Releases: gardener/gardener-extension-provider-gcp
v1.22.1
[gardener-extension-provider-gcp]
🐛 Bug Fixes
- [USER] provider-gcp will now use
external-provisioner@v2.1.0
for K8s< 1.22
clusters. This is to ensure that no new PVs affected by https://issues.k8s.io/109354 will be created (incl. during the upgrade from 1.20 to 1.21). For more details see https://issues.k8s.io/109354 and this document. For K8s>= 1.22
clusters provider-gcp will continue to useexternal-provisioner@v2.1.2
as before. (gardener/gardener-extension-provider-gcp#440, @ialidzhikov)
v1.22.0
[gardener-extension-provider-gcp]
⚠️ Breaking Changes
- [OPERATOR] This version of admission-gcp requires the SecretBinding provider controller to be enabled - enabled by default for gardener-controller-manager >= 1.42 or can be enabled via the gardener-controller-manager component config. (gardener/gardener-extension-provider-gcp#396, @ialidzhikov)
✨ New Features
- [USER] The provider-gcp extension now installs the external-snapshotter's validating webhook server for VolumeSnapshot and VolumeSnapshotContent objects. For more details check the corresponding KEP. (gardener/gardener-extension-provider-gcp#398, @acumino)
- [USER] extension gcp now can read nodeTemplate from worker resource and fill it in machineClass. It prioritizes nodeTemplate provided by user in
providerConfig
(underworker
section in shoot yaml) over worker resource's nodeTemplate, if user provides it. (gardener/gardener-extension-provider-gcp#355, @himanshu-kun) - [DEVELOPER] provider-gcp and admission-gcp components now support
--version
flag that prints the component version information and useful metadata. (gardener/gardener-extension-provider-gcp#414, @ialidzhikov)
🐛 Bug Fixes
- [USER] An issue preventing load balancers from being functional for K8s 1.23 clusters has been fixed. (gardener/gardener-extension-provider-gcp#408, @rfranzke)
- [OPERATOR] An issue has been fixed with the
csi-driver-node
PodSecurityPolicy which blocked the creation of new CSI-Driver pods becauseprojected
volumes are not permitted. (gardener/gardener-extension-provider-gcp#403, @timuthy)
🏃 Others
- [OPERATOR] The following dependency is updated: (gardener/gardener-extension-provider-gcp#411, @kon-angelo)
- github.com/gardener/gardener: v1.40.2 -> v1.42.3
- [OPERATOR] The monitoring dashboards provided by this extension: (gardener/gardener-extension-provider-gcp#400, @ialidzhikov)
- are now using UTC by default (instead of the browser time)
- do no longer auto refresh by default
- [OPERATOR] The
terraformer
pod deployed as part of shoot control planes is now using auto-rotatedServiceAccount
tokens when communicating with the seed cluster. (gardener/gardener-extension-provider-gcp#399, @rfranzke) - [OPERATOR] The
gardener-extension-admission-gcp
webhook now contains an object selector for provider type label. Please make sure you are runninggardener@v1.42
or later before enabling the same. (gardener/gardener-extension-provider-gcp#397, @shafeeqes) - [OPERATOR] The Secrets webhook of admission-gcp: (gardener/gardener-extension-provider-gcp#396, @ialidzhikov)
- no longer intercepts every Secret UPDATE request but only requests for Secrets that are associated with a SecretBinding with
provider.type=gcp
. - no longer needs to list Shoots (hence, no cache for Shoots)
- no longer intercepts every Secret UPDATE request but only requests for Secrets that are associated with a SecretBinding with
[machine-controller-manager]
🐛 Bug Fixes
- [USER] The value for key
cluster-autoscaler.kubernetes.io/scale-down-disabled
placed by MCM is nowtrue
and notTrue
. This typo stopped MCM from disabling CA from scaling down during rolling update. (gardener/machine-controller-manager#685, @himanshu-kun) - [USER] MCM now marks 1 machine per machineDeployment as Failed at a time in case of healthTimeout. This is introduced to deal with meltdown scenario (gardener/machine-controller-manager#683, @himanshu-kun)
- [USER] typo stopping scaleDown disabling during cluster rollout is fixed (gardener/machine-controller-manager#687, @himanshu-kun)
🏃 Others
- [OPERATOR] machine-controller-manager does now log the Node conditions when it considers Machine as unhealthy (and changes its state to
Unknown
). (gardener/machine-controller-manager#676, @ialidzhikov)
[machine-controller-manager-provider-gcp]
🏃 Others
- [USER] Vendor
machine-controller-manager
v0.44.0 with meltdown fix added. Now only one machine per machineDeployment could get healthTimeout collected at a time. (gardener/machine-controller-manager-provider-gcp#35, @kon-angelo)
📰 Noteworthy
- [DEVELOPER] Updated golang to version
1.17.5
(gardener/machine-controller-manager-provider-gcp#30, @himanshu-kun)
[terraformer]
🏃 Others
- [OPERATOR] terraform has been upgraded to 0.15.5 (gardener/terraformer#107, @stoyanr)
v1.21.3
[gardener-extension-provider-gcp]
🐛 Bug Fixes
- [USER] An issue preventing load balancers from being functional for K8s 1.23 clusters has been fixed. (gardener/gardener-extension-provider-gcp#409, @ialidzhikov)
Docker Images
gardener-extension-provider-gcp: eu.gcr.io/gardener-project/gardener/extensions/provider-gcp:v1.21.3
gardener-extension-admission-gcp: eu.gcr.io/gardener-project/gardener/extensions/admission-gcp:v1.21.3
v1.21.2
[machine-controller-manager]
🐛 Bug Fixes
- [USER] typo stopping scaleDown disabling during cluster rollout is fixed (gardener/machine-controller-manager#687, @himanshu-kun)
Docker Images
gardener-extension-provider-gcp: eu.gcr.io/gardener-project/gardener/extensions/provider-gcp:v1.21.2
gardener-extension-admission-gcp: eu.gcr.io/gardener-project/gardener/extensions/admission-gcp:v1.21.2
v1.21.1
[gardener-extension-provider-gcp]
🐛 Bug Fixes
- [OPERATOR] An issue has been fixed with the
csi-driver-node
PodSecurityPolicy which blocked the creation of new CSI-Driver pods becauseprojected
volumes are not permitted. (gardener/gardener-extension-provider-gcp#404, @ialidzhikov)
v1.21.0
[gardener-extension-provider-gcp]
✨ New Features
- [USER] The GCP extension does now support shoot clusters with Kubernetes version 1.23. You should consider the Kubernetes release notes before upgrading to 1.23. (gardener/gardener-extension-provider-gcp#383, @rfranzke)
- [USER] In case
gardener/gardener
'sWorkerPoolKubernetesVersion
feature gate is enabled, it's possible having worker pools with overridden Kubernetes versions forShoot
s whose.spec.kubernetes.version
is greater or equal than the CSI migration version (1.18
). (gardener/gardener-extension-provider-gcp#382, @rfranzke) - [OPERATOR] This extension does now support
gardener/gardener
'sWorkerPoolKubernetesVersion
feature gate, i.e., having worker pools with overridden Kubernetes versions. (gardener/gardener-extension-provider-gcp#382, @rfranzke) - [OPERATOR]
gardener-extension-admission-gcp
now supports configuration for enabling service account token volume projection. It is exposed through the.Values.global.serviceAccountTokenVolumeProjection
section in the respective chart's values. (gardener/gardener-extension-provider-gcp#380, @dimityrmirchev) - [OPERATOR] It is now possible to configure a
user
instead of aserviceaccount
subject in theclusterrolebinding
for thegardener-extension-admission-gcp
when using virtual garden setup by setting.Values.global.virtualGarden.user.name
. (gardener/gardener-extension-provider-gcp#380, @dimityrmirchev)
🐛 Bug Fixes
- [USER] The validation of the Worker's
.providerConfig.serviceAccount.email
is no longer omitted and the field cannot be empty or invalid. (gardener/gardener-extension-provider-gcp#389, @vlvasilev) - [OPERATOR] The following dependency is updated: (gardener/gardener-extension-provider-gcp#386, @ialidzhikov)
- github.com/gardener/gardener: v1.39.0 -> v1.39.4
🏃 Others
- [OPERATOR] The CPU limit of
csi-driver-node/csi-driver
is increased from 50m to 100m to allow bigger bursts. (gardener/gardener-extension-provider-gcp#393, @vpnachev) - [OPERATOR] The following images are updated: (gardener/gardener-extension-provider-gcp#372, @acumino)
- gcr.io/gke-release/gcp-compute-persistent-disk-csi-driver v1.0.1-gke.0 -> v1.3.4-gke.0
📰 Noteworthy
- [OPERATOR] The extension controller uses a projected
ServiceAccount
token in case it runs on a seed with a gardenlet of at leastv1.37
or higher. Similarly, the components deployed into shoot namespaces will no longer use a client certificate but an auto-rotatedServiceAccount
token which is only valid for12h
. (gardener/gardener-extension-provider-gcp#368, @rfranzke)
[cloud-provider-gcp]
✨ New Features
- [DEPENDENCY]
k8s.io/legacy-cloud-providers
is now updated tov1.23.2
. (gardener/cloud-provider-gcp@d41cc9f035bc) - [DEPENDENCY]
k8s.io/legacy-cloud-providers
is now updated tov0.22.6
. (gardener/cloud-provider-gcp@6f87ed1cc00b) - [DEPENDENCY]
k8s.io/legacy-cloud-providers
is now updated tov0.21.9
. (gardener/cloud-provider-gcp@a2f06f4ba9f3) - [DEPENDENCY]
k8s.io/legacy-cloud-providers
is now updated tov0.20.15
. (gardener/cloud-provider-gcp@372aa43fbacd)
🏃 Others
- [DEVELOPER] The alpine version has been updated to
v3.13.7
. (gardener/cloud-provider-gcp@b7eb3f56b252)
[machine-controller-manager]
⚠️ Breaking Changes
- [OPERATOR] Components that deploy the
machine-controller-manager
will now have to adapt the RBAC rules to allowmachine-controller-manager
to maintain its leader election resource lock inleases
as well. (gardener/machine-controller-manager#662, @acumino)
✨ New Features
- [OPERATOR] orphan collection is also triggered if machine obj is updated with having multiple backing VMs (gardener/machine-controller-manager#667, @himanshu-kun)
🏃 Others
- [USER] Updated golang version to v1.17 (gardener/machine-controller-manager#664, @AxiomSamarth)
- [OPERATOR] The default leader election resource lock of
machine-controller-manager
has been changed fromendpoints
toendpointsleases
. (gardener/machine-controller-manager#662, @acumino)
[terraformer]
🏃 Others
- [OPERATOR] The following terraform provider plugins are updated: (gardener/terraformer#108, @ialidzhikov)
- hashicorp/terraform-provider-aws: 3.63.0 -> 3.66.0
- [OPERATOR] terraform has been upgraded to 0.14.11 (gardener/terraformer#106, @stoyanr)
📰 Noteworthy
- [OPERATOR] The following terraform provider plugin is updated: (gardener/terraformer#116, @molecule-z)
aliyun/terraform-provider-alicloud
:1.124.2
->1.149.0
v1.20.1
[gardener-extension-provider-gcp]
🏃 Others
- [OPERATOR] The CPU limit of
csi-driver-node/csi-driver
is increased from 50m to 100m to allow bigger bursts. (gardener/gardener-extension-provider-gcp#394, @vpnachev)
v1.20.0
[gardener-extension-provider-gcp]
⚠️ Breaking Changes
- [OPERATOR] Removed cleanup logic for GCPMachineClass objects. (gardener/gardener-extension-provider-gcp#360, @kon-angelo)
✨ New Features
- [OPERATOR] It is now possible to specify a zone name prefixed with the project id, in addition to an unprefixed zone name, in the
spec.zone
field of aDNSRecord
resource. (gardener/gardener-extension-provider-gcp#350, @stoyanr)
🐛 Bug Fixes
- [USER] The cloud NAT IP validation has been fixed to correctly recognise if the external IP address is in use by the shoot's router. (gardener/gardener-extension-provider-gcp#331, @stoyanr)
🏃 Others
- [OPERATOR] The admission webhook validating the minimum workers in a pool to be >= number of availability zones has been made backward compatible with shoot clusters that have been created before this admission check to be implemented. (gardener/gardener-extension-provider-gcp#352, @vpnachev)
- [OPERATOR] Improve the
Shoot
validation error when the.spec.provider.workers[].minimum
value is less than the number of.spec.provider.workers[].zones
. (gardener/gardener-extension-provider-gcp#336, @plkokanov) - [OPERATOR] Handle extensionsv1alpha1.Bastion resources for SSH access to worker instances (gardener/gardener-extension-provider-gcp#288, @tedteng)
- [DEVELOPER] The
rewrite_tag
filter in the logging configuration is replaced bymodify
one (gardener/gardener-extension-provider-gcp#338, @vlvasilev)
📰 Noteworthy
- [USER] Since go1.17 both
net.ParseIP
andnet.ParseCIDR
reject leading zeros in the dot-decimal notation of IPv4 addresses. With the update to go1.17, admission-gcp now rejects Shoot objects with CIDR ranges that have such leading zeros in the dot-decimal notation. Before updating to this version of admission-gcp, make sure that there are no Shoot objects with leading zeros in the dot-decimal notation of an IPv4 address. For reference: https://nvd.nist.gov/vuln/detail/CVE-2021-29923 (gardener/gardener-extension-provider-gcp#364, @rfranzke) - [DEVELOPER] The Golang version has been updated to
1.17.5
. (gardener/gardener-extension-provider-gcp#364, @rfranzke)
[machine-controller-manager]
✨ New Features
- [USER] End User can now delete the backing machine object of the node instantly by annotating the desired node with 'node.machine.sapcloud.io/trigger-deletion-by-mcm="true"` (gardener/machine-controller-manager#648, @AxiomSamarth)
- [USER] Added *expectedNodeDetails field to the MachineClass API (gardener/machine-controller-manager#644, @AxiomSamarth)
🐛 Bug Fixes
- [OPERATOR] A bug has been fixed in the pre-delivered CRD manifests for MCM (
/kubernetes/crds
). It caused data to be pruned from MCM related resources and led to reconciliation issues. (gardener/machine-controller-manager#641, @timuthy)
📖 Documentation
- [DEVELOPER]
make generate
now generates v1 version of CRDs by default instead of v1beta1. (gardener/machine-controller-manager#640, @himanshu-kun)
🏃 Others
- [USER] Update Kubernetes dependency versions to v1.20.6 (gardener/machine-controller-manager#601, @AxiomSamarth)
[terraformer]
🐛 Bug Fixes
- [DEVELOPER] A bug has been fixed preventing to use Terraformer with a Terraform version >= 0.13. (gardener/terraformer#102, @rfranzke)
🏃 Others
- [OPERATOR] terraform has been upgraded to 0.13.7 (gardener/terraformer#105, @stoyanr)
- [OPERATOR] The following terraform provider plugins are updated: (gardener/terraformer#104, @ialidzhikov)
- hashicorp/terraform-provider-aws: 3.54.0 -> 3.63.0
- [OPERATOR] The following terraform provider plugins are updated: (gardener/terraformer#101, @ialidzhikov)
- hashicorp/terraform-provider-aws: 3.32.0 -> 3.54.0
📰 Noteworthy
- [DEVELOPER] The version for the
equinixmetal
Terraform provider plugin has been updated to3.1.0
. (gardener/terraformer#103, @rfranzke)
v1.19.2
[gardener-extension-provider-gcp]
🏃 Others
- [OPERATOR] Improve the
Shoot
validation error when the.spec.provider.workers[].minimum
value is less than the number of.spec.provider.workers[].zones
. (gardener/gardener-extension-provider-gcp#354, @vpnachev) - [OPERATOR] The admission webhook validating the minimum workers in a pool to be >= number of availability zones has been made backward compatible with shoot clusters that have been created before this admission check to be implemented. (gardener/gardener-extension-provider-gcp#354, @vpnachev)
Docker Images
gardener-extension-provider-gcp: eu.gcr.io/gardener-project/gardener/extensions/provider-gcp:v1.19.2
gardener-extension-admission-gcp: eu.gcr.io/gardener-project/gardener/extensions/admission-gcp:v1.19.2
v1.19.1
[gardener-extension-provider-gcp]
🐛 Bug Fixes
- [USER] The cloud NAT IP validation has been fixed to correctly recognise if the external IP address is in use by the shoot's router. (gardener/gardener-extension-provider-gcp#332, @stoyanr)
Docker Images
gardener-extension-provider-gcp: eu.gcr.io/gardener-project/gardener/extensions/provider-gcp:v1.19.1
gardener-extension-admission-gcp: eu.gcr.io/gardener-project/gardener/extensions/admission-gcp:v1.19.1