Releasenotes
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project will adhere to Semantic Versioning.
We use towncrier for the generation of our release notes file.
Information about unreleased changes can be found here.
General information about release upgrades are documented at How to Upgrade to a new TAROOK release.
v14.0.0 (2026-07-02)
Breaking Changes
Terraform is now configured using Terranix. The necessary state migration is automatically handled by the migration script.
Attention
Don’t switch the backend before migrating
Attention
Ensure that apply-terraform.sh completes successfully before attempting a release migration
The behaviour of init-cluster-repo.sh has changed:
The environment variables
MANAGED_K8S_LATEST_RELEASEandMANAGED_K8S_GIT_BRANCHare not supported anymoreUse
-bto pass a custom branch name instead of passing it as the first argumentThe first positional argument now allows to select from one of the available templates (currently
minimal,openstack,proxmox)
See Initialization (OpenStack) and Initialization (Proxmox) (!1560)
Updated default version of helm chart kube-prometheus-stack of https://github.com/prometheus-community/helm-charts from 83.4.0 to 84.3.0 (!2453)
New Features
Support for deploying Tarook on Proxmox has been added.
See Quickstart on Proxmox for a first impression. (!1560, !2484)
The following option has been introduced to easily configure the event TTL for the kube-apiserver: yk8s.kubernetes.apiserver.event_ttl. (!2272)
Control plane components can now be customized using patches, see:
Important
Patch files manually added to
/etc/kubernetes/kubeadm-patcheson a node will get removed on a rollout.For more information, refer to kubeadm: Customizing with patches (!2272)
The action destroy.sh now supports bare-metal clusters (!2273)
Support for Kubernetes v1.36 has been added. (!2510)
Changed Functionality
We now check whether the currently used Nix version is supported before invoking any Nix commands. (!1983)
Nvidia packages on a Kubernetes node with GPU capability are installed or updated only if the node has not been fully initialized yet or with explicit consent. (!2455)
Triggering the apply-k8s-supplements action does not implicitly trigger the apply-k8s-core action anymore. (!2461)
Runtime improvements have been made to the node system update logic of the apply-k8s-core action. (!2462)
In clusters with GPU worker nodes, the NVIDIA Container Runtime log level has been set to error. The change will be applied on a Kubernetes upgrade or system update. (!2490)
Increased the timeout of the initial SSH connection check against each node from 5 minutes to 15 in order to support nodes and/or IaaS environments with longer OS bring-up durations. (!2492)
It is now required to configure gateway nodes when setting yk8s.wireguard.enabled to
true. Previously the option was silently ignored when no gateway nodes were present. (!2495)
Dependencies
Updated default version of helm chart dcgm-exporter of https://github.com/nvidia/dcgm-exporter from 4.6.0 to 4.8.1 (!2296)
Updated default version of helm chart nvidia-device-plugin of https://github.com/NVIDIA/k8s-device-plugin from 0.18.2 to 0.19.3 (!2379)
!2418, !2449, !2451, !2458, !2471, !2473, !2480, !2498, !2499, !2505, !2512, !2518, !2520, !2521, !2533, !2537
Updated default version of helm chart etcdbackup from 2.0.2 to 2.0.3 (!2444)
Updated default version of helm chart kube-prometheus-stack of https://github.com/prometheus-community/helm-charts from 83.4.0 to 83.7.0 (!2450)
The upstream repository URL for the nvidia-container-toolkit has been updated sucht that Kubernetes workers with GPU capability can fetch the latest package versions. The package will be updated on a Kubernetes upgrade or system update. (!2455)
The upstream repository URL for the Nvidia cuda drivers has been updated. The Nivida cuda drivers got bumped from 530 to 595. The packages will be updated on a Kubernetes upgrade or system update. (!2455)
Updated default version of helm chart prometheus-blackbox-exporter of https://github.com/prometheus-community/helm-charts from 11.9.1 to 11.9.2 (!2470)
Updated default version of helm chart prometheus-blackbox-exporter of https://github.com/prometheus-community/helm-charts from 11.9.2 to 11.10.0 (!2474)
Updated default version of helm chart dcgm-exporter of https://github.com/nvidia/dcgm-exporter from 4.8.1 to 4.8.2 (!2475)
Updated default version of helm chart rook-ceph of https://github.com/rook/rook from v1.18.10 to v1.18.11 (!2497)
Updated default version of helm chart etcdbackup from 2.0.3 to 2.3.0 (!2502)
Updated default version of helm chart openstack-cinder-csi of https://github.com/kubernetes/cloud-provider-openstack from 2.35.0 to 2.36.0 (!2503)
Updated default version of helm chart openstack-cloud-controller-manager of https://github.com/kubernetes/cloud-provider-openstack from 2.35.0 to 2.36.0 (!2504)
The
nixpkgs.urlhas been changed from 25.11 to 26.05. (!2511)Updated default version of helm chart etcdbackup from 2.3.0 to 2.3.1 (!2517)
Updated default version of helm chart prometheus-blackbox-exporter of https://github.com/prometheus-community/helm-charts from 11.10.0 to 11.12.0 (!2519)
Updated default version of helm chart prometheus-blackbox-exporter of https://github.com/prometheus-community/helm-charts from 11.12.0 to 11.13.0 (!2523)
Updated default version of helm chart etcdbackup from 2.3.1 to 2.4.0 (!2524)
Updated default version of helm chart kube-prometheus-stack of https://github.com/prometheus-community/helm-charts from 84.3.0 to 84.5.0 (!2531)
Updated default version of helm chart cert-manager of https://github.com/cert-manager/cert-manager from v1.20.2 to v1.20.3 (!2535)
Updated default version of helm chart prometheus-blackbox-exporter of https://github.com/prometheus-community/helm-charts from 11.13.0 to 11.15.0 (!2539)
Bugfixes
A bug has been fixed that resulted in a deadlock when using both
USE_VAULT_IN_DOCKER=trueandYAOOK_K8S_DIRENV_MANUAL=true. (!2288)Fixed the option names in a few warnings (!2381)
Hostnames are now validated during inventory generation. (!2454)
With the latest nvidia-container-toolkit a bug has been fixed which caused existing workload to lose access to the GPU on a
systemctl daemon-reload. (!2455)TAROOK_NIX_FLAGS(see environment variables) now accepts multiple flags (!2456, !2516)A bug has been fixed where Grafana ignored Thanos datasource configuration changes. (!2464)
Affinity and tolerations for the node feature discovery subchart of the nvidida-device-plugin have been fixed. (!2467)
Affinity and tolerations for the CRD upgrade job of the kube-prometheus-stack have been fixed. (!2467)
Changes in the Documentation
We now provide a script to upgrade Nix on Debian-based systems to the version tested in our CI. The script can be run with
nix run git+https://gitlab.com/alasca.cloud/tarook/nix#upgrade. (!1983)Restructured Vault docs (!2366)
Documented that Tarook only supports one cluster per OpenStack project (!2443)
The description of yk8s.openstack.network_mtu has been refined. (!2465)
Fixed the documented default values of some options. (!2515)
Introduced a new release note category: Dependencies. (!2534)
Deprecations and Removals
Support for Kubernetes v1.32 has been dropped. (!2459)
The tasks which check for stale etcd peers have been removed. It is up to the user to ensure etcd peers are properly removed when reconfiguring the set of control plane nodes. This is ensured by running
kubeadm reseton the node to be removed. (!2460)
Other Tasks
Relocated all assertions in option apply functions to
config.yk8s.assertions(!2381)Relocated all warnings in option apply functions to
config.yk8s.warnings(!2381)Added warnings for yk8s.infra.subnet_cidr/yk8s.infra.subnet_v6_cidr being ignored if yk8s.infra.ipv4_enabled/yk8s.infra.ipv6_enabled is
false. (!2381)