v2.30.0

Announcement

Ingress NGINX is sunset. This is the final version supporting Ingress NGINX. We'll remove ingress-nginx in future versions.
For more information, please see the Kubernetes blog.

Kubernetes Dashboard is archived. This is the final version supporting Kubernetes Dashboard. We'll remove Kubernetes Dashboard in future versions. For more information, please see the announcement.

Urgent Upgrade Notes

(No, really, you MUST read this before you upgrade)

• Action required
  containerd_discard_unpacked_layers is now applied only for containerd < 2.1 to avoid warnings with the Transfer Service used in newer versions. (#12821, @guoard)
• Cilium k8sServiceHost and k8sServicePort are now derived from kube_apiserver_global_endpoint instead of being auto-detected, so users must ensure this endpoint is correctly set and reachable from all nodes. (#12624, @r3m8)

Changes by Kind

API Change

• Removed deprecated runtime_engine and runtime_root keys from containerd configuration. (#12820, @guoard)

Feature

• Crio: add option pull_progress_timeout (#12555, @pedro-peter)
• Fixed kube_vip_version variable for managing kube-vip version instead of kube_vip_image_tag (#12835, @ThisIsQasim)
• RockyLinux 10 support (experimental) (#12355, @tico88612)
• Support kubernetes v1.34.1 (#12549, @i-yasuda)
• The default Openstack security groups now allow ICMPv6 for general IPv6 functionality. (#12805, @rptaylor)
• Update kube-vip to v1.0.3 (#12815, @LawiK974)
• Upgrade Gateway API to 1.4.0 (#12714, @tico88612)
• Upgrade containerd/nerdctl default version to 2.2.1 (#12825, @guoard)
• contrib/collection.sh will create and install the source as collection. (#12660, @bbaassssiiee)

Documentation

• Fix(cilium): prevent installation failure with unprivileged agent (#12628, @r3m8)
• The default namespace for MetalLB resources is now metallb-system. (#12860, @kittywaresz)

Bug or Regression

• Action-required
  Adding a control plane node in first place is now explicitly unsupported, the new control plane should be placed at the end of your kube_control_plane group (#12636, @clwluvw)
• Add a wait after control plane joining to prevent a kubeadm preflight error when upgrading the control plane configuration at the same time. (#12794, @VannTen)
• Deployments using Calico in vxlan mode without eBPF but with localhost load balancers will now work. (#12598, @rickerc)
• Fix Calico apiserver RBAC permissions for Kubernetes 1.33+ (#12654, @rickerc)
• Fix Cilium loadBalancer.mode rendering in Kubespray values template. (#12701, @intojhanurag)
• Fix RBAC for calico using the etcd datastore (#12828, @LawiK974)
• Fix automatic certs renew with systemd timer (#12876, @VannTen)
• Fix broken upgrade path/control plane node rotation for cluster using calico in etcd datastore mode with separate etcd.
  etcd_cert_dir_mode is deleted (always use 0700) (#12908, @VannTen)
• Fix kubeadm init retry after first failure on cluster creation (#12785, @VannTen)
• Fix(calico): Add missed rbac verb watch for hostendpoints (#12641, @jmeza-xyz)
• Fixed an issue in the config.json.j2 template where the CRI-O registry authentication configuration could render invalid JSON when multiple crio_registry_auth entries were defined, resulting in duplicate top-level auths keys in the generated config. (#12845, @accuROAMC)
• Removing external etcd member (not stacked with control plane) should now work without erroring out because the node is not in the kubernetes cluster (#12682, @VannTen)
• Update CSI components image version (#12627, @xin053)
• [feat] Setting timezone under SELinux. (#12436, @bbaassssiiee)
• apiserver_loadbalancer_domain_name default to loadbalancer_apiserver.address if defined (#12872, @VannTen)

Other (Cleanup or Flake)

• Old versions of several components are removed (#12735, @VannTen)
• Remove left-over 'master' tags (#12795, @VannTen)
• Use cilium native CNI chaining for portmap plugin instead of manually writing /etc/cni/net.d/000-cilium-portmap.conflist (#12814, @ThisIsQasim)

Components

• kubernetes 1.34.3
• etcd 3.5.26
• docker 28.3
• containerd 2.2.1
• cri-o 1.34.4
• cni-plugins 1.8.0
• calico 3.30.6
• cilium 1.18.6
• flannel 0.27.3
• kube-ovn 1.12.21
• kube-router 2.1.1
• multus 4.2.2
• kube-vip 1.0.3
• cert-manager 1.15.3
• coredns 1.12.1
• ingress-nginx 1.13.3
• argocd 2.14.5
• helm 3.18.4
• metallb 0.13.9
• registry 2.8.1
• aws-ebs-csi-plugin 0.5.0
• azure-csi-plugin 1.10.0
• cinder-csi-plugin 1.30.0
• gcp-pd-csi-plugin 1.9.2
• local-path-provisioner 0.0.32
• local-volume-provisioner 2.5.0
• node-feature-discovery 0.16.4