v2.24.0 (Beta 1)

⚠️ This is a beta release and should not be used for any production-grade setup. Things might not be working. Use at your own risk.

v2.23.6

Bugfixes

• Fix Digitalocean CSI addon failing to render (#12739)
• Fix node-labeller controller not applying the x-kubernetes.io/distribution label to RHEL nodes (#12751)
• Increase default CPU limits for KKP API/seed/master-controller-managers to prevent general slowness (#12764)

Updates

• Add support for Cilium 1.13.8, mitigating a high-severity vulnerability, CVE-2023-44487 (#12762)

v2.22.9

Bugfixes

• Fix node-labeller controller not applying the x-kubernetes.io/distribution label to RHEL nodes (#12751)
• Increase default CPU limits for KKP API/seed/master-controller-managers to prevent general slowness (#12764)

Updates

• Add Cilium 1.13.8 as supported CNI version, deprecate cilium version 1.13.0 as it's impacted by CVE-2023-34242 (#12753)

v2.21.14

Bugfixes

• Increase default CPU limits for KKP API/seed/master-controller-managers to prevent general slowness (#12771)

Updates

• Add support for Cilium 1.12.15, mitigating a high-severity vulnerability, CVE-2023-44487 (#12767)

v2.24.0 (Beta 0)

⚠️ This is a beta release and should not be used for any production-grade setup. Things might not be working. Use at your own risk.

v2.23.5

Bugfixes

• Correctly validate Hetzner API response for server type while calculating resource requirements and for networks while validating cloud spec (#12716)

Updates

• Update nginx-ingress-controller to v1.9.3 (fixes CVE-2023-44487, HTTP/2 rapid reset attack) (#12714)
• Update to Go 1.20.10 (#12698)
• Update to OSM v1.3.3 (#12710)
• Add Cilium 1.13.7 as supported CNI version, deprecate cilium version 1.13.6 as it's impacted by CVE-2023-39347, CVE-2023-41333 (Moderate Severity), CVE-2023-41332 (Low Severity) (#12695)
• Update to quay.io/kubermatic/util:2.3.1 as helper image (includes curl version patched against CVE-2023-38545 and CVE-2023-38546) (#12733)

New Feature

• Introduce DisableAdminKubeconfig flag in KubermaticSettings to disable the admin kubeconfig feature from dashboard (#12679)

v2.22.8

Bugfixes

• Correctly validate Hetzner API response for server type while calculating resource requirements and for networks while validating cloud spec (#12716)
• Fix vSphere cluster validation: If a Cluster uses a custom datastore, the Seed's default datastore should not be validated (#12655)

Updates

• Update to OSM v1.2.3 (#12709)

New Feature

• Introduce DisableAdminKubeconfig flag in KubermaticSettings to disable the admin kubeconfig feature from dashboard (#12682)

v2.21.13

Bugfixes

• Fix vSphere cluster validation: If a Cluster uses a custom datastore, the Seed's default datastore should not be validated (#12658)

Updates

• Update OSM to v1.1.4 (#12707)

v2.23.4

Bugfixes

• Fix vSphere cluster validation: If a Cluster uses a custom datastore, the Seed's default datastore should not be validated (#12655)
• Remove Cilium 1.14.1 from list of supported CNI versions visible in the dashboard as it is not supported in KKP 2.23 (#12659)

v2.23.3

Supported Kubernetes Versions

• Add support for Kubernetes 1.25.14, 1.26.9 and 1.27.6 (#12639)
• Set default Kubernetes version to 1.26.9 (#12639)

Bugfixes

• Add missing cluster-autoscaler release for user clusters using Kubernetes 1.27 (#12597)
• Fix always defaulting allowed node port IP ranges for user clusters to 0.0.0.0/0 and ::/0, even when a more specific IP range was given (#12589)
• Mark MLA Grafana dashboards as non-editable as they are managed by KKP (#12627)
• MLA Grafana Kubernetes dashboards won't repeatedly ask to be saved (#12614)

Updates

• Update d3fk/s3cmd to version (latest "arch-stable") with fb4c4dcf hash (#12644)
• Update to Go 1.20.8 (#12642)
• Add Cilium 1.13.6 as supported CNI version and deprecate older versions 1.13.3 and 1.13.4 for security reasons (GHSA-pvgm-7jpg-pw5g, GHSA-69vr-g55c-v2v4, GHSA-mc6h-6j9x-v3gq, GHSA-7mhv-gr67-hq55) (#12635)
• Update Vertical Pod Autoscaler to 0.14 (compatible with Kubernetes 1.25+) (#12611)