k3s v1.25.13+k3s1 Release

요약

이 릴리즈는 Kubernetes를 v1.25.13으로 업데이트하고 여러 문제를 해결했습니다. 자세한 내용은 Kubernetes 릴리즈 노트를 참조하십시오. 변경한 사항은 다음과 같습니다. flannel 및 플러그인 업데이트, ip 모드 관련 tailscale 버그 수정, 노드 이름이 변경될 때 etcd 스냅샷 보존, 테스트 관련 업데이트 등이 있습니다. 또한 2023-08 릴리즈를 위한 백포트 및 추가 변경 사항이 포함되어 있으며, flannel을 0.22.2로 이동하고 runc 버전도 수정했습니다. 또한 TLS SAN CN 필터링을 활성화하기 위한 새로운 CLI 플래그를 추가했습니다.

원문 내용

This release updates Kubernetes to v1.25.13, and fixes a number of issues.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.25.12+k3s1:

• Update flannel and plugins (#8076)
• Fix tailscale bug with ip modes (#8098)
• Etcd snapshots retention when node name changes (#8123)
• August Test Backports (#8127)
• Backports for 2023-08 release (#8132)
• K3s's external apiserver listener now declines to add to its certificate any subject names not associated with the kubernetes apiserver service, server nodes, or values of the --tls-san option. This prevents the certificate's SAN list from being filled with unwanted entries.
• K3s no longer enables the apiserver's enable-aggregator-routing flag when the egress proxy is not being used to route connections to in-cluster endpoints.
• Updated the embedded containerd to v1.7.3+k3s1
• Updated the embedded runc to v1.1.8
• User-provided containerd config templates may now use {{ template "base" . }} to include the default K3s template content. This makes it easier to maintain user configuration if the only need is to add additional sections to the file.
• Bump docker/docker module version to fix issues with cri-dockerd caused by recent releases of golang rejecting invalid host headers sent by the docker client.
• Updated kine to v0.10.2
• K3s etcd-snapshot delete fail to delete local file when called with s3 flag (#8145)
• Fix for cluster-reset backup from s3 when etcd snapshots are disabled (#8169)
• Fixed the etcd retention to delete orphaned snapshots based on the date (#8190)
• Additional backports for 2023-08 release (#8213)
• The version of helm used by the bundled helm controller's job image has been updated to v3.12.3
• Bumped dynamiclistener to address an issue that could cause the apiserver/supervisor listener on 6443 to stop serving requests on etcd-only nodes.
• The K3s external apiserver/supervisor listener on 6443 now sends a complete certificate chain in the TLS handshake.
• Move flannel to 0.22.2 (#8223)
• Update to v1.25.13 (#8241)
• Fix runc version bump (#8246)
• Add new CLI flag to enable TLS SAN CN filtering (#8259)
• Added a new --tls-san-security option. This flag defaults to false, but can be set to true to disable automatically adding SANs to the server's TLS certificate to satisfy any hostname requested by a client.
• Add RWMutex to address controller (#8275)

Embedded Component Versions

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started or to dive deep into K3s.
• Read how you can contribute here

링크 : https://github.com/k3s-io/k3s/releases/tag/v1.25.13%2Bk3s1