - It can be a JSON formatted string that contains values for applicable data engines listed in the setting definition's Default. type: string required: - value @@ -2659,24 +2846,17 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- # Source: longhorn/templates/crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.17.1 labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 longhorn-manager: "" name: sharemanagers.longhorn.io spec: @@ -2690,40 +2870,6 @@ spec: singular: sharemanager scope: Namespaced versions: - - additionalPrinterColumns: - - description: The state of the share manager - jsonPath: .status.state - name: State - type: string - - description: The node that the share manager is owned by - jsonPath: .status.ownerID - name: Node - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: ShareManager is where Longhorn stores share manager object. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - x-kubernetes-preserve-unknown-fields: true - status: - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: false - subresources: - status: {} - additionalPrinterColumns: - description: The state of the share manager jsonPath: .status.state @@ -2742,27 +2888,45 @@ spec: description: ShareManager is where Longhorn stores share manager object. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: ShareManagerSpec defines the desired state of the Longhorn share manager + description: ShareManagerSpec defines the desired state of the Longhorn + share manager properties: image: + description: Share manager image used for creating a share manager + pod type: string type: object status: - description: ShareManagerStatus defines the observed state of the Longhorn share manager + description: ShareManagerStatus defines the observed state of the Longhorn + share manager properties: endpoint: + description: NFS endpoint that can access the mounted filesystem of + the volume type: string ownerID: + description: The node ID on which the controller is responsible to + reconcile this share manager resource type: string state: + description: The state of the share manager resource type: string type: object type: object @@ -2770,24 +2934,17 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- # Source: longhorn/templates/crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.17.1 labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 longhorn-manager: "" name: snapshots.longhorn.io spec: @@ -2810,11 +2967,13 @@ spec: jsonPath: .status.creationTime name: CreationTime type: string - - description: Indicates if the snapshot is ready to be used to restore/backup a volume + - description: Indicates if the snapshot is ready to be used to restore/backup + a volume jsonPath: .status.readyToUse name: ReadyToUse type: boolean - - description: Represents the minimum size of volume required to rehydrate from this snapshot + - description: Represents the minimum size of volume required to rehydrate from + this snapshot jsonPath: .status.restoreSize name: RestoreSize type: string @@ -2831,10 +2990,19 @@ spec: description: Snapshot is the Schema for the snapshots API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -2851,7 +3019,9 @@ spec: nullable: true type: object volume: - description: the volume that this snapshot belongs to. This field is immutable after creation. Required + description: |- + the volume that this snapshot belongs to. + This field is immutable after creation. type: string required: - volume @@ -2897,24 +3067,17 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- # Source: longhorn/templates/crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.17.1 labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 longhorn-manager: "" name: supportbundles.longhorn.io spec: @@ -2950,15 +3113,25 @@ spec: description: SupportBundle is where Longhorn stores support bundle object properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: SupportBundleSpec defines the desired state of the Longhorn SupportBundle + description: SupportBundleSpec defines the desired state of the Longhorn + SupportBundle properties: description: description: A brief description of the issue @@ -2974,7 +3147,8 @@ spec: - description type: object status: - description: SupportBundleStatus defines the observed state of the Longhorn SupportBundle + description: SupportBundleStatus defines the observed state of the Longhorn + SupportBundle properties: conditions: items: @@ -2983,16 +3157,21 @@ spec: description: Last time we probed the condition. type: string lastTransitionTime: - description: Last time the condition transitioned from one status to another. + description: Last time the condition transitioned from one status + to another. type: string message: - description: Human-readable message indicating details about last transition. + description: Human-readable message indicating details about + last transition. type: string reason: - description: Unique, one-word, CamelCase reason for the condition's last transition. + description: Unique, one-word, CamelCase reason for the condition's + last transition. type: string status: - description: Status is the status of the condition. Can be True, False, Unknown. + description: |- + Status is the status of the condition. + Can be True, False, Unknown. type: string type: description: Type is the type of the condition. @@ -3023,24 +3202,17 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- # Source: longhorn/templates/crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.17.1 labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 longhorn-manager: "" name: systembackups.longhorn.io spec: @@ -3077,18 +3249,36 @@ spec: description: SystemBackup is where Longhorn stores system backup object properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: SystemBackupSpec defines the desired state of the Longhorn SystemBackup + description: SystemBackupSpec defines the desired state of the Longhorn + SystemBackup + properties: + volumeBackupPolicy: + description: |- + The create volume backup policy + Can be "if-not-present", "always" or "disabled" + nullable: true + type: string type: object status: - description: SystemBackupStatus defines the observed state of the Longhorn SystemBackup + description: SystemBackupStatus defines the observed state of the Longhorn + SystemBackup properties: conditions: items: @@ -3097,16 +3287,21 @@ spec: description: Last time we probed the condition. type: string lastTransitionTime: - description: Last time the condition transitioned from one status to another. + description: Last time the condition transitioned from one status + to another. type: string message: - description: Human-readable message indicating details about last transition. + description: Human-readable message indicating details about + last transition. type: string reason: - description: Unique, one-word, CamelCase reason for the condition's last transition. + description: Unique, one-word, CamelCase reason for the condition's + last transition. type: string status: - description: Status is the status of the condition. Can be True, False, Unknown. + description: |- + Status is the status of the condition. + Can be True, False, Unknown. type: string type: description: Type is the type of the condition. @@ -3123,7 +3318,8 @@ spec: nullable: true type: string lastSyncedAt: - description: The last time that the system backup was synced into the cluster. + description: The last time that the system backup was synced into + the cluster. format: date-time nullable: true type: string @@ -3131,7 +3327,8 @@ spec: description: The saved manager image. type: string ownerID: - description: The node ID of the responsible controller to reconcile this SystemBackup. + description: The node ID of the responsible controller to reconcile + this SystemBackup. type: string state: description: The system backup state. @@ -3146,24 +3343,17 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- # Source: longhorn/templates/crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.17.1 labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 longhorn-manager: "" name: systemrestores.longhorn.io spec: @@ -3191,15 +3381,25 @@ spec: description: SystemRestore is where Longhorn stores system restore object properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: SystemRestoreSpec defines the desired state of the Longhorn SystemRestore + description: SystemRestoreSpec defines the desired state of the Longhorn + SystemRestore properties: systemBackup: description: The system backup name in the object store. @@ -3208,7 +3408,8 @@ spec: - systemBackup type: object status: - description: SystemRestoreStatus defines the observed state of the Longhorn SystemRestore + description: SystemRestoreStatus defines the observed state of the Longhorn + SystemRestore properties: conditions: items: @@ -3217,16 +3418,21 @@ spec: description: Last time we probed the condition. type: string lastTransitionTime: - description: Last time the condition transitioned from one status to another. + description: Last time the condition transitioned from one status + to another. type: string message: - description: Human-readable message indicating details about last transition. + description: Human-readable message indicating details about + last transition. type: string reason: - description: Unique, one-word, CamelCase reason for the condition's last transition. + description: Unique, one-word, CamelCase reason for the condition's + last transition. type: string status: - description: Status is the status of the condition. Can be True, False, Unknown. + description: |- + Status is the status of the condition. + Can be True, False, Unknown. type: string type: description: Type is the type of the condition. @@ -3235,7 +3441,8 @@ spec: nullable: true type: array ownerID: - description: The node ID of the responsible controller to reconcile this SystemRestore. + description: The node ID of the responsible controller to reconcile + this SystemRestore. type: string sourceURL: description: The source system backup URL. @@ -3249,96 +3456,183 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- # Source: longhorn/templates/crds.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.7.0 + controller-gen.kubebuilder.io/version: v0.17.1 labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 longhorn-manager: "" - name: volumes.longhorn.io + name: volumeattachments.longhorn.io spec: - preserveUnknownFields: false - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: longhorn-conversion-webhook - namespace: longhorn-system - path: /v1/webhook/conversion - port: 9443 - conversionReviewVersions: - - v1beta2 - - v1beta1 group: longhorn.io names: - kind: Volume - listKind: VolumeList - plural: volumes + kind: VolumeAttachment + listKind: VolumeAttachmentList + plural: volumeattachments shortNames: - - lhv - singular: volume + - lhva + singular: volumeattachment scope: Namespaced versions: - additionalPrinterColumns: - - description: The state of the volume - jsonPath: .status.state - name: State - type: string - - description: The robustness of the volume - jsonPath: .status.robustness - name: Robustness - type: string - - description: The scheduled condition of the volume - jsonPath: .status.conditions['scheduled']['status'] - name: Scheduled - type: string - - description: The size of the volume - jsonPath: .spec.size - name: Size - type: string - - description: The node that the volume is currently attaching to - jsonPath: .status.currentNodeID - name: Node - type: string - jsonPath: .metadata.creationTimestamp name: Age type: date - name: v1beta1 + name: v1beta2 schema: openAPIV3Schema: - description: Volume is where Longhorn stores volume object. + description: VolumeAttachment stores attachment information of a Longhorn + volume properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - x-kubernetes-preserve-unknown-fields: true + description: VolumeAttachmentSpec defines the desired state of Longhorn + VolumeAttachment + properties: + attachmentTickets: + additionalProperties: + properties: + generation: + description: |- + A sequence number representing a specific generation of the desired state. + Populated by the system. Read-only. + format: int64 + type: integer + id: + description: The unique ID of this attachment. Used to differentiate + different attachments of the same volume. + type: string + nodeID: + description: The node that this attachment is requesting + type: string + parameters: + additionalProperties: + type: string + description: Optional additional parameter for this attachment + type: object + type: + type: string + type: object + type: object + volume: + description: The name of Longhorn volume of this VolumeAttachment + type: string + required: + - volume + type: object status: - x-kubernetes-preserve-unknown-fields: true + description: VolumeAttachmentStatus defines the observed state of Longhorn + VolumeAttachment + properties: + attachmentTicketStatuses: + additionalProperties: + properties: + conditions: + description: Record any error when trying to fulfill this attachment + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + type: string + lastTransitionTime: + description: Last time the condition transitioned from + one status to another. + type: string + message: + description: Human-readable message indicating details + about last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the + condition's last transition. + type: string + status: + description: |- + Status is the status of the condition. + Can be True, False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + nullable: true + type: array + generation: + description: |- + A sequence number representing a specific generation of the desired state. + Populated by the system. Read-only. + format: int64 + type: integer + id: + description: The unique ID of this attachment. Used to differentiate + different attachments of the same volume. + type: string + satisfied: + description: Indicate whether this attachment ticket has been + satisfied + type: boolean + required: + - conditions + - satisfied + type: object + type: object + type: object type: object served: true - storage: false + storage: true subresources: status: {} +--- +# Source: longhorn/templates/crds.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.17.1 + labels: + app.kubernetes.io/name: longhorn + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.10.1 + longhorn-manager: "" + name: volumes.longhorn.io +spec: + group: longhorn.io + names: + kind: Volume + listKind: VolumeList + plural: volumes + shortNames: + - lhv + singular: volume + scope: Namespaced + versions: - additionalPrinterColumns: + - description: The data engine of the volume + jsonPath: .spec.dataEngine + name: Data Engine + type: string - description: The state of the volume jsonPath: .status.state name: State @@ -3368,10 +3662,19 @@ spec: description: Volume is where Longhorn stores volume object. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -3387,8 +3690,34 @@ spec: type: string backingImage: type: string - baseImage: - description: Deprecated. Rename to BackingImage + backupBlockSize: + description: BackupBlockSize indicate the block size to create backups. + The block size is immutable. + enum: + - "2097152" + - "16777216" + format: int64 + type: string + backupCompressionMethod: + enum: + - none + - lz4 + - gzip + type: string + backupTargetName: + description: The backup target name that the volume will be backed + up to or is synced. + type: string + cloneMode: + enum: + - "" + - full-copy + - linked-clone + type: string + dataEngine: + enum: + - v1 + - v2 type: string dataLocality: enum: @@ -3406,22 +3735,26 @@ spec: type: array encrypted: type: boolean - engineImage: - type: string - fromBackup: - type: string - restoreVolumeRecurringJob: + freezeFilesystemForSnapshot: + description: Setting that freezes the filesystem on the root partition + before a snapshot is created. enum: - ignored - enabled - disabled type: string + fromBackup: + type: string frontend: enum: - blockdev - iscsi + - nvmf + - ublk - "" type: string + image: + type: string lastAttachedBy: type: string migratable: @@ -3436,34 +3769,17 @@ spec: type: array numberOfReplicas: type: integer - recurringJobs: - description: Deprecated. Replaced by a separate resource named "RecurringJob" - items: - description: 'VolumeRecurringJobSpec is a deprecated struct. TODO: Should be removed when recurringJobs gets removed from the volume spec.' - properties: - concurrency: - type: integer - cron: - type: string - groups: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - retain: - type: integer - task: - enum: - - snapshot - - backup - type: string - type: object - type: array + offlineRebuilding: + description: |- + Specifies whether Longhorn should rebuild replicas while the detached volume is degraded. + - ignored: Use the global setting for offline replica rebuilding. + - enabled: Enable offline rebuilding for this volume, regardless of the global setting. + - disabled: Disable offline rebuilding for this volume, regardless of the global setting + enum: + - ignored + - disabled + - enabled + type: string replicaAutoBalance: enum: - ignored @@ -3471,6 +3787,44 @@ spec: - least-effort - best-effort type: string + replicaDiskSoftAntiAffinity: + description: Replica disk soft anti affinity of the volume. Set enabled + to allow replicas to be scheduled in the same disk. + enum: + - ignored + - enabled + - disabled + type: string + replicaRebuildingBandwidthLimit: + description: ReplicaRebuildingBandwidthLimit controls the maximum + write bandwidth (in megabytes per second) allowed on the destination + replica during the rebuilding process. Set this value to 0 to disable + bandwidth limiting. + format: int64 + minimum: 0 + type: integer + replicaSoftAntiAffinity: + description: Replica soft anti affinity of the volume. Set enabled + to allow replicas to be scheduled on the same node. + enum: + - ignored + - enabled + - disabled + type: string + replicaZoneSoftAntiAffinity: + description: Replica zone soft anti affinity of the volume. Set enabled + to allow replicas to be scheduled in the same zone. + enum: + - ignored + - enabled + - disabled + type: string + restoreVolumeRecurringJob: + enum: + - ignored + - enabled + - disabled + type: string revisionCounterDisabled: type: boolean size: @@ -3483,6 +3837,11 @@ spec: - enabled - fast-check type: string + snapshotMaxCount: + type: integer + snapshotMaxSize: + format: int64 + type: string staleReplicaTimeout: type: integer unmapMarkSnapChainRemoved: @@ -3500,6 +3859,10 @@ spec: type: integer cloneStatus: properties: + attemptCount: + type: integer + nextAllowedAttemptAt: + type: string snapshot: type: string sourceVolume: @@ -3514,16 +3877,21 @@ spec: description: Last time we probed the condition. type: string lastTransitionTime: - description: Last time the condition transitioned from one status to another. + description: Last time the condition transitioned from one status + to another. type: string message: - description: Human-readable message indicating details about last transition. + description: Human-readable message indicating details about + last transition. type: string reason: - description: Unique, one-word, CamelCase reason for the condition's last transition. + description: Unique, one-word, CamelCase reason for the condition's + last transition. type: string status: - description: Status is the status of the condition. Can be True, False, Unknown. + description: |- + Status is the status of the condition. + Can be True, False, Unknown. type: string type: description: Type is the type of the condition. @@ -3533,6 +3901,9 @@ spec: type: array currentImage: type: string + currentMigrationNodeID: + description: the node that this volume is currently migrating to + type: string currentNodeID: type: string expansionRequired: @@ -3580,8 +3951,6 @@ spec: type: string ownerID: type: string - pendingNodeID: - type: string remountRequestedAt: type: string restoreInitiated: @@ -3602,12 +3971,6 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] --- # Source: longhorn/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -3617,7 +3980,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 rules: - apiGroups: - apiextensions.k8s.io @@ -3626,41 +3989,48 @@ rules: verbs: - "*" - apiGroups: [""] - resources: ["pods", "events", "persistentvolumes", "persistentvolumeclaims","persistentvolumeclaims/status", "nodes", "proxy/nodes", "pods/log", "secrets", "services", "endpoints", "configmaps", "serviceaccounts"] + resources: ["pods"] + verbs: ["get", "list", "watch", "delete", "deletecollection"] +- apiGroups: [""] + resources: ["secrets", "services", "endpoints", "configmaps", "serviceaccounts", "pods/log"] + verbs: ["get", "list", "watch"] +- apiGroups: [""] + resources: ["events", "persistentvolumes", "persistentvolumeclaims", "persistentvolumeclaims/status", "nodes"] verbs: ["*"] - apiGroups: [""] resources: ["namespaces"] verbs: ["get", "list"] - apiGroups: ["apps"] - resources: ["daemonsets", "statefulsets", "deployments"] - verbs: ["*"] + resources: ["daemonsets", "statefulsets", "deployments", "replicasets"] + verbs: ["get", "list", "watch"] - apiGroups: ["batch"] resources: ["jobs", "cronjobs"] - verbs: ["*"] + verbs: ["get", "list", "watch"] - apiGroups: ["policy"] - resources: ["poddisruptionbudgets", "podsecuritypolicies"] - verbs: ["*"] + resources: ["poddisruptionbudgets"] + verbs: ["get", "list", "watch"] - apiGroups: ["scheduling.k8s.io"] resources: ["priorityclasses"] verbs: ["watch", "list"] - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses", "volumeattachments", "volumeattachments/status", "csinodes", "csidrivers"] + resources: ["storageclasses", "volumeattachments", "volumeattachments/status", "csinodes", "csidrivers", "csistoragecapacities"] verbs: ["*"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotclasses", "volumesnapshots", "volumesnapshotcontents", "volumesnapshotcontents/status"] verbs: ["*"] - apiGroups: ["longhorn.io"] - resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", "settings/status", "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", "backingimagemanagers", "backingimagemanagers/status", "backingimagedatasources", "backingimagedatasources/status", "backuptargets", "backuptargets/status", "backupvolumes", "backupvolumes/status", "backups", "backups/status", "recurringjobs", "recurringjobs/status", "orphans", "orphans/status", "snapshots", "snapshots/status", - "supportbundles", "supportbundles/status", "systembackups", "systembackups/status", "systemrestores", "systemrestores/status"] + "supportbundles", "supportbundles/status", "systembackups", "systembackups/status", "systemrestores", "systemrestores/status", + "volumeattachments", "volumeattachments/status", "backupbackingimages", "backupbackingimages/status"] verbs: ["*"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] - verbs: ["*"] + verbs: ["get", "list", "watch"] - apiGroups: ["metrics.k8s.io"] resources: ["pods", "nodes"] verbs: ["get", "list"] @@ -3671,7 +4041,13 @@ rules: resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] verbs: ["get", "list", "create", "patch", "delete"] - apiGroups: ["rbac.authorization.k8s.io"] - resources: ["roles", "rolebindings", "clusterrolebindings", "clusterroles"] + resources: ["roles", "rolebindings"] + verbs: ["get", "list", "watch"] +- apiGroups: ["discovery.k8s.io"] + resources: ["endpointslices"] + verbs: ["get", "list", "watch"] +- apiGroups: ["rbac.authorization.k8s.io"] + resources: ["clusterrolebindings", "clusterroles"] verbs: ["*"] --- # Source: longhorn/templates/clusterrolebinding.yaml @@ -3682,7 +4058,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -3700,7 +4076,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -3710,6 +4086,54 @@ subjects: name: longhorn-support-bundle namespace: longhorn-system --- +# Source: longhorn/templates/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: longhorn + namespace: longhorn-system + labels: + app.kubernetes.io/name: longhorn + app.kubernetes.io/instance: longhorn + app.kubernetes.io/version: v1.10.1 +rules: +- apiGroups: [""] + resources: ["pods", "pods/log", "events", "secrets", "services", "endpoints", "configmaps", "serviceaccounts", "persistentvolumeclaims", "persistentvolumeclaims/status"] + verbs: ["*"] +- apiGroups: ["apps"] + resources: ["daemonsets", "deployments", "statefulsets", "replicasets"] + verbs: ["*"] +- apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["*"] +- apiGroups: ["policy"] + resources: ["poddisruptionbudgets"] + verbs: ["*"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["*"] +- apiGroups: ["rbac.authorization.k8s.io"] + resources: ["roles", "rolebindings"] + verbs: ["*"] +- apiGroups: ["discovery.k8s.io"] + resources: ["endpointslices"] + verbs: ["*"] +--- +# Source: longhorn/templates/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: longhorn + namespace: longhorn-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: longhorn +subjects: +- kind: ServiceAccount + name: longhorn-service-account + namespace: longhorn-system +--- # Source: longhorn/templates/daemonset-sa.yaml apiVersion: v1 kind: Service @@ -3717,13 +4141,12 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 app: longhorn-manager name: longhorn-backend namespace: longhorn-system spec: type: ClusterIP - sessionAffinity: ClientIP selector: app: longhorn-manager ports: @@ -3738,7 +4161,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 app: longhorn-ui name: longhorn-frontend namespace: longhorn-system @@ -3759,39 +4182,17 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 - app: longhorn-conversion-webhook - name: longhorn-conversion-webhook - namespace: longhorn-system -spec: - type: ClusterIP - sessionAffinity: ClientIP - selector: - app: longhorn-conversion-webhook - ports: - - name: conversion-webhook - port: 9443 - targetPort: conversion-wh ---- -# Source: longhorn/templates/services.yaml -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/name: longhorn - app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 app: longhorn-admission-webhook name: longhorn-admission-webhook namespace: longhorn-system spec: type: ClusterIP - sessionAffinity: ClientIP selector: - app: longhorn-admission-webhook + longhorn.io/admission-webhook: longhorn-admission-webhook ports: - name: admission-webhook - port: 9443 + port: 9502 targetPort: admission-wh --- # Source: longhorn/templates/services.yaml @@ -3801,52 +4202,19 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 app: longhorn-recovery-backend name: longhorn-recovery-backend namespace: longhorn-system spec: type: ClusterIP - sessionAffinity: ClientIP selector: - app: longhorn-recovery-backend + longhorn.io/recovery-backend: longhorn-recovery-backend ports: - name: recovery-backend - port: 9600 + port: 9503 targetPort: recov-backend --- -# Source: longhorn/templates/services.yaml -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/name: longhorn - app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 - name: longhorn-engine-manager - namespace: longhorn-system -spec: - clusterIP: None - selector: - longhorn.io/component: instance-manager - longhorn.io/instance-manager-type: engine ---- -# Source: longhorn/templates/services.yaml -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/name: longhorn - app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 - name: longhorn-replica-manager - namespace: longhorn-system -spec: - clusterIP: None - selector: - longhorn.io/component: instance-manager - longhorn.io/instance-manager-type: replica ---- # Source: longhorn/templates/daemonset-sa.yaml apiVersion: apps/v1 kind: DaemonSet @@ -3854,7 +4222,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 app: longhorn-manager name: longhorn-manager namespace: longhorn-system @@ -3867,16 +4235,12 @@ spec: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 app: longhorn-manager spec: - initContainers: - - name: wait-longhorn-admission-webhook - image: longhornio/longhorn-manager:v1.4.0 - command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" -k https://longhorn-admission-webhook:9443/v1/healthz) != "200" ]; do echo waiting; sleep 2; done'] containers: - name: longhorn-manager - image: longhornio/longhorn-manager:v1.4.0 + image: rancher/mirrored-longhornio-longhorn-manager:v1.10.1 imagePullPolicy: IfNotPresent securityContext: privileged: true @@ -3885,36 +4249,54 @@ spec: - -d - daemon - --engine-image - - "longhornio/longhorn-engine:v1.4.0" + - "rancher/mirrored-longhornio-longhorn-engine:v1.10.1" - --instance-manager-image - - "longhornio/longhorn-instance-manager:v1.4.0" + - "rancher/mirrored-longhornio-longhorn-instance-manager:v1.10.1" - --share-manager-image - - "longhornio/longhorn-share-manager:v1.4.0" + - "rancher/mirrored-longhornio-longhorn-share-manager:v1.10.1" - --backing-image-manager-image - - "longhornio/backing-image-manager:v1.4.0" + - "rancher/mirrored-longhornio-backing-image-manager:v1.10.1" - --support-bundle-manager-image - - "longhornio/support-bundle-kit:v0.0.17" + - "rancher/mirrored-longhornio-support-bundle-kit:v0.0.71" - --manager-image - - "longhornio/longhorn-manager:v1.4.0" + - "rancher/mirrored-longhornio-longhorn-manager:v1.10.1" - --service-account - longhorn-service-account + - --upgrade-version-check ports: - containerPort: 9500 name: manager + - containerPort: 9502 + name: admission-wh + - containerPort: 9503 + name: recov-backend readinessProbe: - tcpSocket: - port: 9500 + httpGet: + path: /v1/healthz + port: 9502 + scheme: HTTPS volumeMounts: + - name: boot + mountPath: /host/boot/ + readOnly: true - name: dev mountPath: /host/dev/ - name: proc mountPath: /host/proc/ + readOnly: true + - name: etc + mountPath: /host/etc/ + readOnly: true - name: longhorn mountPath: /var/lib/longhorn/ mountPropagation: Bidirectional - name: longhorn-grpc-tls mountPath: /tls-files/ env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: @@ -3927,13 +4309,23 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName + - name: pre-pull-share-manager-image + imagePullPolicy: IfNotPresent + image: rancher/mirrored-longhornio-longhorn-share-manager:v1.10.1 + command: ["sh", "-c", "echo share-manager image pulled && sleep infinity"] volumes: + - name: boot + hostPath: + path: /boot/ - name: dev hostPath: path: /dev/ - name: proc hostPath: path: /proc/ + - name: etc + hostPath: + path: /etc/ - name: longhorn hostPath: path: /var/lib/longhorn/ @@ -3941,6 +4333,7 @@ spec: secret: secretName: longhorn-grpc-tls optional: true + priorityClassName: "longhorn-critical" serviceAccountName: longhorn-service-account updateStrategy: rollingUpdate: @@ -3955,7 +4348,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 spec: replicas: 1 selector: @@ -3966,23 +4359,23 @@ spec: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 app: longhorn-driver-deployer spec: initContainers: - name: wait-longhorn-manager - image: longhornio/longhorn-manager:v1.4.0 + image: rancher/mirrored-longhornio-longhorn-manager:v1.10.1 command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done'] containers: - name: longhorn-driver-deployer - image: longhornio/longhorn-manager:v1.4.0 + image: rancher/mirrored-longhornio-longhorn-manager:v1.10.1 imagePullPolicy: IfNotPresent command: - longhorn-manager - -d - deploy-driver - --manager-image - - "longhornio/longhorn-manager:v1.4.0" + - "rancher/mirrored-longhornio-longhorn-manager:v1.10.1" - --manager-url - http://longhorn-backend:9500/v1 env: @@ -3999,87 +4392,22 @@ spec: fieldRef: fieldPath: spec.serviceAccountName - name: CSI_ATTACHER_IMAGE - value: "longhornio/csi-attacher:v3.4.0" + value: "rancher/mirrored-longhornio-csi-attacher:v4.10.0-20251030" - name: CSI_PROVISIONER_IMAGE - value: "longhornio/csi-provisioner:v2.1.2" + value: "rancher/mirrored-longhornio-csi-provisioner:v5.3.0-20251030" - name: CSI_NODE_DRIVER_REGISTRAR_IMAGE - value: "longhornio/csi-node-driver-registrar:v2.5.0" + value: "rancher/mirrored-longhornio-csi-node-driver-registrar:v2.15.0-20251030" - name: CSI_RESIZER_IMAGE - value: "longhornio/csi-resizer:v1.3.0" + value: "rancher/mirrored-longhornio-csi-resizer:v1.14.0-20251030" - name: CSI_SNAPSHOTTER_IMAGE - value: "longhornio/csi-snapshotter:v5.0.1" + value: "rancher/mirrored-longhornio-csi-snapshotter:v8.4.0-20251030" - name: CSI_LIVENESS_PROBE_IMAGE - value: "longhornio/livenessprobe:v2.8.0" + value: "rancher/mirrored-longhornio-livenessprobe:v2.17.0-20251030" + priorityClassName: "longhorn-critical" serviceAccountName: longhorn-service-account securityContext: runAsUser: 0 --- -# Source: longhorn/templates/deployment-recovery-backend.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/name: longhorn - app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 - app: longhorn-recovery-backend - name: longhorn-recovery-backend - namespace: longhorn-system -spec: - replicas: 2 - selector: - matchLabels: - app: longhorn-recovery-backend - template: - metadata: - labels: - app.kubernetes.io/name: longhorn - app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 - app: longhorn-recovery-backend - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - longhorn-recovery-backend - topologyKey: kubernetes.io/hostname - containers: - - name: longhorn-recovery-backend - image: longhornio/longhorn-manager:v1.4.0 - imagePullPolicy: IfNotPresent - securityContext: - runAsUser: 2000 - command: - - longhorn-manager - - recovery-backend - - --service-account - - longhorn-service-account - ports: - - containerPort: 9600 - name: recov-backend - readinessProbe: - tcpSocket: - port: 9600 - initialDelaySeconds: 3 - periodSeconds: 5 - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - serviceAccountName: longhorn-service-account ---- # Source: longhorn/templates/deployment-ui.yaml apiVersion: apps/v1 kind: Deployment @@ -4087,7 +4415,7 @@ metadata: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 app: longhorn-ui name: longhorn-ui namespace: longhorn-system @@ -4101,14 +4429,14 @@ spec: labels: app.kubernetes.io/name: longhorn app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 + app.kubernetes.io/version: v1.10.1 app: longhorn-ui spec: + serviceAccountName: longhorn-ui-service-account affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: + - podAffinityTerm: labelSelector: matchExpressions: - key: app @@ -4116,14 +4444,15 @@ spec: values: - longhorn-ui topologyKey: kubernetes.io/hostname + weight: 1 containers: - name: longhorn-ui - image: longhornio/longhorn-ui:v1.4.0 + image: rancher/mirrored-longhornio-longhorn-ui:v1.10.1 imagePullPolicy: IfNotPresent volumeMounts: - - name : nginx-cache + - name: nginx-cache mountPath: /var/cache/nginx/ - - name : nginx-config + - name: nginx-config mountPath: /var/config/nginx/ - name: var-run mountPath: /var/run/ @@ -4142,134 +4471,7 @@ spec: name: nginx-config - emptyDir: {} name: var-run + priorityClassName: "longhorn-critical" --- -# Source: longhorn/templates/deployment-webhook.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/name: longhorn - app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 - app: longhorn-conversion-webhook - name: longhorn-conversion-webhook - namespace: longhorn-system -spec: - replicas: 2 - selector: - matchLabels: - app: longhorn-conversion-webhook - template: - metadata: - labels: - app.kubernetes.io/name: longhorn - app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 - app: longhorn-conversion-webhook - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - longhorn-conversion-webhook - topologyKey: kubernetes.io/hostname - containers: - - name: longhorn-conversion-webhook - image: longhornio/longhorn-manager:v1.4.0 - imagePullPolicy: IfNotPresent - securityContext: - runAsUser: 2000 - command: - - longhorn-manager - - conversion-webhook - - --service-account - - longhorn-service-account - ports: - - containerPort: 9443 - name: conversion-wh - readinessProbe: - tcpSocket: - port: 9443 - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - serviceAccountName: longhorn-service-account ---- -# Source: longhorn/templates/deployment-webhook.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/name: longhorn - app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 - app: longhorn-admission-webhook - name: longhorn-admission-webhook - namespace: longhorn-system -spec: - replicas: 2 - selector: - matchLabels: - app: longhorn-admission-webhook - template: - metadata: - labels: - app.kubernetes.io/name: longhorn - app.kubernetes.io/instance: longhorn - app.kubernetes.io/version: v1.4.0 - app: longhorn-admission-webhook - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - longhorn-admission-webhook - topologyKey: kubernetes.io/hostname - initContainers: - - name: wait-longhorn-conversion-webhook - image: longhornio/longhorn-manager:v1.4.0 - command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" -k https://longhorn-conversion-webhook:9443/v1/healthz) != "200" ]; do echo waiting; sleep 2; done'] - imagePullPolicy: IfNotPresent - securityContext: - runAsUser: 2000 - containers: - - name: longhorn-admission-webhook - image: longhornio/longhorn-manager:v1.4.0 - imagePullPolicy: IfNotPresent - securityContext: - runAsUser: 2000 - command: - - longhorn-manager - - admission-webhook - - --service-account - - longhorn-service-account - ports: - - containerPort: 9443 - name: admission-wh - readinessProbe: - tcpSocket: - port: 9443 - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - serviceAccountName: longhorn-service-account +# Source: longhorn/templates/validate-psp-install.yaml +# diff --git a/tests/integration/secretsencryption/secretsencryption_int_test.go b/tests/integration/secretsencryption/secretsencryption_int_test.go index 30126a77ac8a..9d673b4153eb 100644 --- a/tests/integration/secretsencryption/secretsencryption_int_test.go +++ b/tests/integration/secretsencryption/secretsencryption_int_test.go @@ -154,6 +154,8 @@ var _ = AfterSuite(func() { if !testutil.IsExistingServer() { if failed { testutil.K3sSaveLog(secretsEncryptionServer, false) + testutil.K3sCopyPodLogs(secretsEncryptionServer) + testutil.K3sDumpResources(secretsEncryptionServer, "node", "pod", "pvc", "pv") } Expect(testutil.K3sKillServer(secretsEncryptionServer)).To(Succeed()) Expect(testutil.K3sCleanup(testLock, secretsEncryptionDataDir)).To(Succeed()) diff --git a/tests/integration/startup/startup_int_test.go b/tests/integration/startup/startup_int_test.go index 19f305f333ed..53c5f92c5e44 100644 --- a/tests/integration/startup/startup_int_test.go +++ b/tests/integration/startup/startup_int_test.go @@ -455,6 +455,8 @@ var _ = AfterSuite(func() { if !testutil.IsExistingServer() { if failed { testutil.K3sSaveLog(startupServer, false) + testutil.K3sCopyPodLogs(startupServer) + testutil.K3sDumpResources(startupServer, "node", "pod", "pvc", "pv") Expect(testutil.K3sKillServer(startupServer)).To(Succeed()) } Expect(testutil.K3sCleanup(testLock, "")).To(Succeed()) From bbae258a76b7f379ef868049f2669e16b1eea1ee Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Wed, 7 Jan 2026 19:51:14 +0000 Subject: [PATCH 46/48] Bump kine for NATS conformance fixes Includes the long-awaited fixes from * https://github.com/k3s-io/kine/pull/549 Signed-off-by: Brad Davidson (cherry picked from commit 8c3587dfbc7ed1cd7f9ddb274cfafbc568a56de5) Signed-off-by: Brad Davidson --- go.mod | 12 ++++++------ go.sum | 24 ++++++++++++------------ 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/go.mod b/go.mod index c58bc2fb4556..0cd984d7d5de 100644 --- a/go.mod +++ b/go.mod @@ -112,7 +112,7 @@ require ( github.com/json-iterator/go v1.1.12 github.com/k3s-io/api v0.1.4 github.com/k3s-io/helm-controller v0.16.17 - github.com/k3s-io/kine v0.14.9 + github.com/k3s-io/kine v0.14.10 github.com/klauspost/compress v1.18.2 github.com/libp2p/go-libp2p v0.46.0 github.com/minio/minio-go/v7 v7.0.91 @@ -328,7 +328,7 @@ require ( github.com/jackc/pgerrcode v0.0.0-20240316143900-6e2875d9b438 // indirect github.com/jackc/pgpassfile v1.0.0 // indirect github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect - github.com/jackc/pgx/v5 v5.7.6 // indirect + github.com/jackc/pgx/v5 v5.8.0 // indirect github.com/jackc/puddle/v2 v2.2.2 // indirect github.com/jackpal/go-nat-pmp v1.0.2 // indirect github.com/jbenet/go-temp-err-catcher v0.1.0 // indirect @@ -357,7 +357,7 @@ require ( github.com/mailru/easyjson v0.9.1 // indirect github.com/marten-seemann/tcp v0.0.0-20210406111302-dfbc87cc63fd // indirect github.com/mattn/go-isatty v0.0.20 // indirect - github.com/mattn/go-sqlite3 v1.14.32 // indirect + github.com/mattn/go-sqlite3 v1.14.33 // indirect github.com/mdlayher/genetlink v1.3.2 // indirect github.com/mdlayher/netlink v1.7.2 // indirect github.com/mdlayher/socket v0.5.1 // indirect @@ -367,7 +367,7 @@ require ( github.com/mikioh/tcpinfo v0.0.0-20190314235526-30a79bb1804b // indirect github.com/mikioh/tcpopt v0.0.0-20190314235656-172688c1accc // indirect github.com/minio/crc64nvme v1.0.1 // indirect - github.com/minio/highwayhash v1.0.3 // indirect + github.com/minio/highwayhash v1.0.4-0.20251030100505-070ab1a87a76 // indirect github.com/minio/md5-simd v1.1.2 // indirect github.com/minio/sha256-simd v1.0.1 // indirect github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible // indirect @@ -403,8 +403,8 @@ require ( github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect github.com/nats-io/jsm.go v0.3.0 // indirect github.com/nats-io/jwt/v2 v2.8.0 // indirect - github.com/nats-io/nats-server/v2 v2.12.0 // indirect - github.com/nats-io/nats.go v1.46.1 // indirect + github.com/nats-io/nats-server/v2 v2.12.2 // indirect + github.com/nats-io/nats.go v1.48.0 // indirect github.com/nats-io/nkeys v0.4.11 // indirect github.com/nats-io/nuid v1.0.1 // indirect github.com/opencontainers/runc v1.3.3 // indirect diff --git a/go.sum b/go.sum index b96e03b56f35..741c20c8a1bf 100644 --- a/go.sum +++ b/go.sum @@ -760,8 +760,8 @@ github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsI github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg= github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo= github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM= -github.com/jackc/pgx/v5 v5.7.6 h1:rWQc5FwZSPX58r1OQmkuaNicxdmExaEz5A2DO2hUuTk= -github.com/jackc/pgx/v5 v5.7.6/go.mod h1:aruU7o91Tc2q2cFp5h4uP3f6ztExVpyVv88Xl/8Vl8M= +github.com/jackc/pgx/v5 v5.8.0 h1:TYPDoleBBme0xGSAX3/+NujXXtpZn9HBONkQC7IEZSo= +github.com/jackc/pgx/v5 v5.8.0/go.mod h1:QVeDInX2m9VyzvNeiCJVjCkNFqzsNb43204HshNSZKw= github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo= github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4= github.com/jackpal/go-nat-pmp v1.0.2 h1:KzKSgb7qkJvOUTqYl9/Hg/me3pWgBmERKrTGD7BdWus= @@ -816,8 +816,8 @@ github.com/k3s-io/etcd/server/v3 v3.5.25-k3s2 h1:fA49dggKVMAc2AM3Tq8hK146dRkkSua github.com/k3s-io/etcd/server/v3 v3.5.25-k3s2/go.mod h1:FEA8m9ioIsPieWqKOvzDf6bD/GeiQA0flsN3Ho/Errw= github.com/k3s-io/helm-controller v0.16.17 h1:VXMmXQmmTB49x6bnN/PsJUTVKHb0r69b+SffIDUTMTM= github.com/k3s-io/helm-controller v0.16.17/go.mod h1:jmrgGttLQbh2yB1kcf9XFAigNW6U8oWCswCSuEjkxXU= -github.com/k3s-io/kine v0.14.9 h1:R4ZOeATGnDuwQ0fmY1bwQNVPDLowfpG15/pjh/hf1T8= -github.com/k3s-io/kine v0.14.9/go.mod h1:G5pk9p9X852nn5etr62KqI7CW2vYR2g6kKAmXJhYaU4= +github.com/k3s-io/kine v0.14.10 h1:Idq6sqoG81cvfqBqYOCu/gN+hPhEWFyzU8qt7A/FQNM= +github.com/k3s-io/kine v0.14.10/go.mod h1:NCot94nTw7DBEAAcsGStJ4osFLGht/2VSald1sQW/E0= github.com/k3s-io/klog/v2 v2.120.1-k3s1 h1:7twAHPFpZA21KdMnMNnj68STQMPldAxF2Zsaol57dxw= github.com/k3s-io/klog/v2 v2.120.1-k3s1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= github.com/k3s-io/kube-router/v2 v2.6.3-k3s1 h1:RZjUBIuitXCuYoCzm1aM6p5EgQFC5k3N72j4pBIc2j4= @@ -960,8 +960,8 @@ github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= -github.com/mattn/go-sqlite3 v1.14.32 h1:JD12Ag3oLy1zQA+BNn74xRgaBbdhbNIDYvQUEuuErjs= -github.com/mattn/go-sqlite3 v1.14.32/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= +github.com/mattn/go-sqlite3 v1.14.33 h1:A5blZ5ulQo2AtayQ9/limgHEkFreKj1Dv226a1K73s0= +github.com/mattn/go-sqlite3 v1.14.33/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= github.com/mdlayher/genetlink v1.3.2 h1:KdrNKe+CTu+IbZnm/GVUMXSqBBLqcGpRDa0xkQy56gw= github.com/mdlayher/genetlink v1.3.2/go.mod h1:tcC3pkCrPUGIKKsCsp0B3AdaaKuHtaxoJRz3cc+528o= github.com/mdlayher/netlink v1.7.2 h1:/UtM3ofJap7Vl4QWCPDGXY8d3GIY2UGSDbK+QWmY8/g= @@ -987,8 +987,8 @@ github.com/minio/blake2b-simd v0.0.0-20160723061019-3f5f724cb5b1/go.mod h1:pD8Rv github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8IeTMnF8JTXieKnO4Z6JCsikNEzj0DwauVzE= github.com/minio/crc64nvme v1.0.1 h1:DHQPrYPdqK7jQG/Ls5CTBZWeex/2FMS3G5XGkycuFrY= github.com/minio/crc64nvme v1.0.1/go.mod h1:eVfm2fAzLlxMdUGc0EEBGSMmPwmXD5XiNRpnu9J3bvg= -github.com/minio/highwayhash v1.0.3 h1:kbnuUMoHYyVl7szWjSxJnxw11k2U709jqFPPmIUyD6Q= -github.com/minio/highwayhash v1.0.3/go.mod h1:GGYsuwP/fPD6Y9hMiXuapVvlIUEhFhMTh0rxU3ik1LQ= +github.com/minio/highwayhash v1.0.4-0.20251030100505-070ab1a87a76 h1:KGuD/pM2JpL9FAYvBrnBBeENKZNh6eNtjqytV6TYjnk= +github.com/minio/highwayhash v1.0.4-0.20251030100505-070ab1a87a76/go.mod h1:GGYsuwP/fPD6Y9hMiXuapVvlIUEhFhMTh0rxU3ik1LQ= github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34= github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM= github.com/minio/minio-go/v7 v7.0.91 h1:tWLZnEfo3OZl5PoXQwcwTAPNNrjyWwOh6cbZitW5JQc= @@ -1080,10 +1080,10 @@ github.com/nats-io/jsm.go v0.3.0 h1:fl0yZtK6U+kkAQ/mm5AXzRGHwJa35j2E+aopCcebfgU= github.com/nats-io/jsm.go v0.3.0/go.mod h1:PLObK5L+Vcq1GGGJY3DfrFs8QaSDuWF0co81sEHdFcg= github.com/nats-io/jwt/v2 v2.8.0 h1:K7uzyz50+yGZDO5o772eRE7atlcSEENpL7P+b74JV1g= github.com/nats-io/jwt/v2 v2.8.0/go.mod h1:me11pOkwObtcBNR8AiMrUbtVOUGkqYjMQZ6jnSdVUIA= -github.com/nats-io/nats-server/v2 v2.12.0 h1:OIwe8jZUqJFrh+hhiyKu8snNib66qsx806OslqJuo74= -github.com/nats-io/nats-server/v2 v2.12.0/go.mod h1:nr8dhzqkP5E/lDwmn+A2CvQPMd1yDKXQI7iGg3lAvww= -github.com/nats-io/nats.go v1.46.1 h1:bqQ2ZcxVd2lpYI97xYASeRTY3I5boe/IVmuUDPitHfo= -github.com/nats-io/nats.go v1.46.1/go.mod h1:iRWIPokVIFbVijxuMQq4y9ttaBTMe0SFdlZfMDd+33g= +github.com/nats-io/nats-server/v2 v2.12.2 h1:4TEQd0Y4zvcW0IsVxjlXnRso1hBkQl3TS0BI+SxgPhE= +github.com/nats-io/nats-server/v2 v2.12.2/go.mod h1:j1AAttYeu7WnvD8HLJ+WWKNMSyxsqmZ160pNtCQRMyE= +github.com/nats-io/nats.go v1.48.0 h1:pSFyXApG+yWU/TgbKCjmm5K4wrHu86231/w84qRVR+U= +github.com/nats-io/nats.go v1.48.0/go.mod h1:iRWIPokVIFbVijxuMQq4y9ttaBTMe0SFdlZfMDd+33g= github.com/nats-io/nkeys v0.4.11 h1:q44qGV008kYd9W1b1nEBkNzvnWxtRSQ7A8BoqRrcfa0= github.com/nats-io/nkeys v0.4.11/go.mod h1:szDimtgmfOi9n25JpfIdGw12tZFYXqhGxjhVxsatHVE= github.com/nats-io/nuid v1.0.1 h1:5iA8DT8V7q8WK2EScv2padNa/rTESc1KdnPw4TC2paw= From 30cda5ee961b9cdf0d30a09546da5113af2e38f1 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Fri, 9 Jan 2026 18:41:27 +0000 Subject: [PATCH 47/48] Fix setup-go cache issues * Move cleanup earlier, to prevent running out of space when restoring caches * Consistently use local setup-go action to avoid saving cache on PR runs * Update local setup-go action Signed-off-by: Brad Davidson (cherry picked from commit 358c8cc00fdb534da771c997e6030208683ac9cd) Signed-off-by: Brad Davidson --- .github/actions/setup-go/action.yaml | 31 ++++++++--- .github/workflows/e2e.yaml | 74 +++++++++++++------------- .github/workflows/install.yaml | 37 ++++++------- .github/workflows/integration.yaml | 23 ++++---- .github/workflows/nightly-install.yaml | 25 ++++----- .github/workflows/updatecli.yaml | 6 +-- .github/workflows/validate.yaml | 22 +++++++- 7 files changed, 128 insertions(+), 90 deletions(-) diff --git a/.github/actions/setup-go/action.yaml b/.github/actions/setup-go/action.yaml index bc636b4bb837..1fd2551d6bef 100644 --- a/.github/actions/setup-go/action.yaml +++ b/.github/actions/setup-go/action.yaml @@ -1,15 +1,30 @@ -name: 'Setup golang with main only caching' +name: 'Setup Go with Limited Cache' description: 'A composite action that installs golang, but with a caching strategy that only updates the cache on main branch.' +inputs: + go-version: + description: 'The Go version to download (if necessary) and use. Supports semver spec and ranges. Be sure to enclose this option in single quotation marks.' + default: '' + runs: using: 'composite' steps: - - uses: actions/setup-go@v5 + - name: Find Latest Release Branch + shell: bash + run: | + LATEST_RELEASE_BRANCH=$(gh api repos/k3s-io/k3s/branches?per_page=100 --jq '[.[].name | select(startswith("release-"))] | sort_by(ltrimstr("release-") | tonumber) | last') + echo "LATEST_RELEASE_REF=refs/heads/$LATEST_RELEASE_BRANCH" | tee -a "$GITHUB_ENV" + env: + GH_TOKEN: ${{ github.token }} + + - name: Setup Go + uses: actions/setup-go@v6 with: - go-version-file: 'go.mod' # Just use whatever version is in the go.mod file - cache: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/release-1.32' }} + go-version: ${{ env.INPUT_GO_VERSION }} + go-version-file: 'go.mod' # if go-version is not set, just use whatever version is in the go.mod file + cache: ${{ github.ref == 'refs/heads/main' || github.ref == env.LATEST_RELEASE_REF }} # use default cache for main and most recent minor - name: Prepare for go cache - if: github.ref != 'refs/heads/main' && github.ref != 'refs/heads/release-1.32' + if: github.ref != 'refs/heads/main' && github.ref != env.LATEST_RELEASE_REF # use custom cache for older minors shell: bash run: | echo "GO_CACHE=$(go env GOCACHE)" | tee -a "$GITHUB_ENV" @@ -17,8 +32,8 @@ runs: echo "GO_VERSION=$(go env GOVERSION | tr -d 'go')" | tee -a "$GITHUB_ENV" - name: Setup read-only cache - if: github.ref != 'refs/heads/main' && github.ref != 'refs/heads/release-1.32' - uses: actions/cache/restore@v4 + if: github.ref != 'refs/heads/main' && github.ref != env.LATEST_RELEASE_REF # use custom cache for older minors + uses: actions/cache/restore@v5 with: path: | ${{ env.GO_MODCACHE }} @@ -26,4 +41,4 @@ runs: # Match the cache key to the setup-go action https://github.com/actions/setup-go/blob/main/src/cache-restore.ts#L34 key: setup-go-${{ runner.os }}-${{ env.ImageOS }}-go-${{ env.GO_VERSION }}-${{ hashFiles('go.sum') }} restore-keys: | - setup-go-${{ runner.os }}- \ No newline at end of file + setup-go-${{ runner.os }}- diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index bf5bd5cc41a4..fe3fdda85af8 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -54,6 +54,25 @@ jobs: etest: [btrfs, embeddedmirror, externalip, privateregistry, rootless, s3, startup, wasm, multus] max-parallel: 5 steps: + - name: Remove Unnecessary Tools + working-directory: / + run: | + sudo rm -rf \ + /home/linuxbrew \ + /home/packer \ + /opt/az \ + /opt/microsoft \ + /usr/lib/firefox \ + /usr/lib/google-cloud-sdk \ + /usr/local/julia* \ + /usr/local/share/boost \ + /usr/local/share/chromium \ + /usr/local/share/powershell \ + /usr/share/az* \ + /usr/share/dotnet \ + /usr/share/miniconda \ + /usr/share/swift + df -khl - name: "Checkout" uses: actions/checkout@v6 with: {fetch-depth: 1} @@ -92,24 +111,6 @@ jobs: with: name: k3s-amd64 path: ./dist/artifacts - - name: Remove Unnecessary Tools - run: | - sudo rm -rf \ - /home/linuxbrew \ - /home/packer \ - /opt/az \ - /opt/microsoft \ - /usr/lib/firefox \ - /usr/lib/google-cloud-sdk \ - /usr/local/julia* \ - /usr/local/share/boost \ - /usr/local/share/chromium \ - /usr/local/share/powershell \ - /usr/share/az* \ - /usr/share/dotnet \ - /usr/share/miniconda \ - /usr/share/swift - df -khl - name: Run ${{ matrix.etest }} Test env: E2E_GOCOVER: "true" @@ -202,6 +203,25 @@ jobs: env: CHANNEL: ${{ needs.build-go-tests.outputs.channel }} steps: + - name: Remove Unnecessary Tools + working-directory: / + run: | + sudo rm -rf \ + /home/linuxbrew \ + /home/packer \ + /opt/az \ + /opt/microsoft \ + /usr/lib/firefox \ + /usr/lib/google-cloud-sdk \ + /usr/local/julia* \ + /usr/local/share/boost \ + /usr/local/share/chromium \ + /usr/local/share/powershell \ + /usr/share/az* \ + /usr/share/dotnet \ + /usr/share/miniconda \ + /usr/share/swift + df -khl - name: Checkout uses: actions/checkout@v6 - name: "Download K3s image" @@ -229,24 +249,6 @@ jobs: with: name: docker-go-tests-${{ matrix.arch }} path: ./dist/artifacts - - name: Remove Unnecessary Tools - run: | - sudo rm -rf \ - /home/linuxbrew \ - /home/packer \ - /opt/az \ - /opt/microsoft \ - /usr/lib/firefox \ - /usr/lib/google-cloud-sdk \ - /usr/local/julia* \ - /usr/local/share/boost \ - /usr/local/share/chromium \ - /usr/local/share/powershell \ - /usr/share/az* \ - /usr/share/dotnet \ - /usr/share/miniconda \ - /usr/share/swift - df -khl - name: Run ${{ matrix.dtest }} Test # Put the compiled test binary back in the same place as the test source run: | diff --git a/.github/workflows/install.yaml b/.github/workflows/install.yaml index 0e5e4251162d..d93db9109a74 100644 --- a/.github/workflows/install.yaml +++ b/.github/workflows/install.yaml @@ -38,25 +38,8 @@ jobs: env: INSTALL_K3S_SKIP_DOWNLOAD: binary steps: - - name: "Checkout" - uses: actions/checkout@v6 - with: {fetch-depth: 1} - - name: Set up vagrant and libvirt - uses: ./.github/actions/vagrant-setup - - name: "Vagrant Cache" - uses: actions/cache@v5 - with: - path: | - ~/.vagrant.d/boxes - key: vagrant-box-${{ matrix.vm }} - - name: "Vagrant Plugin(s)" - run: vagrant plugin install vagrant-k3s vagrant-reload vagrant-scp - - name: "Download k3s binary" - uses: actions/download-artifact@v7 - with: - name: k3s-amd64 - path: tests/install/${{ matrix.vm }} - name: Remove Unnecessary Tools + working-directory: / run: | sudo rm -rf \ /home/linuxbrew \ @@ -74,6 +57,24 @@ jobs: /usr/share/miniconda \ /usr/share/swift df -khl + - name: "Checkout" + uses: actions/checkout@v6 + with: {fetch-depth: 1} + - name: Set up vagrant and libvirt + uses: ./.github/actions/vagrant-setup + - name: "Vagrant Cache" + uses: actions/cache@v5 + with: + path: | + ~/.vagrant.d/boxes + key: vagrant-box-${{ matrix.vm }} + - name: "Vagrant Plugin(s)" + run: vagrant plugin install vagrant-k3s vagrant-reload vagrant-scp + - name: "Download k3s binary" + uses: actions/download-artifact@v7 + with: + name: k3s-amd64 + path: tests/install/${{ matrix.vm }} - name: "Vagrant Up" run: vagrant up --no-tty --no-provision - name: "Upload k3s binary to VM" diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml index aa592e1ad7d7..c5c7c30cfcbf 100644 --- a/.github/workflows/integration.yaml +++ b/.github/workflows/integration.yaml @@ -47,18 +47,8 @@ jobs: itest: [certrotation, cacertrotation, etcdrestore, localstorage, startup, custometcdargs, etcdsnapshot, kubeflags, longhorn, secretsencryption, flannelnone] max-parallel: 3 steps: - - name: Checkout - uses: actions/checkout@v6 - with: - fetch-depth: 1 - - name: Install Go - uses: ./.github/actions/setup-go - - name: "Download k3s binary" - uses: actions/download-artifact@v7 - with: - name: k3s-amd64 - path: ./dist/artifacts - name: Remove Unnecessary Tools + working-directory: / run: | sudo rm -rf \ /home/linuxbrew \ @@ -76,6 +66,17 @@ jobs: /usr/share/miniconda \ /usr/share/swift df -khl + - name: Checkout + uses: actions/checkout@v6 + with: + fetch-depth: 1 + - name: Install Go + uses: ./.github/actions/setup-go + - name: "Download k3s binary" + uses: actions/download-artifact@v7 + with: + name: k3s-amd64 + path: ./dist/artifacts - name: Run Integration Tests run: | chmod +x ./dist/artifacts/k3s diff --git a/.github/workflows/nightly-install.yaml b/.github/workflows/nightly-install.yaml index 11f79f370b63..8c778a1cf20e 100644 --- a/.github/workflows/nightly-install.yaml +++ b/.github/workflows/nightly-install.yaml @@ -24,19 +24,8 @@ jobs: env: INSTALL_K3S_CHANNEL: ${{ matrix.channel }} steps: - - name: "Checkout" - uses: actions/checkout@v6 - with: {fetch-depth: 1} - - name: Set up vagrant and libvirt - uses: ./.github/actions/vagrant-setup - - name: "Vagrant Cache" - uses: actions/cache@v5 - with: - path: | - ~/.vagrant.d/boxes - key: vagrant-box-${{ matrix.vm }} - id: vagrant-cache - name: Remove Unnecessary Tools + working-directory: / run: | sudo rm -rf \ /home/linuxbrew \ @@ -54,6 +43,18 @@ jobs: /usr/share/miniconda \ /usr/share/swift df -khl + - name: "Checkout" + uses: actions/checkout@v6 + with: {fetch-depth: 1} + - name: Set up vagrant and libvirt + uses: ./.github/actions/vagrant-setup + - name: "Vagrant Cache" + uses: actions/cache@v5 + with: + path: | + ~/.vagrant.d/boxes + key: vagrant-box-${{ matrix.vm }} + id: vagrant-cache - name: "Vagrant Plugin(s)" run: vagrant plugin install vagrant-k3s vagrant-reload - name: "Vagrant Up ⏩ Install K3s" diff --git a/.github/workflows/updatecli.yaml b/.github/workflows/updatecli.yaml index bb8af4d84b32..5d878bf0731d 100644 --- a/.github/workflows/updatecli.yaml +++ b/.github/workflows/updatecli.yaml @@ -23,10 +23,8 @@ jobs: uses: actions/checkout@v6 - name: Install Go - uses: actions/setup-go@v6 - with: - go-version: 'stable' - cache: false + uses: ./.github/actions/setup-go + - name: Delete leftover UpdateCLI branches run: | gh pr list --search "is:closed is:pr head:updatecli_" --json headRefName --jq ".[].headRefName" | sort -u > closed_prs_branches.txt diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml index 29c5ddb377f4..1c199f7437d9 100644 --- a/.github/workflows/validate.yaml +++ b/.github/workflows/validate.yaml @@ -20,6 +20,26 @@ jobs: name: Validate runs-on: ubuntu-latest steps: + - name: Remove Unnecessary Tools + working-directory: / + run: | + sudo rm -rf \ + /home/linuxbrew \ + /home/packer \ + /opt/az \ + /opt/microsoft \ + /usr/lib/firefox \ + /usr/lib/google-cloud-sdk \ + /usr/local/julia* \ + /usr/local/share/boost \ + /usr/local/share/chromium \ + /usr/local/share/powershell \ + /usr/share/az* \ + /usr/share/dotnet \ + /usr/share/miniconda \ + /usr/share/swift + df -khl + - name: Set Commit Count run: | echo "GITHUB_CHECKOUT_FETCH_DEPTH=$( expr 1 + ${{ github.event.pull_request.commits }} )" >> "$GITHUB_ENV" @@ -35,7 +55,7 @@ jobs: echo "GOTOOLCHAIN=${VERSION_GOLANG/go}" >> "$GITHUB_ENV" - name: Setup Go - uses: actions/setup-go@v6 + uses: ./.github/actions/setup-go with: go-version: "${{ env.GOTOOLCHAIN }}" From 6210f56578a4cde14d736c2c7a924351e2595413 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Fri, 9 Jan 2026 21:35:17 +0000 Subject: [PATCH 48/48] Remove download/generate from vulncheck This has been broken since july when cb061687d451345c5e8de0afbc2bb71acb0898bc was merged Signed-off-by: Brad Davidson (cherry picked from commit 9307d829bf47d64e354400e2ef9cbe844737b853) Signed-off-by: Brad Davidson --- .github/workflows/govulncheck.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index af27bbcc7b27..3caf262ad700 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -18,10 +18,6 @@ jobs: uses: actions/checkout@v6 - name: Install Go uses: ./.github/actions/setup-go - - name: Go Generate - run: | - ./scripts/download - ./scripts/generate - name: Install govulncheck run: go install golang.org/x/vuln/cmd/govulncheck@latest - name: Run govulncheck