diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml new file mode 100644 index 000000000000..9b7a574a14b9 --- /dev/null +++ b/.github/workflows/trivy.yaml @@ -0,0 +1,49 @@ +name: PR Comment Triggered Trivy Scan + +on: + issue_comment: + types: [created] + +jobs: + trivy_scan: + if: github.event.issue.pull_request && github.event.comment.body == '/trivy' + runs-on: ubuntu-latest + permissions: + pull-requests: write + env: + GH_TOKEN: ${{ github.token }} + steps: + - name: Checkout PR code + uses: actions/checkout@v4 + with: + ref: refs/pull/${{ github.event.issue.number }}/head + + - name: Comment Status on PR + run: | + gh repo set-default ${{ github.repository }} + gh pr comment ${{ github.event.issue.number }} -b ":construction: Running Trivy scan on PR :construction: " + + - name: Build K3s Image + run: | + make local + make package-image + make tag-image-latest + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@0.24.0 + with: + image-ref: 'rancher/k3s:latest' + format: 'table' + severity: "HIGH,CRITICAL" + output: "trivy-report.txt" + + - name: Add Trivy Report to PR + run: | + echo '```' | cat - trivy-report.txt > temp && mv temp trivy-report.txt + echo '```' >> trivy-report.txt + gh issue comment ${{ github.event.issue.number }} --edit-last -F trivy-report.txt + + - name: Report Failure + if: ${{ failure() }} + run: | + gh issue comment ${{ github.event.issue.number }} --edit-last -b ":x: Trivy scan action failed, check logs :x:" diff --git a/go.mod b/go.mod index 5f1c8c5fcb7c..90d26d26f4fc 100644 --- a/go.mod +++ b/go.mod @@ -1,15 +1,15 @@ module github.com/k3s-io/k3s -go 1.22.0 - -toolchain go1.22.2 +go 1.22.4 replace ( - github.com/Microsoft/hcsshim => github.com/Microsoft/hcsshim v0.11.0 + github.com/Microsoft/hcsshim => github.com/Microsoft/hcsshim v0.11.7 github.com/Mirantis/cri-dockerd => github.com/k3s-io/cri-dockerd v0.3.12-k3s1 // k3s/release-1.28 github.com/cloudnativelabs/kube-router/v2 => github.com/k3s-io/kube-router/v2 v2.2.1 - github.com/containerd/containerd => github.com/k3s-io/containerd v1.7.20-k3s1 + github.com/containerd/containerd => github.com/k3s-io/containerd v1.7.21-k3s2 + github.com/containerd/imgcrypt => github.com/containerd/imgcrypt v1.1.11 github.com/distribution/reference => github.com/distribution/reference v0.5.0 + github.com/docker/cli => github.com/docker/cli v27.1.2+incompatible github.com/docker/distribution => github.com/docker/distribution v2.8.3+incompatible github.com/docker/docker => github.com/docker/docker v25.0.6+incompatible github.com/emicklei/go-restful/v3 => github.com/emicklei/go-restful/v3 v3.9.0 @@ -17,7 +17,7 @@ replace ( github.com/googleapis/gax-go/v2 => github.com/googleapis/gax-go/v2 v2.12.0 github.com/kubernetes-sigs/cri-tools => github.com/k3s-io/cri-tools v1.29.0-k3s1 github.com/open-policy-agent/opa => github.com/open-policy-agent/opa v0.59.0 // github.com/Microsoft/hcsshim using bad version v0.42.2 - github.com/opencontainers/runc => github.com/k3s-io/runc v1.1.12-k3s1 + github.com/opencontainers/runc => github.com/k3s-io/runc v1.1.14-k3s1 github.com/opencontainers/selinux => github.com/opencontainers/selinux v1.11.0 github.com/prometheus/client_golang => github.com/prometheus/client_golang v1.18.0 github.com/prometheus/common => github.com/prometheus/common v0.45.0 @@ -78,12 +78,12 @@ replace ( ) require ( - github.com/Microsoft/hcsshim v0.12.3 + github.com/Microsoft/hcsshim v0.12.6 github.com/Mirantis/cri-dockerd v0.0.0-00010101000000-000000000000 github.com/blang/semver/v4 v4.0.0 github.com/cloudnativelabs/kube-router/v2 v2.0.0-00010101000000-000000000000 github.com/containerd/aufs v1.0.0 - github.com/containerd/cgroups/v3 v3.0.2 + github.com/containerd/cgroups/v3 v3.0.3 github.com/containerd/containerd v1.7.16 github.com/containerd/fuse-overlayfs-snapshotter v1.0.8 github.com/containerd/stargz-snapshotter v0.15.1 @@ -107,9 +107,9 @@ require ( github.com/ipfs/go-log/v2 v2.5.1 github.com/joho/godotenv v1.5.1 github.com/json-iterator/go v1.1.12 - github.com/k3s-io/helm-controller v0.15.10 - github.com/k3s-io/kine v0.11.11 - github.com/klauspost/compress v1.17.7 + github.com/k3s-io/helm-controller v0.15.13 + github.com/k3s-io/kine v0.12.0 + github.com/klauspost/compress v1.17.9 github.com/kubernetes-sigs/cri-tools v0.0.0-00010101000000-000000000000 github.com/lib/pq v1.10.2 github.com/libp2p/go-libp2p v0.33.2 @@ -123,7 +123,7 @@ require ( github.com/opencontainers/selinux v1.11.0 github.com/otiai10/copy v1.7.0 github.com/pkg/errors v0.9.1 - github.com/prometheus/client_golang v1.19.1 + github.com/prometheus/client_golang v1.20.1 github.com/prometheus/common v0.55.0 github.com/rancher/dynamiclistener v0.3.6 github.com/rancher/lasso v0.0.0-20240724174736-24ab3dbf26f0 @@ -137,7 +137,7 @@ require ( github.com/spegel-org/spegel v1.0.18 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.9.0 - github.com/urfave/cli v1.22.14 + github.com/urfave/cli v1.22.15 github.com/vishvananda/netlink v1.2.1-beta.2 github.com/yl2chen/cidranger v1.0.2 go.etcd.io/etcd/api/v3 v3.5.15 @@ -204,28 +204,28 @@ require ( github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/chai2010/gettext-go v1.0.2 // indirect github.com/checkpoint-restore/go-criu/v5 v5.3.0 // indirect - github.com/cilium/ebpf v0.9.1 // indirect + github.com/cilium/ebpf v0.11.0 // indirect github.com/container-storage-interface/spec v1.8.0 // indirect github.com/containerd/btrfs/v2 v2.0.0 // indirect github.com/containerd/cgroups v1.1.0 // indirect - github.com/containerd/console v1.0.3 // indirect - github.com/containerd/containerd/api v1.7.19 // indirect + github.com/containerd/console v1.0.4 // indirect + github.com/containerd/containerd/api v1.8.0-rc.3 // indirect github.com/containerd/continuity v0.4.3 // indirect github.com/containerd/errdefs v0.1.0 // indirect github.com/containerd/fifo v1.1.0 // indirect - github.com/containerd/go-cni v1.1.9 // indirect - github.com/containerd/go-runc v1.0.0 // indirect - github.com/containerd/imgcrypt v1.1.8 // indirect + github.com/containerd/go-cni v1.1.10 // indirect + github.com/containerd/go-runc v1.1.0 // indirect + github.com/containerd/imgcrypt v1.2.0-rc1 // indirect github.com/containerd/log v0.1.0 // indirect github.com/containerd/nri v0.6.1 // indirect github.com/containerd/platforms v0.2.1 // indirect github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect github.com/containerd/ttrpc v1.2.5 // indirect github.com/containerd/typeurl v1.0.2 // indirect - github.com/containerd/typeurl/v2 v2.1.1 // indirect - github.com/containernetworking/cni v1.1.2 // indirect + github.com/containerd/typeurl/v2 v2.2.0 // indirect + github.com/containernetworking/cni v1.2.3 // indirect github.com/containernetworking/plugins v1.5.1 // indirect - github.com/containers/ocicrypt v1.1.10 // indirect + github.com/containers/ocicrypt v1.2.0 // indirect github.com/coreos/go-oidc v2.2.1+incompatible // indirect github.com/coreos/go-semver v0.3.1 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect @@ -236,7 +236,7 @@ require ( github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c // indirect github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect github.com/distribution/reference v0.6.0 // indirect - github.com/docker/cli v24.0.7+incompatible // indirect + github.com/docker/cli v27.1.2+incompatible // indirect github.com/docker/distribution v2.8.3+incompatible // indirect github.com/docker/docker-credential-helpers v0.7.0 // indirect github.com/docker/go-connections v0.5.0 // indirect @@ -258,7 +258,7 @@ require ( github.com/fvbommel/sortorder v1.1.0 // indirect github.com/ghodss/yaml v1.0.0 // indirect github.com/go-errors/errors v1.4.2 // indirect - github.com/go-jose/go-jose/v3 v3.0.3 // indirect + github.com/go-jose/go-jose/v4 v4.0.2 // indirect github.com/go-openapi/jsonpointer v0.21.0 // indirect github.com/go-openapi/jsonreference v0.21.0 // indirect github.com/go-openapi/swag v0.23.0 // indirect @@ -289,7 +289,7 @@ require ( github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect - github.com/hanwen/go-fuse/v2 v2.4.0 // indirect + github.com/hanwen/go-fuse/v2 v2.5.1 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect @@ -301,7 +301,7 @@ require ( github.com/huin/goupnp v1.3.0 // indirect github.com/imdario/mergo v0.3.16 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect - github.com/intel/goresctrl v0.3.0 // indirect + github.com/intel/goresctrl v0.7.0 // indirect github.com/ipfs/boxo v0.10.0 // indirect github.com/ipfs/go-cid v0.4.1 // indirect github.com/ipfs/go-datastore v0.6.0 // indirect @@ -363,7 +363,8 @@ require ( github.com/moby/sys/sequential v0.5.0 // indirect github.com/moby/sys/signal v0.7.0 // indirect github.com/moby/sys/symlink v0.2.0 // indirect - github.com/moby/sys/user v0.1.0 // indirect + github.com/moby/sys/user v0.3.0 // indirect + github.com/moby/sys/userns v0.1.0 // indirect github.com/moby/term v0.5.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect @@ -397,7 +398,7 @@ require ( github.com/opentracing/opentracing-go v1.2.0 // indirect github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 // indirect github.com/pelletier/go-toml v1.9.5 // indirect - github.com/pelletier/go-toml/v2 v2.2.2 // indirect + github.com/pelletier/go-toml/v2 v2.2.3 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pierrec/lz4 v2.6.0+incompatible // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect @@ -419,7 +420,7 @@ require ( github.com/spf13/afero v1.11.0 // indirect github.com/spf13/cobra v1.8.0 // indirect github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 // indirect - github.com/stoewer/go-strcase v1.2.0 // indirect + github.com/stoewer/go-strcase v1.3.0 // indirect github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect github.com/syndtr/goleveldb v1.0.0 // indirect github.com/tchap/go-patricia/v2 v2.3.1 // indirect @@ -446,6 +447,7 @@ require ( go.opentelemetry.io/otel v1.28.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.28.0 // indirect go.opentelemetry.io/otel/metric v1.28.0 // indirect go.opentelemetry.io/otel/sdk v1.28.0 // indirect go.opentelemetry.io/otel/trace v1.28.0 // indirect @@ -502,6 +504,6 @@ require ( sigs.k8s.io/kustomize/kustomize/v5 v5.0.4-0.20230601165947-6ce0bf390ce3 // indirect sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect - tags.cncf.io/container-device-interface v0.7.2 // indirect - tags.cncf.io/container-device-interface/specs-go v0.7.0 // indirect + tags.cncf.io/container-device-interface v0.8.0 // indirect + tags.cncf.io/container-device-interface/specs-go v0.8.0 // indirect ) diff --git a/go.sum b/go.sum index b56375f005db..6ea56985216c 100644 --- a/go.sum +++ b/go.sum @@ -290,8 +290,8 @@ github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2B github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= -github.com/Microsoft/hcsshim v0.11.0 h1:7EFNIY4igHEXUdj1zXgAyU3fLc7QfOKHbkldRVTBdiM= -github.com/Microsoft/hcsshim v0.11.0/go.mod h1:OEthFdQv/AD2RAdzR6Mm1N1KPCztGKDurW1Z8b8VGMM= +github.com/Microsoft/hcsshim v0.11.7 h1:vl/nj3Bar/CvJSYo7gIQPyRWc9f3c6IeSNavBTSZNZQ= +github.com/Microsoft/hcsshim v0.11.7/go.mod h1:MV8xMfmECjl5HdO7U/3/hFVnkmSBjAjmA09d4bExKcU= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I= github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= @@ -305,9 +305,9 @@ github.com/ajstarks/deck v0.0.0-20200831202436-30c9fc6549a9/go.mod h1:JynElWSGnm github.com/ajstarks/deck/generate v0.0.0-20210309230005-c3f852c02e19/go.mod h1:T13YZdzov6OU0A1+RfKZiZN9ca6VeKdBdyDV+BY97Tk= github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw= github.com/ajstarks/svgo v0.0.0-20211024235047-1546f124cd8b/go.mod h1:1KcenG0jGWcpt8ov532z81sp/kMMUG485J2InIOyADM= +github.com/akavel/rsrc v0.10.2/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c= github.com/alecthomas/kingpin/v2 v2.3.2/go.mod h1:0gyi0zQnjuFk8xrkNKamJoyUo382HRL7ATRpFZCw6tE= github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE= -github.com/alexflint/go-filemutex v1.1.0/go.mod h1:7P4iRhttt/nUvUOrYIhcpMzv2G6CY9UnI16Z+UJqRyk= github.com/alexflint/go-filemutex v1.2.0/go.mod h1:mYyQSWvw9Tx2/H2n9qXPb52tTYfE0pZAWcBq5mK025c= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= @@ -375,8 +375,9 @@ github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMn github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs= github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs= github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA= -github.com/cilium/ebpf v0.9.1 h1:64sn2K3UKw8NbP/blsixRpF3nXuyhz/VjRlRzvlBRu4= github.com/cilium/ebpf v0.9.1/go.mod h1:+OhNOIXx/Fnu1IE8bJz2dzOA+VSfyTfdNUVdlQnxUFY= +github.com/cilium/ebpf v0.11.0 h1:V8gS/bTCCjX9uUnkUFUpPsksM8n1lXBAvHcpiFk1X2Y= +github.com/cilium/ebpf v0.11.0/go.mod h1:WE7CZAnqOL2RouJ4f1uyNhqr2P4CCvXFIqdRDUgWsVs= github.com/cncf/udpa/go v0.0.0-20220112060539-c52dc94e7fbe/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20220314180256-7f1daf1720fc/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= @@ -397,13 +398,16 @@ github.com/containerd/cgroups v1.0.1/go.mod h1:0SJrPIenamHDcZhEcJMNBB85rHcUsw4f2 github.com/containerd/cgroups v1.0.4/go.mod h1:nLNQtsF7Sl2HxNebu77i1R0oDlhiTG+kO4JTrUzo6IA= github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw= -github.com/containerd/cgroups/v3 v3.0.2 h1:f5WFqIVSgo5IZmtTT3qVBo6TzI1ON6sycSBKkymb9L0= github.com/containerd/cgroups/v3 v3.0.2/go.mod h1:JUgITrzdFqp42uI2ryGA+ge0ap/nxzYgkGmIcetmErE= +github.com/containerd/cgroups/v3 v3.0.3 h1:S5ByHZ/h9PMe5IOQoN7E+nMc2UcLEM/V48DGDJ9kip0= +github.com/containerd/cgroups/v3 v3.0.3/go.mod h1:8HBe7V3aWGLFPd/k03swSIsGjZhHI2WzJmticMgVuz0= github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw= -github.com/containerd/console v1.0.3 h1:lIr7SlA5PxZyMV30bDW0MGbiOPXwc63yRuCP0ARubLw= github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= -github.com/containerd/containerd/api v1.7.19 h1:VWbJL+8Ap4Ju2mx9c9qS1uFSB1OVYr5JJrW2yT5vFoA= +github.com/containerd/console v1.0.4 h1:F2g4+oChYvBTsASRTz8NP6iIAi97J3TtSAsLbIFn4ro= +github.com/containerd/console v1.0.4/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk= github.com/containerd/containerd/api v1.7.19/go.mod h1:fwGavl3LNwAV5ilJ0sbrABL44AQxmNjDRcwheXDb6Ig= +github.com/containerd/containerd/api v1.8.0-rc.3 h1:q9MyeXmuAGEyKmUGYvvFftNX1RQhfTLsAvYK+SQHQso= +github.com/containerd/containerd/api v1.8.0-rc.3/go.mod h1:dFv4lt6S20wTu/hMcP4350RL87qPWLVa/OHOwmmdnYc= github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e/go.mod h1:EXlVlkqNba9rJe3j7w3Xa924itAMLgZH4UD/Q4PExuQ= github.com/containerd/continuity v0.3.0/go.mod h1:wJEAIwKOm/pBZuBd0JmeTvnLquTB1Ag8espWhkykbPM= github.com/containerd/continuity v0.4.3 h1:6HVkalIp+2u1ZLH1J/pYX2oBVXlJZvh1X1A7bEZ9Su8= @@ -415,13 +419,14 @@ github.com/containerd/fifo v1.1.0 h1:4I2mbh5stb1u6ycIABlBw9zgtlK8viPI9QkQNRQEEmY github.com/containerd/fifo v1.1.0/go.mod h1:bmC4NWMbXlt2EZ0Hc7Fx7QzTFxgPID13eH0Qu+MAb2o= github.com/containerd/fuse-overlayfs-snapshotter v1.0.8 h1:O471INHO59/fnSVE+B+THGjvRA2d1K6/FdpUuhNnXwk= github.com/containerd/fuse-overlayfs-snapshotter v1.0.8/go.mod h1:mY+oK2oQhlUk6hP5HNG28/OK9oqQpB2wK1w6sudC5gQ= -github.com/containerd/go-cni v1.1.6/go.mod h1:BWtoWl5ghVymxu6MBjg79W9NZrCRyHIdUtk4cauMe34= -github.com/containerd/go-cni v1.1.9 h1:ORi7P1dYzCwVM6XPN4n3CbkuOx/NZ2DOqy+SHRdo9rU= github.com/containerd/go-cni v1.1.9/go.mod h1:XYrZJ1d5W6E2VOvjffL3IZq0Dz6bsVlERHbekNK90PM= -github.com/containerd/go-runc v1.0.0 h1:oU+lLv1ULm5taqgV/CJivypVODI4SUz1znWjv3nNYS0= +github.com/containerd/go-cni v1.1.10 h1:c2U73nld7spSWfiJwSh/8W9DK+/qQwYM2rngIhCyhyg= +github.com/containerd/go-cni v1.1.10/go.mod h1:/Y/sL8yqYQn1ZG1om1OncJB1W4zN3YmjfP/ShCzG/OY= github.com/containerd/go-runc v1.0.0/go.mod h1:cNU0ZbCgCQVZK4lgG3P+9tn9/PaJNmoDXPpoJhDR+Ok= -github.com/containerd/imgcrypt v1.1.8 h1:ZS7TuywcRNLoHpU0g+v4/PsKynl6TYlw5xDVWWoIyFA= -github.com/containerd/imgcrypt v1.1.8/go.mod h1:x6QvFIkMyO2qGIY2zXc88ivEzcbgvLdWjoZyGqDap5U= +github.com/containerd/go-runc v1.1.0 h1:OX4f+/i2y5sUT7LhmcJH7GYrjjhHa1QI4e8yO0gGleA= +github.com/containerd/go-runc v1.1.0/go.mod h1:xJv2hFF7GvHtTJd9JqTS2UVxMkULUYw4JN5XAUZqH5U= +github.com/containerd/imgcrypt v1.1.11 h1:3RULIeLouE7B5l9NzMq0HdPWG0DP5deEVxB5UKxyUoU= +github.com/containerd/imgcrypt v1.1.11/go.mod h1:nXL4jp1GrtO758b16DVsxaHHzu9PravAsKARYmyHR58= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/containerd/nri v0.6.1 h1:xSQ6elnQ4Ynidm9u49ARK9wRKHs80HCUI+bkXOxV4mA= @@ -441,21 +446,20 @@ github.com/containerd/ttrpc v1.2.5 h1:IFckT1EFQoFBMG4c3sMdT8EP3/aKfumK1msY+Ze4oL github.com/containerd/ttrpc v1.2.5/go.mod h1:YCXHsb32f+Sq5/72xHubdiJRQY9inL4a4ZQrAbN1q9o= github.com/containerd/typeurl v1.0.2 h1:Chlt8zIieDbzQFzXzAeBEF92KhExuE4p9p92/QmY7aY= github.com/containerd/typeurl v1.0.2/go.mod h1:9trJWW2sRlGub4wZJRTW83VtbOLS6hwcDZXTn6oPz9s= -github.com/containerd/typeurl/v2 v2.1.1 h1:3Q4Pt7i8nYwy2KmQWIw2+1hTvwTE/6w9FqcttATPO/4= github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3HZj1hsSQlywkQ0= +github.com/containerd/typeurl/v2 v2.2.0 h1:6NBDbQzr7I5LHgp34xAXYF5DOTQDn05X58lsPEmzLso= +github.com/containerd/typeurl/v2 v2.2.0/go.mod h1:8XOOxnyatxSWuG8OfsZXVnAF4iZfedjS/8UHSPJnX4g= github.com/containerd/zfs v1.1.0 h1:n7OZ7jZumLIqNJqXrEc/paBM840mORnmGdJDmAmJZHM= github.com/containerd/zfs v1.1.0/go.mod h1:oZF9wBnrnQjpWLaPKEinrx3TQ9a+W/RJO7Zb41d8YLE= -github.com/containernetworking/cni v1.0.1/go.mod h1:AKuhXbN5EzmD4yTNtfSsX3tPcmtrBI6QcRV0NiNt15Y= -github.com/containernetworking/cni v1.1.1/go.mod h1:sDpYKmGVENF3s6uvMvGgldDWeG8dMxakj/u+i9ht9vw= -github.com/containernetworking/cni v1.1.2 h1:wtRGZVv7olUHMOqouPpn3cXJWpJgM6+EUl31EQbXALQ= github.com/containernetworking/cni v1.1.2/go.mod h1:sDpYKmGVENF3s6uvMvGgldDWeG8dMxakj/u+i9ht9vw= -github.com/containernetworking/plugins v1.1.1/go.mod h1:Sr5TH/eBsGLXK/h71HeLfX19sZPp3ry5uHSkI4LPxV8= +github.com/containernetworking/cni v1.2.3 h1:hhOcjNVUQTnzdRJ6alC5XF+wd9mfGIUaj8FuJbEslXM= +github.com/containernetworking/cni v1.2.3/go.mod h1:DuLgF+aPd3DzcTQTtp/Nvl1Kim23oFKdm2okJzBQA5M= github.com/containernetworking/plugins v1.2.0/go.mod h1:/VjX4uHecW5vVimFa1wkG4s+r/s9qIfPdqlLF4TW8c4= github.com/containernetworking/plugins v1.5.1 h1:T5ji+LPYjjgW0QM+KyrigZbLsZ8jaX+E5J/EcKOE4gQ= github.com/containernetworking/plugins v1.5.1/go.mod h1:MIQfgMayGuHYs0XdNudf31cLLAC+i242hNm6KuDGqCM= -github.com/containers/ocicrypt v1.1.8/go.mod h1:jM362hyBtbwLMWzXQZTlkjKGAQf/BN/LFMtH0FIRt34= -github.com/containers/ocicrypt v1.1.10 h1:r7UR6o8+lyhkEywetubUUgcKFjOWOaWz8cEBrCPX0ic= github.com/containers/ocicrypt v1.1.10/go.mod h1:YfzSSr06PTHQwSTUKqDSjish9BeW1E4HUmreluQcMd8= +github.com/containers/ocicrypt v1.2.0 h1:X14EgRK3xNFvJEfI5O4Qn4T3E25ANudSOZz/sirVuPM= +github.com/containers/ocicrypt v1.2.0/go.mod h1:ZNviigQajtdlxIZGibvblVuIFBKIuUI2M0QM12SD31U= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= @@ -523,10 +527,8 @@ github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI= github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= -github.com/docker/cli v23.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= -github.com/docker/cli v23.0.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= -github.com/docker/cli v24.0.7+incompatible h1:wa/nIwYFW7BVTGa7SWPVyyXU9lgORqUb1xfI36MSkFg= -github.com/docker/cli v24.0.7+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v27.1.2+incompatible h1:nYviRv5Y+YAKx3dFrTvS1ErkyVVunKOhoweCTE1BsnI= +github.com/docker/cli v27.1.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v25.0.6+incompatible h1:5cPwbwriIcsua2REJe8HqQV+6WlWc1byg2QSXzBxBGg= @@ -593,8 +595,8 @@ github.com/francoispqt/gojay v1.2.13 h1:d2m3sFjloqoIUQU3TsHBgj6qg/BVGlTBeHDUmyJn github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= github.com/frankban/quicktest v1.14.0/go.mod h1:NeW+ay9A/U67EYXNFA1nPE8e/tnQv/09mUdL/ijj8og= -github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY= -github.com/frankban/quicktest v1.14.4/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= +github.com/frankban/quicktest v1.14.5 h1:dfYrrRyLtiqT9GyKXgdh+k4inNeTvmGbuSgZ3lx3GhA= +github.com/frankban/quicktest v1.14.5/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= @@ -621,9 +623,9 @@ github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= -github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= -github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= +github.com/go-jose/go-jose/v4 v4.0.2 h1:R3l3kkBds16bO7ZFAEEcofK0MkrAJt3jlJznWZG0nvk= +github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/log v0.2.1/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= github.com/go-latex/latex v0.0.0-20210118124228-b3d85cf34e07/go.mod h1:CO1AlKB2CSIqUrmQPqA0gdRIlnLEY0gK5JGjh37zN5U= @@ -844,8 +846,9 @@ github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3/go.mod h1:o//XUCC/F+yRGJoPO/VU github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg= github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0= github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k= -github.com/hanwen/go-fuse/v2 v2.4.0 h1:12OhD7CkXXQdvxG2osIdBQLdXh+nmLXY9unkUIe/xaU= github.com/hanwen/go-fuse/v2 v2.4.0/go.mod h1:xKwi1cF7nXAOBCXujD5ie0ZKsxc8GGSA1rlMJc+8IJs= +github.com/hanwen/go-fuse/v2 v2.5.1 h1:OQBE8zVemSocRxA4OaFJbjJ5hlpCmIWbGr7r0M4uoQQ= +github.com/hanwen/go-fuse/v2 v2.5.1/go.mod h1:xKwi1cF7nXAOBCXujD5ie0ZKsxc8GGSA1rlMJc+8IJs= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -901,8 +904,9 @@ github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANyt github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= -github.com/intel/goresctrl v0.3.0 h1:K2D3GOzihV7xSBedGxONSlaw/un1LZgWsc9IfqipN4c= github.com/intel/goresctrl v0.3.0/go.mod h1:fdz3mD85cmP9sHD8JUlrNWAxvwM86CrbmVXltEKd7zk= +github.com/intel/goresctrl v0.7.0 h1:x6RclP6LiJc24t9mf47BRbjf06B8oVisZMBv31x3rKc= +github.com/intel/goresctrl v0.7.0/go.mod h1:T3ZZnuHSNouwELB5wvOoUJaB7l/4Rm23rJy/wuWJlr0= github.com/ipfs/boxo v0.10.0 h1:tdDAxq8jrsbRkYoF+5Rcqyeb91hgWe2hp7iLu7ORZLY= github.com/ipfs/boxo v0.10.0/go.mod h1:Fg+BnfxZ0RPzR0nOodzdIq3A7KgoWAOWsEIImrIQdBM= github.com/ipfs/go-cid v0.4.1 h1:A/T3qGvxi4kpKWWcPC/PgbvDA2bjVLO7n4UeVwnbs/s= @@ -950,6 +954,7 @@ github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22 github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= github.com/jonboulle/clockwork v0.4.0 h1:p4Cf1aMWXnXAUh8lVfewRBx1zaTSYKrKMF2g3ST4RZ4= github.com/jonboulle/clockwork v0.4.0/go.mod h1:xgRqUGwRcjKCO1vbZUEtSLrqKoPSsUpK7fnezOII0kc= +github.com/josephspurrier/goversioninfo v1.4.0/go.mod h1:JWzv5rKQr+MmW+LvM412ToT/IkYDZjaclF2pKDss8IY= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/josharian/native v1.1.0 h1:uuaP0hAbW7Y4l0ZRQ6C9zfb7Mg1mbFKry/xzDAfmtLA= @@ -966,8 +971,8 @@ github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfV github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= -github.com/k3s-io/containerd v1.7.20-k3s1 h1:FeCcavKY1couxHhedhVuqljxCTaalg14NewcOJAVe94= -github.com/k3s-io/containerd v1.7.20-k3s1/go.mod h1:SrCa3lpQtDlG5+nAyz2n0k7KpWqkxxpN5ve+GoO+irc= +github.com/k3s-io/containerd v1.7.21-k3s2 h1:QnveYvdMinAgN2vDlkulVMrpnde0irZv2q6dJsDQmBw= +github.com/k3s-io/containerd v1.7.21-k3s2/go.mod h1:T9perze1nIMl5JzddImIgsCEDaM0i8nAfnm+U48DmJw= github.com/k3s-io/cri-dockerd v0.3.12-k3s1 h1:jGTy2U1Nn8d9o23NwLV1NAigTBvePTA7XaZMifZ01Q4= github.com/k3s-io/cri-dockerd v0.3.12-k3s1/go.mod h1:S98trivsinxuNGQANgrZ9ComFqQkVv7vUvsXSNBRCFs= github.com/k3s-io/cri-tools v1.29.0-k3s1 h1:16IXZ5lbPCmZM8FkgSMAPkhI4O2wVGExe3qEZbisFT0= @@ -988,10 +993,10 @@ github.com/k3s-io/etcd/raft/v3 v3.5.13-k3s1 h1:yexUwAPPdmYfIMWOj6sSyJ2nEe8QOrFzN github.com/k3s-io/etcd/raft/v3 v3.5.13-k3s1/go.mod h1:uUFibGLn2Ksm2URMxN1fICGhk8Wu96EfDQyuLhAcAmw= github.com/k3s-io/etcd/server/v3 v3.5.13-k3s1 h1:Pqcxkg7V60c26ZpHoekP9QoUdLuduxFn827A/5CIwm4= github.com/k3s-io/etcd/server/v3 v3.5.13-k3s1/go.mod h1:K/8nbsGupHqmr5MkgaZpLlH1QdX1pcNQLAkODy44XcQ= -github.com/k3s-io/helm-controller v0.15.10 h1:TIfbbCbv8mJ1AquPzSxH3vMqIcqfgZ9Pr/Pq/jka/zc= -github.com/k3s-io/helm-controller v0.15.10/go.mod h1:AYitg40howLjKloL/zdjDDOPL1jg/K5R4af0tQcyPR8= -github.com/k3s-io/kine v0.11.11 h1:f1DhpGNjCDVd1HFWPbeA824YP7MtsrKgstoJ5M0SRgs= -github.com/k3s-io/kine v0.11.11/go.mod h1:L4x3qotFebVh1ZVzYwFVL5PPfqw2sRJTjDTIeViO70Y= +github.com/k3s-io/helm-controller v0.15.13 h1:sBpJEFCKy3Bfgk7fjGEnhC9fucrjU/UCuuhNvqDWK/A= +github.com/k3s-io/helm-controller v0.15.13/go.mod h1:xGN8KNHGkmlaCwyjNx281cR8IEqC9MJgyMaS3wn1k+o= +github.com/k3s-io/kine v0.12.0 h1:OWUdEAjwbZivVCwOWaPbTNnnQTrEmSW32+13UWQjYz4= +github.com/k3s-io/kine v0.12.0/go.mod h1:L4x3qotFebVh1ZVzYwFVL5PPfqw2sRJTjDTIeViO70Y= github.com/k3s-io/klog/v2 v2.100.1-k3s1 h1:xb/Ta8dpQuIZueQEw2YTZUYrKoILdBmPiITVkNmYPa0= github.com/k3s-io/klog/v2 v2.100.1-k3s1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= github.com/k3s-io/kube-router/v2 v2.2.1 h1:LrU6l4khFt67+QCIvgok9B/C9JY/U2/TaF9TCVUw0vw= @@ -1052,8 +1057,8 @@ github.com/k3s-io/kubernetes/staging/src/k8s.io/mount-utils v1.29.8-k3s1 h1:LPOt github.com/k3s-io/kubernetes/staging/src/k8s.io/mount-utils v1.29.8-k3s1/go.mod h1:4KmkE88Y4LDYrotr6iqMrolXDcWWY7UqmroXTO/sxFw= github.com/k3s-io/kubernetes/staging/src/k8s.io/pod-security-admission v1.29.8-k3s1 h1:1yfso1dRH7kQ03LmT8CEh7UQAax7bzUBeqpZ1m6gU0o= github.com/k3s-io/kubernetes/staging/src/k8s.io/pod-security-admission v1.29.8-k3s1/go.mod h1:3nvUgy9DAoVbLCBJcIBDCldv+vAc7hcHl6xJFRSpvb4= -github.com/k3s-io/runc v1.1.12-k3s1 h1:p2x48K2BbRdF8crLEB4xoJ1pdjSprlvNNGpYBBULHL4= -github.com/k3s-io/runc v1.1.12-k3s1/go.mod h1:S+lQwSfncpBha7XTy/5lBwWgm5+y5Ma/O44Ekby9FK8= +github.com/k3s-io/runc v1.1.14-k3s1 h1:PcwbBuIfjI9A0T1fq7XIdIxqYHWarDlRln7QsppQQmQ= +github.com/k3s-io/runc v1.1.14-k3s1/go.mod h1:E4C2z+7BxR7GHXp0hAY53mek+x49X1LjPNeMTfRGvOA= github.com/k3s-io/spegel v0.0.23-0.20240516234953-f3d2c4072314 h1:TrZb/yM0OtBuifPXlKaOfcxpJqzakA8+KsoO4c69ZLM= github.com/k3s-io/spegel v0.0.23-0.20240516234953-f3d2c4072314/go.mod h1:bMHfSjj1+Zf5VITCZe/wLjuni6rYAj/DjPU/kIVnhfA= github.com/karrick/godirwalk v1.17.0 h1:b4kY7nqDdioR/6qnbHQyDvmA17u5G1cZ6J+CZXwSWoI= @@ -1064,14 +1069,13 @@ github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQL github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/asmfmt v1.3.2/go.mod h1:AG8TuvYojzulgDAMCnYn50l/5QV3Bs/tp6j0HLHbNSE= -github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/compress v1.14.4/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/klauspost/compress v1.17.2/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= -github.com/klauspost/compress v1.17.7 h1:ehO88t2UGzQK66LMdE8tibEd1ErmzZjNEqWkjLAKQQg= -github.com/klauspost/compress v1.17.7/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= +github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= +github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.0.4/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= @@ -1241,8 +1245,10 @@ github.com/moby/sys/signal v0.7.0 h1:25RW3d5TnQEoKvRbEKUGay6DCQ46IxAVTT9CUMgmsSI github.com/moby/sys/signal v0.7.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg= github.com/moby/sys/symlink v0.2.0 h1:tk1rOM+Ljp0nFmfOIBtlV3rTDlWOwFRhjEeAhZB0nZc= github.com/moby/sys/symlink v0.2.0/go.mod h1:7uZVF2dqJjG/NsClqul95CqKOBRQyYSNnJ6BMgR/gFs= -github.com/moby/sys/user v0.1.0 h1:WmZ93f5Ux6het5iituh9x2zAG7NFY9Aqi49jjE1PaQg= -github.com/moby/sys/user v0.1.0/go.mod h1:fKJhFOnsCN6xZ5gSfbM6zaHGgDJMrqt9/reuj4T7MmU= +github.com/moby/sys/user v0.3.0 h1:9ni5DlcW5an3SvRSx4MouotOygvzaXbaSrc/wGDFWPo= +github.com/moby/sys/user v0.3.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs= +github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g= +github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28= github.com/moby/term v0.0.0-20210610120745-9d4ed1856297/go.mod h1:vgPCkQMyxTZ7IDy8SXRufE172gr8+K/JE/7hHFxHW3A= github.com/moby/term v0.0.0-20221205130635-1aeaba878587/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= @@ -1327,7 +1333,6 @@ github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= -github.com/onsi/ginkgo v1.13.0/go.mod h1:+REjRxOmWfHCjfv9TTWB1jD1Frx4XydAD3zm1lskyM0= github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= @@ -1352,7 +1357,6 @@ github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0 github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro= github.com/onsi/gomega v1.20.1/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeREyVo= @@ -1411,8 +1415,8 @@ github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58/go.mod h1:DXv8WO4yhM github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= -github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM= -github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs= +github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M= +github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/peterh/liner v1.2.2/go.mod h1:xFwJyiKIXJZUKItq5dGHZSTBRAuG/CpeNpWLyiNRNwI= @@ -1503,9 +1507,7 @@ github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQD github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfFZQK844Gfx8o5WFuvpxWRwnSoipWe/p622j1v06w= github.com/ruudk/golang-pdf417 v0.0.0-20201230142125-a7e3863a1245/go.mod h1:pQAZKsJ8yyVxGRWYNEm9oFB8ieLgKFnamEyDmSA0BRk= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/safchain/ethtool v0.0.0-20210803160452-9aa261dae9b1/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= github.com/safchain/ethtool v0.2.0/go.mod h1:WkKB1DnNtvsMlDmQ50sgwowDJV/hGbJSOvJoEXs1AJQ= -github.com/sclevine/agouti v3.0.0+incompatible/go.mod h1:b4WX9W9L1sfQKXeJf1mUTLZKJ48R1S7H23Ji7oFO5Bw= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= github.com/seccomp/libseccomp-golang v0.10.0 h1:aA4bp+/Zzi0BnWZ2F1wgNBs5gTpm+na2rWM6M9YjLpY= @@ -1585,8 +1587,9 @@ github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5q github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8= github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 h1:pnnLyeX7o/5aX8qUQ69P/mLojDqwda8hFOCBTmP/6hw= github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6/go.mod h1:39R/xuhNgVhi+K0/zst4TLrJrVmbm6LVgl4A0+ZFS5M= -github.com/stoewer/go-strcase v1.2.0 h1:Z2iHWqGXH00XYgqDmNgQbIBxf3wrNq0F3feEy0ainaU= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= +github.com/stoewer/go-strcase v1.3.0 h1:g0eASXYtp+yvN9fK8sH94oCIk0fau9uV1/ZdJ0AVEzs= +github.com/stoewer/go-strcase v1.3.0/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= @@ -1627,8 +1630,9 @@ github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtX github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.10/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.12/go.mod h1:sSBEIC79qR6OvcmsD4U3KABeOTxDqQtdDnaFuUN30b8= -github.com/urfave/cli v1.22.14 h1:ebbhrRiGK2i4naQJr+1Xj92HXZCrK7MsyTS/ob3HnAk= github.com/urfave/cli v1.22.14/go.mod h1:X0eDS6pD6Exaclxm99NJ3FiCDRED7vIHpx2mDOHLvkA= +github.com/urfave/cli v1.22.15 h1:nuqt+pdC/KqswQKhETJjo7pvn/k4xMUxgW6liI7XpnM= +github.com/urfave/cli v1.22.15/go.mod h1:wSan1hmo5zeyLGBjRJbzRTNk8gwoYa2B9n4q9dmRIc0= github.com/urfave/cli/v2 v2.27.2 h1:6e0H+AkS+zDckwPCUrZkKX38mRaau4nL2uipkJpbkcI= github.com/urfave/cli/v2 v2.27.2/go.mod h1:g0+79LmHHATl7DAcHO99smiR/T7uGLw84w8Y42x+4eM= github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaWq6kXyQ3VI= @@ -1639,7 +1643,6 @@ github.com/veraison/go-cose v1.0.0-rc.1/go.mod h1:7ziE85vSq4ScFTg6wyoMXjucIGOf4J github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU= github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= -github.com/vishvananda/netlink v1.1.1-0.20210330154013-f5de75959ad5/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho= github.com/vishvananda/netlink v1.2.1-beta.2 h1:Llsql0lnQEbHj0I1OuKyp8otXp0r3q0mPkuhwHfStVs= github.com/vishvananda/netlink v1.2.1-beta.2/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= @@ -1737,8 +1740,8 @@ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0/go.mod h go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0 h1:R3X6ZXmNPRR8ul6i3WgFURCHzaXjHdm0karRG/+dj3s= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0/go.mod h1:QWFXnDavXWwMx2EEcZsf3yxgEKAqsxQ+Syjp+seyInw= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0/go.mod h1:oVdCUtjq9MK9BlS7TtucsQwUcXcymNiEDjgDD2jMtZU= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.24.0 h1:Xw8U6u2f8DK2XAkGRFV7BBLENgnTGX9i4rQRxJf+/vs= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.24.0/go.mod h1:6KW1Fm6R/s6Z3PGXwSJN2K4eT6wQB3vXX6CVnYX9NmM= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.28.0 h1:j9+03ymgYhPKmeXGk5Zu+cIZOlVzd9Zv7QIiyItjFBU= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.28.0/go.mod h1:Y5+XiUG4Emn1hTfciPzGPJaSI+RpDts6BnCIir0SLqk= go.opentelemetry.io/otel/metric v1.18.0/go.mod h1:nNSpsVDjWGfb7chbRLUNW+PBNdcSTHD4Uu5pfFMOI0k= go.opentelemetry.io/otel/metric v1.19.0/go.mod h1:L5rUsV9kM1IxCj1MmSdS+JQAcVm319EUrDVLrt7jqt8= go.opentelemetry.io/otel/metric v1.20.0/go.mod h1:90DRw3nfK4D7Sm/75yQ00gTJxtkBxX+wu6YaNymbpVM= @@ -1943,8 +1946,6 @@ golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= @@ -2366,7 +2367,9 @@ sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= -tags.cncf.io/container-device-interface v0.7.2 h1:MLqGnWfOr1wB7m08ieI4YJ3IoLKKozEnnNYBtacDPQU= tags.cncf.io/container-device-interface v0.7.2/go.mod h1:Xb1PvXv2BhfNb3tla4r9JL129ck1Lxv9KuU6eVOfKto= -tags.cncf.io/container-device-interface/specs-go v0.7.0 h1:w/maMGVeLP6TIQJVYT5pbqTi8SCw/iHZ+n4ignuGHqg= +tags.cncf.io/container-device-interface v0.8.0 h1:8bCFo/g9WODjWx3m6EYl3GfUG31eKJbaggyBDxEldRc= +tags.cncf.io/container-device-interface v0.8.0/go.mod h1:Apb7N4VdILW0EVdEMRYXIDVRZfNJZ+kmEUss2kRRQ6Y= tags.cncf.io/container-device-interface/specs-go v0.7.0/go.mod h1:hMAwAbMZyBLdmYqWgYcKH0F/yctNpV3P35f+/088A80= +tags.cncf.io/container-device-interface/specs-go v0.8.0 h1:QYGFzGxvYK/ZLMrjhvY0RjpUavIn4KcmRmVP/JjdBTA= +tags.cncf.io/container-device-interface/specs-go v0.8.0/go.mod h1:BhJIkjjPh4qpys+qm4DAYtUyryaTDg9zris+AczXyws= diff --git a/manifests/coredns.yaml b/manifests/coredns.yaml index 0975205d1779..be0b2d407b26 100644 --- a/manifests/coredns.yaml +++ b/manifests/coredns.yaml @@ -120,7 +120,7 @@ spec: k8s-app: kube-dns containers: - name: coredns - image: "%{SYSTEM_DEFAULT_REGISTRY}%rancher/mirrored-coredns-coredns:1.10.1" + image: "%{SYSTEM_DEFAULT_REGISTRY}%rancher/mirrored-coredns-coredns:1.11.3" imagePullPolicy: IfNotPresent resources: limits: diff --git a/manifests/metrics-server/metrics-server-deployment.yaml b/manifests/metrics-server/metrics-server-deployment.yaml index a472f9b4e57c..ccddb6b21d43 100644 --- a/manifests/metrics-server/metrics-server-deployment.yaml +++ b/manifests/metrics-server/metrics-server-deployment.yaml @@ -44,7 +44,7 @@ spec: emptyDir: {} containers: - name: metrics-server - image: "%{SYSTEM_DEFAULT_REGISTRY}%rancher/mirrored-metrics-server:v0.7.0" + image: "%{SYSTEM_DEFAULT_REGISTRY}%rancher/mirrored-metrics-server:v0.7.2" args: - --cert-dir=/tmp - --secure-port=10250 diff --git a/manifests/traefik.yaml b/manifests/traefik.yaml index ac3b0e547956..8537deac1d90 100644 --- a/manifests/traefik.yaml +++ b/manifests/traefik.yaml @@ -28,7 +28,7 @@ spec: priorityClassName: "system-cluster-critical" image: repository: "rancher/mirrored-library-traefik" - tag: "2.10.7" + tag: "2.11.8" tolerations: - key: "CriticalAddonsOnly" operator: "Exists" diff --git a/pkg/agent/containerd/config.go b/pkg/agent/containerd/config.go index f2d4545606c4..9b01ac06f88e 100644 --- a/pkg/agent/containerd/config.go +++ b/pkg/agent/containerd/config.go @@ -1,6 +1,7 @@ package containerd import ( + "bufio" "fmt" "net" "net/url" @@ -46,7 +47,9 @@ func writeContainerdHosts(cfg *config.Node, containerdConfig templates.Container hosts := getHostConfigs(containerdConfig.PrivateRegistryConfig, containerdConfig.NoDefaultEndpoint, mirrorAddr) // Clean up previous configuration templates - os.RemoveAll(cfg.Containerd.Registry) + if err := cleanContainerdHosts(cfg.Containerd.Registry, hosts); err != nil { + return err + } // Write out new templates for host, config := range hosts { @@ -67,6 +70,48 @@ func writeContainerdHosts(cfg *config.Node, containerdConfig templates.Container return nil } +// cleanContainerdHosts removes any registry host config dirs containing a hosts.toml file +// with a header that indicates it was created by k3s, or directories where a hosts.toml +// is about to be written. Unmanaged directories not containing this file, or containing +// a file without the header, are left alone. +func cleanContainerdHosts(dir string, hosts HostConfigs) error { + // clean directories for any registries that we are about to generate a hosts.toml for + for host := range hosts { + hostsDir := filepath.Join(dir, host) + os.RemoveAll(hostsDir) + } + + // clean directories that contain a hosts.toml with a header indicating it was created by k3s + ents, err := os.ReadDir(dir) + if err != nil && !os.IsNotExist(err) { + return err + } + + for _, ent := range ents { + if !ent.IsDir() { + continue + } + hostsFile := filepath.Join(dir, ent.Name(), "hosts.toml") + file, err := os.Open(hostsFile) + if err != nil { + if os.IsNotExist(err) { + continue + } + return err + } + line, err := bufio.NewReader(file).ReadString('\n') + if err != nil { + continue + } + if line == templates.HostsTomlHeader { + hostsDir := filepath.Join(dir, ent.Name()) + os.RemoveAll(hostsDir) + } + } + + return nil +} + // getHostConfigs merges the registry mirrors/configs into HostConfig template structs func getHostConfigs(registry *registries.Registry, noDefaultEndpoint bool, mirrorAddr string) HostConfigs { hosts := map[string]templates.HostConfig{} diff --git a/pkg/agent/templates/templates.go b/pkg/agent/templates/templates.go index c910fb61b914..b233066e376e 100644 --- a/pkg/agent/templates/templates.go +++ b/pkg/agent/templates/templates.go @@ -8,6 +8,7 @@ import ( "github.com/rancher/wharfie/pkg/registries" "github.com/k3s-io/k3s/pkg/daemons/config" + "github.com/k3s-io/k3s/pkg/version" ) type ContainerdRuntimeConfig struct { @@ -40,6 +41,8 @@ type HostConfig struct { Endpoints []RegistryEndpoint } +var HostsTomlHeader = "# File generated by " + version.Program + ". DO NOT EDIT." + const HostsTomlTemplate = ` {{- /* */ -}} # File generated by {{ .Program }}. DO NOT EDIT. diff --git a/pkg/bootstrap/bootstrap.go b/pkg/bootstrap/bootstrap.go index b3c1242afd7b..ebc63a275808 100644 --- a/pkg/bootstrap/bootstrap.go +++ b/pkg/bootstrap/bootstrap.go @@ -33,13 +33,13 @@ func ReadFromDisk(w io.Writer, bootstrap *config.ControlRuntimeBootstrap) error if path == "" { continue } - data, err := os.ReadFile(path) + info, err := os.Stat(path) if err != nil { - logrus.Warnf("failed to read %s", path) + logrus.Warnf("failed to stat %s: %v", pathKey, err) continue } - info, err := os.Stat(path) + data, err := os.ReadFile(path) if err != nil { return err } diff --git a/pkg/cluster/bootstrap.go b/pkg/cluster/bootstrap.go index 4b8edbb3bf2d..7dd224693ba4 100644 --- a/pkg/cluster/bootstrap.go +++ b/pkg/cluster/bootstrap.go @@ -30,7 +30,7 @@ import ( // Bootstrap attempts to load a managed database driver, if one has been initialized or should be created/joined. // It then checks to see if the cluster needs to load bootstrap data, and if so, loads data into the -// ControlRuntimeBoostrap struct, either via HTTP or from the datastore. +// ControlRuntimeBootstrap struct, either via HTTP or from the datastore. func (c *Cluster) Bootstrap(ctx context.Context, clusterReset bool) error { if err := c.assignManagedDriver(ctx); err != nil { return err diff --git a/pkg/daemons/config/types.go b/pkg/daemons/config/types.go index dc1d7221f2f0..44a084c92305 100644 --- a/pkg/daemons/config/types.go +++ b/pkg/daemons/config/types.go @@ -288,18 +288,18 @@ func (c *Control) Loopback(urlSafe bool) string { } type ControlRuntimeBootstrap struct { - ETCDServerCA string - ETCDServerCAKey string - ETCDPeerCA string - ETCDPeerCAKey string - ServerCA string - ServerCAKey string - ClientCA string - ClientCAKey string - ServiceKey string + ETCDServerCA string `rotate:"true"` + ETCDServerCAKey string `rotate:"true"` + ETCDPeerCA string `rotate:"true"` + ETCDPeerCAKey string `rotate:"true"` + ServerCA string `rotate:"true"` + ServerCAKey string `rotate:"true"` + ClientCA string `rotate:"true"` + ClientCAKey string `rotate:"true"` + ServiceKey string `rotate:"true"` PasswdFile string - RequestHeaderCA string - RequestHeaderCAKey string + RequestHeaderCA string `rotate:"true"` + RequestHeaderCAKey string `rotate:"true"` IPSECKey string EncryptionConfig string EncryptionHash string diff --git a/pkg/deploy/zz_generated_bindata.go b/pkg/deploy/zz_generated_bindata.go index 9eb4d80d19cd..565fed64d2f8 100644 --- a/pkg/deploy/zz_generated_bindata.go +++ b/pkg/deploy/zz_generated_bindata.go @@ -112,7 +112,7 @@ func ccmYaml() (*asset, error) { return a, nil } -var _corednsYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xb4\x57\xdf\x6f\xe3\xbe\x0d\x7f\xcf\x5f\x21\x18\xe8\xcb\x30\xa7\xcd\x8a\xbb\x75\x7a\xeb\x25\xe9\x5d\xb0\x36\x17\x24\xe9\x01\xc5\x30\x14\x8a\xcc\xc4\x5a\x65\x51\x93\xe4\xb4\xd9\xad\xff\xfb\x20\xff\x8a\x95\xb8\xbd\xb6\xbb\x6f\x5e\x62\x9b\x22\x29\x7e\x44\x7e\x48\x31\x2d\x7e\x80\xb1\x02\x15\x25\xdb\x41\xef\x41\xa8\x84\x92\x05\x98\xad\xe0\x70\xc9\x39\xe6\xca\xf5\x32\x70\x2c\x61\x8e\xd1\x1e\x21\x8a\x65\x40\x09\x47\x03\x89\xb2\xd5\xbb\xd5\x8c\x03\x25\x0f\xf9\x0a\x62\xbb\xb3\x0e\xb2\x5e\x1c\xc7\xbd\xb6\x69\xb3\x62\xbc\xcf\x72\x97\xa2\x11\xff\x61\x4e\xa0\xea\x3f\x5c\xd8\xbe\xc0\xd3\xc6\xe9\x50\xe6\xd6\x81\x99\xa3\x84\xc0\xa3\x64\x2b\x90\xd6\x3f\x91\xc2\x85\x51\xe0\xa0\x50\x5d\x21\x3a\xeb\x0c\xd3\x5a\xa8\x4d\xe9\x23\x4e\x60\xcd\x72\xe9\x6c\xb3\xd5\x72\x43\xb4\xde\xb1\xc9\x25\x58\xda\x8b\x09\xd3\xe2\xab\xc1\x5c\x17\x96\x63\x12\x45\x3d\x42\x0c\x58\xcc\x0d\x87\xea\x1b\xa8\x44\xa3\x50\x85\xb1\x98\xd8\x12\x94\xf2\x45\x63\x52\x3e\x34\xf1\xfb\xd7\x2d\x98\x55\xa5\x2b\x85\x75\xc5\xc3\x23\x73\x3c\x3d\xf6\x97\x08\xcb\x71\x0b\x66\x57\xe1\xf0\x8a\x77\x29\x7e\x69\xfd\xff\x42\xfb\x8b\x50\x89\x50\x9b\x00\x74\xa6\x14\xba\x42\xb3\x42\xbe\xcb\x64\x70\x18\x2c\x77\x98\xeb\x84\x39\xa0\x24\x72\x26\x87\xe8\xf7\x9f\x1d\x4a\x98\xc3\xba\xd8\x5f\x85\xe6\x2b\xb1\xf6\x08\x39\x4e\xac\x17\x2c\xdb\x7c\xf5\x2f\xe0\xae\x48\x8c\xce\x12\xf8\x70\xe2\xef\x01\x47\xb5\x16\x9b\x1b\xa6\x3f\x52\x4e\xf5\xf2\x21\x1a\x58\x0b\x09\x94\xfc\xb7\xc0\xb4\x4f\x3f\x9d\x93\x9f\xc5\xa3\xff\x81\x31\x68\x6c\xf3\x9a\x02\x93\x2e\x6d\x5e\x0d\xb0\x64\xd7\xbc\xed\x8f\x83\x9c\xfc\x1c\x5e\xdf\x2e\x96\xe3\xf9\xfd\xe8\xfb\xcd\xe5\x64\xfa\x7c\x42\x84\x8a\x59\x92\x98\x3e\x33\x9a\x11\xa1\x3f\x97\x0f\x7b\x4f\xa4\xa8\x00\x22\x94\x05\x9e\x1b\x68\x7d\x5f\x33\x29\x5d\x6a\x30\xdf\xa4\xdd\x56\x9a\xb5\xcf\xfb\x8d\xa2\x75\x96\x9c\x82\xe3\xa7\x15\x14\xa7\x53\x4c\xe0\x5b\xf1\xb9\xed\xd4\x39\x49\x3e\x9f\xb5\x3e\x18\x90\xc8\x12\x32\xf8\x64\xbb\xb7\xd0\xe1\x4c\x1b\xcc\xc0\xa5\x90\x5b\x42\xff\x36\xf8\x74\xde\x08\xd6\x68\x1e\x99\x49\x48\xbf\xdc\x89\x2f\x47\xb9\xed\x73\x54\xeb\x66\x09\x67\x3c\x05\x72\xbe\xdf\x81\x44\xd4\xbd\x70\x33\x2d\x19\x4b\x56\x4c\x32\xc5\xf7\xf8\x88\x4c\xa3\x71\x61\xa8\x3c\xb7\x0e\xb3\xd3\x3f\xf5\x3d\x1f\x18\x91\x94\xab\xcb\x0d\xbf\xba\xde\x33\x12\x98\xa3\x94\x63\x5a\xdb\x7d\xa1\x8f\x40\x4b\xdc\x65\xf0\x31\x1e\x3f\x28\xe1\x0b\x1b\x33\xad\xab\x25\xa5\xe2\x61\x61\x97\x86\x23\x9f\xa9\xa3\xe9\x22\xea\x59\x0d\x9c\x16\xec\xb6\x15\x7e\x7f\xdf\x84\x75\x68\x76\xd7\x22\x13\x8e\x12\x8f\xa4\xa7\x01\x07\x9b\x5d\xe9\xc3\xed\x34\x50\x32\x47\x29\x85\xda\xdc\x16\x84\x52\x12\x50\xfb\x0b\xad\x00\xcd\xd8\xd3\xad\x62\x5b\x26\x24\x5b\xf9\xaa\x18\x78\x73\x20\x81\x3b\x34\xe5\x9a\xcc\x13\xe4\x75\x2b\x86\xee\x28\x1c\x64\x5a\x36\x86\xdb\x40\x15\x27\x19\xe8\xbf\x84\x43\x1d\x69\x99\x64\x02\x8d\x70\xbb\xa1\x64\xd6\x4e\x4b\x48\x4a\x48\x63\x5e\xd2\x51\xcc\x8d\x70\x82\x33\x19\x55\x2a\x36\x60\x9c\xe9\xc1\xf9\x14\xd0\xa0\x04\xd3\x26\x65\xff\x8b\xc9\x03\xec\x3c\xe0\x95\xb9\xcb\x24\x41\x65\xbf\x2b\xb9\x8b\x5a\x25\x81\xda\x6b\xa2\xa1\x24\x1a\x3f\x09\xeb\x6c\x74\x64\x40\x61\x02\xb1\xa7\xd8\x03\x62\xe7\xa8\x9c\x41\x19\x6b\xc9\x14\xbc\xd1\x26\x21\xb0\x5e\x03\x77\x94\x44\x53\x5c\xf0\x14\x92\x5c\xc2\xdb\x5d\x66\xcc\x23\xf4\x3b\x7c\x79\x0f\x8b\x20\x21\x8e\x33\x16\x2d\x25\x52\xa8\xfc\xa9\x81\x59\xa3\xc4\xcd\x6e\xa1\x3d\x63\x0e\x51\xf9\x04\xf5\x8d\xb8\x0d\x7a\xc6\x9e\x16\x0f\xf0\x58\xa6\x5c\xfd\xab\x35\xff\xee\xa3\x0b\x9d\x78\x8a\xf3\xa5\xd1\x5a\xfd\x98\x82\xba\x55\x96\x39\x61\xd7\xa2\xcc\xdf\x11\x4e\xd1\xd5\x31\xb4\x96\x16\x09\x78\x1c\xc7\x0b\x09\xfe\x7a\x9a\x12\xe2\x4f\x94\x09\x05\xa6\xd1\x88\x8f\xf8\xa0\xfc\x89\x8c\x6d\x7c\xea\x9e\xfc\x5c\xdc\x2d\x96\xe3\x9b\xfb\xd1\xf8\xea\xf2\xf6\x7a\x79\x3f\x1f\x7f\x9d\x2c\x96\xf3\xbb\xe7\x13\xc3\x14\x4f\xc1\x9c\x66\xc2\x37\x1f\x48\xe2\xca\x46\xfd\x4f\x07\xfd\xc1\x59\x7f\x10\x85\x36\x67\xb9\x94\x33\x94\x82\xef\x28\x99\xac\xa7\xe8\x66\x06\x2c\x14\x8d\xb6\xfc\x05\xc3\x50\x03\x83\x27\x8d\x83\x30\x33\xc8\xd0\xec\x28\x19\xfc\xf5\xec\x46\x04\x9d\xe1\xdf\x39\xd8\xc3\xd5\x5c\xe7\x94\x0c\xce\xce\xb2\x4e\x1b\x81\x09\x66\x36\x96\x92\x7f\x90\x28\xf6\x2d\x20\xfa\x33\x89\x02\x16\xae\x5b\x71\x44\xfe\xd9\xa8\x6c\x51\xe6\x19\xdc\xf8\xfa\x0d\x92\xa5\x06\xd7\x4f\x00\x71\xb9\xa8\xe5\x3f\xf3\xeb\x67\xcc\xa5\x34\xe0\xf9\x20\x16\x96\xf8\x8a\xa6\xc4\x0f\x56\xc7\x86\x8b\x86\x10\xbf\xd3\x7e\xd5\x47\x7e\xed\xc6\x77\xa0\x20\x9c\x26\x7f\x66\x68\x1c\x25\xad\x16\x5a\xf7\x95\x70\xfb\xda\xa0\x43\x8e\x92\x92\xdb\xd1\xec\xbd\x76\x62\xc7\x75\xa7\xad\xe5\xf0\x15\x5b\x41\x63\xaf\xad\x65\xe0\x8c\xe0\xdd\x3b\x6b\x5b\x2b\x66\x1a\x4f\xde\xa8\x1c\x3c\xb9\x76\x06\x31\x29\xf1\x71\x66\xc4\x56\x48\xd8\xc0\xd8\x72\x26\x0b\x42\xa6\x7e\xe8\xb0\x6d\xd4\x39\xd3\x6c\x25\xa4\x70\x02\x0e\x72\x90\x25\x49\xf8\x21\x26\xd3\xf1\xf2\xfe\xcb\x64\x3a\xba\x5f\x8c\xe7\x3f\x26\xc3\x71\x20\x4e\x0c\xea\x43\x05\x26\x65\xc7\xc1\xcd\x11\xdd\x95\x90\x50\x4d\xb7\xe1\x31\x4a\xb1\x05\x05\xd6\xce\x0c\xae\xa0\x6d\x2f\x75\x4e\x7f\x05\x17\xba\xd0\x65\xbe\x1c\x8c\x90\xa4\x4a\x07\x4a\x2e\xce\x2e\xce\x82\xcf\x96\xa7\xe0\x41\xfe\xb6\x5c\xce\x5a\x02\xa1\x84\x13\x4c\x8e\x40\xb2\xdd\x02\x38\xaa\xc4\xd2\x70\x84\xd3\x60\x04\x26\x8d\x6c\xd0\x96\x39\x91\x01\xe6\x6e\x2f\x6c\xc9\x6c\xce\x39\x58\xbb\x4c\x0d\xd8\x14\x65\x12\x4a\xd7\x4c\xc8\xdc\x40\x4b\x7a\x1e\x0c\xc2\xe2\xdd\x50\x84\xe3\x73\x0b\x89\xc1\xc5\xe0\xc3\x48\xbc\x02\xc4\x5f\xfe\x60\x1c\x12\x65\x6b\x06\x1e\x95\x17\xaf\x4a\x50\x12\xc8\x3b\x08\x8c\xd7\x57\x9b\x10\xb7\xee\x96\x52\x40\xe1\x20\xb3\x87\x29\x5d\x8c\x04\x35\xab\x1e\x74\xb2\xf2\x08\x3a\x85\x95\x62\x73\x5f\xe8\xd4\x3c\x96\xbe\x91\x3b\xdf\x12\x5a\x7c\x44\xa4\x7e\x5e\xf1\xac\xc0\x64\x55\x83\x2f\xde\x0a\xab\x6b\x66\xc7\x68\xde\xea\xd9\x2f\xce\xe6\x47\xb7\xf4\xfd\xdd\xc6\xcf\x1c\x65\x7e\x46\x9e\x0b\xa3\x0e\xb1\xe5\x86\xe9\x17\x6f\xeb\x6f\x18\xf5\xeb\x49\xb6\x9a\x5c\x5b\x96\xde\x7a\x29\x08\x67\xf5\x2e\x9f\x95\x8f\xc9\x8c\xb6\xaf\xa9\xd3\xc5\xf3\x49\x5b\x68\x0f\xa4\xf7\xd7\x93\xc5\xb2\x58\xd2\x34\xaf\xf8\xa0\x35\xe9\x76\xcf\x39\xec\x50\x71\x47\xff\x79\x41\xa1\x6c\x1c\x71\x47\x8b\xd1\x61\x27\x3a\x54\x11\xfa\x8a\x65\x42\xee\xea\x22\x0c\x03\x98\xcc\xae\x2e\x6f\x26\xd7\x77\xb3\xef\xd7\x93\xe1\xdd\xf3\x49\xef\x7f\x01\x00\x00\xff\xff\x61\xf9\xe3\x68\xa9\x13\x00\x00") +var _corednsYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xb4\x57\xdf\x6f\xe3\xbe\x0d\x7f\xcf\x5f\x21\x18\xe8\xcb\x30\xa7\xcd\x8a\xbb\x75\x7a\xeb\x25\xe9\x5d\xb0\x36\x17\x24\xe9\x01\xc5\x30\x14\x8a\xcc\xc4\x5a\x65\x51\x93\xe4\xb4\xd9\xad\xff\xfb\x20\xff\x8a\x95\xb8\xbd\xb6\xbb\x6f\x5e\x62\x9b\x22\x29\x7e\x44\x7e\x48\x31\x2d\x7e\x80\xb1\x02\x15\x25\xdb\x41\xef\x41\xa8\x84\x92\x05\x98\xad\xe0\x70\xc9\x39\xe6\xca\xf5\x32\x70\x2c\x61\x8e\xd1\x1e\x21\x8a\x65\x40\x09\x47\x03\x89\xb2\xd5\xbb\xd5\x8c\x03\x25\x0f\xf9\x0a\x62\xbb\xb3\x0e\xb2\x5e\x1c\xc7\xbd\xb6\x69\xb3\x62\xbc\xcf\x72\x97\xa2\x11\xff\x61\x4e\xa0\xea\x3f\x5c\xd8\xbe\xc0\xd3\xc6\xe9\x50\xe6\xd6\x81\x99\xa3\x84\xc0\xa3\x64\x2b\x90\xd6\x3f\x91\xc2\x85\x51\xe0\xa0\x50\x5d\x21\x3a\xeb\x0c\xd3\x5a\xa8\x4d\xe9\x23\x4e\x60\xcd\x72\xe9\x6c\xb3\xd5\x72\x43\xb4\xde\xb1\xc9\x25\x58\xda\x8b\x09\xd3\xe2\xab\xc1\x5c\x17\x96\x63\x12\x45\x3d\x42\x0c\x58\xcc\x0d\x87\xea\x1b\xa8\x44\xa3\x50\x85\xb1\x98\xd8\x12\x94\xf2\x45\x63\x52\x3e\x34\xf1\xfb\xd7\x2d\x98\x55\xa5\x2b\x85\x75\xc5\xc3\x23\x73\x3c\x3d\xf6\x97\x08\xcb\x71\x0b\x66\x57\xe1\xf0\x8a\x77\x29\x7e\x69\xfd\xff\x42\xfb\x8b\x50\x89\x50\x9b\x00\x74\xa6\x14\xba\x42\xb3\x42\xbe\xcb\x64\x70\x18\x2c\x77\x98\xeb\x84\x39\xa0\x24\x72\x26\x87\xe8\xf7\x9f\x1d\x4a\x98\xc3\xba\xd8\x5f\x85\xe6\x2b\xb1\xf6\x08\x39\x4e\xac\x17\x2c\xdb\x7c\xf5\x2f\xe0\xae\x48\x8c\xce\x12\xf8\x70\xe2\xef\x01\x47\xb5\x16\x9b\x1b\xa6\x3f\x52\x4e\xf5\xf2\x21\x1a\x58\x0b\x09\x94\xfc\xb7\xc0\xb4\x4f\x3f\x9d\x93\x9f\xc5\xa3\xff\x81\x31\x68\x6c\xf3\x9a\x02\x93\x2e\x6d\x5e\x0d\xb0\x64\xd7\xbc\xed\x8f\x83\x9c\xfc\x1c\x5e\xdf\x2e\x96\xe3\xf9\xfd\xe8\xfb\xcd\xe5\x64\xfa\x7c\x42\x84\x8a\x59\x92\x98\x3e\x33\x9a\x11\xa1\x3f\x97\x0f\x7b\x4f\xa4\xa8\x00\x22\x94\x05\x9e\x1b\x68\x7d\x5f\x33\x29\x5d\x6a\x30\xdf\xa4\xdd\x56\x9a\xb5\xcf\xfb\x8d\xa2\x75\x96\x9c\x82\xe3\xa7\x15\x14\xa7\x53\x4c\xe0\x5b\xf1\xb9\xed\xd4\x39\x49\x3e\x9f\xb5\x3e\x18\x90\xc8\x12\x32\xf8\x64\xbb\xb7\xd0\xe1\x4c\x1b\xcc\xc0\xa5\x90\x5b\x42\xff\x36\xf8\x74\xde\x08\xd6\x68\x1e\x99\x49\x48\xbf\xdc\x89\x2f\x47\xb9\xed\x73\x54\xeb\x66\x09\x67\x3c\x05\x72\xbe\xdf\x81\x44\xd4\xbd\x70\x33\x2d\x19\x4b\x56\x4c\x32\xc5\xf7\xf8\x88\x4c\xa3\x71\x61\xa8\x3c\xb7\x0e\xb3\xd3\x3f\xf5\x3d\x1f\x18\x91\x94\xab\xcb\x0d\xbf\xba\xde\x33\x12\x98\xa3\x94\x63\x5a\xdb\x7d\xa1\x8f\x40\x4b\xdc\x65\xf0\x31\x1e\x3f\x28\xe1\x0b\x1b\x33\xad\xab\x25\xa5\xe2\x61\x61\x97\x86\x23\x9f\xa9\xa3\xe9\x22\xea\x59\x0d\x9c\x16\xec\xb6\x15\x7e\x7f\xdf\x84\x75\x68\x76\xd7\x22\x13\x8e\x12\x8f\xa4\xa7\x01\x07\x9b\x5d\xe9\xc3\xed\x34\x50\x32\x47\x29\x85\xda\xdc\x16\x84\x52\x12\x50\xfb\x0b\xad\x00\xcd\xd8\xd3\xad\x62\x5b\x26\x24\x5b\xf9\xaa\x18\x78\x73\x20\x81\x3b\x34\xe5\x9a\xcc\x13\xe4\x75\x2b\x86\xee\x28\x1c\x64\x5a\x36\x86\xdb\x40\x15\x27\x19\xe8\xbf\x84\x43\x1d\x69\x99\x64\x02\x8d\x70\xbb\xa1\x64\xd6\x4e\x4b\x48\x4a\x48\x63\x5e\xd2\x51\xcc\x8d\x70\x82\x33\x19\x55\x2a\x36\x60\x9c\xe9\xc1\xf9\x14\xd0\xa0\x04\xd3\x26\x65\xff\x8b\xc9\x03\xec\x3c\xe0\x95\xb9\xcb\x24\x41\x65\xbf\x2b\xb9\x8b\x5a\x25\x81\xda\x6b\xa2\xa1\x24\x1a\x3f\x09\xeb\x6c\x74\x64\x40\x61\x02\xb1\xa7\xd8\x03\x62\xe7\xa8\x9c\x41\x19\x6b\xc9\x14\xbc\xd1\x26\x21\xb0\x5e\x03\x77\x94\x44\x53\x5c\xf0\x14\x92\x5c\xc2\xdb\x5d\x66\xcc\x23\xf4\x3b\x7c\x79\x0f\x8b\x20\x21\x8e\x33\x16\x2d\x25\x52\xa8\xfc\xa9\x81\x59\xa3\xc4\xcd\x6e\xa1\x3d\x63\x0e\x51\xf9\x04\xf5\x8d\xb8\x0d\x7a\xc6\x9e\x16\x0f\xf0\x58\xa6\x5c\xfd\xab\x35\xff\xee\xa3\x0b\x9d\x78\x8a\xf3\xa5\xd1\x5a\xfd\x98\x82\xba\x55\x96\x39\x61\xd7\xa2\xcc\xdf\x11\x4e\xd1\xd5\x31\xb4\x96\x16\x09\x78\x1c\xc7\x0b\x09\xfe\x7a\x9a\x12\xe2\x4f\x94\x09\x05\xa6\xd1\x88\x8f\xf8\xa0\xfc\x89\x8c\x6d\x7c\xea\x9e\xfc\x5c\xdc\x2d\x96\xe3\x9b\xfb\xd1\xf8\xea\xf2\xf6\x7a\x79\x3f\x1f\x7f\x9d\x2c\x96\xf3\xbb\xe7\x13\xc3\x14\x4f\xc1\x9c\x66\xc2\x37\x1f\x48\xe2\xca\x46\xfd\x4f\x07\xfd\xc1\xa0\x7f\x1e\x85\x36\x67\xb9\x94\x33\x94\x82\xef\x28\x99\xac\xa7\xe8\x66\x06\x2c\x14\x8d\xb6\xfc\x05\xc3\x50\x03\x83\x27\x8d\x83\x30\x33\xc8\xd0\xec\x28\x19\xfc\xf5\xec\x46\x04\x9d\xe1\xdf\x39\xd8\xc3\xd5\x5c\xe7\x94\x0c\xce\xce\xb2\x4e\x1b\x81\x09\x66\x36\x96\x92\x7f\x90\x28\xf6\x2d\x20\xfa\x33\x89\x02\x16\xae\x5b\x71\x44\xfe\xd9\xa8\x6c\x51\xe6\x19\xdc\xf8\xfa\x0d\x92\xa5\x06\xd7\x4f\x00\x71\xb9\xa8\xe5\x3f\xf3\xeb\x67\xcc\xa5\x34\xe0\xf9\x20\x16\x96\xf8\x8a\xa6\xc4\x0f\x56\xc7\x86\x8b\x86\x10\xbf\xd3\x7e\xd5\x47\x7e\xed\xc6\x77\xa0\x20\x9c\x26\x7f\x66\x68\x1c\x25\xad\x16\x5a\xf7\x95\x70\xfb\xda\xa0\x43\x8e\x92\x92\xdb\xd1\xec\xbd\x76\x62\xc7\x75\xa7\xad\xe5\xf0\x15\x5b\x41\x63\xaf\xad\x65\xe0\x8c\xe0\xdd\x3b\x6b\x5b\x2b\x66\x1a\x4f\xde\xa8\x1c\x3c\xb9\x76\x06\x31\x29\xf1\x71\x66\xc4\x56\x48\xd8\xc0\xd8\x72\x26\x0b\x42\xa6\x7e\xe8\xb0\x6d\xd4\x39\xd3\x6c\x25\xa4\x70\x02\x0e\x72\x90\x25\x49\xf8\x21\x26\xd3\xf1\xf2\xfe\xcb\x64\x3a\xba\x5f\x8c\xe7\x3f\x26\xc3\x71\x20\x4e\x0c\xea\x43\x05\x26\x65\xc7\xc1\xcd\x11\xdd\x95\x90\x50\x4d\xb7\xe1\x31\x4a\xb1\x05\x05\xd6\xce\x0c\xae\xa0\x6d\x2f\x75\x4e\x7f\x05\x17\xba\xd0\x65\xbe\x1c\x8c\x90\xa4\x4a\x07\x4a\x2e\xce\x2e\xce\x82\xcf\x96\xa7\xe0\x41\xfe\xb6\x5c\xce\x5a\x02\xa1\x84\x13\x4c\x8e\x40\xb2\xdd\x02\x38\xaa\xc4\xd2\x70\x84\xd3\x60\x04\x26\x8d\x6c\xd0\x96\x39\x91\x01\xe6\x6e\x2f\x6c\xc9\x6c\xce\x39\x58\xbb\x4c\x0d\xd8\x14\x65\x12\x4a\xd7\x4c\xc8\xdc\x40\x4b\x7a\x1e\x0c\xc2\xe2\xdd\x50\x84\xe3\x73\x0b\x89\xc1\xc5\xe0\xc3\x48\xbc\x02\xc4\x5f\xfe\x60\x1c\x12\x65\x6b\x06\x1e\x95\x17\xaf\x4a\x50\x12\xc8\x3b\x08\x8c\xd7\x57\x9b\x10\xb7\xee\x96\x52\x40\xe1\x20\xb3\x87\x29\x5d\x8c\x04\x35\xab\x1e\x74\xb2\xf2\x08\x3a\x85\x95\x62\x73\x5f\xe8\xd4\x3c\x96\xbe\x91\x3b\xdf\x12\x5a\x7c\x44\xa4\x7e\x5e\xf1\xac\xc0\x64\x55\x83\x2f\xde\x0a\xab\x6b\x66\xc7\x68\xde\xea\xd9\x2f\xce\xe6\x47\xb7\xf4\xfd\xdd\xc6\xcf\x1c\x65\x7e\x46\x9e\x0b\xa3\x0e\xb1\xe5\x86\xe9\x17\x6f\xeb\x6f\x18\xf5\xeb\x49\xb6\x9a\x5c\x5b\x96\xde\x7a\x29\x08\x67\xf5\x2e\x9f\x95\x8f\xc9\x8c\xb6\xaf\xa9\xd3\xc5\xf3\x49\x5b\x68\x0f\xa4\xf7\xd7\x93\xc5\xb2\x58\xd2\x34\xaf\xf8\xa0\x35\xe9\x76\xcf\x39\xec\x50\x71\x47\xff\x79\x41\xa1\x6c\x1c\x71\x47\x8b\xd1\x61\x27\x3a\x54\x11\xfa\x8a\x65\x42\xee\xea\x22\x0c\x03\x98\xcc\xae\x2e\x6f\x26\xd7\x77\xb3\xef\xd7\x93\xe1\xdd\xf3\x49\xef\x7f\x01\x00\x00\xff\xff\x64\x2f\xbc\xad\xa9\x13\x00\x00") func corednsYamlBytes() ([]byte, error) { return bindataRead( @@ -232,7 +232,7 @@ func metricsServerMetricsApiserviceYaml() (*asset, error) { return a, nil } -var _metricsServerMetricsServerDeploymentYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xb4\x55\x4f\x6f\xdb\xc8\x0f\xbd\xfb\x53\x10\xfe\x21\xb7\x9f\xe2\x3f\xdd\xb4\x85\x80\x1c\x0c\x5b\xad\x0b\x24\xa9\x61\x39\xbb\xc8\xc9\x98\x8c\xe8\x78\x90\xd1\xcc\x2c\x49\xb9\xd5\x16\xfd\xee\x8b\xb1\x52\x45\x4a\x93\xa2\x8b\xdd\xea\xa0\x03\xf9\xf8\xf8\xf4\x86\x23\x26\x49\x32\x50\xc1\xfc\x8e\xc4\xc6\xbb\x14\x0e\x93\xc1\xbd\x71\x45\x0a\x39\xd2\xc1\x68\x9c\x69\xed\x2b\x27\x83\x12\x45\x15\x4a\x54\x3a\x00\x70\xaa\xc4\x14\x4a\x14\x32\x9a\x13\x46\x3a\x20\x3d\x84\x39\x28\x8d\x29\xdc\x57\xb7\x98\x70\xcd\x82\xe5\xe0\x69\x07\x15\x02\x8f\xda\x36\x0b\x0c\xd6\xd7\x25\xfe\xab\x16\x00\x56\xdd\xa2\xe5\x58\x09\x70\xff\x96\x13\x15\xc2\x77\xe5\x1c\x50\x47\x04\xe1\xc1\x44\x29\x4b\xc3\xe2\xa9\xbe\x30\xa5\x91\x14\xc6\x03\x00\x16\x52\x82\x77\x75\xc3\x23\x75\xc0\x14\xd6\xde\x5a\xe3\xee\xae\x43\xa1\x04\x8f\x71\xea\x46\x1a\x28\x40\xa9\x3e\x5f\x3b\x75\x50\xc6\xaa\x5b\x8b\x29\x4c\x22\x1d\x5a\xd4\xe2\xa9\xc1\x94\x4a\xf4\xfe\xa2\xa3\xf3\x65\xa5\x00\x82\x65\xb0\x2d\x7d\xd7\x99\xf8\xbc\xe0\x4e\x7c\x6c\xaf\xc1\x8f\x5a\x00\x7c\x33\x24\x3e\x81\x8c\x27\x23\xf5\xdc\x2a\xe6\xab\x23\xff\xb0\x71\x37\x71\xbe\xc0\x44\x93\x11\xa3\x95\x1d\x3e\xe0\xb9\x37\x1e\x57\x2f\x0b\x12\x6f\x91\x94\x18\xef\x3a\xaa\x12\xb8\xc7\x3a\x85\xe1\xfc\x81\x75\x56\x14\xde\xf1\x47\x67\xeb\x61\x8b\x01\xf0\x21\x56\x7a\x4a\x61\x98\x7d\x36\x2c\x3c\xfc\x8e\xe0\xa8\x8d\xbc\xc5\xd3\x38\x0f\xe4\x50\x90\x4f\x8d\x1f\x69\xef\x84\xbc\x4d\x82\x55\x0e\x7f\x92\x13\x00\x77\x3b\xd4\x92\xc2\xf0\xca\xe7\x7a\x8f\x45\x65\xf1\xe7\x5b\x96\x8a\x05\xe9\xbf\xe8\x75\xf0\xb6\x2a\xb1\xb5\xeb\x7f\x50\x46\x8f\xc1\x38\x90\x32\x00\x7b\xf8\x84\xa0\x95\x03\x56\x3b\xb4\x35\x54\x8c\xb0\x23\x5f\x26\xac\x29\xce\x18\x98\x52\xdd\x21\x83\x72\xc5\xc8\x13\x10\xaa\x22\xf1\xce\xd6\x10\x4d\x51\xc6\x21\xf1\xe0\xdb\x27\x35\x93\x24\x65\x48\x0a\x43\xad\x3a\x2c\x83\xd4\x0b\x43\x29\x7c\xf9\xfa\x10\x7c\xac\x4d\x9f\x14\x3f\x7b\xea\xd0\x88\x48\x61\x78\xf2\x25\xbf\xc9\x37\xd9\xe5\x76\x91\xbd\x9b\x5d\x5f\x6c\xb6\xeb\xec\xfd\x87\x7c\xb3\xbe\xf9\x7a\x42\xca\xe9\x3d\xd2\xa8\x34\x44\x9e\xb0\x48\xfa\x54\xe9\x61\x7c\xfa\xe6\x74\xfc\x68\x9a\xa2\xbb\xde\x0c\x25\x89\x46\x92\xa8\xfc\x7c\x24\x65\xe8\x65\x18\x75\x45\x98\x04\x4f\x72\x3e\x19\x4f\xcf\xc6\xbd\x6c\x3c\x39\x8b\x92\x04\xc2\x1d\x52\x6c\xad\x8a\x82\x90\x39\x89\x97\x9e\xcf\x4f\xbe\xac\xd6\xd9\xbb\x6c\xbd\xce\x16\xdb\xd9\x62\xb1\xce\xf2\x7c\xbb\xb9\x59\x65\xf9\xd7\x93\x67\x79\x2a\xc6\xe6\x9a\xb0\x28\xa9\xf8\xd8\xb6\x07\x6c\xbe\x2c\x21\x64\x6f\xab\x78\x19\xce\x27\x67\xdc\x43\x88\xe5\x44\x9b\xb0\x47\x4a\xb8\x32\x82\x7c\xbe\xb9\xc8\xb7\xd9\x7c\xb1\xcc\xe2\x3b\x9f\x6d\xff\xf8\xb0\x59\x6e\x67\x59\xbe\x9d\x9e\xbd\xde\xbe\x9f\x5f\x6e\xf3\xe5\xec\xd5\xdb\xdf\xfe\xff\x88\x5b\xff\x14\xea\x09\xdb\x64\xfa\xf6\x1b\x6e\x7a\xf6\xfa\x25\xb6\x17\x51\x1d\xb6\xf9\x72\x36\x5f\xce\xa6\xe3\xed\xea\xe3\xc5\xcd\xe4\xd5\xf8\xec\x39\xb2\xef\x40\xad\x0b\xd1\x9c\x8a\x34\x76\xce\x38\x06\xff\xac\x90\xa5\x17\x03\xd0\xa1\x4a\x61\x32\x1e\x97\xbd\x68\x89\xa5\xa7\x3a\x85\x37\xe3\x4b\xd3\x26\xe2\x51\xf4\xa6\xa6\x99\xda\xbd\x48\xe0\x4e\x75\x3b\xdf\x2b\x4f\x12\xb9\xbb\x23\x13\x7f\x8f\x5e\xbc\xf6\x36\x85\xcd\x7c\xd5\x51\xac\x0a\xe3\x90\x79\x45\xfe\x16\xbb\x12\x23\xfd\x7b\x94\xbe\xea\xa0\x64\x9f\xc2\x28\x56\xd5\x7f\xf5\x33\xc7\xa6\x4f\x35\x01\xb0\xde\x63\x54\xbb\xdc\x6c\x56\x79\x27\x63\x9c\x11\xa3\xec\x02\xad\xaa\x73\xd4\xde\x15\xdc\x6c\xb0\x96\x10\xc9\xf8\xa2\x4d\x4d\x3b\x29\x31\x25\xfa\x4a\xda\xdc\xa4\x93\xe3\x4a\x6b\x64\xde\xec\x09\x79\xef\x6d\xd1\xcf\xee\x94\xb1\x15\x61\x27\xfb\xaa\xcd\x5a\x73\xc0\x7f\xec\x44\x2c\xfa\x05\x46\xbc\xfe\x81\x13\x93\xf1\x2f\xb7\xe2\xf8\xeb\x89\xab\xd4\x3b\xc1\xcf\xd2\x9f\x66\x55\xc4\x2d\xb7\xf6\x5e\xde\x19\x8b\xcd\x86\x4d\x41\xa8\xc2\x2e\xac\x72\x33\xbe\xf2\x2e\xc2\x9e\x4f\x5e\x33\xd2\xf1\x06\x74\x3f\x47\x59\xeb\x3f\xad\xc8\x1c\x8c\xc5\x3b\xcc\x58\x2b\x7b\x5c\xbc\x29\xec\x94\xe5\x47\x8e\x66\xbf\x5c\xc6\xa5\xf2\xcc\xcd\x78\xba\x0c\xa0\x59\x3f\xab\xe6\xc8\xe2\x7f\xf6\xef\x00\x00\x00\xff\xff\x19\x64\x02\x7a\x34\x0a\x00\x00") +var _metricsServerMetricsServerDeploymentYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xb4\x55\x4f\x6f\xdb\xc8\x0f\xbd\xfb\x53\x10\xfe\x21\xb7\x9f\xe2\x3f\xdd\xb4\x85\x80\x1c\x0c\x5b\xad\x0b\x24\xa9\x61\x39\xbb\xc8\xc9\x98\x8c\xe8\x78\x90\xd1\xcc\x2c\x49\xb9\xd5\x16\xfd\xee\x8b\xb1\x52\x45\x4a\x93\xa2\x8b\xdd\xea\xa0\x03\xf9\xf8\xf8\xf4\x86\x23\x26\x49\x32\x50\xc1\xfc\x8e\xc4\xc6\xbb\x14\x0e\x93\xc1\xbd\x71\x45\x0a\x39\xd2\xc1\x68\x9c\x69\xed\x2b\x27\x83\x12\x45\x15\x4a\x54\x3a\x00\x70\xaa\xc4\x14\x4a\x14\x32\x9a\x13\x46\x3a\x20\x3d\x84\x39\x28\x8d\x29\xdc\x57\xb7\x98\x70\xcd\x82\xe5\xe0\x69\x07\x15\x02\x8f\xda\x36\x0b\x0c\xd6\xd7\x25\xfe\xab\x16\x00\x56\xdd\xa2\xe5\x58\x09\x70\xff\x96\x13\x15\xc2\x77\xe5\x1c\x50\x47\x04\xe1\xc1\x44\x29\x4b\xc3\xe2\xa9\xbe\x30\xa5\x91\x14\xc6\x03\x00\x16\x52\x82\x77\x75\xc3\x23\x75\xc0\x14\xd6\xde\x5a\xe3\xee\xae\x43\xa1\x04\x8f\x71\xea\x46\x1a\x28\x40\xa9\x3e\x5f\x3b\x75\x50\xc6\xaa\x5b\x8b\x29\x4c\x22\x1d\x5a\xd4\xe2\xa9\xc1\x94\x4a\xf4\xfe\xa2\xa3\xf3\x65\xa5\x00\x82\x65\xb0\x2d\x7d\xd7\x99\xf8\xbc\xe0\x4e\x7c\x6c\xaf\xc1\x8f\x5a\x00\x7c\x33\x24\x3e\x81\x8c\x27\x23\xf5\xdc\x2a\xe6\xab\x23\xff\xb0\x71\x37\x71\xbe\xc0\x44\x93\x11\xa3\x95\x1d\x3e\xe0\xb9\x37\x1e\x57\x2f\x0b\x12\x6f\x91\x94\x18\xef\x3a\xaa\x12\xb8\xc7\x3a\x85\xe1\xfc\x81\x75\x56\x14\xde\xf1\x47\x67\xeb\x61\x8b\x01\xf0\x21\x56\x7a\x4a\x61\x98\x7d\x36\x2c\x3c\xfc\x8e\xe0\xa8\x8d\xbc\xc5\xd3\x38\x0f\xe4\x50\x90\x4f\x8d\x1f\x69\xef\x84\xbc\x4d\x82\x55\x0e\x7f\x92\x13\x00\x77\x3b\xd4\x92\xc2\xf0\xca\xe7\x7a\x8f\x45\x65\xf1\xe7\x5b\x96\x8a\x05\xe9\xbf\xe8\x75\xf0\xb6\x2a\xb1\xb5\xeb\x7f\x50\x46\x8f\xc1\x38\x90\x32\x00\x7b\xf8\x84\xa0\x95\x03\x56\x3b\xb4\x35\x54\x8c\xb0\x23\x5f\x26\xac\x29\xce\x18\x98\x52\xdd\x21\x83\x72\xc5\xc8\x13\x10\xaa\x22\xf1\xce\xd6\x10\x4d\x51\xc6\x21\xf1\xe0\xdb\x27\x35\x93\x24\x65\x48\x0a\x43\xad\x3a\x2c\x83\xd4\x0b\x43\x29\x7c\xf9\xfa\x10\x7c\xac\x4d\x9f\x14\x3f\x7b\xea\xd0\x88\x48\x61\x78\xf2\x25\xbf\xc9\x37\xd9\xe5\x76\x91\xbd\x9b\x5d\x5f\x6c\xb6\xeb\xec\xfd\x87\x7c\xb3\xbe\xf9\x7a\x42\xca\xe9\x3d\xd2\xa8\x34\x44\x9e\xb0\x48\xfa\x54\xe9\x61\x7c\xfa\xe6\x74\xfa\x68\x9a\xa2\xbb\xde\x0c\x25\x89\x46\x92\xa8\xfc\x7c\x24\x65\xe8\x65\x18\x75\x45\x98\x04\x4f\x72\x3e\x19\x4f\xcf\xc6\xbd\x6c\x3c\x39\x8b\x92\x04\xc2\x1d\x52\x6c\xad\x8a\x82\x90\x39\x89\x97\x9e\xcf\x4f\xbe\xac\xd6\xd9\xbb\x6c\xbd\xce\x16\xdb\xd9\x62\xb1\xce\xf2\x7c\xbb\xb9\x59\x65\xf9\xd7\x93\x67\x79\x2a\xc6\xe6\x9a\xb0\x28\xa9\xf8\xd8\xb6\x07\x6c\xbe\x2c\x21\x64\x6f\xab\x78\x19\xce\x27\x67\xdc\x43\x88\xe5\x44\x9b\xb0\x47\x4a\xb8\x32\x82\x7c\xbe\xb9\xc8\xb7\xd9\x7c\xb1\xcc\xe2\x3b\x9f\x6d\xff\xf8\xb0\x59\x6e\x67\x59\xbe\x9d\x9e\xbd\xde\xbe\x9f\x5f\x6e\xf3\xe5\xec\xd5\xdb\xdf\xfe\xff\x88\x5b\xff\x14\xea\x09\xdb\x64\xfa\xf6\x1b\x6e\x7a\xf6\xfa\x25\xb6\x17\x51\x1d\xb6\xf9\x72\x36\x5f\xce\xa6\xe3\xed\xea\xe3\xc5\xcd\xe4\xd5\xf8\xec\x39\xb2\xef\x40\xad\x0b\xd1\x9c\x8a\x34\x76\xce\x38\x06\xff\xac\x90\xa5\x17\x03\xd0\xa1\x4a\x61\x32\x1e\x97\xbd\x68\x89\xa5\xa7\x3a\x85\x37\xe3\x4b\xd3\x26\xe2\x51\xf4\xa6\xa6\x99\xda\xbd\x48\xe0\x4e\x75\x3b\xdf\x2b\x4f\x12\xb9\xbb\x23\x13\x7f\x8f\x5e\xbc\xf6\x36\x85\xcd\x7c\xd5\x51\xac\x0a\xe3\x90\x79\x45\xfe\x16\xbb\x12\x23\xfd\x7b\x94\xbe\xea\xa0\x64\x9f\xc2\x28\x56\xd5\x7f\xf5\x33\xc7\xa6\x4f\x35\x01\xb0\xde\x63\x54\xbb\xdc\x6c\x56\x79\x27\x63\x9c\x11\xa3\xec\x02\xad\xaa\x73\xd4\xde\x15\xdc\x6c\xb0\x96\x10\xc9\xf8\xa2\x4d\x4d\x3b\x29\x31\x25\xfa\x4a\xda\xdc\xa4\x93\xe3\x4a\x6b\x64\xde\xec\x09\x79\xef\x6d\xd1\xcf\xee\x94\xb1\x15\x61\x27\xfb\xaa\xcd\x5a\x73\xc0\x7f\xec\x44\x2c\xfa\x05\x46\xbc\xfe\x81\x13\x93\xf1\x2f\xb7\xe2\xf8\xeb\x89\xab\xd4\x3b\xc1\xcf\xd2\x9f\x66\x55\xc4\x2d\xb7\xf6\x5e\xde\x19\x8b\xcd\x86\x4d\x41\xa8\xc2\x2e\xac\x72\x33\xbe\xf2\x2e\xc2\x9e\x4f\x5e\x33\xd2\xf1\x06\x74\x3f\x47\x59\xeb\x3f\xad\xc8\x1c\x8c\xc5\x3b\xcc\x58\x2b\x7b\x5c\xbc\x29\xec\x94\xe5\x47\x8e\x66\xbf\x5c\xc6\xa5\xf2\xcc\xcd\x78\xba\x0c\xa0\x59\x3f\xab\xe6\xc8\xe2\x7f\xf6\xef\x00\x00\x00\xff\xff\x73\x53\x17\xa1\x34\x0a\x00\x00") func metricsServerMetricsServerDeploymentYamlBytes() ([]byte, error) { return bindataRead( @@ -332,7 +332,7 @@ func runtimesYaml() (*asset, error) { return a, nil } -var _traefikYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xb4\x91\xd1\x6f\xd3\x30\x10\xc6\xdf\xf3\x57\x9c\x22\xf5\x09\x39\xe9\x86\x10\x53\xde\x4a\x97\xc1\x04\x8c\xa9\xe9\x40\x7b\xaa\x5c\xfb\xda\x58\x75\x6c\xeb\x7c\xa9\x08\x63\xff\x3b\x72\xdb\x6d\x9d\x04\x02\x21\x78\x4b\xce\x77\xbf\xef\xee\xfb\x84\x10\x99\x0c\xe6\x33\x52\x34\xde\x55\xd0\xa2\xed\x0a\x25\x99\x2d\x16\xc6\x97\xdb\x93\x6c\x63\x9c\xae\xe0\x1d\xda\x6e\xda\x4a\xe2\xac\x43\x96\x5a\xb2\xac\x32\x00\x27\x3b\xac\x80\x49\xe2\xca\x6c\x84\x22\x7d\xa8\xc5\x20\x15\x56\xb0\xe9\x97\x28\xe2\x10\x19\xbb\x2c\x06\x54\x69\x44\x25\x48\x05\x2d\x73\x88\x55\x59\x8e\xee\xde\xdf\xbc\xa9\x67\x57\xf5\xbc\x6e\x16\x93\xeb\xcb\xfb\x51\x19\x59\xb2\x51\xe5\xae\x31\x96\x47\x70\x71\xfa\xaa\x18\x17\x2f\x5f\xf4\x61\xf7\x31\x2e\x78\xfd\x2d\xfb\x87\x07\xfc\xbf\xe5\x7f\xb6\x38\x40\x44\x4e\x50\x80\xb5\xf5\x4b\x69\x8b\xbd\xd8\x39\xae\x64\x6f\x79\x86\x6b\x13\x99\x86\x0a\xf2\xd1\x5d\x73\xdb\xcc\xeb\x8f\x8b\xf3\xfa\x62\x72\xf3\x61\xbe\x98\xd5\x6f\x2f\x9b\xf9\xec\x76\x31\x9b\x7c\xb9\x1f\xe5\x19\xc0\x56\xda\x1e\xe3\xd4\x3b\x46\xc7\x15\x7c\x17\x3b\xae\xc6\x60\xfd\xd0\xa5\xd2\xee\x1f\x20\x78\x3d\x71\xce\xa7\x25\xbd\x8b\x0f\x55\x80\x40\xbe\x43\x6e\xb1\x8f\xc9\xb4\xe0\xd3\x95\xf9\xd9\xf8\xec\x34\xff\x45\x4b\x54\x24\x03\x56\x90\x33\xf5\xb8\x6f\x0a\xe4\xb7\x46\x23\x3d\x62\x93\x83\xe4\x90\x31\x5e\xba\x35\x61\x3c\xd6\xeb\x97\xd6\xc4\x16\x75\x83\xb4\x35\x0a\x9f\x5e\x00\xd0\xc9\xa5\x45\x9d\x62\xe9\xf1\x40\x36\x9e\x0c\x0f\x53\x2b\x63\xbc\xda\x45\x96\xef\xcd\x12\xca\xf6\x91\x91\x84\x22\xc3\x46\x49\xbb\x5f\xc5\x74\x72\xfd\xc8\x24\x0c\x3e\x1a\xf6\x3b\x2f\x49\x3a\xd5\x22\x95\x9d\x21\xf2\x84\x5a\x58\xb3\x24\x49\x83\x38\x44\xf5\x70\x2f\xcb\x75\x05\xf9\x69\x71\x32\x2e\x5e\xef\x6b\xec\x2d\xd2\xb1\x6f\x02\x36\x98\x90\xd3\x83\xf4\x44\x6b\xef\xe2\x27\x67\x87\x07\x88\x0f\x69\xc2\x53\x05\x79\xfd\xd5\x44\x8e\xf9\xb3\x41\xe7\x35\x0a\xf2\x16\x8b\x27\xa7\x92\xb7\xca\x3b\x26\x6f\x45\xb0\xd2\xe1\x6f\x58\x00\xb8\x5a\xa1\x4a\x71\x5d\xf9\x46\xb5\xa8\x7b\x8b\x7f\x26\xd3\xc9\xe4\xdc\xdf\xf3\xe3\xf3\xe8\x4c\xb8\x90\x9d\xb1\xc3\xb5\xb7\x46\x25\xdd\x6b\xc2\x15\xd2\x79\x2f\x6d\xc3\x52\x6d\xf2\xec\x47\x00\x00\x00\xff\xff\x8b\x2f\x7c\x7b\x6c\x04\x00\x00") +var _traefikYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xb4\x91\x5f\x6b\xdb\x4a\x10\xc5\xdf\xf5\x29\x06\x81\x9f\x2e\x2b\x25\xb9\x5c\x08\x7a\xf3\x75\x94\x7b\x43\xdb\x34\x58\x4e\x4b\x9e\xcc\x78\x35\xb6\x16\xaf\x76\x97\xd9\x91\xa9\x9a\xe6\xbb\x97\xb5\x9d\x7f\xd0\xd2\x52\xda\x37\x69\x76\xe6\x77\x66\xce\x51\x4a\x65\x18\xcc\x07\xe2\x68\xbc\xab\xa0\x23\xdb\x17\x1a\x45\x2c\x15\xc6\x97\xbb\xd3\x6c\x6b\x5c\x5b\xc1\xff\x64\xfb\x59\x87\x2c\x59\x4f\x82\x2d\x0a\x56\x19\x80\xc3\x9e\x2a\x10\x46\x5a\x9b\xad\xd2\xdc\x1e\x6b\x31\xa0\xa6\x0a\xb6\xc3\x8a\x54\x1c\xa3\x50\x9f\xc5\x40\x3a\x8d\xe8\x04\xa9\xa0\x13\x09\xb1\x2a\xcb\xc9\xfd\x9b\xdb\x7f\xeb\xf9\x75\xbd\xa8\x9b\xe5\xf4\xe6\xea\x61\x52\x46\x41\x31\xba\xdc\x37\xc6\xf2\x05\x5c\x9d\xfd\x53\x9c\x14\x7f\xff\x35\x84\xfd\xc7\x49\x21\x9b\xcf\xd9\x6f\x3c\xe0\xcf\x2d\xff\xad\xc5\x01\x22\x49\x82\x02\x6c\xac\x5f\xa1\x2d\x0e\x62\x17\xb4\xc6\xc1\xca\x9c\x36\x26\x0a\x8f\x15\xe4\x93\xfb\xe6\xae\x59\xd4\xef\x96\x17\xf5\xe5\xf4\xf6\xed\x62\x39\xaf\xff\xbb\x6a\x16\xf3\xbb\xe5\x7c\xfa\xf1\x61\x92\x67\x00\x3b\xb4\x03\xc5\x99\x77\x42\x4e\x2a\xf8\xa2\xf6\xdc\x96\x82\xf5\x63\x9f\x4a\xfb\x7f\x80\xe0\xdb\xa9\x73\x3e\x2d\xe9\x5d\x7c\xac\x02\x04\xf6\x3d\x49\x47\x43\x4c\xa6\x05\x9f\xae\xcc\xcf\x4f\xce\xcf\xf2\xef\xb4\x44\xcd\x18\xa8\x82\x5c\x78\xa0\x43\x53\x60\xbf\x33\x2d\xf1\x13\x36\x39\xc8\x8e\x84\xe2\x95\xdb\x30\xc5\x97\x7a\xc3\xca\x9a\xd8\x51\xdb\x10\xef\x8c\xa6\xe7\x17\x00\x72\xb8\xb2\xd4\xa6\x58\x06\x3a\x92\x8d\x67\x23\xe3\xcc\x62\x8c\xd7\xfb\xc8\xf2\x83\x59\x4a\xdb\x21\x0a\xb1\xd2\x6c\xc4\x68\xb4\x87\x55\x4c\x8f\x9b\x27\x26\x53\xf0\xd1\x88\xdf\x7b\xc9\xe8\x74\x47\x5c\xf6\x86\xd9\x33\xb5\xca\x9a\x15\x23\x8f\xea\x18\xd5\xe3\xbd\x82\x9b\x0a\xf2\xb3\xe2\xf4\xb4\x38\x3f\xd4\xc4\x5b\xe2\x97\xbe\x29\xd8\x52\x42\xce\x8e\xd2\xd3\xb6\xf5\x2e\xbe\x77\x76\x7c\x84\xf8\x90\x26\x3c\x57\x90\xd7\x9f\x4c\x94\x98\xbf\x1a\x74\xbe\x25\xc5\xde\x52\xf1\xec\x54\xf2\x56\x7b\x27\xec\xad\x0a\x16\x1d\xfd\x80\x05\x40\xeb\x35\xe9\x14\xd7\xb5\x6f\x74\x47\xed\x60\xe9\xe7\x64\x7a\x4c\xce\xfd\x3a\x3f\xbe\x8e\xce\x84\x4b\xec\x8d\x1d\x6f\xbc\x35\x3a\xe9\xde\x30\xad\x89\x2f\x06\xb4\x8d\xa0\xde\xe6\xd9\xd7\x00\x00\x00\xff\xff\x08\x20\xb6\x86\x6c\x04\x00\x00") func traefikYamlBytes() ([]byte, error) { return bindataRead( diff --git a/pkg/server/cert.go b/pkg/server/cert.go index 79524ca73100..14039f853c44 100644 --- a/pkg/server/cert.go +++ b/pkg/server/cert.go @@ -49,7 +49,7 @@ func caCertReplaceHandler(server *config.Control) http.HandlerFunc { // the datastore. If the functions succeeds, servers should be restarted immediately to load the new certs // from the bootstrap data. func caCertReplace(server *config.Control, buf io.ReadCloser, force bool) error { - tmpdir, err := os.MkdirTemp("", "cacerts") + tmpdir, err := os.MkdirTemp(server.DataDir, ".rotate-ca-tmp-") if err != nil { return err } @@ -94,10 +94,19 @@ func validateBootstrap(oldServer, newServer *config.Control) error { // Use reflection to iterate over all of the bootstrap fields, checking files at each of the new paths. oldMeta := reflect.ValueOf(&oldServer.Runtime.ControlRuntimeBootstrap).Elem() newMeta := reflect.ValueOf(&newServer.Runtime.ControlRuntimeBootstrap).Elem() + fields := []reflect.StructField{} + for _, field := range reflect.VisibleFields(oldMeta.Type()) { - oldVal := oldMeta.FieldByName(field.Name) - newVal := newMeta.FieldByName(field.Name) + // Only handle bootstrap fields tagged for rotation + if field.Tag.Get("rotate") != "true" { + continue + } + fields = append(fields, field) + } + // first pass: use the existing file if the new file does not exist or is empty + for _, field := range fields { + newVal := newMeta.FieldByName(field.Name) info, err := os.Stat(newVal.String()) if err != nil && !errors.Is(err, fs.ErrNotExist) { errs = append(errs, errors.Wrap(err, field.Name)) @@ -106,20 +115,29 @@ func validateBootstrap(oldServer, newServer *config.Control) error { if info == nil || info.Size() == 0 { if newVal.CanSet() { - logrus.Infof("certificate: %s not provided; using current value", field.Name) + oldVal := oldMeta.FieldByName(field.Name) + logrus.Infof("certificate: %s not provided; using current value %s", field.Name, oldVal) newVal.Set(oldVal) } else { errs = append(errs, fmt.Errorf("cannot use current data for %s; field is not settable", field.Name)) } } + } + + // second pass: validate file contents + for _, field := range fields { + oldVal := oldMeta.FieldByName(field.Name) + newVal := newMeta.FieldByName(field.Name) + // Check CA chain consistency and cert/key agreement if strings.HasSuffix(field.Name, "CA") { if err := validateCA(oldVal.String(), newVal.String()); err != nil { errs = append(errs, errors.Wrap(err, field.Name)) } newKeyVal := newMeta.FieldByName(field.Name + "Key") - if err := validateCAKey(newVal.String(), newKeyVal.String()); err != nil { + oldKeyVal := oldMeta.FieldByName(field.Name + "Key") + if err := validateCAKey(oldVal.String(), oldKeyVal.String(), newVal.String(), newKeyVal.String()); err != nil { errs = append(errs, errors.Wrap(err, field.Name+"Key")) } } @@ -139,6 +157,11 @@ func validateBootstrap(oldServer, newServer *config.Control) error { } func validateCA(oldCAPath, newCAPath string) error { + // Skip validation if old values are being reused + if oldCAPath == newCAPath { + return nil + } + oldCerts, err := certutil.CertsFromFile(oldCAPath) if err != nil { return err @@ -150,7 +173,7 @@ func validateCA(oldCAPath, newCAPath string) error { } if len(newCerts) == 1 { - return errors.New("new CA is self-signed") + return errors.New("new CA bundle contains only a single certificate but should include root or intermediate CA certificates") } roots := x509.NewCertPool() @@ -183,7 +206,12 @@ func validateCA(oldCAPath, newCAPath string) error { } // validateCAKey confirms that the private key is valid for the certificate -func validateCAKey(newCAPath, newCAKeyPath string) error { +func validateCAKey(oldCAPath, oldCAKeyPath, newCAPath, newCAKeyPath string) error { + // Skip validation if old values are being reused + if oldCAPath == newCAPath && oldCAKeyPath == newCAKeyPath { + return nil + } + _, err := tls.LoadX509KeyPair(newCAPath, newCAKeyPath) if err != nil { err = errors.Wrap(err, "new CA cert and key cannot be loaded as X590KeyPair") diff --git a/scripts/airgap/image-list.txt b/scripts/airgap/image-list.txt index 02240eee0cbf..88e592e17441 100644 --- a/scripts/airgap/image-list.txt +++ b/scripts/airgap/image-list.txt @@ -1,8 +1,8 @@ -docker.io/rancher/klipper-helm:v0.8.4-build20240523 +docker.io/rancher/klipper-helm:v0.9.2-build20240828 docker.io/rancher/klipper-lb:v0.4.9 docker.io/rancher/local-path-provisioner:v0.0.28 -docker.io/rancher/mirrored-coredns-coredns:1.10.1 +docker.io/rancher/mirrored-coredns-coredns:1.11.3 docker.io/rancher/mirrored-library-busybox:1.36.1 -docker.io/rancher/mirrored-library-traefik:2.10.7 -docker.io/rancher/mirrored-metrics-server:v0.7.0 +docker.io/rancher/mirrored-library-traefik:2.11.8 +docker.io/rancher/mirrored-metrics-server:v0.7.2 docker.io/rancher/mirrored-pause:3.6 diff --git a/scripts/tag-image-latest b/scripts/tag-image-latest new file mode 100755 index 000000000000..a462347e8a8b --- /dev/null +++ b/scripts/tag-image-latest @@ -0,0 +1,15 @@ +#!/bin/bash +set -e + +cd $(dirname $0)/.. + +. ./scripts/version.sh + +TAG=${TAG:-${VERSION_TAG}${SUFFIX}} +REPO=${REPO:-rancher} +IMAGE_NAME=${IMAGE_NAME:-k3s} + +IMAGE=${REPO}/${IMAGE_NAME}:${TAG} +LATEST=${REPO}/${IMAGE_NAME}:latest +docker image tag ${IMAGE} ${LATEST} +echo Tagged ${IMAGE} as ${LATEST}