Skip to content

Releases: gardener/garden-setup

3.17.0

04 Oct 14:50
Compare
Choose a tag to compare

The release-notes for component github.com/gardener/garden-setup in version 3.17.0 exceeded the maximum length of 25000 characters allowed by GitHub for release-bodies.
They have been uploaded as release-asset and can be found at https://github.com/gardener/garden-setup/releases/download/3.17.0/release_notes.md.

3.16.0

16 Sep 11:34
Compare
Choose a tag to compare

[garden-setup]

✨ New Features

🏃 Others

  • [OPERATOR] Upgrade Gardener dns-controller-manager to v0.10.6 (#609, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension shoot-cert-service to v1.18.0 (#609, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension shoot-dns-service to v1.15.0 (#609, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension provider-aws to v1.28.1 (#609, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension provider-openstack to v1.21.0 (#609, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension provider-vsphere to v0.11.0 (#609, @Diaphteiros)

[cert-management]

🐛 Bug Fixes

🏃 Others

[cloud-provider-aws]

🏃 Others

[dashboard]

🐛 Bug Fixes

[external-dns-management]

✨ New Features

🐛 Bug Fixes

🏃 Others

[gardener-extension-provider-aws]

✨ New Features

🏃 Others

[gardener-extension-provider-openstack]

✨ New Features

🐛 Bug Fixes

🏃 Others

[gardener-extension-provider-vsphere]

✨ New Features

🐛 Bug Fixes

🏃 Others

[gardener-extension-shoot-cert-service]

⚠️ Breaking Changes

  • [OPERATOR] The default leader election resource lock of gardener-extension-shoot-cert-service has been changed from configmapsleases to leases. (gardener/gardener-extension-shoot-cert-service#89, @MartinWeindel)
    • Please make sure, that you had at least gardener-extension-shoot-cert-service@v1.13 running before upgrading to v1.18.0, so that it has successfully required leadership with the hybrid resource lock (configmapsleases) at least once.

🏃 Others

[gardener-extension-shoot-dns-service]

⚠️ Breaking Changes

  • [OPERATOR] The default leader election resource lock of gardener-extension-shoot-dns-service has been changed from configmapsleases to leases. (gardener/gardener-extension-shoot-dns-service#80, @MartinWeindel)
    • Please make sure, that you had at least gardener-extension-shoot-dns-service@v1.10 running before upgrading to v1.15.0, so that it has successfully required leadership with the hybrid resource lock (configmapsleases) at least once.

🏃 Others

[machine-controller-manager]

⚠️ Breaking Changes

  • [OPERATOR] Draining of pods with PVs (Persistent Volume) now waits for re-attachment of PV on a different node when volumeAttachments support is enabled on the cluster. Else it falls back to the default PV reattachment timeout value configured. The defaul...
Read more

3.15.0

31 Aug 13:58
Compare
Choose a tag to compare

[garden-setup]

✨ New Features

  • [OPERATOR] Upgrade Gardener to v1.29.0 (#595, @Diaphteiros)
  • [OPERATOR] In preparation of the kubernetes dockershim removal, containerd has been added as container runtime to the default cloudprofiles. See here for further information. (#595, @Diaphteiros)
    • In addition, the gvisor extension is now deployed by default and can be used in combination with containerd.
  • [OPERATOR] Update default kubernetes versions in cloudprofile (#595, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener dashboard to v1.51.2 (#595, @Diaphteiros)

🏃 Others

  • [OPERATOR] Upgrade Gardener extension provider-gcp to v1.18.0 (#595, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension os-gardenlinux to v0.10.0 (#595, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension os-suse-chost to v1.13.0 (#595, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension provider-azure to v1.21.2 (#595, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension shoot-cert-service to v1.17.1 (#595, @Diaphteiros)

[cert-management]

🐛 Bug Fixes

[cloud-provider-azure]

🏃 Others

[dashboard]

⚠️ Breaking Changes

  • [OPERATOR] The Dashboard no longer adds dockerto the list of available CRIs. You need to adapt all CloudProfiles and explicitly add docker to all MachineImageVersions which support it (gardener/dashboard#1059, @grolu)

✨ New Features

  • [USER] Container Runtime is now a required field for cluster workers and defaulted to containerd for cluster kubernetes versions 1.22 and higher. Clusters with older kubernetes versions keep docker as default container runtime. If default runtime is not in the list of supported runtimes of a machine image it defaults to the first one specified in the cloud profile (gardener/dashboard#1059, @grolu)
  • [USER] Added support to authenticate against GKE clusters using google service account key. In this case, the referenced secret needs to have the serviceaccount.json data key in addition to the kubeconfig data key (gardener/dashboard#1058, @holgerkoser)
  • [USER] Container runtimes of existing workers can now be changed (gardener/dashboard#1044, @grolu)
  • [USER] Support for the hetzner cloud extension (hcloud) (gardener/dashboard#1043, @poelzi)
  • [USER] External DNS Provider Support (gardener/dashboard#1026, @grolu)
    • Add and manage DNS Provider Secrets
    • Configure Shoot DNS Providers
  • [USER] Added extended search capabilities to cluster search: (gardener/dashboard#1021, @grolu)
    • Search params are now ANDed, allowing one to refine the search
    • Use quotes for exact words or phrases
    • Use minus sign to exclude words that you don't want
  • [OPERATOR] It is now possible to add configurable hints for machine image vendors (gardener/dashboard#1066, @grolu)
  • [OPERATOR] Added support for ERR_RETRYABLE_INFRA_DEPENDENCIES and ERR_INFRA_REQUEST_THROTTLING error codes (gardener/dashboard#1040, @grolu)
  • [OPERATOR] The option to Hide user issues for operators has been replaced by an option to remove both user issues and temporary issues. This new filter is labelled as Hide no operator action required issues (gardener/dashboard#1040, @grolu)

🐛 Bug Fixes

  • [USER] Fixed a problem in the DNS provider configuration that caused a newly added DNS provider to always be disabled on an existing cluster (gardener/dashboard#1086, @holgerkoser)
  • [USER] Fixed some issues regarding creating and editing worker groups (gardener/dashboard#1084, @grolu)
    • Existing worker groups may keep cri.name empty without failing validation
    • Additional container runtimes selection did no longer show up
    • Machine worker.machine.image included internal properties in create shoot editor
  • [USER] Fixed an issue in the TicketComment component causes it not to be rendered anymore (gardener/dashboard#1080, @holgerkoser)
  • [USER] Fixes a bug with the size of dialogs. In some cases the dialogs were too small to display the complete content clearly. The size of all dialogs has been adjusted and unified (gardener/dashboard#1075, @holgerkoser)
  • [USER] Fixed an issue on the cluster creation page where the networking section was empty because of a permission issue: Users could not read list of networking types and registered dns provider extensions (gardener/dashboard#1074, @grolu)
  • [USER] Preserve the initial URL hostname during the OIDC login process (gardener/dashboard#1054, @holgerkoser)
  • [USER] Fixed an issue where the terminal container was not created with privileged set to true of the containers securityContext when enabling the Privileged flag on the terminal settings UI (gardener/dashboard#1051, @petersutter)

📖 Documentation

  • [OPERATOR] Please note the following changes in the values.yaml file of the gardener-dashboard helm chart: (gardener/dashboard#1054, @holgerkoser)
    • The configuration property .Values.oidc.redirectUri is no longer used and has been removed. Instead, the list of valid OIDC redirect URIs is determined based on the ingress hosts .Values.ingress.hosts. If tls .Values.ingress.tls is active the redirect URI scheme is assumed to be https for all hosts.

[gardener]

⚠️ Breaking Changes

  • [USER] Earlier, Gardener created certificates with Common Name: system:apiserver for the Kube-Apiserver. In order to be DNS-1123 compliant, this certificate field is changed to Common Name: kube-apiserver for new shoot clusters. (gardener/gardener#4467, @timuthy)
  • [OPERATOR] Kubernetes will remove the built-in dockershim, which means eventually all Gardener Shoots will need to switch to containerd. Operators of Gardener and Shoot owners need to take action, please continue reading our detailed guide about the why, what, and when! (gardener/gardener#4452, @voelzmo)
  • [OPERATOR] The following changes have been made incompatibly to the GardenerSchedulerConfiguration: (gardener/gardener#4320, @xrstf)
    • The configuration key server has been refined into healthProbes and metrics. Note that both cannot be listening on the same port.
    • The CachedRuntimeClients feature gate has been removed, objects are now always cached.
    • lockObjectName was removed in favor of resourceName.
    • lockObjectNamespace was removed in favor of resourceNamespace.
  • [OPERATOR] If you deploy Gardener with the provided Helm charts, note that the metrics endpoint for the Gardener-Scheduler is now exposed via a service on port 9090. (gardener/gardener#4320, @xrstf)

🐛 Bug Fixes

  • [USER] The symmetric keys HS256, HS384 and HS512 are now removed from the valid OIDC Signing algorithms as they are not supported by the kubernetes API server. (gardener/gardener#4470, @plkokanov)
  • [OPERATOR] Keep the already available replicas of kube-controller-manager (if any) during Create operations regardless of whether hibernation is enabled or not. (gardener/gardener#4479, @plkokanov)
  • [OPERATOR] Keep kube-apiserver HPA scale down mode Auto even when scale down is disabled. The scale down is naturally disabled because minReplicas and maxReplicas are set to be equal. (gardener/gardener#4451, @amshuman-kr)

🏃 Others

  • [OPERATOR] A bug has been fixed which prevented the CSR auto-approval process for Gardenlet certificates when the SeedAuthorizer is enabled. Hence, the user certificate used by Gardenlet to connect to the Garden cluster was not renewed successfully. (gardener/gardener#4502, @timuthy)
  • [OPERATOR] Azure errors with OverconstrainedZonalAllocationRequest error code are now classified as configuration problems. (gardener/gardener#4482, @plkokanov)
  • [OPERATOR] Improved handling of the shoot resource in the shoot controller to ensure that data races are avoided as much as possible. (gardener/gardener#4459, @stoyanr)
  • [OPERATOR] Ensured that the backup entry name is generated only once using non-empty strings to prevent issues with backup entry names generated as --. (gardener/gardener#4454, @stoyanr)
  • [OPERATOR] Projects are now reconciled every time a shoot is created. (gardener/gardener#4447, @kris94)
  • [OPERATOR] Grafana discovers available logging components at runtime for "Controlplane Logs Dashboard" (gardener/gardener#4387, @vlvasilev)
  • [DEVELOPER] Added new staticchecks by bumping golangci-lint. Please make sure to update your local installation of golangci-lint, e.g. by running make install-requirements (gardener/gardener#4475, @voelzmo)

[gardener-extension-os-gardenlinux]

⚠️ Breaking Changes

  • [OPERATOR] The default leader election resource lock of gardener-extension-os-gardenlinux has been changed from configmapsleases to leases. (gardener/gardener-extension-os-gardenlinux#43, @ialidzhikov)
    • Please make sure, that you had at least gardener-extension-os-gardenlinux@v0.9 running before upgrading to v0.10.0, so that it has successfully required leadership with the hybrid resource lock (configmapsleases) at least once.

✨ New Features

🏃 Others

  • ...
Read more

3.14.0

06 Aug 09:45
Compare
Choose a tag to compare

[garden-setup]

✨ New Features

📖 Documentation

🏃 Others

  • [OPERATOR] Upgrade Gardener extension shoot-cert-service to v1.17.0 (#580, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener dns-controller-manager to v0.10.4 (#580, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension shoot-dns-service to v1.14.0 (#580, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener terminal-controller-manager to v0.17.0 (#580, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension os-suse-chost to v1.12.0 (#580, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension networking-calico to v1.19.0 (#580, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension os-ubuntu to v1.13.0 (#580, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension provider-openstack to v1.20.0 (#580, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension provider-aws to v1.27.0 (#580, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension provider-azure to v1.21.0 (#580, @Diaphteiros)

[autoscaler]

🐛 Bug Fixes

[external-dns-management]

📖 Documentation

🏃 Others

[gardener]

⚠️ Breaking Changes

  • [USER] Shoot addons are now only allowed on evaluation shoots if the Kubernetes version is >= 1.22. (gardener/gardener#4213, @stoyanr)
  • [OPERATOR] Gardener now requires seed clusters to run at least Kubernetes version 1.18. Please update your seed clusters if necessary before updating to this Gardener version. Older Kubernetes releases will not be supported any more. Please note, the version support for shoot clusters is not affected by this change. (gardener/gardener#4426, @timuthy)
  • [OPERATOR] Gardenlet does not support seedSelectors anymore; configure an explicit seedConfig in the GardenletConfiguration instead (gardener/gardener#4306, @xrstf)
  • [OPERATOR] The obsolete fields SchedulerConfiguration.schedulers.*.retrySyncPeriod have been removed. (gardener/gardener#4285, @timebertt)
  • [OPERATOR] Gardenlet feature gate NodeLocalDNS was removed and replaced by a shoot specific annotation. (gardener/gardener#4249, @ScheererJ)
  • [OPERATOR] The KonnectivityTunnel feature gate in gardenlet has been dropped and removed from the code. If you upgrade to this Gardener version make sure that the feature gate is disabled and that all shoots were reconciled after you disabled it. (gardener/gardener#4247, @rfranzke)
  • [DEVELOPER] make start-gardenlet does not use seedSelector anymore, making the dev gardenlet single-seed only. If you have multiple Seeds in your local setup, you can specify the seed to act on via the SEED_NAME make variable (e.g. make start-gardenlet SEED_NAME=local-foo). (gardener/gardener#4270, @xrstf)
  • [DEVELOPER] The already deprecated DirectClient has been removed from the codebase entirely. (gardener/gardener#4225, @timebertt)

✨ New Features

  • [USER] It's now possible to configure the imageGC{High,Low}ThresholdPercent fields for the kubelet configuration (defaults: 50 for the high threshold, 40 for the low threshold) in the Shoot API via .spec.{provider.workers[].}kubernetes.kubelet.imageGC{High,Low}ThresholdPercent. (gardener/gardener#4282, @rfranzke)
  • [USER] Makes it possible to disable deploying kube-proxy for newly created clusters. Depending on the used networking extension switching off kube-proxy might not be supported yet. Please consult the respective documentation of the used networking extension before disabling kube-proxy. (gardener/gardener#4260, @ScheererJ)
  • [USER] Shoot clusters can now reference an ExposureClass to expose their control plane in various network environments via the .spec.exposureClassName. Find more information in this document. (gardener/gardener#4244, @dkistner)
  • [USER] Do not trigger a node rollout when switching from CRI.Name==nil to CRI.Name==docker. (gardener/gardener#4237, @voelzmo)
  • [USER] Shoots created with or updated to Kubernetes version >= 1.22 will get containerd as default container runtime. If you upgrade an existing shoot which doesn't specify a cri.name property in its worker pools, this will trigger a graceful node rollout and the container runtime is switched from docker to containerd. (gardener/gardener#4222, @voelzmo)
  • [USER] It's now possible to override the grace periods for the cleanup steps in the shoot deletion by specifying the following annotations on the Shoot: (gardener/gardener#4212, @rfranzke)
    • shoot.gardener.cloud/cleanup-webhooks-finalize-grace-period-seconds (default behaviour: "300")
    • shoot.gardener.cloud/cleanup-extended-apis-finalize-grace-period-seconds (default behaviour: "3600")
    • shoot.gardener.cloud/cleanup-kubernetes-resources-finalize-grace-period-seconds (default behaviour: "300")
    • shoot.gardener.cloud/cleanup-namespaces-finalize-grace-period-seconds (default behaviour: "300")
    • If "0" is provided then all resources are finalized immediately without waiting for any graceful deletion. Please be aware that this might lead to orphaned infrastructure artefacts.
  • [OPERATOR] Gardener API server now has a feature gate DisallowKubeconfigRotationForShootInDeletion , disabled by default, that disallows kubeconfig rotation to be requested for shoot cluster in deletion. (gardener/gardener#4379, @vpnachev)
  • [OPERATOR] Similar to the NodeAuthorizer and NodeRestriction features in Kubernetes (preventing kubelets from accessing resources which aren't associated with their responsible Nodes), Gardener does now have a SeedAuthorizer and SeedRestriction feature (preventing gardenlets from accessing resources which aren't associated with their Seeds). If you want to enable it for your landscapes then please consult this document. (gardener/gardener#4326, @rfranzke)
  • [OPERATOR] The external ip attached to the load balancer service belonging to a Seed ingress gateway can now be defined in the configuration for the Gardenlet. This is possible for the default ingress gateway and for the ExposureClass handler ingress gateways. For ExposureClass handler ingress gateways this will only work in combination with the APIServerSNI feature flag (default). (gardener/gardener#4319, @dkistner)
  • [OPERATOR] Shoot clusters can now use ExposureClasses to expose the control plane in various network environments. The Gardenlet needs to realize the exposure strategy and is therefore required to have the ExposureClass handler configuration in its own config. This can be maintained in the .exposureClassHandlers list of the Gardenlet configuration. Find more information in this document. (gardener/gardener#4244, @dkistner)
  • [OPERATOR] A new ProjectValidator admission plugin has been added (enabled by default). It prevents creating Projects with non-empty .spec.namespace fields if the value in .spec.namespace does not start with garden-. Please note that this admission plugin will be removed in a future release again in favor of the static validation in the gardener-apiserver. (gardener/gardener#4228, @rfranzke)
  • [OPERATOR] Shoot SSH Keys are regularly rotated, with both the current and previous key being deployed onto each shoot node. (gardener/gardener#4224, @xrstf)
  • [OPERATOR] Allow explicit configuration of docker as a container runtime (.spec.provider.workers[].cri.name field in Shoots) for backwards compatibility. Select this only if your workload doesn't run nicely with containerd. This configuration option will be removed in the future! (gardener/gardener#4218, @voelzmo)
  • [DEVELOPER] Support option requiring shoot connection to be external (gardener/gardener#4366, @deitch)

🐛 Bug Fixes

  • [USER] A fix included in v1.27.0 and v1.27.1 was reverted, because it introduced a regression which caused clusters configured with containerd as a runtime to fail to reconcile (see gardener/gardener#4390 for more details). This now means that bug gardener/gardener#4254 still exists in gardener >1.27.1. (gardener/gardener#4408, @voelzmo)
  • [USER] Additional DNS provider Secret is now updated on Shoot deletion. This will allow users to update their invalid Secret data with valid one and now this change will be reflected to the Secret maintained in the Shoot namespace in the Seed. ...
Read more

3.12.0

08 Jul 07:03
Compare
Choose a tag to compare

[garden-setup]

✨ New Features

  • [OPERATOR] Upgrade Gardener to v1.25.2 (#555, @Diaphteiros)
  • [OPERATOR] Update default kubernetes versions in cloudprofile (#555, @Diaphteiros)
  • [OPERATOR] Update machine image versions in cloudprofile (#555, @Diaphteiros)
  • [OPERATOR] Enable quotas in the virtual cluster so operators can limit the amount of shoots, secretbindings etc allowed per project (#535, @gesslein)

🐛 Bug Fixes

  • [OPERATOR] Fix a bug in deployment of gardener-metrics-exporter (#550, @dergeberl)

🏃 Others

  • [OPERATOR] Upgrade Gardener extension provider-azure to v1.20.2 (#555, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension shoot-dns-service to v1.13.0 (#555, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension shoot-cert-service to v1.14.0 (#555, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension provider-gcp to v1.17.0 (#555, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension provider-vsphere to v0.10.0 (#555, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener dns-controller-manager to v0.10.3 (#555, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension os-suse-chost to v1.11.0 (#555, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension os-ubuntu to v1.11.0 (#555, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension os-gardenlinux to v0.9.0 (#555, @Diaphteiros)

[cert-management]

✨ New Features

[external-dns-management]

✨ New Features

🐛 Bug Fixes

📖 Documentation

🏃 Others

[gardener-extension-os-gardenlinux]

⚠️ Breaking Changes

  • [OPERATOR] ⚠️ Support for Garden Linux versions 27.0 and 27.1 has been removed from this extension. Please, ensure that all shoot clusters in your landscape are running on Garden Linux 184.0 or newer version before upgrading to this version of the extension. (gardener/gardener-extension-os-gardenlinux#26, @vpnachev)

✨ New Features

🐛 Bug Fixes

🏃 Others

[gardener-extension-os-suse-chost]

🏃 Others

[gardener-extension-os-ubuntu]

✨ New Features

🐛 Bug Fixes

🏃 Others

[gardener-extension-provider-azure]

🐛 Bug Fixes

[gardener-extension-provider-gcp]

⚠️ Breaking Changes

🐛 Bug Fixes

🏃 Others

[gardener-extension-provider-vsphere]

✨ New Features

  • [OPERATOR] The existing ValidatingWebhookConfiguration of admission-vsphere for Shoot validation does now validate also the Shoot secret. admission-vsphere does now feature also a new webhook that prevents Shoot secret to be updated with invalid keys. (gardener/gardener-extension-provider-vsphere#153, @vpnachev)

🏃 Others

[gardener-extension-shoot-cert-service]

✨ New Features

[gardener-extension-shoot-dns-service]

✨ New Features

🏃 Others

[machine-controller-manager]

✨ New Features

🐛 Bug Fixes

[machine-controller-manager-provider-gcp]

⚠️ Breaking Changes

🏃 Others

[machine-controller-manager-provider-vsphere]

🏃 Others

  • [USER] Revendors MCM dependent libr...
Read more

3.11.0

18 Jun 08:03
Compare
Choose a tag to compare

[garden-setup]

⚠️ Breaking Changes

  • [OPERATOR] Garden-setup now uses the new method of deploying Gardener extensions (using ControllerDeployment and ControllerRegistration instead of only the latter one). Deploying over an existing landscape has not been tested and might or might not work. (#532, @Diaphteiros)

✨ New Features

  • [OPERATOR] It is now possible to manually activate or deactivate any supported Gardener extension. Please note that deactivating extensions could prevent garden-setup from creating a working Gardener landscape. See here for the documentation. (#532, @Diaphteiros)

🐛 Bug Fixes

  • [USER] Fix the Shoot Grafana Network Policies to match the Nginx-Ingress controller in kube-system (#502, @christianhuening)
  • [OPERATOR] Sidecar image for terminal controller can be replaced through acre versions. (#533, @einfachnuralex)

🏃 Others

  • [OPERATOR] Upgrade Gardener extension provider-openstack to v1.19.1 (#530, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension provider-aws to v1.25.0 (#530, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension external-dns-management to v0.10.2 (#530, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension networking-calico to v1.18.0 (#530, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener dashboard to 1.50.2 (#530, @Diaphteiros)

📰 Noteworthy

[dashboard]

🐛 Bug Fixes

[external-dns-management]

✨ New Features

🐛 Bug Fixes

🏃 Others

[gardener-extension-networking-calico]

🏃 Others

[gardener-extension-provider-openstack]

🏃 Others

3.10.0

25 May 07:42
Compare
Choose a tag to compare

[garden-setup]

⚠️ Breaking Changes

  • [OPERATOR] Update Cert-Manager to recent version v1.3.1. Due to the large version jump, deploying over an existing landscape is likely to fail. (#445, @christianhuening)
  • [OPERATOR] sow version 3.3.0 or higher is required. (#445, @christianhuening)

🏃 Others

  • [OPERATOR] Upgrade Gardener extension provider-azure to v1.20.1 (#497, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension provider-gcp to v1.16.2 (#497, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension provider-openstack to v1.19.0 (#497, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension shoot-dns-service to v1.12.0 (#497, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension shoot-cert-service to v1.13.0 (#497, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener dns-controller-manager to v0.9.0 (#497, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension provider-vsphere to v0.9.0 (#497, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener terminal-controller-manager to v0.16.0 (#497, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension provider-aws to v1.24.0 (#497, @Diaphteiros)

📰 Noteworthy

[cert-management]

🏃 Others

[cloud-provider-azure]

✨ New Features

🏃 Others

[dashboard]

⚠️ Breaking Changes

  • [OPERATOR] Please note the following breaking changes in the values.yaml file of the gardener-dashboard helm chart: (gardener/dashboard#1001, @holgerkoser)
    • The configuration properties tlsSecretName, tls and hosts in the values.yaml have been moved to ingress.tls.secretName, ingress.tls and ingress.hosts.
    • The configuration property apiServerUrl is now a required property. The dummy default value has been removed.
    • The configuration property oidc.redirectUri is now a required property. The fallback value based on the first hosts entry has been removed.

✨ New Features

  • [USER] Added pathType: Prefix to the Ingress resource (gardener/dashboard#988, @morremeyer)
  • [USER] You can now copy the shoot name and seed name from the cluster list page (gardener/dashboard#986, @petersutter)
  • [USER] Dark Mode: The Dashboard now applies system settings by default (gardener/dashboard#978, @grolu)
  • [USER] metadata.managedFields are now hidden by default in cluster yaml editor. You can enable them with the toggle button in the toolbar (gardener/dashboard#973, @grolu)
  • [USER] Added support for configuring Container Runtimes for Workers via the Dashboard (gardener/dashboard#790, @grolu)
  • [OPERATOR] gardener-dashboard helm chart: (gardener/dashboard#1001, @holgerkoser)
    • Vertical Pod Autoscaler can be enabled via the configuration property vpa in the values.yaml file of the gardener-dashboard helm chart.
    • OpenID Provider certificate authority can be passed via secret reference oidc.caSecretRef in the values.yaml file of the gardener-dashboard helm chart.
  • [OPERATOR] Enable asset configuration in the helm chart (gardener/dashboard#980, @morremeyer)
  • [OPERATOR] The outgoing communication to all apiservers is done via http/2 for read and write operations as well as for watches. It is assumed that these apiservers are accessible via http/2. This has the following advantages: (gardener/dashboard#972, @holgerkoser)
    • Better performance due to reduced latency, full request and response multiplexing, HTTP header field compression and tls session resumption.
    • Simpler, and more robust implementation aligned with the go-client implementation.
    • A single http2 session for all watches is kept between the list and the watch call which solves the problem with diverged watch-caches on different apiserver instances.

🐛 Bug Fixes

🏃 Others

[external-dns-management]

🐛 Bug Fixes

🏃 Others

[gardener-extension-provider-azure]

⚠️ Breaking Changes

  • [USER] The Azure extension does now support shoot clusters with Kubernetes version 1.21. You should consider the Kubernetes release notes before upgrading to 1.21. Please note that both the Azure Disk CSI driver and Azure File CSI driver will be used for 1.21 shoots. They are compatible with the legacy volume provisioners, however, you might want to update your storage classes and volume handling accordingly. Please find more information about CSI in the official Kubernetes documentation. (gardener/gardener-extension-provider-azure#280, @rfranzke)
  • [USER] Extension resource configs (ControlPlaneConfigs, WorkerConfig) are now deserialized in "strict" mode. This means that deserializing resources with fields that are not allowed by the API schema will result in errors. Shoots containing such resources will fail with an appropriate error until you manually update the shoot to make sure any extension resource configs contained in it are valid. (gardener/gardener-extension-provider-azure#272, @stoyanr)

🐛 Bug Fixes

🏃 Others

Read more

3.9.0

04 May 07:45
Compare
Choose a tag to compare

[garden-setup]

⚠️ Breaking Changes

  • [OPERATOR] ⚠️ Due to the updated terraform plugins, this version of garden-setup requires terraform 0.13 or higher. If the sow image is used, version 3.3.0 or higher of sow is required. (#452, @Diaphteiros)
  • [OPERATOR] Replace nginx shoot addon with managed ingress feature for shooted seeds. The behaviour when deploying over an existing landscape has not been tested. In theory, this should work, although you might experience a downtime of the seeds. This change should not cause any problems for new landscapes and for landscapes without shooted seeds created by garden-setup. (#389, @Diaphteiros)

🐛 Bug Fixes

  • [OPERATOR] Fixed a bug that created an invalid DNS secret for the openstack-designate DNS service. (#455, @Diaphteiros)
  • [OPERATOR] Fixed a bug that caused the dashboard component to fail if landscape.identity.users was not defined. (#440, @Diaphteiros)

🏃 Others

  • [OPERATOR] Upgrade Gardener extension provider-vsphere to v0.7.1 (#459, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension provider-gcp to v1.16.0 (#459, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension provider-openstack to v1.18.0 (#455, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension provider-aws to v1.23.0 (#455, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension networking-calico to v1.17.0 (#455, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension shoot-dns-service to v1.10.0 (#455, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener dns-controller-manager to v0.8.3 (#455, @Diaphteiros)
  • [OPERATOR] The terraform modules for creation of the etcd backup bucket have been adapted for terraform 0.13 (#452, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension provider-azure to v1.19.1 (#443, @Diaphteiros)

📰 Noteworthy

  • [OPERATOR] The recommended sow version is now 3.3.0 (#459, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener to v1.21.0 (#455, @Diaphteiros)
  • [OPERATOR] The default kubernetes versions in the cloudprofile have been updated. (#443, @Diaphteiros)
  • [OPERATOR] Starting with version v1.20, Gardener deploys a managed istio into each seed cluster. This behaviour is deactivated in garden-setup by default. To activate the managed istio for a seed, add featureGates.ManagedIstio: true and featureGates.APIServerSNI: true to that seed's landscape.iaas entry. Please be aware that there currently is no easy way of removing istio again - if a seed with the feature gate active is deleted, the istio namespaces will be removed, but cluster-scoped resources and resources in other namespaces will be leaked in your cluster. This shouldn't be a big problem for shooted seeds though, as they will be gone when the shoot is deleted. (#443, @Diaphteiros)

[autoscaler]

📰 Noteworthy

  • [USER] Enable configuraiton of flags such as control-apiserver-burst, control-apiserver-qps, target-apiserver-burst, target-apiserver-qps and min-resync-period for kubernetes client configurations while fetching objects for MCM cloud provider. (gardener/autoscaler#73, @prashanth26)
  • [OPERATOR] Switch to using cached informers to fetch cloud provider details more optimally. (gardener/autoscaler#73, @prashanth26)

[cloud-provider-aws]

✨ New Features

🏃 Others

[cloud-provider-azure]

✨ New Features

🏃 Others

[cloud-provider-gcp]

✨ New Features

🏃 Others

[external-dns-management]

🐛 Bug Fixes

🏃 Others

[gardener]

⚠️ Breaking Changes

  • [USER] Extension resources configs, namely ControlPlaneConfig and WorkerConfig, are now deserialized in "strict" mode. This means that deserializing resources with fields that are not allowed by the API schema will result in errors. Shoots containing such resources will fail with an appropriate error until you manually update the shoot to make sure any extension resources contained in it are valid. Note that due to other changes will not be able to create new shoots containing such resources, since they will be rejected by validation. (gardener/gardener#3804, @stoyanr)
  • [OPERATOR] The temporary workaround in the ProblematicWebhooks check that was skipping Shoot webhooks is now removed. Before updating to this version of Gardener, please make sure that the provider extensions in the system vendor at least github.com/gardener/gardener@v1.16.0. (gardener/gardener#3867, @ialidzhikov)
  • [OPERATOR] ⚠️ Gardener does no longer support shoot clusters with Kubernetes versions < 1.15. With this change, the .spec.kubernetes.kubeControllerManager.horizontalPodAutoscaler.{up,down}scaleDelay fields have been dropped because they are no longer meaningful. Make sure to upgrade all existing clusters before upgrading to this Gardener version. (gardener/gardener#3862, @rfranzke)
  • [OPERATOR] ⚠️ The minimum Kubernetes version for seed clusters has been raised from v1.11 to v1.15. Make sure that all your registered seed clusters meet this requirement before upgrading to this Gardener version. (gardener/gardener#3862, @rfranzke)
  • [OPERATOR] Invalid image vectors and component image vector overwrites will cause validation errors upon reading. If you encounter such errors, make sure image vectors specified in ConfigMap or ComponentRegistration resources are valid. (gardener/gardener#3853, @stoyanr)
  • [DEPENDENCY] ⚠️ The utility functions for working with ManagedResources have been mostly moved from pkg/operation/common to pkg/utils/managedresources. Please note that the signature of the functions might have changed. Especially, the order of the name, namespace string parameters is now namespace, name string. (gardener/gardener#3780, @rfranzke)

✨ New Features

  • [USER] New .status.advertisedAddresses field in the Shoot resource now provides a list of advert...
Read more

3.8.0

12 Apr 13:11
Compare
Choose a tag to compare

[garden-setup]

🐛 Bug Fixes

🏃 Others

  • [OPERATOR] Upgrade Gardener extension provider-openstack to v1.16.2 (#435, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener dns-controller-manager to v0.8.1 (#435, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension provider-aws to v1.22.2 (#435, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension provider-gcp to v1.15.0 (#435, @Diaphteiros)

📰 Noteworthy

[cloud-provider-aws]

🏃 Others

[cloud-provider-gcp]

🏃 Others

[external-dns-management]

🐛 Bug Fixes

🏃 Others

[gardener]

⚠️ Breaking Changes

  • [OPERATOR] The default leader election resource lock of gardener-controller-manager, gardener-scheduler and gardenlet has been changed to leases. (gardener/gardener#3719, @timebertt)
    • Please make sure, that the components have permissions to create, get, watch and update leases.coordination.k8s.io in the respective clusters.
    • And please make sure, that you had at least gardener@v1.17 running before upgrading to v1.19, so that all components have successfully required leadership with the hybrid resource lock (configmapsleases) at least once.
  • [OPERATOR] The ManagedIstio and APIServerSNI feature gates in the gardenlet have been promoted to beta and are now enabled by default. If you run your own istio installation then you have to disable the ManagedIstio feature gate (and probably also the APIServerSNI) in your gardenlet configurations. (gardener/gardener#3633, @rfranzke)

🐛 Bug Fixes

  • [USER] An issue causing causing the deletion of hibernated Shoot to fail is now fixed. (gardener/gardener#3791, @ialidzhikov)
  • [USER] A transient error which may occur when a hibernated shoot cluster is woken up again right away has been fixed. (gardener/gardener#3749, @vpnachev)
  • [OPERATOR] Fix a bug where the gardenlet was not updating the allow-to-seed-apiserver network policy with the IP address of the seed's API server when the APIServerSNI feature gate is just enabled. (gardener/gardener#3743, @vpnachev)
  • [OPERATOR] The istiod deployment in the istio-system namespace now has replicas set to 2 and can be properly scaled by its corresponding VPA. (gardener/gardener#3691, @plkokanov)
  • [OPERATOR] Added resource requests and limits to the apiserver-proxy-pod-mutator container which should allow the corresponding HPA to properly read CPU metrics from the kube-apiserver when SNI is enabled. (gardener/gardener#3691, @plkokanov)
  • [OPERATOR] A bug preventing seed deletion to hang due to already deleted CRD etcds.druid.gardener.cloud is now fixed. (gardener/gardener#3686, @stoyanr)
  • [OPERATOR] An issue preventing kube-controller-manager to approve the CSR for kubelet certificate renewal is now fixed. (gardener/gardener#3684, @majst01)
  • [OPERATOR] An issue causing gardenlet to fail to remove the finalizer of the Seed Secret (.spec.secretRef) is now fixed. (gardener/gardener#3677, @ialidzhikov)
  • [OPERATOR] Increase CoreDNS memory limits to avoid OOMKill. (gardener/gardener#3675, @amshuman-kr)
  • [OPERATOR] An issue preventing the status of the BackupBucket to be properly updated is now fixed. (gardener/gardener#3673, @MartinWeindel)
  • [OPERATOR] Some issues with hanging ControllerInstallations have been resolved, that caused the Seed deletion to deadlock and required manual cleanup. (gardener/gardener#3653, @timebertt)
  • [OPERATOR] extensions/pkg/controller/controlplane/genericactuator.Actuator can now use a separate ManagedResource for ControlPlane CRDs that are installed in the Shoot cluster to separate the deletion of CRDs from the deletion of the RBAC for controller leader election. (gardener/gardener#3562, @ialidzhikov)
  • [DEPENDENCY] An issue causing nil pointer dereference in the extension library is now fixed. (gardener/gardener#3730, @ialidzhikov)

🏃 Others

📰 Noteworthy

  • [USER] Every shoot worker node now randomly delays the execution of the cloud-config user data by up to 5m (earlier, the maximum delay was ~30s). This is to prevent too many systemd unit restarts (e.g., kubelet restarts) at the ~same time when there is a change (e.g., a Kubernetes patch version update). (gardener/gardener#3715, @rfranzke)
  • [USER] When a shoot is erroring with ERR_INFRA_INSUFFICIENT_PRIVILEGES, ERR_INFRA_QUOTA_EXCEEDED or ERR_INFRA_DEPENDENCIES then it is now immediately set to the Failed status (this already happens also for ERR_INFRA_UNAUTHORIZED or ERR_CONFIGURATION_PROBLEM). This prevents Gardener from automatically retrying the operation. If you are hit by it, please manually retry the operation once you have resolved the issue. (gardener/gardener#3662, @rfranzke)
  • [DEPENDENCY] ⚠️ Go dependencies to kubernetes/* and kubernetes-sigs/controller-runtime were updated to v0.20.2 and v0.8.3 respectively. (gardener/gardener#3651, @rfranzke)

[gardener-extension-provider-aws]

🐛 Bug Fixes

🏃 Others

[gardener-extension-provider-gcp]

⚠️ Breaking Changes

  • [OPERATOR] The ValidatingWebhookConfiguration of the GCP admission controller has been changed from version v1beta1 to v1. Please make sure to deploy the admission controller only to clusters with a Kubernetes version >= 1.16 (gardener/gardener-extension-provider-gcp#230, @timuthy)

✨ New Features

  • [OPERATOR] The secrets and conf...
Read more

3.7.0

22 Mar 11:18
Compare
Choose a tag to compare

[garden-setup]

🐛 Bug Fixes

  • [OPERATOR] Fixed a bug that occurred when trying to deactivate backups which would otherwise have been stored in a GCS bucket. (#417, @Diaphteiros)

🏃 Others

  • [OPERATOR] Upgrade Gardener extension networking-calico to v1.16.0 (#418, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension shoot-cert-service to v1.12.0 (#418, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension provider-vsphere to v0.6.0 (#418, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension provider-aws to v1.21.0 (#418, @Diaphteiros)

📰 Noteworthy

[cert-management]

🏃 Others

[gardener]

⚠️ Breaking Changes

  • [OPERATOR] The gardener-admission-controller configuration API and http endpoints were changed in several aspects: (gardener/gardener#3577, @timebertt)
    • the fields server.https.tls.server{Cert,Key}Path have been removed in favor of server.https.tls.serverCertDir (the cert directory is expected to contain a tls.crt and tls.key file)
    • metrics and health endpoints are now exposed as plain HTTP endpoints on dedicated ports (configurable via server.{healthProbes,metrics}.port
    • the gardener-admission-controller service included in Gardener's helm chart has a new named port (metrics) for exposing the metrics endpoint
    • If you deploy this component/configuration manually, please adapt your usage accordingly. Gardener's helm charts were adapted to the changes.
  • [OPERATOR] The .controllers.shootedSeedRegistration field has been removed from the GardenletConfiguration in favor of the newly introduced ManagedSeed controller (configurable via .controllers.managedSeed). Please adapt your Gardenlet Helm chart values and/or example Gardenlet configuration files. (gardener/gardener#3418, @stoyanr)
  • [DEVELOPER] Semantics of controllerutils.{EnsureFinalizer,RemoveFinalizer} were changed. Both funcs now use PATCH requests instead of UPDATE and RemoveFinalizer expects an additional client.Reader for reading from the API server. (gardener/gardener#3641, @timebertt)
    • Please use controllerutils.{PatchFinalizers,PatchRemoveFinalizers} preferably were applicable, if your controller is able to tolerate conflict errors tolerated by stale reads.
  • [DEVELOPER] The .controllers.shootedSeedRegistration field has been removed from the GardenletConfiguration in favor of the newly introduced ManagedSeed controller (configurable via .controllers.managedSeed). Please run make dev-setup or manually copy example/20-componentconfig-gardenlet.yaml over your old configuration file. (gardener/gardener#3418, @stoyanr)
  • [DEPENDENCY] Semantics of controllerutils.{EnsureFinalizer,RemoveFinalizer} were changed. Both funcs now use PATCH requests instead of UPDATE and RemoveFinalizer expects an additional client.Reader for reading from the API server. (gardener/gardener#3641, @timebertt)
    • extensioncontroller.{EnsureFinalizer,DeleteFinalizer} have been removed in favor of the funcs in controllerutils.
    • controllerutils.PatchFinalizers was renamed to PatchAddFinalizers.
  • [DEPENDENCY] The mocks for Gardener packages were moved to dedicated folders in the respective package directories, i.e., if there is package foo in ./pkg/path/to/foo then the mock would be in pkg/path/to/foo/mock instead of ./pkg/mock/gardener/path/to/foo. Only the mocks for third-party/vendored packages remain in ./pkg/mock. (gardener/gardener#3640, @rfranzke)
  • [DEPENDENCY] The already deprecated packages github.com/gardener/gardener/pkg/version and github.com/gardener/gardener/pkg/version/verflag are now removed. (gardener/gardener#3626, @ialidzhikov)

✨ New Features

  • [OPERATOR] It is now configurable for which shoot purposes the BackupEntry deletion grace period applies. An empty list (default) means that it applies for all shoot purposes (as it was earlier). If you want to only select specific purposes then please configure .controllers.backupEntry.deletionGracePeriodShootPurposes[] in the gardenlet's component configuration. (gardener/gardener#3637, @rfranzke)
  • [OPERATOR] CoreDNS deployment of shoot clusters can now be automatically restarted during the shoot's maintenance time window. This is used to solve problems with clients stuck to single replica of the deployment and thus overloading it. The feature can be enabled via the ControllerManagerConfiguration under .controllers.shootMaintecance.enableShootCoreAddonRestarter (see example/20-componentconfig-gardener-controller-manager.yaml). (gardener/gardener#3596, @vpnachev)
  • [OPERATOR] An additional change detection mechanism for the file download-cloud-config.sh is now used to ensure the file is up-to-date even after VM reboot. (gardener/gardener#3583, @vpnachev)
  • [OPERATOR] A new Seed reconciler was added to the Gardener-Controller-Manager. It creates a dedicated namespace per seed in the Garden cluster seed-<seed-name> and copies common secrets from the garden Namespace (labelled with gardener.cloud/role) to the seed namespace. Gardenlets are supposed to read secrets (or namespaced objects in general) from seed dedicated namespaces only in the future. (gardener/gardener#3582, @timuthy)
  • [OPERATOR] gardener-admission-controller now exposes several metrics about its webhooks (e.g. controller_runtime_webhook_latency_seconds_bucket, controller_runtime_webhook_requests_in_flight and controller_runtime_webhook_requests_total) (gardener/gardener#3577, @timebertt)
    • The metric gardener_admission_controller_invalid_webhook_requests_total was removed in favor of the newly added metrics.
  • [OPERATOR] Seed resources now have a new condition type BackupBucketsReady that is added when the corresponding seed has a backup configuration or related BackupBuckets. Seeds whose BackupBucketsReady condition is status: "False" are considered NotReady and thus are excluded from scheduling during that time. (gardener/gardener#3531, @timuthy)
  • [OPERATOR] A new ManagedSeed resource and its corresponding controller have been added and the existing shooted seed registration controller has been reworked to use them. (gardener/gardener#3418, @stoyanr)

🐛 Bug Fixes

  • [USER] A potential nil pointer exception in the Shoot validation (leading to 503 responses from gardener-apiserver) when validating PID reservations (e.g., in kubeReserved or systemReserved) has been fixed. (gardener/gardener#3632, @rfranzke)
  • [OPERATOR] An issue preventing kube-controller-manager to approve the CSR for kubelet certificate renewal is now fixed. (gardener/gardener#3704, @ialidzhikov)
  • [OPERATOR] The istiod deployment in the istio-system namespace now has replicas set to 2 and can be properly scaled by its corresponding VPA. (gardener/gardener#3692, @ialidzhikov)
  • [OPERATOR] Added resource requests and limits to the apiserver-proxy-pod-mutator container which should allow the corresponding HPA to properly read CPU metrics from the kube-apiserver when SNI is enabled. (gardener/gardener#3692, @ialidzhikov)
  • [OPERATOR] A bug preventing seed deletion to hang due to already deleted CRD etcds.druid.gardener.cloud is now fixed. (gardener/gardener#3689, @vpnachev)
  • [OPERATOR] An issue causing gardenlet to fail to remove the finalizer of the Seed Secret (.spec.secretRef) is now fixed. (gardener/gardener#3678, @ialidzhikov)
  • [OPERATOR] Fixed nil pointer exception that occurs when there are still extension resources in the Seed, but the Cluster resource has been deleted. (gardener/gardener#3622, @plkokanov)
  • [OPERATOR] Fix a bug where cloud-config-downloder systemd service is set to Failed with status start-limit-hit if it is requested to be restarted via the node annotation worker.gardener.cloud/restart-systemd-services. (gardener/gardener#3593, @vpnachev)
  • [OPERATOR] Fixed an issue with enabling KonnectivtyTunnel via annotation (alpha.featuregates.shoot.gardener.cloud/konnectivity-tunnel: "false") on APIServerSNI-enabled Seed cluster causing the tunnel to not be opened. (gardener/gardener#3586, @mvladev)
  • [OPERATOR] An issue causing gardener-controller-manager to not be able to delete a Plant when the Plant Secret is not found is now fixed. (gardener/gardener#3584, @ialidzhikov)
  • [OPERATOR] gardener-controller-manager now waits for a project's namespace to be empty before continuing with releasing the namespace and deleting the project. (gardener/gardener#3578, @timebertt)

🏃 Others

  • [USER] The external DNS record for the kubernetes API server is now deleted after the kubernetes API server. This is useful for shoot cluster owners that need to clean some kubernetes resources that can cause the shoot cluster deletion to stuck. (gardener/gardener#3576, @vpnachev)
  • [OPERATOR] VPA minAllowed configuration for metrics-server. (gardener/gardener#3695, @vpnachev)
  • [OPERATOR] A new error code for retryable configuration problems (for example misconfigured PodDisruptoinBudget that does not allow voluntary Pod evictions) is now added. (gardener/gardener#3665, @danielfoehrKn)
  • [OPERATOR] istiod is now scaled automatically by VerticalPodAutoscaler instead of HorizontalPodAutoscaler. This fixes OOMKilled issues on big Seed clusters. (gardener/gardener#3613, @mvladev)
  • [OPERATOR] Gardener now deploys the Cluster-Autoscaler earlier during the shoot creation which enables self healing for creation failures due to over-provisioned small machines. (gardener/gardener#3612, @timuthy)
  • [OPERATOR] Node exporter provides the metric node...
Read more