Page Not Found
We could not find what you were looking for.
Please contact the owner of the site that linked you to the original URL and let them know their link is broken.
We could not find what you were looking for.
Please contact the owner of the site that linked you to the original URL and let them know their link is broken.
wireguard or ipsec to wireguard-native",id:"migrating-from-wireguard-or-ipsec-to-wireguard-native",level:3},{value:"Custom CNI",id:"custom-cni",level:2},{value:"Control-Plane Egress Selector configuration",id:"control-plane-egress-selector-configuration",level:2},{value:"Dual-stack (IPv4 + IPv6) Networking",id:"dual-stack-ipv4--ipv6-networking",level:2},{value:"Single-stack IPv6 Networking",id:"single-stack-ipv6-networking",level:2},{value:"Nodes Without a Hostname",id:"nodes-without-a-hostname",level:2}];function c(e){const n={a:"a",admonition:"admonition",br:"br",code:"code",h2:"h2",h3:"h3",li:"li",ol:"ol",p:"p",pre:"pre",strong:"strong",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",ul:"ul",...(0,t.a)(),...e.components},{TabItem:i,Tabs:r}=n;return i||u("TabItem",!0),r||u("Tabs",!0),(0,s.jsxs)(s.Fragment,{children:[(0,s.jsx)(n.p,{children:"This page describes K3s network configuration options, including configuration or replacement of Flannel, and configuring IPv6 or dualStack."}),"\n",(0,s.jsx)(n.h2,{id:"flannel-options",children:"Flannel Options"}),"\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.a,{href:"https://github.com/flannel-io/flannel/blob/master/README.md",children:"Flannel"})," is a lightweight provider of layer 3 network fabric that implements the Kubernetes Container Network Interface (CNI). It is what is commonly referred to as a CNI Plugin."]}),"\n",(0,s.jsxs)(n.ul,{children:["\n",(0,s.jsx)(n.li,{children:"Flannel options can only be set on server nodes, and must be identical on all servers in the cluster."}),"\n",(0,s.jsxs)(n.li,{children:["The default backend for Flannel is ",(0,s.jsx)(n.code,{children:"vxlan"}),". To enable encryption, use the ",(0,s.jsx)(n.code,{children:"wireguard-native"})," backend."]}),"\n",(0,s.jsxs)(n.li,{children:["Using ",(0,s.jsx)(n.code,{children:"vxlan"})," on Rasperry Pi with recent versions of Ubuntu requires ",(0,s.jsx)(n.a,{href:"/installation/requirements?os=pi#operating-systems",children:"additional preparation"}),"."]}),"\n",(0,s.jsxs)(n.li,{children:["Using ",(0,s.jsx)(n.code,{children:"wireguard-native"})," as the Flannel backend may require additional modules on some Linux distributions. Please see the ",(0,s.jsx)(n.a,{href:"https://www.wireguard.com/install/",children:"WireGuard Install Guide"})," for details.\nThe WireGuard install steps will ensure the appropriate kernel modules are installed for your operating system.\nYou must ensure that WireGuard kernel modules are available on every node, both servers and agents, before attempting to use the WireGuard Flannel backend."]}),"\n"]}),"\n",(0,s.jsxs)(n.table,{children:[(0,s.jsx)(n.thead,{children:(0,s.jsxs)(n.tr,{children:[(0,s.jsx)(n.th,{children:"CLI Flag and Value"}),(0,s.jsx)(n.th,{children:"Description"})]})}),(0,s.jsxs)(n.tbody,{children:[(0,s.jsxs)(n.tr,{children:[(0,s.jsx)(n.td,{children:(0,s.jsx)(n.code,{children:"--flannel-ipv6-masq"})}),(0,s.jsxs)(n.td,{children:["Apply masquerading rules to IPv6 traffic (default for IPv4). Only applies on dual-stack or IPv6-only clusters. Compatible with any Flannel backend other than ",(0,s.jsx)(n.code,{children:"none"}),"."]})]}),(0,s.jsxs)(n.tr,{children:[(0,s.jsx)(n.td,{children:(0,s.jsx)(n.code,{children:"--flannel-external-ip"})}),(0,s.jsx)(n.td,{children:"Use node external IP addresses as the destination for Flannel traffic, instead of internal IPs. Only applies when --node-external-ip is set on a node."})]}),(0,s.jsxs)(n.tr,{children:[(0,s.jsx)(n.td,{children:(0,s.jsx)(n.code,{children:"--flannel-backend=vxlan"})}),(0,s.jsx)(n.td,{children:"Use VXLAN to encapsulate the packets. May require additional kernel modules on Raspberry Pi."})]}),(0,s.jsxs)(n.tr,{children:[(0,s.jsx)(n.td,{children:(0,s.jsx)(n.code,{children:"--flannel-backend=host-gw"})}),(0,s.jsx)(n.td,{children:"Use IP routes to pod subnets via node IPs. Requires direct layer 2 connectivity between all nodes in the cluster."})]}),(0,s.jsxs)(n.tr,{children:[(0,s.jsx)(n.td,{children:(0,s.jsx)(n.code,{children:"--flannel-backend=wireguard-native"})}),(0,s.jsx)(n.td,{children:"Use WireGuard to encapsulate and encrypt network traffic. May require additional kernel modules."})]}),(0,s.jsxs)(n.tr,{children:[(0,s.jsx)(n.td,{children:(0,s.jsx)(n.code,{children:"--flannel-backend=ipsec"})}),(0,s.jsxs)(n.td,{children:["Use strongSwan IPSec via the ",(0,s.jsx)(n.code,{children:"swanctl"})," binary to encrypt network traffic. (Deprecated; will be removed in v1.27.0)"]})]}),(0,s.jsxs)(n.tr,{children:[(0,s.jsx)(n.td,{children:(0,s.jsx)(n.code,{children:"--flannel-backend=none"})}),(0,s.jsx)(n.td,{children:"Disable Flannel entirely."})]})]})]}),"\n",(0,s.jsx)(n.admonition,{title:"Version Gate",type:"info",children:(0,s.jsxs)(n.p,{children:["K3s no longer includes strongSwan ",(0,s.jsx)(n.code,{children:"swanctl"})," and ",(0,s.jsx)(n.code,{children:"charon"})," binaries starting with the 2022-12 releases (v1.26.0+k3s1, v1.25.5+k3s1, v1.24.9+k3s1, v1.23.15+k3s1). Please install the correct packages on your node before upgrading to or installing these releases if you want to use the ",(0,s.jsx)(n.code,{children:"ipsec"})," backend."]})}),"\n",(0,s.jsxs)(n.h3,{id:"migrating-from-wireguard-or-ipsec-to-wireguard-native",children:["Migrating from ",(0,s.jsx)(n.code,{children:"wireguard"})," or ",(0,s.jsx)(n.code,{children:"ipsec"})," to ",(0,s.jsx)(n.code,{children:"wireguard-native"})]}),"\n",(0,s.jsxs)(n.p,{children:["The legacy ",(0,s.jsx)(n.code,{children:"wireguard"})," backend requires installation of the ",(0,s.jsx)(n.code,{children:"wg"})," tool on the host. This backend is not available in K3s v1.26 and higher, in favor of ",(0,s.jsx)(n.code,{children:"wireguard-native"})," backend, which directly interfaces with the kernel."]}),"\n",(0,s.jsxs)(n.p,{children:["The legacy ",(0,s.jsx)(n.code,{children:"ipsec"})," backend requires installation of the ",(0,s.jsx)(n.code,{children:"swanctl"})," and ",(0,s.jsx)(n.code,{children:"charon"})," binaries on the host. This backend is not available in K3s v1.27 and higher, in favor of the ",(0,s.jsx)(n.code,{children:"wireguard-native"})," backend."]}),"\n",(0,s.jsx)(n.p,{children:"We recommend that users migrate to the new backend as soon as possible. The migration requires a short period of downtime while nodes come up with the new configuration. You should follow these two steps:"}),"\n",(0,s.jsxs)(n.ol,{children:["\n",(0,s.jsxs)(n.li,{children:["Update the K3s config on all server nodes. If using config files, the ",(0,s.jsx)(n.code,{children:"/etc/rancher/k3s/config.yaml"})," should include ",(0,s.jsx)(n.code,{children:"flannel-backend: wireguard-native"})," instead of ",(0,s.jsx)(n.code,{children:"flannel-backend: wireguard"})," or ",(0,s.jsx)(n.code,{children:"flannel-backend: ipsec"}),". If you are configuring K3s via CLI flags in the systemd unit, the equivalent flags should be changed."]}),"\n",(0,s.jsx)(n.li,{children:"Reboot all nodes, starting with the servers."}),"\n"]}),"\n",(0,s.jsx)(n.h2,{id:"custom-cni",children:"Custom CNI"}),"\n",(0,s.jsxs)(n.p,{children:["Start K3s with ",(0,s.jsx)(n.code,{children:"--flannel-backend=none"})," and install your CNI of choice. Most CNI plugins come with their own network policy engine, so it is recommended to set ",(0,s.jsx)(n.code,{children:"--disable-network-policy"})," as well to avoid conflicts. Some important information to take into consideration:"]}),"\n",(0,s.jsxs)(r,{queryString:"cni",children:[(0,s.jsxs)(i,{value:"Canal",default:!0,children:[(0,s.jsxs)(n.p,{children:["Visit the ",(0,s.jsx)(n.a,{href:"https://docs.tigera.io/calico/latest/getting-started/kubernetes/flannel/install-for-flannel#installing-calico-for-policy-and-flannel-aka-canal-for-networking",children:"Canal Docs"})," website. Follow the steps to install Canal. Modify the Canal YAML so that IP forwarding is allowed in the ",(0,s.jsx)(n.code,{children:"container_settings"})," section, for example:"]}),(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-yaml",children:'"container_settings": {\n "allow_ip_forwarding": true\n}\n'})}),(0,s.jsx)(n.p,{children:"Apply the Canal YAML."}),(0,s.jsx)(n.p,{children:"Ensure the settings were applied by running the following command on the host:"}),(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"cat /etc/cni/net.d/10-canal.conflist\n"})}),(0,s.jsx)(n.p,{children:"You should see that IP forwarding is set to true."})]}),(0,s.jsxs)(i,{value:"Calico",default:!0,children:[(0,s.jsxs)(n.p,{children:["Follow the ",(0,s.jsx)(n.a,{href:"https://docs.tigera.io/calico/latest/reference/configure-cni-plugins",children:"Calico CNI Plugins Guide"}),". Modify the Calico YAML so that IP forwarding is allowed in the ",(0,s.jsx)(n.code,{children:"container_settings"})," section, for example:"]}),(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-yaml",children:'"container_settings": {\n "allow_ip_forwarding": true\n}\n'})}),(0,s.jsx)(n.p,{children:"Apply the Calico YAML."}),(0,s.jsx)(n.p,{children:"Ensure the settings were applied by running the following command on the host:"}),(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"cat /etc/cni/net.d/10-calico.conflist\n"})}),(0,s.jsx)(n.p,{children:"You should see that IP forwarding is set to true."})]}),(0,s.jsxs)(i,{value:"Cilium",default:!0,children:[(0,s.jsxs)(n.p,{children:["Before running ",(0,s.jsx)(n.code,{children:"k3s-killall.sh"})," or ",(0,s.jsx)(n.code,{children:"k3s-uninstall.sh"}),", you must manually remove ",(0,s.jsx)(n.code,{children:"cilium_host"}),", ",(0,s.jsx)(n.code,{children:"cilium_net"})," and ",(0,s.jsx)(n.code,{children:"cilium_vxlan"})," interfaces. If you fail to do this, you may lose network connectivity to the host when K3s is stopped"]}),(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"ip link delete cilium_host\nip link delete cilium_net\nip link delete cilium_vxlan\n"})}),(0,s.jsx)(n.p,{children:"Additionally, iptables rules for cilium should be removed:"}),(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"iptables-save | grep -iv cilium | iptables-restore\nip6tables-save | grep -iv cilium | ip6tables-restore\n"})})]})]}),"\n",(0,s.jsx)(n.h2,{id:"control-plane-egress-selector-configuration",children:"Control-Plane Egress Selector configuration"}),"\n",(0,s.jsxs)(n.p,{children:["K3s agents and servers maintain websocket tunnels between nodes that are used to encapsulate bidirectional communication between the control-plane (apiserver) and agent (kubelet and containerd) components.\nThis allows agents to operate without exposing the kubelet and container runtime streaming ports to incoming connections, and for the control-plane to connect to cluster services when operating with the agent disabled.\nThis functionality is equivalent to the ",(0,s.jsx)(n.a,{href:"https://kubernetes.io/docs/tasks/extend-kubernetes/setup-konnectivity/",children:"Konnectivity"})," service commonly used on other Kubernetes distributions, and is managed via the apiserver's egress selector configuration."]}),"\n",(0,s.jsxs)(n.p,{children:["The default mode is ",(0,s.jsx)(n.code,{children:"agent"}),". ",(0,s.jsx)(n.code,{children:"pod"})," or ",(0,s.jsx)(n.code,{children:"cluster"})," modes are recommended when running ",(0,s.jsx)(n.a,{href:"/advanced#running-agentless-servers-experimental",children:"agentless servers"}),", in order to provide the apiserver with access to cluster service endpoints in the absence of flannel and kube-proxy."]}),"\n",(0,s.jsxs)(n.p,{children:["The egress selector mode may be configured on servers via the ",(0,s.jsx)(n.code,{children:"--egress-selector-mode"})," flag, and offers four modes:"]}),"\n",(0,s.jsxs)(n.ul,{children:["\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.code,{children:"disabled"}),": The apiserver does not use agent tunnels to communicate with kubelets or cluster endpoints.\nThis mode requires that servers run the kubelet, CNI, and kube-proxy, and have direct connectivity to agents, or the apiserver will not be able to access service endpoints or perform ",(0,s.jsx)(n.code,{children:"kubectl exec"})," and ",(0,s.jsx)(n.code,{children:"kubectl logs"}),"."]}),"\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.code,{children:"agent"})," (default): The apiserver uses agent tunnels to communicate with kubelets.\nThis mode requires that the servers also run the kubelet, CNI, and kube-proxy, or the apiserver will not be able to access service endpoints."]}),"\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.code,{children:"pod"}),": The apiserver uses agent tunnels to communicate with kubelets and service endpoints, routing endpoint connections to the correct agent by watching Nodes and Endpoints.",(0,s.jsx)(n.br,{}),"\n",(0,s.jsx)(n.strong,{children:"NOTE"}),": This mode will not work when using a CNI that uses its own IPAM and does not respect the node's PodCIDR allocation. ",(0,s.jsx)(n.code,{children:"cluster"})," or ",(0,s.jsx)(n.code,{children:"agent"})," mode should be used with these CNIs instead."]}),"\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.code,{children:"cluster"}),": The apiserver uses agent tunnels to communicate with kubelets and service endpoints, routing endpoint connections to the correct agent by watching Pods and Endpoints. This mode has the highest portability across different cluster configurations, at the cost of increased overhead."]}),"\n"]}),"\n",(0,s.jsx)(n.h2,{id:"dual-stack-ipv4--ipv6-networking",children:"Dual-stack (IPv4 + IPv6) Networking"}),"\n",(0,s.jsx)(n.admonition,{title:"Version Gate",type:"info",children:(0,s.jsxs)(n.p,{children:["Experimental support is available as of ",(0,s.jsx)(n.a,{href:"https://github.com/k3s-io/k3s/releases/tag/v1.21.0%2Bk3s1",children:"v1.21.0+k3s1"}),".",(0,s.jsx)(n.br,{}),"\n","Stable support is available as of ",(0,s.jsx)(n.a,{href:"https://github.com/k3s-io/k3s/releases/tag/v1.23.7%2Bk3s1",children:"v1.23.7+k3s1"}),"."]})}),"\n",(0,s.jsxs)(n.admonition,{title:"Known Issue",type:"warning",children:[(0,s.jsxs)(n.p,{children:["Before 1.27, Kubernetes ",(0,s.jsx)(n.a,{href:"https://github.com/kubernetes/kubernetes/issues/111695",children:"Issue #111695"})," causes the Kubelet to ignore the node IPv6 addresses if you have a dual-stack environment and you are not using the primary network interface for cluster traffic. To avoid this bug, use 1.27 or newer or add the following flag to both K3s servers and agents:"]}),(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{children:'--kubelet-arg="node-ip=0.0.0.0" # To proritize IPv4 traffic\n#OR\n--kubelet-arg="node-ip=::" # To proritize IPv6 traffic\n'})})]}),"\n",(0,s.jsx)(n.p,{children:"Dual-stack networking must be configured when the cluster is first created. It cannot be enabled on an existing cluster once it has been started as IPv4-only."}),"\n",(0,s.jsxs)(n.p,{children:["To enable dual-stack in K3s, you must provide valid dual-stack ",(0,s.jsx)(n.code,{children:"cluster-cidr"})," and ",(0,s.jsx)(n.code,{children:"service-cidr"})," on all server nodes. This is an example of a valid configuration:"]}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{children:"--cluster-cidr=10.42.0.0/16,2001:cafe:42::/56 --service-cidr=10.43.0.0/16,2001:cafe:43::/112\n"})}),"\n",(0,s.jsxs)(n.p,{children:["Note that you may configure any valid ",(0,s.jsx)(n.code,{children:"cluster-cidr"})," and ",(0,s.jsx)(n.code,{children:"service-cidr"})," values, but the above masks are recommended. If you change the ",(0,s.jsx)(n.code,{children:"cluster-cidr"})," mask, you should also change the ",(0,s.jsx)(n.code,{children:"node-cidr-mask-size-ipv4"})," and ",(0,s.jsx)(n.code,{children:"node-cidr-mask-size-ipv6"})," values to match the planned pods per node and total node count. The largest supported ",(0,s.jsx)(n.code,{children:"service-cidr"})," mask is /12 for IPv4, and /112 for IPv6. Remember to allow ipv6 traffic if you are deploying in a public cloud."]}),"\n",(0,s.jsx)(n.p,{children:"If you are using a custom CNI plugin, i.e. a CNI plugin other than Flannel, the additional configuration may be required. Please consult your plugin's dual-stack documentation and verify if network policies can be enabled."}),"\n",(0,s.jsx)(n.admonition,{title:"Known Issue",type:"warning",children:(0,s.jsx)(n.p,{children:"When defining cluster-cidr and service-cidr with IPv6 as the primary family, the node-ip of all cluster members should be explicitly set, placing node's desired IPv6 address as the first address. By default, the kubelet always uses IPv4 as the primary address family."})}),"\n",(0,s.jsx)(n.h2,{id:"single-stack-ipv6-networking",children:"Single-stack IPv6 Networking"}),"\n",(0,s.jsx)(n.admonition,{title:"Version Gate",type:"info",children:(0,s.jsxs)(n.p,{children:["Available as of ",(0,s.jsx)(n.a,{href:"https://github.com/k3s-io/k3s/releases/tag/v1.22.9%2Bk3s1",children:"v1.22.9+k3s1"})]})}),"\n",(0,s.jsx)(n.admonition,{title:"Known Issue",type:"warning",children:(0,s.jsxs)(n.p,{children:["If your IPv6 default route is set by a router advertisement (RA), you will need to set the sysctl ",(0,s.jsx)(n.code,{children:"net.ipv6.conf.all.accept_ra=2"}),"; otherwise, the node will drop the default route once it expires. Be aware that accepting RAs could increase the risk of ",(0,s.jsx)(n.a,{href:"https://github.com/kubernetes/kubernetes/issues/91507",children:"man-in-the-middle attacks"}),"."]})}),"\n",(0,s.jsxs)(n.p,{children:["Single-stack IPv6 clusters (clusters without IPv4) are supported on K3s using the ",(0,s.jsx)(n.code,{children:"--cluster-cidr"})," and ",(0,s.jsx)(n.code,{children:"--service-cidr"})," flags. This is an example of a valid configuration:"]}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"--cluster-cidr=2001:cafe:42::/56 --service-cidr=2001:cafe:43::/112\n"})}),"\n",(0,s.jsx)(n.h2,{id:"nodes-without-a-hostname",children:"Nodes Without a Hostname"}),"\n",(0,s.jsxs)(n.p,{children:['Some cloud providers, such as Linode, will create machines with "localhost" as the hostname and others may not have a hostname set at all. This can cause problems with domain name resolution. You can run K3s with the ',(0,s.jsx)(n.code,{children:"--node-name"})," flag or ",(0,s.jsx)(n.code,{children:"K3S_NODE_NAME"})," environment variable and this will pass the node name to resolve this issue."]})]})}function h(e={}){const{wrapper:n}={...(0,t.a)(),...e.components};return n?(0,s.jsx)(n,{...e,children:(0,s.jsx)(c,{...e})}):c(e)}function u(e,n){throw new Error("Expected "+(n?"component":"object")+" `"+e+"` to be defined: you likely forgot to import, pass, or provide it.")}},1151:(e,n,i)=>{i.d(n,{Z:()=>a,a:()=>o});var s=i(7294);const t={},r=s.createContext(t);function o(e){const n=s.useContext(r);return s.useMemo((function(){return"function"==typeof e?e(n):{...n,...e}}),[n,e])}function a(e){let n;return n=e.disableParentContext?"function"==typeof e.components?e.components(t):e.components||t:o(e.components),s.createElement(r.Provider,{value:n},e.children)}}}]);
\ No newline at end of file
+"use strict";(self.webpackChunkk_3_s_docs=self.webpackChunkk_3_s_docs||[]).push([[9233],{6516:(e,n,i)=>{i.r(n),i.d(n,{assets:()=>l,contentTitle:()=>o,default:()=>h,frontMatter:()=>r,metadata:()=>a,toc:()=>d});var s=i(5893),t=i(1151);const r={title:"Basic Network Options"},o=void 0,a={id:"networking/basic-network-options",title:"Basic Network Options",description:"This page describes K3s network configuration options, including configuration or replacement of Flannel, and configuring IPv6 or dualStack.",source:"@site/docs/networking/basic-network-options.md",sourceDirName:"networking",slug:"/networking/basic-network-options",permalink:"/networking/basic-network-options",draft:!1,unlisted:!1,editUrl:"https://github.com/k3s-io/docs/edit/main/docs/networking/basic-network-options.md",tags:[],version:"current",lastUpdatedAt:1723747404e3,frontMatter:{title:"Basic Network Options"},sidebar:"mySidebar",previous:{title:"Networking",permalink:"/networking/"},next:{title:"Distributed hybrid or multicloud cluster",permalink:"/networking/distributed-multicloud"}},l={},d=[{value:"Flannel Options",id:"flannel-options",level:2},{value:"Migrating from wireguard or ipsec to wireguard-native",id:"migrating-from-wireguard-or-ipsec-to-wireguard-native",level:3},{value:"Custom CNI",id:"custom-cni",level:2},{value:"Control-Plane Egress Selector configuration",id:"control-plane-egress-selector-configuration",level:2},{value:"Dual-stack (IPv4 + IPv6) Networking",id:"dual-stack-ipv4--ipv6-networking",level:2},{value:"Single-stack IPv6 Networking",id:"single-stack-ipv6-networking",level:2},{value:"Nodes Without a Hostname",id:"nodes-without-a-hostname",level:2}];function c(e){const n={a:"a",admonition:"admonition",br:"br",code:"code",h2:"h2",h3:"h3",li:"li",ol:"ol",p:"p",pre:"pre",strong:"strong",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",ul:"ul",...(0,t.a)(),...e.components},{TabItem:i,Tabs:r}=n;return i||u("TabItem",!0),r||u("Tabs",!0),(0,s.jsxs)(s.Fragment,{children:[(0,s.jsx)(n.p,{children:"This page describes K3s network configuration options, including configuration or replacement of Flannel, and configuring IPv6 or dualStack."}),"\n",(0,s.jsx)(n.h2,{id:"flannel-options",children:"Flannel Options"}),"\n",(0,s.jsxs)(n.p,{children:[(0,s.jsx)(n.a,{href:"https://github.com/flannel-io/flannel/blob/master/README.md",children:"Flannel"})," is a lightweight provider of layer 3 network fabric that implements the Kubernetes Container Network Interface (CNI). It is what is commonly referred to as a CNI Plugin."]}),"\n",(0,s.jsxs)(n.ul,{children:["\n",(0,s.jsx)(n.li,{children:"Flannel options can only be set on server nodes, and must be identical on all servers in the cluster."}),"\n",(0,s.jsxs)(n.li,{children:["The default backend for Flannel is ",(0,s.jsx)(n.code,{children:"vxlan"}),". To enable encryption, use the ",(0,s.jsx)(n.code,{children:"wireguard-native"})," backend."]}),"\n",(0,s.jsxs)(n.li,{children:["Using ",(0,s.jsx)(n.code,{children:"vxlan"})," on Rasperry Pi with recent versions of Ubuntu requires ",(0,s.jsx)(n.a,{href:"/installation/requirements?os=pi#operating-systems",children:"additional preparation"}),"."]}),"\n",(0,s.jsxs)(n.li,{children:["Using ",(0,s.jsx)(n.code,{children:"wireguard-native"})," as the Flannel backend may require additional modules on some Linux distributions. Please see the ",(0,s.jsx)(n.a,{href:"https://www.wireguard.com/install/",children:"WireGuard Install Guide"})," for details.\nThe WireGuard install steps will ensure the appropriate kernel modules are installed for your operating system.\nYou must ensure that WireGuard kernel modules are available on every node, both servers and agents, before attempting to use the WireGuard Flannel backend."]}),"\n"]}),"\n",(0,s.jsxs)(n.table,{children:[(0,s.jsx)(n.thead,{children:(0,s.jsxs)(n.tr,{children:[(0,s.jsx)(n.th,{children:"CLI Flag and Value"}),(0,s.jsx)(n.th,{children:"Description"})]})}),(0,s.jsxs)(n.tbody,{children:[(0,s.jsxs)(n.tr,{children:[(0,s.jsx)(n.td,{children:(0,s.jsx)(n.code,{children:"--flannel-ipv6-masq"})}),(0,s.jsxs)(n.td,{children:["Apply masquerading rules to IPv6 traffic (default for IPv4). Only applies on dual-stack or IPv6-only clusters. Compatible with any Flannel backend other than ",(0,s.jsx)(n.code,{children:"none"}),"."]})]}),(0,s.jsxs)(n.tr,{children:[(0,s.jsx)(n.td,{children:(0,s.jsx)(n.code,{children:"--flannel-external-ip"})}),(0,s.jsx)(n.td,{children:"Use node external IP addresses as the destination for Flannel traffic, instead of internal IPs. Only applies when --node-external-ip is set on a node."})]}),(0,s.jsxs)(n.tr,{children:[(0,s.jsx)(n.td,{children:(0,s.jsx)(n.code,{children:"--flannel-backend=vxlan"})}),(0,s.jsx)(n.td,{children:"Use VXLAN to encapsulate the packets. May require additional kernel modules on Raspberry Pi."})]}),(0,s.jsxs)(n.tr,{children:[(0,s.jsx)(n.td,{children:(0,s.jsx)(n.code,{children:"--flannel-backend=host-gw"})}),(0,s.jsx)(n.td,{children:"Use IP routes to pod subnets via node IPs. Requires direct layer 2 connectivity between all nodes in the cluster."})]}),(0,s.jsxs)(n.tr,{children:[(0,s.jsx)(n.td,{children:(0,s.jsx)(n.code,{children:"--flannel-backend=wireguard-native"})}),(0,s.jsx)(n.td,{children:"Use WireGuard to encapsulate and encrypt network traffic. May require additional kernel modules."})]}),(0,s.jsxs)(n.tr,{children:[(0,s.jsx)(n.td,{children:(0,s.jsx)(n.code,{children:"--flannel-backend=ipsec"})}),(0,s.jsxs)(n.td,{children:["Use strongSwan IPSec via the ",(0,s.jsx)(n.code,{children:"swanctl"})," binary to encrypt network traffic. (Deprecated; will be removed in v1.27.0)"]})]}),(0,s.jsxs)(n.tr,{children:[(0,s.jsx)(n.td,{children:(0,s.jsx)(n.code,{children:"--flannel-backend=none"})}),(0,s.jsx)(n.td,{children:"Disable Flannel entirely."})]})]})]}),"\n",(0,s.jsx)(n.admonition,{title:"Version Gate",type:"info",children:(0,s.jsxs)(n.p,{children:["K3s no longer includes strongSwan ",(0,s.jsx)(n.code,{children:"swanctl"})," and ",(0,s.jsx)(n.code,{children:"charon"})," binaries starting with the 2022-12 releases (v1.26.0+k3s1, v1.25.5+k3s1, v1.24.9+k3s1, v1.23.15+k3s1). Please install the correct packages on your node before upgrading to or installing these releases if you want to use the ",(0,s.jsx)(n.code,{children:"ipsec"})," backend."]})}),"\n",(0,s.jsxs)(n.h3,{id:"migrating-from-wireguard-or-ipsec-to-wireguard-native",children:["Migrating from ",(0,s.jsx)(n.code,{children:"wireguard"})," or ",(0,s.jsx)(n.code,{children:"ipsec"})," to ",(0,s.jsx)(n.code,{children:"wireguard-native"})]}),"\n",(0,s.jsxs)(n.p,{children:["The legacy ",(0,s.jsx)(n.code,{children:"wireguard"})," backend requires installation of the ",(0,s.jsx)(n.code,{children:"wg"})," tool on the host. This backend is not available in K3s v1.26 and higher, in favor of ",(0,s.jsx)(n.code,{children:"wireguard-native"})," backend, which directly interfaces with the kernel."]}),"\n",(0,s.jsxs)(n.p,{children:["The legacy ",(0,s.jsx)(n.code,{children:"ipsec"})," backend requires installation of the ",(0,s.jsx)(n.code,{children:"swanctl"})," and ",(0,s.jsx)(n.code,{children:"charon"})," binaries on the host. This backend is not available in K3s v1.27 and higher, in favor of the ",(0,s.jsx)(n.code,{children:"wireguard-native"})," backend."]}),"\n",(0,s.jsx)(n.p,{children:"We recommend that users migrate to the new backend as soon as possible. The migration requires a short period of downtime while nodes come up with the new configuration. You should follow these two steps:"}),"\n",(0,s.jsxs)(n.ol,{children:["\n",(0,s.jsxs)(n.li,{children:["Update the K3s config on all server nodes. If using config files, the ",(0,s.jsx)(n.code,{children:"/etc/rancher/k3s/config.yaml"})," should include ",(0,s.jsx)(n.code,{children:"flannel-backend: wireguard-native"})," instead of ",(0,s.jsx)(n.code,{children:"flannel-backend: wireguard"})," or ",(0,s.jsx)(n.code,{children:"flannel-backend: ipsec"}),". If you are configuring K3s via CLI flags in the systemd unit, the equivalent flags should be changed."]}),"\n",(0,s.jsx)(n.li,{children:"Reboot all nodes, starting with the servers."}),"\n"]}),"\n",(0,s.jsx)(n.h2,{id:"custom-cni",children:"Custom CNI"}),"\n",(0,s.jsxs)(n.p,{children:["Start K3s with ",(0,s.jsx)(n.code,{children:"--flannel-backend=none"})," and install your CNI of choice. Most CNI plugins come with their own network policy engine, so it is recommended to set ",(0,s.jsx)(n.code,{children:"--disable-network-policy"})," as well to avoid conflicts. Some important information to take into consideration:"]}),"\n",(0,s.jsxs)(r,{queryString:"cni",children:[(0,s.jsxs)(i,{value:"Canal",default:!0,children:[(0,s.jsxs)(n.p,{children:["Visit the ",(0,s.jsx)(n.a,{href:"https://docs.tigera.io/calico/latest/getting-started/kubernetes/flannel/install-for-flannel#installing-calico-for-policy-and-flannel-aka-canal-for-networking",children:"Canal Docs"})," website. Follow the steps to install Canal. Modify the Canal YAML so that IP forwarding is allowed in the ",(0,s.jsx)(n.code,{children:"container_settings"})," section, for example:"]}),(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-yaml",children:'"container_settings": {\n "allow_ip_forwarding": true\n}\n'})}),(0,s.jsx)(n.p,{children:"Apply the Canal YAML."}),(0,s.jsx)(n.p,{children:"Ensure the settings were applied by running the following command on the host:"}),(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"cat /etc/cni/net.d/10-canal.conflist\n"})}),(0,s.jsx)(n.p,{children:"You should see that IP forwarding is set to true."})]}),(0,s.jsxs)(i,{value:"Calico",default:!0,children:[(0,s.jsxs)(n.p,{children:["Follow the ",(0,s.jsx)(n.a,{href:"https://docs.tigera.io/calico/latest/reference/configure-cni-plugins",children:"Calico CNI Plugins Guide"}),". Modify the Calico YAML so that IP forwarding is allowed in the ",(0,s.jsx)(n.code,{children:"container_settings"})," section, for example:"]}),(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-yaml",children:'"container_settings": {\n "allow_ip_forwarding": true\n}\n'})}),(0,s.jsx)(n.p,{children:"Apply the Calico YAML."}),(0,s.jsx)(n.p,{children:"Ensure the settings were applied by running the following command on the host:"}),(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"cat /etc/cni/net.d/10-calico.conflist\n"})}),(0,s.jsx)(n.p,{children:"You should see that IP forwarding is set to true."})]}),(0,s.jsxs)(i,{value:"Cilium",default:!0,children:[(0,s.jsxs)(n.p,{children:["Before running ",(0,s.jsx)(n.code,{children:"k3s-killall.sh"})," or ",(0,s.jsx)(n.code,{children:"k3s-uninstall.sh"}),", you must manually remove ",(0,s.jsx)(n.code,{children:"cilium_host"}),", ",(0,s.jsx)(n.code,{children:"cilium_net"})," and ",(0,s.jsx)(n.code,{children:"cilium_vxlan"})," interfaces. If you fail to do this, you may lose network connectivity to the host when K3s is stopped"]}),(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"ip link delete cilium_host\nip link delete cilium_net\nip link delete cilium_vxlan\n"})}),(0,s.jsx)(n.p,{children:"Additionally, iptables rules for cilium should be removed:"}),(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"iptables-save | grep -iv cilium | iptables-restore\nip6tables-save | grep -iv cilium | ip6tables-restore\n"})})]})]}),"\n",(0,s.jsx)(n.h2,{id:"control-plane-egress-selector-configuration",children:"Control-Plane Egress Selector configuration"}),"\n",(0,s.jsxs)(n.p,{children:["K3s agents and servers maintain websocket tunnels between nodes that are used to encapsulate bidirectional communication between the control-plane (apiserver) and agent (kubelet and containerd) components.\nThis allows agents to operate without exposing the kubelet and container runtime streaming ports to incoming connections, and for the control-plane to connect to cluster services when operating with the agent disabled.\nThis functionality is equivalent to the ",(0,s.jsx)(n.a,{href:"https://kubernetes.io/docs/tasks/extend-kubernetes/setup-konnectivity/",children:"Konnectivity"})," service commonly used on other Kubernetes distributions, and is managed via the apiserver's egress selector configuration."]}),"\n",(0,s.jsxs)(n.p,{children:["The default mode is ",(0,s.jsx)(n.code,{children:"agent"}),". ",(0,s.jsx)(n.code,{children:"pod"})," or ",(0,s.jsx)(n.code,{children:"cluster"})," modes are recommended when running ",(0,s.jsx)(n.a,{href:"/advanced#running-agentless-servers-experimental",children:"agentless servers"}),", in order to provide the apiserver with access to cluster service endpoints in the absence of flannel and kube-proxy."]}),"\n",(0,s.jsxs)(n.p,{children:["The egress selector mode may be configured on servers via the ",(0,s.jsx)(n.code,{children:"--egress-selector-mode"})," flag, and offers four modes:"]}),"\n",(0,s.jsxs)(n.ul,{children:["\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.code,{children:"disabled"}),": The apiserver does not use agent tunnels to communicate with kubelets or cluster endpoints.\nThis mode requires that servers run the kubelet, CNI, and kube-proxy, and have direct connectivity to agents, or the apiserver will not be able to access service endpoints or perform ",(0,s.jsx)(n.code,{children:"kubectl exec"})," and ",(0,s.jsx)(n.code,{children:"kubectl logs"}),"."]}),"\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.code,{children:"agent"})," (default): The apiserver uses agent tunnels to communicate with kubelets.\nThis mode requires that the servers also run the kubelet, CNI, and kube-proxy, or the apiserver will not be able to access service endpoints."]}),"\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.code,{children:"pod"}),": The apiserver uses agent tunnels to communicate with kubelets and service endpoints, routing endpoint connections to the correct agent by watching Nodes and Endpoints.",(0,s.jsx)(n.br,{}),"\n",(0,s.jsx)(n.strong,{children:"NOTE"}),": This mode will not work when using a CNI that uses its own IPAM and does not respect the node's PodCIDR allocation. ",(0,s.jsx)(n.code,{children:"cluster"})," or ",(0,s.jsx)(n.code,{children:"agent"})," mode should be used with these CNIs instead."]}),"\n",(0,s.jsxs)(n.li,{children:[(0,s.jsx)(n.code,{children:"cluster"}),": The apiserver uses agent tunnels to communicate with kubelets and service endpoints, routing endpoint connections to the correct agent by watching Pods and Endpoints. This mode has the highest portability across different cluster configurations, at the cost of increased overhead."]}),"\n"]}),"\n",(0,s.jsx)(n.h2,{id:"dual-stack-ipv4--ipv6-networking",children:"Dual-stack (IPv4 + IPv6) Networking"}),"\n",(0,s.jsx)(n.admonition,{title:"Version Gate",type:"info",children:(0,s.jsxs)(n.p,{children:["Experimental support is available as of ",(0,s.jsx)(n.a,{href:"https://github.com/k3s-io/k3s/releases/tag/v1.21.0%2Bk3s1",children:"v1.21.0+k3s1"}),".",(0,s.jsx)(n.br,{}),"\n","Stable support is available as of ",(0,s.jsx)(n.a,{href:"https://github.com/k3s-io/k3s/releases/tag/v1.23.7%2Bk3s1",children:"v1.23.7+k3s1"}),"."]})}),"\n",(0,s.jsxs)(n.admonition,{title:"Known Issue",type:"warning",children:[(0,s.jsxs)(n.p,{children:["Before 1.27, Kubernetes ",(0,s.jsx)(n.a,{href:"https://github.com/kubernetes/kubernetes/issues/111695",children:"Issue #111695"})," causes the Kubelet to ignore the node IPv6 addresses if you have a dual-stack environment and you are not using the primary network interface for cluster traffic. To avoid this bug, use 1.27 or newer or add the following flag to both K3s servers and agents:"]}),(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{children:'--kubelet-arg="node-ip=0.0.0.0" # To proritize IPv4 traffic\n#OR\n--kubelet-arg="node-ip=::" # To proritize IPv6 traffic\n'})})]}),"\n",(0,s.jsx)(n.p,{children:"Dual-stack networking must be configured when the cluster is first created. It cannot be enabled on an existing cluster once it has been started as IPv4-only."}),"\n",(0,s.jsxs)(n.p,{children:["To enable dual-stack in K3s, you must provide valid dual-stack ",(0,s.jsx)(n.code,{children:"cluster-cidr"})," and ",(0,s.jsx)(n.code,{children:"service-cidr"})," on all server nodes. This is an example of a valid configuration:"]}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{children:"--cluster-cidr=10.42.0.0/16,2001:cafe:42::/56 --service-cidr=10.43.0.0/16,2001:cafe:43::/112\n"})}),"\n",(0,s.jsxs)(n.p,{children:["Note that you may configure any valid ",(0,s.jsx)(n.code,{children:"cluster-cidr"})," and ",(0,s.jsx)(n.code,{children:"service-cidr"})," values, but the above masks are recommended. If you change the ",(0,s.jsx)(n.code,{children:"cluster-cidr"})," mask, you should also change the ",(0,s.jsx)(n.code,{children:"node-cidr-mask-size-ipv4"})," and ",(0,s.jsx)(n.code,{children:"node-cidr-mask-size-ipv6"})," values to match the planned pods per node and total node count. The largest supported ",(0,s.jsx)(n.code,{children:"service-cidr"})," mask is /12 for IPv4, and /112 for IPv6. Remember to allow ipv6 traffic if you are deploying in a public cloud."]}),"\n",(0,s.jsx)(n.p,{children:"If you are using a custom CNI plugin, i.e. a CNI plugin other than Flannel, the additional configuration may be required. Please consult your plugin's dual-stack documentation and verify if network policies can be enabled."}),"\n",(0,s.jsx)(n.admonition,{title:"Known Issue",type:"warning",children:(0,s.jsx)(n.p,{children:"When defining cluster-cidr and service-cidr with IPv6 as the primary family, the node-ip of all cluster members should be explicitly set, placing node's desired IPv6 address as the first address. By default, the kubelet always uses IPv4 as the primary address family."})}),"\n",(0,s.jsx)(n.h2,{id:"single-stack-ipv6-networking",children:"Single-stack IPv6 Networking"}),"\n",(0,s.jsx)(n.admonition,{title:"Version Gate",type:"info",children:(0,s.jsxs)(n.p,{children:["Available as of ",(0,s.jsx)(n.a,{href:"https://github.com/k3s-io/k3s/releases/tag/v1.22.9%2Bk3s1",children:"v1.22.9+k3s1"})]})}),"\n",(0,s.jsx)(n.admonition,{title:"Known Issue",type:"warning",children:(0,s.jsxs)(n.p,{children:["If your IPv6 default route is set by a router advertisement (RA), you will need to set the sysctl ",(0,s.jsx)(n.code,{children:"net.ipv6.conf.all.accept_ra=2"}),"; otherwise, the node will drop the default route once it expires. Be aware that accepting RAs could increase the risk of ",(0,s.jsx)(n.a,{href:"https://github.com/kubernetes/kubernetes/issues/91507",children:"man-in-the-middle attacks"}),"."]})}),"\n",(0,s.jsxs)(n.p,{children:["Single-stack IPv6 clusters (clusters without IPv4) are supported on K3s using the ",(0,s.jsx)(n.code,{children:"--cluster-cidr"})," and ",(0,s.jsx)(n.code,{children:"--service-cidr"})," flags. This is an example of a valid configuration:"]}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"--cluster-cidr=2001:cafe:42::/56 --service-cidr=2001:cafe:43::/112\n"})}),"\n",(0,s.jsx)(n.h2,{id:"nodes-without-a-hostname",children:"Nodes Without a Hostname"}),"\n",(0,s.jsxs)(n.p,{children:['Some cloud providers, such as Linode, will create machines with "localhost" as the hostname and others may not have a hostname set at all. This can cause problems with domain name resolution. You can run K3s with the ',(0,s.jsx)(n.code,{children:"--node-name"})," flag or ",(0,s.jsx)(n.code,{children:"K3S_NODE_NAME"})," environment variable and this will pass the node name to resolve this issue."]})]})}function h(e={}){const{wrapper:n}={...(0,t.a)(),...e.components};return n?(0,s.jsx)(n,{...e,children:(0,s.jsx)(c,{...e})}):c(e)}function u(e,n){throw new Error("Expected "+(n?"component":"object")+" `"+e+"` to be defined: you likely forgot to import, pass, or provide it.")}},1151:(e,n,i)=>{i.d(n,{Z:()=>a,a:()=>o});var s=i(7294);const t={},r=s.createContext(t);function o(e){const n=s.useContext(r);return s.useMemo((function(){return"function"==typeof e?e(n):{...n,...e}}),[n,e])}function a(e){let n;return n=e.disableParentContext?"function"==typeof e.components?e.components(t):e.components||t:o(e.components),s.createElement(r.Provider,{value:n},e.children)}}}]);
\ No newline at end of file
diff --git a/assets/js/0759a3f5.61f27b73.js b/assets/js/0759a3f5.01299847.js
similarity index 99%
rename from assets/js/0759a3f5.61f27b73.js
rename to assets/js/0759a3f5.01299847.js
index 69ad66fa9..3b81a75e3 100644
--- a/assets/js/0759a3f5.61f27b73.js
+++ b/assets/js/0759a3f5.01299847.js
@@ -1 +1 @@
-"use strict";(self.webpackChunkk_3_s_docs=self.webpackChunkk_3_s_docs||[]).push([[2409],{2714:(e,s,i)=>{i.r(s),i.d(s,{assets:()=>c,contentTitle:()=>l,default:()=>a,frontMatter:()=>n,metadata:()=>h,toc:()=>o});var r=i(5893),t=i(1151);const n={hide_table_of_contents:!0,sidebar_position:2},l="v1.29.X",h={id:"release-notes/v1.29.X",title:"v1.29.X",description:"Before upgrading from earlier releases, be sure to read the Kubernetes Urgent Upgrade Notes.",source:"@site/docs/release-notes/v1.29.X.md",sourceDirName:"release-notes",slug:"/release-notes/v1.29.X",permalink:"/release-notes/v1.29.X",draft:!1,unlisted:!1,editUrl:"https://github.com/k3s-io/docs/edit/main/docs/release-notes/v1.29.X.md",tags:[],version:"current",lastUpdatedAt:1723651727e3,sidebarPosition:2,frontMatter:{hide_table_of_contents:!0,sidebar_position:2},sidebar:"mySidebar",previous:{title:"v1.30.X",permalink:"/release-notes/v1.30.X"},next:{title:"v1.28.X",permalink:"/release-notes/v1.28.X"}},c={},o=[{value:"Release v1.29.7+k3s1",id:"release-v1297k3s1",level:2},{value:"Changes since v1.29.6+k3s2:",id:"changes-since-v1296k3s2",level:3},{value:"Release v1.29.6+k3s2",id:"release-v1296k3s2",level:2},{value:"Changes since v1.29.6+k3s1:",id:"changes-since-v1296k3s1",level:3},{value:"Release v1.29.6+k3s1",id:"release-v1296k3s1",level:2},{value:"Changes since v1.29.5+k3s1:",id:"changes-since-v1295k3s1",level:3},{value:"Release v1.29.5+k3s1",id:"release-v1295k3s1",level:2},{value:"Changes since v1.29.4+k3s1:",id:"changes-since-v1294k3s1",level:3},{value:"Release v1.29.4+k3s1",id:"release-v1294k3s1",level:2},{value:"Changes since v1.29.3+k3s1:",id:"changes-since-v1293k3s1",level:3},{value:"Release v1.29.3+k3s1",id:"release-v1293k3s1",level:2},{value:"Changes since v1.29.2+k3s1:",id:"changes-since-v1292k3s1",level:3},{value:"Release v1.29.2+k3s1",id:"release-v1292k3s1",level:2},{value:"Changes since v1.29.1+k3s2:",id:"changes-since-v1291k3s2",level:3},{value:"Release v1.29.1+k3s2",id:"release-v1291k3s2",level:2},{value:"Changes since v1.29.0+k3s1:",id:"changes-since-v1290k3s1",level:3},{value:"Release v1.29.0+k3s1",id:"release-v1290k3s1",level:2},{value:"Changes since v1.28.4+k3s2:",id:"changes-since-v1284k3s2",level:3}];function d(e){const s={a:"a",admonition:"admonition",code:"code",h1:"h1",h2:"h2",h3:"h3",header:"header",hr:"hr",li:"li",p:"p",strong:"strong",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",ul:"ul",...(0,t.a)(),...e.components};return(0,r.jsxs)(r.Fragment,{children:[(0,r.jsx)(s.header,{children:(0,r.jsx)(s.h1,{id:"v129x",children:"v1.29.X"})}),"\n",(0,r.jsx)(s.admonition,{title:"Upgrade Notice",type:"warning",children:(0,r.jsxs)(s.p,{children:["Before upgrading from earlier releases, be sure to read the Kubernetes ",(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#urgent-upgrade-notes",children:"Urgent Upgrade Notes"}),"."]})}),"\n",(0,r.jsxs)(s.table,{children:[(0,r.jsx)(s.thead,{children:(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.th,{children:"Version"}),(0,r.jsx)(s.th,{children:"Release date"}),(0,r.jsx)(s.th,{children:"Kubernetes"}),(0,r.jsx)(s.th,{children:"Kine"}),(0,r.jsx)(s.th,{children:"SQLite"}),(0,r.jsx)(s.th,{children:"Etcd"}),(0,r.jsx)(s.th,{children:"Containerd"}),(0,r.jsx)(s.th,{children:"Runc"}),(0,r.jsx)(s.th,{children:"Flannel"}),(0,r.jsx)(s.th,{children:"Metrics-server"}),(0,r.jsx)(s.th,{children:"Traefik"}),(0,r.jsx)(s.th,{children:"CoreDNS"}),(0,r.jsx)(s.th,{children:"Helm-controller"}),(0,r.jsx)(s.th,{children:"Local-path-provisioner"})]})}),(0,r.jsxs)(s.tbody,{children:[(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"/release-notes/v1.29.X#release-v1297k3s1",children:"v1.29.7+k3s1"})}),(0,r.jsx)(s.td,{children:"Jul 31 2024"}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1297",children:"v1.29.7"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.11.11",children:"v0.11.11"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_44_0.html",children:"3.44.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.13-k3s1",children:"v3.5.13-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.7.17-k3s1",children:"v1.7.17-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.12",children:"v1.1.12"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.25.4",children:"v0.25.4"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.7.0",children:"v0.7.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.10.7",children:"v2.10.7"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.10.1",children:"v1.10.1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.15.10",children:"v0.15.10"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.28",children:"v0.0.28"})})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"/release-notes/v1.29.X#release-v1296k3s2",children:"v1.29.6+k3s2"})}),(0,r.jsx)(s.td,{children:"Jul 03 2024"}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1296",children:"v1.29.6"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.11.9",children:"v0.11.9"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_44_0.html",children:"3.44.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.13-k3s1",children:"v3.5.13-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.7.17-k3s1",children:"v1.7.17-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.12",children:"v1.1.12-"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.25.4",children:"v0.25.4"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.7.0",children:"v0.7.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.10.7",children:"v2.10.7"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.10.1",children:"v1.10.1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.15.10",children:"v0.15.10"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.27",children:"v0.0.27"})})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"/release-notes/v1.29.X#release-v1296k3s1",children:"v1.29.6+k3s1"})}),(0,r.jsx)(s.td,{children:"Jun 25 2024"}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1296",children:"v1.29.6"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.11.9",children:"v0.11.9"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_44_0.html",children:"3.44.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.13-k3s1",children:"v3.5.13-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.7.17-k3s1",children:"v1.7.17-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.12",children:"v1.1.12"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.25.2",children:"v0.25.2"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.7.0",children:"v0.7.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.10.7",children:"v2.10.7"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.10.1",children:"v1.10.1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.15.10",children:"v0.15.10"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.27",children:"v0.0.27"})})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"/release-notes/v1.29.X#release-v1295k3s1",children:"v1.29.5+k3s1"})}),(0,r.jsx)(s.td,{children:"May 22 2024"}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1295",children:"v1.29.5"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.11.7",children:"v0.11.7"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_44_0.html",children:"3.44.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.9-k3s1",children:"v3.5.9-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.7.15-k3s1",children:"v1.7.15-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.12-k3s1",children:"v1.1.12-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.24.2",children:"v0.24.2"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.7.0",children:"v0.7.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.10.7",children:"v2.10.7"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.10.1",children:"v1.10.1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.15.9",children:"v0.15.9"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.26",children:"v0.0.26"})})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"/release-notes/v1.29.X#release-v1294k3s1",children:"v1.29.4+k3s1"})}),(0,r.jsx)(s.td,{children:"Apr 25 2024"}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1294",children:"v1.29.4"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.11.7",children:"v0.11.7"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_44_0.html",children:"3.44.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.9-k3s1",children:"v3.5.9-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.7.15-k3s1",children:"v1.7.15-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.12",children:"v1.1.12"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.24.2",children:"v0.24.2"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.7.0",children:"v0.7.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.10.7",children:"v2.10.7"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.10.1",children:"v1.10.1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.15.9",children:"v0.15.9"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.26",children:"v0.0.26"})})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"/release-notes/v1.29.X#release-v1293k3s1",children:"v1.29.3+k3s1"})}),(0,r.jsx)(s.td,{children:"Mar 25 2024"}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1293",children:"v1.29.3"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.11.4",children:"v0.11.4"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_44_0.html",children:"3.44.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.9-k3s1",children:"v3.5.9-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.7.11-k3s2",children:"v1.7.11-k3s2"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.12-k3s1",children:"v1.1.12-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.24.2",children:"v0.24.2"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.7.0",children:"v0.7.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.10.5",children:"v2.10.5"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.10.1",children:"v1.10.1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.15.9",children:"v0.15.9"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.26",children:"v0.0.26"})})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"/release-notes/v1.29.X#release-v1292k3s1",children:"v1.29.2+k3s1"})}),(0,r.jsx)(s.td,{children:"Feb 29 2024"}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1292",children:"v1.29.2"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.11.4",children:"v0.11.4"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_44_0.html",children:"3.44.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.9-k3s1",children:"v3.5.9-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.7.11-k3s2",children:"v1.7.11-k3s2"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/runc/releases/tag/v1.1.12-k3s1",children:"v1.1.12-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.24.2",children:"v0.24.2"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.3",children:"v0.6.3"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.10.5",children:"v2.10.5"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.10.1",children:"v1.10.1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.15.8",children:"v0.15.8"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.26",children:"v0.0.26"})})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"/release-notes/v1.29.X#release-v1291k3s2",children:"v1.29.1+k3s2"})}),(0,r.jsx)(s.td,{children:"Feb 06 2024"}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1291",children:"v1.29.1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.11.0",children:"v0.11.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_42_0.html",children:"3.42.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.9-k3s1",children:"v3.5.9-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.7.11-k3s2",children:"v1.7.11-k3s2"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.12-k3s1",children:"v1.1.12-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.24.0",children:"v0.24.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.3",children:"v0.6.3"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.10.5",children:"v2.10.5"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.10.1",children:"v1.10.1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.15.8",children:"v0.15.8"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.24",children:"v0.0.24"})})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"/release-notes/v1.29.X#release-v1290k3s1",children:"v1.29.0+k3s1"})}),(0,r.jsx)(s.td,{children:"Dec 22 2023"}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1290",children:"v1.29.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.11.0",children:"v0.11.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_42_0.html",children:"3.42.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.9-k3s1",children:"v3.5.9-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.7.11-k3s2",children:"v1.7.11-k3s2"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.10",children:"v1.1.10"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.24.0",children:"v0.24.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.3",children:"v0.6.3"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.10.5",children:"v2.10.5"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.10.1",children:"v1.10.1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.15.4",children:"v0.15.4"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.24",children:"v0.0.24"})})]})]})]}),"\n",(0,r.jsx)("br",{}),"\n",(0,r.jsxs)(s.h2,{id:"release-v1297k3s1",children:["Release ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/releases/tag/v1.29.7+k3s1",children:"v1.29.7+k3s1"})]}),"\n",(0,r.jsx)(s.p,{children:"This release updates Kubernetes to v1.29.7, and fixes a number of issues."}),"\n",(0,r.jsxs)(s.p,{children:["For more details on what's new, see the ",(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#changelog-since-v1296",children:"Kubernetes release notes"}),"."]}),"\n",(0,r.jsx)(s.h3,{id:"changes-since-v1296k3s2",children:"Changes since v1.29.6+k3s2:"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["Backports for 2024-07 release cycle ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10498",children:"(#10498)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"Bump k3s-root to v0.14.0"}),"\n",(0,r.jsx)(s.li,{children:"Bump github.com/hashicorp/go-retryablehttp from 0.7.4 to 0.7.7"}),"\n",(0,r.jsx)(s.li,{children:"Bump Local Path Provisioner version"}),"\n",(0,r.jsx)(s.li,{children:"Ensure remotedialer kubelet connections use kubelet bind address"}),"\n",(0,r.jsx)(s.li,{children:"Chore: Bump Trivy version"}),"\n",(0,r.jsx)(s.li,{children:"Add etcd s3 config secret implementation"}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["July Test Backports ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10508",children:"(#10508)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update to v1.29.7-k3s1 and Go 1.22.5 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10539",children:"(#10539)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix issues loading data-dir value from env vars or dropping config files ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10597",children:"(#10597)"})]}),"\n"]}),"\n",(0,r.jsx)(s.hr,{}),"\n",(0,r.jsxs)(s.h2,{id:"release-v1296k3s2",children:["Release ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/releases/tag/v1.29.6+k3s2",children:"v1.29.6+k3s2"})]}),"\n",(0,r.jsx)(s.p,{children:"This release updates Kubernetes to v1.29.6, and fixes a number of issues."}),"\n",(0,r.jsxs)(s.p,{children:["For more details on what's new, see the ",(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#changelog-since-v1296",children:"Kubernetes release notes"}),"."]}),"\n",(0,r.jsx)(s.h3,{id:"changes-since-v1296k3s1",children:"Changes since v1.29.6+k3s1:"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["Update flannel to v0.25.4 and fixed issue with IPv6 mask ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10427",children:"(#10427)"})]}),"\n"]}),"\n",(0,r.jsx)(s.hr,{}),"\n",(0,r.jsxs)(s.h2,{id:"release-v1296k3s1",children:["Release ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/releases/tag/v1.29.6+k3s1",children:"v1.29.6+k3s1"})]}),"\n",(0,r.jsx)(s.p,{children:"This release updates Kubernetes to v1.29.6, and fixes a number of issues."}),"\n",(0,r.jsxs)(s.p,{children:["For more details on what's new, see the ",(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#changelog-since-v1295",children:"Kubernetes release notes"}),"."]}),"\n",(0,r.jsx)(s.h3,{id:"changes-since-v1295k3s1",children:"Changes since v1.29.5+k3s1:"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["Fix bug when using tailscale config by file ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10142",children:"(#10142)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump flannel version to v0.25.2 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10220",children:"(#10220)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update kube-router version to v2.1.2 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10181",children:"(#10181)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Improve tailscale test & add extra log in e2e tests ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10212",children:"(#10212)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Backports for 2024-06 release cycle ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10249",children:"(#10249)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"Add WithSkipMissing to not fail import on missing blobs"}),"\n",(0,r.jsx)(s.li,{children:"Use fixed stream server bind address for cri-dockerd"}),"\n",(0,r.jsx)(s.li,{children:"Switch stargz over to cri registry config_path"}),"\n",(0,r.jsx)(s.li,{children:"Bump to containerd v1.7.17, etcd v3.5.13"}),"\n",(0,r.jsx)(s.li,{children:"Bump spegel version"}),"\n",(0,r.jsx)(s.li,{children:"Fix issue with externalTrafficPolicy: Local for single-stack services on dual-stack nodes"}),"\n",(0,r.jsxs)(s.li,{children:["ServiceLB now sets the priorityClassName on svclb pods to ",(0,r.jsx)(s.code,{children:"system-node-critical"})," by default. This can be overridden on a per-service basis via the ",(0,r.jsx)(s.code,{children:"svccontroller.k3s.cattle.io/priorityclassname"})," annotation."]}),"\n",(0,r.jsx)(s.li,{children:"Bump minio-go to v7.0.70"}),"\n",(0,r.jsx)(s.li,{children:"Bump kine to v0.11.9 to fix pagination"}),"\n",(0,r.jsx)(s.li,{children:"Update valid resolv conf"}),"\n",(0,r.jsx)(s.li,{children:"Add missing kernel config check"}),"\n",(0,r.jsx)(s.li,{children:"Symlinked sub-directories are now respected when scanning Auto-Deploying Manifests (AddOns)"}),"\n",(0,r.jsx)(s.li,{children:"Fix bug: allow helm controller set owner reference"}),"\n",(0,r.jsx)(s.li,{children:"Bump klipper-helm image for tls secret support"}),"\n",(0,r.jsx)(s.li,{children:"Fix issue with k3s-etcd informers not starting"}),"\n",(0,r.jsxs)(s.li,{children:[(0,r.jsx)(s.code,{children:"--Enable-pprof"})," can now be set on agents to enable the debug/pprof endpoints. When set, agents will listen on the supervisor port."]}),"\n",(0,r.jsxs)(s.li,{children:[(0,r.jsx)(s.code,{children:"--Supervisor-metrics"})," can now be set on servers to enable serving internal metrics on the supervisor endpoint; when set agents will listen on the supervisor port."]}),"\n",(0,r.jsx)(s.li,{children:"Fix netpol crash when node remains tainted uninitialized"}),"\n",(0,r.jsx)(s.li,{children:"The embedded load-balancer will now fall back to trying all servers with health-checks ignored, if all servers have been marked unavailable due to failed health checks."}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["More backports for 2024-06 release cycle ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10288",children:"(#10288)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add snapshot retention etcd-s3-folder fix ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10316",children:"(#10316)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add test for ",(0,r.jsx)(s.code,{children:"isValidResolvConf"})," (#10302) ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10329",children:"(#10329)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix race condition panic in loadbalancer.nextServer ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10322",children:"(#10322)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix typo, use ",(0,r.jsx)(s.code,{children:"rancher/permissions"})," ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10298",children:"(#10298)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Expand GHA go caching to include newest release branch ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10334",children:"(#10334)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update Kubernetes to v1.29.6 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10348",children:"(#10348)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix agent supervisor port using apiserver port instead ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10354",children:"(#10354)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix issue that allowed multiple simultaneous snapshots to be allowed ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10376",children:"(#10376)"})]}),"\n"]}),"\n",(0,r.jsx)(s.hr,{}),"\n",(0,r.jsxs)(s.h2,{id:"release-v1295k3s1",children:["Release ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/releases/tag/v1.29.5+k3s1",children:"v1.29.5+k3s1"})]}),"\n",(0,r.jsx)(s.p,{children:"This release updates Kubernetes to v1.29.5, and fixes a number of issues."}),"\n",(0,r.jsxs)(s.p,{children:["For more details on what's new, see the ",(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#changelog-since-v1294",children:"Kubernetes release notes"}),"."]}),"\n",(0,r.jsx)(s.h3,{id:"changes-since-v1294k3s1",children:"Changes since v1.29.4+k3s1:"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["Update stable channel to v1.29.4+k3s1 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10031",children:"(#10031)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add E2E Split Server to Drone, support parallel testing in Drone ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9940",children:"(#9940)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump E2E opensuse leap to 15.6, fix btrfs test ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10057",children:"(#10057)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Replace deprecated ruby function ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10091",children:"(#10091)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Set correct release channel for e2e upgrade test ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10106",children:"(#10106)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Windows changes ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10115",children:"(#10115)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update to v1.29.5-k3s1 and Go 1.21.9 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10108",children:"(#10108)"})]}),"\n"]}),"\n",(0,r.jsx)(s.hr,{}),"\n",(0,r.jsxs)(s.h2,{id:"release-v1294k3s1",children:["Release ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/releases/tag/v1.29.4+k3s1",children:"v1.29.4+k3s1"})]}),"\n",(0,r.jsx)(s.p,{children:"This release updates Kubernetes to v1.29.4, and fixes a number of issues."}),"\n",(0,r.jsxs)(s.p,{children:["For more details on what's new, see the ",(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#changelog-since-v1293",children:"Kubernetes release notes"}),"."]}),"\n",(0,r.jsx)(s.h3,{id:"changes-since-v1293k3s1",children:"Changes since v1.29.3+k3s1:"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["Send error response if member list cannot be retrieved ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9722",children:"(#9722)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Respect cloud-provider fields set by kubelet ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9721",children:"(#9721)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"The k3s stub cloud provider now respects the kubelet's requested provider-id, instance type, and topology labels"}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Fix error when image has already been pulled ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9770",children:"(#9770)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add a new error when kine is with disable apiserver or disable etcd ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9766",children:"(#9766)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump k3s-root to v0.13.0 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9718",children:"(#9718)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Use ubuntu latest for better golang caching keys ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9711",children:"(#9711)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump Trivy version ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9780",children:"(#9780)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Move to ubuntu 23.10 for E2E tests ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9755",children:"(#9755)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update channel server ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9808",children:"(#9808)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add /etc/passwd and /etc/group to k3s docker image ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9784",children:"(#9784)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix etcd snapshot reconcile for agentless servers ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9809",children:"(#9809)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add health-check support to loadbalancer ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9757",children:"(#9757)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add tls for kine ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9572",children:"(#9572)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"Kine is now able to use TLS"}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Transition from deprecated pointer library to ptr ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9801",children:"(#9801)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Remove old pinned dependencies ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9806",children:"(#9806)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Several E2E Matrix improvements ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9802",children:"(#9802)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add certificate expiry check, events, and metrics ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9772",children:"(#9772)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add updatecli policy to update k3s-root ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9844",children:"(#9844)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump Trivy version ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9840",children:"(#9840)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add workaround for containerd hosts.toml bug when passing config for default registry endpoint ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9853",children:"(#9853)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix: agent volume in example docker compose ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9838",children:"(#9838)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump spegel to v0.0.20-k3s1 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9863",children:"(#9863)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add supervisor cert/key to rotate list ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9832",children:"(#9832)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add quotes to avoid useless updatecli updates ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9877",children:"(#9877)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump containerd and cri-dockerd ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9886",children:"(#9886)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"The embedded containerd has been bumped to v1.7.15"}),"\n",(0,r.jsx)(s.li,{children:"The embedded cri-dockerd has been bumped to v0.3.12"}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Move etcd snapshot management CLI to request/response ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9816",children:"(#9816)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["The ",(0,r.jsx)(s.code,{children:"k3s etcd-snapshot"})," command has been reworked for improved consistency. All snapshots operations are now performed by the server process, with the CLI acting as a client to initiate and report results. As a side effect, the CLI is now less noisy when managing snapshots."]}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Improve etcd load-balancer startup behavior ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9883",children:"(#9883)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Actually fix agent certificate rotation ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9902",children:"(#9902)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump latest to v1.29.3+k3s1 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9909",children:"(#9909)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update packaged manifests ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9920",children:"(#9920)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"Traefik has been bumped to v2.10.7."}),"\n",(0,r.jsx)(s.li,{children:"Traefik pod annotations are now set properly in the default chart values."}),"\n",(0,r.jsx)(s.li,{children:"The system-default-registry value now supports RFC2732 IPv6 literals."}),"\n",(0,r.jsxs)(s.li,{children:["The local-path provisioner now defaults to creating ",(0,r.jsx)(s.code,{children:"local"})," volumes, instead of ",(0,r.jsx)(s.code,{children:"hostPath"}),"."]}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Allow Local path provisioner to read helper logs ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9835",children:"(#9835)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update kube-router to v2.1.0 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9926",children:"(#9926)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Match setup-go caching key in GitHub Actions ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9890",children:"(#9890)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add startup testlet on preloaded images ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9941",children:"(#9941)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update to v1.29.4-k3s1 and Go 1.21.9 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9960",children:"(#9960)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix on-demand snapshots timing out; not honoring folder ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9984",children:"(#9984)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Make ",(0,r.jsx)(s.code,{children:"/db/info"})," available anonymously from localhost ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10001",children:"(#10001)"})]}),"\n"]}),"\n",(0,r.jsx)(s.hr,{}),"\n",(0,r.jsxs)(s.h2,{id:"release-v1293k3s1",children:["Release ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/releases/tag/v1.29.3+k3s1",children:"v1.29.3+k3s1"})]}),"\n",(0,r.jsx)(s.p,{children:"This release updates Kubernetes to v1.29.3, and fixes a number of issues."}),"\n",(0,r.jsxs)(s.p,{children:["For more details on what's new, see the ",(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#changelog-since-v1292",children:"Kubernetes release notes"}),"."]}),"\n",(0,r.jsx)(s.h3,{id:"changes-since-v1292k3s1",children:"Changes since v1.29.2+k3s1:"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["Testing ADR ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9562",children:"(#9562)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Unit Testing Matrix and Actions bump ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9479",children:"(#9479)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update install test OS matrix ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9480",children:"(#9480)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update klipper-lb image version ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9488",children:"(#9488)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add an integration test for flannel-backend=none ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9582",children:"(#9582)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Better GitHub CI caching strategy for golang ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9495",children:"(#9495)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Correct formatting of GH PR sha256sum artifact ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9472",children:"(#9472)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Rootless mode also bind service nodePort to host for LoadBalancer type ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9512",children:"(#9512)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"Rootless mode should also bind service nodePort to host for LoadBalancer type, matching UX of rootful mode."}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Fix coredns NodeHosts on dual-stack clusters ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9584",children:"(#9584)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Tweak netpol node wait logs ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9581",children:"(#9581)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix issue with etcd node name missing hostname ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9522",children:"(#9522)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump helm-controller/klipper-helm versions ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9595",children:"(#9595)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update stable channel to v1.28.7+k3s1 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9615",children:"(#9615)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Reenable Install and Snapshotter Testing ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9601",children:"(#9601)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Move docker tests into tests folder ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9555",children:"(#9555)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix setup-go typo ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9634",children:"(#9634)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix additional corner cases in registries handling ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9556",children:"(#9556)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix snapshot prune ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9502",children:"(#9502)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Use and version flannel/cni-plugin properly ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9635",children:"(#9635)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"The embedded flannel cni-plugin binary is now built and versioned separate from the rest of the cni plugins and the embedded flannel controller."}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Bump spegel ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9599",children:"(#9599)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"Bump spegel to v0.0.18-k3s3"}),"\n",(0,r.jsx)(s.li,{children:"Adds wildcard registry support"}),"\n",(0,r.jsx)(s.li,{children:"Fixes issue with excessive CPU utilization while waiting for containerd to start"}),"\n",(0,r.jsx)(s.li,{children:"Add env var to allow spegel mirroring of latest tag"}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Chore(deps): Remediating CVEs found by trivy; CVE-2023-45142 on otelrestful and CVE-2023-48795 on golang.org/x/crypto ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9513",children:"(#9513)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix: use correct wasm shims names ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9519",children:"(#9519)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix wildcard with embedded registry test ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9649",children:"(#9649)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Disable color outputs using ",(0,r.jsx)(s.code,{children:"NO_COLOR"})," env var ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9357",children:"(#9357)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["To enable raw output for the ",(0,r.jsx)(s.code,{children:"check-config"})," subcommand, you may now set NO_COLOR=1"]}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Improve tailscale e2e test ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9586",children:"(#9586)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Adjust first node-ip based on configured clusterCIDR ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9520",children:"(#9520)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump Trivy version ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9528",children:"(#9528)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Include flannel version in flannel cni plugin version ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9648",children:"(#9648)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"The flannel controller version is now reported as build metadata on the flannel cni plugin version."}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Enable E2E tests on GitHub Actions ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9660",children:"(#9660)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump metrics-server to v0.7.0 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9673",children:"(#9673)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump upload and download actions to v4 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9666",children:"(#9666)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Warn and suppress duplicate registry mirror endpoints ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9697",children:"(#9697)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"K3s will now warn and suppress duplicate entries in the mirror endpoint list for a registry. Containerd does not support listing the same endpoint multiple times as a mirror for a single upstream registry."}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Remove repetitive words ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9671",children:"(#9671)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Run Subset of Docker tests in GitHub Actions ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9698",children:"(#9698)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix wildcard entry upstream fallback ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9729",children:"(#9729)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update to v1.29.3-k3s1 and Go 1.21.8 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9747",children:"(#9747)"})]}),"\n"]}),"\n",(0,r.jsx)(s.hr,{}),"\n",(0,r.jsxs)(s.h2,{id:"release-v1292k3s1",children:["Release ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/releases/tag/v1.29.2+k3s1",children:"v1.29.2+k3s1"})]}),"\n",(0,r.jsx)(s.p,{children:"This release updates Kubernetes to v1.29.2, and fixes a number of issues."}),"\n",(0,r.jsxs)(s.p,{children:["For more details on what's new, see the ",(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#changelog-since-v1291",children:"Kubernetes release notes"}),"."]}),"\n",(0,r.jsx)(s.h3,{id:"changes-since-v1291k3s2",children:"Changes since v1.29.1+k3s2:"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["Bump Local Path Provisioner version ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8953",children:"(#8953)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add ability to install K3s PR Artifact from GitHub ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9185",children:"(#9185)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["Adds ",(0,r.jsx)(s.code,{children:"INSTALL_K3S_PR"})," option to install a build of K3s from any open PR with CI approval"]}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Bump Trivy version ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9237",children:"(#9237)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump codecov/codecov-action from 3 to 4 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9353",children:"(#9353)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update stable channel ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9388",children:"(#9388)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix snapshot reconcile retry ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9318",children:"(#9318)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add check for etcd-snapshot-dir and fix panic in Walk ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9317",children:"(#9317)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump CNI plugins to v1.4.0 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9249",children:"(#9249)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix issue with coredns node hosts controller ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9354",children:"(#9354)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"Fixed issue that could cause coredns pods to fail to start when the embedded helm controller is disabled, due to the configmap not being updated with node hosts entries."}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Fix on-demand snapshots on ipv6-only nodes ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9247",children:"(#9247)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump flannel version ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9395",children:"(#9395)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"Bumped flannel to v0.24.2"}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Build: Align drone base images ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8959",children:"(#8959)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Changed how lastHeartBeatTime works in the etcd condition ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9263",children:"(#9263)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Runtimes refactor using exec.LookPath ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9311",children:"(#9311)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"Directories containing runtimes need to be included in the $PATH environment variable for effective runtime detection."}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Bump cri-dockerd to fix compat with Docker Engine 25 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9290",children:"(#9290)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add codcov secret for integration tests on Push ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9422",children:"(#9422)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Allow executors to define ",(0,r.jsx)(s.code,{children:"containerd"})," and ",(0,r.jsx)(s.code,{children:"cridockerd"})," behavior ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9184",children:"(#9184)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update Kube-router to v2.0.1 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9396",children:"(#9396)"})]}),"\n",(0,r.jsxs)(s.li,{children:[": Test_UnitApplyContainerdQoSClassConfigFileIfPresent (Created) ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8945",children:"(#8945)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Readd ",(0,r.jsx)(s.code,{children:"k3s secrets-encrypt rotate-keys"})," with correct support for KMSv2 GA ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9340",children:"(#9340)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix iptables check when sbin isn't in user PATH ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9344",children:"(#9344)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Don't create NodePasswordValidationFailed event if agent is disabled ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9312",children:"(#9312)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["The ",(0,r.jsx)(s.code,{children:"NodePasswordValidationFailed"})," Events will no longer be emitted, if the agent is disabled."]}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Expose rootless state dir under ~/.rancher/k3s/rootless ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9308",children:"(#9308)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["When running k3s in rootless mode, expose rootlesskit's state directory as ",(0,r.jsx)(s.code,{children:"~/.rancher/k3s/rootless"})]}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Expose rootless containerd socket directories for external access ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9309",children:"(#9309)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["Mount k3s rootless containerd & cri-dockerd socket directories to ",(0,r.jsx)(s.code,{children:"$XDG_RUNTIME_DIR/k3s/containerd"})," and ",(0,r.jsx)(s.code,{children:"$XDG_RUNTIME_DIR/k3s/cri-dockerd"})," respectively."]}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Bump kine and set NotifyInterval to what the apiserver expects ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9349",children:"(#9349)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update Kubernetes to v1.29.2 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9493",children:"(#9493)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix drone publish for arm ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9503",children:"(#9503)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Remove failing Drone step ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9517",children:"(#9517)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Restore original order of agent startup functions ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9539",children:"(#9539)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix netpol startup when flannel is disabled ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9571",children:"(#9571)"})]}),"\n"]}),"\n",(0,r.jsx)(s.hr,{}),"\n",(0,r.jsxs)(s.h2,{id:"release-v1291k3s2",children:["Release ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/releases/tag/v1.29.1+k3s2",children:"v1.29.1+k3s2"})]}),"\n",(0,r.jsx)(s.p,{children:"This release updates Kubernetes to v1.29.1, and fixes a number of issues."}),"\n",(0,r.jsxs)(s.p,{children:["For more details on what's new, see the ",(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#changelog-since-v1290",children:"Kubernetes release notes"}),"."]}),"\n",(0,r.jsx)(s.p,{children:(0,r.jsx)(s.strong,{children:"Important Notes"})}),"\n",(0,r.jsxs)(s.p,{children:["Addresses the runc CVE: ",(0,r.jsx)(s.a,{href:"https://nvd.nist.gov/vuln/detail/CVE-2024-21626",children:"CVE-2024-21626"})," by updating runc to v1.1.12."]}),"\n",(0,r.jsx)(s.h3,{id:"changes-since-v1290k3s1",children:"Changes since v1.29.0+k3s1:"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["Bump Sonobuoy version ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8910",children:"(#8910)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump actions/setup-go from 4 to 5 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9036",children:"(#9036)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Chore: Update Code of Conduct to Redirect to CNCF CoC ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9104",children:"(#9104)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"NONE"}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Update stable channel to v1.28.5+k3s1 and add v1.29 channel ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9110",children:"(#9110)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Added support for env *_PROXY variables for agent loadbalancer ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9070",children:"(#9070)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"HTTP_PROXY, HTTPS_PROXY and NO_PROXY environment variables are now taken into account by the agent loadbalancer if K3S_AGENT_HTTP_PROXY_ALLOWED env variable is set to true."}),"\n",(0,r.jsxs)(s.li,{children:["This however doesn't affect local requests as the function used prevents that: ",(0,r.jsx)(s.a,{href:"https://pkg.go.dev/net/http#ProxyFromEnvironment",children:"https://pkg.go.dev/net/http#ProxyFromEnvironment"}),"."]}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Add a retry around updating a secrets-encrypt node annotations ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9039",children:"(#9039)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Silence SELinux warning on INSTALL_K3S_SKIP_SELINUX_RPM ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8703",children:"(#8703)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add ServiceLB support for PodHostIPs FeatureGate ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8917",children:"(#8917)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Added support for env *_PROXY variables for agent loadbalancer ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9118",children:"(#9118)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Redirect error stream to null when checking nm-cloud systemd unit ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8815",children:"(#8815)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:'Remove confusing "nm-cloud-setup.service: No such file or directory" journalctl log'}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Dockerfile.dapper: set $HOME properly ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9090",children:"(#9090)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add system-agent-installer-k3s step to GA release instructions ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9153",children:"(#9153)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix install script checksum ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9159",children:"(#9159)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix the OTHER etcd snapshot s3 log message that prints the wrong variable ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8944",children:"(#8944)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Handle logging flags when parsing kube-proxy args ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8916",children:"(#8916)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix nil map in full snapshot configmap reconcile ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9049",children:"(#9049)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add support for containerd cri registry config_path ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8973",children:"(#8973)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add more paths to crun runtime detection ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9086",children:"(#9086)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add runtime checking of golang version ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9054",children:"(#9054)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix OS PRETTY_NAME on tagged releases ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9062",children:"(#9062)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Print error when downloading file error inside install script ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/6874",children:"(#6874)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Wait for cloud-provider taint to be gone before starting the netpol controller ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9076",children:"(#9076)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump Trivy version ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8812",children:"(#8812)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Use ",(0,r.jsx)(s.code,{children:"ipFamilyPolicy: RequireDualStack"})," for dual-stack kube-dns ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8984",children:"(#8984)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Handle etcd status condition when node is not ready and disable etcd ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9084",children:"(#9084)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update s3 e2e test ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9025",children:"(#9025)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add e2e startup test for rootless k3s ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8383",children:"(#8383)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add spegel distributed registry mirror ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8977",children:"(#8977)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump quic-go for CVE-2023-49295 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9208",children:"(#9208)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Enable network policy controller metrics ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9195",children:"(#9195)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"Kube-router network policy controller metrics are now exposed via the default node metrics endpoint"}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Fix nonexistent dependency repositories ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9213",children:"(#9213)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Move proxy dialer out of init() and fix crash when using ",(0,r.jsx)(s.code,{children:"K3S_AGENT_HTTP_PROXY_ALLOWED=true"})," ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9219",children:"(#9219)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Error getting node in setEtcdStatusCondition ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9210",children:"(#9210)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update to v1.29.1 and Go 1.21.6 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9259",children:"(#9259)"})]}),"\n",(0,r.jsxs)(s.li,{children:["New stale action ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9278",children:"(#9278)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix handling of bare hostname or IP as endpoint address in registries.yaml ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9323",children:"(#9323)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump runc to v1.1.12 and helm-controller to v0.15.7 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9332",children:"(#9332)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump helm-controller to fix issue with ChartContent ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9345",children:"(#9345)"})]}),"\n"]}),"\n",(0,r.jsx)(s.hr,{}),"\n",(0,r.jsxs)(s.h2,{id:"release-v1290k3s1",children:["Release ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/releases/tag/v1.29.0+k3s1",children:"v1.29.0+k3s1"})]}),"\n",(0,r.jsx)(s.p,{children:"This release is K3S's first in the v1.29 line. This release updates Kubernetes to v1.29.0."}),"\n",(0,r.jsxs)(s.p,{children:["Before upgrading from earlier releases, be sure to read the Kubernetes ",(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#urgent-upgrade-notes",children:"Urgent Upgrade Notes"}),"."]}),"\n",(0,r.jsx)(s.admonition,{title:"Important",type:"warning",children:(0,r.jsxs)(s.p,{children:["This release removes the experimental ",(0,r.jsx)(s.code,{children:"rotate-keys"})," subcommand due to changes in Kubernetes upstream for ",(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/issues/117728",children:"KMSv2"}),", the subcommand should be added back in future releases."]})}),"\n",(0,r.jsx)(s.admonition,{title:"Important",type:"warning",children:(0,r.jsxs)(s.p,{children:["This release also removes the ",(0,r.jsx)(s.code,{children:"multi-cluster-cidr"})," flag, since the support for this alpha feature has been removed completely from ",(0,r.jsx)(s.a,{href:"https://groups.google.com/g/kubernetes-sig-network/c/nts1xEZ--gQ/m/2aTOUNFFAAAJ",children:"Kubernetes upstream"}),", this flag should be removed from the configuration before upgrade."]})}),"\n",(0,r.jsx)(s.h3,{id:"changes-since-v1284k3s2",children:"Changes since v1.28.4+k3s2:"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["Fix overlapping address range ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8913",children:"(#8913)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Modify CONTRIBUTING.md guide ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8954",children:"(#8954)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Nov 2023 stable channel update ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9022",children:"(#9022)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Default runtime and runtime classes for wasm/nvidia/crun ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8936",children:"(#8936)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"Added runtime classes for wasm/nvidia/crun"}),"\n",(0,r.jsx)(s.li,{children:"Added default runtime flag for containerd"}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Bump containerd/runc to v1.7.10-k3s1/v1.1.10 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8962",children:"(#8962)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Allow setting default-runtime on servers ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9027",children:"(#9027)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump containerd to v1.7.11 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9040",children:"(#9040)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Remove GA feature-gates ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8970",children:"(#8970)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Only publish to code_cov on merged E2E builds ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9051",children:"(#9051)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update Kubernetes to v1.29.0+k3s1 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9052",children:"(#9052)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update flannel to v0.24.0 and remove multiclustercidr flag ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9075",children:"(#9075)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Remove rotate-keys subcommand ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9079",children:"(#9079)"})]}),"\n"]}),"\n",(0,r.jsx)(s.hr,{})]})}function a(e={}){const{wrapper:s}={...(0,t.a)(),...e.components};return s?(0,r.jsx)(s,{...e,children:(0,r.jsx)(d,{...e})}):d(e)}},1151:(e,s,i)=>{i.d(s,{Z:()=>h,a:()=>l});var r=i(7294);const t={},n=r.createContext(t);function l(e){const s=r.useContext(n);return r.useMemo((function(){return"function"==typeof e?e(s):{...s,...e}}),[s,e])}function h(e){let s;return s=e.disableParentContext?"function"==typeof e.components?e.components(t):e.components||t:l(e.components),r.createElement(n.Provider,{value:s},e.children)}}}]);
\ No newline at end of file
+"use strict";(self.webpackChunkk_3_s_docs=self.webpackChunkk_3_s_docs||[]).push([[2409],{2714:(e,s,i)=>{i.r(s),i.d(s,{assets:()=>c,contentTitle:()=>l,default:()=>a,frontMatter:()=>n,metadata:()=>h,toc:()=>o});var r=i(5893),t=i(1151);const n={hide_table_of_contents:!0,sidebar_position:2},l="v1.29.X",h={id:"release-notes/v1.29.X",title:"v1.29.X",description:"Before upgrading from earlier releases, be sure to read the Kubernetes Urgent Upgrade Notes.",source:"@site/docs/release-notes/v1.29.X.md",sourceDirName:"release-notes",slug:"/release-notes/v1.29.X",permalink:"/release-notes/v1.29.X",draft:!1,unlisted:!1,editUrl:"https://github.com/k3s-io/docs/edit/main/docs/release-notes/v1.29.X.md",tags:[],version:"current",lastUpdatedAt:1723747404e3,sidebarPosition:2,frontMatter:{hide_table_of_contents:!0,sidebar_position:2},sidebar:"mySidebar",previous:{title:"v1.30.X",permalink:"/release-notes/v1.30.X"},next:{title:"v1.28.X",permalink:"/release-notes/v1.28.X"}},c={},o=[{value:"Release v1.29.7+k3s1",id:"release-v1297k3s1",level:2},{value:"Changes since v1.29.6+k3s2:",id:"changes-since-v1296k3s2",level:3},{value:"Release v1.29.6+k3s2",id:"release-v1296k3s2",level:2},{value:"Changes since v1.29.6+k3s1:",id:"changes-since-v1296k3s1",level:3},{value:"Release v1.29.6+k3s1",id:"release-v1296k3s1",level:2},{value:"Changes since v1.29.5+k3s1:",id:"changes-since-v1295k3s1",level:3},{value:"Release v1.29.5+k3s1",id:"release-v1295k3s1",level:2},{value:"Changes since v1.29.4+k3s1:",id:"changes-since-v1294k3s1",level:3},{value:"Release v1.29.4+k3s1",id:"release-v1294k3s1",level:2},{value:"Changes since v1.29.3+k3s1:",id:"changes-since-v1293k3s1",level:3},{value:"Release v1.29.3+k3s1",id:"release-v1293k3s1",level:2},{value:"Changes since v1.29.2+k3s1:",id:"changes-since-v1292k3s1",level:3},{value:"Release v1.29.2+k3s1",id:"release-v1292k3s1",level:2},{value:"Changes since v1.29.1+k3s2:",id:"changes-since-v1291k3s2",level:3},{value:"Release v1.29.1+k3s2",id:"release-v1291k3s2",level:2},{value:"Changes since v1.29.0+k3s1:",id:"changes-since-v1290k3s1",level:3},{value:"Release v1.29.0+k3s1",id:"release-v1290k3s1",level:2},{value:"Changes since v1.28.4+k3s2:",id:"changes-since-v1284k3s2",level:3}];function d(e){const s={a:"a",admonition:"admonition",code:"code",h1:"h1",h2:"h2",h3:"h3",header:"header",hr:"hr",li:"li",p:"p",strong:"strong",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",ul:"ul",...(0,t.a)(),...e.components};return(0,r.jsxs)(r.Fragment,{children:[(0,r.jsx)(s.header,{children:(0,r.jsx)(s.h1,{id:"v129x",children:"v1.29.X"})}),"\n",(0,r.jsx)(s.admonition,{title:"Upgrade Notice",type:"warning",children:(0,r.jsxs)(s.p,{children:["Before upgrading from earlier releases, be sure to read the Kubernetes ",(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#urgent-upgrade-notes",children:"Urgent Upgrade Notes"}),"."]})}),"\n",(0,r.jsxs)(s.table,{children:[(0,r.jsx)(s.thead,{children:(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.th,{children:"Version"}),(0,r.jsx)(s.th,{children:"Release date"}),(0,r.jsx)(s.th,{children:"Kubernetes"}),(0,r.jsx)(s.th,{children:"Kine"}),(0,r.jsx)(s.th,{children:"SQLite"}),(0,r.jsx)(s.th,{children:"Etcd"}),(0,r.jsx)(s.th,{children:"Containerd"}),(0,r.jsx)(s.th,{children:"Runc"}),(0,r.jsx)(s.th,{children:"Flannel"}),(0,r.jsx)(s.th,{children:"Metrics-server"}),(0,r.jsx)(s.th,{children:"Traefik"}),(0,r.jsx)(s.th,{children:"CoreDNS"}),(0,r.jsx)(s.th,{children:"Helm-controller"}),(0,r.jsx)(s.th,{children:"Local-path-provisioner"})]})}),(0,r.jsxs)(s.tbody,{children:[(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"/release-notes/v1.29.X#release-v1297k3s1",children:"v1.29.7+k3s1"})}),(0,r.jsx)(s.td,{children:"Jul 31 2024"}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1297",children:"v1.29.7"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.11.11",children:"v0.11.11"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_44_0.html",children:"3.44.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.13-k3s1",children:"v3.5.13-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.7.17-k3s1",children:"v1.7.17-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.12",children:"v1.1.12"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.25.4",children:"v0.25.4"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.7.0",children:"v0.7.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.10.7",children:"v2.10.7"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.10.1",children:"v1.10.1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.15.10",children:"v0.15.10"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.28",children:"v0.0.28"})})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"/release-notes/v1.29.X#release-v1296k3s2",children:"v1.29.6+k3s2"})}),(0,r.jsx)(s.td,{children:"Jul 03 2024"}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1296",children:"v1.29.6"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.11.9",children:"v0.11.9"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_44_0.html",children:"3.44.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.13-k3s1",children:"v3.5.13-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.7.17-k3s1",children:"v1.7.17-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.12",children:"v1.1.12-"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.25.4",children:"v0.25.4"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.7.0",children:"v0.7.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.10.7",children:"v2.10.7"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.10.1",children:"v1.10.1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.15.10",children:"v0.15.10"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.27",children:"v0.0.27"})})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"/release-notes/v1.29.X#release-v1296k3s1",children:"v1.29.6+k3s1"})}),(0,r.jsx)(s.td,{children:"Jun 25 2024"}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1296",children:"v1.29.6"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.11.9",children:"v0.11.9"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_44_0.html",children:"3.44.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.13-k3s1",children:"v3.5.13-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.7.17-k3s1",children:"v1.7.17-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.12",children:"v1.1.12"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.25.2",children:"v0.25.2"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.7.0",children:"v0.7.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.10.7",children:"v2.10.7"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.10.1",children:"v1.10.1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.15.10",children:"v0.15.10"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.27",children:"v0.0.27"})})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"/release-notes/v1.29.X#release-v1295k3s1",children:"v1.29.5+k3s1"})}),(0,r.jsx)(s.td,{children:"May 22 2024"}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1295",children:"v1.29.5"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.11.7",children:"v0.11.7"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_44_0.html",children:"3.44.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.9-k3s1",children:"v3.5.9-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.7.15-k3s1",children:"v1.7.15-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.12-k3s1",children:"v1.1.12-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.24.2",children:"v0.24.2"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.7.0",children:"v0.7.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.10.7",children:"v2.10.7"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.10.1",children:"v1.10.1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.15.9",children:"v0.15.9"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.26",children:"v0.0.26"})})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"/release-notes/v1.29.X#release-v1294k3s1",children:"v1.29.4+k3s1"})}),(0,r.jsx)(s.td,{children:"Apr 25 2024"}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1294",children:"v1.29.4"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.11.7",children:"v0.11.7"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_44_0.html",children:"3.44.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.9-k3s1",children:"v3.5.9-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.7.15-k3s1",children:"v1.7.15-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.12",children:"v1.1.12"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.24.2",children:"v0.24.2"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.7.0",children:"v0.7.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.10.7",children:"v2.10.7"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.10.1",children:"v1.10.1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.15.9",children:"v0.15.9"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.26",children:"v0.0.26"})})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"/release-notes/v1.29.X#release-v1293k3s1",children:"v1.29.3+k3s1"})}),(0,r.jsx)(s.td,{children:"Mar 25 2024"}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1293",children:"v1.29.3"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.11.4",children:"v0.11.4"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_44_0.html",children:"3.44.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.9-k3s1",children:"v3.5.9-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.7.11-k3s2",children:"v1.7.11-k3s2"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.12-k3s1",children:"v1.1.12-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.24.2",children:"v0.24.2"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.7.0",children:"v0.7.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.10.5",children:"v2.10.5"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.10.1",children:"v1.10.1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.15.9",children:"v0.15.9"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.26",children:"v0.0.26"})})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"/release-notes/v1.29.X#release-v1292k3s1",children:"v1.29.2+k3s1"})}),(0,r.jsx)(s.td,{children:"Feb 29 2024"}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1292",children:"v1.29.2"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.11.4",children:"v0.11.4"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_44_0.html",children:"3.44.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.9-k3s1",children:"v3.5.9-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.7.11-k3s2",children:"v1.7.11-k3s2"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/runc/releases/tag/v1.1.12-k3s1",children:"v1.1.12-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.24.2",children:"v0.24.2"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.3",children:"v0.6.3"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.10.5",children:"v2.10.5"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.10.1",children:"v1.10.1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.15.8",children:"v0.15.8"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.26",children:"v0.0.26"})})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"/release-notes/v1.29.X#release-v1291k3s2",children:"v1.29.1+k3s2"})}),(0,r.jsx)(s.td,{children:"Feb 06 2024"}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1291",children:"v1.29.1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.11.0",children:"v0.11.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_42_0.html",children:"3.42.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.9-k3s1",children:"v3.5.9-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.7.11-k3s2",children:"v1.7.11-k3s2"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.12-k3s1",children:"v1.1.12-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.24.0",children:"v0.24.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.3",children:"v0.6.3"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.10.5",children:"v2.10.5"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.10.1",children:"v1.10.1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.15.8",children:"v0.15.8"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.24",children:"v0.0.24"})})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"/release-notes/v1.29.X#release-v1290k3s1",children:"v1.29.0+k3s1"})}),(0,r.jsx)(s.td,{children:"Dec 22 2023"}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1290",children:"v1.29.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.11.0",children:"v0.11.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_42_0.html",children:"3.42.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.9-k3s1",children:"v3.5.9-k3s1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.7.11-k3s2",children:"v1.7.11-k3s2"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.10",children:"v1.1.10"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.24.0",children:"v0.24.0"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.3",children:"v0.6.3"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.10.5",children:"v2.10.5"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.10.1",children:"v1.10.1"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.15.4",children:"v0.15.4"})}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.24",children:"v0.0.24"})})]})]})]}),"\n",(0,r.jsx)("br",{}),"\n",(0,r.jsxs)(s.h2,{id:"release-v1297k3s1",children:["Release ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/releases/tag/v1.29.7+k3s1",children:"v1.29.7+k3s1"})]}),"\n",(0,r.jsx)(s.p,{children:"This release updates Kubernetes to v1.29.7, and fixes a number of issues."}),"\n",(0,r.jsxs)(s.p,{children:["For more details on what's new, see the ",(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#changelog-since-v1296",children:"Kubernetes release notes"}),"."]}),"\n",(0,r.jsx)(s.h3,{id:"changes-since-v1296k3s2",children:"Changes since v1.29.6+k3s2:"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["Backports for 2024-07 release cycle ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10498",children:"(#10498)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"Bump k3s-root to v0.14.0"}),"\n",(0,r.jsx)(s.li,{children:"Bump github.com/hashicorp/go-retryablehttp from 0.7.4 to 0.7.7"}),"\n",(0,r.jsx)(s.li,{children:"Bump Local Path Provisioner version"}),"\n",(0,r.jsx)(s.li,{children:"Ensure remotedialer kubelet connections use kubelet bind address"}),"\n",(0,r.jsx)(s.li,{children:"Chore: Bump Trivy version"}),"\n",(0,r.jsx)(s.li,{children:"Add etcd s3 config secret implementation"}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["July Test Backports ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10508",children:"(#10508)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update to v1.29.7-k3s1 and Go 1.22.5 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10539",children:"(#10539)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix issues loading data-dir value from env vars or dropping config files ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10597",children:"(#10597)"})]}),"\n"]}),"\n",(0,r.jsx)(s.hr,{}),"\n",(0,r.jsxs)(s.h2,{id:"release-v1296k3s2",children:["Release ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/releases/tag/v1.29.6+k3s2",children:"v1.29.6+k3s2"})]}),"\n",(0,r.jsx)(s.p,{children:"This release updates Kubernetes to v1.29.6, and fixes a number of issues."}),"\n",(0,r.jsxs)(s.p,{children:["For more details on what's new, see the ",(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#changelog-since-v1296",children:"Kubernetes release notes"}),"."]}),"\n",(0,r.jsx)(s.h3,{id:"changes-since-v1296k3s1",children:"Changes since v1.29.6+k3s1:"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["Update flannel to v0.25.4 and fixed issue with IPv6 mask ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10427",children:"(#10427)"})]}),"\n"]}),"\n",(0,r.jsx)(s.hr,{}),"\n",(0,r.jsxs)(s.h2,{id:"release-v1296k3s1",children:["Release ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/releases/tag/v1.29.6+k3s1",children:"v1.29.6+k3s1"})]}),"\n",(0,r.jsx)(s.p,{children:"This release updates Kubernetes to v1.29.6, and fixes a number of issues."}),"\n",(0,r.jsxs)(s.p,{children:["For more details on what's new, see the ",(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#changelog-since-v1295",children:"Kubernetes release notes"}),"."]}),"\n",(0,r.jsx)(s.h3,{id:"changes-since-v1295k3s1",children:"Changes since v1.29.5+k3s1:"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["Fix bug when using tailscale config by file ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10142",children:"(#10142)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump flannel version to v0.25.2 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10220",children:"(#10220)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update kube-router version to v2.1.2 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10181",children:"(#10181)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Improve tailscale test & add extra log in e2e tests ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10212",children:"(#10212)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Backports for 2024-06 release cycle ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10249",children:"(#10249)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"Add WithSkipMissing to not fail import on missing blobs"}),"\n",(0,r.jsx)(s.li,{children:"Use fixed stream server bind address for cri-dockerd"}),"\n",(0,r.jsx)(s.li,{children:"Switch stargz over to cri registry config_path"}),"\n",(0,r.jsx)(s.li,{children:"Bump to containerd v1.7.17, etcd v3.5.13"}),"\n",(0,r.jsx)(s.li,{children:"Bump spegel version"}),"\n",(0,r.jsx)(s.li,{children:"Fix issue with externalTrafficPolicy: Local for single-stack services on dual-stack nodes"}),"\n",(0,r.jsxs)(s.li,{children:["ServiceLB now sets the priorityClassName on svclb pods to ",(0,r.jsx)(s.code,{children:"system-node-critical"})," by default. This can be overridden on a per-service basis via the ",(0,r.jsx)(s.code,{children:"svccontroller.k3s.cattle.io/priorityclassname"})," annotation."]}),"\n",(0,r.jsx)(s.li,{children:"Bump minio-go to v7.0.70"}),"\n",(0,r.jsx)(s.li,{children:"Bump kine to v0.11.9 to fix pagination"}),"\n",(0,r.jsx)(s.li,{children:"Update valid resolv conf"}),"\n",(0,r.jsx)(s.li,{children:"Add missing kernel config check"}),"\n",(0,r.jsx)(s.li,{children:"Symlinked sub-directories are now respected when scanning Auto-Deploying Manifests (AddOns)"}),"\n",(0,r.jsx)(s.li,{children:"Fix bug: allow helm controller set owner reference"}),"\n",(0,r.jsx)(s.li,{children:"Bump klipper-helm image for tls secret support"}),"\n",(0,r.jsx)(s.li,{children:"Fix issue with k3s-etcd informers not starting"}),"\n",(0,r.jsxs)(s.li,{children:[(0,r.jsx)(s.code,{children:"--Enable-pprof"})," can now be set on agents to enable the debug/pprof endpoints. When set, agents will listen on the supervisor port."]}),"\n",(0,r.jsxs)(s.li,{children:[(0,r.jsx)(s.code,{children:"--Supervisor-metrics"})," can now be set on servers to enable serving internal metrics on the supervisor endpoint; when set agents will listen on the supervisor port."]}),"\n",(0,r.jsx)(s.li,{children:"Fix netpol crash when node remains tainted uninitialized"}),"\n",(0,r.jsx)(s.li,{children:"The embedded load-balancer will now fall back to trying all servers with health-checks ignored, if all servers have been marked unavailable due to failed health checks."}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["More backports for 2024-06 release cycle ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10288",children:"(#10288)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add snapshot retention etcd-s3-folder fix ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10316",children:"(#10316)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add test for ",(0,r.jsx)(s.code,{children:"isValidResolvConf"})," (#10302) ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10329",children:"(#10329)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix race condition panic in loadbalancer.nextServer ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10322",children:"(#10322)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix typo, use ",(0,r.jsx)(s.code,{children:"rancher/permissions"})," ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10298",children:"(#10298)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Expand GHA go caching to include newest release branch ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10334",children:"(#10334)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update Kubernetes to v1.29.6 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10348",children:"(#10348)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix agent supervisor port using apiserver port instead ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10354",children:"(#10354)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix issue that allowed multiple simultaneous snapshots to be allowed ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10376",children:"(#10376)"})]}),"\n"]}),"\n",(0,r.jsx)(s.hr,{}),"\n",(0,r.jsxs)(s.h2,{id:"release-v1295k3s1",children:["Release ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/releases/tag/v1.29.5+k3s1",children:"v1.29.5+k3s1"})]}),"\n",(0,r.jsx)(s.p,{children:"This release updates Kubernetes to v1.29.5, and fixes a number of issues."}),"\n",(0,r.jsxs)(s.p,{children:["For more details on what's new, see the ",(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#changelog-since-v1294",children:"Kubernetes release notes"}),"."]}),"\n",(0,r.jsx)(s.h3,{id:"changes-since-v1294k3s1",children:"Changes since v1.29.4+k3s1:"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["Update stable channel to v1.29.4+k3s1 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10031",children:"(#10031)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add E2E Split Server to Drone, support parallel testing in Drone ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9940",children:"(#9940)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump E2E opensuse leap to 15.6, fix btrfs test ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10057",children:"(#10057)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Replace deprecated ruby function ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10091",children:"(#10091)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Set correct release channel for e2e upgrade test ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10106",children:"(#10106)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Windows changes ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10115",children:"(#10115)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update to v1.29.5-k3s1 and Go 1.21.9 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10108",children:"(#10108)"})]}),"\n"]}),"\n",(0,r.jsx)(s.hr,{}),"\n",(0,r.jsxs)(s.h2,{id:"release-v1294k3s1",children:["Release ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/releases/tag/v1.29.4+k3s1",children:"v1.29.4+k3s1"})]}),"\n",(0,r.jsx)(s.p,{children:"This release updates Kubernetes to v1.29.4, and fixes a number of issues."}),"\n",(0,r.jsxs)(s.p,{children:["For more details on what's new, see the ",(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#changelog-since-v1293",children:"Kubernetes release notes"}),"."]}),"\n",(0,r.jsx)(s.h3,{id:"changes-since-v1293k3s1",children:"Changes since v1.29.3+k3s1:"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["Send error response if member list cannot be retrieved ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9722",children:"(#9722)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Respect cloud-provider fields set by kubelet ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9721",children:"(#9721)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"The k3s stub cloud provider now respects the kubelet's requested provider-id, instance type, and topology labels"}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Fix error when image has already been pulled ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9770",children:"(#9770)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add a new error when kine is with disable apiserver or disable etcd ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9766",children:"(#9766)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump k3s-root to v0.13.0 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9718",children:"(#9718)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Use ubuntu latest for better golang caching keys ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9711",children:"(#9711)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump Trivy version ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9780",children:"(#9780)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Move to ubuntu 23.10 for E2E tests ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9755",children:"(#9755)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update channel server ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9808",children:"(#9808)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add /etc/passwd and /etc/group to k3s docker image ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9784",children:"(#9784)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix etcd snapshot reconcile for agentless servers ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9809",children:"(#9809)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add health-check support to loadbalancer ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9757",children:"(#9757)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add tls for kine ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9572",children:"(#9572)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"Kine is now able to use TLS"}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Transition from deprecated pointer library to ptr ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9801",children:"(#9801)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Remove old pinned dependencies ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9806",children:"(#9806)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Several E2E Matrix improvements ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9802",children:"(#9802)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add certificate expiry check, events, and metrics ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9772",children:"(#9772)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add updatecli policy to update k3s-root ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9844",children:"(#9844)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump Trivy version ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9840",children:"(#9840)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add workaround for containerd hosts.toml bug when passing config for default registry endpoint ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9853",children:"(#9853)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix: agent volume in example docker compose ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9838",children:"(#9838)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump spegel to v0.0.20-k3s1 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9863",children:"(#9863)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add supervisor cert/key to rotate list ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9832",children:"(#9832)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add quotes to avoid useless updatecli updates ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9877",children:"(#9877)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump containerd and cri-dockerd ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9886",children:"(#9886)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"The embedded containerd has been bumped to v1.7.15"}),"\n",(0,r.jsx)(s.li,{children:"The embedded cri-dockerd has been bumped to v0.3.12"}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Move etcd snapshot management CLI to request/response ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9816",children:"(#9816)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["The ",(0,r.jsx)(s.code,{children:"k3s etcd-snapshot"})," command has been reworked for improved consistency. All snapshots operations are now performed by the server process, with the CLI acting as a client to initiate and report results. As a side effect, the CLI is now less noisy when managing snapshots."]}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Improve etcd load-balancer startup behavior ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9883",children:"(#9883)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Actually fix agent certificate rotation ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9902",children:"(#9902)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump latest to v1.29.3+k3s1 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9909",children:"(#9909)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update packaged manifests ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9920",children:"(#9920)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"Traefik has been bumped to v2.10.7."}),"\n",(0,r.jsx)(s.li,{children:"Traefik pod annotations are now set properly in the default chart values."}),"\n",(0,r.jsx)(s.li,{children:"The system-default-registry value now supports RFC2732 IPv6 literals."}),"\n",(0,r.jsxs)(s.li,{children:["The local-path provisioner now defaults to creating ",(0,r.jsx)(s.code,{children:"local"})," volumes, instead of ",(0,r.jsx)(s.code,{children:"hostPath"}),"."]}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Allow Local path provisioner to read helper logs ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9835",children:"(#9835)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update kube-router to v2.1.0 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9926",children:"(#9926)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Match setup-go caching key in GitHub Actions ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9890",children:"(#9890)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add startup testlet on preloaded images ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9941",children:"(#9941)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update to v1.29.4-k3s1 and Go 1.21.9 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9960",children:"(#9960)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix on-demand snapshots timing out; not honoring folder ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9984",children:"(#9984)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Make ",(0,r.jsx)(s.code,{children:"/db/info"})," available anonymously from localhost ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/10001",children:"(#10001)"})]}),"\n"]}),"\n",(0,r.jsx)(s.hr,{}),"\n",(0,r.jsxs)(s.h2,{id:"release-v1293k3s1",children:["Release ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/releases/tag/v1.29.3+k3s1",children:"v1.29.3+k3s1"})]}),"\n",(0,r.jsx)(s.p,{children:"This release updates Kubernetes to v1.29.3, and fixes a number of issues."}),"\n",(0,r.jsxs)(s.p,{children:["For more details on what's new, see the ",(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#changelog-since-v1292",children:"Kubernetes release notes"}),"."]}),"\n",(0,r.jsx)(s.h3,{id:"changes-since-v1292k3s1",children:"Changes since v1.29.2+k3s1:"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["Testing ADR ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9562",children:"(#9562)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Unit Testing Matrix and Actions bump ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9479",children:"(#9479)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update install test OS matrix ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9480",children:"(#9480)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update klipper-lb image version ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9488",children:"(#9488)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add an integration test for flannel-backend=none ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9582",children:"(#9582)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Better GitHub CI caching strategy for golang ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9495",children:"(#9495)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Correct formatting of GH PR sha256sum artifact ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9472",children:"(#9472)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Rootless mode also bind service nodePort to host for LoadBalancer type ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9512",children:"(#9512)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"Rootless mode should also bind service nodePort to host for LoadBalancer type, matching UX of rootful mode."}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Fix coredns NodeHosts on dual-stack clusters ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9584",children:"(#9584)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Tweak netpol node wait logs ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9581",children:"(#9581)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix issue with etcd node name missing hostname ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9522",children:"(#9522)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump helm-controller/klipper-helm versions ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9595",children:"(#9595)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update stable channel to v1.28.7+k3s1 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9615",children:"(#9615)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Reenable Install and Snapshotter Testing ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9601",children:"(#9601)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Move docker tests into tests folder ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9555",children:"(#9555)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix setup-go typo ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9634",children:"(#9634)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix additional corner cases in registries handling ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9556",children:"(#9556)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix snapshot prune ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9502",children:"(#9502)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Use and version flannel/cni-plugin properly ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9635",children:"(#9635)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"The embedded flannel cni-plugin binary is now built and versioned separate from the rest of the cni plugins and the embedded flannel controller."}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Bump spegel ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9599",children:"(#9599)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"Bump spegel to v0.0.18-k3s3"}),"\n",(0,r.jsx)(s.li,{children:"Adds wildcard registry support"}),"\n",(0,r.jsx)(s.li,{children:"Fixes issue with excessive CPU utilization while waiting for containerd to start"}),"\n",(0,r.jsx)(s.li,{children:"Add env var to allow spegel mirroring of latest tag"}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Chore(deps): Remediating CVEs found by trivy; CVE-2023-45142 on otelrestful and CVE-2023-48795 on golang.org/x/crypto ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9513",children:"(#9513)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix: use correct wasm shims names ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9519",children:"(#9519)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix wildcard with embedded registry test ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9649",children:"(#9649)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Disable color outputs using ",(0,r.jsx)(s.code,{children:"NO_COLOR"})," env var ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9357",children:"(#9357)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["To enable raw output for the ",(0,r.jsx)(s.code,{children:"check-config"})," subcommand, you may now set NO_COLOR=1"]}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Improve tailscale e2e test ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9586",children:"(#9586)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Adjust first node-ip based on configured clusterCIDR ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9520",children:"(#9520)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump Trivy version ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9528",children:"(#9528)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Include flannel version in flannel cni plugin version ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9648",children:"(#9648)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"The flannel controller version is now reported as build metadata on the flannel cni plugin version."}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Enable E2E tests on GitHub Actions ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9660",children:"(#9660)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump metrics-server to v0.7.0 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9673",children:"(#9673)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump upload and download actions to v4 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9666",children:"(#9666)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Warn and suppress duplicate registry mirror endpoints ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9697",children:"(#9697)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"K3s will now warn and suppress duplicate entries in the mirror endpoint list for a registry. Containerd does not support listing the same endpoint multiple times as a mirror for a single upstream registry."}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Remove repetitive words ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9671",children:"(#9671)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Run Subset of Docker tests in GitHub Actions ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9698",children:"(#9698)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix wildcard entry upstream fallback ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9729",children:"(#9729)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update to v1.29.3-k3s1 and Go 1.21.8 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9747",children:"(#9747)"})]}),"\n"]}),"\n",(0,r.jsx)(s.hr,{}),"\n",(0,r.jsxs)(s.h2,{id:"release-v1292k3s1",children:["Release ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/releases/tag/v1.29.2+k3s1",children:"v1.29.2+k3s1"})]}),"\n",(0,r.jsx)(s.p,{children:"This release updates Kubernetes to v1.29.2, and fixes a number of issues."}),"\n",(0,r.jsxs)(s.p,{children:["For more details on what's new, see the ",(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#changelog-since-v1291",children:"Kubernetes release notes"}),"."]}),"\n",(0,r.jsx)(s.h3,{id:"changes-since-v1291k3s2",children:"Changes since v1.29.1+k3s2:"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["Bump Local Path Provisioner version ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8953",children:"(#8953)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add ability to install K3s PR Artifact from GitHub ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9185",children:"(#9185)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["Adds ",(0,r.jsx)(s.code,{children:"INSTALL_K3S_PR"})," option to install a build of K3s from any open PR with CI approval"]}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Bump Trivy version ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9237",children:"(#9237)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump codecov/codecov-action from 3 to 4 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9353",children:"(#9353)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update stable channel ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9388",children:"(#9388)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix snapshot reconcile retry ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9318",children:"(#9318)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add check for etcd-snapshot-dir and fix panic in Walk ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9317",children:"(#9317)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump CNI plugins to v1.4.0 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9249",children:"(#9249)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix issue with coredns node hosts controller ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9354",children:"(#9354)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"Fixed issue that could cause coredns pods to fail to start when the embedded helm controller is disabled, due to the configmap not being updated with node hosts entries."}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Fix on-demand snapshots on ipv6-only nodes ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9247",children:"(#9247)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump flannel version ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9395",children:"(#9395)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"Bumped flannel to v0.24.2"}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Build: Align drone base images ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8959",children:"(#8959)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Changed how lastHeartBeatTime works in the etcd condition ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9263",children:"(#9263)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Runtimes refactor using exec.LookPath ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9311",children:"(#9311)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"Directories containing runtimes need to be included in the $PATH environment variable for effective runtime detection."}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Bump cri-dockerd to fix compat with Docker Engine 25 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9290",children:"(#9290)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add codcov secret for integration tests on Push ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9422",children:"(#9422)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Allow executors to define ",(0,r.jsx)(s.code,{children:"containerd"})," and ",(0,r.jsx)(s.code,{children:"cridockerd"})," behavior ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9184",children:"(#9184)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update Kube-router to v2.0.1 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9396",children:"(#9396)"})]}),"\n",(0,r.jsxs)(s.li,{children:[": Test_UnitApplyContainerdQoSClassConfigFileIfPresent (Created) ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8945",children:"(#8945)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Readd ",(0,r.jsx)(s.code,{children:"k3s secrets-encrypt rotate-keys"})," with correct support for KMSv2 GA ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9340",children:"(#9340)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix iptables check when sbin isn't in user PATH ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9344",children:"(#9344)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Don't create NodePasswordValidationFailed event if agent is disabled ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9312",children:"(#9312)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["The ",(0,r.jsx)(s.code,{children:"NodePasswordValidationFailed"})," Events will no longer be emitted, if the agent is disabled."]}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Expose rootless state dir under ~/.rancher/k3s/rootless ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9308",children:"(#9308)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["When running k3s in rootless mode, expose rootlesskit's state directory as ",(0,r.jsx)(s.code,{children:"~/.rancher/k3s/rootless"})]}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Expose rootless containerd socket directories for external access ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9309",children:"(#9309)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["Mount k3s rootless containerd & cri-dockerd socket directories to ",(0,r.jsx)(s.code,{children:"$XDG_RUNTIME_DIR/k3s/containerd"})," and ",(0,r.jsx)(s.code,{children:"$XDG_RUNTIME_DIR/k3s/cri-dockerd"})," respectively."]}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Bump kine and set NotifyInterval to what the apiserver expects ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9349",children:"(#9349)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update Kubernetes to v1.29.2 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9493",children:"(#9493)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix drone publish for arm ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9503",children:"(#9503)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Remove failing Drone step ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9517",children:"(#9517)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Restore original order of agent startup functions ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9539",children:"(#9539)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix netpol startup when flannel is disabled ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9571",children:"(#9571)"})]}),"\n"]}),"\n",(0,r.jsx)(s.hr,{}),"\n",(0,r.jsxs)(s.h2,{id:"release-v1291k3s2",children:["Release ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/releases/tag/v1.29.1+k3s2",children:"v1.29.1+k3s2"})]}),"\n",(0,r.jsx)(s.p,{children:"This release updates Kubernetes to v1.29.1, and fixes a number of issues."}),"\n",(0,r.jsxs)(s.p,{children:["For more details on what's new, see the ",(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#changelog-since-v1290",children:"Kubernetes release notes"}),"."]}),"\n",(0,r.jsx)(s.p,{children:(0,r.jsx)(s.strong,{children:"Important Notes"})}),"\n",(0,r.jsxs)(s.p,{children:["Addresses the runc CVE: ",(0,r.jsx)(s.a,{href:"https://nvd.nist.gov/vuln/detail/CVE-2024-21626",children:"CVE-2024-21626"})," by updating runc to v1.1.12."]}),"\n",(0,r.jsx)(s.h3,{id:"changes-since-v1290k3s1",children:"Changes since v1.29.0+k3s1:"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["Bump Sonobuoy version ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8910",children:"(#8910)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump actions/setup-go from 4 to 5 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9036",children:"(#9036)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Chore: Update Code of Conduct to Redirect to CNCF CoC ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9104",children:"(#9104)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"NONE"}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Update stable channel to v1.28.5+k3s1 and add v1.29 channel ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9110",children:"(#9110)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Added support for env *_PROXY variables for agent loadbalancer ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9070",children:"(#9070)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"HTTP_PROXY, HTTPS_PROXY and NO_PROXY environment variables are now taken into account by the agent loadbalancer if K3S_AGENT_HTTP_PROXY_ALLOWED env variable is set to true."}),"\n",(0,r.jsxs)(s.li,{children:["This however doesn't affect local requests as the function used prevents that: ",(0,r.jsx)(s.a,{href:"https://pkg.go.dev/net/http#ProxyFromEnvironment",children:"https://pkg.go.dev/net/http#ProxyFromEnvironment"}),"."]}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Add a retry around updating a secrets-encrypt node annotations ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9039",children:"(#9039)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Silence SELinux warning on INSTALL_K3S_SKIP_SELINUX_RPM ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8703",children:"(#8703)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add ServiceLB support for PodHostIPs FeatureGate ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8917",children:"(#8917)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Added support for env *_PROXY variables for agent loadbalancer ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9118",children:"(#9118)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Redirect error stream to null when checking nm-cloud systemd unit ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8815",children:"(#8815)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:'Remove confusing "nm-cloud-setup.service: No such file or directory" journalctl log'}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Dockerfile.dapper: set $HOME properly ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9090",children:"(#9090)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add system-agent-installer-k3s step to GA release instructions ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9153",children:"(#9153)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix install script checksum ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9159",children:"(#9159)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix the OTHER etcd snapshot s3 log message that prints the wrong variable ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8944",children:"(#8944)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Handle logging flags when parsing kube-proxy args ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8916",children:"(#8916)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix nil map in full snapshot configmap reconcile ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9049",children:"(#9049)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add support for containerd cri registry config_path ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8973",children:"(#8973)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add more paths to crun runtime detection ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9086",children:"(#9086)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add runtime checking of golang version ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9054",children:"(#9054)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix OS PRETTY_NAME on tagged releases ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9062",children:"(#9062)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Print error when downloading file error inside install script ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/6874",children:"(#6874)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Wait for cloud-provider taint to be gone before starting the netpol controller ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9076",children:"(#9076)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump Trivy version ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8812",children:"(#8812)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Use ",(0,r.jsx)(s.code,{children:"ipFamilyPolicy: RequireDualStack"})," for dual-stack kube-dns ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8984",children:"(#8984)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Handle etcd status condition when node is not ready and disable etcd ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9084",children:"(#9084)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update s3 e2e test ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9025",children:"(#9025)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add e2e startup test for rootless k3s ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8383",children:"(#8383)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Add spegel distributed registry mirror ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8977",children:"(#8977)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump quic-go for CVE-2023-49295 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9208",children:"(#9208)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Enable network policy controller metrics ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9195",children:"(#9195)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"Kube-router network policy controller metrics are now exposed via the default node metrics endpoint"}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Fix nonexistent dependency repositories ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9213",children:"(#9213)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Move proxy dialer out of init() and fix crash when using ",(0,r.jsx)(s.code,{children:"K3S_AGENT_HTTP_PROXY_ALLOWED=true"})," ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9219",children:"(#9219)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Error getting node in setEtcdStatusCondition ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9210",children:"(#9210)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update to v1.29.1 and Go 1.21.6 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9259",children:"(#9259)"})]}),"\n",(0,r.jsxs)(s.li,{children:["New stale action ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9278",children:"(#9278)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Fix handling of bare hostname or IP as endpoint address in registries.yaml ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9323",children:"(#9323)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump runc to v1.1.12 and helm-controller to v0.15.7 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9332",children:"(#9332)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump helm-controller to fix issue with ChartContent ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9345",children:"(#9345)"})]}),"\n"]}),"\n",(0,r.jsx)(s.hr,{}),"\n",(0,r.jsxs)(s.h2,{id:"release-v1290k3s1",children:["Release ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/releases/tag/v1.29.0+k3s1",children:"v1.29.0+k3s1"})]}),"\n",(0,r.jsx)(s.p,{children:"This release is K3S's first in the v1.29 line. This release updates Kubernetes to v1.29.0."}),"\n",(0,r.jsxs)(s.p,{children:["Before upgrading from earlier releases, be sure to read the Kubernetes ",(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#urgent-upgrade-notes",children:"Urgent Upgrade Notes"}),"."]}),"\n",(0,r.jsx)(s.admonition,{title:"Important",type:"warning",children:(0,r.jsxs)(s.p,{children:["This release removes the experimental ",(0,r.jsx)(s.code,{children:"rotate-keys"})," subcommand due to changes in Kubernetes upstream for ",(0,r.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/issues/117728",children:"KMSv2"}),", the subcommand should be added back in future releases."]})}),"\n",(0,r.jsx)(s.admonition,{title:"Important",type:"warning",children:(0,r.jsxs)(s.p,{children:["This release also removes the ",(0,r.jsx)(s.code,{children:"multi-cluster-cidr"})," flag, since the support for this alpha feature has been removed completely from ",(0,r.jsx)(s.a,{href:"https://groups.google.com/g/kubernetes-sig-network/c/nts1xEZ--gQ/m/2aTOUNFFAAAJ",children:"Kubernetes upstream"}),", this flag should be removed from the configuration before upgrade."]})}),"\n",(0,r.jsx)(s.h3,{id:"changes-since-v1284k3s2",children:"Changes since v1.28.4+k3s2:"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["Fix overlapping address range ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8913",children:"(#8913)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Modify CONTRIBUTING.md guide ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8954",children:"(#8954)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Nov 2023 stable channel update ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9022",children:"(#9022)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Default runtime and runtime classes for wasm/nvidia/crun ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8936",children:"(#8936)"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:"Added runtime classes for wasm/nvidia/crun"}),"\n",(0,r.jsx)(s.li,{children:"Added default runtime flag for containerd"}),"\n"]}),"\n"]}),"\n",(0,r.jsxs)(s.li,{children:["Bump containerd/runc to v1.7.10-k3s1/v1.1.10 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8962",children:"(#8962)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Allow setting default-runtime on servers ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9027",children:"(#9027)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Bump containerd to v1.7.11 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9040",children:"(#9040)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Remove GA feature-gates ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8970",children:"(#8970)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Only publish to code_cov on merged E2E builds ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9051",children:"(#9051)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update Kubernetes to v1.29.0+k3s1 ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9052",children:"(#9052)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Update flannel to v0.24.0 and remove multiclustercidr flag ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9075",children:"(#9075)"})]}),"\n",(0,r.jsxs)(s.li,{children:["Remove rotate-keys subcommand ",(0,r.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9079",children:"(#9079)"})]}),"\n"]}),"\n",(0,r.jsx)(s.hr,{})]})}function a(e={}){const{wrapper:s}={...(0,t.a)(),...e.components};return s?(0,r.jsx)(s,{...e,children:(0,r.jsx)(d,{...e})}):d(e)}},1151:(e,s,i)=>{i.d(s,{Z:()=>h,a:()=>l});var r=i(7294);const t={},n=r.createContext(t);function l(e){const s=r.useContext(n);return r.useMemo((function(){return"function"==typeof e?e(s):{...s,...e}}),[s,e])}function h(e){let s;return s=e.disableParentContext?"function"==typeof e.components?e.components(t):e.components||t:l(e.components),r.createElement(n.Provider,{value:s},e.children)}}}]);
\ No newline at end of file
diff --git a/assets/js/0ce5aa86.c1c9bf25.js b/assets/js/0ce5aa86.46b1828e.js
similarity index 99%
rename from assets/js/0ce5aa86.c1c9bf25.js
rename to assets/js/0ce5aa86.46b1828e.js
index 74ea849e2..5738e1bb1 100644
--- a/assets/js/0ce5aa86.c1c9bf25.js
+++ b/assets/js/0ce5aa86.46b1828e.js
@@ -1 +1 @@
-"use strict";(self.webpackChunkk_3_s_docs=self.webpackChunkk_3_s_docs||[]).push([[1620],{3012:(e,s,t)=>{t.r(s),t.d(s,{assets:()=>c,contentTitle:()=>l,default:()=>o,frontMatter:()=>n,metadata:()=>h,toc:()=>d});var i=t(5893),r=t(1151);const n={hide_table_of_contents:!0,sidebar_position:5},l="v1.26.X",h={id:"release-notes/v1.26.X",title:"v1.26.X",description:"Before upgrading from earlier releases, be sure to read the Kubernetes Urgent Upgrade Notes.",source:"@site/docs/release-notes/v1.26.X.md",sourceDirName:"release-notes",slug:"/release-notes/v1.26.X",permalink:"/release-notes/v1.26.X",draft:!1,unlisted:!1,editUrl:"https://github.com/k3s-io/docs/edit/main/docs/release-notes/v1.26.X.md",tags:[],version:"current",lastUpdatedAt:1723651727e3,sidebarPosition:5,frontMatter:{hide_table_of_contents:!0,sidebar_position:5},sidebar:"mySidebar",previous:{title:"v1.27.X",permalink:"/release-notes/v1.27.X"},next:{title:"v1.25.X",permalink:"/release-notes/v1.25.X"}},c={},d=[{value:"Release v1.26.15+k3s1",id:"release-v12615k3s1",level:2},{value:"Changes since v1.26.14+k3s1:",id:"changes-since-v12614k3s1",level:3},{value:"Release v1.26.14+k3s1",id:"release-v12614k3s1",level:2},{value:"Changes since v1.26.13+k3s2:",id:"changes-since-v12613k3s2",level:3},{value:"Release v1.26.13+k3s2",id:"release-v12613k3s2",level:2},{value:"Changes since v1.26.12+k3s1:",id:"changes-since-v12612k3s1",level:3},{value:"Release v1.26.12+k3s1",id:"release-v12612k3s1",level:2},{value:"Changes since v1.26.11+k3s2:",id:"changes-since-v12611k3s2",level:3},{value:"Release v1.26.11+k3s2",id:"release-v12611k3s2",level:2},{value:"Changes since v1.26.10+k3s2:",id:"changes-since-v12610k3s2",level:3},{value:"Release v1.26.10+k3s2",id:"release-v12610k3s2",level:2},{value:"Changes since v1.26.10+k3s1:",id:"changes-since-v12610k3s1",level:3},{value:"Release v1.26.10+k3s1",id:"release-v12610k3s1",level:2},{value:"Changes since v1.26.9+k3s1:",id:"changes-since-v1269k3s1",level:3},{value:"Release v1.26.9+k3s1",id:"release-v1269k3s1",level:2},{value:"Changes since v1.26.8+k3s1:",id:"changes-since-v1268k3s1",level:3},{value:"Release v1.26.8+k3s1",id:"release-v1268k3s1",level:2},{value:"Changes since v1.26.7+k3s1:",id:"changes-since-v1267k3s1",level:3},{value:"Release v1.26.7+k3s1",id:"release-v1267k3s1",level:2},{value:"Changes since v1.26.6+k3s1:",id:"changes-since-v1266k3s1",level:3},{value:"Release v1.26.6+k3s1",id:"release-v1266k3s1",level:2},{value:"Changes since v1.26.5+k3s1:",id:"changes-since-v1265k3s1",level:3},{value:"Release v1.26.5+k3s1",id:"release-v1265k3s1",level:2},{value:"Changes since v1.26.4+k3s1:",id:"changes-since-v1264k3s1",level:3},{value:"Release v1.26.4+k3s1",id:"release-v1264k3s1",level:2},{value:"Changes since v1.26.3+k3s1:",id:"changes-since-v1263k3s1",level:3},{value:"Release v1.26.3+k3s1",id:"release-v1263k3s1",level:2},{value:"Changes since v1.26.2+k3s1:",id:"changes-since-v1262k3s1",level:3},{value:"Release v1.26.2+k3s1",id:"release-v1262k3s1",level:2},{value:"Changes since v1.26.1+k3s1:",id:"changes-since-v1261k3s1",level:3},{value:"Release v1.26.1+k3s1",id:"release-v1261k3s1",level:2},{value:"Changes since v1.26.0+k3s2:",id:"changes-since-v1260k3s2",level:3},{value:"Release v1.26.0+k3s2",id:"release-v1260k3s2",level:2},{value:"Changes since v1.26.0+k3s1:",id:"changes-since-v1260k3s1",level:3},{value:"Release v1.26.0+k3s1",id:"release-v1260k3s1",level:2},{value:"\u26a0\ufe0f WARNING",id:"\ufe0f-warning",level:2},{value:"Changes since v1.25.5+k3s1:",id:"changes-since-v1255k3s1",level:3}];function a(e){const s={a:"a",admonition:"admonition",blockquote:"blockquote",code:"code",h1:"h1",h2:"h2",h3:"h3",header:"header",hr:"hr",li:"li",p:"p",strong:"strong",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",ul:"ul",...(0,r.a)(),...e.components};return(0,i.jsxs)(i.Fragment,{children:[(0,i.jsx)(s.header,{children:(0,i.jsx)(s.h1,{id:"v126x",children:"v1.26.X"})}),"\n",(0,i.jsx)(s.admonition,{title:"Upgrade Notice",type:"warning",children:(0,i.jsxs)(s.p,{children:["Before upgrading from earlier releases, be sure to read the Kubernetes ",(0,i.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#urgent-upgrade-notes",children:"Urgent Upgrade Notes"}),"."]})}),"\n",(0,i.jsxs)(s.table,{children:[(0,i.jsx)(s.thead,{children:(0,i.jsxs)(s.tr,{children:[(0,i.jsx)(s.th,{children:"Version"}),(0,i.jsx)(s.th,{children:"Release date"}),(0,i.jsx)(s.th,{children:"Kubernetes"}),(0,i.jsx)(s.th,{children:"Kine"}),(0,i.jsx)(s.th,{children:"SQLite"}),(0,i.jsx)(s.th,{children:"Etcd"}),(0,i.jsx)(s.th,{children:"Containerd"}),(0,i.jsx)(s.th,{children:"Runc"}),(0,i.jsx)(s.th,{children:"Flannel"}),(0,i.jsx)(s.th,{children:"Metrics-server"}),(0,i.jsx)(s.th,{children:"Traefik"}),(0,i.jsx)(s.th,{children:"CoreDNS"}),(0,i.jsx)(s.th,{children:"Helm-controller"}),(0,i.jsx)(s.th,{children:"Local-path-provisioner"})]})}),(0,i.jsxs)(s.tbody,{children:[(0,i.jsxs)(s.tr,{children:[(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"/release-notes/v1.26.X#release-v12615k3s1",children:"v1.26.15+k3s1"})}),(0,i.jsx)(s.td,{children:"Mar 25 2024"}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#v12615",children:"v1.26.15"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.11.4",children:"v0.11.4"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_44_0.html",children:"3.44.0"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.9-k3s1",children:"v3.5.9-k3s1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.7.11-k3s2.26",children:"v1.7.11-k3s2.26"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.12-k3s1",children:"v1.1.12-k3s1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.24.2",children:"v0.24.2"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.7.0",children:"v0.7.0"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.10.5",children:"v2.10.5"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.10.1",children:"v1.10.1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.15.9",children:"v0.15.9"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.26",children:"v0.0.26"})})]}),(0,i.jsxs)(s.tr,{children:[(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"/release-notes/v1.26.X#release-v12614k3s1",children:"v1.26.14+k3s1"})}),(0,i.jsx)(s.td,{children:"Feb 29 2024"}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#v12614",children:"v1.26.14"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.11.4",children:"v0.11.4"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_44_0.html",children:"3.44.0"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.9-k3s1",children:"v3.5.9-k3s1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.7.11-k3s2.26",children:"v1.7.11-k3s2.26"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/runc/releases/tag/v1.1.12-k3s1",children:"v1.1.12-k3s1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.24.2",children:"v0.24.2"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.3",children:"v0.6.3"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.10.5",children:"v2.10.5"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.10.1",children:"v1.10.1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.15.8",children:"v0.15.8"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.26",children:"v0.0.26"})})]}),(0,i.jsxs)(s.tr,{children:[(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"/release-notes/v1.26.X#release-v12613k3s2",children:"v1.26.13+k3s2"})}),(0,i.jsx)(s.td,{children:"Feb 06 2024"}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#v12613",children:"v1.26.13"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.11.0",children:"v0.11.0"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_42_0.html",children:"3.42.0"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.9-k3s1",children:"v3.5.9-k3s1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.7.11-k3s2.26",children:"v1.7.11-k3s2.26"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.12-k3s1",children:"v1.1.12-k3s1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.22.2",children:"v0.22.2"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.3",children:"v0.6.3"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.10.5",children:"v2.10.5"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.10.1",children:"v1.10.1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.15.8",children:"v0.15.8"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.24",children:"v0.0.24"})})]}),(0,i.jsxs)(s.tr,{children:[(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"/release-notes/v1.26.X#release-v12612k3s1",children:"v1.26.12+k3s1"})}),(0,i.jsx)(s.td,{children:"Dec 27 2023"}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#v12612",children:"v1.26.12"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.11.0",children:"v0.11.0"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_42_0.html",children:"3.42.0"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.9-k3s1",children:"v3.5.9-k3s1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.7.11-k3s2.26",children:"v1.7.11-k3s2.26"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.10",children:"v1.1.10"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.22.2",children:"v0.22.2"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.3",children:"v0.6.3"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.10.5",children:"v2.10.5"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.10.1",children:"v1.10.1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.15.4",children:"v0.15.4"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.24",children:"v0.0.24"})})]}),(0,i.jsxs)(s.tr,{children:[(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"/release-notes/v1.26.X#release-v12611k3s2",children:"v1.26.11+k3s2"})}),(0,i.jsx)(s.td,{children:"Dec 07 2023"}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#v12611",children:"v1.26.11"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.11.0",children:"v0.11.0"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_42_0.html",children:"3.42.0"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.9-k3s1",children:"v3.5.9-k3s1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.7.7-k3s1.26",children:"v1.7.7-k3s1.26"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.8",children:"v1.1.8"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.22.2",children:"v0.22.2"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.3",children:"v0.6.3"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.10.5",children:"v2.10.5"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.10.1",children:"v1.10.1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.15.4",children:"v0.15.4"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.24",children:"v0.0.24"})})]}),(0,i.jsxs)(s.tr,{children:[(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"/release-notes/v1.26.X#release-v12610k3s2",children:"v1.26.10+k3s2"})}),(0,i.jsx)(s.td,{children:"Nov 08 2023"}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#v12610",children:"v1.26.10"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.10.3",children:"v0.10.3"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_42_0.html",children:"3.42.0"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.9-k3s1",children:"v3.5.9-k3s1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.7.7-k3s1.26",children:"v1.7.7-k3s1.26"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.8",children:"v1.1.8"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.22.2",children:"v0.22.2"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.3",children:"v0.6.3"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.10.5",children:"v2.10.5"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.10.1",children:"v1.10.1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.15.4",children:"v0.15.4"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.24",children:"v0.0.24"})})]}),(0,i.jsxs)(s.tr,{children:[(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"/release-notes/v1.26.X#release-v12610k3s1",children:"v1.26.10+k3s1"})}),(0,i.jsx)(s.td,{children:"Oct 30 2023"}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#v12610",children:"v1.26.10"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.10.3",children:"v0.10.3"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_42_0.html",children:"3.42.0"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.9-k3s1",children:"v3.5.9-k3s1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.7.7-k3s1.26",children:"v1.7.7-k3s1.26"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.8",children:"v1.1.8"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.22.2",children:"v0.22.2"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.3",children:"v0.6.3"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.10.5",children:"v2.10.5"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.10.1",children:"v1.10.1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.15.4",children:"v0.15.4"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.24",children:"v0.0.24"})})]}),(0,i.jsxs)(s.tr,{children:[(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"/release-notes/v1.26.X#release-v1269k3s1",children:"v1.26.9+k3s1"})}),(0,i.jsx)(s.td,{children:"Sep 20 2023"}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#v1269",children:"v1.26.9"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.10.3",children:"v0.10.3"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_42_0.html",children:"3.42.0"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.9-k3s1",children:"v3.5.9-k3s1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.7.6-k3s1.26",children:"v1.7.6-k3s1.26"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.8",children:"v1.1.8"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.22.2",children:"v0.22.2"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.3",children:"v0.6.3"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.9.10",children:"v2.9.10"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.10.1",children:"v1.10.1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.15.4",children:"v0.15.4"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.24",children:"v0.0.24"})})]}),(0,i.jsxs)(s.tr,{children:[(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"/release-notes/v1.26.X#release-v1268k3s1",children:"v1.26.8+k3s1"})}),(0,i.jsx)(s.td,{children:"Sep 05 2023"}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#v1268",children:"v1.26.8"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.10.2",children:"v0.10.2"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_42_0.html",children:"3.42.0"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.9-k3s1",children:"v3.5.9-k3s1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.7.3-k3s1",children:"v1.7.3-k3s1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.8",children:"v1.1.8"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.22.2",children:"v0.22.2"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.3",children:"v0.6.3"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.9.10",children:"v2.9.10"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.10.1",children:"v1.10.1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.15.4",children:"v0.15.4"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.24",children:"v0.0.24"})})]}),(0,i.jsxs)(s.tr,{children:[(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"/release-notes/v1.26.X#release-v1267k3s1",children:"v1.26.7+k3s1"})}),(0,i.jsx)(s.td,{children:"Jul 27 2023"}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#v1267",children:"v1.26.7"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.10.1",children:"v0.10.1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_39_2.html",children:"3.39.2"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.7-k3s1",children:"v3.5.7-k3s1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.7.1-k3s1",children:"v1.7.1-k3s1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.7",children:"v1.1.7"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.22.0",children:"v0.22.0"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.3",children:"v0.6.3"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.9.10",children:"v2.9.10"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.10.1",children:"v1.10.1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.15.2",children:"v0.15.2"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.24",children:"v0.0.24"})})]}),(0,i.jsxs)(s.tr,{children:[(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"/release-notes/v1.26.X#release-v1266k3s1",children:"v1.26.6+k3s1"})}),(0,i.jsx)(s.td,{children:"Jun 26 2023"}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#v1266",children:"v1.26.6"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.10.1",children:"v0.10.1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_39_2.html",children:"3.39.2"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.7-k3s1",children:"v3.5.7-k3s1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.7.1-k3s1",children:"v1.7.1-k3s1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.7",children:"v1.1.7"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.22.0",children:"v0.22.0"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.3",children:"v0.6.3"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.9.10",children:"v2.9.10"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.10.1",children:"v1.10.1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.15.0",children:"v0.15.0"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.24",children:"v0.0.24"})})]}),(0,i.jsxs)(s.tr,{children:[(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"/release-notes/v1.26.X#release-v1265k3s1",children:"v1.26.5+k3s1"})}),(0,i.jsx)(s.td,{children:"May 26 2023"}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#v1265",children:"v1.26.5"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.10.1",children:"v0.10.1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_39_2.html",children:"3.39.2"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.7-k3s1",children:"v3.5.7-k3s1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.7.1-k3s1",children:"v1.7.1-k3s1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.7",children:"v1.1.7"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.21.4",children:"v0.21.4"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.2",children:"v0.6.2"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.9.10",children:"v2.9.10"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.10.1",children:"v1.10.1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.14.0",children:"v0.14.0"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.24",children:"v0.0.24"})})]}),(0,i.jsxs)(s.tr,{children:[(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"/release-notes/v1.26.X#release-v1264k3s1",children:"v1.26.4+k3s1"})}),(0,i.jsx)(s.td,{children:"Apr 20 2023"}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#v1264",children:"v1.26.4"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.9.9",children:"v0.9.9"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_39_2.html",children:"3.39.2"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.7-k3s1",children:"v3.5.7-k3s1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.6.19-k3s1",children:"v1.6.19-k3s1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.5",children:"v1.1.5"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.21.4",children:"v0.21.4"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.2",children:"v0.6.2"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.9.4",children:"v2.9.4"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.10.1",children:"v1.10.1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.13.3",children:"v0.13.3"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.24",children:"v0.0.24"})})]}),(0,i.jsxs)(s.tr,{children:[(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"/release-notes/v1.26.X#release-v1263k3s1",children:"v1.26.3+k3s1"})}),(0,i.jsx)(s.td,{children:"Mar 27 2023"}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#v1263",children:"v1.26.3"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.9.9",children:"v0.9.9"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_39_2.html",children:"3.39.2"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.5-k3s1",children:"v3.5.5-k3s1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.6.19-k3s1",children:"v1.6.19-k3s1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.4",children:"v1.1.4"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.21.4",children:"v0.21.4"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.2",children:"v0.6.2"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.9.4",children:"v2.9.4"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.9.4",children:"v1.9.4"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.13.1",children:"v0.13.1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.23",children:"v0.0.23"})})]}),(0,i.jsxs)(s.tr,{children:[(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"/release-notes/v1.26.X#release-v1262k3s1",children:"v1.26.2+k3s1"})}),(0,i.jsx)(s.td,{children:"Mar 10 2023"}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#v1262",children:"v1.26.2"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.9.9",children:"v0.9.9"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_39_2.html",children:"3.39.2"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.5-k3s1",children:"v3.5.5-k3s1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.6.15-k3s1",children:"v1.6.15-k3s1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.4",children:"v1.1.4"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.21.1",children:"v0.21.1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.2",children:"v0.6.2"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.9.4",children:"v2.9.4"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.9.4",children:"v1.9.4"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.13.1",children:"v0.13.1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.23",children:"v0.0.23"})})]}),(0,i.jsxs)(s.tr,{children:[(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"/release-notes/v1.26.X#release-v1261k3s1",children:"v1.26.1+k3s1"})}),(0,i.jsx)(s.td,{children:"Jan 26 2023"}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#v1261",children:"v1.26.1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.9.8",children:"v0.9.8"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_39_2.html",children:"3.39.2"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.5-k3s1",children:"v3.5.5-k3s1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.6.15-k3s1",children:"v1.6.15-k3s1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.4",children:"v1.1.4"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.20.2",children:"v0.20.2"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.2",children:"v0.6.2"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.9.4",children:"v2.9.4"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.9.4",children:"v1.9.4"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.13.1",children:"v0.13.1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.23",children:"v0.0.23"})})]}),(0,i.jsxs)(s.tr,{children:[(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"/release-notes/v1.26.X#release-v1260k3s2",children:"v1.26.0+k3s2"})}),(0,i.jsx)(s.td,{children:"Jan 11 2023"}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#v1260",children:"v1.26.0"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.9.8",children:"v0.9.8"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_39_2.html",children:"3.39.2"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.5-k3s1",children:"v3.5.5-k3s1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.6.14-k3s1",children:"v1.6.14-k3s1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.4",children:"v1.1.4"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.20.2",children:"v0.20.2"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.2",children:"v0.6.2"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.9.4",children:"v2.9.4"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.9.4",children:"v1.9.4"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.13.1",children:"v0.13.1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.23",children:"v0.0.23"})})]}),(0,i.jsxs)(s.tr,{children:[(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"/release-notes/v1.26.X#release-v1260k3s1",children:"v1.26.0+k3s1"})}),(0,i.jsx)(s.td,{children:"Dec 21 2022"}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#v1260",children:"v1.26.0"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/kine/releases/tag/v0.9.8",children:"v0.9.8"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://sqlite.org/releaselog/3_39_2.html",children:"3.39.2"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/etcd/releases/tag/v3.5.5-k3s1",children:"v3.5.5-k3s1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/containerd/releases/tag/v1.6.12-k3s1",children:"v1.6.12-k3s1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/opencontainers/runc/releases/tag/v1.1.4",children:"v1.1.4"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/flannel-io/flannel/releases/tag/v0.20.2",children:"v0.20.2"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.6.2",children:"v0.6.2"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/traefik/traefik/releases/tag/v2.9.4",children:"v2.9.4"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/coredns/coredns/releases/tag/v1.9.4",children:"v1.9.4"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/helm-controller/releases/tag/v0.13.1",children:"v0.13.1"})}),(0,i.jsx)(s.td,{children:(0,i.jsx)(s.a,{href:"https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.23",children:"v0.0.23"})})]})]})]}),"\n",(0,i.jsx)("br",{}),"\n",(0,i.jsxs)(s.h2,{id:"release-v12615k3s1",children:["Release ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/releases/tag/v1.26.15+k3s1",children:"v1.26.15+k3s1"})]}),"\n",(0,i.jsx)(s.p,{children:"This release updates Kubernetes to v1.26.15, and fixes a number of issues."}),"\n",(0,i.jsxs)(s.p,{children:["For more details on what's new, see the ",(0,i.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#changelog-since-v12614",children:"Kubernetes release notes"}),"."]}),"\n",(0,i.jsx)(s.h3,{id:"changes-since-v12614k3s1",children:"Changes since v1.26.14+k3s1:"}),"\n",(0,i.jsxs)(s.ul,{children:["\n",(0,i.jsxs)(s.li,{children:["Update klipper-lb image version ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9607",children:"(#9607)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Install and Unit test backports ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9645",children:"(#9645)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Adjust first node-ip based on configured clusterCIDR ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9633",children:"(#9633)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Add an integration test for flannel-backend=none ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9610",children:"(#9610)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Improve tailscale e2e test ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9655",children:"(#9655)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Backports for 2024-03 release cycle ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9692",children:"(#9692)"}),"\n",(0,i.jsxs)(s.ul,{children:["\n",(0,i.jsx)(s.li,{children:"Fix: use correct wasm shims names"}),"\n",(0,i.jsx)(s.li,{children:"The embedded flannel cni-plugin binary is now built and versioned separate from the rest of the cni plugins and the embedded flannel controller."}),"\n",(0,i.jsx)(s.li,{children:"Bump spegel to v0.0.18-k3s3"}),"\n",(0,i.jsx)(s.li,{children:"Adds wildcard registry support"}),"\n",(0,i.jsx)(s.li,{children:"Fixes issue with excessive CPU utilization while waiting for containerd to start"}),"\n",(0,i.jsx)(s.li,{children:"Add env var to allow spegel mirroring of latest tag"}),"\n",(0,i.jsx)(s.li,{children:"Tweak netpol node wait logs"}),"\n",(0,i.jsx)(s.li,{children:"Fix coredns NodeHosts on dual-stack clusters"}),"\n",(0,i.jsx)(s.li,{children:"Bump helm-controller/klipper-helm versions"}),"\n",(0,i.jsx)(s.li,{children:"Fix snapshot prune"}),"\n",(0,i.jsx)(s.li,{children:"Fix issue with etcd node name missing hostname"}),"\n",(0,i.jsx)(s.li,{children:"Rootless mode should also bind service nodePort to host for LoadBalancer type, matching UX of rootful mode."}),"\n",(0,i.jsxs)(s.li,{children:["To enable raw output for the ",(0,i.jsx)(s.code,{children:"check-config"})," subcommand, you may now set NO_COLOR=1"]}),"\n",(0,i.jsx)(s.li,{children:"Fix additional corner cases in registries handling"}),"\n",(0,i.jsx)(s.li,{children:"Bump metrics-server to v0.7.0"}),"\n",(0,i.jsx)(s.li,{children:"K3s will now warn and suppress duplicate entries in the mirror endpoint list for a registry. Containerd does not support listing the same endpoint multiple times as a mirror for a single upstream registry."}),"\n"]}),"\n"]}),"\n",(0,i.jsxs)(s.li,{children:["Fix wildcard entry upstream fallback ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9735",children:"(#9735)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Update to v1.26.15-k3s1 and Go 1.21.8 ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9740",children:"(#9740)"})]}),"\n"]}),"\n",(0,i.jsx)(s.hr,{}),"\n",(0,i.jsxs)(s.h2,{id:"release-v12614k3s1",children:["Release ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/releases/tag/v1.26.14+k3s1",children:"v1.26.14+k3s1"})]}),"\n",(0,i.jsx)(s.p,{children:"This release updates Kubernetes to v1.26.14, and fixes a number of issues."}),"\n",(0,i.jsxs)(s.p,{children:["For more details on what's new, see the ",(0,i.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#changelog-since-v12613",children:"Kubernetes release notes"}),"."]}),"\n",(0,i.jsx)(s.h3,{id:"changes-since-v12613k3s2",children:"Changes since v1.26.13+k3s2:"}),"\n",(0,i.jsxs)(s.ul,{children:["\n",(0,i.jsxs)(s.li,{children:["Chore: bump Local Path Provisioner version ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9428",children:"(#9428)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Bump cri-dockerd to fix compat with Docker Engine 25 ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9292",children:"(#9292)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Auto Dependency Bump ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9421",children:"(#9421)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Runtimes refactor using exec.LookPath ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9429",children:"(#9429)"}),"\n",(0,i.jsxs)(s.ul,{children:["\n",(0,i.jsx)(s.li,{children:"Directories containing runtimes need to be included in the $PATH environment variable for effective runtime detection."}),"\n"]}),"\n"]}),"\n",(0,i.jsxs)(s.li,{children:["Changed how lastHeartBeatTime works in the etcd condition ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9423",children:"(#9423)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Allow executors to define containerd and docker behavior ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9252",children:"(#9252)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Update Kube-router to v2.0.1 ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9406",children:"(#9406)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Backports for 2024-02 release cycle ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9464",children:"(#9464)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Bump flannel version + remove multiclustercidr ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9409",children:"(#9409)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Enable longer http timeout requests ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9446",children:"(#9446)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Test_UnitApplyContainerdQoSClassConfigFileIfPresent ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9442",children:"(#9442)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Support PR testing installs ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9471",children:"(#9471)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Update Kubernetes to v1.26.14 ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9490",children:"(#9490)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Fix drone publish for arm ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9510",children:"(#9510)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Remove failing Drone step ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9514",children:"(#9514)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Restore original order of agent startup functions ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9547",children:"(#9547)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Fix netpol startup when flannel is disabled ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9580",children:"(#9580)"})]}),"\n"]}),"\n",(0,i.jsx)(s.hr,{}),"\n",(0,i.jsxs)(s.h2,{id:"release-v12613k3s2",children:["Release ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/releases/tag/v1.26.13+k3s2",children:"v1.26.13+k3s2"})]}),"\n",(0,i.jsx)(s.p,{children:"This release updates Kubernetes to v1.26.13, and fixes a number of issues."}),"\n",(0,i.jsxs)(s.p,{children:["For more details on what's new, see the ",(0,i.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#changelog-since-v12612",children:"Kubernetes release notes"}),"."]}),"\n",(0,i.jsx)(s.p,{children:(0,i.jsx)(s.strong,{children:"Important Notes"})}),"\n",(0,i.jsxs)(s.p,{children:["Addresses the runc CVE: ",(0,i.jsx)(s.a,{href:"https://nvd.nist.gov/vuln/detail/CVE-2024-21626",children:"CVE-2024-21626"})," by updating runc to v1.1.12."]}),"\n",(0,i.jsx)(s.h3,{id:"changes-since-v12612k3s1",children:"Changes since v1.26.12+k3s1:"}),"\n",(0,i.jsxs)(s.ul,{children:["\n",(0,i.jsxs)(s.li,{children:["Add a retry around updating a secrets-encrypt node annotations ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9123",children:"(#9123)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Added support for env *_PROXY variables for agent loadbalancer ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9116",children:"(#9116)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Wait for taint to be gone in the node before starting the netpol controller ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9177",children:"(#9177)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Etcd condition ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9183",children:"(#9183)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Backports for 2024-01 ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9212",children:"(#9212)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Move proxy dialer out of init() and fix crash ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9221",children:"(#9221)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Pin opa version for missing dependency chain ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9218",children:"(#9218)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Etcd node is nil ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9230",children:"(#9230)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Update to v1.26.13 and Go 1.20.13 ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9262",children:"(#9262)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Use ",(0,i.jsx)(s.code,{children:"ipFamilyPolicy: RequireDualStack"})," for dual-stack kube-dns ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9271",children:"(#9271)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Backports for 2024-01 k3s2 ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9338",children:"(#9338)"}),"\n",(0,i.jsxs)(s.ul,{children:["\n",(0,i.jsx)(s.li,{children:"Bump runc to v1.1.12 and helm-controller to v0.15.7"}),"\n",(0,i.jsx)(s.li,{children:"Fix handling of bare hostname or IP as endpoint address in registries.yaml"}),"\n"]}),"\n"]}),"\n",(0,i.jsxs)(s.li,{children:["Bump helm-controller to fix issue with ChartContent ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9348",children:"(#9348)"})]}),"\n"]}),"\n",(0,i.jsx)(s.hr,{}),"\n",(0,i.jsxs)(s.h2,{id:"release-v12612k3s1",children:["Release ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/releases/tag/v1.26.12+k3s1",children:"v1.26.12+k3s1"})]}),"\n",(0,i.jsx)(s.p,{children:"This release updates Kubernetes to v1.26.12, and fixes a number of issues."}),"\n",(0,i.jsxs)(s.p,{children:["For more details on what's new, see the ",(0,i.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#changelog-since-v12611",children:"Kubernetes release notes"}),"."]}),"\n",(0,i.jsx)(s.h3,{id:"changes-since-v12611k3s2",children:"Changes since v1.26.11+k3s2:"}),"\n",(0,i.jsxs)(s.ul,{children:["\n",(0,i.jsxs)(s.li,{children:["Runtimes backport ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9014",children:"(#9014)"}),"\n",(0,i.jsxs)(s.ul,{children:["\n",(0,i.jsx)(s.li,{children:"Added runtime classes for wasm/nvidia/crun"}),"\n",(0,i.jsx)(s.li,{children:"Added default runtime flag for containerd"}),"\n"]}),"\n"]}),"\n",(0,i.jsxs)(s.li,{children:["Bump containerd/runc to v1.7.10-k3s1/v1.1.10 ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8964",children:"(#8964)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Fix overlapping address range ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9019",children:"(#9019)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Allow setting default-runtime on servers ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9028",children:"(#9028)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Bump containerd to v1.7.11 ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9042",children:"(#9042)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Update to v1.26.12-k3s1 ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9077",children:"(#9077)"})]}),"\n"]}),"\n",(0,i.jsx)(s.hr,{}),"\n",(0,i.jsxs)(s.h2,{id:"release-v12611k3s2",children:["Release ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/releases/tag/v1.26.11+k3s2",children:"v1.26.11+k3s2"})]}),"\n",(0,i.jsx)(s.p,{children:"This release updates Kubernetes to v1.26.11, and fixes a number of issues."}),"\n",(0,i.jsxs)(s.p,{children:["For more details on what's new, see the ",(0,i.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#changelog-since-v12610",children:"Kubernetes release notes"}),"."]}),"\n",(0,i.jsx)(s.h3,{id:"changes-since-v12610k3s2",children:"Changes since v1.26.10+k3s2:"}),"\n",(0,i.jsxs)(s.ul,{children:["\n",(0,i.jsxs)(s.li,{children:["Etcd status condition ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8820",children:"(#8820)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Backports for 2023-11 release ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8879",children:"(#8879)"}),"\n",(0,i.jsxs)(s.ul,{children:["\n",(0,i.jsxs)(s.li,{children:["New timezone info in Docker image allows the use of ",(0,i.jsx)(s.code,{children:"spec.timeZone"})," in CronJobs"]}),"\n",(0,i.jsx)(s.li,{children:"Bumped kine to v0.11.0 to resolve issues with postgres and NATS, fix performance of watch channels under heavy load, and improve compatibility with the reference implementation."}),"\n",(0,i.jsxs)(s.li,{children:["Containerd may now be configured to use rdt or blockio configuration by defining ",(0,i.jsx)(s.code,{children:"rdt_config.yaml"})," or ",(0,i.jsx)(s.code,{children:"blockio_config.yaml"})," files."]}),"\n",(0,i.jsx)(s.li,{children:"Add agent flag disable-apiserver-lb, agent will not start load balance proxy."}),"\n",(0,i.jsx)(s.li,{children:"Improved ingress IP ordering from ServiceLB"}),"\n",(0,i.jsx)(s.li,{children:"Disable helm CRD installation for disable-helm-controller"}),"\n",(0,i.jsx)(s.li,{children:"Omit snapshot list configmap entries for snapshots without extra metadata"}),"\n",(0,i.jsx)(s.li,{children:"Add jitter to client config retry to avoid hammering servers when they are starting up"}),"\n"]}),"\n"]}),"\n",(0,i.jsxs)(s.li,{children:["Add warning for removal of multiclustercidr flag ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8760",children:"(#8760)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Handle nil pointer when runtime core is not ready in etcd ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8888",children:"(#8888)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Improve dualStack log ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8829",children:"(#8829)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Bump dynamiclistener; reduce snapshot controller log spew ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8903",children:"(#8903)"}),"\n",(0,i.jsxs)(s.ul,{children:["\n",(0,i.jsx)(s.li,{children:"Bumped dynamiclistener to address a race condition that could cause a server to fail to sync its certificates into the Kubernetes secret"}),"\n",(0,i.jsx)(s.li,{children:"Reduced etcd snapshot log spam during initial cluster startup"}),"\n"]}),"\n"]}),"\n",(0,i.jsxs)(s.li,{children:["Fix etcd snapshot S3 issues ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8938",children:"(#8938)"}),"\n",(0,i.jsxs)(s.ul,{children:["\n",(0,i.jsx)(s.li,{children:"Don't apply S3 retention if S3 client failed to initialize"}),"\n",(0,i.jsx)(s.li,{children:"Don't request metadata when listing S3 snapshots"}),"\n",(0,i.jsx)(s.li,{children:"Print key instead of file path in snapshot metadata log message"}),"\n"]}),"\n"]}),"\n",(0,i.jsxs)(s.li,{children:["Update to v1.26.11 and Go to 1.20.11 ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8922",children:"(#8922)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Remove s390x ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/9000",children:"(#9000)"})]}),"\n"]}),"\n",(0,i.jsx)(s.hr,{}),"\n",(0,i.jsxs)(s.h2,{id:"release-v12610k3s2",children:["Release ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/releases/tag/v1.26.10+k3s2",children:"v1.26.10+k3s2"})]}),"\n",(0,i.jsx)(s.p,{children:"This release updates Kubernetes to v1.26.10, and fixes a number of issues."}),"\n",(0,i.jsxs)(s.p,{children:["For more details on what's new, see the ",(0,i.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#changelog-since-v12610",children:"Kubernetes release notes"}),"."]}),"\n",(0,i.jsx)(s.h3,{id:"changes-since-v12610k3s1",children:"Changes since v1.26.10+k3s1:"}),"\n",(0,i.jsxs)(s.ul,{children:["\n",(0,i.jsxs)(s.li,{children:["Fix SystemdCgroup in templates_linux.go ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8766",children:"(#8766)"}),"\n",(0,i.jsxs)(s.ul,{children:["\n",(0,i.jsx)(s.li,{children:"Fixed an issue with identifying additional container runtimes"}),"\n"]}),"\n"]}),"\n",(0,i.jsxs)(s.li,{children:["Update traefik chart to v25.0.0 ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8776",children:"(#8776)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Update traefik to fix registry value ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8790",children:"(#8790)"})]}),"\n"]}),"\n",(0,i.jsx)(s.hr,{}),"\n",(0,i.jsxs)(s.h2,{id:"release-v12610k3s1",children:["Release ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/releases/tag/v1.26.10+k3s1",children:"v1.26.10+k3s1"})]}),"\n",(0,i.jsx)(s.p,{children:"This release updates Kubernetes to v1.26.10, and fixes a number of issues."}),"\n",(0,i.jsxs)(s.p,{children:["For more details on what's new, see the ",(0,i.jsx)(s.a,{href:"https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.26.md#changelog-since-v1269",children:"Kubernetes release notes"}),"."]}),"\n",(0,i.jsx)(s.h3,{id:"changes-since-v1269k3s1",children:"Changes since v1.26.9+k3s1:"}),"\n",(0,i.jsxs)(s.ul,{children:["\n",(0,i.jsxs)(s.li,{children:["Fix error reporting ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8412",children:"(#8412)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Add context to flannel errors ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8420",children:"(#8420)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Testing Backports for September ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8300",children:"(#8300)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Include the interface name in the error message ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8436",children:"(#8436)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Update kube-router ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8444",children:"(#8444)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Add extraArgs to tailscale ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8465",children:"(#8465)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Added error when cluster reset while using server flag ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8456",children:"(#8456)"}),"\n",(0,i.jsxs)(s.ul,{children:["\n",(0,i.jsx)(s.li,{children:"The user will receive a error when --cluster-reset with the --server flag"}),"\n"]}),"\n"]}),"\n",(0,i.jsxs)(s.li,{children:["Cluster reset from non bootstrap nodes ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8453",children:"(#8453)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Fix spellcheck problem ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8510",children:"(#8510)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Take IPFamily precedence based on order ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8505",children:"(#8505)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Network defaults are duplicated, remove one ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8552",children:"(#8552)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Advertise address integration test ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8517",children:"(#8517)"})]}),"\n",(0,i.jsxs)(s.li,{children:["System agent push tags fix ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8570",children:"(#8570)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Fixed tailscale node IP dualstack mode in case of IPv4 only node ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8559",children:"(#8559)"})]}),"\n",(0,i.jsxs)(s.li,{children:["Server Token Rotation ",(0,i.jsx)(s.a,{href:"https://github.com/k3s-io/k3s/pull/8577",children:"(#8577)"}),"\n",(0,i.jsxs)(s.ul,{children:["\n",(0,i.jsxs)(s.li,{children:["Users can now rotate the server token using ",(0,i.jsx)(s.code,{children:"k3s token rotate -t k3s token create [token]",id:"k3s-token-create-token",level:4},{value:"k3s token delete",id:"k3s-token-delete",level:4},{value:"k3s token generate",id:"k3s-token-generate",level:4},{value:"k3s token list",id:"k3s-token-list",level:4},{value:"k3s token rotate",id:"k3s-token-rotate",level:4}];function a(e){const t={a:"a",admonition:"admonition",br:"br",code:"code",h1:"h1",h2:"h2",h3:"h3",h4:"h4",header:"header",li:"li",ol:"ol",p:"p",pre:"pre",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",ul:"ul",...(0,r.a)(),...e.components};return(0,s.jsxs)(s.Fragment,{children:[(0,s.jsx)(t.header,{children:(0,s.jsx)(t.h1,{id:"k3s-token",children:"k3s token"})}),"\n",(0,s.jsx)(t.p,{children:"K3s uses tokens to secure the node join process. Tokens authenticate the cluster to the joining node, and the node to the cluster."}),"\n",(0,s.jsx)(t.h2,{id:"token-format",children:"Token Format"}),"\n",(0,s.jsx)(t.p,{children:"K3s tokens can be specified in either secure or short format. The secure format is preferred, as it enables the client to authenticate the identity of the cluster it is joining, before sending credentials."}),"\n",(0,s.jsx)(t.h3,{id:"secure",children:"Secure"}),"\n",(0,s.jsx)(t.p,{children:'The secure token format (occasionally referred to as a "full" token) contains the following parts:'}),"\n",(0,s.jsx)(t.p,{children:(0,s.jsx)(t.code,{children:"k3s token create [token]",id:"k3s-token-create-token",level:4},{value:"k3s token delete",id:"k3s-token-delete",level:4},{value:"k3s token generate",id:"k3s-token-generate",level:4},{value:"k3s token list",id:"k3s-token-list",level:4},{value:"k3s token rotate",id:"k3s-token-rotate",level:4}];function a(e){const t={a:"a",admonition:"admonition",br:"br",code:"code",h1:"h1",h2:"h2",h3:"h3",h4:"h4",header:"header",li:"li",ol:"ol",p:"p",pre:"pre",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",ul:"ul",...(0,r.a)(),...e.components};return(0,s.jsxs)(s.Fragment,{children:[(0,s.jsx)(t.header,{children:(0,s.jsx)(t.h1,{id:"k3s-token",children:"k3s token"})}),"\n",(0,s.jsx)(t.p,{children:"K3s uses tokens to secure the node join process. Tokens authenticate the cluster to the joining node, and the node to the cluster."}),"\n",(0,s.jsx)(t.h2,{id:"token-format",children:"Token Format"}),"\n",(0,s.jsx)(t.p,{children:"K3s tokens can be specified in either secure or short format. The secure format is preferred, as it enables the client to authenticate the identity of the cluster it is joining, before sending credentials."}),"\n",(0,s.jsx)(t.h3,{id:"secure",children:"Secure"}),"\n",(0,s.jsx)(t.p,{children:'The secure token format (occasionally referred to as a "full" token) contains the following parts:'}),"\n",(0,s.jsx)(t.p,{children:(0,s.jsx)(t.code,{children:"--disable flag",id:"using-the---disable-flag",level:3},{value:"Using .skip files",id:"using-skip-files",level:3},{value:"Helm AddOns",id:"helm-addons",level:2}];function c(e){const n={a:"a",admonition:"admonition",blockquote:"blockquote",code:"code",h2:"h2",h3:"h3",h4:"h4",p:"p",pre:"pre",...(0,t.a)(),...e.components};return(0,i.jsxs)(i.Fragment,{children:[(0,i.jsx)(n.h2,{id:"auto-deploying-manifests-addons",children:"Auto-Deploying Manifests (AddOns)"}),"\n",(0,i.jsxs)(n.p,{children:["On server nodes, any file found in ",(0,i.jsx)(n.code,{children:"/var/lib/rancher/k3s/server/manifests"})," will automatically be deployed to Kubernetes in a manner similar to ",(0,i.jsx)(n.code,{children:"kubectl apply"}),", both on startup and when the file is changed on disk. Deleting files out of this directory will not delete the corresponding resources from the cluster."]}),"\n",(0,i.jsxs)(n.p,{children:["Manifests are tracked as ",(0,i.jsx)(n.code,{children:"AddOn"})," custom resources in the ",(0,i.jsx)(n.code,{children:"kube-system"})," namespace. Any errors or warnings encountered when applying the manifest file may seen by using ",(0,i.jsx)(n.code,{children:"kubectl describe"})," on the corresponding ",(0,i.jsx)(n.code,{children:"AddOn"}),", or by using ",(0,i.jsx)(n.code,{children:"kubectl get event -n kube-system"})," to view all events for that namespace, including those from the deploy controller."]}),"\n",(0,i.jsx)(n.h3,{id:"packaged-components",children:"Packaged Components"}),"\n",(0,i.jsxs)(n.p,{children:["K3s comes with a number of packaged components that are deployed as AddOns via the manifests directory: ",(0,i.jsx)(n.code,{children:"coredns"}),", ",(0,i.jsx)(n.code,{children:"traefik"}),", ",(0,i.jsx)(n.code,{children:"local-storage"}),", and ",(0,i.jsx)(n.code,{children:"metrics-server"}),". The embedded ",(0,i.jsx)(n.code,{children:"servicelb"})," LoadBalancer controller does not have a manifest file, but can be disabled as if it were an ",(0,i.jsx)(n.code,{children:"AddOn"})," for historical reasons."]}),"\n",(0,i.jsx)(n.p,{children:"Manifests for packaged components are managed by K3s, and should not be altered. The files are re-written to disk whenever K3s is started, in order to ensure their integrity."}),"\n",(0,i.jsx)(n.h3,{id:"user-addons",children:"User AddOns"}),"\n",(0,i.jsxs)(n.p,{children:["You may place additional files in the manifests directory for deployment as an ",(0,i.jsx)(n.code,{children:"AddOn"}),". Each file may contain multiple Kubernetes resources, delmited by the ",(0,i.jsx)(n.code,{children:"---"})," YAML document separator. For more information on organizing resources in manifests, see the ",(0,i.jsx)(n.a,{href:"https://kubernetes.io/docs/concepts/cluster-administration/manage-deployment/",children:"Managing Resources"})," section of the Kubernetes documentation."]}),"\n",(0,i.jsx)(n.h4,{id:"file-naming-requirements",children:"File Naming Requirements"}),"\n",(0,i.jsxs)(n.p,{children:["The ",(0,i.jsx)(n.code,{children:"AddOn"})," name for each file in the manifest directory is derived from the file basename.\nEnsure that all files within the manifests directory (or within any subdirectories) have names that are unique, and adhere to Kubernetes ",(0,i.jsx)(n.a,{href:"https://kubernetes.io/docs/concepts/overview/working-with-objects/names/",children:"object naming restrictions"}),".\nCare should also be taken not to conflict with names in use by the default K3s packaged components, even if those components are disabled."]}),"\n",(0,i.jsx)(n.p,{children:"Here is en example of an error that would be reported if the file name contains underscores:"}),"\n",(0,i.jsxs)(n.blockquote,{children:["\n",(0,i.jsx)(n.p,{children:(0,i.jsx)(n.code,{children:"Failed to process config: failed to process /var/lib/rancher/k3s/server/manifests/example_manifest.yaml: Addon.k3s.cattle.io \"example_manifest\" is invalid: metadata.name: Invalid value: \"example_manifest\": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')"})}),"\n"]}),"\n",(0,i.jsx)(n.admonition,{type:"danger",children:(0,i.jsx)(n.p,{children:"If you have multiple server nodes, and place additional AddOn manifests on more than one server, it is your responsibility to ensure that files stay in sync across those nodes. K3s does not sync AddOn content between nodes, and cannot guarantee correct behavior if different servers attempt to deploy conflicting manifests."})}),"\n",(0,i.jsx)(n.h2,{id:"disabling-manifests",children:"Disabling Manifests"}),"\n",(0,i.jsx)(n.p,{children:"There are two ways to disable deployment of specific content from the manifests directory."}),"\n",(0,i.jsxs)(n.h3,{id:"using-the---disable-flag",children:["Using the ",(0,i.jsx)(n.code,{children:"--disable"})," flag"]}),"\n",(0,i.jsxs)(n.p,{children:["The AddOns for packaged components listed above, in addition to AddOns for any additional manifests placed in the ",(0,i.jsx)(n.code,{children:"manifests"})," directory, can be disabled with the ",(0,i.jsx)(n.code,{children:"--disable"})," flag. Disabled AddOns are actively uninstalled from the cluster, and the source files deleted from the ",(0,i.jsx)(n.code,{children:"manifests"})," directory."]}),"\n",(0,i.jsxs)(n.p,{children:["For example, to disable traefik from being installed on a new cluster, or to uninstall it and remove the manifest from an existing cluster, you can start K3s with ",(0,i.jsx)(n.code,{children:"--disable=traefik"}),". Multiple items can be disabled by separating their names with commas, or by repeating the flag."]}),"\n",(0,i.jsx)(n.h3,{id:"using-skip-files",children:"Using .skip files"}),"\n",(0,i.jsxs)(n.p,{children:["For any file under ",(0,i.jsx)(n.code,{children:"/var/lib/rancher/k3s/server/manifests"}),", you can create a ",(0,i.jsx)(n.code,{children:".skip"})," file which will cause K3s to ignore the corresponding manifest. The contents of the ",(0,i.jsx)(n.code,{children:".skip"})," file do not matter, only its existence is checked. Note that creating a ",(0,i.jsx)(n.code,{children:".skip"})," file after an AddOn has already been created will not remove or otherwise modify it or the resources it created; the file is simply treated as if it did not exist."]}),"\n",(0,i.jsxs)(n.p,{children:["For example, creating an empty ",(0,i.jsx)(n.code,{children:"traefik.yaml.skip"})," file in the manifests directory before K3s is started the first time, will cause K3s to skip deploying ",(0,i.jsx)(n.code,{children:"traefik.yaml"}),":"]}),"\n",(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-bash",children:"$ ls /var/lib/rancher/k3s/server/manifests\nccm.yaml local-storage.yaml rolebindings.yaml traefik.yaml.skip\ncoredns.yaml traefik.yaml\n\n$ kubectl get pods -A\nNAMESPACE NAME READY STATUS RESTARTS AGE\nkube-system local-path-provisioner-64ffb68fd-xx98j 1/1 Running 0 74s\nkube-system metrics-server-5489f84d5d-7zwkt 1/1 Running 0 74s\nkube-system coredns-85cb69466-vcq7j 1/1 Running 0 74s\n"})}),"\n",(0,i.jsxs)(n.p,{children:["If Traefik had already been deployed prior to creating the ",(0,i.jsx)(n.code,{children:"traefik.skip"})," file, Traefik would stay as-is, and would not be affected by future updates when K3s is upgraded."]}),"\n",(0,i.jsx)(n.h2,{id:"helm-addons",children:"Helm AddOns"}),"\n",(0,i.jsxs)(n.p,{children:["For information about managing Helm charts via auto-deploying manifests, refer to the section about ",(0,i.jsx)(n.a,{href:"/helm",children:"Helm."})]})]})}function h(e={}){const{wrapper:n}={...(0,t.a)(),...e.components};return n?(0,i.jsx)(n,{...e,children:(0,i.jsx)(c,{...e})}):c(e)}},1151:(e,n,s)=>{s.d(n,{Z:()=>r,a:()=>o});var i=s(7294);const t={},a=i.createContext(t);function o(e){const n=i.useContext(a);return i.useMemo((function(){return"function"==typeof e?e(n):{...n,...e}}),[n,e])}function r(e){let n;return n=e.disableParentContext?"function"==typeof e.components?e.components(t):e.components||t:o(e.components),i.createElement(a.Provider,{value:n},e.children)}}}]);
\ No newline at end of file
+"use strict";(self.webpackChunkk_3_s_docs=self.webpackChunkk_3_s_docs||[]).push([[7733],{215:(e,n,s)=>{s.r(n),s.d(n,{assets:()=>d,contentTitle:()=>o,default:()=>h,frontMatter:()=>a,metadata:()=>r,toc:()=>l});var i=s(5893),t=s(1151);const a={title:"Managing Packaged Components"},o=void 0,r={id:"installation/packaged-components",title:"Managing Packaged Components",description:"Auto-Deploying Manifests (AddOns)",source:"@site/docs/installation/packaged-components.md",sourceDirName:"installation",slug:"/installation/packaged-components",permalink:"/installation/packaged-components",draft:!1,unlisted:!1,editUrl:"https://github.com/k3s-io/docs/edit/main/docs/installation/packaged-components.md",tags:[],version:"current",lastUpdatedAt:1723747404e3,frontMatter:{title:"Managing Packaged Components"},sidebar:"mySidebar",previous:{title:"Managing Server Roles",permalink:"/installation/server-roles"},next:{title:"Uninstalling K3s",permalink:"/installation/uninstall"}},d={},l=[{value:"Auto-Deploying Manifests (AddOns)",id:"auto-deploying-manifests-addons",level:2},{value:"Packaged Components",id:"packaged-components",level:3},{value:"User AddOns",id:"user-addons",level:3},{value:"File Naming Requirements",id:"file-naming-requirements",level:4},{value:"Disabling Manifests",id:"disabling-manifests",level:2},{value:"Using the --disable flag",id:"using-the---disable-flag",level:3},{value:"Using .skip files",id:"using-skip-files",level:3},{value:"Helm AddOns",id:"helm-addons",level:2}];function c(e){const n={a:"a",admonition:"admonition",blockquote:"blockquote",code:"code",h2:"h2",h3:"h3",h4:"h4",p:"p",pre:"pre",...(0,t.a)(),...e.components};return(0,i.jsxs)(i.Fragment,{children:[(0,i.jsx)(n.h2,{id:"auto-deploying-manifests-addons",children:"Auto-Deploying Manifests (AddOns)"}),"\n",(0,i.jsxs)(n.p,{children:["On server nodes, any file found in ",(0,i.jsx)(n.code,{children:"/var/lib/rancher/k3s/server/manifests"})," will automatically be deployed to Kubernetes in a manner similar to ",(0,i.jsx)(n.code,{children:"kubectl apply"}),", both on startup and when the file is changed on disk. Deleting files out of this directory will not delete the corresponding resources from the cluster."]}),"\n",(0,i.jsxs)(n.p,{children:["Manifests are tracked as ",(0,i.jsx)(n.code,{children:"AddOn"})," custom resources in the ",(0,i.jsx)(n.code,{children:"kube-system"})," namespace. Any errors or warnings encountered when applying the manifest file may seen by using ",(0,i.jsx)(n.code,{children:"kubectl describe"})," on the corresponding ",(0,i.jsx)(n.code,{children:"AddOn"}),", or by using ",(0,i.jsx)(n.code,{children:"kubectl get event -n kube-system"})," to view all events for that namespace, including those from the deploy controller."]}),"\n",(0,i.jsx)(n.h3,{id:"packaged-components",children:"Packaged Components"}),"\n",(0,i.jsxs)(n.p,{children:["K3s comes with a number of packaged components that are deployed as AddOns via the manifests directory: ",(0,i.jsx)(n.code,{children:"coredns"}),", ",(0,i.jsx)(n.code,{children:"traefik"}),", ",(0,i.jsx)(n.code,{children:"local-storage"}),", and ",(0,i.jsx)(n.code,{children:"metrics-server"}),". The embedded ",(0,i.jsx)(n.code,{children:"servicelb"})," LoadBalancer controller does not have a manifest file, but can be disabled as if it were an ",(0,i.jsx)(n.code,{children:"AddOn"})," for historical reasons."]}),"\n",(0,i.jsx)(n.p,{children:"Manifests for packaged components are managed by K3s, and should not be altered. The files are re-written to disk whenever K3s is started, in order to ensure their integrity."}),"\n",(0,i.jsx)(n.h3,{id:"user-addons",children:"User AddOns"}),"\n",(0,i.jsxs)(n.p,{children:["You may place additional files in the manifests directory for deployment as an ",(0,i.jsx)(n.code,{children:"AddOn"}),". Each file may contain multiple Kubernetes resources, delmited by the ",(0,i.jsx)(n.code,{children:"---"})," YAML document separator. For more information on organizing resources in manifests, see the ",(0,i.jsx)(n.a,{href:"https://kubernetes.io/docs/concepts/cluster-administration/manage-deployment/",children:"Managing Resources"})," section of the Kubernetes documentation."]}),"\n",(0,i.jsx)(n.h4,{id:"file-naming-requirements",children:"File Naming Requirements"}),"\n",(0,i.jsxs)(n.p,{children:["The ",(0,i.jsx)(n.code,{children:"AddOn"})," name for each file in the manifest directory is derived from the file basename.\nEnsure that all files within the manifests directory (or within any subdirectories) have names that are unique, and adhere to Kubernetes ",(0,i.jsx)(n.a,{href:"https://kubernetes.io/docs/concepts/overview/working-with-objects/names/",children:"object naming restrictions"}),".\nCare should also be taken not to conflict with names in use by the default K3s packaged components, even if those components are disabled."]}),"\n",(0,i.jsx)(n.p,{children:"Here is en example of an error that would be reported if the file name contains underscores:"}),"\n",(0,i.jsxs)(n.blockquote,{children:["\n",(0,i.jsx)(n.p,{children:(0,i.jsx)(n.code,{children:"Failed to process config: failed to process /var/lib/rancher/k3s/server/manifests/example_manifest.yaml: Addon.k3s.cattle.io \"example_manifest\" is invalid: metadata.name: Invalid value: \"example_manifest\": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')"})}),"\n"]}),"\n",(0,i.jsx)(n.admonition,{type:"danger",children:(0,i.jsx)(n.p,{children:"If you have multiple server nodes, and place additional AddOn manifests on more than one server, it is your responsibility to ensure that files stay in sync across those nodes. K3s does not sync AddOn content between nodes, and cannot guarantee correct behavior if different servers attempt to deploy conflicting manifests."})}),"\n",(0,i.jsx)(n.h2,{id:"disabling-manifests",children:"Disabling Manifests"}),"\n",(0,i.jsx)(n.p,{children:"There are two ways to disable deployment of specific content from the manifests directory."}),"\n",(0,i.jsxs)(n.h3,{id:"using-the---disable-flag",children:["Using the ",(0,i.jsx)(n.code,{children:"--disable"})," flag"]}),"\n",(0,i.jsxs)(n.p,{children:["The AddOns for packaged components listed above, in addition to AddOns for any additional manifests placed in the ",(0,i.jsx)(n.code,{children:"manifests"})," directory, can be disabled with the ",(0,i.jsx)(n.code,{children:"--disable"})," flag. Disabled AddOns are actively uninstalled from the cluster, and the source files deleted from the ",(0,i.jsx)(n.code,{children:"manifests"})," directory."]}),"\n",(0,i.jsxs)(n.p,{children:["For example, to disable traefik from being installed on a new cluster, or to uninstall it and remove the manifest from an existing cluster, you can start K3s with ",(0,i.jsx)(n.code,{children:"--disable=traefik"}),". Multiple items can be disabled by separating their names with commas, or by repeating the flag."]}),"\n",(0,i.jsx)(n.h3,{id:"using-skip-files",children:"Using .skip files"}),"\n",(0,i.jsxs)(n.p,{children:["For any file under ",(0,i.jsx)(n.code,{children:"/var/lib/rancher/k3s/server/manifests"}),", you can create a ",(0,i.jsx)(n.code,{children:".skip"})," file which will cause K3s to ignore the corresponding manifest. The contents of the ",(0,i.jsx)(n.code,{children:".skip"})," file do not matter, only its existence is checked. Note that creating a ",(0,i.jsx)(n.code,{children:".skip"})," file after an AddOn has already been created will not remove or otherwise modify it or the resources it created; the file is simply treated as if it did not exist."]}),"\n",(0,i.jsxs)(n.p,{children:["For example, creating an empty ",(0,i.jsx)(n.code,{children:"traefik.yaml.skip"})," file in the manifests directory before K3s is started the first time, will cause K3s to skip deploying ",(0,i.jsx)(n.code,{children:"traefik.yaml"}),":"]}),"\n",(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-bash",children:"$ ls /var/lib/rancher/k3s/server/manifests\nccm.yaml local-storage.yaml rolebindings.yaml traefik.yaml.skip\ncoredns.yaml traefik.yaml\n\n$ kubectl get pods -A\nNAMESPACE NAME READY STATUS RESTARTS AGE\nkube-system local-path-provisioner-64ffb68fd-xx98j 1/1 Running 0 74s\nkube-system metrics-server-5489f84d5d-7zwkt 1/1 Running 0 74s\nkube-system coredns-85cb69466-vcq7j 1/1 Running 0 74s\n"})}),"\n",(0,i.jsxs)(n.p,{children:["If Traefik had already been deployed prior to creating the ",(0,i.jsx)(n.code,{children:"traefik.skip"})," file, Traefik would stay as-is, and would not be affected by future updates when K3s is upgraded."]}),"\n",(0,i.jsx)(n.h2,{id:"helm-addons",children:"Helm AddOns"}),"\n",(0,i.jsxs)(n.p,{children:["For information about managing Helm charts via auto-deploying manifests, refer to the section about ",(0,i.jsx)(n.a,{href:"/helm",children:"Helm."})]})]})}function h(e={}){const{wrapper:n}={...(0,t.a)(),...e.components};return n?(0,i.jsx)(n,{...e,children:(0,i.jsx)(c,{...e})}):c(e)}},1151:(e,n,s)=>{s.d(n,{Z:()=>r,a:()=>o});var i=s(7294);const t={},a=i.createContext(t);function o(e){const n=i.useContext(a);return i.useMemo((function(){return"function"==typeof e?e(n):{...n,...e}}),[n,e])}function r(e){let n;return n=e.disableParentContext?"function"==typeof e.components?e.components(t):e.components||t:o(e.components),i.createElement(a.Provider,{value:n},e.children)}}}]);
\ No newline at end of file
diff --git a/assets/js/6ab2c2e0.06c8b0e2.js b/assets/js/6ab2c2e0.31c46199.js
similarity index 99%
rename from assets/js/6ab2c2e0.06c8b0e2.js
rename to assets/js/6ab2c2e0.31c46199.js
index ca986b9e4..3e7894bb6 100644
--- a/assets/js/6ab2c2e0.06c8b0e2.js
+++ b/assets/js/6ab2c2e0.31c46199.js
@@ -1 +1 @@
-"use strict";(self.webpackChunkk_3_s_docs=self.webpackChunkk_3_s_docs||[]).push([[981],{9414:(e,t,s)=>{s.r(t),s.d(t,{assets:()=>c,contentTitle:()=>d,default:()=>h,frontMatter:()=>r,metadata:()=>l,toc:()=>o});var n=s(5893),i=s(1151);const r={title:"Environment Variables"},d=void 0,l={id:"reference/env-variables",title:"Environment Variables",description:"As mentioned in the Quick-Start Guide, you can use the installation script available at https://get.k3s.io to install K3s as a service on systemd and openrc based systems.",source:"@site/docs/reference/env-variables.md",sourceDirName:"reference",slug:"/reference/env-variables",permalink:"/reference/env-variables",draft:!1,unlisted:!1,editUrl:"https://github.com/k3s-io/docs/edit/main/docs/reference/env-variables.md",tags:[],version:"current",lastUpdatedAt:1723651727e3,frontMatter:{title:"Environment Variables"},sidebar:"mySidebar",previous:{title:"Advanced Options / Configuration",permalink:"/advanced"},next:{title:"Flag Deprecation",permalink:"/reference/flag-deprecation"}},c={},o=[];function a(e){const t={a:"a",code:"code",p:"p",pre:"pre",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",...(0,i.a)(),...e.components};return(0,n.jsxs)(n.Fragment,{children:[(0,n.jsxs)(t.p,{children:["As mentioned in the ",(0,n.jsx)(t.a,{href:"/quick-start",children:"Quick-Start Guide"}),", you can use the installation script available at ",(0,n.jsx)(t.a,{href:"https://get.k3s.io",children:"https://get.k3s.io"})," to install K3s as a service on systemd and openrc based systems."]}),"\n",(0,n.jsx)(t.p,{children:"The simplest form of this command is as follows:"}),"\n",(0,n.jsx)(t.pre,{children:(0,n.jsx)(t.code,{className:"language-bash",children:"curl -sfL https://get.k3s.io | sh -\n"})}),"\n",(0,n.jsx)(t.p,{children:"When using this method to install K3s, the following environment variables can be used to configure the installation:"}),"\n",(0,n.jsxs)(t.table,{children:[(0,n.jsx)(t.thead,{children:(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.th,{children:"Environment Variable"}),(0,n.jsx)(t.th,{children:"Description"})]})}),(0,n.jsxs)(t.tbody,{children:[(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{children:(0,n.jsx)(t.code,{children:"INSTALL_K3S_SKIP_DOWNLOAD"})}),(0,n.jsx)(t.td,{children:"If set to true will not download K3s hash or binary."})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{children:(0,n.jsx)(t.code,{children:"INSTALL_K3S_SYMLINK"})}),(0,n.jsx)(t.td,{children:"By default will create symlinks for the kubectl, crictl, and ctr binaries if the commands do not already exist in path. If set to 'skip' will not create symlinks and 'force' will overwrite."})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{children:(0,n.jsx)(t.code,{children:"INSTALL_K3S_SKIP_ENABLE"})}),(0,n.jsx)(t.td,{children:"If set to true will not enable or start K3s service."})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{children:(0,n.jsx)(t.code,{children:"INSTALL_K3S_SKIP_START"})}),(0,n.jsx)(t.td,{children:"If set to true will not start K3s service."})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{children:(0,n.jsx)(t.code,{children:"INSTALL_K3S_VERSION"})}),(0,n.jsx)(t.td,{children:"Version of K3s to download from Github. Will attempt to download from the stable channel if not specified."})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{children:(0,n.jsx)(t.code,{children:"INSTALL_K3S_BIN_DIR"})}),(0,n.jsxs)(t.td,{children:["Directory to install K3s binary, links, and uninstall script to, or use ",(0,n.jsx)(t.code,{children:"/usr/local/bin"})," as the default."]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{children:(0,n.jsx)(t.code,{children:"INSTALL_K3S_BIN_DIR_READ_ONLY"})}),(0,n.jsxs)(t.td,{children:["If set to true will not write files to ",(0,n.jsx)(t.code,{children:"INSTALL_K3S_BIN_DIR"}),", forces setting ",(0,n.jsx)(t.code,{children:"INSTALL_K3S_SKIP_DOWNLOAD=true"}),"."]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{children:(0,n.jsx)(t.code,{children:"INSTALL_K3S_SYSTEMD_DIR"})}),(0,n.jsxs)(t.td,{children:["Directory to install systemd service and environment files to, or use ",(0,n.jsx)(t.code,{children:"/etc/systemd/system"})," as the default."]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{children:(0,n.jsx)(t.code,{children:"INSTALL_K3S_EXEC"})}),(0,n.jsxs)(t.td,{children:["Command with flags to use for launching K3s in the service. If the command is not specified, and the ",(0,n.jsx)(t.code,{children:"K3S_URL"}),' is set, it will default to "agent." If ',(0,n.jsx)(t.code,{children:"K3S_URL"}),' not set, it will default to "server." For help, refer to ',(0,n.jsx)(t.a,{href:"/installation/configuration#configuration-with-install-script",children:"this example."})]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{children:(0,n.jsx)(t.code,{children:"INSTALL_K3S_NAME"})}),(0,n.jsx)(t.td,{children:"Name of systemd service to create, will default to 'k3s' if running k3s as a server and 'k3s-agent' if running k3s as an agent. If specified the name will be prefixed with 'k3s-'."})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{children:(0,n.jsx)(t.code,{children:"INSTALL_K3S_TYPE"})}),(0,n.jsx)(t.td,{children:"Type of systemd service to create, will default from the K3s exec command if not specified."})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{children:(0,n.jsx)(t.code,{children:"INSTALL_K3S_SELINUX_WARN"})}),(0,n.jsx)(t.td,{children:"If set to true will continue if k3s-selinux policy is not found."})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{children:(0,n.jsx)(t.code,{children:"INSTALL_K3S_SKIP_SELINUX_RPM"})}),(0,n.jsx)(t.td,{children:"If set to true will skip automatic installation of the k3s RPM."})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{children:(0,n.jsx)(t.code,{children:"INSTALL_K3S_CHANNEL_URL"})}),(0,n.jsxs)(t.td,{children:["Channel URL for fetching K3s download URL. Defaults to ",(0,n.jsx)(t.a,{href:"https://update.k3s.io/v1-release/channels",children:"https://update.k3s.io/v1-release/channels"}),"."]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{children:(0,n.jsx)(t.code,{children:"INSTALL_K3S_CHANNEL"})}),(0,n.jsxs)(t.td,{children:['Channel to use for fetching K3s download URL. Defaults to "stable". Options include: ',(0,n.jsx)(t.code,{children:"stable"}),", ",(0,n.jsx)(t.code,{children:"latest"}),", ",(0,n.jsx)(t.code,{children:"testing"}),"."]})]})]})]}),"\n",(0,n.jsx)(t.p,{children:"This example shows where to place aforementioned environment variables as options (after the pipe):"}),"\n",(0,n.jsx)(t.pre,{children:(0,n.jsx)(t.code,{className:"language-bash",children:"curl -sfL https://get.k3s.io | INSTALL_K3S_CHANNEL=latest sh -\n"})}),"\n",(0,n.jsxs)(t.p,{children:["Environment variables which begin with ",(0,n.jsx)(t.code,{children:"K3S_"})," will be preserved for the systemd and openrc services to use."]}),"\n",(0,n.jsxs)(t.p,{children:["Setting ",(0,n.jsx)(t.code,{children:"K3S_URL"}),' without explicitly setting an exec command will default the command to "agent".']}),"\n",(0,n.jsxs)(t.p,{children:["When running the agent, ",(0,n.jsx)(t.code,{children:"K3S_TOKEN"})," must also be set."]})]})}function h(e={}){const{wrapper:t}={...(0,i.a)(),...e.components};return t?(0,n.jsx)(t,{...e,children:(0,n.jsx)(a,{...e})}):a(e)}},1151:(e,t,s)=>{s.d(t,{Z:()=>l,a:()=>d});var n=s(7294);const i={},r=n.createContext(i);function d(e){const t=n.useContext(r);return n.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function l(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(i):e.components||i:d(e.components),n.createElement(r.Provider,{value:t},e.children)}}}]);
\ No newline at end of file
+"use strict";(self.webpackChunkk_3_s_docs=self.webpackChunkk_3_s_docs||[]).push([[981],{9414:(e,t,s)=>{s.r(t),s.d(t,{assets:()=>c,contentTitle:()=>d,default:()=>h,frontMatter:()=>r,metadata:()=>l,toc:()=>o});var n=s(5893),i=s(1151);const r={title:"Environment Variables"},d=void 0,l={id:"reference/env-variables",title:"Environment Variables",description:"As mentioned in the Quick-Start Guide, you can use the installation script available at https://get.k3s.io to install K3s as a service on systemd and openrc based systems.",source:"@site/docs/reference/env-variables.md",sourceDirName:"reference",slug:"/reference/env-variables",permalink:"/reference/env-variables",draft:!1,unlisted:!1,editUrl:"https://github.com/k3s-io/docs/edit/main/docs/reference/env-variables.md",tags:[],version:"current",lastUpdatedAt:1723747404e3,frontMatter:{title:"Environment Variables"},sidebar:"mySidebar",previous:{title:"Advanced Options / Configuration",permalink:"/advanced"},next:{title:"Flag Deprecation",permalink:"/reference/flag-deprecation"}},c={},o=[];function a(e){const t={a:"a",code:"code",p:"p",pre:"pre",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",...(0,i.a)(),...e.components};return(0,n.jsxs)(n.Fragment,{children:[(0,n.jsxs)(t.p,{children:["As mentioned in the ",(0,n.jsx)(t.a,{href:"/quick-start",children:"Quick-Start Guide"}),", you can use the installation script available at ",(0,n.jsx)(t.a,{href:"https://get.k3s.io",children:"https://get.k3s.io"})," to install K3s as a service on systemd and openrc based systems."]}),"\n",(0,n.jsx)(t.p,{children:"The simplest form of this command is as follows:"}),"\n",(0,n.jsx)(t.pre,{children:(0,n.jsx)(t.code,{className:"language-bash",children:"curl -sfL https://get.k3s.io | sh -\n"})}),"\n",(0,n.jsx)(t.p,{children:"When using this method to install K3s, the following environment variables can be used to configure the installation:"}),"\n",(0,n.jsxs)(t.table,{children:[(0,n.jsx)(t.thead,{children:(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.th,{children:"Environment Variable"}),(0,n.jsx)(t.th,{children:"Description"})]})}),(0,n.jsxs)(t.tbody,{children:[(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{children:(0,n.jsx)(t.code,{children:"INSTALL_K3S_SKIP_DOWNLOAD"})}),(0,n.jsx)(t.td,{children:"If set to true will not download K3s hash or binary."})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{children:(0,n.jsx)(t.code,{children:"INSTALL_K3S_SYMLINK"})}),(0,n.jsx)(t.td,{children:"By default will create symlinks for the kubectl, crictl, and ctr binaries if the commands do not already exist in path. If set to 'skip' will not create symlinks and 'force' will overwrite."})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{children:(0,n.jsx)(t.code,{children:"INSTALL_K3S_SKIP_ENABLE"})}),(0,n.jsx)(t.td,{children:"If set to true will not enable or start K3s service."})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{children:(0,n.jsx)(t.code,{children:"INSTALL_K3S_SKIP_START"})}),(0,n.jsx)(t.td,{children:"If set to true will not start K3s service."})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{children:(0,n.jsx)(t.code,{children:"INSTALL_K3S_VERSION"})}),(0,n.jsx)(t.td,{children:"Version of K3s to download from Github. Will attempt to download from the stable channel if not specified."})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{children:(0,n.jsx)(t.code,{children:"INSTALL_K3S_BIN_DIR"})}),(0,n.jsxs)(t.td,{children:["Directory to install K3s binary, links, and uninstall script to, or use ",(0,n.jsx)(t.code,{children:"/usr/local/bin"})," as the default."]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{children:(0,n.jsx)(t.code,{children:"INSTALL_K3S_BIN_DIR_READ_ONLY"})}),(0,n.jsxs)(t.td,{children:["If set to true will not write files to ",(0,n.jsx)(t.code,{children:"INSTALL_K3S_BIN_DIR"}),", forces setting ",(0,n.jsx)(t.code,{children:"INSTALL_K3S_SKIP_DOWNLOAD=true"}),"."]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{children:(0,n.jsx)(t.code,{children:"INSTALL_K3S_SYSTEMD_DIR"})}),(0,n.jsxs)(t.td,{children:["Directory to install systemd service and environment files to, or use ",(0,n.jsx)(t.code,{children:"/etc/systemd/system"})," as the default."]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{children:(0,n.jsx)(t.code,{children:"INSTALL_K3S_EXEC"})}),(0,n.jsxs)(t.td,{children:["Command with flags to use for launching K3s in the service. If the command is not specified, and the ",(0,n.jsx)(t.code,{children:"K3S_URL"}),' is set, it will default to "agent." If ',(0,n.jsx)(t.code,{children:"K3S_URL"}),' not set, it will default to "server." For help, refer to ',(0,n.jsx)(t.a,{href:"/installation/configuration#configuration-with-install-script",children:"this example."})]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{children:(0,n.jsx)(t.code,{children:"INSTALL_K3S_NAME"})}),(0,n.jsx)(t.td,{children:"Name of systemd service to create, will default to 'k3s' if running k3s as a server and 'k3s-agent' if running k3s as an agent. If specified the name will be prefixed with 'k3s-'."})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{children:(0,n.jsx)(t.code,{children:"INSTALL_K3S_TYPE"})}),(0,n.jsx)(t.td,{children:"Type of systemd service to create, will default from the K3s exec command if not specified."})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{children:(0,n.jsx)(t.code,{children:"INSTALL_K3S_SELINUX_WARN"})}),(0,n.jsx)(t.td,{children:"If set to true will continue if k3s-selinux policy is not found."})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{children:(0,n.jsx)(t.code,{children:"INSTALL_K3S_SKIP_SELINUX_RPM"})}),(0,n.jsx)(t.td,{children:"If set to true will skip automatic installation of the k3s RPM."})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{children:(0,n.jsx)(t.code,{children:"INSTALL_K3S_CHANNEL_URL"})}),(0,n.jsxs)(t.td,{children:["Channel URL for fetching K3s download URL. Defaults to ",(0,n.jsx)(t.a,{href:"https://update.k3s.io/v1-release/channels",children:"https://update.k3s.io/v1-release/channels"}),"."]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{children:(0,n.jsx)(t.code,{children:"INSTALL_K3S_CHANNEL"})}),(0,n.jsxs)(t.td,{children:['Channel to use for fetching K3s download URL. Defaults to "stable". Options include: ',(0,n.jsx)(t.code,{children:"stable"}),", ",(0,n.jsx)(t.code,{children:"latest"}),", ",(0,n.jsx)(t.code,{children:"testing"}),"."]})]})]})]}),"\n",(0,n.jsx)(t.p,{children:"This example shows where to place aforementioned environment variables as options (after the pipe):"}),"\n",(0,n.jsx)(t.pre,{children:(0,n.jsx)(t.code,{className:"language-bash",children:"curl -sfL https://get.k3s.io | INSTALL_K3S_CHANNEL=latest sh -\n"})}),"\n",(0,n.jsxs)(t.p,{children:["Environment variables which begin with ",(0,n.jsx)(t.code,{children:"K3S_"})," will be preserved for the systemd and openrc services to use."]}),"\n",(0,n.jsxs)(t.p,{children:["Setting ",(0,n.jsx)(t.code,{children:"K3S_URL"}),' without explicitly setting an exec command will default the command to "agent".']}),"\n",(0,n.jsxs)(t.p,{children:["When running the agent, ",(0,n.jsx)(t.code,{children:"K3S_TOKEN"})," must also be set."]})]})}function h(e={}){const{wrapper:t}={...(0,i.a)(),...e.components};return t?(0,n.jsx)(t,{...e,children:(0,n.jsx)(a,{...e})}):a(e)}},1151:(e,t,s)=>{s.d(t,{Z:()=>l,a:()=>d});var n=s(7294);const i={},r=n.createContext(i);function d(e){const t=n.useContext(r);return n.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function l(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(i):e.components||i:d(e.components),n.createElement(r.Provider,{value:t},e.children)}}}]);
\ No newline at end of file
diff --git a/assets/js/6e9804bc.3146c892.js b/assets/js/6e9804bc.0dc8e83c.js
similarity index 99%
rename from assets/js/6e9804bc.3146c892.js
rename to assets/js/6e9804bc.0dc8e83c.js
index 7bb09f711..848a582cc 100644
--- a/assets/js/6e9804bc.3146c892.js
+++ b/assets/js/6e9804bc.0dc8e83c.js
@@ -1 +1 @@
-"use strict";(self.webpackChunkk_3_s_docs=self.webpackChunkk_3_s_docs||[]).push([[393],{1218:(e,t,r)=>{r.r(t),r.d(t,{assets:()=>o,contentTitle:()=>c,default:()=>h,frontMatter:()=>i,metadata:()=>a,toc:()=>d});var s=r(5893),n=r(1151);const i={title:"certificate"},c="k3s certificate",a={id:"cli/certificate",title:"certificate",description:"Client and Server Certificates",source:"@site/docs/cli/certificate.md",sourceDirName:"cli",slug:"/cli/certificate",permalink:"/cli/certificate",draft:!1,unlisted:!1,editUrl:"https://github.com/k3s-io/docs/edit/main/docs/cli/certificate.md",tags:[],version:"current",lastUpdatedAt:1723651727e3,frontMatter:{title:"certificate"},sidebar:"mySidebar",previous:{title:"agent",permalink:"/cli/agent"},next:{title:"etcd-snapshot",permalink:"/cli/etcd-snapshot"}},o={},d=[{value:"Client and Server Certificates",id:"client-and-server-certificates",level:2},{value:"Rotating Client and Server Certificates",id:"rotating-client-and-server-certificates",level:3},{value:"Certificate Authority (CA) Certificates",id:"certificate-authority-ca-certificates",level:2},{value:"Using Custom CA Certificates",id:"using-custom-ca-certificates",level:3},{value:"Custom CA Topology",id:"custom-ca-topology",level:4},{value:"Using the Example Script",id:"using-the-example-script",level:4},{value:"Rotating Custom CA Certificates",id:"rotating-custom-ca-certificates",level:3},{value:"Using the Example Script",id:"using-the-example-script-1",level:4},{value:"Rotating Self-Signed CA Certificates",id:"rotating-self-signed-ca-certificates",level:3},{value:"Default CA Topology",id:"default-ca-topology",level:4},{value:"Using The Example Script",id:"using-the-example-script-2",level:4},{value:"Service-Account Issuer Key Rotation",id:"service-account-issuer-key-rotation",level:2}];function l(e){const t={a:"a",admonition:"admonition",br:"br",code:"code",em:"em",h1:"h1",h2:"h2",h3:"h3",h4:"h4",header:"header",li:"li",mermaid:"mermaid",p:"p",pre:"pre",ul:"ul",...(0,n.a)(),...e.components};return(0,s.jsxs)(s.Fragment,{children:[(0,s.jsx)(t.header,{children:(0,s.jsx)(t.h1,{id:"k3s-certificate",children:"k3s certificate"})}),"\n",(0,s.jsx)(t.h2,{id:"client-and-server-certificates",children:"Client and Server Certificates"}),"\n",(0,s.jsx)(t.p,{children:"K3s client and server certificates are valid for 365 days from their date of issuance. Any certificates that are expired, or within 90 days of expiring, are automatically renewed every time K3s starts."}),"\n",(0,s.jsx)(t.h3,{id:"rotating-client-and-server-certificates",children:"Rotating Client and Server Certificates"}),"\n",(0,s.jsxs)(t.p,{children:["To rotate client and server certificates manually, use the ",(0,s.jsx)(t.code,{children:"k3s certificate rotate"})," subcommand:"]}),"\n",(0,s.jsx)(t.pre,{children:(0,s.jsx)(t.code,{className:"language-bash",children:"# Stop K3s\nsystemctl stop k3s\n\n# Rotate certificates\nk3s certificate rotate\n\n# Start K3s\nsystemctl start k3s\n"})}),"\n",(0,s.jsx)(t.p,{children:"Individual or lists of certificates can be rotated by specifying the certificate name:"}),"\n",(0,s.jsx)(t.pre,{children:(0,s.jsx)(t.code,{className:"language-bash",children:"k3s certificate rotate --service protect-kernel-defaults is set",id:"ensure-protect-kernel-defaults-is-set",level:3},{value:"Set kernel parameters",id:"set-kernel-parameters",level:4},{value:"Kubernetes Runtime Requirements",id:"kubernetes-runtime-requirements",level:2},{value:"Pod Security",id:"pod-security",level:3},{value:"NetworkPolicies",id:"networkpolicies",level:3},{value:"API Server audit configuration",id:"api-server-audit-configuration",level:3},{value:"Configuration for Kubernetes Components",id:"configuration-for-kubernetes-components",level:2},{value:"Manual Operations",id:"manual-operations",level:2},{value:"Control 1.1.20",id:"control-1120",level:3},{value:"Control 1.2.9",id:"control-129",level:3},{value:"Control 1.2.11",id:"control-1211",level:3},{value:"Control 1.2.21",id:"control-1221",level:3},{value:"Control 4.2.13",id:"control-4213",level:3},{value:"Control 5.X",id:"control-5x",level:3},{value:"Conclusion",id:"conclusion",level:2}];function d(e){const n={a:"a",admonition:"admonition",blockquote:"blockquote",code:"code",h2:"h2",h3:"h3",h4:"h4",li:"li",ol:"ol",p:"p",pre:"pre",strong:"strong",...(0,r.a)(),...e.components},{Details:s,TabItem:t,Tabs:a}=n;return s||p("Details",!0),t||p("TabItem",!0),a||p("Tabs",!0),(0,i.jsxs)(i.Fragment,{children:[(0,i.jsx)(n.p,{children:"This document provides prescriptive guidance for hardening a production installation of K3s. It outlines the configurations and controls required to address Kubernetes benchmark controls from the Center for Internet Security (CIS)."}),"\n",(0,i.jsx)(n.p,{children:"K3s has a number of security mitigations applied and turned on by default and will pass a number of the Kubernetes CIS controls without modification. There are some notable exceptions to this that require manual intervention to fully comply with the CIS Benchmark:"}),"\n",(0,i.jsxs)(n.ol,{children:["\n",(0,i.jsx)(n.li,{children:"K3s will not modify the host operating system. Any host-level modifications will need to be done manually."}),"\n",(0,i.jsxs)(n.li,{children:["Certain CIS policy controls for ",(0,i.jsx)(n.code,{children:"NetworkPolicies"})," and ",(0,i.jsx)(n.code,{children:"PodSecurityStandards"})," (",(0,i.jsx)(n.code,{children:"PodSecurityPolicies"})," on v1.24 and older) will restrict the functionality of the cluster. You must opt into having K3s configure these by adding the appropriate options (enabling of admission plugins) to your command-line flags or configuration file as well as manually applying appropriate policies. Further details are presented in the sections below."]}),"\n"]}),"\n",(0,i.jsx)(n.p,{children:"The first section (1.1) of the CIS Benchmark concerns itself primarily with pod manifest permissions and ownership. K3s doesn't utilize these for the core components since everything is packaged into a single binary."}),"\n",(0,i.jsx)(n.h2,{id:"host-level-requirements",children:"Host-level Requirements"}),"\n",(0,i.jsx)(n.p,{children:"There are two areas of host-level requirements: kernel parameters and etcd process/directory configuration. These are outlined in this section."}),"\n",(0,i.jsxs)(n.h3,{id:"ensure-protect-kernel-defaults-is-set",children:["Ensure ",(0,i.jsx)(n.code,{children:"protect-kernel-defaults"})," is set"]}),"\n",(0,i.jsx)(n.p,{children:"This is a kubelet flag that will cause the kubelet to exit if the required kernel parameters are unset or are set to values that are different from the kubelet's defaults."}),"\n",(0,i.jsxs)(n.blockquote,{children:["\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Note:"})," ",(0,i.jsx)(n.code,{children:"protect-kernel-defaults"})," is exposed as a top-level flag for K3s."]}),"\n"]}),"\n",(0,i.jsx)(n.h4,{id:"set-kernel-parameters",children:"Set kernel parameters"}),"\n",(0,i.jsxs)(n.p,{children:["Create a file called ",(0,i.jsx)(n.code,{children:"/etc/sysctl.d/90-kubelet.conf"})," and add the snippet below. Then run ",(0,i.jsx)(n.code,{children:"sysctl -p /etc/sysctl.d/90-kubelet.conf"}),"."]}),"\n",(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-bash",children:"vm.panic_on_oom=0\nvm.overcommit_memory=1\nkernel.panic=10\nkernel.panic_on_oops=1\n"})}),"\n",(0,i.jsx)(n.h2,{id:"kubernetes-runtime-requirements",children:"Kubernetes Runtime Requirements"}),"\n",(0,i.jsx)(n.p,{children:"The runtime requirements to comply with the CIS Benchmark are centered around pod security (via PSP or PSA), network policies and API Server auditing logs. These are outlined in this section."}),"\n",(0,i.jsxs)(n.p,{children:["By default, K3s does not include any pod security or network policies. However, K3s ships with a controller that will enforce network policies, if any are created. K3s doesn't enable auditing by default, so audit log configuration and audit policy must be created manually. By default, K3s runs with the both the ",(0,i.jsx)(n.code,{children:"PodSecurity"})," and ",(0,i.jsx)(n.code,{children:"NodeRestriction"})," admission controllers enabled, among others."]}),"\n",(0,i.jsx)(n.h3,{id:"pod-security",children:"Pod Security"}),"\n",(0,i.jsxs)(a,{groupId:"pod-sec",queryString:!0,children:[(0,i.jsxs)(t,{value:"v1.25 and Newer",default:!0,children:[(0,i.jsxs)(n.p,{children:["K3s v1.25 and newer support ",(0,i.jsx)(n.a,{href:"https://kubernetes.io/docs/concepts/security/pod-security-admission/",children:"Pod Security Admissions (PSAs)"})," for controlling pod security. PSAs are enabled by passing the following flag to the K3s server:"]}),(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{children:'--kube-apiserver-arg="admission-control-config-file=/var/lib/rancher/k3s/server/psa.yaml"\n'})}),(0,i.jsxs)(n.p,{children:["The policy should be written to a file named ",(0,i.jsx)(n.code,{children:"psa.yaml"})," in ",(0,i.jsx)(n.code,{children:"/var/lib/rancher/k3s/server"})," directory."]}),(0,i.jsx)(n.p,{children:"Here is an example of a compliant PSA:"}),(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-yaml",children:'apiVersion: apiserver.config.k8s.io/v1\nkind: AdmissionConfiguration\nplugins:\n- name: PodSecurity\n configuration:\n apiVersion: pod-security.admission.config.k8s.io/v1beta1\n kind: PodSecurityConfiguration\n defaults:\n enforce: "restricted"\n enforce-version: "latest"\n audit: "restricted"\n audit-version: "latest"\n warn: "restricted"\n warn-version: "latest"\n exemptions:\n usernames: []\n runtimeClasses: []\n namespaces: [kube-system, cis-operator-system]\n'})})]}),(0,i.jsxs)(t,{value:"v1.24 and Older",default:!0,children:[(0,i.jsxs)(n.p,{children:["K3s v1.24 and older support ",(0,i.jsx)(n.a,{href:"https://kubernetes.io/docs/concepts/security/pod-security-policy/",children:"Pod Security Policies (PSPs)"})," for controlling pod security. PSPs are enabled by passing the following flag to the K3s server:"]}),(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{children:'--kube-apiserver-arg="enable-admission-plugins=NodeRestriction,PodSecurityPolicy"\n'})}),(0,i.jsxs)(n.p,{children:["This will have the effect of maintaining the ",(0,i.jsx)(n.code,{children:"NodeRestriction"})," plugin as well as enabling the ",(0,i.jsx)(n.code,{children:"PodSecurityPolicy"}),"."]}),(0,i.jsx)(n.p,{children:"When PSPs are enabled, a policy can be applied to satisfy the necessary controls described in section 5.2 of the CIS Benchmark."}),(0,i.jsx)(n.p,{children:"Here is an example of a compliant PSP:"}),(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-yaml",children:"apiVersion: policy/v1beta1\nkind: PodSecurityPolicy\nmetadata:\n name: restricted-psp\nspec:\n privileged: false # CIS - 5.2.1\n allowPrivilegeEscalation: false # CIS - 5.2.5\n requiredDropCapabilities: # CIS - 5.2.7/8/9\n - ALL\n volumes:\n - 'configMap'\n - 'emptyDir'\n - 'projected'\n - 'secret'\n - 'downwardAPI'\n - 'csi'\n - 'persistentVolumeClaim'\n - 'ephemeral'\n hostNetwork: false # CIS - 5.2.4\n hostIPC: false # CIS - 5.2.3\n hostPID: false # CIS - 5.2.2\n runAsUser:\n rule: 'MustRunAsNonRoot' # CIS - 5.2.6\n seLinux:\n rule: 'RunAsAny'\n supplementalGroups:\n rule: 'MustRunAs'\n ranges:\n - min: 1\n max: 65535\n fsGroup:\n rule: 'MustRunAs'\n ranges:\n - min: 1\n max: 65535\n readOnlyRootFilesystem: false\n"})}),(0,i.jsx)(n.p,{children:'For the above PSP to be effective, we need to create a ClusterRole and a ClusterRoleBinding. We also need to include a "system unrestricted policy" which is needed for system-level pods that require additional privileges, and an additional policy that allows sysctls necessary for servicelb to function properly.'}),(0,i.jsxs)(n.p,{children:["Combining the configuration above with the ",(0,i.jsx)(n.a,{href:"#networkpolicies",children:"Network Policy"})," described in the next section, a single file can be placed in the ",(0,i.jsx)(n.code,{children:"/var/lib/rancher/k3s/server/manifests"})," directory. Here is an example of a ",(0,i.jsx)(n.code,{children:"policy.yaml"})," file:"]}),(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-yaml",children:"apiVersion: policy/v1beta1\nkind: PodSecurityPolicy\nmetadata:\n name: restricted-psp\nspec:\n privileged: false\n allowPrivilegeEscalation: false\n requiredDropCapabilities:\n - ALL\n volumes:\n - 'configMap'\n - 'emptyDir'\n - 'projected'\n - 'secret'\n - 'downwardAPI'\n - 'csi'\n - 'persistentVolumeClaim'\n - 'ephemeral'\n hostNetwork: false\n hostIPC: false\n hostPID: false\n runAsUser:\n rule: 'MustRunAsNonRoot'\n seLinux:\n rule: 'RunAsAny'\n supplementalGroups:\n rule: 'MustRunAs'\n ranges:\n - min: 1\n max: 65535\n fsGroup:\n rule: 'MustRunAs'\n ranges:\n - min: 1\n max: 65535\n readOnlyRootFilesystem: false\n---\napiVersion: policy/v1beta1\nkind: PodSecurityPolicy\nmetadata:\n name: system-unrestricted-psp\n annotations:\n seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'\nspec:\n allowPrivilegeEscalation: true\n allowedCapabilities:\n - '*'\n fsGroup:\n rule: RunAsAny\n hostIPC: true\n hostNetwork: true\n hostPID: true\n hostPorts:\n - max: 65535\n min: 0\n privileged: true\n runAsUser:\n rule: RunAsAny\n seLinux:\n rule: RunAsAny\n supplementalGroups:\n rule: RunAsAny\n volumes:\n - '*'\n---\napiVersion: policy/v1beta1\nkind: PodSecurityPolicy\nmetadata:\n name: svclb-psp\n annotations:\n seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'\nspec:\n allowPrivilegeEscalation: false\n allowedCapabilities:\n - NET_ADMIN\n allowedUnsafeSysctls:\n - net.ipv4.ip_forward\n - net.ipv6.conf.all.forwarding\n fsGroup:\n rule: RunAsAny\n hostPorts:\n - max: 65535\n min: 0\n runAsUser:\n rule: RunAsAny\n seLinux:\n rule: RunAsAny\n supplementalGroups:\n rule: RunAsAny\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: psp:restricted-psp\nrules:\n- apiGroups:\n - policy\n resources:\n - podsecuritypolicies\n verbs:\n - use\n resourceNames:\n - restricted-psp\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: psp:system-unrestricted-psp\nrules:\n- apiGroups:\n - policy\n resources:\n - podsecuritypolicies\n resourceNames:\n - system-unrestricted-psp\n verbs:\n - use\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: psp:svclb-psp\nrules:\n- apiGroups:\n - policy\n resources:\n - podsecuritypolicies\n resourceNames:\n - svclb-psp\n verbs:\n - use\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: default:restricted-psp\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: psp:restricted-psp\nsubjects:\n- kind: Group\n name: system:authenticated\n apiGroup: rbac.authorization.k8s.io\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: system-unrestricted-node-psp-rolebinding\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: psp:system-unrestricted-psp\nsubjects:\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: RoleBinding\nmetadata:\n name: system-unrestricted-svc-acct-psp-rolebinding\n namespace: kube-system\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: psp:system-unrestricted-psp\nsubjects:\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:serviceaccounts\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: RoleBinding\nmetadata:\n name: svclb-psp-rolebinding\n namespace: kube-system\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: psp:svclb-psp\nsubjects:\n- kind: ServiceAccount\n name: svclb\n---\nkind: NetworkPolicy\napiVersion: networking.k8s.io/v1\nmetadata:\n name: intra-namespace\n namespace: kube-system\nspec:\n podSelector: {}\n ingress:\n - from:\n - namespaceSelector:\n matchLabels:\n name: kube-system\n---\nkind: NetworkPolicy\napiVersion: networking.k8s.io/v1\nmetadata:\n name: intra-namespace\n namespace: default\nspec:\n podSelector: {}\n ingress:\n - from:\n - namespaceSelector:\n matchLabels:\n name: default\n---\nkind: NetworkPolicy\napiVersion: networking.k8s.io/v1\nmetadata:\n name: intra-namespace\n namespace: kube-public\nspec:\n podSelector: {}\n ingress:\n - from:\n - namespaceSelector:\n matchLabels:\n name: kube-public\n"})})]})]}),"\n",(0,i.jsxs)(n.blockquote,{children:["\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Note:"})," The Kubernetes critical additions such as CNI, DNS, and Ingress are run as pods in the ",(0,i.jsx)(n.code,{children:"kube-system"})," namespace. Therefore, this namespace will have a policy that is less restrictive so that these components can run properly."]}),"\n"]}),"\n",(0,i.jsx)(n.h3,{id:"networkpolicies",children:"NetworkPolicies"}),"\n",(0,i.jsx)(n.p,{children:"CIS requires that all namespaces have a network policy applied that reasonably limits traffic into namespaces and pods."}),"\n",(0,i.jsxs)(n.p,{children:["Network policies should be placed the ",(0,i.jsx)(n.code,{children:"/var/lib/rancher/k3s/server/manifests"})," directory, where they will automatically be deployed on startup."]}),"\n",(0,i.jsx)(n.p,{children:"Here is an example of a compliant network policy."}),"\n",(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-yaml",children:"kind: NetworkPolicy\napiVersion: networking.k8s.io/v1\nmetadata:\n name: intra-namespace\n namespace: kube-system\nspec:\n podSelector: {}\n ingress:\n - from:\n - namespaceSelector:\n matchLabels:\n name: kube-system\n"})}),"\n",(0,i.jsx)(n.p,{children:"With the applied restrictions, DNS will be blocked unless purposely allowed. Below is a network policy that will allow for traffic to exist for DNS."}),"\n",(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-yaml",children:"apiVersion: networking.k8s.io/v1\nkind: NetworkPolicy\nmetadata:\n name: default-network-dns-policy\n namespace: protect-kernel-defaults is set",id:"ensure-protect-kernel-defaults-is-set",level:3},{value:"Set kernel parameters",id:"set-kernel-parameters",level:4},{value:"Kubernetes Runtime Requirements",id:"kubernetes-runtime-requirements",level:2},{value:"Pod Security",id:"pod-security",level:3},{value:"NetworkPolicies",id:"networkpolicies",level:3},{value:"API Server audit configuration",id:"api-server-audit-configuration",level:3},{value:"Configuration for Kubernetes Components",id:"configuration-for-kubernetes-components",level:2},{value:"Manual Operations",id:"manual-operations",level:2},{value:"Control 1.1.20",id:"control-1120",level:3},{value:"Control 1.2.9",id:"control-129",level:3},{value:"Control 1.2.11",id:"control-1211",level:3},{value:"Control 1.2.21",id:"control-1221",level:3},{value:"Control 4.2.13",id:"control-4213",level:3},{value:"Control 5.X",id:"control-5x",level:3},{value:"Conclusion",id:"conclusion",level:2}];function d(e){const n={a:"a",admonition:"admonition",blockquote:"blockquote",code:"code",h2:"h2",h3:"h3",h4:"h4",li:"li",ol:"ol",p:"p",pre:"pre",strong:"strong",...(0,r.a)(),...e.components},{Details:s,TabItem:t,Tabs:a}=n;return s||p("Details",!0),t||p("TabItem",!0),a||p("Tabs",!0),(0,i.jsxs)(i.Fragment,{children:[(0,i.jsx)(n.p,{children:"This document provides prescriptive guidance for hardening a production installation of K3s. It outlines the configurations and controls required to address Kubernetes benchmark controls from the Center for Internet Security (CIS)."}),"\n",(0,i.jsx)(n.p,{children:"K3s has a number of security mitigations applied and turned on by default and will pass a number of the Kubernetes CIS controls without modification. There are some notable exceptions to this that require manual intervention to fully comply with the CIS Benchmark:"}),"\n",(0,i.jsxs)(n.ol,{children:["\n",(0,i.jsx)(n.li,{children:"K3s will not modify the host operating system. Any host-level modifications will need to be done manually."}),"\n",(0,i.jsxs)(n.li,{children:["Certain CIS policy controls for ",(0,i.jsx)(n.code,{children:"NetworkPolicies"})," and ",(0,i.jsx)(n.code,{children:"PodSecurityStandards"})," (",(0,i.jsx)(n.code,{children:"PodSecurityPolicies"})," on v1.24 and older) will restrict the functionality of the cluster. You must opt into having K3s configure these by adding the appropriate options (enabling of admission plugins) to your command-line flags or configuration file as well as manually applying appropriate policies. Further details are presented in the sections below."]}),"\n"]}),"\n",(0,i.jsx)(n.p,{children:"The first section (1.1) of the CIS Benchmark concerns itself primarily with pod manifest permissions and ownership. K3s doesn't utilize these for the core components since everything is packaged into a single binary."}),"\n",(0,i.jsx)(n.h2,{id:"host-level-requirements",children:"Host-level Requirements"}),"\n",(0,i.jsx)(n.p,{children:"There are two areas of host-level requirements: kernel parameters and etcd process/directory configuration. These are outlined in this section."}),"\n",(0,i.jsxs)(n.h3,{id:"ensure-protect-kernel-defaults-is-set",children:["Ensure ",(0,i.jsx)(n.code,{children:"protect-kernel-defaults"})," is set"]}),"\n",(0,i.jsx)(n.p,{children:"This is a kubelet flag that will cause the kubelet to exit if the required kernel parameters are unset or are set to values that are different from the kubelet's defaults."}),"\n",(0,i.jsxs)(n.blockquote,{children:["\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Note:"})," ",(0,i.jsx)(n.code,{children:"protect-kernel-defaults"})," is exposed as a top-level flag for K3s."]}),"\n"]}),"\n",(0,i.jsx)(n.h4,{id:"set-kernel-parameters",children:"Set kernel parameters"}),"\n",(0,i.jsxs)(n.p,{children:["Create a file called ",(0,i.jsx)(n.code,{children:"/etc/sysctl.d/90-kubelet.conf"})," and add the snippet below. Then run ",(0,i.jsx)(n.code,{children:"sysctl -p /etc/sysctl.d/90-kubelet.conf"}),"."]}),"\n",(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-bash",children:"vm.panic_on_oom=0\nvm.overcommit_memory=1\nkernel.panic=10\nkernel.panic_on_oops=1\n"})}),"\n",(0,i.jsx)(n.h2,{id:"kubernetes-runtime-requirements",children:"Kubernetes Runtime Requirements"}),"\n",(0,i.jsx)(n.p,{children:"The runtime requirements to comply with the CIS Benchmark are centered around pod security (via PSP or PSA), network policies and API Server auditing logs. These are outlined in this section."}),"\n",(0,i.jsxs)(n.p,{children:["By default, K3s does not include any pod security or network policies. However, K3s ships with a controller that will enforce network policies, if any are created. K3s doesn't enable auditing by default, so audit log configuration and audit policy must be created manually. By default, K3s runs with the both the ",(0,i.jsx)(n.code,{children:"PodSecurity"})," and ",(0,i.jsx)(n.code,{children:"NodeRestriction"})," admission controllers enabled, among others."]}),"\n",(0,i.jsx)(n.h3,{id:"pod-security",children:"Pod Security"}),"\n",(0,i.jsxs)(a,{groupId:"pod-sec",queryString:!0,children:[(0,i.jsxs)(t,{value:"v1.25 and Newer",default:!0,children:[(0,i.jsxs)(n.p,{children:["K3s v1.25 and newer support ",(0,i.jsx)(n.a,{href:"https://kubernetes.io/docs/concepts/security/pod-security-admission/",children:"Pod Security Admissions (PSAs)"})," for controlling pod security. PSAs are enabled by passing the following flag to the K3s server:"]}),(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{children:'--kube-apiserver-arg="admission-control-config-file=/var/lib/rancher/k3s/server/psa.yaml"\n'})}),(0,i.jsxs)(n.p,{children:["The policy should be written to a file named ",(0,i.jsx)(n.code,{children:"psa.yaml"})," in ",(0,i.jsx)(n.code,{children:"/var/lib/rancher/k3s/server"})," directory."]}),(0,i.jsx)(n.p,{children:"Here is an example of a compliant PSA:"}),(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-yaml",children:'apiVersion: apiserver.config.k8s.io/v1\nkind: AdmissionConfiguration\nplugins:\n- name: PodSecurity\n configuration:\n apiVersion: pod-security.admission.config.k8s.io/v1beta1\n kind: PodSecurityConfiguration\n defaults:\n enforce: "restricted"\n enforce-version: "latest"\n audit: "restricted"\n audit-version: "latest"\n warn: "restricted"\n warn-version: "latest"\n exemptions:\n usernames: []\n runtimeClasses: []\n namespaces: [kube-system, cis-operator-system]\n'})})]}),(0,i.jsxs)(t,{value:"v1.24 and Older",default:!0,children:[(0,i.jsxs)(n.p,{children:["K3s v1.24 and older support ",(0,i.jsx)(n.a,{href:"https://kubernetes.io/docs/concepts/security/pod-security-policy/",children:"Pod Security Policies (PSPs)"})," for controlling pod security. PSPs are enabled by passing the following flag to the K3s server:"]}),(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{children:'--kube-apiserver-arg="enable-admission-plugins=NodeRestriction,PodSecurityPolicy"\n'})}),(0,i.jsxs)(n.p,{children:["This will have the effect of maintaining the ",(0,i.jsx)(n.code,{children:"NodeRestriction"})," plugin as well as enabling the ",(0,i.jsx)(n.code,{children:"PodSecurityPolicy"}),"."]}),(0,i.jsx)(n.p,{children:"When PSPs are enabled, a policy can be applied to satisfy the necessary controls described in section 5.2 of the CIS Benchmark."}),(0,i.jsx)(n.p,{children:"Here is an example of a compliant PSP:"}),(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-yaml",children:"apiVersion: policy/v1beta1\nkind: PodSecurityPolicy\nmetadata:\n name: restricted-psp\nspec:\n privileged: false # CIS - 5.2.1\n allowPrivilegeEscalation: false # CIS - 5.2.5\n requiredDropCapabilities: # CIS - 5.2.7/8/9\n - ALL\n volumes:\n - 'configMap'\n - 'emptyDir'\n - 'projected'\n - 'secret'\n - 'downwardAPI'\n - 'csi'\n - 'persistentVolumeClaim'\n - 'ephemeral'\n hostNetwork: false # CIS - 5.2.4\n hostIPC: false # CIS - 5.2.3\n hostPID: false # CIS - 5.2.2\n runAsUser:\n rule: 'MustRunAsNonRoot' # CIS - 5.2.6\n seLinux:\n rule: 'RunAsAny'\n supplementalGroups:\n rule: 'MustRunAs'\n ranges:\n - min: 1\n max: 65535\n fsGroup:\n rule: 'MustRunAs'\n ranges:\n - min: 1\n max: 65535\n readOnlyRootFilesystem: false\n"})}),(0,i.jsx)(n.p,{children:'For the above PSP to be effective, we need to create a ClusterRole and a ClusterRoleBinding. We also need to include a "system unrestricted policy" which is needed for system-level pods that require additional privileges, and an additional policy that allows sysctls necessary for servicelb to function properly.'}),(0,i.jsxs)(n.p,{children:["Combining the configuration above with the ",(0,i.jsx)(n.a,{href:"#networkpolicies",children:"Network Policy"})," described in the next section, a single file can be placed in the ",(0,i.jsx)(n.code,{children:"/var/lib/rancher/k3s/server/manifests"})," directory. Here is an example of a ",(0,i.jsx)(n.code,{children:"policy.yaml"})," file:"]}),(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-yaml",children:"apiVersion: policy/v1beta1\nkind: PodSecurityPolicy\nmetadata:\n name: restricted-psp\nspec:\n privileged: false\n allowPrivilegeEscalation: false\n requiredDropCapabilities:\n - ALL\n volumes:\n - 'configMap'\n - 'emptyDir'\n - 'projected'\n - 'secret'\n - 'downwardAPI'\n - 'csi'\n - 'persistentVolumeClaim'\n - 'ephemeral'\n hostNetwork: false\n hostIPC: false\n hostPID: false\n runAsUser:\n rule: 'MustRunAsNonRoot'\n seLinux:\n rule: 'RunAsAny'\n supplementalGroups:\n rule: 'MustRunAs'\n ranges:\n - min: 1\n max: 65535\n fsGroup:\n rule: 'MustRunAs'\n ranges:\n - min: 1\n max: 65535\n readOnlyRootFilesystem: false\n---\napiVersion: policy/v1beta1\nkind: PodSecurityPolicy\nmetadata:\n name: system-unrestricted-psp\n annotations:\n seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'\nspec:\n allowPrivilegeEscalation: true\n allowedCapabilities:\n - '*'\n fsGroup:\n rule: RunAsAny\n hostIPC: true\n hostNetwork: true\n hostPID: true\n hostPorts:\n - max: 65535\n min: 0\n privileged: true\n runAsUser:\n rule: RunAsAny\n seLinux:\n rule: RunAsAny\n supplementalGroups:\n rule: RunAsAny\n volumes:\n - '*'\n---\napiVersion: policy/v1beta1\nkind: PodSecurityPolicy\nmetadata:\n name: svclb-psp\n annotations:\n seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'\nspec:\n allowPrivilegeEscalation: false\n allowedCapabilities:\n - NET_ADMIN\n allowedUnsafeSysctls:\n - net.ipv4.ip_forward\n - net.ipv6.conf.all.forwarding\n fsGroup:\n rule: RunAsAny\n hostPorts:\n - max: 65535\n min: 0\n runAsUser:\n rule: RunAsAny\n seLinux:\n rule: RunAsAny\n supplementalGroups:\n rule: RunAsAny\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: psp:restricted-psp\nrules:\n- apiGroups:\n - policy\n resources:\n - podsecuritypolicies\n verbs:\n - use\n resourceNames:\n - restricted-psp\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: psp:system-unrestricted-psp\nrules:\n- apiGroups:\n - policy\n resources:\n - podsecuritypolicies\n resourceNames:\n - system-unrestricted-psp\n verbs:\n - use\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: psp:svclb-psp\nrules:\n- apiGroups:\n - policy\n resources:\n - podsecuritypolicies\n resourceNames:\n - svclb-psp\n verbs:\n - use\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: default:restricted-psp\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: psp:restricted-psp\nsubjects:\n- kind: Group\n name: system:authenticated\n apiGroup: rbac.authorization.k8s.io\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: system-unrestricted-node-psp-rolebinding\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: psp:system-unrestricted-psp\nsubjects:\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: RoleBinding\nmetadata:\n name: system-unrestricted-svc-acct-psp-rolebinding\n namespace: kube-system\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: psp:system-unrestricted-psp\nsubjects:\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:serviceaccounts\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: RoleBinding\nmetadata:\n name: svclb-psp-rolebinding\n namespace: kube-system\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: psp:svclb-psp\nsubjects:\n- kind: ServiceAccount\n name: svclb\n---\nkind: NetworkPolicy\napiVersion: networking.k8s.io/v1\nmetadata:\n name: intra-namespace\n namespace: kube-system\nspec:\n podSelector: {}\n ingress:\n - from:\n - namespaceSelector:\n matchLabels:\n name: kube-system\n---\nkind: NetworkPolicy\napiVersion: networking.k8s.io/v1\nmetadata:\n name: intra-namespace\n namespace: default\nspec:\n podSelector: {}\n ingress:\n - from:\n - namespaceSelector:\n matchLabels:\n name: default\n---\nkind: NetworkPolicy\napiVersion: networking.k8s.io/v1\nmetadata:\n name: intra-namespace\n namespace: kube-public\nspec:\n podSelector: {}\n ingress:\n - from:\n - namespaceSelector:\n matchLabels:\n name: kube-public\n"})})]})]}),"\n",(0,i.jsxs)(n.blockquote,{children:["\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.strong,{children:"Note:"})," The Kubernetes critical additions such as CNI, DNS, and Ingress are run as pods in the ",(0,i.jsx)(n.code,{children:"kube-system"})," namespace. Therefore, this namespace will have a policy that is less restrictive so that these components can run properly."]}),"\n"]}),"\n",(0,i.jsx)(n.h3,{id:"networkpolicies",children:"NetworkPolicies"}),"\n",(0,i.jsx)(n.p,{children:"CIS requires that all namespaces have a network policy applied that reasonably limits traffic into namespaces and pods."}),"\n",(0,i.jsxs)(n.p,{children:["Network policies should be placed the ",(0,i.jsx)(n.code,{children:"/var/lib/rancher/k3s/server/manifests"})," directory, where they will automatically be deployed on startup."]}),"\n",(0,i.jsx)(n.p,{children:"Here is an example of a compliant network policy."}),"\n",(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-yaml",children:"kind: NetworkPolicy\napiVersion: networking.k8s.io/v1\nmetadata:\n name: intra-namespace\n namespace: kube-system\nspec:\n podSelector: {}\n ingress:\n - from:\n - namespaceSelector:\n matchLabels:\n name: kube-system\n"})}),"\n",(0,i.jsx)(n.p,{children:"With the applied restrictions, DNS will be blocked unless purposely allowed. Below is a network policy that will allow for traffic to exist for DNS."}),"\n",(0,i.jsx)(n.pre,{children:(0,i.jsx)(n.code,{className:"language-yaml",children:"apiVersion: networking.k8s.io/v1\nkind: NetworkPolicy\nmetadata:\n name: default-network-dns-policy\n namespace: