provider-hcloud-0.6.10

[gardener-extension-provider-hcloud] v0.6.10

provider-alicloud-1.45.0

[gardener-extension-provider-alicloud]

✨ New Features

• [USER] csi-disk-plugin-alicloud is marked as a node-critical component. With this, workload pods are only scheduled to a Node if it runs a ready csi-disk-plugin-alicloud pod. (gardener/gardener-extension-provider-alicloud#567, @dergeberl)
• [OPERATOR] csi-disk-plugin is annotated with the wait-for-csi-node annotation. Gardener uses this to only schedule workload pods to a Node once the driver has been successfully registered with the CSINode object. (gardener/gardener-extension-provider-alicloud#582, @SimonKienzler)
• [OPERATOR] The csi-snapshot-validation Service deployed by the provider-alicloud extension and the provider-alicloud's gardener-extension-provider-alicloud Service can now be topology-aware (depending on the Seed setting and the Shoot HA failure tolerance type). For more details, see the Topology-aware Traffic Routing documentation. (gardener/gardener-extension-provider-alicloud#587, @ialidzhikov)

🐛 Bug Fixes

• [OPERATOR] The stale healthcheck conditions from the extension are now properly cleaned up. (gardener/gardener-extension-provider-alicloud#588, @acumino)
• [OPERATOR] An issue has been fixed which caused undesired PATCH requests when updating the state in the Worker or ShootState resources. (gardener/gardener-extension-provider-alicloud#590, @oliver-goetz)

🏃 Others

• [OPERATOR] upgrade csi version to v1.24.10-compatible-29f36f1-aliyun (gardener/gardener-extension-provider-alicloud#576, @shaoyongfeng)
• [OPERATOR] Removed minAllowed.cpu from all VPA objects (gardener/gardener-extension-provider-alicloud#579, @voelzmo)
• [OPERATOR] Adapted extension components to support the FullNetworkPoliciesInRuntimeCluster feature gate introduced by gardener/gardener v1.66, see here and #7352 for more information. (gardener/gardener-extension-provider-alicloud#581, @ScheererJ)
• [OPERATOR] Disable SNAT to the upstream dns server for non-overlay shoot cluster. (gardener/gardener-extension-provider-alicloud#568, @DockToFuture)
• [OPERATOR] The csi-plugin-alicloud is upgraded to version v1.24.7-48214b0-aliyun (gardener/gardener-extension-provider-alicloud#570, @kevin-lacoo)
• [DEPENDENCY] The following dependency is updated: (gardener/gardener-extension-provider-alicloud#565, @shafeeqes)
  • github.com/gardener/gardener: v1.62.0 -> v1.65.0
  • k8s.io/* : v0.25.2 -> v0.26.1
  • sigs.k8s.io/controller-runtime: v0.13.0-> v0.14.4

[machine-controller-manager]

🐛 Bug Fixes

• [USER] An edge case where all the machineSets were scaled down to zero has been dealt with. (gardener/machine-controller-manager#804, @himanshu-kun)

[machine-controller-manager-provider-alicloud]

🐛 Bug Fixes

• [USER] Fix a bug in the bootstrap token creation that caused node to not be able to join the cluster due to an expired bootstrap token. (gardener/machine-controller-manager-provider-alicloud#39, @himanshu-kun)

🏃 Others

• [USER] Updated golang version to 1.19 (gardener/machine-controller-manager-provider-alicloud#37, @rishabh-11)
• [OPERATOR] The following dependency is updated: (gardener/machine-controller-manager-provider-alicloud#38, @rishabh-11)
  • github.com/gardener/machine-controller-manager v0.47.0 -> 0.48.0
• [OPERATOR] updated golang version to 1.19.5 (gardener/machine-controller-manager-provider-alicloud#38, @rishabh-11)
• [OPERATOR] CVE categorization for mcm-provider-alicloud has been added. (gardener/machine-controller-manager-provider-alicloud#43, @dkistner)
• [DEVELOPER] MCM Autovendoring PR raising enabled (gardener/machine-controller-manager-provider-alicloud#41, @rishabh-11)

[terraformer]

🏃 Others

• [OPERATOR] Update golang to v1.19.6 (gardener/terraformer#129, @kon-angelo)
• [OPERATOR] Terrafomer base image has been updated to alpine:3.17.2 (gardener/terraformer#131, @dkistner)
• [OPERATOR] Update TF_VERSION 0.15.5 -> 1.3.9 and update how the local providers are fetched and stored to be compatible with the latest TF specification. (gardener/terraformer#133, @kon-angelo)
• [OPERATOR] CVE categorization for Terraformer oci images has been added. (gardener/terraformer#134, @dkistner)
• [OPERATOR] The golang base image is now updated to 1.16.15. The alpine base image is updated to 3.16.2. (gardener/terraformer#124, @kon-angelo)

networking-cilium-1.23.1

no release notes available

networking-cilium-1.23.0

[gardener-extension-networking-cilium]

✨ New Features

• [OPERATOR] The networking-cilium's gardener-extension-networking-cilium Service can now be topology-aware (depending on the Seed setting and the Shoot HA failure tolerance type). For more details, see the Topology-aware Traffic Routing documentation. (gardener/gardener-extension-networking-cilium#172, @ialidzhikov)

🐛 Bug Fixes

• [OPERATOR] The cilium operator now only runs with multiple replicas if the shoot cluster has multiple nodes (gardener/gardener-extension-networking-cilium#166, @Wieneo)
• [OPERATOR] The stale healthcheck conditions from the network extension are now properly cleaned up. (gardener/gardener-extension-networking-cilium#170, @shafeeqes)

🏃 Others

• [OPERATOR] Bump builder image from golang:1.19.4 to golang:1.20.2 (gardener/gardener-extension-networking-cilium#168, @DockToFuture)
• [OPERATOR] Update cilium to v1.13.1. (gardener/gardener-extension-networking-cilium#169, @DockToFuture)
• [OPERATOR] E2E tests are added which create a new cilium shoot cluster, run the connectivity tests and clean afterwards everything up. (gardener/gardener-extension-networking-cilium#174, @DockToFuture)
• [DEPENDENCY] The following dependency is updated: (gardener/gardener-extension-networking-cilium#170, @shafeeqes)
  • github.com/gardener/gardener: v1.66.0 -> v1.66.1

networking-calico-1.32.0

[gardener-extension-networking-calico]

🐛 Bug Fixes

• [OPERATOR] The stale healthcheck conditions from the network extension is now properly cleaned up. (gardener/gardener-extension-networking-calico#252, @shafeeqes)

🏃 Others

• [OPERATOR] E2E tests are added which create a new calico shoot cluster, verify that it is running and clean it afterwards up. (gardener/gardener-extension-networking-calico#257, @DockToFuture)
• [OPERATOR] Calico extension does not crash anymore when node cidr is not specified. (gardener/gardener-extension-networking-calico#249, @ScheererJ)
• [OPERATOR] Fixed bug disallowing shoot clusters without network provider configuration from reconciling successfully. (gardener/gardener-extension-networking-calico#250, @ScheererJ)
• [OPERATOR] Bump builder image from golang:1.19.4 to golang:1.20.2 (gardener/gardener-extension-networking-calico#251, @DockToFuture)
• [OPERATOR] Switched calico images from DockerHub to Gardener GCR (gardener/gardener-extension-networking-calico#254, @robinschneider)
• [DEPENDENCY] The following dependency is updated: (gardener/gardener-extension-networking-calico#252, @shafeeqes)
  • github.com/gardener/gardener: v1.66.0 -> v1.66.1

gardenlet-1.68.0

[gardener]

⚠️ Breaking Changes

• [OPERATOR] The gardener controlplane Helm chart does no longer contain the value global.apiserver.serviceEnabled. global.apiserver.serviceEnabled is replaced by global.apiserver.service.enabled. Before you upgrade to this version, please make sure that you adapt the corresponding value to its new equivalent. (gardener/gardener#7729, @ialidzhikov)
• [DEVELOPER] Developers should no longer introduce new container images from Docker Hub. Please configure the prow job for copying images to the gardener GCR instead. Consult the component checklist for more information. (gardener/gardener#7698, @timebertt)
• [DEPENDENCY] The extensions/pkg/webhook/certificates.AddCertificateManagementToManager function does now take a list of source webhook configs instead of a single webhook config only. (gardener/gardener#7693, @rfranzke)

✨ New Features

• [OPERATOR] The Garden API was extended with the new .spec.virtualCluster.{dns,kubernetes,networking} sections. For now, they only allow configuring the necessary information for the deployment of kube-apiserver. Since the API server is not deployed yet, any configuration does not have any effect. Still, you must make sure to already specify at least .spec.virtualCluster.kubernetes.version, .spec.virtualCluster.dns.domain, and .spec.virtualCluster.networking.services. In the upcoming releases, gardener-operator will also take over the management of the kube-apiserver deployment whilst taking the configuration into account. (gardener/gardener#7693, @rfranzke)
• [OPERATOR] The Garden resource now supports a setting for topology-aware routing. For more details, see the Topology-aware Traffic Routing documentation. (gardener/gardener#7729, @ialidzhikov)
• [OPERATOR] gardener-operator is now managing the kube-apiserver instance as part of the virtual garden cluster control plane. (gardener/gardener#7730, @rfranzke)
• [OPERATOR] Enable memory-saver mode for the VPA recommender. It stops tracking resource consumption for Containers without matching VPAs and frees up memory. (gardener/gardener#7746, @voelzmo)

🐛 Bug Fixes

• [OPERATOR] A bug causing the gardenlet to be unable to access the BackupBucket generated secret in garden namespace is now fixed. (gardener/gardener#7708, @shafeeqes)
• [OPERATOR] A bug has been fixed which prevented existing secrets from being adopted when they were named kube-apiserver-etcd-encryption-key or service-account-key. (gardener/gardener#7710, @rfranzke)
• [OPERATOR] A bug has been fixed for the Gardener Operator that occasionally caused "404 not-found" errors when garden resources where applied and the operator ran with multiple replicas. (gardener/gardener#7739, @timuthy)
• [OPERATOR] A panic causing gardenlet to fail to startup when there is already a terminating Shoot namespace in the Seed is now fixed. (gardener/gardener#7743, @ialidzhikov)
• [OPERATOR] An issue causing an UID conflict between two Grafana dashboards is now fixed by removing the unneeded "istio-workload-dashboard.json" dashboard. (gardener/gardener#7751, @axel7born)

🏃 Others

• [USER] The following image is updated: (gardener/gardener#7715, @ialidzhikov)
  • registry.k8s.io/metrics-server/metrics-server: v0.6.2 -> v0.6.3
• [OPERATOR] node-problem-detector has been upgraded to v0.8.13 (gardener/gardener#7707, @acumino)
• [OPERATOR] Gardenlet switched from a "PodExec" based approach to calling the appropriate HTTP endpoint for initiating full snapshots. This usually takes place when the ETCD encryption key was rotated or during control-plane migration. (gardener/gardener#7714, @timuthy)
• [OPERATOR] Now the fluent-bit's output plugin targets the logging service instead of the previously used loki service. (gardener/gardener#7731, @nickytd)
• [OPERATOR] Change the path of update-local-ca-certificates.sh script from /etc/ssl to /var/lib/ssl on our worker nodes. (gardener/gardener#7740, @AleksandarSavchev)
• [OPERATOR] nginx-ingress-controller-seed image is updated to v1.7.0 for 1.24.x+ seeds. (gardener/gardener#7741, @shafeeqes)
• [DEVELOPER] The server certificate of the kube-apiserver deployment now contains the <service-name>.<namespace>.svc.cluster.local SAN. (gardener/gardener#7735, @rfranzke)
• [DEVELOPER] Update local-setup to kind@v0.17.0. (gardener/gardener#7737, @oliver-goetz)
• [DEVELOPER] Go version is updated to 1.20.3. (gardener/gardener#7752, @oliver-goetz)
• [DEVELOPER] The controllermanager and gardenlet controller reconciliations are now limited to a 1m timeout. Additionally, there is a 1m limit on predicate functions that use contexts. (gardener/gardener#7147, @plkokanov)

[etcd-backup-restore]

🐛 Bug Fixes

• [OPERATOR] Fixes a bug in snapshotter loop when backup-restore fails to collect events or fails to apply watch if required etcd revision has been compacted. (gardener/etcd-backup-restore#600, @ishan16696)

🏃 Others

• [USER] Introduce CLI flag --restoration-temp-snapshots-dir to configure directory used for temporarily persisting delta snapshots during restoration. (gardener/etcd-backup-restore#609, @shreyas-s-rao)
• [USER] Fix behavior of --data-dir for etcdbrctl compact command to be consistent with the flag's usage in other etcdbrctl commands. (gardener/etcd-backup-restore#609, @shreyas-s-rao)
• [OPERATOR] Enhances the scale-up detection conditions to avoid potential failure while from migrating single node etcd to multi-node etcd cluster. (gardener/etcd-backup-restore#608, @ishan16696)
• [OPERATOR] Optimize disk usage during restoration of delta snapshots, and remove scope for errors in the process. (gardener/etcd-backup-restore#609, @shreyas-s-rao)
• [OPERATOR] Allow for flexible build opts for other CI tools. (gardener/etcd-backup-restore#610, @shreyas-s-rao)
• [OPERATOR] Etcd snapshots are copied in parallel instead of sequentially (10 in parallel by default, configurable via --max-parallel-copy-operations). (gardener/etcd-backup-restore#591, @timebertt)
• [OPERATOR] Restrict the file permissions of safe_guard file from 644 to 600. (gardener/etcd-backup-restore#607, @AleksandarSavchev)

[etcd-custom-image]

🏃 Others

• [OPERATOR] Base alpine image upgraded from 3.15.6 to 3.15.7 (gardener/etcd-custom-image#31, @aaronfern)

[etcd-druid]

⚠️ Breaking Changes

• [USER] The default value for druid CLI flag ignore-operation-annotation is now set to false. This means druid will now respect the gardener.cloud/operation annotation for reconciling the Etcd resource by default. This change allows for developers to follow best practices during local development and testing. (gardener/etcd-druid#506, @shreyas-s-rao)

✨ New Features

• [DEVELOPER] Introduce integration tests for testing the functionalities of each controller, which can be run using...

gardenlet-1.67.2

[gardener]

🐛 Bug Fixes

• [OPERATOR] A panic causing gardenlet to fail to startup when there is already a terminating Shoot namespace in the Seed is now fixed. (gardener/gardener#7744, @gardener-ci-robot)

gardener-metrics-exporter-0.9.0

[gardener-metrics-exporter]

Improvements

• [OPERATOR] the source of the label 'purpose' garden_shoot_condition has been changed from annotation 'garden.sapcloud.io/purpose ' to shoot.Spec.Purpose (#29, @mwennrich)

gardener-metrics-exporter-0.8.0

[gardener-metrics-exporter]

Improvements

• [OPERATOR] garden_shoots_custom_* suffix is exposed via label customizations (#27, @zkdev)

gardener-metrics-exporter-0.26.0

[gardener-metrics-exporter]

🏃 Others

• [OPERATOR] Resources, SecurityContext and Image Pull Policy can be configured via the HELM chart. (gardener/gardener-metrics-exporter#82, @Wieneo)
  • "gardener-metrics-exporter" container now has a liveness- and readiness probe.