v1.31.X

Upgrade Notice

Before upgrading from earlier releases, be sure to read the Kubernetes Urgent Upgrade Notes.

Version	Release date	Kubernetes	Kine	SQLite	Etcd	Containerd	Runc	Flannel	Metrics-server	Traefik	CoreDNS	Helm-controller	Local-path-provisioner
v1.31.4+k3s1	Dec 18 2024	v1.31.4	v0.13.5	3.46.1	v3.5.16-k3s1	v1.7.23-k3s2	v1.2.1	v0.25.7	v0.7.2	v2.11.10	v1.12.0	v0.16.5	v0.0.30
v1.31.3+k3s1	Dec 04 2024	v1.31.3	v0.13.5	3.46.1	v3.5.16-k3s1	v1.7.23-k3s2	v1.2.1	v0.25.7	v0.7.2	v2.11.10	v1.11.3	v0.16.5	v0.0.30
v1.31.2+k3s1	Oct 26 2024	v1.31.2	v0.13.2	3.46.1	v3.5.13-k3s1	v1.7.22-k3s1	v1.1.14	v0.25.6	v0.7.2	v2.11.10	v1.11.3	v0.16.5	v0.0.30
v1.31.1+k3s1	Sep 19 2024	v1.31.1	v0.12.0	3.44.0	v3.5.13-k3s1	v1.7.21-k3s2	v1.1.14	v0.25.6	v0.7.2	v2.11.8	v1.11.3	v0.16.4	v0.0.28
v1.31.0+k3s1	Sep 02 2024	v1.31.0	v0.12.0	3.44.0	v3.5.13-k3s1	v1.7.20-k3s1	v1.1.12	v0.25.4	v0.7.0	v2.10.7	v1.10.1	v0.16.3	v0.0.28

Version

Release date

Kubernetes

Kine

SQLite

Etcd

Containerd

Runc

Flannel

Metrics-server

Traefik

CoreDNS

Helm-controller

Local-path-provisioner

Dec 18 2024

Dec 04 2024

Oct 26 2024

Sep 19 2024

Sep 02 2024

Release v1.31.4+k3s1

This release updates Kubernetes to v1.31.4, and fixes a number of issues.

For more details on what’s new, see the Kubernetes release notes.

Changes since v1.31.3+k3s1:

Fix secrets-encrypt reencrypt timeout error (#11442)
Remove experimental from embedded-registry flag (#11444)
Rework loadbalancer server selection logic (#11457)
- The embedded client loadbalancer that handles connectivity to control-plane elements has been extensively reworked for improved performance, reliability, and observability.
Update coredns to 1.12.0 (#11454)
Add node-internal-dns/node-external-dns address pass-through support … (#11464)
Update to v1.31.4-k3s1 and Go 1.22.9 (#11462)

Release v1.31.3+k3s1

This release updates Kubernetes to v1.31.3, and fixes a number of issues.

For more details on what’s new, see the Kubernetes release notes.

Changes since v1.31.2+k3s1:

Backport E2E GHA fixes (#11230)
Backports for 2024-11 (#11261)
Update flannel and base cni plugins version (#11247)
Bump to latest k3s-root version in scripts/version.sh (#11302)
More backports for 2024-11 (#11307)
Fix issue with loadbalancer failover to default server (#11324)
Update Kubernetes to v1.31.3-k3s1 (#11372)
Bump containerd to -k3s2 to fix rewrites (#11403)

Release v1.31.2+k3s1

This release updates Kubernetes to v1.31.2, and fixes a number of issues.

For more details on what’s new, see the Kubernetes release notes.

Changes since v1.31.1+k3s1:

Add int test for flannel-ipv6masq (#10904)
Bump Wharfie to v0.6.7 (#10974)
Add user path to runtimes search (#11002)
Add e2e test for advanced fields in services (#11023)
Launch private registry with init (#11048)
Backports for 2024-10 (#11054)
Allow additional Rootless CopyUpDirs through K3S_ROOTLESS_COPYUPDIRS (#11041)
Bump containerd to v1.7.22 (#11072)
Simplify svclb ds (#11079)
Add the nvidia runtime cdi (#11093)
Revert "Make svclb as simple as possible" (#11118)
Fixes "file exists" error from CNI bins when upgrading k3s (#11125)
Update Kubernetes to v1.31.2 (#11155)

Release v1.31.1+k3s1

This release updates Kubernetes to v1.31.1, and fixes a number of issues. For more details on what’s new, see the Kubernetes release notes.

Changes since v1.31.0+k3s1:

Testing And Secrets-Encryption Backports for 2024-09 (#10802)
- Remove secrets encryption controller
- Cover edge case when on new minor release for E2E upgrade test
Update CNI plugins version (#10817)
Backports for 2024-09 (#10842)
Fix hosts.toml header var (#10871)
Update Kubernetes to v1.31.1 (#10895)
Update Kubernetes to v1.31.1-k3s3 (#10910)

Release v1.31.0+k3s1

This release is K3S’s first in the v1.31 line. This release updates Kubernetes to v1.31.0.

For more details on what’s new, see the Kubernetes release notes.

Changes since v1.30.4+k3s1:

Move test-compat docker test to GHA (#10414)
Check for bad token permissions when install via PR (#10387)
Bump k3s-root to v0.14.0 (#10466)
- The k3s bundled userspace has been bumped to a release based on buildroot 2024.02.3, addressing several CVEs in busybox and coreutils.
Fix INSTALL_K3S_PR support (#10472)
Add data-dir to uninstall and killall scripts (#10473)
Bump github.com/hashicorp/go-retryablehttp from 0.7.4 to 0.7.7 (#10400)
Bump golang:alpine image version (#10359)
Bump Local Path Provisioner version (#10394)
Ensure remotedialer kubelet connections use kubelet bind address (#10480)
- Fixed an issue where setting the --bind-address flag to a non-loopback or wildcard address would prevent kubectl logs from working properly.
Bump Trivy version (#10339)
Add etcd s3 config secret implementation (#10340)
- A proxy can now be configured for use when uploading etcd snapshots to a s3-compatible storage service. This overrides any proxy settings passed via environment variables.
- Credentials and endpoint configuration for storing etcd snapshots on a s3-compatible storage service can now be read from a Secret, instead of passing them via the CLI or config file. See https://github.com/k3s-io/k3s/blob/master/docs/adrs/etcd-s3-secret.md for more information.
For E2E upgrade test, automatically determine the channel to use (#10461)
Bump kine to v0.11.11 (#10494)
Fix loadbalancer reentrant rlock (#10511)
- Fixed an issue that could cause the agent loadbalancer to deadlock when the currently in-use server goes down.
Don’t use server value from config file for etcd-snapshot commands (#10514)
- The --server and --token flags for the k3s etcd-snapshot command have been renamed to --etcd-server and --etcd-token, to avoid unintentionally running snapshot management commands against a remote node when the cluster join address or token are present in a config file.
Use pagination when listing large numbers of resources (#10527)
Fix multiple issues with servicelb (#10552)
- Fixed issue that caused ServiceLB to fail to create a daemonset for services with long names
- Fixed issue that caused ServiceLB pods to crashloop on nodes with ipv6 disabled at the kernel level
Enhance E2E Hardened option (#10558)
Allow Pprof and Superisor metrics in standalone mode (#10576)
Use higher QPS for secrets reencryption (#10571)
Fix issues loading data-dir value from env vars or dropin config files (#10591)
Remove deprecated use of wait. functions (#10546)
Wire lasso metrics up to metrics endpoint (#10528)
Update stable channel to v1.30.3+k3s1 (#10647)
Bump docker/docker to v25.0.6 (#10642)
Add a change for killall to not unmount server and agent directory (#10403)
Allow edge case OS rpm installs (#10680)
Bump containerd to v1.7.20 (#10659)
Update to newer OS images for install testing (#10681)
Bump helm-controller to v0.16.3 to drop Helm v2 support (#10628)
Add toleration support to ServiceLB DaemonSet (#10687)
- - New Feature: Users can now define Kubernetes tolerations for ServiceLB DaemonSet directly in the svccontroller.k3s.cattle.io/tolerations annotation on services.
Fix: Add $SUDO prefix to transactional-update commands in install script (#10531)
Update to v1.30.3-k3s1 and Go 1.22.5 (#10707)
Fix caching name for e2e vagrant box (#10695)
Fix k3s-killall.sh support for custom data dir (#10709)
Adding MariaDB to README.md (#10717)
Bump Trivy version (#10670)
V1.31.0-k3s1 (#10715)
Update kubernetes to v1.31.0-k3s3 (#10780)