Skip to content

Releases: gardener/documentation

v1.18.0

28 Mar 04:54
@gardener-robot-ci-1 gardener-robot-ci-1
v1.18.0
cf113a6
Compare
Choose a tag to compare
v1.18.0 Latest
Latest

[documentation]

🏃 Others

📰 Noteworthy

Assets 3
Loading

v1.17.1

02 Mar 12:13
@gardener-robot-ci-3 gardener-robot-ci-3
v1.17.1
3c4b238
Compare
Choose a tag to compare
v1.17.1

[autoscaler]

🏃 Others

  • [USER] Support the latest zone label topology.kubernetes.io/zone in addition to the existing failure-domain.beta.kubernetes.io/zone while determining the zone for AWS machines. (gardener/autoscaler#70, @prashanth26)
  • [USER] Allow scaling up from zero using the latest stable zone, region, arch, OS, instanceType labels on node objects. (gardener/autoscaler#70, @prashanth26)

[gardener]

⚠️ Breaking Changes

  • [USER] The already deprecated annotation keys confirmation.garden.sapcloud.io/deletion and shoot.garden.sapcloud.io/operation are no longer respected by Gardener components. If you are still using the deprecated annotation keys, please switch the the equivalents from the new API group - respectively confirmation.gardener.cloud/deletion and gardener.cloud/operation. (gardener/gardener#3375, @ialidzhikov)
  • [OPERATOR] The default leader election resource lock of gardener-controller-manager, gardener-scheduler and gardenlet has been changed to configmapsleases. This is a preparation to eventually migrate to leases after a few releases. Please make sure, that the components have permissions to create, get, watch and update leases.coordination.k8s.io in the respective clusters. (gardener/gardener#3535, @timebertt)
  • [OPERATOR] Gardener components now use the protobuf content type wherever possible when talking to the Gardener or Kubernetes APIs, if the content type fields are left empty in the respective component configs. (gardener/gardener#3467, @timebertt)
    • Operators can override this behavior by explicitly specifying application/json as the content type in the respective component configs.
  • [OPERATOR] The check for stale extension health checks is now switched from controllers.shootCare.staleExtensionHealthCheckThreshold to controllers.shootCare.staleExtensionHealthChecks.{enabled,threshold} in the GardenletConfiguration. It is now configurable and enabled by default. (gardener/gardener#3390, @ialidzhikov)
  • [OPERATOR] Deprecated ingress hostnames i.e., AlertManager - au.<shoot-name>.<project-name>.<seed-ingress-domain>, Grafana - gu.<shoot-name>.<project-name>.<seed-ingress-domain>, go.<shoot-name>.<project-name>.<seed-ingress-domain>, Prometheus - p.<shoot-name>.<project-name>.<seed-ingress-domain> were removed and will not be reachable anymore. Please use the hostnames introduced with Gardener v0.34.0 instead. (gardener/gardener#3380, @timuthy)
  • [OPERATOR] gardenlet's shoot-care-control is now using the gardener.cloud/role label key (until now it was garden.sapcloud.io/role) to perform health checks on controlplane components. Make sure you have first upgraded to at least Gardener v1.14 before you upgrade to this version of Gardener. (gardener/gardener#3350, @ialidzhikov)
  • [OPERATOR] With the activated cluster-autoscaler during roll-outs, following are the minimum versions required for different provider-extensions: gardener-extension-provider-aws v1.16.0, gardener-extension-provider-openstack v1.12.0, gardener-extension-provider-azure v1.14.0, gardener-extension-provider-gcp v1.12.0, gardener-extension-provider-alicloud v1.18.0, gardener-extension-provider-vsphere v0.1.0. (gardener/gardener#3332, @hardikdr)
  • [OPERATOR] If the nginx-ingress addon for a shoot used as seed is disabled then you can no longer enable it anymore. Instead, use the new managed ingress controller feature. You can find more information about it here. Existing shoots used as seeds with .spec.addons.nginxIngress.enabled=true will continue to work. (gardener/gardener#3131, @BeckerMax)
  • [DEVELOPER] The CopyValues function has been moved from pkg/utils/chart to pkg/utils and was renamed to ShallowCopyMapStringInterface. (gardener/gardener#3454, @rfranzke)
  • [DEVELOPER] The ImageMapToValues function has been moved from pkg/utils/chart to pkg/utils/imagevector. (gardener/gardener#3454, @rfranzke)
  • [DEVELOPER] A new mutating webhook for the cloudprovider secret has been added in the extensions library. With this change, the EnsurerContext of the genericmutator package has been moved to a separate context package. Please adapt your usage of genericmutator accordingly. (gardener/gardener#3348, @kon-angelo)
  • [DEPENDENCY] Some helper functions and interface types have been changed to accept client.{Object,ObjectList} instead of runtime.Object where applicable to have a clearer contract of what is expected from passed parameters. (gardener/gardener#3476, @timebertt)
  • [DEPENDENCY] The kubernetes.Interface.RESTMapper func has been removed in favor of the client.RESTMapper func. Please adapt your usage accordingly. (gardener/gardener#3473, @timebertt)
  • [DEPENDENCY] Several deprecated / duplicated helper funcs were removed: (gardener/gardener#3463, @timebertt)
    • kutils.KeyFromObject in favor of client.ObjectKeyFromObject
    • controllerutils.HasFinalizer in favor of controllerutil.ContainsFinalizer
    • extensionscontroller.HasFinalizer in favor of controllerutil.ContainsFinalizer
    • controllerutils.BoolPtrDerefOr in favor of pointer.BoolPtrDerefOr
    • flow.SimpleTaskFn
  • [DEPENDENCY] The FileContentInlineCodec and UnitSerializer interfaces have been moved from extensions/pkg/webhook/controlplane to pkg/operation/botanist/extensions/operatingsystemconfig/utils. (gardener/gardener#3454, @rfranzke)
  • [DEPENDENCY] The KubeletConfigCodec interface has been moved from extensions/pkg/webhook/controlplane to pkg/operation/botanist/extensions/operatingsystemconfig/original/components/kubelet and was renamed to ConfigCodec. (gardener/gardener#3454, @rfranzke)
  • [DEPENDENCY] ⚠️ Go dependencies to kubernetes/* and kubernetes-sigs/controller-runtime were updated to v0.19.6 and v0.7.0 respectively. This imposes a lot of consequent breaking changes to go projects vendoring gardener/gardener. If your project/extension vendors gardener/gardener, please read the dedicated section in this issue carefully when upgrading your dependencies. (gardener/gardener#3393, @timebertt)
  • [DEPENDENCY] pkg/utils/secrets.BasicAuthSecretConfig does no longer allow generating bcrypt password hash. The corresponding functionality is now removed. (gardener/gardener#3365, @ialidzhikov)

✨ New Features

  • [USER] Logs from VerticalPodAutoscaler are accessible via the Vertical Pod Autoscaler dashboard in Grafana. (gardener/gardener#3456, @Kristian-ZH)
  • [USER] The shoot reconciliation flow is now waiting until all worker nodes have executed the most recent cloud-config user data. Similarly, the shoot care controller checks if the last successfully applied cloud-config user data on all nodes is outdated or not (and reports this in the EveryNodeReady condition). Please note that both features are only available for new nodes. (gardener/gardener#3396, @rfranzke)
  • [USER] The cluster-autoscaler is now activated even during rolling-update of the shoot clusters. The change in machine-controller-manager of adding the cluster-autoscaler.kubernetes.io/scale-down-disabled annotation during rolling-update is required, in order for autoscaler to not scale-down worker-pools (coming with machine-controller-manager 0.34.0). (gardener/gardener#3332, @hardikdr)
  • [OPERATOR] An additional change detection mechanism for the file download-cloud-config.sh is now used to ensure the file is up-to-date even after VM reboot. (gardener/gardener#3603, @rfranzke)
  • [OPERATOR] Enabling the usage of internal load balancers for the kube-api servers of the shoots. (gardener/gardener#3507, @hassbert)
  • [OPERATOR] The new ShootVPAEnabledByDefault admission plugin of the gardener-apiserver (disabled by default) controls whether the .spec.kubernetes.verticalPodAutoscaler.enabled field for newly created Shoot resources is defaulted to true. Existing Shoots are not modified, i.e., if VPA shall be enabled then it needs to be explicitly set. Also Shoot's can still explicitly disable the VPA by setting .spec.kubernetes.verticalPodAutoscaler.enabled=false. See this document. (gardener/gardener#3468, @timebertt)
  • [OPERATOR] The specification and the configuration files of the cloud-config-downloader.service systemd service are now updated regularly with the original OperatingSystemConfig. (gardener/gardener#3449, @vpnachev)
  • [OPERATOR] konnectivity-server is no longer a sidecar to kube-apiserver when APIServerSNI and KonnectivityTunnel feature gates are enabled. This allows for existing opened tunnel connections from konnectivity-agents to not be interrupted when kube-apiserver is auto-scaled. (gardener/gardener#3399, @mvladev)
  • [OPERATOR] It is now possible to trigger a restart of systemd services on particular shoot worker nodes by annotating the corresponding Node object with worker.gardener.cloud/restart-systemd-services=kubelet, for example. (gardener/gardener#3396, @rfranzke)
  • [OPERATOR] The .spec.revisionHistoryLimit is now set to 1 for Deployments. (gardener/gardener#3374, @rfranzke)
  • [OPERATOR] It is now possible to specify the spec.settings.loadBalancerServices.annotations field for shooted seeds via the "shoot.gardener.cloud/use-as-seed" annotation. You can do this by specifying the loadBalancerServices.annotations.* option - for example loadBalancerServices.annotations.service.beta.kubernetes.io/aws-load-balancer-type=nlb. (gardener/gardener#3344, @ialidzhikov)
  • [OPERATOR] The gardener admission controller now exposes ...
Read more
Assets 3
Loading

v1.17.0

18 Feb 07:38
@gardener-robot-ci-2 gardener-robot-ci-2
v1.17.0
5b1dcf5
Compare
Choose a tag to compare
v1.17.0

no release notes available

Assets 3
Loading

v1.16.3

17 Feb 13:39
@gardener-robot-ci-3 gardener-robot-ci-3
v1.16.3
d524884
Compare
Choose a tag to compare
v1.16.3

[gardener]

⚠️ Breaking Changes

  • [USER] The already deprecated annotation keys confirmation.garden.sapcloud.io/deletion and shoot.garden.sapcloud.io/operation are no longer respected by Gardener components. If you are still using the deprecated annotation keys, please switch the the equivalents from the new API group - respectively confirmation.gardener.cloud/deletion and gardener.cloud/operation. (gardener/gardener#3375, @ialidzhikov)
  • [OPERATOR] The check for stale extension health checks is now switched from controllers.shootCare.staleExtensionHealthCheckThreshold to controllers.shootCare.staleExtensionHealthChecks.{enabled,threshold} in the GardenletConfiguration. It is now configurable and enabled by default. (gardener/gardener#3390, @ialidzhikov)
  • [OPERATOR] Deprecated ingress hostnames i.e., AlertManager - au.<shoot-name>.<project-name>.<seed-ingress-domain>, Grafana - gu.<shoot-name>.<project-name>.<seed-ingress-domain>, go.<shoot-name>.<project-name>.<seed-ingress-domain>, Prometheus - p.<shoot-name>.<project-name>.<seed-ingress-domain> were removed and will not be reachable anymore. Please use the hostnames introduced with Gardener v0.34.0 instead. (gardener/gardener#3380, @timuthy)
  • [OPERATOR] gardenlet's shoot-care-control is now using the gardener.cloud/role label key (until now it was garden.sapcloud.io/role) to perform health checks on controlplane components. Make sure you have first upgraded to at least Gardener v1.14 before you upgrade to this version of Gardener. (gardener/gardener#3350, @ialidzhikov)
  • [OPERATOR] With the activated cluster-autoscaler during roll-outs, following are the minimum versions required for different provider-extensions: gardener-extension-provider-aws v1.16.0, gardener-extension-provider-openstack v1.12.0, gardener-extension-provider-azure v1.14.0, gardener-extension-provider-gcp v1.12.0, gardener-extension-provider-alicloud v1.18.0, gardener-extension-provider-vsphere v0.1.0. (gardener/gardener#3332, @hardikdr)
  • [OPERATOR] If the nginx-ingress addon for a shoot used as seed is disabled then you can no longer enable it anymore. Instead, use the new managed ingress controller feature. You can find more information about it here. Existing shoots used as seeds with .spec.addons.nginxIngress.enabled=true will continue to work. (gardener/gardener#3131, @BeckerMax)
  • [DEVELOPER] A new mutating webhook for the cloudprovider secret has been added in the extensions library. With this change, the EnsurerContext of the genericmutator package has been moved to a separate context package. Please adapt your usage of genericmutator accordingly. (gardener/gardener#3348, @kon-angelo)
  • [DEPENDENCY] ⚠️ Go dependencies to kubernetes/* and kubernetes-sigs/controller-runtime were updated to v0.19.6 and v0.7.0 respectively. This imposes a lot of consequent breaking changes to go projects vendoring gardener/gardener. If your project/extension vendors gardener/gardener, please read the dedicated section in this issue carefully when upgrading your dependencies. (gardener/gardener#3393, @timebertt)
  • [DEPENDENCY] pkg/utils/secrets.BasicAuthSecretConfig does no longer allow generating bcrypt password hash. The corresponding functionality is now removed. (gardener/gardener#3365, @ialidzhikov)

✨ New Features

  • [USER] Logs from VerticalPodAutoscaler are accessible via the Vertical Pod Autoscaler dashboard in Grafana. (gardener/gardener#3456, @Kristian-ZH)
  • [USER] The shoot reconciliation flow is now waiting until all worker nodes have executed the most recent cloud-config user data. Similarly, the shoot care controller checks if the last successfully applied cloud-config user data on all nodes is outdated or not (and reports this in the EveryNodeReady condition). Please note that both features are only available for new nodes. (gardener/gardener#3396, @rfranzke)
  • [USER] The cluster-autoscaler is now activated even during rolling-update of the shoot clusters. The change in machine-controller-manager of adding the cluster-autoscaler.kubernetes.io/scale-down-disabled annotation during rolling-update is required, in order for autoscaler to not scale-down worker-pools (coming with machine-controller-manager 0.34.0). (gardener/gardener#3332, @hardikdr)
  • [OPERATOR] The specification and the configuration files of the cloud-config-downloader.service systemd service are now updated regularly with the original OperatingSystemConfig. (gardener/gardener#3449, @vpnachev)
  • [OPERATOR] It is now possible to trigger a restart of systemd services on particular shoot worker nodes by annotating the corresponding Node object with worker.gardener.cloud/restart-systemd-services=kubelet, for example. (gardener/gardener#3396, @rfranzke)
  • [OPERATOR] The .spec.revisionHistoryLimit is now set to 1 for Deployments. (gardener/gardener#3374, @rfranzke)
  • [OPERATOR] It is now possible to specify the spec.settings.loadBalancerServices.annotations field for shooted seeds via the "shoot.gardener.cloud/use-as-seed" annotation. You can do this by specifying the loadBalancerServices.annotations.* option - for example loadBalancerServices.annotations.service.beta.kubernetes.io/aws-load-balancer-type=nlb. (gardener/gardener#3344, @ialidzhikov)
  • [OPERATOR] The gardener admission controller now exposes metrics (gardener/gardener#3293, @wyb1)
  • [OPERATOR] New SeedKubeScheduler feature gate is added to gardenlet. When enabled, it deploys a custom kube-scheduler in gardener-kube-scheduler namespace of Seed clusters with Kubernetes version 1.17 or greater. The scheduler assigns Shoot control plane Pods to Nodes with higher resource utilization, resulting in better bin-packing of control planes. (gardener/gardener#3243, @mvladev)
  • [OPERATOR] Gardener now offers to manage a dedicated ingress controller for seed clusters (earlier, this was a manual operator task when registering seeds). You can find more information about it here. (gardener/gardener#3131, @BeckerMax)
  • [DEVELOPER] Nodeless local dev setups now run with etcd v3.4.14 and K8s v1.20.2. (gardener/gardener#3426, @timuthy)
  • [DEVELOPER] Gardener can now support shoot clusters with Kubernetes version 1.20. In order to allow creation/update of 1.20 clusters you will have to update the version of your provider extension(s) to a version that supports 1.20 as well. Please consult the respective releases and notes in the provider extension's repository. (gardener/gardener#3296, @rfranzke)
  • [DEPENDENCY] The ConfigMaps and Secrets used to store the config and state of terraform now have owner reference to the Infrastructure resource. (gardener/gardener#3275, @vpnachev)

🐛 Bug Fixes

  • [USER] metrics-server's version is updated from v0.4.1 to v0.4.2 to adopt upstream fix that was causing metrics-server to be unavailable for a while after rolling update of Nodes. (gardener/gardener#3516, @ialidzhikov)
  • [USER] Fixed a bug where service, pod or node CIDRs that are private network (RFC1918) or carrier-grade NAT (RFC6598) IPv4 blocks would produce an invalid allow-to-private-networks networkpolicy. (gardener/gardener#3462, @mvladev)
  • [USER] A bug has been fixed that prevented shoot clusters from coming up in case .spec.kubernetes.allowPrivilegedContainers=false. (gardener/gardener#3409, @rfranzke)
  • [USER] An race issue causing immediate wake up after hibernation to fail is now fixed. The hibernation is now waiting until the kube-apiserver Service is cleaned up. (gardener/gardener#3289, @ialidzhikov)
  • [OPERATOR] An issue has been fixed which caused Gardener to incorrectly label shoot clusters as unhealthy (shoot.gardener.cloud/status: unhealthy) for a short period of time. (gardener/gardener#3567, @timuthy)
  • [OPERATOR] The affinity section is removed from the Loki StatefulSet for the integration tests (gardener/gardener#3526, @vlvasilev)
  • [OPERATOR] An issue causing the generic Worker actuator to not wait until the finalizer of the out-of-tree machine controller provider is removed from the credentials secret is now fixed. (gardener/gardener#3498, @ialidzhikov)
  • [OPERATOR] An issue in the API validation has been fixed which prevented the managed ingress feature for seeds being enabled. (gardener/gardener#3448, @BeckerMax)
  • [OPERATOR] A bug has been fixed which prevented proper auto-scaling of components under control of HVPA. (gardener/gardener#3446, @rfranzke)
  • [OPERATOR] Fix gardener-seed-admission controller, etcd backup-restore and extension parsers time format (gardener/gardener#3429, @vlvasilev)
  • [OPERATOR] The generic Worker actuator does now wait until the machine-controller-manager finalizer is removed from the credentials secret that is referenced from the machine classes. (gardener/gardener#3425, @ialidzhikov)
  • [OPERATOR] Node Problem Detector is now matched by gardener.cloud--allow-to-dns and gardener.cloud--allow-to-apiserver networkpolicies can run with deny-all networkpolicy in kube-system namespace. (gardener/gardener#3424, @mvladev)
  • [OPERATOR] fix CRD for extension types to allow storing anything in status.state. (gardener/gardener#3422, @MartinWeindel)
  • [OPERATOR] Fixes a bug causing newly created Seeds to fail during bootstrap (gardener/gardener#3400, @BeckerMax)
  • [OPERATOR] A side-car container is added to kube-proxy that deletes the incorrect conntrack table entries which sometime occur after restart of `kube-prox...
Read more
Assets 3
Loading

v1.15.5

17 Feb 13:31
@gardener-robot-ci-2 gardener-robot-ci-2
v1.15.5
d7f1f7a
Compare
Choose a tag to compare
v1.15.5

[gardener]

⚠️ Breaking Changes

  • [OPERATOR] If the nginx-ingress addon for a shoot used as seed is disabled then you can no longer enable it anymore. Instead, use the new managed ingress controller feature. You can find more information about it here. Existing shoots used as seeds with .spec.addons.nginxIngress.enabled=true will continue to work. (gardener/gardener#3131, @BeckerMax)

✨ New Features

  • [OPERATOR] It is now possible to specify the spec.settings.loadBalancerServices.annotations field for shooted seeds via the "shoot.gardener.cloud/use-as-seed" annotation. You can do this by specifying the loadBalancerServices.annotations.* option - for example loadBalancerServices.annotations.service.beta.kubernetes.io/aws-load-balancer-type=nlb. (gardener/gardener#3344, @ialidzhikov)
  • [OPERATOR] The gardener admission controller now exposes metrics (gardener/gardener#3293, @wyb1)
  • [OPERATOR] Gardener now offers to manage a dedicated ingress controller for seed clusters (earlier, this was a manual operator task when registering seeds). You can find more information about it here. (gardener/gardener#3131, @BeckerMax)
  • [DEVELOPER] Gardener can now support shoot clusters with Kubernetes version 1.20. In order to allow creation/update of 1.20 clusters you will have to update the version of your provider extension(s) to a version that supports 1.20 as well. Please consult the respective releases and notes in the provider extension's repository. (gardener/gardener#3296, @rfranzke)

🐛 Bug Fixes

  • [USER] A bug has been fixed that prevented shoot clusters from coming up in case .spec.kubernetes.allowPrivilegedContainers=false. (gardener/gardener#3410, @rfranzke)
  • [USER] An race issue causing immediate wake up after hibernation to fail is now fixed. The hibernation is now waiting until the kube-apiserver Service is cleaned up. (gardener/gardener#3289, @ialidzhikov)
  • [OPERATOR] Fixes a bug causing newly created Seeds to fail during bootstrap (gardener/gardener#3401, @BeckerMax)
  • [OPERATOR] A bug that was renewing the bootstrap token secret on each reconciliation has been fixed. (gardener/gardener#3323, @vpnachev)
  • [OPERATOR] An issue has been fixed which did not enable VPA for the aggregate Prometheus Pod in new seed clusters. (gardener/gardener#3312, @timuthy)
  • [OPERATOR] By default, gardener-apiserver now invokes in-tree admission plugins before invoking the webhook plugins. (gardener/gardener#3298, @timebertt)
  • [OPERATOR] An issue has been fixed that prevented the execution of the Kube-API-Server's configured preStop hooks for >=1.19.x clusters. (gardener/gardener#3295, @timuthy)
  • [OPERATOR] Gardener health checks now take the effective Shoot specification into consideration if .spec.maintenance.confineSpecRollout is used. Earlier, EveryNodeReady or ControlPlaneHealthy conditions reported an invalid state if the specification was changed but not yet effective due to a rollout during shoot maintenance (confineSpecRollout: true). (gardener/gardener#3286, @timuthy)
  • [OPERATOR] An issue in the API validation has been fixed which prevented the managed ingress feature for seeds being enabled. (gardener/gardener@4bfccae)
  • [OPERATOR] A bug has been fixed which prevented proper auto-scaling of components under control of HVPA. (gardener/gardener@3d0859f)
  • [OPERATOR] fix CRD for extension types to allow storing anything in status.state. (gardener/gardener@f29a08a)
  • [OPERATOR] The generic Worker actuator does now wait until the machine-controller-manager finalizer is removed from the credentials secret that is referenced from the machine classes. (gardener/gardener@b8cbfee)
  • [OPERATOR] A side-car container is added to kube-proxy that deletes the incorrect conntrack table entries which sometime occur after restart of kube-proxy and prevent the establishment of a tcp connection to the api-server. (gardener/gardener@243cfeb)
  • [OPERATOR] An issue causing a NetworkPolicy to do not allow egress from prometheus Pod to alertmanager and vpa-exporter Pods is now fixed. (gardener/gardener@3d27d2e)
  • [OPERATOR] An issue causing gardenlet to do not properly compute the .status.clusterIdentity field is now fixed. (gardener/gardener@b9a4257)
  • [DEVELOPER] The Seed and Shoot logging stack deletion is separated in two functions to avoid accidental deletion of cluster scoped resources. (gardener/gardener#3437, @vlvasilev)
  • [DEPENDENCY] Ensure a stable order of self-registered webhooks in extensions to avoid unnecessary rollouts of control plane components. (gardener/gardener#3320, @timebertt)

📖 Documentation

🏃 Others

  • [OPERATOR] Gardener now considers the seed.spec.ingress.domain field when passing the value via gradener.seed.ingressDomain to ControllerRegistration charts. (gardener/gardener#3443, @timuthy)
  • [OPERATOR] An issue has been fixed which caused unwanted restarts for Grafana instances. (gardener/gardener#3404, @ialidzhikov)
  • [OPERATOR] NumberOfBatchIDs for the fluent-bit-to-loki plugin is set to 5 numbers. (gardener/gardener#3403, @vlvasilev)
  • [OPERATOR] The Loki initialDelaySeconds for the readinessProbe is reduces to 80 seconds. (gardener/gardener#3333, @vlvasilev)
  • [OPERATOR] The vpa-admission-controller and vpa-updater pods are now ensured with some minimal CPU and memory resources. (gardener/gardener#3330, @vpnachev)
  • [OPERATOR] Gardener will now check seed clusters for VPA functionality as a prerequisite. (gardener/gardener#3312, @timuthy)
  • [OPERATOR] Upgrade Prometheus to v2.23.0 (gardener/gardener#3297, @wyb1)
  • [OPERATOR] Change pod anti-affinity to preferredDuringSchedulingIgnoredDuringExecution for gardener-seed-admission-controller deployment in the garden namespaces of seed clusters. (gardener/gardener#3294, @hardikdr)
  • [OPERATOR] The pre-delivered cluster role gardener.cloud:admin now contains full access permissions for Events and ResourceQuotas. (gardener/gardener#3291, @timuthy)
  • [OPERATOR] Add panels to the Kubernetes API Server Details Dashboard for dropped requests. (gardener/gardener#3284, @wyb1)
  • [OPERATOR] Alerts are added for the custom metrics for fluent-bit GardenerLoki plugin (gardener/gardener#3283, @Kristian-ZH)
  • [OPERATOR] Required connections from Gardenlet to the Garden cluster has been reduced which will have positive effects on scalability and costs. (gardener/gardener#3277, @timuthy)
  • [OPERATOR] Fix gardener-seed-admission controller, etcd backup-restore and extension parsers time format. (gardener/gardener@283ee10)
  • [OPERATOR] Fixed a bug of the managed istio feature flag where the istio rolebinding was created in the wrong namespace. (gardener/gardener@848a8b9)
  • [OPERATOR] A bug has been fixed in gardener-controller-manager's Project controller that can lead to a continuous reconciliation of Project resources if they are stuck in Terminating state. (gardener/gardener@56b5c5a)
  • [DEVELOPER] The golang version is updated to 1.15.7. (gardener/gardener@6dab5ea)
  • [DEPENDENCY] Guestbook integration test dependencies are now fetched from bitnami repo instead of deprecated/shutdown helm repo. (gardener/gardener#3314, @dguendisch)
  • [DEPENDENCY] Making the implementation of the function GetMachineControllerManagerCloudCredentials in the WorkerDelegate optional. Alternatively, extensions can now use the field in the machine class spec.credentialsSecretRef so that all machine classes refer to the same secret from the Worker field spec.secretRef. See here for more details. (gardener/gardener#3308, @danielfoehrKn)

📰 Noteworthy

  • [USER] The version for the nginx-ingress addon for shoots has been updated to v0.41.2 ONLY for Kubernetes 1.20 shoot clusters. All shoot clusters with Kubernetes < 1.20 will remain with the current v0.22.0 version. Please be reminded that the nginx-ingress addon is not recommended for production scenarios and that you should deploy (+ customize) your own ingress controller instead. Please use it only for development/evaluation purposes. (gardener/gardener#3315, @rfranzke)
  • [OPERATOR] The ingress domain configuration for Seeds is now immutable. (gardener/gardener@ba65cf6)

[logging]

🏃 Others

Assets 3
Loading

v1.15.0

17 Feb 13:24
@gardener-robot-ci-1 gardener-robot-ci-1
v1.15.0
1b07f2c
Compare
Choose a tag to compare
v1.15.0

[documentation]

🏃 Others

  • [OPERATOR] Gardener anniversary blog post was added. (#199, @timuthy)
  • [OPERATOR] Published blog on Machine Controller Manager (#198, @AxiomSamarth)

[gardener]

⚠️ Breaking Changes

  • [OPERATOR] If the nginx-ingress addon for a shoot used as seed is disabled then you can no longer enable it anymore. Instead, use the new managed ingress controller feature. You can find more information about it here. Existing shoots used as seeds with .spec.addons.nginxIngress.enabled=true will continue to work. (gardener/gardener#3131, @BeckerMax)

✨ New Features

  • [OPERATOR] It is now possible to specify the spec.settings.loadBalancerServices.annotations field for shooted seeds via the "shoot.gardener.cloud/use-as-seed" annotation. You can do this by specifying the loadBalancerServices.annotations.* option - for example loadBalancerServices.annotations.service.beta.kubernetes.io/aws-load-balancer-type=nlb. (gardener/gardener#3344, @ialidzhikov)
  • [OPERATOR] The gardener admission controller now exposes metrics (gardener/gardener#3293, @wyb1)
  • [OPERATOR] Gardener now offers to manage a dedicated ingress controller for seed clusters (earlier, this was a manual operator task when registering seeds). You can find more information about it here. (gardener/gardener#3131, @BeckerMax)
  • [DEVELOPER] Gardener can now support shoot clusters with Kubernetes version 1.20. In order to allow creation/update of 1.20 clusters you will have to update the version of your provider extension(s) to a version that supports 1.20 as well. Please consult the respective releases and notes in the provider extension's repository. (gardener/gardener#3296, @rfranzke)

🐛 Bug Fixes

  • [USER] An race issue causing immediate wake up after hibernation to fail is now fixed. The hibernation is now waiting until the kube-apiserver Service is cleaned up. (gardener/gardener#3289, @ialidzhikov)
  • [OPERATOR] A bug that was renewing the bootstrap token secret on each reconciliation has been fixed. (gardener/gardener#3323, @vpnachev)
  • [OPERATOR] An issue has been fixed which did not enable VPA for the aggregate Prometheus Pod in new seed clusters. (gardener/gardener#3312, @timuthy)
  • [OPERATOR] By default, gardener-apiserver now invokes in-tree admission plugins before invoking the webhook plugins. (gardener/gardener#3298, @timebertt)
  • [OPERATOR] An issue has been fixed that prevented the execution of the Kube-API-Server's configured preStop hooks for >=1.19.x clusters. (gardener/gardener#3295, @timuthy)
  • [OPERATOR] Gardener health checks now take the effective Shoot specification into consideration if .spec.maintenance.confineSpecRollout is used. Earlier, EveryNodeReady or ControlPlaneHealthy conditions reported an invalid state if the specification was changed but not yet effective due to a rollout during shoot maintenance (confineSpecRollout: true). (gardener/gardener#3286, @timuthy)
  • [DEPENDENCY] Ensure a stable order of self-registered webhooks in extensions to avoid unnecessary rollouts of control plane components. (gardener/gardener#3320, @timebertt)

📖 Documentation

🏃 Others

  • [OPERATOR] The Loki initialDelaySeconds for the readinessProbe is reduces to 80 seconds. (gardener/gardener#3333, @vlvasilev)
  • [OPERATOR] The vpa-admission-controller and vpa-updater pods are now ensured with some minimal CPU and memory resources. (gardener/gardener#3330, @vpnachev)
  • [OPERATOR] Gardener will now check seed clusters for VPA functionality as a prerequisite. (gardener/gardener#3312, @timuthy)
  • [OPERATOR] Upgrade Prometheus to v2.23.0 (gardener/gardener#3297, @wyb1)
  • [OPERATOR] Change pod anti-affinity to preferredDuringSchedulingIgnoredDuringExecution for gardener-seed-admission-controller deployment in the garden namespaces of seed clusters. (gardener/gardener#3294, @hardikdr)
  • [OPERATOR] The pre-delivered cluster role gardener.cloud:admin now contains full access permissions for Events and ResourceQuotas. (gardener/gardener#3291, @timuthy)
  • [OPERATOR] Add panels to the Kubernetes API Server Details Dashboard for dropped requests. (gardener/gardener#3284, @wyb1)
  • [OPERATOR] Alerts are added for the custom metrics for fluent-bit GardenerLoki plugin (gardener/gardener#3283, @Kristian-ZH)
  • [OPERATOR] Required connections from Gardenlet to the Garden cluster has been reduced which will have positive effects on scalability and costs. (gardener/gardener#3277, @timuthy)
  • [DEPENDENCY] Guestbook integration test dependencies are now fetched from bitnami repo instead of deprecated/shutdown helm repo. (gardener/gardener#3314, @dguendisch)
  • [DEPENDENCY] Making the implementation of the function GetMachineControllerManagerCloudCredentials in the WorkerDelegate optional. Alternatively, extensions can now use the field in the machine class spec.credentialsSecretRef so that all machine classes refer to the same secret from the Worker field spec.secretRef. See here for more details. (gardener/gardener#3308, @danielfoehrKn)

📰 Noteworthy

  • [USER] The version for the nginx-ingress addon for shoots has been updated to v0.41.2 ONLY for Kubernetes 1.20 shoot clusters. All shoot clusters with Kubernetes < 1.20 will remain with the current v0.22.0 version. Please be reminded that the nginx-ingress addon is not recommended for production scenarios and that you should deploy (+ customize) your own ingress controller instead. Please use it only for development/evaluation purposes. (gardener/gardener#3315, @rfranzke)
Assets 3
Loading

v1.14.0

11 Dec 08:35
@gardener-robot-ci-2 gardener-robot-ci-2
v1.14.0
13c08c3
Compare
Choose a tag to compare
v1.14.0

[autoscaler]

🏃 Others

[etcd-backup-restore]

🏃 Others

📰 Noteworthy

[etcd-druid]

🏃 Others

[gardener]

⚠️ Breaking Changes

  • [DEPENDENCY] The WorkerDelegate must implement method GetMachineControllerManagerCloudCredentials returning map with cloud credential keys and values just like they are used by the machine-controller-manager. (gardener/gardener#3224, @vpnachev)
  • [DEPENDENCY] The deprecated functions in the terraformer library (SetVariablesEnvironment and GenerateVariablesEnvironment) have been removed. (gardener/gardener#3223, @timebertt)
  • [DEPENDENCY] The Terraformer functions have been changed to allow passing proper contexts. Please adapt your usage accordingly. (gardener/gardener#3223, @timebertt)
  • [DEPENDENCY] The terraformer library was switched to logr instead of logrus in order to have more consistent and readable logging in the infrastructure controllers of provider extensions. Please adapt your usage accordingly. (gardener/gardener#3223, @timebertt)

✨ New Features

  • [USER] Support scale to/from zero for MCM OOT providers - AWS, Azure. (gardener/gardener#3276, @prashanth26)
  • [USER] The shoot reconciler sets the conditions to Progressing after it finished a successful reconciliation, and the care controller starts to re-evaluate the health status after this happened. This helps end-users to better understand whether their cluster is indeed healthy after a reconciliation. Earlier, it could take up to 30s / 1m (based on the configured care controller sync period) until the actual status is reflected. (gardener/gardener#3251, @rfranzke)
  • [OPERATOR] The shoot controller inside the gardenlet has been adapted to cater with large Gardener landscapes: (gardener/gardener#3242, @rfranzke)
      1. When the gardenlet has already reconciled a shoot cluster during its maintenance time window then it doesn't reconcile it again. Instead, it computes a random duration for the next time window and requeues the shoot. Already reconciled shoots are those whose last reconciliation was less then 24h ago.
      1. When the gardenlet is (re)started then it does no longer reconcile all shoots immediately whose maintenance time windows are met. Instead, it computes a random time for the current time window and requeues the shoot ("jittering", i.e., spreading the load). This will have the effect that not all shoots are getting reconciled at the same time right after startup.

🐛 Bug Fixes

  • [USER] apiserver-proxy now uses system-node-critical priority class. Memory limit is also increased to avoid OOM killer. (gardener/gardener#3282, @mvladev)
  • [USER] The KUBERNETES_SERVICE_HOST environment variable injected when APIServerSNI is enabled no longer includes a trailing dot (being a Fully Qualified Domain Name) due to several homebrew kubernetes clients not properly handling it and sending wrong server name when initiating a TLS conneciton. (gardener/gardener#3235, @mvladev)
  • [OPERATOR] A bug has been fixed that caused the vpa-admission-controller to not being able to update its status (inside Lease object) when its enabled for shoot clusters. (gardener/gardener#3265, @rfranzke)
  • [OPERATOR] Fix an error during bootstrapping of fresh Seeds (gardener/gardener#3262, @BeckerMax)
  • [OPERATOR] A bug has been fixed which can lead to Seeds not getting ready when an image vector overwrite for the etcd-druid is configured. (gardener/gardener#3212, @rfranzke)
  • [DEPENDENCY] The generic worker actuator is now ensuring that all machine class secrets have up-to-date cloud credentials. (gardener/gardener#3224, @vpnachev)

🏃 Others

📰 Noteworthy

  • [USER] The Shoot garbage collector now also deletes failed Pods with the reason OutOf* in the Seed namespace and the kube-system namespace of the Shoot. (gardener/gardener#3248, @timebertt)
  • [USER] The system components that were previous specifying label garden.sapcloud.io/role: (optional-addon|monitoring|system-component) are now adapted to specify gardener.cloud/role: (optional-addon|monitoring|system-component). (gardener/gardener#3220, @ialidzhikov)
  • [OPERATOR] Forbid control plane migration between Seeds with different cloud providers. (gardener/gardener#3254, @plkokanov)
  • [OPERATOR] The gardenlet enqueues shooted seeds immediately (without configured jitter) when the shooted seed's spec was changed or when the config in the use-as-seed annotation was changed. This enabled a faster rollout of the gardenlet. (gardener/gardener#3249, @rfranzke)
  • [OPERATOR] gardenlet is now restarted if APIServerSNI is enabled on the Seed cluster. (gardener/gardener#3226, @mvladev)
  • [OPERATOR] The Shoot namespace in the Seed no longer specifies label garden.sapcloud.io/role: shoot. (gardener/gardener#3220, @ialidzhikov)
  • [OPERATOR] Upgraded etcd version from v3.3.17 to v3.4.13 and moved from quay.io/coreos/etcd to Gardener-specific custom etcd image eu.gcr.io/gardener-project/gardener/etcd. ⚠️ This will cause an etcd restart. (gardener/gardener#3205, @gardener-robot-ci-2)

[gardener-resource-manager]

✨ New Features

  • [OPERATOR] gardener-resource-manager now logs its own version on startup or when executed with --version. (gardener-attic/gardener-resource-manager#96, @timebertt)
  • [DEVELOPER] Docker images built by make docker-images are now tagged and build with the commit hash appended to the version. ...
Read more
Assets 3
Loading

v1.13.2

02 Dec 15:26
@gardener-robot-ci-3 gardener-robot-ci-3
v1.13.2
d83dcd3
Compare
Choose a tag to compare
v1.13.2

no release notes available

Assets 3
Loading

v1.13.1

25 Nov 07:16
@gardener-robot-ci-1 gardener-robot-ci-1
v1.13.1
d8d4295
Compare
Choose a tag to compare
v1.13.1

[gardener]

Action Required

  • [USER] We are preparing a change that will lead to validation errors when the Project resource contains duplicates in the .spec.members[] list. For the time being, duplicates in this list are merged into a single member automatically by the Gardener API Server. In the future, this will no longer happen, instead, a validation error will be returned if a user sends a Project resource with duplicate members. Please adapt your API usage to not send any of such resources. (gardener/gardener#3137, @rfranzke)
  • [USER] The project controller is now adapted to accept and maintain only the project namespace labels from the new API group - gardener.cloud/role=project and project.gardener.cloud/name=<project-name>. Until now the project controller was accepting and maintaining also the labels from the old API groups - garden.sapcloud.io/role=project and project.garden.sapcloud.io/name=<project-name>. With this change, the project controller removes the namespace labels associated to the old API group. If you are still using these deprecated labels, you need to adapt your machinery. (gardener/gardener#3094, @ialidzhikov)
  • [USER] The already deprecated annotations shoot.garden.sapcloud.io/use-as-seed and shoot.garden.sapcloud.io/ignore-alerts are no longer respected by the corresponding Gardener components. If you are still using these deprecated annotations, you need to adapt your machinery to use respectively shoot.gardener.cloud/use-as-seed and shoot.gardener.cloud/ignore-alerts. You need to be careful with use-as-seed annotation as if you don't adapt to the new annotation and update your Gardener version to the one that no longer respects the deprecated annotation, this will be handled as deletion of the ShootedSeed and will mark the Seed for deletion. (gardener/gardener#3094, @ialidzhikov)
  • [USER] A new webhook mutatingwebhookconfigurations.admissionregistration.k8s.io is deployed for all APIServerSNI- enabled clusters. It adds KUBERNETES_SERVICE_HOST environment variable pointing to the upstream Kube API Server. To disable this behavior: (gardener/gardener#3082, @mvladev)
    • label your Pods with apiserver-proxy.networking.gardener.cloud/inject: disable
    • or label the entire namespace with apiserver-proxy.networking.gardener.cloud/inject: disable
    • or label your Shoot resource with alpha.featuregates.shoot.gardener.cloud/apiserver-sni-pod-injector: disable to disable it cluster-wide.
  • [USER] For APIServerSNI-enabled clusters, Pods talking to the Kube API Server need to be allowed to connect to coredns running in kube-system namespace in order to resolve the hostname of the Kube API server. It also needs to have access to the IP from the default/kubernetes endpoint and the upstream IP of of the kube-apiserver. (gardener/gardener#3082, @mvladev)
    • If the Pod:
    • is not matched by any NetworkPolicy - no action is required.
    • is not injected with KUBERNETES_SERVICE_HOST, because the feature is disabled - no action is required.
    • is matched by NetworkPolicies allowing ingress to coredns in kube-system and allows traffic top the default/kubernetes endpoint and the upstream upstream IP of of the kube-apiserver - no action is required.
    • is matched by NetworkPolicies that do not allow access to coredns in kube-system and/or do not allows traffic top the default/kubernetes endpoint and/or the upstream upstream IP of of the kube-apiserver - a NetworkPolicy allowing such egress must be added e.g.:

    • apiVersion: networking.k8s.io/v1

    • kind: NetworkPolicy

    • metadata:

    • name: allow-to-apiserver

    • spec:

    • podSelector: {}

    • egress:

      • to:
    • - ipBlock:

    •     cidr: <IP from default/kubernetes endpoint>/32

    • - ipBlock:

    •     cidr: <ip from apiserver FQDN e.g. nslookup api.foo.bar>/32
      • ports:
    • - port: 8053

    •   protocol: UDP

    • - port: 8053

    •   protocol: TCP

    • to:

    • - podSelector:

    •     matchExpressions:

    •     - key: k8s-app

    •       operator: In

    •       values:

    •       - kube-dns

    •   namespaceSelector:

    •     matchLabels:

    •       gardener.cloud/purpose: kube-system

    • policyTypes:

      • Egress
      • Ingress
  • [DEVELOPER] Terraformer.SetVariablesEnvironment has been deprecated in favor of Terraformer.SetEnvVars. Please adapt your usage of the terraformer library accordingly. (gardener/gardener#3204, @timebertt)
  • [DEVELOPER] The generic worker actuator interface does now include a new function MachineClass() runtime.Object that needs to be implemented. It is similar to MachineClassList() runtime.Object with the difference that it does not return the list object but the machine class object itself. (gardener/gardener#3178, @rfranzke)
  • [DEVELOPER] The CleanupLeakedClusterRoles function has been removed from the generic worker actuator package. You can find more information about it here and here. (gardener/gardener#3178, @rfranzke)
  • [DEVELOPER] A temporary workaround during the Cluster resource sync to the Seed by setting a fake Shoot status to prevent ShootNotFailed predicate in the extensions library from reacting false negatively is now cleaned up. Before upgrading to this version of Gardener, make sure that all of the extensions in your environment that use the ShootNotFailed predicate vendor github.com/gardener/[email protected] or above (that contains gardener/gardener#2265). (gardener/gardener#3097, @ialidzhikov)

Most notable changes

  • [USER] The Shoot now has a new constraint with type MaintenancePreconditionsSatisfied which indicates whether it's safe to maintain a shoot (see this document to get an overview what happens during maintenance). End-users should check this information to properly configure their clusters in order to avoid problems. (gardener/gardener#3173, @rfranzke)
  • [USER] It is now possible to configure the kube-apiserver's --max-requests-inflight and --max-mutating-requests-inflight flags by setting the .spec.kubernetes.kubeAPIServer.requests.max{Non}MutatingInflight fields (default: {400}/200) in the Shoot specification. (gardener/gardener#3141, @rfranzke)
  • [USER] It is now possible to configure the kube-controller-manager's --pod-eviction-timeout flag by setting the .spec.kubernetes.kubeControllerManager.podEvictionTimeout field (default: 2m0s) in the Shoot specification. (gardener/gardener#3139, @rfranzke)
  • [OPERATOR] The controlplane Helm chart for Gardener does now expose a few more configuration options for the gardener-apiserver: (gardener/gardener#3207, @rfranzke)
    • .Values.global.apiserver.goAwayChance configures the --goaway-chance flag.
    • .Values.global.apiserver.http2MaxStreamsPerConnection configures the --http2-max-streams-per-connection flag.
    • .Values.global.apiserver.shutdownDelayDuration configures the --shutdown-delay-duration flag.
    • .Values.global.requests.maxNonMutatingInflight configures the --max-requests-inflight flag.
    • .Values.global.requests.maxMutatingInflight configures the --max-mutating-requests-inflight flag.
    • .Values.global.requests.minTimeout configures the --min-request-timeout flag.
    • .Values.global.requests.timeout configures the --request-timeout flag.
    • .Values.global.watchCacheSizes.default configures the --default-watch-cache-size flag.
    • .Values.global.watchCacheSizes.resources[] configures the --watch-cache-size flag.
  • [OPERATOR] A bug has been fixed that might led to orphaned machine resources in the shoot namespace in the seed that are stuck with the machine-controller-manager finalizer. (gardener/gardener#3178, @rfranzke)
  • [OPERATOR] ManagedIstio and APIServerSNI can now be optionally configured via the new sni configuration in GardenletConfiguration, see the example configuration. This allows to use installation of Istio where the the ingressgateway is in another namespace. (gardener/gardener#3143, @mvladev)
  • [OPERATOR] It is now possible to configure the TTL used for DNSEntry objects in the shoot controller via the gardenlet's component config (.controllers.shoot.dnsEntryTTLSeconds, default: 120). (gardener/gardener#3142, @rfranzke)
  • [OPERATOR] It is now possible exclude specific Projects from the stale checks by annotating their related Namespaces with project.gardener.cloud/skip-stale-check=true. (gardener/gardener#3136, @rfranzke)
  • [OPERATOR] The gardenlet rollout caused by shooted seed registrations is now spread by default within [0,5m]. You can overwrite this jitter period in the gardenlet's component configuration (.controllers.shootedSeedRegistration.syncJitterPeriod). (gardener/gardener#3135, @rfranzke)
  • [OPERATOR] It is now possible to overwrite the feature gates in the gardenlet configuration for shooted seeds without the no-gardenlet option by setting featureGates.<name>={true,false}. (gardener/gardener#3134, @rfranzke)
  • [OPERATOR] The audit policy config map reference protection controller introduced with v1.12.0 is now disabled by default. You can explicitly enable it in the gardener-controller-manager's component configuration by setting .controllers.shootReference.protectAuditPolicyConfigMaps=true. (gardener/gardener#3117, @rfranzke)
  • [OPERATOR] A new webhook mutatingwebhookconfigurations.admissionregistration.k8s.io is deployed for all APIServerSNI-enabled clusters. It's runn...
Read more
Assets 3
Loading

v1.12.8

24 Nov 18:10
@gardener-robot-ci-1 gardener-robot-ci-1
v1.12.8
9cffb46
Compare
Choose a tag to compare
v1.12.8

[gardener]

Most notable changes

  • [OPERATOR] The audit policy config map reference protection controller introduced with v1.12.0 is now disabled by default. You can explicitly enable it in the gardener-controller-manager's component configuration by setting .controllers.shootReference.protectAuditPolicyConfigMaps=true. (gardener/gardener@3db1c41)

Improvements

  • [USER] A bug that was preventing custom CA certificates to be installed on the shoot nodes is now fixed. (gardener/gardener@e1ff022)
  • [USER] Missing audit policy ConfigMaps for Shoots are now ignored when trying to redeploy the kube-apiserver in the shoot deletion flow. (gardener/gardener@ed66040)
  • [USER] Gardener now allows to edit a Shoot's metadata (including confirming the deletion), even if some referenced object (e.g. audit policy) has already been deleted. (gardener/gardener@96fc32d)
  • [USER] An issue causing CoreDNS dashboard to show always 'No Data' is now fixed. (gardener/gardener@20dc1ac)
  • [USER] gardenlet no longer tries to deploy new resources in the Shoot namespace in the Seed when the corresponding namespace is marked for deletion (no new resources can be created in such namespace). (gardener/gardener@5967c29)
  • [OPERATOR] When disabling APIServerSNI feature gate, existing LoadBalancer ports from ManagedIstio are not removed until all existing SNI-enabled Shoot clusters are migrated. (gardener/gardener#3126, @mvladev)
  • [OPERATOR] istio-ingressgateway now uses KEEPALIVE to downstream LoadBalancers to prevent idle timeout issues. (gardener/gardener#3105, @mvladev)
  • [OPERATOR] apiserver-proxy now uses tcp keepalive every 55 seconds to prevent idle timeouts between it and the SNI LoadBalancer. (gardener/gardener#3093, @mvladev)
  • [OPERATOR] The federated seed controller syncing the ShootState is no longer sends events for ShootState resources as they are not evaluated in a meaningful way anyways. (gardener/gardener@e20f0f3)
  • [OPERATOR] An issue has been fixed which caused the logging stack to skip logs for certain extension pods. (gardener/gardener@ce92d4c)
  • [OPERATOR] An error has been fixed which caused the seed reconciliation (bootstrap) to fail if ManagedIstio is not enabled. (gardener/gardener@7750dc9)
  • [OPERATOR] A bug has been fixed that prevented the Loki HVPA recommendations from not being reverted. (gardener/gardener@eac7f29)
  • [OPERATOR] A bug has been fixed that caused the gardenlet to deploy further instances of itself with its own self-generated server certificate. It prevents undesired redeployments of these further instances. (gardener/gardener@0b51cbf)
  • [OPERATOR] Increase kube-controller-manager VPA minAllowed (gardener/gardener@92882ff)
  • [OPERATOR] The vpn deployment rolling strategy is improved so that the new pod is created before the old one is deleted. (gardener/gardener@16ffd5e)
  • [OPERATOR] A race condition in Gardener's helm chart (/charts/gardener/controlplane) has been fixed. Earlier, the deployed ValidatingWebhookConfiguration potentially blocked the creation of Gardener ServiceAccounts. The validation is now excluded from namespaces with the label app: gardener. (gardener/gardener@fccb4bf)
    • ℹ️ Please make sure you either let /charts/gardener/controlplane also deploy the garden namespace, or add the label app=gardener to the namespace yourself.
  • [OPERATOR] A cache issue preventing Shoot reference controller of gardener-controller-manager to do not reconcile sometimes references for newly created Shoots when the CachedRuntimeClients feature gate is enabled is now fixed. (gardener/gardener@2a320c8)

[gardener-resource-manager]

Improvements

Assets 3
Loading