1.25 Release notes
1.25+ck1 Bugfix release
September 19, 2022 - charmed-kubernetes --channel 1.25/stable
The release bundle can also be downloaded here.
Fixes
Notable fixes in this release include:
-
Metallb-Operators LP#1988410
With the removal of PodSecurityPolicy in Kubernetes 1.25, the metallb operators (speaker and controller) no longer include PSP-related podspec rules if the API endpoint does not support PSP. Existing PSP rules from deployments < 1.25 will be removed upon upgrade to 1.25+.
-
Kubernetes-Control-Plane / Vault relation LP#1988448
Fixes a race condition which can occur when a Vault unit loses connectivity with a related database. Vault will now retry the connection until the database becomes available again.
-
Kubernetes-Control-Plane / Google Cloud Platform LP#1988867
Fixes a race condition which can occur when applying configuration changes in Google Cloud Platform deployments when the
NetworkUnavailable
index cannot be found in a node’s status conditions.
A list of bug fixes and other minor feature updates in this release can be found at the launchpad milestone page for 1.25+ck1.
1.25
September 1, 2022 - charmed-kubernetes --channel 1.25/stable
The release bundle can also be downloaded here.
What’s new
- Telco-ready CNI
Identifying a need for increasingly sophisticated SDN within Kubernetes, Charmed Kubernetes now has a Kube-OVN charm. This enables a set of new networking capabilities such as VXLAN, QoS, IP Dualstack and more.
- High availability secret management
Furthering our commitment to resilience, we have now extended the Hashicorp Vault charm to provide HA capabilities, ensuring your secrets are always available.
- Cloud provider integration
OpenStack, vSphere and Azure become the latest Cloud integrations to benefit from updated Charmed Kubernetes charms. With these integrations, we enable you to deploy our Kubernetes and make it your own as you leverage native features within those clouds.
- Lightweight observability
Canonical Observability Stack (COS Lite) now integrates with our flagship networking charm Kube-OVN. This marks a commitment to providing high quality relations that enable zero-ops observability.
- CDK-addons uplifted to operators
As an effort to keep our charms evergreen and ready for production use, we have uplifted CDK-addons to individual operators. This provides a range of benefits, from individual build processes to versioning and releasing.
- Ubuntu 22.04 LTS support
All the components of Charmed Kubernetes can now run on the newest Ubuntu release for the very latest kernel features and security enhancements.
Component Versions
Charm/Addons pinned versions
- kube-ovn 1.10.4
- calico 3.21.4
- cephcsi 3.5.1
- cinder-csi-plugin 1.23.0
- coredns 1.9.0
- ingress-nginx 1.2.0
- k8s-keystone-auth 1.23.0
- kube-state-metrics 2.4.2
- kubernetes-dashboard 2.5.1
- openstack-cloud-controller-manager 1.23.0
Charm default versions
- cloud-provider-vsphere 1.24
- vsphere-csi-driver v2.6.0
- cloud-provider-azure v1.24.0
- azuredisk-csi-driver v1.21.0
Fixes
Notable fixes in this release include:
- configurable tls ciphers
- NVIDIA updates
- updated vault recommendations
- pod security policy removal
- csi migration flag always enabled
A full list of bug fixes and updates since Charmed Kubernetes 1.24 can be found at:
Notes and Known Issues
-
LP1988186 Storage Components on AWS and Google Cloud
Beginning in 1.25
CSIMigrationAWS
andCSIMigrationGCE
have been locked totrue
resulting this release being unable to support storage volume mounting in AWS or Google Cloud without the use of those providers’ out-of-tree csi-drivers. No charms yet exist for these two cloud platforms but will soon be addressed.:warning: do not set
channel=1.25
on charm configkubernetes-control-plane
andkubernetes-worker
unless your cluster has taken steps to mitigate the lack of built-in storage such as:- Not using storage
- Using alternative storage like
ceph-csi
- Manually configuring the out-of-tree storage provisioner
-
PodSecurityPolicy Removed PodSecurityPolicy has been removed in 1.25. Please see the PodSecurityPolicy Migration Guide if you have deployed pod security policies in your cluster. :warning: do not set
channel=1.25
on charm configkubernetes-control-plane
andkubernetes-worker
until your policies have been migrated.
Deprecations and API changes
- CSIMigration The CSIMigration feature is generally available, and its feature flag was locked to enable.
- PodSecurityPolicy
The beta
PodSecurityPolicy
admission plugin, deprecated since 1.21, is removed. See the above section for instructions to migrate to the built-in PodSecurity admission plugin. - PodDisruptionBudget
The
policy/v1beta1
API version of PodDisruptionBudget is deprecated. Migrate manifests and API clients to use thepolicy/v1
API version, available since 1.21. - vSphere
vSphere releases less than
7.0u2
are not supported for in-tree vSphere volumes as of Kubernetes 1.25. Upgrading vSphere (ESXi and vCenter) to7.0u2
or above is advised.
For details of other deprecation notices and API changes for Kubernetes 1.25, please see the relevant sections of the upstream release notes.