k3s-io/k3s v1.20.9+k3s1

on GitHub

This release updates Kubernetes to v1.20.9

For more details on what's new, see the Kubernetes release notes

⚠️ Important Upgrade Note ⚠️
If you are using K3s in a HA configuration with an external SQL datastore, and your server (control-plane) nodes were not started with the --token CLI flag, you will no longer be able to add additional K3s servers to the cluster without specifying the token. Ensure that you retain a copy of this token, as is required when restoring from backup. Previously, K3s did not enforce the use of a token when using external SQL datastores.

You may retrieve the token value from any server already joined to the cluster:

cat /var/lib/rancher/k3s/server/token

Changes since v1.20.8+k3s1:

• Upgrade Kubernetes to v1.20.9 (#3655)
• Upgrade coredns to v1.8.3 (#3541)
• Upgrade k3s-root to v0.9.1 (#3666)
• Upgrade containerd to v1.4.8-k3s1 (#3683)
  Addresses GHSA-c72p-9xmj-rx3w
• Bootstrap data is now reliably encrypted with the cluster token (#3516)
  Addresses GHSA-cxm9-4m6p-24mc
• The K3s cloud controller has been moved into a dedicated executor to improve resilience under high datastore latency (#3531)
• The CSR signing controller now uses the correct CA for all signers (#3599)
• The in-cluster list of available etcd snapshots is no longer updated when snapshots are disabled (#3611)
• k3s etcd-snapshot delete now functions more reliably when deleting snapshots from S3 (#3647)
• k3s server --cluster-reset now functions more reliably in case of quorum loss (#3650)

Embedded Component Versions

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started or to dive deep into K3s.
• Read how you can contribute here