1. Docs
  2. Changes and releases

Workload cluster release aws-32.1.0 for CAPA

CAPA releases releases aws-32.1.0

This release updates Flatcar to v4230.2.4 and includes several app updates and improvements.

Changes compared to v32.0.0

Components

  • cluster-aws from v5.0.0 to v5.3.0
  • Flatcar from v4230.2.2 to v4230.2.4
  • os-tooling from v1.26.1 to v1.26.2

cluster-aws v5.0.0…v5.3.0

Added

  • Expose value to configure terminationGracePeriod in the karpenter node pools.

Changed

  • Configure the following startupTaints to help karpenter ignore pending Pods due to these taints that will be removed after the node starts, avoiding unnecessary instance provisioning:
    • node.cluster.x-k8s.io/uninitialized:NoSchedule
    • node.cilium.io/agent-not-ready:NoSchedule
    • ebs.csi.aws.com/agent-not-ready:NoExecute
  • Reduce heartbeat timeout for ASG lifecycle hooks to from 30 minutes to 3 minutes since aws-node-termination-handler-app (NTH) can now send heartbeats

Apps

  • aws-ebs-csi-driver from v3.0.5 to v3.3.0
  • aws-nth-bundle from v1.2.2 to v1.3.0
  • aws-pod-identity-webhook from v1.19.1 to v2.0.0
  • capi-node-labeler from v1.1.3 to v1.1.5
  • cert-exporter from v2.9.9 to v2.9.13
  • cert-manager from v3.9.2 to v3.9.4
  • cilium from v1.3.0 to v1.3.1
  • coredns from v1.27.0 to v1.28.2
  • etcd-defrag from v1.0.8 to v1.2.2
  • etcd-k8s-res-count-exporter from v1.10.7 to v1.10.10
  • k8s-audit-metrics from v0.10.6 to v0.10.9
  • node-exporter from v1.20.5 to v1.20.8
  • observability-bundle from v2.2.2 to v2.3.2
  • security-bundle from v1.12.0 to v1.14.0
  • vertical-pod-autoscaler from v6.0.1 to v6.1.1
  • vertical-pod-autoscaler-crd from v4.0.1 to v4.1.1

aws-ebs-csi-driver v3.0.5…v3.3.0

Changed

  • Chart: Sync to upstream. (#338)
    • Chart: Update AWS EBS CSI Driver from v1.41.0 to v1.51.0.
    • Chart: ⚠️ URGENT: XFS Compatibility Issue - Newly formatted XFS volumes may fail to mount on nodes with older kernels (Amazon Linux 2). Use node.legacyXFS: true as workaround.
    • Chart: ⚠️ URGENT: Controller Health Checks - Controller now performs AWS API dry-run checks. Ensure proper IAM permissions and network connectivity.
    • Chart: ⚠️ URGENT: StorageClass Parameter Deprecation* - blockExpress parameter is deprecated for io2 volumes (now always uses 256,000 IOPS cap).
    • Chart: Add support for creating instant, point-in-time copies of EBS volumes within the same Availability Zone.
    • Chart: Add debugLogs parameter for maximum verbosity logging and debugging.
    • Chart: Add metadataSources configuration option for node metadata handling.
    • Chart: Add disableMutation parameter for service account mutation control.
    • Chart: Add support for updating node’s max attachable volume count via MutableCSINodeAllocatableCount feature gate (Kubernetes 1.33+).
    • Chart: Update dependencies including AWS SDK, Prometheus, and various Go modules.
    • Chart: Add missing enablePrometheusAnnotations values for controller and node components.
    • Chart: Update sidecar container versions:
  • csi-provisioner: v5.2.0 → v5.3.0
  • csi-attacher: v4.8.1 → v4.9.0
  • csi-snapshotter: v8.2.1 → v8.3.0
  • livenessprobe: v2.14.0 → v2.16.0
  • csi-resizer: v1.13.2 → v1.14.0
  • csi-node-driver-registrar: v2.13.0 → v2.14.0
  • volume-modifier-for-k8s: v0.5.1 → v0.8.0
  • Configure gsoci.azurecr.io as the default container image registry.
  • Set default updateStrategy.rollingUpdate.maxUnavailable to 25% in DaemonSet to speed up rolling update.

aws-nth-bundle v1.2.2…v1.3.0

Changed

  • Upgrade aws-nth-crossplane-resources to v1.3.0, fixing support for multiple OIDC providers in the NTH IAM role as required for cleanup of migrated vintage clusters, and supporting heartbeat sending
  • Upgrade aws-node-termination-handler-app to v1.23.0, enabling heartbeats by default and upgrading to upstream application version v1.25.2 which fixes a resource leak bug relevant to heartbeat sending
  • Upgrade aws-nth-crossplane-resources to v1.1.1, supporting multiple OIDC providers in the NTH IAM role as required for cleanup of migrated vintage clusters

aws-pod-identity-webhook v1.19.1…v2.0.0

Changed

  • Upgrade IRSA to latest v0.6.9

capi-node-labeler v1.1.3…v1.1.5

Changed

  • Go: Update dependencies.
  • Go: Update dependencies.

cert-exporter v2.9.9…v2.9.13

Changed

  • Go: Update dependencies.
  • Go: Update dependencies.
  • Chart: Add value to toggle creation of Daemonset resources.
  • Go: Update dependencies.

cert-manager v3.9.2…v3.9.4

Added

  • Add E2E tests using apptest-framework for automated PR testing across multiple providers (CAPA, CAPV, CAPZ, CAPVCD).
    • Basic test suite: Validates fresh installations
    • Upgrade test suite: Tests upgrade scenarios and certificate reconciliation
  • Add certificate issuance integration test to cluster-test-suites.

Changed

  • Upgrade cert-manager to v1.18.2.
  • Fix missing targetPort in cainjector-service

cilium v1.3.0…v1.3.1

Changed

coredns v1.27.0…v1.28.2

Changed

  • Update coredns image to 1.13.1.
  • Add value to toggle creation of controlplane deployment.
  • Update coredns image to 1.13.0.

etcd-defrag v1.0.8…v1.2.2

Changed

  • Chart: Update dependency ahrtr/etcd-defrag to v0.35.0. (#64)
  • Chart: Update dependency ahrtr/etcd-defrag to v0.34.0. (#62)
  • Chart: Update dependency ahrtr/etcd-defrag to v0.33.0. (#60)
  • Update Kyverno API to v2 for policy exceptions
  • Chart: Update dependency ahrtr/etcd-defrag to v0.32.0. (#57)

etcd-k8s-res-count-exporter v1.10.7…v1.10.10

Changed

  • Go: Update dependencies.
  • Go: Update dependencies.
  • Update Kyverno API to v2 for policy exceptions
  • Go: Update dependencies.

k8s-audit-metrics v0.10.6…v0.10.9

Changed

  • Go: Update dependencies.
  • Go: Update dependencies.
  • Update Kyverno API to v2 for policy exceptions
  • Go: Update dependencies.

node-exporter v1.20.5…v1.20.8

Changed

  • Go: Update dependencies.
  • Go: Update dependencies.
  • Update Kyverno API to v2 for policy exceptions
  • Go: Update dependencies.

observability-bundle v2.2.2…v2.3.2

Added

  • Add KSM metrics for cloudnative-pg Cluster objects

Changed

  • Update alloy-app to 0.15.0
    • Bumps alloy to 1.11.0

Fixed

  • Update alloy-app to 0.15.1
    • Bumps alloy to 1.11.2

security-bundle v1.12.0…v1.14.0

Changed

  • Update kyverno (app) to v0.20.1.
  • Update kyverno-crds (app) to v1.14.0.
  • Update kyverno-policies (app) to v0.24.0.
  • Update reports-server (app) to v0.0.3.
  • Revert previous kyverno update (#536, #531, #538).
  • Update kyverno-policy-operator (app) to v0.1.6.
  • Update kyverno (app) to v0.20.0.
  • Update kyverno-crds (app) to v1.14.0.
  • Update kyverno-policies (app) to v0.24.0.
  • Update kyverno-policy-operator (app) to v0.1.5.
  • Update trivy-operator (app) to v0.12.1.
  • Update trivy (app) to v0.14.1.
  • Update falco (app) to v0.11.0.

vertical-pod-autoscaler v6.0.1…v6.1.1

Changed

  • Chart: Update Helm release vertical-pod-autoscaler to v11.1.1. (#375)
  • Chart: Update Helm release vertical-pod-autoscaler to v11.1.0. (#372)

vertical-pod-autoscaler-crd v4.0.1…v4.1.1

Changed

  • Chart: Sync to upstream. (#166)
  • Chart: Sync to upstream. (#164)