chore(deps): update dependency k3s-io/k3s to v1.32.0+k3s1

[renovate]

This PR contains the following updates:

Package	Update	Change
k3s-io/k3s	minor	v1.31.4+k3s1 -> v1.32.0+k3s1

---

Release Notes

k3s-io/k3s (k3s-io/k3s)

v1.32.0+k3s1: v1.32.0+k3s1

Compare Source

This release is K3S's first in the v1.32 line. This release updates Kubernetes to v1.32.0.

Kubernetes 1.32 moves the AuthorizeNodeWithSelectors feature gate to Beta and on by default. See KEP-4601 for more information.

This feature-gate breaks some of the RBAC that previous releases of K3s relied upon. The January releases of K3s v1.29, v1.30, and v1.31 will contain backported fixes. Until then, you must set --kube-apiserver-arg=feature-gates=AuthorizeNodeWithSelectors=false on server nodes, if you want to mix K3s v1.32 nodes with nodes of other versions (within the limits of what is supported by the Kubernetes Version Skew Policy).

For more details on what's new, see the Kubernetes release notes.

Changes since v1.31.4+k3s1:

• Fix rotateca validation failures when not touching default self-signed CAs (#​10710)
• Bump runc to v1.1.13 (#​10737)
• Update stable channel to v1.30.4+k3s1 (#​10739)
• Fix deploy latest commit on E2E tests (#​10725)
• Remove secrets encryption controller (#​10612)
• Update kubernetes to v1.31.0-k3s3 (#​10764)
• Bump traefik to v2.11.8 (#​10779)
• Update coredns to 1.11.3 and metrics-server to 0.7.2 (#​10760)
• Add trivy scanning to PR reports (#​10758)
• Cover edge case when on new minor release for E2E upgrade test (#​10781)
• Bump aquasecurity/trivy-action from 0.20.0 to 0.24.0 (#​10795)
• Update CNI plugins version (#​10798)
• Bump Sonobuoy version (#​10792)
• Fix /trivy action running against target branch instead of PR branch (#​10824)
• Launch private registry with init (#​10822)
• Add channel for v1.31 (#​10826)
• Bump containerd to v1.7.21, runc to v1.1.14 (#​10805)
• Bump helm-controller for skip-verify/plain-http and updated tolerations (#​10832)
• Tag PR image build as latest before scanning (#​10825)
• Only clean up containerd hosts dirs managed by k3s (#​10823)
• Remove otelgrpc pinned dependency (#​10799)
• Add node-internal-dns/node-external-dns address pass-through support (#​10852)
• Give good report if no CVEs found in trivy (#​10853)
• Fix hosts.toml header var (#​10870)
• Bump Trivy version (#​10863)
• Add int test for flannel-ipv6masq (#​10440)
• Bump Trivy version (#​10899)
• Update Kubernetes to v1.31.1-k3s3 (#​10911)
• Add MariaDB to CI (#​10724)
• Update stable channel tov1.30.5+k3s1 (#​10921)
• Use static CNI bin dir (#​10868)
  • K3s now uses a stable directory for CNI binaries, which simplifies the installation of additional CNI plugins.
• Breakup trivy scan and check comment author (#​10935)
• Fix getMembershipForUserInOrg call (#​10937)
• Check k3s-io organization membership not team membership for trivy scans (#​10940)
• Bump kine to v0.13.0 (#​10932)
  • Kine has been bumped to v0.13.0. This release includes changes that should enhance performance when using postgres as an external DB. The updated schema will be automatically used for new databases; to migrate to the new schema on existing databases, K3s can be started with the KINE_SCHEMA_MIGRATION=2 environment variable set.
• Fix trivy report download (#​10943)
• Trivy workflow: Specify GH_REPO env to use gh cli (#​10949)
• Bump Trivy version (#​10924)
• Bump traefik to chart 27.0.2 (#​10939)
• Pass Rancher's VEX report to Trivy to remove known false-positives CVEs (#​10956)
• Fix trivy vex line (#​10970)
• Add user path to runtimes search (#​10953)
  • Runtimes detection will now use $PATH
• Bump to new wharfie version (#​10971)
• Update README.md (#​10523)
• Remove trailing whitespace (#​9362)
• Bump kine to v0.13.2 (#​10978)
• Allow configuration of Rootlesskit's CopyUpDirs through an environment variable (#​10386)
  • Add new environment variable "K3S_ROOTLESS_COPYUPDIRS" to add folders to the Rootlesskit configuration.
• Fix race condition when multiple nodes reconcile S3 snapshots (#​10979)
• Bump Trivy version (#​10996)
• Add ca-cert rotation integration test, and fix ca-cert rotation (#​11013)
• Add e2e test which verifies traffic policies and firewall in services (#​10972)
• Update tcpproxy for import path change (#​11029)
• Bump Local Path Provisioner version (#​10862)
• Bump local-path-provisioner to v0.0.30 (#​11049)
• Bump helm-controller and klipper-helm (#​11060)
• Bump containerd to v1.7.22 (#​11067)
• Simplify svclb daemonset (#​10954)
  • Stop using klipper-lb as the image for svclb. Replace it with a simple busybox which just sleeps
• Add the nvidia runtime cdi (#​11065)
  • Add nvidia cdi runtime to the list of supported and discoverable runtimes
• Bump Trivy version (#​11103)
• Rollback GHA to Ubuntu 22.04 (#​11111)
• Revert "Make svclb as simple as possible" (#​11109)
• Fix Github Actions for Ubuntu-24.04 (#​11112)
• Bump aquasecurity/trivy-action from 0.24.0 to 0.27.0 (#​11105)
• Check the last 10 commits for upgrade E2E test (#​11086)
• Bump aquasecurity/trivy-action from 0.27.0 to 0.28.0 (#​11138)
• Fixes "file exists" error from CNI bins when upgrading k3s (#​11123)
• Reduce the number of GH api request for E2E nightly (#​11148)
• Update Kubernetes to v1.31.2-k3s1 and Go 1.22.8 (#​11163)
• Update stable channel to v1.30.6+k3s1 (#​11186)
• Fix timeout when defragmenting etcd on startup (#​11164)
• Capture all fedora atomic variants in install script (#​11170)
  • Allow easier installation of k3s on all variants of fedora atomic that use rpm-ostree
• Typo fixes in contributing.md (#​11201)
• Bump Trivy version (#​11206)
• Pin vagrant to older version to avoid known issue 13527 (#​11226)
• Set kine EmulatedETCDVersion from embedded etcd version (#​11221)
• Add nonroot-devices flag to agent CLI (#​11200)
  • Device_ownership_from_security_context can now be enabled in the containerd CRI config by setting the --nonroot-devices flag or config key.
• Bump runc to v1.2 (#​10896)
• Update flannel and base cni plugins version (#​11188)
• Bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#​11236)
• Fix MustFindString returning override flags on external CLI commands (#​11237)
• Bump containerd to v1.7.23-k3s1 to fix registry rewrite token scopes (#​11238)
• Fix the "Standalone"-mode of oidc-login in the wrapped kubectl library (#​11266)
  • Fixes 'no Auth Provider found for name "oidc"' when using oidc-login in standalone mode.
• Bump K3s-root version to v0.14.1 (#​11282)
• Bump kine (#​11277)
• Bump kine for mysql connection close fix (#​11305)
• Fix handling of wrapped subcommands when run with a path (#​11306)
• Fix updatecli config for klipper and helm-controller (#​11290)
• Fix issue with loadbalancer failover to default server (#​11319)
• Update localstorage_int_test.go reference (#​11339)
  • Update localstorage_int_test.go reference in tests/integration/README.md
• Add to the output command to be consistent with the product command (#​11345)
• Allow install script to print error on failed binary download (#​11335)
• Remove the go toolchain line (#​11358)
• Add ubuntu 24.04 apt command for e2e test (#​11361)
• Bump Trivy version (#​11360)
• Bump aquasecurity/trivy-action from 0.28.0 to 0.29.0 (#​11364)
• Convert legacy docker tests from bash to golang (#​11357)
• Update Kubernetes to v1.31.3-k3s1 (#​11373)
• Fix Branch Name logic for Dependabot and UpdateCLI pushes to k3s-io (#​11376)
• Fix INSTALL_K3S_PR support (#​11383)
• Fix etcd backup/restore test and add guardrail for etcd-snapshot (#​11314)
• Bump containerd to -k3s2 to fix rewrites (#​11401)
• Fix opensuse-leap install test (#​11379)
• Fix secrets-encrypt reencrypt timeout error (#​11385)
• Rework loadbalancer server selection logic (#​11329)
• Remove experimental from embedded-registry flag (#​11443)
• Update stable channel to v1.31.3+k3s1 (#​11436)
• Fix agent tunnel address with dedicated supervisor port (#​11427)
• Update coredns to 1.12.0 (#​11387)
• Bump Trivy version (#​11430)
• Update to v1.31.4-k3s1 and Go 1.22.9 (#​11463)
• Bump alpine from 3.20 to 3.21 in /conformance (#​11433)
• Fix docker check warnings (#​11474)
• Update stable channel to v1.31.4+k3s1 (#​11483)
• V1.32.0+k3s1 (#​11478)
• Switch to using kubelet config file for all supported flags (#​10433)
• Load kernel modules for nft in agent setup (#​11527)

Embedded Component Versions

Component	Version
Kubernetes	v1.32.0
Kine	v0.13.5
SQLite	3.46.1
Etcd	v3.5.16-k3s1
Containerd	v1.7.23-k3s2
Runc	v1.2.1-k3s1
Flannel	v0.25.7
Metrics-server	v0.7.2
Traefik	v2.11.10
CoreDNS	v1.12.0
Helm-controller	v0.16.5
Local-path-provisioner	v0.0.30

Helpful Links

As always, we welcome and appreciate feedback from our community of users. Please feel free to:

• Open issues here
• Join our Slack channel
• Check out our documentation for guidance on how to get started or to dive deep into K3s.
• Read how you can contribute here

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.