CAPVCD Releases

• Jan 24, 2026 CAPVCD releases releases cloud-director-33.2.0

  Changes compared to v33.1.1

  Components

  • cluster-cloud-director from v2.4.0 to v2.4.1

  cluster-cloud-director v2.4.0…v2.4.1

  Added

  • Added fix-dns-nic-allocation.sh Ignition script to attach DNS servers to correct network interfaces.

  Fixed

  • Fix a race condition when populating /run/metadata/coreos.
  • Fix race condition in ntpd unit.
• Jan 22, 2026 CAPVCD releases releases cloud-director-34.0.0

  Warning: Important Note for Upgrading to this Release

  tl;dr: Please first upgrade your existing cluster to Giant Swarm Release v33.2.0 for VMware Cloud Director or newer before upgrading to this release! Otherwise, you risk service outage and severe issues.

  Giant Swarm Release v34.0.0 for VMware Cloud Director comes with Kubernetes v1.34. This version contains etcd v3.6, which makes use of the so-called v3 store by default. Before, with etcd v3.5, the v2 store was used by default and synchronized to the already existing v3 store.

  Different flaws could lead to an inconsistency between the old v2 store and the already present but unused standby v3 store in etcd v3.5 and before. Because of this, new etcd v3.6 members, which first start to use this v3 store, might suffer from these inconsistencies.

  This can come into play when upgrading a cluster to this and future releases from any release older than Giant Swarm Release v33.2.0 for VMware Cloud Director. For this reason, we require you to first upgrade your cluster to Giant Swarm Release v33.2.0 for VMware Cloud Director or newer before upgrading to this or future releases.

  OIDC Structured Authentication (optional)

  This release introduces optional support for Kubernetes Structured Authentication Configuration for OIDC providers. We recommend testing this feature on a non-production cluster first.

  Minimal example

  global:
    controlPlane:
      oidc:
        structuredAuthentication:
          enabled: true
          issuers:
            - issuerUrl: https://your-idp.example.com
              clientId: kubernetes
  

  Example with customization

  global:
    controlPlane:
      oidc:
        structuredAuthentication:
          enabled: true
          issuers:
            - issuerUrl: https://your-idp.example.com
              clientId: kubernetes
              usernameClaim: email          # Optional: use 'email' instead of 'sub'
              groupsClaim: roles            # Optional: use 'roles' instead of 'groups'
              usernamePrefix: "oidc:"       # Optional: prefix usernames
              groupsPrefix: "oidc:"         # Optional: prefix groups
  

  Migration from legacy OIDC configuration

  If you already use OIDC with the legacy configuration, add structuredAuthentication.enabled: true to migrate:

  global:
    controlPlane:
      oidc:
        issuerUrl: https://your-idp.example.com
        clientId: kubernetes
        structuredAuthentication:
          enabled: true
  

  This will automatically convert your legacy configuration to the new structured format.

  Advanced options

  Additional configuration options are available for more complex setups, including:

  • Multiple audiences (audiences, audienceMatchPolicy)
  • Custom discovery URL (discoveryUrl)
  • Custom CA certificate (caPem)
  • CEL expressions for claim and user validation (claimValidationRules, userValidationRules)
  • Advanced claim mappings with CEL expressions (claimMappings)

  Refer to the Kubernetes Structured Authentication documentation for details.

  Changes compared to v33.1.1

  Components

  • cluster-cloud-director from v2.4.0 to v3.1.2
  • Flatcar from v4459.2.1 to v4459.2.2
  • Kubernetes from v1.33.6 to v1.34.3
  • os-tooling from v1.26.2 to v1.26.3

  cluster-cloud-director v2.4.0…v3.1.2

  Added

  • Added fix-dns-nic-allocation.sh Ignition script to attach DNS servers to correct network interfaces.
  • Add the priority-classes default app, enabled by default. This app provides standardised PriorityClass resources like giantswarm-critical and giantswarm-high, which should replace the previous inconsistent per-app priority classes.
  • Add "helm.sh/resource-policy": keep annotation to VCDCluster CR so that it doesn’t get removed by Helm when uninstalling this chart. The CAPI controllers will take care of removing it, following the expected deletion order.

  Changed

  • Fix a race condition when populating /run/metadata/coreos.
  • Fix race condition in ntpd unit.
  • Chart: Update cluster to v5.1.2.
  • Chart: Update cluster to v5.1.1.
  • Chart: Update cluster to v5.1.0.
  • Chart: Update cluster to v5.0.0.

  Apps

  • cert-exporter from v2.9.14 to v2.9.15
  • cilium from v1.3.2 to v1.3.4
  • coredns from v1.28.3 to v1.29.1
  • etcd-k8s-res-count-exporter from v1.10.11 to v1.10.12
  • network-policies from v0.1.1 to v0.1.3
  • node-exporter from v1.20.9 to v1.20.10
  • observability-bundle from v2.3.2 to v2.5.0
  • Added priority-classes v0.3.0
  • security-bundle from v1.15.0 to v1.16.1

  cert-exporter v2.9.14…v2.9.15

  Changed

  • Go: Update dependencies.

  cilium v1.3.2…v1.3.4

  Changed

  • Upgrade Cilium to v1.18.6.
  • Upgrade Cilium to v1.18.5.

  coredns v1.28.3…v1.29.1

  Changed

  • Update coredns image to 1.14.1.
  • Update coredns image to 1.14.0.

  etcd-k8s-res-count-exporter v1.10.11…v1.10.12

  Changed

  • Go: Update dependencies.

  network-policies v0.1.1…v0.1.3

  Added

  • Add support for Kamaji.

  Fixed

  • Fixed broken templating.

  node-exporter v1.20.9…v1.20.10

  Removed

  • Repository: Remove integration tests.

  observability-bundle v2.3.2…v2.5.0

  Added

  • Add KSM metrics kube_servicemonitor_info and kube_podmonitor_info for ServiceMonitor and PodMonitor resources
  • Add KSM metrics kube_podlog_info for PodLog resource

  Changed

  • Upgrade kube-prometheus-stack-app to 19.0.0
  • Update alloy-app to 0.16.0
    • Bumps alloy to 1.12.0

  Fixed

  • Fixed KSM metrics for endpoints

  priority-classes v0.3.0

  Changed

  • Label now uses chart version instead of app version.

  Removed

  • Removed appVersion (only version is used now).

  security-bundle v1.15.0…v1.16.1

  Changed

  • Add missing dependency to all apps.
  • Allow to set multiple dependencies on the depends-on annotation.
  • Rename edgedb to gel.
  • Update cloudnative-pg (app) to v0.0.12.
  • Update gel (app) to v1.0.1.
• Dec 16, 2025 CAPVCD releases releases cloud-director-33.1.1

  This patch release fixes an issue with the installation of the Teleport Kube Agent app.

  Changes compared to v33.1.0

  Apps

  • coredns from v1.28.2 to v1.28.3

  coredns v1.28.2…v1.28.3

  Changed

  • Update coredns image to 1.13.2.
• Dec 3, 2025 CAPVCD releases releases cloud-director-33.1.0

  Update Kubernetes to v1.33.6, Flatcar to v4459.2.1 and various component upgrades.

  Changes compared to v33.0.1

  Components

  • cluster-cloud-director from v2.2.0 to v2.4.0
  • Flatcar from v4230.2.3 to v4459.2.1
  • Kubernetes from v1.33.5 to v1.33.6
  • os-tooling from v1.26.1 to v1.26.2

  cluster-cloud-director v2.2.0…v2.4.0

  Changed

  • Chart: Update cluster to v4.4.0.
  • Chart: Update cluster to v4.3.0.

  Apps

  • cert-exporter from v2.9.12 to v2.9.14
  • cert-manager from v3.9.3 to v3.9.4
  • cilium from v1.3.1 to v1.3.2
  • etcd-defrag from v1.2.1 to v1.2.3
  • etcd-k8s-res-count-exporter from v1.10.9 to v1.10.11
  • k8s-audit-metrics from v0.10.8 to v0.10.10
  • node-exporter from v1.20.7 to v1.20.9
  • observability-policies from v0.0.2 to v0.0.3
  • security-bundle from v1.13.1 to v1.15.0
  • teleport-kube-agent from v0.10.6 to v0.10.7

  cert-exporter v2.9.12…v2.9.14

  Changed

  • Go: Update dependencies.
  • Go: Update dependencies.

  cert-manager v3.9.3…v3.9.4

  Added

  • Add E2E tests using apptest-framework for automated PR testing across multiple providers (CAPA, CAPV, CAPZ, CAPVCD).
    • Basic test suite: Validates fresh installations
    • Upgrade test suite: Tests upgrade scenarios and certificate reconciliation
  • Add certificate issuance integration test to cluster-test-suites.

  Changed

  • Upgrade cert-manager to v1.18.2.

  cilium v1.3.1…v1.3.2

  Changed

  • Upgrade Cilium to v1.18.4.

  etcd-defrag v1.2.1…v1.2.3

  Changed

  • Chart: Update dependency ahrtr/etcd-defrag to v0.36.0. (#69)
  • Chart: Update dependency ahrtr/etcd-defrag to v0.35.0. (#64)

  etcd-k8s-res-count-exporter v1.10.9…v1.10.11

  Changed

  • Go: Update dependencies.
  • Go: Update dependencies.

  k8s-audit-metrics v0.10.8…v0.10.10

  Changed

  • Go: Update dependencies.
  • Go: Update dependencies.

  node-exporter v1.20.7…v1.20.9

  Changed

  • Go: Update dependencies.
  • Go: Update dependencies.

  observability-policies v0.0.2…v0.0.3

  Fixed

  • Missing RBAC for kyverno-report-controller

  security-bundle v1.13.1…v1.15.0

  Added

  • Add kubescape (app) version v0.0.4.

  Changed

  • Update kyverno (app) to v0.21.1.
  • Update kyverno-crds (app) to v1.15.0.
  • Update kyverno (app) to v0.20.1.
  • Update kyverno-crds (app) to v1.14.0.
  • Update kyverno-policies (app) to v0.24.0.
  • Update reports-server (app) to v0.0.3.

  teleport-kube-agent v0.10.6…v0.10.7

  Added

  • Add ephemeral-storage requests and limits to satisfy Kyverno policy require-emptydir-requests-and-limits.

  Changed

  • Enable upstream-provided Prometheus PodMonitor to scrape metrics from Teleport Kube Agent pods.
• Nov 2, 2025 CAPVCD releases releases cloud-director-32.1.0

  This release updates Flatcar to v4230.2.4 and includes several app updates and improvements.

  Changes compared to v32.0.0

  Components

  • Flatcar from v4230.2.2 to v4230.2.4
  • os-tooling from v1.26.1 to v1.26.2

  Apps

  • capi-node-labeler from v1.1.3 to v1.1.5
  • cert-exporter from v2.9.9 to v2.9.13
  • cert-manager from v3.9.2 to v3.9.4
  • cilium from v1.3.0 to v1.3.1
  • coredns from v1.27.0 to v1.28.2
  • etcd-defrag from v1.0.8 to v1.2.2
  • etcd-k8s-res-count-exporter from v1.10.7 to v1.10.10
  • k8s-audit-metrics from v0.10.6 to v0.10.9
  • node-exporter from v1.20.5 to v1.20.8
  • observability-bundle from v2.2.2 to v2.3.2
  • security-bundle from v1.12.0 to v1.14.0
  • vertical-pod-autoscaler from v6.0.1 to v6.1.1
  • vertical-pod-autoscaler-crd from v4.0.1 to v4.1.1

  capi-node-labeler v1.1.3…v1.1.5

  Changed

  • Go: Update dependencies.
  • Go: Update dependencies.

  cert-exporter v2.9.9…v2.9.13

  Changed

  • Go: Update dependencies.
  • Go: Update dependencies.
  • Chart: Add value to toggle creation of Daemonset resources.
  • Go: Update dependencies.

  cert-manager v3.9.2…v3.9.4

  Added

  • Add E2E tests using apptest-framework for automated PR testing across multiple providers (CAPA, CAPV, CAPZ, CAPVCD).
    • Basic test suite: Validates fresh installations
    • Upgrade test suite: Tests upgrade scenarios and certificate reconciliation
  • Add certificate issuance integration test to cluster-test-suites.

  Changed

  • Upgrade cert-manager to v1.18.2.
  • Fix missing targetPort in cainjector-service

  cilium v1.3.0…v1.3.1

  Changed

  • Upgrade Cilium to v1.18.2.

  coredns v1.27.0…v1.28.2

  Changed

  • Update coredns image to 1.13.1.
  • Add value to toggle creation of controlplane deployment.
  • Update coredns image to 1.13.0.

  etcd-defrag v1.0.8…v1.2.2

  Changed

  • Chart: Update dependency ahrtr/etcd-defrag to v0.35.0. (#64)
  • Chart: Update dependency ahrtr/etcd-defrag to v0.34.0. (#62)
  • Chart: Update dependency ahrtr/etcd-defrag to v0.33.0. (#60)
  • Update Kyverno API to v2 for policy exceptions
  • Chart: Update dependency ahrtr/etcd-defrag to v0.32.0. (#57)

  etcd-k8s-res-count-exporter v1.10.7…v1.10.10

  Changed

  • Go: Update dependencies.
  • Go: Update dependencies.
  • Update Kyverno API to v2 for policy exceptions
  • Go: Update dependencies.

  k8s-audit-metrics v0.10.6…v0.10.9

  Changed

  • Go: Update dependencies.
  • Go: Update dependencies.
  • Update Kyverno API to v2 for policy exceptions
  • Go: Update dependencies.

  node-exporter v1.20.5…v1.20.8

  Changed

  • Go: Update dependencies.
  • Go: Update dependencies.
  • Update Kyverno API to v2 for policy exceptions
  • Go: Update dependencies.

  observability-bundle v2.2.2…v2.3.2

  Added

  • Add KSM metrics for cloudnative-pg Cluster objects

  Changed

  • Update alloy-app to 0.15.0
    • Bumps alloy to 1.11.0

  Fixed

  • Update alloy-app to 0.15.1
    • Bumps alloy to 1.11.2

  security-bundle v1.12.0…v1.14.0

  Changed

  • Update kyverno (app) to v0.20.1.
  • Update kyverno-crds (app) to v1.14.0.
  • Update kyverno-policies (app) to v0.24.0.
  • Update reports-server (app) to v0.0.3.
  • Revert previous kyverno update (#536, #531, #538).
  • Update kyverno-policy-operator (app) to v0.1.6.
  • Update kyverno (app) to v0.20.0.
  • Update kyverno-crds (app) to v1.14.0.
  • Update kyverno-policies (app) to v0.24.0.
  • Update kyverno-policy-operator (app) to v0.1.5.
  • Update trivy-operator (app) to v0.12.1.
  • Update trivy (app) to v0.14.1.
  • Update falco (app) to v0.11.0.

  vertical-pod-autoscaler v6.0.1…v6.1.1

  Changed

  • Chart: Update Helm release vertical-pod-autoscaler to v11.1.1. (#375)
  • Chart: Update Helm release vertical-pod-autoscaler to v11.1.0. (#372)

  vertical-pod-autoscaler-crd v4.0.1…v4.1.1

  Changed

  • Chart: Sync to upstream. (#166)
  • Chart: Sync to upstream. (#164)
• Sep 15, 2025 CAPVCD releases releases cloud-director-32.0.0

  WARNING: With Flatcar 4230.2.0, cgroups v1 backwards compatibility has been removed. This means that enabling legacy cgroups v1 is no longer supported and nodes still using them will fail to update.

  Changes compared to v31.1.1

  Components

  • cluster-cloud-director from v0.68.1 to v1.0.0
  • Flatcar from v4152.2.3 to v4230.2.2
  • Kubernetes from v1.31.11 to v1.32.9

  cluster-cloud-director v0.68.1…v1.0.0

  Changed

  • Chart: Update cluster to v3.0.1.
    • BREAKING CHANGE: Cgroups v1 is not supported anymore. The .internal.advancedConfiguration.cgroupsv1 and .global.nodePools.().cgroupsv1 flags have been removed.
    • Chart: Simplify containerd configuration by using a single config file for both control-plane and worker nodes.
  • Chart: Update cluster to v2.6.2.
  • Chart: Update cluster to v2.6.1.

  Apps

  • capi-node-labeler from v1.1.2 to v1.1.3
  • cert-exporter from v2.9.8 to v2.9.9
  • cert-manager from v3.9.1 to v3.9.2
  • cilium from v1.2.2 to v1.3.0
  • coredns from v1.26.0 to v1.27.0
  • etcd-defrag from v1.0.6 to v1.0.8
  • etcd-k8s-res-count-exporter from v1.10.6 to v1.10.7
  • k8s-audit-metrics from v0.10.5 to v0.10.6
  • k8s-dns-node-cache from v2.9.0 to v2.9.1
  • metrics-server from v2.6.0 to v2.7.0
  • node-exporter from v1.20.4 to v1.20.5
  • observability-bundle from v2.0.0 to v2.2.2
  • vertical-pod-autoscaler from v5.5.1 to v6.0.1
  • vertical-pod-autoscaler-crd from v3.3.1 to v4.0.1

  capi-node-labeler v1.1.2…v1.1.3

  Changed

  • Go: Update dependencies.

  cert-exporter v2.9.8…v2.9.9

  Changed

  • Go: Update dependencies.

  cert-manager v3.9.1…v3.9.2

  Changed

  • Add alloy ingress rules for cainjector metrics ingestion.

  cilium v1.2.2…v1.3.0

  Changed

  • Upgrade Cilium to v1.18.1.
  • Improve the k8s service host autodiscovery mechanism
  • Upgrade Cilium to v1.17.7.

  coredns v1.26.0…v1.27.0

  Changed

  • Updated E2E tests to use apptest-framework v1.14.0
  • Update coredns image to 1.12.3.

  etcd-defrag v1.0.6…v1.0.8

  Changed

  • Chart: Update dependency ahrtr/etcd-defrag to v0.31.0. (#52)
  • Chart: Update dependency ahrtr/etcd-defrag to v0.30.0. (#46)

  etcd-k8s-res-count-exporter v1.10.6…v1.10.7

  Changed

  • Go: Update dependencies.

  k8s-audit-metrics v0.10.5…v0.10.6

  Changed

  • Go: Update dependencies.

  k8s-dns-node-cache v2.9.0…v2.9.1

  Changed

  • Update PolicyException apiVersion to v2.

  metrics-server v2.6.0…v2.7.0

  Changed

  • Chart: Update PolicyExceptions to v2.

  node-exporter v1.20.4…v1.20.5

  Changed

  • Go: Update dependencies.

  observability-bundle v2.0.0…v2.2.2

  Added

  • Add KSM metrics for IRSAClaim objects

  Changed

  • Upgrade kube-prometheus-stack-app to 18.1.0
    • Add relabeling rules from cluster-api-monitoring-app so that cluster_id label points to the workload cluster name as expected in some alert definitions
  • Upgrade kube-prometheus-stack to 77.0.1
    • Bumps prometheus-operator and CRDs to 0.85.0
  • Update alloy-app to 0.13.0
  • Upgrade kube-prometheus-stack to 76.4.0
    • Bumps prometheus-operator and CRDs to 0.84.1
    • Bumps prometheus to 3.5.0
  • Update alloy-app to 0.12.1
    • Bumps alloy to 1.10.1

  vertical-pod-autoscaler v5.5.1…v6.0.1

  Changed

  • Chart: Update Helm release vertical-pod-autoscaler to v11.0.1. (#370)
  • Chart: Update Helm release vertical-pod-autoscaler to v11.0.0. (#362)

  vertical-pod-autoscaler-crd v3.3.1…v4.0.1

  Changed

  • Chart: Sync to upstream. (#162)
  • Chart: Sync to upstream. (#154)
• Aug 21, 2025 CAPVCD releases releases cloud-director-31.1.1

  This release updates the cluster-cloud-director chart and the underlying cluster chart to address an issue around Helm values schema validation uncovered by newer Helm versions.

  Changes compared to v31.1.0

  Components

  • cluster-cloud-director from v0.68.0 to v0.68.1

  cluster-cloud-director v0.68.0…v0.68.1

  Changed

  • Chart: Update cluster to v2.5.1.