What's Changed

• Kubernetes v1.34.2
• Update CoreDNS from v1.12.1 to v1.13.1
• Update Cilium from v1.17.5 to v1.18.4
• Update flannel from v0.27.0 to v0.27.4

Contributions

• Update Kubernetes from v1.33.2 to v1.33.3 by @dghubble in #1622
• Fix Fedora CoreOS kernel image URL/name in worker module by @dghubble in #1626
• Rollback Cilium from v1.17.6 to v1.17.5 by @dghubble in #1627
• Update Kubernetes from v1.33.3 to v1.34.2 by @dghubble in #1643
• Update kube-apiserver manifest for MutatingAdmissionPolicy by @dghubble in #1644
• Update kube-apiserver manifest for MutatingAdmissionPolicy by @dghubble in #1645
• Add release notes for v1.34.2 by @dghubble in #1648

Dependencies

• Bump quay.io/cilium/operator-generic image from v1.17.5 to v1.17.6 by @dghubble-renovate[bot] in #1621
• Bump quay.io/cilium/cilium image from v1.17.5 to v1.17.6 by @dghubble-renovate[bot] in #1620
• Bump docker.io/flannel/flannel image from v0.27.1 to v0.27.2 by @dghubble-renovate[bot] in #1623
• Bump mkdocs-material from 9.6.15 to v9.6.16 by @dghubble-renovate[bot] in #1625
• Bump pymdown-extensions from 10.16 to v10.16.1 by @dghubble-renovate[bot] in #1628
• Bump mkdocs-material from 9.6.16 to v9.6.18 by @dghubble-renovate[bot] in #1632
• Bump quay.io/cilium/cilium image from v1.17.6 to v1.18.1 by @dghubble-renovate[bot] in #1629
• Bump quay.io/cilium/operator-generic image from v1.17.6 to v1.18.1 by @dghubble-renovate[bot] in #1630
• Bump registry.k8s.io/coredns/coredns image from v1.12.2 to v1.12.3 by @dghubble-renovate[bot] in #1633
• Bump docker.io/flannel/flannel image from v0.27.2 to v0.27.3 by @dghubble-renovate[bot] in #1634
• Bump mkdocs-material from 9.6.18 to v9.6.19 by @dghubble-renovate[bot] in #1635
• Bump pymdown-extensions from 10.16.1 to v10.17.1 by @dghubble-renovate[bot] in #1642
• Bump docker.io/flannel/flannel image from v0.27.3 to v0.27.4 by @dghubble-renovate[bot] in #1640
• Bump mkdocs-material from 9.6.19 to v9.7.0 by @dghubble-renovate[bot] in #1637
• Bump registry.k8s.io/coredns/coredns image from v1.12.3 to v1.13.1 by @dghubble-renovate[bot] in #1636
• Bump quay.io/cilium/cilium image from v1.18.1 to v1.18.4 by @dghubble-renovate[bot] in #1638
• Bump quay.io/cilium/operator-generic image from v1.18.1 to v1.18.4 by @dghubble-renovate[bot] in #1639

Full Changelog: v1.33.2...v1.34.2

What's Changed

• Kubernetes v1.33.2
• Update CoreDNS from v1.12.0 to v1.12.1
• Update Cilium from v1.17.4 to v1.17.5
• Update flannel from v0.26.7 to v0.27.0

AWS

• Add worker_ipv4_address variable to associate public IPv4 addresses to worker instances (default true)
  • When IPv6 is all you need, set to false to remove IPv4 access to instances and outbound IPv4 access to the internet
• Relax aws provider version constraint to allow upgrades to v6.x (#1617)

Azure

• Add enable_http_load_balancing variable to reduce load balancer rules count
  • Azure charges by load balancer rules (5 included)
• Change Azure VMSS instance update policy (i.e. upgrade policy) from Manual to Rolling
  • Set a rolling upgrade policy so that changes to the worker node pool are rolled out gradually. Previously, the VMSS model could change, but instances would not receive it until manually replaced
• Define Azure automatic instance repair using Application Health Extension probes to 10256 (kube-proxy or Cilium equivalent) to match the strategy used on Google Cloud
• Add worker_ephemeral_disk_placement variable to allow workers with NvmeDisk Ephemeral OS disks (docs)
  • Requires azurerm provider with NvmeDisk support (#30044)

Google Cloud

• Update Google Cloud load balancer proxies from classic to current (#1604)
• Change apiserver and ingress/gateway service proxies (#1604)
  • Google Cloud TCP proxies no longer restrict which frontend ports may be used
  • Switch apiserver to listen on 6443 to match other cloud platforms
  • Switch ingress port 80 from an HTTP to TCP proxy to match HTTPS handling
• Add a variable enable_http_load_balancing to make ingress/gateway TCP/80 forwarding rules optional. Default to false (#1604)
  • Google Cloud charges by forwarding rule, so dropping support for plaintext
    http traffic can save costs if you're https-only.

Contributions

• Modernize Google Cloud load balancer setups by @dghubble in #1604
• Add enable_http_load_balancing variable to Azure clusters by @dghubble in #1605
• Set Azure VMSS upgrade policy to Rolling by @dghubble in #1609
• Update Kubernetes from v1.33.1 to v1.33.2 by @dghubble in #1612
• azure: Allow workers with NvmeDisk Ephemeral OS disks by @dghubble in #1614
• Standardize load balancer variables before release by @dghubble in #1616
• Relax aws Terraform provider version constraints by @dghubble in #1617
• [aws] Add option for using only IPv6 public addresses by @dghubble in #1618

Dependencies

• Bump docker.io/flannel/flannel image from v0.26.7 to v0.27.0 by @dghubble-renovate[bot] in #1603
• Bump registry.k8s.io/coredns/coredns image from v1.12.1 to v1.12.2 by @dghubble-renovate[bot] in #1606
• Bump quay.io/cilium/cilium image from v1.17.4 to v1.17.5 by @dghubble-renovate[bot] in #1607
• Bump quay.io/cilium/operator-generic image from v1.17.4 to v1.17.5 by @dghubble-renovate[bot] in #1608
• Bump pymdown-extensions from 10.15 to v10.16 by @dghubble-renovate[bot] in #1611
• Bump pygments from 2.19.1 to v2.19.2 by @dghubble-renovate[bot] in #1610
• Bump mkdocs-material from 9.6.14 to v9.6.15 by @dghubble-renovate[bot] in #1615
• Bump docker.io/flannel/flannel image from v0.27.0 to v0.27.1 by @dghubble-renovate[bot] in #1619

Full Changelog: v1.33.1...v1.33.2

• Kubernetes v1.33.1
• Update Cilium from v1.17.2 to v1.17.4
• Update flannel from v0.26.5 to v0.26.7

Fedora CoreOS

• Fix kernel URL name, which changed with Fedora CoreOS 42

What's Changed

• Allow kube-apiserver service account token issuer iss to be adjusted with the service_account_issuer variable
  • Allow OpenID Connect discovery to be served from an external endpoint
• Update Cilium from v1.16.5 to v1.17.2
• Update flannel from v0.26.2 to v0.26.5

Contributions

• Add service_account_issuer variable for kube-apiserver by @dghubble in #1578
• Update Kubernetes from v1.32.1 to v1.32.3 by @dghubble in #1584
• Update Cilium from v1.17.1 to v1.17.2 by @dghubble in #1589

Dependencies

• Bump pymdown-extensions from 10.14.2 to v10.14.3 by @dghubble-renovate in #1573
• Bump mkdocs-material from 9.5.50 to v9.6.2 by @dghubble-renovate in #1572
• Bump docker.io/flannel/flannel image from v0.26.3 to v0.26.4 by @dghubble-renovate in #1576
• Bump quay.io/cilium/operator-generic image from v1.16.6 to v1.17.0 by @dghubble-renovate in #1575
• Bump quay.io/cilium/cilium image from v1.16.6 to v1.17.0 by @dghubble-renovate in #1574
• Bump mkdocs-material from 9.6.2 to v9.6.3 by @dghubble-renovate in #1577
• Bump mkdocs-material from 9.6.3 to v9.6.4 by @dghubble-renovate in #1581
• Bump quay.io/cilium/operator-generic image from v1.17.0 to v1.17.1 by @dghubble-renovate in #1580
• Bump quay.io/cilium/cilium image from v1.17.0 to v1.17.1 by @dghubble-renovate in #1579
• Bump mkdocs-material from 9.6.4 to v9.6.7 by @dghubble-renovate in #1582
• Bump quay.io/cilium/operator-generic image from v1.17.1 to v1.17.2 by @dghubble-renovate in #1587
• Bump quay.io/cilium/cilium image from v1.17.1 to v1.17.2 by @dghubble-renovate in #1586
• Bump mkdocs-material from 9.6.7 to v9.6.8 by @dghubble-renovate in #1585
• Bump docker.io/flannel/flannel image from v0.26.4 to v0.26.5 by @dghubble-renovate in #1583
• Bump mkdocs-material from 9.6.8 to v9.6.9 by @dghubble-renovate in #1588

Full Changelog: v1.32.1...v1.32.3

• Kubernetes v1.32.1
• Update CoreDNS from v1.11.4 to v1.12.0
• Update flannel from v0.26.2 to v0.26.3
• Enable the MutatingAdmissionPolicy alpha feature gate and APIs

Azure

• Restore VMSS auto-scale setting to maintain node pools sizes during spot terminations (#1567)

What's Changed

• Kubernetes v1.32.0
• Change the default Pod CIDR from 10.2.0.0/16 to 10.20.0.0/14 (#1555)
• Configure Kubelets for parallel image pulls (#1556)
• Change flannel port from 4789 to 8472 to match Cilium (#1561)
  • Reverses a choice made in #466
• Remove support for Calico CNI (choose between networking cilium or flannel) (#1558)
  • Remove Calico firewall rules or security group rules
  • Remove network_mtu, network_encapsulation, and network_ip_autodetection_method variables (Calico-specific)
  • Remove Calico-specific Kubelet mounts

Azure

• Add enable_ipv6_load_balancing variable and change the default to false (breaking)
  • Azure Load Balancers include 5 rules (3 LB rules, 2 outbound) whether used or not. #1468 added 3 LB rules to support IPv6 load balancing, but raising the rules count from 5 to 8 and added ~$21/mo to the cost of the load balancer. Default disable IPv6 load balancing, but allow opt-in with extra costs.

Fedora CoreOS

• Fix Fedora CoreOS support for flannel CNI (#1557)

  • Explicitly load the nf_conntrack and br_netfilter kernel modules flannel needs

  Misc

• Docs website now supports light and dark modes for nicer viewing

Contributions

• Update Kubernetes from v1.31.4 to v1.32.0 by @dghubble in #1552
• docs: Add support for dark mode and auto mode by @dghubble in #1553
• Change the default Pod CIDR to 10.20.0.0/14 by @dghubble in #1555
• Configure Kubelets for parallel image pulls by @dghubble in #1556
• Remove support for Calico CNI by @dghubble in #1558
• Load nf_conntrack and br_netfilter for flannel by @dghubble in #1557
• Remove calico from component configuration by @dghubble in #1559
• Remove Calico BGP and IPIP firewall/security rules by @dghubble in #1560
• Change flannel port from 4789 to 8472 by @dghubble in #1561
• azure: Add enable_ipv6_load_balancing variable and default false by @dghubble in #1562

Dependencies

• Bump pymdown-extensions from 10.12 to v10.13 by @dghubble-renovate in #1554

Full Changelog: v1.31.4...v1.32.0

• Kubernetes v1.31.4
• Update Cilium from v1.16.4 to v1.16.5
• Update flannel from v0.26.0 to v0.26.2

What's Changed

• Kubernetes v1.31.2
• Update Cilium from v1.16.1 to v1.16.3
• Update flannel from v0.25.6 to v0.26.0

Contributions

• Update Kubernetes from v1.31.1 to v1.31.2 by @dghubble in #1531
• Fix nginx addon (service selector on bare-metal, rbac for all except gcp) by @rradczewski in #1534

Dependencies

• Bump docker.io/flannel/flannel image from v0.25.7 to v0.26.0 by @dghubble-renovate in #1529
• Bump quay.io/cilium/operator-generic image from v1.16.2 to v1.16.3 by @dghubble-renovate in #1527
• Bump quay.io/cilium/cilium image from v1.16.2 to v1.16.3 by @dghubble-renovate in #1526
• Bump mkdocs-material from 9.5.39 to v9.5.42 by @dghubble-renovate in #1525
• Bump pymdown-extensions from 10.11.2 to v10.12 by @dghubble-renovate in #1532
• Bump docker.io/flannel/flannel image from v0.26.0 to v0.26.1 by @dghubble-renovate in #1535
• Bump mkdocs-material from 9.5.42 to v9.5.44 by @dghubble-renovate in #1533
• Bump registry.k8s.io/coredns/coredns image from v1.11.3 to v1.11.4 by @dghubble-renovate in #1536

New Contributors

• @rradczewski made their first contribution in #1534

Full Changelog: v1.31.1...v1.31.2

What's Changed

• Kubernetes v1.31.1
• Update flannel from v0.25.5 to v0.25.6

Google

• Add controller_disk_type and worker_disk_type variables (#1513)
• Add explicit region field to regional worker instance templates (#1524)

Contributions

• GCP: Add controller_disk_type and worker_disk_type variables by @JordanP in #1513
• Update Kubernetes from v1.31.0 to v1.31.1 by @dghubble in #1515
• Add region to gcp instance template resource by @dghubble in #1524
• doc: set file_permission 0600 for kubeconfig file by @JordanP in #1519

Dependencies

• Bump docker.io/flannel/flannel image from v0.25.5 to v0.25.6 by @dghubble-renovate in #1505
• Bump mkdocs-material from 9.5.33 to v9.5.34 by @dghubble-renovate in #1509
• Bump mkdocs-material from 9.5.34 to v9.5.35 by @dghubble-renovate in #1514
• Bump mkdocs from 1.6.0 to v1.6.1 by @dghubble-renovate in #1507
• Bump mkdocs-material from 9.5.35 to v9.5.36 by @dghubble-renovate in #1516
• Bump docker.io/flannel/flannel image from v0.25.6 to v0.25.7 by @dghubble-renovate in #1523
• Bump quay.io/cilium/operator-generic image from v1.16.1 to v1.16.2 by @dghubble-renovate in #1522
• Bump quay.io/cilium/cilium image from v1.16.1 to v1.16.2 by @dghubble-renovate in #1521
• Bump mkdocs-material from 9.5.36 to v9.5.39 by @dghubble-renovate in #1520
• Bump pymdown-extensions from 10.9 to v10.11.2 by @dghubble-renovate in #1517

Full Changelog: v1.31.0...v1.31.1

What's Changed

• Kubernetes v1.31.0
• Use Cilium kube-proxy replacement mode when cilium networking is chosen (#1501)
• Fix invalid flannel-cni container image for those using flannel networking (#1497)

AWS

• Use EC2 resource-based hostnames instead of IP-based hostnames (#1499)
  • The Amazon DNS server can resolve A and AAAA queries to IPv4 and IPv6 node addresses
• Tag controller node EBS volumes with a name based on the controller node name

Google

• Use google_compute_region_instance_template instead of google_compute_instance_template
  • Google's regional instance template metadata is kept in the associated region for greater resiliency. The "global" instance templates were kept in a single region

Contributions

• Remove the cluster_domain_suffix variable and improve docs by @dghubble in #1488
• Update ARM64 cluster and hybrid cluster docs by @dghubble in #1489
• Remove some seldom used variables and set reasonable values by @dghubble in #1490
• Update default Cilium and CoreDNS components by @dghubble in #1491
• Update Kubernetes from v1.30.4 to v1.31.0 by @dghubble in #1494
• Fix flannel-cni container image by @dghubble in #1497
• aws: Switch EC2 instances to use resource-based hostnames by @dghubble in #1499
• Use Cilium kube-proxy replacement when Cilium CNI is used by @dghubble in #1501
• Remove upper bound on azurerm provider version by @dghubble in #1502
• google: Use regional instance templates for workers by @dghubble in #1504

Dependencies

• Bump mkdocs-material from 9.5.30 to v9.5.31 by @dghubble-renovate in #1487
• Bump quay.io/cilium/operator-generic image from v1.16.0 to v1.16.1 by @dghubble-renovate in #1493
• Bump quay.io/cilium/cilium image from v1.16.0 to v1.16.1 by @dghubble-renovate in #1492
• Bump mkdocs-material from 9.5.31 to v9.5.32 by @dghubble-renovate in #1495
• Bump mkdocs-material from 9.5.32 to v9.5.33 by @dghubble-renovate in #1503

Full Changelog: v1.30.3...v1.31.0