Skip to content

Mirantis k0rdent Enterprise v1.4.0 Release Notes#

Released: June 29, 2026

Mirantis k0rdent Enterprise builds on the upstream, community-driven k0rdent OSS project to provide a commercially supported, enterprise-grade environment for managing Kubernetes clusters, services, and observability. While the open source k0rdent delivers core functionality under the Apache 2.0 license, Mirantis k0rdent Enterprise adds hardened components, tested integrations, and enterprise-only featuresβ€”including a fully-featured UI, the ability to add a custom certificate authority, and bare metal provisioning.

Component & Provider Versions#

Provider Name Version
Cluster API v1.13.2
Cluster API Provider AWS v2.11.1
Cluster API Provider Azure v1.24.1
Cluster API Provider Docker v1.13.2
Cluster API Provider GCP v1.11.2
Cluster API Provider Infoblox v0.1.0
Cluster API Provider IPAM v1.1.0-rc.1
Cluster API Provider k0smotron v1.10.6
Cluster API Provider Kubevirt v0.11.2
Cluster API Provider OpenStack (ORC) v0.14.4 (v2.1.0)
Cluster API Provider vSphere v1.16.1
Projectsveltos v1.9.0
k0s (control plane runtime) v1.35.4
cert-manager (charts) v1.20.2
k0rdent-ui v1.2.1

Highlights#

Starting with 1.4.0 k0rdent-enterprise controllers are FIPS 140-3 compliant. FIPS mode is activated automatically with a appropriate Linux kernel and all controller communication are using FIPS 140-3 approved cipher suites.

Keep in mind that only the following k0rdent controllers are FIPS 140-3 compliant. All external CAPI ecosystem controllers are out of scope.

FIPS 140-3 compliant internal k0rdent controllers:

Controller name Version (tag)
kcm-controller 1.4.0
kcm-telemetry 1.4.0
k0smotron v1.10.6-fips
kof-operator-controller 1.4.0
kof-acl-server 1.4.0
kof-audit-logs-exporter 1.4.0
kof-cold-storage-exporter 1.4.0
istio-operator-controller 1.4.0
datasource-controller 1.4.0
license-controller 1.4.0

  • k0rdent Cluster Manager (KCM):

    • Stronger security baselines for new clusters: Mirantis k0rdent Enterprise 1.4.0 adds audit policy support and template-level etcd encryption configuration, helping platform teams apply security and compliance controls earlier in the cluster lifecycle instead of relying on post-deployment hardening.

    • Safer multi-cluster service changes: Improvements to ServiceSet and MultiClusterService make service rollout status easier to understand and reduce disruption when selectors change. Operators can now keep already-deployed services in place while adjusting targeting logic, lowering the risk of accidental service removal during routine changes.

    • More reliable cluster template behavior: Fixes to default template handling, MachineDeployment versioning, OpenStack floating IP pool references, and values merging make cluster deployments more consistent across environments, reducing configuration drift and preventing avoidable deployment failures.

    • Better scheduling and availability controls: Chart updates add support for priorityClassName and topology spread constraints, giving operators more control over how Mirantis k0rdent Enterprise components are scheduled in production Kubernetes environments.

    • Smoother upgrades and more predictable convergence: Upgrade-related fixes, semver-based version comparison, dependency handling, and controller reconcile optimizations improve the reliability of day-2 operations, reducing controller noise and clarifying behavior during upgrades and reconciliation.

    • Helm values overrides: Mirantis k0rdent Enterprise now documents all Helm values that are automatically configured when deploying a cluster or provider, making it easier for template authors to understand what is injected and how to consume those values in custom templates. See Helm Values Overrides.

    • Ingress support for hosted control planes on OpenStack: Mirantis k0rdent Enterprise supports exposing hosted control plane components through an ingress controller on OpenStack, reducing reliance on per-cluster load balancers and enabling more scalable hosted cluster deployments. See Ingress Support for Hosted Control Planes.

  • k0rdent Observability & FinOps (KOF):

    • KOF Enterprise v1.4.0: This release introduces a new regionless setup option, simplified management-to-management and management-to-regional data storage paths, audit log support, S3-compatible cold storage export, aggregation and multi-tenancy for traces, and replaces Vlogxy with VLCluster multi-level selection. See the Upgrade Notes section for important migration steps.

  • Platform & Dependency Updates:

    • Cluster API upgraded to v1.13.2
    • Cluster API vSphere provider upgraded to v1.16.1
    • Cluster API AWS provider upgraded to v2.11.1
    • Cluster API Azure provider upgraded to v1.24.1
    • Cluster API GCP provider upgraded to v1.11.2
    • Cluster API KubeVirt provider upgraded to v0.11.2
    • Cluster API OpenStack provider upgraded to v0.14.4
    • Projectsveltos upgraded to v1.9.0
    • k0s upgraded to v1.35.4
    • cert-manager upgraded to v1.20.2

πŸš€ New Features πŸš€#

  • feat: audit policy support (#2723) by @eromanova
  • feat: add <deployed>/<total> services printcolumn to ServiceSet (#2760) by @wahabmk
  • feat: allow keeping deployed services when changing MultiClusterService selector (#2715) by @BROngineer
  • feat(template): allow disabling ingress deployment (#2719) by @uwej711
  • feat(templates): add etcd encryption config (#2704) by @zerospiel
  • feat: support topology spread constraints in kcm chart (#2691) by @Danil-Grigorev

πŸ› Notable Fixes πŸ›#

  • fix: proper ASO version for CAPZ (#2787) by @a13x5
  • fix: sequential upgrades pick dead-end branches (#2693) by @kylewuolle
  • fix: make ServicesInReady condition true when 0 services (#2764) by @wahabmk
  • fix: update helmController image to v1.5.5 (#2775) by @eromanova
  • fix(charts): pin vsphere-cpi Helm chart to 1.35.1 (#2758) by @oshep
  • fix: change Deployed comment to indicate if all services were deployed (#2754) by @wahabmk
  • fix: support priorityClassName in kcm chart (#2746) by @vikramhh
  • fix(templates): add missing MachineDeployment version (#2742) by @kristiangronas
  • fix(templates): add OpenStack floatingippoolref (#2741) by @bnallapeta
  • fix: respect dependsOn on upgrades (#2714) by @BROngineer
  • fix(templates): update CAPI resources (#2732) by @zerospiel
  • fix(templates): proper merge of user and default values (#2722) by @zerospiel
  • fix: number of total and deployed services (#2717) by @BROngineer
  • fix: mcs status not persisting for delete (#2690) by @wahabmk
  • fix: change version comparison to use semver (#2662) by @kylewuolle

πŸ”„ Platform & Dependency Updates πŸ”„#

  • chore: update default k0s version to v1.35.4 (#2782) by @eromanova
  • chore(bump): azure provider to v1.24.1 (#2771) by @Kshatrix
  • chore(bump): vsphere provider to v1.16.1 (#2730) by @Kshatrix
  • chore(bump): gcp provider to v1.11.2 (#2729) by @Kshatrix
  • chore(bump): CAPI to v1.13.2 and CAPI Operator to v0.27.0 (#2743) by @Kshatrix
  • chore: bump Sveltos to v1.9.0 (#2718) by @wahabmk
  • chore(templates): bump chart versions and align values overrides (#2700) by @oshep
  • chore: migrate to upstream OpenStack provider (#2781) by @eromanova

❗ Upgrade Notes ❗#

k0rdent Observability & FinOps (KOF)#

KOF Enterprise v1.4.0 requires KOF Enterprise v1.3.x as a starting point. Direct upgrades from older versions are not supported.

IMPORTANT: Back up your Victoria Metrics and Victoria Logs data before upgrading. See the Data Backup section for instructions.

KOF v1.4.0 introduces significant changes to data storage topology. Notable changes include:

  • Regionless setup: A new option that eliminates regional clusters, with child clusters sending metrics, logs, and traces directly to the management cluster.
  • Simplified M2M and M2R: Management-to-management and management-to-regional storage paths are simplified. Note that kof-storage and kof-collectors are removed from the kof umbrella chart in favor of the dynamic M2M option.
  • Vlogxy replaced: Vlogxy is replaced with VLCluster multi-level selection.
  • New capabilities: Audit logs, S3-compatible cold storage export, file storage for export data persistence, and aggregation and multi-tenancy for traces.

For full upgrade instructions including workaround steps, Istio upgrade procedures, and post-upgrade verification, see Upgrading KOF.

Known Issues#

  • #360 - When using hosted control plane deployment the apiserver-network-proxy-agent image is always pulled from the upstream
  • #372 - kof istio mode is not functioning correctly

Release Metadata#

Key Value
Helm Charts kcm: 1.4.0, kof: 1.4.0
OCI Registry registry.mirantis.com/k0rdent-enterprise/
SBOM Included
OCI Signature Support Included
Release Tags v1.4.0 across all components

Contributors#

Huge thanks to the following contributors for making this release possible: @AKamyshnikova, @bnallapeta, @BROngineer, @Danil-Grigorev, @eromanova, @isvetlov, @jhak, @kristiangronas, @Kshatrix, @kylewuolle, @mmorgen, @nichase, @oshep, @prazumovsky, @augustmckendrick, @uwej711, @vikramhh, @wahabmk, @zerospiel, @a13x5, @AndrejsPon00, @denis-ryzhkov, @gmlexx

Resources#

Try It Out#

QuickStart guide: https://docs.mirantis.com/k0rdent-enterprise/1.4.0/quickstarts