k3s - v1.23.5+k3s1

This release updates Kubernetes to v1.23.5, and fixes a number of issues.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.23.4+k3s1:

• Add partial support for IPv6 only mode (#4450)
• Integration tests: move to a global test lock (#5155)
• Fixed a bug that prevented users from using k3s secrets-encryption rotation after upgrading from older K3s versions. (#5140)
• Add ability to specify etcd snapshot list output format (#5132)
• Add --json flag for k3s secrets-encrypt status (#5127)
• Bump up github.com/containerd/stargz-snapshotter (v0.11.0) (#5032)
• Server nodes with only etcd/control-plane/etcd+control-plane roles can now be added to the cluster in any order, as long as the first node has the etcd role. (#5143)
• Add http/2 support to API server (#5149)
• E2E secrets encryption test (#5144)
• Any alarms present on the embedded etcd datastore are now reported and cleared at startup. This should allow for graceful recovery after exceeding and subsequently raising the etcd quota size. (#5158)
• When using the unsupported --disable-agent flag, kube-scheduler will now be started when a node is available. (#5125)
• E2E Add external DB options to ValidateCluster test (#5157)
• [master] changing package to k3s-io (#4846)
• The embedded containerd has been bumped to v1.5.10-k3s1 (#5201)
• The embedded ServiceLB LoadBalancer controller now supports mixed-protocol Services, and will clean up daemonsets when the Service type changes. (#5205)
• Flannel 0.17 (#5215)
• k3s secrets-encrypt prepare can now be used on control-plane only nodes (#5222)
• fix function arg call (#5234)
• Added ipv6 only support with flannel (#5238)
• Testing directory and documentation rework. (#5256)
• Fixed a regression present in 1.23 that prevented the embedded kubectl binary from parsing common CLI flags, such as -v=0 to set verbosity (#5270)
• The embedded Helm controller can now cease management of existing HelmChart releases, supports setting a failure policy for install/update operations, and allows trusting custom CA certs for remote chart repositories. (#5263)
• E2E Split Server Test (#5286)
• Replace CentOS 8 with Rocky Linux 8 for install testing (#5279)
• Secondary etcd-only nodes will now successfully bootstrap containerd and the kubelet before a control-plane node has joined the cluster. (#5300)
• Refactor automation using terraform (#5268)
• Update Kubernetes to v1.23.5-k3s1 (#5271)
• The packaged coredns version has been bumped to v1.9.1 (#5308)
• Defragment etcd datastore before clearing alarms; don't delete temp etcd db while reconciling
• The embedded etcd database is now defragmented on startup.
• Fixed an issue that could cause restart of managed etcd nodes to occasionally fail while reconciling bootstrap data. (#5336)
• [master] Wrap containerd.New (#5361)

Embedded Component Versions

| Component | Version |
|---|---|
| Kubernetes | v1.23.5 |
| Kine | v0.8.1 |
| SQLite | 3.36.0 |
| Etcd | v3.5.1-k3s1 |
| Containerd | v1.5.10-k3s1 |
| Runc | v1.0.3 |
| Flannel | v0.17.0 |
| Metrics-server | v0.5.2 |
| Traefik | v2.6.1 |
| CoreDNS | v1.9.1 |
| Helm-controller | v0.11.7 |
| Local-path-provisioner | v0.0.21 |

Known Issues

• The etcd maintainers have recommended against the use of etcd 3.5.0-3.5.2 for new production workloads, due to a recently discovered bug that may cause data loss when etcd is killed under high load. Please see this link for more details.

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our Slack channel
- Check out our documentation for guidance on how to get started or to dive deep into K3s.
- Read how you can contribute here