v1.26.X
Before upgrading from earlier releases, be sure to read the Kubernetes Urgent Upgrade Notes.
Release v1.26.15+k3s1
This release updates Kubernetes to v1.26.15, and fixes a number of issues.
For more details on what's new, see the Kubernetes release notes.
Changes since v1.26.14+k3s1:
- Update klipper-lb image version (#9607)
- Install and Unit test backports (#9645)
- Adjust first node-ip based on configured clusterCIDR (#9633)
- Add an integration test for flannel-backend=none (#9610)
- Improve tailscale e2e test (#9655)
- Backports for 2024-03 release cycle (#9692)
- Fix: use correct wasm shims names
- The embedded flannel cni-plugin binary is now built and versioned separate from the rest of the cni plugins and the embedded flannel controller.
- Bump spegel to v0.0.18-k3s3
- Adds wildcard registry support
- Fixes issue with excessive CPU utilization while waiting for containerd to start
- Add env var to allow spegel mirroring of latest tag
- Tweak netpol node wait logs
- Fix coredns NodeHosts on dual-stack clusters
- Bump helm-controller/klipper-helm versions
- Fix snapshot prune
- Fix issue with etcd node name missing hostname
- Rootless mode should also bind service nodePort to host for LoadBalancer type, matching UX of rootful mode.
- To enable raw output for the
check-config
subcommand, you may now set NO_COLOR=1 - Fix additional corner cases in registries handling
- Bump metrics-server to v0.7.0
- K3s will now warn and suppress duplicate entries in the mirror endpoint list for a registry. Containerd does not support listing the same endpoint multiple times as a mirror for a single upstream registry.
- Fix wildcard entry upstream fallback (#9735)
- Update to v1.26.15-k3s1 and Go 1.21.8 (#9740)
Release v1.26.14+k3s1
This release updates Kubernetes to v1.26.14, and fixes a number of issues.
For more details on what's new, see the Kubernetes release notes.
Changes since v1.26.13+k3s2:
- Chore: bump Local Path Provisioner version (#9428)
- Bump cri-dockerd to fix compat with Docker Engine 25 (#9292)
- Auto Dependency Bump (#9421)
- Runtimes refactor using exec.LookPath (#9429)
- Directories containing runtimes need to be included in the $PATH environment variable for effective runtime detection.
- Changed how lastHeartBeatTime works in the etcd condition (#9423)
- Allow executors to define containerd and docker behavior (#9252)
- Update Kube-router to v2.0.1 (#9406)
- Backports for 2024-02 release cycle (#9464)
- Bump flannel version + remove multiclustercidr (#9409)
- Enable longer http timeout requests (#9446)
- Test_UnitApplyContainerdQoSClassConfigFileIfPresent (#9442)
- Support PR testing installs (#9471)
- Update Kubernetes to v1.26.14 (#9490)
- Fix drone publish for arm (#9510)
- Remove failing Drone step (#9514)
- Restore original order of agent startup functions (#9547)
- Fix netpol startup when flannel is disabled (#9580)
Release v1.26.13+k3s2
This release updates Kubernetes to v1.26.13, and fixes a number of issues.
For more details on what's new, see the Kubernetes release notes.
Important Notes
Addresses the runc CVE: CVE-2024-21626 by updating runc to v1.1.12.
Changes since v1.26.12+k3s1:
- Add a retry around updating a secrets-encrypt node annotations (#9123)
- Added support for env *_PROXY variables for agent loadbalancer (#9116)
- Wait for taint to be gone in the node before starting the netpol controller (#9177)
- Etcd condition (#9183)
- Backports for 2024-01 (#9212)
- Move proxy dialer out of init() and fix crash (#9221)
- Pin opa version for missing dependency chain (#9218)
- Etcd node is nil (#9230)
- Update to v1.26.13 and Go 1.20.13 (#9262)
- Use
ipFamilyPolicy: RequireDualStack
for dual-stack kube-dns (#9271) - Backports for 2024-01 k3s2 (#9338)
- Bump runc to v1.1.12 and helm-controller to v0.15.7
- Fix handling of bare hostname or IP as endpoint address in registries.yaml
- Bump helm-controller to fix issue with ChartContent (#9348)
Release v1.26.12+k3s1
This release updates Kubernetes to v1.26.12, and fixes a number of issues.
For more details on what's new, see the Kubernetes release notes.
Changes since v1.26.11+k3s2:
- Runtimes backport (#9014)
- Added runtime classes for wasm/nvidia/crun
- Added default runtime flag for containerd
- Bump containerd/runc to v1.7.10-k3s1/v1.1.10 (#8964)
- Fix overlapping address range (#9019)
- Allow setting default-runtime on servers (#9028)
- Bump containerd to v1.7.11 (#9042)
- Update to v1.26.12-k3s1 (#9077)
Release v1.26.11+k3s2
This release updates Kubernetes to v1.26.11, and fixes a number of issues.
For more details on what's new, see the Kubernetes release notes.
Changes since v1.26.10+k3s2:
- Etcd status condition (#8820)
- Backports for 2023-11 release (#8879)
- New timezone info in Docker image allows the use of
spec.timeZone
in CronJobs - Bumped kine to v0.11.0 to resolve issues with postgres and NATS, fix performance of watch channels under heavy load, and improve compatibility with the reference implementation.
- Containerd may now be configured to use rdt or blockio configuration by defining
rdt_config.yaml
orblockio_config.yaml
files. - Add agent flag disable-apiserver-lb, agent will not start load balance proxy.
- Improved ingress IP ordering from ServiceLB
- Disable helm CRD installation for disable-helm-controller
- Omit snapshot list configmap entries for snapshots without extra metadata
- Add jitter to client config retry to avoid hammering servers when they are starting up
- New timezone info in Docker image allows the use of
- Add warning for removal of multiclustercidr flag (#8760)
- Handle nil pointer when runtime core is not ready in etcd (#8888)
- Improve dualStack log (#8829)
- Bump dynamiclistener; reduce snapshot controller log spew (#8903)
- Bumped dynamiclistener to address a race condition that could cause a server to fail to sync its certificates into the Kubernetes secret
- Reduced etcd snapshot log spam during initial cluster startup
- Fix etcd snapshot S3 issues (#8938)
- Don't apply S3 retention if S3 client failed to initialize
- Don't request metadata when listing S3 snapshots
- Print key instead of file path in snapshot metadata log message
- Update to v1.26.11 and Go to 1.20.11 (#8922)
- Remove s390x (#9000)
Release v1.26.10+k3s2
This release updates Kubernetes to v1.26.10, and fixes a number of issues.
For more details on what's new, see the Kubernetes release notes.
Changes since v1.26.10+k3s1:
- Fix SystemdCgroup in templates_linux.go (#8766)
- Fixed an issue with identifying additional container runtimes
- Update traefik chart to v25.0.0 (#8776)
- Update traefik to fix registry value (#8790)
Release v1.26.10+k3s1
This release updates Kubernetes to v1.26.10, and fixes a number of issues.
For more details on what's new, see the Kubernetes release notes.
Changes since v1.26.9+k3s1:
- Fix error reporting (#8412)
- Add context to flannel errors (#8420)
- Testing Backports for September (#8300)
- Include the interface name in the error message (#8436)
- Update kube-router (#8444)
- Add extraArgs to tailscale (#8465)
- Added error when cluster reset while using server flag (#8456)
- The user will receive a error when --cluster-reset with the --server flag
- Cluster reset from non bootstrap nodes (#8453)
- Fix spellcheck problem (#8510)
- Take IPFamily precedence based on order (#8505)
- Network defaults are duplicated, remove one (#8552)
- Advertise address integration test (#8517)
- System agent push tags fix (#8570)
- Fixed tailscale node IP dualstack mode in case of IPv4 only node (#8559)
- Server Token Rotation (#8577)
- Users can now rotate the server token using
k3s token rotate -t <OLD_TOKEN> --new-token <NEW_TOKEN>
. After command succeeds, all server nodes must be restarted with the new token.
- Users can now rotate the server token using
- Clear remove annotations on cluster reset (#8590)
- Fixed an issue that could cause k3s to attempt to remove members from the etcd cluster immediately following a cluster-reset/restore, if they were queued for removal at the time the snapshot was taken.
- Use IPv6 in case is the first configured IP with dualstack (#8598)
- Backports for 2023-10 release (#8616)
- E2E Domain Drone Cleanup (#8583)
- Update kube-router package in build script (#8635)
- Add etcd-only/control-plane-only server test and fix control-plane-only server crash (#8643)
- Use
version.Program
not K3s in token rotate logs (#8655) - Windows agent support (#8647)
- Add --image-service-endpoint flag (#8279) (#8663)
- Add
--image-service-endpoint
flag to specify an external image service socket.
- Add
- Backport etcd fixes (#8691)
- Re-enable etcd endpoint auto-sync
- Manually requeue configmap reconcile when no nodes have reconciled snapshots
- Update to v1.26.10 and Go to v1.20.10 (#8680)
- Fix s3 snapshot restore (#8734)
Release v1.26.9+k3s1
This release updates Kubernetes to v1.26.9, and fixes a number of issues.
For more details on what's new, see the Kubernetes release notes.
Changes since v1.26.8+k3s1:
- Bump kine to v0.10.3 (#8325)
- Update to v1.26.9 and go to v1.20.8 (#8357)
- Bump embedded containerd to v1.7.6
- Bump embedded stargz-snapshotter plugin to latest
- Fixed intermittent drone CI failures due to race conditions in test environment setup scripts
- Fixed CI failures due to changes to api discovery changes in Kubernetes 1.28