Skip to content

Mirantis k0rdent Enterprise v1.3.0 Release Notes#

Released: March 23, 2026

Mirantis k0rdent Enterprise builds on the upstream, community-driven k0rdent OSS project to provide a commercially supported, enterprise-grade environment for managing Kubernetes clusters, services, and observability. While the open source k0rdent delivers core functionality under the Apache 2.0 license, Mirantis k0rdent Enterprise adds hardened components, tested integrations, and enterprise-only features—including a fully-featured UI, the ability to add a custom certificate authority, and bare metal provisioning.

Component & Provider Versions#

Provider Name Version
Cluster API v1.12.3
Cluster API Provider AWS v2.10.0
Cluster API Provider Azure v1.21.1
Cluster API Provider Docker v1.12.3
Cluster API Provider GCP v1.11.0
Cluster API Provider Infoblox v0.1.0
Cluster API Provider IPAM v1.1.0-rc.1
Cluster API Provider k0smotron v1.10.3
Cluster API Provider Kubevirt v0.11.0
Cluster API Provider OpenStack (ORC) v0.13.0-mirantis.0 (v2.1.0)
Cluster API Provider vSphere v1.15.1
Projectsveltos v1.1.1
k0s (control plane runtime) 1.35.1
cert-manager (charts) v1.19.3

Grafana not Included#

Effective immediately, Mirantis will no longer distribute Grafana as part of its products or services. This change is being made to proactively avoid potential licensing, redistribution, or compliance considerations related to third-party software.

Grafana dashboards and grafana-operator (for installation and lifecycle management of Grafana on the k0rdent Enterprise management cluster or on child clusters) will still be shipped as part of k0rdent Observability & FinOps (KOF), an optional component of k0rdent Enterprise. For more information, please contact Mirantis.

For instructions on how to install Grafana locally and integrate with Mirantis Grafana dashboards and grafana-operator, please see Grafana in KOF.

Highlights#

  • k0rdent Cluster Manager (KCM):

    • Authenticated registry installation support: Mirantis k0rdent Enterprise can now be installed using container registries that require authentication. This enables deployments in environments that rely on private registries for images, charts, and binaries, making it possible to operate in secure, enterprise-controlled infrastructure without requiring public registry access.

    • Pull-through registry installation support: Mirantis k0rdent Enterprise can now be deployed using pull-through (proxy cache) registries, allowing images to be fetched through an internal registry without requiring full airgap bundle uploads. This reduces operational overhead during upgrades while maintaining control over external dependencies, making it easier to operate k0rdent in semi–air-gapped or security-restricted environments.

    • Ingress-based access for hosted control planes: Mirantis k0rdent Enterprise now supports exposing hosted control plane components (API server and konnectivity) through an ingress controller instead of direct service endpoints. This approach reduces reliance on per-cluster load balancers, simplifies networking, and enables more efficient and scalable hosted cluster deployments, especially in constrained or regulated network environments.

    • Dynamic telemetry enrichment with CEL-based resource extraction: Mirantis k0rdent Enterprise telemetry can now query additional Kubernetes resources and evaluate CEL expressions to extract and append custom data to telemetry payloads. Execution is limited to online mode and scoped to Mirantis k0rdent Enterprise resources, maintaining predictable and controlled data collection.

    • Redfish VirtualMedia DHCP-less boot support: Mirantis k0rdent Enterprise supports provisioning bare metal hosts without DHCP by allowing operators to provide Cloud-init–compatible network configuration via pre-provisioning data attached to a BareMetalHost. The workflow relies on an IPA image with support for decoding and applying networkData (for example, via glean) and currently requires manual per-host configuration, with limited validation across hardware and protocols, but it enables deployments in environments where DHCP is unavailable or restricted, while still allowing precise control over IP assignment, routing, and DNS.

    • Multi-tenant bare metal cluster deployment support: Mirantis k0rdent Enterprise now supports deploying clusters in multi-tenant environments using Template Life Cycle Management and the Metal3 HostClaim model. This enables secure resource sharing, clear tenancy boundaries, and centralized governance while allowing teams to independently manage their own clusters.

    • Helm lifecycle actions for services: k0rdent now supports explicit Helm support for uninstalling services. This gives operators clearer control over how services are removed across clusters, improving predictability and reducing the risk of partially removed deployments or stuck resources in complex multi-cluster environments.

    • Improved event recording: KCM now uses an updated event recorder implementation that improves the reliability and consistency of events generated by controllers. Because events are a primary tool for troubleshooting and automation, this largely non-user-facing change makes it easier for operators to diagnose issues and integrate k0rdent with event-based monitoring and alerting systems.

    • Regional controller reliability improvements: Enhancements to the regional controller improve how KCM reconciles regional clusters and handles configuration changes, including automatic reload behavior when configuration updates occur. These changes reduce the risk of stale controller state and make multi-cluster environments more resilient and easier to operate.

    • Enhanced telemetry data collection: Telemetry capabilities have been expanded to enable collection of additional platform properties using CEL expressions, providing more flexible insight into cluster and platform state. This allows operators to gain richer operational visibility while maintaining control over what telemetry data is collected.

    • Centralized identity and authorization management: Mirantis k0rdent Enterprise now provides a unified mechanism for managing authentication and authorization across ClusterDeployments. This standardizes how access control is applied and enforced across clusters, reducing configuration drift and making it easier for operators to manage security consistently in multi-cluster environments.

    • Authenticated registry support for management components: Management components can now be configured to use authenticated container registries via the imagePullSecret parameter. This allows Mirantis k0rdent Enterprise to operate in environments that rely on private registries, improving security and enabling deployments in restricted or enterprise-controlled infrastructure.

    • Global proxy configuration support: Mirantis k0rdent Enterprise now supports configuring proxy settings that apply across all providers. This enables clusters and management components to communicate through network proxies, making it possible to deploy and operate Mirantis k0rdent Enterprise in constrained or regulated network environments where direct outbound access is not allowed.

    • Cluster API Provider for Kubernetes (CAPK) support: Mirantis k0rdent Enterprise now includes templates for the Cluster API Provider for Kubernetes (CAPK), allowing operators to manage Kubernetes clusters using CAPK within the k0rdent framework. This expands the range of supported infrastructure providers and gives operators more flexibility in how they provision and manage clusters.

  • k0rdent Observability Framework (KOF)

    • KOF integration for virtualization observability: Mirantis k0rdent Enterprise integrates with KOF (Observability & FinOps) to provide monitoring and logging for virtualized workloads. This enables operators to collect detailed performance metrics and logs from virtual machines and underlying infrastructure, improving troubleshooting, capacity planning, and overall visibility into system behavior.

    • Umbrella Helm chart for simplified deployment: KOF 1.8.0 introduces a new kof umbrella Helm chart that consolidates installation of the entire observability stack and orchestrates it using FluxCD. This significantly simplifies deployment compared to installing individual components separately and provides a consistent, GitOps-driven lifecycle for the full stack. Operators can now deploy KOF across management and regional clusters using a single chart and standardized configuration.

    • Multi-tenancy with identity-based access control: KOF expands its multi-tenancy capabilities by introducing an access-control layer for observability data queries and tenant-aware alert rules, along with support for validating tenant identity via a tenant claim. This enables multiple teams or organizations to safely share a centralized observability platform while maintaining strict isolation of logs, metrics, and alerts between tenants. Users can configure single sign-On, access control, and sign in options.

    • Cross-cluster log aggregation: KOF integrates Vlogxy to enable centralized log aggregation across clusters. This enables operators to query logs from multiple clusters through a unified interface instead of maintaining separate logging stacks per cluster, simplifying troubleshooting and operational analysis in multi-cluster environments. This capability fits into the broader Full-Stack Observability architecture.

    • Improved observability architecture and autoconfiguration: Architectural improvements and enhanced autoconfiguration streamline how observability components are deployed and connected across clusters. These changes help automate the configuration of metrics, logging, and alerting components so that new clusters can be integrated into the observability platform more easily.

    • Tracing backend migration to VictoriaTraces: KOF now uses VictoriaTraces as its tracing backend instead of Jaeger. This change aligns tracing with a more scalable and integrated storage model, improving performance and simplifying operational overhead for teams managing observability at scale.

    • Multi-tenancy support in KOF: KOF now supports multi-tenancy through the introduction of the kof-tenant-id label. This allows telemetry data to be logically segmented by tenant, enabling secure isolation, clearer ownership boundaries, and more flexible observability in shared or multi-team environments.

    • Adopted cluster support for KCM Regions: KCM Regions can now adopt existing clusters that were not originally created or managed by k0rdent. This enables operators to bring externally provisioned clusters under centralized management, reducing fragmentation and allowing consistent policy, configuration, and lifecycle control across all clusters.

    • OTel Collector misconfiguration detection in KOF UI: The KOF UI now detects and surfaces common OpenTelemetry Collector misconfigurations. By exposing these issues directly in the interface, operators can more quickly diagnose telemetry gaps and avoid observability blind spots caused by incorrect collector setups.

  • k0rdent Service Manager (KSM):

    • Reconciliation control for Sveltos-managed services: k0rdent now allows operators to pause reconciliation for services deployed via Sveltos. This provides a controlled way to perform maintenance, debugging, or manual intervention without the controller immediately reverting changes, reducing friction during troubleshooting and operational workflows.

    • Sequential service upgrade support: Services can now be upgraded in a defined, sequential order rather than all at once. This reduces rollout risk by allowing operators to control upgrade progression, making it easier to manage inter-service dependencies and limit the blast radius of failures during updates.

    • Explicit service dependency management: k0rdent now supports defining dependencies between services, making sure that prerequisite services are deployed and upgraded in the correct order. This improves deployment reliability and helps prevent runtime issues caused by missing or incompatible service dependencies in complex environments.

  • Platform & Dependency Updates:

    • Cluster API upgraded to v1.12.2
    • Cluster API vSphere provider upgraded to v1.15.1
    • Cluster API AWS provider upgraded to v2.10.0
    • Cluster API Docker provider upgraded to v1.11.3
    • Cluster API k0smotron provider upgraded to v1.10.1
    • Cluster API OpenStack provider forked version v0.13.0-mirantis.0

🚀 New Features 🚀#

  • feat(k0rdent-ui): Add expired/missing license banner #1418 (#1641)
  • feat(k0rdent-ui): create secrets ui scaffolding (#1245)

  • feature(k0rdent-ui): create mocks for secrets ui (#1214) (#1227)

  • feat: add helm actions and install, upgrade and uninstall options for… (#2324) by @kylewuolle

  • feat(telemetry): add extra props collection (#2402) by @zerospiel

  • feat(event)!: migrate to the new event recorder (#2423) by @zerospiel

  • feat: kof helm chart for simplified deployment (#725) by @gmlexx

  • feat: implement multi-tenancy access control layer for data querying (#736) by @AndrejsPon00

  • feat: add script file for waiting opentelemetry collectors (#795) by @Alex-Vovchuk

  • feat: support bundle analyzer for ci and simplified failures analysis (#763) by @Alex-Vovchuk

  • feat: auto check values consistency (#769) by @Alex-Vovchuk

  • feat: integrate vlogxy for cross-cluster log aggregation (#810) by @AndrejsPon00

  • feat: add multi-tenancy support for alert rules (#814) by @AndrejsPon00

  • feat(acl): support tenant validation via tenant claim (#822) by @AndrejsPon00

  • feat(controller): add global proxy settings (#2323) by @zerospiel
  • feat: add CAPK provider template (#2312) by @eromanova
  • feat: add e2e tests for pausing of service set reconciliation (#2237) by @kylewuolle
  • feat: add kubevirt standalone and hosted cluster templates (#2351) by @eromanova
  • feat: remove v1alpha1 api version (#2338) by @Kshatrix
  • feat: support to override deployment settings in default ProviderTemplates (#2279) by @eromanova
  • feat: Disable Grafana (#684) by @denis-ryzhkov
  • feat: replace Jaeger with VictoriaTraces (#679) by @AndrejsPon00
  • feat: automate VMUser credential provisioning per cluster (#699) by @AndrejsPon00
  • feat: add cluster name label automatically to ClusterDeployment resources (#703) by @AndrejsPon00
  • feat: add (Cluster)DataSource processing (#2151) by @zerospiel
  • feat: add DataSource and ClusterDataSource types (#2147) by @zerospiel
  • feat: add e2e tests for pausing of service set reconciliation (#2237) by @kylewuolle
  • feat: cluster authentication configuration (#2108) by @eromanova
  • feat: enhance KSM types representation (#2159) by @BROngineer
  • feat: enhance multiclusterservice status with matching clusters (#2169) by @BROngineer
  • feat: implement sequential upgrade (#2062) by @kylewuolle
  • feat: keep deployed resources (#2220) by @BROngineer
  • feat: add adopted cluster support for KCM Region (#630) by @AndrejsPon00
  • feat: add OTel Collector misconfiguration detection to KOF UI (#636) by @AndrejsPon00

🐛 Notable Fixes 🐛#

  • fix(k0rdent-ui): local-dev-startup-fail (#1637)
  • fix(k0rdent-ui): use proper location for definition of labels (#1547)
  • fix(k0rdent-ui): Dev fixtures fix (#1537)
  • fix(k0rdent-ui): fix inconsistent documentation links in admin (#1538)
  • fix(k0rdent-ui): make dev failing (#1495)
  • fix(k0rdent-ui): Refactor implementation of Sidebar initial state (#1241)
  • fix(k0rdent-ui): dynamically set bare metal feature flag (#1330)
  • fix(k0rdent-ui): disable create button in forms by default (#1319)
  • fix(k0rdent-ui): add dry run to hidden repository creation (#1123)
  • fix(k0rdent-ui): services type is incorrect (#1121)

  • fix(k0rdent-ui): menu items not visible (#1119)

  • fix: update status after checking regional cluster ref (#2389) by @eromanova

  • fix: bug in service dependson where services are undeployed (#2391) by @wahabmk

  • fix: do not validate template/management relationship if the manageme… (#2418) by @kylewuolle

  • fix: do not validate template / multi cluster service relationship if… (#2425) by @kylewuolle

  • fix: do not patch flux with CA volume if flux is unmanaged by KCM (#2436) by @eromanova

  • fix: revert to not using RetryOnConflict to reconcile Profile (#2433) by @wahabmk

  • fix: use caching REST mapper with dynamic client for discovery (#2439) by @BROngineer

  • fix: determine adopted cluster secret name without suffix parsing (#714) by @AndrejsPon00

  • fix: disable VMAuth ingress on Istio clusters (#727) by @AndrejsPon00

  • fix: duplication in kubelet metric led to wrong ContainerHightMemoryUsage calculation (#735) by @gmlexx

  • fix: trim duplicated v prefix for operator version (#762) by @gmlexx

  • fix: force KOF components upgrade after make dev-deploy (#766) by @AndrejsPon00

  • fix: merge values properly for kof-collectors (#767) by @gmlexx

  • fix: block Istio traffic for all services except VMAuth (#771) by @AndrejsPon00

  • fix: disable resource detection progapation (#777) by @gmlexx

  • fix: disable victoriametrics for kof-storage using kof chart (#793) by @gmlexx

  • fix: npm audit, skip dev deps (#802) by @gmlexx

  • fix: disable ACL by default to prevent errors when dex is not configured (#800) by @AndrejsPon00

  • fix: duplicate MultiClusterService rendering when Istio is disabled (#804) by @mcd01

  • fix: add missed logic for custom resources in support bundle (#807) by @Alex-Vovchuk

  • fix: Renamed tenantId label to tenant and added it to aggregations in rules to allow filtering (#812) by @denis-ryzhkov

  • fix(acl): prevent error from duplicate header write (#818) by @AndrejsPon00

  • fix: correct kof.mcs position in values-local.yaml (#817) by @AndrejsPon00

  • fix(acl): correct tenant label in Vlogxy query injection (#823) by @AndrejsPon00

  • fix(acl): support alerts endpoint and restrict status endpoints per tenant (#824) by @AndrejsPon00

  • fix: use kcm-system namespace for fluxcd helm charts (#828) by @gmlexx

  • fix(cleanup): delete cld objects after servicesets (#2350) by @zerospiel
  • fix(tests): skip provider config overwrite when empty (#2292) by @eromanova
  • fix: add configmap read permissions for user-facing roles (#2274) by @Kshatrix
  • fix: add namespace validation for services (#2282) by @kylewuolle
  • fix: added the upgradePaths string slice back for backward compatibility and marked it as deprecated. (#2251) by @kylewuolle
  • fix: define default network configuration in KubeVirt templates (#2365) by @eromanova
  • fix: mark CRDs with helm-keep annotation where possible (#2337) by @Kshatrix
  • fix: only set the service to failed if it's not in deployed state (#2322) by @kylewuolle
  • fix: profile spec equality check to consider defaults (#2270) by @wahabmk
  • fix: remove self-management cluster selector labels (#2315) by @wahabmk
  • fix: run ksm tests via test config (#2342) by @wahabmk
  • fix: validate only diff during object updates (#2265) by @eromanova
  • fix: add metrics-server to resolve metric errors in KOF UI in local environment (#655) by @AndrejsPon00
  • fix: update kind clusters creation with squid proxy (#694) by @gmlexx
  • fix: prevent SANs checking error (#695) by @gmlexx
  • fix: npm security audit (#697) by @gmlexx
  • fix: update default storage values to align with the default retention (#696) by @gmlexx
  • fix: upgrade opentelemetry operator and collector to 0.143.0 (#706) by @gmlexx
  • fix: increase default CPU limit for collectors, k0s collector affinity (#710) by @gmlexx
  • fix: CPUThrottlingHigh and KubeletPodStartUpLatencyHigh rules expressions (#711) by @gmlexx
  • fix: move PKI_PATH to defaultCR env (#713) by @gmlexx
  • fix: MCS valuesFrom has no namespace, helm v3 warns, helm v4 fails (#717) by @denis-ryzhkov
  • fix: prevent k0s-collector crashes caused by values merge issue (#719) by @AndrejsPon00
  • fix(cld): pass correct kubeconfig reference during cleanup (#2221) by @zerospiel
  • fix(cld): wait for CDS to be deleted (#2194) by @zerospiel
  • fix(cleanup): collect owners and delete (#2233) by @zerospiel
  • fix(cleanup): wait for PVs cleanup (#2241) by @zerospiel
  • fix(e2e): move testing config validation to Makefile (#2253) by @eromanova
  • fix(openstack): relax managedSecurityGroups schema and align hosted and standalone charts (#2185) by @bnallapeta
  • fix(regions): propagate kubconfig if cld ref (#2158) by @zerospiel
  • fix(telemetry): incorrect addressing (#2161) by @zerospiel
  • fix(templates): migrate ASO objects to v1beta1 (#2201) by @zerospiel
  • fix(templates): pass OS security groups (#2209) by @zerospiel
  • fix(templates): substitute exact images with registry (#2204) by @zerospiel
  • fix(webhook): validate templates on chains creation (#2215) by @zerospiel
  • fix: CD summary for service deployment state (#2225) by @wahabmk
  • fix: Improve run-time for mcs mothership e2e tests (#2222) by @wahabmk
  • fix: ServiceSet update bug if status isn't Deployed (#2142) by @wahabmk
  • fix: added the upgradePaths string slice back for backward compatibility and marked it as deprecated. (#2251) by @kylewuolle
  • fix: converting serviceSpec to provider config (#2236) by @BROngineer
  • fix: create serviceset if no services defined (#2157) by @BROngineer
  • fix: dataSource values propagation (#2219) by @eromanova
  • fix: do not update mgmt release immediately (#2203) by @zerospiel
  • fix: helm options merging fails (#2208) by @kylewuolle
  • fix: move auth config file out of /etc/k0s directory (#2214) by @eromanova
  • fix: multicluster service value updates not reflected in service deployment (#2258) by @kylewuolle
  • fix: poll cluster summaries (#2163) by @BROngineer
  • fix: remove apiserver availability check for cleanup (#2229) by @Kshatrix
  • fix: serviceset creation if no services defined in cld (#2174) by @BROngineer
  • fix: support empty ClusterDataSource status (#2192) by @eromanova
  • fix: trigger the deletion of ClusterDataSource (#2200) by @eromanova
  • fix: update KOF operator ClusterRole to prevent KOF UI errors (#620) by @AndrejsPon00
  • fix: mothership upgrade failure caused by ServiceTemplateChain spec changes (#625) by @AndrejsPon00
  • fix: prevent chart reinstallation by adding service dependencies to region/child MCS (#623) by @AndrejsPon00
  • fix: split queue utilization widgets (#629) by @gmlexx
  • fix: align operator service labels and ports with operator pod configuration (#622) by @AndrejsPon00
  • fix: false-positive misconfiguration alert for localhost (#631) by @gmlexx
  • fix: duplicated dashboard UID (#635) by @gmlexx
  • fix: Grafana operator reconciliation failure caused by missing credentials (#645) by @gmlexx
  • fix: incorrect vmalert image used for vmauth (#646) by @denis-ryzhkov
  • fix: improve cluster cloud detection logic (#651) by @AndrejsPon00
  • fix: unused ServiceTemplateChain blocking KOF installation (#654) by @AndrejsPon00
  • fix: remove Patch Kind Config step from upgrade CI pipelines (#656) by @AndrejsPon00
  • fix: Grafana operator reconciliation issue caused by missing credentials (#657) by @gmlexx
  • fix: make global values compatible with new collectors (#663) by @denis-ryzhkov
  • fix: missing version field in ServiceTemplateChain upgrades (#668) by @AndrejsPon00
  • fix: prevent chart reinstallation in MCS by adding wait to Helm options (#664) by @AndrejsPon00
  • ci: fix Docker pull rate-limit issues in CI (#650) by @AndrejsPon00
  • ci: add workaround for CI failures caused by Grafana Operator (#659) by @AndrejsPon00

🔄 Platform & Dependency Updates 🔄#

  • task(k0rdent-ui): improve onboarding scripts and readme (#1569)
  • task(k0rdent-ui): update k0rdent enterprise documentation URLs (#1566)
  • task(k0rdent-ui): run prettier format on k0rdent-ui (#1394)
  • task(k0rdent-ui): freeze ui components from packages (#1375)
  • task(k0rdent-ui): centralize env config and fix migration journal (#1364)
  • task(k0rdent-ui): Standardize and centralize environment configuration (#1340)
  • task(k0rdent-ui): move MSW initialization to instrumentation.ts (#1251)
  • task(k0rdent-ui): consolidate mocks fixtures and handlers (#1203)
  • chore(deps): bump sigs.k8s.io/cluster-api from 0.22.5 to 0.23.0 (#2364) by @zerospiel
  • chore(bump): capi-operator to v0.25.0 (#2384) by @Kshatrix
  • chore(bump): gcp-provider to v1.11.0 (#2387) by @Kshatrix
  • chore(bump): capi to v1.12.3 (#2422) by @Kshatrix
  • chore(bump): capd to v1.12.3 (#2438) by @zerospiel
  • chore(bump): cert-manager version to v1.19.3 (#2382) by @Kshatrix
  • chore(bump): cert-manager to v1.19.4 (#2457) by @Kshatrix
  • chore(deps): bump github.com/google/cel-go from 0.26.1 to 0.27.0 (#2373) by @dependabot[bot]
  • chore(deps): bump github.com/onsi/ginkgo/v2 from 2.28.0 to 2.28.1 (#2379) by @dependabot[bot]
  • chore(deps): bump github.com/onsi/gomega from 1.39.0 to 1.39.1 (#2372) by @dependabot[bot]
  • chore(deps): bump golang.org/x/crypto from 0.47.0 to 0.48.0 (#2393) by @dependabot[bot]
  • chore(deps): bump golang.org/x/net from 0.49.0 to 0.51.0 (#2397, #2455) by @dependabot[bot]
  • chore(deps): bump golang.org/x/text from 0.33.0 to 0.34.0 (#2392) by @dependabot[bot]
  • chore(deps): bump k8s.io/apiserver from 0.35.0 to 0.35.2 (#2399, #2464) by @dependabot[bot]
  • chore(deps): bump k8s.io/kubectl from 0.35.0 to 0.35.2 (#2398, #2463) by @dependabot[bot]
  • chore(deps): bump github.com/fluxcd/pkg/runtime through multiple patch releases by @dependabot[bot]
  • chore(deps): bump github.com/fluxcd/helm-controller/api (#2424, #2465) by @dependabot[bot]
  • chore(deps): bump kubevirt.io/api from 1.7.0 to 1.7.1 (#2430) by @dependabot[bot]
  • chore(deps): bump docker/login-action from 3.6.0 to 3.7.0 (#2368) by @dependabot[bot]
  • chore(deps): bump goreleaser/goreleaser-action from 6 to 7 (#2429) by @dependabot[bot]
  • chore(deps): bump actions/upload-artifact from 6 to 7 (#2462) by @dependabot[bot]
  • chore(deps): bump cluster-api-provider-aws from 2.9.2 to 2.10.0 (#2216 by @zerospiel
  • chore(bump): k0smotron to v1.10.1 (#2211) by @Kshatrix
  • chore(deps): bump github.com/fluxcd/helm-controller/api (#2206)
  • chore(deps): bump kubevirt.io/api from 1.6.3 to 1.7.0 (#2207)
  • chore(deps): bump sigs.k8s.io/cluster-api-operator from 0.24.0 to 0.24.1 (#2197)
  • chore(deps): bump k0smotron@v1.10.0 (#2198) by @zerospiel
  • chore(deps): bump actions/checkout from 5 to 6 (#2195)
  • chore(deps): bump github.com/fluxcd/pkg/runtime from 0.89.0 to 0.91.0 (#2191)
  • chore(deps): bump github.com/fluxcd/source-controller/api (#2189)
  • chore(deps): bump golang.org/x/crypto (#2193)
  • chore(deps): bump github.com/fluxcd/helm-controller/api (#2190)
  • chore(deps): bump github.com/fluxcd/pkg/apis/meta from 1.22.0 to 1.23.0 (#2186)
  • chore(deps): bump k8s.io/apiserver from 0.34.1 to 0.34.2 (#2178)
  • chore(deps): bump k8s.io/kubectl from 0.34.1 to 0.34.2 (#2176)
  • chore(deps): bump golang.org/x/crypto from 0.43.0 to 0.44.0 (#2175)
  • chore(deps): bump helm.sh/helm/v3 from 3.19.1 to 3.19.2 (#2177)
  • chore(deps): bump helm.sh/helm/v3 from 3.19.0 to 3.19.1 (#2171)
  • chore(deps): bump golang.org/x/text from 0.30.0 to 0.31.0 (#2172)
  • chore(deps): bump kubevirt.io/api from 1.6.2 to 1.6.3 (#2173)
  • chore(deps): bump golang.org/x/sync from 0.17.0 to 0.18.0 (#2165)
  • chore(deps): bump github.com/vmware-tanzu/velero from 1.17.0 to 1.17.1 (#2162)
  • chore(deps): bump github.com/containerd/containerd (#2153)
  • chore(bump): update openstack provider version to v0.13.0 (#2154) by @Kshatrix
  • chore(bump): update capi version to v1.11.3 (#2150) by @Kshatrix
  • chore(deps): bump sigs.k8s.io/cluster-api from 1.11.2 to 1.11.3 (#2148)
  • chore: bump version to upcoming 1.6.0-rc0 (#621) by @denis-ryzhkov
  • chore: fix metrics port binding for kind clusters (#626) by @gmlexx
  • chore: update Istio-related files following Istio chart merge (#627) by @AndrejsPon00
  • chore: upgrade Grafana Operator to v5.20.0 (#634) by @gmlexx
  • chore: upgrade OpenCost to v1.118.0 (#641) by @gmlexx
  • chore: automatically label kof namespace for Istio sidecar injection (#643) by @AndrejsPon00
  • chore: pin image tags in kof-collectors values (#647) by @denis-ryzhkov
  • chore: bump version to KOF 1.6.0-rc1 (#667) by @AndrejsPon00

✨ Notable Changes ✨#

  • fix(os-tpls): correct identity name in identityref (#1901) by @zerospiel
  • refactor: reuse already defined statemanagementprovider name (#1883) by @wahabmk
  • test: check promxy metrics by @gmlexx
  • test: wait until vmauth creates ingress in kind-adopted-regional cluster (#471) by @gmlexx
  • test: add unit tests for Victoria pages (KOF UI) (#482) by @AndrejsPon00

❗ Upgrade Notes ❗#

Licensing and telemetry#

Phase 1 of our licensing initiative, released in Mirantis k0rdent Enterprise 1.3.0, implements components of software licensing that check for a current license for the software and then perform related actions.

You are not authorized to use Mirantis k0rdent Enterprise without a license, but this initial phase does not impose any product limitations.

Users should note two immediate effects of this new system in practice:

  • In Mirantis k0rdent Enterprise 1.3.0+, a red banner appears in the UI warning the user that they are using an unlicensed version. See these instructions for steps to obtain a license.

  • Also, in a licensed system, if the telemetry system is set to "online" it will be correlated to the license. Note that this effectively de-anonymizes telemetry shared online with Mirantis.

k0rdent Observability an Finance (KOF)#

KOF v1.8.0 introduces a new umbrella chart that consolidates the installation of all KOF components using FluxCD for orchestration. This represents a significant structural change in how KOF is deployed. In addition, the tenantId label in metrics has been replaced with the tenant label for consistency with cluster, namespace, and others. If you use KOF multi-tenancy or tenant-scoped access controls, review your identity/claims and tenant labeling conventions before/after upgrading so query/alert isolation works as intended.

For more information, see the KoF upgrade documentation docs.

  • Before upgrading kof-mothership, ensure the following steps are completed:

    1. Upgrade the kof-operators chart using the --take-ownership flag:

      helm upgrade --take-ownership \
  --reset-values --wait -n kof kof-operators -f operators-values.yaml \
  oci://ghcr.io/k0rdent/kof/charts/kof-operators --version 1.8.0

    2. Make sure to upgrade kof-operators using the --take-ownership flag on each KOF Regional cluster:

      KUBECONFIG=regional-kubeconfig helm upgrade --take-ownership \
  --reset-values --wait -n kof kof-operators -f operators-values.yaml \
  oci://ghcr.io/k0rdent/kof/charts/kof-operators --version 1.8.0

    This step will not be required in future upgrades.

Known Issues#

No known issues.

Release Metadata#

Key Value
Helm Charts kcm: 1.3.0, kof: 1.8.0
OCI Registry registry.mirantis.com/k0rdent-enterprise/
SBOM Included
OCI Signature Support Included
Release Tags v1.3.0 across all components

Contributors#

Huge thanks to the following contributors for making this release possible: @gmlexx, @denis-ryzhkov, @aglarendil, @kylewuolle, @a13x5, @eromanova, @zerospiel, @BROngineer, @Kshatrix, @dis-xcom, @wahabmk, @AndrejsPon00

Resources#

Try It Out#

QuickStart guide: https://docs.mirantis.com/k0rdent-enterprise/1.3.0/quickstarts