Releasenotes
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project will adhere to Semantic Versioning.
We use towncrier for the generation of our release notes file.
Information about unreleased changes can be found here.
General information about release upgrades are documented at How to Upgrade to a new TAROOK release.
v12.1.0 (2026-03-12)
New Features
The helm chart for Calico can now be configured with arbitrary values through yk8s.kubernetes.network.calico.helm.values. (!1568)
The helm chart for FluxCD can now be configured with arbitrary values through yk8s.k8s-service-layer.fluxcd.helm.values. (!1808)
The helm chart for the Cloud Controller Manager can now be configured with arbitrary values through yk8s.openstack.cloud_controller_manager.helm.values. (!1811)
The helm chart for the Cinder CSI driver plugin can now be configured with arbitrary values through yk8s.openstack.cinder.helm.values. (!1811)
The ability to boot OpenStack instances from volumes has been enhanced with more granular configuration options. Formerly limited to enabling or disabling this feature for all instances at once, it can now be configured at multiple levels:
Node-level: Configure the usage for individual nodes
Group-defaults-level: Configure the usage by default for a group of nodes
Global level: Configure the usage for all nodes
. (!2225)
The wg-up.sh action script has been extended by the possibility to establish a tunnel to the Kubernetes Pod and Service networks in addition. (!2287)
Support for Kubernetes v1.35 has been added. (!2302)
Changed functionality
We now use the same version of Calico for all supported Kubernetes versions. This means that Calico will be updated in Clusters that are not on the latest supported Kubernetes version. (!1568, !2324)
Updated default version of helm chart ingress-nginx of https://github.com/kubernetes/ingress-nginx from 4.13.7 to 4.14.3 (!2195)
Updated default version of helm chart rook-ceph of https://github.com/rook/rook from v1.18.6 to v1.18.9 (!2204)
In clusters using GPU worker nodes, the nvidia-device-plugin Pod running on a node is not force restarted after a Kubernetes upgrade anymore. This was previously necessary as the nvidia-device-plugin marked a GPU as unhealthy on
systemctl reloadwith a following restart of kubelet. (!2216)When booting OpenStack instances from volumes is configured via one of the following options:
the respective volumes are no longer tried to be allocated in the same availability zone as the instance. This is because Cinder availibility zone configurations often differ from Nova availability zones in standard OpenStack setups. (!2225)
The Thanos datasource has been made editable inside of Grafana. This does only effect clusters having yk8s.kubernetes.monitoring.enabled as well as yk8s.k8s-service-layer.prometheus.use_thanos and yk8s.k8s-service-layer.prometheus.use_grafana enabled. (!2253)
Grafana alerts for the Thanos datasource have been disabled as this potentially causes doubled alerts. This does only effect clusters having yk8s.kubernetes.monitoring.enabled as well as yk8s.k8s-service-layer.prometheus.use_thanos and yk8s.k8s-service-layer.prometheus.use_grafana enabled. (!2253)
Updated default version of helm chart nvidia-device-plugin of https://github.com/NVIDIA/k8s-device-plugin from 0.18.0 to 0.18.2 (!2265)
For clusters running on top of OpenStack, firewall rules have been added which allow traffic flow to the Kubernetes Pod and Service network via the Wireguard tunnel. (!2287)
Vault ServiceMonitor will now only scrape the active(leading) instance. This has been adopted to match the official helm chart behaviour. (!2290, !2337)
Updated default version of helm chart etcdbackup from 1.0.0 to 1.2.0 (!2292)
Updated default version of helm chart prometheus-blackbox-exporter of https://github.com/prometheus-community/helm-charts from 11.6.1 to 11.8.0 (!2293)
Updated default version of helm chart prometheus-adapter of https://github.com/prometheus-community/helm-charts from 5.2.0 to 5.2.1 (!2297)
Updated default version of helm chart etcdbackup from 1.2.0 to 1.2.1 (!2303)
Affinity and tolerations have been added to the snapshot-controller such that it is ensured to be running on a control plane node. (!2304)
An affinity has been added to Calico/Typha such that is scheduled to the control plane by default. (!2304)
Affinity and tolerations have been added to the cinder-csi-controllerplugin such that it is ensured to be running on a control plane node. (!2304)
The
system-cluster-criticalpriority class has been added to the snapshot-controller. (!2304)Updated default version of helm chart tigera-operator of https://github.com/projectcalico/calico from v3.30.2 to v3.30.6 (!2306)
Updated default version of helm chart prometheus-adapter of https://github.com/prometheus-community/helm-charts from 5.2.1 to 5.3.0 (!2308)
Updated default version of helm chart openstack-cinder-csi of https://github.com/kubernetes/cloud-provider-openstack from 2.34.1 to 2.34.3 (!2311)
Updated default version of helm chart openstack-cloud-controller-manager of https://github.com/kubernetes/cloud-provider-openstack from 2.34.1 to 2.34.2 (!2312)
Updated default version of helm chart openstack-cinder-csi of https://github.com/kubernetes/cloud-provider-openstack from 2.34.3 to 2.35.0 (!2314)
Updated default version of helm chart openstack-cloud-controller-manager of https://github.com/kubernetes/cloud-provider-openstack from 2.34.2 to 2.35.0 (!2315)
Updated default version of helm chart cert-manager of https://github.com/cert-manager/cert-manager from v1.19.3 to v1.19.4 (!2317)
The operating system restart behavior has been improved. Nodes are only rebooted if a package requires it. (!2318)
Updated default version of helm chart etcdbackup from 1.2.1 to 1.3.0 (!2320)
The volume-snapshot-controller version is not mapped to Kubernetes versions anymore. This means that the volume-snapshot-controller will be updated in clusters that are not on the latest supported Kubernetes version. The volume-snapshot-controller is internally managed and tested against all supported Kubernetes versions. (!2324)
Updated default version of helm chart etcdbackup from 1.3.0 to 1.4.0 (!2329)
Updated default version of helm chart ingress-nginx of https://github.com/kubernetes/ingress-nginx from 4.14.3 to 4.14.4 (!2332)
Bugfixes
A bug has been fixed which prevented yk8s.openstack.nodes.<name>.root_disk_size from taking effect. (!2225)
A bug has been fixed that caused nodes to be rebooted multiple times. (!2286)
Affinity and tolerations have been fixed for all components of the prometheus-stack such that it can be installed in clusters where all nodes are tainted if a proper yk8s.k8s-service-layer.prometheus.scheduling_key is configured. (!2304)
Affinity and tolerations have been fixed for the ngninx-ingress-controller admission webhook such that it can be installed in clusters where all nodes are tainted if a proper yk8s.k8s-service-layer.ingress.scheduling_key is configured. (!2304)
Affinity and tolerations have been fixed for Vault backups such that it can be installed in clusters where all nodes are tainted if a proper yk8s.k8s-service-layer.vault.scheduling_key is configured. (!2304)
For clusters using the Vault development setup, the state directory of the local Vault container is now automatically added to
.gitignore. If not ignored, the state directory potentially causes issues due to its ownership and restrictive permissions. (!2310)A bug has been fixed that caused Vault related scripts to silently fail. (!2323)
Changes in the Documentation
Add ability to autobuild/watch docs for changes and add docs on how to use this feature (!2203)
The Vault pivot guide has been fixed (!2212)
Deprecations and Removals
The import script for migrating pre-v1 clusters to Vault have been removed (!2213)