v1.28.X
Before upgrading from earlier releases, be sure to read the Kubernetes Urgent Upgrade Notes.
Release v1.28.14+k3s1
This release updates Kubernetes to v1.28.14, and fixes a number of issues.
For more details on what's new, see the Kubernetes release notes.
Changes since v1.28.13+k3s1:
- Testing Backports for 2024-09 (#10804)
- Update to newer OS images for install testing
- Fix caching name for e2e vagrant box
- Fix deploy latest commit on E2E tests
- DRY E2E Upgrade test setup
- Cover edge case when on new minor release for E2E upgrade test
- Update CNI plugins version (#10820)
- Backports for 2024-09 (#10845)
- Fix hosts.toml header var (#10874)
- Update to v1.28.14-k3s1 and Go 1.22.6 (#10884)
- Update Kubernetes to v1.28.14-k3s2 (#10907)
Release v1.28.13+k3s1
This release updates Kubernetes to v1.28.13, and fixes a number of issues.
For more details on what's new, see the Kubernetes release notes.
Changes since v1.28.12+k3s1:
- Fixing setproctitle function (#10624)
- Bump docker/docker to v24.0.10-0.20240723193628-852759a7df45 (#10651)
- Backports for 2024-08 release cycle (#10666)
- Use pagination when listing large numbers of resources
- Fix multiple issues with servicelb
- Remove deprecated use of wait. functions
- Wire lasso metrics up to metrics endpoint
- Backports for August 2024 (#10673)
- Bump containerd to v1.7.20 (#10662)
- Add tolerations support for DaemonSet pods (#10705)
- New Feature: Users can now define Kubernetes tolerations for ServiceLB DaemonSet directly in the
svccontroller.k3s.cattle.io/tolerations
annotation on services.
- New Feature: Users can now define Kubernetes tolerations for ServiceLB DaemonSet directly in the
- Update to v1.28.13-k3s1 and Go 1.22.5 (#10719)
Release v1.28.12+k3s1
This release updates Kubernetes to v1.28.12, and fixes a number of issues.
For more details on what's new, see the Kubernetes release notes.
Changes since v1.28.11+k3s2:
- Backports for 2024-07 release cycle (#10499)
- Bump k3s-root to v0.14.0
- Bump github.com/hashicorp/go-retryablehttp from 0.7.4 to 0.7.7
- Bump Local Path Provisioner version
- Ensure remotedialer kubelet connections use kubelet bind address
- Chore: Bump Trivy version
- Add etcd s3 config secret implementation
- July Test Backports (#10509)
- Update to v1.28.12-k3s1 and Go 1.22.5 (#10541)
- Fix issues loading data-dir value from env vars or dropping config files (#10598)
Release v1.28.11+k3s2
This release updates Kubernetes to v1.28.11, and fixes a number of issues.
For more details on what's new, see the Kubernetes release notes.
Changes since v1.28.11+k3s1:
- Update flannel to v0.25.4 and fixed issue with IPv6 mask (#10428)
Release v1.28.11+k3s1
This release updates Kubernetes to v1.28.11, and fixes a number of issues.
For more details on what's new, see the Kubernetes release notes.
Changes since v1.28.10+k3s1:
- Replace deprecated ruby function (#10090)
- Fix bug when using tailscale config by file (#10144)
- Bump flannel version to v0.25.2 (#10221)
- Update kube-router version to v2.1.2 (#10182)
- Improve tailscale test & add extra log in e2e tests (#10213)
- Backports for 2024-06 release cycle (#10258)
- Add WithSkipMissing to not fail import on missing blobs
- Use fixed stream server bind address for cri-dockerd
- Switch stargz over to cri registry config_path
- Bump to containerd v1.7.17, etcd v3.5.13
- Bump spegel version
- Fix issue with externalTrafficPolicy: Local for single-stack services on dual-stack nodes
- ServiceLB now sets the priorityClassName on svclb pods to
system-node-critical
by default. This can be overridden on a per-service basis via thesvccontroller.k3s.cattle.io/priorityclassname
annotation. - Bump minio-go to v7.0.70
- Bump kine to v0.11.9 to fix pagination
- Update valid resolv conf
- Add missing kernel config check
- Symlinked sub-directories are now respected when scanning Auto-Deploying Manifests (AddOns)
- Fix bug: allow helm controller set owner reference
- Bump klipper-helm image for tls secret support
- Fix issue with k3s-etcd informers not starting
--Enable-pprof
can now be set on agents to enable the debug/pprof endpoints. When set, agents will listen on the supervisor port.--Supervisor-metrics
can now be set on servers to enable serving internal metrics on the supervisor endpoint; when set agents will listen on the supervisor port.- Fix netpol crash when node remains tainted uninitialized
- The embedded load-balancer will now fall back to trying all servers with health-checks ignored, if all servers have been marked unavailable due to failed health checks.
- More backports for 2024-06 release cycle (#10289)
- Add snapshot retention etcd-s3-folder fix (#10315)
- Add test for
isValidResolvConf
(#10302) (#10331) - Fix race condition panic in loadbalancer.nextServer (#10323)
- Fix typo, use
rancher/permissions
(#10299) - Update Kubernetes to v1.28.11 (#10347)
- Fix agent supervisor port using apiserver port instead (#10355)
- Fix issue that allowed multiple simultaneous snapshots to be allowed (#10377)
Release v1.28.10+k3s1
This release updates Kubernetes to v1.28.10, and fixes a number of issues.
For more details on what's new, see the Kubernetes release notes.
Changes since v1.28.9+k3s1:
- Bump E2E opensuse leap to 15.6, fix btrfs test (#10095)
- Windows changes (#10114)
- Update to v1.28.10-k3s1 (#10098)
Release v1.28.9+k3s1
This release updates Kubernetes to v1.28.9, and fixes a number of issues.
For more details on what's new, see the Kubernetes release notes.
Changes since v1.28.8+k3s1:
- Add a new error when kine is with disable apiserver or disable etcd (#9804)
- Remove old pinned dependencies (#9827)
- Transition from deprecated pointer library to ptr (#9824)
- Golang caching and E2E ubuntu 23.10 (#9821)
- Add tls for kine (#9849)
- Bump spegel to v0.0.20-k3s1 (#9880)
- Backports for 2024-04 release cycle (#9911)
- Send error response if member list cannot be retrieved
- The k3s stub cloud provider now respects the kubelet's requested provider-id, instance type, and topology labels
- Fix error when image has already been pulled
- Add /etc/passwd and /etc/group to k3s docker image
- Fix etcd snapshot reconcile for agentless servers
- Add health-check support to loadbalancer
- Add certificate expiry check, events, and metrics
- Add workaround for containerd hosts.toml bug when passing config for default registry endpoint
- Add supervisor cert/key to rotate list
- The embedded containerd has been bumped to v1.7.15
- The embedded cri-dockerd has been bumped to v0.3.12
- The
k3s etcd-snapshot
command has been reworked for improved consistency. All snapshots operations are now performed by the server process, with the CLI acting as a client to initiate and report results. As a side effect, the CLI is now less noisy when managing snapshots. - Improve etcd load-balancer startup behavior
- Actually fix agent certificate rotation
- Traefik has been bumped to v2.10.7.
- Traefik pod annotations are now set properly in the default chart values.
- The system-default-registry value now supports RFC2732 IPv6 literals.
- The local-path provisioner now defaults to creating
local
volumes, instead ofhostPath
.
- Allow LPP to read helper logs (#9938)
- Update kube-router to v2.1.0 (#9942)
- Update to v1.28.9-k3s1 and Go 1.21.9 (#9959)
- Fix on-demand snapshots timing out; not honoring folder (#9994)
- Make /db/info available anonymously from localhost (#10002)
Release v1.28.8+k3s1
This release updates Kubernetes to v1.28.8, and fixes a number of issues.
For more details on what's new, see the Kubernetes release notes.
Changes since v1.28.7+k3s1:
- Add an integration test for flannel-backend=none (#9608)
- Install and Unit test backports (#9641)
- Update klipper-lb image version (#9605)
- Chore(deps): Remediating CVE-2023-45142 CVE-2023-48795 (#9647)
- Adjust first node-ip based on configured clusterCIDR (#9631)
- Improve tailscale e2e test (#9653)
- Backports for 2024-03 release cycle (#9669)
- Fix: use correct wasm shims names
- The embedded flannel cni-plugin binary is now built and versioned separate from the rest of the cni plugins and the embedded flannel controller.
- Bump spegel to v0.0.18-k3s3
- Adds wildcard registry support
- Fixes issue with excessive CPU utilization while waiting for containerd to start
- Add env var to allow spegel mirroring of latest tag
- Tweak netpol node wait logs
- Fix coredns NodeHosts on dual-stack clusters
- Bump helm-controller/klipper-helm versions
- Fix snapshot prune
- Fix issue with etcd node name missing hostname
- Rootless mode should also bind service nodePort to host for LoadBalancer type, matching UX of rootful mode.
- To enable raw output for the
check-config
subcommand, you may now set NO_COLOR=1 - Fix additional corner cases in registries handling
- Bump metrics-server to v0.7.0
- K3s will now warn and suppress duplicate entries in the mirror endpoint list for a registry. Containerd does not support listing the same endpoint multiple times as a mirror for a single upstream registry.
- Docker and E2E Test Backports (#9707)
- Fix wildcard entry upstream fallback (#9733)
- Update to v1.28.8-k3s1 and Go 1.21.8 (#9746)
Release v1.28.7+k3s1
This release updates Kubernetes to v1.28.7, and fixes a number of issues.
For more details on what's new, see the Kubernetes release notes.
Changes since v1.28.6+k3s2:
- Chore: bump Local Path Provisioner version (#9426)
- Bump cri-dockerd to fix compat with Docker Engine 25 (#9293)
- Auto Dependency Bump (#9419)
- Runtimes refactor using exec.LookPath (#9431)
- Directories containing runtimes need to be included in the $PATH environment variable for effective runtime detection.
- Changed how lastHeartBeatTime works in the etcd condition (#9424)
- Bump Flannel v0.24.2 + remove multiclustercidr (#9401)
- Allow executors to define containerd and docker behavior (#9254)
- Update Kube-router to v2.0.1 (#9404)
- Backports for 2024-02 release cycle (#9462)
- Enable longer http timeout requests (#9444)
- Test_UnitApplyContainerdQoSClassConfigFileIfPresent (#9440)
- Support PR testing installs (#9469)
- Update Kubernetes to v1.28.7 (#9492)
- Fix drone publish for arm (#9508)
- Remove failing Drone step (#9516)
- Restore original order of agent startup functions (#9545)
- Fix netpol startup when flannel is disabled (#9578)
Release v1.28.6+k3s2
This release updates Kubernetes to v1.28.6, and fixes a number of issues.
For more details on what's new, see the Kubernetes release notes.
Important Notes
Addresses the runc CVE: CVE-2024-21626 by updating runc to v1.1.12.