v1.12.2

👌 Kubernetes version support

• Management Cluster: v1.31.x -> v1.35.x
• Workload Cluster: v1.29.x -> v1.35.x

More information about version support can be found here

Changes since v1.12.1

📈 Overview

• 14 new commits merged
• 4 bugs fixed 🐛

🐛 Bug Fixes

• API: Fix v1beta1 ControlPlane contract to handle .status.initialized correctly (#13188)
• ClusterClass: Allow adding spec via ClusterClass JSON patches (#13226)
• Runtime SDK: Improve client cert/key rotation of the RuntimeSDK client (#13217)
• Testing: Fix webhook envtest tests for Kubernetes < v1.35 (#13172)

🌱 Others

• CI: Use env test 1.35.0 (#13169)
• ClusterClass: Improve topology diff (#13173)
• Dependency: Bump Go to v1.24.12 (#13241)
• Dependency: Bump to controller-runtime v0.22.5 (#13246)
• KCP: Remove the ControlPlaneKubeletLocalMode for kubeadm 1.36 later (#13211)
• MachineHealthCheck: Decrease verbosity for MHC log entry (#13203)

📖 Additionally, there have been 4 contributions to our documentation and book. (#13197, #13198, #13208, #13219)

Dependencies

Added

Nothing has changed.

Changed

• k8s.io/api: v0.34.2 → v0.34.3
• k8s.io/apiextensions-apiserver: v0.34.2 → v0.34.3
• k8s.io/apimachinery: v0.34.2 → v0.34.3
• k8s.io/apiserver: v0.34.2 → v0.34.3
• k8s.io/client-go: v0.34.2 → v0.34.3
• k8s.io/code-generator: v0.34.2 → v0.34.3
• k8s.io/component-base: v0.34.2 → v0.34.3
• k8s.io/kms: v0.34.2 → v0.34.3
• sigs.k8s.io/controller-runtime: v0.22.4 → v0.22.5

Removed

Nothing has changed.

Thanks to all our contributors! 😊

v1.11.5

👌 Kubernetes version support

• Management Cluster: v1.30.x -> v1.34.x
• Workload Cluster: v1.28.x -> v1.34.x

More information about version support can be found here

Changes since v1.11.4

📈 Overview

• 5 new commits merged
• 4 bugs fixed 🐛

🐛 Bug Fixes

• API: Fix v1beta1 ControlPlane contract to handle .status.initialized correctly (#13189)
• ClusterClass: Allow adding spec via ClusterClass JSON patches (#13227)
• KCP: Grant delete permissions to Secrets. (#13230)
• Runtime SDK: Improve client cert/key rotation of the RuntimeSDK client (#13214)

🌱 Others

• Dependency: Bump Go to v1.24.12 (#13244)

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

Thanks to all our contributors! 😊

v1.10.10

👌 Kubernetes version support

• Management Cluster: v1.28.x -> v1.33.x
• Workload Cluster: v1.26.x -> v1.33.x

More information about version support can be found here

Changes since v1.10.9

📈 Overview

• 1 new commit merged
• 1 bug fixed 🐛

🐛 Bug Fixes

• Runtime SDK: Improve client cert/key rotation of the RuntimeSDK client (#13215)

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

Thanks to all our contributors! 😊

v1.12.1

👌 Kubernetes version support

• Management Cluster: v1.31.x -> v1.35.x
• Workload Cluster: v1.29.x -> v1.35.x

More information about version support can be found here

Highlights

• Support for Kubernetes v1.35

Changes since v1.12.0

📈 Overview

• 8 new commits merged
• 1 bug fixed 🐛

🐛 Bug Fixes

• KCP/MachineSet: Preserve existing object names for backward compatibility with pre-v1.7 in-place updates (#13147)

🌱 Others

• CI: Bump Kubernetes version used for testing to v1.35.0-rc.1 (#13139)
• e2e: Bump kind to v0.31.0 (#13163)
• e2e: Bump Kubernetes version used for testing to v1.35.0 (#13161)
• e2e: Bump to etcd-v3.6.6-0 (#13145)

📖 Additionally, there have been 3 contributions to our documentation and book. (#13141, #13154, #13160)

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

Thanks to all our contributors! 😊

v1.12.0

👌 Kubernetes version support

• Management Cluster: v1.31.x -> v1.34.x
• Workload Cluster: v1.29.x -> v1.34.x

More information about version support can be found here

Highlights

• Bumped to Go 1.24, controller-runtime v0.22, k8s.io/* v0.34, controller-gen v0.19
• In-place updates
  • Cluster API introduces support for update extensions allowing users to execute changes on existing machines without deleting the machines and creating a new one.
  • Both KCP and Machine deployments support in-place updates based on the new update extension
  • Can be enabled with the new InPlaceUpdates feature gate
  • More details can be found in the proposal
• Chained upgrades
  • Clusters using managed topologies can now upgrade by more than one minor Kubernetes version by performing chained and efficient upgrades.
  • Upgrade plan will be computed using Kubernetes version from the ClusterClass or by calling a new runtimeExtension (also defined in the ClusterClass)
  • Existing lifecycle hooks have been adapted to the new workflow, new lifecycle hooks have been introduced to allow granular control of the upgrade steps.
  • More details can be found in the proposal
• MachineHealthCheck: Add support for checking Machine conditions (#12827)
• Machine: First part of the Taint propagation proposal (Machine/MachineSet/MachineDeployment) (#12936, #12966)
  • Feature tracking issue
  • Can be enabled with the new MachineTaintPropagation feature gate
• KCP/CABPK: Add EncryptionAlgorithm field to Kubeadmconfig to support keys generated with RSA-3072, RSA-4096, ECDSA-P256, ECDSA-P384 (#12859)
• Introduce ReconcilerRateLimiting feature (#13006)
  • Can be enabled with the new ReconcilerRateLimiting feature gate
  • Rate-limits all reconcilers to at most 1 request per second

Note: Cluster API is only supported on conformant Kubernetes Clusters and contract-relevant provider resources (e.g. InfraCluster) have to be implemented as CRDs (i.e. not via an aggregated apiserver).

Other changes

• clusterctl: Add conditions filter for clusterctl describe (#12991)
• clusterctl: clusterctl move blocks when Cluster or ClusterClass is paused (#12786)
• KCP: Enable websocket dialer with fallback to spdy (for communication with etcd) (#12902)
• Runtime SDK: Add defensive response status checking in runtime client (#12898)
• Improved logging across several controllers
• Improved e2e test coverage, e.g.: CAPD: Add scale from/to 0 support for CAPD (#12572)
• New providers in clusterctl: HCP (#12800) control plane provider, Metal3 IPAM provider (#12756), metal-stack infrastructure provider (#12925)

Deprecation and Removals Warning

• ClusterResourceSet: Remove deprecated ClusterResourceSet feature gate (#12950)
• Reminder: v1alpha3 & v1alpha4 will be removed in CAPI v1.13 (they are already not served since a while)
• Reminder: v1beta1 is on track to be unserved in CAPI v1.14
  • Reminder: Provider should start implementing the v1beta2 contract ASAP.

For additional details for providers, please take a look at Cluster API v1.11 compared to v1.12.

Changes since v1.11.0

📈 Overview

• 298 new commits merged
• 5 breaking changes ⚠️
• 42 feature additions ✨
• 42 bugs fixed 🐛

⚠️ Breaking Changes

• CI: Improve KAL config docs for forbidding OpenAPI defaulting (#12869)
• clusterctl: Block move when Cluster or ClusterClass is paused (#12786)
• Dependency: Bump to controller-runtime v0.22 & controller-tools v0.19 (#12634)
• Runtime SDK: Improve chained upgrade observability (#12973)
• Runtime SDK: Make the AfterClusterUpgrade hook blocking (#12984)

✨ New Features

• API/Machine/MachineSet/MachineDeployment: Machine related API changes, conversion and feature gate (#12936)
• CABPK: Add EncryptionAlgorithm to Kubeadmconfig (#12859)
• CAPD: Add scale from/to 0 support for CAPD (#12572)
• CI: Bump autoscaler to a9cb59fdd (#12643)
• CI: Bump Kubernetes in tests to v1.34.0 and claim support for v1.34 (#12699)
• ClusterCache/KCP: Deprecate GetClientCertificatePrivateKey and stop using it in KCP (#12846)
• ClusterCache: Add GetUncachedClient() (#12803)
• ClusterClass: Add .spec.upgrade.external.generateUpgradePlanExtension field to ClusterClass (#12809)
• ClusterClass: Add types and hook for GenerateUpgradePlan (#12823)
• ClusterClass: Additional validation in Cluster/ClusterClass webhook for chained upgrades (#12816)
• ClusterClass: Call GenerateUpgradePlanRequest Runtime Extension (#12903)
• ClusterClass: Implement core logic for chained upgrades (#12726)
• clusterctl: Add conditions filter for clusterctl describe (#12991)
• Control-plane: Add new control-plane provider HCP (#12800)
• e2e: Bump Kubernetes version used for testing to v1.34.0-rc.1 (#12623)
• e2e: Bump Kubernetes version used for testing to v1.34.0-rc.2 (#12658)
• e2e: Bump Kubernetes version used for testing to v1.35.0-beta.0 (#13029)
• e2e: Change RuntimeSDK e2e test ClusterClass to use GenerateUpgradePlan extension (#12955)
• e2e: Implement e2e test for in-place updates (#12938)
• KCP/CABPK/CI: Bump KAL to pick up latest requiredfields linter, add Min/MaxLength to BootstrapToken (#12563)
• KCP/MachineSet: Refactor BootstrapConfig/InfraMachine managedFields for in-place (#12890)
• KCP: Bump coredns/corefile-migration to v1.0.28 (#12748)
• KCP: Bump coredns/corefile-migration to v1.0.29 (#12862)
• KCP: Bump corefile-migration to v1.0.27 (#12636)
• KCP: Compare ClusterConfiguration via KubeadmConfig instead of annotation on Machine (#12758)
• KCP: Extend rollout logic for in-place updates (#12840)
• KCP: Implement CanUpdateMachine (#12857)
• KCP: Implement trigger in-place update (#12897)
• Machine: Add in-place updates support for machine controller (#12831)
• MachineDeployment: Add in-place to rollout planner (#12865)
• MachineDeployment: Implement CanUpdateMachineSet (#12965)
• MachineHealthCheck: Add support for checking Machine conditions in MachineHealthCheck (#12827)
• Misc: Add inplace updates featuregate (#12755)
• Misc: Improve logs, errors and conditions (#12992)
• Misc: Introduce & use wait for cache utils (#12957)
• Misc: Introduce reconciler rate-limiting and hook caching (#13006)
• Runtime SDK/IPAM/MachinePool: Cleanup exp packages (#12651)
• Runtime SDK: Add in-place update hooks to API (#12343)
• Runtime SDK: Add lifecycle hooks for chained-upgrade (#12878)
• Runtime SDK: Call new lifecycle hooks for chained-upgrades (#12891)
• Runtime SDK: Ensure ExtensionConfig controller can be used outside of the core provider (#12754)
• Runtime SDK: Implement GenerateUpgradePlan handler (#12927)

🐛 Bug Fixes

• API: Only try to convert infraRefs if they are set (#12686)
• API: Register conversion funcs in schemes (#12687)
• CABPK: Always use latest apiVersion when getting owner of KubeadmConfig in CABPK (#12685)
• CAPD: CAPD on rootless podman (#12941)
• CAPD: Fix the format error of healthCheck in test templates (#12787)
• CAPD: Remove finalizers during deletion if ownerRef was never set (#12675)
• CAPD: Run CAPD conversion tests in CI (#12583)
• CAPIM: Eliminate data race in DialContext (#12778)
• ClusterClass/MachinePool: Fix MP error in desired state calculation during Cluster creation (#12607)
• ClusterClass: Do not overwrite global http.DefaultClient TLSConfig (#13063)
• ClusterClass: Ensure holder field path in GeneratePatchRequest is set based on contract (#12684)
• ClusterClass: Fix field paths in ClusterClass compatibility validation errors (#12660)
• ClusterClass: Fix wait for cache in reconcile_state.go (#13032)
• ClusterClass: Stop adding conversion-data annotation to Cluster object (#12719)
• ClusterClass: Stop writing zero values for spec.controlPlaneEndpoint to ControlPlane objects (#12958)
• clusterctl: Removing Ready/Available prefix from STATUS Column (#12729)
• clusterctl: Verify providers need upgrade before applying (#12753)
• Devtools: Fix kube-state-metrics deployment (#13024)
• e2e: Do not require kubetest configration if not needed (#12948)
• e2e: Fix autoscaler e2e test flake (#12613)
• e2e: Fix e2e test issues introduced by chained upgrades (#12766)
• e2e: Fix objects with Changed Resource Versions flake (#12848)
• e2e: Fix upgrade runtimesdk test (#12833)
• e2e: Fix WaitForMachinesReady interval (#13051)
• e2e: Increase reconcile timeout for DockerMachine (#13099)
• e2e: Propagate clusterctl variables for cluster upgrades (#12949)
• KCP: Fix ControlPlaneComponentHealthCheckSeconds validation in KubeadmConfigSpec.Validate (#12609)
• KCP: Fix conversion issue in KubeadmControlPlaneTemplate with rolloutStrategy.type (#12608)
• KCP: Fix KCP KubeadmConfig isJoin detection (#13035)
• KCP: Grant delete permissions to Secrets. (#13097)
• Machine/MachinePool: Fix MachinePool nodeRef UID mismatch after K8s upgrade (#12392)
• Machine/MachineSet: Use MachineSet template values in completeMoveMachine for in-place updates (#13085)
• MachineDeployment: Fix race conditions ScaleDownOldMS (#12812)
• MachineDeployment: Fix race conditions ScaleDownOldMS OnDelete (#12830)
• MachineDeployment: Fix rollout with unavailable machines (#13020)
  -...

v1.11.4

👌 Kubernetes version support

• Management Cluster: v1.30.x -> v1.34.x
• Workload Cluster: v1.28.x -> v1.34.x

More information about version support can be found here

Changes since v1.11.3

📈 Overview

• 19 new commits merged
• 4 bugs fixed 🐛

🐛 Bug Fixes

• ClusterClass: Do not overwrite global http.DefaultClient TLSConfig (#13062)
• ClusterClass: Stop writing zero values for spec.controlPlaneEndpoint to ControlPlane objects (#12982)
• e2e: Fix WaitForMachinesReady interval (#13052)
• util: Fix a panic in conditions.Delete method if the sources condition list is empty (#13054)

🌱 Others

• API: Relax validation for Machine .status.addresses to maximum of 128 instead of 32 items (#13091)
• CI: Ensure KAL is compiled using golangci-lint v2.7.0 (#13107)
• Dependency: Bump Go to v1.24.10 (#12963)
• Dependency: Bump Go to v1.24.11 (#13112)
• Dependency: Bump golang.org/x/crypto to v0.45 to fix CVE (#13037)
• e2e: Allow usage of v1beta1 and v1beta2 for MachinePools in clusterctl upgrade (#13023)
• e2e: Do not expect Machines for MachinePools not supporting Machines (#13078)
• e2e: Make clusterctl upgrade test to work when there are no machines (#13073)
• e2e: Skip test using outdated docker client (#13127)
• e2e: Use crane to pre-pull images instead of docker pull (#13120)
• e2e: Use wait-machine-upgrade timeout in ClusterClassChanges tests to wait for machines to be ready (#13022)
• KCP: Avoid KCP rollouts if only ControlPlaneComponentHealthCheckSeconds is changed (#13030)
• KCP: Fix race condition on KCP initialized condition (#12986)
• Runtime SDK: Add httpClientCache to runtime client (#13083)

📖 Additionally, there has been 1 contribution to our documentation and book. (#12999)

Dependencies

Added

Nothing has changed.

Changed

• golang.org/x/crypto: v0.40.0 → v0.45.0
• golang.org/x/mod: v0.25.0 → v0.29.0
• golang.org/x/net: v0.42.0 → v0.47.0
• golang.org/x/sync: v0.16.0 → v0.18.0
• golang.org/x/sys: v0.34.0 → v0.38.0
• golang.org/x/telemetry: bda5523 → 078029d
• golang.org/x/term: v0.33.0 → v0.37.0
• golang.org/x/text: v0.27.0 → v0.31.0
• golang.org/x/tools: v0.34.0 → v0.38.0

Removed

Nothing has changed.

Thanks to all our contributors! 😊

v1.10.9

👌 Kubernetes version support

• Management Cluster: v1.28.x -> v1.33.x
• Workload Cluster: v1.26.x -> v1.33.x

More information about version support can be found here

Changes since v1.10.8

📈 Overview

• 10 new commits merged
• 1 bug fixed 🐛

🐛 Bug Fixes

• ClusterClass: Do not overwrite global http.DefaultClient TLSConfig (#13061)

🌱 Others

• CI: Ignore CVE-2025-47914 & CVE-2025-58181 in trivy scans (#13038)
• Dependency: [release-1.10] Bump Go to v1.24.11 (#13132)
• Dependency: Also set godebug on modules (#12967)
• Dependency: Bump Go to v1.24.10 (#12964)
• Dependency: Bump Go version to 1.24.9 (#12945)
• e2e: Skip test using outdated docker client (#13129)
• e2e: Temporarily disable KAL in CI (#13128)
• e2e: Use crane to pre-pull images instead of docker pull (#13131)
• Runtime SDK: Add httpClientCache to runtime client (#13084)

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

Thanks to all our contributors! 😊

v1.12.0-rc.1

🚨 This is a RELEASE CANDIDATE. Use it only for testing purposes. If you find any bugs, file an issue.

👌 Kubernetes version support

• Management Cluster: v1.31.x -> v1.34.x
• Workload Cluster: v1.29.x -> v1.34.x

More information about version support can be found here

Highlights

• Bumped to Go 1.24, controller-runtime v0.22, k8s.io/* v0.34, controller-gen v0.19
• In-place updates
  • Cluster API introduces support for update extensions allowing users to execute changes on existing machines without deleting the machines and creating a new one.
  • Both KCP and Machine deployments support in-place updates based on the new update extension
  • Can be enabled with the new InPlaceUpdates feature gate
  • More details can be found in the proposal
• Chained upgrades
  • Clusters using managed topologies can now upgrade by more than one minor Kubernetes version by performing chained and efficient upgrades.
  • Upgrade plan will be computed using Kubernetes version from the ClusterClass or by calling a new runtimeExtension (also defined in the ClusterClass)
  • Existing lifecycle hooks have been adapted to the new workflow, new lifecycle hooks have been introduced to allow granular control of the upgrade steps.
  • More details can be found in the proposal
• MachineHealthCheck: Add support for checking Machine conditions (#12827)
• Machine: First part of the Taint propagation proposal (Machine/MachineSet/MachineDeployment) (#12936, #12966)
  • Feature tracking issue
  • Can be enabled with the new MachineTaintPropagation feature gate
• KCP/CABPK: Add EncryptionAlgorithm field to Kubeadmconfig to support keys generated with RSA-3072, RSA-4096, ECDSA-P256, ECDSA-P384 (#12859)
• Introduce ReconcilerRateLimiting feature (#13006)
  • Can be enabled with the new ReconcilerRateLimiting feature gate
  • Rate-limits all reconcilers to at most 1 request per second

Note: Cluster API is only supported on conformant Kubernetes Clusters and contract-relevant provider resources (e.g. InfraCluster) have to be implemented as CRDs (i.e. not via an aggregated apiserver).

Other changes

• clusterctl: Add conditions filter for clusterctl describe (#12991)
• clusterctl: clusterctl move blocks when Cluster or ClusterClass is paused (#12786)
• KCP: Enable websocket dialer with fallback to spdy (for communication with etcd) (#12902)
• Runtime SDK: Add defensive response status checking in runtime client (#12898)
• Improved logging across several controllers
• Improved e2e test coverage, e.g.: CAPD: Add scale from/to 0 support for CAPD (#12572)
• New providers in clusterctl: HCP (#12800) control plane provider, Metal3 IPAM provider (#12756), metal-stack infrastructure provider (#12925)

Deprecation and Removals Warning

• ClusterResourceSet: Remove deprecated ClusterResourceSet feature gate (#12950)
• Reminder: v1alpha3 & v1alpha4 will be removed in CAPI v1.13 (they are already not served since a while)
• Reminder: v1beta1 is on track to be unserved in CAPI v1.14
  • Reminder: Provider should start implementing the v1beta2 contract ASAP.

For additional details for providers, please take a look at Cluster API v1.11 compared to v1.12.

Changes since v1.12.0-rc.0

📈 Overview

• 14 new commits merged
• 7 bugs fixed 🐛

🐛 Bug Fixes

• ClusterClass: Do not overwrite global http.DefaultClient TLSConfig (#13063)
• e2e: Fix WaitForMachinesReady interval (#13051)
• e2e: Increase reconcile timeout for DockerMachine (#13099)
• KCP: Grant delete permissions to Secrets. (#13097)
• Machine/MachineSet: Use MachineSet template values in completeMoveMachine for in-place updates (#13085)
• Testing/e2e: Fix unit test flakes, improve clusterctl download error in e2e tests (#13056)
• util: Fix a panic in conditions.Delete method if the sources condition list is empty (#13053)

🌱 Others

• API: Relax validation for Machine .status.addresses to maximum of 128 instead of 32 items (#13090)
• CI: Bump softprops/action-gh-release from 2.4.2 to 2.5.0 in the all-github-actions group (#13094)
• e2e: Do not expect Machines for MachinePools not supporting Machines (#13077)
• e2e: Make clusterctl upgrade test to work when there are no machines (#13074)
• Runtime SDK: Add httpClientCache to runtime client (#13080)

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

More details about the release

Changes since v1.11.0

📈 Overview

• 287 new commits merged
• 5 breaking changes ⚠️
• 42 feature additions ✨
• 42 bugs fixed 🐛

⚠️ Breaking Changes

• CI: Improve KAL config docs for forbidding OpenAPI defaulting (#12869)
• clusterctl: Block move when Cluster or ClusterClass is paused (#12786)
• Dependency: Bump to controller-runtime v0.22 & controller-tools v0.19 (#12634)
• Runtime SDK: Improve chained upgrade observability (#12973)
• Runtime SDK: Make the AfterClusterUpgrade hook blocking (#12984)

✨ New Features

• API/Machine/MachineSet/MachineDeployment: Machine related API changes, conversion and feature gate (#12936)
• CABPK: Add EncryptionAlgorithm to Kubeadmconfig (#12859)
• CAPD: Add scale from/to 0 support for CAPD (#12572)
• CI: Bump autoscaler to a9cb59fdd (#12643)
• CI: Bump Kubernetes in tests to v1.34.0 and claim support for v1.34 (#12699)
• ClusterCache/KCP: Deprecate GetClientCertificatePrivateKey and stop using it in KCP (#12846)
• ClusterCache: Add GetUncachedClient() (#12803)
• ClusterClass: Add .spec.upgrade.external.generateUpgradePlanExtension field to ClusterClass (#12809)
• ClusterClass: Add types and hook for GenerateUpgradePlan (#12823)
• ClusterClass: Additional validation in Cluster/ClusterClass webhook for chained upgrades (#12816)
• ClusterClass: Call GenerateUpgradePlanRequest Runtime Extension (#12903)
• ClusterClass: Implement core logic for chained upgrades (#12726)
• clusterctl: Add conditions filter for clusterctl describe (#12991)
• Control-plane: Add new control-plane provider HCP (#12800)
• e2e: Bump Kubernetes version used for testing to v1.34.0-rc.1 (#12623)
• e2e: Bump Kubernetes version used for testing to v1.34.0-rc.2 (#12658)
• e2e: Bump Kubernetes version used for testing to v1.35.0-beta.0 (#13029)
• e2e: Change RuntimeSDK e2e test ClusterClass to use GenerateUpgradePlan extension (#12955)
• e2e: Implement e2e test for in-place updates (#12938)
• KCP/CABPK/CI: Bump KAL to pick up latest requiredfields linter, add Min/MaxLength to BootstrapToken (#12563)
• KCP/MachineSet: Refactor BootstrapConfig/InfraMachine managedFields for in-place (#12890)
• KCP: Bump coredns/corefile-migration to v1.0.28 (#12748)
• KCP: Bump coredns/corefile-migration to v1.0.29 (#12862)
• KCP: Bump corefile-migration to v1.0.27 (#12636)
• KCP: Compare ClusterConfiguration via KubeadmConfig instead of annotation on Machine (#12758)
• KCP: Extend rollout logic for in-place updates (#12840)
• KCP: Implement CanUpdateMachine (#12857)
• KCP: Implement trigger in-place update (#12897)
• Machine: Add in-place updates support for machine controller (#12831)
• MachineDeployment: Add in-place to rollout planner (#12865)
• MachineDeployment: Implement CanUpdateMachineSet (#12965)
• MachineHealthCheck: Add support for checking Machine conditions in MachineHealthCheck (#12827)
• Misc: Add inplace updates featuregate (#12755)
• Misc: Improve logs, errors and conditions (#12992)
• Misc: Introduce & use wait for cache utils (#12957)
• Misc: Introduce reconciler rate-limiting and hook caching (#13006)
• Runtime SDK/IPAM/MachinePool: Cleanup exp packages (#12651)
• Runtime SDK: Add in-place update hooks to API (#12343)
• Runtime SDK: Add lifecycle hooks for chained-upgrade (#12878)
• Runtime SDK: Call new lifecycle hooks for chained-upgrades (#12891)
• Runtime SDK: Ensure ExtensionConfig controller can be used outside of the core provider (#12754)
• Runtime SDK: Implement GenerateUpgradePlan handler (#12927)

🐛 Bug Fixes

• API: Only try to convert infraRefs if they are set (#12686)
• API: Register conversion funcs in schemes (#12687)
• CABPK: Always use latest apiVersion when getting owner of KubeadmConfig in CABPK (#12685)
• CAPD: CAPD on rootless podman (#12941)
• CAPD: Fix the format error of healthCheck in test templates (#12787)
• CAPD: Remove finalizers during deletion if ownerRef was never set (#12675)
• CAPD: Run CAPD conversion tests in CI (#12583)
• CAPIM: Eliminate data race in DialContext (#12778)
• ClusterClass/MachinePool: Fix MP error in desired state calculation during Cluster creation (#12607)
• ClusterClass: Do not overwrite global http.DefaultClient TLSConfig (#13063)
• ClusterClass: Ensure holder field path in GeneratePatchRequest is set based on contract (#12684)
• ClusterClass: Fix field paths in ClusterClass compatibility validation errors (#12660)
• ClusterClass: Fix wait for cache in reconcile_state.go (#13032)
• ClusterClass: Stop adding conversion-data annotation to Cluster object (#12719...

v1.12.0-rc.0

🚨 This is a RELEASE CANDIDATE. Use it only for testing purposes. If you find any bugs, file an issue.

⚠️ RELEASE CANDIDATE NOTES ⚠️

👌 Kubernetes version support

• Management Cluster: v1.31.x -> v1.34.x
• Workload Cluster: v1.29.x -> v1.34.x

More information about version support can be found here

Highlights

• Bumped to Go 1.24, controller-runtime v0.22, k8s.io/* v0.34, controller-gen v0.19
• In-place updates
  • Can be enabled with the new InPlaceUpdates feature gate
  • More details can be found in the proposal
• Chained upgrades
  • More details can be found in the proposal
  • Runtime SDK: Make the AfterClusterUpgrade hook blocking (#12984)
• MachineHealthCheck: Add support for checking Machine conditions (#12827)
• Machine: First part of the Taint propagation proposal (Machine/MachineSet/MachineDeployment) (#12936, #12966)
  • Feature tracking issue
  • Can be enabled with the new MachineTaintPropagation feature gate
• KCP/CABPK: Add EncryptionAlgorithm field to Kubeadmconfig to support keys generated with RSA-3072, RSA-4096, ECDSA-P256, ECDSA-P384 (#12859)
• Introduce ReconcilerRateLimiting feature (#13006)
  • Can be enabled with the new ReconcilerRateLimiting feature gate
  • Rate-limits all reconcilers to at most 1 request per second

Note: Cluster API is only supported on conformant Kubernetes Clusters and contract-relevant provider resources (e.g. InfraCluster) have to be implemented as CRDs (i.e. not via an aggregated apiserver).

Other changes

• clusterctl: Add conditions filter for clusterctl describe (#12991)
• clusterctl: clusterctl move blocks when Cluster or ClusterClass is paused (#12786)
• KCP: Enable websocket dialer with fallback to spdy (for communication with etcd) (#12902)
• Runtime SDK: Add defensive response status checking in runtime client (#12898)
• Improved logging across several controllers
• Improved e2e test coverage, e.g.: CAPD: Add scale from/to 0 support for CAPD (#12572)
• New providers in clusterctl: HCP (#12800) control plane provider, Metal3 IPAM provider (#12756), metal-stack infrastructure provider (#12925)

Deprecation and Removals Warning

• ClusterResourceSet: Remove deprecated ClusterResourceSet feature gate (#12950)
• Reminder: v1alpha3 & v1alpha4 will be removed in CAPI v1.13 (they are already not served since a while)
• Reminder: v1beta1 is on track to be unserved in CAPI v1.14
  • Reminder: Provider should start implementing the v1beta2 contract ASAP.

For additional details for providers, please take a look at Cluster API v1.11 compared to v1.12.

More details about the release

Changes since v1.11.0

📈 Overview

• 272 new commits merged
• 5 breaking changes ⚠️
• 42 feature additions ✨
• 35 bugs fixed 🐛

⚠️ Breaking Changes

• CI: Improve KAL config docs for forbidding OpenAPI defaulting (#12869)
• clusterctl: Block move when Cluster or ClusterClass is paused (#12786)
• Dependency: Bump to controller-runtime v0.22 & controller-tools v0.19 (#12634)
• Runtime SDK: Improve chained upgrade observability (#12973)
• Runtime SDK: Make the AfterClusterUpgrade hook blocking (#12984)

✨ New Features

• API/Machine/MachineSet/MachineDeployment: Machine related API changes, conversion and feature gate (#12936)
• CABPK: Add EncryptionAlgorithm to Kubeadmconfig (#12859)
• CAPD: Add scale from/to 0 support for CAPD (#12572)
• CI: Bump autoscaler to a9cb59fdd (#12643)
• CI: Bump Kubernetes in tests to v1.34.0 and claim support for v1.34 (#12699)
• ClusterCache/KCP: Deprecate GetClientCertificatePrivateKey and stop using it in KCP (#12846)
• ClusterCache: Add GetUncachedClient() (#12803)
• ClusterClass: Add .spec.upgrade.external.generateUpgradePlanExtension field to ClusterClass (#12809)
• ClusterClass: Add types and hook for GenerateUpgradePlan (#12823)
• ClusterClass: Additional validation in Cluster/ClusterClass webhook for chained upgrades (#12816)
• ClusterClass: Call GenerateUpgradePlanRequest Runtime Extension (#12903)
• ClusterClass: Implement core logic for chained upgrades (#12726)
• clusterctl: Add conditions filter for clusterctl describe (#12991)
• Control-plane: Add new control-plane provider HCP (#12800)
• e2e: Bump Kubernetes version used for testing to v1.34.0-rc.1 (#12623)
• e2e: Bump Kubernetes version used for testing to v1.34.0-rc.2 (#12658)
• e2e: Bump Kubernetes version used for testing to v1.35.0-beta.0 (#13029)
• e2e: Change RuntimeSDK e2e test ClusterClass to use GenerateUpgradePlan extension (#12955)
• e2e: Implement e2e test for in-place updates (#12938)
• KCP/CABPK/CI: Bump KAL to pick up latest requiredfields linter, add Min/MaxLength to BootstrapToken (#12563)
• KCP/MachineSet: Refactor BootstrapConfig/InfraMachine managedFields for in-place (#12890)
• KCP: Bump coredns/corefile-migration to v1.0.28 (#12748)
• KCP: Bump coredns/corefile-migration to v1.0.29 (#12862)
• KCP: Bump corefile-migration to v1.0.27 (#12636)
• KCP: Compare ClusterConfiguration via KubeadmConfig instead of annotation on Machine (#12758)
• KCP: Extend rollout logic for in-place updates (#12840)
• KCP: Implement CanUpdateMachine (#12857)
• KCP: Implement trigger in-place update (#12897)
• Machine: Add in-place updates support for machine controller (#12831)
• MachineDeployment: Add in-place to rollout planner (#12865)
• MachineDeployment: Implement CanUpdateMachineSet (#12965)
• MachineHealthCheck: Add support for checking Machine conditions in MachineHealthCheck (#12827)
• Misc: Add inplace updates featuregate (#12755)
• Misc: Improve logs, errors and conditions (#12992)
• Misc: Introduce & use wait for cache utils (#12957)
• Misc: Introduce reconciler rate-limiting and hook caching (#13006)
• Runtime SDK/IPAM/MachinePool: Cleanup exp packages (#12651)
• Runtime SDK: Add in-place update hooks to API (#12343)
• Runtime SDK: Add lifecycle hooks for chained-upgrade (#12878)
• Runtime SDK: Call new lifecycle hooks for chained-upgrades (#12891)
• Runtime SDK: Ensure ExtensionConfig controller can be used outside of the core provider (#12754)
• Runtime SDK: Implement GenerateUpgradePlan handler (#12927)

🐛 Bug Fixes

• API: Only try to convert infraRefs if they are set (#12686)
• API: Register conversion funcs in schemes (#12687)
• CABPK: Always use latest apiVersion when getting owner of KubeadmConfig in CABPK (#12685)
• CAPD: CAPD on rootless podman (#12941)
• CAPD: Fix the format error of healthCheck in test templates (#12787)
• CAPD: Remove finalizers during deletion if ownerRef was never set (#12675)
• CAPD: Run CAPD conversion tests in CI (#12583)
• CAPIM: Eliminate data race in DialContext (#12778)
• ClusterClass/MachinePool: Fix MP error in desired state calculation during Cluster creation (#12607)
• ClusterClass: Ensure holder field path in GeneratePatchRequest is set based on contract (#12684)
• ClusterClass: Fix field paths in ClusterClass compatibility validation errors (#12660)
• ClusterClass: Fix wait for cache in reconcile_state.go (#13032)
• ClusterClass: Stop adding conversion-data annotation to Cluster object (#12719)
• ClusterClass: Stop writing zero values for spec.controlPlaneEndpoint to ControlPlane objects (#12958)
• clusterctl: Removing Ready/Available prefix from STATUS Column (#12729)
• clusterctl: Verify providers need upgrade before applying (#12753)
• Devtools: Fix kube-state-metrics deployment (#13024)
• e2e: Do not require kubetest configration if not needed (#12948)
• e2e: Fix autoscaler e2e test flake (#12613)
• e2e: Fix e2e test issues introduced by chained upgrades (#12766)
• e2e: Fix objects with Changed Resource Versions flake (#12848)
• e2e: Fix upgrade runtimesdk test (#12833)
• e2e: Propagate clusterctl variables for cluster upgrades (#12949)
• KCP: Fix ControlPlaneComponentHealthCheckSeconds validation in KubeadmConfigSpec.Validate (#12609)
• KCP: Fix conversion issue in KubeadmControlPlaneTemplate with rolloutStrategy.type (#12608)
• KCP: Fix KCP KubeadmConfig isJoin detection (#13035)
• Machine/MachinePool: Fix MachinePool nodeRef UID mismatch after K8s upgrade (#12392)
• MachineDeployment: Fix race conditions ScaleDownOldMS (#12812)
• MachineDeployment: Fix race conditions ScaleDownOldMS OnDelete (#12830)
• MachineDeployment: Fix rollout with unavailable machines (#13020)
• Runtime SDK: Export ExtensionConfig webhook (#12598)
• Testing: Fix flaky TestFuzzyConversion (Cluster) test (#12618)
• Testing: Fix flaky TestReconcileMachinePhases unit test (#12616)
• Testing: Fix flaky TestReconcileState unit test (#12617)
• Testing: Fix KubeadmConfig fuzz test flake (#12679)

🌱 Others

• Autoscaling: Bump autoscaler in e2e tests to v1.33.1 (#12790)
• CABPK: Migrate from Requeue to RequeueAfter in CABPK (#12988)
• CAPD: Cleanup CAPD exp packages (#12672)
• CAPD: Recreate container if we re-enter reconciliation and it exists but is not running (#12923)
• CI: Add OpenAPI defaulting detection for KubeadmConfig by using forbiddenmarkers (#12851)
• CI: Block FIXME comments (#12772)
• CI: Bump KAL &...

v1.12.0-beta.1

🚨 This is a BETA RELEASE. Use it only for testing purposes. If you find any bugs, file an issue.

Changes since v1.12.0-beta.0

📈 Overview

• 48 new commits merged
• 2 breaking changes ⚠️
• 6 feature additions ✨
• 5 bugs fixed 🐛

⚠️ Breaking Changes

• Runtime SDK: Improve chained upgrade observability (#12973)
• Runtime SDK: Make the AfterClusterUpgrade hook blocking (#12984)

✨ New Features

• clusterctl: Add conditions filter for clusterctl describe (#12991)
• e2e: Change RuntimeSDK e2e test ClusterClass to use GenerateUpgradePlan extension (#12955)
• MachineDeployment: MD: Implement CanUpdateMachineSet (#12965)
• Misc: Improve logs, errors and conditions (#12992)
• Misc: Introduce & use wait for cache utils (#12957)
• API/Machine/MachineSet/MachineDeployment: Taint propagation: machine related API changes, conversion and feature gate (#12936)

🐛 Bug Fixes

• CAPD: Fix: CAPD on rootless podman (#12941)
• ClusterClass: Stop writing zero values for spec.controlPlaneEndpoint to ControlPlane objects (#12958)
• e2e: Do not require kubetest configration if not needed (#12948)
• e2e: Propagate clusterctl variables for cluster upgrades (#12949)
• Machine/MachinePool: Fix MachinePool nodeRef UID mismatch after K8s upgrade (#12392)

🌱 Others

• CABPK: Migrate from Requeue to RequeueAfter in CABPK (#12988)
• Cluster: Allow >1 minor version upgrades if generateUpgradePlan extension is defined (#12979)
• Cluster: Simplify Cluster webhook (#12895)
• ClusterClass: Improve topology reconciled condition (#13002)
• clusterctl: CAPMS: Add metal-stack infrastructure provider (#12925)
• ClusterResourceSet: Remove deprecated ClusterResourceSet feature gate (#12950)
• Dependency: Bump Go to v1.24.10 (#12962)
• Devtools: Drop ALL groups in tilt (#13001)
• e2e: Fix autoscaler test (#12978)
• e2e: Taint propagation: e2e coverage via md rollout test (#12966)
• e2e: Wait for cluster deletion in runtime sdk test (#12956)
• KCP: Fix race condition on KCP initialized condition (#12980)
• KCP: Improve KCP etcd client crt/key caching (#12977)
• Machine: Requeue for Machine Available condition (#12953)
• MachineDeployment: Add more info to logs for rollout changes (#12997)
• MachineDeployment: Rollout-planner improve checks for scalingOrInPlaceUpdateInProgress (#12954)
• MachineHealthCheck: Improve MHC reporting: add reason to condition, add reason+message to log (#12987)
• Misc: Cleanup TestReconcileMachinePhases (#12976)
• Misc: Improve mark hook utils (#12994)
• Misc: Improve wait for cache (#12993)
• Machine/MachineSet/MachineDeployment: Adjust UpToDate condition to consider Updating, move UpToDate condition to Machine ctrl for workers (#12959)
• Release: Release notes: clarify semantic of --previous-release-version (#12995)
• util: Feat: add check version against metadata utility (#12529)

Dependencies

Added

Nothing has changed.

Changed

• go.etcd.io/etcd/api/v3: v3.6.5 → v3.6.6
• go.etcd.io/etcd/client/pkg/v3: v3.6.5 → v3.6.6
• go.etcd.io/etcd/client/v3: v3.6.5 → v3.6.6
• golang.org/x/crypto: v0.43.0 → v0.44.0
• golang.org/x/mod: v0.28.0 → v0.29.0
• golang.org/x/net: v0.46.0 → v0.47.0
• golang.org/x/oauth2: v0.32.0 → v0.33.0
• golang.org/x/sync: v0.17.0 → v0.18.0
• golang.org/x/sys: v0.37.0 → v0.38.0
• golang.org/x/telemetry: aef8a43 → 078029d
• golang.org/x/term: v0.36.0 → v0.37.0
• golang.org/x/text: v0.30.0 → v0.31.0
• golang.org/x/tools: v0.37.0 → v0.38.0
• k8s.io/api: v0.34.1 → v0.34.2
• k8s.io/apiextensions-apiserver: v0.34.1 → v0.34.2
• k8s.io/apimachinery: v0.34.1 → v0.34.2
• k8s.io/apiserver: v0.34.1 → v0.34.2
• k8s.io/client-go: v0.34.1 → v0.34.2
• k8s.io/cluster-bootstrap: v0.34.1 → v0.34.2
• k8s.io/code-generator: v0.34.1 → v0.34.2
• k8s.io/component-base: v0.34.1 → v0.34.2
• k8s.io/kms: v0.34.1 → v0.34.2

Removed

Nothing has changed.

More details about the release

⚠️ BETA RELEASE NOTES ⚠️

Changes since v1.11.0

📈 Overview

• 248 new commits merged
• 5 breaking changes ⚠️
• 40 feature additions ✨
• 31 bugs fixed 🐛

⚠️ Breaking Changes

• CI: Improve KAL config docs for forbidding OpenAPI defaulting (#12869)
• clusterctl: Feat(clusterctl): block move when Cluster or ClusterClass is paused (#12786)
• Dependency: Bump to controller-runtime v0.22 & controller-tools v0.19 (#12634)
• Runtime SDK: Improve chained upgrade observability (#12973)
• Runtime SDK: Make the AfterClusterUpgrade hook blocking (#12984)

✨ New Features

• CABPK: Add EncryptionAlgorithm to Kubeadmconfig (#12859)
• CAPD: Add scale from/to 0 support for CAPD (#12572)
• CI: Bump autoscaler to a9cb59fdd (#12643)
• CI: Bump Kubernetes in tests to v1.34.0 and claim support for v1.34 (#12699)
• ClusterCache: Add GetUncachedClient() (#12803)
• ClusterClass: Add .spec.upgrade.external.generateUpgradePlanExtension field to ClusterClass (#12809)
• ClusterClass: Add types and hook for GenerateUpgradePlan (#12823)
• ClusterClass: Additional validation in Cluster/ClusterClass webhook for chained upgrades (#12816)
• ClusterClass: Call GenerateUpgradePlanRequest Runtime Extension (#12903)
• ClusterClass: Implement core logic for chained upgrades (#12726)
• clusterctl: Add conditions filter for clusterctl describe (#12991)
• Control-plane: Add new control-plane provider HCP (#12800)
• e2e: Bump Kubernetes version used for testing to v1.34.0-rc.1 (#12623)
• e2e: Bump Kubernetes version used for testing to v1.34.0-rc.2 (#12658)
• e2e: Change RuntimeSDK e2e test ClusterClass to use GenerateUpgradePlan extension (#12955)
• e2e: Implement e2e test for in-place updates (#12938)
• KCP: Bump coredns/corefile-migration to v1.0.28 (#12748)
• KCP: Bump coredns/corefile-migration to v1.0.29 (#12862)
• KCP: Bump corefile-migration to v1.0.27 (#12636)
• KCP: Compare ClusterConfiguration via KubeadmConfig instead of annotation on Machine (#12758)
• KCP: Extend rollout logic for in-place updates (#12840)
• KCP: Implement CanUpdateMachine (#12857)
• KCP: Implement trigger in-place update (#12897)
• Machine: Add in-place updates support for machine controller (#12831)
• MachineDeployment: Add in-place to rollout planner (#12865)
• MachineDeployment: MD: Implement CanUpdateMachineSet (#12965)
• MachineHealthCheck: Add support for checking Machine conditions in MachineHealthCheck (#12827)
• Misc: Add inplace updates featuregate (#12755)
• Misc: Improve logs, errors and conditions (#12992)
• Misc: Introduce & use wait for cache utils (#12957)
• API/Machine/MachineSet/MachineDeployment: Taint propagation: machine related API changes, conversion and feature gate (#12936)
• ClusterCache/KCP: ClusterCache: Deprecate GetClientCertificatePrivateKey and stop using it in KCP (#12846)
• KCP/CABPK/CI: Bump KAL to pick up latest requiredfields linter, add Min/MaxLength to BootstrapToken (#12563)
• KCP/MachineSet: KCP/MS: Refactor BootstrapConfig/InfraMachine managedFields for in-place (#12890)
• Runtime SDK/IPAM/MachinePool: Cleanup exp packages (#12651)
• Runtime SDK: Add in-place update hooks to API (#12343)
• Runtime SDK: Add lifecycle hooks for chained-upgrade (#12878)
• Runtime SDK: Call new lifecycle hooks for chained-upgrades (#12891)
• Runtime SDK: Ensure ExtensionConfig controller can be used outside of the core provider (#12754)
• Runtime SDK: Implement GenerateUpgradePlan handler (#12927)

🐛 Bug Fixes

• API: Only try to convert infraRefs if they are set (#12686)
• API: Register conversion funcs in schemes (#12687)
• CABPK: Always use latest apiVersion when getting owner of KubeadmConfig in CABPK (#12685)
• CAPD: Fix the format error of healthCheck in test templates (#12787)
• CAPD: Fix: CAPD on rootless podman (#12941)
• CAPD: Remove finalizers during deletion if ownerRef was never set (#12675)
• CAPD: Run CAPD conversion tests in CI (#12583)
• CAPIM: Fix(proxy): eliminate data race in DialContext (#12778)
• ClusterClass: Ensure holder field path in GeneratePatchRequest is set based on contract (#12684)
• ClusterClass: Fix field paths in ClusterClass compatibility validation errors (#12660)
• ClusterClass: Stop adding conversion-data annotation to Cluster object (#12719)
• ClusterClass: Stop writing zero values for spec.controlPlaneEndpoint to ControlPlane objects (#12958)
• clusterctl: Removing Ready/Available prefix from STATUS Column (#12729)
• clusterctl: Verify providers need upgrade before applying (#12753)
• e2e: Do not require kubetest configration if not needed (#12948)
• e2e: Fix autoscaler e2e test flake (#12613)
• e2e: Fix e2e test issues introduced by chained upgrades (#12766)
• e2e: Fix objects with Changed Resource Versions flake (#12848)
• e2e: Fix upgrade runtimesdk test (#12833)
• e2e: Propagate clusterctl variables for cluster upgrades (#12949)
• KCP: Fix ControlPlaneComponentHealthCheckSeconds validation in KubeadmConfigSpec.Validate (#12609)
• KCP: Fix conversion issue in KubeadmControlPlaneTemplate with rolloutStrategy.type (#12608)
• MachineDeployment: Fix race conditions ScaleDownOldMS (#12812)
• MachineDeployment: Fix race conditions ScaleDownOldMS OnDelete (#12830)
• ClusterClass/MachinePool: Fix MP error in desired state calculation during Cluster creation (#12607)
• Machine/MachinePool: Fix MachinePool nodeRef UID mismatch after K8s upgrade (#12392)
• Runtime SDK: Export ExtensionConfig webhook (#12598)
• Testing: Fix flaky TestFuzzyConversion (Cluster) test (#12618)
• Testing: Fix flaky TestReconcileMachinePhases unit test (#12616)
• Testing: Fix flaky TestReconcileState unit test (#12617)
• Testing: Fix KubeadmConfig fuzz test flake (#12679)

🌱 Others

• Autoscaling: Bump autoscaler in e2e tests to v1.33.1 (#1279...