This release updates Kubernetes to v1.26.2, and fixes a number of issues.
For more details on what's new, see the Kubernetes release notes.
Changes since v1.26.1+k3s1:
- Add build tag to disable cri-dockerd (#6760)
- Bump cri-dockerd (#6797)
- The embedded cri-dockerd has been updated to v0.3.1
- Update stable channel to v1.25.6+k3s1 (#6828)
- E2E Rancher and Hardened script improvements (#6778)
- Add Ayedo to Adopters (#6801)
- Consolidate E2E tests and GH Actions (#6772)
- Allow ServiceLB to honor
ExternalTrafficPolicy=Local
(#6726)- ServiceLB now honors the Service's ExternalTrafficPolicy. When set to Local, the LoadBalancer will only advertise addresses of Nodes with a Pod for the Service, and will not forward traffic to other cluster members.
- Fix cronjob example (#6707)
- Bump vagrant boxes to fedora37 (#6832)
- Ensure flag type consistency (#6852)
- E2E: Consoldiate docker and prefer bundled tests into new startup test (#6851)
- Fix reference to documentation (#6860)
- Bump deps: trivy, sonobuoy, dapper, golangci-lint, gopls (#6807)
- Fix check for (open)SUSE version (#6791)
- Add support for user-provided CA certificates (#6615)
- K3s now functions properly when the cluster CA certificates are signed by an existing root or intermediate CA. You can find a sample script for generating such certificates before K3s starts in the github repo at contrib/util/certs.sh.
- Ignore value conflicts when reencrypting secrets (#6850)
- Add
kubeadm
style bootstrap token secret support (#6663)- K3s now supports
kubeadm
style join tokens.k3s token create
now creates join token secrets, optionally with a limited TTL. - K3s agents joined with an expired or deleted token stay in the cluster using existing client certificates via the NodeAuthorization admission plugin, unless their Node object is deleted from the cluster.
- K3s now supports
- Add NATS to the list of supported data stores (#6876)
- Use default address family when adding kubernetes service address to SAN list (#6857)
- The apiserver advertised address and IP SAN entry are now set correctly on clusters that use IPv6 as the default IP family.
- Fix issue with servicelb startup failure when validating webhooks block creation (#6911)
- The embedded cloud controller manager will no longer attempt to unconditionally re-create its namespace and serviceaccount on startup. This resolves an issue that could cause a deadlocked cluster when fail-closed webhooks are in use.
- Fix access to hostNetwork port on NodeIP when egress-selector-mode=agent (#6829)
- Fixed an issue that would cause the apiserver egress proxy to attempt to use the agent tunnel to connect to service endpoints even in agent or disabled mode.
- Wait for server to become ready before creating token (#6932)
- Allow for multiple sets of leader-elected controllers (#6922)
- Fixed an issue where leader-elected controllers for managed etcd did not run on etcd-only nodes
- Update Flannel to v0.21.1 (#6944)
- Fix Nightly E2E tests (#6950)
- Fix etcd and ca-cert rotate issues (#6952)
- Fix ServiceLB dual-stack ingress IP listing (#6979)
- Resolved an issue with ServiceLB that would cause it to advertise node IPv6 addresses, even if the cluster or service was not enabled for dual-stack operation.
- Bump kine to v0.9.9 (#6974)
- The embedded kine version has been bumped to v0.9.9. Compaction log messages are now omitted at
info
level for increased visibility.
- The embedded kine version has been bumped to v0.9.9. Compaction log messages are now omitted at
- Update to v1.26.2-k3s1 (#7011)
Embedded Component Versions
Component | Version |
---|---|
Kubernetes | v1.26.2 |
Kine | v0.9.9 |
SQLite | 3.39.2 |
Etcd | v3.5.5-k3s1 |
Containerd | v1.6.15-k3s1 |
Runc | v1.1.4 |
Flannel | v0.21.1 |
Metrics-server | v0.6.2 |
Traefik | v2.9.4 |
CoreDNS | v1.9.4 |
Helm-controller | v0.13.1 |
Local-path-provisioner | v0.0.23 |
Helpful Links
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our Slack channel
- Check out our documentation for guidance on how to get started or to dive deep into K3s.
- Read how you can contribute here