Changelog since v1.12.0
Urgent and BREAKING Upgrade Notes
(No, really, you MUST read this before you upgrade)
- Support for Kubernetes 1.31 and 1.32 has been removed. KubeOne v1.13 supports Kubernetes versions 1.33, 1.34, and 1.35. Before upgrading KubeOne, ensure your clusters are running Kubernetes v1.33 or newer. (#3973, @kron4eg)
- Delete long deprecated MachineAnnotations (#3936, @kron4eg)
- REQUIRES FIPS-140 ENABLED VCENTER! Upgrade vSphere CSI driver to v3.7.0
Changes by Kind
Feature
- Add Terraform-free Hetzner control plane provisioning (beta): A new
controlPlane.nodeSetsAPI field combined withcloudProvider.hetzner.controlPlane.loadBalancerconfiguration allows KubeOne to provision and manage Hetzner VMs and a load balancer for the control plane directly from the KubeOne manifest, without requiring Terraform for provisioning VMs/loadbalancer. - THIS IS BETA, DO NOT USE FOR PRODUCTION! (#3895, @kron4eg) - Add
kubeone etcdcommand group with subcommands for operating on the etcd cluster of a KubeOne-managed Kubernetes cluster:members(list members and alarms),defragment(defragment a member's storage),disarm(disarm alarms on one or all members),snapshot(take an etcd snapshot from a member). etcdcontrolPlaneComponents.etcdconfiguration options (quotaBackendBytes,autoCompactionRetention,autoCompactionMode) are also now supported. (#3998, @kron4eg) - Add support for Kubernetes 1.35. (#3973, @kron4eg)
- Add
features.alwaysPullImagesAPI field to enable theAlwaysPullImagesadmission plugin on the Kubernetes API server. (#4027, @adoi) - Add
features.eventRateLimitAPI field to enable theEventRateLimitadmission plugin with a configurable config file path. (#4029, @adoi) NodeRestrictionadmission plugin is now enabled by default. (#4012, @adoi)- Add
clusterNetwork.cni.cilium.enableL2Announcementsoption to enable Cilium Layer 2 announcement feature. (#3991, @rguhr) - Add insecure field in Helm release. (#3921, @mohamed-rafraf)
- Add helm authentication in HelmRelease. (#3922, @mohamed-rafraf)
- Add registry authentication support for both source registry and mirror hosts in
containerRuntime.containerd.registries. (#4014, @rajaSahil) - Remove validation of mutual exclusivity between
ContainerdRegistryandRegistryConfiguration. Both can now be configured simultaneously. (#3993, @kron4eg) - Upgrade containerd from v1.7.x to v2.2.x.
Note: The deprecated CRI-based registry authentication configuration is still being used with containerd v2. It is recommended to use Kubernetes ImagePullSecrets for registry authentication instead. (#4006, @rajaSahil) - Use
certificateAuthority.bundlefield consistently across all configuration paths that previously usedcaBundle. (#3925, @kron4eg) - Skip
aznfsapt package installation on Azure when the addon is not needed. (#3949, @dharapvj) - Update install script to support ARM architecture on Linux and macOS. (#3914, @scheeles)
- Add support for ECDSA CA key (#4004, @kron4eg)
Fixes of Bugs or Regressions
- Remove CPU/memory limits from machine-controller and operating-system-manager deployments. (#3979, @kron4eg)
- Restore Cilium CIDR match policy that was missing from the Cilium configmap. (#4036, @kron4eg)
- Add permission for services in KubeVirt CCM. (#4035, @rajaSahil)
- Set the infra namespace annotation on the control plane nodes for KubeVirt. (#4034, @rajaSahil)
- Fix cilium-envoy image reference (#3910, @peschmae)
- Run file permission reconciliation across all SSH-managed nodes, not just the leader. (#4030, @adoi)
- Enables policy-cidr-match-mode: nodes in the Cilium CNI addon configuration. (#4005, @rajaSahil)
- Fix kernel version parsing to correctly ignore
+suffix present in some kernel version strings (e.g., on Flatcar). (#4009, @ttuellmann) - Add
allowVolumeExpansion: trueto the OpenStack Cinder CSI StorageClass to allow volume expansion. (#4001, @jan-di) - Fix incorrect cluster name passed to KubeVirt CCM arguments. (#3980, @kron4eg)
- Mirror CoreDNS image when containerd mirrors or
overwriteRegistryare configured. (#3929, @mohamed-rafraf) - Fix missing sandbox (pause) image when mirroring images. (#3926, @mohamed-rafraf)
- Respect customized addon manifests when applying addons. (#3920, @appiepollo14)
- Fix GCP CCM addon being applied twice when provided as a user-managed addon. (#3919, @appiepollo14)
- Fixed an issue in the OpenStack Terraform Quickstart configs that Neutron can not assign the floating IP to the basion host. (#3943, @kleini)
- Fix
kubernetes-apt-keyring.gpgfile permissions to be set explicitly. (#3940, @piotr1212) - Fix
/etc/kubeone/proxy-envfile permissions to be set explicitly. (#3939, @piotr1212) - Fix cluster-autoscaler deployment not being migrated when
matchLabelschanged. (#3958, @kron4eg)
Updates
- Update machine-controller to v1.65.0 and operating-system-manager to v1.9.0. (#3979, #3982, #3983, @kron4eg)
- Update KubeVirt CSI image to v0.4.5 (#3981, @kron4eg)
- Update Hetzner CSI driver to v2.18.3 (#3934, @kron4eg)
- Update component versions (#4013, #4017, @kron4eg):
- Cilium updated to v1.19.2
- Canal (Calico) updated to v3.31.4
- Hetzner CCM updated to v1.30.1 (now uses watch-based route reconciliation instead of polling)
- Hetzner CSI driver updated to v2.20.0
- vSphere CSI driver updated to v3.7.0
- KubeVirt CSI driver updated to v0.4.5
- metrics-server updated to v0.8.1
- AWS EBS CSI driver updated to v1.57.1
- AWS CCM: v1.33.2 / v1.34.0 / v1.35.0 (per Kubernetes version)
- Azure CCM: v1.33.3 / v1.34.2 / v1.35.0 (per Kubernetes version)
- OpenStack CCM: v1.33.1 / v1.34.1 / v1.35.0 (per Kubernetes version)
- OpenStack Cinder CSI: v1.33.1 / v1.34.1 / v1.35.0 (per Kubernetes version)
- vSphere CPI: v1.33.0 / v1.34.0 / v1.35.1 (per Kubernetes version)
- ClusterAutoscaler: v1.33.4 / v1.34.3 / v1.35.0 (per Kubernetes version)
- Equinix Metal CCM updated to v3.8.1
- GCP CCM updated to v33.1.1
- GCP Compute Persistent Disk CSI driver updated to v1.17.4
- Rename
cluster-autoscaler-values.yamladdon values file tocluster-autoscaler-values(without extension). (#3916, @steled) - Update KubeOne container base image to alpine:3.23. (#3957, @archups)