Kubernetes-native system managing the full lifecycle of conformant Kubernetes clusters as a service on Alicloud, AWS, Azure, GCP, OpenStack, vSphere, KubeVirt, Hetzner, EquinixMetal, MetalStack, and OnMetal with minimal TCO.
OTHER License
Bot releases are hidden (Show)
Published by gardener-robot-ci-1 about 2 years ago
v1.25
+ .spec.kubernetes.allowPrivilegedContainers
should not be set. Please see here. (gardener/gardener#6570, @shafeeqes)KubeletConfiguration.Registry{PullQPS,Burst}
fields are configurable via Shoot.spec.{provider.workers[]}.kubernetes.kubelet.registry{PullQPS,Burst}
now. (gardener/gardener#6591, @timebertt)--cluster-signing-duration
value of the kube-controller-manager
in the garden cluster still applies, and the kubeconfig is renewed when 70%-90% of its validity expires. (gardener/gardener#6568, @rfranzke)ManagedSeed
e2e test has been enhanced with verifications for the three gardenlet kubeconfig rotation scenarios. (gardener/gardener#6568, @rfranzke)EveryNodeReady
condition on Shoot
s to become False
and complaining about outdated cloud configs on nodes during rolling updates. (gardener/gardener#6555, @rfranzke)etcd_object_counts
even for k8s >= 1.21 has been fixed. (gardener/gardener#6584, @vpnachev)resources.gardener.cloud/ignore
annotation value is fixed. (gardener/gardener#6603, @vpnachev)bin-packing
scheduling profile is used is now fixed. When the kube-apiserver fails to call the pod-scheduler-name.resources.gardener.cloud
webhook the corresponding Pod will be scheduled according to the default-scheduler
. (gardener/gardener#6610, @ialidzhikov)PodSecurity
admission plugin is provided in the Shoot spec, kube-system
is added to the exempted namespace. (gardener/gardener#6549, @shafeeqes)ExtensionsReady
condition for Seed
s will first be set to Progressing
instead of being directly set to False
when a ExtensionsReady
condition threshold is specified in the controllers.seedExtensionsCheck.conditionThresholds
configuration for the gardener controller manager and that threshold has not expired yet. (gardener/gardener#6551, @plkokanov)BackupBucketsReady
condition for Seed
s will first be set to Progressing
instead of being directly set to False
when a BackupBucketsReady
condition threshold is specified in the controllers.seedBackupBucketsCheck.conditionThresholds
configuration for the gardener controller manager and that threshold has not expired yet. (gardener/gardener#6587, @plkokanov)Progressing
to the ControllerInstallation
resource, which is maintained based on the ResourcesProgressing
condition of the ManagedResource
created for the ControllerInstallation
(gardener/gardener#6590, @plkokanov)ExtensionsReady
condition is evaluated, the ControllerInstallations
Progressing
condition is now also taken into account. When the Progressing
condition is not False
, the ExtensionsReady
condition will be evaluated to False
(gardener/gardener#6590, @plkokanov)registry.k8s.io
instead of k8s.gcr.io
, see the announcement. (gardener/gardener#6591, @timebertt)SecretBindingProviderValidation
feature gate is removed and can no longer be specified via the gardener-apiserver's --feature-gates
flags . (gardener/gardener#6593, @ialidzhikov)SeedKubeScheduler
feature gate is now deprecated in favor of the bin-packing
scheduling profile that can be configured for a Shoot referred by a ManagedSeed. (gardener/gardener#6599, @ialidzhikov)probeEtcd func()
to probe the corresponding Etcd by getting its Endpoint Status rather than just Get
a key. (gardener/etcd-backup-restore#523, @ishan16696)etcdbr_defragmentation_duration_seconds
, etcdbr_restoration_duration_seconds
, etcdbr_cluster_size
, etcdbr_is_learner
, etcdbr_is_learner_count_total
, etcdbr_add_learner_duration_seconds
, etcdbr_member_remove_duration_seconds
, etcdbr_member_promote_duration_seconds
. (gardener/etcd-backup-restore#522, @ishan16696)3.15.4
to 3.15.6
(gardener/etcd-backup-restore#520, @aaronfern)3.15.4
to 3.15.6
. (gardener/etcd-custom-image#24, @aaronfern)charts/druid
. (gardener/etcd-druid#296, @timuthy)make test-e2e
. Please see docs/development/local-e2e-tests.md
for detailed information. (gardener/etcd-druid#296, @timuthy)StorageClassName
value population if etcd storageClass is an empty string. (gardener/etcd-druid#400, @shreyas-s-rao)sts.spec.podManagementPolicy
not to be updated to Parallel
if an existing etcd cluster is scaled-up from 1 -> x
. This can cause an issue if the cluster is afterwards completely scaled-down (aka hibernation) and scaled-up again. (gardener/etcd-druid#406, @timuthy)sts.spec.serviceName
and sts.spec.podManagementPolicy
for older etcd
resources that had different values configured. These updates must only happen when a etcd cluster is scaled up for the first time (1 -> x
) because (a) then these values are mandatory and (b) a disruption is accepted. (gardener/etcd-druid#408, @timuthy)hostPath
configuration in the referenced backup secret etcd.spec.backup.store.secretRef
. (gardener/etcd-druid#412, @timuthy)etcd
container in such a case doesn't solve the situation and will rather end in an endless loop of restarts. This change will cause a restart of etcd clusters. (gardener/etcd-druid#424, @aaronfern)etcd
container in such a case doesn't solve the situation and will rather end in an endless loop of restarts. This change will cause a restart of etcd clusters. (gardener/etcd-druid#423, @timuthy)go 1.18.5
. (gardener/etcd-druid#410, @timuthy)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.55.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.55.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.55.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.55.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.55.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.55.0
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.55.0
Published by gardener-robot-ci-3 about 2 years ago
sts.spec.podManagementPolicy
not to be updated to Parallel
if an existing etcd cluster is scaled-up from 1 -> x
. This can cause an issue if the cluster is afterwards completely scaled-down (aka hibernation) and scaled-up again. (gardener/etcd-druid#406, @timuthy)etcd
container in such a case doesn't solve the situation and will rather end in an endless loop of restarts. This change will cause a restart of etcd clusters. (gardener/etcd-druid#424, @aaronfern)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.53.4
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.53.4
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.53.4
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.53.4
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.53.4
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.53.4
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.53.4
Published by gardener-robot-ci-3 about 2 years ago
sts.spec.podManagementPolicy
not to be updated to Parallel
if an existing etcd cluster is scaled-up from 1 -> x
. This can cause an issue if the cluster is afterwards completely scaled-down (aka hibernation) and scaled-up again. (gardener/etcd-druid#406, @timuthy)etcd
container in such a case doesn't solve the situation and will rather end in an endless loop of restarts. This change will cause a restart of etcd clusters. (gardener/etcd-druid#424, @aaronfern)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.54.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.54.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.54.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.54.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.54.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.54.1
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.54.1
Published by gardener-robot-ci-2 about 2 years ago
k8s.io/apiserver
module that causes gardener-apiserver to do not always return the expected result when the client requests resources with the --selector
/ --field-selector
flags. (gardener/gardener#6448, @ialidzhikov)Node/Worker Pool Overview
dashboard to fail to load due to invalid query is now fixed. (gardener/gardener#6410, @gardener-ci-robot)DNSRecords
not being reconciled. (gardener/gardener#6520, @gardener-ci-robot)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.51.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.51.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.51.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.51.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.51.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.51.1
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.51.1
Published by gardener-robot-ci-3 about 2 years ago
DNSRecords
not being reconciled. (gardener/gardener#6519, @gardener-ci-robot)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.52.3
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.52.3
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.52.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.52.3
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.52.3
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.52.3
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.52.3
Published by gardener-robot-ci-3 about 2 years ago
DNSRecords
not being reconciled. (gardener/gardener#6518, @gardener-ci-robot)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.53.3
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.53.3
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.53.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.53.3
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.53.3
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.53.3
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.53.3
Published by gardener-robot-ci-3 about 2 years ago
PodSecurityPolicy
admission plugin should be disabled before upgrading the shoot cluster to kubernetes v1.25
. Please refer Migrating to PodSecurity. (gardener/gardener#6431, @shafeeqes)shoots/binding
subresource, it is not possible anymore to specify .spec.seedName
during creation of Shoot
. (gardener/gardener#6454, @shafeeqes)Plant
resources before upgrading the Gardener
version to v1.54. (gardener/gardener#6472, @acumino)DNSProvider
extension kind was removed. Please make sure to remove any ControllerRegistrations
that include the DNSProvider
kind. If you are using the extension shoot-dns-service
, make sure to deploy the dns-controller-manager by extending its ControllerDeployment
(see Deployment of DNS controller manager). (gardener/gardener#6479, @MartinWeindel)go1.19
now. Make sure to upgrade your go installation. (gardener/gardener#6522, @timebertt)gardenlet
feature gate called DefaultSeccompProfile
is introduced. If enabled all Gardener managed workloads in the seed will have their seccomp profiles defaulted to "RuntimeDefault". (gardener/gardener#6450, @dimityrmirchev)gomegacheck
linter is now executed on make check
. Find out more in the docs. (gardener/gardener#6455, @timebertt)USE_EXISTING_GARDENER
, see doc. (gardener/gardener#6497, @timebertt)DNSRecords
not being reconciled. (gardener/gardener#6481, @nschad)BackupReady
condition of etcd
resources when calculating the health of shoot control planes. In case of non-functioning backups, the state is reported in the ControlPlaneHealthy
of the affected shoot. (gardener/gardener#6552, @timuthy)gardenlet
is now using scratch
instead of alpine
as a base image. (gardener/gardener#6556, @AleksandarSavchev)--audit-log-path
flag of Gardener API Server was changed from /tmp/audit.log
to /tmp/audit/audit.log
. (gardener/gardener#6557, @vpnachev)apiserver-proxy
, blackbox-exporter
, node-exporter
, kube-proxy
, node-local-dns
, node-problem-detector
, vpn-shoot
, coredns
, metrics-server
components now have their seccomp profiles set to "RuntimeDefault". (gardener/gardener#6450, @dimityrmirchev)eu.gcr.io/gardener-project/gardener/ingress-default-backend:0.11.0
. (gardener/gardener#6521, @acumino)machine-controller-manager
version deployed by provider-local
has been updated to v0.46.1
. (gardener/gardener#6545, @timuthy)networking-calico
version deployed by provider-local
has been updated to v1.26.0
. (gardener/gardener#6545, @timuthy)alpine:3.16.1
to alpine:3.16.2
. (gardener/gardener#6492, @oliver-goetz)terraformer
pods now use PriorityClass
gardener-system-300
. (gardener/gardener#6515, @timebertt)distroless
instead of alpine
as a base image. (gardener/ext-authz-server#7, @DockToFuture)ext-authz-server
are now multi-arch ready. They support linux/amd64
and linux/arm64
. (gardener/ext-authz-server#6, @timuthy)--seed-event-namespaces
and --shoot-event-namespaces
like comma-separated values. (gardener/logging#142, @vlvasilev)
--seed-event-namespace
and --shoot-event-namespace
are dropped.__gardener_multitenant_id__
label when it is not needed (gardener/logging#147, @vlvasilev)IdLabelName
from the plugin configuration. (gardener/logging#148, @vlvasilev)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.54.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.54.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.54.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.54.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.54.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.54.0
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.54.0
Published by gardener-robot-ci-1 about 2 years ago
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.53.2
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.53.2
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.53.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.53.2
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.53.2
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.53.2
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.53.2
Published by gardener-robot-ci-1 about 2 years ago
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.53.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.53.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.53.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.53.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.53.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.53.1
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.53.1
Published by gardener-robot-ci-3 about 2 years ago
SecretBindingProviderValidation
feature gate of gardener-apiserver
is promoted to GA and is now unconditionally enabled. (gardener/gardener#6429, @ialidzhikov)logging.loki.garden.priority
field is removed from gardenlet's component config as it is no longer used after the new concept for PriorityClasses in Gardener. (gardener/gardener#6465, @ialidzhikov)event-logger
is introduced, which collects logs from shoot control-plane
and shoot kube-system
. (gardener/gardener#6223, @vlvasilev)
k8s.io/apiserver
module that causes gardener-apiserver to do not always return the expected result when the client requests resources with the --selector
/ --field-selector
flags. (gardener/gardener#6443, @ialidzhikov)gardenlet
helm chart deployment to fail is fixed. (gardener/gardener#6432, @acumino)v1.22.12-gke.300
) is now fixed. (gardener/gardener#6468, @ialidzhikov)backup-restore
sidecar to determine whether the owner domain name resolves to the specified owner ID and if not, take a final full snapshot and disable the cluster), will no longer be enabled by gardenlet
, if the HAControlPlanes
feature gate is enabled, the Shoot
is annotated with alpha.control-plane.shoot.gardener.cloud/high-availability
and the Shoot
's ETCDs are started as a cluster (with more than 1 replica). (gardener/gardener#6412, @plkokanov)node-problem-detector
image is updated from k8s.gcr.io/node-problem-detector/node-problem-detector:v0.8.7
to eu.gcr.io/gardener-project/3rd/node-problem-detector:v0.8.10-gardener.1
. (gardener/gardener#6415, @acumino)eu.gcr.io/gardener-project/gardener/autoscaler/cluster-autoscaler
: v1.22.2
-> v1.23.1
(for Kubernetes >= 1.23
)eu.gcr.io/gardener-project/gardener/autoscaler/cluster-autoscaler
: v1.20.2
-> v1.20.3
(for Kubernetes 1.20
)eu.gcr.io/gardener-project/gardener/autoscaler/cluster-autoscaler
: v1.21.2
-> v1.21.3
(for Kubernetes 1.21
)eu.gcr.io/gardener-project/gardener/autoscaler/cluster-autoscaler
: v1.22.2
-> v1.22.3
(for Kubernetes 1.22
)SeedChange
and CopyEtcdBackupsDuringControlPlaneMigration
feature gates have been promoted to beta and are now enabled by default. (gardener/gardener#6452, @plkokanov)k8s.gcr.io/dns/k8s-dns-node-cache
: 1.22.5
-> v1.22.8
gardener-system-500
for etcd, as per https://github.com/gardener/gardener/issues/5634. (gardener/gardener#6467, @shreyas-s-rao)dependency-watchdog
from endpointsleases
to leases
. (gardener/dependency-watchdog#44, @ary1992)linux/amd64
and linux/arm64
. (gardener/dependency-watchdog#57, @timuthy)dependency-watchdog.gardener.cloud/ignore-scaling
to the deployment (gardener/dependency-watchdog#48, @himanshu-kun)dependency-watchdog
now uses distroless
instead of alpine
as a base image. (gardener/dependency-watchdog#59, @dimityrmirchev)membergarbagecollector
to remove superfluous members from the ETCD cluster. Due to this, etcd-backup-restore now needs permissions to list pods
and statefulsets
. (gardener/etcd-backup-restore#403, @aaronfern)Backup-Restore
component to connect to the wrong etcd cluster for initializing and member-add procedures. (gardener/etcd-backup-restore#510, @timuthy)--service-endpoints
has been added to the etcdbrctl server
command. These (Kubernetes) service URLs ensure that etcd-backup-restore
only connects to etcd member which are ready to server traffic. Especially the MemberAdd
and Init
steps require this. (gardener/etcd-backup-restore#513, @timuthy)linux/amd64
and linux/arm64
. (gardener/etcd-backup-restore#499, @timuthy)Alpine 3.15.4
. (gardener/etcd-backup-restore#499, @timuthy)etcd-druid
in its container image has been modified. (gardener/etcd-druid#360, @dimityrmirchev)etcd
Statefulsets are not claimed anymore based on labels. Instead, the statefulsets are fetched using Name and Namespace combination. Thus, etcd.spec.selector
does not have an effect on statefulsets anymore. (gardener/etcd-druid#365, @abdasgupta)StorageClassName
value population if etcd storageClass is an empty string. (gardener/etcd-druid#401, @shreyas-s-rao)PodManagementPolicy
was trying to be updated from OrderedReady
to Parallel
for older shoots (created using etcd-druid:v0.8.5 and before), but the statefulset forbids updates to this field. (gardener/etcd-druid#402, @shreyas-s-rao)spec.ServiceName
to PeerServiceName
by default, although older single-node etcds would have this field set to ClientServiceName
, and updation of statefulset spec.ServiceName
field is forbidden. (gardener/etcd-druid#403, @shreyas-s-rao)etcd-backup-restore
side-car to connect to the etcd cluster via the peer-service
URL. The side-car is supposed to use the client-service
instead since it a) exposes client port 2379
and b) redirects traffic only to members which are ready to service traffic. (gardener/etcd-druid#388, @timuthy)liveness
and readiness
probes of etcd
to always succeed even though an error was reported. This prevented defective etcd pods from being restarted automatically and caused unready candidates being considered as ready to serve traffic via the etcd service
. (gardener/etcd-druid#396, @timuthy)startup
probe has been added to etcd
to allow 2 minutes of initialization time before checking for etcd liveness. (gardener/etcd-druid#396, @timuthy)etcd.status.ready
field was defined more precisely due to changed semantics of multi-node etcd clusters. etcd.status.ready
is true
whenever all underlying etcd replicas are ready. Please note, that the implementation for this check was not changed. (gardener/etcd-druid#389, @timuthy)config/default/manager_image_patch.yaml
. (gardener/etcd-druid#397, @aaronfern)BackupReady
to the etcd status (gardener/etcd-druid#271, @aaronfern)ETCDCTL_API=3 etcdctl get foo --consistency=s
making the consistency serializable
. (gardener/etcd-druid#357, @ishan16696)5
for both livenessProbe and readinessProbe of etcd. (gardener/etcd-druid#357, @ishan16696)etcd-druid
now uses distroless
instead of alpine
as a base image. (gardener/etcd-druid#360, @dimityrmirchev)etcd-druid
will now also add statefulset permissions to the etcd role (gardener/etcd-druid#366, @aaronfern)linux/amd64
and linux/arm64
. (gardener/etcd-druid#367, @timuthy)etcd-backup-restore
to get/list/watch pods (gardener/etcd-druid#372, @aaronfern)1.18.4.
. (gardener/etcd-druid#375, @timuthy)config/default/manager_image_patch.yaml
to match the current release. (gardener/etcd-druid#377, @timuthy)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.53.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.53.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.53.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.53.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.53.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.53.0
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.53.0
Published by gardener-robot-ci-1 about 2 years ago
k8s.io/apiserver
module that causes gardener-apiserver to do not always return the expected result when the client requests resources with the --selector
/ --field-selector
flags. (gardener/gardener#6447, @gardener-ci-robot)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.52.2
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.52.2
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.52.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.52.2
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.52.2
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.52.2
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.52.2
Published by gardener-robot-ci-1 about 2 years ago
gardenlet
helm chart deployment to fail is fixed. (gardener/gardener#6437, @acumino)Published by gardener-robot-ci-3 about 2 years ago
kubernetesLogLevel
has been removed from all component configsControllerManagerConfiguration.server.http
has been split into server.{healthProbes,metrics}
(health endpoints and metrics are now served on different ports)ControllerManagerConfiguration.server.https
has been removedgardener-controller-manager
serves health endpoints and metrics on different ports now. Adapt your scrape configs accordingly to port metrics
. (gardener/gardener#6333, @timebertt)DisableDNSProviderManagement
feature gate has been promoted to GA and is now unconditionally enabled. If the shoot-dns-service
extension is deployed, please make sure following prerequistes are given for a smoothly transition: (gardener/gardener#6341, @MartinWeindel)
shoot-dns-service
extension must be installed in a version >= v1.20.0
.shoot-dns-service
sets providerConfig.values.dnsProviderManagement.enabled=true
gardener-extension-admission-shoot-dns-service
) is deployed on the garden clusterdns-external
extension must still be installedshoot.gardener.cloud/use-as-seed
annotation (since v1.18.0) is no longer supported for creating Shooted Seed clusters. Please check the following documentation on how to migrate from the use-as-seed
annotation to ManagedSeeds
. Before updating to this version of Gardener, make sure that you migrated to ManagedSeeds
and that you no longer have usages of the use-as-seed
annotation on the landscape. (gardener/gardener#6379, @ialidzhikov)github.com/gardener/gardener/extensions/pkg/controller/healthcheck/config
to github.com/gardener/gardener/extensions/pkg/apis/config
(gardener/gardener#6276, @oliver-goetz)hack/install-requirements.sh
is removed. You can use hack/tools.mk
to install tools needed for development and CI. (gardener/gardener#6323, @timebertt)Actuator
interfaces for extension controllers have been extended and now receive a logr.Logger
passed from the reconciler with the proper context of the reconciled object. (gardener/gardener#6332, @rfranzke)pkg/controllerutils/mapper
have changed to support the simple injection of a proper context and logger. (gardener/gardener#6358, @rfranzke)Shoot
maintenance controller has been enhanced to auto-update the machine image of the worker pool in a Shoot
based on the CPU architecture of the machines. (gardener/gardener#6327, @acumino)ManagedResource
is annotated with resources.gardener.cloud/skip-health-check=true
then the resource will be skipped during health checks by the health controller. The ManagedResource conditions will not reflect the health condition of this resource anymore. The ResourcesProgressing
condition will also be set to False
. (gardener/gardener#6309, @shafeeqes)expander: priority
for cluster-autoscaler (gardener/gardener#6372, @voelzmo)Node/Worker Pool Overview
dashboard to fail to load due to invalid query is now fixed. (gardener/gardener#6406, @Sallyan)gardenlet
to panic in case of shoot using namespace which doesn't have the required project label is fixed. (gardener/gardener#6408, @acumino)./hack/tools.mk
has been fixed for ARM64 based Linux machines. (gardener/gardener#6314, @timuthy)eu.gcr.io/gardener-project/gardener/autoscaler/cluster-autoscaler
: v1.20.1
-> v1.20.2
(for Kubernetes < 1.21
)eu.gcr.io/gardener-project/gardener/autoscaler/cluster-autoscaler
: v1.21.1
-> v1.21.2
(for Kubernetes 1.21
)eu.gcr.io/gardener-project/gardener/autoscaler/cluster-autoscaler
: v1.21.1
-> v1.22.2
(for Kubernetes >= 1.22
)WorkerPoolKubernetesVersion
feature gate is now removed. (gardener/gardener#6354, @rfranzke)API Server
dashboard in Grafana now shows the actual DB size per instance (etcd-main
, etcd-events
). Earlier those values were summed up and distorted if more than one kube-apiserver replica existed in the control plane. (gardener/gardener#6376, @timuthy)ShootSpec
by setting the AdmissionPlugin.Disabled field to true
. (gardener/gardener#6403, @shafeeqes)DNSEntries
to allow specifying routing policy (gardener/gardener#6414, @MartinWeindel)alpine:3.15.4
to alpine:3.16.0
. (gardener/gardener#6321, @ialidzhikov)metric-server
image is updated to v0.6.1
(gardener/gardener#6338, @oliver-goetz)apiserver-proxy-pod-webhook
now uses distroless
instead of alpine
as a base image. (gardener/apiserver-proxy#18, @dimityrmirchev)membergarbagecollector
to remove superfluous members from the ETCD cluster. Due to this, etcd-backup-restore now needs permissions to list pods
and statefulsets
. (gardener/etcd-backup-restore#403, @aaronfern)IsMemberInCluster()
which can cause Scaleup feature to get fail. (gardener/etcd-backup-restore#501, @ishan16696)membergarbagecollector
to remove superfluous members from the ETCD cluster. (gardener/etcd-backup-restore#403, @aaronfern)linux/amd64
and linux/arm64
. (gardener/etcd-backup-restore#499, @timuthy)Alpine 3.15.4
. (gardener/etcd-backup-restore#499, @timuthy)ETCDCTL_API=3 etcdctl get foo --consistency=s
making the consistency serializable
. (gardener/etcd-druid#357, @ishan16696)5
for both livenessProbe and readinessProbe of etcd. (gardener/etcd-druid#357, @ishan16696)etcd-druid
now uses distroless
instead of alpine
as a base image. (gardener/etcd-druid#360, @dimityrmirchev)etcd-druid
will now also add statefulset permissions to the etcd role (gardener/etcd-druid#366, @aaronfern)linux/amd64
and linux/arm64
. (gardener/etcd-druid#367, @timuthy)BackupReady
to the etcd status (gardener/etcd-druid#271, @aaronfern)etcd-backup-restore
to get/list/watch pods (gardener/etcd-druid#372, @aaronfern)ControlledValues: RequestsOnly
is set (gardener/hvpa-controller#98, @voelzmo)linux/amd64
and linux/arm64
. (gardener/hvpa-controller#101, @timuthy)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.52.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.52.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.52.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.52.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.52.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.52.0
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.52.0
Published by gardener-robot-ci-3 over 2 years ago
failurePolicy=Ignore
. (gardener/gardener#6289, @gardener-ci-robot)Published by gardener-robot-ci-1 over 2 years ago
Published by gardener-robot-ci-1 over 2 years ago
Published by gardener-robot-ci-3 over 2 years ago
SecretBindingProviderValidation
feature gate of gardener-apiserver
is now promoted to beta and enabled by default. This enables the following validations: (gardener/gardener#6240, @ialidzhikov)
SecretBinding
to be set (on SecretBinding
creation)SecretBinding
provider type to match the Shoot
provider type (on Shoot
creation)SecretBinding
ManagedSeed
tests (including the related TestDefinition
s in the .test-defs
directory) have been deleted in favor of new e2e tests. (gardener/gardener#6293, @rfranzke)ShootMaxTokenExpiration{Overwrite,Validation}
and RotateSSHKeypairOnMaintenance
feature gates have been removed. (gardener/gardener#6241, @rfranzke)ShootCARotation
and ShootSARotation
feature gates have been promoted to beta and are now enabled by default. Make sure that all provider extensions registered to your system support these features before upgrading to this Gardener version. (gardener/gardener#6252, @rfranzke)1.20
. Make sure to upgrade your clusters to at least 1.20
before deploying this Gardener version. (gardener/gardener#6255, @rfranzke)PreReconcileHook
, PostReconcileHook
, PreDeleteHook
, PostDeleteHook
. The functions DeployMachineDependencies
and CleanupMachineDependencies
are now deprecated and will be removed in a future release. The logic of those deprecated functions can be moved to the respective pre/post hook functions. (gardener/gardener#6290, @dkistner)containerd
configuration for shoot worker nodes, please take a look at this document for more information. (gardener/gardener#6293, @rfranzke)bin-packing
profile (alpha feature). For more details see the usage docs. (gardener/gardener#6251, @ialidzhikov)ShootNodeLocalDNSEnabledByDefault
admission plugin of the gardener-apiserver
(disabled by default) controls whether the .spec.systemComponents.nodeLocalDNS.enabled
field for newly created Shoot
resources is defaulted to true
. Existing Shoot
s are not modified. Shoot's can still explicitly disable the node local dns cache by setting .spec.systemComponents.nodeLocalDNS.enabled=false
. See this document. (gardener/gardener#6279, @DockToFuture)provider-local
does now support ManagedSeed
s in the Skaffold
-based environment. (gardener/gardener#6293, @rfranzke)failurePolicy=Ignore
. (gardener/gardener#6277, @rfranzke)ManagedResources
are more reliable now when updating resources in the referenced secrets. (gardener/gardener#6136, @ary1992)Shoot
's control plane namespace to be orphaned. This could happen when control plane migration is triggered, but does not start because the destination Seed
is not Ready
yet, and meanwhile the Shoot
is deleted. (gardener/gardener#6206, @plkokanov)PATCH
to machine.status.node
during restoration of machine objects. (gardener/gardener#6205, @plkokanov)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.51.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.51.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.51.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.51.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.51.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.51.0
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.51.0
Published by gardener-robot-ci-3 over 2 years ago
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.50.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.50.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.50.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.50.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.50.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.50.1
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.50.1
Published by gardener-robot-ci-3 over 2 years ago
spec.seedName
for Shoot
s is now possible only via the new shoots/binding
subresource. Patches to spec.seedName
in the Shoot
will not have any effect anymore. Please see this document for more information. (gardener/gardener#6018, @shafeeqes)WorkerPoolKubernetesVersion
feature gate has been promoted to GA and is now unconditionally enabled. Make sure that all provider extensions registered to your system support this feature before upgrading to this Gardener version. (gardener/gardener#6166, @rfranzke)spec.seedName
field in the shoot manifest will be rejected. Please use the shoots/binding
subresource instead. (gardener/gardener#6179, @shafeeqes)DisableDNSProviderManagement
feature gate has been promoted to beta and is now enabled by default. If you are using the Gardener extension shoot-dns-service
make sure to deploy version >= v1.20.0
and to set providerConfig.values.dnsProviderManagement.enabled=true
in its controller deployment. The shoot DNS service admission controller (gardener-extension-admission-shoot-dns-service
) must be deployed on the garden cluster. (gardener/gardener#6142, @MartinWeindel)./extensions/test
have been moved to ./test
package, Please adapt the import paths accordingly: (gardener/gardener#6158, @shafeeqes)
https://github.com/gardener/gardener/tree/master/extensions/test/testmachinery
has been moved to https://github.com/gardener/gardener/tree/master/test/testmachinery/extensions
https://github.com/gardener/gardener/tree/master/extensions/test/integration
has been moved to https://github.com/gardener/gardener/tree/master/test/integration/extensions/controller
PriorityClasses
that are supposed to be used by all components in order to improve the overall robustness of the system. (gardener/gardener#6186, @timebertt)
PriorityClasses
and drop custom ones.PriorityClass
gardener-shoot-controlplane
is deprecated and will be removed in a future release.1y
, a new constraint of type CACertificateValiditiesAcceptable
will be visible in the .status.constraints
to make end-users aware that a rotation should be performed. (gardener/gardener#6149, @rfranzke)Shoot
API now supports a new field spec.provider.workers[].machine.architecture
. It specifies the CPU architecture of the machine in a given worker pool of shoot. It must match the architecture of the used machine type and machine image as defined in the referenced CloudProfile
. (gardener/gardener#6233, @acumino)Shoot
resources when credentials rotation is due or when the static token kubeconfig is used. (gardener/gardener#6110, @rfranzke)shoot.gardener.cloud/cloud-config-execution-max-delay-seconds
annotation on the Shoot
resource (default: 300
). (gardener/gardener#6124, @rfranzke)architectures
. It is a list of CPU architecture of machines on which one image can be used. If not specified images are considered to support both amd64
and arm64
CPU architecture. (gardener/gardener#6156, @acumino)--secure-port
flag of the Gardener API Server can now be configured through the helm chart by setting .Values.global.apiserver.securePort
. The default value is 8443
. The service exposing the Gardener API Server deployment will continue to listen on port 443
. (gardener/gardener#6170, @dimityrmirchev)SeedKubeScheduler
: gardenlet
does now support the SeedKubeScheduler
feature gate to be enabled for K8s 1.24
Seed clusters. (gardener/gardener#6173, @ialidzhikov)CloudProfile
s now supports two new fields .spec.machineImages[].architectures
and .spec.machineTypes[].architecture
. (gardener/gardener#6178, @acumino)
.spec.machineImages[].architectures
- It is a list of CPU architectures of the machine image supported by the particular machine image version..spec.machineTypes[].architecture
- It specifies the CPU architecture of the given machine type..spec.pools[].architecture
. It specifies the CPU architecture of the machine in the given worker pool. (gardener/gardener#6178, @acumino)gardenlet
remediate problematic webhooks in shoot clusters by setting .controllers.shootCare.webhookRemediatorEnabled=true
in its configuration file. (gardener/gardener#6090, @rfranzke)gardener-apiserver
, gardener-controller-manager
, gardener-scheduler
, gardener-admission-controller
, gardener-seed-admission-controller
and gardener-resource-manager
are now using gcr.io/distroless/static-debian11:nonroot
instead of versions of alpine
as a base image. (gardener/gardener#6159, @dimityrmirchev)embed.FS
). The Render
method of the chartrenderer.Interface
in favour of RenderEmbeddedFS
. The Apply
/Delete
methods of the kubernetes.ChartApplier
interfaces are deprecated and in favor of {Apply,Delete}FromEmbeddedFS
. They will be removed in a future version. You should consider adapting your code to the newly introduced methods. (gardener/gardener#6165, @rfranzke)rotate-{credentials,etcd-encryption-key,serviceaccount-key}-{start,complete}
. (gardener/gardener#6148, @rfranzke)gardenlet
pods from coming up in case the projected-token-mount
webhook served by gardener-resource-manager
is unavailable or broken. (gardener/gardener#6175, @rfranzke)ERR_CLEANUP_CLUSTER_RESOURCES
error code to Shoot
s. (gardener/gardener#6202, @rfranzke)shoots/binding
subresource, please see https://github.com/gardener/gardener/blob/master/docs/usage/control_plane_migration.md#triggering-the-migration (gardener/gardener#6179, @shafeeqes)node-exporter
to v1.3.1
(gardener/gardener#6171, @wyb1)eu.gcr.io/gardener-project/gardener/autoscaler/cluster-autoscaler:
v0.19.0
-> v1.20.1
(for Kubernetes < 1.20
)eu.gcr.io/gardener-project/gardener/autoscaler/cluster-autoscaler:
v1.20.0
-> v1.20.1
(for Kubernetes 1.20
)eu.gcr.io/gardener-project/gardener/autoscaler/cluster-autoscaler:
v1.21.0
-> v1.21.1
(for Kubernetes 1.21
)eu.gcr.io/gardener-project/gardener/autoscaler/cluster-autoscaler
: v1.21.0
-> v1.22.1
(for Kubernetes >= 1.22
)allow-to-dns
networkpolicy to also work with node local dns in cilium case. (gardener/gardener#6181, @DockToFuture)diskstats
collector for the node_exporter (gardener/gardener#6183, @wyb1)CachedRuntimeClients
, AdminKubeconfigRequest
, DenyInvalidExtensionResources
and UseDNSRecords
feature gates are removed and can no longer be specified via the --feature-gates
flags. (gardener/gardener#6193, @ialidzhikov)--audit-log-path
of Gardener API Server was changed from /var/lib/audit.log
to /tmp/audit.log
so that a nonroot
user can access it without additional permissions. (gardener/gardener#6204, @vpnachev)k8s.gcr.io/pause
instead of gcr.io/google_containers/pause-amd64
. (gardener/gardener#6238, @acumino)NetworkPolicy/allow-to-private-networks
now allows access to networks overlapping the shoot networks in case reversed VPN is active. (gardener/gardener#6143, @ScheererJ)kube-apiserver
and prometheus
pods are no longer allowed to access shoot networks in case reversed VPN is active. (gardener/gardener#6143, @ScheererJ)make
targets that can be used to setup the skaffold
test environment and trigger e2e integration tests: make ci-e2e-kind
can be used to trigger the default e2e integration tests; make ci-e2e-kind-migration
can be used to trigger the control plane migration e2e test. (gardener/gardener#5987, @kris94)k8s.io/*
is now upgraded to v0.24.1
and sigs.k8s.io/controller-runtime
is now upgraded to v0.12.1
. (gardener/gardener#6101, @kris94)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.50.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.50.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.50.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.50.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.50.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.50.0
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.50.0
Published by gardener-robot-ci-3 over 2 years ago
gardenlet
pods from coming up in case the projected-token-mount
webhook served by gardener-resource-manager
is unavailable or broken. (gardener/gardener#6228, @gardener-ci-robot)ERR_CLEANUP_CLUSTER_RESOURCES
error code to Shoot
s. (gardener/gardener#6213, @gardener-ci-robot)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.48.6
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.48.6
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.48.6
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.48.6
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.48.6
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.48.6
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.48.6