k3s - v1.24.17+k3s1
This release updates Kubernetes to v1.24.17, and fixes a number of issues.
For more details on what's new, see the Kubernetes release notes.
Changes since v1.24.16+k3s1:
- Update cni plugins version to v1.3.0 (#8087)
- Etcd snapshots retention when node name changes (#8124)
- August Test Backports (#8128)
- Backports for 2023-08 release (#8135)
- K3s's external apiserver listener now declines to add to its certificate any subject names not associated with the kubernetes apiserver service, server nodes, or values of the --tls-san option. This prevents the certificate's SAN list from being filled with unwanted entries.
- K3s no longer enables the apiserver's
enable-aggregator-routingflag when the egress proxy is not being used to route connections to in-cluster endpoints. - Updated the embedded containerd to v1.7.3+k3s1
- Updated the embedded runc to v1.1.8
- User-provided containerd config templates may now use
{{ template "base" . }}to include the default K3s template content. This makes it easier to maintain user configuration if the only need is to add additional sections to the file. - Bump docker/docker module version to fix issues with cri-dockerd caused by recent releases of golang rejecting invalid host headers sent by the docker client.
- Updated kine to v0.10.2
- K3s etcd-snapshot delete fail to delete local file when called with s3 flag (#8146)
- Fix for cluster-reset backup from s3 when etcd snapshots are disabled (#8168)
- Fixed the etcd retention to delete orphaned snapshots based on the date (#8191)
- Additional backports for 2023-08 release (#8214)
- The version of
helmused by the bundled helm controller's job image has been updated to v3.12.3 - Bumped dynamiclistener to address an issue that could cause the apiserver/supervisor listener on 6443 to stop serving requests on etcd-only nodes.
- The K3s external apiserver/supervisor listener on 6443 now sends a complete certificate chain in the TLS handshake.
- Fix runc version bump (#8243)
- Add new CLI flag to enable TLS SAN CN filtering (#8260)
- Added a new
--tls-san-securityoption. This flag defaults to false, but can be set to true to disable automatically adding SANs to the server's TLS certificate to satisfy any hostname requested by a client. - Add RWMutex to address controller (#8276)
- Update to v1.24.17 (#8240)
Embedded Component Versions
| Component | Version |
|---|---|
| Kubernetes | v1.24.17 |
| Kine | v0.10.2 |
| SQLite | 3.42.0 |
| Etcd | v3.5.3-k3s1 |
| Containerd | v1.7.3-k3s1 |
| Runc | v1.1.8 |
| Flannel | v0.21.3-k3s1.23 |
| Metrics-server | v0.6.3 |
| Traefik | v2.9.10 |
| CoreDNS | v1.10.1 |
| Helm-controller | v0.15.4 |
| Local-path-provisioner | v0.0.24 |
Helpful Links
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our Slack channel
- Check out our documentation for guidance on how to get started or to dive deep into K3s.
- Read how you can contribute here
Details
date
Sept. 5, 2023, 8:03 p.m.
name
v1.24.17+k3s1
type
Patch
👇
Register or login to:
- 🔍View and search all k3s releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!