Kublr team is happy to announce the new release 1.27, which we have been carefully crafting in previous months. At Kublr, we support six different versions of Kubernetes and a bunch of different clouds, so our team is focused on thoroughly testing each changed component and maintaining backward compatibility. We know how hard it is to update the Kubernetes versions for enterprise-level systems, and we want to provide them with new features of the latest versions now, allowing them to roll the updates at their own pace.

The new Kublr 1.27 now has a preview support of Kubernetes 1.28, a new update user experience that notifies you about new updates and lets you do it immediately. Below, you can find the complete list of improvements and fixes, and if you need guidance for migration, you can find it in our documentation portal here.


The Kublr 1.27.1 release introduces several new features and improvements, including:

  • Support for Kubernetes 1.27 and preview 1.28
  • Improved upgrade controller
  • Updates for z and PostgreSQL in Kublr Control Plane
  • Keycloak v1.21.3 IDP
  • AWS out of tree CPI/CSI in k8s 1.27 and above

All Kublr components are checked for vulnerabilities using Aquasecurity trivy scaner. In addition to these major features, the release also includes various other improvements and fixes.

Supported Kubernetes Versions

Version Kublr Agent Notes
1.28 1.28.2-1-RC Preview: v1.28.2
1.27 1.27.3-1 Default version: v1.27.3
1.26 1.26.4-4
1.25 1.25.9-14
1.24 1.24.13-4 Deprecated in 1.28.0
1.23 1.23.17-6 End of support in 1.28.0

Important Changes

  • New versions of Kubernetes:

  • Deprecations:

    • Kubernetes v1.22 (v1.22.17/agent 1.22.17-11) has reached End of Support.
    • Kubernetes v1.23 (v1.23.17 by default) deprecated and will be removed in Kublr v1.28.0
    • Ubuntu 18.04 / SUSE SLES 12 is End of Support and removed from Kublr UI
  • Kubernetes node-role enhancement:

    Kublr now applies a “node-role” label to its control plane Nodes. The label key has been renamed from node-role.kubernetes.io/master to node-role.kubernetes.io/control-plane. Kublr also uses the same “node-role” key for a taint applied to control plane Nodes, which has also been renamed to “node-role.kubernetes.io/control-plane”. For more information, refer to the Kubernetes Enhancement Proposal.

    • Introduced the “node-role.kubernetes.io/control-plane” label alongside the “node-role.kubernetes.io/master” label for the “Control Plane” nodes
    • Introduced the “node-role.kubernetes.io/control-plane:NoSchedule” toleration in Kublr Application Deployments
  • Kublr upgrade controller implemented. Begins from 1.28.0 you can use upgrade on UI and support subscriptions on beta/unstable releases.

  • Kublr seeder/agent provides configured metrics port, Grafana dashboard for Kublr agent metrics added

  • Generator and Kublr agent out of tree CPI/CSI drivers support logic improved

  • OCI helm repo support added into Kublr operator and feature controller


  • Kublr Agents:

    • Upgraded patch versions of supported Kubernetes versions.
    • Improved out-of-tree CPI/CSI drivers support logic
    • Updated Cloud CSI/CPI drivers
    • Seeder/Agent prof support and metrics expose
  • Kublr Control Plane:

    • MongoDB migrates to v6.0.5

    • Keyaclok migrates to v1.21.3

    • PostgreSQL migrates to v11.20.0

    • Redirection from HTTP to HTTPS forced for all Kublr ingress rules

    • UI improvements:

      • Fixed nodes in Unknown state on cluster upgrade in progress
      • Big event messages collapsed with “show more options.”
  • Azure:

    • Cluster autoscaller upgraded and fixed for k8s v1.25 and above
    • Global scope tag for each kind in the Deployments added
  • AWS:

    • in-tree cloud provider interface is deprecated
  • vSphere:

    • CPI/CSI drivers updated
  • Centralized Log Collection:

    • ELK 7.10.2 ARM support
    • Persistence requires at least 2 availability zones
    • Logs-mover cannot start when logging-controller disabled fixed
    • FluentD and FluentBit daemon sets can be customized
    • FluentBit updated to v2.1.2
  • Centralized Monitoring:

    • Added extraEnv / extraVolume / extraCM / extraSecrets into HELM charts
    • Grafana 10.0 suppport. Official HELM chart included
    • KubeStateMetrics upgraded
    • Prometheus migrated to v2.45.0 LTS
  • Stability, Reliability, and Security:

    • Kublr generates a new cert for K8S API Server on every start fixed
    • Nginx Ingress v4.8.0 and CertManager v1.11.5
    • Kublr Operator can be running in hostNetwork for helm-based CSI/CPI/CNI drivers support
    • Cluster autoscaller version updated
    • SearchGuard plugins updated


  • semverCompare compares versions incorrectly when conditions are specified without release
  • Kublr API ingress rule is missing default annotation ingress.kubernetes.io/proxy-buffer-size