k3s-io/k3s v1.23.1+k3s1

on GitHub

This release is K3s's first in the v1.23 line. It updates Kubernetes to v1.23.1

As this release includes a number of significant changes from previous versions, we will not make v1.23 available via the stable release channel until v1.23.2+k3s1 or later.

Before upgrading from earlier releases, be sure to read the Kubernetes Urgent Upgrade Notes.

Known Issues:

• #4881: When using embedded etcd and the initial server is started with --agent-token, and this agent-only token does not match the server --token value, additional servers cannot join the cluster. This will be fixed in a subsequent release.
• #4023: When removing servers with etcd from the cluster, ensure that the k3s service is stopped before using kubectl delete to remove the node from the Kubernetes and etcd cluster. You should do this one node at a time to ensure that your cluster does not lose quorum. Failure to follow this process may result in K3s on the deleted node crashing, restarting, and rejoining the cluster.
• #4784: When creating a new cluster, etcd-only servers (if any) must be created before control-plane servers.

Changes since K3s v1.22.2-rc2+k3s1 (when the release-1.22 branch was forked from master)

• Update kubernetes to v1.23 (#4623)
• Bump stable to v1.22.5+k3s1 (#4821)
• Backout accidental package renaming (#4817)
• Fix panic checking name of uninitialized etcd member (#4813)
• Fix multiple ci issues blocking 1.23 release (#4801)
• Update bootstrap logic to output all changed files on disk (#4800)
• Remove the vendor directory (#4791)
• Move flannel logs to logrus (#4796)
• Close agentready channel only in k3s (#4792)
• K3s no longer leaks etcd client grpc connections (#4745)
• Remove disables, skips and disablekubeproxy from the comparing configs (#4781)
• Add initial skeleton adopters.md to better track large use cases (#4764)
• The embedded containerd binary is no longer part of the k3s multicall bundle. (#4757)
• The embedded userspace binaries have been updated to k3s-root v0.10.1. (#4758)
• Fix cold boot and reconcilation on secondary servers (#4747)
• Docs: adrs: dual-stack in network policy agent (#4729)
• Fix snapshot restoration on fresh nodes (#4737)
• Resolve bootstrap migration edge case (#4730)
• Add in docs/adr to ensure we capture decisions properly (#4707)
• Resolve issue preventing successful restore of etcd snapshot due to change in bootstrapping logic. (#4704)
• Update wharfie usage in windows code path (#4709)
• Add validation to certificate rotation (#4692)
• Runc has been bumped to v1.0.3, resolving a hugetlb error message frequently seen on raspberry pi. (#4693)
• Add skip_airgap enviroment variable for make (#4688)
• Include node-external-ip in serving-kubelet.crt sans (#4620)
• A cli subcommand to control secrets encryption. supports key rotation and enabled/disable of secrets encryption. (#4372)
• Verify new control plane nodes joining the cluster share the same config as cluster members (#4581)
• Bump wharfie to v0.5.1 (#4575)
• K3s will now ensure that the write-ahead log for the embedded sqlite datastore does not grow excessively large. (#4569)
• Update dynamiclistener to v0.3.1 (#4568)
• Nighlty automation vagrant rework (#4574)
• Bump stable to v1.21.7+k3s1 (#4636)
• Add cert rotation command (#4495)
• Update maintainers list (#4622)
• Etcd snapshotting has been enhanced to provide better feedback (#4453)
• Rancher will no longer suggest upgrading the traefik chart packaged with k3s. (#4557)
• Improve flannel code and logging (#4550)
• Bump golang to 1.16.10 and containerd to v1.5.8 (#4538)
• Bump kubernetes to v1.22.4 (#4536)
• Fix regression with cluster reset (#4521)
• Fixed an issue where config.yaml arguments with an equal sign would be skipped by server. (#4505)
• Unknown flags in config are now silently skipped by k3s server and etcd-snapshot (#4491)
• Tests/vagrant: refactor vagrant smoke tests (#4484)
• K3s now supports --etcd-arg to specify additional etcd arguments for running etcd (#4463)
• Allow optional customizations to coredns via coredns-custom configmap (#4397)
• Fix to allow etcd-snapshot to use config file with flags that are only used with k3s server. (#4464)
• Increase agent's apiserver ready timeout (#4454)
• Rancher will no longer suggest upgrading the traefik chart packaged with k3s. (#4324)
• Allow svclb pod to enable ipv6 forwarding (#4437)
• Update bootstrap logic (#4438)
• Corrected skip check for dualstack on ci (#4427)
• Improved microos support for k3s-uninstall.sh (#4403)
• Values saved in "config.yaml" can now be used with the etcd-snapshot subcommands (#4383)
• Replace gzip with pigz for faster builds (#4411)
• Remove unit tests from drone ci (#4424)
• Updating to new signals package in wrangler (#4399)
• Install.sh: fix path detection for sle-micro (#4398)
• Containerd: v1.5.7-k3s2 (#4387)
• Bump klipper-lb image for arm fix (#4385)
• Update k3s ci to run all integration tests (#4358)
• Enable epics action to automatically check off child issues in an epic (#4353)
• Refactor: use plain channel send or receive (#4370)
• Fix log/reap reexec (#4373)
• The btrfs snapshotter is now builtin to the k3s binary and ready for action (#4316)
• Resolved an issue that would occasionally cause k3s to take more than a minute to schedule initial pods on the first server in a cluster. (#4345)
• Initial support for sle micro with selinux via https://get.k3s.io (#4331)
• Update to v1.22.3 (#4354)
• K3s integration test fixes (#4341)
• Update peer address when running cluster-reset (#4307)
• Reset buffer back to beginning after use (#4279)
• Bump klipper-helm version (#4290)
• Values saved in "config.yaml" can now be used with the etcd-snapshot command (#4280)
• Install.sh: capture quoted environment variables (#4275)
• Update to the newest flannel (v0.15.1) (#4258)
• K3s should now reliably exit when core kubernetes components (apiserver, controller-manager, etc) experience fatal errors. (#4240)
• Set duration to second (#4231)
• Add the ability to pass in a timeout value for s3 operations used with etcd snapshots. (#4207)
• Copy old bootstrap buffer data for use during migration (#4215)
• Fix race condition in cloud provider (#4218)
• K3s now waits until etcd is actually able to start before joining a new members to the embedded etcd clusters. (#4194)
• Maintainers: add manuel and michal (#4193)
• Display cluster tls error only in debug mode (#4124)
• Fixed an issue that caused k3s to not be restarted by systemd when started with the --log flag. (#4190)
• Improve error message when using a "k10" prefixed token (#4180)
• Add ability to reconcile bootstrap data between datastore and disk (#3398)
• Move fossa out of dapper (#4158)
• New aliases for k3s etcd-snapshot s3 commands to match the flags used with k3s server. (#4161)
• Dual-stack support in servicelb controller (#4114)
• Update stable to v1.21.5+k3s2 (#4153)
• Add topologyspreadconstraints to support scaling of coredns (#4133)
• The embedded containerd has been updated to v1.5.7+k3s1 to address cve-2021-41103 (#4136)
• Fixed a regression introduced by #4086 that broke rootless support (#4127)
• Skip tests that violate version skew policy (#4122)
• The k3s systemd unit will no longer hang starting when the --log flag is used to redirect output (#4115)
• The k3s docker image now works on cgroup v2 systems, and properly reaps terminated containerd shim processes. (#4086)
• Set transport to skip verify if se skip flag passed (#4102)
• Bump stable to v1.21.5+k3s1 (#4068)
• Enable the inheritance of sysctl network settings for ipv6 (#4098)
• Adding fossa anaylze/test drone step (#4045)
• Rootless support now requires delegated cgroup v2 support. (#4065)

Embedded Component Versions

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started or to dive deep into K3s.
• Read how you can contribute here