v2.19.3

📋 v2.19.3 Patch Release

This is a patch release for the v2.19 series focused on upgrade-safe reliability fixes. It is intended to be backward-compatible and upgrade-safe from v2.19.2.

Patch fixes:

• Terraform Legacy Module Regression - Removed the child-module GitHub provider configuration that prevented callers from using count, for_each, or depends_on; release lookups now use unauthenticated HTTP requests instead (#2155).
• SSH Public Key Normalization - Trimmed trailing whitespace from SSH public keys to avoid Hetzner provider apply inconsistencies when users pass keys with file(...).
• NAT Router Validation - Made NAT router validations null-safe when nat_router = null (#2152, #2153).
• Autoscaler ZRAM Bootstrap - Fixed autoscaler nodes hanging in cloud-init when zram_size is configured (#2161, #2162).
• NAT Router Fail2ban - Fixed the Debian 12 SSH jail by applying journald/systemd backend support and starting/restarting fail2ban during NAT router provisioning (#2163).
• MicroOS Snapshot Growth - Reduced snapper timeline retention to avoid disk pressure on small nodes (#2167).
• Longhorn Volume Reconfiguration - Re-runs Longhorn volume setup on volume identity/size/path/fstype changes, grows filesystems correctly, and stores fstab entries by filesystem UUID instead of mutable Hetzner volume device IDs (#2174, #2180).
• System Upgrade Plans - Re-applies system-upgrade-controller Plans when system_upgrade_use_drain or system_upgrade_enable_eviction changes after initial provisioning (#2172).
• Control Plane LB Health Check - Added an explicit HTTPS /readyz health check for the control-plane load balancer while keeping the service TCP passthrough (#2176).
• Hetzner CSI Values Docs - Documented existing hetzner_csi_values support for custom CSI Helm values (#2168).
• Longhorn RWX Guidance - Documented the upstream Longhorn RWX/NFS 4.1 issue and the NFS 4.0 workaround (#2169).

Upgrade

module "kube-hetzner" {
  source  = "kube-hetzner/kube-hetzner/hcloud"
  version = "2.19.3"
}

terraform init -upgrade
terraform plan
terraform apply

Thanks

Thanks to @nacholiya, @acschm1d, @milesibastos, @stufently, and @amalysh for the upstream fixes that went into this patch train.

What's Changed

• v2.19.3 patch train by @mysticaltech in #2183
• Fix nat_router validation when variable is null by @nacholiya in #2153
• Fix zram.service autoscaler cloud-init deadlock by @acschm1d in #2162
• Fix NAT router fail2ban sshd jail on Debian 12 by @milesibastos in #2163
• Reduce snapper timeline limits to prevent disk fill by @stufently in #2167
• Trigger Longhorn filesystem resize on volume size change by @amalysh in #2174

New Contributors

• @nacholiya made their first contribution in #2153
• @acschm1d made their first contribution in #2162
• @milesibastos made their first contribution in #2163
• @stufently made their first contribution in #2167
• @amalysh made their first contribution in #2174

Full Changelog: v2.19.2...v2.19.3

v2.19.2

📋 v2.19.2 Patch Release

This is a patch release for v2.19.1. If upgrading from v2.18.x, please review the full release notes below including upgrade notes, new features, and breaking changes.

Patch fix:

• Audit Policy Bastion Connection - Fixed missing bastion SSH settings in audit_policy provisioner, enabling audit policy deployment for NAT router / private network setups (#2042) - thanks @CounterClops

---

⚠️ Upgrade Notes (from v2.18.x)

NAT Router Users (created before v2.19.0)

If you created a NAT router before v2.19.0 (when the hcloud provider used the now-deprecated datacenter attribute), you may see Terraform wanting to recreate your NAT router primary IPs. This would result in new IP addresses.

To check if you're affected, run terraform plan and look for changes to:

• hcloud_primary_ip.nat_router_primary_ipv4
• hcloud_primary_ip.nat_router_primary_ipv6

If Terraform shows replacement, you have two options:

1. Allow the recreation (simplest, but IPs will change):

   terraform apply

2. Migrate state manually (preserves IPs):

   # Remove old state entries
   terraform state rm 'module.kube-hetzner.hcloud_primary_ip.nat_router_primary_ipv4[0]'
   terraform state rm 'module.kube-hetzner.hcloud_primary_ip.nat_router_primary_ipv6[0]'
   
   # Import with current IPs (get IDs from Hetzner Cloud Console)
   terraform import 'module.kube-hetzner.hcloud_primary_ip.nat_router_primary_ipv4[0]' <ipv4-id>
   terraform import 'module.kube-hetzner.hcloud_primary_ip.nat_router_primary_ipv6[0]' <ipv6-id>
   
   terraform apply

Version Requirements

• Minimum Terraform version: 1.10.1
• Minimum hcloud provider version: 1.59.0

🚀 New Features

• Hetzner Robot Integration - Manage dedicated Robot servers via vSwitch and Cloud Controller Manager. New variables: robot_ccm_enabled, robot_user, robot_password, vswitch_id, vswitch_subnet_index (#1916)
• Audit Logging - Kubernetes audit logs with configurable policy via k3s_audit_policy_config and log rotation settings (#1825)
• Control Plane Endpoint - New control_plane_endpoint variable for stable external API server endpoint (e.g., external load balancers) (#1911)
• NAT Router Control Plane Access - Automatic port 6443 forwarding on NAT router when control_plane_lb_enable_public_interface is false (#2015)
• Smaller Networks - New subnet_amount variable enables networks smaller than /16 (#1971)
• Custom Subnet Ranges - Added subnet_ip_range to agent_nodepools for manual CIDR assignment (#1903)
• Autoscaler Swap/ZRAM - Added swap_size and zram_size support for autoscaler node pools (#2008)
• Autoscaler Resources - New cluster_autoscaler_replicas, cluster_autoscaler_resource_limits, cluster_autoscaler_resource_values (#2025)
• Flannel Backend - New flannel_backend variable to override flannel backend (wireguard-native, host-gw, etc.)
• Cilium XDP Acceleration - New cilium_loadbalancer_acceleration_mode variable (native, best-effort, disabled)
• K3s v1.35 Support - Added support for k3s v1.35 channel (#2029)
• Packer Enhancements - Configurable kernel_type, sysctl_config_file, and timezone for MicroOS snapshots (#2009, #2010)

🐛 Bug Fixes

• Audit Policy Bastion Connection (v2.19.1) - Fixed missing bastion SSH settings in audit_policy provisioner, enabling audit policy deployment for NAT router / private network setups (#2042)
• Longhorn Hotfix Tag Guidance - Clarified longhorn_version as chart version and documented longhorn_merge_values for targeted Longhorn image hotfix tags (e.g. manager/instance-manager) (#2054)
• Traefik v34 Compatibility - Fixed HTTP to HTTPS redirection config for Traefik Helm Chart v34+ (#2028)
• NAT Router IP Drift - Fixed infinite replacement cycle by migrating from deprecated datacenter to location (#2021)
• SELinux YAML Parsing - Fixed cloud-init SCHEMA_ERROR caused by improper YAML formatting of SELinux policy
• SELinux Missing Rules - Added rules for JuiceFS (sock_file write) and SigNoz (blk_file getattr)
• Kured Version Null - Fixed potential null value issues with kured_version logic (#2032)

🔧 Changes

• Default K3s Version - Bumped from v1.31 to v1.33 (#2030)
• Default System Upgrade Controller - Bumped to v0.18.0
• SELinux Policy Extraction - Moved to dedicated template file for maintainability
• terraform_data Migration - Migrated from null_resource to terraform_data with automatic state migration (#1548)
• remote-exec Refactor - Improved provisioner compatibility with Terraform Stacks (#1893)
• Custom GPT Updated - KH Assistant updated with v2.19.0 features, improved knowledge base, and cost calculator

---

👥 Contributors

Thanks to all contributors who made this release possible:

• K. N.
• Karim Naufal
• Patrick Krems
• Román Benjámin
• mysticaltech

What's Changed

📚 Documentation

• [AUTO] Update Terraform Documentation by @github-actions[bot] in #2056

Other Changes

• feat: add upgrade scheduling window support for k3s plans by @svetch in #2052
• feat: introduce nat_router redundancy by @psolru in #2051
• docs: clarify longhorn chart version and hotfix image overrides by @mysticaltech in #2151

New Contributors

• @svetch made their first contribution in #2052
• @psolru made their first contribution in #2051

Full Changelog: v2.19.1...v2.19.2

v2.19.1

📋 v2.19.1 Patch Release

This is a patch release for v2.19.0. If upgrading from v2.18.x, please review the full release notes below including upgrade notes, new features, and breaking changes.

Patch fix:

• Audit Policy Bastion Connection - Fixed missing bastion SSH settings in audit_policy provisioner, enabling audit policy deployment for NAT router / private network setups (#2042) - thanks @CounterClops

---

⚠️ Upgrade Notes (from v2.18.x)

NAT Router Users (created before v2.19.0)

If you created a NAT router before v2.19.0 (when the hcloud provider used the now-deprecated datacenter attribute), you may see Terraform wanting to recreate your NAT router primary IPs. This would result in new IP addresses.

To check if you're affected, run terraform plan and look for changes to:

• hcloud_primary_ip.nat_router_primary_ipv4
• hcloud_primary_ip.nat_router_primary_ipv6

If Terraform shows replacement, you have two options:

1. Allow the recreation (simplest, but IPs will change):

   terraform apply

2. Migrate state manually (preserves IPs):

   # Remove old state entries
   terraform state rm 'module.kube-hetzner.hcloud_primary_ip.nat_router_primary_ipv4[0]'
   terraform state rm 'module.kube-hetzner.hcloud_primary_ip.nat_router_primary_ipv6[0]'
   
   # Import with current IPs (get IDs from Hetzner Cloud Console)
   terraform import 'module.kube-hetzner.hcloud_primary_ip.nat_router_primary_ipv4[0]' <ipv4-id>
   terraform import 'module.kube-hetzner.hcloud_primary_ip.nat_router_primary_ipv6[0]' <ipv6-id>
   
   terraform apply

Version Requirements

• Minimum Terraform version: 1.10.1
• Minimum hcloud provider version: 1.59.0

🚀 New Features

• Hetzner Robot Integration - Manage dedicated Robot servers via vSwitch and Cloud Controller Manager. New variables: robot_ccm_enabled, robot_user, robot_password, vswitch_id, vswitch_subnet_index (#1916)
• Audit Logging - Kubernetes audit logs with configurable policy via k3s_audit_policy_config and log rotation settings (#1825)
• Control Plane Endpoint - New control_plane_endpoint variable for stable external API server endpoint (e.g., external load balancers) (#1911)
• NAT Router Control Plane Access - Automatic port 6443 forwarding on NAT router when control_plane_lb_enable_public_interface is false (#2015)
• Smaller Networks - New subnet_amount variable enables networks smaller than /16 (#1971)
• Custom Subnet Ranges - Added subnet_ip_range to agent_nodepools for manual CIDR assignment (#1903)
• Autoscaler Swap/ZRAM - Added swap_size and zram_size support for autoscaler node pools (#2008)
• Autoscaler Resources - New cluster_autoscaler_replicas, cluster_autoscaler_resource_limits, cluster_autoscaler_resource_values (#2025)
• Flannel Backend - New flannel_backend variable to override flannel backend (wireguard-native, host-gw, etc.)
• Cilium XDP Acceleration - New cilium_loadbalancer_acceleration_mode variable (native, best-effort, disabled)
• K3s v1.35 Support - Added support for k3s v1.35 channel (#2029)
• Packer Enhancements - Configurable kernel_type, sysctl_config_file, and timezone for MicroOS snapshots (#2009, #2010)

🐛 Bug Fixes

• Audit Policy Bastion Connection (v2.19.1) - Fixed missing bastion SSH settings in audit_policy provisioner, enabling audit policy deployment for NAT router / private network setups (#2042)
• Traefik v34 Compatibility - Fixed HTTP to HTTPS redirection config for Traefik Helm Chart v34+ (#2028)
• NAT Router IP Drift - Fixed infinite replacement cycle by migrating from deprecated datacenter to location (#2021)
• SELinux YAML Parsing - Fixed cloud-init SCHEMA_ERROR caused by improper YAML formatting of SELinux policy
• SELinux Missing Rules - Added rules for JuiceFS (sock_file write) and SigNoz (blk_file getattr)
• Kured Version Null - Fixed potential null value issues with kured_version logic (#2032)

🔧 Changes

• Default K3s Version - Bumped from v1.31 to v1.33 (#2030)
• Default System Upgrade Controller - Bumped to v0.18.0
• SELinux Policy Extraction - Moved to dedicated template file for maintainability
• terraform_data Migration - Migrated from null_resource to terraform_data with automatic state migration (#1548)
• remote-exec Refactor - Improved provisioner compatibility with Terraform Stacks (#1893)
• Custom GPT Updated - KH Assistant updated with v2.19.0 features, improved knowledge base, and cost calculator

---

👥 Contributors

Thanks to all contributors who made this release possible:

• CounterClops
• K. N.
• Karim Naufal
• dependabot[bot]

What's Changed

Other Changes

• Fix: Add missing bastion options to audit_policy connection by @CounterClops in #2042

New Contributors

• @CounterClops made their first contribution in #2042

Full Changelog: v2.19.0...v2.19.1

v2.19.0

⚠️ Upgrade Notes

NAT Router Users (created before v2.19.0)

If you created a NAT router before v2.19.0 (when the hcloud provider used the now-deprecated datacenter attribute), you may see Terraform wanting to recreate your NAT router primary IPs. This would result in new IP addresses.

To check if you're affected, run terraform plan and look for changes to:

• hcloud_primary_ip.nat_router_primary_ipv4
• hcloud_primary_ip.nat_router_primary_ipv6

If Terraform shows replacement, you have two options:

1. Allow the recreation (simplest, but IPs will change):

   terraform apply

2. Migrate state manually (preserves IPs):

   # Remove old state entries
   terraform state rm 'module.kube-hetzner.hcloud_primary_ip.nat_router_primary_ipv4[0]'
   terraform state rm 'module.kube-hetzner.hcloud_primary_ip.nat_router_primary_ipv6[0]'
   
   # Import with current IPs (get IDs from Hetzner Cloud Console)
   terraform import 'module.kube-hetzner.hcloud_primary_ip.nat_router_primary_ipv4[0]' <ipv4-id>
   terraform import 'module.kube-hetzner.hcloud_primary_ip.nat_router_primary_ipv6[0]' <ipv6-id>
   
   terraform apply

Version Requirements

• Minimum Terraform version: 1.10.1
• Minimum hcloud provider version: 1.59.0

🚀 New Features

• Hetzner Robot Integration - Manage dedicated Robot servers via vSwitch and Cloud Controller Manager. New variables: robot_ccm_enabled, robot_user, robot_password, vswitch_id, vswitch_subnet_index (#1916)
• Audit Logging - Kubernetes audit logs with configurable policy via k3s_audit_policy_config and log rotation settings (#1825)
• Control Plane Endpoint - New control_plane_endpoint variable for stable external API server endpoint (e.g., external load balancers) (#1911)
• NAT Router Control Plane Access - Automatic port 6443 forwarding on NAT router when control_plane_lb_enable_public_interface is false (#2015)
• Smaller Networks - New subnet_amount variable enables networks smaller than /16 (#1971)
• Custom Subnet Ranges - Added subnet_ip_range to agent_nodepools for manual CIDR assignment (#1903)
• Autoscaler Swap/ZRAM - Added swap_size and zram_size support for autoscaler node pools (#2008)
• Autoscaler Resources - New cluster_autoscaler_replicas, cluster_autoscaler_resource_limits, cluster_autoscaler_resource_values (#2025)
• Flannel Backend - New flannel_backend variable to override flannel backend (wireguard-native, host-gw, etc.)
• Cilium XDP Acceleration - New cilium_loadbalancer_acceleration_mode variable (native, best-effort, disabled)
• K3s v1.35 Support - Added support for k3s v1.35 channel (#2029)
• Packer Enhancements - Configurable kernel_type, sysctl_config_file, and timezone for MicroOS snapshots (#2009, #2010)

🐛 Bug Fixes

• Traefik v34 Compatibility - Fixed HTTP to HTTPS redirection config for Traefik Helm Chart v34+ (#2028)
• NAT Router IP Drift - Fixed infinite replacement cycle by migrating from deprecated datacenter to location (#2021)
• SELinux YAML Parsing - Fixed cloud-init SCHEMA_ERROR caused by improper YAML formatting of SELinux policy
• SELinux Missing Rules - Added rules for JuiceFS (sock_file write) and SigNoz (blk_file getattr)
• Kured Version Null - Fixed potential null value issues with kured_version logic (#2032)

🔧 Changes

• Default K3s Version - Bumped from v1.31 to v1.33 (#2030)
• Default System Upgrade Controller - Bumped to v0.18.0
• SELinux Policy Extraction - Moved to dedicated template file for maintainability
• terraform_data Migration - Migrated from null_resource to terraform_data with automatic state migration (#1548)
• remote-exec Refactor - Improved provisioner compatibility with Terraform Stacks (#1893)
• Custom GPT Updated - KH Assistant updated with v2.19.0 features, improved knowledge base, and cost calculator

---

👥 Contributors

Thanks to all contributors who made this release possible:

• • Co-authored-by trailers
• Adonis
• BrammyS
• Jan Frederik Léger
• K. N.
• Karim Naufal
• Markus Seidl
• Nikolas Zimmermann
• Paul Blum
• Saarko
• Sjoerd Mulder
• Vladyslav Mankivskyi
• elkh510
• github-actions[bot]
• mysticaltech
• pat-s
• sannysoft
• vsalomaki

What's Changed

📚 Documentation

• [AUTO] Update Terraform Documentation by @github-actions[bot] in #2033
• [AUTO] Update Terraform Documentation by @github-actions[bot] in #2035
• [AUTO] Update Terraform Documentation by @github-actions[bot] in #2036
• [AUTO] Update Terraform Documentation by @github-actions[bot] in #2037
• [AUTO] Update Terraform Documentation by @github-actions[bot] in #2038

Other Changes

• fix: align kured_version logic with csi/calico pattern by @mysticaltech in #2032
• Upgrade traefik default configuration to new traefik-helm requirements by @markus-seidl in #2028
• fix: replace deprecated datacenter attribute with location in nat-router by @elkh510 in #2021
• Add Configurable Replicas and Resources for Cluster Autoscaler by @sannysoft in #2025
• feat: add support for v1.35.0+k3s1 by @BrammyS in #2029
• feat: Default k3s should be supported by @BrammyS in #2030
• feat: Allow for networks smaller than 16 bits by @paulblum00 in #1971
• Add audit-log feature by @sando38 in #1825
• add control_plane_endpoint variable for external load balancer by @AdoPi in #1911
• Use NAT-router for control plane access too by @sjoerdmulder in #2015
• feat: allow defining custom subnet ip ranges for static agent pools by @pat-s in #1903
• docs: consistent heredoc syntax and boolean types across all docs by @mysticaltech in #2034
• feat: add configurable timezone for packer MicroOS snapshots by @nikolaszimmermann in #2011
• refactor: replace local-exec for remote-exec in hcloud_server.server by @FullmetalBober in #1893
• Hetzner Robot dedicated server usage via Terraform-scripts, update instructions by @vsalomaki in #1916
• Replace null_resource with terraform_data by @janfrederik in #1548
• fix: ensure backward compatibility for v2.19.0 release by @mysticaltech in #2039

New Contributors

• @markus-seidl made their first contribution in #2028
• @elkh510 made their first contribution in #2021
• @sannysoft made their first contribution in #2025
• @paulblum00 made their first contribution in #1971
• @sando38 made their first contribution in #1825
• @AdoPi made their first contribution in #1911
• @sjoerdmulder made their first contribution in #2015
• @FullmetalBober made their first contribution in #1893

Full Changelog: v2.18.5...v2.19.0

v2.18.5

What's Changed

Other Changes

• New server types & default location by @vonox7 in #1991
• Feature: Support deepmerge on *_values variables by @bbetter173 in #1983
• fix: Github provider picking up GITHUB_TOKEN and trying to authenticate by @lucasra1 in #1982
• [AUTO] Update Terraform Documentation by @github-actions[bot] in #1994
• Update hcloud plugin source in Packer template by @lucasra1 in #1977
• build(deps): bump peter-evans/create-pull-request from 7 to 8 by @dependabot[bot] in #1975
• Update hetzner server type references by @YaRissi in #1966
• build(deps): bump actions/checkout from 5 to 6 by @dependabot[bot] in #1962
• Fix some confusion points regarding using user kustomization by @Navidda in #1961
• Retry private interface rename by @mrjoe7 in #1960
• Fix cloud-init schema validation errors in autoscaler template by @superali in #1959
• Fix homebrew install command by @Niek in #1955
• Fix load balancer IP configuration for hcloud provider 1.56+ by @arbianshkodra in #1954
• fix: change private network interface and ssh connection timeout by @fabioluciano in #1950
• Apply end-of-file fixer pre-commit by @vsalomaki in #1946
• Compact taint lists by @victorlane in #1952
• Stabilize LB IP upgrades and private-only routing by @mysticaltech in #1995
• Fix targets registering twice on load balancers by @mrjoe7 in #1929
• Wait for system deployments and jobs on init by @vsalomaki in #1948
• Consolidate community PRs: LB fix, wait for deployments, longhorn mount path, kubelet config by @mysticaltech in #1996
• [AUTO] Update Terraform Documentation by @github-actions[bot] in #1998
• fix: detect public network interface dynamically for ARM servers by @mysticaltech in #2001

New Contributors

• @vonox7 made their first contribution in #1991
• @bbetter173 made their first contribution in #1983
• @lucasra1 made their first contribution in #1982
• @YaRissi made their first contribution in #1966
• @Navidda made their first contribution in #1961
• @mrjoe7 made their first contribution in #1960
• @superali made their first contribution in #1959
• @Niek made their first contribution in #1955
• @fabioluciano made their first contribution in #1950
• @victorlane made their first contribution in #1952

Full Changelog: v2.18.4...v2.18.5

v2.18.4

What's Changed

Other Changes

• Add clusterCIDR to Hetzner CCM Helm Chart networking configuration by @sshcherbinin in #1930
• Add support for Kubernetes Gateway API in Traefik configuration by @patope in #1933
• [AUTO] Update Terraform Documentation by @github-actions[bot] in #1934
• fix: providers is blocking external load balancer by @sfroment in #1935
• fix: Make sure nodes have persistent default routes #1873 by @seletz in #1940
• Fix connectivity issues by @mysticaltech in #1941

New Contributors

• @sshcherbinin made their first contribution in #1930
• @sfroment made their first contribution in #1935
• @seletz made their first contribution in #1940

Full Changelog: v2.18.3...v2.18.4

v2.18.3

What's Changed

Other Changes

• Improve interface detection logic in cloudinit script by @arbianshkodra in #1863
• [Bug]: Hardcoded gateway 10.0.0.1 breaks custom network_ipv4_cidr (e.g. 10.1.0.0/16) by @elopsod in #1901
• Adds v1.34 to stable releases by @BrammyS in #1922
• Update Chocolatey installation command for Windows by @Kaszanas in #1920
• Document kube.tf autoscaler min_nodes option by @Giuliopime in #1910
• Fix typo mutliple-namespaces -> multiple-namespaces by @basnijholt in #1898

New Contributors

• @elopsod made their first contribution in #1901
• @Kaszanas made their first contribution in #1920
• @Giuliopime made their first contribution in #1910
• @basnijholt made their first contribution in #1898

Full Changelog: v2.18.2...v2.18.3

v2.18.2

What's Changed

Other Changes

• [AUTO] Update Terraform Documentation by @github-actions[bot] in #1855
• fixes autoscaler resource permissions by @mariusheine in #1859
• build(deps): bump dflook/terraform-validate from 2.1.0 to 2.2.1 by @dependabot[bot] in #1857
• build(deps): bump dflook/terraform-fmt-check from 2.1.0 to 2.2.1 by @dependabot[bot] in #1858
• fix: increase system-upgrade-controller timeout to 900s by @mysticaltech in #1881
• fix: add tolerations to Cilium Operator for cloud provider initialization taint by @mysticaltech in #1882
• Revert "fix: add tolerations to Cilium Operator for cloud provider initialization taint" by @mysticaltech in #1884
• fix: add retry logic and timeout for network migration during upgrades by @mysticaltech in #1883
• Fix circular dependency with Hetzner CCM Helm deployment and Cilium CNI by @mysticaltech in #1885
• fix: update kured deployment to use combined.yaml manifest by @mysticaltech in #1906
• feat: add version-based YAML suffix detection for kured by @ViktorSchroeder in #1888
• build(deps): bump actions/checkout from 4 to 5 by @dependabot[bot] in #1874
• build(deps): bump dflook/terraform-fmt-check from 2.2.1 to 2.2.2 by @dependabot[bot] in #1870
• build(deps): bump dflook/terraform-validate from 2.2.1 to 2.2.2 by @dependabot[bot] in #1869
• Added cert_manager_version var in kube.tf.example by @PCatinean in #1875
• [AUTO] Update Terraform Documentation by @github-actions[bot] in #1907
• build(deps): bump reviewdog/action-tfsec from 1.29.0 to 1.30.0 by @dependabot[bot] in #1896

New Contributors

• @mariusheine made their first contribution in #1859
• @ViktorSchroeder made their first contribution in #1888
• @PCatinean made their first contribution in #1875

Full Changelog: v2.18.1...v2.18.2

v2.18.1

What's Changed

Other Changes

• docs: update llms.md with new configuration options by @mysticaltech in #1846
• Update README.md by @mysticaltech in #1847
• fix: restore backward compatibility for subnet allocation (Fixes #1852, #1853) by @mysticaltech in #1854
• Add installation commands & TOC to README by @cyb3rko in #1848

New Contributors

• @cyb3rko made their first contribution in #1848

Full Changelog: v2.18.0...v2.18.1

v2.18.0 (❌ Broken, skip to the next)

IMPORTANT, please see corrective PR #1854, this release is broken, don't upgrade to it, it's important to upgrade directly to v2.18.1.

What's Changed

Other Changes

• Feat/nat router by @valkenburg-prevue-ch in #1681
• [AUTO] Update Terraform Documentation by @github-actions[bot] in #1826
• fix: add enable_ipv4 and enable_ipv6 flags to autoscaler configuration by @mysticaltech in #1827
• fix: use load balancer network IP for private-only deployments by @mysticaltech in #1828
• chore: robostify default interface detection by @pat-s in #1814
• fix: disable ACMEHTTP01IngressPathTypeExact for nginx compatibility by @mysticaltech in #1834
• [AUTO] Update Terraform Documentation by @github-actions[bot] in #1835
• fix: wait for NetworkManager before setting DNS to prevent race condition by @mysticaltech in #1837
• fix: correct cert-manager extraArgs format to use array syntax by @mysticaltech in #1840
• feat: add support & docs for adding Hetzner Robot servers as nodes by @pat-s in #1792
• [AUTO] Update Terraform Documentation by @github-actions[bot] in #1843
• fix: correct Hetzner CCM helm integration for Robot server support by @mysticaltech in #1844
• fix: add explicit routing configuration for Hetzner DHCP changes by @mysticaltech in #1845
• Prevent Hetzner default nameservers from being added to /etc/resolv.conf by @windler in #1819

New Contributors

• @windler made their first contribution in #1819

Full Changelog: v2.17.4...v2.18.0