v1.28.X
Upgrade Notice
Before upgrading from earlier releases, be sure to read the Kubernetes Urgent Upgrade Notes.
Release v1.28.9+k3s1
This release updates Kubernetes to v1.28.9, and fixes a number of issues.
For more details on what's new, see the Kubernetes release notes.
Changes since v1.28.8+k3s1:
- Add a new error when kine is with disable apiserver or disable etcd (#9804)
- Remove old pinned dependencies (#9827)
- Transition from deprecated pointer library to ptr (#9824)
- Golang caching and E2E ubuntu 23.10 (#9821)
- Add tls for kine (#9849)
- Bump spegel to v0.0.20-k3s1 (#9880)
- Backports for 2024-04 release cycle (#9911)
- Send error response if member list cannot be retrieved
- The k3s stub cloud provider now respects the kubelet's requested provider-id, instance type, and topology labels
- Fix error when image has already been pulled
- Add /etc/passwd and /etc/group to k3s docker image
- Fix etcd snapshot reconcile for agentless servers
- Add health-check support to loadbalancer
- Add certificate expiry check, events, and metrics
- Add workaround for containerd hosts.toml bug when passing config for default registry endpoint
- Add supervisor cert/key to rotate list
- The embedded containerd has been bumped to v1.7.15
- The embedded cri-dockerd has been bumped to v0.3.12
- The
k3s etcd-snapshot
command has been reworked for improved consistency. All snapshots operations are now performed by the server process, with the CLI acting as a client to initiate and report results. As a side effect, the CLI is now less noisy when managing snapshots. - Improve etcd load-balancer startup behavior
- Actually fix agent certificate rotation
- Traefik has been bumped to v2.10.7.
- Traefik pod annotations are now set properly in the default chart values.
- The system-default-registry value now supports RFC2732 IPv6 literals.
- The local-path provisioner now defaults to creating
local
volumes, instead ofhostPath
.
- Allow LPP to read helper logs (#9938)
- Update kube-router to v2.1.0 (#9942)
- Update to v1.28.9-k3s1 and Go 1.21.9 (#9959)
- Fix on-demand snapshots timing out; not honoring folder (#9994)
- Make /db/info available anonymously from localhost (#10002)
Release v1.28.8+k3s1
This release updates Kubernetes to v1.28.8, and fixes a number of issues.
For more details on what's new, see the Kubernetes release notes.
Changes since v1.28.7+k3s1:
- Add an integration test for flannel-backend=none (#9608)
- Install and Unit test backports (#9641)
- Update klipper-lb image version (#9605)
- Chore(deps): Remediating CVE-2023-45142 CVE-2023-48795 (#9647)
- Adjust first node-ip based on configured clusterCIDR (#9631)
- Improve tailscale e2e test (#9653)
- Backports for 2024-03 release cycle (#9669)
- Fix: use correct wasm shims names
- The embedded flannel cni-plugin binary is now built and versioned separate from the rest of the cni plugins and the embedded flannel controller.
- Bump spegel to v0.0.18-k3s3
- Adds wildcard registry support
- Fixes issue with excessive CPU utilization while waiting for containerd to start
- Add env var to allow spegel mirroring of latest tag
- Tweak netpol node wait logs
- Fix coredns NodeHosts on dual-stack clusters
- Bump helm-controller/klipper-helm versions
- Fix snapshot prune
- Fix issue with etcd node name missing hostname
- Rootless mode should also bind service nodePort to host for LoadBalancer type, matching UX of rootful mode.
- To enable raw output for the
check-config
subcommand, you may now set NO_COLOR=1 - Fix additional corner cases in registries handling
- Bump metrics-server to v0.7.0
- K3s will now warn and suppress duplicate entries in the mirror endpoint list for a registry. Containerd does not support listing the same endpoint multiple times as a mirror for a single upstream registry.
- Docker and E2E Test Backports (#9707)
- Fix wildcard entry upstream fallback (#9733)
- Update to v1.28.8-k3s1 and Go 1.21.8 (#9746)