Kubernetes Changing the Location of Linux Packages. What do you need to know?

Announcing the New Package Repositories

On August 15, 2023, the Kubernetes project announced the new community-owned Linux package repositories available at pkgs.k8s.io. These new repositories are a replacement for the legacy, Google-hosted, package repositories (apt.kubernetes.io and yum.kubernetes.io) that the Kubernetes project has used since Kubernetes v1.5, or for the past seven years!

The new repositories are bringing many benefits, including:

  • better control over the structure of repositories
  • fine-grained control for dependencies like cri-tools and kubernetes-cni
  • ability to publish packages for Kubernetes prereleases and other Kubernetes subprojects
  • enable the Kubernetes Release Managers to publish packages on their own

In addition to that, the Kubernetes community has been working very hard to migrate to the infrastructure owned by the community. Previously, most of the infrastructure was owned by Google (including the legacy packages repositories) and the community didn’t have management access to that infrastructure. To enable the Kubernetes project to grow further, it’s critical to migrate to the community-owned infrastructure and resources. Migrating to the new community-owned package repositories marks a big milestone for the project’s goal.

Deprecating and Freezing the Legacy Repositories

Migrating completely to the community-owned repositories is required for the Kubernetes project to enjoy all the benefits. The project made the following decisions:

  • The legacy package repositories are deprecated as of August 31, 2023
  • The Kubernetes project will stop publishing new packages to the legacy repositories as of September 13, 2023, following the Kubernetes patch releases scheduled for September.

In other words, this means that:

  • The Kubernetes patch releases scheduled for September 2023 (v1.28.2, v1.27.6, v1.26.9, v1.25.14) will be published both to the new repositories and to the legacy repositories
  • v1.25, v1.26, v1.27, and v1.28 patch releases scheduled for October 2023 and onwards will have packages published only to the new repositories
  • All Kubernetes minor releases starting with v1.29 will have packages published only to the new repositories

Is Kubermatic Kubernetes Platform (KKP) Affected by This Change?

Kubermatic Kubernetes Platform (KKP) does not use package repositories, therefore it is not affected by this change. However, please continue reading as you might be affected in other ways.

Is Kubermatic KubeOne Affected by This Change?

Yes, Kubermatic KubeOne is affected. Kubermatic KubeOne uses the package repositories to install kubeadm, kubelet, and kubectl on the control plane and static worker nodes.

You’re only affected if your Kubernetes cluster is created with KubeOne versions prior to v1.7.0 and v1.6.3.

I’m Affected. How Do I Migrate to the New Repositories?

The migration to the new package repositories is fully automated. All you need to do for now is to upgrade your KubeOne version to v1.6.3 or v1.7.0. The next time you upgrade your cluster or add a new static worker node, all your control plane and static worker nodes will be migrated to the new community-owned package repositories (pkgs.k8s.io).

Is There Anything That I Should Pay Attention To?

If you restrict traffic based on IP addresses or domain names, this change might affect you. The Kubernetes project doesn’t provide a list of IP addresses or domain names because pkgs.k8s.io is supposed to work as a redirector to a set of multiple backends that can change at any time.

Restrictive control mechanisms like man-in-the-middle proxies or network policies that restrict access to a specific list of IP addresses and domain names will break with this change. For these scenarios, it’s encouraged to mirror the release packages to a local package repository that you have strict control over.

Are Kubermatic machine-controller and Operating System Manager (OSM) Affected by This Change?

No, the Kubermatic machine-controller and Operating System Manager (OSM) are not affected by this change. This means that worker nodes managed by machine-controller and OSM in your KubeOne cluster are not affected.

Am I, as a Kubernetes Operator, Affected by This Change in Any Other Way?

If you’re installing kubectl on your Linux PC from the package repositories, you likely need to migrate to pkgs.k8s.io on your PC. For more information about this, please check the official deprecation announcement.

What Else Should I Know About These New Repositories?

As a KubeOne user, you shouldn’t notice any difference at all. If you wish to familiarize yourself with how the new repositories work, we recommend checking out the official pkgs.k8s.io announcement.


This is a significant change for many Kubernetes users, but it’s sometimes important to make such changes to ensure the well-being of the project. It is not only the many benefits that the new repositories offer, but also the fact that the shift to community-owned infrastructure reflects a crucial milestone in the project’s growth.

The legacy package repositories have been deprecated as of August 31, 2023, with new packages ceasing publication on September 13, 2023. What you need to know: KKP remains unaffected by this change, Kubermatic KubeOne users will need to migrate by upgrading to v1.6.3 or v1.7.0 for seamless integration with the new community-owned repositories.

Ultimately, we are happy to see such a positive evolution for the Kubernetes ecosystem.

Marko Mudrinić

Marko Mudrinić

Senior Software Engineer