Kubernetes v1.36 is out!
Kubernetes 1.36 has officially landed! Following our continuous commitment to providing a lightweight yet production-grade Kubernetes distribution, the K3s team and community have put together another incredible milestone release. Here is what's new in the world of K3s.
Key Features and Improvements ✨
Core Storage Evolution: etcd 3.6 & SQLite Upgrades 💾
We have officially upgraded our bundled etcd to the v3.6 series. While this brings large performance improvements and memory optimizations upstream, it introduces a critically important caveat for administrators running High Availability (HA) clusters: etcd v3.6 changes the data directory structure, which prevents a clean downgrade to v3.5 once your cluster has updated. If you ever need to rollback a v1.36 cluster to v1.35, you must follow specific manual snapshot restoration and node cleaning procedures. Be sure to review our dedicated migration guide before upgrading production environments.
Revolutionizing Builds with the Nix Snapshotter ❄️
In an exciting move for reproducibility and declarative environments, K3s now includes native support for the Nix snapshotter plugin. This integration allows users to leverage Nix store paths directly as container layers, opening the door for blazingly fast image provisioning and native NixOS container deployments within K3s clusters.
Streamlined Runtimes: Default Imports to Containerd Base Templates 🏗️
Customizing your container runtime configuration just got much easier. K3s now supports importing containerd configuration drop-ins. This architectural change allows administrators to modularly add configuration snippets that add to or replace configuration from the base file without having to extend or replace the entire default configuration template.
Dynamic Security: Secrets Encryption for Existing Clusters 🔐
Security is never static, and neither should your cluster configuration be. Historically, enabling at-rest Secrets Encryption required setting it up during the initial cluster bootstrapping phase. With v1.36, you can now enable secrets encryption on existing clusters without needing to recreate them, making it vastly easier to harden legacy deployments. You can also switch between encryption providers - both aescbc and secretbox are natively supported.
AI & Hardware Acceleration: Containerd 2.2 with NRI Support 🚀
We have bumped our embedded container runtime to Containerd 2.2, which introduces out-of-the-box support for the Node Resource Interface (NRI). This is a game-changer for clusters running edge AI and heavy GPU workloads, enabling cleaner integration with the NVIDIA Container Toolkit and runtime-level device management.
Language & API Stability: Go 1.25 & Gateway API CRDs 🤝
K3s continues to pull in the latest performance and toolchain enhancements by building on Go 1.25. Additionally, we have adjusted our ingress defaults: if you choose to disable or remove the built-in Traefik ingress controller, K3s will now keep the Gateway API CRDs intact instead of cleaning them up. This ensures your custom ingress infrastructure won't break during adjustments, paving the way for bundled Gateway API CRDs coming natively in v1.37.
Bug Fixes and Notable Changes 🛠️
As always, we’ve ironed out numerous bugs under the hood. Here are the most impactful fixes included in this release:
-
Resilience & etcd Cluster Hardening This release eliminates critical race conditions during cluster expansion to guarantee that slow-responding nodes register reliably during initialization. It also patches edge-case bootstrap data bugs, allowing the cluster to recover quorum and reconcile smoothly even after sudden multi-node power failures. Finally, the process for transferring voting rights during dynamic member upgrades has been refined, successfully eliminating transient API timeouts.
-
Core Networking & Logic Fixes To improve storage reliability, we resolved a subtle network synchronization issue that previously caused metric deadlocks during simultaneous multi-volume attachments. Additionally, internal certificate rotation tracking has been significantly hardened to prevent nodes from entering continuous reload loops if the system time is modified. K3s also resolves private dual-stack registration anomalies, eliminating unexpected node join delays in mixed IPv4/IPv6 topologies.
Version Bumps for Key Components 🚀
| Component | New Version |
|---|---|
| Kine | v0.14.14 |
| SQLite | v3.51.2 |
| Etcd | v3.6.7 |
| Containerd | v2.2.2 |
| Runc | v1.4.1 |
| Flannel | v0.28.2 |
| Metrics-server | v0.8.1 |
| Traefik | v3.6.10 |
| Coredns | v1.14.2 |
| Helm-controller | v0.16.17 |
| Local-path-provisioner | v0.0.35 |
Special Thanks to Our Contributors 🙏
We are incredibly grateful to our community members who contributed key improvements, rigorous testing, and code during this cycle. A massive thank you to:
@Ada, @CharlieTonnesla, @DT1mote, @FabianoFidêncio, @JonHermansen, @MichaelMoll, @RahulRai, @RicardoNoriega, @TomRisse, and @zijiren
Your passion and hard work are what push K3s forward!
Join our Adopters list 💎
If K3s is making your life easier, the best way to say "thanks" is to add your company to our official Adopters list. It’s a tiny gesture that carries a lot of weight for the project's health and visibility within the CNCF ecosystem. We are currently working hard to get our 'status' inside the CNCF to progress and showing a large list of Adopters would help tremendously.
The task is easy: create a PR that adds your name in https://github.com/k3s-io/k3s/blob/main/ADOPTERS.md.
Thanks a lot!