Releasenotes

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project will adhere to Semantic Versioning.

We use towncrier for the generation of our release notes file.

Information about unreleased changes can be found here.

General information about release upgrades are documented at How to Upgrade to a new TAROOK release.

v14.0.0 (2026-07-02)

Breaking Changes

New Features

Changed Functionality

  • We now check whether the currently used Nix version is supported before invoking any Nix commands. (!1983)

  • Nvidia packages on a Kubernetes node with GPU capability are installed or updated only if the node has not been fully initialized yet or with explicit consent. (!2455)

  • Triggering the apply-k8s-supplements action does not implicitly trigger the apply-k8s-core action anymore. (!2461)

  • Runtime improvements have been made to the node system update logic of the apply-k8s-core action. (!2462)

  • In clusters with GPU worker nodes, the NVIDIA Container Runtime log level has been set to error. The change will be applied on a Kubernetes upgrade or system update. (!2490)

  • Increased the timeout of the initial SSH connection check against each node from 5 minutes to 15 in order to support nodes and/or IaaS environments with longer OS bring-up durations. (!2492)

  • It is now required to configure gateway nodes when setting yk8s.wireguard.enabled to true. Previously the option was silently ignored when no gateway nodes were present. (!2495)

Dependencies

Bugfixes

  • A bug has been fixed that resulted in a deadlock when using both USE_VAULT_IN_DOCKER=true and YAOOK_K8S_DIRENV_MANUAL=true. (!2288)

  • Fixed the option names in a few warnings (!2381)

  • Hostnames are now validated during inventory generation. (!2454)

  • With the latest nvidia-container-toolkit a bug has been fixed which caused existing workload to lose access to the GPU on a systemctl daemon-reload. (!2455)

  • TAROOK_NIX_FLAGS (see environment variables) now accepts multiple flags (!2456, !2516)

  • A bug has been fixed where Grafana ignored Thanos datasource configuration changes. (!2464)

  • Affinity and tolerations for the node feature discovery subchart of the nvidida-device-plugin have been fixed. (!2467)

  • Affinity and tolerations for the CRD upgrade job of the kube-prometheus-stack have been fixed. (!2467)

Changes in the Documentation

  • We now provide a script to upgrade Nix on Debian-based systems to the version tested in our CI. The script can be run with nix run git+https://gitlab.com/alasca.cloud/tarook/nix#upgrade. (!1983)

  • Restructured Vault docs (!2366)

  • Documented that Tarook only supports one cluster per OpenStack project (!2443)

  • The description of yk8s.openstack.network_mtu has been refined. (!2465)

  • Fixed the documented default values of some options. (!2515)

  • Introduced a new release note category: Dependencies. (!2534)

Deprecations and Removals

  • Support for Kubernetes v1.32 has been dropped. (!2459)

  • The tasks which check for stale etcd peers have been removed. It is up to the user to ensure etcd peers are properly removed when reconfiguring the set of control plane nodes. This is ensured by running kubeadm reset on the node to be removed. (!2460)

Other Tasks

Misc