Bot releases are hidden (Show)

gardener - v1.49.3

Published by gardener-robot-ci-1 over 2 years ago

[gardener]

🐛 Bug Fixes

[OPERATOR] A bug has been fixed which could prevent gardenlet pods from coming up in case the projected-token-mount webhook served by gardener-resource-manager is unavailable or broken. (gardener/gardener#6229, @gardener-ci-robot)
[OPERATOR] A bug has been fixed which prevented the assignment of the ERR_CLEANUP_CLUSTER_RESOURCES error code to Shoots. (gardener/gardener#6214, @gardener-ci-robot)

Docker Images

admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.49.3
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.49.3
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.49.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.49.3
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.49.3
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.49.3
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.49.3

gardener - v1.47.2

Published by gardener-robot-ci-1 over 2 years ago

[gardener]

🐛 Bug Fixes

[OPERATOR] A bug has been fixed which prevented the assignment of the ERR_CLEANUP_CLUSTER_RESOURCES error code to Shoots. (gardener/gardener#6212, @gardener-ci-robot)
[OPERATOR] A bug has been fixed which could prevent gardenlet pods from coming up in case the projected-token-mount webhook served by gardener-resource-manager is unavailable or broken. (gardener/gardener#6230, @gardener-ci-robot)

🏃 Others

[USER] The version of the nginx-ingress-controller addon has been bumped to 1.2.1 for shoots and seeds >= 1.22. (gardener/gardener#6117, @gardener-ci-robot)

Docker Images

admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.47.2
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.47.2
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.47.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.47.2
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.47.2
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.47.2
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.47.2

gardener - v1.49.2

Published by gardener-robot-ci-3 over 2 years ago

[gardener]

🐛 Bug Fixes

[OPERATOR] A bug has been fixed which prevented the etcd defragmentation from running properly. This fix will cause a restart of all etcd instances during the next maintenance time window. (gardener/gardener#6185, @gardener-ci-robot)

Docker Images

admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.49.2
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.49.2
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.49.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.49.2
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.49.2
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.49.2
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.49.2

gardener - v1.48.5

Published by gardener-robot-ci-2 over 2 years ago

[gardener]

🐛 Bug Fixes

[USER] Allow updates of old shoot clusters that were already created with an invalid default domain before the validation was introduced. (gardener/gardener#6146, @gardener-ci-robot)

Docker Images

admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.48.5
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.48.5
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.48.5
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.48.5
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.48.5
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.48.5
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.48.5

gardener - v1.49.1

Published by gardener-robot-ci-3 over 2 years ago

[gardener]

🐛 Bug Fixes

[USER] It is no longer possible to perform the following shoot operations when it is hibernated: rotate-{credentials,etcd-encryption-key,serviceaccount-key}-{start,complete}. (gardener/gardener#6153, @gardener-ci-robot)
[USER] Allow updates of old shoot clusters that were already created with an invalid default domain before the validation was introduced. (gardener/gardener#6145, @gardener-ci-robot)

Docker Images

admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.49.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.49.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.49.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.49.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.49.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.49.1
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.49.1

gardener - v1.49.0

Published by gardener-robot-ci-2 over 2 years ago

[gardener]

⚠️ Breaking Changes

[DEPENDENCY] The "github.com/gardener/gardener/pkg/extensions/pkg/controller.IsHibernated" func has now changed its semantics. Previously the func was returning whether the hibernation is only enabled (.spec.hibernation.enabled=true). Now the func is returning whether the Shoot is hibernated (.spec.hibernation.enabled=true and .status.isHibernated=true). (gardener/gardener#6054, @unmarshall)

✨ New Features

[USER] NodeLocalDNS can now be enabled via the shoot specification, nodes are rolled in case NodeLocalDNS is switched. Each node gets an additional label indicating the state of NodeLocalDNS at this node. (gardener/gardener#6057, @ScheererJ)
[USER] When annotating shoots with gardener.cloud/operation or maintenance.gardener.cloud/operation apiserver now validates if the respective operations are supported. (gardener/gardener#6070, @oliver-goetz)
[OPERATOR] A full snapshot of etcd-main is now triggered after all Secret were encrypted with the new key after ETCD encryption key rotation. (gardener/gardener#6064, @rfranzke)
[OPERATOR] Introduce feature gate HAControlPlanes in alpha state for gardenlet and gardener-scheduler. ⚠️ This comes with a change to the certs used, which will cause a restart of the etcds. (gardener/gardener#5741, @shreyas-s-rao)

🐛 Bug Fixes

[USER] A bug has been fixed which could have caused orphaned ServiceAccount token Secrets after the rotation of the signing key. (gardener/gardener#6063, @rfranzke)
[USER] A bug has been fixed which might cause ServiceAccounts to still reference old static token Secrets after the rotation of the ServiceAccount signing key. (gardener/gardener#6078, @rfranzke)
[USER] A bug has been fixed which could allow the gardenlet performing rotation of certificate authorities or ServiceAccount signing keys even if the respective feature gates were disabled. (gardener/gardener#6079, @rfranzke)
[OPERATOR] Fixed a bug with the gardener.cloud/operation: renew-kubeconfig annotation for ManagedSeed resources, which caused the corresponding gardenlet to break when the annotation was set. (gardener/gardener#6069, @Diaphteiros)
[OPERATOR] A bug was fixed which caused current, accidental resource limit values for the loki container of the loki component, to be established as fixed limits, in place of the correct absolute limit value. (gardener/gardener#6100, @andrerun)
[OPERATOR] A bug has been fixed which can cause the gardener-resource-manager deployment in the shoot namespaces to mount a ServiceAccount token secret from a different namespace. (gardener/gardener#6109, @rfranzke)
[DEVELOPER] A bug has been fixed which prevented extension controllers to register shoot webhooks only (w/o any seed webhooks). (gardener/gardener#6086, @DockToFuture)
[DEVELOPER] Fix a bug causing nil pointer exceptions when configuring the webhook server for local development (gardener/gardener#6087, @kon-angelo)
[DEPENDENCY] The generic Worker actuator now scales up machine-controller-manager Deployment when Shoot is hibernating (or waking up) and machine-controller-manager Deployment is already scaled down by external actor (dependency-watchdog). (gardener/gardener#6054, @unmarshall)

📖 Documentation

[OPERATOR] Logging usage documentation is updated. (gardener/gardener#6055, @vlvasilev)

🏃 Others

[USER] The version of the nginx-ingress-controller addon has been bumped to 1.2.1 for shoots and seeds >= 1.22. (gardener/gardener#6115, @timebertt)
[OPERATOR] making blackbox-exporter on shoots highly-available, to prevent false positive alerts during rollouts of blackbox-exporter, apiserver-proxy and worker nodes (gardener/gardener#6025, @bd3lage)
[OPERATOR] Combine systemd services logs in one Loki stream except docker, containerd, kubelet, and kernel. (gardener/gardener#6055, @vlvasilev)
[OPERATOR] Update coredns to v1.9.3. (gardener/gardener#6071, @ScheererJ)
[OPERATOR] Gardener landscape administrators are now provided with serviceaccountmanager permissions, i.e. they can manage service accounts and issue tokens for them. (gardener/gardener#6093, @vpnachev)
[OPERATOR] If you use multi-zonal seed clusters (those labelled with seed.gardener.cloud/multi-zonal), then the Gardener Scheduler will only consider them for multi-zonal shoot clusters. Normal or single-zonal shoot clusters will not be scheduled there. (gardener/gardener#6105, @timuthy)
[OPERATOR] Node local dns components will stay in the cluster until after the node roll out of a node local dns switch and be cleaned up in the next reconcile. (gardener/gardener#6107, @ScheererJ)
[OPERATOR] Increased the VPA Recommender log level to v=3. (gardener/gardener#6108, @voelzmo)
[OPERATOR] Upgrade grafana to 7.5.16 (gardener/gardener#6119, @wyb1)
[OPERATOR] Fix the "Target" variable of the vpa-recommendations dashboard (gardener/gardener#6129, @istvanballok)

[etcd-backup-restore]

🐛 Bug Fixes

[OPERATOR] Throw Fatal error to avoid edge case potential deadlocks. (gardener/etcd-backup-restore#471, @ishan16696)

🏃 Others

[OPERATOR] Introducing a timeout timeoutToOpenBoltDB to open boltDB within a given time, so backup-restore won't have to wait for ever. (gardener/etcd-backup-restore#480, @ishan16696)
[OPERATOR] When the owner check fails, etcd-backup-restore will restart the etcd process right before attempting to take a final snapshot, if the owner check was previously successful. (gardener/etcd-backup-restore#478, @plkokanov)
[OPERATOR] Fixed retrieval of credentials during copy operation for backups stored in Swift snapstore. (gardener/etcd-backup-restore#476, @plkokanov)
[OPERATOR] ETCD won't restart from the PVC if it is wrongly mounted to the pod (gardener/etcd-backup-restore#468, @abdasgupta)
[OPERATOR] OCS S3 Snapstore now supports supplying access information via a mounted secret. (gardener/etcd-backup-restore#465, @Wieneo)

📰 Noteworthy

[OPERATOR] Multi-node etcd bootstrapping is now supported. This is an alpha feature intended for initial use and evaluation. Please do not enable this feature for your productive workloads (gardener/etcd-backup-restore#419, @abdasgupta)
- Multi-node etcd restoration from backup buckets is not supported
- Intended to work only with etcd-druid v0.9.x and beyond
- Intended to work only with etcd-custom-image v3.4.13-bootstrap-4 and beyond
[OPERATOR] An initial-cluster field is now expected in the ETCD config (gardener/etcd-backup-restore#482, @abdasgupta)

[etcd-custom-image]

🏃 Others

[OPERATOR] The base image of etcd has been set to Alpine 3.15.4. (gardener/etcd-custom-image#18, @timuthy)

[etcd-druid]

⚠️ Breaking Changes

[OPERATOR] If Spec.Replicas in ETCD CR is greater than 0 and a even number, then no statefulset for ETCD nodes will be created and so the ETCD cluster won't be setup by Druid (gardener/etcd-druid#314, @abdasgupta)
[OPERATOR] Introduced separate TLS config for client and peer communication with ETCD cluster. The previous Etcd resource field spec.etcd.tls is now deprecated and removed. (gardener/etcd-druid#314, @abdasgupta)

✨ New Features

[USER] Add SchedulingConstraints field to Etcd spec. The currently supported constraints are Affinity and TopologySpreadConstraints. (gardener/etcd-druid#329, @shreyas-s-rao)

🐛 Bug Fixes

[OPERATOR] A bug has been fixed which prevented the ServiceAccount's automountServiceAccountToken field from being reconciled. (gardener/etcd-druid#316, @rfranzke)
[OPERATOR] A bug has been fixed that deleted member lease objects in all namespaces. With this release member lease renewals are enabled again. (gardener/etcd-druid#353, @timuthy)

📖 Documentation

[DEPENDENCY] Paths transformations in .docforge/manifest.yaml for simplification (gardener/etcd-druid#302, @Kostov6)

🏃 Others

[OPERATOR] Deployed configmap programmatically as component instead of chart (gardener/etcd-druid#314, @abdasgupta)
- configmap configures ETCD config based on the number of nodes in cluster. Number of nodes in cluster is derived from spec.Replicas of ETCD CR
[OPERATOR] Fixed a bug where druid did not copy etcd labels to configmap (gardener/etcd-druid#343, @aaronfern)
[OPERATOR] Do not re-used resource limits from an existing etcd stateful set. This will cause a RESTART(!) of the etcd pod for existing clusters that currently have a resource limit set for the etcd stateful-set, but whose etcd resource does not specify a resource limit. (gardener/etcd-druid#342, @danielfoehrKn)
[OPERATOR] ETCd backups can now be successfully copied between OCS buckets. (gardener/etcd-druid#330, @Wieneo)

[hvpa-controller]

🏃 Others

[USER] Fix an issue where the HVPA would set Requests higher than Limits if ControlledValues: RequestsOnly is set (gardener/hvpa-controller#99, @voelzmo)

Docker Images

admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.49.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.49.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.49.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.49.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.49.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.49.0
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.49.0

gardener - v1.48.4

Published by gardener-robot-ci-1 over 2 years ago

[gardener]

🏃 Others

[USER] The version of the nginx-ingress-controller addon has been bumped to 1.2.1 for shoots and seeds >= 1.22. (gardener/gardener#6118, @gardener-ci-robot)

[hvpa-controller]

🏃 Others

[USER] Fix an issue where the HVPA would set Requests higher than Limits if ControlledValues: RequestsOnly is set (gardener/hvpa-controller#99, @voelzmo)

Docker Images

admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.48.4
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.48.4
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.48.4
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.48.4
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.48.4
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.48.4
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.48.4

gardener - v1.48.3

Published by gardener-robot-ci-1 over 2 years ago

[gardener]

🐛 Bug Fixes

[OPERATOR] A bug has been fixed which can cause the gardener-resource-manager deployment in the shoot namespaces to mount a ServiceAccount token secret from a different namespace. (gardener/gardener#6111, @gardener-ci-robot)
[DEVELOPER] A bug has been fixed which prevented extension controllers to register shoot webhooks only (w/o any seed webhooks). (gardener/gardener#6097, @gardener-ci-robot)

Docker Images

admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.48.3
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.48.3
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.48.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.48.3
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.48.3
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.48.3
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.48.3

gardener - v1.48.2

Published by gardener-robot-ci-3 over 2 years ago

[gardener]

🐛 Bug Fixes

[OPERATOR] Fixed a bug with the gardener.cloud/operation: renew-kubeconfig annotation for ManagedSeed resources, which caused the corresponding gardenlet to break when the annotation was set. (gardener/gardener#6095, @gardener-ci-robot)
[DEVELOPER] Fix a bug causing nil pointer exceptions when configuring the webhook server for local development (gardener/gardener#6091, @gardener-ci-robot)

Docker Images

admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.48.2
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.48.2
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.48.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.48.2
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.48.2
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.48.2
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.48.2

gardener - v1.48.1

Published by gardener-robot-ci-3 over 2 years ago

[gardener]

🐛 Bug Fixes

[USER] A bug has been fixed which could allow the gardenlet performing rotation of certificate authorities or ServiceAccount signing keys even if the respective feature gates were disabled. (#6083, @rfranzke)
[USER] A bug has been fixed which might cause ServiceAccounts to still reference old static token Secrets after the rotation of the ServiceAccount signing key. (#6085, @rfranzke)
[USER] A bug has been fixed which could have caused orphaned ServiceAccount token Secrets after the rotation of the signing key. (#6073, @rfranzke)

Docker Images

admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.48.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.48.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.48.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.48.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.48.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.48.1
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.48.1

gardener - v1.48.0

Published by gardener-robot-ci-3 over 2 years ago

[gardener]

⚠️ Breaking Changes

[USER] The .spec.kubernetes.kubeAPIServer.serviceAccountConfig.signingKeySecretName field is deprecated now and will be removed in a future version. If you use this field for Shoots make sure to recreate them as soon as possible since there is no option to migrate away from it. (gardener/gardener#5980, @rfranzke)
[USER] The delete/modify permissions for ServiceAccounts assigned to Project members with the admin role are now deprecated and will be removed in a future version of Gardener. In order to manage ServiceAccounts in the project namespace, use the serviceaccountmanager role. Please find more information here. (gardener/gardener#5971, @dimityrmirchev)
[OPERATOR] The ManagedIstio and APIServerSNI feature gates are now deprecated. They are already turned on by default and will be removed in a future version of Gardener. If you don't use them yet, turn them on now so to ensure a smooth migration to the future Gardener release. (gardener/gardener#6007, @rfranzke)
[OPERATOR] The seed setting for disabling DNS for shoots is now deprecated and will be removed in a future version of Gardener. Make sure to recreate your shoot clusters on such seeds with DNS enabled. (gardener/gardener#6007, @rfranzke)
[OPERATOR] Upgrading to this Gardener version is only possible from v1.47 (as suggested in https://github.com/gardener/gardener/blob/master/docs/deployment/version_skew_policy.md#supported-component-upgrade-order). (gardener/gardener#6004, @rfranzke)
[DEVELOPER] The deprecated client certificate for Prometheus has been dropped. Extensions still relying on it must now adapt their scrape configurations according to the documentation. (gardener/gardener#6049, @rfranzke)
[DEPENDENCY] In order to support auto-rotation of the extension webhook certificates, the following breaking changes were introduced: (gardener/gardener#6003, @rfranzke)
- the generic ControlPlane actuator no longer accepts []admissionregistrationv1.MutatingWebhook for the shoot webhooks but an *atomic.Value
- the webhookOptions.Completed().AddToManager function no longer returns two []admissionregistrationv1.MutatingWebhook (one for seed webhooks, one for shoot webhooks) but only one *atomic.Value for the shoot webhooks (which can be used for the generic ControlPlane actuator)
- It is no longer necessary to call ReconcileShootWebhooksForAllNamespaces explicitly via a Runnable on start-up/leader-election (hence, this code can be dropped).

✨ New Features

[USER] With the new maintenance.gardener.cloud/operation annotation for Shoots it is now possible to confine the execution of the respective operation to the shoot cluster's maintenance time window. (gardener/gardener#6039, @rfranzke)
[USER] There are two new rotate-credentials-{start,complete} operation annotations for Shoots which can be used to start or complete the rotation of all Gardener-provided/Gardener-generated credentials. (gardener/gardener#6038, @rfranzke)
[USER] It is now possible to trigger the rotation of the ETCD encryption key secret for shoot clusters. Please consult the documentation for more information. (gardener/gardener#6021, @rfranzke)
[USER] It is now possible again to migrate the CRIs for existing worker pools in shoot clusters. (gardener/gardener#6004, @rfranzke)
[OPERATOR] add additionalEgressIpBlock for fluentbit networkpolicy to gardenlet config (gardener/gardener#6024, @dergeberl)
[OPERATOR] Gardener can now support shoot and seed clusters with Kubernetes version 1.24. In order to allow creation/update of 1.24 clusters you will have to update the version of your provider extension(s) to a version that supports 1.24 as well. Please consult the respective releases and notes in the provider extension's repository. (gardener/gardener#6023, @acumino)
[OPERATOR] A ManagedSeed can now be annotated with gardener.cloud/operation=renew-kubeconfig to recreate the gardenlet's kubeconfig secret. (gardener/gardener#5988, @Diaphteiros)
[OPERATOR] A new alpha ShootSARotation feature gate (disabled by default) has been introduced which allows the rotation of the service account signing key secrets for shoot clusters. (gardener/gardener#5968, @rfranzke)
[DEVELOPER] Provider extensions using the generic controlplane mutator webhook can now mutate the cluster-autoscaler Deployment by implementing the EnsureClusterAutoscalerDeployment function. This is required in the context of https://github.com/kubernetes/autoscaler/issues/4517 - cluster-autoscaler supports --feature-gates flag and provider extensions have to mutate the cluster-autoscaler Deployment to add the CSI related feature flags to it. (gardener/gardener#6047, @ialidzhikov)
[DEVELOPER] Gardener can now support seed and shoot clusters with Kubernetes version 1.24. Extension developers have to prepare individual extensions as well to work with 1.24. (gardener/gardener#6023, @acumino)
[DEPENDENCY] The extension controller webhook certificates are now auto-rotated each 30d. (gardener/gardener#6003, @rfranzke)

🐛 Bug Fixes

[USER] An issue causing Pod creation to fail for the node-local-dns DaemonSet when privileged containers are not allowed is now fixed. (gardener/gardener#6010, @ialidzhikov)
[OPERATOR] An issue preventing the cluster-autoscaler to watch csidrivers and csistoragecapacities is now fixed. (gardener/gardener#6053, @ialidzhikov)
[OPERATOR] An issue causing the vpn-seed container to not be able to connect to the kube-apiserver during Shoot CA rotation when ReversedVPN feature gate is disabled is now fixed. (gardener/gardener#6050, @dimityrmirchev)
[OPERATOR] An issue causing nil pointer dereference in gardenlet when shoot.spec.kubernetes.enableStaticTokenKubeconfig is set to false is now fixed. (gardener/gardener#6029, @ary1992)
[OPERATOR] fix allow-fluentbit networkpolicy with empty cird (gardener/gardener#6024, @dergeberl)
[OPERATOR] Memory limits of various components were updated, based on measured usage, to prevent OOMKills due to reaching the limits. Limit scaling was disabled to prevent limit downscaling during periods of load system load. (gardener/gardener#6020, @andrerun)
[OPERATOR] A custom validity of secrets is now properly respected. Earlier, it was overwritten and regenerated in each reconciliation which technically led to the situation in which such secrets were never auto-rotated when their intentional validity was expired. (gardener/gardener#6011, @rfranzke)
[OPERATOR] The UpdateFunc predicate in the extensions library is modified to allow reconciliation of object on change in timestamp when the Shoot is in Error state. (gardener/gardener#5943, @ary1992)

🏃 Others

[OPERATOR] The ShootMaxTokenExpiration{Validation,Overwrite} feature gates have been promoted to GA and are always enabled. (gardener/gardener#6048, @rfranzke)
[OPERATOR] Additional step in the shoot deletion flow called Deleting metrics-server. This step explicitly deletes the metrics server before the Cleaning shoot namespaces step. (gardener/gardener#6043, @kris94)
[OPERATOR] Updates to the extensions.BackupEntry.Spec.Region field are now allowed. (gardener/gardener#6035, @plkokanov)
[OPERATOR] Keep all the memory metrics in the seed prometheus (gardener/gardener#6031, @istvanballok)
[OPERATOR] When evaluationg the SeedSystemComponentsHealthy condition, the ResourcesProgressing condition of ManagedResources is now also considered. (gardener/gardener#6028, @plkokanov)
[OPERATOR] The shoot node network is no longer allowed to overlap with the seed service network. (gardener/gardener#6019, @ScheererJ)
[OPERATOR] The "Kubernetes Pods" grafana dashboard now allows to select multiple pods at once. (gardener/gardener#6009, @dguendisch)
[OPERATOR] The ingress default backend has been switched to k8s.gcr.io/defaultbackend-amd64:1.5. (gardener/gardener#6006, @rfranzke)
[OPERATOR] An issue causing the lastTransitionTime and lastUpdateTime of the SeedRegistered condition of a ManagedSeed to be unnecessary updated on each reconciliation is now fixed. (gardener/gardener#6002, @ialidzhikov)
[OPERATOR] Additional dashboard for node-local-dns errors. (gardener/gardener#6000, @ScheererJ)
[OPERATOR] Upgrade blackbox-exporter to v0.20.0 (gardener/gardener#5999, @istvanballok)
[OPERATOR] The status of the SeedSystemComponentsHealthy and Bootstrapped seed conditions is set to Progressing at the start of seed reconciliations. (gardener/gardener#5995, @plkokanov)
[OPERATOR] Metrics about machine boot times are added to the monitoring stack. (gardener/gardener#5994, @timebertt)
[OPERATOR] A corner case in gardenlet's logic about detection of misconfigured webhook is addressed. Previously a webhook for namespaces that properly ignores the kube-system namespace was wrongly considered as "problematic". (gardener/gardener#5991, @ialidzhikov)
[OPERATOR] The RotateSSHKeypairOnMaintenance feature gate is now deprecated and disabled by default. It will be removed in a future version of Gardener. If you rely on it then you can implement an equivalent workflow by annotating Shoots with gardener.cloud/operation=rotate-ssh-keypair during their respective maintenance time windows. (gardener/gardener#5985, @rfranzke)
[OPERATOR] Adds retry handling in case of errors that can happen when the gardener controller manager attempts to hibernate shoot clusters according to the hibernation schedules configured in shoot.spec.hibernation.schedules (gardener/gardener#5528, @plkokanov)
[DEVELOPER] Fix make test and make test-integration for M1 Macbooks (gardener/gardener#6027, @shreyas-s-rao)

Docker Images

admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.48.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.48.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.48.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.48.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.48.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.48.0
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.48.0

gardener - v1.46.3

Published by gardener-robot-ci-2 over 2 years ago

[gardener]

🐛 Bug Fixes

[USER] An issue causing Pod creation to fail for the node-local-dns DaemonSet when privileged containers are not allowed is now fixed. (gardener/gardener#6013, @gardener-ci-robot)
[OPERATOR] An issue causing nil pointer dereference in gardenlet when shoot.spec.kubernetes.enableStaticTokenKubeconfig is set to false is now fixed. (gardener/gardener#6032, @gardener-ci-robot)

Docker Images

admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.46.3
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.46.3
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.46.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.46.3
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.46.3
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.46.3
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.46.3

gardener - v1.47.1

Published by gardener-robot-ci-3 over 2 years ago

[gardener]

🐛 Bug Fixes

[USER] An issue causing Pod creation to fail for the node-local-dns DaemonSet when privileged containers are not allowed is now fixed. (gardener/gardener#6012, @gardener-ci-robot)
[OPERATOR] An issue causing nil pointer dereference in gardenlet when shoot.spec.kubernetes.enableStaticTokenKubeconfig is set to false is now fixed. (gardener/gardener#6033, @gardener-ci-robot)

Docker Images

admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.47.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.47.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.47.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.47.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.47.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.47.1
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.47.1

gardener - v1.47.0

Published by gardener-robot-ci-2 over 2 years ago

[gardener]

⚠️ Breaking Changes

[OPERATOR] Make sure that all your shoots have been reconciled with Gardener v1.45 before upgrading to this version. Generally, make sure that you are following the supported upgrade order. (gardener/gardener#5897, @rfranzke)

✨ New Features

[USER] New annotation gardener.cloud/operation=rotate-observability-credentials is introduced to enable end user to rotate the credentials to access the observability stack via Grafana. (gardener/gardener#5926, @ary1992)
[OPERATOR] Both the seed's and the shoot's Grafana instances now serve dashboards for the gardener-resource-manager. (gardener/gardener#5934, @rfranzke)
[OPERATOR] New condition SeedSystemComponentsHealthy is added to the seed object to indicate the status of the system components. (gardener/gardener#5274, @kris94)
[DEVELOPER] provider-local now allows to enable the dependency-watchdog-probe in the seed cluster. (gardener/gardener#5937, @rfranzke)
[DEVELOPER] provider-local now supports Ingress objects in the Seed cluster and now enables using the shoot node logging feature. (gardener/gardener#5924, @timebertt)
[DEVELOPER] The status of ManagedResources now contains a new condition of type ResourcesProgressing which can be used to detect whether updates to managed resources have been fully rolled out. (gardener/gardener#5904, @timebertt)

🐛 Bug Fixes

[OPERATOR] Fix a blackbox exporter configuration issue (path to shoot CA) that resulted in false positive "ApiServerNotReachable" alerts (gardener/gardener#5947, @istvanballok)

📖 Documentation

[USER] A new document related to the rotation of the CA certificate rotation has been added. (gardener/gardener#5939, @rfranzke)

🏃 Others

[USER] The version of the nginx-ingress-controller addon has been bumped to 0.49.3 for shoots < 1.22, and to 1.2.0 for shoots >= 1.22. The version of the kubernetes-dashboard has been bumped to 2.2.0 for shoots < 1.21, to 2.4.0 for shoots = 1.21, and to 2.5.1 for shoots >= 1.22. The version of the kubernetes-dashboard-metrics-scraper has been bumped to 1.0.7 for all shoots. (gardener/gardener#5936, @rfranzke)
[USER] The version of the nginx-ingress-controller addon has been bumped to 0.49.3 for seeds < 1.22, and to 1.2.0 for seeds >= 1.22. (gardener/gardener#5936, @rfranzke)
[OPERATOR] Monitoring dashboards of node local dns should work again. (gardener/gardener#5989, @ScheererJ)
[OPERATOR] Upgrade Prometheus to v2.35.0 (gardener/gardener#5984, @istvanballok)
[OPERATOR] gardener-resource-manager is now (re-)bootstrapped in case its token got invalidated. (gardener/gardener#5966, @rfranzke)
[OPERATOR] Loki StatefulSet fsGroupChangePolicy is changed from "Always" to "OnRootMissmatch" in order to increase the Loki pod creation when moved from one node to another (gardener/gardener#5959, @vlvasilev)
[OPERATOR] Cluster Autoscaler version of the same major and minor version as K8s running on the shoot, is now deployed in the control plane, starting with k8s >=1.20 shoots. For others v0.19.0 of autoscaler is deployed. (gardener/gardener#5955, @himanshu-kun)
[OPERATOR] Update alpine images to version 3.15.4. (gardener/gardener#5942, @DockToFuture)
[OPERATOR] The default shoot creation e2e test now also tests for the AdminKubeconfigRequest feature. (gardener/gardener#5938, @shafeeqes)
[OPERATOR] CoreDNS does no longer support wildcard dns queries. (gardener/gardener#5933, @ScheererJ)
[OPERATOR] Seed log processor images fluent-bit is updated from 1.8.7 to 1.9.3. (gardener/gardener#5930, @vlvasilev)
- Shoot Loki side car kube-rbac-proxy image is updated from v0.8.0 to v0.12.0.
- Shoot Loki side car telegraf-iptables base image is updated from 1.18.0-alpine to 1.22.3-alpine.
- Seed log processor plugin fluent-bit-plugin base image is updated from alpine:3.12.3 to alpine:3.15.4
[OPERATOR] The name of the seed node is added to the log stream. (gardener/gardener#5930, @vlvasilev)
[OPERATOR] Remove resource limits from etcd resources for existing clusters. In conjunction with the etcd-druid changes in https://github.com/gardener/etcd-druid/pull/342, this can lead to a etcd-pod RESTART (!). (gardener/gardener#5923, @danielfoehrKn)
[OPERATOR] Update envoy-proxy to v1.21.2 (gardener/gardener#5922, @ScheererJ)
[OPERATOR] It is now possible to remove the CA bundle from the gardenlet kubeconfig by setting gardenClientConnection.gardenClusterCACert to either none or null. (gardener/gardener#5891, @Diaphteiros)
[OPERATOR] The lastActivityTimestamp of the project is now updated every time a plant, backupEntry or shoot is created or a quota or secret in the project namespace is referred by a secretbinding. The timestamp is also updated when these resources are updated or deleted. (gardener/gardener#5821, @shafeeqes)
[OPERATOR] The generic error code mapping in Gardener is deprecated. Extensions should use their own error code mappings and should return corresponding error codes to Gardener. (gardener/gardener#5625, @shafeeqes)
[DEVELOPER] The golang version is now updated to 1.18.1. (gardener/gardener#5896, @rfranzke)

📰 Noteworthy

[OPERATOR] The operator observability-ingress credentials are now auto-rotated every 30 days. (gardener/gardener#5926, @ary1992)

[autoscaler]

🏃 Others

[USER] NodeTemplate is not formed using cache in case nodegrp has minimum size zero. This is done to keep nodeTemplate updated even when instance type of nodegrp is updated. (gardener/autoscaler#119, @himanshu-kun)
[OPERATOR] cluster-autoscaler is now synced with upstream v1.21.0 (gardener/autoscaler#116, @himanshu-kun)

[etcd-backup-restore]

🏃 Others

[OPERATOR] When the owner check fails, etcd-backup-restore will restart the etcd process right before attempting to take a final snapshot, if the owner check was previously successful. (gardener/etcd-backup-restore#478, @plkokanov)
[OPERATOR] Fixed retrieval of credentials during copy operation for backups stored in Swift snapstore. (gardener/etcd-backup-restore#476, @plkokanov)

[etcd-druid]

🏃 Others

[OPERATOR] Do not re-use resource limits from an existing etcd stateful set. This will cause a RESTART(!) of the etcd pod for existing clusters that currently have a resource limit set for the etcd stateful-set, but whose etcd resource does not specify a resource limit. (gardener/etcd-druid#342, @danielfoehrKn)

Docker Images

admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.47.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.47.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.47.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.47.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.47.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.47.0
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.47.0

gardener - v1.46.2

Published by gardener-robot-ci-1 over 2 years ago

[gardener]

🏃 Others

[OPERATOR] Remove resource limits from etcd resources for existing clusters. In conjunction with the etcd-druid changes in https://github.com/gardener/etcd-druid/pull/342, this can lead to a etcd-pod RESTART (!). (gardener/gardener#5972, @gardener-ci-robot)

Docker Images

admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.46.2
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.46.2
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.46.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.46.2
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.46.2
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.46.2
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.46.2

gardener - v1.46.1

Published by gardener-robot-ci-1 over 2 years ago

[gardener]

🐛 Bug Fixes

[OPERATOR] Fix a blackbox exporter configuration issue (path to shoot CA) that resulted in false positive "ApiServerNotReachable" alerts (gardener/gardener#5948, @gardener-ci-robot)

[etcd-backup-restore]

🏃 Others

[OPERATOR] When the owner check fails, etcd-backup-restore will restart the etcd process right before attempting to take a final snapshot, if the owner check was previously successful. (gardener/etcd-backup-restore#478, @plkokanov)
[OPERATOR] Fixed retrieval of credentials during copy operation for backups stored in Swift snapstore. (gardener/etcd-backup-restore#476, @plkokanov)

[etcd-druid]

🏃 Others

[OPERATOR] Do not re-use resource limits from an existing etcd stateful set. This will cause a RESTART(!) of the etcd pod for existing clusters that currently have a resource limit set for the etcd stateful-set, but whose etcd resource does not specify a resource limit. (gardener/etcd-druid#342, @danielfoehrKn)

Docker Images

admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.46.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.46.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.46.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.46.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.46.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.46.1
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.46.1

gardener - v1.46.0

Published by gardener-robot-ci-1 over 2 years ago

[gardener]

⚠️ Breaking Changes

[DEPENDENCY] Worker's RollingUpdate condition is removed as it was not used. (gardener/gardener#5814, @ary1992)

🐛 Bug Fixes

[USER] Changing the default ServiceAccount issuer to a custom issuer for shoot clusters is now supported. (gardener/gardener#5888, @rfranzke)
[OPERATOR] An issue causing the istiod validating webhook's clientConfig.caBundle to be not populated is now fixed. (gardener/gardener#5903, @ScheererJ)
[OPERATOR] A potential issue causing control plane Secrets to be wrongly deleted due to a failed (or not yet executed) task is now fixed. (gardener/gardener#5876, @ialidzhikov)
[OPERATOR] An issue causing gardener-resource-manager to not be scaled up (and afterwards the Shoot reconciliation to be stuck) after a failed hibernation attempt is now fixed. (gardener/gardener#5874, @ialidzhikov)

📖 Documentation

[USER] There is a new document explaining the various configurations (and caveats) regarding the ServiceAccount configuration for shoot clusters. (gardener/gardener#5888, @rfranzke)

🏃 Others

[OPERATOR] Gardenlet memory limit was removed, according to measured usage, to prevent OOMKills due to reaching the limits. (gardener/gardener#5919, @andrerun)
[OPERATOR] The ShootMaxTokenExpirationValidation feature gate has been promoted to beta and is now enabled by default. (gardener/gardener#5877, @rfranzke)
[OPERATOR] The webhook for auto-mounting projected service account tokens now also considers init containers. (gardener/gardener#5864, @ScheererJ)
[OPERATOR] Fixes an issue that occurs during the control plane migration flow when the shoot's control plane namespace on the source seed is being terminated and the flow is restarted before the namespace has been completely deleted. (gardener/gardener#5856, @plkokanov)
[USER] Documentation for accessing the shoot cluster is added here. (gardener/gardener#5849, @ary1992)
[DEVELOPER] An issue causing the controlplane migration integration tests to always fail is now fixed. (gardener/gardener#5907, @ialidzhikov)

📰 Noteworthy

[OPERATOR] The WorkerPoolKubernetesVersion feature gate has been promoted to beta and is now enabled by default. Make sure that all provider extensions registered to your system support this feature before upgrading to this Gardener version. (gardener/gardener#5857, @rfranzke)

[etcd-backup-restore]

🐛 Bug Fixes

[OPERATOR] Throw Fatal error to avoid edge case potential deadlocks. (gardener/etcd-backup-restore#467, @ishan16696)

🏃 Others

[OPERATOR] ETCD won't restart from the PVC if it is wrongly mounted to the pod. (gardener/etcd-backup-restore#470, @abdasgupta)

[logging]

✨ New Features

[OPERATOR] The hostname can be inserted into the log label stream via configuration. (gardener/logging#122, @vlvasilev)

🏃 Others

[OPERATOR] Loki's curator does fewer slice allocations when deleting files. (gardener/logging#120, @vlvasilev)
[OPERATOR] Loki's curator closes the opened directories after each deletion. (gardener/logging#120, @vlvasilev)
[OPERATOR] Loki's curator profiling is available via HTTP pprof API open on 2718 port. (gardener/logging#120, @vlvasilev)
[DEPENDENCY] Remove some security vulnerabilities by re-vendoring. (gardener/logging#121, @vlvasilev)

[vpn2]

📰 Noteworthy

[OPERATOR] Container images are now being build and published also for arm64 platforms. (gardener/vpn2#9, @timuthy)

Docker Images

admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.46.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.46.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.46.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.46.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.46.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.46.0
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.46.0

gardener - v1.45.1

Published by gardener-robot-ci-2 over 2 years ago

[gardener]

🐛 Bug Fixes

[USER] Changing the default ServiceAccount issuer to a custom issuer for shoot clusters is now supported. (gardener/gardener#5900, @gardener-ci-robot)
[OPERATOR] An issue causing the istiod validating webhook's clientConfig.caBundle to be not populated is now fixed. (gardener/gardener#5908, @gardener-ci-robot)
[OPERATOR] A potential issue causing control plane Secrets to be wrongly deleted due to a failed (or not yet executed) task is now fixed. (gardener/gardener#5879, @gardener-ci-robot)

📖 Documentation

[USER] There is a new document explaining the various configurations (and caveats) regarding the ServiceAccount configuration for shoot clusters. (gardener/gardener#5900, @gardener-ci-robot)

🏃 Others

[DEVELOPER] An issue causing the controlplane migration integration tests to always fail is now fixed. (gardener/gardener#5911, @gardener-ci-robot)

Docker Images

admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.45.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.45.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.45.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.45.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.45.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.45.1
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.45.1

gardener - v1.43.5

Published by gardener-robot-ci-2 over 2 years ago

[gardener]

🐛 Bug Fixes

[USER] Changing the default ServiceAccount issuer to a custom issuer for shoot clusters is now supported. (gardener/gardener#5902, @gardener-ci-robot)
[OPERATOR] An issue causing the istiod validating webhook's clientConfig.caBundle to be not populated is now fixed. (gardener/gardener#5910, @gardener-ci-robot)
[OPERATOR] A potential issue causing control plane Secrets to be wrongly deleted due to a failed (or not yet executed) task is now fixed. (gardener/gardener#5881, @rfranzke)

📖 Documentation

[USER] There is a new document explaining the various configurations (and caveats) regarding the ServiceAccount configuration for shoot clusters. (gardener/gardener#5902, @gardener-ci-robot)

🏃 Others

[OPERATOR] Logs from shoot components can be retrieved only from pods running in the shoot kube-system namespace. (gardener/gardener#5844, @gardener-ci-robot)

Docker Images

admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.43.5
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.43.5
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.43.5
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.43.5
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.43.5
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.43.5
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.43.5

gardener - v1.44.6

Published by gardener-robot-ci-3 over 2 years ago

[gardener]

🐛 Bug Fixes

[USER] Changing the default ServiceAccount issuer to a custom issuer for shoot clusters is now supported. (gardener/gardener#5901, @gardener-ci-robot)
[OPERATOR] An issue causing the istiod validating webhook's clientConfig.caBundle to be not populated is now fixed. (gardener/gardener#5909, @gardener-ci-robot)
[OPERATOR] A potential issue causing control plane Secrets to be wrongly deleted due to a failed (or not yet executed) task is now fixed. (gardener/gardener#5880, @gardener-ci-robot)

📖 Documentation

[USER] There is a new document explaining the various configurations (and caveats) regarding the ServiceAccount configuration for shoot clusters. (gardener/gardener#5901, @gardener-ci-robot)

Docker Images

admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.44.6
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.44.6
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.44.6
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.44.6
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.44.6
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.44.6
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.44.6