kubernetes-sigs/kubespray v2.26.0

on GitHub

Deprecation / Removal

• Deprecating support for Centos7; they are not tested anymore (#11344, @ant31)
• Remove Debian 10 support. (#11347, @tico88612)
• Remove the kubeadm_version which is always equal to kube_version (#11473, @VannTen)
• Drop support for Kubernetes 1.27.x minimum version now is 1.28.x (#11221, @mzaian)

Feature / Major Changes

• Make kubernetes v1.30.4 default (#11455, @kokyhm)
• Add hashes for Kubernetes v1.30.3 default (#11391, @tico88612), Add hashes for Kubernetes v1.30.2 default (#11343, @tmurakam), Add hashes for Kubernetes 1.30.0, 1.30.1 and 1.30.2 (#11261, @tmurakam), Add hashes for kubernetes 1.29.7, 1.28.[11-12] (#11407, @mzaian)
• Add option ubuntu_kernel_unattended_upgrades_disabled to control unattended-upgrades for Linux kernel and all packages start with linux- on Ubuntu (#11296, @tu1h)
• Added option to configure dependencies for kubelet.service (#11297, @ledroide)
• Adds the possibility to add extra arguments to the various containers in the cinder-csi plugin.(#11169, @Payback159)
• Allow to run kubespray with an empty kube_node group, to provision only the control plane (#11248, @VannTen)
• CentOS 7 yum repo baseurl update (#11360, @tico88612)
• Check CentOS-Base.repo exists for CentOS 7 (#11402, @tu1h)
• Check if peers is defined when peering with routers (#11259, @ehsan310)
• OpenStack Cloud Controller Manager upgrade to 1.30.0 (#11358, @tico88612)
• Rename systemd module to systemd_service (#11396, @tu1h)
• User has the ability to configure calico-kube-controllers log level (#11335, @mirwan)
• User has the ability to configure local_volume_provisioner log level (#11336, @mirwan)
• User has the ability to configure netchecker components log levels (#11334, @mirwan)
• You can now disable installing OS dependencies using system's package manager by skipping system-packages tag. (#10872, @hedayat)
• kubelet_max_parallel_image_pulls represents the maximum number of image pulls in parallel (#11094, @tu1h)
• Update reset task to support Tencent OS (reset_restart_network_service_name) (#11459, @KubeKyrie)
• Add conditional checking on ubuntu kernel unattended_upgrades disabling (#11479, @tu1h)

Applications

• Bump Cinder CSI Plugin to v1.30.0 (#11374, @tico88612)
• Bump upcloud csi driver to v1.1.0 in order to enable csi volume snapshots. (#11303, @Elias-elastisys)
• User has a possibility to fix nodePort of ingress-nginx service with property in addons.yaml (#11310, @mochizuki875)
• Update kube-vip to v0.8.0 (#11156, @jisnardo)
• [cert-manager] upgrade to v1.14.7 (#11341, @tico88612)
• [cert-manager] add support v1.13.6 (#11279, @tico88612)
• [ingress-nginx] upgrade controller to version 1.11.2 (#11463, @mzaian)
• [helm] Upgrade to v3.15.4, add 3.15.x, and drop 3.13.x (#11486, @yankay)
• Add support for LB in UpCloud private zone (#11260, @davidumea)
• Bump UpCloud terraform module to v5.6.0
  UpCloud servers specify server groups to be apart of, eliminates manual rescheduling. (#11311, @robinAwallace)
• Update node-feature-discovery to v0.16.4 (#11250, @mzaian)
• Allow for configuring etcd progress notify interval and default set to 5s (#11499, @liuxu623)
• Support Gateway API CRDs install (#11376, @tico88612)
• Increase ansible timeout to 300 (#11354, @rptaylor)

Network

• [calico] Change calico default version to v3.28.1, add v3.28.0 and checksum , Update calico apiserver deployment to use new readiness probe (#11234, @ehsan310)
• [calico] add calico support v3.27.4 to fix high cpu load due to XDP program in iptables (#11476, @ehsan310)
• Add cilium_hubble_event_buffer_capacity & cilium_hubble_event_queue_size vars (#10943, @pedro-peter)
• [network] bump cni version to v1.4.0 (#10698, @cyclinder)
• Change weave CNI to community version and upgrade to the latest version (2.8.7) (#11228, @tico88612)
• [kube-ovn] update to v1.12.21 (#11445, @oilbeater)

Container-Managers

• [containerd] Make containerd 1.7.21 default (#11478, @yankay)
• [containerd] added debug config variables (#11080, @spnngl)
• [containerd] fixes wrong templating for tracing config (#11372, @ugur99)
  [runc] Upgrade to v1.1.13 (#11413, @mzaian)
• Update docker cli version 26.1.2 (#11291, @ErikJiang)

Documentation

• Update RELEASE.md for upgrading k8s (#11321, @yankay)

Bug or Regression

• Delete /etc/NetworkManager/conf.d/dns.conf on reset. (#11440, @HoKim98)
• Fix Hetzner kubernetes group names (#11232, @jmaccabee13)
• Fix: skip multus when not defined (#10934, @darkobas2)
• Ingress-nginx-controller admission service is automatically created when ingress_nginx_webhook_enabled: true (#11309, @mochizuki875)
• Provide missing advertise-address flag to kube-apiserver (#11387, @derselbst)
• Update reset task to support Kylin OS (reset_restart_network_service_name) (#11406, @KubeKyrie)
• Updated indentation in cni-kube-ovn.yml.j2 (L658) (#11357, @sanshah1211)
• Fix CI with fail docker pull in gitlab runner by change DOCKER_HOST (#11315, @yankay)
• Fix etcd not starting up when using a custom access address (#11388, @derselbst)
• Fix the Auto Bump PR is blocked by the label do-not-merge/release-note-label-needed by adding dependabot release-note-none label. (#11256, @yankay)
• Fix kube_reserved so it only controls kubeReservedCgroup . (#11367, @rptaylor)
• Disables reconfiguring the cluster during upgrade (remove --config option from kubeadm upgrade apply) (#11352, @tmurakam)
• Fix error in boostrap-os when git does not handle symlinks (#11508, @VannTen)
• Fix static kube-apiserver advertise address based on first control plane (#11457, @Seljuke)
• Fix incorrect member matching when removing etcd nodes (#11488, @ErikJiang)
• Fix double pop of access_ip (#11435, @rptaylor)
• Fix use super-admin.conf for kube-vip on first master when it exists to support initial k8s v1.29+ installation with kube-vip enabled (#11422, @Seljuke)

Other (Cleanup or Flake)

• Contrib playbooks are no longer included in the ansible kubespray collection (#11239, @VannTen)
• Reduced required python packages in requirements.txt (#11199, @itayporezky)
• Fix openstack cleanup by change the delete security_group order (#11299, @yankay)
• RHEL 7, Centos 7 and derivatives are no longer supported. (#11246, @VannTen)
• Use TasksMask=infinity on ostree systems for docker systemd service (#11493, @VannTen)

Supported Components

• Core
  • kubernetes v1.30.4
  • etcd v3.5.12
  • docker v26.1
  • containerd v1.7.21
  • cri-o v1.30.3 (experimental: see CRI-O Note. Only on fedora, ubuntu and centos based OS)
• Network Plugin
  • cni-plugins v1.2.0
  • calico v3.28.1
  • cilium v1.15.4
  • flannel v0.22.0
  • kube-ovn v1.12.21
  • kube-router v2.0.0
  • multus v3.8
  • weave v2.8.7
  • kube-vip v0.8.0
• Application
  • cert-manager v1.14.7
  • coredns v1.11.1
  • ingress-nginx v1.11.2
  • krew v0.4.4
  • argocd v2.11.0
  • helm v3.15.4
  • metallb v0.13.9
  • registry v2.8.1
• Storage Plugin
  • cephfs-provisioner v2.1.0-k8s1.11
  • rbd-provisioner v2.1.1-k8s1.11
  • aws-ebs-csi-plugin v0.5.0
  • azure-csi-plugin v1.10.0
  • cinder-csi-plugin v1.30.0
  • gcp-pd-csi-plugin v1.9.2
  • local-path-provisioner v0.0.24
  • local-volume-provisioner v2.5.0
  • node-feature-discovery v0.16.4

Known issues

N/A

Notes

• Deprecating support for Centos7
• The Ansible version has been upgrade to 9.8.0
• Change weave CNI to community version https://github.com/weaveworks/weave

Maintainers

Great respect for joining maintainers 🎉

• Adding myself (VannTen) as approver #11483 @VannTen
• Add tico88612 as reviewer #11453 @tico88612
• owners: move ant31 from emeritus_approvers to approvers #11247 @ant31