diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
index cebb90bf32c8..d46d5e0f0345 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
@@ -131,13 +131,26 @@
kops
- defaults to 1.22.4, which will enable
+ defaults to 1.23.2, which will enable
Instance
Metadata Service Version 2 and require tokens on new
- clusters with Kubernetes 1.22. This will increase security by
- default, but may break some types of workloads. See the
- release
- notes for details.
+ clusters with Kubernetes >= 1.22. This will increase
+ security by default, but may break some types of workloads.
+ The default behaviour for
+ spec.kubeDNS.nodeLocalDNS.forwardToKubeDNS
+ has changed from true to
+ false. Cilium now has
+ disable-cnp-status-updates: true by
+ default. Set this to false if you rely on the
+ CiliumNetworkPolicy status fields. Support for Kubernetes
+ 1.17, the Lyft CNI, Weave CNI on Kubernetes >= 1.23, CentOS
+ 7 and 8, Debian 9, RHEL 7, and Ubuntu 16.05 (Xenial) has been
+ removed. See the
+ 1.22
+ release notes and
+ 1.23
+ release notes for more details, including other
+ significant changes.
diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md
index 3136a9607b60..edb3758dd2f1 100644
--- a/nixos/doc/manual/release-notes/rl-2205.section.md
+++ b/nixos/doc/manual/release-notes/rl-2205.section.md
@@ -49,7 +49,7 @@ In addition to numerous new and upgraded packages, this release has the followin
- The new [`postgresqlTestHook`](https://nixos.org/manual/nixpkgs/stable/#sec-postgresqlTestHook) runs a PostgreSQL server for the duration of package checks.
-- [`kops`](https://kops.sigs.k8s.io) defaults to 1.22.4, which will enable [Instance Metadata Service Version 2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html) and require tokens on new clusters with Kubernetes 1.22. This will increase security by default, but may break some types of workloads. See the [release notes](https://kops.sigs.k8s.io/releases/1.22-notes/) for details.
+- [`kops`](https://kops.sigs.k8s.io) defaults to 1.23.2, which will enable [Instance Metadata Service Version 2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html) and require tokens on new clusters with Kubernetes >= 1.22. This will increase security by default, but may break some types of workloads. The default behaviour for `spec.kubeDNS.nodeLocalDNS.forwardToKubeDNS` has changed from `true` to `false`. Cilium now has `disable-cnp-status-updates: true` by default. Set this to false if you rely on the CiliumNetworkPolicy status fields. Support for Kubernetes 1.17, the Lyft CNI, Weave CNI on Kubernetes >= 1.23, CentOS 7 and 8, Debian 9, RHEL 7, and Ubuntu 16.05 (Xenial) has been removed. See the [1.22 release notes](https://kops.sigs.k8s.io/releases/1.22-notes/) and [1.23 release notes](https://kops.sigs.k8s.io/releases/1.23-notes/) for more details, including other significant changes.
- Module authors can use `mkRenamedOptionModuleWith` to automate the deprecation cycle without annoying out-of-tree module authors and their users.
diff --git a/pkgs/applications/networking/cluster/kops/default.nix b/pkgs/applications/networking/cluster/kops/default.nix
index 69eafdddf93f..2da8b7894f2b 100644
--- a/pkgs/applications/networking/cluster/kops/default.nix
+++ b/pkgs/applications/networking/cluster/kops/default.nix
@@ -65,8 +65,8 @@ rec {
};
kops_1_23 = mkKops rec {
- version = "1.23.1";
- sha256 = "sha256-SiseHs5cMj8DR1f6z9PTbtF/h3Bn9riiLWW5KMYwVUg=";
+ version = "1.23.2";
+ sha256 = "sha256-9GANjGRS9QaJw+CEeMv/f+rEu37QV2YxMvSRSH6+3PM=";
rev = "v${version}";
};
}