Important Registry Change Information
For the next series of KubeOne and KKP patch releases, image references will move from k8s.gcr.io
to registry.k8s.io
. This will be done to keep up with the latest upstream changes. Please ensure that any mirrors you use are able to host registry.k8s.io
and/or that firewall rules are going to allow access to registry.k8s.io
to pull images before applying the next KubeOne patch releases. This is not included in this patch release but just a notification of future changes.
Important Security Information
Kubernetes releases prior to 1.25.4, 1.24.8, 1.23.14, and 1.22.16 are affected by two Medium CVEs in kube-apiserver: CVE-2022-3162 (Unauthorized read of Custom Resources) and CVE-2022-3294 (Node address isn't always verified when proxying). We strongly recommend upgrading to 1.25.4, 1.24.8, 1.23.14, or 1.22.16 as soon as possible.
Changelog since v1.4.10
Changes by Kind
Feature
- Update etcd to 3.5.5 for Kubernetes 1.22+ clusters or use the version provided by kubeadm if it's newer (#2444, @xmudrii)
Other (Cleanup or Flake)
- Expose machine-controller metrics port (8080/TCP), so Prometheus ServiceMonitor can be used for scraping (#2440, @kubermatic-bot)
Chore
- KubeOne is now built using Go 1.18.8 (#2465, @xmudrii)
- The
kubeone-e2e
image is moved from Docker Hub to Quay (quay.io/kubermatic/kubeone-e2e
) (#2465, @xmudrii)
Checksums
SHA256 checksums can be found in the kubeone_1.4.11_checksums.txt
file.