Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(github-release): update k3s-io/k3s to v1.28.2+k3s1 #951

Merged
merged 1 commit into from
Sep 22, 2023
Merged

feat(github-release): update k3s-io/k3s to v1.28.2+k3s1 #951

merged 1 commit into from
Sep 22, 2023

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 22, 2023

Mend Renovate

This PR contains the following updates:

Package Update Change
k3s-io/k3s minor v1.27.4+k3s1 -> v1.28.2+k3s1

Release Notes

k3s-io/k3s (k3s-io/k3s)

v1.28.2+k3s1: v1.28.2+k3s1

Compare Source

This release updates Kubernetes to v1.28.2, and fixes a number of issues.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.28.1+k3s1:
  • Update channel for version v1.28 (#​8305)
  • Bump kine to v0.10.3 (#​8323)
  • Update to v1.28.2 and go v1.20.8 (#​8364)
    • Bump embedded containerd to v1.7.6
    • Bump embedded stargz-snapshotter plugin to latest
    • Fixed intermittent drone CI failures due to race conditions in test environment setup scripts
    • Fixed CI failures due to changes to api discovery changes in Kubernetes 1.28
Embedded Component Versions
Component Version
Kubernetes v1.28.2
Kine v0.10.3
SQLite 3.42.0
Etcd v3.5.9-k3s1
Containerd v1.7.6-k3s1
Runc v1.1.8
Flannel v0.22.2
Metrics-server v0.6.3
Traefik v2.9.10
CoreDNS v1.10.1
Helm-controller v0.15.4
Local-path-provisioner v0.0.24
Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

v1.28.1+k3s1: v1.28.1+k3s1

Compare Source

This release is K3S's first in the v1.28 line. This release updates Kubernetes to v1.28.1.

⚠️ IMPORTANT: This release includes remediation for CVE-2023-32187, a potential Denial of Service attack vector on K3s servers. See GHSA-m4hf-6vgr-75r2 for more information, including documentation on changes in behavior that harden clusters against this vulnerability.

Kubernetes v1.28 contains a critical regression (kubernetes/kubernetes#120247) that causes init containers to run at the same time as app containers following a restart of the node. This issue will be fixed in v1.28.2. We do not recommend using K3s v1.28 at this time if your application depends on init containers.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.27.5+k3s1:
Embedded Component Versions
Component Version
Kubernetes v1.28.1
Kine v0.10.3
SQLite 3.42.0
Etcd v3.5.9-k3s1
Containerd v1.7.3-k3s2
Runc v1.1.8
Flannel v0.22.2
Metrics-server v0.6.3
Traefik v2.9.10
CoreDNS v1.10.1
Helm-controller v0.15.4
Local-path-provisioner v0.0.24
Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

v1.27.6+k3s1: v1.27.6+k3s1

Compare Source

This release updates Kubernetes to v1.27.6, and fixes a number of issues.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.27.5+k3s1:
  • Bump kine to v0.10.3 (#​8324)
  • Update to v1.27.6 and Go to 1.20.8 (#​8356)
    • Bump embedded containerd to v1.7.6
    • Bump embedded stargz-snapshotter plugin to latest
    • Fixed intermittent drone CI failures due to race conditions in test environment setup scripts
    • Fixed CI failures due to changes to api discovery changes in Kubernetes 1.28
Embedded Component Versions
Component Version
Kubernetes v1.27.6
Kine v0.10.3
SQLite 3.42.0
Etcd v3.5.9-k3s1
Containerd v1.7.6-k3s1.27
Runc v1.1.8
Flannel v0.22.2
Metrics-server v0.6.3
Traefik v2.9.10
CoreDNS v1.10.1
Helm-controller v0.15.4
Local-path-provisioner v0.0.24
Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

v1.27.5+k3s1: v1.27.5+k3s1

Compare Source

This release updates Kubernetes to v1.27.5, and fixes a number of issues.

⚠️ IMPORTANT: This release includes support for remediating CVE-2023-32187, a potential Denial of Service attack vector on K3s servers. See GHSA-m4hf-6vgr-75r2 for more information, including mandatory steps necessary to harden clusters against this vulnerability.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.27.4+k3s1:
  • Update cni plugins version to v1.3.0 (#​8056)
    • Upgraded cni-plugins to v1.3.0
  • Update flannel to v0.22.1 (#​8057)
    • Update flannel to v0.22.1
  • ADR on secrets encryption v3 (#​7938)
  • Unit test for MustFindString (#​8013)
  • Add support for using base template in etc/containerd/config.toml.tmpl (#​7991)
    • User-provided containerd config templates may now use {{ template "base" . }} to include the default K3s template content. This makes it easier to maintain user configuration if the only need is to add additional sections to the file.
  • Make apiserver egress args conditional on egress-selector-mode (#​7972)
    • K3s no longer enables the apiserver's enable-aggregator-routing flag when the egress proxy is not being used to route connections to in-cluster endpoints.
  • Security bump to docker/distribution (#​8047)
  • Fix coreos multiple installs (#​8083)
  • Update stable channel to v1.27.4+k3s1 (#​8067)
  • Fix tailscale bug with ip modes (#​8077)
  • Consolidate CopyFile functions (#​8079)
  • E2E: Support GOCOVER for more tests + fixes (#​8080)
  • Fix typo in terraform/README.md (#​8090)
  • Add FilterCN function to prevent SAN Stuffing (#​8085)
    • K3s's external apiserver listener now declines to add to its certificate any subject names not associated with the kubernetes apiserver service, server nodes, or values of the --tls-san option. This prevents the certificate's SAN list from being filled with unwanted entries.
  • Bump docker/docker to master commit; cri-dockerd to 0.3.4 (#​8092)
    • Bump docker/docker module version to fix issues with cri-dockerd caused by recent releases of golang rejecting invalid host headers sent by the docker client.
  • Bump versions for etcd, containerd, runc (#​8109)
    • Updated the embedded containerd to v1.7.3+k3s1
    • Updated the embedded runc to v1.1.8
    • Updated the embedded etcd to v3.5.9+k3s1
  • Etcd snapshots retention when node name changes (#​8099)
  • Bump kine to v0.10.2 (#​8125)
    • Updated kine to v0.10.2
  • Remove terraform package (#​8136)
  • Fix etcd-snapshot delete when etcd-s3 is true (#​8110)
  • Add --disable-cloud-controller and --disable-kube-proxy test (#​8018)
  • Use go list -m instead of grep to look up versions (#​8138)
  • Use VERSION_K8S in tests instead of grep go.mod (#​8147)
  • Fix for Kubeflag Integration test (#​8154)
  • Fix for cluster-reset backup from s3 when etcd snapshots are disabled (#​8155)
  • Run integration test CI in parallel (#​8156)
  • Bump Trivy version (#​8150)
  • Bump Trivy version (#​8178)
  • Fixed the etcd retention to delete orphaned snapshots based on the date (#​8177)
  • Bump dynamiclistener (#​8193)
    • Bumped dynamiclistener to address an issue that could cause the apiserver/supervisor listener on 6443 to stop serving requests on etcd-only nodes.
    • The K3s external apiserver/supervisor listener on 6443 now sends a complete certificate chain in the TLS handshake.
  • Bump helm-controller/klipper-helm versions (#​8204)
    • The version of helm used by the bundled helm controller's job image has been updated to v3.12.3
  • E2E: Add test for k3s token (#​8184)
  • Move flannel to 0.22.2 (#​8219)
    • Move flannel to v0.22.2
  • Update to v1.27.5 (#​8236)
  • Add new CLI flag to enable TLS SAN CN filtering (#​8257)
    • Added a new --tls-san-security option. This flag defaults to false, but can be set to true to disable automatically adding SANs to the server's TLS certificate to satisfy any hostname requested by a client.
  • Add RWMutex to address controller (#​8273)
Embedded Component Versions
Component Version
Kubernetes v1.27.5
Kine v0.10.2
SQLite 3.42.0
Etcd v3.5.9-k3s1
Containerd v1.7.3-k3s1
Runc v1.1.8
Flannel v0.22.2
Metrics-server v0.6.3
Traefik v2.9.10
CoreDNS v1.10.1
Helm-controller v0.15.4
Local-path-provisioner v0.0.24
Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Configuration

📅 Schedule: Branch creation - "on saturday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@github-actions github-actions bot added area/ansible area/bootstrap Changes made in the bootstrap directory labels Sep 22, 2023
@onedr0p onedr0p merged commit f947938 into main Sep 22, 2023
1 check passed
@onedr0p onedr0p deleted the renovate/k3s-io-k3s-1.x branch September 22, 2023 01:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
area/bootstrap Changes made in the bootstrap directory renovate/github-release type/minor
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@onedr0p