1.34

Canonical Kubernetes 1.34 - Release notes - 08 September 2025

Requirements and compatibility

Canonical Kubernetes can be installed on a variety of operating systems using several methods. For specific requirements, see the Installation guides.

What’s new

  • Kubernetes 1.34 - read more about the upstream release here.

  • etcd as the default datastore - Canonical Kubernetes 1.34 introduces etcd as the default cluster datastore for new clusters. Existing clusters using k8s-dqlite will continue to function without changes during upgrades.

  • Improved feature controller reliability - Enhanced feature upgrade process with worker node coordination.

  • FIPS 140-3 compliance - Canonical Kubernetes snap can now be deployed with FIPS 140-3(Federal Information Processing Standards) compliance for US government and regulated industries.

  • DISA STIG enhancements - we now support running on a STIG hardened host and have improved the UX for applying the DISA STIG recommendations for Kubernetes.

Also in this release

  • Update CNI to v1.7.1

  • Update Kubernetes to v1.34.0

  • Update k8s-dqlite to v1.8.0

  • Improved integration test stability for version upgrades

Deprecations and API changes

  • Upstream - Please review the upstream release notes, which include depreciation notices and API changes for Kubernetes 1.34.

Fixed bugs and issues

  • Fixed invalid iproute2 JSON output (#1820)

  • Fixed feature gate ordering to prevent unnecessary restarts (#1800)

  • Fixed features not getting reconciled after k8sd restart (#1781)

  • Fixed version upgrade test to prevent multiple refreshes on a worker node (#1737)

Upgrade notes

See our upgrade notes page for instructions on how to upgrade to 1.34.

Note

New clusters in 1.34 will use etcd as the default datastore. Existing clusters using k8s-dqlite will not be affected during upgrade and will continue to use k8s-dqlite.

Patch notices

Apr 23, 2026

  • Version bumps

    • rawfile-localpv 0.8.3-ck2

    • Kubernetes v1.34.4

    • Go v1.24.12

    • runc v1.3.4

    • k8s-dqlite v1.8.1

    • SQLite v3.50.2

    • Microcluster v2.2.1

    • k8s-snap-api v1.1.0

    • containerd v1.7.30

    • Helm v3.19.5

    • Cilium 1.17.9-ck9

  • Add a k8s-dqlite deprecation warning during bootstrap

  • Add node join revert logic for k8sd (#2339)

  • Add Kubernetes version to node version annotation

  • Ensure volume resizing is disabled for local-storage

  • Improve CLI logic to only require the --k8s-dqlite-state-dir/ --state-dir if the corresponding --skip-<k8sd/k8s-dqlite> flag is not set

  • Query the k8s API server through the current endpoints, rather than localhost (#1949)

  • Apply a fix to ensure snap services run after a revert

  • Improve clarity in compliance documentation, particularly our DISA STIG install and auditing pages

  • Set k8s-dqlite RPATH manually to ensure proper linking

  • Snap revert no longer fails if trying to revert to the currently installed version

  • Make integration testing more robust by addressing common testing failures (#2123, #2366, #2400)

  • Add integration test for FIPS compiled container images

November 10, 2025

  • Version bumps

    • containerd v1.7.29

    • runc v1.3.3

    • Cilium 1.17.9-ck1

    • CoreDNS 1.13.1-ck1

    • MetalLB 1.13.1-ck1

    • metrics-server 0.8.0-ck4

  • Address issue with missing build tags causing panic in ROCKS when opening TLS connections (#1997)

  • Exclude metallb-system from PodSecurityPolicy to ensure they are schedulable

  • Remove unsupported recycle reclaim policy in local storage

  • Add a guide on how to configure your firewall with UFW

  • Add a fix to force remove lost nodes from the cluster

  • For greater security, bump Helm version to v3.19.0 and introduce value sanitization

  • During a k8s version downgrade, sanitize any feature gates that were introduced in later k8s versions

October 17, 2025