1.34

Canonical Kubernetes 1.34 - Release notes - 08 September 2025

Requirements and compatibility

Canonical Kubernetes can be installed on a variety of operating systems using several methods. For specific requirements, see the Installation guides.

What’s new

• Kubernetes 1.34 - read more about the upstream release here.

• etcd as the default datastore - Canonical Kubernetes 1.34 introduces etcd as the default cluster datastore for new clusters. Existing clusters using k8s-dqlite will continue to function without changes during upgrades.

• Improved feature controller reliability - Enhanced feature upgrade process with worker node coordination.

• FIPS 140-3 compliance - Canonical Kubernetes snap can now be deployed with FIPS 140-3(Federal Information Processing Standards) compliance for US government and regulated industries.

• DISA STIG enhancements - we now support running on a STIG hardened host and have improved the UX for applying the DISA STIG recommendations for Kubernetes.

Also in this release

• Update CNI to v1.7.1

• Update Kubernetes to v1.34.0

• Update k8s-dqlite to v1.8.0

• Improved integration test stability for version upgrades

Deprecations and API changes

• Upstream - Please review the upstream release notes, which include depreciation notices and API changes for Kubernetes 1.34.

Fixed bugs and issues

• Fixed invalid iproute2 JSON output (#1820)

• Fixed feature gate ordering to prevent unnecessary restarts (#1800)

• Fixed features not getting reconciled after k8sd restart (#1781)

• Fixed version upgrade test to prevent multiple refreshes on a worker node (#1737)

Upgrade notes

See our upgrade notes page for instructions on how to upgrade to 1.34.

Note

New clusters in 1.34 will use etcd as the default datastore. Existing clusters using k8s-dqlite will not be affected during upgrade and will continue to use k8s-dqlite.

Patch notices

November 10, 2025

• Version bumps

  • containerd v1.7.29

  • runc v1.3.3

  • Cilium 1.17.9-ck1

  • CoreDNS 1.13.1-ck1

  • MetalLB 1.13.1-ck1

  • metrics-server 0.8.0-ck4

• Address issue with missing build tags causing panic in ROCKS when opening TLS connections (#1997)

• Exclude metallb-system from PodSecurityPolicy to ensure they are schedulable

• Remove unsupported recycle reclaim policy in local storage

• Add a guide on how to configure your firewall with UFW

• Add a fix to force remove lost nodes from the cluster

• For greater security, bump Helm version to v3.19.0 and introduce value sanitization

• During a k8s version downgrade, sanitize any feature gates that were introduced in later k8s versions

October 17, 2025

• Add how to deploy a Canonical Kubernetes cluster with FIPS compliance guide

• Add how to deploy a Canonical Kubernetes cluster with DISA STIG hardening guide

• Rework existing security pages to make navigation within the documentation easier