Release notes


What’s new

  • Tigera Secure EE support

CDK extends its support for CNI solutions by adding the option of using Tigera Secure EE, the enterprise-ready alternative to Calico. Users are now able to deploy CDK with Tigera Secure EE installed and subsequently configure additional features such as ElasticSearch and the CNX secure connectivity manager. For further details, please see the CDK CNI documentation

  • Additional options for High Availability

Version 1.13 of CDK introduced support for keepalived to provide HA for the api-loadbalancer. This new release adds support for both HAcluster and MetalLB. See the relevant HAcluster and MetalLB pages in the documentation, as well as the HA overview for more information.

  • Added CoreDNS support

All new deployments of CDK 1.14 will install CoreDNS 1.4.0 by default instead of KubeDNS.

Existing deployments that are upgraded to CDK 1.14 will continue to use KubeDNS until the operator chooses to upgrade to CoreDNS. See the upgrade notes for details.

  • Docker upgrades: Docker 18.09.2 is the new default in Ubuntu. CDK now includes a charm action to simplify upgrading Docker across a set of worker nodes.

  • Registry enhancements: Read-only mode, frontend support, and additional TLS configuration options have been added to the Docker registry charm.

  • Cloud integrations: New configuration options have been added to the vSphere (folder and respool_path) and OpenStack (ignore-volume-az, bs-version, trust-device-path) integrator charms.


  • Added an action to upgrade Docker (Issue)
  • Added better multi-client support to EasyRSA (Issue)
  • Added block storage options for OpenStack (Issue)
  • Added dashboard-auth config option to master (Issue)
  • Added docker registry handling to master (Issue)
  • Added more TLS options to Docker registry (Issue)
  • Added new folder/respool_path config for vSphere (Issue)
  • Added proxy support to Docker registry (Issue)
  • Added read-only mode for Docker registry (Issue)
  • Fixed allow-privileged not enabled when Ceph relation joins (Issue)
  • Fixed apt install source for VaultLocker (Issue)
  • Fixed Ceph relation join not creating necessary pools (Issue)
  • Fixed Ceph volume provisioning fails with “No such file or directory” (Issue)
  • Fixed detecting of changed AppKV values (Issue)
  • Fixed docker-ce-version config not working for non-NVIDIA configuration (Issue)
  • Fixed Docker registry behavior with multiple frontends (Issue)
  • Fixed Docker registry not cleaning up old relation data (Issue)
  • Fixed Docker registry to correctly handle frontend removal (Issue)
  • Fixed Docker registry to work behind a TLS-terminating frontend (Issue)
  • Fixed error: snap “etcd” is not compatible with –classic (Issue)
  • Fixed file descriptor limit on api server (Issue)
  • Fixed GCP NetworkUnavailable hack when only some pods pending (Issue)
  • Fixed handle_requests being called when no clients are related (Issue)
  • Fixed handling of nameless and SANless server certificates (Issue)
  • Fixed inconsistent cert flags (Issue)
  • Fixed ingress=false not allowing custom ingress to be used (Issue)
  • Fixed installing from outdated docker APT respository (Issue)
  • Fixed IPv6 disabled on kubeapi-loadbalancer machines leads to error during installation (Issue)
  • Fixed Keystone not working with multiple masters (Issue)
  • Fixed kubeconfig should contain the VIP when keepalived used with kubeapi-load-balancer (Issue)
  • Fixed metrics server for k8s 1.11 (Issue)
  • Fixed proxy var to apply when adding an apt-key (Issue)
  • Fixed RBAC enabled results in error: unable to upgrade connection (Issue)
  • Fixed registry action creating configmap in the wrong namespace (Issue)
  • Fixed rules for metrics-server (Issue)
  • Fixed status when writing kubeconfig file (Issue)
  • Fixed “subnet not found” to be non-fatal (Issue)
  • Fixed vSphere integrator charm not updating cloud-config when setting new charm defaults (Issue)
  • Removed deprecated allow-privileged config from worker (Issue)
  • Removed use of global / shared client certificate (Issue)
  • Updated default nginx-ingress controller to 0.22.0 for amd64 and arm64 (Issue)

Previous releases

Please see this page for release notes of earlier versions.