Skip to content

k0rdent 1.8.0 Release Notes#

Release date: March 4, 2026

Components Versions#

Provider Name Version
Cluster API v1.12.3
Cluster API Provider AWS v2.10.0
Cluster API Provider Azure v1.22.0
Cluster API Provider Docker v1.12.3
Cluster API Provider GCP v1.11.0
Cluster API Provider Infoblox v0.1.0
Cluster API Provider IPAM v1.1.0-rc.1
Cluster API Provider k0smotron v1.10.1
Cluster API Provider Kubevirt v0.11.0
Cluster API Provider OpenStack (ORC) v0.13.0-mirantis.0 (v2.1.0)
Cluster API Provider vSphere v1.15.1
Projectsveltos v1.1.1
k0s (control plane runtime) v1.32.8
cert-manager (charts) v1.19.3

Highlights#

  • k0rdent Cluster Manager (KCM):

    • Helm lifecycle actions for services: k0rdent now supports explicit Helm support for uninstalling services. This gives operators clearer control over how services are removed across clusters, improving predictability and reducing the risk of partially removed deployments or stuck resources in complex multi-cluster environments.

    • Improved event recording: KCM now uses an updated event recorder implementation that improves the reliability and consistency of events generated by controllers. Because events are a primary tool for troubleshooting and automation, this largely non-user-facing change makes it easier for operators to diagnose issues and integrate k0rdent with event-based monitoring and alerting systems.

    • Regional controller reliability improvements: Enhancements to the regional controller improve how KCM reconciles regional clusters and handles configuration changes, including automatic reload behavior when configuration updates occur. These changes reduce the risk of stale controller state and make multi-cluster environments more resilient and easier to operate.

  • k0rdent Observability Framework (KOF)

    • Umbrella Helm chart for simplified deployment: KOF 1.8.0 introduces a new kof umbrella Helm chart that consolidates installation of the entire observability stack and orchestrates it using FluxCD. This significantly simplifies deployment compared to installing individual components separately and provides a consistent, GitOps-driven lifecycle for the full stack. Operators can now deploy KOF across management and regional clusters using a single chart and standardized configuration.

    • Multi-tenancy with identity-based access control: KOF expands its multi-tenancy capabilities by introducing an access-control layer for observability data queries and tenant-aware alert rules, along with support for validating tenant identity via a tenant claim. This enables multiple teams or organizations to safely share a centralized observability platform while maintaining strict isolation of logs, metrics, and alerts between tenants. Users can configure single sign-On, access control, and sign in options.

    • Cross-cluster log aggregation: KOF integrates Vlogxy to enable centralized log aggregation across clusters. This enables operators to query logs from multiple clusters through a unified interface instead of maintaining separate logging stacks per cluster, simplifying troubleshooting and operational analysis in multi-cluster environments. This capability fits into the broader Full-Stack Observability architecture.

    • Improved observability architecture and autoconfiguration: Architectural improvements and enhanced autoconfiguration streamline how observability components are deployed and connected across clusters. These changes help automate the configuration of metrics, logging, and alerting components so that new clusters can be integrated into the observability platform more easily.

Upgrade Notes#

Most users can upgrade k0rdent's main body directly from 1.7.0 → 1.8.0 without manual migration steps, but we recommend validating:

  • certificate issuance
  • service lifecycle operations
  • event monitoring

before upgrading production environments.

KOF v1.8.0 introduces a new umbrella chart that consolidates the installation of all KOF components using FluxCD for orchestration. This represents a significant structural change in how KOF is deployed. In addition, the tenantId label in metrics has been replaced with the tenant label for consistency with cluster, namespace, and others. If you use KOF multi-tenancy or tenant-scoped access controls, review your identity/claims and tenant labeling conventions before/after upgrading so query/alert isolation works as intended.

For more information, see the KoF upgrade documentation docs.

Changelog#

New Features#

  • feat: add helm actions and install, upgrade and uninstall options for… (#2324) by @kylewuolle

  • feat(telemetry): add extra props collection (#2402) by @zerospiel

  • feat(event)!: migrate to the new event recorder (#2423) by @zerospiel

  • feat: kof helm chart for simplified deployment (#725) by @gmlexx

  • feat: implement multi-tenancy access control layer for data querying (#736) by @AndrejsPon00

  • feat: add script file for waiting opentelemetry collectors (#795) by @Alex-Vovchuk

  • feat: support bundle analyzer for ci and simplified failures analysis (#763) by @Alex-Vovchuk

  • feat: auto check values consistency (#769) by @Alex-Vovchuk

  • feat: integrate vlogxy for cross-cluster log aggregation (#810) by @AndrejsPon00

  • feat: add multi-tenancy support for alert rules (#814) by @AndrejsPon00

  • feat(acl): support tenant validation via tenant claim (#822) by @AndrejsPon00

Notable Fixes#

  • fix: update status after checking regional cluster ref (#2389) by @eromanova

  • fix: bug in service dependson where services are undeployed (#2391) by @wahabmk

  • fix: do not validate template/management relationship if the manageme… (#2418) by @kylewuolle

  • fix: do not validate template / multi cluster service relationship if… (#2425) by @kylewuolle

  • fix: do not patch flux with CA volume if flux is unmanaged by KCM (#2436) by @eromanova

  • fix: revert to not using RetryOnConflict to reconcile Profile (#2433) by @wahabmk

  • fix: use caching REST mapper with dynamic client for discovery (#2439) by @BROngineer

  • fix: determine adopted cluster secret name without suffix parsing (#714) by @AndrejsPon00

  • fix: disable VMAuth ingress on Istio clusters (#727) by @AndrejsPon00

  • fix: duplication in kubelet metric led to wrong ContainerHightMemoryUsage calculation (#735) by @gmlexx

  • fix: trim duplicated v prefix for operator version (#762) by @gmlexx

  • fix: force KOF components upgrade after make dev-deploy (#766) by @AndrejsPon00

  • fix: merge values properly for kof-collectors (#767) by @gmlexx

  • fix: block Istio traffic for all services except VMAuth (#771) by @AndrejsPon00

  • fix: disable resource detection progapation (#777) by @gmlexx

  • fix: disable victoriametrics for kof-storage using kof chart (#793) by @gmlexx

  • fix: npm audit, skip dev deps (#802) by @gmlexx

  • fix: disable ACL by default to prevent errors when dex is not configured (#800) by @AndrejsPon00

  • fix: duplicate MultiClusterService rendering when Istio is disabled (#804) by @mcd01

  • fix: add missed logic for custom resources in support bundle (#807) by @Alex-Vovchuk

  • fix: Renamed tenantId label to tenant and added it to aggregations in rules to allow filtering (#812) by @denis-ryzhkov

  • fix(acl): prevent error from duplicate header write (#818) by @AndrejsPon00

  • fix: correct kof.mcs position in values-local.yaml (#817) by @AndrejsPon00

  • fix(acl): correct tenant label in Vlogxy query injection (#823) by @AndrejsPon00

  • fix(acl): support alerts endpoint and restrict status endpoints per tenant (#824) by @AndrejsPon00

  • fix: use kcm-system namespace for fluxcd helm charts (#828) by @gmlexx

Platform & Dependency Updates#

  • chore(deps): bump sigs.k8s.io/cluster-api from 0.22.5 to 0.23.0 (#2364) by @zerospiel
  • chore(bump): capi-operator to v0.25.0 (#2384) by @Kshatrix
  • chore(bump): gcp-provider to v1.11.0 (#2387) by @Kshatrix
  • chore(bump): capi to v1.12.3 (#2422) by @Kshatrix
  • chore(bump): capd to v1.12.3 (#2438) by @zerospiel
  • chore(bump): cert-manager version to v1.19.3 (#2382) by @Kshatrix
  • chore(bump): cert-manager to v1.19.4 (#2457) by @Kshatrix
  • chore(deps): bump github.com/google/cel-go from 0.26.1 to 0.27.0 (#2373) by @dependabot[bot]
  • chore(deps): bump github.com/onsi/ginkgo/v2 from 2.28.0 to 2.28.1 (#2379) by @dependabot[bot]
  • chore(deps): bump github.com/onsi/gomega from 1.39.0 to 1.39.1 (#2372) by @dependabot[bot]
  • chore(deps): bump golang.org/x/crypto from 0.47.0 to 0.48.0 (#2393) by @dependabot[bot]
  • chore(deps): bump golang.org/x/net from 0.49.0 to 0.51.0 (#2397, #2455) by @dependabot[bot]
  • chore(deps): bump golang.org/x/text from 0.33.0 to 0.34.0 (#2392) by @dependabot[bot]
  • chore(deps): bump k8s.io/apiserver from 0.35.0 to 0.35.2 (#2399, #2464) by @dependabot[bot]
  • chore(deps): bump k8s.io/kubectl from 0.35.0 to 0.35.2 (#2398, #2463) by @dependabot[bot]
  • chore(deps): bump github.com/fluxcd/pkg/runtime through multiple patch releases by @dependabot[bot]
  • chore(deps): bump github.com/fluxcd/helm-controller/api (#2424, #2465) by @dependabot[bot]
  • chore(deps): bump kubevirt.io/api from 1.7.0 to 1.7.1 (#2430) by @dependabot[bot]
  • chore(deps): bump docker/login-action from 3.6.0 to 3.7.0 (#2368) by @dependabot[bot]
  • chore(deps): bump goreleaser/goreleaser-action from 6 to 7 (#2429) by @dependabot[bot]
  • chore(deps): bump actions/upload-artifact from 6 to 7 (#2462) by @dependabot[bot]

References#