Deprecation / Removal
- Deprecating support for Centos7; they are not tested anymore (#11344, @ant31)
- Remove Debian 10 support. (#11347, @tico88612)
- Remove the
kubeadm_version
which is always equal tokube_version
(#11473, @VannTen) - Drop support for Kubernetes 1.27.x minimum version now is 1.28.x (#11221, @mzaian)
- if you were previously only setting
serializeImagePulls: false
to have unlimited parallel pulls, you will need to setkubelet_max_parallel_images_pulls
to a suitable value instead (#11094, @tu1h)
Feature / Major Changes
- Make kubernetes v1.30.4 default (#11455, @kokyhm)
- Add hashes for Kubernetes v1.30.3 default (#11391, @tico88612), Add hashes for Kubernetes v1.30.2 default (#11343, @tmurakam), Add hashes for Kubernetes 1.30.0, 1.30.1 and 1.30.2 (#11261, @tmurakam), Add hashes for kubernetes 1.29.7, 1.28.[11-12] (#11407, @mzaian)
- Add option
ubuntu_kernel_unattended_upgrades_disabled
to control unattended-upgrades for Linux kernel and all packages start with linux- on Ubuntu (#11296, @tu1h) - Added option to configure dependencies for kubelet.service (#11297, @ledroide)
- Adds the possibility to add extra arguments to the various containers in the cinder-csi plugin.(#11169, @Payback159)
- Allow to run kubespray with an empty kube_node group, to provision only the control plane (#11248, @VannTen)
- CentOS 7 yum repo baseurl update (#11360, @tico88612)
- Check CentOS-Base.repo exists for CentOS 7 (#11402, @tu1h)
- Check if peers is defined when peering with routers (#11259, @ehsan310)
- OpenStack Cloud Controller Manager upgrade to 1.30.0 (#11358, @tico88612)
- Rename
systemd
module tosystemd_service
(#11396, @tu1h) - User has the ability to configure calico-kube-controllers log level (#11335, @mirwan)
- User has the ability to configure local_volume_provisioner log level (#11336, @mirwan)
- User has the ability to configure netchecker components log levels (#11334, @mirwan)
- You can now disable installing OS dependencies using system's package manager by skipping
system-packages
tag. (#10872, @hedayat) kubelet_max_parallel_image_pulls
represents the maximum number of image pulls in parallel (#11094, @tu1h)- Update reset task to support Tencent OS (
reset_restart_network_service_name
) (#11459, @KubeKyrie) - Add conditional checking on ubuntu kernel unattended_upgrades disabling (#11479, @tu1h)
Applications
- Bump Cinder CSI Plugin to v1.30.0 (#11374, @tico88612)
- Bump upcloud csi driver to v1.1.0 in order to enable csi volume snapshots. (#11303, @Elias-elastisys)
- User has a possibility to fix nodePort of ingress-nginx service with property in addons.yaml (#11310, @mochizuki875)
- Update kube-vip to v0.8.0 (#11156, @jisnardo)
- [cert-manager] upgrade to v1.14.7 (#11341, @tico88612)
- [cert-manager] add support v1.13.6 (#11279, @tico88612)
- [ingress-nginx] upgrade controller to version 1.11.2 (#11463, @mzaian)
- [helm] Upgrade to v3.15.4, add 3.15.x, and drop 3.13.x (#11486, @yankay)
- Add support for LB in UpCloud private zone (#11260, @davidumea)
- Bump UpCloud terraform module to v5.6.0
UpCloud servers specify server groups to be apart of, eliminates manual rescheduling. (#11311, @robinAwallace) - Update node-feature-discovery to v0.16.4 (#11250, @mzaian)
- Allow for configuring etcd progress notify interval and default set to 5s (#11499, @liuxu623)
- Support Gateway API CRDs install (#11376, @tico88612)
- Increase ansible timeout to 300 (#11354, @rptaylor)
Network
- [calico] Change calico default version to v3.28.1, add v3.28.0 and checksum , Update calico apiserver deployment to use new readiness probe (#11234, @ehsan310)
- [calico] add calico support v3.27.4 to fix high cpu load due to XDP program in iptables (#11476, @ehsan310)
- Add cilium_hubble_event_buffer_capacity & cilium_hubble_event_queue_size vars (#10943, @pedro-peter)
- [network] bump cni version to v1.4.0 (#10698, @cyclinder)
- Change weave CNI to community version and upgrade to the latest version (2.8.7) (#11228, @tico88612)
- [kube-ovn] update to v1.12.21 (#11445, @oilbeater)
Container-Managers
- [containerd] Make containerd 1.7.21 default (#11478, @yankay)
- [containerd] added debug config variables (#11080, @spnngl)
- [containerd] fixes wrong templating for tracing config (#11372, @ugur99)
[runc] Upgrade to v1.1.13 (#11413, @mzaian) - Update docker cli version 26.1.2 (#11291, @ErikJiang)
Documentation
Bug or Regression
- Delete
/etc/NetworkManager/conf.d/dns.conf
on reset. (#11440, @HoKim98) - Fix Hetzner kubernetes group names (#11232, @jmaccabee13)
- Fix: skip multus when not defined (#10934, @darkobas2)
- Ingress-nginx-controller admission service is automatically created when
ingress_nginx_webhook_enabled: true
(#11309, @mochizuki875) - Provide missing advertise-address flag to kube-apiserver (#11387, @derselbst)
- Update reset task to support Kylin OS (
reset_restart_network_service_name
) (#11406, @KubeKyrie) - Updated indentation in cni-kube-ovn.yml.j2 (L658) (#11357, @sanshah1211)
- Fix CI with fail docker pull in gitlab runner by change DOCKER_HOST (#11315, @yankay)
- Fix etcd not starting up when using a custom access address (#11388, @derselbst)
- Fix the Auto Bump PR is blocked by the label
do-not-merge/release-note-label-needed
by adding dependabotrelease-note-none
label. (#11256, @yankay) - Fix kube_reserved so it only controls kubeReservedCgroup . (#11367, @rptaylor)
- Disables reconfiguring the cluster during upgrade (remove --config option from kubeadm upgrade apply) (#11352, @tmurakam)
- Fix error in boostrap-os when git does not handle symlinks (#11508, @VannTen)
- Fix static kube-apiserver advertise address based on first control plane (#11457, @Seljuke)
- Fix incorrect member matching when removing etcd nodes (#11488, @ErikJiang)
- Fix double pop of access_ip (#11435, @rptaylor)
- Fix use super-admin.conf for kube-vip on first master when it exists to support initial k8s v1.29+ installation with kube-vip enabled (#11422, @Seljuke)
Other (Cleanup or Flake)
- Contrib playbooks are no longer included in the ansible kubespray collection (#11239, @VannTen)
- Reduced required python packages in requirements.txt (#11199, @itayporezky)
- Fix openstack cleanup by change the delete security_group order (#11299, @yankay)
- RHEL 7, Centos 7 and derivatives are no longer supported. (#11246, @VannTen)
- Use TasksMask=infinity on ostree systems for docker systemd service (#11493, @VannTen)
Supported Components
- Core
- kubernetes v1.30.4
- etcd v3.5.12
- docker v26.1
- containerd v1.7.21
- cri-o v1.30.3 (experimental: see CRI-O Note. Only on fedora, ubuntu and centos based OS)
- Network Plugin
- cni-plugins v1.2.0
- calico v3.28.1
- cilium v1.15.4
- flannel v0.22.0
- kube-ovn v1.12.21
- kube-router v2.0.0
- multus v3.8
- weave v2.8.7
- kube-vip v0.8.0
- Application
- cert-manager v1.14.7
- coredns v1.11.1
- ingress-nginx v1.11.2
- krew v0.4.4
- argocd v2.11.0
- helm v3.15.4
- metallb v0.13.9
- registry v2.8.1
- Storage Plugin
- cephfs-provisioner v2.1.0-k8s1.11
- rbd-provisioner v2.1.1-k8s1.11
- aws-ebs-csi-plugin v0.5.0
- azure-csi-plugin v1.10.0
- cinder-csi-plugin v1.30.0
- gcp-pd-csi-plugin v1.9.2
- local-path-provisioner v0.0.24
- local-volume-provisioner v2.5.0
- node-feature-discovery v0.16.4
Known issues
N/A
Notes
- Deprecating support for Centos7
- The Ansible version has been upgrade to 9.8.0
- Change weave CNI to community version https://github.com/weaveworks/weave
Maintainers
Great respect for joining maintainers π