Skip to content

v1.12.8
Compare
Choose a tag to compare
@gardener-robot-ci-1 gardener-robot-ci-1 released this 24 Nov 18:10
· 560 commits to master since this release
v1.12.8
9cffb46

[gardener]

Most notable changes

  • [OPERATOR] The audit policy config map reference protection controller introduced with v1.12.0 is now disabled by default. You can explicitly enable it in the gardener-controller-manager's component configuration by setting .controllers.shootReference.protectAuditPolicyConfigMaps=true. (gardener/gardener@3db1c41)

Improvements

  • [USER] A bug that was preventing custom CA certificates to be installed on the shoot nodes is now fixed. (gardener/gardener@e1ff022)
  • [USER] Missing audit policy ConfigMaps for Shoots are now ignored when trying to redeploy the kube-apiserver in the shoot deletion flow. (gardener/gardener@ed66040)
  • [USER] Gardener now allows to edit a Shoot's metadata (including confirming the deletion), even if some referenced object (e.g. audit policy) has already been deleted. (gardener/gardener@96fc32d)
  • [USER] An issue causing CoreDNS dashboard to show always 'No Data' is now fixed. (gardener/gardener@20dc1ac)
  • [USER] gardenlet no longer tries to deploy new resources in the Shoot namespace in the Seed when the corresponding namespace is marked for deletion (no new resources can be created in such namespace). (gardener/gardener@5967c29)
  • [OPERATOR] When disabling APIServerSNI feature gate, existing LoadBalancer ports from ManagedIstio are not removed until all existing SNI-enabled Shoot clusters are migrated. (gardener/gardener#3126, @mvladev)
  • [OPERATOR] istio-ingressgateway now uses KEEPALIVE to downstream LoadBalancers to prevent idle timeout issues. (gardener/gardener#3105, @mvladev)
  • [OPERATOR] apiserver-proxy now uses tcp keepalive every 55 seconds to prevent idle timeouts between it and the SNI LoadBalancer. (gardener/gardener#3093, @mvladev)
  • [OPERATOR] The federated seed controller syncing the ShootState is no longer sends events for ShootState resources as they are not evaluated in a meaningful way anyways. (gardener/gardener@e20f0f3)
  • [OPERATOR] An issue has been fixed which caused the logging stack to skip logs for certain extension pods. (gardener/gardener@ce92d4c)
  • [OPERATOR] An error has been fixed which caused the seed reconciliation (bootstrap) to fail if ManagedIstio is not enabled. (gardener/gardener@7750dc9)
  • [OPERATOR] A bug has been fixed that prevented the Loki HVPA recommendations from not being reverted. (gardener/gardener@eac7f29)
  • [OPERATOR] A bug has been fixed that caused the gardenlet to deploy further instances of itself with its own self-generated server certificate. It prevents undesired redeployments of these further instances. (gardener/gardener@0b51cbf)
  • [OPERATOR] Increase kube-controller-manager VPA minAllowed (gardener/gardener@92882ff)
  • [OPERATOR] The vpn deployment rolling strategy is improved so that the new pod is created before the old one is deleted. (gardener/gardener@16ffd5e)
  • [OPERATOR] A race condition in Gardener's helm chart (/charts/gardener/controlplane) has been fixed. Earlier, the deployed ValidatingWebhookConfiguration potentially blocked the creation of Gardener ServiceAccounts. The validation is now excluded from namespaces with the label app: gardener. (gardener/gardener@fccb4bf)
    • ℹ️ Please make sure you either let /charts/gardener/controlplane also deploy the garden namespace, or add the label app=gardener to the namespace yourself.
  • [OPERATOR] A cache issue preventing Shoot reference controller of gardener-controller-manager to do not reconcile sometimes references for newly created Shoots when the CachedRuntimeClients feature gate is enabled is now fixed. (gardener/gardener@2a320c8)

[gardener-resource-manager]

Improvements

Assets 3
Loading