Releases: k3s-io/k3s
Releases · k3s-io/k3s
v1.32.0+k3s1
This release is K3S's first in the v1.32 line. This release updates Kubernetes to v1.32.0.
Kubernetes 1.32 moves the AuthorizeNodeWithSelectors feature gate to Beta and on by default. See KEP-4601 for more information.
This feature-gate breaks some of the RBAC that previous releases of K3s relied upon. The January releases of K3s v1.29, v1.30, and v1.31 will contain backported fixes. Until then, you must set --kube-apiserver-arg=feature-gates=AuthorizeNodeWithSelectors=false on server nodes, if you want to mix K3s v1.32 nodes with nodes of other versions (within the limits of what is supported by the Kubernetes Version Skew Policy).
For more details on what's new, see the Kubernetes release notes.
Changes since v1.31.4+k3s1:
- Fix rotateca validation failures when not touching default self-signed CAs (#10710)
- Bump runc to v1.1.13 (#10737)
- Update stable channel to v1.30.4+k3s1 (#10739)
- Fix deploy latest commit on E2E tests (#10725)
- Remove secrets encryption controller (#10612)
- Update kubernetes to v1.31.0-k3s3 (#10764)
- Bump traefik to v2.11.8 (#10779)
- Update coredns to 1.11.3 and metrics-server to 0.7.2 (#10760)
- Add trivy scanning to PR reports (#10758)
- Cover edge case when on new minor release for E2E upgrade test (#10781)
- Bump aquasecurity/trivy-action from 0.20.0 to 0.24.0 (#10795)
- Update CNI plugins version (#10798)
- Bump Sonobuoy version (#10792)
- Fix /trivy action running against target branch instead of PR branch (#10824)
- Launch private registry with init (#10822)
- Add channel for v1.31 (#10826)
- Bump containerd to v1.7.21, runc to v1.1.14 (#10805)
- Bump helm-controller for skip-verify/plain-http and updated tolerations (#10832)
- Tag PR image build as latest before scanning (#10825)
- Only clean up containerd hosts dirs managed by k3s (#10823)
- Remove otelgrpc pinned dependency (#10799)
- Add node-internal-dns/node-external-dns address pass-through support (#10852)
- Give good report if no CVEs found in trivy (#10853)
- Fix hosts.toml header var (#10870)
- Bump Trivy version (#10863)
- Add int test for flannel-ipv6masq (#10440)
- Bump Trivy version (#10899)
- Update Kubernetes to v1.31.1-k3s3 (#10911)
- Add MariaDB to CI (#10724)
- Update stable channel tov1.30.5+k3s1 (#10921)
- Use static CNI bin dir (#10868)
- K3s now uses a stable directory for CNI binaries, which simplifies the installation of additional CNI plugins.
- Breakup trivy scan and check comment author (#10935)
- Fix getMembershipForUserInOrg call (#10937)
- Check k3s-io organization membership not team membership for trivy scans (#10940)
- Bump kine to v0.13.0 (#10932)
- Kine has been bumped to v0.13.0. This release includes changes that should enhance performance when using postgres as an external DB. The updated schema will be automatically used for new databases; to migrate to the new schema on existing databases, K3s can be started with the
KINE_SCHEMA_MIGRATION=2environment variable set.
- Kine has been bumped to v0.13.0. This release includes changes that should enhance performance when using postgres as an external DB. The updated schema will be automatically used for new databases; to migrate to the new schema on existing databases, K3s can be started with the
- Fix trivy report download (#10943)
- Trivy workflow: Specify GH_REPO env to use gh cli (#10949)
- Bump Trivy version (#10924)
- Bump traefik to chart 27.0.2 (#10939)
- Pass Rancher's VEX report to Trivy to remove known false-positives CVEs (#10956)
- Fix trivy vex line (#10970)
- Add user path to runtimes search (#10953)
- Runtimes detection will now use $PATH
- Bump to new wharfie version (#10971)
- Update README.md (#10523)
- Remove trailing whitespace (#9362)
- Bump kine to v0.13.2 (#10978)
- Allow configuration of Rootlesskit's CopyUpDirs through an environment variable (#10386)
- Add new environment variable "K3S_ROOTLESS_COPYUPDIRS" to add folders to the Rootlesskit configuration.
- Fix race condition when multiple nodes reconcile S3 snapshots (#10979)
- Bump Trivy version (#10996)
- Add ca-cert rotation integration test, and fix ca-cert rotation (#11013)
- Add e2e test which verifies traffic policies and firewall in services (#10972)
- Update tcpproxy for import path change (#11029)
- Bump Local Path Provisioner version (#10862)
- Bump local-path-provisioner to v0.0.30 (#11049)
- Bump helm-controller and klipper-helm (#11060)
- Bump containerd to v1.7.22 (#11067)
- Simplify svclb daemonset (#10954)
- Stop using klipper-lb as the image for svclb. Replace it with a simple busybox which just sleeps
- Add the nvidia runtime cdi (#11065)
- Add nvidia cdi runtime to the list of supported and discoverable runtimes
- Bump Trivy version (#11103)
- Rollback GHA to Ubuntu 22.04 (#11111)
- Revert "Make svclb as simple as possible" (#11109)
- Fix Github Actions for Ubuntu-24.04 (#11112)
- Bump aquasecurity/trivy-action from 0.24.0 to 0.27.0 (#11105)
- Check the last 10 commits for upgrade E2E test (#11086)
- Bump aquasecurity/trivy-action from 0.27.0 to 0.28.0 (#11138)
- Fixes "file exists" error from CNI bins when upgrading k3s (#11123)
- Reduce the number of GH api request for E2E nightly (#11148)
- Update Kubernetes to v1.31.2-k3s1 and Go 1.22.8 (#11163)
- Update stable channel to v1.30.6+k3s1 (#11186)
- Fix timeout when defragmenting etcd on startup (#11164)
- Capture all fedora atomic variants in install script (#11170)
- Allow easier installation of k3s on all variants of fedora atomic that use rpm-ostree
- Typo fixes in contributing.md (#11201)
- Bump Trivy version (#11206)
- Pin vagrant to older version to avoid known issue 13527 (#11226)
- Set kine EmulatedETCDVersion from embedded etcd version (#11221)
- Add nonroot-devices flag to agent CLI (#11200)
Device_ownership_from_security_contextcan now be enabled in the containerd CRI config by setting the--nonroot-devicesflag or config key.
- Bump runc to v1.2 (#10896)
- Update flannel and base cni plugins version (#11188)
- Bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#11236)
- Fix MustFindString returning override flags on external CLI commands (#11237)
- Bump containerd to v1.7.23-k3s1 to fix registry rewrite token scopes (#11238)
- Fix the "Standalone"-mode of oidc-login in the wrapped kubectl library [(#11266)](https://github.com/...
v1.32.0-rc2+k3s1
Load kernel modules for nft in agent setup (#11527) Signed-off-by: galal-hussein <[email protected]>
v1.32.0-rc1+k3s1
Fix snapshot flake Avoid "snapshot save already in progress" flake when snapshot reconcile from previous save is still in progress. Signed-off-by: Brad Davidson <[email protected]>
v1.31.4+k3s1
This release updates Kubernetes to v1.31.4, and fixes a number of issues.
For more details on what's new, see the Kubernetes release notes.
Changes since v1.31.3+k3s1:
- Fix secrets-encrypt reencrypt timeout error (#11442)
- Remove experimental from embedded-registry flag (#11444)
- Rework loadbalancer server selection logic (#11457)
- The embedded client loadbalancer that handles connectivity to control-plane elements has been extensively reworked for improved performance, reliability, and observability.
- Update coredns to 1.12.0 (#11454)
- Add node-internal-dns/node-external-dns address pass-through support … (#11464)
- Update to v1.31.4-k3s1 and Go 1.22.9 (#11462)
Embedded Component Versions
| Component | Version |
|---|---|
| Kubernetes | v1.31.4 |
| Kine | v0.13.5 |
| SQLite | 3.46.1 |
| Etcd | v3.5.16-k3s1 |
| Containerd | v1.7.23-k3s2 |
| Runc | v1.2.1 |
| Flannel | v0.25.7 |
| Metrics-server | v0.7.2 |
| Traefik | v2.11.10 |
| CoreDNS | v1.12.0 |
| Helm-controller | v0.16.5 |
| Local-path-provisioner | v0.0.30 |
Helpful Links
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our Slack channel
- Check out our documentation for guidance on how to get started or to dive deep into K3s.
- Read how you can contribute here
v1.31.4-rc1+k3s1
Update to v1.31.4 (#11462) Signed-off-by: Brooks Newberry <[email protected]>
v1.30.8+k3s1
This release updates Kubernetes to v1.30.8, and fixes a number of issues.
For more details on what's new, see the Kubernetes release notes.
Changes since v1.30.7+k3s1:
- Fix secrets-encrypt reencrypt timeout error (#11441)
- Remove experimental from embedded-registry flag (#11445)
- Update coredns to 1.12.0 (#11455)
- Rework loadbalancer server selection logic (#11458)
- The embedded client loadbalancer that handles connectivity to control-plane elements has been extensively reworked for improved performance, reliability, and observability.
- Add node-internal-dns/node-external-dns address pass-through support … (#11465)
- Update to v1.30.8-k3s1 and Go 1.22.9 (#11461)
Embedded Component Versions
| Component | Version |
|---|---|
| Kubernetes | v1.30.8 |
| Kine | v0.13.5 |
| SQLite | 3.46.1 |
| Etcd | v3.5.16-k3s1 |
| Containerd | v1.7.23-k3s2 |
| Runc | v1.2.1 |
| Flannel | v0.25.7 |
| Metrics-server | v0.7.2 |
| Traefik | v2.11.10 |
| CoreDNS | v1.12.0 |
| Helm-controller | v0.16.5 |
| Local-path-provisioner | v0.0.30 |
Helpful Links
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our Slack channel
- Check out our documentation for guidance on how to get started or to dive deep into K3s.
- Read how you can contribute here
v1.30.8-rc1+k3s1
Update to v1.30.8 (#11461) Signed-off-by: Brooks Newberry <[email protected]>
v1.29.12+k3s1
This release updates Kubernetes to v1.29.12, and fixes a number of issues.
For more details on what's new, see the Kubernetes release notes.
Changes since v1.29.11+k3s1:
- Fix secrets-encrypt reencrypt timeout error (#11440)
- Remove experimental from embedded-registry flag (#11446)
- Update coredns to 1.12.0 (#11456)
- Rework loadbalancer server selection logic (#11459)
- The embedded client loadbalancer that handles connectivity to control-plane elements has been extensively reworked for improved performance, reliability, and observability.
- Add node-internal-dns/node-external-dns address pass-through support … (#11466)
- Update to v1.29.12-k3s1 and Go 1.22.9 (#11460)
Embedded Component Versions
| Component | Version |
|---|---|
| Kubernetes | v1.29.12 |
| Kine | v0.13.5 |
| SQLite | 3.46.1 |
| Etcd | v3.5.16-k3s1 |
| Containerd | v1.7.23-k3s2 |
| Runc | v1.2.1 |
| Flannel | v0.25.7 |
| Metrics-server | v0.7.2 |
| Traefik | v2.11.10 |
| CoreDNS | v1.12.0 |
| Helm-controller | v0.15.15 |
| Local-path-provisioner | v0.0.30 |
Helpful Links
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our Slack channel
- Check out our documentation for guidance on how to get started or to dive deep into K3s.
- Read how you can contribute here
v1.29.12-rc1+k3s1
Update to v1.29.12 (#11460) Signed-off-by: Brooks Newberry <[email protected]>
v1.31.3+k3s1
This release updates Kubernetes to v1.31.3, and fixes a number of issues.
For more details on what's new, see the Kubernetes release notes.
Changes since v1.31.2+k3s1:
- Backport E2E GHA fixes (#11230)
- Backports for 2024-11 (#11261)
- Update flannel and base cni plugins version (#11247)
- Bump to latest k3s-root version in scripts/version.sh (#11302)
- More backports for 2024-11 (#11307)
- Fix issue with loadbalancer failover to default server (#11324)
- Update Kubernetes to v1.31.3-k3s1 (#11372)
- Bump containerd to -k3s2 to fix rewrites (#11403)
Embedded Component Versions
| Component | Version |
|---|---|
| Kubernetes | v1.31.3 |
| Kine | v0.13.5 |
| SQLite | 3.46.1 |
| Etcd | v3.5.16-k3s1 |
| Containerd | v1.7.23-k3s2 |
| Runc | v1.2.1 |
| Flannel | v0.25.7 |
| Metrics-server | v0.7.2 |
| Traefik | v2.11.10 |
| CoreDNS | v1.11.3 |
| Helm-controller | v0.16.5 |
| Local-path-provisioner | v0.0.30 |
Helpful Links
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our Slack channel
- Check out our documentation for guidance on how to get started or to dive deep into K3s.
- Read how you can contribute here