v1.9.1

Changelog since v1.9.0

Changes by Kind

Feature

• Add .cloudProvider.kubevirt.infraNamespace field to the KubeOneCluster API used to control what namespace will be used by the KubeVirt provider to create and manage resources in the infra cluster, such as VirtualMachines and VirtualMachineInstances (#3503, @kubermatic-bot)
• Add support for the KubeVirt CSI driver. The CSI driver is deployed automatically for all KubeVirt clusters (unless .cloudProvider.disableBundledCSIDrivers is set to true). A new optional field, .cloudProvider.kubevirt.infraClusterKubeconfig, has been added to the KubeOneCluster API used to provide a kubeconfig file for a KubeVirt infra cluster (a cluster where KubeVirt is installed). This kubeconfig can be used by the CSI driver for provisioning volumes. (#3512, @kubermatic-bot)
• Update OpenStack CCM and CSI driver to v1.31.2 and v1.30.2 (#3489, @kubermatic-bot)

Bug or Regression

• Fix an error message appearing in the KubeOne UI for clusters that don't have any Machine/MachineDeployment (#3480, @kubermatic-bot)

Other (Cleanup or Flake)

• Use dedicated keyring for Docker repositories to solve apt-key deprecation warning upon installing/upgrading containerd (#3485, @kubermatic-bot)

Updates

Others

• KubeOne is now built with Go 1.23.4 (#3513, @kubermatic-bot)

Checksums

SHA256 checksums can be found in the kubeone_1.9.1_checksums.txt file.

v1.8.5

Changelog since v1.8.4

Note: the v1.8.4 release has been abandoned due to an issue with the deprecated goreleaser flags.

Changelog since v1.8.3

Changes by Kind

Feature

• Add disable_auto_update option to example Terraform configs for AWS, Azure, Equinix Metal, OpenStack, and vSphere, used to disable automatic updates for all Flatcar nodes (#3393, @xmudrii)
• Update OpenStack CCM and CSI driver to v1.30.2, v1.29.1 and v1.28.3 (#3488, @rajaSahil)

Other (Cleanup or Flake)

• Use dedicated keyring for Docker repositories to solve apt-key deprecation warning upon installing/upgrading containerd (#3486, @kubermatic-bot)

Updates

operating-system-manager

• Update operating-system-manager (OSM) to v1.5.3 (#3390, @kron4eg)

Others

• KubeOne is now built with Go 1.22.10 (#3514, @xmudrii)

Checksums

SHA256 checksums can be found in the kubeone_1.8.5_checksums.txt file.

v1.9.0

We're happy to announce a new KubeOne minor release — KubeOne 1.9! Please consult the changelog below, as well as, the following two documents before upgrading:

• Upgrading from KubeOne 1.8 to 1.9 guide
• Known Issues in KubeOne 1.9

Changelog since v1.8.0

Urgent Upgrade Notes

(No, really, you MUST read this before you upgrade)

• Add support for Ubuntu 24.04. Example Terraform configs for all providers are now using Ubuntu 24.04 by default. If you're using the latest Terraform configs with an existing cluster, make sure to bind the operating system/image to the image that you're currently using, otherwise your instances/cluster might get recreated by Terraform. On some providers, machine-controller will use Ubuntu 24.04 if the image is not explicitly specified. (#3302, @SimonTheLeg)
• Example Terraform configs for Hetzner are now using cx22 instead of cx21 instance type by default. If you use the latest Terraform configs with an existing cluster, make sure to override the instance type as needed, otherwise your instances/cluster might get recreated by Terraform. (#3370, @kron4eg)
• KubeOne is now validating that IP addresses and hostnames provided for control plane nodes and static worker nodes are different. In other words, it's not possible to use the same machine both as a control plane node and a static worker node. This behavior has never been supported by KubeOne; if you want a control plane node that can schedule any pod, you can provision it as a control plane node and remove the control plane taint (node-role.kubernetes.io/control-plane:NoSchedule). (#3334, @kron4eg)
• Update Cilium to v1.16.3. This change might affect users that have nodes that are low on capacity (pods or resources wise). The Cilium architecture has been changed so that the Envoy Proxy is not integrated into Cilium, but is a dedicated component/DaemonSet. If you have nodes that are low on capacity, you might encounter issues when trying to start Envoy Proxy pods on those nodes. In this case, you'll need to override the Cilium addon to use the old architecture with Envoy Proxy integrated into Cilium. (#3415, @xmudrii)
• kubeone install and kubeone upgrade subcommands are removed. We have deprecated these commands in KubeOne 1.4, and made them hidden in KubeOne 1.5. With this change, we're permanently removing these two commands. kubeone apply should be used instead. (#3349, @mohamed-rafraf)

Checksums

SHA256 checksums can be found in the kubeone_1.9.0_checksums.txt file.

v1.9.0-rc.1

⚠️ This is a release candidate and should not be used for any production-grade setup. Things might not be working. Use at your own risk.

v1.8.3

Changelog since v1.8.2

Urgent Upgrade Notes

(No, really, you MUST read this before you upgrade)

• Fix vSphere CCM and CSI images. The CCM images for versions starting with v1.28.0 are pulled from the new community-owned image repository. The CCM images for versions prior to v1.28.0, and the CSI images, are pulled from the Kubermatic-managed mirror on quay.io. If you have a vSphere cluster, we strongly recommend upgrading to the latest KubeOne patch release and running kubeone apply as soon as possible, because the old image repository (gcr.io/cloud-provider-vsphere) is not available anymore, hence it's not possible to pull the needed images from that repository (#3378, @xmudrii)
• Example Terraform configs for Hetzner are now using cx22 instead of cx21 instance type by default. If you use the new Terraform configs with an existing cluster, make sure to override the instance type as needed, otherwise your instances/cluster will be destroyed (#3371, @kubermatic-bot)

Checksums

SHA256 checksums can be found in the kubeone_1.8.3_checksums.txt file.

v1.7.6

Changelog since v1.7.5

Urgent Upgrade Notes

(No, really, you MUST read this before you upgrade)

• Fix vSphere CCM and CSI images. The CCM images for versions starting with v1.28.0 are pulled from the new community-owned image repository. The CCM images for versions prior to v1.28.0, and the CSI images, are pulled from the Kubermatic-managed mirror on quay.io. If you have a vSphere cluster, we strongly recommend upgrading to the latest KubeOne patch release and running kubeone apply as soon as possible, because the old image repository (gcr.io/cloud-provider-vsphere) is not available anymore, hence it's not possible to pull the needed images from that repository (#3377, @xmudrii)
• Example Terraform configs for Hetzner are now using cx22 instead of cx21 instance type by default. If you use the new Terraform configs with an existing cluster, make sure to override the instance type as needed, otherwise your instances/cluster will be destroyed (#3372, @kubermatic-bot)

Checksums

SHA256 checksums can be found in the kubeone_1.7.6_checksums.txt file.

v1.8.2

Changelog since v1.8.1

Changes by Kind

Feature

• Allow the configuration of the upstream cluster-autoscaler flags --enforce-node-group-min-size and --balance-similar-node-groups (#3306, @kubermatic-bot)

Bug or Regression

• Do not put multiple identical tolerations on the CoreDNS deployment (#3298, @kubermatic-bot)
• Use the RHEL-based upstream Docker package repository instead of the CentOS package repository as it's not maintained any longer (#3336, @kubermatic-bot)

Updates

CNI

• Update Calico CNI to fix the CPU usage spike issues (#3326, @kron4eg)

machine-controller

• Update machine-controller to 1.59.3. This update includes support for IMDSv2 API on AWS for the worker nodes managed by machine-controller (#3323, @xrstf)

Terraform Configs

• Set HttpPutResponseHopLimit to 3 in the example Terraform configs for AWS for the control plane nodes and the static worker nodes in order to support the IMSD v2 API (#3329, @kubermatic-bot)

Checksums

SHA256 checksums can be found in the kubeone_1.8.2_checksums.txt file.

v1.7.5

Changelog since v1.7.4

Urgent Upgrade Notes

(No, really, you MUST read this before you upgrade)

• Update operating-system-manager to v1.3.6. The latest Ubuntu 22.04 images on Azure have modified the configuration for cloud-init and how it accesses its datasource in Azure, in a breaking way. If you're having an Azure cluster, it's required to refresh your machines with the latest provided OSPs to ensure that a system-wide package update doesn't result in broken machines. (#3171, @xrstf)

Changes by Kind

Bug or Regression

• Ensure apparmor-utils package is installed on Ubuntu as it's required for kubelet to function properly (#3236, @kubermatic-bot)
• Do not put multiple identical tolerations on the CoreDNS deployment (#3299, @kubermatic-bot)
• Load the CA bundle before any addon installations to resolve issues with untrusted TLS connections in environments with self-signed cerificates (#3246, @kubermatic-bot)
• Use the RHEL-based upstream Docker package repository instead of the CentOS package repository as it's not maintained any longer (#3316, @kron4eg)

Updates

machine-controller

• Update machine-controller to 1.57.9. This update includes support for IMDSv2 API on AWS for the worker nodes managed by machine-controller (#3324, @xrstf)

Terraform Configs

• Set HttpPutResponseHopLimit to 3 in the example Terraform configs for AWS for the control plane nodes and the static worker nodes in order to support the IMSD v2 API (#3330, @kubermatic-bot)
• Fix the default Rocky Linux EC2 image filter query in the example Terraform configs for AWS (#3263, @kubermatic-bot)

Checksums

SHA256 checksums can be found in the kubeone_1.7.5_checksums.txt file.

v1.8.1

Changelog since v1.8.0

Changes by Kind

Feature

• Add support for Kubernetes 1.30 (#3215, @kubermatic-bot)
• Refactor the cluster upgrade process to adhere to the Kubernetes recommendations by updating ConfigMaps used by Kubeadm instead of providing the full config to Kubeadm itself. This change should not have any effect to cluster upgrades, but if you encounter any issue, please create an issue in the KubeOne repository (#3253, @kubermatic-bot)
• KubeOne now runs kubeadm upgrade apply without the --certificate-renewal=true flag. This change should not have any effect to the upgrade process, but if you discover any issue, please create a new issue in the KubeOne repository (#3242, @kubermatic-bot)
• Add default VolumeSnapshotClass for all supported providers as part of the default-storage-class addon (#3275, @kubermatic-bot)

Bug or Regression

• Fix snapshot-webhook admitting non-supported objects (VolumeSnapshots and VolumeSnapshotContents). This fixes an issue that caused inability to create new VolumeSnapshots (#3275, @kubermatic-bot)
• Ensure apparmor-utils package is installed on Ubuntu as it's required for kubelet to function properly (#3235, @kubermatic-bot)
• Load the CA bundle before any addon installations to resolve issues with untrusted TLS connections in environments with self-signed certificates (#3247, @kubermatic-bot)
• Fix deletion issues for local Helm charts (#3268, @kubermatic-bot)

Updates

• Upgrade control plane components:
  • Update NodeLocalDNS to v1.23.1
  • Update AWS CCM to v1.30.1, v1.29.3, v1.28.6, and v1.27.7
  • Update CSI snapshot controller and webhook to v8.0.1
  • Update AWS EBS CSI driver to v1.31.0
  • Update Azure CCM to v1.30.3 for Kubernetes 1.30 clusters
  • Update AzureFile CSI driver to v1.30.2
  • Update AzureDisk CSI driver to v1.30.1
  • Update DigitalOcean CCM to v0.1.53
  • Update DigitalOcean CSI to v4.10.0
  • Update Hetzner CSI to v2.7.0
  • Update OpenStack CCM and CSI to v1.30.0 for Kubernetes 1.30 clusters
  • Update vSphere CCM to v1.30.1 for Kubernetes 1.30 clusters
  • Update vSphere CSI driver to v3.2.0
  • Update GCP Compute CSI driver to v1.13.2
  • Update Cilium to v1.15.6
  • Update cluster-autoscaler to v1.30.1, v1.29.3, v1.28.5, and v1.27.8 (#3214, @kubermatic-bot)
• Update GCP CCM to v30.0.0 (Kubernetes 1.30), v29.0.0 (Kubernetes 1.29), v28.2.1 (Kubernetes 1.28 and 1.27) (#3241, #3284, @kubermatic-bot)
• Update Canal CNI to v3.27.3 (#3200, @kubermatic-bot)
• Bind the csi-snapshotter image to v8.0.1 for all providers that are supporting snapshotting volumes (#3270, @kubermatic-bot)

Terraform Configs

• Fix the default Rocky Linux EC2 image filter query in the example Terraform configs for AWS (#3262, @kubermatic-bot)
• Add bastion host support to the example Terraform configs for VMware Virtual Cloud Director (VCD) (#3278, @kubermatic-bot)

v1.8.0

We're happy to announce a new KubeOne minor release — KubeOne 1.8! Please consult the changelog below, as well as, the following two documents before upgrading:

• Upgrading from KubeOne 1.7 to 1.8 guide
• Known Issues in KubeOne 1.8

Changelog since v1.7.0

Urgent Upgrade Notes

(No, really, you MUST read this before you upgrade)

• Refactor example Terraform configs for Hetzner to randomly generate the private network subnet in order to support creating multiple KubeOne clusters (#3152, @xmudrii)
• The example Terraform configs for Azure have been migrated to use the Standard SKU for IP addresses. This is a breaking change for existing setups; in which case you should continue using your current SKU. Manual migration is possible by dissociating IP from the VM and LB, the migrating it, and assigning it back, however please consider all potential risks before doing this migration (#3149, @kron4eg)
• Credentials defined in the credentials file now have precedence over credentials defined via environment variables. This change is made to match the behavior that's already documented in the KubeOne docs. If you use both the credentials file and the environment variables, we recommend double-checking your credentials file to make sure the credentials are up to date, as those credentials will be applied on the next kubeone apply run (#2991, @kron4eg)
• kured has been removed, you have to re-enable it back in form of helmRelease (#3024, @kron4eg)
• OSM: The latest Ubuntu 22.04 images on Azure have modified the configuration for cloud-init and how it accesses its datasource in Azure, in a breaking way. If you're having an Azure cluster, it's required to refresh your machines with the latest provided OSPs to ensure that a system-wide package update doesn't result in broken machines. (#3172, @xrstf)
• Support for Docker is removed; containerRuntime.docker became a no-op. (#3008, @kron4eg)

Checksums

SHA256 checksums can be found in the kubeone_1.8.0_checksums.txt file.