[release-1.34] Backports for 2026-03#13790
Merged
brandond merged 24 commits intok3s-io:release-1.34from Mar 12, 2026
Merged
Conversation
Add imports to the generated containerd config so containerd loads drop-in TOML files: config.toml.d for v2, config-v3.toml.d for v3 (e.g. /var/lib/rancher/k3s/agent/etc/containerd/config.toml.d and /var/lib/rancher/k3s/agent/etc/containerd/config-v3.toml.d). Also fix the v3 header comment to say config-v3.toml.tmpl instead of config.toml.tmpl. Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com> (cherry picked from commit b51167a) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Add support for the "nix" snapshotter, which enables running container images built with nix2container. Nix images reference store paths directly, avoiding layer tarballs and enabling deduplication through the nix store. Changes: - Register nix-snapshotter as a builtin containerd plugin - Add NixSupported() validation (checks nix-store is in PATH) - Configure nix-snapshotter image service proxy in V2/V3 templates with containerd_address for CRI image operations - Add Transfer service unpack_config with differ=walking for multi-arch support - Use containerd state dir for socket path (rootless compatible) - Disable NRI in rootless mode to prevent bind failures Usage: k3s server --snapshotter nix Signed-off-by: Ada <ada@6bit.com> Co-Authored-By: Joshua Perry <josh@6bit.com> Signed-off-by: Ada <ada@6bit.com> (cherry picked from commit de59b63) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Docker-based integration test that verifies nix-snapshotter works with k3s. The test builds a nix hello image, starts k3s with --snapshotter nix, pulls the image via nix:0 ref, and runs it as a pod, verifying "Hello, world!" output. Signed-off-by: Ada <ada@6bit.com> Co-Authored-By: Joshua Perry <josh@6bit.com> Signed-off-by: Ada <ada@6bit.com> (cherry picked from commit 20c02ed) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
etcd.setName was being called during managed driver creation, even if the managed driver (etcd) is not in use. Let etcd.Register handle calling setName. Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 8908d5f) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 7 to 8. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v7...v8) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> (cherry picked from commit 45bdf9c) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Bumps [actions/stale](https://github.com/actions/stale) from 10.1.1 to 10.2.0. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@v10.1.1...v10.2.0) --- updated-dependencies: - dependency-name: actions/stale dependency-version: 10.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> (cherry picked from commit d648c8c) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.33.1 to 0.34.1. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@0.33.1...0.34.1) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-version: 0.34.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> (cherry picked from commit 7563007) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Bumps [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) from 5 to 6. - [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases) - [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md) - [Commits](aws-actions/configure-aws-credentials@v5...v6) --- updated-dependencies: - dependency-name: aws-actions/configure-aws-credentials dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> (cherry picked from commit 340623b) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.2.1 to 2.5.0. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](softprops/action-gh-release@v2.2.1...v2.5.0) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-version: 2.5.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> (cherry picked from commit 669bb79) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 6ffcd77) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Made with ❤️️ by updatecli (cherry picked from commit 64207c3) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 3acf8db) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 270484f) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
mux is replaced with a simple wrapper around http.ServeMux with middleware chain support Unfortunately github.com/rootless-containers/rootlesskit/pkg/parent still uses it so we can't drop the indirect dep yet. Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 3f5eec4) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Bumps [DeterminateSystems/nix-installer-action](https://github.com/determinatesystems/nix-installer-action) from 17 to 21. - [Release notes](https://github.com/determinatesystems/nix-installer-action/releases) - [Commits](DeterminateSystems/nix-installer-action@v17...v21) --- updated-dependencies: - dependency-name: DeterminateSystems/nix-installer-action dependency-version: '21' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> (cherry picked from commit de13a64) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6 to 7. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v6...v7) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> (cherry picked from commit be7e63d) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3 to 4. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@v3...v4) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> (cherry picked from commit 3975a57) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Bumps [docker/setup-docker-action](https://github.com/docker/setup-docker-action) from 4 to 5. - [Release notes](https://github.com/docker/setup-docker-action/releases) - [Commits](docker/setup-docker-action@v4...v5) --- updated-dependencies: - dependency-name: docker/setup-docker-action dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> (cherry picked from commit 7cd9814) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Bumps [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) from 1.39.0 to 1.40.0. - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.39.0...v1.40.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel/sdk dependency-version: 1.40.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> (cherry picked from commit f8c5291) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Bumps [github.com/docker/cli](https://github.com/docker/cli) from 28.3.2+incompatible to 29.2.0+incompatible. - [Commits](docker/cli@v28.3.2...v29.2.0) --- updated-dependencies: - dependency-name: github.com/docker/cli dependency-version: 29.2.0+incompatible dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> (cherry picked from commit 74ad4d3) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Bumps [github.com/pion/dtls/v3](https://github.com/pion/dtls) from 3.0.6 to 3.0.11. - [Release notes](https://github.com/pion/dtls/releases) - [Commits](pion/dtls@v3.0.6...v3.0.11) --- updated-dependencies: - dependency-name: github.com/pion/dtls/v3 dependency-version: 3.0.11 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> (cherry picked from commit 36785d1) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
… not set Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit f4bb1e6) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com> (cherry picked from commit 509562e) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## release-1.34 #13790 +/- ##
================================================
+ Coverage 21.78% 22.34% +0.56%
================================================
Files 191 193 +2
Lines 15541 15615 +74
================================================
+ Hits 3385 3489 +104
+ Misses 11705 11647 -58
- Partials 451 479 +28
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
vitorsavian
approved these changes
Mar 12, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Proposed Changes
Backports:
Types of Changes
Backports
Verification
See linked issues
Testing
Linked Issues
CVE-2026-22184#13839User-Facing Change
Further Comments