Release notes

These release notes highlight user-visible changes and bug fixes for Cloudfleet’s Kubernetes Engine (CFKE). Beyond the features listed here, Cloudfleet is frequently updated for improved stability, performance, and security. You may notice your CFKE version number increasing without any visible features as we continuously enhance the underlying platform.

May 22, 2026

  • FIXED: After a control plane component was rescheduled, the Kubernetes API server could return an HTTP 500 error in a specific case: when a client requested a list of Kubernetes events at a particular resource version. Long-running clients such as controllers and operators that watch events could get stuck retrying this request and would not recover until restarted. These requests now complete correctly, and affected clients re-synchronize on their own without a restart. No action is required on your part.

  • FIXED: A regression caused the Kubernetes API server to return HTTP 500 errors instead of standard 409 conflict responses when multiple components updated the same object at the same time. This most often affected controllers and operators that frequently update object status, such as node and workload status patches. These concurrent updates are once again returned as 409 conflicts and retried automatically, so writes succeed without surfacing errors to clients. No action is required on your part.

  • The NVIDIA GPU driver installed on GPU nodes has been updated to version 595.0.0.

These changes are rolling out gradually across all Cloudfleet regions and will reach every cluster automatically over the coming days.

May 14, 2026

  • CFKE control plane endpoints are now served with publicly signed TLS certificates. The new endpoint_public field on the cluster resource exposes this URL, and the Cloudfleet CLI 0.10.0 uses it when generating kubeconfigs, so kubectl no longer needs to trust an embedded private CA bundle. The previous endpoint field, which points to the privately signed URL, is now deprecated and will be removed in a future release. Existing kubeconfigs continue to work without any action on your part, but we recommend regenerating them with cloudfleet auth update-config to pick up the new endpoint.

Cloudfleet CLI 0.10.0 also ships a set of authentication fixes that address recurring failure modes reported by customers.

  • FIXED: Concurrent CLI invocations no longer open a flood of browser windows when the cached token has expired. Parallel invocations now coordinate, so they share a single browser window and the refreshed token.
  • FIXED: kubectl and docker commands no longer break after an interactive login because of stray output from the browser launcher mixing into the credential helper response.
  • FIXED: cloudfleet auth configure-docker is now safe to run repeatedly. Previously, re-running the command would fail with an “already exists” error whenever the CLI binary path had changed since the first run, which happens routinely with Homebrew, Nix, and other package managers that install each version to a new location.
  • FIXED: Authentication now works on WSL2 where the CLI cannot launch a Linux browser automatically. The CLI prints the login URL and keeps the callback server running, so you can paste the URL into the Windows host browser and complete the flow without installing wslu or other Linux desktop integrations.

May 13, 2026

  • Cloudfleet now ships its own support ticketing system, replacing the embedded third-party form. The new support center lives inside the Cloudfleet console and is also available through the API, the cloudfleet CLI, and the Cloudfleet MCP server, so tickets can be opened, tracked, and answered from automation or AI assistants alongside the rest of your Cloudfleet workflow. Tickets are scoped to the organization, so every member shares one backlog. For details, see the Support tickets documentation.

May 11, 2026

  • Native CI/CD integration is now available for CFKE clusters. GitHub Actions workflows and GitLab CI jobs can authenticate to your clusters using OpenID Connect workload identity federation, with no long-lived API tokens or kubeconfigs stored in your repositories. The cluster’s API server trusts GitHub and GitLab as identity providers directly, so a workflow mints a short-lived OIDC token at runtime and kubectl authenticates as the workflow itself. RBAC and ValidatingAdmissionPolicy can be bound to specific repositories, branches, tags, or deployment environments for fine-grained access control. For setup instructions, see the GitHub Actions and GitLab CI integration guides.

May 3, 2026

  • Fleet constraints are now available in private preview. Fleet constraints let you pin a Fleet to a specific cloud, region, instance family, or other attributes, so node auto-provisioning only considers infrastructure that matches your requirements. Once a Fleet is constrained, your pod specifications no longer need to repeat the same node selectors, affinities, or tolerations to steer workloads, which simplifies cluster setup and removes a common source of misconfiguration. For more details, see the Fleet constraints documentation.
  • Fleets with static capacity are now available in private preview. Static capacity lets you reserve a fixed number of nodes of a specific instance type, cloud, and region inside a Fleet, similar to a traditional node pool. This is suitable for workloads that need hot capacity available at all times, such as latency-sensitive services or applications that cannot tolerate cold starts during scale-up. Static capacity coexists with auto-provisioned capacity in the same cluster, so you can mix reserved baseline nodes with elastic burst capacity. For more details, see the Fleets with static capacity documentation.
  • Auto-provisioning profiles are now available in private preview. Profiles let you tune how the node auto-provisioner consolidates capacity in a Fleet. By default, CFKE pursues aggressive cost optimization, disrupting and replacing under-utilized nodes whenever it sees a cheaper layout. With profiles, you can switch to a less invasive policy, for example consolidating only nodes that are already empty, so long-running pods are not evicted for repacking. This gives you control over the trade-off between infrastructure cost and workload disruption. For more details, see the Auto-provisioning profiles documentation.

All three features currently require Cloudfleet support to enable them on your account. Please reach out to Cloudfleet support with your requirements and we will configure the constraints, static capacity, or auto-provisioning profile for your Fleet. In the very near future, these options will be self-service through the API, the console, and the Terraform provider.

May 1, 2026

  • A recently disclosed Linux kernel vulnerability (CVE-2026-31431, also known as “Copy Fail”) allows a local unprivileged user on a node to gain root access. The flaw is in a kernel cryptography component and affects most Linux distributions currently in use, including the Ubuntu kernels that CFKE worker nodes are based on. As a quick mitigation, Cloudfleet has rolled out a small DaemonSet that runs in the kube-system namespace of every CFKE cluster. On each node, it disables the affected kernel component and persists the change across reboots. No action is required from you. This is a stopgap. We will follow up by integrating the same protection into our node provisioning so freshly bootstrapped nodes are protected from first boot, and by adopting upstream kernel fixes once the operating systems we use publish them. For background, see the NVD entry and Ubuntu’s advisory.

April 22, 2026

  • FIXED: kubectl logs, kubectl exec, kubectl port-forward, and other kubelet-proxied commands could fail intermittently against self-managed nodes after a node was removed and re-added to the cluster. The control plane now resolves self-managed node addresses with a stable preference order, restoring reliable connectivity to re-added nodes without requiring any user action.

April 16, 2026

  • Hetzner Cloud Fleets now support bringing your own network. Instead of letting CFKE create a dedicated cfke-CLUSTER_ID-NETWORK_REGION_NAME network per region, you can attach a Fleet to an existing Hetzner Cloud network you manage. This is useful when you need nodes to coexist with other workloads in the same private network, share routes with customer-managed virtual machines, or apply your own network and firewall topology. To enable this for your Fleet, reach out to Cloudfleet support. For more context, see the Hetzner Cloud fleet configuration documentation.

April 10, 2026

  • Cloudfleet Kubernetes Engine now supports the following cloud providers with native instance and load balancing auto-provisioning: Upcloud, Exoscale, Scaleway and OVH. These integrations are still in private preview, please reach out to your Cloudfleet Account Manager or to Cloudfleet support to have an early access.

February 26, 2026

  • FIXED: An issue was identified where Hetzner Cloud API rate limits were being hit during periods of high cluster activity, causing delays in node provisioning and other cluster operations. Proactive rate limit handling with circuit breaking has been implemented to prevent CFKE from exceeding Hetzner API limits.

February 25, 2026

  • FIXED: CFKE no longer removes Hetzner Cloud networks and firewalls during resource cleanup when customer-managed virtual machines are attached to them. Previously, adding your own VMs to a CFKE-managed Hetzner network could result in unintended network disruption during cleanup operations.

February 23, 2026

  • Node auto-provisioning now calculates resource reservations dynamically based on instance size. This improves scheduling accuracy and prevents memory overcommit, particularly on smaller instances.
  • Automatic Ubuntu package upgrades are now disabled on cluster nodes, preventing unexpected kubelet restarts caused by unattended system updates.

January 31, 2026

  • FIXED: An issue that impacted a small percentage of our customer clusters was identified and addressed. The issue occurred because one of our supported cloud providers, Hetzner, would report a certain family of instance types as available although they had removed them from their offerings. Our node auto-provisioner would sometimes select this instance as a provisioning candidate. The cloud provider API in this case would return an unexpected type of error that would cause our node auto-provisioning to enter into a retry loop. This loop would eventually lead our node auto-provisioner to be rate limited, and as a consequence impair other critical cluster functionality such as node initialization, garbage collection, and load balancer management.

    We have disabled this family of instances manually in our catalog and also rolled out a fix to recognize this error type properly and stop retrying.

December 30, 2025

  • CFKE’s Cilium version was upgraded to 1.18.5. This release includes updated BGP CRDs that now use the stable cilium.io/v2 API version instead of the deprecated v2alpha1. If you are using BGP for on-premises load balancing, update your manifests to use apiVersion: cilium.io/v2. For more details, see the On-premises load balancing with BGP documentation.

December 29, 2025

  • FIXED: A critical issue was identified that impacted large clusters and clusters that span multiple clouds, regions or datacenters. The issue would cause higher than usual CPU and bandwidth consumption, and cause intermittent network issues for inter-node traffic. The issue is now addressed and all new auto-provisioned nodes will receive the fix. Customers are advised to replace their nodes by draining the existing ones, and use the CLI 0.8.8 and Terraform Provider 0.1.7 to add their self-managed nodes again to the cluster. In cases where node replacement is not feasible, please reach out to Cloudfleet support to discuss a tailored solution.

December 28, 2025

  • The Cloudfleet CLI is now available via our official YUM repository for Red Hat-based Linux distributions including Fedora, RHEL, CentOS, Rocky Linux, and AlmaLinux. This makes installation and updates simple using your native package manager. For installation instructions, see the Install Cloudfleet CLI documentation.

December 27, 2025

  • Cloudfleet Container Registry (CFCR) is now available in preview. CFCR is a fully managed, private container registry that integrates seamlessly with CFKE clusters. Store Docker images, multi-architecture images, and Helm charts in an OCI-compliant registry. CFKE clusters authenticate automatically, so you do not need to create image pull secrets or manage credentials. Available in Europe, North America, and APAC regions. For more details, see the Container Registry overview.

December 14, 2025

  • Node auto-provisioning now automatically tries the next available instance type when cloud provider capacity is exhausted. This improvement reduces scheduling delays during high-demand periods by seamlessly falling back to alternative instance types that meet your workload requirements.

December 13, 2025

  • CFKE now supports the new Hetzner Cloud shared vCPU server families: CX Gen3 (cx23, cx33, cx43, cx53) and CPX Gen2 (cpx12, cpx22, cpx32, cpx42, cpx52, cpx62). For more details, see the Hetzner announcement blog post and the node auto-provisioning documentation.
  • We want to inform you that Hetzner has deprecated the following instance types: cx22, cx32, cx42, cx52, cpx11, cpx21, cpx31, cpx41, cpx51. Starting January 1, 2026, these will no longer be available for new orders by Hetzner end users. However, CFKE can still provision them, and we want to provide as many options as possible if node auto-provisioning believes they bring a cost advantage. These instance types will be removed from CFKE once Hetzner stops offering them entirely. To force node auto-provisioning to not consider them today, use node anti-affinity in your pod definition:
spec:
  affinity:
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
          - matchExpressions:
              - key: node.kubernetes.io/instance-type
                operator: NotIn
                values:
                  - cx22
                  - cx32
                  - cx42
                  - cx52
                  - cpx11
                  - cpx21
                  - cpx31
                  - cpx41
                  - cpx51

December 8, 2025

  • The Cloudfleet CLI now includes a built-in Model Context Protocol (MCP) server. This integration enables AI assistants like Claude, Cursor, and other MCP-compatible tools to interact with your Cloudfleet infrastructure through natural language. You can list clusters, query Kubernetes resources, and manage your infrastructure directly from AI-powered conversations. For setup instructions, see the MCP server documentation.

November 24, 2025

  • CFKE now includes enhanced security measures to mitigate DNS amplification attacks. The data plane security has been hardened to prevent clusters from being used as reflectors in DNS-based DDoS attacks.

November 10, 2024

  • CFKE has deeper support for the Tailscale operator now. The solution requires clusters to be configured with a custom Cilium configuration. If you want your cluster to be configured with this setting, please reach out to support.

October 22, 2025

  • Sharing GPUs using time-slicing or MPS is now available for clusters with NVIDIA GPUs. This feature allows multiple pods to share a single GPU, improving resource utilization and reducing costs. For more details, see the updated GPU-based workloads documentation.

October 10, 2025

  • Load Balancing on GCP is now generally available (GA). This feature adds support for Load Balancer type of services for GCP. For more details, see the Exposing applications to the internet documentation.

August 15, 2025

  • Load Balancing on AWS and GCP are now available in Private Preview. Please contact support to opt-in.
  • networking.cfke.io/proxy-protocol annotation is now available for Services with Load Balancer type. This annotation allows you to enable or disable the Proxy Protocol for the Load Balancer, providing better compatibility with certain applications that require the original client IP address. For more details, see the updated Exposing applications to the internet documentation.

August 5, 2025

  • Cloudfleet Terraform Provider is now generally available (GA). This provider allows you to manage your entire Cloudfleet infrastructure stack as code, including clusters, multi-cloud fleets for node auto-provisioning, and self-managed nodes that extend your reach to any platform. For more details, see the Terraform documentation.
  • Basic and Pro clusters now have different Control Plane API limits. Check out the new control plane scalability document to learn more about the changes.

July 12, 2025

July 7, 2025

  • The IAM permissions required for accessing private container registries have been updated based on the control plane region. Please refer to the updated Private container registries documentation for the latest IAM permissions required.

July 3, 2025

  • CFKE’s Cilium deployment now allows running other CNI plugins alongside it. This change enables installation of software like Istio CNI node agent. See the new Istio deployment tutorial for details on how to deploy Istio with Cilium.
  • Hetzner Cloud private network is now adjusted in a way to leave enough IP space to create a additional subnetwork. This allows creating a subnetwork to use with vSwitches.

June 28, 2025

  • The cfke.io/instance-family label is now available for node auto-provisioning. This label allows you to specify the instance family for node auto-provisioning while leaving the instance size selection to CFKE. For example, you can use cfke.io/instance-family: ccx to select the Hetzner Cloud CCX (dedicated CPU) instance family. This feature provides more flexibility in choosing the instance family while still allowing CFKE to determine the optimal instance size.

June 26, 2025

  • The first European region, europe-central-1a, is now available for CFKE users. Located in Frankfurt, Germany, this region offers low-latency access to European customers and supports a wide range of instance types and services. Check out the launch blog post for more details.
  • CFKE control plane is now also available with an IPv6 address. This change is currently only available in the europe-central-1a region and will be rolled out to other regions soon.

June 19, 2025

  • Hetzner instances are now created with an IPv6 address by default in addition to the IPv4 address. This change enhances network connectivity and allows for better integration with modern networking standards.
  • Fixed a bug where Pro cluster control plane replicas were mistakenly placed in the same availability zone. This fix ensures that control plane replicas are distributed across different availability zones, improving reliability and fault tolerance.

May 27, 2025

  • CFKE now supports limiting control plane access to specific IP addresses. This feature is only available on the Enterprise plan.

May 26, 2025

  • CFKE now supports internal load balancing for Hetzner Cloud. This feature allows you to create load balancers that are only accessible to other instances within the same network. For more details, see the updated Exposing applications to the internet documentation.
  • CFKE now supports Egress Gateways. This feature allows you to route outbound traffic from the cluster through dedicated nodes, providing better control over egress traffic and enabling advanced routing capabilities. For more details, see the Egress Gateways documentation.
  • CFKE now supports the Metrics API by default. This enables Kubernetes features like Horizontal Pod Autoscaler to work out of the box without additional configuration.

May 22, 2025

  • CFKE now supports overriding the Hetzner Load Balancer scale by specifying networking.cfke.io/hetzner-load-balancer-scale in the Service specification. Previously, CFKE automatically determined the scale based on the number of nodes in the cluster. You can now specify the desired scale for the Hetzner Load Balancer, allowing for more granular control over load balancing behavior. See the updated Exposing applications to the internet documentation for details.

May 19, 2025

  • Fixed a bug where non-administrators were unable to view the cluster nodes in the Cloudfleet console.

May 1, 2025

  • CFKE upgraded Kubernetes versions to 1.30.12, 1.31.8, and 1.32.4.

April 24, 2025

  • Self-managed nodes are now garbage collected one hour after their last heartbeat to the CFKE control plane. This change helps clean up unused nodes and free up resources in the cluster. Garbage collected nodes will rejoin the cluster once they communicate with the CFKE control plane again.

April 13, 2025

  • CFKE upgraded Kubernetes versions to 1.30.10, 1.31.6, and 1.32.2. With this release, support for 1.29 was dropped and 1.32 was introduced with its latest patch version.

March 31, 2025

  • CFKE now cleans up unused resources like firewalls and networks from Hetzner Cloud when there are no nodes remaining in the cluster.
  • Fixed an issue with GCP where spot instances were not removed after preemption but remained in a stopped state. Spot instances are now properly removed from the project after preemption.

March 3, 2025

  • Built-in CoreDNS no longer uses ports 8080, 8081, and 9153 on the host network. This change enables you to use these ports for your own applications without conflicts.

February 5, 2025

  • CFKE’s Cilium version was upgraded to 1.17.0.

February 4, 2025

  • Fixed a race condition that caused issues when a node belonging to a deleted Fleet also became NotReady and got stuck in the cluster.

February 1, 2025

  • Fixed an issue where nodes hosted on Oracle Cloud Infrastructure (OCI) had problems with in-cluster DNS resolution. This fix resolves side effects that affected commands like kubectl exec and kubectl logs.
  • Managed Load Balancing is now Generally Available (GA). This feature allows you to create and manage load balancers for your services more efficiently. For more details, see the Exposing applications to the internet documentation.

January 28, 2025

  • CFKE now has topology-aware load balancing enabled by default. This feature allows Kubernetes to route traffic to the closest node in the cluster, improving performance and reducing latency. For more details, see the Kubernetes documentation on Topology Aware Routing.

January 10, 2025

  • BGP Data Plane is now available for CFKE clusters by default. This feature allows you to use BGP in on-premises locations to expose cluster services to the LAN or WAN. For more details, see the On-premises load balancing with BGP documentation.

January 7, 2025

  • Managed NVIDIA driver installation is now available for self-managed nodes. This feature allows you to install NVIDIA drivers on your self-managed nodes without manual installation. For more details, see the updated Self-managed nodes documentation.

January 2, 2025

  • NVIDIA Device plugin is now part of CFKE clusters and runs on each node with NVIDIA hardware. This plugin enables Kubernetes to schedule GPU workloads on nodes with NVIDIA GPUs. For more details, see the updated GPU-based workloads documentation.

December 8, 2024

  • CFKE upgraded Kubernetes versions to 1.29.3, 1.30.7, and 1.31.3. With this release, Kubernetes 1.30 and 1.31 were introduced with their latest patch versions.

November 30, 2024

  • Fixed an issue with ARM instance scheduling.

October 22, 2024

  • Cloudfleet General Availability Launch: We’re thrilled to announce that Cloudfleet is now Generally Available (GA)! Cloudfleet is now ready for production workloads. Thank you to our early adopters and beta users for their valuable feedback. We’re excited to see how you’ll use Cloudfleet to build, deploy, and manage your cloud-native applications at scale.
On this page