v1.28.X
Upgrade Notice
Before upgrading from earlier releases, be sure to read the Kubernetes Urgent Upgrade Notes.
Release v1.28.7+k3s1
This release updates Kubernetes to v1.28.7, and fixes a number of issues.
For more details on what's new, see the Kubernetes release notes.
Changes since v1.28.6+k3s2:
- Chore: bump Local Path Provisioner version (#9426)
- Bump cri-dockerd to fix compat with Docker Engine 25 (#9293)
- Auto Dependency Bump (#9419)
- Runtimes refactor using exec.LookPath (#9431)
- Directories containing runtimes need to be included in the $PATH environment variable for effective runtime detection.
- Changed how lastHeartBeatTime works in the etcd condition (#9424)
- Bump Flannel v0.24.2 + remove multiclustercidr (#9401)
- Allow executors to define containerd and docker behavior (#9254)
- Update Kube-router to v2.0.1 (#9404)
- Backports for 2024-02 release cycle (#9462)
- Enable longer http timeout requests (#9444)
- Test_UnitApplyContainerdQoSClassConfigFileIfPresent (#9440)
- Support PR testing installs (#9469)
- Update Kubernetes to v1.28.7 (#9492)
- Fix drone publish for arm (#9508)
- Remove failing Drone step (#9516)
- Restore original order of agent startup functions (#9545)
- Fix netpol startup when flannel is disabled (#9578)
Release v1.28.6+k3s2
This release updates Kubernetes to v1.28.6, and fixes a number of issues.
For more details on what's new, see the Kubernetes release notes.
Important Notes
Addresses the runc CVE: CVE-2024-21626 by updating runc to v1.1.12.
Changes since v1.28.5+k3s1:
- Add a retry around updating a secrets-encrypt node annotations (#9125)
- Wait for taint to be gone in the node before starting the netpol controller (#9175)
- Etcd condition (#9181)
- Backports for 2024-01 (#9203)
- Pin opa version for missing dependency chain (#9216)
- Added support for env *_PROXY variables for agent loadbalancer (#9206)
- Etcd node is nil (#9228)
- Update to v1.28.6 and Go 1.20.13 (#9260)
- Use
ipFamilyPolicy: RequireDualStack
for dual-stack kube-dns (#9269) - Backports for 2024-01 k3s2 (#9336)
- Bump runc to v1.1.12 and helm-controller to v0.15.7
- Fix handling of bare hostname or IP as endpoint address in registries.yaml
- Bump helm-controller to fix issue with ChartContent (#9346)
Release v1.28.5+k3s1
This release updates Kubernetes to v1.28.5, and fixes a number of issues.
For more details on what's new, see the Kubernetes release notes.
Changes since v1.28.4+k3s1:
- Remove s390x steps temporarily since runners are disabled (#8983)
- Remove s390x from manifest (#8998)
- Fix overlapping address range (#8913)
- Modify CONTRIBUTING.md guide (#8954)
- Nov 2023 stable channel update (#9022)
- Default runtime and runtime classes for wasm/nvidia/crun (#8936)
- Added runtime classes for wasm/nvidia/crun
- Added default runtime flag for containerd
- Bump containerd/runc to v1.7.10-k3s1/v1.1.10 (#8962)
- Allow setting default-runtime on servers (#9027)
- Bump containerd to v1.7.11 (#9040)
- Update to v1.28.5-k3s1 (#9081)
Release v1.28.4+k3s2
This release updates Kubernetes to v1.28.4, and fixes a number of issues.
For more details on what's new, see the Kubernetes release notes.
Changes since v1.28.3+k3s2:
- Update channels latest to v1.27.7+k3s2 (#8799)
- Add etcd status condition (#8724)
- Now the user can see the etcd status from each node in a simple way
- ADR for etcd status (#8355)
- Wasm shims detection (#8751)
- Automatic discovery of WebAssembly runtimes
- Add warning for removal of multiclustercidr flag (#8758)
- Improve dualStack log (#8798)
- Optimize: Simplify and clean up Dockerfile (#8244)
- Add: timezone info in image (#8764)
-
- New timezone info in Docker image allows the use of
spec.timeZone
in CronJobs
- New timezone info in Docker image allows the use of
-
- Bump kine to fix nats, postgres, and watch issues (#8778)
- Bumped kine to v0.11.0 to resolve issues with postgres and NATS, fix performance of watch channels under heavy load, and improve compatibility with the reference implementation.
- QoS-class resource configuration (#8726)
- Containerd may now be configured to use rdt or blockio configuration by defining
rdt_config.yaml
orblockio_config.yaml
files.
- Containerd may now be configured to use rdt or blockio configuration by defining
- Add agent flag disable-apiserver-lb (#8717)
- Add agent flag disable-apiserver-lb, agent will not start load balance proxy.
- Force umount for NFS mount (like with longhorn) (#8521)
- General updates to README (#8786)
- Fix wrong warning from restorecon in install script (#8871)
- Fix issue with snapshot metadata configmap (#8835)
- Omit snapshot list configmap entries for snapshots without extra metadata
- Skip initial datastore reconcile during cluster-reset (#8861)
- Tweaked order of ingress IPs in ServiceLB (#8711)
- Improved ingress IP ordering from ServiceLB
- Disable helm CRD installation for disable-helm-controller (#8702)
- More improves for K3s patch release docs (#8800)
- Update install.sh sha256sum (#8885)
- Add jitter to client config retry to avoid hammering servers when they are starting up (#8863)
- Handle nil pointer when runtime core is not ready in etcd (#8886)
- Bump dynamiclistener; reduce snapshot controller log spew (#8894)
- Bumped dynamiclistener to address a race condition that could cause a server to fail to sync its certificates into the Kubernetes secret
- Reduced etcd snapshot log spam during initial cluster startup
- Remove depends_on for e2e step; fix cert rotate e2e (#8906)
- Fix etcd snapshot S3 issues (#8926)
- Don't apply S3 retention if S3 client failed to initialize
- Don't request metadata when listing S3 snapshots
- Print key instead of file path in snapshot metadata log message
- Update to v1.28.4 and Go to v1.20.11 (#8920)
- Remove s390x steps temporarily since runners are disabled (#8983)
- Remove s390x from manifest (#8998)