1.32

Canonical Kubernetes 1.32 - Release notes - 12 December 2024

Welcome to the first LTS release of Canonical Kubernetes! These release notes cover the highlights of this release.

Requirements and compatibility

Canonical Kubernetes can be installed on a variety of operating systems using several methods. For specific requirements, see the Installation guides.

What’s new

• Kubernetes 1.32 - read more about the upstream release here.

• User provided certificate validation - Now Canonical Kubernetes can validate user provided certificates allowing greater control over the cluster.

• Additional CNIs - By adding the annotation cni.exclusive, users can now configure their Canonical Kubernetes cluster to add additional CNIs such as Multus providing greater networking possibilities.

• Configurable containerd installation - This new feature allows the user to specify the installation path of containerd at bootstrap and node join with containerd-base-dir. This means configurations files will not conflict with other containerd installations already on the host (for example from docker).

Also in this release

• Update to CNI v1.6.0

• Update go v1.23

• Update How to use COS Lite tutorial to use k8s-operator charm

• Update Dqlite to v1.17.1 LTS, go-dqlite to v2 and k8s-dqlite to v1.3.0

• Update Microcluster to v2.1.0

• Update LXD to v0.0.0-20241106165613-4aab50ec18c3

• Implement Vale spellcheck for documentation

• Use rock for MetalLB FRR instead of upstream

• Add review Kubernetes authentication token RPC

• Make updating documentation easier by implementing literalinclude

• Checks k8s-related port availability in PreInitChecks

• Add download links for long files

• Add patches for Kubernetes 1.32

• Minor SBOM improvements

• Add proxy setting from /etc/environment to inspection report

• Added test level tags

Deprecations and API changes

• Upstream - For details of other deprecation notices and API changes for Kubernetes 1.32, please see the relevant sections of the upstream release notes.

Fixed bugs and issues

• Fixed nightly tests (#876)

• Fixed containerd Pebble path (#874)

• Fixed MicroK8s snap check (#861)

• Set default k8s snap track for registry in integration tests (#852)

• Fixed cilium ingress, refactor string literals (#848)

• Removed hardened runner from CI (#847)

• Increase integration test timeouts(#798)

• Changed BusyBox image registry in our integration tests to avoid rate limit errors (#845)

Patch notices

Oct 22, 2025

• Resolve issue where etcd metrics aren’t exposed. #671

• Hardened TLS cipher suites for kube-apiserver. #1803

• Update Kubernetes to v1.32.9 #1842

Aug 25, 2025

• Trigger feature controller on k8sd startup #1782

• Allowing SCTP configuration through annotations, enable session affinity and enable protocol differentiation for Cilium 1.17 update #1780

• Set auto-tls options explicitly to false #1771

• Add etcd port checks to bootstrap verification #1769

• Derive initial-cluster from etcd member list #1763

• Update CIS hardening page to include etcd recommendations #1760

• Bump k8s-dqlite to v1.3.4 #1755

• Update Kubernetes to v1.32.8 #1751

• Prevent multiple refreshes on worker nodes and collect upgrades in the inspection report #1747

• Add etcd quorum recovery documentation #1744

• Update the Cilium rock versions #1742

• Add node removal warning to the docs #1717

• Use -ck tags for MetalLB FRR and rawfile-localpv rocks #1734

• Include managed-etcd service in the inspection report #1725

• Include control-plane-taints in the k8sd ConfigMap #1715

• Bump Cilium to 1.17 #1704

• Bump runc to v1.3.0 and containerd v1.6.39 #1691

• Revert etcd to v3.6.2 and build from upstream #1708

• Add etcd to pebble services #1694

• Assign a category to the SARIF uploads and fix TICs CI #1688

• Wait for worker nodes to get upgraded before triggering the feature controller upgrades #1643

• Add a coordinator to allow the use of a single manager for managed controllers #1453

• Use controller-gen to generate CRD yaml file from Go structs #1327

• Use controller-runtime client to manage upgrade CRDs #1322

• Add Google Analytics to our docs #1668

• Add patch notices for latest snap #1669

• Add a docs sitemap #1670

• Bump Helm to v3.18.4 to fix CVE-2025-53547 #1665

• Fix typo in LoadBalancer link #1673

• Fetch etcd 3.4.30 sources from Ubuntu archive #1671

• Add docs pages from main relevant to 1.32 #1604

• Perform PreInitChecks as early as possible to provide earlier feedback #1507

• Bump Microcluster to v2.2.0 and Go to v1.24.5 #1651

• Update Kubernetes version to v1.32.7 #1654

• Bump rawfile-localpv chart to v0.9.1 #1647

• Change the default cluster datastore to managed etcd #1638. Existing clusters deployed with k8s-dqlite will not be affected.

• Fix test_gateway test #1636

• Use action instead of context timeout in Helm and patch release status if pending #1636

• Add lock for Cilium features in the feature controller and add e2e test #1636

• Run all tests in parallel on Github runners #1479

Jul 14, 2025

• Introduce jitter to reconciliation retries to the feature controller #1614

• Document Auto Namespace creation and RBD disable #1606

Jun 25, 2025

• Add steps to configure a custom registry with containerd override_path in our docs #1601

• Ask the user about removing Cilium VXLAN interface #1597

• Update Kubernetes version to v1.32.6 #1596

• Add retry to get_join_token helper #1581

• Wait for the load balancer to be deployed in load balancer test #1579

• Consider user provided values before deciding Helm values changes #1568

• Add snap patch notices for 1.32.5 #1550

• Bump k8s-dqlite to v1.3.2 #1559

• Remove docs spelling checks temporarily #1552

• Address test_loadbalancer flakiness #1515

• Reduce API server calls by updating Helm configuration during upgrade, updating the upgrade controller logic, adding max retry attempts to the feature controller and passing the correct context to NodeStatus call in #1494

• Remove printing k8s binary outputs in CLI #1547

• Link Dqlite against the SQLite we build to fix snap build issue #1525

• Use Pebble for k8s snap revision during upgrades #1431

• Increase the timeouts for populating resource caches #1505

• Fix annotation test to keep k8s-dqlite in sync #1536

• Patch upgrade status object #1436

• Address test_clustering flakiness #1522

• Fix issue in test_disable_separate_feature_upgrades #1518

• Handle cleanup of custom containerd path #1497

• Disable feature and update controllers temporarily #1490

Jun 5, 2025

• Revert Cilium 1.17 upgrade due to compatibility issues (#1360) #1466

• Ensure node is removed correctly from the cluster on an internal server error #1377

• Add logging when rollout upgrade fails #1429

• Add dqlite deb source lists manually for TICS job stability #1457

• Fix test to retry snap install of pre-loaded snaps #1464

• Update Kubernetes version to 1.32.5 #1443

• Fix version upgrade test by setting default FLAVOR to classic #1446

• Skip feature upgrades tests early if not required #1439

• Fix inspection report to treat non-bootstrapped node as a control-plane node #1419

• Fix failures in test_cilium_e2e #1417

• Add quotations to service argument values to care for escape characters #1387

• Fix indentation of config in our docs #1412

• Fix typo in discourse link #1409

• Set dqlite failure-domain based on the k8s node AZ label #1309

• Address issue with parsing IPv6 endpoints for k8s-apiserver-proxy.json #1396

• Apply fix that allows BOM generation outside of Snapcraft #1390

• Add snap patch notices to the release notes #1392

• Ensure docs versions are correct #1383

• Add support to run test upgrades without needing a local snap #1380

• Update Kubernetes version to v1.32.4 #1335

• Bump Cilium version to 1.17.1 and gateway API chart to v1.2.0. Also includes updates to ensure CNCF conformance #1360

• Add charm patch notices to the release notes #1348

• Fix typo in proxy.md #1361

• Bump CoreDNS version to 1.12 and chart to 1.39.2 #1356

• Update CSI image versions #1154

• Bump CoreDNS chart to 1.36.2 and image to 1.11.4-ck1 #1155

• Update Juju links in our docs from juju/latest to juju/3.6 #1338

• Bump MetalLB chart and images to 0.14.9 #1153

• Add feature upgrades machinery #1296

• Bump rawfile-localpv image to 0.8.2 #1329

• Update tests as we do not expect k8sd to be active after node removal #1319

• Address error of worker nodes attempting to configure control plane elements during snap refreshes #1253

• Add tunnel-port annotation to address possible Cilium conflict with fan networking #1305

• Disable markdown lint due to false positives #1313

• Ignore _test packages in godoc generator #1308

• Bump golang.org/x/crypto to v0.35.0 #1304

Apr 23, 2025

• Fix node removal waiting for services to terminate #1287

• Ensure that post-refresh hook is only executed after snap refresh #1287

• Update containerd to v1.6.38 and Kubernetes to v1.32.3 #1179

• Pre-install xdelta3 to mitigate LXD rate-limit issues #1266

Apr 8, 2025

• Ensure lock directory exists before creating file #1220

• Move snapd sync to custom post-refresh hook #1209

• Calculate changed files for markdown lint through git #1202

• Fix link #1195

• Temporarily disable snap/k8sd config sync during snap upgrade #1168

• Adds non-default CoreDNS ServiceAccount #1109

Mar 24, 2025

• Remove compromised dependency tj-actions/changed-files #1190

• Run all tests on Kubernetes component / feature updates #1184

• Fix test_mixed_versions_join test #1165

• Add runc 1.2.5 arm patch and switch to noble 24.04 runners #1133

• Use 1.32-classic/edge release in 1.32-release nightly tests #1157

• Remove 1.31 release notes #1145

Mar 9th, 2025

• Fix custom registry config name #1132

• Fix configuration name #1130

• Update containerd and runc versions #1115

• Add fan-config instructions to OpenStack how-to guide #1073

Feb 22, 2025

• Update Kubernetes version to 1.32.2 #1067

• Address memory leak update k8s-dqlite version to v1.3.1 #1063

• Fix spell check #1050

• Fix pre-release update with same risk-level #1047

• Fix custom containerd paths #1046

• Add intermediate CA how-to #1027

• Switch to cilium native routing mode for IPv6 only setup #1007

• Remove obsolete LoadBalancer feature check #1037

• Use ControlPlaneJoinConfig certificates during Control Plane Join #1029

• Collect all inspection reports before cleaning up nodes #1034

• Remove /src dir #1018

• Enrich node configuration controller tests with signed ConfigMaps #1032

• Avoid logging an error in inspect.sh if there are no core dumps #1028

• Add Dqlite configuration to troubleshooting page #1022

• Fix typo in setup-image.sh #1024

• Split tutorial for CAPI, add capi troubleshooting pages #1019

• Log a message if the cluster is uninitialized #1015

• Add k8s inspect command #1016

• Generate and collect core dumps #1014

• Add warning for dual stack ingress #1008

• Remove two-node HA page #1006

• Fix config “show” command #1012

• Apply small docs pages fixes #1011

• Retry Temporary API Failures in Microcluster #992

• Update Microcluster version to latest v2 #1010

• Bump actions upload-artifact to v4 #1003

• Document k8s-snap installation on development environments #995

• Fix headers naming style in docs #1005

• Enable cluster-config.load-balancer.l2-mode by default #1001

• Don’t remove Kubernetes certificates and containerd if skipped #1002

• Add package management with helm explanation page #964

• Update outdated links in our docs #1004

• Implement timeout in inspect.sh for k8s commands #990

• Fix token permissions alert #998

• Fix snap tutorials section #983

• Adds Prometheus how-to guide #944

• Add missing commands to reference section in docs #976

• Fix broken links for ingress.md in our docs #979

• Reorder explanation index, ensure header style consistency in our docs #978

• Fix snap storage documentation #985

• Improve security docs #980

• Add upgrading explanation page #950

• Update annotations doc page #974

• Update config file reference page #977

• Update bootstrap config reference page #975

• Improve snap install docs #984

• Fix type on proxy reference page #981

• Update inspect.sh to collect dmesg logs and configurable number of snap log entries #982

• Update Microcluster to the latest v2 #968

• Simplify the docs for installing via Terraform #948

• DISA STIG hardening docs improvements #967

• Update charm docs #958

• Allow specifying service env variables #973

• Add a contributing file #966

• Update docs home page #951

• Update networking docs #963

• Clarify IPv6-only docs interface binding #972)

• Update Kubernetes version to v1.32.1 #971

• Add how-to troubleshoot page for charm deployments #953

• Update CAPI docs #957

• Add Load balancer explanation page #965

• Add Cluster Configuration using Juju page #960

• Fix service IP poller in test_ingress #956

• Add image management how-to guide #954

• Add snap troubleshooting how-to guide #943

• Move charm install files to charm/howto/install #955

• Add charm actions reference page #938

• Change heading title to prerequisites in docs #959

• Clarify node-labels are additive or destructive in our docs #949

• Add custom bootstrap configuration documentation #935

• Add basic operations with the charm tutorial #947

• Add IPv6 load balancer tests #926

• Add ports and services reference #945

• Add ports and services reference page #946

• Add high availability explanation page #940

• Add how-to uninstall the snap page #941

• Clean up k8s-dqlite state dir and stops it on remove hook #908

• Add reference docs for charm configurations #939

• Fix snap upgrade how-to guide #942

• Add choosing an installation method documentation #933

• Add snap upgrades how-to guide #934

• Add CAPI bootstrap config docs #936

• Automatically manage pre-release branches #916

• Add test for deploying NVIDIA gpu-operator through Helm chart #929

• Add a systemd override to add containerd defaults #932

• Add charm upgrade documentation #881

• Add docs for Juju custom configuration #937

• Add alternative CNI how-to guide #900

• CI improvements including TICs and Trivy tests #927

• Include system information in the inspect.sh script #921

• Bump copyright headers #931

• Ensure LXD is installed before attempting snap refresh #930

• Retry seed loading in case snap is not ready yet #925

• Add 1.32 charms release notes #913

• Fix broken links in our docs #924

• Bump golang.org/x/net to v0.33.0 #919

• Fix containerd-related path cleanup on failed bootstrap/join and associated test #910

• Fix all linter warnings in test harness #898

• Update etcd how-to guide config option #918

• Microcluster schema change warning #922

• Add Terraform documentation for k8s and k8s-worker charms #920

• Move doc files under /src to fix edit docs button #917

• Add 1.32 release docs #899

• Fix dual-stack yaml indentation #914

• Completely remove LocalHarness #912

• Remove duplicate github actions #892

• Remove manual provider config for clusterctl in CAPI docs #911

• Bump golang.org/x/crypto from v0.28.0 to v0.31.0 #909

• Restructure the CIS and DISA STIG hardening guides #890

• Add how-to guide on OpenStack integration #855

• Ensure containerd-related directories removed on failed bootstrap/join-cluster #863

• Update CNI to v1.6.0, Kubernetes to v1.32.0 and Go to 1.23/stable #896

• Exit early if node name is not provided in CLI #895

• Remove 1.30 branch from automatic updates #893

• Add unit test ValidateCAPIAuthTokenAccessHandler #885

• Add unit test ValidateNodeTokenAccessHandler #880

• Bump Kubernetes version to v1.32.4 #887

• Update the DISA doc #884

• Add 1.32 to supported releases #883

• Bump GitPython to 3.1.41 #997

• Bump Jinja2 version to 3.1.5 #1000

• Update Microcluster to latest v2 #987

Jan 16, 2025

• Bump Kubernetes version v1.32.1 #969

• Remove matrix link from docs #962

• Add 1.32 release notes for snap and charm #913 and #928

Contributors

Many thanks to @neoaggelos, @bschimke95, @evilnick, @eaudetcobello, @louiseschmidtgen, @mateoflorido, @berkayoz, @addyess, @HomayoonAlimohammadi, @ktsakalozos, @kwmonroe, @maci3jka, @petrutlucian94, @nhennigan, @claudiubelu, @aznashwan, @YanisaHS, @hemanthnakkina, @dulmandakh, @perk.