k3s-io/k3s v1.22.2+k3s1

on GitHub

This release is K3s's first in the v1.22 line. It updates Kubernetes to v1.22.2

As this release includes a number of significant changes from previous versions, we will not make v1.22 available via the stable release channel until v1.22.3+k3s1 or later.

Before upgrading from earlier releases, be sure to read the Kubernetes Urgent Upgrade Notes.
Special attention should be paid to the removal of several beta Kubernetes APIs, as this is a breaking change for users with apiextensions.k8s.io/v1beta1 CustomResourceDefinition or networking.k8s.io/v1beta1 Ingress resources in their manifests.

Changes since K3s v1.21.1-k3s1 (when the release-1.21 branch was forked from master)

• servicelb pods no longer mount the kube-system default service account token (#4041)
• Make sure there are no duplicate node names in etcd member list (#4025)
• The JobTrackingWithFinalizers alpha feature-gate is now enabled by default (#4038)
• Fix cgroup v1 regression in check-config.sh (#4039)
• Update Kubernetes to v1.22.2-k3s1 (#4037)
• Removed experimental tag from k3s server cluster commands (#4024)
• Nvidia container runtimes are now discovered automatically (#3890)
• Fix premature etcd shutdown when joining an existing cluster (#4018)
• install.sh now passes through environment variables prefixed with "CONTAINERD_" (#4009)
• Use existing name for etcd controller (#4014)
• Add dual-stack support on flannel (#3906)
• The embedded Helm controller now ensures that deprecated or removed Kubernetes api versions are handled properly during upgrades. (#4012)
• Set controller authorization-kubeconfig and authentication-kubeconfig (#4007)
• Handle cgroup v1/2/hybrid in check-config.sh more explicitly/accurately (#3230)
• Add etcd-member-management controller to K3s (#4001)
• Wait for apiserver readyz instead of healthz (#3993)
• install.sh now handles non-RHEL RPM-based distros properly (#3992)
• Exposing etcd metrics on the host IP no longer disables the localhost metrics listener (#3985)
• Failures within core Kubernetes components are now handled more gracefully, and will not trigger a full thread dump that obscures the actual error. (#3975)
• K3s will no longer attempt to disable the SupportPodPidsLimit FeatureGate on nodes without PIDS cgroup support. PIDS cgroup support is mandatory as of Kubernetes 1.20. (#3978)
• Migrate sqlite data to etcd when initializing the cluster (#3231)
• Allow option to disable s3 over https when using etcd-snapshot (#3968)
• Ship Stargz Snapshotter (#2936)
• The local kube-apiserver that is available on port 6444 on server nodes now includes the node name in the certificate SAN list (#3957)
• Added raspberry installation hint (#2379)
• Update maintainers to reflect team changes (#3953)
• Kine has been updated to v0.8.0, making the etcd_db_total_size_in_bytes apiserver metric available to track database size. (#3940)
• Small updates to CONTRIBUTING (#3734)
• Fix condition for adding kubernetes endpoints (#3941)
• install.sh now makes consistent use of os-release vars (#3918)
• Addon checksums are now properly updated when successfully applied. (#3920)
• Bump cniplugins version to 0.9.1 (#3925)
• Add functions to separate ipv4 and ipv6 CIDRs (#3916)
• install.sh now informs users of current SELinux support status for SUSE-like distros (#3088)
• The containerd runtime V1 (containerd-shim) has been removed (#3903)
• Bump RootlessKit to v0.14.5 (#3902)
• Fix rootless regression in 1.22 (set KubeletInUserNamespace gate) (#3901)
• Update Kubernetes to v1.22.0 (#3565)
• Reset load balancer state during etcd restore (#3877)
• Update Kubernetes to v1.21.4 (#3839)
• The embedded containerd has been updated to v1.4.9-k3s1 (#3858)
• The embedded Helm controller should no longer hang while checking for Helm v2 releases (#3847)
• Fix URL pruning when joining an etcd member (#3832)
• Updated the code to use GetNetworkByName and tweaked logic (#3818)
• Account for an s3 folder when listing objects (#3807)
• Running etcd snapshot list or delete as a non-root user will no longer create a new empty snapshot dir owned by the current user (#3783)
• Rancher-mirrored images used by k3s now include a mirrored- prefix (#3749)
• Fix Node stuck at deletion (#3771)
• The embedded Helm version has been updated to v3.6.3 (#3762)
• install.sh: Use built-in shell functionality instead of awk (#3738)
• Images imported from airgap tarballs are now properly lease-locked to prevent garbage collection (#3755)
• Fix initial start of etcd only nodes (#3748)
• Update rancher/local-path-provisioner to v0.0.20 (#3746)
• Sync DisableKubeProxy into control struct (#3724)
• Systemd notifications now function properly on etcd-only nodes (#3732)
• Fix local-path-provisioner to allow non-root users access to storage volumes (#3714)
• Wait until server is ready before configuring kube-proxy (#3716)
• When deleting a snapshot, users should now see an info message telling them if the snapshot they tried to remove does not exist. (#3695)
• Fix multiple bootstrap keys found (#3688)
• Update Kubernetes to v1.21.3 and golang to 1.16.6 (#3686)
• The embedded containerd version has been updated to v1.4.8-k3s1 to resolve GHSA-c72p-9xmj-rx3w (#3682)
• Custom named etcd snapshots will now be cleanup by etcd-snapshot prune correctly. (#3649)
• Bump helm-controller to v0.10.1 (#3644)
• Fix a runtime core panic (#3627)
• Bump k3s-root to v0.9.1 (#3626)
• Prevent snapshot save when snapshots are disabled (#3475)
• Update tcpproxy upstream from github.com/google/tcpproxy to inet.af/tcpproxy (#3483)
• Update packaged runc binary version to v1.0.0 (#3602)
• Update the error message encountered when running k3s etcd-snapshot where K3s cannot find an initialized etcd database to be more informative. (#3568)
• Update embedded kube-router (#3557)
• Set ulimits in docker-compose.yml (#3393)
• Update Kubernetes to v1.21.2 (#3564)
• Allow passing targeted environment variables to containerd (#3553)
• Export cli server flags and etcd restoration functions (#3527)
• Bump kine to resolve race condition and unrevisioned delete (#3545)
• Changes local storage pods to have 700 permissions (#3537)
• Move cloud-controller-manager into an embedded executor (#3525)
• Add option to disable the built-in Helm Controller (#3515)
• Fix storing bootstrap data with empty token string (#3422)
• Fail to start k3s if nm-cloud-setup is enabled (#3465)
• Renamed client-cloud-controller crt and key (#3470)
• Change containerd image leases from context lifespan to permanent (#3464)
• Send systemd notifications for both server and agent (#3430)
• Add events to deploy controller (#3436)
• Add nodename to UA string for deploy controller (#3433)
• Updated iptables version check (#3425)
• Add kubernetes.default.svc to serving certs (#3423)
• Fixed possible race where bootstrap data might not save (#3413)
• Added log message indicating etcd snapshots are disabled (#3405)
• The default cloud-controller-manager ClusterRole and ClusterRoleBindings no longer conflict with external cloud providers (#3388)
• Move wireguard's privatekey to flannel config directory (#3385)
• Bump flannel to v0.14 (#3376)
• Bump containerd to v1.4.4-k3s2 (#3358)
• Fix shell expansion and file permission issues in install.sh (#3355)
• Bump runc to v1.0.0-rc95 (#3348)
• Fix bug in etcd snapshot s3 prune (#3346)
• add retention default and wire in s3 prune (#3340)
• Set nf_conntrack_max for kube-proxy in supervisor agent setup (#3337)
• Add support for multiple env files for systemd unit (#3332)
• Add etcd snapshot save subcommand (#3336)

Known Issues:

• There is an issue that may cause unexpected behavior when removing servers running embedded etcd from the cluster.
  When removing servers with etcd from the cluster, ensure that the k3s service is stopped before using kubectl delete to remove the node from the Kubernetes and etcd cluster. You should do this one node at a time to ensure that your cluster does not lose quorum. Failure to follow this process may result in K3s on the deleted node crashing, restarting, and rejoining the cluster.

Embedded Component Versions

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started or to dive deep into K3s.
• Read how you can contribute here