Skip to content

v2.20.1

Latest

Choose a tag to compare

@github-actions github-actions released this 04 Jul 07:20

⚠️ Upgrade Notes

  • This is a pure bug-fix patch: existing clusters should see a no-op terraform plan after upgrading (verified against v2.20.0 — no resource changes, no recreation). The agent-startup and kustomization fixes take effect on fresh applies and node replacements; the SELinux fix applies to newly provisioned/replaced nodes only.

🐛 Bug Fixes

  • Traefik Gateway API CRDs - Install the Kubernetes Gateway API standard CRDs before Traefik when traefik_provider_kubernetes_gateway_enabled is enabled, preventing Helm install failures for GatewayClass and Gateway resources (#2211).
  • Agent Startup Race on Fresh Deploys - Agent nodes now start only after the kustomization that deploys the Hetzner CCM, fixing consistent exit 124 timeouts on fresh single-apply deployments. The agent start is also observable now: on failure it dumps systemctl status and journal output instead of failing silently (#2215, #2220).
  • User Kustomization Failures No Longer Masked - A failed kubectl apply -k in the user kustomization deploy now fails the apply loudly instead of being masked by trailing extra_kustomize_deployment_commands (#2225).
  • Packer Snapshot Build Overrides - The MicroOS snapshot template now exposes x86_server_type, x86_location, arm_server_type, and arm_location packer variables, so builds can be pointed at available server types/locations with -var instead of editing the template when Hetzner capacity shifts (#2214).
  • SELinux: CSI Liveness Probes - Added allow container_t kernel_t:tcp_socket { read write } to the kube-hetzner SELinux policy, fixing hcloud-csi-driver (and similar CSI) crash-loops caused by liveness-probe denials under enforcing SELinux. Applies to newly provisioned/replaced nodes; on existing nodes either replace nodes or apply the module manually as described in #2203.

👥 Contributors

Thanks to all contributors who made this release possible:

  • @pgrig — diagnosed the SELinux CSI liveness-probe denial and authored the policy fix shipped in #2229

  • @shyblower — root-caused the agent startup race (#2215) and verified the fix in production

  • Claude Opus 4.8

  • K. N.

  • Karim Naufal

  • Nikolaus Schuetz

  • dependabot[bot]

  • knuurr

  • mysticaltech

What's Changed

📚 Documentation

  • [AUTO] Update Terraform Documentation by @github-actions[bot] in #2209

Other Changes

  • fix(agents): order agents after kustomization and surface start failures by @nikolauspschuetz in #2220
  • fix(kustomize): don't mask a failed kubectl apply -k in user kustomization deploy by @knuurr in #2225
  • fix: install Gateway API CRDs for Traefik by @mysticaltech in #2212
  • fix(packer): expose server type/location overrides for snapshot builds by @mysticaltech in #2228
  • fix(selinux): allow container liveness probes on kernel-labeled tcp sockets by @mysticaltech in #2229

New Contributors

Full Changelog: v2.20.0...v2.20.1