Skip to content

Release notes for kOps 1.34 series

kOps 1.34.0 introduces major updates to container runtime management, enhanced cloud provider support, and significant networking improvements.

Significant changes

Container Runtime

  • crictl and nerdctl are now only installed on demand (#17604)
  • Set spec.containerd.installCriCtl=true or spec.containerd.installNerdCtl=true to install
  • Update containerd to v2.1.4 (#17532)
  • Better systemd integration with dbus dependency fix (#17603)

Networking

  • Update Cilium to v1.18.2 (#17601)
  • Add support for cilium-etcd with dns=none (#17625)
  • Update Calico to v3.30.3 (#17628)
  • Update Flannel to v0.27.4 (#17641)
  • AWS VPC CNI updated to v1.20.2 (#17629)
  • BREAKING: Canal support removed (#17642)

AWS

  • Update Karpenter to v1.8.1 (#17624)
  • Add support for feature gates configuration
  • Important: Older versions must be uninstalled before upgrading (#17567)
  • Add CPU and memory resource configuration for AWS Load Balancer Controller
  • Update EBS CSI driver to v1.47.0 (#17560)
  • Add support for using ECR as pull-through image cache (#16593)

Azure

  • Add udev disk rules (#17611)
  • Fix rolling-update error (#17538)
  • Use internal K8s API endpoint for cloud-node-manager (#17607)
  • Remove various VMSS configuration suffixes for cleaner naming
  • Use kops as the default admin user

OpenStack

  • Update OpenStack CSI images

Etcd

  • Update etcd to v3.6.5 for Kubernetes 1.34+ (#17637)
  • Update etcd to v3.5.23 for Kubernetes <1.34
  • Update etcd-manager to v3.0.20250917 (#17615)
  • Use image volumes to mount etcd images (#17539)

Other Components

  • Update cluster-autoscaler to v1.34.0 (#17643)
  • Update CoreDNS to v1.12.4
  • Update Cloud Controller Managers for AWS, Azure, and Hetzner
  • Default SSH key changed to ~/.ssh/id_ed25519.pub (from RSA)
  • ebtables, ethtool and socat are no longer installed by default

Breaking changes

  • Canal support has been removed (#17642)
  • Migrate to Calico or another supported CNI before upgrading
  • Legacy addons removed from the kOps repository (#17332)
  • Only affects clusters using kOps <1.22
  • Karpenter requires manual uninstallation before upgrading (#17567)
  • Default SSH key changed from RSA to Ed25519
  • Several packages no longer installed by default: crictl, nerdctl, ebtables, ethtool, socat

Other changes of note

  • Migrate to control-plane nomenclature in documentation
  • Fix IPv6 routes for Kubernetes 1.32
  • Fix Azure subscription ID check
  • Add nftables package support
  • Use ephemeral S3 buckets for E2E tests
  • Bump Golang to 1.25
  • Update golangci-lint to v2

Known Issues

  • Karpenter upgrade requires manual uninstallation of older versions
  • Azure naming conventions have changed which may affect existing automation

Deprecations

  • Support for Kubernetes version 1.28 is removed in kOps 1.34
  • Support for Kubernetes version 1.29 is deprecated and will be removed in kOps 1.35

Installation and Upgrade Notes

Pre-Upgrade Checklist

  1. Canal Users: Migrate to another CNI solution
  2. Karpenter Users: Uninstall existing Karpenter installations
  3. SSH Access: Verify Ed25519 key support
  4. Tool Dependencies: Check if you need crictl, nerdctl, ebtables, ethtool, or socat

Upgrade Process

  1. Review breaking changes
  2. Test in non-production first
  3. For Karpenter users, uninstall existing version
  4. Run kops update cluster and validate before applying

This release includes contributions from the kOps community. Thank you to all contributors!