Releases: gardener/garden-setup
Releases · gardener/garden-setup
3.17.0
The release-notes for component github.com/gardener/garden-setup in version 3.17.0 exceeded the maximum length of 25000 characters allowed by GitHub for release-bodies.
They have been uploaded as release-asset and can be found at https://github.com/gardener/garden-setup/releases/download/3.17.0/release_notes.md.
3.16.0
[garden-setup]
✨ New Features
- [OPERATOR] Upgrade Gardener to
v1.30.1
(#609, @Diaphteiros) - [OPERATOR] Upgrade Gardener dashboard to
v1.52.0
(#609, @Diaphteiros)
🏃 Others
- [OPERATOR] Upgrade Gardener dns-controller-manager to
v0.10.6
(#609, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension shoot-cert-service to
v1.18.0
(#609, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension shoot-dns-service to
v1.15.0
(#609, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension provider-aws to
v1.28.1
(#609, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension provider-openstack to
v1.21.0
(#609, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension provider-vsphere to
v0.11.0
(#609, @Diaphteiros)
[cert-management]
🐛 Bug Fixes
- [OPERATOR] fix nil pointer dereference in RememberAltIssuerSecret if an issuer secret contains no data (gardener/cert-management#85, @MartinWeindel)
🏃 Others
- [OPERATOR] No panic on failed groupkind migration (gardener/cert-management#87, @MartinWeindel)
- [OPERATOR] Support for Kubernetes v1.22 (gardener/cert-management#89, @MartinWeindel)
- [OPERATOR] Add command line flag
--acme-deactivate-authorizations
to enable deactivation of authorizations after a successful certificate request (gardener/cert-management#90, @MartinWeindel)
[cloud-provider-aws]
🏃 Others
- [OPERATOR]
k8s.io/legacy-cloud-providers
is now updated tov0.18.20
. (gardener-attic/cloud-provider-aws#12, @ialidzhikov) - [OPERATOR]
k8s.io/legacy-cloud-providers
is now updated tov0.19.14
. (gardener-attic/cloud-provider-aws#11, @vpnachev) - [OPERATOR]
k8s.io/legacy-cloud-providers
is now updated tov0.20.10
. (gardener-attic/cloud-provider-aws#9, @vpnachev) - [OPERATOR]
k8s.io/legacy-cloud-providers
is now updated tov0.21.4
. (gardener-attic/cloud-provider-aws#10, @vpnachev)
[dashboard]
🐛 Bug Fixes
- [USER] Solves a problem when a user has rotated a service account secret. In the frontend an error message was erroneously displayed, which is fixed now. (gardener/dashboard#1095, @holgerkoser)
- [USER] Fix HCloud Secret Dialog (gardener/dashboard#1094, @gesslein)
- [USER] Fixes the problem that scroll bars are displayed in the UI even if there is enough space available. (gardener/dashboard#1087, @holgerkoser)
[external-dns-management]
✨ New Features
- [USER] Support of AAAA records (IP v6) for all DNS providers (gardener/external-dns-management#200, @MartinWeindel)
- [OPERATOR] Basic IPv6 Support (gardener/external-dns-management#199, @poelzi)
🐛 Bug Fixes
- [OPERATOR] Fix provider domain selection: allow final dot and uppercase (gardener/external-dns-management#207, @MartinWeindel)
🏃 Others
- [OPERATOR] Fix deployment of chart as ManagedResource for K8s >=1.22 because of wrong apiVersion of RBAC (gardener/external-dns-management#209, @MartinWeindel)
- [OPERATOR] Support for Kubernetes v1.22 (gardener/external-dns-management#208, @MartinWeindel)
- [OPERATOR] Add annotation for prometheus scraping (gardener/external-dns-management#206, @MartinWeindel)
[gardener-extension-provider-aws]
✨ New Features
- [USER] Added AWS m6i machine type family (gardener/gardener-extension-provider-aws#393, @patrickhuy)
🏃 Others
- [USER] The following image is updated: (gardener/gardener-extension-provider-aws#412, @ialidzhikov)
- k8s.gcr.io/provider-aws/aws-ebs-csi-driver: v1.1.1 -> v1.1.4 (see CHANGELOG)
- [USER] The following image is updated: (gardener/gardener-extension-provider-aws#383, @ialidzhikov)
- k8s.gcr.io/sig-storage/csi-provisioner: v1.6.0 -> v2.1.2 (see CHANGELOG)
- [OPERATOR] Failures to reconcile
DNSRecords
due to a missing hosted zone or a DNS name not matching the zone name are now properly categorized asERR_CONFIGURATION_PROBLEM
. (gardener/gardener-extension-provider-aws#398, @stoyanr) - [OPERATOR] machine-controller-manager logs are exposed to the end-users (gardener/gardener-extension-provider-aws#382, @vlvasilev)
[gardener-extension-provider-openstack]
✨ New Features
- [USER] The OpenStack extension does now support shoot clusters with Kubernetes version 1.22. You should consider the Kubernetes release notes before upgrading to 1.22. (gardener/gardener-extension-provider-openstack#330, @timuthy)
- [OPERATOR] Floating pool names in infrastructure config are now checked if they exist, and if not the issue is properly reported as
ERR_CONFIGURATION_PROBLEM
with a clear error message. (gardener/gardener-extension-provider-openstack#329, @stoyanr) - [OPERATOR] Add option ignoreVolumeAZ to allow for differences between volume and compute AZ names. (gardener/gardener-extension-provider-openstack#322, @gesslein)
🐛 Bug Fixes
- [USER] Do not trigger a node rollout when switching from
CRI.Name==nil
toCRI.Name==docker
. (gardener/gardener-extension-provider-openstack#308, @BeckerMax)
🏃 Others
- [USER] It is now allowed to change the name and purpose of load balancer classes in
.controlPlaneConfig.loadBalancerClasses[]
. The load balancer classes configuration need still to be semantically equal with the load balancer classes from the CloudProfile. (gardener/gardener-extension-provider-openstack#310, @dkistner) - [OPERATOR] machine-controller-manager logs are exposed to the end-users (gardener/gardener-extension-provider-openstack#319, @vlvasilev)
- [OPERATOR] Shoots can now be deployed in existing Neutron networks. The network can be specified by its ID in the respective shoot's infrastructure configuration. (gardener/gardener-extension-provider-openstack#317, @kon-angelo)
- [OPERATOR] Openstack Kubernetes cluster
>= v1.22
use now the Openstack cloud-controller-managerv1.22
. (gardener/gardener-extension-provider-openstack@79d7412) - [OPERATOR] Openstack Kubernetes cluster
>= v1.22
now use cinder csiv1.22
. (gardener/gardener-extension-provider-openstack@79d7412) - [DEVELOPER] Missing or wrong doc comments and a few other common style errors will now be reported by the linter. (gardener/gardener-extension-provider-openstack#334, @stoyanr)
[gardener-extension-provider-vsphere]
✨ New Features
- [USER] The vSphere extension does now support shoot clusters with Kubernetes version 1.22. You should consider the Kubernetes release notes before upgrading to 1.22. (gardener/gardener-extension-provider-vsphere#170, @timuthy)
🐛 Bug Fixes
- [USER] Do not trigger a node rollout when switching from
CRI.Name==nil
toCRI.Name==docker
. (gardener/gardener-extension-provider-vsphere#167, @BeckerMax) - [OPERATOR] using patched vsphere-csi-driver v2.3.0-gardener1 to fix volume attachment issue on hibernation (gardener/gardener-extension-provider-vsphere#174, @MartinWeindel)
🏃 Others
- [OPERATOR] Update vSphere cloud provider to v1.22 (patched version) (gardener/gardener-extension-provider-vsphere#173, @MartinWeindel)
- [OPERATOR] Update vsphere-csi-driver to v2.3.0 (gardener/gardener-extension-provider-vsphere#173, @MartinWeindel)
- [OPERATOR] The
metrics-server
is now properly able to communicate with the kubelets in order to expose metrics about nodes and pods. (gardener/gardener-extension-provider-vsphere#171, @MartinWeindel) - [OPERATOR] machine-controller-manager logs are exposed to the end-users (gardener/gardener-extension-provider-vsphere#168, @vlvasilev)
[gardener-extension-shoot-cert-service]
⚠️ Breaking Changes
- [OPERATOR] The default leader election resource lock of
gardener-extension-shoot-cert-service
has been changed fromconfigmapsleases
toleases
. (gardener/gardener-extension-shoot-cert-service#89, @MartinWeindel)- Please make sure, that you had at least
gardener-extension-shoot-cert-service@v1.13
running before upgrading tov1.18.0
, so that it has successfully required leadership with the hybrid resource lock (configmapsleases
) at least once.
- Please make sure, that you had at least
🏃 Others
- [OPERATOR] Enable deactivation of authorizations for successful certificate requests (gardener/gardener-extension-shoot-cert-service#90, @MartinWeindel)
- [OPERATOR] It is now possible to specify the leader election resource lock via the chart value
leaderElection.resourceLock
(defaults toleases
). (gardener/gardener-extension-shoot-cert-service#89, @MartinWeindel) - [OPERATOR] Support for Kubernetes v1.22 (gardener/gardener-extension-shoot-cert-service#88, @MartinWeindel)
[gardener-extension-shoot-dns-service]
⚠️ Breaking Changes
- [OPERATOR] The default leader election resource lock of
gardener-extension-shoot-dns-service
has been changed fromconfigmapsleases
toleases
. (gardener/gardener-extension-shoot-dns-service#80, @MartinWeindel)- Please make sure, that you had at least
gardener-extension-shoot-dns-service@v1.10
running before upgrading tov1.15.0
, so that it has successfully required leadership with the hybrid resource lock (configmapsleases
) at least once.
- Please make sure, that you had at least
🏃 Others
- [OPERATOR] It is now possible to specify the leader election resource lock via the chart value
leaderElection.resourceLock
(defaults toleases
). (gardener/gardener-extension-shoot-dns-service#80, @MartinWeindel) - [OPERATOR] Support for Kubernetes v1.22 (gardener/gardener-extension-shoot-dns-service#79, @MartinWeindel)
[machine-controller-manager]
⚠️ Breaking Changes
- [OPERATOR] Draining of pods with PVs (Persistent Volume) now waits for re-attachment of PV on a different node when
volumeAttachments
support is enabled on the cluster. Else it falls back to the default PV reattachment timeout value configured. The defaul...
3.15.0
[garden-setup]
✨ New Features
- [OPERATOR] Upgrade Gardener to
v1.29.0
(#595, @Diaphteiros) - [OPERATOR] In preparation of the kubernetes dockershim removal,
containerd
has been added as container runtime to the default cloudprofiles. See here for further information. (#595, @Diaphteiros)- In addition, the
gvisor
extension is now deployed by default and can be used in combination with containerd.
- In addition, the
- [OPERATOR] Update default kubernetes versions in cloudprofile (#595, @Diaphteiros)
- [OPERATOR] Upgrade Gardener dashboard to
v1.51.2
(#595, @Diaphteiros)
🏃 Others
- [OPERATOR] Upgrade Gardener extension provider-gcp to
v1.18.0
(#595, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension os-gardenlinux to
v0.10.0
(#595, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension os-suse-chost to
v1.13.0
(#595, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension provider-azure to
v1.21.2
(#595, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension shoot-cert-service to
v1.17.1
(#595, @Diaphteiros)
[cert-management]
🐛 Bug Fixes
- [OPERATOR] fix nil pointer dereference in RememberAltIssuerSecret if an issuer secret contains no data (gardener/cert-management#85, @MartinWeindel)
[cloud-provider-azure]
🏃 Others
- [OPERATOR]
k8s.io/legacy-cloud-providers
is now updated tov0.19.14
. (gardener-attic/cloud-provider-azure#7, @vpnachev) - [OPERATOR]
k8s.io/legacy-cloud-providers
is now updated tov0.20.10
. (gardener-attic/cloud-provider-azure#6, @vpnachev) - [OPERATOR]
k8s.io/legacy-cloud-providers
is now updated tov0.21.4
. (gardener-attic/cloud-provider-azure#5, @vpnachev)
[dashboard]
⚠️ Breaking Changes
- [OPERATOR] The Dashboard no longer adds
docker
to the list of available CRIs. You need to adapt allCloudProfiles
and explicitly adddocker
to all MachineImageVersions which support it (gardener/dashboard#1059, @grolu)
✨ New Features
- [USER]
Container Runtime
is now a required field for cluster workers and defaulted tocontainerd
for cluster kubernetes versions 1.22 and higher. Clusters with older kubernetes versions keepdocker
as default container runtime. If default runtime is not in the list of supported runtimes of a machine image it defaults to the first one specified in the cloud profile (gardener/dashboard#1059, @grolu) - [USER] Added support to authenticate against GKE clusters using google service account key. In this case, the referenced secret needs to have the
serviceaccount.json
data key in addition to thekubeconfig
data key (gardener/dashboard#1058, @holgerkoser) - [USER] Container runtimes of existing workers can now be changed (gardener/dashboard#1044, @grolu)
- [USER] Support for the hetzner cloud extension (hcloud) (gardener/dashboard#1043, @poelzi)
- [USER] External DNS Provider Support (gardener/dashboard#1026, @grolu)
- Add and manage DNS Provider Secrets
- Configure Shoot DNS Providers
- [USER] Added extended search capabilities to cluster search: (gardener/dashboard#1021, @grolu)
- Search params are now ANDed, allowing one to refine the search
- Use quotes for exact words or phrases
- Use minus sign to exclude words that you don't want
- [OPERATOR] It is now possible to add configurable hints for machine image vendors (gardener/dashboard#1066, @grolu)
- [OPERATOR] Added support for
ERR_RETRYABLE_INFRA_DEPENDENCIES
andERR_INFRA_REQUEST_THROTTLING
error codes (gardener/dashboard#1040, @grolu) - [OPERATOR] The option to
Hide user issues
for operators has been replaced by an option to remove both user issues and temporary issues. This new filter is labelled asHide no operator action required issues
(gardener/dashboard#1040, @grolu)
🐛 Bug Fixes
- [USER] Fixed a problem in the DNS provider configuration that caused a newly added DNS provider to always be disabled on an existing cluster (gardener/dashboard#1086, @holgerkoser)
- [USER] Fixed some issues regarding creating and editing worker groups (gardener/dashboard#1084, @grolu)
- Existing worker groups may keep
cri.name
empty without failing validation - Additional container runtimes selection did no longer show up
- Machine
worker.machine.image
included internal properties in create shoot editor
- Existing worker groups may keep
- [USER] Fixed an issue in the TicketComment component causes it not to be rendered anymore (gardener/dashboard#1080, @holgerkoser)
- [USER] Fixes a bug with the size of dialogs. In some cases the dialogs were too small to display the complete content clearly. The size of all dialogs has been adjusted and unified (gardener/dashboard#1075, @holgerkoser)
- [USER] Fixed an issue on the cluster creation page where the networking section was empty because of a permission issue: Users could not read list of networking types and registered dns provider extensions (gardener/dashboard#1074, @grolu)
- [USER] Preserve the initial URL hostname during the OIDC login process (gardener/dashboard#1054, @holgerkoser)
- [USER] Fixed an issue where the terminal container was not created with
privileged
set totrue
of thecontainer
ssecurityContext
when enabling thePrivileged
flag on the terminal settings UI (gardener/dashboard#1051, @petersutter)
📖 Documentation
- [OPERATOR] Please note the following changes in the
values.yaml
file of thegardener-dashboard
helm chart: (gardener/dashboard#1054, @holgerkoser)- The configuration property
.Values.oidc.redirectUri
is no longer used and has been removed. Instead, the list of valid OIDC redirect URIs is determined based on the ingress hosts.Values.ingress.hosts
. If tls.Values.ingress.tls
is active the redirect URI scheme is assumed to behttps
for all hosts.
- The configuration property
[gardener]
⚠️ Breaking Changes
- [USER] Earlier, Gardener created certificates with
Common Name: system:apiserver
for the Kube-Apiserver. In order to be DNS-1123 compliant, this certificate field is changed toCommon Name: kube-apiserver
for new shoot clusters. (gardener/gardener#4467, @timuthy) - [OPERATOR] Kubernetes will remove the built-in dockershim, which means eventually all Gardener Shoots will need to switch to containerd. Operators of Gardener and Shoot owners need to take action, please continue reading our detailed guide about the why, what, and when! (gardener/gardener#4452, @voelzmo)
- [OPERATOR] The following changes have been made incompatibly to the
GardenerSchedulerConfiguration
: (gardener/gardener#4320, @xrstf)- The configuration key
server
has been refined intohealthProbes
andmetrics
. Note that both cannot be listening on the same port. - The
CachedRuntimeClients
feature gate has been removed, objects are now always cached. lockObjectName
was removed in favor ofresourceName
.lockObjectNamespace
was removed in favor ofresourceNamespace
.
- The configuration key
- [OPERATOR] If you deploy Gardener with the provided Helm charts, note that the metrics endpoint for the Gardener-Scheduler is now exposed via a service on port
9090
. (gardener/gardener#4320, @xrstf)
🐛 Bug Fixes
- [USER] The symmetric keys
HS256
,HS384
andHS512
are now removed from the valid OIDC Signing algorithms as they are not supported by the kubernetes API server. (gardener/gardener#4470, @plkokanov) - [OPERATOR] Keep the already available replicas of kube-controller-manager (if any) during Create operations regardless of whether hibernation is enabled or not. (gardener/gardener#4479, @plkokanov)
- [OPERATOR] Keep kube-apiserver HPA scale down mode
Auto
even when scale down is disabled. The scale down is naturally disabled becauseminReplicas
andmaxReplicas
are set to be equal. (gardener/gardener#4451, @amshuman-kr)
🏃 Others
- [OPERATOR] A bug has been fixed which prevented the CSR auto-approval process for Gardenlet certificates when the
SeedAuthorizer
is enabled. Hence, the user certificate used by Gardenlet to connect to the Garden cluster was not renewed successfully. (gardener/gardener#4502, @timuthy) - [OPERATOR] Azure errors with OverconstrainedZonalAllocationRequest error code are now classified as configuration problems. (gardener/gardener#4482, @plkokanov)
- [OPERATOR] Improved handling of the shoot resource in the shoot controller to ensure that data races are avoided as much as possible. (gardener/gardener#4459, @stoyanr)
- [OPERATOR] Ensured that the backup entry name is generated only once using non-empty strings to prevent issues with backup entry names generated as
--
. (gardener/gardener#4454, @stoyanr) - [OPERATOR] Projects are now reconciled every time a shoot is created. (gardener/gardener#4447, @kris94)
- [OPERATOR] Grafana discovers available logging components at runtime for "Controlplane Logs Dashboard" (gardener/gardener#4387, @vlvasilev)
- [DEVELOPER] Added new staticchecks by bumping
golangci-lint
. Please make sure to update your local installation ofgolangci-lint
, e.g. by runningmake install-requirements
(gardener/gardener#4475, @voelzmo)
[gardener-extension-os-gardenlinux]
⚠️ Breaking Changes
- [OPERATOR] The default leader election resource lock of
gardener-extension-os-gardenlinux
has been changed fromconfigmapsleases
toleases
. (gardener/gardener-extension-os-gardenlinux#43, @ialidzhikov)- Please make sure, that you had at least
gardener-extension-os-gardenlinux@v0.9
running before upgrading tov0.10.0
, so that it has successfully required leadership with the hybrid resource lock (configmapsleases
) at least once.
- Please make sure, that you had at least
✨ New Features
- [OPERATOR] It is now possible to specify the leader election resource lock via the chart value
leaderElection.resourceLock
(defaults toleases
). (gardener/gardener-extension-os-gardenlinux#43, @ialidzhikov)
🏃 Others
- ...
3.14.0
[garden-setup]
✨ New Features
- [OPERATOR] Upgrade Gardener to
v1.28.0
(#580, @Diaphteiros) - [OPERATOR] Update default kubernetes versions in cloudprofile (#580, @Diaphteiros)
📖 Documentation
- [USER] Improve IAAS CIDR documentation (#578, @christianhuening)
🏃 Others
- [OPERATOR] Upgrade Gardener extension shoot-cert-service to
v1.17.0
(#580, @Diaphteiros) - [OPERATOR] Upgrade Gardener dns-controller-manager to
v0.10.4
(#580, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension shoot-dns-service to
v1.14.0
(#580, @Diaphteiros) - [OPERATOR] Upgrade Gardener terminal-controller-manager to
v0.17.0
(#580, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension os-suse-chost to
v1.12.0
(#580, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension networking-calico to
v1.19.0
(#580, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension os-ubuntu to
v1.13.0
(#580, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension provider-openstack to
v1.20.0
(#580, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension provider-aws to
v1.27.0
(#580, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension provider-azure to
v1.21.0
(#580, @Diaphteiros)
[autoscaler]
🐛 Bug Fixes
- [USER] Avoids panics when VM type isn't found during scale from zero (gardener/autoscaler#81, @ialidzhikov)
- [USER] Fetches the VM from the correct map for MCM provider Azure and hence doesn't panic anymore (gardener/autoscaler#81, @ialidzhikov)
[external-dns-management]
📖 Documentation
- [OPERATOR] Credentials documentation for providers azure-dns, alicloud-dns and openstack-designate (gardener/external-dns-management#190, @MartinWeindel)
🏃 Others
- [USER] openstack-designate: support authentication with application credentials as alternative to username/password (gardener/external-dns-management#195, @MartinWeindel)
- [OPERATOR] using both configmaps and leases for leader election (gardener/external-dns-management#196, @MartinWeindel)
- [OPERATOR] Deploying
DNSHostedZonePolicy
resources as specified inproviderConfig.values.hostedZonePolicies
of theControllerDeployment
resource (gardener/external-dns-management#194, @MartinWeindel) - [OPERATOR] Added
DNSHostedZonePolicy
resource to set zone specific zone state cache TTL (gardener/external-dns-management#191, @MartinWeindel)
[gardener]
⚠️ Breaking Changes
- [USER] Shoot addons are now only allowed on evaluation shoots if the Kubernetes version is >= 1.22. (gardener/gardener#4213, @stoyanr)
- [OPERATOR] Gardener now requires seed clusters to run at least Kubernetes version
1.18
. Please update your seed clusters if necessary before updating to this Gardener version. Older Kubernetes releases will not be supported any more. Please note, the version support for shoot clusters is not affected by this change. (gardener/gardener#4426, @timuthy) - [OPERATOR] Gardenlet does not support seedSelectors anymore; configure an explicit seedConfig in the GardenletConfiguration instead (gardener/gardener#4306, @xrstf)
- [OPERATOR] The obsolete fields
SchedulerConfiguration.schedulers.*.retrySyncPeriod
have been removed. (gardener/gardener#4285, @timebertt) - [OPERATOR] Gardenlet feature gate NodeLocalDNS was removed and replaced by a shoot specific annotation. (gardener/gardener#4249, @ScheererJ)
- [OPERATOR] The
KonnectivityTunnel
feature gate in gardenlet has been dropped and removed from the code. If you upgrade to this Gardener version make sure that the feature gate is disabled and that all shoots were reconciled after you disabled it. (gardener/gardener#4247, @rfranzke) - [DEVELOPER]
make start-gardenlet
does not use seedSelector anymore, making the dev gardenlet single-seed only. If you have multiple Seeds in your local setup, you can specify the seed to act on via theSEED_NAME
make variable (e.g.make start-gardenlet SEED_NAME=local-foo
). (gardener/gardener#4270, @xrstf) - [DEVELOPER] The already deprecated
DirectClient
has been removed from the codebase entirely. (gardener/gardener#4225, @timebertt)
✨ New Features
- [USER] It's now possible to configure the
imageGC{High,Low}ThresholdPercent
fields for the kubelet configuration (defaults:50
for the high threshold,40
for the low threshold) in theShoot
API via.spec.{provider.workers[].}kubernetes.kubelet.imageGC{High,Low}ThresholdPercent
. (gardener/gardener#4282, @rfranzke) - [USER] Makes it possible to disable deploying kube-proxy for newly created clusters. Depending on the used networking extension switching off kube-proxy might not be supported yet. Please consult the respective documentation of the used networking extension before disabling kube-proxy. (gardener/gardener#4260, @ScheererJ)
- [USER] Shoot clusters can now reference an ExposureClass to expose their control plane in various network environments via the
.spec.exposureClassName
. Find more information in this document. (gardener/gardener#4244, @dkistner) - [USER] Do not trigger a node rollout when switching from
CRI.Name==nil
toCRI.Name==docker
. (gardener/gardener#4237, @voelzmo) - [USER] Shoots created with or updated to Kubernetes version >= 1.22 will get
containerd
as default container runtime. If you upgrade an existing shoot which doesn't specify acri.name
property in its worker pools, this will trigger a graceful node rollout and the container runtime is switched fromdocker
tocontainerd
. (gardener/gardener#4222, @voelzmo) - [USER] It's now possible to override the grace periods for the cleanup steps in the shoot deletion by specifying the following annotations on the
Shoot
: (gardener/gardener#4212, @rfranzke)shoot.gardener.cloud/cleanup-webhooks-finalize-grace-period-seconds
(default behaviour:"300"
)shoot.gardener.cloud/cleanup-extended-apis-finalize-grace-period-seconds
(default behaviour:"3600"
)shoot.gardener.cloud/cleanup-kubernetes-resources-finalize-grace-period-seconds
(default behaviour:"300"
)shoot.gardener.cloud/cleanup-namespaces-finalize-grace-period-seconds
(default behaviour:"300"
)- If
"0"
is provided then all resources are finalized immediately without waiting for any graceful deletion. Please be aware that this might lead to orphaned infrastructure artefacts.
- [OPERATOR] Gardener API server now has a feature gate
DisallowKubeconfigRotationForShootInDeletion
, disabled by default, that disallows kubeconfig rotation to be requested for shoot cluster in deletion. (gardener/gardener#4379, @vpnachev) - [OPERATOR] Similar to the
NodeAuthorizer
andNodeRestriction
features in Kubernetes (preventing kubelets from accessing resources which aren't associated with their responsibleNode
s), Gardener does now have aSeedAuthorizer
andSeedRestriction
feature (preventing gardenlets from accessing resources which aren't associated with theirSeed
s). If you want to enable it for your landscapes then please consult this document. (gardener/gardener#4326, @rfranzke) - [OPERATOR] The external ip attached to the load balancer service belonging to a Seed ingress gateway can now be defined in the configuration for the Gardenlet. This is possible for the default ingress gateway and for the ExposureClass handler ingress gateways. For ExposureClass handler ingress gateways this will only work in combination with the
APIServerSNI
feature flag (default). (gardener/gardener#4319, @dkistner) - [OPERATOR] Shoot clusters can now use ExposureClasses to expose the control plane in various network environments. The Gardenlet needs to realize the exposure strategy and is therefore required to have the ExposureClass handler configuration in its own config. This can be maintained in the
.exposureClassHandlers
list of the Gardenlet configuration. Find more information in this document. (gardener/gardener#4244, @dkistner) - [OPERATOR] A new
ProjectValidator
admission plugin has been added (enabled by default). It prevents creatingProject
s with non-empty.spec.namespace
fields if the value in.spec.namespace
does not start withgarden-
. Please note that this admission plugin will be removed in a future release again in favor of the static validation in thegardener-apiserver
. (gardener/gardener#4228, @rfranzke) - [OPERATOR] Shoot SSH Keys are regularly rotated, with both the current and previous key being deployed onto each shoot node. (gardener/gardener#4224, @xrstf)
- [OPERATOR] Allow explicit configuration of
docker
as a container runtime (.spec.provider.workers[].cri.name
field inShoot
s) for backwards compatibility. Select this only if your workload doesn't run nicely withcontainerd
. This configuration option will be removed in the future! (gardener/gardener#4218, @voelzmo) - [DEVELOPER] Support option requiring shoot connection to be external (gardener/gardener#4366, @deitch)
🐛 Bug Fixes
- [USER] A fix included in v1.27.0 and v1.27.1 was reverted, because it introduced a regression which caused clusters configured with
containerd
as a runtime to fail to reconcile (see gardener/gardener#4390 for more details). This now means that bug gardener/gardener#4254 still exists in gardener >1.27.1. (gardener/gardener#4408, @voelzmo) - [USER] Additional DNS provider Secret is now updated on Shoot deletion. This will allow users to update their invalid Secret data with valid one and now this change will be reflected to the Secret maintained in the Shoot namespace in the Seed. ...
3.12.0
[garden-setup]
✨ New Features
- [OPERATOR] Upgrade Gardener to
v1.25.2
(#555, @Diaphteiros) - [OPERATOR] Update default kubernetes versions in cloudprofile (#555, @Diaphteiros)
- [OPERATOR] Update machine image versions in cloudprofile (#555, @Diaphteiros)
- [OPERATOR] Enable quotas in the virtual cluster so operators can limit the amount of shoots, secretbindings etc allowed per project (#535, @gesslein)
🐛 Bug Fixes
- [OPERATOR] Fix a bug in deployment of gardener-metrics-exporter (#550, @dergeberl)
🏃 Others
- [OPERATOR] Upgrade Gardener extension provider-azure to
v1.20.2
(#555, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension shoot-dns-service to
v1.13.0
(#555, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension shoot-cert-service to
v1.14.0
(#555, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension provider-gcp to
v1.17.0
(#555, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension provider-vsphere to
v0.10.0
(#555, @Diaphteiros) - [OPERATOR] Upgrade Gardener dns-controller-manager to
v0.10.3
(#555, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension os-suse-chost to
v1.11.0
(#555, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension os-ubuntu to
v1.11.0
(#555, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension os-gardenlinux to
v0.9.0
(#555, @Diaphteiros)
[cert-management]
✨ New Features
- [USER] Allow issuers on target cluster (gardener/cert-management#77, @MartinWeindel)
[external-dns-management]
✨ New Features
- [USER] Add DNSProvider replication controller (gardener/external-dns-management@32b2b80)
🐛 Bug Fixes
- [OPERATOR] Fix concurrent access to filter in sharedFilteredInformerFactory (gardener/external-dns-management#188, @MartinWeindel)
📖 Documentation
- [OPERATOR] Credentials documentation for providers azure-dns, alicloud-dns and openstack-designate (gardener/external-dns-management#190, @MartinWeindel)
🏃 Others
- [OPERATOR] Deploying
DNSHostedZonePolicy
resources as specified inproviderConfig.values.hostedZonePolicies
of theControllerDeployment
resource (gardener/external-dns-management#194, @MartinWeindel) - [OPERATOR] Added
DNSHostedZonePolicy
resource to set zone specific zone state cache TTL (gardener/external-dns-management#191, @MartinWeindel) - [OPERATOR] Revendor controller-manager-library to fix namespaced shared informers (gardener/external-dns-management#186, @MartinWeindel)
- [OPERATOR] AWS Route53: avoid throttling errors on paging by using higher value for
MaxRetries
(gardener/external-dns-management#183, @MartinWeindel)
[gardener-extension-os-gardenlinux]
⚠️ Breaking Changes
- [OPERATOR]
⚠️ Support for Garden Linux versions 27.0 and 27.1 has been removed from this extension. Please, ensure that all shoot clusters in your landscape are running on Garden Linux 184.0 or newer version before upgrading to this version of the extension. (gardener/gardener-extension-os-gardenlinux#26, @vpnachev)
✨ New Features
- [OPERATOR] adds artifacts for Landscaper integration (gardener/gardener-extension-os-gardenlinux#31, @jschicktanz)
🐛 Bug Fixes
- [OPERATOR] A bug that was preventing the fields
operatingSystemConfig.status.{cloudConfig|units}
to be populated is now fixed. (gardener/gardener-extension-os-gardenlinux#34, @vpnachev)
🏃 Others
- [OPERATOR] Introduces new flag
TransmitUnencoded
which writes file content unencoded into the worker resource. (gardener/gardener-extension-os-gardenlinux#29, @BeckerMax) - [DEVELOPER]
github.com/gardener/gardener
dependency is now updated tov1.19.1
. (gardener/gardener-extension-os-gardenlinux#28, @ialidzhikov)
[gardener-extension-os-suse-chost]
🏃 Others
- [OPERATOR] Introduces new flag
TransmitUnencoded
which writes file content unencoded into the worker resource. (gardener/gardener-extension-os-suse-chost#41, @BeckerMax)
[gardener-extension-os-ubuntu]
✨ New Features
- [OPERATOR] This extension is now using Bash script to bootstrap Ubuntu nodes instead of cloud-init. (gardener/gardener-extension-os-ubuntu#36, @vpnachev)
🐛 Bug Fixes
- [OPERATOR] A bug that was preventing the fields
operatingSystemConfig.status.{cloudConfig|units}
to be populated is now fixed. (gardener/gardener-extension-os-ubuntu#41, @vpnachev)
🏃 Others
- [OPERATOR] Introduces new flag
TransmitUnencoded
which writes file content unencoded into the worker resource. (gardener/gardener-extension-os-ubuntu#42, @BeckerMax) - [DEVELOPER]
github.com/gardener/gardener
dependency is now updated tov1.19.1
. (gardener/gardener-extension-os-ubuntu#35, @ialidzhikov)
[gardener-extension-provider-azure]
🐛 Bug Fixes
- [OPERATOR] An issue causing dynamic provisioning with the
gardener.cloud-fast
StorageClass to fail on Kubernetes v1.21 (or any other version with CSI enabled) is now fixed. (gardener/gardener-extension-provider-azure#333, @ialidzhikov)
[gardener-extension-provider-gcp]
⚠️ Breaking Changes
- [OPERATOR] This version of provider-gcp requires at least Gardener v1.21.0. Before upgrading to this version of provider-gcp, make sure that you upgraded to at least Gardener v1.21.0. (gardener/gardener-extension-provider-gcp#283, @ialidzhikov)
🐛 Bug Fixes
- [OPERATOR] provider-gcp is now using a separate ManagedResource for ControlPlane CRDs (
volumesnapshot
related CRDs) that are installed in the Shoot cluster to separate the deletion of CRDs from the deletion of the RBAC for controller leader election. (gardener/gardener-extension-provider-gcp#283, @ialidzhikov) - [OPERATOR] An issue causing Infrastructure with multiple
.networks.cloudNAT.natIPNames
to fail to be reconciled is now fixed. (gardener/gardener-extension-provider-gcp#266, @ialidzhikov)
🏃 Others
- [USER] The following image is updated (see CHANGELOG for more details): (gardener/gardener-extension-provider-gcp#279, @ialidzhikov)
- k8s.gcr.io/sig-storage/livenessprobe: v2.2.0 -> v2.3.0
- [OPERATOR] When creating or updating shoots, any Kubernetes feature gates mentioned are validated against the Kubernetes version. If any feature gates are unknown or not supported in the Kubernetes version, the validation fails. (gardener/gardener-extension-provider-gcp#280, @stoyanr)
- [OPERATOR] Replace infrastructure's terraform helm chart with native go templates. (gardener/gardener-extension-provider-gcp#268, @kon-angelo)
[gardener-extension-provider-vsphere]
✨ New Features
- [OPERATOR] The existing ValidatingWebhookConfiguration of
admission-vsphere
for Shoot validation does now validate also the Shoot secret.admission-vsphere
does now feature also a new webhook that prevents Shoot secret to be updated with invalid keys. (gardener/gardener-extension-provider-vsphere#153, @vpnachev)
🏃 Others
- [USER] The following image is updated (see CHANGELOG for more details): (gardener/gardener-extension-provider-vsphere#157, @MartinWeindel)
- k8s.gcr.io/sig-storage/livenessprobe: v2.2.0 -> v2.3.0
- [OPERATOR] update of vsphere-csi driver to release v2.2.1 (gardener/gardener-extension-provider-vsphere#162, @MartinWeindel)
- [OPERATOR] When creating or updating shoots, any Kubernetes feature gates mentioned are validated against the Kubernetes version. If any feature gates are unknown or not supported in the Kubernetes version, the validation fails. (gardener/gardener-extension-provider-vsphere#161, @stoyanr)
[gardener-extension-shoot-cert-service]
✨ New Features
- [USER] Support issuers on the shoot cluster (gardener/gardener-extension-shoot-cert-service#74, @MartinWeindel)
[gardener-extension-shoot-dns-service]
✨ New Features
- [USER] Support DNSProvider replication to allow to specify providers on shoot cluster. (gardener/gardener-extension-shoot-dns-service#60, @MartinWeindel)
- [USER] enable annotation controller to support
DNSAnnotation
resources (gardener/gardener-extension-shoot-dns-service#55, @MartinWeindel)
🏃 Others
- [OPERATOR] avoid conflicting updates of the
status.state
of the extension resource by the replication controller (gardener/gardener-extension-shoot-dns-service#56, @MartinWeindel)
[machine-controller-manager]
✨ New Features
- [USER] Skip node drain on ReadOnlyFileSystem condition (gardener/machine-controller-manager#605, @himanshu-kun)
- [OPERATOR] Improved log details to include node name and provider-ID in addition to existing machine name (gardener/machine-controller-manager#607, @himanshu-kun)
🐛 Bug Fixes
- [OPERATOR] Fix panic when machineClass
secretRef
isn't found. (gardener/machine-controller-manager#609, @jsravn) - [DEVELOPER] Adds finalizers on machines that are adopted by the machine controller. Without this change, it causes issues while migrating machine objects between clusters. (gardener/machine-controller-manager#611, @prashanth26)
[machine-controller-manager-provider-gcp]
⚠️ Breaking Changes
- [DEVELOPER] machine-controller-manager-provider-gcp now requires new RBAC permissions - list and watch access for PodDisruptionBudgets in the target cluster. (gardener/machine-controller-manager-provider-gcp#14, @ialidzhikov)
🏃 Others
- [USER] Support creation of machines with disk type of
pd-balanced
. (gardener/machine-controller-manager-provider-gcp#19, @prashanth26) - [OPERATOR] machine-controller-manager-provider-gcp now checks for misconfigured PodDisruptionBudgets when Pod eviction fails during Node drain. (gardener/machine-controller-manager-provider-gcp#14, @ialidzhikov)
- [DEPENDENCY] Revendors MCM dependent libraries for
v0.39.0
version. (gardener/machine-controller-manager-provider-gcp#17, @AxiomSamarth)
[machine-controller-manager-provider-vsphere]
🏃 Others
- [USER] Revendors MCM dependent libr...
3.11.0
[garden-setup]
⚠️ Breaking Changes
- [OPERATOR] Garden-setup now uses the new method of deploying Gardener extensions (using
ControllerDeployment
andControllerRegistration
instead of only the latter one). Deploying over an existing landscape has not been tested and might or might not work. (#532, @Diaphteiros)
✨ New Features
- [OPERATOR] It is now possible to manually activate or deactivate any supported Gardener extension. Please note that deactivating extensions could prevent garden-setup from creating a working Gardener landscape. See here for the documentation. (#532, @Diaphteiros)
🐛 Bug Fixes
- [USER] Fix the Shoot Grafana Network Policies to match the Nginx-Ingress controller in kube-system (#502, @christianhuening)
- [OPERATOR] Sidecar image for terminal controller can be replaced through acre versions. (#533, @einfachnuralex)
🏃 Others
- [OPERATOR] Upgrade Gardener extension provider-openstack to
v1.19.1
(#530, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension provider-aws to
v1.25.0
(#530, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension external-dns-management to
v0.10.2
(#530, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension networking-calico to
v1.18.0
(#530, @Diaphteiros) - [OPERATOR] Upgrade Gardener dashboard to
1.50.2
(#530, @Diaphteiros)
📰 Noteworthy
- [OPERATOR] Upgrade Gardener to
v1.24.0
(#530, @Diaphteiros)
[dashboard]
🐛 Bug Fixes
- [USER] Improves performance by implementing support for http response content compression. This regression has been introduced with release 1.50.0 (gardener/dashboard#1027, @holgerkoser)
- [USER] Fixes a performance bug with high CPU consumption in http/2 response data processing (gardener/dashboard#1024, @holgerkoser)
[external-dns-management]
✨ New Features
- [USER] Add DNSProvider replication controller (gardener/external-dns-management@32b2b80)
🐛 Bug Fixes
- [OPERATOR] Fix concurrent access to filter in sharedFilteredInformerFactory (gardener/external-dns-management#188, @MartinWeindel)
🏃 Others
- [OPERATOR] Revendor controller-manager-library to fix namespaced shared informers (gardener/external-dns-management#186, @MartinWeindel)
- [OPERATOR] AWS Route53: avoid throttling errors on paging by using higher value for
MaxRetries
(gardener/external-dns-management#183, @MartinWeindel) - [OPERATOR] Own implementation for paging AWS zone state to properly deal with throttling (gardener/external-dns-management#181, @MartinWeindel)
[gardener-extension-networking-calico]
🏃 Others
- [OPERATOR] Update calico-cpa to verison 1.8.3 (gardener/gardener-extension-networking-calico#87, @DockToFuture)
- [OPERATOR] Update calico version to
1.19.1
. (gardener/gardener-extension-networking-calico#86, @DockToFuture) - [OPERATOR] Updated calico to 3.18.2. (gardener/gardener-extension-networking-calico#81, @ScheererJ)
[gardener-extension-provider-openstack]
🏃 Others
- [OPERATOR] The version constraints for
floating-subnet
andfloating-subnet-tags
field in the cloud-provider-config to select a floating subnet to pick the floating ip for a load balancer has been removed. (gardener/gardener-extension-provider-openstack#292, @dkistner)
3.10.0
[garden-setup]
⚠️ Breaking Changes
- [OPERATOR] Update Cert-Manager to recent version
v1.3.1
. Due to the large version jump, deploying over an existing landscape is likely to fail. (#445, @christianhuening) - [OPERATOR]
sow
version3.3.0
or higher is required. (#445, @christianhuening)
🏃 Others
- [OPERATOR] Upgrade Gardener extension provider-azure to
v1.20.1
(#497, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension provider-gcp to
v1.16.2
(#497, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension provider-openstack to
v1.19.0
(#497, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension shoot-dns-service to
v1.12.0
(#497, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension shoot-cert-service to
v1.13.0
(#497, @Diaphteiros) - [OPERATOR] Upgrade Gardener dns-controller-manager to
v0.9.0
(#497, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension provider-vsphere to
v0.9.0
(#497, @Diaphteiros) - [OPERATOR] Upgrade Gardener terminal-controller-manager to
v0.16.0
(#497, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension provider-aws to
v1.24.0
(#497, @Diaphteiros)
📰 Noteworthy
- [OPERATOR] Upgrade Gardener dashboard to
1.50.0
(#497, @Diaphteiros) - [OPERATOR] Upgrade Gardener to
v1.23.0
(#497, @Diaphteiros)
[cert-management]
🏃 Others
- [USER] changed default type of certificate secret to
kubernetes.io/tls
(gardener/cert-management#74, @MartinWeindel) - [OPERATOR] Updating controller-manager-library including K8s dependencies to v0.20.6. (gardener/cert-management#75, @MartinWeindel)
- [OPERATOR] Replacing apiVersion
extensions/v1beta1
forIngress
withnetworking.k8s.io/v1beta1
. (gardener/cert-management#75, @MartinWeindel) - [OPERATOR] Update Dockerfile base image to alpine:3.13.5 (gardener/cert-management#72, @MartinWeindel)
- [OPERATOR] updated dockerfile base image to alpine:3.13.4 and using golang@1.16.2 (gardener/cert-management#71, @MartinWeindel)
- [OPERATOR] Add certificaterevocations to clusterrole resources (gardener/cert-management#67, @wwatson13)
[cloud-provider-azure]
✨ New Features
- [DEPENDENCY]
k8s.io/legacy-cloud-providers
is now updated tov0.21.0
. (gardener-attic/cloud-provider-azure@70f2ce3)
🏃 Others
- [DEVELOPER] The alpine version has been updated to
v3.13.4
. (gardener-attic/cloud-provider-azure@32407b4) - [DEVELOPER] The Golang version has been updated to
v1.16.3
. (gardener-attic/cloud-provider-azure@32407b4)
[dashboard]
⚠️ Breaking Changes
- [OPERATOR] Please note the following breaking changes in the
values.yaml
file of thegardener-dashboard
helm chart: (gardener/dashboard#1001, @holgerkoser)- The configuration properties
tlsSecretName
,tls
andhosts
in thevalues.yaml
have been moved toingress.tls.secretName
,ingress.tls
andingress.hosts
. - The configuration property
apiServerUrl
is now a required property. The dummy default value has been removed. - The configuration property
oidc.redirectUri
is now a required property. The fallback value based on the firsthosts
entry has been removed.
- The configuration properties
✨ New Features
- [USER] Added
pathType: Prefix
to the Ingress resource (gardener/dashboard#988, @morremeyer) - [USER] You can now copy the shoot name and seed name from the cluster list page (gardener/dashboard#986, @petersutter)
- [USER] Dark Mode: The Dashboard now applies system settings by default (gardener/dashboard#978, @grolu)
- [USER]
metadata.managedFields
are now hidden by default in cluster yaml editor. You can enable them with the toggle button in the toolbar (gardener/dashboard#973, @grolu) - [USER] Added support for configuring Container Runtimes for Workers via the Dashboard (gardener/dashboard#790, @grolu)
- [OPERATOR]
gardener-dashboard
helm chart: (gardener/dashboard#1001, @holgerkoser)- Vertical Pod Autoscaler can be enabled via the configuration property
vpa
in thevalues.yaml
file of thegardener-dashboard
helm chart. - OpenID Provider certificate authority can be passed via secret reference
oidc.caSecretRef
in thevalues.yaml
file of thegardener-dashboard
helm chart.
- Vertical Pod Autoscaler can be enabled via the configuration property
- [OPERATOR] Enable asset configuration in the helm chart (gardener/dashboard#980, @morremeyer)
- [OPERATOR] The outgoing communication to all apiservers is done via
http/2
for read and write operations as well as for watches. It is assumed that these apiservers are accessible viahttp/2
. This has the following advantages: (gardener/dashboard#972, @holgerkoser)- Better performance due to reduced latency, full request and response multiplexing, HTTP header field compression and tls session resumption.
- Simpler, and more robust implementation aligned with the go-client implementation.
- A single http2 session for all watches is kept between the list and the watch call which solves the problem with diverged watch-caches on different apiserver instances.
🐛 Bug Fixes
- [USER] Fixed alternating row background styling in dark mode for worker pools, hibernation schedules and access restrictions (gardener/dashboard#1003, @grolu)
- [USER] Fixed: Autoscaler min / max or surge value not showing up in worker description if one of the values is zero (gardener/dashboard#979, @grolu)
- [OPERATOR] Fixed dependabot alerts: (gardener/dashboard#1014, @holgerkoser)
🏃 Others
- [USER] Cluster List: Show copy button on hover only (gardener/dashboard#997, @grolu)
[external-dns-management]
🐛 Bug Fixes
- [USER] updated K8s dependencies to v0.18.18 to fix deletion handling for inconsistently/wrongly disappeared source object (gardener/external-dns-management#177, @MartinWeindel)
- [USER] Deduplication of targets if mutiple CNAME targets are provided (gardener/external-dns-management#171, @MartinWeindel)
- [OPERATOR] use garden cluster identity and add dnsowner for migration (needs Gardener version >= 'v1.22.2' and < 'v1.23.0') (gardener/external-dns-management#176, @MartinWeindel)
- [OPERATOR] ensure stable provider result in method DNSProviders.LookupFor (gardener/external-dns-management#172, @MartinWeindel)
🏃 Others
- [OPERATOR] fix dnsannotation handling (gardener/external-dns-management#180, @MartinWeindel)
- [OPERATOR] Updating controller-manager-library including vendoring K8s dependencies @v0.20.6. (gardener/external-dns-management#179, @MartinWeindel)
- [OPERATOR] Replacing apiVersion
extensions/v1beta1
forIngress
withnetworking.k8s.io/v1beta1
. (gardener/external-dns-management#179, @MartinWeindel) - [OPERATOR] Only reconcile affected zones on owner changes to reduce work load (gardener/external-dns-management#178, @MartinWeindel)
- [OPERATOR] Added
external_dns_management_requests_per_zone
andexternal_dns_management_zone_cache_discardings
metrics (gardener/external-dns-management#173, @MartinWeindel)
[gardener-extension-provider-azure]
⚠️ Breaking Changes
- [USER] The Azure extension does now support shoot clusters with Kubernetes version 1.21. You should consider the Kubernetes release notes before upgrading to 1.21. Please note that both the Azure Disk CSI driver and Azure File CSI driver will be used for 1.21 shoots. They are compatible with the legacy volume provisioners, however, you might want to update your storage classes and volume handling accordingly. Please find more information about CSI in the official Kubernetes documentation. (gardener/gardener-extension-provider-azure#280, @rfranzke)
- [USER] Extension resource configs (
ControlPlaneConfigs
,WorkerConfig
) are now deserialized in "strict" mode. This means that deserializing resources with fields that are not allowed by the API schema will result in errors. Shoots containing such resources will fail with an appropriate error until you manually update the shoot to make sure any extension resource configs contained in it are valid. (gardener/gardener-extension-provider-azure#272, @stoyanr)
🐛 Bug Fixes
- [USER] A bug is fixed which blocked the deletion of vmo based Azure cluster in case the vmo resource on Azure cannot be created. (gardener/gardener-extension-provider-azure#276, @dkistner)
- [OPERATOR] An issue causing CSI PV to do not have set
spec.csi.fsType
is now fixed. The csi-provisioner is now started with--default-fstype=ext4
which is the default fstype to be used when there is no fstype specified in the StorageClass. (gardener/gardener-extension-provider-azure#299, @ialidzhikov) - [OPERATOR] A new service
allow-tcp-egress
is created in the shoot cluster to configure TCP egress traffic when using thereversed cluster vpn
feature. (gardener/gardener-extension-provider-azure#292, @kon-angelo)
🏃 Others
- [USER] The following images are updated: (gardener/gardener-extension-provider-azure#275, @ialidzhikov)
- k8s.gcr.io/sig-storage/csi-snapshotter: v2.1.4 -> v2.1.5
- k8s.gcr.io/sig-storage/snapshot-controller: v2.1.4 -> v2.1.5
- k8s.gcr.io/sig-storage/livenessprobe: v2.0.0 -> v2.2.0
- [OPERATOR] The few CSI sidecar containers that didn't specify any resource requests and limits do now specify appropriate requests and limits. (gardener/gardener-extension-provider-azure#277, @ialidzhikov)
- [OPERATOR]
⚠️ Before upgrading yourgardener/gardener-extension-provider-azure
to >= v1.20.0, please upgrade yourgardener/gardener
component version to [>= v1.14.0](https://github.com...
3.9.0
[garden-setup]
⚠️ Breaking Changes
- [OPERATOR]
⚠️ Due to the updated terraform plugins, this version of garden-setup requires terraform0.13
or higher. If thesow
image is used, version3.3.0
or higher ofsow
is required. (#452, @Diaphteiros) - [OPERATOR] Replace nginx shoot addon with managed ingress feature for shooted seeds. The behaviour when deploying over an existing landscape has not been tested. In theory, this should work, although you might experience a downtime of the seeds. This change should not cause any problems for new landscapes and for landscapes without shooted seeds created by garden-setup. (#389, @Diaphteiros)
🐛 Bug Fixes
- [OPERATOR] Fixed a bug that created an invalid DNS secret for the openstack-designate DNS service. (#455, @Diaphteiros)
- [OPERATOR] Fixed a bug that caused the dashboard component to fail if
landscape.identity.users
was not defined. (#440, @Diaphteiros)
🏃 Others
- [OPERATOR] Upgrade Gardener extension provider-vsphere to
v0.7.1
(#459, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension provider-gcp to
v1.16.0
(#459, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension provider-openstack to
v1.18.0
(#455, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension provider-aws to
v1.23.0
(#455, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension networking-calico to
v1.17.0
(#455, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension shoot-dns-service to
v1.10.0
(#455, @Diaphteiros) - [OPERATOR] Upgrade Gardener dns-controller-manager to
v0.8.3
(#455, @Diaphteiros) - [OPERATOR] The terraform modules for creation of the etcd backup bucket have been adapted for terraform 0.13 (#452, @Diaphteiros)
- [OPERATOR] Upgrade Gardener extension provider-azure to
v1.19.1
(#443, @Diaphteiros)
📰 Noteworthy
- [OPERATOR] The recommended
sow
version is now3.3.0
(#459, @Diaphteiros) - [OPERATOR] Upgrade Gardener to
v1.21.0
(#455, @Diaphteiros) - [OPERATOR] The default kubernetes versions in the cloudprofile have been updated. (#443, @Diaphteiros)
- [OPERATOR] Starting with version
v1.20
, Gardener deploys a managed istio into each seed cluster. This behaviour is deactivated in garden-setup by default. To activate the managed istio for a seed, addfeatureGates.ManagedIstio: true
andfeatureGates.APIServerSNI: true
to that seed'slandscape.iaas
entry. Please be aware that there currently is no easy way of removing istio again - if a seed with the feature gate active is deleted, the istio namespaces will be removed, but cluster-scoped resources and resources in other namespaces will be leaked in your cluster. This shouldn't be a big problem for shooted seeds though, as they will be gone when the shoot is deleted. (#443, @Diaphteiros)
[autoscaler]
📰 Noteworthy
- [USER] Enable configuraiton of flags such as
control-apiserver-burst
,control-apiserver-qps
,target-apiserver-burst
,target-apiserver-qps
andmin-resync-period
for kubernetes client configurations while fetching objects for MCM cloud provider. (gardener/autoscaler#73, @prashanth26) - [OPERATOR] Switch to using cached informers to fetch cloud provider details more optimally. (gardener/autoscaler#73, @prashanth26)
[cloud-provider-aws]
✨ New Features
- [DEPENDENCY]
k8s.io/legacy-cloud-providers
is now updated tov0.21.0
. (gardener-attic/cloud-provider-aws@2a03316)
🏃 Others
- [DEVELOPER] The alpine version has been updated to
v3.13.4
. (gardener-attic/cloud-provider-aws@bc3da69) - [DEVELOPER] The Golang version has been updated to
v1.16.3
. (gardener-attic/cloud-provider-aws@bc3da69)
[cloud-provider-azure]
✨ New Features
- [OPERATOR]
k8s.io/legacy-cloud-providers
is now updated tov0.20.2
. (gardener-attic/cloud-provider-azure@d96fb82)
🏃 Others
- [OPERATOR]
k8s.io/legacy-cloud-providers
is now updated tov0.17.17
. (gardener-attic/cloud-provider-azure@b35140c) - [OPERATOR]
k8s.io/legacy-cloud-providers
is now updated tov0.18.17
. (gardener-attic/cloud-provider-azure@377c955) - [OPERATOR]
k8s.io/legacy-cloud-providers
is now updated tov0.19.9
. (gardener-attic/cloud-provider-azure@4d262cc) - [OPERATOR]
k8s.io/legacy-cloud-providers
is now updated tov0.20.5
. (gardener-attic/cloud-provider-azure@0bce3df)
[cloud-provider-gcp]
✨ New Features
- [DEPENDENCY]
k8s.io/legacy-cloud-providers
is now updated tov0.21.0
. (gardener/cloud-provider-gcp@56c687c)
🏃 Others
- [DEVELOPER] The alpine version has been updated to
v3.13.4
. (gardener/cloud-provider-gcp@880405b) - [DEVELOPER] The Golang version has been updated to
v1.16.3
. (gardener/cloud-provider-gcp@880405b)
[external-dns-management]
🐛 Bug Fixes
- [USER] DNS entries without targets are handled as invalid and can be deleted (gardener/external-dns-management#170, @MartinWeindel)
- [OPERATOR] fix premature deletion of DNSEntry if deletion fails in provider (gardener/external-dns-management#165, @MartinWeindel)
- [OPERATOR] infoblox: fix panic on setting value for unexported field certPool (gardener/external-dns-management#155, @MartinWeindel)
🏃 Others
- [USER] improve error message for 'no domain matching zones' (gardener/external-dns-management#158, @MartinWeindel)
- [USER] The list of canonical hosted zones for creating AWS alias targets has been extended by the regions af-south-1, eu-south-1, and us-gov-east-1. The hosted zone ids for regions cn-north-1 and cn-northwest-1 have been fixed. (gardener/external-dns-management#142, @MartinWeindel)
- [OPERATOR] The
revisionHistoryLimit
of the dns-controller-managerDeployment
was increased. (gardener/external-dns-management#168, @MartinWeindel) - [OPERATOR] log if zone cache is dropped (gardener/external-dns-management#166, @MartinWeindel)
- [OPERATOR] Google CloudDNS: use project id as prefix of zone id (gardener/external-dns-management#163, @MartinWeindel)
- [OPERATOR] Fix: do not remove entry finalizer if provider backend is temporarily unavailable during reconciliation (gardener/external-dns-management#162, @MartinWeindel)
- [OPERATOR] consider provider zone on adding entries to zone (gardener/external-dns-management#160, @MartinWeindel)
- [OPERATOR] CRDs are not deployed by the helm chart with default values anymore. (gardener/external-dns-management#159, @MartinWeindel)
- [OPERATOR] The dns-controller-manager chart does now define a PriorityClass to prevent preemption. (gardener/external-dns-management#157, @ialidzhikov)
- [OPERATOR] reduce logging during provider deletion (gardener/external-dns-management#153, @MartinWeindel)
- [OPERATOR] AWS Route53: support for chain of credential providers (gardener/external-dns-management#149, @MartinWeindel)
- [OPERATOR] infoblox: set TTL on record creation explicitly (gardener/external-dns-management#148, @MartinWeindel)
- [OPERATOR] Environment variables can now be set via values.yaml (gardener/external-dns-management#139, @mganter)
- [OPERATOR] additional printer columns for DNSEntries, DNSProviders, DNSOwners (gardener/external-dns-management#138, @MartinWeindel)
- [OPERATOR] optionally specify default TTL on provider (gardener/external-dns-management#137, @MartinWeindel)
[gardener]
⚠️ Breaking Changes
- [USER] Extension resources configs, namely
ControlPlaneConfig
andWorkerConfig
, are now deserialized in "strict" mode. This means that deserializing resources with fields that are not allowed by the API schema will result in errors. Shoots containing such resources will fail with an appropriate error until you manually update the shoot to make sure any extension resources contained in it are valid. Note that due to other changes will not be able to create new shoots containing such resources, since they will be rejected by validation. (gardener/gardener#3804, @stoyanr) - [OPERATOR] The temporary workaround in the
ProblematicWebhooks
check that was skipping Shoot webhooks is now removed. Before updating to this version of Gardener, please make sure that the provider extensions in the system vendor at leastgithub.com/gardener/gardener@v1.16.0
. (gardener/gardener#3867, @ialidzhikov) - [OPERATOR]
⚠️ Gardener does no longer support shoot clusters with Kubernetes versions < 1.15. With this change, the.spec.kubernetes.kubeControllerManager.horizontalPodAutoscaler.{up,down}scaleDelay
fields have been dropped because they are no longer meaningful. Make sure to upgrade all existing clusters before upgrading to this Gardener version. (gardener/gardener#3862, @rfranzke) - [OPERATOR]
⚠️ The minimum Kubernetes version for seed clusters has been raised fromv1.11
tov1.15
. Make sure that all your registered seed clusters meet this requirement before upgrading to this Gardener version. (gardener/gardener#3862, @rfranzke) - [OPERATOR] Invalid image vectors and component image vector overwrites will cause validation errors upon reading. If you encounter such errors, make sure image vectors specified in
ConfigMap
orComponentRegistration
resources are valid. (gardener/gardener#3853, @stoyanr) - [DEPENDENCY]
⚠️ The utility functions for working withManagedResource
s have been mostly moved frompkg/operation/common
topkg/utils/managedresources
. Please note that the signature of the functions might have changed. Especially, the order of thename, namespace string
parameters is nownamespace, name string
. (gardener/gardener#3780, @rfranzke)
✨ New Features
- [USER] New
.status.advertisedAddresses
field in theShoot
resource now provides a list of advert...
3.8.0
[garden-setup]
🐛 Bug Fixes
- [OPERATOR] fix link to dex supported connectors (#434, @christianhuening)
- [OPERATOR] fixes #430 by adding ingress.class annotation to the api-server ingress definition (#431, @christianhuening)
🏃 Others
- [OPERATOR] Upgrade Gardener extension provider-openstack to
v1.16.2
(#435, @Diaphteiros) - [OPERATOR] Upgrade Gardener dns-controller-manager to
v0.8.1
(#435, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension provider-aws to
v1.22.2
(#435, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension provider-gcp to
v1.15.0
(#435, @Diaphteiros)
📰 Noteworthy
- [OPERATOR] Upgrade Gardener to
v1.19.2
(#435, @Diaphteiros)
[cloud-provider-aws]
🏃 Others
- [OPERATOR]
k8s.io/legacy-cloud-providers
is now updated tov0.17.17
. (gardener-attic/cloud-provider-aws@badfa8d) - [OPERATOR]
k8s.io/legacy-cloud-providers
is now updated tov0.18.17
. (gardener-attic/cloud-provider-aws@b9e0026) - [OPERATOR]
k8s.io/legacy-cloud-providers
is now updated tov0.19.9
. (gardener-attic/cloud-provider-aws@9f9e093) - [OPERATOR]
k8s.io/legacy-cloud-providers
is now updated tov0.20.5
. (gardener-attic/cloud-provider-aws@adf069c)
[cloud-provider-gcp]
🏃 Others
- [OPERATOR]
k8s.io/legacy-cloud-providers
is now updated tov0.17.17
. (gardener/cloud-provider-gcp@e653b08) - [OPERATOR]
k8s.io/legacy-cloud-providers
is now updated tov0.18.17
. (gardener/cloud-provider-gcp@9b73f86) - [OPERATOR]
k8s.io/legacy-cloud-providers
is now updated tov0.19.9
. (gardener/cloud-provider-gcp@5879ff3) - [OPERATOR]
k8s.io/legacy-cloud-providers
is now updated tov0.20.5
. (gardener/cloud-provider-gcp@996a14f)
[external-dns-management]
🐛 Bug Fixes
- [OPERATOR] infoblox: fix panic on setting value for unexported field certPool (gardener/external-dns-management#155, @MartinWeindel)
🏃 Others
- [USER] improve error message for 'no domain matching zones' (gardener/external-dns-management#158, @MartinWeindel)
- [OPERATOR] Fix: do not remove entry finalizer if provider backend is temporarily unavailable during reconciliation (gardener/external-dns-management#162, @MartinWeindel)
- [OPERATOR] consider provider zone on adding entries to zone (gardener/external-dns-management#160, @MartinWeindel)
- [OPERATOR] CRDs are not deployed by the helm chart with default values anymore. (gardener/external-dns-management#159, @MartinWeindel)
- [OPERATOR] The dns-controller-manager chart does now define a PriorityClass to prevent preemption. (gardener/external-dns-management#157, @ialidzhikov)
- [OPERATOR] reduce logging during provider deletion (gardener/external-dns-management#153, @MartinWeindel)
[gardener]
⚠️ Breaking Changes
- [OPERATOR] The default leader election resource lock of
gardener-controller-manager
,gardener-scheduler
andgardenlet
has been changed toleases
. (gardener/gardener#3719, @timebertt)- Please make sure, that the components have permissions to create, get, watch and update
leases.coordination.k8s.io
in the respective clusters. - And please make sure, that you had at least
gardener@v1.17
running before upgrading tov1.19
, so that all components have successfully required leadership with the hybrid resource lock (configmapsleases
) at least once.
- Please make sure, that the components have permissions to create, get, watch and update
- [OPERATOR] The
ManagedIstio
andAPIServerSNI
feature gates in thegardenlet
have been promoted to beta and are now enabled by default. If you run your own istio installation then you have to disable theManagedIstio
feature gate (and probably also theAPIServerSNI
) in your gardenlet configurations. (gardener/gardener#3633, @rfranzke)
🐛 Bug Fixes
- [USER] An issue causing causing the deletion of hibernated Shoot to fail is now fixed. (gardener/gardener#3791, @ialidzhikov)
- [USER] A transient error which may occur when a hibernated shoot cluster is woken up again right away has been fixed. (gardener/gardener#3749, @vpnachev)
- [OPERATOR] Fix a bug where the
gardenlet
was not updating theallow-to-seed-apiserver
network policy with the IP address of the seed's API server when theAPIServerSNI
feature gate is just enabled. (gardener/gardener#3743, @vpnachev) - [OPERATOR] The
istiod
deployment in theistio-system
namespace now has replicas set to 2 and can be properly scaled by its corresponding VPA. (gardener/gardener#3691, @plkokanov) - [OPERATOR] Added resource requests and limits to the
apiserver-proxy-pod-mutator
container which should allow the corresponding HPA to properly read CPU metrics from thekube-apiserver
when SNI is enabled. (gardener/gardener#3691, @plkokanov) - [OPERATOR] A bug preventing seed deletion to hang due to already deleted CRD
etcds.druid.gardener.cloud
is now fixed. (gardener/gardener#3686, @stoyanr) - [OPERATOR] An issue preventing kube-controller-manager to approve the CSR for kubelet certificate renewal is now fixed. (gardener/gardener#3684, @majst01)
- [OPERATOR] An issue causing gardenlet to fail to remove the finalizer of the Seed Secret (
.spec.secretRef
) is now fixed. (gardener/gardener#3677, @ialidzhikov) - [OPERATOR] Increase CoreDNS memory limits to avoid OOMKill. (gardener/gardener#3675, @amshuman-kr)
- [OPERATOR] An issue preventing the status of the BackupBucket to be properly updated is now fixed. (gardener/gardener#3673, @MartinWeindel)
- [OPERATOR] Some issues with hanging
ControllerInstallations
have been resolved, that caused theSeed
deletion to deadlock and required manual cleanup. (gardener/gardener#3653, @timebertt) - [OPERATOR]
extensions/pkg/controller/controlplane/genericactuator.Actuator
can now use a separate ManagedResource for ControlPlane CRDs that are installed in the Shoot cluster to separate the deletion of CRDs from the deletion of the RBAC for controller leader election. (gardener/gardener#3562, @ialidzhikov) - [DEPENDENCY] An issue causing nil pointer dereference in the extension library is now fixed. (gardener/gardener#3730, @ialidzhikov)
🏃 Others
- [OPERATOR] Infrastructure dependency errors containing the
RetryableError
will not stop automatic reconciliation attempts. (gardener/gardener#3792, @ialidzhikov) - [OPERATOR]
istio-ingressgateway
memory limit is increased to2048Mi
(gardener/gardener#3732, @mvladev) - [OPERATOR] Allow ingress traffic to coredns from a pod running with
hostNetwork: true
anddnsPolicy: ClusterFirstWithHostNet
(gardener/gardener#3687, @DockToFuture) - [OPERATOR] VPA minAllowed configuration for metrics-server. (gardener/gardener#3682, @amshuman-kr)
- [OPERATOR] A new error code for retryable configuration problems (for example misconfigured PodDisruptoinBudget that does not allow voluntary Pod evictions) is now added. (gardener/gardener#3645, @ialidzhikov)
- [DEVELOPER] The golang base image is updated to
1.15.9
. The alpine base image is updated to3.13.2
. (gardener/gardener#3688, @ialidzhikov) - [DEVELOPER] The GEP template and process description was updated. Please take a few minutes to familiarize yourself with the latest changes before working on a GEP. (gardener/gardener#3657, @timebertt)
📰 Noteworthy
- [USER] Every shoot worker node now randomly delays the execution of the cloud-config user data by up to
5m
(earlier, the maximum delay was ~30s
). This is to prevent too many systemd unit restarts (e.g., kubelet restarts) at the ~same time when there is a change (e.g., a Kubernetes patch version update). (gardener/gardener#3715, @rfranzke) - [USER] When a shoot is erroring with
ERR_INFRA_INSUFFICIENT_PRIVILEGES
,ERR_INFRA_QUOTA_EXCEEDED
orERR_INFRA_DEPENDENCIES
then it is now immediately set to theFailed
status (this already happens also forERR_INFRA_UNAUTHORIZED
orERR_CONFIGURATION_PROBLEM
). This prevents Gardener from automatically retrying the operation. If you are hit by it, please manually retry the operation once you have resolved the issue. (gardener/gardener#3662, @rfranzke) - [DEPENDENCY]
⚠️ Go dependencies tokubernetes/*
andkubernetes-sigs/controller-runtime
were updated tov0.20.2
andv0.8.3
respectively. (gardener/gardener#3651, @rfranzke)
[gardener-extension-provider-aws]
🐛 Bug Fixes
- [USER] An issue causing provider-aws to fail to delete Infrastructure when there are more than 20 LBs associated to the VPC is now fixed. (gardener/gardener-extension-provider-aws#305, @ialidzhikov)
- [USER] An issue causing Infrastructure reconciliation to fail because of insufficient privileges is now fixed. (gardener/gardener-extension-provider-aws#302, @ialidzhikov)
🏃 Others
- [USER] The load balancers and security groups are again explicitly deleted by the AWS provider extension (independent of the Kubernetes version used by the shoot cluster). The number of API calls have been reduced to the absolute minimum. (gardener/gardener-extension-provider-aws#295, @rfranzke)
- [DEVELOPER]
github.com/gardener/gardener
dependency is now updated tov1.19.0
. For the complete list of changes, see the release notes. (gardener/gardener-extension-provider-aws#297, @ialidzhikov)
[gardener-extension-provider-gcp]
⚠️ Breaking Changes
- [OPERATOR] The
ValidatingWebhookConfiguration
of the GCP admission controller has been changed from versionv1beta1
tov1
. Please make sure to deploy the admission controller only to clusters with a Kubernetes version >= 1.16 (gardener/gardener-extension-provider-gcp#230, @timuthy)
✨ New Features
- [OPERATOR] The secrets and conf...
3.7.0
[garden-setup]
🐛 Bug Fixes
- [OPERATOR] Fixed a bug that occurred when trying to deactivate backups which would otherwise have been stored in a GCS bucket. (#417, @Diaphteiros)
🏃 Others
- [OPERATOR] Upgrade Gardener extension networking-calico to
v1.16.0
(#418, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension shoot-cert-service to
v1.12.0
(#418, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension provider-vsphere to
v0.6.0
(#418, @Diaphteiros) - [OPERATOR] Upgrade Gardener extension provider-aws to
v1.21.0
(#418, @Diaphteiros)
📰 Noteworthy
- [OPERATOR] Upgrade Gardener to
v1.18.1
(#418, @Diaphteiros)
[cert-management]
🏃 Others
- [USER] events are created on reconciliation of certificate objects (gardener/cert-management#66, @MartinWeindel)
- [USER] tuning timeouts to better deal with long dns propagation for some DNS backends (gardener/cert-management#65, @MartinWeindel)
[gardener]
⚠️ Breaking Changes
- [OPERATOR] The
gardener-admission-controller
configuration API and http endpoints were changed in several aspects: (gardener/gardener#3577, @timebertt)- the fields
server.https.tls.server{Cert,Key}Path
have been removed in favor ofserver.https.tls.serverCertDir
(the cert directory is expected to contain atls.crt
andtls.key
file) - metrics and health endpoints are now exposed as plain HTTP endpoints on dedicated ports (configurable via
server.{healthProbes,metrics}.port
- the
gardener-admission-controller
service included in Gardener's helm chart has a new named port (metrics
) for exposing the metrics endpoint - If you deploy this component/configuration manually, please adapt your usage accordingly. Gardener's helm charts were adapted to the changes.
- the fields
- [OPERATOR] The
.controllers.shootedSeedRegistration
field has been removed from theGardenletConfiguration
in favor of the newly introducedManagedSeed
controller (configurable via.controllers.managedSeed
). Please adapt your Gardenlet Helm chart values and/or example Gardenlet configuration files. (gardener/gardener#3418, @stoyanr) - [DEVELOPER] Semantics of
controllerutils.{EnsureFinalizer,RemoveFinalizer}
were changed. Both funcs now usePATCH
requests instead ofUPDATE
andRemoveFinalizer
expects an additionalclient.Reader
for reading from the API server. (gardener/gardener#3641, @timebertt)- Please use
controllerutils.{PatchFinalizers,PatchRemoveFinalizers}
preferably were applicable, if your controller is able to tolerate conflict errors tolerated by stale reads.
- Please use
- [DEVELOPER] The
.controllers.shootedSeedRegistration
field has been removed from theGardenletConfiguration
in favor of the newly introducedManagedSeed
controller (configurable via.controllers.managedSeed
). Please runmake dev-setup
or manually copyexample/20-componentconfig-gardenlet.yaml
over your old configuration file. (gardener/gardener#3418, @stoyanr) - [DEPENDENCY] Semantics of
controllerutils.{EnsureFinalizer,RemoveFinalizer}
were changed. Both funcs now usePATCH
requests instead ofUPDATE
andRemoveFinalizer
expects an additionalclient.Reader
for reading from the API server. (gardener/gardener#3641, @timebertt)extensioncontroller.{EnsureFinalizer,DeleteFinalizer}
have been removed in favor of the funcs incontrollerutils
.controllerutils.PatchFinalizers
was renamed toPatchAddFinalizers
.
- [DEPENDENCY] The mocks for Gardener packages were moved to dedicated folders in the respective package directories, i.e., if there is package
foo
in./pkg/path/to/foo
then the mock would be inpkg/path/to/foo/mock
instead of./pkg/mock/gardener/path/to/foo
. Only the mocks for third-party/vendored packages remain in./pkg/mock
. (gardener/gardener#3640, @rfranzke) - [DEPENDENCY] The already deprecated packages
github.com/gardener/gardener/pkg/version
andgithub.com/gardener/gardener/pkg/version/verflag
are now removed. (gardener/gardener#3626, @ialidzhikov)
✨ New Features
- [OPERATOR] It is now configurable for which shoot purposes the
BackupEntry
deletion grace period applies. An empty list (default) means that it applies for all shoot purposes (as it was earlier). If you want to only select specific purposes then please configure.controllers.backupEntry.deletionGracePeriodShootPurposes[]
in the gardenlet's component configuration. (gardener/gardener#3637, @rfranzke) - [OPERATOR] CoreDNS deployment of shoot clusters can now be automatically restarted during the shoot's maintenance time window. This is used to solve problems with clients stuck to single replica of the deployment and thus overloading it. The feature can be enabled via the
ControllerManagerConfiguration
under.controllers.shootMaintecance.enableShootCoreAddonRestarter
(seeexample/20-componentconfig-gardener-controller-manager.yaml
). (gardener/gardener#3596, @vpnachev) - [OPERATOR] An additional change detection mechanism for the file
download-cloud-config.sh
is now used to ensure the file is up-to-date even after VM reboot. (gardener/gardener#3583, @vpnachev) - [OPERATOR] A new
Seed
reconciler was added to the Gardener-Controller-Manager. It creates a dedicated namespace per seed in the Garden clusterseed-<seed-name>
and copies common secrets from thegarden
Namespace (labelled withgardener.cloud/role
) to the seed namespace. Gardenlets are supposed to read secrets (or namespaced objects in general) from seed dedicated namespaces only in the future. (gardener/gardener#3582, @timuthy) - [OPERATOR]
gardener-admission-controller
now exposes several metrics about its webhooks (e.g.controller_runtime_webhook_latency_seconds_bucket
,controller_runtime_webhook_requests_in_flight
andcontroller_runtime_webhook_requests_total
) (gardener/gardener#3577, @timebertt)- The metric
gardener_admission_controller_invalid_webhook_requests_total
was removed in favor of the newly added metrics.
- The metric
- [OPERATOR]
Seed
resources now have a new condition typeBackupBucketsReady
that is added when the corresponding seed has a backup configuration or relatedBackupBuckets
.Seeds
whoseBackupBucketsReady
condition isstatus: "False"
are consideredNotReady
and thus are excluded from scheduling during that time. (gardener/gardener#3531, @timuthy) - [OPERATOR] A new
ManagedSeed
resource and its corresponding controller have been added and the existing shooted seed registration controller has been reworked to use them. (gardener/gardener#3418, @stoyanr)
🐛 Bug Fixes
- [USER] A potential
nil
pointer exception in theShoot
validation (leading to503
responses fromgardener-apiserver
) when validating PID reservations (e.g., inkubeReserved
orsystemReserved
) has been fixed. (gardener/gardener#3632, @rfranzke) - [OPERATOR] An issue preventing kube-controller-manager to approve the CSR for kubelet certificate renewal is now fixed. (gardener/gardener#3704, @ialidzhikov)
- [OPERATOR] The
istiod
deployment in theistio-system
namespace now has replicas set to 2 and can be properly scaled by its corresponding VPA. (gardener/gardener#3692, @ialidzhikov) - [OPERATOR] Added resource requests and limits to the
apiserver-proxy-pod-mutator
container which should allow the corresponding HPA to properly read CPU metrics from thekube-apiserver
when SNI is enabled. (gardener/gardener#3692, @ialidzhikov) - [OPERATOR] A bug preventing seed deletion to hang due to already deleted CRD
etcds.druid.gardener.cloud
is now fixed. (gardener/gardener#3689, @vpnachev) - [OPERATOR] An issue causing gardenlet to fail to remove the finalizer of the Seed Secret (
.spec.secretRef
) is now fixed. (gardener/gardener#3678, @ialidzhikov) - [OPERATOR] Fixed nil pointer exception that occurs when there are still extension resources in the
Seed
, but theCluster
resource has been deleted. (gardener/gardener#3622, @plkokanov) - [OPERATOR] Fix a bug where
cloud-config-downloder
systemd service is set toFailed
with statusstart-limit-hit
if it is requested to be restarted via the node annotationworker.gardener.cloud/restart-systemd-services
. (gardener/gardener#3593, @vpnachev) - [OPERATOR] Fixed an issue with enabling
KonnectivtyTunnel
via annotation (alpha.featuregates.shoot.gardener.cloud/konnectivity-tunnel: "false"
) onAPIServerSNI
-enabled Seed cluster causing the tunnel to not be opened. (gardener/gardener#3586, @mvladev) - [OPERATOR] An issue causing gardener-controller-manager to not be able to delete a Plant when the Plant Secret is not found is now fixed. (gardener/gardener#3584, @ialidzhikov)
- [OPERATOR]
gardener-controller-manager
now waits for a project's namespace to be empty before continuing with releasing the namespace and deleting the project. (gardener/gardener#3578, @timebertt)
🏃 Others
- [USER] The external DNS record for the kubernetes API server is now deleted after the kubernetes API server. This is useful for shoot cluster owners that need to clean some kubernetes resources that can cause the shoot cluster deletion to stuck. (gardener/gardener#3576, @vpnachev)
- [OPERATOR] VPA minAllowed configuration for metrics-server. (gardener/gardener#3695, @vpnachev)
- [OPERATOR] A new error code for retryable configuration problems (for example misconfigured PodDisruptoinBudget that does not allow voluntary Pod evictions) is now added. (gardener/gardener#3665, @danielfoehrKn)
- [OPERATOR]
istiod
is now scaled automatically byVerticalPodAutoscaler
instead ofHorizontalPodAutoscaler
. This fixes OOMKilled issues on big Seed clusters. (gardener/gardener#3613, @mvladev) - [OPERATOR] Gardener now deploys the Cluster-Autoscaler earlier during the shoot creation which enables self healing for creation failures due to over-provisioned small machines. (gardener/gardener#3612, @timuthy)
- [OPERATOR] Node exporter provides the metric node...