k3s - v1.26.2+k3s1

This release updates Kubernetes to v1.26.2, and fixes a number of issues.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.26.1+k3s1:

  • Add build tag to disable cri-dockerd (#6760)
  • Bump cri-dockerd (#6797)
  • The embedded cri-dockerd has been updated to v0.3.1
  • Update stable channel to v1.25.6+k3s1 (#6828)
  • E2E Rancher and Hardened script improvements (#6778)
  • Add Ayedo to Adopters (#6801)
  • Consolidate E2E tests and GH Actions (#6772)
  • Allow ServiceLB to honor ExternalTrafficPolicy=Local (#6726)
  • ServiceLB now honors the Service's ExternalTrafficPolicy. When set to Local, the LoadBalancer will only advertise addresses of Nodes with a Pod for the Service, and will not forward traffic to other cluster members.
  • Fix cronjob example (#6707)
  • Bump vagrant boxes to fedora37 (#6832)
  • Ensure flag type consistency (#6852)
  • E2E: Consoldiate docker and prefer bundled tests into new startup test (#6851)
  • Fix reference to documentation (#6860)
  • Bump deps: trivy, sonobuoy, dapper, golangci-lint, gopls (#6807)
  • Fix check for (open)SUSE version (#6791)
  • Add support for user-provided CA certificates (#6615)
  • K3s now functions properly when the cluster CA certificates are signed by an existing root or intermediate CA. You can find a sample script for generating such certificates before K3s starts in the github repo at contrib/util/certs.sh.
  • Ignore value conflicts when reencrypting secrets (#6850)
  • Add kubeadm style bootstrap token secret support (#6663)
  • K3s now supports kubeadm style join tokens. k3s token create now creates join token secrets, optionally with a limited TTL.
  • K3s agents joined with an expired or deleted token stay in the cluster using existing client certificates via the NodeAuthorization admission plugin, unless their Node object is deleted from the cluster.
  • Add NATS to the list of supported data stores (#6876)
  • Use default address family when adding kubernetes service address to SAN list (#6857)
  • The apiserver advertised address and IP SAN entry are now set correctly on clusters that use IPv6 as the default IP family.
  • Fix issue with servicelb startup failure when validating webhooks block creation (#6911)
  • The embedded cloud controller manager will no longer attempt to unconditionally re-create its namespace and serviceaccount on startup. This resolves an issue that could cause a deadlocked cluster when fail-closed webhooks are in use.
  • Fix access to hostNetwork port on NodeIP when egress-selector-mode=agent (#6829)
  • Fixed an issue that would cause the apiserver egress proxy to attempt to use the agent tunnel to connect to service endpoints even in agent or disabled mode.
  • Wait for server to become ready before creating token (#6932)
  • Allow for multiple sets of leader-elected controllers (#6922)
  • Fixed an issue where leader-elected controllers for managed etcd did not run on etcd-only nodes
  • Update Flannel to v0.21.1 (#6944)
  • Fix Nightly E2E tests (#6950)
  • Fix etcd and ca-cert rotate issues (#6952)
  • Fix ServiceLB dual-stack ingress IP listing (#6979)
  • Resolved an issue with ServiceLB that would cause it to advertise node IPv6 addresses, even if the cluster or service was not enabled for dual-stack operation.
  • Bump kine to v0.9.9 (#6974)
  • The embedded kine version has been bumped to v0.9.9. Compaction log messages are now omitted at info level for increased visibility.
  • Update to v1.26.2-k3s1 (#7011)

Embedded Component Versions

| Component | Version |
| Kubernetes | v1.26.2 |
| Kine | v0.9.9 |
| SQLite | 3.39.2 |
| Etcd | v3.5.5-k3s1 |
| Containerd | v1.6.15-k3s1 |
| Runc | v1.1.4 |
| Flannel | v0.21.1 |
| Metrics-server | v0.6.2 |
| Traefik | v2.9.4 |
| CoreDNS | v1.9.4 |
| Helm-controller | v0.13.1 |
| Local-path-provisioner | v0.0.23 |

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our Slack channel
- Check out our documentation for guidance on how to get started or to dive deep into K3s.
- Read how you can contribute here


March 10, 2023, 9:36 p.m.
Register or login to:
  • 🔍View and search all k3s releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google