Changelog since v1.10.0

Urgent Upgrade Notes

(No, really, you MUST read this before you upgrade)

• KubeVirt Cloud Controller Manager (CCM) is now deployed by default for all KubeVirt clusters. Two new fields are added to the API used to configure the CCM (.cloudProvider.kubevirt.zoneAndRegionEnabled and .cloudProvider.kubevirt.loadBalancerEnabled). .cloudProvider.kubevirt.infraNamespace is now a required field and KubeOne will fail validation if not set (#3661, @moadqassem)
• [ACTION REQUIRED] The KubeVirt CCM requires some permissions to be added to the ServiceAccount that is bound to the infrastructure cluster kubeconfig in order to perform some tasks on the infrastructure side. For more information about the required roles please check this file
• [ACTION REQUIRED] The .cloudProvider.kubevirt.infraClusterKubeconfig field has been removed from the KubeOneCluster type. Users must remove this field from their KubeOneCluster manifests otherwise the runtime validation will fail. The kubeconfig file provided via the KUBEVIRT_KUBECONFIG environment variable is used as a kubeconfig file for the infrastructure cluster (#3675, @kron4eg)

Changes by Kind

API Changes

• Add a new annotations field to HostConfig used to annotate control plane and static worker nodes (#3658, @kron4eg)

Bug or Regression

• Fix incorrect CABundle flag in the operating-system-manager (OSM) Deployment (#3644, @kubermatic-bot)

Checksums

SHA256 checksums can be found in the kubeone_1.10.1_checksums.txt file.

We're happy to announce a new KubeOne minor release — KubeOne 1.10! Please consult the changelog below, as well as, the following two documents before upgrading:

• Upgrading from KubeOne 1.9 to 1.10 guide
• Known Issues in KubeOne 1.10

Changelog since v1.9.0

Urgent Upgrade Notes

(No, really, you MUST read this before you upgrade)

• Disallow using machine-controller and operating-system-manager with the cloud provider none (.cloudProvider.none). If you're affected by this change, you have to either disable machine-controller and/or operating-system-manager, or switch from the cloud provider none to a supported cloud provider (#3369, @kron4eg)
• The Calico VXLAN optional addon has been removed from KubeOne. This addon has been non-functional for the past several releases. If you still need and use this addon, we advise using the addons mechanism to deploy it (#3568, @kron4eg)
• The minimum kernel version for Kubernetes 1.32+ clusters is 4.19. Trying to provision a cluster with Kubernetes 1.32 or upgrade an existing cluster to Kubernetes 1.32, where nodes are not satisfying this requirement, will result in a pre-flight check failure (#3590, @kron4eg)

Checksums

SHA256 checksums can be found in the kubeone_1.10.0_checksums.txt file.

⚠️ This is a release candidate and should not be used for any production-grade setup. Things might not be working. Use at your own risk.

Changelog since v1.8.5

Changes by Kind

Feature

• Add parameter insecure to the backups-restic addon used to disable/skip the TLS verification (#3554, @kubermatic-bot)
• Label the control plane nodes before applying addons and Helm charts to allow addons and Helm charts to utilize the label selectors (#3553, @kubermatic-bot)

Bug or Regression

• Drop trailing slash from the VSPHERE_SERVER variable to ensure compatibility with machine-controller and vSphere CCM and CSI (#3552, @kubermatic-bot)
• Use the GPG key from the latest Kubernetes package repository to fix failures to install older versions of Kubernetes packages (#3525, @kubermatic-bot)

Checksums

SHA256 checksums can be found in the kubeone_1.8.6_checksums.txt file.

Changelog since v1.9.1

Changes by Kind

Feature

• Label the control plane nodes before applying addons and Helm charts to allow addons and Helm charts to utilize the label selectors (#3547, @xmudrii)
• Add parameter insecure to the backups-restic addon used to disable/skip the TLS verification (#3547, @xmudrii)

Bug or Regression

• Resolve the clusterID conflicts in cloud-config for AWS by prioritizing the cluster name from the Terraform configuration (#3547, @xmudrii)
• Drop trailing slash from the VSPHERE_SERVER variable to ensure compatibility with machine-controller and vSphere CCM and CSI (#3547, @xmudrii)
• Use the GPG key from the latest Kubernetes package repository to fix failures to install older versions of Kubernetes packages (#3526, @kubermatic-bot)
• Configure the POD_NAMESPACE environment variable for machine-controller-webhook on the KubeVirt clusters (#3549, @kubermatic-bot)
• Fix incorrect image references and tolerations in the KubeVirt CSI addon (#3547, @xmudrii)

Updates

machine-controller

• Update machine-controller to v1.61.0 (#3547, @xmudrii)

Checksums

SHA256 checksums can be found in the kubeone_1.9.2_checksums.txt file.

⚠️ This is a release candidate and should not be used for any production-grade setup. Things might not be working. Use at your own risk.

⚠️ This is a release candidate and should not be used for any production-grade setup. Things might not be working. Use at your own risk.

Changelog since v1.9.0

Changes by Kind

Feature

• Add .cloudProvider.kubevirt.infraNamespace field to the KubeOneCluster API used to control what namespace will be used by the KubeVirt provider to create and manage resources in the infra cluster, such as VirtualMachines and VirtualMachineInstances (#3503, @kubermatic-bot)
• Add support for the KubeVirt CSI driver. The CSI driver is deployed automatically for all KubeVirt clusters (unless .cloudProvider.disableBundledCSIDrivers is set to true). A new optional field, .cloudProvider.kubevirt.infraClusterKubeconfig, has been added to the KubeOneCluster API used to provide a kubeconfig file for a KubeVirt infra cluster (a cluster where KubeVirt is installed). This kubeconfig can be used by the CSI driver for provisioning volumes. (#3512, @kubermatic-bot)
• Update OpenStack CCM and CSI driver to v1.31.2 and v1.30.2 (#3489, @kubermatic-bot)

Bug or Regression

• Fix an error message appearing in the KubeOne UI for clusters that don't have any Machine/MachineDeployment (#3480, @kubermatic-bot)

Other (Cleanup or Flake)

• Use dedicated keyring for Docker repositories to solve apt-key deprecation warning upon installing/upgrading containerd (#3485, @kubermatic-bot)

Updates

Others

• KubeOne is now built with Go 1.23.4 (#3513, @kubermatic-bot)

Checksums

SHA256 checksums can be found in the kubeone_1.9.1_checksums.txt file.

Changelog since v1.8.4

Note: the v1.8.4 release has been abandoned due to an issue with the deprecated goreleaser flags.

Changelog since v1.8.3

Changes by Kind

Feature

• Add disable_auto_update option to example Terraform configs for AWS, Azure, Equinix Metal, OpenStack, and vSphere, used to disable automatic updates for all Flatcar nodes (#3393, @xmudrii)
• Update OpenStack CCM and CSI driver to v1.30.2, v1.29.1 and v1.28.3 (#3488, @rajaSahil)

Other (Cleanup or Flake)

• Use dedicated keyring for Docker repositories to solve apt-key deprecation warning upon installing/upgrading containerd (#3486, @kubermatic-bot)

Updates

operating-system-manager

• Update operating-system-manager (OSM) to v1.5.3 (#3390, @kron4eg)

Others

• KubeOne is now built with Go 1.22.10 (#3514, @xmudrii)

Checksums

SHA256 checksums can be found in the kubeone_1.8.5_checksums.txt file.

We're happy to announce a new KubeOne minor release — KubeOne 1.9! Please consult the changelog below, as well as, the following two documents before upgrading:

• Upgrading from KubeOne 1.8 to 1.9 guide
• Known Issues in KubeOne 1.9

Changelog since v1.8.0

Urgent Upgrade Notes

(No, really, you MUST read this before you upgrade)

• Add support for Ubuntu 24.04. Example Terraform configs for all providers are now using Ubuntu 24.04 by default. If you're using the latest Terraform configs with an existing cluster, make sure to bind the operating system/image to the image that you're currently using, otherwise your instances/cluster might get recreated by Terraform. On some providers, machine-controller will use Ubuntu 24.04 if the image is not explicitly specified. (#3302, @SimonTheLeg)
• Example Terraform configs for Hetzner are now using cx22 instead of cx21 instance type by default. If you use the latest Terraform configs with an existing cluster, make sure to override the instance type as needed, otherwise your instances/cluster might get recreated by Terraform. (#3370, @kron4eg)
• KubeOne is now validating that IP addresses and hostnames provided for control plane nodes and static worker nodes are different. In other words, it's not possible to use the same machine both as a control plane node and a static worker node. This behavior has never been supported by KubeOne; if you want a control plane node that can schedule any pod, you can provision it as a control plane node and remove the control plane taint (node-role.kubernetes.io/control-plane:NoSchedule). (#3334, @kron4eg)
• Update Cilium to v1.16.3. This change might affect users that have nodes that are low on capacity (pods or resources wise). The Cilium architecture has been changed so that the Envoy Proxy is not integrated into Cilium, but is a dedicated component/DaemonSet. If you have nodes that are low on capacity, you might encounter issues when trying to start Envoy Proxy pods on those nodes. In this case, you'll need to override the Cilium addon to use the old architecture with Envoy Proxy integrated into Cilium. (#3415, @xmudrii)
• kubeone install and kubeone upgrade subcommands are removed. We have deprecated these commands in KubeOne 1.4, and made them hidden in KubeOne 1.5. With this change, we're permanently removing these two commands. kubeone apply should be used instead. (#3349, @mohamed-rafraf)

Checksums

SHA256 checksums can be found in the kubeone_1.9.0_checksums.txt file.