SMCP 5.12 Release Notes

Platform9 SMCP 5.12

2025-04-23

Features/Enhancements

Added Added support for workload clusters with Kubernetes version 1.31

Added fix for critical CVE(s) in nginx-ingress-controller https://github.com/kubernetes/kubernetes/issues/131009

Added Added support for MetalLB v0.14.9 (with addon operator 8.0.9)

Added Added support for RHEL 8.10 (introduced in SMCP 5.11.1 patch)

Added Added ability to modify the verbosity level for kube-api server (ported from SMCP 5.11.1 patch)

Added Updated libraries/ module dependencies to fix CVEs

Deprecations, Feature Removal and EOL information

• Following Operating Systems are no longer supported with SMCP 5.12 and above.

  • RHEL 8.6

  • RHEL 8.7

  • Centos 7.9

• The pods related to the legacy cluster API (pf9-capi) implementation have been removed

Bug Fixes

Fixed Fixed the issue causing MetalLB addon in BGP mode to report unhealthy state due to the bug Community validation webhook denies all updates in upstream MetalLB v0.14.2. Upgraded MetalLB addon to v0.14.9 to solve the issue.

Fixed Fixed an issue causing host onboarding to fail for new hosts on DU having dynamic kubelet configuration DKC.

Fixed Fixed the issues that caused add-on operator to remove the custom cert manager objects on disabling Luigi and custom prometheus objects on disabling the pf9-monitoring add-on.

Fixed Fixed an issue due to which existing default apiserver flags could not be modified (e.g. service-account-issuer).

Fixed Fixed a bug that exposed Kube-scheduler and kube-controller open to all interfaces (ported from SMCP 5.11.1 patch)

Known Issues

Known Issue On Ubuntu 22, SMCP 5.10 to SMCP 5.11 upgrade The procedure (and upgrade to 5.12 similarly) requires the following commands to be run to update host-side components:

• airctl configure-hosts --reset-pf9-managed-docker-conf --skip-docker-install --skip-docker-img-import --verbose

• airctl upgrade-hosts --verbose

• ** Impact_:_ __For Ubuntu 22, the above procedure breaks the host connection from the management cluster, terminates the pf9-comms, leading to management cluster upgrade failure.

• ** Workaround_:_ For Ubuntu 22, reversing the order of the two commands works; run the upgrade-host, then the configure-hosts

Known Issue During the DU upgrade process (airctl upgrade --config airctl-config.yaml --verbose), the sunpike-kube-apiserver pod enters a CrashLoopBackOff state following the successful execution of the airctl upgrade step. While the pod eventually reconciles itself, it may take an extended duration (30+ minutes or more).

• ** Impact: This delay can disrupt cluster operations, leading to prolonged upgrade timelines and potential downtime for services dependent on the sunpike-kube-apiserver.

• ** Workaround: Manually restarting the sunpike-kube-apiserver pod resolves the issue and significantly reduces reconciliation time.

Known Issue On Ubuntu 22: When rebooting a management cluster node running Ubuntu 22, the node does not automatically recover. This can lead to an unavailable management plane and disruption of cluster operations.

• ** Impact: Post-reboot, the management cluster node remains non-functional until manual intervention is performed.

• ** Workaround: To recover the node, run the following commands on the affected node: sudo systemctl stop pf9-nodeletd, sudo /opt/pf9/nodelet/nodeletd phases restart

Known Issue : On Ubuntu 22, when systemd-resolved is disabled, the symbolic link /etc/resolv.conf pointing to /run/systemd/resolve/stub-resolv.conf does not recover after a node reboot on the management cluster.

• ** Impact: In an environment with no DNS server available, DNS information in the /etc/resolv.conf doesn't recover, resulting in DNS resolution failure; hence, the cluster won't recover.

• ** Workaround: To ensure DNS functionality persists after a reboot, follow these steps before a node is rebooted.

• Remove the symbolic link /etc/resolv.conf (sudo rm /etc/resolv.conf ) . Manually create a new /etc/resolv.conf ( sudo nano /etc/resolv.conf ) with the required DNS entries. This step is critical if no DNS server is running in the cluster.

• Add the following DNS entries (replace with your preferred DNS servers if needed):

  • nameserver <node_ip>

Known Issue On Rocky Linux 9 (rocky-92), platform9's pf9-kube package installs iptables-services as a dependency. With recent updates to the upstream repositories, installation will fail due to a missing dependency on iptables-legacy-* packages.

• ** Workaround: (On Rocky Linux 9) Users will need to install the legacy packages by running dnf install iptables or dnf install iptables-utils on workload cluster nodes. Since this is a recent upstream change, a solution will be provided in upcoming releases by packaging the required packages along with pf9-kube package.

SMCP 5.12 Kubernetes Components List

Platform9 CLI

The pf9ctl release 1.31 is available for customers who use pf9ctl instead of equivalent airctl commands to onboard nodes.

It can be installed by running the following command.