This release updates Kubernetes to v1.21.1.
As v1.21 releases include a number of significant changes from previous versions, we will not make v1.21 available via the stable release channel until a later date.
Before upgrading from earlier releases, be sure to read the Kubernetes Urgent Upgrade Notes.
Changes since K3s v1.21.0+k3s1:
- Upgrade Kubernetes to v1.21.1 (#3328)
- The install script can be forced to restart services, even if the version or systemd unit has not changed. (#3235)
- The install script properly passes through shell metacharacters present in K3s command-line flags. (#3355)
- The install script now ensures correct filesystem permissions for the environment file when run as a non-root user. (#3355 @claycooper)
- The uninstall script now attempts to unmount CSI volumes before cleaning up the local filesystem. (#3265 @angelnu)
- CLI flags loaded from configuration files are now included in the node-args annotation. (#3290)
- When merging multiple configuration files from
config.yaml.d
, lists can be appended to instead of replaced by ending the flag name with+
. (#3229) - Etcd snapshots can now be listed, pruned, and deleted via the
k3s etcd-snapshot
subcommand (#3277 #3303 #3310) - K3s now supports specifying an alternative registry to host images for packaged components, via the
--system-default-registry
CLI flag. (#3285)
This setting is configured on servers, propagated to agents. Any images found in airgap tarballs will be retagged to appear to come from this registry as well as the default registry (docker.io). - The in-cluster Kubernetes apiserver certificate is now valid for the same hostnames/addresses as the external certificate. (#3241)
- The Kubernetes default certificate signing controllers now use the correct CAs to sign server certificates. (#3259 @siegfriedweber)
- Conntrack-related sysctls critical to the operation of kube-proxy are now set directly by K3s, instead of by the embedded kube-proxy. (#3341)
- Privileged containers can now be run inside Dockerized K3s clusters (
k3d
,docker run rancher/k3s
, etc) without receiving a "apply caps: operation not permitted: unknown" error. (#3359)
Known Issues:
- There is a regression that may cause issues with deleting nodes due to finalizers not being removed. If you observe a node is stuck for some time and is not being deleted you can describe the node to see if any finalizers remain. If there are any finalizers, you can work around this issue by running the following command to remove the finalizers:
# replace $NODENAME with the name of the node
kubectl patch node $NODENAME -p '{"metadata":{"finalizers":[]}}' --type=merge
Embedded Component Versions
Component | Version |
---|---|
Kubernetes | v1.21.1 |
Kine | v0.6.0 |
SQLite | 3.33.0 |
Etcd | v3.4.13-k3s1 |
Containerd | v1.4.4-k3s2 |
Runc | v1.0.0-rc95 |
Flannel | v0.13.1-rc2 (273b36c) |
Metrics-server | v0.3.6 |
Traefik | v2.4.8 |
CoreDNS | v1.8.3 |
Helm-controller | v0.9.1 |
Local-path-provisioner | v0.0.19 |
Helpful Links
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our Slack channel
- Check out our documentation for guidance on how to get started or to dive deep into K3s.
- Read how you can contribute here