Repository: flannel-io/flannel Branch: master Commit: 37203fabbeaf Files: 175 Total size: 687.0 KB Directory structure: gitextract_7j0sgt1x/ ├── .dockerignore ├── .github/ │ ├── ISSUE_TEMPLATE.md │ ├── PULL_REQUEST_TEMPLATE.md │ ├── dependabot.yml │ ├── stale.yml │ └── workflows/ │ ├── build.yaml │ ├── codeql-analysis.yml │ ├── e2eTests.yaml │ ├── golangci-lint.yaml │ ├── k3s-e2eTests.yml │ ├── release.yml │ ├── scorecard.yml │ └── trivy.yml ├── .gitignore ├── ACTIVITY_SUMMARY_2025.md ├── CONTRIBUTING.md ├── DCO ├── Documentation/ │ ├── adrs/ │ │ └── add-nftables-implementation.md │ ├── backends.md │ ├── building.md │ ├── configuration.md │ ├── extension.md │ ├── integrations.md │ ├── kube-flannel.yml │ ├── kubernetes.md │ ├── kustomization/ │ │ └── kube-flannel/ │ │ ├── kube-flannel.yml │ │ └── kustomization.yaml │ ├── minikube.yml │ ├── netpol.md │ ├── reporting_bugs.md │ ├── reservations.md │ ├── running.md │ ├── tencentcloud-vpc-backend.md │ ├── troubleshooting.md │ └── upgrade.md ├── LICENSE ├── Makefile ├── OWNERS ├── README.md ├── SECURITY.md ├── chart/ │ ├── README.md │ └── kube-flannel/ │ ├── .helmignore │ ├── Chart.yaml │ ├── templates/ │ │ ├── config.yaml │ │ ├── daemonset.yaml │ │ ├── rbac.yaml │ │ └── serviceaccount.yaml │ ├── tests/ │ │ └── daemonset_test.yaml │ └── values.yaml ├── code-of-conduct.md ├── dist/ │ ├── extension-hostgw │ ├── extension-vxlan │ ├── extension-wireguard │ ├── fake-node.yaml │ ├── functional-test-k8s.sh │ ├── functional-test.sh │ ├── ipsec │ ├── license-check.sh │ ├── mk-docker-opts.sh │ ├── mk-docker-opts_tests.sh │ ├── sample_subnet.env │ ├── snap/ │ │ ├── README.md │ │ └── snapcraft.yaml │ ├── test/ │ │ ├── ca-config.json │ │ ├── ca-csr.json │ │ ├── ca-key.pem │ │ ├── ca.csr │ │ ├── ca.pem │ │ ├── client-key.pem │ │ ├── client.csr │ │ ├── client.json │ │ ├── client.pem │ │ ├── member1.json │ │ ├── server-key.pem │ │ ├── server.csr │ │ ├── server.json │ │ └── server.pem │ └── wireguard ├── e2e/ │ ├── Dockerfile │ ├── docker-compose.yml │ ├── download-kubectl.sh │ ├── e2e-functions.sh │ ├── get-kubeconfig.sh │ ├── run-e2e-tests.sh │ └── version.sh ├── go.mod ├── go.sum ├── images/ │ ├── Dockerfile │ └── iperf3/ │ ├── Dockerfile │ └── Makefile ├── main.go └── pkg/ ├── backend/ │ ├── alloc/ │ │ └── alloc.go │ ├── common.go │ ├── extension/ │ │ ├── extension.go │ │ └── extension_network.go │ ├── hostgw/ │ │ ├── hostgw.go │ │ └── hostgw_windows.go │ ├── ipip/ │ │ ├── ipip.go │ │ └── ipip_windows.go │ ├── ipsec/ │ │ ├── handle_charon.go │ │ ├── handle_xfrm.go │ │ ├── ipsec.go │ │ ├── ipsec_network.go │ │ └── ipsec_windows.go │ ├── manager.go │ ├── route_network.go │ ├── route_network_test.go │ ├── route_network_windows.go │ ├── simple_network.go │ ├── tencentvpc/ │ │ ├── tencentvpc.go │ │ └── tencentvpc_windows.go │ ├── udp/ │ │ ├── cproxy_amd64.go │ │ ├── proxy_amd64.c │ │ ├── proxy_amd64.h │ │ ├── udp.go │ │ ├── udp_amd64.go │ │ ├── udp_network.go │ │ ├── udp_network_amd64.go │ │ └── udp_windows.go │ ├── vxlan/ │ │ ├── device.go │ │ ├── device_windows.go │ │ ├── vxlan.go │ │ ├── vxlan_network.go │ │ ├── vxlan_network_windows.go │ │ └── vxlan_windows.go │ └── wireguard/ │ ├── device.go │ ├── wireguard.go │ ├── wireguard_network.go │ └── wireguard_windows.go ├── ip/ │ ├── endianess.go │ ├── iface.go │ ├── iface_test.go │ ├── iface_windows.go │ ├── iface_windows_test.go │ ├── ip6net.go │ ├── ip6net_test.go │ ├── ipnet.go │ ├── ipnet_test.go │ └── tun.go ├── ipmatch/ │ ├── match.go │ └── match_test.go ├── lease/ │ └── lease.go ├── mac/ │ ├── mac.go │ └── mac_test.go ├── ns/ │ └── ns.go ├── powershell/ │ └── powershell.go ├── retry/ │ └── retry.go ├── routing/ │ ├── router.go │ ├── router_windows.go │ └── router_windows_test.go ├── subnet/ │ ├── config.go │ ├── config_test.go │ ├── etcd/ │ │ ├── local_manager.go │ │ ├── mock_registry.go │ │ ├── mock_subnet.go │ │ ├── rand.go │ │ ├── registry.go │ │ ├── registry_test.go │ │ └── subnet_test.go │ ├── kube/ │ │ ├── annotations.go │ │ ├── annotations_test.go │ │ ├── kube.go │ │ └── kube_test.go │ ├── subnet.go │ └── subnet_test.go ├── trafficmngr/ │ ├── iptables/ │ │ ├── iptables.go │ │ ├── iptables_restore.go │ │ ├── iptables_restore_test.go │ │ ├── iptables_test.go │ │ └── iptables_windows.go │ ├── nftables/ │ │ ├── nftables.go │ │ ├── nftables_windows.go │ │ └── utils.go │ └── trafficmngr.go └── version/ └── version.go ================================================ FILE CONTENTS ================================================ ================================================ FILE: .dockerignore ================================================ dist/*.aci dist/*.docker dist/*.tar.gz .git vendor ================================================ FILE: .github/ISSUE_TEMPLATE.md ================================================ ## Expected Behavior ## Current Behavior ## Possible Solution ## Steps to Reproduce (for bugs) 1. 2. 3. 4. ## Context ## Your Environment * Flannel version: * Backend used (e.g. vxlan or udp): * Etcd version: * Kubernetes version (if used): * Operating System and version: * Link to your project (optional): ================================================ FILE: .github/PULL_REQUEST_TEMPLATE.md ================================================ ## Description ## Todos - [ ] Tests - [ ] Documentation - [ ] Release note ## Release Note ```release-note None required ``` ================================================ FILE: .github/dependabot.yml ================================================ # To get started with Dependabot version updates, you'll need to specify which # package ecosystems to update and where the package manifests are located. # Please see the documentation for all configuration options: # https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file version: 2 updates: - package-ecosystem: "docker" directory: "images" schedule: interval: "weekly" - package-ecosystem: "gomod" directory: "/" schedule: interval: "weekly" groups: k8s: patterns: [ "k8s.io/*", "sigs.k8s.io/*" ] update-types: [ "major", "minor", "patch" ] etcd: patterns: [ "go.etcd.io/*" ] update-types: [ "major", "minor", "patch" ] tencent: patterns: [ "github.com/tencentcloud/*" ] update-types: [ "major", "minor", "patch" ] other-go-modules: patterns: [ "*" ] exclude-patterns: - "k8s.io/*" - "sigs.k8s.io/*" - "go.etcd.io/*" - "github.com/tencentcloud/*" - package-ecosystem: "github-actions" directory: "/" schedule: interval: "weekly" - package-ecosystem: docker directory: /e2e schedule: interval: daily - package-ecosystem: docker directory: /images schedule: interval: daily - package-ecosystem: docker directory: /images/iperf3 schedule: interval: daily ================================================ FILE: .github/stale.yml ================================================ # Number of days of inactivity before an issue becomes stale daysUntilStale: 180 # Number of days of inactivity before a stale issue is closed daysUntilClose: 21 # Issues with these labels will never be considered stale exemptLabels: - pinned - security # Label to use when marking an issue as stale staleLabel: wontfix # Comment to post when marking an issue as stale. Set to `false` to disable markComment: > This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. # Comment to post when closing a stale issue. Set to `false` to disable closeComment: false ================================================ FILE: .github/workflows/build.yaml ================================================ name: build flannel on: pull_request env: GO_VERSION: "1.24" LINUX_ARCHES: "amd64 arm arm64 s390x ppc64le riscv64" REPOSITORY: flannel/flannel permissions: contents: read jobs: build-images: runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: set tag run: echo "GIT_TAG=$(git describe --tags --always)" >> $GITHUB_ENV - name: Set up Go 1.x uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 #v6.3.0 with: go-version: ${{ env.GO_VERSION }} - name: go mod vendor run: go mod vendor - name: Set up Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd #v4.0.0 - name: Docker meta id: meta uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf #v6.0.0 with: images: ${{ env.REPOSITORY }} flavor: latest=false tags: | type=ref, event=branch - name: Build multi-arch Docker image uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 #v6.15.0 with: context: . file: images/Dockerfile push: false platforms: linux/amd64,linux/arm64,linux/arm,linux/s390x,linux/ppc64le,linux/riscv64 tags: ${{ steps.meta.outputs.tags }} build-args: TAG=${{ env.GIT_TAG }} - name: build for windows run: make dist/flanneld.exe ================================================ FILE: .github/workflows/codeql-analysis.yml ================================================ # For most projects, this workflow file will not need changing; you simply need # to commit it to your repository. # # You may wish to alter this file to override the set of languages analyzed, # or to provide custom queries or build logic. # # ******** NOTE ******** # We have attempted to detect the languages in your repository. Please check # the `language` matrix defined below to confirm you have the correct set of # supported CodeQL languages. # name: "CodeQL" on: pull_request: # The branches below must be a subset of the branches above branches: [ "master" ] schedule: - cron: '30 20 * * 0' env: GO_VERSION: "1.24" permissions: contents: read jobs: analyze: name: Analyze runs-on: ubuntu-latest permissions: actions: read contents: read security-events: write strategy: fail-fast: false matrix: language: [ 'go' ] # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: Set up Go 1.x uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 #v6.3.0 with: go-version: ${{ env.GO_VERSION }} # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 #v4.32.6 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. # By default, queries listed here will override any specified in a config file. # Prefix the list here with "+" to use these queries and those in the config file. # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs # queries: security-extended,security-and-quality # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun # If the Autobuild fails above, remove it and uncomment the following three lines. # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. - run: | echo "Run, Build Application using script" make dist/flanneld - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98 #v4.32.6 ================================================ FILE: .github/workflows/e2eTests.yaml ================================================ name: e2e tests for flannel on: pull_request permissions: contents: read jobs: e2e-test: name: test runs-on: ubuntu-latest timeout-minutes: 90 steps: - name: Set up Go 1.x uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 #v6.3.0 with: go-version: ^1.24 - name: Check out code into the Go module directory uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: set up modules run: sudo modprobe br_netfilter overlay - name: Run tests id: testing continue-on-error: true run: git fetch --unshallow --all --tags && make test 2>&1 > errors.txt - name: Show additional logs if: steps.testing.outcome != 'success' run: | cat errors.txt exit 1 ================================================ FILE: .github/workflows/golangci-lint.yaml ================================================ name: run golangci-lint on: pull_request permissions: contents: read jobs: golangci: permissions: contents: read # for actions/checkout to fetch code pull-requests: read # for golangci/golangci-lint-action to fetch pull requests name: lint runs-on: ubuntu-latest steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 #v6.3.0 with: go-version: "1.24" cache: false - name: golangci-lint uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 #v9.2.0 with: version: v2.7.2 args: "--timeout=5m" ================================================ FILE: .github/workflows/k3s-e2eTests.yml ================================================ name: k3s e2e tests for flannel on: pull_request env: ARCH: amd64 GO_VERSION: "1.24" KUBECONFIG: ${HOME}/.kube/config permissions: contents: read jobs: k3s-e2e-tests: name: test runs-on: ubuntu-latest timeout-minutes: 90 steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: Set up Go 1.x uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 #v6.3.0 with: go-version: ${{ env.GO_VERSION }} - name: set up modules run: sudo modprobe br_netfilter overlay - name: build flannel image run: make image - name: run e2e tests with k3s run: make k3s-e2e-test ================================================ FILE: .github/workflows/release.yml ================================================ name: release flannel and upload docker images on: release: types: [published] env: GO_VERSION: "1.24" LINUX_ARCHES: "amd64 arm arm64 s390x ppc64le riscv64" REPOSITORY: flannel/flannel IMAGE_NAME: flannel-io/flannel REGISTRY: ghcr.io permissions: contents: read jobs: build-and-push-images: runs-on: ubuntu-latest permissions: contents: read packages: write steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: set tag run: echo "GIT_TAG=$(git describe --tags --always)" >> $GITHUB_ENV - name: Set up Go 1.x uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 #v6.3.0 with: go-version: ${{ env.GO_VERSION }} - name: go mod vendor run: go mod vendor - name: Set up QEMU uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a #v4.0.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd #v4.0.0 - name: Docker meta id: meta uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf #v6.0.0 with: images: ${{ env.REPOSITORY }} flavor: latest=false tags: | type=ref,event=tag - name: Log in to Docker Hub if: github.repository_owner == 'flannel-io' && success() uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 #v4.0.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Build and push Docker image if: github.repository_owner == 'flannel-io' && success() uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 #v7.0.0 with: context: . file: images/Dockerfile push: true platforms: linux/amd64,linux/arm64,linux/arm,linux/s390x,linux/ppc64le,linux/riscv64 tags: ${{ steps.meta.outputs.tags }} build-args: TAG=${{ env.GIT_TAG }} build-and-push-images-github-registry: runs-on: ubuntu-latest permissions: contents: read packages: write attestations: write id-token: write steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: set tag run: echo "GIT_TAG=$(git describe --tags --always)" >> $GITHUB_ENV - name: Set up Go 1.x uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 #v6.3.0 with: go-version: ${{ env.GO_VERSION }} - name: go mod vendor run: go mod vendor - name: Set up QEMU uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a #v4.0.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd #v4.0.0 - name: Log in to the Container registry uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 #v4.0.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Extract metadata (tags, labels) for Docker id: meta uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf #v6.0.0 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - name: Build and push Docker image id: push uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 #v7.0.0 with: context: . file: images/Dockerfile push: true platforms: linux/amd64,linux/arm64,linux/arm,linux/s390x,linux/ppc64le,linux/riscv64 tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-args: TAG=${{ env.GIT_TAG }} - name: Generate artifact attestation uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 #v4.1.0 with: subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} subject-digest: ${{ steps.push.outputs.digest }} push-to-registry: true build-and-push-artifacts: runs-on: ubuntu-latest permissions: contents: write packages: write steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: set tag run: echo "GIT_TAG=$(git describe --tags --always)" >> $GITHUB_ENV - name: Set up Go 1.x uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 #v6.3.0 with: go-version: ${{ env.GO_VERSION }} - name: go mod vendor run: go mod vendor - name: Set up QEMU uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a #v4.0.0 - name: Build release artifacts run: make release - name: Upload flannel binaries to the release page env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: gh release upload ${{ env.GIT_TAG }} dist/flannel* publish-chart: permissions: contents: write packages: write pages: write # to deploy to Pages id-token: write # to verify the deployment originates from an appropriate source environment: name: github-pages url: ${{ steps.deployment.outputs.page_url }} needs: build-and-push-images runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: set tag run: echo "GIT_TAG=$(git describe --tags --always)" >> $GITHUB_ENV - name: Package chart run: make release-manifest release-helm - name: Upload chart and manifests to the release page env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: gh release upload ${{ env.GIT_TAG }} dist/flannel.tgz dist/kube-flannel.yml - name: Setup Pages uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b #v5.0.0 - name: Upload artifact uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b #v4.0.0 with: path: 'chart/' - name: Deploy to GitHub Pages id: deployment uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e #v4.0.5 ================================================ FILE: .github/workflows/scorecard.yml ================================================ # This workflow uses actions that are not certified by GitHub. They are provided # by a third-party and are governed by separate terms of service, privacy # policy, and support documentation. name: Scorecard supply-chain security on: # For Branch-Protection check. Only the default branch is supported. See # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection branch_protection_rule: # To guarantee Maintained check is occasionally updated. See # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained schedule: - cron: '19 11 * * 3' push: branches: [ "master" ] # Declare default permissions as read only. permissions: read-all jobs: analysis: name: Scorecard analysis runs-on: ubuntu-latest # `publish_results: true` only works when run from the default branch. conditional can be removed if disabled. if: github.event.repository.default_branch == github.ref_name || github.event_name == 'pull_request' permissions: # Needed to upload the results to code-scanning dashboard. security-events: write # Needed to publish results and get a badge (see publish_results below). id-token: write # Uncomment the permissions below if installing in a private repository. # contents: read # actions: read steps: - name: "Checkout code" uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: "Run analysis" uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3 with: results_file: results.sarif results_format: sarif # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: # - you want to enable the Branch-Protection check on a *public* repository, or # - you are installing Scorecard on a *private* repository # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional. # repo_token: ${{ secrets.SCORECARD_TOKEN }} # Public repositories: # - Publish results to OpenSSF REST API for easy access by consumers # - Allows the repository to include the Scorecard badge. # - See https://github.com/ossf/scorecard-action#publishing-results. # For private repositories: # - `publish_results` will always be set to `false`, regardless # of the value entered here. publish_results: true # (Optional) Uncomment file_mode if you have a .gitattributes with files marked export-ignore # file_mode: git # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: SARIF file path: results.sarif retention-days: 5 # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 with: sarif_file: results.sarif ================================================ FILE: .github/workflows/trivy.yml ================================================ # This workflow uses actions that are not certified by GitHub. # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. name: Vulnerability scan on: pull_request: # The branches below must be a subset of the branches above branches: [ "master" ] schedule: - cron: '34 5 * * 2' env: GO_VERSION: "1.24" REPOSITORY: flannel/flannel permissions: contents: read jobs: build: permissions: contents: read # for actions/checkout to fetch code security-events: write # for github/codeql-action/upload-sarif to upload SARIF results name: Build runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - name: Set up Go 1.x uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 #v6.3.0 with: go-version: ${{ env.GO_VERSION }} - name: Build an image from Dockerfile run: | ARCH=amd64 TAG=${{ github.sha }} make image - name: Run Trivy vulnerability scanner in tarball mode uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 #v0.35.0 with: input: ./dist/flanneld-${{ github.sha }}-amd64.docker severity: 'CRITICAL,HIGH' format: 'sarif' output: 'trivy-results.sarif' - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 with: sarif_file: 'trivy-results.sarif' ================================================ FILE: .gitignore ================================================ dist/*.tar.gz dist/flanneld* dist/*.docker dist/here.txt dist/flannel_oci.tar cover.out .editorconfig .idea/ default.etcd/ flannel.exe bash_unit dist/qemu-* .vscode/* vendor/* e2e/scratch/* e2e/kube-flannel.yml ================================================ FILE: ACTIVITY_SUMMARY_2025.md ================================================ # Flannel Repository Activity Summary - 2025 ## Overview This document provides a comprehensive summary of the flannel-io/flannel repository activity during the year 2025. --- ## 📊 Key Statistics ### Releases - **Total Releases in 2025:** 10 - **Release Details:** 1. v0.26.3 - January 8, 2025 2. v0.26.4 - February 4, 2025 3. v0.26.5 - March 6, 2025 4. v0.26.6 - April 8, 2025 5. v0.26.7 - April 15, 2025 6. v0.27.0 - June 4, 2025 7. v0.27.1 - July 10, 2025 8. v0.27.2 - July 21, 2025 9. v0.27.3 - September 1, 2025 10. v0.27.4 - October 2, 2025 ### Pull Requests - **Total PRs Merged in 2025:** 111 ### Issues - **Total Issues Created in 2025:** 40 - **Total Issues Resolved in 2025:** 52 --- ## 👥 Most Active Contributors (by PRs merged in 2025) | Rank | Contributor | PRs Merged | |------|-------------|------------| | 1 | dependabot[bot] | 54 | | 2 | thomasferrandiz | 20 | | 3 | rbrtbnfgl | 10 | | 4 | pratikjagrut | 2 | | 5 | lilioid | 2 | | 6 | tyholling | 1 | | 7 | sudheerv | 1 | | 8 | philips | 1 | | 9 | pgonin | 1 | | 10 | np-13 | 1 | *Note: Dependabot automated dependency updates account for approximately 49% of merged PRs.* --- ## 📈 Activity Highlights - **Release Cadence:** The project maintained a consistent release schedule with 10 releases throughout the year, averaging about 1 release per month. - **Version Progress:** The project progressed from v0.26.x to v0.27.x series during 2025. - **Issue Resolution Rate:** 52 issues were resolved while 40 new issues were created, showing a positive net resolution (130% resolution rate). - **PR Activity:** 111 PRs were merged, demonstrating active development and maintenance. - **Automation:** Dependabot contributed significantly to keeping dependencies up to date with 54 automated PRs. - **Human Contributors:** Excluding automated contributions, the top human contributors were thomasferrandiz (20 PRs) and rbrtbnfgl (10 PRs). --- ## 🔍 Summary The flannel repository showed healthy activity in 2025 with: - Consistent release schedule (10 releases) - Active maintenance (111 PRs merged) - Positive issue resolution trend (52 resolved vs 40 created) - Strong community contributions from both automated tooling and human maintainers - Two major contributors (thomasferrandiz and rbrtbnfgl) leading the development efforts --- *Report generated on: January 21, 2026* *Data source: GitHub API via flannel-io/flannel repository* ================================================ FILE: CONTRIBUTING.md ================================================ # How to Contribute CoreOS projects are [Apache 2.0 licensed](LICENSE) and accept contributions via GitHub pull requests. This document outlines some of the conventions on development workflow, commit message formatting, contact points and other resources to make it easier to get your contribution accepted. # Certificate of Origin By contributing to this project you agree to the Developer Certificate of Origin (DCO). This document was created by the Linux Kernel community and is a simple statement that you, as a contributor, have the legal right to make the contribution. See the [DCO](DCO) file for details. ## Getting Started - Fork the repository on GitHub - Read the [README](README.md) for build and test instructions - Play with the project, submit bugs, submit patches! ## Contribution Flow This is a rough outline of what a contributor's workflow looks like: - Create a topic branch from where you want to base your work (usually master). - Make commits of logical units. - Make sure your commit messages are in the proper format (see below). - Push your changes to a topic branch in your fork of the repository. - Make sure the tests pass, and add any new tests as appropriate. - Submit a pull request to the original repository. Thanks for your contributions! ### Format of the Commit Message We follow a rough convention for commit messages that is designed to answer two questions: what changed and why. The subject line should feature the what and the body of the commit should describe the why. ``` scripts: add the test-cluster command this uses tmux to setup a test cluster that you can easily kill and start for debugging. Fixes #38 ``` The format can be described more formally as follows: ``` :