k8s/baseline
k8s/baseline
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity

chore: update dependency k3s-io/k3s to v1.36.0+k3s1 #312

Merged
smark merged 1 commit from renovate/k3s-io-k3s-1.x into main 2026-05-12 17:17:51 +00:00
Conversation 0 Commits 1 Files changed 1 +1 -1
renovate-bot commented 2026-05-08 02:01:15 +00:00
Owner
Copy link

This PR contains the following updates:

Package Update Change
k3s-io/k3s minor v1.35.4+k3s1v1.36.0+k3s1

See https://eol301.grasky.net/k3s-io/k3s for EOL dates and support lifecycles.

Release Notes

k3s-io/k3s (k3s-io/k3s)

v1.36.0+k3s1: v1.36.0+k3s1

Compare Source

This release updates Kubernetes to v1.36.0, and fixes a number of issues.

For more details on what's new, see the Kubernetes release notes.

Changes since v1.35.0+k3s1:

  • Add firewall section to check-config.sh (#​13234)
  • Update golangci-lint and re-enable CI linting step (#​13343)
  • Enable secret encryption on existing clusters (#​13370)
  • Use Get, not Head for channel page (#​13402)
  • Replace temporary etcd server with raw mvcc store access (#​13368)
  • Remove flannel external-ip annotations when disabled (#​13431)
  • Bump local path provisioner to v0.0.34 (#​13430)
  • Publish GA images to staging registry (#​13438)
  • Fix atomic write in WriteSubnetFile (#​13380)
  • Bump expr-lang/expr (#​13440)
  • Bump spegel to v0.6.0 (#​13198)
  • Update longhorn version in integration test from v1.4.0 to v1.10.1 (#​13443)
  • Remove download/generate from vulncheck (#​13445)
  • Add Momentum Coach AI to K3S adopters list (#​13467)
    • NONE
  • Move to rootlesskit v2 (#​13486)
  • Fix CVE-2025-54410: Update docker/docker to v25.0.13 (#​13473)
  • Bump etcd to v3.6.7 (#​13495)
  • Add Percona and Solanica to k3s adopters (#​13510)
  • Fix restart of control-plane-only nodes attempting to reconcile from local datastore (#​13534)
  • Fix spegel filter for wildcards (#​13527)
  • Add IPv6 loopback to kubelet-serving cert (#​13532)
  • Fix handling of empty token file (#​13529)
  • Use channel.yaml instead of curling for stable for kubectl install (#​13531)
  • Fix VPN node IP not being applied to kubelet (#​13457)
  • Bump scorecard checkout to match all other versions (#​13568)
  • Explicitly close mvcc backend to fix high CPU on initial etcd server after restart (#​13569)
  • Support commit builds via GHA artifacts (#​13559)
  • Bump metrics-server to v0.8.1 (#​13594)
  • Add registry prefix to image-list file (#​13603)
  • Fix removal of init node via annotation (#​13624)
  • Make artifact URL prefix configurable (#​13367)
    • Added INSTALL_K3S_ARTIFACT_URL to donwload K3s binary from a different URL
  • Install binutils-gold only for arm64 builds (#​13654)
  • Rootlesskit Revert + Test Fixes (#​13681)
  • Improve resilience of datastore bootstrap reconcile from etcd (#​13677)
  • Assign github.event to env first (#​13715)
  • Config: Add default imports to containerd base templates (#​13680)
    • Containerd config generated by k3s now includes imports pointing at versioned drop-in directories: config.toml.d for v2 config and config-v3.toml.d for v3 (e.g. /var/lib/rancher/k3s/agent/etc/containerd/config.toml.d/*.toml and .../config-v3.toml.d/*.toml). Additional .toml files in the matching directory are automatically loaded by containerd. Use these directories for drop-in config (e.g. proxy plugins, custom runtimes, or debug settings) without modifying the main config or custom templates.
  • Add nix-snapshotter support to the embedded containerd (#​13676)
    • Add nix-snapshotter plugin to the embedded containerd to enable rootless k3s + nix-snapshotter
  • Do not create etcd name file if etcd is not in use (#​13727)
  • Bump rancher/mirrored-coredns-coredns image version (#​13743)
  • Update packages to remove unmaintained dependencies (#​13724)
  • Save cluster state before reencyrpting secrets with newly created key (#​13764)
  • Bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 (#​13713)
  • Bump github.com/docker/cli from 28.3.2+incompatible to 29.2.0+incompatible (#​13730)
  • Build(deps): bump github.com/pion/dtls/v3 from 3.0.6 to 3.0.11 (#​13645)
  • Use etcd-snapshot-retention as default for s3 if etcd-s3-retention is not set (#​13770)
  • Install.sh: Simplify handling for fedora rpm-ostree based distributions (#​13712)
  • Bump cni plugins to v1.9.1 (#​13817)
  • Simplify snapshot compress/decompress logic (#​13826)
  • Fix typo: overriden -> overridden in snapshot_handler.go (#​13847)
  • Fix: typo in etcd membership error message (#​13848)
  • Bump helm-controller for job race fix (#​13853)
  • Add context to controller event recorders (#​13856)
  • Dapper is kill (#​13860)
  • Add sipgate to the list of adopters (#​13881)
  • Add Rocket Technologies to the list of adopters (#​13890)
  • Pin govulncheck GHA version (#​13887)
  • Verify sha256sum for kubelet, vagrant zip and go binary (#​13889)
  • Check the k3s-root sha256sum (#​13888)
  • Build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 (#​13891)
  • Fix reproducibility of embedded data tarball (#​13875)
  • Build(deps): bump github.com/buger/jsonparser from 1.1.1 to 1.1.2 (#​13837)
  • Build(deps): bump github.com/nats-io/nats-server/v2 from 2.12.2 to 2.12.6 (#​13852)
  • Fix S3 test to account for change to s3mock (#​13906)
  • Bump runc/spegel/helm-controller/kine (#​13909)
    • Bump runc to v1.4.2
    • Bump spegel to v0.6.0-k3s2
    • Bump helm-controller to v0.17.1
    • Bump kine to v0.14.16
  • Fix embedded executor VPN config injection (#​13920)
  • Bump containerd to v2.2.3 (#​13931)
  • Bump flannel to v0.28.4 (#​13937)
  • Immutable release changes (#​13902)
  • Bump Traefik to 3.6.13 (#​13969)
  • Switch from draft to pre-release (#​13951)
  • Fix SANs added from comma-separated node-external-ip list (#​13989)
  • Fix docker dualstack test (#​13994)
  • Bump klipper-helm image for revision check fix (#​13995)
  • Bump upstream to v1.36 (#​13986)
  • Fix kubectl exec when using docker (#​14021)

Embedded Component Versions

Component Version
Kubernetes v1.36.0
Kine v0.14.16
SQLite 3.51.3
Etcd v3.6.7-k3s1
Containerd v2.2.3-k3s1
Runc v1.4.2
Flannel v0.28.4
Metrics-server v0.8.1
Traefik v3.6.13
CoreDNS v1.14.2
Helm-controller v0.17.1
Local-path-provisioner v0.0.35

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [k3s-io/k3s](https://github.com/k3s-io/k3s) | minor | `v1.35.4+k3s1` → `v1.36.0+k3s1` | :hourglass: See https://eol301.grasky.net/k3s-io/k3s for EOL dates and support lifecycles. --- ### Release Notes <details> <summary>k3s-io/k3s (k3s-io/k3s)</summary> ### [`v1.36.0+k3s1`](https://github.com/k3s-io/k3s/releases/tag/v1.36.0%2Bk3s1): v1.36.0+k3s1 [Compare Source](https://github.com/k3s-io/k3s/compare/v1.35.4+k3s1...v1.36.0+k3s1) <!-- v1.36.0+k3s1 --> This release updates Kubernetes to v1.36.0, and fixes a number of issues. For more details on what's new, see the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#changelog-since-v1350). #### Changes since v1.35.0+k3s1: - Add firewall section to check-config.sh [(#&#8203;13234)](https://github.com/k3s-io/k3s/pull/13234) - Update golangci-lint and re-enable CI linting step [(#&#8203;13343)](https://github.com/k3s-io/k3s/pull/13343) - Enable secret encryption on existing clusters [(#&#8203;13370)](https://github.com/k3s-io/k3s/pull/13370) - Use Get, not Head for channel page [(#&#8203;13402)](https://github.com/k3s-io/k3s/pull/13402) - Replace temporary etcd server with raw mvcc store access [(#&#8203;13368)](https://github.com/k3s-io/k3s/pull/13368) - Remove flannel external-ip annotations when disabled [(#&#8203;13431)](https://github.com/k3s-io/k3s/pull/13431) - Bump local path provisioner to v0.0.34 [(#&#8203;13430)](https://github.com/k3s-io/k3s/pull/13430) - Publish GA images to staging registry [(#&#8203;13438)](https://github.com/k3s-io/k3s/pull/13438) - Fix atomic write in WriteSubnetFile [(#&#8203;13380)](https://github.com/k3s-io/k3s/pull/13380) - Bump expr-lang/expr [(#&#8203;13440)](https://github.com/k3s-io/k3s/pull/13440) - Bump spegel to v0.6.0 [(#&#8203;13198)](https://github.com/k3s-io/k3s/pull/13198) - Update longhorn version in integration test from v1.4.0 to v1.10.1 [(#&#8203;13443)](https://github.com/k3s-io/k3s/pull/13443) - Remove download/generate from vulncheck [(#&#8203;13445)](https://github.com/k3s-io/k3s/pull/13445) - Add Momentum Coach AI to K3S adopters list [(#&#8203;13467)](https://github.com/k3s-io/k3s/pull/13467) - NONE - Move to rootlesskit v2 [(#&#8203;13486)](https://github.com/k3s-io/k3s/pull/13486) - Fix CVE-2025-54410: Update docker/docker to v25.0.13 [(#&#8203;13473)](https://github.com/k3s-io/k3s/pull/13473) - Bump etcd to v3.6.7 [(#&#8203;13495)](https://github.com/k3s-io/k3s/pull/13495) - Add Percona and Solanica to k3s adopters [(#&#8203;13510)](https://github.com/k3s-io/k3s/pull/13510) - Fix restart of control-plane-only nodes attempting to reconcile from local datastore [(#&#8203;13534)](https://github.com/k3s-io/k3s/pull/13534) - Fix spegel filter for wildcards [(#&#8203;13527)](https://github.com/k3s-io/k3s/pull/13527) - Add IPv6 loopback to kubelet-serving cert [(#&#8203;13532)](https://github.com/k3s-io/k3s/pull/13532) - Fix handling of empty token file [(#&#8203;13529)](https://github.com/k3s-io/k3s/pull/13529) - Use channel.yaml instead of curling for stable for kubectl install [(#&#8203;13531)](https://github.com/k3s-io/k3s/pull/13531) - Fix VPN node IP not being applied to kubelet [(#&#8203;13457)](https://github.com/k3s-io/k3s/pull/13457) - Bump scorecard checkout to match all other versions [(#&#8203;13568)](https://github.com/k3s-io/k3s/pull/13568) - Explicitly close mvcc backend to fix high CPU on initial etcd server after restart [(#&#8203;13569)](https://github.com/k3s-io/k3s/pull/13569) - Support commit builds via GHA artifacts [(#&#8203;13559)](https://github.com/k3s-io/k3s/pull/13559) - Bump metrics-server to v0.8.1 [(#&#8203;13594)](https://github.com/k3s-io/k3s/pull/13594) - Add registry prefix to image-list file [(#&#8203;13603)](https://github.com/k3s-io/k3s/pull/13603) - Fix removal of init node via annotation [(#&#8203;13624)](https://github.com/k3s-io/k3s/pull/13624) - Make artifact URL prefix configurable [(#&#8203;13367)](https://github.com/k3s-io/k3s/pull/13367) - Added INSTALL\_K3S\_ARTIFACT\_URL to donwload K3s binary from a different URL - Install binutils-gold only for arm64 builds [(#&#8203;13654)](https://github.com/k3s-io/k3s/pull/13654) - Rootlesskit Revert + Test Fixes [(#&#8203;13681)](https://github.com/k3s-io/k3s/pull/13681) - Improve resilience of datastore bootstrap reconcile from etcd [(#&#8203;13677)](https://github.com/k3s-io/k3s/pull/13677) - Assign github.event to env first [(#&#8203;13715)](https://github.com/k3s-io/k3s/pull/13715) - Config: Add default imports to containerd base templates [(#&#8203;13680)](https://github.com/k3s-io/k3s/pull/13680) - Containerd config generated by k3s now includes `imports` pointing at versioned drop-in directories: `config.toml.d` for v2 config and `config-v3.toml.d` for v3 (e.g. `/var/lib/rancher/k3s/agent/etc/containerd/config.toml.d/*.toml` and `.../config-v3.toml.d/*.toml`). Additional `.toml` files in the matching directory are automatically loaded by containerd. Use these directories for drop-in config (e.g. proxy plugins, custom runtimes, or debug settings) without modifying the main config or custom templates. - Add nix-snapshotter support to the embedded containerd [(#&#8203;13676)](https://github.com/k3s-io/k3s/pull/13676) - Add nix-snapshotter plugin to the embedded containerd to enable rootless k3s + nix-snapshotter - Do not create etcd name file if etcd is not in use [(#&#8203;13727)](https://github.com/k3s-io/k3s/pull/13727) - Bump rancher/mirrored-coredns-coredns image version [(#&#8203;13743)](https://github.com/k3s-io/k3s/pull/13743) - Update packages to remove unmaintained dependencies [(#&#8203;13724)](https://github.com/k3s-io/k3s/pull/13724) - Save cluster state before reencyrpting secrets with newly created key [(#&#8203;13764)](https://github.com/k3s-io/k3s/pull/13764) - Bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 [(#&#8203;13713)](https://github.com/k3s-io/k3s/pull/13713) - Bump github.com/docker/cli from 28.3.2+incompatible to 29.2.0+incompatible [(#&#8203;13730)](https://github.com/k3s-io/k3s/pull/13730) - Build(deps): bump github.com/pion/dtls/v3 from 3.0.6 to 3.0.11 [(#&#8203;13645)](https://github.com/k3s-io/k3s/pull/13645) - Use etcd-snapshot-retention as default for s3 if etcd-s3-retention is not set [(#&#8203;13770)](https://github.com/k3s-io/k3s/pull/13770) - Install.sh: Simplify handling for fedora rpm-ostree based distributions [(#&#8203;13712)](https://github.com/k3s-io/k3s/pull/13712) - Bump cni plugins to v1.9.1 [(#&#8203;13817)](https://github.com/k3s-io/k3s/pull/13817) - Simplify snapshot compress/decompress logic [(#&#8203;13826)](https://github.com/k3s-io/k3s/pull/13826) - Fix typo: overriden -> overridden in snapshot\_handler.go [(#&#8203;13847)](https://github.com/k3s-io/k3s/pull/13847) - Fix: typo in etcd membership error message [(#&#8203;13848)](https://github.com/k3s-io/k3s/pull/13848) - Bump helm-controller for job race fix [(#&#8203;13853)](https://github.com/k3s-io/k3s/pull/13853) - Add context to controller event recorders [(#&#8203;13856)](https://github.com/k3s-io/k3s/pull/13856) - Dapper is kill [(#&#8203;13860)](https://github.com/k3s-io/k3s/pull/13860) - Add sipgate to the list of adopters [(#&#8203;13881)](https://github.com/k3s-io/k3s/pull/13881) - Add Rocket Technologies to the list of adopters [(#&#8203;13890)](https://github.com/k3s-io/k3s/pull/13890) - Pin govulncheck GHA version [(#&#8203;13887)](https://github.com/k3s-io/k3s/pull/13887) - Verify sha256sum for kubelet, vagrant zip and go binary [(#&#8203;13889)](https://github.com/k3s-io/k3s/pull/13889) - Check the k3s-root sha256sum [(#&#8203;13888)](https://github.com/k3s-io/k3s/pull/13888) - Build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 [(#&#8203;13891)](https://github.com/k3s-io/k3s/pull/13891) - Fix reproducibility of embedded data tarball [(#&#8203;13875)](https://github.com/k3s-io/k3s/pull/13875) - Build(deps): bump github.com/buger/jsonparser from 1.1.1 to 1.1.2 [(#&#8203;13837)](https://github.com/k3s-io/k3s/pull/13837) - Build(deps): bump github.com/nats-io/nats-server/v2 from 2.12.2 to 2.12.6 [(#&#8203;13852)](https://github.com/k3s-io/k3s/pull/13852) - Fix S3 test to account for change to s3mock [(#&#8203;13906)](https://github.com/k3s-io/k3s/pull/13906) - Bump runc/spegel/helm-controller/kine [(#&#8203;13909)](https://github.com/k3s-io/k3s/pull/13909) - Bump runc to v1.4.2 - Bump spegel to v0.6.0-k3s2 - Bump helm-controller to v0.17.1 - Bump kine to v0.14.16 - Fix embedded executor VPN config injection [(#&#8203;13920)](https://github.com/k3s-io/k3s/pull/13920) - Bump containerd to v2.2.3 [(#&#8203;13931)](https://github.com/k3s-io/k3s/pull/13931) - Bump flannel to v0.28.4 [(#&#8203;13937)](https://github.com/k3s-io/k3s/pull/13937) - Immutable release changes [(#&#8203;13902)](https://github.com/k3s-io/k3s/pull/13902) - Bump Traefik to 3.6.13 [(#&#8203;13969)](https://github.com/k3s-io/k3s/pull/13969) - Switch from draft to pre-release [(#&#8203;13951)](https://github.com/k3s-io/k3s/pull/13951) - Fix SANs added from comma-separated node-external-ip list [(#&#8203;13989)](https://github.com/k3s-io/k3s/pull/13989) - Fix docker dualstack test [(#&#8203;13994)](https://github.com/k3s-io/k3s/pull/13994) - Bump klipper-helm image for revision check fix [(#&#8203;13995)](https://github.com/k3s-io/k3s/pull/13995) - Bump upstream to v1.36 [(#&#8203;13986)](https://github.com/k3s-io/k3s/pull/13986) - Fix kubectl exec when using docker [(#&#8203;14021)](https://github.com/k3s-io/k3s/pull/14021) #### Embedded Component Versions | Component | Version | | ---------------------- | ------------------------------------------------------------------------------------------------- | | Kubernetes | [v1.36.0](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.36.md#v1360) | | Kine | [v0.14.16](https://github.com/k3s-io/kine/releases/tag/v0.14.16) | | SQLite | [3.51.3](https://sqlite.org/releaselog/3_51_3.html) | | Etcd | [v3.6.7-k3s1](https://github.com/k3s-io/etcd/releases/tag/v3.6.7-k3s1) | | Containerd | [v2.2.3-k3s1](https://github.com/k3s-io/containerd/releases/tag/v2.2.3-k3s1) | | Runc | [v1.4.2](https://github.com/opencontainers/runc/releases/tag/v1.4.2) | | Flannel | [v0.28.4](https://github.com/flannel-io/flannel/releases/tag/v0.28.4) | | Metrics-server | [v0.8.1](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.8.1) | | Traefik | [v3.6.13](https://github.com/traefik/traefik/releases/tag/v3.6.13) | | CoreDNS | [v1.14.2](https://github.com/coredns/coredns/releases/tag/v1.14.2) | | Helm-controller | [v0.17.1](https://github.com/k3s-io/helm-controller/releases/tag/v0.17.1) | | Local-path-provisioner | [v0.0.35](https://github.com/rancher/local-path-provisioner/releases/tag/v0.0.35) | #### Helpful Links As always, we welcome and appreciate feedback from our community of users. Please feel free to: - [Open issues here](https://github.com/rancher/k3s/issues/new/choose) - [Join our Slack channel](https://slack.rancher.io/) - [Check out our documentation](https://rancher.com/docs/k3s/latest/en/) for guidance on how to get started or to dive deep into K3s. - [Read how you can contribute here](https://github.com/rancher/k3s/blob/master/CONTRIBUTING.md) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNjkuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE2OS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
smark merged commit e6360a811f into main 2026-05-12 17:17:51 +00:00
smark deleted branch renovate/k3s-io-k3s-1.x 2026-05-12 17:17:51 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
k8s/baseline!312
No description provided.