Kubernetes-native system managing the full lifecycle of conformant Kubernetes clusters as a service on Alicloud, AWS, Azure, GCP, OpenStack, vSphere, KubeVirt, Hetzner, EquinixMetal, MetalStack, and OnMetal with minimal TCO.
OTHER License
Bot releases are visible (Hide)
Published by gardener-robot-ci-2 over 2 years ago
v1
was finally dropped. (gardener/gardener#5728, @rfranzke)kube-apiserver
deployment are copied when HVPA is enabled to allow limits to be removed from existing deployments. (gardener/gardener#5835, @stoyanr)addons-nginx-ingress-controller
, kubernetes-dashboard
, blackgox-exporter
no longer have lower memory limits when VPA is enabled. (gardener/gardener#5828, @stoyanr)Shoot
s stuck in deletion when the ShootMaxTokenExpiration{Overwrite,Validation}
feature gates are enabled. (gardener/gardener#5799, @rfranzke)PodDisruptionBudget
of the Gardener API server that was not allowing maintenance operations with the hosting cluster when the HVPA is enabled the replicas are set to 1. (gardener/gardener#5773, @vpnachev)make gardener-up
to fail. (gardener/gardener#5834, @timebertt)1.17.9
. (gardener/gardener#5815, @ialidzhikov)gardener-resource-manager
fails to be bootstrapped because its client certificate has expired, gardenlet
does now automatically generate a new client certificate and re-triggers the bootstrap process. (gardener/gardener#5798, @rfranzke)DenyInvalidExtensionResources
feature gate in the seed-admission-controller
has been promoted to GA and can no longer be disabled. (gardener/gardener#5793, @ary1992)cloud-config-downloader
script running every 30s
on each shoot worker node now first performs a metadata-only request for the cloud config Secret
. It only downloads the full secret (including data containing the executor
script) if the checksum annotation has changed. (gardener/gardener#5768, @rfranzke)CachedRuntimeClients
feature gate in gardener-controller-manager
, gardenlet
is promoted to GA and cannot be disabled. (gardener/gardener#5752, @ary1992)kube-apiserver
requests for the vpa-recommender
of Seed and Shoot clusters to better cope with large cluster sizes. (gardener/gardener#5743, @danielfoehrKn)RotateSSHKeypairOnMaintenance
feature gate in gardener-controller-manager has been promoted to beta
and is now enabled by default. (gardener/gardener#5740, @ary1992)v0.3.0
. (gardener/gardener#5738, @DockToFuture)gardenClientConnection.gardenClusterCACert
is specified and contains a different CA cert than the one currently used in the kubeconfig. (gardener/gardener#5735, @Diaphteiros)CronJobs
if they are part of a ManagedResource
's referenced Secret
(gardener/gardener#5727, @plkokanov)ShootMaxTokenExpirationOverwrite
feature gate has been promoted to beta and is now enabled by default. (gardener/gardener#5726, @rfranzke)30d
. (gardener/gardener#5785, @rfranzke)calico
instead of kindnetd
as CNI plugin for the seed and shoot clusters. This enables support for NetworkPolicy
s and rolling updates of shoot worker nodes. (gardener/gardener#5774, @rfranzke)3.15.3
and update dependencies. (gardener/ext-authz-server#4, @DockToFuture)controlledResources
and controlledValues
parameters that have been newly introduced in autoscaling.k8s.io/v1
. (gardener/hvpa-controller#93, @stoyanr)autoscaling.k8s.io/v1
is now being used instead of autoscaling.k8s.io/v1beta2
in HVPA resources. This enables using controlledValues: RequestsOnly
in spec.vpa.template.spec.resourcePolicy
(gardener/hvpa-controller#91, @stoyanr)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.45.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.45.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.45.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.45.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.45.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.45.0
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.45.0
Published by gardener-robot-ci-1 over 2 years ago
kube-apiserver
deployment are copied when HVPA is enabled to allow limits to be removed from existing deployments. (gardener/gardener#5838, @gardener-ci-robot)addons-nginx-ingress-controller
, kubernetes-dashboard
, blackgox-exporter
no longer have lower memory limits when VPA is enabled. (gardener/gardener#5830, @gardener-ci-robot)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.44.5
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.44.5
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.44.5
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.44.5
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.44.5
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.44.5
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.44.5
Published by gardener-robot-ci-2 over 2 years ago
Shoot
s stuck in deletion when the ShootMaxTokenExpiration{Overwrite,Validation}
feature gates are enabled. (gardener/gardener#5813, @gardener-ci-robot)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.44.4
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.44.4
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.44.4
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.44.4
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.44.4
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.44.4
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.44.4
Published by gardener-robot-ci-1 over 2 years ago
Shoot
s stuck in deletion when the ShootMaxTokenExpiration{Overwrite,Validation}
feature gates are enabled. (gardener/gardener#5812, @gardener-ci-robot)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.43.4
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.43.4
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.43.4
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.43.4
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.43.4
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.43.4
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.43.4
Published by gardener-robot-ci-3 over 2 years ago
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.42.6
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.42.6
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.42.6
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.42.6
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.42.6
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.42.6
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.42.6
Published by gardener-robot-ci-3 over 2 years ago
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.43.3
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.43.3
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.43.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.43.3
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.43.3
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.43.3
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.43.3
Published by gardener-robot-ci-1 over 2 years ago
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.44.3
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.44.3
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.44.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.44.3
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.44.3
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.44.3
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.44.3
Published by gardener-robot-ci-2 over 2 years ago
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.44.2
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.44.2
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.44.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.44.2
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.44.2
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.44.2
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.44.2
Published by gardener-robot-ci-3 over 2 years ago
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.44.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.44.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.44.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.44.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.44.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.44.1
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.44.1
Published by gardener-robot-ci-3 over 2 years ago
.spec.kubernetes.enableStaticTokenKubeconfig=false
in the specification of the Shoot
resource. The respective <shoot-name>.kubeconfig
secret in the project namespace in the garden cluster will be deleted. (gardener/gardener#5649, @ary1992)shoots/adminkubeconfig
subresource. Please consult this document for more information. (gardener/gardener#5649, @ary1992)node.machine.sapcloud.io/not-managed-by-mcm="1"
are no longer considered in health checks ran by the worker controller. (gardener/gardener#5697, @acumino).spec.purpose=infrastructure
get UpdateMode=off
instead of MaintenanceWindow
, which means, they only get scaled up, never down. (gardener/gardener#5645, @voelzmo)references.InjectAnnotations
now considers Secret
s/ConfigMap
s in projected volumes. This fixes an issue where the garbage collector part of gardener-resource-manager
could clean up in-use Secret
s or ConfigMap
s which were only referenced by projected volumes. (gardener/gardener#5692, @rfranzke)annotations
or labels
on ManagedResource
s are now kept during shoot reconciliations. Earlier, they were reverted. (gardener/gardener#5715, @rfranzke)BackupEntries
is allowed by the gardenlet
responsible for the seed indicated by the BackupEntry.Spec.SeedName
if the spec of the source BackupEntry
matches the spec of the already existing BackupEntry
for the shoot cluster. (gardener/gardener#5680, @plkokanov)kube-system
namespace (gardener/gardener#5677, @vlvasilev)PriorityClass
for gardener control plane components (gardener-apiserver, gardener-admission-controller, gardener-controller-manager and gardener-scheduler) to make sure that they have high priority in the scheduling queue and that they are not preempted (evicted) in favour of other Pods. (gardener/gardener#5652, @ialidzhikov)gardener-resource-manager
becomes ready. (gardener/gardener#5632, @shafeeqes)shoot.spec.seedName
field can no longer be changed together with other changes to the shoot.spec
. Additionally the shoot.spec
field can no longer be changed if the shoot.status.lastOperation
is migrate
or restore
and it has not completed successfully yet. (gardener/gardener#5587, @plkokanov)ExtensionLabels
admission plugin of gardener-apiserver now supports the SecretBinding resource. It will now maintain the provider type label on the resource which will allow extension admission components to select resources with a given provider type using an object selector. (gardener/gardener#5681, @ialidzhikov)SecretBinding
types now implement the core.Object
interface which makes possible usage of the SecretBinding
types with the GardenCoreProviderType
predicate. (gardener/gardener#5665, @ialidzhikov)etcd
pods for shoot control planes will be restarted during the first shoot reconciliation. (gardener/gardener#5693, @gardener-robot-ci-3)dependency-watchdog-probe
does no longer use a client certificate but an auto-rotated ServiceAccount
token which is only valid for 12h
. (gardener/gardener#5685, @rfranzke)controlledValues: RequestsOnly
to prevent the VPA mechanism from proportionally changing the limits, which doesn't make sense. (gardener/gardener#5638, @stoyanr)kube-apiserver
of shoot clusters to write secrets in plain text to etcd. (gardener/gardener#5616, @rfranzke)dependency-watchdog.gardener.cloud/ignore-scaling
to the deployment (gardener/dependency-watchdog#49, @himanshu-kun)etcd-backup-restore
v0.18.0 (gardener/etcd-backup-restore#435, @ishan16696)1.17
. (gardener/etcd-backup-restore#445, @timuthy)--backoff-multiplier
, --backoff-attempt-limit
and --backoff-threshold-time
to configure the exponential-backoff mechanism. (gardener/etcd-backup-restore#411, @ishan16696)etcd-druid
has been changed from configmapsleases
to leases
. (gardener/etcd-druid#281, @acumino)
[email protected]
running before upgrading so that it has successfully acquired leadership with the hybrid resource lock (configmapsleases
) at least once.client
service for server communication (default port 2380
) has been deprecated. The port will be removed from the service in the near future. If necessary, switch to the new peer
service instead. (gardener/etcd-druid#273, @timuthy)service
objects cannot be adopted anymore but a new and dedicated object is created. Please check any usages for already adopted services
and switch to the dedicated <etcd-name>-client
service. (gardener/etcd-druid#273, @timuthy)install-requirements
was dropped. Instead, required 3rd party binaries are automatically installed to a local bin dir (./hack/tools/bin). (gardener/etcd-druid#261, @timuthy)<ProviderName>_APPLICATION_CREDENTIALS
(gardener/etcd-druid#301, @ishan16696).spec.backup.leaderElection
. (gardener/etcd-druid#285, @ishan16696)<etcd-name>-peer
) for etcd peer communication (default port 2380
) is now created by Etcd-Druid. (gardener/etcd-druid#273, @timuthy)Lease
objects which enables the heartbeat functionality for etcd members. Along the way a new flag --etcd-member-unknown-threshold
was introduced. It determines the duration after which a etcd member's state is considered unknown
when the member Lease
is not renewed. (gardener/etcd-druid#262, @timuthy)--disable-etcd-serviceaccount-automount
is set to true
then the .automountServiceAccountToken
will be set to false
for the ServiceAccount
created for etcd. (gardener/etcd-druid#277, @rfranzke)ServiceAccount
's automountServiceAccountToken
field from being reconciled. (gardener/etcd-druid#317, @rfranzke)etcd
and backup-restore
containers have been removed to enable removal of limits via the Etcd
resource. (gardener/etcd-druid#312, @stoyanr)etcd-druid
not removing its finalizers from referenced secrets in Etcd
resources when those references changed. (gardener/etcd-druid#310, @rfranzke)etcd
resource was reconciled. (gardener/etcd-druid#263, @timuthy)etcd.status.clusterSize
only being set for new etcd
resources (gardener/etcd-druid#260, @timuthy)1.17.6
. (gardener/etcd-druid#294, @timuthy)StatefulSet
if the etcd cluster is scaled up from 1 -> x
for the first time. (gardener/etcd-druid#293, @timuthy)controller-gen
), usually required for Make targets, has been improved. Instead of installing those tools to a global directory, a dedicated local directory of in the code repository is used (hack/tools/bin
). (gardener/etcd-druid#261, @timuthy).spec.etcd.tls.tlsCASecretRef.dataKey
. It still defaults to ca.crt
if not provided. (gardener/etcd-druid#309, @rfranzke)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.44.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.44.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.44.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.44.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.44.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.44.0
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.44.0
Published by gardener-robot-ci-2 over 2 years ago
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.41.8
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.41.8
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.41.8
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.41.8
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.41.8
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.41.8
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.41.8
Published by gardener-robot-ci-1 over 2 years ago
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.42.5
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.42.5
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.42.5
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.42.5
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.42.5
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.42.5
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.42.5
Published by gardener-robot-ci-1 over 2 years ago
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.43.2
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.43.2
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.43.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.43.2
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.43.2
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.43.2
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.43.2
Published by gardener-robot-ci-3 over 2 years ago
.spec.purpose=infrastructure
get UpdateMode=off
instead of 'MaintenanceWindow`, which means, they only get scaled up, never down. (gardener/gardener#5647, @rfranzke)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.42.4
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.42.4
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.42.4
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.42.4
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.42.4
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.42.4
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.42.4
Published by gardener-robot-ci-3 over 2 years ago
.spec.purpose=infrastructure
get UpdateMode=off
instead of 'MaintenanceWindow`, which means, they only get scaled up, never down. (gardener/gardener#5646, @rfranzke)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.41.7
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.41.7
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.41.7
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.41.7
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.41.7
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.41.7
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.41.7
Published by gardener-robot-ci-1 over 2 years ago
.spec.purpose=infrastructure
get UpdateMode=off
instead of 'MaintenanceWindow`, which means, they only get scaled up, never down. (gardener/gardener#5648, @rfranzke)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.43.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.43.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.43.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.43.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.43.1
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.43.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.43.1
Published by gardener-robot-ci-3 over 2 years ago
ShootMaxTokenExpirationOverwrite
feature gate then values for the .spec.kubernetes.kubeAPIServer.serviceAccountConfig.maxTokenExpiration
field in the ShootSpec
not in [30d,90d]
will be overwritten to be within these boundaries. When they enable the ShootMaxTokenExpirationValidation
feature gate then values in [30d,90d]
are enforced. Adapt your shoot specifications to match these requirements! (gardener/gardener#5550, @rfranzke)ShootExtensionStatus
resource is no longer served from the core.gardener.cloud
resource group by the gardener-apiserver. The resource was intended to hold information of the provider status fields from extensions resources from the Seed cluster but actually a controller acting on this resource was never added. (gardener/gardener#5618, @ialidzhikov)ResourceQuota
objects in the endusers' Project
namespaces, make sure to increase the secrets
quota, so that the new <shoot-name>.ca-cluster
secret can be synced to the garden cluster (see documentation). (gardener/gardener#5612, @timebertt)generic-token-kubeconfig
secret) should switch to using extensionscontroller.GenericTokenKubeconfigSecretNameFromCluster
in order to extract the name of the correct secret. This is a prerequisite for CA rotation. (gardener/gardener#5510, @rfranzke)<shoot-name>.ca-cluster
) which contains the current CA bundle for establishing trust to the Shoot's API server (see documentation). (gardener/gardener#5612, @timebertt)kube-system
are scraped and available for the operators. (gardener/gardener#5600, @vlvasilev)networking.gardener.cloud/from-prometheus: allowed
(gardener/gardener#5582, @voelzmo)ManagedResource
s from reconciliation by annotating the resources with resources.gardener.cloud/ignore=true
. (gardener/gardener#5556, @rfranzke)Secret
s in shoot namespaces to ShootState
resources has been introduced. It persists all marked secrets so that they can be used for restoration in case of a disaster or a control plane migration. (gardener/gardener#5503, @rfranzke)30Gi
to 100Gi
. (gardener/gardener#5390, @vlvasilev)nodeTemplate
in Machine
s to be updated when the machine type was changed has been fixed. (gardener/gardener#5577, @himanshu-kun)CheckDaemonSet
func does no longer return err for a DaemonSet that is in ongoing rollout and has allowed number of unavailable replicas during the rollout. (gardener/gardener#5628, @ialidzhikov)provider=nil
to wrongly be rejected when the SecretBindingProviderValidation
feature gate is enabled is now fixed. (gardener/gardener#5617, @ialidzhikov)./hack/check-charts.sh ./charts
(gardener/gardener#5615, @voelzmo)make install-requirements
from failing on M1 Macs. (gardener/gardener#5546, @briantopping)Worker
resources. (gardener/gardener#5589, @rfranzke)CopyEtcdBackupsDuringControlPlaneMigration
feature gate so that etcd backups are copied to the destination seed's BackupBucket
during control plane migration. (gardener/gardener#5620, @plkokanov)Reconcilers
for new extension controllers. (gardener/gardener#5620, @plkokanov)kubescheduler.config.k8s.io/v1beta3
API version. (gardener/gardener#5584, @ialidzhikov)1.17.8
. (gardener/gardener#5575, @ialidzhikov)kubectl get secretbinding
table view was adapted to show the provider type field of the SecretBinding resource. (gardener/gardener#5566, @ialidzhikov)kubescheduler.config.k8s.io/v1beta2
API version. (gardener/gardener#5538, @ialidzhikov)systemd
services deployed to each shoot cluster worker node do no longer LIST nodes
calls. Instead, the name of the node is fetched once and then stored in a file on the disk so that the systemd
services can do GET node
calls with the respective name of the node. This should reduce the load on the kube-apiserver
and etcd
. (gardener/gardener#5529, @rfranzke)ShootStatus
under .status.credentials.rotation.sshKeypair
describing when the SSH keypair rotation was last initiated and last completed. (gardener/gardener#5583, @rfranzke)ShootStatus
under .status.credentials.rotation.kubeconfig
describing when the kubeconfig rotation was last initiated and last completed. (gardener/gardener#5524, @rfranzke).spec.kubernetes.kubeAPIServer.serviceAccountConfig.maxTokenExpiration
field in the ShootSpec
: (gardener/gardener#5550, @rfranzke)
ShootMaxTokenExpirationOverwrite
- if enabled then the gardener-apiserver
overwrites any values for .spec.kubernetes.kubeAPIServer.serviceAccountConfig.maxTokenExpiration
which are not in [30d,90d]
to the respective boundaryShootMaxTokenExpirationValidation
- if enabled then the gardener-apiserver
enforces that values for .spec.kubernetes.kubeAPIServer.serviceAccountConfig.maxTokenExpiration
are in [30d,90d]
ShootMaxTokenExpirationOverwrite
to not break users specifying other values, and after some time enable ShootMaxTokenExpirationValidation
to enforce the boundaries are respected. This is required to ensure all Gardener system components remain functional now that they leverage auto-rotated tokens requested by the TokenRequest
API.DNSRecord
extension resources for shoot clusters are now only reconciled during shoot creation or maintenance or when they are unhealthy. Similarly, the DNSRecord
extension resource for seed cluster is now only reconciled during seed creation or when it is unhealthy. Both is to prevent flooding DNS provider APIs which typically have quite low rate limits. (gardener/gardener#5531, @rfranzke)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.43.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.43.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.43.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.43.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.43.0
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.43.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.43.0
Published by gardener-robot-ci-1 over 2 years ago
nodeTemplate
in Machine
s to be updated when the machine type was changed has been fixed. (gardener/gardener#5603, @rfranzke)Worker
resources. (gardener/gardener#5590, @timebertt)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.41.6
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.41.6
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.41.6
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.41.6
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.41.6
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.41.6
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.41.6
Published by gardener-robot-ci-2 over 2 years ago
nodeTemplate
in Machine
s to be updated when the machine type was changed has been fixed. (gardener/gardener#5604, @rfranzke)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.40.5
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.40.5
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.40.5
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.40.5
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.40.5
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.40.5
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.40.5
Published by gardener-robot-ci-1 over 2 years ago
nodeTemplate
in Machine
s to be updated when the machine type was changed has been fixed. (gardener/gardener#5602, @rfranzke)Worker
resources. (gardener/gardener#5591, @timebertt)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.42.3
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.42.3
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.42.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.42.3
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.42.3
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.42.3
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.42.3