k3s - v1.28.4+k3s2

This release updates Kubernetes to v1.28.4, and fixes a number of issues.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.28.3+k3s2:

• Update channels latest to v1.27.7+k3s2 (#8799)
• Add etcd status condition (#8724)
• Now the user can see the etcd status from each node in a simple way
• ADR for etcd status (#8355)
• Wasm shims detection (#8751)
• Automatic discovery of WebAssembly runtimes
• Add warning for removal of multiclustercidr flag (#8758)
• Improve dualStack log (#8798)
• Optimize: Simplify and clean up Dockerfile (#8244)
• Add: timezone info in image (#8764)
• • New timezone info in Docker image allows the use of spec.timeZone in CronJobs
• Bump kine to fix nats, postgres, and watch issues (#8778)
• Bumped kine to v0.11.0 to resolve issues with postgres and NATS, fix performance of watch channels under heavy load, and improve compatibility with the reference implementation.
• QoS-class resource configuration (#8726)
• Containerd may now be configured to use rdt or blockio configuration by defining rdt_config.yaml or blockio_config.yaml files.
• Add agent flag disable-apiserver-lb (#8717)
• Add agent flag disable-apiserver-lb, agent will not start load balance proxy.
• Force umount for NFS mount (like with longhorn) (#8521)
• General updates to README (#8786)
• Fix wrong warning from restorecon in install script (#8871)
• Fix issue with snapshot metadata configmap (#8835)
• Omit snapshot list configmap entries for snapshots without extra metadata
• Skip initial datastore reconcile during cluster-reset (#8861)
• Tweaked order of ingress IPs in ServiceLB (#8711)
• Improved ingress IP ordering from ServiceLB
• Disable helm CRD installation for disable-helm-controller (#8702)
• More improves for K3s patch release docs (#8800)
• Update install.sh sha256sum (#8885)
• Add jitter to client config retry to avoid hammering servers when they are starting up (#8863)
• Handle nil pointer when runtime core is not ready in etcd (#8886)
• Bump dynamiclistener; reduce snapshot controller log spew (#8894)
• Bumped dynamiclistener to address a race condition that could cause a server to fail to sync its certificates into the Kubernetes secret
• Reduced etcd snapshot log spam during initial cluster startup
• Remove depends_on for e2e step; fix cert rotate e2e (#8906)
• Fix etcd snapshot S3 issues (#8926)
• Don't apply S3 retention if S3 client failed to initialize
• Don't request metadata when listing S3 snapshots
• Print key instead of file path in snapshot metadata log message
• Update to v1.28.4 and Go to v1.20.11 (#8920)
• Remove s390x steps temporarily since runners are disabled (#8983)
• Remove s390x from manifest (#8998)

Embedded Component Versions

| Component | Version |
|---|---|
| Kubernetes | v1.28.4 |
| Kine | v0.11.0 |
| SQLite | 3.42.0 |
| Etcd | v3.5.9-k3s1 |
| Containerd | v1.7.7-k3s1 |
| Runc | v1.1.8 |
| Flannel | v0.22.2 |
| Metrics-server | v0.6.3 |
| Traefik | v2.10.5 |
| CoreDNS | v1.10.1 |
| Helm-controller | v0.15.4 |
| Local-path-provisioner | v0.0.24 |

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our Slack channel
- Check out our documentation for guidance on how to get started or to dive deep into K3s.
- Read how you can contribute here