chore(deps): update dependency k3s-io/k3s to v1.29.0+k3s1

[renovate]

This PR contains the following updates:

Package	Update	Change
k3s-io/k3s	minor	v1.23.6+k3s1 -> v1.29.0+k3s1

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

k3s-io/k3s (k3s-io/k3s)

v1.29.0+k3s1: v1.29.0+k3s1

Compare Source

This release is K3S's first in the v1.29 line. This release updates Kubernetes to v1.29.0.

Before upgrading from earlier releases, be sure to read the Kubernetes Urgent Upgrade Notes.

⚠️ IMPORTANT: This release removes the expiremental rotate-keys subcommand due to changes in Kubernetes upstream for KMSv2, the subcommand should be added back in future releases.

⚠️ IMPORTANT: This release also removes the multi-cluster-cidr flag, since the support for this alpha feature has been removed completely from Kubernetes upstream, this flag should be removed from the configuration before upgrade.

Changes since v1.28.4+k3s2:

• Fix overlapping address range (#​8913)
• Modify CONTRIBUTING.md guide (#​8954)
• Nov 2023 stable channel update (#​9022)
• Default runtime and runtime classes for wasm/nvidia/crun (#​8936)
  • Added runtime classes for wasm/nvidia/crun
  • Added default runtime flag for containerd
• Bump containerd/runc to v1.7.10-k3s1/v1.1.10 (#​8962)
• Allow setting default-runtime on servers (#​9027)
• Bump containerd to v1.7.11 (#​9040)
• Remove GA feature-gates (#​8970)
• Only publish to code_cov on merged E2E builds (#​9051)
• Update Kubernetes to v1.29.0+k3s1 (#​9052)
• Update flannel to v0.24.0 and remove multiclustercidr flag (#​9075)
• Remove rotate-keys subcommand (#​9079)

Embedded Component Versions

Component	Version
Kubernetes	v1.29.0
Kine	v0.11.0
SQLite	3.42.0
Etcd	v3.5.9-k3s1
Containerd	v1.7.11-k3s2
Runc	v1.1.10
Flannel	v0.24.0
Metrics-server	v0.6.3
Traefik	v2.10.5
CoreDNS	v1.10.1
Helm-controller	v0.15.4
Local-path-provisioner	v0.0.24

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started or to dive deep into K3s.
• Read how you can contribute here

v1.28.4+k3s1: v1.28.4+k3s1

Compare Source

This release updates Kubernetes to v1.28.4, and fixes a number of issues.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.28.3+k3s2:

• Update channels latest to v1.27.7+k3s2 (#​8799)
• Add etcd status condition (#​8724)
  • Now the user can see the etcd status from each node in a simple way
• ADR for etcd status (#​8355)
• Wasm shims detection (#​8751)
  • Automatic discovery of WebAssembly runtimes
• Add warning for removal of multiclustercidr flag (#​8758)
• Improve dualStack log (#​8798)
• Optimize: Simplify and clean up Dockerfile (#​8244)
• Add: timezone info in image (#​8764)
  • • New timezone info in Docker image allows the use of spec.timeZone in CronJobs
• Bump kine to fix nats, postgres, and watch issues (#​8778)
  • Bumped kine to v0.11.0 to resolve issues with postgres and NATS, fix performance of watch channels under heavy load, and improve compatibility with the reference implementation.
• QoS-class resource configuration (#​8726)
  • Containerd may now be configured to use rdt or blockio configuration by defining rdt_config.yaml or blockio_config.yaml files.
• Add agent flag disable-apiserver-lb (#​8717)
  • Add agent flag disable-apiserver-lb, agent will not start load balance proxy.
• Force umount for NFS mount (like with longhorn) (#​8521)
• General updates to README (#​8786)
• Fix wrong warning from restorecon in install script (#​8871)
• Fix issue with snapshot metadata configmap (#​8835)
  • Omit snapshot list configmap entries for snapshots without extra metadata
• Skip initial datastore reconcile during cluster-reset (#​8861)
• Tweaked order of ingress IPs in ServiceLB (#​8711)
  • Improved ingress IP ordering from ServiceLB
• Disable helm CRD installation for disable-helm-controller (#​8702)
• More improves for K3s patch release docs (#​8800)
• Update install.sh sha256sum (#​8885)
• Add jitter to client config retry to avoid hammering servers when they are starting up (#​8863)
• Handle nil pointer when runtime core is not ready in etcd (#​8886)
• Bump dynamiclistener; reduce snapshot controller log spew (#​8894)
  • Bumped dynamiclistener to address a race condition that could cause a server to fail to sync its certificates into the Kubernetes secret
  • Reduced etcd snapshot log spam during initial cluster startup
• Remove depends_on for e2e step; fix cert rotate e2e (#​8906)
• Fix etcd snapshot S3 issues (#​8926)
  • Don't apply S3 retention if S3 client failed to initialize
  • Don't request metadata when listing S3 snapshots
  • Print key instead of file path in snapshot metadata log message
• Update to v1.28.4 and Go to v1.20.11 (#​8920)

Embedded Component Versions

Component	Version
Kubernetes	v1.28.4
Kine	v0.11.0
SQLite	3.42.0
Etcd	v3.5.9-k3s1
Containerd	v1.7.7-k3s1
Runc	v1.1.8
Flannel	v0.22.2
Metrics-server	v0.6.3
Traefik	v2.10.5
CoreDNS	v1.10.1
Helm-controller	v0.15.4
Local-path-provisioner	v0.0.24

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started or to dive deep into K3s.
• Read how you can contribute here

v1.28.4+k3s2: v1.28.4+k3s2

Compare Source

This release updates Kubernetes to v1.28.4, and fixes a number of issues.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.28.3+k3s2:

• Update channels latest to v1.27.7+k3s2 (#​8799)
• Add etcd status condition (#​8724)
  • Now the user can see the etcd status from each node in a simple way
• ADR for etcd status (#​8355)
• Wasm shims detection (#​8751)
  • Automatic discovery of WebAssembly runtimes
• Add warning for removal of multiclustercidr flag (#​8758)
• Improve dualStack log (#​8798)
• Optimize: Simplify and clean up Dockerfile (#​8244)
• Add: timezone info in image (#​8764)
  • • New timezone info in Docker image allows the use of spec.timeZone in CronJobs
• Bump kine to fix nats, postgres, and watch issues (#​8778)
  • Bumped kine to v0.11.0 to resolve issues with postgres and NATS, fix performance of watch channels under heavy load, and improve compatibility with the reference implementation.
• QoS-class resource configuration (#​8726)
  • Containerd may now be configured to use rdt or blockio configuration by defining rdt_config.yaml or blockio_config.yaml files.
• Add agent flag disable-apiserver-lb (#​8717)
  • Add agent flag disable-apiserver-lb, agent will not start load balance proxy.
• Force umount for NFS mount (like with longhorn) (#​8521)
• General updates to README (#​8786)
• Fix wrong warning from restorecon in install script (#​8871)
• Fix issue with snapshot metadata configmap (#​8835)
  • Omit snapshot list configmap entries for snapshots without extra metadata
• Skip initial datastore reconcile during cluster-reset (#​8861)
• Tweaked order of ingress IPs in ServiceLB (#​8711)
  • Improved ingress IP ordering from ServiceLB
• Disable helm CRD installation for disable-helm-controller (#​8702)
• More improves for K3s patch release docs (#​8800)
• Update install.sh sha256sum (#​8885)
• Add jitter to client config retry to avoid hammering servers when they are starting up (#​8863)
• Handle nil pointer when runtime core is not ready in etcd (#​8886)
• Bump dynamiclistener; reduce snapshot controller log spew (#​8894)
  • Bumped dynamiclistener to address a race condition that could cause a server to fail to sync its certificates into the Kubernetes secret
  • Reduced etcd snapshot log spam during initial cluster startup
• Remove depends_on for e2e step; fix cert rotate e2e (#​8906)
• Fix etcd snapshot S3 issues (#​8926)
  • Don't apply S3 retention if S3 client failed to initialize
  • Don't request metadata when listing S3 snapshots
  • Print key instead of file path in snapshot metadata log message
• Update to v1.28.4 and Go to v1.20.11 (#​8920)
• Remove s390x steps temporarily since runners are disabled (#​8983)
• Remove s390x from manifest (#​8998)

Embedded Component Versions

Component	Version
Kubernetes	v1.28.4
Kine	v0.11.0
SQLite	3.42.0
Etcd	v3.5.9-k3s1
Containerd	v1.7.7-k3s1
Runc	v1.1.8
Flannel	v0.22.2
Metrics-server	v0.6.3
Traefik	v2.10.5
CoreDNS	v1.10.1
Helm-controller	v0.15.4
Local-path-provisioner	v0.0.24

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started or to dive deep into K3s.
• Read how you can contribute here

v1.28.3+k3s1: v1.28.3+k3s1

Compare Source

This release updates Kubernetes to v1.28.3, and fixes a number of issues.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.28.2+k3s1:

• Fix error reporting (#​8250)
• Add context to flannel errors (#​8284)
• Update channel, September patch release (#​8397)
• Add missing link to drone in documentation (#​8295)
• Include the interface name in the error message (#​8346)
• Add extraArgs to vpn provider (#​8354)
  • Allow to pass extra args to the vpn provider
• Disable HTTP on main etcd client port (#​8402)
  • Embedded etcd no longer serves http requests on the client port, only grpc. This addresses a performance issue that could cause watch stream starvation under load. For more information, see https://github.com/etcd-io/etcd/issues/15402
• Server token rotation (#​8215)
• Fix issues with etcd member removal after reset (#​8392)
  • Fixed an issue that could cause k3s to attempt to remove members from the etcd cluster immediately following a cluster-reset/restore, if they were queued for removal at the time the snapshot was taken.
• Fix gofmt error (#​8439)
• Added advertise address integration test (#​8344)
• Added cluster reset from non bootstrap nodes on snapshot restore e2e test (#​8292)
• Fix .github regex to skip drone runs on gh action bumps (#​8433)
• Added error when cluster reset while using server flag (#​8385)
  • The user will receive a error when --cluster-reset with the --server flag
• Update kube-router (#​8423)
  • Update kube-router to v2.0.0-rc7 to fix performance issues
• Add SHA256 signatures of the install script (#​8312)
  • • Add SHA256 signatures of the install script.
• Add --image-service-endpoint flag (#​8279)
  • Add --image-service-endpoint flag to specify an external image service socket.
• Don't ignore assets in home dir if system assets exist (#​8458)
• Pass SystemdCgroup setting through to nvidia runtime options (#​8470)
  • Fixed issue that would cause pods using nvidia container runtime to be killed after a few seconds, when using newer versions of nvidia-container-toolkit.
• Improve release docs - updated (#​8414)
• Take IPFamily precedence based on order (#​8460)
• Fix spellcheck problem (#​8507)
• Network defaults are duplicated, remove one (#​8523)
• Fix slemicro check for selinux (#​8526)
• Update install.sh.sha256sum (#​8566)
• System agent push tags fix (#​8568)
• Fixed tailscale node IP dualstack mode in case of IPv4 only node (#​8524)
• Server Token Rotation (#​8265)
  • Users can now rotate the server token using k3s token rotate -t <OLD_TOKEN> --new-token <NEW_TOKEN>. After command succeeds, all server nodes must be restarted with the new token.
• E2E Domain Drone Cleanup (#​8579)
• Bump containerd to v1.7.7-k3s1 (#​8604)
• Bump busybox to v1.36.1 (#​8602)
• Migrate to using custom resource to store etcd snapshot metadata (#​8064)
• Switch build target from main.go to a package. (#​8342)
• Use IPv6 in case is the first configured IP with dualstack (#​8581)
• Bump traefik, golang.org/x/net, google.golang.org/grpc (#​8624)
• Update kube-router package in build script (#​8630)
• Add etcd-only/control-plane-only server test and fix control-plane-only server crash (#​8638)
• Use version.Program not K3s in token rotate logs (#​8653)
• [Windows Port (#​7259)
• Fix CloudDualStackNodeIPs feature-gate inconsistency (#​8667)
• Re-enable etcd endpoint auto-sync (#​8675)
• Manually requeue configmap reconcile when no nodes have reconciled snapshots (#​8683)
• Update to v1.28.3 and Go to v1.20.10 (#​8682)
• Fix s3 snapshot restore (#​8729)

Embedded Component Versions

Component	Version
Kubernetes	v1.28.3
Kine	v0.10.3
SQLite	3.42.0
Etcd	v3.5.9-k3s1
Containerd	v1.7.7-k3s1
Runc	v1.1.8
Flannel	v0.22.2
Metrics-server	v0.6.3
Traefik	v2.10.5
CoreDNS	v1.10.1
Helm-controller	v0.15.4
Local-path-provisioner	v0.0.24

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started or to dive deep into K3s.
• Read how you can contribute here

v1.28.3+k3s2: v1.28.3+k3s2

Compare Source

v1.28.2+k3s1: v1.28.2+k3s1

Compare Source

This release updates Kubernetes to v1.28.2, and fixes a number of issues.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.28.1+k3s1:

• Update channel for version v1.28 (#​8305)
• Bump kine to v0.10.3 (#​8323)
• Update to v1.28.2 and go v1.20.8 (#​8364)
  • Bump embedded containerd to v1.7.6
  • Bump embedded stargz-snapshotter plugin to latest
  • Fixed intermittent drone CI failures due to race conditions in test environment setup scripts
  • Fixed CI failures due to changes to api discovery changes in Kubernetes 1.28

Embedded Component Versions

Component	Version
Kubernetes	v1.28.2
Kine	v0.10.3
SQLite	3.42.0
Etcd	v3.5.9-k3s1
Containerd	v1.7.6-k3s1
Runc	v1.1.8
Flannel	v0.22.2
Metrics-server	v0.6.3
Traefik	v2.9.10
CoreDNS	v1.10.1
Helm-controller	v0.15.4
Local-path-provisioner	v0.0.24

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started or to dive deep into K3s.
• Read how you can contribute here

v1.28.1+k3s1: v1.28.1+k3s1

Compare Source

This release is K3S's first in the v1.28 line. This release updates Kubernetes to v1.28.1.

⚠️ IMPORTANT: This release includes remediation for CVE-2023-32187, a potential Denial of Service attack vector on K3s servers. See GHSA-m4hf-6vgr-75r2 for more information, including documentation on changes in behavior that harden clusters against this vulnerability.

Kubernetes v1.28 contains a critical regression (kubernetes/kubernetes#120247) that causes init containers to run at the same time as app containers following a restart of the node. This issue will be fixed in v1.28.2. We do not recommend using K3s v1.28 at this time if your application depends on init containers.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.27.5+k3s1:

• Update to v1.28.1 (#​8239)
• CLI Removal for v1.28.0 (#​8203)
• Secrets Encryption V3 (#​8111)
• Add new CLI flag to disable TLS SAN CN filtering (#​8252)
  • Added a new --tls-san-security option.
• Add RWMutex to address controller (#​8268)

Embedded Component Versions

Component	Version
Kubernetes	v1.28.1
Kine	v0.10.3
SQLite	3.42.0
Etcd	v3.5.9-k3s1
Containerd	v1.7.3-k3s2
Runc	v1.1.8
Flannel	v0.22.2
Metrics-server	v0.6.3
Traefik	v2.9.10
CoreDNS	v1.10.1
Helm-controller	v0.15.4
Local-path-provisioner	v0.0.24

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started or to dive deep into K3s.
• Read how you can contribute here

v1.27.8+k3s1: v1.27.8+k3s1

Compare Source

This release updates Kubernetes to v1.27.8, and fixes a number of issues.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.27.7+k3s2:

• Etcd status condition (#​8821)
• Add warning for removal of multiclustercidr flag (#​8759)
• Backports for 2023-11 release (#​8878)
  • New timezone info in Docker image allows the use of spec.timeZone in CronJobs
  • Bumped kine to v0.11.0 to resolve issues with postgres and NATS, fix performance of watch channels under heavy load, and improve compatibility with the reference implementation.
  • Containerd may now be configured to use rdt or blockio configuration by defining rdt_config.yaml or blockio_config.yaml files.
  • Add agent flag disable-apiserver-lb, agent will not start load balance proxy.
  • Improved ingress IP ordering from ServiceLB
  • Disable helm CRD installation for disable-helm-controller
  • Omit snapshot list configmap entries for snapshots without extra metadata
  • Add jitter to client config retry to avoid hammering servers when they are starting up
• Handle nil pointer when runtime core is not ready in etcd (#​8887)
• Improve dualStack log (#​8828)
• Bump dynamiclistener; reduce snapshot controller log spew (#​8902)
  • Bumped dynamiclistener to address a race condition that could cause a server to fail to sync its certificates into the Kubernetes secret
  • Reduced etcd snapshot log spam during initial cluster startup
• Remove depends_on for e2e step; fix cert rotate e2e (#​8907)
• Fix etcd snapshot S3 issues (#​8937)
  • Don't apply S3 retention if S3 client failed to initialize
  • Don't request metadata when listing S3 snapshots
  • Print key instead of file path in snapshot metadata log message
• Update to v1.27.8 and Go to 1.20.11 (#​8921)

Embedded Component Versions

Component	Version
Kubernetes	v1.27.8
Kine	v0.11.0
SQLite	3.42.0
Etcd	v3.5.9-k3s1
Containerd	v1.7.7-k3s1.27
Runc	v1.1.8
Flannel	v0.22.2
Metrics-server	v0.6.3
Traefik	v2.10.5
CoreDNS	v1.10.1
Helm-controller	v0.15.4
Local-path-provisioner	v0.0.24

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started or to dive deep into K3s.
• Read how you can contribute here

v1.27.8+k3s2: v1.27.8+k3s2

Compare Source

This release updates Kubernetes to v1.27.8, and fixes a number of issues.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.27.7+k3s2:

• Etcd status condition (#​8821)
• Add warning for removal of multiclustercidr flag (#​8759)
• Backports for 2023-11 release (#​8878)
  • New timezone info in Docker image allows the use of spec.timeZone in CronJobs
  • Bumped kine to v0.11.0 to resolve issues with postgres and NATS, fix performance of watch channels under heavy load, and improve compatibility with the reference implementation.
  • Containerd may now be configured to use rdt or blockio configuration by defining rdt_config.yaml or blockio_config.yaml files.
  • Add agent flag disable-apiserver-lb, agent will not start load balance proxy.
  • Improved ingress IP ordering from ServiceLB
  • Disable helm CRD installation for disable-helm-controller
  • Omit snapshot list configmap entries for snapshots without extra metadata
  • Add jitter to client config retry to avoid hammering servers when they are starting up
• Handle nil pointer when runtime core is not ready in etcd (#​8887)
• Improve dualStack log (#​8828)
• Bump dynamiclistener; reduce snapshot controller log spew (#​8902)
  • Bumped dynamiclistener to address a race condition that could cause a server to fail to sync its certificates into the Kubernetes secret
  • Reduced etcd snapshot log spam during initial cluster startup
• Remove depends_on for e2e step; fix cert rotate e2e (#​8907)
• Fix etcd snapshot S3 issues (#​8937)
  • Don't apply S3 retention if S3 client failed to initialize
  • Don't request metadata when listing S3 snapshots
  • Print key instead of file path in snapshot metadata log message
• Update to v1.27.8 and Go to 1.20.11 (#​8921)
• Remove s390x (#​8999)

Embedded Component Versions

Component	Version
Kubernetes	v1.27.8
Kine	v0.11.0
SQLite	3.42.0
Etcd	v3.5.9-k3s1
Containerd	v1.7.7-k3s1.27
Runc	v1.1.8
Flannel	v0.22.2
Metrics-server	v0.6.3
Traefik	v2.10.5
CoreDNS	v1.10.1
Helm-controller	v0.15.4
Local-path-provisioner	v0.0.24

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started or to dive deep into K3s.
• Read how you can contribute here

v1.27.7+k3s1: v1.27.7+k3s1

Compare Source

This release updates Kubernetes to v1.27.7, and fixes a number of issues.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.27.6+k3s1:

• Fix error reporting (#​8411)
• Add context to flannel errors (#​8419)
• Include the interface name in the error message (#​8435)
• Update kube-router (#​8443)
• Add extraArgs to tailscale (#​8464)
• Added error when cluster reset while using server flag (#​8455)
  • The user will receive a error when --cluster-reset with the --server flag
• Cluster reset from non bootstrap nodes (#​8451)
• Take IPFamily precedence based on order (#​8504)
• Fix spellcheck problem (#​8509)
• Network defaults are duplicated, remove one (#​8551)
• Advertise address integration test (#​8516)
• System agent push tags fix (#​8569)
• Fixed tailscale node IP dualstack mode in case of IPv4 only node (#​8558)
• Server Token Rotation (#​8576)
  • Users can now rotate the server token using k3s token rotate -t <OLD_TOKEN> --new-token <NEW_TOKEN>. After command succeeds, all server nodes must be restarted with the new token.
• E2E Domain Drone Cleanup (#​8582)
• Clear remove annotations on cluster reset (#​8587)
  • Fixed an issue that could cause k3s to attempt to remove members from the etcd cluster immediately following a cluster-reset/restore, if they were queued for removal at the time the snapshot was taken.
• Use IPv6 in case is the first configured IP with dualstack (#​8597)
• Backports for 2023-10 release (#​8615)
• Update kube-router package in build script (#​8634)
• Add etcd-only/control-plane-only server test and fix control-plane-only server crash (#​8642)
• Use version.Program not K3s in token rotate logs (#​8656)
• Windows agent support (#​8650)
• Fix CloudDualStackNodeIPs feature-gate inconsistency (#​8669)
• Add --image-service-endpoint flag (#​8279) (#​8662)
  • Add --image-service-endpoint flag to specify an external image service socket.
• Backport etcd fixes (#​8690)
  • Re-enable etcd endpoint auto-sync
  • Manually requeue configmap reconcile when no nodes have reconciled snapshots
• Update to v1.27.7 and Go to v1.20.10 (#​8681)
• Fix s3 snapshot restore (#​8733)

Embedded Component Versions

Component	Version
Kubernetes	v1.27.7
Kine	v0.10.3
SQLite	3.42.0
Etcd	v3.5.9-k3s1
Containerd	v1.7.7-k3s1.27
Runc	v1.1.8
Flannel	v0.22.2
Metrics-server	v0.6.3
Traefik	v2.10.5
CoreDNS	v1.10.1
Helm-controller	v0.15.4
Local-path-provisioner	v0.0.24

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started or to dive deep into K3s.
• Read how you can contribute here

v1.27.7+k3s2: v1.27.7+k3s2

Compare Source

This release updates Kubernetes to v1.27.7, and fixes a number of issues.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.27.7+k3s1:

• Fix SystemdCgroup in templates_linux.go (#​8765)
  • Fixed an issue with identifying additional container runtimes
• Update traefik chart to v25.0.0 (#​8775)
• Update traefik to fix registry value (#​8789)

Embedded Component Versions

Component	Version
Kubernetes	v1.27.7
Kine	v0.10.3
SQLite	3.42.0
Etcd	v3.5.9-k3s1
Containerd	v1.7.7-k3s1.27
Runc	v1.1.8
Flannel	v0.22.2
Metrics-server	v0.6.3
Traefik	v2.10.5
CoreDNS	v1.10.1
Helm-controller	v0.15.4
Local-path-provisioner	v0.0.24

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started or to dive deep into K3s.
• Read how you can contribute here

v1.27.6+k3s1: v1.27.6+k3s1

Compare Source

This release updates Kubernetes to v1.27.6, and fixes a number of issues.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.27.5+k3s1:

• Bump kine to v0.10.3 (#​8324)
• Update to v1.27.6 and Go to 1.20.8 (#​8356)
  • Bump embedded containerd to v1.7.6
  • Bump embedded stargz-snapshotter plugin to latest
  • Fixed intermittent drone CI failures due to race conditions in test environment setup scripts
  • Fixed CI failures due to changes to api discovery changes in Kubernetes 1.28

Embedded Component Versions

Component	Version
Kubernetes	v1.27.6
Kine	v0.10.3
SQLite	3.42.0
Etcd	v3.5.9-k3s1
Containerd	v1.7.6-k3s1.27
Runc	v1.1.8
Flannel	v0.22.2
Metrics-server	v0.6.3
Traefik	v2.9.10
CoreDNS	v1.10.1
Helm-controller	v0.15.4
Local-path-provisioner	v0.0.24

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started or to dive deep into K3s.
• Read how you can contribute here

v1.27.5+k3s1: v1.27.5+k3s1

Compare Source

This release updates Kubernetes to v1.27.5, and fixes a number of issues.

⚠️ IMPORTANT: This release includes support for remediating CVE-2023-32187, a potential Denial of Service attack vector on K3s servers. See GHSA-m4hf-6vgr-75r2 for more information, including mandatory steps necessary to harden clusters against this vulnerability.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.27.4+k3s1:

• Update cni plugins version to v1.3.0 (#​8056)
  • Upgraded cni-plugins to v1.3.0
• Update flannel to v0.22.1 (#​8057)
  • Update flannel to v0.22.1
• ADR on secrets encryption v3 (#​7938)
• Unit test for MustFindString (#​8013)
• Add support for using base template in etc/containerd/config.toml.tmpl (#​7991)
  • User-provided containerd config templates may now use {{ template "base" . }} to include the default K3s template content. This makes it easier to maintain user configuration if the only need is to add additional sections to the file.
• Make apiserver egress args conditional on egress-selector-mode (#​7972)
  • K3s no longer enables the apiserver's enable-aggregator-routing flag when the egress proxy is not being used to route connections to in-cluster endpoints.
• Security bump to docker/distribution (#​8047)
• Fix coreos multiple installs (#​8083)
• Update stable channel to v1.27.4+k3s1 (#​8067)
• Fix tailscale bug with ip modes (#​8077)
• Consolidate CopyFile functions (#​8079)
• E2E: Support GOCOVER for more tests + fixes (#​8080)
• Fix typo in terraform/README.md (#​8090)
• Add FilterCN function to prevent SAN Stuffing (#​8085)
  • K3s's external apiserver listener now declines to add to its certificate any subject names not associated with the kubernetes apiserver service, server nodes, or values of the --tls-san option. This prevents the certificate's SAN list from being filled with unwanted entries.
• Bump docker/docker to master commit; cri-dockerd to 0.3.4 (#​8092)
  • Bump docker/docker module version to fix issues with cri-dockerd caused by recent releases of golang rejecting invalid host headers sent by the docker client.
• Bump versions for etcd, containerd, runc (#​8109)
  • Updated the embedded containerd to v1.7.3+k3s1
  • Updated the embedded runc to v1.1.8
  • Updated the embedded etcd to v3.5.9+k3s1
• Etcd snapshots retention when node name changes (#​8099)
• Bump kine to v0.10.2 (#​8125)
  • Updated kine to v0.10.2
• Remove terraform package (#​8136)
• Fix etcd-snapshot delete when etcd-s3 is true (#​8110)
• Add --disable-cloud-controller and --disable-kube-proxy test (#​8018)
• Use go list -m instead of grep to look up versions (#​8138)
• Use VERSION_K8S in tests instead of grep go.mod (#​8147)
• Fix for Kubeflag Integration test (#​8154)
• Fix for cluster-reset backup from s3 when etcd snapshots are disabled (#​8155)
• Run integration test CI in parallel (#​8156)
• Bump Trivy version (#​8150)
• Bump Trivy version (#​8178)
• Fixed the etcd retention to delete orphaned snapshots based on the date (#​8177)
• Bump dynamiclistener (#​8193)
  • Bumped dynamiclistener to address an issue that could cause the apiserver/supervisor listener on 6443 to stop serving requests on etcd-only nodes.
  • The K3s external apiserver/supervisor listener on 6443 now sends a complete certificate chain in the TLS handshake.
• Bump helm-controller/klipper-helm versions (#​8204)
  • The version of helm used by the bundled helm controller's job image has been updated to v3.12.3
• E2E: Add test for k3s token (#​8184)
• Move flannel to 0.22.2 (#​8219)
  • Move flannel to v0.22.2
• Update to v1.27.5 (#​8236)
• Add new CLI flag to enable TLS SAN CN filtering (#​8257)
  • Added a new --tls-san-security option. This flag defaults to false, but can be set to true to disable automatically adding SANs to the server's TLS certificate to satisfy any hostname requested by a client.
• Add RWMutex to address controller (#​8273)

Embedded Component Versions

Component	Version
Kubernetes	v1.27.5
Kine	v0.10.2
SQLite	3.42.0
Etcd	v3.5.9-k3s1
Containerd	v1.7.3-k3s1
Runc	v1.1.8
Flannel	v0.22.2
Metrics-server	v0.6.3
Traefik	v2.9.10
CoreDNS	v1.10.1
Helm-controller	v0.15.4
Local-path-provisioner	v0.0.24

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started or to dive deep into K3s.
• Read how you can contribute here

v1.27.4+k3s1: v1.27.4+k3s1

Compare Source

This release updates Kubernetes to v1.27.4, and fixes a number of issues.
​
For more details on what's new, see the Kubernetes release notes.
​

Changes since v1.27.3+k3s1:

​

• Pkg imported more than once (#​7803)
• Faster K3s Binary Build Option (#​7805)
• Update stable channel to v1.27.3+k3s1 [(#​7827)](https://togithub.com/k3s-io/

---

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.