SUSE Virtual Cluster v1.1.0 Release Highlights

New Features

  • Enhanced Security & Execution: Virtual clusters now support custom runtime classes and security contexts, as well as hostUsers mapping directly in the cluster spec. (#742, #787)

  • Storage Sync: Host StorageClasses are now seamlessly synced to the virtual cluster. For more details on how this works, check out our new Resource Sync guide. (#681)

  • Resource & Scheduling Control: Major upgrades to scheduling, including the introduction of Pod affinity (preferring scheduling Pods on the same Node), worker limits in shared clusters, and explicit server/worker resource requests and limits. (#696, #724, #798, #832)

Core Improvements

  • Smarter Distribution: Overhauled the distribution algorithm to accurately account for host capacity, properly removing node capacity from merged lists and filtering requested infrastructure resources. (#688, #816, #834)

  • Architecture Optimizations: Improved Shared Mode by removing the Pod mutating webhook, transitioning ControllerReferences over to OwnerReferences for cleaner garbage collection, and changing default node types to worker. (#659, #662, #699, #774)

  • Upgrade Detection: Added a notification banner to the UI to prompt for K3k upgrades when a targeted cluster is running an older version of the Virtual Cluster engine. (UI #138)

  • Enhanced UX: During virtual cluster creation within the UI, the content of the Virtual Cluster Policy is now available in a read-only view for easier verification. (UI #122)

Bug Fixes & Security

  • Dependency & Security Updates: Upgraded to Go v1.25.9, virtual-kubelet v1.12, Kubernetes dependencies to v1.35, and bumped the base image to BCI v16, pulling in the latest upstream security patches, telemetry updates, and fixes. (#716, #759, #819)

  • Policy Handling Fixes: Improved policy status and deletion handling by adding finalizers and tracking policy directly within the Cluster Status. (#663, #781)

  • Added support for projected service account tokens in shared mode to ensure service accounts operate correctly. (#660)

  • Fixed cgroup directory mapping for virtual mode clusters and addressed missing network policies specifically on kube-ovn networks. (#691, #792)

  • Addressed an issue with translated ingress TLS secrets in ingress objects. (#672)

  • Fixed a UI bug regarding quotas in the Virtual Cluster policy and added missing quota definitions. (UI #135)

  • Improved error handling for cluster provisioning within the UI. (UI #111)

Full Changelogs: k3k v1.1.0 | UI Extension v1.1.0