1.25 Release notes
1.25+ck2 Bugfix release
December 1, 2022
Additions
Notable additions in this release include:
-
Kubernetes Control Plane LP#1991957
Resolves an issue deploying the charm on Bionic, constituting the last supported release of this charm into this ubuntu series.
-
Kubernetes Control Plane LP#1994203
Resolves an issue deploying the charm into a jammy lxd container, where a missing path definition to
/etc/fstab
interrupted the configure kubelet hook.
1.25 Point Release
October ??, 2022
Additions
Notable additions in this release include:
-
AwsEbs in Kubernetes-Control-Plane / Kubernetes-Worker LP#1988186
With the pinning of CSIMigrationAWS=True in Kubernetes 1.25, the charm must not allow these to be set
False
. This means that in-tree storage provided by AWS is only supported in 1.25 and beyond with an out-of-tree deployment.aws-k8s-storage provides the out-of-tree deployment as a charm.
-
GCE in Kubernetes-Control-Plane / Kubernetes-Worker LP#1988186
With the pinning of CSIMigrationGCE=True in Kubernetes 1.25, the charm must not allow these to be set
False
. This means that in-tree storage provided by GCE is only supported in 1.25 and beyond with an out-of-tree deployment.gcp-k8s-storage provides the out-of-tree deployment as a charm.
1.25+ck2 Bugfix release
September 30, 2022 - charmed-kubernetes --channel 1.25/stable
The release bundle can also be downloaded here.
Fixes
Notable fixes in this release include:
-
AzureDisk in Kubernetes-Control-Plane / Kubernetes-Worker LP#1990687
With the pinning of CSIMigrationAzureDisk=True in Kubernetes 1.25, the charm must not allow these to be set
False
. This means that in-tree storage provided by AzureDisk is only supported in 1.25 and beyond with an out-of-tree deployment. -
IPv6DualStack in Kubernetes-Control-Plane / Kubernetes-Worker LP#1990455
The feature gate
IPv6DualStack=true
is the default since1.21
, and GA since1.23
, so this flag was removed in1.25
in the upstream source. As this charm release supports 1.22 through 1.25, there’s no need for this flag anymore and it is being removed. -
GCP snap in GCP-Integrator LP#1988865
The snap installed by the gcp-integrator charm to manage gcp resources collided with the snap automatically installed on new installations. The gcp-integrator charm will automatically remove the old snap (
google-cloud-sdk
) and install the correct one (google-cloud-cli
) on upgrades.Bug is marked resolved in 1.25+ck2, but was available in the gcp-integrator charm at time of 1.25+ck1 release.
A list of bug fixes and other minor feature updates in this release can be found at the launchpad milestone page for 1.25+ck2.
1.25+ck1 Bugfix release
September 19, 2022 - charmed-kubernetes --channel 1.25/stable
The release bundle can also be downloaded here.
Fixes
Notable fixes in this release include:
-
Metallb-Operators LP#1988410
With the removal of PodSecurityPolicy in Kubernetes 1.25, the metallb operators (speaker and controller) no longer include PSP-related podspec rules if the API endpoint does not support PSP. Existing PSP rules from deployments < 1.25 will be removed upon upgrade to 1.25+.
-
Kubernetes-Control-Plane / Vault relation LP#1988448
Fixes a race condition which can occur when a Vault unit loses connectivity with a related database. Vault will now retry the connection until the database becomes available again.
-
Kubernetes-Control-Plane / Google Cloud Platform LP#1988867
Fixes a race condition which can occur when applying configuration changes in Google Cloud Platform deployments when the
NetworkUnavailable
index cannot be found in a node’s status conditions.
A list of bug fixes and other minor feature updates in this release can be found at the launchpad milestone page for 1.25+ck1.
1.25
September 1, 2022 - charmed-kubernetes --channel 1.25/stable
The release bundle can also be downloaded here.
What’s new
- Telco-ready CNI
Identifying a need for increasingly sophisticated SDN within Kubernetes, Charmed Kubernetes now has a Kube-OVN charm. This enables a set of new networking capabilities such as VXLAN, QoS, IP Dualstack and more.
- High availability secret management
Furthering our commitment to resilience, we have now extended the Hashicorp Vault charm to provide HA capabilities, ensuring your secrets are always available.
- Cloud provider integration
OpenStack, vSphere and Azure become the latest Cloud integrations to benefit from updated Charmed Kubernetes charms. With these integrations, we enable you to deploy our Kubernetes and make it your own as you leverage native features within those clouds.
- Lightweight observability
Canonical Observability Stack (COS Lite) now integrates with our flagship networking charm Kube-OVN. This marks a commitment to providing high quality relations that enable zero-ops observability.
- CDK-addons uplifted to operators
As an effort to keep our charms evergreen and ready for production use, we have uplifted CDK-addons to individual operators. This provides a range of benefits, from individual build processes to versioning and releasing.
- Ubuntu 22.04 LTS support
All the components of Charmed Kubernetes can now run on the newest Ubuntu release for the very latest kernel features and security enhancements.
Component Versions
Charm/Addons pinned versions
- kube-ovn 1.10.4
- calico 3.21.4
- cephcsi 3.5.1
- cinder-csi-plugin 1.23.0
- coredns 1.9.0
- ingress-nginx 1.2.0
- k8s-keystone-auth 1.23.0
- kube-state-metrics 2.4.2
- kubernetes-dashboard 2.5.1
- openstack-cloud-controller-manager 1.23.0
Charm default versions
- cloud-provider-vsphere 1.24
- vsphere-csi-driver v2.6.0
- cloud-provider-azure v1.24.0
- azuredisk-csi-driver v1.21.0
Fixes
Notable fixes in this release include:
- configurable tls ciphers
- NVIDIA updates
- updated vault recommendations
- pod security policy removal
- csi migration flag always enabled
A full list of bug fixes and updates since Charmed Kubernetes 1.24 can be found at:
Notes and Known Issues
-
LP1988186 Storage Components on AWS and Google Cloud
Beginning in 1.25
CSIMigrationAWS
andCSIMigrationGCE
have been locked totrue
resulting this release being unable to support storage volume mounting in AWS or Google Cloud without the use of those providers’ out-of-tree csi-drivers. No charms yet exist for these two cloud platforms but will soon be addressed.:warning: do not set
channel=1.25
on charm configkubernetes-control-plane
andkubernetes-worker
unless your cluster has taken steps to mitigate the lack of built-in storage such as:- Not using storage
- Using alternative storage like
ceph-csi
- Manually configuring the out-of-tree storage provisioner
-
PodSecurityPolicy Removed PodSecurityPolicy has been removed in 1.25. Please see the PodSecurityPolicy Migration Guide if you have deployed pod security policies in your cluster. :warning: do not set
channel=1.25
on charm configkubernetes-control-plane
andkubernetes-worker
until your policies have been migrated.
Deprecations and API changes
- CSIMigration The CSIMigration feature is generally available, and its feature flag was locked to enable.
- PodSecurityPolicy
The beta
PodSecurityPolicy
admission plugin, deprecated since 1.21, is removed. See the above section for instructions to migrate to the built-in PodSecurity admission plugin. - PodDisruptionBudget
The
policy/v1beta1
API version of PodDisruptionBudget is deprecated. Migrate manifests and API clients to use thepolicy/v1
API version, available since 1.21. - vSphere
vSphere releases less than
7.0u2
are not supported for in-tree vSphere volumes as of Kubernetes 1.25. Upgrading vSphere (ESXi and vCenter) to7.0u2
or above is advised.
For details of other deprecation notices and API changes for Kubernetes 1.25, please see the relevant sections of the upstream release notes.