chore(deps): update dependency k3s-io/k3s to v1.27.2+k3s1

[renovate]

This PR contains the following updates:

Package	Update	Change
k3s-io/k3s	minor	v1.25.3+k3s1 -> v1.27.2+k3s1

---

⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.

---

Release Notes

k3s-io/k3s

v1.27.2+k3s1: v1.27.2+k3s1

Compare Source

This release updates Kubernetes to v1.27.2, and fixes a number of issues.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.27.1+k3s1:

• Ensure that klog verbosity is set to the same level as logrus (#​7303)
• Create CRDs with schema (#​7308)
  • Fixed an issue where Addon, HelmChart, and HelmChartConfig CRDs were created without structural schema, allowing the creation of custom resources of these types with invalid content.
• Bump k3s-root for aarch64 page size fix (#​7364)
  • K3s once again supports aarch64 nodes with page size > 4k
• Bump Runc and Containerd (#​7339)
• Add integration tests for etc-snapshot server flags and refactor /tests/integration/integration.go/K3sStartServer (#​7300)
• Bump traefik to v2.9.10 / chart 21.2.0 (#​7324)
  • The packaged Traefik version has been bumped to v2.9.10 / chart 21.2.0
• Add longhorn storage test (#​6445)
• Improve error message when CLI wrapper Exec fails (#​7373)
  • K3s now prints a more meaningful error when attempting to run from a filesystem mounted noexec.
• Fix issues with --disable-agent and --egress-selector-mode=pod|cluster (#​7331)
  • Servers started with the (experimental) --disable-agent flag no longer attempt to run the tunnel authorizer agent component.
  • Fixed an regression that prevented the pod and cluster egress-selector modes from working properly.
• Retry cluster join on "too many learners" error (#​7351)
  • K3s now retries the cluster join operation when receiving a "too many learners" error from etcd. This most frequently occurred when attempting to add multiple servers at the same time.
• Fix MemberList error handling and incorrect etcd-arg passthrough (#​7371)
  • K3s now correctly passes through etcd-args to the temporary etcd that is used to extract cluster bootstrap data when restarting managed etcd nodes.
  • K3s now properly handles errors obtaining the current etcd cluster member list when a new server is joining the managed etcd cluster.
• Bump Trivy version (#​7383)
• Handle multiple arguments with StringSlice flags (#​7380)
• Add v1.27 channel (#​7387)
• Enable FindString to search dotD config files (#​7323)
• Migrate netutil methods into /util/net.go (#​7422)
• Local-storage: Fix permission (#​7217)
• Bump cni plugins to v1.2.0-k3s1 (#​7425)
  • The bundled CNI plugins have been upgraded to v1.2.0-k3s1. The bandwidth and firewall plugins are now included in the bundle.
• Add dependabot label and reviewer (#​7423)
• E2E: Startup test cleanup + RunCommand Enhancement (#​7388)
• Fail to validate server tokens that use bootstrap id/secret format (#​7389)
  • K3s now exits with a proper error message when the server token uses a bootstrap token id.secret format.
• Fix token startup test (#​7442)
• Bump kine to v0.10.1 (#​7414)
  • The embedded kine version has been bumped to v0.10.1. This replaces the legacy lib/pq postgres driver with pgx.
• Add kube-* server flags integration tests (#​7416)
• Add support for -cover + integration test code coverage (#​7415)
• Bump kube-router version to fix a bug when a port name is used (#​7454)
• Consistently use constant-time comparison of password hashes instead of bare password strings (#​7455)
• Bump containerd to v1.7.0 and move back into multicall binary (#​7418)
  • The embedded containerd version has been bumped to v1.7.0-k3s1, and has been reintegrated into the main k3s binary for a significant savings in release artifact size.
• Adding PITS and Getdeck Beiboot as adopters thanks to Schille and Miw… (#​7524)
• Bump helm-controller version for repo auth/ca support (#​7525)
  • The embedded Helm controller now supports authenticating to chart repositories via credentials stored in a Secret, as well as passing repo CAs via ConfigMap.
• Bump containerd/runc to v1.7.1-k3s1/v1.1.7 (#​7533)
  • The bundled containerd and runc versions have been bumped to v1.7.1-k3s1/v1.1.7
• Wrap error stating that it is coming from netpol (#​7539)
• Add Rotation certification Check, remove func to restart agents (#​7097)
• Bump alpine from 3.17 to 3.18 in /package (#​7550)
• Bump alpine from 3.17 to 3.18 in /conformance (#​7551)
• Add '-all' flag to apply to inactive systemd units (#​7567)
• Update to v1.27.2-k3s1 (#​7575)
• Fix iptables rules clean during upgrade (#​7591)
• Pin emicklei/go-restful to v3.9.0 (#​7597)
• Add el9 selinux rpm (#​7443)
• Revert "Add el9 selinux rpm (#​7443)" (#​7608)

Embedded Component Versions

Component	Version
Kubernetes	v1.27.2
Kine	v0.10.1
SQLite	3.39.2
Etcd	v3.5.7-k3s1
Containerd	v1.7.1-k3s1
Runc	v1.1.7
Flannel	v0.21.4
Metrics-server	v0.6.2
Traefik	v2.9.10
CoreDNS	v1.10.1
Helm-controller	v0.14.0
Local-path-provisioner	v0.0.24

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started or to dive deep into K3s.
• Read how you can contribute here

v1.27.1+k3s1: v1.27.1+k3s1

Compare Source

This release is K3S's first in the v1.27 line. This release updates Kubernetes to v1.27.1.

Before upgrading from earlier releases, be sure to read the Kubernetes Urgent Upgrade Notes.

Changes since v1.26.4+k3s1:

• Kubernetes 1.27.1 (#​7271)
• V1.27.1 CLI Deprecation (#​7311)
  • --flannel-backed=wireguard has been completely replaced with --flannel-backend=wireguard-native
  • The k3s etcd-snapshot command will now print a help message, to save a snapshot use: k3s etcd-snapshot save
  • The following flags will now cause fatal errors (with full removal coming in v1.28.0):
    • --flannel-backed=ipsec: replaced with --flannel-backend=wireguard-native see docs for more info.
    • Supplying multiple --flannel-backend values is no longer valid. Use --flannel-conf instead.
• Changed command -v redirection for iptables bin check (#​7315)
• Update channel server for april 2023 (#​7327)
• Bump cri-dockerd (#​7347)
• Cleanup help messages (#​7369)

Embedded Component Versions

Component	Version
Kubernetes	v1.27.1
Kine	v0.9.9
SQLite	3.39.2
Etcd	v3.5.7-k3s1
Containerd	v1.6.19-k3s1
Runc	v1.1.5
Flannel	v0.21.4
Metrics-server	v0.6.2
Traefik	v2.9.4
CoreDNS	v1.10.1
Helm-controller	v0.13.3
Local-path-provisioner	v0.0.24

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started or to dive deep into K3s.
• Read how you can contribute here

v1.26.5+k3s1: v1.26.5+k3s1

Compare Source

This release updates Kubernetes to v1.26.5, and fixes a number of issues.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.26.4+k3s1:

• Ensure that klog verbosity is set to the same level as logrus (#​7360)
• Prepend release branch to dependabot (#​7374)
• Add integration tests for etc-snapshot server flags (#​7377)
• Bump Runc and Containerd (#​7399)
• CLI + Config Enhancement (#​7403)
  • --Tls-sans now accepts multiple arguments: --tls-sans="foo,bar"
  • Prefer-bundled-bin: true now works properly when set in config.yaml.d files
• Migrate netutil methods into /utils/net.go (#​7432)
• Bump kube-router version to fix a bug when a port name is used (#​7460)
• Kube flags and longhorn storage tests (#​7465)
• Local-storage: Fix permission (#​7474)
• Bump containerd to v1.7.0 and move back into multicall binary (#​7444)
  • The embedded containerd version has been bumped to v1.7.0-k3s1, and has been reintegrated into the main k3s binary for a significant savings in release artifact size.
• Backport version bumps and bugfixes (#​7514)
  • K3s now retries the cluster join operation when receiving a "too many learners" error from etcd. This most frequently occurred when attempting to add multiple servers at the same time.
  • K3s once again supports aarch64 nodes with page size > 4k
  • The packaged Traefik version has been bumped to v2.9.10 / chart 21.2.0
  • K3s now prints a more meaningful error when attempting to run from a filesystem mounted noexec.
  • K3s now exits with a proper error message when the server token uses a bootstrap token id.secret format.
  • Fixed an issue where Addon, HelmChart, and HelmChartConfig CRDs were created without structural schema, allowing the creation of custom resources of these types with invalid content.
  • Servers started with the (experimental) --disable-agent flag no longer attempt to run the tunnel authorizer agent component.
  • Fixed an regression that prevented the pod and cluster egress-selector modes from working properly.
  • K3s now correctly passes through etcd-args to the temporary etcd that is used to extract cluster bootstrap data when restarting managed etcd nodes.
  • K3s now properly handles errors obtaining the current etcd cluster member list when a new server is joining the managed etcd cluster.
  • The embedded kine version has been bumped to v0.10.1. This replaces the legacy lib/pq postgres driver with pgx.
  • The bundled CNI plugins have been upgraded to v1.2.0-k3s1. The bandwidth and firewall plugins are now included in the bundle.
  • The embedded Helm controller now supports authenticating to chart repositories via credentials stored in a Secret, as well as passing repo CAs via ConfigMap.
• Bump containerd/runc to v1.7.1-k3s1/v1.1.7 (#​7534)
  • The bundled containerd and runc versions have been bumped to v1.7.1-k3s1/v1.1.7
• Wrap error stating that it is coming from netpol (#​7547)
• Add '-all' flag to apply to inactive units (#​7573)
• Update to v1.26.5-k3s1 (#​7576)
• Pin emicklei/go-restful to v3.9.0 (#​7598)

Embedded Component Versions

Component	Version
Kubernetes	v1.26.5
Kine	v0.10.1
SQLite	3.39.2
Etcd	v3.5.7-k3s1
Containerd	v1.7.1-k3s1
Runc	v1.1.7
Flannel	v0.21.4
Metrics-server	v0.6.2
Traefik	v2.9.10
CoreDNS	v1.10.1
Helm-controller	v0.14.0
Local-path-provisioner	v0.0.24

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started or to dive deep into K3s.
• Read how you can contribute here

v1.26.4+k3s1: v1.26.4+k3s1

Compare Source

This release updates Kubernetes to v1.26.4, and fixes a number of issues.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.26.3+k3s1:

• Enhance k3s check-config (#​7091)
• Update stable channel to v1.25.8+k3s1 (#​7161)
• Drone Pipelines enhancement (#​7169)
• Fix_get_sha_url (#​7187)
• Improve Updatecli local-path-provisioner pipeline (#​7181)
• Improve workflow (#​7142)
• Improve Trivy configuration (#​7154)
• Bump Local Path Provisioner version (#​7167)
  • The bundled local-path-provisioner version has been bumped to v0.0.24
• Bump etcd to v3.5.7 (#​7170)
  • The embedded etcd version has been bumped to v3.5.7
• Bump runc to v1.1.5 (#​7171)
  • The bundled runc version has been bumped to v1.1.5
• Fix race condition caused by etcd advertising addresses that it does not listen on (#​7147)
  • Fixed a race condition during cluster reset that could cause the operation to hang and time out.
• Bump coredns to v1.10.1 (#​7168)
  • The bundled coredns version has been bumped to v1.10.1
• Don't apply hardened args to agent (#​7089)
• Upgrade helm-controller to v0.13.3 (#​7209)
• Improve Klipper Helm and Helm controller bumps (#​7146)
• Fix issue with stale connections to removed LB server (#​7194)
  • The client load-balancer that maintains connections to active server nodes now closes connections to servers when they are removed from the cluster. This ensures that agent components immediately reconnect to a current cluster member.
• Bump actions/setup-go from 3 to 4 (#​7111)
• Lock bootstrap data with empty key to prevent conflicts (#​7215)
  • When using an external datastore, K3s now locks the bootstrap key while creating initial cluster bootstrap data, preventing a race condition when multiple servers attempted to initialize the cluster simultaneously.
• Updated kube-router to move the default ACCEPT rule at the end of the chain (#​7218)
  • The embedded kube-router controller has been updated to fix a regression that caused traffic from pods to be blocked by any default drop/deny rules present on the host. Users should still confirm that any externally-managed firewall rules explicitly allow traffic to/from pod and service networks, but this returns the old behavior that was relied upon by some users.
• Add make commands to terraform automation and fix external dbs related issue (#​7159)
• Update klipper lb to v0.4.2 (#​7210)
• Add coreos and sle micro to selinux support (#​6945)
• Fix call for k3s-selinux versions in airgapped environments (#​7264)
• Update Kube-router ACCEPT rule insertion and install script to clean rules before start (#​7274)
  • The embedded kube-router controller has been updated to fix a regression that caused traffic from pods to be blocked by any default drop/deny rules present on the host. Users should still confirm that any externally-managed firewall rules explicitly allow traffic to/from pod and service networks, but this returns the old behavior that was relied upon by some users.
• Update to v1.26.4-k3s1 (#​7282)
• Bump golang:alpine image version (#​7292)
• Bump Sonobuoy version (#​7256)
• Bump Trivy version (#​7257)

Embedded Component Versions

Component	Version
Kubernetes	v1.26.4
Kine	v0.9.9
SQLite	3.39.2
Etcd	v3.5.7-k3s1
Containerd	v1.6.19-k3s1
Runc	v1.1.5
Flannel	v0.21.4
Metrics-server	v0.6.2
Traefik	v2.9.4
CoreDNS	v1.10.1
Helm-controller	v0.13.3
Local-path-provisioner	v0.0.24

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started or to dive deep into K3s.
• Read how you can contribute here

v1.26.3+k3s1: v1.26.3+k3s1

Compare Source

This release updates Kubernetes to v1.26.3, and fixes a number of issues.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.26.2+k3s1:

• Add E2E to Drone (#​6890)
• Add flannel adr (#​6973)
• Update flannel and kube-router (#​7039)
• Bump various dependencies for CVEs (#​7044)
• Adds a warning about editing to the containerd config.toml file (#​7057)
• Update stable version in channel server (#​7066)
• Wait for kubelet port to be ready before setting (#​7041)
  • The agent tunnel authorizer now waits for the kubelet to be ready before reading the kubelet port from the node object.
• Improve support for rotating the default self-signed certs (#​7032)
  • The k3s certificate rotate-ca checks now support rotating self-signed certificates without the --force option.
• Skip all pipelines based on what is in the PR (#​6996)
• Add missing kernel config checks (#​6946)
• Remove deprecated nodeSelector label beta.kubernetes.io/os (#​6970)
• MultiClusterCIDR for v1.26 (#​6885)
  • MultiClusterCIDR feature
• Remove Nikolai from MAINTAINERS list (#​7088)
• Add automation for Restart command for K3s (#​7002)
• Fix to Rotate CA e2e test (#​7101)
• Drone: Cleanup E2E VMs on test panic (#​7104)
• Update to v1.26.3-k3s1 (#​7108)
• Pin golangci-lint version to v1.51.2 (#​7113)
• Clean E2E VMs before testing (#​7109)
• Update flannel to fix NAT issue with old iptables version (#​7136)

Embedded Component Versions

Component	Version
Kubernetes	v1.26.3
Kine	v0.9.9
SQLite	3.39.2
Etcd	v3.5.5-k3s1
Containerd	v1.6.19-k3s1
Runc	v1.1.4
Flannel	v0.21.4
Metrics-server	v0.6.2
Traefik	v2.9.4
CoreDNS	v1.9.4
Helm-controller	v0.13.1
Local-path-provisioner	v0.0.23

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started or to dive deep into K3s.
• Read how you can contribute here

v1.26.2+k3s1: v1.26.2+k3s1

Compare Source

This release updates Kubernetes to v1.26.2, and fixes a number of issues.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.26.1+k3s1:

• Add build tag to disable cri-dockerd (#​6760)
• Bump cri-dockerd (#​6797)
  • The embedded cri-dockerd has been updated to v0.3.1
• Update stable channel to v1.25.6+k3s1 (#​6828)
• E2E Rancher and Hardened script improvements (#​6778)
• Add Ayedo to Adopters (#​6801)
• Consolidate E2E tests and GH Actions (#​6772)
• Allow ServiceLB to honor ExternalTrafficPolicy=Local (#​6726)
  • ServiceLB now honors the Service's ExternalTrafficPolicy. When set to Local, the LoadBalancer will only advertise addresses of Nodes with a Pod for the Service, and will not forward traffic to other cluster members.
• Fix cronjob example (#​6707)
• Bump vagrant boxes to fedora37 (#​6832)
• Ensure flag type consistency (#​6852)
• E2E: Consoldiate docker and prefer bundled tests into new startup test (#​6851)
• Fix reference to documentation (#​6860)
• Bump deps: trivy, sonobuoy, dapper, golangci-lint, gopls (#​6807)
• Fix check for (open)SUSE version (#​6791)
• Add support for user-provided CA certificates (#​6615)
  • K3s now functions properly when the cluster CA certificates are signed by an existing root or intermediate CA. You can find a sample script for generating such certificates before K3s starts in the github repo at contrib/util/certs.sh.
• Ignore value conflicts when reencrypting secrets (#​6850)
• Add kubeadm style bootstrap token secret support (#​6663)
  • K3s now supports kubeadm style join tokens. k3s token create now creates join token secrets, optionally with a limited TTL.
  • K3s agents joined with an expired or deleted token stay in the cluster using existing client certificates via the NodeAuthorization admission plugin, unless their Node object is deleted from the cluster.
• Add NATS to the list of supported data stores (#​6876)
• Use default address family when adding kubernetes service address to SAN list (#​6857)
  • The apiserver advertised address and IP SAN entry are now set correctly on clusters that use IPv6 as the default IP family.
• Fix issue with servicelb startup failure when validating webhooks block creation (#​6911)
  • The embedded cloud controller manager will no longer attempt to unconditionally re-create its namespace and serviceaccount on startup. This resolves an issue that could cause a deadlocked cluster when fail-closed webhooks are in use.
• Fix access to hostNetwork port on NodeIP when egress-selector-mode=agent (#​6829)
  • Fixed an issue that would cause the apiserver egress proxy to attempt to use the agent tunnel to connect to service endpoints even in agent or disabled mode.
• Wait for server to become ready before creating token (#​6932)
• Allow for multiple sets of leader-elected controllers (#​6922)
  • Fixed an issue where leader-elected controllers for managed etcd did not run on etcd-only nodes
• Update Flannel to v0.21.1 (#​6944)
• Fix Nightly E2E tests (#​6950)
• Fix etcd and ca-cert rotate issues (#​6952)
• Fix ServiceLB dual-stack ingress IP listing (#​6979)
  • Resolved an issue with ServiceLB that would cause it to advertise node IPv6 addresses, even if the cluster or service was not enabled for dual-stack operation.
• Bump kine to v0.9.9 (#​6974)
  • The embedded kine version has been bumped to v0.9.9. Compaction log messages are now omitted at info level for increased visibility.
• Update to v1.26.2-k3s1 (#​7011)

Embedded Component Versions

Component	Version
Kubernetes	v1.26.2
Kine	v0.9.9
SQLite	3.39.2
Etcd	v3.5.5-k3s1
Containerd	v1.6.15-k3s1
Runc	v1.1.4
Flannel	v0.21.1
Metrics-server	v0.6.2
Traefik	v2.9.4
CoreDNS	v1.9.4
Helm-controller	v0.13.1
Local-path-provisioner	v0.0.23

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started or to dive deep into K3s.
• Read how you can contribute here

v1.26.1+k3s1: v1.26.1+k3s1

Compare Source

This release updates Kubernetes to v1.26.1, and fixes a number of issues.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.26.0+k3s2:

• Add jitter to scheduled snapshots and retry harder on conflicts (#​6715)
  • Scheduled etcd snapshots are now offset by a short random delay of up to several seconds. This should prevent multi-server clusters from executing pathological behavior when attempting to simultaneously update the snapshot list ConfigMap. The snapshot controller will also be more persistent in attempting to update the snapshot list.
• Adjust e2e test run script and fixes (#​6718)
• RIP Codespell (#​6701)
• Bump alpine from 3.16 to 3.17 in /package (#​6688)
• Bump alpine from 3.16 to 3.17 in /conformance (#​6687)
• Bump containerd to v1.6.15-k3s1 (#​6722)
  • The embedded containerd version has been bumped to v1.6.15-k3s1
• Containerd restart testlet (#​6696)
• Bump ubuntu from 20.04 to 22.04 in /tests/e2e/scripts (#​6686)
• Add explicit read permissions to workflows (#​6700)
• Pass through default tls-cipher-suites (#​6725)
  • The K3s default cipher suites are now explicitly passed in to kube-apiserver, ensuring that all listeners use these values.
• Bump golang:alpine image version (#​6683)
• Bugfix: do not break cert-manager when pprof is enabled (#​6635)
• Fix CI tests on Alpine 3.17 (#​6744)
• Update Stable to 1.25.5+k3s2 (#​6753)
• Bump action/download-artifact to v3 (#​6746)
• Generate report and upload test results (#​6737)
• Slow dependency CI to weekly (#​6764)
• Fix Drone plugins/docker tag for 32 bit arm (#​6769)
• Update to v1.26.1-k3s1 (#​6774)

Embedded Component Versions

Component	Version
Kubernetes	v1.26.1
Kine	v0.9.8
SQLite	3.39.2
Etcd	v3.5.5-k3s1
Containerd	v1.6.15-k3s1
Runc	v1.1.4
Flannel	v0.20.2
Metrics-server	v0.6.2
Traefik	v2.9.4
CoreDNS	v1.9.4
Helm-controller	v0.13.1
Local-path-provisioner	v0.0.23

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started or to dive deep into K3s.
• Read how you can contribute here

v1.26.0+k3s1: v1.26.0+k3s1

Compare Source

⚠️ WARNING

This release is affected by https://github.com/containerd/containerd/issues/7843, which causes the kubelet to restart all pods whenever K3s is restarted. For this reason, we have removed this K3s release from the channel server. Please use v1.26.0+k3s2 instead.

This release is K3S's first in the v1.26 line. This release updates Kubernetes to v1.26.0.

Before upgrading from earlier releases, be sure to read the Kubernetes Urgent Upgrade Notes.

Changes since v1.25.5+k3s1:

• Remove deprecated flags in v1.26 (#​6574)
• Using "etcd-snapshot" for saving snapshots is now deprecated, use "etcd-snapshot save" instead. (#​6575)
• Update to v1.26.0-k3s1
• • Update kubernetes to v1.26.0-k3s1
• • Update cri-tools to v1.26.0-rc.0-k3s1
• • Update helm controller to v0.13.1
• • Update etcd to v3.5.5-k3s1
• • Update cri-dockerd to the latest 1.26.0
• • Update cadvisor
• • Update containerd to v1.6.12-k3s1 (#​6370)
• Preload iptable_filter/ip6table_filter (#​6645)
• Bump k3s-root version to v0.12.1 (#​6651)

Embedded Component Versions

Component	Version
Kubernetes	v1.26.0
Kine	v0.9.8
SQLite	3.39.2
Etcd	v3.5.5-k3s1
Containerd	v1.6.12-k3s1
Runc	v1.1.4
Flannel	v0.20.2
Metrics-server	v0.6.2
Traefik	v2.9.4
CoreDNS	v1.9.4
Helm-controller	v0.13.1
Local-path-provisioner	v0.0.23

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started or to dive deep into K3s.
• Read how you can contribute here

v1.26.0+k3s2: v1.26.0+k3s2

Compare Source

This release updates containerd to v1.6.14 to resolve an issue where pods would lose their CNI information when containerd was restarted, as well as a number of other stability and administrative changes.

Before upgrading from earlier releases, be sure to read the Kubernetes Urgent Upgrade Notes.

Changes since v1.26.0+k3s1:

• Current status badges (#​6653)
• Add initial Updatecli ADR automation (#​6583)
• December 2022 channels update (#​6618)
• Change Updatecli GH action reference branch (#​6682)
• Fix OpenRC init script error 'openrc-run.sh: source: not found' (#​6614)
• Add Dependabot config for security ADR (#​6560)
• Bump containerd to v1.6.14-k3s1 (#​6693)
  • The embedded containerd version has been bumped to v1.6.14-k3s1. This includes a backported fix for containerd/7843 which caused pods to lose their CNI info when containerd was restarted, which in turn caused the kubelet to recreate the pod.
• Exclude December r1 releases from channel server (#​6706)

Embedded Component Versions

Component	Version
Kubernetes	v1.26.0
Kine	v0.9.8
SQLite	3.39.2
Etcd	v3.5.5-k3s1
Containerd	v1.6.14-k3s1
Runc	v1.1.4
Flannel	v0.20.2
Metrics-server	v0.6.2
Traefik	v2.9.4
CoreDNS	v1.9.4
Helm-controller	v0.13.1
Local-path-provisioner	v0.0.23

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started or to dive deep into K3s.
• Read how you can contribute here

v1.25.10+k3s1: v1.25.10+k3s1

Compare Source

This release updates Kubernetes to v1.25.10, and fixes a number of issues.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.25.9+k3s1:

• Ensure that klog verbosity is set to the same level as logrus (#​7361)
• Add E2E testing in Drone (#​7375)
• Add integration tests for etc-snapshot server flags #​7377 (#​7378)
• CLI + Config Enhancement (#​7404)
  • --Tls-sans now accepts multiple arguments: --tls-sans="foo,bar"
  • Prefer-bundled-bin: true now works properly when set in config.yaml.d files
• Migrate netutil methods into /utils/net.go (#​7433)
• Bump Runc + Containerd + Docker for CVE fixes (#​7452)
• Bump kube-router version to fix a bug when a port name is used (#​7461)
• Kube flags and longhorn storage tests 1.25 (#​7466)
• Local-storage: Fix permission (#​7473)
• Backport version bumps and bugfixes (#​7515)
  • K3s now retries the cluster join operation when receiving a "too many learners" error from etcd. This most frequently occurred when attempting to add multiple servers at the same time.
  • K3s once again supports aarch64 nodes with page size > 4k
  • The packaged Traefik version has been bumped to v2.9.10 / chart 21.2.0
  • K3s now prints a more meaningful error when attempting to run from a filesystem mounted noexec.
  • K3s now exits with a proper error message when the server token uses a bootstrap token id.secret format.
  • Fixed an issue where Addon, HelmChart, and HelmChartConfig CRDs were created without structural schema, allowing the creation of custom resources of these types with invalid content.
  • Servers started with the (experimental) --disable-agent flag no longer attempt to run the tunnel authorizer agent component.
  • Fixed an regression that prevented the pod and cluster egress-selector modes from working properly.
  • K3s now correctly passes through etcd-args to the temporary etcd that is used to extract cluster bootstrap data when restarting managed etcd nodes.
  • K3s now properly handles errors obtaining the current etcd cluster member list when a new server is joining the managed etcd cluster.
  • The embedded kine version has been bumped to v0.10.1. This replaces the legacy lib/pq postgres driver with pgx.
  • The bundled CNI plugins have been upgraded to v1.2.0-k3s1. The bandwidth and firewall plugins are now included in the bundle.
  • The embedded Helm controller now supports authenticating to chart repositories via credentials stored in a Secret, as well as passing repo CAs via ConfigMap.
• Bump containerd/runc to v1.7.1-k3s1/v1.1.7 (#​7535)
  • The bundled containerd and runc versions have been bumped to v1.7.1-k3s1/v1.1.7
• Wrap error stating that it is coming from netpol (#​7548)
• Add '-all' flag to apply to inactive units (#​7574)
• Update to v1.25.10-k3s1 (#​7582)

Embedded Component Versions

Component	Version
Kubernetes	v1.25.10
Kine	v0.10.1
SQLite	3.39.2
Etcd	v3.5.3-k3s1
Containerd	v1.7.1-k3s1
Runc	v1.1.7
Flannel	v0.21.4
Metrics-server	v0.6.2
Traefik	v2.9.10
CoreDNS	v1.10.1
Helm-controller	v0.14.0
Local-path-provisioner	v0.0.24

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started or to dive deep into K3s.
• Read how you can contribute here

v1.25.9+k3s1: v1.25.9+k3s1

Compare Source

This release updates Kubernetes to v1.25.9, and fixes a number of issues.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.25.8+k3s1:

• Enhance check-config (#​7164)
• Remove deprecated nodeSelector label beta.kubernetes.io/os (#​6970) (#​7121)
• Backport version bumps and bugfixes (#​7228)
  • The bundled local-path-provisioner version has been bumped to v0.0.24
  • The bundled runc version has been bumped to v1.1.5
  • The bundled coredns version has been bumped to v1.10.1
  • When using an external datastore, K3s now locks the bootstrap key while creating initial cluster bootstrap data, preventing a race condition when multiple servers attempted to initialize the cluster simultaneously.
  • The client load-balancer that maintains connections to active server nodes now closes connections to servers when they are removed from the cluster. This ensures that agent components immediately reconnect to a current cluster member.
  • Fixed a race condition during cluster reset that could cause the operation to hang and time out.
• Updated kube-router to move the default ACCEPT rule at the end of the chain (#​7221)
  • The embedded kube-router controller has been updated to fix a regression that caused traffic from pods to be blocked by any default drop/deny rules present on the host. Users should still confirm that any externally-managed firewall rules explicitly allow traffic to/from pod and service networks, but this returns the old behavior that was relied upon by some users.
• Update klipper lb and helm-controller (#​7240)
• Update Kube-router ACCEPT rule insertion and install script to clean rules before start (#​7276)
  • The embedded kube-router controller has been updated to fix a regression that caused traffic from pods to be blocked by any default drop/deny rules present on the host. Users should still confirm that any externally-managed firewall rules explicitly allow traffic to/from pod and service networks, but this returns the old behavior that was relied upon by some users.
• Update to v1.25.9-k3s1 (#​7283)

Embedded Component Versions

Component	Version
Kubernetes	v1.25.9
Kine	v0.9.9
SQLite	3.39.2
Etcd	v3.5.3-k3s1
Containerd	v1.6.19-k3s1
Runc	v1.1.5
Flannel	v0.21.4
Metrics-server	v0.6.2
Traefik	v2.9.4
CoreDNS	v1.10.1
Helm-controller	v0.13.3
Local-path-provisioner	v0.0.24

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started or to dive deep into K3s.
• Read how you can contribute here

v1.25.8+k3s1: v1.25.8+k3s1

Compare Source

This release updates Kubernetes to v1.25.8, and fixes a number of issues.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.25.7+k3s1:

• Update flannel and kube-router (#​7061)
• Bump various dependencies for CVEs (#​7043)
• Enable dependabot (#​7045)
• Wait for kubelet port to be ready before setting (#​7064)
  • The agent tunnel authorizer now waits for the kubelet to

---

Configuration

📅 Schedule: Branch creation - "on sunday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[github-actions]

🦙 MegaLinter status: ❌ ERROR

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
❌ ANSIBLE	ansible-lint	yes		1	14.98s
✅ COPYPASTE	jscpd	yes		no	1.15s
✅ KUBERNETES	kubeval	2		0	0.46s
✅ REPOSITORY	git_diff	yes		no	0.01s
✅ REPOSITORY	secretlint	yes		no	1.06s
✅ YAML	prettier	3		0	0.59s
✅ YAML	yamllint	3		0	0.21s

See errors details in artifact MegaLinter reports on CI Job page
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by