github k3s-io/k3s v1.27.3+k3s1

latest releases: v1.31.2+k3s1, v1.30.6+k3s1, v1.29.10+k3s1...
16 months ago

This release updates Kubernetes to v1.27.3, and fixes a number of issues.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.27.2+k3s1:

  • Update flannel version (#7628)
    • Update flannel to v0.22.0
  • Add el9 selinux rpm (#7635)
  • Update channels (#7634)
  • Allow coredns override extensions (#7583)
    • The coredns-custom ConfigMap now allows for *.override sections to be included in the .:53 default server block.
  • Bump klipper-lb to v0.4.4 (#7617)
    • Bumped klipper-lb image to v0.4.4 to resolve an issue that prevented access to ServiceLB ports from localhost when the Service ExternalTrafficPolicy was set to Local.
  • Bump metrics-server to v0.6.3 and update tls-cipher-suites (#7564)
    • The bundled metrics-server has been bumped to v0.6.3, and now uses only secure TLS ciphers by default.
  • Do not use the admin kubeconfig for the supervisor and core controllers (#7616)
    • The K3s core controllers (supervisor, deploy, and helm) no longer use the admin kubeconfig. This makes it easier to determine from access and audit logs which actions are performed by the system, and which are performed by an administrative user.
  • Bump golang:alpine image version (#7619)
  • Make LB image configurable when compiling k3s (#7626)
  • Bump vagrant libvirt with fix for plugin installs (#7605)
  • Add format command on Makefile (#7437)
  • Use el8 rpm for fedora 38 and 39 (#7664)
  • Check variant before version to decide rpm target and packager closes #7666 (#7667)
  • Test Coverage Reports for E2E tests (#7526)
  • Soft-fail on node password verification if the secret cannot be created (#7655)
    • K3s now allows nodes to join the cluster even if the node password secret cannot be created at the time the node joins. The secret create will be retried in the background. This resolves a potential deadlock created by fail-closed validating webhooks that block secret creation, where the webhook is unavailable until new nodes join the cluster to run the webhook pod.
  • Enable containerd aufs/devmapper/zfs snapshotter plugins (#7661)
    • The bundled containerd's aufs/devmapper/zfs snapshotter plugins have been restored. These were unintentionally omitted when moving containerd back into the k3s multicall binary in the previous release.
  • Bump docker go.mod (#7681)
  • Shortcircuit commands with version or help flags (#7683)
    • Non root users can now call k3s --help and k3s --version commands without running into permission errors over the default config file.
  • Bump Trivy version (#7672)
  • E2E: Capture coverage of K3s subcommands (#7686)
  • Integrate tailscale into k3s (#7352)
    • Integration of tailscale VPN into k3s
  • Add private registry e2e test (#7653)
  • E2E: Remove unnecessary daemonset addition/deletion (#7696)
  • Add issue template for OS validation (#7695)
  • Fix spelling check (#7740)
  • Remove useless libvirt config (#7745)
  • Bump helm-controller to v0.15.0 for create-namespace support (#7716)
    • The embedded helm controller has been bumped to v0.15.0, and now supports creating the chart's target namespace if it does not exist.
  • Fix error logging in tailscale (#7776)
  • Add commands to remove advertised routes of tailscale in k3s-killall.sh (#7777)
  • Update Kubernetes to v1.27.3 (#7790)

Embedded Component Versions

Component Version
Kubernetes v1.27.3
Kine v0.10.1
SQLite 3.39.2
Etcd v3.5.7-k3s1
Containerd v1.7.1-k3s1
Runc v1.1.7
Flannel v0.22.0
Metrics-server v0.6.3
Traefik v2.9.10
CoreDNS v1.10.1
Helm-controller v0.15.0
Local-path-provisioner v0.0.24

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Don't miss a new k3s release

NewReleases is sending notifications on new releases.