From 7ae0799a2ad0b86c7030d61939dc06e8fa04ec9d Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Mon, 29 Jun 2026 07:36:53 +0000 Subject: [PATCH] update release-notes/k3s-*.md Signed-off-by: Brad Davidson --- docs/release-notes/v1.33.X.md | 767 +++++++++++++++++----------------- docs/release-notes/v1.34.X.md | 572 +++++++++++++------------ docs/release-notes/v1.35.X.md | 362 ++++++++-------- docs/release-notes/v1.36.X.md | 120 +++--- 4 files changed, 957 insertions(+), 864 deletions(-) diff --git a/docs/release-notes/v1.33.X.md b/docs/release-notes/v1.33.X.md index a134d79d1..6418edd15 100644 --- a/docs/release-notes/v1.33.X.md +++ b/docs/release-notes/v1.33.X.md @@ -11,6 +11,7 @@ Before upgrading from earlier releases, be sure to read the Kubernetes [Urgent U | Version | Release date | Kubernetes | Kine | SQLite | Etcd | Containerd | Runc | Flannel | Metrics-server | Traefik | CoreDNS | Helm-controller | Local-path-provisioner | | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | +| [v1.33.13+k3s1](v1.33.X.md#release-v13313k3s1) | Jun 24 2026| [v1.33.13](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13313) | [v0.16.1](https://github.com/k3s-io/kine/releases/tag/v0.16.1) | [3.53.0](https://sqlite.org/releaselog/3_53_0.html) | [v3.6.12-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.6.12-k3s1) | [v2.2.5-k3s1.33](https://github.com/k3s-io/containerd/releases/tag/v2.2.5-k3s1.33) | [v1.4.2](https://github.com/opencontainers/runc/releases/tag/v1.4.2) | [v0.28.4](https://github.com/flannel-io/flannel/releases/tag/v0.28.4) | [v0.8.1](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.8.1) | [v3.7.4](https://github.com/traefik/traefik/releases/tag/v3.7.4) | [v1.14.4](https://github.com/coredns/coredns/releases/tag/v1.14.4) | [v0.17.1](https://github.com/k3s-io/helm-controller/releases/tag/v0.17.1) | [v0.0.36](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.36) | | [v1.33.12+k3s1](v1.33.X.md#release-v13312k3s1) | May 20 2026| [v1.33.12](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13312) | [v0.15.0](https://github.com/k3s-io/kine/releases/tag/v0.15.0) | [3.53.0](https://sqlite.org/releaselog/3_53_0.html) | [v3.6.7-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.6.7-k3s1) | [v2.2.3-k3s1.33](https://github.com/k3s-io/containerd/releases/tag/v2.2.3-k3s1.33) | [v1.4.2](https://github.com/opencontainers/runc/releases/tag/v1.4.2) | [v0.28.4](https://github.com/flannel-io/flannel/releases/tag/v0.28.4) | [v0.8.1](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.8.1) | [v3.6.13](https://github.com/traefik/traefik/releases/tag/v3.6.13) | [v1.14.3](https://github.com/coredns/coredns/releases/tag/v1.14.3) | [v0.17.1](https://github.com/k3s-io/helm-controller/releases/tag/v0.17.1) | [v0.0.36](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.36) | | [v1.33.11+k3s1](v1.33.X.md#release-v13311k3s1) | Apr 27 2026| [v1.33.11](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13311) | [v0.14.16](https://github.com/k3s-io/kine/releases/tag/v0.14.16) | [3.51.3](https://sqlite.org/releaselog/3_51_3.html) | [v3.6.7-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.6.7-k3s1) | [v2.2.3-k3s1.33](https://github.com/k3s-io/containerd/releases/tag/v2.2.3-k3s1.33) | [v1.4.2](https://github.com/opencontainers/runc/releases/tag/v1.4.2) | [v0.28.4](https://github.com/flannel-io/flannel/releases/tag/v0.28.4) | [v0.8.1](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.8.1) | [v3.6.13](https://github.com/traefik/traefik/releases/tag/v3.6.13) | [v1.14.2](https://github.com/coredns/coredns/releases/tag/v1.14.2) | [v0.17.1](https://github.com/k3s-io/helm-controller/releases/tag/v0.17.1) | [v0.0.35](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.35) | | [v1.33.10+k3s1](v1.33.X.md#release-v13310k3s1) | Mar 28 2026| [v1.33.10](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v13310) | [v0.14.14](https://github.com/k3s-io/kine/releases/tag/v0.14.14) | [3.51.2](https://sqlite.org/releaselog/3_51_2.html) | [v3.5.26-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.5.26-k3s1) | [v2.2.2-k3s1.33](https://github.com/k3s-io/containerd/releases/tag/v2.2.2-k3s1.33) | [v1.4.1](https://github.com/opencontainers/runc/releases/tag/v1.4.1) | [v0.28.2](https://github.com/flannel-io/flannel/releases/tag/v0.28.2) | [v0.8.1](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.8.1) | [v3.6.10](https://github.com/traefik/traefik/releases/tag/v3.6.10) | [v1.14.2](https://github.com/coredns/coredns/releases/tag/v1.14.2) | [v0.16.17](https://github.com/k3s-io/helm-controller/releases/tag/v0.16.17) | [v0.0.35](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.35) | @@ -28,404 +29,424 @@ Before upgrading from earlier releases, be sure to read the Kubernetes [Urgent U
+## Release [v1.33.13+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.33.13+k3s1) + +> [!WARNING] +> This release upgrades Traefik chart to v40.x which includes a breaking change for the ingress-nginx migration: the provider name changes from `kubernetesIngressNginx` to `kubernetesIngressNGINX`. Check https://github.com/traefik/traefik-helm-chart/releases/tag/v40.0.0 for more details + +This release updates Kubernetes to v1.33.13, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#changelog-since-v13312). + +### Changes since v1.33.12+k3s1: + +* Backports for 2026-06 [(#14155)](https://github.com/k3s-io/k3s/pull/14155) +* Bump v3.7.4 Traefik [(#14196)](https://github.com/k3s-io/k3s/pull/14196) +* More backports for 2026-06 [(#14218)](https://github.com/k3s-io/k3s/pull/14218) +* Testing Backports 2026-06 [(#14217)](https://github.com/k3s-io/k3s/pull/14217) +* Bump klipper-helm for CVE reasons [(#14238)](https://github.com/k3s-io/k3s/pull/14238) +* Update to v1.33.13-k3s1 and Go 1.25.11 [(#14227)](https://github.com/k3s-io/k3s/pull/14227) +* Bump containerd to v2.2.5-k3s1.33 [(#14256)](https://github.com/k3s-io/k3s/pull/14256) + +----- ## Release [v1.33.12+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.33.12+k3s1) - - -This release updates Kubernetes to v1.33.12, and fixes a number of issues. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#changelog-since-v13311). - -### Changes since v1.33.11+k3s1: - -* Backports for 2026-05 [(#14035)](https://github.com/k3s-io/k3s/pull/14035) -* Update rancher/local-path-provisioner image version [(#14045)](https://github.com/k3s-io/k3s/pull/14045) -* Update to v1.33.12-k3s1 and Go 1.25.9 [(#14048)](https://github.com/k3s-io/k3s/pull/14048) -* Bump klipper-helm image tag [(#14058)](https://github.com/k3s-io/k3s/pull/14058) - + + +This release updates Kubernetes to v1.33.12, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#changelog-since-v13311). + +### Changes since v1.33.11+k3s1: + +* Backports for 2026-05 [(#14035)](https://github.com/k3s-io/k3s/pull/14035) +* Update rancher/local-path-provisioner image version [(#14045)](https://github.com/k3s-io/k3s/pull/14045) +* Update to v1.33.12-k3s1 and Go 1.25.9 [(#14048)](https://github.com/k3s-io/k3s/pull/14048) +* Bump klipper-helm image tag [(#14058)](https://github.com/k3s-io/k3s/pull/14058) + ----- ## Release [v1.33.11+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.33.11+k3s1) - - -This release updates Kubernetes to v1.33.11, and fixes a number of issues. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#changelog-since-v13310). - -### Changes since v1.33.10+k3s1: - -* Immutable release changes [(#13899)](https://github.com/k3s-io/k3s/pull/13899) -* Backports for 2026-04 [(#13932)](https://github.com/k3s-io/k3s/pull/13932) -* Bump flannel to v0.28.4 [(#13943)](https://github.com/k3s-io/k3s/pull/13943) -* Bump traefik to 3.6.12 [(#13926)](https://github.com/k3s-io/k3s/pull/13926) -* Update to v1.33.11-k3s1 and Go 1.25.9 [(#13944)](https://github.com/k3s-io/k3s/pull/13944) -* Switch from draft to pre-release [(#13948)](https://github.com/k3s-io/k3s/pull/13948) -* Bump Traefik to 3.6.13 (#13969) [(#13972)](https://github.com/k3s-io/k3s/pull/13972) -* Fix SANs added from comma-separated node-external-ip list [(#13992)](https://github.com/k3s-io/k3s/pull/13992) -* Bump klipper-helm image for revision check fix [(#13998)](https://github.com/k3s-io/k3s/pull/13998) - + + +This release updates Kubernetes to v1.33.11, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#changelog-since-v13310). + +### Changes since v1.33.10+k3s1: + +* Immutable release changes [(#13899)](https://github.com/k3s-io/k3s/pull/13899) +* Backports for 2026-04 [(#13932)](https://github.com/k3s-io/k3s/pull/13932) +* Bump flannel to v0.28.4 [(#13943)](https://github.com/k3s-io/k3s/pull/13943) +* Bump traefik to 3.6.12 [(#13926)](https://github.com/k3s-io/k3s/pull/13926) +* Update to v1.33.11-k3s1 and Go 1.25.9 [(#13944)](https://github.com/k3s-io/k3s/pull/13944) +* Switch from draft to pre-release [(#13948)](https://github.com/k3s-io/k3s/pull/13948) +* Bump Traefik to 3.6.13 (#13969) [(#13972)](https://github.com/k3s-io/k3s/pull/13972) +* Fix SANs added from comma-separated node-external-ip list [(#13992)](https://github.com/k3s-io/k3s/pull/13992) +* Bump klipper-helm image for revision check fix [(#13998)](https://github.com/k3s-io/k3s/pull/13998) + ----- ## Release [v1.33.10+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.33.10+k3s1) - - -This release updates Kubernetes to v1.33.10, and fixes a number of issues. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#changelog-since-v1339). - -### Changes since v1.33.9+k3s1: - -* Bump to coredns 1.14.2 [(#13759)](https://github.com/k3s-io/k3s/pull/13759) -* Save cluster state before reencrypting secrets with newly created key [(#13773)](https://github.com/k3s-io/k3s/pull/13773) -* Backports for 2026-03 [(#13791)](https://github.com/k3s-io/k3s/pull/13791) -* Bump runc to v1.4.1 [(#13799)](https://github.com/k3s-io/k3s/pull/13799) -* Bump Traefik helm chart version [(#13813)](https://github.com/k3s-io/k3s/pull/13813) -* Bump cni plugins to v1.9.1 [(#13824)](https://github.com/k3s-io/k3s/pull/13824) -* Simplify snapshot compress/decompress logic [(#13829)](https://github.com/k3s-io/k3s/pull/13829) -* Update to v1.33.10-k3s1 and Go 1.24.13 [(#13833)](https://github.com/k3s-io/k3s/pull/13833) -* Chore: Update Trivy version in Dockerfile.dapper [(#13849)](https://github.com/k3s-io/k3s/pull/13849) -* Update to flannel v0.28.2 [(#13870)](https://github.com/k3s-io/k3s/pull/13870) - + + +This release updates Kubernetes to v1.33.10, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#changelog-since-v1339). + +### Changes since v1.33.9+k3s1: + +* Bump to coredns 1.14.2 [(#13759)](https://github.com/k3s-io/k3s/pull/13759) +* Save cluster state before reencrypting secrets with newly created key [(#13773)](https://github.com/k3s-io/k3s/pull/13773) +* Backports for 2026-03 [(#13791)](https://github.com/k3s-io/k3s/pull/13791) +* Bump runc to v1.4.1 [(#13799)](https://github.com/k3s-io/k3s/pull/13799) +* Bump Traefik helm chart version [(#13813)](https://github.com/k3s-io/k3s/pull/13813) +* Bump cni plugins to v1.9.1 [(#13824)](https://github.com/k3s-io/k3s/pull/13824) +* Simplify snapshot compress/decompress logic [(#13829)](https://github.com/k3s-io/k3s/pull/13829) +* Update to v1.33.10-k3s1 and Go 1.24.13 [(#13833)](https://github.com/k3s-io/k3s/pull/13833) +* Chore: Update Trivy version in Dockerfile.dapper [(#13849)](https://github.com/k3s-io/k3s/pull/13849) +* Update to flannel v0.28.2 [(#13870)](https://github.com/k3s-io/k3s/pull/13870) + ----- ## Release [v1.33.9+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.33.9+k3s1) - - -This release updates Kubernetes to v1.33.9, and fixes a number of issues. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#changelog-since-v1338). - -### Changes since v1.33.8+k3s1: - -* Rootlesskit Revert + Test Fixes [(#13688)](https://github.com/k3s-io/k3s/pull/13688) -* Backports for 2026-02 BONUS RELEASE [(#13692)](https://github.com/k3s-io/k3s/pull/13692) -* Bump Traefik to v3.6.9 [(#13701)](https://github.com/k3s-io/k3s/pull/13701) -* Update to v1.33.9-k3s1 and Go 1.24.13 [(#13705)](https://github.com/k3s-io/k3s/pull/13705) - + + +This release updates Kubernetes to v1.33.9, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#changelog-since-v1338). + +### Changes since v1.33.8+k3s1: + +* Rootlesskit Revert + Test Fixes [(#13688)](https://github.com/k3s-io/k3s/pull/13688) +* Backports for 2026-02 BONUS RELEASE [(#13692)](https://github.com/k3s-io/k3s/pull/13692) +* Bump Traefik to v3.6.9 [(#13701)](https://github.com/k3s-io/k3s/pull/13701) +* Update to v1.33.9-k3s1 and Go 1.24.13 [(#13705)](https://github.com/k3s-io/k3s/pull/13705) + ----- ## Release [v1.33.8+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.33.8+k3s1) - - -This release updates Kubernetes to v1.33.8, and fixes a number of issues. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#changelog-since-v1337). - -### Changes since v1.33.7+k3s3: - -* Bulk Backports 2026-02 [(#13566)](https://github.com/k3s-io/k3s/pull/13566) -* Explicitly close mvcc backend to fix high CPU on initial etcd server after restart [(#13572)](https://github.com/k3s-io/k3s/pull/13572) -* Backports for 2026-02 [(#13582)](https://github.com/k3s-io/k3s/pull/13582) -* Bump kine for list/watch revision fixes [(#13578)](https://github.com/k3s-io/k3s/pull/13578) -* Fix VPN node IP not being applied to kubelet [(#13562)](https://github.com/k3s-io/k3s/pull/13562) -* Bump to coredns 1.14.1 and metrics-server v0.8.1 [(#13610)](https://github.com/k3s-io/k3s/pull/13610) -* Add registry prefix to image-list file [(#13600)](https://github.com/k3s-io/k3s/pull/13600) -* Bump klipper-helm and klipper-lb images [(#13621)](https://github.com/k3s-io/k3s/pull/13621) -* Fix removal of init node [(#13632)](https://github.com/k3s-io/k3s/pull/13632) -* Update to v1.33.8-k3s1 and Go 1.24.12 [(#13635)](https://github.com/k3s-io/k3s/pull/13635) - + + +This release updates Kubernetes to v1.33.8, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#changelog-since-v1337). + +### Changes since v1.33.7+k3s3: + +* Bulk Backports 2026-02 [(#13566)](https://github.com/k3s-io/k3s/pull/13566) +* Explicitly close mvcc backend to fix high CPU on initial etcd server after restart [(#13572)](https://github.com/k3s-io/k3s/pull/13572) +* Backports for 2026-02 [(#13582)](https://github.com/k3s-io/k3s/pull/13582) +* Bump kine for list/watch revision fixes [(#13578)](https://github.com/k3s-io/k3s/pull/13578) +* Fix VPN node IP not being applied to kubelet [(#13562)](https://github.com/k3s-io/k3s/pull/13562) +* Bump to coredns 1.14.1 and metrics-server v0.8.1 [(#13610)](https://github.com/k3s-io/k3s/pull/13610) +* Add registry prefix to image-list file [(#13600)](https://github.com/k3s-io/k3s/pull/13600) +* Bump klipper-helm and klipper-lb images [(#13621)](https://github.com/k3s-io/k3s/pull/13621) +* Fix removal of init node [(#13632)](https://github.com/k3s-io/k3s/pull/13632) +* Update to v1.33.8-k3s1 and Go 1.24.12 [(#13635)](https://github.com/k3s-io/k3s/pull/13635) + ----- ## Release [v1.33.7+k3s3](https://github.com/k3s-io/k3s/releases/tag/v1.33.7+k3s3) - - -This release updates Kubernetes to v1.33.7, and fixes a number of issues. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#changelog-since-v1337). - -### K3s v1.34 Upgrade Warning - -This warning targets users who perform upgrades by adding new nodes to the cluster, and removing old ones. If your etcd cluster membership is and has been consistent across versions, you should **NOT** be affected by this issue. - -K3s v1.34 and higher include etcd 3.6. Maintainers of the etcd project have indicated that there no safe path from etcd 3.5 to 3.6 except by upgrading to v3.5.26 first. - -In mid December, the project [released an announcement](https://etcd.io/blog/2025/zombie_members_upgrade/) indicating that there is NO safe path from etcd 3.5 to 3.6 except by upgrading to v3.5.26 first. Failure to do so can cause the cluster to report “zombie members” (etcd nodes that were removed from the cluster some time ago) re-appearing and joining database consensus, ultimately causing the cluster to lose quorum. This updated blog post contradicts [previous announcements on this topic](https://etcd.io/blog/2025/upgrade_from_3.5_to_3.6_issue_followup/), which indicated that it was safe to upgrade from v3.5.20+ as long as nodes had been restarted at least once, to reconcile membership lists across internal storage layers. - -The January releases of K3s v1.32 and v1.33 will include etcd v3.5.26. All users should plan on upgrading to this patch release, prior to upgrading to v1.34 and v1.35. - -### Changes since v1.33.7+k3s1: - -* Add firewall section to check-config.sh [(#13392)](https://github.com/k3s-io/k3s/pull/13392) -* Expand docker upgrade test, sunset E2E upgrade test [(#13400)](https://github.com/k3s-io/k3s/pull/13400) -* Allow k3s secrets-encrypt enable on existing clusters [(#13405)](https://github.com/k3s-io/k3s/pull/13405) -* Chore: Bump charts - Jan 2025 [(#13422)](https://github.com/k3s-io/k3s/pull/13422) -* Bump local path provisioner to v0.0.34 [(#13428)](https://github.com/k3s-io/k3s/pull/13428) -* Bump to coredns 1.14.0 [(#13453)](https://github.com/k3s-io/k3s/pull/13453) -* Backports for 2026-01 [(#13448)](https://github.com/k3s-io/k3s/pull/13448) -* Rootless ports: add support for udp [(#13461)](https://github.com/k3s-io/k3s/pull/13461) -* Update Traefik version to v3.6.7 [(#13482)](https://github.com/k3s-io/k3s/pull/13482) -* Bump etcd to v3.5.26 for zombie member fix [(#13493)](https://github.com/k3s-io/k3s/pull/13493) -* Update to v1.33.7-k3s3 and Go 1.24.11 [(#13521)](https://github.com/k3s-io/k3s/pull/13521) -* Fix restart of control-plane-only nodes attempting to reconcile from local datastore [(#13537)](https://github.com/k3s-io/k3s/pull/13537) - + + +This release updates Kubernetes to v1.33.7, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#changelog-since-v1337). + +### K3s v1.34 Upgrade Warning + +This warning targets users who perform upgrades by adding new nodes to the cluster, and removing old ones. If your etcd cluster membership is and has been consistent across versions, you should **NOT** be affected by this issue. + +K3s v1.34 and higher include etcd 3.6. Maintainers of the etcd project have indicated that there no safe path from etcd 3.5 to 3.6 except by upgrading to v3.5.26 first. + +In mid December, the project [released an announcement](https://etcd.io/blog/2025/zombie_members_upgrade/) indicating that there is NO safe path from etcd 3.5 to 3.6 except by upgrading to v3.5.26 first. Failure to do so can cause the cluster to report “zombie members” (etcd nodes that were removed from the cluster some time ago) re-appearing and joining database consensus, ultimately causing the cluster to lose quorum. This updated blog post contradicts [previous announcements on this topic](https://etcd.io/blog/2025/upgrade_from_3.5_to_3.6_issue_followup/), which indicated that it was safe to upgrade from v3.5.20+ as long as nodes had been restarted at least once, to reconcile membership lists across internal storage layers. + +The January releases of K3s v1.32 and v1.33 will include etcd v3.5.26. All users should plan on upgrading to this patch release, prior to upgrading to v1.34 and v1.35. + +### Changes since v1.33.7+k3s1: + +* Add firewall section to check-config.sh [(#13392)](https://github.com/k3s-io/k3s/pull/13392) +* Expand docker upgrade test, sunset E2E upgrade test [(#13400)](https://github.com/k3s-io/k3s/pull/13400) +* Allow k3s secrets-encrypt enable on existing clusters [(#13405)](https://github.com/k3s-io/k3s/pull/13405) +* Chore: Bump charts - Jan 2025 [(#13422)](https://github.com/k3s-io/k3s/pull/13422) +* Bump local path provisioner to v0.0.34 [(#13428)](https://github.com/k3s-io/k3s/pull/13428) +* Bump to coredns 1.14.0 [(#13453)](https://github.com/k3s-io/k3s/pull/13453) +* Backports for 2026-01 [(#13448)](https://github.com/k3s-io/k3s/pull/13448) +* Rootless ports: add support for udp [(#13461)](https://github.com/k3s-io/k3s/pull/13461) +* Update Traefik version to v3.6.7 [(#13482)](https://github.com/k3s-io/k3s/pull/13482) +* Bump etcd to v3.5.26 for zombie member fix [(#13493)](https://github.com/k3s-io/k3s/pull/13493) +* Update to v1.33.7-k3s3 and Go 1.24.11 [(#13521)](https://github.com/k3s-io/k3s/pull/13521) +* Fix restart of control-plane-only nodes attempting to reconcile from local datastore [(#13537)](https://github.com/k3s-io/k3s/pull/13537) + ----- ## Release [v1.33.7+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.33.7+k3s1) - - -This release updates Kubernetes to v1.33.7, and fixes a number of issues. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#changelog-since-v1336). - -### Changes since v1.33.6+k3s1: - -* Update busybox to 1.37.0 [(#13240)](https://github.com/k3s-io/k3s/pull/13240) -* Add multus e2e test [(#13265)](https://github.com/k3s-io/k3s/pull/13265) -* Backports for 2025-12 [(#13252)](https://github.com/k3s-io/k3s/pull/13252) - * Add docker dualstack test - * Fix windows build os - * Fix for clusters with few nodes and a lot of pod churn when webhooks are accessed using egress-selector - * Fix spegel sharing of imported images - * Bump opencontainers/selinux - * Remove remaining references to drone - * Bump actions/checkout from 5 to 6 - * Reorganize Executor interface to make CNI startup part of Executor implementation - * Bump kine and etcd - * Bump runc to v1.4.0 - * Consolidate test util functions - * Define DefaultHelmJobImage in K3s, overriding what helm-controller defaults to - * Bump actions/setup-go from 5 to 6 -* Fix tailscale setup in case of an already running configuration [(#13268)](https://github.com/k3s-io/k3s/pull/13268) -* Update kube-router to v2.6.2 [(#13289)](https://github.com/k3s-io/k3s/pull/13289) -* Update to v1.33.7-k3s1 and Go 1.24.11 [(#13307)](https://github.com/k3s-io/k3s/pull/13307) -* Fix cross-platform image save [(#13312)](https://github.com/k3s-io/k3s/pull/13312) -* Bump kine to v0.14.9 [(#13319)](https://github.com/k3s-io/k3s/pull/13319) -* Fix arm airgap platforms [(#13332)](https://github.com/k3s-io/k3s/pull/13332) -* Fix release CI [(#13341)](https://github.com/k3s-io/k3s/pull/13341) -* Override DefaultHelmJob at build time [(#13362)](https://github.com/k3s-io/k3s/pull/13362) -* Validate collected release artifact list before uploading [(#13359)](https://github.com/k3s-io/k3s/pull/13359) - + + +This release updates Kubernetes to v1.33.7, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#changelog-since-v1336). + +### Changes since v1.33.6+k3s1: + +* Update busybox to 1.37.0 [(#13240)](https://github.com/k3s-io/k3s/pull/13240) +* Add multus e2e test [(#13265)](https://github.com/k3s-io/k3s/pull/13265) +* Backports for 2025-12 [(#13252)](https://github.com/k3s-io/k3s/pull/13252) + * Add docker dualstack test + * Fix windows build os + * Fix for clusters with few nodes and a lot of pod churn when webhooks are accessed using egress-selector + * Fix spegel sharing of imported images + * Bump opencontainers/selinux + * Remove remaining references to drone + * Bump actions/checkout from 5 to 6 + * Reorganize Executor interface to make CNI startup part of Executor implementation + * Bump kine and etcd + * Bump runc to v1.4.0 + * Consolidate test util functions + * Define DefaultHelmJobImage in K3s, overriding what helm-controller defaults to + * Bump actions/setup-go from 5 to 6 +* Fix tailscale setup in case of an already running configuration [(#13268)](https://github.com/k3s-io/k3s/pull/13268) +* Update kube-router to v2.6.2 [(#13289)](https://github.com/k3s-io/k3s/pull/13289) +* Update to v1.33.7-k3s1 and Go 1.24.11 [(#13307)](https://github.com/k3s-io/k3s/pull/13307) +* Fix cross-platform image save [(#13312)](https://github.com/k3s-io/k3s/pull/13312) +* Bump kine to v0.14.9 [(#13319)](https://github.com/k3s-io/k3s/pull/13319) +* Fix arm airgap platforms [(#13332)](https://github.com/k3s-io/k3s/pull/13332) +* Fix release CI [(#13341)](https://github.com/k3s-io/k3s/pull/13341) +* Override DefaultHelmJob at build time [(#13362)](https://github.com/k3s-io/k3s/pull/13362) +* Validate collected release artifact list before uploading [(#13359)](https://github.com/k3s-io/k3s/pull/13359) + ----- ## Release [v1.33.6+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.33.6+k3s1) - - -This release updates Kubernetes to v1.33.6, and fixes a number of issues. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#changelog-since-v1335). - -### Changes since v1.33.5+k3s1: - -* Bump traefik to 3.5.1 [(#12958)](https://github.com/k3s-io/k3s/pull/12958) -* Fix garbled CLI [(#13033)](https://github.com/k3s-io/k3s/pull/13033) -* Update flannel, kube-router and cni plugins [(#13041)](https://github.com/k3s-io/k3s/pull/13041) -* Backports for 2025-10 [(#13058)](https://github.com/k3s-io/k3s/pull/13058) - * Fix netpol fatal error when changing node IP - * Bump dynamiclistener for stacked update fix - * Bump Klipper Helm and Helm Controller version - * Bump Local Path Provisioner version - * Fix IPv6 handling for loadbalancer addresses - * Fix multiple issues with server shutdown sequencing - * Fix etcd member promotion - * Bump spegel to v0.4.0 - * Fix kine metrics registration without --kine-tls - * Bump kine to v0.14.2 - * Fix: default forward after override imports - * Fix handling of vendored dependencies in version script - * Fix helm controller apiserver address for bootstrap charts on ipv6-only nodes - * Create dynamic-cert-regenerate file in CA cert rotation handler - * Fix ability to rotate server token to an invalid format - * Drop calls to rand.Seed - * Bump kine for postgres object count fix - * Bump kine=v0.14.5 - * Bump coredns to 1.13.1 -* Update dispatch script [(#13077)](https://github.com/k3s-io/k3s/pull/13077) -* Bump helm-controller/klipper-helm [(#13092)](https://github.com/k3s-io/k3s/pull/13092) -* Backports for 2025-11 [(#13126)](https://github.com/k3s-io/k3s/pull/13126) -* Inclusive naming proposal [(#13133)](https://github.com/k3s-io/k3s/pull/13133) -* Migrate release pipeline into GitHub Actions [(#13116)](https://github.com/k3s-io/k3s/pull/13116) -* Bump runc to v1.3.3 [(#13145)](https://github.com/k3s-io/k3s/pull/13145) -* Add Prime assets upload [(#13158)](https://github.com/k3s-io/k3s/pull/13158) -* More backports for 2025-11 [(#13178)](https://github.com/k3s-io/k3s/pull/13178) -* Bump klipper-helm and helm-controller [(#13194)](https://github.com/k3s-io/k3s/pull/13194) -* Update to v1.33.6-k3s1 and Go 1.24.9 [(#13200)](https://github.com/k3s-io/k3s/pull/13200) -* Add id-token [(#13207)](https://github.com/k3s-io/k3s/pull/13207) - + + +This release updates Kubernetes to v1.33.6, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#changelog-since-v1335). + +### Changes since v1.33.5+k3s1: + +* Bump traefik to 3.5.1 [(#12958)](https://github.com/k3s-io/k3s/pull/12958) +* Fix garbled CLI [(#13033)](https://github.com/k3s-io/k3s/pull/13033) +* Update flannel, kube-router and cni plugins [(#13041)](https://github.com/k3s-io/k3s/pull/13041) +* Backports for 2025-10 [(#13058)](https://github.com/k3s-io/k3s/pull/13058) + * Fix netpol fatal error when changing node IP + * Bump dynamiclistener for stacked update fix + * Bump Klipper Helm and Helm Controller version + * Bump Local Path Provisioner version + * Fix IPv6 handling for loadbalancer addresses + * Fix multiple issues with server shutdown sequencing + * Fix etcd member promotion + * Bump spegel to v0.4.0 + * Fix kine metrics registration without --kine-tls + * Bump kine to v0.14.2 + * Fix: default forward after override imports + * Fix handling of vendored dependencies in version script + * Fix helm controller apiserver address for bootstrap charts on ipv6-only nodes + * Create dynamic-cert-regenerate file in CA cert rotation handler + * Fix ability to rotate server token to an invalid format + * Drop calls to rand.Seed + * Bump kine for postgres object count fix + * Bump kine=v0.14.5 + * Bump coredns to 1.13.1 +* Update dispatch script [(#13077)](https://github.com/k3s-io/k3s/pull/13077) +* Bump helm-controller/klipper-helm [(#13092)](https://github.com/k3s-io/k3s/pull/13092) +* Backports for 2025-11 [(#13126)](https://github.com/k3s-io/k3s/pull/13126) +* Inclusive naming proposal [(#13133)](https://github.com/k3s-io/k3s/pull/13133) +* Migrate release pipeline into GitHub Actions [(#13116)](https://github.com/k3s-io/k3s/pull/13116) +* Bump runc to v1.3.3 [(#13145)](https://github.com/k3s-io/k3s/pull/13145) +* Add Prime assets upload [(#13158)](https://github.com/k3s-io/k3s/pull/13158) +* More backports for 2025-11 [(#13178)](https://github.com/k3s-io/k3s/pull/13178) +* Bump klipper-helm and helm-controller [(#13194)](https://github.com/k3s-io/k3s/pull/13194) +* Update to v1.33.6-k3s1 and Go 1.24.9 [(#13200)](https://github.com/k3s-io/k3s/pull/13200) +* Add id-token [(#13207)](https://github.com/k3s-io/k3s/pull/13207) + ----- ## Release [v1.33.5+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.33.5+k3s1) - - -This release updates Kubernetes to v1.33.5, and fixes a number of issues. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#changelog-since-v1334). - -### Changes since v1.33.4+k3s1: - -* Backports for 2025-09 [(#12885)](https://github.com/k3s-io/k3s/pull/12885) - * Bump rancher libs: wrangler/lasso/remotedialer - * Wire cri-dockerd --log-level=debug up to k3s --debug flag - * Fix spegel logging and startup sequence - * Update to runc v1.3.0 - * Do not bootstrap etcd-only nodes from existing supervisor - * Add retry on etcd MemberAdd timeout - * Bump containerd to v2.1.4 - * Retry CRD creation in case of conflict - * Wire up kine metrics - * Wire up remotedialer metrics - * Fix etcd join timeout handling - * Bump k3s-root to v0.15.0 - * Add opencontainers/runc pin to v1.3.1 - * Move data dir into position before creating CNI symlinks -* Update to v1.33.5-k3s1 and Go 1.24.6 [(#12895)](https://github.com/k3s-io/k3s/pull/12895) - + + +This release updates Kubernetes to v1.33.5, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#changelog-since-v1334). + +### Changes since v1.33.4+k3s1: + +* Backports for 2025-09 [(#12885)](https://github.com/k3s-io/k3s/pull/12885) + * Bump rancher libs: wrangler/lasso/remotedialer + * Wire cri-dockerd --log-level=debug up to k3s --debug flag + * Fix spegel logging and startup sequence + * Update to runc v1.3.0 + * Do not bootstrap etcd-only nodes from existing supervisor + * Add retry on etcd MemberAdd timeout + * Bump containerd to v2.1.4 + * Retry CRD creation in case of conflict + * Wire up kine metrics + * Wire up remotedialer metrics + * Fix etcd join timeout handling + * Bump k3s-root to v0.15.0 + * Add opencontainers/runc pin to v1.3.1 + * Move data dir into position before creating CNI symlinks +* Update to v1.33.5-k3s1 and Go 1.24.6 [(#12895)](https://github.com/k3s-io/k3s/pull/12895) + ----- ## Release [v1.33.4+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.33.4+k3s1) - - -This release updates Kubernetes to v1.33.4, and fixes a number of issues. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#changelog-since-v1333). - -### Changes since v1.33.3+k3s1: - -* Add retention flag specific for s3 [(#12694)](https://github.com/k3s-io/k3s/pull/12694) -* Backports for August [(#12718)](https://github.com/k3s-io/k3s/pull/12718) -* Bump coredns to 1.12.3 [(#12728)](https://github.com/k3s-io/k3s/pull/12728) -* Bump metrics-server to v0.8.0 [(#12741)](https://github.com/k3s-io/k3s/pull/12741) -* Fix cert startup check events [(#12746)](https://github.com/k3s-io/k3s/pull/12746) -* Emit certs OK event on startup, if no certs need renewal [(#12760)](https://github.com/k3s-io/k3s/pull/12760) -* Update to v1.33.4-k3s1 and Go 1.24.5 [(#12758)](https://github.com/k3s-io/k3s/pull/12758) -* Update metric help to be more descriptive. [(#12764)](https://github.com/k3s-io/k3s/pull/12764) - + + +This release updates Kubernetes to v1.33.4, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#changelog-since-v1333). + +### Changes since v1.33.3+k3s1: + +* Add retention flag specific for s3 [(#12694)](https://github.com/k3s-io/k3s/pull/12694) +* Backports for August [(#12718)](https://github.com/k3s-io/k3s/pull/12718) +* Bump coredns to 1.12.3 [(#12728)](https://github.com/k3s-io/k3s/pull/12728) +* Bump metrics-server to v0.8.0 [(#12741)](https://github.com/k3s-io/k3s/pull/12741) +* Fix cert startup check events [(#12746)](https://github.com/k3s-io/k3s/pull/12746) +* Emit certs OK event on startup, if no certs need renewal [(#12760)](https://github.com/k3s-io/k3s/pull/12760) +* Update to v1.33.4-k3s1 and Go 1.24.5 [(#12758)](https://github.com/k3s-io/k3s/pull/12758) +* Update metric help to be more descriptive. [(#12764)](https://github.com/k3s-io/k3s/pull/12764) + ----- ## Release [v1.33.3+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.33.3+k3s1) - - -This release updates Kubernetes to v1.33.3, and fixes a number of issues. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#changelog-since-v1332). - -### Changes since v1.33.2+k3s1: - -* Add usage description for etcd-snapshot [(#12573)](https://github.com/k3s-io/k3s/pull/12573) -* Refac shell completion to a better command structure [(#12605)](https://github.com/k3s-io/k3s/pull/12605) - * K3s completion shell command will now be separate to specific subcommands for bash and zsh -* GHA + Testing Backports [(#12608)](https://github.com/k3s-io/k3s/pull/12608) -* Backports for 2025-07 [(#12631)](https://github.com/k3s-io/k3s/pull/12631) -* Update to v1.33.3-k3s1 [(#12652)](https://github.com/k3s-io/k3s/pull/12652) - + + +This release updates Kubernetes to v1.33.3, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#changelog-since-v1332). + +### Changes since v1.33.2+k3s1: + +* Add usage description for etcd-snapshot [(#12573)](https://github.com/k3s-io/k3s/pull/12573) +* Refac shell completion to a better command structure [(#12605)](https://github.com/k3s-io/k3s/pull/12605) + * K3s completion shell command will now be separate to specific subcommands for bash and zsh +* GHA + Testing Backports [(#12608)](https://github.com/k3s-io/k3s/pull/12608) +* Backports for 2025-07 [(#12631)](https://github.com/k3s-io/k3s/pull/12631) +* Update to v1.33.3-k3s1 [(#12652)](https://github.com/k3s-io/k3s/pull/12652) + ----- ## Release [v1.33.2+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.33.2+k3s1) - - -This release updates Kubernetes to v1.33.2, and fixes a number of issues. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#changelog-since-v1331). - -### Changes since v1.33.1+k3s1: - -* GHCR image release [(#12462)](https://github.com/k3s-io/k3s/pull/12462) -* Backports for 2025-06 [(#12492)](https://github.com/k3s-io/k3s/pull/12492) -* Bump helm-controller [(#12518)](https://github.com/k3s-io/k3s/pull/12518) -* Update network components [(#12512)](https://github.com/k3s-io/k3s/pull/12512) -* Update to v1.33.2-k3s1 and Go 1.24.4 [(#12529)](https://github.com/k3s-io/k3s/pull/12529) - + + +This release updates Kubernetes to v1.33.2, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#changelog-since-v1331). + +### Changes since v1.33.1+k3s1: + +* GHCR image release [(#12462)](https://github.com/k3s-io/k3s/pull/12462) +* Backports for 2025-06 [(#12492)](https://github.com/k3s-io/k3s/pull/12492) +* Bump helm-controller [(#12518)](https://github.com/k3s-io/k3s/pull/12518) +* Update network components [(#12512)](https://github.com/k3s-io/k3s/pull/12512) +* Update to v1.33.2-k3s1 and Go 1.24.4 [(#12529)](https://github.com/k3s-io/k3s/pull/12529) + ----- ## Release [v1.33.1+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.33.1+k3s1) - - -This release updates Kubernetes to v1.33.1, and fixes a number of issues. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#changelog-since-v1330). - -### Changes since v1.33.0+k3s1: - -* Backports for May [(#12319)](https://github.com/k3s-io/k3s/pull/12319) -* Backports for 2025-05 [(#12325)](https://github.com/k3s-io/k3s/pull/12325) -* Fix authorization-config/authentication-config handling [(#12344)](https://github.com/k3s-io/k3s/pull/12344) -* Fix secretsencrypt race conditions [(#12355)](https://github.com/k3s-io/k3s/pull/12355) -* Update to v1.33.1-k3s1 [(#12360)](https://github.com/k3s-io/k3s/pull/12360) -* Fix startup e2e test [(#12370)](https://github.com/k3s-io/k3s/pull/12370) - + + +This release updates Kubernetes to v1.33.1, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#changelog-since-v1330). + +### Changes since v1.33.0+k3s1: + +* Backports for May [(#12319)](https://github.com/k3s-io/k3s/pull/12319) +* Backports for 2025-05 [(#12325)](https://github.com/k3s-io/k3s/pull/12325) +* Fix authorization-config/authentication-config handling [(#12344)](https://github.com/k3s-io/k3s/pull/12344) +* Fix secretsencrypt race conditions [(#12355)](https://github.com/k3s-io/k3s/pull/12355) +* Update to v1.33.1-k3s1 [(#12360)](https://github.com/k3s-io/k3s/pull/12360) +* Fix startup e2e test [(#12370)](https://github.com/k3s-io/k3s/pull/12370) + ----- ## Release [v1.33.0+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.33.0+k3s1) - - -This release updates Kubernetes to v1.33.0, and fixes a number of issues. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#changelog-since-v1320). - -### Changes since v1.32.0+k3s1: - -* Add IPv6 to cluster-dns Usage Docs [(#11498)](https://github.com/k3s-io/k3s/pull/11498) -* Load nft modules at startup [(#11524)](https://github.com/k3s-io/k3s/pull/11524) -* Add "k3s certificate check" clause for better test coverage [(#11485)](https://github.com/k3s-io/k3s/pull/11485) - * Can now get a table output for `k3s certificate check` using `--output table` flag -* Fix skew semver for release-XX branches [(#11531)](https://github.com/k3s-io/k3s/pull/11531) -* Move supervisor API request handlers into dedicated package and add unit tests [(#11471)](https://github.com/k3s-io/k3s/pull/11471) -* Auto import images for containerd image store [(#10973)](https://github.com/k3s-io/k3s/pull/10973) - * Users can now auto import images to containerd by just throwing the image in the agent/images folder while k3s is running -* Fix K3S_DATA_DIR when running as non-root user [(#11378)](https://github.com/k3s-io/k3s/pull/11378) -* Improve flannel RBAC changes [(#11569)](https://github.com/k3s-io/k3s/pull/11569) -* Align etcd-snapshot-dir default path description [(#11571)](https://github.com/k3s-io/k3s/pull/11571) - * Align the CLI-reported default `--etcd-snapshot-dir` value with the actual one (`server`, `etcd-snapshot` commands). -* Fix local password validation when bind-address is set [(#11607)](https://github.com/k3s-io/k3s/pull/11607) -* Chore: Bump klipper-lb and klipper-helm [(#11595)](https://github.com/k3s-io/k3s/pull/11595) -* Remove local restriction for deferred node password validation [(#11646)](https://github.com/k3s-io/k3s/pull/11646) -* Disable s3 transport transparent compression/decompression [(#11604)](https://github.com/k3s-io/k3s/pull/11604) -* Bump Local Path Provisioner version [(#11657)](https://github.com/k3s-io/k3s/pull/11657) -* Run Docker tests with systemd-node, allows K3s service restarts [(#11638)](https://github.com/k3s-io/k3s/pull/11638) -* Correct the k3s token command help [(#11673)](https://github.com/k3s-io/k3s/pull/11673) -* Add support for AWS shared credentials file [(#11614)](https://github.com/k3s-io/k3s/pull/11614) - * Etcd snapshot backup/restore now supports loading s3 credentials from an AWS SDK shared credentials file. -* Run Docker test on Github Actions arm64 runners [(#11705)](https://github.com/k3s-io/k3s/pull/11705) -* Consolidate test utility functions into top level package [(#11711)](https://github.com/k3s-io/k3s/pull/11711) -* Consolidate linux and windows containerd config templates [(#11707)](https://github.com/k3s-io/k3s/pull/11707) - * The containerd config templates for linux and windows have been consolidated and are no longer os-specific. -* Convert docker conformance test to go test framework [(#11643)](https://github.com/k3s-io/k3s/pull/11643) -* Move Windows compilation test to GHA and enable tests [(#11713)](https://github.com/k3s-io/k3s/pull/11713) -* Update to containerd v2.0 [(#11626)](https://github.com/k3s-io/k3s/pull/11626) - * Containerd has been bumped to version 2.0. - * Containerd 2.0 uses a new config file schema. If you are using a custom containerd config template, you should migrate your template to `config-v3.toml.tmpl` to switch to the new version. See the [upstream documentation](https://github.com/containerd/containerd/blob/release/2.0/docs/cri/config.md) for more information. -* Reduce cache thrashing [(#11769)](https://github.com/k3s-io/k3s/pull/11769) -* Revert "Add ability to pass configuration options to flannel backend" [(#11783)](https://github.com/k3s-io/k3s/pull/11783) -* Add static bin dir support to k3s docker image [(#11790)](https://github.com/k3s-io/k3s/pull/11790) -* Add etcd snapshot metrics [(#11793)](https://github.com/k3s-io/k3s/pull/11793) -* Fix: move CONFIG_SECCOMP to generally necessary category in check-config command [(#11807)](https://github.com/k3s-io/k3s/pull/11807) - * Fixed: CONFIG_SECCOMP has been moved from the optional features section to the necessary features section in the check-config command to ensure accurate configuration checks. -* Render CNI dir config whenever vars are set [(#11818)](https://github.com/k3s-io/k3s/pull/11818) -* Bump containerd for go-cni deadlock fix [(#11832)](https://github.com/k3s-io/k3s/pull/11832) -* Move `k3s.cattle.io` APIs to `github.com/k3s-io/api` [(#11827)](https://github.com/k3s-io/k3s/pull/11827) -* Fix bootstrapping on non-init servers [(#11844)](https://github.com/k3s-io/k3s/pull/11844) -* Fix memory cgroup check on kernels without v1 controller support [(#11838)](https://github.com/k3s-io/k3s/pull/11838) -* Fix memory cgroup check on kernels without v1 controller support [(#11859)](https://github.com/k3s-io/k3s/pull/11859) -* Add netfilter statistic module to check-config [(#11860)](https://github.com/k3s-io/k3s/pull/11860) -* Set User in k3s systemd unit to fix loading AWS shared credentials files [(#11777)](https://github.com/k3s-io/k3s/pull/11777) -* Bump to containerd v2.0.3/runc v1.2.5 [(#11863)](https://github.com/k3s-io/k3s/pull/11863) -* Avoid use of `github.com/pkg/errors` functions that capture stack [(#11880)](https://github.com/k3s-io/k3s/pull/11880) -* Add periodic background snapshot reconcile [(#11881)](https://github.com/k3s-io/k3s/pull/11881) -* Bump klipper-lb image to v0.4.13 [(#11898)](https://github.com/k3s-io/k3s/pull/11898) -* Fix syncing empty list of apiserver addresses during initial startup [(#11935)](https://github.com/k3s-io/k3s/pull/11935) -* Serial Conformance Test Fixes [(#11894)](https://github.com/k3s-io/k3s/pull/11894) -* Migrate to UrfaveCLI v2 [(#11831)](https://github.com/k3s-io/k3s/pull/11831) -* Add Community Management [(#11926)](https://github.com/k3s-io/k3s/pull/11926) -* Remove all resources previously created when deleting AddOn (#11975) [(#11977)](https://github.com/k3s-io/k3s/pull/11977) - * When disabling auto-deploying manifests (AddOns) via the `--disable` flag, the deploy controller will now ensure deletion of all resources previously created by the manifest, even if some resources were removed from the file before it was disabled. -* Bump containerd to v2.0.4 [(#11982)](https://github.com/k3s-io/k3s/pull/11982) -* Improve readiness polling on node startup [(#11878)](https://github.com/k3s-io/k3s/pull/11878) -* Publish k3s image to Github Container Registry [(#11835)](https://github.com/k3s-io/k3s/pull/11835) - * The k3s image in now published to `ghcr.io` in addition to dockerhub. You can `docker pull ghcr.io/k3s-io/k3s:` -* Fix issue caused by default authorization-mode apiserver arg [(#12018)](https://github.com/k3s-io/k3s/pull/12018) -* Adds External Secrets to ADOPTERS.md [(#12045)](https://github.com/k3s-io/k3s/pull/12045) -* Add support for secretbox encryption provider with the `k3s secrets-encrypt` command [(#12021)](https://github.com/k3s-io/k3s/pull/12021) - * Users can now configure secrets encryption to use `secretbox` provider by setting the `secrets-encryption-provider` flag. -* Cleanup anonymous and named volumes for docker tests [(#12069)](https://github.com/k3s-io/k3s/pull/12069) -* Add ReusePort/ReuseAddr flags to etcd config [(#12084)](https://github.com/k3s-io/k3s/pull/12084) -* Silence vagrant progress output [(#12085)](https://github.com/k3s-io/k3s/pull/12085) -* Consolidate build-k3s GHA workflow for OS and ARCH [(#12080)](https://github.com/k3s-io/k3s/pull/12080) -* Move Windows test out of Install Script workflow [(#12089)](https://github.com/k3s-io/k3s/pull/12089) -* Adding in govulncheck [(#12083)](https://github.com/k3s-io/k3s/pull/12083) -* Add error in certificate check [(#12047)](https://github.com/k3s-io/k3s/pull/12047) - * Add extra logs to k3s certificate check when using --debug flag -* Bump Klipper Helm and Helm Controller version [(#12026)](https://github.com/k3s-io/k3s/pull/12026) -* Chore: bump kine to v0.13.13 [(#12103)](https://github.com/k3s-io/k3s/pull/12103) -* Fix: Use proper key when signing kubelet certificate [(#12011)](https://github.com/k3s-io/k3s/pull/12011) -* Add Community in README.md [(#12091)](https://github.com/k3s-io/k3s/pull/12091) -* Bump etcd to v3.5.21 [(#12117)](https://github.com/k3s-io/k3s/pull/12117) -* Create scorecard.yml [(#12128)](https://github.com/k3s-io/k3s/pull/12128) -* Add OpenSSF Scorecard badge [(#12134)](https://github.com/k3s-io/k3s/pull/12134) -* Bump kine for nats-server/v2 CVE-2025-30215 [(#12140)](https://github.com/k3s-io/k3s/pull/12140) -* Bump flannel to 0.26.7 [(#12126)](https://github.com/k3s-io/k3s/pull/12126) -* Set kubelet read-only-port via CLI flag [(#12165)](https://github.com/k3s-io/k3s/pull/12165) -* Fix excessive load when bootstrapping P2P peers from servers configured in a join loop [(#12154)](https://github.com/k3s-io/k3s/pull/12154) -* Address top flaky tests [(#12163)](https://github.com/k3s-io/k3s/pull/12163) -* Fix handler panic when bootstrapper returns empty peer list [(#12177)](https://github.com/k3s-io/k3s/pull/12177) -* Bump traefik to v3.3.6 [(#12188)](https://github.com/k3s-io/k3s/pull/12188) -* Bump spegel to v0.1.1 [(#12199)](https://github.com/k3s-io/k3s/pull/12199) -* Build k3s overhaul [(#12200)](https://github.com/k3s-io/k3s/pull/12200) -* Fix sonobuoy conformance testing [(#12214)](https://github.com/k3s-io/k3s/pull/12214) -* Update k8s version to 1.33 [(#12221)](https://github.com/k3s-io/k3s/pull/12221) - + + +This release updates Kubernetes to v1.33.0, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#changelog-since-v1320). + +### Changes since v1.32.0+k3s1: + +* Add IPv6 to cluster-dns Usage Docs [(#11498)](https://github.com/k3s-io/k3s/pull/11498) +* Load nft modules at startup [(#11524)](https://github.com/k3s-io/k3s/pull/11524) +* Add "k3s certificate check" clause for better test coverage [(#11485)](https://github.com/k3s-io/k3s/pull/11485) + * Can now get a table output for `k3s certificate check` using `--output table` flag +* Fix skew semver for release-XX branches [(#11531)](https://github.com/k3s-io/k3s/pull/11531) +* Move supervisor API request handlers into dedicated package and add unit tests [(#11471)](https://github.com/k3s-io/k3s/pull/11471) +* Auto import images for containerd image store [(#10973)](https://github.com/k3s-io/k3s/pull/10973) + * Users can now auto import images to containerd by just throwing the image in the agent/images folder while k3s is running +* Fix K3S_DATA_DIR when running as non-root user [(#11378)](https://github.com/k3s-io/k3s/pull/11378) +* Improve flannel RBAC changes [(#11569)](https://github.com/k3s-io/k3s/pull/11569) +* Align etcd-snapshot-dir default path description [(#11571)](https://github.com/k3s-io/k3s/pull/11571) + * Align the CLI-reported default `--etcd-snapshot-dir` value with the actual one (`server`, `etcd-snapshot` commands). +* Fix local password validation when bind-address is set [(#11607)](https://github.com/k3s-io/k3s/pull/11607) +* Chore: Bump klipper-lb and klipper-helm [(#11595)](https://github.com/k3s-io/k3s/pull/11595) +* Remove local restriction for deferred node password validation [(#11646)](https://github.com/k3s-io/k3s/pull/11646) +* Disable s3 transport transparent compression/decompression [(#11604)](https://github.com/k3s-io/k3s/pull/11604) +* Bump Local Path Provisioner version [(#11657)](https://github.com/k3s-io/k3s/pull/11657) +* Run Docker tests with systemd-node, allows K3s service restarts [(#11638)](https://github.com/k3s-io/k3s/pull/11638) +* Correct the k3s token command help [(#11673)](https://github.com/k3s-io/k3s/pull/11673) +* Add support for AWS shared credentials file [(#11614)](https://github.com/k3s-io/k3s/pull/11614) + * Etcd snapshot backup/restore now supports loading s3 credentials from an AWS SDK shared credentials file. +* Run Docker test on Github Actions arm64 runners [(#11705)](https://github.com/k3s-io/k3s/pull/11705) +* Consolidate test utility functions into top level package [(#11711)](https://github.com/k3s-io/k3s/pull/11711) +* Consolidate linux and windows containerd config templates [(#11707)](https://github.com/k3s-io/k3s/pull/11707) + * The containerd config templates for linux and windows have been consolidated and are no longer os-specific. +* Convert docker conformance test to go test framework [(#11643)](https://github.com/k3s-io/k3s/pull/11643) +* Move Windows compilation test to GHA and enable tests [(#11713)](https://github.com/k3s-io/k3s/pull/11713) +* Update to containerd v2.0 [(#11626)](https://github.com/k3s-io/k3s/pull/11626) + * Containerd has been bumped to version 2.0. + * Containerd 2.0 uses a new config file schema. If you are using a custom containerd config template, you should migrate your template to `config-v3.toml.tmpl` to switch to the new version. See the [upstream documentation](https://github.com/containerd/containerd/blob/release/2.0/docs/cri/config.md) for more information. +* Reduce cache thrashing [(#11769)](https://github.com/k3s-io/k3s/pull/11769) +* Revert "Add ability to pass configuration options to flannel backend" [(#11783)](https://github.com/k3s-io/k3s/pull/11783) +* Add static bin dir support to k3s docker image [(#11790)](https://github.com/k3s-io/k3s/pull/11790) +* Add etcd snapshot metrics [(#11793)](https://github.com/k3s-io/k3s/pull/11793) +* Fix: move CONFIG_SECCOMP to generally necessary category in check-config command [(#11807)](https://github.com/k3s-io/k3s/pull/11807) + * Fixed: CONFIG_SECCOMP has been moved from the optional features section to the necessary features section in the check-config command to ensure accurate configuration checks. +* Render CNI dir config whenever vars are set [(#11818)](https://github.com/k3s-io/k3s/pull/11818) +* Bump containerd for go-cni deadlock fix [(#11832)](https://github.com/k3s-io/k3s/pull/11832) +* Move `k3s.cattle.io` APIs to `github.com/k3s-io/api` [(#11827)](https://github.com/k3s-io/k3s/pull/11827) +* Fix bootstrapping on non-init servers [(#11844)](https://github.com/k3s-io/k3s/pull/11844) +* Fix memory cgroup check on kernels without v1 controller support [(#11838)](https://github.com/k3s-io/k3s/pull/11838) +* Fix memory cgroup check on kernels without v1 controller support [(#11859)](https://github.com/k3s-io/k3s/pull/11859) +* Add netfilter statistic module to check-config [(#11860)](https://github.com/k3s-io/k3s/pull/11860) +* Set User in k3s systemd unit to fix loading AWS shared credentials files [(#11777)](https://github.com/k3s-io/k3s/pull/11777) +* Bump to containerd v2.0.3/runc v1.2.5 [(#11863)](https://github.com/k3s-io/k3s/pull/11863) +* Avoid use of `github.com/pkg/errors` functions that capture stack [(#11880)](https://github.com/k3s-io/k3s/pull/11880) +* Add periodic background snapshot reconcile [(#11881)](https://github.com/k3s-io/k3s/pull/11881) +* Bump klipper-lb image to v0.4.13 [(#11898)](https://github.com/k3s-io/k3s/pull/11898) +* Fix syncing empty list of apiserver addresses during initial startup [(#11935)](https://github.com/k3s-io/k3s/pull/11935) +* Serial Conformance Test Fixes [(#11894)](https://github.com/k3s-io/k3s/pull/11894) +* Migrate to UrfaveCLI v2 [(#11831)](https://github.com/k3s-io/k3s/pull/11831) +* Add Community Management [(#11926)](https://github.com/k3s-io/k3s/pull/11926) +* Remove all resources previously created when deleting AddOn (#11975) [(#11977)](https://github.com/k3s-io/k3s/pull/11977) + * When disabling auto-deploying manifests (AddOns) via the `--disable` flag, the deploy controller will now ensure deletion of all resources previously created by the manifest, even if some resources were removed from the file before it was disabled. +* Bump containerd to v2.0.4 [(#11982)](https://github.com/k3s-io/k3s/pull/11982) +* Improve readiness polling on node startup [(#11878)](https://github.com/k3s-io/k3s/pull/11878) +* Publish k3s image to Github Container Registry [(#11835)](https://github.com/k3s-io/k3s/pull/11835) + * The k3s image in now published to `ghcr.io` in addition to dockerhub. You can `docker pull ghcr.io/k3s-io/k3s:` +* Fix issue caused by default authorization-mode apiserver arg [(#12018)](https://github.com/k3s-io/k3s/pull/12018) +* Adds External Secrets to ADOPTERS.md [(#12045)](https://github.com/k3s-io/k3s/pull/12045) +* Add support for secretbox encryption provider with the `k3s secrets-encrypt` command [(#12021)](https://github.com/k3s-io/k3s/pull/12021) + * Users can now configure secrets encryption to use `secretbox` provider by setting the `secrets-encryption-provider` flag. +* Cleanup anonymous and named volumes for docker tests [(#12069)](https://github.com/k3s-io/k3s/pull/12069) +* Add ReusePort/ReuseAddr flags to etcd config [(#12084)](https://github.com/k3s-io/k3s/pull/12084) +* Silence vagrant progress output [(#12085)](https://github.com/k3s-io/k3s/pull/12085) +* Consolidate build-k3s GHA workflow for OS and ARCH [(#12080)](https://github.com/k3s-io/k3s/pull/12080) +* Move Windows test out of Install Script workflow [(#12089)](https://github.com/k3s-io/k3s/pull/12089) +* Adding in govulncheck [(#12083)](https://github.com/k3s-io/k3s/pull/12083) +* Add error in certificate check [(#12047)](https://github.com/k3s-io/k3s/pull/12047) + * Add extra logs to k3s certificate check when using --debug flag +* Bump Klipper Helm and Helm Controller version [(#12026)](https://github.com/k3s-io/k3s/pull/12026) +* Chore: bump kine to v0.13.13 [(#12103)](https://github.com/k3s-io/k3s/pull/12103) +* Fix: Use proper key when signing kubelet certificate [(#12011)](https://github.com/k3s-io/k3s/pull/12011) +* Add Community in README.md [(#12091)](https://github.com/k3s-io/k3s/pull/12091) +* Bump etcd to v3.5.21 [(#12117)](https://github.com/k3s-io/k3s/pull/12117) +* Create scorecard.yml [(#12128)](https://github.com/k3s-io/k3s/pull/12128) +* Add OpenSSF Scorecard badge [(#12134)](https://github.com/k3s-io/k3s/pull/12134) +* Bump kine for nats-server/v2 CVE-2025-30215 [(#12140)](https://github.com/k3s-io/k3s/pull/12140) +* Bump flannel to 0.26.7 [(#12126)](https://github.com/k3s-io/k3s/pull/12126) +* Set kubelet read-only-port via CLI flag [(#12165)](https://github.com/k3s-io/k3s/pull/12165) +* Fix excessive load when bootstrapping P2P peers from servers configured in a join loop [(#12154)](https://github.com/k3s-io/k3s/pull/12154) +* Address top flaky tests [(#12163)](https://github.com/k3s-io/k3s/pull/12163) +* Fix handler panic when bootstrapper returns empty peer list [(#12177)](https://github.com/k3s-io/k3s/pull/12177) +* Bump traefik to v3.3.6 [(#12188)](https://github.com/k3s-io/k3s/pull/12188) +* Bump spegel to v0.1.1 [(#12199)](https://github.com/k3s-io/k3s/pull/12199) +* Build k3s overhaul [(#12200)](https://github.com/k3s-io/k3s/pull/12200) +* Fix sonobuoy conformance testing [(#12214)](https://github.com/k3s-io/k3s/pull/12214) +* Update k8s version to 1.33 [(#12221)](https://github.com/k3s-io/k3s/pull/12221) + ----- diff --git a/docs/release-notes/v1.34.X.md b/docs/release-notes/v1.34.X.md index 15bad0e2b..fcdd62751 100644 --- a/docs/release-notes/v1.34.X.md +++ b/docs/release-notes/v1.34.X.md @@ -11,6 +11,7 @@ Before upgrading from earlier releases, be sure to read the Kubernetes [Urgent U | Version | Release date | Kubernetes | Kine | SQLite | Etcd | Containerd | Runc | Flannel | Metrics-server | Traefik | CoreDNS | Helm-controller | Local-path-provisioner | | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | +| [v1.34.9+k3s1](v1.34.X.md#release-v1349k3s1) | Jun 24 2026| [v1.34.9](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1349) | [v0.16.1](https://github.com/k3s-io/kine/releases/tag/v0.16.1) | [3.53.0](https://sqlite.org/releaselog/3_53_0.html) | [v3.6.12-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.6.12-k3s1) | [v2.2.5-k3s2](https://github.com/k3s-io/containerd/releases/tag/v2.2.5-k3s2) | [v1.4.2](https://github.com/opencontainers/runc/releases/tag/v1.4.2) | [v0.28.4](https://github.com/flannel-io/flannel/releases/tag/v0.28.4) | [v0.8.1](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.8.1) | [v3.7.4](https://github.com/traefik/traefik/releases/tag/v3.7.4) | [v1.14.4](https://github.com/coredns/coredns/releases/tag/v1.14.4) | [v0.17.1](https://github.com/k3s-io/helm-controller/releases/tag/v0.17.1) | [v0.0.36](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.36) | | [v1.34.8+k3s1](v1.34.X.md#release-v1348k3s1) | May 20 2026| [v1.34.8](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1348) | [v0.15.0](https://github.com/k3s-io/kine/releases/tag/v0.15.0) | [3.53.0](https://sqlite.org/releaselog/3_53_0.html) | [v3.6.7-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.6.7-k3s1) | [v2.2.3-k3s1](https://github.com/k3s-io/containerd/releases/tag/v2.2.3-k3s1) | [v1.4.2](https://github.com/opencontainers/runc/releases/tag/v1.4.2) | [v0.28.4](https://github.com/flannel-io/flannel/releases/tag/v0.28.4) | [v0.8.1](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.8.1) | [v3.6.13](https://github.com/traefik/traefik/releases/tag/v3.6.13) | [v1.14.3](https://github.com/coredns/coredns/releases/tag/v1.14.3) | [v0.17.1](https://github.com/k3s-io/helm-controller/releases/tag/v0.17.1) | [v0.0.36](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.36) | | [v1.34.7+k3s1](v1.34.X.md#release-v1347k3s1) | Apr 27 2026| [v1.34.7](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1347) | [v0.14.16](https://github.com/k3s-io/kine/releases/tag/v0.14.16) | [3.51.3](https://sqlite.org/releaselog/3_51_3.html) | [v3.6.7-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.6.7-k3s1) | [v2.2.3-k3s1](https://github.com/k3s-io/containerd/releases/tag/v2.2.3-k3s1) | [v1.4.2](https://github.com/opencontainers/runc/releases/tag/v1.4.2) | [v0.28.4](https://github.com/flannel-io/flannel/releases/tag/v0.28.4) | [v0.8.1](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.8.1) | [v3.6.13](https://github.com/traefik/traefik/releases/tag/v3.6.13) | [v1.14.2](https://github.com/coredns/coredns/releases/tag/v1.14.2) | [v0.17.1](https://github.com/k3s-io/helm-controller/releases/tag/v0.17.1) | [v0.0.35](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.35) | | [v1.34.6+k3s1](v1.34.X.md#release-v1346k3s1) | Mar 28 2026| [v1.34.6](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#v1346) | [v0.14.14](https://github.com/k3s-io/kine/releases/tag/v0.14.14) | [3.51.2](https://sqlite.org/releaselog/3_51_2.html) | [v3.6.7-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.6.7-k3s1) | [v2.2.2-bd1.34](https://github.com/k3s-io/containerd/releases/tag/v2.2.2-bd1.34) | [v1.4.1](https://github.com/opencontainers/runc/releases/tag/v1.4.1) | [v0.28.2](https://github.com/flannel-io/flannel/releases/tag/v0.28.2) | [v0.8.1](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.8.1) | [v3.6.10](https://github.com/traefik/traefik/releases/tag/v3.6.10) | [v1.14.2](https://github.com/coredns/coredns/releases/tag/v1.14.2) | [v0.16.17](https://github.com/k3s-io/helm-controller/releases/tag/v0.16.17) | [v0.0.35](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.35) | @@ -23,295 +24,318 @@ Before upgrading from earlier releases, be sure to read the Kubernetes [Urgent U
+## Release [v1.34.9+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.34.9+k3s1) + +> [!WARNING] +> This release upgrades Traefik chart to v40.x which includes a breaking change for the ingress-nginx migration: the provider name changes from `kubernetesIngressNginx` to `kubernetesIngressNGINX`. Check https://github.com/traefik/traefik-helm-chart/releases/tag/v40.0.0 for more details + +This release updates Kubernetes to v1.34.9, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#changelog-since-v1348). + +### Changes since v1.34.8+k3s1: + +* Backport GitHub Action SHA pin updates from main [(#14125)](https://github.com/k3s-io/k3s/pull/14125) +* Backports for 2026-06 [(#14154)](https://github.com/k3s-io/k3s/pull/14154) +* Bump v3.7.4 Traefik [(#14195)](https://github.com/k3s-io/k3s/pull/14195) +* More backports for 2026-06 [(#14216)](https://github.com/k3s-io/k3s/pull/14216) +* Testing Backports 2026-06 [(#14215)](https://github.com/k3s-io/k3s/pull/14215) +* Bump klipper-helm for CVE reasons [(#14239)](https://github.com/k3s-io/k3s/pull/14239) +* Bump containerd with the fix for []byte [(#14242)](https://github.com/k3s-io/k3s/pull/14242) +* Update to v1.34.9-k3s1 and Go 1.25.11 [(#14228)](https://github.com/k3s-io/k3s/pull/14228) +* Bump containerd to v2.2.5-k3s1 [(#14255)](https://github.com/k3s-io/k3s/pull/14255) +* Bump cri-api and containerd for upstream env string fix [(#14279)](https://github.com/k3s-io/k3s/pull/14279) + +----- ## Release [v1.34.8+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.34.8+k3s1) - - -This release updates Kubernetes to v1.34.8, and fixes a number of issues. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#changelog-since-v1347). - -### Changes since v1.34.7+k3s1: - -* Backports for 2026-05 [(#14034)](https://github.com/k3s-io/k3s/pull/14034) -* Update rancher/local-path-provisioner image version [(#14044)](https://github.com/k3s-io/k3s/pull/14044) -* Update to v1.34.8-k3s1 and Go 1.25.9 [(#14049)](https://github.com/k3s-io/k3s/pull/14049) -* Bump klipper-helm image tag [(#14057)](https://github.com/k3s-io/k3s/pull/14057) - + + +This release updates Kubernetes to v1.34.8, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#changelog-since-v1347). + +### Changes since v1.34.7+k3s1: + +* Backports for 2026-05 [(#14034)](https://github.com/k3s-io/k3s/pull/14034) +* Update rancher/local-path-provisioner image version [(#14044)](https://github.com/k3s-io/k3s/pull/14044) +* Update to v1.34.8-k3s1 and Go 1.25.9 [(#14049)](https://github.com/k3s-io/k3s/pull/14049) +* Bump klipper-helm image tag [(#14057)](https://github.com/k3s-io/k3s/pull/14057) + ----- ## Release [v1.34.7+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.34.7+k3s1) - - -This release updates Kubernetes to v1.34.7, and fixes a number of issues. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#changelog-since-v1346). - -### Changes since v1.34.6+k3s1: - -* Immutable release changes [(#13900)](https://github.com/k3s-io/k3s/pull/13900) -* Backports for 2026-04 [(#13930)](https://github.com/k3s-io/k3s/pull/13930) -* Bump flannel to v0.28.4 [(#13941)](https://github.com/k3s-io/k3s/pull/13941) -* Bump traefik to 3.6.12 [(#13927)](https://github.com/k3s-io/k3s/pull/13927) -* Update to v1.34.7-k3s1 and Go 1.25.9 [(#13947)](https://github.com/k3s-io/k3s/pull/13947) -* Switch from draft to pre-release [(#13949)](https://github.com/k3s-io/k3s/pull/13949) -* Bump Traefik to 3.6.13 (#13969) [(#13971)](https://github.com/k3s-io/k3s/pull/13971) -* Fix SANs added from comma-separated node-external-ip list [(#13991)](https://github.com/k3s-io/k3s/pull/13991) -* Bump klipper-helm image for revision check fix [(#13997)](https://github.com/k3s-io/k3s/pull/13997) - + + +This release updates Kubernetes to v1.34.7, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#changelog-since-v1346). + +### Changes since v1.34.6+k3s1: + +* Immutable release changes [(#13900)](https://github.com/k3s-io/k3s/pull/13900) +* Backports for 2026-04 [(#13930)](https://github.com/k3s-io/k3s/pull/13930) +* Bump flannel to v0.28.4 [(#13941)](https://github.com/k3s-io/k3s/pull/13941) +* Bump traefik to 3.6.12 [(#13927)](https://github.com/k3s-io/k3s/pull/13927) +* Update to v1.34.7-k3s1 and Go 1.25.9 [(#13947)](https://github.com/k3s-io/k3s/pull/13947) +* Switch from draft to pre-release [(#13949)](https://github.com/k3s-io/k3s/pull/13949) +* Bump Traefik to 3.6.13 (#13969) [(#13971)](https://github.com/k3s-io/k3s/pull/13971) +* Fix SANs added from comma-separated node-external-ip list [(#13991)](https://github.com/k3s-io/k3s/pull/13991) +* Bump klipper-helm image for revision check fix [(#13997)](https://github.com/k3s-io/k3s/pull/13997) + ----- ## Release [v1.34.6+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.34.6+k3s1) - - -This release updates Kubernetes to v1.34.6, and fixes a number of issues. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#changelog-since-v1345). - -### Changes since v1.34.5+k3s1: - -* Bump to coredns 1.14.2 [(#13758)](https://github.com/k3s-io/k3s/pull/13758) -* Save cluster state before reencrypting secrets with newly created key [(#13772)](https://github.com/k3s-io/k3s/pull/13772) -* Backports for 2026-03 [(#13790)](https://github.com/k3s-io/k3s/pull/13790) -* Bump runc to v1.4.1 [(#13798)](https://github.com/k3s-io/k3s/pull/13798) -* Bump Traefik helm chart version [(#13812)](https://github.com/k3s-io/k3s/pull/13812) -* Bump cni plugins to v1.9.1 [(#13823)](https://github.com/k3s-io/k3s/pull/13823) -* Simplify snapshot compress/decompress logic [(#13828)](https://github.com/k3s-io/k3s/pull/13828) -* Update to v1.34.6-k3s1 and Go 1.24.13 [(#13834)](https://github.com/k3s-io/k3s/pull/13834) -* Chore: Update Trivy version in Dockerfile.dapper [(#13850)](https://github.com/k3s-io/k3s/pull/13850) -* Update to flannel v0.28.2 [(#13869)](https://github.com/k3s-io/k3s/pull/13869) - + + +This release updates Kubernetes to v1.34.6, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#changelog-since-v1345). + +### Changes since v1.34.5+k3s1: + +* Bump to coredns 1.14.2 [(#13758)](https://github.com/k3s-io/k3s/pull/13758) +* Save cluster state before reencrypting secrets with newly created key [(#13772)](https://github.com/k3s-io/k3s/pull/13772) +* Backports for 2026-03 [(#13790)](https://github.com/k3s-io/k3s/pull/13790) +* Bump runc to v1.4.1 [(#13798)](https://github.com/k3s-io/k3s/pull/13798) +* Bump Traefik helm chart version [(#13812)](https://github.com/k3s-io/k3s/pull/13812) +* Bump cni plugins to v1.9.1 [(#13823)](https://github.com/k3s-io/k3s/pull/13823) +* Simplify snapshot compress/decompress logic [(#13828)](https://github.com/k3s-io/k3s/pull/13828) +* Update to v1.34.6-k3s1 and Go 1.24.13 [(#13834)](https://github.com/k3s-io/k3s/pull/13834) +* Chore: Update Trivy version in Dockerfile.dapper [(#13850)](https://github.com/k3s-io/k3s/pull/13850) +* Update to flannel v0.28.2 [(#13869)](https://github.com/k3s-io/k3s/pull/13869) + ----- ## Release [v1.34.5+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.34.5+k3s1) - - -This release updates Kubernetes to v1.34.5, and fixes a number of issues. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#changelog-since-v1344). - -### Changes since v1.34.4+k3s1: - -* Rootlesskit Revert + Test Fixes [(#13682)](https://github.com/k3s-io/k3s/pull/13682) -* Backports for 2026-02 BONUS RELEASE [(#13691)](https://github.com/k3s-io/k3s/pull/13691) -* Bump Traefik to v3.6.9 [(#13702)](https://github.com/k3s-io/k3s/pull/13702) -* Update to v1.34.5-k3s1 and Go 1.24.13 [(#13706)](https://github.com/k3s-io/k3s/pull/13706) - + + +This release updates Kubernetes to v1.34.5, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#changelog-since-v1344). + +### Changes since v1.34.4+k3s1: + +* Rootlesskit Revert + Test Fixes [(#13682)](https://github.com/k3s-io/k3s/pull/13682) +* Backports for 2026-02 BONUS RELEASE [(#13691)](https://github.com/k3s-io/k3s/pull/13691) +* Bump Traefik to v3.6.9 [(#13702)](https://github.com/k3s-io/k3s/pull/13702) +* Update to v1.34.5-k3s1 and Go 1.24.13 [(#13706)](https://github.com/k3s-io/k3s/pull/13706) + ----- ## Release [v1.34.4+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.34.4+k3s1) - - -This release updates Kubernetes to v1.34.4, and fixes a number of issues. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#changelog-since-v1343). - -### Changes since v1.34.3+k3s3: - -* Explicitly close mvcc backend to fix high CPU on initial etcd server after restart [(#13571)](https://github.com/k3s-io/k3s/pull/13571) -* Backports for 2026-02 [(#13581)](https://github.com/k3s-io/k3s/pull/13581) -* Bump kine for list/watch revision fixes [(#13577)](https://github.com/k3s-io/k3s/pull/13577) -* Fix VPN node IP not being applied to kubelet [(#13561)](https://github.com/k3s-io/k3s/pull/13561) -* Bulk Backports 2026-02 [(#13565)](https://github.com/k3s-io/k3s/pull/13565) -* Bump to coredns 1.14.1 and metrics-server v0.8.1 [(#13609)](https://github.com/k3s-io/k3s/pull/13609) -* Add registry prefix to image-list file [(#13601)](https://github.com/k3s-io/k3s/pull/13601) -* Bump klipper-helm and klipper-lb images [(#13620)](https://github.com/k3s-io/k3s/pull/13620) -* Fix removal of init node [(#13631)](https://github.com/k3s-io/k3s/pull/13631) -* Update to v1.34.4-k3s1 and Go 1.24.12 [(#13636)](https://github.com/k3s-io/k3s/pull/13636) - + + +This release updates Kubernetes to v1.34.4, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#changelog-since-v1343). + +### Changes since v1.34.3+k3s3: + +* Explicitly close mvcc backend to fix high CPU on initial etcd server after restart [(#13571)](https://github.com/k3s-io/k3s/pull/13571) +* Backports for 2026-02 [(#13581)](https://github.com/k3s-io/k3s/pull/13581) +* Bump kine for list/watch revision fixes [(#13577)](https://github.com/k3s-io/k3s/pull/13577) +* Fix VPN node IP not being applied to kubelet [(#13561)](https://github.com/k3s-io/k3s/pull/13561) +* Bulk Backports 2026-02 [(#13565)](https://github.com/k3s-io/k3s/pull/13565) +* Bump to coredns 1.14.1 and metrics-server v0.8.1 [(#13609)](https://github.com/k3s-io/k3s/pull/13609) +* Add registry prefix to image-list file [(#13601)](https://github.com/k3s-io/k3s/pull/13601) +* Bump klipper-helm and klipper-lb images [(#13620)](https://github.com/k3s-io/k3s/pull/13620) +* Fix removal of init node [(#13631)](https://github.com/k3s-io/k3s/pull/13631) +* Update to v1.34.4-k3s1 and Go 1.24.12 [(#13636)](https://github.com/k3s-io/k3s/pull/13636) + ----- ## Release [v1.34.3+k3s3](https://github.com/k3s-io/k3s/releases/tag/v1.34.3+k3s3) - - -This release updates Kubernetes to v1.34.3, and fixes a number of issues. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#changelog-since-v1343). - -### Changes since v1.34.3+k3s1: - -* Add firewall section to check-config.sh [(#13391)](https://github.com/k3s-io/k3s/pull/13391) -* Expand docker upgrade test, sunset E2E upgrade test [(#13399)](https://github.com/k3s-io/k3s/pull/13399) -* Allow k3s secrets-encrypt enable on existing clusters [(#13404)](https://github.com/k3s-io/k3s/pull/13404) -* Chore: Bump charts - Jan 2025 [(#13421)](https://github.com/k3s-io/k3s/pull/13421) -* Bump local path provisioner to v0.0.34 [(#13427)](https://github.com/k3s-io/k3s/pull/13427) -* Backports for 2026-01 [(#13447)](https://github.com/k3s-io/k3s/pull/13447) -* Bump to coredns 1.14.0 [(#13452)](https://github.com/k3s-io/k3s/pull/13452) -* Rootless ports: add support for udp [(#13460)](https://github.com/k3s-io/k3s/pull/13460) -* Update Traefik version to v3.6.7 [(#13483)](https://github.com/k3s-io/k3s/pull/13483) -* Bump etcd to v3.6.7 [(#13496)](https://github.com/k3s-io/k3s/pull/13496) -* Update to v1.34.3-k3s3 and Go 1.24.11 [(#13522)](https://github.com/k3s-io/k3s/pull/13522) -* Fix restart of control-plane-only nodes attempting to reconcile from local datastore [(#13536)](https://github.com/k3s-io/k3s/pull/13536) - + + +This release updates Kubernetes to v1.34.3, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#changelog-since-v1343). + +### Changes since v1.34.3+k3s1: + +* Add firewall section to check-config.sh [(#13391)](https://github.com/k3s-io/k3s/pull/13391) +* Expand docker upgrade test, sunset E2E upgrade test [(#13399)](https://github.com/k3s-io/k3s/pull/13399) +* Allow k3s secrets-encrypt enable on existing clusters [(#13404)](https://github.com/k3s-io/k3s/pull/13404) +* Chore: Bump charts - Jan 2025 [(#13421)](https://github.com/k3s-io/k3s/pull/13421) +* Bump local path provisioner to v0.0.34 [(#13427)](https://github.com/k3s-io/k3s/pull/13427) +* Backports for 2026-01 [(#13447)](https://github.com/k3s-io/k3s/pull/13447) +* Bump to coredns 1.14.0 [(#13452)](https://github.com/k3s-io/k3s/pull/13452) +* Rootless ports: add support for udp [(#13460)](https://github.com/k3s-io/k3s/pull/13460) +* Update Traefik version to v3.6.7 [(#13483)](https://github.com/k3s-io/k3s/pull/13483) +* Bump etcd to v3.6.7 [(#13496)](https://github.com/k3s-io/k3s/pull/13496) +* Update to v1.34.3-k3s3 and Go 1.24.11 [(#13522)](https://github.com/k3s-io/k3s/pull/13522) +* Fix restart of control-plane-only nodes attempting to reconcile from local datastore [(#13536)](https://github.com/k3s-io/k3s/pull/13536) + ----- ## Release [v1.34.3+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.34.3+k3s1) - - -This release updates Kubernetes to v1.34.3, and fixes a number of issues. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#changelog-since-v1342). - -### Changes since v1.34.2+k3s1: - -* Update busybox to 1.37.0 [(#13241)](https://github.com/k3s-io/k3s/pull/13241) -* Add multus e2e test [(#13264)](https://github.com/k3s-io/k3s/pull/13264) -* Backports for 2025-12 [(#13251)](https://github.com/k3s-io/k3s/pull/13251) - * Add docker dualstack test - * Fix windows build os - * Fix for clusters with few nodes and a lot of pod churn when webhooks are accessed using egress-selector - * Fix spegel sharing of imported images - * Bump opencontainers/selinux - * Remove remaining references to drone - * Bump actions/checkout from 5 to 6 - * Reorganize Executor interface to make CNI startup part of Executor implementation - * Bump kine and etcd - * Bump runc to v1.4.0 - * Consolidate test util functions - * Define DefaultHelmJobImage in K3s, overriding what helm-controller defaults to - * Bump actions/setup-go from 5 to 6 -* Fix tailscale setup in case of an already running configuration [(#13267)](https://github.com/k3s-io/k3s/pull/13267) -* Update kube-router to v2.6.2 [(#13288)](https://github.com/k3s-io/k3s/pull/13288) -* Update to v1.34.3-k3s1 and Go 1.24.11 [(#13306)](https://github.com/k3s-io/k3s/pull/13306) -* Fix cross-platform image save [(#13310)](https://github.com/k3s-io/k3s/pull/13310) -* Bump kine to v0.14.9 [(#13318)](https://github.com/k3s-io/k3s/pull/13318) -* Fix arm airgap platforms [(#13331)](https://github.com/k3s-io/k3s/pull/13331) -* Reuse airgap image release action [(#13337)](https://github.com/k3s-io/k3s/pull/13337) -* Fix release workflow [(#13339)](https://github.com/k3s-io/k3s/pull/13339) -* Combine airgap and binary publishing steps [(#13340)](https://github.com/k3s-io/k3s/pull/13340) -* Validate collected release artifact list before uploading [(#13350)](https://github.com/k3s-io/k3s/pull/13350) -* Override DefaultHelmJob at build time [(#13361)](https://github.com/k3s-io/k3s/pull/13361) - + + +This release updates Kubernetes to v1.34.3, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#changelog-since-v1342). + +### Changes since v1.34.2+k3s1: + +* Update busybox to 1.37.0 [(#13241)](https://github.com/k3s-io/k3s/pull/13241) +* Add multus e2e test [(#13264)](https://github.com/k3s-io/k3s/pull/13264) +* Backports for 2025-12 [(#13251)](https://github.com/k3s-io/k3s/pull/13251) + * Add docker dualstack test + * Fix windows build os + * Fix for clusters with few nodes and a lot of pod churn when webhooks are accessed using egress-selector + * Fix spegel sharing of imported images + * Bump opencontainers/selinux + * Remove remaining references to drone + * Bump actions/checkout from 5 to 6 + * Reorganize Executor interface to make CNI startup part of Executor implementation + * Bump kine and etcd + * Bump runc to v1.4.0 + * Consolidate test util functions + * Define DefaultHelmJobImage in K3s, overriding what helm-controller defaults to + * Bump actions/setup-go from 5 to 6 +* Fix tailscale setup in case of an already running configuration [(#13267)](https://github.com/k3s-io/k3s/pull/13267) +* Update kube-router to v2.6.2 [(#13288)](https://github.com/k3s-io/k3s/pull/13288) +* Update to v1.34.3-k3s1 and Go 1.24.11 [(#13306)](https://github.com/k3s-io/k3s/pull/13306) +* Fix cross-platform image save [(#13310)](https://github.com/k3s-io/k3s/pull/13310) +* Bump kine to v0.14.9 [(#13318)](https://github.com/k3s-io/k3s/pull/13318) +* Fix arm airgap platforms [(#13331)](https://github.com/k3s-io/k3s/pull/13331) +* Reuse airgap image release action [(#13337)](https://github.com/k3s-io/k3s/pull/13337) +* Fix release workflow [(#13339)](https://github.com/k3s-io/k3s/pull/13339) +* Combine airgap and binary publishing steps [(#13340)](https://github.com/k3s-io/k3s/pull/13340) +* Validate collected release artifact list before uploading [(#13350)](https://github.com/k3s-io/k3s/pull/13350) +* Override DefaultHelmJob at build time [(#13361)](https://github.com/k3s-io/k3s/pull/13361) + ----- ## Release [v1.34.2+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.34.2+k3s1) - - -This release updates Kubernetes to v1.34.2, and fixes a number of issues. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#changelog-since-v1341). - -### Changes since v1.34.1+k3s1: - -* Bump traefik to 3.5.1 [(#12957)](https://github.com/k3s-io/k3s/pull/12957) -* Fix garbled CLI [(#13032)](https://github.com/k3s-io/k3s/pull/13032) -* Update flannel, kube-router and cni plugins [(#13040)](https://github.com/k3s-io/k3s/pull/13040) -* Backports for 2025-10 [(#13057)](https://github.com/k3s-io/k3s/pull/13057) - * Fix netpol fatal error when changing node IP - * Bump dynamiclistener for stacked update fix - * Bump Klipper Helm and Helm Controller version - * Fix IPv6 handling for loadbalancer addresses - * Fix multiple issues with server shutdown sequencing - * Fix etcd member promotion - * Bump spegel to v0.4.0 - * Fix kine metrics registration without --kine-tls - * Bump kine to v0.14.2 - * Fix: default forward after override imports - * Fix handling of vendored dependencies in version script - * Fix helm controller apiserver address for bootstrap charts on ipv6-only nodes - * Create dynamic-cert-regenerate file in CA cert rotation handler - * Fix ability to rotate server token to an invalid format - * Drop calls to rand.Seed - * Bump kine for postgres object count fix - * Bump kine=v0.14.4, etcd=v3.6.5 - * Bump coredns to 1.13.1 -* Update dispatch script [(#13078)](https://github.com/k3s-io/k3s/pull/13078) -* Bump helm-controller/klipper-helm [(#13091)](https://github.com/k3s-io/k3s/pull/13091) -* Backports for 2025-11 [(#13125)](https://github.com/k3s-io/k3s/pull/13125) -* Inclusive naming proposal [(#13132)](https://github.com/k3s-io/k3s/pull/13132) -* Migrate release pipelines into GitHub Actions [(#13119)](https://github.com/k3s-io/k3s/pull/13119) -* Bump runc to v1.3.3 [(#13144)](https://github.com/k3s-io/k3s/pull/13144) -* Add Prime assets upload [(#13159)](https://github.com/k3s-io/k3s/pull/13159) -* More backports for 2025-11 [(#13177)](https://github.com/k3s-io/k3s/pull/13177) -* Bump klipper-helm and helm-controller [(#13193)](https://github.com/k3s-io/k3s/pull/13193) -* Update to v1.34.2-k3s1 and Go 1.24.9 [(#13199)](https://github.com/k3s-io/k3s/pull/13199) -* Add id-token [(#13208)](https://github.com/k3s-io/k3s/pull/13208) - + + +This release updates Kubernetes to v1.34.2, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#changelog-since-v1341). + +### Changes since v1.34.1+k3s1: + +* Bump traefik to 3.5.1 [(#12957)](https://github.com/k3s-io/k3s/pull/12957) +* Fix garbled CLI [(#13032)](https://github.com/k3s-io/k3s/pull/13032) +* Update flannel, kube-router and cni plugins [(#13040)](https://github.com/k3s-io/k3s/pull/13040) +* Backports for 2025-10 [(#13057)](https://github.com/k3s-io/k3s/pull/13057) + * Fix netpol fatal error when changing node IP + * Bump dynamiclistener for stacked update fix + * Bump Klipper Helm and Helm Controller version + * Fix IPv6 handling for loadbalancer addresses + * Fix multiple issues with server shutdown sequencing + * Fix etcd member promotion + * Bump spegel to v0.4.0 + * Fix kine metrics registration without --kine-tls + * Bump kine to v0.14.2 + * Fix: default forward after override imports + * Fix handling of vendored dependencies in version script + * Fix helm controller apiserver address for bootstrap charts on ipv6-only nodes + * Create dynamic-cert-regenerate file in CA cert rotation handler + * Fix ability to rotate server token to an invalid format + * Drop calls to rand.Seed + * Bump kine for postgres object count fix + * Bump kine=v0.14.4, etcd=v3.6.5 + * Bump coredns to 1.13.1 +* Update dispatch script [(#13078)](https://github.com/k3s-io/k3s/pull/13078) +* Bump helm-controller/klipper-helm [(#13091)](https://github.com/k3s-io/k3s/pull/13091) +* Backports for 2025-11 [(#13125)](https://github.com/k3s-io/k3s/pull/13125) +* Inclusive naming proposal [(#13132)](https://github.com/k3s-io/k3s/pull/13132) +* Migrate release pipelines into GitHub Actions [(#13119)](https://github.com/k3s-io/k3s/pull/13119) +* Bump runc to v1.3.3 [(#13144)](https://github.com/k3s-io/k3s/pull/13144) +* Add Prime assets upload [(#13159)](https://github.com/k3s-io/k3s/pull/13159) +* More backports for 2025-11 [(#13177)](https://github.com/k3s-io/k3s/pull/13177) +* Bump klipper-helm and helm-controller [(#13193)](https://github.com/k3s-io/k3s/pull/13193) +* Update to v1.34.2-k3s1 and Go 1.24.9 [(#13199)](https://github.com/k3s-io/k3s/pull/13199) +* Add id-token [(#13208)](https://github.com/k3s-io/k3s/pull/13208) + ----- ## Release [v1.34.1+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.34.1+k3s1) - - -This release updates Kubernetes to v1.34.1. This is the first k3s release in the 1.34 release line. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#changelog-since-v1330). - -### Changes since v1.33.0+k3s1: - -* Update certification renew alert to 120 days [(#12232)](https://github.com/k3s-io/k3s/pull/12232) - * Renew alert for certification will be 120 days -* Add anonymous-auth to flags gated on empty authorization-config value [(#12246)](https://github.com/k3s-io/k3s/pull/12246) -* Add CLI flag and config file for s3 bucket lookup type [(#12247)](https://github.com/k3s-io/k3s/pull/12247) -* Add support for conditional image tarball imports [(#12237)](https://github.com/k3s-io/k3s/pull/12237) -* Implement certificate check with file-oriented view and usage types [(#12226)](https://github.com/k3s-io/k3s/pull/12226) - * Implement certificate check with file-oriented view and usage types -* Add generation for kube-scheduler and kube-controller-manager certs [(#12285)](https://github.com/k3s-io/k3s/pull/12285) -* Flannel: Use custom type for network mode (IPv4, IPv6, dual-stack) [(#12240)](https://github.com/k3s-io/k3s/pull/12240) -* Bump kine and enable sqlite dbstat [(#12293)](https://github.com/k3s-io/k3s/pull/12293) -* Docs: Remove references to deprecated Vagrantfile [(#12252)](https://github.com/k3s-io/k3s/pull/12252) -* Bump wharfie to v0.7.0 [(#12322)](https://github.com/k3s-io/k3s/pull/12322) -* Fix authorization-config/authentication-config handling [(#12338)](https://github.com/k3s-io/k3s/pull/12338) -* Fix secretsencrypt race conditions [(#12351)](https://github.com/k3s-io/k3s/pull/12351) -* Remove references to master node-role label and taints/tolerations [(#12395)](https://github.com/k3s-io/k3s/pull/12395) -* WAdd Uffizzi as adopter [(#12348)](https://github.com/k3s-io/k3s/pull/12348) -* Fix secrets encryption rotation timeout causing false failures [(#12392)](https://github.com/k3s-io/k3s/pull/12392) -* Improve shebang of bash completion script [(#12303)](https://github.com/k3s-io/k3s/pull/12303) -* Add GHCR image publishing to K3s release [(#12389)](https://github.com/k3s-io/k3s/pull/12389) -* Convert all nightly conformance to golang test framework [(#12422)](https://github.com/k3s-io/k3s/pull/12422) -* Fix: error on distros without VERSION_ID on /etc/os-release [(#12440)](https://github.com/k3s-io/k3s/pull/12440) -* Fix K3s not validating datastore connection when no token is set [(#12396)](https://github.com/k3s-io/k3s/pull/12396) -* Add new topologySpreadConstraints to coredns [(#12434)](https://github.com/k3s-io/k3s/pull/12434) -* Fix conformance labeling on CI, no tty [(#12450)](https://github.com/k3s-io/k3s/pull/12450) -* Switch from endpoints to endpointslices [(#12420)](https://github.com/k3s-io/k3s/pull/12420) -* Define missing top level permissions in CI [(#12469)](https://github.com/k3s-io/k3s/pull/12469) -* Bump dynamiclistener to v0.7.0 [(#12481)](https://github.com/k3s-io/k3s/pull/12481) -* Fix sqlite-etcd migration [(#12482)](https://github.com/k3s-io/k3s/pull/12482) -* Update network components [(#12502)](https://github.com/k3s-io/k3s/pull/12502) -* Fix Nightly Conformance [(#12527)](https://github.com/k3s-io/k3s/pull/12527) -* Fix: Remove unused legacy certificates [(#12541)](https://github.com/k3s-io/k3s/pull/12541) - * Clean up client-kube-proxy.crt and client-k3s-controller.crt certificate files on start -* Add etcdmigration e2e test [(#12528)](https://github.com/k3s-io/k3s/pull/12528) -* Docs: Fix broken links in markdown documentation [(#12550)](https://github.com/k3s-io/k3s/pull/12550) -* Bump alpine from 3.21 to 3.22 in /package [(#12429)](https://github.com/k3s-io/k3s/pull/12429) -* Add usage description for etcd-snapshot [(#12557)](https://github.com/k3s-io/k3s/pull/12557) -* Update to new CRDs [(#12580)](https://github.com/k3s-io/k3s/pull/12580) -* Add basic fuzz test + Enable codeql on GHA [(#12596)](https://github.com/k3s-io/k3s/pull/12596) -* Refac shell completion to a better command structure [(#12590)](https://github.com/k3s-io/k3s/pull/12590) - * K3s completion shell command will now be separate to specific subcommands for bash and zsh -* Add retry around common timeout for hardened docker test [(#12601)](https://github.com/k3s-io/k3s/pull/12601) -* Update kine and use config defaults helper [(#12599)](https://github.com/k3s-io/k3s/pull/12599) -* Bump helm-controller and image [(#12630)](https://github.com/k3s-io/k3s/pull/12630) - * Bump helm to v3.18.4 for GHSA-557j-xg8c-q2mm -* Bump alpine version in Dockerfile.local [(#12644)](https://github.com/k3s-io/k3s/pull/12644) -* Enable branch protection checks for openssf [(#12640)](https://github.com/k3s-io/k3s/pull/12640) -* Emit certs OK event on startup, if no certs need renewal [(#12645)](https://github.com/k3s-io/k3s/pull/12645) -* Update metric help to be more descriptive. [(#12654)](https://github.com/k3s-io/k3s/pull/12654) -* Remove master toleration from manifests [(#12663)](https://github.com/k3s-io/k3s/pull/12663) - * Tolerations for the `node-role.kubernetes.io/master` taint have been removed from packaged manifests. The `master` label and taint have been unused by upstream Kubernetes since 1.26, and are now being removed from K3s as well. -* Bump cri-dockerd to v0.3.19-k3s1 [(#12649)](https://github.com/k3s-io/k3s/pull/12649) -* Fix a couple of small nits in README [(#12665)](https://github.com/k3s-io/k3s/pull/12665) -* Add retention flag specific for s3 [(#12669)](https://github.com/k3s-io/k3s/pull/12669) -* Refactor: replace go-bindata with native embed package [(#12676)](https://github.com/k3s-io/k3s/pull/12676) -* Bump k3s-io/api to fix etcdsnapshotfile status columns [(#12685)](https://github.com/k3s-io/k3s/pull/12685) -* Fix completion command in e2e [(#12693)](https://github.com/k3s-io/k3s/pull/12693) -* Fix fallback DNS for IMDS and IPV6-only [(#12692)](https://github.com/k3s-io/k3s/pull/12692) - * K3s no longer falls back to google DNS (8.8.8.8) as the upstream nameserver when the GCP instance metadata IP is configured as nameserver in the host's resolv.conf. - * K3s now includes an IPv6 address for google DNS when the host's resolv.conf does not contain a valid upstream nameserver. -* Fix --docker with --container-runtime-endpoint [(#12705)](https://github.com/k3s-io/k3s/pull/12705) -* Fix PID tracking for Nightly Conformance [(#12714)](https://github.com/k3s-io/k3s/pull/12714) -* Bump coredns to 1.12.3 [(#12724)](https://github.com/k3s-io/k3s/pull/12724) -* Bump Local Path Provisioner version [(#12710)](https://github.com/k3s-io/k3s/pull/12710) -* Bump metrics-server to v0.8.0 [(#12726)](https://github.com/k3s-io/k3s/pull/12726) -* Fix cert startup check events [(#12744)](https://github.com/k3s-io/k3s/pull/12744) -* Bump rancher libs: wrangler/lasso/remotedialer [(#12784)](https://github.com/k3s-io/k3s/pull/12784) -* Wire cri-dockerd `--log-level=debug` up to k3s `--debug` flag [(#12755)](https://github.com/k3s-io/k3s/pull/12755) -* Fix spegel logging and startup sequence [(#12796)](https://github.com/k3s-io/k3s/pull/12796) -* Do not bootstrap etcd-only nodes from existing supervisor [(#12754)](https://github.com/k3s-io/k3s/pull/12754) -* Add retry on etcd MemberAdd timeout [(#12815)](https://github.com/k3s-io/k3s/pull/12815) -* Bump containerd to v2.1.4 [(#12788)](https://github.com/k3s-io/k3s/pull/12788) -* Retry CRD creation in case of conflict [(#12814)](https://github.com/k3s-io/k3s/pull/12814) -* Bump actions/checkout from 4 to 5 [(#12773)](https://github.com/k3s-io/k3s/pull/12773) -* Wire up kine metrics [(#12831)](https://github.com/k3s-io/k3s/pull/12831) -* Fix etcd join timeout handling [(#12833)](https://github.com/k3s-io/k3s/pull/12833) -* Wire up remotedialer metrics [(#12832)](https://github.com/k3s-io/k3s/pull/12832) -* Bump k3s-root to v0.15.0 [(#12853)](https://github.com/k3s-io/k3s/pull/12853) - * The bundled userspace binaries are now built from the buildroot 2025.02 LTS branch. - * The bundled nft binary now supports json output, required for compatibility with kube-proxy's nft proxier. -* Update to Kubernetes v1.34 [(#12854)](https://github.com/k3s-io/k3s/pull/12854) -* Add opencontainers/runc pin to v1.3.1 [(#12864)](https://github.com/k3s-io/k3s/pull/12864) -* Move data dir into position before creating CNI symlinks [(#12876)](https://github.com/k3s-io/k3s/pull/12876) -* Update to v1.34.1 and Go 1.24.6 [(#12896)](https://github.com/k3s-io/k3s/pull/12896) - - + + +This release updates Kubernetes to v1.34.1. This is the first k3s release in the 1.34 release line. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.34.md#changelog-since-v1330). + +### Changes since v1.33.0+k3s1: + +* Update certification renew alert to 120 days [(#12232)](https://github.com/k3s-io/k3s/pull/12232) + * Renew alert for certification will be 120 days +* Add anonymous-auth to flags gated on empty authorization-config value [(#12246)](https://github.com/k3s-io/k3s/pull/12246) +* Add CLI flag and config file for s3 bucket lookup type [(#12247)](https://github.com/k3s-io/k3s/pull/12247) +* Add support for conditional image tarball imports [(#12237)](https://github.com/k3s-io/k3s/pull/12237) +* Implement certificate check with file-oriented view and usage types [(#12226)](https://github.com/k3s-io/k3s/pull/12226) + * Implement certificate check with file-oriented view and usage types +* Add generation for kube-scheduler and kube-controller-manager certs [(#12285)](https://github.com/k3s-io/k3s/pull/12285) +* Flannel: Use custom type for network mode (IPv4, IPv6, dual-stack) [(#12240)](https://github.com/k3s-io/k3s/pull/12240) +* Bump kine and enable sqlite dbstat [(#12293)](https://github.com/k3s-io/k3s/pull/12293) +* Docs: Remove references to deprecated Vagrantfile [(#12252)](https://github.com/k3s-io/k3s/pull/12252) +* Bump wharfie to v0.7.0 [(#12322)](https://github.com/k3s-io/k3s/pull/12322) +* Fix authorization-config/authentication-config handling [(#12338)](https://github.com/k3s-io/k3s/pull/12338) +* Fix secretsencrypt race conditions [(#12351)](https://github.com/k3s-io/k3s/pull/12351) +* Remove references to master node-role label and taints/tolerations [(#12395)](https://github.com/k3s-io/k3s/pull/12395) +* WAdd Uffizzi as adopter [(#12348)](https://github.com/k3s-io/k3s/pull/12348) +* Fix secrets encryption rotation timeout causing false failures [(#12392)](https://github.com/k3s-io/k3s/pull/12392) +* Improve shebang of bash completion script [(#12303)](https://github.com/k3s-io/k3s/pull/12303) +* Add GHCR image publishing to K3s release [(#12389)](https://github.com/k3s-io/k3s/pull/12389) +* Convert all nightly conformance to golang test framework [(#12422)](https://github.com/k3s-io/k3s/pull/12422) +* Fix: error on distros without VERSION_ID on /etc/os-release [(#12440)](https://github.com/k3s-io/k3s/pull/12440) +* Fix K3s not validating datastore connection when no token is set [(#12396)](https://github.com/k3s-io/k3s/pull/12396) +* Add new topologySpreadConstraints to coredns [(#12434)](https://github.com/k3s-io/k3s/pull/12434) +* Fix conformance labeling on CI, no tty [(#12450)](https://github.com/k3s-io/k3s/pull/12450) +* Switch from endpoints to endpointslices [(#12420)](https://github.com/k3s-io/k3s/pull/12420) +* Define missing top level permissions in CI [(#12469)](https://github.com/k3s-io/k3s/pull/12469) +* Bump dynamiclistener to v0.7.0 [(#12481)](https://github.com/k3s-io/k3s/pull/12481) +* Fix sqlite-etcd migration [(#12482)](https://github.com/k3s-io/k3s/pull/12482) +* Update network components [(#12502)](https://github.com/k3s-io/k3s/pull/12502) +* Fix Nightly Conformance [(#12527)](https://github.com/k3s-io/k3s/pull/12527) +* Fix: Remove unused legacy certificates [(#12541)](https://github.com/k3s-io/k3s/pull/12541) + * Clean up client-kube-proxy.crt and client-k3s-controller.crt certificate files on start +* Add etcdmigration e2e test [(#12528)](https://github.com/k3s-io/k3s/pull/12528) +* Docs: Fix broken links in markdown documentation [(#12550)](https://github.com/k3s-io/k3s/pull/12550) +* Bump alpine from 3.21 to 3.22 in /package [(#12429)](https://github.com/k3s-io/k3s/pull/12429) +* Add usage description for etcd-snapshot [(#12557)](https://github.com/k3s-io/k3s/pull/12557) +* Update to new CRDs [(#12580)](https://github.com/k3s-io/k3s/pull/12580) +* Add basic fuzz test + Enable codeql on GHA [(#12596)](https://github.com/k3s-io/k3s/pull/12596) +* Refac shell completion to a better command structure [(#12590)](https://github.com/k3s-io/k3s/pull/12590) + * K3s completion shell command will now be separate to specific subcommands for bash and zsh +* Add retry around common timeout for hardened docker test [(#12601)](https://github.com/k3s-io/k3s/pull/12601) +* Update kine and use config defaults helper [(#12599)](https://github.com/k3s-io/k3s/pull/12599) +* Bump helm-controller and image [(#12630)](https://github.com/k3s-io/k3s/pull/12630) + * Bump helm to v3.18.4 for GHSA-557j-xg8c-q2mm +* Bump alpine version in Dockerfile.local [(#12644)](https://github.com/k3s-io/k3s/pull/12644) +* Enable branch protection checks for openssf [(#12640)](https://github.com/k3s-io/k3s/pull/12640) +* Emit certs OK event on startup, if no certs need renewal [(#12645)](https://github.com/k3s-io/k3s/pull/12645) +* Update metric help to be more descriptive. [(#12654)](https://github.com/k3s-io/k3s/pull/12654) +* Remove master toleration from manifests [(#12663)](https://github.com/k3s-io/k3s/pull/12663) + * Tolerations for the `node-role.kubernetes.io/master` taint have been removed from packaged manifests. The `master` label and taint have been unused by upstream Kubernetes since 1.26, and are now being removed from K3s as well. +* Bump cri-dockerd to v0.3.19-k3s1 [(#12649)](https://github.com/k3s-io/k3s/pull/12649) +* Fix a couple of small nits in README [(#12665)](https://github.com/k3s-io/k3s/pull/12665) +* Add retention flag specific for s3 [(#12669)](https://github.com/k3s-io/k3s/pull/12669) +* Refactor: replace go-bindata with native embed package [(#12676)](https://github.com/k3s-io/k3s/pull/12676) +* Bump k3s-io/api to fix etcdsnapshotfile status columns [(#12685)](https://github.com/k3s-io/k3s/pull/12685) +* Fix completion command in e2e [(#12693)](https://github.com/k3s-io/k3s/pull/12693) +* Fix fallback DNS for IMDS and IPV6-only [(#12692)](https://github.com/k3s-io/k3s/pull/12692) + * K3s no longer falls back to google DNS (8.8.8.8) as the upstream nameserver when the GCP instance metadata IP is configured as nameserver in the host's resolv.conf. + * K3s now includes an IPv6 address for google DNS when the host's resolv.conf does not contain a valid upstream nameserver. +* Fix --docker with --container-runtime-endpoint [(#12705)](https://github.com/k3s-io/k3s/pull/12705) +* Fix PID tracking for Nightly Conformance [(#12714)](https://github.com/k3s-io/k3s/pull/12714) +* Bump coredns to 1.12.3 [(#12724)](https://github.com/k3s-io/k3s/pull/12724) +* Bump Local Path Provisioner version [(#12710)](https://github.com/k3s-io/k3s/pull/12710) +* Bump metrics-server to v0.8.0 [(#12726)](https://github.com/k3s-io/k3s/pull/12726) +* Fix cert startup check events [(#12744)](https://github.com/k3s-io/k3s/pull/12744) +* Bump rancher libs: wrangler/lasso/remotedialer [(#12784)](https://github.com/k3s-io/k3s/pull/12784) +* Wire cri-dockerd `--log-level=debug` up to k3s `--debug` flag [(#12755)](https://github.com/k3s-io/k3s/pull/12755) +* Fix spegel logging and startup sequence [(#12796)](https://github.com/k3s-io/k3s/pull/12796) +* Do not bootstrap etcd-only nodes from existing supervisor [(#12754)](https://github.com/k3s-io/k3s/pull/12754) +* Add retry on etcd MemberAdd timeout [(#12815)](https://github.com/k3s-io/k3s/pull/12815) +* Bump containerd to v2.1.4 [(#12788)](https://github.com/k3s-io/k3s/pull/12788) +* Retry CRD creation in case of conflict [(#12814)](https://github.com/k3s-io/k3s/pull/12814) +* Bump actions/checkout from 4 to 5 [(#12773)](https://github.com/k3s-io/k3s/pull/12773) +* Wire up kine metrics [(#12831)](https://github.com/k3s-io/k3s/pull/12831) +* Fix etcd join timeout handling [(#12833)](https://github.com/k3s-io/k3s/pull/12833) +* Wire up remotedialer metrics [(#12832)](https://github.com/k3s-io/k3s/pull/12832) +* Bump k3s-root to v0.15.0 [(#12853)](https://github.com/k3s-io/k3s/pull/12853) + * The bundled userspace binaries are now built from the buildroot 2025.02 LTS branch. + * The bundled nft binary now supports json output, required for compatibility with kube-proxy's nft proxier. +* Update to Kubernetes v1.34 [(#12854)](https://github.com/k3s-io/k3s/pull/12854) +* Add opencontainers/runc pin to v1.3.1 [(#12864)](https://github.com/k3s-io/k3s/pull/12864) +* Move data dir into position before creating CNI symlinks [(#12876)](https://github.com/k3s-io/k3s/pull/12876) +* Update to v1.34.1 and Go 1.24.6 [(#12896)](https://github.com/k3s-io/k3s/pull/12896) + + ----- diff --git a/docs/release-notes/v1.35.X.md b/docs/release-notes/v1.35.X.md index 9be5ea012..93dd4eefd 100644 --- a/docs/release-notes/v1.35.X.md +++ b/docs/release-notes/v1.35.X.md @@ -11,6 +11,7 @@ Before upgrading from earlier releases, be sure to read the Kubernetes [Urgent U | Version | Release date | Kubernetes | Kine | SQLite | Etcd | Containerd | Runc | Flannel | Metrics-server | Traefik | CoreDNS | Helm-controller | Local-path-provisioner | | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | +| [v1.35.6+k3s1](v1.35.X.md#release-v1356k3s1) | Jun 24 2026| [v1.35.6](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1356) | [v0.16.1](https://github.com/k3s-io/kine/releases/tag/v0.16.1) | [3.53.0](https://sqlite.org/releaselog/3_53_0.html) | [v3.6.12-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.6.12-k3s1) | [v2.2.5-k3s2](https://github.com/k3s-io/containerd/releases/tag/v2.2.5-k3s2) | [v1.4.2](https://github.com/opencontainers/runc/releases/tag/v1.4.2) | [v0.28.4](https://github.com/flannel-io/flannel/releases/tag/v0.28.4) | [v0.8.1](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.8.1) | [v3.7.4](https://github.com/traefik/traefik/releases/tag/v3.7.4) | [v1.14.4](https://github.com/coredns/coredns/releases/tag/v1.14.4) | [v0.17.1](https://github.com/k3s-io/helm-controller/releases/tag/v0.17.1) | [v0.0.36](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.36) | | [v1.35.5+k3s1](v1.35.X.md#release-v1355k3s1) | May 20 2026| [v1.35.5](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1355) | [v0.15.0](https://github.com/k3s-io/kine/releases/tag/v0.15.0) | [3.53.0](https://sqlite.org/releaselog/3_53_0.html) | [v3.6.7-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.6.7-k3s1) | [v2.2.3-k3s1](https://github.com/k3s-io/containerd/releases/tag/v2.2.3-k3s1) | [v1.4.2](https://github.com/opencontainers/runc/releases/tag/v1.4.2) | [v0.28.4](https://github.com/flannel-io/flannel/releases/tag/v0.28.4) | [v0.8.1](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.8.1) | [v3.6.13](https://github.com/traefik/traefik/releases/tag/v3.6.13) | [v1.14.3](https://github.com/coredns/coredns/releases/tag/v1.14.3) | [v0.17.1](https://github.com/k3s-io/helm-controller/releases/tag/v0.17.1) | [v0.0.36](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.36) | | [v1.35.4+k3s1](v1.35.X.md#release-v1354k3s1) | Apr 27 2026| [v1.35.4](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1354) | [v0.14.16](https://github.com/k3s-io/kine/releases/tag/v0.14.16) | [3.51.3](https://sqlite.org/releaselog/3_51_3.html) | [v3.6.7-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.6.7-k3s1) | [v2.2.3-k3s1](https://github.com/k3s-io/containerd/releases/tag/v2.2.3-k3s1) | [v1.4.2](https://github.com/opencontainers/runc/releases/tag/v1.4.2) | [v0.28.4](https://github.com/flannel-io/flannel/releases/tag/v0.28.4) | [v0.8.1](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.8.1) | [v3.6.13](https://github.com/traefik/traefik/releases/tag/v3.6.13) | [v1.14.2](https://github.com/coredns/coredns/releases/tag/v1.14.2) | [v0.17.1](https://github.com/k3s-io/helm-controller/releases/tag/v0.17.1) | [v0.0.35](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.35) | | [v1.35.3+k3s1](v1.35.X.md#release-v1353k3s1) | Mar 28 2026| [v1.35.3](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1353) | [v0.14.14](https://github.com/k3s-io/kine/releases/tag/v0.14.14) | [3.51.2](https://sqlite.org/releaselog/3_51_2.html) | [v3.6.7-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.6.7-k3s1) | [v2.2.2-k3s1](https://github.com/k3s-io/containerd/releases/tag/v2.2.2-k3s1) | [v1.4.1](https://github.com/opencontainers/runc/releases/tag/v1.4.1) | [v0.28.2](https://github.com/flannel-io/flannel/releases/tag/v0.28.2) | [v0.8.1](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.8.1) | [v3.6.10](https://github.com/traefik/traefik/releases/tag/v3.6.10) | [v1.14.2](https://github.com/coredns/coredns/releases/tag/v1.14.2) | [v0.16.17](https://github.com/k3s-io/helm-controller/releases/tag/v0.16.17) | [v0.0.35](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.35) | @@ -21,186 +22,209 @@ Before upgrading from earlier releases, be sure to read the Kubernetes [Urgent U
+## Release [v1.35.6+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.35.6+k3s1) + +> [!WARNING] +> This release upgrades Traefik chart to v40.x which includes a breaking change for the ingress-nginx migration: the provider name changes from `kubernetesIngressNginx` to `kubernetesIngressNGINX`. Check https://github.com/traefik/traefik-helm-chart/releases/tag/v40.0.0 for more details + +This release updates Kubernetes to v1.35.6, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#changelog-since-v1355). + +### Changes since v1.35.5+k3s1: + +* Backport GitHub Action SHA pin updates from main [(#14126)](https://github.com/k3s-io/k3s/pull/14126) +* Backports for 2026-06 [(#14152)](https://github.com/k3s-io/k3s/pull/14152) +* Bump v3.7.4 Traefik [(#14194)](https://github.com/k3s-io/k3s/pull/14194) +* More backports for 2026-06 [(#14212)](https://github.com/k3s-io/k3s/pull/14212) +* Testing Backports 2026-06 [(#14214)](https://github.com/k3s-io/k3s/pull/14214) +* Bump klipper-helm for CVE reasons (#14235) [(#14237)](https://github.com/k3s-io/k3s/pull/14237) +* Bump containerd to fix []byte envvar value [(#14241)](https://github.com/k3s-io/k3s/pull/14241) +* Update to v1.35.6-k3s1 and Go 1.25.11 [(#14229)](https://github.com/k3s-io/k3s/pull/14229) +* Bump containerd for 1.35 [(#14251)](https://github.com/k3s-io/k3s/pull/14251) +* Bump cri-api and containerd for upstream env string fix [(#14278)](https://github.com/k3s-io/k3s/pull/14278) + +----- ## Release [v1.35.5+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.35.5+k3s1) - - -This release updates Kubernetes to v1.35.5, and fixes a number of issues. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#changelog-since-v1354). - -### Changes since v1.35.4+k3s1: - -* Backports for 2026-05 [(#14033)](https://github.com/k3s-io/k3s/pull/14033) -* Update rancher/local-path-provisioner image version [(#14043)](https://github.com/k3s-io/k3s/pull/14043) -* Update to v1.35.5-k3s1 and Go 1.25.9 [(#14050)](https://github.com/k3s-io/k3s/pull/14050) -* Bump klipper-helm image tag [(#14056)](https://github.com/k3s-io/k3s/pull/14056) - + + +This release updates Kubernetes to v1.35.5, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#changelog-since-v1354). + +### Changes since v1.35.4+k3s1: + +* Backports for 2026-05 [(#14033)](https://github.com/k3s-io/k3s/pull/14033) +* Update rancher/local-path-provisioner image version [(#14043)](https://github.com/k3s-io/k3s/pull/14043) +* Update to v1.35.5-k3s1 and Go 1.25.9 [(#14050)](https://github.com/k3s-io/k3s/pull/14050) +* Bump klipper-helm image tag [(#14056)](https://github.com/k3s-io/k3s/pull/14056) + ----- ## Release [v1.35.4+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.35.4+k3s1) - - -This release updates Kubernetes to v1.35.4, and fixes a number of issues. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#changelog-since-v1353). - -### Changes since v1.35.3+k3s1: - -* Immutable release changes [(#13901)](https://github.com/k3s-io/k3s/pull/13901) -* Backports for 2026-04 [(#13929)](https://github.com/k3s-io/k3s/pull/13929) -* Bump flannel to v0.28.4 [(#13939)](https://github.com/k3s-io/k3s/pull/13939) -* Bump traefik to 3.6.12 [(#13928)](https://github.com/k3s-io/k3s/pull/13928) -* Update to v1.35.4-k3s1 and Go 1.25.9 [(#13945)](https://github.com/k3s-io/k3s/pull/13945) -* Switch from draft to pre-release [(#13950)](https://github.com/k3s-io/k3s/pull/13950) -* Bump Traefik to 3.6.13 (#13969) [(#13970)](https://github.com/k3s-io/k3s/pull/13970) -* Fix SANs added from comma-separated node-external-ip list [(#13990)](https://github.com/k3s-io/k3s/pull/13990) -* Bump klipper-helm image for revision check fix [(#13996)](https://github.com/k3s-io/k3s/pull/13996) - + + +This release updates Kubernetes to v1.35.4, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#changelog-since-v1353). + +### Changes since v1.35.3+k3s1: + +* Immutable release changes [(#13901)](https://github.com/k3s-io/k3s/pull/13901) +* Backports for 2026-04 [(#13929)](https://github.com/k3s-io/k3s/pull/13929) +* Bump flannel to v0.28.4 [(#13939)](https://github.com/k3s-io/k3s/pull/13939) +* Bump traefik to 3.6.12 [(#13928)](https://github.com/k3s-io/k3s/pull/13928) +* Update to v1.35.4-k3s1 and Go 1.25.9 [(#13945)](https://github.com/k3s-io/k3s/pull/13945) +* Switch from draft to pre-release [(#13950)](https://github.com/k3s-io/k3s/pull/13950) +* Bump Traefik to 3.6.13 (#13969) [(#13970)](https://github.com/k3s-io/k3s/pull/13970) +* Fix SANs added from comma-separated node-external-ip list [(#13990)](https://github.com/k3s-io/k3s/pull/13990) +* Bump klipper-helm image for revision check fix [(#13996)](https://github.com/k3s-io/k3s/pull/13996) + ----- ## Release [v1.35.3+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.35.3+k3s1) - - -This release updates Kubernetes to v1.35.3, and fixes a number of issues. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#changelog-since-v1352). - -### Changes since v1.35.2+k3s1: - -* Bump to coredns 1.14.2 [(#13757)](https://github.com/k3s-io/k3s/pull/13757) -* Save cluster state before reencrypting secrets with newly created key [(#13771)](https://github.com/k3s-io/k3s/pull/13771) -* Backports for 2026-03 [(#13789)](https://github.com/k3s-io/k3s/pull/13789) -* Bump runc to v1.4.1 [(#13797)](https://github.com/k3s-io/k3s/pull/13797) -* Bump Traefik helm chart version [(#13815)](https://github.com/k3s-io/k3s/pull/13815) -* Bump cni plugins to v1.9.1 [(#13822)](https://github.com/k3s-io/k3s/pull/13822) -* Simplify snapshot compress/decompress logic [(#13827)](https://github.com/k3s-io/k3s/pull/13827) -* Update to v1.35.3-k3s1 and Go 1.25.7 [(#13835)](https://github.com/k3s-io/k3s/pull/13835) -* Chore: Update Trivy version in Dockerfile.dapper [(#13851)](https://github.com/k3s-io/k3s/pull/13851) -* Update to flannel v0.28.2 [(#13868)](https://github.com/k3s-io/k3s/pull/13868) - + + +This release updates Kubernetes to v1.35.3, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#changelog-since-v1352). + +### Changes since v1.35.2+k3s1: + +* Bump to coredns 1.14.2 [(#13757)](https://github.com/k3s-io/k3s/pull/13757) +* Save cluster state before reencrypting secrets with newly created key [(#13771)](https://github.com/k3s-io/k3s/pull/13771) +* Backports for 2026-03 [(#13789)](https://github.com/k3s-io/k3s/pull/13789) +* Bump runc to v1.4.1 [(#13797)](https://github.com/k3s-io/k3s/pull/13797) +* Bump Traefik helm chart version [(#13815)](https://github.com/k3s-io/k3s/pull/13815) +* Bump cni plugins to v1.9.1 [(#13822)](https://github.com/k3s-io/k3s/pull/13822) +* Simplify snapshot compress/decompress logic [(#13827)](https://github.com/k3s-io/k3s/pull/13827) +* Update to v1.35.3-k3s1 and Go 1.25.7 [(#13835)](https://github.com/k3s-io/k3s/pull/13835) +* Chore: Update Trivy version in Dockerfile.dapper [(#13851)](https://github.com/k3s-io/k3s/pull/13851) +* Update to flannel v0.28.2 [(#13868)](https://github.com/k3s-io/k3s/pull/13868) + ----- ## Release [v1.35.2+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.35.2+k3s1) - - -This release updates Kubernetes to v1.35.2, and fixes a number of issues. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#changelog-since-v1351). - -### Changes since v1.35.1+k3s1: - -* Rootlesskit Revert + Test Fixes [(#13689)](https://github.com/k3s-io/k3s/pull/13689) -* Backports for 2026-02 BONUS RELEASE [(#13690)](https://github.com/k3s-io/k3s/pull/13690) -* Bump Traefik to v3.6.9 [(#13703)](https://github.com/k3s-io/k3s/pull/13703) -* Update to v1.35.2-k3s1 and Go 1.25.7 [(#13707)](https://github.com/k3s-io/k3s/pull/13707) - + + +This release updates Kubernetes to v1.35.2, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#changelog-since-v1351). + +### Changes since v1.35.1+k3s1: + +* Rootlesskit Revert + Test Fixes [(#13689)](https://github.com/k3s-io/k3s/pull/13689) +* Backports for 2026-02 BONUS RELEASE [(#13690)](https://github.com/k3s-io/k3s/pull/13690) +* Bump Traefik to v3.6.9 [(#13703)](https://github.com/k3s-io/k3s/pull/13703) +* Update to v1.35.2-k3s1 and Go 1.25.7 [(#13707)](https://github.com/k3s-io/k3s/pull/13707) + ----- ## Release [v1.35.1+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.35.1+k3s1) - - -This release updates Kubernetes to v1.35.1, and fixes a number of issues. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#changelog-since-v1350). - -### Changes since v1.35.0+k3s3: - -* Bulk Backports 2026-02 [(#13564)](https://github.com/k3s-io/k3s/pull/13564) -* Explicitly close mvcc backend to fix high CPU on initial etcd server after restart [(#13570)](https://github.com/k3s-io/k3s/pull/13570) -* Backports for 2026-02 [(#13580)](https://github.com/k3s-io/k3s/pull/13580) -* Bump kine for list/watch revision fixes [(#13576)](https://github.com/k3s-io/k3s/pull/13576) -* Fix VPN node IP not being applied to kubelet [(#13560)](https://github.com/k3s-io/k3s/pull/13560) -* Bump to coredns 1.14.1 and metrics-server v0.8.1 [(#13608)](https://github.com/k3s-io/k3s/pull/13608) -* Add registry prefix to image-list file [(#13602)](https://github.com/k3s-io/k3s/pull/13602) -* Bump klipper-helm and klipper-lb images [(#13619)](https://github.com/k3s-io/k3s/pull/13619) -* Fix removal of init node [(#13630)](https://github.com/k3s-io/k3s/pull/13630) -* Update to v1.35.1-k3s1 and Go 1.25.6 [(#13637)](https://github.com/k3s-io/k3s/pull/13637) - + + +This release updates Kubernetes to v1.35.1, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#changelog-since-v1350). + +### Changes since v1.35.0+k3s3: + +* Bulk Backports 2026-02 [(#13564)](https://github.com/k3s-io/k3s/pull/13564) +* Explicitly close mvcc backend to fix high CPU on initial etcd server after restart [(#13570)](https://github.com/k3s-io/k3s/pull/13570) +* Backports for 2026-02 [(#13580)](https://github.com/k3s-io/k3s/pull/13580) +* Bump kine for list/watch revision fixes [(#13576)](https://github.com/k3s-io/k3s/pull/13576) +* Fix VPN node IP not being applied to kubelet [(#13560)](https://github.com/k3s-io/k3s/pull/13560) +* Bump to coredns 1.14.1 and metrics-server v0.8.1 [(#13608)](https://github.com/k3s-io/k3s/pull/13608) +* Add registry prefix to image-list file [(#13602)](https://github.com/k3s-io/k3s/pull/13602) +* Bump klipper-helm and klipper-lb images [(#13619)](https://github.com/k3s-io/k3s/pull/13619) +* Fix removal of init node [(#13630)](https://github.com/k3s-io/k3s/pull/13630) +* Update to v1.35.1-k3s1 and Go 1.25.6 [(#13637)](https://github.com/k3s-io/k3s/pull/13637) + ----- ## Release [v1.35.0+k3s3](https://github.com/k3s-io/k3s/releases/tag/v1.35.0+k3s3) - - -This release updates Kubernetes to v1.35.0, and fixes a number of issues. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#changelog-since-v1350). - -### Changes since v1.35.0+k3s1: - -* Add firewall section to check-config.sh [(#13390)](https://github.com/k3s-io/k3s/pull/13390) -* Expand docker upgrade test, sunset E2E upgrade test [(#13398)](https://github.com/k3s-io/k3s/pull/13398) -* Allow k3s secrets-encrypt enable on existing clusters [(#13403)](https://github.com/k3s-io/k3s/pull/13403) -* Chore: Bump charts - Jan 2025 [(#13420)](https://github.com/k3s-io/k3s/pull/13420) -* Bump local path provisioner to v0.0.34 [(#13426)](https://github.com/k3s-io/k3s/pull/13426) -* Backports for 2026-01 [(#13446)](https://github.com/k3s-io/k3s/pull/13446) -* Bump to coredns 1.14.0 [(#13451)](https://github.com/k3s-io/k3s/pull/13451) -* Update Traefik version to v3.6.7 [(#13484)](https://github.com/k3s-io/k3s/pull/13484) -* Bump etcd to v3.6.7 [(#13497)](https://github.com/k3s-io/k3s/pull/13497) -* Update to v1.35.0-k3s3 [(#13523)](https://github.com/k3s-io/k3s/pull/13523) -* Fix restart of control-plane-only nodes attempting to reconcile from local datastore [(#13535)](https://github.com/k3s-io/k3s/pull/13535) - + + +This release updates Kubernetes to v1.35.0, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#changelog-since-v1350). + +### Changes since v1.35.0+k3s1: + +* Add firewall section to check-config.sh [(#13390)](https://github.com/k3s-io/k3s/pull/13390) +* Expand docker upgrade test, sunset E2E upgrade test [(#13398)](https://github.com/k3s-io/k3s/pull/13398) +* Allow k3s secrets-encrypt enable on existing clusters [(#13403)](https://github.com/k3s-io/k3s/pull/13403) +* Chore: Bump charts - Jan 2025 [(#13420)](https://github.com/k3s-io/k3s/pull/13420) +* Bump local path provisioner to v0.0.34 [(#13426)](https://github.com/k3s-io/k3s/pull/13426) +* Backports for 2026-01 [(#13446)](https://github.com/k3s-io/k3s/pull/13446) +* Bump to coredns 1.14.0 [(#13451)](https://github.com/k3s-io/k3s/pull/13451) +* Update Traefik version to v3.6.7 [(#13484)](https://github.com/k3s-io/k3s/pull/13484) +* Bump etcd to v3.6.7 [(#13497)](https://github.com/k3s-io/k3s/pull/13497) +* Update to v1.35.0-k3s3 [(#13523)](https://github.com/k3s-io/k3s/pull/13523) +* Fix restart of control-plane-only nodes attempting to reconcile from local datastore [(#13535)](https://github.com/k3s-io/k3s/pull/13535) + ----- ## Release [v1.35.0+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.35.0+k3s1) - - -This release updates Kubernetes to v1.35.0, and fixes a number of issues. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#changelog-since-v1340). - -### Changes since v1.34.1+k3s1: - -* Move data dir into position before creating CNI symlinks [(#12871)](https://github.com/k3s-io/k3s/pull/12871) -* Fix netpol fatal error when changing node IP [(#12891)](https://github.com/k3s-io/k3s/pull/12891) -* Bump dynamiclistener for stacked update fix [(#12840)](https://github.com/k3s-io/k3s/pull/12840) -* Remove NetworkManager check for nm-cloud.service [(#12889)](https://github.com/k3s-io/k3s/pull/12889) - * K3s can now deploy with nm-cloud-setup.service -* Improve testing for cis-1.11 [(#12912)](https://github.com/k3s-io/k3s/pull/12912) -* Fix IPv6 handling for loadbalancer addresses [(#12921)](https://github.com/k3s-io/k3s/pull/12921) -* Fix multiple issues with server shutdown sequencing [(#12913)](https://github.com/k3s-io/k3s/pull/12913) -* Fix CLI Help [(#12899)](https://github.com/k3s-io/k3s/pull/12899) -* Fix etcd member promotion [(#12938)](https://github.com/k3s-io/k3s/pull/12938) -* Fix install script raspi cmdline message [(#12842)](https://github.com/k3s-io/k3s/pull/12842) - * Updated error message for memory cgroup detection to reference the correct `cmdline.txt` location (`/boot/firmware/cmdline.txt`) on Raspberry Pi running Raspberry Pi OS Bookworm or later. -* Inclusive naming proposal (issue: #12110, Orlin Vasiliev) [(#12383)](https://github.com/k3s-io/k3s/pull/12383) -* Bump spegel to v0.4.0 [(#12943)](https://github.com/k3s-io/k3s/pull/12943) -* Fix kine metrics registration without --kine-tls [(#12956)](https://github.com/k3s-io/k3s/pull/12956) -* Bump traefik to 3.5.1 [(#12948)](https://github.com/k3s-io/k3s/pull/12948) -* Fix: default forward after override imports [(#12980)](https://github.com/k3s-io/k3s/pull/12980) -* Fix handling of vendored dependencies in version script [(#12993)](https://github.com/k3s-io/k3s/pull/12993) -* Fix helm controller apiserver address for bootstrap charts on ipv6-only nodes [(#12990)](https://github.com/k3s-io/k3s/pull/12990) -* Create dynamic-cert-regenerate file in CA cert rotation handler [(#12978)](https://github.com/k3s-io/k3s/pull/12978) -* Fix ability to rotate server token to an invalid format [(#12989)](https://github.com/k3s-io/k3s/pull/12989) -* Drop calls to rand.Seed [(#13014)](https://github.com/k3s-io/k3s/pull/13014) -* Create policy hint only when all variables defined [(#12851)](https://github.com/k3s-io/k3s/pull/12851) -* Bump coredns to 1.13.1 [(#12976)](https://github.com/k3s-io/k3s/pull/12976) -* Cleanup wording and decisions on various ADRs [(#13068)](https://github.com/k3s-io/k3s/pull/13068) -* Postgresql nightly [(#13069)](https://github.com/k3s-io/k3s/pull/13069) -* Rootless ports: add support for udp [(#13073)](https://github.com/k3s-io/k3s/pull/13073) -* Update dispatch script [(#13079)](https://github.com/k3s-io/k3s/pull/13079) -* Add docker dualstack test [(#13070)](https://github.com/k3s-io/k3s/pull/13070) -* Fix invalid replaced versions [(#13089)](https://github.com/k3s-io/k3s/pull/13089) -* Fix multiple issues with node controller and password secret cleanup [(#13095)](https://github.com/k3s-io/k3s/pull/13095) -* Don't look at head for upgrade channel [(#13130)](https://github.com/k3s-io/k3s/pull/13130) -* Bump remotedialer to fix deadlock on connection close [(#13150)](https://github.com/k3s-io/k3s/pull/13150) -* Bump containerd to v2.1.5 [(#13162)](https://github.com/k3s-io/k3s/pull/13162) -* Fix adding OwnerReferences to Nodes seen from initial list [(#13164)](https://github.com/k3s-io/k3s/pull/13164) -* Add Prime assets upload [(#13160)](https://github.com/k3s-io/k3s/pull/13160) -* Fix apiserver starting before remote etcd is up [(#13165)](https://github.com/k3s-io/k3s/pull/13165) -* Fix tailscale setup in case of an already running configuration [(#13106)](https://github.com/k3s-io/k3s/pull/13106) -* Bump klipper-helm and helm-controller [(#13187)](https://github.com/k3s-io/k3s/pull/13187) -* Update to v1.34.2-k3s1 and Go 1.24.9 [(#13204)](https://github.com/k3s-io/k3s/pull/13204) -* Fix windows build os [(#13201)](https://github.com/k3s-io/k3s/pull/13201) -* Tunnel: handle pod IP reuse [(#13212)](https://github.com/k3s-io/k3s/pull/13212) - * Fix for clusters with few nodes and a lot of pod churn when webhooks are accessed using egress-selector -* Fix spegel sharing of imported images [(#13221)](https://github.com/k3s-io/k3s/pull/13221) -* Bump opencontainers/selinux [(#13253)](https://github.com/k3s-io/k3s/pull/13253) -* Remove remaining references to drone [(#13254)](https://github.com/k3s-io/k3s/pull/13254) -* Update busybox image version to 1.37.0 [(#13237)](https://github.com/k3s-io/k3s/pull/13237) -* Consolidate test util functions [(#13281)](https://github.com/k3s-io/k3s/pull/13281) -* Define DefaultHelmJobImage in K3s, overriding what helm-controller defaults to. [(#13258)](https://github.com/k3s-io/k3s/pull/13258) -* Reorganize Executor interface to make CNI startup part of Executor implementation [(#13262)](https://github.com/k3s-io/k3s/pull/13262) -* Bump kine and etcd [(#13297)](https://github.com/k3s-io/k3s/pull/13297) -* Bump runc to v1.4.0 [(#13298)](https://github.com/k3s-io/k3s/pull/13298) -* Bump kube-router to v2.6.3-k3s1 [(#13304)](https://github.com/k3s-io/k3s/pull/13304) -* Fix cross-platform image save [(#13311)](https://github.com/k3s-io/k3s/pull/13311) -* Bump kine to v0.14.9 [(#13314)](https://github.com/k3s-io/k3s/pull/13314) -* Override DefaultHelmJob at build time [(#13351)](https://github.com/k3s-io/k3s/pull/13351) -* Fix arm airgap platforms [(#13330)](https://github.com/k3s-io/k3s/pull/13330) -* Update to kubernetes v1.35.0 and golang v1.25.5 [(#13334)](https://github.com/k3s-io/k3s/pull/13334) - + + +This release updates Kubernetes to v1.35.0, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#changelog-since-v1340). + +### Changes since v1.34.1+k3s1: + +* Move data dir into position before creating CNI symlinks [(#12871)](https://github.com/k3s-io/k3s/pull/12871) +* Fix netpol fatal error when changing node IP [(#12891)](https://github.com/k3s-io/k3s/pull/12891) +* Bump dynamiclistener for stacked update fix [(#12840)](https://github.com/k3s-io/k3s/pull/12840) +* Remove NetworkManager check for nm-cloud.service [(#12889)](https://github.com/k3s-io/k3s/pull/12889) + * K3s can now deploy with nm-cloud-setup.service +* Improve testing for cis-1.11 [(#12912)](https://github.com/k3s-io/k3s/pull/12912) +* Fix IPv6 handling for loadbalancer addresses [(#12921)](https://github.com/k3s-io/k3s/pull/12921) +* Fix multiple issues with server shutdown sequencing [(#12913)](https://github.com/k3s-io/k3s/pull/12913) +* Fix CLI Help [(#12899)](https://github.com/k3s-io/k3s/pull/12899) +* Fix etcd member promotion [(#12938)](https://github.com/k3s-io/k3s/pull/12938) +* Fix install script raspi cmdline message [(#12842)](https://github.com/k3s-io/k3s/pull/12842) + * Updated error message for memory cgroup detection to reference the correct `cmdline.txt` location (`/boot/firmware/cmdline.txt`) on Raspberry Pi running Raspberry Pi OS Bookworm or later. +* Inclusive naming proposal (issue: #12110, Orlin Vasiliev) [(#12383)](https://github.com/k3s-io/k3s/pull/12383) +* Bump spegel to v0.4.0 [(#12943)](https://github.com/k3s-io/k3s/pull/12943) +* Fix kine metrics registration without --kine-tls [(#12956)](https://github.com/k3s-io/k3s/pull/12956) +* Bump traefik to 3.5.1 [(#12948)](https://github.com/k3s-io/k3s/pull/12948) +* Fix: default forward after override imports [(#12980)](https://github.com/k3s-io/k3s/pull/12980) +* Fix handling of vendored dependencies in version script [(#12993)](https://github.com/k3s-io/k3s/pull/12993) +* Fix helm controller apiserver address for bootstrap charts on ipv6-only nodes [(#12990)](https://github.com/k3s-io/k3s/pull/12990) +* Create dynamic-cert-regenerate file in CA cert rotation handler [(#12978)](https://github.com/k3s-io/k3s/pull/12978) +* Fix ability to rotate server token to an invalid format [(#12989)](https://github.com/k3s-io/k3s/pull/12989) +* Drop calls to rand.Seed [(#13014)](https://github.com/k3s-io/k3s/pull/13014) +* Create policy hint only when all variables defined [(#12851)](https://github.com/k3s-io/k3s/pull/12851) +* Bump coredns to 1.13.1 [(#12976)](https://github.com/k3s-io/k3s/pull/12976) +* Cleanup wording and decisions on various ADRs [(#13068)](https://github.com/k3s-io/k3s/pull/13068) +* Postgresql nightly [(#13069)](https://github.com/k3s-io/k3s/pull/13069) +* Rootless ports: add support for udp [(#13073)](https://github.com/k3s-io/k3s/pull/13073) +* Update dispatch script [(#13079)](https://github.com/k3s-io/k3s/pull/13079) +* Add docker dualstack test [(#13070)](https://github.com/k3s-io/k3s/pull/13070) +* Fix invalid replaced versions [(#13089)](https://github.com/k3s-io/k3s/pull/13089) +* Fix multiple issues with node controller and password secret cleanup [(#13095)](https://github.com/k3s-io/k3s/pull/13095) +* Don't look at head for upgrade channel [(#13130)](https://github.com/k3s-io/k3s/pull/13130) +* Bump remotedialer to fix deadlock on connection close [(#13150)](https://github.com/k3s-io/k3s/pull/13150) +* Bump containerd to v2.1.5 [(#13162)](https://github.com/k3s-io/k3s/pull/13162) +* Fix adding OwnerReferences to Nodes seen from initial list [(#13164)](https://github.com/k3s-io/k3s/pull/13164) +* Add Prime assets upload [(#13160)](https://github.com/k3s-io/k3s/pull/13160) +* Fix apiserver starting before remote etcd is up [(#13165)](https://github.com/k3s-io/k3s/pull/13165) +* Fix tailscale setup in case of an already running configuration [(#13106)](https://github.com/k3s-io/k3s/pull/13106) +* Bump klipper-helm and helm-controller [(#13187)](https://github.com/k3s-io/k3s/pull/13187) +* Update to v1.34.2-k3s1 and Go 1.24.9 [(#13204)](https://github.com/k3s-io/k3s/pull/13204) +* Fix windows build os [(#13201)](https://github.com/k3s-io/k3s/pull/13201) +* Tunnel: handle pod IP reuse [(#13212)](https://github.com/k3s-io/k3s/pull/13212) + * Fix for clusters with few nodes and a lot of pod churn when webhooks are accessed using egress-selector +* Fix spegel sharing of imported images [(#13221)](https://github.com/k3s-io/k3s/pull/13221) +* Bump opencontainers/selinux [(#13253)](https://github.com/k3s-io/k3s/pull/13253) +* Remove remaining references to drone [(#13254)](https://github.com/k3s-io/k3s/pull/13254) +* Update busybox image version to 1.37.0 [(#13237)](https://github.com/k3s-io/k3s/pull/13237) +* Consolidate test util functions [(#13281)](https://github.com/k3s-io/k3s/pull/13281) +* Define DefaultHelmJobImage in K3s, overriding what helm-controller defaults to. [(#13258)](https://github.com/k3s-io/k3s/pull/13258) +* Reorganize Executor interface to make CNI startup part of Executor implementation [(#13262)](https://github.com/k3s-io/k3s/pull/13262) +* Bump kine and etcd [(#13297)](https://github.com/k3s-io/k3s/pull/13297) +* Bump runc to v1.4.0 [(#13298)](https://github.com/k3s-io/k3s/pull/13298) +* Bump kube-router to v2.6.3-k3s1 [(#13304)](https://github.com/k3s-io/k3s/pull/13304) +* Fix cross-platform image save [(#13311)](https://github.com/k3s-io/k3s/pull/13311) +* Bump kine to v0.14.9 [(#13314)](https://github.com/k3s-io/k3s/pull/13314) +* Override DefaultHelmJob at build time [(#13351)](https://github.com/k3s-io/k3s/pull/13351) +* Fix arm airgap platforms [(#13330)](https://github.com/k3s-io/k3s/pull/13330) +* Update to kubernetes v1.35.0 and golang v1.25.5 [(#13334)](https://github.com/k3s-io/k3s/pull/13334) + ----- diff --git a/docs/release-notes/v1.36.X.md b/docs/release-notes/v1.36.X.md index e8f1bf900..29b556e84 100644 --- a/docs/release-notes/v1.36.X.md +++ b/docs/release-notes/v1.36.X.md @@ -11,60 +11,84 @@ Before upgrading from earlier releases, be sure to read the Kubernetes [Urgent U | Version | Release date | Kubernetes | Kine | SQLite | Etcd | Containerd | Runc | Flannel | Metrics-server | Traefik | CoreDNS | Helm-controller | Local-path-provisioner | | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | +| [v1.36.2+k3s1](v1.36.X.md#release-v1362k3s1) | Jun 24 2026| [v1.36.2](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1362) | [v0.16.1](https://github.com/k3s-io/kine/releases/tag/v0.16.1) | [3.53.0](https://sqlite.org/releaselog/3_53_0.html) | [v3.6.12-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.6.12-k3s1) | [v2.3.2-k3s2](https://github.com/k3s-io/containerd/releases/tag/v2.3.2-k3s2) | [v1.4.2](https://github.com/opencontainers/runc/releases/tag/v1.4.2) | [v0.28.4](https://github.com/flannel-io/flannel/releases/tag/v0.28.4) | [v0.8.1](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.8.1) | [v3.7.4](https://github.com/traefik/traefik/releases/tag/v3.7.4) | [v1.14.4](https://github.com/coredns/coredns/releases/tag/v1.14.4) | [v0.17.1](https://github.com/k3s-io/helm-controller/releases/tag/v0.17.1) | [v0.0.36](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.36) | | [v1.36.1+k3s1](v1.36.X.md#release-v1361k3s1) | May 20 2026| [v1.36.1](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1361) | [v0.15.0](https://github.com/k3s-io/kine/releases/tag/v0.15.0) | [3.53.0](https://sqlite.org/releaselog/3_53_0.html) | [v3.6.7-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.6.7-k3s1) | [v2.2.3-k3s1](https://github.com/k3s-io/containerd/releases/tag/v2.2.3-k3s1) | [v1.4.2](https://github.com/opencontainers/runc/releases/tag/v1.4.2) | [v0.28.4](https://github.com/flannel-io/flannel/releases/tag/v0.28.4) | [v0.8.1](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.8.1) | [v3.6.13](https://github.com/traefik/traefik/releases/tag/v3.6.13) | [v1.14.3](https://github.com/coredns/coredns/releases/tag/v1.14.3) | [v0.17.1](https://github.com/k3s-io/helm-controller/releases/tag/v0.17.1) | [v0.0.36](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.36) | | [v1.36.0+k3s1](v1.36.X.md#release-v1360k3s1) | May 06 2026| [v1.36.0](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360) | [v0.14.16](https://github.com/k3s-io/kine/releases/tag/v0.14.16) | [3.51.3](https://sqlite.org/releaselog/3_51_3.html) | [v3.6.7-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.6.7-k3s1) | [v2.2.3-k3s1](https://github.com/k3s-io/containerd/releases/tag/v2.2.3-k3s1) | [v1.4.2](https://github.com/opencontainers/runc/releases/tag/v1.4.2) | [v0.28.4](https://github.com/flannel-io/flannel/releases/tag/v0.28.4) | [v0.8.1](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.8.1) | [v3.6.13](https://github.com/traefik/traefik/releases/tag/v3.6.13) | [v1.14.2](https://github.com/coredns/coredns/releases/tag/v1.14.2) | [v0.17.1](https://github.com/k3s-io/helm-controller/releases/tag/v0.17.1) | [v0.0.35](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.35) |
+## Release [v1.36.2+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.36.2+k3s1) + +> [!WARNING] +> This release upgrades Traefik chart to v40.x which includes a breaking change for the ingress-nginx migration: the provider name changes from `kubernetesIngressNginx` to `kubernetesIngressNGINX`. Check https://github.com/traefik/traefik-helm-chart/releases/tag/v40.0.0 for more details + +This release updates Kubernetes to v1.36.2, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#changelog-since-v1361). + +### Changes since v1.36.1+k3s1: + +* Backport GitHub Action SHA pin updates from main [(#14127)](https://github.com/k3s-io/k3s/pull/14127) +* Backports for 2026-06 [(#14151)](https://github.com/k3s-io/k3s/pull/14151) +* Bump v3.7.4 Traefik [(#14193)](https://github.com/k3s-io/k3s/pull/14193) +* More backports for 2026-06 [(#14211)](https://github.com/k3s-io/k3s/pull/14211) +* Testing Backports 2026-06 [(#14213)](https://github.com/k3s-io/k3s/pull/14213) +* Bump klipper-helm for CVE reasons (#14235) [(#14236)](https://github.com/k3s-io/k3s/pull/14236) +* Bump containerd with the fix for []byte [(#14243)](https://github.com/k3s-io/k3s/pull/14243) +* Update to v1.36.2-k3s1 and Go 1.26.4 [(#14230)](https://github.com/k3s-io/k3s/pull/14230) +* Bump containerd to v2.3.2-k3s1 [(#14254)](https://github.com/k3s-io/k3s/pull/14254) +* Bump cri-api and containerd for upstream env string fix [(#14277)](https://github.com/k3s-io/k3s/pull/14277) + +----- ## Release [v1.36.1+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.36.1+k3s1) - - -This release updates Kubernetes to v1.36.1, and fixes a number of issues. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#changelog-since-v1360). - -### Changes since v1.36.0+k3s1: - -* Backports for 2026-05 [(#14032)](https://github.com/k3s-io/k3s/pull/14032) -* Update rancher/local-path-provisioner image version [(#14042)](https://github.com/k3s-io/k3s/pull/14042) -* Update to v1.36.1-k3s1 and Go 1.26.2 [(#14051)](https://github.com/k3s-io/k3s/pull/14051) -* Bump klipper-helm image tag [(#14055)](https://github.com/k3s-io/k3s/pull/14055) - + + +This release updates Kubernetes to v1.36.1, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#changelog-since-v1360). + +### Changes since v1.36.0+k3s1: + +* Backports for 2026-05 [(#14032)](https://github.com/k3s-io/k3s/pull/14032) +* Update rancher/local-path-provisioner image version [(#14042)](https://github.com/k3s-io/k3s/pull/14042) +* Update to v1.36.1-k3s1 and Go 1.26.2 [(#14051)](https://github.com/k3s-io/k3s/pull/14051) +* Bump klipper-helm image tag [(#14055)](https://github.com/k3s-io/k3s/pull/14055) + ----- ## Release [v1.36.0+k3s1](https://github.com/k3s-io/k3s/releases/tag/v1.36.0+k3s1) - - -This release updates Kubernetes to v1.36.0, and fixes a number of issues. - -For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#changelog-since-v1350). - -### Changes since v1.35.3+k3s1: - -* Add sipgate to the list of adopters [(#13881)](https://github.com/k3s-io/k3s/pull/13881) -* Add Rocket Technologies to the list of adopters [(#13890)](https://github.com/k3s-io/k3s/pull/13890) -* Make Dockerfile.test more secure [(#13882)](https://github.com/k3s-io/k3s/pull/13882) -* Make tests/integration/Dockerfile.test more secure [(#13883)](https://github.com/k3s-io/k3s/pull/13883) -* Secure the e2e yaml GHA [(#13885)](https://github.com/k3s-io/k3s/pull/13885) -* Pin govulncheck GHA version [(#13887)](https://github.com/k3s-io/k3s/pull/13887) -* Verify sha256sum for kubelet, vagrant zip and go binary [(#13889)](https://github.com/k3s-io/k3s/pull/13889) -* Check the k3s-root sha256sum [(#13888)](https://github.com/k3s-io/k3s/pull/13888) -* Fix reproducibility of embedded data tarball [(#13875)](https://github.com/k3s-io/k3s/pull/13875) -* Fix S3 test to account for change to s3mock [(#13906)](https://github.com/k3s-io/k3s/pull/13906) -* Bump runc/spegel/helm-controller/kine [(#13909)](https://github.com/k3s-io/k3s/pull/13909) - * Bump runc to v1.4.2 - * Bump spegel to v0.6.0-k3s2 - * Bump helm-controller to v0.17.1 - * Bump kine to v0.14.16 -* Fix embedded executor VPN config injection [(#13920)](https://github.com/k3s-io/k3s/pull/13920) -* Bump containerd to v2.2.3 [(#13931)](https://github.com/k3s-io/k3s/pull/13931) -* Bump flannel to v0.28.4 [(#13937)](https://github.com/k3s-io/k3s/pull/13937) -* Immutable release changes [(#13902)](https://github.com/k3s-io/k3s/pull/13902) -* Bump Traefik to 3.6.13 [(#13969)](https://github.com/k3s-io/k3s/pull/13969) -* Switch from draft to pre-release [(#13951)](https://github.com/k3s-io/k3s/pull/13951) -* Fix SANs added from comma-separated node-external-ip list [(#13989)](https://github.com/k3s-io/k3s/pull/13989) -* Fix docker dualstack test [(#13994)](https://github.com/k3s-io/k3s/pull/13994) -* Bump klipper-helm image for revision check fix [(#13995)](https://github.com/k3s-io/k3s/pull/13995) -* Bump upstream to v1.36 [(#13986)](https://github.com/k3s-io/k3s/pull/13986) -* Fix kubectl exec when using docker [(#14021)](https://github.com/k3s-io/k3s/pull/14021) - + + +This release updates Kubernetes to v1.36.0, and fixes a number of issues. + +For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#changelog-since-v1350). + +### Changes since v1.35.3+k3s1: + +* Add sipgate to the list of adopters [(#13881)](https://github.com/k3s-io/k3s/pull/13881) +* Add Rocket Technologies to the list of adopters [(#13890)](https://github.com/k3s-io/k3s/pull/13890) +* Make Dockerfile.test more secure [(#13882)](https://github.com/k3s-io/k3s/pull/13882) +* Make tests/integration/Dockerfile.test more secure [(#13883)](https://github.com/k3s-io/k3s/pull/13883) +* Secure the e2e yaml GHA [(#13885)](https://github.com/k3s-io/k3s/pull/13885) +* Pin govulncheck GHA version [(#13887)](https://github.com/k3s-io/k3s/pull/13887) +* Verify sha256sum for kubelet, vagrant zip and go binary [(#13889)](https://github.com/k3s-io/k3s/pull/13889) +* Check the k3s-root sha256sum [(#13888)](https://github.com/k3s-io/k3s/pull/13888) +* Fix reproducibility of embedded data tarball [(#13875)](https://github.com/k3s-io/k3s/pull/13875) +* Fix S3 test to account for change to s3mock [(#13906)](https://github.com/k3s-io/k3s/pull/13906) +* Bump runc/spegel/helm-controller/kine [(#13909)](https://github.com/k3s-io/k3s/pull/13909) + * Bump runc to v1.4.2 + * Bump spegel to v0.6.0-k3s2 + * Bump helm-controller to v0.17.1 + * Bump kine to v0.14.16 +* Fix embedded executor VPN config injection [(#13920)](https://github.com/k3s-io/k3s/pull/13920) +* Bump containerd to v2.2.3 [(#13931)](https://github.com/k3s-io/k3s/pull/13931) +* Bump flannel to v0.28.4 [(#13937)](https://github.com/k3s-io/k3s/pull/13937) +* Immutable release changes [(#13902)](https://github.com/k3s-io/k3s/pull/13902) +* Bump Traefik to 3.6.13 [(#13969)](https://github.com/k3s-io/k3s/pull/13969) +* Switch from draft to pre-release [(#13951)](https://github.com/k3s-io/k3s/pull/13951) +* Fix SANs added from comma-separated node-external-ip list [(#13989)](https://github.com/k3s-io/k3s/pull/13989) +* Fix docker dualstack test [(#13994)](https://github.com/k3s-io/k3s/pull/13994) +* Bump klipper-helm image for revision check fix [(#13995)](https://github.com/k3s-io/k3s/pull/13995) +* Bump upstream to v1.36 [(#13986)](https://github.com/k3s-io/k3s/pull/13986) +* Fix kubectl exec when using docker [(#14021)](https://github.com/k3s-io/k3s/pull/14021) + -----