New Features

• Add a new option to enable the config drive on the OpenStack provider for machine deployments, along with a datacenter-level option to enforce it for all machine deployments (#7516)

Bugfixes

• Add RBAC rules for Velero Backup resources to allow get, list, and watch operations (#14822)
• Fix issue with CBSL credentials and status not syncing to seed clusters (#14703)
• Update kubermatic-installer local kind Dex static client configurations (#14735)
• Add the ETCDCTL_ENDPOINTS environment variable with name-based endpoints in all etcd pods. This enables successful execution of the etcdctl endpoint health command without the need for the --cluster flag which pulls IP based endpoints from the etcd ring (#14724)

Updates

• Add support for k8s patch releases 1.33.3/1.32.7/1.31.11 (#14830)
• Update helm to v3.17.4 (#14831)
• Update OSM to v1.7.5 (#14887)
• Replace Bitnami charts and images with kubermatic-mirror charts and images to address issues identified in bitnami/containers#83267 (#14873)

New Features

• Add a new option to enable the config drive on the OpenStack provider for machine deployments, along with a datacenter-level option to enforce it for all machine deployments (#7516)

Bugfixes

• Add RBAC rules for Velero Backup resources to allow get, list, and watch operations (#14822)
• Fix issue with CBSL credentials and status not syncing to seed clusters (#14865)
• Add the ETCDCTL_ENDPOINTS environment variable with name-based endpoints in all etcd pods. This enables successful execution of the etcdctl endpoint health command without the need for the --cluster flag which pulls IP based endpoints from the etcd ring (#14724)
• Pass ConfigDrive value to JSON patch during machine updates for OpenStack (#7299)

Updates

• Update Helm v3.17.4 (#14854)
• Update OSM to v1.6.8 (#14888)
• Replace Bitnami charts and images with kubermatic-mirror charts and images to address issues identified in bitnami/containers#83267 (#14873)

New Features

• Add a new option to enable the config drive on the OpenStack provider for machine deployments, along with a datacenter-level option to enforce it for all machine deployments (#7516)

Bugfixes

• Add RBAC rules for Velero Backup resources to allow get, list, and watch operations (#14822)
• Fix issue with CBSL credentials and status not syncing to Seed clusters (#14866)
• Pass ConfigDrive value to JSON patch during machine updates for OpenStack (#7299)

Updates

• Update Helm v3.17.4 (#14855)
• Update OSM to v1.6.8 (#14890)
• Replace Bitnami charts and images with kubermatic-mirror charts and images to address issues identified in bitnami/containers#83267 (#14900)

This release contains a mistake, please use GitHub release: v2.26.12 instead.

Supported Kubernetes Versions

• Add 1.33.2/1.32.6/1.31.10/1.30.14 to the list of supported Kubernetes releases (#14783)

New Features

• Add the ability to skip router reconciliation in the OpenStack provider (#14771,#7483)
• KubeLB: KKP defaulting will now enable KubeLB for a cluster if it's enforced at the datacenter level (#14732)
• Overwrite system application images when overwriteRegistry is defined (#14773)

Bugfixes

• A regression bug regarding node-exporter pod labeling which didn't exclude node-exporter pods from pod discovery was fixed (#14742)
• Support KubeVirt vCPUs validation in the resource quota controller (#14728)
• A bug which lead to missing kube state metrics scraping was fixed (#14759)
• Fix KubeLB checkbox state management and UI flickering issues in cluster creation wizard/edit cluster dialog (#7458)
• Fix validation error when switching expose strategy from Tunneling to LoadBalancer by clearing tunnelingAgentIP automatically (#7422)
• KubeLB: Fix a bug where enforcement on a datacenter was not enabling KubeLB for the user clusters in the dashboard (#7453)
• Project viewers can now only view cluster templates. Create, update, and delete actions are restricted except deletion by the owner (#7481)
• Skip setting custom CPUs field in machine deployment for Kubevirt user clusters. (#7493)
• A bug regarding network policy cleanup up in kubevirt infra clusters when the removal of the finalizer failed after deleting the network policy was fixed. (#14805)
• Fix log spam on deleted ResourceQuota objects. (#14806)

Updates

• Update operating-system-manager to v1.7.4 (#14793)
• Update to Go 1.24.4 (#14665,#7440)

Cleanup

• By default the oauth2-proxy disables Dex's approval screen now. To return to the old behaviour, set approval_prompt = "force" for each IAP deployment in your Helm values.yaml (#14751)

New Features

• KubeLB: KKP defaulting will now enable KubeLB for a cluster if it's enforced at the datacenter level (#14747)

Design

• Fix clickable documentation links in hints for disabled checkboxes (#7434)

Bugfixes

• Fix KubeLB checkbox state management and UI flickering issues in cluster creation wizard/edit cluster dialog (#7460)
• Fix validation error when switching expose strategy from Tunneling to LoadBalancer by clearing tunnelingAgentIP automatically (#7422)
• KubeLB: Fix a bug where enforcement on a datacenter was not enabling KubeLB for the user clusters in the dashboard (#7455)
• List all OpenStack networks in the UI wizard during cluster creation (#7437)
• Project viewers can now only view cluster templates. Create, update, and delete actions are restricted except deletion by the owner (#7482)
• Shows custom disk fields when a custom disk is configured in the Machine Deployment edit dialog (#7415)
• Unset backup sync period if value is empty (#7444)
• Skip setting custom CPUs field in machine deployment for Kubevirt user clusters. (#7493)
• A bug regarding network policy cleanup up in kubevirt infra clusters when the removal of the finalizer failed after deleting the network policy was fixed. (#14803)
• Fix log spam on deleted ResourceQuota objects. (#14807)

Updates

• Update machine-controller(MC) to v1.61.3 (#14729)
• Update operating-system-manager(OSM) to v1.6.7 (#14794)
• Update to Go 1.23.10 (#14667,#7450)

Cleanup

• By default the oauth2-proxy disables Dex's approval screen now. To return to the old behaviour, set approval_prompt = "force" for each IAP deployment in your Helm values.yaml (#14751)

New Features

• KubeLB: KKP defaulting will now enable KubeLB for a cluster if it's enforced at the datacenter level (#14748)

Design

• Fix clickable documentation links in hints for disabled checkboxes (#7434)

Bugfixes

• Fix validation error when switching expose strategy from Tunneling to LoadBalancer by clearing tunnelingAgentIP automatically (#7422)
• KubeLB: Fix a bug where enforcement on a datacenter was not enabling KubeLB for the user clusters in the dashboard (#7453)
• List all OpenStack networks in the UI wizard during cluster creation (#7437)
• Shows custom disk fields when a custom disk is configured in the Machine Deployment edit dialog (#7415)
• A bug regarding network policy cleanup up in kubevirt infra clusters when the removal of the finalizer failed after deleting the network policy was fixed. (#14804)
• Fix log spam on deleted ResourceQuota objects. (#14808)

Updates

• Update machine-controller(MC) to v1.60.2 (#14744)
• Update operating-system-manager(OSM) to v1.6.7 (#14795)
• Update to Go 1.23.10 (#14666,#7449)

Cleanup

• By default the oauth2-proxy disables Dex's approval screen now. To return to the old behaviour, set approval_prompt = "force" for each IAP deployment in your Helm values.yaml (#14751)

Important Hotfix Release Notice

This hotfix is for a critical issue and should not be deployed into a production environment without direct approval and guidance from Kubermatic support.

This release contains a targeted fix for a specific issue. Applying it to your production environment without proper assessment and support from our team could lead to unintended consequences or instability.

Important note about upgrading: This hotfix contains changes that may not be included in all subsequent versions. To ensure a smooth upgrade process after installing this hotfix, please contact Kubermatic Support for further instructions before upgrading to a newer version. Kubermatic Support will let you know which versions you can safely upgrade to.

Before proceeding, please contact Kubermatic support and reference this hotfix version. Our team will work with you to evaluate your specific situation, provide a deployment plan, and ensure a smooth and safe application of this fix.

🎉 Please see the changelog for a complete list of new features, improvements and bugfixes in this release.